@treeseed/sdk 0.10.6 → 0.10.8

package/dist/api/auth/d1-provider.d.ts

@@ -10,6 +10,11 @@ export declare class D1AuthProvider implements ApiAuthProvider {
     startDeviceFlow(request: DeviceCodeStartRequest): Promise<DeviceCodeStartResponse>;
     pollDeviceFlow(request: DeviceCodePollRequest): Promise<DeviceCodePollResponse>;
     refreshAccessToken(request: TokenRefreshRequest): Promise<TokenRefreshResponse>;
+    issueUserSession(userId: string, options?: {
+        sessionType?: string;
+        scopes?: string[];
+        data?: Record<string, unknown>;
+    }): Promise<TokenRefreshResponse>;
     approveDeviceFlow(request: DeviceCodeApproveRequest): Promise<{
         ok: true;
     }>;

package/dist/api/auth/d1-provider.js

@@ -34,6 +34,9 @@ class D1AuthProvider {
   refreshAccessToken(request) {
     return this.store.refreshAccessToken(request);
   }
+  issueUserSession(userId, options = {}) {
+    return this.store.issueUserSession(userId, options);
+  }
   approveDeviceFlow(request) {
     return this.store.approveDeviceFlow(request);
   }

package/dist/api/auth/d1-store.d.ts

@@ -58,6 +58,11 @@ export declare class D1AuthStore {
         ok: true;
     }>;
     pollDeviceFlow(request: DeviceCodePollRequest): Promise<DeviceCodePollResponse>;
+    issueUserSession(userId: string, options?: {
+        sessionType?: string;
+        scopes?: string[];
+        data?: Record<string, unknown>;
+    }): Promise<TokenRefreshResponse>;
     refreshAccessToken(request: TokenRefreshRequest): Promise<TokenRefreshResponse>;
     createPersonalAccessToken(userId: string, input: {
         name: string;

package/dist/api/auth/d1-store.js

@@ -650,6 +650,68 @@ class D1AuthStore {
       }
     };
   }
+  async issueUserSession(userId, options = {}) {
+    await this.ensureInitialized();
+    const principalRecord = await this.principalForUser(userId);
+    const refreshToken = nextOpaqueToken("refresh");
+    const sessionId = randomUUID();
+    const refreshTokenHash = stableHash(refreshToken, this.config.authSecret);
+    const expiresAt = addSeconds(now(), this.config.accessTokenTtlSeconds);
+    const refreshExpiresAt = addSeconds(now(), this.config.refreshTokenTtlSeconds);
+    const requestedScopes = options.scopes && options.scopes.length > 0 ? [...new Set(options.scopes)] : principalRecord.principal.scopes;
+    await this.run(
+      `INSERT INTO auth_sessions (id, user_id, session_type, refresh_token_hash, scopes_json, expires_at, revoked_at, data_json, created_at, updated_at)
+			 VALUES (?, ?, ?, ?, ?, ?, NULL, ?, ?, ?)`,
+      [
+        sessionId,
+        userId,
+        options.sessionType?.trim() || "web",
+        refreshTokenHash,
+        JSON.stringify(requestedScopes),
+        refreshExpiresAt.toISOString(),
+        JSON.stringify(options.data ?? {}),
+        isoNow(),
+        isoNow()
+      ]
+    );
+    const accessToken = createAccessToken({
+      sub: principalRecord.principal.id,
+      displayName: principalRecord.principal.displayName,
+      scopes: requestedScopes,
+      roles: principalRecord.principal.roles,
+      permissions: principalRecord.principal.permissions,
+      metadata: {
+        ...principalRecord.principal.metadata,
+        sessionId
+      },
+      iat: Math.floor(Date.now() / 1e3),
+      exp: Math.floor(expiresAt.getTime() / 1e3),
+      iss: this.config.issuer,
+      jti: randomUUID(),
+      tokenType: "access"
+    }, this.config.authSecret);
+    await this.writeAuditEvent({
+      actorType: "user",
+      actorId: userId,
+      eventType: "auth.session_issued",
+      targetType: "auth_session",
+      targetId: sessionId,
+      data: { sessionType: options.sessionType ?? "web" }
+    });
+    return {
+      ok: true,
+      status: "approved",
+      accessToken,
+      refreshToken,
+      tokenType: "Bearer",
+      expiresAt: expiresAt.toISOString(),
+      expiresInSeconds: this.config.accessTokenTtlSeconds,
+      principal: {
+        ...principalRecord.principal,
+        scopes: requestedScopes
+      }
+    };
+  }
   async refreshAccessToken(request) {
     await this.ensureInitialized();
     const refreshHash = stableHash(request.refreshToken, this.config.authSecret);

