@lucern/contracts 0.3.0-alpha.3 → 0.3.0-alpha.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/component-host-boundary.contract.d.ts +41 -0
- package/dist/component-host-boundary.contract.js +54 -0
- package/dist/component-host-boundary.contract.js.map +1 -0
- package/dist/function-registry/beliefs.d.ts +41 -41
- package/dist/function-registry/beliefs.js +202 -8
- package/dist/function-registry/beliefs.js.map +1 -1
- package/dist/function-registry/coding.js +187 -8
- package/dist/function-registry/coding.js.map +1 -1
- package/dist/function-registry/context.d.ts +13 -13
- package/dist/function-registry/context.js +187 -9
- package/dist/function-registry/context.js.map +1 -1
- package/dist/function-registry/contracts.js +158 -5
- package/dist/function-registry/contracts.js.map +1 -1
- package/dist/function-registry/coordination.js +158 -5
- package/dist/function-registry/coordination.js.map +1 -1
- package/dist/function-registry/edges.js +169 -6
- package/dist/function-registry/edges.js.map +1 -1
- package/dist/function-registry/evidence.d.ts +33 -33
- package/dist/function-registry/evidence.js +202 -9
- package/dist/function-registry/evidence.js.map +1 -1
- package/dist/function-registry/graph.d.ts +53 -53
- package/dist/function-registry/graph.js +217 -12
- package/dist/function-registry/graph.js.map +1 -1
- package/dist/function-registry/helpers.d.ts +1 -1
- package/dist/function-registry/helpers.js +158 -5
- package/dist/function-registry/helpers.js.map +1 -1
- package/dist/function-registry/identity.js +158 -5
- package/dist/function-registry/identity.js.map +1 -1
- package/dist/function-registry/index.d.ts +1 -1
- package/dist/function-registry/index.js +158 -5
- package/dist/function-registry/index.js.map +1 -1
- package/dist/function-registry/judgments.d.ts +9 -9
- package/dist/function-registry/judgments.js +170 -8
- package/dist/function-registry/judgments.js.map +1 -1
- package/dist/function-registry/legacy.js +158 -5
- package/dist/function-registry/legacy.js.map +1 -1
- package/dist/function-registry/lenses.d.ts +17 -17
- package/dist/function-registry/lenses.js +181 -8
- package/dist/function-registry/lenses.js.map +1 -1
- package/dist/function-registry/manifest.d.ts +3 -3
- package/dist/function-registry/manifest.js +1 -1
- package/dist/function-registry/manifest.js.map +1 -1
- package/dist/function-registry/ontologies.d.ts +45 -45
- package/dist/function-registry/ontologies.js +176 -11
- package/dist/function-registry/ontologies.js.map +1 -1
- package/dist/function-registry/pipeline.d.ts +13 -13
- package/dist/function-registry/pipeline.js +167 -8
- package/dist/function-registry/pipeline.js.map +1 -1
- package/dist/function-registry/questions.d.ts +49 -49
- package/dist/function-registry/questions.js +255 -13
- package/dist/function-registry/questions.js.map +1 -1
- package/dist/function-registry/tasks.js +158 -5
- package/dist/function-registry/tasks.js.map +1 -1
- package/dist/function-registry/topics.d.ts +21 -21
- package/dist/function-registry/topics.js +172 -8
- package/dist/function-registry/topics.js.map +1 -1
- package/dist/function-registry/types.d.ts +1 -1
- package/dist/function-registry/worktrees.d.ts +80 -41
- package/dist/function-registry/worktrees.js +292 -17
- package/dist/function-registry/worktrees.js.map +1 -1
- package/dist/function-registry-input-audit.d.ts +13 -0
- package/dist/function-registry-input-audit.js +164 -0
- package/dist/function-registry-input-audit.js.map +1 -0
- package/dist/gateway.contract.d.ts +1 -0
- package/dist/gateway.contract.js.map +1 -1
- package/dist/generated/convexSchemas.js +1 -1
- package/dist/generated/convexSchemas.js.map +1 -1
- package/dist/index.d.ts +188 -35
- package/dist/index.js +1370 -17
- package/dist/index.js.map +1 -1
- package/dist/infisical-runtime.contract.d.ts +174 -0
- package/dist/infisical-runtime.contract.js +192 -0
- package/dist/infisical-runtime.contract.js.map +1 -0
- package/dist/schemas/index.js +3 -1
- package/dist/schemas/index.js.map +1 -1
- package/dist/schemas/manifest.d.ts +935 -905
- package/dist/schemas/manifest.js +3 -1
- package/dist/schemas/manifest.js.map +1 -1
- package/dist/schemas/sl-opinion.d.ts +4 -4
- package/dist/schemas/tables/identity/platform.d.ts +10 -10
- package/dist/schemas/tables/kernel/epistemic.d.ts +6 -6
- package/dist/schemas/tables/kernel/infra.d.ts +4 -4
- package/dist/schemas/tables/kernel/intelligence.d.ts +10 -10
- package/dist/schemas/tables/kernel/lens.d.ts +4 -4
- package/dist/schemas/tables/kernel/platform.d.ts +12 -12
- package/dist/schemas/tables/kernel/spine.d.ts +2 -2
- package/dist/schemas/tables/kernel/task.d.ts +42 -42
- package/dist/schemas/tables/kernel/worktree.d.ts +62 -62
- package/dist/schemas/tables/mc/identity.d.ts +2 -2
- package/dist/schemas/tables/mc/pack.d.ts +20 -20
- package/dist/schemas/tables/mc/registry.d.ts +4 -4
- package/dist/schemas/tables/mc/workspace.d.ts +9 -3
- package/dist/schemas/tables/mc/workspace.js +3 -1
- package/dist/schemas/tables/mc/workspace.js.map +1 -1
- package/dist/sdk-methods.contract.d.ts +1 -1
- package/dist/{sdk-tools.contract-S4ia0TTo.d.ts → sdk-tools.contract-CD-N1Jf7.d.ts} +1 -1
- package/dist/sdk-tools.contract.d.ts +2 -2
- package/dist/sdk-tools.contract.js +157 -4
- package/dist/sdk-tools.contract.js.map +1 -1
- package/dist/tenant-bootstrap-seed.contract.d.ts +1097 -0
- package/dist/tenant-bootstrap-seed.contract.js +651 -0
- package/dist/tenant-bootstrap-seed.contract.js.map +1 -0
- package/dist/tenant-bootstrap-seed.defaults.d.ts +16 -0
- package/dist/tenant-bootstrap-seed.defaults.js +303 -0
- package/dist/tenant-bootstrap-seed.defaults.js.map +1 -0
- package/dist/{tool-contracts-C92-9ueT.d.ts → tool-contracts-BcKz-VGj.d.ts} +4 -2
- package/dist/tool-contracts.d.ts +1 -1
- package/dist/tool-contracts.js +158 -5
- package/dist/tool-contracts.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { z, ZodFirstPartyTypeKind } from 'zod';
|
|
2
2
|
import { v } from 'convex/values';
|
|
3
|
+
import { ALL_FUNCTION_CONTRACTS } from './function-registry/index.js';
|
|
3
4
|
export * from './function-registry/index.js';
|
|
4
5
|
|
|
5
6
|
var __defProp = Object.defineProperty;
|
|
@@ -376,6 +377,57 @@ function isComponentBoundaryComponentOwnedTable(tableName) {
|
|
|
376
377
|
return layer === "I" || layer === "K";
|
|
377
378
|
}
|
|
378
379
|
|
|
380
|
+
// src/component-host-boundary.contract.ts
|
|
381
|
+
var COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION = "2026-04-28";
|
|
382
|
+
var COMPONENT_HOST_PROTECTED_TABLES = [
|
|
383
|
+
"backgroundJobRuns",
|
|
384
|
+
"backgroundJobSettings",
|
|
385
|
+
"systemLogs",
|
|
386
|
+
"epistemicAudit",
|
|
387
|
+
"platformPolicyDecisionLogs",
|
|
388
|
+
"tenantApiKeys",
|
|
389
|
+
"projectGrants",
|
|
390
|
+
"userSessions"
|
|
391
|
+
];
|
|
392
|
+
var COMPONENT_HOST_PROTECTED_TABLE_OWNERS = {
|
|
393
|
+
backgroundJobRuns: "kernel_component",
|
|
394
|
+
backgroundJobSettings: "kernel_component",
|
|
395
|
+
systemLogs: "kernel_component",
|
|
396
|
+
epistemicAudit: "reasoning_kernel_component",
|
|
397
|
+
platformPolicyDecisionLogs: "identity_component",
|
|
398
|
+
tenantApiKeys: "identity_component",
|
|
399
|
+
projectGrants: "identity_component",
|
|
400
|
+
userSessions: "tenant_or_control_plane_schema"
|
|
401
|
+
};
|
|
402
|
+
var COMPONENT_HOST_DB_WRITE_OPERATIONS = [
|
|
403
|
+
"insert",
|
|
404
|
+
"patch",
|
|
405
|
+
"replace",
|
|
406
|
+
"delete"
|
|
407
|
+
];
|
|
408
|
+
var COMPONENT_HOST_DB_READ_OPERATIONS = ["query"];
|
|
409
|
+
var COMPONENT_HOST_WRITE_AUDIT_ROOTS = [
|
|
410
|
+
"apps/web/convex",
|
|
411
|
+
"packages/server-core/src",
|
|
412
|
+
"services/kernel-template/convex",
|
|
413
|
+
"services/identity-template/convex",
|
|
414
|
+
"services/master-control/convex"
|
|
415
|
+
];
|
|
416
|
+
var COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS = [
|
|
417
|
+
{
|
|
418
|
+
file: "services/master-control/convex/userSessions.ts",
|
|
419
|
+
table: "userSessions",
|
|
420
|
+
operation: "insert",
|
|
421
|
+
reason: "Master Control declares and owns its own userSessions table for gateway session validation."
|
|
422
|
+
},
|
|
423
|
+
{
|
|
424
|
+
file: "services/master-control/convex/userSessions.ts",
|
|
425
|
+
table: "userSessions",
|
|
426
|
+
operation: "query",
|
|
427
|
+
reason: "Master Control declares and owns its own userSessions table for gateway session validation."
