@vorionsys/contracts 0.1.0 → 0.1.2

package/CHANGELOG.md

@@ -0,0 +1,44 @@
+# Changelog
+
+All notable changes to `@vorionsys/contracts` will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.1.2] - 2026-02-17
+
+### Changed
+- Pinned internal workspace dependencies to real version ranges for npm publish
+
+## [0.1.1] - 2026-02-16
+
+### Added
+- Comprehensive README with full API reference, usage examples, and subpath import documentation
+- CHANGELOG.md for tracking version history
+- Extended keywords in package.json for npm discoverability
+
+### Changed
+- Updated package.json `files` field to include README.md, CHANGELOG.md, and LICENSE instead of non-existent `schemas` directory
+- Improved package.json description to mention Zod validators and TypeScript types
+
+### Fixed
+- README license section now correctly states Apache-2.0 (was incorrectly listed as MIT)
+
+## [0.1.0] - 2026-01-15
+
+### Added
+- Initial release of `@vorionsys/contracts`
+- v2 contract types: Intent, Decision, FluidDecision, TrustProfile, ProofEvent, PolicyBundle
+- Trust system: TrustBand (T0-T7), ObservationTier, TrustDimensions, TrustWeights, TrustDynamics
+- Decision system: DecisionTier (GREEN/YELLOW/RED), RefinementAction, WorkflowState, FluidDecision
+- ATSF v2.0 types: CanaryProbe, CanaryCategory, PreActionGate, RiskLevel, GateVerification
+- ERPL compliance types: Evidence and Retention contracts
+- Canonical agent types with Zod schemas: AgentConfig, AgentTask, AgentLifecycleStatus, AgentRuntimeStatus, AgentPermission, AgentSpecialization, AgentCapability
+- Canonical governance module: trust bands, trust scores, risk levels, trust signals, middleware types
+- CAR (Categorical Agent Registry): parseCAR/generateCAR, CapabilityLevel (L0-L7), CertificationTier, RuntimeTier, attestations, JWT claims, effective permissions, domain/skill bitmasks
+- Validators module: Zod schemas for Intent, Decision, TrustProfile, ProofEvent with utility functions (validate, safeValidate, formatValidationErrors)
+- Common primitives: UUIDSchema, SemVerSchema, TimestampSchema, HashSchema, ActorSchema, TrustBandSchema, AutonomyLevelSchema
+- Feature flag registry: FLAGS constant, FLAG_METADATA, isFeatureEnabled, getEnabledFeatures, getFlagsByCategory, getFlagsByPhase
+- Database schemas: Drizzle ORM table definitions for agents, tenants, attestations, proofs, and more
+- ACI module (deprecated alias for CAR, backwards compatibility)
+- Subpath exports for granular imports: /common, /v2, /validators, /car, /aci, /canonical, /db

package/LICENSE

@@ -0,0 +1,190 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to the Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by the Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding any notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2026 Vorion, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,435 @@
+# @vorionsys/contracts
+
+Shared schemas, types, and validators for the Vorion platform -- the single source of truth for trust profiles, intents, decisions, proof events, governance types, and feature flags used across all Vorion services.
+
+## Installation
+
+```bash
+npm install @vorionsys/contracts
+```
+
+**Peer dependency:** TypeScript >= 5.0 (required for type inference).
