@full-self-browsing/lattice 0.0.0-bootstrap.0

package/dist/index.js

@@ -0,0 +1,3200 @@
+import { C as createHookPipeline, S as BAND, T as toArtifactRef, _ as PAYLOAD_TYPE, a as formatToolsForProvider, b as decodeEnvelope, c as importMcpTools, d as validateOutputMap, f as createNoopSurvivabilityAdapter, g as createReceipt, h as createCheckpointHook, i as createNoopAgentHost, l as runTool, m as STEP_TRANSITION_EVENT_NAME, o as toolSchemaToJsonSchema, p as DEFAULT_CHECKPOINT_BAND, r as AgentDeniedError, s as defineTool, t as runAgent, u as toolArtifactRef, v as base64Encode, w as artifact, x as canonicalizeReceiptBody, y as buildPae } from "./runtime-CfZ-sGGk.js";
+import canonicalize from "canonicalize";
+import { mkdir, readFile, readdir, rm, stat, writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import { fileURLToPath } from "node:url";
+//#region src/contract/contract.ts
+/**
+* Factory for `CapabilityContract` values.
+*
+* Mirrors the `output()` and adapter factory style — exact-optional safe
+* (does not emit `field: undefined` properties under `exactOptionalPropertyTypes`).
+* Returns a frozen value with frozen nested objects so downstream code can
+* rely on structural immutability when canonicalizing in Phase 9.
+*/
+function contract(input = {}) {
+	return Object.freeze({
+		kind: "capability-contract",
+		...input.budget !== void 0 ? { budget: Object.freeze({ ...input.budget }) } : {},
+		...input.invariants !== void 0 ? { invariants: Object.freeze(input.invariants.map((inv) => Object.freeze({ ...inv }))) } : {},
+		...input.qualityFloor !== void 0 ? { qualityFloor: Object.freeze({ ...input.qualityFloor }) } : {},
+		...input.requiredModalities !== void 0 ? { requiredModalities: Object.freeze([...input.requiredModalities]) } : {},
+		...input.requiredPrivacy !== void 0 ? { requiredPrivacy: input.requiredPrivacy } : {}
+	});
+}
+//#endregion
+//#region src/contract/invariants.ts
+let counter = 0;
+function nextId(kind, options) {
+	counter += 1;
+	return options?.id ?? `${kind}-${counter}`;
+}
+/**
+* Fluent builder for tripwire invariants.
+*
+* Each helper returns a frozen `InvariantDeclaration` with an auto-generated
+* id of the form `${kind}-${counter}`. Callers may override the id via the
+* second-positional `options.id` arg.
+*
+* The counter is monotonic across kinds — calling `inv.mustCite("a")` then
+* `inv.fieldFromTable("x", ["y"])` yields ids `must-cite-1` then
+* `field-from-table-2`. This keeps ids globally unique within a process.
+*
+* Note on `inv.matches`: the caller supplies the StandardSchema validator,
+* and the tripwire evaluator trusts whatever `~standard.validate` returns.
+* This is by design — `matches` is the caller-driven escape hatch (see
+* T-08-05 in the 08-01-PLAN threat register).
+*/
+const inv = {
+	mustCite(artifactName, options) {
+		return Object.freeze({
+			id: nextId("must-cite", options),
+			kind: "must-cite",
+			artifactName
+		});
+	},
+	fieldFromTable(path, allowedValues, options) {
+		return Object.freeze({
+			id: nextId("field-from-table", options),
+			kind: "field-from-table",
+			path,
+			allowedValues: Object.freeze([...allowedValues])
+		});
+	},
+	noPII(path, options) {
+		return Object.freeze({
+			id: nextId("no-pii", options),
+			kind: "no-pii",
+			path
+		});
+	},
+	matches(path, schema, options) {
+		return Object.freeze({
+			id: nextId("matches", options),
+			kind: "matches",
+			path,
+			schema
+		});
+	},
+	__resetCounterForTests() {
+		counter = 0;
+	}
+};
+//#endregion
+//#region src/contract/pii-detectors.ts
+/**
+* Luhn check digit validator.
+*
+* Strips non-digit characters from `digits`, requires the resulting length
+* to be 13-19 (ISO/IEC 7812 PAN range), then walks right-to-left doubling
+* every second digit and summing. Returns true when the sum is a multiple
+* of 10.
+*/
+function luhn(digits) {
+	const cleaned = digits.replace(/\D/g, "");
+	if (cleaned.length < 13 || cleaned.length > 19) return false;
+	let sum = 0;
+	let shouldDouble = false;
+	for (let i = cleaned.length - 1; i >= 0; i -= 1) {
+		const code = cleaned.charCodeAt(i);
+		if (code < 48 || code > 57) return false;
+		let digit = code - 48;
+		if (shouldDouble) {
+			digit *= 2;
+			if (digit > 9) digit -= 9;
+		}
+		sum += digit;
+		shouldDouble = !shouldDouble;
+	}
+	return sum % 10 === 0;
+}
+function execFirst(regex, input) {
+	const match = regex.exec(input);
+	return match ? match[0] : void 0;
+}
+/**
+* Default PII detectors used by `evaluateTripwires` for `no-pii` invariants.
+*
+* Order is deterministic: email, us-ssn, credit-card, us-phone. Callers who
+* need a different set can pass their own list to `evaluateTripwires`.
+*/
+const defaultPiiDetectors = Object.freeze([
+	{
+		name: "email",
+		detect(input) {
+			const substring = execFirst(/[\w.+-]+@[\w-]+\.[\w.-]+/, input);
+			return substring !== void 0 ? {
+				matched: true,
+				substring
+			} : { matched: false };
+		}
+	},
+	{
+		name: "us-ssn",
+		detect(input) {
+			const substring = execFirst(/\b\d{3}-\d{2}-\d{4}\b/, input);
+			return substring !== void 0 ? {
+				matched: true,
+				substring
+			} : { matched: false };
+		}
+	},
+	{
+		name: "credit-card",
+		detect(input) {
+			const candidate = execFirst(/\b(?:\d[ -]?){13,19}\b/, input);
+			if (candidate === void 0) return { matched: false };
+			const trimmed = candidate.replace(/[ -]+$/, "");
+			if (!luhn(trimmed)) return { matched: false };
+			return {
+				matched: true,
+				substring: trimmed
+			};
+		}
+	},
+	{
+		name: "us-phone",
+		detect(input) {
+			const substring = execFirst(/\b\d{3}-\d{3}-\d{4}\b|\(\d{3}\)\s?\d{3}-\d{4}/, input);
+			return substring !== void 0 ? {
+				matched: true,
+				substring
+			} : { matched: false };
+		}
+	}
+]);
+//#endregion
+//#region src/routing/catalog.ts
+const DEFAULT_CATALOG_VERSION = "lattice:catalog:v1";
+function createCapabilityCatalog(providers) {
+	return {
+		version: DEFAULT_CATALOG_VERSION,
+		models: providers.flatMap((provider) => {
+			if (provider.kind === "provider-adapter" && provider.capabilities !== void 0) return provider.capabilities;
+			return [defaultCapabilityForProvider(provider.id)];
+		})
+	};
+}
+function defaultCapabilityForProvider(providerId) {
+	return {
+		providerId,
+		modelId: `${providerId}:default`,
+		inputModalities: [
+			"text",
+			"json",
+			"image",
+			"audio",
+			"document",
+			"file",
+			"url",
+			"tool"
+		],
+		outputModalities: ["text", "json"],
+		fileTransport: [
+			"inline",
+			"json",
+			"url",
+			"base64",
+			"extracted-text",
+			"transcript"
+		],
+		contextWindow: 16e3,
+		structuredOutput: true,
+		toolUse: false,
+		streaming: false,
+		pricing: {
+			inputCostPer1M: 0,
+			outputCostPer1M: 0,
+			inputPer1kTokens: 0,
+			outputPer1kTokens: 0
+		},
+		latency: "interactive",
+		dataPolicy: {
+			privacy: ["standard", "sensitive"],
+			uploadRetention: "none",
+			supportsNoLogging: true,
+			supportsNoTraining: true
+		},
+		available: true
+	};
+}
+/**
+* Resolve the effective per-1k token pricing for a capability.
+*
+* Prefers the explicit `inputPer1kTokens` / `outputPer1kTokens` fields and
+* falls back to dividing the legacy per-1M fields by 1000 when only those
+* are present. Returns `undefined` per side when neither shape supplies a
+* value, so callers can distinguish "free / zero" (`0`) from "unknown"
+* (`undefined`) — Phase 7 cost normalization treats unknown pricing as
+* `usage.costUsd === null`, not `0`.
+*/
+function effectivePer1kPricing(pricing) {
+	if (pricing === void 0) return {
+		inputPer1kTokens: void 0,
+		outputPer1kTokens: void 0
+	};
+	return {
+		inputPer1kTokens: pricing.inputPer1kTokens ?? (pricing.inputCostPer1M !== void 0 ? pricing.inputCostPer1M / 1e3 : void 0),
+		outputPer1kTokens: pricing.outputPer1kTokens ?? (pricing.outputCostPer1M !== void 0 ? pricing.outputCostPer1M / 1e3 : void 0)
+	};
+}
+//#endregion
+//#region src/contract/preflight.ts
+/**
+* Pure cost estimator. Returns `null` when pricing is unknown (so downstream
+* gates can distinguish "free / zero" from "unmeasured" per the Phase 7
+* cost-normalization decision). Uses static catalog metadata only — no probes,
+* no external pricing APIs.
+*/
+function estimateRouteCost(input) {
+	const { inputPer1kTokens, outputPer1kTokens } = effectivePer1kPricing(input.capability.pricing);
+	if (inputPer1kTokens === void 0 && outputPer1kTokens === void 0) return null;
+	return (inputPer1kTokens ?? 0) * input.estimatedInputTokens / 1e3 + (outputPer1kTokens ?? 0) * input.estimatedOutputTokens / 1e3;
+}
+/**
+* Pure pre-flight evaluator. Phase 9 receipts will reuse this for deterministic
+* verdict reconstruction.
+*
+* Token estimation: Phase 7 does NOT define a separate token estimator. Output-
+* token projection is the canonical responsibility of the router's existing
+* `estimateRoute()` helper (in `routing/router.ts`), which already produces an
+* `estimatedOutputTokens` value. The router passes that same value into this
+* evaluator via `EvaluateContractInput.estimatedOutputTokens`, so preflight
+* and the router always agree on the projected output size. Phase 9 receipts
+* will pin the router's estimate as the deterministic input — intentionally
+* one source of truth.
+*
+* Reject taxonomy (Phase 7 emits three of four codes):
+*  - `contract-budget-exceeded` (CONTRACT-04 + COST-03)
+*  - `contract-modality-missing` (CONTRACT-06)
+*  - `contract-privacy-mismatch` (CONTRACT-06)
+*  - `contract-quality-floor` (reserved for Phase 12 `lattice eval`; NEVER emitted here)
+*/
+function evaluateContractAgainstRoute(contract, input) {
+	if (contract === void 0) return {
+		ok: true,
+		reasons: []
+	};
+	const reasons = [];
+	if (contract.budget?.maxCostUsd !== void 0) {
+		const estimatedCost = estimateRouteCost({
+			capability: input.capability,
+			estimatedInputTokens: input.estimatedInputTokens,
+			estimatedOutputTokens: input.estimatedOutputTokens
+		});
+		if (estimatedCost === null) reasons.push({
+			code: "contract-budget-exceeded",
+			message: `${input.capability.modelId} pricing unknown; contract budget declared (maxCostUsd=${contract.budget.maxCostUsd}).`
+		});
+		else if (estimatedCost > contract.budget.maxCostUsd) reasons.push({
+			code: "contract-budget-exceeded",
+			message: `${input.capability.modelId} estimated ${estimatedCost.toFixed(6)} exceeds contract budget ${contract.budget.maxCostUsd}.`
+		});
+	}
+	if (contract.requiredModalities !== void 0) {
+		for (const modality of contract.requiredModalities) if (!input.capability.inputModalities.includes(modality) && !input.capability.outputModalities.includes(modality)) reasons.push({
+			code: "contract-modality-missing",
+			message: `${input.capability.modelId} does not support required modality ${modality}.`
+		});
+	}
+	if (contract.requiredPrivacy !== void 0) {
+		if (!input.capability.dataPolicy.privacy.includes(contract.requiredPrivacy)) reasons.push({
+			code: "contract-privacy-mismatch",
+			message: `${input.capability.modelId} does not satisfy contract privacy ${contract.requiredPrivacy}.`
+		});
+	}
+	return {
+		ok: reasons.length === 0,
+		reasons
+	};
+}
+//#endregion
+//#region src/contract/tripwire.ts
+/**
+* Pure tripwire evaluator.
+*
+* No I/O, no Date.now, no random — same `(output, invariants)` always
+* returns the same `TripwireResult`. Phase 9 receipts can reconstruct the
+* verdict deterministically (T-08-04).
+*
+* Evaluates invariants in declaration order; the FIRST failing invariant
+* aborts and returns its evidence. Subsequent invariants are not evaluated.
+*
+* @param output      The provider output to inspect.
+* @param invariants  Invariants to evaluate, in declaration order.
+* @param detectors   PII detectors used for `no-pii` invariants. Defaults
+*                    to `defaultPiiDetectors`. Callers can pass a custom
+*                    list to override.
+*/
+async function evaluateTripwires(output, invariants, detectors = defaultPiiDetectors) {
+	for (const declaration of invariants) {
+		const result = await evaluateOne(output, declaration, detectors);
+		if (!result.ok) return result;
+	}
+	return { ok: true };
+}
+async function evaluateOne(output, declaration, detectors) {
+	switch (declaration.kind) {
+		case "must-cite": return evaluateMustCite(output, declaration);
+		case "field-from-table": return evaluateFieldFromTable(output, declaration);
+		case "no-pii": return evaluateNoPii(output, declaration, detectors);
+		case "matches": return evaluateMatches(output, declaration);
+		default: throw new Error(`Unknown invariant kind: ${JSON.stringify(declaration)}`);
+	}
+}
+function evaluateMustCite(output, decl) {
+	const located = locateCitations(output);
+	const cites = located?.value ?? [];
+	const path = located?.path ?? "citations";
+	if (cites.some((entry) => {
+		if (typeof entry === "string") return entry === decl.artifactName;
+		if (typeof entry === "object" && entry !== null && "source" in entry) return entry.source === decl.artifactName;
+		return false;
+	})) return { ok: true };
+	return {
+		ok: false,
+		evidence: {
+			invariantId: decl.id,
+			kind: "must-cite",
+			path,
+			observed: cites,
+			message: `must-cite: no citation found for "${decl.artifactName}".`
+		}
+	};
+}
+/**
+* Locate the citations payload in `output`. Searches top-level for a
+* `citations` or `evidence` key holding an array. Per 08-CONTEXT.md:
+* "Path defaults to evidence if the output has a citations field; the
+* runtime locates the citations payload in the output."
+*
+* Returns `undefined` when neither field is an array.
