@lucern/contracts 0.1.1-alpha.1 → 0.1.2-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -0
- package/README.md +3 -0
- package/dist/agents/v1.d.ts +2 -0
- package/dist/agents/v1.js +3 -0
- package/dist/agents/v1.js.map +1 -0
- package/dist/api-enums.contract.d.ts +60 -0
- package/dist/api-enums.contract.js +174 -0
- package/dist/api-enums.contract.js.map +1 -0
- package/dist/auth-context.contract.d.ts +2 -0
- package/dist/auth-context.contract.js +48 -0
- package/dist/auth-context.contract.js.map +1 -0
- package/dist/auth-session.contract.d.ts +2 -0
- package/dist/auth-session.contract.js +48 -0
- package/dist/auth-session.contract.js.map +1 -0
- package/dist/auth.contract.d.ts +92 -0
- package/dist/auth.contract.js +48 -0
- package/dist/auth.contract.js.map +1 -0
- package/dist/beliefs/v1.d.ts +2 -0
- package/dist/beliefs/v1.js +3 -0
- package/dist/beliefs/v1.js.map +1 -0
- package/dist/context-pack.contract.d.ts +496 -0
- package/dist/context-pack.contract.js +98 -0
- package/dist/context-pack.contract.js.map +1 -0
- package/dist/convex-admin.contract.d.ts +7 -0
- package/dist/convex-admin.contract.js +3 -0
- package/dist/convex-admin.contract.js.map +1 -0
- package/dist/events-types.contract.d.ts +1 -0
- package/dist/events-types.contract.js +136 -0
- package/dist/events-types.contract.js.map +1 -0
- package/dist/events.contract.d.ts +178 -0
- package/dist/events.contract.js +136 -0
- package/dist/events.contract.js.map +1 -0
- package/dist/evidence/v1.d.ts +2 -0
- package/dist/evidence/v1.js +3 -0
- package/dist/evidence/v1.js.map +1 -0
- package/dist/gateway.contract.d.ts +79 -0
- package/dist/gateway.contract.js +12 -0
- package/dist/gateway.contract.js.map +1 -0
- package/dist/graph/v1.d.ts +2 -0
- package/dist/graph/v1.js +3 -0
- package/dist/graph/v1.js.map +1 -0
- package/dist/ids.contract.d.ts +9 -0
- package/{src/ids.contract.ts → dist/ids.contract.js} +10 -17
- package/dist/ids.contract.js.map +1 -0
- package/dist/index.d.ts +15 -2004
- package/dist/index.js +61 -118
- package/dist/index.js.map +1 -0
- package/dist/lens-filter.contract.d.ts +72 -0
- package/dist/lens-filter.contract.js +71 -0
- package/dist/lens-filter.contract.js.map +1 -0
- package/dist/lens-workflow.contract.d.ts +87 -0
- package/dist/lens-workflow.contract.js +123 -0
- package/dist/lens-workflow.contract.js.map +1 -0
- package/dist/mcp-tools.contract-D8kXcP6d.d.ts +254 -0
- package/dist/mcp-tools.contract.d.ts +1 -0
- package/dist/mcp-tools.contract.js +3016 -0
- package/dist/mcp-tools.contract.js.map +1 -0
- package/dist/ontologies/v1.d.ts +2 -0
- package/dist/ontologies/v1.js +3 -0
- package/dist/ontologies/v1.js.map +1 -0
- package/dist/ontology-matching.contract.d.ts +1 -0
- package/dist/ontology-matching.contract.js +346 -0
- package/dist/ontology-matching.contract.js.map +1 -0
- package/dist/prompt.contract.d.ts +26 -0
- package/dist/prompt.contract.js +12 -0
- package/dist/prompt.contract.js.map +1 -0
- package/dist/questions/v1.d.ts +2 -0
- package/dist/questions/v1.js +3 -0
- package/dist/questions/v1.js.map +1 -0
- package/dist/sdk-methods.contract.d.ts +376 -0
- package/dist/sdk-methods.contract.js +3 -0
- package/dist/sdk-methods.contract.js.map +1 -0
- package/dist/sdk-tools.contract-BnV0hKLp.d.ts +150 -0
- package/dist/sdk-tools.contract.d.ts +2 -0
- package/dist/sdk-tools.contract.js +4252 -0
