@xemahq/kernel-contracts 0.22.2 → 0.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (164) hide show
  1. package/dist/agent-workspace/awp-spec.json +0 -1
  2. package/dist/agent-workspace/lib/workspace-layout.d.ts.map +1 -1
  3. package/dist/agent-workspace/lib/workspace-layout.js.map +1 -1
  4. package/dist/biome/lib/biome-manifest.d.ts +0 -8
  5. package/dist/biome/lib/biome-manifest.d.ts.map +1 -1
  6. package/dist/biome/lib/biome-manifest.js +4 -50
  7. package/dist/biome/lib/biome-manifest.js.map +1 -1
  8. package/dist/capability/lib/errors.d.ts.map +1 -1
  9. package/dist/capability/lib/errors.js.map +1 -1
  10. package/dist/capability/lib/meta-tool.d.ts.map +1 -1
  11. package/dist/capability/lib/meta-tool.js.map +1 -1
  12. package/dist/connector/index.d.ts +2 -0
  13. package/dist/connector/index.d.ts.map +1 -1
  14. package/dist/connector/index.js +2 -0
  15. package/dist/connector/index.js.map +1 -1
  16. package/dist/connector/lib/connector-descriptor.d.ts +13 -0
  17. package/dist/connector/lib/connector-descriptor.d.ts.map +1 -0
  18. package/dist/connector/lib/connector-descriptor.js +3 -0
  19. package/dist/connector/lib/connector-descriptor.js.map +1 -0
  20. package/dist/connector/lib/credential-kind.d.ts.map +1 -1
  21. package/dist/connector/lib/credential-kind.js.map +1 -1
  22. package/dist/connector/lib/filter-expr.js +6 -0
  23. package/dist/connector/lib/filter-expr.js.map +1 -1
  24. package/dist/connector/lib/provider-descriptor.d.ts +37 -0
  25. package/dist/connector/lib/provider-descriptor.d.ts.map +1 -0
  26. package/dist/connector/lib/provider-descriptor.js +26 -0
  27. package/dist/connector/lib/provider-descriptor.js.map +1 -0
  28. package/dist/contribution/lib/contribution-kind.d.ts.map +1 -1
  29. package/dist/contribution/lib/contribution-kind.js.map +1 -1
  30. package/dist/contribution/lib/contribution-source.d.ts.map +1 -1
  31. package/dist/contribution/lib/contribution-source.js.map +1 -1
  32. package/dist/contribution/lib/contribution.d.ts.map +1 -1
  33. package/dist/contribution/lib/contribution.js.map +1 -1
  34. package/dist/document-render/lib/render-enums.d.ts.map +1 -1
  35. package/dist/document-render/lib/render-enums.js.map +1 -1
  36. package/dist/execution-context/lib/execution-context.d.ts.map +1 -1
  37. package/dist/execution-context/lib/execution-context.js.map +1 -1
  38. package/dist/execution-environment/lib/built-in-environments.d.ts.map +1 -1
  39. package/dist/execution-environment/lib/built-in-environments.js.map +1 -1
  40. package/dist/execution-environment/lib/execution-environment.d.ts.map +1 -1
  41. package/dist/execution-environment/lib/execution-environment.js +1 -1
  42. package/dist/execution-environment/lib/execution-environment.js.map +1 -1
  43. package/dist/inquiry/index.d.ts.map +1 -1
  44. package/dist/inquiry/index.js.map +1 -1
  45. package/dist/object/lib/object-lifecycle.d.ts.map +1 -1
  46. package/dist/object/lib/object-lifecycle.js.map +1 -1
  47. package/dist/policy/lib/obligations.d.ts.map +1 -1
  48. package/dist/policy/lib/obligations.js.map +1 -1
  49. package/dist/policy/lib/policy.d.ts +2 -1
  50. package/dist/policy/lib/policy.d.ts.map +1 -1
  51. package/dist/policy/lib/policy.js +1 -0
  52. package/dist/policy/lib/policy.js.map +1 -1
  53. package/dist/runner/lib/runner-registration.d.ts.map +1 -1
  54. package/dist/runner/lib/runner-registration.js.map +1 -1
  55. package/dist/service-registry/lib/service-names.generated.d.ts.map +1 -1
  56. package/dist/service-registry/lib/service-names.generated.js.map +1 -1
  57. package/dist/space/lib/space.d.ts.map +1 -1
  58. package/dist/space/lib/space.js.map +1 -1
  59. package/dist/workflow/index.d.ts.map +1 -1
  60. package/dist/workflow/index.js.map +1 -1
  61. package/dist/workflow/lib/activity-outputs.d.ts.map +1 -1
  62. package/package.json +28 -19
  63. package/src/agent-composition/lib/agent-workspace-config.ts +3 -3
  64. package/src/agent-composition/lib/capability-layer.ts +2 -2
  65. package/src/agent-composition/lib/intrinsic-floor.ts +1 -1
  66. package/src/agent-session/lib/participant.ts +1 -1
  67. package/src/agent-workspace/lib/context-json.ts +1 -1
  68. package/src/agent-workspace/lib/mount-apply.ts +2 -2
  69. package/src/agent-workspace/lib/workspace-layout.ts +2 -4
  70. package/src/app-runtime/lib/app-client.ts +1 -1
  71. package/src/app-runtime/lib/app-lockfile.ts +2 -2
  72. package/src/app-runtime/lib/app.ts +4 -4
  73. package/src/app-runtime/lib/audience-policy.ts +2 -2
  74. package/src/app-runtime/lib/biome-install.ts +3 -3
  75. package/src/app-runtime/lib/branding-config.ts +1 -1
  76. package/src/app-runtime/lib/delegated-session.ts +1 -1
  77. package/src/app-runtime/lib/external-subject.ts +1 -1
  78. package/src/biome/lib/biome-capability-refs.ts +3 -3
  79. package/src/biome/lib/biome-engines.ts +2 -2
  80. package/src/biome/lib/biome-lifecycle-hooks.ts +1 -1
  81. package/src/biome/lib/biome-lifecycle.ts +3 -3
  82. package/src/biome/lib/biome-manifest.ts +68 -122
  83. package/src/biome/lib/biome-permissions.ts +2 -2
  84. package/src/biome/lib/biome-scope.ts +2 -2
  85. package/src/biome/lib/biome-trust-tier.ts +1 -1
  86. package/src/biome/lib/trust-tier-policies.ts +2 -2
  87. package/src/biome-availability/lib/biome-availability.ts +1 -1
  88. package/src/capability/lib/capability-contribution.ts +3 -3
  89. package/src/capability/lib/capability-grant.ts +5 -5
  90. package/src/capability/lib/capability-policy.ts +2 -2
  91. package/src/capability/lib/capability-ref.ts +4 -4
  92. package/src/capability/lib/errors.ts +4 -10
  93. package/src/capability/lib/meta-tool.ts +2 -5
  94. package/src/capability/lib/permission-profile.ts +7 -7
  95. package/src/capability/lib/shell-command-descriptor.ts +3 -3
  96. package/src/connector/index.ts +2 -0
  97. package/src/connector/lib/adapter-kind.ts +1 -1
  98. package/src/connector/lib/capability-refs.ts +1 -1
  99. package/src/connector/lib/connector-descriptor.ts +67 -0
  100. package/src/connector/lib/credential-kind.ts +3 -4
  101. package/src/connector/lib/envelope-schema.ts +2 -2
  102. package/src/connector/lib/filter-expr-validate.ts +1 -1
  103. package/src/connector/lib/filter-expr.ts +8 -0
  104. package/src/connector/lib/provider-descriptor.ts +181 -0
  105. package/src/contribution/lib/contribution-kind.ts +11 -12
  106. package/src/contribution/lib/contribution-source.ts +1 -2
  107. package/src/contribution/lib/contribution.ts +3 -6
  108. package/src/document-render/lib/render-enums.ts +1 -2
  109. package/src/execution-context/lib/caller.ts +2 -2
  110. package/src/execution-context/lib/execution-context.ts +12 -18
  111. package/src/execution-environment/lib/approval-rule.ts +2 -2
  112. package/src/execution-environment/lib/built-in-environments.ts +9 -11
  113. package/src/execution-environment/lib/execution-environment.ts +25 -26
  114. package/src/inquiry/index.ts +1 -2
  115. package/src/invocation/lib/invocation-mode.ts +1 -1
  116. package/src/invocation/lib/invocation-record.ts +1 -1
  117. package/src/invocation/lib/isolation-level.ts +1 -1
  118. package/src/kernel-state/lib/adapter-kind.ts +3 -3
  119. package/src/kernel-state/lib/kernel-state.ts +1 -1
  120. package/src/kernel-state/lib/key-grammar.ts +1 -1
  121. package/src/mcp-tool/lib/tool-selection.ts +1 -1
  122. package/src/object/lib/object-lifecycle.ts +1 -2
  123. package/src/object/lib/xema-object-kind.ts +1 -1
  124. package/src/object/lib/xema-object-ref.ts +2 -2
  125. package/src/org-database/lib/db-result-event.ts +3 -3
  126. package/src/policy/lib/obligations.ts +5 -6
  127. package/src/policy/lib/policy.ts +17 -8
  128. package/src/policy/lib/route-hints.ts +1 -1
  129. package/src/provisioning/index.ts +1 -1
  130. package/src/provisioning/lib/provisioning.ts +4 -4
  131. package/src/resource/lib/resource-ownership-contribution.ts +2 -2
  132. package/src/runner/lib/dispatch.ts +5 -5
  133. package/src/runner/lib/job-token.ts +2 -2
  134. package/src/runner/lib/runner-attestation.ts +2 -2
  135. package/src/runner/lib/runner-job.ts +2 -2
  136. package/src/runner/lib/runner-mode.ts +1 -1
  137. package/src/runner/lib/runner-plane.ts +2 -2
  138. package/src/runner/lib/runner-registration.ts +9 -10
  139. package/src/runner/lib/runner.ts +7 -7
  140. package/src/runner-input-hash/lib/input-hash.ts +2 -2
  141. package/src/service-registry/lib/service-descriptor.ts +1 -1
  142. package/src/service-registry/lib/service-names.generated.ts +1 -3
  143. package/src/space/lib/space-ref-parser.ts +1 -1
  144. package/src/space/lib/space.ts +4 -5
  145. package/src/widget/lib/chat-widget-envelope.ts +1 -1
  146. package/src/worker-runtime/lib/capabilities.ts +1 -1
  147. package/src/workflow/index.ts +2 -3
  148. package/src/workflow/lib/activity-outputs.ts +3 -4
  149. package/src/workflow/lib/agent-role.ts +5 -5
  150. package/src/workflow/lib/artifact-ref.ts +1 -1
  151. package/src/workflow/lib/compiled-run.ts +2 -2
  152. package/src/workflow/lib/compiled-workspace-manifest.ts +2 -2
  153. package/src/workflow/lib/enums.ts +4 -4
  154. package/src/workflow/lib/errors.ts +1 -1
  155. package/src/workflow/lib/model-ref.ts +1 -1
  156. package/src/workflow/lib/mount-plan.ts +1 -1
  157. package/src/workflow/lib/platform-task-queue.ts +3 -3
  158. package/src/workflow/lib/role-capability.ts +1 -1
  159. package/src/workflow/lib/run-progress.ts +2 -2
  160. package/src/workflow/lib/trigger-payload.ts +2 -2
  161. package/src/workflow/lib/variable-requirement.ts +1 -1
  162. package/src/workflow/lib/workspace-manifest-enums.ts +1 -1
  163. package/src/workspace-storage/lib/types.ts +1 -1
  164. package/LICENSE +0 -176
@@ -3,13 +3,12 @@ import { z } from 'zod';
3
3
  /**
4
4
  * Closed set of built-in Execution Environment kinds.
5
5
  *
6
- * Plan-of-record: v4.3 §2 vocabulary table (`Zone Environment` row),
7
- * §3.4 (the eight built-in environments that cover every story we have
8
- * today), and §30.6 (`trusted-dev` environment — the developer escape
9
- * hatch).
6
+ * There are eight built-in environments that cover every story we have
7
+ * today, plus the `trusted-dev` environment the developer escape
8
+ * hatch.
10
9
  *
11
10
  * v1 ships ONLY these built-ins; custom environments are an explicit v2
12
- * extension (plan §16). The downstream `ExecutionEnvironment.scope` type
11
+ * extension. The downstream `ExecutionEnvironment.scope` type
13
12
  * intentionally widens to `ExecutionEnvironmentKind | string` for future-
14
13
  * proofing, but at v1 the only legal scope values are members of this
15
14
  * enum — see `isExecutionEnvironmentKind`.
@@ -40,7 +39,7 @@ export enum ExecutionEnvironmentKind {
40
39
  /** Biome inspected for publication; no real org data access. */
41
40
  StoreReview = 'store-review',
42
41
  /**
43
- * Local-dev / personal-sandbox environment (plan §30.6). Inside it the
42
+ * Local-dev / personal-sandbox environment. Inside it the
44
43
  * Capability Gateway grants every capability the biome *declared* in
45
44
  * its manifest, no resource glob, no rate limit, no human approval.
46
45
  * Audit-log still records every call so devs can inspect what their
@@ -55,12 +54,11 @@ export const ExecutionEnvironmentKindSchema = z.nativeEnum(ExecutionEnvironmentK
55
54
 
