@intentius/chant-lexicon-temporal 0.6.0 → 0.8.0

package/dist/codegen/docs-cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env tsx
+export {};
+//# sourceMappingURL=docs-cli.d.ts.map

package/dist/codegen/docs-cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"docs-cli.d.ts","sourceRoot":"","sources":["../../src/codegen/docs-cli.ts"],"names":[],"mappings":""}

package/dist/codegen/docs.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Generate documentation site for the Temporal lexicon.
+ */
+export declare function generateDocs(options?: {
+    verbose?: boolean;
+}): Promise<void>;
+//# sourceMappingURL=docs.d.ts.map

package/dist/codegen/docs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"docs.d.ts","sourceRoot":"","sources":["../../src/codegen/docs.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAkBjF"}

package/dist/codegen/generate-cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env tsx
+export {};
+//# sourceMappingURL=generate-cli.d.ts.map

package/dist/codegen/generate-cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-cli.d.ts","sourceRoot":"","sources":["../../src/codegen/generate-cli.ts"],"names":[],"mappings":""}

package/dist/codegen/generate.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Temporal lexicon generation step.
+ *
+ * All 4 resources (TemporalServer, TemporalNamespace, SearchAttribute, TemporalSchedule)
+ * are hand-written. There is no remote spec to fetch or parse. This module builds
+ * the required lexiconJSON catalog and typesDTS stubs so that packagePipeline
+ * can hash and write dist/ artifacts correctly.
+ */
+import type { GenerateResult } from "@intentius/chant/codegen/generate";
+export type { GenerateResult };
+export declare function generate(opts?: {
+    verbose?: boolean;
+    force?: boolean;
+}): Promise<GenerateResult>;
+export declare function writeGeneratedFiles(_result: GenerateResult, pkgDir: string): void;
+//# sourceMappingURL=generate.d.ts.map

package/dist/codegen/generate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate.d.ts","sourceRoot":"","sources":["../../src/codegen/generate.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AAExE,YAAY,EAAE,cAAc,EAAE,CAAC;AAgD/B,wBAAsB,QAAQ,CAAC,IAAI,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,cAAc,CAAC,CAarG;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAKjF"}

package/dist/codegen/package-cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env tsx
+export {};
+//# sourceMappingURL=package-cli.d.ts.map

package/dist/codegen/package-cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"package-cli.d.ts","sourceRoot":"","sources":["../../src/codegen/package-cli.ts"],"names":[],"mappings":""}

package/dist/codegen/package.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Temporal lexicon packaging — delegates to core packagePipeline.
+ */
+import { type PackageOptions, type PackageResult } from "@intentius/chant/codegen/package";
+export type { PackageOptions, PackageResult };
+/**
+ * Package the Temporal lexicon into a distributable BundleSpec.
+ */
+export declare function packageLexicon(opts?: PackageOptions): Promise<PackageResult>;
+//# sourceMappingURL=package.d.ts.map

package/dist/codegen/package.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"package.d.ts","sourceRoot":"","sources":["../../src/codegen/package.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,OAAO,EAGL,KAAK,cAAc,EACnB,KAAK,aAAa,EACnB,MAAM,kCAAkC,CAAC;AAG1C,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC;AAM9C;;GAEG;AACH,wBAAsB,cAAc,CAAC,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,aAAa,CAAC,CA6BtF"}

