@flowdesk/core 0.1.0 → 0.1.3

package/dist/controlled-redacted-audit-export-write.js

@@ -0,0 +1,145 @@
+import { invalid, valid, validateNoForbiddenRawPayloads, validateOpaqueId, validateOpaqueRef, } from "./validators.js";
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function validateTimestamp(value, label) {
+    return typeof value === "string" && Number.isFinite(Date.parse(value))
+        ? valid()
+        : invalid(`${label} must be a parseable timestamp`);
+}
+function validateHashRef(value, label) {
+    const ref = validateOpaqueRef(value, label);
+    if (!ref.ok)
+        return ref;
+    return typeof value === "string" && /^(hash-|sha256-)/.test(value)
+        ? valid()
+        : invalid(`${label} must be a hash-bound opaque ref`);
+}
+function rejectUnknownProperties(value, allowed, label) {
+    const unknown = Object.keys(value).filter((key) => !allowed.includes(key));
+    return unknown.length === 0
+        ? valid()
+        : invalid(`${label} unknown properties: ${unknown.join(",")}`);
+}
+function validateArtifactPath(path, workflowId, targetRef) {
+    if (typeof path !== "string")
+        return invalid("artifact_path must be a string");
+    if (typeof workflowId !== "string")
+        return invalid("workflow_id must be a string");
+    if (typeof targetRef !== "string")
+        return invalid("target_ref must be a string");
+    if (path !== `.flowdesk/sessions/${workflowId}/redacted-audit/${targetRef}.json`)
+        return invalid("artifact_path must be the controlled redacted audit export path for workflow_id and target_ref");
+    if (path.startsWith("/") ||
+        /^[A-Za-z]:[\\/]/.test(path) ||
+        path.startsWith("~") ||
+        path.includes("\\") ||
+        path.includes("//") ||
+        path.includes("/../") ||
+        path.endsWith("/..") ||
+        path.includes("/./"))
+        return invalid("artifact_path must be a relative .flowdesk path without traversal");
+    return validateNoForbiddenRawPayloads(path, "artifact_path");
+}
+export function validateFlowDeskControlledRedactedAuditExportWriteRecordV1(value) {
+    if (!isRecord(value))
+        return invalid("controlled redacted audit export write record must be an object");
+    const record = value;
+    const errors = [];
+    const allowed = [
+        "schema_version",
+        "ledger_entry_id",
+        "request_id",
+        "workflow_id",
+        "attempt_id",
+        "target_kind",
+        "target_ref",
+        "approval_id",
+        "actor_ref",
+        "profile_ref",
+        "evidence_bundle_hash",
+        "guard_decision_ref",
+        "issuance_audit_ref",
+        "consumption_audit_ref",
+        "redaction_policy_ref",
+        "content_hash_ref",
+        "pre_write_audit_ref",
+        "dry_run_ref",
+        "artifact_ref",
+        "artifact_path",
+        "artifact_sha256_ref",
+        "materialized_at",
+        "local_only",
+        "redacted",
+        "writeAttempted",
+        "remoteWriteAttempted",
+        "githubWriteAttempted",
+        "connectorWriteAttempted",
+        "storageWriteAttempted",
+        "databaseWriteAttempted",
+        "urlWriteAttempted",
+        "rawPathWriteAttempted",
+        "dispatch_authority_enabled",
+        "realOpenCodeDispatch",
+        "providerCall",
+        "actualLaneLaunch",
+        "runtimeExecution",
+        "fallbackAuthority",
+        "toolAuthority",
+        "hardCancelOrNoReplyAuthority",
+    ];
+    errors.push(...rejectUnknownProperties(record, allowed, "controlled redacted audit export write record").errors);
+    if (record.schema_version !== "flowdesk.controlled_redacted_audit_export_write.v1")
+        errors.push("controlled redacted audit export write record schema_version is invalid");
