npm - @flowdesk/core - Versions diffs - 0.1.0 → 0.1.2 - Mend

@flowdesk/core 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (142) hide show

package/dist/authority-promotion.d.ts +70 -0
package/dist/authority-promotion.d.ts.map +1 -0
package/dist/authority-promotion.js +388 -0
package/dist/authority-promotion.js.map +1 -0
package/dist/chat-control-authority.d.ts +83 -0
package/dist/chat-control-authority.d.ts.map +1 -0
package/dist/chat-control-authority.js +238 -0
package/dist/chat-control-authority.js.map +1 -0
package/dist/chat-hook-authority-probe.d.ts +39 -0
package/dist/chat-hook-authority-probe.d.ts.map +1 -0
package/dist/chat-hook-authority-probe.js +153 -0
package/dist/chat-hook-authority-probe.js.map +1 -0
package/dist/chat-routing.d.ts.map +1 -1
package/dist/chat-routing.js +18 -15
package/dist/chat-routing.js.map +1 -1
package/dist/connector-gateway.d.ts +34 -0
package/dist/connector-gateway.d.ts.map +1 -0
package/dist/connector-gateway.js +147 -0
package/dist/connector-gateway.js.map +1 -0
package/dist/connector-profile.d.ts +41 -0
package/dist/connector-profile.d.ts.map +1 -0
package/dist/connector-profile.js +125 -0
package/dist/connector-profile.js.map +1 -0
package/dist/controlled-conformance-doc-write.d.ts +44 -0
package/dist/controlled-conformance-doc-write.d.ts.map +1 -0
package/dist/controlled-conformance-doc-write.js +142 -0
package/dist/controlled-conformance-doc-write.js.map +1 -0
package/dist/controlled-redacted-audit-export-write.d.ts +45 -0
package/dist/controlled-redacted-audit-export-write.d.ts.map +1 -0
package/dist/controlled-redacted-audit-export-write.js +145 -0
package/dist/controlled-redacted-audit-export-write.js.map +1 -0
package/dist/core-completion-safety-contracts.d.ts +35 -0
package/dist/core-completion-safety-contracts.d.ts.map +1 -0
package/dist/core-completion-safety-contracts.js +98 -0
package/dist/core-completion-safety-contracts.js.map +1 -0
package/dist/dispatch-attempt-manifest.d.ts +59 -0
package/dist/dispatch-attempt-manifest.d.ts.map +1 -0
package/dist/dispatch-attempt-manifest.js +294 -0
package/dist/dispatch-attempt-manifest.js.map +1 -0
package/dist/dispatch-idempotency.d.ts +89 -0
package/dist/dispatch-idempotency.d.ts.map +1 -0
package/dist/dispatch-idempotency.js +275 -0
package/dist/dispatch-idempotency.js.map +1 -0
package/dist/external-auth-policy.d.ts +49 -0
package/dist/external-auth-policy.d.ts.map +1 -0
package/dist/external-auth-policy.js +166 -0
package/dist/external-auth-policy.js.map +1 -0
package/dist/fake-remote-connector-adapter.d.ts +37 -0
package/dist/fake-remote-connector-adapter.d.ts.map +1 -0
package/dist/fake-remote-connector-adapter.js +162 -0
package/dist/fake-remote-connector-adapter.js.map +1 -0
package/dist/fallback-decision.d.ts +29 -0
package/dist/fallback-decision.d.ts.map +1 -0
package/dist/fallback-decision.js +93 -0
package/dist/fallback-decision.js.map +1 -0
package/dist/fallback-regate-plan.d.ts +34 -0
package/dist/fallback-regate-plan.d.ts.map +1 -0
package/dist/fallback-regate-plan.js +122 -0
package/dist/fallback-regate-plan.js.map +1 -0
package/dist/fds1-schema-probe-result.d.ts +37 -0
package/dist/fds1-schema-probe-result.d.ts.map +1 -0
package/dist/fds1-schema-probe-result.js +115 -0
package/dist/fds1-schema-probe-result.js.map +1 -0
package/dist/index.d.ts +25 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +25 -0
package/dist/index.js.map +1 -1
package/dist/lane-heartbeat.d.ts +49 -0
package/dist/lane-heartbeat.d.ts.map +1 -0
package/dist/lane-heartbeat.js +149 -0
package/dist/lane-heartbeat.js.map +1 -0
package/dist/lane-lifecycle-record.d.ts +32 -0
package/dist/lane-lifecycle-record.d.ts.map +1 -0
package/dist/lane-lifecycle-record.js +134 -0
package/dist/lane-lifecycle-record.js.map +1 -0
package/dist/lane-stall-projection.d.ts +43 -0
package/dist/lane-stall-projection.d.ts.map +1 -0
package/dist/lane-stall-projection.js +272 -0
package/dist/lane-stall-projection.js.map +1 -0
package/dist/model-availability-cache.d.ts +286 -0
package/dist/model-availability-cache.d.ts.map +1 -0
package/dist/model-availability-cache.js +1109 -0
package/dist/model-availability-cache.js.map +1 -0
package/dist/operational-intelligence.d.ts +38 -0
package/dist/operational-intelligence.d.ts.map +1 -0
package/dist/operational-intelligence.js +107 -0
package/dist/operational-intelligence.js.map +1 -0
package/dist/production-approval-source.d.ts +61 -0
package/dist/production-approval-source.d.ts.map +1 -0
package/dist/production-approval-source.js +226 -0
package/dist/production-approval-source.js.map +1 -0
package/dist/production-enablement.d.ts +92 -1
package/dist/production-enablement.d.ts.map +1 -1
package/dist/production-enablement.js +421 -8
package/dist/production-enablement.js.map +1 -1
package/dist/production-verification.d.ts +31 -0
package/dist/production-verification.d.ts.map +1 -0
package/dist/production-verification.js +126 -0
package/dist/production-verification.js.map +1 -0
package/dist/provider-usage-collector.d.ts +7 -0
package/dist/provider-usage-collector.d.ts.map +1 -1
package/dist/provider-usage-collector.js +64 -10
package/dist/provider-usage-collector.js.map +1 -1
package/dist/release1-contracts.d.ts +8 -2
package/dist/release1-contracts.d.ts.map +1 -1
package/dist/release1-contracts.js +2 -1
package/dist/release1-contracts.js.map +1 -1
package/dist/remote-write-connector-gate.d.ts +91 -0
package/dist/remote-write-connector-gate.d.ts.map +1 -0
package/dist/remote-write-connector-gate.js +291 -0
package/dist/remote-write-connector-gate.js.map +1 -0
package/dist/runtime-lane-productization.d.ts +78 -0
package/dist/runtime-lane-productization.d.ts.map +1 -0
package/dist/runtime-lane-productization.js +270 -0
package/dist/runtime-lane-productization.js.map +1 -0
package/dist/sanitized-auth-capture.d.ts +50 -0
package/dist/sanitized-auth-capture.d.ts.map +1 -0
package/dist/sanitized-auth-capture.js +164 -0
package/dist/sanitized-auth-capture.js.map +1 -0
package/dist/schema-artifacts.d.ts.map +1 -1
package/dist/schema-artifacts.js +37 -6
package/dist/schema-artifacts.js.map +1 -1
