@xemahq/kernel-contracts 0.22.3 → 0.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (147) hide show
  1. package/dist/agent-workspace/awp-spec.json +0 -1
  2. package/dist/agent-workspace/lib/workspace-layout.d.ts.map +1 -1
  3. package/dist/agent-workspace/lib/workspace-layout.js.map +1 -1
  4. package/dist/biome/lib/biome-manifest.d.ts +0 -8
  5. package/dist/biome/lib/biome-manifest.d.ts.map +1 -1
  6. package/dist/biome/lib/biome-manifest.js +4 -50
  7. package/dist/biome/lib/biome-manifest.js.map +1 -1
  8. package/dist/capability/lib/errors.d.ts.map +1 -1
  9. package/dist/capability/lib/errors.js.map +1 -1
  10. package/dist/capability/lib/meta-tool.d.ts.map +1 -1
  11. package/dist/capability/lib/meta-tool.js.map +1 -1
  12. package/dist/connector/lib/connector-descriptor.d.ts.map +1 -1
  13. package/dist/connector/lib/credential-kind.d.ts.map +1 -1
  14. package/dist/connector/lib/credential-kind.js.map +1 -1
  15. package/dist/connector/lib/filter-expr.js +6 -0
  16. package/dist/connector/lib/filter-expr.js.map +1 -1
  17. package/dist/contribution/lib/contribution-kind.d.ts.map +1 -1
  18. package/dist/contribution/lib/contribution-kind.js.map +1 -1
  19. package/dist/contribution/lib/contribution-source.d.ts.map +1 -1
  20. package/dist/contribution/lib/contribution-source.js.map +1 -1
  21. package/dist/contribution/lib/contribution.d.ts.map +1 -1
  22. package/dist/contribution/lib/contribution.js.map +1 -1
  23. package/dist/document-render/lib/render-enums.d.ts.map +1 -1
  24. package/dist/document-render/lib/render-enums.js.map +1 -1
  25. package/dist/execution-context/lib/execution-context.d.ts.map +1 -1
  26. package/dist/execution-context/lib/execution-context.js.map +1 -1
  27. package/dist/execution-environment/lib/built-in-environments.d.ts.map +1 -1
  28. package/dist/execution-environment/lib/built-in-environments.js.map +1 -1
  29. package/dist/execution-environment/lib/execution-environment.d.ts.map +1 -1
  30. package/dist/execution-environment/lib/execution-environment.js +1 -1
  31. package/dist/execution-environment/lib/execution-environment.js.map +1 -1
  32. package/dist/inquiry/index.d.ts.map +1 -1
  33. package/dist/inquiry/index.js.map +1 -1
  34. package/dist/object/lib/object-lifecycle.d.ts.map +1 -1
  35. package/dist/object/lib/object-lifecycle.js.map +1 -1
  36. package/dist/policy/lib/obligations.d.ts.map +1 -1
  37. package/dist/policy/lib/obligations.js.map +1 -1
  38. package/dist/runner/lib/runner-registration.d.ts.map +1 -1
  39. package/dist/runner/lib/runner-registration.js.map +1 -1
  40. package/dist/service-registry/lib/service-names.generated.d.ts.map +1 -1
  41. package/dist/service-registry/lib/service-names.generated.js.map +1 -1
  42. package/dist/space/lib/space.d.ts.map +1 -1
  43. package/dist/space/lib/space.js.map +1 -1
  44. package/dist/workflow/index.d.ts.map +1 -1
  45. package/dist/workflow/index.js.map +1 -1
  46. package/dist/workflow/lib/activity-outputs.d.ts.map +1 -1
  47. package/package.json +28 -19
  48. package/src/agent-composition/lib/agent-workspace-config.ts +3 -3
  49. package/src/agent-composition/lib/capability-layer.ts +2 -2
  50. package/src/agent-composition/lib/intrinsic-floor.ts +1 -1
  51. package/src/agent-session/lib/participant.ts +1 -1
  52. package/src/agent-workspace/lib/context-json.ts +1 -1
  53. package/src/agent-workspace/lib/mount-apply.ts +2 -2
  54. package/src/agent-workspace/lib/workspace-layout.ts +2 -4
  55. package/src/app-runtime/lib/app-client.ts +1 -1
  56. package/src/app-runtime/lib/app-lockfile.ts +2 -2
  57. package/src/app-runtime/lib/app.ts +4 -4
  58. package/src/app-runtime/lib/audience-policy.ts +2 -2
  59. package/src/app-runtime/lib/biome-install.ts +3 -3
  60. package/src/app-runtime/lib/branding-config.ts +1 -1
  61. package/src/app-runtime/lib/delegated-session.ts +1 -1
  62. package/src/app-runtime/lib/external-subject.ts +1 -1
  63. package/src/biome/lib/biome-capability-refs.ts +3 -3
  64. package/src/biome/lib/biome-engines.ts +2 -2
  65. package/src/biome/lib/biome-lifecycle-hooks.ts +1 -1
  66. package/src/biome/lib/biome-lifecycle.ts +3 -3
  67. package/src/biome/lib/biome-manifest.ts +68 -122
  68. package/src/biome/lib/biome-permissions.ts +2 -2
  69. package/src/biome/lib/biome-scope.ts +2 -2
  70. package/src/biome/lib/biome-trust-tier.ts +1 -1
  71. package/src/biome/lib/trust-tier-policies.ts +2 -2
  72. package/src/biome-availability/lib/biome-availability.ts +1 -1
  73. package/src/capability/lib/capability-contribution.ts +3 -3
  74. package/src/capability/lib/capability-grant.ts +5 -5
  75. package/src/capability/lib/capability-policy.ts +2 -2
  76. package/src/capability/lib/capability-ref.ts +4 -4
  77. package/src/capability/lib/errors.ts +4 -10
  78. package/src/capability/lib/meta-tool.ts +2 -5
  79. package/src/capability/lib/permission-profile.ts +7 -7
  80. package/src/capability/lib/shell-command-descriptor.ts +3 -3
  81. package/src/connector/lib/adapter-kind.ts +1 -1
  82. package/src/connector/lib/capability-refs.ts +1 -1
  83. package/src/connector/lib/connector-descriptor.ts +4 -3
  84. package/src/connector/lib/credential-kind.ts +3 -4
  85. package/src/connector/lib/envelope-schema.ts +2 -2
  86. package/src/connector/lib/filter-expr-validate.ts +1 -1
  87. package/src/connector/lib/filter-expr.ts +8 -0
  88. package/src/contribution/lib/contribution-kind.ts +11 -12
  89. package/src/contribution/lib/contribution-source.ts +1 -2
  90. package/src/contribution/lib/contribution.ts +3 -6
  91. package/src/document-render/lib/render-enums.ts +1 -2
  92. package/src/execution-context/lib/caller.ts +2 -2
  93. package/src/execution-context/lib/execution-context.ts +12 -18
  94. package/src/execution-environment/lib/approval-rule.ts +2 -2
  95. package/src/execution-environment/lib/built-in-environments.ts +9 -11
  96. package/src/execution-environment/lib/execution-environment.ts +25 -26
  97. package/src/inquiry/index.ts +1 -2
  98. package/src/invocation/lib/invocation-mode.ts +1 -1
  99. package/src/invocation/lib/invocation-record.ts +1 -1
  100. package/src/invocation/lib/isolation-level.ts +1 -1
  101. package/src/kernel-state/lib/adapter-kind.ts +3 -3
  102. package/src/kernel-state/lib/kernel-state.ts +1 -1
  103. package/src/kernel-state/lib/key-grammar.ts +1 -1
  104. package/src/mcp-tool/lib/tool-selection.ts +1 -1
  105. package/src/object/lib/object-lifecycle.ts +1 -2
  106. package/src/object/lib/xema-object-kind.ts +1 -1
  107. package/src/object/lib/xema-object-ref.ts +2 -2
  108. package/src/org-database/lib/db-result-event.ts +3 -3
  109. package/src/policy/lib/obligations.ts +5 -6
  110. package/src/policy/lib/policy.ts +7 -7
  111. package/src/policy/lib/route-hints.ts +1 -1
  112. package/src/provisioning/index.ts +1 -1
  113. package/src/provisioning/lib/provisioning.ts +4 -4
  114. package/src/resource/lib/resource-ownership-contribution.ts +2 -2
  115. package/src/runner/lib/dispatch.ts +5 -5
  116. package/src/runner/lib/job-token.ts +2 -2
  117. package/src/runner/lib/runner-attestation.ts +2 -2
  118. package/src/runner/lib/runner-job.ts +2 -2
  119. package/src/runner/lib/runner-mode.ts +1 -1
  120. package/src/runner/lib/runner-plane.ts +2 -2
  121. package/src/runner/lib/runner-registration.ts +9 -10
  122. package/src/runner/lib/runner.ts +7 -7
  123. package/src/runner-input-hash/lib/input-hash.ts +2 -2
  124. package/src/service-registry/lib/service-descriptor.ts +1 -1
  125. package/src/service-registry/lib/service-names.generated.ts +1 -3
  126. package/src/space/lib/space-ref-parser.ts +1 -1
  127. package/src/space/lib/space.ts +4 -5
  128. package/src/widget/lib/chat-widget-envelope.ts +1 -1
  129. package/src/worker-runtime/lib/capabilities.ts +1 -1
  130. package/src/workflow/index.ts +2 -3
  131. package/src/workflow/lib/activity-outputs.ts +3 -4
  132. package/src/workflow/lib/agent-role.ts +5 -5
  133. package/src/workflow/lib/artifact-ref.ts +1 -1
  134. package/src/workflow/lib/compiled-run.ts +2 -2
  135. package/src/workflow/lib/compiled-workspace-manifest.ts +2 -2
  136. package/src/workflow/lib/enums.ts +4 -4
  137. package/src/workflow/lib/errors.ts +1 -1
  138. package/src/workflow/lib/model-ref.ts +1 -1
  139. package/src/workflow/lib/mount-plan.ts +1 -1
  140. package/src/workflow/lib/platform-task-queue.ts +3 -3
  141. package/src/workflow/lib/role-capability.ts +1 -1
  142. package/src/workflow/lib/run-progress.ts +2 -2
  143. package/src/workflow/lib/trigger-payload.ts +2 -2
  144. package/src/workflow/lib/variable-requirement.ts +1 -1
  145. package/src/workflow/lib/workspace-manifest-enums.ts +1 -1
  146. package/src/workspace-storage/lib/types.ts +1 -1
  147. package/LICENSE +0 -176
@@ -5,7 +5,7 @@ import { CapabilityRefSchema, type CapabilityRef } from './capability-ref';
5
5
  * Stub for a JSON Schema reference. Modelled as `{ $ref: string }` so
6
6
  * downstream services (notably `xema-shell-api`) can plug in their richer
7
7
  * `JsonSchemaRef` shape without the kernel having to know about JSON Schema
8
- * machinery. Phase-1A intentional scope limit.
8
+ * machinery. An intentional scope limit.
9
9
  */
10
10
  export interface JsonSchemaRefStub {
11
11
  $ref: string;
@@ -16,7 +16,7 @@ export const JsonSchemaRefStubSchema = z.object({
16
16
  }) as z.ZodType<JsonSchemaRefStub>;
17
17
 
