@lucern/contracts 0.3.0-alpha.17 → 0.3.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (316) hide show
  1. package/CHANGELOG.md +0 -10
  2. package/dist/api-enums.contract.d.ts +3 -5
  3. package/dist/api-enums.contract.js +12 -14
  4. package/dist/api-enums.contract.js.map +1 -1
  5. package/dist/auth-context.contract.js +2 -14
  6. package/dist/auth-context.contract.js.map +1 -1
  7. package/dist/auth-session.contract.js +2 -14
  8. package/dist/auth-session.contract.js.map +1 -1
  9. package/dist/auth.contract.d.ts +1 -1
  10. package/dist/auth.contract.js +2 -14
  11. package/dist/auth.contract.js.map +1 -1
  12. package/dist/component-boundary.contract.d.ts +1 -1
  13. package/dist/component-boundary.contract.js +26 -46
  14. package/dist/component-boundary.contract.js.map +1 -1
  15. package/dist/context-pack.contract.d.ts +3 -5
  16. package/dist/context-pack.contract.js.map +1 -1
  17. package/dist/{defineTable-t1wr5wgn.d.ts → defineTable-CBQ03FXl.d.ts} +1 -1
  18. package/dist/{dsl-DVPthQGY.d.ts → dsl-BgpoVOVQ.d.ts} +2 -2
  19. package/dist/dsl.d.ts +2 -2
  20. package/dist/dsl.js +4 -1
  21. package/dist/dsl.js.map +1 -1
  22. package/dist/function-registry/beliefs.d.ts +51 -64
  23. package/dist/function-registry/beliefs.js +57 -817
  24. package/dist/function-registry/beliefs.js.map +1 -1
  25. package/dist/function-registry/coding.d.ts +6 -15
  26. package/dist/function-registry/coding.js +43 -866
  27. package/dist/function-registry/coding.js.map +1 -1
  28. package/dist/function-registry/context.d.ts +16 -22
  29. package/dist/function-registry/context.js +46 -805
  30. package/dist/function-registry/context.js.map +1 -1
  31. package/dist/function-registry/contracts.d.ts +3 -9
  32. package/dist/function-registry/contracts.js +39 -770
  33. package/dist/function-registry/contracts.js.map +1 -1
  34. package/dist/function-registry/coordination.d.ts +9 -21
  35. package/dist/function-registry/coordination.js +39 -770
  36. package/dist/function-registry/coordination.js.map +1 -1
  37. package/dist/function-registry/edges.d.ts +2 -167
  38. package/dist/function-registry/edges.js +71 -978
  39. package/dist/function-registry/edges.js.map +1 -1
  40. package/dist/function-registry/evidence.d.ts +41 -52
  41. package/dist/function-registry/evidence.js +62 -826
  42. package/dist/function-registry/evidence.js.map +1 -1
  43. package/dist/function-registry/graph.d.ts +66 -162
  44. package/dist/function-registry/graph.js +46 -886
  45. package/dist/function-registry/graph.js.map +1 -1
  46. package/dist/function-registry/helpers.d.ts +4 -7
  47. package/dist/function-registry/helpers.js +40 -771
  48. package/dist/function-registry/helpers.js.map +1 -1
  49. package/dist/function-registry/identity.d.ts +16 -62
  50. package/dist/function-registry/identity.js +45 -793
  51. package/dist/function-registry/identity.js.map +1 -1
  52. package/dist/function-registry/index.d.ts +3 -5
  53. package/dist/function-registry/index.js +43 -777
  54. package/dist/function-registry/index.js.map +1 -1
  55. package/dist/function-registry/judgments.d.ts +11 -16
  56. package/dist/function-registry/judgments.js +42 -782
  57. package/dist/function-registry/judgments.js.map +1 -1
  58. package/dist/function-registry/legacy.d.ts +1 -5
  59. package/dist/function-registry/legacy.js +39 -770
  60. package/dist/function-registry/legacy.js.map +1 -1
  61. package/dist/function-registry/lenses.d.ts +21 -28
  62. package/dist/function-registry/lenses.js +42 -793
  63. package/dist/function-registry/lenses.js.map +1 -1
  64. package/dist/function-registry/manifest.d.ts +6 -6
  65. package/dist/function-registry/manifest.js +2 -19
  66. package/dist/function-registry/manifest.js.map +1 -1
  67. package/dist/function-registry/ontologies.d.ts +56 -70
  68. package/dist/function-registry/ontologies.js +45 -788
  69. package/dist/function-registry/ontologies.js.map +1 -1
  70. package/dist/function-registry/pipeline.d.ts +16 -22
  71. package/dist/function-registry/pipeline.js +42 -779
  72. package/dist/function-registry/pipeline.js.map +1 -1
  73. package/dist/function-registry/questions.d.ts +61 -76
  74. package/dist/function-registry/questions.js +52 -869
  75. package/dist/function-registry/questions.js.map +1 -1
  76. package/dist/function-registry/tasks.d.ts +21 -28
  77. package/dist/function-registry/tasks.js +48 -845
  78. package/dist/function-registry/tasks.js.map +1 -1
  79. package/dist/function-registry/topics.d.ts +26 -114
  80. package/dist/function-registry/topics.js +43 -852
  81. package/dist/function-registry/topics.js.map +1 -1
  82. package/dist/function-registry/types.d.ts +3 -7
  83. package/dist/function-registry/worktrees.d.ts +51 -104
  84. package/dist/function-registry/worktrees.js +51 -925
  85. package/dist/function-registry/worktrees.js.map +1 -1
  86. package/dist/gateway.contract.d.ts +0 -5
  87. package/dist/gateway.contract.js.map +1 -1
  88. package/dist/generated/convexSchemas.d.ts +3 -3
  89. package/dist/generated/convexSchemas.js +18 -38
  90. package/dist/generated/convexSchemas.js.map +1 -1
  91. package/dist/generated/schema-manifest.json +114 -1221
  92. package/dist/generated/tableOwnership.d.ts +28 -48
  93. package/dist/generated/tableOwnership.js +26 -66
  94. package/dist/generated/tableOwnership.js.map +1 -1
  95. package/dist/generated/tier-expectations.json +9 -64
  96. package/dist/graph-types/index.d.ts +1 -5
  97. package/dist/graph-types/index.js +4 -15
  98. package/dist/graph-types/index.js.map +1 -1
  99. package/dist/index-CV-0_VWJ.d.ts +25 -0
  100. package/dist/index.d.ts +669 -28
  101. package/dist/index.js +400 -34707
  102. package/dist/index.js.map +1 -1
  103. package/dist/lens-filter.contract.js +3 -4
  104. package/dist/lens-filter.contract.js.map +1 -1
  105. package/dist/lens-workflow.contract.js +3 -4
  106. package/dist/lens-workflow.contract.js.map +1 -1
  107. package/dist/mcp-gateway-boundary.contract.d.ts +3 -23
  108. package/dist/mcp-gateway-boundary.contract.js +0 -2
  109. package/dist/mcp-gateway-boundary.contract.js.map +1 -1
  110. package/dist/schema-helpers/enumValidation.js +5 -2
  111. package/dist/schema-helpers/enumValidation.js.map +1 -1
  112. package/dist/schema-helpers/spine/nodes/decision.js +1 -2
  113. package/dist/schema-helpers/spine/nodes/decision.js.map +1 -1
  114. package/dist/schema-helpers/spine/tables/epistemicNodes.js +27 -27
  115. package/dist/schema-helpers/spine/tables/epistemicNodes.js.map +1 -1
  116. package/dist/schemas/component-table-manifest.d.ts +6 -6
  117. package/dist/schemas/component-table-manifest.js +2 -2
  118. package/dist/schemas/component-table-manifest.js.map +1 -1
  119. package/dist/schemas/enums.d.ts +2 -5
  120. package/dist/schemas/enums.js +2 -5
  121. package/dist/schemas/enums.js.map +1 -1
  122. package/dist/schemas/index.d.ts +3 -3
  123. package/dist/schemas/index.js +139 -1130
  124. package/dist/schemas/index.js.map +1 -1
  125. package/dist/schemas/manifest.d.ts +948 -2948
  126. package/dist/schemas/manifest.js +137 -1128
  127. package/dist/schemas/manifest.js.map +1 -1
  128. package/dist/schemas/sl-opinion.d.ts +4 -4
  129. package/dist/schemas/tables/{controlPlane → identity}/agent.d.ts +1 -1
  130. package/dist/schemas/tables/{controlPlane → identity}/agent.js +3 -3
  131. package/dist/schemas/tables/identity/agent.js.map +1 -0
  132. package/dist/schemas/tables/{controlPlane → identity}/epistemic.d.ts +1 -1
  133. package/dist/schemas/tables/{controlPlane → identity}/epistemic.js +3 -3
  134. package/dist/schemas/tables/identity/epistemic.js.map +1 -0
  135. package/dist/schemas/tables/{controlPlane → identity}/model.d.ts +1 -1
  136. package/dist/schemas/tables/{controlPlane → identity}/model.js +6 -6
  137. package/dist/schemas/tables/identity/model.js.map +1 -0
  138. package/dist/schemas/tables/{controlPlane → identity}/platform.d.ts +11 -11
  139. package/dist/schemas/tables/{controlPlane → identity}/platform.js +18 -18
  140. package/dist/schemas/tables/identity/platform.js.map +1 -0
  141. package/dist/schemas/tables/{controlPlane → identity}/project.d.ts +1 -1
  142. package/dist/schemas/tables/{controlPlane → identity}/project.js +3 -3
  143. package/dist/schemas/tables/identity/project.js.map +1 -0
  144. package/dist/schemas/tables/{controlPlane → identity}/user.d.ts +1 -1
  145. package/dist/schemas/tables/{controlPlane → identity}/user.js +3 -3
  146. package/dist/schemas/tables/identity/user.js.map +1 -0
  147. package/dist/schemas/tables/kernel/config.d.ts +1 -1
  148. package/dist/schemas/tables/kernel/config.js.map +1 -1
  149. package/dist/schemas/tables/kernel/coordination.d.ts +1 -1
  150. package/dist/schemas/tables/kernel/coordination.js.map +1 -1
  151. package/dist/schemas/tables/kernel/decision.d.ts +1 -1
  152. package/dist/schemas/tables/kernel/decision.js.map +1 -1
  153. package/dist/schemas/tables/kernel/embedding.d.ts +1 -1
  154. package/dist/schemas/tables/kernel/embedding.js.map +1 -1
  155. package/dist/schemas/tables/kernel/epistemic.d.ts +7 -7
  156. package/dist/schemas/tables/kernel/epistemic.js.map +1 -1
  157. package/dist/schemas/tables/kernel/idempotency.d.ts +1 -1
  158. package/dist/schemas/tables/kernel/idempotency.js.map +1 -1
  159. package/dist/schemas/tables/kernel/infra.d.ts +5 -5
  160. package/dist/schemas/tables/kernel/infra.js.map +1 -1
  161. package/dist/schemas/tables/kernel/intelligence.d.ts +11 -11
  162. package/dist/schemas/tables/kernel/intelligence.js.map +1 -1
  163. package/dist/schemas/tables/kernel/lens.d.ts +5 -5
  164. package/dist/schemas/tables/kernel/lens.js.map +1 -1
  165. package/dist/schemas/tables/kernel/ontology.d.ts +1 -1
  166. package/dist/schemas/tables/kernel/ontology.js.map +1 -1
  167. package/dist/schemas/tables/kernel/platform.d.ts +13 -13
  168. package/dist/schemas/tables/kernel/platform.js.map +1 -1
  169. package/dist/schemas/tables/kernel/spine.d.ts +4 -5
  170. package/dist/schemas/tables/kernel/spine.js +2 -6
  171. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  172. package/dist/schemas/tables/kernel/task.d.ts +43 -43
  173. package/dist/schemas/tables/kernel/task.js.map +1 -1
  174. package/dist/schemas/tables/kernel/topic.d.ts +1 -1
  175. package/dist/schemas/tables/kernel/topic.js +1 -5
  176. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  177. package/dist/schemas/tables/kernel/workflow.d.ts +1 -1
  178. package/dist/schemas/tables/kernel/workflow.js.map +1 -1
  179. package/dist/schemas/tables/kernel/worktree.d.ts +55 -55
  180. package/dist/schemas/tables/kernel/worktree.js.map +1 -1
  181. package/dist/schemas/tables/mc/identity.d.ts +4 -21
  182. package/dist/schemas/tables/mc/identity.js +1 -32
  183. package/dist/schemas/tables/mc/identity.js.map +1 -1
  184. package/dist/schemas/tables/mc/methodology.d.ts +1 -1
  185. package/dist/schemas/tables/mc/methodology.js.map +1 -1
  186. package/dist/schemas/tables/mc/pack.d.ts +21 -21
  187. package/dist/schemas/tables/mc/pack.js.map +1 -1
  188. package/dist/schemas/tables/mc/policy.d.ts +2 -2
  189. package/dist/schemas/tables/mc/policy.js +1 -1
  190. package/dist/schemas/tables/mc/policy.js.map +1 -1
  191. package/dist/schemas/tables/mc/registry.d.ts +5 -5
  192. package/dist/schemas/tables/mc/registry.js.map +1 -1
  193. package/dist/schemas/tables/mc/runtime.d.ts +3 -109
  194. package/dist/schemas/tables/mc/runtime.js +104 -330
  195. package/dist/schemas/tables/mc/runtime.js.map +1 -1
  196. package/dist/schemas/tables/mc/tenant.d.ts +2 -4
  197. package/dist/schemas/tables/mc/tenant.js +1 -3
  198. package/dist/schemas/tables/mc/tenant.js.map +1 -1
  199. package/dist/schemas/tables/mc/workspace.d.ts +5 -28
  200. package/dist/schemas/tables/mc/workspace.js +2 -36
  201. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  202. package/dist/sdk-methods.contract.d.ts +2 -2
  203. package/dist/{sdk-tools.contract-CKmSsrZ2.d.ts → sdk-tools.contract-S4ia0TTo.d.ts} +2 -2
  204. package/dist/sdk-tools.contract.d.ts +2 -2
  205. package/dist/sdk-tools.contract.js +27 -719
  206. package/dist/sdk-tools.contract.js.map +1 -1
  207. package/dist/tenant-client.contract.d.ts +14 -102
  208. package/dist/tenant-client.contract.js +12 -113
  209. package/dist/tenant-client.contract.js.map +1 -1
  210. package/dist/{tool-contracts-C_xvM9q2.d.ts → tool-contracts-C92-9ueT.d.ts} +2 -38
  211. package/dist/tool-contracts.d.ts +1 -1
  212. package/dist/tool-contracts.js +28 -720
  213. package/dist/tool-contracts.js.map +1 -1
  214. package/package.json +1 -30
  215. package/dist/component-host-boundary.contract.d.ts +0 -46
  216. package/dist/component-host-boundary.contract.js +0 -60
  217. package/dist/component-host-boundary.contract.js.map +0 -1
  218. package/dist/edge-policy-manifest-Dw5IhT1L.d.ts +0 -133
  219. package/dist/function-registry/nodes.d.ts +0 -412
  220. package/dist/function-registry/nodes.js +0 -5354
  221. package/dist/function-registry/nodes.js.map +0 -1
  222. package/dist/function-registry-input-audit.d.ts +0 -13
  223. package/dist/function-registry-input-audit.js +0 -166
  224. package/dist/function-registry-input-audit.js.map +0 -1
  225. package/dist/generated/infisicalRuntimeEnv.d.ts +0 -70
  226. package/dist/generated/infisicalRuntimeEnv.js +0 -27345
  227. package/dist/generated/infisicalRuntimeEnv.js.map +0 -1
  228. package/dist/generated/lucernGatewayEnv.d.ts +0 -17
  229. package/dist/generated/lucernGatewayEnv.js +0 -38
  230. package/dist/generated/lucernGatewayEnv.js.map +0 -1
  231. package/dist/generated/lucernWebPublicEnv.d.ts +0 -26
  232. package/dist/generated/lucernWebPublicEnv.js +0 -32
  233. package/dist/generated/lucernWebPublicEnv.js.map +0 -1
  234. package/dist/generated/lucernWebServerEnv.d.ts +0 -33
  235. package/dist/generated/lucernWebServerEnv.js +0 -51
  236. package/dist/generated/lucernWebServerEnv.js.map +0 -1
  237. package/dist/graph-intelligence.contract.d.ts +0 -506
  238. package/dist/graph-intelligence.contract.js +0 -595
  239. package/dist/graph-intelligence.contract.js.map +0 -1
  240. package/dist/index-CM1Pl_vI.d.ts +0 -28
  241. package/dist/infisical-runtime.contract.d.ts +0 -1889
  242. package/dist/infisical-runtime.contract.js +0 -3235
  243. package/dist/infisical-runtime.contract.js.map +0 -1
  244. package/dist/manifests/edge-policy-manifest.d.ts +0 -2
  245. package/dist/manifests/edge-policy-manifest.data.d.ts +0 -13
  246. package/dist/manifests/edge-policy-manifest.data.js +0 -26
  247. package/dist/manifests/edge-policy-manifest.data.js.map +0 -1
  248. package/dist/manifests/edge-policy-manifest.js +0 -92
  249. package/dist/manifests/edge-policy-manifest.js.map +0 -1
  250. package/dist/manifests/infisical-runtime-manifest.d.ts +0 -1792
  251. package/dist/manifests/infisical-runtime-manifest.js +0 -3090
  252. package/dist/manifests/infisical-runtime-manifest.js.map +0 -1
  253. package/dist/manifests/invariant-manifest.d.ts +0 -65
  254. package/dist/manifests/invariant-manifest.js +0 -18
  255. package/dist/manifests/invariant-manifest.js.map +0 -1
  256. package/dist/manifests/invariants/ast-utils.d.ts +0 -14
  257. package/dist/manifests/invariants/ast-utils.js +0 -54
  258. package/dist/manifests/invariants/ast-utils.js.map +0 -1
  259. package/dist/manifests/invariants/index.d.ts +0 -15
  260. package/dist/manifests/invariants/index.js +0 -183
  261. package/dist/manifests/invariants/index.js.map +0 -1
  262. package/dist/manifests/invariants/inv-1-beliefs-append-only.d.ts +0 -12
  263. package/dist/manifests/invariants/inv-1-beliefs-append-only.js +0 -94
  264. package/dist/manifests/invariants/inv-1-beliefs-append-only.js.map +0 -1
  265. package/dist/manifests/invariants/inv-14-no-silent-transitions.d.ts +0 -12
  266. package/dist/manifests/invariants/inv-14-no-silent-transitions.js +0 -99
  267. package/dist/manifests/invariants/inv-14-no-silent-transitions.js.map +0 -1
  268. package/dist/manifests/invariants/manifest-1-projections-declare-audit.d.ts +0 -12
  269. package/dist/manifests/invariants/manifest-1-projections-declare-audit.js +0 -42
  270. package/dist/manifests/invariants/manifest-1-projections-declare-audit.js.map +0 -1
  271. package/dist/manifests/tenant-client-manifest.d.ts +0 -327
  272. package/dist/manifests/tenant-client-manifest.js +0 -449
  273. package/dist/manifests/tenant-client-manifest.js.map +0 -1
  274. package/dist/permit-principal-projection.contract.d.ts +0 -74
  275. package/dist/permit-principal-projection.contract.js +0 -167
  276. package/dist/permit-principal-projection.contract.js.map +0 -1
  277. package/dist/projections/check-convex-args-shape.d.ts +0 -3
  278. package/dist/projections/check-convex-args-shape.js +0 -403
  279. package/dist/projections/check-convex-args-shape.js.map +0 -1
  280. package/dist/projections/create-evidence.projection.d.ts +0 -176
  281. package/dist/projections/create-evidence.projection.js +0 -130
  282. package/dist/projections/create-evidence.projection.js.map +0 -1
  283. package/dist/projections/index.d.ts +0 -102
  284. package/dist/projections/index.js +0 -352
  285. package/dist/projections/index.js.map +0 -1
  286. package/dist/projections/list-beliefs.projection.d.ts +0 -36
  287. package/dist/projections/list-beliefs.projection.js +0 -54
  288. package/dist/projections/list-beliefs.projection.js.map +0 -1
  289. package/dist/projections/list-tasks.projection.d.ts +0 -44
  290. package/dist/projections/list-tasks.projection.js +0 -57
  291. package/dist/projections/list-tasks.projection.js.map +0 -1
  292. package/dist/projections/modulate-confidence.projection.d.ts +0 -219
  293. package/dist/projections/modulate-confidence.projection.js +0 -148
  294. package/dist/projections/modulate-confidence.projection.js.map +0 -1
  295. package/dist/projections/projection-dsl.d.ts +0 -11
  296. package/dist/projections/projection-dsl.js +0 -8
  297. package/dist/projections/projection-dsl.js.map +0 -1
  298. package/dist/proof-attestation.json +0 -45
  299. package/dist/schemas/tables/controlPlane/accessControl.d.ts +0 -260
  300. package/dist/schemas/tables/controlPlane/accessControl.js +0 -658
  301. package/dist/schemas/tables/controlPlane/accessControl.js.map +0 -1
  302. package/dist/schemas/tables/controlPlane/agent.js.map +0 -1
  303. package/dist/schemas/tables/controlPlane/epistemic.js.map +0 -1
  304. package/dist/schemas/tables/controlPlane/model.js.map +0 -1
  305. package/dist/schemas/tables/controlPlane/platform.js.map +0 -1
  306. package/dist/schemas/tables/controlPlane/project.js.map +0 -1
  307. package/dist/schemas/tables/controlPlane/user.js.map +0 -1
  308. package/dist/schemas/tables/kernel/events.d.ts +0 -21
  309. package/dist/schemas/tables/kernel/events.js +0 -43
  310. package/dist/schemas/tables/kernel/events.js.map +0 -1
  311. package/dist/tenant-bootstrap-seed.contract.d.ts +0 -1289
  312. package/dist/tenant-bootstrap-seed.contract.js +0 -764
  313. package/dist/tenant-bootstrap-seed.contract.js.map +0 -1
  314. package/dist/tenant-bootstrap-seed.defaults.d.ts +0 -16
  315. package/dist/tenant-bootstrap-seed.defaults.js +0 -321
  316. package/dist/tenant-bootstrap-seed.defaults.js.map +0 -1
package/CHANGELOG.md CHANGED
@@ -1,13 +1,3 @@
1
1
  # Changelog
2
2
 
3
3
  All notable changes to `@lucern/contracts` are tracked in this repository.