- package/dist/sdk-tools.contract.js.map +1 -0
- package/dist/text-matching.contract.d.ts +55 -0
- package/{src/text-matching.contract.ts → dist/text-matching.contract.js} +36 -137
- package/dist/text-matching.contract.js.map +1 -0
- package/dist/topic-scope.contract.d.ts +1 -0
- package/{src/v1/topics/v1.ts → dist/topic-scope.contract.js} +13 -38
- package/dist/topic-scope.contract.js.map +1 -0
- package/dist/topics/v1.d.ts +2 -0
- package/dist/topics/v1.js +3 -0
- package/dist/topics/v1.js.map +1 -0
- package/dist/v1/agents/v1.d.ts +2 -0
- package/dist/v1/agents/v1.js +3 -0
- package/dist/v1/agents/v1.js.map +1 -0
- package/dist/v1/beliefs/v1.d.ts +2 -0
- package/dist/v1/beliefs/v1.js +3 -0
- package/dist/v1/beliefs/v1.js.map +1 -0
- package/dist/v1/evidence/v1.d.ts +2 -0
- package/dist/v1/evidence/v1.js +3 -0
- package/dist/v1/evidence/v1.js.map +1 -0
- package/dist/v1/graph/v1.d.ts +2 -0
- package/dist/v1/graph/v1.js +3 -0
- package/dist/v1/graph/v1.js.map +1 -0
- package/dist/v1/ontologies/v1.d.ts +78 -0
- package/dist/v1/ontologies/v1.js +346 -0
- package/dist/v1/ontologies/v1.js.map +1 -0
- package/dist/v1/questions/v1.d.ts +2 -0
- package/dist/v1/questions/v1.js +3 -0
- package/dist/v1/questions/v1.js.map +1 -0
- package/dist/v1/topics/v1.d.ts +21 -0
- package/dist/v1/topics/v1.js +54 -0
- package/dist/v1/topics/v1.js.map +1 -0
- package/dist/v1/worktrees/v1.d.ts +2 -0
- package/dist/v1/worktrees/v1.js +3 -0
- package/dist/v1/worktrees/v1.js.map +1 -0
- package/dist/workflow-runtime.contract.d.ts +163 -0
- package/dist/workflow-runtime.contract.js +245 -0
- package/dist/workflow-runtime.contract.js.map +1 -0
- package/dist/worktrees/v1.d.ts +2 -0
- package/dist/worktrees/v1.js +3 -0
- package/dist/worktrees/v1.js.map +1 -0
- package/package.json +23 -7
- package/src/agents/v1.ts +0 -8
- package/src/api-enums.contract.ts +0 -183
- package/src/auth-context.contract.ts +0 -9
- package/src/auth-session.contract.ts +0 -9
- package/src/auth.contract.ts +0 -162
- package/src/beliefs/v1.ts +0 -8
- package/src/context-pack.contract.ts +0 -704
- package/src/convex-admin.contract.ts +0 -14
- package/src/events-types.contract.ts +0 -9
- package/src/events.contract.ts +0 -376
- package/src/evidence/v1.ts +0 -8
- package/src/gateway.contract.ts +0 -151
- package/src/graph/v1.ts +0 -8
- package/src/index.ts +0 -30
- package/src/lens-filter.contract.ts +0 -183
- package/src/lens-workflow.contract.ts +0 -162
- package/src/mcp-tools.contract.ts +0 -3636
- package/src/ontologies/v1.ts +0 -8
- package/src/ontology-matching.contract.ts +0 -9
- package/src/prompt.contract.ts +0 -50
- package/src/questions/v1.ts +0 -8
- package/src/sdk-methods.contract.ts +0 -522
- package/src/sdk-tools.contract.ts +0 -1545
- package/src/topic-scope.contract.ts +0 -9
- package/src/topics/v1.ts +0 -8
- package/src/v1/agents/v1.ts +0 -8
- package/src/v1/beliefs/v1.ts +0 -8
- package/src/v1/evidence/v1.ts +0 -8
- package/src/v1/graph/v1.ts +0 -8
- package/src/v1/ontologies/v1.ts +0 -276
- package/src/v1/questions/v1.ts +0 -8
- package/src/v1/worktrees/v1.ts +0 -8
- package/src/workflow-runtime.contract.ts +0 -440
- package/src/worktrees/v1.ts +0 -8
- package/tsconfig.json +0 -9
|
@@ -1,183 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* API Enum Contract Definitions
|
|
3
|
-
*
|
|
4
|
-
* Canonical enum values for all API-facing enumerations.