18
18
  /**
19
- * `ShellCommandDescriptor` — plan §31.5. Single source of truth for human
19
+ * `ShellCommandDescriptor` — single source of truth for human
20
20
  * help (`xema help <cmd>`), agent help (the `xema-shell:run@1` self-describe
21
21
  * surface), and the host UI's command palette.
22
22
  *
@@ -28,7 +28,7 @@ export const JsonSchemaRefStubSchema = z.object({
28
28
  * depend on `@xemahq/xema-object-contracts`, which would form a kernel cycle
29
29
  * if `xema-object-contracts` ever needed a `CapabilityRef`.
30
30
  *
31
- * `safeForAgents` is enforced by `xema-capability-router` per §31.7 — the
31
+ * `safeForAgents` is enforced by `xema-capability-router` — the
32
32
  * descriptor is the source of truth; the gateway never relaxes it.
33
33
  */
34
34
  export interface ShellCommandDescriptor {
@@ -9,7 +9,7 @@
9
9
  *
10
10
  * The set is *built-in-closed but biome-extensible*: biomes may
11
11
  * contribute additional kinds via the future `AdapterContribution`
12
- * registry (Phase 7). The closed enum below names only the kinds the
12
+ * registry. The closed enum below names only the kinds the
13
13
  * platform ships out-of-the-box. Anything outside this list MUST be
14
14
  * either a built-in plus a biome contribution, or routed through an
15
15
  * opaque `AdapterKindRef` string captured below.
@@ -6,7 +6,7 @@
6
6
  // contracts`); they version like syscalls (`@1`, `@2`, ...) and the runtime
7
7
  // MUST refuse to dispatch a major version it has not registered.
8
8
  //
9
- // Source of truth: plan §17.2-B item 2. This file is the registry seed; the
9
+ // This file is the registry seed; the
10
10
  // `connector-gateway-api` capability dispatcher MAY consume it directly for
11
11
  // `name`-side validation.
12
12
  // ═══════════════════════════════════════════════════════════════════════════
@@ -9,9 +9,10 @@
9
9
  * provider so ONE app credential (per `ProviderDescriptor`) backs many
10
10
  * connectors.
11
11
  *
12
- * This descriptor is the connector-registry face of an `IntegrationProvider
13
- * Module`: the module carries the executable webhook/action/resource handlers;
14
- * this descriptor carries the *catalog + connect* metadata the framework needs
12
+ * This descriptor is the connector-registry face of an
13
+ * `IntegrationProviderModule`: the module carries the executable
14
+ * webhook/action/resource handlers; this descriptor carries the
15
+ * *catalog + connect* metadata the framework needs
15
16
  * to render the provider-grouped catalog, drive consent with the right scopes,
16
17
  * and resolve the right per-connection credential kind.
17
18
  * ─────────────────────────────────────────────────────────────────────────
@@ -1,11 +1,10 @@
1
1
  /**
2
2
  * Closed enum of credential strategies the platform knows how to mint,
3
- * cache, refresh and revoke. Biomes contributing new providers (Phase
4
- * 7) MUST declare one of these — they never ship custom mint code.
3
+ * cache, refresh and revoke. Biomes contributing new providers MUST
4
+ * declare one of these — they never ship custom mint code.
5
5
  *
6
6
  * Adding a kind here is a one-line schema change plus a matching
7
- * strategy implementation under
8
- * `apps/integration-adapters-api/src/credentials/strategies/<kind>/`.
7
+ * strategy implementation for that kind.
9
8
  */
10
9
  export enum CredentialKind {
11
10
  /** GitHub App / GitLab App style installation token (per-installation, 1h). */
@@ -11,7 +11,7 @@ import { BuiltInAdapterKind, type AdapterKindRef } from './adapter-kind';
11
11
  * evaluating to `false` at dispatch.
12
12
  *
13
13
  * The map is keyed by `(adapterKind, entityKind)`. When a webhook
14
- * filter declares its target `entityKind` (Phase 7 manifest field),
14
+ * filter declares its target `entityKind` (a manifest field),
15
15
  * the cross-validator narrows path checking to that entry. Filters
16
16
  * that omit `entityKind` fall back to the `UNION_ENTITY_KIND` entry,
17
17
  * which collects every path across the adapter's entity kinds — over-
@@ -167,7 +167,7 @@ registerEnvelopeSchema(BuiltInAdapterKind.Documentation, {
167
167
 
