@lucern/contracts 0.3.0-alpha.2 → 0.3.0-alpha.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/component-boundary.contract.d.ts +14 -0
- package/dist/component-boundary.contract.js +155 -0
- package/dist/component-boundary.contract.js.map +1 -0
- package/dist/component-host-boundary.contract.d.ts +41 -0
- package/dist/component-host-boundary.contract.js +54 -0
- package/dist/component-host-boundary.contract.js.map +1 -0
- package/dist/function-registry/beliefs.d.ts +41 -41
- package/dist/function-registry/beliefs.js +202 -8
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.js +187 -8
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.d.ts +13 -13
- package/dist/function-registry/context.js +187 -9
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.js +158 -5
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.js +158 -5
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.js +169 -6
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.d.ts +33 -33
- package/dist/function-registry/evidence.js +202 -9
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.d.ts +53 -53
- package/dist/function-registry/graph.js +217 -12
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.d.ts +1 -1
- package/dist/function-registry/helpers.js +158 -5
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.js +158 -5
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.d.ts +1 -1
- package/dist/function-registry/index.js +158 -5
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.d.ts +9 -9
- package/dist/function-registry/judgments.js +170 -8
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.js +158 -5
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.d.ts +17 -17
- package/dist/function-registry/lenses.js +181 -8
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/manifest.d.ts +3 -3
- package/dist/function-registry/manifest.js +1 -1
- package/dist/function-registry/manifest.js.map +1 -1
- package/dist/function-registry/ontologies.d.ts +45 -45
- package/dist/function-registry/ontologies.js +176 -11
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.d.ts +13 -13
- package/dist/function-registry/pipeline.js +167 -8
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.d.ts +49 -49
- package/dist/function-registry/questions.js +255 -13
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.js +158 -5
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.d.ts +21 -21
- package/dist/function-registry/topics.js +172 -8
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/types.d.ts +1 -1
- package/dist/function-registry/worktrees.d.ts +80 -41
- package/dist/function-registry/worktrees.js +292 -17
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/function-registry-input-audit.d.ts +13 -0
- package/dist/function-registry-input-audit.js +164 -0
- package/dist/function-registry-input-audit.js.map +1 -0
- package/dist/gateway.contract.d.ts +2 -0
- package/dist/gateway.contract.js.map +1 -1
- package/dist/generated/convexSchemas.js +2 -1
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/schema-manifest.json +42 -3
- package/dist/generated/tableOwnership.d.ts +2 -1
- package/dist/generated/tableOwnership.js +2 -0
- package/dist/generated/tableOwnership.js.map +1 -1
- package/dist/generated/tier-expectations.json +4 -2
- package/dist/index.d.ts +445 -35
- package/dist/index.js +1987 -17
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +174 -0
- package/dist/infisical-runtime.contract.js +192 -0
- package/dist/infisical-runtime.contract.js.map +1 -0
- package/dist/mcp-gateway-boundary.contract.d.ts +181 -0
- package/dist/mcp-gateway-boundary.contract.js +43 -0
- package/dist/mcp-gateway-boundary.contract.js.map +1 -0
- package/dist/schemas/component-table-manifest.d.ts +2 -2
- package/dist/schemas/index.js +38 -1
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +1050 -910
- package/dist/schemas/manifest.js +38 -1
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/sl-opinion.d.ts +4 -4
- package/dist/schemas/tables/identity/platform.d.ts +10 -10
- package/dist/schemas/tables/kernel/epistemic.d.ts +6 -6
- package/dist/schemas/tables/kernel/infra.d.ts +4 -4
- package/dist/schemas/tables/kernel/intelligence.d.ts +10 -10
- package/dist/schemas/tables/kernel/lens.d.ts +4 -4
- package/dist/schemas/tables/kernel/platform.d.ts +12 -12
- package/dist/schemas/tables/kernel/spine.d.ts +2 -2
- package/dist/schemas/tables/kernel/task.d.ts +42 -42
- package/dist/schemas/tables/kernel/worktree.d.ts +62 -62
- package/dist/schemas/tables/mc/identity.d.ts +26 -3
- package/dist/schemas/tables/mc/identity.js +35 -1
- package/dist/schemas/tables/mc/identity.js.map +1 -1
- package/dist/schemas/tables/mc/pack.d.ts +20 -20
- package/dist/schemas/tables/mc/registry.d.ts +4 -4
- package/dist/schemas/tables/mc/workspace.d.ts +9 -3
- package/dist/schemas/tables/mc/workspace.js +3 -1
- package/dist/schemas/tables/mc/workspace.js.map +1 -1
- package/dist/sdk-methods.contract.d.ts +1 -1
- package/dist/{sdk-tools.contract-S4ia0TTo.d.ts → sdk-tools.contract-CD-N1Jf7.d.ts} +1 -1
- package/dist/sdk-tools.contract.d.ts +2 -2
- package/dist/sdk-tools.contract.js +157 -4
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.contract.d.ts +1097 -0
- package/dist/tenant-bootstrap-seed.contract.js +651 -0
- package/dist/tenant-bootstrap-seed.contract.js.map +1 -0
- package/dist/tenant-bootstrap-seed.defaults.d.ts +16 -0
- package/dist/tenant-bootstrap-seed.defaults.js +303 -0
