@lucern/contracts 0.1.1-alpha.1 → 0.1.2-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (151) hide show
  1. package/CHANGELOG.md +3 -0
  2. package/README.md +3 -0
  3. package/dist/agents/v1.d.ts +2 -0
  4. package/dist/agents/v1.js +3 -0
  5. package/dist/agents/v1.js.map +1 -0
  6. package/dist/api-enums.contract.d.ts +60 -0
  7. package/dist/api-enums.contract.js +160 -0
  8. package/dist/api-enums.contract.js.map +1 -0
  9. package/dist/auth-context.contract.d.ts +2 -0
  10. package/dist/auth-context.contract.js +48 -0
  11. package/dist/auth-context.contract.js.map +1 -0
  12. package/dist/auth-session.contract.d.ts +2 -0
  13. package/dist/auth-session.contract.js +48 -0
  14. package/dist/auth-session.contract.js.map +1 -0
  15. package/dist/auth.contract.d.ts +92 -0
  16. package/dist/auth.contract.js +48 -0
  17. package/dist/auth.contract.js.map +1 -0
  18. package/dist/beliefs/v1.d.ts +2 -0
  19. package/dist/beliefs/v1.js +3 -0
  20. package/dist/beliefs/v1.js.map +1 -0
  21. package/dist/context-pack.contract.d.ts +496 -0
  22. package/dist/context-pack.contract.js +98 -0
  23. package/dist/context-pack.contract.js.map +1 -0
  24. package/dist/convex-admin.contract.d.ts +7 -0
  25. package/dist/convex-admin.contract.js +3 -0
  26. package/dist/convex-admin.contract.js.map +1 -0
  27. package/dist/events-types.contract.d.ts +1 -0
  28. package/dist/events-types.contract.js +136 -0
  29. package/dist/events-types.contract.js.map +1 -0
  30. package/dist/events.contract.d.ts +178 -0
  31. package/dist/events.contract.js +136 -0
  32. package/dist/events.contract.js.map +1 -0
  33. package/dist/evidence/v1.d.ts +2 -0
  34. package/dist/evidence/v1.js +3 -0
  35. package/dist/evidence/v1.js.map +1 -0
  36. package/dist/gateway.contract.d.ts +79 -0
  37. package/dist/gateway.contract.js +12 -0
  38. package/dist/gateway.contract.js.map +1 -0
  39. package/dist/graph/v1.d.ts +2 -0
  40. package/dist/graph/v1.js +3 -0
  41. package/dist/graph/v1.js.map +1 -0
  42. package/dist/ids.contract.d.ts +9 -0
  43. package/{src/ids.contract.ts → dist/ids.contract.js} +10 -17
  44. package/dist/ids.contract.js.map +1 -0
  45. package/dist/index.d.ts +15 -2004
  46. package/dist/index.js +4 -105
  47. package/dist/index.js.map +1 -0
  48. package/dist/lens-filter.contract.d.ts +72 -0
  49. package/dist/lens-filter.contract.js +71 -0
  50. package/dist/lens-filter.contract.js.map +1 -0
  51. package/dist/lens-workflow.contract.d.ts +87 -0
  52. package/dist/lens-workflow.contract.js +123 -0
  53. package/dist/lens-workflow.contract.js.map +1 -0
  54. package/dist/mcp-tools.contract-D8kXcP6d.d.ts +254 -0
  55. package/dist/mcp-tools.contract.d.ts +1 -0
  56. package/dist/mcp-tools.contract.js +2986 -0
  57. package/dist/mcp-tools.contract.js.map +1 -0
  58. package/dist/ontologies/v1.d.ts +2 -0
  59. package/dist/ontologies/v1.js +3 -0
  60. package/dist/ontologies/v1.js.map +1 -0
  61. package/dist/ontology-matching.contract.d.ts +1 -0
  62. package/dist/ontology-matching.contract.js +346 -0
  63. package/dist/ontology-matching.contract.js.map +1 -0
  64. package/dist/prompt.contract.d.ts +26 -0
  65. package/dist/prompt.contract.js +12 -0
  66. package/dist/prompt.contract.js.map +1 -0
  67. package/dist/questions/v1.d.ts +2 -0
  68. package/dist/questions/v1.js +3 -0
  69. package/dist/questions/v1.js.map +1 -0
  70. package/dist/sdk-methods.contract.d.ts +362 -0
  71. package/dist/sdk-methods.contract.js +3 -0
  72. package/dist/sdk-methods.contract.js.map +1 -0
  73. package/dist/sdk-tools.contract-BnV0hKLp.d.ts +150 -0
  74. package/dist/sdk-tools.contract.d.ts +2 -0
  75. package/dist/sdk-tools.contract.js +4222 -0
  76. package/dist/sdk-tools.contract.js.map +1 -0
  77. package/dist/text-matching.contract.d.ts +55 -0
  78. package/{src/text-matching.contract.ts → dist/text-matching.contract.js} +36 -137
  79. package/dist/text-matching.contract.js.map +1 -0
  80. package/dist/topic-scope.contract.d.ts +1 -0
  81. package/{src/v1/topics/v1.ts → dist/topic-scope.contract.js} +13 -38
  82. package/dist/topic-scope.contract.js.map +1 -0
  83. package/dist/topics/v1.d.ts +2 -0
  84. package/dist/topics/v1.js +3 -0
  85. package/dist/topics/v1.js.map +1 -0
  86. package/dist/v1/agents/v1.d.ts +2 -0
  87. package/dist/v1/agents/v1.js +3 -0
  88. package/dist/v1/agents/v1.js.map +1 -0
  89. package/dist/v1/beliefs/v1.d.ts +2 -0
  90. package/dist/v1/beliefs/v1.js +3 -0
  91. package/dist/v1/beliefs/v1.js.map +1 -0
  92. package/dist/v1/evidence/v1.d.ts +2 -0
  93. package/dist/v1/evidence/v1.js +3 -0
  94. package/dist/v1/evidence/v1.js.map +1 -0
  95. package/dist/v1/graph/v1.d.ts +2 -0
  96. package/dist/v1/graph/v1.js +3 -0
  97. package/dist/v1/graph/v1.js.map +1 -0
  98. package/dist/v1/ontologies/v1.d.ts +78 -0
  99. package/dist/v1/ontologies/v1.js +346 -0
  100. package/dist/v1/ontologies/v1.js.map +1 -0
  101. package/dist/v1/questions/v1.d.ts +2 -0
  102. package/dist/v1/questions/v1.js +3 -0
  103. package/dist/v1/questions/v1.js.map +1 -0
  104. package/dist/v1/topics/v1.d.ts +21 -0
  105. package/dist/v1/topics/v1.js +54 -0
  106. package/dist/v1/topics/v1.js.map +1 -0
  107. package/dist/v1/worktrees/v1.d.ts +2 -0
  108. package/dist/v1/worktrees/v1.js +3 -0
  109. package/dist/v1/worktrees/v1.js.map +1 -0
  110. package/dist/workflow-runtime.contract.d.ts +163 -0
  111. package/dist/workflow-runtime.contract.js +245 -0
  112. package/dist/workflow-runtime.contract.js.map +1 -0
  113. package/dist/worktrees/v1.d.ts +2 -0
  114. package/dist/worktrees/v1.js +3 -0
  115. package/dist/worktrees/v1.js.map +1 -0
  116. package/package.json +23 -7
  117. package/src/agents/v1.ts +0 -8
  118. package/src/api-enums.contract.ts +0 -183
  119. package/src/auth-context.contract.ts +0 -9
  120. package/src/auth-session.contract.ts +0 -9
  121. package/src/auth.contract.ts +0 -162
  122. package/src/beliefs/v1.ts +0 -8
  123. package/src/context-pack.contract.ts +0 -704
  124. package/src/convex-admin.contract.ts +0 -14
  125. package/src/events-types.contract.ts +0 -9
  126. package/src/events.contract.ts +0 -376
  127. package/src/evidence/v1.ts +0 -8
  128. package/src/gateway.contract.ts +0 -151
  129. package/src/graph/v1.ts +0 -8
  130. package/src/index.ts +0 -30
  131. package/src/lens-filter.contract.ts +0 -183
  132. package/src/lens-workflow.contract.ts +0 -162
  133. package/src/mcp-tools.contract.ts +0 -3636
  134. package/src/ontologies/v1.ts +0 -8
  135. package/src/ontology-matching.contract.ts +0 -9
  136. package/src/prompt.contract.ts +0 -50
  137. package/src/questions/v1.ts +0 -8
  138. package/src/sdk-methods.contract.ts +0 -522
  139. package/src/sdk-tools.contract.ts +0 -1545
  140. package/src/topic-scope.contract.ts +0 -9
  141. package/src/topics/v1.ts +0 -8
  142. package/src/v1/agents/v1.ts +0 -8
  143. package/src/v1/beliefs/v1.ts +0 -8
  144. package/src/v1/evidence/v1.ts +0 -8
  145. package/src/v1/graph/v1.ts +0 -8
  146. package/src/v1/ontologies/v1.ts +0 -276
  147. package/src/v1/questions/v1.ts +0 -8
  148. package/src/v1/worktrees/v1.ts +0 -8
  149. package/src/workflow-runtime.contract.ts +0 -440
  150. package/src/worktrees/v1.ts +0 -8
  151. package/tsconfig.json +0 -9
package/CHANGELOG.md ADDED
@@ -0,0 +1,3 @@
1
+ # Changelog
2
+
3
+ All notable changes to `@lucern/contracts` are tracked in this repository.
