@lucern/contracts 0.1.1-alpha.1 → 0.1.2-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (151) hide show
  1. package/CHANGELOG.md +3 -0
  2. package/README.md +3 -0
  3. package/dist/agents/v1.d.ts +2 -0
  4. package/dist/agents/v1.js +3 -0
  5. package/dist/agents/v1.js.map +1 -0
  6. package/dist/api-enums.contract.d.ts +60 -0
  7. package/dist/api-enums.contract.js +174 -0
  8. package/dist/api-enums.contract.js.map +1 -0
  9. package/dist/auth-context.contract.d.ts +2 -0
  10. package/dist/auth-context.contract.js +48 -0
  11. package/dist/auth-context.contract.js.map +1 -0
  12. package/dist/auth-session.contract.d.ts +2 -0
  13. package/dist/auth-session.contract.js +48 -0
  14. package/dist/auth-session.contract.js.map +1 -0
  15. package/dist/auth.contract.d.ts +92 -0
  16. package/dist/auth.contract.js +48 -0
  17. package/dist/auth.contract.js.map +1 -0
  18. package/dist/beliefs/v1.d.ts +2 -0
  19. package/dist/beliefs/v1.js +3 -0
  20. package/dist/beliefs/v1.js.map +1 -0
  21. package/dist/context-pack.contract.d.ts +496 -0
  22. package/dist/context-pack.contract.js +98 -0
  23. package/dist/context-pack.contract.js.map +1 -0
  24. package/dist/convex-admin.contract.d.ts +7 -0
  25. package/dist/convex-admin.contract.js +3 -0
  26. package/dist/convex-admin.contract.js.map +1 -0
  27. package/dist/events-types.contract.d.ts +1 -0
  28. package/dist/events-types.contract.js +136 -0
  29. package/dist/events-types.contract.js.map +1 -0
  30. package/dist/events.contract.d.ts +178 -0
  31. package/dist/events.contract.js +136 -0
  32. package/dist/events.contract.js.map +1 -0
  33. package/dist/evidence/v1.d.ts +2 -0
  34. package/dist/evidence/v1.js +3 -0
  35. package/dist/evidence/v1.js.map +1 -0
  36. package/dist/gateway.contract.d.ts +79 -0
  37. package/dist/gateway.contract.js +12 -0
  38. package/dist/gateway.contract.js.map +1 -0
  39. package/dist/graph/v1.d.ts +2 -0
  40. package/dist/graph/v1.js +3 -0
  41. package/dist/graph/v1.js.map +1 -0
  42. package/dist/ids.contract.d.ts +9 -0
  43. package/{src/ids.contract.ts → dist/ids.contract.js} +10 -17
  44. package/dist/ids.contract.js.map +1 -0
  45. package/dist/index.d.ts +15 -2004
  46. package/dist/index.js +61 -118
  47. package/dist/index.js.map +1 -0
  48. package/dist/lens-filter.contract.d.ts +72 -0
  49. package/dist/lens-filter.contract.js +71 -0
  50. package/dist/lens-filter.contract.js.map +1 -0
  51. package/dist/lens-workflow.contract.d.ts +87 -0
  52. package/dist/lens-workflow.contract.js +123 -0
  53. package/dist/lens-workflow.contract.js.map +1 -0
  54. package/dist/mcp-tools.contract-D8kXcP6d.d.ts +254 -0
  55. package/dist/mcp-tools.contract.d.ts +1 -0
  56. package/dist/mcp-tools.contract.js +3016 -0
  57. package/dist/mcp-tools.contract.js.map +1 -0
  58. package/dist/ontologies/v1.d.ts +2 -0
  59. package/dist/ontologies/v1.js +3 -0
  60. package/dist/ontologies/v1.js.map +1 -0
  61. package/dist/ontology-matching.contract.d.ts +1 -0
  62. package/dist/ontology-matching.contract.js +346 -0
  63. package/dist/ontology-matching.contract.js.map +1 -0
  64. package/dist/prompt.contract.d.ts +26 -0
  65. package/dist/prompt.contract.js +12 -0
  66. package/dist/prompt.contract.js.map +1 -0
  67. package/dist/questions/v1.d.ts +2 -0
  68. package/dist/questions/v1.js +3 -0
  69. package/dist/questions/v1.js.map +1 -0
  70. package/dist/sdk-methods.contract.d.ts +376 -0
  71. package/dist/sdk-methods.contract.js +3 -0
  72. package/dist/sdk-methods.contract.js.map +1 -0
  73. package/dist/sdk-tools.contract-BnV0hKLp.d.ts +150 -0
  74. package/dist/sdk-tools.contract.d.ts +2 -0
  75. package/dist/sdk-tools.contract.js +4252 -0
  76. package/dist/sdk-tools.contract.js.map +1 -0
  77. package/dist/text-matching.contract.d.ts +55 -0
  78. package/{src/text-matching.contract.ts → dist/text-matching.contract.js} +36 -137
  79. package/dist/text-matching.contract.js.map +1 -0
  80. package/dist/topic-scope.contract.d.ts +1 -0
  81. package/{src/v1/topics/v1.ts → dist/topic-scope.contract.js} +13 -38
  82. package/dist/topic-scope.contract.js.map +1 -0
  83. package/dist/topics/v1.d.ts +2 -0
  84. package/dist/topics/v1.js +3 -0
  85. package/dist/topics/v1.js.map +1 -0
  86. package/dist/v1/agents/v1.d.ts +2 -0
  87. package/dist/v1/agents/v1.js +3 -0
  88. package/dist/v1/agents/v1.js.map +1 -0
  89. package/dist/v1/beliefs/v1.d.ts +2 -0
  90. package/dist/v1/beliefs/v1.js +3 -0
  91. package/dist/v1/beliefs/v1.js.map +1 -0
  92. package/dist/v1/evidence/v1.d.ts +2 -0
  93. package/dist/v1/evidence/v1.js +3 -0
  94. package/dist/v1/evidence/v1.js.map +1 -0
  95. package/dist/v1/graph/v1.d.ts +2 -0
  96. package/dist/v1/graph/v1.js +3 -0
  97. package/dist/v1/graph/v1.js.map +1 -0
  98. package/dist/v1/ontologies/v1.d.ts +78 -0
  99. package/dist/v1/ontologies/v1.js +346 -0
  100. package/dist/v1/ontologies/v1.js.map +1 -0
  101. package/dist/v1/questions/v1.d.ts +2 -0
  102. package/dist/v1/questions/v1.js +3 -0
  103. package/dist/v1/questions/v1.js.map +1 -0
  104. package/dist/v1/topics/v1.d.ts +21 -0
  105. package/dist/v1/topics/v1.js +54 -0
  106. package/dist/v1/topics/v1.js.map +1 -0
  107. package/dist/v1/worktrees/v1.d.ts +2 -0
  108. package/dist/v1/worktrees/v1.js +3 -0
  109. package/dist/v1/worktrees/v1.js.map +1 -0
  110. package/dist/workflow-runtime.contract.d.ts +163 -0
  111. package/dist/workflow-runtime.contract.js +245 -0
  112. package/dist/workflow-runtime.contract.js.map +1 -0
  113. package/dist/worktrees/v1.d.ts +2 -0
  114. package/dist/worktrees/v1.js +3 -0
  115. package/dist/worktrees/v1.js.map +1 -0
  116. package/package.json +23 -7
  117. package/src/agents/v1.ts +0 -8
  118. package/src/api-enums.contract.ts +0 -183
  119. package/src/auth-context.contract.ts +0 -9
  120. package/src/auth-session.contract.ts +0 -9
  121. package/src/auth.contract.ts +0 -162
  122. package/src/beliefs/v1.ts +0 -8
  123. package/src/context-pack.contract.ts +0 -704
  124. package/src/convex-admin.contract.ts +0 -14
  125. package/src/events-types.contract.ts +0 -9
  126. package/src/events.contract.ts +0 -376
  127. package/src/evidence/v1.ts +0 -8
  128. package/src/gateway.contract.ts +0 -151
  129. package/src/graph/v1.ts +0 -8
  130. package/src/index.ts +0 -30
  131. package/src/lens-filter.contract.ts +0 -183
  132. package/src/lens-workflow.contract.ts +0 -162
  133. package/src/mcp-tools.contract.ts +0 -3636
  134. package/src/ontologies/v1.ts +0 -8
  135. package/src/ontology-matching.contract.ts +0 -9
  136. package/src/prompt.contract.ts +0 -50
  137. package/src/questions/v1.ts +0 -8
  138. package/src/sdk-methods.contract.ts +0 -522
  139. package/src/sdk-tools.contract.ts +0 -1545
  140. package/src/topic-scope.contract.ts +0 -9
  141. package/src/topics/v1.ts +0 -8
  142. package/src/v1/agents/v1.ts +0 -8
  143. package/src/v1/beliefs/v1.ts +0 -8
  144. package/src/v1/evidence/v1.ts +0 -8
  145. package/src/v1/graph/v1.ts +0 -8
  146. package/src/v1/ontologies/v1.ts +0 -276
  147. package/src/v1/questions/v1.ts +0 -8
  148. package/src/v1/worktrees/v1.ts +0 -8
  149. package/src/workflow-runtime.contract.ts +0 -440
  150. package/src/worktrees/v1.ts +0 -8
  151. package/tsconfig.json +0 -9
package/CHANGELOG.md ADDED
@@ -0,0 +1,3 @@
1
+ # Changelog
2
+
3
+ All notable changes to `@lucern/contracts` are tracked in this repository.
