@xemahq/kernel-contracts 0.22.2 → 0.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent-workspace/awp-spec.json +0 -1
- package/dist/agent-workspace/lib/workspace-layout.d.ts.map +1 -1
- package/dist/agent-workspace/lib/workspace-layout.js.map +1 -1
- package/dist/biome/lib/biome-manifest.d.ts +0 -8
- package/dist/biome/lib/biome-manifest.d.ts.map +1 -1
- package/dist/biome/lib/biome-manifest.js +4 -50
- package/dist/biome/lib/biome-manifest.js.map +1 -1
- package/dist/capability/lib/errors.d.ts.map +1 -1
- package/dist/capability/lib/errors.js.map +1 -1
- package/dist/capability/lib/meta-tool.d.ts.map +1 -1
- package/dist/capability/lib/meta-tool.js.map +1 -1
- package/dist/connector/index.d.ts +2 -0
- package/dist/connector/index.d.ts.map +1 -1
- package/dist/connector/index.js +2 -0
- package/dist/connector/index.js.map +1 -1
- package/dist/connector/lib/connector-descriptor.d.ts +13 -0
- package/dist/connector/lib/connector-descriptor.d.ts.map +1 -0
- package/dist/connector/lib/connector-descriptor.js +3 -0
- package/dist/connector/lib/connector-descriptor.js.map +1 -0
- package/dist/connector/lib/credential-kind.d.ts.map +1 -1
- package/dist/connector/lib/credential-kind.js.map +1 -1
- package/dist/connector/lib/filter-expr.js +6 -0
- package/dist/connector/lib/filter-expr.js.map +1 -1
- package/dist/connector/lib/provider-descriptor.d.ts +37 -0
- package/dist/connector/lib/provider-descriptor.d.ts.map +1 -0
- package/dist/connector/lib/provider-descriptor.js +26 -0
- package/dist/connector/lib/provider-descriptor.js.map +1 -0
- package/dist/contribution/lib/contribution-kind.d.ts.map +1 -1
- package/dist/contribution/lib/contribution-kind.js.map +1 -1
- package/dist/contribution/lib/contribution-source.d.ts.map +1 -1
- package/dist/contribution/lib/contribution-source.js.map +1 -1
- package/dist/contribution/lib/contribution.d.ts.map +1 -1
- package/dist/contribution/lib/contribution.js.map +1 -1
- package/dist/document-render/lib/render-enums.d.ts.map +1 -1
- package/dist/document-render/lib/render-enums.js.map +1 -1
- package/dist/execution-context/lib/execution-context.d.ts.map +1 -1
- package/dist/execution-context/lib/execution-context.js.map +1 -1
- package/dist/execution-environment/lib/built-in-environments.d.ts.map +1 -1
- package/dist/execution-environment/lib/built-in-environments.js.map +1 -1
- package/dist/execution-environment/lib/execution-environment.d.ts.map +1 -1
- package/dist/execution-environment/lib/execution-environment.js +1 -1
- package/dist/execution-environment/lib/execution-environment.js.map +1 -1
- package/dist/inquiry/index.d.ts.map +1 -1
- package/dist/inquiry/index.js.map +1 -1
- package/dist/object/lib/object-lifecycle.d.ts.map +1 -1
- package/dist/object/lib/object-lifecycle.js.map +1 -1
- package/dist/policy/lib/obligations.d.ts.map +1 -1
- package/dist/policy/lib/obligations.js.map +1 -1
- package/dist/policy/lib/policy.d.ts +2 -1
- package/dist/policy/lib/policy.d.ts.map +1 -1
- package/dist/policy/lib/policy.js +1 -0
- package/dist/policy/lib/policy.js.map +1 -1
- package/dist/runner/lib/runner-registration.d.ts.map +1 -1
- package/dist/runner/lib/runner-registration.js.map +1 -1
- package/dist/service-registry/lib/service-names.generated.d.ts.map +1 -1
- package/dist/service-registry/lib/service-names.generated.js.map +1 -1
- package/dist/space/lib/space.d.ts.map +1 -1
- package/dist/space/lib/space.js.map +1 -1
- package/dist/workflow/index.d.ts.map +1 -1
- package/dist/workflow/index.js.map +1 -1
- package/dist/workflow/lib/activity-outputs.d.ts.map +1 -1
- package/package.json +28 -19
- package/src/agent-composition/lib/agent-workspace-config.ts +3 -3
- package/src/agent-composition/lib/capability-layer.ts +2 -2
- package/src/agent-composition/lib/intrinsic-floor.ts +1 -1
- package/src/agent-session/lib/participant.ts +1 -1
- package/src/agent-workspace/lib/context-json.ts +1 -1
- package/src/agent-workspace/lib/mount-apply.ts +2 -2
- package/src/agent-workspace/lib/workspace-layout.ts +2 -4
- package/src/app-runtime/lib/app-client.ts +1 -1
- package/src/app-runtime/lib/app-lockfile.ts +2 -2
- package/src/app-runtime/lib/app.ts +4 -4
- package/src/app-runtime/lib/audience-policy.ts +2 -2
- package/src/app-runtime/lib/biome-install.ts +3 -3
- package/src/app-runtime/lib/branding-config.ts +1 -1
- package/src/app-runtime/lib/delegated-session.ts +1 -1
- package/src/app-runtime/lib/external-subject.ts +1 -1
- package/src/biome/lib/biome-capability-refs.ts +3 -3
- package/src/biome/lib/biome-engines.ts +2 -2
- package/src/biome/lib/biome-lifecycle-hooks.ts +1 -1
- package/src/biome/lib/biome-lifecycle.ts +3 -3
- package/src/biome/lib/biome-manifest.ts +68 -122
- package/src/biome/lib/biome-permissions.ts +2 -2
- package/src/biome/lib/biome-scope.ts +2 -2
- package/src/biome/lib/biome-trust-tier.ts +1 -1
- package/src/biome/lib/trust-tier-policies.ts +2 -2
- package/src/biome-availability/lib/biome-availability.ts +1 -1
- package/src/capability/lib/capability-contribution.ts +3 -3
- package/src/capability/lib/capability-grant.ts +5 -5
