npm - @xemahq/kernel-contracts - Versions diffs - 0.1.0 - Mend

@xemahq/kernel-contracts 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (802) hide show

package/dist/agent-composition/index.d.ts +7 -0
package/dist/agent-composition/index.d.ts.map +1 -0
package/dist/agent-composition/index.js +23 -0
package/dist/agent-composition/index.js.map +1 -0
package/dist/agent-composition/lib/capability-layer.d.ts +11 -0
package/dist/agent-composition/lib/capability-layer.d.ts.map +1 -0
package/dist/agent-composition/lib/capability-layer.js +10 -0
package/dist/agent-composition/lib/capability-layer.js.map +1 -0
package/dist/agent-composition/lib/composition-limits-schema.d.ts +4 -0
package/dist/agent-composition/lib/composition-limits-schema.d.ts.map +1 -0
package/dist/agent-composition/lib/composition-limits-schema.js +13 -0
package/dist/agent-composition/lib/composition-limits-schema.js.map +1 -0
package/dist/agent-composition/lib/composition-workspace.d.ts +35 -0
package/dist/agent-composition/lib/composition-workspace.d.ts.map +1 -0
package/dist/agent-composition/lib/composition-workspace.js +9 -0
package/dist/agent-composition/lib/composition-workspace.js.map +1 -0
package/dist/agent-composition/lib/composition.d.ts +66 -0
package/dist/agent-composition/lib/composition.d.ts.map +1 -0
package/dist/agent-composition/lib/composition.js +18 -0
package/dist/agent-composition/lib/composition.js.map +1 -0
package/dist/agent-composition/lib/intrinsic-floor.d.ts +15 -0
package/dist/agent-composition/lib/intrinsic-floor.d.ts.map +1 -0
package/dist/agent-composition/lib/intrinsic-floor.js +22 -0
package/dist/agent-composition/lib/intrinsic-floor.js.map +1 -0
package/dist/agent-composition/lib/model-resolution-matrix.d.ts +38 -0
package/dist/agent-composition/lib/model-resolution-matrix.d.ts.map +1 -0
package/dist/agent-composition/lib/model-resolution-matrix.js +12 -0
package/dist/agent-composition/lib/model-resolution-matrix.js.map +1 -0
package/dist/agent-workspace/awp-spec.json +225 -0
package/dist/agent-workspace/index.d.ts +12 -0
package/dist/agent-workspace/index.d.ts.map +1 -0
package/dist/agent-workspace/index.js +28 -0
package/dist/agent-workspace/index.js.map +1 -0
package/dist/agent-workspace/lib/agent-run-context.d.ts +12 -0
package/dist/agent-workspace/lib/agent-run-context.d.ts.map +1 -0
package/dist/agent-workspace/lib/agent-run-context.js +3 -0
package/dist/agent-workspace/lib/agent-run-context.js.map +1 -0
package/dist/agent-workspace/lib/agent-tool-defaults.d.ts +21 -0
package/dist/agent-workspace/lib/agent-tool-defaults.d.ts.map +1 -0
package/dist/agent-workspace/lib/agent-tool-defaults.js +111 -0
package/dist/agent-workspace/lib/agent-tool-defaults.js.map +1 -0
package/dist/agent-workspace/lib/awp-v1.d.ts +15 -0
package/dist/agent-workspace/lib/awp-v1.d.ts.map +1 -0
package/dist/agent-workspace/lib/awp-v1.js +197 -0
package/dist/agent-workspace/lib/awp-v1.js.map +1 -0
package/dist/agent-workspace/lib/context-json.d.ts +35 -0
package/dist/agent-workspace/lib/context-json.d.ts.map +1 -0
package/dist/agent-workspace/lib/context-json.js +3 -0
package/dist/agent-workspace/lib/context-json.js.map +1 -0
package/dist/agent-workspace/lib/deliverable-spec-ref.d.ts +10 -0
package/dist/agent-workspace/lib/deliverable-spec-ref.d.ts.map +1 -0
package/dist/agent-workspace/lib/deliverable-spec-ref.js +33 -0
package/dist/agent-workspace/lib/deliverable-spec-ref.js.map +1 -0
package/dist/agent-workspace/lib/endpoint-fetch-spec.d.ts +31 -0
package/dist/agent-workspace/lib/endpoint-fetch-spec.d.ts.map +1 -0
package/dist/agent-workspace/lib/endpoint-fetch-spec.js +20 -0
package/dist/agent-workspace/lib/endpoint-fetch-spec.js.map +1 -0
package/dist/agent-workspace/lib/manifest.d.ts +28 -0
package/dist/agent-workspace/lib/manifest.d.ts.map +1 -0
package/dist/agent-workspace/lib/manifest.js +16 -0
package/dist/agent-workspace/lib/manifest.js.map +1 -0
package/dist/agent-workspace/lib/mount-apply.d.ts +42 -0
package/dist/agent-workspace/lib/mount-apply.d.ts.map +1 -0
package/dist/agent-workspace/lib/mount-apply.js +15 -0
package/dist/agent-workspace/lib/mount-apply.js.map +1 -0
package/dist/agent-workspace/lib/working-file.d.ts +20 -0
package/dist/agent-workspace/lib/working-file.d.ts.map +1 -0
package/dist/agent-workspace/lib/working-file.js +42 -0
package/dist/agent-workspace/lib/working-file.js.map +1 -0
package/dist/agent-workspace/lib/workspace-layout.d.ts +34 -0
package/dist/agent-workspace/lib/workspace-layout.d.ts.map +1 -0
package/dist/agent-workspace/lib/workspace-layout.js +31 -0
package/dist/agent-workspace/lib/workspace-layout.js.map +1 -0
package/dist/agent-workspace/lib/workspace-spec.d.ts +61 -0
package/dist/agent-workspace/lib/workspace-spec.d.ts.map +1 -0
package/dist/agent-workspace/lib/workspace-spec.js +19 -0
package/dist/agent-workspace/lib/workspace-spec.js.map +1 -0
package/dist/biome/index.d.ts +11 -0
package/dist/biome/index.d.ts.map +1 -0
package/dist/biome/index.js +27 -0
package/dist/biome/index.js.map +1 -0
package/dist/biome/lib/biome-api.d.ts +12 -0
package/dist/biome/lib/biome-api.d.ts.map +1 -0
package/dist/biome/lib/biome-api.js +14 -0
package/dist/biome/lib/biome-api.js.map +1 -0
package/dist/biome/lib/biome-capability-refs.d.ts +11 -0
package/dist/biome/lib/biome-capability-refs.d.ts.map +1 -0
package/dist/biome/lib/biome-capability-refs.js +12 -0
package/dist/biome/lib/biome-capability-refs.js.map +1 -0
package/dist/biome/lib/biome-engines.d.ts +6 -0
package/dist/biome/lib/biome-engines.d.ts.map +1 -0
package/dist/biome/lib/biome-engines.js +8 -0
package/dist/biome/lib/biome-engines.js.map +1 -0
package/dist/biome/lib/biome-lifecycle-hooks.d.ts +10 -0
package/dist/biome/lib/biome-lifecycle-hooks.d.ts.map +1 -0
package/dist/biome/lib/biome-lifecycle-hooks.js +12 -0
package/dist/biome/lib/biome-lifecycle-hooks.js.map +1 -0
package/dist/biome/lib/biome-lifecycle.d.ts +12 -0
package/dist/biome/lib/biome-lifecycle.d.ts.map +1 -0
package/dist/biome/lib/biome-lifecycle.js +16 -0
package/dist/biome/lib/biome-lifecycle.js.map +1 -0
package/dist/biome/lib/biome-manifest.d.ts +36 -0
package/dist/biome/lib/biome-manifest.d.ts.map +1 -0
package/dist/biome/lib/biome-manifest.js +38 -0
package/dist/biome/lib/biome-manifest.js.map +1 -0
package/dist/biome/lib/biome-permissions.d.ts +9 -0
package/dist/biome/lib/biome-permissions.d.ts.map +1 -0
package/dist/biome/lib/biome-permissions.js +11 -0
package/dist/biome/lib/biome-permissions.js.map +1 -0
package/dist/biome/lib/biome-scope.d.ts +9 -0
package/dist/biome/lib/biome-scope.d.ts.map +1 -0
package/dist/biome/lib/biome-scope.js +13 -0
package/dist/biome/lib/biome-scope.js.map +1 -0
package/dist/biome/lib/biome-trust-tier.d.ts +11 -0
package/dist/biome/lib/biome-trust-tier.d.ts.map +1 -0
package/dist/biome/lib/biome-trust-tier.js +15 -0
package/dist/biome/lib/biome-trust-tier.js.map +1 -0
package/dist/biome/lib/trust-tier-policies.d.ts +8 -0
package/dist/biome/lib/trust-tier-policies.d.ts.map +1 -0
package/dist/biome/lib/trust-tier-policies.js +66 -0
package/dist/biome/lib/trust-tier-policies.js.map +1 -0
package/dist/capability/index.d.ts +9 -0
package/dist/capability/index.d.ts.map +1 -0
package/dist/capability/index.js +25 -0
package/dist/capability/index.js.map +1 -0
package/dist/capability/lib/capability-contribution.d.ts +18 -0
package/dist/capability/lib/capability-contribution.d.ts.map +1 -0
package/dist/capability/lib/capability-contribution.js +23 -0
package/dist/capability/lib/capability-contribution.js.map +1 -0
package/dist/capability/lib/capability-grant.d.ts +22 -0
package/dist/capability/lib/capability-grant.d.ts.map +1 -0
package/dist/capability/lib/capability-grant.js +27 -0
package/dist/capability/lib/capability-grant.js.map +1 -0
package/dist/capability/lib/capability-policy.d.ts +12 -0
package/dist/capability/lib/capability-policy.d.ts.map +1 -0
package/dist/capability/lib/capability-policy.js +14 -0
package/dist/capability/lib/capability-policy.js.map +1 -0
package/dist/capability/lib/capability-ref.d.ts +19 -0
package/dist/capability/lib/capability-ref.d.ts.map +1 -0
package/dist/capability/lib/capability-ref.js +63 -0
package/dist/capability/lib/capability-ref.js.map +1 -0
package/dist/capability/lib/errors.d.ts +60 -0
package/dist/capability/lib/errors.d.ts.map +1 -0
package/dist/capability/lib/errors.js +73 -0
package/dist/capability/lib/errors.js.map +1 -0
package/dist/capability/lib/meta-tool.d.ts +77 -0
package/dist/capability/lib/meta-tool.d.ts.map +1 -0
package/dist/capability/lib/meta-tool.js +76 -0
package/dist/capability/lib/meta-tool.js.map +1 -0
package/dist/capability/lib/permission-profile.d.ts +35 -0
package/dist/capability/lib/permission-profile.d.ts.map +1 -0
package/dist/capability/lib/permission-profile.js +38 -0
