@lucern/contracts 0.3.0-alpha.2 → 0.3.0-alpha.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/component-boundary.contract.d.ts +14 -0
- package/dist/component-boundary.contract.js +155 -0
- package/dist/component-boundary.contract.js.map +1 -0
- package/dist/component-host-boundary.contract.d.ts +41 -0
- package/dist/component-host-boundary.contract.js +54 -0
- package/dist/component-host-boundary.contract.js.map +1 -0
- package/dist/function-registry/beliefs.d.ts +41 -41
- package/dist/function-registry/beliefs.js +202 -8
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.js +187 -8
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.d.ts +13 -13
- package/dist/function-registry/context.js +187 -9
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.js +158 -5
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.js +158 -5
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.js +169 -6
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.d.ts +33 -33
- package/dist/function-registry/evidence.js +202 -9
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.d.ts +53 -53
- package/dist/function-registry/graph.js +217 -12
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.d.ts +1 -1
- package/dist/function-registry/helpers.js +158 -5
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.js +158 -5
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.d.ts +1 -1
- package/dist/function-registry/index.js +158 -5
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.d.ts +9 -9
- package/dist/function-registry/judgments.js +170 -8
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.js +158 -5
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.d.ts +17 -17
- package/dist/function-registry/lenses.js +181 -8
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/manifest.d.ts +3 -3
- package/dist/function-registry/manifest.js +1 -1
- package/dist/function-registry/manifest.js.map +1 -1
- package/dist/function-registry/ontologies.d.ts +45 -45
- package/dist/function-registry/ontologies.js +176 -11
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.d.ts +13 -13
- package/dist/function-registry/pipeline.js +167 -8
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.d.ts +49 -49
- package/dist/function-registry/questions.js +255 -13
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.js +158 -5
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.d.ts +21 -21
- package/dist/function-registry/topics.js +172 -8
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/types.d.ts +1 -1
- package/dist/function-registry/worktrees.d.ts +80 -41
- package/dist/function-registry/worktrees.js +292 -17
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/function-registry-input-audit.d.ts +13 -0
- package/dist/function-registry-input-audit.js +164 -0
- package/dist/function-registry-input-audit.js.map +1 -0
- package/dist/gateway.contract.d.ts +2 -0
- package/dist/gateway.contract.js.map +1 -1
- package/dist/generated/convexSchemas.js +2 -1
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/generated/schema-manifest.json +42 -3
- package/dist/generated/tableOwnership.d.ts +2 -1
- package/dist/generated/tableOwnership.js +2 -0
- package/dist/generated/tableOwnership.js.map +1 -1
- package/dist/generated/tier-expectations.json +4 -2
- package/dist/index.d.ts +445 -35
- package/dist/index.js +1987 -17
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +174 -0
- package/dist/infisical-runtime.contract.js +192 -0
- package/dist/infisical-runtime.contract.js.map +1 -0
- package/dist/mcp-gateway-boundary.contract.d.ts +181 -0
- package/dist/mcp-gateway-boundary.contract.js +43 -0
- package/dist/mcp-gateway-boundary.contract.js.map +1 -0
- package/dist/schemas/component-table-manifest.d.ts +2 -2
- package/dist/schemas/index.js +38 -1
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +1050 -910
- package/dist/schemas/manifest.js +38 -1
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/sl-opinion.d.ts +4 -4
- package/dist/schemas/tables/identity/platform.d.ts +10 -10
- package/dist/schemas/tables/kernel/epistemic.d.ts +6 -6
- package/dist/schemas/tables/kernel/infra.d.ts +4 -4
- package/dist/schemas/tables/kernel/intelligence.d.ts +10 -10
- package/dist/schemas/tables/kernel/lens.d.ts +4 -4
- package/dist/schemas/tables/kernel/platform.d.ts +12 -12
- package/dist/schemas/tables/kernel/spine.d.ts +2 -2
- package/dist/schemas/tables/kernel/task.d.ts +42 -42
- package/dist/schemas/tables/kernel/worktree.d.ts +62 -62
- package/dist/schemas/tables/mc/identity.d.ts +26 -3
- package/dist/schemas/tables/mc/identity.js +35 -1
- package/dist/schemas/tables/mc/identity.js.map +1 -1
- package/dist/schemas/tables/mc/pack.d.ts +20 -20
- package/dist/schemas/tables/mc/registry.d.ts +4 -4
- package/dist/schemas/tables/mc/workspace.d.ts +9 -3
- package/dist/schemas/tables/mc/workspace.js +3 -1
- package/dist/schemas/tables/mc/workspace.js.map +1 -1
- package/dist/sdk-methods.contract.d.ts +1 -1
- package/dist/{sdk-tools.contract-S4ia0TTo.d.ts → sdk-tools.contract-CD-N1Jf7.d.ts} +1 -1
- package/dist/sdk-tools.contract.d.ts +2 -2
- package/dist/sdk-tools.contract.js +157 -4
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.contract.d.ts +1097 -0
- package/dist/tenant-bootstrap-seed.contract.js +651 -0
- package/dist/tenant-bootstrap-seed.contract.js.map +1 -0
- package/dist/tenant-bootstrap-seed.defaults.d.ts +16 -0
- package/dist/tenant-bootstrap-seed.defaults.js +303 -0
- package/dist/tenant-bootstrap-seed.defaults.js.map +1 -0
- package/dist/tenant-client.contract.d.ts +266 -0
- package/dist/tenant-client.contract.js +404 -0
- package/dist/tenant-client.contract.js.map +1 -0
- package/dist/{tool-contracts-C92-9ueT.d.ts → tool-contracts-BcKz-VGj.d.ts} +4 -2
- package/dist/tool-contracts.d.ts +1 -1
- package/dist/tool-contracts.js +158 -5
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { z, ZodFirstPartyTypeKind } from 'zod';
|
|
2
2
|
import { v } from 'convex/values';
|
|
3
|
+
import { ALL_FUNCTION_CONTRACTS } from './function-registry/index.js';
|
|
3
4
|
export * from './function-registry/index.js';
|
|
4
5
|
|
|
5
6
|
var __defProp = Object.defineProperty;
|
|
@@ -224,6 +225,209 @@ function lastDelegator(delegationChain) {
|
|
|
224
225
|
return delegationChain[delegationChain.length - 1]?.principalId;
|
|
225
226
|
}
|
|
226
227
|
|
|
228
|
+
// src/generated/tableOwnership.ts
|
|
229
|
+
var TABLE_OWNERSHIP = {
|
|
230
|
+
"agentMessages": "K",
|
|
231
|
+
"agentRegistryEntries": "L",
|
|
232
|
+
"agents": "I",
|
|
233
|
+
"agentSessions": "K",
|
|
234
|
+
"apiKeys": "L",
|
|
235
|
+
"auditLog": "L",
|
|
236
|
+
"autofixJobs": "K",
|
|
237
|
+
"backgroundJobRuns": "K",
|
|
238
|
+
"backgroundJobSettings": "K",
|
|
239
|
+
"beliefConfidence": "K",
|
|
240
|
+
"beliefEvidenceLinks": "K",
|
|
241
|
+
"beliefHistory": "K",
|
|
242
|
+
"beliefScenarios": "K",
|
|
243
|
+
"beliefVotes": "K",
|
|
244
|
+
"calibrationScores": "K",
|
|
245
|
+
"compatibilityShims": "L",
|
|
246
|
+
"contractEvaluations": "K",
|
|
247
|
+
"contradictions": "K",
|
|
248
|
+
"controlPlaneTenantModelSlotBindings": "L",
|
|
249
|
+
"controlPlaneTenantProviderSecrets": "L",
|
|
250
|
+
"controlPlaneTenantProxyGatewayUsage": "L",
|
|
251
|
+
"controlPlaneToolAcls": "L",
|
|
252
|
+
"crossProjectConnections": "K",
|
|
253
|
+
"cutoverFlags": "L",
|
|
254
|
+
"decisionComputedSummaries": "K",
|
|
255
|
+
"decisionEvents": "K",
|
|
256
|
+
"decisionParticipants": "K",
|
|
257
|
+
"decisionRiskLedger": "K",
|
|
258
|
+
"decisionSnapshots": "K",
|
|
259
|
+
"deliberationContributions": "K",
|
|
260
|
+
"deliberationSessions": "K",
|
|
261
|
+
"epistemicAudit": "K",
|
|
262
|
+
"epistemicContracts": "K",
|
|
263
|
+
"epistemicEdges": "K",
|
|
264
|
+
"epistemicNodeEmbeddings": "K",
|
|
265
|
+
"epistemicNodes": "K",
|
|
266
|
+
"graphAnalysisCache": "K",
|
|
267
|
+
"graphAnalysisResults": "K",
|
|
268
|
+
"graphSuggestions": "K",
|
|
269
|
+
"groupMemberships": "L",
|
|
270
|
+
"groups": "L",
|
|
271
|
+
"harnessReplays": "K",
|
|
272
|
+
"harnessRuns": "K",
|
|
273
|
+
"idempotencyTokens": "K",
|
|
274
|
+
"lenses": "K",
|
|
275
|
+
"lensTopicBindings": "K",
|
|
276
|
+
"mcpWritePolicy": "I",
|
|
277
|
+
"memberships": "L",
|
|
278
|
+
"methodologyPacks": "L",
|
|
279
|
+
"modelCallLogs": "I",
|
|
280
|
+
"modelFunctionSlots": "I",
|
|
281
|
+
"modelRegistry": "I",
|
|
282
|
+
"modelSlotConfigs": "I",
|
|
283
|
+
"neo4jSyncQueue": "K",
|
|
284
|
+
"oauthDeviceCodes": "L",
|
|
285
|
+
"ontologyDefinitions": "K",
|
|
286
|
+
"ontologyVersions": "K",
|
|
287
|
+
"packAssignments": "L",
|
|
288
|
+
"packDefinitions": "L",
|
|
289
|
+
"packEntitlements": "L",
|
|
290
|
+
"packGroupAssignments": "L",
|
|
291
|
+
"packInstallations": "L",
|
|
292
|
+
"packVersions": "L",
|
|
293
|
+
"platformAgentRunPolicyDecisions": "K",
|
|
294
|
+
"platformAgentRunPromptResolutions": "K",
|
|
295
|
+
"platformAgentRuns": "K",
|
|
296
|
+
"platformAgentRunToolCalls": "K",
|
|
297
|
+
"platformAudienceGrants": "I",
|
|
298
|
+
"platformAudiences": "I",
|
|
299
|
+
"platformHarnessShadowAudit": "K",
|
|
300
|
+
"platformPolicyDecisionLogs": "I",
|
|
301
|
+
"policyBundles": "L",
|
|
302
|
+
"policyDecisionLogs": "L",
|
|
303
|
+
"policySimulations": "L",
|
|
304
|
+
"principals": "L",
|
|
305
|
+
"projectGrants": "I",
|
|
306
|
+
"publicationRules": "K",
|
|
307
|
+
"questionEvidenceLinks": "K",
|
|
308
|
+
"rateLimitWindows": "L",
|
|
309
|
+
"reasoningPermissions": "I",
|
|
310
|
+
"researchJobs": "K",
|
|
311
|
+
"schemaEnumConfig": "K",
|
|
312
|
+
"servicePrincipalKeys": "L",
|
|
313
|
+
"stakeholderGroups": "K",
|
|
314
|
+
"systemLogs": "K",
|
|
315
|
+
"tasks": "K",
|
|
316
|
+
"tenantApiKeys": "I",
|
|
317
|
+
"tenantConfig": "I",
|
|
318
|
+
"tenantDeploymentCredentials": "L",
|
|
319
|
+
"tenantIntegrations": "I",
|
|
320
|
+
"tenantMethodologyAssignments": "L",
|
|
321
|
+
"tenantModelSlotBindings": "I",
|
|
322
|
+
"tenantPolicies": "I",
|
|
323
|
+
"tenantProviderSecrets": "I",
|
|
324
|
+
"tenantProxyGatewayUsage": "I",
|
|
325
|
+
"tenantProxyTokenMints": "I",
|
|
326
|
+
"tenants": "L",
|
|
327
|
+
"tenantSandboxAuditEvents": "I",
|
|
328
|
+
"tenantSecrets": "I",
|
|
329
|
+
"toolAcls": "I",
|
|
330
|
+
"toolCatalog": "L",
|
|
331
|
+
"toolRegistry": "I",
|
|
332
|
+
"toolRegistryEntries": "L",
|
|
333
|
+
"topics": "K",
|
|
334
|
+
"users": "I",
|
|
335
|
+
"userSessions": "L",
|
|
336
|
+
"workflowDefinitions": "K",
|
|
337
|
+
"workflowPullRequests": "K",
|
|
338
|
+
"workflowStages": "K",
|
|
339
|
+
"workspaces": "L",
|
|
340
|
+
"worktreeBeliefCluster": "K",
|
|
341
|
+
"worktrees": "K"
|
|
342
|
+
};
|
|
343
|
+
|
|
344
|
+
// src/component-boundary.contract.ts
|
|
345
|
+
var COMPONENT_BOUNDARY_CONTRACT_VERSION = "2026-04-27";
|
|
346
|
+
var COMPONENT_BOUNDARY_COMPONENT_LAYERS = [
|
|
347
|
+
"I",
|
|
348
|
+
"K"
|
|
349
|
+
];
|
|
350
|
+
var COMPONENT_BOUNDARY_DIRECT_DB_METHODS = [
|
|
351
|
+
"insert",
|
|
352
|
+
"patch",
|
|
353
|
+
"replace",
|
|
354
|
+
"delete",
|
|
355
|
+
"query"
|
|
356
|
+
];
|
|
357
|
+
var COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS = [
|
|
358
|
+
"services",
|
|
359
|
+
"apps",
|
|
360
|
+
"convex"
|
|
361
|
+
];
|
|
362
|
+
var COMPONENT_BOUNDARY_HIGH_RISK_TABLES = [
|
|
363
|
+
"backgroundJobRuns",
|
|
364
|
+
"backgroundJobSettings",
|
|
365
|
+
"systemLogs",
|
|
366
|
+
"epistemicAudit",
|
|
367
|
+
"platformPolicyDecisionLogs",
|
|
368
|
+
"tenantApiKeys",
|
|
369
|
+
"projectGrants",
|
|
370
|
+
"userSessions"
|
|
371
|
+
];
|
|
372
|
+
function getComponentBoundaryTableLayer(tableName) {
|
|
373
|
+
return TABLE_OWNERSHIP[tableName];
|
|
374
|
+
}
|
|
375
|
+
function isComponentBoundaryComponentOwnedTable(tableName) {
|
|
376
|
+
const layer = getComponentBoundaryTableLayer(tableName);
|
|
377
|
+
return layer === "I" || layer === "K";
|
|
378
|
+
}
|
|
379
|
+
|
|
380
|
+
// src/component-host-boundary.contract.ts
|
|
381
|
+
var COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION = "2026-04-28";
|
|
382
|
+
var COMPONENT_HOST_PROTECTED_TABLES = [
|
|
383
|
+
"backgroundJobRuns",
|
|
384
|
+
"backgroundJobSettings",
|
|
385
|
+
"systemLogs",
|
|
386
|
+
"epistemicAudit",
|
|
387
|
+
"platformPolicyDecisionLogs",
|
|
388
|
+
"tenantApiKeys",
|
|
389
|
+
"projectGrants",
|
|
390
|
+
"userSessions"
|
|
391
|
+
];
|
|
392
|
+
var COMPONENT_HOST_PROTECTED_TABLE_OWNERS = {
|
|
393
|
+
backgroundJobRuns: "kernel_component",
|
|
394
|
+
backgroundJobSettings: "kernel_component",
|
|
395
|
+
systemLogs: "kernel_component",
|
|
396
|
+
epistemicAudit: "reasoning_kernel_component",
|
|
397
|
+
platformPolicyDecisionLogs: "identity_component",
|
|
398
|
+
tenantApiKeys: "identity_component",
|
|
399
|
+
projectGrants: "identity_component",
|
|
400
|
+
userSessions: "tenant_or_control_plane_schema"
|
|
401
|
+
};
|
|
402
|
+
var COMPONENT_HOST_DB_WRITE_OPERATIONS = [
|
|
403
|
+
"insert",
|
|
404
|
+
"patch",
|
|
405
|
+
"replace",
|
|
406
|
+
"delete"
|
|
407
|
+
];
|
|
408
|
+
var COMPONENT_HOST_DB_READ_OPERATIONS = ["query"];
|
|
409
|
+
var COMPONENT_HOST_WRITE_AUDIT_ROOTS = [
|
|
410
|
+
"apps/web/convex",
|
|
411
|
+
"packages/server-core/src",
|
|
412
|
+
"services/kernel-template/convex",
|
|
413
|
+
"services/identity-template/convex",
|
|
414
|
+
"services/master-control/convex"
|
|
415
|
+
];
|
|
416
|
+
var COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS = [
|
|
417
|
+
{
|
|
418
|
+
file: "services/master-control/convex/userSessions.ts",
|
|
419
|
+
table: "userSessions",
|
|
420
|
+
operation: "insert",
|
|
421
|
+
reason: "Master Control declares and owns its own userSessions table for gateway session validation."
