npm - @elevasis/core - Versions diffs - 0.38.0 → 0.40.0 - Mend

@elevasis/core 0.38.0 → 0.40.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/auth/index.d.ts +1 -0
package/dist/index.d.ts +1 -0
package/dist/index.js +12 -0
package/dist/knowledge/index.d.ts +21 -14
package/dist/knowledge/index.js +10 -1
package/dist/organization-model/index.d.ts +1 -0
package/dist/organization-model/index.js +12 -0
package/dist/test-utils/index.d.ts +1 -0
package/dist/test-utils/index.js +12 -0
package/package.json +1 -1
package/src/business/acquisition/ontology-validation.ts +31 -9
package/src/knowledge/index.ts +14 -1
package/src/knowledge/queries.ts +74 -15
package/src/organization-model/__tests__/snapshot-hash.test.ts +82 -0
package/src/organization-model/index.ts +1 -0
package/src/organization-model/schema.ts +12 -0
package/src/organization-model/server/snapshot-hash-server.ts +23 -0
package/src/organization-model/snapshot-hash.ts +64 -0
package/src/platform/constants/versions.ts +1 -1
package/src/platform/registry/validation.ts +21 -7
package/src/server.ts +292 -289

package/src/platform/registry/validation.ts CHANGED Viewed

@@ -23,6 +23,7 @@ import {
   computeInterfaceReadiness,
   type SystemInterfaceReadinessIssueFamily
 } from '../../business/acquisition/ontology-validation'
+import { SYSTEM_INTERFACE_PROFILES } from '../../organization-model/domains/systems'
 import type { OmTopologyNodeRef } from '../../organization-model/domains/topology'
 import type {
   TriggerDefinition,
@@ -615,20 +616,28 @@ function addSystemInterfaceIssue(
 /**
  * Detects systems that are API-backed (have resources with non-empty ontology
- * bindings) but have not declared `apiInterface` in the Organization Model.
+ * bindings), CAN adopt a platform-cataloged `apiInterface` readinessProfile
+ * (system path appears in `SYSTEM_INTERFACE_PROFILES`), but have not declared
+ * `apiInterface` in the Organization Model.
  *
- * Broad-by-design — tighten via test-driven counterexample.
- * See _execution-plan.mdx Decision 1.
+ * Originally broad-by-design (flagged any system with ontology actions/writes
+ * lacking apiInterface). Tightened in @elevasis/sdk@1.30.1 after the template
+ * surfaced the unactionable-paradox case: custom systems (e.g. `sys.operations`,
+ * `sys.notifications`) have valid `ontology.actions` bindings but cannot adopt
+ * one of the closed-catalog readiness profiles, AND the documented guidance
+ * ("Custom Systems should not declare apiInterface") is incompatible with the
+ * broad heuristic. The gate now only flags systems where adoption is even
+ * possible — i.e. the system path matches a cataloged profile's `systemPath`.
  *
- * A system is flagged when:
+ * A system is flagged when ALL of:
  *   (a) `system.apiInterface === undefined`, AND
  *   (b) at least one resource in `organizationModel.resources` has
  *       `resource.systemPath` matching the system path AND
- *       `resource.ontology` non-empty (has `actions` and/or `writes` defined).
+ *       `resource.ontology` non-empty (has `actions` and/or `writes` defined), AND
+ *   (c) the system path appears as a cataloged `systemPath` in
+ *       `SYSTEM_INTERFACE_PROFILES` (so adopting a profile is actually possible).
  *
  * Returns `[]` when `organizationModel` is undefined or no gaps are found.
- * The structured return value drives both CLI warnings and scaffold fill-mode
- * input payloads without any transformation on the caller side.
  */
 export function detectMissingApiInterfaceDeclarations(
   orgName: string,
@@ -655,10 +664,15 @@ export function detectMissingApiInterfaceDeclarations(
   if (apiBoundResourcesBySystemPath.size === 0) return []
+  // Closed-catalog filter: a system is only a candidate for missing apiInterface
+  // if it could actually adopt one of the cataloged platform profiles.
