@lucern/contracts 0.3.0-alpha.3 → 0.3.0-alpha.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (180) hide show
  1. package/dist/component-host-boundary.contract.d.ts +41 -0
  2. package/dist/component-host-boundary.contract.js +54 -0
  3. package/dist/component-host-boundary.contract.js.map +1 -0
  4. package/dist/edge-policy-manifest-DpmTtjmm.d.ts +132 -0
  5. package/dist/function-registry/beliefs.d.ts +41 -41
  6. package/dist/function-registry/beliefs.js +274 -8
  7. package/dist/function-registry/beliefs.js.map +1 -1
  8. package/dist/function-registry/coding.js +259 -8
  9. package/dist/function-registry/coding.js.map +1 -1
  10. package/dist/function-registry/context.d.ts +13 -13
  11. package/dist/function-registry/context.js +259 -9
  12. package/dist/function-registry/context.js.map +1 -1
  13. package/dist/function-registry/contracts.js +230 -5
  14. package/dist/function-registry/contracts.js.map +1 -1
  15. package/dist/function-registry/coordination.js +230 -5
  16. package/dist/function-registry/coordination.js.map +1 -1
  17. package/dist/function-registry/edges.js +241 -6
  18. package/dist/function-registry/edges.js.map +1 -1
  19. package/dist/function-registry/evidence.d.ts +33 -33
  20. package/dist/function-registry/evidence.js +274 -9
  21. package/dist/function-registry/evidence.js.map +1 -1
  22. package/dist/function-registry/graph.d.ts +131 -53
  23. package/dist/function-registry/graph.js +346 -12
  24. package/dist/function-registry/graph.js.map +1 -1
  25. package/dist/function-registry/helpers.d.ts +1 -1
  26. package/dist/function-registry/helpers.js +230 -5
  27. package/dist/function-registry/helpers.js.map +1 -1
  28. package/dist/function-registry/identity.js +230 -5
  29. package/dist/function-registry/identity.js.map +1 -1
  30. package/dist/function-registry/index.d.ts +1 -1
  31. package/dist/function-registry/index.js +230 -5
  32. package/dist/function-registry/index.js.map +1 -1
  33. package/dist/function-registry/judgments.d.ts +9 -9
  34. package/dist/function-registry/judgments.js +242 -8
  35. package/dist/function-registry/judgments.js.map +1 -1
  36. package/dist/function-registry/legacy.js +230 -5
  37. package/dist/function-registry/legacy.js.map +1 -1
  38. package/dist/function-registry/lenses.d.ts +17 -17
  39. package/dist/function-registry/lenses.js +253 -8
  40. package/dist/function-registry/lenses.js.map +1 -1
  41. package/dist/function-registry/manifest.d.ts +5 -5
  42. package/dist/function-registry/manifest.js +3 -1
  43. package/dist/function-registry/manifest.js.map +1 -1
  44. package/dist/function-registry/ontologies.d.ts +45 -45
  45. package/dist/function-registry/ontologies.js +248 -11
  46. package/dist/function-registry/ontologies.js.map +1 -1
  47. package/dist/function-registry/pipeline.d.ts +13 -13
  48. package/dist/function-registry/pipeline.js +239 -8
  49. package/dist/function-registry/pipeline.js.map +1 -1
  50. package/dist/function-registry/questions.d.ts +49 -49
  51. package/dist/function-registry/questions.js +327 -13
  52. package/dist/function-registry/questions.js.map +1 -1
  53. package/dist/function-registry/tasks.js +230 -5
  54. package/dist/function-registry/tasks.js.map +1 -1
  55. package/dist/function-registry/topics.d.ts +21 -21
  56. package/dist/function-registry/topics.js +244 -8
  57. package/dist/function-registry/topics.js.map +1 -1
  58. package/dist/function-registry/types.d.ts +1 -1
  59. package/dist/function-registry/worktrees.d.ts +80 -41
  60. package/dist/function-registry/worktrees.js +364 -17
  61. package/dist/function-registry/worktrees.js.map +1 -1
  62. package/dist/function-registry-input-audit.d.ts +13 -0
  63. package/dist/function-registry-input-audit.js +164 -0
  64. package/dist/function-registry-input-audit.js.map +1 -0
  65. package/dist/gateway.contract.d.ts +1 -0
  66. package/dist/gateway.contract.js.map +1 -1
  67. package/dist/generated/convexSchemas.js +2 -2
  68. package/dist/generated/convexSchemas.js.map +1 -1
  69. package/dist/graph-intelligence.contract.d.ts +506 -0
  70. package/dist/graph-intelligence.contract.js +595 -0
  71. package/dist/graph-intelligence.contract.js.map +1 -0
  72. package/dist/graph-types/index.d.ts +5 -1
  73. package/dist/graph-types/index.js +15 -4
  74. package/dist/graph-types/index.js.map +1 -1
  75. package/dist/{index-CV-0_VWJ.d.ts → index-O09U2xHk.d.ts} +5 -2
  76. package/dist/index.d.ts +21 -667
  77. package/dist/index.js +2139 -52
  78. package/dist/index.js.map +1 -1
  79. package/dist/infisical-runtime.contract.d.ts +174 -0
  80. package/dist/infisical-runtime.contract.js +312 -0
  81. package/dist/infisical-runtime.contract.js.map +1 -0
  82. package/dist/manifests/edge-policy-manifest.d.ts +2 -0
  83. package/dist/manifests/edge-policy-manifest.data.d.ts +27 -0
  84. package/dist/manifests/edge-policy-manifest.data.js +34 -0
  85. package/dist/manifests/edge-policy-manifest.data.js.map +1 -0
  86. package/dist/manifests/edge-policy-manifest.js +65 -0
  87. package/dist/manifests/edge-policy-manifest.js.map +1 -0
  88. package/dist/manifests/infisical-runtime-manifest.d.ts +151 -0
  89. package/dist/manifests/infisical-runtime-manifest.js +311 -0
  90. package/dist/manifests/infisical-runtime-manifest.js.map +1 -0
  91. package/dist/manifests/invariant-manifest.d.ts +65 -0
  92. package/dist/manifests/invariant-manifest.js +18 -0
  93. package/dist/manifests/invariant-manifest.js.map +1 -0
  94. package/dist/manifests/invariants/ast-utils.d.ts +14 -0
  95. package/dist/manifests/invariants/ast-utils.js +54 -0
  96. package/dist/manifests/invariants/ast-utils.js.map +1 -0
  97. package/dist/manifests/invariants/index.d.ts +15 -0
  98. package/dist/manifests/invariants/index.js +183 -0
  99. package/dist/manifests/invariants/index.js.map +1 -0
  100. package/dist/manifests/invariants/inv-1-beliefs-append-only.d.ts +12 -0
  101. package/dist/manifests/invariants/inv-1-beliefs-append-only.js +94 -0
  102. package/dist/manifests/invariants/inv-1-beliefs-append-only.js.map +1 -0
  103. package/dist/manifests/invariants/inv-14-no-silent-transitions.d.ts +12 -0
  104. package/dist/manifests/invariants/inv-14-no-silent-transitions.js +99 -0
  105. package/dist/manifests/invariants/inv-14-no-silent-transitions.js.map +1 -0
  106. package/dist/manifests/invariants/manifest-1-projections-declare-audit.d.ts +12 -0
  107. package/dist/manifests/invariants/manifest-1-projections-declare-audit.js +42 -0
  108. package/dist/manifests/invariants/manifest-1-projections-declare-audit.js.map +1 -0
  109. package/dist/manifests/tenant-client-manifest.d.ts +303 -0
  110. package/dist/manifests/tenant-client-manifest.js +409 -0
  111. package/dist/manifests/tenant-client-manifest.js.map +1 -0
  112. package/dist/projections/check-convex-args-shape.d.ts +3 -0
  113. package/dist/projections/check-convex-args-shape.js +396 -0
  114. package/dist/projections/check-convex-args-shape.js.map +1 -0
  115. package/dist/projections/create-evidence.projection.d.ts +176 -0
  116. package/dist/projections/create-evidence.projection.js +128 -0
  117. package/dist/projections/create-evidence.projection.js.map +1 -0
  118. package/dist/projections/index.d.ts +102 -0
  119. package/dist/projections/index.js +345 -0
  120. package/dist/projections/index.js.map +1 -0
  121. package/dist/projections/list-beliefs.projection.d.ts +36 -0
  122. package/dist/projections/list-beliefs.projection.js +54 -0
  123. package/dist/projections/list-beliefs.projection.js.map +1 -0
  124. package/dist/projections/list-tasks.projection.d.ts +32 -0
  125. package/dist/projections/list-tasks.projection.js +52 -0
  126. package/dist/projections/list-tasks.projection.js.map +1 -0
  127. package/dist/projections/modulate-confidence.projection.d.ts +219 -0
  128. package/dist/projections/modulate-confidence.projection.js +148 -0
  129. package/dist/projections/modulate-confidence.projection.js.map +1 -0
  130. package/dist/projections/projection-dsl.d.ts +11 -0
  131. package/dist/projections/projection-dsl.js +8 -0
  132. package/dist/projections/projection-dsl.js.map +1 -0
  133. package/dist/schemas/enums.d.ts +5 -2
  134. package/dist/schemas/enums.js +5 -2
  135. package/dist/schemas/enums.js.map +1 -1
  136. package/dist/schemas/index.d.ts +1 -1
  137. package/dist/schemas/index.js +9 -4
  138. package/dist/schemas/index.js.map +1 -1
  139. package/dist/schemas/manifest.d.ts +940 -910
  140. package/dist/schemas/manifest.js +8 -3
  141. package/dist/schemas/manifest.js.map +1 -1
  142. package/dist/schemas/sl-opinion.d.ts +4 -4
  143. package/dist/schemas/tables/identity/platform.d.ts +10 -10
  144. package/dist/schemas/tables/kernel/epistemic.d.ts +6 -6
  145. package/dist/schemas/tables/kernel/infra.d.ts +4 -4
  146. package/dist/schemas/tables/kernel/intelligence.d.ts +10 -10
  147. package/dist/schemas/tables/kernel/lens.d.ts +4 -4
  148. package/dist/schemas/tables/kernel/platform.d.ts +12 -12
  149. package/dist/schemas/tables/kernel/spine.d.ts +3 -3
  150. package/dist/schemas/tables/kernel/spine.js +5 -2
  151. package/dist/schemas/tables/kernel/spine.js.map +1 -1
  152. package/dist/schemas/tables/kernel/task.d.ts +42 -42
  153. package/dist/schemas/tables/kernel/topic.js +4 -1
  154. package/dist/schemas/tables/kernel/topic.js.map +1 -1
  155. package/dist/schemas/tables/kernel/worktree.d.ts +62 -62
  156. package/dist/schemas/tables/mc/identity.d.ts +2 -2
  157. package/dist/schemas/tables/mc/pack.d.ts +20 -20
  158. package/dist/schemas/tables/mc/registry.d.ts +4 -4
  159. package/dist/schemas/tables/mc/workspace.d.ts +9 -3
  160. package/dist/schemas/tables/mc/workspace.js +3 -1
  161. package/dist/schemas/tables/mc/workspace.js.map +1 -1
  162. package/dist/sdk-methods.contract.d.ts +1 -1
  163. package/dist/{sdk-tools.contract-S4ia0TTo.d.ts → sdk-tools.contract-Ng8ULxjr.d.ts} +1 -1
  164. package/dist/sdk-tools.contract.d.ts +2 -2
  165. package/dist/sdk-tools.contract.js +227 -4
  166. package/dist/sdk-tools.contract.js.map +1 -1
  167. package/dist/tenant-bootstrap-seed.contract.d.ts +1101 -0
  168. package/dist/tenant-bootstrap-seed.contract.js +653 -0
  169. package/dist/tenant-bootstrap-seed.contract.js.map +1 -0
  170. package/dist/tenant-bootstrap-seed.defaults.d.ts +16 -0
  171. package/dist/tenant-bootstrap-seed.defaults.js +303 -0
  172. package/dist/tenant-bootstrap-seed.defaults.js.map +1 -0
  173. package/dist/tenant-client.contract.d.ts +69 -5
  174. package/dist/tenant-client.contract.js +65 -4
  175. package/dist/tenant-client.contract.js.map +1 -1
  176. package/dist/{tool-contracts-C92-9ueT.d.ts → tool-contracts-CYXVPN4K.d.ts} +8 -2
  177. package/dist/tool-contracts.d.ts +1 -1
  178. package/dist/tool-contracts.js +228 -5
  179. package/dist/tool-contracts.js.map +1 -1
  180. package/package.json +9 -1
package/dist/index.js CHANGED
@@ -1,5 +1,6 @@
1
1
  import { z, ZodFirstPartyTypeKind } from 'zod';
2
2
  import { v } from 'convex/values';
3
+ import { ALL_FUNCTION_CONTRACTS } from './function-registry/index.js';
3
4
  export * from './function-registry/index.js';
4
5
 
5
6
  var __defProp = Object.defineProperty;
@@ -376,6 +377,57 @@ function isComponentBoundaryComponentOwnedTable(tableName) {
376
377
  return layer === "I" || layer === "K";
377
378
  }
378
379
 
380
+ // src/component-host-boundary.contract.ts
381
+ var COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION = "2026-04-28";
382
+ var COMPONENT_HOST_PROTECTED_TABLES = [
383
+ "backgroundJobRuns",
384
+ "backgroundJobSettings",
385
+ "systemLogs",
386
+ "epistemicAudit",
387
+ "platformPolicyDecisionLogs",
388
+ "tenantApiKeys",
389
+ "projectGrants",
390
+ "userSessions"
391
+ ];
392
+ var COMPONENT_HOST_PROTECTED_TABLE_OWNERS = {
393
+ backgroundJobRuns: "kernel_component",
394
+ backgroundJobSettings: "kernel_component",
395
+ systemLogs: "kernel_component",
396
+ epistemicAudit: "reasoning_kernel_component",
397
+ platformPolicyDecisionLogs: "identity_component",
398
+ tenantApiKeys: "identity_component",
399
+ projectGrants: "identity_component",
400
+ userSessions: "tenant_or_control_plane_schema"
401
+ };
402
+ var COMPONENT_HOST_DB_WRITE_OPERATIONS = [
403
+ "insert",
404
+ "patch",
405
+ "replace",
406
+ "delete"
407
+ ];
408
+ var COMPONENT_HOST_DB_READ_OPERATIONS = ["query"];
409
+ var COMPONENT_HOST_WRITE_AUDIT_ROOTS = [
410
+ "apps/web/convex",
411
+ "packages/server-core/src",
412
+ "services/kernel-template/convex",
413
+ "services/identity-template/convex",
414
+ "services/master-control/convex"
415
+ ];
416
+ var COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS = [
417
+ {
418
+ file: "services/master-control/convex/userSessions.ts",
419
+ table: "userSessions",
420
+ operation: "insert",
421
+ reason: "Master Control declares and owns its own userSessions table for gateway session validation."
422
+ },
423
+ {
424
+ file: "services/master-control/convex/userSessions.ts",
425
+ table: "userSessions",
426
+ operation: "query",
427
+ reason: "Master Control declares and owns its own userSessions table for gateway session validation."
428
+ }
429
+ ];
430
+
379
431
  // src/gateway.contract.ts
380
432
  function requireActorPrincipalId(authContext) {
381
433
  const principalId = typeof authContext.principalId === "string" ? authContext.principalId.trim() : "";
@@ -385,6 +437,598 @@ function requireActorPrincipalId(authContext) {
385
437
  throw new Error("Access denied: federated principal context required.");
386
438
  }
387
439
 
440
+ // src/graph-intelligence.contract.ts
441
+ var GRAPH_INTELLIGENCE_QUERY_CATALOG_VERSION = "graph_intelligence_query_catalog.v1";
442
+ var GRAPH_INTELLIGENCE_QUERY_MODES = [
443
+ "core",
444
+ "bias",
445
+ "stress",
446
+ "operational",
447
+ "alpha",
448
+ "semantic",
449
+ "evidence"
450
+ ];
451
+ var GRAPH_INTELLIGENCE_PUBLIC_TOOL_NAMES = [
452
+ "get_graph_structure_analysis",
453
+ "detect_confirmation_bias",
454
+ "get_graph_gaps",
455
+ "get_topic_coverage",
456
+ "find_contradictions",
457
+ "get_falsification_questions",
458
+ "search_beliefs",
459
+ "search_evidence",
460
+ "list_beliefs",
461
+ "list_questions",
462
+ "traverse_graph",
463
+ "query_lineage",
464
+ "get_graph_neighborhood"
465
+ ];
466
+ var GRAPH_INTELLIGENCE_MODE_TOOL_NAMES = {
467
+ core: [
468
+ "get_graph_structure_analysis",
469
+ "get_topic_coverage",
470
+ "get_graph_gaps",
471
+ "list_beliefs",
472
+ "list_questions",
473
+ "search_evidence"
474
+ ],
475
+ bias: [
476
+ "get_graph_structure_analysis",
477
+ "detect_confirmation_bias",
478
+ "find_contradictions",
479
+ "search_evidence",
480
+ "list_beliefs"
481
+ ],
482
+ stress: [
483
+ "get_graph_structure_analysis",
484
+ "get_graph_gaps",
485
+ "find_contradictions",
486
+ "get_falsification_questions",
487
+ "list_beliefs",
488
+ "list_questions"
489
+ ],
490
+ operational: [
491
+ "get_topic_coverage",
492
+ "get_graph_gaps",
493
+ "list_beliefs",
494
+ "list_questions",
495
+ "search_evidence"
496
+ ],
497
+ alpha: [
498
+ "get_graph_structure_analysis",
499
+ "detect_confirmation_bias",
500
+ "find_contradictions",
501
+ "search_beliefs",
502
+ "search_evidence"
503
+ ],
504
+ semantic: [
505
+ "get_graph_structure_analysis",
506
+ "search_beliefs",
507
+ "search_evidence",
508
+ "traverse_graph",
509
+ "query_lineage",
510
+ "get_graph_neighborhood"
511
+ ],
512
+ evidence: [
513
+ "get_graph_structure_analysis",
514
+ "get_topic_coverage",
515
+ "search_evidence",
516
+ "get_falsification_questions",
517
+ "find_contradictions"
518
+ ]
519
+ };
520
+ var GRAPH_INTELLIGENCE_QUERY_CATEGORIES = [
521
+ {
522
+ id: "problems",
523
+ name: "Find Problems",
524
+ description: "Risk, contradiction, bias, and structural weakness queries."
