npm - @lumenflow/cli - Versions diffs - 4.24.0 → 5.0.0 - Mend

@lumenflow/cli 4.24.0 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (294) hide show

package/README.md +54 -52
package/dist/agent-issues-query.js +10 -2
package/dist/agent-issues-query.js.map +1 -1
package/dist/agent-runtime-enrollment-events.js +44 -0
package/dist/agent-runtime-enrollment-events.js.map +1 -0
package/dist/agent-session-end.js +47 -0
package/dist/agent-session-end.js.map +1 -1
package/dist/agent-session-heartbeat.js +250 -0
package/dist/agent-session-heartbeat.js.map +1 -0
package/dist/agent-session.js +299 -5
package/dist/agent-session.js.map +1 -1
package/dist/capacity-snapshot-emitter.js +73 -0
package/dist/capacity-snapshot-emitter.js.map +1 -0
package/dist/claim-queue.js +276 -0
package/dist/claim-queue.js.map +1 -0
package/dist/config-set.js +22 -3
package/dist/config-set.js.map +1 -1
package/dist/control-plane-sidecar-runner.js +145 -0
package/dist/control-plane-sidecar-runner.js.map +1 -0
package/dist/delegation-list.js +160 -1
package/dist/delegation-list.js.map +1 -1
package/dist/delegation-role-resolver.js +69 -0
package/dist/delegation-role-resolver.js.map +1 -0
package/dist/docs-generate-pack-reference.js +500 -0
package/dist/docs-generate-pack-reference.js.map +1 -0
package/dist/docs-sync.js +116 -1
package/dist/docs-sync.js.map +1 -1
package/dist/file-edit.js +28 -8
package/dist/file-edit.js.map +1 -1
package/dist/file-write.js +29 -5
package/dist/file-write.js.map +1 -1
package/dist/gate-co-change.js +25 -7
package/dist/gate-co-change.js.map +1 -1
package/dist/gate-conditional.js +19 -7
package/dist/gate-conditional.js.map +1 -1
package/dist/gates-runners.js +42 -33
package/dist/gates-runners.js.map +1 -1
package/dist/gates-utils.js +34 -20
package/dist/gates-utils.js.map +1 -1
package/dist/gates.js +79 -7
package/dist/gates.js.map +1 -1
package/dist/hooks/config-resolver.js +10 -1
package/dist/hooks/config-resolver.js.map +1 -1
package/dist/init-package-config.js +1 -1
package/dist/init-package-config.js.map +1 -1
package/dist/init-scaffolding.js +5 -1
package/dist/init-scaffolding.js.map +1 -1
package/dist/init-templates.js +10 -0
package/dist/init-templates.js.map +1 -1
package/dist/init.js +1 -1
package/dist/init.js.map +1 -1
package/dist/initiative-create.js +17 -0
package/dist/initiative-create.js.map +1 -1
package/dist/initiative-remove-wu.js +17 -3
package/dist/initiative-remove-wu.js.map +1 -1
package/dist/kernel-event-sync/emitters.js +104 -0
package/dist/kernel-event-sync/emitters.js.map +1 -0
package/dist/kernel-event-sync/index.js +13 -0
package/dist/kernel-event-sync/index.js.map +1 -0
package/dist/kernel-event-sync/lifecycle-emitters.js +160 -0
package/dist/kernel-event-sync/lifecycle-emitters.js.map +1 -0
package/dist/kernel-event-sync/narrow-emissions.js +89 -0
package/dist/kernel-event-sync/narrow-emissions.js.map +1 -0
package/dist/kernel-event-sync/software-delivery-emitters.js +297 -0
package/dist/kernel-event-sync/software-delivery-emitters.js.map +1 -0
package/dist/lane-lock.js +14 -1
package/dist/lane-lock.js.map +1 -1
package/dist/lane-suggest.js +21 -0
package/dist/lane-suggest.js.map +1 -1
package/dist/lumenflow-upgrade.js +7 -5
package/dist/lumenflow-upgrade.js.map +1 -1
package/dist/mem-context.js +145 -0
package/dist/mem-context.js.map +1 -1
package/dist/mem-create.js +39 -6
package/dist/mem-create.js.map +1 -1
package/dist/mem-inbox.js +16 -0
package/dist/mem-inbox.js.map +1 -1
package/dist/mem-roster.js +95 -0
package/dist/mem-roster.js.map +1 -0
package/dist/mem-signal.js +97 -2
package/dist/mem-signal.js.map +1 -1
package/dist/metrics-snapshot.js +3 -2
package/dist/metrics-snapshot.js.map +1 -1
package/dist/orchestrate-init-status.js +117 -2
package/dist/orchestrate-init-status.js.map +1 -1
package/dist/orchestrate-initiative.js +83 -10
package/dist/orchestrate-initiative.js.map +1 -1
package/dist/orchestrate-monitor-quality.js +289 -0
package/dist/orchestrate-monitor-quality.js.map +1 -0