|
|
428
|
+
}
|
|
429
|
+
];
|
|
430
|
+
|
|
379
431
|
// src/gateway.contract.ts
|
|
380
432
|
function requireActorPrincipalId(authContext) {
|
|
381
433
|
const principalId = typeof authContext.principalId === "string" ? authContext.principalId.trim() : "";
|
|
@@ -5165,7 +5217,9 @@ var workspaces = defineTable({
|
|
|
5165
5217
|
"defaultProjectVisibility": z.enum(["private", "team", "firm", "external", "public"]).optional(),
|
|
5166
5218
|
"deployments": z.record(z.object({
|
|
5167
5219
|
"url": z.string(),
|
|
5168
|
-
"
|
|
5220
|
+
"target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
|
|
5221
|
+
"encryptedDeployKey": z.string().optional(),
|
|
5222
|
+
"credentialRef": z.string().optional()
|
|
5169
5223
|
})).optional(),
|
|
5170
5224
|
"metadata": z.record(z.any()).optional(),
|
|
5171
5225
|
"createdBy": z.string().optional(),
|
|
@@ -5741,17 +5795,6 @@ var edgePolicyManifest = {
|
|
|
5741
5795
|
}
|
|
5742
5796
|
]
|
|
5743
5797
|
};
|
|
5744
|
-
var InvariantManifestSchema = z.object({
|
|
5745
|
-
manifestVersion: z.literal("1.0.0"),
|
|
5746
|
-
rules: z.array(
|
|
5747
|
-
z.object({
|
|
5748
|
-
invariant: z.string(),
|
|
5749
|
-
description: z.string(),
|
|
5750
|
-
checker: z.enum(["ast", "manifest", "runtime"]),
|
|
5751
|
-
severity: z.enum(["block_publish", "block_pr", "warn"])
|
|
5752
|
-
})
|
|
5753
|
-
)
|
|
5754
|
-
});
|
|
5755
5798
|
|
|
5756
5799
|
// src/tenant-client.contract.ts
|
|
5757
5800
|
var TENANT_CLIENT_CONTRACT_VERSION = "2026-04-27";
|
|
@@ -6154,6 +6197,218 @@ function formatTenantClientImportViolation(classification) {
|
|
|
6154
6197
|
return `Tenant client import is not allowed${patternId}: ${classification.importPath}. ${classification.reason}`;
|
|
6155
6198
|
}
|
|
6156
6199
|
|
|
6200
|
+
// src/infisical-runtime.contract.ts
|
|
6201
|
+
var INFISICAL_RUNTIME_CONTRACT_VERSION = "2026-04-28";
|
|
6202
|
+
var INFISICAL_RUNTIME_DEFAULT_API_URL = "https://app.infisical.com";
|
|
6203
|
+
var INFISICAL_RUNTIME_DEFAULT_PROJECT_ID = "344b0526-90df-4606-ba50-22c647a36c65";
|
|
6204
|
+
var INFISICAL_RUNTIME_ENVIRONMENTS = [
|
|
6205
|
+
"dev",
|
|
6206
|
+
"staging",
|
|
6207
|
+
"prod"
|
|
6208
|
+
];
|
|
6209
|
+
var INFISICAL_RUNTIME_DELIVERY_MODES = [
|
|
6210
|
+
"vercel_sync",
|
|
6211
|
+
"runtime_fetch",
|
|
6212
|
+
"device_auth"
|
|
6213
|
+
];
|
|
6214
|
+
var INFISICAL_RUNTIME_SURFACE_IDS = [
|
|
6215
|
+
"lucern-web",
|
|
6216
|
+
"lucern-gateway",
|
|
6217
|
+
"lucern-sdk",
|
|
6218
|
+
"lucern-cli",
|
|
6219
|
+
"lucern-mcp",
|
|
6220
|
+
"tenant-client"
|
|
6221
|
+
];
|
|
6222
|
+
var INFISICAL_RUNTIME_BOOTSTRAP_ENV = {
|
|
6223
|
+
apiUrl: ["INFISICAL_API_URL", "INFISICAL_URL"],
|
|
6224
|
+
projectId: ["INFISICAL_PROJECT_ID", "INFISICAL_WORKSPACE_ID"],
|
|
6225
|
+
clientId: [
|
|
6226
|
+
"INFISICAL_CLIENT_ID",
|
|
6227
|
+
"INFISICAL_MACHINE_CLIENT_ID",
|
|
6228
|
+
"INFISICAL_UNIVERSAL_AUTH_CLIENT_ID"
|
|
6229
|
+
],
|
|
6230
|
+
clientSecret: [
|
|
6231
|
+
"INFISICAL_CLIENT_SECRET",
|
|
6232
|
+
"INFISICAL_MACHINE_CLIENT_SECRET",
|
|
6233
|
+
"INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET"
|
|
6234
|
+
],
|
|
6235
|
+
environment: ["INFISICAL_ENV", "LUCERN_INFISICAL_ENV"],
|
|
6236
|
+
organizationSlug: ["INFISICAL_ORG_SLUG", "INFISICAL_ORGANIZATION_SLUG"],
|
|
6237
|
+
disabled: ["LUCERN_INFISICAL_DISABLE", "INFISICAL_DISABLE"]
|
|
6238
|
+
};
|
|
6239
|
+
var INFISICAL_RUNTIME_PATHS = [
|
|
6240
|
+
{
|
|
6241
|
+
id: "platform-auth",
|
|
6242
|
+
secretPath: "/platform/auth",
|
|
6243
|
+
description: "Lucern platform authentication secrets. Synced into Vercel web/gateway projects; never distributed to tenant tools.",
|
|
6244
|
+
variables: [
|
|
6245
|
+
{
|
|
6246
|
+
name: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
|
|
6247
|
+
required: true,
|
|
6248
|
+
secret: false,
|
|
6249
|
+
public: true,
|
|
6250
|
+
description: "Clerk publishable key for the Lucern web origin."
|
|
6251
|
+
},
|
|
6252
|
+
{
|
|
6253
|
+
name: "CLERK_SECRET_KEY",
|
|
6254
|
+
required: true,
|
|
6255
|
+
secret: true,
|
|
6256
|
+
public: false,
|
|
6257
|
+
description: "Clerk backend secret key for Lucern server runtimes."
|
|
6258
|
+
},
|
|
6259
|
+
{
|
|
6260
|
+
name: "CLERK_JWT_ISSUER_DOMAIN",
|
|
6261
|
+
required: false,
|
|
6262
|
+
secret: false,
|
|
6263
|
+
public: false,
|
|
6264
|
+
description: "Expected Clerk issuer/JWKS domain for JWT verification."
|
|
6265
|
+
},
|
|
6266
|
+
{
|
|
6267
|
+
name: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
|
|
6268
|
+
required: false,
|
|
6269
|
+
secret: false,
|
|
6270
|
+
public: true,
|
|
6271
|
+
description: "Public sign-in URL for Lucern-owned web flows."
|
|
6272
|
+
},
|
|
6273
|
+
{
|
|
6274
|
+
name: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
|
|
6275
|
+
required: false,
|
|
6276
|
+
secret: false,
|
|
6277
|
+
public: true,
|
|
6278
|
+
description: "Public sign-up URL for Lucern-owned web flows."
|
|
6279
|
+
}
|
|
6280
|
+
]
|
|
6281
|
+
},
|
|
6282
|
+
{
|
|
6283
|
+
id: "platform-runtime",
|
|
6284
|
+
secretPath: "/platform/runtime",
|
|
6285
|
+
description: "Runtime defaults shared by server-side Lucern clients and operator tooling.",
|
|
6286
|
+
variables: [
|
|
6287
|
+
{
|
|
6288
|
+
name: "LUCERN_API_URL",
|
|
6289
|
+
required: true,
|
|
6290
|
+
secret: false,
|
|
6291
|
+
public: false,
|
|
6292
|
+
aliases: ["LUCERN_API_BASE_URL", "LUCERN_BASE_URL"],
|
|
6293
|
+
description: "Canonical Lucern API gateway URL."
|
|
6294
|
+
},
|
|
6295
|
+
{
|
|
6296
|
+
name: "LUCERN_LOGIN_BASE_URL",
|
|
6297
|
+
required: false,
|
|
6298
|
+
secret: false,
|
|
6299
|
+
public: false,
|
|
6300
|
+
aliases: ["LUCERN_AUTH_BASE_URL"],
|
|
6301
|
+
description: "Browser login origin used when it differs from the API."
|
|
6302
|
+
},
|
|
6303
|
+
{
|
|
6304
|
+
name: "LUCERN_ENVIRONMENT",
|
|
6305
|
+
required: false,
|
|
6306
|
+
secret: false,
|
|
6307
|
+
public: false,
|
|
6308
|
+
aliases: ["LUCERN_ENV"],
|
|
6309
|
+
description: "Lucern environment label consumed by CLI profiles."
|
|
6310
|
+
}
|
|
6311
|
+
]
|
|
6312
|
+
},
|
|
6313
|
+
{
|
|
6314
|
+
id: "tenant-shared-install",
|
|
6315
|
+
secretPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
|
|
6316
|
+
description: "Tenant package-install secrets. This is install-only and distinct from platform publish credentials.",
|
|
6317
|
+
variables: [
|
|
6318
|
+
{
|
|
6319
|
+
name: "INSTALL_LUCERN_NPM",
|
|
6320
|
+
required: true,
|
|
6321
|
+
secret: true,
|
|
6322
|
+
public: false,
|
|
6323
|
+
description: "Read-only install token for the published @lucern/* suite."
|
|
6324
|
+
}
|
|
6325
|
+
]
|
|
6326
|
+
}
|
|
6327
|
+
];
|
|
6328
|
+
var INFISICAL_RUNTIME_SURFACES = [
|
|
6329
|
+
{
|
|
6330
|
+
id: "lucern-web",
|
|
6331
|
+
delivery: "vercel_sync",
|
|
6332
|
+
sourcePathIds: ["platform-auth", "platform-runtime"],
|
|
6333
|
+
consumer: "apps/web on Vercel project lucern",
|
|
6334
|
+
description: "Lucern web consumes Clerk and runtime config via Infisical-to-Vercel syncs."
|
|
6335
|
+
},
|
|
6336
|
+
{
|
|
6337
|
+
id: "lucern-gateway",
|
|
6338
|
+
delivery: "vercel_sync",
|
|
6339
|
+
sourcePathIds: ["platform-auth", "platform-runtime"],
|
|
6340
|
+
consumer: "apps/gateway on Vercel project lucern-gateway",
|
|
6341
|
+
description: "Lucern gateway consumes platform config via Infisical-to-Vercel syncs."
|
|
6342
|
+
},
|
|
6343
|
+
{
|
|
6344
|
+
id: "lucern-sdk",
|
|
6345
|
+
packageName: "@lucern/sdk",
|
|
6346
|
+
delivery: "runtime_fetch",
|
|
6347
|
+
sourcePathIds: ["platform-runtime"],
|
|
6348
|
+
consumer: "server-side SDK operator contexts with a scoped Infisical identity",
|
|
6349
|
+
description: "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials."
|
|
6350
|
+
},
|
|
6351
|
+
{
|
|
6352
|
+
id: "lucern-cli",
|
|
6353
|
+
packageName: "@lucern/cli",
|
|
6354
|
+
delivery: "runtime_fetch",
|
|
6355
|
+
fallback: "device_auth",
|
|
6356
|
+
sourcePathIds: ["platform-runtime"],
|
|
6357
|
+
consumer: "developer/operator CLI processes",
|
|
6358
|
+
description: "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login."
|
|
6359
|
+
},
|
|
6360
|
+
{
|
|
6361
|
+
id: "lucern-mcp",
|
|
6362
|
+
packageName: "@lucern/mcp",
|
|
6363
|
+
delivery: "runtime_fetch",
|
|
6364
|
+
fallback: "device_auth",
|
|
6365
|
+
sourcePathIds: ["platform-runtime"],
|
|
6366
|
+
consumer: "MCP server/client processes",
|
|
6367
|
+
description: "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner."
|
|
6368
|
+
},
|
|
6369
|
+
{
|
|
6370
|
+
id: "tenant-client",
|
|
6371
|
+
delivery: "device_auth",
|
|
6372
|
+
sourcePathIds: ["tenant-shared-install"],
|
|
6373
|
+
consumer: "tenant-owned apps and coding agents",
|
|
6374
|
+
description: "Tenant clients install the published packages and receive user/service credentials through Lucern auth surfaces."