package/dist/capability/lib/permission-profile.js.map +1 -0
package/dist/capability/lib/shell-command-descriptor.d.ts +19 -0
package/dist/capability/lib/shell-command-descriptor.d.ts.map +1 -0
package/dist/capability/lib/shell-command-descriptor.js +20 -0
package/dist/capability/lib/shell-command-descriptor.js.map +1 -0
package/dist/contribution/index.d.ts +5 -0
package/dist/contribution/index.d.ts.map +1 -0
package/dist/contribution/index.js +21 -0
package/dist/contribution/index.js.map +1 -0
package/dist/contribution/lib/contribution-kind.d.ts +44 -0
package/dist/contribution/lib/contribution-kind.d.ts.map +1 -0
package/dist/contribution/lib/contribution-kind.js +47 -0
package/dist/contribution/lib/contribution-kind.js.map +1 -0
package/dist/contribution/lib/contribution-source.d.ts +11 -0
package/dist/contribution/lib/contribution-source.d.ts.map +1 -0
package/dist/contribution/lib/contribution-source.js +14 -0
package/dist/contribution/lib/contribution-source.js.map +1 -0
package/dist/contribution/lib/contribution.d.ts +36 -0
package/dist/contribution/lib/contribution.d.ts.map +1 -0
package/dist/contribution/lib/contribution.js +56 -0
package/dist/contribution/lib/contribution.js.map +1 -0
package/dist/contribution/lib/registry.d.ts +25 -0
package/dist/contribution/lib/registry.d.ts.map +1 -0
package/dist/contribution/lib/registry.js +54 -0
package/dist/contribution/lib/registry.js.map +1 -0
package/dist/document-templates/index.d.ts +3 -0
package/dist/document-templates/index.d.ts.map +1 -0
package/dist/document-templates/index.js +19 -0
package/dist/document-templates/index.js.map +1 -0
package/dist/document-templates/lib/document-template.d.ts +24 -0
package/dist/document-templates/lib/document-template.d.ts.map +1 -0
package/dist/document-templates/lib/document-template.js +10 -0
package/dist/document-templates/lib/document-template.js.map +1 -0
package/dist/document-templates/lib/index.d.ts +3 -0
package/dist/document-templates/lib/index.d.ts.map +1 -0
package/dist/document-templates/lib/index.js +19 -0
package/dist/document-templates/lib/index.js.map +1 -0
package/dist/document-templates/lib/rendering-shape.d.ts +7 -0
package/dist/document-templates/lib/rendering-shape.d.ts.map +1 -0
package/dist/document-templates/lib/rendering-shape.js +20 -0
package/dist/document-templates/lib/rendering-shape.js.map +1 -0
package/dist/document-themes/index.d.ts +3 -0
package/dist/document-themes/index.d.ts.map +1 -0
package/dist/document-themes/index.js +19 -0
package/dist/document-themes/index.js.map +1 -0
package/dist/document-themes/lib/component-vocabulary.d.ts +16 -0
package/dist/document-themes/lib/component-vocabulary.d.ts.map +1 -0
package/dist/document-themes/lib/component-vocabulary.js +55 -0
package/dist/document-themes/lib/component-vocabulary.js.map +1 -0
package/dist/document-themes/lib/document-theme.d.ts +57 -0
package/dist/document-themes/lib/document-theme.d.ts.map +1 -0
package/dist/document-themes/lib/document-theme.js +10 -0
package/dist/document-themes/lib/document-theme.js.map +1 -0
package/dist/document-themes/lib/index.d.ts +3 -0
package/dist/document-themes/lib/index.d.ts.map +1 -0
package/dist/document-themes/lib/index.js +19 -0
package/dist/document-themes/lib/index.js.map +1 -0
package/dist/entitlement/index.d.ts +2 -0
package/dist/entitlement/index.d.ts.map +1 -0
package/dist/entitlement/index.js +18 -0
package/dist/entitlement/index.js.map +1 -0
package/dist/entitlement/lib/entitlement.d.ts +25 -0
package/dist/entitlement/lib/entitlement.d.ts.map +1 -0
package/dist/entitlement/lib/entitlement.js +54 -0
package/dist/entitlement/lib/entitlement.js.map +1 -0
package/dist/execution-context/index.d.ts +4 -0
package/dist/execution-context/index.d.ts.map +1 -0
package/dist/execution-context/index.js +20 -0
package/dist/execution-context/index.js.map +1 -0
package/dist/execution-context/lib/caller.d.ts +19 -0
package/dist/execution-context/lib/caller.d.ts.map +1 -0
package/dist/execution-context/lib/caller.js +22 -0
package/dist/execution-context/lib/caller.js.map +1 -0
package/dist/execution-context/lib/execution-context.d.ts +60 -0
package/dist/execution-context/lib/execution-context.d.ts.map +1 -0
package/dist/execution-context/lib/execution-context.js +58 -0
package/dist/execution-context/lib/execution-context.js.map +1 -0
package/dist/execution-context/lib/subject.d.ts +3 -0
package/dist/execution-context/lib/subject.d.ts.map +1 -0
package/dist/execution-context/lib/subject.js +11 -0
package/dist/execution-context/lib/subject.js.map +1 -0
package/dist/execution-environment/index.d.ts +4 -0
package/dist/execution-environment/index.d.ts.map +1 -0
package/dist/execution-environment/index.js +20 -0
package/dist/execution-environment/index.js.map +1 -0
package/dist/execution-environment/lib/approval-rule.d.ts +10 -0
package/dist/execution-environment/lib/approval-rule.d.ts.map +1 -0
package/dist/execution-environment/lib/approval-rule.js +12 -0
package/dist/execution-environment/lib/approval-rule.js.map +1 -0
package/dist/execution-environment/lib/built-in-environments.d.ts +16 -0
package/dist/execution-environment/lib/built-in-environments.d.ts.map +1 -0
package/dist/execution-environment/lib/built-in-environments.js +33 -0
package/dist/execution-environment/lib/built-in-environments.js.map +1 -0
package/dist/execution-environment/lib/execution-environment.d.ts +58 -0
package/dist/execution-environment/lib/execution-environment.d.ts.map +1 -0
package/dist/execution-environment/lib/execution-environment.js +89 -0
package/dist/execution-environment/lib/execution-environment.js.map +1 -0
package/dist/kernel-state/index.d.ts +4 -0
package/dist/kernel-state/index.d.ts.map +1 -0
package/dist/kernel-state/index.js +20 -0
package/dist/kernel-state/index.js.map +1 -0
package/dist/kernel-state/lib/adapter-kind.d.ts +5 -0
package/dist/kernel-state/lib/adapter-kind.d.ts.map +1 -0
package/dist/kernel-state/lib/adapter-kind.js +9 -0
package/dist/kernel-state/lib/adapter-kind.js.map +1 -0
package/dist/kernel-state/lib/kernel-state.d.ts +37 -0
package/dist/kernel-state/lib/kernel-state.d.ts.map +1 -0
package/dist/kernel-state/lib/kernel-state.js +9 -0
package/dist/kernel-state/lib/kernel-state.js.map +1 -0
package/dist/kernel-state/lib/key-grammar.d.ts +16 -0
package/dist/kernel-state/lib/key-grammar.d.ts.map +1 -0
package/dist/kernel-state/lib/key-grammar.js +56 -0
package/dist/kernel-state/lib/key-grammar.js.map +1 -0
package/dist/llm-gateway/index.d.ts +3 -0
package/dist/llm-gateway/index.d.ts.map +1 -0
package/dist/llm-gateway/index.js +19 -0
package/dist/llm-gateway/index.js.map +1 -0
package/dist/llm-gateway/lib/caller.d.ts +14 -0
package/dist/llm-gateway/lib/caller.d.ts.map +1 -0
package/dist/llm-gateway/lib/caller.js +11 -0
package/dist/llm-gateway/lib/caller.js.map +1 -0
package/dist/llm-gateway/lib/errors.d.ts +27 -0
package/dist/llm-gateway/lib/errors.d.ts.map +1 -0
package/dist/llm-gateway/lib/errors.js +36 -0
package/dist/llm-gateway/lib/errors.js.map +1 -0
package/dist/mcp-tool/index.d.ts +7 -0
package/dist/mcp-tool/index.d.ts.map +1 -0
package/dist/mcp-tool/index.js +23 -0
package/dist/mcp-tool/index.js.map +1 -0
package/dist/mcp-tool/lib/mcp-protocol.d.ts +75 -0
package/dist/mcp-tool/lib/mcp-protocol.d.ts.map +1 -0
package/dist/mcp-tool/lib/mcp-protocol.js +19 -0
package/dist/mcp-tool/lib/mcp-protocol.js.map +1 -0
package/dist/mcp-tool/lib/mcp-server-config.d.ts +8 -0
package/dist/mcp-tool/lib/mcp-server-config.d.ts.map +1 -0
package/dist/mcp-tool/lib/mcp-server-config.js +3 -0
package/dist/mcp-tool/lib/mcp-server-config.js.map +1 -0
package/dist/mcp-tool/lib/provider-kind.d.ts +10 -0
package/dist/mcp-tool/lib/provider-kind.d.ts.map +1 -0
package/dist/mcp-tool/lib/provider-kind.js +14 -0
package/dist/mcp-tool/lib/provider-kind.js.map +1 -0
package/dist/mcp-tool/lib/resolver-scope.d.ts +16 -0
package/dist/mcp-tool/lib/resolver-scope.d.ts.map +1 -0
package/dist/mcp-tool/lib/resolver-scope.js +12 -0
package/dist/mcp-tool/lib/resolver-scope.js.map +1 -0
package/dist/mcp-tool/lib/tool-provider.d.ts +21 -0
package/dist/mcp-tool/lib/tool-provider.d.ts.map +1 -0
package/dist/mcp-tool/lib/tool-provider.js +3 -0
package/dist/mcp-tool/lib/tool-provider.js.map +1 -0
package/dist/mcp-tool/lib/tool-selection.d.ts +34 -0
package/dist/mcp-tool/lib/tool-selection.d.ts.map +1 -0
package/dist/mcp-tool/lib/tool-selection.js +18 -0
package/dist/mcp-tool/lib/tool-selection.js.map +1 -0
package/dist/object/index.d.ts +5 -0
package/dist/object/index.d.ts.map +1 -0
package/dist/object/index.js +21 -0
package/dist/object/index.js.map +1 -0
package/dist/object/lib/object-lifecycle.d.ts +8 -0
package/dist/object/lib/object-lifecycle.d.ts.map +1 -0
package/dist/object/lib/object-lifecycle.js +12 -0
