@lucern/contracts 0.3.0-alpha.2 → 0.3.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/dist/component-boundary.contract.d.ts +14 -0
  2. package/dist/component-boundary.contract.js +155 -0
  3. package/dist/component-boundary.contract.js.map +1 -0
  4. package/dist/gateway.contract.d.ts +1 -0
  5. package/dist/gateway.contract.js.map +1 -1
  6. package/dist/generated/convexSchemas.js +1 -0
  7. package/dist/generated/convexSchemas.js.map +1 -1
  8. package/dist/generated/schema-manifest.json +42 -3
  9. package/dist/generated/tableOwnership.d.ts +2 -1
  10. package/dist/generated/tableOwnership.js +2 -0
  11. package/dist/generated/tableOwnership.js.map +1 -1
  12. package/dist/generated/tier-expectations.json +4 -2
  13. package/dist/index.d.ts +258 -1
  14. package/dist/index.js +618 -1
  15. package/dist/index.js.map +1 -1
  16. package/dist/mcp-gateway-boundary.contract.d.ts +181 -0
  17. package/dist/mcp-gateway-boundary.contract.js +43 -0
  18. package/dist/mcp-gateway-boundary.contract.js.map +1 -0
  19. package/dist/schemas/component-table-manifest.d.ts +2 -2
  20. package/dist/schemas/index.js +35 -0
  21. package/dist/schemas/index.js.map +1 -1
  22. package/dist/schemas/manifest.d.ts +130 -20
  23. package/dist/schemas/manifest.js +35 -0
  24. package/dist/schemas/manifest.js.map +1 -1
  25. package/dist/schemas/tables/kernel/worktree.d.ts +2 -2
  26. package/dist/schemas/tables/mc/identity.d.ts +24 -1
  27. package/dist/schemas/tables/mc/identity.js +35 -1
  28. package/dist/schemas/tables/mc/identity.js.map +1 -1
  29. package/dist/schemas/tables/mc/pack.d.ts +2 -2
  30. package/dist/tenant-client.contract.d.ts +266 -0
  31. package/dist/tenant-client.contract.js +404 -0
  32. package/dist/tenant-client.contract.js.map +1 -0
  33. package/package.json +1 -1
@@ -0,0 +1,181 @@
1
+ import { SessionPrincipalType, SessionAuthMode } from './auth.contract.js';
2
+ import './convex-admin.contract.js';
3
+
4
+ /**
5
+ * MCP gateway boundary contract
6
+ *
7
+ * Defines the target thin-client boundary for the Lucern MCP server. MCP is a
8
+ * client of the Lucern gateway, not a privileged Convex or Master Control
9
+ * process. The gateway owns tenant resolution, deploy-key access, policy, and
10
+ * session persistence.
11
+ */
12
+
13
+ declare const MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION: "2026-04-27";
14
+ declare const MCP_GATEWAY_BOOTSTRAP_ENDPOINT: "/api/platform/v1/mcp/session";
15
+ declare const MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT: "/api/platform/v1/mcp/write-policy/check";
16
+ declare const MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT: "/api/platform/v1/mcp/build-session/begin";
17
+ declare const MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT: "/api/platform/v1/mcp/contracts/evaluate-engineering";
18
+ declare const MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT: "/api/platform/v1/mcp/contracts/evaluate-research";
19
+ declare const MCP_GATEWAY_ALLOWED_CLIENT_ENV: readonly ["LUCERN_API_KEY", "LUCERN_API_BASE_URL", "LUCERN_ENVIRONMENT", "LUCERN_USER_TOKEN"];
20
+ type McpGatewayAllowedClientEnv = (typeof MCP_GATEWAY_ALLOWED_CLIENT_ENV)[number];