+  const catalogedSystemPaths = new Set<string>(SYSTEM_INTERFACE_PROFILES.map((profile) => profile.systemPath))
   const gaps: ApiInterfaceConformanceGap[] = []
   for (const { path, system } of listAllSystems(organizationModel)) {
     if (system.apiInterface !== undefined) continue
+    if (!catalogedSystemPaths.has(path)) continue
     const resourceIds = apiBoundResourcesBySystemPath.get(path)
     if (!resourceIds || resourceIds.length === 0) continue
     gaps.push({

package/src/server.ts CHANGED Viewed

@@ -1,289 +1,292 @@
-/**
- * Server-only exports for @repo/core
- *
- * WARNING: DO NOT import in browser/frontend code
- * This module uses Node.js APIs (crypto, process.env) and server-side libraries
- *
- * For browser-safe imports, use '@repo/core' instead
- */
-// Credential management (uses Node.js crypto)
-export {
-  encryptCredential,
-  decryptCredential,
-  setKek,
-  clearKeks,
-  CURRENT_KEY_ID,
-  LEGACY_KEY_ID
-} from './auth/multi-tenancy/credentials/server/encryption'
-export { loadCredentialKEKs } from './auth/multi-tenancy/credentials/server/kek-loader'
-export {
-  prepareCredentialForInsert,
-  decryptCredentialValue,
-  transformToMetadata,
-  type CreateCredentialParams,
-  type CredentialMetadata
-} from './auth/multi-tenancy/credentials/server/service'
-// Session management (uses Supabase service client)
-export { SessionManager } from './operations/sessions/server/manager'
-export { Session } from './operations/sessions/server/session'
-export type {
-  SessionTurnResult,
-  CreateSessionParams,
-  ListSessionsFilters,
-  SessionRow,
-  SessionInsert
-} from './operations/sessions/types'
-// Multi-tenancy WorkOS types and transforms (server-only)
-export * from './auth/multi-tenancy/organizations/server'
-export * from './auth/multi-tenancy/users/server'
-export * from './auth/multi-tenancy/memberships/server'
-export * from './auth/multi-tenancy/invitations/server'
-// Note: Browser-safe and Supabase types are re-exported from /server subdirectories
-// No additional re-exports needed here to avoid conflicts
-// Supabase client (service role with process.env credentials - lazy initialization)
-export { getSupabaseClient, supabaseClient } from './supabase/server/client'
-export type { SupabaseClient, Database, Tables, TablesInsert, TablesUpdate, Json } from './supabase'
-// OAuth credentials and token refresh (uses process.env for client credentials)
-export { getOAuthCredentials } from './integrations/oauth/server/credentials'
-export { refreshOAuthTokenIfExpired, forceRefreshOAuthToken } from './integrations/oauth/server/refresh'
-// Integration adapters (uses Node.js SDKs - googleapis, @slack/web-api)
-export { GmailAdapter } from './execution/engine/tools/integration/server/adapters/gmail/gmail-adapter'
-export { AttioAdapter } from './execution/engine/tools/integration/server/adapters/attio'
-export { GoogleSheetsAdapter } from './execution/engine/tools/integration/server/adapters/google-sheets'
-export { ApifyAdapter } from './execution/engine/tools/integration/server/adapters/apify'
-export { ApolloAdapter } from './execution/engine/tools/integration/server/adapters/apollo'
-export { InstantlyAdapter } from './execution/engine/tools/integration/server/adapters/instantly'
-export { ResendAdapter } from './execution/engine/tools/integration/server/adapters/resend'
-export { AnymailfinderAdapter } from './execution/engine/tools/integration/server/adapters/anymailfinder'
-export { TombaAdapter } from './execution/engine/tools/integration/server/adapters/tomba'
-export { MillionVerifierAdapter } from './execution/engine/tools/integration/server/adapters/millionverifier'
-export { StripeAdapter } from './execution/engine/tools/integration/server/adapters/stripe'
-export { SignatureApiAdapter } from './execution/engine/tools/integration/server/adapters/signature-api'