package/dist/object/lib/object-lifecycle.js.map +1 -0
package/dist/object/lib/xema-object-kind.d.ts +43 -0
package/dist/object/lib/xema-object-kind.d.ts.map +1 -0
package/dist/object/lib/xema-object-kind.js +47 -0
package/dist/object/lib/xema-object-kind.js.map +1 -0
package/dist/object/lib/xema-object-ref.d.ts +20 -0
package/dist/object/lib/xema-object-ref.d.ts.map +1 -0
package/dist/object/lib/xema-object-ref.js +133 -0
package/dist/object/lib/xema-object-ref.js.map +1 -0
package/dist/object/lib/xema-object.d.ts +24 -0
package/dist/object/lib/xema-object.d.ts.map +1 -0
package/dist/object/lib/xema-object.js +24 -0
package/dist/object/lib/xema-object.js.map +1 -0
package/dist/policy/index.d.ts +4 -0
package/dist/policy/index.d.ts.map +1 -0
package/dist/policy/index.js +20 -0
package/dist/policy/index.js.map +1 -0
package/dist/policy/lib/obligations.d.ts +91 -0
package/dist/policy/lib/obligations.d.ts.map +1 -0
package/dist/policy/lib/obligations.js +76 -0
package/dist/policy/lib/obligations.js.map +1 -0
package/dist/policy/lib/policy.d.ts +29 -0
package/dist/policy/lib/policy.d.ts.map +1 -0
package/dist/policy/lib/policy.js +32 -0
package/dist/policy/lib/policy.js.map +1 -0
package/dist/policy/lib/route-hints.d.ts +11 -0
package/dist/policy/lib/route-hints.d.ts.map +1 -0
package/dist/policy/lib/route-hints.js +15 -0
package/dist/policy/lib/route-hints.js.map +1 -0
package/dist/runner/index.d.ts +12 -0
package/dist/runner/index.d.ts.map +1 -0
package/dist/runner/index.js +28 -0
package/dist/runner/index.js.map +1 -0
package/dist/runner/lib/dispatch.d.ts +13 -0
package/dist/runner/lib/dispatch.d.ts.map +1 -0
package/dist/runner/lib/dispatch.js +15 -0
package/dist/runner/lib/dispatch.js.map +1 -0
package/dist/runner/lib/input-hash.d.ts +2 -0
package/dist/runner/lib/input-hash.d.ts.map +1 -0
package/dist/runner/lib/input-hash.js +37 -0
package/dist/runner/lib/input-hash.js.map +1 -0
package/dist/runner/lib/job-token.d.ts +22 -0
package/dist/runner/lib/job-token.d.ts.map +1 -0
package/dist/runner/lib/job-token.js +3 -0
package/dist/runner/lib/job-token.js.map +1 -0
package/dist/runner/lib/runner-attestation.d.ts +10 -0
package/dist/runner/lib/runner-attestation.d.ts.map +1 -0
package/dist/runner/lib/runner-attestation.js +5 -0
package/dist/runner/lib/runner-attestation.js.map +1 -0
package/dist/runner/lib/runner-job.d.ts +26 -0
package/dist/runner/lib/runner-job.d.ts.map +1 -0
package/dist/runner/lib/runner-job.js +36 -0
package/dist/runner/lib/runner-job.js.map +1 -0
package/dist/runner/lib/runner-kind.d.ts +2 -0
package/dist/runner/lib/runner-kind.d.ts.map +1 -0
package/dist/runner/lib/runner-kind.js +7 -0
package/dist/runner/lib/runner-kind.js.map +1 -0
package/dist/runner/lib/runner-mode.d.ts +5 -0
package/dist/runner/lib/runner-mode.d.ts.map +1 -0
package/dist/runner/lib/runner-mode.js +9 -0
package/dist/runner/lib/runner-mode.js.map +1 -0
package/dist/runner/lib/runner-plane.d.ts +19 -0
package/dist/runner/lib/runner-plane.d.ts.map +1 -0
package/dist/runner/lib/runner-plane.js +31 -0
package/dist/runner/lib/runner-plane.js.map +1 -0
package/dist/runner/lib/runner-registration.d.ts +60 -0
package/dist/runner/lib/runner-registration.d.ts.map +1 -0
package/dist/runner/lib/runner-registration.js +62 -0
package/dist/runner/lib/runner-registration.js.map +1 -0
package/dist/runner/lib/runner.d.ts +24 -0
package/dist/runner/lib/runner.d.ts.map +1 -0
package/dist/runner/lib/runner.js +26 -0
package/dist/runner/lib/runner.js.map +1 -0
package/dist/runner/lib/runtime-isolation.d.ts +10 -0
package/dist/runner/lib/runtime-isolation.d.ts.map +1 -0
package/dist/runner/lib/runtime-isolation.js +23 -0
package/dist/runner/lib/runtime-isolation.js.map +1 -0
package/dist/search-source/index.d.ts +5 -0
package/dist/search-source/index.d.ts.map +1 -0
package/dist/search-source/index.js +21 -0
package/dist/search-source/index.js.map +1 -0
package/dist/search-source/lib/indexable-document.d.ts +40 -0
package/dist/search-source/lib/indexable-document.d.ts.map +1 -0
package/dist/search-source/lib/indexable-document.js +26 -0
package/dist/search-source/lib/indexable-document.js.map +1 -0
package/dist/search-source/lib/search-index-event.d.ts +52 -0
package/dist/search-source/lib/search-index-event.d.ts.map +1 -0
package/dist/search-source/lib/search-index-event.js +29 -0
package/dist/search-source/lib/search-index-event.js.map +1 -0
package/dist/search-source/lib/search-replay.d.ts +46 -0
package/dist/search-source/lib/search-replay.d.ts.map +1 -0
package/dist/search-source/lib/search-replay.js +36 -0
package/dist/search-source/lib/search-replay.js.map +1 -0
package/dist/search-source/lib/search-source-descriptor.d.ts +15 -0
package/dist/search-source/lib/search-source-descriptor.d.ts.map +1 -0
package/dist/search-source/lib/search-source-descriptor.js +3 -0
package/dist/search-source/lib/search-source-descriptor.js.map +1 -0
package/dist/service-registry/index.d.ts +4 -0
package/dist/service-registry/index.d.ts.map +1 -0
package/dist/service-registry/index.js +20 -0
package/dist/service-registry/index.js.map +1 -0
package/dist/service-registry/lib/inject-service.d.ts +6 -0
package/dist/service-registry/lib/inject-service.d.ts.map +1 -0
package/dist/service-registry/lib/inject-service.js +5 -0
package/dist/service-registry/lib/inject-service.js.map +1 -0
package/dist/service-registry/lib/service-descriptor.d.ts +28 -0
package/dist/service-registry/lib/service-descriptor.d.ts.map +1 -0
package/dist/service-registry/lib/service-descriptor.js +17 -0
package/dist/service-registry/lib/service-descriptor.js.map +1 -0
package/dist/service-registry/lib/service-registry-client.d.ts +30 -0
package/dist/service-registry/lib/service-registry-client.d.ts.map +1 -0
package/dist/service-registry/lib/service-registry-client.js +3 -0
package/dist/service-registry/lib/service-registry-client.js.map +1 -0
package/dist/skill/index.d.ts +5 -0
package/dist/skill/index.d.ts.map +1 -0
package/dist/skill/index.js +21 -0
package/dist/skill/index.js.map +1 -0
package/dist/skill/lib/skill-enums.d.ts +41 -0
package/dist/skill/lib/skill-enums.d.ts.map +1 -0
package/dist/skill/lib/skill-enums.js +54 -0
package/dist/skill/lib/skill-enums.js.map +1 -0
package/dist/skill/lib/skill-governance.d.ts +106 -0
package/dist/skill/lib/skill-governance.d.ts.map +1 -0
package/dist/skill/lib/skill-governance.js +61 -0
package/dist/skill/lib/skill-governance.js.map +1 -0
package/dist/skill/lib/skill-source.d.ts +14 -0
package/dist/skill/lib/skill-source.d.ts.map +1 -0
package/dist/skill/lib/skill-source.js +3 -0
package/dist/skill/lib/skill-source.js.map +1 -0
package/dist/skill/lib/skill.d.ts +52 -0
package/dist/skill/lib/skill.d.ts.map +1 -0
package/dist/skill/lib/skill.js +3 -0
package/dist/skill/lib/skill.js.map +1 -0
package/dist/space/index.d.ts +4 -0
package/dist/space/index.d.ts.map +1 -0
package/dist/space/index.js +20 -0
package/dist/space/index.js.map +1 -0
package/dist/space/lib/space-ref-parser.d.ts +8 -0
package/dist/space/lib/space-ref-parser.d.ts.map +1 -0
package/dist/space/lib/space-ref-parser.js +149 -0
package/dist/space/lib/space-ref-parser.js.map +1 -0
package/dist/space/lib/space-traversal.d.ts +3 -0
package/dist/space/lib/space-traversal.d.ts.map +1 -0
package/dist/space/lib/space-traversal.js +56 -0
package/dist/space/lib/space-traversal.js.map +1 -0
package/dist/space/lib/space.d.ts +53 -0
package/dist/space/lib/space.d.ts.map +1 -0
package/dist/space/lib/space.js +98 -0
package/dist/space/lib/space.js.map +1 -0
package/dist/subject/index.d.ts +3 -0
package/dist/subject/index.d.ts.map +1 -0
package/dist/subject/index.js +19 -0
package/dist/subject/index.js.map +1 -0
package/dist/subject/lib/subject.d.ts +29 -0
package/dist/subject/lib/subject.d.ts.map +1 -0
package/dist/subject/lib/subject.js +47 -0
package/dist/subject/lib/subject.js.map +1 -0
package/dist/subject/lib/token-class.d.ts +11 -0
package/dist/subject/lib/token-class.d.ts.map +1 -0
package/dist/subject/lib/token-class.js +15 -0
package/dist/subject/lib/token-class.js.map +1 -0
package/dist/workflow/index.d.ts +31 -0
package/dist/workflow/index.d.ts.map +1 -0
package/dist/workflow/index.js +47 -0
package/dist/workflow/index.js.map +1 -0
package/dist/workflow/lib/action-ref.d.ts +12 -0
package/dist/workflow/lib/action-ref.d.ts.map +1 -0
package/dist/workflow/lib/action-ref.js +3 -0
package/dist/workflow/lib/action-ref.js.map +1 -0
package/dist/workflow/lib/activity-outputs.d.ts +14 -0
package/dist/workflow/lib/activity-outputs.d.ts.map +1 -0
package/dist/workflow/lib/activity-outputs.js +3 -0
package/dist/workflow/lib/activity-outputs.js.map +1 -0
package/dist/workflow/lib/agent-role.d.ts +6 -0
package/dist/workflow/lib/agent-role.d.ts.map +1 -0
package/dist/workflow/lib/agent-role.js +41 -0