21
+ declare const MCP_GATEWAY_FORBIDDEN_CLIENT_ENV: readonly ["MC_CONVEX_URL", "MC_DEPLOY_KEY", "LUCERN_CONVEX_URL", "LUCERN_DEPLOY_KEY", "TENANT_CONVEX_URL", "TENANT_DEPLOY_KEY"];
22
+ type McpGatewayForbiddenClientEnv = (typeof MCP_GATEWAY_FORBIDDEN_CLIENT_ENV)[number];
23
+ declare const MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS: readonly ["tenant", "session", "permissions"];
24
+ type McpGatewayBootstrapRequiredField = (typeof MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS)[number];
25
+ type McpGatewayTenantContext = {
26
+ tenantId: string;
27
+ slug: string;
28
+ name: string;
29
+ tier: string;
30
+ methodologyPackIds: string[];
31
+ apiKeyId?: string;
32
+ };
33
+ type McpGatewaySessionContext = {
34
+ sessionType: "agent" | "user";
35
+ userId: string;
36
+ principalId: string;
37
+ principalType: SessionPrincipalType;
38
+ workspaceId?: string;
39
+ authMode: SessionAuthMode;
40
+ roles: string[];
41
+ scopes: string[];
42
+ sessionId?: string;
43
+ userEmail?: string;
44
+ expiresAt?: number;
45
+ };
46
+ type McpGatewayPermissionContext = {
47
+ allowedTools: string[] | null;
48
+ allowedTopics: string[] | null;
49
+ groupIds: string[];
50
+ permittedPackKeys: string[];
51
+ permittedToolNames: string[];
52
+ permittedTools: Array<{
53
+ toolName: string;
54
+ requiredRole?: string;
55
+ approvalGateId?: string;
56
+ isCore?: boolean;
57
+ category?: string;
58
+ }>;
59
+ };
60
+ type McpGatewayBootstrapRequest = {
61
+ transportKind?: "stdio" | "hosted";
62
+ sessionId?: string;
63
+ agentIdentity?: string;
64
+ workspaceId?: string;
65
+ };
66
+ type McpGatewayWritePolicyCheckRequest = {
67
+ topicId?: string;
68
+ role: string;
69
+ toolName: string;
70
+ };
71
+ type McpGatewayBeginBuildSessionRequest = {
72
+ worktreeId: string;
73
+ branch?: string;
74
+ branchBase?: string;
75
+ prBase?: string;
76
+ sessionMode?: string;
77
+ activateIfPlanning?: boolean;
78
+ };
79
+ type McpGatewayJsonObject = {
80
+ [key: string]: McpGatewayJsonValue | undefined;
81
+ };
82
+ type McpGatewayJsonArray = McpGatewayJsonValue[];
83
+ type McpGatewayJsonValue = null | boolean | number | string | McpGatewayJsonArray | McpGatewayJsonObject;
84
+ type McpGatewayEvaluateEngineeringContractRequest = {
85
+ beliefNodeId?: McpGatewayJsonValue;
86
+ trigger?: McpGatewayJsonValue;
87
+ testOutput?: McpGatewayJsonValue;
88
+ tscOutput?: McpGatewayJsonValue;
89
+ lintOutput?: McpGatewayJsonValue;
90
+ sentryData?: McpGatewayJsonValue;
91
+ };
92
+ type McpGatewayEvaluateResearchContractRequest = {
93
+ beliefNodeId?: McpGatewayJsonValue;
94
+ trigger?: McpGatewayJsonValue;
95
+ metricData?: McpGatewayJsonValue;
96
+ referenceCheckData?: McpGatewayJsonValue;
97
+ marketIndexData?: McpGatewayJsonValue;
98
+ temporalData?: McpGatewayJsonValue;
99
+ };
100
+ type McpGatewayContractEvaluationResponse = McpGatewayJsonObject;
101
+ type McpGatewayWritePolicyCheckResponse = {
102
+ allowed: boolean;
103
+ permission: string;
104
+ rationale?: string;
105
+ maxWritesPerSession?: number;
106
+ toolCategory?: string | null;
107
+ policy?: McpGatewayJsonObject | null;
108
+ explanation?: McpGatewayJsonObject;
109
+ reason: string;
