@undefineds.co/models 0.2.25 → 0.2.27

package/dist/approval.schema.d.ts

@@ -3,6 +3,8 @@ export declare function extractApprovalIdFromApprovalRef(approvalRef: string | n
 export declare const approvalResource: import("@undefineds.co/drizzle-solid/dist/core/schema").PodTableWithColumns<import("@undefineds.co/drizzle-solid/dist/core/schema").ResolvedColumns<{
     id: import("@undefineds.co/drizzle-solid/dist/core/schema").PodStringColumn<false, false>;
     session: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, true, false>;
+    chat: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
+    thread: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
     toolCallId: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, true, false>;
     toolName: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, true, false>;
     target: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, true, false>;
@@ -24,6 +26,8 @@ export declare const approvalResource: import("@undefineds.co/drizzle-solid/dist
 export declare const approvalTable: import("@undefineds.co/drizzle-solid/dist/core/schema").PodTableWithColumns<import("@undefineds.co/drizzle-solid/dist/core/schema").ResolvedColumns<{
     id: import("@undefineds.co/drizzle-solid/dist/core/schema").PodStringColumn<false, false>;
     session: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, true, false>;
+    chat: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
+    thread: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
     toolCallId: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, true, false>;
     toolName: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, true, false>;
     target: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, true, false>;

package/dist/approval.schema.js

@@ -1,5 +1,8 @@
 import { extractPodResourceTemplateValue, podTable, uri, string, text, timestamp, id } from '@undefineds.co/drizzle-solid';
 import { ODRL, UDFS, DCTerms } from './namespaces.js';
+import { chatResource } from './chat.schema.js';
+import { threadResource } from './thread.schema.js';
+import { asPodResourceTemplateTarget } from './repository.js';
 export function buildApprovalSubjectPath(approvalId, createdAt = new Date()) {
     const date = createdAt instanceof Date ? createdAt : new Date(createdAt);
     const safeDate = Number.isFinite(date.getTime()) ? date : new Date();
@@ -12,13 +15,15 @@ export function extractApprovalIdFromApprovalRef(approvalRef) {
     if (approvalRef && !/[/:#]/.test(approvalRef)) {
         return approvalRef;
     }
-    return extractPodResourceTemplateValue(approvalResource, approvalRef);
+    return extractPodResourceTemplateValue(asPodResourceTemplateTarget(approvalResource), approvalRef);
 }
 // Approval request resource (separate from Solid inbox notifications).
 export const approvalResource = podTable('approval', {
     id: id('id'),
     // Relations
     session: uri('session').predicate(UDFS.session).notNull(),
+    chat: uri('chat').predicate(UDFS.conversation).link(chatResource),
+    thread: uri('thread').predicate(UDFS.inThread).link(threadResource),
     toolCallId: string('toolCallId').predicate(UDFS.toolCallId).notNull(),
     // Request details
     toolName: string('toolName').predicate(UDFS.toolName).notNull(),

package/dist/audit.presentation.d.ts

@@ -14,7 +14,7 @@ export interface AuditPresentation {
     authMessage: string | null;
     actorRoleLabel: string;
 }
-type RelatedApproval = Pick<ApprovalRow, 'target' | 'toolName' | 'risk' | 'reason' | 'status' | 'context'> | null | undefined;
+type RelatedApproval = Pick<ApprovalRow, 'chat' | 'thread' | 'target' | 'toolName' | 'risk' | 'reason' | 'status' | 'context'> | null | undefined;
 export declare function buildAuditDetailRecord(audit: AuditRow, relatedApproval?: RelatedApproval): Record<string, unknown>;
 export declare function formatInboxStatusLabel(status?: string | null): string | null;
 export declare function formatAuditActorRole(role?: string | null): string;