package/dist/api/auth/memory-provider.d.ts

@@ -11,6 +11,11 @@ export declare class MemoryDeviceCodeAuthProvider implements ApiAuthProvider {
     }>;
     pollDeviceFlow(request: DeviceCodePollRequest): Promise<DeviceCodePollResponse>;
     refreshAccessToken(request: TokenRefreshRequest): Promise<TokenRefreshResponse>;
+    issueUserSession(userId: string, options?: {
+        sessionType?: string;
+        scopes?: string[];
+        data?: Record<string, unknown>;
+    }): Promise<TokenRefreshResponse>;
     authenticateBearerToken(token: string): Promise<{
         principal: ApiPrincipal;
         credential: {

package/dist/api/auth/memory-provider.js

@@ -154,6 +154,47 @@ class MemoryDeviceCodeAuthProvider {
       principal: session.principal
     };
   }
+  async issueUserSession(userId, options = {}) {
+    const principal = {
+      id: userId,
+      displayName: userId,
+      scopes: options.scopes ?? ["auth:me"],
+      roles: ["member"],
+      permissions: ["auth:read:self"],
+      metadata: {
+        ...options.data ?? {},
+        sessionType: options.sessionType ?? "web"
+      }
+    };
+    const refreshToken = nextOpaqueToken("refresh");
+    this.refreshSessions.set(refreshToken, {
+      principal,
+      expiresAt: nowSeconds() + this.config.refreshTokenTtlSeconds
+    });
+    const expiresAt = nowSeconds() + this.config.accessTokenTtlSeconds;
+    return {
+      ok: true,
+      status: "approved",
+      accessToken: createAccessToken({
+        sub: principal.id,
+        displayName: principal.displayName,
+        scopes: principal.scopes,
+        roles: principal.roles,
+        permissions: principal.permissions,
+        metadata: principal.metadata,
+        iat: nowSeconds(),
+        exp: expiresAt,
+        iss: this.config.issuer,
+        jti: randomUUID(),
+        tokenType: "access"
+      }, this.config.authSecret),
+      refreshToken,
+      tokenType: "Bearer",
+      expiresAt: formatExpiry(expiresAt),
+      expiresInSeconds: this.config.accessTokenTtlSeconds,
+      principal
+    };
+  }
   async authenticateBearerToken(token) {
     const payload = verifyAccessToken(token, this.config.authSecret);
     return payload ? {

package/dist/api/types.d.ts

@@ -83,6 +83,11 @@ export interface ApiAuthProvider {
         expiresInSeconds: number;
         principal: ApiPrincipal;
     }>;
+    issueUserSession?(userId: string, options?: {
+        sessionType?: string;
+        scopes?: string[];
+        data?: Record<string, unknown>;
+    }): Promise<TokenRefreshResponse>;
 }
 export type ApiRuntimeProviderSelections = {
     auth: string;

