noodleseed-cli 0.1.4

package/node_modules/@noodle-borg/protocol/dist/widget/ext-apps-bundle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ext-apps-bundle.js","sourceRoot":"","sources":["../../src/widget/ext-apps-bundle.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAClE,EAAE;AACF,0FAA0F;AAC1F,mGAAmG;AACnG,qFAAqF;AACrF,qCAAqC;AACrC,MAAM,CAAC,MAAM,gBAAgB,GAAG,OAAO,CAAC;AAExC,sFAAsF;AACtF,MAAM,CAAC,MAAM,eAAe,GAAW,0skUAA0skU,CAAC"}

package/node_modules/@noodle-borg/protocol/dist/widget/inject.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Inject the MCP Apps client bridge into a widget body, gated strictly on the
+ * `text/html;profile=mcp-app` mime type. No-op for every other content type, and idempotent (a body that
+ * already inlines the bundle is returned unchanged). The script is added before `</body>` when present, else
+ * appended.
+ */
+export declare function injectWidgetBridge(mimeType: string | undefined, html: string): string;
+//# sourceMappingURL=inject.d.ts.map

package/node_modules/@noodle-borg/protocol/dist/widget/inject.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"inject.d.ts","sourceRoot":"","sources":["../../src/widget/inject.ts"],"names":[],"mappings":"AAuBA;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAOrF"}

package/node_modules/@noodle-borg/protocol/dist/widget/inject.js

@@ -0,0 +1,36 @@
+import { MCP_APP_MIME_TYPE } from '@noodle-borg/compiler';
+import { WIDGET_BOOTSTRAP_SOURCE } from './bootstrap.js';
+import { EXT_APPS_BUNDLE } from './ext-apps-bundle.js';
+/**
+ * Serve-time injection of the MCP Apps client bridge into a widget's HTML body.
+ *
+ * A host (Claude/ChatGPT) renders a widget's `ui://` resource in a sandboxed iframe, but keeps the frame
+ * **blank** until the widget connects over the `ui/*` bridge — and the iframe CSP blocks CDN script fetches,
+ * so the bridge client must be **inlined**. We add the vendored `@modelcontextprotocol/ext-apps` bundle plus
+ * the widget runtime bootstrap (`./bootstrap.ts`) here, at serve time, as **shared runtime infrastructure**:
+ * it is not stored per artifact and is not counted against the author's widget-`html` size budget. The author
+ * writes static HTML (with `data-bind*`/`data-action` attributes); the runtime supplies the bridge, host
+ * theming, auto-resize, the live tool result/input, and UI-initiated actions. See
+ * docs/decisions/0022-adopt-mcp-ui-for-apps-widgets.md (W2 / W2.5).
+ */
+/** `</script>` inside the minified bundle would close the host `<script>` tag early — neutralize it once. */
+const SAFE_BUNDLE = EXT_APPS_BUNDLE.replace(/<\/(script)/gi, '<\\/$1');
+/** The injected bridge: the ext-apps bundle + the widget runtime bootstrap, as one inline module script. */
+const BRIDGE_SCRIPT = `<script type="module">\n${SAFE_BUNDLE}\n${WIDGET_BOOTSTRAP_SOURCE}\n</script>`;
+/**
+ * Inject the MCP Apps client bridge into a widget body, gated strictly on the
+ * `text/html;profile=mcp-app` mime type. No-op for every other content type, and idempotent (a body that
+ * already inlines the bundle is returned unchanged). The script is added before `</body>` when present, else
+ * appended.
+ */
+export function injectWidgetBridge(mimeType, html) {
+    if (mimeType !== MCP_APP_MIME_TYPE)
+        return html;
+    if (html.includes('globalThis.ExtApps'))
+        return html;
+    const idx = html.toLowerCase().lastIndexOf('</body>');
+    return idx === -1
+        ? `${html}\n${BRIDGE_SCRIPT}`
+        : `${html.slice(0, idx)}${BRIDGE_SCRIPT}\n${html.slice(idx)}`;
+}
+//# sourceMappingURL=inject.js.map

package/node_modules/@noodle-borg/protocol/dist/widget/inject.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"inject.js","sourceRoot":"","sources":["../../src/widget/inject.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD;;;;;;;;;;;GAWG;AAEH,6GAA6G;AAC7G,MAAM,WAAW,GAAG,eAAe,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;AAEvE,4GAA4G;AAC5G,MAAM,aAAa,GAAG,2BAA2B,WAAW,KAAK,uBAAuB,aAAa,CAAC;AAEtG;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA4B,EAAE,IAAY;IAC3E,IAAI,QAAQ,KAAK,iBAAiB;QAAE,OAAO,IAAI,CAAC;IAChD,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IACtD,OAAO,GAAG,KAAK,CAAC,CAAC;QACf,CAAC,CAAC,GAAG,IAAI,KAAK,aAAa,EAAE;QAC7B,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,aAAa,KAAK,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;AAClE,CAAC"}