package/dist/audit.presentation.js

@@ -33,6 +33,8 @@ export function buildAuditDetailRecord(audit, relatedApproval) {
         actorRole: audit.actorRole,
         onBehalfOf: audit.onBehalfOf || undefined,
         session: audit.session || undefined,
+        chat: audit.chat || undefined,
+        thread: audit.thread || undefined,
         entry: audit.entry || undefined,
         toolCallId: audit.toolCallId || undefined,
         toolName: audit.toolName || undefined,
@@ -42,6 +44,8 @@ export function buildAuditDetailRecord(audit, relatedApproval) {
         createdAt: audit.createdAt,
         relatedApproval: relatedApproval
             ? {
+                chat: relatedApproval.chat || undefined,
+                thread: relatedApproval.thread || undefined,
                 target: relatedApproval.target,
                 toolName: relatedApproval.toolName,
                 risk: relatedApproval.risk,
@@ -102,9 +106,12 @@ export function createResolvedAuthTimestampsIndex(audits) {
     return resolvedAuthTimestampsByKey;
 }
 export function buildAuditPresentation(audit, resolvedAuthTimestampsByKey, relatedApproval) {
-    const thread = audit.entry || relatedApproval?.target || null;
-    const about = relatedApproval?.target ?? audit.entry ?? audit.approval ?? null;
+    const thread = audit.thread || relatedApproval?.thread || audit.entry || relatedApproval?.target || null;
+    const chat = audit.chat || relatedApproval?.chat || null;
+    const about = relatedApproval?.target ?? audit.entry ?? audit.approval ?? thread ?? null;
     const { chatId, threadId } = extractChatThreadRef(thread);
+    const chatRef = extractChatThreadRef(chat);
+    const resolvedChatId = chatId ?? chatRef.chatId;
     const actorRoleLabel = formatAuditActorRole(audit.actorRole);
     if (audit.action === 'runtime.auth_required') {
         const method = audit.toolName || null;
@@ -117,7 +124,7 @@ export function buildAuditPresentation(audit, resolvedAuthTimestampsByKey, relat
             description: method ? `运行时需要完成 ${method} 认证后才能继续。` : '运行时需要额外认证后才能继续。',
             category: 'auth_required',
             status: isResolved ? 'resolved' : 'pending',
-            chatId,
+            chatId: resolvedChatId,
             threadId,
             thread,
             about,
@@ -134,7 +141,7 @@ export function buildAuditPresentation(audit, resolvedAuthTimestampsByKey, relat
             description: '运行时认证已完成。',
             category: 'audit',
             status: 'resolved',
-            chatId,
+            chatId: resolvedChatId,
             threadId,
             thread,
             about,
@@ -152,7 +159,7 @@ export function buildAuditPresentation(audit, resolvedAuthTimestampsByKey, relat
             description: [risk, '已进入审批队列'].filter(Boolean).join(' · ') || '工具调用已进入审批队列。',
             category: 'audit',
             status: undefined,
-            chatId,
+            chatId: resolvedChatId,
             threadId,
             thread,
             about,
@@ -168,7 +175,7 @@ export function buildAuditPresentation(audit, resolvedAuthTimestampsByKey, relat
             description: buildApprovalDecisionDescription(audit, relatedApproval, 'approved'),
             category: 'audit',
             status: 'approved',
-            chatId,
+            chatId: resolvedChatId,
             threadId,
             thread,
             about,
@@ -184,7 +191,7 @@ export function buildAuditPresentation(audit, resolvedAuthTimestampsByKey, relat
             description: buildApprovalDecisionDescription(audit, relatedApproval, 'rejected'),
             category: 'audit',
             status: 'rejected',
-            chatId,
+            chatId: resolvedChatId,
             threadId,
             thread,
             about,
@@ -200,7 +207,7 @@ export function buildAuditPresentation(audit, resolvedAuthTimestampsByKey, relat
             description: buildRuntimeSessionDescription(audit, '运行时会话开始执行。'),
             category: 'audit',
             status: 'active',
-            chatId,
+            chatId: resolvedChatId,
             threadId,
             thread,
             about,
@@ -216,7 +223,7 @@ export function buildAuditPresentation(audit, resolvedAuthTimestampsByKey, relat
             description: buildRuntimeSessionDescription(audit, '运行时会话已暂停。'),
             category: 'audit',
             status: 'paused',
-            chatId,
+            chatId: resolvedChatId,
             threadId,
             thread,
             about,
@@ -232,7 +239,7 @@ export function buildAuditPresentation(audit, resolvedAuthTimestampsByKey, relat
             description: buildRuntimeSessionDescription(audit, '运行时会话已完成。'),
             category: 'audit',
             status: 'completed',
-            chatId,
+            chatId: resolvedChatId,
             threadId,
             thread,
             about,
@@ -248,7 +255,7 @@ export function buildAuditPresentation(audit, resolvedAuthTimestampsByKey, relat
             description: buildRuntimeSessionDescription(audit, '运行时会话执行失败。'),
             category: 'audit',
             status: 'error',
-            chatId,
+            chatId: resolvedChatId,
             threadId,
             thread,
             about,
@@ -263,7 +270,7 @@ export function buildAuditPresentation(audit, resolvedAuthTimestampsByKey, relat
         description: actorRoleLabel,
         category: 'audit',
         status: undefined,
-        chatId,
+        chatId: resolvedChatId,
         threadId,
         thread,
         about,

