@fusionkit/protocol 0.1.0

package/dist/api.d.ts

@@ -0,0 +1,106 @@
+/**
+ * Wire-level API contracts shared by the plane (server), SDK (client),
+ * runner, handoff SDK, CLI, and control panel. These are data contracts,
+ * not behavior: the plane implements them, everything else consumes them.
+ */
+import type { ActorRef, ChainedEvent, ContinuationRef, DisclosureMode, RunContract, RunStatus, SecretClaim, SessionIsolation } from "./types.js";
+import type { ExecutionSpec } from "./execution.js";
+/** A run request as accepted by `POST /v1/runs`. */
+export type RunRequest = {
+    runId: string;
+    requestedBy: ActorRef;
+    agentKind: string;
+    agentVersion?: string;
+    prompt: string;
+    pool: string;
+    secretNames: string[];
+    workspace: RunContract["workspace"];
+    network: RunContract["network"];
+    budget: RunContract["budget"];
+    disclosure: DisclosureMode;
+    /** Durable machine intent. Defaults from agent/prompt for legacy callers. */
+    execution?: ExecutionSpec;
+    /** Requested session isolation. Defaults to "process". */
+    isolation?: SessionIsolation;
+    /** Present when the run continues prior work from a handoff envelope. */
+    continuation?: ContinuationRef;
+};
+export type RunRequestInput = Omit<RunRequest, "runId">;
+/** Outcome of policy evaluation at contract time. */
+export type PolicyDecision = {
+    decision: "allow" | "ask";
+    reason: string;
+    consentRequirements: string[];
+};
+/** `dryRun` output: the full disclosure report, with nothing moved. */
+export type DisclosureReport = {
+    dryRun: true;
+    agent: {
+        kind: string;
+        version?: string;
+    };
+    pool: string;
+    workspace: {
+        baseRef: string;
+        bundleHash: string;
+        dirtyDiffHash?: string;
+        untrackedPaths: string[];
+        deniedPaths: string[];
+    };
+    secrets: SecretClaim[];
+    network: {
+        defaultDeny: boolean;
+        allowHosts: string[];
+    };
+    budget: {
+        maxSpendUsd?: number;
+        maxDurationMin?: number;
+    };
+    disclosure: string;
+    execution?: ExecutionSpec;
+    isolation?: SessionIsolation;
+    continuation?: ContinuationRef;
+    policyDecision: PolicyDecision;
+};
+/** What a runner receives when it claims a contract. */
+export type ClaimResult = {
+    runId: string;
+    contract: RunContract;
+    claimToken: string;
+    events: ChainedEvent[];
+    secrets: {
+        name: string;
+        value: string;
+    }[];
+};
+/** Detailed view of a single run, as returned by `GET /v1/runs/:id`. */
+export type RunView = {
+    runId: string;
+    status: RunStatus;
+    createdAt: string;
+    updatedAt: string;
+    consentRequirements: string[];
+    failureMessage?: string;
+    events: ChainedEvent[];
+};
+/** Row in the run list, as returned by `GET /v1/runs`. */
+export type RunSummary = {
+    runId: string;
+    status: RunStatus;
+    agentKind: string;
+    pool: string;
+    prompt: string;
+    requestedBy: ActorRef;
+    createdAt: string;
+    updatedAt: string;
+    consentRequirements: string[];
+    hasReceipt: boolean;
+    continuation?: ContinuationRef;
+};
+/** Row in the runner list, as returned by `GET /v1/runners`. */
+export type RunnerSummary = {
+    runnerId: string;
+    pool: string;
+    keyId: string;
+    enrolledAt: string;
+};

package/dist/api.js

@@ -0,0 +1,6 @@
+/**
+ * Wire-level API contracts shared by the plane (server), SDK (client),
+ * runner, handoff SDK, CLI, and control panel. These are data contracts,
+ * not behavior: the plane implements them, everything else consumes them.
+ */
+export {};

package/dist/chain.d.ts

@@ -0,0 +1,14 @@
+import type { ChainedEvent, RunEvent } from "./types.js";
+/**
+ * Append an event to a hash chain. The genesis event's `prev` is the
+ * contract hash, which ties the whole chain to the signed contract.
+ */
+export declare function appendEvent(chain: ChainedEvent[], event: RunEvent, genesisPrev: string, now?: () => string): ChainedEvent;
+export type ChainVerification = {
+    ok: true;
+} | {
+    ok: false;
+    brokenAtSeq: number;
+    reason: string;
+};
+export declare function verifyChain(events: ChainedEvent[], genesisPrev: string): ChainVerification;