package/dist/schema-registry.d.ts.map +1 -1
package/dist/schema-registry.js +21 -0
package/dist/schema-registry.js.map +1 -1
package/dist/session-evidence.d.ts +117 -0
package/dist/session-evidence.d.ts.map +1 -1
package/dist/session-evidence.js +569 -1
package/dist/session-evidence.js.map +1 -1
package/dist/state-paths.d.ts +1 -1
package/dist/state-paths.d.ts.map +1 -1
package/dist/state-paths.js +56 -6
package/dist/state-paths.js.map +1 -1
package/dist/status.d.ts +7 -0
package/dist/status.d.ts.map +1 -1
package/dist/status.js +89 -1
package/dist/status.js.map +1 -1
package/dist/validators.d.ts +1 -0
package/dist/validators.d.ts.map +1 -1
package/dist/validators.js +30 -7
package/dist/validators.js.map +1 -1
package/package.json +1 -1

package/dist/production-enablement.d.ts CHANGED Viewed

@@ -1,8 +1,11 @@
+import type { FlowDeskExternalAuthProviderPolicyResultV1 } from "./external-auth-policy.js";
+import type { FlowDeskConfiguredVerificationResultV1 } from "./production-verification.js";
+import type { FlowDeskSanitizedAuthCaptureResultV1 } from "./sanitized-auth-capture.js";
 import type { FlowDeskSessionEvidenceReloadResultV1 } from "./session-evidence.js";
 import { type ValidationResult } from "./validators.js";
 export declare const FLOWDESK_PRODUCTION_ENABLEMENT_STATES: readonly ["disabled", "blocked", "configured", "approved", "dispatch_capable"];
 export type FlowDeskProductionEnablementStateV1 = (typeof FLOWDESK_PRODUCTION_ENABLEMENT_STATES)[number];
-export declare const FLOWDESK_PRODUCTION_ENABLEMENT_BLOCKER_LABELS: readonly ["session_evidence_reload_failed", "session_evidence_blocked_records", "usage_authority_missing", "runtime_echo_missing", "telemetry_correlation_missing", "pre_dispatch_audit_missing", "configured_verification_missing", "external_auth_policy_missing", "provider_policy_missing", "approval_missing", "approval_denied", "approval_mismatched", "approval_required_refs_missing", "lane_conformance_missing"];
+export declare const FLOWDESK_PRODUCTION_ENABLEMENT_BLOCKER_LABELS: readonly ["session_evidence_reload_failed", "session_evidence_blocked_records", "usage_authority_missing", "runtime_echo_missing", "telemetry_correlation_missing", "pre_dispatch_audit_missing", "configured_verification_missing", "configured_verification_result_missing", "configured_verification_invalid", "configured_verification_failed", "sanitized_auth_capture_result_missing", "sanitized_auth_capture_invalid", "sanitized_auth_capture_failed", "external_auth_policy_missing", "provider_policy_missing", "external_auth_provider_policy_result_missing", "external_auth_provider_policy_invalid", "external_auth_provider_policy_failed", "approval_missing", "approval_denied", "approval_mismatched", "approval_required_refs_missing", "lane_conformance_missing"];
 export type FlowDeskProductionEnablementBlockerLabelV1 = (typeof FLOWDESK_PRODUCTION_ENABLEMENT_BLOCKER_LABELS)[number];
 export declare const FLOWDESK_PRODUCTION_UNCERTAINTY_LABELS: readonly ["opencode_subtask_lifecycle_unproven", "injected_sdk_runtime_echo_partial", "external_auth_plugin_introspection_partial", "hard_chat_cancel_or_no_reply_unproven", "flowdesk_created_telemetry_correlation"];
 export type FlowDeskProductionUncertaintyLabelV1 = (typeof FLOWDESK_PRODUCTION_UNCERTAINTY_LABELS)[number];
@@ -32,8 +35,12 @@ export interface FlowDeskProductionEnablementInputV1 {
     evidenceReload: FlowDeskSessionEvidenceReloadResultV1;
     preDispatchAuditRef?: string;
     configuredVerificationRef?: string;
+    configuredVerificationResult?: FlowDeskConfiguredVerificationResultV1;
+    sanitizedAuthCaptureRef?: string;
+    sanitizedAuthCaptureResult?: FlowDeskSanitizedAuthCaptureResultV1;
     externalAuthPolicyRef?: string;
     providerPolicyRef?: string;
+    externalAuthProviderPolicyResult?: FlowDeskExternalAuthProviderPolicyResultV1;
     laneConformanceRefs?: string[];
     allowIncompleteConformance?: boolean;
     approvalDecision?: FlowDeskProductionApprovalDecisionV1;
@@ -50,8 +57,92 @@ export interface FlowDeskProductionEnablementEvaluationV1 extends ValidationResu
     dispatch_authority_enabled: false;
     default_release1_non_dispatch_preserved: true;
     safe_next_actions: string[];
+    configured_verification_result?: FlowDeskConfiguredVerificationResultV1["result"];
+    configured_verification_ref?: string;
+    sanitized_auth_capture_result?: FlowDeskSanitizedAuthCaptureResultV1["result"];
+    sanitized_auth_capture_ref?: string;
+    external_auth_provider_policy_result?: FlowDeskExternalAuthProviderPolicyResultV1["result"];
+    external_auth_policy_ref?: string;
+    provider_policy_ref?: string;
+    approval_decision?: FlowDeskProductionApprovalDecisionV1["decision"];
+    approval_ref?: string;
+}
+export declare const FLOWDESK_DEFAULT_MANAGED_DISPATCH_PROMOTION_STATES: readonly ["blocked", "configured", "default_candidate"];
+export type FlowDeskDefaultManagedDispatchPromotionStateV1 = (typeof FLOWDESK_DEFAULT_MANAGED_DISPATCH_PROMOTION_STATES)[number];
+export declare const FLOWDESK_DEFAULT_MANAGED_DISPATCH_PROMOTION_BLOCKER_LABELS: readonly ["production_enablement_not_dispatch_capable", "production_enablement_errors_present", "durable_precall_missing", "adapter_unavailable", "sdk_client_unavailable", "default_release_enablement_missing", "promotion_uncertainty_present"];
+export type FlowDeskDefaultManagedDispatchPromotionBlockerLabelV1 = (typeof FLOWDESK_DEFAULT_MANAGED_DISPATCH_PROMOTION_BLOCKER_LABELS)[number];
+export declare const FLOWDESK_DEFAULT_MANAGED_DISPATCH_AUTHORIZATION_STATES: readonly ["blocked", "authorized"];
+export type FlowDeskDefaultManagedDispatchAuthorizationStateV1 = (typeof FLOWDESK_DEFAULT_MANAGED_DISPATCH_AUTHORIZATION_STATES)[number];
+export declare const FLOWDESK_DEFAULT_MANAGED_DISPATCH_AUTHORIZATION_BLOCKER_LABELS: readonly ["readiness_not_candidate", "default_enablement_not_requested", "kill_switch_active", "authorization_expired", "authorization_ref_invalid"];
