@qmilab/lodestar-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/LICENSE +216 -0
  2. package/README.md +87 -0
  3. package/dist/index.d.ts +23 -0
  4. package/dist/index.d.ts.map +1 -0
  5. package/dist/index.js +28 -0
  6. package/dist/index.js.map +1 -0
  7. package/dist/registry.d.ts +20 -0
  8. package/dist/registry.d.ts.map +1 -0
  9. package/dist/registry.js +57 -0
  10. package/dist/registry.js.map +1 -0
  11. package/dist/schemas/action.d.ts +378 -0
  12. package/dist/schemas/action.d.ts.map +1 -0
  13. package/dist/schemas/action.js +122 -0
  14. package/dist/schemas/action.js.map +1 -0
  15. package/dist/schemas/actor.d.ts +87 -0
  16. package/dist/schemas/actor.d.ts.map +1 -0
  17. package/dist/schemas/actor.js +48 -0
  18. package/dist/schemas/actor.js.map +1 -0
  19. package/dist/schemas/belief.d.ts +141 -0
  20. package/dist/schemas/belief.d.ts.map +1 -0
  21. package/dist/schemas/belief.js +107 -0
  22. package/dist/schemas/belief.js.map +1 -0
  23. package/dist/schemas/claim.d.ts +234 -0
  24. package/dist/schemas/claim.d.ts.map +1 -0
  25. package/dist/schemas/claim.js +88 -0
  26. package/dist/schemas/claim.js.map +1 -0
  27. package/dist/schemas/common.d.ts +73 -0
  28. package/dist/schemas/common.d.ts.map +1 -0
  29. package/dist/schemas/common.js +45 -0
  30. package/dist/schemas/common.js.map +1 -0
  31. package/dist/schemas/decision.d.ts +102 -0
  32. package/dist/schemas/decision.d.ts.map +1 -0
  33. package/dist/schemas/decision.js +37 -0
  34. package/dist/schemas/decision.js.map +1 -0
  35. package/dist/schemas/event.d.ts +171 -0
  36. package/dist/schemas/event.d.ts.map +1 -0
  37. package/dist/schemas/event.js +55 -0
  38. package/dist/schemas/event.js.map +1 -0
  39. package/dist/schemas/observation.d.ts +88 -0
  40. package/dist/schemas/observation.d.ts.map +1 -0
  41. package/dist/schemas/observation.js +39 -0
  42. package/dist/schemas/observation.js.map +1 -0
  43. package/dist/schemas/revision.d.ts +120 -0
  44. package/dist/schemas/revision.d.ts.map +1 -0
  45. package/dist/schemas/revision.js +72 -0
  46. package/dist/schemas/revision.js.map +1 -0
  47. package/package.json +54 -0
package/dist/schemas/action.d.ts ADDED
@@ -0,0 +1,378 @@
1
+ import { z } from "zod";
2
+ export declare const TrustLevelSchema: z.ZodNumber;
3
+ export type TrustLevel = z.infer<typeof TrustLevelSchema>;
4
+ export declare const BlastRadiusSchema: z.ZodEnum<["self", "session", "project", "external"]>;
5
+ export type BlastRadius = z.infer<typeof BlastRadiusSchema>;
6
+ export declare const ReversibilitySchema: z.ZodEnum<["reversible", "compensable", "irreversible"]>;
7
+ export type Reversibility = z.infer<typeof ReversibilitySchema>;
8
+ export declare const DataSensitivityForActionSchema: z.ZodEnum<["public", "private", "secret"]>;
9
+ export type DataSensitivityForAction = z.infer<typeof DataSensitivityForActionSchema>;
10
+ /**
11
+ * A precondition that must hold for an action to execute safely.
12
+ *
13
+ * Two-phase execution: preconditions are recorded at proposal time
14
+ * (`expected_at_approval`) and re-checked at execution time
15
+ * (`must_revalidate_at_execution`). If the world has changed between
16
+ * approval and execution, the kernel re-arbitrates or rejects.
17
+ *
18
+ * This closes the TOCTOU gap that pure approval-then-execute leaves open.
19
+ */
20
+ export declare const ActionPreconditionSchema: z.ZodObject<{
21
+ check_id: z.ZodString;
22
+ parameters: z.ZodUnknown;
23
+ expected_at_approval: z.ZodUnknown;
24
+ must_revalidate_at_execution: z.ZodBoolean;
25
+ }, "strip", z.ZodTypeAny, {
26
+ check_id: string;
27
+ must_revalidate_at_execution: boolean;
28
+ parameters?: unknown;
29
+ expected_at_approval?: unknown;
30
+ }, {
31
+ check_id: string;
32
+ must_revalidate_at_execution: boolean;
33
+ parameters?: unknown;
34
+ expected_at_approval?: unknown;
35
+ }>;
36
+ export type ActionPrecondition = z.infer<typeof ActionPreconditionSchema>;
37
+ /**
38
+ * The contract that gates an action through the policy kernel.