package/dist/orchestrate-monitor.js +85 -0
package/dist/orchestrate-monitor.js.map +1 -1
package/dist/pack-validate.js +127 -2
package/dist/pack-validate.js.map +1 -1
package/dist/plan-create.js +18 -0
package/dist/plan-create.js.map +1 -1
package/dist/plan-link.js +13 -0
package/dist/plan-link.js.map +1 -1
package/dist/plan-promote.js +14 -0
package/dist/plan-promote.js.map +1 -1
package/dist/pre-commit-check.js +4 -3
package/dist/pre-commit-check.js.map +1 -1
package/dist/public-manifest.js +17 -3
package/dist/public-manifest.js.map +1 -1
package/dist/release.js +10 -10
package/dist/release.js.map +1 -1
package/dist/session-cross-link.js +139 -0
package/dist/session-cross-link.js.map +1 -0
package/dist/sidecar-manager.js +208 -0
package/dist/sidecar-manager.js.map +1 -0
package/dist/state-path-resolvers.js +18 -0
package/dist/state-path-resolvers.js.map +1 -1
package/dist/stream-heartbeat.js +151 -0
package/dist/stream-heartbeat.js.map +1 -0
package/dist/sync-templates.js +56 -2
package/dist/sync-templates.js.map +1 -1
package/dist/wu-block.js +47 -5
package/dist/wu-block.js.map +1 -1
package/dist/wu-claim-branch.js +8 -4
package/dist/wu-claim-branch.js.map +1 -1
package/dist/wu-claim-state.js +5 -3
package/dist/wu-claim-state.js.map +1 -1
package/dist/wu-claim-worktree.js +5 -3
package/dist/wu-claim-worktree.js.map +1 -1
package/dist/wu-claim.js +261 -9
package/dist/wu-claim.js.map +1 -1
package/dist/wu-done-auto-cleanup.js +3 -2
package/dist/wu-done-auto-cleanup.js.map +1 -1
package/dist/wu-done-git-ops.js +12 -8
package/dist/wu-done-git-ops.js.map +1 -1
package/dist/wu-done-preflight.js +3 -3
package/dist/wu-done-preflight.js.map +1 -1
package/dist/wu-done.js +46 -10
package/dist/wu-done.js.map +1 -1
package/dist/wu-lifecycle-sync/gate-scope-resolver.js +16 -0
package/dist/wu-lifecycle-sync/gate-scope-resolver.js.map +1 -0
package/dist/wu-lifecycle-sync/kernel-event-sync-shim.js +10 -0
package/dist/wu-lifecycle-sync/kernel-event-sync-shim.js.map +1 -0
package/dist/wu-prep.js +363 -22
package/dist/wu-prep.js.map +1 -1
package/dist/wu-prune.js +68 -27
package/dist/wu-prune.js.map +1 -1
package/dist/wu-release.js +34 -3
package/dist/wu-release.js.map +1 -1
package/dist/wu-review.js +167 -0
package/dist/wu-review.js.map +1 -0
package/dist/wu-spawn-prompt-builders.js +296 -40
package/dist/wu-spawn-prompt-builders.js.map +1 -1
package/dist/wu-spawn-strategy-resolver.js +126 -14
package/dist/wu-spawn-strategy-resolver.js.map +1 -1
package/dist/wu-unblock.js +52 -22
package/dist/wu-unblock.js.map +1 -1
package/package.json +13 -8
package/packs/agent-runtime/.turbo/turbo-build.log +1 -1
package/packs/agent-runtime/.turbo/turbo-test.log +25 -0
package/packs/agent-runtime/.turbo/turbo-typecheck.log +4 -0
package/packs/agent-runtime/agent-heartbeat.ts +163 -0
package/packs/agent-runtime/auto-session-integration.ts +874 -0
package/packs/agent-runtime/delegation-registry-schema.ts +220 -0
package/packs/agent-runtime/delegation-registry-store.ts +269 -0
package/packs/agent-runtime/delegation-tree.ts +328 -0
package/packs/agent-runtime/index.ts +9 -0
package/packs/agent-runtime/manifest.ts +103 -19
package/packs/agent-runtime/manifest.yaml +132 -0
package/packs/agent-runtime/memory-coordination-contract.ts +86 -0
package/packs/agent-runtime/memory.d.ts +19 -0
package/packs/agent-runtime/orchestration.ts +238 -23
package/packs/agent-runtime/package.json +11 -2
package/packs/agent-runtime/remote-controls/index.ts +7 -0
package/packs/agent-runtime/remote-controls/operations.ts +399 -0
package/packs/agent-runtime/remote-controls/port.ts +48 -0
package/packs/agent-runtime/remote-controls/state-store.ts +258 -0
package/packs/agent-runtime/remote-controls/types.ts +105 -0
package/packs/agent-runtime/session-schema.ts +423 -0
package/packs/agent-runtime/tool-impl/index.ts +1 -0
package/packs/agent-runtime/tool-impl/remote-controls.mock.ts +252 -0
package/packs/agent-runtime/tool-impl/remote-controls.ts +273 -0
package/packs/agent-runtime/tsconfig.json +1 -1