package/dist/chain.js

@@ -0,0 +1,49 @@
+import { hashCanonical } from "./hash.js";
+function eventHash(input) {
+    return hashCanonical(input);
+}
+/**
+ * Append an event to a hash chain. The genesis event's `prev` is the
+ * contract hash, which ties the whole chain to the signed contract.
+ */
+export function appendEvent(chain, event, genesisPrev, now = () => new Date().toISOString()) {
+    const last = chain[chain.length - 1];
+    const seq = last ? last.seq + 1 : 0;
+    const prev = last ? last.hash : genesisPrev;
+    const ts = now();
+    const chained = {
+        version: "warrant.event.v1",
+        seq,
+        ts,
+        prev,
+        event,
+        hash: eventHash({ seq, ts, prev, event })
+    };
+    chain.push(chained);
+    return chained;
+}
+export function verifyChain(events, genesisPrev) {
+    let expectedPrev = genesisPrev;
+    for (let i = 0; i < events.length; i++) {
+        const entry = events[i];
+        if (!entry)
+            return { ok: false, brokenAtSeq: i, reason: "missing entry" };
+        if (entry.seq !== i) {
+            return { ok: false, brokenAtSeq: i, reason: "sequence gap" };
+        }
+        if (entry.prev !== expectedPrev) {
+            return { ok: false, brokenAtSeq: i, reason: "prev hash mismatch" };
+        }
+        const recomputed = eventHash({
+            seq: entry.seq,
+            ts: entry.ts,
+            prev: entry.prev,
+            event: entry.event
+        });
+        if (recomputed !== entry.hash) {
+            return { ok: false, brokenAtSeq: i, reason: "event hash mismatch" };
+        }
+        expectedPrev = entry.hash;
+    }
+    return { ok: true };
+}

package/dist/constants.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Versioned schema identifiers and shared enumerations, referenced instead
+ * of inlining string literals across packages. The literal-typed `as const`
+ * values still satisfy the corresponding `version: "..."` fields.
+ */
+export { ACTOR_KINDS, AGENT_KINDS, CHECKPOINT_TIERS, DISCLOSURE_MODES, HEX_HASH_PATTERN, isAgentKind, isTerminalStatus, RUN_EVENT_TYPES, RUN_STATUSES, SESSION_ISOLATIONS, TERMINAL_RUN_STATUSES } from "./vocabulary.js";
+export declare const PROTOCOL_VERSIONS: {
+    readonly contract: "warrant.contract.v1";
+    readonly receipt: "warrant.receipt.v1";
+    readonly event: "warrant.event.v1";
+    readonly manifest: "warrant.manifest.v1";
+    readonly policy: "warrant.policy.v1";
+    readonly checkpoint: "warrant.checkpoint.v1";
+    readonly envelope: "warrant.envelope.v1";
+    readonly bundle: "warrant.bundle.v1";
+    readonly toolJournal: "warrant.tooljournal.v1";
+    readonly sealed: "warrant.sealed.v1";
+};
+export declare const MODEL_FUSION_SCHEMA_NAMES: readonly ["model-call-record.v1", "harness-run-request.v1", "harness-run-result.v1", "harness-candidate-record.v1", "judge-synthesis-record.v1", "benchmark-task-record.v1", "artifact-ref.v1", "tool-call-plan.v1", "tool-execution-record.v1", "ensemble-receipt.v1"];
+/**
+ * Length (in hex characters) of the public-key fingerprint embedded in a
+ * key id. 16 hex = 64 bits of a SHA-256 digest: ample collision resistance
+ * for identifying enrolled keys while keeping ids short and readable.
+ */
+export declare const KEY_ID_HEX_LENGTH = 16;