package/dist/composites/apply-op.d.ts

@@ -0,0 +1,73 @@
+/**
+ * ApplyOp composite — the code → cloud workflow as an Op.
+ *
+ * Compute the plan, then apply via the target's native mechanism. Authority
+ * stays with the platform (the CloudFormation stack, the Kubernetes API
+ * server, the ARM resource group) — chant never hosts a state file.
+ *
+ * Phases: build → plan → [approve] → apply. Deletes are limited to chant-owned
+ * orphans, ridden on the native prune/complete path scoped to the ownership
+ * marker, so a foreign resource is never touched.
+ *
+ * An ungated apply may run on the local Op executor; a gated apply needs
+ * Temporal for the durable approval wait (added in #125).
+ *
+ * @example
+ * ```typescript
+ * // additive, local executor
+ * export const { op } = ApplyOp({ name: "prod-apply", env: "prod", target: "kubectl" });
+ *
+ * // gated destructive apply on Temporal
+ * export const { op } = ApplyOp({
+ *   name: "prod-apply",
+ *   env: "prod",
+ *   target: "kubectl",
+ *   delete: "gated",
+ *   gate: { signalName: "approve-apply", description: "Approve prod apply with deletes" },
+ * });
+ * ```
+ *
+ * @see #112 — stateless-authoritative state model + live import
+ */
+import { OpResource } from "@intentius/chant/op";
+import type { ApplyTarget, DeleteMode } from "../op/activities/apply.js";
+export interface ApplyOpConfig {
+    /** Op name (kebab-case). */
+    name: string;
+    /** Environment — CFN stack name / ARM resource group / kube context env. */
+    env: string;
+    /** Native apply mechanism. Default: "kubectl". */
+    target?: ApplyTarget;
+    /** Built manifest/template path (or directory for kubectl). Default: "dist". */
+    output?: string;
+    /** Project directory to build. Default: ".". */
+    path?: string;
+    /** Delete handling. Default: "never". */
+    delete?: DeleteMode;
+    /**
+     * Approval gate before the apply. Implied when `delete: "gated"`; may also be
+     * set explicitly. Omit `signalName` to default to `approve-<name>`.
+     */
+    gate?: {
+        signalName?: string;
+        timeout?: string;
+        description?: string;
+    };
+    /**
+     * Saga-style rollback on partial apply failure, run as an `onFailure` phase.
+     * Defaults on whenever the apply is destructive (`delete !== "never"`). Pass
+     * `{ command }` to supply a rollback command for targets without a native one
+     * (kubectl, ARM); `false` to disable.
+     */
+    compensate?: boolean | {
+        command?: string;
+    };
+    /** Override the task queue. Defaults to `name`. */
+    taskQueue?: string;
+}
+export interface ApplyOpResources {
+    /** Op resource — generates the build→plan→[approve]→apply workflow. */
+    op: InstanceType<typeof OpResource>;
+}
+export declare function ApplyOp(config: ApplyOpConfig): ApplyOpResources;
+//# sourceMappingURL=apply-op.d.ts.map

package/dist/composites/apply-op.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apply-op.d.ts","sourceRoot":"","sources":["../../src/composites/apply-op.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,OAAO,EAA6B,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEtE,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,4EAA4E;IAC5E,GAAG,EAAE,MAAM,CAAC;IACZ,kDAAkD;IAClD,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,gFAAgF;IAChF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gDAAgD;IAChD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,yCAAyC;IACzC,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB;;;OAGG;IACH,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACvE;;;;;OAKG;IACH,UAAU,CAAC,EAAE,OAAO,GAAG;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,mDAAmD;IACnD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,uEAAuE;IACvE,EAAE,EAAE,YAAY,CAAC,OAAO,UAAU,CAAC,CAAC;CACrC;AAED,wBAAgB,OAAO,CAAC,MAAM,EAAE,aAAa,GAAG,gBAAgB,CAqE/D"}

package/dist/composites/cloud-stack.d.ts

@@ -0,0 +1,54 @@
+/**
+ * TemporalCloudStack composite — a Temporal Cloud namespace + search attributes.
+ *
+ * Bundles a TemporalNamespace with an optional set of SearchAttribute entities.
+ * No server resource is included — this composite assumes you are connecting
+ * to Temporal Cloud (or a remotely managed server).
+ *
+ * @example
+ * ```typescript
+ * export const { ns, searchAttributes } = TemporalCloudStack({
+ *   namespace: "prod",
+ *   retention: "30d",
+ *   searchAttributes: [
+ *     { name: "Project", type: "Keyword" },
+ *     { name: "Priority", type: "Int" },
+ *   ],
+ * });
+ * ```
+ */
+import { TemporalNamespace, SearchAttribute } from "../resources.js";
+import type { SearchAttributeProps } from "../resources.js";
+export interface TemporalCloudStackConfig {
+    /** Namespace name (required). */
+    namespace: string;
+    /**
+     * Workflow history retention.
+     * @default "30d"
+     */
+    retention?: string;
+    /** Human-readable description for the namespace. */
+    description?: string;
+    /**
+     * Search attribute definitions to register in this namespace.
+     * Each entry creates a SearchAttribute entity scoped to this namespace.
+     */
+    searchAttributes?: Array<Pick<SearchAttributeProps, "name" | "type">>;
+}
+export interface TemporalCloudStackResources {
+    ns: InstanceType<typeof TemporalNamespace>;
+    searchAttributes: InstanceType<typeof SearchAttribute>[];
+}
+/**
+ * Create a Temporal Cloud namespace stack.
+ *
+ * Returns a TemporalNamespace and an array of SearchAttribute entities.
+ * Export the namespace and spread the search attributes from your chant project:
+ *
+ * ```typescript
+ * export const { ns, searchAttributes } = TemporalCloudStack({ namespace: "prod" });
+ * export const [projectAttr, priorityAttr] = searchAttributes;
+ * ```
+ */
+export declare function TemporalCloudStack(config: TemporalCloudStackConfig): TemporalCloudStackResources;
+//# sourceMappingURL=cloud-stack.d.ts.map