|
|
422
|
+
},
|
|
423
|
+
{
|
|
424
|
+
file: "services/master-control/convex/userSessions.ts",
|
|
425
|
+
table: "userSessions",
|
|
426
|
+
operation: "query",
|
|
427
|
+
reason: "Master Control declares and owns its own userSessions table for gateway session validation."
|
|
428
|
+
}
|
|
429
|
+
];
|
|
430
|
+
|
|
227
431
|
// src/gateway.contract.ts
|
|
228
432
|
function requireActorPrincipalId(authContext) {
|
|
229
433
|
const principalId = typeof authContext.principalId === "string" ? authContext.principalId.trim() : "";
|
|
@@ -3023,6 +3227,40 @@ var rateLimitWindows = defineTable({
|
|
|
3023
3227
|
{ kind: "index", name: "by_tier_window_end", columns: ["tier", "windowEndMs"] }
|
|
3024
3228
|
]
|
|
3025
3229
|
});
|
|
3230
|
+
var oauthDeviceCodes = defineTable({
|
|
3231
|
+
name: "oauthDeviceCodes",
|
|
3232
|
+
component: "mc",
|
|
3233
|
+
category: "identity",
|
|
3234
|
+
shape: z.object({
|
|
3235
|
+
"deviceCodeHash": z.string(),
|
|
3236
|
+
"userCode": z.string(),
|
|
3237
|
+
"clientId": z.string(),
|
|
3238
|
+
"scope": z.string(),
|
|
3239
|
+
"status": z.enum(["pending", "approved", "denied", "expired", "consumed"]),
|
|
3240
|
+
"expiresAt": z.number(),
|
|
3241
|
+
"intervalSeconds": z.number(),
|
|
3242
|
+
"lastPolledAt": z.number().optional(),
|
|
3243
|
+
"slowDownCount": z.number().optional(),
|
|
3244
|
+
"clerkUserId": z.string().optional(),
|
|
3245
|
+
"tenantId": idOf("tenants").optional(),
|
|
3246
|
+
"workspaceId": z.string().optional(),
|
|
3247
|
+
"principalId": z.string().optional(),
|
|
3248
|
+
"role": z.string().optional(),
|
|
3249
|
+
"scopes": z.array(z.string()).optional(),
|
|
3250
|
+
"sessionId": z.string().optional(),
|
|
3251
|
+
"approvedAt": z.number().optional(),
|
|
3252
|
+
"deniedAt": z.number().optional(),
|
|
3253
|
+
"consumedAt": z.number().optional(),
|
|
3254
|
+
"createdAt": z.number(),
|
|
3255
|
+
"updatedAt": z.number()
|
|
3256
|
+
}),
|
|
3257
|
+
indices: [
|
|
3258
|
+
{ kind: "index", name: "by_deviceCodeHash", columns: ["deviceCodeHash"] },
|
|
3259
|
+
{ kind: "index", name: "by_userCode", columns: ["userCode"] },
|
|
3260
|
+
{ kind: "index", name: "by_status_expiresAt", columns: ["status", "expiresAt"] },
|
|
3261
|
+
{ kind: "index", name: "by_sessionId", columns: ["sessionId"] }
|
|
3262
|
+
]
|
|
3263
|
+
});
|
|
3026
3264
|
var servicePrincipalKeys = defineTable({
|
|
3027
3265
|
name: "servicePrincipalKeys",
|
|
3028
3266
|
component: "mc",
|
|
@@ -4979,7 +5217,9 @@ var workspaces = defineTable({
|
|
|
4979
5217
|
"defaultProjectVisibility": z.enum(["private", "team", "firm", "external", "public"]).optional(),
|
|
4980
5218
|
"deployments": z.record(z.object({
|
|
4981
5219
|
"url": z.string(),
|
|
4982
|
-
"
|
|
5220
|
+
"target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
|
|
5221
|
+
"encryptedDeployKey": z.string().optional(),
|
|
5222
|
+
"credentialRef": z.string().optional()
|
|
4983
5223
|
})).optional(),
|
|
4984
5224
|
"metadata": z.record(z.any()).optional(),
|
|
4985
5225
|
"createdBy": z.string().optional(),
|
|
@@ -5387,6 +5627,7 @@ var MC_TABLE_CONTRACTS = [
|
|
|
5387
5627
|
groupMemberships,
|
|
5388
5628
|
groups,
|
|
5389
5629
|
memberships,
|
|
5630
|
+
oauthDeviceCodes,
|
|
5390
5631
|
principals,
|
|
5391
5632
|
rateLimitWindows,
|
|
5392
5633
|
servicePrincipalKeys,
|
|
@@ -5554,6 +5795,608 @@ var edgePolicyManifest = {
|
|
|
5554
5795
|
}
|
|
5555
5796
|
]
|
|
5556
5797
|
};
|
|
5798
|
+
|
|
5799
|
+
// src/tenant-client.contract.ts
|
|
5800
|
+
var TENANT_CLIENT_CONTRACT_VERSION = "2026-04-27";
|
|
5801
|
+
var TENANT_CLIENT_AUTH_MODES = [
|
|
5802
|
+
"interactive_user",
|
|
5803
|
+
"service_principal",
|
|
5804
|
+
"tenant_api_key",
|
|
5805
|
+
"session_token"
|
|
5806
|
+
];
|
|
5807
|
+
var TENANT_CLIENT_PRINCIPAL_TYPES = [
|
|
5808
|
+
"human",
|
|
5809
|
+
"service",
|
|
5810
|
+
"agent"
|
|
5811
|
+
];
|
|
5812
|
+
var TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS = [
|
|
5813
|
+
"tenantId",
|
|
5814
|
+
"workspaceId",
|
|
5815
|
+
"principalId",
|
|
5816
|
+
"authMode",
|
|
5817
|
+
"scopes"
|
|
5818
|
+
];
|
|
5819
|
+
var TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS = [
|
|
5820
|
+
"principalType",
|
|
5821
|
+
"roles",
|
|
5822
|
+
"sessionId",
|
|
5823
|
+
"delegationChain"
|
|
5824
|
+
];
|
|
5825
|
+
var TENANT_CLIENT_INSTALL_TOKEN_ENV = "INSTALL_LUCERN_NPM";
|
|
5826
|
+
var TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH = "tenants/shared";
|
|
5827
|
+
var TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS = [
|
|
5828
|
+
"/platform/publish"
|
|
5829
|
+
];
|
|
5830
|
+
var TENANT_CLIENT_FORBIDDEN_SECRET_ENV = ["NPM_TOKEN"];
|
|
5831
|
+
var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
5832
|
+
{
|
|
5833
|
+
packageName: "@lucern/access-control",
|
|
5834
|
+
role: "sdk_dependency",
|
|
5835
|
+
directTenantImport: false
|
|
5836
|
+
},
|
|
5837
|
+
{
|
|
5838
|
+
packageName: "@lucern/agent",
|
|
5839
|
+
role: "platform_runtime",
|
|
5840
|
+
directTenantImport: false
|
|
5841
|
+
},
|
|
5842
|
+
{
|
|
5843
|
+
packageName: "@lucern/auth",
|
|
5844
|
+
role: "sdk_dependency",
|
|
5845
|
+
directTenantImport: false
|
|
5846
|
+
},
|
|
5847
|
+
{
|
|
5848
|
+
packageName: "@lucern/cli",
|
|
5849
|
+
role: "developer_tool",
|
|
5850
|
+
directTenantImport: false
|
|
5851
|
+
},
|
|
5852
|
+
{
|
|
5853
|
+
packageName: "@lucern/client-core",
|
|
5854
|
+
role: "sdk_dependency",
|
|
5855
|
+
directTenantImport: false
|
|
5856
|
+
},
|
|
5857
|
+
{
|
|
5858
|
+
packageName: "@lucern/confidence",
|
|
5859
|
+
role: "sdk_dependency",
|
|
5860
|
+
directTenantImport: false
|
|
5861
|
+
},
|
|
5862
|
+
{
|
|
5863
|
+
packageName: "@lucern/config",
|
|
5864
|
+
role: "configuration",
|
|
5865
|
+
directTenantImport: false
|
|
5866
|
+
},
|
|
5867
|
+
{
|
|
5868
|
+
packageName: "@lucern/contracts",
|
|
5869
|
+
role: "contract_entrypoint",
|
|
5870
|
+
directTenantImport: true
|
|
5871
|
+
},
|
|
5872
|
+
{
|
|
5873
|
+
packageName: "@lucern/control-plane",
|
|
5874
|
+
role: "platform_runtime",
|
|
5875
|
+
directTenantImport: false
|
|
5876
|
+
},
|
|
5877
|
+
{
|
|
5878
|
+
packageName: "@lucern/developer-kit",
|
|
5879
|
+
role: "developer_tool",
|
|
5880
|
+
directTenantImport: false
|
|
5881
|
+
},
|
|
5882
|
+
{
|
|
5883
|
+
packageName: "@lucern/events",
|
|
5884
|
+
role: "sdk_dependency",
|
|
5885
|
+
directTenantImport: false
|
|
5886
|
+
},
|
|
5887
|
+
{
|
|
5888
|
+
packageName: "@lucern/graph-primitives",
|
|
5889
|
+
role: "sdk_dependency",
|
|
5890
|
+
directTenantImport: false
|
|
5891
|
+
},
|
|
5892
|
+
{
|
|
5893
|
+
packageName: "@lucern/identity",
|
|
5894
|
+
role: "component_runtime",
|
|
5895
|
+
directTenantImport: false
|
|
5896
|
+
},
|
|
5897
|
+
{
|
|
5898
|
+
packageName: "@lucern/mcp",
|
|
5899
|
+
role: "runtime_entrypoint",
|
|
5900
|
+
directTenantImport: true
|
|
5901
|
+
},
|
|
5902
|
+
{
|
|
5903
|
+
packageName: "@lucern/pack-host",
|
|
5904
|
+
role: "platform_runtime",
|
|
5905
|
+
directTenantImport: false
|
|
5906
|
+
},
|
|
5907
|
+
{
|
|
5908
|
+
packageName: "@lucern/pack-installer",
|
|
5909
|
+
role: "developer_tool",
|
|
5910
|
+
directTenantImport: false
|
|
5911
|
+
},
|
|
5912
|
+
{
|
|
5913
|
+
packageName: "@lucern/proof-compiler",
|
|
5914
|
+
role: "developer_tool",
|
|
5915
|
+
directTenantImport: false
|
|
5916
|
+
},
|
|
5917
|
+
{
|
|
5918
|
+
packageName: "@lucern/react",
|
|
5919
|
+
role: "runtime_entrypoint",
|
|
5920
|
+
directTenantImport: true
|
|
5921
|
+
},
|
|
5922
|
+
{
|
|
5923
|
+
packageName: "@lucern/reasoning-kernel",
|
|
5924
|
+
role: "component_runtime",
|
|
5925
|
+
directTenantImport: false
|
|
5926
|
+
},
|
|
5927
|
+
{
|
|
5928
|
+
packageName: "@lucern/sdk",
|
|
5929
|
+
role: "runtime_entrypoint",
|
|
5930
|
+
directTenantImport: true
|
|
5931
|
+
},
|
|
5932
|
+
{
|
|
5933
|
+
packageName: "@lucern/server-core",
|
|
5934
|
+
role: "platform_runtime",
|
|
5935
|
+
directTenantImport: false
|
|
5936
|
+
},
|
|
5937
|
+
{
|
|
5938
|
+
packageName: "@lucern/testing",
|
|
5939
|
+
role: "test_support",
|
|
5940
|
+
directTenantImport: false
|
|
5941
|
+
},
|
|
5942
|
+
{
|
|
5943
|
+
packageName: "@lucern/types",
|
|
5944
|
+
role: "contract_entrypoint",
|
|
5945
|
+
directTenantImport: true
|
|
5946
|
+
}
|
|
5947
|
+
];
|
|
5948
|
+
var TENANT_CLIENT_PUBLIC_IMPORTS = [
|
|
5949
|
+
{
|
|
5950
|
+
packageName: "@lucern/sdk",
|
|
5951
|
+
surface: "runtime",
|
|
5952
|
+
subpaths: "published_exports",
|
|
5953
|
+
description: "TypeScript SDK runtime and generated operation namespaces."
|
|
5954
|
+
},
|
|
5955
|
+
{
|
|
5956
|
+
packageName: "@lucern/react",
|
|
5957
|
+
surface: "runtime",
|
|
5958
|
+
subpaths: "published_exports",
|
|
5959
|
+
description: "React bindings for tenant-owned UI applications."
|
|
5960
|
+
},
|
|
5961
|
+
{
|
|
5962
|
+
packageName: "@lucern/mcp",
|
|
5963
|
+
surface: "runtime",
|
|
5964
|
+
subpaths: "published_exports",
|
|
5965
|
+
description: "MCP client/server entry points and hosted route helpers."
|
|
5966
|
+
},
|
|
5967
|
+
{
|
|
5968
|
+
packageName: "@lucern/contracts",
|
|
5969
|
+
surface: "contract",
|
|
5970
|
+
subpaths: "published_exports",
|
|
5971
|
+
description: "Published type and manifest contracts."
|
|
5972
|
+
},
|
|
5973
|
+
{
|
|
5974
|
+
packageName: "@lucern/types",
|
|
5975
|
+
surface: "contract",
|
|
5976
|
+
subpaths: "published_exports",
|
|
5977
|
+
description: "Published type-only helpers for tenant integration code."
|
|
5978
|
+
}
|
|
5979
|
+
];
|
|
5980
|
+
var TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS = [
|
|
5981
|
+
{
|
|
5982
|
+
packageName: "@lucern/identity",
|
|
5983
|
+
importPath: "@lucern/identity/convex.config",
|
|
5984
|
+
surface: "component_config",
|
|
5985
|
+
description: "Convex component binding config for tenant deployments that install Lucern identity."
|
|
5986
|
+
},
|
|
5987
|
+
{
|
|
5988
|
+
packageName: "@lucern/reasoning-kernel",
|
|
5989
|
+
importPath: "@lucern/reasoning-kernel/convex.config",
|
|
5990
|
+
surface: "component_config",
|
|
5991
|
+
description: "Convex component binding config for tenant deployments that install the Lucern reasoning kernel."
|
|
5992
|
+
},
|
|
5993
|
+
{
|
|
5994
|
+
packageName: "@lucern/reasoning-kernel",
|
|
5995
|
+
importPath: "@lucern/reasoning-kernel/runtime.config",
|
|
5996
|
+
surface: "component_config",
|
|
5997
|
+
description: "Runtime config alias for tenant deployments that install the Lucern reasoning kernel."
|
|
5998
|
+
}
|
|
5999
|
+
];
|
|
6000
|
+
function findTenantClientInstallablePackage(packageName) {
|
|
6001
|
+
return TENANT_CLIENT_INSTALLABLE_PACKAGES.find(
|
|
6002
|
+
(entry) => entry.packageName === packageName
|
|
6003
|
+
);
|
|
6004
|
+
}
|
|
6005
|
+
function isTenantClientInstallablePackage(packageName) {
|
|
6006
|
+
return Boolean(findTenantClientInstallablePackage(packageName));
|
|
6007
|
+
}
|
|
6008
|
+
var TENANT_CLIENT_REQUIRED_SDK_NAMESPACES = [
|
|
6009
|
+
"bootstrap",
|
|
6010
|
+
"context",
|
|
6011
|
+
"beliefs",
|
|
6012
|
+
"evidence",
|
|
6013
|
+
"questions",
|
|
6014
|
+
"graph",
|
|
6015
|
+
"worktrees",
|
|
6016
|
+
"topics",
|
|
6017
|
+
"edges",
|
|
6018
|
+
"contradictions",
|
|
6019
|
+
"contracts",
|
|
6020
|
+
"graphAnalysis",
|
|
6021
|
+
"graphRecommendations",
|
|
6022
|
+
"orgGraphSearch",
|
|
6023
|
+
"embeddings",
|
|
6024
|
+
"ontologyLinks",
|
|
6025
|
+
"graphStateClassifier",
|
|
6026
|
+
"tools",
|
|
6027
|
+
"identity",
|
|
6028
|
+
"modelRuntime",
|
|
6029
|
+
"events",
|
|
6030
|
+
"jobs",
|
|
6031
|
+
"telemetry"
|
|
6032
|
+
];
|
|
6033
|
+
var TENANT_CLIENT_CAPABILITIES = [
|
|
6034
|
+
{
|
|
6035
|
+
id: "identity.bootstrap_session",
|
|
6036
|
+
description: "Start a scoped Lucern session for a tenant principal.",
|
|
6037
|
+
surfaces: ["@lucern/sdk", "@lucern/mcp"],
|
|
6038
|
+
requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
|
|
6039
|
+
},
|
|
6040
|
+
{
|
|
6041
|
+
id: "reasoning.context.compile",
|
|
6042
|
+
description: "Compile tenant and workspace scoped reasoning context.",
|
|
6043
|
+
surfaces: ["@lucern/sdk", "@lucern/react", "@lucern/mcp"],
|
|
6044
|
+
requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
|
|
6045
|
+
},
|
|
6046
|
+
{
|
|
6047
|
+
id: "reasoning.graph.read",
|
|
6048
|
+
description: "Read beliefs, evidence, questions, topics, and lineage.",
|
|
6049
|
+
surfaces: ["@lucern/sdk", "@lucern/react", "@lucern/mcp"],
|
|
6050
|
+
requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
|
|
6051
|
+
},
|
|
6052
|
+
{
|
|
6053
|
+
id: "reasoning.graph.write",
|
|
6054
|
+
description: "Create and update graph objects through authorized APIs.",
|
|
6055
|
+
surfaces: ["@lucern/sdk", "@lucern/mcp"],
|
|
6056
|
+
requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
|
|
6057
|
+
},
|
|
6058
|
+
{
|
|
6059
|
+
id: "workflow.worktree_lifecycle",
|
|
6060
|
+
description: "Create, review, merge, and close scoped worktrees.",
|
|
6061
|
+
surfaces: ["@lucern/sdk", "@lucern/react", "@lucern/mcp"],
|
|
6062
|
+
requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
|
|
6063
|
+
}
|
|
6064
|
+
];
|
|
6065
|
+
var TENANT_CLIENT_ISOLATION_RULES = [
|
|
6066
|
+
{
|
|
6067
|
+
id: "tenant_workspace_scope_required",
|
|
6068
|
+
description: "Runtime operations must resolve both tenantId and workspaceId before reaching Lucern reasoning state."
