@lucern/contracts 0.3.0-alpha.2 → 0.3.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/dist/component-boundary.contract.d.ts +14 -0
  2. package/dist/component-boundary.contract.js +155 -0
  3. package/dist/component-boundary.contract.js.map +1 -0
  4. package/dist/component-host-boundary.contract.d.ts +41 -0
  5. package/dist/component-host-boundary.contract.js +54 -0
  6. package/dist/component-host-boundary.contract.js.map +1 -0
  7. package/dist/function-registry/beliefs.d.ts +41 -41
  8. package/dist/function-registry/beliefs.js +202 -8
  9. package/dist/function-registry/beliefs.js.map +1 -1
  10. package/dist/function-registry/coding.js +187 -8
  11. package/dist/function-registry/coding.js.map +1 -1
  12. package/dist/function-registry/context.d.ts +13 -13
  13. package/dist/function-registry/context.js +187 -9
  14. package/dist/function-registry/context.js.map +1 -1
  15. package/dist/function-registry/contracts.js +158 -5
  16. package/dist/function-registry/contracts.js.map +1 -1
  17. package/dist/function-registry/coordination.js +158 -5
  18. package/dist/function-registry/coordination.js.map +1 -1
  19. package/dist/function-registry/edges.js +169 -6
  20. package/dist/function-registry/edges.js.map +1 -1
  21. package/dist/function-registry/evidence.d.ts +33 -33
  22. package/dist/function-registry/evidence.js +202 -9
  23. package/dist/function-registry/evidence.js.map +1 -1
  24. package/dist/function-registry/graph.d.ts +53 -53
  25. package/dist/function-registry/graph.js +217 -12
  26. package/dist/function-registry/graph.js.map +1 -1
  27. package/dist/function-registry/helpers.d.ts +1 -1
  28. package/dist/function-registry/helpers.js +158 -5
  29. package/dist/function-registry/helpers.js.map +1 -1
  30. package/dist/function-registry/identity.js +158 -5
  31. package/dist/function-registry/identity.js.map +1 -1
  32. package/dist/function-registry/index.d.ts +1 -1
  33. package/dist/function-registry/index.js +158 -5
  34. package/dist/function-registry/index.js.map +1 -1
  35. package/dist/function-registry/judgments.d.ts +9 -9
  36. package/dist/function-registry/judgments.js +170 -8
  37. package/dist/function-registry/judgments.js.map +1 -1
  38. package/dist/function-registry/legacy.js +158 -5
  39. package/dist/function-registry/legacy.js.map +1 -1
  40. package/dist/function-registry/lenses.d.ts +17 -17
  41. package/dist/function-registry/lenses.js +181 -8
  42. package/dist/function-registry/lenses.js.map +1 -1
  43. package/dist/function-registry/manifest.d.ts +3 -3
  44. package/dist/function-registry/manifest.js +1 -1
  45. package/dist/function-registry/manifest.js.map +1 -1
  46. package/dist/function-registry/ontologies.d.ts +45 -45
  47. package/dist/function-registry/ontologies.js +176 -11
  48. package/dist/function-registry/ontologies.js.map +1 -1
  49. package/dist/function-registry/pipeline.d.ts +13 -13
  50. package/dist/function-registry/pipeline.js +167 -8
  51. package/dist/function-registry/pipeline.js.map +1 -1
  52. package/dist/function-registry/questions.d.ts +49 -49
  53. package/dist/function-registry/questions.js +255 -13
  54. package/dist/function-registry/questions.js.map +1 -1
  55. package/dist/function-registry/tasks.js +158 -5
  56. package/dist/function-registry/tasks.js.map +1 -1
  57. package/dist/function-registry/topics.d.ts +21 -21
  58. package/dist/function-registry/topics.js +172 -8
  59. package/dist/function-registry/topics.js.map +1 -1
  60. package/dist/function-registry/types.d.ts +1 -1
  61. package/dist/function-registry/worktrees.d.ts +80 -41
  62. package/dist/function-registry/worktrees.js +292 -17
  63. package/dist/function-registry/worktrees.js.map +1 -1
  64. package/dist/function-registry-input-audit.d.ts +13 -0
  65. package/dist/function-registry-input-audit.js +164 -0
  66. package/dist/function-registry-input-audit.js.map +1 -0
  67. package/dist/gateway.contract.d.ts +2 -0
  68. package/dist/gateway.contract.js.map +1 -1
  69. package/dist/generated/convexSchemas.js +2 -1
  70. package/dist/generated/convexSchemas.js.map +1 -1
  71. package/dist/generated/schema-manifest.json +42 -3
  72. package/dist/generated/tableOwnership.d.ts +2 -1
  73. package/dist/generated/tableOwnership.js +2 -0
  74. package/dist/generated/tableOwnership.js.map +1 -1
  75. package/dist/generated/tier-expectations.json +4 -2
  76. package/dist/index.d.ts +445 -35
  77. package/dist/index.js +1987 -17
  78. package/dist/index.js.map +1 -1
  79. package/dist/infisical-runtime.contract.d.ts +174 -0
  80. package/dist/infisical-runtime.contract.js +192 -0
  81. package/dist/infisical-runtime.contract.js.map +1 -0
  82. package/dist/mcp-gateway-boundary.contract.d.ts +181 -0
  83. package/dist/mcp-gateway-boundary.contract.js +43 -0
  84. package/dist/mcp-gateway-boundary.contract.js.map +1 -0
  85. package/dist/schemas/component-table-manifest.d.ts +2 -2
  86. package/dist/schemas/index.js +38 -1
  87. package/dist/schemas/index.js.map +1 -1
  88. package/dist/schemas/manifest.d.ts +1050 -910
  89. package/dist/schemas/manifest.js +38 -1
  90. package/dist/schemas/manifest.js.map +1 -1
  91. package/dist/schemas/sl-opinion.d.ts +4 -4
  92. package/dist/schemas/tables/identity/platform.d.ts +10 -10
  93. package/dist/schemas/tables/kernel/epistemic.d.ts +6 -6
  94. package/dist/schemas/tables/kernel/infra.d.ts +4 -4
  95. package/dist/schemas/tables/kernel/intelligence.d.ts +10 -10
  96. package/dist/schemas/tables/kernel/lens.d.ts +4 -4
  97. package/dist/schemas/tables/kernel/platform.d.ts +12 -12
  98. package/dist/schemas/tables/kernel/spine.d.ts +2 -2
  99. package/dist/schemas/tables/kernel/task.d.ts +42 -42
  100. package/dist/schemas/tables/kernel/worktree.d.ts +62 -62
  101. package/dist/schemas/tables/mc/identity.d.ts +26 -3
  102. package/dist/schemas/tables/mc/identity.js +35 -1
  103. package/dist/schemas/tables/mc/identity.js.map +1 -1
  104. package/dist/schemas/tables/mc/pack.d.ts +20 -20
  105. package/dist/schemas/tables/mc/registry.d.ts +4 -4
  106. package/dist/schemas/tables/mc/workspace.d.ts +9 -3
  107. package/dist/schemas/tables/mc/workspace.js +3 -1
  108. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  109. package/dist/sdk-methods.contract.d.ts +1 -1
  110. package/dist/{sdk-tools.contract-S4ia0TTo.d.ts → sdk-tools.contract-CD-N1Jf7.d.ts} +1 -1
  111. package/dist/sdk-tools.contract.d.ts +2 -2
  112. package/dist/sdk-tools.contract.js +157 -4
  113. package/dist/sdk-tools.contract.js.map +1 -1
  114. package/dist/tenant-bootstrap-seed.contract.d.ts +1097 -0
  115. package/dist/tenant-bootstrap-seed.contract.js +651 -0
  116. package/dist/tenant-bootstrap-seed.contract.js.map +1 -0
  117. package/dist/tenant-bootstrap-seed.defaults.d.ts +16 -0
  118. package/dist/tenant-bootstrap-seed.defaults.js +303 -0
  119. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -0
  120. package/dist/tenant-client.contract.d.ts +266 -0
  121. package/dist/tenant-client.contract.js +404 -0
  122. package/dist/tenant-client.contract.js.map +1 -0
  123. package/dist/{tool-contracts-C92-9ueT.d.ts → tool-contracts-BcKz-VGj.d.ts} +4 -2
  124. package/dist/tool-contracts.d.ts +1 -1
  125. package/dist/tool-contracts.js +158 -5
  126. package/dist/tool-contracts.js.map +1 -1
  127. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -1,5 +1,6 @@
1
1
  import { z, ZodFirstPartyTypeKind } from 'zod';
2
2
  import { v } from 'convex/values';
3
+ import { ALL_FUNCTION_CONTRACTS } from './function-registry/index.js';
3
4
  export * from './function-registry/index.js';
4
5
 
5
6
  var __defProp = Object.defineProperty;
@@ -224,6 +225,209 @@ function lastDelegator(delegationChain) {
224
225
  return delegationChain[delegationChain.length - 1]?.principalId;
225
226
  }
226
227
 
228
+ // src/generated/tableOwnership.ts
229
+ var TABLE_OWNERSHIP = {
230
+ "agentMessages": "K",
231
+ "agentRegistryEntries": "L",
232
+ "agents": "I",
233
+ "agentSessions": "K",
234
+ "apiKeys": "L",
235
+ "auditLog": "L",
236
+ "autofixJobs": "K",
237
+ "backgroundJobRuns": "K",
238
+ "backgroundJobSettings": "K",
239
+ "beliefConfidence": "K",
240
+ "beliefEvidenceLinks": "K",
241
+ "beliefHistory": "K",
242
+ "beliefScenarios": "K",
243
+ "beliefVotes": "K",
244
+ "calibrationScores": "K",
245
+ "compatibilityShims": "L",
246
+ "contractEvaluations": "K",
247
+ "contradictions": "K",
248
+ "controlPlaneTenantModelSlotBindings": "L",
249
+ "controlPlaneTenantProviderSecrets": "L",
250
+ "controlPlaneTenantProxyGatewayUsage": "L",
251
+ "controlPlaneToolAcls": "L",
252
+ "crossProjectConnections": "K",
253
+ "cutoverFlags": "L",
254
+ "decisionComputedSummaries": "K",
255
+ "decisionEvents": "K",
256
+ "decisionParticipants": "K",
257
+ "decisionRiskLedger": "K",
258
+ "decisionSnapshots": "K",
259
+ "deliberationContributions": "K",
260
+ "deliberationSessions": "K",
261
+ "epistemicAudit": "K",
262
+ "epistemicContracts": "K",
263
+ "epistemicEdges": "K",
264
+ "epistemicNodeEmbeddings": "K",
265
+ "epistemicNodes": "K",
266
+ "graphAnalysisCache": "K",
267
+ "graphAnalysisResults": "K",
268
+ "graphSuggestions": "K",
269
+ "groupMemberships": "L",
270
+ "groups": "L",
271
+ "harnessReplays": "K",
272
+ "harnessRuns": "K",
273
+ "idempotencyTokens": "K",
274
+ "lenses": "K",
275
+ "lensTopicBindings": "K",
276
+ "mcpWritePolicy": "I",
277
+ "memberships": "L",
278
+ "methodologyPacks": "L",
279
+ "modelCallLogs": "I",
280
+ "modelFunctionSlots": "I",
281
+ "modelRegistry": "I",
282
+ "modelSlotConfigs": "I",
283
+ "neo4jSyncQueue": "K",
284
+ "oauthDeviceCodes": "L",
285
+ "ontologyDefinitions": "K",
286
+ "ontologyVersions": "K",
287
+ "packAssignments": "L",
288
+ "packDefinitions": "L",
289
+ "packEntitlements": "L",
290
+ "packGroupAssignments": "L",
291
+ "packInstallations": "L",
292
+ "packVersions": "L",
293
+ "platformAgentRunPolicyDecisions": "K",
294
+ "platformAgentRunPromptResolutions": "K",
295
+ "platformAgentRuns": "K",
296
+ "platformAgentRunToolCalls": "K",
297
+ "platformAudienceGrants": "I",
298
+ "platformAudiences": "I",
299
+ "platformHarnessShadowAudit": "K",
300
+ "platformPolicyDecisionLogs": "I",
301
+ "policyBundles": "L",
302
+ "policyDecisionLogs": "L",
303
+ "policySimulations": "L",
304
+ "principals": "L",
305
+ "projectGrants": "I",
306
+ "publicationRules": "K",
307
+ "questionEvidenceLinks": "K",
308
+ "rateLimitWindows": "L",
309
+ "reasoningPermissions": "I",
310
+ "researchJobs": "K",
311
+ "schemaEnumConfig": "K",
312
+ "servicePrincipalKeys": "L",
313
+ "stakeholderGroups": "K",
314
+ "systemLogs": "K",
315
+ "tasks": "K",
316
+ "tenantApiKeys": "I",
317
+ "tenantConfig": "I",
318
+ "tenantDeploymentCredentials": "L",
319
+ "tenantIntegrations": "I",
320
+ "tenantMethodologyAssignments": "L",
321
+ "tenantModelSlotBindings": "I",
322
+ "tenantPolicies": "I",
323
+ "tenantProviderSecrets": "I",
324
+ "tenantProxyGatewayUsage": "I",
325
+ "tenantProxyTokenMints": "I",
326
+ "tenants": "L",
327
+ "tenantSandboxAuditEvents": "I",
328
+ "tenantSecrets": "I",
329
+ "toolAcls": "I",
330
+ "toolCatalog": "L",
331
+ "toolRegistry": "I",
332
+ "toolRegistryEntries": "L",
333
+ "topics": "K",
334
+ "users": "I",
335
+ "userSessions": "L",
336
+ "workflowDefinitions": "K",
337
+ "workflowPullRequests": "K",
338
+ "workflowStages": "K",
339
+ "workspaces": "L",
340
+ "worktreeBeliefCluster": "K",
341
+ "worktrees": "K"
342
+ };
343
+
344
+ // src/component-boundary.contract.ts
345
+ var COMPONENT_BOUNDARY_CONTRACT_VERSION = "2026-04-27";
346
+ var COMPONENT_BOUNDARY_COMPONENT_LAYERS = [
347
+ "I",
348
+ "K"
349
+ ];
350
+ var COMPONENT_BOUNDARY_DIRECT_DB_METHODS = [
351
+ "insert",
352
+ "patch",
353
+ "replace",
354
+ "delete",
355
+ "query"
356
+ ];
357
+ var COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS = [
358
+ "services",
359
+ "apps",
360
+ "convex"
361
+ ];
362
+ var COMPONENT_BOUNDARY_HIGH_RISK_TABLES = [
363
+ "backgroundJobRuns",
364
+ "backgroundJobSettings",
365
+ "systemLogs",
366
+ "epistemicAudit",
367
+ "platformPolicyDecisionLogs",
368
+ "tenantApiKeys",
369
+ "projectGrants",
370
+ "userSessions"
371
+ ];
372
+ function getComponentBoundaryTableLayer(tableName) {
373
+ return TABLE_OWNERSHIP[tableName];
374
+ }
375
+ function isComponentBoundaryComponentOwnedTable(tableName) {
376
+ const layer = getComponentBoundaryTableLayer(tableName);
377
+ return layer === "I" || layer === "K";
378
+ }
379
+
380
+ // src/component-host-boundary.contract.ts
381
+ var COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION = "2026-04-28";
382
+ var COMPONENT_HOST_PROTECTED_TABLES = [
383
+ "backgroundJobRuns",
384
+ "backgroundJobSettings",
385
+ "systemLogs",
386
+ "epistemicAudit",
387
+ "platformPolicyDecisionLogs",
388
+ "tenantApiKeys",
389
+ "projectGrants",
390
+ "userSessions"
391
+ ];
392
+ var COMPONENT_HOST_PROTECTED_TABLE_OWNERS = {
393
+ backgroundJobRuns: "kernel_component",
394
+ backgroundJobSettings: "kernel_component",
395
+ systemLogs: "kernel_component",
396
+ epistemicAudit: "reasoning_kernel_component",
397
+ platformPolicyDecisionLogs: "identity_component",
398
+ tenantApiKeys: "identity_component",
399
+ projectGrants: "identity_component",
400
+ userSessions: "tenant_or_control_plane_schema"
401
+ };
402
+ var COMPONENT_HOST_DB_WRITE_OPERATIONS = [
403
+ "insert",
404
+ "patch",
405
+ "replace",
406
+ "delete"
407
+ ];
408
+ var COMPONENT_HOST_DB_READ_OPERATIONS = ["query"];
409
+ var COMPONENT_HOST_WRITE_AUDIT_ROOTS = [
410
+ "apps/web/convex",
411
+ "packages/server-core/src",
412
+ "services/kernel-template/convex",
413
+ "services/identity-template/convex",
414
+ "services/master-control/convex"
415
+ ];
416
+ var COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS = [
417
+ {
418
+ file: "services/master-control/convex/userSessions.ts",
419
+ table: "userSessions",
420
+ operation: "insert",
421
+ reason: "Master Control declares and owns its own userSessions table for gateway session validation."
