@lucern/contracts 0.3.0-alpha.2 → 0.3.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/dist/component-boundary.contract.d.ts +14 -0
  2. package/dist/component-boundary.contract.js +155 -0
  3. package/dist/component-boundary.contract.js.map +1 -0
  4. package/dist/gateway.contract.d.ts +1 -0
  5. package/dist/gateway.contract.js.map +1 -1
  6. package/dist/generated/convexSchemas.js +1 -0
  7. package/dist/generated/convexSchemas.js.map +1 -1
  8. package/dist/generated/schema-manifest.json +42 -3
  9. package/dist/generated/tableOwnership.d.ts +2 -1
  10. package/dist/generated/tableOwnership.js +2 -0
  11. package/dist/generated/tableOwnership.js.map +1 -1
  12. package/dist/generated/tier-expectations.json +4 -2
  13. package/dist/index.d.ts +258 -1
  14. package/dist/index.js +618 -1
  15. package/dist/index.js.map +1 -1
  16. package/dist/mcp-gateway-boundary.contract.d.ts +181 -0
  17. package/dist/mcp-gateway-boundary.contract.js +43 -0
  18. package/dist/mcp-gateway-boundary.contract.js.map +1 -0
  19. package/dist/schemas/component-table-manifest.d.ts +2 -2
  20. package/dist/schemas/index.js +35 -0
  21. package/dist/schemas/index.js.map +1 -1
  22. package/dist/schemas/manifest.d.ts +130 -20
  23. package/dist/schemas/manifest.js +35 -0
  24. package/dist/schemas/manifest.js.map +1 -1
  25. package/dist/schemas/tables/kernel/worktree.d.ts +2 -2
  26. package/dist/schemas/tables/mc/identity.d.ts +24 -1
  27. package/dist/schemas/tables/mc/identity.js +35 -1
  28. package/dist/schemas/tables/mc/identity.js.map +1 -1
  29. package/dist/schemas/tables/mc/pack.d.ts +2 -2
  30. package/dist/tenant-client.contract.d.ts +266 -0
  31. package/dist/tenant-client.contract.js +404 -0
  32. package/dist/tenant-client.contract.js.map +1 -0
  33. package/package.json +1 -1
@@ -589,9 +589,9 @@ declare const worktrees: TableContract<{
589
589
  }, "strip", z.ZodTypeAny, {
590
590
  status: "ai_draft" | "user_draft" | "final";
591
591
  content: string;
592
+ approvedAt?: number | undefined;
592
593
  memoContent?: string | undefined;
593
594
  generatedAt?: number | undefined;
594
- approvedAt?: number | undefined;
595
595
  approvedBy?: string | undefined;
596
596
  generationMetadata?: {
597
597
  promptName: string;
@@ -601,9 +601,9 @@ declare const worktrees: TableContract<{
601
601
  }, {
602
602
  status: "ai_draft" | "user_draft" | "final";
603
603
  content: string;
604
+ approvedAt?: number | undefined;
604
605
  memoContent?: string | undefined;
605
606
  generatedAt?: number | undefined;
606
- approvedAt?: number | undefined;
607
607
  approvedBy?: string | undefined;
608
608
  generationMetadata?: {
609
609
  promptName: string;
@@ -62,6 +62,29 @@ declare const rateLimitWindows: TableContract<{
62
62
  createdAt: z.ZodNumber;
63
63
  updatedAt: z.ZodNumber;
64
64
  }>;
65
+ declare const oauthDeviceCodes: TableContract<{
66
+ deviceCodeHash: z.ZodString;
67
+ userCode: z.ZodString;
68
+ clientId: z.ZodString;
69
+ scope: z.ZodString;
70
+ status: z.ZodEnum<["pending", "approved", "denied", "expired", "consumed"]>;
71
+ expiresAt: z.ZodNumber;
72
+ intervalSeconds: z.ZodNumber;
73
+ lastPolledAt: z.ZodOptional<z.ZodNumber>;
74
+ slowDownCount: z.ZodOptional<z.ZodNumber>;
75
+ clerkUserId: z.ZodOptional<z.ZodString>;
76
+ tenantId: z.ZodOptional<ConvexIdSchema<"tenants">>;
77
+ workspaceId: z.ZodOptional<z.ZodString>;
78
+ principalId: z.ZodOptional<z.ZodString>;
79
+ role: z.ZodOptional<z.ZodString>;
80
+ scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
81
+ sessionId: z.ZodOptional<z.ZodString>;
82
+ approvedAt: z.ZodOptional<z.ZodNumber>;
83
+ deniedAt: z.ZodOptional<z.ZodNumber>;
84
+ consumedAt: z.ZodOptional<z.ZodNumber>;
85
+ createdAt: z.ZodNumber;
86
+ updatedAt: z.ZodNumber;
87
+ }>;
65
88
  declare const servicePrincipalKeys: TableContract<{
66
89
  keyId: z.ZodString;
67
90
  tokenHash: z.ZodString;
@@ -131,4 +154,4 @@ declare const userSessions: TableContract<{
131
154
  updatedAt: z.ZodNumber;
132
155
  }>;
133
156
 
134
- export { groupMemberships, groups, memberships, principals, rateLimitWindows, servicePrincipalKeys, userSessions };
157
+ export { groupMemberships, groups, memberships, oauthDeviceCodes, principals, rateLimitWindows, servicePrincipalKeys, userSessions };
@@ -135,6 +135,40 @@ var rateLimitWindows = defineTable({
135
135
  { kind: "index", name: "by_tier_window_end", columns: ["tier", "windowEndMs"] }
136
136
  ]
137
137
  });
138
+ var oauthDeviceCodes = defineTable({
139
+ name: "oauthDeviceCodes",
140
+ component: "mc",
141
+ category: "identity",
142
+ shape: z.object({
143
+ "deviceCodeHash": z.string(),
144
+ "userCode": z.string(),
145
+ "clientId": z.string(),
146
+ "scope": z.string(),
147
+ "status": z.enum(["pending", "approved", "denied", "expired", "consumed"]),
148
+ "expiresAt": z.number(),
149
+ "intervalSeconds": z.number(),
150
+ "lastPolledAt": z.number().optional(),
151
+ "slowDownCount": z.number().optional(),
152
+ "clerkUserId": z.string().optional(),
153
+ "tenantId": idOf("tenants").optional(),
154
+ "workspaceId": z.string().optional(),
155
+ "principalId": z.string().optional(),
156
+ "role": z.string().optional(),
157
+ "scopes": z.array(z.string()).optional(),
158
+ "sessionId": z.string().optional(),
159
+ "approvedAt": z.number().optional(),
160
+ "deniedAt": z.number().optional(),
161
+ "consumedAt": z.number().optional(),
162
+ "createdAt": z.number(),
163
+ "updatedAt": z.number()
164
+ }),
165
+ indices: [
166
+ { kind: "index", name: "by_deviceCodeHash", columns: ["deviceCodeHash"] },
167
+ { kind: "index", name: "by_userCode", columns: ["userCode"] },
168
+ { kind: "index", name: "by_status_expiresAt", columns: ["status", "expiresAt"] },
169
+ { kind: "index", name: "by_sessionId", columns: ["sessionId"] }
170
+ ]
171
+ });
138
172
  var servicePrincipalKeys = defineTable({
139
173
  name: "servicePrincipalKeys",
140
174
  component: "mc",
@@ -216,6 +250,6 @@ var userSessions = defineTable({
216
250
  ]
217
251
  });
218
252
 
219
- export { groupMemberships, groups, memberships, principals, rateLimitWindows, servicePrincipalKeys, userSessions };
253
+ export { groupMemberships, groups, memberships, oauthDeviceCodes, principals, rateLimitWindows, servicePrincipalKeys, userSessions };
220
254
  //# sourceMappingURL=identity.js.map
221
255
  //# sourceMappingURL=identity.js.map
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../src/dsl/defineTable.ts","../../../../src/dsl/idOf.ts","../../../../src/schemas/tables/mc/identity.ts"],"names":["z"],"mappings":";;;;;AAwCO,SAAS,YACd,IAAA,EACkB;AAClB,EAAA,OAAO,IAAA;AACT;AC1CO,IAAM,eAAA,mBAAkB,MAAA,CAAO,GAAA,CAAI,gCAAgC,CAAA;AASnE,SAAS,KAAuB,KAAA,EAA6B;AAClE,EAAA,MAAM,MAAA,GAAS,CAAA,CAAE,MAAA,EAAO,CAAE,KAAA,EAAkB;AAC5C,EAAA,MAAA,CAAO,cAAA,CAAe,QAAQ,eAAA,EAAiB;AAAA,IAC7C,YAAA,EAAc,KAAA;AAAA,IACd,UAAA,EAAY,KAAA;AAAA,IACZ,KAAA,EAAO,KAAA;AAAA,IACP,QAAA,EAAU;AAAA,GACX,CAAA;AACD,EAAA,OAAO,MAAA;AACT;;;ACVO,IAAM,mBAAmB,WAAA,CAAY;AAAA,EAC1C,IAAA,EAAM,kBAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,SAAA,EAAW,KAAK,QAAQ,CAAA;AAAA,IACxB,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,UAAA,EAAY,KAAK,SAAS,CAAA;AAAA,IAC1B,aAAA,EAAe,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,EAAS;AAAA,IAC3C,UAAUA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,IACjD,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC/B,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,cAAc,OAAA,EAAS,CAAC,SAAS,CAAA,EAAE;AAAA,IAC1D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,sBAAsB,OAAA,EAAS,CAAC,aAAA,EAAe,SAAS,CAAA,EAAE;AAAA,IACjF,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,aAAa,OAAA,EAAS,CAAC,QAAQ,CAAA;AAAE;AAE9D,CAAC;AAEM,IAAM,SAAS,WAAA,CAAY;AAAA,EAChC,IAAA,EAAM,QAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,UAAA,EAAY,KAAK,SAAS,CAAA;AAAA,IAC1B,aAAA,EAAe,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,EAAS;AAAA,IAC3C,UAAA,EAAYA,EAAE,MAAA,EAAO;AAAA,IACrB,MAAA,EAAQA,EAAE,MAAA,EAAO;AAAA,IACjB,aAAaA,CAAAA,CAAE,IAAA,CAAK,CAAC,UAAA,EAAY,UAAA,EAAY,QAAQ,CAAC,CAAA;AAAA,IACtD,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