39
+ *
40
+ * In v0, anything with network effect, credential use, publication,
41
+ * deploy, push, PR creation, or signing defaults to L4.
42
+ */
43
+ export declare const ActionContractSchema: z.ZodObject<{
44
+ required_level: z.ZodNumber;
45
+ blast_radius: z.ZodEnum<["self", "session", "project", "external"]>;
46
+ reversibility: z.ZodEnum<["reversible", "compensable", "irreversible"]>;
47
+ scope: z.ZodObject<{
48
+ level: z.ZodEnum<["global", "organization", "user", "project", "repo", "session"]>;
49
+ identifier: z.ZodString;
50
+ }, "strip", z.ZodTypeAny, {
51
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
52
+ identifier: string;
53
+ }, {
54
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
55
+ identifier: string;
56
+ }>;
57
+ data_sensitivity: z.ZodEnum<["public", "private", "secret"]>;
58
+ preconditions: z.ZodArray<z.ZodObject<{
59
+ check_id: z.ZodString;
60
+ parameters: z.ZodUnknown;
61
+ expected_at_approval: z.ZodUnknown;
62
+ must_revalidate_at_execution: z.ZodBoolean;
63
+ }, "strip", z.ZodTypeAny, {
64
+ check_id: string;
65
+ must_revalidate_at_execution: boolean;
66
+ parameters?: unknown;
67
+ expected_at_approval?: unknown;
68
+ }, {
69
+ check_id: string;
70
+ must_revalidate_at_execution: boolean;
71
+ parameters?: unknown;
72
+ expected_at_approval?: unknown;
73
+ }>, "many">;
74
+ }, "strip", z.ZodTypeAny, {
75
+ scope: {
76
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
77
+ identifier: string;
78
+ };
79
+ required_level: number;
80
+ blast_radius: "project" | "session" | "external" | "self";
81
+ reversibility: "reversible" | "compensable" | "irreversible";
82
+ data_sensitivity: "public" | "secret" | "private";
83
+ preconditions: {
84
+ check_id: string;
85
+ must_revalidate_at_execution: boolean;
86
+ parameters?: unknown;
87
+ expected_at_approval?: unknown;
88
+ }[];
89
+ }, {
90
+ scope: {
91
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
92
+ identifier: string;
93
+ };
94
+ required_level: number;
95
+ blast_radius: "project" | "session" | "external" | "self";
96
+ reversibility: "reversible" | "compensable" | "irreversible";
97
+ data_sensitivity: "public" | "secret" | "private";
98
+ preconditions: {
99
+ check_id: string;
100
+ must_revalidate_at_execution: boolean;
101
+ parameters?: unknown;
102
+ expected_at_approval?: unknown;
103
+ }[];
104
+ }>;
105
+ export type ActionContract = z.infer<typeof ActionContractSchema>;
106
+ /**
107
+ * Phases an action passes through.
108
+ */
109
+ export declare const ActionPhaseSchema: z.ZodEnum<["proposed", "arbitrating", "approved", "rejected", "executing", "completed", "failed", "halted"]>;
110
+ export type ActionPhase = z.infer<typeof ActionPhaseSchema>;
111
+ /**
112
+ * Approval event from a human or policy reviewer.
113
+ */
114
+ export declare const ApprovalEventSchema: z.ZodObject<{
115
+ approver_id: z.ZodString;
116
+ approved: z.ZodBoolean;
117
+ reason: z.ZodOptional<z.ZodString>;
118
+ at: z.ZodString;
119
+ }, "strip", z.ZodTypeAny, {
120
+ at: string;
121
+ approved: boolean;
122
+ approver_id: string;
123
+ reason?: string | undefined;
124
+ }, {
125
+ at: string;
126
+ approved: boolean;
127
+ approver_id: string;
128
+ reason?: string | undefined;
129
+ }>;
130
+ export type ApprovalEvent = z.infer<typeof ApprovalEventSchema>;
131
+ /**
132
+ * Audit trail entry for an action.