525
+ },
526
+ {
527
+ id: "gaps",
528
+ name: "Find Gaps",
529
+ description: "Missing evidence, unanswered questions, and sparse areas."
530
+ },
531
+ {
532
+ id: "reasoning",
533
+ name: "Reasoning Quality",
534
+ description: "Assumption chains, evidence convergence, and weak links."
535
+ },
536
+ {
537
+ id: "strategic",
538
+ name: "Strategic Analysis",
539
+ description: "Pre-mortems, falsification, contrarian signals, and bets."
540
+ },
541
+ {
542
+ id: "deep",
543
+ name: "Deep Graph Analysis",
544
+ description: "Centrality, propagation, underdetermination, and topology."
545
+ },
546
+ {
547
+ id: "browse",
548
+ name: "Browse and Explore",
549
+ description: "Narrative summaries, search, theme exploration, and bridges."
550
+ },
551
+ {
552
+ id: "prep",
553
+ name: "Meeting Prep",
554
+ description: "Company, entity, and question prep from graph context."
555
+ }
556
+ ];
557
+ var byMode = (mode) => GRAPH_INTELLIGENCE_MODE_TOOL_NAMES[mode];
558
+ var GRAPH_INTELLIGENCE_QUERIES = [
559
+ {
560
+ id: "confirmation-bias",
561
+ categoryId: "problems",
562
+ mode: "bias",
563
+ name: "Find Confirmation Bias",
564
+ description: "Find beliefs supported mainly by confirming evidence.",
565
+ prompt: "Find beliefs where supporting evidence overwhelms challenging evidence. Prioritize high-conviction beliefs with few defeaters.",
566
+ highlightStrategy: "bias-risk",
567
+ riskLevel: "high"
568
+ },
569
+ {
570
+ id: "contradiction-map",
571
+ categoryId: "problems",
572
+ mode: "stress",
573
+ name: "Map Contradictions",
574
+ description: "Surface direct and indirect contradiction clusters.",
575
+ prompt: "Map the graph's contradiction clusters and explain which tensions matter most.",
576
+ highlightStrategy: "contradictions",
577
+ riskLevel: "high"
578
+ },
579
+ {
580
+ id: "weak-evidence",
581
+ categoryId: "problems",
582
+ mode: "stress",
583
+ name: "Weak Evidence Chains",
584
+ description: "Find important claims with thin or indirect evidence.",
585
+ prompt: "Find high-importance beliefs whose evidence support is thin, indirect, stale, or low quality.",
586
+ highlightStrategy: "weak-support",
587
+ riskLevel: "medium"
588
+ },
589
+ {
590
+ id: "single-source",
591
+ categoryId: "problems",
592
+ mode: "bias",
593
+ name: "Single-Source Risk",
594
+ description: "Find claims overly dependent on one source or source type.",
595
+ prompt: "Identify beliefs that rely on a single source, one methodology, or one repeated perspective.",
596
+ highlightStrategy: "source-concentration",
597
+ riskLevel: "medium"
598
+ },
599
+ {
600
+ id: "untested-assumptions",
601
+ categoryId: "problems",
602
+ mode: "stress",
603
+ name: "Untested Assumptions",
604
+ description: "Find load-bearing assumptions without falsification paths.",
605
+ prompt: "Find assumptions that appear load-bearing but do not have direct testing questions or falsification evidence.",
606
+ highlightStrategy: "untested",
607
+ riskLevel: "high"
608
+ },
609
+ {
610
+ id: "load-bearing-beliefs",
611
+ categoryId: "problems",
612
+ mode: "stress",
613
+ name: "Load-Bearing Beliefs",
614
+ description: "Find central beliefs whose failure would affect many claims.",
615
+ prompt: "Find the beliefs with the largest downstream impact if they are wrong.",
616
+ highlightStrategy: "load-bearing",
617
+ riskLevel: "high"
618
+ },
619
+ {
620
+ id: "cascade-analysis",
621
+ categoryId: "problems",
622
+ mode: "stress",
623
+ name: "Cascade Analysis",
624
+ description: "Trace what changes if a belief is weakened or invalidated.",
625
+ prompt: "Analyze likely downstream cascades if the most central or uncertain beliefs are weakened.",
626
+ highlightStrategy: "cascade",
627
+ riskLevel: "high"
628
+ },
629
+ {
630
+ id: "unanswered-questions",
631
+ categoryId: "gaps",
632
+ mode: "operational",
633
+ name: "Unanswered Questions",
634
+ description: "Find important open questions that block confidence.",
635
+ prompt: "Identify the most important unanswered questions and explain which beliefs they block.",
636
+ highlightStrategy: "open-questions"
637
+ },
638
+ {
639
+ id: "thin-themes",
640
+ categoryId: "gaps",
641
+ mode: "operational",
642
+ name: "Thin Themes",
643
+ description: "Find topics with shallow belief or evidence coverage.",
644
+ prompt: "Find themes that look underdeveloped relative to their role in the graph.",
645
+ highlightStrategy: "thin-themes"
646
+ },
647
+ {
648
+ id: "missing-evidence",
649
+ categoryId: "gaps",
650
+ mode: "stress",
651
+ name: "Missing Evidence",
652
+ description: "Find beliefs that need specific missing evidence.",
653
+ prompt: "Find the most valuable missing evidence needed to strengthen or falsify the graph.",
654
+ highlightStrategy: "missing-evidence"
655
+ },
656
+ {
657
+ id: "isolated-clusters",
658
+ categoryId: "gaps",
659
+ mode: "operational",
660
+ name: "Isolated Clusters",
661
+ description: "Find clusters not connected to the broader graph.",
662
+ prompt: "Find isolated graph clusters and recommend bridge questions or bridge evidence.",
663
+ highlightStrategy: "isolated-clusters"
664
+ },
665
+ {
666
+ id: "source-contribution",
667
+ categoryId: "gaps",
668
+ mode: "evidence",
669
+ name: "Source Contribution",
670
+ description: "Assess how source mix shapes the graph.",
671
+ prompt: "Assess whether the source mix is balanced enough for the graph's strongest claims.",
672
+ highlightStrategy: "source-mix"
673
+ },
674
+ {
675
+ id: "stale-beliefs",
676
+ categoryId: "gaps",
677
+ mode: "operational",
678
+ name: "Stale Beliefs",
679
+ description: "Find beliefs that need review because they are old or stale.",
680
+ prompt: "Find beliefs that should be revisited because they are stale, unsupported by recent evidence, or contradicted by newer context.",
681
+ highlightStrategy: "staleness"
682
+ },
683
+ {
684
+ id: "assumption-pyramid",
685
+ categoryId: "reasoning",
686
+ mode: "operational",
687
+ name: "Assumption Pyramid",
688
+ description: "Show which conclusions rest on which assumptions.",
689
+ prompt: "Build an assumption pyramid from the graph: foundational assumptions, intermediate claims, and top-level conclusions.",
690
+ highlightStrategy: "assumptions"
691
+ },
692
+ {
693
+ id: "converging-evidence",
694
+ categoryId: "reasoning",
695
+ mode: "evidence",
696
+ name: "Converging Evidence",
697
+ description: "Find claims supported by independent evidence streams.",
698
+ prompt: "Find beliefs with genuinely independent converging evidence and explain why they are robust.",
699
+ highlightStrategy: "convergence"
700
+ },
701
+ {
702
+ id: "weakest-links",
703
+ categoryId: "reasoning",
704
+ mode: "stress",
705
+ name: "Weakest Links",
706
+ description: "Find the weakest links in important reasoning chains.",
707
+ prompt: "Find the weakest links in important reasoning chains and explain how to test them.",
708
+ highlightStrategy: "weak-links",
709
+ riskLevel: "medium"
710
+ },
711
+ {
712
+ id: "challenged-beliefs",
713
+ categoryId: "reasoning",
714
+ mode: "stress",
715
+ name: "Challenged Beliefs",
716
+ description: "Find beliefs with active challenges or defeaters.",
717
+ prompt: "Find beliefs with active challenges, contradiction edges, or unresolved defeaters.",
718
+ highlightStrategy: "challenged"
719
+ },
720
+ {
721
+ id: "contrarian-map",
722
+ categoryId: "strategic",
723
+ mode: "alpha",
724
+ name: "Contrarian Map",
725
+ description: "Find non-consensus beliefs and where they are grounded.",
726
+ prompt: "Find the graph's strongest contrarian or non-consensus beliefs and explain their support.",
727
+ highlightStrategy: "contrarian"
728
+ },
729
+ {
730
+ id: "irreversibility-audit",
731
+ categoryId: "strategic",
732
+ mode: "stress",
733
+ name: "Irreversibility Audit",
734
+ description: "Find irreversible bets and assumptions behind them.",
735
+ prompt: "Audit irreversible decisions or beliefs and identify what must be true before acting.",
736
+ highlightStrategy: "irreversible",
737
+ riskLevel: "high"
738
+ },
739
+ {
740
+ id: "pre-mortem",
741
+ categoryId: "strategic",
742
+ mode: "stress",
743
+ name: "Pre-Mortem",
744
+ description: "Explain how the graph could be wrong.",
745
+ prompt: "Run a pre-mortem: assume the current thesis fails and identify the most plausible failure paths.",
746
+ highlightStrategy: "failure-paths",
747
+ riskLevel: "high"
748
+ },
749
+ {
750
+ id: "devils-advocate",
751
+ categoryId: "strategic",
752
+ mode: "stress",
753
+ name: "Devil's Advocate",
754
+ description: "Generate the strongest critique of the graph.",
755
+ prompt: "Produce the strongest evidence-grounded critique of the current graph and its main thesis.",
756
+ highlightStrategy: "critique"
757
+ },
758
+ {
759
+ id: "falsification-map",
760
+ categoryId: "strategic",
761
+ mode: "stress",
762
+ name: "Falsification Map",
763
+ description: "Find the cheapest tests that would disprove key beliefs.",
764
+ prompt: "Map the cheapest, clearest falsification tests for the graph's key claims.",
765
+ highlightStrategy: "falsification",
766
+ riskLevel: "high"
767
+ },
768
+ {
769
+ id: "prediction-tracker",
770
+ categoryId: "strategic",
771
+ mode: "evidence",
772
+ name: "Prediction Tracker",
773
+ description: "Find beliefs that imply measurable predictions.",
774
+ prompt: "Find beliefs that imply measurable predictions and suggest tracking signals.",
775
+ highlightStrategy: "predictions"
776
+ },
777
+ {
778
+ id: "belief-pagerank",
779
+ categoryId: "deep",
780
+ mode: "semantic",
781
+ name: "Belief PageRank",
782
+ description: "Identify structurally central beliefs.",
783
+ prompt: "Use graph centrality to identify the most structurally important beliefs.",
784
+ highlightStrategy: "centrality"
785
+ },
786
+ {
787
+ id: "underdetermination",
788
+ categoryId: "deep",
789
+ mode: "semantic",
790
+ name: "Underdetermination",
791
+ description: "Find places where evidence supports multiple explanations.",
792
+ prompt: "Find places where the same evidence could support multiple incompatible explanations.",
793
+ highlightStrategy: "underdetermination"
794
+ },
795
+ {
796
+ id: "confidence-propagation",
797
+ categoryId: "deep",
798
+ mode: "semantic",
799
+ name: "Confidence Propagation",
800
+ description: "Assess how uncertainty moves through the graph.",
801
+ prompt: "Explain how uncertainty propagates from weak or contested beliefs through downstream conclusions.",
802
+ highlightStrategy: "confidence-flow"
803
+ },
804
+ {
805
+ id: "argument-depth",
806
+ categoryId: "deep",
807
+ mode: "evidence",
808
+ name: "Argument Depth",
809
+ description: "Assess reasoning depth and chain quality.",
810
+ prompt: "Assess reasoning depth: where claims are shallow, deeply supported, or overextended.",
811
+ highlightStrategy: "depth"
812
+ },
813
+ {
814
+ id: "information-edge",
815
+ categoryId: "deep",
816
+ mode: "alpha",
817
+ name: "Information Edge",
818
+ description: "Find differentiated evidence or signals.",
819
+ prompt: "Find evidence, sources, or beliefs that could represent differentiated information edge.",
820
+ highlightStrategy: "information-edge"
821
+ },
822
+ {
823
+ id: "thesis-summary",
824
+ categoryId: "browse",
825
+ mode: "semantic",
826
+ name: "Thesis Summary",
827
+ description: "Summarize the graph's core thesis and support.",
828
+ prompt: "Summarize the graph's core thesis, strongest support, weakest support, and open questions.",
829
+ highlightStrategy: "summary"
830
+ },
831
+ {
832
+ id: "theme-deep-dive",
833
+ categoryId: "browse",
834
+ mode: "semantic",
835
+ name: "Theme Deep Dive",
836
+ description: "Deep dive into a named theme.",
837
+ prompt: "Deep dive into {input}. Explain the key beliefs, evidence, contradictions, and open questions.",
838
+ inputType: "theme",
839
+ highlightStrategy: "theme"
840
+ },
841
+ {
842
+ id: "belief-detail",
843
+ categoryId: "browse",
844
+ mode: "semantic",
845
+ name: "Belief Detail",
846
+ description: "Explain one belief and its graph neighborhood.",
847
+ prompt: "Explain {input} and its support, challenges, related beliefs, and downstream implications.",
848
+ inputType: "belief",
849
+ highlightStrategy: "belief"
850
+ },
851
+ {
852
+ id: "strongest-beliefs",
853
+ categoryId: "browse",
854
+ mode: "operational",
855
+ name: "Strongest Beliefs",
856
+ description: "Find the graph's strongest current beliefs.",
857
+ prompt: "Find the strongest current beliefs and explain why each one deserves confidence.",
858
+ highlightStrategy: "strongest"
859
+ },
860
+ {
861
+ id: "cross-theme-connection",
862
+ categoryId: "browse",
863
+ mode: "semantic",
864
+ name: "Cross-Theme Connections",
865
+ description: "Find bridges between themes.",
866
+ prompt: "Find meaningful connections across themes and explain which bridge beliefs matter.",
867
+ highlightStrategy: "bridges"
868
+ },
869
+ {
870
+ id: "research-velocity",
871
+ categoryId: "browse",
872
+ mode: "operational",
873
+ name: "Research Velocity",
874
+ description: "Summarize recent graph movement and momentum.",
875
+ prompt: "Assess research velocity: what changed recently, where progress is fastest, and what is stuck.",
876
+ highlightStrategy: "velocity"
877
+ },
878
+ {
879
+ id: "search",
880
+ categoryId: "browse",
881
+ mode: "semantic",
882
+ name: "Graph Search",
883
+ description: "Search the graph with semantic context.",
884
+ prompt: "Search the graph for {input}. Return the most relevant beliefs, evidence, and questions.",
885
+ inputType: "search",
886
+ highlightStrategy: "search"
887
+ },
888
+ {
889
+ id: "expert-coverage",
890
+ categoryId: "browse",
891
+ mode: "semantic",
892
+ name: "Expert Coverage",
893
+ description: "Assess coverage from expert/source perspectives.",
894
+ prompt: "Assess whether the graph has enough expert, primary, and dissenting coverage.",
895
+ highlightStrategy: "expert-coverage"
896
+ },
897
+ {
898
+ id: "value-chain-map",
899
+ categoryId: "browse",
900
+ mode: "semantic",
901
+ name: "Value Chain Map",
902
+ description: "Map entities, dependencies, and value-chain logic.",
903
+ prompt: "Map the value chain implied by this graph: entities, dependencies, pressure points, and missing links.",
904
+ highlightStrategy: "value-chain"
905
+ },
906
+ {
907
+ id: "meeting-brief",
908
+ categoryId: "prep",
909
+ mode: "semantic",
910
+ name: "Meeting Brief",
911
+ description: "Prepare a meeting brief from graph context.",
912
+ prompt: "Prepare a concise meeting brief using the graph: thesis, open questions, risks, and recommended asks.",
913
+ highlightStrategy: "brief"
914
+ },
915
+ {
916
+ id: "open-questions-entity",
917
+ categoryId: "prep",
918
+ mode: "semantic",
919
+ name: "Entity Open Questions",
920
+ description: "Find open questions about a specific entity.",
921
+ prompt: "Find the most important open questions about {input} and the beliefs those questions would unlock.",
922
+ inputType: "entity",
923
+ highlightStrategy: "entity-questions"
924
+ },
925
+ {
926
+ id: "company-context",
927
+ categoryId: "prep",
928
+ mode: "semantic",
929
+ name: "Company Context",
930
+ description: "Summarize graph context about a company.",
931
+ prompt: "Summarize what the graph knows about {input}: thesis relevance, evidence, risks, and open questions.",
932
+ inputType: "company",
933
+ highlightStrategy: "company"
934
+ },
935
+ {
936
+ id: "company-theme-fit",
937
+ categoryId: "prep",
938
+ mode: "semantic",
939
+ name: "Company Theme Fit",
940
+ description: "Assess how a company fits graph themes.",
941
+ prompt: "Assess how {input} fits the graph's themes and where the fit is weak or uncertain.",
942
+ inputType: "company",
943
+ highlightStrategy: "fit"
944
+ },
945
+ {
946
+ id: "company-comparison",
947
+ categoryId: "prep",
948
+ mode: "semantic",
949
+ name: "Company Comparison",
950
+ description: "Compare companies through graph context.",
951
+ prompt: "Compare {input} using graph beliefs, evidence, risks, and open questions.",
952
+ inputType: "company-list",
953
+ highlightStrategy: "comparison"
954
+ },
955
+ {
956
+ id: "questions-to-ask",
957
+ categoryId: "prep",
958
+ mode: "operational",
959
+ name: "Questions to Ask",
960
+ description: "Generate high-signal questions from graph gaps.",
961
+ prompt: "Generate the highest-signal questions to ask next, grounded in current graph gaps.",
962
+ highlightStrategy: "questions"
963
+ },
964
+ {
965
+ id: "beliefs-to-test",
966
+ categoryId: "prep",
967
+ mode: "stress",
968
+ name: "Beliefs to Test",
969
+ description: "Prioritize beliefs that should be tested next.",
970
+ prompt: "Prioritize the beliefs that should be tested next and explain the cheapest test for each.",
971
+ highlightStrategy: "tests",
972
+ riskLevel: "medium"
973
+ }
974
+ ];
975
+ var GRAPH_INTELLIGENCE_QUERIES_WITH_TOOLS = GRAPH_INTELLIGENCE_QUERIES.map((query) => {
976
+ const definition = query;
977
+ return {
978
+ ...definition,
979
+ tools: definition.tools ?? byMode(definition.mode)
980
+ };
981
+ });
982
+ var GRAPH_INTELLIGENCE_QUICK_QUERIES = [
983
+ {
984
+ id: "health-check",
985
+ name: "Health Check",
986
+ queryId: "thesis-summary",
987
+ prompt: "Give me a fast graph health check: biggest strengths, biggest risks, and next best action."