package/packs/agent-runtime/turn-lifecycle-events.ts +501 -0
package/packs/sidekick/.lumenflow/state/conductor/outbox/sidekick-events.jsonl +213 -0
package/packs/sidekick/.turbo/turbo-build.log +1 -1
package/packs/sidekick/.turbo/turbo-test.log +25 -0
package/packs/sidekick/.turbo/turbo-typecheck.log +4 -0
package/packs/sidekick/channel-ingress.ts +137 -0
package/packs/sidekick/manifest.ts +74 -0
package/packs/sidekick/manifest.yaml +88 -0
package/packs/sidekick/package.json +3 -1
package/packs/sidekick/sidekick-events.ts +517 -0
package/packs/sidekick/src/adapters/cloud-queue.ts +101 -0
package/packs/sidekick/src/adapters/control-plane-bridge.adapter.ts +378 -0
package/packs/sidekick/src/adapters/filesystem-bridge.adapter.ts +224 -0
package/packs/sidekick/src/domain/channel.types.ts +84 -0
package/packs/sidekick/src/ports/channel-bridge.port.ts +75 -0
package/packs/sidekick/src/routines/commit.ts +74 -0
package/packs/sidekick/tool-impl/channel-tools.ts +47 -0
package/packs/sidekick/tool-impl/memory-tools.ts +17 -0
package/packs/sidekick/tool-impl/routine-commit.ts +102 -0
package/packs/sidekick/tool-impl/routine-tools.ts +67 -7
package/packs/sidekick/tool-impl/runtime-context.ts +4 -0
package/packs/sidekick/tool-impl/storage.ts +3 -0
package/packs/sidekick/tool-impl/system-tools.ts +7 -0
package/packs/sidekick/tool-impl/task-tools.ts +46 -0
package/packs/sidekick/tsconfig.json +1 -1
package/packs/software-delivery/.turbo/turbo-build.log +1 -1
package/packs/software-delivery/.turbo/turbo-test.log +63 -0
package/packs/software-delivery/.turbo/turbo-typecheck.log +4 -0
package/packs/software-delivery/manifest-schema.ts +30 -0
package/packs/software-delivery/manifest.ts +99 -1
package/packs/software-delivery/manifest.yaml +46 -0
package/packs/software-delivery/package.json +88 -3
package/packs/software-delivery/src/commands/index.ts +5 -0
package/packs/software-delivery/src/config/delivery-review-contract.ts +20 -0
package/packs/software-delivery/src/config/env-accessors.ts +19 -0
package/packs/software-delivery/src/config/index.ts +8 -0
package/packs/software-delivery/src/config/normalize-config-keys.ts +19 -0
package/packs/software-delivery/src/config/schemas/lumenflow-config-schema-types.ts +436 -0
package/packs/software-delivery/src/config/workspace-reader.ts +310 -0
package/packs/software-delivery/src/constants/backlog-patterns.ts +31 -0
package/packs/software-delivery/src/constants/client-ids.ts +19 -0
package/packs/software-delivery/src/constants/config-contract.ts +7 -0
package/packs/software-delivery/src/constants/docs-layout-presets.ts +50 -0
package/packs/software-delivery/src/constants/duration-constants.ts +20 -0
package/packs/software-delivery/src/constants/gate-constants.ts +32 -0
package/packs/software-delivery/src/constants/index.ts +29 -0
package/packs/software-delivery/src/constants/lock-constants.ts +35 -0
package/packs/software-delivery/src/constants/object-guards.ts +12 -0
package/packs/software-delivery/src/constants/section-headings.ts +107 -0
package/packs/software-delivery/src/constants/wu-cli-constants.ts +485 -0
package/packs/software-delivery/src/constants/wu-domain-constants.ts +466 -0
package/packs/software-delivery/src/constants/wu-git-constants.ts +7 -0
package/packs/software-delivery/src/constants/wu-id-format.ts +327 -0
package/packs/software-delivery/src/constants/wu-paths-constants.ts +358 -0
package/packs/software-delivery/src/constants/wu-statuses.ts +287 -0
package/packs/software-delivery/src/constants/wu-type-helpers.ts +67 -0
package/packs/software-delivery/src/constants/wu-ui-constants.ts +267 -0
package/packs/software-delivery/src/constants/wu-validation-constants.ts +73 -0
package/packs/software-delivery/src/domain/index.ts +5 -0
package/packs/software-delivery/src/domain/orchestration.constants.ts +168 -0
package/packs/software-delivery/src/domain/orchestration.schemas.ts +239 -0
package/packs/software-delivery/src/domain/orchestration.types.ts +178 -0
package/packs/software-delivery/src/methodology/incremental-test.ts +90 -0