133
+ */
134
+ export declare const AuditEventSchema: z.ZodObject<{
135
+ phase: z.ZodEnum<["proposed", "arbitrating", "approved", "rejected", "executing", "completed", "failed", "halted"]>;
136
+ by_actor_id: z.ZodString;
137
+ at: z.ZodString;
138
+ detail: z.ZodOptional<z.ZodString>;
139
+ }, "strip", z.ZodTypeAny, {
140
+ at: string;
141
+ by_actor_id: string;
142
+ phase: "rejected" | "proposed" | "arbitrating" | "approved" | "executing" | "completed" | "failed" | "halted";
143
+ detail?: string | undefined;
144
+ }, {
145
+ at: string;
146
+ by_actor_id: string;
147
+ phase: "rejected" | "proposed" | "arbitrating" | "approved" | "executing" | "completed" | "failed" | "halted";
148
+ detail?: string | undefined;
149
+ }>;
150
+ export type AuditEvent = z.infer<typeof AuditEventSchema>;
151
+ /**
152
+ * A proposed or executed side-effectful operation.
153
+ *
154
+ * Actions are the seventh link in the epistemic chain.
155
+ * The phase field tracks the action through propose → arbitrate
156
+ * → approved/rejected → executing → completed/failed/halted.
157
+ *
158
+ * Every Action carries an ActionContract. The Policy Kernel evaluates
159
+ * the contract against current trust assignments and approval requirements
160
+ * before phase advances past `arbitrating`.
161
+ */
162
+ export declare const ActionSchema: z.ZodObject<{
163
+ id: z.ZodString;
164
+ decision_id: z.ZodOptional<z.ZodString>;
165
+ intent: z.ZodString;
166
+ tool: z.ZodString;
167
+ inputs: z.ZodUnknown;
168
+ contract: z.ZodObject<{
169
+ required_level: z.ZodNumber;
170
+ blast_radius: z.ZodEnum<["self", "session", "project", "external"]>;
171
+ reversibility: z.ZodEnum<["reversible", "compensable", "irreversible"]>;
172
+ scope: z.ZodObject<{
173
+ level: z.ZodEnum<["global", "organization", "user", "project", "repo", "session"]>;
174
+ identifier: z.ZodString;
175
+ }, "strip", z.ZodTypeAny, {
176
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
177
+ identifier: string;
178
+ }, {
179
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
180
+ identifier: string;
181
+ }>;
182
+ data_sensitivity: z.ZodEnum<["public", "private", "secret"]>;
183
+ preconditions: z.ZodArray<z.ZodObject<{
184
+ check_id: z.ZodString;
185
+ parameters: z.ZodUnknown;
186
+ expected_at_approval: z.ZodUnknown;
187
+ must_revalidate_at_execution: z.ZodBoolean;
188
+ }, "strip", z.ZodTypeAny, {
189
+ check_id: string;
190
+ must_revalidate_at_execution: boolean;
191
+ parameters?: unknown;
192
+ expected_at_approval?: unknown;
193
+ }, {
194
+ check_id: string;
195
+ must_revalidate_at_execution: boolean;
196
+ parameters?: unknown;
197
+ expected_at_approval?: unknown;
198
+ }>, "many">;
199
+ }, "strip", z.ZodTypeAny, {
200
+ scope: {
201
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
202
+ identifier: string;
203
+ };
204
+ required_level: number;
205
+ blast_radius: "project" | "session" | "external" | "self";
206
+ reversibility: "reversible" | "compensable" | "irreversible";
207
+ data_sensitivity: "public" | "secret" | "private";
208
+ preconditions: {
209
+ check_id: string;
210
+ must_revalidate_at_execution: boolean;
211
+ parameters?: unknown;
212
+ expected_at_approval?: unknown;
213
+ }[];
214
+ }, {
215
+ scope: {
216
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
217
+ identifier: string;
218
+ };
219
+ required_level: number;
220
+ blast_radius: "project" | "session" | "external" | "self";
221
+ reversibility: "reversible" | "compensable" | "irreversible";
222
+ data_sensitivity: "public" | "secret" | "private";
223
+ preconditions: {
224
+ check_id: string;
225
+ must_revalidate_at_execution: boolean;
226
+ parameters?: unknown;
227
+ expected_at_approval?: unknown;
228
+ }[];
229
+ }>;
230
+ phase: z.ZodEnum<["proposed", "arbitrating", "approved", "rejected", "executing", "completed", "failed", "halted"]>;
231
+ approval: z.ZodOptional<z.ZodObject<{
232
+ approver_id: z.ZodString;
233
+ approved: z.ZodBoolean;