package/README.md ADDED
@@ -0,0 +1,3 @@
1
+ # @lucern/contracts
2
+
3
+ Machine-readable Lucern contracts for the public SDK, gateway, and MCP surfaces.
@@ -0,0 +1,2 @@
1
+
2
+ export { }
@@ -0,0 +1,3 @@
1
+
2
+ //# sourceMappingURL=v1.js.map
3
+ //# sourceMappingURL=v1.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":[],"names":[],"mappings":"","file":"v1.js"}
@@ -0,0 +1,60 @@
1
+ /**
2
+ * API Enum Contract Definitions
3
+ *
4
+ * Canonical enum values for all API-facing enumerations.
5
+ * These are co-equal with MCP contracts as external contracts.
6
+ * SDK types are DERIVED from these — not independently authored.
7
+ *
8
+ * CONTRACT SURFACE: Adding a new enum value is additive (non-breaking).
9
+ * Removing or renaming an existing value is a BREAKING CHANGE.
10
+ */
11
+ /** Fork reasons — why a scored belief was branched */
12
+ declare const FORK_REASONS: readonly ["refinement", "contradiction_response", "scope_change", "confidence_collapse", "manual"];
13
+ type ForkReason = (typeof FORK_REASONS)[number];
14
+ /** Confidence modulation triggers — what caused a confidence change */
15
+ declare const CONFIDENCE_TRIGGERS: readonly ["evidence_added", "contradiction_detected", "merge_outcome", "manual", "decay"];
16
+ type ConfidenceTrigger = (typeof CONFIDENCE_TRIGGERS)[number];
17
+ /** Belief status — lifecycle state */
18
+ declare const BELIEF_STATUSES: readonly ["unscored", "scored", "archived"];
19
+ type BeliefStatus = (typeof BELIEF_STATUSES)[number];
20
+ /** Reasoning methods — how an edge relationship was determined */
21
+ declare const REASONING_METHODS: readonly ["deductive", "inductive", "abductive", "analogical", "empirical"];
22
+ type ReasoningMethod = (typeof REASONING_METHODS)[number];
23
+ /** Defeat types (Pollock taxonomy) — how a contradiction operates */
24
+ declare const DEFEAT_TYPES: readonly ["rebuts", "undercuts", "undermines"];
25
+ type DefeatType = (typeof DEFEAT_TYPES)[number];
26
+ /** Contradiction severity levels */
27
+ declare const CONTRADICTION_SEVERITIES: readonly ["low", "medium", "high", "critical"];
28
+ type ContradictionSeverity = (typeof CONTRADICTION_SEVERITIES)[number];
29
+ /** Contradiction resolution status */
30
+ declare const CONTRADICTION_STATUSES: readonly ["unresolved", "resolved", "accepted"];
31
+ type ContradictionStatus = (typeof CONTRADICTION_STATUSES)[number];
32
+ /** Merge outcome types — how a worktree merge resolved */
33
+ declare const MERGE_OUTCOMES: readonly ["validated", "invalidated", "forked", "inconclusive"];
34
+ type MergeOutcome = (typeof MERGE_OUTCOMES)[number];
35
+ /** Worktree phases — investigation lifecycle within a checked-out worktree */
36
+ declare const WORKTREE_PHASES: readonly ["hypothesis", "investigation", "evaluation", "resolution"];
37
+ type WorktreePhase = (typeof WORKTREE_PHASES)[number];
38
+ /** Branch status — thematic branch lifecycle */
39
+ declare const BRANCH_STATUSES: readonly ["dormant", "active", "archived"];
40
+ type BranchStatus = (typeof BRANCH_STATUSES)[number];
41
+ /** Pull request status — review lifecycle before merge */
42
+ declare const PULL_REQUEST_STATUSES: readonly ["pending_review", "changes_requested", "approved", "blocked"];
43
+ type PullRequestStatus = (typeof PULL_REQUEST_STATUSES)[number];
44
+ /** Epistemic layers — the hierarchy of knowledge */
45
+ declare const EPISTEMIC_LAYERS: readonly ["L1", "L2", "L3", "L4"];
46
+ type EpistemicLayer = (typeof EPISTEMIC_LAYERS)[number];
47
+ /**
48
+ * Judgment type — classification of the determination.
49
+ *
50
+ * Phase 1: These are new enum values for the Judgment (L4) vocabulary.
51
+ * The existing code uses "Decision" — these are the forward-looking terms
52
+ * that will eventually replace the Decision vocabulary (Phase 2-3).