package/dist/composites/cloud-stack.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloud-stack.d.ts","sourceRoot":"","sources":["../../src/composites/cloud-stack.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEzD,MAAM,WAAW,wBAAwB;IACvC,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oDAAoD;IACpD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,KAAK,CAAC,IAAI,CAAC,oBAAoB,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC;CACvE;AAED,MAAM,WAAW,2BAA2B;IAC1C,EAAE,EAAE,YAAY,CAAC,OAAO,iBAAiB,CAAC,CAAC;IAC3C,gBAAgB,EAAE,YAAY,CAAC,OAAO,eAAe,CAAC,EAAE,CAAC;CAC1D;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,wBAAwB,GAAG,2BAA2B,CAiBhG"}

package/dist/composites/dev-stack.d.ts

@@ -0,0 +1,63 @@
+/**
+ * TemporalDevStack composite — a local dev server + default namespace.
+ *
+ * Wires together a TemporalServer (dev mode) and a TemporalNamespace so
+ * that `chant build` emits a docker-compose.yml and temporal-setup.sh
+ * ready for local development.
+ *
+ * @example
+ * ```typescript
+ * export const { server, ns } = TemporalDevStack({
+ *   namespace: "my-app",
+ *   retention: "7d",
+ * });
+ * ```
+ */
+import { TemporalServer, TemporalNamespace } from "../resources.js";
+export interface TemporalDevStackConfig {
+    /**
+     * Temporal server version.
+     * @default "1.26.2"
+     */
+    version?: string;
+    /**
+     * gRPC port for the Temporal frontend.
+     * @default 7233
+     */
+    port?: number;
+    /**
+     * Port for the Temporal Web UI.
+     * @default 8080
+     */
+    uiPort?: number;
+    /**
+     * Namespace to create on first run.
+     * @default "default"
+     */
+    namespace?: string;
+    /**
+     * Workflow history retention for the namespace.
+     * @default "7d"
+     */
+    retention?: string;
+    /**
+     * Human-readable description for the namespace.
+     */
+    description?: string;
+}
+export interface TemporalDevStackResources {
+    server: InstanceType<typeof TemporalServer>;
+    ns: InstanceType<typeof TemporalNamespace>;
+}
+/**
+ * Create a local Temporal dev stack.
+ *
+ * Returns a TemporalServer (dev mode) and a TemporalNamespace wired to the
+ * same default namespace. Export both from your chant project:
+ *
+ * ```typescript
+ * export const { server, ns } = TemporalDevStack({ namespace: "my-app" });
+ * ```
+ */
+export declare function TemporalDevStack(config?: TemporalDevStackConfig): TemporalDevStackResources;
+//# sourceMappingURL=dev-stack.d.ts.map

package/dist/composites/dev-stack.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dev-stack.d.ts","sourceRoot":"","sources":["../../src/composites/dev-stack.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEjE,MAAM,WAAW,sBAAsB;IACrC;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,yBAAyB;IACxC,MAAM,EAAE,YAAY,CAAC,OAAO,cAAc,CAAC,CAAC;IAC5C,EAAE,EAAE,YAAY,CAAC,OAAO,iBAAiB,CAAC,CAAC;CAC5C;AAED;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,GAAE,sBAA2B,GAAG,yBAAyB,CAe/F"}