56
55
  /**
57
56
  * Stable, ordered list of every built-in environment slug. Seeded at
58
- * boot by `authorization-api` / `object-registry-api` per plan §17.5
59
- * step 1.
57
+ * boot by `authorization-api` / `object-registry-api`.
60
58
  *
61
59
  * Ordering is intentional (system → org → project → app → session →
62
- * sandbox → public → store-review → trusted-dev) and matches the table
63
- * in §3.4 followed by the dev escape hatch from §30.6. Do not reorder
60
+ * sandbox → public → store-review → trusted-dev) the built-in
61
+ * environments followed by the dev escape hatch. Do not reorder
64
62
  * without a coordinated migration of any consumer that relies on
65
63
  * positional iteration.
66
64
  */
@@ -79,7 +77,7 @@ export const BUILT_IN_ENVIRONMENT_SLUGS: readonly ExecutionEnvironmentKind[] = [
79
77
  /**
80
78
  * Narrowing guard: returns `true` iff `slug` is one of the built-in
81
79
  * environment slugs. Used by `ExecutionEnvironmentSchema` and the
82
- * authorization-api to refuse custom-scoped environments at v1 (plan §16
80
+ * authorization-api to refuse custom-scoped environments at v1 (a
83
81
  * non-goal).
84
82
  */
85
83
  export function isExecutionEnvironmentKind(
@@ -13,7 +13,7 @@ import {
13
13
  import { ApprovalRuleSchema, type ApprovalRule } from './approval-rule';
14
14
 