|
|
6375
|
+
}
|
|
6376
|
+
];
|
|
6377
|
+
function findInfisicalRuntimePath(pathId) {
|
|
6378
|
+
return INFISICAL_RUNTIME_PATHS.find((path) => path.id === pathId);
|
|
6379
|
+
}
|
|
6380
|
+
function findInfisicalRuntimeSurface(surfaceId) {
|
|
6381
|
+
return INFISICAL_RUNTIME_SURFACES.find(
|
|
6382
|
+
(surface) => surface.id === surfaceId
|
|
6383
|
+
);
|
|
6384
|
+
}
|
|
6385
|
+
|
|
6386
|
+
// src/manifests/infisical-runtime-manifest.ts
|
|
6387
|
+
var INFISICAL_RUNTIME_MANIFEST = {
|
|
6388
|
+
manifestVersion: "1.0.0",
|
|
6389
|
+
contractVersion: INFISICAL_RUNTIME_CONTRACT_VERSION,
|
|
6390
|
+
project: {
|
|
6391
|
+
id: INFISICAL_RUNTIME_DEFAULT_PROJECT_ID,
|
|
6392
|
+
apiUrl: INFISICAL_RUNTIME_DEFAULT_API_URL
|
|
6393
|
+
},
|
|
6394
|
+
environments: INFISICAL_RUNTIME_ENVIRONMENTS,
|
|
6395
|
+
deliveryModes: INFISICAL_RUNTIME_DELIVERY_MODES,
|
|
6396
|
+
bootstrapEnv: INFISICAL_RUNTIME_BOOTSTRAP_ENV,
|
|
6397
|
+
paths: INFISICAL_RUNTIME_PATHS,
|
|
6398
|
+
surfaces: INFISICAL_RUNTIME_SURFACES
|
|
6399
|
+
};
|
|
6400
|
+
var InvariantManifestSchema = z.object({
|
|
6401
|
+
manifestVersion: z.literal("1.0.0"),
|
|
6402
|
+
rules: z.array(
|
|
6403
|
+
z.object({
|
|
6404
|
+
invariant: z.string(),
|
|
6405
|
+
description: z.string(),
|
|
6406
|
+
checker: z.enum(["ast", "manifest", "runtime"]),
|
|
6407
|
+
severity: z.enum(["block_publish", "block_pr", "warn"])
|
|
6408
|
+
})
|
|
6409
|
+
)
|
|
6410
|
+
});
|
|
6411
|
+
|
|
6157
6412
|
// src/manifests/tenant-client-manifest.ts
|
|
6158
6413
|
var TENANT_CLIENT_MANIFEST = {
|
|
6159
6414
|
manifestVersion: "1.0.0",
|
|
@@ -6534,6 +6789,7 @@ __export(tool_contracts_exports, {
|
|
|
6534
6789
|
ARCHIVE_BELIEF: () => ARCHIVE_BELIEF,
|
|
6535
6790
|
ARCHIVE_ONTOLOGY: () => ARCHIVE_ONTOLOGY,
|
|
6536
6791
|
ARCHIVE_QUESTION: () => ARCHIVE_QUESTION,
|
|
6792
|
+
BEGIN_BUILD_SESSION: () => BEGIN_BUILD_SESSION,
|
|
6537
6793
|
BISECT_CONFIDENCE: () => BISECT_CONFIDENCE,
|
|
6538
6794
|
BROADCAST_MESSAGE: () => BROADCAST_MESSAGE,
|
|
6539
6795
|
CHECK_PERMISSION: () => CHECK_PERMISSION,
|
|
@@ -7057,6 +7313,14 @@ var ADD_WORKTREE = {
|
|
|
7057
7313
|
description: "Check out a branch into an active worktree for investigation. Like `git worktree add <branch>` \u2014 creates independent working state on a thematic branch. Beliefs committed within the worktree can be freely amended (draft code on a feature branch). When investigation is complete, `merge` integrates findings into main.",
|
|
7058
7314
|
parameters: {
|
|
7059
7315
|
title: { type: "string", description: "Worktree name/objective" },
|
|
7316
|
+
name: {
|
|
7317
|
+
type: "string",
|
|
7318
|
+
description: "Optional storage-name alias for callers that already use backend naming"
|
|
7319
|
+
},
|
|
7320
|
+
projectId: {
|
|
7321
|
+
type: "string",
|
|
7322
|
+
description: "Legacy topicId alias"
|
|
7323
|
+
},
|
|
7060
7324
|
topicId: { type: "string", description: "Optional topic scope hint" },
|
|
7061
7325
|
branchId: {
|
|
7062
7326
|
type: "string",
|
|
@@ -7070,14 +7334,87 @@ var ADD_WORKTREE = {
|
|
|
7070
7334
|
type: "string",
|
|
7071
7335
|
description: "The testable claim this worktree investigates"
|
|
7072
7336
|
},
|
|
7337
|
+
rationale: {
|
|
7338
|
+
type: "string",
|
|
7339
|
+
description: "Why this worktree exists and why it belongs in the campaign"
|
|
7340
|
+
},
|
|
7341
|
+
worktreeType: {
|
|
7342
|
+
type: "string",
|
|
7343
|
+
description: "Schema-enum worktree type used by the kernel lifecycle and retrieval layers"
|
|
7344
|
+
},
|
|
7345
|
+
gate: {
|
|
7346
|
+
type: "string",
|
|
7347
|
+
description: "Exit gate name for this worktree"
|
|
7348
|
+
},
|
|
7349
|
+
startDate: {
|
|
7350
|
+
type: "number",
|
|
7351
|
+
description: "Planned start timestamp in milliseconds since epoch"
|
|
7352
|
+
},
|
|
7353
|
+
endDate: {
|
|
7354
|
+
type: "number",
|
|
7355
|
+
description: "Planned end timestamp in milliseconds since epoch"
|
|
7356
|
+
},
|
|
7357
|
+
durationWeeks: {
|
|
7358
|
+
type: "number",
|
|
7359
|
+
description: "Planned duration in weeks"
|
|
7360
|
+
},
|
|
7361
|
+
confidenceImpact: {
|
|
7362
|
+
type: "string",
|
|
7363
|
+
description: "Expected confidence impact if the worktree succeeds",
|
|
7364
|
+
enum: ["high", "medium", "low"]
|
|
7365
|
+
},
|
|
7366
|
+
beliefFocus: {
|
|
7367
|
+
type: "string",
|
|
7368
|
+
description: "Natural-language focus spanning the target belief neighborhood"
|
|
7369
|
+
},
|
|
7073
7370
|
beliefIds: {
|
|
7074
7371
|
type: "array",
|
|
7075
|
-
description: "
|
|
7372
|
+
description: "Legacy alias for targetBeliefIds"
|
|
7373
|
+
},
|
|
7374
|
+
beliefs: {
|
|
7375
|
+
type: "array",
|
|
7376
|
+
description: "Legacy alias for targetBeliefIds"
|
|
7377
|
+
},
|
|
7378
|
+
targetBeliefIds: {
|
|
7379
|
+
type: "array",
|
|
7380
|
+
description: "Belief node IDs this worktree is expected to test or update"
|
|
7381
|
+
},
|
|
7382
|
+
targetQuestionIds: {
|
|
7383
|
+
type: "array",
|
|
7384
|
+
description: "Question node IDs this worktree is expected to answer"
|
|
7385
|
+
},
|
|
7386
|
+
keyQuestions: {
|
|
7387
|
+
type: "array",
|
|
7388
|
+
description: "Inline key question objects with question, optional status, answer, answerConfidence, and linkedQuestionId"
|
|
7389
|
+
},
|
|
7390
|
+
evidenceSignals: {
|
|
7391
|
+
type: "array",
|
|
7392
|
+
description: "Evidence signal objects with signal, optional collected state, progress, and notes"
|
|
7393
|
+
},
|
|
7394
|
+
decisionGate: {
|
|
7395
|
+
type: "object",
|
|
7396
|
+
description: "Decision gate object with goCriteria, noGoSignals, optional verdict, rationale, decidedAt, and decidedBy"
|
|
7397
|
+
},
|
|
7398
|
+
goCriteria: {
|
|
7399
|
+
type: "array",
|
|
7400
|
+
description: "Shorthand go criteria used to build decisionGate"
|
|
7401
|
+
},
|
|
7402
|
+
noGoSignals: {
|
|
7403
|
+
type: "array",
|
|
7404
|
+
description: "Shorthand no-go signals used to build decisionGate"
|
|
7405
|
+
},
|
|
7406
|
+
proofArtifacts: {
|
|
7407
|
+
type: "array",
|
|
7408
|
+
description: "Expected proof artifacts required to close the worktree"
|
|
7076
7409
|
},
|
|
7077
7410
|
autoShape: {
|
|
7078
7411
|
type: "boolean",
|
|
7079
7412
|
description: "Whether to invoke inquiry auto-shaping during worktree creation"
|
|
7080
7413
|
},
|
|
7414
|
+
autoFixPolicy: {
|
|
7415
|
+
type: "object",
|
|
7416
|
+
description: "Policy for permitted automatic remediation inside the worktree"
|
|
7417
|
+
},
|
|
7081
7418
|
domainPackId: {
|
|
7082
7419
|
type: "string",
|
|
7083
7420
|
description: "Optional domain pack whose shaping hooks should influence generated questions and tasks"
|
|
@@ -7106,9 +7443,17 @@ var ADD_WORKTREE = {
|
|
|
7106
7443
|
type: "array",
|
|
7107
7444
|
description: "Worktree IDs blocked by this worktree"
|
|
7108
7445
|
},
|
|
7109
|
-
|
|
7446
|
+
staffingHint: {
|
|
7110
7447
|
type: "string",
|
|
7111
|
-
description: "
|
|
7448
|
+
description: "Suggested staffing or agent allocation note"
|
|
7449
|
+
},
|
|
7450
|
+
lensId: {
|
|
7451
|
+
type: "string",
|
|
7452
|
+
description: "Lens that scopes this worktree when applicable"
|
|
7453
|
+
},
|
|
7454
|
+
lastReconciledAt: {
|
|
7455
|
+
type: "number",
|
|
7456
|
+
description: "Timestamp when worktree metadata was last reconciled"
|
|
7112
7457
|
}
|
|
7113
7458
|
},
|
|
7114
7459
|
required: ["title", "topicId"],
|
|
@@ -7138,7 +7483,7 @@ var MERGE = {
|
|
|
7138
7483
|
worktreeId: { type: "string", description: "The worktree to merge" },
|
|
7139
7484
|
outcomes: {
|
|
7140
7485
|
type: "array",
|
|
7141
|
-
description: "
|
|
7486
|
+
description: "Merge outcomes as key-finding strings, or scoring outcomes for beliefs: { beliefId, confidence, rationale }"
|
|
7142
7487
|
},
|
|
7143
7488
|
summary: { type: "string", description: "Overall findings summary" }
|
|
7144
7489
|
},
|
|
@@ -10157,6 +10502,69 @@ var GENERATE_SESSION_HANDOFF = {
|
|
|
10157
10502
|
tier: "showcase",
|
|
10158
10503
|
internal: true
|
|
10159
10504
|
};
|
|
10505
|
+
var BEGIN_BUILD_SESSION = {
|
|
10506
|
+
name: "begin_build_session",
|
|
10507
|
+
description: "Bootstrap a coding build session for a Lucern worktree. Like `git worktree add` plus `git status` \u2014 returns the compact context packet an agent needs before editing.",
|
|
10508
|
+
parameters: {
|
|
10509
|
+
worktreeId: {
|
|
10510
|
+
type: "string",
|
|
10511
|
+
description: "The Lucern worktree ID to bootstrap."
|
|
10512
|
+
},
|
|
10513
|
+
branch: {
|
|
10514
|
+
type: "string",
|
|
10515
|
+
description: "Optional git branch name. Auto-generated from the worktree name when omitted."
|
|
10516
|
+
},
|
|
10517
|
+
branchBase: {
|
|
10518
|
+
type: "string",
|
|
10519
|
+
description: 'Base branch for the feature branch. Default: "staging".'
|
|
10520
|
+
},
|
|
10521
|
+
prBase: {
|
|
10522
|
+
type: "string",
|
|
10523
|
+
description: 'Target branch for the PR. Default: "staging".'
|
|
10524
|
+
},
|
|
10525
|
+
sessionMode: {
|
|
10526
|
+
type: "string",
|
|
10527
|
+
description: 'Session mode: "async" for Codex/headless or "interactive" for live sessions.',
|
|
10528
|
+
enum: ["async", "interactive"]
|
|
10529
|
+
},
|
|
10530
|
+
activateIfPlanning: {
|
|
10531
|
+
type: "boolean",
|
|
10532
|
+
description: "When true, automatically activate a planning worktree during bootstrap."
|
|
10533
|
+
}
|
|
10534
|
+
},
|
|
10535
|
+
required: ["worktreeId"],
|
|
10536
|
+
response: {
|
|
10537
|
+
description: "A compact build-session packet with worktree metadata, graph anchors, questions, dependencies, and git defaults.",
|
|
10538
|
+
fields: {
|
|
10539
|
+
topicId: "string \u2014 canonical topic scope",
|
|
10540
|
+
topicName: "string \u2014 human-readable topic name",
|
|
10541
|
+
worktreeId: "string \u2014 worktree ID",
|
|
10542
|
+
worktreeName: "string \u2014 human-readable worktree name",
|
|
10543
|
+
branch: "string \u2014 git branch name",
|
|
10544
|
+
branchBase: "string \u2014 base branch",
|
|
10545
|
+
prBase: "string \u2014 PR target branch",
|
|
10546
|
+
campaign: "number | null \u2014 top-level pipeline campaign",
|
|
10547
|
+
lane: "string \u2014 campaign lane",
|
|
10548
|
+
gate: "string \u2014 exit gate",
|
|
10549
|
+
hypothesis: "string \u2014 worktree hypothesis",
|
|
10550
|
+
focus: "string \u2014 session focus",
|
|
10551
|
+
status: "string \u2014 worktree status after optional activation",
|
|
10552
|
+
sessionMode: "string \u2014 async | interactive",
|
|
10553
|
+
targetBeliefIds: "array \u2014 scoped belief IDs",
|
|
10554
|
+
targetQuestionIds: "array \u2014 scoped question IDs",
|
|
10555
|
+
topBeliefs: "array \u2014 highest-confidence scoped beliefs",
|
|
10556
|
+
openQuestions: "array \u2014 open scoped questions",
|
|
10557
|
+
resolvedDecisions: "array \u2014 answered questions summarized for the session",
|
|
10558
|
+
dependencies: "array \u2014 upstream worktrees",
|
|
10559
|
+
unblocks: "array \u2014 downstream worktrees",
|
|
10560
|
+
mergeOrderNotes: "string \u2014 merge ordering advisory"
|
|
10561
|
+
}
|
|
10562
|
+
},
|
|
10563
|
+
ownerModule: "bootstrap",
|
|
10564
|
+
ontologyPrimitive: "worktree",
|
|
10565
|
+
tier: "showcase",
|
|
10566
|
+
internal: true
|
|
10567
|
+
};
|
|
10160
10568
|
var MCP_TOOL_CONTRACTS = {
|
|
10161
10569
|
// Belief lifecycle (commit, amend, fork, archive)
|
|
10162
10570
|
create_belief: CREATE_BELIEF,
|
|
@@ -10250,6 +10658,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
10250
10658
|
get_agent_inbox: GET_AGENT_INBOX,
|
|
10251
10659
|
claim_files: CLAIM_FILES,
|
|
10252
10660
|
generate_session_handoff: GENERATE_SESSION_HANDOFF,
|
|
10661
|
+
begin_build_session: BEGIN_BUILD_SESSION,
|
|
10253
10662
|
// Policy / ACL (workhorse)
|
|
10254
10663
|
check_permission: CHECK_PERMISSION,
|
|
10255
10664
|
filter_by_permission: FILTER_BY_PERMISSION,
|
|
@@ -11917,6 +12326,950 @@ function validateSdkGitSemantics(tool) {
|
|
|
11917
12326
|
return { valid: true };
|
|
11918
12327
|
}
|
|
11919
12328
|
|
|
12329
|
+
// src/tenant-bootstrap-seed.contract.ts
|
|
12330
|
+
var TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION = "2026-04-30";
|
|
12331
|
+
var TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS = [
|
|
12332
|
+
"tenantId",
|
|
12333
|
+
"workspaceId",
|
|
12334
|
+
"principalId",
|
|
12335
|
+
"role",
|
|
12336
|
+
"authMode",
|
|
12337
|
+
"correlationId",
|
|
12338
|
+
"auditMetadata"
|
|
12339
|
+
];
|
|
12340
|
+
var TENANT_BOOTSTRAP_SEED_COMPONENTS = {
|
|
12341
|
+
kernel: {
|
|
12342
|
+
componentName: "lucern",
|
|
12343
|
+
templateService: "services/kernel-template",
|
|
12344
|
+
templateDeployments: {
|
|
12345
|
+
staging: "charming-okapi-787",
|
|
12346
|
+
prod: "brilliant-narwhal-889"
|
|
12347
|
+
}
|
|
12348
|
+
},
|
|
12349
|
+
identity: {
|
|
12350
|
+
componentName: "identity",
|
|
12351
|
+
templateService: "services/identity-template",
|
|
12352
|
+
templateDeployments: {
|
|
12353
|
+
staging: "charming-goldfinch-895",
|
|
12354
|
+
prod: "helpful-mule-694"
|
|
12355
|
+
}
|
|
12356
|
+
}
|
|
12357
|
+
};
|
|
12358
|
+
function isCopyableSeedRequirement(entry) {
|
|
12359
|
+
return (entry.copyMode === "template_global" || entry.copyMode === "template_tenant_rewrite" || entry.copyMode === "template_reference_remap") && Boolean(entry.scope) && Array.isArray(entry.uniqueKey) && entry.uniqueKey.length > 0;
|
|
12360
|
+
}
|
|
12361
|
+
var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
12362
|
+
{
|
|
12363
|
+
component: "kernel",
|
|
12364
|
+
table: "agentMessages",
|
|
12365
|
+
prepopulation: "runtime_data",
|
|
12366
|
+
copyMode: "none",
|
|
12367
|
+
description: "Agent coordination messages are session data, not template data."