4
-
5
- ## [0.3.0-alpha.16] - 2026-05-14
6
- - Adds the exact-row reasoning-kernel migration surface required for tenant identity/scope repairs.
7
- - Keeps the coherent Lucern package line aligned for StackOS and reasoning-environment adoption.
8
-
9
- ## [0.3.0-alpha.7] - 2026-05-03
10
- - Rebuild the coherent Lucern package line after Campaign 1 SDK hardening fixes.
11
-
12
- ## [0.3.0-alpha.17] - 2026-05-19
13
- - Release notes pending.
@@ -1,7 +1,3 @@
1
- /** Reasoning methods supported by the kernel edge schema. */
2
- declare const REASONING_METHODS: readonly ["deductive", "inductive", "abductive", "analogical", "causal", "correlational", "testimonial", "statistical", "implicit", "pattern_match"];
3
- type ReasoningMethod = (typeof REASONING_METHODS)[number];
4
-
5
1
  /**
6
2
  * API Enum Contract Definitions
7
3
  *
@@ -21,7 +17,9 @@ type ConfidenceTrigger = (typeof CONFIDENCE_TRIGGERS)[number];
21
17
  /** Belief status — lifecycle state */
22
18
  declare const BELIEF_STATUSES: readonly ["unscored", "scored", "archived"];
23
19
  type BeliefStatus = (typeof BELIEF_STATUSES)[number];
24
-
20
+ /** Reasoning methods — how an edge relationship was determined */
21
+ declare const REASONING_METHODS: readonly ["deductive", "inductive", "abductive", "analogical", "empirical"];
22
+ type ReasoningMethod = (typeof REASONING_METHODS)[number];
25
23
  /** Defeat types (Pollock taxonomy) — how a contradiction operates */
26
24
  declare const DEFEAT_TYPES: readonly ["rebuts", "undercuts", "undermines"];
27
25
  type DefeatType = (typeof DEFEAT_TYPES)[number];
@@ -1,17 +1,3 @@
1
- // src/types/reasoning-method.ts
2
- var REASONING_METHODS = [
3
- "deductive",
4
- "inductive",
5
- "abductive",
6
- "analogical",
7
- "causal",
8
- "correlational",
9
- "testimonial",
10
- "statistical",
11
- "implicit",
12
- "pattern_match"
13
- ];
14
-
15
1
  // src/api-enums.contract.ts
16
2
  var FORK_REASONS = [
17
3
  "refinement",
@@ -59,6 +45,18 @@ var BELIEF_STATUSES = [
59
45
  "archived"
60
46
  // Soft-deleted — preserved in history (git rm)
61
47
  ];
48
+ var REASONING_METHODS = [
49
+ "deductive",
50
+ // Logically entailed
51
+ "inductive",
52
+ // Generalized from instances
53
+ "abductive",
54
+ // Best explanation inference
55
+ "analogical",
56
+ // Reasoning by analogy
57
+ "empirical"
58
+ // Direct observation/measurement
59
+ ];
62
60
  var DEFEAT_TYPES = [
63
61
  "rebuts",
64
62
  // Direct contradiction — reasons for the negation
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/types/reasoning-method.ts","../src/api-enums.contract.ts"],"names":[],"mappings":";AACO,IAAM,iBAAA,GAAoB;AAAA,EAC/B,WAAA;AAAA,EACA,WAAA;AAAA,EACA,WAAA;AAAA,EACA,YAAA;AAAA,EACA,QAAA;AAAA,EACA,eAAA;AAAA,EACA,aAAA;AAAA,EACA,aAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF;;;ACIO,IAAM,YAAA,GAAe;AAAA,EAC1B,YAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,cAAA;AAAA;AAAA,EACA,qBAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,mBAAA,GAAsB;AAAA,EACjC,gBAAA;AAAA;AAAA,EACA,kBAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA,OAAA;AAAA;AAAA,EACA,kBAAA;AAAA;AAAA,EACA,kBAAA;AAAA;AAAA,EACA,oBAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,eAAA,GAAkB;AAAA,EAC7B,UAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAaO,IAAM,YAAA,GAAe;AAAA,EAC1B,QAAA;AAAA;AAAA,EACA,WAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,wBAAA,GAA2B;AAAA,EACtC,KAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA,MAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,sBAAA,GAAyB;AAAA,EACpC,YAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,cAAA,GAAiB;AAAA,EAC5B,WAAA;AAAA;AAAA,EACA,aAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,eAAA,GAAkB;AAAA,EAC7B,YAAA;AAAA;AAAA,EACA,eAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,eAAA,GAAkB;AAAA,EAC7B,SAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,qBAAA,GAAwB;AAAA,EACnC,gBAAA;AAAA;AAAA,EACA,mBAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,gBAAA,GAAmB;AAAA,EAC9B,IAAA;AAAA;AAAA,EACA,IAAA;AAAA;AAAA,EACA,IAAA;AAAA;AAAA,EACA;AAAA;AACF;AAcO,IAAM,cAAA,GAAiB;AAAA,EAC5B,mBAAA;AAAA;AAAA,EACA,iBAAA;AAAA;AAAA,EACA,sBAAA;AAAA;AAAA,EACA,qBAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,sBAAA,GAAyB;AAAA;AAAA,EAEpC,SAAA;AAAA;AAAA,EACA,SAAA;AAAA;AAAA,EACA,SAAA;AAAA;AAAA;AAAA,EAEA,aAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA;AAAA,EAEA,YAAA;AAAA;AAAA,EACA,cAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA,EACA;AAAA;AACF","file":"api-enums.contract.js","sourcesContent":["/** Reasoning methods supported by the kernel edge schema. */\nexport const REASONING_METHODS = [\n \"deductive\",\n \"inductive\",\n \"abductive\",\n \"analogical\",\n \"causal\",\n \"correlational\",\n \"testimonial\",\n \"statistical\",\n \"implicit\",\n \"pattern_match\",\n] as const;\n\nexport type ReasoningMethod = (typeof REASONING_METHODS)[number];\n","/**\n * API Enum Contract Definitions\n *\n * Canonical enum values for all API-facing enumerations.\n * These are co-equal with MCP contracts as external contracts.\n * SDK types are DERIVED from these — not independently authored.\n *\n * CONTRACT SURFACE: Adding a new enum value is additive (non-breaking).\n * Removing or renaming an existing value is a BREAKING CHANGE.\n */\n\n// =============================================================================\n// BELIEF ENUMS\n// =============================================================================\n\n/** Fork reasons — why a scored belief was branched */\nexport const FORK_REASONS = [\n \"refinement\", // Belief text evolved based on new understanding\n \"contradiction_response\", // Created in response to a detected contradiction\n \"scope_change\", // Belief scope narrowed or broadened\n \"confidence_collapse\", // Confidence dropped below viability threshold\n \"manual\", // User-initiated fork without specific trigger\n] as const;\nexport type ForkReason = (typeof FORK_REASONS)[number];\n\n/** Confidence modulation triggers — what caused a confidence change */\nexport const CONFIDENCE_TRIGGERS = [\n \"evidence_added\", // New evidence bore on the belief\n \"evidence_removed\", // Evidence was removed or invalidated\n \"contradiction_detected\", // A contradiction was flagged involving this belief\n \"contradiction_resolved\", // A contradiction was resolved\n \"manual\", // User manually adjusted confidence\n \"decay\", // Time-based confidence erosion\n \"agent_assessment\", // An agent provided a structured assessment\n \"worktree_outcome\", // Worktree outcome determined this confidence\n \"worktree_completed\", // Worktree completed and closed this scoring loop\n \"fusion\", // Confidence came from subjective-logic fusion\n \"discount\", // Confidence came from trust discounting\n \"deduction\", // Confidence came from conditional deduction\n] as const;\nexport type ConfidenceTrigger = (typeof CONFIDENCE_TRIGGERS)[number];\n\n/** Belief status — lifecycle state */\nexport const BELIEF_STATUSES = [\n \"unscored\", // Draft — editable in worktree (on feature branch, pre-merge)\n \"scored\", // Merged — formulation frozen (merged to main)\n \"archived\", // Soft-deleted — preserved in history (git rm)\n] as const;\nexport type BeliefStatus = (typeof BELIEF_STATUSES)[number];\n\n// =============================================================================\n// EDGE ENUMS\n// =============================================================================\n\nexport {\n REASONING_METHODS,\n type ReasoningMethod,\n} from \"./types/reasoning-method.js\";\n\n/** Defeat types (Pollock taxonomy) — how a contradiction operates */\nexport const DEFEAT_TYPES = [\n \"rebuts\", // Direct contradiction — reasons for the negation\n \"undercuts\", // Breaks the inference link between evidence and belief\n \"undermines\", // Attacks a premise the belief depends on\n] as const;\nexport type DefeatType = (typeof DEFEAT_TYPES)[number];\n\n/** Contradiction severity levels */\nexport const CONTRADICTION_SEVERITIES = [\n \"low\", // Minor tension, may not require action\n \"medium\", // Moderate conflict, should be investigated\n \"high\", // Significant contradiction, likely needs resolution\n \"critical\", // Blocks progress — must be addressed before judgment\n] as const;\nexport type ContradictionSeverity = (typeof CONTRADICTION_SEVERITIES)[number];\n\n/** Contradiction resolution status */\nexport const CONTRADICTION_STATUSES = [\n \"unresolved\", // Open conflict — may persist indefinitely\n \"resolved\", // Conflict addressed (one belief forked, archived, or confidence adjusted)\n \"accepted\", // Explicitly accepted as irreconcilable — both beliefs maintained\n] as const;\nexport type ContradictionStatus = (typeof CONTRADICTION_STATUSES)[number];\n\n// =============================================================================\n// WORKTREE ENUMS (git worktree lifecycle)\n// =============================================================================\n\n/** Merge outcome types — how a worktree merge resolved */\nexport const MERGE_OUTCOMES = [\n \"validated\", // Beliefs confirmed — clean merge to main\n \"invalidated\", // Defeat recorded — confidence collapsed (merge with revert)\n \"forked\", // Beliefs split into competing versions (fork from merge point)\n \"inconclusive\", // Insufficient evidence — stashed (git stash)\n] as const;\nexport type MergeOutcome = (typeof MERGE_OUTCOMES)[number];\n\n/** Worktree phases — investigation lifecycle within a checked-out worktree */\nexport const WORKTREE_PHASES = [\n \"hypothesis\", // Form testable claims (write the code — commits)\n \"investigation\", // Collect evidence (run the tests — more commits)\n \"evaluation\", // Update credences (review the results — amend as needed)\n \"resolution\", // Determine outcome (merge to main, fork, or stash)\n] as const;\nexport type WorktreePhase = (typeof WORKTREE_PHASES)[number];\n\n// =============================================================================\n// BRANCH ENUMS (git branch lifecycle)\n// =============================================================================\n\n/** Branch status — thematic branch lifecycle */\nexport const BRANCH_STATUSES = [\n \"dormant\", // Branch exists but no active worktree (no one investigating)\n \"active\", // At least one worktree is investigating this branch\n \"archived\", // Branch retired — no longer a relevant thematic container\n] as const;\nexport type BranchStatus = (typeof BRANCH_STATUSES)[number];\n\n// =============================================================================\n// PULL REQUEST ENUMS (git pull request lifecycle)\n// =============================================================================\n\n/** Pull request status — review lifecycle before merge */\nexport const PULL_REQUEST_STATUSES = [\n \"pending_review\", // PR opened — awaiting reviewer feedback\n \"changes_requested\", // Reviewer requests changes before merge\n \"approved\", // Approved — ready to merge\n \"blocked\", // Blocked — cannot merge until contradiction is resolved\n] as const;\nexport type PullRequestStatus = (typeof PULL_REQUEST_STATUSES)[number];\n\n// =============================================================================\n// LAYER ENUMS\n// =============================================================================\n\n/** Epistemic layers — the hierarchy of knowledge */\nexport const EPISTEMIC_LAYERS = [\n \"L1\", // Source — the given (vendored deps)\n \"L2\", // Evidence — the interpreted (test suite)\n \"L3\", // Belief — the structural (source files)\n \"L4\", // Judgment — the committed (release tags)\n] as const;\nexport type EpistemicLayer = (typeof EPISTEMIC_LAYERS)[number];\n\n// =============================================================================\n// JUDGMENT ENUMS (Phase 1: new vocabulary)\n// =============================================================================\n\n/**\n * Judgment type — classification of the determination.\n *\n * Phase 1: These are new enum values for the Judgment (L4) vocabulary.\n * The existing code uses \"Decision\" — these are the forward-looking terms\n * that will eventually replace the Decision vocabulary (Phase 2-3).\n */\nexport const JUDGMENT_TYPES = [\n \"investment_thesis\", // Judgment on an investment opportunity\n \"thesis_maturity\", // Judgment that a thesis is ready for IC presentation\n \"contradiction_ruling\", // Judgment on how to handle an irreconcilable contradiction\n \"scope_determination\", // Judgment that defines or redefines investigation scope\n \"confidence_ruling\", // Judgment that overrides automated confidence for policy reasons\n] as const;\nexport type JudgmentType = (typeof JUDGMENT_TYPES)[number];\n\n// =============================================================================\n// SUPPORT RELATION ENUMS\n// =============================================================================\n\n/** Core edge types used in the Integration Surfaces */\nexport const INTEGRATION_EDGE_TYPES = [\n // Support relations\n \"informs\", // Evidence bears on a belief (weight = direction/strength)\n \"grounds\", // Source provides raw basis for evidence\n \"answers\", // Evidence or belief resolves a question\n // Defeat relations (Pollock) — weight carries direction\n \"contradicts\", // Rebuts — direct contradiction\n \"supports\", // Weight carries valence (negative = weakens/undercuts)\n // Structural relations\n \"depends_on\", // Belief B requires Belief A\n \"derived_from\", // Provenance lineage\n \"contains\", // Hierarchical containment\n \"supersedes\", // New version replaces old (lineage)\n \"tests\", // Question tests a belief\n] as const;\nexport type IntegrationEdgeType = (typeof INTEGRATION_EDGE_TYPES)[number];\n"]}
1