234
+ reason: z.ZodOptional<z.ZodString>;
235
+ at: z.ZodString;
236
+ }, "strip", z.ZodTypeAny, {
237
+ at: string;
238
+ approved: boolean;
239
+ approver_id: string;
240
+ reason?: string | undefined;
241
+ }, {
242
+ at: string;
243
+ approved: boolean;
244
+ approver_id: string;
245
+ reason?: string | undefined;
246
+ }>>;
247
+ audit: z.ZodArray<z.ZodObject<{
248
+ phase: z.ZodEnum<["proposed", "arbitrating", "approved", "rejected", "executing", "completed", "failed", "halted"]>;
249
+ by_actor_id: z.ZodString;
250
+ at: z.ZodString;
251
+ detail: z.ZodOptional<z.ZodString>;
252
+ }, "strip", z.ZodTypeAny, {
253
+ at: string;
254
+ by_actor_id: string;
255
+ phase: "rejected" | "proposed" | "arbitrating" | "approved" | "executing" | "completed" | "failed" | "halted";
256
+ detail?: string | undefined;
257
+ }, {
258
+ at: string;
259
+ by_actor_id: string;
260
+ phase: "rejected" | "proposed" | "arbitrating" | "approved" | "executing" | "completed" | "failed" | "halted";
261
+ detail?: string | undefined;
262
+ }>, "many">;
263
+ outcome_id: z.ZodOptional<z.ZodString>;
264
+ proposed_at: z.ZodString;
265
+ proposed_by: z.ZodString;
266
+ }, "strip", z.ZodTypeAny, {
267
+ id: string;
268
+ tool: string;
269
+ phase: "rejected" | "proposed" | "arbitrating" | "approved" | "executing" | "completed" | "failed" | "halted";
270
+ intent: string;
271
+ contract: {
272
+ scope: {
273
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
274
+ identifier: string;
275
+ };
276
+ required_level: number;
277
+ blast_radius: "project" | "session" | "external" | "self";
278
+ reversibility: "reversible" | "compensable" | "irreversible";
279
+ data_sensitivity: "public" | "secret" | "private";
280
+ preconditions: {
281
+ check_id: string;
282
+ must_revalidate_at_execution: boolean;
283
+ parameters?: unknown;
284
+ expected_at_approval?: unknown;
285
+ }[];
286
+ };
287
+ audit: {
288
+ at: string;
289
+ by_actor_id: string;
290
+ phase: "rejected" | "proposed" | "arbitrating" | "approved" | "executing" | "completed" | "failed" | "halted";
291
+ detail?: string | undefined;
292
+ }[];
293
+ proposed_at: string;
294
+ proposed_by: string;
295
+ outcome_id?: string | undefined;
296
+ decision_id?: string | undefined;
297
+ inputs?: unknown;
298
+ approval?: {
299
+ at: string;
300
+ approved: boolean;
301
+ approver_id: string;
302
+ reason?: string | undefined;
303
+ } | undefined;
304
+ }, {
305
+ id: string;
306
+ tool: string;
307
+ phase: "rejected" | "proposed" | "arbitrating" | "approved" | "executing" | "completed" | "failed" | "halted";
308
+ intent: string;
309
+ contract: {
310
+ scope: {
311
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
312
+ identifier: string;
313
+ };
314
+ required_level: number;
315
+ blast_radius: "project" | "session" | "external" | "self";
316
+ reversibility: "reversible" | "compensable" | "irreversible";
317
+ data_sensitivity: "public" | "secret" | "private";
318
+ preconditions: {
319
+ check_id: string;
320
+ must_revalidate_at_execution: boolean;
321
+ parameters?: unknown;
322
+ expected_at_approval?: unknown;
323
+ }[];
324
+ };
325
+ audit: {
326
+ at: string;
327
+ by_actor_id: string;
328
+ phase: "rejected" | "proposed" | "arbitrating" | "approved" | "executing" | "completed" | "failed" | "halted";
329
+ detail?: string | undefined;
330
+ }[];
331
+ proposed_at: string;
332
+ proposed_by: string;
333
+ outcome_id?: string | undefined;
334
+ decision_id?: string | undefined;
335
+ inputs?: unknown;
336
+ approval?: {
337
+ at: string;
338
+ approved: boolean;
339
+ approver_id: string;
340
+ reason?: string | undefined;
341
+ } | undefined;
342
+ }>;
343
+ export type Action = z.infer<typeof ActionSchema>;
344
+ export declare const OutcomeResultSchema: z.ZodEnum<["success", "failure", "partial", "unknown"]>;
345
+ export type OutcomeResult = z.infer<typeof OutcomeResultSchema>;
346
+ /**
347
+ * What happened when an action executed.