package/node_modules/@noodle-borg/protocol/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "@noodle-borg/protocol",
+  "version": "0.0.0",
+  "private": true,
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "typecheck": "tsc -p tsconfig.json --noEmit"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "@noodle-borg/compiler": "0.0.0",
+    "@noodle-borg/runtime": "0.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^24.0.0"
+  }
+}

package/node_modules/@noodle-borg/runtime/dist/broker/map.d.ts

@@ -0,0 +1,29 @@
+import type { CredentialBroker, CredentialRequest, DownstreamCredential } from './types.js';
+/**
+ * Build the lookup key for a connector operation. With `operation`, it keys an exact
+ * `(connectorId, operation)` entry; without, it keys the connector-level default.
+ */
+declare function entryKey(connectorId: string, operation?: string): string;
+/**
+ * A service-credential broker backed by a resolved map. It resolves a {@link DownstreamCredential} by
+ * `(connectorId, operation)`, falling back to a connector-level default, then to a shared `fallback`
+ * (an empty token by default, so operations with no declared auth keep calling public endpoints exactly
+ * as before).
+ *
+ * It holds only already-resolved `{token}` values — it has no knowledge of auth schemes or secret names
+ * (those are joined away at deploy time). "Missing secret" is therefore caught at deploy, not here, so
+ * this broker never rejects: an unbound operation simply gets the empty-token fallback.
+ *
+ * The {@link CredentialBroker} port is unchanged, so a later multi-tenant model (tenant + environment
+ * scoping, environments inheriting their tenant's secrets) layers on top by changing only how this map
+ * is constructed — not the port the runtime depends on.
+ */
+export declare class MapServiceBroker implements CredentialBroker {
+    #private;
+    constructor(entries: ReadonlyMap<string, DownstreamCredential>, fallback?: DownstreamCredential);
+    getCredential(request: CredentialRequest): Promise<DownstreamCredential>;
+    /** Build the map key for `(connectorId, operation?)`; exported so callers can populate the entries. */
+    static key: typeof entryKey;
+}
+export {};
+//# sourceMappingURL=map.d.ts.map

package/node_modules/@noodle-borg/runtime/dist/broker/map.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"map.d.ts","sourceRoot":"","sources":["../../src/broker/map.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAI5F;;;GAGG;AACH,iBAAS,QAAQ,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAEjE;AAED;;;;;;;;;;;;;GAaG;AACH,qBAAa,gBAAiB,YAAW,gBAAgB;;gBAKrD,OAAO,EAAE,WAAW,CAAC,MAAM,EAAE,oBAAoB,CAAC,EAClD,QAAQ,GAAE,oBAAoC;IAMhD,aAAa,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAMxE,uGAAuG;IACvG,MAAM,CAAC,GAAG,kBAAY;CACvB"}

package/node_modules/@noodle-borg/runtime/dist/broker/map.js

@@ -0,0 +1,38 @@
+const SEP = '\u0000';
+/**
+ * Build the lookup key for a connector operation. With `operation`, it keys an exact
+ * `(connectorId, operation)` entry; without, it keys the connector-level default.
+ */
+function entryKey(connectorId, operation) {
+    return operation === undefined ? connectorId : `${connectorId}${SEP}${operation}`;
+}
+/**
+ * A service-credential broker backed by a resolved map. It resolves a {@link DownstreamCredential} by
+ * `(connectorId, operation)`, falling back to a connector-level default, then to a shared `fallback`
+ * (an empty token by default, so operations with no declared auth keep calling public endpoints exactly
+ * as before).
+ *
+ * It holds only already-resolved `{token}` values — it has no knowledge of auth schemes or secret names
+ * (those are joined away at deploy time). "Missing secret" is therefore caught at deploy, not here, so
+ * this broker never rejects: an unbound operation simply gets the empty-token fallback.
+ *
+ * The {@link CredentialBroker} port is unchanged, so a later multi-tenant model (tenant + environment
+ * scoping, environments inheriting their tenant's secrets) layers on top by changing only how this map
+ * is constructed — not the port the runtime depends on.
+ */
+export class MapServiceBroker {
+    #byKey;
+    #fallback;
+    constructor(entries, fallback = { token: '' }) {
+        this.#byKey = entries;
+        this.#fallback = fallback;
+    }
+    getCredential(request) {
+        const exact = this.#byKey.get(entryKey(request.connectorId, request.operation));
+        const connectorDefault = this.#byKey.get(entryKey(request.connectorId));
+        return Promise.resolve(exact ?? connectorDefault ?? this.#fallback);
+    }
+    /** Build the map key for `(connectorId, operation?)`; exported so callers can populate the entries. */
+    static key = entryKey;
+}
+//# sourceMappingURL=map.js.map