|
|
5
|
-
* These are co-equal with MCP contracts as external contracts.
|
|
6
|
-
* SDK types are DERIVED from these — not independently authored.
|
|
7
|
-
*
|
|
8
|
-
* CONTRACT SURFACE: Adding a new enum value is additive (non-breaking).
|
|
9
|
-
* Removing or renaming an existing value is a BREAKING CHANGE.
|
|
10
|
-
*/
|
|
11
|
-
|
|
12
|
-
// =============================================================================
|
|
13
|
-
// BELIEF ENUMS
|
|
14
|
-
// =============================================================================
|
|
15
|
-
|
|
16
|
-
/** Fork reasons — why a scored belief was branched */
|
|
17
|
-
export const FORK_REASONS = [
|
|
18
|
-
"refinement", // Belief text evolved based on new understanding
|
|
19
|
-
"contradiction_response", // Created in response to a detected contradiction
|
|
20
|
-
"scope_change", // Belief scope narrowed or broadened
|
|
21
|
-
"confidence_collapse", // Confidence dropped below viability threshold
|
|
22
|
-
"manual", // User-initiated fork without specific trigger
|
|
23
|
-
] as const;
|
|
24
|
-
export type ForkReason = (typeof FORK_REASONS)[number];
|
|
25
|
-
|
|
26
|
-
/** Confidence modulation triggers — what caused a confidence change */
|
|
27
|
-
export const CONFIDENCE_TRIGGERS = [
|
|
28
|
-
"evidence_added", // New evidence bore on the belief
|
|
29
|
-
"contradiction_detected", // A contradiction was flagged involving this belief
|
|
30
|
-
"merge_outcome", // Merge scoring determined this confidence
|
|
31
|
-
"manual", // User manually adjusted confidence
|
|
32
|
-
"decay", // Time-based confidence erosion
|
|
33
|
-
] as const;
|
|
34
|
-
export type ConfidenceTrigger = (typeof CONFIDENCE_TRIGGERS)[number];
|
|
35
|
-
|
|
36
|
-
/** Belief status — lifecycle state */
|
|
37
|
-
export const BELIEF_STATUSES = [
|
|
38
|
-
"unscored", // Draft — editable in worktree (on feature branch, pre-merge)
|
|
39
|
-
"scored", // Merged — formulation frozen (merged to main)
|
|
40
|
-
"archived", // Soft-deleted — preserved in history (git rm)
|
|
41
|
-
] as const;
|
|
42
|
-
export type BeliefStatus = (typeof BELIEF_STATUSES)[number];
|
|
43
|
-
|
|
44
|
-
// =============================================================================
|
|
45
|
-
// EDGE ENUMS
|
|
46
|
-
// =============================================================================
|
|
47
|
-
|
|
48
|
-
/** Reasoning methods — how an edge relationship was determined */
|
|
49
|
-
export const REASONING_METHODS = [
|
|
50
|
-
"deductive", // Logically entailed
|
|
51
|
-
"inductive", // Generalized from instances
|
|
52
|
-
"abductive", // Best explanation inference
|
|
53
|
-
"analogical", // Reasoning by analogy
|
|
54
|
-
"empirical", // Direct observation/measurement
|
|
55
|
-
] as const;
|
|
56
|
-
export type ReasoningMethod = (typeof REASONING_METHODS)[number];
|
|
57
|
-
|
|
58
|
-
/** Defeat types (Pollock taxonomy) — how a contradiction operates */
|
|
59
|
-
export const DEFEAT_TYPES = [
|
|
60
|
-
"rebuts", // Direct contradiction — reasons for the negation
|
|
61
|
-
"undercuts", // Breaks the inference link between evidence and belief
|
|
62
|
-
"undermines", // Attacks a premise the belief depends on
|
|
63
|
-
] as const;
|
|
64
|
-
export type DefeatType = (typeof DEFEAT_TYPES)[number];
|
|
65
|
-
|
|
66
|
-
/** Contradiction severity levels */
|
|
67
|
-
export const CONTRADICTION_SEVERITIES = [
|
|
68
|
-
"low", // Minor tension, may not require action
|
|
69
|
-
"medium", // Moderate conflict, should be investigated
|
|
70
|
-
"high", // Significant contradiction, likely needs resolution
|
|
71
|
-
"critical", // Blocks progress — must be addressed before judgment
|
|
72
|
-
] as const;
|
|
73
|
-
export type ContradictionSeverity = (typeof CONTRADICTION_SEVERITIES)[number];
|
|
74
|
-
|
|
75
|
-
/** Contradiction resolution status */
|
|
76
|
-
export const CONTRADICTION_STATUSES = [
|
|
77
|
-
"unresolved", // Open conflict — may persist indefinitely
|
|
78
|
-
"resolved", // Conflict addressed (one belief forked, archived, or confidence adjusted)
