npm - @jterrats/open-orchestra - Versions diffs - 1.0.17 → 1.1.0 - Mend

@jterrats/open-orchestra 1.0.17 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

package/CHANGELOG.md +44 -0
package/CLAUDE.md +1 -0
package/dist/active-runtime-store.d.ts +18 -0
package/dist/active-runtime-store.js +75 -0
package/dist/active-runtime-store.js.map +1 -0
package/dist/chat-api-errors.d.ts +7 -0
package/dist/chat-api-errors.js +15 -0
package/dist/chat-api-errors.js.map +1 -0
package/dist/chat-api-message-persistence.d.ts +12 -0
package/dist/chat-api-message-persistence.js +125 -0
package/dist/chat-api-message-persistence.js.map +1 -0
package/dist/chat-api-records.d.ts +35 -0
package/dist/chat-api-records.js +94 -0
package/dist/chat-api-records.js.map +1 -0
package/dist/chat-api-service.d.ts +32 -0
package/dist/chat-api-service.js +120 -0
package/dist/chat-api-service.js.map +1 -0
package/dist/chat-api-storage.d.ts +1 -0
package/dist/chat-api-storage.js +14 -0
package/dist/chat-api-storage.js.map +1 -0
package/dist/chat-api-types.d.ts +81 -0
package/dist/chat-api-types.js +2 -0
package/dist/chat-api-types.js.map +1 -0
package/dist/chat-compliance-service.d.ts +60 -0
package/dist/chat-compliance-service.js +241 -0
package/dist/chat-compliance-service.js.map +1 -0
package/dist/chat-event-stream.d.ts +13 -0
package/dist/chat-event-stream.js +124 -0
package/dist/chat-event-stream.js.map +1 -0
package/dist/chat-pagination.d.ts +6 -0
package/dist/chat-pagination.js +64 -0
package/dist/chat-pagination.js.map +1 -0
package/dist/chat-storage-actor-validation.d.ts +4 -0
package/dist/chat-storage-actor-validation.js +65 -0
package/dist/chat-storage-actor-validation.js.map +1 -0
package/dist/chat-storage-content-policy.d.ts +6 -0
package/dist/chat-storage-content-policy.js +84 -0
package/dist/chat-storage-content-policy.js.map +1 -0
package/dist/chat-storage-errors.d.ts +20 -0
package/dist/chat-storage-errors.js +17 -0
package/dist/chat-storage-errors.js.map +1 -0
package/dist/chat-storage-local-files.d.ts +17 -0
package/dist/chat-storage-local-files.js +78 -0
package/dist/chat-storage-local-files.js.map +1 -0
package/dist/chat-storage-local-paths.d.ts +6 -0
package/dist/chat-storage-local-paths.js +124 -0
package/dist/chat-storage-local-paths.js.map +1 -0
package/dist/chat-storage-local-projection.d.ts +10 -0
package/dist/chat-storage-local-projection.js +55 -0
package/dist/chat-storage-local-projection.js.map +1 -0
package/dist/chat-storage-local-records.d.ts +13 -0
package/dist/chat-storage-local-records.js +56 -0
package/dist/chat-storage-local-records.js.map +1 -0
package/dist/chat-storage-local.d.ts +6 -0
package/dist/chat-storage-local.js +114 -0
package/dist/chat-storage-local.js.map +1 -0
package/dist/chat-storage-validation.d.ts +10 -0
package/dist/chat-storage-validation.js +100 -0
package/dist/chat-storage-validation.js.map +1 -0
package/dist/chat-storage.d.ts +16 -0
package/dist/chat-storage.js +4 -0
package/dist/chat-storage.js.map +1 -0
package/dist/chat-workflow-timeline.d.ts +17 -0
package/dist/chat-workflow-timeline.js +210 -0
package/dist/chat-workflow-timeline.js.map +1 -0
package/dist/{workspace-claude-settings.d.ts → claude-settings.d.ts} +22 -3
package/dist/{workspace-claude-settings.js → claude-settings.js} +28 -9
package/dist/claude-settings.js.map +1 -0
package/dist/command-init.d.ts +2 -0
package/dist/command-init.js +150 -0
package/dist/command-init.js.map +1 -0
package/dist/command-manifest.js +1 -1
package/dist/command-manifest.js.map +1 -1
package/dist/commands.d.ts +1 -1
package/dist/commands.js +1 -140
package/dist/commands.js.map +1 -1
package/dist/constants.d.ts +1 -0
