@xemahq/kernel-contracts 0.2.0 → 0.2.2

package/dist/mail-source/lib/mail-event.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAIL_EVENT_DATA_TYPE = exports.MAIL_EVENT_SOURCE = exports.MAIL_EVENT_SCHEMA_VERSION = exports.MailThreadUpdatedSchema = exports.MailMessageClassifiedSchema = exports.MailMessageReceivedSchema = exports.MailEventBaseSchema = exports.MailEventType = void 0;
+const zod_1 = require("zod");
+var MailEventType;
+(function (MailEventType) {
+    MailEventType["MessageReceived"] = "mail.message.received";
+    MailEventType["MessageClassified"] = "mail.message.classified";
+    MailEventType["ThreadUpdated"] = "mail.thread.updated";
+})(MailEventType || (exports.MailEventType = MailEventType = {}));
+exports.MailEventBaseSchema = zod_1.z.object({
+    orgId: zod_1.z.string().min(1),
+    projectId: zod_1.z.string().min(1).optional(),
+    mailboxRef: zod_1.z.string().min(1),
+    messageId: zod_1.z.string().min(1),
+    threadRef: zod_1.z.string().min(1).optional(),
+    from: zod_1.z.string().min(1),
+    subject: zod_1.z.string().optional(),
+    receivedAt: zod_1.z.string().min(1),
+    labels: zod_1.z.array(zod_1.z.string()).optional(),
+});
+exports.MailMessageReceivedSchema = exports.MailEventBaseSchema.extend({
+    classification: zod_1.z.string().min(1).optional(),
+});
+exports.MailMessageClassifiedSchema = exports.MailEventBaseSchema.extend({
+    classification: zod_1.z.string().min(1),
+});
+exports.MailThreadUpdatedSchema = zod_1.z.object({
+    orgId: zod_1.z.string().min(1),
+    projectId: zod_1.z.string().min(1).optional(),
+    mailboxRef: zod_1.z.string().min(1),
+    threadRef: zod_1.z.string().min(1),
+    subject: zod_1.z.string().optional(),
+    participants: zod_1.z.array(zod_1.z.string()),
+    messageCount: zod_1.z.number().int().nonnegative(),
+    lastReceivedAt: zod_1.z.string().min(1),
+});
+exports.MAIL_EVENT_SCHEMA_VERSION = '1.0.0';
+exports.MAIL_EVENT_SOURCE = '/xema/services/mailops-api';
+exports.MAIL_EVENT_DATA_TYPE = 'mailops';
+//# sourceMappingURL=mail-event.js.map

package/dist/mail-source/lib/mail-event.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mail-event.js","sourceRoot":"","sources":["../../../src/mail-source/lib/mail-event.ts"],"names":[],"mappings":";;;AAsBA,6BAAwB;AAMxB,IAAY,aAOX;AAPD,WAAY,aAAa;IAEvB,0DAAyC,CAAA;IAEzC,8DAA6C,CAAA;IAE7C,sDAAqC,CAAA;AACvC,CAAC,EAPW,aAAa,6BAAb,aAAa,QAOxB;AAMY,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEvC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAE7B,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAE5B,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE9B,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAE7B,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC;AAGU,QAAA,yBAAyB,GAAG,2BAAmB,CAAC,MAAM,CAAC;IAKlE,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC7C,CAAC,CAAC;AAMU,QAAA,2BAA2B,GAAG,2BAAmB,CAAC,MAAM,CAAC;IACpE,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAClC,CAAC,CAAC;AAGU,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9C,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7B,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE9B,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAEjC,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;IAE5C,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAClC,CAAC,CAAC;AAWU,QAAA,yBAAyB,GAAG,OAAgB,CAAC;AAG7C,QAAA,iBAAiB,GAAG,4BAAqC,CAAC;AAG1D,QAAA,oBAAoB,GAAG,SAAkB,CAAC"}

package/dist/policy/index.d.ts

@@ -1,4 +1,5 @@
 export * from './lib/obligations';
+export * from './lib/egress-allowlist';
 export * from './lib/route-hints';
 export * from './lib/policy';
 //# sourceMappingURL=index.d.ts.map

package/dist/policy/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AACvC,cAAc,mBAAmB,CAAC;AAClC,cAAc,cAAc,CAAC"}

package/dist/policy/index.js

@@ -15,6 +15,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./lib/obligations"), exports);
+__exportStar(require("./lib/egress-allowlist"), exports);
 __exportStar(require("./lib/route-hints"), exports);
 __exportStar(require("./lib/policy"), exports);
 //# sourceMappingURL=index.js.map

package/dist/policy/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,oDAAkC;AAClC,+CAA6B"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,yDAAuC;AACvC,oDAAkC;AAClC,+CAA6B"}

package/dist/policy/lib/egress-allowlist.d.ts

@@ -0,0 +1,18 @@
+import { type EgressAllowlistObligation } from './obligations';
+export type EgressDecision = {
+    readonly allowed: true;
+} | {
+    readonly allowed: false;
+    readonly reason: EgressDenyReason;
+};
+export declare enum EgressDenyReason {
+    InvalidTarget = "invalid-target",
+    Blocklisted = "blocklisted",
+    NotAllowlisted = "not-allowlisted"
+}
+export declare class MalformedEgressObligationError extends Error {
+    constructor(detail: string);
+}
+export declare function evaluateEgress(targetUrl: string, obligation: EgressAllowlistObligation): EgressDecision;
+export declare function isEgressAllowed(targetUrl: string, obligation: EgressAllowlistObligation): boolean;
+//# sourceMappingURL=egress-allowlist.d.ts.map

