@xemahq/kernel-contracts 0.22.2 → 0.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (164) hide show
  1. package/dist/agent-workspace/awp-spec.json +0 -1
  2. package/dist/agent-workspace/lib/workspace-layout.d.ts.map +1 -1
  3. package/dist/agent-workspace/lib/workspace-layout.js.map +1 -1
  4. package/dist/biome/lib/biome-manifest.d.ts +0 -8
  5. package/dist/biome/lib/biome-manifest.d.ts.map +1 -1
  6. package/dist/biome/lib/biome-manifest.js +4 -50
  7. package/dist/biome/lib/biome-manifest.js.map +1 -1
  8. package/dist/capability/lib/errors.d.ts.map +1 -1
  9. package/dist/capability/lib/errors.js.map +1 -1
  10. package/dist/capability/lib/meta-tool.d.ts.map +1 -1
  11. package/dist/capability/lib/meta-tool.js.map +1 -1
  12. package/dist/connector/index.d.ts +2 -0
  13. package/dist/connector/index.d.ts.map +1 -1
  14. package/dist/connector/index.js +2 -0
  15. package/dist/connector/index.js.map +1 -1
  16. package/dist/connector/lib/connector-descriptor.d.ts +13 -0
  17. package/dist/connector/lib/connector-descriptor.d.ts.map +1 -0
  18. package/dist/connector/lib/connector-descriptor.js +3 -0
  19. package/dist/connector/lib/connector-descriptor.js.map +1 -0
  20. package/dist/connector/lib/credential-kind.d.ts.map +1 -1
  21. package/dist/connector/lib/credential-kind.js.map +1 -1
  22. package/dist/connector/lib/filter-expr.js +6 -0
  23. package/dist/connector/lib/filter-expr.js.map +1 -1
  24. package/dist/connector/lib/provider-descriptor.d.ts +37 -0
  25. package/dist/connector/lib/provider-descriptor.d.ts.map +1 -0
  26. package/dist/connector/lib/provider-descriptor.js +26 -0
  27. package/dist/connector/lib/provider-descriptor.js.map +1 -0
  28. package/dist/contribution/lib/contribution-kind.d.ts.map +1 -1
  29. package/dist/contribution/lib/contribution-kind.js.map +1 -1
  30. package/dist/contribution/lib/contribution-source.d.ts.map +1 -1
  31. package/dist/contribution/lib/contribution-source.js.map +1 -1
  32. package/dist/contribution/lib/contribution.d.ts.map +1 -1
  33. package/dist/contribution/lib/contribution.js.map +1 -1
  34. package/dist/document-render/lib/render-enums.d.ts.map +1 -1
  35. package/dist/document-render/lib/render-enums.js.map +1 -1
  36. package/dist/execution-context/lib/execution-context.d.ts.map +1 -1
  37. package/dist/execution-context/lib/execution-context.js.map +1 -1
  38. package/dist/execution-environment/lib/built-in-environments.d.ts.map +1 -1
  39. package/dist/execution-environment/lib/built-in-environments.js.map +1 -1
  40. package/dist/execution-environment/lib/execution-environment.d.ts.map +1 -1
  41. package/dist/execution-environment/lib/execution-environment.js +1 -1
  42. package/dist/execution-environment/lib/execution-environment.js.map +1 -1
  43. package/dist/inquiry/index.d.ts.map +1 -1
  44. package/dist/inquiry/index.js.map +1 -1
  45. package/dist/object/lib/object-lifecycle.d.ts.map +1 -1
  46. package/dist/object/lib/object-lifecycle.js.map +1 -1
  47. package/dist/policy/lib/obligations.d.ts.map +1 -1
  48. package/dist/policy/lib/obligations.js.map +1 -1
  49. package/dist/policy/lib/policy.d.ts +2 -1
  50. package/dist/policy/lib/policy.d.ts.map +1 -1
  51. package/dist/policy/lib/policy.js +1 -0
  52. package/dist/policy/lib/policy.js.map +1 -1
  53. package/dist/runner/lib/runner-registration.d.ts.map +1 -1
  54. package/dist/runner/lib/runner-registration.js.map +1 -1
  55. package/dist/service-registry/lib/service-names.generated.d.ts.map +1 -1
  56. package/dist/service-registry/lib/service-names.generated.js.map +1 -1
  57. package/dist/space/lib/space.d.ts.map +1 -1
  58. package/dist/space/lib/space.js.map +1 -1
  59. package/dist/workflow/index.d.ts.map +1 -1
  60. package/dist/workflow/index.js.map +1 -1
  61. package/dist/workflow/lib/activity-outputs.d.ts.map +1 -1
  62. package/package.json +28 -19
  63. package/src/agent-composition/lib/agent-workspace-config.ts +3 -3
  64. package/src/agent-composition/lib/capability-layer.ts +2 -2
  65. package/src/agent-composition/lib/intrinsic-floor.ts +1 -1
  66. package/src/agent-session/lib/participant.ts +1 -1
  67. package/src/agent-workspace/lib/context-json.ts +1 -1
  68. package/src/agent-workspace/lib/mount-apply.ts +2 -2
  69. package/src/agent-workspace/lib/workspace-layout.ts +2 -4
  70. package/src/app-runtime/lib/app-client.ts +1 -1
  71. package/src/app-runtime/lib/app-lockfile.ts +2 -2
  72. package/src/app-runtime/lib/app.ts +4 -4
  73. package/src/app-runtime/lib/audience-policy.ts +2 -2
  74. package/src/app-runtime/lib/biome-install.ts +3 -3
  75. package/src/app-runtime/lib/branding-config.ts +1 -1
  76. package/src/app-runtime/lib/delegated-session.ts +1 -1
  77. package/src/app-runtime/lib/external-subject.ts +1 -1
  78. package/src/biome/lib/biome-capability-refs.ts +3 -3
  79. package/src/biome/lib/biome-engines.ts +2 -2
  80. package/src/biome/lib/biome-lifecycle-hooks.ts +1 -1
  81. package/src/biome/lib/biome-lifecycle.ts +3 -3
  82. package/src/biome/lib/biome-manifest.ts +68 -122
  83. package/src/biome/lib/biome-permissions.ts +2 -2
  84. package/src/biome/lib/biome-scope.ts +2 -2