+
+## What This Package Provides
+
+| Category | Description |
+|---|---|
+| **v2 Contract Types** | TypeScript interfaces for Intent, Decision, TrustProfile, ProofEvent, PolicyBundle, CanaryProbe, PreActionGate, Evidence, and Retention |
+| **Enums & Constants** | `TrustBand`, `ObservationTier`, `DecisionTier`, `ActionType`, `DataSensitivity`, `ProofEventType`, `RiskLevel`, and more |
+| **Canonical Agent Types** | Zod-validated schemas for agent lifecycle, runtime status, capabilities, permissions, tasks, configuration, and governance |
+| **CAR (Categorical Agent Registry)** | Agent identity, CAR string parsing/generation, capability levels (L0-L7), certification/runtime tiers (T0-T7), attestations, JWT claims, effective permissions, domain/skill bitmasks |
+| **Validators** | Zod schemas for runtime validation of intents, decisions, trust profiles, and proof events |
+| **Common Primitives** | UUID, SemVer, Timestamp, Hash, Actor, TrustBand, AutonomyLevel, Severity, and RiskLevel schemas |
+| **Feature Flags** | Centralized `FLAGS` registry with metadata, categories, and utility functions |
+| **Database Schemas** | Drizzle ORM table definitions for agents, tenants, attestations, proofs, and more |
+
+## Quick Start
+
+```typescript
+import {
+  // Enums
+  ObservationTier,
+  TrustBand,
+  DecisionTier,
+  ActionType,
+
+  // Interfaces (v2 contracts)
+  type Intent,
+  type Decision,
+  type TrustProfile,
+  type ProofEvent,
+
+  // Canonical agent schemas (Zod)
+  agentConfigSchema,
+  agentLifecycleStatusSchema,
+
+  // Feature flags
+  FLAGS,
+  isFeatureEnabled,
+
+  // Canonical namespace
+  Canonical,
+} from '@vorionsys/contracts';
+
+// Use enums directly
+const band = TrustBand.T4_STANDARD;
+const tier = ObservationTier.GRAY_BOX;
+
+// Validate agent config with Zod
+const config = agentConfigSchema.parse({
+  agentId: 'agent-001',
+  userId: 'user-001',
+  userRole: 'operator',
+  status: 'active',
+  trustScore: 750,
+  name: 'Invoice Processor',
+  capabilities: ['execute', 'external'],
+});
+
+// Check feature flags
+if (isFeatureEnabled(FLAGS.TRUST_EDGE_CACHE)) {
+  // edge caching is enabled
+}
+```
+
+## Subpath Imports
+
+The package exposes granular entry points so you only import what you need:
+
+```typescript
+// Root -- v2 types + canonical agent types + feature flags
+import { TrustBand, ObservationTier, FLAGS } from '@vorionsys/contracts';
+
+// Common shared primitives and legacy types
+import { UUIDSchema, ActorSchema, TrustBandSchema } from '@vorionsys/contracts/common';
+
+// v2 contract types
+import type { Intent, Decision, TrustProfile } from '@vorionsys/contracts/v2';
+
+// Zod validators for v2 types
+import {
+  intentSchema,
+  decisionSchema,
+  trustProfileSchema,
+  validate,
+  safeValidate,
+} from '@vorionsys/contracts/validators';
+
+// CAR (Categorical Agent Registry) -- identity, capabilities, tiers
+import {
+  parseCAR,
+  generateCAR,
+  CapabilityLevel,
+  CertificationTier,
+  RuntimeTier,
+  calculateEffectivePermission,
+} from '@vorionsys/contracts/car';
+
+// Canonical governance types
+import {
+  type TrustBandName,
+  type TrustScoreRange,
+  type RiskLevel,
+} from '@vorionsys/contracts/canonical';
+
+// Canonical governance (direct subpath)
+import { ... } from '@vorionsys/contracts/canonical/governance';
+
+// Database schemas (Drizzle ORM)
+import { agents, tenants, type Agent } from '@vorionsys/contracts/db';
+```
+
+## Usage Examples