- package/src/capability/lib/capability-policy.ts +2 -2
- package/src/capability/lib/capability-ref.ts +4 -4
- package/src/capability/lib/errors.ts +4 -10
- package/src/capability/lib/meta-tool.ts +2 -5
- package/src/capability/lib/permission-profile.ts +7 -7
- package/src/capability/lib/shell-command-descriptor.ts +3 -3
- package/src/connector/index.ts +2 -0
- package/src/connector/lib/adapter-kind.ts +1 -1
- package/src/connector/lib/capability-refs.ts +1 -1
- package/src/connector/lib/connector-descriptor.ts +67 -0
- package/src/connector/lib/credential-kind.ts +3 -4
- package/src/connector/lib/envelope-schema.ts +2 -2
- package/src/connector/lib/filter-expr-validate.ts +1 -1
- package/src/connector/lib/filter-expr.ts +8 -0
- package/src/connector/lib/provider-descriptor.ts +181 -0
- package/src/contribution/lib/contribution-kind.ts +11 -12
- package/src/contribution/lib/contribution-source.ts +1 -2
- package/src/contribution/lib/contribution.ts +3 -6
- package/src/document-render/lib/render-enums.ts +1 -2
- package/src/execution-context/lib/caller.ts +2 -2
- package/src/execution-context/lib/execution-context.ts +12 -18
- package/src/execution-environment/lib/approval-rule.ts +2 -2
- package/src/execution-environment/lib/built-in-environments.ts +9 -11
- package/src/execution-environment/lib/execution-environment.ts +25 -26
- package/src/inquiry/index.ts +1 -2
- package/src/invocation/lib/invocation-mode.ts +1 -1
- package/src/invocation/lib/invocation-record.ts +1 -1
- package/src/invocation/lib/isolation-level.ts +1 -1
- package/src/kernel-state/lib/adapter-kind.ts +3 -3
- package/src/kernel-state/lib/kernel-state.ts +1 -1
- package/src/kernel-state/lib/key-grammar.ts +1 -1
- package/src/mcp-tool/lib/tool-selection.ts +1 -1
- package/src/object/lib/object-lifecycle.ts +1 -2
- package/src/object/lib/xema-object-kind.ts +1 -1
- package/src/object/lib/xema-object-ref.ts +2 -2
- package/src/org-database/lib/db-result-event.ts +3 -3
- package/src/policy/lib/obligations.ts +5 -6
- package/src/policy/lib/policy.ts +17 -8
- package/src/policy/lib/route-hints.ts +1 -1
- package/src/provisioning/index.ts +1 -1
- package/src/provisioning/lib/provisioning.ts +4 -4
- package/src/resource/lib/resource-ownership-contribution.ts +2 -2
- package/src/runner/lib/dispatch.ts +5 -5
- package/src/runner/lib/job-token.ts +2 -2
- package/src/runner/lib/runner-attestation.ts +2 -2
- package/src/runner/lib/runner-job.ts +2 -2
- package/src/runner/lib/runner-mode.ts +1 -1
- package/src/runner/lib/runner-plane.ts +2 -2
- package/src/runner/lib/runner-registration.ts +9 -10
- package/src/runner/lib/runner.ts +7 -7
- package/src/runner-input-hash/lib/input-hash.ts +2 -2
- package/src/service-registry/lib/service-descriptor.ts +1 -1
- package/src/service-registry/lib/service-names.generated.ts +1 -3
- package/src/space/lib/space-ref-parser.ts +1 -1
- package/src/space/lib/space.ts +4 -5
- package/src/widget/lib/chat-widget-envelope.ts +1 -1
- package/src/worker-runtime/lib/capabilities.ts +1 -1
- package/src/workflow/index.ts +2 -3
- package/src/workflow/lib/activity-outputs.ts +3 -4
- package/src/workflow/lib/agent-role.ts +5 -5
- package/src/workflow/lib/artifact-ref.ts +1 -1
- package/src/workflow/lib/compiled-run.ts +2 -2
- package/src/workflow/lib/compiled-workspace-manifest.ts +2 -2
- package/src/workflow/lib/enums.ts +4 -4
- package/src/workflow/lib/errors.ts +1 -1
- package/src/workflow/lib/model-ref.ts +1 -1
- package/src/workflow/lib/mount-plan.ts +1 -1
- package/src/workflow/lib/platform-task-queue.ts +3 -3
- package/src/workflow/lib/role-capability.ts +1 -1
- package/src/workflow/lib/run-progress.ts +2 -2
- package/src/workflow/lib/trigger-payload.ts +2 -2
- package/src/workflow/lib/variable-requirement.ts +1 -1
- package/src/workflow/lib/workspace-manifest-enums.ts +1 -1
- package/src/workspace-storage/lib/types.ts +1 -1
- package/LICENSE +0 -176
|
@@ -5,7 +5,7 @@ import { CapabilityRefSchema, type CapabilityRef } from './capability-ref';
|
|
|
5
5
|
* Stub for a JSON Schema reference. Modelled as `{ $ref: string }` so
|
|
6
6
|
* downstream services (notably `xema-shell-api`) can plug in their richer
|
|
7
7
|
* `JsonSchemaRef` shape without the kernel having to know about JSON Schema
|
|
8
|
-
* machinery.
|
|
8
|
+
* machinery. An intentional scope limit.
|
|
9
9
|
*/
|
|
10
10
|
export interface JsonSchemaRefStub {
|
|
11
11
|
$ref: string;
|
|
@@ -16,7 +16,7 @@ export const JsonSchemaRefStubSchema = z.object({
|
|
|
16
16
|
}) as z.ZodType<JsonSchemaRefStub>;
|
|
17
17
|
|
|
18
18
|
/**
|
|
19
|
-
* `ShellCommandDescriptor` —
|
|
19
|
+
* `ShellCommandDescriptor` — single source of truth for human
|
|
20
20
|
* help (`xema help <cmd>`), agent help (the `xema-shell:run@1` self-describe
|
|
21
21
|
* surface), and the host UI's command palette.
|
|
22
22
|
*
|
|
@@ -28,7 +28,7 @@ export const JsonSchemaRefStubSchema = z.object({
|
|
|
28
28
|
* depend on `@xemahq/xema-object-contracts`, which would form a kernel cycle
|
|
29
29
|
* if `xema-object-contracts` ever needed a `CapabilityRef`.