422
+ },
423
+ {
424
+ file: "services/master-control/convex/userSessions.ts",
425
+ table: "userSessions",
426
+ operation: "query",
427
+ reason: "Master Control declares and owns its own userSessions table for gateway session validation."
428
+ }
429
+ ];
430
+
227
431
  // src/gateway.contract.ts
228
432
  function requireActorPrincipalId(authContext) {
229
433
  const principalId = typeof authContext.principalId === "string" ? authContext.principalId.trim() : "";
@@ -3023,6 +3227,40 @@ var rateLimitWindows = defineTable({
3023
3227
  { kind: "index", name: "by_tier_window_end", columns: ["tier", "windowEndMs"] }
3024
3228
  ]
3025
3229
  });
3230
+ var oauthDeviceCodes = defineTable({
3231
+ name: "oauthDeviceCodes",
3232
+ component: "mc",
3233
+ category: "identity",
3234
+ shape: z.object({
3235
+ "deviceCodeHash": z.string(),
3236
+ "userCode": z.string(),
3237
+ "clientId": z.string(),
3238
+ "scope": z.string(),
3239
+ "status": z.enum(["pending", "approved", "denied", "expired", "consumed"]),
3240
+ "expiresAt": z.number(),
3241
+ "intervalSeconds": z.number(),
3242
+ "lastPolledAt": z.number().optional(),
3243
+ "slowDownCount": z.number().optional(),
3244
+ "clerkUserId": z.string().optional(),
3245
+ "tenantId": idOf("tenants").optional(),
3246
+ "workspaceId": z.string().optional(),
3247
+ "principalId": z.string().optional(),
3248
+ "role": z.string().optional(),
3249
+ "scopes": z.array(z.string()).optional(),
3250
+ "sessionId": z.string().optional(),
3251
+ "approvedAt": z.number().optional(),
3252
+ "deniedAt": z.number().optional(),
3253
+ "consumedAt": z.number().optional(),
3254
+ "createdAt": z.number(),
3255
+ "updatedAt": z.number()
3256
+ }),
3257
+ indices: [
3258
+ { kind: "index", name: "by_deviceCodeHash", columns: ["deviceCodeHash"] },
3259
+ { kind: "index", name: "by_userCode", columns: ["userCode"] },
3260
+ { kind: "index", name: "by_status_expiresAt", columns: ["status", "expiresAt"] },
3261
+ { kind: "index", name: "by_sessionId", columns: ["sessionId"] }
3262
+ ]
3263
+ });
3026
3264
  var servicePrincipalKeys = defineTable({
3027
3265
  name: "servicePrincipalKeys",
3028
3266
  component: "mc",
@@ -4979,7 +5217,9 @@ var workspaces = defineTable({
4979
5217
  "defaultProjectVisibility": z.enum(["private", "team", "firm", "external", "public"]).optional(),
4980
5218
  "deployments": z.record(z.object({
4981
5219
  "url": z.string(),
4982
- "encryptedDeployKey": z.string()
5220
+ "target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
5221
+ "encryptedDeployKey": z.string().optional(),
5222
+ "credentialRef": z.string().optional()
4983
5223
  })).optional(),
4984
5224
  "metadata": z.record(z.any()).optional(),
4985
5225
  "createdBy": z.string().optional(),
@@ -5387,6 +5627,7 @@ var MC_TABLE_CONTRACTS = [
5387
5627
  groupMemberships,
5388
5628
  groups,
5389
5629
  memberships,
5630
+ oauthDeviceCodes,
5390
5631
  principals,
5391
5632
  rateLimitWindows,
5392
5633
  servicePrincipalKeys,
@@ -5554,6 +5795,608 @@ var edgePolicyManifest = {
5554
5795
  }
5555
5796
  ]
5556
5797
  };
5798
+
5799
+ // src/tenant-client.contract.ts
5800
+ var TENANT_CLIENT_CONTRACT_VERSION = "2026-04-27";
5801
+ var TENANT_CLIENT_AUTH_MODES = [
5802
+ "interactive_user",
5803
+ "service_principal",
5804
+ "tenant_api_key",
5805
+ "session_token"
5806
+ ];
5807
+ var TENANT_CLIENT_PRINCIPAL_TYPES = [
5808
+ "human",
5809
+ "service",
5810
+ "agent"
5811
+ ];
5812
+ var TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS = [
5813
+ "tenantId",
5814
+ "workspaceId",
5815
+ "principalId",
5816
+ "authMode",
5817
+ "scopes"
5818
+ ];
5819
+ var TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS = [
5820
+ "principalType",
5821
+ "roles",
5822
+ "sessionId",
5823
+ "delegationChain"
5824
+ ];
5825
+ var TENANT_CLIENT_INSTALL_TOKEN_ENV = "INSTALL_LUCERN_NPM";
5826
+ var TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH = "tenants/shared";
5827
+ var TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS = [
5828
+ "/platform/publish"
5829
+ ];
5830
+ var TENANT_CLIENT_FORBIDDEN_SECRET_ENV = ["NPM_TOKEN"];
5831
+ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
5832
+ {
5833
+ packageName: "@lucern/access-control",
5834
+ role: "sdk_dependency",
5835
+ directTenantImport: false
5836
+ },
5837
+ {
5838
+ packageName: "@lucern/agent",
5839
+ role: "platform_runtime",
5840
+ directTenantImport: false
5841
+ },
5842
+ {
5843
+ packageName: "@lucern/auth",
5844
+ role: "sdk_dependency",
5845
+ directTenantImport: false
5846
+ },
5847
+ {
5848
+ packageName: "@lucern/cli",
5849
+ role: "developer_tool",
5850
+ directTenantImport: false
5851
+ },
5852
+ {
5853
+ packageName: "@lucern/client-core",
5854
+ role: "sdk_dependency",
5855
+ directTenantImport: false
5856
+ },
5857
+ {
5858
+ packageName: "@lucern/confidence",
5859
+ role: "sdk_dependency",
5860
+ directTenantImport: false
5861
+ },
5862
+ {
5863
+ packageName: "@lucern/config",
5864
+ role: "configuration",
5865
+ directTenantImport: false
5866
+ },
5867
+ {
5868
+ packageName: "@lucern/contracts",
5869
+ role: "contract_entrypoint",
5870
+ directTenantImport: true
5871
+ },
5872
+ {
5873
+ packageName: "@lucern/control-plane",
5874
+ role: "platform_runtime",
5875
+ directTenantImport: false
5876
+ },
5877
+ {
5878
+ packageName: "@lucern/developer-kit",
5879
+ role: "developer_tool",
5880
+ directTenantImport: false
5881
+ },
5882
+ {
5883
+ packageName: "@lucern/events",
5884
+ role: "sdk_dependency",
5885
+ directTenantImport: false
5886
+ },
5887
+ {
5888
+ packageName: "@lucern/graph-primitives",
5889
+ role: "sdk_dependency",
5890
+ directTenantImport: false
5891
+ },
5892
+ {
5893
+ packageName: "@lucern/identity",
5894
+ role: "component_runtime",
5895
+ directTenantImport: false
5896
+ },
5897
+ {
5898
+ packageName: "@lucern/mcp",
5899
+ role: "runtime_entrypoint",
5900
+ directTenantImport: true
5901
+ },
5902
+ {
5903
+ packageName: "@lucern/pack-host",
5904
+ role: "platform_runtime",
5905
+ directTenantImport: false
5906
+ },
5907
+ {
5908
+ packageName: "@lucern/pack-installer",
5909
+ role: "developer_tool",
5910
+ directTenantImport: false
5911
+ },
5912
+ {
5913
+ packageName: "@lucern/proof-compiler",
5914
+ role: "developer_tool",
5915
+ directTenantImport: false
5916
+ },
5917
+ {
5918
+ packageName: "@lucern/react",
5919
+ role: "runtime_entrypoint",
5920
+ directTenantImport: true
5921
+ },
5922
+ {
5923
+ packageName: "@lucern/reasoning-kernel",
5924
+ role: "component_runtime",
5925
+ directTenantImport: false
5926
+ },
5927
+ {
5928
+ packageName: "@lucern/sdk",
5929
+ role: "runtime_entrypoint",
5930
+ directTenantImport: true
5931
+ },
5932
+ {
5933
+ packageName: "@lucern/server-core",
5934
+ role: "platform_runtime",
5935
+ directTenantImport: false
5936
+ },
5937
+ {
5938
+ packageName: "@lucern/testing",
5939
+ role: "test_support",
5940
+ directTenantImport: false
5941
+ },
5942
+ {
5943
+ packageName: "@lucern/types",
5944
+ role: "contract_entrypoint",
5945
+ directTenantImport: true
5946
+ }
5947
+ ];
5948
+ var TENANT_CLIENT_PUBLIC_IMPORTS = [
5949
+ {
5950
+ packageName: "@lucern/sdk",
5951
+ surface: "runtime",
5952
+ subpaths: "published_exports",
5953
+ description: "TypeScript SDK runtime and generated operation namespaces."
5954
+ },
5955
+ {
5956
+ packageName: "@lucern/react",
5957
+ surface: "runtime",
5958
+ subpaths: "published_exports",
5959
+ description: "React bindings for tenant-owned UI applications."
5960
+ },
5961
+ {
5962
+ packageName: "@lucern/mcp",
5963
+ surface: "runtime",
5964
+ subpaths: "published_exports",
5965
+ description: "MCP client/server entry points and hosted route helpers."
5966
+ },
5967
+ {
5968
+ packageName: "@lucern/contracts",
5969
+ surface: "contract",
5970
+ subpaths: "published_exports",
5971
+ description: "Published type and manifest contracts."
5972
+ },
5973
+ {
5974
+ packageName: "@lucern/types",
5975
+ surface: "contract",
5976
+ subpaths: "published_exports",
5977
+ description: "Published type-only helpers for tenant integration code."
5978
+ }
5979
+ ];
5980
+ var TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS = [
5981
+ {
5982
+ packageName: "@lucern/identity",
5983
+ importPath: "@lucern/identity/convex.config",
5984
+ surface: "component_config",
5985
+ description: "Convex component binding config for tenant deployments that install Lucern identity."
