open-multi-agent-kit 0.78.1 → 0.78.3

package/dist/providers/router.js

@@ -1,3 +1,4 @@
+import { PROVIDER_CAPABILITY_ORDINAL } from "../contracts/provider-health.js";
 import { DEFAULT_AUTHORITY_PROVIDER, resolveFallbackProvider } from "./types.js";
 const DEEPSEEK_READ_ONLY_ROLES = new Set([
     "explorer",
@@ -41,7 +42,17 @@ export function routeProvider(input) {
     const role = input.role.toLowerCase();
     const seed = `${input.nodeId ?? ""}:${role}:${input.taskType}`;
     const authorityProvider = resolveFallbackProvider(input.authorityProvider);
-    const authorityDecision = (reason, confidence, deepseek, extra = {}) => authorityProviderDecision(authorityProvider, reason, confidence, deepseek, extra);
+    const authorityVector = input.providerHealthVectors?.[authorityProvider];
+    const authorityProviderAllowed = providerVectorAllowsAuthority(authorityVector);
+    const authorityProviderFallbackOnly = authorityVector
+        ? !providerVectorQuotaOk(authorityVector) && providerVectorAllowsDirect(authorityVector)
+        : false;
+    const authorityDecision = (reason, confidence, deepseek, extra = {}) => {
+        if (!authorityProviderAllowed || authorityProviderFallbackOnly) {
+            return authorityProviderDecision(authorityProvider, `${providerLabel(authorityProvider)} ${authorityProviderFallbackOnly ? "quota exhausted" : "auth insufficient"}; using fallback-only route`, Math.max(0.5, confidence - 0.15), deepseek, extra);
+        }
+        return authorityProviderDecision(authorityProvider, reason, confidence, deepseek, extra);
+    };
     const directDeepSeekAllowed = canUseDirectDeepSeek(role, input);
     const dedicatedDeepSeekAgent = isDedicatedDeepSeekAgent(input);
     const withRouteEnsemble = (decision, winner) => ({
@@ -60,6 +71,11 @@ export function routeProvider(input) {
     if (role === "orchestrator" || role === "merger" || role === "integrator") {
         return withRouteEnsemble(authorityDecision("Core orchestration and merge authority stay with the configured authority provider", 1), "safety-gate");
     }
+    // Hard constraint: if authority provider is blocked by vector, skip to safety gate
+    // unless an explicit, fully-available external provider is requested.
+    if (!authorityProviderAllowed && !requestedExternalProvider(input)) {
+        return withRouteEnsemble(authorityProviderDecision(authorityProvider, `${providerLabel(authorityProvider)} auth/quota insufficient for authority lanes; safety gate active`, 0.5), "safety-gate");
+    }
     const externalProvider = requestedExternalProvider(input);
     if (externalProvider) {
         if (!isProviderAvailable(input, externalProvider)) {
@@ -69,6 +85,12 @@ export function routeProvider(input) {
         }
         // If the external provider is the authority provider, route to it as authority
         if (externalProvider === authorityProvider) {
+            // Hard constraint: auth != ok → exclude authority lanes
+            if (!authorityProviderAllowed) {
+                return withRouteEnsemble(authorityDecision(`${providerLabel(externalProvider)} auth/quota insufficient for authority; using configured fallback`, 0.86, undefined, {
+                    providerModel: genericProviderModelRef(input, externalProvider, "veto"),
+                }), "safety-gate");
+            }
             return withRouteEnsemble(authorityDecision(`${providerLabel(externalProvider)} is the configured authority provider`, 0.9, undefined, {
                 providerModel: genericProviderModelRef(input, externalProvider, "authority"),
             }), "authority-provider");
@@ -178,8 +200,48 @@ function requestedExternalProvider(input) {
 function isGenericExternalProvider(value) {
     return typeof value === "string" && value !== "auto" && value !== "kimi" && value !== "deepseek";
 }
+function providerVectorMeets(vector, minState) {
+    if (!vector)
+        return true;
+    const current = PROVIDER_CAPABILITY_ORDINAL[vector.auth];
+    const required = PROVIDER_CAPABILITY_ORDINAL[minState];