package/packs/software-delivery/src/methodology/index.ts +6 -0
package/packs/software-delivery/src/methodology/manual-test-validator.ts +292 -0
package/packs/software-delivery/src/policy/coverage-gate.ts +270 -0
package/packs/software-delivery/src/policy/gates-agent-mode.ts +223 -0
package/packs/software-delivery/src/policy/gates-config-internal.ts +121 -0
package/packs/software-delivery/src/policy/gates-config.ts +293 -0
package/packs/software-delivery/src/policy/gates-coverage.ts +247 -0
package/packs/software-delivery/src/policy/gates-presets.ts +134 -0
package/packs/software-delivery/src/policy/gates-schemas.ts +173 -0
package/packs/software-delivery/src/policy/index.ts +22 -0
package/packs/software-delivery/src/policy/package-manager-resolver.ts +319 -0
package/packs/software-delivery/src/policy/resolve-policy.ts +518 -0
package/packs/software-delivery/src/ports/config.ports.ts +90 -0
package/packs/software-delivery/src/ports/dashboard-renderer.port.ts +125 -0
package/packs/software-delivery/src/ports/index.ts +10 -0
package/packs/software-delivery/src/ports/sync-validator.ports.ts +59 -0
package/packs/software-delivery/src/ports/wu-helpers.ports.ts +168 -0
package/packs/software-delivery/src/ports/wu-state.ports.ts +241 -0
package/packs/software-delivery/src/primitives/index.ts +5 -0
package/packs/software-delivery/src/runtime/index.ts +6 -0
package/packs/software-delivery/src/runtime/work-classifier.ts +561 -0
package/packs/software-delivery/src/sandbox/index.ts +10 -0
package/packs/software-delivery/src/sandbox/sandbox-allowlist.ts +118 -0
package/packs/software-delivery/src/sandbox/sandbox-backend-linux.ts +88 -0
package/packs/software-delivery/src/sandbox/sandbox-backend-macos.ts +154 -0
package/packs/software-delivery/src/sandbox/sandbox-backend-windows.ts +47 -0
package/packs/software-delivery/src/sandbox/sandbox-profile.ts +153 -0
package/packs/software-delivery/src/schemas/index.ts +5 -0
package/packs/software-delivery/src/state/date-utils.ts +158 -0
package/packs/software-delivery/src/state/index.ts +15 -0
package/packs/software-delivery/src/state/state-machine.ts +119 -0
package/packs/software-delivery/src/state/wu-doc-types.ts +51 -0
package/packs/software-delivery/src/state/wu-paths.ts +381 -0
package/packs/software-delivery/src/state/wu-schema.ts +1139 -0
package/packs/software-delivery/src/state/wu-state-schema.ts +255 -0
package/packs/software-delivery/src/state/wu-yaml.ts +338 -0
package/packs/software-delivery/src/types.d.ts +16 -0
package/packs/software-delivery/tool-impl/wu-lifecycle-tools.ts +18 -0
package/packs/software-delivery/tsconfig.json +28 -2
package/templates/core/AGENTS.md.template +76 -17
package/templates/core/LUMENFLOW.md.template +265 -66
package/templates/core/_frameworks/lumenflow/wu-sizing-guide.md.template +180 -116
package/templates/core/ai/onboarding/agent-invocation-guide.md.template +26 -8
package/templates/core/ai/onboarding/existing-project-bootstrap.md.template +171 -0
package/templates/core/ai/onboarding/first-15-mins.md.template +3 -1
package/templates/core/ai/onboarding/first-wu-mistakes.md.template +1 -1
package/templates/core/ai/onboarding/initiative-orchestration.md.template +46 -30
package/templates/core/ai/onboarding/quick-ref-commands.md.template +36 -33
package/templates/core/ai/onboarding/release-process.md.template +8 -7
package/templates/core/ai/onboarding/starting-prompt.md.template +2 -0
package/templates/core/ai/onboarding/troubleshooting-wu-done.md.template +62 -0
package/templates/vendors/claude/.claude/CLAUDE.md.template +29 -54
package/templates/vendors/cursor/.cursor/rules/lumenflow.md.template +24 -52
package/templates/vendors/windsurf/.windsurf/rules/lumenflow.md.template +24 -52

package/packs/sidekick/channel-ingress.ts ADDED Viewed

@@ -0,0 +1,137 @@
+// Copyright (c) 2026 Hellmai Ltd
+// SPDX-License-Identifier: AGPL-3.0-only
+/**
+ * WU-2731 (INIT-060 phase 3, ADR-013 §5 Identity):
+ * Pure inbound-channel ingress sanitizer.