package/dist/constants.js

@@ -0,0 +1,36 @@
+/**
+ * Versioned schema identifiers and shared enumerations, referenced instead
+ * of inlining string literals across packages. The literal-typed `as const`
+ * values still satisfy the corresponding `version: "..."` fields.
+ */
+export { ACTOR_KINDS, AGENT_KINDS, CHECKPOINT_TIERS, DISCLOSURE_MODES, HEX_HASH_PATTERN, isAgentKind, isTerminalStatus, RUN_EVENT_TYPES, RUN_STATUSES, SESSION_ISOLATIONS, TERMINAL_RUN_STATUSES } from "./vocabulary.js";
+export const PROTOCOL_VERSIONS = {
+    contract: "warrant.contract.v1",
+    receipt: "warrant.receipt.v1",
+    event: "warrant.event.v1",
+    manifest: "warrant.manifest.v1",
+    policy: "warrant.policy.v1",
+    checkpoint: "warrant.checkpoint.v1",
+    envelope: "warrant.envelope.v1",
+    bundle: "warrant.bundle.v1",
+    toolJournal: "warrant.tooljournal.v1",
+    sealed: "warrant.sealed.v1"
+};
+export const MODEL_FUSION_SCHEMA_NAMES = [
+    "model-call-record.v1",
+    "harness-run-request.v1",
+    "harness-run-result.v1",
+    "harness-candidate-record.v1",
+    "judge-synthesis-record.v1",
+    "benchmark-task-record.v1",
+    "artifact-ref.v1",
+    "tool-call-plan.v1",
+    "tool-execution-record.v1",
+    "ensemble-receipt.v1"
+];
+/**
+ * Length (in hex characters) of the public-key fingerprint embedded in a
+ * key id. 16 hex = 64 bits of a SHA-256 digest: ample collision resistance
+ * for identifying enrolled keys while keeping ids short and readable.
+ */
+export const KEY_ID_HEX_LENGTH = 16;

package/dist/contract.d.ts

@@ -0,0 +1,6 @@
+import type { RunContract, Signature } from "./types.js";
+/** Content hash of a contract, excluding signatures. */
+export declare function contractHash(contract: RunContract): string;
+export declare function signContract(contract: RunContract, privateKeyPem: string, publicKeyPem: string, signer: Signature["signer"]): RunContract;
+export type KeyResolver = (keyId: string) => string | undefined;
+export declare function verifyContractSignature(contract: RunContract, signer: Signature["signer"], resolvePublicKeyPem: KeyResolver): boolean;

package/dist/contract.js

@@ -0,0 +1,32 @@
+import { hashCanonical } from "./hash.js";
+import { keyIdFromPublicPem, signData, verifyData } from "./keys.js";
+function signablePayload(contract) {
+    const { signatures: _signatures, ...unsigned } = contract;
+    return hashCanonical(unsigned);
+}
+/** Content hash of a contract, excluding signatures. */
+export function contractHash(contract) {
+    return signablePayload(contract);
+}
+export function signContract(contract, privateKeyPem, publicKeyPem, signer) {
+    const payload = signablePayload(contract);
+    const signature = {
+        keyId: keyIdFromPublicPem(publicKeyPem),
+        alg: "ed25519",
+        signer,
+        sig: signData(privateKeyPem, payload)
+    };
+    return { ...contract, signatures: [...contract.signatures, signature] };
+}
+export function verifyContractSignature(contract, signer, resolvePublicKeyPem) {
+    const payload = signablePayload(contract);
+    const signature = contract.signatures.find((s) => s.signer === signer);
+    if (!signature)
+        return false;
+    const publicKeyPem = resolvePublicKeyPem(signature.keyId);
+    if (!publicKeyPem)
+        return false;
+    if (keyIdFromPublicPem(publicKeyPem) !== signature.keyId)
+        return false;
+    return verifyData(publicKeyPem, payload, signature.sig);
+}