15
15
  /**
16
- * Canonical Execution Environment Reference grammar (plan §3.4):
16
+ * Canonical Execution Environment Reference grammar:
17
17
  *
18
18
  * `environment:<slug>`
19
19
  *
@@ -22,7 +22,7 @@ import { ApprovalRuleSchema, type ApprovalRule } from './approval-rule';
22
22
  * silently absorb a free-form string.
23
23
  *
24
24
  * v1 only mints refs whose slug is an `ExecutionEnvironmentKind` value
25
- * (plan §16 forbids custom environments). The type still validates the
25
+ * (custom environments are forbidden at v1). The type still validates the
26
26
  * *grammar* — semantic "built-in-only" enforcement lives one layer up
27
27
  * in `authorization-api`, which calls
28
28
  * `isExecutionEnvironmentKind(parseEnvironmentRef(ref).slug)`.
@@ -127,8 +127,8 @@ export const BUILT_IN_ENVIRONMENT_REFS: Record<
127
127
  );
128
128
 
129
129
  /**
130
- * Runtime budget caps the environment advertises to the gateway (plan §3.4
131
- * `ExecutionEnvironment.runtimeLimits`). All fields are optional — omitted means
130
+ * Runtime budget caps the environment advertises to the gateway
131
+ * (`ExecutionEnvironment.runtimeLimits`). All fields are optional — omitted means
132
132
  * "no cap from the environment", but the gateway may still apply org- or
133
133
  * grant-level caps. None of these fields fall back to a hidden default.
134
134
  */
@@ -147,13 +147,13 @@ export const RuntimeLimitsSchema = z.object({
147
147
  }) as z.ZodType<RuntimeLimits>;
148
148
 
149
149
  /**
150
- * Allow-list of knowledge scope refs reachable from this environment (plan §3.4
151
- * `ExecutionEnvironment.allowedKnowledgeScopes`).
150
+ * Allow-list of knowledge scope refs reachable from this environment
151
+ * (`ExecutionEnvironment.allowedKnowledgeScopes`).
152
152
  *
153
153
  * v1 keeps the shape minimal — the ref string is sufficient for the
154
- * sandbox→prod boundary check that lands in Phase 4. Detailed per-scope
155
- * sub-schemas (e.g. spaces, page subtrees, redaction rules) are scheduled
156
- * for the knowledge-base-api Phase 4+ companion plan.
154
+ * planned sandbox→prod boundary check. Detailed per-scope
155
+ * sub-schemas (e.g. spaces, page subtrees, redaction rules) are deferred
156
+ * to a later phase.
157
157
  */
158
158
  export interface KnowledgePolicy {
159
159
  allowedRefs: readonly string[];
@@ -164,13 +164,13 @@ export const KnowledgePolicySchema = z.object({
164
164
  }) as z.ZodType<KnowledgePolicy>;
165
165
 
