@peers-app/peers-sdk 0.18.4 → 0.18.6

package/dist/data/index.d.ts

@@ -10,11 +10,12 @@ export * from "./group-members";
 export * from "./group-permissions";
 export * from "./group-share";
 export * from "./groups";
-export * from "./peer-types";
 export * from "./messages";
+export * from "./package-version-resolver";
 export * from "./package-versions";
 export * from "./packages";
 export * from "./packages.utils";
+export * from "./peer-types";
 export * from "./persistent-vars";
 export * from "./table-definitions-table";
 export * from "./tool-tests";

package/dist/data/index.js

@@ -26,11 +26,12 @@ __exportStar(require("./group-members"), exports);
 __exportStar(require("./group-permissions"), exports);
 __exportStar(require("./group-share"), exports);
 __exportStar(require("./groups"), exports);
-__exportStar(require("./peer-types"), exports);
 __exportStar(require("./messages"), exports);
+__exportStar(require("./package-version-resolver"), exports);
 __exportStar(require("./package-versions"), exports);
 __exportStar(require("./packages"), exports);
 __exportStar(require("./packages.utils"), exports);
+__exportStar(require("./peer-types"), exports);
 __exportStar(require("./persistent-vars"), exports);
 __exportStar(require("./table-definitions-table"), exports);
 __exportStar(require("./tool-tests"), exports);

package/dist/data/package-version-permissions.d.ts

@@ -1,3 +1,4 @@
+import { GroupMemberRole } from "./group-permissions";
 import type { IPackageVersion } from "./package-versions";
 /**
  * Verifies that a package version update signature is valid.
@@ -6,6 +7,8 @@ import type { IPackageVersion } from "./package-versions";
  * Beta and stable versions require Admin role.
  *
  * @param packageVersion The package version record to verify
+ * @param groupId The group context to check roles against
+ * @param signerRole Optional pre-resolved role (skips `getUserRoleFromPublicKey` lookup; useful in tests)
  * @throws Error if signature is invalid or unauthorized
  */
-export declare function verifyPackageVersionSignature(packageVersion: IPackageVersion, groupId: string): Promise<void>;
+export declare function verifyPackageVersionSignature(packageVersion: IPackageVersion, groupId: string, signerRole?: GroupMemberRole): Promise<void>;

package/dist/data/package-version-permissions.js

@@ -10,12 +10,16 @@ const group_permissions_1 = require("./group-permissions");
  * Beta and stable versions require Admin role.
  *
  * @param packageVersion The package version record to verify
+ * @param groupId The group context to check roles against
+ * @param signerRole Optional pre-resolved role (skips `getUserRoleFromPublicKey` lookup; useful in tests)
  * @throws Error if signature is invalid or unauthorized
  */
-async function verifyPackageVersionSignature(packageVersion, groupId) {
+async function verifyPackageVersionSignature(packageVersion, groupId, signerRole) {
     (0, keys_1.verifyObjectSignature)(packageVersion);
-    const signerPublicKey = (0, keys_1.getPublicKeyFromObjectSignature)(packageVersion) ?? "";
-    const signerRole = await (0, group_permissions_1.getUserRoleFromPublicKey)(groupId, signerPublicKey);
+    if (signerRole === undefined) {
+        const signerPublicKey = (0, keys_1.getPublicKeyFromObjectSignature)(packageVersion) ?? "";
+        signerRole = await (0, group_permissions_1.getUserRoleFromPublicKey)(groupId, signerPublicKey);
+    }
     const isDevVersion = packageVersion.versionTag === "dev";
     const requiredRole = isDevVersion ? group_permissions_1.GroupMemberRole.Writer : group_permissions_1.GroupMemberRole.Admin;
     if (signerRole < requiredRole) {

package/dist/data/package-version-permissions.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/data/package-version-permissions.test.js