  85. package/src/biome/lib/biome-trust-tier.ts +1 -1
  86. package/src/biome/lib/trust-tier-policies.ts +2 -2
  87. package/src/biome-availability/lib/biome-availability.ts +1 -1
  88. package/src/capability/lib/capability-contribution.ts +3 -3
  89. package/src/capability/lib/capability-grant.ts +5 -5
  90. package/src/capability/lib/capability-policy.ts +2 -2
  91. package/src/capability/lib/capability-ref.ts +4 -4
  92. package/src/capability/lib/errors.ts +4 -10
  93. package/src/capability/lib/meta-tool.ts +2 -5
  94. package/src/capability/lib/permission-profile.ts +7 -7
  95. package/src/capability/lib/shell-command-descriptor.ts +3 -3
  96. package/src/connector/index.ts +2 -0
  97. package/src/connector/lib/adapter-kind.ts +1 -1
  98. package/src/connector/lib/capability-refs.ts +1 -1
  99. package/src/connector/lib/connector-descriptor.ts +67 -0
  100. package/src/connector/lib/credential-kind.ts +3 -4
  101. package/src/connector/lib/envelope-schema.ts +2 -2
  102. package/src/connector/lib/filter-expr-validate.ts +1 -1
  103. package/src/connector/lib/filter-expr.ts +8 -0
  104. package/src/connector/lib/provider-descriptor.ts +181 -0
  105. package/src/contribution/lib/contribution-kind.ts +11 -12
  106. package/src/contribution/lib/contribution-source.ts +1 -2
  107. package/src/contribution/lib/contribution.ts +3 -6
  108. package/src/document-render/lib/render-enums.ts +1 -2
  109. package/src/execution-context/lib/caller.ts +2 -2
  110. package/src/execution-context/lib/execution-context.ts +12 -18
  111. package/src/execution-environment/lib/approval-rule.ts +2 -2
  112. package/src/execution-environment/lib/built-in-environments.ts +9 -11
  113. package/src/execution-environment/lib/execution-environment.ts +25 -26
  114. package/src/inquiry/index.ts +1 -2
  115. package/src/invocation/lib/invocation-mode.ts +1 -1
  116. package/src/invocation/lib/invocation-record.ts +1 -1
  117. package/src/invocation/lib/isolation-level.ts +1 -1
  118. package/src/kernel-state/lib/adapter-kind.ts +3 -3
  119. package/src/kernel-state/lib/kernel-state.ts +1 -1
  120. package/src/kernel-state/lib/key-grammar.ts +1 -1
  121. package/src/mcp-tool/lib/tool-selection.ts +1 -1
  122. package/src/object/lib/object-lifecycle.ts +1 -2
  123. package/src/object/lib/xema-object-kind.ts +1 -1
  124. package/src/object/lib/xema-object-ref.ts +2 -2
  125. package/src/org-database/lib/db-result-event.ts +3 -3
  126. package/src/policy/lib/obligations.ts +5 -6
  127. package/src/policy/lib/policy.ts +17 -8
  128. package/src/policy/lib/route-hints.ts +1 -1
  129. package/src/provisioning/index.ts +1 -1
  130. package/src/provisioning/lib/provisioning.ts +4 -4
  131. package/src/resource/lib/resource-ownership-contribution.ts +2 -2
  132. package/src/runner/lib/dispatch.ts +5 -5
  133. package/src/runner/lib/job-token.ts +2 -2
  134. package/src/runner/lib/runner-attestation.ts +2 -2
  135. package/src/runner/lib/runner-job.ts +2 -2
  136. package/src/runner/lib/runner-mode.ts +1 -1
  137. package/src/runner/lib/runner-plane.ts +2 -2
  138. package/src/runner/lib/runner-registration.ts +9 -10
  139. package/src/runner/lib/runner.ts +7 -7
  140. package/src/runner-input-hash/lib/input-hash.ts +2 -2
  141. package/src/service-registry/lib/service-descriptor.ts +1 -1
  142. package/src/service-registry/lib/service-names.generated.ts +1 -3
  143. package/src/space/lib/space-ref-parser.ts +1 -1
  144. package/src/space/lib/space.ts +4 -5
  145. package/src/widget/lib/chat-widget-envelope.ts +1 -1
  146. package/src/worker-runtime/lib/capabilities.ts +1 -1
  147. package/src/workflow/index.ts +2 -3
  148. package/src/workflow/lib/activity-outputs.ts +3 -4
  149. package/src/workflow/lib/agent-role.ts +5 -5
  150. package/src/workflow/lib/artifact-ref.ts +1 -1
  151. package/src/workflow/lib/compiled-run.ts +2 -2
  152. package/src/workflow/lib/compiled-workspace-manifest.ts +2 -2
  153. package/src/workflow/lib/enums.ts +4 -4
  154. package/src/workflow/lib/errors.ts +1 -1
  155. package/src/workflow/lib/model-ref.ts +1 -1
  156. package/src/workflow/lib/mount-plan.ts +1 -1
  157. package/src/workflow/lib/platform-task-queue.ts +3 -3
  158. package/src/workflow/lib/role-capability.ts +1 -1
  159. package/src/workflow/lib/run-progress.ts +2 -2
  160. package/src/workflow/lib/trigger-payload.ts +2 -2
  161. package/src/workflow/lib/variable-requirement.ts +1 -1
  162. package/src/workflow/lib/workspace-manifest-enums.ts +1 -1
  163. package/src/workspace-storage/lib/types.ts +1 -1
  164. package/LICENSE +0 -176
@@ -5,7 +5,7 @@ import { CapabilityRefSchema, type CapabilityRef } from './capability-ref';
5
5
  * Stub for a JSON Schema reference. Modelled as `{ $ref: string }` so
6
6
  * downstream services (notably `xema-shell-api`) can plug in their richer
7
7
  * `JsonSchemaRef` shape without the kernel having to know about JSON Schema
8
- * machinery. Phase-1A intentional scope limit.
8
+ * machinery. An intentional scope limit.
9
9
  */
10
10
  export interface JsonSchemaRefStub {
11
11
  $ref: string;
@@ -16,7 +16,7 @@ export const JsonSchemaRefStubSchema = z.object({
16
16
  }) as z.ZodType<JsonSchemaRefStub>;
17
17
 