53
+ */
54
+ declare const JUDGMENT_TYPES: readonly ["investment_thesis", "thesis_maturity", "contradiction_ruling", "scope_determination", "confidence_ruling"];
55
+ type JudgmentType = (typeof JUDGMENT_TYPES)[number];
56
+ /** Core edge types used in the Integration Surfaces */
57
+ declare const INTEGRATION_EDGE_TYPES: readonly ["informs", "grounds", "answers", "contradicts", "supports", "depends_on", "derived_from", "contains", "supersedes", "tests"];
58
+ type IntegrationEdgeType = (typeof INTEGRATION_EDGE_TYPES)[number];
59
+
60
+ export { BELIEF_STATUSES, BRANCH_STATUSES, type BeliefStatus, type BranchStatus, CONFIDENCE_TRIGGERS, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, type ConfidenceTrigger, type ContradictionSeverity, type ContradictionStatus, DEFEAT_TYPES, type DefeatType, EPISTEMIC_LAYERS, type EpistemicLayer, FORK_REASONS, type ForkReason, INTEGRATION_EDGE_TYPES, type IntegrationEdgeType, JUDGMENT_TYPES, type JudgmentType, MERGE_OUTCOMES, type MergeOutcome, PULL_REQUEST_STATUSES, type PullRequestStatus, REASONING_METHODS, type ReasoningMethod, WORKTREE_PHASES, type WorktreePhase };
@@ -0,0 +1,160 @@
1
+ // src/api-enums.contract.ts
2
+ var FORK_REASONS = [
3
+ "refinement",
4
+ // Belief text evolved based on new understanding
5
+ "contradiction_response",
6
+ // Created in response to a detected contradiction
7
+ "scope_change",
8
+ // Belief scope narrowed or broadened
9
+ "confidence_collapse",
10
+ // Confidence dropped below viability threshold
11
+ "manual"
12
+ // User-initiated fork without specific trigger
13
+ ];
14
+ var CONFIDENCE_TRIGGERS = [
15
+ "evidence_added",
16
+ // New evidence bore on the belief
17
+ "contradiction_detected",
18
+ // A contradiction was flagged involving this belief
19
+ "merge_outcome",
20
+ // Merge scoring determined this confidence
21
+ "manual",
22
+ // User manually adjusted confidence
23
+ "decay"
24
+ // Time-based confidence erosion
25
+ ];
26
+ var BELIEF_STATUSES = [
27
+ "unscored",
28
+ // Draft — editable in worktree (on feature branch, pre-merge)
29
+ "scored",
30
+ // Merged — formulation frozen (merged to main)
31
+ "archived"
32
+ // Soft-deleted — preserved in history (git rm)
33
+ ];
34
+ var REASONING_METHODS = [
35
+ "deductive",
36
+ // Logically entailed
37
+ "inductive",
38
+ // Generalized from instances
39
+ "abductive",
40
+ // Best explanation inference
41
+ "analogical",
42
+ // Reasoning by analogy
43
+ "empirical"
44
+ // Direct observation/measurement
45
+ ];
46
+ var DEFEAT_TYPES = [
47
+ "rebuts",
48
+ // Direct contradiction — reasons for the negation
49
+ "undercuts",
50
+ // Breaks the inference link between evidence and belief
51
+ "undermines"
52
+ // Attacks a premise the belief depends on
53
+ ];
54
+ var CONTRADICTION_SEVERITIES = [
55
+ "low",
56
+ // Minor tension, may not require action
57
+ "medium",
58
+ // Moderate conflict, should be investigated
59
+ "high",
60
+ // Significant contradiction, likely needs resolution
61
+ "critical"
62
+ // Blocks progress — must be addressed before judgment
63
+ ];
64
+ var CONTRADICTION_STATUSES = [
65
+ "unresolved",
66
+ // Open conflict — may persist indefinitely
67
+ "resolved",
68
+ // Conflict addressed (one belief forked, archived, or confidence adjusted)
69
+ "accepted"
70
+ // Explicitly accepted as irreconcilable — both beliefs maintained
71
+ ];
72
+ var MERGE_OUTCOMES = [
73
+ "validated",
74
+ // Beliefs confirmed — clean merge to main
75
+ "invalidated",
76
+ // Defeat recorded — confidence collapsed (merge with revert)
77
+ "forked",
78
+ // Beliefs split into competing versions (fork from merge point)
79
+ "inconclusive"
80
+ // Insufficient evidence — stashed (git stash)
81
+ ];
82
+ var WORKTREE_PHASES = [
83
+ "hypothesis",
84
+ // Form testable claims (write the code — commits)
85
+ "investigation",
86
+ // Collect evidence (run the tests — more commits)
87
+ "evaluation",
88
+ // Update credences (review the results — amend as needed)
89
+ "resolution"
90
+ // Determine outcome (merge to main, fork, or stash)
91
+ ];
92
+ var BRANCH_STATUSES = [
93
+ "dormant",
94
+ // Branch exists but no active worktree (no one investigating)
95
+ "active",
96
+ // At least one worktree is investigating this branch
97
+ "archived"
98
+ // Branch retired — no longer a relevant thematic container
99
+ ];
100
+ var PULL_REQUEST_STATUSES = [
101
+ "pending_review",
102
+ // PR opened — awaiting reviewer feedback
103
+ "changes_requested",
104
+ // Reviewer requests changes before merge
105
+ "approved",
106
+ // Approved — ready to merge
107
+ "blocked"
108
+ // Blocked — cannot merge until contradiction is resolved
109
+ ];
110
+ var EPISTEMIC_LAYERS = [
111
+ "L1",
112
+ // Source — the given (vendored deps)
113
+ "L2",
114
+ // Evidence — the interpreted (test suite)
115
+ "L3",
116
+ // Belief — the structural (source files)
117
+ "L4"
118
+ // Judgment — the committed (release tags)
119
+ ];
120
+ var JUDGMENT_TYPES = [
121
+ "investment_thesis",
122
+ // Judgment on an investment opportunity
123
+ "thesis_maturity",
124
+ // Judgment that a thesis is ready for IC presentation
125
+ "contradiction_ruling",
126
+ // Judgment on how to handle an irreconcilable contradiction
127
+ "scope_determination",
128
+ // Judgment that defines or redefines investigation scope
129
+ "confidence_ruling"
130
+ // Judgment that overrides automated confidence for policy reasons
131
+ ];
132
+ var INTEGRATION_EDGE_TYPES = [
133
+ // Support relations
134
+ "informs",
135
+ // Evidence bears on a belief (weight = direction/strength)
136
+ "grounds",
137
+ // Source provides raw basis for evidence
138
+ "answers",
139
+ // Evidence or belief resolves a question
140
+ // Defeat relations (Pollock) — weight carries direction
141
+ "contradicts",
142
+ // Rebuts — direct contradiction
143
+ "supports",
144
+ // Weight carries valence (negative = weakens/undercuts)
145
+ // Structural relations
146
+ "depends_on",
147
+ // Belief B requires Belief A
148
+ "derived_from",
149
+ // Provenance lineage
150
+ "contains",
151
+ // Hierarchical containment
152
+ "supersedes",
153
+ // New version replaces old (lineage)
154
+ "tests"
155
+ // Question tests a belief
156
+ ];
157
+
158
+ export { BELIEF_STATUSES, BRANCH_STATUSES, CONFIDENCE_TRIGGERS, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, DEFEAT_TYPES, EPISTEMIC_LAYERS, FORK_REASONS, INTEGRATION_EDGE_TYPES, JUDGMENT_TYPES, MERGE_OUTCOMES, PULL_REQUEST_STATUSES, REASONING_METHODS, WORKTREE_PHASES };
159
+ //# sourceMappingURL=api-enums.contract.js.map
160