package/README.md ADDED
@@ -0,0 +1,3 @@
1
+ # @lucern/contracts
2
+
3
+ Machine-readable Lucern contracts for the public SDK, gateway, and MCP surfaces.
@@ -0,0 +1,2 @@
1
+
2
+ export { }
@@ -0,0 +1,3 @@
1
+
2
+ //# sourceMappingURL=v1.js.map
3
+ //# sourceMappingURL=v1.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":[],"names":[],"mappings":"","file":"v1.js"}
@@ -0,0 +1,60 @@
1
+ /**
2
+ * API Enum Contract Definitions
3
+ *
4
+ * Canonical enum values for all API-facing enumerations.
5
+ * These are co-equal with MCP contracts as external contracts.
6
+ * SDK types are DERIVED from these — not independently authored.
7
+ *
8
+ * CONTRACT SURFACE: Adding a new enum value is additive (non-breaking).
9
+ * Removing or renaming an existing value is a BREAKING CHANGE.
10
+ */
11
+ /** Fork reasons — why a scored belief was branched */
12
+ declare const FORK_REASONS: readonly ["refinement", "contradiction_response", "scope_change", "confidence_collapse", "manual"];
13
+ type ForkReason = (typeof FORK_REASONS)[number];
14
+ /** Confidence modulation triggers — what caused a confidence change */
15
+ declare const CONFIDENCE_TRIGGERS: readonly ["evidence_added", "evidence_removed", "contradiction_detected", "contradiction_resolved", "manual", "decay", "agent_assessment", "worktree_outcome", "worktree_completed", "fusion", "discount", "deduction"];
16
+ type ConfidenceTrigger = (typeof CONFIDENCE_TRIGGERS)[number];
17
+ /** Belief status — lifecycle state */
18
+ declare const BELIEF_STATUSES: readonly ["unscored", "scored", "archived"];
19
+ type BeliefStatus = (typeof BELIEF_STATUSES)[number];
20
+ /** Reasoning methods — how an edge relationship was determined */
21
+ declare const REASONING_METHODS: readonly ["deductive", "inductive", "abductive", "analogical", "empirical"];
22
+ type ReasoningMethod = (typeof REASONING_METHODS)[number];
23
+ /** Defeat types (Pollock taxonomy) — how a contradiction operates */
24
+ declare const DEFEAT_TYPES: readonly ["rebuts", "undercuts", "undermines"];
25
+ type DefeatType = (typeof DEFEAT_TYPES)[number];
26
+ /** Contradiction severity levels */
27
+ declare const CONTRADICTION_SEVERITIES: readonly ["low", "medium", "high", "critical"];
28
+ type ContradictionSeverity = (typeof CONTRADICTION_SEVERITIES)[number];
29
+ /** Contradiction resolution status */
30
+ declare const CONTRADICTION_STATUSES: readonly ["unresolved", "resolved", "accepted"];
31
+ type ContradictionStatus = (typeof CONTRADICTION_STATUSES)[number];
32
+ /** Merge outcome types — how a worktree merge resolved */
33
+ declare const MERGE_OUTCOMES: readonly ["validated", "invalidated", "forked", "inconclusive"];
34
+ type MergeOutcome = (typeof MERGE_OUTCOMES)[number];
35
+ /** Worktree phases — investigation lifecycle within a checked-out worktree */
36
+ declare const WORKTREE_PHASES: readonly ["hypothesis", "investigation", "evaluation", "resolution"];
37
+ type WorktreePhase = (typeof WORKTREE_PHASES)[number];
38
+ /** Branch status — thematic branch lifecycle */
39
+ declare const BRANCH_STATUSES: readonly ["dormant", "active", "archived"];
40
+ type BranchStatus = (typeof BRANCH_STATUSES)[number];
41
+ /** Pull request status — review lifecycle before merge */
42
+ declare const PULL_REQUEST_STATUSES: readonly ["pending_review", "changes_requested", "approved", "blocked"];
43
+ type PullRequestStatus = (typeof PULL_REQUEST_STATUSES)[number];
44
+ /** Epistemic layers — the hierarchy of knowledge */
45
+ declare const EPISTEMIC_LAYERS: readonly ["L1", "L2", "L3", "L4"];
46
+ type EpistemicLayer = (typeof EPISTEMIC_LAYERS)[number];
47
+ /**
48
+ * Judgment type — classification of the determination.
49
+ *
50
+ * Phase 1: These are new enum values for the Judgment (L4) vocabulary.
51
+ * The existing code uses "Decision" — these are the forward-looking terms
52
+ * that will eventually replace the Decision vocabulary (Phase 2-3).
