@xemahq/kernel-contracts 0.22.3 → 0.23.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent-workspace/awp-spec.json +0 -1
- package/dist/agent-workspace/lib/workspace-layout.d.ts.map +1 -1
- package/dist/agent-workspace/lib/workspace-layout.js.map +1 -1
- package/dist/biome/lib/biome-manifest.d.ts +0 -8
- package/dist/biome/lib/biome-manifest.d.ts.map +1 -1
- package/dist/biome/lib/biome-manifest.js +4 -50
- package/dist/biome/lib/biome-manifest.js.map +1 -1
- package/dist/capability/lib/errors.d.ts.map +1 -1
- package/dist/capability/lib/errors.js.map +1 -1
- package/dist/capability/lib/meta-tool.d.ts.map +1 -1
- package/dist/capability/lib/meta-tool.js.map +1 -1
- package/dist/connector/lib/connector-descriptor.d.ts.map +1 -1
- package/dist/connector/lib/credential-kind.d.ts.map +1 -1
- package/dist/connector/lib/credential-kind.js.map +1 -1
- package/dist/connector/lib/filter-expr.js +6 -0
- package/dist/connector/lib/filter-expr.js.map +1 -1
- package/dist/contribution/lib/contribution-kind.d.ts.map +1 -1
- package/dist/contribution/lib/contribution-kind.js.map +1 -1
- package/dist/contribution/lib/contribution-source.d.ts.map +1 -1
- package/dist/contribution/lib/contribution-source.js.map +1 -1
- package/dist/contribution/lib/contribution.d.ts.map +1 -1
- package/dist/contribution/lib/contribution.js.map +1 -1
- package/dist/document-render/lib/render-enums.d.ts.map +1 -1
- package/dist/document-render/lib/render-enums.js.map +1 -1
- package/dist/execution-context/lib/execution-context.d.ts.map +1 -1
- package/dist/execution-context/lib/execution-context.js.map +1 -1
- package/dist/execution-environment/lib/built-in-environments.d.ts.map +1 -1
- package/dist/execution-environment/lib/built-in-environments.js.map +1 -1
- package/dist/execution-environment/lib/execution-environment.d.ts.map +1 -1
- package/dist/execution-environment/lib/execution-environment.js +1 -1
- package/dist/execution-environment/lib/execution-environment.js.map +1 -1
- package/dist/inquiry/index.d.ts.map +1 -1
- package/dist/inquiry/index.js.map +1 -1
- package/dist/object/lib/object-lifecycle.d.ts.map +1 -1
- package/dist/object/lib/object-lifecycle.js.map +1 -1
- package/dist/policy/lib/obligations.d.ts.map +1 -1
- package/dist/policy/lib/obligations.js.map +1 -1
- package/dist/runner/lib/runner-registration.d.ts.map +1 -1
- package/dist/runner/lib/runner-registration.js.map +1 -1
- package/dist/service-registry/lib/service-names.generated.d.ts.map +1 -1
- package/dist/service-registry/lib/service-names.generated.js.map +1 -1
- package/dist/space/lib/space.d.ts.map +1 -1
- package/dist/space/lib/space.js.map +1 -1
- package/dist/workflow/index.d.ts.map +1 -1
- package/dist/workflow/index.js.map +1 -1
- package/dist/workflow/lib/activity-outputs.d.ts.map +1 -1
- package/package.json +11 -2
- package/src/agent-composition/lib/agent-workspace-config.ts +3 -3
- package/src/agent-composition/lib/capability-layer.ts +2 -2
- package/src/agent-composition/lib/intrinsic-floor.ts +1 -1
- package/src/agent-session/lib/participant.ts +1 -1
- package/src/agent-workspace/lib/context-json.ts +1 -1
- package/src/agent-workspace/lib/mount-apply.ts +2 -2
- package/src/agent-workspace/lib/workspace-layout.ts +2 -4
- package/src/app-runtime/lib/app-client.ts +1 -1
- package/src/app-runtime/lib/app-lockfile.ts +2 -2
- package/src/app-runtime/lib/app.ts +4 -4
- package/src/app-runtime/lib/audience-policy.ts +2 -2
- package/src/app-runtime/lib/biome-install.ts +3 -3
- package/src/app-runtime/lib/branding-config.ts +1 -1
- package/src/app-runtime/lib/delegated-session.ts +1 -1
- package/src/app-runtime/lib/external-subject.ts +1 -1
- package/src/biome/lib/biome-capability-refs.ts +3 -3
- package/src/biome/lib/biome-engines.ts +2 -2
- package/src/biome/lib/biome-lifecycle-hooks.ts +1 -1
- package/src/biome/lib/biome-lifecycle.ts +3 -3
- package/src/biome/lib/biome-manifest.ts +68 -122
- package/src/biome/lib/biome-permissions.ts +2 -2
- package/src/biome/lib/biome-scope.ts +2 -2
- package/src/biome/lib/biome-trust-tier.ts +1 -1
- package/src/biome/lib/trust-tier-policies.ts +2 -2
- package/src/biome-availability/lib/biome-availability.ts +1 -1
- package/src/capability/lib/capability-contribution.ts +3 -3
- package/src/capability/lib/capability-grant.ts +5 -5
- package/src/capability/lib/capability-policy.ts +2 -2
- package/src/capability/lib/capability-ref.ts +4 -4
- package/src/capability/lib/errors.ts +4 -10
- package/src/capability/lib/meta-tool.ts +2 -5
- package/src/capability/lib/permission-profile.ts +7 -7
- package/src/capability/lib/shell-command-descriptor.ts +3 -3
- package/src/connector/lib/adapter-kind.ts +1 -1
- package/src/connector/lib/capability-refs.ts +1 -1
- package/src/connector/lib/connector-descriptor.ts +4 -3
- package/src/connector/lib/credential-kind.ts +3 -4
- package/src/connector/lib/envelope-schema.ts +2 -2
- package/src/connector/lib/filter-expr-validate.ts +1 -1
- package/src/connector/lib/filter-expr.ts +8 -0
- package/src/contribution/lib/contribution-kind.ts +11 -12