988
+ },
989
+ {
990
+ id: "find-risks",
991
+ name: "Find Risks",
992
+ queryId: "weakest-links",
993
+ prompt: "Find the most important risks in this graph and the beliefs or evidence behind each one."
994
+ },
995
+ {
996
+ id: "pre-mortem",
997
+ name: "Pre-Mortem",
998
+ queryId: "pre-mortem",
999
+ prompt: "Assume this thesis fails. Explain the most plausible failure paths and what would reveal them early."
1000
+ },
1001
+ {
1002
+ id: "whats-next",
1003
+ name: "What's Next",
1004
+ queryId: "questions-to-ask",
1005
+ prompt: "What should I learn or test next to make this graph more useful?"
1006
+ }
1007
+ ];
1008
+ function isGraphIntelligenceQueryMode(value) {
1009
+ return typeof value === "string" && GRAPH_INTELLIGENCE_QUERY_MODES.includes(value);
1010
+ }
1011
+ function getGraphIntelligenceQuery(queryId) {
1012
+ return GRAPH_INTELLIGENCE_QUERIES_WITH_TOOLS.find(
1013
+ (query) => query.id === queryId
1014
+ );
1015
+ }
1016
+ function listGraphIntelligenceQueries(filter = {}) {
1017
+ return GRAPH_INTELLIGENCE_QUERIES_WITH_TOOLS.filter((query) => {
1018
+ if (filter.categoryId && query.categoryId !== filter.categoryId) {
1019
+ return false;
1020
+ }
1021
+ if (filter.mode && query.mode !== filter.mode) {
1022
+ return false;
1023
+ }
1024
+ return true;
1025
+ });
1026
+ }
1027
+ function fillGraphIntelligencePromptTemplate(prompt, input) {
1028
+ const replacement = input?.trim() || "the current topic";
1029
+ return prompt.split("{input}").join(replacement);
1030
+ }
1031
+
388
1032
  // src/context-pack.contract.ts
389
1033
  var CONTEXT_PACK_SCHEMA_VERSION = "1.0.0";
390
1034
  var CONTEXT_RANKING_PROFILES = [
@@ -1335,11 +1979,14 @@ __export(schemas_exports, {
1335
1979
  ALL_TABLE_CONTRACTS: () => ALL_TABLE_CONTRACTS,
1336
1980
  ComponentTableManifestSchema: () => ComponentTableManifestSchema,
1337
1981
  EDGE_TYPE: () => EDGE_TYPE,
1982
+ EDGE_TYPE_VALUES: () => EDGE_TYPE_VALUES,
1338
1983
  IDENTITY_TABLE_CONTRACTS: () => IDENTITY_TABLE_CONTRACTS,
1339
1984
  KERNEL_TABLE_CONTRACTS: () => KERNEL_TABLE_CONTRACTS,
1340
1985
  MC_TABLE_CONTRACTS: () => MC_TABLE_CONTRACTS,
1341
1986
  NODE_TYPE: () => NODE_TYPE,
1342
1987
  SLOpinionInputSchema: () => SLOpinionInputSchema,
1988
+ STORAGE_EDGE_TYPE: () => STORAGE_EDGE_TYPE,
1989
+ STORAGE_EDGE_TYPE_VALUES: () => STORAGE_EDGE_TYPE_VALUES,
1343
1990
  TABLE_CONTRACTS_BY_COMPONENT: () => TABLE_CONTRACTS_BY_COMPONENT,
1344
1991
  TOPIC_STATUS: () => TOPIC_STATUS,
1345
1992
  TOPIC_VISIBILITY: () => TOPIC_VISIBILITY,
@@ -1347,7 +1994,10 @@ __export(schemas_exports, {
1347
1994
  listTableContractsByName: () => listTableContractsByName
1348
1995
  });
1349
1996
  var NODE_TYPE = z.enum(["decision", "belief", "question", "theme", "deal", "topic", "claim", "evidence", "synthesis", "answer", "atomic_fact", "excerpt", "source", "company", "person", "investor", "function", "value_chain"]);
1350
- var EDGE_TYPE = z.enum(["supports", "informs", "depends_on", "extracted_from", "contains", "tests", "supersedes", "responds_to", "belongs_to", "relates_to_thesis", "works_at", "invested_in", "competes_with", "participates_in", "founded_by", "evaluates", "performs", "function_in", "impacts", "raised_from", "mentioned_in", "perspective_on", "plays_theme", "answers", "explores", "qualifies", "based_on", "based_on_belief", "based_on_question", "blocked_by_contradiction", "informed_by_theme", "same_as", "reinforces", "parent_of", "child_of", "falsified_by", "exclusive_with", "collapses_if", "cascade_from", "counterfactual_of", "cascade_to", "mutually_exclusive", "correlates_with", "amplifies", "precondition_for", "in_tension_with", "strengthened_by", "weakened_by", "alternative_to", "subsumes", "validated_by", "required_for", "blocks", "prerequisite_for", "parallel_to", "corroborates", "extends", "same_source_as", "same_theme_as", "assumes", "would_predict", "analogous_to", "independent_of", "implements", "violates", "co_changes_with", "migrating_from", "migrating_to", "scoped_by", "about_entity", "entity_referenced_in", "contradicts", "cites", "summarizes", "related_to", "partially_answers", "refines", "branches_from"]);
1997
+ var EDGE_TYPE_VALUES = ["supports", "informs", "depends_on", "derived_from", "contains", "tests", "supersedes", "responds_to", "belongs_to", "relates_to_thesis", "works_at", "invested_in", "competes_with", "participates_in", "founded_by", "evaluates", "performs", "function_in", "impacts", "raised_from", "mentioned_in", "perspective_on", "plays_theme", "answers", "explores", "qualifies", "based_on", "based_on_belief", "based_on_question", "blocked_by_contradiction", "informed_by_theme", "same_as", "reinforces", "parent_of", "child_of", "falsified_by", "exclusive_with", "collapses_if", "cascade_from", "counterfactual_of", "cascade_to", "mutually_exclusive", "correlates_with", "amplifies", "precondition_for", "in_tension_with", "strengthened_by", "weakened_by", "alternative_to", "subsumes", "validated_by", "required_for", "blocks", "prerequisite_for", "parallel_to", "corroborates", "extends", "same_source_as", "same_theme_as", "assumes", "would_predict", "analogous_to", "independent_of", "implements", "violates", "co_changes_with", "migrating_from", "migrating_to", "scoped_by", "about_entity", "entity_referenced_in", "contradicts", "cites", "summarizes", "related_to", "partially_answers", "refines", "branches_from"];
1998
+ var STORAGE_EDGE_TYPE_VALUES = [...EDGE_TYPE_VALUES, "extracted_from"];
1999
+ var EDGE_TYPE = z.enum(EDGE_TYPE_VALUES);
2000
+ var STORAGE_EDGE_TYPE = z.enum(STORAGE_EDGE_TYPE_VALUES);
1351
2001
  var TOPIC_STATUS = z.enum(["active", "archived", "watching"]);
1352
2002
  var TOPIC_VISIBILITY = z.enum(["private", "team", "firm", "external", "public"]);
1353
2003
  var agentMessages = defineTable({
@@ -2832,7 +3482,7 @@ var epistemicEdges = defineTable({
2832
3482
  "toNodeId": z.string().optional(),
2833
3483
  "sourceGlobalId": z.string().optional(),
2834
3484
  "targetGlobalId": z.string().optional(),
2835
- "edgeType": EDGE_TYPE,
3485
+ "edgeType": STORAGE_EDGE_TYPE,
2836
3486
  "edgeTier": z.string().optional(),
2837
3487
  "domainNamespace": z.string().optional(),
2838
3488
  "constraint": z.string().optional(),
@@ -5165,7 +5815,9 @@ var workspaces = defineTable({
5165
5815
  "defaultProjectVisibility": z.enum(["private", "team", "firm", "external", "public"]).optional(),
5166
5816
  "deployments": z.record(z.object({
5167
5817
  "url": z.string(),
5168
- "encryptedDeployKey": z.string()
5818
+ "target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
5819
+ "encryptedDeployKey": z.string().optional(),
5820
+ "credentialRef": z.string().optional()
5169
5821
  })).optional(),
5170
5822
  "metadata": z.record(z.any()).optional(),
5171
5823
  "createdBy": z.string().optional(),
@@ -5741,17 +6393,6 @@ var edgePolicyManifest = {
5741
6393
  }
5742
6394
  ]
5743
6395
  };
5744
- var InvariantManifestSchema = z.object({
5745
- manifestVersion: z.literal("1.0.0"),
5746
- rules: z.array(
5747
- z.object({
5748
- invariant: z.string(),
5749
- description: z.string(),
5750
- checker: z.enum(["ast", "manifest", "runtime"]),
5751
- severity: z.enum(["block_publish", "block_pr", "warn"])
5752
- })
5753
- )
5754
- });
5755
6396
 
5756
6397
  // src/tenant-client.contract.ts
5757
6398
  var TENANT_CLIENT_CONTRACT_VERSION = "2026-04-27";
@@ -5788,8 +6429,8 @@ var TENANT_CLIENT_FORBIDDEN_SECRET_ENV = ["NPM_TOKEN"];
5788
6429
  var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
5789
6430
  {
5790
6431
  packageName: "@lucern/access-control",
5791
- role: "sdk_dependency",
5792
- directTenantImport: false
6432
+ role: "runtime_entrypoint",
6433
+ directTenantImport: true
5793
6434
  },
5794
6435
  {
5795
6436
  packageName: "@lucern/agent",
@@ -5902,6 +6543,53 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
5902
6543
  directTenantImport: true
5903
6544
  }
5904
6545
  ];
6546
+ var TENANT_CLIENT_FULL_SUITE_PACKAGE_NAMES = TENANT_CLIENT_INSTALLABLE_PACKAGES.map(
6547
+ (entry) => entry.packageName
6548
+ );
6549
+ var TENANT_CLIENT_INSTALL_PROFILES = [
6550
+ {
6551
+ id: "core_app_runtime",
6552
+ description: "Smallest tenant app/runtime install for typed Lucern API calls plus tool-access policy helpers.",
6553
+ packageNames: ["@lucern/sdk", "@lucern/access-control"],
6554
+ dependencyField: "dependencies"
6555
+ },
6556
+ {
6557
+ id: "react_app_runtime",
6558
+ description: "React tenant app install for hooks, provider, curated graph components, and direct SDK calls.",
6559
+ packageNames: ["@lucern/react", "@lucern/sdk", "@lucern/access-control"],
6560
+ dependencyField: "dependencies"
6561
+ },
6562
+ {
6563
+ id: "convex_components",
6564
+ description: "Tenant Convex host install for binding the Lucern identity and reasoning-kernel components.",
6565
+ packageNames: ["@lucern/identity", "@lucern/reasoning-kernel"],
6566
+ dependencyField: "dependencies"
6567
+ },
6568
+ {
6569
+ id: "operator_cli",
6570
+ description: "Developer/operator install for the `lucern` binary, including tenant bootstrap seed commands.",
6571
+ packageNames: ["@lucern/cli"],
6572
+ dependencyField: "devDependencies"
6573
+ },
6574
+ {
6575
+ id: "mcp_runtime",
6576
+ description: "Agent runtime install for the standalone Lucern MCP server and hosted route helpers.",
6577
+ packageNames: ["@lucern/mcp"],
6578
+ dependencyField: "dependencies"
6579
+ },
6580
+ {
6581
+ id: "contracts_and_types",
6582
+ description: "Compile-time contract/type install for codegen, audits, and tenant integration validation.",
6583
+ packageNames: ["@lucern/contracts", "@lucern/types"],
6584
+ dependencyField: "dependencies"
6585
+ },
6586
+ {
6587
+ id: "full_suite",
6588
+ description: "Full coherent Lucern package suite for design-partner repos that want every published runtime, tool, component, test, and config package pinned together.",
6589
+ packageNames: TENANT_CLIENT_FULL_SUITE_PACKAGE_NAMES,
6590
+ dependencyField: "mixed"
6591
+ }
6592
+ ];
5905
6593
  var TENANT_CLIENT_PUBLIC_IMPORTS = [
5906
6594
  {
5907
6595
  packageName: "@lucern/sdk",
@@ -5927,6 +6615,12 @@ var TENANT_CLIENT_PUBLIC_IMPORTS = [
5927
6615
  subpaths: "published_exports",
5928
6616
  description: "Published type and manifest contracts."
5929
6617
  },
6618
+ {
6619
+ packageName: "@lucern/access-control",
6620
+ surface: "runtime",
6621
+ subpaths: "published_exports",
6622
+ description: "Tenant runtime access-control helpers, including effective tool access."