+    for (const [valueToCheck, label] of [
+        [record.ledger_entry_id, "ledger_entry_id"],
+        [record.request_id, "request_id"],
+        [record.workflow_id, "workflow_id"],
+        [record.attempt_id, "attempt_id"],
+    ])
+        errors.push(...validateOpaqueId(valueToCheck, label).errors);
+    if (record.target_kind !== "redacted_audit_export")
+        errors.push("target_kind must be redacted_audit_export");
+    for (const [valueToCheck, label] of [
+        [record.target_ref, "target_ref"],
+        [record.approval_id, "approval_id"],
+        [record.actor_ref, "actor_ref"],
+        [record.profile_ref, "profile_ref"],
+        [record.guard_decision_ref, "guard_decision_ref"],
+        [record.issuance_audit_ref, "issuance_audit_ref"],
+        [record.consumption_audit_ref, "consumption_audit_ref"],
+        [record.redaction_policy_ref, "redaction_policy_ref"],
+        [record.pre_write_audit_ref, "pre_write_audit_ref"],
+        [record.dry_run_ref, "dry_run_ref"],
+        [record.artifact_ref, "artifact_ref"],
+    ])
+        errors.push(...validateOpaqueRef(valueToCheck, label).errors);
+    errors.push(...validateHashRef(record.evidence_bundle_hash, "evidence_bundle_hash").errors);
+    errors.push(...validateHashRef(record.content_hash_ref, "content_hash_ref").errors);
+    errors.push(...validateHashRef(record.artifact_sha256_ref, "artifact_sha256_ref").errors);
+    errors.push(...validateArtifactPath(record.artifact_path, record.workflow_id, record.target_ref).errors);
+    errors.push(...validateTimestamp(record.materialized_at, "materialized_at").errors);
+    if (record.content_hash_ref !== record.artifact_sha256_ref)
+        errors.push("content_hash_ref must match artifact_sha256_ref");
+    if (record.local_only !== true || record.redacted !== true || record.writeAttempted !== true)
+        errors.push("controlled redacted audit export write must be local-only, redacted, and attempted");
+    if (record.remoteWriteAttempted !== false ||
+        record.githubWriteAttempted !== false ||
+        record.connectorWriteAttempted !== false ||
+        record.storageWriteAttempted !== false ||
+        record.databaseWriteAttempted !== false ||
+        record.urlWriteAttempted !== false ||
+        record.rawPathWriteAttempted !== false ||
+        record.dispatch_authority_enabled !== false ||
+        record.realOpenCodeDispatch !== false ||
+        record.providerCall !== false ||
+        record.actualLaneLaunch !== false ||
+        record.runtimeExecution !== false ||
+        record.fallbackAuthority !== false ||
+        record.toolAuthority !== false ||
+        record.hardCancelOrNoReplyAuthority !== false)
+        errors.push("controlled redacted audit export write cannot enable external, dispatch, fallback, tool, or hard-chat authority");
+    errors.push(...validateNoForbiddenRawPayloads(record, "controlled_redacted_audit_export_write_record").errors);
+    return errors.length === 0 ? valid() : invalid(...errors);
+}
+//# sourceMappingURL=controlled-redacted-audit-export-write.js.map

package/dist/controlled-redacted-audit-export-write.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"controlled-redacted-audit-export-write.js","sourceRoot":"","sources":["../src/controlled-redacted-audit-export-write.