- package/src/contribution/lib/contribution-source.ts +1 -2
- package/src/contribution/lib/contribution.ts +3 -6
- package/src/document-render/lib/render-enums.ts +1 -2
- package/src/execution-context/lib/caller.ts +2 -2
- package/src/execution-context/lib/execution-context.ts +12 -18
- package/src/execution-environment/lib/approval-rule.ts +2 -2
- package/src/execution-environment/lib/built-in-environments.ts +9 -11
- package/src/execution-environment/lib/execution-environment.ts +25 -26
- package/src/inquiry/index.ts +1 -2
- package/src/invocation/lib/invocation-mode.ts +1 -1
- package/src/invocation/lib/invocation-record.ts +1 -1
- package/src/invocation/lib/isolation-level.ts +1 -1
- package/src/kernel-state/lib/adapter-kind.ts +3 -3
- package/src/kernel-state/lib/kernel-state.ts +1 -1
- package/src/kernel-state/lib/key-grammar.ts +1 -1
- package/src/mcp-tool/lib/tool-selection.ts +1 -1
- package/src/object/lib/object-lifecycle.ts +1 -2
- package/src/object/lib/xema-object-kind.ts +1 -1
- package/src/object/lib/xema-object-ref.ts +2 -2
- package/src/org-database/lib/db-result-event.ts +3 -3
- package/src/policy/lib/obligations.ts +5 -6
- package/src/policy/lib/policy.ts +7 -7
- package/src/policy/lib/route-hints.ts +1 -1
- package/src/provisioning/index.ts +1 -1
- package/src/provisioning/lib/provisioning.ts +4 -4
- package/src/resource/lib/resource-ownership-contribution.ts +2 -2
- package/src/runner/lib/dispatch.ts +5 -5
- package/src/runner/lib/job-token.ts +2 -2
- package/src/runner/lib/runner-attestation.ts +2 -2
- package/src/runner/lib/runner-job.ts +2 -2
- package/src/runner/lib/runner-mode.ts +1 -1
- package/src/runner/lib/runner-plane.ts +2 -2
- package/src/runner/lib/runner-registration.ts +9 -10
- package/src/runner/lib/runner.ts +7 -7
- package/src/runner-input-hash/lib/input-hash.ts +2 -2
- package/src/service-registry/lib/service-descriptor.ts +1 -1
- package/src/service-registry/lib/service-names.generated.ts +1 -3
- package/src/space/lib/space-ref-parser.ts +1 -1
- package/src/space/lib/space.ts +4 -5
- package/src/widget/lib/chat-widget-envelope.ts +1 -1
- package/src/worker-runtime/lib/capabilities.ts +1 -1
- package/src/workflow/index.ts +2 -3
- package/src/workflow/lib/activity-outputs.ts +3 -4
- package/src/workflow/lib/agent-role.ts +5 -5
- package/src/workflow/lib/artifact-ref.ts +1 -1
- package/src/workflow/lib/compiled-run.ts +2 -2
- package/src/workflow/lib/compiled-workspace-manifest.ts +2 -2
- package/src/workflow/lib/enums.ts +4 -4
- package/src/workflow/lib/errors.ts +1 -1
- package/src/workflow/lib/model-ref.ts +1 -1
- package/src/workflow/lib/mount-plan.ts +1 -1
- package/src/workflow/lib/platform-task-queue.ts +3 -3
- package/src/workflow/lib/role-capability.ts +1 -1
- package/src/workflow/lib/run-progress.ts +2 -2
- package/src/workflow/lib/trigger-payload.ts +2 -2
- package/src/workflow/lib/variable-requirement.ts +1 -1
- package/src/workflow/lib/workspace-manifest-enums.ts +1 -1
- package/src/workspace-storage/lib/types.ts +1 -1
|
@@ -5,7 +5,7 @@ import { CapabilityRefSchema, type CapabilityRef } from './capability-ref';
|
|
|
5
5
|
* Stub for a JSON Schema reference. Modelled as `{ $ref: string }` so
|
|
6
6
|
* downstream services (notably `xema-shell-api`) can plug in their richer
|
|
7
7
|
* `JsonSchemaRef` shape without the kernel having to know about JSON Schema
|
|
8
|
-
* machinery.
|
|
8
|
+
* machinery. An intentional scope limit.
|
|
9
9
|
*/
|
|
10
10
|
export interface JsonSchemaRefStub {
|
|
11
11
|
$ref: string;
|
|
@@ -16,7 +16,7 @@ export const JsonSchemaRefStubSchema = z.object({
|
|
|
16
16
|
}) as z.ZodType<JsonSchemaRefStub>;
|
|
17
17
|
|
|
18
18
|
/**
|
|
19
|
-
* `ShellCommandDescriptor` —
|
|
19
|
+
* `ShellCommandDescriptor` — single source of truth for human
|
|
20
20
|
* help (`xema help <cmd>`), agent help (the `xema-shell:run@1` self-describe
|
|
21
21
|
* surface), and the host UI's command palette.
|
|
22
22
|
*
|
|
@@ -28,7 +28,7 @@ export const JsonSchemaRefStubSchema = z.object({
|
|
|
28
28
|
* depend on `@xemahq/xema-object-contracts`, which would form a kernel cycle
|
|
29
29
|
* if `xema-object-contracts` ever needed a `CapabilityRef`.
|
|
30
30
|
*
|
|
31
|
-
* `safeForAgents` is enforced by `xema-capability-router`
|
|
31
|
+
* `safeForAgents` is enforced by `xema-capability-router` — the
|
|
32
32
|
* descriptor is the source of truth; the gateway never relaxes it.
|
|
33
33
|
*/
|
|
34
34
|
export interface ShellCommandDescriptor {
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
*
|
|
10
10
|
* The set is *built-in-closed but biome-extensible*: biomes may
|
|
11
11
|
* contribute additional kinds via the future `AdapterContribution`
|
|
12
|
-
* registry
|
|
12
|
+
* registry. The closed enum below names only the kinds the
|
|
13
13
|
* platform ships out-of-the-box. Anything outside this list MUST be
|
|
14
14
|
* either a built-in plus a biome contribution, or routed through an
|
|
15
15
|
* opaque `AdapterKindRef` string captured below.