168
168
  /**
169
169
  * Register the per-entityKind permitted `$envelope.*` paths for a
170
- * biome-contributed AdapterKind (Phase 7). Built-in kinds are pre-
170
+ * biome-contributed AdapterKind. Built-in kinds are pre-
171
171
  * registered above. Re-registering an existing kind REPLACES its
172
172
  * entry set — `integration-adapters-api`'s registry is the authority,
173
173
  * so biome upgrades surface here.
@@ -56,7 +56,7 @@ export interface FilterExprPathIssue {
56
56
  * Statically validate that every `$envelope.*` path the predicate
57
57
  * references is permitted by the canonical envelope schema for
58
58
  * `(adapterKind, entityKind)`. `$selector` paths are NOT validated
59
- * here — selectors are opaque-by-design (Phase 3 lock-in): their
59
+ * here — selectors are opaque-by-design: their
60
60
  * shape is governed by the biome's install JSON Schema, not by a
61
61
  * kernel-level path map.
62
62
  *
@@ -184,6 +184,8 @@ function scalarEqual(a: unknown, b: unknown): boolean {
184
184
  */
185
185
  const REGEX_CACHE = new Map<string, RegExp>();
186
186
  const REGEX_MAX_LEN = 256;
187
+ /** Cap on distinct compiled patterns retained, to bound memory in a long-lived process. */
188
+ const REGEX_CACHE_MAX = 1_000;
187
189
 