-export { DropboxAdapter } from './execution/engine/tools/integration/server/adapters/dropbox'
-export { ClickUpAdapter } from './execution/engine/tools/integration/server/adapters/clickup'
-export {
-  GoogleCalendarAdapter,
-  type CalendarEvent,
-  type CalendarDateTime,
-  type ListEventsResult
-} from './execution/engine/tools/integration/server/adapters/google-calendar'
-// Integration Tool Factories (server-only - uses adapters above)
-export {
-  createGmailSendEmailTool,
-  createGmailSendEmailToolNamed
-} from './execution/engine/tools/integration/server/adapters/gmail/gmail-tools'
-export {
-  createAttioCreateRecordTool,
-  createAttioUpdateRecordTool,
-  createAttioListRecordsTool,
-  createAttioGetRecordTool,
-  createAttioDeleteRecordTool,
-  createAttioToolNamed,
-  // Schema operations
-  createAttioListObjectsTool,
-  createAttioListAttributesTool,
-  createAttioCreateAttributeTool,
-  createAttioUpdateAttributeTool,
-  // Note operations
-  createAttioCreateNoteTool
-} from './execution/engine/tools/integration/server/adapters/attio'
-export {
-  // Core methods
-  createGoogleSheetsReadTool,
-  createGoogleSheetsWriteTool,
-  createGoogleSheetsAppendTool,
-  createGoogleSheetsClearTool,
-  createGoogleSheetsMetadataTool,
-  createGoogleSheetsBatchUpdateTool,
-  // Workflow-friendly methods
-  createGoogleSheetsGetHeadersTool,
-  createGoogleSheetsGetLastRowTool,
-  createGoogleSheetsFindRowTool,
-  createGoogleSheetsUpdateRowTool,
-  createGoogleSheetsUpsertRowTool,
-  createGoogleSheetsFilterRowsTool,
-  createGoogleSheetsDeleteRowTool
-} from './execution/engine/tools/integration/server/adapters/google-sheets'
-export { createApifyRunActorTool } from './execution/engine/tools/integration/server/adapters/apify'
-export {
-  createInstantlySendReplyTool,
-  createInstantlyRemoveFromSubsequenceTool,
-  createInstantlyGetEmailsTool,
-  createInstantlyUpdateInterestStatusTool,
-  createInstantlyAddToCampaignTool
-} from './execution/engine/tools/integration/server/adapters/instantly'
-export {
-  createResendSendEmailTool,
-  createResendGetEmailTool,
-  createResendSendEmailToolNamed
-} from './execution/engine/tools/integration/server/adapters/resend'
-export {
-  createAnymailfinderFindCompanyEmailTool,
-  createAnymailfinderFindPersonEmailTool,
-  createAnymailfinderFindDecisionMakerEmailTool,
-  createAnymailfinderVerifyEmailTool
-} from './execution/engine/tools/integration/server/adapters/anymailfinder'
-export {
-  createTombaEmailFinderTool,
-  createTombaDomainSearchTool,
-  createTombaEmailVerifierTool
-} from './execution/engine/tools/integration/server/adapters/tomba'
-export {
-  createMillionVerifierVerifyEmailTool,
-  createMillionVerifierCheckCreditsTool
-} from './execution/engine/tools/integration/server/adapters/millionverifier'
-export {
-  createDropboxUploadTool,
-  createDropboxCreateFolderTool
-} from './execution/engine/tools/integration/server/adapters/dropbox'
-export {
-  createStripeCreatePaymentLinkTool,
-  createStripeGetPaymentLinkTool,
-  createStripeUpdatePaymentLinkTool,
-  createStripeListPaymentLinksTool,
-  createStripeCheckoutSessionTool,
-  createStripeAutoPaymentLinkTool
-} from './execution/engine/tools/integration/server/adapters/stripe'
-// Resend fetch functions (low-level API for platform email service)
-export { sendEmail as sendResendEmail } from './execution/engine/tools/integration/server/adapters/resend/fetch/send-email/index'
-export type {
-  ResendCredentials,
-  SendEmailParams as ResendSendEmailParams,
-  SendEmailResult as ResendSendEmailResult
-} from './execution/engine/tools/integration/server/adapters/resend/fetch/utils/types'
-// Resend email configuration (high-level sender config for workflows)
-export type { ResendEmailConfig } from './execution/engine/tools/integration/server/adapters/resend/types'