|
|
6069
|
+
},
|
|
6070
|
+
{
|
|
6071
|
+
id: "principal_audit_required",
|
|
6072
|
+
description: "Runtime operations must carry principalId, authMode, and scopes for audit attribution."
|
|
6073
|
+
},
|
|
6074
|
+
{
|
|
6075
|
+
id: "no_private_lucern_imports",
|
|
6076
|
+
description: "Tenant code must not import Lucern source, Convex internals, generated adapters, or unpublished package internals."
|
|
6077
|
+
}
|
|
6078
|
+
];
|
|
6079
|
+
var TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS = [
|
|
6080
|
+
{
|
|
6081
|
+
id: "deep_src_import",
|
|
6082
|
+
pattern: "^@lucern/[^/]+/src(?:/|$)",
|
|
6083
|
+
description: "Published packages must not be bypassed through src paths."
|
|
6084
|
+
},
|
|
6085
|
+
{
|
|
6086
|
+
id: "deep_dist_import",
|
|
6087
|
+
pattern: "^@lucern/[^/]+/dist(?:/|$)",
|
|
6088
|
+
description: "Published package exports must be used instead of dist file paths."
|
|
6089
|
+
},
|
|
6090
|
+
{
|
|
6091
|
+
id: "generated_adapter_import",
|
|
6092
|
+
pattern: "^@lucern/[^/]+/(?:adapters/)?_generated(?:/|$)",
|
|
6093
|
+
description: "Generated Lucern adapters are internal deployment artifacts."
|
|
6094
|
+
},
|
|
6095
|
+
{
|
|
6096
|
+
id: "private_runtime_import",
|
|
6097
|
+
pattern: "^@lucern/[^/]+/(?:internal|private)(?:/|$)",
|
|
6098
|
+
description: "Internal and private package subpaths are not public SDK API."
|
|
6099
|
+
},
|
|
6100
|
+
{
|
|
6101
|
+
id: "workspace_source_import",
|
|
6102
|
+
pattern: "^(?:packages|modules|services|lucern|apps)/(?:.+/)?src(?:/|$)",
|
|
6103
|
+
description: "Tenant clients must not import source files from the Lucern monorepo."
|
|
6104
|
+
},
|
|
6105
|
+
{
|
|
6106
|
+
id: "root_alias_lucern_import",
|
|
6107
|
+
pattern: "^@/(?:lucern|packages|modules|services|apps)(?:/|$)",
|
|
6108
|
+
description: "Tenant clients must not depend on Lucern repo-local path aliases."
|
|
6109
|
+
},
|
|
6110
|
+
{
|
|
6111
|
+
id: "relative_lucern_source_import",
|
|
6112
|
+
pattern: "^\\.\\.?/(?:.+/)?(?:packages|modules|services|lucern|apps)(?:/|$)",
|
|
6113
|
+
description: "Tenant clients must not reach back into Lucern source through relative paths."
|
|
6114
|
+
},
|
|
6115
|
+
{
|
|
6116
|
+
id: "monorepo_path_import",
|
|
6117
|
+
pattern: "lucern-repo",
|
|
6118
|
+
description: "Absolute imports that name the Lucern repository are not portable tenant code."
|
|
6119
|
+
}
|
|
6120
|
+
];
|
|
6121
|
+
function matchesPublicImport(importPath) {
|
|
6122
|
+
const componentConfig = TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS.find(
|
|
6123
|
+
(entry) => importPath === entry.importPath
|
|
6124
|
+
);
|
|
6125
|
+
if (componentConfig) {
|
|
6126
|
+
return componentConfig;
|
|
6127
|
+
}
|
|
6128
|
+
return TENANT_CLIENT_PUBLIC_IMPORTS.find(
|
|
6129
|
+
(entry) => importPath === entry.packageName || importPath.startsWith(`${entry.packageName}/`)
|
|
6130
|
+
);
|
|
6131
|
+
}
|
|
6132
|
+
function matchesForbiddenPattern(importPath) {
|
|
6133
|
+
return TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS.find(
|
|
6134
|
+
(entry) => new RegExp(entry.pattern, "u").test(importPath)
|
|
6135
|
+
);
|
|
6136
|
+
}
|
|
6137
|
+
function classifyTenantClientImport(importPath) {
|
|
6138
|
+
const normalizedImportPath = importPath.trim();
|
|
6139
|
+
const pattern = matchesForbiddenPattern(normalizedImportPath);
|
|
6140
|
+
if (pattern) {
|
|
6141
|
+
return {
|
|
6142
|
+
importPath: normalizedImportPath,
|
|
6143
|
+
decision: "forbidden",
|
|
6144
|
+
pattern,
|
|
6145
|
+
reason: pattern.description
|
|
6146
|
+
};
|
|
6147
|
+
}
|
|
6148
|
+
const publicImport = matchesPublicImport(normalizedImportPath);
|
|
6149
|
+
if (publicImport) {
|
|
6150
|
+
return {
|
|
6151
|
+
importPath: normalizedImportPath,
|
|
6152
|
+
decision: "public",
|
|
6153
|
+
publicImport,
|
|
6154
|
+
reason: publicImport.description
|
|
6155
|
+
};
|
|
6156
|
+
}
|
|
6157
|
+
if (normalizedImportPath.startsWith("@lucern/")) {
|
|
6158
|
+
return {
|
|
6159
|
+
importPath: normalizedImportPath,
|
|
6160
|
+
decision: "forbidden",
|
|
6161
|
+
reason: "This @lucern package is not part of the tenant client public surface."
|
|
6162
|
+
};
|
|
6163
|
+
}
|
|
6164
|
+
if (normalizedImportPath.startsWith("./") || normalizedImportPath.startsWith("../")) {
|
|
6165
|
+
return {
|
|
6166
|
+
importPath: normalizedImportPath,
|
|
6167
|
+
decision: "local",
|
|
6168
|
+
reason: "Local tenant-owned import."
|
|
6169
|
+
};
|
|
6170
|
+
}
|
|
6171
|
+
return {
|
|
6172
|
+
importPath: normalizedImportPath,
|
|
6173
|
+
decision: "external",
|
|
6174
|
+
reason: "External dependency outside the Lucern package namespace."
|
|
6175
|
+
};
|
|
6176
|
+
}
|
|
6177
|
+
function isTenantClientPublicImport(importPath) {
|
|
6178
|
+
return classifyTenantClientImport(importPath).decision === "public";
|
|
6179
|
+
}
|
|
6180
|
+
function isTenantClientComponentConfigImport(importPath) {
|
|
6181
|
+
return TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS.some(
|
|
6182
|
+
(entry) => importPath === entry.importPath
|
|
6183
|
+
);
|
|
6184
|
+
}
|
|
6185
|
+
function isTenantClientAllowedImport(importPath) {
|
|
6186
|
+
return classifyTenantClientImport(importPath).decision === "public";
|
|
6187
|
+
}
|
|
6188
|
+
function assertTenantClientImportAllowed(importPath) {
|
|
6189
|
+
const classification = classifyTenantClientImport(importPath);
|
|
6190
|
+
if (classification.decision !== "forbidden") {
|
|
6191
|
+
return;
|
|
6192
|
+
}
|
|
6193
|
+
throw new Error(formatTenantClientImportViolation(classification));
|
|
6194
|
+
}
|
|
6195
|
+
function formatTenantClientImportViolation(classification) {
|
|
6196
|
+
const patternId = classification.pattern ? ` [${classification.pattern.id}]` : "";
|
|
6197
|
+
return `Tenant client import is not allowed${patternId}: ${classification.importPath}. ${classification.reason}`;
|
|
6198
|
+
}
|
|
6199
|
+
|
|
6200
|
+
// src/infisical-runtime.contract.ts
|
|
6201
|
+
var INFISICAL_RUNTIME_CONTRACT_VERSION = "2026-04-28";
|
|
6202
|
+
var INFISICAL_RUNTIME_DEFAULT_API_URL = "https://app.infisical.com";
|
|
6203
|
+
var INFISICAL_RUNTIME_DEFAULT_PROJECT_ID = "344b0526-90df-4606-ba50-22c647a36c65";
|
|
6204
|
+
var INFISICAL_RUNTIME_ENVIRONMENTS = [
|
|
6205
|
+
"dev",
|
|
6206
|
+
"staging",
|
|
6207
|
+
"prod"
|
|
6208
|
+
];
|
|
6209
|
+
var INFISICAL_RUNTIME_DELIVERY_MODES = [
|
|
6210
|
+
"vercel_sync",
|
|
6211
|
+
"runtime_fetch",
|
|
6212
|
+
"device_auth"
|
|
6213
|
+
];
|
|
6214
|
+
var INFISICAL_RUNTIME_SURFACE_IDS = [
|
|
6215
|
+
"lucern-web",
|
|
6216
|
+
"lucern-gateway",
|
|
6217
|
+
"lucern-sdk",
|
|
6218
|
+
"lucern-cli",
|
|
6219
|
+
"lucern-mcp",
|
|
6220
|
+
"tenant-client"
|
|
6221
|
+
];
|
|
6222
|
+
var INFISICAL_RUNTIME_BOOTSTRAP_ENV = {
|
|
6223
|
+
apiUrl: ["INFISICAL_API_URL", "INFISICAL_URL"],
|
|
6224
|
+
projectId: ["INFISICAL_PROJECT_ID", "INFISICAL_WORKSPACE_ID"],
|
|
6225
|
+
clientId: [
|
|
6226
|
+
"INFISICAL_CLIENT_ID",
|
|
6227
|
+
"INFISICAL_MACHINE_CLIENT_ID",
|
|
6228
|
+
"INFISICAL_UNIVERSAL_AUTH_CLIENT_ID"
|
|
6229
|
+
],
|
|
6230
|
+
clientSecret: [
|
|
6231
|
+
"INFISICAL_CLIENT_SECRET",
|
|
6232
|
+
"INFISICAL_MACHINE_CLIENT_SECRET",
|
|
6233
|
+
"INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET"
|
|
6234
|
+
],
|
|
6235
|
+
environment: ["INFISICAL_ENV", "LUCERN_INFISICAL_ENV"],
|
|
6236
|
+
organizationSlug: ["INFISICAL_ORG_SLUG", "INFISICAL_ORGANIZATION_SLUG"],
|
|
6237
|
+
disabled: ["LUCERN_INFISICAL_DISABLE", "INFISICAL_DISABLE"]
|
|
6238
|
+
};
|
|
6239
|
+
var INFISICAL_RUNTIME_PATHS = [
|
|
6240
|
+
{
|
|
6241
|
+
id: "platform-auth",
|
|
6242
|
+
secretPath: "/platform/auth",
|
|
6243
|
+
description: "Lucern platform authentication secrets. Synced into Vercel web/gateway projects; never distributed to tenant tools.",
|
|
6244
|
+
variables: [
|
|
6245
|
+
{
|
|
6246
|
+
name: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
|
|
6247
|
+
required: true,
|
|
6248
|
+
secret: false,
|
|
6249
|
+
public: true,
|
|
6250
|
+
description: "Clerk publishable key for the Lucern web origin."
|
|
6251
|
+
},
|
|
6252
|
+
{
|
|
6253
|
+
name: "CLERK_SECRET_KEY",
|
|
6254
|
+
required: true,
|
|
6255
|
+
secret: true,
|
|
6256
|
+
public: false,
|
|
6257
|
+
description: "Clerk backend secret key for Lucern server runtimes."
|
|
6258
|
+
},
|
|
6259
|
+
{
|
|
6260
|
+
name: "CLERK_JWT_ISSUER_DOMAIN",
|
|
6261
|
+
required: false,
|
|
6262
|
+
secret: false,
|
|
6263
|
+
public: false,
|
|
6264
|
+
description: "Expected Clerk issuer/JWKS domain for JWT verification."
|
|
6265
|
+
},
|
|
6266
|
+
{
|
|
6267
|
+
name: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
|
|
6268
|
+
required: false,
|
|
6269
|
+
secret: false,
|
|
6270
|
+
public: true,
|
|
6271
|
+
description: "Public sign-in URL for Lucern-owned web flows."
|
|
6272
|
+
},
|
|
6273
|
+
{
|
|
6274
|
+
name: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
|
|
6275
|
+
required: false,
|
|
6276
|
+
secret: false,
|
|
6277
|
+
public: true,
|
|
6278
|
+
description: "Public sign-up URL for Lucern-owned web flows."
|
|
6279
|
+
}
|
|
6280
|
+
]
|
|
6281
|
+
},
|
|
6282
|
+
{
|
|
6283
|
+
id: "platform-runtime",
|
|
6284
|
+
secretPath: "/platform/runtime",
|
|
6285
|
+
description: "Runtime defaults shared by server-side Lucern clients and operator tooling.",
|
|
6286
|
+
variables: [
|
|
6287
|
+
{
|
|
6288
|
+
name: "LUCERN_API_URL",
|
|
6289
|
+
required: true,
|
|
6290
|
+
secret: false,
|
|
6291
|
+
public: false,
|
|
6292
|
+
aliases: ["LUCERN_API_BASE_URL", "LUCERN_BASE_URL"],
|
|
6293
|
+
description: "Canonical Lucern API gateway URL."
|
|
6294
|
+
},
|
|
6295
|
+
{
|
|
6296
|
+
name: "LUCERN_LOGIN_BASE_URL",
|
|
6297
|
+
required: false,
|
|
6298
|
+
secret: false,
|
|
6299
|
+
public: false,
|
|
6300
|
+
aliases: ["LUCERN_AUTH_BASE_URL"],
|
|
6301
|
+
description: "Browser login origin used when it differs from the API."
|
|
6302
|
+
},
|
|
6303
|
+
{
|
|
6304
|
+
name: "LUCERN_ENVIRONMENT",
|
|
6305
|
+
required: false,
|
|
6306
|
+
secret: false,
|
|
6307
|
+
public: false,
|
|
6308
|
+
aliases: ["LUCERN_ENV"],
|
|
6309
|
+
description: "Lucern environment label consumed by CLI profiles."
|
|
6310
|
+
}
|
|
6311
|
+
]
|
|
6312
|
+
},
|
|
6313
|
+
{
|
|
6314
|
+
id: "tenant-shared-install",
|
|
6315
|
+
secretPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
|
|
6316
|
+
description: "Tenant package-install secrets. This is install-only and distinct from platform publish credentials.",
|
|
6317
|
+
variables: [
|
|
6318
|
+
{
|
|
6319
|
+
name: "INSTALL_LUCERN_NPM",
|
|
6320
|
+
required: true,
|
|
6321
|
+
secret: true,
|
|
6322
|
+
public: false,
|
|
6323
|
+
description: "Read-only install token for the published @lucern/* suite."
|
|
6324
|
+
}
|
|
6325
|
+
]
|
|
6326
|
+
}
|
|
6327
|
+
];
|
|
6328
|
+
var INFISICAL_RUNTIME_SURFACES = [
|
|
6329
|
+
{
|
|
6330
|
+
id: "lucern-web",
|
|
6331
|
+
delivery: "vercel_sync",
|
|
6332
|
+
sourcePathIds: ["platform-auth", "platform-runtime"],
|
|
6333
|
+
consumer: "apps/web on Vercel project lucern",
|
|
6334
|
+
description: "Lucern web consumes Clerk and runtime config via Infisical-to-Vercel syncs."