- package/dist/tenant-bootstrap-seed.defaults.js.map +1 -0
- package/dist/tenant-client.contract.d.ts +266 -0
- package/dist/tenant-client.contract.js +404 -0
- package/dist/tenant-client.contract.js.map +1 -0
- package/dist/{tool-contracts-C92-9ueT.d.ts → tool-contracts-BcKz-VGj.d.ts} +4 -2
- package/dist/tool-contracts.d.ts +1 -1
- package/dist/tool-contracts.js +158 -5
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { TableOwnershipLayer, TABLE_OWNERSHIP } from './generated/tableOwnership.js';
|
|
2
|
+
|
|
3
|
+
declare const COMPONENT_BOUNDARY_CONTRACT_VERSION: "2026-04-27";
|
|
4
|
+
declare const COMPONENT_BOUNDARY_COMPONENT_LAYERS: readonly ["I", "K"];
|
|
5
|
+
type ComponentBoundaryComponentLayer = (typeof COMPONENT_BOUNDARY_COMPONENT_LAYERS)[number];
|
|
6
|
+
declare const COMPONENT_BOUNDARY_DIRECT_DB_METHODS: readonly ["insert", "patch", "replace", "delete", "query"];
|
|
7
|
+
type ComponentBoundaryDirectDbMethod = (typeof COMPONENT_BOUNDARY_DIRECT_DB_METHODS)[number];
|
|
8
|
+
declare const COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS: readonly ["services", "apps", "convex"];
|
|
9
|
+
declare const COMPONENT_BOUNDARY_HIGH_RISK_TABLES: readonly ["backgroundJobRuns", "backgroundJobSettings", "systemLogs", "epistemicAudit", "platformPolicyDecisionLogs", "tenantApiKeys", "projectGrants", "userSessions"];
|
|
10
|
+
type ComponentBoundaryHighRiskTable = (typeof COMPONENT_BOUNDARY_HIGH_RISK_TABLES)[number];
|
|
11
|
+
declare function getComponentBoundaryTableLayer(tableName: string): TableOwnershipLayer | undefined;
|
|
12
|
+
declare function isComponentBoundaryComponentOwnedTable(tableName: string): tableName is keyof typeof TABLE_OWNERSHIP;
|
|
13
|
+
|
|
14
|
+
export { COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, type ComponentBoundaryComponentLayer, type ComponentBoundaryDirectDbMethod, type ComponentBoundaryHighRiskTable, getComponentBoundaryTableLayer, isComponentBoundaryComponentOwnedTable };
|
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
// src/generated/tableOwnership.ts
|
|
2
|
+
var TABLE_OWNERSHIP = {
|
|
3
|
+
"agentMessages": "K",
|
|
4
|
+
"agentRegistryEntries": "L",
|
|
5
|
+
"agents": "I",
|
|
6
|
+
"agentSessions": "K",
|
|
7
|
+
"apiKeys": "L",
|
|
8
|
+
"auditLog": "L",
|
|
9
|
+
"autofixJobs": "K",
|
|
10
|
+
"backgroundJobRuns": "K",
|
|
11
|
+
"backgroundJobSettings": "K",
|
|
12
|
+
"beliefConfidence": "K",
|
|
13
|
+
"beliefEvidenceLinks": "K",
|
|
14
|
+
"beliefHistory": "K",
|
|
15
|
+
"beliefScenarios": "K",
|
|
16
|
+
"beliefVotes": "K",
|
|
17
|
+
"calibrationScores": "K",
|
|
18
|
+
"compatibilityShims": "L",
|
|
19
|
+
"contractEvaluations": "K",
|
|
20
|
+
"contradictions": "K",
|
|
21
|
+
"controlPlaneTenantModelSlotBindings": "L",
|
|
22
|
+
"controlPlaneTenantProviderSecrets": "L",
|
|
23
|
+
"controlPlaneTenantProxyGatewayUsage": "L",
|
|
24
|
+
"controlPlaneToolAcls": "L",
|
|
25
|
+
"crossProjectConnections": "K",
|
|
26
|
+
"cutoverFlags": "L",
|
|
27
|
+
"decisionComputedSummaries": "K",
|
|
28
|
+
"decisionEvents": "K",
|
|
29
|
+
"decisionParticipants": "K",
|
|
30
|
+
"decisionRiskLedger": "K",
|
|
31
|
+
"decisionSnapshots": "K",
|
|
32
|
+
"deliberationContributions": "K",
|
|
33
|
+
"deliberationSessions": "K",
|
|
34
|
+
"epistemicAudit": "K",
|
|
35
|
+
"epistemicContracts": "K",
|
|
36
|
+
"epistemicEdges": "K",
|
|
37
|
+
"epistemicNodeEmbeddings": "K",
|
|
38
|
+
"epistemicNodes": "K",
|
|
39
|
+
"graphAnalysisCache": "K",
|
|
40
|
+
"graphAnalysisResults": "K",
|
|
41
|
+
"graphSuggestions": "K",
|
|
42
|
+
"groupMemberships": "L",
|
|
43
|
+
"groups": "L",
|
|
44
|
+
"harnessReplays": "K",
|
|
45
|
+
"harnessRuns": "K",
|
|
46
|
+
"idempotencyTokens": "K",
|
|
47
|
+
"lenses": "K",
|
|
48
|
+
"lensTopicBindings": "K",
|
|
49
|
+
"mcpWritePolicy": "I",
|
|
50
|
+
"memberships": "L",
|
|
51
|
+
"methodologyPacks": "L",
|
|
52
|
+
"modelCallLogs": "I",
|
|
53
|
+
"modelFunctionSlots": "I",
|
|
54
|
+
"modelRegistry": "I",
|
|
55
|
+
"modelSlotConfigs": "I",
|
|
56
|
+
"neo4jSyncQueue": "K",
|
|
57
|
+
"oauthDeviceCodes": "L",
|
|
58
|
+
"ontologyDefinitions": "K",
|
|
59
|
+
"ontologyVersions": "K",
|
|
60
|
+
"packAssignments": "L",
|
|
61
|
+
"packDefinitions": "L",
|
|
62
|
+
"packEntitlements": "L",
|
|
63
|
+
"packGroupAssignments": "L",
|
|
64
|
+
"packInstallations": "L",
|
|
65
|
+
"packVersions": "L",
|
|
66
|
+
"platformAgentRunPolicyDecisions": "K",
|
|
67
|
+
"platformAgentRunPromptResolutions": "K",
|
|
68
|
+
"platformAgentRuns": "K",
|
|
69
|
+
"platformAgentRunToolCalls": "K",
|
|
70
|
+
"platformAudienceGrants": "I",
|
|
71
|
+
"platformAudiences": "I",
|
|
72
|
+
"platformHarnessShadowAudit": "K",
|
|
73
|
+
"platformPolicyDecisionLogs": "I",
|
|
74
|
+
"policyBundles": "L",
|
|
75
|
+
"policyDecisionLogs": "L",
|
|
76
|
+
"policySimulations": "L",
|
|
77
|
+
"principals": "L",
|
|
78
|
+
"projectGrants": "I",
|
|
79
|
+
"publicationRules": "K",
|
|
80
|
+
"questionEvidenceLinks": "K",
|
|
81
|
+
"rateLimitWindows": "L",
|
|
82
|
+
"reasoningPermissions": "I",
|
|
83
|
+
"researchJobs": "K",
|
|
84
|
+
"schemaEnumConfig": "K",
|
|
85
|
+
"servicePrincipalKeys": "L",
|
|
86
|
+
"stakeholderGroups": "K",
|
|
87
|
+
"systemLogs": "K",
|
|
88
|
+
"tasks": "K",
|
|
89
|
+
"tenantApiKeys": "I",
|
|
90
|
+
"tenantConfig": "I",
|
|
91
|
+
"tenantDeploymentCredentials": "L",
|
|
92
|
+
"tenantIntegrations": "I",
|
|
93
|
+
"tenantMethodologyAssignments": "L",