@@ -0,0 +1,107 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const keys_1 = require("../keys");
+const utils_1 = require("../utils");
+const group_member_roles_1 = require("./group-member-roles");
+const package_version_permissions_1 = require("./package-version-permissions");
+describe("Package Version Permissions", () => {
+    const writerKeys = (0, keys_1.newKeys)();
+    const adminKeys = (0, keys_1.newKeys)();
+    function makePV(overrides = {}) {
+        return {
+            packageVersionId: (0, utils_1.newid)(),
+            packageId: (0, utils_1.newid)(),
+            version: "1.0.0",
+            versionTag: "dev",
+            packageVersionHash: "testhash",
+            packageBundleFileId: (0, utils_1.newid)(),
+            packageBundleFileHash: "bundlehash",
+            signature: "",
+            createdBy: (0, utils_1.newid)(),
+            createdAt: new Date().toISOString(),
+            ...overrides,
+        };
+    }
+    describe("dev versions", () => {
+        it("allows Writer to sign a dev version", async () => {
+            const pv = (0, keys_1.addSignatureToObject)(makePV({ versionTag: "dev" }), writerKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(pv, "test-group", group_member_roles_1.GroupMemberRole.Writer)).resolves.toBeUndefined();
+        });
+        it("allows Admin to sign a dev version", async () => {
+            const pv = (0, keys_1.addSignatureToObject)(makePV({ versionTag: "dev" }), adminKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(pv, "test-group", group_member_roles_1.GroupMemberRole.Admin)).resolves.toBeUndefined();
+        });
+        it("rejects Reader signing a dev version", async () => {
+            const pv = (0, keys_1.addSignatureToObject)(makePV({ versionTag: "dev" }), writerKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(pv, "test-group", group_member_roles_1.GroupMemberRole.Reader)).rejects.toThrow("Only group writers or above");
+        });
+    });
+    describe("beta versions", () => {
+        it("allows Admin to sign a beta version", async () => {
+            const pv = (0, keys_1.addSignatureToObject)(makePV({ versionTag: "beta" }), adminKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(pv, "test-group", group_member_roles_1.GroupMemberRole.Admin)).resolves.toBeUndefined();
+        });
+        it("allows Owner to sign a beta version", async () => {
+            const pv = (0, keys_1.addSignatureToObject)(makePV({ versionTag: "beta" }), adminKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(pv, "test-group", group_member_roles_1.GroupMemberRole.Owner)).resolves.toBeUndefined();
+        });
+        it("rejects Writer signing a beta version", async () => {
+            const pv = (0, keys_1.addSignatureToObject)(makePV({ versionTag: "beta" }), writerKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(pv, "test-group", group_member_roles_1.GroupMemberRole.Writer)).rejects.toThrow("Only group admins can create or update beta/stable");
+        });
+    });
+    describe("stable versions", () => {
+        it("allows Admin to sign a stable version", async () => {
+            const pv = (0, keys_1.addSignatureToObject)(makePV({ versionTag: "stable" }), adminKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(pv, "test-group", group_member_roles_1.GroupMemberRole.Admin)).resolves.toBeUndefined();
+        });
+        it("rejects Writer signing a stable version", async () => {