,YAAYA,CAAAA,CAAE,MAAA,CAAOA,EAAE,GAAA,EAAK,EAAE,QAAA,EAAS;AAAA,IACvC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,eAAe,OAAA,EAAS,CAAC,UAAU,CAAA,EAAE;AAAA,IAC5D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,wBAAwB,OAAA,EAAS,CAAC,UAAA,EAAY,UAAU,CAAA;AAAE;AAEvF,CAAC;AAEM,IAAM,cAAc,WAAA,CAAY;AAAA,EACrC,IAAA,EAAM,aAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,gBAAA,EAAkB,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,EAAS;AAAA,IAC9C,UAAA,EAAY,KAAK,SAAS,CAAA;AAAA,IAC1B,aAAA,EAAe,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,EAAS;AAAA,IAC3C,MAAA,EAAQA,CAAAA,CAAE,IAAA,CAAK,CAAC,gBAAA,EAAkB,cAAA,EAAgB,iBAAA,EAAmB,QAAA,EAAU,QAAA,EAAU,SAAA,EAAW,eAAe,CAAC,CAAA;AAAA,IACpH,UAAUA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,IACjD,QAAA,EAAUA,EAAE,IAAA,CAAK,CAAC,UAAU,KAAA,EAAO,WAAA,EAAa,KAAA,EAAO,MAAM,CAAC,CAAA;AAAA,IAC9D,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACjC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,uBAAuB,OAAA,EAAS,CAAC,aAAA,EAAe,UAAU,CAAA,EAAE;AAAA,IACnF,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,0BAA0B,OAAA,EAAS,CAAC,aAAA,EAAe,aAAa,CAAA,EAAE;AAAA,IACzF,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,UAAA,EAAY,MAAM,CAAA,EAAE;AAAA,IACvE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,aAAa,OAAA,EAAS,CAAC,QAAQ,CAAA;AAAE;AAE9D,CAAC;AAEM,IAAM,aAAa,WAAA,CAAY;AAAA,EACpC,IAAA,EAAM,YAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,eAAA,EAAiBA,EAAE,IAAA,CAAK,CAAC,QAAQ,OAAA,EAAS,SAAA,EAAW,iBAAiB,CAAC,CAAA;AAAA,IACvE,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC/B,OAAA,EAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC7B,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,YAAYA,CAAAA,CAAE,KAAA,CAAM,KAAK,QAAQ,CAAC,EAAE,QAAA,EAAS;AAAA,IAC7C,UAAA,EAAY,IAAA,CAAK,SAAS,CAAA,CAAE,QAAA,EAAS;AAAA,IACrC,aAAA,EAAe,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,EAAS;AAAA,IAC3C,QAAA,EAAUA,EAAE,IAAA,CAAK,CAAC,UAAU,SAAA,EAAW,WAAA,EAAa,UAAU,CAAC,CAAA;AAAA,IAC/D,YAAYA,CAAAA,CAAE,MAAA,CAAOA,EAAE,GAAA,EAAK,EAAE,QAAA,EAAS;AAAA,IACvC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,cAAc,OAAA,EAAS,CAAC,SAAS,CAAA,EAAE;AAAA,IAC1D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,eAAe,OAAA,EAAS,CAAC,UAAU,CAAA,EAAE;AAAA,IAC5D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,aAAa,OAAA,EAAS,CAAC,QAAQ,CAAA;AAAE;AAE9D,CAAC;AAEM,IAAM,mBAAmB,WAAA,CAAY;AAAA,EAC1C,IAAA,EAAM,kBAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,OAAA,EAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC7B,UAAA,EAAY,IAAA,CAAK,SAAS,CAAA,CAAE,QAAA,EAAS;AAAA,IACrC,cAAcA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,MAAM,CAAC,CAAA;AAAA,IACvC,eAAA,EAAiBA,EAAE,MAAA,EAAO;AAAA,IAC1B,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,cAAA,EAAgBA,EAAE,MAAA,EAAO;AAAA,IACzB,OAAA,EAASA,EAAE,MAAA,EAAO;AAAA,IAClB,QAAQA,CAAAA,CAAE,IAAA,CAAK,CAAC,MAAA,EAAQ,WAAA,EAAa,SAAS,CAAC,CAAA;AAAA,IAC/C,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,qBAAA,EAAuB,SAAS,CAAC,aAAA,EAAe,YAAA,EAAc,eAAe,CAAA,EAAE;AAAA,IACtG,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,wBAAwB,OAAA,EAAS,CAAC,YAAA,EAAc,eAAe,CAAA,EAAE;AAAA,IACxF,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,iBAAiB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IACjE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,sBAAsB,OAAA,EAAS,CAAC,MAAA,EAAQ,aAAa,CAAA;AAAE;AAEpF,CAAC;AAEM,IAAM,uBAAuB,WAAA,CAAY;AAAA,EAC9C,IAAA,EAAM,sBAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,OAAA,EAASA,EAAE,MAAA,EAAO;AAAA,IAClB,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,UAAA,EAAY,KAAK,SAAS,CAAA;AAAA,IAC1B,aAAA,EAAe,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,EAAS;AAAA,IAC3C,QAAA,EAAUA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ,CAAA;AAAA,IAC5B,eAAeA,CAAAA,CAAE,IAAA,CAAK,CAAC,SAAA,EAAW,YAAY,CAAC,CAAA;AAAA,IAC/C,QAAA,EAAUA,EAAE,IAAA,CAAK,CAAC,UAAU,UAAA,EAAY,SAAA,EAAW,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,IACxE,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,qBAAA,EAAuBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC3C,gBAAA,EAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACtC,eAAA,EAAiBA,EAAE,IAAA,CAAK,CAAC,QAAQ,WAAA,EAAa,SAAS,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,IACnE,YAAYA,CAAAA,CAAE,MAAA,CAAOA,EAAE,GAAA,EAAK,EAAE,QAAA,EAAS;AAAA,IACvC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACjC,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACjC,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAClC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,YAAY,OAAA,EAAS,CAAC,OAAO,CAAA,EAAE;AAAA,IACtD,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,gBAAgB,OAAA,EAAS,CAAC,WAAW,CAAA,EAAE;AAAA,IAC9D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,eAAe,OAAA,EAAS,CAAC,UAAU,CAAA,EAAE;AAAA,IAC5D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,aAAa,OAAA,EAAS,CAAC,QAAQ,CAAA,EAAE;AAAA,IACxD,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,uBAAuB,OAAA,EAAS,CAAC,aAAA,EAAe,QAAQ,CAAA;AAAE;AAEvF,CAAC;AAEM,IAAM,eAAe,WAAA,CAAY;AAAA,EACtC,IAAA,EAAM,cAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,UAAA,EAAY,KAAK,SAAS,CAAA;AAAA,IAC1B,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,eAAA,EAAiBA,EAAE,IAAA,CAAK,CAAC,SAAS,SAAA,EAAW,OAAO,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,IAChE,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,UAAA,EAAY,KAAK,SAAS,CAAA;AAAA,IAC1B,eAAeA,CAAAA,CAAE,IAAA,CAAK,CAAC,MAAA,EAAQ,OAAO,CAAC,CAAA;AAAA,IACvC,UAAA,EAAYA,CAAAA,CAAE,IAAA,CAAK,CAAC,kBAAA,EAAoB,qBAAqB,gBAAA,EAAkB,eAAe,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,IAC1G,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC5B,UAAUA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,IACvC,iBAAA,EAAmBA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,CAAO;AAAA,MACpC,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,MACxB,iBAAiBA,CAAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,SAAA,EAAW,OAAO,CAAC,CAAA;AAAA,MACrD,UAAA,EAAYA,CAAAA,CAAE,IAAA,CAAK,CAAC,kBAAA,EAAoB,qBAAqB,gBAAA,EAAkB,eAAe,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,MAC1G,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,MACjC,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,MACnC,QAAA,EAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,KAC/B,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,IACX,iBAAA,EAAmBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACvC,UAAUA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,IACjD,kBAAA,EAAoBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACxC,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,cAAA,EAAgBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACpC,gBAAA,EAAkBA,EAAE,MAAA,EAAO;AAAA,IAC3B,iBAAA,EAAmBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACvC,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACjC,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACjC,cAAA,EAAgBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACpC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,gBAAgB,OAAA,EAAS,CAAC,WAAW,CAAA,EAAE;AAAA,IAC9D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,sBAAsB,OAAA,EAAS,CAAC,iBAAiB,CAAA,EAAE;AAAA,IAC1E,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,eAAe,OAAA,EAAS,CAAC,UAAU,CAAA,EAAE;AAAA,IAC5D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,aAAa,OAAA,EAAS,CAAC,QAAQ,CAAA;AAAE;AAE9D,CAAC","file":"identity.js","sourcesContent":["import type { ZodObject, ZodRawShape } from \"zod\";\n\nexport type TableComponent = \"mc\" | \"kernel\" | \"identity\" | \"developer-pack\";\n\nexport type TableIndex =\n | {\n kind: \"index\";\n name: string;\n columns: readonly string[];\n }\n | {\n kind: \"search\";\n name: string;\n searchField: string;\n filterFields?: readonly string[];\n }\n | {\n kind: \"vector\";\n name: string;\n vectorField: string;\n dimensions: number;\n filterFields?: readonly string[];\n };\n\nexport type TableDeprecation = {\n since: string;\n reason: string;\n replacement?: string;\n};\n\nexport type TableContract<S extends ZodRawShape = ZodRawShape> = {\n name: string;\n component: TableComponent;\n category: string;\n shape: ZodObject<S>;\n indices: readonly TableIndex[];\n deprecated?: TableDeprecation;\n invariants?: readonly string[];\n};\n\nexport function defineTable<S extends ZodRawShape>(\n spec: TableContract<S>\n): TableContract<S> {\n return spec;\n}\n","import { z } from \"zod\";\n\nexport const CONVEX_ID_TABLE = Symbol.for(\"lucern.contracts.convexIdTable\");\n\nexport type ConvexIdSchema<T extends string> = z.ZodBranded<\n z.ZodString,\n `Id<${T}>`\n> & {\n readonly [CONVEX_ID_TABLE]: T;\n};\n\nexport function idOf<T extends string>(table: T): ConvexIdSchema<T> {\n const schema = z.string().brand<`Id<${T}>`>();\n Object.defineProperty(schema, CONVEX_ID_TABLE, {\n configurable: false,\n enumerable: false,\n value: table,\n writable: false,\n });\n return schema as ConvexIdSchema<T>;\n}\n\nexport function getConvexIdTable(schema: z.ZodTypeAny): string | undefined {\n return (schema as Partial<Record<typeof CONVEX_ID_TABLE, string>>)[\n CONVEX_ID_TABLE\n ];\n}\n","/**\n * Schema contracts for mc/identity.