-// SignatureAPI types (for eSignature envelope operations)
-export type {
-  SignatureApiCredentials,
-  CreateEnvelopeParams,
-  CreateEnvelopeResult,
-  VoidEnvelopeParams,
-  VoidEnvelopeResult,
-  DownloadDocumentParams,
-  DownloadDocumentResult,
-  EnvelopeDocument,
-  Recipient,
-  SigningPlace
-} from './execution/engine/tools/integration/server/adapters/signature-api'
-// Execution validators (uses process.env for environment detection)
-export { detectEnvironment, canExecuteResource, type Environment } from './execution/core/server/environment'
-// HMAC token utilities (uses Node.js crypto - server-only)
-export { generateHmacToken, verifyHmacToken, generateBrochureUrl } from './platform/utils/server/hmac'
-export {
-  generateUnsubscribeToken,
-  verifyUnsubscribeToken,
-  generateUnsubscribeUrl,
-  generateUnsubscribeHeaders
-} from './platform/utils/server/unsubscribe'
-// Better Stack error logging (uses @sentry/node - server-only)
-export {
-  bslogExternalServiceError,
-  bslogExecutionFailure,
-  isSystemError
-} from './platform/utils/server/betterstack-logger'
-// LLM Adapters (uses betterstack-logger - server-only)
-export { OpenAIAdapter, isOpenAIModel, type OpenAIAdapterConfig } from './execution/engine/llm/adapters/server/openai'
-export {
-  OpenRouterAdapter,
-  isOpenRouterModel,
-  type OpenRouterAdapterConfig
-} from './execution/engine/llm/adapters/server/openrouter'
-export { createLLMAdapter } from './execution/engine/llm/adapters/server/adapter-factory'
-// Browser-safe adapters (also exported from server for convenience)
-export { UniversalLLMAdapter } from './execution/engine/llm/adapters/universal-adapter'
-export { MockAdapter, isMockModel } from './execution/engine/llm/adapters/mock-adapter'
-export { configureCircuitBreakerAlerts } from './execution/engine/llm/adapters/circuit-breaker'
-// LLM Tool factory (uses server-only adapters)
-export { createLLMCallTool, type LLMCallToolConfig } from './execution/engine/tools/llm/server'
-// Workflow step helper (uses server-only adapters)
-export { llmCall, type LLMCallOptions } from './execution/engine/workflow/helpers/server'
-// Retained server-side resource invocation service types live under @repo/core/execution.
-// Deployed SDK workers use platform.call() -> dispatcher for nested execution.
-// Resilience utilities (timeout, circuit breaker, infrastructure errors)
-export {
-  // Existing
-  withTimeout,
-  SERVICE_TIMEOUTS,
-  createCircuitBreaker,
-  CircuitState,
-  ServiceTimeoutError,
-  ServiceUnavailableError,
-  isInfrastructureError,
-  type CircuitBreaker,
-  type CircuitBreakerConfig,
-  // Rate limiting
-  InMemoryRateLimiter,
-  createRateLimiter,
-  // Retry logic
-  withRetry,
-  calculateRetryDelay,
-  sleep,
-  DEFAULT_RETRY_POLICY,
-  // HTTP error mapping
-  createHttpError,
-  mapHttpStatusToErrorType,
-  type RateLimiter,
-  type RetryPolicy,
-  type HttpErrorContext,
-  type ErrorParser
-} from './platform/resilience'
-// Acquisition Platform Tools (lead database)
-export {
-  // List tools
-  createAcqListCreateTool,
-  createAcqListUpdateTool,
-  createAcqListDeleteTool,
-  createAcqListListTool,
-  // Company tools
-  createAcqCompanyCreateTool,
-  createAcqCompanyUpdateTool,
-  createAcqCompanyUpsertTool,
-  createAcqCompanyGetTool,
-  createAcqCompanyListTool,
-  createAcqCompanyDeleteTool,
-  // Contact tools
-  createAcqContactCreateTool,
-  createAcqContactUpdateTool,
-  createAcqContactUpsertTool,
-  createAcqContactGetTool,
-  createAcqContactListTool,
-  createAcqContactDeleteTool,
-  createAcqContactBulkImportTool
-} from './execution/engine/tools/platform/acquisition'
-// PDF Tool (server-only - uses React-PDF renderToBuffer)
-export {
-  createPdfRenderTool,
-  type PdfRenderInput,
-  type PdfRenderOutput,
-  type PdfToolConfig,
-  PdfRenderInputSchema,
-  PdfRenderOutputSchema