188
190
  function compileRegex(pattern: string): RegExp {
189
191
  const cached = REGEX_CACHE.get(pattern);
@@ -198,6 +200,12 @@ function compileRegex(pattern: string): RegExp {
198
200
  }
199
201
  try {
200
202
  const re = new RegExp(pattern);
203
+ // Evict the oldest entry (Map preserves insertion order) once the cache is
204
+ // full, so an unbounded stream of distinct patterns cannot grow it forever.
205
+ if (REGEX_CACHE.size >= REGEX_CACHE_MAX) {
206
+ const oldest = REGEX_CACHE.keys().next().value;
207
+ if (oldest !== undefined) REGEX_CACHE.delete(oldest);
208
+ }
201
209
  REGEX_CACHE.set(pattern, re);
202
210
  return re;
203
211
  } catch (cause) {
@@ -5,16 +5,15 @@ import { z } from 'zod';
5
5
  * (biome) may contribute to the Xema OS through the Contribution Protocol
6
6
  * (XSI plane 2). Extending it is a one-line PR to the kernel.
7
7
  *
8
- * The seed set is documented in the Xema OS plan-of-record §12.1. Each
9
- * additional value below the v1 seed (e.g. `ShellCommand`, `DoctorCheck`) is
10
- * pulled from a specific section of the same plan and is cited inline.
8
+ * The v1 seed set is grouped first below. Each additional value beyond the
9
+ * v1 seed (e.g. `ShellCommand`, `DoctorCheck`) extends the closed enum.
11
10
  *
12
11
  * Enum string values match the slug spoken by the rest of the protocol
13
12
  * (Capability References, manifest declarations) so that round-tripping
14
13
  * between the enum and the wire is lossless.
15
14
  */
16
15
  export enum ContributionKind {
17
- // -- v1 seed (plan §12.1) -------------------------------------------------
16
+ // -- v1 seed ---------------------------------------------------------------
18
17
  ConnectorBinding = 'connector-binding',
19
18
  MountSource = 'mount-source',
20
19
  McpTool = 'mcp-tool',
@@ -29,13 +28,13 @@ export enum ContributionKind {
29
28
  ModelResolutionDimension = 'model-resolution-dimension',
30
29
  WidgetKind = 'widget-kind',
31
30
 
32
- // -- Xema Shell additions (plan §31.5 / §31.9) ---------------------------
33
- /** A command descriptor contributed to the Xema Shell. Plan §31.5. */
31
+ // -- Xema Shell additions --------------------------------------------------
32
+ /** A command descriptor contributed to the Xema Shell. */
34
33
  ShellCommand = 'shell-command',
35
- /** A `xema doctor` health check contributed by a biome. Plan §31.9. */
34
+ /** A `xema doctor` health check contributed by a biome. */
36
35
  DoctorCheck = 'doctor-check',
37
36
 
38
- // -- Registry gaps closed (plan §17.12) ----------------------------------
37
+ // -- Registry gaps closed --------------------------------------------------
39
38
  /**
40
39
  * An artifact type contributed by a biome to the artifact-store schema-
41
40
  * version registry (`ArtifactTypeRegistryService`). The registry adapter
@@ -49,8 +48,8 @@ export enum ContributionKind {
49
48
  */
50
49
  InquiryKind = 'inquiry-kind',
51
50
 
52
- // -- Phase C absorption (plan §6 C.2) ------------------------------------
53
- // The Phase-C "Contribution Protocol" rollup is the single source of
51
+ // -- Contribution-absorption additions -------------------------------------
52
+ // The "Contribution Protocol" rollup is the single source of
54
53
  // truth for every kind of contribution a biome can ship. A biome's
55
54
  // `contributions/` directory replaces the legacy `content/` + `modules/`
56
55
  // seeders. Per-kind handlers are wired through
@@ -105,7 +104,7 @@ export enum ContributionKind {
105
104
  /** A runtime-mount kind module contributed by a biome. */
106
105
  RuntimeMountKind = 'runtime-mount-kind',
107
106
 
108
- // -- Phase H#2: capability self-registration (plan §6.H) -----------------
107
+ // -- Capability self-registration ------------------------------------------
109
108
  /**
110
109
  * A `CapabilityRef` descriptor contributed by a biome — title, summary,
111
110
  * I/O schemas, risk tier, and approval flag. The boot-time codemod
@@ -122,7 +121,7 @@ export enum ContributionKind {
122
121
  */
123
122
  Capability = 'capability',
124
123
 
125
- // -- Phase 5: resource-ownership self-registration -----------------------
124
+ // -- Resource-ownership self-registration ----------------------------------
126
125
  /**
127
126
  * A resource-instance ownership/visibility declaration contributed by a
128
127
  * biome — `resourceType` + `resourceId` + a `ResourceVisibilityPattern` +
@@ -2,8 +2,7 @@ import { z } from 'zod';
2
2
 
3
3
  /**
4
4
  * `ContributionSource` is the 5-tier scope at which a Contribution lives.
5
- * Value-identical to `SkillSpace` and `AgentSpace` (see
6
- * `.claude/rules/skills-and-composition.md`) — the three enums share ONE
5
+ * Value-identical to `SkillSpace` and `AgentSpace` — the three enums share ONE
7
6
  * ownership / scope model and must not drift.
8
7
  *
9
8
  * Precedence — **most specific wins**:
@@ -109,8 +109,6 @@ export const ContributionVersionSchema = z
109
109
  * regardless of `kind`, carries this shape. Kind-specific contracts packages
110
110
  * own their own `TManifest` Zod schemas and feed them to
111
111
  * `contributionEnvelopeSchema` to get a fully-typed runtime validator.
112
- *
113
- * See plan-of-record §12.2 for the prose definition.
114
112
  */
115
113
  export interface Contribution<
116
114
  TKind extends ContributionKind,
@@ -175,11 +173,10 @@ export interface ContributionIngestContext {
175
173
  }
176
174
 