package/dist/constants.js +1 -0
package/dist/constants.js.map +1 -1
package/dist/context-runtime-preprocessor.d.ts +41 -0
package/dist/context-runtime-preprocessor.js +199 -0
package/dist/context-runtime-preprocessor.js.map +1 -0
package/dist/cursor-settings.d.ts +25 -0
package/dist/cursor-settings.js +72 -0
package/dist/cursor-settings.js.map +1 -0
package/dist/health-commands.js +43 -3
package/dist/health-commands.js.map +1 -1
package/dist/model-aliases.d.ts +5 -0
package/dist/model-aliases.js +37 -0
package/dist/model-aliases.js.map +1 -0
package/dist/ollama-provider.js +25 -0
package/dist/ollama-provider.js.map +1 -1
package/dist/phase-playbooks.js +11 -0
package/dist/phase-playbooks.js.map +1 -1
package/dist/provider-agent-wrapper.js +14 -0
package/dist/provider-agent-wrapper.js.map +1 -1
package/dist/qa-e2e-artifacts.js +71 -3
package/dist/qa-e2e-artifacts.js.map +1 -1
package/dist/runtime-adapters.js +56 -0
package/dist/runtime-adapters.js.map +1 -1
package/dist/runtime-bootstrap.js +32 -22
package/dist/runtime-bootstrap.js.map +1 -1
package/dist/runtime-child-prompt.js +8 -0
package/dist/runtime-child-prompt.js.map +1 -1
package/dist/runtime-context-manifest.d.ts +4 -1
package/dist/runtime-context-manifest.js +59 -3
package/dist/runtime-context-manifest.js.map +1 -1
package/dist/runtime-execution-adapters.js +19 -0
package/dist/runtime-execution-adapters.js.map +1 -1
package/dist/runtime-execution-renderer.js +4 -0
package/dist/runtime-execution-renderer.js.map +1 -1
package/dist/runtime-execution.js +13 -82
package/dist/runtime-execution.js.map +1 -1
package/dist/runtime-hooks.d.ts +46 -0
package/dist/runtime-hooks.js +95 -0
package/dist/runtime-hooks.js.map +1 -0
package/dist/runtime-parent-actions.js +5 -0
package/dist/runtime-parent-actions.js.map +1 -1
package/dist/runtime-spawn-bridge.js +1 -0
package/dist/runtime-spawn-bridge.js.map +1 -1
package/dist/runtime-spawn-guidance.js +15 -61
package/dist/runtime-spawn-guidance.js.map +1 -1
package/dist/security/chat-guardrail-policy.d.ts +7 -0
package/dist/security/chat-guardrail-policy.js +61 -0
package/dist/security/chat-guardrail-policy.js.map +1 -0
package/dist/security/chat-guardrail-types.d.ts +65 -0
package/dist/security/chat-guardrail-types.js +2 -0
package/dist/security/chat-guardrail-types.js.map +1 -0
package/dist/security/chat-guardrail-validation.d.ts +9 -0
package/dist/security/chat-guardrail-validation.js +64 -0
package/dist/security/chat-guardrail-validation.js.map +1 -0
package/dist/security/chat-guardrails.d.ts +3 -0
package/dist/security/chat-guardrails.js +136 -0
package/dist/security/chat-guardrails.js.map +1 -0
package/dist/security/content-classifier.js +33 -1
package/dist/security/content-classifier.js.map +1 -1
package/dist/security/payment-card-detection.d.ts +3 -0
package/dist/security/payment-card-detection.js +48 -0
package/dist/security/payment-card-detection.js.map +1 -0
package/dist/security/policy-types.d.ts +1 -1
package/dist/security/provider-egress-policy.d.ts +27 -0
package/dist/security/provider-egress-policy.js +72 -0
package/dist/security/provider-egress-policy.js.map +1 -0
package/dist/security/public-api-auth.d.ts +20 -0
package/dist/security/public-api-auth.js +55 -0
package/dist/security/public-api-auth.js.map +1 -0
package/dist/security/public-api-policy.d.ts +8 -0
package/dist/security/public-api-policy.js +40 -0
package/dist/security/public-api-policy.js.map +1 -0
package/dist/security/redaction.js +44 -13
package/dist/security/redaction.js.map +1 -1
package/dist/security/restricted-content-quarantine.d.ts +17 -0
package/dist/security/restricted-content-quarantine.js +50 -0