+export type FlowDeskDefaultManagedDispatchAuthorizationBlockerLabelV1 = (typeof FLOWDESK_DEFAULT_MANAGED_DISPATCH_AUTHORIZATION_BLOCKER_LABELS)[number];
+export interface FlowDeskDefaultManagedDispatchPromotionReadinessInputV1 {
+    productionEnablement: FlowDeskProductionEnablementEvaluationV1;
+    durablePrecallRef?: string;
+    adapterProfileRef?: string;
+    sdkClientRef?: string;
+    defaultReleaseEnablementRef?: string;
+    allowUncertainty?: boolean;
+}
+export interface FlowDeskDefaultManagedDispatchPromotionReadinessV1 extends ValidationResult {
+    schema_version: "flowdesk.default_managed_dispatch_promotion_readiness.v1";
+    workflow_id: string;
+    state: FlowDeskDefaultManagedDispatchPromotionStateV1;
+    blocked_labels: FlowDeskDefaultManagedDispatchPromotionBlockerLabelV1[];
+    evidence_refs: string[];
+    production_enablement_state: FlowDeskProductionEnablementStateV1;
+    managed_dispatch_ready: boolean;
+    durable_precall_ready: boolean;
+    adapter_available: boolean;
+    sdk_client_available: boolean;
+    doctor_status_ref: string;
+    default_dispatch_candidate: boolean;
+    dispatch_authority_enabled: false;
+    providerCall: false;
+    actualLaneLaunch: false;
+    runtimeExecution: false;
+    safe_next_actions: string[];
+    release_enablement_ref?: string;
+}
+export interface FlowDeskDefaultManagedDispatchAuthorizationInputV1 {
+    authorizationId: string;
+    readiness: FlowDeskDefaultManagedDispatchPromotionReadinessV1;
+    actorRef: string;
+    profileRef: string;
+    releaseGateRef: string;
+    rollbackRef: string;
+    createdAt: string;
+    expiresAt: string;
+    defaultEnablementRequested: boolean;
+    killSwitchState: "inactive" | "active";
+    now?: number;
+}
+export interface FlowDeskDefaultManagedDispatchAuthorizationV1 extends ValidationResult {
+    schema_version: "flowdesk.default_managed_dispatch_authorization.v1";
+    authorization_id: string;
+    workflow_id: string;
+    state: FlowDeskDefaultManagedDispatchAuthorizationStateV1;
+    blocked_labels: FlowDeskDefaultManagedDispatchAuthorizationBlockerLabelV1[];
+    readiness_ref: string;
+    actor_ref: string;
+    profile_ref: string;
+    release_gate_ref: string;
+    rollback_ref: string;
+    created_at: string;
+    expires_at: string;
+    default_enablement_requested: boolean;
+    kill_switch_state: "inactive" | "active";
+    default_managed_dispatch_authority_enabled: boolean;
+    dispatch_authority_enabled: false;
+    providerCall: false;
+    actualLaneLaunch: false;
+    runtimeExecution: false;
+    safe_next_actions: string[];
 }
 export declare function createFlowDeskProductionApprovalDecisionV1(input: FlowDeskProductionApprovalDecisionInputV1): FlowDeskProductionApprovalDecisionV1;
 export declare function validateFlowDeskProductionApprovalDecisionV1(value: unknown, expectedWorkflowId?: string): ValidationResult;
+export declare function evaluateFlowDeskDefaultManagedDispatchPromotionReadinessV1(input: FlowDeskDefaultManagedDispatchPromotionReadinessInputV1): FlowDeskDefaultManagedDispatchPromotionReadinessV1;
+export declare function validateFlowDeskDefaultManagedDispatchPromotionReadinessV1(value: unknown, expectedWorkflowId?: string): ValidationResult;
+export declare function authorizeFlowDeskDefaultManagedDispatchV1(input: FlowDeskDefaultManagedDispatchAuthorizationInputV1): FlowDeskDefaultManagedDispatchAuthorizationV1;
+export declare function validateFlowDeskDefaultManagedDispatchAuthorizationV1(value: unknown, expectedWorkflowId?: string): ValidationResult;
 export declare function evaluateFlowDeskProductionEnablementV1(input: FlowDeskProductionEnablementInputV1): FlowDeskProductionEnablementEvaluationV1;
 //# sourceMappingURL=production-enablement.d.ts.map

package/dist/production-enablement.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"production-enablement.d.ts","sourceRoot":"","sources":["../src/production-enablement.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qCAAqC,EAAE,MAAM,uBAAuB,CAAC;AAEnF,OAAO,EAEN,KAAK,gBAAgB,EAKrB,MAAM,iBAAiB,CAAC;AAEzB,eAAO,MAAM,qCAAqC,gFAMxC,CAAC;AACX,MAAM,MAAM,mCAAmC,GAC9C,CAAC,OAAO,qCAAqC,CAAC,CAAC,MAAM,CAAC,CAAC;AAExD,eAAO,MAAM,6CAA6C,~~6ZAehD~~,CAAC;AACX,MAAM,MAAM,0CAA0C,GACrD,CAAC,OAAO,6CAA6C,CAAC,CAAC,MAAM,CAAC,CAAC;AAEhE,eAAO,MAAM,sCAAsC,wNAMzC,CAAC;AACX,MAAM,MAAM,oCAAoC,GAC/C,CAAC,OAAO,sCAAsC,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzD,MAAM,WAAW,oCAAoC;IACpD,cAAc,EAAE,0CAA0C,CAAC;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,SAAS,GAAG,MAAM,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,uBAAuB,EAAE,0CAA0C,EAAE,CAAC;IACtE,kBAAkB,EAAE,oCAAoC,EAAE,CAAC;IAC3D,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,0BAA0B,EAAE,KAAK,CAAC;CAClC;AAED,MAAM,WAAW,yCAAyC;IACzD,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,SAAS,GAAG,MAAM,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,qBAAqB,CAAC,EAAE,0CAA0C,EAAE,CAAC;IACrE,iBAAiB,CAAC,EAAE,oCAAoC,EAAE,CAAC;CAC3D;AAED,MAAM,WAAW,mCAAmC;IACnD,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,qCAAqC,CAAC;IACtD,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,gBAAgB,CAAC,EAAE,oCAAoC,CAAC;CACxD;AAED,MAAM,WAAW,wCAChB,SAAQ,gBAAgB;IACxB,cAAc,EAAE,8CAA8C,CAAC;IAC/D,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,mCAAmC,CAAC;IAC3C,cAAc,EAAE,0CAA0C,EAAE,CAAC;IAC7D,kBAAkB,EAAE,oCAAoC,EAAE,CAAC;IAC3D,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,sBAAsB,EAAE,OAAO,CAAC;IAChC,0BAA0B,EAAE,KAAK,CAAC;IAClC,uCAAuC,EAAE,IAAI,CAAC;IAC9C,iBAAiB,EAAE,MAAM,EAAE,CAAC;CAC5B;AAyBD,wBAAgB,0CAA0C,CACzD,KAAK,EAAE,yCAAyC,GAC9C,oCAAoC,CAgBtC;AAED,wBAAgB,4CAA4C,CAC3D,KAAK,EAAE,OAAO,EACd,kBAAkB,CAAC,EAAE,MAAM,GACzB,gBAAgB,CAuElB;~~AAkCD~~,wBAAgB,sCAAsC,CACrD,KAAK,EAAE,mCAAmC,GACxC,wCAAwC,~~CAyI1C~~"}