|
|
12368
|
+
},
|
|
12369
|
+
{
|
|
12370
|
+
component: "kernel",
|
|
12371
|
+
table: "agentSessions",
|
|
12372
|
+
prepopulation: "runtime_data",
|
|
12373
|
+
copyMode: "none",
|
|
12374
|
+
description: "Agent coordination sessions are created by active clients."
|
|
12375
|
+
},
|
|
12376
|
+
{
|
|
12377
|
+
component: "kernel",
|
|
12378
|
+
table: "autofixJobs",
|
|
12379
|
+
prepopulation: "runtime_queue",
|
|
12380
|
+
copyMode: "none",
|
|
12381
|
+
description: "Autofix work items are runtime queue rows."
|
|
12382
|
+
},
|
|
12383
|
+
{
|
|
12384
|
+
component: "kernel",
|
|
12385
|
+
table: "backgroundJobRuns",
|
|
12386
|
+
prepopulation: "runtime_log",
|
|
12387
|
+
copyMode: "none",
|
|
12388
|
+
description: "Background job executions are runtime logs."
|
|
12389
|
+
},
|
|
12390
|
+
{
|
|
12391
|
+
component: "kernel",
|
|
12392
|
+
table: "backgroundJobSettings",
|
|
12393
|
+
prepopulation: "required_template",
|
|
12394
|
+
copyMode: "template_global",
|
|
12395
|
+
scope: "global",
|
|
12396
|
+
uniqueKey: ["jobKey"],
|
|
12397
|
+
description: "Default job enablement settings must come from the K template."
|
|
12398
|
+
},
|
|
12399
|
+
{
|
|
12400
|
+
component: "kernel",
|
|
12401
|
+
table: "beliefConfidence",
|
|
12402
|
+
prepopulation: "runtime_data",
|
|
12403
|
+
copyMode: "none",
|
|
12404
|
+
description: "Belief confidence rows are created with tenant graph facts."
|
|
12405
|
+
},
|
|
12406
|
+
{
|
|
12407
|
+
component: "kernel",
|
|
12408
|
+
table: "beliefEvidenceLinks",
|
|
12409
|
+
prepopulation: "runtime_data",
|
|
12410
|
+
copyMode: "none",
|
|
12411
|
+
description: "Belief-to-evidence links are tenant graph data."
|
|
12412
|
+
},
|
|
12413
|
+
{
|
|
12414
|
+
component: "kernel",
|
|
12415
|
+
table: "beliefHistory",
|
|
12416
|
+
prepopulation: "runtime_data",
|
|
12417
|
+
copyMode: "none",
|
|
12418
|
+
description: "Belief history is append-only tenant graph data."
|
|
12419
|
+
},
|
|
12420
|
+
{
|
|
12421
|
+
component: "kernel",
|
|
12422
|
+
table: "beliefScenarios",
|
|
12423
|
+
prepopulation: "runtime_data",
|
|
12424
|
+
copyMode: "none",
|
|
12425
|
+
description: "Scenario rows are tenant-authored reasoning data."
|
|
12426
|
+
},
|
|
12427
|
+
{
|
|
12428
|
+
component: "kernel",
|
|
12429
|
+
table: "beliefVotes",
|
|
12430
|
+
prepopulation: "runtime_data",
|
|
12431
|
+
copyMode: "none",
|
|
12432
|
+
description: "Decision belief votes are tenant-authored data."
|
|
12433
|
+
},
|
|
12434
|
+
{
|
|
12435
|
+
component: "kernel",
|
|
12436
|
+
table: "calibrationScores",
|
|
12437
|
+
prepopulation: "runtime_derived",
|
|
12438
|
+
copyMode: "none",
|
|
12439
|
+
description: "Calibration scores are computed from tenant outcomes."
|
|
12440
|
+
},
|
|
12441
|
+
{
|
|
12442
|
+
component: "kernel",
|
|
12443
|
+
table: "contractEvaluations",
|
|
12444
|
+
prepopulation: "runtime_log",
|
|
12445
|
+
copyMode: "none",
|
|
12446
|
+
description: "Contract evaluation rows are runtime computation logs."
|
|
12447
|
+
},
|
|
12448
|
+
{
|
|
12449
|
+
component: "kernel",
|
|
12450
|
+
table: "contradictions",
|
|
12451
|
+
prepopulation: "runtime_data",
|
|
12452
|
+
copyMode: "none",
|
|
12453
|
+
description: "Contradictions are tenant graph facts."
|
|
12454
|
+
},
|
|
12455
|
+
{
|
|
12456
|
+
component: "kernel",
|
|
12457
|
+
table: "crossProjectConnections",
|
|
12458
|
+
prepopulation: "runtime_data",
|
|
12459
|
+
copyMode: "none",
|
|
12460
|
+
description: "Cross-topic connections are tenant graph facts."
|
|
12461
|
+
},
|
|
12462
|
+
{
|
|
12463
|
+
component: "kernel",
|
|
12464
|
+
table: "decisionComputedSummaries",
|
|
12465
|
+
prepopulation: "runtime_derived",
|
|
12466
|
+
copyMode: "none",
|
|
12467
|
+
description: "Decision summaries are derived tenant outputs."
|
|
12468
|
+
},
|
|
12469
|
+
{
|
|
12470
|
+
component: "kernel",
|
|
12471
|
+
table: "decisionEvents",
|
|
12472
|
+
prepopulation: "runtime_data",
|
|
12473
|
+
copyMode: "none",
|
|
12474
|
+
description: "Decision events are lifecycle data."
|
|
12475
|
+
},
|
|
12476
|
+
{
|
|
12477
|
+
component: "kernel",
|
|
12478
|
+
table: "decisionParticipants",
|
|
12479
|
+
prepopulation: "runtime_data",
|
|
12480
|
+
copyMode: "none",
|
|
12481
|
+
description: "Decision participants are tenant-selected actors."
|
|
12482
|
+
},
|
|
12483
|
+
{
|
|
12484
|
+
component: "kernel",
|
|
12485
|
+
table: "decisionRiskLedger",
|
|
12486
|
+
prepopulation: "runtime_data",
|
|
12487
|
+
copyMode: "none",
|
|
12488
|
+
description: "Decision risk rows are tenant decision data."
|
|
12489
|
+
},
|
|
12490
|
+
{
|
|
12491
|
+
component: "kernel",
|
|
12492
|
+
table: "decisionSnapshots",
|
|
12493
|
+
prepopulation: "runtime_derived",
|
|
12494
|
+
copyMode: "none",
|
|
12495
|
+
description: "Decision snapshots are derived from tenant state."
|
|
12496
|
+
},
|
|
12497
|
+
{
|
|
12498
|
+
component: "kernel",
|
|
12499
|
+
table: "deliberationContributions",
|
|
12500
|
+
prepopulation: "runtime_data",
|
|
12501
|
+
copyMode: "none",
|
|
12502
|
+
description: "Deliberation contributions are tenant-authored data."
|
|
12503
|
+
},
|
|
12504
|
+
{
|
|
12505
|
+
component: "kernel",
|
|
12506
|
+
table: "deliberationSessions",
|
|
12507
|
+
prepopulation: "runtime_data",
|
|
12508
|
+
copyMode: "none",
|
|
12509
|
+
description: "Deliberation sessions are created by tenant workflows."
|
|
12510
|
+
},
|
|
12511
|
+
{
|
|
12512
|
+
component: "kernel",
|
|
12513
|
+
table: "epistemicAudit",
|
|
12514
|
+
prepopulation: "runtime_log",
|
|
12515
|
+
copyMode: "none",
|
|
12516
|
+
description: "Epistemic audit rows are append-only runtime audit data."
|
|
12517
|
+
},
|
|
12518
|
+
{
|
|
12519
|
+
component: "kernel",
|
|
12520
|
+
table: "epistemicContracts",
|
|
12521
|
+
prepopulation: "runtime_data",
|
|
12522
|
+
copyMode: "none",
|
|
12523
|
+
description: "Epistemic contracts are tenant-authored governance data."
|
|
12524
|
+
},
|
|
12525
|
+
{
|
|
12526
|
+
component: "kernel",
|
|
12527
|
+
table: "epistemicEdges",
|
|
12528
|
+
prepopulation: "runtime_data",
|
|
12529
|
+
copyMode: "none",
|
|
12530
|
+
description: "Edges are tenant reasoning graph data."
|
|
12531
|
+
},
|
|
12532
|
+
{
|
|
12533
|
+
component: "kernel",
|
|
12534
|
+
table: "epistemicNodeEmbeddings",
|
|
12535
|
+
prepopulation: "runtime_derived",
|
|
12536
|
+
copyMode: "none",
|
|
12537
|
+
description: "Embeddings are derived from tenant graph nodes."
|
|
12538
|
+
},
|
|
12539
|
+
{
|
|
12540
|
+
component: "kernel",
|
|
12541
|
+
table: "epistemicNodes",
|
|
12542
|
+
prepopulation: "runtime_data",
|
|
12543
|
+
copyMode: "none",
|
|
12544
|
+
description: "Nodes are tenant reasoning graph data."
|
|
12545
|
+
},
|
|
12546
|
+
{
|
|
12547
|
+
component: "kernel",
|
|
12548
|
+
table: "graphAnalysisCache",
|
|
12549
|
+
prepopulation: "runtime_derived",
|
|
12550
|
+
copyMode: "none",
|
|
12551
|
+
description: "Graph analysis cache rows are derived from tenant graph state."
|
|
12552
|
+
},
|
|
12553
|
+
{
|
|
12554
|
+
component: "kernel",
|
|
12555
|
+
table: "graphAnalysisResults",
|
|
12556
|
+
prepopulation: "runtime_derived",
|
|
12557
|
+
copyMode: "none",
|
|
12558
|
+
description: "Graph analysis result rows are derived tenant outputs."
|
|
12559
|
+
},
|
|
12560
|
+
{
|
|
12561
|
+
component: "kernel",
|
|
12562
|
+
table: "graphSuggestions",
|
|
12563
|
+
prepopulation: "runtime_derived",
|
|
12564
|
+
copyMode: "none",
|
|
12565
|
+
description: "Graph suggestions are derived recommendations."
|
|
12566
|
+
},
|
|
12567
|
+
{
|
|
12568
|
+
component: "kernel",
|
|
12569
|
+
table: "harnessReplays",
|
|
12570
|
+
prepopulation: "runtime_log",
|
|
12571
|
+
copyMode: "none",
|
|
12572
|
+
description: "Harness replay rows are runtime verification logs."
|
|
12573
|
+
},
|
|
12574
|
+
{
|
|
12575
|
+
component: "kernel",
|
|
12576
|
+
table: "harnessRuns",
|
|
12577
|
+
prepopulation: "runtime_log",
|
|
12578
|
+
copyMode: "none",
|
|
12579
|
+
description: "Harness run rows are runtime verification logs."
