@oscharko-dev/keiko-server 0.2.7 → 0.2.9

package/dist/gateway-setup.js

@@ -3,7 +3,7 @@
 // chat-completions smoke call, stores the resulting config on disk with private permissions, and
 // updates the in-memory runtime config without exposing credentials back to the browser.
 import { resolveEvidenceDir } from "@oscharko-dev/keiko-evidence";
-import { apiKeyHeaderValue, ConfigInvalidError, DEFAULT_API_KEY_HEADER_NAME, Gateway, createDefaultChatCapability, listConfiguredCapabilities, normalizeApiKeyHeaderName, parseGatewayConfig, toSafeObject, validateBaseUrl, } from "@oscharko-dev/keiko-model-gateway";
+import { apiKeyHeaderValue, ConfigInvalidError, DEFAULT_API_KEY_HEADER_NAME, Gateway, createDefaultChatCapability, listConfiguredCapabilities, modelSupportsSpeechInput, normalizeApiKeyHeaderName, parseGatewayConfig, selectSpeechToTextModel, toSafeObject, validateBaseUrl, VOICE_PROVIDER_LOCALITIES, } from "@oscharko-dev/keiko-model-gateway";
 import { gatewayFetch, readJsonCapped } from "@oscharko-dev/keiko-model-gateway/internal/http";
 import { redact } from "@oscharko-dev/keiko-security";
 import { errorBody } from "./routes.js";
@@ -108,10 +108,25 @@ function isAzureFoundryBaseUrl(baseUrl) {
         return false;
     }
 }
+function createDefaultSetupCapability(modelId, embeddingModelIds) {
+    if (embeddingModelIds?.includes(modelId) === true) {
+        return createDefaultEmbeddingCapabilityForSetup(modelId);
+    }
+    const capability = createDefaultChatCapability(modelId);
+    if (modelId.toLowerCase().includes("mistral")) {
+        return {
+            ...capability,
+            toolCalling: false,
+            knownLimitations: [
+                ...capability.knownLimitations,
+                "Tool calling is disabled by default for Mistral deployments until endpoint readiness verifies it",
+            ],
+        };
+    }
+    return capability;
+}
 function providerRaw(modelId, baseUrl, apiKey, options = {}) {
-    const defaultCapability = options.embeddingModelIds?.includes(modelId) === true
-        ? createDefaultEmbeddingCapabilityForSetup(modelId)
-        : createDefaultChatCapability(modelId);
+    const defaultCapability = createDefaultSetupCapability(modelId, options.embeddingModelIds);
     return {
         modelId,
         baseUrl,
@@ -125,6 +140,41 @@ function providerRaw(modelId, baseUrl, apiKey, options = {}) {
         retryBaseDelayMs: options.retryBaseDelayMs ?? 500,
     };
 }
+function createDefaultVoiceDictationCapabilityForSetup(modelId, providerLocality) {
+    return {
+        id: modelId,
+        kind: "voice",
+        contextWindow: 0,
+        maxOutputTokens: 0,
+        toolCalling: false,
+        structuredOutput: false,
+        streaming: false,
+        supportsImageInput: false,
+        supportsDocumentInput: false,
+        workflowEligible: false,
+        supportsSpeechInput: true,
+        voiceProviderLocality: providerLocality,
+        costClass: "low",
+        latencyClass: "fast",
+        throughputHint: "runtime-configured speech-to-text endpoint",
+        preferredUseCases: ["Dictation"],
+        knownLimitations: [
+            "Speech-to-text only; dictation is verified when the first audio clip is transcribed",
+        ],
+    };
+}
+function voiceProviderRaw(modelId, baseUrl, apiKey, options = {}) {
+    return {
+        modelId,
+        baseUrl,
+        apiKey,
+        apiKeyHeaderName: options.apiKeyHeaderName ?? DEFAULT_API_KEY_HEADER_NAME,
+        capability: createDefaultVoiceDictationCapabilityForSetup(modelId, options.providerLocality ?? "azure-foundry"),
+        timeoutMs: options.timeoutMs ?? 30_000,
+        maxRetries: 1,
+        retryBaseDelayMs: 500,
+    };
+}
 function isLikelyEmbeddingModelId(modelId) {
     return EMBEDDING_ID_PATTERN.test(modelId);
 }
@@ -223,7 +273,19 @@ function currentImageInputModelIds(config) {
         ?.filter((capability) => capability.kind === "chat" && capability.supportsImageInput)
         .map((capability) => capability.id) ?? []);
 }
-function rawConfigFromCurrent(config, figmaAccessToken, timeoutMs) {
+// `supportedVoicePersonas` is DERIVED at parse time from a provider's `voiceProfiles` (Issue #1557,
+// ADR-0094 D2 / HAZARD-3). It must NOT be persisted: the strict top-level `capabilities` parser
+// rejects it as an unrecognised input key, and re-deriving it on reload keeps a single source of
+// truth (the credential-tier `voiceProfiles`). Strip it so a save → reload round-trip re-derives.
