@lucern/contracts 0.3.0-alpha.2 → 0.3.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/dist/component-boundary.contract.d.ts +14 -0
  2. package/dist/component-boundary.contract.js +155 -0
  3. package/dist/component-boundary.contract.js.map +1 -0
  4. package/dist/gateway.contract.d.ts +1 -0
  5. package/dist/gateway.contract.js.map +1 -1
  6. package/dist/generated/convexSchemas.js +1 -0
  7. package/dist/generated/convexSchemas.js.map +1 -1
  8. package/dist/generated/schema-manifest.json +42 -3
  9. package/dist/generated/tableOwnership.d.ts +2 -1
  10. package/dist/generated/tableOwnership.js +2 -0
  11. package/dist/generated/tableOwnership.js.map +1 -1
  12. package/dist/generated/tier-expectations.json +4 -2
  13. package/dist/index.d.ts +258 -1
  14. package/dist/index.js +618 -1
  15. package/dist/index.js.map +1 -1
  16. package/dist/mcp-gateway-boundary.contract.d.ts +181 -0
  17. package/dist/mcp-gateway-boundary.contract.js +43 -0
  18. package/dist/mcp-gateway-boundary.contract.js.map +1 -0
  19. package/dist/schemas/component-table-manifest.d.ts +2 -2
  20. package/dist/schemas/index.js +35 -0
  21. package/dist/schemas/index.js.map +1 -1
  22. package/dist/schemas/manifest.d.ts +130 -20
  23. package/dist/schemas/manifest.js +35 -0
  24. package/dist/schemas/manifest.js.map +1 -1
  25. package/dist/schemas/tables/kernel/worktree.d.ts +2 -2
  26. package/dist/schemas/tables/mc/identity.d.ts +24 -1
  27. package/dist/schemas/tables/mc/identity.js +35 -1
  28. package/dist/schemas/tables/mc/identity.js.map +1 -1
  29. package/dist/schemas/tables/mc/pack.d.ts +2 -2
  30. package/dist/tenant-client.contract.d.ts +266 -0
  31. package/dist/tenant-client.contract.js +404 -0
  32. package/dist/tenant-client.contract.js.map +1 -0
  33. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -224,6 +224,158 @@ function lastDelegator(delegationChain) {
224
224
  return delegationChain[delegationChain.length - 1]?.principalId;
225
225
  }
226
226
 
227
+ // src/generated/tableOwnership.ts
228
+ var TABLE_OWNERSHIP = {
229
+ "agentMessages": "K",
230
+ "agentRegistryEntries": "L",
231
+ "agents": "I",
232
+ "agentSessions": "K",
233
+ "apiKeys": "L",
234
+ "auditLog": "L",
235
+ "autofixJobs": "K",
236
+ "backgroundJobRuns": "K",
237
+ "backgroundJobSettings": "K",
238
+ "beliefConfidence": "K",
239
+ "beliefEvidenceLinks": "K",
240
+ "beliefHistory": "K",
241
+ "beliefScenarios": "K",
242
+ "beliefVotes": "K",
243
+ "calibrationScores": "K",
244
+ "compatibilityShims": "L",
245
+ "contractEvaluations": "K",
246
+ "contradictions": "K",
247
+ "controlPlaneTenantModelSlotBindings": "L",
248
+ "controlPlaneTenantProviderSecrets": "L",
249
+ "controlPlaneTenantProxyGatewayUsage": "L",
250
+ "controlPlaneToolAcls": "L",
251
+ "crossProjectConnections": "K",
252
+ "cutoverFlags": "L",
253
+ "decisionComputedSummaries": "K",
254
+ "decisionEvents": "K",
255
+ "decisionParticipants": "K",
256