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
// contracts`); they version like syscalls (`@1`, `@2`, ...) and the runtime
|
|
7
7
|
// MUST refuse to dispatch a major version it has not registered.
|
|
8
8
|
//
|
|
9
|
-
//
|
|
9
|
+
// This file is the registry seed; the
|
|
10
10
|
// `connector-gateway-api` capability dispatcher MAY consume it directly for
|
|
11
11
|
// `name`-side validation.
|
|
12
12
|
// ═══════════════════════════════════════════════════════════════════════════
|
|
@@ -9,9 +9,10 @@
|
|
|
9
9
|
* provider so ONE app credential (per `ProviderDescriptor`) backs many
|
|
10
10
|
* connectors.
|
|
11
11
|
*
|
|
12
|
-
* This descriptor is the connector-registry face of an
|
|
13
|
-
*
|
|
14
|
-
* this descriptor carries the
|
|
12
|
+
* This descriptor is the connector-registry face of an
|
|
13
|
+
* `IntegrationProviderModule`: the module carries the executable
|
|
14
|
+
* webhook/action/resource handlers; this descriptor carries the
|
|
15
|
+
* *catalog + connect* metadata the framework needs
|
|
15
16
|
* to render the provider-grouped catalog, drive consent with the right scopes,
|
|
16
17
|
* and resolve the right per-connection credential kind.
|
|
17
18
|
* ─────────────────────────────────────────────────────────────────────────
|
|
@@ -1,11 +1,10 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Closed enum of credential strategies the platform knows how to mint,
|
|
3
|
-
* cache, refresh and revoke. Biomes contributing new providers
|
|
4
|
-
*
|
|
3
|
+
* cache, refresh and revoke. Biomes contributing new providers MUST
|
|
4
|
+
* declare one of these — they never ship custom mint code.
|
|
5
5
|
*
|
|
6
6
|
* Adding a kind here is a one-line schema change plus a matching
|
|
7
|
-
* strategy implementation
|
|
8
|
-
* `apps/integration-adapters-api/src/credentials/strategies/<kind>/`.
|
|
7
|
+
* strategy implementation for that kind.
|
|
9
8
|
*/
|
|
10
9
|
export enum CredentialKind {
|
|
11
10
|
/** GitHub App / GitLab App style installation token (per-installation, 1h). */
|
|
@@ -11,7 +11,7 @@ import { BuiltInAdapterKind, type AdapterKindRef } from './adapter-kind';
|
|
|
11
11
|
* evaluating to `false` at dispatch.
|
|
12
12
|
*
|
|
13
13
|
* The map is keyed by `(adapterKind, entityKind)`. When a webhook
|
|
14
|
-
* filter declares its target `entityKind` (
|
|
14
|
+
* filter declares its target `entityKind` (a manifest field),
|
|
15
15
|
* the cross-validator narrows path checking to that entry. Filters
|
|
16
16
|
* that omit `entityKind` fall back to the `UNION_ENTITY_KIND` entry,
|
|
17
17
|
* which collects every path across the adapter's entity kinds — over-
|
|
@@ -167,7 +167,7 @@ registerEnvelopeSchema(BuiltInAdapterKind.Documentation, {
|
|
|
167
167
|
|
|
168
168
|
/**
|
|
169
169
|
* Register the per-entityKind permitted `$envelope.*` paths for a
|
|
170
|
-
* biome-contributed AdapterKind
|
|
170
|
+
* biome-contributed AdapterKind. Built-in kinds are pre-
|
|
171
171
|
* registered above. Re-registering an existing kind REPLACES its
|
|
172
172
|
* entry set — `integration-adapters-api`'s registry is the authority,
|
|
173
173
|
* so biome upgrades surface here.
|
|
@@ -56,7 +56,7 @@ export interface FilterExprPathIssue {
|
|
|
56
56
|
* Statically validate that every `$envelope.*` path the predicate
|
|
57
57
|
* references is permitted by the canonical envelope schema for
|
|
58
58
|
* `(adapterKind, entityKind)`. `$selector` paths are NOT validated
|
|
59
|
-
* here — selectors are opaque-by-design
|
|
59
|
+
* here — selectors are opaque-by-design: their
|
|
60
60
|
* shape is governed by the biome's install JSON Schema, not by a
|
|
61
61
|
* kernel-level path map.
|
|
62
62
|
*
|
|
@@ -184,6 +184,8 @@ function scalarEqual(a: unknown, b: unknown): boolean {
|
|
|
184
184
|
*/
|
|
185
185
|
const REGEX_CACHE = new Map<string, RegExp>();
|
|
186
186
|
const REGEX_MAX_LEN = 256;
|
|
187
|
+
/** Cap on distinct compiled patterns retained, to bound memory in a long-lived process. */
|
|
188
|
+
const REGEX_CACHE_MAX = 1_000;
|
|
187
189
|
|
|
188
190
|
function compileRegex(pattern: string): RegExp {
|
|
189
191
|
const cached = REGEX_CACHE.get(pattern);
|
|
@@ -198,6 +200,12 @@ function compileRegex(pattern: string): RegExp {
|
|
|
198
200
|
}
|
|
199
201
|
try {
|
|
200
202
|
const re = new RegExp(pattern);
|
|
203
|
+
// Evict the oldest entry (Map preserves insertion order) once the cache is
|
|
204
|
+
// full, so an unbounded stream of distinct patterns cannot grow it forever.
|
|
205
|
+
if (REGEX_CACHE.size >= REGEX_CACHE_MAX) {
|
|
206
|
+
const oldest = REGEX_CACHE.keys().next().value;
|
|
207
|
+
if (oldest !== undefined) REGEX_CACHE.delete(oldest);
|
|
208
|
+
}
|
|
201
209
|
REGEX_CACHE.set(pattern, re);
|
|
202
210
|
return re;
|
|
203
211
|
} catch (cause) {
|
|
@@ -5,16 +5,15 @@ import { z } from 'zod';
|
|
|
5
5
|
* (biome) may contribute to the Xema OS through the Contribution Protocol
|
|
6
6
|
* (XSI plane 2). Extending it is a one-line PR to the kernel.
|
|
7
7
|
*
|
|
8
|
-
* The seed set is
|
|
9
|
-
*
|
|
10
|
-
* pulled from a specific section of the same plan and is cited inline.