package/dist/security/restricted-content-quarantine.js.map +1 -0
package/dist/security/restricted-data-classifier.d.ts +9 -0
package/dist/security/restricted-data-classifier.js +358 -0
package/dist/security/restricted-data-classifier.js.map +1 -0
package/dist/skills-render.js +7 -14
package/dist/skills-render.js.map +1 -1
package/dist/telemetry-redaction.d.ts +2 -0
package/dist/telemetry-redaction.js +25 -2
package/dist/telemetry-redaction.js.map +1 -1
package/dist/types/chat.d.ts +203 -0
package/dist/types/chat.js +10 -0
package/dist/types/chat.js.map +1 -0
package/dist/types/model-config.d.ts +4 -0
package/dist/types/public-api.d.ts +75 -0
package/dist/types/public-api.js +2 -0
package/dist/types/public-api.js.map +1 -0
package/dist/types/restricted-data.d.ts +69 -0
package/dist/types/restricted-data.js +8 -0
package/dist/types/restricted-data.js.map +1 -0
package/dist/types/restricted-fragment.d.ts +82 -0
package/dist/types/restricted-fragment.js +14 -0
package/dist/types/restricted-fragment.js.map +1 -0
package/dist/types/runtime.d.ts +12 -0
package/dist/types.d.ts +6 -0
package/dist/types.js.map +1 -1
package/dist/web-api.js +24 -0
package/dist/web-api.js.map +1 -1
package/dist/web-artifact-parsers.d.ts +6 -0
package/dist/web-artifact-parsers.js +266 -0
package/dist/web-artifact-parsers.js.map +1 -0
package/dist/web-artifact-types.d.ts +76 -0
package/dist/web-artifact-types.js +2 -0
package/dist/web-artifact-types.js.map +1 -0
package/dist/web-artifacts.d.ts +2 -43
package/dist/web-artifacts.js +106 -57
package/dist/web-artifacts.js.map +1 -1
package/dist/web-chat-route-inputs.d.ts +11 -0
package/dist/web-chat-route-inputs.js +156 -0
package/dist/web-chat-route-inputs.js.map +1 -0
package/dist/web-chat-routes.d.ts +7 -0
package/dist/web-chat-routes.js +213 -0
package/dist/web-chat-routes.js.map +1 -0
package/dist/web-console/assets/index-CJup1cIA.css +1 -0
package/dist/web-console/assets/index-CVDOfipu.js +11 -0
package/dist/web-console/index.html +2 -2
package/dist/web-evidence.d.ts +1 -1
package/dist/web-evidence.js +9 -2
package/dist/web-evidence.js.map +1 -1
package/dist/web-public-route-inputs.d.ts +14 -0
package/dist/web-public-route-inputs.js +136 -0
package/dist/web-public-route-inputs.js.map +1 -0
package/dist/web-public-routes.d.ts +6 -0
package/dist/web-public-routes.js +194 -0
package/dist/web-public-routes.js.map +1 -0
package/dist/web-public-service.d.ts +16 -0
package/dist/web-public-service.js +154 -0
package/dist/web-public-service.js.map +1 -0
package/dist/workflow-services.js +5 -0
package/dist/workflow-services.js.map +1 -1
package/dist/workspace-runtime-bootstrap.js +15 -4
package/dist/workspace-runtime-bootstrap.js.map +1 -1
package/docs/chat-audit-retention.md +76 -0
package/docs/chat-provider-provenance-ledger.md +75 -0
package/docs/context-runtime-preprocessing.md +37 -0
package/docs/orchestra-mvp.md +8 -2
package/docs/public-api-contract.md +43 -0
package/docs/release-test-matrix.md +14 -14
package/docs/restricted-fragment-storage-contract.md +147 -0
package/docs/runtime-adapters.md +40 -7
package/docs/site-manifest.json +128 -30
package/package.json +5 -2
package/site/dist/_headers +9 -0
package/site/dist/_redirects +2 -0
package/site/dist/architecture.mmd +61 -0
package/site/dist/assets/index-Bi8l6tCE.js +10 -0
package/site/dist/assets/index-BsCLqY__.css +1 -0
package/site/dist/favicon.svg +19 -0
package/site/dist/index.html +28 -0
package/site/package.json +19 -0
package/dist/web-console/assets/index-BHs7OIv8.css +0 -1
package/dist/web-console/assets/index-BJuVTqfQ.js +0 -11
package/dist/workspace-claude-settings.js.map +0 -1

