@xemahq/ui-kernel 0.1.5 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (178) hide show
  1. package/dist/lib/biome-host/create-biome-orval-config.d.ts +14 -0
  2. package/dist/lib/biome-host/create-biome-orval-config.d.ts.map +1 -0
  3. package/dist/lib/biome-host/create-biome-orval-config.js +22 -0
  4. package/dist/lib/biome-host/create-biome-orval-config.js.map +1 -0
  5. package/dist/lib/biome-host/host-bridge.d.ts +2 -0
  6. package/dist/lib/biome-host/host-bridge.d.ts.map +1 -1
  7. package/dist/lib/biome-host/host-bridge.js.map +1 -1
  8. package/dist/lib/biome-host/host-sources.d.ts +2 -0
  9. package/dist/lib/biome-host/host-sources.d.ts.map +1 -1
  10. package/dist/lib/biome-host/index.d.ts +1 -0
  11. package/dist/lib/biome-host/index.d.ts.map +1 -1
  12. package/dist/lib/biome-host/index.js +1 -0
  13. package/dist/lib/biome-host/index.js.map +1 -1
  14. package/dist/session-kit/approvals/ApprovalButton.d.ts +14 -0
  15. package/dist/session-kit/approvals/ApprovalButton.d.ts.map +1 -0
  16. package/dist/session-kit/approvals/ApprovalButton.js +45 -0
  17. package/dist/session-kit/approvals/ApprovalButton.js.map +1 -0
  18. package/dist/session-kit/approvals/ApprovalCard.d.ts +12 -0
  19. package/dist/session-kit/approvals/ApprovalCard.d.ts.map +1 -0
  20. package/dist/session-kit/approvals/ApprovalCard.js +117 -0
  21. package/dist/session-kit/approvals/ApprovalCard.js.map +1 -0
  22. package/dist/session-kit/approvals/ApprovalsCenter.d.ts +11 -0
  23. package/dist/session-kit/approvals/ApprovalsCenter.d.ts.map +1 -0
  24. package/dist/session-kit/approvals/ApprovalsCenter.js +127 -0
  25. package/dist/session-kit/approvals/ApprovalsCenter.js.map +1 -0
  26. package/dist/session-kit/approvals/CapabilityApprovalStickyBar.d.ts +12 -0
  27. package/dist/session-kit/approvals/CapabilityApprovalStickyBar.d.ts.map +1 -0
  28. package/dist/session-kit/approvals/CapabilityApprovalStickyBar.js +36 -0
  29. package/dist/session-kit/approvals/CapabilityApprovalStickyBar.js.map +1 -0
  30. package/dist/session-kit/approvals/Obligation.d.ts +15 -0
  31. package/dist/session-kit/approvals/Obligation.d.ts.map +1 -0
  32. package/dist/session-kit/approvals/Obligation.js +42 -0
  33. package/dist/session-kit/approvals/Obligation.js.map +1 -0
  34. package/dist/session-kit/approvals/ScopedBody.d.ts +9 -0
  35. package/dist/session-kit/approvals/ScopedBody.d.ts.map +1 -0
  36. package/dist/session-kit/approvals/ScopedBody.js +145 -0
  37. package/dist/session-kit/approvals/ScopedBody.js.map +1 -0
  38. package/dist/session-kit/approvals/approval-icons.d.ts +15 -0
  39. package/dist/session-kit/approvals/approval-icons.d.ts.map +1 -0
  40. package/dist/session-kit/approvals/approval-icons.js +3 -0
  41. package/dist/session-kit/approvals/approval-icons.js.map +1 -0
  42. package/dist/session-kit/approvals/approval-model.d.ts +83 -0
  43. package/dist/session-kit/approvals/approval-model.d.ts.map +1 -0
  44. package/dist/session-kit/approvals/approval-model.js +25 -0
  45. package/dist/session-kit/approvals/approval-model.js.map +1 -0
  46. package/dist/session-kit/approvals/index.d.ts +12 -0
  47. package/dist/session-kit/approvals/index.d.ts.map +1 -0
  48. package/dist/session-kit/approvals/index.js +28 -0
  49. package/dist/session-kit/approvals/index.js.map +1 -0
  50. package/dist/session-kit/approvals/obligation-display.d.ts +17 -0