110
+ };
111
+ type McpGatewayBootstrapResponse = {
112
+ tenant: McpGatewayTenantContext;
113
+ session: McpGatewaySessionContext;
114
+ permissions: McpGatewayPermissionContext;
115
+ };
116
+ type McpGatewayBuildSessionBelief = {
117
+ nodeId: string;
118
+ text: string;
119
+ confidence: number | null;
120
+ };
121
+ type McpGatewayBuildSessionQuestion = {
122
+ nodeId: string;
123
+ text: string;
124
+ priority: string;
125
+ };
126
+ type McpGatewayBuildSessionDecision = {
127
+ question: string;
128
+ decision: string;
129
+ };
130
+ type McpGatewayBuildSessionWorktreeSummary = {
131
+ worktreeId: string;
132
+ title: string;
133
+ status?: string;
134
+ };
135
+ type McpGatewayBeginBuildSessionResponse = {
136
+ topicId: string;
137
+ topicName: string;
138
+ worktreeId: string;
139
+ worktreeName: string;
140
+ branch: string;
141
+ branchBase: string;
142
+ prBase: string;
143
+ campaign: number | null;
144
+ lane: string;
145
+ laneOrderInCampaign: number | null;
146
+ orderInLane: number | null;
147
+ gate: string;
148
+ hypothesis: string;
149
+ focus: string;
150
+ status: string;
151
+ sessionMode: string;
152
+ targetBeliefIds: string[];
153
+ targetQuestionIds: string[];
154
+ topBeliefs: McpGatewayBuildSessionBelief[];
155
+ openQuestions: McpGatewayBuildSessionQuestion[];
156
+ resolvedDecisions: McpGatewayBuildSessionDecision[];
157
+ exitCriteria: string[];
158
+ requiredDocs: string[];
159
+ keyFiles: string[];
160
+ pillarBeliefs: Array<{
161
+ pillar: string;
162
+ text: string;
163
+ nodeId: string;
164
+ }>;
165
+ visionDocs: Array<{
166
+ path: string;
167
+ description: string;
168
+ }>;
169
+ dependencies: McpGatewayBuildSessionWorktreeSummary[];
170
+ unblocks: Array<{
171
+ worktreeId: string;
172
+ title: string;
173
+ }>;
174
+ mergeOrderNotes: string;
175
+ };
176
+ declare const MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS: readonly ["validate_mcp_session", "record_key_usage", "resolve_default_workspace", "resolve_user_context", "create_user_session", "upsert_agent_principal"];
177
+ type McpGatewayOwnedBootstrapOperation = (typeof MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS)[number];
178
+ declare const MCP_GATEWAY_CLIENT_ONLY_PACKAGES: readonly ["@lucern/sdk", "@lucern/mcp", "@lucern/contracts"];
179
+ type McpGatewayClientOnlyPackage = (typeof MCP_GATEWAY_CLIENT_ONLY_PACKAGES)[number];
180
+
181
+ export { MCP_GATEWAY_ALLOWED_CLIENT_ENV, MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT, MCP_GATEWAY_BOOTSTRAP_ENDPOINT, MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS, MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION, MCP_GATEWAY_CLIENT_ONLY_PACKAGES, MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT, MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT, MCP_GATEWAY_FORBIDDEN_CLIENT_ENV, MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS, MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT, type McpGatewayAllowedClientEnv, type McpGatewayBeginBuildSessionRequest, type McpGatewayBeginBuildSessionResponse, type McpGatewayBootstrapRequest, type McpGatewayBootstrapRequiredField, type McpGatewayBootstrapResponse, type