|
|
12580
|
+
},
|
|
12581
|
+
{
|
|
12582
|
+
component: "kernel",
|
|
12583
|
+
table: "idempotencyTokens",
|
|
12584
|
+
prepopulation: "runtime_log",
|
|
12585
|
+
copyMode: "none",
|
|
12586
|
+
description: "Idempotency tokens are request-scoped runtime guards."
|
|
12587
|
+
},
|
|
12588
|
+
{
|
|
12589
|
+
component: "kernel",
|
|
12590
|
+
table: "lenses",
|
|
12591
|
+
prepopulation: "optional_template",
|
|
12592
|
+
copyMode: "none",
|
|
12593
|
+
description: "Reusable lens templates may live in K templates, but workspace-specific copies are not required for core SDK boot."
|
|
12594
|
+
},
|
|
12595
|
+
{
|
|
12596
|
+
component: "kernel",
|
|
12597
|
+
table: "lensTopicBindings",
|
|
12598
|
+
prepopulation: "runtime_data",
|
|
12599
|
+
copyMode: "none",
|
|
12600
|
+
description: "Lens bindings attach runtime topics to runtime/workspace lenses."
|
|
12601
|
+
},
|
|
12602
|
+
{
|
|
12603
|
+
component: "kernel",
|
|
12604
|
+
table: "neo4jSyncQueue",
|
|
12605
|
+
prepopulation: "runtime_queue",
|
|
12606
|
+
copyMode: "none",
|
|
12607
|
+
description: "Neo4j sync queue rows are runtime work items."
|
|
12608
|
+
},
|
|
12609
|
+
{
|
|
12610
|
+
component: "kernel",
|
|
12611
|
+
table: "ontologyDefinitions",
|
|
12612
|
+
prepopulation: "required_template",
|
|
12613
|
+
copyMode: "template_global",
|
|
12614
|
+
scope: "global",
|
|
12615
|
+
uniqueKey: ["ontologyKey"],
|
|
12616
|
+
description: "Platform ontology definitions power taxonomy reads and effective ontology resolution."
|
|
12617
|
+
},
|
|
12618
|
+
{
|
|
12619
|
+
component: "kernel",
|
|
12620
|
+
table: "ontologyVersions",
|
|
12621
|
+
prepopulation: "required_template",
|
|
12622
|
+
copyMode: "template_reference_remap",
|
|
12623
|
+
scope: "global",
|
|
12624
|
+
uniqueKey: ["ontologyKey", "version"],
|
|
12625
|
+
dependsOn: ["ontologyDefinitions"],
|
|
12626
|
+
description: "Ontology versions must be copied with ontologyDefinition ID remapping."
|
|
12627
|
+
},
|
|
12628
|
+
{
|
|
12629
|
+
component: "kernel",
|
|
12630
|
+
table: "platformAgentRunPolicyDecisions",
|
|
12631
|
+
prepopulation: "runtime_log",
|
|
12632
|
+
copyMode: "none",
|
|
12633
|
+
description: "Agent-run policy decisions are audit logs."
|
|
12634
|
+
},
|
|
12635
|
+
{
|
|
12636
|
+
component: "kernel",
|
|
12637
|
+
table: "platformAgentRunPromptResolutions",
|
|
12638
|
+
prepopulation: "runtime_log",
|
|
12639
|
+
copyMode: "none",
|
|
12640
|
+
description: "Agent-run prompt resolution rows are runtime logs."
|
|
12641
|
+
},
|
|
12642
|
+
{
|
|
12643
|
+
component: "kernel",
|
|
12644
|
+
table: "platformAgentRuns",
|
|
12645
|
+
prepopulation: "runtime_log",
|
|
12646
|
+
copyMode: "none",
|
|
12647
|
+
description: "Agent runs are runtime execution records."
|
|
12648
|
+
},
|
|
12649
|
+
{
|
|
12650
|
+
component: "kernel",
|
|
12651
|
+
table: "platformAgentRunToolCalls",
|
|
12652
|
+
prepopulation: "runtime_log",
|
|
12653
|
+
copyMode: "none",
|
|
12654
|
+
description: "Agent-run tool calls are runtime execution records."
|
|
12655
|
+
},
|
|
12656
|
+
{
|
|
12657
|
+
component: "kernel",
|
|
12658
|
+
table: "platformHarnessShadowAudit",
|
|
12659
|
+
prepopulation: "runtime_log",
|
|
12660
|
+
copyMode: "none",
|
|
12661
|
+
description: "Harness shadow audit rows are runtime audit records."
|
|
12662
|
+
},
|
|
12663
|
+
{
|
|
12664
|
+
component: "kernel",
|
|
12665
|
+
table: "publicationRules",
|
|
12666
|
+
prepopulation: "required_template",
|
|
12667
|
+
copyMode: "template_tenant_rewrite",
|
|
12668
|
+
scope: "tenant",
|
|
12669
|
+
uniqueKey: ["tenantId", "workspaceId", "name"],
|
|
12670
|
+
description: "Default publication policy rules are rewritten into each tenant."
|
|
12671
|
+
},
|
|
12672
|
+
{
|
|
12673
|
+
component: "kernel",
|
|
12674
|
+
table: "questionEvidenceLinks",
|
|
12675
|
+
prepopulation: "runtime_data",
|
|
12676
|
+
copyMode: "none",
|
|
12677
|
+
description: "Question-to-evidence links are tenant graph data."
|
|
12678
|
+
},
|
|
12679
|
+
{
|
|
12680
|
+
component: "kernel",
|
|
12681
|
+
table: "researchJobs",
|
|
12682
|
+
prepopulation: "runtime_queue",
|
|
12683
|
+
copyMode: "none",
|
|
12684
|
+
description: "Research job rows are runtime queue items."
|
|
12685
|
+
},
|
|
12686
|
+
{
|
|
12687
|
+
component: "kernel",
|
|
12688
|
+
table: "schemaEnumConfig",
|
|
12689
|
+
prepopulation: "required_template",
|
|
12690
|
+
copyMode: "template_global",
|
|
12691
|
+
scope: "global",
|
|
12692
|
+
uniqueKey: ["category", "value"],
|
|
12693
|
+
description: "Runtime-extensible enum defaults required by SDK graph APIs."
|
|
12694
|
+
},
|
|
12695
|
+
{
|
|
12696
|
+
component: "kernel",
|
|
12697
|
+
table: "stakeholderGroups",
|
|
12698
|
+
prepopulation: "runtime_data",
|
|
12699
|
+
copyMode: "none",
|
|
12700
|
+
description: "Stakeholder groups are tenant decision data."
|
|
12701
|
+
},
|
|
12702
|
+
{
|
|
12703
|
+
component: "kernel",
|
|
12704
|
+
table: "systemLogs",
|
|
12705
|
+
prepopulation: "runtime_log",
|
|
12706
|
+
copyMode: "none",
|
|
12707
|
+
description: "System logs are runtime telemetry."
|
|
12708
|
+
},
|
|
12709
|
+
{
|
|
12710
|
+
component: "kernel",
|
|
12711
|
+
table: "tasks",
|
|
12712
|
+
prepopulation: "runtime_data",
|
|
12713
|
+
copyMode: "none",
|
|
12714
|
+
description: "Tasks are tenant-authored work items."
|
|
12715
|
+
},
|
|
12716
|
+
{
|
|
12717
|
+
component: "kernel",
|
|
12718
|
+
table: "topics",
|
|
12719
|
+
prepopulation: "runtime_bootstrap",
|
|
12720
|
+
copyMode: "none",
|
|
12721
|
+
description: "Default topics are created by tenant provisioning, not copied from templates."
|
|
12722
|
+
},
|
|
12723
|
+
{
|
|
12724
|
+
component: "kernel",
|
|
12725
|
+
table: "workflowDefinitions",
|
|
12726
|
+
prepopulation: "optional_template",
|
|
12727
|
+
copyMode: "none",
|
|
12728
|
+
description: "Table-driven workflow definitions can be template data after the workflow engine leaves legacy mode."
|
|
12729
|
+
},
|
|
12730
|
+
{
|
|
12731
|
+
component: "kernel",
|
|
12732
|
+
table: "workflowPullRequests",
|
|
12733
|
+
prepopulation: "runtime_data",
|
|
12734
|
+
copyMode: "none",
|
|
12735
|
+
description: "Workflow pull requests are tenant workflow data."
|
|
12736
|
+
},
|
|
12737
|
+
{
|
|
12738
|
+
component: "kernel",
|
|
12739
|
+
table: "workflowStages",
|
|
12740
|
+
prepopulation: "optional_template",
|
|
12741
|
+
copyMode: "none",
|
|
12742
|
+
dependsOn: ["workflowDefinitions"],
|
|
12743
|
+
description: "Workflow stages can be template data after workflowDefinitions are enabled for bootstrap copying."
|
|
12744
|
+
},
|
|
12745
|
+
{
|
|
12746
|
+
component: "kernel",
|
|
12747
|
+
table: "worktreeBeliefCluster",
|
|
12748
|
+
prepopulation: "runtime_data",
|
|
12749
|
+
copyMode: "none",
|
|
12750
|
+
description: "Worktree cluster rows link runtime worktrees to runtime beliefs."
|
|
12751
|
+
},
|
|
12752
|
+
{
|
|
12753
|
+
component: "kernel",
|
|
12754
|
+
table: "worktrees",
|
|
12755
|
+
prepopulation: "runtime_data",
|
|
12756
|
+
copyMode: "none",
|
|
12757
|
+
description: "Worktrees are tenant/runtime planning data."
|
|
12758
|
+
},
|
|
12759
|
+
{
|
|
12760
|
+
component: "identity",
|
|
12761
|
+
table: "agents",
|
|
12762
|
+
prepopulation: "runtime_bootstrap",
|
|
12763
|
+
copyMode: "none",
|
|
12764
|
+
description: "Service agents are provisioned per tenant or service, not copied."
|
|
12765
|
+
},
|
|
12766
|
+
{
|
|
12767
|
+
component: "identity",
|
|
12768
|
+
table: "mcpWritePolicy",
|
|
12769
|
+
prepopulation: "required_template",
|
|
12770
|
+
copyMode: "template_global",
|
|
12771
|
+
scope: "global",
|
|
12772
|
+
uniqueKey: ["topicId", "role", "toolCategory"],
|
|
12773
|
+
description: "Global write policy defaults govern service and interactive MCP writes."
|
|
12774
|
+
},
|
|
12775
|
+
{
|
|
12776
|
+
component: "identity",
|
|
12777
|
+
table: "modelCallLogs",
|
|
12778
|
+
prepopulation: "runtime_log",
|
|
12779
|
+
copyMode: "none",
|
|
12780
|
+
description: "Model call logs are runtime telemetry."
|
|
12781
|
+
},
|
|
12782
|
+
{
|
|
12783
|
+
component: "identity",
|
|
12784
|
+
table: "modelFunctionSlots",
|
|
12785
|
+
prepopulation: "required_template",
|
|
12786
|
+
copyMode: "template_global",
|
|
12787
|
+
scope: "global",
|
|
12788
|
+
uniqueKey: ["slot"],
|
|
12789
|
+
description: "Function-to-model slots are required by model runtime resolution."
|
|
12790
|
+
},
|
|
12791
|
+
{
|
|
12792
|
+
component: "identity",
|
|
12793
|
+
table: "modelRegistry",
|
|
12794
|
+
prepopulation: "required_template",
|
|
12795
|
+
copyMode: "template_global",
|
|
12796
|
+
scope: "global",
|
|
12797
|
+
uniqueKey: ["key"],
|
|
12798
|
+
description: "Model catalog defaults are required by model runtime clients."
|
|
12799
|
+
},
|
|
12800
|
+
{
|
|
12801
|
+
component: "identity",
|
|
12802
|
+
table: "modelSlotConfigs",
|
|
12803
|
+
prepopulation: "required_template",
|
|
12804
|
+
copyMode: "template_global",
|
|
12805
|
+
scope: "global",
|
|
12806
|
+
uniqueKey: ["slot"],
|
|
12807
|
+
description: "Slot-level defaults are required before tenant overrides exist."
|
|
12808
|
+
},
|
|
12809
|
+
{
|
|
12810
|
+
component: "identity",
|
|
12811
|
+
table: "platformAudienceGrants",
|
|
12812
|
+
prepopulation: "runtime_data",
|
|
12813
|
+
copyMode: "none",
|
|
12814
|
+
description: "Audience grants are principal/group-specific access rows."
|
|
12815
|
+
},
|
|
12816
|
+
{
|
|
12817
|
+
component: "identity",
|
|
12818
|
+
table: "platformAudiences",
|
|
12819
|
+
prepopulation: "required_template",
|
|
12820
|
+
copyMode: "template_tenant_rewrite",
|
|
12821
|
+
scope: "tenant",
|
|
12822
|
+
uniqueKey: ["tenantId", "workspaceId", "audienceKey"],
|
|
12823
|
+
description: "Default tenant audience taxonomy rows are rewritten into each tenant."