5986
+ },
5987
+ {
5988
+ packageName: "@lucern/reasoning-kernel",
5989
+ importPath: "@lucern/reasoning-kernel/convex.config",
5990
+ surface: "component_config",
5991
+ description: "Convex component binding config for tenant deployments that install the Lucern reasoning kernel."
5992
+ },
5993
+ {
5994
+ packageName: "@lucern/reasoning-kernel",
5995
+ importPath: "@lucern/reasoning-kernel/runtime.config",
5996
+ surface: "component_config",
5997
+ description: "Runtime config alias for tenant deployments that install the Lucern reasoning kernel."
5998
+ }
5999
+ ];
6000
+ function findTenantClientInstallablePackage(packageName) {
6001
+ return TENANT_CLIENT_INSTALLABLE_PACKAGES.find(
6002
+ (entry) => entry.packageName === packageName
6003
+ );
6004
+ }
6005
+ function isTenantClientInstallablePackage(packageName) {
6006
+ return Boolean(findTenantClientInstallablePackage(packageName));
6007
+ }
6008
+ var TENANT_CLIENT_REQUIRED_SDK_NAMESPACES = [
6009
+ "bootstrap",
6010
+ "context",
6011
+ "beliefs",
6012
+ "evidence",
6013
+ "questions",
6014
+ "graph",
6015
+ "worktrees",
6016
+ "topics",
6017
+ "edges",
6018
+ "contradictions",
6019
+ "contracts",
6020
+ "graphAnalysis",
6021
+ "graphRecommendations",
6022
+ "orgGraphSearch",
6023
+ "embeddings",
6024
+ "ontologyLinks",
6025
+ "graphStateClassifier",
6026
+ "tools",
6027
+ "identity",
6028
+ "modelRuntime",
6029
+ "events",
6030
+ "jobs",
6031
+ "telemetry"
6032
+ ];
6033
+ var TENANT_CLIENT_CAPABILITIES = [
6034
+ {
6035
+ id: "identity.bootstrap_session",
6036
+ description: "Start a scoped Lucern session for a tenant principal.",
6037
+ surfaces: ["@lucern/sdk", "@lucern/mcp"],
6038
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
6039
+ },
6040
+ {
6041
+ id: "reasoning.context.compile",
6042
+ description: "Compile tenant and workspace scoped reasoning context.",
6043
+ surfaces: ["@lucern/sdk", "@lucern/react", "@lucern/mcp"],
6044
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
6045
+ },
6046
+ {
6047
+ id: "reasoning.graph.read",
6048
+ description: "Read beliefs, evidence, questions, topics, and lineage.",
6049
+ surfaces: ["@lucern/sdk", "@lucern/react", "@lucern/mcp"],
6050
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
6051
+ },
6052
+ {
6053
+ id: "reasoning.graph.write",
6054
+ description: "Create and update graph objects through authorized APIs.",
6055
+ surfaces: ["@lucern/sdk", "@lucern/mcp"],
6056
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
6057
+ },
6058
+ {
6059
+ id: "workflow.worktree_lifecycle",
6060
+ description: "Create, review, merge, and close scoped worktrees.",
6061
+ surfaces: ["@lucern/sdk", "@lucern/react", "@lucern/mcp"],
6062
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
6063
+ }
6064
+ ];
6065
+ var TENANT_CLIENT_ISOLATION_RULES = [
6066
+ {
6067
+ id: "tenant_workspace_scope_required",
6068
+ description: "Runtime operations must resolve both tenantId and workspaceId before reaching Lucern reasoning state."
6069
+ },
6070
+ {
6071
+ id: "principal_audit_required",
6072
+ description: "Runtime operations must carry principalId, authMode, and scopes for audit attribution."
6073
+ },
6074
+ {
6075
+ id: "no_private_lucern_imports",
6076
+ description: "Tenant code must not import Lucern source, Convex internals, generated adapters, or unpublished package internals."
6077
+ }
6078
+ ];
6079
+ var TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS = [
6080
+ {
6081
+ id: "deep_src_import",
6082
+ pattern: "^@lucern/[^/]+/src(?:/|$)",
6083
+ description: "Published packages must not be bypassed through src paths."
6084
+ },
6085
+ {
6086
+ id: "deep_dist_import",
6087
+ pattern: "^@lucern/[^/]+/dist(?:/|$)",
6088
+ description: "Published package exports must be used instead of dist file paths."
6089
+ },
6090
+ {
6091
+ id: "generated_adapter_import",
6092
+ pattern: "^@lucern/[^/]+/(?:adapters/)?_generated(?:/|$)",
6093
+ description: "Generated Lucern adapters are internal deployment artifacts."
6094
+ },
6095
+ {
6096
+ id: "private_runtime_import",
6097
+ pattern: "^@lucern/[^/]+/(?:internal|private)(?:/|$)",
6098
+ description: "Internal and private package subpaths are not public SDK API."
6099
+ },
6100
+ {
6101
+ id: "workspace_source_import",
6102
+ pattern: "^(?:packages|modules|services|lucern|apps)/(?:.+/)?src(?:/|$)",
6103
+ description: "Tenant clients must not import source files from the Lucern monorepo."
6104
+ },
6105
+ {
6106
+ id: "root_alias_lucern_import",
6107
+ pattern: "^@/(?:lucern|packages|modules|services|apps)(?:/|$)",
6108
+ description: "Tenant clients must not depend on Lucern repo-local path aliases."
6109
+ },
6110
+ {
6111
+ id: "relative_lucern_source_import",
6112
+ pattern: "^\\.\\.?/(?:.+/)?(?:packages|modules|services|lucern|apps)(?:/|$)",
6113
+ description: "Tenant clients must not reach back into Lucern source through relative paths."
6114
+ },
6115
+ {
6116
+ id: "monorepo_path_import",
6117
+ pattern: "lucern-repo",
6118
+ description: "Absolute imports that name the Lucern repository are not portable tenant code."
6119
+ }
6120
+ ];
6121
+ function matchesPublicImport(importPath) {
6122
+ const componentConfig = TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS.find(
6123
+ (entry) => importPath === entry.importPath
6124
+ );
6125
+ if (componentConfig) {
6126
+ return componentConfig;
6127
+ }
6128
+ return TENANT_CLIENT_PUBLIC_IMPORTS.find(
6129
+ (entry) => importPath === entry.packageName || importPath.startsWith(`${entry.packageName}/`)
6130
+ );
6131
+ }
6132
+ function matchesForbiddenPattern(importPath) {
6133
+ return TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS.find(
6134
+ (entry) => new RegExp(entry.pattern, "u").test(importPath)
6135
+ );
6136
+ }
6137
+ function classifyTenantClientImport(importPath) {
6138
+ const normalizedImportPath = importPath.trim();
6139
+ const pattern = matchesForbiddenPattern(normalizedImportPath);
6140
+ if (pattern) {
6141
+ return {
6142
+ importPath: normalizedImportPath,
6143
+ decision: "forbidden",
6144
+ pattern,
6145
+ reason: pattern.description
6146
+ };
6147
+ }
6148
+ const publicImport = matchesPublicImport(normalizedImportPath);
6149
+ if (publicImport) {
6150
+ return {
6151
+ importPath: normalizedImportPath,
6152
+ decision: "public",
6153
+ publicImport,
6154
+ reason: publicImport.description
6155
+ };
6156
+ }
6157
+ if (normalizedImportPath.startsWith("@lucern/")) {
6158
+ return {
6159
+ importPath: normalizedImportPath,
6160
+ decision: "forbidden",
6161
+ reason: "This @lucern package is not part of the tenant client public surface."
6162
+ };
6163
+ }
6164
+ if (normalizedImportPath.startsWith("./") || normalizedImportPath.startsWith("../")) {
6165
+ return {
6166
+ importPath: normalizedImportPath,
6167
+ decision: "local",
6168
+ reason: "Local tenant-owned import."
6169
+ };
6170
+ }
6171
+ return {
6172
+ importPath: normalizedImportPath,
6173
+ decision: "external",
6174
+ reason: "External dependency outside the Lucern package namespace."
6175
+ };
6176
+ }
6177
+ function isTenantClientPublicImport(importPath) {
6178
+ return classifyTenantClientImport(importPath).decision === "public";
6179
+ }
6180
+ function isTenantClientComponentConfigImport(importPath) {
6181
+ return TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS.some(
6182
+ (entry) => importPath === entry.importPath
6183
+ );
6184
+ }
6185
+ function isTenantClientAllowedImport(importPath) {
6186
+ return classifyTenantClientImport(importPath).decision === "public";
6187
+ }
6188
+ function assertTenantClientImportAllowed(importPath) {
6189
+ const classification = classifyTenantClientImport(importPath);
6190
+ if (classification.decision !== "forbidden") {
6191
+ return;
6192
+ }
6193
+ throw new Error(formatTenantClientImportViolation(classification));
6194
+ }
6195
+ function formatTenantClientImportViolation(classification) {
6196
+ const patternId = classification.pattern ? ` [${classification.pattern.id}]` : "";
6197
+ return `Tenant client import is not allowed${patternId}: ${classification.importPath}. ${classification.reason}`;
6198
+ }
6199
+
6200
+ // src/infisical-runtime.contract.ts
6201
+ var INFISICAL_RUNTIME_CONTRACT_VERSION = "2026-04-28";
6202
+ var INFISICAL_RUNTIME_DEFAULT_API_URL = "https://app.infisical.com";
6203
+ var INFISICAL_RUNTIME_DEFAULT_PROJECT_ID = "344b0526-90df-4606-ba50-22c647a36c65";
6204
+ var INFISICAL_RUNTIME_ENVIRONMENTS = [
6205
+ "dev",
6206
+ "staging",
6207
+ "prod"
6208
+ ];
6209
+ var INFISICAL_RUNTIME_DELIVERY_MODES = [
6210
+ "vercel_sync",
6211
+ "runtime_fetch",
6212
+ "device_auth"
6213
+ ];
6214
+ var INFISICAL_RUNTIME_SURFACE_IDS = [
6215
+ "lucern-web",
6216
+ "lucern-gateway",
6217
+ "lucern-sdk",
6218
+ "lucern-cli",
6219
+ "lucern-mcp",
6220
+ "tenant-client"
6221
+ ];
6222
+ var INFISICAL_RUNTIME_BOOTSTRAP_ENV = {
6223
+ apiUrl: ["INFISICAL_API_URL", "INFISICAL_URL"],
6224
+ projectId: ["INFISICAL_PROJECT_ID", "INFISICAL_WORKSPACE_ID"],
6225
+ clientId: [
6226
+ "INFISICAL_CLIENT_ID",
6227
+ "INFISICAL_MACHINE_CLIENT_ID",
6228
+ "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID"
6229
+ ],
6230
+ clientSecret: [
6231
+ "INFISICAL_CLIENT_SECRET",
6232
+ "INFISICAL_MACHINE_CLIENT_SECRET",
6233
+ "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET"
6234
+ ],
6235
+ environment: ["INFISICAL_ENV", "LUCERN_INFISICAL_ENV"],
6236
+ organizationSlug: ["INFISICAL_ORG_SLUG", "INFISICAL_ORGANIZATION_SLUG"],
6237
+ disabled: ["LUCERN_INFISICAL_DISABLE", "INFISICAL_DISABLE"]
6238
+ };
6239
+ var INFISICAL_RUNTIME_PATHS = [
6240
+ {
6241
+ id: "platform-auth",
6242
+ secretPath: "/platform/auth",
6243
+ description: "Lucern platform authentication secrets. Synced into Vercel web/gateway projects; never distributed to tenant tools.",
6244
+ variables: [
6245
+ {
6246
+ name: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
6247
+ required: true,
6248
+ secret: false,
6249
+ public: true,
6250
+ description: "Clerk publishable key for the Lucern web origin."
6251
+ },
6252
+ {
6253
+ name: "CLERK_SECRET_KEY",
6254
+ required: true,
6255
+ secret: true,
6256
+ public: false,
6257
+ description: "Clerk backend secret key for Lucern server runtimes."
6258
+ },
6259
+ {
6260
+ name: "CLERK_JWT_ISSUER_DOMAIN",
6261
+ required: false,
6262
+ secret: false,
6263
+ public: false,
6264
+ description: "Expected Clerk issuer/JWKS domain for JWT verification."
6265
+ },
6266
+ {
6267
+ name: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
6268
+ required: false,
6269
+ secret: false,
6270
+ public: true,
6271
+ description: "Public sign-in URL for Lucern-owned web flows."
6272
+ },
6273
+ {
6274
+ name: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
6275
+ required: false,
6276
+ secret: false,
6277
+ public: true,
6278
+ description: "Public sign-up URL for Lucern-owned web flows."
6279
+ }
6280
+ ]
6281
+ },
6282
+ {
6283
+ id: "platform-runtime",
6284
+ secretPath: "/platform/runtime",
6285
+ description: "Runtime defaults shared by server-side Lucern clients and operator tooling.",
6286
+ variables: [
6287
+ {
6288
+ name: "LUCERN_API_URL",
6289
+ required: true,
6290
+ secret: false,
6291
+ public: false,
6292
+ aliases: ["LUCERN_API_BASE_URL", "LUCERN_BASE_URL"],
6293
+ description: "Canonical Lucern API gateway URL."