-} from './execution/engine/tools/platform/pdf'
-// PDF Document types (for constructing documents programmatically)
-export type { PDFDocument, ContentBlock, Page as PDFPage } from './business/pdf/types'
+/**
+ * Server-only exports for @repo/core
+ *
+ * WARNING: DO NOT import in browser/frontend code
+ * This module uses Node.js APIs (crypto, process.env) and server-side libraries
+ *
+ * For browser-safe imports, use '@repo/core' instead
+ */
+// Credential management (uses Node.js crypto)
+export {
+  encryptCredential,
+  decryptCredential,
+  setKek,
+  clearKeks,
+  CURRENT_KEY_ID,
+  LEGACY_KEY_ID
+} from './auth/multi-tenancy/credentials/server/encryption'
+export { loadCredentialKEKs } from './auth/multi-tenancy/credentials/server/kek-loader'
+export {
+  prepareCredentialForInsert,
+  decryptCredentialValue,
+  transformToMetadata,
+  type CreateCredentialParams,
+  type CredentialMetadata
+} from './auth/multi-tenancy/credentials/server/service'
+// Session management (uses Supabase service client)
+export { SessionManager } from './operations/sessions/server/manager'
+export { Session } from './operations/sessions/server/session'
+export type {
+  SessionTurnResult,
+  CreateSessionParams,
+  ListSessionsFilters,
+  SessionRow,
+  SessionInsert
+} from './operations/sessions/types'
+// Multi-tenancy WorkOS types and transforms (server-only)
+export * from './auth/multi-tenancy/organizations/server'
+export * from './auth/multi-tenancy/users/server'
+export * from './auth/multi-tenancy/memberships/server'
+export * from './auth/multi-tenancy/invitations/server'
+// Note: Browser-safe and Supabase types are re-exported from /server subdirectories
+// No additional re-exports needed here to avoid conflicts
+// Supabase client (service role with process.env credentials - lazy initialization)
+export { getSupabaseClient, supabaseClient } from './supabase/server/client'
+export type { SupabaseClient, Database, Tables, TablesInsert, TablesUpdate, Json } from './supabase'
+// OAuth credentials and token refresh (uses process.env for client credentials)
+export { getOAuthCredentials } from './integrations/oauth/server/credentials'
+export { refreshOAuthTokenIfExpired, forceRefreshOAuthToken } from './integrations/oauth/server/refresh'
+// Integration adapters (uses Node.js SDKs - googleapis, @slack/web-api)
+export { GmailAdapter } from './execution/engine/tools/integration/server/adapters/gmail/gmail-adapter'
+export { AttioAdapter } from './execution/engine/tools/integration/server/adapters/attio'
+export { GoogleSheetsAdapter } from './execution/engine/tools/integration/server/adapters/google-sheets'
+export { ApifyAdapter } from './execution/engine/tools/integration/server/adapters/apify'
+export { ApolloAdapter } from './execution/engine/tools/integration/server/adapters/apollo'
+export { InstantlyAdapter } from './execution/engine/tools/integration/server/adapters/instantly'
+export { ResendAdapter } from './execution/engine/tools/integration/server/adapters/resend'
+export { AnymailfinderAdapter } from './execution/engine/tools/integration/server/adapters/anymailfinder'
+export { TombaAdapter } from './execution/engine/tools/integration/server/adapters/tomba'
+export { MillionVerifierAdapter } from './execution/engine/tools/integration/server/adapters/millionverifier'
+export { StripeAdapter } from './execution/engine/tools/integration/server/adapters/stripe'
+export { SignatureApiAdapter } from './execution/engine/tools/integration/server/adapters/signature-api'
+export { DropboxAdapter } from './execution/engine/tools/integration/server/adapters/dropbox'
+export { ClickUpAdapter } from './execution/engine/tools/integration/server/adapters/clickup'
+export {
+  GoogleCalendarAdapter,
+  type CalendarEvent,
+  type CalendarDateTime,
+  type ListEventsResult
+} from './execution/engine/tools/integration/server/adapters/google-calendar'