package/dist/workflow/lib/agent-role.js.map +1 -0
package/dist/workflow/lib/artifact-ref.d.ts +21 -0
package/dist/workflow/lib/artifact-ref.d.ts.map +1 -0
package/dist/workflow/lib/artifact-ref.js +38 -0
package/dist/workflow/lib/artifact-ref.js.map +1 -0
package/dist/workflow/lib/briefcase.d.ts +107 -0
package/dist/workflow/lib/briefcase.d.ts.map +1 -0
package/dist/workflow/lib/briefcase.js +62 -0
package/dist/workflow/lib/briefcase.js.map +1 -0
package/dist/workflow/lib/canonical-concepts/canonical-concept-registry.d.ts +18 -0
package/dist/workflow/lib/canonical-concepts/canonical-concept-registry.d.ts.map +1 -0
package/dist/workflow/lib/canonical-concepts/canonical-concept-registry.js +45 -0
package/dist/workflow/lib/canonical-concepts/canonical-concept-registry.js.map +1 -0
package/dist/workflow/lib/canonical-concepts/concepts/change-intent.concepts.d.ts +3 -0
package/dist/workflow/lib/canonical-concepts/concepts/change-intent.concepts.d.ts.map +1 -0
package/dist/workflow/lib/canonical-concepts/concepts/change-intent.concepts.js +79 -0
package/dist/workflow/lib/canonical-concepts/concepts/change-intent.concepts.js.map +1 -0
package/dist/workflow/lib/canonical-concepts/concepts/concern.concepts.d.ts +3 -0
package/dist/workflow/lib/canonical-concepts/concepts/concern.concepts.d.ts.map +1 -0
package/dist/workflow/lib/canonical-concepts/concepts/concern.concepts.js +133 -0
package/dist/workflow/lib/canonical-concepts/concepts/concern.concepts.js.map +1 -0
package/dist/workflow/lib/canonical-concepts/concepts/domain.concepts.d.ts +3 -0
package/dist/workflow/lib/canonical-concepts/concepts/domain.concepts.d.ts.map +1 -0
package/dist/workflow/lib/canonical-concepts/concepts/domain.concepts.js +116 -0
package/dist/workflow/lib/canonical-concepts/concepts/domain.concepts.js.map +1 -0
package/dist/workflow/lib/canonical-concepts/concepts/index.d.ts +8 -0
package/dist/workflow/lib/canonical-concepts/concepts/index.d.ts.map +1 -0
package/dist/workflow/lib/canonical-concepts/concepts/index.js +18 -0
package/dist/workflow/lib/canonical-concepts/concepts/index.js.map +1 -0
package/dist/workflow/lib/canonical-concepts/concepts/technology.concepts.d.ts +3 -0
package/dist/workflow/lib/canonical-concepts/concepts/technology.concepts.d.ts.map +1 -0
package/dist/workflow/lib/canonical-concepts/concepts/technology.concepts.js +462 -0
package/dist/workflow/lib/canonical-concepts/concepts/technology.concepts.js.map +1 -0
package/dist/workflow/lib/canonical-concepts/index.d.ts +3 -0
package/dist/workflow/lib/canonical-concepts/index.d.ts.map +1 -0
package/dist/workflow/lib/canonical-concepts/index.js +16 -0
package/dist/workflow/lib/canonical-concepts/index.js.map +1 -0
package/dist/workflow/lib/catalog-taxonomies.d.ts +41 -0
package/dist/workflow/lib/catalog-taxonomies.d.ts.map +1 -0
package/dist/workflow/lib/catalog-taxonomies.js +3475 -0
package/dist/workflow/lib/catalog-taxonomies.js.map +1 -0
package/dist/workflow/lib/compiled-run.d.ts +118 -0
package/dist/workflow/lib/compiled-run.d.ts.map +1 -0
package/dist/workflow/lib/compiled-run.js +3 -0
package/dist/workflow/lib/compiled-run.js.map +1 -0
package/dist/workflow/lib/compiled-working-file.d.ts +11 -0
package/dist/workflow/lib/compiled-working-file.d.ts.map +1 -0
package/dist/workflow/lib/compiled-working-file.js +3 -0
package/dist/workflow/lib/compiled-working-file.js.map +1 -0
package/dist/workflow/lib/compiled-workspace-manifest.d.ts +101 -0
package/dist/workflow/lib/compiled-workspace-manifest.d.ts.map +1 -0
package/dist/workflow/lib/compiled-workspace-manifest.js +3 -0
package/dist/workflow/lib/compiled-workspace-manifest.js.map +1 -0
package/dist/workflow/lib/concurrency-group.d.ts +6 -0
package/dist/workflow/lib/concurrency-group.d.ts.map +1 -0
package/dist/workflow/lib/concurrency-group.js +3 -0
package/dist/workflow/lib/concurrency-group.js.map +1 -0
package/dist/workflow/lib/deliverable-result.d.ts +124 -0
package/dist/workflow/lib/deliverable-result.d.ts.map +1 -0
package/dist/workflow/lib/deliverable-result.js +27 -0
package/dist/workflow/lib/deliverable-result.js.map +1 -0
package/dist/workflow/lib/domain-tag.d.ts +2 -0
package/dist/workflow/lib/domain-tag.d.ts.map +1 -0
package/dist/workflow/lib/domain-tag.js +3 -0
package/dist/workflow/lib/domain-tag.js.map +1 -0
package/dist/workflow/lib/enums.d.ts +138 -0
package/dist/workflow/lib/enums.d.ts.map +1 -0
package/dist/workflow/lib/enums.js +166 -0
package/dist/workflow/lib/enums.js.map +1 -0
package/dist/workflow/lib/errors.d.ts +35 -0
package/dist/workflow/lib/errors.d.ts.map +1 -0
package/dist/workflow/lib/errors.js +62 -0
package/dist/workflow/lib/errors.js.map +1 -0
package/dist/workflow/lib/job-run.d.ts +32 -0
package/dist/workflow/lib/job-run.d.ts.map +1 -0
package/dist/workflow/lib/job-run.js +3 -0
package/dist/workflow/lib/job-run.js.map +1 -0
package/dist/workflow/lib/model-ref.d.ts +40 -0
package/dist/workflow/lib/model-ref.d.ts.map +1 -0
package/dist/workflow/lib/model-ref.js +34 -0
package/dist/workflow/lib/model-ref.js.map +1 -0
package/dist/workflow/lib/mount-plan.d.ts +105 -0
package/dist/workflow/lib/mount-plan.d.ts.map +1 -0
package/dist/workflow/lib/mount-plan.js +3 -0
package/dist/workflow/lib/mount-plan.js.map +1 -0
package/dist/workflow/lib/phase-report.d.ts +9 -0
package/dist/workflow/lib/phase-report.d.ts.map +1 -0
package/dist/workflow/lib/phase-report.js +30 -0
package/dist/workflow/lib/phase-report.js.map +1 -0
package/dist/workflow/lib/platform-task-queue.d.ts +17 -0
package/dist/workflow/lib/platform-task-queue.d.ts.map +1 -0
package/dist/workflow/lib/platform-task-queue.js +33 -0
package/dist/workflow/lib/platform-task-queue.js.map +1 -0
package/dist/workflow/lib/review-subject/index.d.ts +5 -0
package/dist/workflow/lib/review-subject/index.d.ts.map +1 -0
package/dist/workflow/lib/review-subject/index.js +8 -0
package/dist/workflow/lib/review-subject/index.js.map +1 -0
package/dist/workflow/lib/review-subject/kinds.d.ts +5 -0
package/dist/workflow/lib/review-subject/kinds.d.ts.map +1 -0
package/dist/workflow/lib/review-subject/kinds.js +9 -0
package/dist/workflow/lib/review-subject/kinds.js.map +1 -0
package/dist/workflow/lib/review-subject/narrow.d.ts +5 -0
package/dist/workflow/lib/review-subject/narrow.d.ts.map +1 -0
package/dist/workflow/lib/review-subject/narrow.js +79 -0
package/dist/workflow/lib/review-subject/narrow.js.map +1 -0
package/dist/workflow/lib/review-subject/producers/artifact-ref.d.ts +9 -0
package/dist/workflow/lib/review-subject/producers/artifact-ref.d.ts.map +1 -0
package/dist/workflow/lib/review-subject/producers/artifact-ref.js +16 -0
package/dist/workflow/lib/review-subject/producers/artifact-ref.js.map +1 -0
package/dist/workflow/lib/review-subject/producers/string.d.ts +7 -0
package/dist/workflow/lib/review-subject/producers/string.d.ts.map +1 -0
package/dist/workflow/lib/review-subject/producers/string.js +11 -0
package/dist/workflow/lib/review-subject/producers/string.js.map +1 -0
package/dist/workflow/lib/role-capability.d.ts +16 -0
package/dist/workflow/lib/role-capability.d.ts.map +1 -0
package/dist/workflow/lib/role-capability.js +19 -0
package/dist/workflow/lib/role-capability.js.map +1 -0
package/dist/workflow/lib/run-progress.d.ts +100 -0
package/dist/workflow/lib/run-progress.d.ts.map +1 -0
package/dist/workflow/lib/run-progress.js +96 -0
package/dist/workflow/lib/run-progress.js.map +1 -0
package/dist/workflow/lib/sampling-profiles.d.ts +18 -0
package/dist/workflow/lib/sampling-profiles.d.ts.map +1 -0
package/dist/workflow/lib/sampling-profiles.js +56 -0
package/dist/workflow/lib/sampling-profiles.js.map +1 -0
package/dist/workflow/lib/snapshot-ref.d.ts +10 -0
package/dist/workflow/lib/snapshot-ref.d.ts.map +1 -0
package/dist/workflow/lib/snapshot-ref.js +3 -0
package/dist/workflow/lib/snapshot-ref.js.map +1 -0
package/dist/workflow/lib/temporal-namespace.d.ts +5 -0
package/dist/workflow/lib/temporal-namespace.d.ts.map +1 -0
package/dist/workflow/lib/temporal-namespace.js +34 -0
package/dist/workflow/lib/temporal-namespace.js.map +1 -0
package/dist/workflow/lib/trigger-payload.d.ts +35 -0
package/dist/workflow/lib/trigger-payload.d.ts.map +1 -0
package/dist/workflow/lib/trigger-payload.js +3 -0
package/dist/workflow/lib/trigger-payload.js.map +1 -0
package/dist/workflow/lib/variable-requirement.d.ts +18 -0
package/dist/workflow/lib/variable-requirement.d.ts.map +1 -0
package/dist/workflow/lib/variable-requirement.js +3 -0
package/dist/workflow/lib/variable-requirement.js.map +1 -0
package/dist/workflow/lib/work-item-payloads.d.ts +114 -0
package/dist/workflow/lib/work-item-payloads.d.ts.map +1 -0
package/dist/workflow/lib/work-item-payloads.js +60 -0
package/dist/workflow/lib/work-item-payloads.js.map +1 -0
package/dist/workflow/lib/workflow-stage.d.ts +11 -0