+ {"version":3,"sources":["../src/api-enums.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,YAAA,GAAe;AAAA,EAC1B,YAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,cAAA;AAAA;AAAA,EACA,qBAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,mBAAA,GAAsB;AAAA,EACjC,gBAAA;AAAA;AAAA,EACA,kBAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA,OAAA;AAAA;AAAA,EACA,kBAAA;AAAA;AAAA,EACA,kBAAA;AAAA;AAAA,EACA,oBAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,eAAA,GAAkB;AAAA,EAC7B,UAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,iBAAA,GAAoB;AAAA,EAC/B,WAAA;AAAA;AAAA,EACA,WAAA;AAAA;AAAA,EACA,WAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,YAAA,GAAe;AAAA,EAC1B,QAAA;AAAA;AAAA,EACA,WAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,wBAAA,GAA2B;AAAA,EACtC,KAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA,MAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,sBAAA,GAAyB;AAAA,EACpC,YAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,cAAA,GAAiB;AAAA,EAC5B,WAAA;AAAA;AAAA,EACA,aAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAIO,IAAM,eAAA,GAAkB;AAAA,EAC7B,YAAA;AAAA;AAAA,EACA,eAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,eAAA,GAAkB;AAAA,EAC7B,SAAA;AAAA;AAAA,EACA,QAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,qBAAA,GAAwB;AAAA,EACnC,gBAAA;AAAA;AAAA,EACA,mBAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,gBAAA,GAAmB;AAAA,EAC9B,IAAA;AAAA;AAAA,EACA,IAAA;AAAA;AAAA,EACA,IAAA;AAAA;AAAA,EACA;AAAA;AACF;AAcO,IAAM,cAAA,GAAiB;AAAA,EAC5B,mBAAA;AAAA;AAAA,EACA,iBAAA;AAAA;AAAA,EACA,sBAAA;AAAA;AAAA,EACA,qBAAA;AAAA;AAAA,EACA;AAAA;AACF;AAQO,IAAM,sBAAA,GAAyB;AAAA;AAAA,EAEpC,SAAA;AAAA;AAAA,EACA,SAAA;AAAA;AAAA,EACA,SAAA;AAAA;AAAA;AAAA,EAEA,aAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA;AAAA,EAEA,YAAA;AAAA;AAAA,EACA,cAAA;AAAA;AAAA,EACA,UAAA;AAAA;AAAA,EACA,YAAA;AAAA;AAAA,EACA;AAAA;AACF","file":"api-enums.contract.js","sourcesContent":["/**\n * API Enum Contract Definitions\n *\n * Canonical enum values for all API-facing enumerations.\n * These are co-equal with MCP contracts as external contracts.\n * SDK types are DERIVED from these — not independently authored.\n *\n * CONTRACT SURFACE: Adding a new enum value is additive (non-breaking).\n * Removing or renaming an existing value is a BREAKING CHANGE.\n */\n\n// =============================================================================\n// BELIEF ENUMS\n// =============================================================================\n\n/** Fork reasons — why a scored belief was branched */\nexport const FORK_REASONS = [\n \"refinement\", // Belief text evolved based on new understanding\n \"contradiction_response\", // Created in response to a detected contradiction\n \"scope_change\", // Belief scope narrowed or broadened\n \"confidence_collapse\", // Confidence dropped below viability threshold\n \"manual\", // User-initiated fork without specific trigger\n] as const;\nexport type ForkReason = (typeof FORK_REASONS)[number];\n\n/** Confidence modulation triggers — what caused a confidence change */\nexport const CONFIDENCE_TRIGGERS = [\n \"evidence_added\", // New evidence bore on the belief\n \"evidence_removed\", // Evidence was removed or invalidated\n \"contradiction_detected\", // A contradiction was flagged involving this belief\n \"contradiction_resolved\", // A contradiction was resolved\n \"manual\", // User manually adjusted confidence\n \"decay\", // Time-based confidence erosion\n \"agent_assessment\", // An agent provided a structured assessment\n \"worktree_outcome\", // Worktree outcome determined this confidence\n \"worktree_completed\", // Worktree completed and closed this scoring loop\n \"fusion\", // Confidence came from subjective-logic fusion\n \"discount\", // Confidence came from trust discounting\n \"deduction\", // Confidence came from conditional deduction\n] as const;\nexport type ConfidenceTrigger = (typeof CONFIDENCE_TRIGGERS)[number];\n\n/** Belief status — lifecycle state */\nexport const BELIEF_STATUSES = [\n \"unscored\", // Draft — editable in worktree (on feature branch, pre-merge)\n \"scored\", // Merged — formulation frozen (merged to main)\n \"archived\", // Soft-deleted — preserved in history (git rm)\n] as const;\nexport type BeliefStatus = (typeof BELIEF_STATUSES)[number];\n\n// =============================================================================\n// EDGE ENUMS\n// =============================================================================\n\n/** Reasoning methods — how an edge relationship was determined */\nexport const REASONING_METHODS = [\n \"deductive\", // Logically entailed\n \"inductive\", // Generalized from instances\n \"abductive\", // Best explanation inference\n \"analogical\", // Reasoning by analogy\n \"empirical\", // Direct observation/measurement\n] as const;\nexport type ReasoningMethod = (typeof REASONING_METHODS)[number];\n\n/** Defeat types (Pollock taxonomy) — how a contradiction operates */\nexport const DEFEAT_TYPES = [\n \"rebuts\", // Direct contradiction — reasons for the negation\n \"undercuts\", // Breaks the inference link between evidence and belief\n \"undermines\", // Attacks a premise the belief depends on\n] as const;\nexport type DefeatType = (typeof DEFEAT_TYPES)[number];\n\n/** Contradiction severity levels */\nexport const CONTRADICTION_SEVERITIES = [\n \"low\", // Minor tension, may not require action\n \"medium\", // Moderate conflict, should be investigated\n \"high\", // Significant contradiction, likely needs resolution\n \"critical\", // Blocks progress — must be addressed before judgment\n] as const;\nexport type ContradictionSeverity = (typeof CONTRADICTION_SEVERITIES)[number];\n\n/** Contradiction resolution status */\nexport const CONTRADICTION_STATUSES = [\n \"unresolved\", // Open conflict — may persist indefinitely\n \"resolved\", // Conflict addressed (one belief forked, archived, or confidence adjusted)\n \"accepted\", // Explicitly accepted as irreconcilable — both beliefs maintained\n] as const;\nexport type ContradictionStatus = (typeof CONTRADICTION_STATUSES)[number];\n\n// =============================================================================\n// WORKTREE ENUMS (git worktree lifecycle)\n// =============================================================================\n\n/** Merge outcome types — how a worktree merge resolved */\nexport const MERGE_OUTCOMES = [\n \"validated\", // Beliefs confirmed — clean merge to main\n \"invalidated\", // Defeat recorded — confidence collapsed (merge with revert)\n \"forked\", // Beliefs split into competing versions (fork from merge point)\n \"inconclusive\", // Insufficient evidence — stashed (git stash)\n] as const;\nexport type MergeOutcome = (typeof MERGE_OUTCOMES)[number];\n\n/** Worktree phases — investigation lifecycle within a checked-out worktree */\nexport const WORKTREE_PHASES = [\n \"hypothesis\", // Form testable claims (write the code — commits)\n \"investigation\", // Collect evidence (run the tests — more commits)\n \"evaluation\", // Update credences (review the results — amend as needed)\n \"resolution\", // Determine outcome (merge to main, fork, or stash)\n] as const;\nexport type WorktreePhase = (typeof WORKTREE_PHASES)[number];\n\n// =============================================================================\n// BRANCH ENUMS (git branch lifecycle)\n// =============================================================================\n\n/** Branch status — thematic branch lifecycle */\nexport const BRANCH_STATUSES = [\n \"dormant\", // Branch exists but no active worktree (no one investigating)\n \"active\", // At least one worktree is investigating this branch\n \"archived\", // Branch retired — no longer a relevant thematic container\n] as const;\nexport type BranchStatus = (typeof BRANCH_STATUSES)[number];\n\n// =============================================================================\n// PULL REQUEST ENUMS (git pull request lifecycle)\n// =============================================================================\n\n/** Pull request status — review lifecycle before merge */\nexport const PULL_REQUEST_STATUSES = [\n \"pending_review\", // PR opened — awaiting reviewer feedback\n \"changes_requested\", // Reviewer requests changes before merge\n \"approved\", // Approved — ready to merge\n \"blocked\", // Blocked — cannot merge until contradiction is resolved\n] as const;\nexport type PullRequestStatus = (typeof PULL_REQUEST_STATUSES)[number];\n\n// =============================================================================\n// LAYER ENUMS\n// =============================================================================\n\n/** Epistemic layers — the hierarchy of knowledge */\nexport const EPISTEMIC_LAYERS = [\n \"L1\", // Source — the given (vendored deps)\n \"L2\", // Evidence — the interpreted (test suite)\n \"L3\", // Belief — the structural (source files)\n \"L4\", // Judgment — the committed (release tags)\n] as const;\nexport type EpistemicLayer = (typeof EPISTEMIC_LAYERS)[number];\n\n// =============================================================================\n// JUDGMENT ENUMS (Phase 1: new vocabulary)\n// =============================================================================\n\n/**\n * Judgment type — classification of the determination.\n *\n * Phase 1: These are new enum values for the Judgment (L4) vocabulary.\n * The existing code uses \"Decision\" — these are the forward-looking terms\n * that will eventually replace the Decision vocabulary (Phase 2-3).\n */\nexport const JUDGMENT_TYPES = [\n \"investment_thesis\", // Judgment on an investment opportunity\n \"thesis_maturity\", // Judgment that a thesis is ready for IC presentation\n \"contradiction_ruling\", // Judgment on how to handle an irreconcilable contradiction\n \"scope_determination\", // Judgment that defines or redefines investigation scope\n \"confidence_ruling\", // Judgment that overrides automated confidence for policy reasons\n] as const;\nexport type JudgmentType = (typeof JUDGMENT_TYPES)[number];\n\n// =============================================================================\n// SUPPORT RELATION ENUMS\n// =============================================================================\n\n/** Core edge types used in the Integration Surfaces */\nexport const INTEGRATION_EDGE_TYPES = [\n // Support relations\n \"informs\", // Evidence bears on a belief (weight = direction/strength)\n \"grounds\", // Source provides raw basis for evidence\n \"answers\", // Evidence or belief resolves a question\n // Defeat relations (Pollock) — weight carries direction\n \"contradicts\", // Rebuts — direct contradiction\n \"supports\", // Weight carries valence (negative = weakens/undercuts)\n // Structural relations\n \"depends_on\", // Belief B requires Belief A\n \"derived_from\", // Provenance lineage\n \"contains\", // Hierarchical containment\n \"supersedes\", // New version replaces old (lineage)\n \"tests\", // Question tests a belief\n] as const;\nexport type IntegrationEdgeType = (typeof INTEGRATION_EDGE_TYPES)[number];\n"]}
@@ -5,31 +5,19 @@ var SESSION_AUTH_MODES = [
5
5
  "tenant_api_key",
6
6
  "session_token"
7
7
  ];
8
- var SESSION_PRINCIPAL_TYPES = [
9
- "human",
10
- "service",
11
- "agent",
12
- "group",
13
- "external_viewer"
14
- ];
8
+ var SESSION_PRINCIPAL_TYPES = ["human", "service", "agent"];
15
9
  var SESSION_LIFECYCLE_STATUSES = [
16
10
  "active",
17
11
  "expired",
18
12
  "revoked"
19
13
  ];
20
14
  function inferSessionPrincipalType(principalId) {
21
- if (/^user_[A-Za-z0-9]+$/.test(principalId)) {
15
+ if (principalId.startsWith("user:")) {
22
16
  return "human";
23
17
  }
24
18
  if (principalId.startsWith("agent:")) {
25
19
  return "agent";
26
20
  }
27
- if (principalId.startsWith("group:")) {
28
- return "group";
29
- }
30
- if (principalId.startsWith("external:") || principalId.startsWith("external_viewer:")) {
31
- return "external_viewer";
32
- }
33
21
  return "service";
34
22
  }
35
23
  function normalizeDelegationChain(args) {
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/auth.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,kBAAA,GAAqB;AAAA,EAChC,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B;AAAA,EACrC,OAAA;AAAA,EACA,SAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF;AAGO,IAAM,0BAAA,GAA6B;AAAA,EACxC,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AA2CO,SAAS,0BACd,WAAA,EACsB;AACtB,EAAA,IAAI,qBAAA,CAAsB,IAAA,CAAK,WAAW,CAAA,EAAG;AAC3C,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IACE,YAAY,UAAA,CAAW,WAAW,KAClC,WAAA,CAAY,UAAA,CAAW,kBAAkB,CAAA,EACzC;AACA,IAAA,OAAO,iBAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAMF;AACrC,EAAA,IAAI,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,eAAe,CAAA;AAAA,EACjC;AACA,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL;AAAA,MACE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAA,EACE,IAAA,CAAK,eAAA,IAAmB,yBAAA,CAA0B,KAAK,WAAW,CAAA;AAAA,MACpE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,QAAQ,IAAA,CAAK;AAAA;AACf,GACF;AACF;AAEO,SAAS,cACd,eAAA,EACoB;AACpB,EAAA,IAAI,CAAC,eAAA,IAAmB,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AACpD,IAAA;AAAA,EACF;AACA,EAAA,OAAO,eAAA,CAAgB,eAAA,CAAgB,MAAA,GAAS,CAAC,CAAA,EAAG,WAAA;AACtD","file":"auth-context.contract.js","sourcesContent":["/**\n * @lucern/contracts — auth (canonical support contract)\n *\n * Consolidated flat support surface for Lucern authentication:\n * - Session primitives (auth modes, principal types, lifecycle)\n * - AuthContext shape + McpTransportKind + LucernSdkClient alias\n *\n * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts\n * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).\n */\n\n// =============================================================================\n// SESSION PRIMITIVES\n// (Formerly src/auth-session.contract.ts)\n// =============================================================================\n\nexport const SESSION_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const;\nexport type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];\n\nexport const SESSION_PRINCIPAL_TYPES = [\n \"human\",\n \"service\",\n \"agent\",\n \"group\",\n \"external_viewer\",\n] as const;\nexport type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];\n\nexport const SESSION_LIFECYCLE_STATUSES = [\n \"active\",\n \"expired\",\n \"revoked\",\n] as const;\nexport type SessionLifecycleStatus =\n (typeof SESSION_LIFECYCLE_STATUSES)[number];\n\nexport type SessionDelegationHop = {\n principalId: string;\n principalType: SessionPrincipalType;\n authMode?: SessionAuthMode;\n sessionId?: string;\n delegatedAt?: number;\n reason?: string;\n};\n\nexport type SessionAuditOutcome =\n | \"accepted\"\n | \"rejected\"\n | \"revoked\"\n | \"expired\";\n\nexport type SessionAuditEnvelope = {\n sessionId: string;\n authMode: SessionAuthMode;\n principalId: string;\n principalType: SessionPrincipalType;\n tenantId: string;\n workspaceId?: string;\n apiKeyId?: string;\n scopes: readonly string[];\n roles?