53
+ */
54
+ declare const JUDGMENT_TYPES: readonly ["investment_thesis", "thesis_maturity", "contradiction_ruling", "scope_determination", "confidence_ruling"];
55
+ type JudgmentType = (typeof JUDGMENT_TYPES)[number];
56
+ /** Core edge types used in the Integration Surfaces */
57
+ declare const INTEGRATION_EDGE_TYPES: readonly ["informs", "grounds", "answers", "contradicts", "supports", "depends_on", "derived_from", "contains", "supersedes", "tests"];
58
+ type IntegrationEdgeType = (typeof INTEGRATION_EDGE_TYPES)[number];
59
+
60
+ export { BELIEF_STATUSES, BRANCH_STATUSES, type BeliefStatus, type BranchStatus, CONFIDENCE_TRIGGERS, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, type ConfidenceTrigger, type ContradictionSeverity, type ContradictionStatus, DEFEAT_TYPES, type DefeatType, EPISTEMIC_LAYERS, type EpistemicLayer, FORK_REASONS, type ForkReason, INTEGRATION_EDGE_TYPES, type IntegrationEdgeType, JUDGMENT_TYPES, type JudgmentType, MERGE_OUTCOMES, type MergeOutcome, PULL_REQUEST_STATUSES, type PullRequestStatus, REASONING_METHODS, type ReasoningMethod, WORKTREE_PHASES, type WorktreePhase };
@@ -0,0 +1,174 @@
1
+ // src/api-enums.contract.ts
2
+ var FORK_REASONS = [
3
+ "refinement",
4
+ // Belief text evolved based on new understanding
5
+ "contradiction_response",
6
+ // Created in response to a detected contradiction
7
+ "scope_change",
8
+ // Belief scope narrowed or broadened
9
+ "confidence_collapse",
10
+ // Confidence dropped below viability threshold
11
+ "manual"
12
+ // User-initiated fork without specific trigger
13
+ ];
14
+ var CONFIDENCE_TRIGGERS = [
15
+ "evidence_added",
16
+ // New evidence bore on the belief
17
+ "evidence_removed",
18
+ // Evidence was removed or invalidated
19
+ "contradiction_detected",
20
+ // A contradiction was flagged involving this belief
21
+ "contradiction_resolved",
22
+ // A contradiction was resolved
23
+ "manual",
24
+ // User manually adjusted confidence
25
+ "decay",
26
+ // Time-based confidence erosion
27
+ "agent_assessment",
28
+ // An agent provided a structured assessment
29
+ "worktree_outcome",
30
+ // Worktree outcome determined this confidence
31
+ "worktree_completed",
32
+ // Worktree completed and closed this scoring loop
33
+ "fusion",
34
+ // Confidence came from subjective-logic fusion
35
+ "discount",
36
+ // Confidence came from trust discounting
37
+ "deduction"
38
+ // Confidence came from conditional deduction
39
+ ];
40
+ var BELIEF_STATUSES = [
41
+ "unscored",
42
+ // Draft — editable in worktree (on feature branch, pre-merge)
43
+ "scored",
44
+ // Merged — formulation frozen (merged to main)
45
+ "archived"
46
+ // Soft-deleted — preserved in history (git rm)
47
+ ];
48
+ var REASONING_METHODS = [
49
+ "deductive",
50
+ // Logically entailed
51
+ "inductive",
52
+ // Generalized from instances
53
+ "abductive",
54
+ // Best explanation inference
55
+ "analogical",
56
+ // Reasoning by analogy
57
+ "empirical"
58
+ // Direct observation/measurement
59
+ ];
60
+ var DEFEAT_TYPES = [
61
+ "rebuts",
62
+ // Direct contradiction — reasons for the negation
63
+ "undercuts",
64
+ // Breaks the inference link between evidence and belief
65
+ "undermines"
66
+ // Attacks a premise the belief depends on
67
+ ];
68
+ var CONTRADICTION_SEVERITIES = [
69
+ "low",
70
+ // Minor tension, may not require action
71
+ "medium",
72
+ // Moderate conflict, should be investigated
73
+ "high",
74
+ // Significant contradiction, likely needs resolution
75
+ "critical"
76
+ // Blocks progress — must be addressed before judgment
77
+ ];
78
+ var CONTRADICTION_STATUSES = [
79
+ "unresolved",
80
+ // Open conflict — may persist indefinitely
81
+ "resolved",
82
+ // Conflict addressed (one belief forked, archived, or confidence adjusted)
83
+ "accepted"
84
+ // Explicitly accepted as irreconcilable — both beliefs maintained
85
+ ];
86
+ var MERGE_OUTCOMES = [
87
+ "validated",
88
+ // Beliefs confirmed — clean merge to main
89
+ "invalidated",
90
+ // Defeat recorded — confidence collapsed (merge with revert)
91
+ "forked",
92
+ // Beliefs split into competing versions (fork from merge point)
93
+ "inconclusive"
94
+ // Insufficient evidence — stashed (git stash)
95
+ ];
96
+ var WORKTREE_PHASES = [
97
+ "hypothesis",
98
+ // Form testable claims (write the code — commits)
99
+ "investigation",
100
+ // Collect evidence (run the tests — more commits)
101
+ "evaluation",
102
+ // Update credences (review the results — amend as needed)
103
+ "resolution"
104
+ // Determine outcome (merge to main, fork, or stash)
105
+ ];
106
+ var BRANCH_STATUSES = [
107
+ "dormant",
108
+ // Branch exists but no active worktree (no one investigating)
109
+ "active",
110
+ // At least one worktree is investigating this branch
111
+ "archived"
112
+ // Branch retired — no longer a relevant thematic container
113
+ ];
114
+ var PULL_REQUEST_STATUSES = [
115
+ "pending_review",
116
+ // PR opened — awaiting reviewer feedback
117
+ "changes_requested",
118
+ // Reviewer requests changes before merge
119
+ "approved",
120
+ // Approved — ready to merge
121
+ "blocked"
122
+ // Blocked — cannot merge until contradiction is resolved
123
+ ];
124
+ var EPISTEMIC_LAYERS = [
125
+ "L1",
126
+ // Source — the given (vendored deps)
127
+ "L2",
128
+ // Evidence — the interpreted (test suite)
129
+ "L3",
130
+ // Belief — the structural (source files)
131
+ "L4"
132
+ // Judgment — the committed (release tags)
133
+ ];
134
+ var JUDGMENT_TYPES = [
135
+ "investment_thesis",
136
+ // Judgment on an investment opportunity
137
+ "thesis_maturity",
138
+ // Judgment that a thesis is ready for IC presentation
139
+ "contradiction_ruling",
140
+ // Judgment on how to handle an irreconcilable contradiction
141
+ "scope_determination",
142
+ // Judgment that defines or redefines investigation scope
143
+ "confidence_ruling"
144
+ // Judgment that overrides automated confidence for policy reasons
145
+ ];
146
+ var INTEGRATION_EDGE_TYPES = [
147
+ // Support relations
148
+ "informs",
149
+ // Evidence bears on a belief (weight = direction/strength)
150
+ "grounds",
151
+ // Source provides raw basis for evidence
152
+ "answers",
153
+ // Evidence or belief resolves a question
154
+ // Defeat relations (Pollock) — weight carries direction
155
+ "contradicts",
156
+ // Rebuts — direct contradiction
157
+ "supports",
158
+ // Weight carries valence (negative = weakens/undercuts)
159
+ // Structural relations
160
+ "depends_on",
161
+ // Belief B requires Belief A
162
+ "derived_from",
163
+ // Provenance lineage
164
+ "contains",
165
+ // Hierarchical containment
166
+ "supersedes",
167
+ // New version replaces old (lineage)
168
+ "tests"
169
+ // Question tests a belief
170
+ ];
171
+
172
+ export { BELIEF_STATUSES, BRANCH_STATUSES, CONFIDENCE_TRIGGERS, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, DEFEAT_TYPES, EPISTEMIC_LAYERS, FORK_REASONS, INTEGRATION_EDGE_TYPES, JUDGMENT_TYPES, MERGE_OUTCOMES, PULL_REQUEST_STATUSES, REASONING_METHODS, WORKTREE_PHASES };
173
+ //# sourceMappingURL=api-enums.contract.js.map
174