18
18
  /**
19
- * `ShellCommandDescriptor` — plan §31.5. Single source of truth for human
19
+ * `ShellCommandDescriptor` — single source of truth for human
20
20
  * help (`xema help <cmd>`), agent help (the `xema-shell:run@1` self-describe
21
21
  * surface), and the host UI's command palette.
22
22
  *
@@ -28,7 +28,7 @@ export const JsonSchemaRefStubSchema = z.object({
28
28
  * depend on `@xemahq/xema-object-contracts`, which would form a kernel cycle
29
29
  * if `xema-object-contracts` ever needed a `CapabilityRef`.
30
30
  *
31
- * `safeForAgents` is enforced by `xema-capability-router` per §31.7 — the
31
+ * `safeForAgents` is enforced by `xema-capability-router` — the
32
32
  * descriptor is the source of truth; the gateway never relaxes it.
33
33
  */
34
34
  export interface ShellCommandDescriptor {
@@ -2,6 +2,8 @@ export * from './lib/adapter-kind';
2
2
  export * from './lib/capability';
3
3
  export * from './lib/credential-kind';
4
4
  export * from './lib/onboarding-manifest';
5
+ export * from './lib/provider-descriptor';
6
+ export * from './lib/connector-descriptor';
5
7
  export * from './lib/envelope-schema';
6
8
  export * from './lib/filter-expr';
7
9
  export * from './lib/filter-expr-schema';
@@ -9,7 +9,7 @@
9
9
  *
10
10
  * The set is *built-in-closed but biome-extensible*: biomes may
11
11
  * contribute additional kinds via the future `AdapterContribution`
12
- * registry (Phase 7). The closed enum below names only the kinds the
12
+ * registry. The closed enum below names only the kinds the
13
13
  * platform ships out-of-the-box. Anything outside this list MUST be
14
14
  * either a built-in plus a biome contribution, or routed through an
15
15
  * opaque `AdapterKindRef` string captured below.
@@ -6,7 +6,7 @@
6
6
  // contracts`); they version like syscalls (`@1`, `@2`, ...) and the runtime
7
7
  // MUST refuse to dispatch a major version it has not registered.
8
8
  //
9
- // Source of truth: plan §17.2-B item 2. This file is the registry seed; the
9
+ // This file is the registry seed; the
10
10
  // `connector-gateway-api` capability dispatcher MAY consume it directly for
11
11
  // `name`-side validation.
12
12
  // ═══════════════════════════════════════════════════════════════════════════
@@ -0,0 +1,67 @@
1
+ /**
2
+ * ─────────────────────────────────────────────────────────────────────────
3
+ * Connector descriptor — a capability surface authenticated by ONE provider
4
+ *
5
+ * A **Connector** is what a user actually connects: Gmail, Google Drive,
6
+ * generic IMAP, generic SMTP, a GitHub SCM connector. Every connector names
7
+ * the **Provider** it authenticates against (`providerKey`) and the incremental
8
+ * OAuth `scopes` it needs from that provider. The catalog groups connectors by
9
+ * provider so ONE app credential (per `ProviderDescriptor`) backs many
10
+ * connectors.
11
+ *
12
+ * This descriptor is the connector-registry face of an
13
+ * `IntegrationProviderModule`: the module carries the executable
14
+ * webhook/action/resource handlers; this descriptor carries the
15
+ * *catalog + connect* metadata the framework needs
16
+ * to render the provider-grouped catalog, drive consent with the right scopes,
17
+ * and resolve the right per-connection credential kind.
18
+ * ─────────────────────────────────────────────────────────────────────────
19
+ */
20
+
21
+ import type { AdapterKindRef } from './adapter-kind';
22
+ import type { CredentialKind } from './credential-kind';
23
+
24
+ /**
25
+ * A connector in the catalog. `connectorKey` aligns with the persisted
26
+ * `ConnectorKind` wire value (e.g. `GMAIL`, `IMAP_GENERIC`, `SMTP_GENERIC`)
27
+ * but is typed as a string here to keep the kernel `connector` contract
28
+ * package free of the persisted `ConnectorKind` enum (which lives in
29
+ * platform-common's integration-webhooks); the connector-gateway maps the two.
30
+ */
31
+ export interface ConnectorDescriptor {
32
+ /** Stable connector key — aligns with the persisted `ConnectorKind`. */
33
+ readonly connectorKey: string;
34
+ /** Human-readable name — `Gmail`, `Generic IMAP`. */
35
+ readonly displayName: string;
36
+ /** One-sentence description shown on the connector row. */
37
+ readonly description: string;
38
+ /** Lucide-react icon name; may differ from the provider's icon. */
39
+ readonly iconName: string;
40
+
41
+ /** The provider (authenticating authority) this connector belongs to. */
42
+ readonly providerKey: string;
43
+
44
+ /**
45
+ * Incremental OAuth scopes this connector requests from its provider. Empty
46
+ * for connectors whose provider `appAuthKind` is `None` (IMAP/SMTP). When a
47
+ * second connector of the same OAuth provider is connected, the consent
48
+ * driver requests the UNION of already-granted + these scopes (incremental
49
+ * consent) so one app credential accrues capability without re-consent for
50
+ * scopes already held.
51
+ */
52
+ readonly scopes: readonly string[];
53
+
54
+ /**
55
+ * How an individual connection to THIS connector authenticates at runtime
56
+ * (the per-connection wallet/token). `oauth_user` for OAuth connectors,
57
+ * `imap_auth` / `smtp_auth` for the mail wallets, `pat` / `api_key`, …
58
+ */
59
+ readonly connectionCredentialKind: CredentialKind;
60
+
61
+ /**
62
+ * The adapter category this connector plugs into (`mail`, `scm`, …). Drives
63
+ * where normalized inbound envelopes are forwarded and which project-binding
64
+ * surface the connector appears under.
65
+ */
66
+ readonly adapterKind: AdapterKindRef;
67
+ }
@@ -1,11 +1,10 @@
1
1
  /**
2
2
  * Closed enum of credential strategies the platform knows how to mint,
3
- * cache, refresh and revoke. Biomes contributing new providers (Phase
4
- * 7) MUST declare one of these — they never ship custom mint code.
3
+ * cache, refresh and revoke. Biomes contributing new providers MUST
4
+ * declare one of these — they never ship custom mint code.
5
5
  *
6
6
  * Adding a kind here is a one-line schema change plus a matching
7
- * strategy implementation under
8
- * `apps/integration-adapters-api/src/credentials/strategies/<kind>/`.
7
+ * strategy implementation for that kind.
9
8
  */
10
9
  export enum CredentialKind {
11
10
  /** GitHub App / GitLab App style installation token (per-installation, 1h). */
@@ -11,7 +11,7 @@ import { BuiltInAdapterKind, type AdapterKindRef } from './adapter-kind';
11
11
  * evaluating to `false` at dispatch.
12
12
  *
13
13
  * The map is keyed by `(adapterKind, entityKind)`. When a webhook
14
- * filter declares its target `entityKind` (Phase 7 manifest field),
14
+ * filter declares its target `entityKind` (a manifest field),
15
15
  * the cross-validator narrows path checking to that entry. Filters
16
16
  * that omit `entityKind` fall back to the `UNION_ENTITY_KIND` entry,
17
17
  * which collects every path across the adapter's entity kinds — over-
@@ -167,7 +167,7 @@ registerEnvelopeSchema(BuiltInAdapterKind.Documentation, {
167
167
 