|
|
94
|
+
"tenantModelSlotBindings": "I",
|
|
95
|
+
"tenantPolicies": "I",
|
|
96
|
+
"tenantProviderSecrets": "I",
|
|
97
|
+
"tenantProxyGatewayUsage": "I",
|
|
98
|
+
"tenantProxyTokenMints": "I",
|
|
99
|
+
"tenants": "L",
|
|
100
|
+
"tenantSandboxAuditEvents": "I",
|
|
101
|
+
"tenantSecrets": "I",
|
|
102
|
+
"toolAcls": "I",
|
|
103
|
+
"toolCatalog": "L",
|
|
104
|
+
"toolRegistry": "I",
|
|
105
|
+
"toolRegistryEntries": "L",
|
|
106
|
+
"topics": "K",
|
|
107
|
+
"users": "I",
|
|
108
|
+
"userSessions": "L",
|
|
109
|
+
"workflowDefinitions": "K",
|
|
110
|
+
"workflowPullRequests": "K",
|
|
111
|
+
"workflowStages": "K",
|
|
112
|
+
"workspaces": "L",
|
|
113
|
+
"worktreeBeliefCluster": "K",
|
|
114
|
+
"worktrees": "K"
|
|
115
|
+
};
|
|
116
|
+
|
|
117
|
+
// src/component-boundary.contract.ts
|
|
118
|
+
var COMPONENT_BOUNDARY_CONTRACT_VERSION = "2026-04-27";
|
|
119
|
+
var COMPONENT_BOUNDARY_COMPONENT_LAYERS = [
|
|
120
|
+
"I",
|
|
121
|
+
"K"
|
|
122
|
+
];
|
|
123
|
+
var COMPONENT_BOUNDARY_DIRECT_DB_METHODS = [
|
|
124
|
+
"insert",
|
|
125
|
+
"patch",
|
|
126
|
+
"replace",
|
|
127
|
+
"delete",
|
|
128
|
+
"query"
|
|
129
|
+
];
|
|
130
|
+
var COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS = [
|
|
131
|
+
"services",
|
|
132
|
+
"apps",
|
|
133
|
+
"convex"
|
|
134
|
+
];
|
|
135
|
+
var COMPONENT_BOUNDARY_HIGH_RISK_TABLES = [
|
|
136
|
+
"backgroundJobRuns",
|
|
137
|
+
"backgroundJobSettings",
|
|
138
|
+
"systemLogs",
|
|
139
|
+
"epistemicAudit",
|
|
140
|
+
"platformPolicyDecisionLogs",
|
|
141
|
+
"tenantApiKeys",
|
|
142
|
+
"projectGrants",
|
|
143
|
+
"userSessions"
|
|
144
|
+
];
|
|
145
|
+
function getComponentBoundaryTableLayer(tableName) {
|
|
146
|
+
return TABLE_OWNERSHIP[tableName];
|
|
147
|
+
}
|
|
148
|
+
function isComponentBoundaryComponentOwnedTable(tableName) {
|
|
149
|
+
const layer = getComponentBoundaryTableLayer(tableName);
|
|
150
|
+
return layer === "I" || layer === "K";
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
export { COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, getComponentBoundaryTableLayer, isComponentBoundaryComponentOwnedTable };
|
|
154
|
+
//# sourceMappingURL=component-boundary.contract.js.map
|
|
155
|
+
//# sourceMappingURL=component-boundary.contract.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/generated/tableOwnership.ts","../src/component-boundary.contract.ts"],"names":[],"mappings":";AA+HO,IAAM,eAAA,GAAkB;AAAA,EAC7B,eAAA,EAAiB,GAAA;AAAA,EACjB,sBAAA,EAAwB,GAAA;AAAA,EACxB,QAAA,EAAU,GAAA;AAAA,EACV,eAAA,EAAiB,GAAA;AAAA,EACjB,SAAA,EAAW,GAAA;AAAA,EACX,UAAA,EAAY,GAAA;AAAA,EACZ,aAAA,EAAe,GAAA;AAAA,EACf,mBAAA,EAAqB,GAAA;AAAA,EACrB,uBAAA,EAAyB,GAAA;AAAA,EACzB,kBAAA,EAAoB,GAAA;AAAA,EACpB,qBAAA,EAAuB,GAAA;AAAA,EACvB,eAAA,EAAiB,GAAA;AAAA,EACjB,iBAAA,EAAmB,GAAA;AAAA,EACnB,aAAA,EAAe,GAAA;AAAA,EACf,mBAAA,EAAqB,GAAA;AAAA,EACrB,oBAAA,EAAsB,GAAA;AAAA,EACtB,qBAAA,EAAuB,GAAA;AAAA,EACvB,gBAAA,EAAkB,GAAA;AAAA,EAClB,qCAAA,EAAuC,GAAA;AAAA,EACvC,mCAAA,EAAqC,GAAA;AAAA,EACrC,qCAAA,EAAuC,GAAA;AAAA,EACvC,sBAAA,EAAwB,GAAA;AAAA,EACxB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,cAAA,EAAgB,GAAA;AAAA,EAChB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,gBAAA,EAAkB,GAAA;AAAA,EAClB,sBAAA,EAAwB,GAAA;AAAA,EACxB,oBAAA,EAAsB,GAAA;AAAA,EACtB,mBAAA,EAAqB,GAAA;AAAA,EACrB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,sBAAA,EAAwB,GAAA;AAAA,EACxB,gBAAA,EAAkB,GAAA;AAAA,EAClB,oBAAA,EAAsB,GAAA;AAAA,EACtB,gBAAA,EAAkB,GAAA;AAAA,EAClB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,gBAAA,EAAkB,GAAA;AAAA,EAClB,oBAAA,EAAsB,GAAA;AAAA,EACtB,sBAAA,EAAwB,GAAA;AAAA,EACxB,kBAAA,EAAoB,GAAA;AAAA,EACpB,kBAAA,EAAoB,GAAA;AAAA,EACpB,QAAA,EAAU,GAAA;AAAA,EACV,gBAAA,EAAkB,GAAA;AAAA,EAClB,aAAA,EAAe,GAAA;AAAA,EACf,mBAAA,EAAqB,GAAA;AAAA,EACrB,QAAA,EAAU,GAAA;AAAA,EACV,mBAAA,EAAqB,GAAA;AAAA,EACrB,gBAAA,EAAkB,GAAA;AAAA,EAClB,aAAA,EAAe,GAAA;AAAA,EACf,kBAAA,EAAoB,GAAA;AAAA,EACpB,eAAA,EAAiB,GAAA;AAAA,EACjB,oBAAA,EAAsB,GAAA;AAAA,EACtB,eAAA,EAAiB,GAAA;AAAA,EACjB,kBAAA,EAAoB,GAAA;AAAA,EACpB,gBAAA,EAAkB,GAAA;AAAA,EAClB,kBAAA,EAAoB,GAAA;AAAA,EACpB,qBAAA,EAAuB,GAAA;AAAA,EACvB,kBAAA,EAAoB,GAAA;AAAA,EACpB,iBAAA,EAAmB,GAAA;AAAA,EACnB,iBAAA,EAAmB,GAAA;AAAA,EACnB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,mBAAA,EAAqB,GAAA;AAAA,EACrB,cAAA,EAAgB,GAAA;AAAA,EAChB,iCAAA,EAAmC,GAAA;AAAA,EACnC,mCAAA,EAAqC,GAAA;AAAA,EACrC,mBAAA,EAAqB,GAAA;AAAA,EACrB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,wBAAA,EAA0B,GAAA;AAAA,EAC1B,mBAAA,EAAqB,GAAA;AAAA,EACrB,4BAAA,EAA8B,GAAA;AAAA,EAC9B,4BAAA,EAA8B,GAAA;AAAA,EAC9B,eAAA,EAAiB,GAAA;AAAA,EACjB,oBAAA,EAAsB,GAAA;AAAA,EACtB,mBAAA,EAAqB,GAAA;AAAA,EACrB,YAAA,EAAc,GAAA;AAAA,EACd,eAAA,EAAiB,GAAA;AAAA,EACjB,kBAAA,EAAoB,GAAA;AAAA,EACpB,uBAAA,EAAyB,GAAA;AAAA,EACzB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,cAAA,EAAgB,GAAA;AAAA,EAChB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,mBAAA,EAAqB,GAAA;AAAA,EACrB,YAAA,EAAc,GAAA;AAAA,EACd,OAAA,EAAS,GAAA;AAAA,EACT,eAAA,EAAiB,GAAA;AAAA,EACjB,cAAA,EAAgB,GAAA;AAAA,EAChB,6BAAA,EAA+B,GAAA;AAAA,EAC/B,oBAAA,EAAsB,GAAA;AAAA,EACtB,8BAAA,EAAgC,GAAA;AAAA,EAChC,yBAAA,EAA2B,GAAA;AAAA,EAC3B,gBAAA,EAAkB,GAAA;AAAA,EAClB,uBAAA,EAAyB,GAAA;AAAA,EACzB,yBAAA,EAA2B,GAAA;AAAA,EAC3B,uBAAA,EAAyB,GAAA;AAAA,EACzB,SAAA,EAAW,GAAA;AAAA,EACX,0BAAA,EAA4B,GAAA;AAAA,EAC5B,eAAA,EAAiB,GAAA;AAAA,EACjB,UAAA,EAAY,GAAA;AAAA,EACZ,aAAA,EAAe,GAAA;AAAA,EACf,cAAA,EAAgB,GAAA;AAAA,EAChB,qBAAA,EAAuB,GAAA;AAAA,EACvB,QAAA,EAAU,GAAA;AAAA,EACV,OAAA,EAAS,GAAA;AAAA,EACT,cAAA,EAAgB,GAAA;AAAA,EAChB,qBAAA,EAAuB,GAAA;AAAA,EACvB,sBAAA,EAAwB,GAAA;AAAA,EACxB,gBAAA,EAAkB,GAAA;AAAA,EAClB,YAAA,EAAc,GAAA;AAAA,EACd,uBAAA,EAAyB,GAAA;AAAA,EACzB,WAAA,EAAa;AACf,CAAA;;;AC3OO,IAAM,mCAAA,GAAsC;AAE5C,IAAM,mCAAA,GAAsC;AAAA,EACjD,GAAA;AAAA,EACA;AACF;AAIO,IAAM,oCAAA,GAAuC;AAAA,EAClD,QAAA;AAAA,EACA,OAAA;AAAA,EACA,SAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF;AAIO,IAAM,oCAAA,GAAuC;AAAA,EAClD,UAAA;AAAA,EACA,MAAA;AAAA,EACA;AACF;AAEO,IAAM,mCAAA,GAAsC;AAAA,EACjD,mBAAA;AAAA,EACA,uBAAA;AAAA,EACA,YAAA;AAAA,EACA,gBAAA;AAAA,EACA,4BAAA;AAAA,EACA,eAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF;AAIO,SAAS,+BACd,SAAA,EACiC;AACjC,EAAA,OAAO,gBAAgB,SAAyC,CAAA;AAClE;AAEO,SAAS,uCACd,SAAA,EAC2C;AAC3C,EAAA,MAAM,KAAA,GAAQ,+BAA+B,SAAS,CAAA;AACtD,EAAA,OACE,KAAA,KAAU,OACV,KAAA,KAAU,GAAA;AAEd","file":"component-boundary.contract.js","sourcesContent":["/* GENERATED by scripts/generate-contract-schema.ts. DO NOT EDIT. */\n\nexport type TableOwnershipLayer = \"L\" | \"I\" | \"K\" | \"D\" | \"A\";\n\nexport const TABLES_BY_LAYER = {\n \"L\": [\n \"agentRegistryEntries\",\n \"apiKeys\",\n \"auditLog\",\n \"compatibilityShims\",\n \"controlPlaneTenantModelSlotBindings\",\n \"controlPlaneTenantProviderSecrets\",\n \"controlPlaneTenantProxyGatewayUsage\",\n \"controlPlaneToolAcls\",\n \"cutoverFlags\",\n \"groupMemberships\",\n \"groups\",\n \"memberships\",\n \"methodologyPacks\",\n \"oauthDeviceCodes\",\n \"packAssignments\",\n \"packDefinitions\",\n \"packEntitlements\",\n \"packGroupAssignments\",\n \"packInstallations\",\n \"packVersions\",\n \"policyBundles\",\n \"policyDecisionLogs\",\n \"policySimulations\",\n \"principals\",\n \"rateLimitWindows\",\n \"servicePrincipalKeys\",\n \"tenantDeploymentCredentials\",\n \"tenantMethodologyAssignments\",\n \"tenants\",\n \"toolCatalog\",\n \"toolRegistryEntries\",\n \"userSessions\",\n \"workspaces\"\n ],\n \"I\": [\n \"agents\",\n \"mcpWritePolicy\",\n \"modelCallLogs\",\n \"modelFunctionSlots\",\n \"modelRegistry\",\n \"modelSlotConfigs\",\n \"platformAudienceGrants\",\n \"platformAudiences\",\n \"platformPolicyDecisionLogs\",\n \"projectGrants\",\n \"reasoningPermissions\",\n \"tenantApiKeys\",\n \"tenantConfig\",\n \"tenantIntegrations\",\n \"tenantModelSlotBindings\",\n \"tenantPolicies\",\n \"tenantProviderSecrets\",\n \"tenantProxyGatewayUsage\",\n \"tenantProxyTokenMints\",\n \"tenantSandboxAuditEvents\",\n \"tenantSecrets\",\n \"toolAcls\",\n \"toolRegistry\",\n \"users\"\n ],\n \"K\": [\n \"agentMessages\",\n \"agentSessions\",\n \"autofixJobs\",\n \"backgroundJobRuns\",\n \"backgroundJobSettings\",\n \"beliefConfidence\",\n \"beliefEvidenceLinks\",\n \"beliefHistory\",\n \"beliefScenarios\",\n \"beliefVotes\",\n \"calibrationScores\",\n \"contractEvaluations\",\n \"contradictions\",\n \"crossProjectConnections\",\n \"decisionComputedSummaries\",\n \"decisionEvents\",\n \"decisionParticipants\",\n \"decisionRiskLedger\",\n \"decisionSnapshots\",\n \"deliberationContributions\",\n \"deliberationSessions\",\n \"epistemicAudit\",\n \"epistemicContracts\",\n \"epistemicEdges\",\n \"epistemicNodeEmbeddings\",\n \"epistemicNodes\",\n \"graphAnalysisCache\",\n \"graphAnalysisResults\",\n \"graphSuggestions\",\n \"harnessReplays\",\n \"harnessRuns\",\n \"idempotencyTokens\",\n \"lenses\",\n \"lensTopicBindings\",\n \"neo4jSyncQueue\",\n \"ontologyDefinitions\",\n \"ontologyVersions\",\n \"platformAgentRunPolicyDecisions\",\n \"platformAgentRunPromptResolutions\",\n \"platformAgentRuns\",\n \"platformAgentRunToolCalls\",\n \"platformHarnessShadowAudit\",\n \"publicationRules\",\n \"questionEvidenceLinks\",\n \"researchJobs\",\n \"schemaEnumConfig\",\n \"stakeholderGroups\",\n \"systemLogs\",\n \"tasks\",\n \"topics\",\n \"workflowDefinitions\",\n \"workflowPullRequests\",\n \"workflowStages\",\n \"worktreeBeliefCluster\",\n \"worktrees\"\n ],\n \"D\": [],\n \"A\": []\n} as const;\n\nexport const TABLE_OWNERSHIP = {\n \"agentMessages\": \"K\",\n \"agentRegistryEntries\": \"L\",\n \"agents\": \"I\",\n \"agentSessions\": \"K\",\n \"apiKeys\": \"L\",\n \"auditLog\": \"L\",\n \"autofixJobs\": \"K\",\n \"backgroundJobRuns\": \"K\",\n \"backgroundJobSettings\": \"K\",\n \"beliefConfidence\": \"K\",\n \"beliefEvidenceLinks\": \"K\",\n \"beliefHistory\": \"K\",\n \"beliefScenarios\": \"K\",\n \"beliefVotes\": \"K\",\n \"calibrationScores\": \"K\",\n \"compatibilityShims\": \"L\",\n \"contractEvaluations\": \"K\",\n \"contradictions\": \"K\",\n \"controlPlaneTenantModelSlotBindings\": \"L\",\n \"controlPlaneTenantProviderSecrets\": \"L\",\n \"controlPlaneTenantProxyGatewayUsage\": \"L\",\n \"controlPlaneToolAcls\": \"L\",\n \"crossProjectConnections\": \"K\",\n \"cutoverFlags\": \"L\",\n \"decisionComputedSummaries\": \"K\",\n \"decisionEvents\": \"K\",\n \"decisionParticipants\": \"K\",\n \"decisionRiskLedger\": \"K\",\n \"decisionSnapshots\": \"K\",\n \"deliberationContributions\": \"K\",\n \"deliberationSessions\": \"K\",\n \"epistemicAudit\": \"K\",\n \"epistemicContracts\": \"K\",\n \"epistemicEdges\": \"K\",\n \"epistemicNodeEmbeddings\": \"K\",\n \"epistemicNodes\": \"K\",\n \"graphAnalysisCache\": \"K\",\n \"graphAnalysisResults\": \"K\",\n \"graphSuggestions\": \"K\",\n \"groupMemberships\": \"L\",\n \"groups\": \"L\",\n \"harnessReplays\": \"K\",\n \"harnessRuns\": \"K\",\n \"idempotencyTokens\": \"K\",\n \"lenses\": \"K\",\n \"lensTopicBindings\": \"K\",\n \"mcpWritePolicy\": \"I\",\n \"memberships\": \"L\",\n \"methodologyPacks\": \"L\",\n \"modelCallLogs\": \"I\",\n \"modelFunctionSlots\": \"I\",\n \"modelRegistry\": \"I\",\n \"modelSlotConfigs\": \"I\",\n \"neo4jSyncQueue\": \"K\",\n \"oauthDeviceCodes\": \"L\",\n \"ontologyDefinitions\": \"K\",\n \"ontologyVersions\": \"K\",\n \"packAssignments\": \"L\",\n \"packDefinitions\": \"L\",\n \"packEntitlements\": \"L\",\n \"packGroupAssignments\": \"L\",\n \"packInstallations\": \"L\",\n \"packVersions\": \"L\",\n \"platformAgentRunPolicyDecisions\": \"K\",\n \"platformAgentRunPromptResolutions\": \"K\",\n \"platformAgentRuns\": \"K\",\n \"platformAgentRunToolCalls\": \"K\",\n \"platformAudienceGrants\": \"I\",\n \"platformAudiences\": \"I\",\n \"platformHarnessShadowAudit\": \"K\",\n \"platformPolicyDecisionLogs\": \"I\",\n \"policyBundles\": \"L\",\n \"policyDecisionLogs\": \"L\",\n \"policySimulations\": \"L\",\n \"principals\": \"L\",\n \"projectGrants\": \"I\",\n \"publicationRules\": \"K\",\n \"questionEvidenceLinks\": \"K\",\n \"rateLimitWindows\": \"L\",\n \"reasoningPermissions\": \"I\",\n \"researchJobs\": \"K\",\n \"schemaEnumConfig\": \"K\",\n \"servicePrincipalKeys\": \"L\",\n \"stakeholderGroups\": \"K\",\n \"systemLogs\": \"K\",\n \"tasks\": \"K\",\n \"tenantApiKeys\": \"I\",\n \"tenantConfig\": \"I\",\n \"tenantDeploymentCredentials\": \"L\",\n \"tenantIntegrations\": \"I\",\n \"tenantMethodologyAssignments\": \"L\",\n \"tenantModelSlotBindings\": \"I\",\n \"tenantPolicies\": \"I\",\n \"tenantProviderSecrets\": \"I\",\n \"tenantProxyGatewayUsage\": \"I\",\n \"tenantProxyTokenMints\": \"I\",\n \"tenants\": \"L\",\n \"tenantSandboxAuditEvents\": \"I\",\n \"tenantSecrets\": \"I\",\n \"toolAcls\": \"I\",\n \"toolCatalog\": \"L\",\n \"toolRegistry\": \"I\",\n \"toolRegistryEntries\": \"L\",\n \"topics\": \"K\",\n \"users\": \"I\",\n \"userSessions\": \"L\",\n \"workflowDefinitions\": \"K\",\n \"workflowPullRequests\": \"K\",\n \"workflowStages\": \"K\",\n \"workspaces\": \"L\",\n \"worktreeBeliefCluster\": \"K\",\n \"worktrees\": \"K\",\n} as const satisfies Readonly<Record<string, TableOwnershipLayer>>;\n\nexport type GeneratedTableName = keyof typeof TABLE_OWNERSHIP;\n\nexport function classifyTableOwnership(\n tableName: string\n): TableOwnershipLayer | null {\n return TABLE_OWNERSHIP[tableName as GeneratedTableName] ?? null;\n}\n\nexport function listTablesByOwnership(\n layer: TableOwnershipLayer\n): readonly string[] {\n return TABLES_BY_LAYER[layer];\n}\n\nexport function summarizeTableOwnership(\n tableNames: readonly string[]\n): Record<TableOwnershipLayer, number> {\n const summary: Record<TableOwnershipLayer, number> = {\n L: 0,\n I: 0,\n K: 0,\n D: 0,\n A: 0,\n };\n for (const name of tableNames) {\n const layer = classifyTableOwnership(name);\n if (layer) {\n summary[layer] += 1;\n }\n }\n return summary;\n}\n\nexport function assertTableOwnershipCoverage(tableNames: readonly string[]): void {\n const missing = tableNames.filter((name) => !classifyTableOwnership(name));\n const tableNameSet = new Set(tableNames);\n const extras = Object.keys(TABLE_OWNERSHIP).filter(\n (name) => !tableNameSet.has(name)\n );\n if (missing.length > 0 || extras.length > 0) {\n const lines: string[] = [];\n if (missing.length > 0) {\n lines.push(`Missing ownership classification: ${missing.join(\", \")}`);\n }\n if (extras.length > 0) {\n lines.push(`Ownership map contains unknown tables: ${extras.join(\", \")}`);\n }\n throw new Error(lines.join(\"\\n\"));\n }\n}\n","import {\n TABLE_OWNERSHIP,\n type TableOwnershipLayer,\n} from \"./generated/tableOwnership.js\";\n\nexport const COMPONENT_BOUNDARY_CONTRACT_VERSION = \"2026-04-27\" as const;\n\nexport const COMPONENT_BOUNDARY_COMPONENT_LAYERS = [\n \"I\",\n \"K\",\n] as const satisfies readonly TableOwnershipLayer[];\nexport type ComponentBoundaryComponentLayer =\n (typeof COMPONENT_BOUNDARY_COMPONENT_LAYERS)[number];\n\nexport const COMPONENT_BOUNDARY_DIRECT_DB_METHODS = [\n \"insert\",\n \"patch\",\n \"replace\",\n \"delete\",\n \"query\",\n] as const;\nexport type ComponentBoundaryDirectDbMethod =\n (typeof COMPONENT_BOUNDARY_DIRECT_DB_METHODS)[number];\n\nexport const COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS = [\n \"services\",\n \"apps\",\n \"convex\",\n] as const;\n\nexport const COMPONENT_BOUNDARY_HIGH_RISK_TABLES = [\n \"backgroundJobRuns\",\n \"backgroundJobSettings\",\n \"systemLogs\",\n \"epistemicAudit\",\n \"platformPolicyDecisionLogs\",\n \"tenantApiKeys\",\n \"projectGrants\",\n \"userSessions\",\n] as const;\nexport type ComponentBoundaryHighRiskTable =\n (typeof COMPONENT_BOUNDARY_HIGH_RISK_TABLES)[number];\n\nexport function getComponentBoundaryTableLayer(\n tableName: string\n): TableOwnershipLayer | undefined {\n return TABLE_OWNERSHIP[tableName as keyof typeof TABLE_OWNERSHIP];\n}\n\nexport function isComponentBoundaryComponentOwnedTable(\n tableName: string\n): tableName is keyof typeof TABLE_OWNERSHIP {\n const layer = getComponentBoundaryTableLayer(tableName);\n return (\n layer === \"I\" ||\n layer === \"K\"\n );\n}\n\n"]}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Component host persistence boundary
|
|
3
|
+
*
|
|
4
|
+
* Host deployments may call component APIs, but they must not create or mutate
|
|
5
|
+
* component-owned tables directly through top-level ctx.db. This contract keeps
|
|
6
|
+
* tenant SDK clients from accidentally recreating Lucern kernel/identity tables
|
|
7
|
+
* as host "ghost tables".