+ //# sourceMappingURL=api-enums.contract.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/api-enums.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,YAAA,GAAe;AAAA,EAC1B,YAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,cAAA;AAAA;AAAA,EACA,qBAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,mBAAA,GAAsB;AAAA,EACjC,gBAAA;AAAA;AAAA,EACA,kBAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA,OAAA;AAAA;AAAA,EACA,kBAAA;AAAA;AAAA,EACA,kBAAA;AAAA;AAAA,EACA,oBAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,eAAA,GAAkB;AAAA,EAC7B,UAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,iBAAA,GAAoB;AAAA,EAC/B,WAAA;AAAA;AAAA,EACA,WAAA;AAAA;AAAA,EACA,WAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,YAAA,GAAe;AAAA,EAC1B,QAAA;AAAA;AAAA,EACA,WAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,wBAAA,GAA2B;AAAA,EACtC,KAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA,MAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,sBAAA,GAAyB;AAAA,EACpC,YAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,cAAA,GAAiB;AAAA,EAC5B,WAAA;AAAA;AAAA,EACA,aAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,eAAA,GAAkB;AAAA,EAC7B,YAAA;AAAA;AAAA,EACA,eAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,eAAA,GAAkB;AAAA,EAC7B,SAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,qBAAA,GAAwB;AAAA,EACnC,gBAAA;AAAA;AAAA,EACA,mBAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,gBAAA,GAAmB;AAAA,EAC9B,IAAA;AAAA;AAAA,EACA,IAAA;AAAA;AAAA,EACA,IAAA;AAAA;AAAA,EACA;AAAA;AACF;AAcO,IAAM,cAAA,GAAiB;AAAA,EAC5B,mBAAA;AAAA;AAAA,EACA,iBAAA;AAAA;AAAA,EACA,sBAAA;AAAA;AAAA,EACA,qBAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,sBAAA,GAAyB;AAAA;AAAA,EAEpC,SAAA;AAAA;AAAA,EACA,SAAA;AAAA;AAAA,EACA,SAAA;AAAA;AAAA;AAAA,EAEA,aAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA;AAAA,EAEA,YAAA;AAAA;AAAA,EACA,cAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA,EACA;AAAA;AACF","file":"api-enums.contract.js","sourcesContent":["/**\n * API Enum Contract Definitions\n *\n * Canonical enum values for all API-facing enumerations.\n * These are co-equal with MCP contracts as external contracts.\n * SDK types are DERIVED from these — not independently authored.\n *\n * CONTRACT SURFACE: Adding a new enum value is additive (non-breaking).\n * Removing or renaming an existing value is a BREAKING CHANGE.\n */\n\n// =============================================================================\n// BELIEF ENUMS\n// =============================================================================\n\n/** Fork reasons — why a scored belief was branched */\nexport const FORK_REASONS = [\n \"refinement\", // Belief text evolved based on new understanding\n \"contradiction_response\", // Created in response to a detected contradiction\n \"scope_change\", // Belief scope narrowed or broadened\n \"confidence_collapse\", // Confidence dropped below viability threshold\n \"manual\", // User-initiated fork without specific trigger\n] as const;\nexport type ForkReason = (typeof FORK_REASONS)[number];\n\n/** Confidence modulation triggers — what caused a confidence change */\nexport const CONFIDENCE_TRIGGERS = [\n \"evidence_added\", // New evidence bore on the belief\n \"evidence_removed\", // Evidence was removed or invalidated\n \"contradiction_detected\", // A contradiction was flagged involving this belief\n \"contradiction_resolved\", // A contradiction was resolved\n \"manual\", // User manually adjusted confidence\n \"decay\", // Time-based confidence erosion\n \"agent_assessment\", // An agent provided a structured assessment\n \"worktree_outcome\", // Worktree outcome determined this confidence\n \"worktree_completed\", // Worktree completed and closed this scoring loop\n \"fusion\", // Confidence came from subjective-logic fusion\n \"discount\", // Confidence came from trust discounting\n \"deduction\", // Confidence came from conditional deduction\n] as const;\nexport type ConfidenceTrigger = (typeof CONFIDENCE_TRIGGERS)[number];\n\n/** Belief status — lifecycle state */\nexport const BELIEF_STATUSES = [\n \"unscored\", // Draft — editable in worktree (on feature branch, pre-merge)\n \"scored\", // Merged — formulation frozen (merged to main)\n \"archived\", // Soft-deleted — preserved in history (git rm)\n] as const;\nexport type BeliefStatus = (typeof BELIEF_STATUSES)[number];\n\n// =============================================================================\n// EDGE ENUMS\n// =============================================================================\n\n/** Reasoning methods — how an edge relationship was determined */\nexport const REASONING_METHODS = [\n \"deductive\", // Logically entailed\n \"inductive\", // Generalized from instances\n \"abductive\", // Best explanation inference\n \"analogical\", // Reasoning by analogy\n \"empirical\", // Direct observation/measurement\n] as const;\nexport type ReasoningMethod = (typeof REASONING_METHODS)[number];\n\n/** Defeat types (Pollock taxonomy) — how a contradiction operates */\nexport const DEFEAT_TYPES = [\n \"rebuts\", // Direct contradiction — reasons for the negation\n \"undercuts\", // Breaks the inference link between evidence and belief\n \"undermines\", // Attacks a premise the belief depends on\n] as const;\nexport type DefeatType = (typeof DEFEAT_TYPES)[number];\n\n/** Contradiction severity levels */\nexport const CONTRADICTION_SEVERITIES = [\n \"low\", // Minor tension, may not require action\n \"medium\", // Moderate conflict, should be investigated\n \"high\", // Significant contradiction, likely needs resolution\n \"critical\", // Blocks progress — must be addressed before judgment\n] as const;\nexport type ContradictionSeverity = (typeof CONTRADICTION_SEVERITIES)[number];\n\n/** Contradiction resolution status */\nexport const CONTRADICTION_STATUSES = [\n \"unresolved\", // Open conflict — may persist indefinitely\n \"resolved\", // Conflict addressed (one belief forked, archived, or confidence adjusted)\n \"accepted\", // Explicitly accepted as irreconcilable — both beliefs maintained\n] as const;\nexport type ContradictionStatus = (typeof CONTRADICTION_STATUSES)[number];\n\n// =============================================================================\n// WORKTREE ENUMS (git worktree lifecycle)\n// =============================================================================\n\n/** Merge outcome types — how a worktree merge resolved */\nexport const MERGE_OUTCOMES = [\n \"validated\", // Beliefs confirmed — clean merge to main\n \"invalidated\", // Defeat recorded — confidence collapsed (merge with revert)\n \"forked\", // Beliefs split into competing versions (fork from merge point)\n \"inconclusive\", // Insufficient evidence — stashed (git stash)\n] as const;\nexport type MergeOutcome = (typeof MERGE_OUTCOMES)[number];\n\n/** Worktree phases — investigation lifecycle within a checked-out worktree */\nexport const WORKTREE_PHASES = [\n \"hypothesis\", // Form testable claims (write the code — commits)\n \"investigation\", // Collect evidence (run the tests — more commits)\n \"evaluation\", // Update credences (review the results — amend as needed)\n \"resolution\", // Determine outcome (merge to main, fork, or stash)\n] as const;\nexport type WorktreePhase = (typeof WORKTREE_PHASES)[number];\n\n// =============================================================================\n// BRANCH ENUMS (git branch lifecycle)\n// =============================================================================\n\n/** Branch