package/dist/audit.schema.d.ts

@@ -6,6 +6,8 @@ export declare const auditResource: import("@undefineds.co/drizzle-solid/dist/co
     actorRole: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, true, false>;
     onBehalfOf: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
     session: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
+    chat: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
+    thread: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
     entry: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
     toolCallId: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, false, false>;
     toolName: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, false, false>;
@@ -22,6 +24,8 @@ export declare const auditTable: import("@undefineds.co/drizzle-solid/dist/core/
     actorRole: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, true, false>;
     onBehalfOf: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
     session: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
+    chat: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
+    thread: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
     entry: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"uri", null, false, false>;
     toolCallId: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, false, false>;
     toolName: import("@undefineds.co/drizzle-solid/dist/core/schema").ColumnBuilder<"string", null, false, false>;

package/dist/audit.schema.js

@@ -1,5 +1,8 @@
 import { extractPodResourceTemplateValue, podTable, uri, string, timestamp, id } from '@undefineds.co/drizzle-solid';
 import { UDFS, DCTerms } from './namespaces.js';
+import { chatResource } from './chat.schema.js';
+import { threadResource } from './thread.schema.js';
+import { asPodResourceTemplateTarget } from './repository.js';
 export function buildAuditSubjectPath(auditId, createdAt = new Date()) {
     const date = createdAt instanceof Date ? createdAt : new Date(createdAt);
     const safeDate = Number.isFinite(date.getTime()) ? date : new Date();
@@ -21,6 +24,8 @@ export const auditResource = podTable('audit', {
     onBehalfOf: uri('onBehalfOf').predicate(UDFS.onBehalfOf),
     // Relations
     session: uri('session').predicate(UDFS.session),
+    chat: uri('chat').predicate(UDFS.conversation).link(chatResource),
+    thread: uri('thread').predicate(UDFS.inThread).link(threadResource),
     entry: uri('entry').predicate(UDFS.entry),
     toolCallId: string('toolCallId').predicate(UDFS.toolCallId),
     toolName: string('toolName').predicate(UDFS.toolName),
@@ -41,7 +46,7 @@ export function extractAuditIdFromAuditRef(auditRef) {
     if (auditRef && !/[/:#]/.test(auditRef)) {
         return auditRef;
     }
-    return extractPodResourceTemplateValue(auditResource, auditRef);
+    return extractPodResourceTemplateValue(asPodResourceTemplateTarget(auditResource), auditRef);
 }
 // Compatibility alias. New model code should prefer `auditResource`.
 export const auditTable = auditResource;

package/dist/bin/udfs.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/bin/udfs.js