1	+ {"version":3,"file":"production-enablement.d.ts","sourceRoot":"","sources":["../src/production-enablement.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,0CAA0C,EAAE,MAAM,2BAA2B,CAAC;AAE5F,OAAO,KAAK,EAAE,sCAAsC,EAAE,MAAM,8BAA8B,CAAC;AAE3F,OAAO,KAAK,EAAE,oCAAoC,EAAE,MAAM,6BAA6B,CAAC;AAExF,OAAO,KAAK,EAAE,qCAAqC,EAAE,MAAM,uBAAuB,CAAC;AAEnF,OAAO,EAEN,KAAK,gBAAgB,EAKrB,MAAM,iBAAiB,CAAC;AAEzB,eAAO,MAAM,qCAAqC,gFAMxC,CAAC;AACX,MAAM,MAAM,mCAAmC,GAC9C,CAAC,OAAO,qCAAqC,CAAC,CAAC,MAAM,CAAC,CAAC;AAExD,eAAO,MAAM,6CAA6C,yvBAwBhD,CAAC;AACX,MAAM,MAAM,0CAA0C,GACrD,CAAC,OAAO,6CAA6C,CAAC,CAAC,MAAM,CAAC,CAAC;AAEhE,eAAO,MAAM,sCAAsC,wNAMzC,CAAC;AACX,MAAM,MAAM,oCAAoC,GAC/C,CAAC,OAAO,sCAAsC,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzD,MAAM,WAAW,oCAAoC;IACpD,cAAc,EAAE,0CAA0C,CAAC;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,SAAS,GAAG,MAAM,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,uBAAuB,EAAE,0CAA0C,EAAE,CAAC;IACtE,kBAAkB,EAAE,oCAAoC,EAAE,CAAC;IAC3D,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,0BAA0B,EAAE,KAAK,CAAC;CAClC;AAED,MAAM,WAAW,yCAAyC;IACzD,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,SAAS,GAAG,MAAM,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,qBAAqB,CAAC,EAAE,0CAA0C,EAAE,CAAC;IACrE,iBAAiB,CAAC,EAAE,oCAAoC,EAAE,CAAC;CAC3D;AAED,MAAM,WAAW,mCAAmC;IACnD,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,qCAAqC,CAAC;IACtD,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,4BAA4B,CAAC,EAAE,sCAAsC,CAAC;IACtE,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,0BAA0B,CAAC,EAAE,oCAAoC,CAAC;IAClE,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,gCAAgC,CAAC,EAAE,0CAA0C,CAAC;IAC9E,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,gBAAgB,CAAC,EAAE,oCAAoC,CAAC;CACxD;AAED,MAAM,WAAW,wCAChB,SAAQ,gBAAgB;IACxB,cAAc,EAAE,8CAA8C,CAAC;IAC/D,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,mCAAmC,CAAC;IAC3C,cAAc,EAAE,0CAA0C,EAAE,CAAC;IAC7D,kBAAkB,EAAE,oCAAoC,EAAE,CAAC;IAC3D,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,sBAAsB,EAAE,OAAO,CAAC;IAChC,0BAA0B,EAAE,KAAK,CAAC;IAClC,uCAAuC,EAAE,IAAI,CAAC;IAC9C,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,8BAA8B,CAAC,EAAE,sCAAsC,CAAC,QAAQ,CAAC,CAAC;IAClF,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,6BAA6B,CAAC,EAAE,oCAAoC,CAAC,QAAQ,CAAC,CAAC;IAC/E,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,oCAAoC,CAAC,EAAE,0CAA0C,CAAC,QAAQ,CAAC,CAAC;IAC5F,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iBAAiB,CAAC,EAAE,oCAAoC,CAAC,UAAU,CAAC,CAAC;IACrE,YAAY,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,eAAO,MAAM,kDAAkD,yDAIrD,CAAC;AACX,MAAM,MAAM,8CAA8C,GACzD,CAAC,OAAO,kDAAkD,CAAC,CAAC,MAAM,CAAC,CAAC;AAErE,eAAO,MAAM,0DAA0D,oPAQ7D,CAAC;AACX,MAAM,MAAM,qDAAqD,GAChE,CAAC,OAAO,0DAA0D,CAAC,CAAC,MAAM,CAAC,CAAC;AAE7E,eAAO,MAAM,sDAAsD,oCAGzD,CAAC;AACX,MAAM,MAAM,kDAAkD,GAC7D,CAAC,OAAO,sDAAsD,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzE,eAAO,MAAM,8DAA8D,sJAMjE,CAAC;AACX,MAAM,MAAM,yDAAyD,GACpE,CAAC,OAAO,8DAA8D,CAAC,CAAC,MAAM,CAAC,CAAC;AAEjF,MAAM,WAAW,uDAAuD;IACvE,oBAAoB,EAAE,wCAAwC,CAAC;IAC/D,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,kDAChB,SAAQ,gBAAgB;IACxB,cAAc,EAAE,0DAA0D,CAAC;IAC3E,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,8CAA8C,CAAC;IACtD,cAAc,EAAE,qDAAqD,EAAE,CAAC;IACxE,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,2BAA2B,EAAE,mCAAmC,CAAC;IACjE,sBAAsB,EAAE,OAAO,CAAC;IAChC,qBAAqB,EAAE,OAAO,CAAC;IAC/B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,0BAA0B,EAAE,OAAO,CAAC;IACpC,0BAA0B,EAAE,KAAK,CAAC;IAClC,YAAY,EAAE,KAAK,CAAC;IACpB,gBAAgB,EAAE,KAAK,CAAC;IACxB,gBAAgB,EAAE,KAAK,CAAC;IACxB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,sBAAsB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,kDAAkD;IAClE,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,kDAAkD,CAAC;IAC9D,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,0BAA0B,EAAE,OAAO,CAAC;IACpC,eAAe,EAAE,UAAU,GAAG,QAAQ,CAAC;IACvC,GAAG,CAAC,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,6CAChB,SAAQ,gBAAgB;IACxB,cAAc,EAAE,oDAAoD,CAAC;IACrE,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,kDAAkD,CAAC;IAC1D,cAAc,EAAE,yDAAyD,EAAE,CAAC;IAC5E,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B,EAAE,OAAO,CAAC;IACtC,iBAAiB,EAAE,UAAU,GAAG,QAAQ,CAAC;IACzC,0CAA0C,EAAE,OAAO,CAAC;IACpD,0BAA0B,EAAE,KAAK,CAAC;IAClC,YAAY,EAAE,KAAK,CAAC;IACpB,gBAAgB,EAAE,KAAK,CAAC;IACxB,gBAAgB,EAAE,KAAK,CAAC;IACxB,iBAAiB,EAAE,MAAM,EAAE,CAAC;CAC5B;AAyBD,wBAAgB,0CAA0C,CACzD,KAAK,EAAE,yCAAyC,GAC9C,oCAAoC,CAgBtC;AAED,wBAAgB,4CAA4C,CAC3D,KAAK,EAAE,OAAO,EACd,kBAAkB,CAAC,EAAE,MAAM,GACzB,gBAAgB,CAuElB;AA6CD,wBAAgB,0DAA0D,CACzE,KAAK,EAAE,uDAAuD,GAC5D,kDAAkD,CAqFpD;AAED,wBAAgB,0DAA0D,CACzE,KAAK,EAAE,OAAO,EACd,kBAAkB,CAAC,EAAE,MAAM,GACzB,gBAAgB,CAiGlB;AAED,wBAAgB,yCAAyC,CACxD,KAAK,EAAE,kDAAkD,GACvD,6CAA6C,CAwD/C;AAED,wBAAgB,qDAAqD,CACpE,KAAK,EAAE,OAAO,EACd,kBAAkB,CAAC,EAAE,MAAM,GACzB,gBAAgB,CA4FlB;AAED,wBAAgB,sCAAsC,CACrD,KAAK,EAAE,mCAAmC,GACxC,wCAAwC,CAsQ1C"}

package/dist/production-enablement.js CHANGED Viewed

@@ -1,3 +1,6 @@
+import { validateFlowDeskExternalAuthProviderPolicyResultV1 } from "./external-auth-policy.js";
+import { validateFlowDeskConfiguredVerificationResultV1 } from "./production-verification.js";
+import { validateFlowDeskSanitizedAuthCaptureResultV1 } from "./sanitized-auth-capture.js";
 import { invalid, valid, validateNoForbiddenRawPayloads, validateOpaqueId, validateOpaqueRef, } from "./validators.js";
 export const FLOWDESK_PRODUCTION_ENABLEMENT_STATES = [
     "disabled",
@@ -14,8 +17,17 @@ export const FLOWDESK_PRODUCTION_ENABLEMENT_BLOCKER_LABELS = [
     "telemetry_correlation_missing",
     "pre_dispatch_audit_missing",
     "configured_verification_missing",
+    "configured_verification_result_missing",
+    "configured_verification_invalid",
+    "configured_verification_failed",
+    "sanitized_auth_capture_result_missing",
+    "sanitized_auth_capture_invalid",
+    "sanitized_auth_capture_failed",
     "external_auth_policy_missing",
     "provider_policy_missing",
+    "external_auth_provider_policy_result_missing",
+    "external_auth_provider_policy_invalid",
+    "external_auth_provider_policy_failed",
     "approval_missing",
     "approval_denied",
     "approval_mismatched",
@@ -29,6 +41,31 @@ export const FLOWDESK_PRODUCTION_UNCERTAINTY_LABELS = [
     "hard_chat_cancel_or_no_reply_unproven",
     "flowdesk_created_telemetry_correlation",
 ];
+export const FLOWDESK_DEFAULT_MANAGED_DISPATCH_PROMOTION_STATES = [