package/dist/types/chat.d.ts ADDED Viewed

@@ -0,0 +1,203 @@
+import type { RestrictedDataAuditEvent } from "./restricted-data.js";
+export declare const CHAT_ACTOR_KINDS: readonly ["human", "parent_agent", "subagent", "provider_agent", "system", "reviewer", "workflow_event"];
+export type ChatActorKind = (typeof CHAT_ACTOR_KINDS)[number];
+export interface ChatScope {
+    tenantId: string;
+    workspaceId: string;
+    taskId: string;
+    runId: string;
+    phase: string;
+    sessionId: string;
+}
+export type HumanActorSource = "web_console" | "cli" | "api";
+export type SystemActorSource = "orchestra" | "storage" | "migration";
+export type ChatRuntimeSource = "codex-cli" | "claude-cli" | "cursor-cli" | "generic-runtime";
+export interface ChatHumanActor {
+    kind: "human";
+    actorId: string;
+    displayName: string;
+    source: HumanActorSource;
+    sessionId: string;
+}
+export interface ChatParentAgentActor {
+    kind: "parent_agent";
+    actorId: string;
+    runtime: ChatRuntimeSource;
+    sessionId: string;
+}
+export interface ChatSubagentActor {
+    kind: "subagent";
+    actorId: string;
+    runtime: ChatRuntimeSource;
+    role: string;
+    sessionId: string;
+    parentSessionId: string;
+}
+export interface ChatProviderAgentActor {
+    kind: "provider_agent";
+    actorId: string;
+    provider: string;
+    model: string;
+    requestId: string;
+}
+export interface ChatSystemActor {
+    kind: "system";
+    actorId: string;
+    source: SystemActorSource;
+}
+export interface ChatReviewerActor {
+    kind: "reviewer";
+    actorId: string;
+    role: string;
+    reviewId: string;
+}
+export interface ChatWorkflowEventActor {
+    kind: "workflow_event";
+    actorId: string;
+    sourceEventId: string;
+    eventType: string;
+}
+export type ChatActor = ChatHumanActor | ChatParentAgentActor | ChatSubagentActor | ChatProviderAgentActor | ChatSystemActor | ChatReviewerActor | ChatWorkflowEventActor;
+export type ChatProvenanceSourceKind = "user_input" | "agent_output" | "provider_output" | "workflow_event" | "review" | "storage_projection" | "migration";
+export interface ChatProvenance {
+    sourceKind: ChatProvenanceSourceKind;
+    sourceId: string;
+    createdAt: string;
+    observedAt: string;
+    runtime?: ChatRuntimeSource;
+    provider?: string;
+    model?: string;
+    requestId?: string;
+    responseId?: string;
+    inputTokens?: number;
+    outputTokens?: number;
+    estimatedCostUsd?: number;
+    usageSource?: "provider" | "runtime" | "estimated" | "unavailable";
+    costSource?: "provider" | "pricing_estimate" | "free" | "unavailable";
+    parentMessageId?: string;
+    policyDecisionId?: string;
+}
+export type ChatContentState = "raw" | "redacted" | "tombstoned";
+export type ChatContentFormat = "plain_text" | "markdown" | "workflow_event";
+export type ChatRetentionStatus = "redacted_only" | "raw_allowed" | "expired" | "denied";
+export type ChatRawPersistence = "forbidden" | "allowed";
+export type ChatExportStatus = "exportable" | "redacted_only" | "not_exportable";
+export type ChatDeleteStatus = "active" | "tombstoned";
+export interface ChatRetentionMetadata {
+    policyId: string;
+    status: ChatRetentionStatus;
+    rawPersistence: ChatRawPersistence;
+    decidedAt: string;
+    expiresAt?: string;
+}
+export interface ChatExportMetadata {
+    status: ChatExportStatus;
+    rawContentExportable: boolean;
+    policyId: string;
+    decidedAt: string;
+}
+export interface ChatDeleteMetadata {
+    status: ChatDeleteStatus;
+    policyId: string;
+    tombstonedAt?: string;
+    tombstonedByActorId?: string;
+    reasonCode?: string;
+}
+export interface ChatRedactionMetadata {
+    policyId: string;
+    status: "applied";
+    redactedAt: string;
+    redactedByActorId: string;
+    markerCount: number;
+    summary: string;
+}
+export interface ChatContent {
+    format: ChatContentFormat;
+    text: string;
+}
+export type ChatReferenceKind = "workflow_run" | "task" | "evidence" | "review" | "decision" | "provider_request" | "restricted_fragment";
+export interface ChatReference {
+    kind: ChatReferenceKind;
+    id: string;
+    label?: string;
+}
+export interface ChatWorkflowTimelineEvent {
+    sourceEventId: string;
+    eventType: string;
+    actor: string;
+    summary: string;
+    taskId: string;
+    runId?: string;
+    phase?: string;
+    gateId?: string;
+    result?: string;
+    rationale?: string;
+    sessionId?: string;
+    runtime?: ChatRuntimeSource;
+    actionKind?: string;
+    artifacts: string[];
+}
+export interface ChatThread {
+    schemaVersion: number;
+    id: string;
+    scope: ChatScope;
+    title: string;
+    createdAt: string;
+    updatedAt: string;
+    actor: ChatActor;
+    provenance: ChatProvenance;
+    retention: ChatRetentionMetadata;
+    export: ChatExportMetadata;
+    delete: ChatDeleteMetadata;
+    contentState: ChatContentState;
+    summary?: string;
+}
+export interface ChatMessage {
+    schemaVersion: number;
+    id: string;
+    threadId: string;
+    scope: ChatScope;
+    actor: ChatActor;
+    provenance: ChatProvenance;
+    createdAt: string;
+    sequence: number;
+    content: ChatContent;
+    contentState: ChatContentState;
+    retention: ChatRetentionMetadata;
+    redaction?: ChatRedactionMetadata;
+    export: ChatExportMetadata;
+    delete: ChatDeleteMetadata;
+    references?: ChatReference[];
+    restricted?: RestrictedDataAuditEvent;
+    timelineEvent?: ChatWorkflowTimelineEvent;
+}
+export interface ChatStorageState {
+    schemaVersion: number;
+    scope: ChatScope;
+    threads: number;
+    messages: number;
+}
+export interface ChatListOptions {
+    limit?: number;
+    cursor?: string;
+}
+export interface ChatThreadListResult {
+    threads: ChatThread[];
+    nextCursor?: string;
+}
+export interface ChatMessageListResult {
+    messages: ChatMessage[];
+    nextCursor?: string;
+}
+export interface ChatExportOptions {
+    includeTombstoned: boolean;
+    content: "redacted_only" | "raw_when_allowed";
+}
+export interface ChatExportRecord {
+    schemaVersion: number;
+    scope: ChatScope;
+    thread: ChatThread;
+    messages: ChatMessage[];
+    exportedAt: string;
+    content: "redacted_only" | "raw_when_allowed";
+}

package/dist/types/chat.js ADDED Viewed

@@ -0,0 +1,10 @@
+export const CHAT_ACTOR_KINDS = [
+    "human",
+    "parent_agent",
+    "subagent",
+    "provider_agent",
+    "system",
+    "reviewer",
+    "workflow_event",
+];
+//# sourceMappingURL=chat.js.map

package/dist/types/chat.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"chat.js","sourceRoot":"","sources":["../../src/types/chat.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,OAAO;IACP,cAAc;IACd,UAAU;IACV,gBAAgB;IAChB,QAAQ;IACR,UAAU;IACV,gBAAgB;CACR,CAAC"}