package/dist/composites/pipeline-audit-op.d.ts

@@ -0,0 +1,55 @@
+/**
+ * PipelineAuditOp composite — the live include/component audit of GitLab
+ * pipelines as a chant Op + an optional TemporalSchedule (#303).
+ *
+ * The gitlab post-synth checks (#297) own everything answerable from the
+ * deterministic build. This Op owns *only* the checks that require live
+ * resolution against a moving upstream truth — a pinned component/include ref
+ * that no longer resolves, an archived or moved upstream project, or a new
+ * advisory covering a component/image in use. It sits at **observe** on the
+ * lifecycle dial, with a finding-mode (`report | issue | merge-request`) as the
+ * **reconcile** step — for GitLab the PR mode is a merge request.
+ *
+ * Runs one-shot on the local Op executor via `chant run`; on Temporal when a
+ * `schedule` is given.
+ *
+ * @example
+ * ```typescript
+ * export const { op, schedule } = PipelineAuditOp({
+ *   name: "pipeline-audit",
+ *   schedule: "0 6 * * *",
+ *   onFinding: "merge-request",
+ * });
+ * ```
+ *
+ * @see #297 — the deterministic counterpart this freshens.
+ */
+import { OpResource } from "@intentius/chant/op";
+import { TemporalSchedule } from "../resources.js";
+import type { PipelineAuditMode } from "../op/activities/pipeline-audit.js";
+export interface PipelineAuditOpConfig {
+    /** Op name (kebab-case). Used as workflow function name, task queue, schedule id base. */
+    name: string;
+    /** Cron expression. When set, a TemporalSchedule fires the workflow; omit for one-shot. */
+    schedule?: string;
+    /**
+     * Path to the emitted `.gitlab-ci.yml` to audit at run time.
+     * @default ".gitlab-ci.yml"
+     */
+    pipelineFile?: string;
+    /**
+     * What to produce on findings. Default: "report".
+     * @default "report"
+     */
+    onFinding?: PipelineAuditMode;
+    /** Override the task queue. Defaults to `name`. */
+    taskQueue?: string;
+}
+export interface PipelineAuditOpResources {
+    /** Op resource — generates the audit workflow on `chant build`. */
+    op: InstanceType<typeof OpResource>;
+    /** Temporal schedule, present only when `schedule` was given. */
+    schedule?: InstanceType<typeof TemporalSchedule>;
+}
+export declare function PipelineAuditOp(config: PipelineAuditOpConfig): PipelineAuditOpResources;
+//# sourceMappingURL=pipeline-audit-op.d.ts.map

package/dist/composites/pipeline-audit-op.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pipeline-audit-op.d.ts","sourceRoot":"","sources":["../../src/composites/pipeline-audit-op.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAa,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AAMzE,MAAM,WAAW,qBAAqB;IACpC,0FAA0F;IAC1F,IAAI,EAAE,MAAM,CAAC;IACb,2FAA2F;IAC3F,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;OAGG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC;IAC9B,mDAAmD;IACnD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,wBAAwB;IACvC,mEAAmE;IACnE,EAAE,EAAE,YAAY,CAAC,OAAO,UAAU,CAAC,CAAC;IACpC,iEAAiE;IACjE,QAAQ,CAAC,EAAE,YAAY,CAAC,OAAO,gBAAgB,CAAC,CAAC;CAClD;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,qBAAqB,GAAG,wBAAwB,CAsCvF"}

package/dist/composites/reconcile-op.d.ts

@@ -0,0 +1,62 @@
+/**
+ * ReconcileOp composite — the cloud → code workflow as an Op.
+ *
+ * Keeps source tracking reality: when live drifts from declarations, open a PR
+ * that regenerates the affected TypeScript. Mirrors the {@link WatchOp} shape.
+ *
+ * Phases: snapshot → plan → regenerate (live import) → open PR. The
+ * regenerate-and-PR step is the `reconcilePr` activity (#122), which derives
+ * the change set from `chant lifecycle plan` and opens a reviewable PR.
+ *
+ * Runs on the local Op executor for a one-shot `chant run`; on Temporal when a
+ * `schedule` is given (the cron + run history are the value, as with WatchOp).
+ *
+ * @example
+ * ```typescript
+ * // one-shot, local executor
+ * export const { op } = ReconcileOp({ name: "prod-reconcile", env: "prod" });
+ *
+ * // scheduled on Temporal
+ * export const { op, schedule } = ReconcileOp({
+ *   name: "prod-reconcile",
+ *   env: "prod",
+ *   schedule: "0 * * * *",        // hourly
+ *   scope: { owned: true },
+ * });
+ * ```
+ *
+ * @see #112 — stateless-authoritative state model + live import
+ */
+import { OpResource } from "@intentius/chant/op";
+import { TemporalSchedule } from "../resources.js";
+import type { ReconcileMode } from "../op/activities/reconcile.js";
+export interface ReconcileOpConfig {
+    /** Op name (kebab-case). Used as workflow function name, task queue, schedule id base. */
+    name: string;
+    /** Environment to reconcile (e.g. "prod"). */
+    env: string;
+    /**
+     * Cron expression. When set, a TemporalSchedule fires the workflow; omit for
+     * one-shot `chant run` on the local executor.
+     */
+    schedule?: string;
+    /**
+     * What to produce on drift. Default: "pull-request".
+     * @default "pull-request"
+     */
+    onDrift?: ReconcileMode;
+    /** Restrict reconciliation to chant-owned resources. */
+    scope?: {
+        owned?: boolean;
+    };
+    /** Override the task queue. Defaults to `name`. */
+    taskQueue?: string;
+}
+export interface ReconcileOpResources {
+    /** Op resource — generates the snapshot→plan→regenerate→PR workflow. */
+    op: InstanceType<typeof OpResource>;
+    /** Temporal schedule, present only when `schedule` was given. */
+    schedule?: InstanceType<typeof TemporalSchedule>;
+}
+export declare function ReconcileOp(config: ReconcileOpConfig): ReconcileOpResources;
+//# sourceMappingURL=reconcile-op.d.ts.map