177
175
  /**
178
- * Per-kind ingestion handler. Phase C of the Xema OS plan replaces 14 hand-
176
+ * Per-kind ingestion handler. The Contribution Protocol replaces 14 hand-
179
177
  * rolled `Bootstrap*Service` seeders with a single generic
180
- * `BootstrapContributionsService<TKind, TManifest>` template (see plan §6
181
- * C.3) whose only per-kind specialisation is an implementation of this
182
- * interface.
178
+ * `BootstrapContributionsService<TKind, TManifest>` template whose only
179
+ * per-kind specialisation is an implementation of this interface.
183
180
  *
184
181
  * Implementations MUST:
185
182
  * - pin `kind` to the concrete `ContributionKind` they handle so the
@@ -1,7 +1,6 @@
1
1
  /**
2
2
  * Closed enums for the render service wire. Real TS enums (not
3
- * string-literal unions) so OpenAPI/Orval emit stable enum schemas — see
4
- * `docs/API_STANDARDS.md` and `.claude/rules/backend.md`.
3
+ * string-literal unions) so OpenAPI/Orval emit stable enum schemas.
5
4
  */
6
5
 
7
6
  /**
@@ -1,7 +1,7 @@
1
1
  import { z } from 'zod';
2
2
 
3
3
  /**
4
- * Closed caller-kind set (plan v4.3 §A.3).
4
+ * Closed caller-kind set.
5
5
  *
6
6
  * Distinguishes how the invocation entered the system — drives audit
7
7
  * shape, default obligations (e.g. `Web` callers default to `audit` +
@@ -21,7 +21,7 @@ export const CallerKindSchema = z.nativeEnum(CallerKind);
21
21
  /**
22
22
  * `Caller` — entry-point envelope captured on every invocation.
23
23
  *
24
- * v4.3 contract shape per plan §A.3:
24
+ * Contract shape:
25
25
  * { kind: CallerKind; appId?; sessionId?; ip?; userAgent? }
26
26
  *
27
27
  * `appId` and `sessionId` are populated when the caller is an embedded
@@ -30,8 +30,7 @@ import {
30
30
  } from './subject';
31
31
 
32
32
  /**
33
- * Closed biome trust-tier set referenced by `ExecutionContext.biome`
34
- * (plan v4.3 §A.3).
33
+ * Closed biome trust-tier set referenced by `ExecutionContext.biome`.
35
34
  *
36
35
  * Tier ordering goes Untrusted → Community → Verified → Official; OPA
37
36
  * policy bundles MAY gate a capability to a minimum tier, but the kernel
@@ -48,8 +47,8 @@ export enum BiomeTrustTier {
48
47
  export const BiomeTrustTierSchema = z.nativeEnum(BiomeTrustTier);
49
48
 
50
49
  /**
51
- * Biome attestation block carried on `ExecutionContext.biome` (plan
52
- * v4.3 §A.3). Set when the capability is provided by a biome (vs. an
50
+ * Biome attestation block carried on `ExecutionContext.biome`.
51
+ * Set when the capability is provided by a biome (vs. an
53
52
  * embedded built-in). `signatureVerified` is the Cosign verdict from the
54
53
  * biome-fetcher-api at install time.
55
54
  */
@@ -68,8 +67,7 @@ export const ExecutionContextBiomeSchema = z.object({
68
67
  }) as z.ZodType<ExecutionContextBiome>;
69
68
 
70
69
  /**
71
- * Environment block carried on `ExecutionContext.environment` (plan
72
- * v4.3 §A.3).
70
+ * Environment block carried on `ExecutionContext.environment`.
73
71
  *
74
72
  * `id` is the canonical `environment:<slug>` ref (string-typed here to
75
73
  * keep the envelope JSON-clean — the kernel-side reference type lives in the
@@ -89,8 +87,7 @@ export const ExecutionContextEnvironmentSchema = z.object({
89
87
  }) as z.ZodType<ExecutionContextEnvironment>;
90
88
 
91
89
  /**
92
- * Capability block carried on `ExecutionContext.capability` (plan
93
- * v4.3 §A.3).
90
+ * Capability block carried on `ExecutionContext.capability`.
94
91
  *
95
92
  * `ref` is the canonical capability reference (`<biome>:<verb>@<major>`).
96
93
  * `inputHash` is an optional SHA-256 fingerprint of the JSON-serialised
@@ -108,7 +105,7 @@ export const ExecutionContextCapabilitySchema = z.object({
108
105
  }) as z.ZodType<ExecutionContextCapability>;
109
106
 
110
107
  /**
111
- * Resource block carried on `ExecutionContext.resource` (plan v4.3 §A.3).
108
+ * Resource block carried on `ExecutionContext.resource`.
112
109
  *
113
110
  * Set when the invocation targets a specific persistent object (a
114
111
  * XemaObject, a document, an SCM file). `ref` is the resource reference
@@ -127,8 +124,7 @@ export const ExecutionContextResourceSchema = z.object({
127
124
  }) as z.ZodType<ExecutionContextResource>;
128
125
 
129
126
  /**
130
- * Constraints block carried on `ExecutionContext.constraints` (plan
131
- * v4.3 §A.3).
127
+ * Constraints block carried on `ExecutionContext.constraints`.
132
128
  *
133
129
  * Per-invocation caps + flags the gateway derives from the caller's
134
130
  * grant, the org's environment policy, and the capability's defaults.
@@ -155,14 +151,14 @@ export const ExecutionContextConstraintsSchema = z.object({
155
151
  }) as z.ZodType<ExecutionContextConstraints>;
156
152
 