168
168
  /**
169
169
  * Register the per-entityKind permitted `$envelope.*` paths for a
170
- * biome-contributed AdapterKind (Phase 7). Built-in kinds are pre-
170
+ * biome-contributed AdapterKind. Built-in kinds are pre-
171
171
  * registered above. Re-registering an existing kind REPLACES its
172
172
  * entry set — `integration-adapters-api`'s registry is the authority,
173
173
  * so biome upgrades surface here.
@@ -56,7 +56,7 @@ export interface FilterExprPathIssue {
56
56
  * Statically validate that every `$envelope.*` path the predicate
57
57
  * references is permitted by the canonical envelope schema for
58
58
  * `(adapterKind, entityKind)`. `$selector` paths are NOT validated
59
- * here — selectors are opaque-by-design (Phase 3 lock-in): their
59
+ * here — selectors are opaque-by-design: their
60
60
  * shape is governed by the biome's install JSON Schema, not by a
61
61
  * kernel-level path map.
62
62
  *
@@ -184,6 +184,8 @@ function scalarEqual(a: unknown, b: unknown): boolean {
184
184
  */
185
185
  const REGEX_CACHE = new Map<string, RegExp>();
186
186
  const REGEX_MAX_LEN = 256;
187
+ /** Cap on distinct compiled patterns retained, to bound memory in a long-lived process. */
188
+ const REGEX_CACHE_MAX = 1_000;
187
189
 