+ //# sourceMappingURL=api-enums.contract.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/api-enums.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,YAAA,GAAe;AAAA,EAC1B,YAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,cAAA;AAAA;AAAA,EACA,qBAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,mBAAA,GAAsB;AAAA,EACjC,gBAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,eAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,eAAA,GAAkB;AAAA,EAC7B,UAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,iBAAA,GAAoB;AAAA,EAC/B,WAAA;AAAA;AAAA,EACA,WAAA;AAAA;AAAA,EACA,WAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,YAAA,GAAe;AAAA,EAC1B,QAAA;AAAA;AAAA,EACA,WAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,wBAAA,GAA2B;AAAA,EACtC,KAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA,MAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,sBAAA,GAAyB;AAAA,EACpC,YAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,cAAA,GAAiB;AAAA,EAC5B,WAAA;AAAA;AAAA,EACA,aAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,eAAA,GAAkB;AAAA,EAC7B,YAAA;AAAA;AAAA,EACA,eAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,eAAA,GAAkB;AAAA,EAC7B,SAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,qBAAA,GAAwB;AAAA,EACnC,gBAAA;AAAA;AAAA,EACA,mBAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,gBAAA,GAAmB;AAAA,EAC9B,IAAA;AAAA;AAAA,EACA,IAAA;AAAA;AAAA,EACA,IAAA;AAAA;AAAA,EACA;AAAA;AACF;AAcO,IAAM,cAAA,GAAiB;AAAA,EAC5B,mBAAA;AAAA;AAAA,EACA,iBAAA;AAAA;AAAA,EACA,sBAAA;AAAA;AAAA,EACA,qBAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,sBAAA,GAAyB;AAAA;AAAA,EAEpC,SAAA;AAAA;AAAA,EACA,SAAA;AAAA;AAAA,EACA,SAAA;AAAA;AAAA;AAAA,EAEA,aAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA;AAAA,EAEA,YAAA;AAAA;AAAA,EACA,cAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA,EACA;AAAA;AACF","file":"api-enums.contract.js","sourcesContent":["/**\n * API Enum Contract Definitions\n *\n * Canonical enum values for all API-facing enumerations.\n * These are co-equal with MCP contracts as external contracts.\n * SDK types are DERIVED from these — not independently authored.\n *\n * CONTRACT SURFACE: Adding a new enum value is additive (non-breaking).\n * Removing or renaming an existing value is a BREAKING CHANGE.\n */\n\n// =============================================================================\n// BELIEF ENUMS\n// =============================================================================\n\n/** Fork reasons — why a scored belief was branched */\nexport const FORK_REASONS = [\n \"refinement\", // Belief text evolved based on new understanding\n \"contradiction_response\", // Created in response to a detected contradiction\n \"scope_change\", // Belief scope narrowed or broadened\n \"confidence_collapse\", // Confidence dropped below viability threshold\n \"manual\", // User-initiated fork without specific trigger\n] as const;\nexport type ForkReason = (typeof FORK_REASONS)[number];\n\n/** Confidence modulation triggers — what caused a confidence change */\nexport const CONFIDENCE_TRIGGERS = [\n \"evidence_added\", // New evidence bore on the belief\n \"contradiction_detected\", // A contradiction was flagged involving this belief\n \"merge_outcome\", // Merge scoring determined this confidence\n \"manual\", // User manually adjusted confidence\n \"decay\", // Time-based confidence erosion\n] as const;\nexport type ConfidenceTrigger = (typeof CONFIDENCE_TRIGGERS)[number];\n\n/** Belief status — lifecycle state */\nexport const BELIEF_STATUSES = [\n \"unscored\", // Draft — editable in worktree (on feature branch, pre-merge)\n \"scored\", // Merged — formulation frozen (merged to main)\n \"archived\", // Soft-deleted — preserved in history (git rm)\n] as const;\nexport type BeliefStatus = (typeof BELIEF_STATUSES)[number];\n\n// =============================================================================\n// EDGE ENUMS\n// =============================================================================\n\n/** Reasoning methods — how an edge relationship was determined */\nexport const REASONING_METHODS = [\n \"deductive\", // Logically entailed\n \"inductive\", // Generalized from instances\n \"abductive\", // Best explanation inference\n \"analogical\", // Reasoning by analogy\n \"empirical\", // Direct observation/measurement\n] as const;\nexport type ReasoningMethod = (typeof REASONING_METHODS)[number];\n\n/** Defeat types (Pollock taxonomy) — how a contradiction operates */\nexport const DEFEAT_TYPES = [\n \"rebuts\", // Direct contradiction — reasons for the negation\n \"undercuts\", // Breaks the inference link between evidence and belief\n \"undermines\", // Attacks a premise the belief depends on\n] as const;\nexport type DefeatType = (typeof DEFEAT_TYPES)[number];\n\n/** Contradiction severity levels */\nexport const CONTRADICTION_SEVERITIES = [\n \"low\", // Minor tension, may not require action\n \"medium\", // Moderate conflict, should be investigated\n \"high\", // Significant contradiction, likely needs resolution\n \"critical\", // Blocks progress — must be addressed before judgment\n] as const;\nexport type ContradictionSeverity = (typeof CONTRADICTION_SEVERITIES)[number];\n\n/** Contradiction resolution status */\nexport const CONTRADICTION_STATUSES = [\n \"unresolved\", // Open conflict — may persist indefinitely\n \"resolved\", // Conflict addressed (one belief forked, archived, or confidence adjusted)\n \"accepted\", // Explicitly accepted as irreconcilable — both beliefs maintained\n] as const;\nexport type ContradictionStatus = (typeof CONTRADICTION_STATUSES)[number];\n\n// =============================================================================\n// WORKTREE ENUMS (git worktree lifecycle)\n// =============================================================================\n\n/** Merge outcome types — how a worktree merge resolved */\nexport const MERGE_OUTCOMES = [\n \"validated\", // Beliefs confirmed — clean merge to main\n \"invalidated\", // Defeat recorded — confidence collapsed (merge with revert)\n \"forked\", // Beliefs split into competing versions (fork from merge point)\n \"inconclusive\", // Insufficient evidence — stashed (git stash)\n] as const;\nexport type MergeOutcome = (typeof MERGE_OUTCOMES)[number];\n\n/** Worktree phases — investigation lifecycle within a checked-out worktree */\nexport const WORKTREE_PHASES = [\n \"hypothesis\", // Form testable claims (write the code — commits)\n \"investigation\", // Collect evidence (run the tests — more commits)\n \"evaluation\", // Update credences (review the results — amend as needed)\n \"resolution\", // Determine outcome (merge to main, fork, or stash)\n] as const;\nexport type WorktreePhase = (typeof WORKTREE_PHASES)[number];\n\n// =============================================================================\n// BRANCH ENUMS (git branch lifecycle)\n// =============================================================================\n\n/** Branch status — thematic branch lifecycle */\nexport const BRANCH_STATUSES = [\n \"dormant\", // Branch exists but no active worktree (no one investigating)\n \"active\", // At least one worktree is investigating this branch\n \"archived\", // Branch retired — no longer a relevant thematic container\n] as const;\nexport type BranchStatus = (typeof BRANCH_STATUSES)[number];\n\n// =============================================================================\n// PULL REQUEST ENUMS (git pull request lifecycle)\n// =============================================================================\n\n/** Pull