157
153
  /**
158
- * `ExecutionContext` — the per-invocation envelope (plan v4.3 §A.3).
154
+ * `ExecutionContext` — the per-invocation envelope.
159
155
  *
160
- * Constructed by `biomes/xema-capability-router/api/xema-capability-router` at the gateway boundary,
156
+ * Constructed by the capability router at the gateway boundary,
161
157
  * passed verbatim to `authorization-api` for the policy check, and
162
158
  * forwarded to the dispatched runner. Audit, policy, and runner all
163
159
  * read the SAME shape — no parallel envelopes.
164
160
  *
165
- * Wave 4 (Phase A.5) wires this through `dispatch.service.ts`. This
161
+ * The dispatch pipeline wires this through at runtime. This
166
162
  * package is contract-only — no consumer rewiring lives here.
167
163
  */
168
164
  export interface ExecutionContext {
@@ -180,15 +176,13 @@ export interface ExecutionContext {
180
176
  /**
181
177
  * RFC 8693 delegation chain (`act`), outermost-acting-first. Built at the
182
178
  * gateway from `RequestContext.actorChain` and carried through policy → audit
183
- * → credential-broker. Empty/omitted for a non-delegated invocation
184
- * (plan §W4 / Pillar 3.2).
179
+ * → credential-broker. Empty/omitted for a non-delegated invocation.
185
180
  */
186
181
  actorChain?: ActingForRef[];
187
182
  /**
188
183
  * Opaque credential-binding id the PDP selected for this invocation
189
184
  * (`PolicyDecision.credentialBindingId`). When present, the executing
190
- * gateway/runner resolves it via the credential-broker. NEVER a secret
191
- * (plan §W4 / Pillar 3.2).
185
+ * gateway/runner resolves it via the credential-broker. NEVER a secret.
192
186
  */
193
187
  credentialBindingId?: string;
194
188
  /**
@@ -5,8 +5,8 @@ import {
5
5
  } from '../../capability';
6
6
 
7
7
  /**
8
- * Per-environment approval rule (plan §3.4 `ExecutionEnvironment.approvalRules[]`,
9
- * §30.7 Human-in-the-loop approval at runtime).
8
+ * Per-environment approval rule (`ExecutionEnvironment.approvalRules[]`):
9
+ * human-in-the-loop approval at runtime.
10
10
  *
11
11
  * When a runtime invocation matches a rule whose `capability` ref covers the
12
12
  * call, the gateway suspends the invocation, emits an `ApprovalRequested`
@@ -3,13 +3,12 @@ import { z } from 'zod';
3
3
  /**
4
4
  * Closed set of built-in Execution Environment kinds.
5
5
  *
6
- * Plan-of-record: v4.3 §2 vocabulary table (`Zone Environment` row),
7
- * §3.4 (the eight built-in environments that cover every story we have
8
- * today), and §30.6 (`trusted-dev` environment — the developer escape
9
- * hatch).
6
+ * There are eight built-in environments that cover every story we have
7
+ * today, plus the `trusted-dev` environment the developer escape
8
+ * hatch.
10
9
  *
11
10
  * v1 ships ONLY these built-ins; custom environments are an explicit v2
12
- * extension (plan §16). The downstream `ExecutionEnvironment.scope` type
11
+ * extension. The downstream `ExecutionEnvironment.scope` type
13
12
  * intentionally widens to `ExecutionEnvironmentKind | string` for future-
14
13
  * proofing, but at v1 the only legal scope values are members of this
15
14
  * enum — see `isExecutionEnvironmentKind`.
@@ -40,7 +39,7 @@ export enum ExecutionEnvironmentKind {
40
39
  /** Biome inspected for publication; no real org data access. */
41
40
  StoreReview = 'store-review',
42
41
  /**
43
- * Local-dev / personal-sandbox environment (plan §30.6). Inside it the
42
+ * Local-dev / personal-sandbox environment. Inside it the
44
43
  * Capability Gateway grants every capability the biome *declared* in
45
44
  * its manifest, no resource glob, no rate limit, no human approval.
46
45
  * Audit-log still records every call so devs can inspect what their
@@ -55,12 +54,11 @@ export const ExecutionEnvironmentKindSchema = z.nativeEnum(ExecutionEnvironmentK
55
54
 
56
55
  /**
57
56
  * Stable, ordered list of every built-in environment slug. Seeded at
58
- * boot by `authorization-api` / `object-registry-api` per plan §17.5
59
- * step 1.
57
+ * boot by `authorization-api` / `object-registry-api`.
60
58
  *
61
59
  * Ordering is intentional (system → org → project → app → session →
62
- * sandbox → public → store-review → trusted-dev) and matches the table
63
- * in §3.4 followed by the dev escape hatch from §30.6. Do not reorder
60
+ * sandbox → public → store-review → trusted-dev) the built-in
61
+ * environments followed by the dev escape hatch. Do not reorder
64
62
  * without a coordinated migration of any consumer that relies on
65
63
  * positional iteration.
66
64
  */
@@ -79,7 +77,7 @@ export const BUILT_IN_ENVIRONMENT_SLUGS: readonly ExecutionEnvironmentKind[] = [
79
77
  /**
80
78
  * Narrowing guard: returns `true` iff `slug` is one of the built-in
81
79
  * environment slugs. Used by `ExecutionEnvironmentSchema` and the
82
- * authorization-api to refuse custom-scoped environments at v1 (plan §16
80
+ * authorization-api to refuse custom-scoped environments at v1 (a
83
81
  * non-goal).
84
82
  */
85
83
  export function isExecutionEnvironmentKind(
@@ -13,7 +13,7 @@ import {
13
13
  import { ApprovalRuleSchema, type ApprovalRule } from './approval-rule';
14
14
 
15
15
  /**
16
- * Canonical Execution Environment Reference grammar (plan §3.4):
16
+ * Canonical Execution Environment Reference grammar:
17
17
  *
18
18
  * `environment:<slug>`
19
19
  *
@@ -22,7 +22,7 @@ import { ApprovalRuleSchema, type ApprovalRule } from './approval-rule';
22
22
  * silently absorb a free-form string.
23
23
  *
24
24
  * v1 only mints refs whose slug is an `ExecutionEnvironmentKind` value
25
- * (plan §16 forbids custom environments). The type still validates the
25
+ * (custom environments are forbidden at v1). The type still validates the
26
26
  * *grammar* — semantic "built-in-only" enforcement lives one layer up
27
27
  * in `authorization-api`, which calls
28
28
  * `isExecutionEnvironmentKind(parseEnvironmentRef(ref).slug)`.
@@ -127,8 +127,8 @@ export const BUILT_IN_ENVIRONMENT_REFS: Record<
127
127
  );
128
128
 