|
|
8
|
+
* The v1 seed set is grouped first below. Each additional value beyond the
|
|
9
|
+
* v1 seed (e.g. `ShellCommand`, `DoctorCheck`) extends the closed enum.
|
|
11
10
|
*
|
|
12
11
|
* Enum string values match the slug spoken by the rest of the protocol
|
|
13
12
|
* (Capability References, manifest declarations) so that round-tripping
|
|
14
13
|
* between the enum and the wire is lossless.
|
|
15
14
|
*/
|
|
16
15
|
export enum ContributionKind {
|
|
17
|
-
// -- v1 seed
|
|
16
|
+
// -- v1 seed ---------------------------------------------------------------
|
|
18
17
|
ConnectorBinding = 'connector-binding',
|
|
19
18
|
MountSource = 'mount-source',
|
|
20
19
|
McpTool = 'mcp-tool',
|
|
@@ -29,13 +28,13 @@ export enum ContributionKind {
|
|
|
29
28
|
ModelResolutionDimension = 'model-resolution-dimension',
|
|
30
29
|
WidgetKind = 'widget-kind',
|
|
31
30
|
|
|
32
|
-
// -- Xema Shell additions
|
|
33
|
-
/** A command descriptor contributed to the Xema Shell.
|
|
31
|
+
// -- Xema Shell additions --------------------------------------------------
|
|
32
|
+
/** A command descriptor contributed to the Xema Shell. */
|
|
34
33
|
ShellCommand = 'shell-command',
|
|
35
|
-
/** A `xema doctor` health check contributed by a biome.
|
|
34
|
+
/** A `xema doctor` health check contributed by a biome. */
|
|
36
35
|
DoctorCheck = 'doctor-check',
|
|
37
36
|
|
|
38
|
-
// -- Registry gaps closed
|
|
37
|
+
// -- Registry gaps closed --------------------------------------------------
|
|
39
38
|
/**
|
|
40
39
|
* An artifact type contributed by a biome to the artifact-store schema-
|
|
41
40
|
* version registry (`ArtifactTypeRegistryService`). The registry adapter
|
|
@@ -49,8 +48,8 @@ export enum ContributionKind {
|
|
|
49
48
|
*/
|
|
50
49
|
InquiryKind = 'inquiry-kind',
|
|
51
50
|
|
|
52
|
-
// --
|
|
53
|
-
// The
|
|
51
|
+
// -- Contribution-absorption additions -------------------------------------
|
|
52
|
+
// The "Contribution Protocol" rollup is the single source of
|
|
54
53
|
// truth for every kind of contribution a biome can ship. A biome's
|
|
55
54
|
// `contributions/` directory replaces the legacy `content/` + `modules/`
|
|
56
55
|
// seeders. Per-kind handlers are wired through
|
|
@@ -105,7 +104,7 @@ export enum ContributionKind {
|
|
|
105
104
|
/** A runtime-mount kind module contributed by a biome. */
|
|
106
105
|
RuntimeMountKind = 'runtime-mount-kind',
|
|
107
106
|
|
|
108
|
-
// --
|
|
107
|
+
// -- Capability self-registration ------------------------------------------
|
|
109
108
|
/**
|
|
110
109
|
* A `CapabilityRef` descriptor contributed by a biome — title, summary,
|
|
111
110
|
* I/O schemas, risk tier, and approval flag. The boot-time codemod
|
|
@@ -122,7 +121,7 @@ export enum ContributionKind {
|
|
|
122
121
|
*/
|
|
123
122
|
Capability = 'capability',
|
|
124
123
|
|
|
125
|
-
// --
|
|
124
|
+
// -- Resource-ownership self-registration ----------------------------------
|
|
126
125
|
/**
|
|
127
126
|
* A resource-instance ownership/visibility declaration contributed by a
|
|
128
127
|
* biome — `resourceType` + `resourceId` + a `ResourceVisibilityPattern` +
|
|
@@ -2,8 +2,7 @@ import { z } from 'zod';
|
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* `ContributionSource` is the 5-tier scope at which a Contribution lives.
|
|
5
|
-
* Value-identical to `SkillSpace` and `AgentSpace`
|
|
6
|
-
* `.claude/rules/skills-and-composition.md`) — the three enums share ONE
|
|
5
|
+
* Value-identical to `SkillSpace` and `AgentSpace` — the three enums share ONE
|
|
7
6
|
* ownership / scope model and must not drift.
|
|
8
7
|
*
|
|
9
8
|
* Precedence — **most specific wins**:
|
|
@@ -109,8 +109,6 @@ export const ContributionVersionSchema = z
|
|
|
109
109
|
* regardless of `kind`, carries this shape. Kind-specific contracts packages
|
|
110
110
|
* own their own `TManifest` Zod schemas and feed them to
|
|
111
111
|
* `contributionEnvelopeSchema` to get a fully-typed runtime validator.
|
|
112
|
-
*
|
|
113
|
-
* See plan-of-record §12.2 for the prose definition.
|
|
114
112
|
*/
|
|
115
113
|
export interface Contribution<
|
|
116
114
|
TKind extends ContributionKind,
|
|
@@ -175,11 +173,10 @@ export interface ContributionIngestContext {
|
|
|
175
173
|
}
|
|
176
174
|
|
|
177
175
|
/**
|
|
178
|
-
* Per-kind ingestion handler.
|
|
176
|
+
* Per-kind ingestion handler. The Contribution Protocol replaces 14 hand-
|
|
179
177
|
* rolled `Bootstrap*Service` seeders with a single generic
|
|
180
|
-
* `BootstrapContributionsService<TKind, TManifest>` template
|
|
181
|
-
*
|
|
182
|
-
* interface.
|
|
178
|
+
* `BootstrapContributionsService<TKind, TManifest>` template whose only
|
|
179
|
+
* per-kind specialisation is an implementation of this interface.
|
|
183
180
|
*
|
|
184
181
|
* Implementations MUST:
|
|
185
182
|
* - pin `kind` to the concrete `ContributionKind` they handle so the
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Closed enums for the render service wire. Real TS enums (not
|
|
3
|
-
* string-literal unions) so OpenAPI/Orval emit stable enum schemas
|
|
4
|
-
* `docs/API_STANDARDS.md` and `.claude/rules/backend.md`.
|
|
3
|
+
* string-literal unions) so OpenAPI/Orval emit stable enum schemas.