|
|
30
30
|
*
|
|
31
|
-
* `safeForAgents` is enforced by `xema-capability-router`
|
|
31
|
+
* `safeForAgents` is enforced by `xema-capability-router` — the
|
|
32
32
|
* descriptor is the source of truth; the gateway never relaxes it.
|
|
33
33
|
*/
|
|
34
34
|
export interface ShellCommandDescriptor {
|
package/src/connector/index.ts
CHANGED
|
@@ -2,6 +2,8 @@ export * from './lib/adapter-kind';
|
|
|
2
2
|
export * from './lib/capability';
|
|
3
3
|
export * from './lib/credential-kind';
|
|
4
4
|
export * from './lib/onboarding-manifest';
|
|
5
|
+
export * from './lib/provider-descriptor';
|
|
6
|
+
export * from './lib/connector-descriptor';
|
|
5
7
|
export * from './lib/envelope-schema';
|
|
6
8
|
export * from './lib/filter-expr';
|
|
7
9
|
export * from './lib/filter-expr-schema';
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
*
|
|
10
10
|
* The set is *built-in-closed but biome-extensible*: biomes may
|
|
11
11
|
* contribute additional kinds via the future `AdapterContribution`
|
|
12
|
-
* registry
|
|
12
|
+
* registry. The closed enum below names only the kinds the
|
|
13
13
|
* platform ships out-of-the-box. Anything outside this list MUST be
|
|
14
14
|
* either a built-in plus a biome contribution, or routed through an
|
|
15
15
|
* opaque `AdapterKindRef` string captured below.
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
// contracts`); they version like syscalls (`@1`, `@2`, ...) and the runtime
|
|
7
7
|
// MUST refuse to dispatch a major version it has not registered.
|
|
8
8
|
//
|
|
9
|
-
//
|
|
9
|
+
// This file is the registry seed; the
|
|
10
10
|
// `connector-gateway-api` capability dispatcher MAY consume it directly for
|
|
11
11
|
// `name`-side validation.
|
|
12
12
|
// ═══════════════════════════════════════════════════════════════════════════
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ─────────────────────────────────────────────────────────────────────────
|
|
3
|
+
* Connector descriptor — a capability surface authenticated by ONE provider
|
|
4
|
+
*
|
|
5
|
+
* A **Connector** is what a user actually connects: Gmail, Google Drive,
|
|
6
|
+
* generic IMAP, generic SMTP, a GitHub SCM connector. Every connector names
|
|
7
|
+
* the **Provider** it authenticates against (`providerKey`) and the incremental
|
|
8
|
+
* OAuth `scopes` it needs from that provider. The catalog groups connectors by
|
|
9
|
+
* provider so ONE app credential (per `ProviderDescriptor`) backs many
|
|
10
|
+
* connectors.
|
|
11
|
+
*
|
|
12
|
+
* This descriptor is the connector-registry face of an
|
|
13
|
+
* `IntegrationProviderModule`: the module carries the executable
|
|
14
|
+
* webhook/action/resource handlers; this descriptor carries the
|
|
15
|
+
* *catalog + connect* metadata the framework needs
|
|
16
|
+
* to render the provider-grouped catalog, drive consent with the right scopes,
|
|
17
|
+
* and resolve the right per-connection credential kind.
|
|
18
|
+
* ─────────────────────────────────────────────────────────────────────────
|
|
19
|
+
*/
|
|
20
|
+
|
|
21
|
+
import type { AdapterKindRef } from './adapter-kind';
|
|
22
|
+
import type { CredentialKind } from './credential-kind';
|
|
23
|
+
|
|
24
|
+
/**
|
|
25
|
+
* A connector in the catalog. `connectorKey` aligns with the persisted
|
|
26
|
+
* `ConnectorKind` wire value (e.g. `GMAIL`, `IMAP_GENERIC`, `SMTP_GENERIC`)
|
|
27
|
+
* but is typed as a string here to keep the kernel `connector` contract
|
|
28
|
+
* package free of the persisted `ConnectorKind` enum (which lives in
|
|
29
|
+
* platform-common's integration-webhooks); the connector-gateway maps the two.
|
|
30
|
+
*/
|
|
31
|
+
export interface ConnectorDescriptor {
|
|
32
|
+
/** Stable connector key — aligns with the persisted `ConnectorKind`. */
|
|
33
|
+
readonly connectorKey: string;
|
|
34
|
+
/** Human-readable name — `Gmail`, `Generic IMAP`. */
|
|
35
|
+
readonly displayName: string;
|
|
36
|
+
/** One-sentence description shown on the connector row. */
|
|
37
|
+
readonly description: string;
|
|
38
|
+
/** Lucide-react icon name; may differ from the provider's icon. */
|
|
39
|
+
readonly iconName: string;
|
|
40
|
+
|
|
41
|
+
/** The provider (authenticating authority) this connector belongs to. */
|
|
42
|
+
readonly providerKey: string;
|
|
43
|
+
|
|
44
|
+
/**
|
|
45
|
+
* Incremental OAuth scopes this connector requests from its provider. Empty
|
|
46
|
+
* for connectors whose provider `appAuthKind` is `None` (IMAP/SMTP). When a
|
|
47
|
+
* second connector of the same OAuth provider is connected, the consent
|
|
48
|
+
* driver requests the UNION of already-granted + these scopes (incremental
|
|
49
|
+
* consent) so one app credential accrues capability without re-consent for
|
|
50
|
+
* scopes already held.
|
|
51
|
+
*/
|
|
52
|
+
readonly scopes: readonly string[];
|
|
53
|
+
|
|
54
|
+
/**
|
|
55
|
+
* How an individual connection to THIS connector authenticates at runtime
|
|
56
|
+
* (the per-connection wallet/token). `oauth_user` for OAuth connectors,
|
|
57
|
+
* `imap_auth` / `smtp_auth` for the mail wallets, `pat` / `api_key`, …
|
|
58
|
+
*/
|
|
59
|
+
readonly connectionCredentialKind: CredentialKind;
|
|
60
|
+
|
|
61
|
+
/**
|
|
62
|
+
* The adapter category this connector plugs into (`mail`, `scm`, …). Drives
|
|
63
|
+
* where normalized inbound envelopes are forwarded and which project-binding
|
|
64
|
+
* surface the connector appears under.
