@crewhaus/ir 0.1.1 → 0.1.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@crewhaus/ir",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "type": "module",
   "description": "Canonical typed intermediate representation",
   "main": "src/index.ts",
@@ -14,8 +14,8 @@
   "license": "Apache-2.0",
   "author": {
     "name": "Max Meier",
-    "email": "max@studiomax.io",
-    "url": "https://studiomax.io"
+    "email": "max@crewhaus.ai",
+    "url": "https://crewhaus.ai"
   },
   "repository": {
     "type": "git",
@@ -27,12 +27,7 @@
     "url": "https://github.com/crewhaus/factory/issues"
   },
   "publishConfig": {
-    "access": "restricted"
+    "access": "public"
   },
-  "files": [
-    "src",
-    "README.md",
-    "LICENSE",
-    "NOTICE"
-  ]
+  "files": ["src", "README.md", "LICENSE", "NOTICE"]
 }

package/src/index.test.ts

@@ -27,6 +27,7 @@ import type {
   IrSubAgentDefinition,
   IrToolConfigs,
   IrV0,
+  IrVectorBackend,
   IrVoiceProvider,
   IrVoiceV0,
   IrWorkflowStep,
@@ -649,15 +650,41 @@ describe("IrPipelineV0 (Section 21)", () => {
     void _bad;
   });
 
-  test("vectorBackend is restricted to in-memory in v0", () => {
+  test("vectorBackend accepts every implemented backend id", () => {
+    const backends: IrVectorBackend[] = ["in-memory", "lance", "qdrant", "pinecone", "weaviate"];
+    for (const vectorBackend of backends) {
+      const retrieve: IrPipelineV0["retrieve"] = {
+        embedderModel: "x",
+        vectorBackend,
+        defaultK: 5,
+      };
+      expect(retrieve.vectorBackend).toBe(vectorBackend);
+    }
+  });
+
+  test("vectorBackend still rejects an unknown backend id", () => {
     const _bad: IrPipelineV0["retrieve"] = {
       embedderModel: "x",
-      // @ts-expect-error — qdrant/pinecone/lance are roadmap, not yet in v0
-      vectorBackend: "qdrant",
+      // @ts-expect-error — faiss is not an implemented vector backend
+      vectorBackend: "faiss",
       defaultK: 5,
     };
     void _bad;
   });
+
+  test("retrieve carries optional url/collection/apiKey for remote backends", () => {
+    const retrieve: IrPipelineV0["retrieve"] = {
+      embedderModel: "x",
+      vectorBackend: "qdrant",
+      defaultK: 5,
+      url: "https://qdrant.example",
+      collection: "docs",
+      apiKey: { kind: "env", name: "QDRANT_API_KEY" },
+    };
+    expect(retrieve.url).toBe("https://qdrant.example");
+    expect(retrieve.collection).toBe("docs");
+    expect(retrieve.apiKey).toEqual({ kind: "env", name: "QDRANT_API_KEY" });
+  });
 });
 
 describe("IrCrewV0 (Section 22)", () => {

package/src/index.ts

@@ -114,6 +114,44 @@ export type IrFailureTaxonomyEntry = {
 
 export type IrFailureTaxonomy = readonly IrFailureTaxonomyEntry[];
 