+*/
+function locateCitations(output) {
+	if (typeof output !== "object" || output === null) return void 0;
+	const record = output;
+	for (const key of ["citations", "evidence"]) {
+		const value = record[key];
+		if (Array.isArray(value)) return {
+			value,
+			path: key
+		};
+	}
+}
+function evaluateFieldFromTable(output, decl) {
+	const value = resolvePath(output, decl.path);
+	if (typeof value === "string" && decl.allowedValues.includes(value)) return { ok: true };
+	return {
+		ok: false,
+		evidence: {
+			invariantId: decl.id,
+			kind: "field-from-table",
+			path: decl.path,
+			observed: value,
+			message: `field-from-table: value at "${decl.path}" not in allowedValues.`
+		}
+	};
+}
+function evaluateNoPii(output, decl, detectors) {
+	const value = resolvePath(output, decl.path);
+	if (typeof value !== "string") return { ok: true };
+	for (const detector of detectors) {
+		const result = detector.detect(value);
+		if (result.matched) return {
+			ok: false,
+			evidence: {
+				invariantId: decl.id,
+				kind: "no-pii",
+				path: decl.path,
+				observed: {
+					detector: detector.name,
+					substring: result.substring
+				},
+				message: `no-pii: detector "${detector.name}" flagged content at "${decl.path}".`
+			}
+		};
+	}
+	return { ok: true };
+}
+async function evaluateMatches(output, decl) {
+	const value = resolvePath(output, decl.path);
+	const validateResult = decl.schema["~standard"].validate(value);
+	const validation = validateResult instanceof Promise ? await validateResult : validateResult;
+	if ("issues" in validation && validation.issues !== void 0) {
+		const firstIssue = validation.issues[0];
+		return {
+			ok: false,
+			evidence: {
+				invariantId: decl.id,
+				kind: "matches",
+				path: decl.path,
+				observed: value,
+				message: firstIssue?.message ?? `matches: schema validation failed at "${decl.path}".`
+			}
+		};
+	}
+	return { ok: true };
+}
+/**
+* Resolve a dotted/bracketed path expression against a value.
+*
+* Supports three segment forms:
+*   - dotted key:    `a.b.c`
+*   - bracket index: `a[0].b`
+*   - wildcard:      `a[*].b` (materializes the array of resolutions)
+*
+* Returns `undefined` for missing paths (does not throw).
+*
+* NOTE (T-08-03): `[*]` materializes the array; deeply nested wildcard
+* chains could allocate O(N^k). Accepted for v1.1 — provider responses
+* are bounded by output token caps.
+*/
+function resolvePath(value, path) {
+	if (path === "") return value;
+	return walk(value, tokenize(path), 0);
+}
+function tokenize(path) {
+	const tokens = [];
+	let i = 0;
+	let buffer = "";
+	const flushKey = () => {
+		if (buffer.length > 0) {
+			tokens.push({
+				type: "key",
+				name: buffer
+			});
+			buffer = "";
+		}
+	};
+	while (i < path.length) {
+		const ch = path[i];
+		if (ch === ".") {
+			flushKey();
+			i += 1;
+			continue;
+		}
+		if (ch === "[") {
+			flushKey();
+			const end = path.indexOf("]", i + 1);
+			if (end === -1) {
+				buffer = path.slice(i);
+				i = path.length;
+				continue;
+			}
+			const inner = path.slice(i + 1, end);
+			if (inner === "*") tokens.push({ type: "wildcard" });
+			else {
+				const idx = Number(inner);
+				if (Number.isInteger(idx) && idx >= 0) tokens.push({
+					type: "index",
+					index: idx
+				});
+				else tokens.push({
+					type: "key",
+					name: inner
+				});
+			}
+			i = end + 1;
+			continue;
+		}
+		buffer += ch;
+		i += 1;
+	}
+	flushKey();
+	return tokens;
+}
+function walk(value, tokens, cursor) {
+	if (cursor >= tokens.length) return value;
+	if (value === void 0 || value === null) return void 0;
+	const token = tokens[cursor];
+	if (token.type === "key") {
+		if (typeof value !== "object") return void 0;
+		const next = value[token.name];
+		return walk(next, tokens, cursor + 1);
+	}
+	if (token.type === "index") {
+		if (!Array.isArray(value)) return void 0;
+		return walk(value[token.index], tokens, cursor + 1);
+	}
+	if (!Array.isArray(value)) return void 0;
+	return value.map((entry) => walk(entry, tokens, cursor + 1));
+}
+//#endregion
+//#region src/outputs/contracts.ts
+const output = {
+	citations() {
+		return { kind: "citations" };
+	},
+	artifacts(options = {}) {
+		return {
+			kind: "artifacts",
+			...options
+		};
+	}
+};
+//#endregion
+//#region src/receipts/keyset.ts
+/**
+* In-memory KeySet factory.
+*
+* Verification flow (plan 09-03):
+*   - keySet.lookup(kid) returns undefined  → VerifyError {kind: "key-not-found"}
+*   - entry.state === "revoked"             → VerifyError {kind: "key-revoked"}
+*   - entry.state === "retired"             → VerifyOk + keyState: "retired" (caller may warn)
+*   - entry.state === "active"              → VerifyOk + keyState: "active"
+*
+* Duplicate kids: last write wins (deterministic — callers control entry order).
+* Empty entries array is legal — every lookup returns undefined.
+* Returned KeySet exposes only `lookup` — no enumeration.
+*
+* See 09-CONTEXT.md "Key Management (UNRETROFITTABLE)".
+*/
+function createMemoryKeySet(entries) {
+	const byKid = /* @__PURE__ */ new Map();
+	for (const entry of entries) byKid.set(entry.kid, entry);
+	return { lookup(kid) {
+		return byKid.get(kid);
+	} };
+}
+//#endregion
+//#region src/receipts/sign.ts
+const ALG = "Ed25519";
+/**
+* Copy a Uint8Array into a fresh ArrayBuffer. WebCrypto's BufferSource type
+* (under exactOptionalPropertyTypes + strict TS) rejects `Uint8Array<ArrayBufferLike>`
+* because the underlying buffer could be a SharedArrayBuffer. Matches the
+* pattern used in storage/fingerprint.ts.
+*/
+function toArrayBuffer$1(bytes) {
+	const copy = new Uint8Array(bytes.byteLength);
+	copy.set(bytes);
+	return copy.buffer;
+}
+async function importEd25519PrivateKey(jwk) {
+	return crypto.subtle.importKey("jwk", jwk, ALG, true, ["sign"]);
+}
+async function importEd25519PublicKey(jwk) {
+	return crypto.subtle.importKey("jwk", jwk, ALG, true, ["verify"]);
+}
+async function generateEd25519KeyPairJwk() {
+	const pair = await crypto.subtle.generateKey(ALG, true, ["sign", "verify"]);
+	const [privateKeyJwk, publicKeyJwk] = await Promise.all([crypto.subtle.exportKey("jwk", pair.privateKey), crypto.subtle.exportKey("jwk", pair.publicKey)]);
+	return {
+		privateKeyJwk,
+		publicKeyJwk
+	};
+}
+async function verifyEd25519Signature(publicKeyJwk, message, signature) {
+	let key;
+	try {
+		key = await importEd25519PublicKey(publicKeyJwk);
+	} catch {
+		return false;
+	}
+	try {
+		return await crypto.subtle.verify(ALG, key, toArrayBuffer$1(signature), toArrayBuffer$1(message));
+	} catch {
+		return false;
+	}
+}
+function createInMemorySigner(privateKeyJwk, options) {
+	let cachedKey;
+	const ensureKey = async () => {
+		if (cachedKey === void 0) cachedKey = await importEd25519PrivateKey(privateKeyJwk);
+		return cachedKey;
+	};
+	return {
+		kid: options.kid,
+		publicKeyJwk: options.publicKeyJwk,
+		async sign(bytes) {
+			const key = await ensureKey();
+			const sig = await crypto.subtle.sign(ALG, key, toArrayBuffer$1(bytes));
+			return new Uint8Array(sig);
+		}
+	};
+}
+//#endregion
+//#region src/receipts/verify.ts
+function fail$1(kind, message) {
+	return {
+		ok: false,
+		error: {
+			kind,
+			message
+		}
+	};
+}
+function bytesEqual(a, b) {
+	if (a.byteLength !== b.byteLength) return false;
+	for (let i = 0; i < a.byteLength; i += 1) if (a[i] !== b[i]) return false;
+	return true;
+}
+/**
+* Receipt body shape check. We trust the JSON parse — but we re-validate
+* that the required fields exist with the right primitive types before
+* canonicalizing again. Anything off -> version-mismatch (the body is
+* structurally NOT a v1 receipt, even if it parses as JSON).
+*/
+function asReceiptBody(value) {
+	if (typeof value !== "object" || value === null) return void 0;
+	const v = value;
+	if (v.version !== void 0 && v.version !== "lattice-receipt/v1" && v.version !== "lattice-receipt/v1.1") return;
+	if (typeof v.receiptId !== "string") return void 0;
+	if (typeof v.runId !== "string") return void 0;
+	if (typeof v.issuedAt !== "string") return void 0;
+	if (typeof v.kid !== "string") return void 0;
+	if (typeof v.model !== "object" || v.model === null) return void 0;
+	if (typeof v.route !== "object" || v.route === null) return void 0;
+	if (typeof v.usage !== "object" || v.usage === null) return void 0;
+	if (typeof v.contractVerdict !== "string") return void 0;
+	if (!Array.isArray(v.inputHashes)) return void 0;
+	if (typeof v.redactionPolicyId !== "string") return void 0;
+	if (!Array.isArray(v.redactions)) return void 0;
+	return v;
+}
+/**
+* Pure receipt verifier.
+*
+* Returns a typed VerifyResult — never throws across the verification
+* boundary (PITFALLS.md security: "Verifier panics on malformed receipts
+* -> DoS via crafted input"). All parsing failures become typed errors.
+*
+* Decision tree (first match wins):
+*   1. decodeEnvelope throws OR signatures[] empty       -> envelope-malformed
+*   2. payload bytes are not valid JSON                  -> envelope-malformed
+*   3. body shape check fails OR version unknown literal -> version-mismatch
+*   4. body.version === undefined OR "lattice-receipt/v1"-> schema-version-too-low (CRYPTO-01)
+*   5. keySet.lookup(keyid) === undefined                -> key-not-found
+*   6. entry.state === "revoked"                         -> key-revoked
+*   7. re-canonicalized body != signed payloadBytes      -> canonicalization-mismatch
+*   8. Ed25519 verification of PAE fails                 -> signature-invalid
+*   9. body.kid !== entry.kid (defense in depth)         -> signature-invalid
+*  10. otherwise                                         -> ok + keyState
+*/
+async function verifyReceipt(envelope, keySet) {
+	let decoded;
+	try {
+		decoded = decodeEnvelope(envelope);
+	} catch (error) {
+		return fail$1("envelope-malformed", error instanceof Error ? error.message : String(error));
+	}
+	if (decoded.signatures.length === 0) return fail$1("envelope-malformed", "envelope has no signatures");
+	let parsed;
+	try {
+		parsed = JSON.parse(new TextDecoder().decode(decoded.payloadBytes));
+	} catch (error) {
+		return fail$1("envelope-malformed", `payload is not valid JSON: ${error instanceof Error ? error.message : String(error)}`);
+	}
+	const body = asReceiptBody(parsed);
+	if (body === void 0) return fail$1("version-mismatch", "receipt body is not a lattice-receipt/v1 shape");
+	if (body.version === void 0 || body.version === "lattice-receipt/v1") return fail$1("schema-version-too-low", "Receipt body.version must be 'lattice-receipt/v1.1' — v1 receipts are not accepted (CRYPTO-01).");
+	const firstSig = decoded.signatures[0];
+	const entry = keySet.lookup(firstSig.keyid);
+	if (entry === void 0) return fail$1("key-not-found", `keySet has no entry for kid "${firstSig.keyid}"`);
+	if (entry.state === "revoked") return fail$1("key-revoked", `key "${entry.kid}" is revoked`);
+	if (!bytesEqual(canonicalizeReceiptBody(body), decoded.payloadBytes)) return fail$1("canonicalization-mismatch", "re-canonicalized body does not match signed payload bytes");
+	const pae = buildPae(PAYLOAD_TYPE, base64Encode(decoded.payloadBytes));
+	if (!await verifyEd25519Signature(entry.publicKeyJwk, pae, firstSig.sig)) return fail$1("signature-invalid", "Ed25519 signature does not verify");
+	if (body.kid !== entry.kid) return fail$1("signature-invalid", `body.kid "${body.kid}" does not match envelope keyid "${entry.kid}"`);
+	return {
+		ok: true,
+		body,
+		keyState: entry.state
+	};
+}
+//#endregion
+//#region src/results/errors.ts
+/**
+* Returns `true` for run errors that MUST NOT be retried by the fallback
+* chain. Phase 8 covers two kinds:
+*
+*   - `tripwire-violated` — the contract's invariants rejected the output;
+*     a different provider will not change the verdict, so retry burns
+*     budget for no gain (T-08-06 in 08-02-PLAN threat register).
+*   - `no-contract-match` — no route satisfies the contract at all; the
+*     run never executed and no retry will help.
+*
+* All other error kinds return `false` and remain eligible for fallback.
+* The predicate is exported so Phase 12's eval gate and any user-side
+* retry wrappers can share one source of truth.
+*/
+function isTerminal(error) {
+	return error.kind === "tripwire-violated" || error.kind === "no-contract-match";
+}
+//#endregion
+//#region src/providers/adapters.ts
+function createOpenAICompatibleProvider(options) {
+	const id = options.id ?? "openai-compatible";
+	const fetchImpl = options.fetch ?? fetch;
+	return {
+		id,
+		kind: "provider-adapter",
+		capabilities: [{
+			...defaultCapabilityForProvider(id),
+			modelId: options.model,
+			fileTransport: [
+				"inline",
+				"json",
+				"url",
+				"base64",
+				"extracted-text",
+				"transcript"
+			]
+		}],
+		async execute(request) {
+			const init = {
+				method: "POST",
+				headers: {
+					"content-type": "application/json",
+					...options.apiKey !== void 0 ? { authorization: `Bearer ${options.apiKey}` } : {}
+				},
+				body: JSON.stringify({
+					model: options.model,
+					messages: [{
+						role: "user",
+						content: [
+							{
+								type: "text",
+								text: request.task
+							},
+							{
+								type: "text",
+								text: JSON.stringify({ contextPack: request.contextPack === void 0 ? void 0 : {
+									id: request.contextPack.id,
+									tokenBudget: request.contextPack.tokenBudget,
+									estimatedTokens: request.contextPack.estimatedTokens,
+									included: request.contextPack.included,
+									summarized: request.contextPack.summarized,
+									archived: request.contextPack.archived,
+									omitted: request.contextPack.omitted,
+									warnings: request.contextPack.warnings
+								} })
+							},
+							...request.artifacts.map((inputArtifact) => ({
+								type: "text",
+								text: JSON.stringify({
+									artifactId: inputArtifact.id,
+									kind: inputArtifact.kind,
+									mediaType: inputArtifact.mediaType,
+									privacy: inputArtifact.privacy,
+									transport: request.providerPackaging?.artifacts.find((item) => item.artifactId === inputArtifact.id)?.transport ?? request.plan?.providerPackaging?.artifacts.find((item) => item.artifactId === inputArtifact.id)?.transport,
+									value: typeof inputArtifact.value === "string" && inputArtifact.kind !== "url" ? inputArtifact.value : void 0,
+									url: inputArtifact.kind === "url" && typeof inputArtifact.value === "string" ? inputArtifact.value : void 0
+								})
+							}))
+						]
+					}]
+				}),
+				...request.signal !== void 0 ? { signal: request.signal } : {}
+			};
+			const response = await fetchImpl(`${options.baseUrl.replace(/\/$/u, "")}/chat/completions`, init);
+			if (!response.ok) throw new Error(`OpenAI-compatible provider failed with ${response.status}.`);
+			const body = await response.json();
+			const text = String(body.choices?.[0]?.message?.content ?? "");
+			const usage = normalizeUsage(body.usage);
+			const normalizedUsage = normalizeUsageToRunUsage(body.usage, options.pricing);
+			return {
+				rawOutputs: Object.fromEntries(request.outputs.map((name) => [name, text])),
+				...usage !== void 0 ? { usage } : {},
+				normalizedUsage,
+				rawResponse: body
+			};
+		}
+	};
+}
+/**
+* Phase 7 normalization: maps raw provider usage payloads (OpenAI's
+* `prompt_tokens`/`completion_tokens`, the Responses API's
+* `input_tokens`/`output_tokens`, or camelCase variants) to the shared
+* `Usage` shape. When `pricing` is supplied, `costUsd` is computed from
+* the normalized token counts. Otherwise `costUsd` is `null` so consumers
+* can distinguish "unmeasured" from "zero".