|
|
65
|
+
*/
|
|
66
|
+
readonly adapterKind: AdapterKindRef;
|
|
67
|
+
}
|
|
@@ -1,11 +1,10 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Closed enum of credential strategies the platform knows how to mint,
|
|
3
|
-
* cache, refresh and revoke. Biomes contributing new providers
|
|
4
|
-
*
|
|
3
|
+
* cache, refresh and revoke. Biomes contributing new providers MUST
|
|
4
|
+
* declare one of these — they never ship custom mint code.
|
|
5
5
|
*
|
|
6
6
|
* Adding a kind here is a one-line schema change plus a matching
|
|
7
|
-
* strategy implementation
|
|
8
|
-
* `apps/integration-adapters-api/src/credentials/strategies/<kind>/`.
|
|
7
|
+
* strategy implementation for that kind.
|
|
9
8
|
*/
|
|
10
9
|
export enum CredentialKind {
|
|
11
10
|
/** GitHub App / GitLab App style installation token (per-installation, 1h). */
|
|
@@ -11,7 +11,7 @@ import { BuiltInAdapterKind, type AdapterKindRef } from './adapter-kind';
|
|
|
11
11
|
* evaluating to `false` at dispatch.
|
|
12
12
|
*
|
|
13
13
|
* The map is keyed by `(adapterKind, entityKind)`. When a webhook
|
|
14
|
-
* filter declares its target `entityKind` (
|
|
14
|
+
* filter declares its target `entityKind` (a manifest field),
|
|
15
15
|
* the cross-validator narrows path checking to that entry. Filters
|
|
16
16
|
* that omit `entityKind` fall back to the `UNION_ENTITY_KIND` entry,
|
|
17
17
|
* which collects every path across the adapter's entity kinds — over-
|
|
@@ -167,7 +167,7 @@ registerEnvelopeSchema(BuiltInAdapterKind.Documentation, {
|
|
|
167
167
|
|
|
168
168
|
/**
|
|
169
169
|
* Register the per-entityKind permitted `$envelope.*` paths for a
|
|
170
|
-
* biome-contributed AdapterKind
|
|
170
|
+
* biome-contributed AdapterKind. Built-in kinds are pre-
|
|
171
171
|
* registered above. Re-registering an existing kind REPLACES its
|
|
172
172
|
* entry set — `integration-adapters-api`'s registry is the authority,
|
|
173
173
|
* so biome upgrades surface here.
|
|
@@ -56,7 +56,7 @@ export interface FilterExprPathIssue {
|
|
|
56
56
|
* Statically validate that every `$envelope.*` path the predicate
|
|
57
57
|
* references is permitted by the canonical envelope schema for
|
|
58
58
|
* `(adapterKind, entityKind)`. `$selector` paths are NOT validated
|
|
59
|
-
* here — selectors are opaque-by-design
|
|
59
|
+
* here — selectors are opaque-by-design: their
|
|
60
60
|
* shape is governed by the biome's install JSON Schema, not by a
|
|
61
61
|
* kernel-level path map.
|
|
62
62
|
*
|
|
@@ -184,6 +184,8 @@ function scalarEqual(a: unknown, b: unknown): boolean {
|
|
|
184
184
|
*/
|
|
185
185
|
const REGEX_CACHE = new Map<string, RegExp>();
|
|
186
186
|
const REGEX_MAX_LEN = 256;
|
|
187
|
+
/** Cap on distinct compiled patterns retained, to bound memory in a long-lived process. */
|
|
188
|
+
const REGEX_CACHE_MAX = 1_000;
|
|
187
189
|
|
|
188
190
|
function compileRegex(pattern: string): RegExp {
|
|
189
191
|
const cached = REGEX_CACHE.get(pattern);
|
|
@@ -198,6 +200,12 @@ function compileRegex(pattern: string): RegExp {
|
|
|
198
200
|
}
|
|
199
201
|
try {
|
|
200
202
|
const re = new RegExp(pattern);
|
|
203
|
+
// Evict the oldest entry (Map preserves insertion order) once the cache is
|
|
204
|
+
// full, so an unbounded stream of distinct patterns cannot grow it forever.
|
|
205
|
+
if (REGEX_CACHE.size >= REGEX_CACHE_MAX) {
|
|
206
|
+
const oldest = REGEX_CACHE.keys().next().value;
|
|
207
|
+
if (oldest !== undefined) REGEX_CACHE.delete(oldest);
|
|
208
|
+
}
|
|
201
209
|
REGEX_CACHE.set(pattern, re);
|
|
202
210
|
return re;
|
|
203
211
|
} catch (cause) {
|
|
@@ -0,0 +1,181 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ─────────────────────────────────────────────────────────────────────────
|
|
3
|
+
* Provider descriptor — the authenticating authority ("app") behind N connectors
|
|
4
|
+
*
|
|
5
|
+
* A **Provider** is the identity/authority a set of connectors authenticates
|
|
6
|
+
* against — e.g. `google`, `microsoft`, `github`, `slack`, `smtp`, `imap`.
|
|
7
|
+
* ONE provider owns ONE **app credential** (a Google Cloud OAuth client, a
|
|
8
|
+
* GitHub App private key, …) and fans out to MANY **connectors** (Gmail,
|
|
9
|
+
* Google Drive, Google Calendar …), each of which reuses that single app
|
|
10
|
+
* credential with its own incremental scopes.
|
|
11
|
+
*
|
|
12
|
+
* This is the "Google is a world" fix: the catalog lists connectors grouped
|
|
13
|
+
* under one provider card; the app credential is provided once (by a platform
|
|
14
|
+
* admin, or overridden per-org as BYO) and every connector under the provider
|
|
15
|
+
* reuses it. Adding a new Google service later is a new *connector* with new
|
|
16
|
+
* scopes — never a new credential and never a framework change.