+function stripDerivedVoicePersonas(capability) {
+    const { supportedVoicePersonas, ...rest } = capability;
+    return supportedVoicePersonas === undefined ? capability : rest;
+}
+// Exported as a test seam (mirroring `smokeTestCandidates` / the discovery-normalization exports):
+// the preserve-existing save path round-trips a parsed config back to raw for persistence, and the
+// Issue #1557 voice-persona round-trip (voiceProfiles preserved, derived supportedVoicePersonas
+// stripped and re-derived on reload — ADR-0094 D2) is pinned directly against this function.
+export function rawConfigFromCurrent(config, figmaAccessToken, timeoutMs) {
     return {
         providers: config.providers.map((provider) => {
             const capability = config.capabilities?.find((item) => item.id === provider.modelId);
@@ -235,15 +297,67 @@ function rawConfigFromCurrent(config, figmaAccessToken, timeoutMs) {
                 timeoutMs: timeoutMs ?? provider.timeoutMs,
                 maxRetries: provider.maxRetries,
                 retryBaseDelayMs: provider.retryBaseDelayMs,
-                ...(capability === undefined ? {} : { capability }),
+                // Persist the credential-tier persona → voice-id mapping so personas survive a save; the
+                // derived content-free `supportedVoicePersonas` is stripped and re-derived on reload.
+                ...(provider.voiceProfiles === undefined ? {} : { voiceProfiles: provider.voiceProfiles }),
+                ...(capability === undefined ? {} : { capability: stripDerivedVoicePersonas(capability) }),
             };
         }),
         circuitBreaker: config.circuitBreaker,
-        ...(config.capabilities === undefined ? {} : { capabilities: config.capabilities }),
+        ...(config.capabilities === undefined
+            ? {}
+            : { capabilities: config.capabilities.map(stripDerivedVoicePersonas) }),
         ...(config.grounding === undefined ? {} : { grounding: config.grounding }),
         ...(figmaAccessToken === undefined ? {} : { figma: { accessToken: figmaAccessToken } }),
     };
 }
+function rawCapabilityIsSpeechInputVoice(value) {
+    return (isRecord(value) &&
+        value.kind === "voice" &&
+        (value.supportsSpeechInput === true || value.supportsRealtimeVoice === true));
+}
+function rawProviderIsSpeechInputVoice(value) {
+    return isRecord(value) && rawCapabilityIsSpeechInputVoice(value.capability);
+}
+function setupVoiceProviderFromCurrent(current) {
+    const provider = currentSpeechInputProvider(current);
+    if (provider === undefined) {
+        return undefined;
+    }
+    const capability = currentSpeechInputCapability(current, provider.modelId);
+    return {
+        modelId: provider.modelId,
+        baseUrl: provider.baseUrl,
+        apiKey: provider.apiKey,
+        apiKeyHeaderName: provider.apiKeyHeaderName ?? DEFAULT_API_KEY_HEADER_NAME,
+        timeoutMs: provider.timeoutMs,
+        providerLocality: capability?.voiceProviderLocality ?? "azure-foundry",
+    };
+}
+function applyVoiceProvider(rawConfig, voiceProvider) {
+    if (voiceProvider === undefined) {
+        return rawConfig;
+    }
+    const providers = Array.isArray(rawConfig.providers) ? rawConfig.providers : [];
+    const nextProviders = providers.filter((provider) => !rawProviderIsSpeechInputVoice(provider) &&
+        (!isRecord(provider) || provider.modelId !== voiceProvider.modelId));
+    const nextConfig = {
+        ...rawConfig,
+        providers: [
+            ...nextProviders,
+            voiceProviderRaw(voiceProvider.modelId, voiceProvider.baseUrl, voiceProvider.apiKey, {
+                apiKeyHeaderName: voiceProvider.apiKeyHeaderName,
+                timeoutMs: voiceProvider.timeoutMs,
+                providerLocality: voiceProvider.providerLocality,
+            }),
+        ],
+    };
+    if (Array.isArray(rawConfig.capabilities)) {
+        nextConfig.capabilities = rawConfig.capabilities.filter((capability) => !rawCapabilityIsSpeechInputVoice(capability) &&
+            (!isRecord(capability) || capability.id !== voiceProvider.modelId));