package/dist/index.d.ts

@@ -5,6 +5,8 @@ export { createControlPlaneReporter } from './control-plane.ts';
 export { ControlPlaneClient } from './control-plane-client.ts';
 export * from './seeds/index.ts';
 export { CAPACITY_PROVIDER_ENDPOINTS, CAPACITY_PROVIDER_DEPLOYMENT_SERVICE_ROLES, CAPACITY_PROVIDER_ENV_KEYS, CAPACITY_PROVIDER_SCOPES, CapacityProviderApiError, MarketProviderClient, assertCapacityProviderOkEnvelope, assertCapacityProviderPortfolioManifest, assertCapacityProviderRegistrationResponse, buildCapacityProviderAuthHeaders, deployCapacityProviderToManagedMarketHost, deployCapacityProviderToRailway, isCapacityProviderSecretEnvKey, redactCapacityProviderEnv, redactCapacityProviderSecret, renderCapacityProviderSelfHostInstructions, persistCapacityProviderConnectionToTreeseedConfig, resolveCapacityProviderEnvironment, resolveCapacityProviderLaunchEnvironment, } from './capacity-provider.ts';
+export { PLATFORM_OPERATION_ENDPOINTS, PLATFORM_OPERATION_NAMESPACES, PLATFORM_OPERATION_SCOPES, PLATFORM_OPERATION_STATUSES, PLATFORM_OPERATION_TARGETS, PlatformOperationApiError, PlatformRunnerClient, assertPlatformOperation, assertPlatformOperationEvent, assertPlatformOperationOkEnvelope, buildPlatformRunnerAuthHeaders, createPlatformOperationExecutorRegistry, derivePlatformOperationNavigation, isPlatformOperationSuccessful, isPlatformOperationTerminal, pollPlatformOperation, runPlatformOperationOnce, type PlatformOperation, type PlatformOperationEvent, type PlatformOperationNavigationResult, type PlatformOperationPollOptions, type PlatformOperationPollResult, } from './platform-operations.ts';
+export { PLATFORM_CONTENT_COLLECTIONS, PLATFORM_WORK_CONTENT_COLLECTIONS, createPlatformRepositoryClaim, derivePlatformRepositoryKey, executePlatformRepositoryOperation, normalizePlatformContentInput, normalizePlatformRelationArray, platformContentRelationPolicy, resolvePlatformRepositoryWorkspacePath, slugifyPlatformContent, type PlatformContentCollection, type PlatformRepositoryClaim, type PlatformRepositoryClaimInput, type PlatformRepositoryDescriptor, type PlatformRepositoryOperationInput, type PlatformRepositoryOperationOptions, type PlatformRepositoryOperationResult, type PlatformRepositoryPathPolicy, type PlatformRepositoryVerificationCommand, type PlatformRepositoryVerificationResult, type NormalizedPlatformContentInput, } from './operations/repository-operations.ts';
 export { DEFAULT_EXECUTION_PROFILE_ID, DEFAULT_EXECUTION_PROFILES, DEFAULT_TASK_ADMISSION_POLICY, buildTaskEstimateProfileFromActuals, computeWorkdayBudgetEnvelope, decideTaskAdmission, estimateAttentionForTask, estimateConfidenceFromProfile, estimateLearningPercentile, estimateLearningVariance, estimateForClassification, estimateProfileConfidenceScore, estimateUtilityForTask, isInterruptedUsageActual, normalizeHybridExecutionPlan, mutationRequiresRepositoryClaim, normalizePlanningPolicy, normalizePredictiveReservePolicy, normalizeTaskPlanProposal, normalizeExecutionProfile, normalizeAttentionPolicy, normalizeTaskAdmissionPolicy, normalizeUtilityPolicy, predictReserveForCapacityPlan, progressivelyAdmitPlanProposal, rankPlannedTaskNodes, reservationHasCapacity, reserveCreditsForEstimate, routeAndReserveCapacity, scoreCapacityLane, selectBestCapacityLane, selectTaskEstimateProfile, settleCapacityActuals, shouldInterruptForCapacity, synthesizePlanEstimate, createReservationReleaseEntry, summarizeCapacityPlan, summarizeProjectCapacityPlan, summarizeTeamCapacityPlan, validateTaskPlanProposal, } from './capacity.ts';
 export { executeKnowledgeHubProviderLaunch, validateKnowledgeHubProviderLaunchPrerequisites, } from './operations/services/hub-provider-launch.ts';
 export { createKnowledgeHubRepositories, defaultHubContentResolutionPolicy, executeKnowledgeHubLaunch, normalizeKnowledgeHubLaunchIntent, planKnowledgeHubLaunch, planKnowledgeHubRepositories, validateRepositoryHost, type HubContentResolutionPolicy, type KnowledgeHubLaunchIntent, type KnowledgeHubLaunchPhase, type KnowledgeHubLaunchPlan, type KnowledgeHubLaunchResult, type KnowledgeHubRepositoryPlan, type RepositoryHost, } from './operations/services/hub-launch.ts';