McpGatewayBuildSessionBelief, type McpGatewayBuildSessionDecision, type McpGatewayBuildSessionQuestion, type McpGatewayBuildSessionWorktreeSummary, type McpGatewayClientOnlyPackage, type McpGatewayContractEvaluationResponse, type McpGatewayEvaluateEngineeringContractRequest, type McpGatewayEvaluateResearchContractRequest, type McpGatewayForbiddenClientEnv, type McpGatewayJsonArray, type McpGatewayJsonObject, type McpGatewayJsonValue, type McpGatewayOwnedBootstrapOperation, type McpGatewayPermissionContext, type McpGatewaySessionContext, type McpGatewayTenantContext, type McpGatewayWritePolicyCheckRequest, type McpGatewayWritePolicyCheckResponse };
@@ -0,0 +1,43 @@
1
+ // src/mcp-gateway-boundary.contract.ts
2
+ var MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION = "2026-04-27";
3
+ var MCP_GATEWAY_BOOTSTRAP_ENDPOINT = "/api/platform/v1/mcp/session";
4
+ var MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT = "/api/platform/v1/mcp/write-policy/check";
5
+ var MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT = "/api/platform/v1/mcp/build-session/begin";
6
+ var MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT = "/api/platform/v1/mcp/contracts/evaluate-engineering";
7
+ var MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT = "/api/platform/v1/mcp/contracts/evaluate-research";
8
+ var MCP_GATEWAY_ALLOWED_CLIENT_ENV = [
9
+ "LUCERN_API_KEY",
10
+ "LUCERN_API_BASE_URL",
11
+ "LUCERN_ENVIRONMENT",
12
+ "LUCERN_USER_TOKEN"
13
+ ];
14
+ var MCP_GATEWAY_FORBIDDEN_CLIENT_ENV = [
15
+ "MC_CONVEX_URL",
16
+ "MC_DEPLOY_KEY",
17
+ "LUCERN_CONVEX_URL",
18
+ "LUCERN_DEPLOY_KEY",
19
+ "TENANT_CONVEX_URL",
20
+ "TENANT_DEPLOY_KEY"
21
+ ];
22
+ var MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS = [
23
+ "tenant",
24
+ "session",
25
+ "permissions"
26
+ ];
27
+ var MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS = [
28
+ "validate_mcp_session",
29
+ "record_key_usage",
30
+ "resolve_default_workspace",
31
+ "resolve_user_context",
32
+ "create_user_session",
33
+ "upsert_agent_principal"
34
+ ];
35
+ var MCP_GATEWAY_CLIENT_ONLY_PACKAGES = [
36
+ "@lucern/sdk",
37
+ "@lucern/mcp",
38
+ "@lucern/contracts"
39
+ ];
40
+
41
+ export { MCP_GATEWAY_ALLOWED_CLIENT_ENV, MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT, MCP_GATEWAY_BOOTSTRAP_ENDPOINT, MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS, MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION, MCP_GATEWAY_CLIENT_ONLY_PACKAGES, MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT, MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT, MCP_GATEWAY_FORBIDDEN_CLIENT_ENV, MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS, MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT };
42
+ //# sourceMappingURL=mcp-gateway-boundary.contract.js.map
43
