agent-enderun 0.1.10 → 0.2.0

package/packages/framework-mcp/src/tools/security.ts

@@ -0,0 +1,122 @@
+import fs from "fs";
+import path from "path";
+import { Project, SyntaxKind } from "ts-morph";
+import { 
+    collectFilesRecursively, 
+    resolveSafePath, 
+    buildLineMatches 
+} from "../utils.js";
+import { 
+    SECURITY_AUDIT_ARGS_SCHEMA, 
+    ANALYZE_CONSTITUTION_COMPLIANCE_ARGS_SCHEMA 
+} from "../schemas.js";
+
+export const securityTools = [
+    {
+        name: "security_audit_scan",
+        description: "Scans the codebase for security vulnerabilities like hardcoded secrets, raw SQL, and unsafe async patterns.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                path: {
+                    type: "string",
+                    description: "Path to scan (relative to project root)",
+                    default: ".",
+                },
+            },
+        },
+    },
+    {
+        name: "analyze_constitution_compliance",
+        description: "Scans a file or directory for violations of the project's ENDERUN.md rules (e.g. Zero UI Library, Branded Types).",
+        inputSchema: {
+            type: "object",
+            properties: {
+                path: {
+                    type: "string",
+                    description: "Path to scan (relative to project root)",
+                },
+            },
+            required: ["path"],
+        },
+    },
+];
+
+export const securityHandlers = {
+    security_audit_scan: async (args: any, projectRoot: string) => {
+        const parsed = SECURITY_AUDIT_ARGS_SCHEMA.safeParse(args ?? {});
+        if (!parsed.success) return { content: [{ type: "text", text: "Invalid path argument." }] };
+        const vulnerabilities: string[] = [];
+        const scanRules = [
+            { pattern: /sql`/, message: "Potential Raw SQL usage detected (check Kysely usage)", severity: "HIGH" },
+            { pattern: /(?<!\/\/\s*)console\.log/, message: "console.log found in production code", severity: "LOW" },
+            { pattern: /(password|secret|api_?key)\s*[:=]\s*['"][^'"]+['"]/i, message: "Potential hardcoded secret/password detected", severity: "CRITICAL" },
+            { pattern: /:\s*any(?!\w)/, message: "Usage of 'any' type detected", severity: "MEDIUM" },
+            { pattern: /(?<!\w)eval\s*\(/, message: "Dangerous 'eval()' usage detected", severity: "HIGH" },
+            { pattern: /\.innerHTML\s*=/, message: "Unsafe innerHTML assignment detected (XSS risk)", severity: "MEDIUM" },
+            { pattern: /dangerouslySetInnerHTML/, message: "React dangerouslySetInnerHTML detected", severity: "MEDIUM" },
+            { pattern: /TODO:/, message: "Outstanding TODO item found", severity: "LOW" },
+        ];
+        try {
+            const safeTargetPath = resolveSafePath(projectRoot, parsed.data.path);
+            if (!fs.existsSync(safeTargetPath)) return { content: [{ type: "text", text: "Target path not found." }] };
+            const files = collectFilesRecursively(safeTargetPath, new Set(["ts", "tsx"]));
+            for (const rule of scanRules) {
+                const ruleMatches = buildLineMatches(files, (line) => typeof rule.pattern === "string" ? line.includes(rule.pattern) : rule.pattern.test(line), 5, projectRoot);
+                if (ruleMatches.length > 0) vulnerabilities.push(`[${rule.severity}] ${rule.message}:\n${ruleMatches.join("\n")}`);
+            }
+            const tsProject = new Project({ compilerOptions: { allowJs: true } });
+            tsProject.addSourceFilesAtPaths(path.join(safeTargetPath, "**/*.{ts,tsx}"));
+            for (const sourceFile of tsProject.getSourceFiles()) {