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n sourceSessionId?: string;\n expiresAt?: number;\n request?: {\n endpoint?: string;\n method?: string;\n correlationId?: string;\n };\n result?: {\n outcome: SessionAuditOutcome;\n reason?: string;\n };\n};\n\nexport function inferSessionPrincipalType(\n principalId: string\n): SessionPrincipalType {\n if (/^user_[A-Za-z0-9]+$/.test(principalId)) {\n return \"human\";\n }\n if (principalId.startsWith(\"agent:\")) {\n return \"agent\";\n }\n if (principalId.startsWith(\"group:\")) {\n return \"group\";\n }\n if (\n principalId.startsWith(\"external:\") ||\n principalId.startsWith(\"external_viewer:\")\n ) {\n return \"external_viewer\";\n }\n return \"service\";\n}\n\nexport function normalizeDelegationChain(args: {\n delegationChain?: readonly SessionDelegationHop[];\n delegatedBy?: string;\n delegatedByType?: SessionPrincipalType;\n delegatedAt?: number;\n reason?: string;\n}): SessionDelegationHop[] | undefined {\n if (args.delegationChain && args.delegationChain.length > 0) {\n return [...args.delegationChain];\n }\n if (!args.delegatedBy) {\n return;\n }\n return [\n {\n principalId: args.delegatedBy,\n principalType:\n args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),\n delegatedAt: args.delegatedAt,\n reason: args.reason,\n },\n ];\n}\n\nexport function lastDelegator(\n delegationChain?: readonly SessionDelegationHop[]\n): string | undefined {\n if (!delegationChain || delegationChain.length === 0) {\n return;\n }\n return delegationChain[delegationChain.length - 1]?.principalId;\n}\n\n// =============================================================================\n// AUTH CONTEXT\n// (Formerly src/auth-context.contract.ts)\n// =============================================================================\n\nimport type { ConvexAdminClient } from \"./convex-admin.contract\";\n\nexport type McpTransportKind = \"stdio\" | \"hosted\";\n\nexport type LucernSdkClient = unknown;\n\n/**\n * Session authentication context — injected by withAuth() middleware.\n *\n * Built from TenantConfig at dispatch time. Agent sessions get\n * AGENT_IDENTITY + \"agent:internal\" role + unrestricted access.\n * User sessions get Clerk userId + resolved role + tool ACLs.\n */\nexport type AuthContext = {\n sessionType: \"agent\" | \"user\";\n userId: string; // AGENT_IDENTITY for agents, Clerk userId for users\n tenantId: string;\n role: string; // \"agent:internal\" | \"platform_admin\" | \"tenant_admin\" | \"editor\" | \"viewer\" | ...\n allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.\n // Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess\n groupIds: string[]; // Groups this user belongs to (empty for agents)\n permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)\n sessionId: string; // S2-13K: MCP process session UUID for audit attribution\n principalId?: string;\n principalType?: SessionPrincipalType;\n workspaceId?: string;\n scopes?: string[];\n authMode?: SessionAuthMode;\n roles?: string[];\n transportKind?: McpTransportKind;\n lucernClient?: LucernSdkClient;\n convex?: ConvexAdminClient;\n setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;\n matchesWorkspaceReasoningScope?: (\n node: unknown,\n scope: unknown\n ) => boolean;\n};\n"]}
1
+ {"version":3,"sources":["../src/auth.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,kBAAA,GAAqB;AAAA,EAChC,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B,CAAC,OAAA,EAAS,SAAA,EAAW,OAAO;AAG5D,IAAM,0BAAA,GAA6B;AAAA,EACxC,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AA2CO,SAAS,0BACd,WAAA,EACsB;AACtB,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,EAAG;AACnC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAMF;AACrC,EAAA,IAAI,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,eAAe,CAAA;AAAA,EACjC;AACA,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL;AAAA,MACE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAA,EACE,IAAA,CAAK,eAAA,IAAmB,yBAAA,CAA0B,KAAK,WAAW,CAAA;AAAA,MACpE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,QAAQ,IAAA,CAAK;AAAA;AACf,GACF;AACF;AAEO,SAAS,cACd,eAAA,EACoB;AACpB,EAAA,IAAI,CAAC,eAAA,IAAmB,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AACpD,IAAA;AAAA,EACF;AACA,EAAA,OAAO,eAAA,CAAgB,eAAA,CAAgB,MAAA,GAAS,CAAC,CAAA,EAAG,WAAA;AACtD","file":"auth-context.contract.js","sourcesContent":["/**\n * @lucern/contracts — auth (canonical support contract)\n *\n * Consolidated flat support surface for Lucern authentication:\n * - Session primitives (auth modes, principal types, lifecycle)\n * - AuthContext shape + McpTransportKind + LucernSdkClient alias\n *\n * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts\n * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).\n */\n\n// =============================================================================\n// SESSION PRIMITIVES\n// (Formerly src/auth-session.contract.ts)\n// =============================================================================\n\nexport const SESSION_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const;\nexport type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];\n\nexport const SESSION_PRINCIPAL_TYPES = [\"human\", \"service\", \"agent\"] as const;\nexport type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];\n\nexport const SESSION_LIFECYCLE_STATUSES = [\n \"active\",\n \"expired\",\n \"revoked\",\n] as const;\nexport type SessionLifecycleStatus =\n (typeof SESSION_LIFECYCLE_STATUSES)[number];\n\nexport type SessionDelegationHop = {\n principalId: string;\n principalType: SessionPrincipalType;\n authMode?: SessionAuthMode;\n sessionId?: string;\n delegatedAt?: number;\n reason?: string;\n};\n\nexport type SessionAuditOutcome =\n | \"accepted\"\n | \"rejected\"\n | \"revoked\"\n | \"expired\";\n\nexport type SessionAuditEnvelope = {\n sessionId: string;\n authMode: SessionAuthMode;\n principalId: string;\n principalType: SessionPrincipalType;\n tenantId: string;\n workspaceId?: string;\n apiKeyId?: string;\n scopes: readonly string[];\n roles?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n sourceSessionId?: string;\n expiresAt?: number;\n request?: {\n endpoint?: string;\n method?: string;\n correlationId?: string;\n };\n result?: {\n outcome: SessionAuditOutcome;\n reason?: string;\n };\n};\n\nexport function inferSessionPrincipalType(\n principalId: string\n): SessionPrincipalType {\n if (principalId.startsWith(\"user:\")) {\n return \"human\";\n }\n if (principalId.startsWith(\"agent:\")) {\n return \"agent\";\n }\n return \"service\";\n}\n\nexport function normalizeDelegationChain(args: {\n delegationChain?: readonly SessionDelegationHop[];\n delegatedBy?: string;\n delegatedByType?: SessionPrincipalType;\n delegatedAt?: number;\n reason?: string;\n}): SessionDelegationHop[] | undefined {\n if (args.delegationChain && args.delegationChain.length > 0) {\n return [...args.delegationChain];\n }\n if (!args.delegatedBy) {\n return;\n }\n return [\n {\n principalId: args.delegatedBy,\n principalType:\n args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),\n delegatedAt: args.delegatedAt,\n reason: args.reason,\n },\n ];\n}\n\nexport function lastDelegator(\n delegationChain?: readonly SessionDelegationHop[]\n): string | undefined {\n if (!delegationChain || delegationChain.length === 0) {\n return;\n }\n return delegationChain[delegationChain.length - 1]?.principalId;\n}\n\n// =============================================================================\n// AUTH CONTEXT\n// (Formerly src/auth-context.contract.ts)\n// =============================================================================\n\nimport type { ConvexAdminClient } from \"./convex-admin.contract\";\n\nexport type McpTransportKind = \"stdio\" | \"hosted\";\n\nexport type LucernSdkClient = unknown;\n\n/**\n * Session authentication context — injected by withAuth() middleware.\n *\n * Built from TenantConfig at dispatch time. Agent sessions get\n * AGENT_IDENTITY + \"agent:internal\" role + unrestricted access.\n * User sessions get Clerk userId + resolved role + tool ACLs.\n */\nexport type AuthContext = {\n sessionType: \"agent\" | \"user\";\n userId: string; // AGENT_IDENTITY for agents, Clerk userId for users\n tenantId: string;\n role: string; // \"agent:internal\" | \"platform_admin\" | \"tenant_admin\" | \"editor\" | \"viewer\" | ...\n allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.\n // Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess\n groupIds: string[]; // Groups this user belongs to (empty for agents)\n permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)\n sessionId: string; // S2-13K: MCP process session UUID for audit attribution\n principalId?: string;\n principalType?: SessionPrincipalType;\n workspaceId?: string;\n scopes?: string[];\n authMode?: SessionAuthMode;\n roles?: string[];\n transportKind?: McpTransportKind;\n lucernClient?: LucernSdkClient;\n convex?: ConvexAdminClient;\n setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;\n matchesWorkspaceReasoningScope?: (\n node: unknown,\n scope: unknown\n ) => boolean;\n};\n"]}
@@ -5,31 +5,19 @@ var SESSION_AUTH_MODES = [
5
5
  "tenant_api_key",
6
6
  "session_token"
7
7
  ];
8
- var SESSION_PRINCIPAL_TYPES = [
9
- "human",
10
- "service",
11
- "agent",
12
- "group",
13
- "external_viewer"
14
- ];
8
+ var SESSION_PRINCIPAL_TYPES = ["human", "service", "agent"];
15
9
  var SESSION_LIFECYCLE_STATUSES = [
16
10
  "active",
17
11
  "expired",
18
12
  "revoked"
19
13
  ];
20
14
  function inferSessionPrincipalType(principalId) {
21
- if (/^user_[A-Za-z0-9]+$/.test(principalId)) {
15
+ if (principalId.startsWith("user:")) {
22
16
  return "human";
23
17
  }
24
18
  if (principalId.startsWith("agent:")) {
25
19
  return "agent";
26
20
  }
27
- if (principalId.startsWith("group:")) {
28
- return "group";
29
- }
30
- if (principalId.startsWith("external:") || principalId.startsWith("external_viewer:")) {
31
- return "external_viewer";
32
- }
33
21
  return "service";
34
22
  }
35
23
  function normalizeDelegationChain(args) {
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/auth.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,kBAAA,GAAqB;AAAA,EAChC,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B;AAAA,EACrC,OAAA;AAAA,EACA,SAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF;AAGO,IAAM,0BAAA,GAA6B;AAAA,EACxC,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AA2CO,SAAS,0BACd,WAAA,EACsB;AACtB,EAAA,IAAI,qBAAA,CAAsB,IAAA,CAAK,WAAW,CAAA,EAAG;AAC3C,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IACE,YAAY,UAAA,CAAW,WAAW,KAClC,WAAA,CAAY,UAAA,CAAW,kBAAkB,CAAA,EACzC;AACA,IAAA,OAAO,iBAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAMF;AACrC,EAAA,IAAI,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,eAAe,CAAA;AAAA,EACjC;AACA,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL;AAAA,MACE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAA,EACE,IAAA,CAAK,eAAA,IAAmB,yBAAA,CAA0B,KAAK,WAAW,CAAA;AAAA,MACpE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,QAAQ,IAAA,CAAK;AAAA;AACf,GACF;AACF;AAEO,SAAS,cACd,eAAA,EACoB;AACpB,EAAA,IAAI,CAAC,eAAA,IAAmB,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AACpD,IAAA;AAAA,EACF;AACA,EAAA,OAAO,eAAA,CAAgB,eAAA,CAAgB,MAAA,GAAS,CAAC,CAAA,EAAG,WAAA;AACtD","file":"auth-session.contract.js","sourcesContent":["/**\n * @lucern/contracts — auth (canonical support contract)\n *\n * Consolidated flat support surface for Lucern authentication:\n * - Session primitives (auth modes, principal types, lifecycle)\n * - AuthContext shape + McpTransportKind + LucernSdkClient alias\n *\n * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts\n * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).\n */\n\n// =============================================================================\n// SESSION PRIMITIVES\n// (Formerly src/auth-session.contract.ts)\n// =============================================================================\n\nexport const SESSION_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const;\nexport type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];\n\nexport const SESSION_PRINCIPAL_TYPES = [\n \"human\",\n \"service\",\n \"agent\",\n \"group\",\n \"external_viewer\",\n] as const;\nexport type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];\n\nexport const SESSION_LIFECYCLE_STATUSES = [\n \"active\",\n \"expired\",\n \"revoked\",\n] as const;\nexport type SessionLifecycleStatus =\n (typeof SESSION_LIFECYCLE_STATUSES)[number];\n\nexport type SessionDelegationHop = {\n principalId: string;\n principalType: SessionPrincipalType;\n authMode?: SessionAuthMode;\n sessionId?: string;\n delegatedAt?: number;\n reason?: string;\n};\n\nexport type SessionAuditOutcome =\n | \"accepted\"\n | \"rejected\"\n | \"revoked\"\n | \"expired\";\n\nexport type SessionAuditEnvelope = {\n sessionId: string;\n authMode: SessionAuthMode;\n principalId: string;\n principalType: SessionPrincipalType;\n tenantId: string;\n workspaceId?: string;\n apiKeyId?: string;\n scopes: readonly string[];\n roles?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n sourceSessionId?: string;\n expiresAt?: number;\n request?: {\n endpoint?: string;\n method?: string;\n correlationId?: string;\n };\n result?: {\n outcome: SessionAuditOutcome;\n reason?: string;\n };\n};\n\nexport function inferSessionPrincipalType(\n principalId: string\n): SessionPrincipalType {\n if (/^user_[A-Za-z0-9]+$/.test(principalId)) {\n return \"human\";\n }\n if (principalId.startsWith(\"agent:\")) {\n return \"agent\";\n }\n if (principalId.startsWith(\"group:\")) {\n return \"group\";\n }\n if (\n principalId.startsWith(\"external:\") ||\n principalId.startsWith(\"external_viewer:\")\n ) {\n return \"external_viewer\";\n }\n return \"service\";\n}\n\nexport function normalizeDelegationChain(args: {\n delegationChain?: readonly SessionDelegationHop[];\n delegatedBy?: string;\n delegatedByType?: SessionPrincipalType;\n delegatedAt?: number;\n reason?: string;\n}): SessionDelegationHop[] | undefined {\n if (args.delegationChain && args.delegationChain.length > 0) {\n return [...args.delegationChain];\n }\n if (!args.delegatedBy) {\n return;\n }\n return [\n {\n principalId: args.delegatedBy,\n principalType:\n args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),\n delegatedAt: args.delegatedAt,\n reason: args.reason,\n },\n ];\n}\n\nexport function lastDelegator(\n delegationChain?: readonly SessionDelegationHop[]\n): string | undefined {\n if (!delegationChain || delegationChain.length === 0) {\n return;\n }\n return delegationChain[delegationChain.length - 1]?.principalId;\n}\n\n// =============================================================================\n// AUTH CONTEXT\n// (Formerly src/auth-context.contract.ts)\n// =============================================================================\n\nimport type { ConvexAdminClient } from \"./convex-admin.contract\";\n\nexport type McpTransportKind = \"stdio\" | \"hosted\";\n\nexport type LucernSdkClient = unknown;\n\n/**\n * Session authentication context — injected by withAuth() middleware.\n *\n * Built from TenantConfig at dispatch time. Agent sessions get\n * AGENT_IDENTITY + \"agent:internal\" role + unrestricted access.\n * User sessions get Clerk userId + resolved role + tool ACLs.\n */\nexport type AuthContext = {\n sessionType: \"agent\" | \"user\";\n userId: string; // AGENT_IDENTITY for agents, Clerk userId for users\n tenantId: string;\n role: string; // \"agent:internal\" | \"platform_admin\" | \"tenant_admin\" | \"editor\" | \"viewer\" | ...\n allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.\n // Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess\n groupIds: string[]; // Groups this user belongs to (empty for agents)\n permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)\n sessionId: string; // S2-13K: MCP process session UUID for audit attribution\n principalId?: string;\n principalType?: SessionPrincipalType;\n workspaceId?: string;\n scopes?: string[];\n authMode?: SessionAuthMode;\n roles?: string[];\n transportKind?: McpTransportKind;\n lucernClient?: LucernSdkClient;\n convex?: ConvexAdminClient;\n setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;\n matchesWorkspaceReasoningScope?: (\n node: unknown,\n scope: unknown\n ) => boolean;\n};\n"]}