+    return current >= required;
+}
+function providerVectorQuotaOk(vector) {
+    if (!vector)
+        return true;
+    return PROVIDER_CAPABILITY_ORDINAL[vector.quota] >= PROVIDER_CAPABILITY_ORDINAL["quota_available"];
+}
+function providerVectorAllowsAuthority(vector) {
+    if (!vector)
+        return true;
+    return (PROVIDER_CAPABILITY_ORDINAL[vector.auth] >= PROVIDER_CAPABILITY_ORDINAL["auth_valid"] &&
+        PROVIDER_CAPABILITY_ORDINAL[vector.model] >= PROVIDER_CAPABILITY_ORDINAL["model_available"] &&
+        PROVIDER_CAPABILITY_ORDINAL[vector.quota] >= PROVIDER_CAPABILITY_ORDINAL["quota_available"]);
+}
+function providerVectorAllowsDirect(vector) {
+    if (!vector)
+        return true;
+    return (PROVIDER_CAPABILITY_ORDINAL[vector.auth] >= PROVIDER_CAPABILITY_ORDINAL["auth_valid"] &&
+        PROVIDER_CAPABILITY_ORDINAL[vector.model] >= PROVIDER_CAPABILITY_ORDINAL["model_available"] &&
+        PROVIDER_CAPABILITY_ORDINAL[vector.quota] >= PROVIDER_CAPABILITY_ORDINAL["quota_available"]);
+}
+function providerVectorAllowsAdvisory(vector) {
+    if (!vector)
+        return true;
+    return PROVIDER_CAPABILITY_ORDINAL[vector.auth] >= PROVIDER_CAPABILITY_ORDINAL["auth_present"];
+}
 function isProviderAvailable(input, provider) {
     const explicit = input.providerAvailability?.[provider];
+    const vector = input.providerHealthVectors?.[provider];
+    if (vector) {
+        // Hard constraint: quota exhausted → fallback only (not fully available)
+        if (!providerVectorQuotaOk(vector))
+            return false;
+        // Hard constraint: auth not valid → not available for any lane
+        if (PROVIDER_CAPABILITY_ORDINAL[vector.auth] < PROVIDER_CAPABILITY_ORDINAL["auth_valid"])
+            return false;
+    }
     return explicit === undefined ? true : explicit;
 }
 function canUseGenericDirectProvider(role, input) {
@@ -187,7 +249,15 @@ function canUseGenericDirectProvider(role, input) {
         return false;
     if (input.needsMcp || input.needsToolCalling)
         return false;
-    return input.readOnly === true || GENERIC_EXTERNAL_READ_ONLY_ROLES.has(role);
+    if (!input.readOnly && !GENERIC_EXTERNAL_READ_ONLY_ROLES.has(role))
+        return false;
+    const externalProvider = requestedExternalProvider(input);
+    if (externalProvider) {
+        const vector = input.providerHealthVectors?.[externalProvider];
+        if (vector && !providerVectorAllowsDirect(vector))
+            return false;
+    }
+    return true;
 }
 function canUseGenericAdvisoryProvider(role, input) {
     if (!GENERIC_EXTERNAL_ADVISORY_FILE_ROLES.has(role))
@@ -196,6 +266,12 @@ function canUseGenericAdvisoryProvider(role, input) {
         return false;
     if (input.needsMcp || input.needsToolCalling)
         return false;
+    const externalProvider = requestedExternalProvider(input);
+    if (externalProvider) {
+        const vector = input.providerHealthVectors?.[externalProvider];
+        if (vector && !providerVectorAllowsAdvisory(vector))
+            return false;
+    }
     return true;
 }
 function canUseDeepSeekProAdvisory(role, input) {
@@ -205,12 +281,20 @@ function canUseDeepSeekProAdvisory(role, input) {
         return false;
     if (input.needsMcp || input.needsToolCalling)
         return false;
+    const vector = input.providerHealthVectors?.["deepseek"];
+    if (vector && !providerVectorAllowsAdvisory(vector))
+        return false;
     return true;
 }
 function canUseDirectDeepSeek(role, input) {
     if (input.risk !== "read")
         return false;
-    return input.readOnly === true || DEEPSEEK_READ_ONLY_ROLES.has(role);
+    if (!(input.readOnly === true || DEEPSEEK_READ_ONLY_ROLES.has(role)))
+        return false;
+    const vector = input.providerHealthVectors?.["deepseek"];
+    if (vector && !providerVectorAllowsDirect(vector))
+        return false;
+    return true;
 }
 function buildProviderRouteEnsemble(options) {
     const { input, role, decision, winner, directDeepSeekAllowed } = options;