+    }
+    return nextConfig;
+}
 function withInheritedEgress(rawConfig, egress) {
     if (egress === undefined || Object.hasOwn(rawConfig, "egress")) {
         return rawConfig;
@@ -640,6 +754,19 @@ function optionalSetupPositiveInt(value, path) {
     }
     return value;
 }
+function parseVoiceProviderLocality(value, fallback) {
+    if (value === undefined) {
+        return fallback;
+    }
+    if (typeof value !== "string" ||
+        !VOICE_PROVIDER_LOCALITIES.includes(value)) {
+        return {
+            status: 400,
+            body: errorBody("BAD_REQUEST", "voiceProviderLocality is not supported."),
+        };
+    }
+    return value;
+}
 function hasNonBlankStringField(raw, key) {
     const value = raw[key];
     return typeof value === "string" && value.trim().length > 0;
@@ -651,12 +778,36 @@ function hasNonEmptyListField(raw, key) {
     }
     return Array.isArray(value) && value.some((item) => typeof item === "string" && item.trim());
 }
+function hasVoiceProviderInput(raw) {
+    return (hasNonBlankStringField(raw, "voiceBaseUrl") ||
+        hasNonBlankStringField(raw, "voiceApiKey") ||
+        hasNonBlankStringField(raw, "voiceApiKeyHeaderName") ||
+        hasNonBlankStringField(raw, "voiceModelId") ||
+        hasNonBlankStringField(raw, "voiceProviderLocality") ||
+        raw.voiceTimeoutMs !== undefined);
+}
 function shouldPreserveExisting(raw, current) {
     return raw.preserveExisting === true && current !== undefined;
 }
 function firstProvider(current) {
     return current?.providers[0];
 }
+function currentSpeechInputProvider(current) {
+    if (current === undefined) {
+        return undefined;
+    }
+    const modelId = selectSpeechToTextModel(current);
+    if (modelId === undefined) {
+        return undefined;
+    }
+    return current.providers.find((provider) => provider.modelId === modelId);
+}
+function currentSpeechInputCapability(current, modelId) {
+    if (current === undefined || modelId === undefined) {
+        return undefined;
+    }
+    return current.capabilities?.find((capability) => capability.id === modelId && modelSupportsSpeechInput(capability));
+}
 function trimmedSubmittedString(raw, key) {
     const value = raw[key];
     if (typeof value !== "string")
@@ -673,6 +824,12 @@ function setupApiKeyHeaderSource(raw, provider, preserveExisting) {
     }
     return provider?.apiKeyHeaderName ?? DEFAULT_API_KEY_HEADER_NAME;
 }
+function setupVoiceApiKeyHeaderSource(raw, provider, preserveExisting) {
+    if (raw.voiceApiKeyHeaderName !== undefined || !preserveExisting) {
+        return raw.voiceApiKeyHeaderName;
+    }
+    return provider?.apiKeyHeaderName ?? DEFAULT_API_KEY_HEADER_NAME;
+}
 function readSetupGatewayCredentials(raw, env, current, preserveExisting) {
     const provider = firstProvider(current);
     const baseUrl = submittedOrInheritedString(raw, "baseUrl", provider?.baseUrl, preserveExisting);
@@ -691,6 +848,93 @@ function readSetupGatewayCredentials(raw, env, current, preserveExisting) {
     }
     return { baseUrl, apiKey, apiKeyHeaderName };
 }
+function validateVoiceProviderConnection(provider, env) {
+    try {
+        parseGatewayConfig({
+            providers: [
+                voiceProviderRaw(provider.modelId, provider.baseUrl, provider.apiKey, {
+                    apiKeyHeaderName: provider.apiKeyHeaderName,
+                    timeoutMs: provider.timeoutMs,
+                    providerLocality: provider.providerLocality,
+                }),
+            ],
+            circuitBreaker: { failureThreshold: 5, cooldownMs: 30_000, halfOpenProbes: 2 },
+        }, env);
+        return undefined;
+    }
+    catch (error) {
+        if (error instanceof ConfigInvalidError) {
+            return { status: 400, body: errorBody("BAD_REQUEST", error.message) };
+        }
+        throw error;
+    }
+}
+function setupVoiceModelId(raw, existing, preserveExisting) {
+    const modelId = trimmedSubmittedString(raw, "voiceModelId") ??
+        (preserveExisting ? existing?.modelId : undefined) ??