status — thematic branch lifecycle */\nexport const BRANCH_STATUSES = [\n \"dormant\", // Branch exists but no active worktree (no one investigating)\n \"active\", // At least one worktree is investigating this branch\n \"archived\", // Branch retired — no longer a relevant thematic container\n] as const;\nexport type BranchStatus = (typeof BRANCH_STATUSES)[number];\n\n// =============================================================================\n// PULL REQUEST ENUMS (git pull request lifecycle)\n// =============================================================================\n\n/** Pull request status — review lifecycle before merge */\nexport const PULL_REQUEST_STATUSES = [\n \"pending_review\", // PR opened — awaiting reviewer feedback\n \"changes_requested\", // Reviewer requests changes before merge\n \"approved\", // Approved — ready to merge\n \"blocked\", // Blocked — cannot merge until contradiction is resolved\n] as const;\nexport type PullRequestStatus = (typeof PULL_REQUEST_STATUSES)[number];\n\n// =============================================================================\n// LAYER ENUMS\n// =============================================================================\n\n/** Epistemic layers — the hierarchy of knowledge */\nexport const EPISTEMIC_LAYERS = [\n \"L1\", // Source — the given (vendored deps)\n \"L2\", // Evidence — the interpreted (test suite)\n \"L3\", // Belief — the structural (source files)\n \"L4\", // Judgment — the committed (release tags)\n] as const;\nexport type EpistemicLayer = (typeof EPISTEMIC_LAYERS)[number];\n\n// =============================================================================\n// JUDGMENT ENUMS (Phase 1: new vocabulary)\n// =============================================================================\n\n/**\n * Judgment type — classification of the determination.\n *\n * Phase 1: These are new enum values for the Judgment (L4) vocabulary.\n * The existing code uses \"Decision\" — these are the forward-looking terms\n * that will eventually replace the Decision vocabulary (Phase 2-3).\n */\nexport const JUDGMENT_TYPES = [\n \"investment_thesis\", // Judgment on an investment opportunity\n \"thesis_maturity\", // Judgment that a thesis is ready for IC presentation\n \"contradiction_ruling\", // Judgment on how to handle an irreconcilable contradiction\n \"scope_determination\", // Judgment that defines or redefines investigation scope\n \"confidence_ruling\", // Judgment that overrides automated confidence for policy reasons\n] as const;\nexport type JudgmentType = (typeof JUDGMENT_TYPES)[number];\n\n// =============================================================================\n// SUPPORT RELATION ENUMS\n// =============================================================================\n\n/** Core edge types used in the Integration Surfaces */\nexport const INTEGRATION_EDGE_TYPES = [\n // Support relations\n \"informs\", // Evidence bears on a belief (weight = direction/strength)\n \"grounds\", // Source provides raw basis for evidence\n \"answers\", // Evidence or belief resolves a question\n // Defeat relations (Pollock) — weight carries direction\n \"contradicts\", // Rebuts — direct contradiction\n \"supports\", // Weight carries valence (negative = weakens/undercuts)\n // Structural relations\n \"depends_on\", // Belief B requires Belief A\n \"derived_from\", // Provenance lineage\n \"contains\", // Hierarchical containment\n \"supersedes\", // New version replaces old (lineage)\n \"tests\", // Question tests a belief\n] as const;\nexport type IntegrationEdgeType = (typeof INTEGRATION_EDGE_TYPES)[number];\n"]}
@@ -0,0 +1,2 @@
1
+ export { AuthContext, LucernSdkClient, McpTransportKind, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SessionAuditEnvelope, SessionAuditOutcome, SessionAuthMode, SessionDelegationHop, SessionLifecycleStatus, SessionPrincipalType, inferSessionPrincipalType, lastDelegator, normalizeDelegationChain } from './auth.contract.js';
2
+ import './convex-admin.contract.js';
@@ -0,0 +1,48 @@
1
+ // src/auth.contract.ts
2
+ var SESSION_AUTH_MODES = [
3
+ "interactive_user",
4
+ "service_principal",
5
+ "tenant_api_key",
6
+ "session_token"
7
+ ];
8
+ var SESSION_PRINCIPAL_TYPES = ["human", "service", "agent"];
9
+ var SESSION_LIFECYCLE_STATUSES = [
10
+ "active",
11
+ "expired",
12
+ "revoked"
13
+ ];
14
+ function inferSessionPrincipalType(principalId) {
15
+ if (principalId.startsWith("user:")) {
16
+ return "human";
17
+ }
18
+ if (principalId.startsWith("agent:")) {
19
+ return "agent";
20
+ }
21
+ return "service";
22
+ }
23
+ function normalizeDelegationChain(args) {
24
+ if (args.delegationChain && args.delegationChain.length > 0) {
25
+ return [...args.delegationChain];
26
+ }
27
+ if (!args.delegatedBy) {
28
+ return;
29
+ }
30
+ return [
31
+ {
32
+ principalId: args.delegatedBy,
33
+ principalType: args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),
34
+ delegatedAt: args.delegatedAt,
35
+ reason: args.reason
36
+ }
37
+ ];
38
+ }
39
+ function lastDelegator(delegationChain) {
40
+ if (!delegationChain || delegationChain.length === 0) {
41
+ return;
42
+ }
43
+ return delegationChain[delegationChain.length - 1]?.principalId;
44
+ }
45
+
46
+ export { SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, inferSessionPrincipalType, lastDelegator, normalizeDelegationChain };
47
+ //# sourceMappingURL=auth-context.contract.js.map
48
+ //# sourceMappingURL=auth-context.contract.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/auth.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,kBAAA,GAAqB;AAAA,EAChC,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B,CAAC,OAAA,EAAS,SAAA,EAAW,OAAO;AAG5D,IAAM,0BAAA,GAA6B;AAAA,EACxC,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AA2CO,SAAS,0BACd,WAAA,EACsB;AACtB,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,EAAG;AACnC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAMF;AACrC,EAAA,IAAI,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,eAAe,CAAA;AAAA,EACjC;AACA,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL;AAAA,MACE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAA,EACE,IAAA,CAAK,eAAA,IAAmB,yBAAA,CAA0B,KAAK,WAAW,CAAA;AAAA,MACpE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,QAAQ,IAAA,CAAK;AAAA;AACf,GACF;AACF;AAEO,SAAS,cACd,eAAA,EACoB;AACpB,EAAA,IAAI,CAAC,eAAA,IAAmB,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AACpD,IAAA;AAAA,EACF;AACA,EAAA,OAAO,eAAA,CAAgB,eAAA,CAAgB,MAAA,GAAS,CAAC,CAAA,EAAG,WAAA;AACtD","file":"auth-context.contract.js","sourcesContent":["/**\n * @lucern/contracts — auth (canonical support contract)\n *\n * Consolidated flat support surface for Lucern authentication:\n * - Session primitives (auth modes, principal types, lifecycle)\n * - AuthContext shape + McpTransportKind + LucernSdkClient alias\n *\n * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts\n * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).