\n *\n * Mirrored from:\n * - services/master-control/convex/schema.ts\n */\n\nimport { z } from 'zod';\nimport { defineTable, idOf } from '../../../dsl.js';\n\nexport const groupMemberships = defineTable({\n name: \"groupMemberships\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"groupId\": idOf(\"groups\"),\n \"principalId\": z.string(),\n \"tenantId\": idOf(\"tenants\"),\n \"workspaceId\": idOf(\"workspaces\").optional(),\n \"status\": z.enum([\"active\", \"invited\", \"revoked\"]),\n \"addedBy\": z.string().optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_groupId\", columns: [\"groupId\"] },\n { kind: 'index', name: \"by_principalId\", columns: [\"principalId\"] },\n { kind: 'index', name: \"by_principal_group\", columns: [\"principalId\", \"groupId\"] },\n { kind: 'index', name: \"by_status\", columns: [\"status\"] }\n ],\n});\n\nexport const groups = defineTable({\n name: \"groups\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"tenantId\": idOf(\"tenants\"),\n \"workspaceId\": idOf(\"workspaces\").optional(),\n \"groupKey\": z.string(),\n \"name\": z.string(),\n \"groupType\": z.enum([\"internal\", \"external\", \"system\"]),\n \"description\": z.string().optional(),\n \"metadata\": z.record(z.any()).optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_tenantId\", columns: [\"tenantId\"] },\n { kind: 'index', name: \"by_workspaceId\", columns: [\"workspaceId\"] },\n { kind: 'index', name: \"by_tenantId_groupKey\", columns: [\"tenantId\", \"groupKey\"] }\n ],\n});\n\nexport const memberships = defineTable({\n name: \"memberships\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"principalId\": z.string(),\n \"principalRefId\": idOf(\"principals\").optional(),\n \"tenantId\": idOf(\"tenants\"),\n \"workspaceId\": idOf(\"workspaces\").optional(),\n \"role\": z.enum([\"platform_admin\", \"tenant_admin\", \"workspace_admin\", \"editor\", \"viewer\", \"auditor\", \"service_agent\"]),\n \"status\": z.enum([\"active\", \"invited\", \"revoked\"]),\n \"source\": z.enum([\"manual\", \"sso\", \"bootstrap\", \"api\", \"scim\"]),\n \"grantedBy\": z.string().optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_principalId\", columns: [\"principalId\"] },\n { kind: 'index', name: \"by_principal_tenant\", columns: [\"principalId\", \"tenantId\"] },\n { kind: 'index', name: \"by_workspace_principal\", columns: [\"workspaceId\", \"principalId\"] },\n { kind: 'index', name: \"by_tenant_role\", columns: [\"tenantId\", \"role\"] },\n { kind: 'index', name: \"by_status\", columns: [\"status\"] }\n ],\n});\n\nexport const principals = defineTable({\n name: \"principals\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"principalId\": z.string(),\n \"principalType\": z.enum([\"user\", \"group\", \"service\", \"external_viewer\"]),\n \"clerkId\": z.string().optional(),\n \"email\": z.string().optional(),\n \"displayName\": z.string().optional(),\n \"groupIds\": z.array(idOf(\"groups\")).optional(),\n \"tenantId\": idOf(\"tenants\").optional(),\n \"workspaceId\": idOf(\"workspaces\").optional(),\n \"status\": z.enum([\"active\", \"invited\", \"suspended\", \"disabled\"]),\n \"metadata\": z.record(z.any()).optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_principalId\", columns: [\"principalId\"] },\n { kind: 'index', name: \"by_clerkId\", columns: [\"clerkId\"] },\n { kind: 'index', name: \"by_tenantId\", columns: [\"tenantId\"] },\n { kind: 'index', name: \"by_workspaceId\", columns: [\"workspaceId\"] },\n { kind: 'index', name: \"by_status\", columns: [\"status\"] }\n ],\n});\n\nexport const rateLimitWindows = defineTable({\n name: \"rateLimitWindows\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"principalId\": z.string(),\n \"keyId\": z.string().optional(),\n \"tenantId\": idOf(\"tenants\").optional(),\n \"windowType\": z.enum([\"minute\", \"hour\"]),\n \"windowStartMs\": z.number(),\n \"windowEndMs\": z.number(),\n \"requestCount\": z.number(),\n \"limit\": z.number(),\n \"tier\": z.enum([\"free\", \"developer\", \"partner\"]),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_principal_window\", columns: [\"principalId\", \"windowType\", \"windowStartMs\"] },\n { kind: 'index', name: \"by_window_type_start\", columns: [\"windowType\", \"windowStartMs\"] },\n { kind: 'index', name: \"by_window_end\", columns: [\"windowEndMs\"] },\n { kind: 'index', name: \"by_tier_window_end\", columns: [\"tier\", \"windowEndMs\"] }\n ],\n});\n\nexport const servicePrincipalKeys = defineTable({\n name: \"servicePrincipalKeys\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"keyId\": z.string(),\n \"tokenHash\": z.string(),\n \"principalId\": z.string(),\n \"tenantId\": idOf(\"tenants\"),\n \"workspaceId\": idOf(\"workspaces\").optional(),\n \"scopes\": z.array(z.string()),\n \"environment\": z.enum([\"sandbox\", \"production\"]),\n \"status\": z.enum([\"active\", \"rotating\", \"rotated\", \"expired\", \"revoked\"]),\n \"expiresAt\": z.number(),\n \"rotationGracePeriod\": z.number().optional(),\n \"rotatedToKeyId\": z.string().optional(),\n \"rateLimitTier\": z.enum([\"free\", \"developer\", \"partner\"]).optional(),\n \"metadata\": z.record(z.any()).optional(),\n \"createdBy\": z.string(),\n \"revokedBy\": z.string().optional(),\n \"revokedAt\": z.number().optional(),\n \"lastUsedAt\": z.number().optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_keyId\", columns: [\"keyId\"] },\n { kind: 'index', name: \"by_tokenHash\", columns: [\"tokenHash\"] },\n { kind: 'index', name: \"by_principalId\", columns: [\"principalId\"] },\n { kind: 'index', name: \"by_tenantId\", columns: [\"tenantId\"] },\n { kind: 'index', name: \"by_workspaceId\", columns: [\"workspaceId\"] },\n { kind: 'index', name: \"by_status\", columns: [\"status\"] },\n { kind: 'index', name: \"by_principal_status\", columns: [\"principalId\", \"status\"] }\n ],\n});\n\nexport const userSessions = defineTable({\n name: \"userSessions\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"sessionId\": z.string(),\n \"tenantId\": idOf(\"tenants\"),\n \"clerkUserId\": z.string(),\n \"principalId\": z.string().optional(),\n \"principalType\": z.enum([\"human\", \"service\", \"agent\"]).optional(),\n \"workspaceId\": z.string().optional(),\n \"apiKeyId\": idOf(\"apiKeys\"),\n \"sessionType\": z.enum([\"user\", \"agent\"]),\n \"authMode\": z.enum([\"interactive_user\", \"service_principal\", \"tenant_api_key\", \"session_token\"]).optional(),\n \"role\": z.string().optional(),\n \"scopes\": z.array(z.string()).optional(),\n \"delegationChain\": z.array(z.object({\n \"principalId\": z.string(),\n \"principalType\": z.enum([\"human\", \"service\", \"agent\"]),\n \"authMode\": z.enum([\"interactive_user\", \"service_principal\", \"tenant_api_key\", \"session_token\"]).optional(),\n \"sessionId\": z.string().optional(),\n \"delegatedAt\": z.number().optional(),\n \"reason\": z.string().optional()\n })).optional(),\n \"sourceSessionId\": z.string().optional(),\n \"status\": z.enum([\"active\", \"expired\", \"revoked\"]),\n \"sessionExpiresAt\": z.number().optional(),\n \"jwtIssuedAt\": z.number().optional(),\n \"jwtExpiresAt\": z.number().optional(),\n \"lastActivityAt\": z.number(),\n \"lastValidatedAt\": z.number().optional(),\n \"revokedAt\": z.number().optional(),\n \"revokedBy\": z.string().optional(),\n \"revokeReason\": z.string().optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_sessionId\", columns: [\"sessionId\"] },\n { kind: 'index', name: \"by_sourceSessionId\", columns: [\"sourceSessionId\"] },\n { kind: 'index', name: \"by_tenantId\", columns: [\"tenantId\"] },\n { kind: 'index', name: \"by_clerkUserId\", columns: [\"clerkUserId\"] },\n { kind: 'index', name: \"by_status\", columns: [\"status\"] }\n ],\n});\n"]}