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,OAAO,EAEP,KAAK,EACL,8BAA8B,EAC9B,gBAAgB,EAChB,iBAAiB,GACjB,MAAM,iBAAiB,CAAC;AA6CzB,SAAS,QAAQ,CAAC,KAAc;IAC/B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc,EAAE,KAAa;IACvD,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACrE,CAAC,CAAC,KAAK,EAAE;QACT,CAAC,CAAC,OAAO,CAAC,GAAG,KAAK,gCAAgC,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,eAAe,CAAC,KAAc,EAAE,KAAa;IACrD,MAAM,GAAG,GAAG,iBAAiB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC5C,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,OAAO,GAAG,CAAC;IACxB,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC;QACjE,CAAC,CAAC,KAAK,EAAE;QACT,CAAC,CAAC,OAAO,CAAC,GAAG,KAAK,kCAAkC,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,uBAAuB,CAC/B,KAA8B,EAC9B,OAA0B,EAC1B,KAAa;IAEb,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3E,OAAO,OAAO,CAAC,MAAM,KAAK,CAAC;QAC1B,CAAC,CAAC,KAAK,EAAE;QACT,CAAC,CAAC,OAAO,CAAC,GAAG,KAAK,wBAAwB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAa,EAAE,UAAmB,EAAE,SAAkB;IACnF,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC,gCAAgC,CAAC,CAAC;IAC/E,IAAI,OAAO,UAAU,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC,8BAA8B,CAAC,CAAC;IACnF,IAAI,OAAO,SAAS,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC,6BAA6B,CAAC,CAAC;IACjF,IAAI,IAAI,KAAK,sBAAsB,UAAU,mBAAmB,SAAS,OAAO;QAC/E,OAAO,OAAO,CAAC,gGAAgG,CAAC,CAAC;IAClH,IACC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QACpB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QACpB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QACnB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QACnB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QACpB,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAEpB,OAAO,OAAO,CAAC,mEAAmE,CAAC,CAAC;IACrF,OAAO,8BAA8B,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,0DAA0D,CACzE,KAAc;IAEd,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QACnB,OAAO,OAAO,CAAC,iEAAiE,CAAC,CAAC;IACnF,MAAM,MAAM,GAAG,KAAoE,CAAC;IACpF,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG;QACf,gBAAgB;QAChB,iBAAiB;QACjB,YAAY;QACZ,aAAa;QACb,YAAY;QACZ,aAAa;QACb,YAAY;QACZ,aAAa;QACb,WAAW;QACX,aAAa;QACb,sBAAsB;QACtB,oBAAoB;QACpB,oBAAoB;QACpB,uBAAuB;QACvB,sBAAsB;QACtB,kBAAkB;QAClB,qBAAqB;QACrB,aAAa;QACb,cAAc;QACd,eAAe;QACf,qBAAqB;QACrB,iBAAiB;QACjB,YAAY;QACZ,UAAU;QACV,gBAAgB;QAChB,sBAAsB;QACtB,sBAAsB;QACtB,yBAAyB;QACzB,uBAAuB;QACvB,wBAAwB;QACxB,mBAAmB;QACnB,uBAAuB;QACvB,4BAA4B;QAC5B,sBAAsB;QACtB,cAAc;QACd,kBAAkB;QAClB,kBAAkB;QAClB,mBAAmB;QACnB,eAAe;QACf,8BAA8B;KACrB,CAAC;IACX,MAAM,CAAC,IAAI,CACV,GAAG,uBAAuB,CACzB,MAAM,EACN,OAAO,EACP,+CAA+C,CAC/C,CAAC,MAAM,CACR,CAAC;IACF,IAAI,MAAM,CAAC,cAAc,KAAK,oDAAoD;QACjF,MAAM,CAAC,IAAI,CAAC,yEAAyE,CAAC,CAAC;IACxF,KAAK,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI;QACnC,CAAC,MAAM,CAAC,eAAe,EAAE,iBAAiB,CAAC;QAC3C,CAAC,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC;QACjC,CAAC,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC;QACnC,CAAC,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC;KACxB;QACT,MAAM,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM,CAAC,WAAW,KAAK,uBAAuB;QACjD,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAC1D,KAAK,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI;QACnC,CAAC,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC;QACjC,CAAC,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC;QACnC,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC;QAC/B,CAAC,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC;QACnC,CAAC,MAAM,CAAC,kBAAkB,EAAE,oBAAoB,CAAC;QACjD,CAAC,MAAM,CAAC,kBAAkB,EAAE,oBAAoB,CAAC;QACjD,CAAC,MAAM,CAAC,qBAAqB,EAAE,uBAAuB,CAAC;QACvD,CAAC,MAAM,CAAC,oBAAoB,EAAE,sBAAsB,CAAC;QACrD,CAAC,MAAM,CAAC,mBAAmB,EAAE,qBAAqB,CAAC;QACnD,CAAC,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC;QACnC,CAAC,MAAM,CAAC,YAAY,EAAE,cAAc,CAAC;KAC5B;QACT,MAAM,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;IAC/D,MAAM,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,MAAM,CAAC,oBAAoB,EAAE,sBAAsB,CAAC,CAAC,MAAM,CAAC,CAAC;IAC5F,MAAM,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,