@lucern/contracts 0.3.0-alpha.2 → 0.3.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/component-boundary.contract.d.ts +14 -0
- package/dist/component-boundary.contract.js +155 -0
- package/dist/component-boundary.contract.js.map +1 -0
- package/dist/gateway.contract.d.ts +1 -0
- package/dist/gateway.contract.js.map +1 -1
- package/dist/generated/convexSchemas.js +1 -0
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/schema-manifest.json +42 -3
- package/dist/generated/tableOwnership.d.ts +2 -1
- package/dist/generated/tableOwnership.js +2 -0
- package/dist/generated/tableOwnership.js.map +1 -1
- package/dist/generated/tier-expectations.json +4 -2
- package/dist/index.d.ts +258 -1
- package/dist/index.js +618 -1
- package/dist/index.js.map +1 -1
- package/dist/mcp-gateway-boundary.contract.d.ts +181 -0
- package/dist/mcp-gateway-boundary.contract.js +43 -0
- package/dist/mcp-gateway-boundary.contract.js.map +1 -0
- package/dist/schemas/component-table-manifest.d.ts +2 -2
- package/dist/schemas/index.js +35 -0
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +130 -20
- package/dist/schemas/manifest.js +35 -0
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/tables/kernel/worktree.d.ts +2 -2
- package/dist/schemas/tables/mc/identity.d.ts +24 -1
- package/dist/schemas/tables/mc/identity.js +35 -1
- package/dist/schemas/tables/mc/identity.js.map +1 -1
- package/dist/schemas/tables/mc/pack.d.ts +2 -2
- package/dist/tenant-client.contract.d.ts +266 -0
- package/dist/tenant-client.contract.js +404 -0
- package/dist/tenant-client.contract.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { TableOwnershipLayer, TABLE_OWNERSHIP } from './generated/tableOwnership.js';
|
|
2
|
+
|
|
3
|
+
declare const COMPONENT_BOUNDARY_CONTRACT_VERSION: "2026-04-27";
|
|
4
|
+
declare const COMPONENT_BOUNDARY_COMPONENT_LAYERS: readonly ["I", "K"];
|
|
5
|
+
type ComponentBoundaryComponentLayer = (typeof COMPONENT_BOUNDARY_COMPONENT_LAYERS)[number];
|
|
6
|
+
declare const COMPONENT_BOUNDARY_DIRECT_DB_METHODS: readonly ["insert", "patch", "replace", "delete", "query"];
|
|
7
|
+
type ComponentBoundaryDirectDbMethod = (typeof COMPONENT_BOUNDARY_DIRECT_DB_METHODS)[number];
|
|
8
|
+
declare const COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS: readonly ["services", "apps", "convex"];
|
|
9
|
+
declare const COMPONENT_BOUNDARY_HIGH_RISK_TABLES: readonly ["backgroundJobRuns", "backgroundJobSettings", "systemLogs", "epistemicAudit", "platformPolicyDecisionLogs", "tenantApiKeys", "projectGrants", "userSessions"];
|
|
10
|
+
type ComponentBoundaryHighRiskTable = (typeof COMPONENT_BOUNDARY_HIGH_RISK_TABLES)[number];
|
|
11
|
+
declare function getComponentBoundaryTableLayer(tableName: string): TableOwnershipLayer | undefined;
|
|
12
|
+
declare function isComponentBoundaryComponentOwnedTable(tableName: string): tableName is keyof typeof TABLE_OWNERSHIP;
|
|
13
|
+
|
|
14
|
+
export { COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, type ComponentBoundaryComponentLayer, type ComponentBoundaryDirectDbMethod, type ComponentBoundaryHighRiskTable, getComponentBoundaryTableLayer, isComponentBoundaryComponentOwnedTable };
|
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
// src/generated/tableOwnership.ts
|
|
2
|
+
var TABLE_OWNERSHIP = {
|
|
3
|
+
"agentMessages": "K",
|
|
4
|
+
"agentRegistryEntries": "L",
|
|
5
|
+
"agents": "I",
|
|
6
|
+
"agentSessions": "K",
|
|
7
|
+
"apiKeys": "L",
|
|
8
|
+
"auditLog": "L",
|
|
9
|
+
"autofixJobs": "K",
|
|
10
|
+
"backgroundJobRuns": "K",
|
|
11
|
+
"backgroundJobSettings": "K",
|
|
12
|
+
"beliefConfidence": "K",
|
|
13
|
+
"beliefEvidenceLinks": "K",
|
|
14
|
+
"beliefHistory": "K",
|
|
15
|
+
"beliefScenarios": "K",
|
|
16
|
+
"beliefVotes": "K",
|
|
17
|
+
"calibrationScores": "K",
|
|
18
|
+
"compatibilityShims": "L",
|
|
19
|
+
"contractEvaluations": "K",
|
|
20
|
+
"contradictions": "K",
|
|
21
|
+
"controlPlaneTenantModelSlotBindings": "L",
|
|
22
|
+
"controlPlaneTenantProviderSecrets": "L",
|
|
23
|
+
"controlPlaneTenantProxyGatewayUsage": "L",
|
|
24
|
+
"controlPlaneToolAcls": "L",
|
|
25
|
+
"crossProjectConnections": "K",
|
|
26
|
+
"cutoverFlags": "L",