+*/
+function normalizeUsageToRunUsage(rawUsage, pricing) {
+	let promptTokens = 0;
+	let completionTokens = 0;
+	if (typeof rawUsage === "object" && rawUsage !== null) {
+		const record = rawUsage;
+		promptTokens = numberField$2(record, "prompt_tokens") ?? numberField$2(record, "input_tokens") ?? numberField$2(record, "inputTokens") ?? 0;
+		completionTokens = numberField$2(record, "completion_tokens") ?? numberField$2(record, "output_tokens") ?? numberField$2(record, "outputTokens") ?? 0;
+	}
+	let costUsd = null;
+	if (pricing !== void 0 && (pricing.inputPer1kTokens !== void 0 || pricing.outputPer1kTokens !== void 0)) costUsd = (pricing.inputPer1kTokens ?? 0) * promptTokens / 1e3 + (pricing.outputPer1kTokens ?? 0) * completionTokens / 1e3;
+	return {
+		promptTokens,
+		completionTokens,
+		costUsd
+	};
+}
+function normalizeUsage(usage) {
+	if (typeof usage !== "object" || usage === null) return;
+	const record = usage;
+	const inputTokens = numberField$2(record, "prompt_tokens") ?? numberField$2(record, "input_tokens");
+	const outputTokens = numberField$2(record, "completion_tokens") ?? numberField$2(record, "output_tokens");
+	const totalTokens = numberField$2(record, "total_tokens");
+	return {
+		...inputTokens !== void 0 ? { inputTokens } : {},
+		...outputTokens !== void 0 ? { outputTokens } : {},
+		...totalTokens !== void 0 ? { totalTokens } : {}
+	};
+}
+function numberField$2(record, key) {
+	const value = record[key];
+	return typeof value === "number" ? value : void 0;
+}
+function createOpenAIProvider(options) {
+	return createOpenAICompatibleProvider({
+		...options,
+		id: options.id ?? "openai",
+		baseUrl: options.baseUrl
+	});
+}
+function createAISdkProvider(options) {
+	const id = options.id ?? "ai-sdk";
+	return {
+		id,
+		kind: "provider-adapter",
+		capabilities: [{
+			...defaultCapabilityForProvider(id),
+			modelId: options.model,
+			toolUse: true,
+			streaming: true
+		}],
+		execute: async (request) => {
+			const response = await options.generate({
+				task: request.task,
+				outputNames: request.outputs
+			});
+			const normalizedUsage = {
+				promptTokens: response.usage?.inputTokens ?? 0,
+				completionTokens: response.usage?.outputTokens ?? 0,
+				costUsd: null
+			};
+			return {
+				...response,
+				normalizedUsage
+			};
+		}
+	};
+}
+//#endregion
+//#region src/providers/anthropic.ts
+const DEFAULT_BASE_URL$1 = "https://api.anthropic.com";
+const DEFAULT_ANTHROPIC_VERSION = "2023-06-01";
+const DEFAULT_MAX_TOKENS = 2e3;
+function createAnthropicProvider(options) {
+	const id = options.id ?? "anthropic";
+	const fetchImpl = options.fetch ?? fetch;
+	const baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL$1).replace(/\/$/u, "");
+	const anthropicVersion = options.anthropicVersion ?? DEFAULT_ANTHROPIC_VERSION;
+	return {
+		id,
+		kind: "provider-adapter",
+		capabilities: [{
+			...defaultCapabilityForProvider(id),
+			modelId: options.model,
+			fileTransport: [
+				"inline",
+				"json",
+				"url",
+				"base64",
+				"extracted-text",
+				"transcript"
+			]
+		}],
+		async execute(request) {
+			const init = {
+				method: "POST",
+				headers: {
+					"content-type": "application/json",
+					"x-api-key": options.apiKey,
+					"anthropic-version": anthropicVersion
+				},
+				body: JSON.stringify({
+					model: options.model,
+					system: "",
+					messages: [{
+						role: "user",
+						content: request.task
+					}],
+					max_tokens: DEFAULT_MAX_TOKENS
+				}),
+				...request.signal !== void 0 ? { signal: request.signal } : {}
+			};
+			const response = await fetchImpl(`${baseUrl}/v1/messages`, init);
+			if (!response.ok) throw new Error(`Anthropic provider failed with ${response.status}.`);
+			const body = await response.json();
+			const text = String(body.content?.[0]?.text ?? "");
+			const usage = normalizeAnthropicUsage(body.usage);
+			const normalizedUsage = normalizeAnthropicUsageToRunUsage(body.usage, options.pricing);
+			return {
+				rawOutputs: Object.fromEntries(request.outputs.map((name) => [name, text])),
+				...usage !== void 0 ? { usage } : {},
+				normalizedUsage,
+				rawResponse: body
+			};
+		}
+	};
+}
+/**
+* Anthropic uses `input_tokens` / `output_tokens` (not OpenAI's
+* `prompt_tokens` / `completion_tokens`). This helper maps to Lattice's
+* `Usage` shape and applies pricing when supplied (Phase 7 pattern).
+*/
+function normalizeAnthropicUsageToRunUsage(rawUsage, pricing) {
+	let promptTokens = 0;
+	let completionTokens = 0;
+	if (typeof rawUsage === "object" && rawUsage !== null) {
+		const record = rawUsage;
+		promptTokens = numberField$1(record, "input_tokens") ?? numberField$1(record, "inputTokens") ?? 0;
+		completionTokens = numberField$1(record, "output_tokens") ?? numberField$1(record, "outputTokens") ?? 0;
+	}
+	let costUsd = null;
+	if (pricing !== void 0 && (pricing.inputPer1kTokens !== void 0 || pricing.outputPer1kTokens !== void 0)) costUsd = (pricing.inputPer1kTokens ?? 0) * promptTokens / 1e3 + (pricing.outputPer1kTokens ?? 0) * completionTokens / 1e3;
+	return {
+		promptTokens,
+		completionTokens,
+		costUsd
+	};
+}
+function normalizeAnthropicUsage(usage) {
+	if (typeof usage !== "object" || usage === null) return;
+	const record = usage;
+	const inputTokens = numberField$1(record, "input_tokens");
+	const outputTokens = numberField$1(record, "output_tokens");
+	const totalTokens = inputTokens !== void 0 && outputTokens !== void 0 ? inputTokens + outputTokens : void 0;
+	return {
+		...inputTokens !== void 0 ? { inputTokens } : {},
+		...outputTokens !== void 0 ? { outputTokens } : {},
+		...totalTokens !== void 0 ? { totalTokens } : {}
+	};
+}
+function numberField$1(record, key) {
+	const value = record[key];
+	return typeof value === "number" ? value : void 0;
+}
+//#endregion
+//#region src/providers/fake.ts
+const DEFAULT_FAKE_USAGE = {
+	promptTokens: 0,
+	completionTokens: 0,
+	costUsd: null
+};
+function createFakeProvider(options = {}) {
+	const id = options.id ?? "fake";
+	const modelId = options.modelId ?? `${id}:deterministic`;
+	const defaultCapability = {
+		...defaultCapabilityForProvider(id),
+		modelId,
+		inputModalities: [
+			"text",
+			"json",
+			"image",
+			"audio",
+			"document",
+			"file",
+			"url",
+			"tool"
+		],
+		outputModalities: ["text", "json"],
+		toolUse: true
+	};
+	return {
+		id,
+		kind: "provider-adapter",
+		capabilities: options.capabilities ?? [defaultCapability],
+		async execute(request) {
+			const baseResponse = typeof options.response === "function" ? await options.response(request) : options.response;
+			if (baseResponse !== void 0) return baseResponse.normalizedUsage !== void 0 ? baseResponse : {
+				...baseResponse,
+				normalizedUsage: { ...DEFAULT_FAKE_USAGE }
+			};
+			return {
+				rawOutputs: Object.fromEntries(request.outputs.map((name) => [name, defaultOutputForName(name)])),
+				...options.artifacts !== void 0 ? { artifactRefs: options.artifacts } : {},
+				normalizedUsage: { ...DEFAULT_FAKE_USAGE }
+			};
+		}
+	};
+}
+function defaultOutputForName(name) {
+	if (/action|json|data|decision/u.test(name)) return {
+		kind: "clarify",
+		reason: "fake provider default structured response"
+	};
+	if (/citations|evidence/u.test(name)) return [];
+	if (/generated|artifacts/u.test(name)) return [];
+	return `Fake response for ${name}.`;
+}
+//#endregion
+//#region src/providers/gemini.ts
+const DEFAULT_BASE_URL = "https://generativelanguage.googleapis.com";
+const DEFAULT_MAX_OUTPUT_TOKENS = 2e3;
+const DEFAULT_TEMPERATURE = .7;
+const DEFAULT_TOP_P = .9;
+/**
+* 4 HARM_CATEGORY entries at BLOCK_NONE (FSB convention mirrored from
+* `extension/ai/universal-provider.js:255-272`). If Google restricts
+* BLOCK_NONE in the future, that is a re-spec concern, not a Phase 4
+* design defect (CONTEXT.md Specific Ideas note).
+*/
+const SAFETY_SETTINGS = [
+	{
+		category: "HARM_CATEGORY_HARASSMENT",
+		threshold: "BLOCK_NONE"
+	},
+	{
+		category: "HARM_CATEGORY_HATE_SPEECH",
+		threshold: "BLOCK_NONE"
+	},
+	{
+		category: "HARM_CATEGORY_SEXUALLY_EXPLICIT",
+		threshold: "BLOCK_NONE"
+	},
+	{
+		category: "HARM_CATEGORY_DANGEROUS_CONTENT",
+		threshold: "BLOCK_NONE"
+	}
+];
+function createGeminiProvider(options) {
+	const id = options.id ?? "gemini";
+	const fetchImpl = options.fetch ?? fetch;
+	const baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/$/u, "");
+	return {
+		id,
+		kind: "provider-adapter",
+		capabilities: [{
+			...defaultCapabilityForProvider(id),
+			modelId: options.model,
+			fileTransport: [
+				"inline",
+				"json",
+				"url",
+				"base64",
+				"extracted-text",
+				"transcript"
+			]
+		}],
+		async execute(request) {
+			const init = {
+				method: "POST",
+				headers: { "content-type": "application/json" },
+				body: JSON.stringify({
+					contents: [{
+						role: "user",
+						parts: [{ text: request.task }]
+					}],
+					generationConfig: {
+						temperature: DEFAULT_TEMPERATURE,
+						topP: DEFAULT_TOP_P,
+						maxOutputTokens: DEFAULT_MAX_OUTPUT_TOKENS
+					},
+					safetySettings: SAFETY_SETTINGS
+				}),
+				...request.signal !== void 0 ? { signal: request.signal } : {}
+			};
+			const response = await fetchImpl(`${baseUrl}/v1beta/models/${encodeURIComponent(options.model)}:generateContent?key=${encodeURIComponent(options.apiKey)}`, init);
+			if (!response.ok) throw new Error(`Gemini provider failed with ${response.status}.`);
+			const body = await response.json();
+			if (!Array.isArray(body.candidates) || body.candidates.length === 0) throw new Error("Gemini provider returned no candidates.");
+			const text = String(body.candidates[0]?.content?.parts?.[0]?.text ?? "");
+			const usage = normalizeGeminiUsage(body.usageMetadata);
+			const normalizedUsage = normalizeGeminiUsageToRunUsage(body.usageMetadata, options.pricing);
+			return {
+				rawOutputs: Object.fromEntries(request.outputs.map((name) => [name, text])),
+				...usage !== void 0 ? { usage } : {},
+				normalizedUsage,
+				rawResponse: body
+			};
+		}
+	};
+}
+/**
+* Gemini uses `usageMetadata.promptTokenCount` / `candidatesTokenCount` /
+* `totalTokenCount` (NOT OpenAI's `prompt_tokens` / `completion_tokens`).
+* This helper maps to Lattice's `Usage` shape and applies pricing when supplied.