6294
+ },
6295
+ {
6296
+ name: "LUCERN_LOGIN_BASE_URL",
6297
+ required: false,
6298
+ secret: false,
6299
+ public: false,
6300
+ aliases: ["LUCERN_AUTH_BASE_URL"],
6301
+ description: "Browser login origin used when it differs from the API."
6302
+ },
6303
+ {
6304
+ name: "LUCERN_ENVIRONMENT",
6305
+ required: false,
6306
+ secret: false,
6307
+ public: false,
6308
+ aliases: ["LUCERN_ENV"],
6309
+ description: "Lucern environment label consumed by CLI profiles."
6310
+ }
6311
+ ]
6312
+ },
6313
+ {
6314
+ id: "tenant-shared-install",
6315
+ secretPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
6316
+ description: "Tenant package-install secrets. This is install-only and distinct from platform publish credentials.",
6317
+ variables: [
6318
+ {
6319
+ name: "INSTALL_LUCERN_NPM",
6320
+ required: true,
6321
+ secret: true,
6322
+ public: false,
6323
+ description: "Read-only install token for the published @lucern/* suite."
6324
+ }
6325
+ ]
6326
+ }
6327
+ ];
6328
+ var INFISICAL_RUNTIME_SURFACES = [
6329
+ {
6330
+ id: "lucern-web",
6331
+ delivery: "vercel_sync",
6332
+ sourcePathIds: ["platform-auth", "platform-runtime"],
6333
+ consumer: "apps/web on Vercel project lucern",
6334
+ description: "Lucern web consumes Clerk and runtime config via Infisical-to-Vercel syncs."
6335
+ },
6336
+ {
6337
+ id: "lucern-gateway",
6338
+ delivery: "vercel_sync",
6339
+ sourcePathIds: ["platform-auth", "platform-runtime"],
6340
+ consumer: "apps/gateway on Vercel project lucern-gateway",
6341
+ description: "Lucern gateway consumes platform config via Infisical-to-Vercel syncs."
6342
+ },
6343
+ {
6344
+ id: "lucern-sdk",
6345
+ packageName: "@lucern/sdk",
6346
+ delivery: "runtime_fetch",
6347
+ sourcePathIds: ["platform-runtime"],
6348
+ consumer: "server-side SDK operator contexts with a scoped Infisical identity",
6349
+ description: "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials."
6350
+ },
6351
+ {
6352
+ id: "lucern-cli",
6353
+ packageName: "@lucern/cli",
6354
+ delivery: "runtime_fetch",
6355
+ fallback: "device_auth",
6356
+ sourcePathIds: ["platform-runtime"],
6357
+ consumer: "developer/operator CLI processes",
6358
+ description: "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login."
6359
+ },
6360
+ {
6361
+ id: "lucern-mcp",
6362
+ packageName: "@lucern/mcp",
6363
+ delivery: "runtime_fetch",
6364
+ fallback: "device_auth",
6365
+ sourcePathIds: ["platform-runtime"],
6366
+ consumer: "MCP server/client processes",
6367
+ description: "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner."
6368
+ },
6369
+ {
6370
+ id: "tenant-client",
6371
+ delivery: "device_auth",
6372
+ sourcePathIds: ["tenant-shared-install"],
6373
+ consumer: "tenant-owned apps and coding agents",
6374
+ description: "Tenant clients install the published packages and receive user/service credentials through Lucern auth surfaces."
6375
+ }
6376
+ ];
6377
+ function findInfisicalRuntimePath(pathId) {
6378
+ return INFISICAL_RUNTIME_PATHS.find((path) => path.id === pathId);
6379
+ }
6380
+ function findInfisicalRuntimeSurface(surfaceId) {
6381
+ return INFISICAL_RUNTIME_SURFACES.find(
6382
+ (surface) => surface.id === surfaceId
6383
+ );
6384
+ }
6385
+
6386
+ // src/manifests/infisical-runtime-manifest.ts
6387
+ var INFISICAL_RUNTIME_MANIFEST = {
6388
+ manifestVersion: "1.0.0",
6389
+ contractVersion: INFISICAL_RUNTIME_CONTRACT_VERSION,
6390
+ project: {
6391
+ id: INFISICAL_RUNTIME_DEFAULT_PROJECT_ID,
6392
+ apiUrl: INFISICAL_RUNTIME_DEFAULT_API_URL
6393
+ },
6394
+ environments: INFISICAL_RUNTIME_ENVIRONMENTS,
6395
+ deliveryModes: INFISICAL_RUNTIME_DELIVERY_MODES,
6396
+ bootstrapEnv: INFISICAL_RUNTIME_BOOTSTRAP_ENV,
6397
+ paths: INFISICAL_RUNTIME_PATHS,
6398
+ surfaces: INFISICAL_RUNTIME_SURFACES
6399
+ };
5557
6400
  var InvariantManifestSchema = z.object({
5558
6401
  manifestVersion: z.literal("1.0.0"),
5559
6402
  rules: z.array(
@@ -5566,6 +6409,35 @@ var InvariantManifestSchema = z.object({
5566
6409
  )
5567
6410
  });
5568
6411
 
6412
+ // src/manifests/tenant-client-manifest.ts
6413
+ var TENANT_CLIENT_MANIFEST = {
6414
+ manifestVersion: "1.0.0",
6415
+ contractVersion: TENANT_CLIENT_CONTRACT_VERSION,
6416
+ auth: {
6417
+ modes: TENANT_CLIENT_AUTH_MODES,
6418
+ principalTypes: TENANT_CLIENT_PRINCIPAL_TYPES,
6419
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS,
6420
+ optionalContextFields: TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS
6421
+ },
6422
+ installToken: {
6423
+ env: TENANT_CLIENT_INSTALL_TOKEN_ENV,
6424
+ infisicalPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
6425
+ forbiddenInfisicalPaths: TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS,
6426
+ forbiddenSecretEnv: TENANT_CLIENT_FORBIDDEN_SECRET_ENV
6427
+ },
6428
+ packages: {
6429
+ installable: TENANT_CLIENT_INSTALLABLE_PACKAGES,
6430
+ directImports: TENANT_CLIENT_PUBLIC_IMPORTS,
6431
+ componentConfigImports: TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS
6432
+ },
6433
+ sdk: {
6434
+ requiredNamespaces: TENANT_CLIENT_REQUIRED_SDK_NAMESPACES
6435
+ },
6436
+ capabilities: TENANT_CLIENT_CAPABILITIES,
6437
+ isolationRules: TENANT_CLIENT_ISOLATION_RULES,
6438
+ forbiddenImportPatterns: TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS
6439
+ };
6440
+
5569
6441
  // src/projections/projection-dsl.ts
5570
6442
  function defineProjection(def) {
5571
6443
  return def;
@@ -5917,6 +6789,7 @@ __export(tool_contracts_exports, {
5917
6789
  ARCHIVE_BELIEF: () => ARCHIVE_BELIEF,
5918
6790
  ARCHIVE_ONTOLOGY: () => ARCHIVE_ONTOLOGY,
5919
6791
  ARCHIVE_QUESTION: () => ARCHIVE_QUESTION,
6792
+ BEGIN_BUILD_SESSION: () => BEGIN_BUILD_SESSION,
5920
6793
  BISECT_CONFIDENCE: () => BISECT_CONFIDENCE,
5921
6794
  BROADCAST_MESSAGE: () => BROADCAST_MESSAGE,
5922
6795
  CHECK_PERMISSION: () => CHECK_PERMISSION,
@@ -6440,6 +7313,14 @@ var ADD_WORKTREE = {
6440
7313
  description: "Check out a branch into an active worktree for investigation. Like `git worktree add <branch>` \u2014 creates independent working state on a thematic branch. Beliefs committed within the worktree can be freely amended (draft code on a feature branch). When investigation is complete, `merge` integrates findings into main.",
6441
7314
  parameters: {
6442
7315
  title: { type: "string", description: "Worktree name/objective" },
7316
+ name: {
7317
+ type: "string",
7318
+ description: "Optional storage-name alias for callers that already use backend naming"
7319
+ },
7320
+ projectId: {
7321
+ type: "string",
7322
+ description: "Legacy topicId alias"
7323
+ },
6443
7324
  topicId: { type: "string", description: "Optional topic scope hint" },
6444
7325
  branchId: {
6445
7326
  type: "string",
@@ -6453,24 +7334,97 @@ var ADD_WORKTREE = {
6453
7334
  type: "string",
6454
7335
  description: "The testable claim this worktree investigates"
6455
7336
  },
6456
- beliefIds: {
6457
- type: "array",
6458
- description: "Beliefs to test in this worktree"
7337
+ rationale: {
7338
+ type: "string",
7339
+ description: "Why this worktree exists and why it belongs in the campaign"
6459
7340
  },
6460
- autoShape: {
6461
- type: "boolean",
6462
- description: "Whether to invoke inquiry auto-shaping during worktree creation"
7341
+ worktreeType: {
7342
+ type: "string",
7343
+ description: "Schema-enum worktree type used by the kernel lifecycle and retrieval layers"
6463
7344
  },
6464
- domainPackId: {
7345
+ gate: {
6465
7346
  type: "string",
6466
- description: "Optional domain pack whose shaping hooks should influence generated questions and tasks"
7347
+ description: "Exit gate name for this worktree"
6467
7348
  },
6468
- campaign: {
7349
+ startDate: {
6469
7350
  type: "number",
6470
- description: "Top-level pipeline campaign number. Campaigns define the outer execution slice."
7351
+ description: "Planned start timestamp in milliseconds since epoch"
6471
7352
  },
6472
- lane: {
6473
- type: "string",
7353
+ endDate: {
7354
+ type: "number",
7355
+ description: "Planned end timestamp in milliseconds since epoch"
7356
+ },
7357
+ durationWeeks: {
7358
+ type: "number",
7359
+ description: "Planned duration in weeks"
7360
+ },
7361
+ confidenceImpact: {
7362
+ type: "string",
7363
+ description: "Expected confidence impact if the worktree succeeds",
7364
+ enum: ["high", "medium", "low"]
7365
+ },
7366
+ beliefFocus: {
7367
+ type: "string",
7368
+ description: "Natural-language focus spanning the target belief neighborhood"
7369
+ },
7370
+ beliefIds: {
7371
+ type: "array",
7372
+ description: "Legacy alias for targetBeliefIds"
7373
+ },
7374
+ beliefs: {
7375
+ type: "array",
7376
+ description: "Legacy alias for targetBeliefIds"
7377
+ },
7378
+ targetBeliefIds: {
7379
+ type: "array",
7380
+ description: "Belief node IDs this worktree is expected to test or update"
7381
+ },
7382
+ targetQuestionIds: {
7383
+ type: "array",
7384
+ description: "Question node IDs this worktree is expected to answer"
7385
+ },
7386
+ keyQuestions: {
7387
+ type: "array",
7388
+ description: "Inline key question objects with question, optional status, answer, answerConfidence, and linkedQuestionId"
7389
+ },
7390
+ evidenceSignals: {
7391
+ type: "array",
7392
+ description: "Evidence signal objects with signal, optional collected state, progress, and notes"
7393
+ },
7394
+ decisionGate: {
7395
+ type: "object",
7396
+ description: "Decision gate object with goCriteria, noGoSignals, optional verdict, rationale, decidedAt, and decidedBy"
7397
+ },
7398
+ goCriteria: {
7399
+ type: "array",
7400
+ description: "Shorthand go criteria used to build decisionGate"
7401
+ },
7402
+ noGoSignals: {
7403
+ type: "array",
7404
+ description: "Shorthand no-go signals used to build decisionGate"
7405
+ },
7406
+ proofArtifacts: {
7407
+ type: "array",
7408
+ description: "Expected proof artifacts required to close the worktree"
7409
+ },
7410
+ autoShape: {
7411
+ type: "boolean",
7412
+ description: "Whether to invoke inquiry auto-shaping during worktree creation"
7413
+ },
7414
+ autoFixPolicy: {
7415
+ type: "object",
7416
+ description: "Policy for permitted automatic remediation inside the worktree"
7417
+ },
7418
+ domainPackId: {
7419
+ type: "string",
7420
+ description: "Optional domain pack whose shaping hooks should influence generated questions and tasks"
7421
+ },
7422
+ campaign: {
7423
+ type: "number",
7424
+ description: "Top-level pipeline campaign number. Campaigns define the outer execution slice."
7425
+ },
7426
+ lane: {
7427
+ type: "string",
6474
7428
  description: "GitButler-aligned workstream lane name inside the campaign."
6475
7429
  },
6476
7430
  laneOrderInCampaign: {
@@ -6489,9 +7443,17 @@ var ADD_WORKTREE = {
6489
7443
  type: "array",
6490
7444
  description: "Worktree IDs blocked by this worktree"
6491
7445
  },
6492
- gate: {
7446
+ staffingHint: {
6493
7447
  type: "string",
6494
- description: "Exit gate name for this worktree"
7448
+ description: "Suggested staffing or agent allocation note"
7449
+ },
7450
+ lensId: {
7451
+ type: "string",
7452
+ description: "Lens that scopes this worktree when applicable"
7453
+ },
7454
+ lastReconciledAt: {
7455
+ type: "number",
7456
+ description: "Timestamp when worktree metadata was last reconciled"
6495
7457
  }
6496
7458
  },
6497
7459
  required: ["title", "topicId"],
@@ -6521,7 +7483,7 @@ var MERGE = {
6521
7483
  worktreeId: { type: "string", description: "The worktree to merge" },
6522
7484
  outcomes: {
6523
7485
  type: "array",
6524
- description: "Scoring outcomes for each belief: { beliefId, confidence, rationale }"
7486
+ description: "Merge outcomes as key-finding strings, or scoring outcomes for beliefs: { beliefId, confidence, rationale }"
6525
7487
  },
6526
7488
  summary: { type: "string", description: "Overall findings summary" }
6527
7489
  },
@@ -9540,6 +10502,69 @@ var GENERATE_SESSION_HANDOFF = {
9540
10502
  tier: "showcase",
9541
10503
  internal: true
9542
10504
  };
10505
+ var BEGIN_BUILD_SESSION = {
10506
+ name: "begin_build_session",
10507
+ description: "Bootstrap a coding build session for a Lucern worktree. Like `git worktree add` plus `git status` \u2014 returns the compact context packet an agent needs before editing.",
10508
+ parameters: {
10509
+ worktreeId: {
10510
+ type: "string",
10511
+ description: "The Lucern worktree ID to bootstrap."