+    "blocked",
+    "configured",
+    "default_candidate",
+];
+export const FLOWDESK_DEFAULT_MANAGED_DISPATCH_PROMOTION_BLOCKER_LABELS = [
+    "production_enablement_not_dispatch_capable",
+    "production_enablement_errors_present",
+    "durable_precall_missing",
+    "adapter_unavailable",
+    "sdk_client_unavailable",
+    "default_release_enablement_missing",
+    "promotion_uncertainty_present",
+];
+export const FLOWDESK_DEFAULT_MANAGED_DISPATCH_AUTHORIZATION_STATES = [
+    "blocked",
+    "authorized",
+];
+export const FLOWDESK_DEFAULT_MANAGED_DISPATCH_AUTHORIZATION_BLOCKER_LABELS = [
+    "readiness_not_candidate",
+    "default_enablement_not_requested",
+    "kill_switch_active",
+    "authorization_expired",
+    "authorization_ref_invalid",
+];
 const REQUIRED_SESSION_EVIDENCE_CLASSES = [
     "usage_authority",
     "runtime_echo",
@@ -138,6 +175,286 @@ function missingRequiredApprovalRefs(approval, evidenceRefs) {
     const available = new Set(evidenceRefs);
     return approval.required_evidence_refs.filter((ref) => !available.has(ref));
 }
+function optionalOpaqueRef(value, label) {
+    return value === undefined ? valid() : validateOpaqueRef(value, label);
+}
+function validDate(value) {
+    return Number.isFinite(Date.parse(value));
+}
+export function evaluateFlowDeskDefaultManagedDispatchPromotionReadinessV1(input) {
+    const errors = [];
+    const blockedLabels = [];
+    const production = input.productionEnablement;
+    errors.push(...validateOpaqueId(production.workflow_id, "workflow_id").errors);
+    if (!production.ok || production.errors.length > 0)
+        blockedLabels.push("production_enablement_errors_present");
+    if (production.state !== "dispatch_capable" || !production.managed_dispatch_ready)
+        blockedLabels.push("production_enablement_not_dispatch_capable");
+    if (production.uncertainty_labels.length > 0 &&
+        input.allowUncertainty !== true)
+        blockedLabels.push("promotion_uncertainty_present");
+    const durablePrecallResult = optionalOpaqueRef(input.durablePrecallRef, "durable_precall_ref");
+    const adapterProfileResult = optionalOpaqueRef(input.adapterProfileRef, "adapter_profile_ref");
+    const sdkClientResult = optionalOpaqueRef(input.sdkClientRef, "sdk_client_ref");
+    const defaultReleaseResult = optionalOpaqueRef(input.defaultReleaseEnablementRef, "default_release_enablement_ref");
+    errors.push(...durablePrecallResult.errors, ...adapterProfileResult.errors, ...sdkClientResult.errors, ...defaultReleaseResult.errors);
+    if (!durablePrecallResult.ok || input.durablePrecallRef === undefined)
+        blockedLabels.push("durable_precall_missing");
+    if (!adapterProfileResult.ok || input.adapterProfileRef === undefined)
+        blockedLabels.push("adapter_unavailable");
+    if (!sdkClientResult.ok || input.sdkClientRef === undefined)
+        blockedLabels.push("sdk_client_unavailable");
+    if (!defaultReleaseResult.ok || input.defaultReleaseEnablementRef === undefined)
+        blockedLabels.push("default_release_enablement_missing");
+    const uniqueBlockers = unique(blockedLabels);
+    const candidate = errors.length === 0 && uniqueBlockers.length === 0;
+    const state = candidate
+        ? "default_candidate"
+        : production.state === "dispatch_capable" && production.ok
+            ? "configured"
+            : "blocked";
+    const evidenceRefs = unique([
+        ...production.evidence_refs,
+        input.durablePrecallRef,
+        input.adapterProfileRef,
+        input.sdkClientRef,
+        input.defaultReleaseEnablementRef,
+    ].filter((ref) => typeof ref === "string"));
+    return {
+        schema_version: "flowdesk.default_managed_dispatch_promotion_readiness.v1",
+        workflow_id: production.workflow_id,
+        ok: errors.length === 0,
+        errors,
+        state,
+        blocked_labels: uniqueBlockers,
+        evidence_refs: evidenceRefs,
+        production_enablement_state: production.state,
+        managed_dispatch_ready: production.managed_dispatch_ready,
+        durable_precall_ready: input.durablePrecallRef !== undefined && durablePrecallResult.ok,
+        adapter_available: input.adapterProfileRef !== undefined && adapterProfileResult.ok,
+        sdk_client_available: input.sdkClientRef !== undefined && sdkClientResult.ok,
+        doctor_status_ref: `default-managed-dispatch-${state}`,
+        default_dispatch_candidate: candidate,
+        dispatch_authority_enabled: false,
+        providerCall: false,
+        actualLaneLaunch: false,
+        runtimeExecution: false,
+        safe_next_actions: candidate
+            ? ["/flowdesk-status"]
+            : ["/flowdesk-doctor", "/flowdesk-status"],
+        ...(input.defaultReleaseEnablementRef === undefined
+            ? {}
+            : { release_enablement_ref: input.defaultReleaseEnablementRef }),
+    };
+}
+export function validateFlowDeskDefaultManagedDispatchPromotionReadinessV1(value, expectedWorkflowId) {
+    if (typeof value !== "object" || value === null || Array.isArray(value))
+        return invalid("default managed dispatch promotion readiness must be an object");
+    const record = value;
+    const errors = [];
+    const allowed = new Set([
+        "schema_version",
+        "workflow_id",
+        "ok",
+        "errors",
+        "state",
+        "blocked_labels",
+        "evidence_refs",
+        "production_enablement_state",
+        "managed_dispatch_ready",
+        "durable_precall_ready",
+        "adapter_available",
+        "sdk_client_available",
+        "doctor_status_ref",
+        "default_dispatch_candidate",
+        "dispatch_authority_enabled",
+        "providerCall",
+        "actualLaneLaunch",
+        "runtimeExecution",
+        "safe_next_actions",
+        "release_enablement_ref",
+    ]);
+    for (const key of Object.keys(record))
+        if (!allowed.has(key))
+            errors.push(`unknown properties: ${key}`);
+    if (record.schema_version !==