package/dist/execution.d.ts

@@ -0,0 +1,67 @@
+import type { AgentSpec } from "./types.js";
+export type ExecutionEnv = {
+    /** Ambient variables intentionally inherited by name. */
+    inherit?: string[];
+    /** Secret store names mapped onto validated environment variable names. */
+    secrets?: {
+        env: string;
+        secretName: string;
+    }[];
+    /** Non-secret literal environment values. */
+    vars?: Record<string, string>;
+    /** Whether the runner should inject its governed egress proxy. */
+    egressProxy?: boolean;
+};
+export type ExecutionLogPolicy = {
+    stdout: "capture";
+    stderr: "merge" | "capture";
+    /** Maximum captured bytes before the backend terminates the execution. */
+    maxBytes?: number;
+};
+export type ExecutionSpec = {
+    kind: "shell";
+    script: string;
+    shell?: "sh" | "bash";
+    /** Workspace-relative directory. Defaults to ".". */
+    cwd?: string;
+    timeoutMs?: number;
+    env?: ExecutionEnv;
+    log?: ExecutionLogPolicy;
+} | {
+    kind: "argv";
+    command: string;
+    args: string[];
+    /** Workspace-relative directory. Defaults to ".". */
+    cwd?: string;
+    timeoutMs?: number;
+    env?: ExecutionEnv;
+    log?: ExecutionLogPolicy;
+} | {
+    kind: "agent";
+    agent: AgentSpec;
+    prompt: string;
+    timeoutMs?: number;
+    env?: ExecutionEnv;
+    log?: ExecutionLogPolicy;
+};
+/**
+ * The default execution intent for an agent and task when a request or
+ * contract carries no explicit `execution`: the "command" harness runs the
+ * task as one governed shell command; every other harness receives the
+ * task as its prompt. This is the single defaulting rule shared by the
+ * plane (contract issue + dry run), the handoff SDK, and the runner.
+ */
+export declare function defaultExecutionSpec(agent: AgentSpec, prompt: string): ExecutionSpec;
+/**
+ * Resolve the execution intent of a run request: the explicit `execution`
+ * when present, otherwise the shared default. The `agentKind` cast is the
+ * one sanctioned place a request's free-form agent string becomes an
+ * `AgentSpec`: the schema deliberately leaves it unconstrained so the
+ * policy engine (not parsing) decides permissibility.
+ */
+export declare function executionFromRunRequest(request: {
+    agentKind: string;
+    agentVersion?: string;
+    prompt: string;
+    execution?: ExecutionSpec;
+}): ExecutionSpec;

package/dist/execution.js

@@ -0,0 +1,27 @@
+/**
+ * The default execution intent for an agent and task when a request or
+ * contract carries no explicit `execution`: the "command" harness runs the
+ * task as one governed shell command; every other harness receives the
+ * task as its prompt. This is the single defaulting rule shared by the
+ * plane (contract issue + dry run), the handoff SDK, and the runner.
+ */
+export function defaultExecutionSpec(agent, prompt) {
+    if (agent.kind === "command")
+        return { kind: "shell", script: prompt };
+    return { kind: "agent", agent, prompt };
+}
+/**
+ * Resolve the execution intent of a run request: the explicit `execution`
+ * when present, otherwise the shared default. The `agentKind` cast is the
+ * one sanctioned place a request's free-form agent string becomes an
+ * `AgentSpec`: the schema deliberately leaves it unconstrained so the
+ * policy engine (not parsing) decides permissibility.
+ */
+export function executionFromRunRequest(request) {
+    if (request.execution)
+        return request.execution;
+    return defaultExecutionSpec({
+        kind: request.agentKind,
+        ...(request.agentVersion ? { version: request.agentVersion } : {})
+    }, request.prompt);
+}

package/dist/generated/model-fusion-openapi.d.ts

@@ -0,0 +1,44 @@
+import type { JsonValue } from "../jcs.js";
+export declare const MODEL_FUSION_OPENAPI_SOURCE_HASH: "sha256:346c92f11550ae61a8571972f5db0be8bd5b479984a779d48e42fccf9cd929cb";
+export declare const MODEL_FUSION_HARNESS_EXECUTOR_PATH: "/v1/harness-executions";
+export type ModelFusionOpenApiPersistedJsonRecord = {
+    "schema": string;
+    "schema_version": "v1";
+    "schema_bundle_hash": string;
+    "persisted_json": Record<string, JsonValue>;
+};
+export type ModelFusionOpenApiArtifactRef = {
+    "artifact_id": string;
+    "kind": string;
+    "hash": string;
+    "redaction_status"?: "synthetic" | "redacted" | "raw";
+};
+export type ModelFusionOpenApiHarnessExecutionRequest = {
+    "request_id": string;
+    "task_id": string;
+    "source_repo": string;
+    "base_git_sha": string;
+    "harness_kind": string;
+    "prompt_hash": string;
+    "allowed_tools": string[];
+    "side_effects": string;
+    "harness_run_request": ModelFusionOpenApiPersistedJsonRecord;
+};
+export type ModelFusionOpenApiHarnessExecutionResult = {
+    "request_id": string;
+    "result_id": string;
+    "status": string;
+    "candidate_ids": string[];
+    "artifacts"?: ModelFusionOpenApiArtifactRef[];
+    "harness_run_result": ModelFusionOpenApiPersistedJsonRecord;
+};
+export type ModelFusionOpenApiErrorResponse = {
+    "error": string;
+    "code"?: string;
+};
+export type ExecuteHarnessTaskClientOptions = {
+    baseUrl: string;
+    fetch?: typeof fetch;
+    headers?: Record<string, string>;
+};
+export declare function executeHarnessTask(options: ExecuteHarnessTaskClientOptions, request: ModelFusionOpenApiHarnessExecutionRequest): Promise<ModelFusionOpenApiHarnessExecutionResult>;