package/dist/types/model-config.d.ts CHANGED Viewed

@@ -71,9 +71,13 @@ export interface ProviderFallbackResult {
 }
 export interface ModelProvenanceInput {
     task: string;
+    tenantId?: string;
+    workspaceId?: string;
+    sessionId?: string;
     runId?: string;
     phase?: string;
     actor?: string;
+    initiatedBy?: "human" | "parent_agent" | "subagent" | "system";
     role: string;
     provider: string;
     model: string;

package/dist/types/public-api.d.ts ADDED Viewed

@@ -0,0 +1,75 @@
+export interface PublicApiMeta {
+    requestId: string;
+    idempotencyKey?: string;
+    idempotentReplay?: boolean;
+    nextCursor?: string;
+}
+export interface PublicApiSuccess<T> {
+    data: T;
+    meta: PublicApiMeta;
+}
+export interface PublicApiErrorBody {
+    error: {
+        code: "invalid_request" | "invalid_json" | "payload_too_large" | "not_found" | "idempotency_conflict" | "policy_blocked" | "rate_limited" | "unauthorized" | "internal_error";
+        message: string;
+        requestId: string;
+        retryable: boolean;
+    };
+}
+export interface PublicApiThread {
+    id: string;
+    object: "thread";
+    title: string;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface PublicApiMessage {
+    id: string;
+    object: "message";
+    threadId: string;
+    role: "user" | "agent" | "system";
+    text: string;
+    format: "plain_text" | "markdown";
+    createdAt: string;
+}
+export interface PublicApiModel {
+    id: string;
+    object: "model";
+    title: string;
+    default: boolean;
+    capabilities: {
+        conversation: boolean;
+        streaming: boolean;
+    };
+}
+export interface PublicApiListModels {
+    models: PublicApiModel[];
+}
+export interface PublicApiListThreads {
+    threads: PublicApiThread[];
+}
+export interface PublicApiThreadDetail {
+    thread: PublicApiThread;
+}
+export interface PublicApiListMessages {
+    messages: PublicApiMessage[];
+}
+export interface PublicApiCreateThreadInput {
+    requestId?: string;
+    idempotencyKey?: string;
+    title: string;
+}
+export interface PublicApiListInput {
+    requestId?: string;
+    limit?: number;
+    cursor?: string;
+}
+export interface PublicApiThreadInput {
+    requestId?: string;
+    threadId: string;
+}
+export interface PublicApiCreateMessageInput extends PublicApiThreadInput {
+    idempotencyKey: string;
+    text: string;
+    format?: "plain_text" | "markdown";
+}

package/dist/types/public-api.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=public-api.js.map

package/dist/types/public-api.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"public-api.js","sourceRoot":"","sources":["../../src/types/public-api.ts"],"names":[],"mappings":""}

package/dist/types/restricted-data.d.ts ADDED Viewed

@@ -0,0 +1,69 @@
+export declare const restrictedDataCategories: readonly ["password", "secret", "private_key", "payment_data", "sensitive_pii"];
+export type RestrictedDataCategory = (typeof restrictedDataCategories)[number];
+export type RestrictedDataBoundary = "chat_ingress" | "public_api_ingress";
+export type RestrictedDataConfidence = "medium" | "high";
+export type RestrictedDataSeverity = "high" | "critical";
+export type RestrictedDataPolicyRecommendation = "block" | "redact" | "encrypt" | "tokenize" | "purge";
+export type RestrictedDataPolicyOutcome = "allow" | "block";
+export type RestrictedProviderEgressDecision = "allowed" | "denied";
+export type RestrictedRawPersistenceDecision = "allowed" | "forbidden";
+export type RestrictedDataAuditEventType = "restricted_data_detected" | "restricted_request_blocked" | "restricted_provider_egress_denied" | "restricted_redacted_exported" | "restricted_telemetry_redacted" | "restricted_raw_not_persisted";
+export interface RestrictedDataFinding {
+    category: RestrictedDataCategory;
+    kind: string;
+    ruleId: string;
+    confidence: RestrictedDataConfidence;
+    severity: RestrictedDataSeverity;
+    occurrenceCount: number;
+    redactionMarker: string;
+    summary: string;
+}
+export interface RestrictedDataClassification {
+    hasRestrictedData: boolean;
+    findings: RestrictedDataFinding[];
+    redactedText: string;
+    redactionCount: number;
+}
+export interface RestrictedBoundaryPolicyRequest {
+    requestId: string;
+    boundary: RestrictedDataBoundary;
+    classification: RestrictedDataClassification;
+}
+export interface RestrictedBoundaryPolicyDecision {
+    decisionId: string;
+    requestId: string;
+    boundary: RestrictedDataBoundary;
+    outcome: RestrictedDataPolicyOutcome;
+    categories: RestrictedDataCategory[];
+    recommendations: RestrictedDataPolicyRecommendation[];
+    redactionCount: number;
+    providerEgress: RestrictedProviderEgressDecision;
+    rawPersistence: RestrictedRawPersistenceDecision;
+    sanitizedReasons: string[];
+    auditSummary: string;
+}
+export interface RestrictedDataAuditFinding {
+    category: RestrictedDataCategory;
+    ruleId: string;
+    confidence: RestrictedDataConfidence;
+    severity: RestrictedDataSeverity;
+    occurrenceCount: number;
+    redactionMarker: string;
+    summary: string;
+}
+export interface RestrictedDataAuditEvent {
+    schemaVersion: 1;
+    eventType: RestrictedDataAuditEventType;
+    sourceId: string;
+    boundary?: RestrictedDataBoundary;
+    requestId?: string;
+    decisionId?: string;
+    categories: RestrictedDataCategory[];
+    findings: RestrictedDataAuditFinding[];
+    redactionCount: number;
+    redactionMarkers: string[];
+    sanitizedReasons: string[];
+    rawContentIncluded: false;
+    providerEgress?: RestrictedProviderEgressDecision;
+    rawPersistence?: RestrictedRawPersistenceDecision;
+}