package/dist/index.js

@@ -25,6 +25,37 @@ import {
   resolveCapacityProviderEnvironment,
   resolveCapacityProviderLaunchEnvironment
 } from "./capacity-provider.js";
+import {
+  PLATFORM_OPERATION_ENDPOINTS,
+  PLATFORM_OPERATION_NAMESPACES,
+  PLATFORM_OPERATION_SCOPES,
+  PLATFORM_OPERATION_STATUSES,
+  PLATFORM_OPERATION_TARGETS,
+  PlatformOperationApiError,
+  PlatformRunnerClient,
+  assertPlatformOperation,
+  assertPlatformOperationEvent,
+  assertPlatformOperationOkEnvelope,
+  buildPlatformRunnerAuthHeaders,
+  createPlatformOperationExecutorRegistry,
+  derivePlatformOperationNavigation,
+  isPlatformOperationSuccessful,
+  isPlatformOperationTerminal,
+  pollPlatformOperation,
+  runPlatformOperationOnce
+} from "./platform-operations.js";
+import {
+  PLATFORM_CONTENT_COLLECTIONS,
+  PLATFORM_WORK_CONTENT_COLLECTIONS,
+  createPlatformRepositoryClaim,
+  derivePlatformRepositoryKey,
+  executePlatformRepositoryOperation,
+  normalizePlatformContentInput,
+  normalizePlatformRelationArray,
+  platformContentRelationPolicy,
+  resolvePlatformRepositoryWorkspacePath,
+  slugifyPlatformContent
+} from "./operations/repository-operations.js";
 import {
   DEFAULT_EXECUTION_PROFILE_ID,
   DEFAULT_EXECUTION_PROFILES,
@@ -290,9 +321,18 @@ export {
   MarketApiError,
   MarketClient,
   MarketProviderClient,
+  PLATFORM_CONTENT_COLLECTIONS,
+  PLATFORM_OPERATION_ENDPOINTS,
+  PLATFORM_OPERATION_NAMESPACES,
+  PLATFORM_OPERATION_SCOPES,
+  PLATFORM_OPERATION_STATUSES,
+  PLATFORM_OPERATION_TARGETS,
+  PLATFORM_WORK_CONTENT_COLLECTIONS,
   PROJECT_JOB_STATUSES,
   PROJECT_TEAM_CAPABILITIES,
   PUBLISHED_CONTENT_MANIFEST_SCHEMA_VERSION,
+  PlatformOperationApiError,
+  PlatformRunnerClient,
   RELEASE_STATES,
   RemoteTemplateCatalogClient,
   RemoteTreeseedAuthClient,
@@ -319,11 +359,15 @@ export {
   assertCapacityProviderOkEnvelope,
   assertCapacityProviderPortfolioManifest,
   assertCapacityProviderRegistrationResponse,
+  assertPlatformOperation,
+  assertPlatformOperationEvent,
+  assertPlatformOperationOkEnvelope,
   buildBuiltinModelRegistry,
   buildCapacityProviderAuthHeaders,
   buildCopilotAllowToolArgs,
   buildKnowledgePackMarketPackage,
   buildModelRegistry,
+  buildPlatformRunnerAuthHeaders,
   buildScopedModelRegistry,
   buildTaskEstimateProfileFromActuals,
   buildTemplateMarketPackage,
@@ -339,6 +383,8 @@ export {
   createDefaultGraphRankingProvider,
   createFilesystemContentSource,
   createKnowledgeHubRepositories,
+  createPlatformOperationExecutorRegistry,
+  createPlatformRepositoryClaim,
   createPublishedContentPipeline,
   createReservationReleaseEntry,
   createTeamScopedR2OverlayContentPublishProvider,
@@ -353,6 +399,8 @@ export {
   deniedAgentOperationResult,
   deployCapacityProviderToManagedMarketHost,
   deployCapacityProviderToRailway,
+  derivePlatformOperationNavigation,
+  derivePlatformRepositoryKey,
   deriveTreeseedDesiredUnits,
   destroyTreeseedTargetUnits,
   ensureRailwayEnvironment,
@@ -367,6 +415,7 @@ export {
   estimateUtilityForTask,
   executeKnowledgeHubLaunch,
   executeKnowledgeHubProviderLaunch,
+  executePlatformRepositoryOperation,
   executeSdkOperation,
   findDispatchCapability,
   findSdkOperation,
@@ -380,6 +429,8 @@ export {
   isAgentOperationName,
   isCapacityProviderSecretEnvKey,
   isInterruptedUsageActual,
+  isPlatformOperationSuccessful,
+  isPlatformOperationTerminal,
   isTeamScopedR2ContentEnabled,
   listIntegratedMarketCatalog,
   listRailwayEnvironments,
@@ -404,6 +455,8 @@ export {
   normalizeKnowledgeHubLaunchIntent,
   normalizeMutationData,
   normalizePlanningPolicy,
+  normalizePlatformContentInput,
+  normalizePlatformRelationArray,
   normalizePredictiveReservePolicy,
   normalizeProjectJobStatus,
   normalizeRecordToCanonicalShape,
@@ -422,6 +475,8 @@ export {
   planKnowledgeHubLaunch,
   planKnowledgeHubRepositories,
   planTreeseedReconciliation,
+  platformContentRelationPolicy,
+  pollPlatformOperation,
   predictReserveForCapacityPlan,
   preprocessAliasedRecord,
   progressivelyAdmitPlanProposal,
@@ -450,6 +505,7 @@ export {
   resolveMarketSession,
   resolveModelDefinition,
   resolveModelField,
+  resolvePlatformRepositoryWorkspacePath,
   resolvePublishedContentBucketBinding,
   resolvePublishedContentManifestKey,
   resolvePublishedContentPreviewRoot,
@@ -464,6 +520,7 @@ export {
   resolveTreeseedToolBinary,
   resolveTreeseedToolCommand,
   routeAndReserveCapacity,
+  runPlatformOperationOnce,
   runTreeseedCopilotTask,
   runTreeseedVerifyDriver,
   scoreCapacityLane,
@@ -474,6 +531,7 @@ export {
   settleCapacityActuals,
   shouldInterruptForCapacity,
   signEditorialPreviewToken,
+  slugifyPlatformContent,
   summarizeCapacityPlan,
   summarizeProjectCapacityPlan,
   summarizeTeamCapacityPlan,