package/dist/policy/lib/egress-allowlist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"egress-allowlist.d.ts","sourceRoot":"","sources":["../../../src/policy/lib/egress-allowlist.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,yBAAyB,EAC/B,MAAM,eAAe,CAAC;AAmBvB,MAAM,MAAM,cAAc,GACtB;IAAE,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAA;CAAE,GAC1B;IAAE,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC;IAAC,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAA;CAAE,CAAC;AAGnE,oBAAY,gBAAgB;IAE1B,aAAa,mBAAmB;IAEhC,WAAW,gBAAgB;IAE3B,cAAc,oBAAoB;CACnC;AAOD,qBAAa,8BAA+B,SAAQ,KAAK;gBAC3C,MAAM,EAAE,MAAM;CAI3B;AAcD,wBAAgB,cAAc,CAC5B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,yBAAyB,GACpC,cAAc,CA6BhB;AAOD,wBAAgB,eAAe,CAC7B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,yBAAyB,GACpC,OAAO,CAET"}

package/dist/policy/lib/egress-allowlist.js

@@ -0,0 +1,130 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MalformedEgressObligationError = exports.EgressDenyReason = void 0;
+exports.evaluateEgress = evaluateEgress;
+exports.isEgressAllowed = isEgressAllowed;
+const obligations_1 = require("./obligations");
+var EgressDenyReason;
+(function (EgressDenyReason) {
+    EgressDenyReason["InvalidTarget"] = "invalid-target";
+    EgressDenyReason["Blocklisted"] = "blocklisted";
+    EgressDenyReason["NotAllowlisted"] = "not-allowlisted";
+})(EgressDenyReason || (exports.EgressDenyReason = EgressDenyReason = {}));
+class MalformedEgressObligationError extends Error {
+    constructor(detail) {
+        super(`Malformed egress-allowlist obligation: ${detail}`);
+        this.name = 'MalformedEgressObligationError';
+    }
+}
+exports.MalformedEgressObligationError = MalformedEgressObligationError;
+function evaluateEgress(targetUrl, obligation) {
+    const parsed = obligations_1.EgressAllowlistObligationSchema.safeParse(obligation);
+    if (!parsed.success) {
+        throw new MalformedEgressObligationError(parsed.error.issues[0]?.message ?? 'invalid payload');
+    }
+    const { allow, deny } = parsed.data;
+    const target = parseTarget(targetUrl);
+    if (target === null) {
+        return { allowed: false, reason: EgressDenyReason.InvalidTarget };
+    }
+    if (deny !== undefined) {
+        for (const pattern of deny) {
+            if (matchPattern(pattern, target)) {
+                return { allowed: false, reason: EgressDenyReason.Blocklisted };
+            }
+        }
+    }
+    for (const pattern of allow) {
+        if (matchPattern(pattern, target)) {
+            return { allowed: true };
+        }
+    }
+    return { allowed: false, reason: EgressDenyReason.NotAllowlisted };
+}
+function isEgressAllowed(targetUrl, obligation) {
+    return evaluateEgress(targetUrl, obligation).allowed;
+}
+function parseTarget(rawUrl) {
+    let u;
+    try {
+        u = new URL(rawUrl);
+    }
+    catch {
+        return null;
+    }
+    if (u.protocol !== 'http:' && u.protocol !== 'https:') {
+        return null;
+    }
+    const host = u.hostname.toLowerCase().replace(/\.$/, '');
+    if (host.length === 0) {
+        return null;
+    }
+    return { host, scheme: u.protocol, path: normalisePath(u.pathname) };
+}
+function normalisePath(pathname) {
+    const collapsed = pathname.replace(/\/{2,}/g, '/');
+    if (collapsed.length > 1 && collapsed.endsWith('/')) {
+        return collapsed.slice(0, -1);
+    }
+    return collapsed.length === 0 ? '/' : collapsed;
+}
+function matchPattern(pattern, target) {
+    const schemeSep = pattern.indexOf('://');
+    if (schemeSep === -1) {
+        if (pattern.includes('/')) {
+            return false;
+        }
+        return matchHost(pattern.toLowerCase(), target.host);
+    }
+    const scheme = pattern.slice(0, schemeSep + 1).toLowerCase();
+    if (scheme !== target.scheme) {
+        return false;
+    }
+    const rest = pattern.slice(schemeSep + 3);
+    const slash = rest.indexOf('/');
+    const hostPart = (slash === -1 ? rest : rest.slice(0, slash)).toLowerCase();
+    const pathPart = slash === -1 ? '' : rest.slice(slash);
+    if (!matchHost(hostPart, target.host)) {
+        return false;
+    }
+    return matchPath(pathPart, target.path);
+}
+function matchHost(pattern, host) {
+    if (pattern.length === 0) {
+        return false;
+    }
+    const pLabels = pattern.split('.');
+    const hLabels = host.split('.');
+    if (pLabels.length !== hLabels.length) {
+        return false;
+    }
+    for (let i = 0; i < pLabels.length; i++) {
+        const pl = pLabels[i];
+        const hl = hLabels[i];
+        if (pl === '*') {
+            if (hl === undefined || hl.length === 0) {
+                return false;
+            }
+            continue;
+        }
+        if (pl !== hl) {
+            return false;
+        }
+    }
+    return true;
+}
+function matchPath(patternPath, targetPath) {
+    if (patternPath === '' || patternPath === '/') {
+        return true;
+    }
+    const wildcard = patternPath.endsWith('/*');
+    const base = normalisePath(wildcard ? patternPath.slice(0, -2) : patternPath);
+    if (!wildcard) {
+        return targetPath === base;
+    }
+    if (targetPath === base) {
+        return true;
+    }
+    return targetPath.startsWith(base === '/' ? '/' : `${base}/`);
+}
+//# sourceMappingURL=egress-allowlist.js.map