1
+ {"version":3,"sources":["../../../../src/dsl/defineTable.ts","../../../../src/dsl/idOf.ts","../../../../src/schemas/tables/mc/identity.ts"],"names":["z"],"mappings":";;;;;AAwCO,SAAS,YACd,IAAA,EACkB;AAClB,EAAA,OAAO,IAAA;AACT;AC1CO,IAAM,eAAA,mBAAkB,MAAA,CAAO,GAAA,CAAI,gCAAgC,CAAA;AASnE,SAAS,KAAuB,KAAA,EAA6B;AAClE,EAAA,MAAM,MAAA,GAAS,CAAA,CAAE,MAAA,EAAO,CAAE,KAAA,EAAkB;AAC5C,EAAA,MAAA,CAAO,cAAA,CAAe,QAAQ,eAAA,EAAiB;AAAA,IAC7C,YAAA,EAAc,KAAA;AAAA,IACd,UAAA,EAAY,KAAA;AAAA,IACZ,KAAA,EAAO,KAAA;AAAA,IACP,QAAA,EAAU;AAAA,GACX,CAAA;AACD,EAAA,OAAO,MAAA;AACT;;;ACVO,IAAM,mBAAmB,WAAA,CAAY;AAAA,EAC1C,IAAA,EAAM,kBAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,SAAA,EAAW,KAAK,QAAQ,CAAA;AAAA,IACxB,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,UAAA,EAAY,KAAK,SAAS,CAAA;AAAA,IAC1B,aAAA,EAAe,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,EAAS;AAAA,IAC3C,UAAUA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,IACjD,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC/B,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,cAAc,OAAA,EAAS,CAAC,SAAS,CAAA,EAAE;AAAA,IAC1D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,sBAAsB,OAAA,EAAS,CAAC,aAAA,EAAe,SAAS,CAAA,EAAE;AAAA,IACjF,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,aAAa,OAAA,EAAS,CAAC,QAAQ,CAAA;AAAE;AAE9D,CAAC;AAEM,IAAM,SAAS,WAAA,CAAY;AAAA,EAChC,IAAA,EAAM,QAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,UAAA,EAAY,KAAK,SAAS,CAAA;AAAA,IAC1B,aAAA,EAAe,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,EAAS;AAAA,IAC3C,UAAA,EAAYA,EAAE,MAAA,EAAO;AAAA,IACrB,MAAA,EAAQA,EAAE,MAAA,EAAO;AAAA,IACjB,aAAaA,CAAAA,CAAE,IAAA,CAAK,CAAC,UAAA,EAAY,UAAA,EAAY,QAAQ,CAAC,CAAA;AAAA,IACtD,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,YAAYA,CAAAA,CAAE,MAAA,CAAOA,EAAE,GAAA,EAAK,EAAE,QAAA,EAAS;AAAA,IACvC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,eAAe,OAAA,EAAS,CAAC,UAAU,CAAA,EAAE;AAAA,IAC5D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,wBAAwB,OAAA,EAAS,CAAC,UAAA,EAAY,UAAU,CAAA;AAAE;AAEvF,CAAC;AAEM,IAAM,cAAc,WAAA,CAAY;AAAA,EACrC,IAAA,EAAM,aAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,gBAAA,EAAkB,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,EAAS;AAAA,IAC9C,UAAA,EAAY,KAAK,SAAS,CAAA;AAAA,IAC1B,aAAA,EAAe,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,EAAS;AAAA,IAC3C,MAAA,EAAQA,CAAAA,CAAE,IAAA,CAAK,CAAC,gBAAA,EAAkB,cAAA,EAAgB,iBAAA,EAAmB,QAAA,EAAU,QAAA,EAAU,SAAA,EAAW,eAAe,CAAC,CAAA;AAAA,IACpH,UAAUA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,IACjD,QAAA,EAAUA,EAAE,IAAA,CAAK,CAAC,UAAU,KAAA,EAAO,WAAA,EAAa,KAAA,EAAO,MAAM,CAAC,CAAA;AAAA,IAC9D,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACjC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,uBAAuB,OAAA,EAAS,CAAC,aAAA,EAAe,UAAU,CAAA,EAAE;AAAA,IACnF,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,0BAA0B,OAAA,EAAS,CAAC,aAAA,EAAe,aAAa,CAAA,EAAE;AAAA,IACzF,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,UAAA,EAAY,MAAM,CAAA,EAAE;AAAA,IACvE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,aAAa,OAAA,EAAS,CAAC,QAAQ,CAAA;AAAE;AAE9D,CAAC;AAEM,IAAM,aAAa,WAAA,CAAY;AAAA,EACpC,IAAA,EAAM,YAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,eAAA,EAAiBA,EAAE,IAAA,CAAK,CAAC,QAAQ,OAAA,EAAS,SAAA,EAAW,iBAAiB,CAAC,CAAA;AAAA,IACvE,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC/B,OAAA,EAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC7B,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,YAAYA,CAAAA,CAAE,KAAA,CAAM,KAAK,QAAQ,CAAC,EAAE,QAAA,EAAS;AAAA,IAC7C,UAAA,EAAY,IAAA,CAAK,SAAS,CAAA,CAAE,QAAA,EAAS;AAAA,IACrC,aAAA,EAAe,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,EAAS;AAAA,IAC3C,QAAA,EAAUA,EAAE,IAAA,CAAK,CAAC,UAAU,SAAA,EAAW,WAAA,EAAa,UAAU,CAAC,CAAA;AAAA,IAC/D,YAAYA,CAAAA,CAAE,MAAA,CAAOA,EAAE,GAAA,EAAK,EAAE,QAAA,EAAS;AAAA,IACvC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,cAAc,OAAA,EAAS,CAAC,SAAS,CAAA,EAAE;AAAA,IAC1D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,eAAe,OAAA,EAAS,CAAC,UAAU,CAAA,EAAE;AAAA,IAC5D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,aAAa,OAAA,EAAS,CAAC,QAAQ,CAAA;AAAE;AAE9D,CAAC;AAEM,IAAM,mBAAmB,WAAA,CAAY;AAAA,EAC1C,IAAA,EAAM,kBAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,OAAA,EAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC7B,UAAA,EAAY,IAAA,CAAK,SAAS,CAAA,CAAE,QAAA,EAAS;AAAA,IACrC,cAAcA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,MAAM,CAAC,CAAA;AAAA,IACvC,eAAA,EAAiBA,EAAE,MAAA,EAAO;AAAA,IAC1B,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,cAAA,EAAgBA,EAAE,MAAA,EAAO;AAAA,IACzB,OAAA,EAASA,EAAE,MAAA,EAAO;AAAA,IAClB,QAAQA,CAAAA,CAAE,IAAA,CAAK,CAAC,MAAA,EAAQ,WAAA,EAAa,SAAS,CAAC,CAAA;AAAA,IAC/C,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,qBAAA,EAAuB,SAAS,CAAC,aAAA,EAAe,YAAA,EAAc,eAAe,CAAA,EAAE;AAAA,IACtG,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,wBAAwB,OAAA,EAAS,CAAC,YAAA,EAAc,eAAe,CAAA,EAAE;AAAA,IACxF,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,iBAAiB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IACjE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,sBAAsB,OAAA,EAAS,CAAC,MAAA,EAAQ,aAAa,CAAA;AAAE;AAEpF,CAAC;AAEM,IAAM,mBAAmB,WAAA,CAAY;AAAA,EAC1C,IAAA,EAAM,kBAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,gBAAA,EAAkBA,EAAE,MAAA,EAAO;AAAA,IAC3B,UAAA,EAAYA,EAAE,MAAA,EAAO;AAAA,IACrB,UAAA,EAAYA,EAAE,MAAA,EAAO;AAAA,IACrB,OAAA,EAASA,EAAE,MAAA,EAAO;AAAA,IAClB,QAAA,EAAUA,EAAE,IAAA,CAAK,CAAC,WAAW,UAAA,EAAY,QAAA,EAAU,SAAA,EAAW,UAAU,CAAC,CAAA;AAAA,IACzE,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,iBAAA,EAAmBA,EAAE,MAAA,EAAO;AAAA,IAC5B,cAAA,EAAgBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACpC,eAAA,EAAiBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACrC,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,UAAA,EAAY,IAAA,CAAK,SAAS,CAAA,CAAE,QAAA,EAAS;AAAA,IACrC,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC5B,UAAUA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,IACvC,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACjC,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAClC,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAChC,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAClC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,qBAAqB,OAAA,EAAS,CAAC,gBAAgB,CAAA,EAAE;AAAA,IACxE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,eAAe,OAAA,EAAS,CAAC,UAAU,CAAA,EAAE;AAAA,IAC5D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,uBAAuB,OAAA,EAAS,CAAC,QAAA,EAAU,WAAW,CAAA,EAAE;AAAA,IAC/E,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,gBAAgB,OAAA,EAAS,CAAC,WAAW,CAAA;AAAE;AAEpE,CAAC;AAEM,IAAM,uBAAuB,WAAA,CAAY;AAAA,EAC9C,IAAA,EAAM,sBAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,OAAA,EAASA,EAAE,MAAA,EAAO;AAAA,IAClB,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,UAAA,EAAY,KAAK,SAAS,CAAA;AAAA,IAC1B,aAAA,EAAe,IAAA,CAAK,YAAY,CAAA,CAAE,QAAA,EAAS;AAAA,IAC3C,QAAA,EAAUA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,QAAQ,CAAA;AAAA,IAC5B,eAAeA,CAAAA,CAAE,IAAA,CAAK,CAAC,SAAA,EAAW,YAAY,CAAC,CAAA;AAAA,IAC/C,QAAA,EAAUA,EAAE,IAAA,CAAK,CAAC,UAAU,UAAA,EAAY,SAAA,EAAW,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,IACxE,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,qBAAA,EAAuBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC3C,gBAAA,EAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACtC,eAAA,EAAiBA,EAAE,IAAA,CAAK,CAAC,QAAQ,WAAA,EAAa,SAAS,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,IACnE,YAAYA,CAAAA,CAAE,MAAA,CAAOA,EAAE,GAAA,EAAK,EAAE,QAAA,EAAS;AAAA,IACvC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACjC,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACjC,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAClC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,YAAY,OAAA,EAAS,CAAC,OAAO,CAAA,EAAE;AAAA,IACtD,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,gBAAgB,OAAA,EAAS,CAAC,WAAW,CAAA,EAAE;AAAA,IAC9D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,eAAe,OAAA,EAAS,CAAC,UAAU,CAAA,EAAE;AAAA,IAC5D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,aAAa,OAAA,EAAS,CAAC,QAAQ,CAAA,EAAE;AAAA,IACxD,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,uBAAuB,OAAA,EAAS,CAAC,aAAA,EAAe,QAAQ,CAAA;AAAE;AAEvF,CAAC;AAEM,IAAM,eAAe,WAAA,CAAY;AAAA,EACtC,IAAA,EAAM,cAAA;AAAA,EACN,SAAA,EAAW,IAAA;AAAA,EACX,QAAA,EAAU,UAAA;AAAA,EACV,KAAA,EAAOA,EAAE,MAAA,CAAO;AAAA,IACd,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,UAAA,EAAY,KAAK,SAAS,CAAA;AAAA,IAC1B,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,IACxB,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,eAAA,EAAiBA,EAAE,IAAA,CAAK,CAAC,SAAS,SAAA,EAAW,OAAO,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,IAChE,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,UAAA,EAAY,KAAK,SAAS,CAAA;AAAA,IAC1B,eAAeA,CAAAA,CAAE,IAAA,CAAK,CAAC,MAAA,EAAQ,OAAO,CAAC,CAAA;AAAA,IACvC,UAAA,EAAYA,CAAAA,CAAE,IAAA,CAAK,CAAC,kBAAA,EAAoB,qBAAqB,gBAAA,EAAkB,eAAe,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,IAC1G,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC5B,UAAUA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,IACvC,iBAAA,EAAmBA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,CAAO;AAAA,MACpC,aAAA,EAAeA,EAAE,MAAA,EAAO;AAAA,MACxB,iBAAiBA,CAAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,SAAA,EAAW,OAAO,CAAC,CAAA;AAAA,MACrD,UAAA,EAAYA,CAAAA,CAAE,IAAA,CAAK,CAAC,kBAAA,EAAoB,qBAAqB,gBAAA,EAAkB,eAAe,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,MAC1G,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,MACjC,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,MACnC,QAAA,EAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,KAC/B,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,IACX,iBAAA,EAAmBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACvC,UAAUA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,IACjD,kBAAA,EAAoBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACxC,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACnC,cAAA,EAAgBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACpC,gBAAA,EAAkBA,EAAE,MAAA,EAAO;AAAA,IAC3B,iBAAA,EAAmBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACvC,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACjC,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACjC,cAAA,EAAgBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IACpC,WAAA,EAAaA,EAAE,MAAA,EAAO;AAAA,IACtB,WAAA,EAAaA,EAAE,MAAA;AAAO,GACvB,CAAA;AAAA,EACD,OAAA,EAAS;AAAA,IACL,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,gBAAgB,OAAA,EAAS,CAAC,WAAW,CAAA,EAAE;AAAA,IAC9D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,sBAAsB,OAAA,EAAS,CAAC,iBAAiB,CAAA,EAAE;AAAA,IAC1E,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,eAAe,OAAA,EAAS,CAAC,UAAU,CAAA,EAAE;AAAA,IAC5D,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,kBAAkB,OAAA,EAAS,CAAC,aAAa,CAAA,EAAE;AAAA,IAClE,EAAE,MAAM,OAAA,EAAS,IAAA,EAAM,aAAa,OAAA,EAAS,CAAC,QAAQ,CAAA;AAAE;AAE9D,CAAC","file":"identity.js","sourcesContent":["import type { ZodObject, ZodRawShape } from \"zod\";\n\nexport type TableComponent = \"mc\" | \"kernel\" | \"identity\" | \"developer-pack\";\n\nexport type TableIndex =\n | {\n kind: \"index\";\n name: string;\n columns: readonly string[];\n }\n | {\n kind: \"search\";\n name: string;\n searchField: string;\n filterFields?: readonly string[];\n }\n | {\n kind: \"vector\";\n name: string;\n vectorField: string;\n dimensions: number;\n filterFields?: readonly string[];\n };\n\nexport type TableDeprecation = {\n since: string;\n reason: string;\n replacement?: string;\n};\n\nexport type TableContract<S extends ZodRawShape = ZodRawShape> = {\n name: string;\n component: TableComponent;\n category: string;\n shape: ZodObject<S>;\n indices: readonly TableIndex[];\n deprecated?: TableDeprecation;\n invariants?: readonly string[];\n};\n\nexport function defineTable<S extends ZodRawShape>(\n spec: TableContract<S>\n): TableContract<S> {\n return spec;\n}\n","import { z } from \"zod\";\n\nexport const CONVEX_ID_TABLE = Symbol.for(\"lucern.contracts.convexIdTable\");\n\nexport type ConvexIdSchema<T extends string> = z.ZodBranded<\n z.ZodString,\n `Id<${T}>`\n> & {\n readonly [CONVEX_ID_TABLE]: T;\n};\n\nexport function idOf<T extends string>(table: T): ConvexIdSchema<T> {\n const schema = z.string().brand<`Id<${T}>`>();\n Object.defineProperty(schema, CONVEX_ID_TABLE, {\n configurable: false,\n enumerable: false,\n value: table,\n writable: false,\n });\n return schema as ConvexIdSchema<T>;\n}\n\nexport function getConvexIdTable(schema: z.ZodTypeAny): string | undefined {\n return (schema as Partial<Record<typeof CONVEX_ID_TABLE, string>>)[\n CONVEX_ID_TABLE\n ];\n}\n","/**\n * Schema contracts for mc/identity.\n *\n * Mirrored from:\n * - services/master-control/convex/schema.ts\n */\n\nimport { z } from 'zod';\nimport { defineTable, idOf } from '../../../dsl.js';\n\nexport const groupMemberships = defineTable({\n name: \"groupMemberships\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"groupId\": idOf(\"groups\"),\n \"principalId\": z.string(),\n \"tenantId\": idOf(\"tenants\"),\n \"workspaceId\": idOf(\"workspaces\").optional(),\n \"status\": z.enum([\"active\", \"invited\", \"revoked\"]),\n \"addedBy\": z.string().optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_groupId\", columns: [\"groupId\"] },\n { kind: 'index', name: \"by_principalId\", columns: [\"principalId\"] },\n { kind: 'index', name: \"by_principal_group\", columns: [\"principalId\", \"groupId\"] },\n { kind: 'index', name: \"by_status\", columns: [\"status\"] }\n ],\n});\n\nexport const groups = defineTable({\n name: \"groups\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"tenantId\": idOf(\"tenants\"),\n \"workspaceId\": idOf(\"workspaces\").optional(),\n \"groupKey\": z.string(),\n \"name\": z.string(),\n \"groupType\": z.enum([\"internal\", \"external\", \"system\"]),\n \"description\": z.string().optional(),\n \"metadata\": z.record(z.any()).optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_tenantId\", columns: [\"tenantId\"] },\n { kind: 'index', name: \"by_workspaceId\", columns: [\"workspaceId\"] },\n { kind: 'index', name: \"by_tenantId_groupKey\", columns: [\"tenantId\", \"groupKey\"] }\n ],\n});\n\nexport const memberships = defineTable({\n name: \"memberships\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"principalId\": z.string(),\n \"principalRefId\": idOf(\"principals\").optional(),\n \"tenantId\": idOf(\"tenants\"),\n \"workspaceId\": idOf(\"workspaces\").optional(),\n \"role\": z.enum([\"platform_admin\", \"tenant_admin\", \"workspace_admin\", \"editor\", \"viewer\", \"auditor\", \"service_agent\"]),\n \"status\": z.enum([\"active\", \"invited\", \"revoked\"]),\n \"source\": z.enum([\"manual\", \"sso\", \"bootstrap\", \"api\", \"scim\"]),\n \"grantedBy\": z.string().optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_principalId\", columns: [\"principalId\"] },\n { kind: 'index', name: \"by_principal_tenant\", columns: [\"principalId\", \"tenantId\"] },\n { kind: 'index', name: \"by_workspace_principal\", columns: [\"workspaceId\", \"principalId\"] },\n { kind: 'index', name: \"by_tenant_role\", columns: [\"tenantId\", \"role\"] },\n { kind: 'index', name: \"by_status\", columns: [\"status\"] }\n ],\n});\n\nexport const principals = defineTable({\n name: \"principals\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"principalId\": z.string(),\n \"principalType\": z.enum([\"user\", \"group\", \"service\", \"external_viewer\"]),\n \"clerkId\": z.string().optional(),\n \"email\": z.string().optional(),\n \"displayName\": z.string().optional(),\n \"groupIds\": z.array(idOf(\"groups\")).optional(),\n \"tenantId\": idOf(\"tenants\").optional(),\n \"workspaceId\": idOf(\"workspaces\").optional(),\n \"status\": z.enum([\"active\", \"invited\", \"suspended\", \"disabled\"]),\n \"metadata\": z.record(z.any()).optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_principalId\", columns: [\"principalId\"] },\n { kind: 'index', name: \"by_clerkId\", columns: [\"clerkId\"] },\n { kind: 'index', name: \"by_tenantId\", columns: [\"tenantId\"] },\n { kind: 'index', name: \"by_workspaceId\", columns: [\"workspaceId\"] },\n { kind: 'index', name: \"by_status\", columns: [\"status\"] }\n ],\n});\n\nexport const rateLimitWindows = defineTable({\n name: \"rateLimitWindows\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"principalId\": z.string(),\n \"keyId\": z.string().optional(),\n \"tenantId\": idOf(\"tenants\").optional(),\n \"windowType\": z.enum([\"minute\", \"hour\"]),\n \"windowStartMs\": z.number(),\n \"windowEndMs\": z.number(),\n \"requestCount\": z.number(),\n \"limit\": z.number(),\n \"tier\": z.enum([\"free\", \"developer\", \"partner\"]),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_principal_window\", columns: [\"principalId\", \"windowType\", \"windowStartMs\"] },\n { kind: 'index', name: \"by_window_type_start\", columns: [\"windowType\", \"windowStartMs\"] },\n { kind: 'index', name: \"by_window_end\", columns: [\"windowEndMs\"] },\n { kind: 'index', name: \"by_tier_window_end\", columns: [\"tier\", \"windowEndMs\"] }\n ],\n});\n\nexport const oauthDeviceCodes = defineTable({\n name: \"oauthDeviceCodes\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"deviceCodeHash\": z.string(),\n \"userCode\": z.string(),\n \"clientId\": z.string(),\n \"scope\": z.string(),\n \"status\": z.enum([\"pending\", \"approved\", \"denied\", \"expired\", \"consumed\"]),\n \"expiresAt\": z.number(),\n \"intervalSeconds\": z.number(),\n \"lastPolledAt\": z.number().optional(),\n \"slowDownCount\": z.number().optional(),\n \"clerkUserId\": z.string().optional(),\n \"tenantId\": idOf(\"tenants\").optional(),\n \"workspaceId\": z.string().optional(),\n \"principalId\": z.string().optional(),\n \"role\": z.string().optional(),\n \"scopes\": z.array(z.string()).optional(),\n \"sessionId\": z.string().optional(),\n \"approvedAt\": z.number().optional(),\n \"deniedAt\": z.number().optional(),\n \"consumedAt\": z.number().optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_deviceCodeHash\", columns: [\"deviceCodeHash\"] },\n { kind: 'index', name: \"by_userCode\", columns: [\"userCode\"] },\n { kind: 'index', name: \"by_status_expiresAt\", columns: [\"status\", \"expiresAt\"] },\n { kind: 'index', name: \"by_sessionId\", columns: [\"sessionId\"] }\n ],\n});\n\nexport const servicePrincipalKeys = defineTable({\n name: \"servicePrincipalKeys\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"keyId\": z.string(),\n \"tokenHash\": z.string(),\n \"principalId\": z.string(),\n \"tenantId\": idOf(\"tenants\"),\n \"workspaceId\": idOf(\"workspaces\").optional(),\n \"scopes\": z.array(z.string()),\n \"environment\": z.enum([\"sandbox\", \"production\"]),\n \"status\": z.enum([\"active\", \"rotating\", \"rotated\", \"expired\", \"revoked\"]),\n \"expiresAt\": z.number(),\n \"rotationGracePeriod\": z.number().optional(),\n \"rotatedToKeyId\": z.string().optional(),\n \"rateLimitTier\": z.enum([\"free\", \"developer\", \"partner\"]).optional(),\n \"metadata\": z.record(z.any()).optional(),\n \"createdBy\": z.string(),\n \"revokedBy\": z.string().optional(),\n \"revokedAt\": z.number().optional(),\n \"lastUsedAt\": z.number().optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_keyId\", columns: [\"keyId\"] },\n { kind: 'index', name: \"by_tokenHash\", columns: [\"tokenHash\"] },\n { kind: 'index', name: \"by_principalId\", columns: [\"principalId\"] },\n { kind: 'index', name: \"by_tenantId\", columns: [\"tenantId\"] },\n { kind: 'index', name: \"by_workspaceId\", columns: [\"workspaceId\"] },\n { kind: 'index', name: \"by_status\", columns: [\"status\"] },\n { kind: 'index', name: \"by_principal_status\", columns: [\"principalId\", \"status\"] }\n ],\n});\n\nexport const userSessions = defineTable({\n name: \"userSessions\",\n component: \"mc\",\n category: \"identity\",\n shape: z.object({\n \"sessionId\": z.string(),\n \"tenantId\": idOf(\"tenants\"),\n \"clerkUserId\": z.string(),\n \"principalId\": z.string().optional(),\n \"principalType\": z.enum([\"human\", \"service\", \"agent\"]).optional(),\n \"workspaceId\": z.string().optional(),\n \"apiKeyId\": idOf(\"apiKeys\"),\n \"sessionType\": z.enum([\"user\", \"agent\"]),\n \"authMode\": z.enum([\"interactive_user\", \"service_principal\", \"tenant_api_key\", \"session_token\"]).optional(),\n \"role\": z.string().optional(),\n \"scopes\": z.array(z.string()).optional(),\n \"delegationChain\": z.array(z.object({\n \"principalId\": z.string(),\n \"principalType\": z.enum([\"human\", \"service\", \"agent\"]),\n \"authMode\": z.enum([\"interactive_user\", \"service_principal\", \"tenant_api_key\", \"session_token\"]).optional(),\n \"sessionId\": z.string().optional(),\n \"delegatedAt\": z.number().optional(),\n \"reason\": z.string().optional()\n })).optional(),\n \"sourceSessionId\": z.string().optional(),\n \"status\": z.enum([\"active\", \"expired\", \"revoked\"]),\n \"sessionExpiresAt\": z.number().optional(),\n \"jwtIssuedAt\": z.number().optional(),\n \"jwtExpiresAt\": z.number().optional(),\n \"lastActivityAt\": z.number(),\n \"lastValidatedAt\": z.number().optional(),\n \"revokedAt\": z.number().optional(),\n \"revokedBy\": z.string().optional(),\n \"revokeReason\": z.string().optional(),\n \"createdAt\": z.number(),\n \"updatedAt\": z.number()\n }),\n indices: [\n { kind: 'index', name: \"by_sessionId\", columns: [\"sessionId\"] },\n { kind: 'index', name: \"by_sourceSessionId\", columns: [\"sourceSessionId\"] },\n { kind: 'index', name: \"by_tenantId\", columns: [\"tenantId\"] },\n { kind: 'index', name: \"by_clerkUserId\", columns: [\"clerkUserId\"] },\n { kind: 'index', name: \"by_status\", columns: [\"status\"] }\n ],\n});\n"]}
@@ -151,7 +151,7 @@ declare const packVersions: TableContract<{
151
151
  parameterSchema?: Record<string, any> | undefined;
152
152
  category?: "read" | "write" | "admin" | "system" | undefined;
153
153
  requiredRole?: "platform_admin" | "tenant_admin" | "workspace_admin" | "editor" | "viewer" | "auditor" | "service_agent" | undefined;
154
- requiredAction?: "read" | "admin" | "mutate" | "summarize" | "export" | "create" | "delete" | "grant" | "revoke" | undefined;
154
+ requiredAction?: "delete" | "read" | "admin" | "mutate" | "summarize" | "export" | "create" | "grant" | "revoke" | undefined;
155
155
  surfaces?: ("cli" | "mcp" | "chat" | "voice" | "sprint" | "api" | "sdk")[] | undefined;
156
156
  returnSchema?: Record<string, any> | undefined;
157
157
  handlerRef?: string | undefined;
@@ -168,7 +168,7 @@ declare const packVersions: TableContract<{
168
168
  parameterSchema?: Record<string, any> | undefined;
169
169
  category?: "read" | "write" | "admin" | "system" | undefined;
170
170
  requiredRole?: "platform_admin" | "tenant_admin" | "workspace_admin" | "editor" | "viewer" | "auditor" | "service_agent" | undefined;
171
- requiredAction?: "read" | "admin" | "mutate" | "summarize" | "export" | "create" | "delete" | "grant" | "revoke" | undefined;
171
+ requiredAction?: "delete" | "read" | "admin" | "mutate" | "summarize" | "export" | "create" | "grant" | "revoke" | undefined;
172
172
  surfaces?: ("cli" | "mcp" | "chat" | "voice" | "sprint" | "api" | "sdk")[] | undefined;
173
173
  returnSchema?: Record<string, any> | undefined;
174
174
  handlerRef?: string | undefined;
@@ -0,0 +1,266 @@
1
+ /**
2
+ * Tenant client contract
3
+ *
4
+ * Defines the generic boundary for any customer-owned product that consumes
5
+ * Lucern through the SDK, hosted API, or MCP server. Tenant clients may run
6
+ * their own UI, auth provider, deployment, and data plane, but reasoning
7
+ * operations must enter through the published packages below.