188
190
  function compileRegex(pattern: string): RegExp {
189
191
  const cached = REGEX_CACHE.get(pattern);
@@ -198,6 +200,12 @@ function compileRegex(pattern: string): RegExp {
198
200
  }
199
201
  try {
200
202
  const re = new RegExp(pattern);
203
+ // Evict the oldest entry (Map preserves insertion order) once the cache is
204
+ // full, so an unbounded stream of distinct patterns cannot grow it forever.
205
+ if (REGEX_CACHE.size >= REGEX_CACHE_MAX) {
206
+ const oldest = REGEX_CACHE.keys().next().value;
207
+ if (oldest !== undefined) REGEX_CACHE.delete(oldest);
208
+ }
201
209
  REGEX_CACHE.set(pattern, re);
202
210
  return re;
203
211
  } catch (cause) {
@@ -0,0 +1,181 @@
1
+ /**
2
+ * ─────────────────────────────────────────────────────────────────────────
3
+ * Provider descriptor — the authenticating authority ("app") behind N connectors
4
+ *
5
+ * A **Provider** is the identity/authority a set of connectors authenticates
6
+ * against — e.g. `google`, `microsoft`, `github`, `slack`, `smtp`, `imap`.
7
+ * ONE provider owns ONE **app credential** (a Google Cloud OAuth client, a
8
+ * GitHub App private key, …) and fans out to MANY **connectors** (Gmail,
9
+ * Google Drive, Google Calendar …), each of which reuses that single app
10
+ * credential with its own incremental scopes.
11
+ *
12
+ * This is the "Google is a world" fix: the catalog lists connectors grouped
13
+ * under one provider card; the app credential is provided once (by a platform
14
+ * admin, or overridden per-org as BYO) and every connector under the provider
15
+ * reuses it. Adding a new Google service later is a new *connector* with new
16
+ * scopes — never a new credential and never a framework change.
17
+ *
18
+ * The descriptor is a **runtime contract** describing how a provider's app
19
+ * credential is obtained and where it lives. Actual secret VALUES are never
20
+ * carried here — only the SCHEMA of what an admin must supply
21
+ * (`appCredentialSchema`) and non-secret OAuth endpoint metadata. Secrets are
22
+ * held by the credential broker + custody, referenced by env-var name or
23
+ * custody ref, never inlined.
24
+ * ─────────────────────────────────────────────────────────────────────────
25
+ */
26
+
27
+ import type { CredentialFieldSpec } from './onboarding-manifest';
28
+
29
+ /**
30
+ * How a provider's APP-level credential authenticates. This is distinct from
31
+ * a *connector's* per-connection `CredentialKind` (how an individual user/
32
+ * mailbox connection authenticates) — it describes the shared "app" that the
33
+ * platform/org registers once.
34
+ */
35
+ export enum ProviderAppAuthKind {
36
+ /**
37
+ * 3-legged OAuth: the app is a registered OAuth client (clientId/secret).
38
+ * Connecting a connector runs an authorization-code consent redirect using
39
+ * the app credential + the connector's scopes. e.g. Google, Microsoft,
40
+ * Slack.
41
+ */
42
+ OAuth2 = 'oauth2',
43
+ /**
44
+ * App-installation flow (GitHub App / GitLab App / Atlassian Connect): the
45
+ * app authenticates via an app id + private key and the user installs it
46
+ * onto their account/org. e.g. GitHub.
47
+ */
48
+ AppInstall = 'app_install',
49
+ /**
50
+ * No shared app credential at all — every connection carries its own
51
+ * complete secret (a mailbox host+user+password, a raw API key). The
52
+ * connector is connectable with NO platform/org setup. e.g. generic SMTP,
53
+ * generic IMAP.
54
+ */
55
+ None = 'none',
56
+ }
57
+
58
+ /**
59
+ * Who shipped a provider. Determines WHICH admin fulfils its app-credential
60
+ * requirement and at which scope the requirement is registered.
61
+ *
62
+ * - `kernel` — a first-party provider baked into the platform.
63
+ * - `platform` — shipped by a platform (Layer-2) service/biome installed
64
+ * platform-wide; platform admin fulfils it.
65
+ * - `biome` — introduced by a biome. When that biome is installed at ORG
66
+ * scope, the requirement is org-scoped (the org admin BYO-fills
67
+ * it) because the platform never shipped the provider.
68
+ */
69
+ export enum ProviderOrigin {
70
+ Kernel = 'kernel',
71
+ Platform = 'platform',
72
+ Biome = 'biome',
73
+ }
74
+
75
+ /**
76
+ * The two scopes at which a provider's APP credential can be provisioned.
77
+ * Deliberately a SEPARATE, minimal enum from the 5-tier ownership
78
+ * `ScopeSource` and from the credential-broker's per-connection
79
+ * `CredentialScopeTier` — app-credential provisioning is a strict 2-tier
80
+ * concern: a platform-wide default that an org may override.
81
+ *
82
+ * Resolution precedence (narrowest wins):
83
+ *
84
+ * Org (BYO) > Platform (default) > [legacy env-var fallback] > unset
85
+ *
86
+ * An unset REQUIRED app credential is surfaced to the correct admin and the
87
+ * connector reports "needs setup" — it never silently falls through to an
88
+ * unauthenticated request.
89
+ */
90
+ export enum ProviderCredentialScope {
91
+ Platform = 'platform',
92
+ Org = 'org',
93
+ }
94
+
95
+ /** Precedence order for app-credential resolution — index 0 wins. */
96
+ export const PROVIDER_CREDENTIAL_SCOPE_ORDER: readonly ProviderCredentialScope[] =
97