+ "decisionRiskLedger": "K",
257
+ "decisionSnapshots": "K",
258
+ "deliberationContributions": "K",
259
+ "deliberationSessions": "K",
260
+ "epistemicAudit": "K",
261
+ "epistemicContracts": "K",
262
+ "epistemicEdges": "K",
263
+ "epistemicNodeEmbeddings": "K",
264
+ "epistemicNodes": "K",
265
+ "graphAnalysisCache": "K",
266
+ "graphAnalysisResults": "K",
267
+ "graphSuggestions": "K",
268
+ "groupMemberships": "L",
269
+ "groups": "L",
270
+ "harnessReplays": "K",
271
+ "harnessRuns": "K",
272
+ "idempotencyTokens": "K",
273
+ "lenses": "K",
274
+ "lensTopicBindings": "K",
275
+ "mcpWritePolicy": "I",
276
+ "memberships": "L",
277
+ "methodologyPacks": "L",
278
+ "modelCallLogs": "I",
279
+ "modelFunctionSlots": "I",
280
+ "modelRegistry": "I",
281
+ "modelSlotConfigs": "I",
282
+ "neo4jSyncQueue": "K",
283
+ "oauthDeviceCodes": "L",
284
+ "ontologyDefinitions": "K",
285
+ "ontologyVersions": "K",
286
+ "packAssignments": "L",
287
+ "packDefinitions": "L",
288
+ "packEntitlements": "L",
289
+ "packGroupAssignments": "L",
290
+ "packInstallations": "L",
291
+ "packVersions": "L",
292
+ "platformAgentRunPolicyDecisions": "K",
293
+ "platformAgentRunPromptResolutions": "K",
294
+ "platformAgentRuns": "K",
295
+ "platformAgentRunToolCalls": "K",
296
+ "platformAudienceGrants": "I",
297
+ "platformAudiences": "I",
298
+ "platformHarnessShadowAudit": "K",
299
+ "platformPolicyDecisionLogs": "I",
300
+ "policyBundles": "L",
301
+ "policyDecisionLogs": "L",
302
+ "policySimulations": "L",
303
+ "principals": "L",
304
+ "projectGrants": "I",
305
+ "publicationRules": "K",
306
+ "questionEvidenceLinks": "K",
307
+ "rateLimitWindows": "L",
308
+ "reasoningPermissions": "I",
309
+ "researchJobs": "K",
310
+ "schemaEnumConfig": "K",
311
+ "servicePrincipalKeys": "L",
312
+ "stakeholderGroups": "K",
313
+ "systemLogs": "K",
314
+ "tasks": "K",
315
+ "tenantApiKeys": "I",
316
+ "tenantConfig": "I",
317
+ "tenantDeploymentCredentials": "L",
318
+ "tenantIntegrations": "I",
319
+ "tenantMethodologyAssignments": "L",
320
+ "tenantModelSlotBindings": "I",
321
+ "tenantPolicies": "I",
322
+ "tenantProviderSecrets": "I",
323
+ "tenantProxyGatewayUsage": "I",
324
+ "tenantProxyTokenMints": "I",
325
+ "tenants": "L",
326
+ "tenantSandboxAuditEvents": "I",
327
+ "tenantSecrets": "I",
328
+ "toolAcls": "I",
329
+ "toolCatalog": "L",
330
+ "toolRegistry": "I",
331
+ "toolRegistryEntries": "L",
332
+ "topics": "K",
333
+ "users": "I",
334
+ "userSessions": "L",
335
+ "workflowDefinitions": "K",
336
+ "workflowPullRequests": "K",
337
+ "workflowStages": "K",
338
+ "workspaces": "L",
339
+ "worktreeBeliefCluster": "K",
340
+ "worktrees": "K"
341
+ };
342
+
343
+ // src/component-boundary.contract.ts
344
+ var COMPONENT_BOUNDARY_CONTRACT_VERSION = "2026-04-27";
345
+ var COMPONENT_BOUNDARY_COMPONENT_LAYERS = [
346
+ "I",
347
+ "K"
348
+ ];
349
+ var COMPONENT_BOUNDARY_DIRECT_DB_METHODS = [
350
+ "insert",
351
+ "patch",
352
+ "replace",