package/dist/types/restricted-data.js ADDED Viewed

@@ -0,0 +1,8 @@
+export const restrictedDataCategories = [
+    "password",
+    "secret",
+    "private_key",
+    "payment_data",
+    "sensitive_pii",
+];
+//# sourceMappingURL=restricted-data.js.map

package/dist/types/restricted-data.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"restricted-data.js","sourceRoot":"","sources":["../../src/types/restricted-data.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,UAAU;IACV,QAAQ;IACR,aAAa;IACb,cAAc;IACd,eAAe;CACP,CAAC"}

package/dist/types/restricted-fragment.d.ts ADDED Viewed

@@ -0,0 +1,82 @@
+export declare const RESTRICTED_FRAGMENT_STORAGE_DEFAULT_MODE: "disabled";
+export declare const RESTRICTED_FRAGMENT_ENVELOPE_ALGORITHMS: readonly ["AES-256-GCM"];
+export declare const RESTRICTED_FRAGMENT_AUDIT_EVENTS: readonly ["restricted_fragment_detected", "restricted_fragment_shadow_recorded", "restricted_fragment_encrypted", "restricted_fragment_decrypt_denied", "restricted_fragment_restore_attempted", "restricted_fragment_ciphertext_deleted", "restricted_fragment_key_destroyed", "restricted_fragment_crypto_shredded", "restricted_fragment_backup_expiry_pending"];
+export type RestrictedFragmentStorageMode = typeof RESTRICTED_FRAGMENT_STORAGE_DEFAULT_MODE;
+export type RestrictedFragmentEnvelopeAlgorithm = (typeof RESTRICTED_FRAGMENT_ENVELOPE_ALGORITHMS)[number];
+export type RestrictedFragmentAuditEventType = (typeof RESTRICTED_FRAGMENT_AUDIT_EVENTS)[number];
+export type RestrictedFragmentCategory = "credential" | "password" | "api_key" | "token" | "private_key" | "payment_data" | "regulated_pii" | "sensitive_pii";
+export type RestrictedFragmentLifecycleStatus = "shadow_only" | "encrypted" | "delete_requested" | "ciphertext_deleted" | "key_destroyed" | "crypto_shredded" | "raw_not_persisted" | "backup_expiry_pending";
+export type RestrictedFragmentRestoreStatus = "not_allowed" | "allowed_by_policy" | "blocked_key_destroyed" | "blocked_expired" | "blocked_unauthorized" | "blocked_legal_hold" | "blocked_policy";
+export interface RestrictedFragmentRedactedShadow {
+    schemaVersion: number;
+    fragmentId: string;
+    tenantId: string;
+    workspaceId: string;
+    sourceMessageId: string;
+    category: RestrictedFragmentCategory;
+    policyId: string;
+    redactionMarker: string;
+    sanitizedSummary: string;
+    lifecycleStatus: RestrictedFragmentLifecycleStatus;
+    createdAt: string;
+    expiresAt: string;
+    legalHold: boolean;
+    plaintextDigest?: string;
+}
+export interface RestrictedFragmentKeyScope {
+    tenantId: string;
+    workspaceId: string;
+    retentionClass: string;
+    policyId: string;
+}
+export interface RestrictedFragmentCiphertextMetadata {
+    ciphertextObjectId: string;
+    ciphertextDigest: string;
+    nonceId: string;
+    authenticationTagId: string;
+}
+export interface RestrictedFragmentWrappedKeyMetadata {
+    wrappedDataKeyId: string;
+    keyVersion: string;
+    kmsProviderAlias: string;
+    keyScope: RestrictedFragmentKeyScope;
+}
+export interface RestrictedFragmentEnvelope {
+    schemaVersion: number;
+    fragmentId: string;
+    shadowId: string;
+    algorithm: RestrictedFragmentEnvelopeAlgorithm;
+    category: RestrictedFragmentCategory;
+    purpose: string;
+    retentionClass: string;
+    policyId: string;
+    ciphertext: RestrictedFragmentCiphertextMetadata;
+    wrappedKey: RestrictedFragmentWrappedKeyMetadata;
+    createdAt: string;
+    expiresAt: string;
+    legalHold: boolean;
+}
+export interface RestrictedFragmentAuditEvent {
+    schemaVersion: number;
+    eventType: RestrictedFragmentAuditEventType;
+    fragmentId: string;
+    tenantId: string;
+    workspaceId: string;
+    actorId: string;
+    policyId: string;
+    decisionId: string;
+    category: RestrictedFragmentCategory;
+    occurredAt: string;
+    sanitizedSummary: string;
+}
+export interface RestrictedFragmentCryptoShredResult {
+    fragmentId: string;
+    tenantId: string;
+    workspaceId: string;
+    status: RestrictedFragmentLifecycleStatus;
+    ciphertextDeleted: boolean;
+    keyDestroyed: boolean;
+    backupExpiryPending: boolean;
+    auditEventId: string;
+    completedAt: string;
+}