+ [ProviderCredentialScope.Org, ProviderCredentialScope.Platform];
98
+
99
+ /**
100
+ * Non-secret OAuth endpoint metadata for a `ProviderAppAuthKind.OAuth2`
101
+ * provider. Client id/secret are NOT here — they are the app credential,
102
+ * resolved from a provision (or the legacy env fallback) at consent time.
103
+ */
104
+ export interface ProviderOAuthEndpoints {
105
+ /** Authorization-code consent endpoint (where the user is redirected). */
106
+ readonly authorizationUrl: string;
107
+ /** Token-exchange endpoint (code→token, refresh-token rotation). */
108
+ readonly tokenUrl: string;
109
+ /**
110
+ * Extra authorize-request params a provider needs to actually mint a
111
+ * refresh token / do incremental consent. Non-secret. e.g. Google needs
112
+ * `{ access_type: 'offline', include_granted_scopes: 'true', prompt:
113
+ * 'consent' }`. Kept explicit rather than hardcoded in the driver so a new
114
+ * OAuth provider is pure data.
115
+ */
116
+ readonly extraAuthorizeParams?: Readonly<Record<string, string>>;
117
+ /**
118
+ * Legacy env-var NAMES the OAuth driver falls back to for the app
119
+ * client id / secret when no provision exists yet (bootstrap before the
120
+ * platform-admin UI is used). Never the secret itself. Optional — a
121
+ * provider with no env fallback simply reports "needs setup" until an
122
+ * admin provisions it.
123
+ */
124
+ readonly clientIdEnvVar?: string;
125
+ readonly clientSecretEnvVar?: string;
126
+ }
127
+
128
+ /**
129
+ * A first-class Provider (authenticating authority). Registered in the
130
+ * provider registry alongside — but distinct from — the connectors that
131
+ * reference it via `Connector.providerKey`.
132
+ */
133
+ export interface ProviderDescriptor {
134
+ /** Stable lowercase slug — `google`, `microsoft`, `github`, `smtp`. */
135
+ readonly providerKey: string;
136
+ /** Human-readable name — `Google`, `Microsoft`, `Generic SMTP`. */
137
+ readonly displayName: string;
138
+ /** One-sentence description shown on the provider card. */
139
+ readonly description: string;
140
+ /** Lucide-react icon name; frontend maps to a component. */
141
+ readonly iconName: string;
142
+ /** Catalog grouping label (e.g. `Email`, `Source control`, `Chat`). */
143
+ readonly category: string;
144
+
145
+ /** How the shared app credential authenticates. */
146
+ readonly appAuthKind: ProviderAppAuthKind;
147
+ /** Who shipped the provider — drives requirement scope + which admin fills. */
148
+ readonly origin: ProviderOrigin;
149
+
150
+ /**
151
+ * Schema of the app-credential fields an admin must supply to register the
152
+ * app (Google → clientId/clientSecret[/pubsubTopic]; GitHub App → appId/
153
+ * privateKey/webhookSecret). Empty/omitted when `appAuthKind = None`
154
+ * (nothing to provision — the connector is immediately connectable).
155
+ */
156
+ readonly appCredentialSchema?: readonly CredentialFieldSpec[];
157
+
158
+ /**
159
+ * OAuth endpoint metadata — REQUIRED when `appAuthKind = OAuth2`, absent
160
+ * otherwise.
161
+ */
162
+ readonly oauthEndpoints?: ProviderOAuthEndpoints;
163
+
164
+ /**
165
+ * Whether an org may override the platform-default app credential with its
166
+ * own (BYO app). `false` pins the provider to the platform provision only.
167
+ * Ignored when `appAuthKind = None` (there is no shared app to override).
168
+ */
169
+ readonly allowOrgOverride: boolean;
170
+ }
171
+
172
+ /**
173
+ * True when a provider needs an app credential provisioned before any of its
174
+ * connectors can be connected (i.e. anything other than `None`). Callers use
175
+ * this to decide whether to surface a "needs setup" state and to whom.
176
+ */
177
+ export function providerRequiresAppCredential(
178
+ provider: Pick<ProviderDescriptor, 'appAuthKind'>,
179
+ ): boolean {
180
+ return provider.appAuthKind !== ProviderAppAuthKind.None;
181
+ }
@@ -5,16 +5,15 @@ import { z } from 'zod';
5
5
  * (biome) may contribute to the Xema OS through the Contribution Protocol
6
6
  * (XSI plane 2). Extending it is a one-line PR to the kernel.
7
7
  *
8
- * The seed set is documented in the Xema OS plan-of-record §12.1. Each
9
- * additional value below the v1 seed (e.g. `ShellCommand`, `DoctorCheck`) is
10
- * pulled from a specific section of the same plan and is cited inline.
8
+ * The v1 seed set is grouped first below. Each additional value beyond the
9
+ * v1 seed (e.g. `ShellCommand`, `DoctorCheck`) extends the closed enum.
11
10
  *
12
11
  * Enum string values match the slug spoken by the rest of the protocol
13
12
  * (Capability References, manifest declarations) so that round-tripping
14
13
  * between the enum and the wire is lossless.
15
14
  */
16
15
  export enum ContributionKind {
17
- // -- v1 seed (plan §12.1) -------------------------------------------------
16
+ // -- v1 seed ---------------------------------------------------------------
18
17
  ConnectorBinding = 'connector-binding',
19
18
  MountSource = 'mount-source',
20
19
  McpTool = 'mcp-tool',
@@ -29,13 +28,13 @@ export enum ContributionKind {
29
28
  ModelResolutionDimension = 'model-resolution-dimension',
30
29
  WidgetKind = 'widget-kind',
31
30
 