+        "flowdesk.default_managed_dispatch_promotion_readiness.v1")
+        errors.push("promotion readiness schema_version is invalid");
+    errors.push(...validateOpaqueId(record.workflow_id, "workflow_id").errors);
+    if (expectedWorkflowId !== undefined && record.workflow_id !== expectedWorkflowId)
+        errors.push("promotion readiness workflow_id mismatch");
+    if (typeof record.ok !== "boolean")
+        errors.push("ok must be boolean");
+    if (!Array.isArray(record.errors))
+        errors.push("errors must be an array");
+    if (!FLOWDESK_DEFAULT_MANAGED_DISPATCH_PROMOTION_STATES.includes(String(record.state)))
+        errors.push("promotion readiness state is invalid");
+    if (!Array.isArray(record.blocked_labels))
+        errors.push("blocked_labels must be an array");
+    else
+        for (const label of record.blocked_labels)
+            if (!FLOWDESK_DEFAULT_MANAGED_DISPATCH_PROMOTION_BLOCKER_LABELS.includes(label))
+                errors.push(`blocked_label is invalid: ${label}`);
+    if (!Array.isArray(record.evidence_refs))
+        errors.push("evidence_refs must be an array");
+    else
+        for (const [index, ref] of record.evidence_refs.entries())
+            errors.push(...validateOpaqueRef(ref, `evidence_refs[${index}]`).errors);
+    if (!FLOWDESK_PRODUCTION_ENABLEMENT_STATES.includes(String(record.production_enablement_state)))
+        errors.push("production_enablement_state is invalid");
+    for (const key of [
+        "managed_dispatch_ready",
+        "durable_precall_ready",
+        "adapter_available",
+        "sdk_client_available",
+        "default_dispatch_candidate",
+    ])
+        if (typeof record[key] !== "boolean")
+            errors.push(`${key} must be boolean`);
+    errors.push(...validateOpaqueRef(record.doctor_status_ref, "doctor_status_ref").errors);
+    if (record.dispatch_authority_enabled !== false)
+        errors.push("promotion readiness cannot enable dispatch authority");
+    if (record.providerCall !== false)
+        errors.push("promotion readiness cannot make provider calls");
+    if (record.actualLaneLaunch !== false)
+        errors.push("promotion readiness cannot launch lanes");
+    if (record.runtimeExecution !== false)
+        errors.push("promotion readiness cannot execute runtime");
+    if (!Array.isArray(record.safe_next_actions))
+        errors.push("safe_next_actions must be an array");
+    if (record.release_enablement_ref !== undefined)
+        errors.push(...validateOpaqueRef(record.release_enablement_ref, "release_enablement_ref")
+            .errors);
+    errors.push(...validateNoForbiddenRawPayloads(record, "default_managed_dispatch_promotion_readiness")
+        .errors);
+    return errors.length === 0 ? valid() : invalid(...errors);
+}
+export function authorizeFlowDeskDefaultManagedDispatchV1(input) {
+    const errors = [];
+    const blockedLabels = [];
+    const readinessValidation = validateFlowDeskDefaultManagedDispatchPromotionReadinessV1(input.readiness);
+    errors.push(...validateOpaqueId(input.authorizationId, "authorization_id").errors, ...readinessValidation.errors, ...validateOpaqueRef(input.actorRef, "actor_ref").errors, ...validateOpaqueRef(input.profileRef, "profile_ref").errors, ...validateOpaqueRef(input.releaseGateRef, "release_gate_ref").errors, ...validateOpaqueRef(input.rollbackRef, "rollback_ref").errors);
+    if (!readinessValidation.ok || !input.readiness.default_dispatch_candidate)
+        blockedLabels.push("readiness_not_candidate");
+    if (!input.defaultEnablementRequested)
+        blockedLabels.push("default_enablement_not_requested");
+    if (input.killSwitchState === "active")
+        blockedLabels.push("kill_switch_active");
+    else if (input.killSwitchState !== "inactive") {
+        blockedLabels.push("authorization_ref_invalid");
+        errors.push("kill_switch_state is invalid");
+    }
+    if (!validDate(input.createdAt) || !validDate(input.expiresAt)) {
+        blockedLabels.push("authorization_ref_invalid");
+        errors.push("authorization timestamps must be parseable");
+    }
+    else if (Date.parse(input.expiresAt) <= (input.now ?? Date.now()))
+        blockedLabels.push("authorization_expired");
+    const uniqueBlockers = unique(blockedLabels);
+    const authorityEnabled = errors.length === 0 && uniqueBlockers.length === 0;
+    return {
+        schema_version: "flowdesk.default_managed_dispatch_authorization.v1",
+        authorization_id: input.authorizationId,
+        workflow_id: input.readiness.workflow_id,
+        ok: errors.length === 0,
+        errors,
+        state: authorityEnabled ? "authorized" : "blocked",
+        blocked_labels: uniqueBlockers,
+        readiness_ref: input.readiness.doctor_status_ref,
+        actor_ref: input.actorRef,
+        profile_ref: input.profileRef,
+        release_gate_ref: input.releaseGateRef,
+        rollback_ref: input.rollbackRef,
+        created_at: input.createdAt,
+        expires_at: input.expiresAt,
+        default_enablement_requested: input.defaultEnablementRequested,
+        kill_switch_state: input.killSwitchState,
+        default_managed_dispatch_authority_enabled: authorityEnabled,
+        dispatch_authority_enabled: false,
+        providerCall: false,
+        actualLaneLaunch: false,
+        runtimeExecution: false,
+        safe_next_actions: authorityEnabled
+            ? ["/flowdesk-status"]
+            : ["/flowdesk-doctor", "/flowdesk-status"],
+    };
+}
+export function validateFlowDeskDefaultManagedDispatchAuthorizationV1(value, expectedWorkflowId) {
+    if (typeof value !== "object" || value === null || Array.isArray(value))
+        return invalid("default managed dispatch authorization must be an object");
+    const record = value;
+    const errors = [];
+    const allowed = new Set([
+        "schema_version",
+        "authorization_id",
+        "workflow_id",
+        "ok",
+        "errors",
+        "state",
+        "blocked_labels",
+        "readiness_ref",
+        "actor_ref",
+        "profile_ref",