package/dist/types/restricted-fragment.js ADDED Viewed

@@ -0,0 +1,14 @@
+export const RESTRICTED_FRAGMENT_STORAGE_DEFAULT_MODE = "disabled";
+export const RESTRICTED_FRAGMENT_ENVELOPE_ALGORITHMS = ["AES-256-GCM"];
+export const RESTRICTED_FRAGMENT_AUDIT_EVENTS = [
+    "restricted_fragment_detected",
+    "restricted_fragment_shadow_recorded",
+    "restricted_fragment_encrypted",
+    "restricted_fragment_decrypt_denied",
+    "restricted_fragment_restore_attempted",
+    "restricted_fragment_ciphertext_deleted",
+    "restricted_fragment_key_destroyed",
+    "restricted_fragment_crypto_shredded",
+    "restricted_fragment_backup_expiry_pending",
+];
+//# sourceMappingURL=restricted-fragment.js.map

package/dist/types/restricted-fragment.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"restricted-fragment.js","sourceRoot":"","sources":["../../src/types/restricted-fragment.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,wCAAwC,GAAG,UAAmB,CAAC;AAE5E,MAAM,CAAC,MAAM,uCAAuC,GAAG,CAAC,aAAa,CAAU,CAAC;AAEhF,MAAM,CAAC,MAAM,gCAAgC,GAAG;IAC9C,8BAA8B;IAC9B,qCAAqC;IACrC,+BAA+B;IAC/B,oCAAoC;IACpC,uCAAuC;IACvC,wCAAwC;IACxC,mCAAmC;IACnC,qCAAqC;IACrC,2CAA2C;CACnC,CAAC"}

package/dist/types/runtime.d.ts CHANGED Viewed

@@ -35,6 +35,10 @@ export interface RuntimeAdapter {
     supportsManagedBlocks: boolean;
     supportsImports: boolean;
     guidance: string;
+    bootstrapSpawnHint?: string[];
+    recurringPreflightLines?: string[];
+    bootstrapSpawnLines?: string[];
+    spawnProtocolLines?: string[];
 }
 export interface RuntimeAdapterCatalogEntry extends RuntimeAdapter {
     executionAdapters: RuntimeExecutionAdapter[];
@@ -83,6 +87,12 @@ export interface RuntimeExecutionAdapter {
     briefOnlyFallback: boolean;
     directProviderApiAllowed: false;
     guidance: string;
+    /** Output format for skill rendering: "markdown" for most targets, "json" for structured consumers (e.g. vscode). */
+    skillRenderFormat?: "markdown" | "json";
+    /** Title heading used in the rendered skill context document. */
+    skillContextTitle?: string;
+    /** Introductory sentence placed below the title in the rendered skill context document. */
+    skillContextIntro?: string;
 }
 export interface RuntimeExecutorConfig {
     executor?: RuntimeExecutionId;
@@ -108,6 +118,7 @@ export interface RuntimeSelection {
 export interface RuntimeDelegationAssignment {
     role: string;
     paths: string[];
+    executionMode: "ask" | "plan" | "agent";
     allowedCommands: string[];
     expectedArtifacts: string[];
 }
@@ -240,6 +251,7 @@ export interface RuntimeParentAction {
     runtime: RuntimeExecutionId;
     tool: string;
     mode: RuntimeSpawnCapabilityMode;
+    executionMode: RuntimeDelegationAssignment["executionMode"];
     sessionId: string;
     phase: string;
     role: string;