166
166
  /**
167
- * Allow-list of connector binding refs reachable from this environment (plan §3.4
168
- * `ExecutionEnvironment.allowedConnectors`).
167
+ * Allow-list of connector binding refs reachable from this environment
168
+ * (`ExecutionEnvironment.allowedConnectors`).
169
169
  *
170
170
  * v1 keeps the shape minimal — the ref string is sufficient for the
171
- * sandbox→prod boundary check that lands in Phase 4. Per-connector
171
+ * planned sandbox→prod boundary check. Per-connector
172
172
  * permission detail (per-repo globs, per-tracker projects, etc.) is
173
- * scheduled for the connector-gateway-api companion plan.
173
+ * deferred to a later phase.
174
174
  */
175
175
  export interface ConnectorPolicy {
176
176
  allowedRefs: readonly string[];
@@ -181,13 +181,13 @@ export const ConnectorPolicySchema = z.object({
181
181
  }) as z.ZodType<ConnectorPolicy>;
182
182
 
183
183
  /**
184
- * Allow-list of biome refs that may run inside this environment (plan §3.4
185
- * `ExecutionEnvironment.allowedBiomes`).
184
+ * Allow-list of biome refs that may run inside this environment
185
+ * (`ExecutionEnvironment.allowedBiomes`).
186
186
  *
187
187
  * v1 keeps the shape minimal — the ref string is sufficient for the
188
- * built-in-environment install policy that lands in Phase 4 / Phase 6. Lifecycle-
189
- * stage restrictions (draft / published / archived) are scheduled for the
190
- * biome-host-api companion plan.
188
+ * planned built-in-environment install policy. Lifecycle-
189
+ * stage restrictions (draft / published / archived) are deferred to a
190
+ * later phase.
191
191
  */
192
192
  export interface BiomePolicy {
193
193
  allowedRefs: readonly string[];
@@ -198,13 +198,12 @@ export const BiomePolicySchema = z.object({
198
198
  }) as z.ZodType<BiomePolicy>;
199
199
 
200
200
  /**
201
- * Allow-list of mount-source refs reachable from this environment (plan §3.4
202
- * `ExecutionEnvironment.allowedMounts`).
201
+ * Allow-list of mount-source refs reachable from this environment
202
+ * (`ExecutionEnvironment.allowedMounts`).
203
203
  *
204
204
  * v1 keeps the shape minimal — the ref string is sufficient for the
205
- * XVFS read/write boundary check that lands in Phase 4 / Phase 5. Per-mount
206
- * read/write splitting and path globs are scheduled for the xema-shell-api
207
- * companion plan.
205
+ * planned XVFS read/write boundary check. Per-mount
206
+ * read/write splitting and path globs are deferred to a later phase.
208
207
  */
209
208
  export interface MountPolicy {
210
209
  allowedRefs: readonly string[];
@@ -215,7 +214,7 @@ export const MountPolicySchema = z.object({
215
214
  }) as z.ZodType<MountPolicy>;
216
215
 