+        "keiko-stt";
+    if (!isUsableModelId(modelId)) {
+        return { status: 400, body: errorBody("BAD_REQUEST", "voiceModelId is invalid.") };
+    }
+    return modelId;
+}
+function setupVoiceConnection(raw, existing, preserveExisting) {
+    const baseUrl = submittedOrInheritedString(raw, "voiceBaseUrl", existing?.baseUrl, preserveExisting);
+    const apiKey = submittedOrInheritedString(raw, "voiceApiKey", existing?.apiKey, preserveExisting);
+    if (baseUrl.length === 0 || apiKey.length === 0) {
+        return {
+            status: 400,
+            body: errorBody("BAD_REQUEST", "voiceBaseUrl and voiceApiKey are required for dictation."),
+        };
+    }
+    return { baseUrl, apiKey };
+}
+function setupVoiceApiKeyHeaderName(raw, existing, preserveExisting) {
+    return normalizeSetupApiKeyHeaderName(setupVoiceApiKeyHeaderSource(raw, existing, preserveExisting));
+}
+function setupVoiceProviderLocality(raw, existingCapability) {
+    return parseVoiceProviderLocality(raw.voiceProviderLocality, existingCapability?.voiceProviderLocality ?? "azure-foundry");
+}
+function firstRouteResult(values) {
+    return values.find(isRouteResult);
+}
+function readSetupVoiceProvider(raw, env, current, preserveExisting) {
+    if (!hasVoiceProviderInput(raw)) {
+        return undefined;
+    }
+    const existing = preserveExisting ? currentSpeechInputProvider(current) : undefined;
+    const existingCapability = currentSpeechInputCapability(current, existing?.modelId);
+    const modelId = setupVoiceModelId(raw, existing, preserveExisting);
+    const connection = setupVoiceConnection(raw, existing, preserveExisting);
+    const apiKeyHeaderName = setupVoiceApiKeyHeaderName(raw, existing, preserveExisting);
+    const timeoutMs = optionalSetupPositiveInt(raw.voiceTimeoutMs, "voiceTimeoutMs");
+    const providerLocality = setupVoiceProviderLocality(raw, existingCapability);
+    const routeError = firstRouteResult([
+        modelId,
+        connection,
+        apiKeyHeaderName,
+        timeoutMs,
+        providerLocality,
+    ]);
+    if (routeError !== undefined) {
+        return routeError;
+    }
+    const resolvedConnection = connection;
+    const resolvedTimeoutMs = timeoutMs;
+    const provider = {
+        modelId: modelId,
+        baseUrl: resolvedConnection.baseUrl,
+        apiKey: resolvedConnection.apiKey,
+        apiKeyHeaderName: apiKeyHeaderName,
+        timeoutMs: resolvedTimeoutMs ?? existing?.timeoutMs,
+        providerLocality: providerLocality,
+    };
+    const invalidConnection = validateVoiceProviderConnection(provider, env);
+    if (invalidConnection !== undefined) {
+        return invalidConnection;
+    }
+    return provider;
+}
 function resolveSetupModelLists(modelLists, current, preserveExisting) {
     const existing = preserveExisting ? current : undefined;
     return {
@@ -731,12 +975,17 @@ function readSetupRequest(raw, env, current) {
     if (isRouteResult(figmaAccessToken)) {
         return figmaAccessToken;
     }
+    const voiceProvider = readSetupVoiceProvider(raw, env, current, preserveExisting);
+    if (isRouteResult(voiceProvider)) {
+        return voiceProvider;
+    }
     const resolvedModelLists = resolveSetupModelLists(modelLists, current, preserveExisting);
     return {
         ...credentials,
         timeoutMs,
         deploymentNames: resolvedModelLists.deploymentNames,
         imageInputModelIds: resolvedModelLists.imageInputModelIds,
+        voiceProvider,
         figmaAccessToken: figmaAccessToken ?? current?.figma?.accessToken,
         verifyGateway: setupRequiresGatewayVerification(raw, preserveExisting),
         verifyFigmaCredential: figmaAccessToken !== undefined,
@@ -832,13 +1081,14 @@ function finalRawConfigForSetup(input, testedModelIds, embeddingModelIds, imageI
         embeddingModelIds,
         timeoutMs: input.timeoutMs,
     });
-    return {
+    const rawConfigWithOptionalBlocks = {
         ...rawConfig,
         ...(input.current?.grounding === undefined ? {} : { grounding: input.current.grounding }),
         ...(input.figmaAccessToken === undefined
             ? {}
             : { figma: { accessToken: input.figmaAccessToken } }),