8
+ */
9
+ declare const TENANT_CLIENT_CONTRACT_VERSION: "2026-04-27";
10
+ declare const TENANT_CLIENT_AUTH_MODES: readonly ["interactive_user", "service_principal", "tenant_api_key", "session_token"];
11
+ type TenantClientAuthMode = (typeof TENANT_CLIENT_AUTH_MODES)[number];
12
+ declare const TENANT_CLIENT_PRINCIPAL_TYPES: readonly ["human", "service", "agent"];
13
+ type TenantClientPrincipalType = (typeof TENANT_CLIENT_PRINCIPAL_TYPES)[number];
14
+ declare const TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS: readonly ["tenantId", "workspaceId", "principalId", "authMode", "scopes"];
15
+ type TenantClientRequiredContextField = (typeof TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS)[number];
16
+ declare const TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS: readonly ["principalType", "roles", "sessionId", "delegationChain"];
17
+ type TenantClientOptionalContextField = (typeof TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS)[number];
18
+ declare const TENANT_CLIENT_INSTALL_TOKEN_ENV: "INSTALL_LUCERN_NPM";
19
+ declare const TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH: "tenants/shared";
20
+ declare const TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS: readonly ["/platform/publish"];
21
+ declare const TENANT_CLIENT_FORBIDDEN_SECRET_ENV: readonly ["NPM_TOKEN"];
22
+ type TenantClientForbiddenInstallTokenInfisicalPath = (typeof TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS)[number];
23
+ type TenantClientForbiddenSecretEnv = (typeof TENANT_CLIENT_FORBIDDEN_SECRET_ENV)[number];
24
+ declare const TENANT_CLIENT_INSTALLABLE_PACKAGES: readonly [{
25
+ readonly packageName: "@lucern/access-control";
26
+ readonly role: "sdk_dependency";
27
+ readonly directTenantImport: false;
28
+ }, {
29
+ readonly packageName: "@lucern/agent";
30
+ readonly role: "platform_runtime";
31
+ readonly directTenantImport: false;
32
+ }, {
33
+ readonly packageName: "@lucern/auth";
34
+ readonly role: "sdk_dependency";
35
+ readonly directTenantImport: false;
36
+ }, {
37
+ readonly packageName: "@lucern/cli";
38
+ readonly role: "developer_tool";
39
+ readonly directTenantImport: false;
40
+ }, {
41
+ readonly packageName: "@lucern/client-core";
42
+ readonly role: "sdk_dependency";
43
+ readonly directTenantImport: false;
44
+ }, {
45
+ readonly packageName: "@lucern/confidence";
46
+ readonly role: "sdk_dependency";
47
+ readonly directTenantImport: false;
48
+ }, {
49
+ readonly packageName: "@lucern/config";
50
+ readonly role: "configuration";
51
+ readonly directTenantImport: false;
52
+ }, {
53
+ readonly packageName: "@lucern/contracts";
54
+ readonly role: "contract_entrypoint";
55
+ readonly directTenantImport: true;
56
+ }, {
57
+ readonly packageName: "@lucern/control-plane";
58
+ readonly role: "platform_runtime";
59
+ readonly directTenantImport: false;
60
+ }, {
61
+ readonly packageName: "@lucern/developer-kit";
62
+ readonly role: "developer_tool";
63
+ readonly directTenantImport: false;
64
+ }, {
65
+ readonly packageName: "@lucern/events";
66
+ readonly role: "sdk_dependency";
67
+ readonly directTenantImport: false;
68
+ }, {
69
+ readonly packageName: "@lucern/graph-primitives";
70
+ readonly role: "sdk_dependency";
71
+ readonly directTenantImport: false;
72
+ }, {
73
+ readonly packageName: "@lucern/identity";
74
+ readonly role: "component_runtime";
75
+ readonly directTenantImport: false;
76
+ }, {
77
+ readonly packageName: "@lucern/mcp";
78
+ readonly role: "runtime_entrypoint";
79
+ readonly directTenantImport: true;
80
+ }, {
81
+ readonly packageName: "@lucern/pack-host";
82
+ readonly role: "platform_runtime";
83
+ readonly directTenantImport: false;
84
+ }, {
85
+ readonly packageName: "@lucern/pack-installer";
86
+ readonly role: "developer_tool";
87
+ readonly directTenantImport: false;
88
+ }, {
89
+ readonly packageName: "@lucern/proof-compiler";
90
+ readonly role: "developer_tool";
91
+ readonly directTenantImport: false;
92
+ }, {
93
+ readonly packageName: "@lucern/react";
94
+ readonly role: "runtime_entrypoint";
95
+ readonly directTenantImport: true;
96
+ }, {
97
+ readonly packageName: "@lucern/reasoning-kernel";
98
+ readonly role: "component_runtime";
99
+ readonly directTenantImport: false;
100
+ }, {
101
+ readonly packageName: "@lucern/sdk";
102
+ readonly role: "runtime_entrypoint";
103
+ readonly directTenantImport: true;
104
+ }, {
105
+ readonly packageName: "@lucern/server-core";
106
+ readonly role: "platform_runtime";
107
+ readonly directTenantImport: false;
108
+ }, {
109
+ readonly packageName: "@lucern/testing";
110
+ readonly role: "test_support";
111
+ readonly directTenantImport: false;
112
+ }, {
113
+ readonly packageName: "@lucern/types";
114
+ readonly role: "contract_entrypoint";
115
+ readonly directTenantImport: true;
116
+ }];
117
+ type TenantClientInstallablePackage = (typeof TENANT_CLIENT_INSTALLABLE_PACKAGES)[number];
118
+ type TenantClientPackageRole = TenantClientInstallablePackage["role"];
119
+ type TenantClientInstallablePackageName = TenantClientInstallablePackage["packageName"];
120
+ /**
121
+ * Direct imports tenant-owned product code may use. This is intentionally
122
+ * smaller than TENANT_CLIENT_INSTALLABLE_PACKAGES: several publishable packages
123
+ * are installed as SDK dependencies, tooling, or platform runtimes but should
124
+ * not become the application integration surface.