|
|
5
4
|
*/
|
|
6
5
|
|
|
7
6
|
/**
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
|
-
* Closed caller-kind set
|
|
4
|
+
* Closed caller-kind set.
|
|
5
5
|
*
|
|
6
6
|
* Distinguishes how the invocation entered the system — drives audit
|
|
7
7
|
* shape, default obligations (e.g. `Web` callers default to `audit` +
|
|
@@ -21,7 +21,7 @@ export const CallerKindSchema = z.nativeEnum(CallerKind);
|
|
|
21
21
|
/**
|
|
22
22
|
* `Caller` — entry-point envelope captured on every invocation.
|
|
23
23
|
*
|
|
24
|
-
*
|
|
24
|
+
* Contract shape:
|
|
25
25
|
* { kind: CallerKind; appId?; sessionId?; ip?; userAgent? }
|
|
26
26
|
*
|
|
27
27
|
* `appId` and `sessionId` are populated when the caller is an embedded
|
|
@@ -30,8 +30,7 @@ import {
|
|
|
30
30
|
} from './subject';
|
|
31
31
|
|
|
32
32
|
/**
|
|
33
|
-
* Closed biome trust-tier set referenced by `ExecutionContext.biome
|
|
34
|
-
* (plan v4.3 §A.3).
|
|
33
|
+
* Closed biome trust-tier set referenced by `ExecutionContext.biome`.
|
|
35
34
|
*
|
|
36
35
|
* Tier ordering goes Untrusted → Community → Verified → Official; OPA
|
|
37
36
|
* policy bundles MAY gate a capability to a minimum tier, but the kernel
|
|
@@ -48,8 +47,8 @@ export enum BiomeTrustTier {
|
|
|
48
47
|
export const BiomeTrustTierSchema = z.nativeEnum(BiomeTrustTier);
|
|
49
48
|
|
|
50
49
|
/**
|
|
51
|
-
* Biome attestation block carried on `ExecutionContext.biome
|
|
52
|
-
*
|
|
50
|
+
* Biome attestation block carried on `ExecutionContext.biome`.
|
|
51
|
+
* Set when the capability is provided by a biome (vs. an
|
|
53
52
|
* embedded built-in). `signatureVerified` is the Cosign verdict from the
|
|
54
53
|
* biome-fetcher-api at install time.
|
|
55
54
|
*/
|
|
@@ -68,8 +67,7 @@ export const ExecutionContextBiomeSchema = z.object({
|
|
|
68
67
|
}) as z.ZodType<ExecutionContextBiome>;
|
|
69
68
|
|
|
70
69
|
/**
|
|
71
|
-
* Environment block carried on `ExecutionContext.environment
|
|
72
|
-
* v4.3 §A.3).
|
|
70
|
+
* Environment block carried on `ExecutionContext.environment`.
|
|
73
71
|
*
|
|
74
72
|
* `id` is the canonical `environment:<slug>` ref (string-typed here to
|
|
75
73
|
* keep the envelope JSON-clean — the kernel-side reference type lives in the
|
|
@@ -89,8 +87,7 @@ export const ExecutionContextEnvironmentSchema = z.object({
|
|
|
89
87
|
}) as z.ZodType<ExecutionContextEnvironment>;
|
|
90
88
|
|
|
91
89
|
/**
|
|
92
|
-
* Capability block carried on `ExecutionContext.capability
|
|
93
|
-
* v4.3 §A.3).
|
|
90
|
+
* Capability block carried on `ExecutionContext.capability`.
|
|
94
91
|
*
|
|
95
92
|
* `ref` is the canonical capability reference (`<biome>:<verb>@<major>`).
|
|
96
93
|
* `inputHash` is an optional SHA-256 fingerprint of the JSON-serialised
|
|
@@ -108,7 +105,7 @@ export const ExecutionContextCapabilitySchema = z.object({
|
|
|
108
105
|
}) as z.ZodType<ExecutionContextCapability>;
|
|
109
106
|
|
|
110
107
|
/**
|
|
111
|
-
* Resource block carried on `ExecutionContext.resource
|
|
108
|
+
* Resource block carried on `ExecutionContext.resource`.
|
|
112
109
|
*
|
|
113
110
|
* Set when the invocation targets a specific persistent object (a
|
|
114
111
|
* XemaObject, a document, an SCM file). `ref` is the resource reference
|
|
@@ -127,8 +124,7 @@ export const ExecutionContextResourceSchema = z.object({
|
|
|
127
124
|
}) as z.ZodType<ExecutionContextResource>;
|
|
128
125
|
|
|
129
126
|
/**
|
|
130
|
-
* Constraints block carried on `ExecutionContext.constraints
|
|
131
|
-
* v4.3 §A.3).
|
|
127
|
+
* Constraints block carried on `ExecutionContext.constraints`.
|
|
132
128
|
*
|
|
133
129
|
* Per-invocation caps + flags the gateway derives from the caller's
|
|
134
130
|
* grant, the org's environment policy, and the capability's defaults.
|
|
@@ -155,14 +151,14 @@ export const ExecutionContextConstraintsSchema = z.object({
|
|
|
155
151
|
}) as z.ZodType<ExecutionContextConstraints>;
|
|
156
152
|
|
|
157
153
|
/**
|
|
158
|
-
* `ExecutionContext` — the per-invocation envelope
|
|
154
|
+
* `ExecutionContext` — the per-invocation envelope.
|
|
159
155
|
*
|
|
160
|
-
* Constructed by
|
|
156
|
+
* Constructed by the capability router at the gateway boundary,
|
|
161
157
|
* passed verbatim to `authorization-api` for the policy check, and
|
|
162
158
|
* forwarded to the dispatched runner. Audit, policy, and runner all
|
|
163
159
|
* read the SAME shape — no parallel envelopes.
|
|
164
160
|
*
|
|
165
|
-
*
|
|
161
|
+
* The dispatch pipeline wires this through at runtime. This
|
|
166
162
|
* package is contract-only — no consumer rewiring lives here.