package/dist/providers/types.d.ts

@@ -71,6 +71,8 @@ export interface ProviderRouteInput {
     authorityProvider?: ProviderId;
     preferredModel?: string;
     preferredDeepSeekTier?: DeepSeekModelTier;
+    /** v2 capability vectors for hard-constraint filtering. */
+    providerHealthVectors?: Partial<Record<ProviderId, import("../contracts/provider-health.js").ProviderHealthVector>>;
 }
 export interface ProviderRouteDecision {
     provider: ProviderId;
@@ -90,6 +92,8 @@ export interface ProviderAvailability {
     checkedAt: number;
     reason?: string;
     disableForRun: boolean;
+    /** v2 capability vector (optional; present when profiler v2 is active). */
+    healthVector?: import("../contracts/provider-health.js").ProviderHealthVector;
 }
 export interface AgentProvider {
     id: ProviderId;

package/dist/runtime/advanced-control-loop.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Advanced Control Loop — Phase 6 of OMK Weakness Remediation (Algorithm 12).
+ *
+ * Orchestrates Phases 1–5 into a single turn-gating engine:
+ * 1. Public surface compression
+ * 2. Proof bundle trust evaluation
+ * 3. Provider maturity gating
+ * 4. Evidence-calibrated router v2
+ * 5. Release gate advisory
+ */
+import type { CompressionResult, SurfaceItem } from "./public-surface.js";
+import type { ProofBundleScores, TrustScoreResult } from "./proof-bundle-trust.js";
+import type { MaturityResult } from "./provider-maturity-gate.js";
+import type { RuntimeRouterDecisionV2, EvidenceHistoryEntry, NodeIntent } from "./contracts/router-v2.js";
+import type { ReleasePromotionInputs, ReleasePromotionResult } from "./contracts/weakness-remediation.js";
+import type { ReleasePromotionGate } from "../cli/release-promotion-gate.js";
+import type { AdapterTestResult } from "./contracts/evidence.js";
+import type { AgentRuntime } from "./agent-runtime.js";
+export type IntegrationResultKind = "verified" | "blocked" | "handoff";
+export interface WeaknessRemediationState {
+    readonly publicSurface: CompressionResult;
+    readonly proofTrust: TrustScoreResult;
+    readonly providerMaturity: MaturityResult;
+    readonly routerV2Decision: RuntimeRouterDecisionV2 | null;
+    readonly releaseGate: ReleasePromotionResult | null;
+}
+export interface AdvancedControlLoopInput {
+    readonly turnId: string;
+    readonly intent: NodeIntent;
+    readonly surfaceItems: readonly SurfaceItem[];
+    readonly proofScores: ProofBundleScores;
+    readonly providerTests: readonly AdapterTestResult[];
+    readonly candidates: readonly AgentRuntime[];
+    readonly evidenceHistory: readonly EvidenceHistoryEntry[];
+    readonly releaseInputs?: ReleasePromotionInputs;
+    readonly retryBudget?: number;
+}
+export interface AdvancedControlLoopResult {
+    readonly kind: IntegrationResultKind;
+    readonly turnId: string;
+    readonly state: WeaknessRemediationState;
+    readonly replan?: {
+        readonly triggered: boolean;
+        readonly reason: string;
+        readonly retryBudgetRemaining: number;
+    };
+    readonly evidenceContractPath: string;
+}
+export interface AdvancedControlLoop {
+    readonly run: (input: AdvancedControlLoopInput) => Promise<AdvancedControlLoopResult>;
+}
+export interface AdvancedControlLoopOptions {
+    readonly publicSurfaceBudget?: number;
+    readonly tauProof?: number;
+    readonly tauEvidence?: number;
+    readonly releaseGate?: ReleasePromotionGate;
+    readonly releaseGateEnabled?: boolean;
+    readonly evidenceContractDir?: string;
+}
+export declare function createAdvancedControlLoop(options?: AdvancedControlLoopOptions): AdvancedControlLoop;