6623
+ },
5930
6624
  {
5931
6625
  packageName: "@lucern/types",
5932
6626
  surface: "contract",
@@ -5974,6 +6668,8 @@ var TENANT_CLIENT_REQUIRED_SDK_NAMESPACES = [
5974
6668
  "edges",
5975
6669
  "contradictions",
5976
6670
  "contracts",
6671
+ "graphIntel",
6672
+ "graphIntelligence",
5977
6673
  "graphAnalysis",
5978
6674
  "graphRecommendations",
5979
6675
  "orgGraphSearch",
@@ -6002,7 +6698,7 @@ var TENANT_CLIENT_CAPABILITIES = [
6002
6698
  },
6003
6699
  {
6004
6700
  id: "reasoning.graph.read",
6005
- description: "Read beliefs, evidence, questions, topics, and lineage.",
6701
+ description: "Read beliefs, evidence, questions, topics, graph edges, and lineage.",
6006
6702
  surfaces: ["@lucern/sdk", "@lucern/react", "@lucern/mcp"],
6007
6703
  requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
6008
6704
  },
@@ -6012,6 +6708,12 @@ var TENANT_CLIENT_CAPABILITIES = [
6012
6708
  surfaces: ["@lucern/sdk", "@lucern/mcp"],
6013
6709
  requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
6014
6710
  },
6711
+ {
6712
+ id: "reasoning.graph_intelligence.run",
6713
+ description: "Discover and run Graph Intelligence query recipes for structural graph analysis.",
6714
+ surfaces: ["@lucern/sdk", "@lucern/cli", "@lucern/mcp"],
6715
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS
6716
+ },
6015
6717
  {
6016
6718
  id: "workflow.worktree_lifecycle",
6017
6719
  description: "Create, review, merge, and close scoped worktrees.",
@@ -6154,40 +6856,253 @@ function formatTenantClientImportViolation(classification) {
6154
6856
  return `Tenant client import is not allowed${patternId}: ${classification.importPath}. ${classification.reason}`;
6155
6857
  }
6156
6858
 
6157
- // src/manifests/tenant-client-manifest.ts
6158
- var TENANT_CLIENT_MANIFEST = {
6159
- manifestVersion: "1.0.0",
6160
- contractVersion: TENANT_CLIENT_CONTRACT_VERSION,
6161
- auth: {
6162
- modes: TENANT_CLIENT_AUTH_MODES,
6163
- principalTypes: TENANT_CLIENT_PRINCIPAL_TYPES,
6164
- requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS,
6165
- optionalContextFields: TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS
6859
+ // src/infisical-runtime.contract.ts
6860
+ var INFISICAL_RUNTIME_CONTRACT_VERSION = "2026-04-28";
6861
+ var INFISICAL_RUNTIME_DEFAULT_API_URL = "https://app.infisical.com";
6862
+ var INFISICAL_RUNTIME_DEFAULT_PROJECT_ID = "344b0526-90df-4606-ba50-22c647a36c65";
6863
+ var INFISICAL_RUNTIME_ENVIRONMENTS = [
6864
+ "dev",
6865
+ "staging",
6866
+ "prod"
6867
+ ];
6868
+ var INFISICAL_RUNTIME_DELIVERY_MODES = [
6869
+ "vercel_sync",
6870
+ "runtime_fetch",
6871
+ "device_auth"
6872
+ ];
6873
+ var INFISICAL_RUNTIME_SURFACE_IDS = [
6874
+ "lucern-web",
6875
+ "lucern-gateway",
6876
+ "lucern-sdk",
6877
+ "lucern-cli",
6878
+ "lucern-mcp",
6879
+ "tenant-client"
6880
+ ];
6881
+ var INFISICAL_RUNTIME_BOOTSTRAP_ENV = {
6882
+ apiUrl: ["INFISICAL_API_URL", "INFISICAL_URL"],
6883
+ projectId: ["INFISICAL_PROJECT_ID", "INFISICAL_WORKSPACE_ID"],
6884
+ clientId: [
6885
+ "INFISICAL_CLIENT_ID",
6886
+ "INFISICAL_MACHINE_CLIENT_ID",
6887
+ "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID"
6888
+ ],
6889
+ clientSecret: [
6890
+ "INFISICAL_CLIENT_SECRET",
6891
+ "INFISICAL_MACHINE_CLIENT_SECRET",
6892
+ "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET"
6893
+ ],
6894
+ environment: ["INFISICAL_ENV", "LUCERN_INFISICAL_ENV"],
6895
+ organizationSlug: ["INFISICAL_ORG_SLUG", "INFISICAL_ORGANIZATION_SLUG"],
6896
+ disabled: ["LUCERN_INFISICAL_DISABLE", "INFISICAL_DISABLE"]
6897
+ };
6898
+ var INFISICAL_RUNTIME_PATHS = [
6899
+ {
6900
+ id: "platform-auth",
6901
+ secretPath: "/platform/auth",
6902
+ description: "Lucern platform authentication secrets. Synced into Vercel web/gateway projects; never distributed to tenant tools.",
6903
+ variables: [
6904
+ {
6905
+ name: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
6906
+ required: true,
6907
+ secret: false,
6908
+ public: true,
6909
+ description: "Clerk publishable key for the Lucern web origin."
6910
+ },
6911
+ {
6912
+ name: "CLERK_SECRET_KEY",
6913
+ required: true,
6914
+ secret: true,
6915
+ public: false,
6916
+ description: "Clerk backend secret key for Lucern server runtimes."
6917
+ },
6918
+ {
6919
+ name: "CLERK_JWT_ISSUER_DOMAIN",
6920
+ required: false,
6921
+ secret: false,
6922
+ public: false,
6923
+ description: "Expected Clerk issuer/JWKS domain for JWT verification."
6924
+ },
6925
+ {
6926
+ name: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
6927
+ required: false,
6928
+ secret: false,
6929
+ public: true,
6930
+ description: "Public sign-in URL for Lucern-owned web flows."
6931
+ },
6932
+ {
6933
+ name: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
6934
+ required: false,
6935
+ secret: false,
6936
+ public: true,
6937
+ description: "Public sign-up URL for Lucern-owned web flows."
6938
+ }
6939
+ ]
6166
6940
  },
6167
- installToken: {
6168
- env: TENANT_CLIENT_INSTALL_TOKEN_ENV,
6169
- infisicalPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
6170
- forbiddenInfisicalPaths: TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS,
6171
- forbiddenSecretEnv: TENANT_CLIENT_FORBIDDEN_SECRET_ENV
6941
+ {
6942
+ id: "platform-runtime",
6943
+ secretPath: "/platform/runtime",
6944
+ description: "Runtime defaults shared by server-side Lucern clients and operator tooling.",
6945
+ variables: [
6946
+ {
6947
+ name: "LUCERN_API_URL",
6948
+ required: true,
6949
+ secret: false,
6950
+ public: false,
6951
+ aliases: ["LUCERN_API_BASE_URL", "LUCERN_BASE_URL"],
6952
+ description: "Canonical Lucern API gateway URL."
6953
+ },
6954
+ {
6955
+ name: "LUCERN_LOGIN_BASE_URL",
6956
+ required: false,
6957
+ secret: false,
6958
+ public: false,
6959
+ aliases: ["LUCERN_AUTH_BASE_URL"],
6960
+ description: "Browser login origin used when it differs from the API."
6961
+ },
6962
+ {
6963
+ name: "LUCERN_ENVIRONMENT",
6964
+ required: false,
6965
+ secret: false,
6966
+ public: false,
6967
+ aliases: ["LUCERN_ENV"],
6968
+ description: "Lucern environment label consumed by CLI profiles."
6969
+ }
6970
+ ]
6172
6971
  },
6173
- packages: {
6174
- installable: TENANT_CLIENT_INSTALLABLE_PACKAGES,
6175
- directImports: TENANT_CLIENT_PUBLIC_IMPORTS,
6176
- componentConfigImports: TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS
6972
+ {
6973
+ id: "tenant-shared-install",
6974
+ secretPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
6975
+ description: "Tenant package-install secrets. This is install-only and distinct from platform publish credentials.",
6976
+ variables: [
6977
+ {
6978
+ name: "INSTALL_LUCERN_NPM",
6979
+ required: true,
6980
+ secret: true,
6981
+ public: false,
6982
+ description: "Read-only install token for the published @lucern/* suite."
6983
+ }
6984
+ ]
6985
+ }
6986
+ ];
6987
+ var INFISICAL_RUNTIME_SURFACES = [
6988
+ {
6989
+ id: "lucern-web",
6990
+ delivery: "vercel_sync",
6991
+ sourcePathIds: ["platform-auth", "platform-runtime"],
6992
+ consumer: "apps/web on Vercel project lucern",
6993
+ description: "Lucern web consumes Clerk and runtime config via Infisical-to-Vercel syncs."
6177
6994
  },
6178
- sdk: {
6179
- requiredNamespaces: TENANT_CLIENT_REQUIRED_SDK_NAMESPACES
6995
+ {
6996
+ id: "lucern-gateway",
6997
+ delivery: "vercel_sync",
6998
+ sourcePathIds: ["platform-auth", "platform-runtime"],
6999
+ consumer: "apps/gateway on Vercel project lucern-gateway",
7000
+ description: "Lucern gateway consumes platform config via Infisical-to-Vercel syncs."
6180
7001
  },
6181
- capabilities: TENANT_CLIENT_CAPABILITIES,
6182
- isolationRules: TENANT_CLIENT_ISOLATION_RULES,
6183
- forbiddenImportPatterns: TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS
6184
- };
6185
-
6186
- // src/projections/projection-dsl.ts
6187
- function defineProjection(def) {
6188
- return def;
6189
- }
6190
-
7002
+ {
7003
+ id: "lucern-sdk",
7004
+ packageName: "@lucern/sdk",
7005
+ delivery: "runtime_fetch",
7006
+ sourcePathIds: ["platform-runtime"],
7007
+ consumer: "server-side SDK operator contexts with a scoped Infisical identity",
7008
+ description: "SDK exposes the runtime Infisical resolver used by clients that have machine identity credentials."
7009
+ },
7010
+ {
7011
+ id: "lucern-cli",
7012
+ packageName: "@lucern/cli",
7013
+ delivery: "runtime_fetch",
7014
+ fallback: "device_auth",
7015
+ sourcePathIds: ["platform-runtime"],
7016
+ consumer: "developer/operator CLI processes",
7017
+ description: "CLI hydrates runtime defaults from Infisical when configured, then authenticates users through Lucern device login."
7018
+ },
7019
+ {
7020
+ id: "lucern-mcp",
7021
+ packageName: "@lucern/mcp",
7022
+ delivery: "runtime_fetch",
7023
+ fallback: "device_auth",
7024
+ sourcePathIds: ["platform-runtime"],
7025
+ consumer: "MCP server/client processes",
7026
+ description: "MCP hydrates runtime defaults through the SDK resolver and remains a Lucern client, not a platform secret owner."
7027
+ },
7028
+ {
7029
+ id: "tenant-client",
7030
+ delivery: "device_auth",
7031
+ sourcePathIds: ["tenant-shared-install"],
7032
+ consumer: "tenant-owned apps and coding agents",
7033
+ description: "Tenant clients install the published packages and receive user/service credentials through Lucern auth surfaces."
7034
+ }
7035
+ ];
7036
+ function findInfisicalRuntimePath(pathId) {
7037
+ return INFISICAL_RUNTIME_PATHS.find((path) => path.id === pathId);
7038
+ }
7039
+ function findInfisicalRuntimeSurface(surfaceId) {
7040
+ return INFISICAL_RUNTIME_SURFACES.find(
7041
+ (surface) => surface.id === surfaceId
7042
+ );
7043
+ }
7044
+
7045
+ // src/manifests/infisical-runtime-manifest.ts
7046
+ var INFISICAL_RUNTIME_MANIFEST = {
7047
+ manifestVersion: "1.0.0",
7048
+ contractVersion: INFISICAL_RUNTIME_CONTRACT_VERSION,
7049
+ project: {
7050
+ id: INFISICAL_RUNTIME_DEFAULT_PROJECT_ID,
7051
+ apiUrl: INFISICAL_RUNTIME_DEFAULT_API_URL
7052
+ },
7053
+ environments: INFISICAL_RUNTIME_ENVIRONMENTS,
7054
+ deliveryModes: INFISICAL_RUNTIME_DELIVERY_MODES,
7055
+ bootstrapEnv: INFISICAL_RUNTIME_BOOTSTRAP_ENV,
7056
+ paths: INFISICAL_RUNTIME_PATHS,
7057
+ surfaces: INFISICAL_RUNTIME_SURFACES
7058
+ };
7059
+ var InvariantManifestSchema = z.object({
7060
+ manifestVersion: z.literal("1.0.0"),
7061
+ rules: z.array(
7062
+ z.object({
7063
+ invariant: z.string(),
7064
+ description: z.string(),
7065
+ checker: z.enum(["ast", "manifest", "runtime"]),
7066
+ severity: z.enum(["block_publish", "block_pr", "warn"])
7067
+ })
7068
+ )
7069
+ });
7070
+
7071
+ // src/manifests/tenant-client-manifest.ts
7072
+ var TENANT_CLIENT_MANIFEST = {
7073
+ manifestVersion: "1.0.0",
7074
+ contractVersion: TENANT_CLIENT_CONTRACT_VERSION,
7075
+ auth: {
7076
+ modes: TENANT_CLIENT_AUTH_MODES,
7077
+ principalTypes: TENANT_CLIENT_PRINCIPAL_TYPES,
7078
+ requiredContextFields: TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS,
7079
+ optionalContextFields: TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS
7080
+ },
7081
+ installToken: {
7082
+ env: TENANT_CLIENT_INSTALL_TOKEN_ENV,
7083
+ infisicalPath: TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH,
7084
+ forbiddenInfisicalPaths: TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS,
7085
+ forbiddenSecretEnv: TENANT_CLIENT_FORBIDDEN_SECRET_ENV
7086
+ },
7087
+ packages: {
7088
+ installable: TENANT_CLIENT_INSTALLABLE_PACKAGES,
7089
+ installProfiles: TENANT_CLIENT_INSTALL_PROFILES,
7090
+ directImports: TENANT_CLIENT_PUBLIC_IMPORTS,
7091
+ componentConfigImports: TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS
7092
+ },
7093
+ sdk: {
7094
+ requiredNamespaces: TENANT_CLIENT_REQUIRED_SDK_NAMESPACES
7095
+ },
7096
+ capabilities: TENANT_CLIENT_CAPABILITIES,
7097
+ isolationRules: TENANT_CLIENT_ISOLATION_RULES,
7098
+ forbiddenImportPatterns: TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS
7099
+ };
7100
+
7101
+ // src/projections/projection-dsl.ts
7102
+ function defineProjection(def) {
7103
+ return def;
7104
+ }
7105
+
6191
7106
  // src/projections/create-evidence.projection.ts
6192
7107
  var jsonRecordSchema = z.record(z.unknown());
6193
7108
  var createEvidenceInputSchemaBase = z.object({
@@ -6534,6 +7449,7 @@ __export(tool_contracts_exports, {
6534
7449
  ARCHIVE_BELIEF: () => ARCHIVE_BELIEF,
6535
7450
  ARCHIVE_ONTOLOGY: () => ARCHIVE_ONTOLOGY,
6536
7451
  ARCHIVE_QUESTION: () => ARCHIVE_QUESTION,
7452
+ BEGIN_BUILD_SESSION: () => BEGIN_BUILD_SESSION,
6537
7453
  BISECT_CONFIDENCE: () => BISECT_CONFIDENCE,
6538
7454
  BROADCAST_MESSAGE: () => BROADCAST_MESSAGE,
6539
7455
  CHECK_PERMISSION: () => CHECK_PERMISSION,
@@ -6597,6 +7513,7 @@ __export(tool_contracts_exports, {
6597
7513
  LIST_BELIEFS: () => LIST_BELIEFS,
6598
7514
  LIST_CAMPAIGNS: () => LIST_CAMPAIGNS,
6599
7515
  LIST_EVIDENCE: () => LIST_EVIDENCE,
7516
+ LIST_GRAPH_INTELLIGENCE_QUERIES: () => LIST_GRAPH_INTELLIGENCE_QUERIES,
6600
7517
  LIST_LENSES: () => LIST_LENSES,
6601
7518
  LIST_ONTOLOGIES: () => LIST_ONTOLOGIES,
6602
7519
  LIST_QUESTIONS: () => LIST_QUESTIONS,
@@ -6621,6 +7538,7 @@ __export(tool_contracts_exports, {
6621
7538
  REGISTER_SESSION: () => REGISTER_SESSION,
6622
7539
  REMOVE_LENS_FROM_TOPIC: () => REMOVE_LENS_FROM_TOPIC,
6623
7540
  RESOLVE_EFFECTIVE_ONTOLOGY: () => RESOLVE_EFFECTIVE_ONTOLOGY,
7541
+ RUN_GRAPH_INTELLIGENCE_QUERY: () => RUN_GRAPH_INTELLIGENCE_QUERY,
6624
7542
  SEARCH_BELIEFS: () => SEARCH_BELIEFS,
6625
7543
  SEARCH_EVIDENCE: () => SEARCH_EVIDENCE,
6626
7544
  SEED_BELIEF_LATTICE: () => SEED_BELIEF_LATTICE,
@@ -7057,6 +7975,14 @@ var ADD_WORKTREE = {
7057
7975
  description: "Check out a branch into an active worktree for investigation. Like `git worktree add <branch>` \u2014 creates independent working state on a thematic branch. Beliefs committed within the worktree can be freely amended (draft code on a feature branch). When investigation is complete, `merge` integrates findings into main.",
7058
7976
  parameters: {
7059
7977
  title: { type: "string", description: "Worktree name/objective" },
7978
+ name: {
7979
+ type: "string",
7980
+ description: "Optional storage-name alias for callers that already use backend naming"
7981
+ },
7982
+ projectId: {
7983
+ type: "string",
7984
+ description: "Legacy topicId alias"
7985
+ },
7060
7986
  topicId: { type: "string", description: "Optional topic scope hint" },
7061
7987
  branchId: {
7062
7988
  type: "string",
@@ -7070,14 +7996,87 @@ var ADD_WORKTREE = {
7070
7996
  type: "string",
7071
7997
  description: "The testable claim this worktree investigates"
7072
7998
  },
7999
+ rationale: {
8000
+ type: "string",
8001
+ description: "Why this worktree exists and why it belongs in the campaign"
8002
+ },
8003
+ worktreeType: {
8004
+ type: "string",
8005
+ description: "Schema-enum worktree type used by the kernel lifecycle and retrieval layers"
8006
+ },
8007
+ gate: {
8008
+ type: "string",
8009
+ description: "Exit gate name for this worktree"
8010
+ },
8011
+ startDate: {
8012
+ type: "number",
8013
+ description: "Planned start timestamp in milliseconds since epoch"
8014
+ },
8015
+ endDate: {
8016
+ type: "number",
8017
+ description: "Planned end timestamp in milliseconds since epoch"
8018
+ },
8019
+ durationWeeks: {
8020
+ type: "number",
8021
+ description: "Planned duration in weeks"
8022
+ },
8023
+ confidenceImpact: {
8024
+ type: "string",
8025
+ description: "Expected confidence impact if the worktree succeeds",
8026
+ enum: ["high", "medium", "low"]
8027
+ },
8028