|
|
27
|
+
"decisionComputedSummaries": "K",
|
|
28
|
+
"decisionEvents": "K",
|
|
29
|
+
"decisionParticipants": "K",
|
|
30
|
+
"decisionRiskLedger": "K",
|
|
31
|
+
"decisionSnapshots": "K",
|
|
32
|
+
"deliberationContributions": "K",
|
|
33
|
+
"deliberationSessions": "K",
|
|
34
|
+
"epistemicAudit": "K",
|
|
35
|
+
"epistemicContracts": "K",
|
|
36
|
+
"epistemicEdges": "K",
|
|
37
|
+
"epistemicNodeEmbeddings": "K",
|
|
38
|
+
"epistemicNodes": "K",
|
|
39
|
+
"graphAnalysisCache": "K",
|
|
40
|
+
"graphAnalysisResults": "K",
|
|
41
|
+
"graphSuggestions": "K",
|
|
42
|
+
"groupMemberships": "L",
|
|
43
|
+
"groups": "L",
|
|
44
|
+
"harnessReplays": "K",
|
|
45
|
+
"harnessRuns": "K",
|
|
46
|
+
"idempotencyTokens": "K",
|
|
47
|
+
"lenses": "K",
|
|
48
|
+
"lensTopicBindings": "K",
|
|
49
|
+
"mcpWritePolicy": "I",
|
|
50
|
+
"memberships": "L",
|
|
51
|
+
"methodologyPacks": "L",
|
|
52
|
+
"modelCallLogs": "I",
|
|
53
|
+
"modelFunctionSlots": "I",
|
|
54
|
+
"modelRegistry": "I",
|
|
55
|
+
"modelSlotConfigs": "I",
|
|
56
|
+
"neo4jSyncQueue": "K",
|
|
57
|
+
"oauthDeviceCodes": "L",
|
|
58
|
+
"ontologyDefinitions": "K",
|
|
59
|
+
"ontologyVersions": "K",
|
|
60
|
+
"packAssignments": "L",
|
|
61
|
+
"packDefinitions": "L",
|
|
62
|
+
"packEntitlements": "L",
|
|
63
|
+
"packGroupAssignments": "L",
|
|
64
|
+
"packInstallations": "L",
|
|
65
|
+
"packVersions": "L",
|
|
66
|
+
"platformAgentRunPolicyDecisions": "K",
|
|
67
|
+
"platformAgentRunPromptResolutions": "K",
|
|
68
|
+
"platformAgentRuns": "K",
|
|
69
|
+
"platformAgentRunToolCalls": "K",
|
|
70
|
+
"platformAudienceGrants": "I",
|
|
71
|
+
"platformAudiences": "I",
|
|
72
|
+
"platformHarnessShadowAudit": "K",
|
|
73
|
+
"platformPolicyDecisionLogs": "I",
|
|
74
|
+
"policyBundles": "L",
|
|
75
|
+
"policyDecisionLogs": "L",
|
|
76
|
+
"policySimulations": "L",
|
|
77
|
+
"principals": "L",
|
|
78
|
+
"projectGrants": "I",
|
|
79
|
+
"publicationRules": "K",
|
|
80
|
+
"questionEvidenceLinks": "K",
|
|
81
|
+
"rateLimitWindows": "L",
|
|
82
|
+
"reasoningPermissions": "I",
|
|
83
|
+
"researchJobs": "K",
|
|
84
|
+
"schemaEnumConfig": "K",
|
|
85
|
+
"servicePrincipalKeys": "L",
|
|
86
|
+
"stakeholderGroups": "K",
|
|
87
|
+
"systemLogs": "K",
|
|
88
|
+
"tasks": "K",
|
|
89
|
+
"tenantApiKeys": "I",
|
|
90
|
+
"tenantConfig": "I",
|
|
91
|
+
"tenantDeploymentCredentials": "L",
|
|
92
|
+
"tenantIntegrations": "I",
|
|
93
|
+
"tenantMethodologyAssignments": "L",
|
|
94
|
+
"tenantModelSlotBindings": "I",
|
|
95
|
+
"tenantPolicies": "I",
|
|
96
|
+
"tenantProviderSecrets": "I",
|
|
97
|
+
"tenantProxyGatewayUsage": "I",
|
|
98
|
+
"tenantProxyTokenMints": "I",
|
|
99
|
+
"tenants": "L",
|
|
100
|
+
"tenantSandboxAuditEvents": "I",
|
|
101
|
+
"tenantSecrets": "I",
|
|
102
|
+
"toolAcls": "I",
|
|
103
|
+
"toolCatalog": "L",
|
|
104
|
+
"toolRegistry": "I",
|
|
105
|
+
"toolRegistryEntries": "L",
|
|
106
|
+
"topics": "K",
|
|
107
|
+
"users": "I",
|
|
108
|
+
"userSessions": "L",
|
|
109
|
+
"workflowDefinitions": "K",
|
|
110
|
+
"workflowPullRequests": "K",
|
|
111
|
+
"workflowStages": "K",
|
|
112
|
+
"workspaces": "L",
|
|
113
|
+
"worktreeBeliefCluster": "K",
|
|
114
|
+
"worktrees": "K"
|
|
115
|
+
};
|
|
116
|
+
|
|
117
|
+
// src/component-boundary.contract.ts
|
|
118
|
+
var COMPONENT_BOUNDARY_CONTRACT_VERSION = "2026-04-27";
|
|
119
|
+
var COMPONENT_BOUNDARY_COMPONENT_LAYERS = [
|
|
120
|
+
"I",
|
|
121
|
+
"K"
|
|
122
|
+
];
|
|
123
|
+
var COMPONENT_BOUNDARY_DIRECT_DB_METHODS = [
|
|
124
|
+
"insert",
|
|
125
|
+
"patch",
|
|
126
|
+
"replace",
|
|
127
|
+
"delete",
|
|
128
|
+
"query"
|
|
129
|
+
];
|
|
130
|
+
var COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS = [
|
|
131
|
+
"services",
|
|
132
|
+
"apps",
|
|
133
|
+
"convex"
|
|
134
|
+
];
|
|
135
|
+
var COMPONENT_BOUNDARY_HIGH_RISK_TABLES = [
|
|
136
|
+
"backgroundJobRuns",
|
|
137
|
+
"backgroundJobSettings",
|
|
138
|
+
"systemLogs",
|
|
139
|
+
"epistemicAudit",
|
|
140
|
+
"platformPolicyDecisionLogs",
|
|
141
|
+
"tenantApiKeys",
|
|
142
|
+
"projectGrants",
|
|
143
|
+
"userSessions"
|
|
144
|
+
];
|
|
145
|
+
function getComponentBoundaryTableLayer(tableName) {