217
216
  /**
218
- * `ExecutionEnvironment` — the canonical permission-plane object (plan §3.4).
217
+ * `ExecutionEnvironment` — the canonical permission-plane object.
219
218
  *
220
219
  * An environment declares the capability surface, knowledge/connector/biome/mount
221
220
  * allow-lists, approval rules, and runtime budget that apply to every
@@ -232,7 +231,7 @@ export interface ExecutionEnvironment {
232
231
  /**
233
232
  * The environment's logical scope. v1 only accepts
234
233
  * `ExecutionEnvironmentKind` slugs; the string-side of the union is
235
- * reserved for v2 custom environments (plan §16 non-goal at v1).
234
+ * reserved for v2 custom environments (a non-goal at v1).
236
235
  */
237
236
  scope: ExecutionEnvironmentKind | string;
238
237
  allowedCapabilities: CapabilityPolicy[];
@@ -250,7 +249,7 @@ export const ExecutionEnvironmentSchema = z.object({
250
249
  (s) => isExecutionEnvironmentKind(s),
251
250
  {
252
251
  message:
253
- 'ExecutionEnvironment.scope must be an ExecutionEnvironmentKind slug at v1; custom environments are a v2 extension (plan §16).',
252
+ 'ExecutionEnvironment.scope must be an ExecutionEnvironmentKind slug at v1; custom environments are a v2 extension.',
254
253
  },
255
254
  ),
256
255
  allowedCapabilities: z.array(CapabilityPolicySchema),
@@ -6,8 +6,7 @@
6
6
  // kind-specific schema, aggregate per a policy, return a verdict."
7
7
  //
8
8
  // Runtime-agnostic. Pure types + Zod schemas. Zero framework / persistence /
9
- // workflow-runtime imports. The plan-of-record lives at
10
- // .claude/plans/i-think-what-we-ve-transient-zebra.md.
9
+ // workflow-runtime imports.
11
10
  //
12
11
  // Per-kind prompt + reply Zod schemas live in their own contract packages
13
12
  // (`@xemahq/decision-gate-contracts`, `@xemahq/agent-tool-inquiry-
@@ -7,7 +7,7 @@ import { z } from 'zod';
7
7
  * hint a mode via `ExecutionRequirements.mode`, but policy may override it.
8
8
  *
9
9
  * - `Sync` — the caller holds the request open until the composition produces
10
- * its root structured output. The smallest correct slice (Phase 1).
10
+ * its root structured output. The smallest correct slice.
11
11
  * - `Async` — the runtime returns immediately with a `Queued`/`Running`
12
12
  * invocation; the caller polls the Invocation record for the terminal state.
13
13
  * - `Event` — the runtime returns without an `output`; the result is delivered
@@ -11,7 +11,7 @@ import {
11
11
  * per invocation. This is the source of truth for an invocation's lifecycle
12
12
  * (never the underlying session).
13
13
  *
14
- * `inputRef`/`outputRef` are blob/JSON references (inline JSON in Phase 1,
14
+ * `inputRef`/`outputRef` are blob/JSON references (inline JSON initially,
15
15
  * artifact-store refs once payloads grow). Timestamps are ISO-8601 strings.
16
16
  */
17
17
  export interface InvocationRecord {
@@ -7,7 +7,7 @@ import { z } from 'zod';
7
7
  * default for mail (org+mailbox+emailThreadId): thread context is NEVER
8
8
  * reused across unrelated emails.
9
9
  * - `PooledThread` — reuse a warm thread within the same `threadKey` (a warm
10
- * session-pool optimization; future, Phase 3).
10
+ * session-pool optimization; a future step).
11
11
  *
12
12
  * Closed set on purpose — both levels are honored by the runtime's pool/thread
13
13
  * management; adding a level is a coordinated kernel change.
@@ -1,10 +1,10 @@
1
1
  /**
2
- * KernelState adapter kinds (plan §6 Phase D.3 — locked decision L9).
2
+ * KernelState adapter kinds.
3
3
  *
4
- * The plan explicitly closes the set to TWO adapters. There is no
4
+ * The set is explicitly closed to TWO adapters. There is no
5
5
  * Postgres adapter for KernelState; Postgres is reserved for service
6
6
  * domain data. Two DB engines max in any deployment is a load-bearing
7
- * invariant — do NOT extend this enum without updating L9.
7
+ * invariant — do NOT extend this enum.
8
8
  *
9
9
  * - `Sqlite` — file at `~/.xema/dev/kernel-state.sqlite` (dev) or
10
10
  * `/var/lib/xema/kernel-state.sqlite` (single-instance). Advisory
@@ -1,5 +1,5 @@
1
1
  /**
2
- * KernelState client contract (plan §6 Phase D.3).
2
+ * KernelState client contract.
3
3
  *
4
4
  * KernelState is the kernel's single strongly-consistent KV / lease /
5
5
  * watch primitive. Every adapter (SQLite or etcd — see
@@ -1,5 +1,5 @@
1
1
  /**
2
- * KernelState key grammar (plan §6 Phase D.4).
2
+ * KernelState key grammar.
3
3
  *
4
4
  * Every key written to KernelState MUST start with one of the prefixes
5
5
  * below. The boundary CI script `check-kernel-state-key-ownership.mjs`
@@ -11,7 +11,7 @@ import { ToolProviderKind, toolProviderKindSchema } from './provider-kind';
11
11
  * or BiomeInstallation.id) depending on `providerKind`. Cross-org
12
12
  * misuse is blocked at every layer (selection PATCH validation,
13
13
  * resolver scope binding, bridge token scope, data-layer WHERE
14
- * clauses) — see `.claude/plans/we-have-integrations-as-swift-haven.md`.
14
+ * clauses).
15
15
  *
16
16
  * `toolName` is the canonical MCP tool name as exposed by the
17
17
  * provider's `listTools` (NOT a slug; the value MCP clients invoke).
@@ -4,8 +4,7 @@ import { z } from 'zod';
4
4
  * Lifecycle every versioned XemaObject moves through. Mirrors
5
5
  * `AgentLifecycle` from `@xemahq/agent-composition-contracts` —
6
6
  * the two enums MUST stay value-identical (one ownership model across
7
- * the four primitives + every other XemaObject kind, per
8
- * `.claude/rules/skills-and-composition.md`).
7
+ * the four primitives + every other XemaObject kind).
9
8
  *
10
9
  * - `Draft` — internal revision; never resolved, never installable,
11
10
  * never referenced by a lockfile.
@@ -66,7 +66,7 @@ export enum XemaObjectKind {
66
66
  // Contribution registry (self-referential)
67
67
  ContributionEntry = 'contribution-entry',
68
68
 
69
- // Concept registry — self-describing OS documentation objects (§31.3)
69
+ // Concept registry — self-describing OS documentation objects
70
70
  Concept = 'concept',
71
71
  }
72
72
 
@@ -3,8 +3,8 @@ import { SpaceRef, SpaceKind, spaceRefToPath } from '../../space';
3
3
  import { XemaObjectKind, XemaObjectKindSchema } from './xema-object-kind';
4
4
 
5
5
  /**
6
- * Stable wire shape for every XemaObject address (XSI plane 1, §3.1 +
7
- * §6.1 of the plan-of-record). The grammar is:
6
+ * Stable wire shape for every XemaObject address (XSI plane 1). The
7
+ * grammar is:
8
8
  *
9
9
  * `xema://<scope-path>/<kind>/<slug>[@<version>]`
10
10
  *
@@ -30,12 +30,12 @@ export interface DbColumnMeta {
30
30
 
31
31
  /**
32
32
  * Surface event payload emitted when the database explorer executes a SQL
33
- * statement on behalf of an agent tool call. Mirrors plan §12.4 verbatim.
33
+ * statement on behalf of an agent tool call.
34
34
  *
35
35
  * `rows` carries the actual row data — it MUST go to the frontend only and
36
36
  * MUST never be passed back into LLM context. Producers route it through
37
- * the agent-session SSE channel (in H5+) or return it inline to the
38
- * caller (in H1, when no SSE bridge exists yet).
37
+ * the agent-session SSE channel where available, or return it inline to the
38
+ * caller when no SSE bridge exists yet.
39
39
  *
40
40
  * `statement` is the SQL string the agent supplied. It is shown in the UI
41
41
  * as a reference for the user; it is NOT a secret. Audit logs hash the
@@ -2,7 +2,7 @@ import { z } from 'zod';
2
2
  import { DataClassificationSchema } from '../../space';
3
3
 