+ beliefFocus: {
8029
+ type: "string",
8030
+ description: "Natural-language focus spanning the target belief neighborhood"
8031
+ },
7073
8032
  beliefIds: {
7074
8033
  type: "array",
7075
- description: "Beliefs to test in this worktree"
8034
+ description: "Legacy alias for targetBeliefIds"
8035
+ },
8036
+ beliefs: {
8037
+ type: "array",
8038
+ description: "Legacy alias for targetBeliefIds"
8039
+ },
8040
+ targetBeliefIds: {
8041
+ type: "array",
8042
+ description: "Belief node IDs this worktree is expected to test or update"
8043
+ },
8044
+ targetQuestionIds: {
8045
+ type: "array",
8046
+ description: "Question node IDs this worktree is expected to answer"
8047
+ },
8048
+ keyQuestions: {
8049
+ type: "array",
8050
+ description: "Inline key question objects with question, optional status, answer, answerConfidence, and linkedQuestionId"
8051
+ },
8052
+ evidenceSignals: {
8053
+ type: "array",
8054
+ description: "Evidence signal objects with signal, optional collected state, progress, and notes"
8055
+ },
8056
+ decisionGate: {
8057
+ type: "object",
8058
+ description: "Decision gate object with goCriteria, noGoSignals, optional verdict, rationale, decidedAt, and decidedBy"
8059
+ },
8060
+ goCriteria: {
8061
+ type: "array",
8062
+ description: "Shorthand go criteria used to build decisionGate"
8063
+ },
8064
+ noGoSignals: {
8065
+ type: "array",
8066
+ description: "Shorthand no-go signals used to build decisionGate"
8067
+ },
8068
+ proofArtifacts: {
8069
+ type: "array",
8070
+ description: "Expected proof artifacts required to close the worktree"
7076
8071
  },
7077
8072
  autoShape: {
7078
8073
  type: "boolean",
7079
8074
  description: "Whether to invoke inquiry auto-shaping during worktree creation"
7080
8075
  },
8076
+ autoFixPolicy: {
8077
+ type: "object",
8078
+ description: "Policy for permitted automatic remediation inside the worktree"
8079
+ },
7081
8080
  domainPackId: {
7082
8081
  type: "string",
7083
8082
  description: "Optional domain pack whose shaping hooks should influence generated questions and tasks"
@@ -7106,9 +8105,17 @@ var ADD_WORKTREE = {
7106
8105
  type: "array",
7107
8106
  description: "Worktree IDs blocked by this worktree"
7108
8107
  },
7109
- gate: {
8108
+ staffingHint: {
7110
8109
  type: "string",
7111
- description: "Exit gate name for this worktree"
8110
+ description: "Suggested staffing or agent allocation note"
8111
+ },
8112
+ lensId: {
8113
+ type: "string",
8114
+ description: "Lens that scopes this worktree when applicable"
8115
+ },
8116
+ lastReconciledAt: {
8117
+ type: "number",
8118
+ description: "Timestamp when worktree metadata was last reconciled"
7112
8119
  }
7113
8120
  },
7114
8121
  required: ["title", "topicId"],
@@ -7138,7 +8145,7 @@ var MERGE = {
7138
8145
  worktreeId: { type: "string", description: "The worktree to merge" },
7139
8146
  outcomes: {
7140
8147
  type: "array",
7141
- description: "Scoring outcomes for each belief: { beliefId, confidence, rationale }"
8148
+ description: "Merge outcomes as key-finding strings, or scoring outcomes for beliefs: { beliefId, confidence, rationale }"
7142
8149
  },
7143
8150
  summary: { type: "string", description: "Overall findings summary" }
7144
8151
  },
@@ -7692,6 +8699,74 @@ var GET_GRAPH_STRUCTURE_ANALYSIS = {
7692
8699
  ontologyPrimitive: "graph",
7693
8700
  tier: "showcase"
7694
8701
  };
8702
+ var LIST_GRAPH_INTELLIGENCE_QUERIES = {
8703
+ name: "list_graph_intelligence_queries",
8704
+ description: "List the Graph Intelligence query catalog that powers structural graph analysis experiences. Returns categories, query IDs, prompt templates, modes, and the public tool plan each query can use.",
8705
+ parameters: {
8706
+ categoryId: {
8707
+ type: "string",
8708
+ description: "Optional category filter, such as problems or strategic"
8709
+ },
8710
+ mode: {
8711
+ type: "string",
8712
+ description: "Optional mode filter: core, bias, stress, operational, alpha, semantic, or evidence"
8713
+ }
8714
+ },
8715
+ required: [],
8716
+ response: {
8717
+ description: "Graph Intelligence query catalog and mode-to-tool mapping",
8718
+ fields: {
8719
+ categories: "array \u2014 query categories",
8720
+ queries: "array \u2014 query definitions with prompt templates and tools",
8721
+ quickQueries: "array \u2014 recommended one-click query presets",
8722
+ publicToolNamesByMode: "object \u2014 public tool names available to each Graph Intelligence mode"
8723
+ }
8724
+ },
8725
+ ownerModule: "graph-intelligence",
8726
+ ontologyPrimitive: "graph",
8727
+ tier: "showcase"
8728
+ };
8729
+ var RUN_GRAPH_INTELLIGENCE_QUERY = {
8730
+ name: "run_graph_intelligence_query",
8731
+ description: "Run a named Graph Intelligence query against a tenant topic graph. Returns the selected query, prompt, deterministic graph-analysis bundle, graph context, and public tool plan for model synthesis.",
8732
+ parameters: {
8733
+ topicId: { type: "string", description: "Topic to analyze" },
8734
+ queryId: {
8735
+ type: "string",
8736
+ description: "Graph Intelligence query ID, such as confirmation-bias, pre-mortem, or thesis-summary"
8737
+ },
8738
+ prompt: {
8739
+ type: "string",
8740
+ description: "Optional custom prompt for custom analysis runs"
8741
+ },
8742
+ input: {
8743
+ type: "string",
8744
+ description: "Optional entity, theme, belief, company, or search text for input-driven queries"
8745
+ },
8746
+ mode: {
8747
+ type: "string",
8748
+ description: "Optional mode override: core, bias, stress, operational, alpha, semantic, or evidence"
8749
+ },
8750
+ limit: {
8751
+ type: "number",
8752
+ description: "Maximum graph context rows to return"
8753
+ }
8754
+ },
8755
+ required: ["topicId"],
8756
+ response: {
8757
+ description: "Graph Intelligence query result bundle ready for model or prompt-library synthesis",
8758
+ fields: {
8759
+ query: "object \u2014 selected query definition",
8760
+ prompt: "string \u2014 resolved prompt template",
8761
+ toolPlan: "array \u2014 public tools and args the model can call next",
8762
+ analysis: "object \u2014 structure, coverage, gap, and confirmation-bias analysis",
8763
+ context: "object \u2014 sampled beliefs, questions, evidence, edges, and contradictions"
8764
+ }
8765
+ },
8766
+ ownerModule: "graph-intelligence",
8767
+ ontologyPrimitive: "graph",
8768
+ tier: "showcase"
8769
+ };
7695
8770
  var GET_FALSIFICATION_QUESTIONS = {
7696
8771
  name: "get_falsification_questions",
7697
8772
  description: "Generate Popperian falsification questions for beliefs. Like `git test` \u2014 identifies the questions most likely to disprove current beliefs. Karl Popper as a tool: surfaces what would need to be true to invalidate each belief.",
@@ -10157,6 +11232,69 @@ var GENERATE_SESSION_HANDOFF = {
10157
11232
  tier: "showcase",
10158
11233
  internal: true
10159
11234
  };
11235
+ var BEGIN_BUILD_SESSION = {
11236
+ name: "begin_build_session",
11237
+ description: "Bootstrap a coding build session for a Lucern worktree. Like `git worktree add` plus `git status` \u2014 returns the compact context packet an agent needs before editing.",
11238
+ parameters: {
11239
+ worktreeId: {
11240
+ type: "string",
11241
+ description: "The Lucern worktree ID to bootstrap."
11242
+ },
11243
+ branch: {
11244
+ type: "string",
11245
+ description: "Optional git branch name. Auto-generated from the worktree name when omitted."
11246
+ },
11247
+ branchBase: {
11248
+ type: "string",
11249
+ description: 'Base branch for the feature branch. Default: "staging".'
11250
+ },
11251
+ prBase: {
11252
+ type: "string",
11253
+ description: 'Target branch for the PR. Default: "staging".'
11254
+ },
11255
+ sessionMode: {
11256
+ type: "string",
11257
+ description: 'Session mode: "async" for Codex/headless or "interactive" for live sessions.',
11258
+ enum: ["async", "interactive"]
11259
+ },
11260
+ activateIfPlanning: {
11261
+ type: "boolean",
11262
+ description: "When true, automatically activate a planning worktree during bootstrap."
11263
+ }
11264
+ },
11265
+ required: ["worktreeId"],
11266
+ response: {
11267
+ description: "A compact build-session packet with worktree metadata, graph anchors, questions, dependencies, and git defaults.",
11268
+ fields: {
11269
+ topicId: "string \u2014 canonical topic scope",
11270
+ topicName: "string \u2014 human-readable topic name",
11271
+ worktreeId: "string \u2014 worktree ID",
11272
+ worktreeName: "string \u2014 human-readable worktree name",
11273
+ branch: "string \u2014 git branch name",
11274
+ branchBase: "string \u2014 base branch",
11275
+ prBase: "string \u2014 PR target branch",
11276
+ campaign: "number | null \u2014 top-level pipeline campaign",
11277
+ lane: "string \u2014 campaign lane",
11278
+ gate: "string \u2014 exit gate",
11279
+ hypothesis: "string \u2014 worktree hypothesis",
11280
+ focus: "string \u2014 session focus",
11281
+ status: "string \u2014 worktree status after optional activation",
11282
+ sessionMode: "string \u2014 async | interactive",
11283
+ targetBeliefIds: "array \u2014 scoped belief IDs",
11284
+ targetQuestionIds: "array \u2014 scoped question IDs",
11285
+ topBeliefs: "array \u2014 highest-confidence scoped beliefs",
11286
+ openQuestions: "array \u2014 open scoped questions",
11287
+ resolvedDecisions: "array \u2014 answered questions summarized for the session",
11288
+ dependencies: "array \u2014 upstream worktrees",
11289
+ unblocks: "array \u2014 downstream worktrees",
11290
+ mergeOrderNotes: "string \u2014 merge ordering advisory"
11291
+ }
11292
+ },
11293
+ ownerModule: "bootstrap",
11294
+ ontologyPrimitive: "worktree",
11295
+ tier: "showcase",
11296
+ internal: true
11297
+ };
10160
11298
  var MCP_TOOL_CONTRACTS = {
10161
11299
  // Belief lifecycle (commit, amend, fork, archive)
10162
11300
  create_belief: CREATE_BELIEF,
@@ -10204,6 +11342,8 @@ var MCP_TOOL_CONTRACTS = {
10204
11342
  // Graph intelligence (showcase)
10205
11343
  detect_confirmation_bias: DETECT_CONFIRMATION_BIAS,
10206
11344
  get_graph_structure_analysis: GET_GRAPH_STRUCTURE_ANALYSIS,
11345
+ list_graph_intelligence_queries: LIST_GRAPH_INTELLIGENCE_QUERIES,
11346
+ run_graph_intelligence_query: RUN_GRAPH_INTELLIGENCE_QUERY,
10207
11347
  get_falsification_questions: GET_FALSIFICATION_QUESTIONS,
10208
11348
  // Evidence operations (workhorse)
10209
11349
  search_evidence: SEARCH_EVIDENCE,
@@ -10250,6 +11390,7 @@ var MCP_TOOL_CONTRACTS = {
10250
11390
  get_agent_inbox: GET_AGENT_INBOX,
10251
11391
  claim_files: CLAIM_FILES,
10252
11392
  generate_session_handoff: GENERATE_SESSION_HANDOFF,
11393
+ begin_build_session: BEGIN_BUILD_SESSION,
10253
11394
  // Policy / ACL (workhorse)
10254
11395
  check_permission: CHECK_PERMISSION,
10255
11396
  filter_by_permission: FILTER_BY_PERMISSION,
@@ -11917,6 +13058,952 @@ function validateSdkGitSemantics(tool) {
11917
13058
  return { valid: true };
11918
13059
  }
11919
13060
 
13061
+ // src/tenant-bootstrap-seed.contract.ts
13062
+ var TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION = "2026-04-30";
13063
+ var TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS = [
13064
+ "tenantId",
13065
+ "workspaceId",
13066
+ "principalId",
13067
+ "role",
13068
+ "authMode",
13069
+ "correlationId",
13070
+ "auditMetadata"
13071
+ ];
13072
+ var TENANT_BOOTSTRAP_SEED_COMPONENTS = {
13073
+ kernel: {
13074
+ componentName: "lucern",
13075
+ migrationModule: "dist/adapters/migration",
13076
+ templateService: "services/kernel-template",
13077
+ templateDeployments: {
13078
+ staging: "kindly-goldfish-162",
13079
+ prod: "cool-badger-368"
13080
+ }
13081
+ },
13082
+ identity: {
13083
+ componentName: "identity",
13084
+ migrationModule: "dist/migration",
13085
+ templateService: "services/identity-template",
13086
+ templateDeployments: {
13087
+ staging: "industrious-cheetah-864",
13088
+ prod: "combative-beagle-879"
13089
+ }
13090
+ }
13091
+ };
13092
+ function isCopyableSeedRequirement(entry) {
13093
+ return (entry.copyMode === "template_global" || entry.copyMode === "template_tenant_rewrite" || entry.copyMode === "template_reference_remap") && Boolean(entry.scope) && Array.isArray(entry.uniqueKey) && entry.uniqueKey.length > 0;
13094
+ }
13095
+ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
13096
+ {
13097
+ component: "kernel",
13098
+ table: "agentMessages",
13099
+ prepopulation: "runtime_data",
13100
+ copyMode: "none",
13101
+ description: "Agent coordination messages are session data, not template data."
13102
+ },
13103
+ {
13104
+ component: "kernel",
13105
+ table: "agentSessions",
13106
+ prepopulation: "runtime_data",
13107
+ copyMode: "none",
13108
+ description: "Agent coordination sessions are created by active clients."
13109
+ },
13110
+ {
13111
+ component: "kernel",
13112
+ table: "autofixJobs",
13113
+ prepopulation: "runtime_queue",
13114
+ copyMode: "none",
13115
+ description: "Autofix work items are runtime queue rows."
13116
+ },
13117
+ {
13118
+ component: "kernel",
13119
+ table: "backgroundJobRuns",
13120
+ prepopulation: "runtime_log",
13121
+ copyMode: "none",
13122
+ description: "Background job executions are runtime logs."
13123
+ },
13124
+ {
13125
+ component: "kernel",
13126
+ table: "backgroundJobSettings",
13127
+ prepopulation: "required_template",
13128
+ copyMode: "template_global",
13129
+ scope: "global",
13130
+ uniqueKey: ["jobKey"],
13131
+ description: "Default job enablement settings must come from the K template."
13132
+ },
13133
+ {
13134
+ component: "kernel",
13135
+ table: "beliefConfidence",
13136
+ prepopulation: "runtime_data",
13137
+ copyMode: "none",
13138
+ description: "Belief confidence rows are created with tenant graph facts."
13139
+ },
13140
+ {
13141
+ component: "kernel",
13142
+ table: "beliefEvidenceLinks",
13143
+ prepopulation: "runtime_data",
13144
+ copyMode: "none",
13145
+ description: "Belief-to-evidence links are tenant graph data."
13146
+ },
13147
+ {
13148
+ component: "kernel",
13149
+ table: "beliefHistory",
13150
+ prepopulation: "runtime_data",
13151
+ copyMode: "none",
13152
+ description: "Belief history is append-only tenant graph data."
13153
+ },
13154
+ {
13155
+ component: "kernel",
13156
+ table: "beliefScenarios",
13157
+ prepopulation: "runtime_data",
13158
+ copyMode: "none",
13159
+ description: "Scenario rows are tenant-authored reasoning data."
13160
+ },
13161
+ {
13162
+ component: "kernel",
13163
+ table: "beliefVotes",
13164
+ prepopulation: "runtime_data",
13165
+ copyMode: "none",
13166
+ description: "Decision belief votes are tenant-authored data."
13167
+ },
13168
+ {
13169
+ component: "kernel",
13170
+ table: "calibrationScores",
13171
+ prepopulation: "runtime_derived",
13172
+ copyMode: "none",
13173
+ description: "Calibration scores are computed from tenant outcomes."
13174
+ },
13175
+ {
13176
+ component: "kernel",
13177
+ table: "contractEvaluations",
13178
+ prepopulation: "runtime_log",
13179
+ copyMode: "none",
13180
+ description: "Contract evaluation rows are runtime computation logs."
13181
+ },
13182
+ {
13183
+ component: "kernel",
13184
+ table: "contradictions",
13185
+ prepopulation: "runtime_data",
13186
+ copyMode: "none",
13187
+ description: "Contradictions are tenant graph facts."
13188
+ },
13189
+ {
13190
+ component: "kernel",
13191
+ table: "crossProjectConnections",
13192
+ prepopulation: "runtime_data",
13193
+ copyMode: "none",
13194
+ description: "Cross-topic connections are tenant graph facts."