|
|
6335
|
+
},
|
|
6336
|
+
{
|
|
6337
|
+
id: "lucern-gateway",
|
|
6338
|
+
delivery: "vercel_sync",
|
|
6339
|
+
sourcePathIds: ["platform-auth", "platform-runtime"],
|
|
6340
|
+
consumer: "apps/gateway on Vercel project lucern-gateway",
|
|
6341
|
+
description: "Lucern gateway consumes platform config via Infisical-to-Vercel syncs."
|
|
6342
|
+
},
|
|
6343
|
+
{
|
|
6344
|
+
id: "lucern-sdk",
|
|
6345
|
+
packageName: "@lucern/sdk",
|
|
6346
|
+
delivery: "runtime_fetch",
|
|
6347
|
+
sourcePathIds: ["platform-runtime"],
|
|
6348
|
+
consumer: "server-side SDK operator contexts with a scoped Infisical identity",
|
|
6349
|
+
description: "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials."
|
|
6350
|
+
},
|
|
6351
|
+
{
|
|
6352
|
+
id: "lucern-cli",
|
|
6353
|
+
packageName: "@lucern/cli",
|
|
6354
|
+
delivery: "runtime_fetch",
|
|
6355
|
+
fallback: "device_auth",
|
|
6356
|
+
sourcePathIds: ["platform-runtime"],
|
|
6357
|
+
consumer: "developer/operator CLI processes",
|
|
6358
|
+
description: "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login."
|
|
6359
|
+
},
|
|
6360
|
+
{
|
|
6361
|
+
id: "lucern-mcp",
|
|
6362
|
+
packageName: "@lucern/mcp",
|
|
6363
|
+
delivery: "runtime_fetch",
|
|
6364
|
+
fallback: "device_auth",
|
|
6365
|
+
sourcePathIds: ["platform-runtime"],
|
|
6366
|
+
consumer: "MCP server/client processes",
|
|
6367
|
+
description: "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner."
|
|
6368
|
+
},
|
|
6369
|
+
{
|
|
6370
|
+
id: "tenant-client",
|
|
6371
|
+
delivery: "device_auth",
|
|
6372
|
+
sourcePathIds: ["tenant-shared-install"],
|
|
6373
|
+
consumer: "tenant-owned apps and coding agents",
|
|
6374
|
+
description: "Tenant clients install the published packages and receive user/service credentials through Lucern auth surfaces."
|
|
6375
|
+
}
|
|
6376
|
+
];
|
|
6377
|
+
function findInfisicalRuntimePath(pathId) {
|
|
6378
|
+
return INFISICAL_RUNTIME_PATHS.find((path) => path.id === pathId);
|
|
6379
|
+
}
|
|
6380
|
+
function findInfisicalRuntimeSurface(surfaceId) {
|
|
6381
|
+
return INFISICAL_RUNTIME_SURFACES.find(
|
|
6382
|
+
(surface) => surface.id === surfaceId
|
|
6383
|
+
);
|
|
6384
|
+
}
|
|
6385
|
+
|
|
6386
|
+
// src/manifests/infisical-runtime-manifest.ts
|
|
6387
|
+
var INFISICAL_RUNTIME_MANIFEST = {
|
|
6388
|
+
manifestVersion: "1.0.0",
|
|
6389
|
+
contractVersion: INFISICAL_RUNTIME_CONTRACT_VERSION,
|
|
6390
|
+
project: {
|
|
6391
|
+
id: INFISICAL_RUNTIME_DEFAULT_PROJECT_ID,
|
|
6392
|
+
apiUrl: INFISICAL_RUNTIME_DEFAULT_API_URL
|
|
6393
|
+
},
|
|
6394
|
+
environments: INFISICAL_RUNTIME_ENVIRONMENTS,
|
|
6395
|
+
deliveryModes: INFISICAL_RUNTIME_DELIVERY_MODES,
|
|
6396
|
+
bootstrapEnv: INFISICAL_RUNTIME_BOOTSTRAP_ENV,
|
|
6397
|
+
paths: INFISICAL_RUNTIME_PATHS,
|
|
6398
|
+
surfaces: INFISICAL_RUNTIME_SURFACES
|
|
6399
|
+
};
|
|
5557
6400
|
var InvariantManifestSchema = z.object({
|
|
5558
6401
|
manifestVersion: z.literal("1.0.0"),
|
|
5559
6402
|
rules: z.array(
|
|
@@ -5566,6 +6409,35 @@ var InvariantManifestSchema = z.object({
|
|
|
5566
6409
|
)
|
|
5567
6410
|
});
|
|
5568
6411
|
|
|
6412
|
+
// src/manifests/tenant-client-manifest.ts
|
|
6413
|
+
var TENANT_CLIENT_MANIFEST = {
|
|
6414
|
+
manifestVersion: "1.0.0",
|
|
6415
|
+
contractVersion: TENANT_CLIENT_CONTRACT_VERSION,
|
|
6416
|
+
auth: {
|
|
6417
|
+
modes: TENANT_CLIENT_AUTH_MODES,
|
|
6418
|
+
principalTypes: TENANT_CLIENT_PRINCIPAL_TYPES,
|
|
6419
|
+
requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS,
|
|
6420
|
+
optionalContextFields: TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS
|
|
6421
|
+
},
|
|
6422
|
+
installToken: {
|
|
6423
|
+
env: TENANT_CLIENT_INSTALL_TOKEN_ENV,
|
|
6424
|
+
infisicalPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
|
|
6425
|
+
forbiddenInfisicalPaths: TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS,
|
|
6426
|
+
forbiddenSecretEnv: TENANT_CLIENT_FORBIDDEN_SECRET_ENV
|
|
6427
|
+
},
|
|
6428
|
+
packages: {
|
|
6429
|
+
installable: TENANT_CLIENT_INSTALLABLE_PACKAGES,
|
|
6430
|
+
directImports: TENANT_CLIENT_PUBLIC_IMPORTS,
|
|
6431
|
+
componentConfigImports: TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS
|
|
6432
|
+
},
|
|
6433
|
+
sdk: {
|
|
6434
|
+
requiredNamespaces: TENANT_CLIENT_REQUIRED_SDK_NAMESPACES
|
|
6435
|
+
},
|
|
6436
|
+
capabilities: TENANT_CLIENT_CAPABILITIES,
|
|
6437
|
+
isolationRules: TENANT_CLIENT_ISOLATION_RULES,
|
|
6438
|
+
forbiddenImportPatterns: TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS
|
|
6439
|
+
};
|
|
6440
|
+
|
|
5569
6441
|
// src/projections/projection-dsl.ts
|
|
5570
6442
|
function defineProjection(def) {
|
|
5571
6443
|
return def;
|
|
@@ -5917,6 +6789,7 @@ __export(tool_contracts_exports, {
|
|
|
5917
6789
|
ARCHIVE_BELIEF: () => ARCHIVE_BELIEF,
|
|
5918
6790
|
ARCHIVE_ONTOLOGY: () => ARCHIVE_ONTOLOGY,
|
|
5919
6791
|
ARCHIVE_QUESTION: () => ARCHIVE_QUESTION,
|
|
6792
|
+
BEGIN_BUILD_SESSION: () => BEGIN_BUILD_SESSION,
|
|
5920
6793
|
BISECT_CONFIDENCE: () => BISECT_CONFIDENCE,
|
|
5921
6794
|
BROADCAST_MESSAGE: () => BROADCAST_MESSAGE,
|
|
5922
6795
|
CHECK_PERMISSION: () => CHECK_PERMISSION,
|
|
@@ -6440,6 +7313,14 @@ var ADD_WORKTREE = {
|
|
|
6440
7313
|
description: "Check out a branch into an active worktree for investigation. Like `git worktree add <branch>` \u2014 creates independent working state on a thematic branch. Beliefs committed within the worktree can be freely amended (draft code on a feature branch). When investigation is complete, `merge` integrates findings into main.",
|
|
6441
7314
|
parameters: {
|
|
6442
7315
|
title: { type: "string", description: "Worktree name/objective" },
|
|
7316
|
+
name: {
|
|
7317
|
+
type: "string",
|
|
7318
|
+
description: "Optional storage-name alias for callers that already use backend naming"
|
|
7319
|
+
},
|
|
7320
|
+
projectId: {
|
|
7321
|
+
type: "string",
|
|
7322
|
+
description: "Legacy topicId alias"
|
|
7323
|
+
},
|
|
6443
7324
|
topicId: { type: "string", description: "Optional topic scope hint" },
|
|
6444
7325
|
branchId: {
|
|
6445
7326
|
type: "string",
|
|
@@ -6453,24 +7334,97 @@ var ADD_WORKTREE = {
|
|
|
6453
7334
|
type: "string",
|
|
6454
7335
|
description: "The testable claim this worktree investigates"
|
|
6455
7336
|
},
|
|
6456
|
-
|
|
6457
|
-
type: "
|
|
6458
|
-
description: "
|
|
7337
|
+
rationale: {
|
|
7338
|
+
type: "string",
|
|
7339
|
+
description: "Why this worktree exists and why it belongs in the campaign"
|
|
6459
7340
|
},
|
|
6460
|
-
|
|
6461
|
-
type: "
|
|
6462
|
-
description: "
|
|
7341
|
+
worktreeType: {
|
|
7342
|
+
type: "string",
|
|
7343
|
+
description: "Schema-enum worktree type used by the kernel lifecycle and retrieval layers"
|
|
6463
7344
|
},
|
|
6464
|
-
|
|
7345
|
+
gate: {
|
|
6465
7346
|
type: "string",
|
|
6466
|
-
description: "
|
|
7347
|
+
description: "Exit gate name for this worktree"
|
|
6467
7348
|
},
|
|
6468
|
-
|
|
7349
|
+
startDate: {
|
|
6469
7350
|
type: "number",
|
|
6470
|
-
description: "
|
|
7351
|
+
description: "Planned start timestamp in milliseconds since epoch"
|
|
6471
7352
|
},
|
|
6472
|
-
|
|
6473
|
-
type: "
|
|
7353
|
+
endDate: {
|
|
7354
|
+
type: "number",
|
|
7355
|
+
description: "Planned end timestamp in milliseconds since epoch"
|
|
7356
|
+
},
|
|
7357
|
+
durationWeeks: {
|
|
7358
|
+
type: "number",
|
|
7359
|
+
description: "Planned duration in weeks"
|
|
7360
|
+
},
|
|
7361
|
+
confidenceImpact: {
|
|
7362
|
+
type: "string",
|
|
7363
|
+
description: "Expected confidence impact if the worktree succeeds",
|
|
7364
|
+
enum: ["high", "medium", "low"]
|
|
7365
|
+
},
|
|
7366
|
+
beliefFocus: {
|
|
7367
|
+
type: "string",
|
|
7368
|
+
description: "Natural-language focus spanning the target belief neighborhood"
|
|
7369
|
+
},
|
|
7370
|
+
beliefIds: {
|
|
7371
|
+
type: "array",
|
|
7372
|
+
description: "Legacy alias for targetBeliefIds"
|
|
7373
|
+
},
|
|
7374
|
+
beliefs: {
|
|
7375
|
+
type: "array",
|
|
7376
|
+
description: "Legacy alias for targetBeliefIds"
|
|
7377
|
+
},
|
|
7378
|
+
targetBeliefIds: {
|
|
7379
|
+
type: "array",
|
|
7380
|
+
description: "Belief node IDs this worktree is expected to test or update"
|
|
7381
|
+
},
|
|
7382
|
+
targetQuestionIds: {
|
|
7383
|
+
type: "array",
|
|
7384
|
+
description: "Question node IDs this worktree is expected to answer"
|
|
7385
|
+
},
|
|
7386
|
+
keyQuestions: {
|
|
7387
|
+
type: "array",
|
|
7388
|
+
description: "Inline key question objects with question, optional status, answer, answerConfidence, and linkedQuestionId"
|
|
7389
|
+
},
|
|
7390
|
+
evidenceSignals: {
|
|
7391
|
+
type: "array",
|
|
7392
|
+
description: "Evidence signal objects with signal, optional collected state, progress, and notes"
|
|
7393
|
+
},
|
|
7394
|
+
decisionGate: {
|
|
7395
|
+
type: "object",
|
|
7396
|
+
description: "Decision gate object with goCriteria, noGoSignals, optional verdict, rationale, decidedAt, and decidedBy"
|
|
7397
|
+
},
|
|
7398
|
+
goCriteria: {
|
|
7399
|
+
type: "array",
|
|
7400
|
+
description: "Shorthand go criteria used to build decisionGate"
|
|
7401
|
+
},
|
|
7402
|
+
noGoSignals: {
|
|
7403
|
+
type: "array",
|
|
7404
|
+
description: "Shorthand no-go signals used to build decisionGate"
|
|
7405
|
+
},
|
|
7406
|
+
proofArtifacts: {
|
|
7407
|
+
type: "array",
|
|
7408
|
+
description: "Expected proof artifacts required to close the worktree"
|
|
7409
|
+
},
|
|
7410
|
+
autoShape: {
|
|
7411
|
+
type: "boolean",
|
|
7412
|
+
description: "Whether to invoke inquiry auto-shaping during worktree creation"
|
|
7413
|
+
},
|
|
7414
|
+
autoFixPolicy: {
|
|
7415
|
+
type: "object",
|
|
7416
|
+
description: "Policy for permitted automatic remediation inside the worktree"
|
|
7417
|
+
},
|
|
7418
|
+
domainPackId: {
|
|
7419
|
+
type: "string",
|
|
7420
|
+
description: "Optional domain pack whose shaping hooks should influence generated questions and tasks"
|
|
7421
|
+
},
|
|
7422
|
+
campaign: {
|
|
7423
|
+
type: "number",
|
|
7424
|
+
description: "Top-level pipeline campaign number. Campaigns define the outer execution slice."
|
|
7425
|
+
},
|
|
7426
|
+
lane: {
|
|
7427
|
+
type: "string",
|
|
6474
7428
|
description: "GitButler-aligned workstream lane name inside the campaign."
|
|
6475
7429
|
},
|
|
6476
7430
|
laneOrderInCampaign: {
|
|
@@ -6489,9 +7443,17 @@ var ADD_WORKTREE = {
|
|
|
6489
7443
|
type: "array",
|
|
6490
7444
|
description: "Worktree IDs blocked by this worktree"
|
|
6491
7445
|
},
|
|
6492
|
-
|
|
7446
|
+
staffingHint: {
|
|
6493
7447
|
type: "string",
|
|
6494
|
-
description: "
|
|
7448
|
+
description: "Suggested staffing or agent allocation note"
|
|
7449
|
+
},
|
|
7450
|
+
lensId: {
|
|
7451
|
+
type: "string",
|
|
7452
|
+
description: "Lens that scopes this worktree when applicable"
|
|
7453
|
+
},
|
|
7454
|
+
lastReconciledAt: {
|
|
7455
|
+
type: "number",
|
|
7456
|
+
description: "Timestamp when worktree metadata was last reconciled"
|
|
6495
7457
|
}
|
|
6496
7458
|
},
|
|
6497
7459
|
required: ["title", "topicId"],
|
|
@@ -6521,7 +7483,7 @@ var MERGE = {
|
|
|
6521
7483
|
worktreeId: { type: "string", description: "The worktree to merge" },
|
|
6522
7484
|
outcomes: {
|
|
6523
7485
|
type: "array",
|
|
6524
|
-
description: "
|
|
7486
|
+
description: "Merge outcomes as key-finding strings, or scoring outcomes for beliefs: { beliefId, confidence, rationale }"
|
|
6525
7487
|
},
|
|
6526
7488
|
summary: { type: "string", description: "Overall findings summary" }
|
|
6527
7489
|
},
|
|
@@ -9540,6 +10502,69 @@ var GENERATE_SESSION_HANDOFF = {
|
|
|
9540
10502
|
tier: "showcase",
|
|
9541
10503
|
internal: true
|
|
9542
10504
|
};
|
|
10505
|
+
var BEGIN_BUILD_SESSION = {
|
|
10506
|
+
name: "begin_build_session",
|
|
10507
|
+
description: "Bootstrap a coding build session for a Lucern worktree. Like `git worktree add` plus `git status` \u2014 returns the compact context packet an agent needs before editing.",
|
|
10508
|
+
parameters: {
|
|
10509
|
+
worktreeId: {
|
|
10510
|
+
type: "string",
|
|
10511
|
+
description: "The Lucern worktree ID to bootstrap."
|
|
10512
|
+
},
|
|
10513
|
+
branch: {
|
|
10514
|
+
type: "string",
|
|
10515
|
+
description: "Optional git branch name. Auto-generated from the worktree name when omitted."