|
|
167
163
|
*/
|
|
168
164
|
export interface ExecutionContext {
|
|
@@ -180,15 +176,13 @@ export interface ExecutionContext {
|
|
|
180
176
|
/**
|
|
181
177
|
* RFC 8693 delegation chain (`act`), outermost-acting-first. Built at the
|
|
182
178
|
* gateway from `RequestContext.actorChain` and carried through policy → audit
|
|
183
|
-
* → credential-broker. Empty/omitted for a non-delegated invocation
|
|
184
|
-
* (plan §W4 / Pillar 3.2).
|
|
179
|
+
* → credential-broker. Empty/omitted for a non-delegated invocation.
|
|
185
180
|
*/
|
|
186
181
|
actorChain?: ActingForRef[];
|
|
187
182
|
/**
|
|
188
183
|
* Opaque credential-binding id the PDP selected for this invocation
|
|
189
184
|
* (`PolicyDecision.credentialBindingId`). When present, the executing
|
|
190
|
-
* gateway/runner resolves it via the credential-broker. NEVER a secret
|
|
191
|
-
* (plan §W4 / Pillar 3.2).
|
|
185
|
+
* gateway/runner resolves it via the credential-broker. NEVER a secret.
|
|
192
186
|
*/
|
|
193
187
|
credentialBindingId?: string;
|
|
194
188
|
/**
|
|
@@ -5,8 +5,8 @@ import {
|
|
|
5
5
|
} from '../../capability';
|
|
6
6
|
|
|
7
7
|
/**
|
|
8
|
-
* Per-environment approval rule (
|
|
9
|
-
*
|
|
8
|
+
* Per-environment approval rule (`ExecutionEnvironment.approvalRules[]`):
|
|
9
|
+
* human-in-the-loop approval at runtime.
|
|
10
10
|
*
|
|
11
11
|
* When a runtime invocation matches a rule whose `capability` ref covers the
|
|
12
12
|
* call, the gateway suspends the invocation, emits an `ApprovalRequested`
|
|
@@ -3,13 +3,12 @@ import { z } from 'zod';
|
|
|
3
3
|
/**
|
|
4
4
|
* Closed set of built-in Execution Environment kinds.
|
|
5
5
|
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
9
|
-
* hatch).
|
|
6
|
+
* There are eight built-in environments that cover every story we have
|
|
7
|
+
* today, plus the `trusted-dev` environment — the developer escape
|
|
8
|
+
* hatch.
|
|
10
9
|
*
|
|
11
10
|
* v1 ships ONLY these built-ins; custom environments are an explicit v2
|
|
12
|
-
* extension
|
|
11
|
+
* extension. The downstream `ExecutionEnvironment.scope` type
|
|
13
12
|
* intentionally widens to `ExecutionEnvironmentKind | string` for future-
|
|
14
13
|
* proofing, but at v1 the only legal scope values are members of this
|
|
15
14
|
* enum — see `isExecutionEnvironmentKind`.
|
|
@@ -40,7 +39,7 @@ export enum ExecutionEnvironmentKind {
|
|
|
40
39
|
/** Biome inspected for publication; no real org data access. */
|
|
41
40
|
StoreReview = 'store-review',
|
|
42
41
|
/**
|
|
43
|
-
* Local-dev / personal-sandbox environment
|
|
42
|
+
* Local-dev / personal-sandbox environment. Inside it the
|
|
44
43
|
* Capability Gateway grants every capability the biome *declared* in
|
|
45
44
|
* its manifest, no resource glob, no rate limit, no human approval.
|
|
46
45
|
* Audit-log still records every call so devs can inspect what their
|
|
@@ -55,12 +54,11 @@ export const ExecutionEnvironmentKindSchema = z.nativeEnum(ExecutionEnvironmentK
|
|
|
55
54
|
|
|
56
55
|
/**
|
|
57
56
|
* Stable, ordered list of every built-in environment slug. Seeded at
|
|
58
|
-
* boot by `authorization-api` / `object-registry-api
|
|
59
|
-
* step 1.
|
|
57
|
+
* boot by `authorization-api` / `object-registry-api`.
|
|
60
58
|
*
|
|
61
59
|
* Ordering is intentional (system → org → project → app → session →
|
|
62
|
-
* sandbox → public → store-review → trusted-dev)
|
|
63
|
-
*
|
|
60
|
+
* sandbox → public → store-review → trusted-dev) — the built-in
|
|
61
|
+
* environments followed by the dev escape hatch. Do not reorder
|
|
64
62
|
* without a coordinated migration of any consumer that relies on
|
|
65
63
|
* positional iteration.
|
|
66
64
|
*/
|
|
@@ -79,7 +77,7 @@ export const BUILT_IN_ENVIRONMENT_SLUGS: readonly ExecutionEnvironmentKind[] = [
|
|
|
79
77
|
/**
|
|
80
78
|
* Narrowing guard: returns `true` iff `slug` is one of the built-in
|
|
81
79
|
* environment slugs. Used by `ExecutionEnvironmentSchema` and the
|
|
82
|
-
* authorization-api to refuse custom-scoped environments at v1 (
|
|
80
|
+
* authorization-api to refuse custom-scoped environments at v1 (a
|
|
83
81
|
* non-goal).
|
|
84
82
|
*/
|
|
85
83
|
export function isExecutionEnvironmentKind(
|
|
@@ -13,7 +13,7 @@ import {
|
|
|
13
13
|
import { ApprovalRuleSchema, type ApprovalRule } from './approval-rule';
|
|
14
14
|
|
|
15
15
|
/**
|
|
16
|
-
* Canonical Execution Environment Reference grammar
|
|
16
|
+
* Canonical Execution Environment Reference grammar:
|
|
17
17
|
*
|
|
18
18
|
* `environment:<slug>`
|
|
19
19
|
*
|
|
@@ -22,7 +22,7 @@ import { ApprovalRuleSchema, type ApprovalRule } from './approval-rule';
|
|
|
22
22
|
* silently absorb a free-form string.
|
|
23
23
|
*
|
|
24
24
|
* v1 only mints refs whose slug is an `ExecutionEnvironmentKind` value
|
|
25
|
-
* (
|
|
25
|
+
* (custom environments are forbidden at v1). The type still validates the
|
|
26
26
|
* *grammar* — semantic "built-in-only" enforcement lives one layer up
|
|
27
27
|
* in `authorization-api`, which calls
|
|
28
28
|
* `isExecutionEnvironmentKind(parseEnvironmentRef(ref).slug)`.