125
+ */
126
+ declare const TENANT_CLIENT_PUBLIC_IMPORTS: readonly [{
127
+ readonly packageName: "@lucern/sdk";
128
+ readonly surface: "runtime";
129
+ readonly subpaths: "published_exports";
130
+ readonly description: "TypeScript SDK runtime and generated operation namespaces.";
131
+ }, {
132
+ readonly packageName: "@lucern/react";
133
+ readonly surface: "runtime";
134
+ readonly subpaths: "published_exports";
135
+ readonly description: "React bindings for tenant-owned UI applications.";
136
+ }, {
137
+ readonly packageName: "@lucern/mcp";
138
+ readonly surface: "runtime";
139
+ readonly subpaths: "published_exports";
140
+ readonly description: "MCP client/server entry points and hosted route helpers.";
141
+ }, {
142
+ readonly packageName: "@lucern/contracts";
143
+ readonly surface: "contract";
144
+ readonly subpaths: "published_exports";
145
+ readonly description: "Published type and manifest contracts.";
146
+ }, {
147
+ readonly packageName: "@lucern/types";
148
+ readonly surface: "contract";
149
+ readonly subpaths: "published_exports";
150
+ readonly description: "Published type-only helpers for tenant integration code.";
151
+ }];
152
+ type TenantClientPublicImport = (typeof TENANT_CLIENT_PUBLIC_IMPORTS)[number];
153
+ type TenantClientPublicPackage = TenantClientPublicImport["packageName"];
154
+ type TenantClientPublicSurface = TenantClientPublicImport["surface"];
155
+ declare const TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS: readonly [{
156
+ readonly packageName: "@lucern/identity";
157
+ readonly importPath: "@lucern/identity/convex.config";
158
+ readonly surface: "component_config";
159
+ readonly description: "Convex component binding config for tenant deployments that install Lucern identity.";
160
+ }, {
161
+ readonly packageName: "@lucern/reasoning-kernel";
162
+ readonly importPath: "@lucern/reasoning-kernel/convex.config";
163
+ readonly surface: "component_config";
164
+ readonly description: "Convex component binding config for tenant deployments that install the Lucern reasoning kernel.";
165
+ }, {
166
+ readonly packageName: "@lucern/reasoning-kernel";
167
+ readonly importPath: "@lucern/reasoning-kernel/runtime.config";
168
+ readonly surface: "component_config";
169
+ readonly description: "Runtime config alias for tenant deployments that install the Lucern reasoning kernel.";
170
+ }];
171
+ type TenantClientComponentConfigImport = (typeof TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS)[number];
172
+ type TenantClientAllowedImport = TenantClientPublicImport | TenantClientComponentConfigImport;
173
+ declare function findTenantClientInstallablePackage(packageName: string): TenantClientInstallablePackage | undefined;
174
+ declare function isTenantClientInstallablePackage(packageName: string): boolean;
175
+ declare const TENANT_CLIENT_REQUIRED_SDK_NAMESPACES: readonly ["bootstrap", "context", "beliefs", "evidence", "questions", "graph", "worktrees", "topics", "edges", "contradictions", "contracts", "graphAnalysis", "graphRecommendations", "orgGraphSearch", "embeddings", "ontologyLinks", "graphStateClassifier", "tools", "identity", "modelRuntime", "events", "jobs", "telemetry"];
176
+ type TenantClientRequiredSdkNamespace = (typeof TENANT_CLIENT_REQUIRED_SDK_NAMESPACES)[number];
177
+ declare const TENANT_CLIENT_CAPABILITIES: readonly [{
178
+ readonly id: "identity.bootstrap_session";
179
+ readonly description: "Start a scoped Lucern session for a tenant principal.";
180
+ readonly surfaces: readonly ["@lucern/sdk", "@lucern/mcp"];
181
+ readonly requiredContextFields: readonly ["tenantId", "workspaceId", "principalId", "authMode", "scopes"];
182
+ }, {
183
+ readonly id: "reasoning.context.compile";
184
+ readonly description: "Compile tenant and workspace scoped reasoning context.";
185
+ readonly surfaces: readonly ["@lucern/sdk", "@lucern/react", "@lucern/mcp"];
186
+ readonly requiredContextFields: readonly ["tenantId", "workspaceId", "principalId", "authMode", "scopes"];
187
+ }, {
188
+ readonly id: "reasoning.graph.read";
189
+ readonly description: "Read beliefs, evidence, questions, topics, and lineage.";
190
+ readonly surfaces: readonly ["@lucern/sdk", "@lucern/react", "@lucern/mcp"];
191
+ readonly requiredContextFields: readonly ["tenantId", "workspaceId", "principalId", "authMode", "scopes"];
192
+ }, {
193
+ readonly id: "reasoning.graph.write";
194
+ readonly description: "Create and update graph objects through authorized APIs.";
195
+ readonly surfaces: readonly ["@lucern/sdk", "@lucern/mcp"];
196
+ readonly requiredContextFields: readonly ["tenantId", "workspaceId", "principalId", "authMode", "scopes"];
197
+ }, {
198
+ readonly id: "workflow.worktree_lifecycle";
199
+ readonly description: "Create, review, merge, and close scoped worktrees.";
200
+ readonly surfaces: readonly ["@lucern/sdk", "@lucern/react", "@lucern/mcp"];
201
+ readonly requiredContextFields: readonly ["tenantId", "workspaceId", "principalId", "authMode", "scopes"];
202
+ }];
203
+ type TenantClientCapability = (typeof TENANT_CLIENT_CAPABILITIES)[number];
204
+ type TenantClientCapabilityId = TenantClientCapability["id"];
205
+ declare const TENANT_CLIENT_ISOLATION_RULES: readonly [{
206
+ readonly id: "tenant_workspace_scope_required";
207
+ readonly description: "Runtime operations must resolve both tenantId and workspaceId before reaching Lucern reasoning state.";
208
+ }, {
209
+ readonly id: "principal_audit_required";
210
+ readonly description: "Runtime operations must carry principalId, authMode, and scopes for audit attribution.";
211
+ }, {
212
+ readonly id: "no_private_lucern_imports";
213
+ readonly description: "Tenant code must not import Lucern source, Convex internals, generated adapters, or unpublished package internals.";
214
+ }];
215
+ type TenantClientIsolationRule = (typeof TENANT_CLIENT_ISOLATION_RULES)[number];
216
+ declare const TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS: readonly [{
217
+ readonly id: "deep_src_import";
218
+ readonly pattern: "^@lucern/[^/]+/src(?:/|$)";
219
+ readonly description: "Published packages must not be bypassed through src paths.";
220
+ }, {
221
+ readonly id: "deep_dist_import";
222
+ readonly pattern: "^@lucern/[^/]+/dist(?:/|$)";
223
+ readonly description: "Published package exports must be used instead of dist file paths.";
224
+ }, {
225
+ readonly id: "generated_adapter_import";
226
+ readonly pattern: "^@lucern/[^/]+/(?:adapters/)?_generated(?:/|$)";
227
+ readonly description: "Generated Lucern adapters are internal deployment artifacts.";
228
+ }, {
229
+ readonly id: "private_runtime_import";
230
+ readonly pattern: "^@lucern/[^/]+/(?:internal|private)(?:/|$)";
231
+ readonly description: "Internal and private package subpaths are not public SDK API.";
232
+ }, {
233
+ readonly id: "workspace_source_import";
234
+ readonly pattern: "^(?:packages|modules|services|lucern|apps)/(?:.+/)?src(?:/|$)";
235
+ readonly description: "Tenant clients must not import source files from the Lucern monorepo.";
236
+ }, {
237
+ readonly id: "root_alias_lucern_import";
238
+ readonly pattern: "^@/(?:lucern|packages|modules|services|apps)(?:/|$)";
239
+ readonly description: "Tenant clients must not depend on Lucern repo-local path aliases.";
240
+ }, {
241
+ readonly id: "relative_lucern_source_import";
242
+ readonly pattern: "^\\.\\.?/(?:.+/)?(?:packages|modules|services|lucern|apps)(?:/|$)";
243
+ readonly description: "Tenant clients must not reach back into Lucern source through relative paths.";
244
+ }, {
245
+ readonly id: "monorepo_path_import";
246
+ readonly pattern: "lucern-repo";
247
+ readonly description: "Absolute imports that name the Lucern repository are not portable tenant code.";
248
+ }];
249
+ type TenantClientForbiddenImportPattern = (typeof TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS)[number];
250
+ type TenantClientForbiddenImportPatternId = TenantClientForbiddenImportPattern["id"];
251
+ type TenantClientImportDecision = "public" | "forbidden" | "local" | "external";
252
+ type TenantClientImportClassification = {
253
+ importPath: string;
254
+ decision: TenantClientImportDecision;
255
+ publicImport?: TenantClientAllowedImport;
256
+ pattern?: TenantClientForbiddenImportPattern;
257
+ reason: string;
258
+ };
259
+ declare function classifyTenantClientImport(importPath: string): TenantClientImportClassification;
260
+ declare function isTenantClientPublicImport(importPath: string): boolean;
261
+ declare function isTenantClientComponentConfigImport(importPath: string): boolean;
262
+ declare function isTenantClientAllowedImport(importPath: string): boolean;
263
+ declare function assertTenantClientImportAllowed(importPath: string): void;
264
+ declare function formatTenantClientImportViolation(classification: TenantClientImportClassification): string;
265
+
266
+ export { TENANT_CLIENT_AUTH_MODES, TENANT_CLIENT_CAPABILITIES, TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS, TENANT_CLIENT_CONTRACT_VERSION, TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS, TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS, TENANT_CLIENT_FORBIDDEN_SECRET_ENV, TENANT_CLIENT_INSTALLABLE_PACKAGES, TENANT_CLIENT_INSTALL_TOKEN_ENV, TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH, TENANT_CLIENT_ISOLATION_RULES, TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS, TENANT_CLIENT_PRINCIPAL_TYPES, TENANT_CLIENT_PUBLIC_IMPORTS, TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS, TENANT_CLIENT_REQUIRED_SDK_NAMESPACES, type TenantClientAllowedImport, type TenantClientAuthMode, type TenantClientCapability, type TenantClientCapabilityId, type TenantClientComponentConfigImport, type TenantClientForbiddenImportPattern, type TenantClientForbiddenImportPatternId, type TenantClientForbiddenInstallTokenInfisicalPath, type TenantClientForbiddenSecretEnv, type TenantClientImportClassification, type TenantClientImportDecision, type TenantClientInstallablePackage, type TenantClientInstallablePackageName, type TenantClientIsolationRule, type TenantClientOptionalContextField, type TenantClientPackageRole, type TenantClientPrincipalType, type TenantClientPublicImport, type TenantClientPublicPackage, type TenantClientPublicSurface, type TenantClientRequiredContextField, type TenantClientRequiredSdkNamespace, assertTenantClientImportAllowed, classifyTenantClientImport, findTenantClientInstallablePackage, formatTenantClientImportViolation, isTenantClientAllowedImport, isTenantClientComponentConfigImport, isTenantClientInstallablePackage, isTenantClientPublicImport };