|
|
17
|
+
*
|
|
18
|
+
* The descriptor is a **runtime contract** describing how a provider's app
|
|
19
|
+
* credential is obtained and where it lives. Actual secret VALUES are never
|
|
20
|
+
* carried here — only the SCHEMA of what an admin must supply
|
|
21
|
+
* (`appCredentialSchema`) and non-secret OAuth endpoint metadata. Secrets are
|
|
22
|
+
* held by the credential broker + custody, referenced by env-var name or
|
|
23
|
+
* custody ref, never inlined.
|
|
24
|
+
* ─────────────────────────────────────────────────────────────────────────
|
|
25
|
+
*/
|
|
26
|
+
|
|
27
|
+
import type { CredentialFieldSpec } from './onboarding-manifest';
|
|
28
|
+
|
|
29
|
+
/**
|
|
30
|
+
* How a provider's APP-level credential authenticates. This is distinct from
|
|
31
|
+
* a *connector's* per-connection `CredentialKind` (how an individual user/
|
|
32
|
+
* mailbox connection authenticates) — it describes the shared "app" that the
|
|
33
|
+
* platform/org registers once.
|
|
34
|
+
*/
|
|
35
|
+
export enum ProviderAppAuthKind {
|
|
36
|
+
/**
|
|
37
|
+
* 3-legged OAuth: the app is a registered OAuth client (clientId/secret).
|
|
38
|
+
* Connecting a connector runs an authorization-code consent redirect using
|
|
39
|
+
* the app credential + the connector's scopes. e.g. Google, Microsoft,
|
|
40
|
+
* Slack.
|
|
41
|
+
*/
|
|
42
|
+
OAuth2 = 'oauth2',
|
|
43
|
+
/**
|
|
44
|
+
* App-installation flow (GitHub App / GitLab App / Atlassian Connect): the
|
|
45
|
+
* app authenticates via an app id + private key and the user installs it
|
|
46
|
+
* onto their account/org. e.g. GitHub.
|
|
47
|
+
*/
|
|
48
|
+
AppInstall = 'app_install',
|
|
49
|
+
/**
|
|
50
|
+
* No shared app credential at all — every connection carries its own
|
|
51
|
+
* complete secret (a mailbox host+user+password, a raw API key). The
|
|
52
|
+
* connector is connectable with NO platform/org setup. e.g. generic SMTP,
|
|
53
|
+
* generic IMAP.
|
|
54
|
+
*/
|
|
55
|
+
None = 'none',
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
/**
|
|
59
|
+
* Who shipped a provider. Determines WHICH admin fulfils its app-credential
|
|
60
|
+
* requirement and at which scope the requirement is registered.
|
|
61
|
+
*
|
|
62
|
+
* - `kernel` — a first-party provider baked into the platform.
|
|
63
|
+
* - `platform` — shipped by a platform (Layer-2) service/biome installed
|
|
64
|
+
* platform-wide; platform admin fulfils it.
|
|
65
|
+
* - `biome` — introduced by a biome. When that biome is installed at ORG
|
|
66
|
+
* scope, the requirement is org-scoped (the org admin BYO-fills
|
|
67
|
+
* it) because the platform never shipped the provider.
|
|
68
|
+
*/
|
|
69
|
+
export enum ProviderOrigin {
|
|
70
|
+
Kernel = 'kernel',
|
|
71
|
+
Platform = 'platform',
|
|
72
|
+
Biome = 'biome',
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
/**
|
|
76
|
+
* The two scopes at which a provider's APP credential can be provisioned.
|
|
77
|
+
* Deliberately a SEPARATE, minimal enum from the 5-tier ownership
|
|
78
|
+
* `ScopeSource` and from the credential-broker's per-connection
|
|
79
|
+
* `CredentialScopeTier` — app-credential provisioning is a strict 2-tier
|
|
80
|
+
* concern: a platform-wide default that an org may override.
|
|
81
|
+
*
|
|
82
|
+
* Resolution precedence (narrowest wins):
|
|
83
|
+
*
|
|
84
|
+
* Org (BYO) > Platform (default) > [legacy env-var fallback] > unset
|
|
85
|
+
*
|
|
86
|
+
* An unset REQUIRED app credential is surfaced to the correct admin and the
|
|
87
|
+
* connector reports "needs setup" — it never silently falls through to an
|
|
88
|
+
* unauthenticated request.
|
|
89
|
+
*/
|
|
90
|
+
export enum ProviderCredentialScope {
|
|
91
|
+
Platform = 'platform',
|
|
92
|
+
Org = 'org',
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
/** Precedence order for app-credential resolution — index 0 wins. */
|
|
96
|
+
export const PROVIDER_CREDENTIAL_SCOPE_ORDER: readonly ProviderCredentialScope[] =
|
|
97
|
+
[ProviderCredentialScope.Org, ProviderCredentialScope.Platform];
|
|
98
|
+
|
|
99
|
+
/**
|
|
100
|
+
* Non-secret OAuth endpoint metadata for a `ProviderAppAuthKind.OAuth2`
|
|
101
|
+
* provider. Client id/secret are NOT here — they are the app credential,
|
|
102
|
+
* resolved from a provision (or the legacy env fallback) at consent time.
|
|
103
|
+
*/
|
|
104
|
+
export interface ProviderOAuthEndpoints {
|
|
105
|
+
/** Authorization-code consent endpoint (where the user is redirected). */
|
|
106
|
+
readonly authorizationUrl: string;
|
|
107
|
+
/** Token-exchange endpoint (code→token, refresh-token rotation). */
|
|
108
|
+
readonly tokenUrl: string;
|
|
109
|
+
/**
|
|
110
|
+
* Extra authorize-request params a provider needs to actually mint a
|
|
111
|
+
* refresh token / do incremental consent. Non-secret. e.g. Google needs
|
|
112
|
+
* `{ access_type: 'offline', include_granted_scopes: 'true', prompt:
|
|
113
|
+
* 'consent' }`. Kept explicit rather than hardcoded in the driver so a new
|
|
114
|
+
* OAuth provider is pure data.
|
|
115
|
+
*/
|
|
116
|
+
readonly extraAuthorizeParams?: Readonly<Record<string, string>>;
|
|
117
|
+
/**
|
|
118
|
+
* Legacy env-var NAMES the OAuth driver falls back to for the app
|
|
119
|
+
* client id / secret when no provision exists yet (bootstrap before the
|
|
120
|
+
* platform-admin UI is used). Never the secret itself. Optional — a
|
|
121
|
+
* provider with no env fallback simply reports "needs setup" until an
|
|
122
|
+
* admin provisions it.