@@ -0,0 +1,430 @@
+#!/usr/bin/env node
+import { createPodStorage, podSchema, XPOD_CREDENTIAL, } from '../index.js';
+async function main(argv) {
+    const [area, action, ...rest] = argv;
+    if (!area || area === 'help' || area === '--help' || area === '-h') {
+        printHelp();
+        return;
+    }
+    if (area === 'schema') {
+        handleSchema(action, rest);
+        return;
+    }
+    if (area === 'storage') {
+        handleStorage(action, rest);
+        return;
+    }
+    if (area === 'consensus') {
+        await handleConsensus(action, rest);
+        return;
+    }
+    throw new Error(`Unknown udfs command: ${area}`);
+}
+function handleSchema(action, args) {
+    if (action === 'list') {
+        writeJson(podSchema.list());
+        return;
+    }
+    if (action === 'describe') {
+        const uri = args[0];
+        if (!uri)
+            throw new Error('Usage: udfs schema describe <uri>');
+        const descriptor = podSchema.describe({ uri });
+        if (!descriptor)
+            throw new Error(`Descriptor not found: ${uri}`);
+        writeJson(descriptor);
+        return;
+    }
+    if (action === 'classes') {
+        writeJson(podSchema.classes({
+            uri: readOption(args, '--uri'),
+        }));
+        return;
+    }
+    if (action === 'search') {
+        const query = readOption(args, '--query') ?? args[0];
+        if (!query)
+            throw new Error('Usage: udfs schema search --query <text>');
+        writeJson(podSchema.search({
+            query,
+            source: readOption(args, '--source'),
+            resourceKind: readOption(args, '--resource-kind'),
+            limit: readNumberOption(args, '--limit'),
+        }));
+        return;
+    }
+    if (action === 'predicates') {
+        writeJson(podSchema.predicates({
+            uri: readOption(args, '--uri'),
+            field: readOption(args, '--field'),
+        }));
+        return;
+    }
+    throw new Error(`Unknown schema command: ${action ?? '(missing)'}`);
+}
+function handleStorage(action, args) {
+    if (action === 'validate') {
+        const input = readInputPayload(args, 'udfs storage validate --input \'<mutation-json>\'');
+        writeJson(createPodStorage().validate(input));
+        return;
+    }
+    throw new Error(`Unknown storage command: ${action ?? '(missing)'}`);
+}
+async function handleConsensus(action, args) {
+    if (!action || action === '--help' || action === '-h') {
+        printConsensusHelp();
+        return;
+    }
+    const allArgs = [action, ...args];
+    const input = readConsensusInput(allArgs);
+    const result = await resolveConsensusRequest({
+        sessionId: input.session_id,
+        request: input.request,
+        tokenType: input.answers?.token_type ?? 'tunnel-token',
+        conversation: input.conversation_id ?? process.env.UDFS_CONSENSUS_CONVERSATION_ID,
+    });
+    if (allArgs.includes('--json')) {
+        writeJson(result);
+        return;
+    }
+    process.stdout.write(`Consensus: ${input.request}\n`);
+    if (result.session_id) {
+        process.stdout.write(`Session: ${result.session_id}\n`);
+    }
+    process.stdout.write(`Consensus runtime: ${result.consensusRuntime.mode}${result.consensusRuntime.mode === 'remote' ? ` (${result.consensusRuntime.baseUrl})` : ''}\n`);
+    if (result.consensusResponse?.conversationId) {
+        process.stdout.write(`Conversation: ${result.consensusResponse.conversationId}\n`);
+    }
+    process.stdout.write(`Clarification: ${result.first.questions[0].question}\n`);
+    process.stdout.write(`Answer: ${input.answers?.token_type ?? 'tunnel-token'}\n`);
+    process.stdout.write(`Schema: ${result.resolved.schemaUri}\n`);
+    process.stdout.write(`Descriptor storage: ${result.descriptor.storage.base}${result.descriptor.storage.resourceIdPattern}\n`);
+}
+function resolveConsensusRuntime() {