  51. package/dist/session-kit/approvals/obligation-display.d.ts.map +1 -0
  52. package/dist/session-kit/approvals/obligation-display.js +58 -0
  53. package/dist/session-kit/approvals/obligation-display.js.map +1 -0
  54. package/dist/session-kit/approvals/risk-accent.d.ts +8 -0
  55. package/dist/session-kit/approvals/risk-accent.d.ts.map +1 -0
  56. package/dist/session-kit/approvals/risk-accent.js +28 -0
  57. package/dist/session-kit/approvals/risk-accent.js.map +1 -0
  58. package/dist/session-kit/approvals/scope-icons.d.ts +12 -0
  59. package/dist/session-kit/approvals/scope-icons.d.ts.map +1 -0
  60. package/dist/session-kit/approvals/scope-icons.js +14 -0
  61. package/dist/session-kit/approvals/scope-icons.js.map +1 -0
  62. package/dist/session-kit/combobox/Combobox.d.ts +46 -0
  63. package/dist/session-kit/combobox/Combobox.d.ts.map +1 -0
  64. package/dist/session-kit/combobox/Combobox.js +113 -0
  65. package/dist/session-kit/combobox/Combobox.js.map +1 -0
  66. package/dist/session-kit/combobox/use-click-outside.d.ts +3 -0
  67. package/dist/session-kit/combobox/use-click-outside.d.ts.map +1 -0
  68. package/dist/session-kit/combobox/use-click-outside.js +18 -0
  69. package/dist/session-kit/combobox/use-click-outside.js.map +1 -0
  70. package/dist/session-kit/display/ContextHeader.d.ts +27 -0
  71. package/dist/session-kit/display/ContextHeader.d.ts.map +1 -0
  72. package/dist/session-kit/display/ContextHeader.js +47 -0
  73. package/dist/session-kit/display/ContextHeader.js.map +1 -0
  74. package/dist/session-kit/display/FileDiffCard.d.ts +18 -0
  75. package/dist/session-kit/display/FileDiffCard.d.ts.map +1 -0
  76. package/dist/session-kit/display/FileDiffCard.js +58 -0
  77. package/dist/session-kit/display/FileDiffCard.js.map +1 -0
  78. package/dist/session-kit/display/MD.d.ts +7 -0
  79. package/dist/session-kit/display/MD.d.ts.map +1 -0
  80. package/dist/session-kit/display/MD.js +89 -0
  81. package/dist/session-kit/display/MD.js.map +1 -0
  82. package/dist/session-kit/display/MessageTurn.d.ts +21 -0
  83. package/dist/session-kit/display/MessageTurn.d.ts.map +1 -0
  84. package/dist/session-kit/display/MessageTurn.js +62 -0
  85. package/dist/session-kit/display/MessageTurn.js.map +1 -0
  86. package/dist/session-kit/display/ThinkingPanel.d.ts +12 -0
  87. package/dist/session-kit/display/ThinkingPanel.d.ts.map +1 -0
  88. package/dist/session-kit/display/ThinkingPanel.js +30 -0
  89. package/dist/session-kit/display/ThinkingPanel.js.map +1 -0
  90. package/dist/session-kit/display/TodoChecklist.d.ts +17 -0
  91. package/dist/session-kit/display/TodoChecklist.d.ts.map +1 -0
  92. package/dist/session-kit/display/TodoChecklist.js +50 -0
  93. package/dist/session-kit/display/TodoChecklist.js.map +1 -0
  94. package/dist/session-kit/display/TokenMeter.d.ts +15 -0
  95. package/dist/session-kit/display/TokenMeter.d.ts.map +1 -0
  96. package/dist/session-kit/display/TokenMeter.js +35 -0
  97. package/dist/session-kit/display/TokenMeter.js.map +1 -0
  98. package/dist/session-kit/display/ToolStrip.d.ts +31 -0
  99. package/dist/session-kit/display/ToolStrip.d.ts.map +1 -0
  100. package/dist/session-kit/display/ToolStrip.js +99 -0
  101. package/dist/session-kit/display/ToolStrip.js.map +1 -0
  102. package/dist/session-kit/display/TypingDots.d.ts +3 -0
  103. package/dist/session-kit/display/TypingDots.d.ts.map +1 -0
