@dcdr/contracts 1.9.6

package/LICENSE

@@ -0,0 +1,176 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS

package/README.md

@@ -0,0 +1,411 @@
+# @dcdr/contracts
+
+> ⚙️ Intent-based AI runtime + control plane for production systems
+
+[![version](https://img.shields.io/badge/version-1.9.6-blue.svg)](https://www.npmjs.com/package/@dcdr/contracts)
+[![license](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](LICENSE)
+[![typescript](https://img.shields.io/badge/language-TypeScript-blue.svg)](https://www.typescriptlang.org/)
+
+DCDR runs AI capabilities as stable, versioned Intents (with configurable routing/retries) instead of hardcoding model calls in application code.
+
+## Why DCDR
+
+Most applications hardcode model calls, prompts, and retry logic directly in code — making changes slow and risky.
+
+DCDR moves this into a versioned, configurable layer so you can:
+
+- change models without redeploying
+- iterate prompts safely
+- control routing and fallback centrally
+- use execution logs + QC workflows to review and correct outputs, enabling fast iteration on prompts and models based on real traffic
+
+Learn more: <https://dcdr.ai>
+
+## 💣 What problem does this solve?
+
+Shipping AI to production hurts because:
+
+- Models drift and outputs change without warning.
+- Prompts and retries live in app code, so every fix needs a redeploy.
+- Failures are hard to reproduce, diagnose, and roll back.
+
+DCDR pulls this into a versioned runtime + Registry layer so you can change prompts/models/routing safely, add fallbacks, and debug real executions — without touching application deploys.
+
+On top of that, every failure can be reviewed, corrected, and turned into training data for continuous improvement.
+
+## What this package provides
+
+- **Public TypeScript contracts** (interfaces/enums) for DCDR Registries and runtime API payloads.
+- **`DcdrRuntimeClient`**: a strongly-typed TypeScript HTTP client for calling a DCDR Runtime instance.
+
+## Who should use it
+
+- Node.js / TypeScript applications that call the DCDR Runtime HTTP API.
+- Tooling that reads/writes `registry.json` (Runtime (self-hosted)) and wants stable types.
+
+## When to use it
+
+- You want compile-time type safety for runtime requests/responses (for example `ExecuteIntentRequest` / `ExecuteIntentResponse`).
+- You want stable types when authoring DCDR Registries and Intent definitions (`DcdrRegistry`, `IntentContract`, policies, implementations).
+
+---
+
+## ⚡ When should I use DCDR?
+
+### Use DCDR if
+
+- You need stable AI interfaces (intents)
+- You want to decouple prompts from code
+- You need retries, fallback, routing
+- You need structured outputs (JSON enforcement)
+
+### Do NOT use DCDR if
+
+- You only need simple one-off OpenAI calls
+- You don't need control over execution or quality
+
+DCDR does not replace model providers (OpenAI, local models, etc.). It orchestrates how they are used.
+
+### Fastest way to try it
+
+- Run Runtime (self-hosted) with Docker
+- Call a built-in demo intent (no API key required)
+
+---
+
+## 🧠 Mental model
+
+- Your app calls an Intent.
+- The runtime resolves configuration from the Registry.
+- A prompt is rendered.
+- An Implementation is selected.
+- Execution + retries + fallback happen.
+- A structured result is returned.
+
+---
+
+## ⚡ 30-second quickstart
+
+Run a working intent in seconds, no API key required:
+
+1. Run runtime container:
+
+```bash
+docker run --rm -p 8000:8000 dcdrai/runtime:latest --demo
+```
+
+1. Call a built-in demo Intent:
+
+```bash
+curl -sS -H 'Content-Type: application/json' \
+  -X POST http://localhost:8000/api/execution/demo/DCDR_LOCAL_DEMO \
+  -d '{"vars":{"name":"Ada"}}'
+
+# Optional: remote demo (calls dcdr.ai; falls back to local if blocked)
+curl -sS -H 'Content-Type: application/json' \
+  -X POST http://localhost:8000/api/execution/demo/DCDR_REMOTE_DEMO \
+  -d '{"vars":{"name":"Ada"}}'
+```
+
+---
+
+## Choose your path
+
+- **Smoke test (no tokens, no registry)** → [30-second quickstart](#-30-second-quickstart)
+- **Self-hosted (registry.json + auth)** → [Quickstart (Docker runtime – registry.json setup)](#quickstart-docker-runtime--registryjson-setup)
+- **Managed cloud (DCDR Cloud / Cloud Pro)** → [docs/PLATFORM_OVERVIEW.md](docs/PLATFORM_OVERVIEW.md)
+- **TypeScript client only** → [Use the TypeScript client](#use-the-typescript-client)
+- **Define intents / registry authoring** → [docs/CONTRACTS.md](docs/CONTRACTS.md)
+
+---
+
+## Table of contents
+
+- [When should I use DCDR?](#-when-should-i-use-dcdr)
+- [30-second quickstart](#-30-second-quickstart)
+- [Quickstart (Docker runtime – registry.json setup)](#quickstart-docker-runtime--registryjson-setup)
+- [Use the TypeScript client](#use-the-typescript-client)
+- [Common patterns (recipes)](#-common-patterns-recipes)
+- [More docs](#more-docs)
+
+---
+
+## Quickstart (Docker runtime – registry.json setup)
+
+This quickstart is for **Runtime (self-hosted)** with a local `registry.json`.