129
129
  /**
130
- * Runtime budget caps the environment advertises to the gateway (plan §3.4
131
- * `ExecutionEnvironment.runtimeLimits`). All fields are optional — omitted means
130
+ * Runtime budget caps the environment advertises to the gateway
131
+ * (`ExecutionEnvironment.runtimeLimits`). All fields are optional — omitted means
132
132
  * "no cap from the environment", but the gateway may still apply org- or
133
133
  * grant-level caps. None of these fields fall back to a hidden default.
134
134
  */
@@ -147,13 +147,13 @@ export const RuntimeLimitsSchema = z.object({
147
147
  }) as z.ZodType<RuntimeLimits>;
148
148
 
149
149
  /**
150
- * Allow-list of knowledge scope refs reachable from this environment (plan §3.4
151
- * `ExecutionEnvironment.allowedKnowledgeScopes`).
150
+ * Allow-list of knowledge scope refs reachable from this environment
151
+ * (`ExecutionEnvironment.allowedKnowledgeScopes`).
152
152
  *
153
153
  * v1 keeps the shape minimal — the ref string is sufficient for the
154
- * sandbox→prod boundary check that lands in Phase 4. Detailed per-scope
155
- * sub-schemas (e.g. spaces, page subtrees, redaction rules) are scheduled
156
- * for the knowledge-base-api Phase 4+ companion plan.
154
+ * planned sandbox→prod boundary check. Detailed per-scope
155
+ * sub-schemas (e.g. spaces, page subtrees, redaction rules) are deferred
156
+ * to a later phase.
157
157
  */
158
158
  export interface KnowledgePolicy {
159
159
  allowedRefs: readonly string[];
@@ -164,13 +164,13 @@ export const KnowledgePolicySchema = z.object({
164
164
  }) as z.ZodType<KnowledgePolicy>;
165
165
 
166
166
  /**
167
- * Allow-list of connector binding refs reachable from this environment (plan §3.4
168
- * `ExecutionEnvironment.allowedConnectors`).
167
+ * Allow-list of connector binding refs reachable from this environment
168
+ * (`ExecutionEnvironment.allowedConnectors`).
169
169
  *
170
170
  * v1 keeps the shape minimal — the ref string is sufficient for the
171
- * sandbox→prod boundary check that lands in Phase 4. Per-connector
171
+ * planned sandbox→prod boundary check. Per-connector
172
172
  * permission detail (per-repo globs, per-tracker projects, etc.) is
173
- * scheduled for the connector-gateway-api companion plan.
173
+ * deferred to a later phase.
174
174
  */
175
175
  export interface ConnectorPolicy {
176
176
  allowedRefs: readonly string[];
@@ -181,13 +181,13 @@ export const ConnectorPolicySchema = z.object({
181
181
  }) as z.ZodType<ConnectorPolicy>;
182
182
 
183
183
  /**
184
- * Allow-list of biome refs that may run inside this environment (plan §3.4
185
- * `ExecutionEnvironment.allowedBiomes`).
184
+ * Allow-list of biome refs that may run inside this environment
185
+ * (`ExecutionEnvironment.allowedBiomes`).
186
186
  *
187
187
  * v1 keeps the shape minimal — the ref string is sufficient for the
188
- * built-in-environment install policy that lands in Phase 4 / Phase 6. Lifecycle-
189
- * stage restrictions (draft / published / archived) are scheduled for the
190
- * biome-host-api companion plan.
188
+ * planned built-in-environment install policy. Lifecycle-
189
+ * stage restrictions (draft / published / archived) are deferred to a
190
+ * later phase.
191
191
  */
192
192
  export interface BiomePolicy {
193
193
  allowedRefs: readonly string[];
@@ -198,13 +198,12 @@ export const BiomePolicySchema = z.object({
198
198
  }) as z.ZodType<BiomePolicy>;
199
199
 
200
200
  /**
201
- * Allow-list of mount-source refs reachable from this environment (plan §3.4
202
- * `ExecutionEnvironment.allowedMounts`).
201
+ * Allow-list of mount-source refs reachable from this environment
202
+ * (`ExecutionEnvironment.allowedMounts`).
203
203
  *
204
204
  * v1 keeps the shape minimal — the ref string is sufficient for the
205
- * XVFS read/write boundary check that lands in Phase 4 / Phase 5. Per-mount
206
- * read/write splitting and path globs are scheduled for the xema-shell-api
207
- * companion plan.
205
+ * planned XVFS read/write boundary check. Per-mount
206
+ * read/write splitting and path globs are deferred to a later phase.
208
207
  */
209
208
  export interface MountPolicy {
210
209
  allowedRefs: readonly string[];
@@ -215,7 +214,7 @@ export const MountPolicySchema = z.object({
215
214
  }) as z.ZodType<MountPolicy>;
216
215
 