     };
+    return applyVoiceProvider(rawConfigWithOptionalBlocks, input.voiceProvider ?? setupVoiceProviderFromCurrent(input.current));
 }
 function skippedModelIdsForSetup(candidateModelIds, testedModelIds, embeddingModelIds) {
     const acceptedModelIds = new Set([...testedModelIds, ...embeddingModelIds]);
@@ -922,7 +1172,13 @@ function figmaCredentialFailureResult(error, request) {
     }
     return {
         status: 502,
-        body: errorBody("FIGMA_EGRESS_FAILED", safeError(error, [request.figmaAccessToken, request.apiKey, request.baseUrl])),
+        body: errorBody("FIGMA_EGRESS_FAILED", safeError(error, [
+            request.figmaAccessToken,
+            request.apiKey,
+            request.baseUrl,
+            request.voiceProvider?.apiKey,
+            request.voiceProvider?.baseUrl,
+        ])),
     };
 }
 async function verifySubmittedFigmaCredential(request, deps) {
@@ -979,6 +1235,7 @@ async function trySetupCandidate(baseUrl, request, deps, gatewayConfig, tester,
         timeoutMs: request.timeoutMs,
         deploymentNames: request.deploymentNames,
         imageInputModelIds: request.imageInputModelIds,
+        voiceProvider: request.voiceProvider,
         tester,
         discovery,
         env: deps.env,
@@ -991,10 +1248,17 @@ async function trySetupCandidate(baseUrl, request, deps, gatewayConfig, tester,
     return setupSuccessResult(verified.config, verified.testedModelIds, verified.skippedModelIds);
 }
 function setupCandidateError(error, request, baseUrl) {
-    return safeError(error, [request.apiKey, request.baseUrl, baseUrl, request.figmaAccessToken]);
+    return safeError(error, [
+        request.apiKey,
+        request.baseUrl,
+        baseUrl,
+        request.figmaAccessToken,
+        request.voiceProvider?.apiKey,
+        request.voiceProvider?.baseUrl,
+    ]);
 }
 function saveExistingConfigUpdate(request, current, deps, gatewayConfig) {
-    const rawConfig = rawConfigFromCurrent(current, request.figmaAccessToken, request.timeoutMs);
+    const rawConfig = applyVoiceProvider(rawConfigFromCurrent(current, request.figmaAccessToken, request.timeoutMs), request.voiceProvider);
     const config = parseGatewayConfig(withInheritedEgress(rawConfig, currentGatewayEgressConfig(deps)), deps.env);
     persistGatewayConfig(rawConfig, gatewayConfig.storagePath, deps);
     gatewayConfig.set(config, true);

package/dist/gitDelivery/actionSheetProjection.d.ts

@@ -0,0 +1,30 @@
+import { type GitDeliveryActionSheet, type GitDeliveryApprovalRequirement, type GitDeliveryBranchProtection, type GitDeliveryChecksState, type GitDeliveryMergeReadiness, type GitDeliveryOrgPolicyPack, type GitDeliveryProviderCapability, type GitDeliveryPullRequestState, type GitDeliveryRemediationClass, type GitDeliveryRepoPolicyPack, type GitDeliveryResolvedInputs } from "@oscharko-dev/keiko-contracts";
+import { type GitWorktreeSnapshot } from "@oscharko-dev/keiko-tools";
+export interface GitDeliveryProviderStateFacts {
+    readonly pullRequest?: GitDeliveryPullRequestState | undefined;
+    readonly mergeReadiness?: GitDeliveryMergeReadiness | undefined;
+    readonly branchProtection?: GitDeliveryBranchProtection | undefined;
+    readonly checks?: GitDeliveryChecksState | undefined;
+}
+export interface GitDeliveryTrustedPolicyPacks {
+    readonly orgPack?: GitDeliveryOrgPolicyPack | undefined;
+    readonly repoPack?: GitDeliveryRepoPolicyPack | undefined;
+}
+export interface BuildActionSheetFacts {
+    readonly actionId: string;
+    readonly resolvedInputs: GitDeliveryResolvedInputs;
+    readonly worktreeSnapshot: GitWorktreeSnapshot;
+    readonly approvalRequirement: GitDeliveryApprovalRequirement;
+    readonly policyPacks: GitDeliveryTrustedPolicyPacks;
+    readonly activeProviderCapabilities: readonly GitDeliveryProviderCapability[];
+    readonly providerState: GitDeliveryProviderStateFacts;
+    readonly providerReady: boolean;
+    readonly nowMs: number;
+}
+/**
+ * The pure projection. Runs preflight + policy over the supplied content-free facts and assembles the
+ * UI-safe action sheet. Deterministic: identical facts always yield an identical sheet.