package/dist/types.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import type { ContextBudgetMetadata } from "./types/context.js";
 import type { ModelProvenanceRecord, TelemetryConsentState } from "./types/model-config.js";
 import type { CollaborationFlowRecommendation, MemoryPacket, SkillPlan, SkillRenderTarget, WorkflowTemplateSelection } from "./types/skills.js";
 import type { EventEntry, LockEntry, Task, TaskStatus } from "./types/tasks.js";
+export type { ChatActor, ChatActorKind, ChatContent, ChatContentFormat, ChatContentState, ChatDeleteMetadata, ChatDeleteStatus, ChatExportMetadata, ChatExportOptions, ChatExportRecord, ChatExportStatus, ChatHumanActor, ChatListOptions, ChatMessage, ChatMessageListResult, ChatParentAgentActor, ChatProviderAgentActor, ChatProvenance, ChatProvenanceSourceKind, ChatRawPersistence, ChatRedactionMetadata, ChatReference, ChatReferenceKind, ChatRetentionMetadata, ChatRetentionStatus, ChatReviewerActor, ChatRuntimeSource, ChatScope, ChatStorageState, ChatSubagentActor, ChatSystemActor, ChatThread, ChatThreadListResult, ChatWorkflowEventActor, HumanActorSource, SystemActorSource, } from "./types/chat.js";
 export type { ContextBudgetMetadata, ContextBudgetSection, } from "./types/context.js";
 export type { ContextIndexBuildResult, ContextIndexFileEntry, ContextIndexManifest, ContextIndexSearchMatch, ContextIndexSearchResult, ContextIndexStatus, ContextPackBudget, ContextPackItem, ContextPackResult, ContextPackSnippet, } from "./types/context-index.js";
 export type { BudgetLimit, BudgetPolicy, ConfiguredProviderSummary, GitHubConfig, GitHubNotificationConfig, ModelMessage, ModelProvider, ModelProviderCapabilities, ModelProviderError, ModelProvenanceInput, ModelProvenanceRecord, ModelRequest, ModelResponse, ModelStreamEvent, NotificationChannelResult, NotificationsConfig, PhaseExecutionMode, PhaseExecutorPhase, PhaseLlmResult, PhaseOutcome, PhaseStructuredOutput, ProviderFallbackResult, ProviderFailureDetail, ProviderBackedAgentBudget, ProviderBackedAgentCost, ProviderBackedAgentEvidencePolicy, ProviderBackedAgentFallback, ProviderBackedAgentOutcome, ProviderBackedAgentPolicy, ProviderBackedAgentProvenance, ProviderBackedAgentRequest, ProviderBackedAgentResult, ProviderBackedAgentUsage, ProviderCostSource, ProviderDataClass, ProviderProfileSmokeCheck, ProviderProfileSmokeResult, ProviderCredentialConfig, ProviderCredentialsConfig, ProviderPolicyConfig, ProviderRegistryCredentialEnv, ProviderRegistryEntry, ProviderRuntimeProfile, ProviderRuntimeProfileSummary, ProviderRouting, ProviderUsageSource, SlackNotificationConfig, TelemetryConsentState, TelemetryLevel, ToolConfig, WorkflowConfig, WorkflowProvidersConfig, } from "./types/model-config.js";
@@ -307,6 +308,11 @@ export interface UsageReport {
     totals: UsageBreakdown;
     byRole: UsageBreakdown[];
     byProvider: UsageBreakdown[];
+    byTenant: UsageBreakdown[];
+    byWorkspace: UsageBreakdown[];
+    byActor: UsageBreakdown[];
+    byInitiator: UsageBreakdown[];
+    byPhase: UsageBreakdown[];
 }
 export interface BudgetViolation {
     scope: string;

package/dist/types.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"~~AAiLA~~,OAAO,EACL,aAAa,GAoBd,MAAM,oBAAoB,CAAC;AA2B5B,OAAO,EACL,0BAA0B,EAC1B,8BAA8B,EAC9B,6BAA6B,EAC7B,gCAAgC,EAChC,4BAA4B,GAC7B,MAAM,4BAA4B,CAAC"}
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAwNA,OAAO,EACL,aAAa,GAoBd,MAAM,oBAAoB,CAAC;AA2B5B,OAAO,EACL,0BAA0B,EAC1B,8BAA8B,EAC9B,6BAA6B,EAC7B,gCAAgC,EAChC,4BAA4B,GAC7B,MAAM,4BAA4B,CAAC"}

package/dist/web-api.js CHANGED Viewed

@@ -17,6 +17,8 @@ import { repairRecoveryItem } from "./web-recovery.js";
 import { renderWebConsoleHtml } from "./web-console.js";
 import { runWorkflowRun } from "./workflow-run-commands.js";
 import { handleRuntimeSpawnLifecyclePost, handleRuntimeSpawnRequestPost, } from "./web-runtime-actions.js";
+import { handleWebChatRoute } from "./web-chat-routes.js";
+import { handleWebPublicRoute } from "./web-public-routes.js";
 import { renderSubagentProtocol } from "./subagent-protocol.js";
 import { recommendCollaborationFlow } from "./collaboration-flows.js";
 import { renderWorkflowTemplates, selectWorkflowTemplates, } from "./workflow-templates.js";
@@ -250,6 +252,16 @@ export async function startWebApiServer(options = {}) {
             writeJson(response, result.status, result.body);
             return;
         }
+        const chatRoute = await handleWebChatRoute(request, selectedRoot, url);
+        if (chatRoute) {
+            writeWebChatResult(response, chatRoute);
+            return;
+        }
+        const publicRoute = await handleWebPublicRoute(request, selectedRoot, url);
+        if (publicRoute) {
+            writeJson(response, publicRoute.status, publicRoute.body);
+            return;
+        }
         if (request.method === "POST" &&
             url.pathname === "/api/workflow/gate-approve") {
             const result = await handleWorkflowGateApprovePost(request, selectedRoot);
@@ -727,6 +739,18 @@ function writeJson(response, status, body) {
     });
     response.end(`${JSON.stringify(body, null, 2)}\n`);
 }
+function writeWebChatResult(response, result) {
+    if (result.contentType === "text/event-stream") {
+        response.writeHead(result.status, {
+            "content-type": "text/event-stream; charset=utf-8",
+            "cache-control": "no-store",
+            connection: "keep-alive",
+        });
+        response.end(String(result.body));
+        return;
+    }
+    writeJson(response, result.status, result.body);
+}
 function writeHtml(response, body) {
     response.writeHead(200, {
         "content-type": "text/html; charset=utf-8",