  104. package/dist/session-kit/display/TypingDots.js +14 -0
  105. package/dist/session-kit/display/TypingDots.js.map +1 -0
  106. package/dist/session-kit/index.d.ts +21 -0
  107. package/dist/session-kit/index.d.ts.map +1 -0
  108. package/dist/session-kit/index.js +37 -0
  109. package/dist/session-kit/index.js.map +1 -0
  110. package/dist/session-kit/lib/enums.d.ts +34 -0
  111. package/dist/session-kit/lib/enums.d.ts.map +1 -0
  112. package/dist/session-kit/lib/enums.js +44 -0
  113. package/dist/session-kit/lib/enums.js.map +1 -0
  114. package/dist/session-kit/lib/portal-accent.d.ts +3 -0
  115. package/dist/session-kit/lib/portal-accent.d.ts.map +1 -0
  116. package/dist/session-kit/lib/portal-accent.js +9 -0
  117. package/dist/session-kit/lib/portal-accent.js.map +1 -0
  118. package/dist/session-kit/lib/status-dot.d.ts +10 -0
  119. package/dist/session-kit/lib/status-dot.d.ts.map +1 -0
  120. package/dist/session-kit/lib/status-dot.js +43 -0
  121. package/dist/session-kit/lib/status-dot.js.map +1 -0
  122. package/dist/session-kit/primitives/Avatar.d.ts +10 -0
  123. package/dist/session-kit/primitives/Avatar.d.ts.map +1 -0
  124. package/dist/session-kit/primitives/Avatar.js +21 -0
  125. package/dist/session-kit/primitives/Avatar.js.map +1 -0
  126. package/dist/session-kit/primitives/PortalGlyph.d.ts +12 -0
  127. package/dist/session-kit/primitives/PortalGlyph.d.ts.map +1 -0
  128. package/dist/session-kit/primitives/PortalGlyph.js +21 -0
  129. package/dist/session-kit/primitives/PortalGlyph.js.map +1 -0
  130. package/dist/session-kit/primitives/RiskPill.d.ts +12 -0
  131. package/dist/session-kit/primitives/RiskPill.d.ts.map +1 -0
  132. package/dist/session-kit/primitives/RiskPill.js +53 -0
  133. package/dist/session-kit/primitives/RiskPill.js.map +1 -0
  134. package/dist/session-kit/primitives/ScopeDot.d.ts +9 -0
  135. package/dist/session-kit/primitives/ScopeDot.d.ts.map +1 -0
  136. package/dist/session-kit/primitives/ScopeDot.js +23 -0
  137. package/dist/session-kit/primitives/ScopeDot.js.map +1 -0
  138. package/dist/session-kit/primitives/Segmented.d.ts +16 -0
  139. package/dist/session-kit/primitives/Segmented.d.ts.map +1 -0
  140. package/dist/session-kit/primitives/Segmented.js +31 -0
  141. package/dist/session-kit/primitives/Segmented.js.map +1 -0
  142. package/package.json +3 -3
  143. package/src/lib/biome-host/create-biome-orval-config.ts +76 -0
  144. package/src/lib/biome-host/host-bridge.ts +22 -0
  145. package/src/lib/biome-host/host-sources.ts +13 -0
  146. package/src/lib/biome-host/index.ts +1 -0
  147. package/src/session-kit/approvals/ApprovalButton.tsx +89 -0
  148. package/src/session-kit/approvals/ApprovalCard.tsx +336 -0
  149. package/src/session-kit/approvals/ApprovalsCenter.tsx +327 -0
  150. package/src/session-kit/approvals/CapabilityApprovalStickyBar.tsx +118 -0
  151. package/src/session-kit/approvals/Obligation.tsx +111 -0
  152. package/src/session-kit/approvals/ScopedBody.tsx +392 -0
  153. package/src/session-kit/approvals/approval-icons.ts +31 -0
  154. package/src/session-kit/approvals/approval-model.ts +205 -0
  155. package/src/session-kit/approvals/index.ts +22 -0
  156. package/src/session-kit/approvals/obligation-display.ts +100 -0
  157. package/src/session-kit/approvals/risk-accent.ts +47 -0
  158. package/src/session-kit/approvals/scope-icons.ts +19 -0