+*/
+function normalizeGeminiUsageToRunUsage(rawUsage, pricing) {
+	let promptTokens = 0;
+	let completionTokens = 0;
+	if (typeof rawUsage === "object" && rawUsage !== null) {
+		const record = rawUsage;
+		promptTokens = numberField(record, "promptTokenCount") ?? 0;
+		completionTokens = numberField(record, "candidatesTokenCount") ?? 0;
+	}
+	let costUsd = null;
+	if (pricing !== void 0 && (pricing.inputPer1kTokens !== void 0 || pricing.outputPer1kTokens !== void 0)) costUsd = (pricing.inputPer1kTokens ?? 0) * promptTokens / 1e3 + (pricing.outputPer1kTokens ?? 0) * completionTokens / 1e3;
+	return {
+		promptTokens,
+		completionTokens,
+		costUsd
+	};
+}
+function normalizeGeminiUsage(usage) {
+	if (typeof usage !== "object" || usage === null) return;
+	const record = usage;
+	const inputTokens = numberField(record, "promptTokenCount");
+	const outputTokens = numberField(record, "candidatesTokenCount");
+	const totalTokens = numberField(record, "totalTokenCount");
+	return {
+		...inputTokens !== void 0 ? { inputTokens } : {},
+		...outputTokens !== void 0 ? { outputTokens } : {},
+		...totalTokens !== void 0 ? { totalTokens } : {}
+	};
+}
+function numberField(record, key) {
+	const value = record[key];
+	return typeof value === "number" ? value : void 0;
+}
+//#endregion
+//#region src/providers/lm-studio.ts
+const DEFAULT_LM_STUDIO_BASE_URL = "http://localhost:1234/v1";
+function createLmStudioProvider(options) {
+	return createOpenAICompatibleProvider({
+		...options,
+		id: options.id ?? "lm-studio",
+		baseUrl: options.baseUrl ?? DEFAULT_LM_STUDIO_BASE_URL
+	});
+}
+//#endregion
+//#region src/providers/openrouter.ts
+const DEFAULT_OPENROUTER_BASE_URL = "https://openrouter.ai/api/v1";
+function createOpenRouterProvider(options) {
+	return createOpenAICompatibleProvider({
+		...options,
+		id: options.id ?? "openrouter",
+		baseUrl: options.baseUrl ?? DEFAULT_OPENROUTER_BASE_URL
+	});
+}
+//#endregion
+//#region src/providers/xai.ts
+const DEFAULT_XAI_BASE_URL = "https://api.x.ai/v1";
+function createXaiProvider(options) {
+	const inner = createOpenAICompatibleProvider({
+		...options,
+		id: options.id ?? "xai",
+		baseUrl: options.baseUrl ?? DEFAULT_XAI_BASE_URL
+	});
+	const innerExecute = inner.execute;
+	if (innerExecute === void 0) return inner;
+	return {
+		...inner,
+		async execute(request) {
+			const response = await innerExecute(request);
+			const reasoningTokens = response.rawResponse?.usage?.completion_tokens_details?.reasoning_tokens;
+			if (typeof reasoningTokens === "number" && response.usage !== void 0) {
+				const inputTokens = response.usage.inputTokens ?? 0;
+				const outputTokens = response.usage.outputTokens ?? 0;
+				return {
+					...response,
+					usage: {
+						...response.usage,
+						totalTokens: inputTokens + outputTokens + reasoningTokens
+					}
+				};
+			}
+			return response;
+		}
+	};
+}
+//#endregion
+//#region src/plan/plan.ts
+function createExecutionPlan(input) {
+	const selected = input.route.selected;
+	const status = selected === void 0 ? "no-route" : "planned";
+	const contextWarnings = input.context?.warnings ?? [];
+	const packagingWarnings = input.providerPackaging?.warnings ?? [];
+	const warnings = [
+		...input.warnings ?? [],
+		...contextWarnings,
+		...packagingWarnings,
+		...input.route.noRouteReasons.map((reason) => reason.message)
+	];
+	return {
+		id: createPlanId(),
+		kind: "execution-plan",
+		version: 1,
+		createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+		status,
+		task: input.task,
+		outputNames: Object.keys(input.outputs),
+		artifactRefs: input.artifacts,
+		route: input.route,
+		stages: createDefaultStages(status, input.artifacts, warnings),
+		...input.context !== void 0 ? { context: input.context } : {},
+		...input.providerPackaging !== void 0 ? { providerPackaging: input.providerPackaging } : {},
+		attempts: selected === void 0 ? [] : [{
+			providerId: selected.providerId,
+			modelId: selected.modelId,
+			status: "pending"
+		}],
+		warnings,
+		...input.metadata !== void 0 ? { metadata: input.metadata } : {}
+	};
+}
+function withPlanStatus(plan, status, updates = {}) {
+	return {
+		...plan,
+		status,
+		...updates.stages !== void 0 ? { stages: updates.stages } : {},
+		...updates.attempts !== void 0 ? { attempts: updates.attempts } : {},
+		...updates.warnings !== void 0 ? { warnings: updates.warnings } : {}
+	};
+}
+function markStage(stages, kind, status, metadata) {
+	return stages.map((stage) => stage.kind === kind ? {
+		...stage,
+		status,
+		...metadata !== void 0 ? { metadata: {
+			...stage.metadata,
+			...metadata
+		} } : {}
+	} : stage);
+}
+function createDefaultStages(status, artifacts, warnings) {
+	const skipped = status === "no-route";
+	const artifactIds = artifacts.map((artifact) => artifact.id);
+	return [
+		{
+			id: "stage:analysis",
+			kind: "analysis",
+			status: "completed",
+			inputArtifacts: artifactIds,
+			warnings: []
+		},
+		{
+			id: "stage:transforms",
+			kind: "transforms",
+			status: "pending",
+			inputArtifacts: artifactIds,
+			warnings: []
+		},
+		{
+			id: "stage:context-packing",
+			kind: "context-packing",
+			status: "completed",
+			inputArtifacts: artifactIds,
+			warnings: []
+		},
+		{
+			id: "stage:provider-packaging",
+			kind: "provider-packaging",
+			status: skipped ? "skipped" : "completed",
+			inputArtifacts: artifactIds,
+			warnings
+		},
+		{
+			id: "stage:tool-execution",
+			kind: "tool-execution",
+			status: "pending",
+			warnings: []
+		},
+		{
+			id: "stage:execution",
+			kind: "execution",
+			status: skipped ? "skipped" : "pending",
+			warnings: skipped ? warnings : []
+		},
+		{
+			id: "stage:validation",
+			kind: "validation",
+			status: skipped ? "skipped" : "pending",
+			warnings: []
+		},
+		{
+			id: "stage:tripwire",
+			kind: "tripwire",
+			status: skipped ? "skipped" : "pending",
+			warnings: []
+		},
+		{
+			id: "stage:persistence",
+			kind: "persistence",
+			status: "pending",
+			warnings: []
+		}
+	];
+}
+function createPlanId() {
+	if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") return `plan:${crypto.randomUUID()}`;
+	return `plan:${Date.now()}:${Math.random().toString(16).slice(2)}`;
+}
+//#endregion
+//#region src/version.ts
+const latticeVersion = "0.0.0";
+//#endregion
+//#region src/replay/materialize.ts
+function asMaterializationError(value) {
+	return typeof value === "object" && value !== null && typeof value.kind === "string" && typeof value.message === "string";
+}
+/** Throwable shape — `instanceof Error` is not required for typed unions, so
+*  the function just throws a plain object literal that matches the
+*  `MaterializationError` shape. Callers pattern-match on `err.kind`. */
+function fail(kind, message) {
+	return {
+		kind,
+		message
+	};
+}
+/**
+* Pure async function that reconstructs a `ReplayEnvelope` from a receipt.
+*
+* Verify-FIRST ordering: `verifyReceipt` runs before `artifactLoader` is
+* touched. Tampered receipts MUST NOT cause loader side effects.
+*/
+async function materializeReplayEnvelope(receipt, options) {
+	const verifyResult = await verifyReceipt(receipt, options.keySet);
+	if (!verifyResult.ok) throw fail(verifyResult.error.kind === "envelope-malformed" ? "envelope-malformed" : "verify-failed", verifyResult.error.message);
+	const body = verifyResult.body;
+	const loadedInputs = [];
+	for (const hash of body.inputHashes) {
+		if (hash === "") continue;
+		try {
+			const input = await options.artifactLoader(hash);
+			loadedInputs.push(input);
+		} catch (error) {
+			throw fail("artifact-load-failed", error instanceof Error ? error.message : asMaterializationError(error) ? error.message : String(error));
+		}
+	}
+	const artifactRefs = loadedInputs.map(toArtifactRef);
+	const outputsMap = options.outputs !== void 0 ? Object.fromEntries(Object.keys(options.outputs).map((k) => [k, "text"])) : {};
+	const plan = createExecutionPlan({
+		task: options.task ?? "",
+		artifacts: artifactRefs,
+		outputs: outputsMap,
+		route: {
+			catalogVersion: "materialized",
+			selected: {
+				providerId: body.route.providerId,
+				modelId: body.route.capabilityId,
+				score: 0,
+				estimates: {
+					inputTokens: 0,
+					outputTokens: 0
+				},
+				inputModalities: [],
+				outputModalities: [],
+				fileTransport: []
+			},
+			candidates: [],
+			rejected: [],
+			fallbackChain: [],
+			noRouteReasons: []
+		},
+		warnings: [],
+		metadata: {
+			materialized: true,
+			receiptId: body.receiptId,
+			runId: body.runId,
+			contractVerdict: body.contractVerdict,
+			...options.policy !== void 0 ? { policy: { ...options.policy } } : {}
+		}
+	});
+	const usage = {
+		inputTokens: body.usage.promptTokens,
+		outputTokens: body.usage.completionTokens,
+		...body.usage.costUsd !== null ? { costUsd: Number(body.usage.costUsd) } : {}
+	};
+	return {
+		kind: "replay-envelope",
+		version: 1,
+		runtimeVersion: latticeVersion,
+		catalogVersion: "materialized",
+		createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+		plan,
+		artifacts: artifactRefs,
+		...options.outputs !== void 0 ? { outputs: options.outputs } : {},
+		warnings: [],
+		errors: [],
+		usage,
+		events: [],
+		receipt,
+		...options.contract !== void 0 ? { contract: options.contract } : {}
+	};
+}
+//#endregion
+//#region src/replay/replay.ts
+function createReplayEnvelope(result) {
+	if (result.plan.kind !== "execution-plan") throw new Error("Replay envelopes require an execution plan.");
+	const usage = result.plan.attempts.at(-1)?.usage;
+	return {
+		kind: "replay-envelope",
+		version: 1,
+		runtimeVersion: latticeVersion,
+		catalogVersion: result.plan.route.catalogVersion,
+		createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+		plan: redactPlan(result.plan),
+		artifacts: result.ok ? result.artifacts : result.plan.artifactRefs,
+		...result.ok ? { outputs: result.outputs } : {},
+		warnings: result.plan.warnings,
+		errors: result.ok ? [] : [result.error.message],
+		...usage !== void 0 ? { usage } : {},
+		events: result.events ?? []
+	};
+}
+async function replayOffline(envelope) {
+	const replayedUsage = envelopeUsage(envelope);
+	if (envelope.outputs === void 0) return {
+		ok: false,
+		error: {
+			kind: "execution_unavailable",
+			message: "Replay envelope does not contain successful outputs."
+		},
+		usage: replayedUsage,
+		plan: envelope.plan,
+		events: envelope.events
+	};
+	return {
+		ok: true,
+		outputs: envelope.outputs,
+		artifacts: envelope.artifacts,
+		usage: replayedUsage,
+		plan: envelope.plan,
+		events: envelope.events
+	};
+}
+function envelopeUsage(envelope) {
+	if (envelope.usage === void 0) return {
+		promptTokens: 0,
+		completionTokens: 0,
+		costUsd: null
+	};
+	return {
+		promptTokens: envelope.usage.inputTokens ?? 0,
+		completionTokens: envelope.usage.outputTokens ?? 0,
+		costUsd: envelope.usage.costUsd ?? null
+	};
+}
+async function rerunLive(ai, envelope, intent) {
+	const result = await ai.run(intent);
+	if (result.plan.kind === "execution-plan") return {
+		...result,
+		plan: {
+			...result.plan,
+			warnings: [...result.plan.warnings, `Live rerun of ${envelope.plan.id}: provider behavior, model versions, cost, and latency may differ.`]
+		}
+	};
+	return result;
+}
+function redactReplayEnvelope(envelope) {
+	return {
+		...envelope,
+		plan: redactPlan(envelope.plan),
+		artifacts: envelope.artifacts.map(redactArtifactRef),
+		events: envelope.events.map((event) => {
+			const metadata = redactRecord(event.metadata);
+			return {
+				...event,
+				...metadata !== void 0 ? { metadata } : {}
+			};
+		})
+	};
+}
+function redactPlan(plan) {
+	return {
+		...plan,
+		task: redactText(plan.task),
+		artifactRefs: plan.artifactRefs.map(redactArtifactRef),
+		...plan.providerPackaging !== void 0 ? { providerPackaging: {
+			...plan.providerPackaging,
+			artifacts: plan.providerPackaging.artifacts.map((item) => ({
+				...item,
+				warnings: item.warnings.map(redactText)
+			})),
+			warnings: plan.providerPackaging.warnings.map(redactText)
+		} } : {},
+		warnings: plan.warnings.map(redactText)
+	};
+}
+function redactArtifactRef(ref) {
+	const redactedMetadata = redactRecord(ref.metadata);
+	return {
+		...ref,
+		...redactedMetadata !== void 0 ? { metadata: redactedMetadata } : {},
+		...ref.source === "url" ? { metadata: {
+			...redactedMetadata,
+			redactedSource: "url"
+		} } : {}
+	};
+}
+function redactRecord(record) {
+	if (record === void 0) return;
+	return Object.fromEntries(Object.entries(record).map(([key, value]) => [key, shouldRedactKey(key) ? "[redacted]" : redactValue(value)]));
+}
+function redactValue(value) {
+	if (typeof value === "string") return redactText(value);
+	if (Array.isArray(value)) return value.map(redactValue);
+	if (typeof value === "object" && value !== null) return redactRecord(value);
+	return value;
+}
+function redactText(value) {
+	return value.replace(/Bearer\s+[A-Za-z0-9._-]+/gu, "Bearer [redacted]").replace(/https?:\/\/[^\s)]+/gu, "[redacted-url]").replace(/[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}/gu, "[redacted-email]");
+}
+function shouldRedactKey(key) {
+	return /api.?key|authorization|token|secret|password|credential|signed.?url|raw|body|transcript/iu.test(key);
+}
+//#endregion
+//#region src/agent/infra/cost-tracker.ts
+const WARNING_THRESHOLD = .8;
+function createCostTracker() {
+	let promptTokens = 0;
+	let completionTokens = 0;
+	let costUsd = null;
+	return {
+		kind: "cost-tracker",
+		recordIteration(usage) {
+			promptTokens += usage.promptTokens;
+			completionTokens += usage.completionTokens;
+			if (usage.costUsd !== null) costUsd = (costUsd ?? 0) + usage.costUsd;
+		},
+		total() {
+			return {
+				promptTokens,
+				completionTokens,
+				costUsd
+			};
+		},
+		budgetStatus(budget) {
+			const max = budget?.maxCostUsd;
+			if (max === void 0 || costUsd === null) return "ok";
+			if (costUsd >= max) return "exceeded";
+			if (costUsd >= max * WARNING_THRESHOLD) return "warning";
+			return "ok";
+		}
+	};
+}
+//#endregion
+//#region src/agent/infra/transcript-store.ts
+const DEFAULT_TOKEN_ESTIMATOR = (text) => Math.ceil(text.length / 4);
+function createTranscriptStore() {
+	const turns = [];
+	function firstUserTurn() {
+		for (const turn of turns) if (turn.role === "user") return turn;
+		return null;
+	}
+	return {
+		kind: "transcript-store",
+		append(turn) {
+			turns.push(turn);
+		},
+		all() {
+			return Object.freeze([...turns]);
+		},
+		tail(limit) {
+			if (limit <= 0) return Object.freeze([]);
+			if (turns.length <= limit) return Object.freeze([...turns]);
+			const start = turns.length - limit;
+			const tail = turns.slice(start);
+			const first = firstUserTurn();
+			if (first === null || tail.includes(first)) return Object.freeze(tail);
+			return Object.freeze([first, ...tail]);
+		},
+		tailByTokens(maxTokens, estimator = DEFAULT_TOKEN_ESTIMATOR) {
+			if (maxTokens <= 0) return Object.freeze([]);
+			const reversed = [...turns].reverse();
+			const selected = [];
+			let used = 0;
+			for (const turn of reversed) {
+				const cost = estimator(turn.content);
+				if (used + cost > maxTokens) break;
+				selected.unshift(turn);
+				used += cost;
+			}
+			const first = firstUserTurn();
+			if (first !== null && !selected.includes(first)) selected.unshift(first);
+			return Object.freeze(selected);
+		}
+	};
+}
+//#endregion
+//#region src/agent/infra/goal-progress.ts
+function createGoalProgressTracker(options = {}) {
+	const windowSize = options.windowSize ?? 3;
+	const stallThreshold = options.stallThreshold ?? .02;
+	const regressionThreshold = options.regressionThreshold ?? .1;
+	const steps = [];
+	return {
+		kind: "goal-progress-tracker",
+		recordStep(step) {
+			steps.push(step);
+		},
+		status() {
+			if (steps.length < windowSize) return "progressing";
+			const window = steps.slice(-windowSize);
+			const latest = window[window.length - 1];
+			const earlierMax = steps.slice(0, -1).reduce((m, s) => s.goalSatisfaction > m ? s.goalSatisfaction : m, -Infinity);
+			if (latest.goalSatisfaction < earlierMax - regressionThreshold) return "regressed";
+			const min = window.reduce((m, s) => s.goalSatisfaction < m ? s.goalSatisfaction : m, Infinity);
+			if (window.reduce((m, s) => s.goalSatisfaction > m ? s.goalSatisfaction : m, -Infinity) - min <= stallThreshold) return "stalled";
+			return "progressing";
+		}
+	};
+}
+//#endregion
+//#region src/agent/infra/action-history.ts
+/**
+* ActionHistory — Phase 21 (v1.2).