+
+Notes
+
+- This is a production-oriented setup: `/api/execution/*` endpoints require auth + session.
+- If you only want to confirm the runtime works (no tokens, no registry), use the [30-second quickstart](#-30-second-quickstart) with `--demo`.
+
+If you are using **Cloud** or **Cloud Pro**, skip this section and see [docs/PLATFORM_OVERVIEW.md](docs/PLATFORM_OVERVIEW.md).
+
+Docker image:
+
+- `dcdrai/runtime:latest`
+
+### 1) Create a local `registry.json` (HELLO_WORLD)
+
+Copy the example file and edit it:
+
+```bash
+cp ./src/contracts/examples/registry.hello_world.json ./registry.json
+```
+
+Then replace:
+
+- `REPLACE_ME_OPENAI_API_KEY` → your real OpenAI API key
+
+This example includes:
+
+- 1 intent (`HELLO_WORLD`)
+- 2 implementations (same provider `OPEN_AI`, two models)
+- `executionPolicy.type = WEIGHTED` and implementation `weight` values (conventionally **0..1**, but any positive numbers work)
+- OpenAI `endpoint` set to **`https://api.openai.com/v1`** (base URL)
+
+### 2) Run the runtime container
+
+#### Windows PowerShell
+
+```powershell
+docker pull dcdrai/runtime:latest
+docker run --rm -p 8000:8000 `
+ -e API_TOKEN='dev-token' `
+ -e SESSION_BYPASS_TOKEN='dev-session-bypass' `
+ -v "${PWD}/registry.json:/data/registry.json:ro" `
+ dcdrai/runtime:latest --registry /data/registry.json
+```
+
+#### Linux / macOS
+
+```bash
+docker pull dcdrai/runtime:latest
+docker run --rm -p 8000:8000 \
+ -e API_TOKEN='dev-token' \
+ -e SESSION_BYPASS_TOKEN='dev-session-bypass' \
+ -v "$PWD/registry.json:/data/registry.json:ro" \
+ dcdrai/runtime:latest --registry /data/registry.json
+```
+
+### 3) Call the runtime (curl)
+
+Healthcheck:
+
+```bash
+curl -sS -H 'token: dev-token' http://localhost:8000/api/system/healthcheck
+```
+
+Execute the `HELLO_WORLD` intent:
+
+```bash
+curl -sS \
+ -H 'Content-Type: application/json' \
+ -H 'token: dev-token' \
+ -H 'x-session-bypass: dev-session-bypass' \
+ -X POST http://localhost:8000/api/execution/run/HELLO_WORLD \
+ -d '{"vars":{"name":"Ada"}}'
+```
+
+### 4) Swagger / OpenAPI
+
+- Swagger UI: `http://localhost:8000/api/docs`
+- OpenAPI JSON: `http://localhost:8000/api/openapi.json`
+
+---
+
+## Use the TypeScript client
+
+### Client config & auth modes
+
+`DcdrRuntimeClient` supports two auth modes:
+
+- **Customer mode (Cloud; also Cloud Pro)**: `bearerToken` → sends `Authorization: Bearer <DcdrSessionToken>`
+  - You obtain the `DcdrSessionToken` in Cloud.
+- **Internal/dev mode (Runtime (self-hosted))**: `apiToken` → sends `token: <token>`
+  - Note: `/api/execution/*` endpoints require a session. For dev/testing you can set `SESSION_BYPASS_TOKEN` on the runtime and pass `sessionBypassToken` in the client (sends `x-session-bypass`).