  159. package/src/session-kit/combobox/Combobox.tsx +327 -0
  160. package/src/session-kit/combobox/use-click-outside.ts +21 -0
  161. package/src/session-kit/display/ContextHeader.tsx +148 -0
  162. package/src/session-kit/display/FileDiffCard.tsx +140 -0
  163. package/src/session-kit/display/MD.tsx +153 -0
  164. package/src/session-kit/display/MessageTurn.tsx +157 -0
  165. package/src/session-kit/display/ThinkingPanel.tsx +78 -0
  166. package/src/session-kit/display/TodoChecklist.tsx +120 -0
  167. package/src/session-kit/display/TokenMeter.tsx +89 -0
  168. package/src/session-kit/display/ToolStrip.tsx +278 -0
  169. package/src/session-kit/display/TypingDots.tsx +24 -0
  170. package/src/session-kit/index.ts +44 -0
  171. package/src/session-kit/lib/enums.ts +66 -0
  172. package/src/session-kit/lib/portal-accent.ts +30 -0
  173. package/src/session-kit/lib/status-dot.ts +68 -0
  174. package/src/session-kit/primitives/Avatar.tsx +44 -0
  175. package/src/session-kit/primitives/PortalGlyph.tsx +51 -0
  176. package/src/session-kit/primitives/RiskPill.tsx +95 -0
  177. package/src/session-kit/primitives/ScopeDot.tsx +47 -0
  178. package/src/session-kit/primitives/Segmented.tsx +71 -0
@@ -0,0 +1,205 @@
1
+ /**
2
+ * Approval primitive — generic frame model + scoped-body payloads
3
+ * (Pillar 3 of the Xema Portals design handoff; HANDOFF §6).
4
+ *
5
+ * The approval is the runtime face of a kernel policy decision: a
6
+ * capability call returns `allow | deny | needs_approval`
7
+ * (`PolicyDecisionKind`); on `needs_approval` the gateway suspends the
8
+ * call and renders a TYPED approval. The frame is identical platform-wide
9
+ * (risk pill + capability ref + obligations + quorum + actions); each
10
+ * biome supplies a typed `scope` body for rich detail — the same
11
+ * generic-frame + biome-body pattern as the in-chat widget registry
12
+ * (HANDOFF §3.2) and the preview-tab kinds (HANDOFF §5).
13
+ *
14
+ * This module REUSES the kernel contracts rather than redefining them:
15
+ * • `CapabilityRiskTier` (low/medium/high/critical) — risk pill + accent
16
+ * • `PolicyObligationKind` (the closed 9-kind taxonomy) — obligation chips
17
+ * • `CapabilityRef` (`domain.biome/action@v` mono ref)
18
+ * It only ADDS the two things the kernel has no opinion on: the closed
19
+ * `ApprovalScopeKind` set + its discriminated scope-payload union (the
20
+ * biome-supplied detail), and the binary `ApprovalDecision` the surfaces
21
+ * emit. Both are presentation contracts, not policy contracts.
22
+ */
23
+ import type { CapabilityRiskTier } from '@xemahq/kernel-contracts/capability';
24
+ import type { PolicyObligationKind } from '@xemahq/kernel-contracts/policy';
25
+
26
+ /**
27
+ * Closed set of biome-supplied scoped-body kinds (HANDOFF §6). This is the
28
+ * approval analogue of `ChatWidgetKind` — a typed, versioned catalogue of
29
+ * rich bodies that render UNDER the generic frame. The renderer
30
+ * (`ScopedBody`) switches on `kind`; an unknown kind fails SAFE to a
31
+ * visible "unknown scope" rendering rather than a silent drop.
32
+ *
33
+ * First-party kinds ship here; a biome registers a custom kind the same
34
+ * way it registers a chat widget (backend-defined, versioned). Extend the
35
+ * enum + add a body component + a `union` member in lockstep — never match
36
+ * on a free-form string.