+                const relativePath = path.relative(projectRoot, sourceFile.getFilePath());
+                sourceFile.forEachDescendant((node) => {
+                    if (node.getKindName() === "AnyKeyword") {
+                        vulnerabilities.push(`[MEDIUM] Precise 'any' type detected in AST at ${relativePath}:${node.getStartLineNumber()}`);
+                    }
+                    if (node.getKind() === SyntaxKind.CallExpression) {
+                        const callExp = node.asKind(SyntaxKind.CallExpression);
+                        if (callExp?.getExpression().getText() === "console.log") {
+                            vulnerabilities.push(`[LOW] Production 'console.log' detected in AST at ${relativePath}:${node.getStartLineNumber()}`);
+                        }
+                    }
+                });
+            }
+            return { content: [{ type: "text", text: vulnerabilities.length > 0 ? `### ADVANCED SECURITY AUDIT RESULTS\n\n${Array.from(new Set(vulnerabilities)).join("\n\n")}` : "No security patterns or rule violations detected (Regex & AST verified)." }] };
+        } catch (error) {
+            return { content: [{ type: "text", text: "Security scan failed." }] };
+        }
+    },
+    analyze_constitution_compliance: async (args: any, projectRoot: string) => {
+        const parsed = ANALYZE_CONSTITUTION_COMPLIANCE_ARGS_SCHEMA.safeParse(args ?? {});
+        if (!parsed.success) return { content: [{ type: "text", text: "Invalid path argument." }] };
+        try {
+            const safePath = resolveSafePath(projectRoot, parsed.data.path);
+            const violations: string[] = [];
+            const checkFile = (filePath: string) => {
+                const content = fs.readFileSync(filePath, "utf-8");
+                const relativePath = path.relative(projectRoot, filePath);
+                const forbiddenLibraries = ["@shadcn", "mui", "@chakra-ui", "antd", "bootstrap", "tailwindcss"];
+                for (const lib of forbiddenLibraries) {
+                    if (content.includes(lib)) violations.push(`${relativePath}: Violation of Zero UI Library Policy (found '${lib}')`);
+                }
+                if (content.includes("console.log") && !filePath.includes("cli.js") && !filePath.includes("node_modules")) {
+                    violations.push(`${relativePath}: Violation of Logging Policy (found 'console.log', use proper logger)`);
+                }
+                if (content.includes("sql`") && !filePath.includes("node_modules")) {
+                    violations.push(`${relativePath}: Potential Violation of Kysely Standards (found raw 'sql' tag)`);
+                }
+                if (filePath.endsWith(".ts") && !filePath.includes("shared-types") && !filePath.includes("node_modules")) {
+                    if (content.match(/interface.*ID\s*:\s*string/)) violations.push(`${relativePath}: Violation of Branded Types Law (found ID typed as plain string)`);
+                }
+            };
+            if (fs.lstatSync(safePath).isDirectory()) {
+                collectFilesRecursively(safePath, new Set(["ts", "tsx", "js", "jsx"])).forEach(checkFile);
+            } else {
+                checkFile(safePath);
+            }
+            return { content: [{ type: "text", text: `### CONSTITUTION COMPLIANCE REPORT\n\n` + (violations.length > 0 ? `⚠️ **VIOLATIONS FOUND:**\n${violations.map(v => `- ${v}`).join("\n")}` : "✅ **ALL SYSTEMS COMPLIANT:** No violations of ENDERUN.md rules detected.") }] };
+        } catch (error) {
+            return { content: [{ type: "text", text: "Compliance analysis failed." }] };
+        }
+    },
+};