+ *
+ * ADR-013 §5 rules, enforced here:
+ *
+ * - The authoritative `from` value for an inbound phone POST comes from the
+ *   authenticated token subject (`{workspace_id}:phone:{device_id}`). Cloud
+ *   MUST NOT trust a `from` field supplied in the request body.
+ *
+ * - Body-supplied `from` (and any alias under `metadata.from`) is stripped
+ *   before the envelope reaches domain code. The surface that calls this
+ *   module is expected to pass the resolved `from` separately; attempting to
+ *   ingest a body-only envelope (no authoritative from) fails closed.
+ *
+ * The module is HTTP-independent: both the kernel tool-api surface and the
+ * future control-plane adapter (WU-2737) call the same sanitizer so the
+ * ignore-body-from rule is enforced in one place.
+ */
+const ENVELOPE_BODY_FIELD_FROM = 'from' as const;
+const ENVELOPE_METADATA_KEY = 'metadata' as const;
+const ENVELOPE_FROM_SOURCE_TOKEN = 'token' as const;
+export interface PhoneChannelIngressInput {
+  /**
+   * Raw request body as parsed from JSON. Opaque record; the sanitizer does
+   * not inspect `body`, only the `from` attribution fields.
+   */
+  body: Readonly<Record<string, unknown>>;
+  /**
+   * Authoritative identity claim resolved from the bearer token. Required:
+   * without a token subject, cloud cannot attribute the message, and the
+   * ingress path rejects the request.
+   */
+  authoritativeFrom: string;
+}
+export interface PhoneChannelIngressEnvelope {
+  /**
+   * Sanitised request body with any body-level `from` stripped. Everything
+   * else the caller supplied is preserved so downstream code (channel.send,
+   * routing) can consume arbitrary payload fields.
+   */
+  body: Record<string, unknown>;
+  /** Authoritative attribution string (`{workspace_id}:phone:{device_id}`). */
+  from: string;
+  /** Always `'token'` — cloud-safe invariant per ADR-013 §5. */
+  from_source: typeof ENVELOPE_FROM_SOURCE_TOKEN;
+}
+export class PhoneChannelIngressError extends Error {
+  readonly statusCode: number;
+  constructor(message: string, statusCode: number) {
+    super(message);
+    this.name = 'PhoneChannelIngressError';
+    this.statusCode = statusCode;
+  }
+}
+/**
+ * Sanitize an inbound phone-channel request. Returns a cleaned envelope with
+ * the authoritative `from` baked in. Throws `PhoneChannelIngressError` (HTTP
+ * 400) when the authoritative `from` is missing — the surface translates the
+ * error to a 400/403 response.
+ */
+export function sanitizePhoneChannelIngress(
+  input: PhoneChannelIngressInput,
+): PhoneChannelIngressEnvelope {
+  if (typeof input.authoritativeFrom !== 'string' || input.authoritativeFrom.length === 0) {
+    throw new PhoneChannelIngressError(
+      'Inbound phone channel requires authoritative from (token subject); body-only attribution is rejected.',
+      400,
+    );
+  }
+  const sanitizedBody = stripKey(input.body, ENVELOPE_BODY_FIELD_FROM);
+  const rawMetadata = sanitizedBody[ENVELOPE_METADATA_KEY];
+  if (
+    rawMetadata !== null &&
+    typeof rawMetadata === 'object' &&
+    !Array.isArray(rawMetadata) &&
+    ENVELOPE_BODY_FIELD_FROM in (rawMetadata as Record<string, unknown>)
+  ) {
+    sanitizedBody[ENVELOPE_METADATA_KEY] = stripKey(
+      rawMetadata as Record<string, unknown>,
+      ENVELOPE_BODY_FIELD_FROM,
+    );
+  }
+  return {
+    body: sanitizedBody,
+    from: input.authoritativeFrom,
+    from_source: ENVELOPE_FROM_SOURCE_TOKEN,
+  };
+}
+/**
+ * Copy `record` omitting the given key. Implemented with a filtered
+ * `Object.entries` rather than `delete` to satisfy the linter's ban on
+ * dynamic-delete (which would otherwise be a no-op for literal keys but
+ * fails the rule uniformly).