MAAM,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAC;IACpF,MAAM,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,MAAM,CAAC,mBAAmB,EAAE,qBAAqB,CAAC,CAAC,MAAM,CAAC,CAAC;IAC1F,MAAM,CAAC,IAAI,CACV,GAAG,oBAAoB,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAC3F,CAAC;IACF,MAAM,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,MAAM,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC;IACpF,IAAI,MAAM,CAAC,gBAAgB,KAAK,MAAM,CAAC,mBAAmB;QACzD,MAAM,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;IAChE,IAAI,MAAM,CAAC,UAAU,KAAK,IAAI,IAAI,MAAM,CAAC,QAAQ,KAAK,IAAI,IAAI,MAAM,CAAC,cAAc,KAAK,IAAI;QAC3F,MAAM,CAAC,IAAI,CAAC,oFAAoF,CAAC,CAAC;IACnG,IACC,MAAM,CAAC,oBAAoB,KAAK,KAAK;QACrC,MAAM,CAAC,oBAAoB,KAAK,KAAK;QACrC,MAAM,CAAC,uBAAuB,KAAK,KAAK;QACxC,MAAM,CAAC,qBAAqB,KAAK,KAAK;QACtC,MAAM,CAAC,sBAAsB,KAAK,KAAK;QACvC,MAAM,CAAC,iBAAiB,KAAK,KAAK;QAClC,MAAM,CAAC,qBAAqB,KAAK,KAAK;QACtC,MAAM,CAAC,0BAA0B,KAAK,KAAK;QAC3C,MAAM,CAAC,oBAAoB,KAAK,KAAK;QACrC,MAAM,CAAC,YAAY,KAAK,KAAK;QAC7B,MAAM,CAAC,gBAAgB,KAAK,KAAK;QACjC,MAAM,CAAC,gBAAgB,KAAK,KAAK;QACjC,MAAM,CAAC,iBAAiB,KAAK,KAAK;QAClC,MAAM,CAAC,aAAa,KAAK,KAAK;QAC9B,MAAM,CAAC,4BAA4B,KAAK,KAAK;QAE7C,MAAM,CAAC,IAAI,CAAC,iHAAiH,CAAC,CAAC;IAChI,MAAM,CAAC,IAAI,CACV,GAAG,8BAA8B,CAChC,MAAM,EACN,+CAA+C,CAC/C,CAAC,MAAM,CACR,CAAC;IACF,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC;AAC3D,CAAC"}

package/dist/core-completion-safety-contracts.d.ts

@@ -0,0 +1,35 @@
+import { type ValidationResult } from "./validators.js";
+export declare const FLOWDESK_ADVISORY_FORBIDDEN_CONSUMERS: readonly ["guard", "approval", "dispatch", "verification", "external_write", "reviewer_verdict_acceptance"];
+export type FlowDeskAdvisoryForbiddenConsumerV1 = (typeof FLOWDESK_ADVISORY_FORBIDDEN_CONSUMERS)[number];
+export interface FlowDeskAdvisoryOutputFirewallV1 {
+    schema_version: "flowdesk.advisory_output_firewall.v1";
+    advisory_ref: string;
+    workflow_id: string;
+    source_schema_version: string;
+    allowed_consumer_refs: string[];
+    forbidden_consumers: FlowDeskAdvisoryForbiddenConsumerV1[];
+    advisory_only: true;
+    guard_authority_enabled: false;
+    approval_authority_enabled: false;
+    dispatch_authority_enabled: false;
+    verification_authority_enabled: false;
+    external_write_authority_enabled: false;
+}
+export interface FlowDeskFederatedRegistryStateV1 {
+    schema_version: "flowdesk.federated_registry_state.v1";
+    registry_state_id: string;
+    workflow_id: string;
+    state: "disabled" | "documentation_only";
+    policy_ref: string;
+    remote_upload_enabled: false;
+    remote_download_enabled: false;
+    planning_influence_enabled: false;
+    ranking_influence_enabled: false;
+    guard_influence_enabled: false;
+    approval_influence_enabled: false;
+    dispatch_influence_enabled: false;
+    external_write_authority_enabled: false;
+}
+export declare function validateFlowDeskAdvisoryOutputFirewallV1(value: unknown): ValidationResult;
+export declare function validateFlowDeskFederatedRegistryStateV1(value: unknown): ValidationResult;
+//# sourceMappingURL=core-completion-safety-contracts.d.ts.map

package/dist/core-completion-safety-contracts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"core-completion-safety-contracts.d.ts","sourceRoot":"","sources":["../src/core-completion-safety-contracts.ts"],"names":[],"mappings":"AAAA,OAAO,EAEN,KAAK,gBAAgB,EAKrB,MAAM,iBAAiB,CAAC;AAEzB,eAAO,MAAM,qCAAqC,6GAOxC,CAAC;AACX,MAAM,MAAM,mCAAmC,GAC9C,CAAC,OAAO,qCAAqC,CAAC,CAAC,MAAM,CAAC,CAAC;AAExD,MAAM,WAAW,gCAAgC;IAChD,cAAc,EAAE,sCAAsC,CAAC;IACvD,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,mBAAmB,EAAE,mCAAmC,EAAE,CAAC;IAC3D,aAAa,EAAE,IAAI,CAAC;IACpB,uBAAuB,EAAE,KAAK,CAAC;IAC/B,0BAA0B,EAAE,