+ */
+export declare function buildActionSheetFromFacts(facts: BuildActionSheetFacts): GitDeliveryActionSheet;
+export type { GitDeliveryRemediationClass };
+//# sourceMappingURL=actionSheetProjection.d.ts.map

package/dist/gitDelivery/actionSheetProjection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"actionSheetProjection.d.ts","sourceRoot":"","sources":["../../src/gitDelivery/actionSheetProjection.ts"],"names":[],"mappings":"AAgBA,OAAO,EAIL,KAAK,sBAAsB,EAC3B,KAAK,8BAA8B,EACnC,KAAK,2BAA2B,EAChC,KAAK,sBAAsB,EAE3B,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAE7B,KAAK,6BAA6B,EAClC,KAAK,2BAA2B,EAGhC,KAAK,2BAA2B,EAChC,KAAK,yBAAyB,EAC9B,KAAK,yBAAyB,EAE/B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAIL,KAAK,mBAAmB,EACzB,MAAM,2BAA2B,CAAC;AAInC,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,CAAC,WAAW,CAAC,EAAE,2BAA2B,GAAG,SAAS,CAAC;IAC/D,QAAQ,CAAC,cAAc,CAAC,EAAE,yBAAyB,GAAG,SAAS,CAAC;IAChE,QAAQ,CAAC,gBAAgB,CAAC,EAAE,2BAA2B,GAAG,SAAS,CAAC;IACpE,QAAQ,CAAC,MAAM,CAAC,EAAE,sBAAsB,GAAG,SAAS,CAAC;CACtD;AAED,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,CAAC,OAAO,CAAC,EAAE,wBAAwB,GAAG,SAAS,CAAC;IACxD,QAAQ,CAAC,QAAQ,CAAC,EAAE,yBAAyB,GAAG,SAAS,CAAC;CAC3D;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,cAAc,EAAE,yBAAyB,CAAC;IACnD,QAAQ,CAAC,gBAAgB,EAAE,mBAAmB,CAAC;IAC/C,QAAQ,CAAC,mBAAmB,EAAE,8BAA8B,CAAC;IAC7D,QAAQ,CAAC,WAAW,EAAE,6BAA6B,CAAC;IACpD,QAAQ,CAAC,0BAA0B,EAAE,SAAS,6BAA6B,EAAE,CAAC;IAC9E,QAAQ,CAAC,aAAa,EAAE,6BAA6B,CAAC;IACtD,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAIhC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAkOD;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,qBAAqB,GAAG,sBAAsB,CA+B9F;AAID,YAAY,EAAE,2BAA2B,EAAE,CAAC"}

package/dist/gitDelivery/actionSheetProjection.js

@@ -0,0 +1,206 @@
+// Pure projection: content-free kernel facts → UI-safe GitDeliveryActionSheet (Issue #473, Epic #470).
+//
+// This module is a PURE function of (resolvedInputs, worktreeSnapshot, trusted policy packs, approval
+// shape, provider state, providerReady). It runs the kernel preflight (keiko-tools) and the policy
+// evaluator (keiko-contracts), maps their content-free outputs into the action-sheet's typed
+// expected-blocker and recovery-hint vocabularies, and hands the assembled facts to the contract's
+// buildGitDeliveryActionSheet. No IO, no clock, no randomness, no request access — the caller (the
+// route handler) gathers the facts and supplies the actionId and trusted packs.
+//
+// AUTHORITY (AC1): the policy decision, approval necessity, and required approvers are derived ONLY
+// from evaluateGitPolicy over the server's TRUSTED packs. The approval payload is consumed for its
+// SHAPE alone (whether a granted approval is attached); it never asserts the policy decision.
+//
+// Content-free: every value produced here is a count, flag, branch name, or typed/closed-vocabulary
+// code. Never diff content, file paths, secrets, command strings, or raw subprocess output.
+import { buildGitDeliveryActionSheet, gitDeliverySuggestedRecoveryStrategy, evaluateGitPolicy, } from "@oscharko-dev/keiko-contracts";
+import { evaluateGitPreflight, } from "@oscharko-dev/keiko-tools";
+// Demotes an expired granted approval to "not attached" so the action-sheet projection never shows an
+// expired grant as satisfied/ready. The #472 execution kernel re-validates the token and expiry
+// independently before any mutation; this is the preview-time mirror of that check.
+function effectiveApproval(approval, nowMs) {
+    if (approval.required && approval.expiresAtMs !== undefined && approval.expiresAtMs <= nowMs) {
+        return { required: false };
+    }
+    return approval;
+}
+// ─── Target-branch derivation (for policy evaluation) ───────────────────────────────
+// The affected branch name the policy evaluator matches branch-pattern rules against. Mirrors the
+// contract's affectedBranchOf but is local so this module owns its own policy-context derivation.