10512
+ },
10513
+ branch: {
10514
+ type: "string",
10515
+ description: "Optional git branch name. Auto-generated from the worktree name when omitted."
10516
+ },
10517
+ branchBase: {
10518
+ type: "string",
10519
+ description: 'Base branch for the feature branch. Default: "staging".'
10520
+ },
10521
+ prBase: {
10522
+ type: "string",
10523
+ description: 'Target branch for the PR. Default: "staging".'
10524
+ },
10525
+ sessionMode: {
10526
+ type: "string",
10527
+ description: 'Session mode: "async" for Codex/headless or "interactive" for live sessions.',
10528
+ enum: ["async", "interactive"]
10529
+ },
10530
+ activateIfPlanning: {
10531
+ type: "boolean",
10532
+ description: "When true, automatically activate a planning worktree during bootstrap."
10533
+ }
10534
+ },
10535
+ required: ["worktreeId"],
10536
+ response: {
10537
+ description: "A compact build-session packet with worktree metadata, graph anchors, questions, dependencies, and git defaults.",
10538
+ fields: {
10539
+ topicId: "string \u2014 canonical topic scope",
10540
+ topicName: "string \u2014 human-readable topic name",
10541
+ worktreeId: "string \u2014 worktree ID",
10542
+ worktreeName: "string \u2014 human-readable worktree name",
10543
+ branch: "string \u2014 git branch name",
10544
+ branchBase: "string \u2014 base branch",
10545
+ prBase: "string \u2014 PR target branch",
10546
+ campaign: "number | null \u2014 top-level pipeline campaign",
10547
+ lane: "string \u2014 campaign lane",
10548
+ gate: "string \u2014 exit gate",
10549
+ hypothesis: "string \u2014 worktree hypothesis",
10550
+ focus: "string \u2014 session focus",
10551
+ status: "string \u2014 worktree status after optional activation",
10552
+ sessionMode: "string \u2014 async | interactive",
10553
+ targetBeliefIds: "array \u2014 scoped belief IDs",
10554
+ targetQuestionIds: "array \u2014 scoped question IDs",
10555
+ topBeliefs: "array \u2014 highest-confidence scoped beliefs",
10556
+ openQuestions: "array \u2014 open scoped questions",
10557
+ resolvedDecisions: "array \u2014 answered questions summarized for the session",
10558
+ dependencies: "array \u2014 upstream worktrees",
10559
+ unblocks: "array \u2014 downstream worktrees",
10560
+ mergeOrderNotes: "string \u2014 merge ordering advisory"
10561
+ }
10562
+ },
10563
+ ownerModule: "bootstrap",
10564
+ ontologyPrimitive: "worktree",
10565
+ tier: "showcase",
10566
+ internal: true
10567
+ };
9543
10568
  var MCP_TOOL_CONTRACTS = {
9544
10569
  // Belief lifecycle (commit, amend, fork, archive)
9545
10570
  create_belief: CREATE_BELIEF,
@@ -9633,6 +10658,7 @@ var MCP_TOOL_CONTRACTS = {
9633
10658
  get_agent_inbox: GET_AGENT_INBOX,
9634
10659
  claim_files: CLAIM_FILES,
9635
10660
  generate_session_handoff: GENERATE_SESSION_HANDOFF,
10661
+ begin_build_session: BEGIN_BUILD_SESSION,
9636
10662
  // Policy / ACL (workhorse)
9637
10663
  check_permission: CHECK_PERMISSION,
9638
10664
  filter_by_permission: FILTER_BY_PERMISSION,
@@ -11300,6 +12326,950 @@ function validateSdkGitSemantics(tool) {
11300
12326
  return { valid: true };
11301
12327
  }
11302
12328
 
12329
+ // src/tenant-bootstrap-seed.contract.ts
12330
+ var TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION = "2026-04-30";
12331
+ var TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS = [
12332
+ "tenantId",
12333
+ "workspaceId",
12334
+ "principalId",
12335
+ "role",
12336
+ "authMode",
12337
+ "correlationId",
12338
+ "auditMetadata"
12339
+ ];
12340
+ var TENANT_BOOTSTRAP_SEED_COMPONENTS = {
12341
+ kernel: {
12342
+ componentName: "lucern",
12343
+ templateService: "services/kernel-template",
12344
+ templateDeployments: {
12345
+ staging: "charming-okapi-787",
12346
+ prod: "brilliant-narwhal-889"
12347
+ }
12348
+ },
12349
+ identity: {
12350
+ componentName: "identity",
12351
+ templateService: "services/identity-template",
12352
+ templateDeployments: {
12353
+ staging: "charming-goldfinch-895",
12354
+ prod: "helpful-mule-694"
12355
+ }
12356
+ }
12357
+ };
12358
+ function isCopyableSeedRequirement(entry) {
12359
+ return (entry.copyMode === "template_global" || entry.copyMode === "template_tenant_rewrite" || entry.copyMode === "template_reference_remap") && Boolean(entry.scope) && Array.isArray(entry.uniqueKey) && entry.uniqueKey.length > 0;
12360
+ }
12361
+ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
12362
+ {
12363
+ component: "kernel",
12364
+ table: "agentMessages",
12365
+ prepopulation: "runtime_data",
12366
+ copyMode: "none",
12367
+ description: "Agent coordination messages are session data, not template data."
12368
+ },
12369
+ {
12370
+ component: "kernel",
12371
+ table: "agentSessions",
12372
+ prepopulation: "runtime_data",
12373
+ copyMode: "none",
12374
+ description: "Agent coordination sessions are created by active clients."
12375
+ },
12376
+ {
12377
+ component: "kernel",
12378
+ table: "autofixJobs",
12379
+ prepopulation: "runtime_queue",
12380
+ copyMode: "none",
12381
+ description: "Autofix work items are runtime queue rows."
12382
+ },
12383
+ {
12384
+ component: "kernel",
12385
+ table: "backgroundJobRuns",
12386
+ prepopulation: "runtime_log",
12387
+ copyMode: "none",
12388
+ description: "Background job executions are runtime logs."
12389
+ },
12390
+ {
12391
+ component: "kernel",
12392
+ table: "backgroundJobSettings",
12393
+ prepopulation: "required_template",
12394
+ copyMode: "template_global",
12395
+ scope: "global",
12396
+ uniqueKey: ["jobKey"],
12397
+ description: "Default job enablement settings must come from the K template."
12398
+ },
12399
+ {
12400
+ component: "kernel",
12401
+ table: "beliefConfidence",
12402
+ prepopulation: "runtime_data",
12403
+ copyMode: "none",
12404
+ description: "Belief confidence rows are created with tenant graph facts."
12405
+ },
12406
+ {
12407
+ component: "kernel",
12408
+ table: "beliefEvidenceLinks",
12409
+ prepopulation: "runtime_data",
12410
+ copyMode: "none",
12411
+ description: "Belief-to-evidence links are tenant graph data."
12412
+ },
12413
+ {
12414
+ component: "kernel",
12415
+ table: "beliefHistory",
12416
+ prepopulation: "runtime_data",
12417
+ copyMode: "none",
12418
+ description: "Belief history is append-only tenant graph data."
12419
+ },
12420
+ {
12421
+ component: "kernel",
12422
+ table: "beliefScenarios",
12423
+ prepopulation: "runtime_data",
12424
+ copyMode: "none",
12425
+ description: "Scenario rows are tenant-authored reasoning data."
12426
+ },
12427
+ {
12428
+ component: "kernel",
12429
+ table: "beliefVotes",
12430
+ prepopulation: "runtime_data",
12431
+ copyMode: "none",
12432
+ description: "Decision belief votes are tenant-authored data."
12433
+ },
12434
+ {
12435
+ component: "kernel",
12436
+ table: "calibrationScores",
12437
+ prepopulation: "runtime_derived",
12438
+ copyMode: "none",
12439
+ description: "Calibration scores are computed from tenant outcomes."
12440
+ },
12441
+ {
12442
+ component: "kernel",
12443
+ table: "contractEvaluations",
12444
+ prepopulation: "runtime_log",
12445
+ copyMode: "none",
12446
+ description: "Contract evaluation rows are runtime computation logs."
12447
+ },
12448
+ {
12449
+ component: "kernel",
12450
+ table: "contradictions",
12451
+ prepopulation: "runtime_data",
12452
+ copyMode: "none",
12453
+ description: "Contradictions are tenant graph facts."
12454
+ },
12455
+ {
12456
+ component: "kernel",
12457
+ table: "crossProjectConnections",
12458
+ prepopulation: "runtime_data",
12459
+ copyMode: "none",
12460
+ description: "Cross-topic connections are tenant graph facts."
12461
+ },
12462
+ {
12463
+ component: "kernel",
12464
+ table: "decisionComputedSummaries",
12465
+ prepopulation: "runtime_derived",
12466
+ copyMode: "none",
12467
+ description: "Decision summaries are derived tenant outputs."
12468
+ },
12469
+ {
12470
+ component: "kernel",
12471
+ table: "decisionEvents",
12472
+ prepopulation: "runtime_data",
12473
+ copyMode: "none",
12474
+ description: "Decision events are lifecycle data."
12475
+ },
12476
+ {
12477
+ component: "kernel",
12478
+ table: "decisionParticipants",
12479
+ prepopulation: "runtime_data",
12480
+ copyMode: "none",
12481
+ description: "Decision participants are tenant-selected actors."
12482
+ },
12483
+ {
12484
+ component: "kernel",
12485
+ table: "decisionRiskLedger",
12486
+ prepopulation: "runtime_data",
12487
+ copyMode: "none",
12488
+ description: "Decision risk rows are tenant decision data."
12489
+ },
12490
+ {
12491
+ component: "kernel",
12492
+ table: "decisionSnapshots",
12493
+ prepopulation: "runtime_derived",
12494
+ copyMode: "none",
12495
+ description: "Decision snapshots are derived from tenant state."
12496
+ },
12497
+ {
12498
+ component: "kernel",
12499
+ table: "deliberationContributions",
12500
+ prepopulation: "runtime_data",
12501
+ copyMode: "none",
12502
+ description: "Deliberation contributions are tenant-authored data."
12503
+ },
12504
+ {
12505
+ component: "kernel",
12506
+ table: "deliberationSessions",
12507
+ prepopulation: "runtime_data",
12508
+ copyMode: "none",
12509
+ description: "Deliberation sessions are created by tenant workflows."
12510
+ },
12511
+ {
12512
+ component: "kernel",
12513
+ table: "epistemicAudit",
12514
+ prepopulation: "runtime_log",
12515
+ copyMode: "none",
12516
+ description: "Epistemic audit rows are append-only runtime audit data."
12517
+ },
12518
+ {
12519
+ component: "kernel",
12520
+ table: "epistemicContracts",
12521
+ prepopulation: "runtime_data",
12522
+ copyMode: "none",
12523
+ description: "Epistemic contracts are tenant-authored governance data."
12524
+ },
12525
+ {
12526
+ component: "kernel",
12527
+ table: "epistemicEdges",
12528
+ prepopulation: "runtime_data",
12529
+ copyMode: "none",
12530
+ description: "Edges are tenant reasoning graph data."
12531
+ },
12532
+ {
12533
+ component: "kernel",
12534
+ table: "epistemicNodeEmbeddings",
12535
+ prepopulation: "runtime_derived",
12536
+ copyMode: "none",
12537
+ description: "Embeddings are derived from tenant graph nodes."
12538
+ },
12539
+ {
12540
+ component: "kernel",
12541
+ table: "epistemicNodes",
12542
+ prepopulation: "runtime_data",
12543
+ copyMode: "none",
12544
+ description: "Nodes are tenant reasoning graph data."
12545
+ },
12546
+ {
12547
+ component: "kernel",
12548
+ table: "graphAnalysisCache",
12549
+ prepopulation: "runtime_derived",
12550
+ copyMode: "none",
12551
+ description: "Graph analysis cache rows are derived from tenant graph state."
12552
+ },
12553
+ {
12554
+ component: "kernel",
12555
+ table: "graphAnalysisResults",
12556
+ prepopulation: "runtime_derived",
12557
+ copyMode: "none",
12558
+ description: "Graph analysis result rows are derived tenant outputs."
12559
+ },
12560
+ {
12561
+ component: "kernel",
12562
+ table: "graphSuggestions",
12563
+ prepopulation: "runtime_derived",
12564
+ copyMode: "none",
12565
+ description: "Graph suggestions are derived recommendations."
12566
+ },
12567
+ {
12568
+ component: "kernel",
12569
+ table: "harnessReplays",
12570
+ prepopulation: "runtime_log",
12571
+ copyMode: "none",
12572
+ description: "Harness replay rows are runtime verification logs."