+    const baseUrl = process.env.UDFS_CONSENSUS_BASE_URL;
+    const token = process.env.UDFS_CONSENSUS_TOKEN;
+    if (baseUrl && token) {
+        return {
+            mode: 'remote',
+            baseUrl,
+            auth: 'runtime-token',
+        };
+    }
+    return {
+        mode: 'local-fallback',
+        auth: 'none',
+    };
+}
+async function resolveConsensusRequest(input) {
+    const runtime = resolveConsensusRuntime();
+    if (runtime.mode === 'remote') {
+        const remote = await callRemoteConsensus({
+            runtime,
+            sessionId: input.sessionId,
+            request: input.request,
+            conversation: input.conversation,
+        });
+        const parsed = parseRemoteConsensusPayload(remote.body);
+        const resolved = coerceResolvedConsensusPayload(parsed);
+        if (!resolved) {
+            throw new Error('Remote Consensus response did not contain a resolved schema payload');
+        }
+        return buildConsensusResult({
+            runtime,
+            sessionId: input.sessionId,
+            tokenType: input.tokenType,
+            fieldMapping: resolved.fieldMapping,
+            confidence: resolved.confidence,
+            response: {
+                id: remote.id,
+                conversationId: remote.conversationId,
+                parsed,
+            },
+        });
+    }
+    return buildConsensusResult({
+        runtime,
+        sessionId: input.sessionId,
+        tokenType: input.tokenType,
+    });
+}
+async function callRemoteConsensus(input) {
+    const token = process.env.UDFS_CONSENSUS_TOKEN;
+    if (!token) {
+        throw new Error('Remote Consensus requires injected UDFS_CONSENSUS_TOKEN');
+    }
+    const body = {
+        model: process.env.UDFS_CONSENSUS_MODEL ?? 'consensus-modeling',
+        input: [
+            {
+                role: 'user',
+                content: [
+                    {
+                        type: 'input_text',
+                        text: input.request,
+                    },
+                ],
+            },
+        ],
+        metadata: {
+            product: 'linx',
+            purpose: 'pod-storage',
+            ...(input.sessionId ? { session_id: input.sessionId } : {}),
+        },
+    };
+    if (input.conversation) {
+        body.conversation = input.conversation;
+    }
+    const response = await fetch(`${input.runtime.baseUrl.replace(/\/+$/u, '')}/responses`, {
+        method: 'POST',
+        headers: {
+            authorization: `Bearer ${token}`,
+            'content-type': 'application/json',
+        },
+        body: JSON.stringify(body),
+    });
+    const text = await response.text();
+    const parsedBody = text ? JSON.parse(text) : {};
+    if (!response.ok) {
+        throw new Error(`Remote Consensus request failed: ${response.status} ${text}`);
+    }
+    return {
+        id: typeof parsedBody.id === 'string' ? parsedBody.id : undefined,
+        conversationId: extractConversationId(parsedBody),
+        body: parsedBody,
+    };
+}
+function extractConversationId(body) {
+    if (typeof body.conversation === 'string')
+        return body.conversation;
+    if (body.conversation
+        && typeof body.conversation === 'object'
+        && 'id' in body.conversation
+        && typeof body.conversation.id === 'string') {
+        return body.conversation.id;
+    }
+    return undefined;
+}
+function parseRemoteConsensusPayload(body) {
+    if (isRecord(body) && typeof body.status === 'string') {
+        return body;
+    }
+    if (isRecord(body) && typeof body.output_text === 'string') {
+        return parseJsonMaybe(body.output_text);
+    }
+    if (isRecord(body) && Array.isArray(body.output)) {
+        for (const item of body.output) {
+            if (!isRecord(item) || !Array.isArray(item.content))
+                continue;