package/dist/workflow/lib/workflow-stage.d.ts.map +1 -0
package/dist/workflow/lib/workflow-stage.js +28 -0
package/dist/workflow/lib/workflow-stage.js.map +1 -0
package/dist/workflow/lib/workspace-manifest-enums.d.ts +42 -0
package/dist/workflow/lib/workspace-manifest-enums.d.ts.map +1 -0
package/dist/workflow/lib/workspace-manifest-enums.js +80 -0
package/dist/workflow/lib/workspace-manifest-enums.js.map +1 -0
package/package.json +173 -0
package/src/agent-composition/index.ts +17 -0
package/src/agent-composition/lib/capability-layer.ts +46 -0
package/src/agent-composition/lib/composition-limits-schema.ts +38 -0
package/src/agent-composition/lib/composition-workspace.ts +210 -0
package/src/agent-composition/lib/composition.ts +205 -0
package/src/agent-composition/lib/intrinsic-floor.ts +50 -0
package/src/agent-composition/lib/model-resolution-matrix.ts +112 -0
package/src/agent-workspace/index.ts +27 -0
package/src/agent-workspace/lib/agent-run-context.ts +44 -0
package/src/agent-workspace/lib/agent-tool-defaults.ts +252 -0
package/src/agent-workspace/lib/awp-v1.ts +289 -0
package/src/agent-workspace/lib/context-json.ts +92 -0
package/src/agent-workspace/lib/deliverable-spec-ref.ts +60 -0
package/src/agent-workspace/lib/endpoint-fetch-spec.ts +66 -0
package/src/agent-workspace/lib/manifest.ts +53 -0
package/src/agent-workspace/lib/mount-apply.ts +79 -0
package/src/agent-workspace/lib/working-file.ts +173 -0
package/src/agent-workspace/lib/workspace-layout.ts +106 -0
package/src/agent-workspace/lib/workspace-spec.ts +212 -0
package/src/biome/index.ts +10 -0
package/src/biome/lib/biome-api.ts +33 -0
package/src/biome/lib/biome-capability-refs.ts +29 -0
package/src/biome/lib/biome-engines.ts +18 -0
package/src/biome/lib/biome-lifecycle-hooks.ts +28 -0
package/src/biome/lib/biome-lifecycle.ts +29 -0
package/src/biome/lib/biome-manifest.ts +102 -0
package/src/biome/lib/biome-permissions.ts +35 -0
package/src/biome/lib/biome-scope.ts +19 -0
package/src/biome/lib/biome-trust-tier.ts +21 -0
package/src/biome/lib/trust-tier-policies.ts +99 -0
package/src/capability/index.ts +8 -0
package/src/capability/lib/capability-contribution.ts +99 -0
package/src/capability/lib/capability-grant.ts +90 -0
package/src/capability/lib/capability-policy.ts +37 -0
package/src/capability/lib/capability-ref.ts +138 -0
package/src/capability/lib/errors.ts +180 -0
package/src/capability/lib/meta-tool.ts +213 -0
package/src/capability/lib/permission-profile.ts +91 -0
package/src/capability/lib/shell-command-descriptor.ts +66 -0
package/src/contribution/index.ts +4 -0
package/src/contribution/lib/contribution-kind.ts +132 -0
package/src/contribution/lib/contribution-source.ts +29 -0
package/src/contribution/lib/contribution.ts +209 -0
package/src/contribution/lib/registry.ts +100 -0
package/src/document-templates/index.ts +24 -0
package/src/document-templates/lib/document-template.ts +88 -0
package/src/document-templates/lib/index.ts +2 -0
package/src/document-templates/lib/rendering-shape.ts +48 -0
package/src/document-themes/index.ts +21 -0
package/src/document-themes/lib/component-vocabulary.ts +100 -0
package/src/document-themes/lib/document-theme.ts +110 -0
package/src/document-themes/lib/index.ts +2 -0
package/src/entitlement/index.ts +1 -0
package/src/entitlement/lib/entitlement.ts +142 -0
package/src/execution-context/index.ts +3 -0
package/src/execution-context/lib/caller.ts +46 -0
package/src/execution-context/lib/execution-context.ts +205 -0
package/src/execution-context/lib/subject.ts +17 -0
package/src/execution-environment/index.ts +3 -0
package/src/execution-environment/lib/approval-rule.ts +32 -0
package/src/execution-environment/lib/built-in-environments.ts +89 -0
package/src/execution-environment/lib/execution-environment.ts +266 -0
package/src/kernel-state/index.ts +3 -0
package/src/kernel-state/lib/adapter-kind.ts +18 -0
package/src/kernel-state/lib/kernel-state.ts +139 -0
package/src/kernel-state/lib/key-grammar.ts +105 -0
package/src/llm-gateway/index.ts +2 -0
package/src/llm-gateway/lib/caller.ts +48 -0
package/src/llm-gateway/lib/errors.ts +111 -0
package/src/mcp-tool/index.ts +6 -0
package/src/mcp-tool/lib/mcp-protocol.ts +94 -0
package/src/mcp-tool/lib/mcp-server-config.ts +17 -0
package/src/mcp-tool/lib/provider-kind.ts +35 -0
package/src/mcp-tool/lib/resolver-scope.ts +32 -0
package/src/mcp-tool/lib/tool-provider.ts +62 -0
package/src/mcp-tool/lib/tool-selection.ts +48 -0
package/src/object/index.ts +4 -0
package/src/object/lib/object-lifecycle.ts +22 -0
package/src/object/lib/xema-object-kind.ts +73 -0
package/src/object/lib/xema-object-ref.ts +233 -0
package/src/object/lib/xema-object.ts +81 -0
package/src/policy/index.ts +3 -0
package/src/policy/lib/obligations.ts +155 -0
package/src/policy/lib/policy.ts +104 -0
package/src/policy/lib/route-hints.ts +51 -0
package/src/runner/index.ts +11 -0
package/src/runner/lib/dispatch.ts +61 -0
package/src/runner/lib/input-hash.ts +66 -0
package/src/runner/lib/job-token.ts +80 -0
package/src/runner/lib/runner-attestation.ts +53 -0
package/src/runner/lib/runner-job.ts +90 -0
package/src/runner/lib/runner-kind.ts +10 -0
package/src/runner/lib/runner-mode.ts +16 -0
package/src/runner/lib/runner-plane.ts +101 -0
package/src/runner/lib/runner-registration.ts +204 -0
package/src/runner/lib/runner.ts +103 -0
package/src/runner/lib/runtime-isolation.ts +53 -0
package/src/search-source/index.ts +4 -0
package/src/search-source/lib/indexable-document.ts +70 -0
package/src/search-source/lib/search-index-event.ts +56 -0
package/src/search-source/lib/search-replay.ts +96 -0
package/src/search-source/lib/search-source-descriptor.ts +50 -0
package/src/service-registry/index.ts +3 -0
package/src/service-registry/lib/inject-service.ts +25 -0
package/src/service-registry/lib/service-descriptor.ts +75 -0
package/src/service-registry/lib/service-registry-client.ts +107 -0
package/src/skill/index.ts +15 -0
package/src/skill/lib/skill-enums.ts +124 -0
package/src/skill/lib/skill-governance.ts +281 -0
package/src/skill/lib/skill-source.ts +41 -0
package/src/skill/lib/skill.ts +150 -0
package/src/space/index.ts +3 -0
package/src/space/lib/space-ref-parser.ts +198 -0
package/src/space/lib/space-traversal.ts +55 -0
package/src/space/lib/space.ts +173 -0
package/src/subject/index.ts +2 -0
package/src/subject/lib/subject.ts +111 -0
package/src/subject/lib/token-class.ts +27 -0
package/src/workflow/index.ts +45 -0
package/src/workflow/lib/action-ref.ts +48 -0
package/src/workflow/lib/activity-outputs.ts +105 -0
package/src/workflow/lib/agent-role.ts +136 -0
package/src/workflow/lib/artifact-ref.ts +93 -0
package/src/workflow/lib/briefcase.ts +194 -0
package/src/workflow/lib/canonical-concepts/canonical-concept-registry.ts +99 -0
package/src/workflow/lib/canonical-concepts/concepts/change-intent.concepts.ts +124 -0
package/src/workflow/lib/canonical-concepts/concepts/concern.concepts.ts +194 -0
package/src/workflow/lib/canonical-concepts/concepts/domain.concepts.ts +205 -0
package/src/workflow/lib/canonical-concepts/concepts/index.ts +15 -0
package/src/workflow/lib/canonical-concepts/concepts/technology.concepts.ts +667 -0
package/src/workflow/lib/canonical-concepts/index.ts +2 -0
package/src/workflow/lib/catalog-taxonomies.ts +3695 -0
package/src/workflow/lib/compiled-run.ts +376 -0
package/src/workflow/lib/compiled-working-file.ts +35 -0
package/src/workflow/lib/compiled-workspace-manifest.ts +185 -0
package/src/workflow/lib/concurrency-group.ts +17 -0
package/src/workflow/lib/deliverable-result.ts +238 -0
package/src/workflow/lib/domain-tag.ts +48 -0
package/src/workflow/lib/enums.ts +288 -0
package/src/workflow/lib/errors.ts +171 -0
package/src/workflow/lib/job-run.ts +65 -0
package/src/workflow/lib/model-ref.ts +118 -0
package/src/workflow/lib/mount-plan.ts +230 -0
package/src/workflow/lib/phase-report.ts +67 -0
package/src/workflow/lib/platform-task-queue.ts +83 -0
package/src/workflow/lib/review-subject/index.ts +15 -0
package/src/workflow/lib/review-subject/kinds.ts +31 -0
package/src/workflow/lib/review-subject/narrow.ts +123 -0
package/src/workflow/lib/review-subject/producers/artifact-ref.ts +33 -0
package/src/workflow/lib/review-subject/producers/string.ts +24 -0
package/src/workflow/lib/role-capability.ts +80 -0
package/src/workflow/lib/run-progress.ts +254 -0
package/src/workflow/lib/sampling-profiles.ts +153 -0
package/src/workflow/lib/snapshot-ref.ts +27 -0
package/src/workflow/lib/temporal-namespace.ts +78 -0
package/src/workflow/lib/trigger-payload.ts +69 -0
package/src/workflow/lib/variable-requirement.ts +66 -0
package/src/workflow/lib/work-item-payloads.ts +139 -0
package/src/workflow/lib/workflow-stage.ts +89 -0
package/src/workflow/lib/workspace-manifest-enums.ts +143 -0