348
+ *
349
+ * Outcomes generate new observations that re-enter the cognitive core.
350
+ * Calibrators consume outcomes to update per-class confidence calibration.
351
+ */
352
+ export declare const OutcomeSchema: z.ZodObject<{
353
+ id: z.ZodString;
354
+ action_id: z.ZodString;
355
+ result: z.ZodEnum<["success", "failure", "partial", "unknown"]>;
356
+ effect_observation_ids: z.ZodArray<z.ZodString, "many">;
357
+ side_effects_observed: z.ZodArray<z.ZodString, "many">;
358
+ duration_ms: z.ZodNumber;
359
+ observed_at: z.ZodString;
360
+ }, "strip", z.ZodTypeAny, {
361
+ id: string;
362
+ observed_at: string;
363
+ action_id: string;
364
+ result: "unknown" | "success" | "failure" | "partial";
365
+ effect_observation_ids: string[];
366
+ side_effects_observed: string[];
367
+ duration_ms: number;
368
+ }, {
369
+ id: string;
370
+ observed_at: string;
371
+ action_id: string;
372
+ result: "unknown" | "success" | "failure" | "partial";
373
+ effect_observation_ids: string[];
374
+ side_effects_observed: string[];
375
+ duration_ms: number;
376
+ }>;
377
+ export type Outcome = z.infer<typeof OutcomeSchema>;
378
+ //# sourceMappingURL=action.d.ts.map
package/dist/schemas/action.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../src/schemas/action.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAcvB,eAAO,MAAM,gBAAgB,aAAiC,CAAA;AAC9D,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA;AAEzD,eAAO,MAAM,iBAAiB,uDAAqD,CAAA;AACnF,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAA;AAE3D,eAAO,MAAM,mBAAmB,0DAAwD,CAAA;AACxF,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAE/D,eAAO,MAAM,8BAA8B,4CAA0C,CAAA;AACrF,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAA;AAErF;;;;;;;;;GASG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;EAKnC,CAAA;AACF,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAA;AAEzE;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAO/B,CAAA;AACF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA;AAEjE;;GAEG;AACH,eAAO,MAAM,iBAAiB,8GAS5B,CAAA;AACF,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAA;AAE3D;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;EAK9B,CAAA;AACF,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAE/D;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;EAK3B,CAAA;AACF,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA;AAEzD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAavB,CAAA;AACF,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAA;AAMjD,eAAO,MAAM,mBAAmB,yDAAuD,CAAA;AACvF,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAE/D;;;;;GAKG;AACH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;EAQxB,CAAA;AACF,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAA"}
package/dist/schemas/action.js ADDED
@@ -0,0 +1,122 @@
1
+ import { z } from "zod";
2
+ import { ResourceScopeSchema, TimestampSchema } from "./common";
3
+ // -----------------------------------------------------------------------------
4
+ // Trust ladder
5
+ //
6
+ // L0: observe only — read state; never write or execute
7
+ // L1: suggest only — produce proposals; nothing reaches the world
8
+ // L2: isolated artifact — generate in tempfs; no effect on project state
9
+ // L3: local reversible — modify project state with notification
10
+ // L4: external/shared — requires approval (network, credentials, deploy, push)
11
+ // L5: prohibited — cannot run in this context, ever
12
+ // -----------------------------------------------------------------------------
13
+ export const TrustLevelSchema = z.number().int().min(0).max(5);
14
+ export const BlastRadiusSchema = z.enum(["self", "session", "project", "external"]);
15
+ export const ReversibilitySchema = z.enum(["reversible", "compensable", "irreversible"]);
16
+ export const DataSensitivityForActionSchema = z.enum(["public", "private", "secret"]);
17
+ /**
18
+ * A precondition that must hold for an action to execute safely.
19
+ *
20
+ * Two-phase execution: preconditions are recorded at proposal time
21
+ * (`expected_at_approval`) and re-checked at execution time
22
+ * (`must_revalidate_at_execution`). If the world has changed between
23
+ * approval and execution, the kernel re-arbitrates or rejects.
24
+ *
25
+ * This closes the TOCTOU gap that pure approval-then-execute leaves open.
26
+ */
27
+ export const ActionPreconditionSchema = z.object({
28
+ check_id: z.string().describe("e.g. 'git.head_unchanged'"),
29
+ parameters: z.unknown(),
30
+ expected_at_approval: z.unknown(),
31
+ must_revalidate_at_execution: z.boolean(),
32
+ });
33
+ /**
34
+ * The contract that gates an action through the policy kernel.