KAAK,CAAC;IAClC,0BAA0B,EAAE,KAAK,CAAC;IAClC,8BAA8B,EAAE,KAAK,CAAC;IACtC,gCAAgC,EAAE,KAAK,CAAC;CACxC;AAED,MAAM,WAAW,gCAAgC;IAChD,cAAc,EAAE,sCAAsC,CAAC;IACvD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,UAAU,GAAG,oBAAoB,CAAC;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,qBAAqB,EAAE,KAAK,CAAC;IAC7B,uBAAuB,EAAE,KAAK,CAAC;IAC/B,0BAA0B,EAAE,KAAK,CAAC;IAClC,yBAAyB,EAAE,KAAK,CAAC;IACjC,uBAAuB,EAAE,KAAK,CAAC;IAC/B,0BAA0B,EAAE,KAAK,CAAC;IAClC,0BAA0B,EAAE,KAAK,CAAC;IAClC,gCAAgC,EAAE,KAAK,CAAC;CACxC;AAkBD,wBAAgB,wCAAwC,CAAC,KAAK,EAAE,OAAO,GAAG,gBAAgB,CAiCzF;AAED,wBAAgB,wCAAwC,CAAC,KAAK,EAAE,OAAO,GAAG,gBAAgB,CA2BzF"}

package/dist/core-completion-safety-contracts.js

@@ -0,0 +1,98 @@
+import { invalid, valid, validateNoForbiddenRawPayloads, validateOpaqueId, validateOpaqueRef, } from "./validators.js";
+export const FLOWDESK_ADVISORY_FORBIDDEN_CONSUMERS = [
+    "guard",
+    "approval",
+    "dispatch",
+    "verification",
+    "external_write",
+    "reviewer_verdict_acceptance",
+];
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function rejectUnknownProperties(record, allowed, label) {
+    const unknown = Object.keys(record).filter((key) => !allowed.includes(key));
+    return unknown.length === 0 ? valid() : invalid(`${label} unknown properties: ${unknown.join(",")}`);
+}
+function refs(value, label) {
+    if (!Array.isArray(value))
+        return invalid(`${label} must be an array`);
+    const errors = [];
+    for (const [index, ref] of value.entries())
+        errors.push(...validateOpaqueRef(ref, `${label}[${index}]`).errors);
+    return errors.length === 0 ? valid() : invalid(...errors);
+}
+export function validateFlowDeskAdvisoryOutputFirewallV1(value) {
+    if (!isRecord(value))
+        return invalid("advisory output firewall must be an object");
+    const record = value;
+    const errors = [];
+    errors.push(...rejectUnknownProperties(record, [
+        "schema_version",
+        "advisory_ref",
+        "workflow_id",
+        "source_schema_version",
+        "allowed_consumer_refs",
+        "forbidden_consumers",
+        "advisory_only",
+        "guard_authority_enabled",
+        "approval_authority_enabled",
+        "dispatch_authority_enabled",
+        "verification_authority_enabled",
+        "external_write_authority_enabled",
+    ], "advisory output firewall").errors);
+    errors.push(...validateOpaqueRef(record.advisory_ref, "advisory_ref").errors);
+    errors.push(...validateOpaqueId(record.workflow_id, "workflow_id").errors);
+    if (typeof record.source_schema_version !== "string" || !/^flowdesk\.[a-z0-9_.-]+\.v1$/.test(record.source_schema_version))
+        errors.push("source_schema_version is invalid");
+    errors.push(...refs(record.allowed_consumer_refs, "allowed_consumer_refs").errors);
+    if (!Array.isArray(record.forbidden_consumers))
+        errors.push("forbidden_consumers must be an array");
+    else {
+        for (const consumer of FLOWDESK_ADVISORY_FORBIDDEN_CONSUMERS)
+            if (!record.forbidden_consumers.includes(consumer))
+                errors.push(`forbidden_consumers must include ${consumer}`);
+        for (const [index, consumer] of record.forbidden_consumers.entries())
+            if (!FLOWDESK_ADVISORY_FORBIDDEN_CONSUMERS.includes(consumer))
+                errors.push(`forbidden_consumers[${index}] is invalid`);
+    }
+    if (record.schema_version !== "flowdesk.advisory_output_firewall.v1")
+        errors.push("advisory output firewall schema_version is invalid");
+    if (record.advisory_only !== true || record.guard_authority_enabled !== false || record.approval_authority_enabled !== false || record.dispatch_authority_enabled !== false || record.verification_authority_enabled !== false || record.external_write_authority_enabled !== false)