13195
+ },
13196
+ {
13197
+ component: "kernel",
13198
+ table: "decisionComputedSummaries",
13199
+ prepopulation: "runtime_derived",
13200
+ copyMode: "none",
13201
+ description: "Decision summaries are derived tenant outputs."
13202
+ },
13203
+ {
13204
+ component: "kernel",
13205
+ table: "decisionEvents",
13206
+ prepopulation: "runtime_data",
13207
+ copyMode: "none",
13208
+ description: "Decision events are lifecycle data."
13209
+ },
13210
+ {
13211
+ component: "kernel",
13212
+ table: "decisionParticipants",
13213
+ prepopulation: "runtime_data",
13214
+ copyMode: "none",
13215
+ description: "Decision participants are tenant-selected actors."
13216
+ },
13217
+ {
13218
+ component: "kernel",
13219
+ table: "decisionRiskLedger",
13220
+ prepopulation: "runtime_data",
13221
+ copyMode: "none",
13222
+ description: "Decision risk rows are tenant decision data."
13223
+ },
13224
+ {
13225
+ component: "kernel",
13226
+ table: "decisionSnapshots",
13227
+ prepopulation: "runtime_derived",
13228
+ copyMode: "none",
13229
+ description: "Decision snapshots are derived from tenant state."
13230
+ },
13231
+ {
13232
+ component: "kernel",
13233
+ table: "deliberationContributions",
13234
+ prepopulation: "runtime_data",
13235
+ copyMode: "none",
13236
+ description: "Deliberation contributions are tenant-authored data."
13237
+ },
13238
+ {
13239
+ component: "kernel",
13240
+ table: "deliberationSessions",
13241
+ prepopulation: "runtime_data",
13242
+ copyMode: "none",
13243
+ description: "Deliberation sessions are created by tenant workflows."
13244
+ },
13245
+ {
13246
+ component: "kernel",
13247
+ table: "epistemicAudit",
13248
+ prepopulation: "runtime_log",
13249
+ copyMode: "none",
13250
+ description: "Epistemic audit rows are append-only runtime audit data."
13251
+ },
13252
+ {
13253
+ component: "kernel",
13254
+ table: "epistemicContracts",
13255
+ prepopulation: "runtime_data",
13256
+ copyMode: "none",
13257
+ description: "Epistemic contracts are tenant-authored governance data."
13258
+ },
13259
+ {
13260
+ component: "kernel",
13261
+ table: "epistemicEdges",
13262
+ prepopulation: "runtime_data",
13263
+ copyMode: "none",
13264
+ description: "Edges are tenant reasoning graph data."
13265
+ },
13266
+ {
13267
+ component: "kernel",
13268
+ table: "epistemicNodeEmbeddings",
13269
+ prepopulation: "runtime_derived",
13270
+ copyMode: "none",
13271
+ description: "Embeddings are derived from tenant graph nodes."
13272
+ },
13273
+ {
13274
+ component: "kernel",
13275
+ table: "epistemicNodes",
13276
+ prepopulation: "runtime_data",
13277
+ copyMode: "none",
13278
+ description: "Nodes are tenant reasoning graph data."
13279
+ },
13280
+ {
13281
+ component: "kernel",
13282
+ table: "graphAnalysisCache",
13283
+ prepopulation: "runtime_derived",
13284
+ copyMode: "none",
13285
+ description: "Graph analysis cache rows are derived from tenant graph state."
13286
+ },
13287
+ {
13288
+ component: "kernel",
13289
+ table: "graphAnalysisResults",
13290
+ prepopulation: "runtime_derived",
13291
+ copyMode: "none",
13292
+ description: "Graph analysis result rows are derived tenant outputs."
13293
+ },
13294
+ {
13295
+ component: "kernel",
13296
+ table: "graphSuggestions",
13297
+ prepopulation: "runtime_derived",
13298
+ copyMode: "none",
13299
+ description: "Graph suggestions are derived recommendations."
13300
+ },
13301
+ {
13302
+ component: "kernel",
13303
+ table: "harnessReplays",
13304
+ prepopulation: "runtime_log",
13305
+ copyMode: "none",
13306
+ description: "Harness replay rows are runtime verification logs."
13307
+ },
13308
+ {
13309
+ component: "kernel",
13310
+ table: "harnessRuns",
13311
+ prepopulation: "runtime_log",
13312
+ copyMode: "none",
13313
+ description: "Harness run rows are runtime verification logs."
13314
+ },
13315
+ {
13316
+ component: "kernel",
13317
+ table: "idempotencyTokens",
13318
+ prepopulation: "runtime_log",
13319
+ copyMode: "none",
13320
+ description: "Idempotency tokens are request-scoped runtime guards."
13321
+ },
13322
+ {
13323
+ component: "kernel",
13324
+ table: "lenses",
13325
+ prepopulation: "optional_template",
13326
+ copyMode: "none",
13327
+ description: "Reusable lens templates may live in K templates, but workspace-specific copies are not required for core SDK boot."
13328
+ },
13329
+ {
13330
+ component: "kernel",
13331
+ table: "lensTopicBindings",
13332
+ prepopulation: "runtime_data",
13333
+ copyMode: "none",
13334
+ description: "Lens bindings attach runtime topics to runtime/workspace lenses."
13335
+ },
13336
+ {
13337
+ component: "kernel",
13338
+ table: "neo4jSyncQueue",
13339
+ prepopulation: "runtime_queue",
13340
+ copyMode: "none",
13341
+ description: "Neo4j sync queue rows are runtime work items."
13342
+ },
13343
+ {
13344
+ component: "kernel",
13345
+ table: "ontologyDefinitions",
13346
+ prepopulation: "required_template",
13347
+ copyMode: "template_global",
13348
+ scope: "global",
13349
+ uniqueKey: ["ontologyKey"],
13350
+ description: "Platform ontology definitions power taxonomy reads and effective ontology resolution."
13351
+ },
13352
+ {
13353
+ component: "kernel",
13354
+ table: "ontologyVersions",
13355
+ prepopulation: "required_template",
13356
+ copyMode: "template_reference_remap",
13357
+ scope: "global",
13358
+ uniqueKey: ["ontologyKey", "version"],
13359
+ dependsOn: ["ontologyDefinitions"],
13360
+ description: "Ontology versions must be copied with ontologyDefinition ID remapping."
13361
+ },
13362
+ {
13363
+ component: "kernel",
13364
+ table: "platformAgentRunPolicyDecisions",
13365
+ prepopulation: "runtime_log",
13366
+ copyMode: "none",
13367
+ description: "Agent-run policy decisions are audit logs."
13368
+ },
13369
+ {
13370
+ component: "kernel",
13371
+ table: "platformAgentRunPromptResolutions",
13372
+ prepopulation: "runtime_log",
13373
+ copyMode: "none",
13374
+ description: "Agent-run prompt resolution rows are runtime logs."
13375
+ },
13376
+ {
13377
+ component: "kernel",
13378
+ table: "platformAgentRuns",
13379
+ prepopulation: "runtime_log",
13380
+ copyMode: "none",
13381
+ description: "Agent runs are runtime execution records."
13382
+ },
13383
+ {
13384
+ component: "kernel",
13385
+ table: "platformAgentRunToolCalls",
13386
+ prepopulation: "runtime_log",
13387
+ copyMode: "none",
13388
+ description: "Agent-run tool calls are runtime execution records."
13389
+ },
13390
+ {
13391
+ component: "kernel",
13392
+ table: "platformHarnessShadowAudit",
13393
+ prepopulation: "runtime_log",
13394
+ copyMode: "none",
13395
+ description: "Harness shadow audit rows are runtime audit records."
13396
+ },
13397
+ {
13398
+ component: "kernel",
13399
+ table: "publicationRules",
13400
+ prepopulation: "required_template",
13401
+ copyMode: "template_tenant_rewrite",
13402
+ scope: "tenant",
13403
+ uniqueKey: ["tenantId", "workspaceId", "name"],
13404
+ description: "Default publication policy rules are rewritten into each tenant."
13405
+ },
13406
+ {
13407
+ component: "kernel",
13408
+ table: "questionEvidenceLinks",
13409
+ prepopulation: "runtime_data",
13410
+ copyMode: "none",
13411
+ description: "Question-to-evidence links are tenant graph data."
13412
+ },
13413
+ {
13414
+ component: "kernel",
13415
+ table: "researchJobs",
13416
+ prepopulation: "runtime_queue",
13417
+ copyMode: "none",
13418
+ description: "Research job rows are runtime queue items."
13419
+ },
13420
+ {
13421
+ component: "kernel",
13422
+ table: "schemaEnumConfig",
13423
+ prepopulation: "required_template",
13424
+ copyMode: "template_global",
13425
+ scope: "global",
13426
+ uniqueKey: ["category", "value"],
13427
+ description: "Runtime-extensible enum defaults required by SDK graph APIs."
13428
+ },
13429
+ {
13430
+ component: "kernel",
13431
+ table: "stakeholderGroups",
13432
+ prepopulation: "runtime_data",
13433
+ copyMode: "none",
13434
+ description: "Stakeholder groups are tenant decision data."
13435
+ },
13436
+ {
13437
+ component: "kernel",
13438
+ table: "systemLogs",
13439
+ prepopulation: "runtime_log",
13440
+ copyMode: "none",
13441
+ description: "System logs are runtime telemetry."
13442
+ },
13443
+ {
13444
+ component: "kernel",
13445
+ table: "tasks",
13446
+ prepopulation: "runtime_data",
13447
+ copyMode: "none",
13448
+ description: "Tasks are tenant-authored work items."
13449
+ },
13450
+ {
13451
+ component: "kernel",
13452
+ table: "topics",
13453
+ prepopulation: "runtime_bootstrap",
13454
+ copyMode: "none",
13455
+ description: "Default topics are created by tenant provisioning, not copied from templates."
13456
+ },
13457
+ {
13458
+ component: "kernel",
13459
+ table: "workflowDefinitions",
13460
+ prepopulation: "optional_template",
13461
+ copyMode: "none",
13462
+ description: "Table-driven workflow definitions can be template data after the workflow engine leaves legacy mode."
13463
+ },
13464
+ {
13465
+ component: "kernel",
13466
+ table: "workflowPullRequests",
13467
+ prepopulation: "runtime_data",
13468
+ copyMode: "none",
13469
+ description: "Workflow pull requests are tenant workflow data."
13470
+ },
13471
+ {
13472
+ component: "kernel",
13473
+ table: "workflowStages",
13474
+ prepopulation: "optional_template",
13475
+ copyMode: "none",
13476
+ dependsOn: ["workflowDefinitions"],
13477
+ description: "Workflow stages can be template data after workflowDefinitions are enabled for bootstrap copying."
13478
+ },
13479
+ {
13480
+ component: "kernel",
13481
+ table: "worktreeBeliefCluster",
13482
+ prepopulation: "runtime_data",
13483
+ copyMode: "none",
13484
+ description: "Worktree cluster rows link runtime worktrees to runtime beliefs."
13485
+ },
13486
+ {
13487
+ component: "kernel",
13488
+ table: "worktrees",
13489
+ prepopulation: "runtime_data",
13490
+ copyMode: "none",
13491
+ description: "Worktrees are tenant/runtime planning data."
13492
+ },
13493
+ {
13494
+ component: "identity",
13495
+ table: "agents",
13496
+ prepopulation: "runtime_bootstrap",
13497
+ copyMode: "none",
13498
+ description: "Service agents are provisioned per tenant or service, not copied."
13499
+ },
13500
+ {
13501
+ component: "identity",
13502
+ table: "mcpWritePolicy",
13503
+ prepopulation: "required_template",
13504
+ copyMode: "template_global",
13505
+ scope: "global",
13506
+ uniqueKey: ["topicId", "role", "toolCategory"],
13507
+ description: "Global write policy defaults govern service and interactive MCP writes."
13508
+ },
13509
+ {
13510
+ component: "identity",
13511
+ table: "modelCallLogs",
13512
+ prepopulation: "runtime_log",
13513
+ copyMode: "none",
13514
+ description: "Model call logs are runtime telemetry."
13515
+ },
13516
+ {
13517
+ component: "identity",
13518
+ table: "modelFunctionSlots",
13519
+ prepopulation: "required_template",
13520
+ copyMode: "template_global",
13521
+ scope: "global",
13522
+ uniqueKey: ["slot"],
13523
+ description: "Function-to-model slots are required by model runtime resolution."
13524
+ },
13525
+ {
13526
+ component: "identity",
13527
+ table: "modelRegistry",
13528
+ prepopulation: "required_template",
13529
+ copyMode: "template_global",
13530
+ scope: "global",
13531
+ uniqueKey: ["key"],
13532
+ description: "Model catalog defaults are required by model runtime clients."
13533
+ },
13534
+ {
13535
+ component: "identity",
13536
+ table: "modelSlotConfigs",
13537
+ prepopulation: "required_template",
13538
+ copyMode: "template_global",
13539
+ scope: "global",
13540
+ uniqueKey: ["slot"],
13541
+ description: "Slot-level defaults are required before tenant overrides exist."
13542
+ },
13543
+ {
13544
+ component: "identity",
13545
+ table: "platformAudienceGrants",
13546
+ prepopulation: "runtime_data",
13547
+ copyMode: "none",
13548
+ description: "Audience grants are principal/group-specific access rows."
13549
+ },
13550
+ {
13551
+ component: "identity",
13552
+ table: "platformAudiences",
13553
+ prepopulation: "required_template",
13554
+ copyMode: "template_tenant_rewrite",
13555
+ scope: "tenant",
13556
+ uniqueKey: ["tenantId", "workspaceId", "audienceKey"],
13557
+ description: "Default tenant audience taxonomy rows are rewritten into each tenant."
13558
+ },
13559
+ {
13560
+ component: "identity",
13561
+ table: "platformPolicyDecisionLogs",
13562
+ prepopulation: "runtime_log",
13563
+ copyMode: "none",
13564
+ description: "Policy decisions are runtime audit logs."
13565
+ },
13566
+ {
13567
+ component: "identity",
13568
+ table: "projectGrants",
13569
+ prepopulation: "runtime_data",
13570
+ copyMode: "none",
13571
+ description: "Project/topic grants are principal or group-specific access rows."
13572
+ },
13573
+ {
13574
+ component: "identity",
13575
+ table: "reasoningPermissions",
13576
+ prepopulation: "runtime_data",
13577
+ copyMode: "none",
13578
+ description: "Reasoning permissions are principal-specific policy rows."
13579
+ },
13580
+ {
13581
+ component: "identity",
13582
+ table: "tenantApiKeys",
13583
+ prepopulation: "runtime_secret",
13584
+ copyMode: "none",
13585
+ description: "API keys are tenant credentials and must never be copied."
13586
+ },
13587
+ {
13588
+ component: "identity",
13589
+ table: "tenantConfig",
13590
+ prepopulation: "required_template",
13591
+ copyMode: "template_tenant_rewrite",
13592
+ scope: "tenant",
13593
+ uniqueKey: ["tenantId"],
13594
+ description: "Tenant-local config defaults are rewritten during bootstrap."
13595
+ },
13596
+ {
13597
+ component: "identity",
13598
+ table: "tenantIntegrations",
13599
+ prepopulation: "required_template",
13600
+ copyMode: "template_tenant_rewrite",
13601
+ scope: "tenant",
13602
+ uniqueKey: ["tenantId", "integrationKey"],
13603
+ description: "Non-secret integration descriptors are rewritten into each tenant."
13604
+ },
13605
+ {
13606
+ component: "identity",
13607
+ table: "tenantModelSlotBindings",
13608
+ prepopulation: "runtime_secret",
13609
+ copyMode: "none",
13610
+ description: "Tenant model slot bindings reference provider secrets and are runtime-only."
13611
+ },
13612
+ {
13613
+ component: "identity",
13614
+ table: "tenantPolicies",
13615
+ prepopulation: "required_template",
13616
+ copyMode: "template_tenant_rewrite",
13617
+ scope: "tenant",
13618
+ uniqueKey: ["tenantId", "workspaceId", "roleName"],
13619
+ description: "Default tenant policy roles are rewritten during bootstrap."
13620
+ },
13621
+ {
13622
+ component: "identity",
13623
+ table: "tenantProviderSecrets",
13624
+ prepopulation: "runtime_secret",
13625
+ copyMode: "none",
13626
+ description: "Provider secrets are credentials and must never be copied."
13627
+ },
13628
+ {
13629
+ component: "identity",
13630
+ table: "tenantProxyGatewayUsage",
13631
+ prepopulation: "runtime_log",
13632
+ copyMode: "none",
13633
+ description: "Proxy gateway usage rows are runtime telemetry."
13634
+ },
13635
+ {
13636
+ component: "identity",
13637
+ table: "tenantProxyTokenMints",
13638
+ prepopulation: "runtime_secret",
13639
+ copyMode: "none",
13640
+ description: "Proxy token mints are ephemeral secret-bearing runtime rows."
13641
+ },
13642
+ {
13643
+ component: "identity",
13644
+ table: "tenantSandboxAuditEvents",
13645
+ prepopulation: "runtime_log",
13646
+ copyMode: "none",
13647
+ description: "Sandbox audit rows are runtime security logs."