37
+ */
38
+ export enum ApprovalScopeKind {
39
+ Payment = 'payment',
40
+ Sql = 'sql',
41
+ Slack = 'slack',
42
+ Deploy = 'deploy',
43
+ Files = 'files',
44
+ }
45
+
46
+ /** Disbursement / payment scope (finance biomes). */
47
+ export interface PaymentScope {
48
+ readonly kind: ApprovalScopeKind.Payment;
49
+ /** Pre-formatted display amount (e.g. `$18,400.00`). */
50
+ readonly amount: string;
51
+ readonly payee: string;
52
+ /** Payment rail, e.g. `ACH wire`. */
53
+ readonly method: string;
54
+ /** Masked account, e.g. `•••• 7741`. */
55
+ readonly account: string;
56
+ readonly memo?: string;
57
+ }
58
+
59
+ /** Write-query scope (data-warehouse biomes). */
60
+ export interface SqlScope {
61
+ readonly kind: ApprovalScopeKind.Sql;
62
+ readonly dialect: string;
63
+ readonly table: string;
64
+ /** Pre-formatted affected-row estimate (e.g. `≈ 1,240`). */
65
+ readonly rowsAffected: string;
66
+ readonly query: string;
67
+ }
68
+
69
+ /** Outbound message scope (chat / outreach biomes). */
70
+ export interface SlackScope {
71
+ readonly kind: ApprovalScopeKind.Slack;
72
+ readonly channel: string;
73
+ readonly workspace: string;
74
+ /** The identity the message is posted as (e.g. `@sales-bot`). */
75
+ readonly as: string;
76
+ readonly message: string;
77
+ }
78
+
79
+ /** Production-deploy scope (release biomes). */
80
+ export interface DeployScope {
81
+ readonly kind: ApprovalScopeKind.Deploy;
82
+ readonly version: string;
83
+ readonly cluster: string;
84
+ readonly services: number;
85
+ readonly migrations: number;
86
+ readonly changelog: readonly string[];
87
+ }
88
+
89
+ /** A single changed file with line deltas. */
90
+ export interface ApprovalFileChange {
91
+ readonly path: string;
92
+ readonly add: number;
93
+ readonly del: number;
94
+ }
95
+
96
+ /** Working-tree write scope (software-dev biomes). */
97
+ export interface FilesScope {
98
+ readonly kind: ApprovalScopeKind.Files;
99
+ readonly files: readonly ApprovalFileChange[];
100
+ }
101
+
102
+ /**
103
+ * Discriminated union of every first-party scope payload. The `kind`
104
+ * discriminant maps 1:1 onto `ApprovalScopeKind`; `ScopedBody` is an
105
+ * exhaustive switch over it with a safe fallback for unknown kinds (so a
106
+ * biome that ships a not-yet-known scope renders a visible placeholder
107
+ * instead of crashing or silently dropping the body).
108
+ */
109
+ export type ApprovalScope =
110
+ | PaymentScope
111
+ | SqlScope
112
+ | SlackScope
113
+ | DeployScope
114
+ | FilesScope;
115
+
116
+ /**
117
+ * A rendered obligation — the `PolicyObligationKind` discriminant plus a
118
+ * pre-formatted display value the producer derived from the typed kernel
119
+ * `PolicyObligation` payload (e.g. `max-cost-usd` → `$25,000`,
120
+ * `max-duration-seconds` → `30s`). The kit deliberately takes a formatted
121
+ * `value` string rather than the raw typed payload so the chip stays
122
+ * presentation-only; the host's `obligationDisplay` helper does the
123
+ * typed→display mapping from the wire `PolicyObligation`.
124
+ */
125
+ export interface ApprovalObligation {
126
+ readonly kind: PolicyObligationKind;
127
+ /** Pre-formatted display value for the chip's trailing mono span. */
128
+ readonly value?: string;
129
+ }
130
+
131
+ /**
132
+ * The generic approval request — the envelope every surface (inline card,
133
+ * sticky bar, Center row) renders. Field names mirror the kernel/wire
134
+ * shape so the backend approval envelope (capability ref, riskTier,
135
+ * obligations[], requireRole, requireApproverCount, approvalsIn, scope)
136
+ * maps onto it 1:1.