353
+ "delete",
354
+ "query"
355
+ ];
356
+ var COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS = [
357
+ "services",
358
+ "apps",
359
+ "convex"
360
+ ];
361
+ var COMPONENT_BOUNDARY_HIGH_RISK_TABLES = [
362
+ "backgroundJobRuns",
363
+ "backgroundJobSettings",
364
+ "systemLogs",
365
+ "epistemicAudit",
366
+ "platformPolicyDecisionLogs",
367
+ "tenantApiKeys",
368
+ "projectGrants",
369
+ "userSessions"
370
+ ];
371
+ function getComponentBoundaryTableLayer(tableName) {
372
+ return TABLE_OWNERSHIP[tableName];
373
+ }
374
+ function isComponentBoundaryComponentOwnedTable(tableName) {
375
+ const layer = getComponentBoundaryTableLayer(tableName);
376
+ return layer === "I" || layer === "K";
377
+ }
378
+
227
379
  // src/gateway.contract.ts
228
380
  function requireActorPrincipalId(authContext) {
229
381
  const principalId = typeof authContext.principalId === "string" ? authContext.principalId.trim() : "";
@@ -3023,6 +3175,40 @@ var rateLimitWindows = defineTable({
3023
3175
  { kind: "index", name: "by_tier_window_end", columns: ["tier", "windowEndMs"] }
3024
3176
  ]
3025
3177
  });
3178
+ var oauthDeviceCodes = defineTable({
3179
+ name: "oauthDeviceCodes",
3180
+ component: "mc",
3181
+ category: "identity",
3182
+ shape: z.object({
3183
+ "deviceCodeHash": z.string(),
3184
+ "userCode": z.string(),
3185
+ "clientId": z.string(),
3186
+ "scope": z.string(),
3187
+ "status": z.enum(["pending", "approved", "denied", "expired", "consumed"]),
3188
+ "expiresAt": z.number(),
3189
+ "intervalSeconds": z.number(),
3190
+ "lastPolledAt": z.number().optional(),
3191
+ "slowDownCount": z.number().optional(),
3192
+ "clerkUserId": z.string().optional(),
3193
+ "tenantId": idOf("tenants").optional(),
3194
+ "workspaceId": z.string().optional(),
3195
+ "principalId": z.string().optional(),
3196
+ "role": z.string().optional(),
3197
+ "scopes": z.array(z.string()).optional(),
3198
+ "sessionId": z.string().optional(),
3199
+ "approvedAt": z.number().optional(),
3200
+ "deniedAt": z.number().optional(),
3201
+ "consumedAt": z.number().optional(),
3202
+ "createdAt": z.number(),
3203
+ "updatedAt": z.number()
3204
+ }),
3205
+ indices: [
3206
+ { kind: "index", name: "by_deviceCodeHash", columns: ["deviceCodeHash"] },
3207
+ { kind: "index", name: "by_userCode", columns: ["userCode"] },
3208
+ { kind: "index", name: "by_status_expiresAt", columns: ["status", "expiresAt"] },
3209
+ { kind: "index", name: "by_sessionId", columns: ["sessionId"] }
3210
+ ]
3211
+ });
3026
3212
  var servicePrincipalKeys = defineTable({
3027
3213
  name: "servicePrincipalKeys",
3028
3214
  component: "mc",
@@ -5387,6 +5573,7 @@ var MC_TABLE_CONTRACTS = [
5387
5573
  groupMemberships,
5388
5574
  groups,
5389
5575
  memberships,
5576
+ oauthDeviceCodes,
5390
5577
  principals,
5391
5578
  rateLimitWindows,
5392
5579
  servicePrincipalKeys,
@@ -5566,6 +5753,436 @@ var InvariantManifestSchema = z.object({
5566
5753