package/node_modules/@noodle-borg/runtime/dist/broker/map.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"map.js","sourceRoot":"","sources":["../../src/broker/map.ts"],"names":[],"mappings":"AAEA,MAAM,GAAG,GAAG,QAAQ,CAAC;AAErB;;;GAGG;AACH,SAAS,QAAQ,CAAC,WAAmB,EAAE,SAAkB;IACvD,OAAO,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,WAAW,GAAG,GAAG,GAAG,SAAS,EAAE,CAAC;AACpF,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,gBAAgB;IAClB,MAAM,CAA4C;IAClD,SAAS,CAAuB;IAEzC,YACE,OAAkD,EAClD,WAAiC,EAAE,KAAK,EAAE,EAAE,EAAE;QAE9C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC;QACtB,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAED,aAAa,CAAC,OAA0B;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;QAChF,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;QACxE,OAAO,OAAO,CAAC,OAAO,CAAC,KAAK,IAAI,gBAAgB,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;IACtE,CAAC;IAED,uGAAuG;IACvG,MAAM,CAAC,GAAG,GAAG,QAAQ,CAAC"}

package/node_modules/@noodle-borg/runtime/dist/broker/secret-box.d.ts

@@ -0,0 +1,103 @@
+/** The AES-256-GCM ciphertext components (all base64) shared by the sealed envelope and DEK wrapping. */
+interface AesGcmParts {
+    /** base64; 12 random bytes, fresh per encryption. */
+    readonly iv: string;
+    /** base64 GCM authentication tag (tamper-evident). */
+    readonly tag: string;
+    /** base64 ciphertext. */
+    readonly ct: string;
+}
+/**
+ * A serializable, AES-256-GCM-sealed secret value. Holds **no** plaintext — only base64 IV/tag/ciphertext,
+ * plus the key id + algorithm (and, for v2, the wrapped data key) so the open path can select the right key
+ * across mixed-vintage records during a migration.
+ *
+ * - **v1** (ADR 0028): the blob is encrypted **directly** with a static 32-byte master key. Emitted by
+ *   {@link staticMasterKeyProvider} (dev/offline); still fully readable.
+ * - **v2** (ADR 0037): **envelope encryption** — a fresh per-record 32-byte data key (DEK) encrypts the
+ *   blob, and the KEK custodian (e.g. Cloud KMS) wraps the DEK (`wrappedDek`). The KEK never enters the
+ *   process. Emitted by a {@link WrappingMasterKey} provider.
+ */
+export type SealedSecret = SealedSecretV1 | SealedSecretV2;
+export interface SealedSecretV1 extends AesGcmParts {
+    readonly v: 1;
+    readonly algo: 'AES-256-GCM';
+    /** The static key id (e.g. `'static'`) that encrypted the blob. */
+    readonly keyId: string;
+}
+export interface SealedSecretV2 extends AesGcmParts {
+    readonly v: 2;
+    readonly algo: 'AES-256-GCM';
+    /** The KEK id (e.g. a Cloud KMS cryptoKey resource name) that wrapped {@link wrappedDek}. */
+    readonly keyId: string;
+    /** base64 KEK-ciphertext of the 32-byte DEK that encrypted the blob ({@link AesGcmParts.ct}). */
+    readonly wrappedDek: string;
+}
+/**
+ * Thrown when a {@link SecretBox} cannot decrypt — a wrong/missing key or KEK, tampered ciphertext, or a
+ * record/provider version mismatch. Never includes the plaintext or the ciphertext in its message.
+ */
+export declare class SecretDecryptError extends Error {
+    constructor(message?: string);
+}
+/**
+ * Custodian of the key-encrypting key (KEK). Two shapes (ADR 0037), discriminated by `kind`:
+ *
+ * - {@link StaticMasterKey} — a raw 32-byte key held in-process (dev/offline); {@link SecretBox} seals
+ *   **v1** (the blob is encrypted directly with the key).
+ * - {@link WrappingMasterKey} — the KEK never leaves a custodian (e.g. Cloud KMS); it only wrap/unwraps a
+ *   per-record DEK, so {@link SecretBox} seals **v2** (envelope encryption). Async — the custodian is a
+ *   network call.
+ *
+ * `keyId` is stamped into each {@link SealedSecret} so the right key can be selected to open it later.
+ */
+export type MasterKeyProvider = StaticMasterKey | WrappingMasterKey;
+export interface StaticMasterKey {
+    readonly kind: 'static';
+    readonly keyId: string;
+    /** Exactly 32 bytes. Held in-process — dev/offline only. */
+    key(): Buffer;
+}
+export interface WrappingMasterKey {
+    readonly kind: 'wrapping';
+    readonly keyId: string;
+    /** Wrap (encrypt) a 32-byte DEK with the KEK. The KEK never leaves the custodian. */
+    wrapDek(dek: Buffer): Promise<Buffer>;
+    /** Unwrap (decrypt) a previously wrapped DEK. Throws if the KEK cannot open it. */
+    unwrapDek(wrapped: Buffer): Promise<Buffer>;
+}
+/**
+ * A {@link StaticMasterKey} backed by a base64-encoded 32-byte key (e.g. from an env var). Validates the
+ * length eagerly: an absent/short/invalid key throws **here**, so a misconfigured deployment fails closed
+ * rather than persisting or reading secrets in the clear.
+ */
+export declare function staticMasterKeyProvider(base64Key: string, keyId?: string): StaticMasterKey;
+/**
+ * Reversible envelope encryption for secret values at rest (Slice 26, ADR 0028; KEK custody ADR 0037).
+ * Unlike the caller-key — which is hash-at-rest because it is only ever *verified* — a connector secret
+ * must be reproduced verbatim to send downstream, so it is **encrypted, not hashed**. AES-256-GCM via
+ * `node:crypto`, a fresh random IV per seal, and the GCM tag authenticates the ciphertext.
+ *
+ * `seal`/`open` are **async** because a wrapping (KMS) provider round-trips to the custodian; a static
+ * provider resolves immediately. The live in-memory broker still holds plaintext — only the *persisted
+ * projection* is sealed.
+ */
+export declare class SecretBox {
+    #private;
+    constructor(provider: MasterKeyProvider);
+    /**
+     * Seal a plaintext. A static provider emits **v1** (blob encrypted directly with its key — byte-identical
+     * to ADR 0028); a wrapping provider emits **v2** (a fresh per-record DEK encrypts the blob, the KEK wraps
+     * the DEK).
+     */
+    seal(plaintext: string): Promise<SealedSecret>;
+    /**
+     * Open a {@link SealedSecret}. Dispatches on its version against the provider: **v1** needs the static
+     * key; **v2** unwraps the per-record DEK via the wrapping provider. Any failure — wrong key/KEK, tampered
+     * ciphertext, an unavailable KMS, or a version/provider mismatch — is normalized to
+     * {@link SecretDecryptError}, whose message leaks neither plaintext nor ciphertext.
+     */
+    open(sealed: SealedSecret): Promise<string>;
+}
+export {};
+//# sourceMappingURL=secret-box.d.ts.map