package/dist/runtime/advanced-control-loop.js

@@ -0,0 +1,136 @@
+/**
+ * Advanced Control Loop — Phase 6 of OMK Weakness Remediation (Algorithm 12).
+ *
+ * Orchestrates Phases 1–5 into a single turn-gating engine:
+ * 1. Public surface compression
+ * 2. Proof bundle trust evaluation
+ * 3. Provider maturity gating
+ * 4. Evidence-calibrated router v2
+ * 5. Release gate advisory
+ */
+import { PublicSurfaceCompressor } from "./public-surface.js";
+import { createProofBundleTrustEngine } from "./proof-bundle-trust.js";
+import { TAU_PROOF } from "./contracts/weakness-remediation.js";
+import { createProviderMaturityGate } from "./provider-maturity-gate.js";
+import { createRouterV2ScoringEngine } from "./router-v2-scoring.js";
+import { TAU_EVIDENCE } from "./contracts/weakness-remediation.js";
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+function clamp01(n) {
+    return Math.max(0, Math.min(1, n));
+}
+function buildState(publicSurface, proofTrust, providerMaturity, routerV2Decision, releaseGate) {
+    return Object.freeze({
+        publicSurface,
+        proofTrust: proofTrust ??
+            Object.freeze({
+                score: 0,
+                permissionLevel: "no-claim",
+                passed: false,
+                breakdown: Object.freeze({
+                    schema: 0,
+                    hashes: 0,
+                    commands: 0,
+                    stdout: 0,
+                    decisions: 0,
+                    evidence: 0,
+                    limitations: 0,
+                    replay: 0,
+                }),
+            }),
+        providerMaturity: providerMaturity ??
+            Object.freeze({
+                score: 0,
+                authorityClass: "disabled",
+                passed: false,
+                subScores: Object.freeze({
+                    auth: 0,
+                    read: 0,
+                    write: 0,
+                    shell: 0,
+                    mcp: 0,
+                    merge: 0,
+                    evidence: 0,
+                    fallback: 0,
+                }),
+            }),
+        routerV2Decision,
+        releaseGate,
+    });
+}
+// ─── Factory ─────────────────────────────────────────────────────────────────
+export function createAdvancedControlLoop(options = {}) {
+    const { publicSurfaceBudget, tauProof = TAU_PROOF, tauEvidence = TAU_EVIDENCE, releaseGate, releaseGateEnabled = true, evidenceContractDir = ".omk/evidence", } = options;
+    const compressorOptions = publicSurfaceBudget
+        ? { budget: publicSurfaceBudget }
+        : {};
+    const compressor = new PublicSurfaceCompressor(compressorOptions);
+    const proofEngine = createProofBundleTrustEngine();
+    const maturityGate = createProviderMaturityGate();
+    const routerV2Engine = createRouterV2ScoringEngine();
+    return {
+        async run(input) {
+            // Phase 1 — Public surface compression
+            const publicSurface = compressor.compress(input.surfaceItems);
+            if (!publicSurface.invariantPassed) {
+                return Object.freeze({
+                    kind: "blocked",
+                    turnId: input.turnId,
+                    state: buildState(publicSurface, null, null, null, null),
+                    evidenceContractPath: `${evidenceContractDir}/${input.turnId}-blocked.json`,
+                });
+            }
+            // Phase 2 — Proof bundle trust evaluation
+            const proofTrust = proofEngine.evaluate(input.proofScores);
+            if (proofTrust.score < tauProof) {
+                return Object.freeze({
+                    kind: "handoff",
+                    turnId: input.turnId,
+                    state: buildState(publicSurface, proofTrust, null, null, null),
+                    replan: {
+                        triggered: false,
+                        reason: `Proof trust ${clamp01(proofTrust.score).toFixed(3)} < τ_proof ${tauProof}`,
+                        retryBudgetRemaining: input.retryBudget ?? 0,
+                    },
+                    evidenceContractPath: `${evidenceContractDir}/${input.turnId}-handoff.json`,
+                });
+            }
+            // Phase 3 — Provider maturity gating
+            const providerMaturity = maturityGate.evaluate(input.providerTests);
+            if (!providerMaturity.passed || providerMaturity.authorityClass === "disabled") {
+                return Object.freeze({
+                    kind: "blocked",
+                    turnId: input.turnId,
+                    state: buildState(publicSurface, proofTrust, providerMaturity, null, null),
+                    evidenceContractPath: `${evidenceContractDir}/${input.turnId}-blocked.json`,
+                });
+            }
+            // Phase 4 — Evidence-calibrated router v2
+            const routerV2Decision = routerV2Engine.select([...input.candidates], input.intent, [...input.evidenceHistory]);
+            const bestScore = routerV2Decision.scores[0];
+            if (!bestScore || bestScore.bayesianEvidenceScore < tauEvidence) {
+                return Object.freeze({
+                    kind: "handoff",
+                    turnId: input.turnId,
+                    state: buildState(publicSurface, proofTrust, providerMaturity, routerV2Decision, null),
+                    replan: {
+                        triggered: true,
+                        reason: `Router v2 bayesian evidence ${bestScore ? clamp01(bestScore.bayesianEvidenceScore).toFixed(3) : "n/a"} < τ_evidence ${tauEvidence}`,
+                        retryBudgetRemaining: Math.max(0, (input.retryBudget ?? 1) - 1),
+                    },
+                    evidenceContractPath: `${evidenceContractDir}/${input.turnId}-handoff.json`,
+                });
+            }
+            // Phase 5 — Release gate advisory (optional)
+            let releaseGateResult = null;
+            if (releaseGateEnabled && releaseGate && input.releaseInputs) {
+                releaseGateResult = releaseGate.evaluate(input.releaseInputs);
+            }
+            return Object.freeze({
+                kind: "verified",
+                turnId: input.turnId,
+                state: buildState(publicSurface, proofTrust, providerMaturity, routerV2Decision, releaseGateResult),
+                evidenceContractPath: `${evidenceContractDir}/${input.turnId}-verified.json`,
+            });
+        },
+    };
+}