package/dist/composites/reconcile-op.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reconcile-op.d.ts","sourceRoot":"","sources":["../../src/composites/reconcile-op.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAuB,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAMhE,MAAM,WAAW,iBAAiB;IAChC,0FAA0F;IAC1F,IAAI,EAAE,MAAM,CAAC;IACb,8CAA8C;IAC9C,GAAG,EAAE,MAAM,CAAC;IACZ;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,wDAAwD;IACxD,KAAK,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAC5B,mDAAmD;IACnD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,oBAAoB;IACnC,wEAAwE;IACxE,EAAE,EAAE,YAAY,CAAC,OAAO,UAAU,CAAC,CAAC;IACpC,iEAAiE;IACjE,QAAQ,CAAC,EAAE,YAAY,CAAC,OAAO,gBAAgB,CAAC,CAAC;CAClD;AAED,wBAAgB,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,oBAAoB,CA6C3E"}

package/dist/composites/watch-op.d.ts

@@ -0,0 +1,56 @@
+/**
+ * WatchOp composite — periodic state observation via a chant Op + a
+ * TemporalSchedule.
+ *
+ * Composes existing pieces:
+ *   - The Op codegen (#7) emits a workflow that runs phases sequentially
+ *   - The auto-emit search-attribute behavior (#28) tags each phase
+ *   - The pre-built lifecycleSnapshot + lifecycleDiff activities (this commit)
+ *   - TemporalSchedule fires the workflow on a cron schedule
+ *
+ * @example
+ * ```typescript
+ * export const { op, schedule } = WatchOp({
+ *   name: "prod-watch",
+ *   env: "prod",
+ *   schedule: "0,15,30,45 * * * *", // every 15 minutes
+ * });
+ * ```
+ *
+ * @see #31 — Continuous observation (the issue this composite addresses)
+ */
+import { OpResource } from "@intentius/chant/op";
+import { TemporalSchedule } from "../resources.js";
+export interface WatchOpConfig {
+    /**
+     * Op name (kebab-case). Used as workflow function name (camelCase),
+     * task queue, and schedule id base.
+     */
+    name: string;
+    /** Environment to snapshot + diff (e.g. "prod"). */
+    env: string;
+    /**
+     * Cron expression controlling how often the watch runs.
+     * @example "0,15,30,45 * * * *" — every 15 minutes
+     * @example "0 * * * *" — hourly
+     */
+    schedule: string;
+    /**
+     * Override the task queue. Defaults to `name`.
+     */
+    taskQueue?: string;
+    /**
+     * Run `chant lifecycle diff --live` (queries cloud APIs) instead of the
+     * default digest-only diff. Recommended for real drift detection.
+     * @default true
+     */
+    live?: boolean;
+}
+export interface WatchOpResources {
+    /** Op resource — generates the snapshot+diff workflow on `chant build`. */
+    op: InstanceType<typeof OpResource>;
+    /** Temporal schedule that fires the workflow on the configured cron. */
+    schedule: InstanceType<typeof TemporalSchedule>;
+}
+export declare function WatchOp(config: WatchOpConfig): WatchOpResources;
+//# sourceMappingURL=watch-op.d.ts.map