package/node_modules/@noodle-borg/runtime/dist/broker/secret-box.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-box.d.ts","sourceRoot":"","sources":["../../src/broker/secret-box.ts"],"names":[],"mappings":"AAEA,yGAAyG;AACzG,UAAU,WAAW;IACnB,qDAAqD;IACrD,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,sDAAsD;IACtD,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;GAUG;AACH,MAAM,MAAM,YAAY,GAAG,cAAc,GAAG,cAAc,CAAC;AAE3D,MAAM,WAAW,cAAe,SAAQ,WAAW;IACjD,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;IACd,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B,mEAAmE;IACnE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,cAAe,SAAQ,WAAW;IACjD,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;IACd,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B,6FAA6F;IAC7F,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,iGAAiG;IACjG,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED;;;GAGG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,SAAgE;CAIpF;AAED;;;;;;;;;;GAUG;AACH,MAAM,MAAM,iBAAiB,GAAG,eAAe,GAAG,iBAAiB,CAAC;AAEpE,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,4DAA4D;IAC5D,GAAG,IAAI,MAAM,CAAC;CACf;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,qFAAqF;IACrF,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACtC,mFAAmF;IACnF,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC7C;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,SAAW,GAAG,eAAe,CAM5F;AAED;;;;;;;;;GASG;AACH,qBAAa,SAAS;;gBAGR,QAAQ,EAAE,iBAAiB;IAIvC;;;;OAIG;IACG,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAiBpD;;;;;OAKG;IACG,IAAI,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;CAkBlD"}