|
|
79
|
-
"accepted", // Explicitly accepted as irreconcilable — both beliefs maintained
|
|
80
|
-
] as const;
|
|
81
|
-
export type ContradictionStatus = (typeof CONTRADICTION_STATUSES)[number];
|
|
82
|
-
|
|
83
|
-
// =============================================================================
|
|
84
|
-
// WORKTREE ENUMS (git worktree lifecycle)
|
|
85
|
-
// =============================================================================
|
|
86
|
-
|
|
87
|
-
/** Merge outcome types — how a worktree merge resolved */
|
|
88
|
-
export const MERGE_OUTCOMES = [
|
|
89
|
-
"validated", // Beliefs confirmed — clean merge to main
|
|
90
|
-
"invalidated", // Defeat recorded — confidence collapsed (merge with revert)
|
|
91
|
-
"forked", // Beliefs split into competing versions (fork from merge point)
|
|
92
|
-
"inconclusive", // Insufficient evidence — stashed (git stash)
|
|
93
|
-
] as const;
|
|
94
|
-
export type MergeOutcome = (typeof MERGE_OUTCOMES)[number];
|
|
95
|
-
|
|
96
|
-
/** Worktree phases — investigation lifecycle within a checked-out worktree */
|
|
97
|
-
export const WORKTREE_PHASES = [
|
|
98
|
-
"hypothesis", // Form testable claims (write the code — commits)
|
|
99
|
-
"investigation", // Collect evidence (run the tests — more commits)
|
|
100
|
-
"evaluation", // Update credences (review the results — amend as needed)
|
|
101
|
-
"resolution", // Determine outcome (merge to main, fork, or stash)
|
|
102
|
-
] as const;
|
|
103
|
-
export type WorktreePhase = (typeof WORKTREE_PHASES)[number];
|
|
104
|
-
|
|
105
|
-
// =============================================================================
|
|
106
|
-
// BRANCH ENUMS (git branch lifecycle)
|
|
107
|
-
// =============================================================================
|
|
108
|
-
|
|
109
|
-
/** Branch status — thematic branch lifecycle */
|
|
110
|
-
export const BRANCH_STATUSES = [
|
|
111
|
-
"dormant", // Branch exists but no active worktree (no one investigating)
|
|
112
|
-
"active", // At least one worktree is investigating this branch
|
|
113
|
-
"archived", // Branch retired — no longer a relevant thematic container
|
|
114
|
-
] as const;
|
|
115
|
-
export type BranchStatus = (typeof BRANCH_STATUSES)[number];
|
|
116
|
-
|
|
117
|
-
// =============================================================================
|
|
118
|
-
// PULL REQUEST ENUMS (git pull request lifecycle)
|
|
119
|
-
// =============================================================================
|
|
120
|
-
|
|
121
|
-
/** Pull request status — review lifecycle before merge */
|
|
122
|
-
export const PULL_REQUEST_STATUSES = [
|
|
123
|
-
"pending_review", // PR opened — awaiting reviewer feedback
|
|
124
|
-
"changes_requested", // Reviewer requests changes before merge
|
|
125
|
-
"approved", // Approved — ready to merge
|
|
126
|
-
"blocked", // Blocked — cannot merge until contradiction is resolved
|
|
127
|
-
] as const;
|
|
128
|
-
export type PullRequestStatus = (typeof PULL_REQUEST_STATUSES)[number];
|
|
129
|
-
|
|
130
|
-
// =============================================================================
|
|
131
|
-
// LAYER ENUMS
|
|
132
|
-
// =============================================================================
|
|
133
|
-
|
|
134
|
-
/** Epistemic layers — the hierarchy of knowledge */
|
|
135
|
-
export const EPISTEMIC_LAYERS = [
|
|
136
|
-
"L1", // Source — the given (vendored deps)
|
|
137
|
-
"L2", // Evidence — the interpreted (test suite)
|
|
138
|
-
"L3", // Belief — the structural (source files)
|
|
139
|
-
"L4", // Judgment — the committed (release tags)
|
|
140
|
-
] as const;
|
|
141
|
-
export type EpistemicLayer = (typeof EPISTEMIC_LAYERS)[number];
|
|
142
|
-
|
|
143
|
-
// =============================================================================
|
|
144
|
-
// JUDGMENT ENUMS (Phase 1: new vocabulary)
|
|
145
|
-
// =============================================================================
|
|
146
|
-
|
|
147
|
-
/**
|
|
148
|
-
* Judgment type — classification of the determination.