package/dist/policy/lib/egress-allowlist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"egress-allowlist.js","sourceRoot":"","sources":["../../../src/policy/lib/egress-allowlist.ts"],"names":[],"mappings":";;;AA4DA,wCAgCC;AAOD,0CAKC;AAxGD,+CAGuB;AAwBvB,IAAY,gBAOX;AAPD,WAAY,gBAAgB;IAE1B,oDAAgC,CAAA;IAEhC,+CAA2B,CAAA;IAE3B,sDAAkC,CAAA;AACpC,CAAC,EAPW,gBAAgB,gCAAhB,gBAAgB,QAO3B;AAOD,MAAa,8BAA+B,SAAQ,KAAK;IACvD,YAAY,MAAc;QACxB,KAAK,CAAC,0CAA0C,MAAM,EAAE,CAAC,CAAC;QAC1D,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AALD,wEAKC;AAcD,SAAgB,cAAc,CAC5B,SAAiB,EACjB,UAAqC;IAKrC,MAAM,MAAM,GAAG,6CAA+B,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACrE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,8BAA8B,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO,IAAI,iBAAiB,CAAC,CAAC;IACjG,CAAC;IACD,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC;IAEpC,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IACtC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,CAAC,aAAa,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,KAAK,MAAM,OAAO,IAAI,IAAI,EAAE,CAAC;YAC3B,IAAI,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,CAAC;gBAClC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,CAAC,WAAW,EAAE,CAAC;YAClE,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE,CAAC;QAC5B,IAAI,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,CAAC,cAAc,EAAE,CAAC;AACrE,CAAC;AAOD,SAAgB,eAAe,CAC7B,SAAiB,EACjB,UAAqC;IAErC,OAAO,cAAc,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC,OAAO,CAAC;AACvD,CAAC;AAsBD,SAAS,WAAW,CAAC,MAAc;IACjC,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACtD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACzD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;AACvE,CAAC;AAGD,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACnD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACpD,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;AAClD,CAAC;AAOD,SAAS,YAAY,CAAC,OAAe,EAAE,MAAoB;IACzD,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACzC,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;QAErB,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAI1B,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7D,IAAI,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,QAAQ,GAAG,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5E,MAAM,QAAQ,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACvD,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;AAC1C,CAAC;AAOD,SAAS,SAAS,CAAC,OAAe,EAAE,IAAY;IAC9C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;QACtC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YAEf,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACxC,OAAO,KAAK,CAAC;YACf,CAAC;YACD,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAUD,SAAS,SAAS,CAAC,WAAmB,EAAE,UAAkB;IACxD,IAAI,WAAW,KAAK,EAAE,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IAC9E,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,UAAU,KAAK,IAAI,CAAC;IAC7B,CAAC;IAGD,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,UAAU,CAAC,UAAU,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC;AAChE,CAAC"}

package/dist/policy/lib/obligations.d.ts

@@ -7,7 +7,8 @@ export declare enum PolicyObligationKind {
     MaxDurationSeconds = "max-duration-seconds",
     MaxCostUsd = "max-cost-usd",
     RestrictOutputClassification = "restrict-output-classification",
-    DataResidency = "data-residency"
+    DataResidency = "data-residency",
+    EgressAllowlist = "egress-allowlist"
 }
 export declare const PolicyObligationKindSchema: z.ZodEnum<typeof PolicyObligationKind>;
 export declare enum RunnerKind {
@@ -64,6 +65,12 @@ export declare const DataResidencyObligationSchema: z.ZodObject<{
     residency: z.ZodEnum<typeof DataResidency>;
 }, z.core.$strip>;
 export type DataResidencyObligation = z.infer<typeof DataResidencyObligationSchema>;
+export declare const EgressAllowlistObligationSchema: z.ZodObject<{
+    kind: z.ZodLiteral<PolicyObligationKind.EgressAllowlist>;
+    allow: z.ZodArray<z.ZodString>;
+    deny: z.ZodOptional<z.ZodArray<z.ZodString>>;
+}, z.core.$strip>;
+export type EgressAllowlistObligation = z.infer<typeof EgressAllowlistObligationSchema>;
 export declare const PolicyObligationSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
     kind: z.ZodLiteral<PolicyObligationKind.Audit>;
 }, z.core.$strip>, z.ZodObject<{
@@ -86,6 +93,10 @@ export declare const PolicyObligationSchema: z.ZodDiscriminatedUnion<[z.ZodObjec
 }, z.core.$strip>, z.ZodObject<{
     kind: z.ZodLiteral<PolicyObligationKind.DataResidency>;
     residency: z.ZodEnum<typeof DataResidency>;
+}, z.core.$strip>, z.ZodObject<{
+    kind: z.ZodLiteral<PolicyObligationKind.EgressAllowlist>;
+    allow: z.ZodArray<z.ZodString>;
+    deny: z.ZodOptional<z.ZodArray<z.ZodString>>;
 }, z.core.$strip>], "kind">;
 export type PolicyObligation = z.infer<typeof PolicyObligationSchema>;
 //# sourceMappingURL=obligations.d.ts.map