|
|
146
|
+
return TABLE_OWNERSHIP[tableName];
|
|
147
|
+
}
|
|
148
|
+
function isComponentBoundaryComponentOwnedTable(tableName) {
|
|
149
|
+
const layer = getComponentBoundaryTableLayer(tableName);
|
|
150
|
+
return layer === "I" || layer === "K";
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
export { COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, getComponentBoundaryTableLayer, isComponentBoundaryComponentOwnedTable };
|
|
154
|
+
//# sourceMappingURL=component-boundary.contract.js.map
|
|
155
|
+
//# sourceMappingURL=component-boundary.contract.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/generated/tableOwnership.ts","../src/component-boundary.contract.ts"],"names":[],"mappings":";AA+HO,IAAM,eAAA,GAAkB;AAAA,EAC7B,eAAA,EAAiB,GAAA;AAAA,EACjB,sBAAA,EAAwB,GAAA;AAAA,EACxB,QAAA,EAAU,GAAA;AAAA,EACV,eAAA,EAAiB,GAAA;AAAA,EACjB,SAAA,EAAW,GAAA;AAAA,EACX,UAAA,EAAY,GAAA;AAAA,EACZ,aAAA,EAAe,GAAA;AAAA,EACf,mBAAA,EAAqB,GAAA;AAAA,EACrB,uBAAA,EAAyB,GAAA;AAAA,EACzB,kBAAA,EAAoB,GAAA;AAAA,EACpB,qBAAA,EAAuB,GAAA;AAAA,EACvB,eAAA,EAAiB,GAAA;AAAA,EACjB,iBAAA,EAAmB,GAAA;AAAA,EACnB,aAAA,EAAe,GAAA;AAAA,EACf,mBAAA,EAAqB,GAAA;AAAA,EACrB,oBAAA,EAAsB,GAAA;AAAA,EACtB,qBAAA,EAAuB,GAAA;AAAA,EACvB,gBAAA,EAAkB,GAAA;AAAA,EAClB,qCAAA,EAAuC,GAAA;AAAA,EACvC,mCAAA,EAAqC,GAAA;AAAA,EACrC,qCAAA,EAAuC,GAAA;AAAA,EACvC,sBAAA,EAAwB,GAAA;AAAA,EACxB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,cAAA,EAAgB,GAAA;AAAA,EAChB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,gBAAA,EAAkB,GAAA;AAAA,EAClB,sBAAA,EAAwB,GAAA;AAAA,EACxB,oBAAA,EAAsB,GAAA;AAAA,EACtB,mBAAA,EAAqB,GAAA;AAAA,EACrB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,sBAAA,EAAwB,GAAA;AAAA,EACxB,gBAAA,EAAkB,GAAA;AAAA,EAClB,oBAAA,EAAsB,GAAA;AAAA,EACtB,gBAAA,EAAkB,GAAA;AAAA,EAClB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,gBAAA,EAAkB,GAAA;AAAA,EAClB,oBAAA,EAAsB,GAAA;AAAA,EACtB,sBAAA,EAAwB,GAAA;AAAA,EACxB,kBAAA,EAAoB,GAAA;AAAA,EACpB,kBAAA,EAAoB,GAAA;AAAA,EACpB,QAAA,EAAU,GAAA;AAAA,EACV,gBAAA,EAAkB,GAAA;AAAA,EAClB,aAAA,EAAe,GAAA;AAAA,EACf,mBAAA,EAAqB,GAAA;AAAA,EACrB,QAAA,EAAU,GAAA;AAAA,EACV,mBAAA,EAAqB,GAAA;AAAA,EACrB,gBAAA,EAAkB,GAAA;AAAA,EAClB,aAAA,EAAe,GAAA;AAAA,EACf,kBAAA,EAAoB,GAAA;AAAA,EACpB,eAAA,EAAiB,GAAA;AAAA,EACjB,oBAAA,EAAsB,GAAA;AAAA,EACtB,eAAA,EAAiB,GAAA;AAAA,EACjB,kBAAA,EAAoB,GAAA;AAAA,EACpB,gBAAA,EAAkB,GAAA;AAAA,EAClB,kBAAA,EAAoB,GAAA;AAAA,EACpB,qBAAA,EAAuB,GAAA;AAAA,EACvB,kBAAA,EAAoB,GAAA;AAAA,EACpB,iBAAA,EAAmB,GAAA;AAAA,EACnB,iBAAA,EAAmB,GAAA;AAAA,EACnB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,mBAAA,EAAqB,GAAA;AAAA,EACrB,cAAA,EAAgB,GAAA;AAAA,EAChB,iCAAA,EAAmC,GAAA;AAAA,EACnC,mCAAA,EAAqC,GAAA;AAAA,EACrC,mBAAA,EAAqB,GAAA;AAAA,EACrB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,wBAAA,EAA0B,GAAA;AAAA,EAC1B,mBAAA,EAAqB,GAAA;AAAA,EACrB,4BAAA,EAA8B,GAAA;AAAA,EAC9B,4BAAA,EAA8B,GAAA;AAAA,EAC9B,eAAA,EAAiB,GAAA;AAAA,EACjB,oBAAA,EAAsB,GAAA;AAAA,EACtB,mBAAA,EAAqB,GAAA;AAAA,EACrB,YAAA,EAAc,GAAA;AAAA,EACd,eAAA,EAAiB,GAAA;AAAA,EACjB,kBAAA,EAAoB,GAAA;AAAA,EACpB,uBAAA,EAAyB,GAAA;AAAA,EACzB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,cAAA,EAAgB,GAAA;AAAA,EAChB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,mBAAA,EAAqB,GAAA;AAAA,EACrB,YAAA,EAAc,GAAA;AAAA,EACd,OAAA,EAAS,GAAA;AAAA,EACT,eAAA,EAAiB,GAAA;AAAA,EACjB,cAAA,EAAgB,GAAA;AAAA,EAChB,6BAAA,EAA+B,GAAA;AAAA,EAC/B,oBAAA,EAAsB,GAAA;AAAA,EACtB,8BAAA,EAAgC,GAAA;AAAA,EAChC,yBAAA,EAA2B,GAAA;AAAA,EAC3B,gBAAA,EAAkB,GAAA;AAAA,EAClB,uBAAA,EAAyB,GAAA;AAAA,EACzB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,uBAAA,EAAyB,GAAA;AAAA,EACzB,SAAA,EAAW,GAAA;AAAA,EACX,0BAAA,EAA4B,GAAA;AAAA,EAC5B,eAAA,EAAiB,GAAA;AAAA,EACjB,UAAA,EAAY,GAAA;AAAA,EACZ,aAAA,EAAe,GAAA;AAAA,EACf,cAAA,EAAgB,GAAA;AAAA,EAChB,qBAAA,EAAuB,GAAA;AAAA,EACvB,QAAA,EAAU,GAAA;AAAA,EACV,OAAA,EAAS,GAAA;AAAA,EACT,cAAA,EAAgB,GAAA;AAAA,EAChB,qBAAA,EAAuB,GAAA;AAAA,EACvB,sBAAA,EAAwB,GAAA;AAAA,EACxB,gBAAA,EAAkB,GAAA;AAAA,EAClB,YAAA,EAAc,GAAA;AAAA,EACd,uBAAA,EAAyB,GAAA;AAAA,EACzB,WAAA,EAAa;AACf,CAAA;;;AC3OO,IAAM,mCAAA,GAAsC;AAE5C,IAAM,mCAAA,GAAsC;AAAA,EACjD,GAAA;AAAA,EACA;AACF;AAIO,IAAM,oCAAA,GAAuC;AAAA,EAClD,QAAA;AAAA,EACA,OAAA;AAAA,EACA,SAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF;AAIO,IAAM,oCAAA,GAAuC;AAAA,EAClD,UAAA;AAAA,EACA,MAAA;AAAA,EACA;AACF;AAEO,IAAM,mCAAA,GAAsC;AAAA,EACjD,mBAAA;AAAA,EACA,uBAAA;AAAA,EACA,YAAA;AAAA,EACA,gBAAA;AAAA,EACA,4BAAA;AAAA,EACA,eAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF;AAIO,SAAS,+BACd,SAAA,EACiC;AACjC,EAAA,OAAO,gBAAgB,SAAyC,CAAA;AAClE;AAEO,SAAS,uCACd,SAAA,EAC2C;AAC3C,EAAA,MAAM,KAAA,GAAQ,+BAA+B,SAAS,CAAA;AACtD,EAAA,OACE,KAAA,KAAU,OACV,KAAA,KAAU,GAAA;AAEd","file":"component-boundary.contract.js","sourcesContent":["/* GENERATED