137
+ */
138
+ export interface ApprovalRequest {
139
+ /** Stable id of the suspended invocation awaiting approval. */
140
+ readonly id: string;
141
+ /** Capability ref (`domain.biome/action@v`) rendered mono in the frame. */
142
+ readonly capability: string;
143
+ /** Owning biome id + display name (the scoped body's provenance). */
144
+ readonly biomeId: string;
145
+ readonly biomeName: string;
146
+ /** Serif title + one-line summary (the generic frame's headline). */
147
+ readonly title: string;
148
+ readonly summary: string;
149
+ /** Kernel risk tier — drives the pill + accent + low/critical action set. */
150
+ readonly riskTier: CapabilityRiskTier;
151
+ /** Obligations rendered as chips (closed `PolicyObligationKind` taxonomy). */
152
+ readonly obligations?: readonly ApprovalObligation[];
153
+ /** Approver role required by the matched `ApprovalRule`, if any. */
154
+ readonly requireRole?: string;
155
+ /** Quorum size; `1` (or absent) = single-approver. */
156
+ readonly requireApproverCount?: number;
157
+ /** Approvals already collected toward the quorum. */
158
+ readonly approvalsIn?: number;
159
+ /** Biome-supplied typed scope body. */
160
+ readonly scope: ApprovalScope;
161
+ }
162
+
163
+ /**
164
+ * Binary surface decision. Closed set — never a free-form string. The
165
+ * "allow once" vs "approve & remember" distinction is a UI affordance on
166
+ * top of the same `Approved` decision (the remember flag is carried
167
+ * separately when the backend supports it); both resolve the suspended
168
+ * call. The denied/override-rationale path is DEFERRED (HANDOFF §6).
169
+ */
170
+ export enum ApprovalDecision {
171
+ Approved = 'approved',
172
+ Denied = 'denied',
173
+ }
174
+
175
+ /**
176
+ * A pending approval as it appears in the cross-portal Approvals Center —
177
+ * the request plus the portal/session context it was raised in. The
178
+ * portal fields are first-class so Pillar 4 (Portals) can batch and group
179
+ * approvals across portals without reshaping this model.
180
+ */
181
+ export interface ApprovalCenterItem {
182
+ /** Mirrors `request.id`; kept distinct so a Center may track its own row id. */
183
+ readonly id: string;
184
+ readonly request: ApprovalRequest;
185
+ /** Portal the approval was raised in (Pillar 4 cross-portal context). */
186
+ readonly portalId?: string;
187
+ readonly portalName?: string;
188
+ /** Portal accent token (`var(--p-*)`) for the row glyph; optional. */
189
+ readonly portalAccentVar?: `var(--${string})`;
190
+ /** Session the suspended capability belongs to ("Open session"). */
191
+ readonly sessionId?: string;
192
+ readonly sessionTitle?: string;
193
+ }
194
+
195
+ /** True when the tier always demands an explicit Approve (no allow-once). */
196
+ export function isExplicitApprovalTier(tier: CapabilityRiskTier): boolean {
197
+ // `critical` and `high` are explicit-only (HANDOFF §6: critical always
198
+ // explicit; high uses the warning accent and skips allow-once-remember).
199
+ return tier === 'critical' || tier === 'high';
200
+ }
201
+
202
+ /** True when the request carries a multi-approver quorum. */
203
+ export function isQuorum(req: ApprovalRequest): boolean {
204
+ return (req.requireApproverCount ?? 1) > 1;
205
+ }
@@ -0,0 +1,22 @@
1
+ /**
2
+ * `@xemahq/ui-kernel/session-kit` approvals — the generic approval
3
+ * primitive (Pillar 3 of the Xema Portals design handoff; HANDOFF §6).
4
+ *
5
+ * Generic frame + scoped bodies + sticky bar + Approvals Center. Models on
6
+ * the kernel contracts (`CapabilityRiskTier`, `PolicyObligationKind`) and
7
+ * adds only the presentation contracts the kernel has no opinion on
8
+ * (`ApprovalScopeKind` + scope union, `ApprovalDecision`). Every component
9
+ * is icon-agnostic and prop-driven — the host supplies the icon bundle and
10
+ * the data.