+            const pv = (0, keys_1.addSignatureToObject)(makePV({ versionTag: "stable" }), writerKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(pv, "test-group", group_member_roles_1.GroupMemberRole.Writer)).rejects.toThrow("Only group admins can create or update beta/stable");
+        });
+    });
+    describe("promotion scenarios (dev → beta → stable)", () => {
+        it("rejects Writer promoting dev to beta", async () => {
+            const devPV = makePV({ versionTag: "dev" });
+            const promoted = { ...devPV, versionTag: "beta" };
+            const signed = (0, keys_1.addSignatureToObject)(promoted, writerKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(signed, "test-group", group_member_roles_1.GroupMemberRole.Writer)).rejects.toThrow("Only group admins can create or update beta/stable");
+        });
+        it("rejects Writer promoting dev to stable", async () => {
+            const devPV = makePV({ versionTag: "dev" });
+            const promoted = { ...devPV, versionTag: "stable" };
+            const signed = (0, keys_1.addSignatureToObject)(promoted, writerKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(signed, "test-group", group_member_roles_1.GroupMemberRole.Writer)).rejects.toThrow("Only group admins can create or update beta/stable");
+        });
+        it("rejects Writer promoting beta to stable", async () => {
+            const betaPV = makePV({ versionTag: "beta" });
+            const promoted = { ...betaPV, versionTag: "stable" };
+            const signed = (0, keys_1.addSignatureToObject)(promoted, writerKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(signed, "test-group", group_member_roles_1.GroupMemberRole.Writer)).rejects.toThrow("Only group admins can create or update beta/stable");
+        });
+        it("allows Admin promoting dev to beta", async () => {
+            const devPV = makePV({ versionTag: "dev" });
+            const promoted = { ...devPV, versionTag: "beta" };
+            const signed = (0, keys_1.addSignatureToObject)(promoted, adminKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(signed, "test-group", group_member_roles_1.GroupMemberRole.Admin)).resolves.toBeUndefined();
+        });
+        it("allows Admin promoting beta to stable", async () => {
+            const betaPV = makePV({ versionTag: "beta" });
+            const promoted = { ...betaPV, versionTag: "stable" };
+            const signed = (0, keys_1.addSignatureToObject)(promoted, adminKeys.secretKey);
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(signed, "test-group", group_member_roles_1.GroupMemberRole.Admin)).resolves.toBeUndefined();
+        });
+    });
+    describe("signature tampering", () => {
+        it("rejects a tampered package version", async () => {
+            const pv = (0, keys_1.addSignatureToObject)(makePV({ versionTag: "dev" }), writerKeys.secretKey);
+            pv.version = "9.9.9";
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(pv, "test-group", group_member_roles_1.GroupMemberRole.Admin)).rejects.toThrow();
+        });
+        it("rejects a version with tag changed after signing", async () => {
+            const pv = (0, keys_1.addSignatureToObject)(makePV({ versionTag: "dev" }), writerKeys.secretKey);
+            pv.versionTag = "stable";
+            await expect((0, package_version_permissions_1.verifyPackageVersionSignature)(pv, "test-group", group_member_roles_1.GroupMemberRole.Admin)).rejects.toThrow();
+        });
+    });
+});