+// Integration Tool Factories (server-only - uses adapters above)
+export {
+  createGmailSendEmailTool,
+  createGmailSendEmailToolNamed
+} from './execution/engine/tools/integration/server/adapters/gmail/gmail-tools'
+export {
+  createAttioCreateRecordTool,
+  createAttioUpdateRecordTool,
+  createAttioListRecordsTool,
+  createAttioGetRecordTool,
+  createAttioDeleteRecordTool,
+  createAttioToolNamed,
+  // Schema operations
+  createAttioListObjectsTool,
+  createAttioListAttributesTool,
+  createAttioCreateAttributeTool,
+  createAttioUpdateAttributeTool,
+  // Note operations
+  createAttioCreateNoteTool
+} from './execution/engine/tools/integration/server/adapters/attio'
+export {
+  // Core methods
+  createGoogleSheetsReadTool,
+  createGoogleSheetsWriteTool,
+  createGoogleSheetsAppendTool,
+  createGoogleSheetsClearTool,
+  createGoogleSheetsMetadataTool,
+  createGoogleSheetsBatchUpdateTool,
+  // Workflow-friendly methods
+  createGoogleSheetsGetHeadersTool,
+  createGoogleSheetsGetLastRowTool,
+  createGoogleSheetsFindRowTool,
+  createGoogleSheetsUpdateRowTool,
+  createGoogleSheetsUpsertRowTool,
+  createGoogleSheetsFilterRowsTool,
+  createGoogleSheetsDeleteRowTool
+} from './execution/engine/tools/integration/server/adapters/google-sheets'
+export { createApifyRunActorTool } from './execution/engine/tools/integration/server/adapters/apify'
+export {
+  createInstantlySendReplyTool,
+  createInstantlyRemoveFromSubsequenceTool,
+  createInstantlyGetEmailsTool,
+  createInstantlyUpdateInterestStatusTool,
+  createInstantlyAddToCampaignTool
+} from './execution/engine/tools/integration/server/adapters/instantly'
+export {
+  createResendSendEmailTool,
+  createResendGetEmailTool,
+  createResendSendEmailToolNamed
+} from './execution/engine/tools/integration/server/adapters/resend'
+export {
+  createAnymailfinderFindCompanyEmailTool,
+  createAnymailfinderFindPersonEmailTool,
+  createAnymailfinderFindDecisionMakerEmailTool,
+  createAnymailfinderVerifyEmailTool
+} from './execution/engine/tools/integration/server/adapters/anymailfinder'
+export {
+  createTombaEmailFinderTool,
+  createTombaDomainSearchTool,
+  createTombaEmailVerifierTool
+} from './execution/engine/tools/integration/server/adapters/tomba'
+export {
+  createMillionVerifierVerifyEmailTool,
+  createMillionVerifierCheckCreditsTool
+} from './execution/engine/tools/integration/server/adapters/millionverifier'
+export {
+  createDropboxUploadTool,
+  createDropboxCreateFolderTool
+} from './execution/engine/tools/integration/server/adapters/dropbox'
+export {
+  createStripeCreatePaymentLinkTool,
+  createStripeGetPaymentLinkTool,
+  createStripeUpdatePaymentLinkTool,
+  createStripeListPaymentLinksTool,
+  createStripeCheckoutSessionTool,
+  createStripeAutoPaymentLinkTool
+} from './execution/engine/tools/integration/server/adapters/stripe'
+// Resend fetch functions (low-level API for platform email service)
+export { sendEmail as sendResendEmail } from './execution/engine/tools/integration/server/adapters/resend/fetch/send-email/index'
+export type {
+  ResendCredentials,
+  SendEmailParams as ResendSendEmailParams,
+  SendEmailResult as ResendSendEmailResult
+} from './execution/engine/tools/integration/server/adapters/resend/fetch/utils/types'
+// Resend email configuration (high-level sender config for workflows)
+export type { ResendEmailConfig } from './execution/engine/tools/integration/server/adapters/resend/types'
+// SignatureAPI types (for eSignature envelope operations)
+export type {
+  SignatureApiCredentials,
+  CreateEnvelopeParams,
+  CreateEnvelopeResult,
+  VoidEnvelopeParams,
+  VoidEnvelopeResult,
+  DownloadDocumentParams,
+  DownloadDocumentResult,
+  EnvelopeDocument,
+  Recipient,
+  SigningPlace
+} from './execution/engine/tools/integration/server/adapters/signature-api'