32
- // -- Xema Shell additions (plan §31.5 / §31.9) ---------------------------
33
- /** A command descriptor contributed to the Xema Shell. Plan §31.5. */
31
+ // -- Xema Shell additions --------------------------------------------------
32
+ /** A command descriptor contributed to the Xema Shell. */
34
33
  ShellCommand = 'shell-command',
35
- /** A `xema doctor` health check contributed by a biome. Plan §31.9. */
34
+ /** A `xema doctor` health check contributed by a biome. */
36
35
  DoctorCheck = 'doctor-check',
37
36
 
38
- // -- Registry gaps closed (plan §17.12) ----------------------------------
37
+ // -- Registry gaps closed --------------------------------------------------
39
38
  /**
40
39
  * An artifact type contributed by a biome to the artifact-store schema-
41
40
  * version registry (`ArtifactTypeRegistryService`). The registry adapter
@@ -49,8 +48,8 @@ export enum ContributionKind {
49
48
  */
50
49
  InquiryKind = 'inquiry-kind',
51
50
 
52
- // -- Phase C absorption (plan §6 C.2) ------------------------------------
53
- // The Phase-C "Contribution Protocol" rollup is the single source of
51
+ // -- Contribution-absorption additions -------------------------------------
52
+ // The "Contribution Protocol" rollup is the single source of
54
53
  // truth for every kind of contribution a biome can ship. A biome's
55
54
  // `contributions/` directory replaces the legacy `content/` + `modules/`
56
55
  // seeders. Per-kind handlers are wired through
@@ -105,7 +104,7 @@ export enum ContributionKind {
105
104
  /** A runtime-mount kind module contributed by a biome. */
106
105
  RuntimeMountKind = 'runtime-mount-kind',
107
106
 
108
- // -- Phase H#2: capability self-registration (plan §6.H) -----------------
107
+ // -- Capability self-registration ------------------------------------------
109
108
  /**
110
109
  * A `CapabilityRef` descriptor contributed by a biome — title, summary,
111
110
  * I/O schemas, risk tier, and approval flag. The boot-time codemod
@@ -122,7 +121,7 @@ export enum ContributionKind {
122
121
  */
123
122
  Capability = 'capability',
124
123
 
125
- // -- Phase 5: resource-ownership self-registration -----------------------
124
+ // -- Resource-ownership self-registration ----------------------------------
126
125
  /**
127
126
  * A resource-instance ownership/visibility declaration contributed by a
128
127
  * biome — `resourceType` + `resourceId` + a `ResourceVisibilityPattern` +
@@ -2,8 +2,7 @@ import { z } from 'zod';
2
2
 
3
3
  /**
4
4
  * `ContributionSource` is the 5-tier scope at which a Contribution lives.
5
- * Value-identical to `SkillSpace` and `AgentSpace` (see
6
- * `.claude/rules/skills-and-composition.md`) — the three enums share ONE
5
+ * Value-identical to `SkillSpace` and `AgentSpace` — the three enums share ONE
7
6
  * ownership / scope model and must not drift.
8
7
  *
9
8
  * Precedence — **most specific wins**:
@@ -109,8 +109,6 @@ export const ContributionVersionSchema = z
109
109
  * regardless of `kind`, carries this shape. Kind-specific contracts packages
110
110
  * own their own `TManifest` Zod schemas and feed them to
111
111
  * `contributionEnvelopeSchema` to get a fully-typed runtime validator.
112
- *
113
- * See plan-of-record §12.2 for the prose definition.
114
112
  */
115
113
  export interface Contribution<
116
114
  TKind extends ContributionKind,
@@ -175,11 +173,10 @@ export interface ContributionIngestContext {
175
173
  }
176
174
 
177
175
  /**
178
- * Per-kind ingestion handler. Phase C of the Xema OS plan replaces 14 hand-
176
+ * Per-kind ingestion handler. The Contribution Protocol replaces 14 hand-
179
177
  * rolled `Bootstrap*Service` seeders with a single generic
180
- * `BootstrapContributionsService<TKind, TManifest>` template (see plan §6
181
- * C.3) whose only per-kind specialisation is an implementation of this
182
- * interface.
178
+ * `BootstrapContributionsService<TKind, TManifest>` template whose only
179
+ * per-kind specialisation is an implementation of this interface.
183
180
  *
184
181
  * Implementations MUST:
185
182
  * - pin `kind` to the concrete `ContributionKind` they handle so the
@@ -1,7 +1,6 @@
1
1
  /**
2
2
  * Closed enums for the render service wire. Real TS enums (not
3
- * string-literal unions) so OpenAPI/Orval emit stable enum schemas — see
4
- * `docs/API_STANDARDS.md` and `.claude/rules/backend.md`.
3
+ * string-literal unions) so OpenAPI/Orval emit stable enum schemas.
5
4
  */
6
5
 
7
6
  /**
@@ -1,7 +1,7 @@
1
1
  import { z } from 'zod';
2
2
 
3
3
  /**
4
- * Closed caller-kind set (plan v4.3 §A.3).
4
+ * Closed caller-kind set.
5
5
  *
6
6
  * Distinguishes how the invocation entered the system — drives audit
7
7
  * shape, default obligations (e.g. `Web` callers default to `audit` +
@@ -21,7 +21,7 @@ export const CallerKindSchema = z.nativeEnum(CallerKind);
21
21
  /**
22
22
  * `Caller` — entry-point envelope captured on every invocation.
23
23
  *
24
- * v4.3 contract shape per plan §A.3:
24
+ * Contract shape:
25
25
  * { kind: CallerKind; appId?; sessionId?; ip?; userAgent? }
26
26
  *
27
27
  * `appId` and `sessionId` are populated when the caller is an embedded
@@ -30,8 +30,7 @@ import {
30
30
  } from './subject';
31
31
 
32
32
  /**
33
- * Closed biome trust-tier set referenced by `ExecutionContext.biome`
34
- * (plan v4.3 §A.3).
33
+ * Closed biome trust-tier set referenced by `ExecutionContext.biome`.
35
34
  *
36
35
  * Tier ordering goes Untrusted → Community → Verified → Official; OPA
37
36
  * policy bundles MAY gate a capability to a minimum tier, but the kernel
@@ -48,8 +47,8 @@ export enum BiomeTrustTier {
48
47
  export const BiomeTrustTierSchema = z.nativeEnum(BiomeTrustTier);
49
48
 