request status — review lifecycle before merge */\nexport const PULL_REQUEST_STATUSES = [\n \"pending_review\", // PR opened — awaiting reviewer feedback\n \"changes_requested\", // Reviewer requests changes before merge\n \"approved\", // Approved — ready to merge\n \"blocked\", // Blocked — cannot merge until contradiction is resolved\n] as const;\nexport type PullRequestStatus = (typeof PULL_REQUEST_STATUSES)[number];\n\n// =============================================================================\n// LAYER ENUMS\n// =============================================================================\n\n/** Epistemic layers — the hierarchy of knowledge */\nexport const EPISTEMIC_LAYERS = [\n \"L1\", // Source — the given (vendored deps)\n \"L2\", // Evidence — the interpreted (test suite)\n \"L3\", // Belief — the structural (source files)\n \"L4\", // Judgment — the committed (release tags)\n] as const;\nexport type EpistemicLayer = (typeof EPISTEMIC_LAYERS)[number];\n\n// =============================================================================\n// JUDGMENT ENUMS (Phase 1: new vocabulary)\n// =============================================================================\n\n/**\n * Judgment type — classification of the determination.\n *\n * Phase 1: These are new enum values for the Judgment (L4) vocabulary.\n * The existing code uses \"Decision\" — these are the forward-looking terms\n * that will eventually replace the Decision vocabulary (Phase 2-3).\n */\nexport const JUDGMENT_TYPES = [\n \"investment_thesis\", // Judgment on an investment opportunity\n \"thesis_maturity\", // Judgment that a thesis is ready for IC presentation\n \"contradiction_ruling\", // Judgment on how to handle an irreconcilable contradiction\n \"scope_determination\", // Judgment that defines or redefines investigation scope\n \"confidence_ruling\", // Judgment that overrides automated confidence for policy reasons\n] as const;\nexport type JudgmentType = (typeof JUDGMENT_TYPES)[number];\n\n// =============================================================================\n// SUPPORT RELATION ENUMS\n// =============================================================================\n\n/** Core edge types used in the Integration Surfaces */\nexport const INTEGRATION_EDGE_TYPES = [\n // Support relations\n \"informs\", // Evidence bears on a belief (weight = direction/strength)\n \"grounds\", // Source provides raw basis for evidence\n \"answers\", // Evidence or belief resolves a question\n // Defeat relations (Pollock) — weight carries direction\n \"contradicts\", // Rebuts — direct contradiction\n \"supports\", // Weight carries valence (negative = weakens/undercuts)\n // Structural relations\n \"depends_on\", // Belief B requires Belief A\n \"derived_from\", // Provenance lineage\n \"contains\", // Hierarchical containment\n \"supersedes\", // New version replaces old (lineage)\n \"tests\", // Question tests a belief\n] as const;\nexport type IntegrationEdgeType = (typeof INTEGRATION_EDGE_TYPES)[number];\n"]}
@@ -0,0 +1,2 @@
1
+ export { AuthContext, LucernSdkClient, McpTransportKind, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SessionAuditEnvelope, SessionAuditOutcome, SessionAuthMode, SessionDelegationHop, SessionLifecycleStatus, SessionPrincipalType, inferSessionPrincipalType, lastDelegator, normalizeDelegationChain } from './auth.contract.js';
2
+ import './convex-admin.contract.js';
@@ -0,0 +1,48 @@
1
+ // src/auth.contract.ts
2
+ var SESSION_AUTH_MODES = [
3
+ "interactive_user",
4
+ "service_principal",
5
+ "tenant_api_key",
6
+ "session_token"
7
+ ];
8
+ var SESSION_PRINCIPAL_TYPES = ["human", "service", "agent"];
9
+ var SESSION_LIFECYCLE_STATUSES = [
10
+ "active",
11
+ "expired",
12
+ "revoked"
13
+ ];
14
+ function inferSessionPrincipalType(principalId) {
15
+ if (principalId.startsWith("user:")) {
16
+ return "human";
17
+ }
18
+ if (principalId.startsWith("agent:")) {
19
+ return "agent";
20
+ }
21
+ return "service";
22
+ }
23
+ function normalizeDelegationChain(args) {
24
+ if (args.delegationChain && args.delegationChain.length > 0) {
25
+ return [...args.delegationChain];
26
+ }
27
+ if (!args.delegatedBy) {
28
+ return;
29
+ }
30
+ return [
31
+ {
32
+ principalId: args.delegatedBy,
33
+ principalType: args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),
34
+ delegatedAt: args.delegatedAt,
35
+ reason: args.reason
36
+ }
37
+ ];
38
+ }
39
+ function lastDelegator(delegationChain) {
40
+ if (!delegationChain || delegationChain.length === 0) {
41
+ return;
42
+ }
43
+ return delegationChain[delegationChain.length - 1]?.principalId;
44
+ }
45
+
46
+ export { SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, inferSessionPrincipalType, lastDelegator, normalizeDelegationChain };
47
+ //# sourceMappingURL=auth-context.contract.js.map
48
+ //# sourceMappingURL=auth-context.contract.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/auth.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,kBAAA,GAAqB;AAAA,EAChC,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B,CAAC,OAAA,EAAS,SAAA,EAAW,OAAO;AAG5D,IAAM,0BAAA,GAA6B;AAAA,EACxC,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AA2CO,SAAS,0BACd,WAAA,EACsB;AACtB,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,EAAG;AACnC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAMF;AACrC,EAAA,IAAI,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,eAAe,CAAA;AAAA,EACjC;AACA,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL;AAAA,MACE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAA,EACE,IAAA,CAAK,eAAA,IAAmB,yBAAA,CAA0B,KAAK,WAAW,CAAA;AAAA,MACpE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,QAAQ,IAAA,CAAK;AAAA;AACf,GACF;AACF;AAEO,SAAS,cACd,eAAA,EACoB;AACpB,EAAA,IAAI,CAAC,eAAA,IAAmB,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AACpD,IAAA;AAAA,EACF;AACA,EAAA,OAAO,eAAA,CAAgB,eAAA,CAAgB,MAAA,GAAS,CAAC,CAAA,EAAG,WAAA;AACtD","file":"auth-context.contract.js","sourcesContent":["/**\n * @lucern/contracts — auth (canonical support contract)\n *\n * Consolidated flat support surface for Lucern authentication:\n * - Session primitives (auth modes, principal types, lifecycle)\n * - AuthContext shape + McpTransportKind + LucernSdkClient alias\n *\n * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts\n * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).\n */\n\n// =============================================================================\n// SESSION PRIMITIVES\n// (Formerly src/auth-session.contract.ts)\n// =============================================================================\n\nexport const SESSION_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const;\nexport type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];\n\nexport const SESSION_PRINCIPAL_TYPES = [\"human\", \"service\", \"agent\"] as const;\nexport type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];\n\nexport const SESSION_LIFECYCLE_STATUSES = [\n \"active\",\n \"expired\",\n \"revoked\",\n] as const;\nexport type SessionLifecycleStatus =\n (typeof SESSION_LIFECYCLE_STATUSES)[number];\n\nexport type SessionDelegationHop = {\n principalId: string;\n principalType: SessionPrincipalType;\n authMode?: SessionAuthMode;\n sessionId?: string;\n delegatedAt?: number;\n reason?: string;\n};\n\nexport type SessionAuditOutcome =\n | \"accepted\"\n | \"rejected\"\n | \"revoked\"\n | \"expired\";\n\nexport type SessionAuditEnvelope = {\n sessionId: string;\n authMode: SessionAuthMode;\n principalId: string;\n principalType: SessionPrincipalType;\n tenantId: string;\n workspaceId?: string;\n apiKeyId?: string;\n scopes: readonly string[];\n roles?