13648
+ },
13649
+ {
13650
+ component: "identity",
13651
+ table: "tenantSecrets",
13652
+ prepopulation: "runtime_secret",
13653
+ copyMode: "none",
13654
+ description: "Tenant secrets are credentials and must never be copied."
13655
+ },
13656
+ {
13657
+ component: "identity",
13658
+ table: "toolAcls",
13659
+ prepopulation: "required_template",
13660
+ copyMode: "template_global",
13661
+ scope: "global",
13662
+ uniqueKey: ["role", "toolName"],
13663
+ description: "Default role-to-tool grants are required for SDK/MCP tool access."
13664
+ },
13665
+ {
13666
+ component: "identity",
13667
+ table: "toolRegistry",
13668
+ prepopulation: "required_template",
13669
+ copyMode: "template_global",
13670
+ scope: "global",
13671
+ uniqueKey: ["toolName"],
13672
+ description: "Core tool catalog rows are required before pack or tenant tools exist."
13673
+ },
13674
+ {
13675
+ component: "identity",
13676
+ table: "users",
13677
+ prepopulation: "runtime_bootstrap",
13678
+ copyMode: "none",
13679
+ description: "Users are created from Clerk/MC principal resolution, not copied."
13680
+ }
13681
+ ];
13682
+ var TENANT_BOOTSTRAP_SEED_TABLES = TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(
13683
+ isCopyableSeedRequirement
13684
+ );
13685
+ var TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES = TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.filter(
13686
+ (entry) => !isCopyableSeedRequirement(entry)
13687
+ ).map((entry) => entry.table);
13688
+ var TENANT_BOOTSTRAP_SEED_MANIFEST = {
13689
+ contractVersion: TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION,
13690
+ authMetadataFields: TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS,
13691
+ components: TENANT_BOOTSTRAP_SEED_COMPONENTS,
13692
+ tableRequirements: TENANT_BOOTSTRAP_TABLE_REQUIREMENTS,
13693
+ tables: TENANT_BOOTSTRAP_SEED_TABLES,
13694
+ forbiddenTables: TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES
13695
+ };
13696
+ function findTenantBootstrapTableRequirement(table) {
13697
+ return TENANT_BOOTSTRAP_TABLE_REQUIREMENTS.find(
13698
+ (entry) => entry.table === table
13699
+ );
13700
+ }
13701
+ function findTenantBootstrapSeedTable(table) {
13702
+ return TENANT_BOOTSTRAP_SEED_TABLES.find((entry) => entry.table === table);
13703
+ }
13704
+ function isTenantBootstrapSeedTable(table) {
13705
+ return Boolean(findTenantBootstrapSeedTable(table));
13706
+ }
13707
+ function isTenantBootstrapForbiddenSeedTable(table) {
13708
+ return TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES.some((entry) => entry === table);
13709
+ }
13710
+ var TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION = "2026-04-30.1";
13711
+ var TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID = "tenant_template";
13712
+ var TENANT_BOOTSTRAP_TEMPLATE_ACTOR = "system:lucern-template-seed";
13713
+ var DEFAULT_SEED_TIME = Date.UTC(2026, 3, 30);
13714
+ var ROLE_GRANTS = {
13715
+ viewer: ["viewer", "auditor", "editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
13716
+ auditor: ["auditor", "tenant_admin", "platform_admin", "service_agent"],
13717
+ editor: ["editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
13718
+ workspace_admin: ["workspace_admin", "tenant_admin", "platform_admin", "service_agent"],
13719
+ tenant_admin: ["tenant_admin", "platform_admin", "service_agent"],
13720
+ platform_admin: ["platform_admin", "service_agent"],
13721
+ service_agent: ["service_agent"]
13722
+ };
13723
+ var ENUM_VALUES = {
13724
+ topic_type: ["domain", "theme", "deal", "strategy", "constitution", "project", "portfolio", "architecture", "capability", "runtime", "interface", "governance", "operations", "security", "data"],
13725
+ branch_schema: ["pillar", "track", "dimension", "axis", "phase"],
13726
+ belief_type: ["belief", "hypothesis", "principle", "invariant", "assumption", "tenet", "prior", "preference", "goal", "forecast", "decision", "constraint", "tradeoff", "policy", "implementation_choice", "implementation_decision", "interface_contract", "migration_state", "code_pattern", "deprecation_notice"],
13727
+ edge_type: ["supports", "informs", "depends_on", "derived_from", "contains", "tests", "supersedes", "responds_to", "belongs_to", "relates_to_thesis", "works_at", "invested_in", "competes_with", "participates_in", "founded_by", "evaluates", "performs", "function_in", "impacts", "raised_from", "mentioned_in", "perspective_on", "plays_theme"],
13728
+ worktree_type: ["belief_test", "lens", "existential", "contradiction", "refinement", "coverage", "discovery", "clarification", "confirmation"],
13729
+ worktree_phase: ["cluster_mapping", "hypothesis_formation", "question_generation", "evidence_collection", "synthesis", "decision", "retrospective"],
13730
+ activity_type: ["create", "update", "review", "merge", "archive", "comment", "status_change", "evidence_added", "question_added"],
13731
+ lens_perspective_type: ["investigation", "monitoring", "analysis", "comparison", "taxonomy"],
13732
+ node_type: ["belief", "question", "theme", "deal", "evidence", "claim", "synthesis", "source", "excerpt", "atomic_fact", "person", "company", "investor", "value_chain", "function", "decision"]
13733
+ };
13734
+ var MODEL_REGISTRY = [
13735
+ ["claude-sonnet-4", "Claude Sonnet 4", "claude-sonnet-4-20250514", "anthropic", 2e5, 64e3, 1, 3, 15],
13736
+ ["claude-sonnet-4.5", "Claude Sonnet 4.5", "claude-sonnet-4-5-20250929", "anthropic", 2e5, 64e3, 1, 3, 15],
13737
+ ["claude-opus-4", "Claude Opus 4", "claude-opus-4-20250514", "anthropic", 2e5, 32e3, 1, 15, 75],
13738
+ ["gpt-4o", "GPT-4o", "gpt-4o", "openai", 128e3, 16e3, 0.7, 5, 15],
13739
+ ["gpt-4o-mini", "GPT-4o Mini", "gpt-4o-mini", "openai", 128e3, 16e3, 0.7, 0.15, 0.6],
13740
+ ["gemini-2.5-pro", "Gemini 2.5 Pro", "gemini-2.5-pro", "google", 1e6, 32e3, 0.7, 1.25, 10],
13741
+ ["sonar-pro", "Sonar Pro", "sonar-pro", "perplexity", 128e3, 8e3, 0.3, 3, 15]
13742
+ ];
13743
+ var MODEL_SLOTS = [
13744
+ ["primer_default", "primers", "Default primer generation for general topics", "claude-sonnet-4", "agents/primer/system", 1, 4e3, ["text_generation", "reasoning"]],
13745
+ ["primer_technical", "primers", "Technical and engineering focused primers", "claude-sonnet-4", "agents/primer/system", 0.8, 4e3, ["text_generation", "reasoning", "code"]],
13746
+ ["primer_intelligence", "document_intelligence", "Extract evidence, beliefs, and questions from documents", "claude-sonnet-4", "agents/primer-intelligence", 0.3, 8e3, ["text_generation", "structured_output", "reasoning"]],
13747
+ ["fact_checker", "research", "Verify claims without web search", "claude-sonnet-4", "agents/internet-fact-checker", 0.3, 4e3, ["text_generation", "reasoning"]],
13748
+ ["fact_checker_web", "research", "Verify claims with web search", "sonar-pro", "agents/internet-fact-checker", 0.3, 4e3, ["web_search"]],
13749
+ ["deep_research", "research", "Deep research with extended analysis", "claude-opus-4", void 0, 0.7, 8e3, ["text_generation", "reasoning", "long_context"]],
13750
+ ["belief_classifier", "classification", "Classify beliefs by epistemic type", "claude-sonnet-4", "classification/belief-category", 0.2, 1e3, ["text_generation", "reasoning"]],
13751
+ ["evidence_classifier", "classification", "Classify evidence methodology and quality", "claude-sonnet-4", "classification/evidence-rules", 0.3, 1e3, ["text_generation", "reasoning"]],
13752
+ ["edge_classifier", "classification", "Classify edge reasoning method and temporal class", "claude-sonnet-4", "classification/epistemic-guidance", 0.3, 1e3, ["text_generation", "reasoning"]],
13753
+ ["entity_extractor", "extraction", "Extract entities from text", "claude-sonnet-4", void 0, 0.2, 2e3, ["text_generation", "structured_output"]],
13754
+ ["graph_intelligence_query", "graph_intelligence", "Analyze graph health, gaps, and structural risks", "claude-sonnet-4", "graph-intelligence/query", 0.5, 8e3, ["text_generation", "reasoning", "tool_use"]],
13755
+ ["graph_intelligence_suggestions", "graph_intelligence", "Extract actionable graph suggestions", "claude-sonnet-4", "graph-intelligence/suggestions-extraction", 0.2, 4e3, ["text_generation", "structured_output"]],
13756
+ ["text_to_cypher", "graph_intelligence", "Generate read-only Cypher from graph questions", "claude-sonnet-4", "graph-intelligence/text-to-cypher", 0.2, 2e3, ["text_generation", "code", "reasoning"]],
13757
+ ["contradiction_verifier", "epistemic", "Verify semantic contradiction candidates", "claude-sonnet-4", "lucern/verify-contradiction", 0.2, 500, ["text_generation", "reasoning"]],
13758
+ ["task_execution", "tasks", "Execute research tasks with structured analysis", "claude-sonnet-4", void 0, 0.3, 4e3, ["text_generation", "reasoning", "structured_output"]],
13759
+ ["sprint_unified", "sprints", "Unified worktree chat across all phases", "claude-opus-4", "worktrees/unified-system-prompt", 0.7, 8e3, ["text_generation", "reasoning", "tool_use"]],
13760
+ ["evidence_assessor", "sprints", "Assess evidence for belief valence and certainty", "claude-sonnet-4", "worktrees/scoring/evidence-assessor", 0.3, 4e3, ["text_generation", "reasoning", "structured_output"]],
13761
+ ["title_generator", "utility", "Generate concise titles", "gpt-4o-mini", void 0, 0.7, 100, ["text_generation", "fast", "cheap"]],
13762
+ ["help_desk_agent", "utility", "Help desk support agent for workflow guidance", "claude-sonnet-4", "agents/help-desk-agent", 0.4, 2e3, ["text_generation", "reasoning"]],
13763
+ ["bug_detective_agent", "utility", "Bug triage assistant for structured diagnosis", "claude-sonnet-4", "agents/bug-detective-agent", 0.3, 2e3, ["text_generation", "reasoning"]]
13764
+ ];
13765
+ function labelFor(value) {
13766
+ return value.split(/[_-]/).map((part) => part.charAt(0).toUpperCase() + part.slice(1)).join(" ");
13767
+ }
13768
+ function seedContext(options) {
13769
+ return {
13770
+ now: options.now ?? DEFAULT_SEED_TIME,
13771
+ templateTenantId: options.templateTenantId ?? TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID,
13772
+ actor: options.actorPrincipalId ?? TENANT_BOOTSTRAP_TEMPLATE_ACTOR,
13773
+ version: options.version ?? TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION
13774
+ };
13775
+ }
13776
+ function toolCategory(contract) {
13777
+ if (contract.surfaceIntent === "system") return "system";
13778
+ if (contract.effects.includes("admin")) return "admin";
13779
+ if (contract.effects.includes("write") || contract.kind !== "query") return "write";
13780
+ return "read";
13781
+ }
13782
+ function requiredRole(category) {
13783
+ if (category === "system") return "service_agent";
13784
+ if (category === "admin") return "tenant_admin";
13785
+ if (category === "write") return "editor";
13786
+ return "viewer";
13787
+ }
13788
+ function requiredAction(category) {
13789
+ if (category === "admin" || category === "system") return "admin";
13790
+ if (category === "write") return "mutate";
13791
+ return "read";
13792
+ }
13793
+ function enabledSurfaces(contract) {
13794
+ return [
13795
+ contract.surfaces.mcp !== "none" ? "mcp" : void 0,
13796
+ contract.surfaces.sdk !== "none" ? "sdk" : void 0,
13797
+ contract.surfaces.cli !== "none" ? "cli" : void 0,
13798
+ contract.surfaces.rest !== "none" ? "api" : void 0
13799
+ ].filter((value) => Boolean(value));
13800
+ }
13801
+ function buildToolRegistry(now, actor, version) {
13802
+ const rows = /* @__PURE__ */ new Map();
13803
+ for (const contract of ALL_FUNCTION_CONTRACTS) {
13804
+ const surfaces = enabledSurfaces(contract);
13805
+ if (surfaces.length === 0) continue;
13806
+ const category = toolCategory(contract);
13807
+ const readOnly = category === "read";
13808
+ const toolName = contract.mcp.toolName || contract.name;
13809
+ rows.set(toolName, {
13810
+ toolName,
13811
+ description: contract.openapi.summary,
13812
+ version,
13813
+ status: "active",
13814
+ requiredRole: requiredRole(category),
13815
+ requiredAction: requiredAction(category),
13816
+ surfaces,
13817
+ category,
13818
+ parameterSchema: { contract: contract.name, sdk: contract.sdk },
13819
+ handlerRef: contract.convex ? `${contract.convex.module}.${contract.convex.functionName}` : contract.name,
13820
+ executionAdapter: contract.convex?.kind === "action" ? "convex_action" : contract.convex?.kind === "mutation" ? "convex_mutation" : "mcp_tool",
13821
+ safetyMetadata: {
13822
+ readOnly,
13823
+ idempotent: readOnly || contract.idempotent === true || contract.idempotent === "required",
13824
+ sideEffectLevel: readOnly ? "none" : category === "admin" ? "high" : "low"
13825
+ },
13826
+ isCore: true,
13827
+ mcVersion: version,
13828
+ registeredBy: actor,
13829
+ registeredAt: now
13830
+ });
13831
+ }
13832
+ return [...rows.values()].sort(
13833
+ (a, b) => String(a.toolName).localeCompare(String(b.toolName))
13834
+ );
13835
+ }
13836
+ function buildToolAcls(tools, now, actor) {
13837
+ return tools.flatMap(
13838
+ (tool) => (ROLE_GRANTS[tool.requiredRole] ?? [tool.requiredRole]).map(
13839
+ (role) => ({ role, toolName: tool.toolName, createdBy: actor, createdAt: now })
13840
+ )
13841
+ );
13842
+ }
13843
+ function buildMcpWritePolicy(now, actor) {
13844
+ return [
13845
+ ...["viewer", "auditor"].map((role) => ({
13846
+ role,
13847
+ toolCategory: "write",
13848
+ permission: "deny",
13849
+ enabled: true,
13850
+ rationale: "Read-only roles cannot mutate the reasoning graph.",
13851
+ createdAt: now,
13852
+ updatedAt: now,
13853
+ createdBy: actor
13854
+ })),
13855
+ ...["editor", "workspace_admin", "tenant_admin", "platform_admin", "service_agent"].map((role) => ({
13856
+ role,
13857
+ toolCategory: "write",
13858
+ permission: "allow",
13859
+ maxWritesPerSession: role === "editor" ? 200 : void 0,
13860
+ enabled: true,
13861
+ rationale: "Default global write policy for trusted graph mutation roles.",
13862
+ createdAt: now,
13863
+ updatedAt: now,
13864
+ createdBy: actor
13865
+ }))
13866
+ ];
13867
+ }
13868
+ function buildTenantPolicies(tenantId, now, actor) {
13869
+ const rows = [
13870
+ ["viewer", "Read graph and runtime metadata.", [{ resource: "graph", actions: ["read"] }]],
13871
+ ["auditor", "Read graph, audit, and policy decisions.", [{ resource: "audit", actions: ["read", "export"] }]],
13872