1
+ {"version":3,"sources":["../src/auth.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,kBAAA,GAAqB;AAAA,EAChC,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B,CAAC,OAAA,EAAS,SAAA,EAAW,OAAO;AAG5D,IAAM,0BAAA,GAA6B;AAAA,EACxC,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AA2CO,SAAS,0BACd,WAAA,EACsB;AACtB,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,EAAG;AACnC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAMF;AACrC,EAAA,IAAI,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,eAAe,CAAA;AAAA,EACjC;AACA,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL;AAAA,MACE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAA,EACE,IAAA,CAAK,eAAA,IAAmB,yBAAA,CAA0B,KAAK,WAAW,CAAA;AAAA,MACpE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,QAAQ,IAAA,CAAK;AAAA;AACf,GACF;AACF;AAEO,SAAS,cACd,eAAA,EACoB;AACpB,EAAA,IAAI,CAAC,eAAA,IAAmB,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AACpD,IAAA;AAAA,EACF;AACA,EAAA,OAAO,eAAA,CAAgB,eAAA,CAAgB,MAAA,GAAS,CAAC,CAAA,EAAG,WAAA;AACtD","file":"auth-session.contract.js","sourcesContent":["/**\n * @lucern/contracts — auth (canonical support contract)\n *\n * Consolidated flat support surface for Lucern authentication:\n * - Session primitives (auth modes, principal types, lifecycle)\n * - AuthContext shape + McpTransportKind + LucernSdkClient alias\n *\n * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts\n * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).\n */\n\n// =============================================================================\n// SESSION PRIMITIVES\n// (Formerly src/auth-session.contract.ts)\n// =============================================================================\n\nexport const SESSION_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const;\nexport type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];\n\nexport const SESSION_PRINCIPAL_TYPES = [\"human\", \"service\", \"agent\"] as const;\nexport type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];\n\nexport const SESSION_LIFECYCLE_STATUSES = [\n \"active\",\n \"expired\",\n \"revoked\",\n] as const;\nexport type SessionLifecycleStatus =\n (typeof SESSION_LIFECYCLE_STATUSES)[number];\n\nexport type SessionDelegationHop = {\n principalId: string;\n principalType: SessionPrincipalType;\n authMode?: SessionAuthMode;\n sessionId?: string;\n delegatedAt?: number;\n reason?: string;\n};\n\nexport type SessionAuditOutcome =\n | \"accepted\"\n | \"rejected\"\n | \"revoked\"\n | \"expired\";\n\nexport type SessionAuditEnvelope = {\n sessionId: string;\n authMode: SessionAuthMode;\n principalId: string;\n principalType: SessionPrincipalType;\n tenantId: string;\n workspaceId?: string;\n apiKeyId?: string;\n scopes: readonly string[];\n roles?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n sourceSessionId?: string;\n expiresAt?: number;\n request?: {\n endpoint?: string;\n method?: string;\n correlationId?: string;\n };\n result?: {\n outcome: SessionAuditOutcome;\n reason?: string;\n };\n};\n\nexport function inferSessionPrincipalType(\n principalId: string\n): SessionPrincipalType {\n if (principalId.startsWith(\"user:\")) {\n return \"human\";\n }\n if (principalId.startsWith(\"agent:\")) {\n return \"agent\";\n }\n return \"service\";\n}\n\nexport function normalizeDelegationChain(args: {\n delegationChain?: readonly SessionDelegationHop[];\n delegatedBy?: string;\n delegatedByType?: SessionPrincipalType;\n delegatedAt?: number;\n reason?: string;\n}): SessionDelegationHop[] | undefined {\n if (args.delegationChain && args.delegationChain.length > 0) {\n return [...args.delegationChain];\n }\n if (!args.delegatedBy) {\n return;\n }\n return [\n {\n principalId: args.delegatedBy,\n principalType:\n args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),\n delegatedAt: args.delegatedAt,\n reason: args.reason,\n },\n ];\n}\n\nexport function lastDelegator(\n delegationChain?: readonly SessionDelegationHop[]\n): string | undefined {\n if (!delegationChain || delegationChain.length === 0) {\n return;\n }\n return delegationChain[delegationChain.length - 1]?.principalId;\n}\n\n// =============================================================================\n// AUTH CONTEXT\n// (Formerly src/auth-context.contract.ts)\n// =============================================================================\n\nimport type { ConvexAdminClient } from \"./convex-admin.contract\";\n\nexport type McpTransportKind = \"stdio\" | \"hosted\";\n\nexport type LucernSdkClient = unknown;\n\n/**\n * Session authentication context — injected by withAuth() middleware.\n *\n * Built from TenantConfig at dispatch time. Agent sessions get\n * AGENT_IDENTITY + \"agent:internal\" role + unrestricted access.\n * User sessions get Clerk userId + resolved role + tool ACLs.\n */\nexport type AuthContext = {\n sessionType: \"agent\" | \"user\";\n userId: string; // AGENT_IDENTITY for agents, Clerk userId for users\n tenantId: string;\n role: string; // \"agent:internal\" | \"platform_admin\" | \"tenant_admin\" | \"editor\" | \"viewer\" | ...\n allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.\n // Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess\n groupIds: string[]; // Groups this user belongs to (empty for agents)\n permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)\n sessionId: string; // S2-13K: MCP process session UUID for audit attribution\n principalId?: string;\n principalType?: SessionPrincipalType;\n workspaceId?: string;\n scopes?: string[];\n authMode?: SessionAuthMode;\n roles?: string[];\n transportKind?: McpTransportKind;\n lucernClient?: LucernSdkClient;\n convex?: ConvexAdminClient;\n setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;\n matchesWorkspaceReasoningScope?: (\n node: unknown,\n scope: unknown\n ) => boolean;\n};\n"]}
@@ -12,7 +12,7 @@ import { ConvexAdminClient } from './convex-admin.contract.js';
12
12
  */
13
13
  declare const SESSION_AUTH_MODES: readonly ["interactive_user", "service_principal", "tenant_api_key", "session_token"];
14
14
  type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];
15
- declare const SESSION_PRINCIPAL_TYPES: readonly ["human", "service", "agent", "group", "external_viewer"];
15
+ declare const SESSION_PRINCIPAL_TYPES: readonly ["human", "service", "agent"];
16
16
  type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];
17
17
  declare const SESSION_LIFECYCLE_STATUSES: readonly ["active", "expired", "revoked"];
18
18
  type SessionLifecycleStatus = (typeof SESSION_LIFECYCLE_STATUSES)[number];
@@ -5,31 +5,19 @@ var SESSION_AUTH_MODES = [
5
5
  "tenant_api_key",
6
6
  "session_token"
7
7
  ];
8
- var SESSION_PRINCIPAL_TYPES = [
9
- "human",
10
- "service",
11
- "agent",
12
- "group",
13
- "external_viewer"
14
- ];
8
+ var SESSION_PRINCIPAL_TYPES = ["human", "service", "agent"];
15
9
  var SESSION_LIFECYCLE_STATUSES = [
16
10
  "active",
17
11
  "expired",
18
12
  "revoked"
19
13
  ];
20
14
  function inferSessionPrincipalType(principalId) {
21
- if (/^user_[A-Za-z0-9]+$/.test(principalId)) {
15
+ if (principalId.startsWith("user:")) {
22
16
  return "human";
23
17
  }
24
18
  if (principalId.startsWith("agent:")) {
25
19
  return "agent";
26
20
  }
27
- if (principalId.startsWith("group:")) {
28
- return "group";
29
- }
30
- if (principalId.startsWith("external:") || principalId.startsWith("external_viewer:")) {
31
- return "external_viewer";
32
- }
33
21
  return "service";
34
22
  }
35
23
  function normalizeDelegationChain(args) {
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/auth.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,kBAAA,GAAqB;AAAA,EAChC,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B;AAAA,EACrC,OAAA;AAAA,EACA,SAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF;AAGO,IAAM,0BAAA,GAA6B;AAAA,EACxC,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AA2CO,SAAS,0BACd,WAAA,EACsB;AACtB,EAAA,IAAI,qBAAA,CAAsB,IAAA,CAAK,WAAW,CAAA,EAAG;AAC3C,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IACE,YAAY,UAAA,CAAW,WAAW,KAClC,WAAA,CAAY,UAAA,CAAW,kBAAkB,CAAA,EACzC;AACA,IAAA,OAAO,iBAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAMF;AACrC,EAAA,IAAI,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,eAAe,CAAA;AAAA,EACjC;AACA,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL;AAAA,MACE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAA,EACE,IAAA,CAAK,eAAA,IAAmB,yBAAA,CAA0B,KAAK,WAAW,CAAA;AAAA,MACpE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,QAAQ,IAAA,CAAK;AAAA;AACf,GACF;AACF;AAEO,SAAS,cACd,eAAA,EACoB;AACpB,EAAA,IAAI,CAAC,eAAA,IAAmB,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AACpD,IAAA;AAAA,EACF;AACA,EAAA,OAAO,eAAA,CAAgB,eAAA,CAAgB,MAAA,GAAS,CAAC,CAAA,EAAG,WAAA;AACtD","file":"auth.contract.js","sourcesContent":["/**\n * @lucern/contracts — auth (canonical support contract)\n *\n * Consolidated flat support surface for Lucern authentication:\n * - Session primitives (auth modes, principal types, lifecycle)\n * - AuthContext shape + McpTransportKind + LucernSdkClient alias\n *\n * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts\n * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).\n */\n\n// =============================================================================\n// SESSION PRIMITIVES\n// (Formerly src/auth-session.contract.ts)\n// =============================================================================\n\nexport const SESSION_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const;\nexport type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];\n\nexport const SESSION_PRINCIPAL_TYPES = [\n \"human\",\n \"service\",\n \"agent\",\n \"group\",\n \"external_viewer\",\n] as const;\nexport type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];\n\nexport const SESSION_LIFECYCLE_STATUSES = [\n \"active\",\n \"expired\",\n \"revoked\",\n] as const;\nexport type SessionLifecycleStatus =\n (typeof SESSION_LIFECYCLE_STATUSES)[number];\n\nexport type SessionDelegationHop = {\n principalId: string;\n principalType: SessionPrincipalType;\n authMode?: SessionAuthMode;\n sessionId?: string;\n delegatedAt?: number;\n reason?: string;\n};\n\nexport type SessionAuditOutcome =\n | \"accepted\"\n | \"rejected\"\n | \"revoked\"\n | \"expired\";\n\nexport type SessionAuditEnvelope = {\n sessionId: string;\n authMode: SessionAuthMode;\n principalId: string;\n principalType: SessionPrincipalType;\n tenantId: string;\n workspaceId?: string;\n apiKeyId?: string;\n scopes: readonly string[];\n roles?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n sourceSessionId?: string;\n expiresAt?: number;\n request?: {\n endpoint?: string;\n method?: string;\n correlationId?: string;\n };\n result?: {\n outcome: SessionAuditOutcome;\n reason?: string;\n };\n};\n\nexport function inferSessionPrincipalType(\n principalId: string\n): SessionPrincipalType {\n if (/^user_[A-Za-z0-9]+$/.test(principalId)) {\n return \"human\";\n }\n if (principalId.startsWith(\"agent:\")) {\n return \"agent\";\n }\n if (principalId.startsWith(\"group:\")) {\n return \"group\";\n }\n if (\n principalId.startsWith(\"external:\") ||\n principalId.startsWith(\"external_viewer:\")\n ) {\n return \"external_viewer\";\n }\n return \"service\";\n}\n\nexport function normalizeDelegationChain(args: {\n delegationChain?: readonly SessionDelegationHop[];\n delegatedBy?: string;\n delegatedByType?: SessionPrincipalType;\n delegatedAt?: number;\n reason?: string;\n}): SessionDelegationHop[] | undefined {\n if (args.delegationChain && args.delegationChain.length > 0) {\n return [...args.delegationChain];\n }\n if (!args.delegatedBy) {\n return;\n }\n return [\n {\n principalId: args.delegatedBy,\n principalType:\n args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),\n delegatedAt: args.delegatedAt,\n reason: args.reason,\n },\n ];\n}\n\nexport function lastDelegator(\n delegationChain?: readonly SessionDelegationHop[]\n): string | undefined {\n if (!delegationChain || delegationChain.length === 0) {\n return;\n }\n return delegationChain[delegationChain.length - 1]?.principalId;\n}\n\n// =============================================================================\n// AUTH CONTEXT\n// (Formerly src/auth-context.contract.ts)\n// =============================================================================\n\nimport type { ConvexAdminClient } from \"./convex-admin.contract\";\n\nexport type McpTransportKind = \"stdio\" | \"hosted\";\n\nexport type LucernSdkClient = unknown;\n\n/**\n * Session authentication context — injected by withAuth() middleware.\n *\n * Built from TenantConfig at dispatch time. Agent sessions get\n * AGENT_IDENTITY + \"agent:internal\" role + unrestricted access.\n * User sessions get Clerk userId + resolved role + tool ACLs.\n */\nexport type AuthContext = {\n sessionType: \"agent\" | \"user\";\n userId: string; // AGENT_IDENTITY for agents, Clerk userId for users\n tenantId: string;\n role: string; // \"agent:internal\" | \"platform_admin\" | \"tenant_admin\" | \"editor\" | \"viewer\" | ...\n allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.\n // Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess\n groupIds: string[]; // Groups this user belongs to (empty for agents)\n permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)\n sessionId: string; // S2-13K: MCP process session UUID for audit attribution\n principalId?: string;\n principalType?: SessionPrincipalType;\n workspaceId?: string;\n scopes?: string[];\n authMode?: SessionAuthMode;\n roles?: string[];\n transportKind?: McpTransportKind;\n lucernClient?: LucernSdkClient;\n convex?: ConvexAdminClient;\n setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;\n matchesWorkspaceReasoningScope?: (\n node: unknown,\n scope: unknown\n ) => boolean;\n};\n"]}