|
|
8
|
+
*/
|
|
9
|
+
declare const COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION: "2026-04-28";
|
|
10
|
+
declare const COMPONENT_HOST_PROTECTED_TABLES: readonly ["backgroundJobRuns", "backgroundJobSettings", "systemLogs", "epistemicAudit", "platformPolicyDecisionLogs", "tenantApiKeys", "projectGrants", "userSessions"];
|
|
11
|
+
type ComponentHostProtectedTable = (typeof COMPONENT_HOST_PROTECTED_TABLES)[number];
|
|
12
|
+
declare const COMPONENT_HOST_PROTECTED_TABLE_OWNERS: {
|
|
13
|
+
readonly backgroundJobRuns: "kernel_component";
|
|
14
|
+
readonly backgroundJobSettings: "kernel_component";
|
|
15
|
+
readonly systemLogs: "kernel_component";
|
|
16
|
+
readonly epistemicAudit: "reasoning_kernel_component";
|
|
17
|
+
readonly platformPolicyDecisionLogs: "identity_component";
|
|
18
|
+
readonly tenantApiKeys: "identity_component";
|
|
19
|
+
readonly projectGrants: "identity_component";
|
|
20
|
+
readonly userSessions: "tenant_or_control_plane_schema";
|
|
21
|
+
};
|
|
22
|
+
declare const COMPONENT_HOST_DB_WRITE_OPERATIONS: readonly ["insert", "patch", "replace", "delete"];
|
|
23
|
+
type ComponentHostDbWriteOperation = (typeof COMPONENT_HOST_DB_WRITE_OPERATIONS)[number];
|
|
24
|
+
declare const COMPONENT_HOST_DB_READ_OPERATIONS: readonly ["query"];
|
|
25
|
+
type ComponentHostDbReadOperation = (typeof COMPONENT_HOST_DB_READ_OPERATIONS)[number];
|
|
26
|
+
type ComponentHostDbOperation = ComponentHostDbWriteOperation | ComponentHostDbReadOperation;
|
|
27
|
+
declare const COMPONENT_HOST_WRITE_AUDIT_ROOTS: readonly ["apps/web/convex", "packages/server-core/src", "services/kernel-template/convex", "services/identity-template/convex", "services/master-control/convex"];
|
|
28
|
+
type ComponentHostWriteAuditRoot = (typeof COMPONENT_HOST_WRITE_AUDIT_ROOTS)[number];
|
|
29
|
+
declare const COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS: readonly [{
|
|
30
|
+
readonly file: "services/master-control/convex/userSessions.ts";
|
|
31
|
+
readonly table: "userSessions";
|
|
32
|
+
readonly operation: "insert";
|
|
33
|
+
readonly reason: "Master Control declares and owns its own userSessions table for gateway session validation.";
|
|
34
|
+
}, {
|
|
35
|
+
readonly file: "services/master-control/convex/userSessions.ts";
|
|
36
|
+
readonly table: "userSessions";
|
|
37
|
+
readonly operation: "query";
|
|
38
|
+
readonly reason: "Master Control declares and owns its own userSessions table for gateway session validation.";
|
|
39
|
+
}];
|
|
40
|
+
|
|
41
|
+
export { COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION, COMPONENT_HOST_DB_READ_OPERATIONS, COMPONENT_HOST_DB_WRITE_OPERATIONS, COMPONENT_HOST_PROTECTED_TABLES, COMPONENT_HOST_PROTECTED_TABLE_OWNERS, COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS, COMPONENT_HOST_WRITE_AUDIT_ROOTS, type ComponentHostDbOperation, type ComponentHostDbReadOperation, type ComponentHostDbWriteOperation, type ComponentHostProtectedTable, type ComponentHostWriteAuditRoot };
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
// src/component-host-boundary.contract.ts
|
|
2
|
+
var COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION = "2026-04-28";
|
|
3
|
+
var COMPONENT_HOST_PROTECTED_TABLES = [
|
|
4
|
+
"backgroundJobRuns",
|
|
5
|
+
"backgroundJobSettings",
|
|
6
|
+
"systemLogs",
|
|
7
|
+
"epistemicAudit",
|
|
8
|
+
"platformPolicyDecisionLogs",
|
|
9
|
+
"tenantApiKeys",
|
|
10
|
+
"projectGrants",
|
|
11
|
+
"userSessions"
|
|
12
|
+
];
|
|
13
|
+
var COMPONENT_HOST_PROTECTED_TABLE_OWNERS = {
|
|
14
|
+
backgroundJobRuns: "kernel_component",
|
|
15
|
+
backgroundJobSettings: "kernel_component",
|
|
16
|
+
systemLogs: "kernel_component",
|
|
17
|
+
epistemicAudit: "reasoning_kernel_component",
|
|
18
|
+
platformPolicyDecisionLogs: "identity_component",
|
|
19
|
+
tenantApiKeys: "identity_component",
|
|
20
|
+
projectGrants: "identity_component",
|
|
21
|
+
userSessions: "tenant_or_control_plane_schema"
|
|
22
|
+
};
|
|
23
|
+
var COMPONENT_HOST_DB_WRITE_OPERATIONS = [
|
|
24
|
+
"insert",
|
|
25
|
+
"patch",
|
|
26
|
+
"replace",
|
|
27
|
+
"delete"
|
|
28
|
+
];
|
|
29
|
+
var COMPONENT_HOST_DB_READ_OPERATIONS = ["query"];
|
|
30
|
+
var COMPONENT_HOST_WRITE_AUDIT_ROOTS = [
|
|
31
|
+
"apps/web/convex",
|
|
32
|
+
"packages/server-core/src",
|
|
33
|
+
"services/kernel-template/convex",
|
|
34
|
+
"services/identity-template/convex",
|
|
35
|
+
"services/master-control/convex"
|
|
36
|
+
];
|
|
37
|
+
var COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS = [
|
|
38
|
+
{
|
|
39
|
+
file: "services/master-control/convex/userSessions.ts",
|
|
40
|
+
table: "userSessions",
|
|
41
|
+
operation: "insert",
|
|
42
|
+
reason: "Master Control declares and owns its own userSessions table for gateway session validation."