package/dist/data/package-version-resolver.d.ts

@@ -0,0 +1,92 @@
+/**
+ * Device-local package version resolver.
+ *
+ * Each device independently decides which package version to run based on a
+ * per-package `groupDeviceVar` containing the active PV ID and follow
+ * preferences. The shared `IPackage.activePackageVersionId` serves only as
+ * the group-level default for new devices.
+ */
+import type { DataContext } from "../context/data-context";
+import { type IPackageVersion } from "./package-versions";
+import type { IPackage } from "./packages";
+import { type PersistentVar } from "./persistent-vars";
+/**
+ * Device-local preferences for a single package. Stored in a `groupDeviceVar`
+ * keyed by `packagePrefs_${packageId}`. When undefined or empty, the device
+ * falls back to the shared `IPackage` fields (zero-migration backward compat).
+ */
+export interface IDevicePackagePrefs {
+    /** Which PV this device currently runs */
+    activePackageVersionId?: string;
+    /** If true, never auto-update this package */
+    pinned?: boolean;
+    /** Auto-update range: patch | minor | latest */
+    followRange?: "patch" | "minor" | "latest";
+    /** Tag policy: "stable" | "stable,beta" | "*" */
+    followTags?: string;
+}
+/**
+ * Reactive, cached observable holding device-local preferences for a single
+ * package. Backed by a `groupDeviceVar` so the UI can subscribe via
+ * `useObservable` and get automatic updates when prefs change (including
+ * cross-process DB writes and group context switches).
+ *
+ * DB record name: `packagePrefs_${packageId}_${dataContextId}` -- identical to
+ * the previous manual naming convention, so existing records load without
+ * migration.
+ *
+ * @param dataContext - Pinned data context for server-side callers. When
+ *   omitted the var tracks the user's default group context.
+ */
+export declare function packagePrefsVar(packageId: string, dataContext?: DataContext): PersistentVar<IDevicePackagePrefs>;
+/**
+ * Merge partial updates into device-local package preferences. Preserves
+ * existing fields that are not overridden.
+ *
+ * Guard: when the device is already pinned, callers cannot silently overwrite
+ * `activePackageVersionId`. Include `pinned` in the same update to signal
+ * intent (e.g. unpinning + activating in one step).
+ *
+ * @param dataContext - Pinned data context for server-side callers. When
+ *   omitted the var tracks the user's default group context.
+ */
+export declare function updatePackagePrefs(packageId: string, prefs: Partial<IDevicePackagePrefs>, dataContext?: DataContext): Promise<void>;
+/**
+ * Effective device-local preferences for a package after merging the device's
+ * raw prefs with the group-level `IPackage` defaults. Every field is resolved
+ * -- no `undefined` means "use the IPackage field" ambiguity remains.
+ */
+export interface IEffectivePackagePrefs {
+    activePackageVersionId: string | undefined;
+    isPinned: boolean;
+    followRange: "patch" | "minor" | "latest";
+    followTags: string | undefined;
+}
+/**
+ * Pure function: merge raw device prefs with the group-level `IPackage`
+ * defaults to produce fully-resolved effective preferences. Used by the
+ * resolver and by UI components that need to reflect device behavior.
+ */
+export declare function getEffectivePackagePrefs(pkg: IPackage, devicePrefs: IDevicePackagePrefs | undefined): IEffectivePackagePrefs;
+export interface IResolveResult {
+    /** Whether a package was successfully loaded */
+    loaded: boolean;
+    /** The PV that was resolved (may be the current one if no upgrade found) */
+    pv?: IPackageVersion;
+    /** Whether the active PV changed */
+    upgraded: boolean;
+}
+/**
+ * Core resolver: evaluates available package versions against the device's
+ * follow policy and loads the best one. Never auto-activates dev versions
+ * unless the device explicitly follows "dev".
+ *
+ * Callers:
+ * - `PackagesTrackedDataSource.applyChanges` (on sync)
+ * - `PackageLoader.loadAllPackages` (startup)
+ * - `package-installer.ts` (after saving new bundles)
+ */
+export declare function resolveDevicePackageVersion(pkg: IPackage, dataContext: DataContext, opts?: {
+    force?: boolean;
+    localPath?: string;
+}): Promise<IResolveResult>;