4
4
  /**
5
- * Closed obligation taxonomy (plan v4.3 §A.4).
5
+ * Closed obligation taxonomy.
6
6
  *
7
7
  * Every `PolicyObligation` carries one of these `kind` discriminants;
8
8
  * the wire payload is a discriminated union (see `PolicyObligation`).
@@ -33,8 +33,7 @@ export const PolicyObligationKindSchema = z.nativeEnum(PolicyObligationKind);
33
33
 
34
34
  /**
35
35
  * Closed runner-kind set referenced by `PolicyObligation`
36
- * (`require-runner-kind`) and by `RouteHint.preferredRunnerKind` (plan
37
- * v4.3 §2 / §A.4).
36
+ * (`require-runner-kind`) and by `RouteHint.preferredRunnerKind`.
38
37
  *
39
38
  * This is the canonical `RunnerKind` — the policy decision layer is its
40
39
  * primary author (policy selects on it to route an invocation), so it lives
@@ -50,7 +49,7 @@ export enum RunnerKind {
50
49
  Sandbox = 'sandbox',
51
50
  CI = 'ci',
52
51
  /**
53
- * Phase H.3 — external MCP server bridged through `mcp-gateway-api`'s
52
+ * External MCP server bridged through `mcp-gateway-api`'s
54
53
  * external-bridge. The router resolves capability refs of the form
55
54
  * `<provider-slug>:<tool-name>@1` to this runner kind, then forwards
56
55
  * the invoke envelope to the bridge which translates back to an MCP
@@ -63,7 +62,7 @@ export const RunnerKindSchema = z.nativeEnum(RunnerKind);
63
62
 
64
63
  /**
65
64
  * Closed data-residency tag set referenced by `PolicyObligation`
66
- * (`data-residency`) (plan v4.3 §A.4).
65
+ * (`data-residency`).
67
66
  *
68
67
  * `customer-private` is the customer-edge tenancy class used when the
69
68
  * org runs its own runner in a private network. Add new regions by
@@ -195,7 +194,7 @@ export type EgressAllowlistObligation = z.infer<
195
194
  >;
196
195
 
197
196
  /**
198
- * `PolicyObligation` — closed discriminated union (plan v4.3 §A.4).
197
+ * `PolicyObligation` — closed discriminated union.
199
198
  *
200
199
  * Producers MUST construct one of the typed variants above; consumers
201
200
  * MUST switch on `kind` and handle every variant explicitly. The kernel
@@ -10,11 +10,11 @@ import {
10
10
  import { RouteHintSchema, type RouteHint } from './route-hints';
11
11
 
12
12
  /**
13
- * Closed decision set (plan v4.3 §A.4).
13
+ * Closed decision set.
14
14
  *
15
15
  * `needs_approval` is its own outcome — never collapsed into `allow`
16
16
  * with an obligation; the router suspends the invocation when it sees
17
- * this kind and emits `approval.requested.v1` (plan §A.5).
17
+ * this kind and emits `approval.requested.v1`.
18
18
  */
19
19
  export enum PolicyDecisionKind {
20
20
  Allow = 'allow',
@@ -26,21 +26,30 @@ export const PolicyDecisionKindSchema = z.nativeEnum(PolicyDecisionKind);
26
26
 
27
27
  /**
28
28
  * Which precedence tier supplied the `credentialBindingId` on an `allow`
29
- * decision (plan §W4 / Pillar 3.2). Closed set — the PDP applies a fixed
29
+ * decision. Closed set — the PDP applies a fixed
30
30
  * priority ladder and records the winning tier so the Studio debugger (and
31
31
  * audit) can explain WHY a given binding was selected, without re-deriving it.
32
32
  *
33
33
  * Priority, highest wins:
34
34
  * `explicit` (a grant names the binding) > `capability_default`
35
35
  * (the descriptor's `defaultCredentialBindingRef`) > `project_default` >
36
- * `org_default`. No match the PDP emits NO binding and denies with
37
- * `MISSING_CREDENTIAL_BINDING` (never a silent fallback).
36
+ * `org_default` > `platform_default` (a deployment-wide default an org may
37
+ * override the Provider–Credential framework's platform tier). No match ⇒
38
+ * the PDP emits NO binding and denies with `MISSING_CREDENTIAL_BINDING`
39
+ * (never a silent fallback).
38
40
  */
39
41
  export enum CredentialPrecedenceSource {
40
42
  Explicit = 'explicit',
41
43
  CapabilityDefault = 'capability_default',
42
44
  ProjectDefault = 'project_default',
43
45
  OrgDefault = 'org_default',
46
+ /**
47
+ * A deployment-wide platform default provision (broadest tier, below org).
48
+ * An org-scoped default always overrides it. Used by `authorization-api`'s
49
+ * credential-precedence resolver once this kernel change is published +
50
+ * consumed.
51
+ */
52
+ PlatformDefault = 'platform_default',
44
53
  }
45
54
 
46
55
  export const CredentialPrecedenceSourceSchema = z.nativeEnum(
@@ -49,7 +58,7 @@ export const CredentialPrecedenceSourceSchema = z.nativeEnum(
49
58
 
50
59
  /**
51
60
  * `PolicyRequest` — the input shape `authorization-api.policyCheck`
52
- * accepts (plan v4.3 §A.4).
61
+ * accepts.
53
62
  *
54
63
  * Currently a type alias for `ExecutionContext` because every field
55
64
  * policy needs is already on the envelope. Kept as a separate name so a
@@ -63,7 +72,7 @@ export const PolicyRequestSchema: z.ZodType<PolicyRequest> =
63
72
 