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n sourceSessionId?: string;\n expiresAt?: number;\n request?: {\n endpoint?: string;\n method?: string;\n correlationId?: string;\n };\n result?: {\n outcome: SessionAuditOutcome;\n reason?: string;\n };\n};\n\nexport function inferSessionPrincipalType(\n principalId: string\n): SessionPrincipalType {\n if (principalId.startsWith(\"user:\")) {\n return \"human\";\n }\n if (principalId.startsWith(\"agent:\")) {\n return \"agent\";\n }\n return \"service\";\n}\n\nexport function normalizeDelegationChain(args: {\n delegationChain?: readonly SessionDelegationHop[];\n delegatedBy?: string;\n delegatedByType?: SessionPrincipalType;\n delegatedAt?: number;\n reason?: string;\n}): SessionDelegationHop[] | undefined {\n if (args.delegationChain && args.delegationChain.length > 0) {\n return [...args.delegationChain];\n }\n if (!args.delegatedBy) {\n return;\n }\n return [\n {\n principalId: args.delegatedBy,\n principalType:\n args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),\n delegatedAt: args.delegatedAt,\n reason: args.reason,\n },\n ];\n}\n\nexport function lastDelegator(\n delegationChain?: readonly SessionDelegationHop[]\n): string | undefined {\n if (!delegationChain || delegationChain.length === 0) {\n return;\n }\n return delegationChain[delegationChain.length - 1]?.principalId;\n}\n\n// =============================================================================\n// AUTH CONTEXT\n// (Formerly src/auth-context.contract.ts)\n// =============================================================================\n\nimport type { ConvexAdminClient } from \"./convex-admin.contract\";\n\nexport type McpTransportKind = \"stdio\" | \"hosted\";\n\nexport type LucernSdkClient = unknown;\n\n/**\n * Session authentication context — injected by withAuth() middleware.\n *\n * Built from TenantConfig at dispatch time. Agent sessions get\n * AGENT_IDENTITY + \"agent:internal\" role + unrestricted access.\n * User sessions get Clerk userId + resolved role + tool ACLs.\n */\nexport type AuthContext = {\n sessionType: \"agent\" | \"user\";\n userId: string; // AGENT_IDENTITY for agents, Clerk userId for users\n tenantId: string;\n role: string; // \"agent:internal\" | \"platform_admin\" | \"tenant_admin\" | \"editor\" | \"viewer\" | ...\n allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.\n // Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess\n groupIds: string[]; // Groups this user belongs to (empty for agents)\n permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)\n sessionId: string; // S2-13K: MCP process session UUID for audit attribution\n principalId?: string;\n principalType?: SessionPrincipalType;\n workspaceId?: string;\n scopes?: string[];\n authMode?: SessionAuthMode;\n roles?: string[];\n transportKind?: McpTransportKind;\n lucernClient?: LucernSdkClient;\n convex?: ConvexAdminClient;\n setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;\n matchesWorkspaceReasoningScope?: (\n node: unknown,\n scope: unknown\n ) => boolean;\n};\n"]}
@@ -0,0 +1,2 @@
1
+ export { AuthContext, LucernSdkClient, McpTransportKind, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SessionAuditEnvelope, SessionAuditOutcome, SessionAuthMode, SessionDelegationHop, SessionLifecycleStatus, SessionPrincipalType, inferSessionPrincipalType, lastDelegator, normalizeDelegationChain } from './auth.contract.js';
2
+ import './convex-admin.contract.js';
@@ -0,0 +1,48 @@
1
+ // src/auth.contract.ts
2
+ var SESSION_AUTH_MODES = [
3
+ "interactive_user",
4
+ "service_principal",
5
+ "tenant_api_key",
6
+ "session_token"
7
+ ];
8
+ var SESSION_PRINCIPAL_TYPES = ["human", "service", "agent"];
9
+ var SESSION_LIFECYCLE_STATUSES = [
10
+ "active",
11
+ "expired",
12
+ "revoked"
13
+ ];
14
+ function inferSessionPrincipalType(principalId) {
15
+ if (principalId.startsWith("user:")) {
16
+ return "human";
17
+ }
18
+ if (principalId.startsWith("agent:")) {
19
+ return "agent";
20
+ }
21
+ return "service";
22
+ }
23
+ function normalizeDelegationChain(args) {
24
+ if (args.delegationChain && args.delegationChain.length > 0) {
25
+ return [...args.delegationChain];
26
+ }
27
+ if (!args.delegatedBy) {
28
+ return;
29
+ }
30
+ return [
31
+ {
32
+ principalId: args.delegatedBy,
33
+ principalType: args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),
34
+ delegatedAt: args.delegatedAt,
35
+ reason: args.reason
36
+ }
37
+ ];
38
+ }
39
+ function lastDelegator(delegationChain) {
40
+ if (!delegationChain || delegationChain.length === 0) {
41
+ return;
42
+ }
43
+ return delegationChain[delegationChain.length - 1]?.principalId;
44
+ }
45
+
46
+ export { SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, inferSessionPrincipalType, lastDelegator, normalizeDelegationChain };
47
+ //# sourceMappingURL=auth-session.contract.js.map
48
+ //# sourceMappingURL=auth-session.contract.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/auth.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,kBAAA,GAAqB;AAAA,EAChC,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B,CAAC,OAAA,EAAS,SAAA,EAAW,OAAO;AAG5D,IAAM,0BAAA,GAA6B;AAAA,EACxC,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AA2CO,SAAS,0BACd,WAAA,EACsB;AACtB,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,EAAG;AACnC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAMF;AACrC,EAAA,IAAI,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,eAAe,CAAA;AAAA,EACjC;AACA,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL;AAAA,MACE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAA,EACE,IAAA,CAAK,eAAA,IAAmB,yBAAA,CAA0B,KAAK,WAAW,CAAA;AAAA,MACpE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,QAAQ,IAAA,CAAK;AAAA;AACf,GACF;AACF;AAEO,SAAS,cACd,eAAA,EACoB;AACpB,EAAA,IAAI,CAAC,eAAA,IAAmB,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AACpD,IAAA;AAAA,EACF;AACA,EAAA,OAAO,eAAA,CAAgB,eAAA,CAAgB,MAAA,GAAS,CAAC,CAAA,EAAG,WAAA;AACtD","file":"auth-session.contract.js","sourcesContent":["/**\n * @lucern/contracts — auth (canonical support contract)\n *\n * Consolidated flat support surface for Lucern authentication:\n * - Session primitives (auth modes, principal types, lifecycle)\n * - AuthContext shape + McpTransportKind + LucernSdkClient alias\n *\n * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts\n * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).