package/node_modules/@noodle-borg/runtime/dist/broker/secret-box.js

@@ -0,0 +1,118 @@
+import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';
+/**
+ * Thrown when a {@link SecretBox} cannot decrypt — a wrong/missing key or KEK, tampered ciphertext, or a
+ * record/provider version mismatch. Never includes the plaintext or the ciphertext in its message.
+ */
+export class SecretDecryptError extends Error {
+    constructor(message = 'failed to decrypt secret (wrong key or tampered ciphertext)') {
+        super(message);
+        this.name = 'SecretDecryptError';
+    }
+}
+/**
+ * A {@link StaticMasterKey} backed by a base64-encoded 32-byte key (e.g. from an env var). Validates the
+ * length eagerly: an absent/short/invalid key throws **here**, so a misconfigured deployment fails closed
+ * rather than persisting or reading secrets in the clear.
+ */
+export function staticMasterKeyProvider(base64Key, keyId = 'static') {
+    const key = Buffer.from(base64Key, 'base64');
+    if (key.length !== 32) {
+        throw new Error(`secret master key must decode to 32 bytes (base64); got ${key.length}`);
+    }
+    return { kind: 'static', keyId, key: () => key };
+}
+/**
+ * Reversible envelope encryption for secret values at rest (Slice 26, ADR 0028; KEK custody ADR 0037).
+ * Unlike the caller-key — which is hash-at-rest because it is only ever *verified* — a connector secret
+ * must be reproduced verbatim to send downstream, so it is **encrypted, not hashed**. AES-256-GCM via
+ * `node:crypto`, a fresh random IV per seal, and the GCM tag authenticates the ciphertext.
+ *
+ * `seal`/`open` are **async** because a wrapping (KMS) provider round-trips to the custodian; a static
+ * provider resolves immediately. The live in-memory broker still holds plaintext — only the *persisted
+ * projection* is sealed.
+ */
+export class SecretBox {
+    #provider;
+    constructor(provider) {
+        this.#provider = provider;
+    }
+    /**
+     * Seal a plaintext. A static provider emits **v1** (blob encrypted directly with its key — byte-identical
+     * to ADR 0028); a wrapping provider emits **v2** (a fresh per-record DEK encrypts the blob, the KEK wraps
+     * the DEK).
+     */
+    async seal(plaintext) {
+        if (this.#provider.kind === 'static') {
+            return {
+                v: 1,
+                algo: 'AES-256-GCM',
+                keyId: this.#provider.keyId,
+                ...aesEncrypt(this.#provider.key(), plaintext),
+            };
+        }
+        const dek = randomBytes(32);
+        const wrappedDek = (await this.#provider.wrapDek(dek)).toString('base64');
+        // Bind the v2 header (version, algo, keyId, wrappedDek) into the GCM tag as AAD so the record is
+        // self-describing and tamper-evident on those fields — not just transitively via the unique DEK.
+        const parts = aesEncrypt(dek, plaintext, v2Aad(this.#provider.keyId, wrappedDek));
+        return { v: 2, algo: 'AES-256-GCM', keyId: this.#provider.keyId, wrappedDek, ...parts };
+    }
+    /**
+     * Open a {@link SealedSecret}. Dispatches on its version against the provider: **v1** needs the static
+     * key; **v2** unwraps the per-record DEK via the wrapping provider. Any failure — wrong key/KEK, tampered
+     * ciphertext, an unavailable KMS, or a version/provider mismatch — is normalized to
+     * {@link SecretDecryptError}, whose message leaks neither plaintext nor ciphertext.
+     */
+    async open(sealed) {
+        try {
+            if (sealed.v === 2) {
+                if (this.#provider.kind !== 'wrapping') {
+                    throw new Error('a v2 (KMS-wrapped) record requires a wrapping master-key provider');
+                }
+                const dek = await this.#provider.unwrapDek(Buffer.from(sealed.wrappedDek, 'base64'));
+                return aesDecrypt(dek, sealed, v2Aad(sealed.keyId, sealed.wrappedDek));
+            }
+            if (this.#provider.kind !== 'static') {
+                throw new Error('a v1 (static-key) record requires the static master-key provider');
+            }
+            return aesDecrypt(this.#provider.key(), sealed);
+        }
+        catch {
+            // Normalize every failure (wrong key, bad tag, KMS error, version mismatch) to one opaque error.
+            throw new SecretDecryptError();
+        }
+    }
+}
+/**
+ * The v2 additional authenticated data: the header fields bound into the GCM tag so any tampering of the
+ * version/algo/keyId/wrappedDek is caught on open. A deterministic, fixed-key-order JSON so `seal` and
+ * `open` reconstruct byte-identical AAD. (v1 uses no AAD, staying byte-identical to ADR 0028.)
+ */
+function v2Aad(keyId, wrappedDek) {
+    return Buffer.from(JSON.stringify({ v: 2, algo: 'AES-256-GCM', keyId, wrappedDek }), 'utf8');
+}
+/** AES-256-GCM encrypt `plaintext` under `key` (32 bytes), optionally bound to `aad`. */
+function aesEncrypt(key, plaintext, aad) {
+    const iv = randomBytes(12);
+    const cipher = createCipheriv('aes-256-gcm', key, iv);
+    if (aad)
+        cipher.setAAD(aad);
+    const ct = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
+    return {
+        iv: iv.toString('base64'),
+        tag: cipher.getAuthTag().toString('base64'),
+        ct: ct.toString('base64'),
+    };
+}
+/** AES-256-GCM decrypt {@link AesGcmParts} under `key`; throws on a wrong key, wrong `aad`, or tampering. */
+function aesDecrypt(key, parts, aad) {
+    const decipher = createDecipheriv('aes-256-gcm', key, Buffer.from(parts.iv, 'base64'), {
+        authTagLength: 16,
+    });
+    if (aad)
+        decipher.setAAD(aad);
+    decipher.setAuthTag(Buffer.from(parts.tag, 'base64'));
+    const pt = Buffer.concat([decipher.update(Buffer.from(parts.ct, 'base64')), decipher.final()]);
+    return pt.toString('utf8');
+}
+//# sourceMappingURL=secret-box.js.map