+*
+* Detects stuck patterns in the agent loop's tool-call sequence:
+*   - "consecutive-identical-tool-call" — same (toolName, argsHash) N+ times in a row
+*   - "ping-pong" — last 4 records alternate between 2 distinct (toolName, argsHash) pairs
+*   - "no-progress" — reserved for callers wiring goal-progress feedback here
+*
+* Standalone (no dependency on the agent runtime); callers register the
+* primitive externally and pump `recordAction` from their loop or hook.
+*/
+const STUCK_REASONS = [
+	"consecutive-identical-tool-call",
+	"no-progress",
+	"ping-pong"
+];
+function actionKey(record) {
+	return `${record.toolName}::${record.argsHash}`;
+}
+function createActionHistory(options = {}) {
+	const consecutiveLimit = options.consecutiveLimit ?? 3;
+	const records = [];
+	return {
+		kind: "action-history",
+		recordAction(action) {
+			records.push(action);
+			if (records.length >= consecutiveLimit) {
+				const tail = records.slice(-consecutiveLimit);
+				const firstKey = actionKey(tail[0]);
+				if (tail.every((r) => actionKey(r) === firstKey)) return "consecutive-identical-tool-call";
+			}
+			if (records.length >= 4) {
+				const keys = records.slice(-4).map(actionKey);
+				if (Array.from(new Set(keys)).length === 2 && keys[0] === keys[2] && keys[1] === keys[3] && keys[0] !== keys[1]) return "ping-pong";
+			}
+			return null;
+		},
+		history() {
+			return Object.freeze([...records]);
+		}
+	};
+}
+//#endregion
+//#region src/agent/infra/permission-context.ts
+/**
+* PermissionContext — Phase 21 (v1.2).
+*
+* Gates tool execution per-tool / per-iteration / per-resource. Includes
+* a SAFETY-band hook helper that wires the context into the agent loop's
+* BEFORE_TOOL pipeline via the Phase 19 `controls.deny(reason)` veto.
+*/
+function matches(matcher, value) {
+	if (matcher === void 0) return true;
+	if (value === void 0) return false;
+	if (typeof matcher === "string") return matcher === value;
+	return matcher.test(value);
+}
+function createPermissionContext(rules) {
+	return {
+		kind: "permission-context",
+		decide(input) {
+			for (const rule of rules) {
+				if (!matches(rule.toolName, input.toolName)) continue;
+				if (rule.resource !== void 0 && !matches(rule.resource, input.resource)) continue;
+				if (rule.verdict === "allow") return { allow: true };
+				return {
+					allow: false,
+					reason: rule.reason ?? `denied by permission rule for ${input.toolName}`
+				};
+			}
+			return { allow: true };
+		}
+	};
+}
+function createPermissionGuardHook(context) {
+	return (ctx, controls) => {
+		const verdict = context.decide({
+			iterationIndex: ctx.iterationIndex,
+			toolName: ctx.toolName,
+			...ctx.resource !== void 0 ? { resource: ctx.resource } : {},
+			...ctx.args !== void 0 ? { args: ctx.args } : {}
+		});
+		if (!verdict.allow) controls?.deny(verdict.reason);
+	};
+}
+/**
+* Convenience: returns RegisterOptions for the SAFETY-band registration.
+* Callers do `pipeline.register("BEFORE_TOOL", hook, permissionGuardRegisterOptions())`.
+*/
+function permissionGuardRegisterOptions() {
+	return { band: BAND.SAFETY };
+}
+//#endregion
+//#region src/agent/eval.ts
+function evalAgentRun(baseline, current, options = {}) {
+	const iterLimit = options.iterationsToGoalRegressionLimit ?? 1;
+	const costLimit = options.costUsdRegressionLimit ?? .1;
+	const regressions = [];
+	const iterDelta = current.iterationsToGoal - baseline.iterationsToGoal;
+	if (iterDelta > iterLimit) regressions.push({
+		kind: "iterations-to-goal",
+		baseline: baseline.iterationsToGoal,
+		current: current.iterationsToGoal,
+		limit: iterLimit,
+		message: `Iterations-to-goal ${current.iterationsToGoal} exceeds baseline ${baseline.iterationsToGoal} by ${iterDelta} (limit: ${iterLimit}).`
+	});
+	const bCost = baseline.usage.costUsd;
+	const cCost = current.usage.costUsd;
+	if (bCost === null && cCost === null) {} else if (bCost === null || cCost === null) regressions.push({
+		kind: "mixed-cost-unknown",
+		baseline: bCost,
+		current: cCost,
+		limit: costLimit,
+		message: `Cost mixed: baseline=${bCost} current=${cCost}; cannot compare regression.`
+	});
+	else if (bCost > 0) {
+		const ratio = (cCost - bCost) / bCost;
+		if (ratio > costLimit) regressions.push({
+			kind: "cost-regression",
+			baseline: bCost,
+			current: cCost,
+			limit: costLimit,
+			message: `Cost regression: $${cCost.toFixed(6)} vs baseline $${bCost.toFixed(6)} (+${(ratio * 100).toFixed(1)}%; limit ${(costLimit * 100).toFixed(1)}%).`
+		});
+	} else if (bCost === 0 && cCost > 0) regressions.push({
+		kind: "cost-regression",
+		baseline: bCost,
+		current: cCost,
+		limit: costLimit,
+		message: `Cost regression: baseline was $0; current $${cCost.toFixed(6)}.`
+	});
+	return {
+		ok: regressions.length === 0,
+		regressions: Object.freeze(regressions)
+	};
+}
+//#endregion
+//#region src/context/context-pack.ts
+function buildContextPack(input) {
+	const routeBudget = input.route?.estimates.inputTokens ?? input.route?.inputModalities.length ?? 0;
+	const tokenBudget = input.tokenBudget ?? Math.max(512, Math.min(input.route?.estimates.inputTokens ?? 4e3, 16e3));
+	const remainingBudget = Math.max(512, tokenBudget - estimateTokens(input.task) - routeBudget);
+	const included = [];
+	const summarized = [];
+	const archived = [];
+	const omitted = [];
+	const warnings = [];
+	let usedTokens = 0;
+	for (const artifact of input.artifacts) {
+		const artifactTokens = estimateArtifactTokens(artifact);
+		const item = {
+			artifactId: artifact.id,
+			reason: "Run artifact included for provider consideration.",
+			estimatedTokens: artifactTokens,
+			trust: trustForArtifact(artifact)
+		};
+		if (usedTokens + artifactTokens <= remainingBudget) {
+			included.push(item);
+			usedTokens += artifactTokens;
+			continue;
+		}
+		if (artifact.kind === "text" || artifact.kind === "document" || artifact.kind === "json") {
+			summarized.push({
+				...item,
+				reason: "Artifact exceeded live context budget and needs summary packaging."
+			});
+			usedTokens += Math.min(artifactTokens, 256);
+			continue;
+		}
+		omitted.push({
+			...item,
+			reason: "Artifact exceeded context budget and cannot be summarized by the default packer."
+		});
+		warnings.push(`Artifact ${artifact.id} omitted from live context budget.`);
+	}
+	for (const turn of input.session?.turns ?? []) {
+		const turnTokens = estimateTokens(turn.task);
+		const item = {
+			sessionTurnId: turn.id,
+			reason: "Prior session turn retained for continuity.",
+			estimatedTokens: turnTokens,
+			trust: "user"
+		};
+		if (usedTokens + turnTokens <= remainingBudget) {
+			included.push(item);
+			usedTokens += turnTokens;
+		} else archived.push({
+			...item,
+			reason: "Prior session turn archived because the run budget was exhausted."
+		});
+	}
+	return {
+		id: createContextPackId(),
+		kind: "context-pack",
+		tokenBudget,
+		estimatedTokens: usedTokens,
+		included,
+		summarized,
+		archived,
+		omitted,
+		warnings
+	};
+}
+function estimateArtifactTokens(artifact) {
+	if (artifact.size?.characters !== void 0) return estimateTokensFromCharacters(artifact.size.characters);
+	if (artifact.size?.bytes !== void 0) return estimateTokensFromCharacters(Math.ceil(artifact.size.bytes / 2));
+	if ("value" in artifact && typeof artifact.value === "string") return estimateTokens(artifact.value);
+	if ("value" in artifact && artifact.value !== void 0) {
+		const serialized = JSON.stringify(artifact.value);
+		return serialized === void 0 ? 64 : estimateTokens(serialized);
+	}
+	return 64;
+}
+function estimateTokens(value) {
+	return Math.max(1, estimateTokensFromCharacters(value.length));
+}
+function estimateTokensFromCharacters(characters) {
+	return Math.ceil(characters / 4);
+}
+function trustForArtifact(artifact) {
+	if (artifact.source === "tool") return "tool";
+	if (artifact.source === "generated") return "model-summary";
+	return "user";
+}
+function createContextPackId() {
+	if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") return `context-pack:${crypto.randomUUID()}`;
+	return `context-pack:${Date.now()}:${Math.random().toString(16).slice(2)}`;
+}
+//#endregion
+//#region src/policy/policy.ts
+function mergePolicy(defaultPolicy, runPolicy) {
+	if (defaultPolicy === void 0 && runPolicy === void 0) return;
+	return {
+		...defaultPolicy,
+		...runPolicy
+	};
+}
+//#endregion
+//#region src/providers/packaging.ts
+function packageArtifactsForProvider(input) {
+	const route = input.route;
+	if (route === void 0) return {
+		plan: {
+			providerId: "none",
+			modelId: "none",
+			artifacts: [],
+			warnings: ["No selected route; provider packaging skipped."]