|
|
12824
|
+
},
|
|
12825
|
+
{
|
|
12826
|
+
component: "identity",
|
|
12827
|
+
table: "platformPolicyDecisionLogs",
|
|
12828
|
+
prepopulation: "runtime_log",
|
|
12829
|
+
copyMode: "none",
|
|
12830
|
+
description: "Policy decisions are runtime audit logs."
|
|
12831
|
+
},
|
|
12832
|
+
{
|
|
12833
|
+
component: "identity",
|
|
12834
|
+
table: "projectGrants",
|
|
12835
|
+
prepopulation: "runtime_data",
|
|
12836
|
+
copyMode: "none",
|
|
12837
|
+
description: "Project/topic grants are principal or group-specific access rows."
|
|
12838
|
+
},
|
|
12839
|
+
{
|
|
12840
|
+
component: "identity",
|
|
12841
|
+
table: "reasoningPermissions",
|
|
12842
|
+
prepopulation: "runtime_data",
|
|
12843
|
+
copyMode: "none",
|
|
12844
|
+
description: "Reasoning permissions are principal-specific policy rows."
|
|
12845
|
+
},
|
|
12846
|
+
{
|
|
12847
|
+
component: "identity",
|
|
12848
|
+
table: "tenantApiKeys",
|
|
12849
|
+
prepopulation: "runtime_secret",
|
|
12850
|
+
copyMode: "none",
|
|
12851
|
+
description: "API keys are tenant credentials and must never be copied."
|
|
12852
|
+
},
|
|
12853
|
+
{
|
|
12854
|
+
component: "identity",
|
|
12855
|
+
table: "tenantConfig",
|
|
12856
|
+
prepopulation: "required_template",
|
|
12857
|
+
copyMode: "template_tenant_rewrite",
|
|
12858
|
+
scope: "tenant",
|
|
12859
|
+
uniqueKey: ["tenantId"],
|
|
12860
|
+
description: "Tenant-local config defaults are rewritten during bootstrap."
|
|
12861
|
+
},
|
|
12862
|
+
{
|
|
12863
|
+
component: "identity",
|
|
12864
|
+
table: "tenantIntegrations",
|
|
12865
|
+
prepopulation: "required_template",
|
|
12866
|
+
copyMode: "template_tenant_rewrite",
|
|
12867
|
+
scope: "tenant",
|
|
12868
|
+
uniqueKey: ["tenantId", "integrationKey"],
|
|
12869
|
+
description: "Non-secret integration descriptors are rewritten into each tenant."
|
|
12870
|
+
},
|
|
12871
|
+
{
|
|
12872
|
+
component: "identity",
|
|
12873
|
+
table: "tenantModelSlotBindings",
|
|
12874
|
+
prepopulation: "runtime_secret",
|
|
12875
|
+
copyMode: "none",
|
|
12876
|
+
description: "Tenant model slot bindings reference provider secrets and are runtime-only."
|
|
12877
|
+
},
|
|
12878
|
+
{
|
|
12879
|
+
component: "identity",
|
|
12880
|
+
table: "tenantPolicies",
|
|
12881
|
+
prepopulation: "required_template",
|
|
12882
|
+
copyMode: "template_tenant_rewrite",
|
|
12883
|
+
scope: "tenant",
|
|
12884
|
+
uniqueKey: ["tenantId", "workspaceId", "roleName"],
|
|
12885
|
+
description: "Default tenant policy roles are rewritten during bootstrap."
|
|
12886
|
+
},
|
|
12887
|
+
{
|
|
12888
|
+
component: "identity",
|
|
12889
|
+
table: "tenantProviderSecrets",
|
|
12890
|
+
prepopulation: "runtime_secret",
|
|
12891
|
+
copyMode: "none",
|
|
12892
|
+
description: "Provider secrets are credentials and must never be copied."
|
|
12893
|
+
},
|
|
12894
|
+
{
|
|
12895
|
+
component: "identity",
|
|
12896
|
+
table: "tenantProxyGatewayUsage",
|
|
12897
|
+
prepopulation: "runtime_log",
|
|
12898
|
+
copyMode: "none",
|
|
12899
|
+
description: "Proxy gateway usage rows are runtime telemetry."
|
|
12900
|
+
},
|
|
12901
|
+
{
|
|
12902
|
+
component: "identity",
|
|
12903
|
+
table: "tenantProxyTokenMints",
|
|
12904
|
+
prepopulation: "runtime_secret",
|
|
12905
|
+
copyMode: "none",
|
|
12906
|
+
description: "Proxy token mints are ephemeral secret-bearing runtime rows."
|
|
12907
|
+
},
|
|
12908
|
+
{
|
|
12909
|
+
component: "identity",
|
|
12910
|
+
table: "tenantSandboxAuditEvents",
|
|
12911
|
+
prepopulation: "runtime_log",
|
|
12912
|
+
copyMode: "none",
|
|
12913
|
+
description: "Sandbox audit rows are runtime security logs."
|
|
12914
|
+
},
|
|
12915
|
+
{
|
|
12916
|
+
component: "identity",
|
|
12917
|
+
table: "tenantSecrets",
|
|
12918
|
+
prepopulation: "runtime_secret",
|
|
12919
|
+
copyMode: "none",
|
|
12920
|
+
description: "Tenant secrets are credentials and must never be copied."
|
|
12921
|
+
},
|
|
12922
|
+
{
|
|
12923
|
+
component: "identity",
|
|
12924
|
+
table: "toolAcls",
|
|
12925
|
+
prepopulation: "required_template",
|
|
12926
|
+
copyMode: "template_global",
|
|
12927
|
+
scope: "global",
|
|
12928
|
+
uniqueKey: ["role", "toolName"],
|
|
12929
|
+
description: "Default role-to-tool grants are required for SDK/MCP tool access."
|
|
12930
|
+
},
|
|
12931
|
+
{
|
|
12932
|
+
component: "identity",
|
|
12933
|
+
table: "toolRegistry",
|
|
12934
|
+
prepopulation: "required_template",
|
|
12935
|
+
copyMode: "template_global",
|
|
12936
|
+
scope: "global",
|
|
12937
|
+
uniqueKey: ["toolName"],
|
|
12938
|
+
description: "Core tool catalog rows are required before pack or tenant tools exist."
|
|
12939
|
+
},
|
|
12940
|
+
{
|
|
12941
|
+
component: "identity",
|
|
12942
|
+
table: "users",
|
|
12943
|
+
prepopulation: "runtime_bootstrap",
|
|
12944
|
+
copyMode: "none",
|
|
12945
|
+
description: "Users are created from Clerk/MC principal resolution, not copied."
|
|
12946
|
+
}
|
|
12947
|
+
];
|
|
12948
|
+
var TENANT_BOOTSTRAP_SEED_TABLES = TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(
|
|
12949
|
+
isCopyableSeedRequirement
|
|
12950
|
+
);
|
|
12951
|
+
var TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES = TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(
|
|
12952
|
+
(entry) => !isCopyableSeedRequirement(entry)
|
|
12953
|
+
).map((entry) => entry.table);
|
|
12954
|
+
var TENANT_BOOTSTRAP_SEED_MANIFEST = {
|
|
12955
|
+
contractVersion: TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION,
|
|
12956
|
+
authMetadataFields: TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS,
|
|
12957
|
+
components: TENANT_BOOTSTRAP_SEED_COMPONENTS,
|
|
12958
|
+
tableRequirements: TENANT_BOOTSTRAP_TABLE_REQUIREMENTS,
|
|
12959
|
+
tables: TENANT_BOOTSTRAP_SEED_TABLES,
|
|
12960
|
+
forbiddenTables: TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES
|
|
12961
|
+
};
|
|
12962
|
+
function findTenantBootstrapTableRequirement(table) {
|
|
12963
|
+
return TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.find(
|
|
12964
|
+
(entry) => entry.table === table
|
|
12965
|
+
);
|
|
12966
|
+
}
|
|
12967
|
+
function findTenantBootstrapSeedTable(table) {
|
|
12968
|
+
return TENANT_BOOTSTRAP_SEED_TABLES.find((entry) => entry.table === table);
|
|
12969
|
+
}
|
|
12970
|
+
function isTenantBootstrapSeedTable(table) {
|
|
12971
|
+
return Boolean(findTenantBootstrapSeedTable(table));
|
|
12972
|
+
}
|
|
12973
|
+
function isTenantBootstrapForbiddenSeedTable(table) {
|
|
12974
|
+
return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some((entry) => entry === table);
|
|
12975
|
+
}
|
|
12976
|
+
var TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION = "2026-04-30.1";
|
|
12977
|
+
var TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID = "tenant_template";
|
|
12978
|
+
var TENANT_BOOTSTRAP_TEMPLATE_ACTOR = "system:lucern-template-seed";
|
|
12979
|
+
var DEFAULT_SEED_TIME = Date.UTC(2026, 3, 30);
|
|
12980
|
+
var ROLE_GRANTS = {
|
|
12981
|
+
viewer: ["viewer", "auditor", "editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
|
|
12982
|
+
auditor: ["auditor", "tenant_admin", "platform_admin", "service_agent"],
|
|
12983
|
+
editor: ["editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
|
|
12984
|
+
workspace_admin: ["workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
|
|
12985
|
+
tenant_admin: ["tenant_admin", "platform_admin", "service_agent"],
|
|
12986
|
+
platform_admin: ["platform_admin", "service_agent"],
|
|
12987
|
+
service_agent: ["service_agent"]
|
|
12988
|
+
};
|
|
12989
|
+
var ENUM_VALUES = {
|
|
12990
|
+
topic_type: ["domain", "theme", "deal", "strategy", "constitution", "project", "portfolio", "architecture", "capability", "runtime", "interface", "governance", "operations", "security", "data"],
|
|
12991
|
+
branch_schema: ["pillar", "track", "dimension", "axis", "phase"],
|
|
12992
|
+
belief_type: ["belief", "hypothesis", "principle", "invariant", "assumption", "tenet", "prior", "preference", "goal", "forecast", "decision", "constraint", "tradeoff", "policy", "implementation_choice", "implementation_decision", "interface_contract", "migration_state", "code_pattern", "deprecation_notice"],
|
|
12993
|
+
edge_type: ["supports", "informs", "depends_on", "derived_from", "contains", "tests", "supersedes", "responds_to", "belongs_to", "relates_to_thesis", "works_at", "invested_in", "competes_with", "participates_in", "founded_by", "evaluates", "performs", "function_in", "impacts", "raised_from", "mentioned_in", "perspective_on", "plays_theme"],
|
|
12994
|
+
worktree_type: ["belief_test", "lens", "existential", "contradiction", "refinement", "coverage", "discovery", "clarification", "confirmation"],
|
|
12995
|
+
worktree_phase: ["cluster_mapping", "hypothesis_formation", "question_generation", "evidence_collection", "synthesis", "decision", "retrospective"],
|
|
12996
|
+
activity_type: ["create", "update", "review", "merge", "archive", "comment", "status_change", "evidence_added", "question_added"],
|
|
12997
|
+
lens_perspective_type: ["investigation", "monitoring", "analysis", "comparison", "taxonomy"],
|
|
12998
|
+
node_type: ["belief", "question", "theme", "deal", "evidence", "claim", "synthesis", "source", "excerpt", "atomic_fact", "person", "company", "investor", "value_chain", "function", "decision"]
|
|
12999
|
+
};
|
|
13000
|
+
var MODEL_REGISTRY = [
|
|
13001
|
+
["claude-sonnet-4", "Claude Sonnet 4", "claude-sonnet-4-20250514", "anthropic", 2e5, 64e3, 1, 3, 15],
|
|
13002
|
+
["claude-sonnet-4.5", "Claude Sonnet 4.5", "claude-sonnet-4-5-20250929", "anthropic", 2e5, 64e3, 1, 3, 15],
|
|
13003
|
+
["claude-opus-4", "Claude Opus 4", "claude-opus-4-20250514", "anthropic", 2e5, 32e3, 1, 15, 75],
|
|
13004
|
+
["gpt-4o", "GPT-4o", "gpt-4o", "openai", 128e3, 16e3, 0.7, 5, 15],
|
|
13005
|
+
["gpt-4o-mini", "GPT-4o Mini", "gpt-4o-mini", "openai", 128e3, 16e3, 0.7, 0.15, 0.6],
|
|
13006
|
+
["gemini-2.5-pro", "Gemini 2.5 Pro", "gemini-2.5-pro", "google", 1e6, 32e3, 0.7, 1.25, 10],
|
|
13007
|
+
["sonar-pro", "Sonar Pro", "sonar-pro", "perplexity", 128e3, 8e3, 0.3, 3, 15]
|
|
13008
|
+
];
|
|
13009
|
+
var MODEL_SLOTS = [
|
|
13010
|
+
["primer_default", "primers", "Default primer generation for general topics", "claude-sonnet-4", "agents/primer/system", 1, 4e3, ["text_generation", "reasoning"]],
|
|
13011
|
+
["primer_technical", "primers", "Technical and engineering focused primers", "claude-sonnet-4", "agents/primer/system", 0.8, 4e3, ["text_generation", "reasoning", "code"]],
|
|
13012
|
+