package/dist/generated/model-fusion-openapi.js

@@ -0,0 +1,23 @@
+/* eslint-disable */
+// Generated by scripts/generate-model-fusion-openapi-sdk.mjs. Do not edit by hand.
+// Source: packages/protocol/openapi/model-fusion-harness-executor.openapi.json
+// Source hash: sha256:346c92f11550ae61a8571972f5db0be8bd5b479984a779d48e42fccf9cd929cb
+export const MODEL_FUSION_OPENAPI_SOURCE_HASH = "sha256:346c92f11550ae61a8571972f5db0be8bd5b479984a779d48e42fccf9cd929cb";
+export const MODEL_FUSION_HARNESS_EXECUTOR_PATH = "/v1/harness-executions";
+export async function executeHarnessTask(options, request) {
+    const doFetch = options.fetch ?? fetch;
+    const response = await doFetch(new URL(MODEL_FUSION_HARNESS_EXECUTOR_PATH, options.baseUrl), {
+        method: "POST",
+        headers: {
+            "content-type": "application/json",
+            ...(options.headers ?? {})
+        },
+        body: JSON.stringify(request)
+    });
+    const body = (await response.json());
+    if (!response.ok) {
+        const error = body;
+        throw new Error(error.error ?? `executeHarnessTask failed with status ${response.status}`);
+    }
+    return body;
+}

package/dist/hash.d.ts

@@ -0,0 +1,10 @@
+export declare const SHA256_PREFIX = "sha256:";
+export declare function sha256Hex(data: string | Buffer): string;
+export declare function sha256PrefixedHex(data: string | Buffer): string;
+/** Content hash of a protocol object: sha256 over its canonical JSON. */
+export declare function hashCanonical(value: unknown): string;
+export declare function hashCanonicalSha256(value: unknown): string;
+export declare function requestHash(value: unknown): string;
+export declare function responseHash(value: unknown): string;
+export declare function artifactHash(data: string | Buffer): string;
+export declare function schemaBundleHash(schemas: Record<string, unknown>): string;

package/dist/hash.js

@@ -0,0 +1,31 @@
+import { createHash } from "node:crypto";
+import { canonicalize } from "./jcs.js";
+export const SHA256_PREFIX = "sha256:";
+export function sha256Hex(data) {
+    return createHash("sha256").update(data).digest("hex");
+}
+export function sha256PrefixedHex(data) {
+    return `${SHA256_PREFIX}${sha256Hex(data)}`;
+}
+/** Content hash of a protocol object: sha256 over its canonical JSON. */
+export function hashCanonical(value) {
+    return sha256Hex(canonicalize(value));
+}
+export function hashCanonicalSha256(value) {
+    return sha256PrefixedHex(canonicalize(value));
+}
+export function requestHash(value) {
+    return hashCanonicalSha256(value);
+}
+export function responseHash(value) {
+    return hashCanonicalSha256(value);
+}
+export function artifactHash(data) {
+    return sha256PrefixedHex(data);
+}
+export function schemaBundleHash(schemas) {
+    const payload = Object.entries(schemas)
+        .sort(([left], [right]) => left.localeCompare(right))
+        .map(([path, schema]) => ({ path, schema }));
+    return hashCanonicalSha256(payload);
+}