1
+ {"version":3,"sources":["../src/auth.contract.ts"],"names":[],"mappings":";AAgBO,IAAM,kBAAA,GAAqB;AAAA,EAChC,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAGO,IAAM,uBAAA,GAA0B,CAAC,OAAA,EAAS,SAAA,EAAW,OAAO;AAG5D,IAAM,0BAAA,GAA6B;AAAA,EACxC,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AA2CO,SAAS,0BACd,WAAA,EACsB;AACtB,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,EAAG;AACnC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,IAAI,WAAA,CAAY,UAAA,CAAW,QAAQ,CAAA,EAAG;AACpC,IAAA,OAAO,OAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAEO,SAAS,yBAAyB,IAAA,EAMF;AACrC,EAAA,IAAI,IAAA,CAAK,eAAA,IAAmB,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,eAAe,CAAA;AAAA,EACjC;AACA,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL;AAAA,MACE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,aAAA,EACE,IAAA,CAAK,eAAA,IAAmB,yBAAA,CAA0B,KAAK,WAAW,CAAA;AAAA,MACpE,aAAa,IAAA,CAAK,WAAA;AAAA,MAClB,QAAQ,IAAA,CAAK;AAAA;AACf,GACF;AACF;AAEO,SAAS,cACd,eAAA,EACoB;AACpB,EAAA,IAAI,CAAC,eAAA,IAAmB,eAAA,CAAgB,MAAA,KAAW,CAAA,EAAG;AACpD,IAAA;AAAA,EACF;AACA,EAAA,OAAO,eAAA,CAAgB,eAAA,CAAgB,MAAA,GAAS,CAAC,CAAA,EAAG,WAAA;AACtD","file":"auth.contract.js","sourcesContent":["/**\n * @lucern/contracts — auth (canonical support contract)\n *\n * Consolidated flat support surface for Lucern authentication:\n * - Session primitives (auth modes, principal types, lifecycle)\n * - AuthContext shape + McpTransportKind + LucernSdkClient alias\n *\n * Consolidated from src/auth-session.contract.ts and src/auth-context.contract.ts\n * in EK-16 T1 PR 3a. Compat shims remain at both old paths until Lucern 1.0.0 (D12).\n */\n\n// =============================================================================\n// SESSION PRIMITIVES\n// (Formerly src/auth-session.contract.ts)\n// =============================================================================\n\nexport const SESSION_AUTH_MODES = [\n \"interactive_user\",\n \"service_principal\",\n \"tenant_api_key\",\n \"session_token\",\n] as const;\nexport type SessionAuthMode = (typeof SESSION_AUTH_MODES)[number];\n\nexport const SESSION_PRINCIPAL_TYPES = [\"human\", \"service\", \"agent\"] as const;\nexport type SessionPrincipalType = (typeof SESSION_PRINCIPAL_TYPES)[number];\n\nexport const SESSION_LIFECYCLE_STATUSES = [\n \"active\",\n \"expired\",\n \"revoked\",\n] as const;\nexport type SessionLifecycleStatus =\n (typeof SESSION_LIFECYCLE_STATUSES)[number];\n\nexport type SessionDelegationHop = {\n principalId: string;\n principalType: SessionPrincipalType;\n authMode?: SessionAuthMode;\n sessionId?: string;\n delegatedAt?: number;\n reason?: string;\n};\n\nexport type SessionAuditOutcome =\n | \"accepted\"\n | \"rejected\"\n | \"revoked\"\n | \"expired\";\n\nexport type SessionAuditEnvelope = {\n sessionId: string;\n authMode: SessionAuthMode;\n principalId: string;\n principalType: SessionPrincipalType;\n tenantId: string;\n workspaceId?: string;\n apiKeyId?: string;\n scopes: readonly string[];\n roles?: readonly string[];\n delegationChain?: readonly SessionDelegationHop[];\n sourceSessionId?: string;\n expiresAt?: number;\n request?: {\n endpoint?: string;\n method?: string;\n correlationId?: string;\n };\n result?: {\n outcome: SessionAuditOutcome;\n reason?: string;\n };\n};\n\nexport function inferSessionPrincipalType(\n principalId: string\n): SessionPrincipalType {\n if (principalId.startsWith(\"user:\")) {\n return \"human\";\n }\n if (principalId.startsWith(\"agent:\")) {\n return \"agent\";\n }\n return \"service\";\n}\n\nexport function normalizeDelegationChain(args: {\n delegationChain?: readonly SessionDelegationHop[];\n delegatedBy?: string;\n delegatedByType?: SessionPrincipalType;\n delegatedAt?: number;\n reason?: string;\n}): SessionDelegationHop[] | undefined {\n if (args.delegationChain && args.delegationChain.length > 0) {\n return [...args.delegationChain];\n }\n if (!args.delegatedBy) {\n return;\n }\n return [\n {\n principalId: args.delegatedBy,\n principalType:\n args.delegatedByType ?? inferSessionPrincipalType(args.delegatedBy),\n delegatedAt: args.delegatedAt,\n reason: args.reason,\n },\n ];\n}\n\nexport function lastDelegator(\n delegationChain?: readonly SessionDelegationHop[]\n): string | undefined {\n if (!delegationChain || delegationChain.length === 0) {\n return;\n }\n return delegationChain[delegationChain.length - 1]?.principalId;\n}\n\n// =============================================================================\n// AUTH CONTEXT\n// (Formerly src/auth-context.contract.ts)\n// =============================================================================\n\nimport type { ConvexAdminClient } from \"./convex-admin.contract\";\n\nexport type McpTransportKind = \"stdio\" | \"hosted\";\n\nexport type LucernSdkClient = unknown;\n\n/**\n * Session authentication context — injected by withAuth() middleware.\n *\n * Built from TenantConfig at dispatch time. Agent sessions get\n * AGENT_IDENTITY + \"agent:internal\" role + unrestricted access.\n * User sessions get Clerk userId + resolved role + tool ACLs.\n */\nexport type AuthContext = {\n sessionType: \"agent\" | \"user\";\n userId: string; // AGENT_IDENTITY for agents, Clerk userId for users\n tenantId: string;\n role: string; // \"agent:internal\" | \"platform_admin\" | \"tenant_admin\" | \"editor\" | \"viewer\" | ...\n allowedTopics: string[] | null; // null = unrestricted (agents, admins). Block 11D populates this.\n // Layer 2a: Group-pack binding — resolved at boot from MC resolveUserPackAccess\n groupIds: string[]; // Groups this user belongs to (empty for agents)\n permittedPackKeys: string[]; // Packs accessible via group assignments (empty = no pack filtering)\n sessionId: string; // S2-13K: MCP process session UUID for audit attribution\n principalId?: string;\n principalType?: SessionPrincipalType;\n workspaceId?: string;\n scopes?: string[];\n authMode?: SessionAuthMode;\n roles?: string[];\n transportKind?: McpTransportKind;\n lucernClient?: LucernSdkClient;\n convex?: ConvexAdminClient;\n setDefaultScopeContext?: (scopeId: string) => Promise<unknown>;\n matchesWorkspaceReasoningScope?: (\n node: unknown,\n scope: unknown\n ) => boolean;\n};\n"]}
@@ -1,7 +1,7 @@
1
1
  import { TableOwnershipLayer, TABLE_OWNERSHIP } from './generated/tableOwnership.js';
2
2
 
3
3
  declare const COMPONENT_BOUNDARY_CONTRACT_VERSION: "2026-04-27";
4
- declare const COMPONENT_BOUNDARY_COMPONENT_LAYERS: readonly ["C", "K"];
4
+ declare const COMPONENT_BOUNDARY_COMPONENT_LAYERS: readonly ["I", "K"];
5
5
  type ComponentBoundaryComponentLayer = (typeof COMPONENT_BOUNDARY_COMPONENT_LAYERS)[number];
6
6
  declare const COMPONENT_BOUNDARY_DIRECT_DB_METHODS: readonly ["insert", "patch", "replace", "delete", "query"];
7
7
  type ComponentBoundaryDirectDbMethod = (typeof COMPONENT_BOUNDARY_DIRECT_DB_METHODS)[number];
@@ -2,7 +2,7 @@
2
2
  var TABLE_OWNERSHIP = {
3
3
  "agentMessages": "K",
4
4
  "agentRegistryEntries": "L",
5
- "agents": "C",
5
+ "agents": "I",
6
6
  "agentSessions": "K",
7
7
  "apiKeys": "L",
8
8
  "auditLog": "L",
@@ -21,7 +21,6 @@ var TABLE_OWNERSHIP = {
21
21
  "controlPlaneTenantModelSlotBindings": "L",
22
22
  "controlPlaneTenantProviderSecrets": "L",
23
23
  "controlPlaneTenantProxyGatewayUsage": "L",
24
- "controlPlaneTenantProxyTokenLeases": "L",
25
24
  "controlPlaneToolAcls": "L",
26
25
  "crossProjectConnections": "K",
27
26
  "cutoverFlags": "L",
@@ -32,8 +31,6 @@ var TABLE_OWNERSHIP = {
32
31
  "decisionSnapshots": "K",
33
32
  "deliberationContributions": "K",
34
33
  "deliberationSessions": "K",
35
- "deploymentHosts": "L",
36
- "domainEvents": "K",
37
34
  "epistemicAudit": "K",
38
35
  "epistemicContracts": "K",
39
36
  "epistemicEdges": "K",
@@ -49,13 +46,13 @@ var TABLE_OWNERSHIP = {
49
46
  "idempotencyTokens": "K",
50
47
  "lenses": "K",
51
48
  "lensTopicBindings": "K",
52
- "mcpWritePolicy": "C",
49
+ "mcpWritePolicy": "I",
53
50
  "memberships": "L",
54
51
  "methodologyPacks": "L",
55
- "modelCallLogs": "C",
56
- "modelFunctionSlots": "C",
57
- "modelRegistry": "C",
58
- "modelSlotConfigs": "C",
52
+ "modelCallLogs": "I",
53
+ "modelFunctionSlots": "I",
54
+ "modelRegistry": "I",
55
+ "modelSlotConfigs": "I",
59
56
  "neo4jSyncQueue": "K",
60
57
  "oauthDeviceCodes": "L",
61
58
  "ontologyDefinitions": "K",
@@ -66,65 +63,48 @@ var TABLE_OWNERSHIP = {
66
63
  "packGroupAssignments": "L",
67
64
  "packInstallations": "L",
68
65
  "packVersions": "L",
69
- "permitAccessReviewItems": "C",
70
- "permitAccessReviews": "C",
71
- "permitAttributeBindings": "C",
72
- "permitGroupMemberships": "C",
73
- "permitGroups": "C",
74
- "permitPolicyBundles": "C",
75
- "permitPolicyDecisionReceipts": "C",
76
- "permitPrincipalAliases": "C",
77
- "permitPrincipals": "C",
78
- "permitProjectionOutbox": "C",
79
- "permitRelationshipTuples": "C",
80
- "permitResourceInstances": "C",
81
- "permitRoleAssignments": "C",
82
- "permitSyncStates": "L",
83
66
  "platformAgentRunPolicyDecisions": "K",
84
67
  "platformAgentRunPromptResolutions": "K",
85
68
  "platformAgentRuns": "K",
86
69
  "platformAgentRunToolCalls": "K",
87
- "platformAudienceGrants": "C",
88
- "platformAudiences": "C",
70
+ "platformAudienceGrants": "I",
71
+ "platformAudiences": "I",
89
72
  "platformHarnessShadowAudit": "K",
90
- "platformPolicyDecisionLogs": "C",
73
+ "platformPolicyDecisionLogs": "I",
91
74
  "policyBundles": "L",
92
75
  "policyDecisionLogs": "L",
93
76
  "policySimulations": "L",
94
- "principalIdentityAliases": "L",
95
77
  "principals": "L",
96
- "projectGrants": "C",
78
+ "projectGrants": "I",
97
79
  "publicationRules": "K",
98
80
  "questionEvidenceLinks": "K",
99
81
  "rateLimitWindows": "L",
100
- "reasoningPermissions": "C",
82
+ "reasoningPermissions": "I",
101
83
  "researchJobs": "K",
102
84
  "schemaEnumConfig": "K",
103
- "secretSyncDriftReports": "L",
104
85
  "servicePrincipalKeys": "L",
105
86
  "stakeholderGroups": "K",
106
87
  "systemLogs": "K",
107
88
  "tasks": "K",
108
- "tenantApiKeys": "C",
109
- "tenantConfig": "C",
89
+ "tenantApiKeys": "I",
90
+ "tenantConfig": "I",
110
91
  "tenantDeploymentCredentials": "L",
111
- "tenantIntegrations": "C",
92
+ "tenantIntegrations": "I",
112
93
  "tenantMethodologyAssignments": "L",
113
- "tenantModelSlotBindings": "C",
114
- "tenantPermitSyncStates": "C",
115
- "tenantPolicies": "C",
116
- "tenantProviderSecrets": "C",
117
- "tenantProxyGatewayUsage": "C",
118
- "tenantProxyTokenMints": "C",
94
+ "tenantModelSlotBindings": "I",
95
+ "tenantPolicies": "I",
96
+ "tenantProviderSecrets": "I",
97
+ "tenantProxyGatewayUsage": "I",
98
+ "tenantProxyTokenMints": "I",
119
99
  "tenants": "L",
120
- "tenantSandboxAuditEvents": "C",
121
- "tenantSecrets": "C",
122
- "toolAcls": "C",
100
+ "tenantSandboxAuditEvents": "I",
101
+ "tenantSecrets": "I",
102
+ "toolAcls": "I",
123
103
  "toolCatalog": "L",
124
- "toolRegistry": "C",
104
+ "toolRegistry": "I",
125
105
  "toolRegistryEntries": "L",
126
106
  "topics": "K",
127
- "users": "C",
107
+ "users": "I",
128
108
  "userSessions": "L",
129
109
  "workflowDefinitions": "K",
130
110
  "workflowPullRequests": "K",
@@ -137,7 +117,7 @@ var TABLE_OWNERSHIP = {
137
117
  // src/component-boundary.contract.ts
138
118
  var COMPONENT_BOUNDARY_CONTRACT_VERSION = "2026-04-27";
139
119
  var COMPONENT_BOUNDARY_COMPONENT_LAYERS = [
140
- "C",
120
+ "I",
141
121
  "K"
142
122
  ];
143
123
  var COMPONENT_BOUNDARY_DIRECT_DB_METHODS = [
@@ -167,7 +147,7 @@ function getComponentBoundaryTableLayer(tableName) {
167
147
  }
168
148
  function isComponentBoundaryComponentOwnedTable(tableName) {
169
149
  const layer = getComponentBoundaryTableLayer(tableName);
170
- return layer === "C" || layer === "K";
150
+ return layer === "I" || layer === "K";
171
151
  }
172
152
 
173
153
  export { COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, getComponentBoundaryTableLayer, isComponentBoundaryComponentOwnedTable };