+
+Install (in a Node/TS app):
+
+```bash
+npm i @dcdr/contracts
+```
+
+Example (internal/dev mode):
+
+```ts
+import { DcdrRuntimeClient } from "@dcdr/contracts/runtime.client";
+
+const client = new DcdrRuntimeClient({
+  baseUrl: "http://localhost:8000",
+  apiToken: "dev-token",
+  sessionBypassToken: "dev-session-bypass",
+});
+
+const health = await client.healthcheck();
+const res = await client.executeIntent("HELLO_WORLD", {
+  vars: { name: "Ada" },
+});
+
+console.log(health.status);
+console.log(res.status, res.output);
+```
+
+Example (customer mode / live):
+
+```ts
+import { DcdrRuntimeClient } from "@dcdr/contracts/runtime.client";
+
+const client = new DcdrRuntimeClient({
+  // baseUrl defaults to https://runtime.dcdr.ai
+  bearerToken: process.env.DCDR_SESSION_TOKEN,
+});
+
+// 1) Verify token is accepted (recommended during setup/debugging)
+const auth = await client.authCheck();
+console.log(auth.valid, auth.authMode, auth.cid);
+
+// 2) Execute your first Intent (must exist in your Registry)
+const res = await client.executeIntent("MY_FIRST_INTENT", {
+  vars: { topic: "hello", language: "es" },
+});
+
+console.log(res.status, res.output);
+```
+
+Full client reference: [docs/CLIENT.md](docs/CLIENT.md)
+
+Prometheus metrics: [docs/PROMETHEUS_METRICS.md](docs/PROMETHEUS_METRICS.md)
+
+---
+
+## 🧪 Common patterns (recipes)
+
+### 1) Strict JSON output Intent
+
+Use this pattern when you need guaranteed machine-readable outputs.
+
+```json
+{
+  "id": "INTENT_ID",
+  "intent": "FORMAT_PARSER",
+  "type": "CHAT",
+  "active": true,
+  "outputSchema": {
+    "result": { "type": "string", "required": true }
+  },
+  "defaultPrompt": {
+    "id": "PROMPT_ID",
+    "version": "v1",
+    "name": "format-parser",
+    "sha256": "PROMPT_SHA256",
+    "semanticHash": "PROMPT_SEMANTIC_HASH",
+    "messages": [
+      { "role": "system", "content": "Return JSON only." },
+      { "role": "user", "content": "Input: {{text}}" }
+    ],
+    "variablesInterpolationType": "MUSTACHE",
+    "params": { "response_format": "json_schema" }
+  },
+  "retryPolicy": {
+    "maxAttempts": 3,
+    "allowFallback": true,
+    "repairOnParseFail": true,
+    "retryOn": ["PARSE_FAIL", "SCHEMA_FAIL"]
+  },
+  "implementations": [
+    {
+      "id": "IMPL_ID",
+      "provider": "OPEN_AI",
+      "name": "openai-format-parser",
+      "version": "v1",
+      "sha256": "IMPL_SHA256",
+      "semanticHash": "IMPL_SEMANTIC_HASH",
+      "model": "gpt-4.1-mini",
+      "endpoint": "https://api.openai.com/v1",
+      "active": true
+    }
+  ]
+}
+```
+
+### 2) Weighted routing across two models
+
+```json
+{
+  "executionPolicy": { "type": "WEIGHTED" },
+  "implementations": [
+    {
+      "id": "IMPL_PRIMARY",
+      "provider": "OPEN_AI",
+      "name": "primary",
+      "version": "v1",
+      "sha256": "IMPL_SHA256_1",
+      "semanticHash": "IMPL_SEMANTIC_HASH_1",
+      "model": "gpt-4.1-mini",
+      "endpoint": "https://api.openai.com/v1",
+      "active": true,
+      "weight": 0.7
+    },
+    {
+      "id": "IMPL_SECONDARY",
+      "provider": "OPEN_AI",
+      "name": "secondary",
+      "version": "v1",
+      "sha256": "IMPL_SHA256_2",
+      "semanticHash": "IMPL_SEMANTIC_HASH_2",
+      "model": "gpt-4.1",
+      "endpoint": "https://api.openai.com/v1",
+      "active": true,
+      "weight": 0.3
+    }
+  ]
+}
+```
+
+### 3) Debugging Intent rendering (`dryRun`)
+
+```bash
+curl -sS \
+ -H 'Content-Type: application/json' \
+ -H 'token: dev-token' \
+ -X POST http://localhost:8000/api/execution/dry-run/HELLO_WORLD \
+ -d '{"vars":{"name":"Ada"}}'
+```
+
+Shows rendered messages and resolved execution configuration, without calling an external provider.