|
|
10516
|
+
},
|
|
10517
|
+
branchBase: {
|
|
10518
|
+
type: "string",
|
|
10519
|
+
description: 'Base branch for the feature branch. Default: "staging".'
|
|
10520
|
+
},
|
|
10521
|
+
prBase: {
|
|
10522
|
+
type: "string",
|
|
10523
|
+
description: 'Target branch for the PR. Default: "staging".'
|
|
10524
|
+
},
|
|
10525
|
+
sessionMode: {
|
|
10526
|
+
type: "string",
|
|
10527
|
+
description: 'Session mode: "async" for Codex/headless or "interactive" for live sessions.',
|
|
10528
|
+
enum: ["async", "interactive"]
|
|
10529
|
+
},
|
|
10530
|
+
activateIfPlanning: {
|
|
10531
|
+
type: "boolean",
|
|
10532
|
+
description: "When true, automatically activate a planning worktree during bootstrap."
|
|
10533
|
+
}
|
|
10534
|
+
},
|
|
10535
|
+
required: ["worktreeId"],
|
|
10536
|
+
response: {
|
|
10537
|
+
description: "A compact build-session packet with worktree metadata, graph anchors, questions, dependencies, and git defaults.",
|
|
10538
|
+
fields: {
|
|
10539
|
+
topicId: "string \u2014 canonical topic scope",
|
|
10540
|
+
topicName: "string \u2014 human-readable topic name",
|
|
10541
|
+
worktreeId: "string \u2014 worktree ID",
|
|
10542
|
+
worktreeName: "string \u2014 human-readable worktree name",
|
|
10543
|
+
branch: "string \u2014 git branch name",
|
|
10544
|
+
branchBase: "string \u2014 base branch",
|
|
10545
|
+
prBase: "string \u2014 PR target branch",
|
|
10546
|
+
campaign: "number | null \u2014 top-level pipeline campaign",
|
|
10547
|
+
lane: "string \u2014 campaign lane",
|
|
10548
|
+
gate: "string \u2014 exit gate",
|
|
10549
|
+
hypothesis: "string \u2014 worktree hypothesis",
|
|
10550
|
+
focus: "string \u2014 session focus",
|
|
10551
|
+
status: "string \u2014 worktree status after optional activation",
|
|
10552
|
+
sessionMode: "string \u2014 async | interactive",
|
|
10553
|
+
targetBeliefIds: "array \u2014 scoped belief IDs",
|
|
10554
|
+
targetQuestionIds: "array \u2014 scoped question IDs",
|
|
10555
|
+
topBeliefs: "array \u2014 highest-confidence scoped beliefs",
|
|
10556
|
+
openQuestions: "array \u2014 open scoped questions",
|
|
10557
|
+
resolvedDecisions: "array \u2014 answered questions summarized for the session",
|
|
10558
|
+
dependencies: "array \u2014 upstream worktrees",
|
|
10559
|
+
unblocks: "array \u2014 downstream worktrees",
|
|
10560
|
+
mergeOrderNotes: "string \u2014 merge ordering advisory"
|
|
10561
|
+
}
|
|
10562
|
+
},
|
|
10563
|
+
ownerModule: "bootstrap",
|
|
10564
|
+
ontologyPrimitive: "worktree",
|
|
10565
|
+
tier: "showcase",
|
|
10566
|
+
internal: true
|
|
10567
|
+
};
|
|
9543
10568
|
var MCP_TOOL_CONTRACTS = {
|
|
9544
10569
|
// Belief lifecycle (commit, amend, fork, archive)
|
|
9545
10570
|
create_belief: CREATE_BELIEF,
|
|
@@ -9633,6 +10658,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9633
10658
|
get_agent_inbox: GET_AGENT_INBOX,
|
|
9634
10659
|
claim_files: CLAIM_FILES,
|
|
9635
10660
|
generate_session_handoff: GENERATE_SESSION_HANDOFF,
|
|
10661
|
+
begin_build_session: BEGIN_BUILD_SESSION,
|
|
9636
10662
|
// Policy / ACL (workhorse)
|
|
9637
10663
|
check_permission: CHECK_PERMISSION,
|
|
9638
10664
|
filter_by_permission: FILTER_BY_PERMISSION,
|
|
@@ -11300,6 +12326,950 @@ function validateSdkGitSemantics(tool) {
|
|
|
11300
12326
|
return { valid: true };
|
|
11301
12327
|
}
|
|
11302
12328
|
|
|
12329
|
+
// src/tenant-bootstrap-seed.contract.ts
|
|
12330
|
+
var TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION = "2026-04-30";
|
|
12331
|
+
var TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS = [
|
|
12332
|
+
"tenantId",
|
|
12333
|
+
"workspaceId",
|
|
12334
|
+
"principalId",
|
|
12335
|
+
"role",
|
|
12336
|
+
"authMode",
|
|
12337
|
+
"correlationId",
|
|
12338
|
+
"auditMetadata"
|
|
12339
|
+
];
|
|
12340
|
+
var TENANT_BOOTSTRAP_SEED_COMPONENTS = {
|
|
12341
|
+
kernel: {
|
|
12342
|
+
componentName: "lucern",
|
|
12343
|
+
templateService: "services/kernel-template",
|
|
12344
|
+
templateDeployments: {
|
|
12345
|
+
staging: "charming-okapi-787",
|
|
12346
|
+
prod: "brilliant-narwhal-889"
|
|
12347
|
+
}
|
|
12348
|
+
},
|
|
12349
|
+
identity: {
|
|
12350
|
+
componentName: "identity",
|
|
12351
|
+
templateService: "services/identity-template",
|
|
12352
|
+
templateDeployments: {
|
|
12353
|
+
staging: "charming-goldfinch-895",
|
|
12354
|
+
prod: "helpful-mule-694"
|
|
12355
|
+
}
|
|
12356
|
+
}
|
|
12357
|
+
};
|
|
12358
|
+
function isCopyableSeedRequirement(entry) {
|
|
12359
|
+
return (entry.copyMode === "template_global" || entry.copyMode === "template_tenant_rewrite" || entry.copyMode === "template_reference_remap") && Boolean(entry.scope) && Array.isArray(entry.uniqueKey) && entry.uniqueKey.length > 0;
|
|
12360
|
+
}
|
|
12361
|
+
var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
12362
|
+
{
|
|
12363
|
+
component: "kernel",
|
|
12364
|
+
table: "agentMessages",
|
|
12365
|
+
prepopulation: "runtime_data",
|
|
12366
|
+
copyMode: "none",
|
|
12367
|
+
description: "Agent coordination messages are session data, not template data."
|
|
12368
|
+
},
|
|
12369
|
+
{
|
|
12370
|
+
component: "kernel",
|
|
12371
|
+
table: "agentSessions",
|
|
12372
|
+
prepopulation: "runtime_data",
|
|
12373
|
+
copyMode: "none",
|
|
12374
|
+
description: "Agent coordination sessions are created by active clients."
|
|
12375
|
+
},
|
|
12376
|
+
{
|
|
12377
|
+
component: "kernel",
|
|
12378
|
+
table: "autofixJobs",
|
|
12379
|
+
prepopulation: "runtime_queue",
|
|
12380
|
+
copyMode: "none",
|
|
12381
|
+
description: "Autofix work items are runtime queue rows."
|
|
12382
|
+
},
|
|
12383
|
+
{
|
|
12384
|
+
component: "kernel",
|
|
12385
|
+
table: "backgroundJobRuns",
|
|
12386
|
+
prepopulation: "runtime_log",
|
|
12387
|
+
copyMode: "none",
|
|
12388
|
+
description: "Background job executions are runtime logs."
|
|
12389
|
+
},
|
|
12390
|
+
{
|
|
12391
|
+
component: "kernel",
|
|
12392
|
+
table: "backgroundJobSettings",
|
|
12393
|
+
prepopulation: "required_template",
|
|
12394
|
+
copyMode: "template_global",
|
|
12395
|
+
scope: "global",
|
|
12396
|
+
uniqueKey: ["jobKey"],
|
|
12397
|
+
description: "Default job enablement settings must come from the K template."
|
|
12398
|
+
},
|
|
12399
|
+
{
|
|
12400
|
+
component: "kernel",
|
|
12401
|
+
table: "beliefConfidence",
|
|
12402
|
+
prepopulation: "runtime_data",
|
|
12403
|
+
copyMode: "none",
|
|
12404
|
+
description: "Belief confidence rows are created with tenant graph facts."
|
|
12405
|
+
},
|
|
12406
|
+
{
|
|
12407
|
+
component: "kernel",
|
|
12408
|
+
table: "beliefEvidenceLinks",
|
|
12409
|
+
prepopulation: "runtime_data",
|
|
12410
|
+
copyMode: "none",
|
|
12411
|
+
description: "Belief-to-evidence links are tenant graph data."
|
|
12412
|
+
},
|
|
12413
|
+
{
|
|
12414
|
+
component: "kernel",
|
|
12415
|
+
table: "beliefHistory",
|
|
12416
|
+
prepopulation: "runtime_data",
|
|
12417
|
+
copyMode: "none",
|
|
12418
|
+
description: "Belief history is append-only tenant graph data."
|
|
12419
|
+
},
|
|
12420
|
+
{
|
|
12421
|
+
component: "kernel",
|
|
12422
|
+
table: "beliefScenarios",
|
|
12423
|
+
prepopulation: "runtime_data",
|
|
12424
|
+
copyMode: "none",
|
|
12425
|
+
description: "Scenario rows are tenant-authored reasoning data."
|
|
12426
|
+
},
|
|
12427
|
+
{
|
|
12428
|
+
component: "kernel",
|
|
12429
|
+
table: "beliefVotes",
|
|
12430
|
+
prepopulation: "runtime_data",
|
|
12431
|
+
copyMode: "none",
|
|
12432
|
+
description: "Decision belief votes are tenant-authored data."
|
|
12433
|
+
},
|
|
12434
|
+
{
|
|
12435
|
+
component: "kernel",
|
|
12436
|
+
table: "calibrationScores",
|
|
12437
|
+
prepopulation: "runtime_derived",
|
|
12438
|
+
copyMode: "none",
|
|
12439
|
+
description: "Calibration scores are computed from tenant outcomes."
|
|
12440
|
+
},
|
|
12441
|
+
{
|
|
12442
|
+
component: "kernel",
|
|
12443
|
+
table: "contractEvaluations",
|
|
12444
|
+
prepopulation: "runtime_log",
|
|
12445
|
+
copyMode: "none",
|
|
12446
|
+
description: "Contract evaluation rows are runtime computation logs."
|
|
12447
|
+
},
|
|
12448
|
+
{
|
|
12449
|
+
component: "kernel",
|
|
12450
|
+
table: "contradictions",
|
|
12451
|
+
prepopulation: "runtime_data",
|
|
12452
|
+
copyMode: "none",
|
|
12453
|
+
description: "Contradictions are tenant graph facts."
|
|
12454
|
+
},
|
|
12455
|
+
{
|
|
12456
|
+
component: "kernel",
|
|
12457
|
+
table: "crossProjectConnections",
|
|
12458
|
+
prepopulation: "runtime_data",
|
|
12459
|
+
copyMode: "none",
|
|
12460
|
+
description: "Cross-topic connections are tenant graph facts."
|
|
12461
|
+
},
|
|
12462
|
+
{
|
|
12463
|
+
component: "kernel",
|
|
12464
|
+
table: "decisionComputedSummaries",
|
|
12465
|
+
prepopulation: "runtime_derived",
|
|
12466
|
+
copyMode: "none",
|
|
12467
|
+
description: "Decision summaries are derived tenant outputs."
|
|
12468
|
+
},
|
|
12469
|
+
{
|
|
12470
|
+
component: "kernel",
|
|
12471
|
+
table: "decisionEvents",
|
|
12472
|
+
prepopulation: "runtime_data",
|
|
12473
|
+
copyMode: "none",
|
|
12474
|
+
description: "Decision events are lifecycle data."
|
|
12475
|
+
},
|
|
12476
|
+
{
|
|
12477
|
+
component: "kernel",
|
|
12478
|
+
table: "decisionParticipants",
|
|
12479
|
+
prepopulation: "runtime_data",
|
|
12480
|
+
copyMode: "none",
|
|
12481
|
+
description: "Decision participants are tenant-selected actors."
|
|
12482
|
+
},
|
|
12483
|
+
{
|
|
12484
|
+
component: "kernel",
|
|
12485
|
+
table: "decisionRiskLedger",
|
|
12486
|
+
prepopulation: "runtime_data",
|
|
12487
|
+
copyMode: "none",
|
|
12488
|
+
description: "Decision risk rows are tenant decision data."
|
|
12489
|
+
},
|
|
12490
|
+
{
|
|
12491
|
+
component: "kernel",
|
|
12492
|
+
table: "decisionSnapshots",
|
|
12493
|
+
prepopulation: "runtime_derived",
|
|
12494
|
+
copyMode: "none",
|
|
12495
|
+
description: "Decision snapshots are derived from tenant state."
|
|
12496
|
+
},
|
|
12497
|
+
{
|
|
12498
|
+
component: "kernel",
|
|
12499
|
+
table: "deliberationContributions",
|
|
12500
|
+
prepopulation: "runtime_data",
|
|
12501
|
+
copyMode: "none",
|
|
12502
|
+
description: "Deliberation contributions are tenant-authored data."
|
|
12503
|
+
},
|
|
12504
|
+
{
|
|
12505
|
+
component: "kernel",
|
|
12506
|
+
table: "deliberationSessions",
|
|
12507
|
+
prepopulation: "runtime_data",
|
|
12508
|
+
copyMode: "none",
|
|
12509
|
+
description: "Deliberation sessions are created by tenant workflows."
|
|
12510
|
+
},
|
|
12511
|
+
{
|
|
12512
|
+
component: "kernel",
|
|
12513
|
+
table: "epistemicAudit",
|
|
12514
|
+
prepopulation: "runtime_log",
|
|
12515
|
+
copyMode: "none",
|
|
12516
|
+
description: "Epistemic audit rows are append-only runtime audit data."
|
|
12517
|
+
},
|
|
12518
|
+
{
|
|
12519
|
+
component: "kernel",
|
|
12520
|
+
table: "epistemicContracts",
|
|
12521
|
+
prepopulation: "runtime_data",
|
|
12522
|
+
copyMode: "none",
|
|
12523
|
+
description: "Epistemic contracts are tenant-authored governance data."
|
|
12524
|
+
},
|
|
12525
|
+
{
|
|
12526
|
+
component: "kernel",
|
|
12527
|
+
table: "epistemicEdges",
|
|
12528
|
+
prepopulation: "runtime_data",
|
|
12529
|
+
copyMode: "none",
|
|
12530
|
+
description: "Edges are tenant reasoning graph data."
|
|
12531
|
+
},
|
|
12532
|
+
{
|
|
12533
|
+
component: "kernel",
|
|
12534
|
+
table: "epistemicNodeEmbeddings",
|
|
12535
|
+
prepopulation: "runtime_derived",
|
|
12536
|
+
copyMode: "none",
|
|
12537
|
+
description: "Embeddings are derived from tenant graph nodes."
|
|
12538
|
+
},
|
|
12539
|
+
{
|
|
12540
|
+
component: "kernel",
|
|
12541
|
+
table: "epistemicNodes",
|
|
12542
|
+
prepopulation: "runtime_data",
|
|
12543
|
+
copyMode: "none",
|
|
12544
|
+
description: "Nodes are tenant reasoning graph data."
|
|
12545
|
+
},
|
|
12546
|
+
{
|
|
12547
|
+
component: "kernel",
|
|
12548
|
+
table: "graphAnalysisCache",
|
|
12549
|
+
prepopulation: "runtime_derived",
|
|
12550
|
+
copyMode: "none",
|
|
12551
|
+
description: "Graph analysis cache rows are derived from tenant graph state."
|
|
12552
|
+
},
|
|
12553
|
+
{
|
|
12554
|
+
component: "kernel",
|
|
12555
|
+
table: "graphAnalysisResults",
|
|
12556
|
+
prepopulation: "runtime_derived",
|
|
12557
|
+
copyMode: "none",
|
|
12558
|
+
description: "Graph analysis result rows are derived tenant outputs."
|
|
12559
|
+
},
|
|
12560
|
+
{
|
|
12561
|
+
component: "kernel",
|
|
12562
|
+
table: "graphSuggestions",
|
|
12563
|
+
prepopulation: "runtime_derived",
|
|
12564
|
+
copyMode: "none",
|
|
12565
|
+
description: "Graph suggestions are derived recommendations."
|
|
12566
|
+
},
|
|
12567
|
+
{
|
|
12568
|
+
component: "kernel",
|
|
12569
|
+
table: "harnessReplays",
|
|
12570
|
+
prepopulation: "runtime_log",
|
|
12571
|
+
copyMode: "none",
|
|
12572
|
+
description: "Harness replay rows are runtime verification logs."