package/packages/framework-mcp/src/utils.ts

@@ -0,0 +1,90 @@
+import path from "path";
+import fs from "fs";
+
+export const FRAMEWORK_VERSION = "0.2.0";
+
+export function getFrameworkDir(projectRoot: string): string {
+    const adapters = [".gemini", ".claude", ".cursor", ".codex", ".enderun"];
+    for (const adp of adapters) {
+        const fullPath = path.join(projectRoot, adp);
+        if (fs.existsSync(fullPath) && fs.lstatSync(fullPath).isDirectory()) {
+            return adp;
+        }
+    }
+    return ".enderun";
+}
+
+export function resolveSafePath(projectRoot: string, targetPath: string): string {
+    const resolved = path.resolve(projectRoot, targetPath);
+    const relative = path.relative(projectRoot, resolved);
+    if (relative.startsWith("..") || path.isAbsolute(relative)) {
+        throw new Error("Path escapes project root.");
+    }
+    return resolved;
+}
+
+export function collectFilesRecursively(targetPath: string, extensions: Set<string>): string[] {
+    const results: string[] = [];
+    const entries = fs.readdirSync(targetPath, { withFileTypes: true });
+    for (const entry of entries) {
+        const fullPath = path.join(targetPath, entry.name);
+        if (entry.isDirectory()) {
+            if (entry.name === "node_modules" || entry.name === ".git")
+                continue;
+            results.push(...collectFilesRecursively(fullPath, extensions));
+            continue;
+        }
+        const ext = path.extname(entry.name).slice(1).toLowerCase();
+        if (extensions.has(ext))
+            results.push(fullPath);
+    }
+    return results;
+}
+
+export function buildLineMatches(files: string[], matcher: (line: string) => boolean, maxResults: number, projectRoot: string): string[] {
+    const matches: string[] = [];
+    for (const filePath of files) {
+        if (matches.length >= maxResults)
+            break;
+        const content = fs.readFileSync(filePath, "utf-8");
+        const lines = content.split("\n");
+        for (let i = 0; i < lines.length; i++) {
+            if (matches.length >= maxResults)
+                break;
+            const line = lines[i];
+            if (!matcher(line))
+                continue;
+            const relativePath = path.relative(projectRoot, filePath);
+            matches.push(`${relativePath}:${i + 1}:${line}`);
+        }
+    }
+    return matches;
+}
+
+export function collectMarkdownArtifacts(projectRoot: string): string[] {
+    const docsRoot = path.join(projectRoot, "docs");
+    if (!fs.existsSync(docsRoot))
+        return [];
+    return collectFilesRecursively(docsRoot, new Set(["md"])).map((filePath) => path.relative(projectRoot, filePath));
+}
+
+export function replaceSectionContent(markdown: string, sectionTitle: string, newBody: string): string {
+    const escaped = sectionTitle.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    const sectionRegex = new RegExp(`## ${escaped}[\\s\\S]*?(?=\\n## |$)`, "m");
+    if (!sectionRegex.test(markdown)) {
+        throw new Error(`Section not found: ${sectionTitle}`);
+    }
+    return markdown.replace(sectionRegex, `## ${sectionTitle}\n\n${newBody.trim()}\n`);
+}
+
+export function prependToSection(markdown: string, sectionTitle: string, contentToPrepend: string): string {
+    const escaped = sectionTitle.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    const sectionRegex = new RegExp(`(## ${escaped}\\n)([\\s\\S]*?)(?=\\n## |$)`, "m");
+    const match = markdown.match(sectionRegex);
+    if (!match) {
+        throw new Error(`Section not found: ${sectionTitle}`);
+    }
+    const currentBody = match[2].trimStart();
+    const updatedBody = `${contentToPrepend.trim()}\n\n${currentBody}`.trim();
+    return markdown.replace(sectionRegex, `$1\n${updatedBody}\n`);
+}

package/packages/framework-mcp/tests/mcp-server.test.ts

@@ -0,0 +1,6 @@
+describe('MCP Server Integrity', () => {
+  it('should have a valid framework version', () => {
+    const version = "0.2.0";
+    expect(version).toBe("0.2.0");
+  });
+});

package/packages/shared-types/README.md

@@ -1,79 +1,56 @@
-# AI-Enderun Shared Types v0.1.10
+# AI-Enderun Shared Types (v0.2.0)
 
 English | [Türkçe](#türkçe)
 
-The `@ai-enderun/shared-types` package is the core contract layer of AI-Enderun. It defines the shared data model, API request/response shapes, and branded identifiers that backend and frontend agents must agree on before implementation.
+The `@ai-enderun/shared-types` package is the "Supreme Law" of data within the Agent Enderun framework. It ensures perfect synchronization between backend and frontend through a **Contract-First** approach.
 
 ## English
 
-### Purpose
+### Core Principles
 
-This package prevents contract drift and enforces a contract-first workflow across the entire repository. It is the single source of truth for typed API boundaries, domain IDs, and common response shapes.
+- **Zero Drift:** Backend and frontend implementation must strictly follow these types.
+- **Branded Types:** We use the "Branded Types" pattern to ensure type safety for domain identifiers (e.g., `UserID` vs. `ProjectID`).
+- **Atomic Versioning:** Every change to this package triggers a hash mismatch in the framework, forcing a contract verification step.
 