["primer_intelligence", "document_intelligence", "Extract evidence, beliefs, and questions from documents", "claude-sonnet-4", "agents/primer-intelligence", 0.3, 8e3, ["text_generation", "structured_output", "reasoning"]],
|
|
13013
|
+
["fact_checker", "research", "Verify claims without web search", "claude-sonnet-4", "agents/internet-fact-checker", 0.3, 4e3, ["text_generation", "reasoning"]],
|
|
13014
|
+
["fact_checker_web", "research", "Verify claims with web search", "sonar-pro", "agents/internet-fact-checker", 0.3, 4e3, ["web_search"]],
|
|
13015
|
+
["deep_research", "research", "Deep research with extended analysis", "claude-opus-4", void 0, 0.7, 8e3, ["text_generation", "reasoning", "long_context"]],
|
|
13016
|
+
["belief_classifier", "classification", "Classify beliefs by epistemic type", "claude-sonnet-4", "classification/belief-category", 0.2, 1e3, ["text_generation", "reasoning"]],
|
|
13017
|
+
["evidence_classifier", "classification", "Classify evidence methodology and quality", "claude-sonnet-4", "classification/evidence-rules", 0.3, 1e3, ["text_generation", "reasoning"]],
|
|
13018
|
+
["edge_classifier", "classification", "Classify edge reasoning method and temporal class", "claude-sonnet-4", "classification/epistemic-guidance", 0.3, 1e3, ["text_generation", "reasoning"]],
|
|
13019
|
+
["entity_extractor", "extraction", "Extract entities from text", "claude-sonnet-4", void 0, 0.2, 2e3, ["text_generation", "structured_output"]],
|
|
13020
|
+
["graph_intelligence_query", "graph_intelligence", "Analyze graph health, gaps, and structural risks", "claude-sonnet-4", "graph-intelligence/query", 0.5, 8e3, ["text_generation", "reasoning", "tool_use"]],
|
|
13021
|
+
["graph_intelligence_suggestions", "graph_intelligence", "Extract actionable graph suggestions", "claude-sonnet-4", "graph-intelligence/suggestions-extraction", 0.2, 4e3, ["text_generation", "structured_output"]],
|
|
13022
|
+
["text_to_cypher", "graph_intelligence", "Generate read-only Cypher from graph questions", "claude-sonnet-4", "graph-intelligence/text-to-cypher", 0.2, 2e3, ["text_generation", "code", "reasoning"]],
|
|
13023
|
+
["contradiction_verifier", "epistemic", "Verify semantic contradiction candidates", "claude-sonnet-4", "lucern/verify-contradiction", 0.2, 500, ["text_generation", "reasoning"]],
|
|
13024
|
+
["task_execution", "tasks", "Execute research tasks with structured analysis", "claude-sonnet-4", void 0, 0.3, 4e3, ["text_generation", "reasoning", "structured_output"]],
|
|
13025
|
+
["sprint_unified", "sprints", "Unified worktree chat across all phases", "claude-opus-4", "worktrees/unified-system-prompt", 0.7, 8e3, ["text_generation", "reasoning", "tool_use"]],
|
|
13026
|
+
["evidence_assessor", "sprints", "Assess evidence for belief valence and certainty", "claude-sonnet-4", "worktrees/scoring/evidence-assessor", 0.3, 4e3, ["text_generation", "reasoning", "structured_output"]],
|
|
13027
|
+
["title_generator", "utility", "Generate concise titles", "gpt-4o-mini", void 0, 0.7, 100, ["text_generation", "fast", "cheap"]],
|
|
13028
|
+
["help_desk_agent", "utility", "Help desk support agent for workflow guidance", "claude-sonnet-4", "agents/help-desk-agent", 0.4, 2e3, ["text_generation", "reasoning"]],
|
|
13029
|
+
["bug_detective_agent", "utility", "Bug triage assistant for structured diagnosis", "claude-sonnet-4", "agents/bug-detective-agent", 0.3, 2e3, ["text_generation", "reasoning"]]
|
|
13030
|
+
];
|
|
13031
|
+
function labelFor(value) {
|
|
13032
|
+
return value.split(/[_-]/).map((part) => part.charAt(0).toUpperCase() + part.slice(1)).join(" ");
|
|
13033
|
+
}
|
|
13034
|
+
function seedContext(options) {
|
|
13035
|
+
return {
|
|
13036
|
+
now: options.now ?? DEFAULT_SEED_TIME,
|
|
13037
|
+
templateTenantId: options.templateTenantId ?? TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID,
|
|
13038
|
+
actor: options.actorPrincipalId ?? TENANT_BOOTSTRAP_TEMPLATE_ACTOR,
|
|
13039
|
+
version: options.version ?? TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION
|
|
13040
|
+
};
|
|
13041
|
+
}
|
|
13042
|
+
function toolCategory(contract) {
|
|
13043
|
+
if (contract.surfaceIntent === "system") return "system";
|
|
13044
|
+
if (contract.effects.includes("admin")) return "admin";
|
|
13045
|
+
if (contract.effects.includes("write") || contract.kind !== "query") return "write";
|
|
13046
|
+
return "read";
|
|
13047
|
+
}
|
|
13048
|
+
function requiredRole(category) {
|
|
13049
|
+
if (category === "system") return "service_agent";
|
|
13050
|
+
if (category === "admin") return "tenant_admin";
|
|
13051
|
+
if (category === "write") return "editor";
|
|
13052
|
+
return "viewer";
|
|
13053
|
+
}
|
|
13054
|
+
function requiredAction(category) {
|
|
13055
|
+
if (category === "admin" || category === "system") return "admin";
|
|
13056
|
+
if (category === "write") return "mutate";
|
|
13057
|
+
return "read";
|
|
13058
|
+
}
|
|
13059
|
+
function enabledSurfaces(contract) {
|
|
13060
|
+
return [
|
|
13061
|
+
contract.surfaces.mcp !== "none" ? "mcp" : void 0,
|
|
13062
|
+
contract.surfaces.sdk !== "none" ? "sdk" : void 0,
|
|
13063
|
+
contract.surfaces.cli !== "none" ? "cli" : void 0,
|
|
13064
|
+
contract.surfaces.rest !== "none" ? "api" : void 0
|
|
13065
|
+
].filter((value) => Boolean(value));
|
|
13066
|
+
}
|
|
13067
|
+
function buildToolRegistry(now, actor, version) {
|
|
13068
|
+
const rows = /* @__PURE__ */ new Map();
|
|
13069
|
+
for (const contract of ALL_FUNCTION_CONTRACTS) {
|
|
13070
|
+
const surfaces = enabledSurfaces(contract);
|
|
13071
|
+
if (surfaces.length === 0) continue;
|
|
13072
|
+
const category = toolCategory(contract);
|
|
13073
|
+
const readOnly = category === "read";
|
|
13074
|
+
const toolName = contract.mcp.toolName || contract.name;
|
|
13075
|
+
rows.set(toolName, {
|
|
13076
|
+
toolName,
|
|
13077
|
+
description: contract.openapi.summary,
|
|
13078
|
+
version,
|
|
13079
|
+
status: "active",
|
|
13080
|
+
requiredRole: requiredRole(category),
|
|
13081
|
+
requiredAction: requiredAction(category),
|
|
13082
|
+
surfaces,
|
|
13083
|
+
category,
|
|
13084
|
+
parameterSchema: { contract: contract.name, sdk: contract.sdk },
|
|
13085
|
+
handlerRef: contract.convex ? `${contract.convex.module}.${contract.convex.functionName}` : contract.name,
|
|
13086
|
+
executionAdapter: contract.convex?.kind === "action" ? "convex_action" : contract.convex?.kind === "mutation" ? "convex_mutation" : "mcp_tool",
|
|
13087
|
+
safetyMetadata: {
|
|
13088
|
+
readOnly,
|
|
13089
|
+
idempotent: readOnly || contract.idempotent === true || contract.idempotent === "required",
|
|
13090
|
+
sideEffectLevel: readOnly ? "none" : category === "admin" ? "high" : "low"
|
|
13091
|
+
},
|
|
13092
|
+
isCore: true,
|
|
13093
|
+
mcVersion: version,
|
|
13094
|
+
registeredBy: actor,
|
|
13095
|
+
registeredAt: now
|
|
13096
|
+
});
|
|
13097
|
+
}
|
|
13098
|
+
return [...rows.values()].sort(
|
|
13099
|
+
(a, b) => String(a.toolName).localeCompare(String(b.toolName))
|
|
13100
|
+
);
|
|
13101
|
+
}
|
|
13102
|
+
function buildToolAcls(tools, now, actor) {
|
|
13103
|
+
return tools.flatMap(
|
|
13104
|
+
(tool) => (ROLE_GRANTS[tool.requiredRole] ?? [tool.requiredRole]).map(
|
|
13105
|
+
(role) => ({ role, toolName: tool.toolName, createdBy: actor, createdAt: now })
|
|
13106
|
+
)
|
|
13107
|
+
);
|
|
13108
|
+
}
|
|
13109
|
+
function buildMcpWritePolicy(now, actor) {
|
|
13110
|
+
return [
|
|
13111
|
+
...["viewer", "auditor"].map((role) => ({
|
|
13112
|
+
role,
|
|
13113
|
+
toolCategory: "write",
|
|
13114
|
+
permission: "deny",
|
|
13115
|
+
enabled: true,
|
|
13116
|
+
rationale: "Read-only roles cannot mutate the reasoning graph.",
|
|
13117
|
+
createdAt: now,
|
|
13118
|
+
updatedAt: now,
|
|
13119
|
+
createdBy: actor
|
|
13120
|
+
})),
|
|
13121
|
+
...["editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"].map((role) => ({
|
|
13122
|
+
role,
|
|
13123
|
+
toolCategory: "write",
|
|
13124
|
+
permission: "allow",
|
|
13125
|
+
maxWritesPerSession: role === "editor" ? 200 : void 0,
|
|
13126
|
+
enabled: true,
|
|
13127
|
+
rationale: "Default global write policy for trusted graph mutation roles.",
|
|
13128
|
+
createdAt: now,
|
|
13129
|
+
updatedAt: now,
|
|
13130
|
+
createdBy: actor
|
|
13131
|
+
}))
|
|
13132
|
+
];
|
|
13133
|
+
}
|
|
13134
|
+
function buildTenantPolicies(tenantId, now, actor) {
|
|
13135
|
+
const rows = [
|
|
13136
|
+
["viewer", "Read graph and runtime metadata.", [{ resource: "graph", actions: ["read"] }]],
|
|
13137
|
+
["auditor", "Read graph, audit, and policy decisions.", [{ resource: "audit", actions: ["read", "export"] }]],
|
|
13138
|
+
["editor", "Read and mutate tenant reasoning state.", [{ resource: "graph", actions: ["read", "create", "update", "mutate"] }]],
|
|
13139
|
+
["workspace_admin", "Manage workspace-scoped reasoning operations.", [{ resource: "workspace", actions: ["read", "update", "admin"] }]],
|
|
13140
|
+
["tenant_admin", "Manage tenant policy, tools, users, and publication.", [{ resource: "tenant", actions: ["read", "update", "admin"] }, { resource: "policy", actions: ["read", "create", "update", "admin"] }]],
|
|
13141
|
+
["service_agent", "Service principal execution role for automation.", [{ resource: "runtime", actions: ["read", "create", "update"] }, { resource: "graph", actions: ["read", "create", "update", "mutate"] }]]
|
|
13142
|
+
];
|
|
13143
|
+
return rows.map(([roleName, description, permissions]) => ({
|
|
13144
|
+
tenantId,
|
|
13145
|
+
roleName,
|
|
13146
|
+
description,
|
|
13147
|
+
permissions,
|
|
13148
|
+
groupBindings: [],
|
|
13149
|
+
createdAt: now,
|
|
13150
|
+
updatedAt: now,
|
|
13151
|
+
createdBy: actor,
|
|
13152
|
+
updatedBy: actor
|
|
13153
|
+
}));
|
|
13154
|
+
}
|
|
13155
|
+
function modelRegistryRows(now) {
|
|
13156
|
+
return MODEL_REGISTRY.map(([key, name, modelId, provider, contextWindow, maxOutputTokens, defaultTemperature, inputCostPer1M, outputCostPer1M]) => ({
|
|
13157
|
+
key,
|
|
13158
|
+
name,
|
|
13159
|
+
modelId,
|
|
13160
|
+
provider,
|
|
13161
|
+
capabilities: ["text_generation", "reasoning"],
|
|
13162
|
+
contextWindow,
|
|
13163
|
+
maxOutputTokens,
|
|
13164
|
+
defaultTemperature,
|
|
13165
|
+
inputCostPer1M,
|
|
13166
|
+
outputCostPer1M,
|
|
13167
|
+
recommended: true,
|
|
13168
|
+
enabled: true,
|
|
13169
|
+
createdAt: now,
|
|
13170
|
+
updatedAt: now
|
|
13171
|
+
}));
|
|
13172
|
+
}
|
|
13173
|
+
function modelFunctionSlotRows(now) {
|
|
13174
|
+
return MODEL_SLOTS.map(([slot, category, description, modelKey, promptName, temperature, maxTokens, requiredCapabilities]) => ({