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/generated/tableOwnership.ts","../src/component-boundary.contract.ts"],"names":[],"mappings":";AAmJO,IAAM,eAAA,GAAkB;AAAA,EAC7B,eAAA,EAAiB,GAAA;AAAA,EACjB,sBAAA,EAAwB,GAAA;AAAA,EACxB,QAAA,EAAU,GAAA;AAAA,EACV,eAAA,EAAiB,GAAA;AAAA,EACjB,SAAA,EAAW,GAAA;AAAA,EACX,UAAA,EAAY,GAAA;AAAA,EACZ,aAAA,EAAe,GAAA;AAAA,EACf,mBAAA,EAAqB,GAAA;AAAA,EACrB,uBAAA,EAAyB,GAAA;AAAA,EACzB,kBAAA,EAAoB,GAAA;AAAA,EACpB,qBAAA,EAAuB,GAAA;AAAA,EACvB,eAAA,EAAiB,GAAA;AAAA,EACjB,iBAAA,EAAmB,GAAA;AAAA,EACnB,aAAA,EAAe,GAAA;AAAA,EACf,mBAAA,EAAqB,GAAA;AAAA,EACrB,oBAAA,EAAsB,GAAA;AAAA,EACtB,qBAAA,EAAuB,GAAA;AAAA,EACvB,gBAAA,EAAkB,GAAA;AAAA,EAClB,qCAAA,EAAuC,GAAA;AAAA,EACvC,mCAAA,EAAqC,GAAA;AAAA,EACrC,qCAAA,EAAuC,GAAA;AAAA,EACvC,oCAAA,EAAsC,GAAA;AAAA,EACtC,sBAAA,EAAwB,GAAA;AAAA,EACxB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,cAAA,EAAgB,GAAA;AAAA,EAChB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,gBAAA,EAAkB,GAAA;AAAA,EAClB,sBAAA,EAAwB,GAAA;AAAA,EACxB,oBAAA,EAAsB,GAAA;AAAA,EACtB,mBAAA,EAAqB,GAAA;AAAA,EACrB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,sBAAA,EAAwB,GAAA;AAAA,EACxB,iBAAA,EAAmB,GAAA;AAAA,EACnB,cAAA,EAAgB,GAAA;AAAA,EAChB,gBAAA,EAAkB,GAAA;AAAA,EAClB,oBAAA,EAAsB,GAAA;AAAA,EACtB,gBAAA,EAAkB,GAAA;AAAA,EAClB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,gBAAA,EAAkB,GAAA;AAAA,EAClB,oBAAA,EAAsB,GAAA;AAAA,EACtB,sBAAA,EAAwB,GAAA;AAAA,EACxB,kBAAA,EAAoB,GAAA;AAAA,EACpB,kBAAA,EAAoB,GAAA;AAAA,EACpB,QAAA,EAAU,GAAA;AAAA,EACV,gBAAA,EAAkB,GAAA;AAAA,EAClB,aAAA,EAAe,GAAA;AAAA,EACf,mBAAA,EAAqB,GAAA;AAAA,EACrB,QAAA,EAAU,GAAA;AAAA,EACV,mBAAA,EAAqB,GAAA;AAAA,EACrB,gBAAA,EAAkB,GAAA;AAAA,EAClB,aAAA,EAAe,GAAA;AAAA,EACf,kBAAA,EAAoB,GAAA;AAAA,EACpB,eAAA,EAAiB,GAAA;AAAA,EACjB,oBAAA,EAAsB,GAAA;AAAA,EACtB,eAAA,EAAiB,GAAA;AAAA,EACjB,kBAAA,EAAoB,GAAA;AAAA,EACpB,gBAAA,EAAkB,GAAA;AAAA,EAClB,kBAAA,EAAoB,GAAA;AAAA,EACpB,qBAAA,EAAuB,GAAA;AAAA,EACvB,kBAAA,EAAoB,GAAA;AAAA,EACpB,iBAAA,EAAmB,GAAA;AAAA,EACnB,iBAAA,EAAmB,GAAA;AAAA,EACnB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,mBAAA,EAAqB,GAAA;AAAA,EACrB,cAAA,EAAgB,GAAA;AAAA,EAChB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,qBAAA,EAAuB,GAAA;AAAA,EACvB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,wBAAA,EAA0B,GAAA;AAAA,EAC1B,cAAA,EAAgB,GAAA;AAAA,EAChB,qBAAA,EAAuB,GAAA;AAAA,EACvB,8BAAA,EAAgC,GAAA;AAAA,EAChC,wBAAA,EAA0B,GAAA;AAAA,EAC1B,kBAAA,EAAoB,GAAA;AAAA,EACpB,wBAAA,EAA0B,GAAA;AAAA,EAC1B,0BAAA,EAA4B,GAAA;AAAA,EAC5B,yBAAA,EAA2B,GAAA;AAAA,EAC3B,uBAAA,EAAyB,GAAA;AAAA,EACzB,kBAAA,EAAoB,GAAA;AAAA,EACpB,iCAAA,EAAmC,GAAA;AAAA,EACnC,mCAAA,EAAqC,GAAA;AAAA,EACrC,mBAAA,EAAqB,GAAA;AAAA,EACrB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,wBAAA,EAA0B,GAAA;AAAA,EAC1B,mBAAA,EAAqB,GAAA;AAAA,EACrB,4BAAA,EAA8B,GAAA;AAAA,EAC9B,4BAAA,EAA8B,GAAA;AAAA,EAC9B,eAAA,EAAiB,GAAA;AAAA,EACjB,oBAAA,EAAsB,GAAA;AAAA,EACtB,mBAAA,EAAqB,GAAA;AAAA,EACrB,0BAAA,EAA4B,GAAA;AAAA,EAC5B,YAAA,EAAc,GAAA;AAAA,EACd,eAAA,EAAiB,GAAA;AAAA,EACjB,kBAAA,EAAoB,GAAA;AAAA,EACpB,uBAAA,EAAyB,GAAA;AAAA,EACzB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,cAAA,EAAgB,GAAA;AAAA,EAChB,kBAAA,EAAoB,GAAA;AAAA,EACpB,wBAAA,EAA0B,GAAA;AAAA,EAC1B,sBAAA,EAAwB,GAAA;AAAA,EACxB,mBAAA,EAAqB,GAAA;AAAA,EACrB,YAAA,EAAc,GAAA;AAAA,EACd,OAAA,EAAS,GAAA;AAAA,EACT,eAAA,EAAiB,GAAA;AAAA,EACjB,cAAA,EAAgB,GAAA;AAAA,EAChB,6BAAA,EAA+B,GAAA;AAAA,EAC/B,oBAAA,EAAsB,GAAA;AAAA,EACtB,8BAAA,EAAgC,GAAA;AAAA,EAChC,yBAAA,EAA2B,GAAA;AAAA,EAC3B,wBAAA,EAA0B,GAAA;AAAA,EAC1B,gBAAA,EAAkB,GAAA;AAAA,EAClB,uBAAA,EAAyB,GAAA;AAAA,EACzB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,uBAAA,EAAyB,GAAA;AAAA,EACzB,SAAA,EAAW,GAAA;AAAA,EACX,0BAAA,EAA4B,GAAA;AAAA,EAC5B,eAAA,EAAiB,GAAA;AAAA,EACjB,UAAA,EAAY,GAAA;AAAA,EACZ,aAAA,EAAe,GAAA;AAAA,EACf,cAAA,EAAgB,GAAA;AAAA,EAChB,qBAAA,EAAuB,GAAA;AAAA,EACvB,QAAA,EAAU,GAAA;AAAA,EACV,OAAA,EAAS,GAAA;AAAA,EACT,cAAA,EAAgB,GAAA;AAAA,EAChB,qBAAA,EAAuB,GAAA;AAAA,EACvB,sBAAA,EAAwB,GAAA;AAAA,EACxB,gBAAA,EAAkB,GAAA;AAAA,EAClB,YAAA,EAAc,GAAA;AAAA,EACd,uBAAA,EAAyB,GAAA;AAAA,EACzB,WAAA,EAAa;AACf,CAAA;;;ACnRO,IAAM,mCAAA,GAAsC;AAE5C,IAAM,mCAAA,GAAsC;AAAA,EACjD,GAAA;AAAA,EACA;AACF;AAIO,IAAM,oCAAA,GAAuC;AAAA,EAClD,QAAA;AAAA,EACA,OAAA;AAAA,EACA,SAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF;AAIO,IAAM,oCAAA,GAAuC;AAAA,EAClD,UAAA;AAAA,EACA,MAAA;AAAA,EACA;AACF;AAEO,IAAM,mCAAA,GAAsC;AAAA,EACjD,mBAAA;AAAA,EACA,uBAAA;AAAA,EACA,YAAA;AAAA,EACA,gBAAA;AAAA,EACA,4BAAA;AAAA,EACA,eAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF;AAIO,SAAS,+BACd,SAAA,EACiC;AACjC,EAAA,OAAO,gBAAgB,SAAyC,CAAA;AAClE;AAEO,SAAS,uCACd,SAAA,EAC2C;AAC3C,EAAA,MAAM,KAAA,GAAQ,+BAA+B,SAAS,CAAA;AACtD,EAAA,OACE,KAAA,KAAU,OACV,KAAA,KAAU,GAAA;AAEd","file":"component-boundary.contract.js","sourcesContent":["/* GENERATED by scripts/generate-contract-schema.ts. DO NOT EDIT. */\n\nexport type TableOwnershipLayer = \"L\" | \"C\" | \"K\" | \"D\" | \"A\";\n\nexport const TABLES_BY_LAYER = {\n \"L\": [\n \"agentRegistryEntries\",\n \"apiKeys\",\n \"auditLog\",\n \"compatibilityShims\",\n \"controlPlaneTenantModelSlotBindings\",\n \"controlPlaneTenantProviderSecrets\",\n \"controlPlaneTenantProxyGatewayUsage\",\n \"controlPlaneTenantProxyTokenLeases\",\n \"controlPlaneToolAcls\",\n \"cutoverFlags\",\n \"deploymentHosts\",\n \"groupMemberships\",\n \"groups\",\n \"memberships\",\n \"methodologyPacks\",\n \"oauthDeviceCodes\",\n \"packAssignments\",\n \"packDefinitions\",\n \"packEntitlements\",\n \"packGroupAssignments\",\n \"packInstallations\",\n \"packVersions\",\n \"permitSyncStates\",\n \"policyBundles\",\n \"policyDecisionLogs\",\n \"policySimulations\",\n \"principalIdentityAliases\",\n \"principals\",\n \"rateLimitWindows\",\n \"secretSyncDriftReports\",\n \"servicePrincipalKeys\",\n \"tenantDeploymentCredentials\",\n \"tenantMethodologyAssignments\",\n \"tenants\",\n \"toolCatalog\",\n \"toolRegistryEntries\",\n \"userSessions\",\n \"workspaces\"\n ],\n \"C\": [\n \"agents\",\n \"mcpWritePolicy\",\n \"modelCallLogs\",\n \"modelFunctionSlots\",\n \"modelRegistry\",\n \"modelSlotConfigs\",\n \"permitAccessReviewItems\",\n \"permitAccessReviews\",\n \"permitAttributeBindings\",\n \"permitGroupMemberships\",\n \"permitGroups\",\n \"permitPolicyBundles\",\n \"permitPolicyDecisionReceipts\",\n \"permitPrincipalAliases\",\n \"permitPrincipals\",\n \"permitProjectionOutbox\",\n \"permitRelationshipTuples\",\n \"permitResourceInstances\",\n \"permitRoleAssignments\",\n \"platformAudienceGrants\",\n \"platformAudiences\",\n \"platformPolicyDecisionLogs\",\n \"projectGrants\",\n \"reasoningPermissions\",\n \"tenantApiKeys\",\n \"tenantConfig\",\n \"tenantIntegrations\",\n \"tenantModelSlotBindings\",\n \"tenantPermitSyncStates\",\n \"tenantPolicies\",\n \"tenantProviderSecrets\",\n \"tenantProxyGatewayUsage\",\n \"tenantProxyTokenMints\",\n \"tenantSandboxAuditEvents\",\n \"tenantSecrets\",\n \"toolAcls\",\n \"toolRegistry\",\n \"users\"\n ],\n \"K\": [\n \"agentMessages\",\n \"agentSessions\",\n \"autofixJobs\",\n \"backgroundJobRuns\",\n \"backgroundJobSettings\",\n \"beliefConfidence\",\n \"beliefEvidenceLinks\",\n \"beliefHistory\",\n \"beliefScenarios\",\n \"beliefVotes\",\n \"calibrationScores\",\n \"contractEvaluations\",\n \"contradictions\",\n \"crossProjectConnections\",\n \"decisionComputedSummaries\",\n \"decisionEvents\",\n \"decisionParticipants\",\n \"decisionRiskLedger\",\n \"decisionSnapshots\",\n \"deliberationContributions\",\n \"deliberationSessions\",\n \"domainEvents\",\n \"epistemicAudit\",\n \"epistemicContracts\",\n \"epistemicEdges\",\n \"epistemicNodeEmbeddings\",\n \"epistemicNodes\",\n \"graphAnalysisCache\",\n \"graphAnalysisResults\",\n \"graphSuggestions\",\n \"harnessReplays\",\n \"harnessRuns\",\n \"idempotencyTokens\",\n \"lenses\",\n \"lensTopicBindings\",\n \"neo4jSyncQueue\",\n \"ontologyDefinitions\",\n \"ontologyVersions\",\n \"platformAgentRunPolicyDecisions\",\n \"platformAgentRunPromptResolutions\",\n \"platformAgentRuns\",\n \"platformAgentRunToolCalls\",\n \"platformHarnessShadowAudit\",\n \"publicationRules\",\n \"questionEvidenceLinks\",\n \"researchJobs\",\n \"schemaEnumConfig\",\n \"stakeholderGroups\",\n \"systemLogs\",\n \"tasks\",\n \"topics\",\n \"workflowDefinitions\",\n \"workflowPullRequests\",\n \"workflowStages\",\n \"worktreeBeliefCluster\",\n \"worktrees\"\n ],\n \"D\": [],\n \"A\": []\n} as const;\n\nexport const TABLE_OWNERSHIP = {\n \"agentMessages\": \"K\",\n \"agentRegistryEntries\": \"L\",\n \"agents\": \"C\",\n \"agentSessions\": \"K\",\n \"apiKeys\": \"L\",\n \"auditLog\": \"L\",\n \"autofixJobs\": \"K\",\n \"backgroundJobRuns\": \"K\",\n \"backgroundJobSettings\": \"K\",\n \"beliefConfidence\": \"K\",\n \"beliefEvidenceLinks\": \"K\",\n \"beliefHistory\": \"K\",\n \"beliefScenarios\": \"K\",\n \"beliefVotes\": \"K\",\n \"calibrationScores\": \"K\",\n \"compatibilityShims\": \"L\",\n \"contractEvaluations\": \"K\",\n \"contradictions\": \"K\",\n \"controlPlaneTenantModelSlotBindings\": \"L\",\n \"controlPlaneTenantProviderSecrets\": \"L\",\n \"controlPlaneTenantProxyGatewayUsage\": \"L\",\n \"controlPlaneTenantProxyTokenLeases\": \"L\",\n \"controlPlaneToolAcls\": \"L\",\n \"crossProjectConnections\": \"K\",\n \"cutoverFlags\": \"L\",\n \"decisionComputedSummaries\": \"K\",\n \"decisionEvents\": \"K\",\n \"decisionParticipants\": \"K\",\n \"decisionRiskLedger\": \"K\",\n \"decisionSnapshots\": \"K\",\n \"deliberationContributions\": \"K\",\n \"deliberationSessions\": \"K\",\n \"deploymentHosts\": \"L\",\n \"domainEvents\": \"K\",\n \"epistemicAudit\": \"K\",\n \"epistemicContracts\": \"K\",\n \"epistemicEdges\": \"K\",\n \"epistemicNodeEmbeddings\": \"K\",\n \"epistemicNodes\": \"K\",\n \"graphAnalysisCache\": \"K\",\n \"graphAnalysisResults\": \"K\",\n \"graphSuggestions\": \"K\",\n \"groupMemberships\": \"L\",\n \"groups\": \"L\",\n \"harnessReplays\": \"K\",\n \"harnessRuns\": \"K\",\n \"idempotencyTokens\": \"K\",\n \"lenses\": \"K\",\n \"lensTopicBindings\": \"K\",\n \"mcpWritePolicy\": \"C\",\n \"memberships\": \"L\",\n \"methodologyPacks\": \"L\",\n \"modelCallLogs\": \"C\",\n \"modelFunctionSlots\": \"C\",\n \"modelRegistry\": \"C\",\n \"modelSlotConfigs\": \"C\",\n \"neo4jSyncQueue\": \"K\",\n \"oauthDeviceCodes\": \"L\",\n \"ontologyDefinitions\": \"K\",\n \"ontologyVersions\": \"K\",\n \"packAssignments\": \"L\",\n \"packDefinitions\": \"L\",\n \"packEntitlements\": \"L\",\n \"packGroupAssignments\": \"L\",\n \"packInstallations\": \"L\",\n \"packVersions\": \"L\",\n \"permitAccessReviewItems\": \"C\",\n \"permitAccessReviews\": \"C\",\n \"permitAttributeBindings\": \"C\",\n \"permitGroupMemberships\": \"C\",\n \"permitGroups\": \"C\",\n \"permitPolicyBundles\": \"C\",\n \"permitPolicyDecisionReceipts\": \"C\",\n \"permitPrincipalAliases\": \"C\",\n \"permitPrincipals\": \"C\",\n \"permitProjectionOutbox\": \"C\",\n \"permitRelationshipTuples\": \"C\",\n \"permitResourceInstances\": \"C\",\n \"permitRoleAssignments\": \"C\",\n \"permitSyncStates\": \"L\",\n \"platformAgentRunPolicyDecisions\": \"K\",\n \"platformAgentRunPromptResolutions\": \"K\",\n \"platformAgentRuns\": \"K\",\n \"platformAgentRunToolCalls\": \"K\",\n \"platformAudienceGrants\": \"C\",\n \"platformAudiences\": \"C\",\n \"platformHarnessShadowAudit\": \"K\",\n \"platformPolicyDecisionLogs\": \"C\",\n \"policyBundles\": \"L\",\n \"policyDecisionLogs\": \"L\",\n \"policySimulations\": \"L\",\n \"principalIdentityAliases\": \"L\",\n \"principals\": \"L\",\n \"projectGrants\": \"C\",\n \"publicationRules\": \"K\",\n \"questionEvidenceLinks\": \"K\",\n \"rateLimitWindows\": \"L\",\n \"reasoningPermissions\": \"C\",\n \"researchJobs\": \"K\",\n \"schemaEnumConfig\": \"K\",\n \"secretSyncDriftReports\": \"L\",\n \"servicePrincipalKeys\": \"L\",\n \"stakeholderGroups\": \"K\",\n \"systemLogs\": \"K\",\n \"tasks\": \"K\",\n \"tenantApiKeys\": \"C\",\n \"tenantConfig\": \"C\",\n \"tenantDeploymentCredentials\": \"L\",\n \"tenantIntegrations\": \"C\",\n \"tenantMethodologyAssignments\": \"L\",\n \"tenantModelSlotBindings\": \"C\",\n \"tenantPermitSyncStates\": \"C\",\n \"tenantPolicies\": \"C\",\n \"tenantProviderSecrets\": \"C\",\n \"tenantProxyGatewayUsage\": \"C\",\n \"tenantProxyTokenMints\": \"C\",\n \"tenants\": \"L\",\n \"tenantSandboxAuditEvents\": \"C\",\n \"tenantSecrets\": \"C\",\n \"toolAcls\": \"C\",\n \"toolCatalog\": \"L\",\n \"toolRegistry\": \"C\",\n \"toolRegistryEntries\": \"L\",\n \"topics\": \"K\",\n \"users\": \"C\",\n \"userSessions\": \"L\",\n \"workflowDefinitions\": \"K\",\n \"workflowPullRequests\": \"K\",\n \"workflowStages\": \"K\",\n \"workspaces\": \"L\",\n \"worktreeBeliefCluster\": \"K\",\n \"worktrees\": \"K\",\n} as const satisfies Readonly<Record<string, TableOwnershipLayer>>;\n\nexport type GeneratedTableName = keyof typeof TABLE_OWNERSHIP;\n\nexport function classifyTableOwnership(\n tableName: string\n): TableOwnershipLayer | null {\n return TABLE_OWNERSHIP[tableName as GeneratedTableName] ?? null;\n}\n\nexport function listTablesByOwnership(\n layer: TableOwnershipLayer\n): readonly string[] {\n return TABLES_BY_LAYER[layer];\n}\n\nexport function summarizeTableOwnership(\n tableNames: readonly string[]\n): Record<TableOwnershipLayer, number> {\n const summary: Record<TableOwnershipLayer, number> = {\n L: 0,\n C: 0,\n K: 0,\n D: 0,\n A: 0,\n };\n for (const name of tableNames) {\n const layer = classifyTableOwnership(name);\n if (layer) {\n summary[layer] += 1;\n }\n }\n return summary;\n}\n\nexport function assertTableOwnershipCoverage(tableNames: readonly string[]): void {\n const missing = tableNames.filter((name) => !classifyTableOwnership(name));\n const tableNameSet = new Set(tableNames);\n const extras = Object.keys(TABLE_OWNERSHIP).filter(\n (name) => !tableNameSet.has(name)\n );\n if (missing.length > 0 || extras.length > 0) {\n const lines: string[] = [];\n if (missing.length > 0) {\n lines.push(`Missing ownership classification: ${missing.join(\", \")}`);\n }\n if (extras.length > 0) {\n lines.push(`Ownership map contains unknown tables: ${extras.join(\", \")}`);\n }\n throw new Error(lines.join(\"\\n\"));\n }\n}\n","import {\n TABLE_OWNERSHIP,\n type TableOwnershipLayer,\n} from \"./generated/tableOwnership.js\";\n\nexport const COMPONENT_BOUNDARY_CONTRACT_VERSION = \"2026-04-27\" as const;\n\nexport const COMPONENT_BOUNDARY_COMPONENT_LAYERS = [\n \"C\",\n \"K\",\n] as const satisfies readonly TableOwnershipLayer[];\nexport type ComponentBoundaryComponentLayer =\n (typeof COMPONENT_BOUNDARY_COMPONENT_LAYERS)[number];\n\nexport const COMPONENT_BOUNDARY_DIRECT_DB_METHODS = [\n \"insert\",\n \"patch\",\n \"replace\",\n \"delete\",\n \"query\",\n] as const;\nexport type ComponentBoundaryDirectDbMethod =\n (typeof COMPONENT_BOUNDARY_DIRECT_DB_METHODS)[number];\n\nexport const COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS = [\n \"services\",\n \"apps\",\n \"convex\",\n] as const;\n\nexport const COMPONENT_BOUNDARY_HIGH_RISK_TABLES = [\n \"backgroundJobRuns\",\n \"backgroundJobSettings\",\n \"systemLogs\",\n \"epistemicAudit\",\n \"platformPolicyDecisionLogs\",\n \"tenantApiKeys\",\n \"projectGrants\",\n \"userSessions\",\n] as const;\nexport type ComponentBoundaryHighRiskTable =\n (typeof COMPONENT_BOUNDARY_HIGH_RISK_TABLES)[number];\n\nexport function getComponentBoundaryTableLayer(\n tableName: string\n): TableOwnershipLayer | undefined {\n return TABLE_OWNERSHIP[tableName as keyof typeof TABLE_OWNERSHIP];\n}\n\nexport function isComponentBoundaryComponentOwnedTable(\n tableName: string\n): tableName is keyof typeof TABLE_OWNERSHIP {\n const layer = getComponentBoundaryTableLayer(tableName);\n return (\n layer === \"C\" ||\n layer === \"K\"\n );\n}\n"]}
1