package/node_modules/@noodle-borg/runtime/dist/broker/secret-box.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-box.js","sourceRoot":"","sources":["../../src/broker/secret-box.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAyC5E;;;GAGG;AACH,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAC3C,YAAY,OAAO,GAAG,6DAA6D;QACjF,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AA+BD;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAAiB,EAAE,KAAK,GAAG,QAAQ;IACzE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC7C,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,2DAA2D,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3F,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;AACnD,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,OAAO,SAAS;IACX,SAAS,CAAoB;IAEtC,YAAY,QAA2B;QACrC,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,IAAI,CAAC,SAAiB;QAC1B,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrC,OAAO;gBACL,CAAC,EAAE,CAAC;gBACJ,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK;gBAC3B,GAAG,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC;aAC/C,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC5B,MAAM,UAAU,GAAG,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC1E,iGAAiG;QACjG,iGAAiG;QACjG,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;QAClF,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,KAAK,EAAE,CAAC;IAC1F,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,IAAI,CAAC,MAAoB;QAC7B,IAAI,CAAC;YACH,IAAI,MAAM,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnB,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBACvC,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;gBACvF,CAAC;gBACD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;gBACrF,OAAO,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;YACzE,CAAC;YACD,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrC,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;YACtF,CAAC;YACD,OAAO,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,iGAAiG;YACjG,MAAM,IAAI,kBAAkB,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;CACF;AAED;;;;GAIG;AACH,SAAS,KAAK,CAAC,KAAa,EAAE,UAAkB;IAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;AAC/F,CAAC;AAED,yFAAyF;AACzF,SAAS,UAAU,CAAC,GAAW,EAAE,SAAiB,EAAE,GAAY;IAC9D,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,IAAI,GAAG;QAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC7E,OAAO;QACL,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACzB,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC3C,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;KAC1B,CAAC;AACJ,CAAC;AAED,6GAA6G;AAC7G,SAAS,UAAU,CAAC,GAAW,EAAE,KAAkB,EAAE,GAAY;IAC/D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,CAAC,EAAE;QACrF,aAAa,EAAE,EAAE;KAClB,CAAC,CAAC;IACH,IAAI,GAAG;QAAE,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC9B,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;IACtD,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC/F,OAAO,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC7B,CAAC"}

package/node_modules/@noodle-borg/runtime/dist/broker/static.d.ts

@@ -0,0 +1,12 @@
+import type { CredentialBroker, CredentialRequest, DownstreamCredential } from './types.js';
+/**
+ * A development/test broker that hands out a single fixed service credential for every request.
+ * Stands in for the real credential broker until Phase 3 introduces delegated end-user credentials.
+ * It never sees an inbound token, upholding the no-token-forwarding invariant by construction.
+ */
+export declare class StaticServiceBroker implements CredentialBroker {
+    #private;
+    constructor(credential: DownstreamCredential);
+    getCredential(_request: CredentialRequest): Promise<DownstreamCredential>;
+}
+//# sourceMappingURL=static.d.ts.map

package/node_modules/@noodle-borg/runtime/dist/broker/static.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"static.d.ts","sourceRoot":"","sources":["../../src/broker/static.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAE5F;;;;GAIG;AACH,qBAAa,mBAAoB,YAAW,gBAAgB;;gBAG9C,UAAU,EAAE,oBAAoB;IAI5C,aAAa,CAAC,QAAQ,EAAE,iBAAiB,GAAG,OAAO,CAAC,oBAAoB,CAAC;CAG1E"}

package/node_modules/@noodle-borg/runtime/dist/broker/static.js

@@ -0,0 +1,15 @@
+/**
+ * A development/test broker that hands out a single fixed service credential for every request.
+ * Stands in for the real credential broker until Phase 3 introduces delegated end-user credentials.
+ * It never sees an inbound token, upholding the no-token-forwarding invariant by construction.
+ */
+export class StaticServiceBroker {
+    #credential;
+    constructor(credential) {
+        this.#credential = credential;
+    }
+    getCredential(_request) {
+        return Promise.resolve(this.#credential);
+    }
+}
+//# sourceMappingURL=static.js.map

package/node_modules/@noodle-borg/runtime/dist/broker/static.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"static.js","sourceRoot":"","sources":["../../src/broker/static.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,MAAM,OAAO,mBAAmB;IACrB,WAAW,CAAuB;IAE3C,YAAY,UAAgC;QAC1C,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;IAChC,CAAC;IAED,aAAa,CAAC,QAA2B;QACvC,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC3C,CAAC;CACF"}