package/dist/policy/lib/obligations.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"obligations.d.ts","sourceRoot":"","sources":["../../../src/policy/lib/obligations.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAWxB,oBAAY,oBAAoB;IAC9B,KAAK,UAAU;IACf,aAAa,mBAAmB;IAChC,iBAAiB,wBAAwB;IACzC,oBAAoB,2BAA2B;IAC/C,kBAAkB,yBAAyB;IAC3C,UAAU,iBAAiB;IAC3B,4BAA4B,mCAAmC;IAC/D,aAAa,mBAAmB;CACjC;AAED,eAAO,MAAM,0BAA0B,wCAAqC,CAAC;AAa7E,oBAAY,UAAU;IACpB,KAAK,UAAU;IACf,KAAK,UAAU;IACf,YAAY,kBAAkB;IAC9B,GAAG,QAAQ;IACX,OAAO,YAAY;IACnB,EAAE,OAAO;IAQT,WAAW,iBAAiB;CAC7B;AAED,eAAO,MAAM,gBAAgB,8BAA2B,CAAC;AAWzD,oBAAY,aAAa;IACvB,EAAE,OAAO;IACT,EAAE,OAAO;IACT,eAAe,qBAAqB;CACrC;AAED,eAAO,MAAM,mBAAmB,iCAA8B,CAAC;AAU/D,eAAO,MAAM,qBAAqB;;iBAEhC,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,eAAO,MAAM,6BAA6B;;iBAExC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF,eAAO,MAAM,iCAAiC;;;iBAG5C,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAC/C,OAAO,iCAAiC,CACzC,CAAC;AAEF,eAAO,MAAM,oCAAoC;;;iBAI/C,CAAC;AACH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAClD,OAAO,oCAAoC,CAC5C,CAAC;AAEF,eAAO,MAAM,kCAAkC;;;iBAG7C,CAAC;AACH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,kCAAkC,CAC1C,CAAC;AAEF,eAAO,MAAM,0BAA0B;;;iBAGrC,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAE9E,eAAO,MAAM,4CAA4C;;;iBAGvD,CAAC;AACH,MAAM,MAAM,sCAAsC,GAAG,CAAC,CAAC,KAAK,CAC1D,OAAO,4CAA4C,CACpD,CAAC;AAEF,eAAO,MAAM,6BAA6B;;;iBAGxC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAC3C,OAAO,6BAA6B,CACrC,CAAC;AASF,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;2BASjC,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC"}
+{"version":3,"file":"obligations.d.ts","sourceRoot":"","sources":["../../../src/policy/lib/obligations.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAWxB,oBAAY,oBAAoB;IAC9B,KAAK,UAAU;IACf,aAAa,mBAAmB;IAChC,iBAAiB,wBAAwB;IACzC,oBAAoB,2BAA2B;IAC/C,kBAAkB,yBAAyB;IAC3C,UAAU,iBAAiB;IAC3B,4BAA4B,mCAAmC;IAC/D,aAAa,mBAAmB;IAShC,eAAe,qBAAqB;CACrC;AAED,eAAO,MAAM,0BAA0B,wCAAqC,CAAC;AAa7E,oBAAY,UAAU;IACpB,KAAK,UAAU;IACf,KAAK,UAAU;IACf,YAAY,kBAAkB;IAC9B,GAAG,QAAQ;IACX,OAAO,YAAY;IACnB,EAAE,OAAO;IAQT,WAAW,iBAAiB;CAC7B;AAED,eAAO,MAAM,gBAAgB,8BAA2B,CAAC;AAWzD,oBAAY,aAAa;IACvB,EAAE,OAAO;IACT,EAAE,OAAO;IACT,eAAe,qBAAqB;CACrC;AAED,eAAO,MAAM,mBAAmB,iCAA8B,CAAC;AAU/D,eAAO,MAAM,qBAAqB;;iBAEhC,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,eAAO,MAAM,6BAA6B;;iBAExC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF,eAAO,MAAM,iCAAiC;;;iBAG5C,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAC/C,OAAO,iCAAiC,CACzC,CAAC;AAEF,eAAO,MAAM,oCAAoC;;;iBAI/C,CAAC;AACH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAClD,OAAO,oCAAoC,CAC5C,CAAC;AAEF,eAAO,MAAM,kCAAkC;;;iBAG7C,CAAC;AACH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,kCAAkC,CAC1C,CAAC;AAEF,eAAO,MAAM,0BAA0B;;;iBAGrC,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAE9E,eAAO,MAAM,4CAA4C;;;iBAGvD,CAAC;AACH,MAAM,MAAM,sCAAsC,GAAG,CAAC,CAAC,KAAK,CAC1D,OAAO,4CAA4C,CACpD,CAAC;AAEF,eAAO,MAAM,6BAA6B;;;iBAGxC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAC3C,OAAO,6BAA6B,CACrC,CAAC;AAoCF,eAAO,MAAM,+BAA+B;;;;iBAY1C,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,+BAA+B,CACvC,CAAC;AASF,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;2BAUjC,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC"}