12573
+ },
12574
+ {
12575
+ component: "kernel",
12576
+ table: "harnessRuns",
12577
+ prepopulation: "runtime_log",
12578
+ copyMode: "none",
12579
+ description: "Harness run rows are runtime verification logs."
12580
+ },
12581
+ {
12582
+ component: "kernel",
12583
+ table: "idempotencyTokens",
12584
+ prepopulation: "runtime_log",
12585
+ copyMode: "none",
12586
+ description: "Idempotency tokens are request-scoped runtime guards."
12587
+ },
12588
+ {
12589
+ component: "kernel",
12590
+ table: "lenses",
12591
+ prepopulation: "optional_template",
12592
+ copyMode: "none",
12593
+ description: "Reusable lens templates may live in K templates, but workspace-specific copies are not required for core SDK boot."
12594
+ },
12595
+ {
12596
+ component: "kernel",
12597
+ table: "lensTopicBindings",
12598
+ prepopulation: "runtime_data",
12599
+ copyMode: "none",
12600
+ description: "Lens bindings attach runtime topics to runtime/workspace lenses."
12601
+ },
12602
+ {
12603
+ component: "kernel",
12604
+ table: "neo4jSyncQueue",
12605
+ prepopulation: "runtime_queue",
12606
+ copyMode: "none",
12607
+ description: "Neo4j sync queue rows are runtime work items."
12608
+ },
12609
+ {
12610
+ component: "kernel",
12611
+ table: "ontologyDefinitions",
12612
+ prepopulation: "required_template",
12613
+ copyMode: "template_global",
12614
+ scope: "global",
12615
+ uniqueKey: ["ontologyKey"],
12616
+ description: "Platform ontology definitions power taxonomy reads and effective ontology resolution."
12617
+ },
12618
+ {
12619
+ component: "kernel",
12620
+ table: "ontologyVersions",
12621
+ prepopulation: "required_template",
12622
+ copyMode: "template_reference_remap",
12623
+ scope: "global",
12624
+ uniqueKey: ["ontologyKey", "version"],
12625
+ dependsOn: ["ontologyDefinitions"],
12626
+ description: "Ontology versions must be copied with ontologyDefinition ID remapping."
12627
+ },
12628
+ {
12629
+ component: "kernel",
12630
+ table: "platformAgentRunPolicyDecisions",
12631
+ prepopulation: "runtime_log",
12632
+ copyMode: "none",
12633
+ description: "Agent-run policy decisions are audit logs."
12634
+ },
12635
+ {
12636
+ component: "kernel",
12637
+ table: "platformAgentRunPromptResolutions",
12638
+ prepopulation: "runtime_log",
12639
+ copyMode: "none",
12640
+ description: "Agent-run prompt resolution rows are runtime logs."
12641
+ },
12642
+ {
12643
+ component: "kernel",
12644
+ table: "platformAgentRuns",
12645
+ prepopulation: "runtime_log",
12646
+ copyMode: "none",
12647
+ description: "Agent runs are runtime execution records."
12648
+ },
12649
+ {
12650
+ component: "kernel",
12651
+ table: "platformAgentRunToolCalls",
12652
+ prepopulation: "runtime_log",
12653
+ copyMode: "none",
12654
+ description: "Agent-run tool calls are runtime execution records."
12655
+ },
12656
+ {
12657
+ component: "kernel",
12658
+ table: "platformHarnessShadowAudit",
12659
+ prepopulation: "runtime_log",
12660
+ copyMode: "none",
12661
+ description: "Harness shadow audit rows are runtime audit records."
12662
+ },
12663
+ {
12664
+ component: "kernel",
12665
+ table: "publicationRules",
12666
+ prepopulation: "required_template",
12667
+ copyMode: "template_tenant_rewrite",
12668
+ scope: "tenant",
12669
+ uniqueKey: ["tenantId", "workspaceId", "name"],
12670
+ description: "Default publication policy rules are rewritten into each tenant."
12671
+ },
12672
+ {
12673
+ component: "kernel",
12674
+ table: "questionEvidenceLinks",
12675
+ prepopulation: "runtime_data",
12676
+ copyMode: "none",
12677
+ description: "Question-to-evidence links are tenant graph data."
12678
+ },
12679
+ {
12680
+ component: "kernel",
12681
+ table: "researchJobs",
12682
+ prepopulation: "runtime_queue",
12683
+ copyMode: "none",
12684
+ description: "Research job rows are runtime queue items."
12685
+ },
12686
+ {
12687
+ component: "kernel",
12688
+ table: "schemaEnumConfig",
12689
+ prepopulation: "required_template",
12690
+ copyMode: "template_global",
12691
+ scope: "global",
12692
+ uniqueKey: ["category", "value"],
12693
+ description: "Runtime-extensible enum defaults required by SDK graph APIs."
12694
+ },
12695
+ {
12696
+ component: "kernel",
12697
+ table: "stakeholderGroups",
12698
+ prepopulation: "runtime_data",
12699
+ copyMode: "none",
12700
+ description: "Stakeholder groups are tenant decision data."
12701
+ },
12702
+ {
12703
+ component: "kernel",
12704
+ table: "systemLogs",
12705
+ prepopulation: "runtime_log",
12706
+ copyMode: "none",
12707
+ description: "System logs are runtime telemetry."
12708
+ },
12709
+ {
12710
+ component: "kernel",
12711
+ table: "tasks",
12712
+ prepopulation: "runtime_data",
12713
+ copyMode: "none",
12714
+ description: "Tasks are tenant-authored work items."
12715
+ },
12716
+ {
12717
+ component: "kernel",
12718
+ table: "topics",
12719
+ prepopulation: "runtime_bootstrap",
12720
+ copyMode: "none",
12721
+ description: "Default topics are created by tenant provisioning, not copied from templates."
12722
+ },
12723
+ {
12724
+ component: "kernel",
12725
+ table: "workflowDefinitions",
12726
+ prepopulation: "optional_template",
12727
+ copyMode: "none",
12728
+ description: "Table-driven workflow definitions can be template data after the workflow engine leaves legacy mode."
12729
+ },
12730
+ {
12731
+ component: "kernel",
12732
+ table: "workflowPullRequests",
12733
+ prepopulation: "runtime_data",
12734
+ copyMode: "none",
12735
+ description: "Workflow pull requests are tenant workflow data."
12736
+ },
12737
+ {
12738
+ component: "kernel",
12739
+ table: "workflowStages",
12740
+ prepopulation: "optional_template",
12741
+ copyMode: "none",
12742
+ dependsOn: ["workflowDefinitions"],
12743
+ description: "Workflow stages can be template data after workflowDefinitions are enabled for bootstrap copying."
12744
+ },
12745
+ {
12746
+ component: "kernel",
12747
+ table: "worktreeBeliefCluster",
12748
+ prepopulation: "runtime_data",
12749
+ copyMode: "none",
12750
+ description: "Worktree cluster rows link runtime worktrees to runtime beliefs."
12751
+ },
12752
+ {
12753
+ component: "kernel",
12754
+ table: "worktrees",
12755
+ prepopulation: "runtime_data",
12756
+ copyMode: "none",
12757
+ description: "Worktrees are tenant/runtime planning data."
12758
+ },
12759
+ {
12760
+ component: "identity",
12761
+ table: "agents",
12762
+ prepopulation: "runtime_bootstrap",
12763
+ copyMode: "none",
12764
+ description: "Service agents are provisioned per tenant or service, not copied."
12765
+ },
12766
+ {
12767
+ component: "identity",
12768
+ table: "mcpWritePolicy",
12769
+ prepopulation: "required_template",
12770
+ copyMode: "template_global",
12771
+ scope: "global",
12772
+ uniqueKey: ["topicId", "role", "toolCategory"],
12773
+ description: "Global write policy defaults govern service and interactive MCP writes."
12774
+ },
12775
+ {
12776
+ component: "identity",
12777
+ table: "modelCallLogs",
12778
+ prepopulation: "runtime_log",
12779
+ copyMode: "none",
12780
+ description: "Model call logs are runtime telemetry."
12781
+ },
12782
+ {
12783
+ component: "identity",
12784
+ table: "modelFunctionSlots",
12785
+ prepopulation: "required_template",
12786
+ copyMode: "template_global",
12787
+ scope: "global",
12788
+ uniqueKey: ["slot"],
12789
+ description: "Function-to-model slots are required by model runtime resolution."
12790
+ },
12791
+ {
12792
+ component: "identity",
12793
+ table: "modelRegistry",
12794
+ prepopulation: "required_template",
12795
+ copyMode: "template_global",
12796
+ scope: "global",
12797
+ uniqueKey: ["key"],
12798
+ description: "Model catalog defaults are required by model runtime clients."
12799
+ },
12800
+ {
12801
+ component: "identity",
12802
+ table: "modelSlotConfigs",
12803
+ prepopulation: "required_template",
12804
+ copyMode: "template_global",
12805
+ scope: "global",
12806
+ uniqueKey: ["slot"],
12807
+ description: "Slot-level defaults are required before tenant overrides exist."
12808
+ },
12809
+ {
12810
+ component: "identity",
12811
+ table: "platformAudienceGrants",
12812
+ prepopulation: "runtime_data",
12813
+ copyMode: "none",
12814
+ description: "Audience grants are principal/group-specific access rows."
12815
+ },
12816
+ {
12817
+ component: "identity",
12818
+ table: "platformAudiences",
12819
+ prepopulation: "required_template",
12820
+ copyMode: "template_tenant_rewrite",
12821
+ scope: "tenant",
12822
+ uniqueKey: ["tenantId", "workspaceId", "audienceKey"],
12823
+ description: "Default tenant audience taxonomy rows are rewritten into each tenant."
12824
+ },
12825
+ {
12826
+ component: "identity",
12827
+ table: "platformPolicyDecisionLogs",
12828
+ prepopulation: "runtime_log",
12829
+ copyMode: "none",
12830
+ description: "Policy decisions are runtime audit logs."
12831
+ },
12832
+ {
12833
+ component: "identity",
12834
+ table: "projectGrants",
12835
+ prepopulation: "runtime_data",
12836
+ copyMode: "none",
12837
+ description: "Project/topic grants are principal or group-specific access rows."
12838
+ },
12839
+ {
12840
+ component: "identity",
12841
+ table: "reasoningPermissions",
12842
+ prepopulation: "runtime_data",
12843
+ copyMode: "none",
12844
+ description: "Reasoning permissions are principal-specific policy rows."
12845
+ },
12846
+ {
12847
+ component: "identity",
12848
+ table: "tenantApiKeys",
12849
+ prepopulation: "runtime_secret",
12850
+ copyMode: "none",
12851
+ description: "API keys are tenant credentials and must never be copied."
12852
+ },
12853
+ {
12854
+ component: "identity",
12855
+ table: "tenantConfig",
12856
+ prepopulation: "required_template",
12857
+ copyMode: "template_tenant_rewrite",
12858
+ scope: "tenant",
12859
+ uniqueKey: ["tenantId"],
12860
+ description: "Tenant-local config defaults are rewritten during bootstrap."
12861
+ },
12862
+ {
12863
+ component: "identity",
12864
+ table: "tenantIntegrations",
12865
+ prepopulation: "required_template",
12866
+ copyMode: "template_tenant_rewrite",
12867
+ scope: "tenant",
12868
+ uniqueKey: ["tenantId", "integrationKey"],
12869
+ description: "Non-secret integration descriptors are rewritten into each tenant."
12870
+ },
12871
+ {
12872
+ component: "identity",
12873
+ table: "tenantModelSlotBindings",
12874
+ prepopulation: "runtime_secret",
12875
+ copyMode: "none",
12876
+ description: "Tenant model slot bindings reference provider secrets and are runtime-only."
12877
+ },
12878
+ {
12879
+ component: "identity",
12880
+ table: "tenantPolicies",
12881
+ prepopulation: "required_template",
12882
+ copyMode: "template_tenant_rewrite",
12883
+ scope: "tenant",
12884
+ uniqueKey: ["tenantId", "workspaceId", "roleName"],
12885
+ description: "Default tenant policy roles are rewritten during bootstrap."
12886
+ },
12887
+ {
12888
+ component: "identity",
12889
+ table: "tenantProviderSecrets",
12890
+ prepopulation: "runtime_secret",
12891
+ copyMode: "none",
12892
+ description: "Provider secrets are credentials and must never be copied."
12893
+ },
12894
+ {
12895
+ component: "identity",
12896
+ table: "tenantProxyGatewayUsage",
12897
+ prepopulation: "runtime_log",
12898
+ copyMode: "none",
12899
+ description: "Proxy gateway usage rows are runtime telemetry."
12900
+ },
12901
+ {
12902
+ component: "identity",
12903
+ table: "tenantProxyTokenMints",
12904
+ prepopulation: "runtime_secret",
12905
+ copyMode: "none",
12906
+ description: "Proxy token mints are ephemeral secret-bearing runtime rows."
12907
+ },
12908
+ {
12909
+ component: "identity",
12910
+ table: "tenantSandboxAuditEvents",
12911
+ prepopulation: "runtime_log",
12912
+ copyMode: "none",
12913
+ description: "Sandbox audit rows are runtime security logs."
12914
+ },
12915
+ {
12916
+ component: "identity",
12917
+ table: "tenantSecrets",
12918
+ prepopulation: "runtime_secret",
12919
+ copyMode: "none",
12920
+ description: "Tenant secrets are credentials and must never be copied."