package/dist/data/package-version-resolver.js

@@ -0,0 +1,208 @@
+"use strict";
+/**
+ * Device-local package version resolver.
+ *
+ * Each device independently decides which package version to run based on a
+ * per-package `groupDeviceVar` containing the active PV ID and follow
+ * preferences. The shared `IPackage.activePackageVersionId` serves only as
+ * the group-level default for new devices.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.packagePrefsVar = packagePrefsVar;
+exports.updatePackagePrefs = updatePackagePrefs;
+exports.getEffectivePackagePrefs = getEffectivePackagePrefs;
+exports.resolveDevicePackageVersion = resolveDevicePackageVersion;
+const user_context_singleton_1 = require("../context/user-context-singleton");
+const assistants_1 = require("./assistants");
+const package_versions_1 = require("./package-versions");
+const persistent_vars_1 = require("./persistent-vars");
+const workflows_1 = require("./workflows");
+/**
+ * Reactive, cached observable holding device-local preferences for a single
+ * package. Backed by a `groupDeviceVar` so the UI can subscribe via
+ * `useObservable` and get automatic updates when prefs change (including
+ * cross-process DB writes and group context switches).
+ *
+ * DB record name: `packagePrefs_${packageId}_${dataContextId}` -- identical to
+ * the previous manual naming convention, so existing records load without
+ * migration.
+ *
+ * @param dataContext - Pinned data context for server-side callers. When
+ *   omitted the var tracks the user's default group context.
+ */
+function packagePrefsVar(packageId, dataContext) {
+    return (0, persistent_vars_1.groupDeviceVar)(`packagePrefs_${packageId}`, {
+        defaultValue: {},
+        dataContext,
+    });
+}
+/**
+ * Merge partial updates into device-local package preferences. Preserves
+ * existing fields that are not overridden.
+ *
+ * Guard: when the device is already pinned, callers cannot silently overwrite
+ * `activePackageVersionId`. Include `pinned` in the same update to signal
+ * intent (e.g. unpinning + activating in one step).
+ *
+ * @param dataContext - Pinned data context for server-side callers. When
+ *   omitted the var tracks the user's default group context.
+ */
+async function updatePackagePrefs(packageId, prefs, dataContext) {
+    const pvar = packagePrefsVar(packageId, dataContext);
+    await pvar.loadingPromise;
+    const existing = pvar() ?? {};
+    let effectivePrefs = prefs;
+    if (existing.pinned && !("pinned" in prefs) && "activePackageVersionId" in prefs) {
+        const { activePackageVersionId: _, ...rest } = prefs;
+        effectivePrefs = rest;
+    }
+    pvar({ ...existing, ...effectivePrefs });
+}
+/**
+ * Pure function: merge raw device prefs with the group-level `IPackage`
+ * defaults to produce fully-resolved effective preferences. Used by the
+ * resolver and by UI components that need to reflect device behavior.
+ */
+function getEffectivePackagePrefs(pkg, devicePrefs) {
+    const hasDevicePrefs = devicePrefs != null && Object.keys(devicePrefs).length > 0;
+    return {
+        activePackageVersionId: devicePrefs?.activePackageVersionId ?? pkg.activePackageVersionId,
+        isPinned: !!devicePrefs?.pinned || (!hasDevicePrefs && pkg.versionFollowRange === "pinned"),
+        followRange: devicePrefs?.followRange ?? rangeFromPkg(pkg),
+        followTags: devicePrefs?.followTags ?? pkg.followVersionTags,
+    };
+}
+/**
+ * Core resolver: evaluates available package versions against the device's
+ * follow policy and loads the best one. Never auto-activates dev versions
+ * unless the device explicitly follows "dev".
+ *
+ * Callers:
+ * - `PackagesTrackedDataSource.applyChanges` (on sync)
+ * - `PackageLoader.loadAllPackages` (startup)
+ * - `package-installer.ts` (after saving new bundles)
+ */
+async function resolveDevicePackageVersion(pkg, dataContext, opts) {
+    const pvar = packagePrefsVar(pkg.packageId, dataContext);
+    await pvar.loadingPromise;
+    // Migrate legacy per-group deviceVersionTag pvar into per-package followTags.
+    // The old system stored a single tag preference per group; the new system is
+    // per-package.  We copy the value on first resolution so future calls skip
+    // this path (the legacy pvar stays around harmlessly for other packages that
+    // haven't resolved yet).
+    let rawPrefs = pvar() ?? {};
+    if (!rawPrefs.followTags) {
+        const legacyVarName = `deviceVersionTag_${dataContext.dataContextId}`;
+        const userCtx = await (0, user_context_singleton_1.getUserContext)();
+        const legacyRec = await (0, persistent_vars_1.PersistentVars)(userCtx.userDataContext).findOne({
+            name: legacyVarName,
+        });
+        const legacyTag = legacyRec?.value?.value;
+        if (legacyTag) {
+            await updatePackagePrefs(pkg.packageId, { followTags: legacyTag }, dataContext);
+            rawPrefs = pvar() ?? {};
+        }
+    }
+    const { activePackageVersionId: effectiveActivePvId, isPinned, followRange, followTags, } = getEffectivePackagePrefs(pkg, rawPrefs);