|
|
12573
|
+
},
|
|
12574
|
+
{
|
|
12575
|
+
component: "kernel",
|
|
12576
|
+
table: "harnessRuns",
|
|
12577
|
+
prepopulation: "runtime_log",
|
|
12578
|
+
copyMode: "none",
|
|
12579
|
+
description: "Harness run rows are runtime verification logs."
|
|
12580
|
+
},
|
|
12581
|
+
{
|
|
12582
|
+
component: "kernel",
|
|
12583
|
+
table: "idempotencyTokens",
|
|
12584
|
+
prepopulation: "runtime_log",
|
|
12585
|
+
copyMode: "none",
|
|
12586
|
+
description: "Idempotency tokens are request-scoped runtime guards."
|
|
12587
|
+
},
|
|
12588
|
+
{
|
|
12589
|
+
component: "kernel",
|
|
12590
|
+
table: "lenses",
|
|
12591
|
+
prepopulation: "optional_template",
|
|
12592
|
+
copyMode: "none",
|
|
12593
|
+
description: "Reusable lens templates may live in K templates, but workspace-specific copies are not required for core SDK boot."
|
|
12594
|
+
},
|
|
12595
|
+
{
|
|
12596
|
+
component: "kernel",
|
|
12597
|
+
table: "lensTopicBindings",
|
|
12598
|
+
prepopulation: "runtime_data",
|
|
12599
|
+
copyMode: "none",
|
|
12600
|
+
description: "Lens bindings attach runtime topics to runtime/workspace lenses."
|
|
12601
|
+
},
|
|
12602
|
+
{
|
|
12603
|
+
component: "kernel",
|
|
12604
|
+
table: "neo4jSyncQueue",
|
|
12605
|
+
prepopulation: "runtime_queue",
|
|
12606
|
+
copyMode: "none",
|
|
12607
|
+
description: "Neo4j sync queue rows are runtime work items."
|
|
12608
|
+
},
|
|
12609
|
+
{
|
|
12610
|
+
component: "kernel",
|
|
12611
|
+
table: "ontologyDefinitions",
|
|
12612
|
+
prepopulation: "required_template",
|
|
12613
|
+
copyMode: "template_global",
|
|
12614
|
+
scope: "global",
|
|
12615
|
+
uniqueKey: ["ontologyKey"],
|
|
12616
|
+
description: "Platform ontology definitions power taxonomy reads and effective ontology resolution."
|
|
12617
|
+
},
|
|
12618
|
+
{
|
|
12619
|
+
component: "kernel",
|
|
12620
|
+
table: "ontologyVersions",
|
|
12621
|
+
prepopulation: "required_template",
|
|
12622
|
+
copyMode: "template_reference_remap",
|
|
12623
|
+
scope: "global",
|
|
12624
|
+
uniqueKey: ["ontologyKey", "version"],
|
|
12625
|
+
dependsOn: ["ontologyDefinitions"],
|
|
12626
|
+
description: "Ontology versions must be copied with ontologyDefinition ID remapping."
|
|
12627
|
+
},
|
|
12628
|
+
{
|
|
12629
|
+
component: "kernel",
|
|
12630
|
+
table: "platformAgentRunPolicyDecisions",
|
|
12631
|
+
prepopulation: "runtime_log",
|
|
12632
|
+
copyMode: "none",
|
|
12633
|
+
description: "Agent-run policy decisions are audit logs."
|
|
12634
|
+
},
|
|
12635
|
+
{
|
|
12636
|
+
component: "kernel",
|
|
12637
|
+
table: "platformAgentRunPromptResolutions",
|
|
12638
|
+
prepopulation: "runtime_log",
|
|
12639
|
+
copyMode: "none",
|
|
12640
|
+
description: "Agent-run prompt resolution rows are runtime logs."
|
|
12641
|
+
},
|
|
12642
|
+
{
|
|
12643
|
+
component: "kernel",
|
|
12644
|
+
table: "platformAgentRuns",
|
|
12645
|
+
prepopulation: "runtime_log",
|
|
12646
|
+
copyMode: "none",
|
|
12647
|
+
description: "Agent runs are runtime execution records."
|
|
12648
|
+
},
|
|
12649
|
+
{
|
|
12650
|
+
component: "kernel",
|
|
12651
|
+
table: "platformAgentRunToolCalls",
|
|
12652
|
+
prepopulation: "runtime_log",
|
|
12653
|
+
copyMode: "none",
|
|
12654
|
+
description: "Agent-run tool calls are runtime execution records."
|
|
12655
|
+
},
|
|
12656
|
+
{
|
|
12657
|
+
component: "kernel",
|
|
12658
|
+
table: "platformHarnessShadowAudit",
|
|
12659
|
+
prepopulation: "runtime_log",
|
|
12660
|
+
copyMode: "none",
|
|
12661
|
+
description: "Harness shadow audit rows are runtime audit records."
|
|
12662
|
+
},
|
|
12663
|
+
{
|
|
12664
|
+
component: "kernel",
|
|
12665
|
+
table: "publicationRules",
|
|
12666
|
+
prepopulation: "required_template",
|
|
12667
|
+
copyMode: "template_tenant_rewrite",
|
|
12668
|
+
scope: "tenant",
|
|
12669
|
+
uniqueKey: ["tenantId", "workspaceId", "name"],
|
|
12670
|
+
description: "Default publication policy rules are rewritten into each tenant."
|
|
12671
|
+
},
|
|
12672
|
+
{
|
|
12673
|
+
component: "kernel",
|
|
12674
|
+
table: "questionEvidenceLinks",
|
|
12675
|
+
prepopulation: "runtime_data",
|
|
12676
|
+
copyMode: "none",
|
|
12677
|
+
description: "Question-to-evidence links are tenant graph data."
|
|
12678
|
+
},
|
|
12679
|
+
{
|
|
12680
|
+
component: "kernel",
|
|
12681
|
+
table: "researchJobs",
|
|
12682
|
+
prepopulation: "runtime_queue",
|
|
12683
|
+
copyMode: "none",
|
|
12684
|
+
description: "Research job rows are runtime queue items."
|
|
12685
|
+
},
|
|
12686
|
+
{
|
|
12687
|
+
component: "kernel",
|
|
12688
|
+
table: "schemaEnumConfig",
|
|
12689
|
+
prepopulation: "required_template",
|
|
12690
|
+
copyMode: "template_global",
|
|
12691
|
+
scope: "global",
|
|
12692
|
+
uniqueKey: ["category", "value"],
|
|
12693
|
+
description: "Runtime-extensible enum defaults required by SDK graph APIs."
|
|
12694
|
+
},
|
|
12695
|
+
{
|
|
12696
|
+
component: "kernel",
|
|
12697
|
+
table: "stakeholderGroups",
|
|
12698
|
+
prepopulation: "runtime_data",
|
|
12699
|
+
copyMode: "none",
|
|
12700
|
+
description: "Stakeholder groups are tenant decision data."
|
|
12701
|
+
},
|
|
12702
|
+
{
|
|
12703
|
+
component: "kernel",
|
|
12704
|
+
table: "systemLogs",
|
|
12705
|
+
prepopulation: "runtime_log",
|
|
12706
|
+
copyMode: "none",
|
|
12707
|
+
description: "System logs are runtime telemetry."
|
|
12708
|
+
},
|
|
12709
|
+
{
|
|
12710
|
+
component: "kernel",
|
|
12711
|
+
table: "tasks",
|
|
12712
|
+
prepopulation: "runtime_data",
|
|
12713
|
+
copyMode: "none",
|
|
12714
|
+
description: "Tasks are tenant-authored work items."
|
|
12715
|
+
},
|
|
12716
|
+
{
|
|
12717
|
+
component: "kernel",
|
|
12718
|
+
table: "topics",
|
|
12719
|
+
prepopulation: "runtime_bootstrap",
|
|
12720
|
+
copyMode: "none",
|
|
12721
|
+
description: "Default topics are created by tenant provisioning, not copied from templates."
|
|
12722
|
+
},
|
|
12723
|
+
{
|
|
12724
|
+
component: "kernel",
|
|
12725
|
+
table: "workflowDefinitions",
|
|
12726
|
+
prepopulation: "optional_template",
|
|
12727
|
+
copyMode: "none",
|
|
12728
|
+
description: "Table-driven workflow definitions can be template data after the workflow engine leaves legacy mode."
|
|
12729
|
+
},
|
|
12730
|
+
{
|
|
12731
|
+
component: "kernel",
|
|
12732
|
+
table: "workflowPullRequests",
|
|
12733
|
+
prepopulation: "runtime_data",
|
|
12734
|
+
copyMode: "none",
|
|
12735
|
+
description: "Workflow pull requests are tenant workflow data."
|
|
12736
|
+
},
|
|
12737
|
+
{
|
|
12738
|
+
component: "kernel",
|
|
12739
|
+
table: "workflowStages",
|
|
12740
|
+
prepopulation: "optional_template",
|
|
12741
|
+
copyMode: "none",
|
|
12742
|
+
dependsOn: ["workflowDefinitions"],
|
|
12743
|
+
description: "Workflow stages can be template data after workflowDefinitions are enabled for bootstrap copying."
|
|
12744
|
+
},
|
|
12745
|
+
{
|
|
12746
|
+
component: "kernel",
|
|
12747
|
+
table: "worktreeBeliefCluster",
|
|
12748
|
+
prepopulation: "runtime_data",
|
|
12749
|
+
copyMode: "none",
|
|
12750
|
+
description: "Worktree cluster rows link runtime worktrees to runtime beliefs."
|
|
12751
|
+
},
|
|
12752
|
+
{
|
|
12753
|
+
component: "kernel",
|
|
12754
|
+
table: "worktrees",
|
|
12755
|
+
prepopulation: "runtime_data",
|
|
12756
|
+
copyMode: "none",
|
|
12757
|
+
description: "Worktrees are tenant/runtime planning data."
|
|
12758
|
+
},
|
|
12759
|
+
{
|
|
12760
|
+
component: "identity",
|
|
12761
|
+
table: "agents",
|
|
12762
|
+
prepopulation: "runtime_bootstrap",
|
|
12763
|
+
copyMode: "none",
|
|
12764
|
+
description: "Service agents are provisioned per tenant or service, not copied."
|
|
12765
|
+
},
|
|
12766
|
+
{
|
|
12767
|
+
component: "identity",
|
|
12768
|
+
table: "mcpWritePolicy",
|
|
12769
|
+
prepopulation: "required_template",
|
|
12770
|
+
copyMode: "template_global",
|
|
12771
|
+
scope: "global",
|
|
12772
|
+
uniqueKey: ["topicId", "role", "toolCategory"],
|
|
12773
|
+
description: "Global write policy defaults govern service and interactive MCP writes."
|
|
12774
|
+
},
|
|
12775
|
+
{
|
|
12776
|
+
component: "identity",
|
|
12777
|
+
table: "modelCallLogs",
|
|
12778
|
+
prepopulation: "runtime_log",
|
|
12779
|
+
copyMode: "none",
|
|
12780
|
+
description: "Model call logs are runtime telemetry."
|
|
12781
|
+
},
|
|
12782
|
+
{
|
|
12783
|
+
component: "identity",
|
|
12784
|
+
table: "modelFunctionSlots",
|
|
12785
|
+
prepopulation: "required_template",
|
|
12786
|
+
copyMode: "template_global",
|
|
12787
|
+
scope: "global",
|
|
12788
|
+
uniqueKey: ["slot"],
|
|
12789
|
+
description: "Function-to-model slots are required by model runtime resolution."
|
|
12790
|
+
},
|
|
12791
|
+
{
|
|
12792
|
+
component: "identity",
|
|
12793
|
+
table: "modelRegistry",
|
|
12794
|
+
prepopulation: "required_template",
|
|
12795
|
+
copyMode: "template_global",
|
|
12796
|
+
scope: "global",
|
|
12797
|
+
uniqueKey: ["key"],
|
|
12798
|
+
description: "Model catalog defaults are required by model runtime clients."
|
|
12799
|
+
},
|
|
12800
|
+
{
|
|
12801
|
+
component: "identity",
|
|
12802
|
+
table: "modelSlotConfigs",
|
|
12803
|
+
prepopulation: "required_template",
|
|
12804
|
+
copyMode: "template_global",
|
|
12805
|
+
scope: "global",
|
|
12806
|
+
uniqueKey: ["slot"],
|
|
12807
|
+
description: "Slot-level defaults are required before tenant overrides exist."
|
|
12808
|
+
},
|
|
12809
|
+
{
|
|
12810
|
+
component: "identity",
|
|
12811
|
+
table: "platformAudienceGrants",
|
|
12812
|
+
prepopulation: "runtime_data",
|
|
12813
|
+
copyMode: "none",
|
|
12814
|
+
description: "Audience grants are principal/group-specific access rows."
|
|
12815
|
+
},
|
|
12816
|
+
{
|
|
12817
|
+
component: "identity",
|
|
12818
|
+
table: "platformAudiences",
|
|
12819
|
+
prepopulation: "required_template",
|
|
12820
|
+
copyMode: "template_tenant_rewrite",
|
|
12821
|
+
scope: "tenant",
|
|
12822
|
+
uniqueKey: ["tenantId", "workspaceId", "audienceKey"],
|
|
12823
|
+
description: "Default tenant audience taxonomy rows are rewritten into each tenant."
|
|
12824
|
+
},
|
|
12825
|
+
{
|
|
12826
|
+
component: "identity",
|
|
12827
|
+
table: "platformPolicyDecisionLogs",
|
|
12828
|
+
prepopulation: "runtime_log",
|
|
12829
|
+
copyMode: "none",
|
|
12830
|
+
description: "Policy decisions are runtime audit logs."
|
|
12831
|
+
},
|
|
12832
|
+
{
|
|
12833
|
+
component: "identity",
|
|
12834
|
+
table: "projectGrants",
|
|
12835
|
+
prepopulation: "runtime_data",
|
|
12836
|
+
copyMode: "none",
|
|
12837
|
+
description: "Project/topic grants are principal or group-specific access rows."
|
|
12838
|
+
},
|
|
12839
|
+
{
|
|
12840
|
+
component: "identity",
|
|
12841
|
+
table: "reasoningPermissions",
|
|
12842
|
+
prepopulation: "runtime_data",
|
|
12843
|
+
copyMode: "none",
|
|
12844
|
+
description: "Reasoning permissions are principal-specific policy rows."
|
|
12845
|
+
},
|
|
12846
|
+
{
|
|
12847
|
+
component: "identity",
|
|
12848
|
+
table: "tenantApiKeys",
|
|
12849
|
+
prepopulation: "runtime_secret",
|
|
12850
|
+
copyMode: "none",
|
|
12851
|
+
description: "API keys are tenant credentials and must never be copied."
|
|
12852
|
+
},
|
|
12853
|
+
{
|
|
12854
|
+
component: "identity",
|
|
12855
|
+
table: "tenantConfig",
|
|
12856
|
+
prepopulation: "required_template",
|
|
12857
|
+
copyMode: "template_tenant_rewrite",
|
|
12858
|
+
scope: "tenant",
|
|
12859
|
+
uniqueKey: ["tenantId"],
|
|
12860
|
+
description: "Tenant-local config defaults are rewritten during bootstrap."
|
|
12861
|
+
},
|
|
12862
|
+
{
|
|
12863
|
+
component: "identity",
|
|
12864
|
+
table: "tenantIntegrations",
|
|
12865
|
+
prepopulation: "required_template",
|
|
12866
|
+
copyMode: "template_tenant_rewrite",
|
|
12867
|
+
scope: "tenant",
|
|
12868
|
+
uniqueKey: ["tenantId", "integrationKey"],
|
|
12869
|
+
description: "Non-secret integration descriptors are rewritten into each tenant."
|
|
12870
|
+
},
|
|
12871
|
+
{
|
|
12872
|
+
component: "identity",
|
|
12873
|
+
table: "tenantModelSlotBindings",
|
|
12874
|
+
prepopulation: "runtime_secret",
|
|
12875
|
+
copyMode: "none",
|
|
12876
|
+
description: "Tenant model slot bindings reference provider secrets and are runtime-only."
|
|
12877
|
+
},
|
|
12878
|
+
{
|
|
12879
|
+
component: "identity",
|
|
12880
|
+
table: "tenantPolicies",
|
|
12881
|
+
prepopulation: "required_template",
|
|
12882
|
+
copyMode: "template_tenant_rewrite",
|
|
12883
|
+
scope: "tenant",
|
|
12884
|
+
uniqueKey: ["tenantId", "workspaceId", "roleName"],
|
|
12885
|
+
description: "Default tenant policy roles are rewritten during bootstrap."
|
|
12886
|
+
},
|
|
12887
|
+
{
|
|
12888
|
+
component: "identity",
|
|
12889
|
+
table: "tenantProviderSecrets",
|
|
12890
|
+
prepopulation: "runtime_secret",
|
|
12891
|
+
copyMode: "none",
|
|
12892
|
+
description: "Provider secrets are credentials and must never be copied."