package/src/object/lib/xema-object-ref.ts ADDED Viewed

@@ -0,0 +1,233 @@
+import { z } from 'zod';
+import { SpaceRef, SpaceKind, spaceRefToPath } from '../../space';
+import { XemaObjectKind, XemaObjectKindSchema } from './xema-object-kind';
+/**
+ * Stable wire shape for every XemaObject address (XSI plane 1, §3.1 +
+ * §6.1 of the plan-of-record). The grammar is:
+ *
+ *   `xema://<scope-path>/<kind>/<slug>[@<version>]`
+ *
+ * Examples:
+ *   `xema://system/capability/kb.page.read@1`
+ *   `xema://orgs/acme/projects/main/agent/code-reviewer@3.0.0`
+ *   `xema://biomes/document-buddy/skill/doc-editor`
+ *   `xema://users/u_123/skill/scratch-notes`
+ *   `xema://store/biome/document-buddy@1.4.2`
+ */
+export type XemaObjectRef = `xema://${string}`;
+const XEMA_OBJECT_REF_PREFIX = 'xema://';
+export const XemaObjectRefSchema = z
+  .string()
+  .refine(
+    (value): value is XemaObjectRef => value.startsWith(XEMA_OBJECT_REF_PREFIX),
+    { message: `XemaObjectRef must start with "${XEMA_OBJECT_REF_PREFIX}"` },
+  );
+/**
+ * Structured error raised by `parseXemaObjectRef`. Carries a stable
+ * code so callers can fail-fast and surface a typed error to clients
+ * (per the engineering constitution: no silent fallbacks).
+ */
+export class XemaObjectRefParseError extends Error {
+  public readonly code = 'XEMA_OBJECT_REF_INVALID';
+  public readonly ref: string;
+  public readonly reason: string;
+  public constructor(ref: string, reason: string) {
+    super(`Invalid XemaObjectRef "${ref}": ${reason}`);
+    this.name = 'XemaObjectRefParseError';
+    this.ref = ref;
+    this.reason = reason;
+  }
+}
+/**
+ * Parts of a parsed XemaObjectRef. `version` is `undefined` when the
+ * input omitted the `@<version>` suffix — callers MUST treat the
+ * absent case explicitly (e.g. fall through to the resolver's
+ * "latest published" pin) rather than substitute a default here.
+ */
+export interface XemaObjectRefParts {
+  scope: SpaceRef;
+  kind: XemaObjectKind;
+  slug: string;
+  version?: string;
+}
+const SLUG_PATTERN = /^[a-zA-Z0-9][a-zA-Z0-9_.-]*$/;
+const VERSION_PATTERN = /^[A-Za-z0-9][A-Za-z0-9_.+-]*$/;
+interface ScopeParse {
+  scope: SpaceRef;
+  consumed: number;
+}
+function requireSegment(
+  segments: string[],
+  index: number,
+  ref: string,
+  label: string,
+): string {
+  const value = segments[index];
+  if (value === undefined || value.length === 0) {
+    throw new XemaObjectRefParseError(ref, `missing ${label} segment`);
+  }
+  return value;
+}
+function parseScope(segments: string[], ref: string): ScopeParse {
+  const head = requireSegment(segments, 0, ref, 'scope');
+  switch (head) {
+    case 'system':
+      return { scope: { tier: SpaceKind.System }, consumed: 1 };
+    case 'biomes': {
+      const biomeId = requireSegment(segments, 1, ref, 'biomeId');
+      return {
+        scope: { tier: SpaceKind.Biome, biomeId },
+        consumed: 2,
+      };
+    }
+    case 'users': {
+      const userId = requireSegment(segments, 1, ref, 'userId');
+      return {
+        scope: { tier: SpaceKind.User, userId },
+        consumed: 2,
+      };
+    }
+    case 'orgs': {
+      const orgId = requireSegment(segments, 1, ref, 'orgId');
+      if (segments.length >= 4 && segments[2] === 'projects') {
+        const projectId = requireSegment(segments, 3, ref, 'projectId');
+        return {
+          scope: {
+            tier: SpaceKind.Project,
+            orgId,
+            projectId,
+          },
+          consumed: 4,
+        };
+      }
+      return {
+        scope: { tier: SpaceKind.Org, orgId },
+        consumed: 2,
+      };
+    }
+    default:
+      throw new XemaObjectRefParseError(
+        ref,
+        `unknown scope head "${head}" (expected one of: system, biomes, orgs, users)`,
+      );
+  }
+}
+/**
+ * Parse a `XemaObjectRef` into structured parts. Fail-fast on every
+ * malformed input (no silent coercion). When the `@<version>` suffix
+ * is absent, `version` is `undefined`; downstream resolvers decide
+ * how to pin (typically "latest published"), this function does not.
+ */
+export function parseXemaObjectRef(ref: string): XemaObjectRefParts {
+  if (!ref.startsWith(XEMA_OBJECT_REF_PREFIX)) {
+    throw new XemaObjectRefParseError(
+      ref,
+      `must start with "${XEMA_OBJECT_REF_PREFIX}"`,
+    );
+  }
+  const body = ref.slice(XEMA_OBJECT_REF_PREFIX.length);
+  if (body.length === 0) {
+    throw new XemaObjectRefParseError(ref, 'empty body after scheme');
+  }
+  // Split off `@<version>` from the LAST segment only (slugs may not
+  // contain `@`, but scope segments and the kind never carry it).
+  let version: string | undefined;
+  let pathBody = body;
+  const atIndex = body.lastIndexOf('@');
+  const lastSlash = body.lastIndexOf('/');
+  if (atIndex > lastSlash) {
+    version = body.slice(atIndex + 1);
+    pathBody = body.slice(0, atIndex);
+    if (version.length === 0) {
+      throw new XemaObjectRefParseError(ref, 'empty version suffix after "@"');
+    }
+    if (!VERSION_PATTERN.test(version)) {
+      throw new XemaObjectRefParseError(
+        ref,
+        `version "${version}" contains invalid characters`,
+      );
+    }
+  }
+  const segments = pathBody.split('/').filter((segment) => segment.length > 0);
+  if (segments.length < 3) {
+    throw new XemaObjectRefParseError(
+      ref,
+      'must contain at least <scope>/<kind>/<slug>',
+    );
+  }
+  const { scope, consumed } = parseScope(segments, ref);
+  const remaining = segments.slice(consumed);
+  if (remaining.length < 2) {
+    throw new XemaObjectRefParseError(
+      ref,
+      'missing <kind>/<slug> after scope segments',
+    );
+  }
+  if (remaining.length > 2) {
+    throw new XemaObjectRefParseError(
+      ref,
+      `unexpected trailing path segments after <kind>/<slug>: ${remaining.slice(2).join('/')}`,
+    );
+  }
+  const kindRaw = requireSegment(remaining, 0, ref, 'kind');
+  const slug = requireSegment(remaining, 1, ref, 'slug');
+  const kindParsed = XemaObjectKindSchema.safeParse(kindRaw);
+  if (!kindParsed.success) {
+    throw new XemaObjectRefParseError(
+      ref,
+      `unknown XemaObjectKind "${kindRaw}"`,
+    );
+  }
+  if (!SLUG_PATTERN.test(slug)) {
+    throw new XemaObjectRefParseError(
+      ref,
+      `slug "${slug}" must match ${SLUG_PATTERN}`,
+    );
+  }
+  return version === undefined
+    ? { scope, kind: kindParsed.data, slug }
+    : { scope, kind: kindParsed.data, slug, version };
+}
+/**
+ * Inverse of `parseXemaObjectRef`. Composes scope/kind/slug/version
+ * back into the canonical wire string. The scope path is rendered by
+ * `spaceRefToPath` so the round-trip is exact.
+ */
+export function formatXemaObjectRef(parts: XemaObjectRefParts): XemaObjectRef {
+  if (!SLUG_PATTERN.test(parts.slug)) {
+    throw new XemaObjectRefParseError(
+      `<unformatted>`,
+      `slug "${parts.slug}" must match ${SLUG_PATTERN}`,
+    );
+  }
+  if (parts.version !== undefined && !VERSION_PATTERN.test(parts.version)) {
+    throw new XemaObjectRefParseError(
+      `<unformatted>`,
+      `version "${parts.version}" contains invalid characters`,
+    );
+  }
+  // spaceRefToPath returns a leading "/"; we want the same shape as the
+  // grammar (scheme + slash-separated segments) so we trim it.
+  const scopePath = spaceRefToPath(parts.scope).replace(/^\//, '');
+  const versionSuffix = parts.version ? `@${parts.version}` : '';
+  return `${XEMA_OBJECT_REF_PREFIX}${scopePath}/${parts.kind}/${parts.slug}${versionSuffix}` as XemaObjectRef;
+}