package/dist/policy/lib/obligations.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.PolicyObligationSchema = exports.DataResidencyObligationSchema = exports.RestrictOutputClassificationObligationSchema = exports.MaxCostUsdObligationSchema = exports.MaxDurationSecondsObligationSchema = exports.RequireHumanApprovalObligationSchema = exports.RequireRunnerKindObligationSchema = exports.RedactSecretsObligationSchema = exports.AuditObligationSchema = exports.DataResidencySchema = exports.DataResidency = exports.RunnerKindSchema = exports.RunnerKind = exports.PolicyObligationKindSchema = exports.PolicyObligationKind = void 0;
+exports.PolicyObligationSchema = exports.EgressAllowlistObligationSchema = exports.DataResidencyObligationSchema = exports.RestrictOutputClassificationObligationSchema = exports.MaxCostUsdObligationSchema = exports.MaxDurationSecondsObligationSchema = exports.RequireHumanApprovalObligationSchema = exports.RequireRunnerKindObligationSchema = exports.RedactSecretsObligationSchema = exports.AuditObligationSchema = exports.DataResidencySchema = exports.DataResidency = exports.RunnerKindSchema = exports.RunnerKind = exports.PolicyObligationKindSchema = exports.PolicyObligationKind = void 0;
 const zod_1 = require("zod");
 const space_1 = require("../../space");
 var PolicyObligationKind;
@@ -13,6 +13,7 @@ var PolicyObligationKind;
     PolicyObligationKind["MaxCostUsd"] = "max-cost-usd";
     PolicyObligationKind["RestrictOutputClassification"] = "restrict-output-classification";
     PolicyObligationKind["DataResidency"] = "data-residency";
+    PolicyObligationKind["EgressAllowlist"] = "egress-allowlist";
 })(PolicyObligationKind || (exports.PolicyObligationKind = PolicyObligationKind = {}));
 exports.PolicyObligationKindSchema = zod_1.z.nativeEnum(PolicyObligationKind);
 var RunnerKind;
@@ -63,6 +64,17 @@ exports.DataResidencyObligationSchema = zod_1.z.object({
     kind: zod_1.z.literal(PolicyObligationKind.DataResidency),
     residency: exports.DataResidencySchema,
 });
+const EGRESS_PATTERN = zod_1.z
+    .string()
+    .min(1)
+    .refine((p) => !/[\s@#?]/.test(p), {
+    message: 'egress pattern must not contain whitespace, "@", "#" or "?" (those belong to the target URL, not the rule)',
+});
+exports.EgressAllowlistObligationSchema = zod_1.z.object({
+    kind: zod_1.z.literal(PolicyObligationKind.EgressAllowlist),
+    allow: zod_1.z.array(EGRESS_PATTERN).min(1),
+    deny: zod_1.z.array(EGRESS_PATTERN).optional(),
+});
 exports.PolicyObligationSchema = zod_1.z.discriminatedUnion('kind', [
     exports.AuditObligationSchema,
     exports.RedactSecretsObligationSchema,
@@ -72,5 +84,6 @@ exports.PolicyObligationSchema = zod_1.z.discriminatedUnion('kind', [
     exports.MaxCostUsdObligationSchema,
     exports.RestrictOutputClassificationObligationSchema,
     exports.DataResidencyObligationSchema,
+    exports.EgressAllowlistObligationSchema,
 ]);
 //# sourceMappingURL=obligations.js.map