50
49
  /**
51
- * Biome attestation block carried on `ExecutionContext.biome` (plan
52
- * v4.3 §A.3). Set when the capability is provided by a biome (vs. an
50
+ * Biome attestation block carried on `ExecutionContext.biome`.
51
+ * Set when the capability is provided by a biome (vs. an
53
52
  * embedded built-in). `signatureVerified` is the Cosign verdict from the
54
53
  * biome-fetcher-api at install time.
55
54
  */
@@ -68,8 +67,7 @@ export const ExecutionContextBiomeSchema = z.object({
68
67
  }) as z.ZodType<ExecutionContextBiome>;
69
68
 
70
69
  /**
71
- * Environment block carried on `ExecutionContext.environment` (plan
72
- * v4.3 §A.3).
70
+ * Environment block carried on `ExecutionContext.environment`.
73
71
  *
74
72
  * `id` is the canonical `environment:<slug>` ref (string-typed here to
75
73
  * keep the envelope JSON-clean — the kernel-side reference type lives in the
@@ -89,8 +87,7 @@ export const ExecutionContextEnvironmentSchema = z.object({
89
87
  }) as z.ZodType<ExecutionContextEnvironment>;
90
88
 
91
89
  /**
92
- * Capability block carried on `ExecutionContext.capability` (plan
93
- * v4.3 §A.3).
90
+ * Capability block carried on `ExecutionContext.capability`.
94
91
  *
95
92
  * `ref` is the canonical capability reference (`<biome>:<verb>@<major>`).
96
93
  * `inputHash` is an optional SHA-256 fingerprint of the JSON-serialised
@@ -108,7 +105,7 @@ export const ExecutionContextCapabilitySchema = z.object({
108
105
  }) as z.ZodType<ExecutionContextCapability>;
109
106
 
110
107
  /**
111
- * Resource block carried on `ExecutionContext.resource` (plan v4.3 §A.3).
108
+ * Resource block carried on `ExecutionContext.resource`.
112
109
  *
113
110
  * Set when the invocation targets a specific persistent object (a
114
111
  * XemaObject, a document, an SCM file). `ref` is the resource reference
@@ -127,8 +124,7 @@ export const ExecutionContextResourceSchema = z.object({
127
124
  }) as z.ZodType<ExecutionContextResource>;
128
125
 
129
126
  /**
130
- * Constraints block carried on `ExecutionContext.constraints` (plan
131
- * v4.3 §A.3).
127
+ * Constraints block carried on `ExecutionContext.constraints`.
132
128
  *
133
129
  * Per-invocation caps + flags the gateway derives from the caller's
134
130
  * grant, the org's environment policy, and the capability's defaults.
@@ -155,14 +151,14 @@ export const ExecutionContextConstraintsSchema = z.object({
155
151
  }) as z.ZodType<ExecutionContextConstraints>;
156
152
 
157
153
  /**
158
- * `ExecutionContext` — the per-invocation envelope (plan v4.3 §A.3).
154
+ * `ExecutionContext` — the per-invocation envelope.
159
155
  *
160
- * Constructed by `biomes/xema-capability-router/api/xema-capability-router` at the gateway boundary,
156
+ * Constructed by the capability router at the gateway boundary,
161
157
  * passed verbatim to `authorization-api` for the policy check, and
162
158
  * forwarded to the dispatched runner. Audit, policy, and runner all
163
159
  * read the SAME shape — no parallel envelopes.
164
160
  *
165
- * Wave 4 (Phase A.5) wires this through `dispatch.service.ts`. This
161
+ * The dispatch pipeline wires this through at runtime. This
166
162
  * package is contract-only — no consumer rewiring lives here.
167
163
  */
168
164
  export interface ExecutionContext {
@@ -180,15 +176,13 @@ export interface ExecutionContext {
180
176
  /**
181
177
  * RFC 8693 delegation chain (`act`), outermost-acting-first. Built at the
182
178
  * gateway from `RequestContext.actorChain` and carried through policy → audit
183
- * → credential-broker. Empty/omitted for a non-delegated invocation
184
- * (plan §W4 / Pillar 3.2).
179
+ * → credential-broker. Empty/omitted for a non-delegated invocation.
185
180
  */
186
181
  actorChain?: ActingForRef[];
187
182
  /**
188
183
  * Opaque credential-binding id the PDP selected for this invocation
189
184
  * (`PolicyDecision.credentialBindingId`). When present, the executing
190
- * gateway/runner resolves it via the credential-broker. NEVER a secret
191
- * (plan §W4 / Pillar 3.2).
185
+ * gateway/runner resolves it via the credential-broker. NEVER a secret.
192
186
  */
193
187
  credentialBindingId?: string;
194
188
  /**
@@ -5,8 +5,8 @@ import {
5
5
  } from '../../capability';
6
6
 
7
7
  /**
8
- * Per-environment approval rule (plan §3.4 `ExecutionEnvironment.approvalRules[]`,
9
- * §30.7 Human-in-the-loop approval at runtime).
8
+ * Per-environment approval rule (`ExecutionEnvironment.approvalRules[]`):
9
+ * human-in-the-loop approval at runtime.
10
10
  *
11
11
  * When a runtime invocation matches a rule whose `capability` ref covers the
12
12
  * call, the gateway suspends the invocation, emits an `ApprovalRequested`