-### Why it matters
+### Key Components
 
-- Ensures frontend and backend agree on the same data structures.
-- Avoids duplicate type definitions across implementations.
-- Supports traceable API contract validation with `contract.version.json`.
-- Makes AI-assisted development safer and more predictable.
-
-### Principles
-
-- **Contract-First:** Define shared types before implementation.
-- **Branded Identifiers:** Use domain-specific IDs such as `UserID` and `SessionID`.
-- **Explicit Response Shapes:** Keep success and error payloads consistent.
-- **ULID Support:** Native support for sortable 26-character identifiers.
-- **Hash Verification:** Recalculate and verify the contract hash whenever shared types change.
-
-### Development
-
-```bash
-cd packages/shared-types
-npm install
-npm run build
-npm run typecheck
+#### Branded Identifiers
+Prevents accidental usage of a UserID where a ProjectID is expected.
+```typescript
+export type UserID = string & { readonly __brand: "UserID" };
+export type ProjectID = string & { readonly __brand: "ProjectID" };
 ```
 
-### Usage
-
+#### API Contracts
+Standardized shapes for requests and responses.
 ```typescript
-import { ApiResponse, SessionID, UserID } from "@ai-enderun/shared-types";
+export interface ApiResponse<T> {
+  data: T;
+  traceId: string;
+  timestamp: string;
+}
 ```
 
 ### Contract Workflow
 
-1. Modify or add types in `packages/shared-types/src/index.ts`.
-2. Build the package and confirm consuming code compiles.
-3. Update `packages/shared-types/contract.version.json` whenever the shared surface changes.
-4. Document related endpoint contracts in `.gemini/docs/api/`.
+1. **Modify**: Update `src/index.ts` with new DTOs or Types.
+2. **Build**: `npm run build`
+3. **Verify**: Run `agent-enderun verify-contract` to detect changes.
+4. **Sync**: Update `contract.version.json` with the new hash using the MCP tool `update_contract_hash`.
 
 ## Türkçe
 
-`@ai-enderun/shared-types`, AI-Enderun’un paylaşılan kontrat katmanıdır. Backend ve frontend ajanlarının ortaklaşa uzlaşması gereken veri modellerini, API istek/yanıt biçimlerini ve branded kimlikleri tanımlar.
-
-### Amaç
-
-Bu paket, kontrat kaymasını önler ve depo genelinde kontrat-öncelikli bir iş akışı sağlar. Ortak türler, domain ID’leri ve yanıt yapıları için tek kaynak olarak çalışır.
-
-### Neden önemli?
-
-- Frontend ve backend’in aynı veri yapıları üzerinde anlaşmasını sağlar.
-- Tekrarlanan tip tanımlarını engeller.
-- `contract.version.json` ile API sözleşmesi doğrulanmasını destekler.
-- AI destekli geliştirmeyi daha güvenli ve öngörülebilir hale getirir.
+`@ai-enderun/shared-types`, Agent Enderun çerçevesindeki verilerin "Yüce Yasası"dır. **Kontrat Öncelikli** (Contract-First) yaklaşımıyla backend ve frontend arasında kusursuz bir uyum sağlar.
 
-### İlkeler
+### Temel Özellikler
 
-- **Önce Kontrat:** Ortak tipler uygulanmadan önce tanımlanır.
-- **Branded Kimlikler:** `UserID`, `SessionID` gibi domain-özel kimlikler kullanılır.
-- **Açık Yanıt Şekilleri:** Başarı ve hata yükleri tutarlı tutulur.
-- **ULID Desteği:** 26 karakterlik sıralanabilir kimlikler.
-- **Hash Doğrulama:** Paylaşılan tipler değiştiğinde kontrat hash’i güncellenir.
+- **Branded Types:** Kimlik karışıklıklarını önlemek için özel tipler kullanılır.
+- **API Sözleşmeleri:** Tüm istek ve yanıtlar için standart şablonlar.
+- **Hash Doğrulama:** Tip değişiklikleri merkezi bir hash üzerinden takip edilir.
 
 ### Geliştirme
 