|
|
12893
|
+
},
|
|
12894
|
+
{
|
|
12895
|
+
component: "identity",
|
|
12896
|
+
table: "tenantProxyGatewayUsage",
|
|
12897
|
+
prepopulation: "runtime_log",
|
|
12898
|
+
copyMode: "none",
|
|
12899
|
+
description: "Proxy gateway usage rows are runtime telemetry."
|
|
12900
|
+
},
|
|
12901
|
+
{
|
|
12902
|
+
component: "identity",
|
|
12903
|
+
table: "tenantProxyTokenMints",
|
|
12904
|
+
prepopulation: "runtime_secret",
|
|
12905
|
+
copyMode: "none",
|
|
12906
|
+
description: "Proxy token mints are ephemeral secret-bearing runtime rows."
|
|
12907
|
+
},
|
|
12908
|
+
{
|
|
12909
|
+
component: "identity",
|
|
12910
|
+
table: "tenantSandboxAuditEvents",
|
|
12911
|
+
prepopulation: "runtime_log",
|
|
12912
|
+
copyMode: "none",
|
|
12913
|
+
description: "Sandbox audit rows are runtime security logs."
|
|
12914
|
+
},
|
|
12915
|
+
{
|
|
12916
|
+
component: "identity",
|
|
12917
|
+
table: "tenantSecrets",
|
|
12918
|
+
prepopulation: "runtime_secret",
|
|
12919
|
+
copyMode: "none",
|
|
12920
|
+
description: "Tenant secrets are credentials and must never be copied."
|
|
12921
|
+
},
|
|
12922
|
+
{
|
|
12923
|
+
component: "identity",
|
|
12924
|
+
table: "toolAcls",
|
|
12925
|
+
prepopulation: "required_template",
|
|
12926
|
+
copyMode: "template_global",
|
|
12927
|
+
scope: "global",
|
|
12928
|
+
uniqueKey: ["role", "toolName"],
|
|
12929
|
+
description: "Default role-to-tool grants are required for SDK/MCP tool access."
|
|
12930
|
+
},
|
|
12931
|
+
{
|
|
12932
|
+
component: "identity",
|
|
12933
|
+
table: "toolRegistry",
|
|
12934
|
+
prepopulation: "required_template",
|
|
12935
|
+
copyMode: "template_global",
|
|
12936
|
+
scope: "global",
|
|
12937
|
+
uniqueKey: ["toolName"],
|
|
12938
|
+
description: "Core tool catalog rows are required before pack or tenant tools exist."
|
|
12939
|
+
},
|
|
12940
|
+
{
|
|
12941
|
+
component: "identity",
|
|
12942
|
+
table: "users",
|
|
12943
|
+
prepopulation: "runtime_bootstrap",
|
|
12944
|
+
copyMode: "none",
|
|
12945
|
+
description: "Users are created from Clerk/MC principal resolution, not copied."
|
|
12946
|
+
}
|
|
12947
|
+
];
|
|
12948
|
+
var TENANT_BOOTSTRAP_SEED_TABLES = TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(
|
|
12949
|
+
isCopyableSeedRequirement
|
|
12950
|
+
);
|
|
12951
|
+
var TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES = TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(
|
|
12952
|
+
(entry) => !isCopyableSeedRequirement(entry)
|
|
12953
|
+
).map((entry) => entry.table);
|
|
12954
|
+
var TENANT_BOOTSTRAP_SEED_MANIFEST = {
|
|
12955
|
+
contractVersion: TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION,
|
|
12956
|
+
authMetadataFields: TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS,
|
|
12957
|
+
components: TENANT_BOOTSTRAP_SEED_COMPONENTS,
|
|
12958
|
+
tableRequirements: TENANT_BOOTSTRAP_TABLE_REQUIREMENTS,
|
|
12959
|
+
tables: TENANT_BOOTSTRAP_SEED_TABLES,
|
|
12960
|
+
forbiddenTables: TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES
|
|
12961
|
+
};
|
|
12962
|
+
function findTenantBootstrapTableRequirement(table) {
|
|
12963
|
+
return TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.find(
|
|
12964
|
+
(entry) => entry.table === table
|
|
12965
|
+
);
|
|
12966
|
+
}
|
|
12967
|
+
function findTenantBootstrapSeedTable(table) {
|
|
12968
|
+
return TENANT_BOOTSTRAP_SEED_TABLES.find((entry) => entry.table === table);
|
|
12969
|
+
}
|
|
12970
|
+
function isTenantBootstrapSeedTable(table) {
|
|
12971
|
+
return Boolean(findTenantBootstrapSeedTable(table));
|
|
12972
|
+
}
|
|
12973
|
+
function isTenantBootstrapForbiddenSeedTable(table) {
|
|
12974
|
+
return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some((entry) => entry === table);
|
|
12975
|
+
}
|
|
12976
|
+
var TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION = "2026-04-30.1";
|
|
12977
|
+
var TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID = "tenant_template";
|
|
12978
|
+
var TENANT_BOOTSTRAP_TEMPLATE_ACTOR = "system:lucern-template-seed";
|
|
12979
|
+
var DEFAULT_SEED_TIME = Date.UTC(2026, 3, 30);
|
|
12980
|
+
var ROLE_GRANTS = {
|
|
12981
|
+
viewer: ["viewer", "auditor", "editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
|
|
12982
|
+
auditor: ["auditor", "tenant_admin", "platform_admin", "service_agent"],
|
|
12983
|
+
editor: ["editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
|
|
12984
|
+
workspace_admin: ["workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
|
|
12985
|
+
tenant_admin: ["tenant_admin", "platform_admin", "service_agent"],
|
|
12986
|
+
platform_admin: ["platform_admin", "service_agent"],
|
|
12987
|
+
service_agent: ["service_agent"]
|
|
12988
|
+
};
|
|
12989
|
+
var ENUM_VALUES = {
|
|
12990
|
+
topic_type: ["domain", "theme", "deal", "strategy", "constitution", "project", "portfolio", "architecture", "capability", "runtime", "interface", "governance", "operations", "security", "data"],
|
|
12991
|
+
branch_schema: ["pillar", "track", "dimension", "axis", "phase"],
|
|
12992
|
+
belief_type: ["belief", "hypothesis", "principle", "invariant", "assumption", "tenet", "prior", "preference", "goal", "forecast", "decision", "constraint", "tradeoff", "policy", "implementation_choice", "implementation_decision", "interface_contract", "migration_state", "code_pattern", "deprecation_notice"],
|
|
12993
|
+
edge_type: ["supports", "informs", "depends_on", "derived_from", "contains", "tests", "supersedes", "responds_to", "belongs_to", "relates_to_thesis", "works_at", "invested_in", "competes_with", "participates_in", "founded_by", "evaluates", "performs", "function_in", "impacts", "raised_from", "mentioned_in", "perspective_on", "plays_theme"],
|
|
12994
|
+
worktree_type: ["belief_test", "lens", "existential", "contradiction", "refinement", "coverage", "discovery", "clarification", "confirmation"],
|
|
12995
|
+
worktree_phase: ["cluster_mapping", "hypothesis_formation", "question_generation", "evidence_collection", "synthesis", "decision", "retrospective"],
|
|
12996
|
+
activity_type: ["create", "update", "review", "merge", "archive", "comment", "status_change", "evidence_added", "question_added"],
|
|
12997
|
+
lens_perspective_type: ["investigation", "monitoring", "analysis", "comparison", "taxonomy"],
|
|
12998
|
+
node_type: ["belief", "question", "theme", "deal", "evidence", "claim", "synthesis", "source", "excerpt", "atomic_fact", "person", "company", "investor", "value_chain", "function", "decision"]
|
|
12999
|
+
};
|
|
13000
|
+
var MODEL_REGISTRY = [
|
|
13001
|
+
["claude-sonnet-4", "Claude Sonnet 4", "claude-sonnet-4-20250514", "anthropic", 2e5, 64e3, 1, 3, 15],
|
|
13002
|
+
["claude-sonnet-4.5", "Claude Sonnet 4.5", "claude-sonnet-4-5-20250929", "anthropic", 2e5, 64e3, 1, 3, 15],
|
|
13003
|
+
["claude-opus-4", "Claude Opus 4", "claude-opus-4-20250514", "anthropic", 2e5, 32e3, 1, 15, 75],
|
|
13004
|
+
["gpt-4o", "GPT-4o", "gpt-4o", "openai", 128e3, 16e3, 0.7, 5, 15],
|
|
13005
|
+
["gpt-4o-mini", "GPT-4o Mini", "gpt-4o-mini", "openai", 128e3, 16e3, 0.7, 0.15, 0.6],
|
|
13006
|
+
["gemini-2.5-pro", "Gemini 2.5 Pro", "gemini-2.5-pro", "google", 1e6, 32e3, 0.7, 1.25, 10],
|
|
13007
|
+
["sonar-pro", "Sonar Pro", "sonar-pro", "perplexity", 128e3, 8e3, 0.3, 3, 15]
|
|
13008
|
+
];
|
|
13009
|
+
var MODEL_SLOTS = [
|
|
13010
|
+
["primer_default", "primers", "Default primer generation for general topics", "claude-sonnet-4", "agents/primer/system", 1, 4e3, ["text_generation", "reasoning"]],
|
|
13011
|
+
["primer_technical", "primers", "Technical and engineering focused primers", "claude-sonnet-4", "agents/primer/system", 0.8, 4e3, ["text_generation", "reasoning", "code"]],
|
|
13012
|
+
["primer_intelligence", "document_intelligence", "Extract evidence, beliefs, and questions from documents", "claude-sonnet-4", "agents/primer-intelligence", 0.3, 8e3, ["text_generation", "structured_output", "reasoning"]],
|
|
13013
|
+
["fact_checker", "research", "Verify claims without web search", "claude-sonnet-4", "agents/internet-fact-checker", 0.3, 4e3, ["text_generation", "reasoning"]],
|
|
13014
|
+
["fact_checker_web", "research", "Verify claims with web search", "sonar-pro", "agents/internet-fact-checker", 0.3, 4e3, ["web_search"]],
|
|
13015
|
+
["deep_research", "research", "Deep research with extended analysis", "claude-opus-4", void 0, 0.7, 8e3, ["text_generation", "reasoning", "long_context"]],
|
|
13016
|
+
["belief_classifier", "classification", "Classify beliefs by epistemic type", "claude-sonnet-4", "classification/belief-category", 0.2, 1e3, ["text_generation", "reasoning"]],
|
|
13017
|
+
["evidence_classifier", "classification", "Classify evidence methodology and quality", "claude-sonnet-4", "classification/evidence-rules", 0.3, 1e3, ["text_generation", "reasoning"]],
|
|
13018
|
+
["edge_classifier", "classification", "Classify edge reasoning method and temporal class", "claude-sonnet-4", "classification/epistemic-guidance", 0.3, 1e3, ["text_generation", "reasoning"]],
|
|
13019
|
+
["entity_extractor", "extraction", "Extract entities from text", "claude-sonnet-4", void 0, 0.2, 2e3, ["text_generation", "structured_output"]],
|
|
13020
|
+
["graph_intelligence_query", "graph_intelligence", "Analyze graph health, gaps, and structural risks", "claude-sonnet-4", "graph-intelligence/query", 0.5, 8e3, ["text_generation", "reasoning", "tool_use"]],
|
|
13021
|
+
["graph_intelligence_suggestions", "graph_intelligence", "Extract actionable graph suggestions", "claude-sonnet-4", "graph-intelligence/suggestions-extraction", 0.2, 4e3, ["text_generation", "structured_output"]],
|
|
13022
|
+
["text_to_cypher", "graph_intelligence", "Generate read-only Cypher from graph questions", "claude-sonnet-4", "graph-intelligence/text-to-cypher", 0.2, 2e3, ["text_generation", "code", "reasoning"]],
|
|
13023
|
+
["contradiction_verifier", "epistemic", "Verify semantic contradiction candidates", "claude-sonnet-4", "lucern/verify-contradiction", 0.2, 500, ["text_generation", "reasoning"]],
|
|
13024
|
+
["task_execution", "tasks", "Execute research tasks with structured analysis", "claude-sonnet-4", void 0, 0.3, 4e3, ["text_generation", "reasoning", "structured_output"]],
|
|
13025
|
+
["sprint_unified", "sprints", "Unified worktree chat across all phases", "claude-opus-4", "worktrees/unified-system-prompt", 0.7, 8e3, ["text_generation", "reasoning", "tool_use"]],
|
|
13026
|
+
["evidence_assessor", "sprints", "Assess evidence for belief valence and certainty", "claude-sonnet-4", "worktrees/scoring/evidence-assessor", 0.3, 4e3, ["text_generation", "reasoning", "structured_output"]],
|
|
13027
|
+
["title_generator", "utility", "Generate concise titles", "gpt-4o-mini", void 0, 0.7, 100, ["text_generation", "fast", "cheap"]],
|
|
13028
|
+
["help_desk_agent", "utility", "Help desk support agent for workflow guidance", "claude-sonnet-4", "agents/help-desk-agent", 0.4, 2e3, ["text_generation", "reasoning"]],
|
|
13029
|
+
["bug_detective_agent", "utility", "Bug triage assistant for structured diagnosis", "claude-sonnet-4", "agents/bug-detective-agent", 0.3, 2e3, ["text_generation", "reasoning"]]
|
|
13030
|
+
];
|
|
13031
|
+
function labelFor(value) {
|
|
13032
|
+
return value.split(/[_-]/).map((part) => part.charAt(0).toUpperCase() + part.slice(1)).join(" ");
|
|
13033
|
+
}
|
|
13034
|
+
function seedContext(options) {
|
|
13035
|
+
return {
|
|
13036
|
+
now: options.now ?? DEFAULT_SEED_TIME,
|
|
13037
|
+
templateTenantId: options.templateTenantId ?? TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID,
|
|
13038
|
+
actor: options.actorPrincipalId ?? TENANT_BOOTSTRAP_TEMPLATE_ACTOR,
|
|
13039
|
+
version: options.version ?? TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION
|
|
13040
|
+
};
|
|
13041
|
+
}
|
|
13042
|
+
function toolCategory(contract) {
|
|
13043
|
+
if (contract.surfaceIntent === "system") return "system";
|
|
13044
|
+
if (contract.effects.includes("admin")) return "admin";
|
|
13045
|
+
if (contract.effects.includes("write") || contract.kind !== "query") return "write";
|
|
13046
|
+
return "read";
|
|
13047
|
+
}
|
|
13048
|
+
function requiredRole(category) {
|
|
13049
|
+
if (category === "system") return "service_agent";
|
|
13050
|
+
if (category === "admin") return "tenant_admin";
|
|
13051
|
+
if (category === "write") return "editor";
|
|
13052
|
+
return "viewer";
|
|
13053
|
+
}
|
|
13054
|
+
function requiredAction(category) {
|
|
13055
|
+
if (category === "admin" || category === "system") return "admin";
|
|
13056
|
+
if (category === "write") return "mutate";
|
|
13057
|
+
return "read";
|
|
13058
|
+
}
|
|
13059
|
+
function enabledSurfaces(contract) {
|
|
13060
|
+
return [
|
|
13061
|
+
contract.surfaces.mcp !== "none" ? "mcp" : void 0,
|
|
13062
|
+
contract.surfaces.sdk !== "none" ? "sdk" : void 0,
|
|
13063
|
+
contract.surfaces.cli !== "none" ? "cli" : void 0,
|
|
13064
|
+
contract.surfaces.rest !== "none" ? "api" : void 0
|
|
13065
|
+
].filter((value) => Boolean(value));
|
|
13066
|
+
}
|
|
13067
|
+
function buildToolRegistry(now, actor, version) {
|
|
13068
|
+
const rows = /* @__PURE__ */ new Map();
|
|
13069
|
+
for (const contract of ALL_FUNCTION_CONTRACTS) {
|
|
13070
|
+
const surfaces = enabledSurfaces(contract);
|
|
13071
|
+
if (surfaces.length === 0) continue;
|
|
13072
|
+
const category = toolCategory(contract);
|
|
13073
|
+
const readOnly = category === "read";
|
|
13074
|
+
const toolName = contract.mcp.toolName || contract.name;
|
|
13075
|
+
rows.set(toolName, {
|
|
13076
|
+
toolName,
|
|
13077
|
+
description: contract.openapi.summary,
|
|
13078
|
+
version,
|
|
13079
|
+
status: "active",
|
|
13080
|
+
requiredRole: requiredRole(category),
|
|
13081
|
+
requiredAction: requiredAction(category),
|
|
13082
|
+
surfaces,
|
|
13083
|
+
category,
|
|
13084
|
+
parameterSchema: { contract: contract.name, sdk: contract.sdk },
|