+		},
+		packagedArtifacts: [],
+		blocked: []
+	};
+	const packaged = [];
+	const packagedArtifacts = [];
+	const warnings = [];
+	const blocked = [];
+	for (const inputArtifact of input.artifacts) {
+		const choice = chooseTransport(inputArtifact, route.fileTransport, input.policy);
+		if (choice.blocked !== void 0) {
+			blocked.push(choice.blocked);
+			warnings.push(choice.blocked);
+			continue;
+		}
+		packaged.push({
+			artifactId: inputArtifact.id,
+			transport: choice.transport,
+			...inputArtifact.mediaType !== void 0 ? { mediaType: inputArtifact.mediaType } : {},
+			lineageTransform: "provider-packaging",
+			warnings: choice.warnings
+		});
+		packagedArtifacts.push(toArtifactRef(artifact.derive({
+			id: `${inputArtifact.id}:packaged:${route.providerId}:${route.modelId}`,
+			kind: inputArtifact.kind,
+			source: choice.transport === "provider-upload" ? "provider-upload" : "generated",
+			parents: [inputArtifact],
+			transform: {
+				kind: "provider-packaging",
+				name: `${route.providerId}:${choice.transport}`,
+				metadata: {
+					providerId: route.providerId,
+					modelId: route.modelId,
+					transport: choice.transport
+				}
+			},
+			metadata: {
+				providerId: route.providerId,
+				modelId: route.modelId,
+				transport: choice.transport
+			},
+			...inputArtifact.mediaType !== void 0 ? { mediaType: inputArtifact.mediaType } : {},
+			privacy: inputArtifact.privacy
+		})));
+	}
+	return {
+		plan: {
+			providerId: route.providerId,
+			modelId: route.modelId,
+			artifacts: packaged,
+			warnings
+		},
+		packagedArtifacts,
+		blocked
+	};
+}
+function chooseTransport(inputArtifact, supported, policy) {
+	const warnings = [];
+	const preferred = preferredTransports(inputArtifact);
+	for (const transport of preferred) {
+		if (!supported.includes(transport)) continue;
+		if (policy?.noUpload === true && transport === "provider-upload") continue;
+		if (policy?.noPublicUrl === true && transport === "url") continue;
+		if (inputArtifact.privacy === "restricted" && (transport === "provider-upload" || transport === "url" || transport === "base64")) continue;
+		if (transport === "base64") warnings.push(`Artifact ${inputArtifact.id} will be encoded as base64.`);
+		return {
+			transport,
+			warnings
+		};
+	}
+	return {
+		transport: "inline",
+		warnings,
+		blocked: `No policy-safe transport for artifact ${inputArtifact.id}.`
+	};
+}
+function preferredTransports(inputArtifact) {
+	switch (inputArtifact.kind) {
+		case "text": return ["inline", "extracted-text"];
+		case "json":
+		case "tool-result": return ["json", "inline"];
+		case "url": return ["url", "inline"];
+		case "document": return [
+			"extracted-text",
+			"provider-upload",
+			"base64",
+			"url"
+		];
+		case "audio": return [
+			"transcript",
+			"provider-upload",
+			"base64",
+			"url"
+		];
+		case "image":
+		case "file":
+		case "video": return [
+			"provider-upload",
+			"base64",
+			"url"
+		];
+	}
+}
+//#endregion
+//#region src/routing/router.ts
+function routeDeterministically(catalog, request) {
+	const requiredInputs = requiredInputModalities(request.artifacts);
+	const requiredOutputs = requiredOutputModalities(request.outputs);
+	const requiresStructuredOutput = outputRequiresStructuredOutput(request.outputs);
+	const estimatedInputTokens = estimateTokens(request.task) + request.artifacts.reduce((total, artifact) => total + estimateArtifactTokens(artifact), 0);
+	const candidates = catalog.models.map((capability, index) => evaluateCapability(capability, {
+		requiredInputs,
+		requiredOutputs,
+		requiresStructuredOutput,
+		estimatedInputTokens,
+		...request.policy !== void 0 ? { policy: request.policy } : {},
+		...request.provider !== void 0 ? { provider: request.provider } : {},
+		...request.model !== void 0 ? { model: request.model } : {},
+		...request.contract !== void 0 ? { contract: request.contract } : {},
+		index
+	})).sort(compareCandidates);
+	const accepted = candidates.filter((candidate) => candidate.accepted);
+	const selected = accepted[0];
+	return {
+		catalogVersion: catalog.version,
+		...selected !== void 0 ? { selected: {
+			providerId: selected.providerId,
+			modelId: selected.modelId,
+			score: selected.score,
+			estimates: selected.estimates,
+			inputModalities: selected.capability.inputModalities,
+			outputModalities: selected.capability.outputModalities,
+			fileTransport: selected.capability.fileTransport
+		} } : {},
+		candidates,
+		rejected: candidates.filter((candidate) => !candidate.accepted),
+		fallbackChain: accepted.slice(1).map((candidate) => ({
+			providerId: candidate.providerId,
+			modelId: candidate.modelId,
+			score: candidate.score,
+			reason: "policy-preserving-fallback"
+		})),
+		noRouteReasons: selected === void 0 ? summarizeNoRouteReasons(candidates) : []
+	};
+}
+function evaluateCapability(capability, input) {
+	const reasons = [];
+	if (capability.available === false) reasons.push({
+		code: "provider-unavailable",
+		message: `${capability.providerId}/${capability.modelId} is not available.`
+	});
+	if (input.provider !== void 0 && capability.providerId !== input.provider) reasons.push({
+		code: "provider-forced-mismatch",
+		message: `Provider override requires ${input.provider}.`
+	});
+	if (input.model !== void 0 && capability.modelId !== input.model) reasons.push({
+		code: "model-forced-mismatch",
+		message: `Model override requires ${input.model}.`
+	});
+	for (const modality of input.requiredInputs) if (!capability.inputModalities.includes(modality)) reasons.push({
+		code: "input-modality-unsupported",
+		message: `${capability.modelId} does not support ${modality} input.`
+	});
+	for (const modality of input.requiredOutputs) if (!capability.outputModalities.includes(modality)) reasons.push({
+		code: "output-modality-unsupported",
+		message: `${capability.modelId} does not support ${modality} output.`
+	});
+	if (input.requiresStructuredOutput && !capability.structuredOutput) reasons.push({
+		code: "structured-output-unsupported",
+		message: `${capability.modelId} does not support structured output contracts.`
+	});
+	if (input.estimatedInputTokens > capability.contextWindow) reasons.push({
+		code: "context-window-exceeded",
+		message: `Estimated input ${input.estimatedInputTokens} tokens exceeds ${capability.contextWindow}.`
+	});
+	const estimates = estimateRoute(capability, input.estimatedInputTokens);
+	addPolicyRejectReasons(reasons, capability, estimates, input.policy);
+	const contractResult = evaluateContractAgainstRoute(input.contract, {
+		capability,
+		estimatedInputTokens: input.estimatedInputTokens,
+		estimatedOutputTokens: estimates.outputTokens
+	});
+	for (const reason of contractResult.reasons) reasons.push(reason);
+	const score = scoreCapability(capability, estimates, input.index);
+	return {
+		providerId: capability.providerId,
+		modelId: capability.modelId,
+		capability,
+		score,
+		accepted: reasons.length === 0,
+		reasons,
+		estimates
+	};
+}
+function addPolicyRejectReasons(reasons, capability, estimates, policy) {
+	if (policy === void 0) return;
+	if (policy.providerAllowList !== void 0 && !policy.providerAllowList.includes(capability.providerId)) reasons.push({
+		code: "provider-not-allowed",
+		message: `${capability.providerId} is not in the provider allow list.`
+	});
+	if (policy.providerDenyList?.includes(capability.providerId) === true) reasons.push({
+		code: "provider-denied",
+		message: `${capability.providerId} is in the provider deny list.`
+	});
+	if (policy.privacy !== void 0 && !capability.dataPolicy.privacy.includes(policy.privacy)) reasons.push({
+		code: "privacy-unsupported",
+		message: `${capability.modelId} does not satisfy ${policy.privacy} privacy.`
+	});
+	if (policy.noLogging === true && capability.dataPolicy.supportsNoLogging !== true) reasons.push({
+		code: "no-logging-unsupported",
+		message: `${capability.modelId} cannot satisfy noLogging.`
+	});
+	if (policy.noUpload === true && capability.fileTransport.length > 0 && capability.fileTransport.every((transport) => transport === "provider-upload")) reasons.push({
+		code: "no-upload-violated",
+		message: `${capability.modelId} requires an upload transport disallowed by policy.`
+	});
+	if (policy.latency !== void 0 && capability.latency !== policy.latency) reasons.push({
+		code: "latency-class-mismatch",
+		message: `${capability.modelId} latency class is ${capability.latency}, not ${policy.latency}.`
+	});
+	if (policy.maxCostUsd !== void 0 && estimates.costUsd !== void 0 && estimates.costUsd > policy.maxCostUsd) reasons.push({
+		code: "budget-exceeded",
+		message: `${capability.modelId} estimated cost ${estimates.costUsd} exceeds maxCostUsd ${policy.maxCostUsd}.`
+	});
+}
+function estimateRoute(capability, inputTokens) {
+	const outputTokens = 512;
+	const inputCost = capability.pricing?.inputCostPer1M === void 0 ? void 0 : inputTokens / 1e6 * capability.pricing.inputCostPer1M;
+	const outputCost = capability.pricing?.outputCostPer1M === void 0 ? void 0 : outputTokens / 1e6 * capability.pricing.outputCostPer1M;
+	return {
+		inputTokens,
+		outputTokens,
+		...inputCost !== void 0 || outputCost !== void 0 ? { costUsd: (inputCost ?? 0) + (outputCost ?? 0) } : {},
+		latencyMs: capability.latency === "interactive" ? 1e3 : 1e4
+	};
+}
+function scoreCapability(capability, estimates, index) {
+	const costScore = Math.round((estimates.costUsd ?? 0) * 1e6);
+	const latencyScore = capability.latency === "interactive" ? 0 : 1e5;
+	const contextHeadroom = Math.max(0, capability.contextWindow - estimates.inputTokens);
+	const contextScore = Math.max(0, 1e4 - Math.min(contextHeadroom, 1e4));
+	return costScore + latencyScore + contextScore + index;
+}
+function compareCandidates(left, right) {
+	if (left.accepted !== right.accepted) return left.accepted ? -1 : 1;
+	if (left.score !== right.score) return left.score - right.score;
+	const provider = left.providerId.localeCompare(right.providerId);
+	return provider === 0 ? left.modelId.localeCompare(right.modelId) : provider;
+}
+function requiredInputModalities(artifacts) {
+	const modalities = new Set(["text"]);
+	for (const artifact of artifacts) switch (artifact.kind) {
+		case "text":
+			modalities.add("text");
+			break;
+		case "json":
+			modalities.add("json");
+			break;
+		case "image":
+			modalities.add("image");
+			break;
+		case "audio":
+			modalities.add("audio");
+			break;
+		case "video":
+			modalities.add("video");
+			break;
+		case "document":
+			modalities.add("document");
+			break;
+		case "url":
+			modalities.add("url");
+			break;
+		case "tool-result":
+			modalities.add("tool");
+			break;
+		case "file":
+			modalities.add("file");
+			break;
+	}
+	return [...modalities];
+}
+function requiredOutputModalities(outputs) {
+	const modalities = /* @__PURE__ */ new Set();
+	for (const contract of Object.values(outputs)) {
+		if (contract === "text") {
+			modalities.add("text");
+			continue;
+		}
+		if (isStructuredContract(contract)) {
+			modalities.add("json");
+			continue;
+		}
+		if (isReferenceContract(contract)) modalities.add("json");
+	}
+	return [...modalities];
+}
+function outputRequiresStructuredOutput(outputs) {
+	return Object.values(outputs).some(isStructuredContract);
+}
+function isStructuredContract(contract) {
+	return typeof contract === "object" && contract !== null && "~standard" in contract;
+}
+function isReferenceContract(contract) {
+	return typeof contract === "object" && contract !== null && "kind" in contract && (contract.kind === "citations" || contract.kind === "artifacts");
+}
+function summarizeNoRouteReasons(candidates) {
+	if (candidates.length === 0) return [{
+		code: "catalog-empty",
+		message: "No provider capabilities are configured."
+	}];
+	const unique = /* @__PURE__ */ new Map();
+	for (const candidate of candidates) for (const reason of candidate.reasons) unique.set(reason.code, reason);
+	return [...unique.values()];
+}
+//#endregion
+//#region src/storage/fingerprint.ts
+const textEncoder = new TextEncoder();
+async function fingerprintArtifactValue(value) {
+	const bytes = await valueToBytes(value);
+	if (bytes === void 0) return;
+	const digest = await crypto.subtle.digest("SHA-256", toArrayBuffer(bytes));
+	return {
+		algorithm: "sha256",
+		value: toHex(new Uint8Array(digest))
+	};
+}
+async function valueToBytes(value) {
+	if (typeof value === "string") return textEncoder.encode(value);
+	if (value instanceof Uint8Array) return value;
+	if (value instanceof ArrayBuffer) return new Uint8Array(value);
+	if (isBlobLike$1(value)) return new Uint8Array(await value.arrayBuffer());
+	const serialized = JSON.stringify(value);
+	return serialized === void 0 ? void 0 : textEncoder.encode(serialized);
+}
+function isBlobLike$1(value) {
+	return typeof Blob !== "undefined" && value instanceof Blob;
+}
+function toHex(bytes) {
+	return Array.from(bytes, (byte) => byte.toString(16).padStart(2, "0")).join("");
+}
+function toArrayBuffer(bytes) {
+	const copy = new Uint8Array(bytes.byteLength);
+	copy.set(bytes);
+	return copy.buffer;
+}
+//#endregion
+//#region src/tracing/tracing.ts
+function createRunEvent(kind, input) {
+	return {
+		kind,
+		timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+		...input
+	};
+}
+//#endregion
+//#region src/runtime/config.ts
+function normalizeConfig(config = {}) {
+	const normalized = {
+		providers: normalizeProviders(config.providers),
+		defaults: config.defaults ?? {},
+		events: normalizeEventSinks(config.events)
+	};
+	if (config.storage !== void 0 && config.storage !== false) normalized.storage = config.storage;
+	if (config.sessions !== void 0 && config.sessions !== false) normalized.sessions = config.sessions;
+	if (config.tracing !== void 0 && config.tracing !== false) normalized.tracing = config.tracing;
+	if (config.signer !== void 0) normalized.signer = config.signer;
+	return normalized;
+}
+function normalizeEventSinks(events) {
+	if (events === void 0) return [];
+	return typeof events === "function" ? [events] : events;
+}
+function normalizeProviders(providers = []) {
+	return providers.map((provider) => {
+		if (typeof provider === "string") return {
+			id: provider,
+			kind: "provider-ref"
+		};
+		return provider;
+	});
+}
+//#endregion
+//#region src/runtime/create-ai.ts
+const ZERO_USAGE = {
+	promptTokens: 0,
+	completionTokens: 0,
+	costUsd: 0
+};
+const UNMEASURED_USAGE = {
+	promptTokens: 0,
+	completionTokens: 0,
+	costUsd: null
+};
+function createAI(config = {}) {
+	const normalized = normalizeConfig(config);
+	return {
+		session(id) {
+			return {
+				id,
+				kind: "session-ref"
+			};
+		},
+		async plan(intent) {
+			return (await buildPlan(normalized, intent)).plan;
+		},
+		run(intent) {
+			return runWithConfig(normalized, intent);
+		},
+		runAgent(intent) {
+			return import("./runtime-CfZ-sGGk.js").then((n) => n.n).then((mod) => mod.runAgent(intent, config));
+		}
+	};
+}
+async function runWithConfig(normalized, intent) {
+	if (intent.signal?.aborted === true) throw new DOMException("Run aborted before execution.", "AbortError");
+	const runId = createRunId();
+	const events = [];
+	await emitEvent(normalized, events, createRunEvent("run.start", { runId }));
+	const built = await buildPlan(normalized, intent, runId, events);
+	let plan = built.plan;
+	const selected = plan.route.selected;
+	if (selected === void 0) {
+		const isContractFailure = plan.route.noRouteReasons.filter((r) => r.code === "contract-budget-exceeded" || r.code === "contract-quality-floor" || r.code === "contract-modality-missing" || r.code === "contract-privacy-mismatch").length > 0;
+		const receipt = await maybeIssueReceipt(normalized, {
+			runId,
+			...intent.contract !== void 0 ? { contract: intent.contract } : {},
+			artifacts: intent.artifacts ?? [],
+			contractVerdict: isContractFailure ? "no-contract-match" : "execution-failed",
+			model: {
+				requested: intent.overrides?.model ?? "",
+				observed: null
+			},
+			route: {
+				providerId: "",
+				capabilityId: "",
+				attemptNumber: 0
+			},
+			usage: ZERO_USAGE,
+			...isContractFailure ? { noRouteReasons: plan.route.noRouteReasons } : {}
+		});
+		const failure = isContractFailure ? {
+			ok: false,
+			error: {
+				kind: "no-contract-match",
+				message: "No route satisfies the contract.",
+				noRouteReasons: plan.route.noRouteReasons
+			},
+			usage: { ...ZERO_USAGE },
+			plan,
+			events,
+			...receipt !== void 0 ? { receipt } : {}
+		} : {
+			ok: false,
+			error: {
+				kind: "no_route",
+				message: "No route satisfied the run requirements.",
+				reasons: plan.route.noRouteReasons.map((reason) => reason.message)
+			},
+			usage: { ...ZERO_USAGE },
+			plan,
+			events,
+			...receipt !== void 0 ? { receipt } : {}
+		};
+		await emitEvent(normalized, events, createRunEvent("run.failed", {
+			runId,
+			planId: plan.id,
+			metadata: { reason: isContractFailure ? "no-contract-match" : "no-route" }
+		}));
+		return failure;
+	}
+	const routes = [selected, ...plan.route.fallbackChain.map((fallback) => routeFromCandidate(plan, fallback.providerId, fallback.modelId) ?? {