package/dist/index.d.ts

@@ -0,0 +1,42 @@
+/**
+ * @fusionkit/protocol — the open, versioned data contracts of the Warrant
+ * platform plus the primitives needed to create and verify them offline:
+ *
+ * - warrant.contract.v1   signed run authorization
+ * - warrant.receipt.v1    signed record of what actually happened
+ * - warrant.event.v1      hash-chained event log
+ * - warrant.manifest.v1   workspace capture manifest
+ * - warrant.policy.v1     org policy snapshot
+ * - warrant.checkpoint.v1 resumable state at a semantic boundary
+ * - warrant.envelope.v1   portable continuation (handoff) description
+ *
+ * Everything here is stable protocol surface: packages should consume these
+ * interfaces instead of recreating local string lists or proof logic.
+ */
+export { ACTOR_KINDS, AGENT_KINDS, CHECKPOINT_TIERS, DISCLOSURE_MODES, HEX_HASH_PATTERN, isAgentKind, isTerminalStatus, MODEL_FUSION_SCHEMA_NAMES, PROTOCOL_VERSIONS, RUN_EVENT_TYPES, RUN_STATUSES, SESSION_ISOLATIONS, TERMINAL_RUN_STATUSES } from "./constants.js";
+export { parseHostAllowlistEntry, parsePoolName, parseSecretName, parseWorkspaceManifestPath } from "./validators.js";
+export { defaultExecutionSpec, executionFromRunRequest } from "./execution.js";
+export type { ExecutionEnv, ExecutionLogPolicy, ExecutionSpec } from "./execution.js";
+export { evaluateToolPolicy, modelFusionSideEffects, toolArgumentsHash, toolCallKey, toolSideEffectClassFromModelFusion } from "./tool-executor.js";
+export type { ToolDefinition, ToolExecutionRequest, ToolExecutionResult, ToolExecutorBudget, ToolExecutorContract, ToolExecutorLimits, ToolExecutorMode, ToolPolicyDecision, ToolSideEffectClass } from "./tool-executor.js";
+export { canonicalize } from "./jcs.js";
+export type { JsonValue } from "./jcs.js";
+export { artifactHash, hashCanonical, hashCanonicalSha256, requestHash, responseHash, schemaBundleHash, SHA256_PREFIX, sha256Hex, sha256PrefixedHex } from "./hash.js";
+export { MODEL_FUSION_SCHEMA_BUNDLE_HASH, assertArtifactRefV1, assertBenchmarkTaskRecordV1, assertEnsembleReceiptV1, assertHarnessCandidateRecordV1, assertHarnessRunRequestV1, assertHarnessRunResultV1, assertJudgeSynthesisRecordV1, assertModelCallRecordV1, assertModelFusionRecord, assertToolCallPlanV1, assertToolExecutionRecordV1 } from "./model-fusion.js";
+export { executeHarnessTask, MODEL_FUSION_HARNESS_EXECUTOR_PATH, MODEL_FUSION_OPENAPI_SOURCE_HASH } from "./generated/model-fusion-openapi.js";
+export type { ExecuteHarnessTaskClientOptions, ModelFusionOpenApiArtifactRef, ModelFusionOpenApiErrorResponse, ModelFusionOpenApiHarnessExecutionRequest, ModelFusionOpenApiHarnessExecutionResult, ModelFusionOpenApiPersistedJsonRecord } from "./generated/model-fusion-openapi.js";
+export type { ArtifactRefV1, ArtifactRef, BenchmarkScorer, BenchmarkScorerKind, BenchmarkSourceRepo, BenchmarkTaskKind, BenchmarkTaskRecordV1, ContractMetadataV1, EnsembleReceiptV1, HarnessCandidateRecordV1, HarnessRunRequestV1, HarnessRunResultV1, JudgeSynthesisDecision, JudgeSynthesisRecordV1, ModelCallRecordV1, ModelFusionArtifactKind, ModelFusionCapabilityStatus, ModelFusionChatMessage, ModelFusionChatRole, ModelFusionError, ModelFusionErrorKind, ModelFusionHarnessKind, ModelFusionRecordV1, ModelFusionRedactionStatus, ModelFusionSchemaName, ModelFusionSideEffects, ModelFusionStatus, ModelFusionUsage, ToolCallPlanV1, ToolExecutionRecordV1 } from "./model-fusion.js";
+export { generateEd25519KeyPair, keyIdFromPublicPem, signData, verifyData } from "./keys.js";
+export type { KeyPairPem } from "./keys.js";
+export { contractHash, signContract } from "./contract.js";
+export { appendEvent, verifyChain } from "./chain.js";
+export type { ChainVerification } from "./chain.js";
+export { signReceipt, verifyReceiptBundle, verifyRunnerReceipt } from "./receipt.js";
+export type { BundleVerification } from "./receipt.js";
+export { buildReceiptStory, summarizeRunEvent } from "./receipt-story.js";
+export type { EventSummary, ReceiptStory } from "./receipt-story.js";
+export { ambientTraceId, assertFusionTraceEvent, emitTrace, FUSION_TRACE_COMPONENTS, FUSION_TRACE_EVENT_SCHEMA, FUSION_TRACE_EVENT_TYPES, FUSION_TRACE_EVENT_VERSION, getTraceEmitter, isFusionTraceEvent, judgeFinalPayload, judgeRequestPayload, judgeThinkingPayload, modelCallFinishedPayload, modelCallStartedPayload, newSpanId, newTraceId, TRACE_CANDIDATE_HEADER, TRACE_ID_HEADER, TRACE_PARENT_SPAN_HEADER, TRACE_SPAN_HEADER, TraceEmitter } from "./trace.js";
+export type { EmitInput, FusionTraceComponent, FusionTraceEvent, FusionTraceEventType } from "./trace.js";
+export { PolicyDeniedError } from "./types.js";
+export type { ActorRef, AgentKind, AgentSpec, ArtifactKind, AttestationTier, BudgetSpec, ChainedEvent, Checkpoint, CheckpointTier, ConsentRule, ContinuationRef, DataClassRule, DisclosureMode, DisclosureRecord, FailureClass, HandoffEnvelope, HandoffSource, HandoffTargetRef, KeyRef, ManifestFile, ModelUsageRecord, NetworkAccessRecord, NetworkPolicy, Policy, Receipt, ReceiptBundle, RetentionPolicy, RunContract, RunEvent, RunnerIdentity, RunnerSelector, RunStatus, SecretClaim, SecretReleaseRecord, SecretScopeRule, SemanticState, SessionIsolation, Signature, TaskSpec, ToolCallRecord, ToolJournal, WorkspaceManifest } from "./types.js";
+export type { ClaimResult, DisclosureReport, PolicyDecision, RunnerSummary, RunRequest, RunRequestInput, RunSummary, RunView } from "./api.js";