+            for (const content of item.content) {
+                if (!isRecord(content))
+                    continue;
+                const text = typeof content.text === 'string'
+                    ? content.text
+                    : typeof content.output_text === 'string'
+                        ? content.output_text
+                        : undefined;
+                if (!text)
+                    continue;
+                const parsed = parseJsonMaybe(text);
+                if (parsed)
+                    return parsed;
+            }
+        }
+    }
+    if (isRecord(body) && Array.isArray(body.choices)) {
+        for (const choice of body.choices) {
+            if (!isRecord(choice) || !isRecord(choice.message))
+                continue;
+            if (typeof choice.message.content !== 'string')
+                continue;
+            const parsed = parseJsonMaybe(choice.message.content);
+            if (parsed)
+                return parsed;
+        }
+    }
+    return undefined;
+}
+function coerceResolvedConsensusPayload(payload) {
+    if (!isRecord(payload) || payload.status !== 'resolved')
+        return null;
+    const schemaUri = stringField(payload, 'schemaUri') ?? stringField(payload, 'uri');
+    if (schemaUri !== XPOD_CREDENTIAL.Credential)
+        return null;
+    if (!isRecord(payload.fieldMapping))
+        return null;
+    const service = stringField(payload.fieldMapping, 'service');
+    const providerId = stringField(payload.fieldMapping, 'providerId');
+    const secretType = stringField(payload.fieldMapping, 'secretType');
+    if (!service || !providerId || !secretType)
+        return null;
+    return {
+        fieldMapping: {
+            service,
+            providerId,
+            secretType,
+            label: stringField(payload.fieldMapping, 'label'),
+            status: stringField(payload.fieldMapping, 'status'),
+        },
+        confidence: typeof payload.confidence === 'number' ? payload.confidence : undefined,
+    };
+}
+function parseJsonMaybe(text) {
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return undefined;
+    }
+}
+function isRecord(value) {
+    return typeof value === 'object' && value !== null;
+}
+function stringField(record, field) {
+    const value = record[field];
+    return typeof value === 'string' && value.trim() ? value : undefined;
+}
+function buildConsensusResult(input) {
+    const first = {
+        status: 'needs_clarification',
+        questions: [
+            {
+                id: 'token_type',
+                question: '这是 Cloudflare API Token 还是 Tunnel Token？',
+                options: ['tunnel-token', 'api-token'],
+            },
+        ],
+    };
+    const resolved = {
+        status: 'resolved',
+        schemaUri: XPOD_CREDENTIAL.Credential,
+        fieldMapping: {
+            service: input.fieldMapping?.service ?? 'infra',
+            providerId: input.fieldMapping?.providerId ?? 'cloudflare',
+            secretType: input.fieldMapping?.secretType ?? input.tokenType,
+            label: input.fieldMapping?.label
+                ?? defaultCredentialLabel(input.fieldMapping?.providerId ?? 'cloudflare', input.fieldMapping?.secretType ?? input.tokenType),
+            status: input.fieldMapping?.status ?? 'active',
+        },
+        confidence: input.confidence ?? (input.tokenType === 'tunnel-token' ? 0.96 : 0.94),
+    };
+    const descriptor = podSchema.describe({ uri: resolved.schemaUri });
+    if (!descriptor) {
+        throw new Error(`Descriptor not found: ${resolved.schemaUri}`);
+    }
+    return {
+        session_id: input.sessionId,
+        consensusRuntime: input.runtime,
+        consensusResponse: input.response,
+        first,
+        resolved,
+        descriptor: {
+            uri: descriptor.uri,
+            storage: descriptor.storage,
+        },
+    };
+}
+function readOption(args, name) {