+
+### Validating Data with Zod Schemas
+
+```typescript
+import {
+  intentSchema,
+  validate,
+  safeValidate,
+  formatValidationErrors,
+} from '@vorionsys/contracts/validators';
+
+// Throws ZodError on invalid data
+const intent = validate(intentSchema, incomingData);
+
+// Returns a result object instead of throwing
+const result = safeValidate(intentSchema, incomingData);
+if (result.success) {
+  console.log('Valid intent:', result.data);
+} else {
+  console.error(formatValidationErrors(result.errors));
+}
+```
+
+### Canonical Agent Configuration
+
+```typescript
+import {
+  agentConfigSchema,
+  agentCapabilitySchema,
+  type AgentConfig,
+  type AgentLifecycleStatus,
+  canTransitionLifecycleStatus,
+} from '@vorionsys/contracts';
+
+// Validate and narrow types
+const config: AgentConfig = agentConfigSchema.parse(rawData);
+
+// Check lifecycle transitions
+const canActivate = canTransitionLifecycleStatus('training', 'active'); // true
+const canArchive = canTransitionLifecycleStatus('archived', 'active');  // false
+```
+
+### CAR String Parsing and Generation
+
+```typescript
+import {
+  parseCAR,
+  generateCAR,
+  CapabilityLevel,
+  calculateEffectivePermission,
+  CertificationTier,
+  RuntimeTier,
+} from '@vorionsys/contracts/car';
+
+// Parse a CAR string into its components
+const parsed = parseCAR('a3i.acme-corp.invoice-bot:ABF-L3@1.0.0');
+// => { registry: 'a3i', organization: 'acme-corp', agentClass: 'invoice-bot',
+//      domains: ['A', 'B', 'F'], level: 3, version: '1.0.0' }
+
+// Generate a CAR string
+const car = generateCAR({
+  registry: 'a3i',
+  organization: 'acme-corp',
+  agentClass: 'invoice-bot',
+  domains: ['A', 'B', 'F'],
+  level: CapabilityLevel.L3_EXECUTE,
+  version: '1.0.0',
+});
+// => 'a3i.acme-corp.invoice-bot:ABF-L3@1.0.0'
+
+// Calculate effective permission
+const permission = calculateEffectivePermission({
+  certificationTier: CertificationTier.T3_MONITORED,
+  competenceLevel: CapabilityLevel.L4_STANDARD,
+  runtimeTier: RuntimeTier.T3_MONITORED,
+  observabilityCeiling: 4,
+  contextPolicyCeiling: 3,
+});
+```
+
+### Feature Flags
+
+```typescript
+import {
+  FLAGS,
+  isFeatureEnabled,
+  getEnabledFeatures,
+  getFlagsByCategory,
+  getFlagMeta,
+  type FeatureFlag,
+} from '@vorionsys/contracts';
+
+// Check a flag (uses defaultEnabled from metadata)
+if (isFeatureEnabled(FLAGS.PROOF_STREAMING)) {
+  // enable streaming proof pipeline
+}
+
+// Check with overrides (useful for testing)
+const enabled = isFeatureEnabled(FLAGS.ZK_PROOFS, {
+  [FLAGS.ZK_PROOFS]: true,
+});
+
+// Get all trust-related flags
+const trustFlags = getFlagsByCategory('trust');
+
+// Get metadata for a flag
+const meta = getFlagMeta(FLAGS.MERKLE_PROOFS);
+// => { flag: 'merkle_proofs', name: 'Merkle Proofs', category: 'crypto', phase: 7, ... }
+```
+
+### Common Primitives
+
+```typescript
+import {
+  UUIDSchema,
+  TimestampSchema,
+  HashSchema,
+  ActorSchema,
+  TrustBandSchema,
+  DecisionOutcomeSchema,
+  type Actor,
+  type UUID,
+} from '@vorionsys/contracts/common';
+
+// Validate a UUID
+const id: UUID = UUIDSchema.parse('550e8400-e29b-41d4-a716-446655440000');
+
+// Validate an actor
+const actor: Actor = ActorSchema.parse({
+  type: 'AGENT',
+  id: 'agent-001',
+  name: 'Invoice Bot',
+});
+```
+
+## API Reference
+
+### Root Exports (`@vorionsys/contracts`)
+
+Re-exports everything from v2 contracts, canonical agent types, and feature flags.