by scripts/generate-contract-schema.ts. DO NOT EDIT. */\n\nexport type TableOwnershipLayer = \"L\" | \"I\" | \"K\" | \"D\" | \"A\";\n\nexport const TABLES_BY_LAYER = {\n \"L\": [\n \"agentRegistryEntries\",\n \"apiKeys\",\n \"auditLog\",\n \"compatibilityShims\",\n \"controlPlaneTenantModelSlotBindings\",\n \"controlPlaneTenantProviderSecrets\",\n \"controlPlaneTenantProxyGatewayUsage\",\n \"controlPlaneToolAcls\",\n \"cutoverFlags\",\n \"groupMemberships\",\n \"groups\",\n \"memberships\",\n \"methodologyPacks\",\n \"oauthDeviceCodes\",\n \"packAssignments\",\n \"packDefinitions\",\n \"packEntitlements\",\n \"packGroupAssignments\",\n \"packInstallations\",\n \"packVersions\",\n \"policyBundles\",\n \"policyDecisionLogs\",\n \"policySimulations\",\n \"principals\",\n \"rateLimitWindows\",\n \"servicePrincipalKeys\",\n \"tenantDeploymentCredentials\",\n \"tenantMethodologyAssignments\",\n \"tenants\",\n \"toolCatalog\",\n \"toolRegistryEntries\",\n \"userSessions\",\n \"workspaces\"\n ],\n \"I\": [\n \"agents\",\n \"mcpWritePolicy\",\n \"modelCallLogs\",\n \"modelFunctionSlots\",\n \"modelRegistry\",\n \"modelSlotConfigs\",\n \"platformAudienceGrants\",\n \"platformAudiences\",\n \"platformPolicyDecisionLogs\",\n \"projectGrants\",\n \"reasoningPermissions\",\n \"tenantApiKeys\",\n \"tenantConfig\",\n \"tenantIntegrations\",\n \"tenantModelSlotBindings\",\n \"tenantPolicies\",\n \"tenantProviderSecrets\",\n \"tenantProxyGatewayUsage\",\n \"tenantProxyTokenMints\",\n \"tenantSandboxAuditEvents\",\n \"tenantSecrets\",\n \"toolAcls\",\n \"toolRegistry\",\n \"users\"\n ],\n \"K\": [\n \"agentMessages\",\n \"agentSessions\",\n \"autofixJobs\",\n \"backgroundJobRuns\",\n \"backgroundJobSettings\",\n \"beliefConfidence\",\n \"beliefEvidenceLinks\",\n \"beliefHistory\",\n \"beliefScenarios\",\n \"beliefVotes\",\n \"calibrationScores\",\n \"contractEvaluations\",\n \"contradictions\",\n \"crossProjectConnections\",\n \"decisionComputedSummaries\",\n \"decisionEvents\",\n \"decisionParticipants\",\n \"decisionRiskLedger\",\n \"decisionSnapshots\",\n \"deliberationContributions\",\n \"deliberationSessions\",\n \"epistemicAudit\",\n \"epistemicContracts\",\n \"epistemicEdges\",\n \"epistemicNodeEmbeddings\",\n \"epistemicNodes\",\n \"graphAnalysisCache\",\n \"graphAnalysisResults\",\n \"graphSuggestions\",\n \"harnessReplays\",\n \"harnessRuns\",\n \"idempotencyTokens\",\n \"lenses\",\n \"lensTopicBindings\",\n \"neo4jSyncQueue\",\n \"ontologyDefinitions\",\n \"ontologyVersions\",\n \"platformAgentRunPolicyDecisions\",\n \"platformAgentRunPromptResolutions\",\n \"platformAgentRuns\",\n \"platformAgentRunToolCalls\",\n \"platformHarnessShadowAudit\",\n \"publicationRules\",\n \"questionEvidenceLinks\",\n \"researchJobs\",\n \"schemaEnumConfig\",\n \"stakeholderGroups\",\n \"systemLogs\",\n \"tasks\",\n \"topics\",\n \"workflowDefinitions\",\n \"workflowPullRequests\",\n \"workflowStages\",\n \"worktreeBeliefCluster\",\n \"worktrees\"\n ],\n \"D\": [],\n \"A\": []\n} as const;\n\nexport const TABLE_OWNERSHIP = {\n \"agentMessages\": \"K\",\n \"agentRegistryEntries\": \"L\",\n \"agents\": \"I\",\n \"agentSessions\": \"K\",\n \"apiKeys\": \"L\",\n \"auditLog\": \"L\",\n \"autofixJobs\": \"K\",\n \"backgroundJobRuns\": \"K\",\n \"backgroundJobSettings\": \"K\",\n \"beliefConfidence\": \"K\",\n \"beliefEvidenceLinks\": \"K\",\n \"beliefHistory\": \"K\",\n \"beliefScenarios\": \"K\",\n \"beliefVotes\": \"K\",\n \"calibrationScores\": \"K\",\n \"compatibilityShims\": \"L\",\n \"contractEvaluations\": \"K\",\n \"contradictions\": \"K\",\n \"controlPlaneTenantModelSlotBindings\": \"L\",\n \"controlPlaneTenantProviderSecrets\": \"L\",\n \"controlPlaneTenantProxyGatewayUsage\": \"L\",\n \"controlPlaneToolAcls\": \"L\",\n \"crossProjectConnections\": \"K\",\n \"cutoverFlags\": \"L\",\n \"decisionComputedSummaries\": \"K\",\n \"decisionEvents\": \"K\",\n \"decisionParticipants\": \"K\",\n \"decisionRiskLedger\": \"K\",\n \"decisionSnapshots\": \"K\",\n \"deliberationContributions\": \"K\",\n \"deliberationSessions\": \"K\",\n \"epistemicAudit\": \"K\",\n \"epistemicContracts\": \"K\",\n \"epistemicEdges\": \"K\",\n \"epistemicNodeEmbeddings\": \"K\",\n \"epistemicNodes\": \"K\",\n \"graphAnalysisCache\": \"K\",\n \"graphAnalysisResults\": \"K\",\n \"graphSuggestions\": \"K\",\n \"groupMemberships\": \"L\",\n \"groups\": \"L\",\n \"harnessReplays\": \"K\",\n \"harnessRuns\": \"K\",\n \"idempotencyTokens\": \"K\",\n \"lenses\": \"K\",\n \"lensTopicBindings\": \"K\",\n \"mcpWritePolicy\": \"I\",\n \"memberships\": \"L\",\n \"methodologyPacks\": \"L\",\n \"modelCallLogs\": \"I\",\n \"modelFunctionSlots\": \"I\",\n \"modelRegistry\": \"I\",\n \"modelSlotConfigs\": \"I\",\n \"neo4jSyncQueue\": \"K\",\n \"oauthDeviceCodes\": \"L\",\n \"ontologyDefinitions\": \"K\",\n \"ontologyVersions\": \"K\",\n \"packAssignments\": \"L\",\n \"packDefinitions\": \"L\",\n \"packEntitlements\": \"L\",\n \"packGroupAssignments\": \"L\",\n \"packInstallations\": \"L\",\n \"packVersions\": \"L\",\n \"platformAgentRunPolicyDecisions\": \"K\",\n \"platformAgentRunPromptResolutions\": \"K\",\n \"platformAgentRuns\": \"K\",\n \"platformAgentRunToolCalls\": \"K\",\n \"platformAudienceGrants\": \"I\",\n \"platformAudiences\": \"I\",\n \"platformHarnessShadowAudit\": \"K\",\n \"platformPolicyDecisionLogs\": \"I\",\n \"policyBundles\": \"L\",\n \"policyDecisionLogs\": \"L\",\n \"policySimulations\": \"L\",\n \"principals\": \"L\",\n \"projectGrants\": \"I\",\n \"publicationRules\": \"K\",\n \"questionEvidenceLinks\": \"K\",\n \"rateLimitWindows\": \"L\",\n \"reasoningPermissions\": \"I\",\n \"researchJobs\": \"K\",\n \"schemaEnumConfig\": \"K\",\n \"servicePrincipalKeys\": \"L\",\n \"stakeholderGroups\": \"K\",\n \"systemLogs\": \"K\",\n \"tasks\": \"K\",\n \"tenantApiKeys\": \"I\",\n \"tenantConfig\": \"I\",\n \"tenantDeploymentCredentials\": \"L\",\n \"tenantIntegrations\": \"I\",\n \"tenantMethodologyAssignments\": \"L\",\n \"tenantModelSlotBindings\": \"I\",\n \"tenantPolicies\": \"I\",\n \"tenantProviderSecrets\": \"I\",\n \"tenantProxyGatewayUsage\": \"I\",\n \"tenantProxyTokenMints\": \"I\",\n \"tenants\": \"L\",\n \"tenantSandboxAuditEvents\": \"I\",\n \"tenantSecrets\": \"I\",\n \"toolAcls\": \"I\",\n \"toolCatalog\": \"L\",\n \"toolRegistry\": \"I\",\n \"toolRegistryEntries\": \"L\",\n \"topics\": \"K\",\n \"users\": \"I\",\n \"userSessions\": \"L\",\n \"workflowDefinitions\": \"K\",\n \"workflowPullRequests\": \"K\",\n \"workflowStages\": \"K\",\n \"workspaces\": \"L\",\n \"worktreeBeliefCluster\": \"K\",\n \"worktrees\": \"K\",\n} as const satisfies Readonly<Record<string, TableOwnershipLayer>>;\n\nexport type GeneratedTableName = keyof typeof TABLE_OWNERSHIP;\n\nexport function classifyTableOwnership(\n tableName: string\n): TableOwnershipLayer | null {\n return TABLE_OWNERSHIP[tableName as GeneratedTableName] ?? null;\n}\n\nexport function listTablesByOwnership(\n layer: TableOwnershipLayer\n): readonly string[] {\n return TABLES_BY_LAYER[layer];\n}\n\nexport function summarizeTableOwnership(\n tableNames: readonly string[]\n): Record<TableOwnershipLayer, number> {\n const summary: Record<TableOwnershipLayer, number> = {\n L: 0,\n I: 0,\n K: 0,\n D: 0,\n A: 0,\n };\n for (const name of tableNames) {\n const layer = classifyTableOwnership(name);\n if (layer) {\n summary[layer] += 1;\n }\n }\n return summary;\n}\n\nexport function assertTableOwnershipCoverage(tableNames: readonly string[]): void {\n const missing = tableNames.filter((name) => !classifyTableOwnership(name));\n const tableNameSet = new Set(tableNames);\n const extras = Object.keys(TABLE_OWNERSHIP).filter(\n (name) => !tableNameSet.has(name)\n );\n if (missing.length > 0 || extras.length > 0) {\n const lines: string[] = [];\n if (missing.length > 0) {\n lines.push(`Missing ownership classification: ${missing.join(\", \")}`);\n }\n if (extras.length > 0) {\n lines.push(`Ownership map contains unknown tables: ${extras.join(\", \")}`);\n }\n throw new Error(lines.join(\"\\n\"));\n }\n}\n","import {\n TABLE_OWNERSHIP,\n type TableOwnershipLayer,\n} from \"./generated/tableOwnership.js\";\n\nexport const COMPONENT_BOUNDARY_CONTRACT_VERSION = \"2026-04-27\" as const;\n\nexport const COMPONENT_BOUNDARY_COMPONENT_LAYERS = [\n \"I\",\n \"K\",\n] as const satisfies readonly TableOwnershipLayer[];\nexport type ComponentBoundaryComponentLayer =\n (typeof COMPONENT_BOUNDARY_COMPONENT_LAYERS)[number];\n\nexport const COMPONENT_BOUNDARY_DIRECT_DB_METHODS = [\n \"insert\",\n \"patch\",\n \"replace\",\n \"delete\",\n \"query\",\n] as const;\nexport type ComponentBoundaryDirectDbMethod =\n (typeof COMPONENT_BOUNDARY_DIRECT_DB_METHODS)[number];\n\nexport const COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS = [\n \"services\",\n \"apps\",\n \"convex\",\n] as const;\n\nexport const COMPONENT_BOUNDARY_HIGH_RISK_TABLES = [\n \"backgroundJobRuns\",\n \"backgroundJobSettings\",\n \"systemLogs\",\n \"epistemicAudit\",\n \"platformPolicyDecisionLogs\",\n \"tenantApiKeys\",\n \"projectGrants\",\n \"userSessions\",\n] as const;\nexport type ComponentBoundaryHighRiskTable =\n (typeof COMPONENT_BOUNDARY_HIGH_RISK_TABLES)[number];\n\nexport function getComponentBoundaryTableLayer(\n tableName: string\n): TableOwnershipLayer | undefined {\n return TABLE_OWNERSHIP[tableName as keyof typeof TABLE_OWNERSHIP];\n}\n\nexport function isComponentBoundaryComponentOwnedTable(\n tableName: string\n): tableName is keyof typeof TABLE_OWNERSHIP {\n const layer = getComponentBoundaryTableLayer(tableName);\n return (\n layer === \"I\" ||\n layer === \"K\"\n );\n}\n\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/gateway.contract.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"sources":["../src/gateway.contract.ts"],"names":[],"mappings":";AA4IO,SAAS,wBACd,WAAA,EACQ;AACR,EAAA,MAAM,WAAA,GACJ,OAAO,WAAA,CAAY,WAAA,KAAgB,WAC/B,WAAA,CAAY,WAAA,CAAY,MAAK,GAC7B,EAAA;AACN,EAAA,IAAI,WAAA,CAAY,SAAS,CAAA,EAAG;AAC1B,IAAA,OAAO,WAAA;AAAA,EACT;AACA,EAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AACxE","file":"gateway.contract.js","sourcesContent":["/**\n * Gateway contract types — shared between Stack's gateway middleware and\n * Lucern's server-core / gateway route handlers.\n *\n * These types describe the authenticated request context that flows from\n * the gateway into Lucern route handlers. The gateway (Stack-side) creates\n * the context; Lucern consumes it read-only.\n *\n * @module @lucern/contracts/src/gateway\n */\n\nimport type {\n SessionAuthMode,\n SessionDelegationHop,\n SessionPrincipalType,\n} from \"./auth-session.contract\";\n\n// ---------------------------------------------------------------------------\n// Error codes\n// ---------------------------------------------------------------------------\n\nexport type PlatformApiErrorCode =\n | \"AUTH_REQUIRED\"\n | \"AUTHENTICATION_REQUIRED\"\n | \"AUTH_TOKEN_MISSING\"\n | \"INVALID_REQUEST\"\n | \"IDEMPOTENCY_KEY_REQUIRED\"\n | \"FORBIDDEN\"\n | \"SCOPE_INSUFFICIENT\"\n | \"ENVIRONMENT_MISMATCH\"\n | \"KEY_EXPIRED\"\n | \"KEY_REVOKED\"\n | \"RATE_LIMIT_EXCEEDED\"\n | \"NOT_FOUND\"\n | \"CONFLICT\"\n | \"UPSTREAM_ERROR\"\n | \"INTERNAL_ERROR\";\n\n// ---------------------------------------------------------------------------\n// Gateway scope and environment\n// ---------------------------------------------------------------------------\n\nexport type GatewayScope = {\n tenantId?: string;\n workspaceId?: string;\n};\n\nexport type GatewayEnvironment = \"sandbox\" | \"production\";\n\nexport type GatewayAuthMode =\n | \"interactive_user\"\n | \"service_principal\"\n | \"tenant_api_key\"\n | \"session_token\";\n\nexport type KeyLifecycleStatus =\n | \"active\"\n | \"rotating\"\n | \"rotated\"\n | \"expired\"\n | \"revoked\";\n\nexport type CutoverDomain =\n | \"graph\"\n | \"schema\"\n | \"identity\"\n | \"policy\"\n | \"audit\"\n | \"admin\"\n | \"agent\"\n | \"tool\"\n | \"prompt\"\n | \"intelligence\";\n\nexport type CutoverFlagState = \"legacy\" | \"cutover\" | \"disabled\";\n\n// ---------------------------------------------------------------------------\n// Gateway auth context — the canonical authenticated request shape\n// ---------------------------------------------------------------------------\n\n/**\n * Authenticated request context created by the gateway middleware.