+    const index = args.indexOf(name);
+    if (index === -1)
+        return undefined;
+    const value = args[index + 1];
+    return value && !value.startsWith('--') ? value : undefined;
+}
+function readNumberOption(args, name) {
+    const value = readOption(args, name);
+    if (!value)
+        return undefined;
+    const parsed = Number(value);
+    if (!Number.isFinite(parsed) || parsed <= 0) {
+        throw new Error(`${name} must be a positive number`);
+    }
+    return Math.floor(parsed);
+}
+function readConsensusInput(args) {
+    if (args[0] === 'model') {
+        throw new Error('Use: udfs consensus --input \'<json>\'');
+    }
+    const parsed = readInputPayload(args, 'udfs consensus --input \'<json>\' --json');
+    if (!isRecord(parsed)) {
+        throw new Error('Consensus input must be a JSON object');
+    }
+    const request = stringField(parsed, 'request')
+        ?? stringField(parsed, 'message')
+        ?? stringField(parsed, 'text');
+    if (!request) {
+        throw new Error('Consensus input requires a non-empty request field');
+    }
+    const answers = isRecord(parsed.answers) ? parsed.answers : {};
+    const tokenTypeText = stringField(answers, 'token_type') ?? stringField(parsed, 'token_type');
+    const tokenType = coerceTokenType(tokenTypeText);
+    if (tokenTypeText && !tokenType) {
+        throw new Error(`Unsupported token type: ${tokenTypeText}`);
+    }
+    return {
+        session_id: stringField(parsed, 'session_id'),
+        request,
+        answers: tokenType ? { token_type: tokenType } : undefined,
+        conversation_id: stringField(parsed, 'conversation_id') ?? stringField(parsed, 'conversation'),
+    };
+}
+function coerceTokenType(value) {
+    if (value === 'tunnel-token' || value === 'api-token') {
+        return value;
+    }
+    return undefined;
+}
+function defaultCredentialLabel(providerId, secretType) {
+    const providerLabel = providerId
+        .split(/[-_.]/g)
+        .filter(Boolean)
+        .map((part) => `${part.slice(0, 1).toUpperCase()}${part.slice(1)}`)
+        .join(' ');
+    const secretLabel = secretType
+        .split(/[-_.]/g)
+        .filter(Boolean)
+        .map((part) => part.toLowerCase() === 'api' ? 'API' : `${part.slice(0, 1).toUpperCase()}${part.slice(1)}`)
+        .join(' ');
+    return `${providerLabel} ${secretLabel}`;
+}
+function readInputPayload(args, usage) {
+    const raw = readOption(args, '--input');
+    if (!raw) {
+        throw new Error(`Usage: ${usage}`);
+    }
+    return JSON.parse(raw);
+}
+function writeJson(value) {
+    process.stdout.write(`${JSON.stringify(value, null, 2)}\n`);
+}
+function printHelp() {
+    process.stdout.write(`udfs - Undefineds Pod data semantics tool
+
+Usage:
+  udfs schema list
+  udfs schema search --query <text>
+  udfs schema describe <uri>
+  udfs schema classes [--uri <uri>]
+  udfs schema predicates [--uri <uri>] [--field <field>]
+  udfs consensus --input '{"session_id":"sess_123","request":"我要保存这个 Cloudflare token","answers":{"token_type":"tunnel-token"}}' --json
+  udfs storage validate --input '<mutation-json>'
+
+Runtime:
+  Remote Consensus uses UDFS_CONSENSUS_BASE_URL plus UDFS_CONSENSUS_TOKEN when injected by LinX/linx-lite.
+  Do not pass user API keys on the command line.
+`);
+}
+function printConsensusHelp() {
+    process.stdout.write(`udfs consensus - Ask Consensus how a storage request should be represented
+
+Usage:
+  udfs consensus --input '{"session_id":"sess_123","request":"我要保存这个 Cloudflare token","answers":{"token_type":"tunnel-token"}}' --json
+
+Runtime:
+  Remote Consensus uses UDFS_CONSENSUS_BASE_URL plus UDFS_CONSENSUS_TOKEN when injected by LinX/linx-lite.
+`);
+}
+main(process.argv.slice(2)).catch((error) => {
+    process.stderr.write(`${error instanceof Error ? error.message : String(error)}\n`);
+    process.exitCode = 1;
+});