+
+---
+
+## ⚙️ Introduction to execution modes
+
+- Runtime (self-hosted): you run the runtime; you manage the Registry in `registry.json`.
+- Cloud: managed runtime + managed Registry/configuration.
+- Cloud Pro: Cloud + Cloud Pro entitlements.
+
+See full feature matrix: [docs/TIERS_FEATURE_MATRIX.md](docs/TIERS_FEATURE_MATRIX.md)
+
+---
+
+## More docs
+
+### Core concepts
+
+- [docs/CONTRACTS.md](docs/CONTRACTS.md) — How Registries, Intents, implementations, policies, and capabilities fit together.
+- [docs/PLATFORM_OVERVIEW.md](docs/PLATFORM_OVERVIEW.md) — Runtime (self-hosted) vs Cloud vs Cloud Pro (what runs where, who owns what).
+- [docs/TIERS_FEATURE_MATRIX.md](docs/TIERS_FEATURE_MATRIX.md) — One-page feature/tier reference.
+
+### Development
+
+- [docs/CLIENT.md](docs/CLIENT.md) — Full `DcdrRuntimeClient` reference (methods, auth options, errors).
+- [docs/EXECUTION_ERROR_CODES.md](docs/EXECUTION_ERROR_CODES.md) — Stable runtime execution error codes and their meanings.
+- [docs/CLI.md](docs/CLI.md) — CLI usage patterns (healthcheck, run, demo, dry-run).
+- [docs/STREAMING_EXECUTION_SSE.md](docs/STREAMING_EXECUTION_SSE.md) — Streaming intent execution over SSE (`/api/execution/stream/:intent`).
+- [docs/RUNTIME_ADVANCED_CONFIG.md](docs/RUNTIME_ADVANCED_CONFIG.md) — Runtime (self-hosted) env vars (SSL/HTTPS, networking, auth, logs, metrics).
+
+### Integrations
+
+- [docs/OPENAPI_SDKS.md](docs/OPENAPI_SDKS.md) — Generate Python/C#/Java SDKs from `openapi.runtime.json`.
+- [docs/PROMETHEUS_METRICS.md](docs/PROMETHEUS_METRICS.md) — Metrics endpoint + the Prometheus gauges/counters we expose.
+- [docs/EXAMPLES.md](docs/EXAMPLES.md) — End-to-end examples and small recipes.
+- [CHANGELOG.md](CHANGELOG.md) — Release notes (synced from the runtime repo changelog; entries start with <kbd>RUNTIME</kbd> / <kbd>CONTRACTS</kbd>).

package/dist/capabilities.contract.d.ts

@@ -0,0 +1,69 @@
+import { DcdrRegistry } from "./control.contract";
+import { IntentContract } from "./intent.contract";
+/**
+ * Stable, public capability identifiers derived from configuration/registry usage.
+ *
+ * Purpose
+ * - Provide a single, exportable vocabulary to describe what a given registry/config *requires*.
+ * - Enable:
+ *   - Freeware runtime (`runtime` mode) to reject advanced features (allowlist).
+ *   - Backend tier enforcement to map subscriptions/features to required runtime capabilities.
+ *
+ * Notes
+ * - These are *technical* capabilities, not billing/subscription concepts.
+ * - Keep values stable; they can become part of wire-level compatibility checks.