package/dist/policy/lib/obligations.js.map

@@ -1 +1 @@
-{"version":3,"file":"obligations.js","sourceRoot":"","sources":["../../../src/policy/lib/obligations.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AACxB,uCAAuD;AAUvD,IAAY,oBASX;AATD,WAAY,oBAAoB;IAC9B,uCAAe,CAAA;IACf,wDAAgC,CAAA;IAChC,iEAAyC,CAAA;IACzC,uEAA+C,CAAA;IAC/C,mEAA2C,CAAA;IAC3C,mDAA2B,CAAA;IAC3B,uFAA+D,CAAA;IAC/D,wDAAgC,CAAA;AAClC,CAAC,EATW,oBAAoB,oCAApB,oBAAoB,QAS/B;AAEY,QAAA,0BAA0B,GAAG,OAAC,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;AAa7E,IAAY,UAeX;AAfD,WAAY,UAAU;IACpB,6BAAe,CAAA;IACf,6BAAe,CAAA;IACf,4CAA8B,CAAA;IAC9B,yBAAW,CAAA;IACX,iCAAmB,CAAA;IACnB,uBAAS,CAAA;IAQT,0CAA4B,CAAA;AAC9B,CAAC,EAfW,UAAU,0BAAV,UAAU,QAerB;AAEY,QAAA,gBAAgB,GAAG,OAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;AAWzD,IAAY,aAIX;AAJD,WAAY,aAAa;IACvB,0BAAS,CAAA;IACT,0BAAS,CAAA;IACT,qDAAoC,CAAA;AACtC,CAAC,EAJW,aAAa,6BAAb,aAAa,QAIxB;AAEY,QAAA,mBAAmB,GAAG,OAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;AAUlD,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC;CAC5C,CAAC,CAAC;AAGU,QAAA,6BAA6B,GAAG,OAAC,CAAC,MAAM,CAAC;IACpD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,aAAa,CAAC;CACpD,CAAC,CAAC;AAGU,QAAA,iCAAiC,GAAG,OAAC,CAAC,MAAM,CAAC;IACxD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,iBAAiB,CAAC;IACvD,UAAU,EAAE,wBAAgB;CAC7B,CAAC,CAAC;AAKU,QAAA,oCAAoC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3D,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,oBAAoB,CAAC;IAE1D,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAKU,QAAA,kCAAkC,GAAG,OAAC,CAAC,MAAM,CAAC;IACzD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,kBAAkB,CAAC;IACxD,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CAChD,CAAC,CAAC;AAKU,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC;IAChD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC;AAGU,QAAA,4CAA4C,GAAG,OAAC,CAAC,MAAM,CAAC;IACnE,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,4BAA4B,CAAC;IAClE,iBAAiB,EAAE,gCAAwB;CAC5C,CAAC,CAAC;AAKU,QAAA,6BAA6B,GAAG,OAAC,CAAC,MAAM,CAAC;IACpD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,aAAa,CAAC;IACnD,SAAS,EAAE,2BAAmB;CAC/B,CAAC,CAAC;AAYU,QAAA,sBAAsB,GAAG,OAAC,CAAC,kBAAkB,CAAC,MAAM,EAAE;IACjE,6BAAqB;IACrB,qCAA6B;IAC7B,yCAAiC;IACjC,4CAAoC;IACpC,0CAAkC;IAClC,kCAA0B;IAC1B,oDAA4C;IAC5C,qCAA6B;CAC9B,CAAC,CAAC"}
+{"version":3,"file":"obligations.js","sourceRoot":"","sources":["../../../src/policy/lib/obligations.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AACxB,uCAAuD;AAUvD,IAAY,oBAkBX;AAlBD,WAAY,oBAAoB;IAC9B,uCAAe,CAAA;IACf,wDAAgC,CAAA;IAChC,iEAAyC,CAAA;IACzC,uEAA+C,CAAA;IAC/C,mEAA2C,CAAA;IAC3C,mDAA2B,CAAA;IAC3B,uFAA+D,CAAA;IAC/D,wDAAgC,CAAA;IAShC,4DAAoC,CAAA;AACtC,CAAC,EAlBW,oBAAoB,oCAApB,oBAAoB,QAkB/B;AAEY,QAAA,0BAA0B,GAAG,OAAC,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;AAa7E,IAAY,UAeX;AAfD,WAAY,UAAU;IACpB,6BAAe,CAAA;IACf,6BAAe,CAAA;IACf,4CAA8B,CAAA;IAC9B,yBAAW,CAAA;IACX,iCAAmB,CAAA;IACnB,uBAAS,CAAA;IAQT,0CAA4B,CAAA;AAC9B,CAAC,EAfW,UAAU,0BAAV,UAAU,QAerB;AAEY,QAAA,gBAAgB,GAAG,OAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;AAWzD,IAAY,aAIX;AAJD,WAAY,aAAa;IACvB,0BAAS,CAAA;IACT,0BAAS,CAAA;IACT,qDAAoC,CAAA;AACtC,CAAC,EAJW,aAAa,6BAAb,aAAa,QAIxB;AAEY,QAAA,mBAAmB,GAAG,OAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;AAUlD,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC;CAC5C,CAAC,CAAC;AAGU,QAAA,6BAA6B,GAAG,OAAC,CAAC,MAAM,CAAC;IACpD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,aAAa,CAAC;CACpD,CAAC,CAAC;AAGU,QAAA,iCAAiC,GAAG,OAAC,CAAC,MAAM,CAAC;IACxD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,iBAAiB,CAAC;IACvD,UAAU,EAAE,wBAAgB;CAC7B,CAAC,CAAC;AAKU,QAAA,oCAAoC,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3D,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,oBAAoB,CAAC;IAE1D,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAKU,QAAA,kCAAkC,GAAG,OAAC,CAAC,MAAM,CAAC;IACzD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,kBAAkB,CAAC;IACxD,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CAChD,CAAC,CAAC;AAKU,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC;IAChD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC;AAGU,QAAA,4CAA4C,GAAG,OAAC,CAAC,MAAM,CAAC;IACnE,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,4BAA4B,CAAC;IAClE,iBAAiB,EAAE,gCAAwB;CAC5C,CAAC,CAAC;AAKU,QAAA,6BAA6B,GAAG,OAAC,CAAC,MAAM,CAAC;IACpD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,aAAa,CAAC;IACnD,SAAS,EAAE,2BAAmB;CAC/B,CAAC,CAAC;AA4BH,MAAM,cAAc,GAAG,OAAC;KACrB,MAAM,EAAE;KACR,GAAG,CAAC,CAAC,CAAC;KAIN,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;IACjC,OAAO,EACL,4GAA4G;CAC/G,CAAC,CAAC;AAEQ,QAAA,+BAA+B,GAAG,OAAC,CAAC,MAAM,CAAC;IACtD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,eAAe,CAAC;IAQrD,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAErC,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAYU,QAAA,sBAAsB,GAAG,OAAC,CAAC,kBAAkB,CAAC,MAAM,EAAE;IACjE,6BAAqB;IACrB,qCAA6B;IAC7B,yCAAiC;IACjC,4CAAoC;IACpC,0CAAkC;IAClC,kCAA0B;IAC1B,oDAA4C;IAC5C,qCAA6B;IAC7B,uCAA+B;CAChC,CAAC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xemahq/kernel-contracts",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "Consolidated Xema OS kernel wire contracts — pure types + zod schemas for the 32 kernel protocol surfaces. One package, one npm scope, wildcard per-surface subpath exports. No framework/runtime deps.",
   "publishConfig": {
     "registry": "https://registry.npmjs.org/",

package/src/biome/index.ts

@@ -1,7 +1,12 @@
 export * from './lib/biome-capability-refs';
 export * from './lib/biome-lifecycle';
 export * from './lib/biome-scope';
+export * from './lib/biome-tier';
+export * from './lib/biome-target';
+export * from './lib/biome-audience';
+export * from './lib/biome-origin';
 export * from './lib/biome-trust-tier';
+export * from './lib/biome-availability-grant';
 export * from './lib/biome-api';
 export * from './lib/biome-lifecycle-hooks';
 export * from './lib/biome-engines';

package/src/biome/lib/biome-audience.ts

@@ -0,0 +1,27 @@
+import { z } from 'zod';
+
+/**
+ * `BiomeAudience` — WHO a biome is for. Orthogonal to dependency tier
+ * (`BiomeTier`), origin (`BiomeOrigin`), and install scope (`BiomeScope`).
+ *
+ * - `Org` (default) — a normal biome, available to organizations (subject to
+ *   org enablement + availability grants) and eligible to appear in the store.
+ * - `Operator` — for Xema PLATFORM OPERATORS only (us). Effects, enforced
+ *   across the planes:
+ *     1. Packaging — distribution SELECTORS skip operator biomes; they ship
+ *        only when explicitly named in `include[]` (the "force it in" rule for
+ *        the internal distribution).
+ *     2. Discovery — never store-listed; hidden from org-facing biome UIs.
+ *     3. Access — gated to the `platform_admin` realm role.
+ *
+ * Closed set; new values are a kernel change.
+ */
+export enum BiomeAudience {
+  Org = 'org',
+  Operator = 'operator',
+}
+
+export const BiomeAudienceSchema = z.nativeEnum(BiomeAudience);
+
+/** The default audience applied when a manifest omits the field. */
+export const DEFAULT_BIOME_AUDIENCE = BiomeAudience.Org;