+ */
+function stripKey(record: Readonly<Record<string, unknown>>, key: string): Record<string, unknown> {
+  const result: Record<string, unknown> = {};
+  for (const [entryKey, entryValue] of Object.entries(record)) {
+    if (entryKey !== key) {
+      result[entryKey] = entryValue;
+    }
+  }
+  return result;
+}
+/**
+ * Convenience: reports whether the given `from` subject matches the
+ * phone-device grammar (`{workspace_id}:phone:{device_id}`). Useful to
+ * tell workspace-scoped actors from phone-device actors in the audit log
+ * without reaching for the enrollment parser.
+ */
+export function isPhoneSubject(subject: string): boolean {
+  const parts = subject.split(':');
+  if (parts.length !== 3) {
+    return false;
+  }
+  const [workspace, kind, device] = parts;
+  return (
+    kind === 'phone' &&
+    typeof workspace === 'string' &&
+    workspace.length > 0 &&
+    typeof device === 'string' &&
+    device.length > 0
+  );
+}

package/packs/sidekick/manifest.ts CHANGED Viewed

@@ -16,6 +16,7 @@ import {
   type PathScope,
   type ToolPermission,
 } from './tools/types.js';
+import { SIDEKICK_EVENT_KIND_VALUES } from './sidekick-events.js';
 // ---------------------------------------------------------------------------
 // Scope constants
@@ -62,6 +63,10 @@ const TOOL_PERMISSIONS_MAP = {
   'routine:update': TOOL_PERMISSIONS.WRITE,
   'routine:delete': TOOL_PERMISSIONS.ADMIN,
   'routine:run': TOOL_PERMISSIONS.READ, // plan-only, no execution
+  // WU-2738 (INIT-060, ADR-013 §6 governance): plan-to-commit flow routed
+  // through agent:execute-turn. Runtime-callable tool, no top-level
+  // surface -- the governed dispatch is the only path to commit a plan.
+  'sidekick:routine:commit_plan': TOOL_PERMISSIONS.WRITE,
   // System tools (3)
   'sidekick:init': TOOL_PERMISSIONS.WRITE,
   'sidekick:status': TOOL_PERMISSIONS.READ,
@@ -74,6 +79,7 @@ const TASK_TOOLS_ENTRY = 'tool-impl/task-tools.ts';
 const MEMORY_TOOLS_ENTRY = 'tool-impl/memory-tools.ts';
 const CHANNEL_TOOLS_ENTRY = 'tool-impl/channel-tools.ts';
 const ROUTINE_TOOLS_ENTRY = 'tool-impl/routine-tools.ts';
+const ROUTINE_COMMIT_TOOL_ENTRY = 'tool-impl/routine-commit.ts';
 const SYSTEM_TOOLS_ENTRY = 'tool-impl/system-tools.ts';
 const POLICY_FACTORY_ENTRY = 'policy-factory.ts#createSidekickPolicyFactory';
@@ -98,6 +104,7 @@ const TOOL_ENTRIES: Record<SidekickToolName, string> = {
   'routine:update': ROUTINE_TOOLS_ENTRY,
   'routine:delete': ROUTINE_TOOLS_ENTRY,
   'routine:run': ROUTINE_TOOLS_ENTRY,
+  'sidekick:routine:commit_plan': ROUTINE_COMMIT_TOOL_ENTRY,
   'sidekick:init': SYSTEM_TOOLS_ENTRY,
   'sidekick:status': SYSTEM_TOOLS_ENTRY,
   'sidekick:export': SYSTEM_TOOLS_ENTRY,
@@ -343,6 +350,23 @@ const TOOL_INPUT_SCHEMAS: Record<SidekickToolName, Record<string, unknown>> = {
     required: ['id'],
     additionalProperties: false,
   },
+  'sidekick:routine:commit_plan': {
+    type: 'object',
+    properties: {
+      plan_id: { type: 'string', minLength: 1 },
+      attestation: {
+        type: 'object',
+        properties: {
+          actor: { type: 'string', minLength: 1 },
+          reason: { type: 'string', minLength: 1 },
+        },
+        required: ['actor', 'reason'],
+        additionalProperties: true,
+      },
+    },
+    required: ['plan_id', 'attestation'],
+    additionalProperties: false,
+  },
   'sidekick:init': {
     type: 'object',
     properties: {},
@@ -387,8 +411,17 @@ function resolveRequiredScopes(permission: ToolPermission): PathScope[] {
   return [SIDEKICK_SCOPE_READ, SIDEKICK_SCOPE_WRITE];
 }
+// WU-2738 (INIT-060, ADR-013 §6 governance): tool-level approval surface
+// declarations. Empty array means the default policy permits dispatch; a
+// populated array signals the cloud conductor to render an approval prompt
+// before the governed `agent:execute-turn` dispatch invokes the tool.