 ```bash
-cd packages/shared-types
 npm install
 npm run build
 npm run typecheck

package/packages/shared-types/contract.version.json

@@ -1,9 +1,9 @@
 {
-  "version": "0.1.10",
-  "last_updated": "2026-05-09T13:04:00Z",
-  "contract_hash": "daf1d688875061ef66697f39ac2449a34631e9b93926ed3e694b4e4ac7423d98",
+  "version": "0.1.11",
+  "last_updated": "2026-05-11T13:45:00Z",
+  "contract_hash": "a8ff433521ce2d7e249d67e84ae8ef0e54082260195b672789ef7a48a9a1e35a",
   "breaking_changes": [
-    { "version": "0.1.10", "description": "Initial framework setup" }
+    { "version": "0.1.11", "description": "Extended shared types for Enderun Brain Dashboard" }
   ],
   "deprecated_versions": []
 }

package/packages/shared-types/dist/index.d.ts

@@ -1,61 +1,93 @@
 /**
- * Shared Types — AI-Enderun
- * All types in this package define the contract between backend and frontend.
- * Only @backend modifies this file; @frontend only reads/imports.
+ * Agent Enderun — Shared Types
+ *
+ * This file is the Single Source of Truth for all Backend and Frontend communication.
+ * All IDs use the Branded Types pattern for type safety.
  */
-export type Brand<T, B> = T & {
-    readonly _brand: B;
+/**
+ * Branded Type Utility
+ */
+export type Brand<K, T> = K & {
+    __brand: T;
 };
-export declare const createULID: (seedTime?: number) => string;
-export type UserID = Brand<string, 'UserID'>;
-export type SessionID = Brand<string, 'SessionID'>;
-export declare const createUserID: () => UserID;
-export declare const createSessionID: () => SessionID;
-export interface PaginationQuery {
-    page: number;
-    limit: number;
-}
-export interface PaginatedResponse<T> {
-    data: T[];
-    total: number;
-    page: number;
-    limit: number;
-    hasMore: boolean;
-}
-export interface ApiSuccess<T> {
-    success: true;
-    data: T;
-}
-export interface ApiError {
-    success: false;
-    code: string;
-    message: string;
-    statusCode: number;
-}
-export type ApiResponse<T> = ApiSuccess<T> | ApiError;
+/**
+ * Entity IDs (Branded)
+ */
+export type TraceID = Brand<string, "TraceID">;
+export type AgentID = Brand<string, "AgentID">;
+export type ProjectID = Brand<string, "ProjectID">;
+export type UserID = Brand<string, "UserID">;
+/**
+ * Domain Models
+ */
 export interface User {
     id: UserID;
     email: string;
-    name: string;
-    role: 'admin' | 'user';
+    fullName: string;
+    role: "ADMIN" | "DEVELOPER" | "VIEWER";
     createdAt: string;
-    updatedAt: string;
 }
-export interface AuthResponseDTO {
-    user: User;
-    accessToken: string;
-    refreshToken: string;
+export interface UserProfile extends User {
+    avatarUrl?: string;
+    bio?: string;
+    preferences: Record<string, unknown>;
 }
-export interface LoginDTO {
-    email: string;
-    password: string;
+/**
+ * Project Status Types
+ */
+export type ProjectPhase = "PHASE_0" | "PHASE_1" | "PHASE_2" | "PHASE_3" | "PHASE_4";
+export type ExecutionProfile = "Lightweight" | "Full";
+export interface ProjectStatus {
+    phase: ProjectPhase;
+    profile: ExecutionProfile;
+    lastUpdate: string;
+    activeTraceId: TraceID | null;
+    blockers: string[];
 }
-export interface RegisterDTO {
-    email: string;
-    name: string;
-    password: string;
+/**
+ * Task Management Types
+ */
+export type TaskPriority = "P0" | "P1" | "P2" | "P3";
+export type TaskStatus = "PENDING" | "IN_PROGRESS" | "BLOCKED" | "COMPLETED" | "FAILED";
+export interface Task {
+    id: TraceID;
+    description: string;
+    agent: AgentID;
+    priority: TaskPriority;
+    status: TaskStatus;
+    createdAt: string;
+    updatedAt: string;
+}
+/**
+ * Audit & Agent Logging Types
+ */
+export type ActionType = "CREATE" | "MODIFY" | "DELETE" | "RESEARCH" | "ORCHESTRATE";
+export type ActionStatus = "SUCCESS" | "FAILURE" | "WAITING";
+export interface AgentActionLog {
+    timestamp: string;
+    agent: AgentID;
+    action: ActionType;
+    requestId: TraceID | "—";
+    status: ActionStatus;
+    summary: string;
+    files?: string[];
+    details?: Record<string, unknown>;
 }
-export interface RefreshTokenDTO {
-    refreshToken: string;
+/**
+ * API Response Wrappers
+ */
+export interface ApiResponse<T> {
+    data: T;
+    meta?: {
+        requestId: TraceID;
+        timestamp: string;
+    };
+}
+export interface ApiError {
+    error: {
+        code: string;
+        message: string;
+        details?: unknown;
+    };
 }
 //# sourceMappingURL=index.d.ts.map