package/dist/composites/watch-op.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"watch-op.d.ts","sourceRoot":"","sources":["../../src/composites/watch-op.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAuB,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAMhD,MAAM,WAAW,aAAa;IAC5B;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAC;IACb,oDAAoD;IACpD,GAAG,EAAE,MAAM,CAAC;IACZ;;;;OAIG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,2EAA2E;IAC3E,EAAE,EAAE,YAAY,CAAC,OAAO,UAAU,CAAC,CAAC;IACpC,wEAAwE;IACxE,QAAQ,EAAE,YAAY,CAAC,OAAO,gBAAgB,CAAC,CAAC;CACjD;AAED,wBAAgB,OAAO,CAAC,MAAM,EAAE,aAAa,GAAG,gBAAgB,CAsC/D"}

package/dist/composites/workflow-audit-op.d.ts

@@ -0,0 +1,61 @@
+/**
+ * WorkflowAuditOp composite — the live supply-chain audit of GitHub workflows
+ * as a chant Op + an optional TemporalSchedule (#292).
+ *
+ * The github post-synth checks (#286-#291) own everything answerable from the
+ * deterministic build. This Op owns *only* the checks that require live
+ * resolution against a moving upstream truth — stale SHA pins, impostor refs,
+ * symbolic-ref confusion, pin/comment mismatch, advisories, archived upstreams.
+ * It sits at **observe** on the lifecycle dial, with a finding-mode (mirroring
+ * `ReconcileOp`: `report | issue | pull-request`) as the **reconcile** step.
+ *
+ * Runs one-shot on the local Op executor via `chant run`; on Temporal when a
+ * `schedule` is given, for continuous re-audit between change windows.
+ *
+ * @example
+ * ```typescript
+ * // one-shot, local executor
+ * export const { op } = WorkflowAuditOp({ name: "actions-audit" });
+ *
+ * // scheduled daily on Temporal, open a PR that bumps a stale pin
+ * export const { op, schedule } = WorkflowAuditOp({
+ *   name: "actions-audit",
+ *   schedule: "0 6 * * *",
+ *   onFinding: "pull-request",
+ * });
+ * ```
+ *
+ * @see #286 — the deterministic counterpart this freshens.
+ */
+import { OpResource } from "@intentius/chant/op";
+import { TemporalSchedule } from "../resources.js";
+import type { WorkflowAuditMode } from "../op/activities/workflow-audit.js";
+export interface WorkflowAuditOpConfig {
+    /** Op name (kebab-case). Used as workflow function name, task queue, schedule id base. */
+    name: string;
+    /**
+     * Cron expression. When set, a TemporalSchedule fires the workflow for
+     * continuous re-audit; omit for one-shot `chant run` on the local executor.
+     */
+    schedule?: string;
+    /**
+     * Directory of emitted workflow files to audit at run time.
+     * @default ".github/workflows"
+     */
+    workflowsDir?: string;
+    /**
+     * What to produce on findings. Default: "report".
+     * @default "report"
+     */
+    onFinding?: WorkflowAuditMode;
+    /** Override the task queue. Defaults to `name`. */
+    taskQueue?: string;
+}
+export interface WorkflowAuditOpResources {
+    /** Op resource — generates the audit workflow on `chant build`. */
+    op: InstanceType<typeof OpResource>;
+    /** Temporal schedule, present only when `schedule` was given. */
+    schedule?: InstanceType<typeof TemporalSchedule>;
+}
+export declare function WorkflowAuditOp(config: WorkflowAuditOpConfig): WorkflowAuditOpResources;
+//# sourceMappingURL=workflow-audit-op.d.ts.map

package/dist/composites/workflow-audit-op.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"workflow-audit-op.d.ts","sourceRoot":"","sources":["../../src/composites/workflow-audit-op.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAuB,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AAMzE,MAAM,WAAW,qBAAqB;IACpC,0FAA0F;IAC1F,IAAI,EAAE,MAAM,CAAC;IACb;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;OAGG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC;IAC9B,mDAAmD;IACnD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,wBAAwB;IACvC,mEAAmE;IACnE,EAAE,EAAE,YAAY,CAAC,OAAO,UAAU,CAAC,CAAC;IACpC,iEAAiE;IACjE,QAAQ,CAAC,EAAE,YAAY,CAAC,OAAO,gBAAgB,CAAC,CAAC;CAClD;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,qBAAqB,GAAG,wBAAwB,CAwCvF"}