\n */\n\n// =============================================================================\n// SESSION PRIMITIVES\n// (Formerly src/auth-session.contract.ts)\n// =============================================================================\n\nexport const SESSION_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const;\nexport type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];\n\nexport const SESSION_PRINCIPAL_TYPES = [\"human\", \"service\", \"agent\"] as const;\nexport type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];\n\nexport const SESSION_LIFECYCLE_STATUSES = [\n \"active\",\n \"expired\",\n \"revoked\",\n] as const;\nexport type SessionLifecycleStatus =\n (typeof SESSION_LIFECYCLE_STATUSES)[number];\n\nexport type SessionDelegationHop = {\n principalId: string;\n principalType: SessionPrincipalType;\n authMode?: SessionAuthMode;\n sessionId?: string;\n delegatedAt?: number;\n reason?: string;\n};\n\nexport type SessionAuditOutcome =\n | \"accepted\"\n | \"rejected\"\n | \"revoked\"\n | \"expired\";\n\nexport type SessionAuditEnvelope = {\n sessionId: string;\n authMode: SessionAuthMode;\n principalId: string;\n principalType: SessionPrincipalType;\n tenantId: string;\n workspaceId?: string;\n apiKeyId?: string;\n scopes: readonly string[];\n roles?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n sourceSessionId?: string;\n expiresAt?: number;\n request?: {\n endpoint?: string;\n method?: string;\n correlationId?: string;\n };\n result?: {\n outcome: SessionAuditOutcome;\n reason?: string;\n };\n};\n\nexport function inferSessionPrincipalType(\n principalId: string\n): SessionPrincipalType {\n if (principalId.startsWith(\"user:\")) {\n return \"human\";\n }\n if (principalId.startsWith(\"agent:\")) {\n return \"agent\";\n }\n return \"service\";\n}\n\nexport function normalizeDelegationChain(args: {\n delegationChain?: readonly SessionDelegationHop[];\n delegatedBy?: string;\n delegatedByType?: SessionPrincipalType;\n delegatedAt?: number;\n reason?: string;\n}): SessionDelegationHop[] | undefined {\n if (args.delegationChain && args.delegationChain.length > 0) {\n return [...args.delegationChain];\n }\n if (!args.delegatedBy) {\n return;\n }\n return [\n {\n principalId: args.delegatedBy,\n principalType:\n args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),\n delegatedAt: args.delegatedAt,\n reason: args.reason,\n },\n ];\n}\n\nexport function lastDelegator(\n delegationChain?: readonly SessionDelegationHop[]\n): string | undefined {\n if (!delegationChain || delegationChain.length === 0) {\n return;\n }\n return delegationChain[delegationChain.length - 1]?.principalId;\n}\n\n// =============================================================================\n// AUTH CONTEXT\n// (Formerly src/auth-context.contract.ts)\n// =============================================================================\n\nimport type { ConvexAdminClient } from \"./convex-admin.contract\";\n\nexport type McpTransportKind = \"stdio\" | \"hosted\";\n\nexport type LucernSdkClient = unknown;\n\n/**\n * Session authentication context — injected by withAuth() middleware.\n *\n * Built from TenantConfig at dispatch time. Agent sessions get\n * AGENT_IDENTITY + \"agent:internal\" role + unrestricted access.\n * User sessions get Clerk userId + resolved role + tool ACLs.\n */\nexport type AuthContext = {\n sessionType: \"agent\" | \"user\";\n userId: string; // AGENT_IDENTITY for agents, Clerk userId for users\n tenantId: string;\n role: string; // \"agent:internal\" | \"platform_admin\" | \"tenant_admin\" | \"editor\" | \"viewer\" | ...\n allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.\n // Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess\n groupIds: string[]; // Groups this user belongs to (empty for agents)\n permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)\n sessionId: string; // S2-13K: MCP process session UUID for audit attribution\n principalId?: string;\n principalType?: SessionPrincipalType;\n workspaceId?: string;\n scopes?: string[];\n authMode?: SessionAuthMode;\n roles?: string[];\n transportKind?: McpTransportKind;\n lucernClient?: LucernSdkClient;\n convex?: ConvexAdminClient;\n setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;\n matchesWorkspaceReasoningScope?: (\n node: unknown,\n scope: unknown\n ) => boolean;\n};\n"]}
@@ -0,0 +1,2 @@
1
+ export { AuthContext, LucernSdkClient, McpTransportKind, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SessionAuditEnvelope, SessionAuditOutcome, SessionAuthMode, SessionDelegationHop, SessionLifecycleStatus, SessionPrincipalType, inferSessionPrincipalType, lastDelegator, normalizeDelegationChain } from './auth.contract.js';
2
+ import './convex-admin.contract.js';
@@ -0,0 +1,48 @@
1
+ // src/auth.contract.ts
2
+ var SESSION_AUTH_MODES = [
3
+ "interactive_user",
4
+ "service_principal",
5
+ "tenant_api_key",
6
+ "session_token"
7
+ ];
8
+ var SESSION_PRINCIPAL_TYPES = ["human", "service", "agent"];
9
+ var SESSION_LIFECYCLE_STATUSES = [
10
+ "active",
11
+ "expired",
12
+ "revoked"
13
+ ];
14
+ function inferSessionPrincipalType(principalId) {
15
+ if (principalId.startsWith("user:")) {
16
+ return "human";
17
+ }
18
+ if (principalId.startsWith("agent:")) {
19
+ return "agent";
20
+ }
21
+ return "service";
22
+ }
23
+ function normalizeDelegationChain(args) {
24
+ if (args.delegationChain && args.delegationChain.length > 0) {
25
+ return [...args.delegationChain];
26
+ }
27
+ if (!args.delegatedBy) {
28
+ return;
29
+ }
30
+ return [
31
+ {
32
+ principalId: args.delegatedBy,
33
+ principalType: args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),
34
+ delegatedAt: args.delegatedAt,
35
+ reason: args.reason
36
+ }
37
+ ];
38
+ }
39
+ function lastDelegator(delegationChain) {
40
+ if (!delegationChain || delegationChain.length === 0) {
41
+ return;
42
+ }
43
+ return delegationChain[delegationChain.length - 1]?.principalId;
44
+ }
45
+
46
+ export { SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, inferSessionPrincipalType, lastDelegator, normalizeDelegationChain };
47
+ //# sourceMappingURL=auth-session.contract.js.map
48
+ //# sourceMappingURL=auth-session.contract.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/auth.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,kBAAA,GAAqB;AAAA,EAChC,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B,CAAC,OAAA,EAAS,SAAA,EAAW,OAAO;AAG5D,IAAM,0BAAA,GAA6B;AAAA,EACxC,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AA2CO,SAAS,0BACd,WAAA,EACsB;AACtB,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,EAAG;AACnC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAMF;AACrC,EAAA,IAAI,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,eAAe,CAAA;AAAA,EACjC;AACA,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL;AAAA,MACE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAA,EACE,IAAA,CAAK,eAAA,IAAmB,yBAAA,CAA0B,KAAK,WAAW,CAAA;AAAA,MACpE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,QAAQ,IAAA,CAAK;AAAA;AACf,GACF;AACF;AAEO,SAAS,cACd,eAAA,EACoB;AACpB,EAAA,IAAI,CAAC,eAAA,IAAmB,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AACpD,IAAA;AAAA,EACF;AACA,EAAA,OAAO,eAAA,CAAgB,eAAA,CAAgB,MAAA,GAAS,CAAC,CAAA,EAAG,WAAA;AACtD","file":"auth-session.contract.js","sourcesContent":["/**\n * @lucern/contracts — auth (canonical support contract)\n *\n * Consolidated flat support surface for Lucern authentication:\n * - Session primitives (auth modes, principal types, lifecycle)\n * - AuthContext shape + McpTransportKind + LucernSdkClient alias\n *\n * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts\n * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).