package/dist/index.js

@@ -0,0 +1,30 @@
+/**
+ * @fusionkit/protocol — the open, versioned data contracts of the Warrant
+ * platform plus the primitives needed to create and verify them offline:
+ *
+ * - warrant.contract.v1   signed run authorization
+ * - warrant.receipt.v1    signed record of what actually happened
+ * - warrant.event.v1      hash-chained event log
+ * - warrant.manifest.v1   workspace capture manifest
+ * - warrant.policy.v1     org policy snapshot
+ * - warrant.checkpoint.v1 resumable state at a semantic boundary
+ * - warrant.envelope.v1   portable continuation (handoff) description
+ *
+ * Everything here is stable protocol surface: packages should consume these
+ * interfaces instead of recreating local string lists or proof logic.
+ */
+export { ACTOR_KINDS, AGENT_KINDS, CHECKPOINT_TIERS, DISCLOSURE_MODES, HEX_HASH_PATTERN, isAgentKind, isTerminalStatus, MODEL_FUSION_SCHEMA_NAMES, PROTOCOL_VERSIONS, RUN_EVENT_TYPES, RUN_STATUSES, SESSION_ISOLATIONS, TERMINAL_RUN_STATUSES } from "./constants.js";
+export { parseHostAllowlistEntry, parsePoolName, parseSecretName, parseWorkspaceManifestPath } from "./validators.js";
+export { defaultExecutionSpec, executionFromRunRequest } from "./execution.js";
+export { evaluateToolPolicy, modelFusionSideEffects, toolArgumentsHash, toolCallKey, toolSideEffectClassFromModelFusion } from "./tool-executor.js";
+export { canonicalize } from "./jcs.js";
+export { artifactHash, hashCanonical, hashCanonicalSha256, requestHash, responseHash, schemaBundleHash, SHA256_PREFIX, sha256Hex, sha256PrefixedHex } from "./hash.js";
+export { MODEL_FUSION_SCHEMA_BUNDLE_HASH, assertArtifactRefV1, assertBenchmarkTaskRecordV1, assertEnsembleReceiptV1, assertHarnessCandidateRecordV1, assertHarnessRunRequestV1, assertHarnessRunResultV1, assertJudgeSynthesisRecordV1, assertModelCallRecordV1, assertModelFusionRecord, assertToolCallPlanV1, assertToolExecutionRecordV1 } from "./model-fusion.js";
+export { executeHarnessTask, MODEL_FUSION_HARNESS_EXECUTOR_PATH, MODEL_FUSION_OPENAPI_SOURCE_HASH } from "./generated/model-fusion-openapi.js";
+export { generateEd25519KeyPair, keyIdFromPublicPem, signData, verifyData } from "./keys.js";
+export { contractHash, signContract } from "./contract.js";
+export { appendEvent, verifyChain } from "./chain.js";
+export { signReceipt, verifyReceiptBundle, verifyRunnerReceipt } from "./receipt.js";
+export { buildReceiptStory, summarizeRunEvent } from "./receipt-story.js";
+export { ambientTraceId, assertFusionTraceEvent, emitTrace, FUSION_TRACE_COMPONENTS, FUSION_TRACE_EVENT_SCHEMA, FUSION_TRACE_EVENT_TYPES, FUSION_TRACE_EVENT_VERSION, getTraceEmitter, isFusionTraceEvent, judgeFinalPayload, judgeRequestPayload, judgeThinkingPayload, modelCallFinishedPayload, modelCallStartedPayload, newSpanId, newTraceId, TRACE_CANDIDATE_HEADER, TRACE_ID_HEADER, TRACE_PARENT_SPAN_HEADER, TRACE_SPAN_HEADER, TraceEmitter } from "./trace.js";
+export { PolicyDeniedError } from "./types.js";