|
|
123
|
+
*/
|
|
124
|
+
readonly clientIdEnvVar?: string;
|
|
125
|
+
readonly clientSecretEnvVar?: string;
|
|
126
|
+
}
|
|
127
|
+
|
|
128
|
+
/**
|
|
129
|
+
* A first-class Provider (authenticating authority). Registered in the
|
|
130
|
+
* provider registry alongside — but distinct from — the connectors that
|
|
131
|
+
* reference it via `Connector.providerKey`.
|
|
132
|
+
*/
|
|
133
|
+
export interface ProviderDescriptor {
|
|
134
|
+
/** Stable lowercase slug — `google`, `microsoft`, `github`, `smtp`. */
|
|
135
|
+
readonly providerKey: string;
|
|
136
|
+
/** Human-readable name — `Google`, `Microsoft`, `Generic SMTP`. */
|
|
137
|
+
readonly displayName: string;
|
|
138
|
+
/** One-sentence description shown on the provider card. */
|
|
139
|
+
readonly description: string;
|
|
140
|
+
/** Lucide-react icon name; frontend maps to a component. */
|
|
141
|
+
readonly iconName: string;
|
|
142
|
+
/** Catalog grouping label (e.g. `Email`, `Source control`, `Chat`). */
|
|
143
|
+
readonly category: string;
|
|
144
|
+
|
|
145
|
+
/** How the shared app credential authenticates. */
|
|
146
|
+
readonly appAuthKind: ProviderAppAuthKind;
|
|
147
|
+
/** Who shipped the provider — drives requirement scope + which admin fills. */
|
|
148
|
+
readonly origin: ProviderOrigin;
|
|
149
|
+
|
|
150
|
+
/**
|
|
151
|
+
* Schema of the app-credential fields an admin must supply to register the
|
|
152
|
+
* app (Google → clientId/clientSecret[/pubsubTopic]; GitHub App → appId/
|
|
153
|
+
* privateKey/webhookSecret). Empty/omitted when `appAuthKind = None`
|
|
154
|
+
* (nothing to provision — the connector is immediately connectable).
|
|
155
|
+
*/
|
|
156
|
+
readonly appCredentialSchema?: readonly CredentialFieldSpec[];
|
|
157
|
+
|
|
158
|
+
/**
|
|
159
|
+
* OAuth endpoint metadata — REQUIRED when `appAuthKind = OAuth2`, absent
|
|
160
|
+
* otherwise.
|
|
161
|
+
*/
|
|
162
|
+
readonly oauthEndpoints?: ProviderOAuthEndpoints;
|
|
163
|
+
|
|
164
|
+
/**
|
|
165
|
+
* Whether an org may override the platform-default app credential with its
|
|
166
|
+
* own (BYO app). `false` pins the provider to the platform provision only.
|
|
167
|
+
* Ignored when `appAuthKind = None` (there is no shared app to override).
|
|
168
|
+
*/
|
|
169
|
+
readonly allowOrgOverride: boolean;
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
/**
|
|
173
|
+
* True when a provider needs an app credential provisioned before any of its
|
|
174
|
+
* connectors can be connected (i.e. anything other than `None`). Callers use
|
|
175
|
+
* this to decide whether to surface a "needs setup" state and to whom.
|
|
176
|
+
*/
|
|
177
|
+
export function providerRequiresAppCredential(
|
|
178
|
+
provider: Pick<ProviderDescriptor, 'appAuthKind'>,
|
|
179
|
+
): boolean {
|
|
180
|
+
return provider.appAuthKind !== ProviderAppAuthKind.None;
|
|
181
|
+
}
|
|
@@ -5,16 +5,15 @@ import { z } from 'zod';
|
|
|
5
5
|
* (biome) may contribute to the Xema OS through the Contribution Protocol
|
|
6
6
|
* (XSI plane 2). Extending it is a one-line PR to the kernel.
|
|
7
7
|
*
|
|
8
|
-
* The seed set is
|
|
9
|
-
*
|
|
10
|
-
* pulled from a specific section of the same plan and is cited inline.
|
|
8
|
+
* The v1 seed set is grouped first below. Each additional value beyond the
|
|
9
|
+
* v1 seed (e.g. `ShellCommand`, `DoctorCheck`) extends the closed enum.
|
|
11
10
|
*
|
|
12
11
|
* Enum string values match the slug spoken by the rest of the protocol
|
|
13
12
|
* (Capability References, manifest declarations) so that round-tripping
|
|
14
13
|
* between the enum and the wire is lossless.
|
|
15
14
|
*/
|
|
16
15
|
export enum ContributionKind {
|
|
17
|
-
// -- v1 seed
|
|
16
|
+
// -- v1 seed ---------------------------------------------------------------
|
|
18
17
|
ConnectorBinding = 'connector-binding',
|
|
19
18
|
MountSource = 'mount-source',
|
|
20
19
|
McpTool = 'mcp-tool',
|
|
@@ -29,13 +28,13 @@ export enum ContributionKind {
|
|
|
29
28
|
ModelResolutionDimension = 'model-resolution-dimension',
|
|
30
29
|
WidgetKind = 'widget-kind',
|
|
31
30
|
|
|
32
|
-
// -- Xema Shell additions
|
|
33
|
-
/** A command descriptor contributed to the Xema Shell.
|
|
31
|
+
// -- Xema Shell additions --------------------------------------------------
|
|
32
|
+
/** A command descriptor contributed to the Xema Shell. */
|
|
34
33
|
ShellCommand = 'shell-command',
|
|
35
|
-
/** A `xema doctor` health check contributed by a biome.