|
13085
|
+
handlerRef: contract.convex ? `${contract.convex.module}.${contract.convex.functionName}` : contract.name,
|
|
13086
|
+
executionAdapter: contract.convex?.kind === "action" ? "convex_action" : contract.convex?.kind === "mutation" ? "convex_mutation" : "mcp_tool",
|
|
13087
|
+
safetyMetadata: {
|
|
13088
|
+
readOnly,
|
|
13089
|
+
idempotent: readOnly || contract.idempotent === true || contract.idempotent === "required",
|
|
13090
|
+
sideEffectLevel: readOnly ? "none" : category === "admin" ? "high" : "low"
|
|
13091
|
+
},
|
|
13092
|
+
isCore: true,
|
|
13093
|
+
mcVersion: version,
|
|
13094
|
+
registeredBy: actor,
|
|
13095
|
+
registeredAt: now
|
|
13096
|
+
});
|
|
13097
|
+
}
|
|
13098
|
+
return [...rows.values()].sort(
|
|
13099
|
+
(a, b) => String(a.toolName).localeCompare(String(b.toolName))
|
|
13100
|
+
);
|
|
13101
|
+
}
|
|
13102
|
+
function buildToolAcls(tools, now, actor) {
|
|
13103
|
+
return tools.flatMap(
|
|
13104
|
+
(tool) => (ROLE_GRANTS[tool.requiredRole] ?? [tool.requiredRole]).map(
|
|
13105
|
+
(role) => ({ role, toolName: tool.toolName, createdBy: actor, createdAt: now })
|
|
13106
|
+
)
|
|
13107
|
+
);
|
|
13108
|
+
}
|
|
13109
|
+
function buildMcpWritePolicy(now, actor) {
|
|
13110
|
+
return [
|
|
13111
|
+
...["viewer", "auditor"].map((role) => ({
|
|
13112
|
+
role,
|
|
13113
|
+
toolCategory: "write",
|
|
13114
|
+
permission: "deny",
|
|
13115
|
+
enabled: true,
|
|
13116
|
+
rationale: "Read-only roles cannot mutate the reasoning graph.",
|
|
13117
|
+
createdAt: now,
|
|
13118
|
+
updatedAt: now,
|
|
13119
|
+
createdBy: actor
|
|
13120
|
+
})),
|
|
13121
|
+
...["editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"].map((role) => ({
|
|
13122
|
+
role,
|
|
13123
|
+
toolCategory: "write",
|
|
13124
|
+
permission: "allow",
|
|
13125
|
+
maxWritesPerSession: role === "editor" ? 200 : void 0,
|
|
13126
|
+
enabled: true,
|
|
13127
|
+
rationale: "Default global write policy for trusted graph mutation roles.",
|
|
13128
|
+
createdAt: now,
|
|
13129
|
+
updatedAt: now,
|
|
13130
|
+
createdBy: actor
|
|
13131
|
+
}))
|
|
13132
|
+
];
|
|
13133
|
+
}
|
|
13134
|
+
function buildTenantPolicies(tenantId, now, actor) {
|
|
13135
|
+
const rows = [
|
|
13136
|
+
["viewer", "Read graph and runtime metadata.", [{ resource: "graph", actions: ["read"] }]],
|
|
13137
|
+
["auditor", "Read graph, audit, and policy decisions.", [{ resource: "audit", actions: ["read", "export"] }]],
|
|
13138
|
+
["editor", "Read and mutate tenant reasoning state.", [{ resource: "graph", actions: ["read", "create", "update", "mutate"] }]],
|
|
13139
|
+
["workspace_admin", "Manage workspace-scoped reasoning operations.", [{ resource: "workspace", actions: ["read", "update", "admin"] }]],
|
|
13140
|
+
["tenant_admin", "Manage tenant policy, tools, users, and publication.", [{ resource: "tenant", actions: ["read", "update", "admin"] }, { resource: "policy", actions: ["read", "create", "update", "admin"] }]],
|
|
13141
|
+
["service_agent", "Service principal execution role for automation.", [{ resource: "runtime", actions: ["read", "create", "update"] }, { resource: "graph", actions: ["read", "create", "update", "mutate"] }]]
|
|
13142
|
+
];
|
|
13143
|
+
return rows.map(([roleName, description, permissions]) => ({
|
|
13144
|
+
tenantId,
|
|
13145
|
+
roleName,
|
|
13146
|
+
description,
|
|
13147
|
+
permissions,
|
|
13148
|
+
groupBindings: [],
|
|
13149
|
+
createdAt: now,
|
|
13150
|
+
updatedAt: now,
|
|
13151
|
+
createdBy: actor,
|
|
13152
|
+
updatedBy: actor
|
|
13153
|
+
}));
|
|
13154
|
+
}
|
|
13155
|
+
function modelRegistryRows(now) {
|
|
13156
|
+
return MODEL_REGISTRY.map(([key, name, modelId, provider, contextWindow, maxOutputTokens, defaultTemperature, inputCostPer1M, outputCostPer1M]) => ({
|
|
13157
|
+
key,
|
|
13158
|
+
name,
|
|
13159
|
+
modelId,
|
|
13160
|
+
provider,
|
|
13161
|
+
capabilities: ["text_generation", "reasoning"],
|
|
13162
|
+
contextWindow,
|
|
13163
|
+
maxOutputTokens,
|
|
13164
|
+
defaultTemperature,
|
|
13165
|
+
inputCostPer1M,
|
|
13166
|
+
outputCostPer1M,
|
|
13167
|
+
recommended: true,
|
|
13168
|
+
enabled: true,
|
|
13169
|
+
createdAt: now,
|
|
13170
|
+
updatedAt: now
|
|
13171
|
+
}));
|
|
13172
|
+
}
|
|
13173
|
+
function modelFunctionSlotRows(now) {
|
|
13174
|
+
return MODEL_SLOTS.map(([slot, category, description, modelKey, promptName, temperature, maxTokens, requiredCapabilities]) => ({
|
|
13175
|
+
slot,
|
|
13176
|
+
category,
|
|
13177
|
+
description,
|
|
13178
|
+
modelKey,
|
|
13179
|
+
promptName,
|
|
13180
|
+
temperature,
|
|
13181
|
+
maxTokens,
|
|
13182
|
+
requiredCapabilities,
|
|
13183
|
+
enabled: true,
|
|
13184
|
+
isDefault: true,
|
|
13185
|
+
notes: `Seeded by ${TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION}.`,
|
|
13186
|
+
createdAt: now,
|
|
13187
|
+
updatedAt: now
|
|
13188
|
+
}));
|
|
13189
|
+
}
|
|
13190
|
+
function modelSlotConfigRows(now) {
|
|
13191
|
+
return MODEL_SLOTS.map(([slot, , , modelKey, , temperature, maxTokens]) => ({
|
|
13192
|
+
slot,
|
|
13193
|
+
modelKey,
|
|
13194
|
+
temperature,
|
|
13195
|
+
maxTokens,
|
|
13196
|
+
enabled: true,
|
|
13197
|
+
notes: `Default routing for ${slot}.`,
|
|
13198
|
+
createdAt: now,
|
|
13199
|
+
updatedAt: now
|
|
13200
|
+
}));
|
|
13201
|
+
}
|
|
13202
|
+
function schemaEnumRows(now) {
|
|
13203
|
+
return Object.entries(ENUM_VALUES).flatMap(
|
|
13204
|
+
([category, values]) => values.map((value, index) => ({
|
|
13205
|
+
category,
|
|
13206
|
+
value,
|
|
13207
|
+
label: labelFor(value),
|
|
13208
|
+
description: `${labelFor(value)} ${category} value.`,
|
|
13209
|
+
tier: "platform",
|
|
13210
|
+
metadata: { seedVersion: TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION },
|
|
13211
|
+
isDefault: index === 0,
|
|
13212
|
+
sortOrder: index + 1,
|
|
13213
|
+
status: "active",
|
|
13214
|
+
createdAt: now,
|
|
13215
|
+
updatedAt: now
|
|
13216
|
+
}))
|
|
13217
|
+
);
|
|
13218
|
+
}
|
|
13219
|
+
function buildTenantBootstrapTemplateSeedRows(options = {}) {
|
|
13220
|
+
const ctx = seedContext(options);
|
|
13221
|
+
const toolRegistry2 = buildToolRegistry(ctx.now, ctx.actor, ctx.version);
|
|
13222
|
+
return {
|
|
13223
|
+
kernel: {
|
|
13224
|
+
backgroundJobSettings: [
|
|
13225
|
+
{ jobKey: "neo4j_sync", enabled: false, notes: "Disabled until graph-sync credentials are configured.", updatedAt: ctx.now, updatedBy: ctx.actor },
|
|
13226
|
+
{ jobKey: "calibration_rollups", enabled: true, notes: "Compute calibration rollups when calibration data exists.", updatedAt: ctx.now, updatedBy: ctx.actor }
|
|
13227
|
+
],
|
|
13228
|
+
ontologyDefinitions: [
|
|
13229
|
+
{ ontologyKey: "lucern-core", name: "Lucern Core", description: "Core Lucern reasoning taxonomy.", tier: "platform", status: "active", createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now }
|
|
13230
|
+
],
|
|
13231
|
+
ontologyVersions: [
|
|
13232
|
+
{
|
|
13233
|
+
ontologyId: "lucern-core",
|
|
13234
|
+
ontologyKey: "lucern-core",
|
|
13235
|
+
version: ctx.version,
|
|
13236
|
+
status: "published",
|
|
13237
|
+
entityTypes: ["belief", "question", "evidence", "answer", "decision", "task", "worktree", "topic", "source"].map((value) => ({ value, label: labelFor(value) })),
|
|
13238
|
+
edgeTypes: ["supports", "informs", "depends_on", "derived_from", "contains", "tests", "supersedes", "responds_to"].map((value) => ({ value, label: labelFor(value) })),
|
|
13239
|
+
releaseNotes: "Initial platform ontology seed.",
|
|
13240
|
+
publishedBy: ctx.actor,
|
|
13241
|
+
publishedAt: ctx.now,
|
|
13242
|
+
createdAt: ctx.now
|
|
13243
|
+
}
|
|
13244
|
+
],
|
|
13245
|
+
publicationRules: [
|
|
13246
|
+
{ tenantId: ctx.templateTenantId, name: "publish-high-confidence-beliefs", description: "Publish high-confidence beliefs to tenant-level consumers.", conditionType: "confidence_threshold", conditions: { minConfidence: 0.85 }, enabled: true, priority: 100, createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now }
|
|
13247
|
+
],
|
|
13248
|
+
schemaEnumConfig: schemaEnumRows(ctx.now)
|
|
13249
|
+
},
|
|
13250
|
+
identity: {
|
|
13251
|
+
mcpWritePolicy: buildMcpWritePolicy(ctx.now, ctx.actor),
|
|
13252
|
+
modelFunctionSlots: modelFunctionSlotRows(ctx.now),
|
|
13253
|
+
modelRegistry: modelRegistryRows(ctx.now),
|
|
13254
|
+
modelSlotConfigs: modelSlotConfigRows(ctx.now),
|
|
13255
|
+
platformAudiences: [
|
|
13256
|
+
["internal", "Internal", "internal"],
|
|
13257
|
+
["lp", "Limited Partners", "restricted_external"],
|
|
13258
|
+
["public", "Public", "public"]
|
|
13259
|
+
].map(([audienceKey, audienceLabel, audienceClass]) => ({ tenantId: ctx.templateTenantId, audienceKey, audienceLabel, audienceClass, status: "active", metadata: { seedVersion: ctx.version }, createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now })),
|
|
13260
|
+
tenantConfig: [
|
|
13261
|
+
{ tenantId: ctx.templateTenantId, authPolicyMode: "open", defaultSessionTTL: 28800, defaultTopicVisibility: "tenant", featureFlags: { sdkBootstrapSeeds: true, interactiveRoleAuth: true }, maxWorkspaceCount: 25, defaultModelSlotOverrides: {}, updatedAt: ctx.now, updatedBy: ctx.actor }
|
|
13262
|
+
],
|
|
13263
|
+
tenantIntegrations: [
|
|
13264
|
+
{ tenantId: ctx.templateTenantId, integrationKey: "web-search", displayName: "Web Search", description: "Tenant-configurable search integration placeholder.", category: "search", capabilities: ["search", "deep_research", "summarize"], config: { apiBaseUrl: "https://example.invalid/lucern/search", authType: "none", timeout: 3e4 }, endpoints: { search: { path: "/search", method: "POST", queryParamName: "query", resultPath: "results" } }, status: "disabled", usageCount: 0, createdAt: ctx.now, updatedAt: ctx.now, createdBy: ctx.actor }
|
|
13265
|
+
],
|
|
13266
|
+
tenantPolicies: buildTenantPolicies(ctx.templateTenantId, ctx.now, ctx.actor),
|
|
13267
|
+
toolAcls: buildToolAcls(toolRegistry2, ctx.now, ctx.actor),
|
|
13268
|
+
toolRegistry: toolRegistry2
|
|
13269
|
+
}
|
|
13270
|
+
};
|
|
13271
|
+
}
|
|
13272
|
+
|
|
11303
13273
|
// src/v1/topics/v1.ts
|
|
11304
13274
|
var ROOT_TOPIC_ID = "n17tm38rwet7wqgzrmwahyt1z582590y";
|
|
11305
13275
|
function collectTopicNeighborhood(topics2, rootTopicId, maxDescendantDepth = 2) {
|
|
@@ -11593,6 +13563,6 @@ var CANONICAL_WORKFLOW_DEFINITIONS = [
|
|
|
11593
13563
|
}
|
|
11594
13564
|
];
|
|
11595
13565
|
|
|
11596
|
-
export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GraphRefSchema, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, bigramTokenize, buildDomainEvent, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, findEdgePolicy, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, isAfterCursor, isLucernPrompt, jaccardSimilarity, lastDelegator, listBeliefsProjection, listTasksProjection, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tokenOverlapScore, tokenizeSearchText, wordOverlapScore, wordTokenize };
|
|
13566
|
+
export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION, COMPONENT_HOST_DB_READ_OPERATIONS, COMPONENT_HOST_DB_WRITE_OPERATIONS, COMPONENT_HOST_PROTECTED_TABLES, COMPONENT_HOST_PROTECTED_TABLE_OWNERS, COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS, COMPONENT_HOST_WRITE_AUDIT_ROOTS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GraphRefSchema, INFISICAL_RUNTIME_BOOTSTRAP_ENV, INFISICAL_RUNTIME_CONTRACT_VERSION, INFISICAL_RUNTIME_DEFAULT_API_URL, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DELIVERY_MODES, INFISICAL_RUNTIME_ENVIRONMENTS, INFISICAL_RUNTIME_MANIFEST, INFISICAL_RUNTIME_PATHS, INFISICAL_RUNTIME_SURFACES, INFISICAL_RUNTIME_SURFACE_IDS, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES, TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS, TENANT_BOOTSTRAP_SEED_COMPONENTS, TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION, TENANT_BOOTSTRAP_SEED_MANIFEST, TENANT_BOOTSTRAP_SEED_TABLES, TENANT_BOOTSTRAP_TABLE_REQUIREMENTS, TENANT_BOOTSTRAP_TEMPLATE_ACTOR, TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION, TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID, TENANT_CLIENT_AUTH_MODES, TENANT_CLIENT_CAPABILITIES, TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS, TENANT_CLIENT_CONTRACT_VERSION, TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS, TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS, TENANT_CLIENT_FORBIDDEN_SECRET_ENV, TENANT_CLIENT_INSTALLABLE_PACKAGES, TENANT_CLIENT_INSTALL_TOKEN_ENV, TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH, TENANT_CLIENT_ISOLATION_RULES, TENANT_CLIENT_MANIFEST, TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS, TENANT_CLIENT_PRINCIPAL_TYPES, TENANT_CLIENT_PUBLIC_IMPORTS, TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS, TENANT_CLIENT_REQUIRED_SDK_NAMESPACES, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, assertTenantClientImportAllowed, bigramTokenize, buildDomainEvent, buildTenantBootstrapTemplateSeedRows, classifyTenantClientImport, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, findEdgePolicy, findInfisicalRuntimePath, findInfisicalRuntimeSurface, findTenantBootstrapSeedTable, findTenantBootstrapTableRequirement, findTenantClientInstallablePackage, formatTenantClientImportViolation, getComponentBoundaryTableLayer, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, isAfterCursor, isComponentBoundaryComponentOwnedTable, isLucernPrompt, isTenantBootstrapForbiddenSeedTable, isTenantBootstrapSeedTable, isTenantClientAllowedImport, isTenantClientComponentConfigImport, isTenantClientInstallablePackage, isTenantClientPublicImport, jaccardSimilarity, lastDelegator, listBeliefsProjection, listTasksProjection, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tokenOverlapScore, tokenizeSearchText, wordOverlapScore, wordTokenize };
|
|
11597
13567
|
//# sourceMappingURL=index.js.map
|
|
11598
13568
|
//# sourceMappingURL=index.js.map
|