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
file: "services/master-control/convex/userSessions.ts",
|
|
46
|
+
table: "userSessions",
|
|
47
|
+
operation: "query",
|
|
48
|
+
reason: "Master Control declares and owns its own userSessions table for gateway session validation."
|
|
49
|
+
}
|
|
50
|
+
];
|
|
51
|
+
|
|
52
|
+
export { COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION, COMPONENT_HOST_DB_READ_OPERATIONS, COMPONENT_HOST_DB_WRITE_OPERATIONS, COMPONENT_HOST_PROTECTED_TABLES, COMPONENT_HOST_PROTECTED_TABLE_OWNERS, COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS, COMPONENT_HOST_WRITE_AUDIT_ROOTS };
|
|
53
|
+
//# sourceMappingURL=component-host-boundary.contract.js.map
|
|
54
|
+
//# sourceMappingURL=component-host-boundary.contract.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/component-host-boundary.contract.ts"],"names":[],"mappings":";AASO,IAAM,wCAAA,GAA2C;AAEjD,IAAM,+BAAA,GAAkC;AAAA,EAC7C,mBAAA;AAAA,EACA,uBAAA;AAAA,EACA,YAAA;AAAA,EACA,gBAAA;AAAA,EACA,4BAAA;AAAA,EACA,eAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF;AAIO,IAAM,qCAAA,GAAwC;AAAA,EACnD,iBAAA,EAAmB,kBAAA;AAAA,EACnB,qBAAA,EAAuB,kBAAA;AAAA,EACvB,UAAA,EAAY,kBAAA;AAAA,EACZ,cAAA,EAAgB,4BAAA;AAAA,EAChB,0BAAA,EAA4B,oBAAA;AAAA,EAC5B,aAAA,EAAe,oBAAA;AAAA,EACf,aAAA,EAAe,oBAAA;AAAA,EACf,YAAA,EAAc;AAChB;AAEO,IAAM,kCAAA,GAAqC;AAAA,EAChD,QAAA;AAAA,EACA,OAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AAIO,IAAM,iCAAA,GAAoC,CAAC,OAAO;AAQlD,IAAM,gCAAA,GAAmC;AAAA,EAC9C,iBAAA;AAAA,EACA,0BAAA;AAAA,EACA,iCAAA;AAAA,EACA,mCAAA;AAAA,EACA;AACF;AAIO,IAAM,uCAAA,GAA0C;AAAA,EACrD;AAAA,IACE,IAAA,EAAM,gDAAA;AAAA,IACN,KAAA,EAAO,cAAA;AAAA,IACP,SAAA,EAAW,QAAA;AAAA,IACX,MAAA,EACE;AAAA,GACJ;AAAA,EACA;AAAA,IACE,IAAA,EAAM,gDAAA;AAAA,IACN,KAAA,EAAO,cAAA;AAAA,IACP,SAAA,EAAW,OAAA;AAAA,IACX,MAAA,EACE;AAAA;AAEN","file":"component-host-boundary.contract.js","sourcesContent":["/**\n * Component host persistence boundary\n *\n * Host deployments may call component APIs, but they must not create or mutate\n * component-owned tables directly through top-level ctx.db. This contract keeps\n * tenant SDK clients from accidentally recreating Lucern kernel/identity tables\n * as host \"ghost tables\".\n */\n\nexport const COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION = \"2026-04-28\" as const;\n\nexport const COMPONENT_HOST_PROTECTED_TABLES = [\n \"backgroundJobRuns\",\n \"backgroundJobSettings\",\n \"systemLogs\",\n \"epistemicAudit\",\n \"platformPolicyDecisionLogs\",\n \"tenantApiKeys\",\n \"projectGrants\",\n \"userSessions\",\n] as const;\nexport type ComponentHostProtectedTable =\n (typeof COMPONENT_HOST_PROTECTED_TABLES)[number];\n\nexport const COMPONENT_HOST_PROTECTED_TABLE_OWNERS = {\n backgroundJobRuns: \"kernel_component\",\n backgroundJobSettings: \"kernel_component\",\n systemLogs: \"kernel_component\",\n epistemicAudit: \"reasoning_kernel_component\",\n platformPolicyDecisionLogs: \"identity_component\",\n tenantApiKeys: \"identity_component\",\n projectGrants: \"identity_component\",\n userSessions: \"tenant_or_control_plane_schema\",\n} as const satisfies Record<ComponentHostProtectedTable, string>;\n\nexport const COMPONENT_HOST_DB_WRITE_OPERATIONS = [\n \"insert\",\n \"patch\",\n \"replace\",\n \"delete\",\n] as const;\nexport type ComponentHostDbWriteOperation =\n (typeof COMPONENT_HOST_DB_WRITE_OPERATIONS)[number];\n\nexport const COMPONENT_HOST_DB_READ_OPERATIONS = [\"query\"] as const;\nexport type ComponentHostDbReadOperation =\n (typeof COMPONENT_HOST_DB_READ_OPERATIONS)[number];\n\nexport type ComponentHostDbOperation =\n | ComponentHostDbWriteOperation\n | ComponentHostDbReadOperation;\n\nexport const COMPONENT_HOST_WRITE_AUDIT_ROOTS = [\n \"apps/web/convex\",\n \"packages/server-core/src\",\n \"services/kernel-template/convex\",\n \"services/identity-template/convex\",\n \"services/master-control/convex\",\n] as const;\nexport type ComponentHostWriteAuditRoot =\n (typeof COMPONENT_HOST_WRITE_AUDIT_ROOTS)[number];\n\nexport const COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS = [\n {\n file: \"services/master-control/convex/userSessions.ts\",\n table: \"userSessions\",\n operation: \"insert\",\n reason:\n \"Master Control declares and owns its own userSessions table for gateway session validation.\",\n },\n {\n file: \"services/master-control/convex/userSessions.ts\",\n table: \"userSessions\",\n operation: \"query\",\n reason:\n \"Master Control declares and owns its own userSessions table for gateway session validation.\",\n },\n] as const satisfies ReadonlyArray<{\n file: string;\n table: ComponentHostProtectedTable;\n operation: ComponentHostDbOperation;\n reason: string;\n}>;\n"]}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import
|
|
1
|
+
import { z } from 'zod';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* MCP Tool Contract Definitions
|
|
@@ -115,10 +115,10 @@ declare const beliefsContracts: readonly [{
|
|
|
115
115
|