|
|
34
|
+
/** A `xema doctor` health check contributed by a biome. */
|
|
36
35
|
DoctorCheck = 'doctor-check',
|
|
37
36
|
|
|
38
|
-
// -- Registry gaps closed
|
|
37
|
+
// -- Registry gaps closed --------------------------------------------------
|
|
39
38
|
/**
|
|
40
39
|
* An artifact type contributed by a biome to the artifact-store schema-
|
|
41
40
|
* version registry (`ArtifactTypeRegistryService`). The registry adapter
|
|
@@ -49,8 +48,8 @@ export enum ContributionKind {
|
|
|
49
48
|
*/
|
|
50
49
|
InquiryKind = 'inquiry-kind',
|
|
51
50
|
|
|
52
|
-
// --
|
|
53
|
-
// The
|
|
51
|
+
// -- Contribution-absorption additions -------------------------------------
|
|
52
|
+
// The "Contribution Protocol" rollup is the single source of
|
|
54
53
|
// truth for every kind of contribution a biome can ship. A biome's
|
|
55
54
|
// `contributions/` directory replaces the legacy `content/` + `modules/`
|
|
56
55
|
// seeders. Per-kind handlers are wired through
|
|
@@ -105,7 +104,7 @@ export enum ContributionKind {
|
|
|
105
104
|
/** A runtime-mount kind module contributed by a biome. */
|
|
106
105
|
RuntimeMountKind = 'runtime-mount-kind',
|
|
107
106
|
|
|
108
|
-
// --
|
|
107
|
+
// -- Capability self-registration ------------------------------------------
|
|
109
108
|
/**
|
|
110
109
|
* A `CapabilityRef` descriptor contributed by a biome — title, summary,
|
|
111
110
|
* I/O schemas, risk tier, and approval flag. The boot-time codemod
|
|
@@ -122,7 +121,7 @@ export enum ContributionKind {
|
|
|
122
121
|
*/
|
|
123
122
|
Capability = 'capability',
|
|
124
123
|
|
|
125
|
-
// --
|
|
124
|
+
// -- Resource-ownership self-registration ----------------------------------
|
|
126
125
|
/**
|
|
127
126
|
* A resource-instance ownership/visibility declaration contributed by a
|
|
128
127
|
* biome — `resourceType` + `resourceId` + a `ResourceVisibilityPattern` +
|
|
@@ -2,8 +2,7 @@ import { z } from 'zod';
|
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* `ContributionSource` is the 5-tier scope at which a Contribution lives.
|
|
5
|
-
* Value-identical to `SkillSpace` and `AgentSpace`
|
|
6
|
-
* `.claude/rules/skills-and-composition.md`) — the three enums share ONE
|
|
5
|
+
* Value-identical to `SkillSpace` and `AgentSpace` — the three enums share ONE
|
|
7
6
|
* ownership / scope model and must not drift.
|
|
8
7
|
*
|
|
9
8
|
* Precedence — **most specific wins**:
|
|
@@ -109,8 +109,6 @@ export const ContributionVersionSchema = z
|
|
|
109
109
|
* regardless of `kind`, carries this shape. Kind-specific contracts packages
|
|
110
110
|
* own their own `TManifest` Zod schemas and feed them to
|
|
111
111
|
* `contributionEnvelopeSchema` to get a fully-typed runtime validator.
|
|
112
|
-
*
|
|
113
|
-
* See plan-of-record §12.2 for the prose definition.
|
|
114
112
|
*/
|
|
115
113
|
export interface Contribution<
|
|
116
114
|
TKind extends ContributionKind,
|
|
@@ -175,11 +173,10 @@ export interface ContributionIngestContext {
|
|
|
175
173
|
}
|
|
176
174
|
|
|
177
175
|
/**
|
|
178
|
-
* Per-kind ingestion handler.
|
|
176
|
+
* Per-kind ingestion handler. The Contribution Protocol replaces 14 hand-
|
|
179
177
|
* rolled `Bootstrap*Service` seeders with a single generic
|
|
180
|
-
* `BootstrapContributionsService<TKind, TManifest>` template
|
|
181
|
-
*
|
|
182
|
-
* interface.
|
|
178
|
+
* `BootstrapContributionsService<TKind, TManifest>` template whose only
|
|
179
|
+
* per-kind specialisation is an implementation of this interface.
|
|
183
180
|
*
|
|
184
181
|
* Implementations MUST:
|
|
185
182
|
* - pin `kind` to the concrete `ContributionKind` they handle so the
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Closed enums for the render service wire. Real TS enums (not
|
|
3
|
-
* string-literal unions) so OpenAPI/Orval emit stable enum schemas
|
|
4
|
-
* `docs/API_STANDARDS.md` and `.claude/rules/backend.md`.
|
|
3
|
+
* string-literal unions) so OpenAPI/Orval emit stable enum schemas.
|
|
5
4
|
*/
|
|
6
5
|
|
|
7
6
|
/**
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
|
-
* Closed caller-kind set
|
|
4
|
+
* Closed caller-kind set.
|
|
5
5
|
*
|
|
6
6
|
* Distinguishes how the invocation entered the system — drives audit
|
|
7
7
|
* shape, default obligations (e.g. `Web` callers default to `audit` +
|
|
@@ -21,7 +21,7 @@ export const CallerKindSchema = z.nativeEnum(CallerKind);
|
|
|
21
21
|
/**
|
|
22
22
|
* `Caller` — entry-point envelope captured on every invocation.
|
|
23
23
|
*
|
|
24
|
-
*
|
|
24
|
+
* Contract shape:
|
|
25
25
|
* { kind: CallerKind; appId?; sessionId?; ip?; userAgent? }
|
|
26
26
|
*
|
|
27
27
|
* `appId` and `sessionId` are populated when the caller is an embedded
|
|
@@ -30,8 +30,7 @@ import {
|
|
|
30
30
|
} from './subject';
|
|
31
31
|
|
|
32
32
|
/**
|
|
33
|
-
* Closed biome trust-tier set referenced by `ExecutionContext.biome
|
|
34
|
-
* (plan v4.3 §A.3).
|
|
33
|
+
* Closed biome trust-tier set referenced by `ExecutionContext.biome`.
|
|
35
34
|
*
|
|
36
35
|
* Tier ordering goes Untrusted → Community → Verified → Official; OPA
|
|
37
36
|
* policy bundles MAY gate a capability to a minimum tier, but the kernel
|
|
@@ -48,8 +47,8 @@ export enum BiomeTrustTier {
|
|
|
48
47
|
export const BiomeTrustTierSchema = z.nativeEnum(BiomeTrustTier);
|
|
49
48
|
|
|
50
49
|
/**
|
|
51
|
-
* Biome attestation block carried on `ExecutionContext.biome
|
|
52
|
-
*
|
|
50
|
+
* Biome attestation block carried on `ExecutionContext.biome`.