package/packages/shared-types/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG;IAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;CAAE,CAAC;AAErD,eAAO,MAAM,UAAU,GAAI,WAAU,MAAmB,KAAG,MAE1D,CAAC;AAEF,MAAM,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAC7C,MAAM,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAEnD,eAAO,MAAM,YAAY,QAAO,MAAyC,CAAC;AAC1E,eAAO,MAAM,eAAe,QAAO,SAAgD,CAAC;AAEpF,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,iBAAiB,CAAC,CAAC;IAClC,IAAI,EAAE,CAAC,EAAE,CAAC;IACV,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,UAAU,CAAC,CAAC;IAC3B,OAAO,EAAE,IAAI,CAAC;IACd,IAAI,EAAE,CAAC,CAAC;CACT;AAED,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,KAAK,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,WAAW,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC;AAEtD,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,OAAO,GAAG,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,IAAI,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAC;CACtB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG;IAAE,OAAO,EAAE,CAAC,CAAA;CAAE,CAAC;AAE7C;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;AAC/C,MAAM,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;AAC/C,MAAM,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AACnD,MAAM,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAE7C;;GAEG;AACH,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,OAAO,GAAG,WAAW,GAAG,QAAQ,CAAC;IACvC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAY,SAAQ,IAAI;IACvC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;AACrF,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG,MAAM,CAAC;AAEtD,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,YAAY,CAAC;IACpB,OAAO,EAAE,gBAAgB,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,OAAO,GAAG,IAAI,CAAC;IAC9B,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;AACrD,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,aAAa,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,CAAC;AAExF,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,OAAO,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,OAAO,CAAC;IACf,QAAQ,EAAE,YAAY,CAAC;IACvB,MAAM,EAAE,UAAU,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,aAAa,CAAC;AACrF,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;AAE7D,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,UAAU,CAAC;IACnB,SAAS,EAAE,OAAO,GAAG,GAAG,CAAC;IACzB,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,WAAW,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC;IACR,IAAI,CAAC,EAAE;QACL,SAAS,EAAE,OAAO,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;CACH"}

package/packages/shared-types/dist/index.js

@@ -1,11 +1,8 @@
 /**
- * Shared Types — AI-Enderun
- * All types in this package define the contract between backend and frontend.
- * Only @backend modifies this file; @frontend only reads/imports.
+ * Agent Enderun — Shared Types
+ *
+ * This file is the Single Source of Truth for all Backend and Frontend communication.
+ * All IDs use the Branded Types pattern for type safety.
  */
-export const createULID = (seedTime = Date.now()) => {
-    return seedTime.toString(36) + Math.random().toString(36).substring(2, 10);
-};
-export const createUserID = () => `usr_${createULID()}`;
-export const createSessionID = () => `sess_${createULID()}`;
+export {};
 //# sourceMappingURL=index.js.map

package/packages/shared-types/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,WAAmB,IAAI,CAAC,GAAG,EAAE,EAAU,EAAE;IAClE,OAAO,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC7E,CAAC,CAAC;AAKF,MAAM,CAAC,MAAM,YAAY,GAAG,GAAW,EAAE,CAAC,OAAO,UAAU,EAAE,EAAY,CAAC;AAC1E,MAAM,CAAC,MAAM,eAAe,GAAG,GAAc,EAAE,CAAC,QAAQ,UAAU,EAAE,EAAe,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/packages/shared-types/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ai-enderun/shared-types",
-  "version": "0.1.10",
+  "version": "0.2.0",
   "description": "Shared TypeScript types for AI-Enderun Framework. Ensures Contract-First synchronization between agents.",
   "type": "module",
   "main": "dist/index.js",