+ {"version":3,"sources":["../src/generated/tableOwnership.ts","../src/component-boundary.contract.ts"],"names":[],"mappings":";AA+HO,IAAM,eAAA,GAAkB;AAAA,EAC7B,eAAA,EAAiB,GAAA;AAAA,EACjB,sBAAA,EAAwB,GAAA;AAAA,EACxB,QAAA,EAAU,GAAA;AAAA,EACV,eAAA,EAAiB,GAAA;AAAA,EACjB,SAAA,EAAW,GAAA;AAAA,EACX,UAAA,EAAY,GAAA;AAAA,EACZ,aAAA,EAAe,GAAA;AAAA,EACf,mBAAA,EAAqB,GAAA;AAAA,EACrB,uBAAA,EAAyB,GAAA;AAAA,EACzB,kBAAA,EAAoB,GAAA;AAAA,EACpB,qBAAA,EAAuB,GAAA;AAAA,EACvB,eAAA,EAAiB,GAAA;AAAA,EACjB,iBAAA,EAAmB,GAAA;AAAA,EACnB,aAAA,EAAe,GAAA;AAAA,EACf,mBAAA,EAAqB,GAAA;AAAA,EACrB,oBAAA,EAAsB,GAAA;AAAA,EACtB,qBAAA,EAAuB,GAAA;AAAA,EACvB,gBAAA,EAAkB,GAAA;AAAA,EAClB,qCAAA,EAAuC,GAAA;AAAA,EACvC,mCAAA,EAAqC,GAAA;AAAA,EACrC,qCAAA,EAAuC,GAAA;AAAA,EACvC,sBAAA,EAAwB,GAAA;AAAA,EACxB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,cAAA,EAAgB,GAAA;AAAA,EAChB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,gBAAA,EAAkB,GAAA;AAAA,EAClB,sBAAA,EAAwB,GAAA;AAAA,EACxB,oBAAA,EAAsB,GAAA;AAAA,EACtB,mBAAA,EAAqB,GAAA;AAAA,EACrB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,sBAAA,EAAwB,GAAA;AAAA,EACxB,gBAAA,EAAkB,GAAA;AAAA,EAClB,oBAAA,EAAsB,GAAA;AAAA,EACtB,gBAAA,EAAkB,GAAA;AAAA,EAClB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,gBAAA,EAAkB,GAAA;AAAA,EAClB,oBAAA,EAAsB,GAAA;AAAA,EACtB,sBAAA,EAAwB,GAAA;AAAA,EACxB,kBAAA,EAAoB,GAAA;AAAA,EACpB,kBAAA,EAAoB,GAAA;AAAA,EACpB,QAAA,EAAU,GAAA;AAAA,EACV,gBAAA,EAAkB,GAAA;AAAA,EAClB,aAAA,EAAe,GAAA;AAAA,EACf,mBAAA,EAAqB,GAAA;AAAA,EACrB,QAAA,EAAU,GAAA;AAAA,EACV,mBAAA,EAAqB,GAAA;AAAA,EACrB,gBAAA,EAAkB,GAAA;AAAA,EAClB,aAAA,EAAe,GAAA;AAAA,EACf,kBAAA,EAAoB,GAAA;AAAA,EACpB,eAAA,EAAiB,GAAA;AAAA,EACjB,oBAAA,EAAsB,GAAA;AAAA,EACtB,eAAA,EAAiB,GAAA;AAAA,EACjB,kBAAA,EAAoB,GAAA;AAAA,EACpB,gBAAA,EAAkB,GAAA;AAAA,EAClB,kBAAA,EAAoB,GAAA;AAAA,EACpB,qBAAA,EAAuB,GAAA;AAAA,EACvB,kBAAA,EAAoB,GAAA;AAAA,EACpB,iBAAA,EAAmB,GAAA;AAAA,EACnB,iBAAA,EAAmB,GAAA;AAAA,EACnB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,mBAAA,EAAqB,GAAA;AAAA,EACrB,cAAA,EAAgB,GAAA;AAAA,EAChB,iCAAA,EAAmC,GAAA;AAAA,EACnC,mCAAA,EAAqC,GAAA;AAAA,EACrC,mBAAA,EAAqB,GAAA;AAAA,EACrB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,wBAAA,EAA0B,GAAA;AAAA,EAC1B,mBAAA,EAAqB,GAAA;AAAA,EACrB,4BAAA,EAA8B,GAAA;AAAA,EAC9B,4BAAA,EAA8B,GAAA;AAAA,EAC9B,eAAA,EAAiB,GAAA;AAAA,EACjB,oBAAA,EAAsB,GAAA;AAAA,EACtB,mBAAA,EAAqB,GAAA;AAAA,EACrB,YAAA,EAAc,GAAA;AAAA,EACd,eAAA,EAAiB,GAAA;AAAA,EACjB,kBAAA,EAAoB,GAAA;AAAA,EACpB,uBAAA,EAAyB,GAAA;AAAA,EACzB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,cAAA,EAAgB,GAAA;AAAA,EAChB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,mBAAA,EAAqB,GAAA;AAAA,EACrB,YAAA,EAAc,GAAA;AAAA,EACd,OAAA,EAAS,GAAA;AAAA,EACT,eAAA,EAAiB,GAAA;AAAA,EACjB,cAAA,EAAgB,GAAA;AAAA,EAChB,6BAAA,EAA+B,GAAA;AAAA,EAC/B,oBAAA,EAAsB,GAAA;AAAA,EACtB,8BAAA,EAAgC,GAAA;AAAA,EAChC,yBAAA,EAA2B,GAAA;AAAA,EAC3B,gBAAA,EAAkB,GAAA;AAAA,EAClB,uBAAA,EAAyB,GAAA;AAAA,EACzB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,uBAAA,EAAyB,GAAA;AAAA,EACzB,SAAA,EAAW,GAAA;AAAA,EACX,0BAAA,EAA4B,GAAA;AAAA,EAC5B,eAAA,EAAiB,GAAA;AAAA,EACjB,UAAA,EAAY,GAAA;AAAA,EACZ,aAAA,EAAe,GAAA;AAAA,EACf,cAAA,EAAgB,GAAA;AAAA,EAChB,qBAAA,EAAuB,GAAA;AAAA,EACvB,QAAA,EAAU,GAAA;AAAA,EACV,OAAA,EAAS,GAAA;AAAA,EACT,cAAA,EAAgB,GAAA;AAAA,EAChB,qBAAA,EAAuB,GAAA;AAAA,EACvB,sBAAA,EAAwB,GAAA;AAAA,EACxB,gBAAA,EAAkB,GAAA;AAAA,EAClB,YAAA,EAAc,GAAA;AAAA,EACd,uBAAA,EAAyB,GAAA;AAAA,EACzB,WAAA,EAAa;AACf,CAAA;;;AC3OO,IAAM,mCAAA,GAAsC;AAE5C,IAAM,mCAAA,GAAsC;AAAA,EACjD,GAAA;AAAA,EACA;AACF;AAIO,IAAM,oCAAA,GAAuC;AAAA,EAClD,QAAA;AAAA,EACA,OAAA;AAAA,EACA,SAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF;AAIO,IAAM,oCAAA,GAAuC;AAAA,EAClD,UAAA;AAAA,EACA,MAAA;AAAA,EACA;AACF;AAEO,IAAM,mCAAA,GAAsC;AAAA,EACjD,mBAAA;AAAA,EACA,uBAAA;AAAA,EACA,YAAA;AAAA,EACA,gBAAA;AAAA,EACA,4BAAA;AAAA,EACA,eAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF;AAIO,SAAS,+BACd,SAAA,EACiC;AACjC,EAAA,OAAO,gBAAgB,SAAyC,CAAA;AAClE;AAEO,SAAS,uCACd,SAAA,EAC2C;AAC3C,EAAA,MAAM,KAAA,GAAQ,+BAA+B,SAAS,CAAA;AACtD,EAAA,OACE,KAAA,KAAU,OACV,KAAA,KAAU,GAAA;AAEd","file":"component-boundary.contract.js","sourcesContent":["/* GENERATED by scripts/generate-contract-schema.ts. DO NOT EDIT. */\n\nexport type TableOwnershipLayer = \"L\" | \"I\" | \"K\" | \"D\" | \"A\";\n\nexport const TABLES_BY_LAYER = {\n \"L\": [\n \"agentRegistryEntries\",\n \"apiKeys\",\n \"auditLog\",\n \"compatibilityShims\",\n \"controlPlaneTenantModelSlotBindings\",\n \"controlPlaneTenantProviderSecrets\",\n \"controlPlaneTenantProxyGatewayUsage\",\n \"controlPlaneToolAcls\",\n \"cutoverFlags\",\n \"groupMemberships\",\n \"groups\",\n \"memberships\",\n \"methodologyPacks\",\n \"oauthDeviceCodes\",\n \"packAssignments\",\n \"packDefinitions\",\n \"packEntitlements\",\n \"packGroupAssignments\",\n \"packInstallations\",\n \"packVersions\",\n \"policyBundles\",\n \"policyDecisionLogs\",\n \"policySimulations\",\n \"principals\",\n \"rateLimitWindows\",\n \"servicePrincipalKeys\",\n \"tenantDeploymentCredentials\",\n \"tenantMethodologyAssignments\",\n \"tenants\",\n \"toolCatalog\",\n \"toolRegistryEntries\",\n \"userSessions\",\n \"workspaces\"\n ],\n \"I\": [\n \"agents\",\n \"mcpWritePolicy\",\n \"modelCallLogs\",\n \"modelFunctionSlots\",\n \"modelRegistry\",\n \"modelSlotConfigs\",\n \"platformAudienceGrants\",\n \"platformAudiences\",\n \"platformPolicyDecisionLogs\",\n \"projectGrants\",\n \"reasoningPermissions\",\n \"tenantApiKeys\",\n \"tenantConfig\",\n \"tenantIntegrations\",\n \"tenantModelSlotBindings\",\n \"tenantPolicies\",\n \"tenantProviderSecrets\",\n \"tenantProxyGatewayUsage\",\n \"tenantProxyTokenMints\",\n \"tenantSandboxAuditEvents\",\n \"tenantSecrets\",\n \"toolAcls\",\n \"toolRegistry\",\n \"users\"\n ],\n \"K\": [\n \"agentMessages\",\n \"agentSessions\",\n \"autofixJobs\",\n \"backgroundJobRuns\",\n \"backgroundJobSettings\",\n \"beliefConfidence\",\n \"beliefEvidenceLinks\",\n \"beliefHistory\",\n \"beliefScenarios\",\n \"beliefVotes\",\n \"calibrationScores\",\n \"contractEvaluations\",\n \"contradictions\",\n \"crossProjectConnections\",\n \"decisionComputedSummaries\",\n \"decisionEvents\",\n \"decisionParticipants\",\n \"decisionRiskLedger\",\n \"decisionSnapshots\",\n \"deliberationContributions\",\n \"deliberationSessions\",\n \"epistemicAudit\",\n \"epistemicContracts\",\n \"epistemicEdges\",\n \"epistemicNodeEmbeddings\",\n \"epistemicNodes\",\n \"graphAnalysisCache\",\n \"graphAnalysisResults\",\n \"graphSuggestions\",\n \"harnessReplays\",\n \"harnessRuns\",\n \"idempotencyTokens\",\n \"lenses\",\n \"lensTopicBindings\",\n \"neo4jSyncQueue\",\n \"ontologyDefinitions\",\n \"ontologyVersions\",\n \"platformAgentRunPolicyDecisions\",\n \"platformAgentRunPromptResolutions\",\n \"platformAgentRuns\",\n \"platformAgentRunToolCalls\",\n \"platformHarnessShadowAudit\",\n \"publicationRules\",\n \"questionEvidenceLinks\",\n \"researchJobs\",\n \"schemaEnumConfig\",\n \"stakeholderGroups\",\n \"systemLogs\",\n \"tasks\",\n \"topics\",\n \"workflowDefinitions\",\n \"workflowPullRequests\",\n \"workflowStages\",\n \"worktreeBeliefCluster\",\n \"worktrees\"\n ],\n \"D\": [],\n \"A\": []\n} as const;\n\nexport const TABLE_OWNERSHIP = {\n \"agentMessages\": \"K\",\n \"agentRegistryEntries\": \"L\",\n \"agents\": \"I\",\n \"agentSessions\": \"K\",\n \"apiKeys\": \"L\",\n \"auditLog\": \"L\",\n \"autofixJobs\": \"K\",\n \"backgroundJobRuns\": \"K\",\n \"backgroundJobSettings\": \"K\",\n \"beliefConfidence\": \"K\",\n \"beliefEvidenceLinks\": \"K\",\n \"beliefHistory\": \"K\",\n \"beliefScenarios\": \"K\",\n \"beliefVotes\": \"K\",\n \"calibrationScores\": \"K\",\n \"compatibilityShims\": \"L\",\n \"contractEvaluations\": \"K\",\n \"contradictions\": \"K\",\n \"controlPlaneTenantModelSlotBindings\": \"L\",\n \"controlPlaneTenantProviderSecrets\": \"L\",\n \"controlPlaneTenantProxyGatewayUsage\": \"L\",\n \"controlPlaneToolAcls\": \"L\",\n \"crossProjectConnections\": \"K\",\n \"cutoverFlags\": \"L\",\n \"decisionComputedSummaries\": \"K\",\n \"decisionEvents\": \"K\",\n \"decisionParticipants\": \"K\",\n \"decisionRiskLedger\": \"K\",\n \"decisionSnapshots\": \"K\",\n \"deliberationContributions\": \"K\",\n \"deliberationSessions\": \"K\",\n \"epistemicAudit\": \"K\",\n \"epistemicContracts\": \"K\",\n \"epistemicEdges\": \"K\",\n \"epistemicNodeEmbeddings\": \"K\",\n \"epistemicNodes\": \"K\",\n \"graphAnalysisCache\": \"K\",\n \"graphAnalysisResults\": \"K\",\n \"graphSuggestions\": \"K\",\n \"groupMemberships\": \"L\",\n \"groups\": \"L\",\n \"harnessReplays\": \"K\",\n \"harnessRuns\": \"K\",\n \"idempotencyTokens\": \"K\",\n \"lenses\": \"K\",\n \"lensTopicBindings\": \"K\",\n \"mcpWritePolicy\": \"I\",\n \"memberships\": \"L\",\n \"methodologyPacks\": \"L\",\n \"modelCallLogs\": \"I\",\n \"modelFunctionSlots\": \"I\",\n \"modelRegistry\": \"I\",\n \"modelSlotConfigs\": \"I\",\n \"neo4jSyncQueue\": \"K\",\n \"oauthDeviceCodes\": \"L\",\n \"ontologyDefinitions\": \"K\",\n \"ontologyVersions\": \"K\",\n \"packAssignments\": \"L\",\n \"packDefinitions\": \"L\",\n \"packEntitlements\": \"L\",\n \"packGroupAssignments\": \"L\",\n \"packInstallations\": \"L\",\n \"packVersions\": \"L\",\n \"platformAgentRunPolicyDecisions\": \"K\",\n \"platformAgentRunPromptResolutions\": \"K\",\n \"platformAgentRuns\": \"K\",\n \"platformAgentRunToolCalls\": \"K\",\n \"platformAudienceGrants\": \"I\",\n \"platformAudiences\": \"I\",\n \"platformHarnessShadowAudit\": \"K\",\n \"platformPolicyDecisionLogs\": \"I\",\n \"policyBundles\": \"L\",\n \"policyDecisionLogs\": \"L\",\n \"policySimulations\": \"L\",\n \"principals\": \"L\",\n \"projectGrants\": \"I\",\n \"publicationRules\": \"K\",\n \"questionEvidenceLinks\": \"K\",\n \"rateLimitWindows\": \"L\",\n \"reasoningPermissions\": \"I\",\n \"researchJobs\": \"K\",\n \"schemaEnumConfig\": \"K\",\n \"servicePrincipalKeys\": \"L\",\n \"stakeholderGroups\": \"K\",\n \"systemLogs\": \"K\",\n \"tasks\": \"K\",\n \"tenantApiKeys\": \"I\",\n \"tenantConfig\": \"I\",\n \"tenantDeploymentCredentials\": \"L\",\n \"tenantIntegrations\": \"I\",\n \"tenantMethodologyAssignments\": \"L\",\n \"tenantModelSlotBindings\": \"I\",\n \"tenantPolicies\": \"I\",\n \"tenantProviderSecrets\": \"I\",\n \"tenantProxyGatewayUsage\": \"I\",\n \"tenantProxyTokenMints\": \"I\",\n \"tenants\": \"L\",\n \"tenantSandboxAuditEvents\": \"I\",\n \"tenantSecrets\": \"I\",\n \"toolAcls\": \"I\",\n \"toolCatalog\": \"L\",\n \"toolRegistry\": \"I\",\n \"toolRegistryEntries\": \"L\",\n \"topics\": \"K\",\n \"users\": \"I\",\n \"userSessions\": \"L\",\n \"workflowDefinitions\": \"K\",\n \"workflowPullRequests\": \"K\",\n \"workflowStages\": \"K\",\n \"workspaces\": \"L\",\n \"worktreeBeliefCluster\": \"K\",\n \"worktrees\": \"K\",\n} as const satisfies Readonly<Record<string, TableOwnershipLayer>>;\n\nexport type GeneratedTableName = keyof typeof TABLE_OWNERSHIP;\n\nexport function classifyTableOwnership(\n tableName: string\n): TableOwnershipLayer | null {\n return TABLE_OWNERSHIP[tableName as GeneratedTableName] ?? null;\n}\n\nexport function listTablesByOwnership(\n layer: TableOwnershipLayer\n): readonly string[] {\n return TABLES_BY_LAYER[layer];\n}\n\nexport function summarizeTableOwnership(\n tableNames: readonly string[]\n): Record<TableOwnershipLayer, number> {\n const summary: Record<TableOwnershipLayer, number> = {\n L: 0,\n I: 0,\n K: 0,\n D: 0,\n A: 0,\n };\n for (const name of tableNames) {\n const layer = classifyTableOwnership(name);\n if (layer) {\n summary[layer] += 1;\n }\n }\n return summary;\n}\n\nexport function assertTableOwnershipCoverage(tableNames: readonly string[]): void {\n const missing = tableNames.filter((name) => !classifyTableOwnership(name));\n const tableNameSet = new Set(tableNames);\n const extras = Object.keys(TABLE_OWNERSHIP).filter(\n (name) => !tableNameSet.has(name)\n );\n if (missing.length > 0 || extras.length > 0) {\n const lines: string[] = [];\n if (missing.length > 0) {\n lines.push(`Missing ownership classification: ${missing.join(\", \")}`);\n }\n if (extras.length > 0) {\n lines.push(`Ownership map contains unknown tables: ${extras.join(\", \")}`);\n }\n throw new Error(lines.join(\"\\n\"));\n }\n}\n","import {\n TABLE_OWNERSHIP,\n type TableOwnershipLayer,\n} from \"./generated/tableOwnership.js\";\n\nexport const COMPONENT_BOUNDARY_CONTRACT_VERSION = \"2026-04-27\" as const;\n\nexport const COMPONENT_BOUNDARY_COMPONENT_LAYERS = [\n \"I\",\n \"K\",\n] as const satisfies readonly TableOwnershipLayer[];\nexport type ComponentBoundaryComponentLayer =\n (typeof COMPONENT_BOUNDARY_COMPONENT_LAYERS)[number];\n\nexport const COMPONENT_BOUNDARY_DIRECT_DB_METHODS = [\n \"insert\",\n \"patch\",\n \"replace\",\n \"delete\",\n \"query\",\n] as const;\nexport type ComponentBoundaryDirectDbMethod =\n (typeof COMPONENT_BOUNDARY_DIRECT_DB_METHODS)[number];\n\nexport const COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS = [\n \"services\",\n \"apps\",\n \"convex\",\n] as const;\n\nexport const COMPONENT_BOUNDARY_HIGH_RISK_TABLES = [\n \"backgroundJobRuns\",\n \"backgroundJobSettings\",\n \"systemLogs\",\n \"epistemicAudit\",\n \"platformPolicyDecisionLogs\",\n \"tenantApiKeys\",\n \"projectGrants\",\n \"userSessions\",\n] as const;\nexport type ComponentBoundaryHighRiskTable =\n (typeof COMPONENT_BOUNDARY_HIGH_RISK_TABLES)[number];\n\nexport function getComponentBoundaryTableLayer(\n tableName: string\n): TableOwnershipLayer | undefined {\n return TABLE_OWNERSHIP[tableName as keyof typeof TABLE_OWNERSHIP];\n}\n\nexport function isComponentBoundaryComponentOwnedTable(\n tableName: string\n): tableName is keyof typeof TABLE_OWNERSHIP {\n const layer = getComponentBoundaryTableLayer(tableName);\n return (\n layer === \"I\" ||\n layer === \"K\"\n );\n}\n\n"]}
@@ -450,13 +450,11 @@ type ContextPackV1 = {
450
450
  };
451
451
  /**
452
452
  * The canonical input schema for `compile_context`.
453
- * `topicId` is optional for query-first callers. When omitted, the platform
454
- * resolves the best topic from the query and other available signals.
455
- * `projectId` remains an optional compatibility alias.
453
+ * `topicId` is canonical. `projectId` remains an optional compatibility alias.
456
454
  */
457
455
  type ContextPackRequestV1 = {
458
- /** Topic scope ID. Omit to resolve by query. */
459
- topicId?: string;
456
+ /** Topic scope ID (required). */
457
+ topicId: string;
460
458
  /** Deprecated compatibility alias for older callers. */
461
459
  projectId?: string;
462
460
  /** Focus query for relevance ranking. */