35
+ *
36
+ * In v0, anything with network effect, credential use, publication,
37
+ * deploy, push, PR creation, or signing defaults to L4.
38
+ */
39
+ export const ActionContractSchema = z.object({
40
+ required_level: TrustLevelSchema,
41
+ blast_radius: BlastRadiusSchema,
42
+ reversibility: ReversibilitySchema,
43
+ scope: ResourceScopeSchema,
44
+ data_sensitivity: DataSensitivityForActionSchema,
45
+ preconditions: z.array(ActionPreconditionSchema),
46
+ });
47
+ /**
48
+ * Phases an action passes through.
49
+ */
50
+ export const ActionPhaseSchema = z.enum([
51
+ "proposed",
52
+ "arbitrating",
53
+ "approved",
54
+ "rejected",
55
+ "executing",
56
+ "completed",
57
+ "failed",
58
+ "halted",
59
+ ]);
60
+ /**
61
+ * Approval event from a human or policy reviewer.
62
+ */
63
+ export const ApprovalEventSchema = z.object({
64
+ approver_id: z.string().describe("actor_id"),
65
+ approved: z.boolean(),
66
+ reason: z.string().optional(),
67
+ at: TimestampSchema,
68
+ });
69
+ /**
70
+ * Audit trail entry for an action.
71
+ */
72
+ export const AuditEventSchema = z.object({
73
+ phase: ActionPhaseSchema,
74
+ by_actor_id: z.string(),
75
+ at: TimestampSchema,
76
+ detail: z.string().optional(),
77
+ });
78
+ /**
79
+ * A proposed or executed side-effectful operation.
80
+ *
81
+ * Actions are the seventh link in the epistemic chain.
82
+ * The phase field tracks the action through propose → arbitrate
83
+ * → approved/rejected → executing → completed/failed/halted.
84
+ *
85
+ * Every Action carries an ActionContract. The Policy Kernel evaluates
86
+ * the contract against current trust assignments and approval requirements
87
+ * before phase advances past `arbitrating`.
88
+ */
89
+ export const ActionSchema = z.object({
90
+ id: z.string(),
91
+ decision_id: z.string().optional().describe("optional link to the deciding context"),
92
+ intent: z.string(),
93
+ tool: z.string().describe("tool registry key, e.g. 'git.push'"),
94
+ inputs: z.unknown().describe("validated against the tool's input schema"),
95
+ contract: ActionContractSchema,
96
+ phase: ActionPhaseSchema,
97
+ approval: ApprovalEventSchema.optional(),
98
+ audit: z.array(AuditEventSchema),
99
+ outcome_id: z.string().optional(),
100
+ proposed_at: TimestampSchema,
101
+ proposed_by: z.string().describe("actor_id"),
102
+ });
103
+ // -----------------------------------------------------------------------------
104
+ // Outcome
105
+ // -----------------------------------------------------------------------------
106
+ export const OutcomeResultSchema = z.enum(["success", "failure", "partial", "unknown"]);
107
+ /**
108
+ * What happened when an action executed.
109
+ *
110
+ * Outcomes generate new observations that re-enter the cognitive core.
111
+ * Calibrators consume outcomes to update per-class confidence calibration.
112
+ */
113
+ export const OutcomeSchema = z.object({
114
+ id: z.string(),
115
+ action_id: z.string(),
116
+ result: OutcomeResultSchema,
117
+ effect_observation_ids: z.array(z.string()).describe("observations capturing the effect"),
118
+ side_effects_observed: z.array(z.string()),
119
+ duration_ms: z.number().int().nonnegative(),
120
+ observed_at: TimestampSchema,
121
+ });
122
+ //# sourceMappingURL=action.js.map
package/dist/schemas/action.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"action.js","sourceRoot":"","sources":["../../src/schemas/action.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAE/D,gFAAgF;AAChF,eAAe;AACf,EAAE;AACF,wDAAwD;AACxD,kEAAkE;AAClE,yEAAyE;AACzE,gEAAgE;AAChE,+EAA+E;AAC/E,oDAAoD;AACpD,gFAAgF;AAEhF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;AAG9D,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC,CAAA;AAGnF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,aAAa,EAAE,cAAc,CAAC,CAAC,CAAA;AAGxF,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAA;AAGrF;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC1D,UAAU,EAAE,CAAC,CAAC,OAAO,EAAE;IACvB,oBAAoB,EAAE,CAAC,CAAC,OAAO,EAAE;IACjC,4BAA4B,EAAE,CAAC,CAAC,OAAO,EAAE;CAC1C,CAAC,CAAA;AAGF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,cAAc,EAAE,gBAAgB;IAChC,YAAY,EAAE