package/dist/runtime/agent-runtime.d.ts

@@ -91,12 +91,22 @@ export interface ProviderPolicy {
 export interface CapabilityManifest extends RuntimeCapabilities {
     readonly structuredOutput?: boolean;
 }
+export interface AgentTaskAttachment {
+    readonly name: string;
+    readonly path?: string;
+    readonly mimeType: string;
+    readonly dataUri: string;
+    readonly ext: string;
+    readonly source: "clipboard" | "file" | "drag";
+}
 export interface AgentTask {
     readonly prompt: string;
     readonly context: AgentContext;
     readonly tools: ToolManifest;
     readonly providerPolicy: ProviderPolicy;
     readonly capabilities: CapabilityManifest;
+    /** Images/files attached to this task (clipboard paste, --image, drag). */
+    readonly attachments?: readonly AgentTaskAttachment[];
 }
 export interface AgentResult {
     readonly output: string;

package/dist/runtime/blast-radius.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Blast radius penalty — penalizes runtimes for high-risk, wide-impact tasks.
+ *
+ * Higher downstream dependency counts, larger affected file surfaces, and
+ * global side-effects increase the penalty, nudging the router toward
+ * more mature or lower-blast-radius runtimes.
+ */
+import type { BlastRadiusParams } from "./contracts/router-v2.js";
+export type { BlastRadiusParams } from "./contracts/router-v2.js";
+export declare function computeBlastRadiusPenalty(params: BlastRadiusParams): number;