package/dist/market-client.d.ts

@@ -19,6 +19,13 @@ export interface MarketSession {
     expiresAt?: string;
     principal?: ApiPrincipal | null;
 }
+export interface MarketWebAuthSession {
+    accessToken: string;
+    refreshToken?: string | null;
+    expiresInSeconds?: number;
+    principal: ApiPrincipal;
+    session?: Record<string, unknown> | null;
+}
 export interface MarketRegistryState {
     version: 1;
     activeMarketId: string;
@@ -128,6 +135,118 @@ export declare class MarketClient {
     logout(): Promise<{
         ok: true;
     }>;
+    webSignUp(body: {
+        email: string;
+        password: string;
+        username?: string | null;
+        name?: string | null;
+        firstName?: string | null;
+        lastName?: string | null;
+    }): Promise<{
+        ok: true;
+        payload: MarketWebAuthSession;
+    }>;
+    webSignIn(body: {
+        email?: string;
+        username?: string;
+        login?: string;
+        password: string;
+    }): Promise<{
+        ok: true;
+        payload: MarketWebAuthSession;
+    }>;
+    checkWebUsername(username: string): Promise<{
+        ok: true;
+        payload: {
+            username: string;
+            available: boolean;
+            status: string;
+        };
+    }>;
+    webSessions(): Promise<{
+        ok: true;
+        payload: unknown[];
+    }>;
+    revokeWebSession(sessionId: string): Promise<{
+        ok: true;
+        payload: {
+            sessionId: string;
+        };
+    }>;
+    updateWebProfile(body: {
+        name?: string | null;
+        image?: string | null;
+    }): Promise<{
+        ok: true;
+        payload: MarketWebAuthSession;
+    }>;
+    webAppearance(): Promise<{
+        ok: true;
+        payload: {
+            scheme: string;
+            mode: string;
+        };
+    }>;
+    updateWebAppearance(body: {
+        colorScheme?: string | null;
+        scheme?: string | null;
+        themeMode?: string | null;
+        mode?: string | null;
+    }): Promise<{
+        ok: true;
+        payload: {
+            scheme: string;
+            mode: string;
+        };
+    }>;
+    updateWebEmail(body: {
+        email: string;
+    }): Promise<{
+        ok: true;
+        payload: MarketWebAuthSession;
+    }>;
+    updateWebPassword(body: {
+        currentPassword?: string;
+        password: string;
+    }): Promise<{
+        ok: true;
+        payload: {
+            changed: true;
+        };
+    }>;
+    requestWebPasswordReset(body: {
+        email: string;
+    }): Promise<{
+        ok: true;
+        payload: {
+            sent: true;
+            resetToken?: string | null;
+        };
+    }>;
+    completeWebPasswordReset(body: {
+        token: string;
+        password: string;
+    }): Promise<{
+        ok: true;
+        payload: {
+            reset: true;
+        };
+    }>;
+    accountDeletionBlockers(): Promise<{
+        ok: true;
+        payload: {
+            blockers: unknown[];
+            canDelete: boolean;
+        };
+    }>;
+    deleteAccount(body?: {
+        confirmation?: string;
+    }): Promise<{
+        ok: true;
+        payload: {
+            deleted: true;
+        };
+    }>;
     me(): Promise<{
         ok: true;
         payload: {