package/src/biome/lib/biome-availability-grant.ts

@@ -0,0 +1,42 @@
+import { z } from 'zod';
+import { SubjectRefSchema, type SubjectRef } from '../../subject';
+
+/**
+ * Canonical authorization action for "may this subject see/use this biome".
+ * Registered as a gatable action in `authorization-api`; the biome-host web
+ * registry filters the per-org biome list by evaluating this action for the
+ * caller. NOT the same as installing or enabling a biome (those are org-admin
+ * actions) — this is the third, finer level: availability to a subject within
+ * an org that has already enabled the biome.
+ */
+export const BIOME_ACCESS_ACTION = 'biome.access';
+
+/**
+ * `BiomeAvailabilityGrant` — makes an org-enabled biome available to a specific
+ * subject (a `user` or a `group`/team) within an org.
+ *
+ * Semantics (fail-OPEN by absence, NOT by error):
+ * - If an org has ZERO grant rows for a biome, the biome is available
+ *   ORG-WIDE (the default; preserves today's org-wide enablement behaviour).
+ * - If an org has ONE OR MORE grant rows for a biome, the biome is available
+ *   ONLY to the union of the granted subjects (and to org/platform admins).
+ *
+ * `subject.kind` is meaningful only for `User` and `Group` (team). Org-wide
+ * availability is expressed by the ABSENCE of rows, never by an `org` subject
+ * row — so there is exactly one way to say "everyone".
+ *
+ * Backed by `authorization-api` (the PDP) as grants over the `biome.access`
+ * action; the biome-id is the resource. Portals are the UI that writes these
+ * rows — availability is the generic permission, Portals are the curation lens.
+ */
+export interface BiomeAvailabilityGrant {
+  orgId: string;
+  biomeId: string;
+  subject: SubjectRef;
+}
+
+export const BiomeAvailabilityGrantSchema = z.object({
+  orgId: z.string().min(1),
+  biomeId: z.string().min(1),
+  subject: SubjectRefSchema,
+}) as z.ZodType<BiomeAvailabilityGrant>;

package/src/biome/lib/biome-origin.ts

@@ -0,0 +1,26 @@
+import { z } from 'zod';
+
+/**
+ * `BiomeOrigin` — the packaging-time PROVENANCE posture carried on a biome
+ * manifest (`xema.trustTier` in `xema-biome.json`). This is the value
+ * available at BUILD/resolve time and the one a distribution `trustPolicy`
+ * gates on (e.g. a locked appliance allows only `first-party`).
+ *
+ * Distinct from the richer 6-value publication/install provenance
+ * (`BiomeTrustTier`), which is assigned later at store-publish / install time
+ * and is not knowable from source. Keep the two separate — the distribution
+ * trust gate operates on origin, not on install-time provenance.
+ *
+ * Closed set; new values are a kernel change. (Seam: the biome-sdk manifest's
+ * own 2-value `BiomeTrustTierSchema` should migrate to import this enum so the
+ * posture has a single source of truth.)
+ */
+export enum BiomeOrigin {
+  FirstParty = 'first-party',
+  ThirdParty = 'third-party',
+}
+
+export const BiomeOriginSchema = z.nativeEnum(BiomeOrigin);
+
+/** The default origin applied when a manifest omits the field. */
+export const DEFAULT_BIOME_ORIGIN = BiomeOrigin.ThirdParty;

package/src/biome/lib/biome-target.ts

@@ -0,0 +1,16 @@
+import { z } from 'zod';
+
+/**
+ * `BiomeTarget` — the runtime surface a biome ships for. A `server` biome runs
+ * as a backend workload (NestJS service / worker); a `web` biome is a federated
+ * frontend module mounted in the host shell. Mirrors the biome-sdk manifest
+ * `xema.target` discriminant; lives here as the canonical contract so the
+ * distribution lockfile can type the resolved surface without depending on the
+ * (Layer 1) biome-sdk.
+ */
+export enum BiomeTarget {
+  Server = 'server',
+  Web = 'web',
+}
+
+export const BiomeTargetSchema = z.nativeEnum(BiomeTarget);

package/src/biome/lib/biome-tier.ts

@@ -0,0 +1,44 @@
+import { z } from 'zod';
+
+/**
+ * `BiomeTier` — the canonical DEPENDENCY/BOOT tier of a biome.
+ *
+ * This is the axis that governs which biomes a biome may depend on and the
+ * boot order (kernel boots first, then system, then base, then platform). It
+ * is DISTINCT from two other biome dimensions that share overlapping string
+ * values but mean different things:
+ *
+ * - `BiomeScope` (`biome-scope.ts`) — the INSTALLATION scope
+ *   (`system|org|project|sandbox`): where an installation lives.
+ * - `BiomeTrustTier` (`biome-trust-tier.ts`) — PROVENANCE/origin
+ *   (`first-party|verified-store|community-store|…`).
+ *
+ * Closed set, ordered low→high. `third-party` is intentionally NOT a tier
+ * value — origin/trust is carried by `BiomeTrustTier`, not by the dependency
+ * tier (the two axes were previously conflated in the biome-sdk
+ * `BiomeScopeSchema`). New tiers are a kernel change.
+ *
+ * String values match the on-wire `xema.scope` field of `xema-biome.json`
+ * (the manifest field name remains `scope` for now; the distribution tooling
+ * maps `xema.scope` → `BiomeTier`).
+ */
+export enum BiomeTier {
+  Kernel = 'kernel',
+  System = 'system',
+  Base = 'base',
+  Platform = 'platform',
+}
+
+export const BiomeTierSchema = z.nativeEnum(BiomeTier);
+
+/**
+ * Tier precedence, low→high. A biome of tier `T` may depend only on biomes
+ * whose tier index is `<=` its own. Index 0 (`Kernel`) is the always-shipped
+ * floor of every distribution.
+ */
+export const BIOME_TIER_ORDER: readonly BiomeTier[] = [
+  BiomeTier.Kernel,
+  BiomeTier.System,
+  BiomeTier.Base,
+  BiomeTier.Platform,
+];