+        "release_gate_ref",
+        "rollback_ref",
+        "created_at",
+        "expires_at",
+        "default_enablement_requested",
+        "kill_switch_state",
+        "default_managed_dispatch_authority_enabled",
+        "dispatch_authority_enabled",
+        "providerCall",
+        "actualLaneLaunch",
+        "runtimeExecution",
+        "safe_next_actions",
+    ]);
+    for (const key of Object.keys(record))
+        if (!allowed.has(key))
+            errors.push(`unknown properties: ${key}`);
+    if (record.schema_version !== "flowdesk.default_managed_dispatch_authorization.v1")
+        errors.push("default managed dispatch authorization schema_version is invalid");
+    errors.push(...validateOpaqueId(record.authorization_id, "authorization_id").errors, ...validateOpaqueId(record.workflow_id, "workflow_id").errors, ...validateOpaqueRef(record.readiness_ref, "readiness_ref").errors, ...validateOpaqueRef(record.actor_ref, "actor_ref").errors, ...validateOpaqueRef(record.profile_ref, "profile_ref").errors, ...validateOpaqueRef(record.release_gate_ref, "release_gate_ref").errors, ...validateOpaqueRef(record.rollback_ref, "rollback_ref").errors);
+    if (expectedWorkflowId !== undefined && record.workflow_id !== expectedWorkflowId)
+        errors.push("default managed dispatch authorization workflow_id mismatch");
+    if (typeof record.ok !== "boolean")
+        errors.push("ok must be boolean");
+    if (!Array.isArray(record.errors))
+        errors.push("errors must be an array");
+    if (!FLOWDESK_DEFAULT_MANAGED_DISPATCH_AUTHORIZATION_STATES.includes(String(record.state)))
+        errors.push("authorization state is invalid");
+    if (!Array.isArray(record.blocked_labels))
+        errors.push("blocked_labels must be an array");
+    else
+        for (const label of record.blocked_labels)
+            if (!FLOWDESK_DEFAULT_MANAGED_DISPATCH_AUTHORIZATION_BLOCKER_LABELS.includes(label))
+                errors.push(`authorization blocked_label is invalid: ${label}`);
+    if (typeof record.created_at !== "string" || !validDate(record.created_at))
+        errors.push("created_at must be parseable");
+    if (typeof record.expires_at !== "string" || !validDate(record.expires_at))
+        errors.push("expires_at must be parseable");
+    if (typeof record.default_enablement_requested !== "boolean")
+        errors.push("default_enablement_requested must be boolean");
+    if (record.kill_switch_state !== "inactive" && record.kill_switch_state !== "active")
+        errors.push("kill_switch_state is invalid");
+    if (typeof record.default_managed_dispatch_authority_enabled !== "boolean")
+        errors.push("default_managed_dispatch_authority_enabled must be boolean");
+    if (record.state !== "authorized" &&
+        record.default_managed_dispatch_authority_enabled === true)
+        errors.push("blocked authorization cannot enable default managed dispatch");
+    if (record.dispatch_authority_enabled !== false)
+        errors.push("default authorization cannot set generic dispatch authority");
+    if (record.providerCall !== false)
+        errors.push("default authorization cannot make provider calls");
+    if (record.actualLaneLaunch !== false)
+        errors.push("default authorization cannot launch lanes");
+    if (record.runtimeExecution !== false)
+        errors.push("default authorization cannot execute runtime");
+    if (!Array.isArray(record.safe_next_actions))
+        errors.push("safe_next_actions must be an array");
+    errors.push(...validateNoForbiddenRawPayloads(record, "default_managed_dispatch_authorization")
+        .errors);
+    return errors.length === 0 ? valid() : invalid(...errors);
+}
 export function evaluateFlowDeskProductionEnablementV1(input) {
     const errors = [];
     errors.push(...validateOpaqueId(input.workflowId, "workflow_id").errors);
@@ -174,6 +491,11 @@ export function evaluateFlowDeskProductionEnablementV1(input) {
             input.externalAuthPolicyRef,
             "external_auth_policy_ref",
         ],
+        [
+            "sanitized_auth_capture_result_missing",
+            input.sanitizedAuthCaptureRef,
+            "sanitized_auth_capture_ref",
+        ],
         ["provider_policy_missing", input.providerPolicyRef, "provider_policy_ref"],
     ];
     for (const [blocker, ref, label] of requiredRefs) {
@@ -183,6 +505,64 @@ export function evaluateFlowDeskProductionEnablementV1(input) {
             errors.push(...refResult.errors);
         }
     }
+    const configuredVerificationResult = input.configuredVerificationResult;
+    let validConfiguredVerificationResult;
+    if (configuredVerificationResult !== undefined) {
+        const verificationResult = validateFlowDeskConfiguredVerificationResultV1(configuredVerificationResult, input.workflowId, input.configuredVerificationRef);
+        errors.push(...verificationResult.errors);
+        if (!verificationResult.ok)
+            blockerLabels.push("configured_verification_invalid");
+        else if (input.configuredVerificationRef !== undefined)
+            validConfiguredVerificationResult = configuredVerificationResult;
+        if (verificationResult.ok && configuredVerificationResult.result !== "passed")
+            blockerLabels.push("configured_verification_failed");
+    }
+    if (input.configuredVerificationRef !== undefined) {
+        if (validConfiguredVerificationResult === undefined) {
+            blockerLabels.push("configured_verification_result_missing");
+            if (configuredVerificationResult === undefined)
+                errors.push("configured verification result is required");
+        }
+    }
+    const sanitizedAuthCaptureResult = input.sanitizedAuthCaptureResult;
+    let validSanitizedAuthCaptureResult;
+    if (sanitizedAuthCaptureResult !== undefined) {
+        const captureResult = validateFlowDeskSanitizedAuthCaptureResultV1(sanitizedAuthCaptureResult, input.workflowId, input.sanitizedAuthCaptureRef);
+        errors.push(...captureResult.errors);
+        if (!captureResult.ok)