package/dist/market-client.js

@@ -319,6 +319,85 @@ class MarketClient {
       requireAuth: true
     });
   }
+  webSignUp(body) {
+    return this.request("/v1/auth/web/sign-up", {
+      method: "POST",
+      body
+    });
+  }
+  webSignIn(body) {
+    return this.request("/v1/auth/web/sign-in", {
+      method: "POST",
+      body
+    });
+  }
+  checkWebUsername(username) {
+    return this.request(
+      `/v1/auth/web/username/check?username=${encodeURIComponent(username)}`
+    );
+  }
+  webSessions() {
+    return this.request("/v1/auth/web/sessions", { requireAuth: true });
+  }
+  revokeWebSession(sessionId) {
+    return this.request(
+      `/v1/auth/web/sessions/${encodeURIComponent(sessionId)}/revoke`,
+      { method: "POST", requireAuth: true }
+    );
+  }
+  updateWebProfile(body) {
+    return this.request("/v1/auth/web/profile", {
+      method: "PATCH",
+      body,
+      requireAuth: true
+    });
+  }
+  webAppearance() {
+    return this.request("/v1/auth/web/appearance", { requireAuth: true });
+  }
+  updateWebAppearance(body) {
+    return this.request("/v1/auth/web/appearance", {
+      method: "PATCH",
+      body,
+      requireAuth: true
+    });
+  }
+  updateWebEmail(body) {
+    return this.request("/v1/auth/web/email", {
+      method: "PATCH",
+      body,
+      requireAuth: true
+    });
+  }
+  updateWebPassword(body) {
+    return this.request("/v1/auth/web/password", {
+      method: "PATCH",
+      body,
+      requireAuth: true
+    });
+  }
+  requestWebPasswordReset(body) {
+    return this.request("/v1/auth/web/password-reset/request", {
+      method: "POST",
+      body
+    });
+  }
+  completeWebPasswordReset(body) {
+    return this.request("/v1/auth/web/password-reset/complete", {
+      method: "POST",
+      body
+    });
+  }
+  accountDeletionBlockers() {
+    return this.request("/v1/auth/web/account/deletion-blockers", { requireAuth: true });
+  }
+  deleteAccount(body = {}) {
+    return this.request("/v1/auth/web/account", {
+      method: "DELETE",
+      body,
+      requireAuth: true
+    });
+  }
   me() {
     return this.request("/v1/me", { requireAuth: true });
   }