\n * Lucern route handlers receive this as a read-only parameter.\n *\n * The `convex` field is typed as `unknown` in the contract because Lucern\n * consumers should not use the gateway's Convex client directly — they\n * have their own kernel client. The gateway (Stack-side) narrows this to\n * `ConvexHttpClient` at the construction site.\n */\nexport type GatewayAuthContext = {\n userId: string;\n clerkId?: string;\n convexToken?: string;\n /** Opaque in contract — narrowed to ConvexHttpClient at the gateway. */\n convex: any; // eslint-disable-line @typescript-eslint/no-explicit-any\n authMode: GatewayAuthMode;\n principalId?: string;\n principalType?: SessionPrincipalType;\n tenantId?: string;\n workspaceId?: string;\n roles?: string[];\n sessionId?: string;\n sessionAuthMode?: SessionAuthMode;\n sessionExpiresAt?: number;\n delegationChain?: SessionDelegationHop[];\n servicePrincipalId?: string;\n servicePrincipalKeyId?: string;\n servicePrincipalTenantId?: string;\n servicePrincipalWorkspaceId?: string;\n requestEnvironment: GatewayEnvironment;\n keyEnvironment?: GatewayEnvironment;\n keyStatus: KeyLifecycleStatus | \"unknown\";\n grantedScopes: Set<string>;\n cutoverDomain: CutoverDomain;\n cutoverState: CutoverFlagState;\n};\n\n// ---------------------------------------------------------------------------\n// Gateway response helpers — portable (no Next.js dependency)\n// ---------------------------------------------------------------------------\n\nexport type GatewayErrorArgs = {\n code: PlatformApiErrorCode;\n message: string;\n status: number;\n correlationId: string;\n policyTraceId?: string;\n invariant?: string;\n suggestion?: string;\n details?: unknown;\n headers?: HeadersInit;\n};\n\nexport type GatewaySuccessArgs = {\n status?: number;\n correlationId: string;\n policyTraceId?: string;\n idempotentReplay?: boolean;\n};\n\nexport function requireActorPrincipalId(\n authContext: GatewayAuthContext\n): string {\n const principalId =\n typeof authContext.principalId === \"string\"\n ? authContext.principalId.trim()\n : \"\";\n if (principalId.length > 0) {\n return principalId;\n }\n throw new Error(\"Access denied: federated principal context required.\");\n}\n"]}
|
|
@@ -99,6 +99,7 @@ var MC_SCHEMA_TABLES = {
|
|
|
99
99
|
"groups": defineTable(v.object({ "createdAt": v.number(), "description": v.optional(v.string()), "groupKey": v.string(), "groupType": v.union(v.literal("internal"), v.literal("external"), v.literal("system")), "metadata": v.optional(v.record(v.string(), v.any())), "name": v.string(), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenantId_groupKey", ["tenantId", "groupKey"]),
|
|
100
100
|
"memberships": defineTable(v.object({ "createdAt": v.number(), "grantedBy": v.optional(v.string()), "principalId": v.string(), "principalRefId": v.optional(v.id("principals")), "role": v.union(v.literal("platform_admin"), v.literal("tenant_admin"), v.literal("workspace_admin"), v.literal("editor"), v.literal("viewer"), v.literal("auditor"), v.literal("service_agent")), "source": v.union(v.literal("manual"), v.literal("sso"), v.literal("bootstrap"), v.literal("api"), v.literal("scim")), "status": v.union(v.literal("active"), v.literal("invited"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_principalId", ["principalId"]).index("by_principal_tenant", ["principalId", "tenantId"]).index("by_workspace_principal", ["workspaceId", "principalId"]).index("by_tenant_role", ["tenantId", "role"]).index("by_status", ["status"]),
|
|
101
101
|
"methodologyPacks": defineTable(v.object({ "createdAt": v.number(), "description": v.string(), "enforcementLevel": v.union(v.literal("strict"), v.literal("guided"), v.literal("advisory")), "name": v.string(), "packId": v.string(), "phases": v.array(v.object({ "description": v.string(), "gate": v.optional(v.string()), "instructions": v.string(), "name": v.string(), "requiredTools": v.array(v.string()), "title": v.string() })), "principles": v.array(v.string()), "status": v.union(v.literal("active"), v.literal("draft"), v.literal("archived")), "updatedAt": v.number(), "version": v.string() })).index("by_packId", ["packId"]).index("by_status", ["status"]),