+        errors.push("advisory output firewall cannot enable authority");
+    errors.push(...validateNoForbiddenRawPayloads(record, "advisory_output_firewall").errors);
+    return errors.length === 0 ? valid() : invalid(...errors);
+}
+export function validateFlowDeskFederatedRegistryStateV1(value) {
+    if (!isRecord(value))
+        return invalid("federated registry state must be an object");
+    const record = value;
+    const errors = [];
+    errors.push(...rejectUnknownProperties(record, [
+        "schema_version",
+        "registry_state_id",
+        "workflow_id",
+        "state",
+        "policy_ref",
+        "remote_upload_enabled",
+        "remote_download_enabled",
+        "planning_influence_enabled",
+        "ranking_influence_enabled",
+        "guard_influence_enabled",
+        "approval_influence_enabled",
+        "dispatch_influence_enabled",
+        "external_write_authority_enabled",
+    ], "federated registry state").errors);
+    errors.push(...validateOpaqueId(record.registry_state_id, "registry_state_id").errors);
+    errors.push(...validateOpaqueId(record.workflow_id, "workflow_id").errors);
+    errors.push(...validateOpaqueRef(record.policy_ref, "policy_ref").errors);
+    if (record.schema_version !== "flowdesk.federated_registry_state.v1")
+        errors.push("federated registry state schema_version is invalid");
+    if (record.state !== "disabled" && record.state !== "documentation_only")
+        errors.push("federated registry state is invalid");
+    if (record.remote_upload_enabled !== false || record.remote_download_enabled !== false || record.planning_influence_enabled !== false || record.ranking_influence_enabled !== false || record.guard_influence_enabled !== false || record.approval_influence_enabled !== false || record.dispatch_influence_enabled !== false || record.external_write_authority_enabled !== false)
+        errors.push("federated registry state cannot enable sharing or influence");
+    errors.push(...validateNoForbiddenRawPayloads(record, "federated_registry_state").errors);
+    return errors.length === 0 ? valid() : invalid(...errors);
+}
+//# sourceMappingURL=core-completion-safety-contracts.js.map

package/dist/core-completion-safety-contracts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"core-completion-safety-contracts.js","sourceRoot":"","sources":["../src/core-completion-safety-contracts.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,OAAO,EAEP,KAAK,EACL,8BAA8B,EAC9B,gBAAgB,EAChB,iBAAiB,GACjB,MAAM,iBAAiB,CAAC;AAEzB,MAAM,CAAC,MAAM,qCAAqC,GAAG;IACpD,OAAO;IACP,UAAU;IACV,UAAU;IACV,cAAc;IACd,gBAAgB;IAChB,6BAA6B;CACpB,CAAC;AAmCX,SAAS,QAAQ,CAAC,KAAc;IAC/B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,uBAAuB,CAAC,MAA+B,EAAE,OAA0B,EAAE,KAAa;IAC1G,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5E,OAAO,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,KAAK,wBAAwB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AACtG,CAAC;AAED,SAAS,IAAI,CAAC,KAAc,EAAE,KAAa;IAC1C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC,GAAG,KAAK,mBAAmB,CAAC,CAAC;IACvE,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE;QAAE,MAAM,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,GAAG,EAAE,GAAG,KAAK,IAAI,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAChH,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,wCAAwC,CAAC,KAAc;IACtE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC,4CAA4C,CAAC,CAAC;IACnF,MAAM,MAAM,GAAG,KAAkD,CAAC;IAClE,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,CAAC,IAAI,CAAC,GAAG,uBAAuB,CAAC,MAAM,EAAE;QAC9C,gBAAgB;QAChB,cAAc;QACd,aAAa;QACb,uBAAuB;QACvB,uBAAuB;QACvB,