+		providerId: fallback.providerId,
+		modelId: fallback.modelId,
+		score: fallback.score,
+		estimates: selected.estimates,
+		inputModalities: selected.inputModalities,
+		outputModalities: selected.outputModalities,
+		fileTransport: selected.fileTransport
+	})];
+	const attempts = [];
+	let lastError;
+	let anyExecutableAdapter = false;
+	for (const [index, route] of routes.entries()) {
+		const adapter = findExecutableAdapter(normalized, route.providerId);
+		if (adapter === void 0) {
+			lastError = /* @__PURE__ */ new Error("No Phase 1 provider adapter with execute() is configured.");
+			continue;
+		}
+		anyExecutableAdapter = true;
+		if (index > 0) await emitEvent(normalized, events, createRunEvent("fallback.activated", {
+			runId,
+			planId: plan.id,
+			providerId: route.providerId,
+			modelId: route.modelId
+		}));
+		const startedAt = (/* @__PURE__ */ new Date()).toISOString();
+		const attemptPackaging = packageArtifactsForProvider({
+			artifacts: built.artifacts,
+			route,
+			...built.mergedPolicy !== void 0 ? { policy: built.mergedPolicy } : {}
+		});
+		if (attemptPackaging.blocked.length > 0) {
+			const message = attemptPackaging.blocked.join("; ");
+			attempts.push(attemptFailed(route.providerId, route.modelId, startedAt, (/* @__PURE__ */ new Date()).toISOString(), message));
+			lastError = new Error(message);
+			continue;
+		}
+		const request = {
+			task: intent.task,
+			artifacts: built.artifacts,
+			outputs: Object.keys(intent.outputs),
+			outputContracts: intent.outputs,
+			...built.mergedPolicy !== void 0 ? { policy: built.mergedPolicy } : {},
+			...intent.signal !== void 0 ? { signal: intent.signal } : {},
+			plan,
+			contextPack: built.contextPack,
+			providerPackaging: attemptPackaging.plan,
+			packagedArtifacts: attemptPackaging.packagedArtifacts
+		};
+		try {
+			await emitEvent(normalized, events, createRunEvent("provider.attempt", {
+				runId,
+				planId: plan.id,
+				providerId: route.providerId,
+				modelId: route.modelId,
+				metadata: {
+					status: "started",
+					fallback: index > 0
+				}
+			}));
+			await intent.overrides?.hooks?.beforeProviderCall?.({
+				plan,
+				request
+			});
+			plan = withPlanStatus(plan, "running", {
+				stages: markStage(plan.stages, "execution", "running"),
+				attempts: [...attempts, {
+					providerId: route.providerId,
+					modelId: route.modelId,
+					status: "running",
+					startedAt
+				}]
+			});
+			const response = await adapter.execute(request);
+			await intent.overrides?.hooks?.afterProviderCall?.({
+				plan,
+				response
+			});
+			const completedAt = (/* @__PURE__ */ new Date()).toISOString();
+			const validation = await validateOutputMap(intent.outputs, response.rawOutputs, plan);
+			const succeededAttempt = attemptSucceeded(route.providerId, route.modelId, startedAt, completedAt, response.usage);
+			if (!validation.ok) {
+				attempts.push({
+					...succeededAttempt,
+					status: "failed",
+					error: validation.error.message
+				});
+				const failedPlan = withPlanStatus(plan, "failed", {
+					stages: markStage(plan.stages, "validation", "failed"),
+					attempts
+				});
+				await emitEvent(normalized, events, createRunEvent("validation.failed", {
+					runId,
+					planId: plan.id,
+					providerId: route.providerId,
+					modelId: route.modelId,
+					metadata: { error: validation.error.message }
+				}));
+				if (index === routes.length - 1) {
+					const receipt = await maybeIssueReceipt(normalized, {
+						runId,
+						...intent.contract !== void 0 ? { contract: intent.contract } : {},
+						artifacts: built.artifacts,
+						contractVerdict: "validation-failed",
+						model: {
+							requested: route.modelId,
+							observed: null
+						},
+						route: {
+							providerId: route.providerId,
+							capabilityId: route.modelId,
+							attemptNumber: attempts.length
+						},
+						usage: normalizeAdapterUsage(response)
+					});
+					return {
+						...validation,
+						usage: normalizeAdapterUsage(response),
+						plan: failedPlan,
+						events,
+						...receipt !== void 0 ? { receipt } : {}
+					};
+				}
+				lastError = new Error(validation.error.message);
+				continue;
+			}
+			const invariants = intent.contract?.invariants ?? [];
+			if (invariants.length > 0) {
+				const tripwireResult = await evaluateTripwires(validation.outputs, invariants);
+				if (!tripwireResult.ok) {
+					const tripwireFailedAt = (/* @__PURE__ */ new Date()).toISOString();
+					attempts.push({
+						...succeededAttempt,
+						status: "failed",
+						error: tripwireResult.evidence.message,
+						completedAt: tripwireFailedAt
+					});
+					const failedPlan = withPlanStatus(plan, "failed", {
+						stages: markStage(markStage(markStage(plan.stages, "execution", "completed"), "validation", "completed"), "tripwire", "failed", { invariantId: tripwireResult.evidence.invariantId }),
+						attempts
+					});
+					await emitEvent(normalized, events, createRunEvent("run.failed", {
+						runId,
+						planId: failedPlan.id,
+						providerId: route.providerId,
+						modelId: route.modelId,
+						metadata: {
+							reason: "tripwire-violated",
+							invariantId: tripwireResult.evidence.invariantId
+						}
+					}));
+					const receipt = await maybeIssueReceipt(normalized, {
+						runId,
+						...intent.contract !== void 0 ? { contract: intent.contract } : {},
+						artifacts: built.artifacts,
+						contractVerdict: "tripwire-violated",
+						model: {
+							requested: route.modelId,
+							observed: null
+						},
+						route: {
+							providerId: route.providerId,
+							capabilityId: route.modelId,
+							attemptNumber: attempts.length
+						},
+						usage: normalizeAdapterUsage(response),
+						tripwireEvidence: tripwireResult.evidence
+					});
+					return {
+						ok: false,
+						error: {
+							kind: "tripwire-violated",
+							message: tripwireResult.evidence.message,
+							invariantId: tripwireResult.evidence.invariantId,
+							evidence: tripwireResult.evidence,
+							terminal: true
+						},
+						usage: normalizeAdapterUsage(response),
+						plan: failedPlan,
+						events,
+						...receipt !== void 0 ? { receipt } : {}
+					};
+				}
+			}
+			attempts.push(succeededAttempt);
+			const artifactRefs = response.artifactRefs !== void 0 ? response.artifactRefs.map(toArtifactRef) : [];
+			const completedPlan = withPlanStatus(plan, "completed", {
+				stages: markStage(markStage(markStage(markStage(markStage(plan.stages, "execution", "completed"), "validation", "completed"), "persistence", "completed"), "tool-execution", built.toolResults.length > 0 ? "completed" : "skipped"), "tripwire", invariants.length > 0 ? "completed" : "skipped"),
+				attempts
+			});
+			if (built.sessionRecord !== void 0 && normalized.sessions !== void 0) await normalized.sessions.appendTurn({
+				sessionId: built.sessionRecord.id,
+				task: intent.task,
+				artifactRefs: built.artifacts.map(toArtifactRef),
+				outputArtifactRefs: artifactRefs,
+				planId: completedPlan.id
+			});
+			await emitEvent(normalized, events, createRunEvent("validation.complete", {
+				runId,
+				planId: completedPlan.id,
+				providerId: route.providerId,
+				modelId: route.modelId
+			}));
+			await emitEvent(normalized, events, createRunEvent("run.complete", {
+				runId,
+				planId: completedPlan.id
+			}));
+			const successValidation = validation;
+			const receipt = await maybeIssueReceipt(normalized, {
+				runId,
+				...intent.contract !== void 0 ? { contract: intent.contract } : {},
+				artifacts: built.artifacts,
+				contractVerdict: "success",
+				model: {
+					requested: route.modelId,
+					observed: null
+				},
+				route: {
+					providerId: route.providerId,
+					capabilityId: route.modelId,
+					attemptNumber: attempts.length
+				},
+				usage: normalizeAdapterUsage(response),
+				outputs: JSON.stringify(successValidation.outputs)
+			});
+			return {
+				...validation,
+				artifacts: artifactRefs,
+				usage: normalizeAdapterUsage(response),
+				plan: completedPlan,
+				events,
+				...receipt !== void 0 ? { receipt } : {}
+			};
+		} catch (error) {
+			const completedAt = (/* @__PURE__ */ new Date()).toISOString();
+			const message = error instanceof Error ? error.message : "Provider adapter execution failed.";
+			attempts.push(attemptFailed(route.providerId, route.modelId, startedAt, completedAt, message));
+			lastError = error instanceof Error ? error : new Error(message);
+			await emitEvent(normalized, events, createRunEvent("provider.attempt", {
+				runId,
+				planId: plan.id,
+				providerId: route.providerId,
+				modelId: route.modelId,
+				metadata: {
+					status: "failed",
+					error: message
+				}
+			}));
+		}
+	}
+	if (!anyExecutableAdapter) {
+		const receipt = await maybeIssueReceipt(normalized, {
+			runId,
+			...intent.contract !== void 0 ? { contract: intent.contract } : {},
+			artifacts: built.artifacts,
+			contractVerdict: "execution-failed",
+			model: {
+				requested: selected.modelId,
+				observed: null
+			},
+			route: {
+				providerId: selected.providerId,
+				capabilityId: selected.modelId,
+				attemptNumber: 0
+			},
+			usage: ZERO_USAGE
+		});
+		return {
+			ok: false,
+			error: {
+				kind: "execution_unavailable",
+				message: "No Phase 1 provider adapter with execute() is configured."
+			},
+			usage: { ...ZERO_USAGE },
+			plan,
+			events,
+			...receipt !== void 0 ? { receipt } : {}
+		};
+	}
+	const failedPlan = withPlanStatus(plan, "failed", {
+		stages: markStage(plan.stages, "execution", "failed"),
+		attempts
+	});
+	await emitEvent(normalized, events, createRunEvent("run.failed", {
+		runId,
+		planId: failedPlan.id,
+		metadata: { error: lastError?.message ?? "Provider adapter execution failed." }
+	}));
+	const receipt = await maybeIssueReceipt(normalized, {
+		runId,
+		...intent.contract !== void 0 ? { contract: intent.contract } : {},
+		artifacts: built.artifacts,
+		contractVerdict: "execution-failed",
+		model: {
+			requested: selected.modelId,
+			observed: null
+		},
+		route: {
+			providerId: selected.providerId,
+			capabilityId: selected.modelId,
+			attemptNumber: attempts.length
+		},
+		usage: UNMEASURED_USAGE
+	});
+	return {
+		ok: false,
+		error: {
+			kind: "provider_execution",
+			message: lastError?.message ?? "Provider adapter execution failed.",
+			providerId: selected.providerId,
+			modelId: selected.modelId
+		},
+		usage: { ...UNMEASURED_USAGE },
+		plan: failedPlan,
+		events,
+		...receipt !== void 0 ? { receipt } : {}
+	};
+}
+async function buildPlan(normalized, intent, runId = createRunId(), events = []) {
+	const prepared = await prepareArtifacts(intent);
+	const artifacts = prepared.artifacts;
+	const mergedPolicy = mergePolicy(mergePolicy(normalized.defaults.policy, intent.policy), intent.overrides?.routingPolicy);
+	const sessionRecord = intent.session !== void 0 && normalized.sessions !== void 0 ? await loadOrCreateSession(normalized, intent.session) : void 0;
+	const route = routeDeterministically(createCapabilityCatalog(normalized.providers), {
+		task: intent.task,
+		artifacts,
+		outputs: intent.outputs,
+		...mergedPolicy !== void 0 ? { policy: mergedPolicy } : {},
+		...intent.overrides?.provider !== void 0 ? { provider: intent.overrides.provider } : {},
+		...intent.overrides?.model !== void 0 ? { model: intent.overrides.model } : {},
+		...intent.contract !== void 0 ? { contract: intent.contract } : {}
+	});
+	const contextPack = buildContextPack({
+		task: intent.task,
+		artifacts,
+		...route.selected !== void 0 ? { route: route.selected } : {},
+		...sessionRecord !== void 0 ? { session: sessionRecord } : {},
+		...intent.overrides?.tokenBudget !== void 0 ? { tokenBudget: intent.overrides.tokenBudget } : {}
+	});
+	const summaryRefs = contextPack.summarized.length > 0 && intent.overrides?.summarizer !== void 0 ? await intent.overrides.summarizer.summarize({
+		artifacts: artifacts.map(toArtifactRef),
+		budgetTokens: contextPack.tokenBudget
+	}) : [];
+	const packaging = packageArtifactsForProvider({
+		artifacts,
+		...route.selected !== void 0 ? { route: route.selected } : {},
+		...mergedPolicy !== void 0 ? { policy: mergedPolicy } : {}
+	});
+	let plan = createExecutionPlan({
+		task: intent.task,
+		artifacts: artifacts.map(toArtifactRef),
+		outputs: intent.outputs,
+		route,
+		context: contextPack,
+		providerPackaging: packaging.plan,
+		warnings: packaging.blocked,
+		metadata: {
+			...intent.tools !== void 0 ? { tools: intent.tools.map((tool) => tool.name) } : {},
+			...summaryRefs.length > 0 ? { summaryArtifactIds: summaryRefs.map((summary) => summary.id) } : {}
+		}
+	});
+	plan = withPlanStatus(plan, plan.status, { stages: markStage(plan.stages, "tool-execution", prepared.toolResults.length > 0 ? "completed" : "skipped", prepared.toolResults.length > 0 ? { toolNames: prepared.toolResults.map((result) => result.toolName) } : void 0) });
+	for (const result of prepared.toolResults) {
+		await emitEvent(normalized, events, createRunEvent("tool.call", {
+			runId,
+			planId: plan.id,
+			artifactId: result.artifact.id,
+			metadata: {
+				toolName: result.toolName,
+				callId: result.callId
+			}
+		}));
+		await emitEvent(normalized, events, createRunEvent("artifact.created", {
+			runId,
+			planId: plan.id,
+			artifactId: result.artifact.id,
+			metadata: { source: "tool" }
+		}));
+	}
+	for (const artifactRef of artifacts.map(toArtifactRef)) await emitEvent(normalized, events, createRunEvent("artifact.ingested", {
+		runId,
+		planId: plan.id,
+		artifactId: artifactRef.id
+	}));
+	await emitEvent(normalized, events, createRunEvent("context.packed", {
+		runId,
+		planId: plan.id,
+		metadata: {
+			estimatedTokens: contextPack.estimatedTokens,
+			included: contextPack.included.length,
+			summarized: contextPack.summarized.length,
+			omitted: contextPack.omitted.length
+		}
+	}));
+	await emitEvent(normalized, events, createRunEvent("router.candidates", {
+		runId,
+		planId: plan.id,
+		metadata: {
+			selected: route.selected?.modelId,
+			rejected: route.rejected.length,
+			fallbacks: route.fallbackChain.length
+		}
+	}));
+	return {
+		plan,
+		artifacts,
+		contextPack,
+		packagedArtifacts: packaging.packagedArtifacts,
+		blockedPackaging: packaging.blocked,
+		toolResults: prepared.toolResults,
+		...mergedPolicy !== void 0 ? { mergedPolicy } : {},
+		...sessionRecord !== void 0 ? { sessionRecord } : {}
+	};
+}
+async function prepareArtifacts(intent) {
+	let artifacts = [...intent.artifacts ?? []];
+	for (const transform of intent.overrides?.transforms ?? []) {
+		const transformed = await transform.transform({
+			task: intent.task,
+			artifacts
+		});
+		artifacts = artifacts.concat(Array.isArray(transformed) ? transformed : [transformed]);
+	}
+	const toolResults = [];
+	for (const tool of intent.tools ?? []) {
+		const result = await runTool(tool, intent.toolInputs?.[tool.name] ?? {});
+		toolResults.push(result);
+		artifacts.push(result.artifact);
+	}
+	return {
+		artifacts,
+		toolResults
+	};
+}
+async function loadOrCreateSession(normalized, session) {
+	const existing = await normalized.sessions?.load(session.id);
+	if (existing !== void 0) return existing;
+	if (normalized.sessions === void 0) throw new Error("Session storage is not configured.");
+	return normalized.sessions.create({ id: session.id });
+}
+function attemptSucceeded(providerId, modelId, startedAt, completedAt, usage) {
+	return {
+		providerId,
+		modelId,
+		status: "succeeded",
+		startedAt,
+		completedAt,
+		...usage !== void 0 ? { usage } : {}
+	};
+}
+function attemptFailed(providerId, modelId, startedAt, completedAt, error) {
+	return {
+		providerId,
+		modelId,
+		status: "failed",
+		startedAt,
+		completedAt,
+		error
+	};
+}
+function findExecutableAdapter(normalized, providerId) {
+	return normalized.providers.find((provider) => provider.kind === "provider-adapter" && provider.id === providerId && typeof provider.execute === "function");
+}
+function routeFromCandidate(plan, providerId, modelId) {
+	const candidate = plan.route.candidates.find((item) => item.providerId === providerId && item.modelId === modelId);
+	if (candidate === void 0) return;
+	return {
+		providerId,
+		modelId,
+		score: candidate.score,
+		estimates: candidate.estimates,
+		inputModalities: candidate.capability.inputModalities,
+		outputModalities: candidate.capability.outputModalities,
+		fileTransport: candidate.capability.fileTransport
+	};
+}
+async function emitEvent(normalized, events, event) {
+	events.push(event);
+	normalized.tracing?.event?.(event.kind, {
+		...event.metadata,
+		planId: event.planId,
+		providerId: event.providerId,
+		modelId: event.modelId,
+		artifactId: event.artifactId
+	});
+	await Promise.all(normalized.events.map((sink) => sink(event)));
+}
+function createRunId() {
+	if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") return `run:${crypto.randomUUID()}`;
+	return `run:${Date.now()}:${Math.random().toString(16).slice(2)}`;
+}
+/**
+* Normalize an adapter response into the `RunResult.usage` shape.