+ //# sourceMappingURL=mcp-gateway-boundary.contract.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/mcp-gateway-boundary.contract.ts"],"names":[],"mappings":";AAcO,IAAM,qCAAA,GAAwC;AAE9C,IAAM,8BAAA,GACX;AAEK,IAAM,uCAAA,GACX;AAEK,IAAM,wCAAA,GACX;AAEK,IAAM,kDAAA,GACX;AAEK,IAAM,+CAAA,GACX;AAEK,IAAM,8BAAA,GAAiC;AAAA,EAC5C,gBAAA;AAAA,EACA,qBAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF;AAIO,IAAM,gCAAA,GAAmC;AAAA,EAC9C,eAAA;AAAA,EACA,eAAA;AAAA,EACA,mBAAA;AAAA,EACA,mBAAA;AAAA,EACA,mBAAA;AAAA,EACA;AACF;AAIO,IAAM,qCAAA,GAAwC;AAAA,EACnD,QAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AAoLO,IAAM,sCAAA,GAAyC;AAAA,EACpD,sBAAA;AAAA,EACA,kBAAA;AAAA,EACA,2BAAA;AAAA,EACA,sBAAA;AAAA,EACA,qBAAA;AAAA,EACA;AACF;AAIO,IAAM,gCAAA,GAAmC;AAAA,EAC9C,aAAA;AAAA,EACA,aAAA;AAAA,EACA;AACF","file":"mcp-gateway-boundary.contract.js","sourcesContent":["/**\n * MCP gateway boundary contract\n *\n * Defines the target thin-client boundary for the Lucern MCP server. MCP is a\n * client of the Lucern gateway, not a privileged Convex or Master Control\n * process. The gateway owns tenant resolution, deploy-key access, policy, and\n * session persistence.\n */\n\nimport type {\n SessionAuthMode,\n SessionPrincipalType,\n} from \"./auth.contract\";\n\nexport const MCP_GATEWAY_BOUNDARY_CONTRACT_VERSION = \"2026-04-27\" as const;\n\nexport const MCP_GATEWAY_BOOTSTRAP_ENDPOINT =\n \"/api/platform/v1/mcp/session\" as const;\n\nexport const MCP_GATEWAY_WRITE_POLICY_CHECK_ENDPOINT =\n \"/api/platform/v1/mcp/write-policy/check\" as const;\n\nexport const MCP_GATEWAY_BEGIN_BUILD_SESSION_ENDPOINT =\n \"/api/platform/v1/mcp/build-session/begin\" as const;\n\nexport const MCP_GATEWAY_EVALUATE_ENGINEERING_CONTRACT_ENDPOINT =\n \"/api/platform/v1/mcp/contracts/evaluate-engineering\" as const;\n\nexport const MCP_GATEWAY_EVALUATE_RESEARCH_CONTRACT_ENDPOINT =\n \"/api/platform/v1/mcp/contracts/evaluate-research\" as const;\n\nexport const MCP_GATEWAY_ALLOWED_CLIENT_ENV = [\n \"LUCERN_API_KEY\",\n \"LUCERN_API_BASE_URL\",\n \"LUCERN_ENVIRONMENT\",\n \"LUCERN_USER_TOKEN\",\n] as const;\nexport type McpGatewayAllowedClientEnv =\n (typeof MCP_GATEWAY_ALLOWED_CLIENT_ENV)[number];\n\nexport const MCP_GATEWAY_FORBIDDEN_CLIENT_ENV = [\n \"MC_CONVEX_URL\",\n \"MC_DEPLOY_KEY\",\n \"LUCERN_CONVEX_URL\",\n \"LUCERN_DEPLOY_KEY\",\n \"TENANT_CONVEX_URL\",\n \"TENANT_DEPLOY_KEY\",\n] as const;\nexport type McpGatewayForbiddenClientEnv =\n (typeof MCP_GATEWAY_FORBIDDEN_CLIENT_ENV)[number];\n\nexport const MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS = [\n \"tenant\",\n \"session\",\n \"permissions\",\n] as const;\nexport type McpGatewayBootstrapRequiredField =\n (typeof MCP_GATEWAY_BOOTSTRAP_REQUIRED_FIELDS)[number];\n\nexport type McpGatewayTenantContext = {\n tenantId: string;\n slug: string;\n name: string;\n tier: string;\n methodologyPackIds: string[];\n apiKeyId?: string;\n};\n\nexport type McpGatewaySessionContext = {\n sessionType: \"agent\" | \"user\";\n userId: string;\n principalId: string;\n principalType: SessionPrincipalType;\n workspaceId?: string;\n authMode: SessionAuthMode;\n roles: string[];\n scopes: string[];\n sessionId?: string;\n userEmail?: string;\n expiresAt?: number;\n};\n\nexport type McpGatewayPermissionContext = {\n allowedTools: string[] | null;\n allowedTopics: string[] | null;\n groupIds: string[];\n permittedPackKeys: string[];\n permittedToolNames: string[];\n permittedTools: Array<{\n toolName: string;\n requiredRole?: string;\n approvalGateId?: string;\n isCore?: boolean;\n category?: string;\n }>;\n};\n\nexport type