qBAAqB;QACrB,eAAe;QACf,yBAAyB;QACzB,4BAA4B;QAC5B,4BAA4B;QAC5B,gCAAgC;QAChC,kCAAkC;KAClC,EAAE,0BAA0B,CAAC,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC;IAC9E,MAAM,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;IAC3E,IAAI,OAAO,MAAM,CAAC,qBAAqB,KAAK,QAAQ,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAC5K,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,qBAAqB,EAAE,uBAAuB,CAAC,CAAC,MAAM,CAAC,CAAC;IACnF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;SAC/F,CAAC;QACL,KAAK,MAAM,QAAQ,IAAI,qCAAqC;YAC3D,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAAE,MAAM,CAAC,IAAI,CAAC,oCAAoC,QAAQ,EAAE,CAAC,CAAC;QACjH,KAAK,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE;YACnE,IAAI,CAAE,qCAA2D,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAAE,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,cAAc,CAAC,CAAC;IAChJ,CAAC;IACD,IAAI,MAAM,CAAC,cAAc,KAAK,sCAAsC;QAAE,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IACxI,IAAI,MAAM,CAAC,aAAa,KAAK,IAAI,IAAI,MAAM,CAAC,uBAAuB,KAAK,KAAK,IAAI,MAAM,CAAC,0BAA0B,KAAK,KAAK,IAAI,MAAM,CAAC,0BAA0B,KAAK,KAAK,IAAI,MAAM,CAAC,8BAA8B,KAAK,KAAK,IAAI,MAAM,CAAC,gCAAgC,KAAK,KAAK;QAAE,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;IACrV,MAAM,CAAC,IAAI,CAAC,GAAG,8BAA8B,CAAC,MAAM,EAAE,0BAA0B,CAAC,CAAC,MAAM,CAAC,CAAC;IAC1F,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,wCAAwC,CAAC,KAAc;IACtE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC,4CAA4C,CAAC,CAAC;IACnF,MAAM,MAAM,GAAG,KAAkD,CAAC;IAClE,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,CAAC,IAAI,CAAC,GAAG,uBAAuB,CAAC,MAAM,EAAE;QAC9C,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;QACb,OAAO;QACP,YAAY;QACZ,uBAAuB;QACvB,yBAAyB;QACzB,4BAA4B;QAC5B,2BAA2B;QAC3B,yBAAyB;QACzB,4BAA4B;QAC5B,4BAA4B;QAC5B,kCAAkC;KAClC,EAAE,0BAA0B,CAAC,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,MAAM,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,CAAC,MAAM,CAAC,CAAC;IACvF,MAAM,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;IAC3E,MAAM,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC;IAC1E,IAAI,MAAM,CAAC,cAAc,KAAK,sCAAsC;QAAE,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IACxI,IAAI,MAAM,CAAC,KAAK,KAAK,UAAU,IAAI,MAAM,CAAC,KAAK,KAAK,oBAAoB;QAAE,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IAC7H,IAAI,MAAM,CAAC,qBAAqB,KAAK,KAAK,IAAI,MAAM,CAAC,uBAAuB,KAAK,KAAK,IAAI,MAAM,CAAC,0BAA0B,KAAK,KAAK,IAAI,MAAM,CAAC,yBAAyB,KAAK,KAAK,IAAI,MAAM,CAAC,uBAAuB,KAAK,KAAK,IAAI,MAAM,CAAC,0BAA0B,KAAK,KAAK,IAAI,MAAM,CAAC,0BAA0B,KAAK,KAAK,IAAI,MAAM,CAAC,gCAAgC,KAAK,KAAK;QAAE,MAAM,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;IAC/b,MAAM,CAAC,IAAI,CAAC,GAAG,8BAA8B,CAAC,MAAM,EAAE,0BAA0B,CAAC,CAAC,MAAM,CAAC,CAAC;IAC1F,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC;AAC3D,CAAC"}

package/dist/dispatch-attempt-manifest.d.ts

@@ -0,0 +1,59 @@
+import { type FlowDeskProductionApprovalSourceV1 } from "./production-approval-source.js";
+import type { FlowDeskSessionEvidenceReloadResultV1 } from "./session-evidence.js";
+import { type ValidationResult } from "./validators.js";
+export declare const FLOWDESK_DISPATCH_ATTEMPT_STATES: readonly ["planned", "audit_committed", "approval_consumed", "sdk_call_permitted", "dispatch_failed", "quarantined"];
+export type FlowDeskDispatchAttemptStateV1 = (typeof FLOWDESK_DISPATCH_ATTEMPT_STATES)[number];
+export interface FlowDeskDispatchAttemptManifestV1 {
+    schema_version: "flowdesk.dispatch_attempt_manifest.v1";
+    workflow_id: string;
+    attempt_id: string;
+    state: FlowDeskDispatchAttemptStateV1;
+    actor_ref: string;
+    profile_ref: string;
+    provider_qualified_model_id: string;
+    provider_binding_hash: string;
+    evidence_bundle_hash: string;
+    evidence_refs: string[];