217
216
  /**
218
- * `ExecutionEnvironment` — the canonical permission-plane object (plan §3.4).
217
+ * `ExecutionEnvironment` — the canonical permission-plane object.
219
218
  *
220
219
  * An environment declares the capability surface, knowledge/connector/biome/mount
221
220
  * allow-lists, approval rules, and runtime budget that apply to every
@@ -232,7 +231,7 @@ export interface ExecutionEnvironment {
232
231
  /**
233
232
  * The environment's logical scope. v1 only accepts
234
233
  * `ExecutionEnvironmentKind` slugs; the string-side of the union is
235
- * reserved for v2 custom environments (plan §16 non-goal at v1).
234
+ * reserved for v2 custom environments (a non-goal at v1).
236
235
  */
237
236
  scope: ExecutionEnvironmentKind | string;
238
237
  allowedCapabilities: CapabilityPolicy[];
@@ -250,7 +249,7 @@ export const ExecutionEnvironmentSchema = z.object({
250
249
  (s) => isExecutionEnvironmentKind(s),
251
250
  {
252
251
  message:
253
- 'ExecutionEnvironment.scope must be an ExecutionEnvironmentKind slug at v1; custom environments are a v2 extension (plan §16).',
252
+ 'ExecutionEnvironment.scope must be an ExecutionEnvironmentKind slug at v1; custom environments are a v2 extension.',
254
253
  },
255
254
  ),
256
255
  allowedCapabilities: z.array(CapabilityPolicySchema),
@@ -6,8 +6,7 @@
6
6
  // kind-specific schema, aggregate per a policy, return a verdict."
7
7
  //
8
8
  // Runtime-agnostic. Pure types + Zod schemas. Zero framework / persistence /
9
- // workflow-runtime imports. The plan-of-record lives at
10
- // .claude/plans/i-think-what-we-ve-transient-zebra.md.
9
+ // workflow-runtime imports.
11
10
  //
12
11
  // Per-kind prompt + reply Zod schemas live in their own contract packages
13
12
  // (`@xemahq/decision-gate-contracts`, `@xemahq/agent-tool-inquiry-
@@ -7,7 +7,7 @@ import { z } from 'zod';
7
7
  * hint a mode via `ExecutionRequirements.mode`, but policy may override it.
8
8
  *
9
9
  * - `Sync` — the caller holds the request open until the composition produces
10
- * its root structured output. The smallest correct slice (Phase 1).
10
+ * its root structured output. The smallest correct slice.
11
11
  * - `Async` — the runtime returns immediately with a `Queued`/`Running`
12
12
  * invocation; the caller polls the Invocation record for the terminal state.
13
13
  * - `Event` — the runtime returns without an `output`; the result is delivered
@@ -11,7 +11,7 @@ import {
11
11
  * per invocation. This is the source of truth for an invocation's lifecycle
12
12
  * (never the underlying session).
13
13
  *
14
- * `inputRef`/`outputRef` are blob/JSON references (inline JSON in Phase 1,
14
+ * `inputRef`/`outputRef` are blob/JSON references (inline JSON initially,
15
15
  * artifact-store refs once payloads grow). Timestamps are ISO-8601 strings.
16
16
  */
17
17
  export interface InvocationRecord {
@@ -7,7 +7,7 @@ import { z } from 'zod';
7
7
  * default for mail (org+mailbox+emailThreadId): thread context is NEVER
8
8
  * reused across unrelated emails.
9
9
  * - `PooledThread` — reuse a warm thread within the same `threadKey` (a warm
10
- * session-pool optimization; future, Phase 3).
10
+ * session-pool optimization; a future step).
11
11
  *
12
12
  * Closed set on purpose — both levels are honored by the runtime's pool/thread
13
13
  * management; adding a level is a coordinated kernel change.
@@ -1,10 +1,10 @@
1
1
  /**
2
- * KernelState adapter kinds (plan §6 Phase D.3 — locked decision L9).
2
+ * KernelState adapter kinds.
3
3
  *
4
- * The plan explicitly closes the set to TWO adapters. There is no
4
+ * The set is explicitly closed to TWO adapters. There is no
5
5
  * Postgres adapter for KernelState; Postgres is reserved for service
6
6
  * domain data. Two DB engines max in any deployment is a load-bearing
7
- * invariant — do NOT extend this enum without updating L9.
7
+ * invariant — do NOT extend this enum.
8
8
  *
9
9
  * - `Sqlite` — file at `~/.xema/dev/kernel-state.sqlite` (dev) or
10
10
  * `/var/lib/xema/kernel-state.sqlite` (single-instance). Advisory
@@ -1,5 +1,5 @@
1
1
  /**
2
- * KernelState client contract (plan §6 Phase D.3).
2
+ * KernelState client contract.
3
3
  *
4
4
  * KernelState is the kernel's single strongly-consistent KV / lease /
5
5
  * watch primitive. Every adapter (SQLite or etcd — see
@@ -1,5 +1,5 @@
1
1
  /**
2
- * KernelState key grammar (plan §6 Phase D.4).
2
+ * KernelState key grammar.
3
3
  *
4
4
  * Every key written to KernelState MUST start with one of the prefixes
5
5
  * below. The boundary CI script `check-kernel-state-key-ownership.mjs`
@@ -11,7 +11,7 @@ import { ToolProviderKind, toolProviderKindSchema } from './provider-kind';
11
11
  * or BiomeInstallation.id) depending on `providerKind`. Cross-org
12
12
  * misuse is blocked at every layer (selection PATCH validation,
13
13
  * resolver scope binding, bridge token scope, data-layer WHERE
14
- * clauses) — see `.claude/plans/we-have-integrations-as-swift-haven.md`.
14
+ * clauses).
15
15
  *
16
16
  * `toolName` is the canonical MCP tool name as exposed by the
17
17
  * provider's `listTools` (NOT a slug; the value MCP clients invoke).
@@ -4,8 +4,7 @@ import { z } from 'zod';
4
4
  * Lifecycle every versioned XemaObject moves through. Mirrors
5
5
  * `AgentLifecycle` from `@xemahq/agent-composition-contracts` —
6
6
  * the two enums MUST stay value-identical (one ownership model across
7
- * the four primitives + every other XemaObject kind, per
8
- * `.claude/rules/skills-and-composition.md`).
7
+ * the four primitives + every other XemaObject kind).
9
8
  *
10
9
  * - `Draft` — internal revision; never resolved, never installable,
11
10
  * never referenced by a lockfile.