+ */
+export declare enum CapabilityKey {
+    /** Prompt canary rollouts (canary prompt + weight). */
+    AI_PROMPTS_CANARY = "AI_PROMPTS_CANARY",
+    /** Any non-default/advanced execution policy (non-WEIGHTED). */
+    AI_INTENTS_ADVANCED_EXECUTION_POLICY = "AI_INTENTS_ADVANCED_EXECUTION_POLICY",
+    /** ExecutionPolicy exploration enabled (epsilon-greedy / top-K sampling). */
+    AI_INTENTS_EXPLORATION_POLICY = "AI_INTENTS_EXPLORATION_POLICY",
+    /** Response caching enabled with per-implementation TTL configuration. */
+    AI_RUNTIME_CACHE_TTL_CONFIGURABLE = "AI_RUNTIME_CACHE_TTL_CONFIGURABLE",
+    /** Execution window override at the implementation level. */
+    AI_BASE_MODEL_EXECUTION_WINDOWS_OVERRIDE_PER_IMPLEMENTATION = "AI_BASE_MODEL_EXECUTION_WINDOWS_OVERRIDE_PER_IMPLEMENTATION",
+    /** Backend registry sync (cloud/cloud-pro control plane). */
+    AI_RUNTIME_BACKEND_REGISTRY_SYNC = "AI_RUNTIME_BACKEND_REGISTRY_SYNC",
+    /** Backend log ingestion (cloud/cloud-pro; runtime/freeware should not send logs to backend). */
+    AI_OBSERVABILITY_BACKEND_LOG_INGESTION = "AI_OBSERVABILITY_BACKEND_LOG_INGESTION",
+    /** Internal backend bypass auth mode (backend-to-runtime trusted traffic). */
+    AI_SECURITY_INTERNAL_BYPASS = "AI_SECURITY_INTERNAL_BYPASS"
+}
+/**
+ * Extracts required capabilities for a single intent.
+ * @param intent The intent contract to inspect.
+ * @returns Required capabilities for this intent.
+ */
+export declare function getRequiredCapabilitiesForIntent(intent: IntentContract): CapabilityKey[];
+/**
+ * Derives the set of required capabilities implied by a registry.
+ *
+ * Intended usage
+ * - Runtime freeware mode: compare with an allowlist and fail loudly when unsupported.
+ * - Backend: map subscription/module-features to capabilities and enforce before emitting a registry.
+ *
+ * @param registry The registry to inspect.
+ * @returns Unique capability keys required by the registry.
+ */
+export declare function getRequiredCapabilitiesFromRegistry(registry: DcdrRegistry): CapabilityKey[];
+/**
+ * Returns the capabilities that are required but not present in the allowlist.
+ * @param required Required capabilities.
+ * @param allowed Allowed capabilities.
+ * @returns Missing capabilities.
+ */
+export declare function getMissingCapabilities(required: CapabilityKey[], allowed: CapabilityKey[]): CapabilityKey[];
+/**
+ * Asserts that all required capabilities are in the allowlist.
+ *
+ * Intended usage
+ * - Freeware runtime mode: reject registries/configurations that require pro/cloud capabilities.
+ *
+ * @param required Required capabilities.
+ * @param allowed Allowed capabilities.
+ * @param context Optional context string included in error messages.
+ */
+export declare function assertCapabilitiesAllowed(required: CapabilityKey[], allowed: CapabilityKey[], context?: string): void;
+//# sourceMappingURL=capabilities.contract.d.ts.map

package/dist/capabilities.contract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capabilities.contract.d.ts","sourceRoot":"","sources":["../src/capabilities.contract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAGnD;;;;;;;;;;;;GAYG;AACH,oBAAY,aAAa;IACvB,uDAAuD;IACvD,iBAAiB,sBAAsB;IAEvC,gEAAgE;IAChE,oCAAoC,yCAAyC;IAE7E,6EAA6E;IAC7E,6BAA6B,kCAAkC;IAE/D,0EAA0E;IAC1E,iCAAiC,sCAAsC;IAEvE,6DAA6D;IAC7D,2DAA2D,gEAAgE;IAM3H,6DAA6D;IAC7D,gCAAgC,qCAAqC;IAErE,iGAAiG;IACjG,sCAAsC,2CAA2C;IAEjF,8EAA8E;IAC9E,2BAA2B,gCAAgC;CAC5D;AAED;;;;GAIG;AACH,wBAAgB,gCAAgC,CAAC,MAAM,EAAE,cAAc,GAAG,aAAa,EAAE,CA+BxF;AAED;;;;;;;;;GASG;AACH,wBAAgB,mCAAmC,CAAC,QAAQ,EAAE,YAAY,GAAG,aAAa,EAAE,CAW3F;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,aAAa,EAAE,EAAE,OAAO,EAAE,aAAa,EAAE,GAAG,aAAa,EAAE,CAS3G;AAED;;;;;;;;;GASG;AACH,wBAAgB,yBAAyB,CAAC,QAAQ,EAAE,aAAa,EAAE,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAMrH"}