+*
+* Prefers `ProviderRunResponse.normalizedUsage` (the Phase 7 shape emitted by
+* openai / openai-compat / ai-sdk / fake adapters). Falls back to mapping the
+* legacy `UsageRecord` (inputTokens / outputTokens) so v1.0 adapters that have
+* not yet been re-rolled still surface a usable Usage value.
+*/
+function normalizeAdapterUsage(response) {
+	if (response.normalizedUsage !== void 0) return response.normalizedUsage;
+	return {
+		promptTokens: response.usage?.inputTokens ?? 0,
+		completionTokens: response.usage?.outputTokens ?? 0,
+		costUsd: response.usage?.costUsd ?? null
+	};
+}
+/**
+* Phase 9 — hash each artifact's canonical value via SHA-256 and return the
+* hex digests in declaration order. Missing/undefined values produce an
+* empty string so the array length matches `artifacts.length` exactly.
+*/
+async function hashInputArtifacts(artifacts) {
+	const out = [];
+	for (const artifact of artifacts) {
+		const fp = await fingerprintArtifactValue(artifact.value);
+		out.push(fp?.value ?? "");
+	}
+	return out;
+}
+/**
+* Phase 9 — SHA-256 hex of `canonicalize(contract)` for the receipt's
+* contractHash field. Returns null when no contract is attached or when
+* canonicalize cannot serialize the input.
+*/
+async function sha256HexOfCanonicalContract(contract) {
+	if (contract === void 0 || contract === null) return null;
+	const canonical = canonicalize(contract);
+	if (canonical === void 0) return null;
+	const bytes = new TextEncoder().encode(canonical);
+	const ab = new Uint8Array(bytes.byteLength);
+	ab.set(bytes);
+	const digest = await crypto.subtle.digest("SHA-256", ab.buffer);
+	return Array.from(new Uint8Array(digest)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+/**
+* Phase 9 — issue a signed receipt at a terminal branch when a signer is
+* configured. Signer failures degrade gracefully to `undefined` so a faulty
+* signer never crashes `ai.run`.
+*/
+async function maybeIssueReceipt(normalized, input) {
+	if (normalized.signer === void 0) return void 0;
+	try {
+		const inputHashes = await hashInputArtifacts(input.artifacts);
+		const outputHash = input.outputs === void 0 ? null : (await fingerprintArtifactValue(input.outputs))?.value ?? null;
+		const contractHash = await sha256HexOfCanonicalContract(input.contract);
+		return await createReceipt({
+			runId: input.runId,
+			model: input.model,
+			route: input.route,
+			usage: input.usage,
+			contractVerdict: input.contractVerdict,
+			contractHash,
+			inputHashes,
+			outputHash,
+			...input.noRouteReasons !== void 0 ? { noRouteReasons: input.noRouteReasons } : {},
+			...input.tripwireEvidence !== void 0 ? { tripwireEvidence: input.tripwireEvidence } : {}
+		}, normalized.signer);
+	} catch {
+		return;
+	}
+}
+//#endregion
+//#region src/sessions/session.ts
+function createMemorySessionStore(options = {}) {
+	const storeId = options.id ?? "memory-sessions";
+	const sessions = /* @__PURE__ */ new Map();
+	return {
+		kind: "session-store",
+		id: storeId,
+		async create(createOptions = {}) {
+			const now = (/* @__PURE__ */ new Date()).toISOString();
+			const session = {
+				id: createOptions.id ?? createSessionId(),
+				kind: "session-ref",
+				...createOptions.parentId !== void 0 ? { parentId: createOptions.parentId } : {},
+				...createOptions.branchPointRunId !== void 0 ? { branchPointRunId: createOptions.branchPointRunId } : {},
+				turns: [],
+				summaries: [],
+				artifactRefs: [],
+				planIds: [],
+				createdAt: now,
+				updatedAt: now
+			};
+			sessions.set(session.id, clone(session));
+			return clone(session);
+		},
+		async load(id) {
+			const session = sessions.get(id);
+			return session === void 0 ? void 0 : clone(session);
+		},
+		async save(session) {
+			sessions.set(session.id, clone(session));
+			return clone(session);
+		},
+		async branch(parentId, branchOptions = {}) {
+			const parent = sessions.get(parentId);
+			const branched = await this.create({
+				...branchOptions,
+				parentId
+			});
+			if (parent === void 0) return branched;
+			const inherited = {
+				...branched,
+				turns: clone(parent.turns),
+				summaries: clone(parent.summaries),
+				artifactRefs: clone(parent.artifactRefs),
+				planIds: clone(parent.planIds)
+			};
+			sessions.set(inherited.id, clone(inherited));
+			return clone(inherited);
+		},
+		async appendTurn(input) {
+			const existing = sessions.get(input.sessionId) ?? await this.create({ id: input.sessionId });
+			const turn = {
+				id: createTurnId(),
+				task: input.task,
+				artifactRefs: clone(input.artifactRefs),
+				outputArtifactRefs: clone(input.outputArtifactRefs ?? []),
+				...input.planId !== void 0 ? { planId: input.planId } : {},
+				createdAt: (/* @__PURE__ */ new Date()).toISOString()
+			};
+			const artifactRefs = mergeArtifactRefs(existing.artifactRefs, input.artifactRefs, input.outputArtifactRefs ?? []);
+			const planIds = input.planId === void 0 ? existing.planIds : [...existing.planIds, input.planId];
+			const next = {
+				...existing,
+				turns: [...existing.turns, turn],
+				artifactRefs,
+				planIds,
+				updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+			};
+			sessions.set(next.id, clone(next));
+			return clone(next);
+		}
+	};
+}
+function mergeArtifactRefs(current, ...groups) {
+	const byId = new Map(current.map((artifact) => [artifact.id, artifact]));
+	for (const group of groups) for (const artifact of group) byId.set(artifact.id, artifact);
+	return [...byId.values()];
+}
+function createSessionId() {
+	if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") return `session:${crypto.randomUUID()}`;
+	return `session:${Date.now()}:${Math.random().toString(16).slice(2)}`;
+}
+function createTurnId() {
+	if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") return `turn:${crypto.randomUUID()}`;
+	return `turn:${Date.now()}:${Math.random().toString(16).slice(2)}`;
+}
+function clone(value) {
+	try {
+		return structuredClone(value);
+	} catch {
+		return value;
+	}
+}
+//#endregion
+//#region src/storage/local.ts
+function createLocalArtifactStore(rootDir, options = {}) {
+	const rootPath = rootDir instanceof URL ? fileURLToPath(rootDir) : rootDir;
+	const storeId = options.id ?? "local";
+	return {
+		kind: "artifact-store",
+		id: storeId,
+		async put(artifact) {
+			const artifactDir = artifactDirectory(rootPath, artifact.id);
+			const fingerprint = artifact.fingerprint ?? await fingerprintArtifactValue(artifact.value);
+			const ref = toArtifactRef({
+				...artifact,
+				storage: {
+					storeId,
+					key: artifact.id
+				},
+				...fingerprint !== void 0 ? { fingerprint } : {}
+			});
+			await rm(artifactDir, {
+				recursive: true,
+				force: true
+			});
+			await mkdir(artifactDir, { recursive: true });
+			const payload = await writePayload(artifactDir, artifact.value);
+			const envelope = {
+				version: 1,
+				ref,
+				...payload !== void 0 ? { payload } : {}
+			};
+			await writeFile(metadataPath(rootPath, artifact.id), `${JSON.stringify(envelope, null, 2)}\n`, "utf8");
+			return ref;
+		},
+		async get(id) {
+			return (await readEnvelope(rootPath, id))?.ref;
+		},
+		async load(id) {
+			const envelope = await readEnvelope(rootPath, id);
+			if (envelope === void 0) return;
+			if (envelope.payload === void 0) return envelope.ref;
+			const value = await readPayload(artifactDirectory(rootPath, id), envelope.payload);
+			return {
+				...envelope.ref,
+				value
+			};
+		},
+		async has(id) {
+			try {
+				await stat(metadataPath(rootPath, id));
+				return true;
+			} catch (error) {
+				if (isNotFoundError(error)) return false;
+				throw error;
+			}
+		},
+		async delete(id) {
+			if (!await this.has(id)) return false;
+			await rm(artifactDirectory(rootPath, id), {
+				recursive: true,
+				force: true
+			});
+			return true;
+		},
+		async list() {
+			const artifactsPath = join(rootPath, "artifacts");
+			let entries;
+			try {
+				entries = await readdir(artifactsPath, { withFileTypes: true });
+			} catch (error) {
+				if (isNotFoundError(error)) return [];
+				throw error;
+			}
+			return (await Promise.all(entries.filter((entry) => entry.isDirectory()).map(async (entry) => {
+				return (await readEnvelopeByDirectory(join(artifactsPath, entry.name))).ref;
+			}))).sort((left, right) => left.id.localeCompare(right.id));
+		}
+	};
+}
+async function writePayload(artifactDir, value) {
+	if (value === void 0) return;
+	if (value instanceof Uint8Array || value instanceof ArrayBuffer || isBlobLike(value)) {
+		await writeFile(join(artifactDir, "payload.bin"), await toBinaryPayload(value));
+		return {
+			kind: "binary",
+			path: "payload.bin"
+		};
+	}
+	const serialized = JSON.stringify(value, null, 2);
+	if (serialized === void 0) return;
+	await writeFile(join(artifactDir, "payload.json"), `${serialized}\n`, "utf8");
+	return {
+		kind: "json",
+		path: "payload.json"
+	};
+}
+async function readPayload(artifactDir, payload) {
+	const payloadPath = join(artifactDir, payload.path);
+	if (payload.kind === "binary") {
+		const bytes = await readFile(payloadPath);
+		return new Uint8Array(bytes);
+	}
+	return JSON.parse(await readFile(payloadPath, "utf8"));
+}
+async function readEnvelope(rootPath, id) {
+	try {
+		return JSON.parse(await readFile(metadataPath(rootPath, id), "utf8"));
+	} catch (error) {
+		if (isNotFoundError(error)) return;
+		throw error;
+	}
+}
+async function readEnvelopeByDirectory(artifactDir) {
+	return JSON.parse(await readFile(join(artifactDir, "metadata.json"), "utf8"));
+}
+async function toBinaryPayload(value) {
+	if (value instanceof Uint8Array) return value;
+	if (value instanceof ArrayBuffer) return new Uint8Array(value);
+	return new Uint8Array(await value.arrayBuffer());
+}
+function artifactDirectory(rootPath, id) {
+	return join(rootPath, "artifacts", encodeURIComponent(id));
+}
+function metadataPath(rootPath, id) {
+	return join(artifactDirectory(rootPath, id), "metadata.json");
+}
+function isBlobLike(value) {
+	return typeof Blob !== "undefined" && value instanceof Blob;
+}
+function isNotFoundError(error) {
+	return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
+}
+//#endregion
+//#region src/storage/memory.ts
+function createMemoryArtifactStore(options = {}) {
+	const storeId = options.id ?? "memory";
+	const artifacts = /* @__PURE__ */ new Map();
+	return {
+		kind: "artifact-store",
+		id: storeId,
+		async put(artifact) {
+			const fingerprint = artifact.fingerprint ?? await fingerprintArtifactValue(artifact.value);
+			const storedArtifact = {
+				...cloneArtifactInput(artifact),
+				storage: {
+					storeId,
+					key: artifact.id
+				},
+				...fingerprint !== void 0 ? { fingerprint } : {}
+			};
+			const ref = toArtifactRef(storedArtifact);
+			artifacts.set(artifact.id, {
+				ref: cloneArtifactRef(ref),
+				artifact: cloneArtifactInput(storedArtifact)
+			});
+			return cloneArtifactRef(ref);
+		},
+		async get(id) {
+			const record = artifacts.get(id);
+			return record === void 0 ? void 0 : cloneArtifactRef(record.ref);
+		},
+		async load(id) {
+			const record = artifacts.get(id);
+			return record === void 0 ? void 0 : cloneArtifactInput(record.artifact);
+		},
+		async has(id) {
+			return artifacts.has(id);
+		},
+		async delete(id) {
+			return artifacts.delete(id);
+		},
+		async list() {
+			return Array.from(artifacts.values(), (record) => cloneArtifactRef(record.ref));
+		}
+	};
+}
+function cloneArtifactInput(artifact) {
+	return cloneValue(artifact);
+}
+function cloneArtifactRef(ref) {
+	return cloneValue(ref);
+}
+function cloneValue(value) {
+	try {
+		return structuredClone(value);
+	} catch {
+		return value;
+	}
+}
+//#endregion
+export { AgentDeniedError, BAND, DEFAULT_CHECKPOINT_BAND, STEP_TRANSITION_EVENT_NAME, STUCK_REASONS, artifact, contract, createAI, createAISdkProvider, createActionHistory, createAnthropicProvider, createCheckpointHook, createCostTracker, createFakeProvider, createGeminiProvider, createGoalProgressTracker, createHookPipeline, createInMemorySigner, createLmStudioProvider, createLocalArtifactStore, createMemoryArtifactStore, createMemoryKeySet, createMemorySessionStore, createNoopAgentHost, createNoopSurvivabilityAdapter, createOpenAICompatibleProvider, createOpenAIProvider, createOpenRouterProvider, createPermissionContext, createPermissionGuardHook, createReceipt, createReplayEnvelope, createTranscriptStore, createXaiProvider, defaultPiiDetectors, defineTool, estimateRouteCost, evalAgentRun, evaluateContractAgainstRoute, evaluateTripwires, formatToolsForProvider, generateEd25519KeyPairJwk, importMcpTools, inv, isTerminal, latticeVersion, materializeReplayEnvelope, output, permissionGuardRegisterOptions, redactArtifactRef, redactPlan, redactReplayEnvelope, replayOffline, rerunLive, runAgent, runTool, toolArtifactRef, toolSchemaToJsonSchema, verifyReceipt };
+
+//# sourceMappingURL=index.js.map