|
|
102
|
+
"oauthDeviceCodes": defineTable(v.object({ "approvedAt": v.optional(v.number()), "clerkUserId": v.optional(v.string()), "clientId": v.string(), "consumedAt": v.optional(v.number()), "createdAt": v.number(), "deniedAt": v.optional(v.number()), "deviceCodeHash": v.string(), "expiresAt": v.number(), "intervalSeconds": v.number(), "lastPolledAt": v.optional(v.number()), "principalId": v.optional(v.string()), "role": v.optional(v.string()), "scope": v.string(), "scopes": v.optional(v.array(v.string())), "sessionId": v.optional(v.string()), "slowDownCount": v.optional(v.number()), "status": v.union(v.literal("pending"), v.literal("approved"), v.literal("denied"), v.literal("expired"), v.literal("consumed")), "tenantId": v.optional(v.id("tenants")), "updatedAt": v.number(), "userCode": v.string(), "workspaceId": v.optional(v.string()) })).index("by_deviceCodeHash", ["deviceCodeHash"]).index("by_userCode", ["userCode"]).index("by_status_expiresAt", ["status", "expiresAt"]).index("by_sessionId", ["sessionId"]),
|
|
102
103
|
"packAssignments": defineTable(v.object({ "assignedBy": v.string(), "createdAt": v.number(), "groupId": v.id("groups"), "packKey": v.string(), "status": v.union(v.literal("active"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number() })).index("by_groupId", ["groupId"]).index("by_tenantId", ["tenantId"]).index("by_tenant_packKey", ["tenantId", "packKey"]).index("by_group_packKey", ["groupId", "packKey"]).index("by_status", ["status"]),
|
|
103
104
|
"packDefinitions": defineTable(v.object({ "agentKeys": v.optional(v.array(v.string())), "category": v.union(v.literal("developer"), v.literal("strategy"), v.literal("data"), v.literal("methodology"), v.literal("ontology"), v.literal("custom")), "configTemplates": v.optional(v.record(v.string(), v.any())), "createdAt": v.number(), "createdBy": v.string(), "description": v.optional(v.string()), "installScope": v.optional(v.union(v.literal("tenant"), v.literal("workspace"))), "lensConfig": v.optional(v.array(v.object({ "lensKey": v.string(), "perspectiveType": v.string() }))), "lifecycle": v.union(v.literal("active"), v.literal("beta"), v.literal("experimental")), "methodologyPackIds": v.optional(v.array(v.string())), "name": v.string(), "ontologyConfig": v.optional(v.object({ "ontologyKey": v.string(), "ontologyVersion": v.optional(v.string()), "topicBindings": v.optional(v.array(v.object({ "autoBindNewTopics": v.boolean(), "topicType": v.string() }))) })), "packKey": v.string(), "promptNames": v.optional(v.array(v.string())), "status": v.union(v.literal("draft"), v.literal("active"), v.literal("archived")), "tierRequirement": v.union(v.literal("free"), v.literal("developer"), v.literal("team"), v.literal("enterprise")), "toolNames": v.array(v.string()), "topicIds": v.optional(v.array(v.string())), "updatedAt": v.number() })).index("by_packKey", ["packKey"]).index("by_category", ["category"]).index("by_lifecycle", ["lifecycle"]).index("by_status", ["status"]).index("by_tierRequirement", ["tierRequirement"]),
|
|
104
105
|
"packEntitlements": defineTable(v.object({ "allowedLifecycles": v.optional(v.array(v.union(v.literal("active"), v.literal("beta"), v.literal("experimental")))), "createdAt": v.number(), "grantedBy": v.optional(v.string()), "maxVersion": v.optional(v.string()), "metadata": v.optional(v.record(v.string(), v.any())), "minVersion": v.optional(v.string()), "packKey": v.string(), "status": v.union(v.literal("active"), v.literal("disabled"), v.literal("revoked")), "tenantId": v.id("tenants"), "updatedAt": v.number(), "workspaceId": v.optional(v.id("workspaces")) })).index("by_packKey", ["packKey"]).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_packKey", ["tenantId", "packKey"]).index("by_tenant_workspace_packKey", ["tenantId", "workspaceId", "packKey"]).index("by_tenant_status", ["tenantId", "status"]).index("by_workspace_status", ["workspaceId", "status"]),
|