|
|
149
|
-
*
|
|
150
|
-
* Phase 1: These are new enum values for the Judgment (L4) vocabulary.
|
|
151
|
-
* The existing code uses "Decision" — these are the forward-looking terms
|
|
152
|
-
* that will eventually replace the Decision vocabulary (Phase 2-3).
|
|
153
|
-
*/
|
|
154
|
-
export const JUDGMENT_TYPES = [
|
|
155
|
-
"investment_thesis", // Judgment on an investment opportunity
|
|
156
|
-
"thesis_maturity", // Judgment that a thesis is ready for IC presentation
|
|
157
|
-
"contradiction_ruling", // Judgment on how to handle an irreconcilable contradiction
|
|
158
|
-
"scope_determination", // Judgment that defines or redefines investigation scope
|
|
159
|
-
"confidence_ruling", // Judgment that overrides automated confidence for policy reasons
|
|
160
|
-
] as const;
|
|
161
|
-
export type JudgmentType = (typeof JUDGMENT_TYPES)[number];
|
|
162
|
-
|
|
163
|
-
// =============================================================================
|
|
164
|
-
// SUPPORT RELATION ENUMS
|
|
165
|
-
// =============================================================================
|
|
166
|
-
|
|
167
|
-
/** Core edge types used in the Integration Surfaces */
|
|
168
|
-
export const INTEGRATION_EDGE_TYPES = [
|
|
169
|
-
// Support relations
|
|
170
|
-
"informs", // Evidence bears on a belief (weight = direction/strength)
|
|
171
|
-
"grounds", // Source provides raw basis for evidence
|
|
172
|
-
"answers", // Evidence or belief resolves a question
|
|
173
|
-
// Defeat relations (Pollock) — weight carries direction
|
|
174
|
-
"contradicts", // Rebuts — direct contradiction
|
|
175
|
-
"supports", // Weight carries valence (negative = weakens/undercuts)
|
|
176
|
-
// Structural relations
|
|
177
|
-
"depends_on", // Belief B requires Belief A
|
|
178
|
-
"derived_from", // Provenance lineage
|
|
179
|
-
"contains", // Hierarchical containment
|
|
180
|
-
"supersedes", // New version replaces old (lineage)
|
|
181
|
-
"tests", // Question tests a belief
|
|
182
|
-
] as const;
|
|
183
|
-
export type IntegrationEdgeType = (typeof INTEGRATION_EDGE_TYPES)[number];
|
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* @lucern/contracts — auth-context compat shim
|
|
3
|
-
*
|
|
4
|
-
* This file consolidated into ./auth.contract.ts during EK-16 T1 PR 3a.
|
|
5
|
-
* Retained here until the Lucern 1.0.0 barrel-sunset cut (D12).
|
|
6
|
-
* New code should import from "@lucern/contracts" (barrel) or "./auth.contract".
|
|
7
|
-
*/
|
|
8
|
-
|
|
9
|
-
export * from "./auth.contract";
|
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* @lucern/contracts — auth-session compat shim
|
|
3
|
-
*
|
|
4
|
-
* This file consolidated into ./auth.contract.ts during EK-16 T1 PR 3a.