64
73
  /**
65
74
  * `PolicyDecision` — the output shape `authorization-api.policyCheck`
66
- * returns (plan v4.3 §A.4).
75
+ * returns.
67
76
  *
68
77
  * `kind` is the verdict; `obligations` is a CLOSED discriminated union
69
78
  * (see `PolicyObligation`); `routeHints` carries runner-selection
@@ -77,7 +86,7 @@ export interface PolicyDecision {
77
86
  routeHints?: RouteHint;
78
87
  /**
79
88
  * The credential binding the executing gateway MUST use to resolve the
80
- * external credential for this invocation (plan §W4 / Pillar 3.2). Present
89
+ * external credential for this invocation. Present
81
90
  * ONLY on an `allow` decision for a capability that declares an
82
91
  * `externalServiceRef`. The PDP is the single authority that selects it via
83
92
  * the deterministic precedence ladder; the router passes ONLY this opaque id
@@ -3,7 +3,7 @@ import { RunnerKind, RunnerKindSchema } from './obligations';
3
3
 
4
4
  /**
5
5
  * `RouteHint` — runner-selection guidance emitted alongside a
6
- * `PolicyDecision` (plan v4.3 §A.4).
6
+ * `PolicyDecision`.
7
7
  *
8
8
  * The capability router consults this AFTER policy returns `allow`, to
9
9
  * pick a runner that satisfies all hints. Hints are PREFERENCES unless
@@ -1,7 +1,7 @@
1
1
  // ═══════════════════════════════════════════════════════════════════════════
2
2
  // @xemahq/provisioning-contracts — Workspace Provisioning wire contracts.
3
3
  //
4
- // Pure types + Zod schemas for the `provision` lifecycle phase (Epic A): the
4
+ // Pure types + Zod schemas for the `provision` lifecycle phase: the
5
5
  // deterministic, guard-gated `SCAFFOLD` / `EQUIP` steps that prepare a
6
6
  // session's repo content. agent-session-api's `provisioning-plan-resolver`
7
7
  // RESOLVES a plan from biome manifests; workspace-proxy's
@@ -140,7 +140,7 @@ export type ProvisioningAgentInstruction = z.infer<
140
140
  >;
141
141
 
142
142
  /**
143
- * Presigned-URL pair for the content-addressed scaffold cache (Epic A §A4).
143
+ * Presigned-URL pair for the content-addressed scaffold cache.
144
144
  * agent-session-api mints these from a step's `cacheKey`; workspace-proxy
145
145
  * GETs `getUrl` to probe for a hit, and on a miss PUTs the built tar to
146
146
  * `putUrl` (write-through). `getHeaders` / `putHeaders` are the headers the
@@ -194,7 +194,7 @@ export const ResolvedProvisioningStepSchema = z
194
194
  targetDir: z.string().min(1),
195
195
  cacheKey: z.string().min(1).nullable(),
196
196
  /**
197
- * Presigned scaffold-cache URLs derived from `cacheKey` (Epic A §A4).
197
+ * Presigned scaffold-cache URLs derived from `cacheKey`.
198
198
  * Present only on a cacheable step whose URLs were minted at resolve
199
199
  * time; absent ⇒ the executor builds locally with no cache.
200
200
  */
@@ -231,7 +231,7 @@ export type ResolvedProvisioningPlan = z.infer<
231
231
  * A `built` step that had a `cache` ref and is eligible for an out-of-band
232
232
  * cache write. The executor no longer writes the cache inline; instead it
233
233
  * surfaces the pending write here, and the caller (agent-session-api)
234
- * dispatches `writeScaffoldCacheWorkflow` per entry (Phase J §J3).
234
+ * dispatches `writeScaffoldCacheWorkflow` per entry.
235
235
  *
236
236
  * `cacheRef` is the SAME ref the plan carried in — re-passed to keep the
237
237
  * activity stateless (workspace-proxy doesn't have to retain a presigned
@@ -257,7 +257,7 @@ export const ProvisioningStepResultSchema = z
257
257
  /**
258
258
  * Non-empty only on a `built` step whose plan carried a `cache` ref.
259
259
  * The caller dispatches `writeScaffoldCacheWorkflow` per entry — the
260
- * executor never writes the cache itself (Phase J §J3).
260
+ * executor never writes the cache itself.
261
261
  */
262
262
  pendingCacheWrite: ProvisioningPendingCacheWriteSchema.optional(),
263
263
  })
@@ -19,7 +19,7 @@ const RESOURCE_PRINCIPALS_MAX = 100;
19
19
 
20
20
  /**
21
21
  * `ResourceVisibilityPattern` — the closed set of ownership/visibility shapes a
22
- * biome may declare for a resource instance it contributes (plan §6 Phase 5).
22
+ * biome may declare for a resource instance it contributes.
23
23
  *
24
24
  * Precedence is NOT encoded here — this enum only names HOW a resource is
25
25
  * shared; the PDP in `authorization-api` derives the effective verdict from the
@@ -78,7 +78,7 @@ export const ExplicitShareRefSchema: z.ZodType<ExplicitShareRef> = z.object({
78
78
 
79
79
  /**
80
80
  * Manifest shape carried by every `ContributionKind.ResourceOwnership`
81
- * envelope (plan §6 Phase 5). One contribution = one resource instance's
81
+ * envelope. One contribution = one resource instance's
82
82
  * ownership/visibility declaration.
83
83
  *
84
84
  * Mirrors `CapabilityContributionManifest` precisely: a value-identical subset
@@ -5,8 +5,8 @@ import {
5
5
  } from '../../execution-context';
6
6
 