\n */\n\n// =============================================================================\n// SESSION PRIMITIVES\n// (Formerly src/auth-session.contract.ts)\n// =============================================================================\n\nexport const SESSION_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const;\nexport type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];\n\nexport const SESSION_PRINCIPAL_TYPES = [\"human\", \"service\", \"agent\"] as const;\nexport type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];\n\nexport const SESSION_LIFECYCLE_STATUSES = [\n \"active\",\n \"expired\",\n \"revoked\",\n] as const;\nexport type SessionLifecycleStatus =\n (typeof SESSION_LIFECYCLE_STATUSES)[number];\n\nexport type SessionDelegationHop = {\n principalId: string;\n principalType: SessionPrincipalType;\n authMode?: SessionAuthMode;\n sessionId?: string;\n delegatedAt?: number;\n reason?: string;\n};\n\nexport type SessionAuditOutcome =\n | \"accepted\"\n | \"rejected\"\n | \"revoked\"\n | \"expired\";\n\nexport type SessionAuditEnvelope = {\n sessionId: string;\n authMode: SessionAuthMode;\n principalId: string;\n principalType: SessionPrincipalType;\n tenantId: string;\n workspaceId?: string;\n apiKeyId?: string;\n scopes: readonly string[];\n roles?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n sourceSessionId?: string;\n expiresAt?: number;\n request?: {\n endpoint?: string;\n method?: string;\n correlationId?: string;\n };\n result?: {\n outcome: SessionAuditOutcome;\n reason?: string;\n };\n};\n\nexport function inferSessionPrincipalType(\n principalId: string\n): SessionPrincipalType {\n if (principalId.startsWith(\"user:\")) {\n return \"human\";\n }\n if (principalId.startsWith(\"agent:\")) {\n return \"agent\";\n }\n return \"service\";\n}\n\nexport function normalizeDelegationChain(args: {\n delegationChain?: readonly SessionDelegationHop[];\n delegatedBy?: string;\n delegatedByType?: SessionPrincipalType;\n delegatedAt?: number;\n reason?: string;\n}): SessionDelegationHop[] | undefined {\n if (args.delegationChain && args.delegationChain.length > 0) {\n return [...args.delegationChain];\n }\n if (!args.delegatedBy) {\n return;\n }\n return [\n {\n principalId: args.delegatedBy,\n principalType:\n args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),\n delegatedAt: args.delegatedAt,\n reason: args.reason,\n },\n ];\n}\n\nexport function lastDelegator(\n delegationChain?: readonly SessionDelegationHop[]\n): string | undefined {\n if (!delegationChain || delegationChain.length === 0) {\n return;\n }\n return delegationChain[delegationChain.length - 1]?.principalId;\n}\n\n// =============================================================================\n// AUTH CONTEXT\n// (Formerly src/auth-context.contract.ts)\n// =============================================================================\n\nimport type { ConvexAdminClient } from \"./convex-admin.contract\";\n\nexport type McpTransportKind = \"stdio\" | \"hosted\";\n\nexport type LucernSdkClient = unknown;\n\n/**\n * Session authentication context — injected by withAuth() middleware.\n *\n * Built from TenantConfig at dispatch time. Agent sessions get\n * AGENT_IDENTITY + \"agent:internal\" role + unrestricted access.\n * User sessions get Clerk userId + resolved role + tool ACLs.\n */\nexport type AuthContext = {\n sessionType: \"agent\" | \"user\";\n userId: string; // AGENT_IDENTITY for agents, Clerk userId for users\n tenantId: string;\n role: string; // \"agent:internal\" | \"platform_admin\" | \"tenant_admin\" | \"editor\" | \"viewer\" | ...\n allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.\n // Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess\n groupIds: string[]; // Groups this user belongs to (empty for agents)\n permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)\n sessionId: string; // S2-13K: MCP process session UUID for audit attribution\n principalId?: string;\n principalType?: SessionPrincipalType;\n workspaceId?: string;\n scopes?: string[];\n authMode?: SessionAuthMode;\n roles?: string[];\n transportKind?: McpTransportKind;\n lucernClient?: LucernSdkClient;\n convex?: ConvexAdminClient;\n setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;\n matchesWorkspaceReasoningScope?: (\n node: unknown,\n scope: unknown\n ) => boolean;\n};\n"]}
@@ -0,0 +1,92 @@
1
+ import { ConvexAdminClient } from './convex-admin.contract.js';
2
+
3
+ /**
4
+ * @lucern/contracts — auth (canonical support contract)
5
+ *
6
+ * Consolidated flat support surface for Lucern authentication:
7
+ * - Session primitives (auth modes, principal types, lifecycle)
8
+ * - AuthContext shape + McpTransportKind + LucernSdkClient alias
9
+ *
10
+ * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts
11
+ * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).
12
+ */
13
+ declare const SESSION_AUTH_MODES: readonly ["interactive_user", "service_principal", "tenant_api_key", "session_token"];
14
+ type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];
15
+ declare const SESSION_PRINCIPAL_TYPES: readonly ["human", "service", "agent"];
16
+ type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];
17
+ declare const SESSION_LIFECYCLE_STATUSES: readonly ["active", "expired", "revoked"];
18
+ type SessionLifecycleStatus = (typeof SESSION_LIFECYCLE_STATUSES)[number];
19
+ type SessionDelegationHop = {
20
+ principalId: string;
21
+ principalType: SessionPrincipalType;
22
+ authMode?: SessionAuthMode;
23
+ sessionId?: string;
24
+ delegatedAt?: number;
25
+ reason?: string;
26
+ };
27
+ type SessionAuditOutcome = "accepted" | "rejected" | "revoked" | "expired";
28
+ type SessionAuditEnvelope = {
29
+ sessionId: string;
30
+ authMode: SessionAuthMode;
31
+ principalId: string;
32
+ principalType: SessionPrincipalType;
33
+ tenantId: string;
34
+ workspaceId?: string;
35
+ apiKeyId?: string;
36
+ scopes: readonly string[];
37
+ roles?: readonly string[];
38
+ delegationChain?: readonly SessionDelegationHop[];
39
+ sourceSessionId?: string;
40
+ expiresAt?: number;
41
+ request?: {
42
+ endpoint?: string;
43
+ method?: string;
44
+ correlationId?: string;
45
+ };
46
+ result?: {
47
+ outcome: SessionAuditOutcome;
48
+ reason?: string;
49
+ };
50
+ };
51
+ declare function inferSessionPrincipalType(principalId: string): SessionPrincipalType;
52
+ declare function normalizeDelegationChain(args: {
53
+ delegationChain?: readonly SessionDelegationHop[];
54
+ delegatedBy?: string;
55
+ delegatedByType?: SessionPrincipalType;
56
+ delegatedAt?: number;
57
+ reason?: string;
58
+ }): SessionDelegationHop[] | undefined;
59
+ declare function lastDelegator(delegationChain?: readonly SessionDelegationHop[]): string | undefined;
60
+
61
+ type McpTransportKind = "stdio" | "hosted";
62
+ type LucernSdkClient = unknown;
63
+ /**
64
+ * Session authentication context — injected by withAuth() middleware.
65
+ *
66
+ * Built from TenantConfig at dispatch time. Agent sessions get
67
+ * AGENT_IDENTITY + "agent:internal" role + unrestricted access.
68
+ * User sessions get Clerk userId + resolved role + tool ACLs.