\n */\n\n// =============================================================================\n// SESSION PRIMITIVES\n// (Formerly src/auth-session.contract.ts)\n// =============================================================================\n\nexport const SESSION_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const;\nexport type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];\n\nexport const SESSION_PRINCIPAL_TYPES = [\"human\", \"service\", \"agent\"] as const;\nexport type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];\n\nexport const SESSION_LIFECYCLE_STATUSES = [\n \"active\",\n \"expired\",\n \"revoked\",\n] as const;\nexport type SessionLifecycleStatus =\n (typeof SESSION_LIFECYCLE_STATUSES)[number];\n\nexport type SessionDelegationHop = {\n principalId: string;\n principalType: SessionPrincipalType;\n authMode?: SessionAuthMode;\n sessionId?: string;\n delegatedAt?: number;\n reason?: string;\n};\n\nexport type SessionAuditOutcome =\n | \"accepted\"\n | \"rejected\"\n | \"revoked\"\n | \"expired\";\n\nexport type SessionAuditEnvelope = {\n sessionId: string;\n authMode: SessionAuthMode;\n principalId: string;\n principalType: SessionPrincipalType;\n tenantId: string;\n workspaceId?: string;\n apiKeyId?: string;\n scopes: readonly string[];\n roles?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n sourceSessionId?: string;\n expiresAt?: number;\n request?: {\n endpoint?: string;\n method?: string;\n correlationId?: string;\n };\n result?: {\n outcome: SessionAuditOutcome;\n reason?: string;\n };\n};\n\nexport function inferSessionPrincipalType(\n principalId: string\n): SessionPrincipalType {\n if (principalId.startsWith(\"user:\")) {\n return \"human\";\n }\n if (principalId.startsWith(\"agent:\")) {\n return \"agent\";\n }\n return \"service\";\n}\n\nexport function normalizeDelegationChain(args: {\n delegationChain?: readonly SessionDelegationHop[];\n delegatedBy?: string;\n delegatedByType?: SessionPrincipalType;\n delegatedAt?: number;\n reason?: string;\n}): SessionDelegationHop[] | undefined {\n if (args.delegationChain && args.delegationChain.length > 0) {\n return [...args.delegationChain];\n }\n if (!args.delegatedBy) {\n return;\n }\n return [\n {\n principalId: args.delegatedBy,\n principalType:\n args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),\n delegatedAt: args.delegatedAt,\n reason: args.reason,\n },\n ];\n}\n\nexport function lastDelegator(\n delegationChain?: readonly SessionDelegationHop[]\n): string | undefined {\n if (!delegationChain || delegationChain.length === 0) {\n return;\n }\n return delegationChain[delegationChain.length - 1]?.principalId;\n}\n\n// =============================================================================\n// AUTH CONTEXT\n// (Formerly src/auth-context.contract.ts)\n// =============================================================================\n\nimport type { ConvexAdminClient } from \"./convex-admin.contract\";\n\nexport type McpTransportKind = \"stdio\" | \"hosted\";\n\nexport type LucernSdkClient = unknown;\n\n/**\n * Session authentication context — injected by withAuth() middleware.\n *\n * Built from TenantConfig at dispatch time. Agent sessions get\n * AGENT_IDENTITY + \"agent:internal\" role + unrestricted access.\n * User sessions get Clerk userId + resolved role + tool ACLs.\n */\nexport type AuthContext = {\n sessionType: \"agent\" | \"user\";\n userId: string; // AGENT_IDENTITY for agents, Clerk userId for users\n tenantId: string;\n role: string; // \"agent:internal\" | \"platform_admin\" | \"tenant_admin\" | \"editor\" | \"viewer\" | ...\n allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.\n // Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess\n groupIds: string[]; // Groups this user belongs to (empty for agents)\n permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)\n sessionId: string; // S2-13K: MCP process session UUID for audit attribution\n principalId?: string;\n principalType?: SessionPrincipalType;\n workspaceId?: string;\n scopes?: string[];\n authMode?: SessionAuthMode;\n roles?: string[];\n transportKind?: McpTransportKind;\n lucernClient?: LucernSdkClient;\n convex?: ConvexAdminClient;\n setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;\n matchesWorkspaceReasoningScope?: (\n node: unknown,\n scope: unknown\n ) => boolean;\n};\n"]}
@@ -0,0 +1,92 @@
1
+ import { ConvexAdminClient } from './convex-admin.contract.js';
2
+
3
+ /**
4
+ * @lucern/contracts — auth (canonical support contract)
5
+ *
6
+ * Consolidated flat support surface for Lucern authentication:
7
+ * - Session primitives (auth modes, principal types, lifecycle)
8
+ * - AuthContext shape + McpTransportKind + LucernSdkClient alias
9
+ *
10
+ * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts
11
+ * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).
12
+ */
13
+ declare const SESSION_AUTH_MODES: readonly ["interactive_user", "service_principal", "tenant_api_key", "session_token"];
14
+ type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];
15
+ declare const SESSION_PRINCIPAL_TYPES: readonly ["human", "service", "agent"];
16
+ type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];
17
+ declare const SESSION_LIFECYCLE_STATUSES: readonly ["active", "expired", "revoked"];
18
+ type SessionLifecycleStatus = (typeof SESSION_LIFECYCLE_STATUSES)[number];
19
+ type SessionDelegationHop = {
20
+ principalId: string;
21
+ principalType: SessionPrincipalType;
22
+ authMode?: SessionAuthMode;
23
+ sessionId?: string;
24
+ delegatedAt?: number;
25
+ reason?: string;
26
+ };
27
+ type SessionAuditOutcome = "accepted" | "rejected" | "revoked" | "expired";
28
+ type SessionAuditEnvelope = {
29
+ sessionId: string;
30
+ authMode: SessionAuthMode;
31
+ principalId: string;
32
+ principalType: SessionPrincipalType;
33
+ tenantId: string;
34
+ workspaceId?: string;
35
+ apiKeyId?: string;
36
+ scopes: readonly string[];
37
+ roles?: readonly string[];
38
+ delegationChain?: readonly SessionDelegationHop[];
39
+ sourceSessionId?: string;
40
+ expiresAt?: number;
41
+ request?: {
42
+ endpoint?: string;
43
+ method?: string;
44
+ correlationId?: string;
45
+ };
46
+ result?: {
47
+ outcome: SessionAuditOutcome;
48
+ reason?: string;
49
+ };
50
+ };
51
+ declare function inferSessionPrincipalType(principalId: string): SessionPrincipalType;
52
+ declare function normalizeDelegationChain(args: {
53
+ delegationChain?: readonly SessionDelegationHop[];
54
+ delegatedBy?: string;
55
+ delegatedByType?: SessionPrincipalType;
56
+ delegatedAt?: number;
57
+ reason?: string;
58
+ }): SessionDelegationHop[] | undefined;
59
+ declare function lastDelegator(delegationChain?: readonly SessionDelegationHop[]): string | undefined;
60
+
61
+ type McpTransportKind = "stdio" | "hosted";
62
+ type LucernSdkClient = unknown;
63
+ /**
64
+ * Session authentication context — injected by withAuth() middleware.
65
+ *
66
+ * Built from TenantConfig at dispatch time. Agent sessions get
67
+ * AGENT_IDENTITY + "agent:internal" role + unrestricted access.
68
+ * User sessions get Clerk userId + resolved role + tool ACLs.