+const TOOL_REQUIRED_APPROVALS: Partial<Record<SidekickToolName, string[]>> = {
+  'sidekick:routine:commit_plan': [],
+};
 function buildTool(name: SidekickToolName): SidekickManifestTool {
   const permission = TOOL_PERMISSIONS_MAP[name];
+  const requiredApprovals = TOOL_REQUIRED_APPROVALS[name];
   return {
     name,
     entry: TOOL_ENTRIES[name],
@@ -396,6 +429,7 @@ function buildTool(name: SidekickToolName): SidekickManifestTool {
     required_scopes: resolveRequiredScopes(permission),
     input_schema: TOOL_INPUT_SCHEMAS[name],
     output_schema: GENERIC_OUTPUT_SCHEMA,
+    ...(requiredApprovals !== undefined ? { required_approvals: requiredApprovals } : {}),
   };
 }
@@ -405,6 +439,41 @@ function buildTool(name: SidekickToolName): SidekickManifestTool {
 export const SIDEKICK_TOOL_NAMES = Object.keys(TOOL_PERMISSIONS_MAP) as SidekickToolName[];
+/**
+ * WU-2780 (ADR-013 §6 governance): tool names the sidekick pack forbids from
+ * the top-level remote surface (POST /tools/:name). These tools remain
+ * registered as runtime-callable — `agent:execute-turn` dispatches them via
+ * the governed manifest path — but any HTTP allowlist that includes them
+ * MUST be rejected fail-closed. ADR-013 §6 explicitly names `channel.send`:
+ * "The sidekick pack does NOT expose `channel.send` as a top-level surface
+ * the agent can call outside a turn. It is registered only as a
+ * runtime-callable tool."
+ */
+const ADR_013_SECTION_6_RUNTIME_ONLY_TOOLS: readonly SidekickToolName[] = ['channel:send'] as const;
+/**
+ * WU-2780 (INIT-060, ADR-013 §6): sidekick pack tools that MAY be exposed on
+ * the HTTP tool-api surface (POST /tools/:name). Mirrors the
+ * `REMOTE_CALLABLE_TOOLS` export pattern in sibling packs (software-delivery,
+ * agent-runtime) so integrators have a single source of truth when wiring
+ * the surface allowlist. ADR-013 §6 runtime-only tools are excluded by
+ * construction; the HTTP tool-api also enforces this fail-closed at router
+ * construction.
+ */
+export const SIDEKICK_REMOTE_CALLABLE_TOOLS: readonly SidekickToolName[] =
+  SIDEKICK_TOOL_NAMES.filter(
+    (name): name is SidekickToolName => !ADR_013_SECTION_6_RUNTIME_ONLY_TOOLS.includes(name),
+  );
+/**
+ * WU-2780 (INIT-060, ADR-013 §6): returns a fresh copy of the ordered
+ * remote-callable tool name list. Keeps the export immutable for callers
+ * that prefer arrays over readonly tuples.
+ */
+export function getSidekickRemoteCallableToolNames(): SidekickToolName[] {
+  return [...SIDEKICK_REMOTE_CALLABLE_TOOLS];
+}
 const SIDEKICK_MANIFEST_TEMPLATE = {
   id: SIDEKICK_PACK_ID,
   version: SIDEKICK_PACK_VERSION,
@@ -421,8 +490,13 @@ const SIDEKICK_MANIFEST_TEMPLATE = {
     },
   ],
   evidence_types: ['sidekick.audited.tool-call'],
+  emitted_event_kinds: [...SIDEKICK_EVENT_KIND_VALUES],
   state_aliases: {},
   lane_templates: [],
+  // WU-2735 (INIT-060 WU-7a, ADR-013 §ChannelBridge): the sidekick pack
+  // requires the `sidekick-channel` transport surface. The kernel refuses
+  // to activate the pack if the surface isn't registered at startup.
+  surfaces_required: ['sidekick-channel'],
 };
 export const SIDEKICK_MANIFEST: SidekickPackManifest = SidekickManifestSchema.parse(

package/packs/sidekick/manifest.yaml CHANGED Viewed

@@ -353,6 +353,13 @@ tools:
     output_schema:
       type: object
       additionalProperties: true
+  # WU-2780 (ADR-013 §6 governance): runtime-callable only. `channel.send`
+  # MUST route through agent:execute-turn so every phone-directed message
+  # becomes an `agent-runtime:tool_called` audit event. The pack manifest
+  # registers it here so the kernel can dispatch it from within a turn, but
+  # the HTTP tool-api surface (POST /tools/:name) rejects it fail-closed —
+  # see SIDEKICK_REMOTE_CALLABLE_TOOLS in manifest.ts and
+  # ADR_013_SECTION_6_FORBIDDEN_REMOTE_TOOLS in surfaces/http/tool-api.ts.