package/src/contribution/lib/contribution-kind.ts

@@ -121,6 +121,20 @@ export enum ContributionKind {
    * upsert by `ref`, so they cannot drift.
    */
   Capability = 'capability',
+
+  // -- Domain stage machines (MailOps asset lifecycle) ---------------------
+  /**
+   * A deterministic asset stage machine contributed by a domain biome to a
+   * stage-machine host (today: `mailops-api`). The descriptor is pure data —
+   * an asset type plus an ordered list of stages, each non-initial stage
+   * declaring the evidence kinds that must be present to reach it. The host
+   * compiles the descriptor into runtime predicates over the asset's evidence
+   * timeline (`computeStage`). The kernel owns only this enum member; the
+   * descriptor's manifest schema is owned by the ingesting host (mirroring
+   * `ArtifactType`, whose schema lives in `artifact-store-api`) because the
+   * stage machine is a host-domain concept, not a kernel one.
+   */
+  StageMachine = 'stage-machine',
 }
 
 /**

package/src/distribution/index.ts

@@ -0,0 +1,4 @@
+export * from './lib/distribution-selector';
+export * from './lib/distribution';
+export * from './lib/distribution-lock';
+export * from './lib/image-lock';

package/src/distribution/lib/distribution-lock.ts

@@ -0,0 +1,88 @@
+import { z } from 'zod';
+import {
+  BiomeTierSchema,
+  BiomeTargetSchema,
+  BiomeOriginSchema,
+  type BiomeTier,
+  type BiomeTarget,
+  type BiomeOrigin,
+} from '../../biome';
+
+/**
+ * A single biome as resolved into a distribution lockfile. Version-pinned and
+ * (once images are built) content-addressed. `imageDigest` is populated by the
+ * image-manifest step (`images.lock.json`) and may be absent in the pure biome
+ * lockfile before images are built.
+ */
+export interface LockedBiome {
+  id: string;
+  version: string;
+  tier: BiomeTier;
+  target: BiomeTarget;
+  /** Provenance posture from the manifest (gated by the distribution trustPolicy). */
+  origin: BiomeOrigin;
+  /** Whether the org may disable this biome once shipped (cannot-disable). */
+  mandatory: boolean;
+  /** Source repo + path the biome was resolved from (provenance for the build). */
+  repo: string;
+  path: string;
+  /** Set by the image-manifest resolver; `image@sha256:<digest>`. */
+  imageDigest?: string;
+}
+
+export const LockedBiomeSchema = z.object({
+  id: z.string().min(1),
+  version: z.string().min(1),
+  tier: BiomeTierSchema,
+  target: BiomeTargetSchema,
+  origin: BiomeOriginSchema,
+  mandatory: z.boolean(),
+  repo: z.string().min(1),
+  path: z.string().min(1),
+  imageDigest: z.string().min(1).optional(),
+}) as z.ZodType<LockedBiome>;
+
+/**
+ * `DistributionLock` — the deterministic, resolved output of a `Distribution`.
+ * THE single artifact every consumer reads (deploy generator, test-suite
+ * mapping, biome-host boot filter, appliance build). No consumer re-applies the
+ * distribution rules — the lockfile is the hard boundary.
+ *
+ * `resolvedAt` / `inputHash` are stamped by the resolver tooling, not the
+ * kernel (kernel contracts hold no clock); both optional so the type is usable
+ * mid-resolution.
+ */
+export interface DistributionLock {
+  schemaVersion: 1;
+  distributionId: string;
+  biomes: readonly LockedBiome[];
+  /** ISO-8601 timestamp the resolver stamped (tooling-supplied). */
+  resolvedAt?: string;
+  /** Hash of the resolver inputs (manifest + index) for drift detection. */
+  inputHash?: string;
+}
+
+export const DistributionLockSchema = z.object({
+  schemaVersion: z.literal(1),
+  distributionId: z.string().min(1),
+  biomes: z.array(LockedBiomeSchema).readonly(),
+  resolvedAt: z.string().min(1).optional(),
+  inputHash: z.string().min(1).optional(),
+}) as z.ZodType<DistributionLock>;
+
+/**
+ * Parse + validate a raw `distribution.lock.json`. Fail-fast on any shape error
+ * — the lockfile is the hard boundary every consumer reads, so a malformed lock
+ * must never be silently tolerated.
+ */
+export function parseDistributionLock(raw: unknown): DistributionLock {
+  const result = DistributionLockSchema.safeParse(raw);
+  if (!result.success) {
+    throw new Error(
+      `Invalid distribution.lock.json: ${result.error.issues
+        .map((i) => `[${i.path.join('.')}] ${i.message}`)
+        .join('; ')}`,
+    );
+  }
+  return result.data;
+}