11
+ */
12
+ export * from './approval-model';
13
+ export * from './obligation-display';
14
+ export * from './scope-icons';
15
+ export * from './risk-accent';
16
+ export * from './approval-icons';
17
+ export * from './ApprovalButton';
18
+ export * from './Obligation';
19
+ export * from './ScopedBody';
20
+ export * from './ApprovalCard';
21
+ export * from './CapabilityApprovalStickyBar';
22
+ export * from './ApprovalsCenter';
@@ -0,0 +1,100 @@
1
+ /**
2
+ * Obligation → display metadata map (HANDOFF §6).
3
+ *
4
+ * Covers ALL NINE obligation kinds in the kernel closed taxonomy —
5
+ * `audit`, `redact-secrets`, `require-runner-kind`,
6
+ * `require-human-approval`, `max-duration-seconds`, `max-cost-usd`,
7
+ * `restrict-output-classification`, `data-residency`, `egress-allowlist`.
8
+ *
9
+ * The map is typed `Record<PolicyObligationKind, …>` so it is EXHAUSTIVE
10
+ * over the installed kernel enum: adding a new `PolicyObligationKind`
11
+ * member is a COMPILE ERROR here until it gets a label + icon key. The
12
+ * published `@xemahq/kernel-contracts` enum now ships all nine members
13
+ * (incl. `egress-allowlist`), so every kind is keyed directly by its enum
14
+ * value — no literal-wire fallback is needed.
15
+ *
16
+ * The kit is icon-agnostic: this module names a stable `iconKey`
17
+ * (`ObligationIcon`) and the host translates it into a concrete icon node
18
+ * via the `Obligation`/`renderIcon` prop. No icon dependency leaks into
19
+ * the kernel package.
20
+ */
21
+ import { PolicyObligationKind } from '@xemahq/kernel-contracts/policy';
22
+
23
+ /**
24
+ * Stable, icon-set-agnostic glyph keys for obligation chips. The host
25
+ * maps each onto a concrete icon (lucide, etc.); the kit never imports an
26
+ * icon set. Closed set — one key per obligation family.
27
+ */
28
+ export enum ObligationIcon {
29
+ Dollar = 'dollar',
30
+ ShieldCheck = 'shield-check',
31
+ Scroll = 'scroll',
32
+ Eye = 'eye',
33
+ Clock = 'clock',
34
+ Layers = 'layers',
35
+ Globe = 'globe',
36
+ Lock = 'lock',
37
+ Network = 'network',
38
+ }
39
+
40
+ export interface ObligationDisplayMeta {
41
+ readonly iconKey: ObligationIcon;
42
+ readonly label: string;
43
+ }
44
+
45
+ /**
46
+ * Chip metadata for every member of the kernel `PolicyObligationKind`
47
+ * enum. Typed as `Record<PolicyObligationKind, …>` so adding a new kernel
48
+ * enum member is a COMPILE ERROR here until it gets a label + icon key —
49
+ * the exhaustiveness guarantee.
50
+ */
51
+ const ENUM_OBLIGATION_DISPLAY: Record<
52
+ PolicyObligationKind,
53
+ ObligationDisplayMeta
54
+ > = {
55
+ [PolicyObligationKind.MaxCostUsd]: {
56
+ iconKey: ObligationIcon.Dollar,
57
+ label: 'Spend cap',
58
+ },
59
+ [PolicyObligationKind.RequireHumanApproval]: {
60
+ iconKey: ObligationIcon.ShieldCheck,
61
+ label: 'Human approval',
62
+ },
63
+ [PolicyObligationKind.Audit]: {
64
+ iconKey: ObligationIcon.Scroll,
65
+ label: 'Audited',
66
+ },
67
+ [PolicyObligationKind.RestrictOutputClassification]: {
68
+ iconKey: ObligationIcon.Eye,
69
+ label: 'Output limited',
70
+ },
71
+ [PolicyObligationKind.MaxDurationSeconds]: {
72
+ iconKey: ObligationIcon.Clock,
73
+ label: 'Time cap',
74
+ },
75
+ [PolicyObligationKind.RequireRunnerKind]: {
76
+ iconKey: ObligationIcon.Layers,
77
+ label: 'Runner',
78
+ },
79
+ [PolicyObligationKind.DataResidency]: {
80
+ iconKey: ObligationIcon.Globe,
81
+ label: 'Residency',
82
+ },
83
+ [PolicyObligationKind.RedactSecrets]: {
84
+ iconKey: ObligationIcon.Lock,
85
+ label: 'Redacted',
86
+ },
87
+ [PolicyObligationKind.EgressAllowlist]: {
88
+ iconKey: ObligationIcon.Network,
89
+ label: 'Egress',
90
+ },
91
+ };
92
+
93
+ /**
94
+ * The authoritative obligation-kind → chip metadata map, keyed by the
95
+ * obligation wire-string. Exhaustive over the installed kernel enum via
96
+ * `ENUM_OBLIGATION_DISPLAY` (compile-checked).