,iBAAiB;IAC/B,aAAa,EAAE,mBAAmB;IAClC,KAAK,EAAE,mBAAmB;IAC1B,gBAAgB,EAAE,8BAA8B;IAChD,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC;CACjD,CAAC,CAAA;AAGF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,IAAI,CAAC;IACtC,UAAU;IACV,aAAa;IACb,UAAU;IACV,UAAU;IACV,WAAW;IACX,WAAW;IACX,QAAQ;IACR,QAAQ;CACT,CAAC,CAAA;AAGF;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC;IAC5C,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE;IACrB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,EAAE,EAAE,eAAe;CACpB,CAAC,CAAA;AAGF;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,KAAK,EAAE,iBAAiB;IACxB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,EAAE,EAAE,eAAe;IACnB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC9B,CAAC,CAAA;AAGF;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC;IACpF,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;IAC/D,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;IACzE,QAAQ,EAAE,oBAAoB;IAC9B,KAAK,EAAE,iBAAiB;IACxB,QAAQ,EAAE,mBAAmB,CAAC,QAAQ,EAAE;IACxC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC;IAChC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,eAAe;IAC5B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC;CAC7C,CAAC,CAAA;AAGF,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAA;AAGvF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,MAAM,EAAE,mBAAmB;IAC3B,sBAAsB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,mCAAmC,CAAC;IACzF,qBAAqB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC1C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;IAC3C,WAAW,EAAE,eAAe;CAC7B,CAAC,CAAA"}
package/dist/schemas/actor.d.ts ADDED
@@ -0,0 +1,87 @@
1
+ import { z } from "zod";
2
+ /**
3
+ * Kinds of actor that can produce events in the system.
4
+ * Every Observation, Claim, Decision, Action, and Revision records its actor.
5
+ */
6
+ export declare const ActorKindSchema: z.ZodEnum<["human", "agent", "tool", "probe", "sentinel", "system", "imported"]>;
7
+ export type ActorKind = z.infer<typeof ActorKindSchema>;
8
+ /**
9
+ * Identity record for any entity that can act in the system.
10
+ *
11
+ * Sensitivity clearance bounds what content the actor may handle.
12
+ * Trust baseline is the default credibility weight for assertions
13
+ * by this actor; the Calibrator can adjust per-class trust over time.
14
+ */
15
+ export declare const ActorSchema: z.ZodObject<{
16
+ id: z.ZodString;
17
+ kind: z.ZodEnum<["human", "agent", "tool", "probe", "sentinel", "system", "imported"]>;
18
+ display_name: z.ZodString;
19
+ authority_scope: z.ZodArray<z.ZodObject<{
20
+ level: z.ZodEnum<["global", "organization", "user", "project", "repo", "session"]>;
21
+ identifier: z.ZodString;
22
+ }, "strip", z.ZodTypeAny, {
23
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
24
+ identifier: string;
25
+ }, {
26
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
27
+ identifier: string;
28
+ }>, "many">;
29
+ signing_key_id: z.ZodOptional<z.ZodString>;
30
+ trust_baseline: z.ZodNumber;
31
+ sensitivity_clearance: z.ZodEnum<["public", "internal", "confidential", "secret"]>;
32
+ created_at: z.ZodString;
33
+ }, "strip", z.ZodTypeAny, {
34
+ id: string;
35
+ kind: "human" | "agent" | "tool" | "probe" | "sentinel" | "system" | "imported";
36
+ display_name: string;
37
+ authority_scope: {
38
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
39
+ identifier: string;
40
+ }[];
41
+ trust_baseline: number;
42
+ sensitivity_clearance: "public" | "internal" | "confidential" | "secret";
43
+ created_at: string;
44
+ signing_key_id?: string | undefined;
45
+ }, {
46
+ id: string;
47
+ kind: "human" | "agent" | "tool" | "probe" | "sentinel" | "system" | "imported";
48
+ display_name: string;
49
+ authority_scope: {
50
+ level: "global" | "organization" | "user" | "project" | "repo" | "session";
51
+ identifier: string;
52
+ }[];
53
+ trust_baseline: number;
54
+ sensitivity_clearance: "public" | "internal" | "confidential" | "secret";
55
+ created_at: string;
56
+ signing_key_id?: string | undefined;
57
+ }>;
58
+ export type Actor = z.infer<typeof ActorSchema>;
59
+ /**
60
+ * Ed25519 signature over a canonical payload.