+function targetBranchName(inputs) {
+    switch (inputs.kind) {
+        case "branch-create":
+            return inputs.branchName;
+        case "push":
+            return inputs.sourceBranchName;
+        case "pr-create":
+        case "pr-update":
+            return inputs.headBranchName;
+        default:
+            return undefined;
+    }
+}
+// ─── Expected-blocker mapping (AC2/AC3) ─────────────────────────────────────────────
+function preflightBlocker(finding) {
+    return {
+        source: "preflight",
+        severity: finding.severity,
+        remediation: finding.remediation,
+        reasonCode: finding.code,
+    };
+}
+function policyBlocker(decision) {
+    if (decision.outcome !== "blocked") {
+        return undefined;
+    }
+    return {
+        source: "policy",
+        severity: "blocking",
+        remediation: "user-actionable",
+        reasonCode: decision.reason,
+    };
+}
+const PROVIDER_BLOCKER_KINDS = [
+    "merge",
+    "pr-create",
+    "pr-update",
+];
+function providerBlocker(inputs, mergeReadiness) {
+    if (!PROVIDER_BLOCKER_KINDS.includes(inputs.kind)) {
+        return undefined;
+    }
+    if (mergeReadiness?.ready !== false || mergeReadiness.blockingReason === undefined) {
+        return undefined;
+    }
+    return {
+        source: "provider",
+        severity: "advisory",
+        remediation: "user-actionable",
+        reasonCode: mergeReadiness.blockingReason,
+    };
+}
+function collectExpectedBlockers(findings, decision, inputs, mergeReadiness) {
+    const blockers = findings.map(preflightBlocker);
+    const policy = policyBlocker(decision);
+    if (policy !== undefined) {
+        blockers.push(policy);
+    }
+    const provider = providerBlocker(inputs, mergeReadiness);
+    if (provider !== undefined) {
+        blockers.push(provider);
+    }
+    return blockers;
+}
+// ─── Recovery-hint mapping (AC4 — common failure classes, same surface) ─────────────
+// A deterministic, exhaustive table from each preflight finding code to a recovery action hint. The
+// "recover-via-strategy" hints are produced separately so they can carry a suggestedRecoveryStrategy.
+const STRATEGY_RECOVERY_CODES = new Set([
+    "dirty-worktree-impacts-recovery",
+    "recovery-target-unset",
+]);
+const FINDING_RECOVERY_HINT = {
+    "detached-head": "configure-upstream",
+    "branch-already-exists": "adjust-policy-target",
+    "base-branch-missing": "adjust-policy-target",
+    "switch-target-missing": "adjust-policy-target",
+    "no-changes-to-stage": "stage-changes",
+    "nothing-staged-to-unstage": "stage-changes",
+    "nothing-staged-to-commit": "stage-changes",
+    "untracked-files-impacted": "stage-changes",
+    "no-upstream-configured": "configure-upstream",
+    "nothing-to-push": "retry",
+    "non-fast-forward": "resolve-conflicts",
+    "remote-alias-missing": "configure-upstream",
+    "remote-unreachable": "retry",
+    "operation-in-progress": "abort-in-progress-operation",
+    "no-operation-to-abort": "retry",
+    "recovery-target-unset": "recover-via-strategy",
+    "dirty-worktree-impacts-recovery": "recover-via-strategy",
+};
+function worktreeIsDirty(snapshot) {
+    return (snapshot.stagedFileCount > 0 ||
+        snapshot.unstagedFileCount > 0 ||
+        snapshot.untrackedFileCount > 0);
+}
+function recoveryHintForFinding(finding, inputs, snapshot) {
+    if (STRATEGY_RECOVERY_CODES.has(finding.code)) {
+        return {
+            actionHint: "recover-via-strategy",
+            remediation: finding.remediation,
+            suggestedRecoveryStrategy: gitDeliverySuggestedRecoveryStrategy(inputs.kind, worktreeIsDirty(snapshot)),
+        };
+    }
+    return { actionHint: FINDING_RECOVERY_HINT[finding.code], remediation: finding.remediation };
+}
+function policyRecoveryHint(decision) {
+    if (decision.outcome === "approval-gated") {
+        return { actionHint: "request-approval", remediation: "user-actionable" };
+    }
+    if (decision.outcome === "blocked") {
+        const actionHint = decision.reason === "approval-expired" ? "request-approval" : "adjust-policy-target";
+        return { actionHint, remediation: "user-actionable" };
+    }
+    return undefined;
+}
+// De-duplicates recovery hints on a stable signature (action + strategy) so the same class of fix is
+// surfaced once even when several findings map to it. First occurrence wins (order-preserving).