12921
+ },
12922
+ {
12923
+ component: "identity",
12924
+ table: "toolAcls",
12925
+ prepopulation: "required_template",
12926
+ copyMode: "template_global",
12927
+ scope: "global",
12928
+ uniqueKey: ["role", "toolName"],
12929
+ description: "Default role-to-tool grants are required for SDK/MCP tool access."
12930
+ },
12931
+ {
12932
+ component: "identity",
12933
+ table: "toolRegistry",
12934
+ prepopulation: "required_template",
12935
+ copyMode: "template_global",
12936
+ scope: "global",
12937
+ uniqueKey: ["toolName"],
12938
+ description: "Core tool catalog rows are required before pack or tenant tools exist."
12939
+ },
12940
+ {
12941
+ component: "identity",
12942
+ table: "users",
12943
+ prepopulation: "runtime_bootstrap",
12944
+ copyMode: "none",
12945
+ description: "Users are created from Clerk/MC principal resolution, not copied."
12946
+ }
12947
+ ];
12948
+ var TENANT_BOOTSTRAP_SEED_TABLES = TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(
12949
+ isCopyableSeedRequirement
12950
+ );
12951
+ var TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES = TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(
12952
+ (entry) => !isCopyableSeedRequirement(entry)
12953
+ ).map((entry) => entry.table);
12954
+ var TENANT_BOOTSTRAP_SEED_MANIFEST = {
12955
+ contractVersion: TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION,
12956
+ authMetadataFields: TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS,
12957
+ components: TENANT_BOOTSTRAP_SEED_COMPONENTS,
12958
+ tableRequirements: TENANT_BOOTSTRAP_TABLE_REQUIREMENTS,
12959
+ tables: TENANT_BOOTSTRAP_SEED_TABLES,
12960
+ forbiddenTables: TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES
12961
+ };
12962
+ function findTenantBootstrapTableRequirement(table) {
12963
+ return TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.find(
12964
+ (entry) => entry.table === table
12965
+ );
12966
+ }
12967
+ function findTenantBootstrapSeedTable(table) {
12968
+ return TENANT_BOOTSTRAP_SEED_TABLES.find((entry) => entry.table === table);
12969
+ }
12970
+ function isTenantBootstrapSeedTable(table) {
12971
+ return Boolean(findTenantBootstrapSeedTable(table));
12972
+ }
12973
+ function isTenantBootstrapForbiddenSeedTable(table) {
12974
+ return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some((entry) => entry === table);
12975
+ }
12976
+ var TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION = "2026-04-30.1";
12977
+ var TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID = "tenant_template";
12978
+ var TENANT_BOOTSTRAP_TEMPLATE_ACTOR = "system:lucern-template-seed";
12979
+ var DEFAULT_SEED_TIME = Date.UTC(2026, 3, 30);
12980
+ var ROLE_GRANTS = {
12981
+ viewer: ["viewer", "auditor", "editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
12982
+ auditor: ["auditor", "tenant_admin", "platform_admin", "service_agent"],
12983
+ editor: ["editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
12984
+ workspace_admin: ["workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
12985
+ tenant_admin: ["tenant_admin", "platform_admin", "service_agent"],
12986
+ platform_admin: ["platform_admin", "service_agent"],
12987
+ service_agent: ["service_agent"]
12988
+ };
12989
+ var ENUM_VALUES = {
12990
+ topic_type: ["domain", "theme", "deal", "strategy", "constitution", "project", "portfolio", "architecture", "capability", "runtime", "interface", "governance", "operations", "security", "data"],
12991
+ branch_schema: ["pillar", "track", "dimension", "axis", "phase"],
12992
+ belief_type: ["belief", "hypothesis", "principle", "invariant", "assumption", "tenet", "prior", "preference", "goal", "forecast", "decision", "constraint", "tradeoff", "policy", "implementation_choice", "implementation_decision", "interface_contract", "migration_state", "code_pattern", "deprecation_notice"],
12993
+ edge_type: ["supports", "informs", "depends_on", "derived_from", "contains", "tests", "supersedes", "responds_to", "belongs_to", "relates_to_thesis", "works_at", "invested_in", "competes_with", "participates_in", "founded_by", "evaluates", "performs", "function_in", "impacts", "raised_from", "mentioned_in", "perspective_on", "plays_theme"],
12994
+ worktree_type: ["belief_test", "lens", "existential", "contradiction", "refinement", "coverage", "discovery", "clarification", "confirmation"],
12995
+ worktree_phase: ["cluster_mapping", "hypothesis_formation", "question_generation", "evidence_collection", "synthesis", "decision", "retrospective"],
12996
+ activity_type: ["create", "update", "review", "merge", "archive", "comment", "status_change", "evidence_added", "question_added"],
12997
+ lens_perspective_type: ["investigation", "monitoring", "analysis", "comparison", "taxonomy"],
12998
+ node_type: ["belief", "question", "theme", "deal", "evidence", "claim", "synthesis", "source", "excerpt", "atomic_fact", "person", "company", "investor", "value_chain", "function", "decision"]
12999
+ };
13000
+ var MODEL_REGISTRY = [
13001
+ ["claude-sonnet-4", "Claude Sonnet 4", "claude-sonnet-4-20250514", "anthropic", 2e5, 64e3, 1, 3, 15],
13002
+ ["claude-sonnet-4.5", "Claude Sonnet 4.5", "claude-sonnet-4-5-20250929", "anthropic", 2e5, 64e3, 1, 3, 15],
13003
+ ["claude-opus-4", "Claude Opus 4", "claude-opus-4-20250514", "anthropic", 2e5, 32e3, 1, 15, 75],
13004
+ ["gpt-4o", "GPT-4o", "gpt-4o", "openai", 128e3, 16e3, 0.7, 5, 15],
13005
+ ["gpt-4o-mini", "GPT-4o Mini", "gpt-4o-mini", "openai", 128e3, 16e3, 0.7, 0.15, 0.6],
13006
+ ["gemini-2.5-pro", "Gemini 2.5 Pro", "gemini-2.5-pro", "google", 1e6, 32e3, 0.7, 1.25, 10],
13007
+ ["sonar-pro", "Sonar Pro", "sonar-pro", "perplexity", 128e3, 8e3, 0.3, 3, 15]
13008
+ ];
13009
+ var MODEL_SLOTS = [
13010
+ ["primer_default", "primers", "Default primer generation for general topics", "claude-sonnet-4", "agents/primer/system", 1, 4e3, ["text_generation", "reasoning"]],
13011
+ ["primer_technical", "primers", "Technical and engineering focused primers", "claude-sonnet-4", "agents/primer/system", 0.8, 4e3, ["text_generation", "reasoning", "code"]],
13012
+ ["primer_intelligence", "document_intelligence", "Extract evidence, beliefs, and questions from documents", "claude-sonnet-4", "agents/primer-intelligence", 0.3, 8e3, ["text_generation", "structured_output", "reasoning"]],
13013
+ ["fact_checker", "research", "Verify claims without web search", "claude-sonnet-4", "agents/internet-fact-checker", 0.3, 4e3, ["text_generation", "reasoning"]],
13014
+ ["fact_checker_web", "research", "Verify claims with web search", "sonar-pro", "agents/internet-fact-checker", 0.3, 4e3, ["web_search"]],
13015
+ ["deep_research", "research", "Deep research with extended analysis", "claude-opus-4", void 0, 0.7, 8e3, ["text_generation", "reasoning", "long_context"]],
13016
+ ["belief_classifier", "classification", "Classify beliefs by epistemic type", "claude-sonnet-4", "classification/belief-category", 0.2, 1e3, ["text_generation", "reasoning"]],
13017
+ ["evidence_classifier", "classification", "Classify evidence methodology and quality", "claude-sonnet-4", "classification/evidence-rules", 0.3, 1e3, ["text_generation", "reasoning"]],
13018
+ ["edge_classifier", "classification", "Classify edge reasoning method and temporal class", "claude-sonnet-4", "classification/epistemic-guidance", 0.3, 1e3, ["text_generation", "reasoning"]],
13019
+ ["entity_extractor", "extraction", "Extract entities from text", "claude-sonnet-4", void 0, 0.2, 2e3, ["text_generation", "structured_output"]],
13020
+ ["graph_intelligence_query", "graph_intelligence", "Analyze graph health, gaps, and structural risks", "claude-sonnet-4", "graph-intelligence/query", 0.5, 8e3, ["text_generation", "reasoning", "tool_use"]],
13021
+ ["graph_intelligence_suggestions", "graph_intelligence", "Extract actionable graph suggestions", "claude-sonnet-4", "graph-intelligence/suggestions-extraction", 0.2, 4e3, ["text_generation", "structured_output"]],
13022
+ ["text_to_cypher", "graph_intelligence", "Generate read-only Cypher from graph questions", "claude-sonnet-4", "graph-intelligence/text-to-cypher", 0.2, 2e3, ["text_generation", "code", "reasoning"]],
13023
+ ["contradiction_verifier", "epistemic", "Verify semantic contradiction candidates", "claude-sonnet-4", "lucern/verify-contradiction", 0.2, 500, ["text_generation", "reasoning"]],
13024
+ ["task_execution", "tasks", "Execute research tasks with structured analysis", "claude-sonnet-4", void 0, 0.3, 4e3, ["text_generation", "reasoning", "structured_output"]],
13025
+ ["sprint_unified", "sprints", "Unified worktree chat across all phases", "claude-opus-4", "worktrees/unified-system-prompt", 0.7, 8e3, ["text_generation", "reasoning", "tool_use"]],
13026
+ ["evidence_assessor", "sprints", "Assess evidence for belief valence and certainty", "claude-sonnet-4", "worktrees/scoring/evidence-assessor", 0.3, 4e3, ["text_generation", "reasoning", "structured_output"]],
13027
+ ["title_generator", "utility", "Generate concise titles", "gpt-4o-mini", void 0, 0.7, 100, ["text_generation", "fast", "cheap"]],
13028
+ ["help_desk_agent", "utility", "Help desk support agent for workflow guidance", "claude-sonnet-4", "agents/help-desk-agent", 0.4, 2e3, ["text_generation", "reasoning"]],
13029
+ ["bug_detective_agent", "utility", "Bug triage assistant for structured diagnosis", "claude-sonnet-4", "agents/bug-detective-agent", 0.3, 2e3, ["text_generation", "reasoning"]]
13030
+ ];
13031
+ function labelFor(value) {
13032
+ return value.split(/[_-]/).map((part) => part.charAt(0).toUpperCase() + part.slice(1)).join(" ");
13033
+ }
13034
+ function seedContext(options) {
13035
+ return {
13036
+ now: options.now ?? DEFAULT_SEED_TIME,
13037
+ templateTenantId: options.templateTenantId ?? TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID,
13038
+ actor: options.actorPrincipalId ?? TENANT_BOOTSTRAP_TEMPLATE_ACTOR,
13039
+ version: options.version ?? TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION
13040
+ };
13041
+ }
13042
+ function toolCategory(contract) {
13043
+ if (contract.surfaceIntent === "system") return "system";
13044
+ if (contract.effects.includes("admin")) return "admin";
13045
+ if (contract.effects.includes("write") || contract.kind !== "query") return "write";
13046
+ return "read";
13047
+ }
13048
+ function requiredRole(category) {
13049
+ if (category === "system") return "service_agent";
13050
+ if (category === "admin") return "tenant_admin";
13051
+ if (category === "write") return "editor";
13052
+ return "viewer";
13053
+ }
13054
+ function requiredAction(category) {
13055
+ if (category === "admin" || category === "system") return "admin";
13056
+ if (category === "write") return "mutate";
13057
+ return "read";
13058
+ }
13059
+ function enabledSurfaces(contract) {
13060
+ return [
13061
+ contract.surfaces.mcp !== "none" ? "mcp" : void 0,
13062
+ contract.surfaces.sdk !== "none" ? "sdk" : void 0,
13063
+ contract.surfaces.cli !== "none" ? "cli" : void 0,
13064
+ contract.surfaces.rest !== "none" ? "api" : void 0
13065
+ ].filter((value) => Boolean(value));
13066
+ }
13067
+ function buildToolRegistry(now, actor, version) {
13068
+ const rows = /* @__PURE__ */ new Map();
13069
+ for (const contract of ALL_FUNCTION_CONTRACTS) {
13070
+ const surfaces = enabledSurfaces(contract);
13071
+ if (surfaces.length === 0) continue;
13072
+ const category = toolCategory(contract);
13073
+ const readOnly = category === "read";
13074
+ const toolName = contract.mcp.toolName || contract.name;
13075
+ rows.set(toolName, {
13076
+ toolName,
13077
+ description: contract.openapi.summary,
13078
+ version,
13079
+ status: "active",
13080
+ requiredRole: requiredRole(category),
13081
+ requiredAction: requiredAction(category),
13082
+ surfaces,
13083
+ category,
13084
+ parameterSchema: { contract: contract.name, sdk: contract.sdk },
13085
+ handlerRef: contract.convex ? `${contract.convex.module}.${contract.convex.functionName}` : contract.name,
13086
+ executionAdapter: contract.convex?.kind === "action" ? "convex_action" : contract.convex?.kind === "mutation" ? "convex_mutation" : "mcp_tool",
13087
+ safetyMetadata: {
13088
+ readOnly,
13089
+ idempotent: readOnly || contract.idempotent === true || contract.idempotent === "required",
13090