+    if (!effectiveActivePvId) {
+        return { loaded: false, upgraded: false };
+    }
+    // If the device (or the group-level default) has pinned this package, just load
+    // the current version — never auto-upgrade.
+    if (isPinned) {
+        const pv = await (0, package_versions_1.PackageVersions)(dataContext)
+            .get(effectiveActivePvId)
+            .catch(() => undefined);
+        if (!pv)
+            return { loaded: false, pv: undefined, upgraded: false };
+        const instance = await dataContext.packageLoader.loadPackage(pkg, {
+            force: opts?.force,
+            localPath: opts?.localPath,
+            packageVersionId: effectiveActivePvId,
+        });
+        return { loaded: !!instance, pv, upgraded: false };
+    }
+    // Load the currently active PV for comparison
+    let activePv;
+    if (effectiveActivePvId) {
+        activePv = await (0, package_versions_1.PackageVersions)(dataContext)
+            .get(effectiveActivePvId)
+            .catch(() => undefined);
+    }
+    // Evaluate all available PVs to find the best one
+    const allVersions = await (0, package_versions_1.PackageVersions)(dataContext).list({ packageId: pkg.packageId });
+    let bestPv = activePv;
+    for (const candidate of allVersions) {
+        if (candidate.packageVersionId === effectiveActivePvId)
+            continue;
+        const tagOk = (0, package_versions_1.doesTagMatch)(activePv?.versionTag, candidate.versionTag, followTags, undefined);
+        if (!tagOk)
+            continue;
+        const activeVersion = bestPv?.version ?? "0.0.0";
+        const inRange = (0, package_versions_1.isVersionInRange)(activeVersion, candidate.version, followRange);
+        if (!inRange)
+            continue;
+        const newer = (0, package_versions_1.isNewerVersion)(activeVersion, candidate.version);
+        if (!newer)
+            continue;
+        bestPv = candidate;
+    }
+    // If the best candidate is the same as what we already have, just load it
+    if (!bestPv || bestPv.packageVersionId === effectiveActivePvId) {
+        if (activePv) {
+            const instance = await dataContext.packageLoader.loadPackage(pkg, {
+                force: opts?.force,
+                localPath: opts?.localPath,
+                packageVersionId: effectiveActivePvId,
+            });
+            return { loaded: !!instance, pv: activePv, upgraded: false };
+        }
+        return { loaded: false, upgraded: false };
+    }
+    // A better PV was found - attempt to load it (getFileContents will
+    // auto-download missing chunks from peers)
+    const instance = await dataContext.packageLoader.loadPackage(pkg, {
+        force: true,
+        localPath: opts?.localPath,
+        packageVersionId: bestPv.packageVersionId,
+    });
+    if (!instance) {
+        // Bundle unavailable even after download attempt - keep current version
+        if (activePv) {
+            const fallbackInstance = await dataContext.packageLoader.loadPackage(pkg, {
+                force: opts?.force,
+                localPath: opts?.localPath,
+                packageVersionId: effectiveActivePvId,
+            });
+            return { loaded: !!fallbackInstance, pv: activePv, upgraded: false };
+        }
+        return { loaded: false, upgraded: false };
+    }
+    // Load succeeded - install assistants/workflows, then update device prefs
+    await installPackageContents(dataContext, pkg, instance);
+    await updatePackagePrefs(pkg.packageId, { activePackageVersionId: bestPv.packageVersionId }, dataContext);
+    return { loaded: true, pv: bestPv, upgraded: true };
+}
+/**
+ * Save a loaded package's assistants and workflows into the data context.
+ * Contract-installed packages are skipped because their content is already
+ * managed by the contract loader.
+ */
+async function installPackageContents(dataContext, pkg, instance) {
+    if (dataContext.packageLoader.isContractInstalled(pkg.packageId))
+        return;
+    const saves = [
+        ...(instance.assistants?.map((a) => (0, assistants_1.Assistants)(dataContext).save(a)) ?? []),
+        ...(instance.workflows?.map((w) => (0, workflows_1.Workflows)(dataContext).save(w)) ?? []),
+    ];
+    await Promise.all(saves);
+}
+/** Convert `IPackage.versionFollowRange` to the resolver's range type. */
+function rangeFromPkg(pkg) {
+    const r = pkg.versionFollowRange;
+    if (r === "pinned")
+        return "latest"; // unreachable — isPinned check returns early
+    if (r === "patch" || r === "minor")
+        return r;
+    return "latest";
+}

package/dist/data/package-version-resolver.test.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Regression tests for device-local package version resolution.
+ *
+ * Several cases document known gaps from the device-local package versions review.
+ * They are expected to fail until the resolver honors group-level pinned, legacy
+ * deviceVersionTag, and pinned devices are not overridden before resolve.
+ */
+export {};