|
|
51
|
+
* Set when the capability is provided by a biome (vs. an
|
|
53
52
|
* embedded built-in). `signatureVerified` is the Cosign verdict from the
|
|
54
53
|
* biome-fetcher-api at install time.
|
|
55
54
|
*/
|
|
@@ -68,8 +67,7 @@ export const ExecutionContextBiomeSchema = z.object({
|
|
|
68
67
|
}) as z.ZodType<ExecutionContextBiome>;
|
|
69
68
|
|
|
70
69
|
/**
|
|
71
|
-
* Environment block carried on `ExecutionContext.environment
|
|
72
|
-
* v4.3 §A.3).
|
|
70
|
+
* Environment block carried on `ExecutionContext.environment`.
|
|
73
71
|
*
|
|
74
72
|
* `id` is the canonical `environment:<slug>` ref (string-typed here to
|
|
75
73
|
* keep the envelope JSON-clean — the kernel-side reference type lives in the
|
|
@@ -89,8 +87,7 @@ export const ExecutionContextEnvironmentSchema = z.object({
|
|
|
89
87
|
}) as z.ZodType<ExecutionContextEnvironment>;
|
|
90
88
|
|
|
91
89
|
/**
|
|
92
|
-
* Capability block carried on `ExecutionContext.capability
|
|
93
|
-
* v4.3 §A.3).
|
|
90
|
+
* Capability block carried on `ExecutionContext.capability`.
|
|
94
91
|
*
|
|
95
92
|
* `ref` is the canonical capability reference (`<biome>:<verb>@<major>`).
|
|
96
93
|
* `inputHash` is an optional SHA-256 fingerprint of the JSON-serialised
|
|
@@ -108,7 +105,7 @@ export const ExecutionContextCapabilitySchema = z.object({
|
|
|
108
105
|
}) as z.ZodType<ExecutionContextCapability>;
|
|
109
106
|
|
|
110
107
|
/**
|
|
111
|
-
* Resource block carried on `ExecutionContext.resource
|
|
108
|
+
* Resource block carried on `ExecutionContext.resource`.
|
|
112
109
|
*
|
|
113
110
|
* Set when the invocation targets a specific persistent object (a
|
|
114
111
|
* XemaObject, a document, an SCM file). `ref` is the resource reference
|
|
@@ -127,8 +124,7 @@ export const ExecutionContextResourceSchema = z.object({
|
|
|
127
124
|
}) as z.ZodType<ExecutionContextResource>;
|
|
128
125
|
|
|
129
126
|
/**
|
|
130
|
-
* Constraints block carried on `ExecutionContext.constraints
|
|
131
|
-
* v4.3 §A.3).
|
|
127
|
+
* Constraints block carried on `ExecutionContext.constraints`.
|
|
132
128
|
*
|
|
133
129
|
* Per-invocation caps + flags the gateway derives from the caller's
|
|
134
130
|
* grant, the org's environment policy, and the capability's defaults.
|
|
@@ -155,14 +151,14 @@ export const ExecutionContextConstraintsSchema = z.object({
|
|
|
155
151
|
}) as z.ZodType<ExecutionContextConstraints>;
|
|
156
152
|
|
|
157
153
|
/**
|
|
158
|
-
* `ExecutionContext` — the per-invocation envelope
|
|
154
|
+
* `ExecutionContext` — the per-invocation envelope.
|
|
159
155
|
*
|
|
160
|
-
* Constructed by
|
|
156
|
+
* Constructed by the capability router at the gateway boundary,
|
|
161
157
|
* passed verbatim to `authorization-api` for the policy check, and
|
|
162
158
|
* forwarded to the dispatched runner. Audit, policy, and runner all
|
|
163
159
|
* read the SAME shape — no parallel envelopes.
|
|
164
160
|
*
|
|
165
|
-
*
|
|
161
|
+
* The dispatch pipeline wires this through at runtime. This
|
|
166
162
|
* package is contract-only — no consumer rewiring lives here.
|
|
167
163
|
*/
|
|
168
164
|
export interface ExecutionContext {
|
|
@@ -180,15 +176,13 @@ export interface ExecutionContext {
|
|
|
180
176
|
/**
|
|
181
177
|
* RFC 8693 delegation chain (`act`), outermost-acting-first. Built at the
|
|
182
178
|
* gateway from `RequestContext.actorChain` and carried through policy → audit
|
|
183
|
-
* → credential-broker. Empty/omitted for a non-delegated invocation
|
|
184
|
-
* (plan §W4 / Pillar 3.2).
|
|
179
|
+
* → credential-broker. Empty/omitted for a non-delegated invocation.
|
|
185
180
|
*/
|
|
186
181
|
actorChain?: ActingForRef[];
|
|
187
182
|
/**
|
|
188
183
|
* Opaque credential-binding id the PDP selected for this invocation
|
|
189
184
|
* (`PolicyDecision.credentialBindingId`). When present, the executing
|
|
190
|
-
* gateway/runner resolves it via the credential-broker. NEVER a secret
|
|
191
|
-
* (plan §W4 / Pillar 3.2).
|
|
185
|
+
* gateway/runner resolves it via the credential-broker. NEVER a secret.
|
|
192
186
|
*/
|
|
193
187
|
credentialBindingId?: string;
|
|
194
188
|
/**
|
|
@@ -5,8 +5,8 @@ import {
|
|
|
5
5
|
} from '../../capability';
|
|
6
6
|
|
|
7
7
|
/**
|
|
8
|
-
* Per-environment approval rule (
|
|
9
|
-
*
|
|
8
|
+
* Per-environment approval rule (`ExecutionEnvironment.approvalRules[]`):
|
|
9
|
+
* human-in-the-loop approval at runtime.
|
|
10
10
|
*
|
|
11
11
|
* When a runtime invocation matches a rule whose `capability` ref covers the
|
|
12
12
|
* call, the gateway suspends the invocation, emits an `ApprovalRequested`
|