package/src/object/lib/xema-object.ts ADDED Viewed

@@ -0,0 +1,81 @@
+import { z, ZodTypeAny } from 'zod';
+import { ObjectLifecycle, ObjectLifecycleSchema } from './object-lifecycle';
+import { SpaceRef, SpaceRefSchema } from '../../space';
+import { XemaObjectKind } from './xema-object-kind';
+import { XemaObjectRef, XemaObjectRefSchema } from './xema-object-ref';
+/**
+ * Subject reference re-declared locally so this leaf package keeps a
+ * zero-edge dependency graph (no import from `@xemahq/capability-contracts`).
+ * The richer typed subject model lives in `capability-contracts`; here
+ * we only need the wire shape `{ kind, ref }` to populate
+ * `XemaObject.owner`.
+ *
+ * `kind` is a free-form string here on purpose — XSI plane 1 does NOT
+ * own the closed enum of subject kinds (that lives in
+ * `@xemahq/capability-contracts`). Plane-1 consumers carry the value
+ * through; plane-3 (Capability) is the validation point.
+ */
+export interface SubjectRef {
+  kind: string;
+  ref: string;
+}
+export const SubjectRefSchema = z.object({
+  kind: z.string().min(1),
+  ref: z.string().min(1),
+});
+/**
+ * The generic XSI plane-1 envelope. Every addressable thing in Xema
+ * (agents, skills, biomes, workflows, capabilities, sessions, …) is a
+ * `XemaObject<TKind, TPayload>`. The shape is identical across kinds;
+ * only `payload` varies.
+ *
+ * - `ref` is the wire-stable address (`XemaObjectRef`).
+ * - `kind` is the closed `XemaObjectKind` enum value.
+ * - `scope` is the 5-tier ownership reference (single ownership model
+ *   shared with `SkillSpace` / `CompositionSpace`).
+ * - `owner` is the subject that owns the object.
+ * - `version` is a semver string. Resolution serves only `Published`
+ *   versions per `ObjectLifecycle` semantics.
+ * - `lifecycle` mirrors `CompositionLifecycle` (draft/published/archived).
+ * - `payload` is kind-specific; the resolved schema is supplied by the
+ *   owning domain contract package.
+ */
+export interface XemaObject<
+  TKind extends XemaObjectKind = XemaObjectKind,
+  TPayload = unknown,
+> {
+  ref: XemaObjectRef;
+  kind: TKind;
+  scope: SpaceRef;
+  owner: SubjectRef;
+  version: string;
+  lifecycle: ObjectLifecycle;
+  payload: TPayload;
+}
+/**
+ * Build a Zod schema for a concrete `XemaObject<TKind, TPayload>` by
+ * pairing a kind-literal schema with a payload schema. The owning
+ * domain package (e.g. `@xemahq/agent-composition-contracts`) calls
+ * this factory once per kind/payload pair.
+ */
+export function xemaObjectSchema<
+  TKind extends XemaObjectKind,
+  TPayloadSchema extends ZodTypeAny,
+>(
+  kindSchema: z.ZodType<TKind>,
+  payloadSchema: TPayloadSchema,
+): z.ZodType<XemaObject<TKind, z.infer<TPayloadSchema>>> {
+  return z.object({
+    ref: XemaObjectRefSchema,
+    kind: kindSchema,
+    scope: SpaceRefSchema,
+    owner: SubjectRefSchema,
+    version: z.string().min(1),
+    lifecycle: ObjectLifecycleSchema,
+    payload: payloadSchema,
+  }) as unknown as z.ZodType<XemaObject<TKind, z.infer<TPayloadSchema>>>;
+}

package/src/policy/index.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export * from './lib/obligations';
+export * from './lib/route-hints';
+export * from './lib/policy';

package/src/policy/lib/obligations.ts ADDED Viewed

@@ -0,0 +1,155 @@
+import { z } from 'zod';
+import { DataClassificationSchema } from '../../space';
+/**
+ * Closed obligation taxonomy (plan v4.3 §A.4).
+ *
+ * Every `PolicyObligation` carries one of these `kind` discriminants;
+ * the wire payload is a discriminated union (see `PolicyObligation`).
+ * Policy MUST NOT emit an obligation outside this set — the boundary
+ * check rejects unknown discriminators at runtime.
+ */
+export enum PolicyObligationKind {
+  Audit = 'audit',
+  RedactSecrets = 'redact-secrets',
+  RequireRunnerKind = 'require-runner-kind',
+  RequireHumanApproval = 'require-human-approval',
+  MaxDurationSeconds = 'max-duration-seconds',
+  MaxCostUsd = 'max-cost-usd',
+  RestrictOutputClassification = 'restrict-output-classification',
+  DataResidency = 'data-residency',
+}
+export const PolicyObligationKindSchema = z.nativeEnum(PolicyObligationKind);
+/**
+ * Closed runner-kind set referenced by `PolicyObligation`
+ * (`require-runner-kind`) and by `RouteHint.preferredRunnerKind` (plan
+ * v4.3 §2 / §A.4).
+ *
+ * This is the POLICY view of a runner — the dimension policy selects on
+ * to route an invocation. Phase F will unify this with the transport-
+ * level `RunnerKind` in `@xemahq/runner-contracts`
+ * (Embedded/LocalModule/Remote/McpExternal); for Phase A this enum lives
+ * inline in `@xemahq/policy-contracts` per the plan.
+ */
+export enum RunnerKind {
+  Local = 'local',
+  Cloud = 'cloud',
+  CustomerEdge = 'customer-edge',
+  GPU = 'gpu',
+  Sandbox = 'sandbox',
+  CI = 'ci',
+  /**
+   * Phase H.3 — external MCP server bridged through `mcp-gateway-api`'s
+   * external-bridge. The router resolves capability refs of the form
+   * `<provider-slug>:<tool-name>@1` to this runner kind, then forwards
+   * the invoke envelope to the bridge which translates back to an MCP
+   * `tools/call` against the originating `OrgMcpServer`.
+   */
+  McpExternal = 'mcp-external',
+}
+export const RunnerKindSchema = z.nativeEnum(RunnerKind);
+/**
+ * Closed data-residency tag set referenced by `PolicyObligation`
+ * (`data-residency`) (plan v4.3 §A.4).
+ *
+ * `customer-private` is the customer-edge tenancy class used when the
+ * org runs its own runner in a private network. Add new regions by
+ * extending the enum + the OPA bundle in lockstep — never accept a
+ * free-form string at this layer.
+ */
+export enum DataResidency {
+  Eu = 'eu',
+  Us = 'us',
+  CustomerPrivate = 'customer-private',
+}
+export const DataResidencySchema = z.nativeEnum(DataResidency);
+// ── Per-variant payload schemas ─────────────────────────────────────────
+//
+// Each schema is left as a raw `ZodObject` (no `as z.ZodType<...>` cast)
+// so `z.discriminatedUnion('kind', [...])` can introspect the literal
+// `kind` field of every variant at type-check time. The exported
+// TypeScript interfaces are derived via `z.infer<>` to guarantee the
+// schema and the type cannot drift.
+export const AuditObligationSchema = z.object({
+  kind: z.literal(PolicyObligationKind.Audit),
+});
+export type AuditObligation = z.infer<typeof AuditObligationSchema>;
+export const RedactSecretsObligationSchema = z.object({
+  kind: z.literal(PolicyObligationKind.RedactSecrets),
+});
+export type RedactSecretsObligation = z.infer<typeof RedactSecretsObligationSchema>;
+export const RequireRunnerKindObligationSchema = z.object({
+  kind: z.literal(PolicyObligationKind.RequireRunnerKind),
+  runnerKind: RunnerKindSchema,
+});
+export type RequireRunnerKindObligation = z.infer<
+  typeof RequireRunnerKindObligationSchema
+>;
+export const RequireHumanApprovalObligationSchema = z.object({
+  kind: z.literal(PolicyObligationKind.RequireHumanApproval),
+  /** Closed approver-role string owned by `authorization-api`; opaque here. */
+  approverRole: z.string().min(1).optional(),
+});
+export type RequireHumanApprovalObligation = z.infer<
+  typeof RequireHumanApprovalObligationSchema
+>;
+export const MaxDurationSecondsObligationSchema = z.object({
+  kind: z.literal(PolicyObligationKind.MaxDurationSeconds),
+  maxDurationSeconds: z.number().int().positive(),
+});
+export type MaxDurationSecondsObligation = z.infer<
+  typeof MaxDurationSecondsObligationSchema
+>;
+export const MaxCostUsdObligationSchema = z.object({
+  kind: z.literal(PolicyObligationKind.MaxCostUsd),
+  maxCostUsd: z.number().positive(),
+});
+export type MaxCostUsdObligation = z.infer<typeof MaxCostUsdObligationSchema>;
+export const RestrictOutputClassificationObligationSchema = z.object({
+  kind: z.literal(PolicyObligationKind.RestrictOutputClassification),
+  maxClassification: DataClassificationSchema,
+});
+export type RestrictOutputClassificationObligation = z.infer<
+  typeof RestrictOutputClassificationObligationSchema
+>;
+export const DataResidencyObligationSchema = z.object({
+  kind: z.literal(PolicyObligationKind.DataResidency),
+  residency: DataResidencySchema,
+});
+export type DataResidencyObligation = z.infer<
+  typeof DataResidencyObligationSchema
+>;
+/**
+ * `PolicyObligation` — closed discriminated union (plan v4.3 §A.4).
+ *
+ * Producers MUST construct one of the typed variants above; consumers
+ * MUST switch on `kind` and handle every variant explicitly. The kernel
+ * never accepts a free-form record at the obligation boundary.
+ */
+export const PolicyObligationSchema = z.discriminatedUnion('kind', [
+  AuditObligationSchema,
+  RedactSecretsObligationSchema,
+  RequireRunnerKindObligationSchema,
+  RequireHumanApprovalObligationSchema,
+  MaxDurationSecondsObligationSchema,
+  MaxCostUsdObligationSchema,
+  RestrictOutputClassificationObligationSchema,
+  DataResidencyObligationSchema,
+]);
+export type PolicyObligation = z.infer<typeof PolicyObligationSchema>;