+// Execution validators (uses process.env for environment detection)
+export { detectEnvironment, canExecuteResource, type Environment } from './execution/core/server/environment'
+// Organization Model hash (uses Node.js crypto - server-only)
+export { computeOrganizationModelSnapshotHash } from './organization-model/server/snapshot-hash-server'
+// HMAC token utilities (uses Node.js crypto - server-only)
+export { generateHmacToken, verifyHmacToken, generateBrochureUrl } from './platform/utils/server/hmac'
+export {
+  generateUnsubscribeToken,
+  verifyUnsubscribeToken,
+  generateUnsubscribeUrl,
+  generateUnsubscribeHeaders
+} from './platform/utils/server/unsubscribe'
+// Better Stack error logging (uses @sentry/node - server-only)
+export {
+  bslogExternalServiceError,
+  bslogExecutionFailure,
+  isSystemError
+} from './platform/utils/server/betterstack-logger'
+// LLM Adapters (uses betterstack-logger - server-only)
+export { OpenAIAdapter, isOpenAIModel, type OpenAIAdapterConfig } from './execution/engine/llm/adapters/server/openai'
+export {
+  OpenRouterAdapter,
+  isOpenRouterModel,
+  type OpenRouterAdapterConfig
+} from './execution/engine/llm/adapters/server/openrouter'
+export { createLLMAdapter } from './execution/engine/llm/adapters/server/adapter-factory'
+// Browser-safe adapters (also exported from server for convenience)
+export { UniversalLLMAdapter } from './execution/engine/llm/adapters/universal-adapter'
+export { MockAdapter, isMockModel } from './execution/engine/llm/adapters/mock-adapter'
+export { configureCircuitBreakerAlerts } from './execution/engine/llm/adapters/circuit-breaker'
+// LLM Tool factory (uses server-only adapters)
+export { createLLMCallTool, type LLMCallToolConfig } from './execution/engine/tools/llm/server'
+// Workflow step helper (uses server-only adapters)
+export { llmCall, type LLMCallOptions } from './execution/engine/workflow/helpers/server'
+// Retained server-side resource invocation service types live under @repo/core/execution.
+// Deployed SDK workers use platform.call() -> dispatcher for nested execution.
+// Resilience utilities (timeout, circuit breaker, infrastructure errors)
+export {
+  // Existing
+  withTimeout,
+  SERVICE_TIMEOUTS,
+  createCircuitBreaker,
+  CircuitState,
+  ServiceTimeoutError,
+  ServiceUnavailableError,
+  isInfrastructureError,
+  type CircuitBreaker,
+  type CircuitBreakerConfig,
+  // Rate limiting
+  InMemoryRateLimiter,
+  createRateLimiter,
+  // Retry logic
+  withRetry,
+  calculateRetryDelay,
+  sleep,
+  DEFAULT_RETRY_POLICY,
+  // HTTP error mapping
+  createHttpError,
+  mapHttpStatusToErrorType,
+  type RateLimiter,
+  type RetryPolicy,
+  type HttpErrorContext,
+  type ErrorParser
+} from './platform/resilience'
+// Acquisition Platform Tools (lead database)
+export {
+  // List tools
+  createAcqListCreateTool,
+  createAcqListUpdateTool,
+  createAcqListDeleteTool,
+  createAcqListListTool,
+  // Company tools
+  createAcqCompanyCreateTool,
+  createAcqCompanyUpdateTool,
+  createAcqCompanyUpsertTool,
+  createAcqCompanyGetTool,
+  createAcqCompanyListTool,
+  createAcqCompanyDeleteTool,
+  // Contact tools
+  createAcqContactCreateTool,
+  createAcqContactUpdateTool,
+  createAcqContactUpsertTool,
+  createAcqContactGetTool,
+  createAcqContactListTool,
+  createAcqContactDeleteTool,
+  createAcqContactBulkImportTool
+} from './execution/engine/tools/platform/acquisition'
+// PDF Tool (server-only - uses React-PDF renderToBuffer)
+export {
+  createPdfRenderTool,
+  type PdfRenderInput,
+  type PdfRenderOutput,
+  type PdfToolConfig,
+  PdfRenderInputSchema,
+  PdfRenderOutputSchema
+} from './execution/engine/tools/platform/pdf'
+// PDF Document types (for constructing documents programmatically)
+export type { PDFDocument, ContentBlock, Page as PDFPage } from './business/pdf/types'