+
+#### Enums
+
+| Export | Description |
+|---|---|
+| `TrustBand` | Trust bands T0 (Sandbox) through T7 (Autonomous) |
+| `ObservationTier` | Observation tiers: BLACK_BOX, GRAY_BOX, WHITE_BOX, ATTESTED_BOX, VERIFIED_BOX |
+| `DecisionTier` | Three-tier governance: GREEN, YELLOW, RED |
+| `ActionType` | Action categories: read, write, delete, execute, communicate, transfer |
+| `DataSensitivity` | Data classification: PUBLIC, INTERNAL, CONFIDENTIAL, RESTRICTED |
+| `Reversibility` | Action reversibility: REVERSIBLE, PARTIALLY_REVERSIBLE, IRREVERSIBLE |
+| `ProofEventType` | Proof event types: intent_received, decision_made, trust_delta, etc. |
+| `ComponentType` | Component registry types: agent, service, adapter, policy_bundle |
+| `ComponentStatus` | Lifecycle: active, deprecated, retired |
+| `ApprovalType` | Approval types: none, human_review, automated_check, multi_party |
+| `RefinementAction` | Refinement actions for YELLOW decisions |
+| `WorkflowState` | Workflow lifecycle states |
+| `DenialReason` | Structured denial reason codes |
+| `RiskProfile` | Temporal risk profiles for outcome tracking |
+
+#### Interfaces (v2 Contracts)
+
+| Export | Description |
+|---|---|
+| `TrustProfile` | Complete agent trust state with dimensions, weights, and evidence |
+| `TrustDimensions` | Five trust dimensions: CT, BT, GT, XT, AC |
+| `Intent` | Agent action request with resource scope and context |
+| `Decision` | Authorization result with constraints and reasoning |
+| `FluidDecision` | Extended decision with GREEN/YELLOW/RED tiers and refinement |
+| `ProofEvent` | Immutable hash-chained audit trail entry |
+| `PolicyBundle` | Collection of governance policy rules |
+| `CanaryProbe` | ATSF v2.0 continuous behavioral verification probe |
+| `PreActionGateConfig` | Pre-action verification gate configuration |
+| `WorkflowInstance` | Tracks intent lifecycle through governance |
+
+#### Constants
+
+| Export | Description |
+|---|---|
+| `OBSERVATION_CEILINGS` | Trust ceiling values per observation tier |
+| `DEFAULT_TRUST_WEIGHTS` | Default weights for trust dimensions |
+| `DEFAULT_BAND_THRESHOLDS` | Score thresholds for T0-T7 bands |
+| `DEFAULT_TRUST_DYNAMICS` | Asymmetric trust gain/loss configuration |
+| `DEFAULT_CANARY_CONFIG` | Canary probe injection defaults |
+| `DEFAULT_GATE_CONFIG` | Pre-action gate defaults |
+| `TRUST_THRESHOLDS` | Trust thresholds per risk level |
+| `EVIDENCE_TYPE_MULTIPLIERS` | Weight multipliers per evidence type |
+| `RISK_PROFILE_WINDOWS` | Outcome windows per risk profile |
+
+#### Feature Flags
+
+| Export | Description |
+|---|---|
+| `FLAGS` | Feature flag registry (const object) |
+| `FLAG_METADATA` | Metadata for each flag (name, description, category, phase) |
+| `FeatureFlag` | Type for flag string values |
+| `FeatureFlagMeta` | Interface for flag metadata |
+| `isFeatureEnabled(flag, overrides?)` | Check if a flag is enabled |
+| `getEnabledFeatures(overrides?)` | Get all enabled flags |
+| `getFlagsByCategory(category)` | Get flags by category |
+| `getFlagsByPhase(phase)` | Get flags by implementation phase |
+| `getFlagMeta(flag)` | Get metadata for a flag |
+
+#### Canonical Agent Types
+
+| Export | Description |
+|---|---|
+| `AgentLifecycleStatus` | draft, training, active, suspended, archived |
+| `AgentRuntimeStatus` | IDLE, WORKING, PAUSED, ERROR, OFFLINE |
+| `AgentPermission` | execute, external, delegate, spawn, admin |
+| `AgentSpecialization` | core, security, development, operations, etc. |
+| `AgentConfig` | Full agent configuration interface |
+| `AgentTask` | Task assignment structure |
+| `agentConfigSchema` | Zod schema for AgentConfig validation |
+| `agentTaskSchema` | Zod schema for AgentTask validation |
+| `agentCapabilitySchema` | Zod schema for AgentCapability validation |