7
7
  /**
8
- * CloudEvent type emitted on the dispatch fan-out channel (Phase F.3
9
- * Push transport). Pull-mode runners receive the same envelope as the
8
+ * CloudEvent type emitted on the dispatch fan-out channel (Push
9
+ * transport). Pull-mode runners receive the same envelope as the
10
10
  * body of `POST /runners/<id>/pull-work`.
11
11
  *
12
12
  * Constant, not enum — there is exactly one dispatch type today.
@@ -16,13 +16,13 @@ import {
16
16
  export const RUNNER_DISPATCH_CLOUDEVENT_TYPE = 'xema.runner.dispatch.v1' as const;
17
17
 
18
18
  /**
19
- * `RunnerDispatch` (Phase F.3) — superset of the legacy
19
+ * `RunnerDispatch` — superset of the legacy
20
20
  * `RunnerJobDispatch` shape. This v1 envelope carries the full
21
21
  * `ExecutionContext` so the runner can re-validate the policy decision
22
22
  * locally before invoking the capability.
23
23
  *
24
24
  * `tokenJwt` is the compact-JWS form of the RS256 `JobToken` minted by
25
- * the kernel-server (Phase F.5), aligned with `RunnerJobDispatch.tokenJwt`.
25
+ * the kernel-server, aligned with `RunnerJobDispatch.tokenJwt`.
26
26
  * The runner MUST verify the signature + claims against the kernel-server
27
27
  * JWKS before touching the dispatch.
28
28
  */
@@ -33,7 +33,7 @@ export interface RunnerDispatch {
33
33
  executionContext: ExecutionContext;
34
34
  /**
35
35
  * The capability invocation input, carried by value so the runner has the
36
- * actual arguments to execute with (Phase F.7). The `ExecutionContext`
36
+ * actual arguments to execute with. The `ExecutionContext`
37
37
  * carries only an `inputHash` fingerprint — not the payload — so without
38
38
  * this field the runner could verify identity but had nothing to run.
39
39
  *
@@ -1,7 +1,7 @@
1
1
  import type { RunnerId } from './runner';
2
2
 
3
3
  /**
4
- * Signed job token (plan §6 Phase F.5).
4
+ * Signed job token.
5
5
  *
6
6
  * Kernel-server mints an RS256 token with a hard ceiling of 60 seconds
7
7
  * per invocation. The runner MUST verify signature + scope before
@@ -37,7 +37,7 @@ export interface JobToken {
37
37
  subjectId: string;
38
38
  /**
39
39
  * `canonicalCapabilityInputHash` of the dispatched invocation input
40
- * (Phase F.7). Binds the unsigned `RunnerDispatch.input` to this signed
40
+ * Binds the unsigned `RunnerDispatch.input` to this signed
41
41
  * token so the runner can detect input tampering before executing.
42
42
  */
43
43
  inputHash: string;
@@ -12,14 +12,14 @@ export const RUNNER_ATTESTATION_REJECTED_CLOUDEVENT_TYPE =
12
12
  'xema.runner.attestation.rejected.v1' as const;
13
13
 
14
14
  /**
15
- * Runner attestation (plan §6 Phase F.4).
15
+ * Runner attestation.
16
16
  *
17
17
  * Carried by a runner on every `register` against the kernel-server.
18
18
  * The kernel-server validates:
19
19
  * - `identityJwt` is signed by the trusted Keycloak realm and the
20
20
  * subject is a service-account claim of kind `runner`.
21
21
  * - `allowedEnvironments` is countersigned by an org-admin role
22
- * (validated via OpenFGA / OPA — see Phase D).
22
+ * (validated via OpenFGA / OPA).
23
23
  * - `signedAt` is within the configured attestation freshness window.
24
24
  *
25
25
  * Any validation failure is fail-fast — the runner is rejected and the
@@ -1,7 +1,7 @@
1
1
  import { z } from 'zod';
2
2
 
3
3
  /**
4
- * `RunnerJob` lifecycle state machine (plan §6 Phase F.7).
4
+ * `RunnerJob` lifecycle state machine.
5
5
  *
6
6
  * Pending → Dispatched → Accepted → Running → Succeeded (terminal)
7
7
  * ↘ Failed (terminal)
@@ -64,7 +64,7 @@ export const RUNNER_JOB_COMPLETED_CLOUDEVENT_TYPE =
64
64
 
65
65
  /**
66
66
  * Report-back envelope a runner emits on accept / progress / completion
67
- * (Phase F.7). `workload-runtime` keys idempotent state transitions on
67
+ * `workload-runtime` keys idempotent state transitions on
68
68
  * `(jobId, state)`; `output` is present only on a `Succeeded` report and
69
69
  * `error` only on a `Failed` report.
70
70
  */
@@ -1,5 +1,5 @@
1
1
  /**
2
- * Runner transport mode (plan §6 Phase F.3).
2
+ * Runner transport mode.
3
3
  *
4
4
  * - `Push` (cluster default) — kernel-server emits
5
5
  * `xema.runner.dispatch.v1` CloudEvent; runner consumes via
@@ -1,5 +1,5 @@
1
1
  /**
2
- * Runner-plane registry conventions (plan §6 Phase F.6).
2
+ * Runner-plane registry conventions.
3
3
  *
4
4
  * Runners do not have a bespoke registry; they publish ordinary
5
5
  * `ServiceDescriptor`s to the Service Registry under ONE well-known
@@ -11,7 +11,7 @@
11
11
  * the `ServiceDescriptor` type is in scope).
12
12
  *
13
13
  * Keeping the name + label keys here — in the kernel leaf both the
14
- * runner producers (Phase F.3/F.5) and the router selector consume —
14
+ * runner producers and the router selector consume —
15
15
  * guarantees producer/consumer agreement without a second contracts
16
16
  * package. Adding/renaming a key is a coordinated kernel change.
17
17
  */