|
|
@@ -127,8 +127,8 @@ export const BUILT_IN_ENVIRONMENT_REFS: Record<
|
|
|
127
127
|
);
|
|
128
128
|
|
|
129
129
|
/**
|
|
130
|
-
* Runtime budget caps the environment advertises to the gateway
|
|
131
|
-
* `ExecutionEnvironment.runtimeLimits`). All fields are optional — omitted means
|
|
130
|
+
* Runtime budget caps the environment advertises to the gateway
|
|
131
|
+
* (`ExecutionEnvironment.runtimeLimits`). All fields are optional — omitted means
|
|
132
132
|
* "no cap from the environment", but the gateway may still apply org- or
|
|
133
133
|
* grant-level caps. None of these fields fall back to a hidden default.
|
|
134
134
|
*/
|
|
@@ -147,13 +147,13 @@ export const RuntimeLimitsSchema = z.object({
|
|
|
147
147
|
}) as z.ZodType<RuntimeLimits>;
|
|
148
148
|
|
|
149
149
|
/**
|
|
150
|
-
* Allow-list of knowledge scope refs reachable from this environment
|
|
151
|
-
* `ExecutionEnvironment.allowedKnowledgeScopes`).
|
|
150
|
+
* Allow-list of knowledge scope refs reachable from this environment
|
|
151
|
+
* (`ExecutionEnvironment.allowedKnowledgeScopes`).
|
|
152
152
|
*
|
|
153
153
|
* v1 keeps the shape minimal — the ref string is sufficient for the
|
|
154
|
-
* sandbox→prod boundary check
|
|
155
|
-
* sub-schemas (e.g. spaces, page subtrees, redaction rules) are
|
|
156
|
-
*
|
|
154
|
+
* planned sandbox→prod boundary check. Detailed per-scope
|
|
155
|
+
* sub-schemas (e.g. spaces, page subtrees, redaction rules) are deferred
|
|
156
|
+
* to a later phase.
|
|
157
157
|
*/
|
|
158
158
|
export interface KnowledgePolicy {
|
|
159
159
|
allowedRefs: readonly string[];
|
|
@@ -164,13 +164,13 @@ export const KnowledgePolicySchema = z.object({
|
|
|
164
164
|
}) as z.ZodType<KnowledgePolicy>;
|
|
165
165
|
|
|
166
166
|
/**
|
|
167
|
-
* Allow-list of connector binding refs reachable from this environment
|
|
168
|
-
* `ExecutionEnvironment.allowedConnectors`).
|
|
167
|
+
* Allow-list of connector binding refs reachable from this environment
|
|
168
|
+
* (`ExecutionEnvironment.allowedConnectors`).
|
|
169
169
|
*
|
|
170
170
|
* v1 keeps the shape minimal — the ref string is sufficient for the
|
|
171
|
-
* sandbox→prod boundary check
|
|
171
|
+
* planned sandbox→prod boundary check. Per-connector
|
|
172
172
|
* permission detail (per-repo globs, per-tracker projects, etc.) is
|
|
173
|
-
*
|
|
173
|
+
* deferred to a later phase.
|
|
174
174
|
*/
|
|
175
175
|
export interface ConnectorPolicy {
|
|
176
176
|
allowedRefs: readonly string[];
|
|
@@ -181,13 +181,13 @@ export const ConnectorPolicySchema = z.object({
|
|
|
181
181
|
}) as z.ZodType<ConnectorPolicy>;
|
|
182
182
|
|
|
183
183
|
/**
|
|
184
|
-
* Allow-list of biome refs that may run inside this environment
|
|
185
|
-
* `ExecutionEnvironment.allowedBiomes`).
|
|
184
|
+
* Allow-list of biome refs that may run inside this environment
|
|
185
|
+
* (`ExecutionEnvironment.allowedBiomes`).
|
|
186
186
|
*
|
|
187
187
|
* v1 keeps the shape minimal — the ref string is sufficient for the
|
|
188
|
-
* built-in-environment install policy
|
|
189
|
-
* stage restrictions (draft / published / archived) are
|
|
190
|
-
*
|
|
188
|
+
* planned built-in-environment install policy. Lifecycle-
|
|
189
|
+
* stage restrictions (draft / published / archived) are deferred to a
|
|
190
|
+
* later phase.
|
|
191
191
|
*/
|
|
192
192
|
export interface BiomePolicy {
|
|
193
193
|
allowedRefs: readonly string[];
|
|
@@ -198,13 +198,12 @@ export const BiomePolicySchema = z.object({
|
|
|
198
198
|
}) as z.ZodType<BiomePolicy>;
|
|
199
199
|
|
|
200
200
|
/**
|
|
201
|
-
* Allow-list of mount-source refs reachable from this environment
|
|
202
|
-
* `ExecutionEnvironment.allowedMounts`).
|
|
201
|
+
* Allow-list of mount-source refs reachable from this environment
|
|
202
|
+
* (`ExecutionEnvironment.allowedMounts`).
|
|
203
203
|
*
|
|
204
204
|
* v1 keeps the shape minimal — the ref string is sufficient for the
|
|
205
|
-
* XVFS read/write boundary check
|
|
206
|
-
* read/write splitting and path globs are
|
|
207
|
-
* companion plan.
|
|
205
|
+
* planned XVFS read/write boundary check. Per-mount
|
|
206
|
+
* read/write splitting and path globs are deferred to a later phase.
|
|
208
207
|
*/
|
|
209
208
|
export interface MountPolicy {
|
|
210
209
|
allowedRefs: readonly string[];
|
|
@@ -215,7 +214,7 @@ export const MountPolicySchema = z.object({
|
|
|
215
214
|
}) as z.ZodType<MountPolicy>;
|
|
216
215
|
|
|
217
216
|
/**
|
|
218
|
-
* `ExecutionEnvironment` — the canonical permission-plane object
|
|
217
|
+
* `ExecutionEnvironment` — the canonical permission-plane object.