+| `canTransitionLifecycleStatus()` | Validates lifecycle state transitions |
+
+### Validators (`@vorionsys/contracts/validators`)
+
+| Export | Description |
+|---|---|
+| `intentSchema` | Zod schema for Intent validation |
+| `decisionSchema` | Zod schema for Decision validation |
+| `trustProfileSchema` | Zod schema for TrustProfile validation |
+| `proofEventSchema` | Zod schema for ProofEvent validation |
+| `trustDimensionsSchema` | Zod schema for TrustDimensions |
+| `validate(schema, data)` | Validates and throws on failure |
+| `safeValidate(schema, data)` | Validates and returns result object |
+| `formatValidationErrors(errors)` | Formats ZodIssue[] for display |
+
+### CAR Module (`@vorionsys/contracts/car`)
+
+| Export | Description |
+|---|---|
+| `parseCAR(str)` / `tryParseCAR(str)` | Parse CAR strings into components |
+| `generateCAR(options)` | Generate CAR string from components |
+| `validateCAR(str)` / `isValidCAR(str)` | Validate CAR string format |
+| `CapabilityLevel` | Enum: L0_NONE through L7_AUTONOMOUS |
+| `CertificationTier` | Enum: T0_SANDBOX through T7_AUTONOMOUS |
+| `RuntimeTier` | Enum: T0_SANDBOX through T7_AUTONOMOUS |
+| `calculateEffectivePermission()` | Compute effective permission from context |
+| `createAgentIdentity()` | Create a new AgentIdentity record |
+| `generateJWTClaims()` | Generate OIDC JWT claims for an agent |
+| `createAttestation()` / `verifyAttestation()` | Attestation management |
+| `encodeDomains()` / `decodeDomains()` | Domain bitmask operations |
+| `encodeSkills()` / `decodeSkills()` | Skill bitmask operations |
+
+### Common Module (`@vorionsys/contracts/common`)
+
+| Export | Description |
+|---|---|
+| `UUIDSchema` | Zod UUID validator |
+| `SemVerSchema` | Zod SemVer string validator |
+| `TimestampSchema` | Zod ISO datetime validator |
+| `HashSchema` | Zod SHA-256 hex string validator |
+| `ActorSchema` | Zod Actor object validator |
+| `TrustBandSchema` | Zod TrustBand enum validator (T0-T7) |
+| `AutonomyLevelSchema` | Zod AutonomyLevel enum validator |
+| `DecisionOutcomeSchema` | Zod DecisionOutcome enum validator |
+| `SeveritySchema` | Zod Severity level validator |
+| `RiskLevelSchema` | Zod RiskLevel validator |
+| `VorionError` | Base error class with code and details |
+| `TrustInsufficientError` | Typed error for trust level failures |
+
+### Canonical Module (`@vorionsys/contracts/canonical`)
+
+Governance and agent classification schemas including trust bands, trust scores, risk levels, trust signals, governance rules, and middleware types with runtime Zod validation.
+
+### Database Module (`@vorionsys/contracts/db`)
+
+Drizzle ORM table definitions for the platform database: `agents`, `tenants`, `attestations`, `stateTransitions`, `approvalRequests`, `apiKeys`, `intents`, `operations`, `proofs`, `merkle`, `escalations`, `webhooks`, `policyVersions`, `rbac`, `trust`, and `serviceAccounts`.
+
+## TypeScript
+
+All interfaces are exported as TypeScript types. Zod schemas can be used for runtime validation and type inference:
+
+```typescript
+import type { z } from 'zod';
+import { intentSchema } from '@vorionsys/contracts/validators';
+import { agentConfigSchema } from '@vorionsys/contracts';
+
+// Infer types from Zod schemas
+type ValidatedIntent = z.infer<typeof intentSchema>;
+type ValidatedAgentConfig = z.infer<typeof agentConfigSchema>;
+```
+
+For v2 contract interfaces (non-Zod), import types directly:
+
+```typescript
+import type {
+  Intent,
+  Decision,
+  FluidDecision,
+  TrustProfile,
+  ProofEvent,
+  PolicyBundle,
+} from '@vorionsys/contracts';
+```
+
+## Requirements
+
+- Node.js >= 18.0.0
+- TypeScript >= 5.0.0 (peer dependency)
+- Runtime dependency: `zod` >= 3.24
+
+## License
+
+Apache-2.0
+
+## Repository
+
+[https://github.com/voriongit/vorion](https://github.com/voriongit/vorion)