+            blockerLabels.push("sanitized_auth_capture_invalid");
+        else if (input.sanitizedAuthCaptureRef !== undefined)
+            validSanitizedAuthCaptureResult = sanitizedAuthCaptureResult;
+        if (captureResult.ok && sanitizedAuthCaptureResult.result !== "passed")
+            blockerLabels.push("sanitized_auth_capture_failed");
+    }
+    if (input.sanitizedAuthCaptureRef !== undefined) {
+        if (validSanitizedAuthCaptureResult === undefined) {
+            blockerLabels.push("sanitized_auth_capture_result_missing");
+            if (sanitizedAuthCaptureResult === undefined)
+                errors.push("sanitized auth capture result is required");
+        }
+    }
+    const externalAuthProviderPolicyResult = input.externalAuthProviderPolicyResult;
+    let validExternalAuthProviderPolicyResult;
+    if (externalAuthProviderPolicyResult !== undefined) {
+        const policyResult = validateFlowDeskExternalAuthProviderPolicyResultV1(externalAuthProviderPolicyResult, input.workflowId, input.externalAuthPolicyRef, input.providerPolicyRef);
+        errors.push(...policyResult.errors);
+        if (!policyResult.ok)
+            blockerLabels.push("external_auth_provider_policy_invalid");
+        else if (input.externalAuthPolicyRef !== undefined &&
+            input.providerPolicyRef !== undefined)
+            validExternalAuthProviderPolicyResult = externalAuthProviderPolicyResult;
+        if (policyResult.ok && externalAuthProviderPolicyResult.result !== "passed")
+            blockerLabels.push("external_auth_provider_policy_failed");
+    }
+    if (input.externalAuthPolicyRef !== undefined &&
+        input.providerPolicyRef !== undefined &&
+        validExternalAuthProviderPolicyResult === undefined) {
+        blockerLabels.push("external_auth_provider_policy_result_missing");
+        if (externalAuthProviderPolicyResult === undefined)
+            errors.push("external auth provider policy result is required");
+    }
     const laneConformanceRefs = input.laneConformanceRefs ?? [];
     if (laneConformanceRefs.length === 0) {
         if (input.allowIncompleteConformance === true)
@@ -202,11 +582,16 @@ export function evaluateFlowDeskProductionEnablementV1(input) {
         ...evidenceRefsFromReload(input.evidenceReload),
         input.preDispatchAuditRef,
         input.configuredVerificationRef,
+        ...(validConfiguredVerificationResult?.evidence_refs ?? []),
+        input.sanitizedAuthCaptureRef,
+        ...(validSanitizedAuthCaptureResult?.evidence_refs ?? []),
         input.externalAuthPolicyRef,
         input.providerPolicyRef,
+        ...(validExternalAuthProviderPolicyResult?.evidence_refs ?? []),
         ...laneConformanceRefs,
     ].filter((ref) => typeof ref === "string"));
     const approval = input.approvalDecision;
+    let validApprovalDecision;
     if (approval === undefined) {
         if (blockerLabels.length === 0)
             blockerLabels.push("approval_missing");
@@ -216,14 +601,17 @@ export function evaluateFlowDeskProductionEnablementV1(input) {
         errors.push(...approvalResult.errors);
         if (!approvalResult.ok)
             blockerLabels.push("approval_mismatched");
-        if (approval.decision !== "approve")
-            blockerLabels.push("approval_denied");
-        if (approval.missing_evidence_labels.length > 0)
-            blockerLabels.push(...approval.missing_evidence_labels);
-        const missingRefs = missingRequiredApprovalRefs(approval, evidenceRefs);
-        if (missingRefs.length > 0)
-            blockerLabels.push("approval_required_refs_missing");
-        uncertaintyLabels.push(...approval.uncertainty_labels);
+        else {
+            validApprovalDecision = approval;
+            if (approval.decision !== "approve")
+                blockerLabels.push("approval_denied");
+            if (approval.missing_evidence_labels.length > 0)
+                blockerLabels.push(...approval.missing_evidence_labels);
+            const missingRefs = missingRequiredApprovalRefs(approval, evidenceRefs);
+            if (missingRefs.length > 0)
+                blockerLabels.push("approval_required_refs_missing");
+            uncertaintyLabels.push(...approval.uncertainty_labels);
+        }
     }
     const uniqueBlockers = unique(blockerLabels);
     const uniqueUncertainties = unique(uncertaintyLabels);
@@ -251,6 +639,31 @@ export function evaluateFlowDeskProductionEnablementV1(input) {
         managed_dispatch_ready: errors.length === 0 && state === "dispatch_capable",
         dispatch_authority_enabled: false,
         default_release1_non_dispatch_preserved: true,
+        ...(validConfiguredVerificationResult === undefined
+            ? {}
+            : {
+                configured_verification_result: validConfiguredVerificationResult.result,
+                configured_verification_ref: validConfiguredVerificationResult.verification_ref,
+            }),
+        ...(validExternalAuthProviderPolicyResult === undefined
+            ? {}
+            : {
+                external_auth_provider_policy_result: validExternalAuthProviderPolicyResult.result,
+                external_auth_policy_ref: validExternalAuthProviderPolicyResult.external_auth_policy_ref,
+                provider_policy_ref: validExternalAuthProviderPolicyResult.provider_policy_ref,
+            }),
+        ...(validSanitizedAuthCaptureResult === undefined
+            ? {}
+            : {
+                sanitized_auth_capture_result: validSanitizedAuthCaptureResult.result,
+                sanitized_auth_capture_ref: validSanitizedAuthCaptureResult.sanitized_auth_capture_ref,
+            }),
+        ...(validApprovalDecision === undefined
+            ? {}
+            : {
+                approval_decision: validApprovalDecision.decision,
+                approval_ref: validApprovalDecision.approval_id,
+            }),
         safe_next_actions: state === "dispatch_capable"
             ? ["/flowdesk-status"]
             : ["/flowdesk-doctor", "/flowdesk-status"],