  )
5567
5754
  });
5568
5755
 
5756
+ // src/tenant-client.contract.ts
5757
+ var TENANT_CLIENT_CONTRACT_VERSION = "2026-04-27";
5758
+ var TENANT_CLIENT_AUTH_MODES = [
5759
+ "interactive_user",
5760
+ "service_principal",
5761
+ "tenant_api_key",
5762
+ "session_token"
5763
+ ];
5764
+ var TENANT_CLIENT_PRINCIPAL_TYPES = [
5765
+ "human",
5766
+ "service",
5767
+ "agent"
5768
+ ];
5769
+ var TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS = [
5770
+ "tenantId",
5771
+ "workspaceId",
5772
+ "principalId",
5773
+ "authMode",
5774
+ "scopes"
5775
+ ];
5776
+ var TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS = [
5777
+ "principalType",
5778
+ "roles",
5779
+ "sessionId",
5780
+ "delegationChain"
5781
+ ];
5782
+ var TENANT_CLIENT_INSTALL_TOKEN_ENV = "INSTALL_LUCERN_NPM";
5783
+ var TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH = "tenants/shared";
5784
+ var TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS = [
5785
+ "/platform/publish"
5786
+ ];
5787
+ var TENANT_CLIENT_FORBIDDEN_SECRET_ENV = ["NPM_TOKEN"];
5788
+ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
5789
+ {
5790
+ packageName: "@lucern/access-control",
5791
+ role: "sdk_dependency",
5792
+ directTenantImport: false
5793
+ },
5794
+ {
5795
+ packageName: "@lucern/agent",
5796
+ role: "platform_runtime",
5797
+ directTenantImport: false
5798
+ },
5799
+ {
5800
+ packageName: "@lucern/auth",
5801
+ role: "sdk_dependency",
5802
+ directTenantImport: false
5803
+ },
5804
+ {
5805
+ packageName: "@lucern/cli",
5806
+ role: "developer_tool",
5807
+ directTenantImport: false
5808
+ },
5809
+ {
5810
+ packageName: "@lucern/client-core",
5811
+ role: "sdk_dependency",
5812
+ directTenantImport: false
5813
+ },
5814
+ {
5815
+ packageName: "@lucern/confidence",
5816
+ role: "sdk_dependency",
5817
+ directTenantImport: false
5818
+ },
5819
+ {
5820
+ packageName: "@lucern/config",
5821
+ role: "configuration",
5822
+ directTenantImport: false
5823
+ },
5824
+ {
5825
+ packageName: "@lucern/contracts",
5826
+ role: "contract_entrypoint",
5827
+ directTenantImport: true
5828
+ },
5829
+ {
5830
+ packageName: "@lucern/control-plane",
5831
+ role: "platform_runtime",
5832
+ directTenantImport: false
5833
+ },
5834
+ {
5835
+ packageName: "@lucern/developer-kit",
5836
+ role: "developer_tool",
5837
+ directTenantImport: false
5838
+ },
5839
+ {
5840
+ packageName: "@lucern/events",
5841
+ role: "sdk_dependency",
5842
+ directTenantImport: false
5843
+ },
5844
+ {
5845
+ packageName: "@lucern/graph-primitives",
5846
+ role: "sdk_dependency",
5847
+ directTenantImport: false
5848
+ },
5849
+ {
5850
+ packageName: "@lucern/identity",
5851
+ role: "component_runtime",
5852
+ directTenantImport: false
5853
+ },
5854
+ {
5855
+ packageName: "@lucern/mcp",
5856
+ role: "runtime_entrypoint",
5857
+ directTenantImport: true
5858
+ },
5859
+ {
5860
+ packageName: "@lucern/pack-host",
5861
+ role: "platform_runtime",
5862