package/node_modules/@noodle-borg/runtime/dist/broker/types.d.ts

@@ -0,0 +1,28 @@
+/**
+ * A downstream-scoped credential minted by the {@link CredentialBroker} for a single connector
+ * operation. It is opaque to the runtime, which only forwards it to the connector and never logs
+ * or inspects it. It is NOT an inbound MCP/OAuth bearer token — the runtime never forwards those
+ * to business backends (docs/SPEC.md "Auth And Identity").
+ */
+export interface DownstreamCredential {
+    /** Opaque secret material the connector presents to its backing system. */
+    readonly token: string;
+    /** Optional scope marker, for the broker's own bookkeeping. */
+    readonly scope?: string;
+}
+/** What the runtime tells the broker about the call it is credentialing. */
+export interface CredentialRequest {
+    readonly connectorId: string;
+    readonly connectorVersion: string;
+    readonly operation: string;
+}
+/**
+ * Exchanges validated identity for a downstream-scoped credential. In Phase 1 there is no end-user
+ * identity, so the broker returns a *service* credential. The broker is the only source of
+ * connector credentials; the runtime never derives one from an inbound token (docs/SPEC.md
+ * "Auth And Identity", "Policy And Security"; [ADR 0005](../../../../docs/decisions/0005-runtime-execution-boundary.md)).
+ */
+export interface CredentialBroker {
+    getCredential(request: CredentialRequest): Promise<DownstreamCredential>;
+}
+//# sourceMappingURL=types.d.ts.map

package/node_modules/@noodle-borg/runtime/dist/broker/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/broker/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,WAAW,oBAAoB;IACnC,2EAA2E;IAC3E,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,+DAA+D;IAC/D,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,4EAA4E;AAC5E,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAC/B,aAAa,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;CAC1E"}

package/node_modules/@noodle-borg/runtime/dist/broker/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/node_modules/@noodle-borg/runtime/dist/broker/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/broker/types.ts"],"names":[],"mappings":""}

package/node_modules/@noodle-borg/runtime/dist/connector/in-memory.d.ts

@@ -0,0 +1,29 @@
+import type { OperationSignature, ResolvedOperationRef } from '@noodle-borg/compiler';
+import type { DownstreamCredential } from '../broker/types.js';
+import type { Connector, ConnectorCall, ConnectorRegistry } from './types.js';
+/** A handler runs one operation: pure data in, data out. It receives the broker credential. */
+export type OperationHandler = (args: Readonly<Record<string, unknown>>, credential: DownstreamCredential) => Promise<unknown> | unknown;
+/** An in-memory operation: its signature plus the function that fulfils it. */
+export interface InMemoryOperation {
+    readonly signature: OperationSignature;
+    readonly handler: OperationHandler;
+}
+/**
+ * A connector whose operations are plain in-process functions. Used for tests and for the first
+ * execution-plane slice; no network egress. The `http`/`custom` kinds arrive in later slices.
+ */
+export declare class InMemoryConnector implements Connector {
+    #private;
+    readonly id: string;
+    readonly version: string;
+    constructor(id: string, version: string, operations: Record<string, InMemoryOperation>);
+    signature(operation: string): OperationSignature | undefined;
+    invoke(call: ConnectorCall): Promise<unknown>;
+}
+/** A registry backed by a fixed set of connectors, keyed by `id@version`. */
+export declare class InMemoryConnectorRegistry implements ConnectorRegistry {
+    #private;
+    constructor(connectors: readonly Connector[]);
+    resolve(ref: ResolvedOperationRef): Connector | undefined;
+}
+//# sourceMappingURL=in-memory.d.ts.map

package/node_modules/@noodle-borg/runtime/dist/connector/in-memory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"in-memory.d.ts","sourceRoot":"","sources":["../../src/connector/in-memory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AACtF,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE9E,+FAA+F;AAC/F,MAAM,MAAM,gBAAgB,GAAG,CAC7B,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,EACvC,UAAU,EAAE,oBAAoB,KAC7B,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;AAEhC,+EAA+E;AAC/E,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,SAAS,EAAE,kBAAkB,CAAC;IACvC,QAAQ,CAAC,OAAO,EAAE,gBAAgB,CAAC;CACpC;AAED;;;GAGG;AACH,qBAAa,iBAAkB,YAAW,SAAS;;IACjD,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;gBAGb,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC;IAMtF,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,kBAAkB,GAAG,SAAS;IAItD,MAAM,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;CAKpD;AAED,6EAA6E;AAC7E,qBAAa,yBAA0B,YAAW,iBAAiB;;gBAGrD,UAAU,EAAE,SAAS,SAAS,EAAE;IAI5C,OAAO,CAAC,GAAG,EAAE,oBAAoB,GAAG,SAAS,GAAG,SAAS;CAG1D"}

package/node_modules/@noodle-borg/runtime/dist/connector/in-memory.js

@@ -0,0 +1,37 @@
+/**
+ * A connector whose operations are plain in-process functions. Used for tests and for the first
+ * execution-plane slice; no network egress. The `http`/`custom` kinds arrive in later slices.
+ */
+export class InMemoryConnector {
+    id;
+    version;
+    #operations;
+    constructor(id, version, operations) {
+        this.id = id;
+        this.version = version;
+        this.#operations = operations;
+    }
+    signature(operation) {
+        return this.#operations[operation]?.signature;
+    }
+    async invoke(call) {
+        const op = this.#operations[call.operation];
+        if (!op)
+            throw new Error(`connector "${this.id}" has no operation "${call.operation}"`);
+        return op.handler(call.args, call.credential);
+    }
+}
+/** A registry backed by a fixed set of connectors, keyed by `id@version`. */
+export class InMemoryConnectorRegistry {
+    #byKey;
+    constructor(connectors) {
+        this.#byKey = new Map(connectors.map((c) => [key(c.id, c.version), c]));
+    }
+    resolve(ref) {
+        return this.#byKey.get(key(ref.connectorId, ref.connectorVersion));
+    }
+}
+function key(id, version) {
+    return `${id}@${version}`;
+}
+//# sourceMappingURL=in-memory.js.map