package/dist/runtime/blast-radius.js

@@ -0,0 +1,14 @@
+/**
+ * Blast radius penalty — penalizes runtimes for high-risk, wide-impact tasks.
+ *
+ * Higher downstream dependency counts, larger affected file surfaces, and
+ * global side-effects increase the penalty, nudging the router toward
+ * more mature or lower-blast-radius runtimes.
+ */
+export function computeBlastRadiusPenalty(params) {
+    const { downstreamNodeCount, affectedFileCount, hasGlobalSideEffects } = params;
+    const downstreamPenalty = Math.min(0.15, downstreamNodeCount * 0.03);
+    const filePenalty = Math.min(0.10, affectedFileCount * 0.01);
+    const sideEffectPenalty = hasGlobalSideEffects ? 0.10 : 0.0;
+    return Math.min(0.30, downstreamPenalty + filePenalty + sideEffectPenalty);
+}

package/dist/runtime/contracts/evidence.d.ts

@@ -0,0 +1,87 @@
+/**
+ * Evidence contracts for OMK Weakness Remediation.
+ *
+ * Core interfaces that bridge reasoning traces, runtime decisions,
+ * provider maturity, and release gates into a verifiable evidence model.
+ */
+/** Granularity of a single evidence artifact. */
+export type EvidenceKind = "test" | "diff" | "command" | "screenshot" | "trace" | "metric" | "audit" | "review";
+/** Verdict state of an evidence item. */
+export type EvidenceVerdict = "pass" | "fail" | "partial" | "pending";
+/** A single, auditable piece of evidence. */
+export interface EvidenceItem {
+    readonly id: string;
+    readonly kind: EvidenceKind;
+    readonly source: string;
+    readonly description: string;
+    readonly verdict: EvidenceVerdict;
+    readonly timestamp: string;
+    readonly confidence: number;
+    readonly linkedTraceId?: string;
+    readonly linkedFilePaths: readonly string[];
+    readonly metadata?: Readonly<Record<string, unknown>>;
+}
+/** A curated bundle of evidence items with a collective verdict. */
+export interface ProofBundle {
+    readonly id: string;
+    readonly name: string;
+    readonly items: readonly EvidenceItem[];
+    readonly createdAt: string;
+    readonly verdict: EvidenceVerdict;
+    readonly coveragePercent: number;
+    readonly summary: string;
+}
+/** Maturity tier for a provider or runtime surface. */
+export type MaturityTier = "experimental" | "preview" | "stable" | "deprecated";
+/** Maturity assessment for a provider/runtime. */
+export interface ProviderMaturity {
+    readonly providerId: string;
+    readonly tier: MaturityTier;
+    readonly runCount: number;
+    readonly passRate: number;
+    readonly lastVerifiedAt: string;
+    readonly knownIssues: readonly string[];
+    readonly recommendedBudgetFactor: number;
+}
+/** Normalized record of a runtime routing decision. */
+export interface RuntimeRouterDecision {
+    readonly decisionId: string;
+    readonly turnId: string;
+    readonly timestamp: string;
+    readonly intentCategory: string;
+    readonly selectedRuntimeId: string;
+    readonly candidatesConsidered: readonly string[];
+    readonly confidence: number;
+    readonly fallbackUsed: boolean;
+    readonly latencyMs: number;
+}
+/** Permission level derived from a proof bundle trust score. */
+export type ClaimPermissionLevel = "strong-public-claim" | "qualified-public-claim" | "internal-claim-only" | "no-claim";
+/** Authority class derived from provider maturity score and sub-scores. */
+export type ProviderAuthorityClass = "merge-authority" | "write-authority" | "review-authority" | "read-only-advisory" | "disabled";
+/** Kinds of adapter tests used in provider maturity assessment. */
+export type AdapterTestKind = "auth" | "read" | "write" | "shell" | "mcp" | "merge" | "evidence" | "fallback";
+/** Result of a single adapter test. */
+export interface AdapterTestResult {
+    readonly kind: AdapterTestKind;
+    readonly passed: boolean;
+    readonly score: number;
+    readonly details?: string;
+}
+/** Per-gate check result. */
+export interface GateCheck {
+    readonly gate: string;
+    readonly passed: boolean;
+    readonly message: string;
+    readonly evidenceIds: readonly string[];
+}
+/** Result of a full release gate evaluation. */
+export interface ReleaseGateResult {
+    readonly runId: string;
+    readonly timestamp: string;
+    readonly overallPass: boolean;
+    readonly checks: readonly GateCheck[];
+    readonly requiredGates: readonly string[];
+    readonly optionalGates: readonly string[];
+    readonly summary: string;
+}