package/src/policy/lib/policy.ts ADDED Viewed

@@ -0,0 +1,104 @@
+import { z } from 'zod';
+import {
+  ExecutionContextSchema,
+  type ExecutionContext,
+} from '../../execution-context';
+import {
+  PolicyObligationSchema,
+  type PolicyObligation,
+} from './obligations';
+import { RouteHintSchema, type RouteHint } from './route-hints';
+/**
+ * Closed decision set (plan v4.3 §A.4).
+ *
+ * `needs_approval` is its own outcome — never collapsed into `allow`
+ * with an obligation; the router suspends the invocation when it sees
+ * this kind and emits `approval.requested.v1` (plan §A.5).
+ */
+export enum PolicyDecisionKind {
+  Allow = 'allow',
+  Deny = 'deny',
+  NeedsApproval = 'needs_approval',
+}
+export const PolicyDecisionKindSchema = z.nativeEnum(PolicyDecisionKind);
+/**
+ * Which precedence tier supplied the `credentialBindingId` on an `allow`
+ * decision (plan §W4 / Pillar 3.2). Closed set — the PDP applies a fixed
+ * priority ladder and records the winning tier so the Studio debugger (and
+ * audit) can explain WHY a given binding was selected, without re-deriving it.
+ *
+ * Priority, highest wins:
+ *   `explicit` (a grant names the binding) > `capability_default`
+ *   (the descriptor's `defaultCredentialBindingRef`) > `project_default` >
+ *   `org_default`. No match ⇒ the PDP emits NO binding and denies with
+ *   `MISSING_CREDENTIAL_BINDING` (never a silent fallback).
+ */
+export enum CredentialPrecedenceSource {
+  Explicit = 'explicit',
+  CapabilityDefault = 'capability_default',
+  ProjectDefault = 'project_default',
+  OrgDefault = 'org_default',
+}
+export const CredentialPrecedenceSourceSchema = z.nativeEnum(
+  CredentialPrecedenceSource,
+);
+/**
+ * `PolicyRequest` — the input shape `authorization-api.policyCheck`
+ * accepts (plan v4.3 §A.4).
+ *
+ * Currently a type alias for `ExecutionContext` because every field
+ * policy needs is already on the envelope. Kept as a separate name so a
+ * future v2 split (e.g. pre-resolved subject roles) does not churn every
+ * call site.
+ */
+export type PolicyRequest = ExecutionContext;
+export const PolicyRequestSchema: z.ZodType<PolicyRequest> =
+  ExecutionContextSchema;
+/**
+ * `PolicyDecision` — the output shape `authorization-api.policyCheck`
+ * returns (plan v4.3 §A.4).
+ *
+ * `kind` is the verdict; `obligations` is a CLOSED discriminated union
+ * (see `PolicyObligation`); `routeHints` carries runner-selection
+ * guidance the router applies after `allow`. `reason` is a stable wire
+ * code from the OPA bundle (free-form here, closed by the bundle).
+ */
+export interface PolicyDecision {
+  kind: PolicyDecisionKind;
+  reason?: string;
+  obligations?: PolicyObligation[];
+  routeHints?: RouteHint;
+  /**
+   * The credential binding the executing gateway MUST use to resolve the
+   * external credential for this invocation (plan §W4 / Pillar 3.2). Present
+   * ONLY on an `allow` decision for a capability that declares an
+   * `externalServiceRef`. The PDP is the single authority that selects it via
+   * the deterministic precedence ladder; the router passes ONLY this opaque id
+   * downstream (never a secret), and the broker re-validates it before reading
+   * custody. Absent here ⇒ the capability needs no external credential, OR the
+   * decision is a `deny`/`needs_approval`.
+   */
+  credentialBindingId?: string;
+  /**
+   * Which precedence tier supplied `credentialBindingId`. Populated iff
+   * `credentialBindingId` is present, so the Studio debugger and audit can
+   * explain the selection. See `CredentialPrecedenceSource`.
+   */
+  credentialPrecedenceApplied?: CredentialPrecedenceSource;
+}
+export const PolicyDecisionSchema = z.object({
+  kind: PolicyDecisionKindSchema,
+  reason: z.string().min(1).optional(),
+  obligations: z.array(PolicyObligationSchema).optional(),
+  routeHints: RouteHintSchema.optional(),
+  credentialBindingId: z.string().min(1).optional(),
+  credentialPrecedenceApplied: CredentialPrecedenceSourceSchema.optional(),
+}) as z.ZodType<PolicyDecision>;

package/src/policy/lib/route-hints.ts ADDED Viewed

@@ -0,0 +1,51 @@
+import { z } from 'zod';
+import { RunnerKind, RunnerKindSchema } from './obligations';
+/**
+ * `RouteHint` — runner-selection guidance emitted alongside a
+ * `PolicyDecision` (plan v4.3 §A.4).
+ *
+ * The capability router consults this AFTER policy returns `allow`, to
+ * pick a runner that satisfies all hints. Hints are PREFERENCES unless
+ * an obligation pins them (e.g. `require-runner-kind`); the router
+ * fails-fast when a required hint cannot be satisfied.
+ */
+export interface RouteHint {
+  /**
+   * Labels every candidate runner MUST advertise on its `RunnerDescriptor`
+   * — e.g. `{ region: 'eu-west', dataLocality: 'customer-private' }`. AND
+   * semantics (all keys must match).
+   */
+  requiredRunnerLabels?: Record<string, string>;
+  /**
+   * Soft preference for a `RunnerKind` (Local / Cloud / CustomerEdge /
+   * GPU / Sandbox / CI). The router MAY fall back to another kind if the
+   * preferred kind is unavailable — UNLESS a `require-runner-kind`
+   * obligation hard-pins it.
+   */
+  preferredRunnerKind?: RunnerKind;
+  /**
+   * Required region for the dispatched runner. The router refuses to
+   * dispatch if no candidate matches.
+   */
+  requiredRegion?: string;
+  /**
+   * Hard constraint: only customer-edge runners may handle this
+   * invocation. Equivalent to `data-residency=customer-private`
+   * obligation but expressed at the routing layer; the router MUST
+   * respect both.
+   */
+  requireCustomerEdge?: boolean;
+}
+export const RouteHintSchema = z.object({
+  requiredRunnerLabels: z.record(z.string().min(1), z.string().min(1)).optional(),
+  preferredRunnerKind: RunnerKindSchema.optional(),
+  requiredRegion: z.string().min(1).optional(),
+  requireCustomerEdge: z.boolean().optional(),
+}) as z.ZodType<RouteHint>;
+export { RunnerKind, RunnerKindSchema } from './obligations';

package/src/runner/index.ts ADDED Viewed

@@ -0,0 +1,11 @@
+export * from './lib/runner';
+export * from './lib/runner-attestation';
+export * from './lib/job-token';
+export * from './lib/runner-mode';
+export * from './lib/runner-kind';
+export * from './lib/runtime-isolation';
+export * from './lib/runner-registration';
+export * from './lib/runner-plane';
+export * from './lib/runner-job';
+export * from './lib/dispatch';
+export * from './lib/input-hash';