+ directTenantImport: false
5863
+ },
5864
+ {
5865
+ packageName: "@lucern/pack-installer",
5866
+ role: "developer_tool",
5867
+ directTenantImport: false
5868
+ },
5869
+ {
5870
+ packageName: "@lucern/proof-compiler",
5871
+ role: "developer_tool",
5872
+ directTenantImport: false
5873
+ },
5874
+ {
5875
+ packageName: "@lucern/react",
5876
+ role: "runtime_entrypoint",
5877
+ directTenantImport: true
5878
+ },
5879
+ {
5880
+ packageName: "@lucern/reasoning-kernel",
5881
+ role: "component_runtime",
5882
+ directTenantImport: false
5883
+ },
5884
+ {
5885
+ packageName: "@lucern/sdk",
5886
+ role: "runtime_entrypoint",
5887
+ directTenantImport: true
5888
+ },
5889
+ {
5890
+ packageName: "@lucern/server-core",
5891
+ role: "platform_runtime",
5892
+ directTenantImport: false
5893
+ },
5894
+ {
5895
+ packageName: "@lucern/testing",
5896
+ role: "test_support",
5897
+ directTenantImport: false
5898
+ },
5899
+ {
5900
+ packageName: "@lucern/types",
5901
+ role: "contract_entrypoint",
5902
+ directTenantImport: true
5903
+ }
5904
+ ];
5905
+ var TENANT_CLIENT_PUBLIC_IMPORTS = [
5906
+ {
5907
+ packageName: "@lucern/sdk",
5908
+ surface: "runtime",
5909
+ subpaths: "published_exports",
5910
+ description: "TypeScript SDK runtime and generated operation namespaces."
5911
+ },
5912
+ {
5913
+ packageName: "@lucern/react",
5914
+ surface: "runtime",
5915
+ subpaths: "published_exports",
5916
+ description: "React bindings for tenant-owned UI applications."
5917
+ },
5918
+ {
5919
+ packageName: "@lucern/mcp",
5920
+ surface: "runtime",
5921
+ subpaths: "published_exports",
5922
+ description: "MCP client/server entry points and hosted route helpers."
5923
+ },
5924
+ {
5925
+ packageName: "@lucern/contracts",
5926
+ surface: "contract",
5927
+ subpaths: "published_exports",
5928
+ description: "Published type and manifest contracts."
5929
+ },
5930
+ {
5931
+ packageName: "@lucern/types",
5932
+ surface: "contract",
5933
+ subpaths: "published_exports",
5934
+ description: "Published type-only helpers for tenant integration code."
5935
+ }
5936
+ ];
5937
+ var TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS = [
5938
+ {
5939
+ packageName: "@lucern/identity",
5940
+ importPath: "@lucern/identity/convex.config",
5941
+ surface: "component_config",
5942
+ description: "Convex component binding config for tenant deployments that install Lucern identity."
5943
+ },
5944
+ {
5945
+ packageName: "@lucern/reasoning-kernel",
5946
+ importPath: "@lucern/reasoning-kernel/convex.config",
5947
+ surface: "component_config",
5948
+ description: "Convex component binding config for tenant deployments that install the Lucern reasoning kernel."
5949
+ },
5950
+ {
5951
+ packageName: "@lucern/reasoning-kernel",
5952
+ importPath: "@lucern/reasoning-kernel/runtime.config",
5953
+ surface: "component_config",
5954
+ description: "Runtime config alias for tenant deployments that install the Lucern reasoning kernel."