61
+ *
62
+ * v0 scope: signatures are required for skills, policy versions,
63
+ * external imports, and secret-signing events. Routine internal
64
+ * events rely on the append-only log and content hashes, not
65
+ * cryptographic signatures.
66
+ */
67
+ export declare const SignatureSchema: z.ZodObject<{
68
+ signer_id: z.ZodString;
69
+ payload_hash: z.ZodString;
70
+ algorithm: z.ZodLiteral<"ed25519">;
71
+ signature: z.ZodString;
72
+ at: z.ZodString;
73
+ }, "strip", z.ZodTypeAny, {
74
+ at: string;
75
+ signer_id: string;
76
+ payload_hash: string;
77
+ algorithm: "ed25519";
78
+ signature: string;
79
+ }, {
80
+ at: string;
81
+ signer_id: string;
82
+ payload_hash: string;
83
+ algorithm: "ed25519";
84
+ signature: string;
85
+ }>;
86
+ export type Signature = z.infer<typeof SignatureSchema>;
87
+ //# sourceMappingURL=actor.d.ts.map
package/dist/schemas/actor.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"actor.d.ts","sourceRoot":"","sources":["../../src/schemas/actor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAGvB;;;GAGG;AACH,eAAO,MAAM,eAAe,kFAQ1B,CAAA;AACF,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAA;AAEvD;;;;;;GAMG;AACH,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAStB,CAAA;AACF,MAAM,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAA;AAE/C;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;EAM1B,CAAA;AACF,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAA"}
package/dist/schemas/actor.js ADDED
@@ -0,0 +1,48 @@
1
+ import { z } from "zod";
2
+ import { ResourceScopeSchema, SensitivitySchema, TimestampSchema } from "./common";
3
+ /**
4
+ * Kinds of actor that can produce events in the system.
5
+ * Every Observation, Claim, Decision, Action, and Revision records its actor.
6
+ */
7
+ export const ActorKindSchema = z.enum([
8
+ "human",
9
+ "agent",
10
+ "tool",
11
+ "probe",
12
+ "sentinel",
13
+ "system",
14
+ "imported",
15
+ ]);
16
+ /**
17
+ * Identity record for any entity that can act in the system.
18
+ *
19
+ * Sensitivity clearance bounds what content the actor may handle.
20
+ * Trust baseline is the default credibility weight for assertions
21
+ * by this actor; the Calibrator can adjust per-class trust over time.
22
+ */
23
+ export const ActorSchema = z.object({
24
+ id: z.string().describe("uuid-shaped identifier"),
25
+ kind: ActorKindSchema,
26
+ display_name: z.string(),
27
+ authority_scope: z.array(ResourceScopeSchema).describe("scopes this actor may operate within"),
28
+ signing_key_id: z.string().optional().describe("present for actors that sign artifacts"),
29
+ trust_baseline: z.number().min(0).max(1).describe("default credibility [0,1]"),
30
+ sensitivity_clearance: SensitivitySchema.describe("max sensitivity this actor may handle"),
31
+ created_at: TimestampSchema,
32
+ });
33
+ /**
34
+ * Ed25519 signature over a canonical payload.
35
+ *
36
+ * v0 scope: signatures are required for skills, policy versions,
37
+ * external imports, and secret-signing events. Routine internal
38
+ * events rely on the append-only log and content hashes, not
39
+ * cryptographic signatures.
40
+ */
41
+ export const SignatureSchema = z.object({
42
+ signer_id: z.string().describe("actor_id of the signer"),
43
+ payload_hash: z.string().describe("sha-256 of canonical payload"),
44
+ algorithm: z.literal("ed25519"),
45
+ signature: z.string().describe("base64-encoded signature bytes"),
46
+ at: TimestampSchema,
47
+ });
48
+ //# sourceMappingURL=actor.js.map
package/dist/schemas/actor.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"actor.js","sourceRoot":"","sources":["../../src/schemas/actor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAElF;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC;IACpC,OAAO;IACP,OAAO;IACP,MAAM;IACN,OAAO;IACP,UAAU;IACV,QAAQ;IACR,UAAU;CACX,CAAC,CAAA;AAGF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IACjD,IAAI,EAAE,eAAe;IACrB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,QAAQ,CAAC,sCAAsC,CAAC;IAC9F,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;IACxF,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC9E,qBAAqB,EAAE,iBAAiB,CAAC,QAAQ,CAAC,uCAAuC,CAAC;IAC1F,UAAU,EAAE,eAAe;CAC5B,CAAC,CAAA;AAGF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IACxD,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,8BAA8B,CAAC;IACjE,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAChE,EAAE,EAAE,eAAe;CACpB,CAAC,CAAA"}