+function dedupeRecoveryHints(hints) {
+    const seen = new Set();
+    const out = [];
+    for (const hint of hints) {
+        const signature = `${hint.actionHint}:${hint.suggestedRecoveryStrategy ?? ""}`;
+        if (!seen.has(signature)) {
+            seen.add(signature);
+            out.push(hint);
+        }
+    }
+    return out;
+}
+function buildRecoveryHints(findings, decision, inputs, snapshot, providerReady) {
+    const hints = findings.map((finding) => recoveryHintForFinding(finding, inputs, snapshot));
+    const policy = policyRecoveryHint(decision);
+    if (policy !== undefined) {
+        hints.push(policy);
+    }
+    if (!providerReady) {
+        hints.push({ actionHint: "wait-for-provider", remediation: "internal" });
+    }
+    return dedupeRecoveryHints(hints);
+}
+function definedProviderState(state) {
+    const out = {};
+    if (state.pullRequest !== undefined)
+        out.pullRequest = state.pullRequest;
+    if (state.mergeReadiness !== undefined)
+        out.mergeReadiness = state.mergeReadiness;
+    if (state.branchProtection !== undefined)
+        out.branchProtection = state.branchProtection;
+    if (state.checks !== undefined)
+        out.checks = state.checks;
+    return out;
+}
+/**
+ * The pure projection. Runs preflight + policy over the supplied content-free facts and assembles the
+ * UI-safe action sheet. Deterministic: identical facts always yield an identical sheet.
+ */
+export function buildActionSheetFromFacts(facts) {
+    const { resolvedInputs, worktreeSnapshot, providerState } = facts;
+    const preflight = evaluateGitPreflight(resolvedInputs, worktreeSnapshot);
+    const policyDecision = evaluateGitPolicy(facts.policyPacks.orgPack, facts.policyPacks.repoPack, {
+        actionKind: resolvedInputs.kind,
+        targetBranchName: targetBranchName(resolvedInputs),
+        activeProviderCapabilities: facts.activeProviderCapabilities,
+    });
+    const expectedBlockers = collectExpectedBlockers(preflight.findings, policyDecision, resolvedInputs, providerState.mergeReadiness);
+    const recovery = buildRecoveryHints(preflight.findings, policyDecision, resolvedInputs, worktreeSnapshot, facts.providerReady);
+    return buildGitDeliveryActionSheet({
+        actionId: facts.actionId,
+        resolvedInputs,
+        policyDecision,
+        approvalRequirement: effectiveApproval(facts.approvalRequirement, facts.nowMs),
+        providerReady: facts.providerReady,
+        expectedBlockers,
+        recovery,
+        ...definedProviderState(providerState),
+    });
+}

package/dist/gitDelivery/actionSheetRoutes.d.ts

@@ -0,0 +1,29 @@
+import { type GitDeliveryApprovalRequirement, type GitDeliveryProviderCapability, type GitDeliveryResolvedInputs } from "@oscharko-dev/keiko-contracts";
+import type { GitWorktreeSnapshot } from "@oscharko-dev/keiko-tools";
+import type { RouteContext, RouteDefinition, RouteResult } from "../routes.js";
+import type { UiHandlerDeps } from "../deps.js";
+import { type GitDeliveryProviderStateFacts, type GitDeliveryTrustedPolicyPacks } from "./actionSheetProjection.js";
+export type GitDeliveryActionSheetErrorCode = "GIT_DELIVERY_ACTION_SHEET_BAD_REQUEST" | "GIT_DELIVERY_ACTION_SHEET_PAYLOAD_TOO_LARGE" | "GIT_DELIVERY_ACTION_SHEET_FORBIDDEN_PAYLOAD";
+export interface GitDeliveryActionSheetErrorBody {
+    readonly error: {
+        readonly code: GitDeliveryActionSheetErrorCode;
+        readonly message: string;
+    };
+}
+interface ValidatedRequest {
+    readonly resolvedInputs: GitDeliveryResolvedInputs;
+    readonly worktreeSnapshot: GitWorktreeSnapshot;
+    readonly approvalRequirement: GitDeliveryApprovalRequirement;
+    readonly providerState: GitDeliveryProviderStateFacts;
+    readonly activeProviderCapabilities: readonly GitDeliveryProviderCapability[];
+}
+export interface GitDeliveryActionSheetRouteOptions {
+    readonly idGenerator?: (request: ValidatedRequest) => string;
+    readonly policyPacks?: (deps: UiHandlerDeps) => GitDeliveryTrustedPolicyPacks;
+    readonly now?: () => number;
+}
+export declare const createHandleGitDeliveryActionSheet: (options?: GitDeliveryActionSheetRouteOptions) => ((ctx: RouteContext, deps: UiHandlerDeps) => Promise<RouteResult>);
+export declare const handleGitDeliveryActionSheet: (ctx: RouteContext, deps: UiHandlerDeps) => Promise<RouteResult>;
+export declare const GIT_DELIVERY_ACTION_SHEET_ROUTE_GROUP: readonly RouteDefinition[];
+export {};
+//# sourceMappingURL=actionSheetRoutes.d.ts.map