5955
+ }
5956
+ ];
5957
+ function findTenantClientInstallablePackage(packageName) {
5958
+ return TENANT_CLIENT_INSTALLABLE_PACKAGES.find(
5959
+ (entry) => entry.packageName === packageName
5960
+ );
5961
+ }
5962
+ function isTenantClientInstallablePackage(packageName) {
5963
+ return Boolean(findTenantClientInstallablePackage(packageName));
5964
+ }
5965
+ var TENANT_CLIENT_REQUIRED_SDK_NAMESPACES = [
5966
+ "bootstrap",
5967
+ "context",
5968
+ "beliefs",
5969
+ "evidence",
5970
+ "questions",
5971
+ "graph",
5972
+ "worktrees",
5973
+ "topics",
5974
+ "edges",
5975
+ "contradictions",
5976
+ "contracts",
5977
+ "graphAnalysis",
5978
+ "graphRecommendations",
5979
+ "orgGraphSearch",
5980
+ "embeddings",
5981
+ "ontologyLinks",
5982
+ "graphStateClassifier",
5983
+ "tools",
5984
+ "identity",
5985
+ "modelRuntime",
5986
+ "events",
5987
+ "jobs",
5988
+ "telemetry"
5989
+ ];
5990
+ var TENANT_CLIENT_CAPABILITIES = [
5991
+ {
5992
+ id: "identity.bootstrap_session",
5993
+ description: "Start a scoped Lucern session for a tenant principal.",
5994
+ surfaces: ["@lucern/sdk", "@lucern/mcp"],
5995
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
5996
+ },
5997
+ {
5998
+ id: "reasoning.context.compile",
5999
+ description: "Compile tenant and workspace scoped reasoning context.",
6000
+ surfaces: ["@lucern/sdk", "@lucern/react", "@lucern/mcp"],
6001
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
6002
+ },
6003
+ {
6004
+ id: "reasoning.graph.read",
6005
+ description: "Read beliefs, evidence, questions, topics, and lineage.",
6006
+ surfaces: ["@lucern/sdk", "@lucern/react", "@lucern/mcp"],
6007
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
6008
+ },
6009
+ {
6010
+ id: "reasoning.graph.write",
6011
+ description: "Create and update graph objects through authorized APIs.",
6012
+ surfaces: ["@lucern/sdk", "@lucern/mcp"],
6013
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
6014
+ },
6015
+ {
6016
+ id: "workflow.worktree_lifecycle",
6017
+ description: "Create, review, merge, and close scoped worktrees.",
6018
+ surfaces: ["@lucern/sdk", "@lucern/react", "@lucern/mcp"],
6019
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
6020
+ }
6021
+ ];
6022
+ var TENANT_CLIENT_ISOLATION_RULES = [
6023
+ {
6024
+ id: "tenant_workspace_scope_required",
6025
+ description: "Runtime operations must resolve both tenantId and workspaceId before reaching Lucern reasoning state."
6026
+ },
6027
+ {
6028
+ id: "principal_audit_required",
6029
+ description: "Runtime operations must carry principalId, authMode, and scopes for audit attribution."
6030
+ },
6031
+ {
6032
+ id: "no_private_lucern_imports",
6033
+ description: "Tenant code must not import Lucern source, Convex internals, generated adapters, or unpublished package internals."
6034
+ }
6035
+ ];
6036
+ var TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS = [
6037
+ {
6038
+ id: "deep_src_import",
6039
+ pattern: "^@lucern/[^/]+/src(?:/|$)",
6040
+ description: "Published packages must not be bypassed through src paths."
6041
+ },
6042
+ {
6043
+ id: "deep_dist_import",
6044
+ pattern: "^@lucern/[^/]+/dist(?:/|$)",
6045
+ description: "Published package exports must be used instead of dist file paths."
6046
+ },
6047
+ {
6048
+ id: "generated_adapter_import",
6049
+ pattern: "^@lucern/[^/]+/(?:adapters/)?_generated(?:/|$)",
6050
+ description: "Generated Lucern adapters are internal deployment artifacts."
6051
+ },
6052
+ {
6053
+ id: "private_runtime_import",
6054
+ pattern: "^@lucern/[^/]+/(?:internal|private)(?:/|$)",
6055
+ description: "Internal and private package subpaths are not public SDK API."
6056
+ },
6057
+ {
6058
+ id: "workspace_source_import",
6059
+ pattern: "^(?:packages|modules|services|lucern|apps)/(?:.+/)?src(?:/|$)",
6060
+ description: "Tenant clients must not import source files from the Lucern monorepo."