+/**
+ * Pillar 3 (FR-004) — per-target security fabric configuration the
+ * compiler lowers from the spec's `security` block. Today it carries the
+ * intent-gate's judge selection; `egressPolicy` is reserved for the
+ * sink-side fabric (FR-002/006) and intentionally not modelled here.
+ *
+ * `justification.judge` selects which `JustificationJudge` the runtime
+ * wires for `requireJustification: true` tools — `"rule-based"` (the
+ * deterministic default, `ruleBasedJustificationJudge`) or `"claude"`
+ * (the model-backed `@crewhaus/justification-judge-claude`). `model` is
+ * the judge model id when `judge: "claude"`; the consumer defaults it to
+ * a haiku-class model when omitted. Optional + spread-in at lower-time so
+ * the field is absent when the spec omits the block (same convention as
+ * `failureTaxonomy`).
+ */
+export type IrSecurity = {
+  readonly justification?: {
+    readonly judge: "rule-based" | "claude";
+    readonly model?: string;
+  };
+  /**
+   * Pillar 3 sink-side fabric (FR-006) — the egress-matching strategy.
+   * `"substring"` is the behavior-preserving `SubstringEgressMatcher`
+   * (`MIN_MATCH_LENGTH`); `"semantic"` selects the optional embedding-backed
+   * `@crewhaus/egress-matcher-semantic`. Lowered from
+   * `spec.security.egressMatcher`. Absent when the spec omits it, in which
+   * case the runtime stays on the substring default. Honoured on BOTH paths:
+   * the `crewhaus run` interpreter resolves it into
+   * `runChatLoop({ egressMatcher })`, and `@crewhaus/target-cli` emits the
+   * same matcher construction into the standalone compiled bundle. Only
+   * changes *how* lineage matches are detected — the per-origin/per-sink
+   * policy and the three audit outcomes (`egress-passed | egress-warned |
+   * egress-blocked`) are matcher-independent and live in `classifyEgress`,
+   * not here.
+   */
+  readonly egressMatcher?: "substring" | "semantic";
+};
+
 /**
  * Track F (Section 57) — typed message schemas (Σ) for multi-agent
  * communication. Source: AgentFlow (arxiv 2604.20801). A typed graph
@@ -176,6 +214,10 @@ export type IrV0 = {
   readonly cli?: IrCliOptions;
   /** Section 55 (Track A) — named failure taxonomy. Optional. */
   readonly failureTaxonomy?: IrFailureTaxonomy;
+  /** Pillar 3 (FR-004) — security fabric config (intent-gate judge
+   *  selection). Optional; absent when the spec omits the `security`
+   *  block. */
+  readonly security?: IrSecurity;
   /** §47 cross-cutting blockchain subsystem (slice 0). All optional. */
   readonly chains?: readonly IrChainBinding[];
   readonly wallets?: readonly IrWalletBinding[];
@@ -314,6 +356,8 @@ export type IrContractBinding = {
 export type IrTransactionPolicy = {
   readonly defaultWriteApproval: "required" | "policy" | "none";
   readonly maxValueUsd?: number;
+  /** Oracle-free native-token spend ceiling (wei, decimal or 0x-hex string). */
+  readonly maxValueWei?: string;
   readonly allowedContracts: readonly string[];
   readonly simulationRequired: boolean;
 };
@@ -521,6 +565,16 @@ export type IrPipelineDocument = {
   readonly metadata?: Readonly<Record<string, unknown>>;
 };
 
+/**
+ * Vector-store backend selector. Mirrors `VectorBackendId` from
+ * `@crewhaus/vector-store` — the canonical source of truth for which
+ * backends exist — but kept inline here (exactly as `IrBatchQueueAdapter`
+ * mirrors the `queue-protocol` adapter ids) so the runtime-agnostic IR
+ * keeps its zero runtime-package dependencies. Keep the two in sync when a
+ * backend is added or removed.
+ */
+export type IrVectorBackend = "in-memory" | "lance" | "qdrant" | "pinecone" | "weaviate";
+
 export type IrPipelineV0 = {
   readonly version: 0;
   readonly name: string;
@@ -531,8 +585,21 @@ export type IrPipelineV0 = {
   };
   readonly retrieve: {
     readonly embedderModel: string;
-    readonly vectorBackend: "in-memory";
+    readonly vectorBackend: IrVectorBackend;
     readonly defaultK: number;
+    /**
+     * Remote (qdrant/pinecone/weaviate) and file (lance) backends — the
+     * service base URL or, for lance, the on-disk index path. Omitted for
+     * `in-memory`. Required for the HTTP backends (enforced at spec parse).
+     */
+    readonly url?: string;
+    /** Remote/file backends — collection / table name. */
+    readonly collection?: string;
+    /**
+     * Remote backends — API key, lowered to an env-ref (`$VAR` →
+     * `process.env`) or a literal so real secrets stay out of the bundle.
+     */
+    readonly apiKey?: IrSecretRef;
   };
   readonly indexing: {
     readonly chunkStrategy: "fixed" | "semantic" | "markdown";
@@ -627,7 +694,7 @@ export type IrResearchV0 = {
     /** Absolute file:// roots the crawler may read from. Empty denies all file://. */
     readonly allowedFileRoots: readonly string[];
     /** Optional vector backend hint for future RAG-augmented research. */
-    readonly vectorBackend?: "in-memory";
+    readonly vectorBackend?: IrVectorBackend;
   };
   readonly tools: readonly string[];
   readonly toolConfigs: IrToolConfigs;