package/dist/runtime/contracts/evidence.js

@@ -0,0 +1,7 @@
+/**
+ * Evidence contracts for OMK Weakness Remediation.
+ *
+ * Core interfaces that bridge reasoning traces, runtime decisions,
+ * provider maturity, and release gates into a verifiable evidence model.
+ */
+export {};

package/dist/runtime/contracts/router-v2.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Router v2 contracts — Evidence-Calibrated Runtime Router (Algorithm 6)
+ */
+import type { AgentRuntime } from "../agent-runtime.js";
+export type NodeIntent = "research" | "planning" | "coding" | "debugging" | "refactor" | "review" | "test-generation" | "documentation" | "shell-operation";
+export interface EvidenceHistoryEntry {
+    readonly runtime: string;
+    readonly intent: string;
+    readonly passed: boolean;
+    readonly timestamp: string;
+    readonly nodeId: string;
+}
+export interface RuntimeScoreV2 {
+    readonly runtimeId: string;
+    readonly bayesianEvidenceScore: number;
+    readonly confidence: number;
+    readonly capabilityFit: number;
+    readonly maturityScore: number;
+    readonly latencyScore: number;
+    readonly costScore: number;
+    readonly recentFailurePenalty: number;
+    readonly blastRadiusPenalty: number;
+    readonly composite: number;
+}
+export interface RuntimeRouterDecisionV2 {
+    readonly runtime: AgentRuntime;
+    readonly reason: string;
+    readonly fallbacks: AgentRuntime[];
+    readonly intent: NodeIntent;
+    readonly scores: RuntimeScoreV2[];
+}
+export interface BlastRadiusParams {
+    readonly downstreamNodeCount: number;
+    readonly affectedFileCount: number;
+    readonly hasGlobalSideEffects: boolean;
+}
+export interface RouterV2Options {
+    readonly enableBlastRadius?: boolean;
+    readonly blastRadiusParams?: BlastRadiusParams;
+}
+export interface RouterV2ScoringEngine {
+    score(runtime: AgentRuntime, intent: NodeIntent, history: EvidenceHistoryEntry[]): RuntimeScoreV2;
+    select(candidates: AgentRuntime[], intent: NodeIntent, history: EvidenceHistoryEntry[]): RuntimeRouterDecisionV2;
+}

package/dist/runtime/contracts/router-v2.js

@@ -0,0 +1,4 @@
+/**
+ * Router v2 contracts — Evidence-Calibrated Runtime Router (Algorithm 6)
+ */
+export {};