97
+ */
98
+ export const OBLIGATION_DISPLAY: Record<string, ObligationDisplayMeta> = {
99
+ ...ENUM_OBLIGATION_DISPLAY,
100
+ };
@@ -0,0 +1,47 @@
1
+ /**
2
+ * Risk-tier → colour expressions for the approval frame's accent rail and
3
+ * the sticky bar (HANDOFF §6). RiskPill owns the PILL styling; this map is
4
+ * the matching surface accent (foreground / soft background / border) the
5
+ * frame and bar paint with. Both read the SAME kernel `CapabilityRiskTier`
6
+ * enum so the pill and the rail can never disagree on a tier's colour.
7
+ *
8
+ * low → ink / muted (quiet)
9
+ * medium → --info
10
+ * high → --warning
11
+ * critical → --destructive / --danger
12
+ */
13
+ import { CapabilityRiskTier } from '@xemahq/kernel-contracts/capability';
14
+
15
+ export interface RiskAccent {
16
+ /** Solid accent (rail, icon, critical button). */
17
+ readonly fg: string;
18
+ /** Soft tinted background (sticky bar surface). */
19
+ readonly bg: string;
20
+ /** Border (sticky bar, critical card outline). */
21
+ readonly bd: string;
22
+ }
23
+
24
+ const DANGER = 'var(--destructive, var(--danger))';
25
+
26
+ export const RISK_ACCENT: Record<CapabilityRiskTier, RiskAccent> = {
27
+ [CapabilityRiskTier.Low]: {
28
+ fg: 'hsl(var(--ink-3))',
29
+ bg: 'hsl(var(--muted))',
30
+ bd: 'hsl(var(--rule))',
31
+ },
32
+ [CapabilityRiskTier.Medium]: {
33
+ fg: 'hsl(var(--info))',
34
+ bg: 'hsl(var(--info) / 0.07)',
35
+ bd: 'hsl(var(--info) / 0.28)',
36
+ },
37
+ [CapabilityRiskTier.High]: {
38
+ fg: 'hsl(var(--warning))',
39
+ bg: 'hsl(var(--warning) / 0.08)',
40
+ bd: 'hsl(var(--warning) / 0.3)',
41
+ },
42
+ [CapabilityRiskTier.Critical]: {
43
+ fg: `hsl(${DANGER})`,
44
+ bg: `hsl(${DANGER} / 0.07)`,
45
+ bd: `hsl(${DANGER} / 0.32)`,
46
+ },
47
+ };
@@ -0,0 +1,19 @@
1
+ /**
2
+ * Stable, icon-set-agnostic glyph keys used by the scoped approval bodies
3
+ * (`ScopedBody`). Kept in its own module (not alongside the body
4
+ * components) so the icon bundle and the bodies can both import it without
5
+ * a component file also exporting a non-component value.
6
+ */
7
+ import type { ReactNode } from 'react';
8
+
9
+ export enum ScopeIcon {
10
+ Database = 'database',
11
+ Layers = 'layers',
12
+ Alert = 'alert',
13
+ Send = 'send',
14
+ Globe = 'globe',
15
+ ArrowRight = 'arrow-right',
16
+ FileEdit = 'file-edit',
17
+ }
18
+
19
+ export type ScopeIconRenderer = (key: ScopeIcon, size: number) => ReactNode;