69
+ */
70
+ type AuthContext = {
71
+ sessionType: "agent" | "user";
72
+ userId: string;
73
+ tenantId: string;
74
+ role: string;
75
+ allowedTopics: string[] | null;
76
+ groupIds: string[];
77
+ permittedPackKeys: string[];
78
+ sessionId: string;
79
+ principalId?: string;
80
+ principalType?: SessionPrincipalType;
81
+ workspaceId?: string;
82
+ scopes?: string[];
83
+ authMode?: SessionAuthMode;
84
+ roles?: string[];
85
+ transportKind?: McpTransportKind;
86
+ lucernClient?: LucernSdkClient;
87
+ convex?: ConvexAdminClient;
88
+ setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;
89
+ matchesWorkspaceReasoningScope?: (node: unknown, scope: unknown) => boolean;
90
+ };
91
+
92
+ export { type AuthContext, type LucernSdkClient, type McpTransportKind, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, type SessionAuditEnvelope, type SessionAuditOutcome, type SessionAuthMode, type SessionDelegationHop, type SessionLifecycleStatus, type SessionPrincipalType, inferSessionPrincipalType, lastDelegator, normalizeDelegationChain };
@@ -0,0 +1,48 @@
1
+ // src/auth.contract.ts
2
+ var SESSION_AUTH_MODES = [
3
+ "interactive_user",
4
+ "service_principal",
5
+ "tenant_api_key",
6
+ "session_token"
7
+ ];
8
+ var SESSION_PRINCIPAL_TYPES = ["human", "service", "agent"];
9
+ var SESSION_LIFECYCLE_STATUSES = [
10
+ "active",
11
+ "expired",
12
+ "revoked"
13
+ ];
14
+ function inferSessionPrincipalType(principalId) {
15
+ if (principalId.startsWith("user:")) {
16
+ return "human";
17
+ }
18
+ if (principalId.startsWith("agent:")) {
19
+ return "agent";
20
+ }
21
+ return "service";
22
+ }
23
+ function normalizeDelegationChain(args) {
24
+ if (args.delegationChain && args.delegationChain.length > 0) {
25
+ return [...args.delegationChain];
26
+ }
27
+ if (!args.delegatedBy) {
28
+ return;
29
+ }
30
+ return [
31
+ {
32
+ principalId: args.delegatedBy,
33
+ principalType: args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),
34
+ delegatedAt: args.delegatedAt,
35
+ reason: args.reason
36
+ }
37
+ ];
38
+ }
39
+ function lastDelegator(delegationChain) {
40
+ if (!delegationChain || delegationChain.length === 0) {
41
+ return;
42
+ }
43
+ return delegationChain[delegationChain.length - 1]?.principalId;
44
+ }
45
+
46
+ export { SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, inferSessionPrincipalType, lastDelegator, normalizeDelegationChain };
47
+ //# sourceMappingURL=auth.contract.js.map
48
+ //# sourceMappingURL=auth.contract.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/auth.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,kBAAA,GAAqB;AAAA,EAChC,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B,CAAC,OAAA,EAAS,SAAA,EAAW,OAAO;AAG5D,IAAM,0BAAA,GAA6B;AAAA,EACxC,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AA2CO,SAAS,0BACd,WAAA,EACsB;AACtB,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,EAAG;AACnC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAMF;AACrC,EAAA,IAAI,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,eAAe,CAAA;AAAA,EACjC;AACA,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL;AAAA,MACE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAA,EACE,IAAA,CAAK,eAAA,IAAmB,yBAAA,CAA0B,KAAK,WAAW,CAAA;AAAA,MACpE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,QAAQ,IAAA,CAAK;AAAA;AACf,GACF;AACF;AAEO,SAAS,cACd,eAAA,EACoB;AACpB,EAAA,IAAI,CAAC,eAAA,IAAmB,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AACpD,IAAA;AAAA,EACF;AACA,EAAA,OAAO,eAAA,CAAgB,eAAA,CAAgB,MAAA,GAAS,CAAC,CAAA,EAAG,WAAA;AACtD","file":"auth.contract.js","sourcesContent":["/**\n * @lucern/contracts — auth (canonical support contract)\n *\n * Consolidated flat support surface for Lucern authentication:\n * - Session primitives (auth modes, principal types, lifecycle)\n * - AuthContext shape + McpTransportKind + LucernSdkClient alias\n *\n * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts\n * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).\n */\n\n// =============================================================================\n// SESSION PRIMITIVES\n// (Formerly src/auth-session.contract.ts)\n// =============================================================================\n\nexport const SESSION_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const;\nexport type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];\n\nexport const SESSION_PRINCIPAL_TYPES = [\"human\", \"service\", \"agent\"] as const;\nexport type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];\n\nexport const SESSION_LIFECYCLE_STATUSES = [\n \"active\",\n \"expired\",\n \"revoked\",\n] as const;\nexport type SessionLifecycleStatus =\n (typeof SESSION_LIFECYCLE_STATUSES)[number];\n\nexport type SessionDelegationHop = {\n principalId: string;\n principalType: SessionPrincipalType;\n authMode?: SessionAuthMode;\n sessionId?: string;\n delegatedAt?: number;\n reason?: string;\n};\n\nexport type SessionAuditOutcome =\n | \"accepted\"\n | \"rejected\"\n | \"revoked\"\n | \"expired\";\n\nexport type SessionAuditEnvelope = {\n sessionId: string;\n authMode: SessionAuthMode;\n principalId: string;\n principalType: SessionPrincipalType;\n tenantId: string;\n workspaceId?: string;\n apiKeyId?: string;\n scopes: readonly string[];\n roles?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n sourceSessionId?: string;\n expiresAt?: number;\n request?: {\n endpoint?: string;\n method?: string;\n correlationId?: string;\n };\n result?: {\n outcome: SessionAuditOutcome;\n reason?: string;\n };\n};\n\nexport function inferSessionPrincipalType(\n principalId: string\n): SessionPrincipalType {\n if (principalId.startsWith(\"user:\")) {\n return \"human\";\n }\n if (principalId.startsWith(\"agent:\")) {\n return \"agent\";\n }\n return \"service\";\n}\n\nexport function normalizeDelegationChain(args: {\n delegationChain?: readonly SessionDelegationHop[];\n delegatedBy?: string;\n delegatedByType?: SessionPrincipalType;\n delegatedAt?: number;\n reason?: string;\n}): SessionDelegationHop[] | undefined {\n if (args.delegationChain && args.delegationChain.length > 0) {\n return [...args.delegationChain];\n }\n if (!args.delegatedBy) {\n return;\n }\n return [\n {\n principalId: args.delegatedBy,\n principalType:\n args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),\n delegatedAt: args.delegatedAt,\n reason: args.reason,\n },\n ];\n}\n\nexport function lastDelegator(\n delegationChain?: readonly SessionDelegationHop[]\n): string | undefined {\n if (!delegationChain || delegationChain.length === 0) {\n return;\n }\n return delegationChain[delegationChain.length - 1]?.principalId;\n}\n\n// =============================================================================\n// AUTH CONTEXT\n// (Formerly src/auth-context.contract.ts)\n// =============================================================================\n\nimport type { ConvexAdminClient } from \"./convex-admin.contract\";\n\nexport type McpTransportKind = \"stdio\" | \"hosted\";\n\nexport type LucernSdkClient = unknown;\n\n/**\n * Session authentication context — injected by withAuth() middleware.\n *\n * Built from TenantConfig at dispatch time. Agent sessions get\n * AGENT_IDENTITY + \"agent:internal\" role + unrestricted access.\n * User sessions get Clerk userId + resolved role + tool ACLs.\n */\nexport type AuthContext = {\n sessionType: \"agent\" | \"user\";\n userId: string; // AGENT_IDENTITY for agents, Clerk userId for users\n tenantId: string;\n role: string; // \"agent:internal\" | \"platform_admin\" | \"tenant_admin\" | \"editor\" | \"viewer\" | ...\n allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.\n // Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess\n groupIds: string[]; // Groups this user belongs to (empty for agents)\n permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)\n sessionId: string; // S2-13K: MCP process session UUID for audit attribution\n principalId?: string;\n principalType?: SessionPrincipalType;\n workspaceId?: string;\n scopes?: string[];\n authMode?: SessionAuthMode;\n roles?: string[];\n transportKind?: McpTransportKind;\n lucernClient?: LucernSdkClient;\n convex?: ConvexAdminClient;\n setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;\n matchesWorkspaceReasoningScope?: (\n node: unknown,\n scope: unknown\n ) => boolean;\n};\n"]}
@@ -0,0 +1,2 @@
1
+
2
+ export { }
@@ -0,0 +1,3 @@
1
+
2
+ //# sourceMappingURL=v1.js.map
3
+ //# sourceMappingURL=v1.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":[],"names":[],"mappings":"","file":"v1.js"}