|
|
5
|
-
* Retained here until the Lucern 1.0.0 barrel-sunset cut (D12).
|
|
6
|
-
* New code should import from "@lucern/contracts" (barrel) or "./auth.contract".
|
|
7
|
-
*/
|
|
8
|
-
|
|
9
|
-
export * from "./auth.contract";
|
package/src/auth.contract.ts
DELETED
|
@@ -1,162 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* @lucern/contracts — auth (canonical support contract)
|
|
3
|
-
*
|
|
4
|
-
* Consolidated flat support surface for Lucern authentication:
|
|
5
|
-
* - Session primitives (auth modes, principal types, lifecycle)
|
|
6
|
-
* - AuthContext shape + McpTransportKind + LucernSdkClient alias
|
|
7
|
-
*
|
|
8
|
-
* Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts
|
|
9
|
-
* in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).
|
|
10
|
-
*/
|
|
11
|
-
|
|
12
|
-
// =============================================================================
|
|
13
|
-
// SESSION PRIMITIVES
|
|
14
|
-
// (Formerly src/auth-session.contract.ts)
|
|
15
|
-
// =============================================================================
|
|
16
|
-
|
|
17
|
-
export const SESSION_AUTH_MODES = [
|
|
18
|
-
"interactive_user",
|
|
19
|
-
"service_principal",
|
|
20
|
-
"tenant_api_key",
|
|
21
|
-
"session_token",
|
|
22
|
-
] as const;
|
|
23
|
-
export type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];
|
|
24
|
-
|
|
25
|
-
export const SESSION_PRINCIPAL_TYPES = ["human", "service", "agent"] as const;
|
|
26
|
-
export type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];
|
|
27
|
-
|
|
28
|
-
export const SESSION_LIFECYCLE_STATUSES = [
|
|
29
|
-
"active",
|
|
30
|
-
"expired",
|
|
31
|
-
"revoked",
|
|
32
|
-
] as const;
|
|
33
|
-
export type SessionLifecycleStatus =
|
|
34
|
-
(typeof SESSION_LIFECYCLE_STATUSES)[number];
|
|
35
|
-
|
|
36
|
-
export type SessionDelegationHop = {
|
|
37
|
-
principalId: string;
|
|
38
|
-
principalType: SessionPrincipalType;
|
|
39
|
-
authMode?: SessionAuthMode;
|
|
40
|
-
sessionId?: string;
|
|
41
|
-
delegatedAt?: number;
|
|
42
|
-
reason?: string;
|
|
43
|
-
};
|
|
44
|
-
|
|
45
|
-
export type SessionAuditOutcome =
|
|
46
|
-
| "accepted"
|
|
47
|
-
| "rejected"
|
|
48
|
-
| "revoked"
|
|
49
|
-
| "expired";
|
|
50
|
-
|
|
51
|
-
export type SessionAuditEnvelope = {
|
|
52
|
-
sessionId: string;
|
|
53
|
-
authMode: SessionAuthMode;
|
|
54
|
-
principalId: string;
|
|
55
|
-
principalType: SessionPrincipalType;
|
|
56
|
-
tenantId: string;
|
|
57
|
-
workspaceId?: string;
|
|
58
|
-
apiKeyId?: string;
|
|
59
|
-
scopes: readonly string[];
|
|
60
|
-
roles?: readonly string[];
|
|
61
|
-
delegationChain?: readonly SessionDelegationHop[];
|
|
62
|
-
sourceSessionId?: string;
|
|
63
|
-
expiresAt?: number;
|
|
64
|
-
request?: {
|
|
65
|
-
endpoint?: string;
|
|
66
|
-
method?: string;
|
|
67
|
-
correlationId?: string;
|
|
68
|
-
};
|
|
69
|
-
result?: {
|
|
70
|
-
outcome: SessionAuditOutcome;
|
|
71
|
-
reason?: string;
|
|
72
|
-
};
|
|
73
|
-
};
|
|
74
|
-
|
|
75
|
-
export function inferSessionPrincipalType(
|
|
76
|
-
principalId: string
|
|
77
|
-
): SessionPrincipalType {
|
|
78
|
-
if (principalId.startsWith("user:")) {
|
|
79
|
-
return "human";
|
|
80
|
-
}
|
|
81
|
-
if (principalId.startsWith("agent:")) {
|
|
82
|
-
return "agent";
|
|
83
|
-
}
|
|
84
|
-
return "service";