6061
+ },
6062
+ {
6063
+ id: "root_alias_lucern_import",
6064
+ pattern: "^@/(?:lucern|packages|modules|services|apps)(?:/|$)",
6065
+ description: "Tenant clients must not depend on Lucern repo-local path aliases."
6066
+ },
6067
+ {
6068
+ id: "relative_lucern_source_import",
6069
+ pattern: "^\\.\\.?/(?:.+/)?(?:packages|modules|services|lucern|apps)(?:/|$)",
6070
+ description: "Tenant clients must not reach back into Lucern source through relative paths."
6071
+ },
6072
+ {
6073
+ id: "monorepo_path_import",
6074
+ pattern: "lucern-repo",
6075
+ description: "Absolute imports that name the Lucern repository are not portable tenant code."
6076
+ }
6077
+ ];
6078
+ function matchesPublicImport(importPath) {
6079
+ const componentConfig = TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS.find(
6080
+ (entry) => importPath === entry.importPath
6081
+ );
6082
+ if (componentConfig) {
6083
+ return componentConfig;
6084
+ }
6085
+ return TENANT_CLIENT_PUBLIC_IMPORTS.find(
6086
+ (entry) => importPath === entry.packageName || importPath.startsWith(`${entry.packageName}/`)
6087
+ );
6088
+ }
6089
+ function matchesForbiddenPattern(importPath) {
6090
+ return TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS.find(
6091
+ (entry) => new RegExp(entry.pattern, "u").test(importPath)
6092
+ );
6093
+ }
6094
+ function classifyTenantClientImport(importPath) {
6095
+ const normalizedImportPath = importPath.trim();
6096
+ const pattern = matchesForbiddenPattern(normalizedImportPath);
6097
+ if (pattern) {
6098
+ return {
6099
+ importPath: normalizedImportPath,
6100
+ decision: "forbidden",
6101
+ pattern,
6102
+ reason: pattern.description
6103
+ };
6104
+ }
6105
+ const publicImport = matchesPublicImport(normalizedImportPath);
6106
+ if (publicImport) {
6107
+ return {
6108
+ importPath: normalizedImportPath,
6109
+ decision: "public",
6110
+ publicImport,
6111
+ reason: publicImport.description
6112
+ };
6113
+ }
6114
+ if (normalizedImportPath.startsWith("@lucern/")) {
6115
+ return {
6116
+ importPath: normalizedImportPath,
6117
+ decision: "forbidden",
6118
+ reason: "This @lucern package is not part of the tenant client public surface."
6119
+ };
6120
+ }
6121
+ if (normalizedImportPath.startsWith("./") || normalizedImportPath.startsWith("../")) {
6122
+ return {
6123
+ importPath: normalizedImportPath,
6124
+ decision: "local",
6125
+ reason: "Local tenant-owned import."
6126
+ };
6127
+ }
6128
+ return {
6129
+ importPath: normalizedImportPath,
6130
+ decision: "external",
6131
+ reason: "External dependency outside the Lucern package namespace."