+ sideEffectLevel: readOnly ? "none" : category === "admin" ? "high" : "low"
13091
+ },
13092
+ isCore: true,
13093
+ mcVersion: version,
13094
+ registeredBy: actor,
13095
+ registeredAt: now
13096
+ });
13097
+ }
13098
+ return [...rows.values()].sort(
13099
+ (a, b) => String(a.toolName).localeCompare(String(b.toolName))
13100
+ );
13101
+ }
13102
+ function buildToolAcls(tools, now, actor) {
13103
+ return tools.flatMap(
13104
+ (tool) => (ROLE_GRANTS[tool.requiredRole] ?? [tool.requiredRole]).map(
13105
+ (role) => ({ role, toolName: tool.toolName, createdBy: actor, createdAt: now })
13106
+ )
13107
+ );
13108
+ }
13109
+ function buildMcpWritePolicy(now, actor) {
13110
+ return [
13111
+ ...["viewer", "auditor"].map((role) => ({
13112
+ role,
13113
+ toolCategory: "write",
13114
+ permission: "deny",
13115
+ enabled: true,
13116
+ rationale: "Read-only roles cannot mutate the reasoning graph.",
13117
+ createdAt: now,
13118
+ updatedAt: now,
13119
+ createdBy: actor
13120
+ })),
13121
+ ...["editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"].map((role) => ({
13122
+ role,
13123
+ toolCategory: "write",
13124
+ permission: "allow",
13125
+ maxWritesPerSession: role === "editor" ? 200 : void 0,
13126
+ enabled: true,
13127
+ rationale: "Default global write policy for trusted graph mutation roles.",
13128
+ createdAt: now,
13129
+ updatedAt: now,
13130
+ createdBy: actor
13131
+ }))
13132
+ ];
13133
+ }
13134
+ function buildTenantPolicies(tenantId, now, actor) {
13135
+ const rows = [
13136
+ ["viewer", "Read graph and runtime metadata.", [{ resource: "graph", actions: ["read"] }]],
13137
+ ["auditor", "Read graph, audit, and policy decisions.", [{ resource: "audit", actions: ["read", "export"] }]],
13138
+ ["editor", "Read and mutate tenant reasoning state.", [{ resource: "graph", actions: ["read", "create", "update", "mutate"] }]],
13139
+ ["workspace_admin", "Manage workspace-scoped reasoning operations.", [{ resource: "workspace", actions: ["read", "update", "admin"] }]],
13140
+ ["tenant_admin", "Manage tenant policy, tools, users, and publication.", [{ resource: "tenant", actions: ["read", "update", "admin"] }, { resource: "policy", actions: ["read", "create", "update", "admin"] }]],
13141
+ ["service_agent", "Service principal execution role for automation.", [{ resource: "runtime", actions: ["read", "create", "update"] }, { resource: "graph", actions: ["read", "create", "update", "mutate"] }]]
13142
+ ];
13143
+ return rows.map(([roleName, description, permissions]) => ({
13144
+ tenantId,
13145
+ roleName,
13146
+ description,
13147
+ permissions,
13148
+ groupBindings: [],
13149
+ createdAt: now,
13150
+ updatedAt: now,
13151
+ createdBy: actor,
13152
+ updatedBy: actor
13153
+ }));
13154
+ }
13155
+ function modelRegistryRows(now) {
13156
+ return MODEL_REGISTRY.map(([key, name, modelId, provider, contextWindow, maxOutputTokens, defaultTemperature, inputCostPer1M, outputCostPer1M]) => ({
13157
+ key,
13158
+ name,
13159
+ modelId,
13160
+ provider,
13161
+ capabilities: ["text_generation", "reasoning"],
13162
+ contextWindow,
13163
+ maxOutputTokens,
13164
+ defaultTemperature,
13165
+ inputCostPer1M,
13166
+ outputCostPer1M,
13167
+ recommended: true,
13168
+ enabled: true,
13169
+ createdAt: now,
13170
+ updatedAt: now
13171
+ }));
13172
+ }
13173
+ function modelFunctionSlotRows(now) {
13174
+ return MODEL_SLOTS.map(([slot, category, description, modelKey, promptName, temperature, maxTokens, requiredCapabilities]) => ({
13175
+ slot,
13176
+ category,
13177
+ description,
13178
+ modelKey,
13179
+ promptName,
13180
+ temperature,
13181
+ maxTokens,
13182
+ requiredCapabilities,
13183
+ enabled: true,
13184
+ isDefault: true,
13185
+ notes: `Seeded by ${TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION}.`,
13186
+ createdAt: now,
13187
+ updatedAt: now
13188
+ }));
13189
+ }
13190
+ function modelSlotConfigRows(now) {
13191
+ return MODEL_SLOTS.map(([slot, , , modelKey, , temperature, maxTokens]) => ({
13192
+ slot,
13193
+ modelKey,
13194
+ temperature,
13195
+ maxTokens,
13196
+ enabled: true,
13197
+ notes: `Default routing for ${slot}.`,
13198
+ createdAt: now,
13199
+ updatedAt: now
13200
+ }));
13201
+ }
13202
+ function schemaEnumRows(now) {
13203
+ return Object.entries(ENUM_VALUES).flatMap(
13204
+ ([category, values]) => values.map((value, index) => ({
13205
+ category,
13206
+ value,
13207
+ label: labelFor(value),
13208
+ description: `${labelFor(value)} ${category} value.`,
13209
+ tier: "platform",
13210
+ metadata: { seedVersion: TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION },
13211
+ isDefault: index === 0,
13212
+ sortOrder: index + 1,
13213
+ status: "active",
13214
+ createdAt: now,
13215
+ updatedAt: now
13216
+ }))
13217
+ );
13218
+ }
13219
+ function buildTenantBootstrapTemplateSeedRows(options = {}) {
13220
+ const ctx = seedContext(options);
13221
+ const toolRegistry2 = buildToolRegistry(ctx.now, ctx.actor, ctx.version);
13222
+ return {
13223
+ kernel: {
13224
+ backgroundJobSettings: [
13225
+ { jobKey: "neo4j_sync", enabled: false, notes: "Disabled until graph-sync credentials are configured.", updatedAt: ctx.now, updatedBy: ctx.actor },
13226
+ { jobKey: "calibration_rollups", enabled: true, notes: "Compute calibration rollups when calibration data exists.", updatedAt: ctx.now, updatedBy: ctx.actor }
13227
+ ],
13228
+ ontologyDefinitions: [
13229
+ { ontologyKey: "lucern-core", name: "Lucern Core", description: "Core Lucern reasoning taxonomy.", tier: "platform", status: "active", createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now }
13230
+ ],
13231
+ ontologyVersions: [
13232
+ {
13233
+ ontologyId: "lucern-core",
13234
+ ontologyKey: "lucern-core",
13235
+ version: ctx.version,
13236
+ status: "published",
13237
+ entityTypes: ["belief", "question", "evidence", "answer", "decision", "task", "worktree", "topic", "source"].map((value) => ({ value, label: labelFor(value) })),
13238
+ edgeTypes: ["supports", "informs", "depends_on", "derived_from", "contains", "tests", "supersedes", "responds_to"].map((value) => ({ value, label: labelFor(value) })),
13239
+ releaseNotes: "Initial platform ontology seed.",
13240
+ publishedBy: ctx.actor,
13241
+ publishedAt: ctx.now,
13242
+ createdAt: ctx.now
13243
+ }
13244
+ ],
13245
+ publicationRules: [
13246
+ { tenantId: ctx.templateTenantId, name: "publish-high-confidence-beliefs", description: "Publish high-confidence beliefs to tenant-level consumers.", conditionType: "confidence_threshold", conditions: { minConfidence: 0.85 }, enabled: true, priority: 100, createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now }
13247
+ ],
13248
+ schemaEnumConfig: schemaEnumRows(ctx.now)
13249
+ },
13250
+ identity: {
13251
+ mcpWritePolicy: buildMcpWritePolicy(ctx.now, ctx.actor),
13252
+ modelFunctionSlots: modelFunctionSlotRows(ctx.now),
13253
+ modelRegistry: modelRegistryRows(ctx.now),
13254
+ modelSlotConfigs: modelSlotConfigRows(ctx.now),
13255
+ platformAudiences: [
13256
+ ["internal", "Internal", "internal"],
13257
+ ["lp", "Limited Partners", "restricted_external"],
13258
+ ["public", "Public", "public"]
13259
+ ].map(([audienceKey, audienceLabel, audienceClass]) => ({ tenantId: ctx.templateTenantId, audienceKey, audienceLabel, audienceClass, status: "active", metadata: { seedVersion: ctx.version }, createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now })),
13260
+ tenantConfig: [
13261
+ { tenantId: ctx.templateTenantId, authPolicyMode: "open", defaultSessionTTL: 28800, defaultTopicVisibility: "tenant", featureFlags: { sdkBootstrapSeeds: true, interactiveRoleAuth: true }, maxWorkspaceCount: 25, defaultModelSlotOverrides: {}, updatedAt: ctx.now, updatedBy: ctx.actor }
13262
+ ],
13263
+ tenantIntegrations: [
13264
+ { tenantId: ctx.templateTenantId, integrationKey: "web-search", displayName: "Web Search", description: "Tenant-configurable search integration placeholder.", category: "search", capabilities: ["search", "deep_research", "summarize"], config: { apiBaseUrl: "https://example.invalid/lucern/search", authType: "none", timeout: 3e4 }, endpoints: { search: { path: "/search", method: "POST", queryParamName: "query", resultPath: "results" } }, status: "disabled", usageCount: 0, createdAt: ctx.now, updatedAt: ctx.now, createdBy: ctx.actor }
13265
+ ],
13266
+ tenantPolicies: buildTenantPolicies(ctx.templateTenantId, ctx.now, ctx.actor),
13267
+ toolAcls: buildToolAcls(toolRegistry2, ctx.now, ctx.actor),
13268
+ toolRegistry: toolRegistry2
13269
+ }
13270
+ };
13271
+ }
13272
+
11303
13273
  // src/v1/topics/v1.ts
11304
13274
  var ROOT_TOPIC_ID = "n17tm38rwet7wqgzrmwahyt1z582590y";
11305
13275
  function collectTopicNeighborhood(topics2, rootTopicId, maxDescendantDepth = 2) {
@@ -11593,6 +13563,6 @@ var CANONICAL_WORKFLOW_DEFINITIONS = [
11593
13563
  }
11594
13564
  ];
11595
13565
 
11596
- export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GraphRefSchema, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, bigramTokenize, buildDomainEvent, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, findEdgePolicy, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, isAfterCursor, isLucernPrompt, jaccardSimilarity, lastDelegator, listBeliefsProjection, listTasksProjection, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tokenOverlapScore, tokenizeSearchText, wordOverlapScore, wordTokenize };
13566
+ export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION, COMPONENT_HOST_DB_READ_OPERATIONS, COMPONENT_HOST_DB_WRITE_OPERATIONS, COMPONENT_HOST_PROTECTED_TABLES, COMPONENT_HOST_PROTECTED_TABLE_OWNERS, COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS, COMPONENT_HOST_WRITE_AUDIT_ROOTS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GraphRefSchema, INFISICAL_RUNTIME_BOOTSTRAP_ENV, INFISICAL_RUNTIME_CONTRACT_VERSION, INFISICAL_RUNTIME_DEFAULT_API_URL, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DELIVERY_MODES, INFISICAL_RUNTIME_ENVIRONMENTS, INFISICAL_RUNTIME_MANIFEST, INFISICAL_RUNTIME_PATHS, INFISICAL_RUNTIME_SURFACES, INFISICAL_RUNTIME_SURFACE_IDS, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES, TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS, TENANT_BOOTSTRAP_SEED_COMPONENTS, TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION, TENANT_BOOTSTRAP_SEED_MANIFEST, TENANT_BOOTSTRAP_SEED_TABLES, TENANT_BOOTSTRAP_TABLE_REQUIREMENTS, TENANT_BOOTSTRAP_TEMPLATE_ACTOR, TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION, TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID, TENANT_CLIENT_AUTH_MODES, TENANT_CLIENT_CAPABILITIES, TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS, TENANT_CLIENT_CONTRACT_VERSION, TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS, TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS, TENANT_CLIENT_FORBIDDEN_SECRET_ENV, TENANT_CLIENT_INSTALLABLE_PACKAGES, TENANT_CLIENT_INSTALL_TOKEN_ENV, TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH, TENANT_CLIENT_ISOLATION_RULES, TENANT_CLIENT_MANIFEST, TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS, TENANT_CLIENT_PRINCIPAL_TYPES, TENANT_CLIENT_PUBLIC_IMPORTS, TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS, TENANT_CLIENT_REQUIRED_SDK_NAMESPACES, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, assertTenantClientImportAllowed, bigramTokenize, buildDomainEvent, buildTenantBootstrapTemplateSeedRows, classifyTenantClientImport, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, findEdgePolicy, findInfisicalRuntimePath, findInfisicalRuntimeSurface, findTenantBootstrapSeedTable, findTenantBootstrapTableRequirement, findTenantClientInstallablePackage, formatTenantClientImportViolation, getComponentBoundaryTableLayer, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, isAfterCursor, isComponentBoundaryComponentOwnedTable, isLucernPrompt, isTenantBootstrapForbiddenSeedTable, isTenantBootstrapSeedTable, isTenantClientAllowedImport, isTenantClientComponentConfigImport, isTenantClientInstallablePackage, isTenantClientPublicImport, jaccardSimilarity, lastDelegator, listBeliefsProjection, listTasksProjection, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tokenOverlapScore, tokenizeSearchText, wordOverlapScore, wordTokenize };
11597
13567
  //# sourceMappingURL=index.js.map
11598
13568
  //# sourceMappingURL=index.js.map