package/dist/operations/repository-operations.d.ts

@@ -0,0 +1,129 @@
+export declare const PLATFORM_CONTENT_COLLECTIONS: readonly ["objectives", "questions", "notes", "proposals", "decisions", "agents"];
+export declare const PLATFORM_WORK_CONTENT_COLLECTIONS: readonly ["objectives", "questions", "notes", "proposals", "decisions"];
+export type PlatformContentCollection = (typeof PLATFORM_CONTENT_COLLECTIONS)[number];
+export interface PlatformRepositoryDescriptor {
+    provider?: 'github' | 'local' | string;
+    owner?: string;
+    name: string;
+    defaultBranch?: string;
+    cloneUrl: string;
+    writeMode?: 'workspace' | 'branch' | 'direct' | 'pull_request';
+    branchName?: string;
+    push?: boolean;
+    pathPolicies?: PlatformRepositoryPathPolicy[];
+    verificationCommands?: PlatformRepositoryVerificationCommand[];
+}
+export interface PlatformRepositoryPathPolicy {
+    allow: string;
+}
+export interface PlatformRepositoryVerificationCommand {
+    command: string;
+    args?: string[];
+    workingDirectory?: string;
+    timeoutMs?: number;
+}
+export interface PlatformRepositoryClaimInput {
+    repository: PlatformRepositoryDescriptor;
+    runnerId: string;
+    workspaceRoot: string;
+    branch?: string | null;
+    commitSha?: string | null;
+    leaseSeconds?: number;
+    metadata?: Record<string, unknown>;
+}
+export interface PlatformRepositoryClaim {
+    id: string;
+    repositoryKey: string;
+    runnerId: string;
+    workspacePath: string;
+    branch: string | null;
+    commitSha: string | null;
+    claimState: 'active' | 'released' | 'expired' | string;
+    leaseExpiresAt: string | null;
+    metadata: Record<string, unknown>;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface PlatformRepositoryOperationInput {
+    projectId?: string;
+    teamId?: string;
+    createdBy?: string;
+    repository: PlatformRepositoryDescriptor;
+    collection?: string;
+    parentCollection?: string;
+    parentSlug?: string;
+    targetCollection?: string;
+    proposalSlugs?: string[];
+    decisionType?: string;
+    reason?: string;
+    title?: string;
+    slug?: string;
+    normalized?: NormalizedPlatformContentInput;
+    payload?: Record<string, unknown>;
+    commitMessage?: string;
+    approvalRequired?: boolean;
+    approvalId?: string;
+}
+export interface PlatformRepositoryOperationOptions {
+    workspaceRoot: string;
+    environment?: string;
+}
+export interface NormalizedPlatformContentInput {
+    slug: string;
+    extension: 'md' | 'mdx';
+    frontmatter: Record<string, unknown>;
+    body: string;
+}
+export interface PlatformRepositoryOperationResult {
+    ok: true;
+    operation: string;
+    repository: {
+        key: string;
+        provider: string;
+        owner: string | null;
+        name: string;
+        cloneUrl: string;
+    };
+    baseBranch: string;
+    repositoryPath: string;
+    workspacePath: string;
+    href: string | null;
+    branch: string | null;
+    operationBranch: string | null;
+    commitSha: string | null;
+    changedPaths: string[];
+    verification: PlatformRepositoryVerificationResult | null;
+    pullRequest: null;
+    workflowRun: null;
+    output: Record<string, unknown>;
+}
+export interface PlatformRepositoryVerificationResult {
+    status: 'passed' | 'failed' | 'skipped';
+    commands: Array<{
+        command: string;
+        args: string[];
+        cwd: string;
+        exitCode: number;
+        stdout: string;
+        stderr: string;
+    }>;
+}
+export declare class PlatformRepositoryVerificationError extends Error {
+    readonly verification: PlatformRepositoryVerificationResult;
+    constructor(message: string, verification: PlatformRepositoryVerificationResult);
+}
+export declare function slugifyPlatformContent(value: unknown): string;
+export declare function normalizePlatformRelationArray(value: unknown): string[];
+export declare function platformContentRelationPolicy(parentCollection: string, targetCollection: string): {
+    sourceField?: string;
+    targetField?: string;
+    sourceSingle?: boolean;
+    targetSingle?: boolean;
+};
+export declare function normalizePlatformContentInput(collection: string, body: Record<string, unknown>): NormalizedPlatformContentInput | {
+    error: string;
+};
+export declare function derivePlatformRepositoryKey(repository: PlatformRepositoryDescriptor): string;
+export declare function resolvePlatformRepositoryWorkspacePath(workspaceRoot: string, repository: PlatformRepositoryDescriptor): string;
+export declare function createPlatformRepositoryClaim(input: PlatformRepositoryClaimInput): PlatformRepositoryClaim;
+export declare function executePlatformRepositoryOperation(operation: 'write_content_record' | 'create_related_content' | 'create_decision_from_proposals' | string, input: PlatformRepositoryOperationInput, options: PlatformRepositoryOperationOptions): Promise<PlatformRepositoryOperationResult>;