|
|
219
218
|
*
|
|
220
219
|
* An environment declares the capability surface, knowledge/connector/biome/mount
|
|
221
220
|
* allow-lists, approval rules, and runtime budget that apply to every
|
|
@@ -232,7 +231,7 @@ export interface ExecutionEnvironment {
|
|
|
232
231
|
/**
|
|
233
232
|
* The environment's logical scope. v1 only accepts
|
|
234
233
|
* `ExecutionEnvironmentKind` slugs; the string-side of the union is
|
|
235
|
-
* reserved for v2 custom environments (
|
|
234
|
+
* reserved for v2 custom environments (a non-goal at v1).
|
|
236
235
|
*/
|
|
237
236
|
scope: ExecutionEnvironmentKind | string;
|
|
238
237
|
allowedCapabilities: CapabilityPolicy[];
|
|
@@ -250,7 +249,7 @@ export const ExecutionEnvironmentSchema = z.object({
|
|
|
250
249
|
(s) => isExecutionEnvironmentKind(s),
|
|
251
250
|
{
|
|
252
251
|
message:
|
|
253
|
-
'ExecutionEnvironment.scope must be an ExecutionEnvironmentKind slug at v1; custom environments are a v2 extension
|
|
252
|
+
'ExecutionEnvironment.scope must be an ExecutionEnvironmentKind slug at v1; custom environments are a v2 extension.',
|
|
254
253
|
},
|
|
255
254
|
),
|
|
256
255
|
allowedCapabilities: z.array(CapabilityPolicySchema),
|
package/src/inquiry/index.ts
CHANGED
|
@@ -6,8 +6,7 @@
|
|
|
6
6
|
// kind-specific schema, aggregate per a policy, return a verdict."
|
|
7
7
|
//
|
|
8
8
|
// Runtime-agnostic. Pure types + Zod schemas. Zero framework / persistence /
|
|
9
|
-
// workflow-runtime imports.
|
|
10
|
-
// .claude/plans/i-think-what-we-ve-transient-zebra.md.
|
|
9
|
+
// workflow-runtime imports.
|
|
11
10
|
//
|
|
12
11
|
// Per-kind prompt + reply Zod schemas live in their own contract packages
|
|
13
12
|
// (`@xemahq/decision-gate-contracts`, `@xemahq/agent-tool-inquiry-
|
|
@@ -7,7 +7,7 @@ import { z } from 'zod';
|
|
|
7
7
|
* hint a mode via `ExecutionRequirements.mode`, but policy may override it.
|
|
8
8
|
*
|
|
9
9
|
* - `Sync` — the caller holds the request open until the composition produces
|
|
10
|
-
* its root structured output. The smallest correct slice
|
|
10
|
+
* its root structured output. The smallest correct slice.
|
|
11
11
|
* - `Async` — the runtime returns immediately with a `Queued`/`Running`
|
|
12
12
|
* invocation; the caller polls the Invocation record for the terminal state.
|
|
13
13
|
* - `Event` — the runtime returns without an `output`; the result is delivered
|
|
@@ -11,7 +11,7 @@ import {
|
|
|
11
11
|
* per invocation. This is the source of truth for an invocation's lifecycle
|
|
12
12
|
* (never the underlying session).
|
|
13
13
|
*
|
|
14
|
-
* `inputRef`/`outputRef` are blob/JSON references (inline JSON
|
|
14
|
+
* `inputRef`/`outputRef` are blob/JSON references (inline JSON initially,
|
|
15
15
|
* artifact-store refs once payloads grow). Timestamps are ISO-8601 strings.
|
|
16
16
|
*/
|
|
17
17
|
export interface InvocationRecord {
|
|
@@ -7,7 +7,7 @@ import { z } from 'zod';
|
|
|
7
7
|
* default for mail (org+mailbox+emailThreadId): thread context is NEVER
|
|
8
8
|
* reused across unrelated emails.
|
|
9
9
|
* - `PooledThread` — reuse a warm thread within the same `threadKey` (a warm
|
|
10
|
-
* session-pool optimization; future
|
|
10
|
+
* session-pool optimization; a future step).
|
|
11
11
|
*
|
|
12
12
|
* Closed set on purpose — both levels are honored by the runtime's pool/thread
|
|
13
13
|
* management; adding a level is a coordinated kernel change.
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* KernelState adapter kinds
|
|
2
|
+
* KernelState adapter kinds.
|
|
3
3
|
*
|
|
4
|
-
* The
|
|
4
|
+
* The set is explicitly closed to TWO adapters. There is no
|
|
5
5
|
* Postgres adapter for KernelState; Postgres is reserved for service
|
|
6
6
|
* domain data. Two DB engines max in any deployment is a load-bearing
|
|
7
|
-
* invariant — do NOT extend this enum
|
|
7
|
+
* invariant — do NOT extend this enum.
|
|
8
8
|
*
|
|
9
9
|
* - `Sqlite` — file at `~/.xema/dev/kernel-state.sqlite` (dev) or
|
|
10
10
|
* `/var/lib/xema/kernel-state.sqlite` (single-instance). Advisory
|
|
@@ -11,7 +11,7 @@ import { ToolProviderKind, toolProviderKindSchema } from './provider-kind';
|
|
|
11
11
|
* or BiomeInstallation.id) depending on `providerKind`. Cross-org
|
|
12
12
|
* misuse is blocked at every layer (selection PATCH validation,
|
|
13
13
|
* resolver scope binding, bridge token scope, data-layer WHERE
|
|
14
|
-
* clauses)
|
|
14
|
+
* clauses).
|
|
15
15
|
*
|
|
16
16
|
* `toolName` is the canonical MCP tool name as exposed by the
|
|
17
17
|
* provider's `listTools` (NOT a slug; the value MCP clients invoke).
|
|
@@ -4,8 +4,7 @@ import { z } from 'zod';
|
|
|
4
4
|
* Lifecycle every versioned XemaObject moves through. Mirrors
|
|
5
5
|
* `AgentLifecycle` from `@xemahq/agent-composition-contracts` —
|
|
6
6
|
* the two enums MUST stay value-identical (one ownership model across
|
|
7
|
-
* the four primitives + every other XemaObject kind
|
|
8
|
-
* `.claude/rules/skills-and-composition.md`).
|
|
7
|
+
* the four primitives + every other XemaObject kind).
|
|
9
8
|
*
|
|
10
9
|
* - `Draft` — internal revision; never resolved, never installable,
|
|
11
10
|
* never referenced by a lockfile.
|