69
+ */
70
+ type AuthContext = {
71
+ sessionType: "agent" | "user";
72
+ userId: string;
73
+ tenantId: string;
74
+ role: string;
75
+ allowedTopics: string[] | null;
76
+ groupIds: string[];
77
+ permittedPackKeys: string[];
78
+ sessionId: string;
79
+ principalId?: string;
80
+ principalType?: SessionPrincipalType;
81
+ workspaceId?: string;
82
+ scopes?: string[];
83
+ authMode?: SessionAuthMode;
84
+ roles?: string[];
85
+ transportKind?: McpTransportKind;
86
+ lucernClient?: LucernSdkClient;
87
+ convex?: ConvexAdminClient;
88
+ setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;
89
+ matchesWorkspaceReasoningScope?: (node: unknown, scope: unknown) => boolean;
90
+ };
91
+
92
+ export { type AuthContext, type LucernSdkClient, type McpTransportKind, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, type SessionAuditEnvelope, type SessionAuditOutcome, type SessionAuthMode, type SessionDelegationHop, type SessionLifecycleStatus, type SessionPrincipalType, inferSessionPrincipalType, lastDelegator, normalizeDelegationChain };
@@ -0,0 +1,48 @@
1
+ // src/auth.contract.ts
2
+ var SESSION_AUTH_MODES = [
3
+ "interactive_user",
4
+ "service_principal",
5
+ "tenant_api_key",
6
+ "session_token"
7
+ ];
8
+ var SESSION_PRINCIPAL_TYPES = ["human", "service", "agent"];
9
+ var SESSION_LIFECYCLE_STATUSES = [
10
+ "active",
11
+ "expired",
12
+ "revoked"
13
+ ];
14
+ function inferSessionPrincipalType(principalId) {
15
+ if (principalId.startsWith("user:")) {
16
+ return "human";
17
+ }
18
+ if (principalId.startsWith("agent:")) {
19
+ return "agent";
20
+ }
21
+ return "service";
22
+ }
23
+ function normalizeDelegationChain(args) {
24
+ if (args.delegationChain && args.delegationChain.length > 0) {
25
+ return [...args.delegationChain];
26
+ }
27
+ if (!args.delegatedBy) {
28
+ return;
29
+ }
30
+ return [
31
+ {
32
+ principalId: args.delegatedBy,
33
+ principalType: args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),
34
+ delegatedAt: args.delegatedAt,
35
+ reason: args.reason
36
+ }
37
+ ];
38
+ }
39
+ function lastDelegator(delegationChain) {
40
+ if (!delegationChain || delegationChain.length === 0) {
41
+ return;
42
+ }
43
+ return delegationChain[delegationChain.length - 1]?.principalId;
44
+ }
45
+
46
+ export { SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, inferSessionPrincipalType, lastDelegator, normalizeDelegationChain };
47
+ //# sourceMappingURL=auth.contract.js.map
48
+ //# sourceMappingURL=auth.contract.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/auth.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,kBAAA,GAAqB;AAAA,EAChC,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B,CAAC,OAAA,EAAS,SAAA,EAAW,OAAO;AAG5D,IAAM,0BAAA,GAA6B;AAAA,EACxC,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AA2CO,SAAS,0BACd,WAAA,EACsB;AACtB,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,EAAG;AACnC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAMF;AACrC,EAAA,IAAI,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,eAAe,CAAA;AAAA,EACjC;AACA,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL;AAAA,MACE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAA,EACE,IAAA,CAAK,eAAA,IAAmB,yBAAA,CAA0B,KAAK,WAAW,CAAA;AAAA,MACpE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,QAAQ,IAAA,CAAK;AAAA;AACf,GACF;AACF;AAEO,SAAS,cACd,eAAA,EACoB;AACpB,EAAA,IAAI,CAAC,eAAA,IAAmB,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AACpD,IAAA;AAAA,EACF;AACA,EAAA,OAAO,eAAA,CAAgB,eAAA,CAAgB,MAAA,GAAS,CAAC,CAAA,EAAG,WAAA;AACtD","file":"auth.contract.js","sourcesContent":["/**\n * @lucern/contracts — auth (canonical support contract)\n *\n * Consolidated flat support surface for Lucern authentication:\n * - Session primitives (auth modes, principal types, lifecycle)\n * - AuthContext shape + McpTransportKind + LucernSdkClient alias\n *\n * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts\n * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).\n */\n\n// =============================================================================\n// SESSION PRIMITIVES\n// (Formerly src/auth-session.contract.ts)\n// =============================================================================\n\nexport const SESSION_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const;\nexport type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];\n\nexport const SESSION_PRINCIPAL_TYPES = [\"human\", \"service\", \"agent\"] as const;\nexport type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];\n\nexport const SESSION_LIFECYCLE_STATUSES = [\n \"active\",\n \"expired\",\n \"revoked\",\n] as const;\nexport type SessionLifecycleStatus =\n (typeof SESSION_LIFECYCLE_STATUSES)[number];\n\nexport type SessionDelegationHop = {\n principalId: string;\n principalType: SessionPrincipalType;\n authMode?: SessionAuthMode;\n sessionId?: string;\n delegatedAt?: number;\n reason?: string;\n};\n\nexport type SessionAuditOutcome =\n | \"accepted\"\n | \"rejected\"\n | \"revoked\"\n | \"expired\";\n\nexport type SessionAuditEnvelope = {\n sessionId: string;\n authMode: SessionAuthMode;\n principalId: string;\n principalType: SessionPrincipalType;\n tenantId: string;\n workspaceId?: string;\n apiKeyId?: string;\n scopes: readonly string[];\n roles?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n sourceSessionId?: string;\n expiresAt?: number;\n request?: {\n endpoint?: string;\n method?: string;\n correlationId?: string;\n };\n result?: {\n outcome: SessionAuditOutcome;\n reason?: string;\n };\n};\n\nexport function inferSessionPrincipalType(\n principalId: string\n): SessionPrincipalType {\n if (principalId.startsWith(\"user:\")) {\n return \"human\";\n }\n if (principalId.startsWith(\"agent:\")) {\n return \"agent\";\n }\n return \"service\";\n}\n\nexport function normalizeDelegationChain(args: {\n delegationChain?: readonly SessionDelegationHop[];\n delegatedBy?: string;\n delegatedByType?: SessionPrincipalType;\n delegatedAt?: number;\n reason?: string;\n}): SessionDelegationHop[] | undefined {\n if (args.delegationChain && args.delegationChain.length > 0) {\n return [...args.delegationChain];\n }\n if (!args.delegatedBy) {\n return;\n }\n return [\n {\n principalId: args.delegatedBy,\n principalType:\n args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),\n delegatedAt: args.delegatedAt,\n reason: args.reason,\n },\n ];\n}\n\nexport function lastDelegator(\n delegationChain?: readonly SessionDelegationHop[]\n): string | undefined {\n if (!delegationChain || delegationChain.length === 0) {\n return;\n }\n return delegationChain[delegationChain.length - 1]?.principalId;\n}\n\n// =============================================================================\n// AUTH CONTEXT\n// (Formerly src/auth-context.contract.ts)\n// =============================================================================\n\nimport type { ConvexAdminClient } from \"./convex-admin.contract\";\n\nexport type McpTransportKind = \"stdio\" | \"hosted\";\n\nexport type LucernSdkClient = unknown;\n\n/**\n * Session authentication context — injected by withAuth() middleware.\n *\n * Built from TenantConfig at dispatch time. Agent sessions get\n * AGENT_IDENTITY + \"agent:internal\" role + unrestricted access.\n * User sessions get Clerk userId + resolved role + tool ACLs.\n */\nexport type AuthContext = {\n sessionType: \"agent\" | \"user\";\n userId: string; // AGENT_IDENTITY for agents, Clerk userId for users\n tenantId: string;\n role: string; // \"agent:internal\" | \"platform_admin\" | \"tenant_admin\" | \"editor\" | \"viewer\" | ...\n allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.\n // Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess\n groupIds: string[]; // Groups this user belongs to (empty for agents)\n permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)\n sessionId: string; // S2-13K: MCP process session UUID for audit attribution\n principalId?: string;\n principalType?: SessionPrincipalType;\n workspaceId?: string;\n scopes?: string[];\n authMode?: SessionAuthMode;\n roles?: string[];\n transportKind?: McpTransportKind;\n lucernClient?: LucernSdkClient;\n convex?: ConvexAdminClient;\n setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;\n matchesWorkspaceReasoningScope?: (\n node: unknown,\n scope: unknown\n ) => boolean;\n};\n"]}
@@ -0,0 +1,2 @@
1
+
2
+ export { }
@@ -0,0 +1,3 @@
1
+
2
+ //# sourceMappingURL=v1.js.map
3
+ //# sourceMappingURL=v1.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":[],"names":[],"mappings":"","file":"v1.js"}