   - name: channel:send
     entry: tool-impl/channel-tools.ts
     permission: write
@@ -558,6 +565,44 @@ tools:
     output_schema:
       type: object
       additionalProperties: true
+  # WU-2738 (INIT-060, ADR-013 §6 governance): plan-to-commit flow routed
+  # through agent:execute-turn. Runtime-callable tool, no top-level
+  # surface -- the governed dispatch is the only path to commit a plan.
+  # required_approvals is declared (empty) so the cloud conductor treats
+  # the tool as approval-aware even when the default policy permits it.
+  - name: sidekick:routine:commit_plan
+    entry: tool-impl/routine-commit.ts
+    permission: write
+    required_scopes:
+      - type: path
+        pattern: .sidekick/**
+        access: read
+      - type: path
+        pattern: .sidekick/**
+        access: write
+    required_approvals: []
+    input_schema:
+      type: object
+      properties:
+        plan_id:
+          type: string
+          minLength: 1
+        attestation:
+          type: object
+          properties:
+            actor:
+              type: string
+              minLength: 1
+            reason:
+              type: string
+              minLength: 1
+          required: [actor, reason]
+          additionalProperties: true
+      required: [plan_id, attestation]
+      additionalProperties: false
+    output_schema:
+      type: object
+      additionalProperties: true
   - name: sidekick:init
     entry: tool-impl/system-tools.ts
     permission: write
@@ -612,5 +657,48 @@ policies:
     reason: Default sidekick policy permits declared tools within scoped access.
 evidence_types:
   - sidekick.audited.tool-call
+# WU-2734 (INIT-060, ADR-013): sidekick emits 16 namespaced event kinds on the
+# pack channel. Command-style task/routine/bootstrap events use queued replay;
+# memory and channel observations are ephemeral and fail silent without
+# control_plane.org_id.
+emitted_event_kinds:
+  - sidekick:task_created
+  - sidekick:task_completed
+  - sidekick:task_scheduled
+  - sidekick:task_snoozed
+  - sidekick:memory_stored
+  - sidekick:memory_recalled
+  - sidekick:memory_forgotten
+  - sidekick:channel_message_sent
+  - sidekick:channel_message_received
+  - sidekick:channel_bridge_connected
+  - sidekick:channel_bridge_disconnected
+  - sidekick:routine_planned
+  - sidekick:routine_committed
+  - sidekick:routine_executed
+  - sidekick:routine_step_failed
+  - sidekick:state_rehydrated
+backpressure_policy:
+  sidekick:task_created: queue-with-replay
+  sidekick:task_completed: queue-with-replay
+  sidekick:task_scheduled: queue-with-replay
+  sidekick:task_snoozed: queue-with-replay
+  sidekick:memory_stored: ephemeral
+  sidekick:memory_recalled: ephemeral
+  sidekick:memory_forgotten: ephemeral
+  sidekick:channel_message_sent: ephemeral
+  sidekick:channel_message_received: ephemeral
+  sidekick:channel_bridge_connected: ephemeral
+  sidekick:channel_bridge_disconnected: ephemeral
+  sidekick:routine_planned: queue-with-replay
+  sidekick:routine_committed: queue-with-replay
+  sidekick:routine_executed: queue-with-replay
+  sidekick:routine_step_failed: queue-with-replay
+  sidekick:state_rehydrated: queue-with-replay
 state_aliases: {}
 lane_templates: []
+# WU-2735 (INIT-060 WU-7a, ADR-013 §ChannelBridge): the sidekick pack requires
+# the `sidekick-channel` transport surface. The kernel refuses to activate the
+# pack if the surface isn't registered at startup.
+surfaces_required:
+  - sidekick-channel

package/packs/sidekick/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lumenflow/packs-sidekick",
-  "version": "4.24.0",
+  "version": "5.0.0",
   "description": "Sidekick personal assistant pack for LumenFlow — 16 tools for task management, typed memory, channels, routines, and audit",
   "keywords": [
     "lumenflow",
@@ -24,12 +24,14 @@
   "type": "module",
   "exports": {
     ".": "./dist/index.js",
+    "./channel-ingress": "./dist/channel-ingress.js",
     "./storage": "./dist/tool-impl/storage.js",
     "./tools": "./dist/tools/index.js",
     "./tool-impl": "./dist/tool-impl/index.js",
     "./tool-impl/channel-transports": "./dist/tool-impl/channel-transports.js",
     "./tool-impl/channel-tools": "./dist/tool-impl/channel-tools.js",
     "./tool-impl/memory-tools": "./dist/tool-impl/memory-tools.js",
+    "./tool-impl/routine-commit": "./dist/tool-impl/routine-commit.js",
     "./tool-impl/routine-tools": "./dist/tool-impl/routine-tools.js",
     "./tool-impl/shared": "./dist/tool-impl/shared.js",
     "./tool-impl/storage": "./dist/tool-impl/storage.js",