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
116
116
|
};
|
|
117
117
|
convex: FunctionConvexTarget | undefined;
|
|
118
|
-
args:
|
|
119
|
-
returns:
|
|
120
|
-
input:
|
|
121
|
-
output:
|
|
118
|
+
args: z.ZodTypeAny;
|
|
119
|
+
returns: z.ZodTypeAny;
|
|
120
|
+
input: z.ZodTypeAny;
|
|
121
|
+
output: z.ZodTypeAny;
|
|
122
122
|
openapi: {
|
|
123
123
|
summary: string;
|
|
124
124
|
tags: string[];
|
|
@@ -154,10 +154,10 @@ declare const beliefsContracts: readonly [{
|
|
|
154
154
|
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
155
155
|
};
|
|
156
156
|
convex: FunctionConvexTarget | undefined;
|
|
157
|
-
args:
|
|
158
|
-
returns:
|
|
159
|
-
input:
|
|
160
|
-
output:
|
|
157
|
+
args: z.ZodTypeAny;
|
|
158
|
+
returns: z.ZodTypeAny;
|
|
159
|
+
input: z.ZodTypeAny;
|
|
160
|
+
output: z.ZodTypeAny;
|
|
161
161
|
openapi: {
|
|
162
162
|
summary: string;
|
|
163
163
|
tags: string[];
|
|
@@ -193,10 +193,10 @@ declare const beliefsContracts: readonly [{
|
|
|
193
193
|
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
194
194
|
};
|
|
195
195
|
convex: FunctionConvexTarget | undefined;
|
|
196
|
-
args:
|
|
197
|
-
returns:
|
|
198
|
-
input:
|
|
199
|
-
output:
|
|
196
|
+
args: z.ZodTypeAny;
|
|
197
|
+
returns: z.ZodTypeAny;
|
|
198
|
+
input: z.ZodTypeAny;
|
|
199
|
+
output: z.ZodTypeAny;
|
|
200
200
|
openapi: {
|
|
201
201
|
summary: string;
|
|
202
202
|
tags: string[];
|
|
@@ -232,10 +232,10 @@ declare const beliefsContracts: readonly [{
|
|
|
232
232
|
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
233
233
|
};
|
|
234
234
|
convex: FunctionConvexTarget | undefined;
|
|
235
|
-
args:
|
|
236
|
-
returns:
|
|
237
|
-
input:
|
|
238
|
-
output:
|
|
235
|
+
args: z.ZodTypeAny;
|
|
236
|
+
returns: z.ZodTypeAny;
|
|
237
|
+
input: z.ZodTypeAny;
|
|
238
|
+
output: z.ZodTypeAny;
|
|
239
239
|
openapi: {
|
|
240
240
|
summary: string;
|
|
241
241
|
tags: string[];
|
|
@@ -271,10 +271,10 @@ declare const beliefsContracts: readonly [{
|
|
|
271
271
|
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
272
272
|
};
|
|
273
273
|
convex: FunctionConvexTarget | undefined;
|
|
274
|
-
args:
|
|
275
|
-
returns:
|
|
276
|
-
input:
|
|
277
|
-
output:
|
|
274
|
+
args: z.ZodTypeAny;
|
|
275
|
+
returns: z.ZodTypeAny;
|
|
276
|
+
input: z.ZodTypeAny;
|
|
277
|
+
output: z.ZodTypeAny;
|
|
278
278
|
openapi: {
|
|
279
279
|
summary: string;
|
|
280
280
|
tags: string[];
|
|
@@ -310,10 +310,10 @@ declare const beliefsContracts: readonly [{
|
|
|
310
310
|
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
311
311
|
};
|
|
312
312
|
convex: FunctionConvexTarget | undefined;
|
|
313
|
-
args:
|
|
314
|
-
returns:
|
|
315
|
-
input:
|
|
316
|
-
output:
|
|
313
|
+
args: z.ZodTypeAny;
|
|
314
|
+
returns: z.ZodTypeAny;
|
|
315
|
+
input: z.ZodTypeAny;
|
|
316
|
+
output: z.ZodTypeAny;
|
|
317
317
|
openapi: {
|
|
318
318
|
summary: string;
|
|
319
319
|
tags: string[];
|
|
@@ -349,10 +349,10 @@ declare const beliefsContracts: readonly [{
|
|
|
349
349
|
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
350
350
|
};
|
|
351
351
|
convex: FunctionConvexTarget | undefined;
|
|
352
|
-
args:
|
|
353
|
-
returns:
|
|
354
|
-
input:
|
|
355
|
-
output:
|
|
352
|
+
args: z.ZodTypeAny;
|
|
353
|
+
returns: z.ZodTypeAny;
|
|
354
|
+
input: z.ZodTypeAny;
|
|
355
|
+
output: z.ZodTypeAny;
|
|
356
356
|
openapi: {
|
|
357
357
|
summary: string;
|
|
358
358
|
tags: string[];
|
|
@@ -388,10 +388,10 @@ declare const beliefsContracts: readonly [{
|
|
|
388
388
|
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
389
389
|
};
|
|
390
390
|
convex: FunctionConvexTarget | undefined;
|
|
391
|
-
args:
|
|
392
|
-
returns:
|
|
393
|
-
input:
|
|
394
|
-
output:
|
|
391
|
+
args: z.ZodTypeAny;
|
|
392
|
+
returns: z.ZodTypeAny;
|
|
393
|
+
input: z.ZodTypeAny;
|
|
394
|
+
output: z.ZodTypeAny;
|
|
395
395
|
openapi: {
|
|
396
396
|
summary: string;
|
|
397
397
|
tags: string[];
|
|
@@ -427,10 +427,10 @@ declare const beliefsContracts: readonly [{
|
|
|
427
427
|
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
428
428
|
};
|
|
429
429
|
convex: FunctionConvexTarget | undefined;
|
|
430
|
-
args:
|
|
431
|
-
returns:
|
|
432
|
-
input:
|
|
433
|
-
output:
|
|
430
|
+
args: z.ZodTypeAny;
|
|
431
|
+
returns: z.ZodTypeAny;
|
|
432
|
+
input: z.ZodTypeAny;
|
|
433
|
+
output: z.ZodTypeAny;
|
|
434
434
|
openapi: {
|
|
435
435
|
summary: string;
|
|
436
436
|
tags: string[];
|
|
@@ -466,10 +466,10 @@ declare const beliefsContracts: readonly [{
|
|
|
466
466
|
allowedPrincipalTypes: ("user" | "service" | "agent")[];
|
|
467
467
|
};
|
|
468
468
|
convex: FunctionConvexTarget | undefined;
|
|
469
|
-
args:
|
|
470
|
-
returns:
|
|
471
|
-
input:
|
|
472
|
-
output:
|
|
469
|
+
args: z.ZodTypeAny;
|
|
470
|
+
returns: z.ZodTypeAny;
|
|
471
|
+
input: z.ZodTypeAny;
|
|
472
|
+
output: z.ZodTypeAny;
|
|
473
473
|
openapi: {
|
|
474
474
|
summary: string;
|
|
475
475
|
tags: string[];
|