package/dist/jcs.d.ts

@@ -0,0 +1,14 @@
+/**
+ * RFC 8785 (JSON Canonicalization Scheme) subset sufficient for Warrant
+ * protocol objects: members sorted by UTF-16 code units, ES number
+ * serialization (delegated to JSON.stringify, which implements the
+ * ECMA-262 algorithm JCS mandates), and no insignificant whitespace.
+ *
+ * Kept dependency-free on purpose: the offline verifier's canonicalizer is
+ * the most trust-critical code in the repo, so it is auditable in full here
+ * rather than delegated to a third-party canonicalization library.
+ */
+export type JsonValue = null | boolean | number | string | JsonValue[] | {
+    [key: string]: JsonValue;
+};
+export declare function canonicalize(value: unknown): string;

package/dist/jcs.js

@@ -0,0 +1,49 @@
+/**
+ * RFC 8785 (JSON Canonicalization Scheme) subset sufficient for Warrant
+ * protocol objects: members sorted by UTF-16 code units, ES number
+ * serialization (delegated to JSON.stringify, which implements the
+ * ECMA-262 algorithm JCS mandates), and no insignificant whitespace.
+ *
+ * Kept dependency-free on purpose: the offline verifier's canonicalizer is
+ * the most trust-critical code in the repo, so it is auditable in full here
+ * rather than delegated to a third-party canonicalization library.
+ */
+export function canonicalize(value) {
+    if (value === null)
+        return "null";
+    switch (typeof value) {
+        case "boolean":
+            return value ? "true" : "false";
+        case "number": {
+            if (!Number.isFinite(value)) {
+                throw new Error("non-finite numbers are not representable in JCS");
+            }
+            // RFC 8785 specifies ECMAScript Number::toString for number output,
+            // which is exactly what JSON.stringify produces for a finite number;
+            // delegating here is correct, not a shortcut.
+            return JSON.stringify(value);
+        }
+        case "string":
+            return JSON.stringify(value);
+        case "object": {
+            if (Array.isArray(value)) {
+                return `[${value.map((item) => canonicalize(item === undefined ? null : item)).join(",")}]`;
+            }
+            const record = value;
+            const keys = Object.keys(record)
+                .filter((key) => record[key] !== undefined)
+                .sort();
+            const members = keys.map((key) => `${JSON.stringify(key)}:${canonicalize(record[key])}`);
+            return `{${members.join(",")}}`;
+        }
+        case "undefined":
+        case "function":
+        case "symbol":
+        case "bigint":
+            throw new Error(`type ${typeof value} is not representable in JCS`);
+        default: {
+            const exhausted = typeof value;
+            throw new Error(`unreachable: ${String(exhausted)}`);
+        }
+    }
+}

package/dist/keys.d.ts

@@ -0,0 +1,14 @@
+export type KeyPairPem = {
+    publicKeyPem: string;
+    privateKeyPem: string;
+};
+export declare function generateEd25519KeyPair(): KeyPairPem;
+/**
+ * Stable identifier for a public key: the algorithm tag plus a truncated
+ * SHA-256 fingerprint of its PEM. The fingerprint length is a deliberate,
+ * shared constant (KEY_ID_HEX_LENGTH) — 64 bits is ample to identify an
+ * enrolled key while keeping ids short.
+ */
+export declare function keyIdFromPublicPem(publicKeyPem: string): string;
+export declare function signData(privateKeyPem: string, data: string | Buffer): string;
+export declare function verifyData(publicKeyPem: string, data: string | Buffer, signatureB64: string): boolean;