|
|
13175
|
+
slot,
|
|
13176
|
+
category,
|
|
13177
|
+
description,
|
|
13178
|
+
modelKey,
|
|
13179
|
+
promptName,
|
|
13180
|
+
temperature,
|
|
13181
|
+
maxTokens,
|
|
13182
|
+
requiredCapabilities,
|
|
13183
|
+
enabled: true,
|
|
13184
|
+
isDefault: true,
|
|
13185
|
+
notes: `Seeded by ${TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION}.`,
|
|
13186
|
+
createdAt: now,
|
|
13187
|
+
updatedAt: now
|
|
13188
|
+
}));
|
|
13189
|
+
}
|
|
13190
|
+
function modelSlotConfigRows(now) {
|
|
13191
|
+
return MODEL_SLOTS.map(([slot, , , modelKey, , temperature, maxTokens]) => ({
|
|
13192
|
+
slot,
|
|
13193
|
+
modelKey,
|
|
13194
|
+
temperature,
|
|
13195
|
+
maxTokens,
|
|
13196
|
+
enabled: true,
|
|
13197
|
+
notes: `Default routing for ${slot}.`,
|
|
13198
|
+
createdAt: now,
|
|
13199
|
+
updatedAt: now
|
|
13200
|
+
}));
|
|
13201
|
+
}
|
|
13202
|
+
function schemaEnumRows(now) {
|
|
13203
|
+
return Object.entries(ENUM_VALUES).flatMap(
|
|
13204
|
+
([category, values]) => values.map((value, index) => ({
|
|
13205
|
+
category,
|
|
13206
|
+
value,
|
|
13207
|
+
label: labelFor(value),
|
|
13208
|
+
description: `${labelFor(value)} ${category} value.`,
|
|
13209
|
+
tier: "platform",
|
|
13210
|
+
metadata: { seedVersion: TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION },
|
|
13211
|
+
isDefault: index === 0,
|
|
13212
|
+
sortOrder: index + 1,
|
|
13213
|
+
status: "active",
|
|
13214
|
+
createdAt: now,
|
|
13215
|
+
updatedAt: now
|
|
13216
|
+
}))
|
|
13217
|
+
);
|
|
13218
|
+
}
|
|
13219
|
+
function buildTenantBootstrapTemplateSeedRows(options = {}) {
|
|
13220
|
+
const ctx = seedContext(options);
|
|
13221
|
+
const toolRegistry2 = buildToolRegistry(ctx.now, ctx.actor, ctx.version);
|
|
13222
|
+
return {
|
|
13223
|
+
kernel: {
|
|
13224
|
+
backgroundJobSettings: [
|
|
13225
|
+
{ jobKey: "neo4j_sync", enabled: false, notes: "Disabled until graph-sync credentials are configured.", updatedAt: ctx.now, updatedBy: ctx.actor },
|
|
13226
|
+
{ jobKey: "calibration_rollups", enabled: true, notes: "Compute calibration rollups when calibration data exists.", updatedAt: ctx.now, updatedBy: ctx.actor }
|
|
13227
|
+
],
|
|
13228
|
+
ontologyDefinitions: [
|
|
13229
|
+
{ ontologyKey: "lucern-core", name: "Lucern Core", description: "Core Lucern reasoning taxonomy.", tier: "platform", status: "active", createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now }
|
|
13230
|
+
],
|
|
13231
|
+
ontologyVersions: [
|
|
13232
|
+
{
|
|
13233
|
+
ontologyId: "lucern-core",
|
|
13234
|
+
ontologyKey: "lucern-core",
|
|
13235
|
+
version: ctx.version,
|
|
13236
|
+
status: "published",
|
|
13237
|
+
entityTypes: ["belief", "question", "evidence", "answer", "decision", "task", "worktree", "topic", "source"].map((value) => ({ value, label: labelFor(value) })),
|
|
13238
|
+
edgeTypes: ["supports", "informs", "depends_on", "derived_from", "contains", "tests", "supersedes", "responds_to"].map((value) => ({ value, label: labelFor(value) })),
|
|
13239
|
+
releaseNotes: "Initial platform ontology seed.",
|
|
13240
|
+
publishedBy: ctx.actor,
|
|
13241
|
+
publishedAt: ctx.now,
|
|
13242
|
+
createdAt: ctx.now
|
|
13243
|
+
}
|
|
13244
|
+
],
|
|
13245
|
+
publicationRules: [
|
|
13246
|
+
{ tenantId: ctx.templateTenantId, name: "publish-high-confidence-beliefs", description: "Publish high-confidence beliefs to tenant-level consumers.", conditionType: "confidence_threshold", conditions: { minConfidence: 0.85 }, enabled: true, priority: 100, createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now }
|
|
13247
|
+
],
|
|
13248
|
+
schemaEnumConfig: schemaEnumRows(ctx.now)
|
|
13249
|
+
},
|
|
13250
|
+
identity: {
|
|
13251
|
+
mcpWritePolicy: buildMcpWritePolicy(ctx.now, ctx.actor),
|
|
13252
|
+
modelFunctionSlots: modelFunctionSlotRows(ctx.now),
|
|
13253
|
+
modelRegistry: modelRegistryRows(ctx.now),
|
|
13254
|
+
modelSlotConfigs: modelSlotConfigRows(ctx.now),
|
|
13255
|
+
platformAudiences: [
|
|
13256
|
+
["internal", "Internal", "internal"],
|
|
13257
|
+
["lp", "Limited Partners", "restricted_external"],
|
|
13258
|
+
["public", "Public", "public"]
|
|
13259
|
+
].map(([audienceKey, audienceLabel, audienceClass]) => ({ tenantId: ctx.templateTenantId, audienceKey, audienceLabel, audienceClass, status: "active", metadata: { seedVersion: ctx.version }, createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now })),
|
|
13260
|
+
tenantConfig: [
|
|
13261
|
+
{ tenantId: ctx.templateTenantId, authPolicyMode: "open", defaultSessionTTL: 28800, defaultTopicVisibility: "tenant", featureFlags: { sdkBootstrapSeeds: true, interactiveRoleAuth: true }, maxWorkspaceCount: 25, defaultModelSlotOverrides: {}, updatedAt: ctx.now, updatedBy: ctx.actor }
|
|
13262
|
+
],
|
|
13263
|
+
tenantIntegrations: [
|
|
13264
|
+
{ tenantId: ctx.templateTenantId, integrationKey: "web-search", displayName: "Web Search", description: "Tenant-configurable search integration placeholder.", category: "search", capabilities: ["search", "deep_research", "summarize"], config: { apiBaseUrl: "https://example.invalid/lucern/search", authType: "none", timeout: 3e4 }, endpoints: { search: { path: "/search", method: "POST", queryParamName: "query", resultPath: "results" } }, status: "disabled", usageCount: 0, createdAt: ctx.now, updatedAt: ctx.now, createdBy: ctx.actor }
|
|
13265
|
+
],
|
|
13266
|
+
tenantPolicies: buildTenantPolicies(ctx.templateTenantId, ctx.now, ctx.actor),
|
|
13267
|
+
toolAcls: buildToolAcls(toolRegistry2, ctx.now, ctx.actor),
|
|
13268
|
+
toolRegistry: toolRegistry2
|
|
13269
|
+
}
|
|
13270
|
+
};
|
|
13271
|
+
}
|
|
13272
|
+
|
|
11920
13273
|
// src/v1/topics/v1.ts
|
|
11921
13274
|
var ROOT_TOPIC_ID = "n17tm38rwet7wqgzrmwahyt1z582590y";
|
|
11922
13275
|
function collectTopicNeighborhood(topics2, rootTopicId, maxDescendantDepth = 2) {
|
|
@@ -12210,6 +13563,6 @@ var CANONICAL_WORKFLOW_DEFINITIONS = [
|
|
|
12210
13563
|
}
|
|
12211
13564
|
];
|
|
12212
13565
|
|
|
12213
|
-
export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GraphRefSchema, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TENANT_CLIENT_AUTH_MODES, TENANT_CLIENT_CAPABILITIES, TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS, TENANT_CLIENT_CONTRACT_VERSION, TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS, TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS, TENANT_CLIENT_FORBIDDEN_SECRET_ENV, TENANT_CLIENT_INSTALLABLE_PACKAGES, TENANT_CLIENT_INSTALL_TOKEN_ENV, TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH, TENANT_CLIENT_ISOLATION_RULES, TENANT_CLIENT_MANIFEST, TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS, TENANT_CLIENT_PRINCIPAL_TYPES, TENANT_CLIENT_PUBLIC_IMPORTS, TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS, TENANT_CLIENT_REQUIRED_SDK_NAMESPACES, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, assertTenantClientImportAllowed, bigramTokenize, buildDomainEvent, classifyTenantClientImport, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, findEdgePolicy, findTenantClientInstallablePackage, formatTenantClientImportViolation, getComponentBoundaryTableLayer, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, isAfterCursor, isComponentBoundaryComponentOwnedTable, isLucernPrompt, isTenantClientAllowedImport, isTenantClientComponentConfigImport, isTenantClientInstallablePackage, isTenantClientPublicImport, jaccardSimilarity, lastDelegator, listBeliefsProjection, listTasksProjection, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tokenOverlapScore, tokenizeSearchText, wordOverlapScore, wordTokenize };
|
|
13566
|
+
export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION, COMPONENT_HOST_DB_READ_OPERATIONS, COMPONENT_HOST_DB_WRITE_OPERATIONS, COMPONENT_HOST_PROTECTED_TABLES, COMPONENT_HOST_PROTECTED_TABLE_OWNERS, COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS, COMPONENT_HOST_WRITE_AUDIT_ROOTS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GraphRefSchema, INFISICAL_RUNTIME_BOOTSTRAP_ENV, INFISICAL_RUNTIME_CONTRACT_VERSION, INFISICAL_RUNTIME_DEFAULT_API_URL, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DELIVERY_MODES, INFISICAL_RUNTIME_ENVIRONMENTS, INFISICAL_RUNTIME_MANIFEST, INFISICAL_RUNTIME_PATHS, INFISICAL_RUNTIME_SURFACES, INFISICAL_RUNTIME_SURFACE_IDS, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES, TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS, TENANT_BOOTSTRAP_SEED_COMPONENTS, TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION, TENANT_BOOTSTRAP_SEED_MANIFEST, TENANT_BOOTSTRAP_SEED_TABLES, TENANT_BOOTSTRAP_TABLE_REQUIREMENTS, TENANT_BOOTSTRAP_TEMPLATE_ACTOR, TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION, TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID, TENANT_CLIENT_AUTH_MODES, TENANT_CLIENT_CAPABILITIES, TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS, TENANT_CLIENT_CONTRACT_VERSION, TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS, TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS, TENANT_CLIENT_FORBIDDEN_SECRET_ENV, TENANT_CLIENT_INSTALLABLE_PACKAGES, TENANT_CLIENT_INSTALL_TOKEN_ENV, TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH, TENANT_CLIENT_ISOLATION_RULES, TENANT_CLIENT_MANIFEST, TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS, TENANT_CLIENT_PRINCIPAL_TYPES, TENANT_CLIENT_PUBLIC_IMPORTS, TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS, TENANT_CLIENT_REQUIRED_SDK_NAMESPACES, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, assertTenantClientImportAllowed, bigramTokenize, buildDomainEvent, buildTenantBootstrapTemplateSeedRows, classifyTenantClientImport, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, findEdgePolicy, findInfisicalRuntimePath, findInfisicalRuntimeSurface, findTenantBootstrapSeedTable, findTenantBootstrapTableRequirement, findTenantClientInstallablePackage, formatTenantClientImportViolation, getComponentBoundaryTableLayer, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, isAfterCursor, isComponentBoundaryComponentOwnedTable, isLucernPrompt, isTenantBootstrapForbiddenSeedTable, isTenantBootstrapSeedTable, isTenantClientAllowedImport, isTenantClientComponentConfigImport, isTenantClientInstallablePackage, isTenantClientPublicImport, jaccardSimilarity, lastDelegator, listBeliefsProjection, listTasksProjection, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tokenOverlapScore, tokenizeSearchText, wordOverlapScore, wordTokenize };
|
|
12214
13567
|
//# sourceMappingURL=index.js.map
|
|
12215
13568
|
//# sourceMappingURL=index.js.map
|