+    approval_ref: string;
+    consumed_approval_ref?: string;
+    guard_decision_ref: string;
+    pre_dispatch_audit_ref: string;
+    pre_dispatch_audit_committed: boolean;
+    idempotency_key: string;
+    created_at: string;
+    updated_at: string;
+    dispatch_authority_enabled: false;
+    realOpenCodeDispatch: false;
+    actualLaneLaunch: false;
+    providerCall: false;
+    runtimeExecution: false;
+}
+export interface FlowDeskDispatchAttemptPrecallEvaluationV1 extends ValidationResult {
+    schema_version: "flowdesk.dispatch_attempt_precall_evaluation.v1";
+    workflow_id?: string;
+    attempt_id?: string;
+    state: "sdk_call_permitted" | "blocked_before_sdk_call";
+    sdk_call_permitted: boolean;
+    blocked_labels: string[];
+    dispatch_authority_enabled: false;
+    realOpenCodeDispatch: false;
+    actualLaneLaunch: false;
+    providerCall: false;
+    runtimeExecution: false;
+}
+export interface FlowDeskDispatchAttemptDurablePrecallEvaluationV1 extends FlowDeskDispatchAttemptPrecallEvaluationV1 {
+    durable_provenance_required: true;
+    reloaded_approval_source_ref?: string;
+    reloaded_pre_dispatch_audit_ref?: string;
+    reloaded_idempotency_snapshot_ref?: string;
+}
+export declare function validateFlowDeskDispatchAttemptManifestV1(value: unknown, expectedWorkflowId?: string): ValidationResult;
+export declare function evaluateFlowDeskDispatchAttemptPrecallV1(input: {
+    manifest: FlowDeskDispatchAttemptManifestV1;
+    consumedApproval?: FlowDeskProductionApprovalSourceV1;
+}): FlowDeskDispatchAttemptPrecallEvaluationV1;
+export declare function evaluateFlowDeskDispatchAttemptDurablePrecallV1(input: {
+    manifest: FlowDeskDispatchAttemptManifestV1;
+    reloadedEvidence: FlowDeskSessionEvidenceReloadResultV1;
+}): FlowDeskDispatchAttemptDurablePrecallEvaluationV1;
+//# sourceMappingURL=dispatch-attempt-manifest.d.ts.map

package/dist/dispatch-attempt-manifest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dispatch-attempt-manifest.d.ts","sourceRoot":"","sources":["../src/dispatch-attempt-manifest.ts"],"names":[],"mappings":"AAMA,OAAO,EAEN,KAAK,kCAAkC,EACvC,MAAM,iCAAiC,CAAC;AACzC,OAAO,KAAK,EAAE,qCAAqC,EAAE,MAAM,uBAAuB,CAAC;AACnF,OAAO,EAEN,KAAK,gBAAgB,EAMrB,MAAM,iBAAiB,CAAC;AAEzB,eAAO,MAAM,gCAAgC,sHAOnC,CAAC;AACX,MAAM,MAAM,8BAA8B,GACzC,CAAC,OAAO,gCAAgC,CAAC,CAAC,MAAM,CAAC,CAAC;AAEnD,MAAM,WAAW,iCAAiC;IACjD,cAAc,EAAE,uCAAuC,CAAC;IACxD,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,8BAA8B,CAAC;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,2BAA2B,EAAE,MAAM,CAAC;IACpC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,4BAA4B,EAAE,OAAO,CAAC;IACtC,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,0BAA0B,EAAE,KAAK,CAAC;IAClC,oBAAoB,EAAE,KAAK,CAAC;IAC5B,gBAAgB,EAAE,KAAK,CAAC;IACxB,YAAY,EAAE,KAAK,CAAC;IACpB,gBAAgB,EAAE,KAAK,CAAC;CACxB;AAED,MAAM,WAAW,0CAChB,SAAQ,gBAAgB;IACxB,cAAc,EAAE,iDAAiD,CAAC;IAClE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,oBAAoB,GAAG,yBAAyB,CAAC;IACxD,kBAAkB,EAAE,OAAO,CAAC;IAC5B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,0BAA0B,EAAE,KAAK,CAAC;IAClC,oBAAoB,EAAE,KAAK,CAAC;IAC5B,gBAAgB,EAAE,KAAK,CAAC;IACxB,YAAY,EAAE,KAAK,CAAC;IACpB,gBAAgB,EAAE,KAAK,CAAC;CACxB;AAED,MAAM,WAAW,iDAChB,SAAQ,0CAA0C;IAClD,2BAA2B,EAAE,IAAI,CAAC;IAClC,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,+BAA+B,CAAC,EAAE,MAAM,CAAC;IACzC,iCAAiC,CAAC,EAAE,MAAM,CAAC;CAC3C;AA2CD,wBAAgB,yCAAyC,CACxD,KAAK,EAAE,OAAO,EACd,kBAAkB,CAAC,EAAE,MAAM,GACzB,gBAAgB,CA4GlB;AAED,wBAAgB,wCAAwC,CAAC,KAAK,EAAE;IAC/D,QAAQ,EAAE,iCAAiC,CAAC;IAC5C,gBAAgB,CAAC,EAAE,kCAAkC,CAAC;CACtD,GAAG,0CAA0C,CAuE7C;AAUD,wBAAgB,+CAA+C,CAAC,KAAK,EAAE;IACtE,QAAQ,EAAE,iCAAiC,CAAC;IAC5C,gBAAgB,EAAE,qCAAqC,CAAC;CACxD,GAAG,iDAAiD,CAsHpD"}