+ ["editor", "Read and mutate tenant reasoning state.", [{ resource: "graph", actions: ["read", "create", "update", "mutate"] }]],
13873
+ ["workspace_admin", "Manage workspace-scoped reasoning operations.", [{ resource: "workspace", actions: ["read", "update", "admin"] }]],
13874
+ ["tenant_admin", "Manage tenant policy, tools, users, and publication.", [{ resource: "tenant", actions: ["read", "update", "admin"] }, { resource: "policy", actions: ["read", "create", "update", "admin"] }]],
13875
+ ["service_agent", "Service principal execution role for automation.", [{ resource: "runtime", actions: ["read", "create", "update"] }, { resource: "graph", actions: ["read", "create", "update", "mutate"] }]]
13876
+ ];
13877
+ return rows.map(([roleName, description, permissions]) => ({
13878
+ tenantId,
13879
+ roleName,
13880
+ description,
13881
+ permissions,
13882
+ groupBindings: [],
13883
+ createdAt: now,
13884
+ updatedAt: now,
13885
+ createdBy: actor,
13886
+ updatedBy: actor
13887
+ }));
13888
+ }
13889
+ function modelRegistryRows(now) {
13890
+ return MODEL_REGISTRY.map(([key, name, modelId, provider, contextWindow, maxOutputTokens, defaultTemperature, inputCostPer1M, outputCostPer1M]) => ({
13891
+ key,
13892
+ name,
13893
+ modelId,
13894
+ provider,
13895
+ capabilities: ["text_generation", "reasoning"],
13896
+ contextWindow,
13897
+ maxOutputTokens,
13898
+ defaultTemperature,
13899
+ inputCostPer1M,
13900
+ outputCostPer1M,
13901
+ recommended: true,
13902
+ enabled: true,
13903
+ createdAt: now,
13904
+ updatedAt: now
13905
+ }));
13906
+ }
13907
+ function modelFunctionSlotRows(now) {
13908
+ return MODEL_SLOTS.map(([slot, category, description, modelKey, promptName, temperature, maxTokens, requiredCapabilities]) => ({
13909
+ slot,
13910
+ category,
13911
+ description,
13912
+ modelKey,
13913
+ promptName,
13914
+ temperature,
13915
+ maxTokens,
13916
+ requiredCapabilities,
13917
+ enabled: true,
13918
+ isDefault: true,
13919
+ notes: `Seeded by ${TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION}.`,
13920
+ createdAt: now,
13921
+ updatedAt: now
13922
+ }));
13923
+ }
13924
+ function modelSlotConfigRows(now) {
13925
+ return MODEL_SLOTS.map(([slot, , , modelKey, , temperature, maxTokens]) => ({
13926
+ slot,
13927
+ modelKey,
13928
+ temperature,
13929
+ maxTokens,
13930
+ enabled: true,
13931
+ notes: `Default routing for ${slot}.`,
13932
+ createdAt: now,
13933
+ updatedAt: now
13934
+ }));
13935
+ }
13936
+ function schemaEnumRows(now) {
13937
+ return Object.entries(ENUM_VALUES).flatMap(
13938
+ ([category, values]) => values.map((value, index) => ({
13939
+ category,
13940
+ value,
13941
+ label: labelFor(value),
13942
+ description: `${labelFor(value)} ${category} value.`,
13943
+ tier: "platform",
13944
+ metadata: { seedVersion: TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION },
13945
+ isDefault: index === 0,
13946
+ sortOrder: index + 1,
13947
+ status: "active",
13948
+ createdAt: now,
13949
+ updatedAt: now
13950
+ }))
13951
+ );
13952
+ }
13953
+ function buildTenantBootstrapTemplateSeedRows(options = {}) {
13954
+ const ctx = seedContext(options);
13955
+ const toolRegistry2 = buildToolRegistry(ctx.now, ctx.actor, ctx.version);
13956
+ return {
13957
+ kernel: {
13958
+ backgroundJobSettings: [
13959
+ { jobKey: "neo4j_sync", enabled: false, notes: "Disabled until graph-sync credentials are configured.", updatedAt: ctx.now, updatedBy: ctx.actor },
13960
+ { jobKey: "calibration_rollups", enabled: true, notes: "Compute calibration rollups when calibration data exists.", updatedAt: ctx.now, updatedBy: ctx.actor }
13961
+ ],
13962
+ ontologyDefinitions: [
13963
+ { ontologyKey: "lucern-core", name: "Lucern Core", description: "Core Lucern reasoning taxonomy.", tier: "platform", status: "active", createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now }
13964
+ ],
13965
+ ontologyVersions: [
13966
+ {
13967
+ ontologyId: "lucern-core",
13968
+ ontologyKey: "lucern-core",
13969
+ version: ctx.version,
13970
+ status: "published",
13971
+ entityTypes: ["belief", "question", "evidence", "answer", "decision", "task", "worktree", "topic", "source"].map((value) => ({ value, label: labelFor(value) })),
13972
+ edgeTypes: ["supports", "informs", "depends_on", "derived_from", "contains", "tests", "supersedes", "responds_to"].map((value) => ({ value, label: labelFor(value) })),
13973
+ releaseNotes: "Initial platform ontology seed.",
13974
+ publishedBy: ctx.actor,
13975
+ publishedAt: ctx.now,
13976
+ createdAt: ctx.now
13977
+ }
13978
+ ],
13979
+ publicationRules: [
13980
+ { tenantId: ctx.templateTenantId, name: "publish-high-confidence-beliefs", description: "Publish high-confidence beliefs to tenant-level consumers.", conditionType: "confidence_threshold", conditions: { minConfidence: 0.85 }, enabled: true, priority: 100, createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now }
13981
+ ],
13982
+ schemaEnumConfig: schemaEnumRows(ctx.now)
13983
+ },
13984
+ identity: {
13985
+ mcpWritePolicy: buildMcpWritePolicy(ctx.now, ctx.actor),
13986
+ modelFunctionSlots: modelFunctionSlotRows(ctx.now),
13987
+ modelRegistry: modelRegistryRows(ctx.now),
13988
+ modelSlotConfigs: modelSlotConfigRows(ctx.now),
13989
+ platformAudiences: [
13990
+ ["internal", "Internal", "internal"],
13991
+ ["lp", "Limited Partners", "restricted_external"],
13992
+ ["public", "Public", "public"]
13993
+ ].map(([audienceKey, audienceLabel, audienceClass]) => ({ tenantId: ctx.templateTenantId, audienceKey, audienceLabel, audienceClass, status: "active", metadata: { seedVersion: ctx.version }, createdBy: ctx.actor, createdAt: ctx.now, updatedAt: ctx.now })),
13994
+ tenantConfig: [
13995
+ { tenantId: ctx.templateTenantId, authPolicyMode: "open", defaultSessionTTL: 28800, defaultTopicVisibility: "tenant", featureFlags: { sdkBootstrapSeeds: true, interactiveRoleAuth: true }, maxWorkspaceCount: 25, defaultModelSlotOverrides: {}, updatedAt: ctx.now, updatedBy: ctx.actor }
13996
+ ],
13997
+ tenantIntegrations: [
13998
+ { tenantId: ctx.templateTenantId, integrationKey: "web-search", displayName: "Web Search", description: "Tenant-configurable search integration placeholder.", category: "search", capabilities: ["search", "deep_research", "summarize"], config: { apiBaseUrl: "https://example.invalid/lucern/search", authType: "none", timeout: 3e4 }, endpoints: { search: { path: "/search", method: "POST", queryParamName: "query", resultPath: "results" } }, status: "disabled", usageCount: 0, createdAt: ctx.now, updatedAt: ctx.now, createdBy: ctx.actor }
13999
+ ],
14000
+ tenantPolicies: buildTenantPolicies(ctx.templateTenantId, ctx.now, ctx.actor),
14001
+ toolAcls: buildToolAcls(toolRegistry2, ctx.now, ctx.actor),
14002
+ toolRegistry: toolRegistry2
14003
+ }
14004
+ };
14005
+ }
14006
+
11920
14007
  // src/v1/topics/v1.ts
11921
14008
  var ROOT_TOPIC_ID = "n17tm38rwet7wqgzrmwahyt1z582590y";
11922
14009
  function collectTopicNeighborhood(topics2, rootTopicId, maxDescendantDepth = 2) {
@@ -12210,6 +14297,6 @@ var CANONICAL_WORKFLOW_DEFINITIONS = [
12210
14297
  }
12211
14298
  ];
12212
14299
 
12213
- export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GraphRefSchema, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TENANT_CLIENT_AUTH_MODES, TENANT_CLIENT_CAPABILITIES, TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS, TENANT_CLIENT_CONTRACT_VERSION, TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS, TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS, TENANT_CLIENT_FORBIDDEN_SECRET_ENV, TENANT_CLIENT_INSTALLABLE_PACKAGES, TENANT_CLIENT_INSTALL_TOKEN_ENV, TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH, TENANT_CLIENT_ISOLATION_RULES, TENANT_CLIENT_MANIFEST, TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS, TENANT_CLIENT_PRINCIPAL_TYPES, TENANT_CLIENT_PUBLIC_IMPORTS, TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS, TENANT_CLIENT_REQUIRED_SDK_NAMESPACES, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, assertTenantClientImportAllowed, bigramTokenize, buildDomainEvent, classifyTenantClientImport, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, findEdgePolicy, findTenantClientInstallablePackage, formatTenantClientImportViolation, getComponentBoundaryTableLayer, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, isAfterCursor, isComponentBoundaryComponentOwnedTable, isLucernPrompt, isTenantClientAllowedImport, isTenantClientComponentConfigImport, isTenantClientInstallablePackage, isTenantClientPublicImport, jaccardSimilarity, lastDelegator, listBeliefsProjection, listTasksProjection, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tokenOverlapScore, tokenizeSearchText, wordOverlapScore, wordTokenize };
14300
+ export { BELIEF_STATUSES, BELIEF_TYPE_BONUS, BRANCH_STATUSES, CANONICAL_WORKFLOW_DEFINITIONS, COMPONENT_BOUNDARY_COMPONENT_LAYERS, COMPONENT_BOUNDARY_CONTRACT_VERSION, COMPONENT_BOUNDARY_DIRECT_DB_METHODS, COMPONENT_BOUNDARY_HIGH_RISK_TABLES, COMPONENT_BOUNDARY_HOST_SOURCE_ROOTS, COMPONENT_HOST_BOUNDARY_CONTRACT_VERSION, COMPONENT_HOST_DB_READ_OPERATIONS, COMPONENT_HOST_DB_WRITE_OPERATIONS, COMPONENT_HOST_PROTECTED_TABLES, COMPONENT_HOST_PROTECTED_TABLE_OWNERS, COMPONENT_HOST_WRITE_ALLOWED_EXCEPTIONS, COMPONENT_HOST_WRITE_AUDIT_ROOTS, CONFIDENCE_TRIGGERS, CONTEXT_PACK_SCHEMA_VERSION, CONTEXT_PACK_SECTION_KEYS, CONTEXT_RANKING_PROFILES, CONTRADICTION_SEVERITIES, CONTRADICTION_STATUSES, ComponentTableManifestSchema, DEFAULT_BELIEF_TYPE_BONUS, DEFAULT_COMPILATION_MODE, DEFAULT_ENTITY_LIMIT, DEFAULT_PRIORITY_SCORE, DEFAULT_RANKING_PROFILE, DEFAULT_SECTION_LIMIT, DEFAULT_SEVERITY_SCORE, DEFAULT_TIER_APPROVAL_MODE, DEFAULT_TOKEN_BUDGET, DEFAULT_WORKFLOW_AUTO_FIX_POLICY, DEFEAT_TYPES, DOMAIN_EVENT_TYPES, DOMAIN_EVENT_VERSION, ENTITY_RANKING_WEIGHTS, EPISTEMIC_LAYERS, EVENT_RETENTION_DEFAULT_DAYS, EdgePolicyEntrySchema, EdgePolicyManifestSchema, EpistemicNodeTypeSchema, FORK_REASONS, GRAPH_INTELLIGENCE_MODE_TOOL_NAMES, GRAPH_INTELLIGENCE_PUBLIC_TOOL_NAMES, GRAPH_INTELLIGENCE_QUERIES, GRAPH_INTELLIGENCE_QUERIES_WITH_TOOLS, GRAPH_INTELLIGENCE_QUERY_CATALOG_VERSION, GRAPH_INTELLIGENCE_QUERY_CATEGORIES, GRAPH_INTELLIGENCE_QUERY_MODES, GRAPH_INTELLIGENCE_QUICK_QUERIES, GraphRefSchema, INFISICAL_RUNTIME_BOOTSTRAP_ENV, INFISICAL_RUNTIME_CONTRACT_VERSION, INFISICAL_RUNTIME_DEFAULT_API_URL, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DELIVERY_MODES, INFISICAL_RUNTIME_ENVIRONMENTS, INFISICAL_RUNTIME_MANIFEST, INFISICAL_RUNTIME_PATHS, INFISICAL_RUNTIME_SURFACES, INFISICAL_RUNTIME_SURFACE_IDS, INTEGRATION_EDGE_TYPES, InvariantManifestSchema, JUDGMENT_TYPES, MAX_ENTITY_LIMIT, MAX_SECTION_LIMIT, MAX_TOKEN_BUDGET, MERGE_OUTCOMES, MIN_CONTRADICTION_BUDGET, MIN_TOKEN_BUDGET, MIN_TOKEN_ESTIMATE, MORNING_BRIEF_WORKFLOW_ID, NIGHTLY_RECONCILIATION_WORKFLOW_ID, PRIORITY_SCORES, PULL_REQUEST_STATUSES, RANKING_WEIGHTS, REASONING_METHODS, RECENCY_HALF_LIFE_DAYS, RESOLVED_QUESTION_STATUSES, ROOT_TOPIC_ID, SECTION_BUDGET_RATIOS, SESSION_AUTH_MODES, SESSION_LIFECYCLE_STATUSES, SESSION_PRINCIPAL_TYPES, SEVERITY_SCORES, SLOpinionInputSchema, TENANT_BOOTSTRAP_FORBIDDEN_SEED_TABLES, TENANT_BOOTSTRAP_SEED_AUTH_METADATA_FIELDS, TENANT_BOOTSTRAP_SEED_COMPONENTS, TENANT_BOOTSTRAP_SEED_CONTRACT_VERSION, TENANT_BOOTSTRAP_SEED_MANIFEST, TENANT_BOOTSTRAP_SEED_TABLES, TENANT_BOOTSTRAP_TABLE_REQUIREMENTS, TENANT_BOOTSTRAP_TEMPLATE_ACTOR, TENANT_BOOTSTRAP_TEMPLATE_SEED_VERSION, TENANT_BOOTSTRAP_TEMPLATE_TENANT_ID, TENANT_CLIENT_AUTH_MODES, TENANT_CLIENT_CAPABILITIES, TENANT_CLIENT_COMPONENT_CONFIG_IMPORTS, TENANT_CLIENT_CONTRACT_VERSION, TENANT_CLIENT_FORBIDDEN_IMPORT_PATTERNS, TENANT_CLIENT_FORBIDDEN_INSTALL_TOKEN_INFISICAL_PATHS, TENANT_CLIENT_FORBIDDEN_SECRET_ENV, TENANT_CLIENT_FULL_SUITE_PACKAGE_NAMES, TENANT_CLIENT_INSTALLABLE_PACKAGES, TENANT_CLIENT_INSTALL_PROFILES, TENANT_CLIENT_INSTALL_TOKEN_ENV, TENANT_CLIENT_INSTALL_TOKEN_INFISICAL_PATH, TENANT_CLIENT_ISOLATION_RULES, TENANT_CLIENT_MANIFEST, TENANT_CLIENT_OPTIONAL_CONTEXT_FIELDS, TENANT_CLIENT_PRINCIPAL_TYPES, TENANT_CLIENT_PUBLIC_IMPORTS, TENANT_CLIENT_REQUIRED_CONTEXT_FIELDS, TENANT_CLIENT_REQUIRED_SDK_NAMESPACES, TOKENS_PER_WORD, WEBHOOK_MAX_ATTEMPTS, WEBHOOK_RETRY_DELAYS_MS, WORKFLOW_ACTION_KINDS, WORKFLOW_APPROVAL_MODES, WORKFLOW_AUTO_FIX_MODES, WORKFLOW_HOOK_EVENTS, WORKFLOW_INTEGRITY_CHECKS, WORKFLOW_MUTATION_TIERS, WORKFLOW_OUTPUT_KINDS, WORKFLOW_PROOF_ARTIFACT_KINDS, WORKFLOW_RUNTIME_SCHEMA_VERSION, WORKFLOW_RUN_STATUSES, WORKFLOW_STAFFING_HINTS, WORKFLOW_TRIGGER_KINDS, WORKTREE_PHASES, assertEdgePolicyAllowed, assertTenantClientImportAllowed, bigramTokenize, buildDomainEvent, buildTenantBootstrapTemplateSeedRows, classifyTenantClientImport, collectTopicNeighborhood, compareEventCursor, dsl_exports as contractDsl, createEventId, createEvidenceProjection, decodeEventCursor, decodePrefixedId, defineProjection, edgePolicyManifest, emitDomainEvent, encodeEventCursor, encodePrefixedId, fillGraphIntelligencePromptTemplate, findEdgePolicy, findInfisicalRuntimePath, findInfisicalRuntimeSurface, findTenantBootstrapSeedTable, findTenantBootstrapTableRequirement, findTenantClientInstallablePackage, formatTenantClientImportViolation, getComponentBoundaryTableLayer, getGraphIntelligenceQuery, hasPrefixedIdPrefix, inferActorType, inferSessionPrincipalType, isAfterCursor, isComponentBoundaryComponentOwnedTable, isGraphIntelligenceQueryMode, isLucernPrompt, isTenantBootstrapForbiddenSeedTable, isTenantBootstrapSeedTable, isTenantClientAllowedImport, isTenantClientComponentConfigImport, isTenantClientInstallablePackage, isTenantClientPublicImport, jaccardSimilarity, lastDelegator, listBeliefsProjection, listGraphIntelligenceQueries, listTasksProjection, tool_contracts_exports as mcpToolsContract, modulateConfidenceProjection, normalizeDelegationChain, normalizeRetentionDays, prepareLexicalQuery, projections, rankEntityConnections, rankEntityTypeMatches, rankWindowScore, requireActorPrincipalId, rerankLexicalWindow, schemas_exports as schemaContracts, scoreEntityConnection, scoreEntityTypeMatch, scoreLexicalSignal, scoreLexicalSignals, sdk_tools_contract_exports as sdkToolsContract, sortEventsByCursor, stemToken, tokenOverlapScore, tokenizeSearchText, wordOverlapScore, wordTokenize };
12214
14301
  //# sourceMappingURL=index.js.map
12215
14302
  //# sourceMappingURL=index.js.map