package/node_modules/@noodle-borg/runtime/dist/connector/in-memory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"in-memory.js","sourceRoot":"","sources":["../../src/connector/in-memory.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AACH,MAAM,OAAO,iBAAiB;IACnB,EAAE,CAAS;IACX,OAAO,CAAS;IAChB,WAAW,CAA8C;IAElE,YAAY,EAAU,EAAE,OAAe,EAAE,UAA6C;QACpF,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;IAChC,CAAC;IAED,SAAS,CAAC,SAAiB;QACzB,OAAO,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,IAAmB;QAC9B,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,EAAE,uBAAuB,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC;QACxF,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAChD,CAAC;CACF;AAED,6EAA6E;AAC7E,MAAM,OAAO,yBAAyB;IAC3B,MAAM,CAAyB;IAExC,YAAY,UAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO,CAAC,GAAyB;QAC/B,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACrE,CAAC;CACF;AAED,SAAS,GAAG,CAAC,EAAU,EAAE,OAAe;IACtC,OAAO,GAAG,EAAE,IAAI,OAAO,EAAE,CAAC;AAC5B,CAAC"}

package/node_modules/@noodle-borg/runtime/dist/connector/types.d.ts

@@ -0,0 +1,41 @@
+import type { OperationSignature, ResolvedOperationRef } from '@noodle-borg/compiler';
+import type { DownstreamCredential } from '../broker/types.js';
+/**
+ * Host capability exposed to connectors that need to call another connector operation on behalf of
+ * sandboxed code. The runtime owns the implementation so nested calls still pass through signature
+ * drift checks, policy, broker credentials, connector invocation, redaction, and output validation.
+ */
+export interface ConnectorCallHost {
+    callOperation(ref: ResolvedOperationRef, args: Readonly<Record<string, unknown>>, path: string): Promise<unknown>;
+}
+/** A single connector-operation invocation, fully resolved and credentialed by the runtime. */
+export interface ConnectorCall {
+    readonly operation: string;
+    /** Evaluated, validated arguments. */
+    readonly args: Readonly<Record<string, unknown>>;
+    /**
+     * The downstream-scoped credential minted by the broker — never an inbound bearer token
+     * (docs/SPEC.md "Auth And Identity").
+     */
+    readonly credential: DownstreamCredential;
+    /** Optional host capability for sandboxed connectors; ignored by ordinary connectors. */
+    readonly host?: ConnectorCallHost;
+}
+/**
+ * A connector: a versioned integration exposing typed operations. Phase 1 ships only an in-memory
+ * implementation; the `http` and sandboxed `custom` kinds are later slices. The runtime treats a
+ * connector as a port — it owns its transport, retries, and error normalization.
+ */
+export interface Connector {
+    readonly id: string;
+    readonly version: string;
+    /** The operation's signature, used for signature-drift verification and argument/output checks. */
+    signature(operation: string): OperationSignature | undefined;
+    /** Invoke the operation. May reject; the runtime normalizes the failure (no secret leakage). */
+    invoke(call: ConnectorCall): Promise<unknown>;
+}
+/** Maps a resolved operation reference to the connector that can serve it. */
+export interface ConnectorRegistry {
+    resolve(ref: ResolvedOperationRef): Connector | undefined;
+}
+//# sourceMappingURL=types.d.ts.map

package/node_modules/@noodle-borg/runtime/dist/connector/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/connector/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AACtF,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE/D;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,aAAa,CACX,GAAG,EAAE,oBAAoB,EACzB,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,EACvC,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,OAAO,CAAC,CAAC;CACrB;AAED,+FAA+F;AAC/F,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,sCAAsC;IACtC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACjD;;;OAGG;IACH,QAAQ,CAAC,UAAU,EAAE,oBAAoB,CAAC;IAC1C,yFAAyF;IACzF,QAAQ,CAAC,IAAI,CAAC,EAAE,iBAAiB,CAAC;CACnC;AAED;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,mGAAmG;IACnG,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,kBAAkB,GAAG,SAAS,CAAC;IAC7D,gGAAgG;IAChG,MAAM,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC/C;AAED,8EAA8E;AAC9E,MAAM,WAAW,iBAAiB;IAChC,OAAO,CAAC,GAAG,EAAE,oBAAoB,GAAG,SAAS,GAAG,SAAS,CAAC;CAC3D"}

package/node_modules/@noodle-borg/runtime/dist/connector/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/node_modules/@noodle-borg/runtime/dist/connector/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/connector/types.ts"],"names":[],"mappings":""}