package/dist/runtime/contracts/weakness-remediation.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Weakness Remediation contracts — shared constants and Phase 5 types.
+ *
+ * - Phase 2 Proof Bundle Trust, Phase 3 Provider Maturity Gate,
+ *   and Phase 1 Public Surface Compression share thresholds here.
+ * - Phase 5 Release Promotion Gate types live here as well.
+ */
+/** Evidence trust threshold for standard claims. */
+export declare const TAU_EVIDENCE = 0.75;
+/** Evidence trust threshold for high-confidence claims. */
+export declare const TAU_EVIDENCE_HIGH = 0.85;
+/** Proof bundle trust threshold. */
+export declare const TAU_PROOF = 0.85;
+/** Stability/maturity threshold for fully-trusted surfaces. */
+export declare const TAU_STABLE = 0.9;
+/** Beta prior α₀ for Bayesian run-count scoring. */
+export declare const BETA_PRIOR_ALPHA0 = 1;
+/** Beta prior β₀ for Bayesian run-count scoring. */
+export declare const BETA_PRIOR_BETA0 = 1;
+/** Default public surface budget K (max items). */
+export declare const SURFACE_BUDGET_K = 8;
+/** Algorithm 8 release gate weights. */
+export declare const RELEASE_GATE_WEIGHTS: {
+    readonly ci: 0.15;
+    readonly build: 0.1;
+    readonly types: 0.1;
+    readonly tests: 0.1;
+    readonly install: 0.1;
+    readonly demo: 0.15;
+    readonly proof: 0.15;
+    readonly maturity: 0.1;
+    readonly docs: 0.1;
+    readonly regression: 0.15;
+};
+export type ReleaseVerdict = "block" | "pre-release" | "stable";
+export interface ReleasePromotionInputs {
+    readonly ci: number;
+    readonly docs: number;
+    readonly proofMedian: number;
+    readonly regressionSeverity: number;
+    readonly freshInstallSmoke: number;
+    /** Backward-compat: old callers may still pass schema. */
+    readonly schema?: number;
+    /** Backward-compat: old callers may still pass providerMinimum. */
+    readonly providerMinimum?: number;
+    /** Backward-compat: old callers may still pass semver. */
+    readonly semver?: number;
+    /** Algorithm 8 — build dimension (0–1). */
+    readonly build?: number;
+    /** Algorithm 8 — type-check dimension (0–1). */
+    readonly types?: number;
+    /** Algorithm 8 — test dimension (0–1). */
+    readonly tests?: number;
+    /** Algorithm 8 — maturity dimension (0–1). Falls back to providerMinimum. */
+    readonly maturity?: number;
+    /** Algorithm 8 — minimal verified demo run gate. Hard block when false/undefined. */
+    readonly demoRun?: boolean;
+}
+export interface ReleasePromotionResult {
+    readonly score: number;
+    readonly verdict: ReleaseVerdict;
+    readonly blocked: boolean;
+    readonly reasons: readonly string[];
+}
+export interface ReleasePromotionGate {
+    evaluate(inputs: ReleasePromotionInputs): ReleasePromotionResult;
+}

package/dist/runtime/contracts/weakness-remediation.js

@@ -0,0 +1,36 @@
+/**
+ * Weakness Remediation contracts — shared constants and Phase 5 types.
+ *
+ * - Phase 2 Proof Bundle Trust, Phase 3 Provider Maturity Gate,
+ *   and Phase 1 Public Surface Compression share thresholds here.
+ * - Phase 5 Release Promotion Gate types live here as well.
+ */
+// ── Shared constants (Phase 1–3) ────────────────────────────────
+/** Evidence trust threshold for standard claims. */
+export const TAU_EVIDENCE = 0.75;
+/** Evidence trust threshold for high-confidence claims. */
+export const TAU_EVIDENCE_HIGH = 0.85;
+/** Proof bundle trust threshold. */
+export const TAU_PROOF = 0.85;
+/** Stability/maturity threshold for fully-trusted surfaces. */
+export const TAU_STABLE = 0.90;
+/** Beta prior α₀ for Bayesian run-count scoring. */
+export const BETA_PRIOR_ALPHA0 = 1;
+/** Beta prior β₀ for Bayesian run-count scoring. */
+export const BETA_PRIOR_BETA0 = 1;
+/** Default public surface budget K (max items). */
+export const SURFACE_BUDGET_K = 8;
+// ── Phase 5 Release Promotion Gate ──────────────────────────────
+/** Algorithm 8 release gate weights. */
+export const RELEASE_GATE_WEIGHTS = {
+    ci: 0.15,
+    build: 0.10,
+    types: 0.10,
+    tests: 0.10,
+    install: 0.10,
+    demo: 0.15,
+    proof: 0.15,
+    maturity: 0.10,
+    docs: 0.10,
+    regression: 0.15,
+};