|
|
85
|
-
}
|
|
86
|
-
|
|
87
|
-
export function normalizeDelegationChain(args: {
|
|
88
|
-
delegationChain?: readonly SessionDelegationHop[];
|
|
89
|
-
delegatedBy?: string;
|
|
90
|
-
delegatedByType?: SessionPrincipalType;
|
|
91
|
-
delegatedAt?: number;
|
|
92
|
-
reason?: string;
|
|
93
|
-
}): SessionDelegationHop[] | undefined {
|
|
94
|
-
if (args.delegationChain && args.delegationChain.length > 0) {
|
|
95
|
-
return [...args.delegationChain];
|
|
96
|
-
}
|
|
97
|
-
if (!args.delegatedBy) {
|
|
98
|
-
return;
|
|
99
|
-
}
|
|
100
|
-
return [
|
|
101
|
-
{
|
|
102
|
-
principalId: args.delegatedBy,
|
|
103
|
-
principalType:
|
|
104
|
-
args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),
|
|
105
|
-
delegatedAt: args.delegatedAt,
|
|
106
|
-
reason: args.reason,
|
|
107
|
-
},
|
|
108
|
-
];
|
|
109
|
-
}
|
|
110
|
-
|
|
111
|
-
export function lastDelegator(
|
|
112
|
-
delegationChain?: readonly SessionDelegationHop[]
|
|
113
|
-
): string | undefined {
|
|
114
|
-
if (!delegationChain || delegationChain.length === 0) {
|
|
115
|
-
return;
|
|
116
|
-
}
|
|
117
|
-
return delegationChain[delegationChain.length - 1]?.principalId;
|
|
118
|
-
}
|
|
119
|
-
|
|
120
|
-
// =============================================================================
|
|
121
|
-
// AUTH CONTEXT
|
|
122
|
-
// (Formerly src/auth-context.contract.ts)
|
|
123
|
-
// =============================================================================
|
|
124
|
-
|
|
125
|
-
import type { ConvexAdminClient } from "./convex-admin.contract";
|
|
126
|
-
|
|
127
|
-
export type McpTransportKind = "stdio" | "hosted";
|
|
128
|
-
|
|
129
|
-
export type LucernSdkClient = unknown;
|
|
130
|
-
|
|
131
|
-
/**
|
|
132
|
-
* Session authentication context — injected by withAuth() middleware.
|
|
133
|
-
*
|
|
134
|
-
* Built from TenantConfig at dispatch time. Agent sessions get
|
|
135
|
-
* AGENT_IDENTITY + "agent:internal" role + unrestricted access.
|
|
136
|
-
* User sessions get Clerk userId + resolved role + tool ACLs.
|
|
137
|
-
*/
|
|
138
|
-
export type AuthContext = {
|
|
139
|
-
sessionType: "agent" | "user";
|
|
140
|
-
userId: string; // AGENT_IDENTITY for agents, Clerk userId for users
|
|
141
|
-
tenantId: string;
|
|
142
|
-
role: string; // "agent:internal" | "platform_admin" | "tenant_admin" | "editor" | "viewer" | ...
|
|
143
|
-
allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.
|
|
144
|
-
// Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess
|
|
145
|
-
groupIds: string[]; // Groups this user belongs to (empty for agents)
|
|
146
|
-
permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)
|
|
147
|
-
sessionId: string; // S2-13K: MCP process session UUID for audit attribution
|
|
148
|
-
principalId?: string;
|
|
149
|
-
principalType?: SessionPrincipalType;
|
|
150
|
-
workspaceId?: string;
|
|
151
|
-
scopes?: string[];
|
|
152
|
-
authMode?: SessionAuthMode;
|
|
153
|
-
roles?: string[];
|
|
154
|
-
transportKind?: McpTransportKind;
|
|
155
|
-
lucernClient?: LucernSdkClient;
|
|
156
|
-
convex?: ConvexAdminClient;
|
|
157
|
-
setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;
|
|
158
|
-
matchesWorkspaceReasoningScope?: (
|
|
159
|
-
node: unknown,
|
|
160
|
-
scope: unknown
|
|
161
|
-
) => boolean;
|
|
162
|
-
};
|