6132
+ };
6133
+ }
6134
+ function isTenantClientPublicImport(importPath) {
6135
+ return classifyTenantClientImport(importPath).decision === "public";
6136
+ }
6137
+ function isTenantClientComponentConfigImport(importPath) {
6138
+ return TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS.some(
6139
+ (entry) => importPath === entry.importPath
6140
+ );
6141
+ }
6142
+ function isTenantClientAllowedImport(importPath) {
6143
+ return classifyTenantClientImport(importPath).decision === "public";
6144
+ }
6145
+ function assertTenantClientImportAllowed(importPath) {
6146
+ const classification = classifyTenantClientImport(importPath);
6147
+ if (classification.decision !== "forbidden") {
6148
+ return;
6149
+ }
6150
+ throw new Error(formatTenantClientImportViolation(classification));
6151
+ }
6152
+ function formatTenantClientImportViolation(classification) {
6153
+ const patternId = classification.pattern ? ` [${classification.pattern.id}]` : "";
6154
+ return `Tenant client import is not allowed${patternId}: ${classification.importPath}. ${classification.reason}`;
6155
+ }
6156
+
6157
+ // src/manifests/tenant-client-manifest.ts
6158
+ var TENANT_CLIENT_MANIFEST = {
6159
+ manifestVersion: "1.0.0",
6160
+ contractVersion: TENANT_CLIENT_CONTRACT_VERSION,
6161
+ auth: {
6162
+ modes: TENANT_CLIENT_AUTH_MODES,
6163
+ principalTypes: TENANT_CLIENT_PRINCIPAL_TYPES,
6164
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS,
6165
+ optionalContextFields: TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS
6166
+ },
6167
+ installToken: {
6168
+ env: TENANT_CLIENT_INSTALL_TOKEN_ENV,
6169
+ infisicalPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
6170
+ forbiddenInfisicalPaths: TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS,
6171
+ forbiddenSecretEnv: TENANT_CLIENT_FORBIDDEN_SECRET_ENV
6172
+ },
6173
+ packages: {
6174
+ installable: TENANT_CLIENT_INSTALLABLE_PACKAGES,
6175
+ directImports: TENANT_CLIENT_PUBLIC_IMPORTS,
6176
+ componentConfigImports: TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS
6177
+ },
6178
+ sdk: {
6179
+ requiredNamespaces: TENANT_CLIENT_REQUIRED_SDK_NAMESPACES
6180
+ },
6181
+ capabilities: TENANT_CLIENT_CAPABILITIES,
6182
+ isolationRules: TENANT_CLIENT_ISOLATION_RULES,
6183
+ forbiddenImportPatterns: TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS
6184
+ };
6185
+
5569
6186
  // src/projections/projection-dsl.ts
5570
6187
  function defineProjection(def) {
5571
6188
  return def;
@@ -11593,6 +12210,6 @@ var CANONICAL_WORKFLOW_DEFINITIONS = [
11593
12210
  }
11594
12211
  ];
11595
12212
 
11596
- export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GraphRefSchema, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, bigramTokenize, buildDomainEvent, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, findEdgePolicy, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, isAfterCursor, isLucernPrompt, jaccardSimilarity, lastDelegator, listBeliefsProjection, listTasksProjection, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tokenOverlapScore, tokenizeSearchText, wordOverlapScore, wordTokenize };
12213
+ export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GraphRefSchema, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TENANT_CLIENT_AUTH_MODES, TENANT_CLIENT_CAPABILITIES, TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS, TENANT_CLIENT_CONTRACT_VERSION, TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS, TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS, TENANT_CLIENT_FORBIDDEN_SECRET_ENV, TENANT_CLIENT_INSTALLABLE_PACKAGES, TENANT_CLIENT_INSTALL_TOKEN_ENV, TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH, TENANT_CLIENT_ISOLATION_RULES, TENANT_CLIENT_MANIFEST, TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS, TENANT_CLIENT_PRINCIPAL_TYPES, TENANT_CLIENT_PUBLIC_IMPORTS, TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS, TENANT_CLIENT_REQUIRED_SDK_NAMESPACES, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, assertTenantClientImportAllowed, bigramTokenize, buildDomainEvent, classifyTenantClientImport, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, findEdgePolicy, findTenantClientInstallablePackage, formatTenantClientImportViolation, getComponentBoundaryTableLayer, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, isAfterCursor, isComponentBoundaryComponentOwnedTable, isLucernPrompt, isTenantClientAllowedImport, isTenantClientComponentConfigImport, isTenantClientInstallablePackage, isTenantClientPublicImport, jaccardSimilarity, lastDelegator, listBeliefsProjection, listTasksProjection, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tokenOverlapScore, tokenizeSearchText, wordOverlapScore, wordTokenize };
11597
12214
  //# sourceMappingURL=index.js.map
11598
12215
  //# sourceMappingURL=index.js.map