McpGatewayBootstrapRequest = {\n transportKind?: \"stdio\" | \"hosted\";\n sessionId?: string;\n agentIdentity?: string;\n workspaceId?: string;\n};\n\nexport type McpGatewayWritePolicyCheckRequest = {\n topicId?: string;\n role: string;\n toolName: string;\n};\n\nexport type McpGatewayBeginBuildSessionRequest = {\n worktreeId: string;\n branch?: string;\n branchBase?: string;\n prBase?: string;\n sessionMode?: string;\n activateIfPlanning?: boolean;\n};\n\nexport type McpGatewayJsonObject = {\n [key: string]: McpGatewayJsonValue | undefined;\n};\n\nexport type McpGatewayJsonArray = McpGatewayJsonValue[];\n\nexport type McpGatewayJsonValue =\n | null\n | boolean\n | number\n | string\n | McpGatewayJsonArray\n | McpGatewayJsonObject;\n\nexport type McpGatewayEvaluateEngineeringContractRequest = {\n beliefNodeId?: McpGatewayJsonValue;\n trigger?: McpGatewayJsonValue;\n testOutput?: McpGatewayJsonValue;\n tscOutput?: McpGatewayJsonValue;\n lintOutput?: McpGatewayJsonValue;\n sentryData?: McpGatewayJsonValue;\n};\n\nexport type McpGatewayEvaluateResearchContractRequest = {\n beliefNodeId?: McpGatewayJsonValue;\n trigger?: McpGatewayJsonValue;\n metricData?: McpGatewayJsonValue;\n referenceCheckData?: McpGatewayJsonValue;\n marketIndexData?: McpGatewayJsonValue;\n temporalData?: McpGatewayJsonValue;\n};\n\nexport type McpGatewayContractEvaluationResponse = McpGatewayJsonObject;\n\nexport type McpGatewayWritePolicyCheckResponse = {\n allowed: boolean;\n permission: string;\n rationale?: string;\n maxWritesPerSession?: number;\n toolCategory?: string | null;\n policy?: McpGatewayJsonObject | null;\n explanation?: McpGatewayJsonObject;\n reason: string;\n};\n\nexport type McpGatewayBootstrapResponse = {\n tenant: McpGatewayTenantContext;\n session: McpGatewaySessionContext;\n permissions: McpGatewayPermissionContext;\n};\n\nexport type McpGatewayBuildSessionBelief = {\n nodeId: string;\n text: string;\n confidence: number | null;\n};\n\nexport type McpGatewayBuildSessionQuestion = {\n nodeId: string;\n text: string;\n priority: string;\n};\n\nexport type McpGatewayBuildSessionDecision = {\n question: string;\n decision: string;\n};\n\nexport type McpGatewayBuildSessionWorktreeSummary = {\n worktreeId: string;\n title: string;\n status?: string;\n};\n\nexport type McpGatewayBeginBuildSessionResponse = {\n topicId: string;\n topicName: string;\n worktreeId: string;\n worktreeName: string;\n branch: string;\n branchBase: string;\n prBase: string;\n campaign: number | null;\n lane: string;\n laneOrderInCampaign: number | null;\n orderInLane: number | null;\n gate: string;\n hypothesis: string;\n focus: string;\n status: string;\n sessionMode: string;\n targetBeliefIds: string[];\n targetQuestionIds: string[];\n topBeliefs: McpGatewayBuildSessionBelief[];\n openQuestions: McpGatewayBuildSessionQuestion[];\n resolvedDecisions: McpGatewayBuildSessionDecision[];\n exitCriteria: string[];\n requiredDocs: string[];\n keyFiles: string[];\n pillarBeliefs: Array<{\n pillar: string;\n text: string;\n nodeId: string;\n }>;\n visionDocs: Array<{\n path: string;\n description: string;\n }>;\n dependencies: McpGatewayBuildSessionWorktreeSummary[];\n unblocks: Array<{\n worktreeId: string;\n title: string;\n }>;\n mergeOrderNotes: string;\n};\n\nexport const MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS = [\n \"validate_mcp_session\",\n \"record_key_usage\",\n \"resolve_default_workspace\",\n \"resolve_user_context\",\n \"create_user_session\",\n \"upsert_agent_principal\",\n] as const;\nexport type McpGatewayOwnedBootstrapOperation =\n (typeof MCP_GATEWAY_OWNED_BOOTSTRAP_OPERATIONS)[number];\n\nexport const MCP_GATEWAY_CLIENT_ONLY_PACKAGES = [\n \"@lucern/sdk\",\n \"@lucern/mcp\",\n \"@lucern/contracts\",\n] as const;\nexport type McpGatewayClientOnlyPackage =\n (typeof MCP_GATEWAY_CLIENT_ONLY_PACKAGES)[number];\n"]}
@@ -41,7 +41,7 @@ declare const ComponentTableManifestSchema: z.ZodObject<{
41
41
  }[];
42
42
  }>, "many">;
43
43
  }, "strip", z.ZodTypeAny, {
44
- tier: "K" | "I";
44
+ tier: "I" | "K";
45
45
  manifestVersion: string;
46
46
  componentName: "kernel" | "identity";
47
47
  packageVersion: string;
@@ -55,7 +55,7 @@ declare const ComponentTableManifestSchema: z.ZodObject<{
55
55
  }[];
56
56
  }[];
57
57
  }, {
58
- tier: "K" | "I";
58
+ tier: "I" | "K";
59
59
  manifestVersion: string;
60
60
  componentName: "kernel" | "identity";
61
61
  packageVersion: string;
@@ -1848,6 +1848,40 @@ var rateLimitWindows = defineTable({
1848
1848
  { kind: "index", name: "by_tier_window_end", columns: ["tier", "windowEndMs"] }
1849
1849
  ]
1850
1850
  });
1851
+ var oauthDeviceCodes = defineTable({
1852
+ name: "oauthDeviceCodes",
1853
+ component: "mc",
1854
+ category: "identity",
1855
+ shape: z.object({
1856
+ "deviceCodeHash": z.string(),
1857
+ "userCode": z.string(),
1858
+ "clientId": z.string(),
1859
+ "scope": z.string(),
1860
+ "status": z.enum(["pending", "approved", "denied", "expired", "consumed"]),
1861
+ "expiresAt": z.number(),
1862
+ "intervalSeconds": z.number(),
1863
+ "lastPolledAt": z.number().optional(),
1864
+ "slowDownCount": z.number().optional(),
1865
+ "clerkUserId": z.string().optional(),
1866
+ "tenantId": idOf("tenants").optional(),
1867
+ "workspaceId": z.string().optional(),
1868
+ "principalId": z.string().optional(),
1869
+ "role": z.string().optional(),
1870
+ "scopes": z.array(z.string()).optional(),
1871
+ "sessionId": z.string().optional(),
1872
+ "approvedAt": z.number().optional(),
1873
+ "deniedAt": z.number().optional(),
1874
+ "consumedAt": z.number().optional(),
1875
+ "createdAt": z.number(),
1876
+ "updatedAt": z.number()
1877
+ }),
1878
+ indices: [
1879
+ { kind: "index", name: "by_deviceCodeHash", columns: ["deviceCodeHash"] },
1880
+ { kind: "index", name: "by_userCode", columns: ["userCode"] },
1881
+ { kind: "index", name: "by_status_expiresAt", columns: ["status", "expiresAt"] },
1882
+ { kind: "index", name: "by_sessionId", columns: ["sessionId"] }
1883
+ ]
1884
+ });
1851
1885
  var servicePrincipalKeys = defineTable({
1852
1886
  name: "servicePrincipalKeys",
1853
1887
  component: "mc",
@@ -4212,6 +4246,7 @@ var MC_TABLE_CONTRACTS = [
4212
4246
  groupMemberships,
4213
4247
  groups,
4214
4248
  memberships,
4249
+ oauthDeviceCodes,
4215
4250
  principals,
4216
4251
  rateLimitWindows,
4217
4252
  servicePrincipalKeys,