oxe-cc 1.0.0 → 1.2.1

package/lib/runtime/decision/decision-engine.js

@@ -0,0 +1,127 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DecisionEngine = void 0;
+exports.appendDecision = appendDecision;
+exports.loadDecisionLog = loadDecisionLog;
+exports.queryDecisions = queryDecisions;
+const crypto_1 = __importDefault(require("crypto"));
+const path_1 = __importDefault(require("path"));
+const fs_1 = __importDefault(require("fs"));
+function computeSeniority(confidence) {
+    if (confidence >= 0.9)
+        return 'expert';
+    if (confidence >= 0.75)
+        return 'senior';
+    if (confidence >= 0.5)
+        return 'standard';
+    return 'junior';
+}
+class DecisionEngine {
+    evaluate(input) {
+        const signals = [];
+        let type = 'proceed';
+        let confidence = 0.8;
+        let rationale = '';
+        if (!input.policy_allowed) {
+            signals.push('policy_denied');
+            type = 'abort';
+            confidence = 1.0;
+            rationale = 'Policy denied execution — aborting without retry.';
+        }
+        else {
+            signals.push('policy_allowed');
+            if (input.gate_pending && !input.gate_approved) {
+                signals.push('gate_pending');
+                type = 'escalate_gate';
+                confidence = 0.95;
+                rationale = 'Human gate pending — escalating for approval before proceeding.';
+            }
+            else {
+                if (input.gate_approved)
+                    signals.push('gate_approved');
+                if (input.risk_level === 'high' || input.risk_level === 'critical') {
+                    signals.push('risk_high');
+                    confidence = Math.max(0.4, confidence - 0.3);
+                    rationale += 'High residual risk detected. ';
+                }
+                if (input.retry_count >= input.max_retries) {
+                    signals.push('retry_budget_exhausted');
+                    type = 'abort';
+                    confidence = 0.9;
+                    rationale += `Retry budget exhausted (${input.retry_count}/${input.max_retries}).`;
+                }
+                else if (input.retry_count > 0) {
+                    signals.push('retry_budget_available');
+                    type = 'retry';
+                    confidence = 0.7;
+                    rationale += `Retrying (attempt ${input.retry_count + 1}/${input.max_retries + 1}).`;
+                }
+                else {
+                    if (input.evidence_count > 0) {
+                        signals.push('evidence_sufficient');
+                        confidence = Math.min(1.0, confidence + 0.1);
+                    }
+                    else {
+                        signals.push('evidence_missing');
+                        confidence = Math.max(0.3, confidence - 0.2);
+                    }
+                    if (input.lesson_match) {
+                        signals.push('lesson_match');
+                        type = 'promote_lesson';
+                        confidence = Math.min(1.0, confidence + 0.05);
+                    }
+                    if (!rationale)
+                        rationale = 'All signals green — proceeding with execution.';
+                }
+            }
+        }
+        return {
+            decision_id: `dec-${crypto_1.default.randomBytes(4).toString('hex')}`,
+            work_item_id: input.work_item_id ?? null,
+            run_id: input.run_id,
+            type,
+            seniority: computeSeniority(confidence),
+            confidence: Math.round(confidence * 100) / 100,
+            signals,
+            rationale: rationale.trim(),
+            timestamp: new Date().toISOString(),
+            ...(input.memo !== undefined ? { memo: input.memo } : {}),
+        };
+    }
+}
+exports.DecisionEngine = DecisionEngine;
+function appendDecision(projectRoot, runId, record) {
+    const p = logPath(projectRoot, runId);
+    fs_1.default.mkdirSync(path_1.default.dirname(p), { recursive: true });
+    const log = loadDecisionLog(projectRoot, runId) ?? { run_id: runId, decisions: [] };
+    log.decisions.push(record);
+    fs_1.default.writeFileSync(p, JSON.stringify(log, null, 2), 'utf8');
+}
+function loadDecisionLog(projectRoot, runId) {
+    const p = logPath(projectRoot, runId);
+    if (!fs_1.default.existsSync(p))
+        return null;
+    try {
+        return JSON.parse(fs_1.default.readFileSync(p, 'utf8'));
+    }
+    catch {
+        return null;
+    }
+}
+function queryDecisions(log, filter) {
+    return log.decisions.filter((d) => {
+        if (filter.type && d.type !== filter.type)
+            return false;
+        if (filter.workItemId && d.work_item_id !== filter.workItemId)
+            return false;
+        if (filter.minConfidence !== undefined && d.confidence < filter.minConfidence)
+            return false;
+        return true;
+    });
+}
+function logPath(projectRoot, runId) {
+    return path_1.default.join(projectRoot, '.oxe', 'runs', runId, 'decisions.json');
+}

package/lib/runtime/decision/decision-memo.d.ts

@@ -0,0 +1,53 @@
+export type ChangeStrategy = 'minimal_patch' | 'isolated_refactor' | 'expand_contract' | 'feature_flag' | 'no_op';
+export interface BlastRadiusEstimate {
+    estimated_files: number;
+    subsystems: string[];
+    risk_score: number;
+    reversible: boolean;
+}
+export interface RollbackPlan {
+    strategy: 'revert_commit' | 'restore_workspace' | 'undo_patch' | 'no_rollback';
+    steps: string[];
+    estimated_cost: 'low' | 'medium' | 'high';
+    preconditions: string[];
+}
+export interface DecisionMemo {
+    memo_id: string;
+    work_item_id: string;
+    run_id: string;
+    problem_summary: string;
+    chosen_strategy: ChangeStrategy;
+    alternatives_rejected: Array<{
+        strategy: ChangeStrategy;
+        reason: string;
+    }>;
+    blast_radius: BlastRadiusEstimate;
+    rollback_plan: RollbackPlan;
+    min_evidence_required: string[];
+    confidence: number;
+    created_at: string;
+}
+export declare function buildBlastRadius(mutationScope: string[], retryCount: number, riskLevel: string): BlastRadiusEstimate;
+export declare function buildRollbackPlan(blastRadius: BlastRadiusEstimate, retryCount: number): RollbackPlan;
+export declare class StrategySelector {
+    select(mutationScope: string[], retryCount: number, riskLevel: string): ChangeStrategy;
+    alternatives(chosen: ChangeStrategy, mutationScope: string[], riskLevel: string): Array<{
+        strategy: ChangeStrategy;
+        reason: string;
+    }>;
+    private rejectionReason;
+}
+export interface BuildMemoInput {
+    work_item_id: string;
+    run_id: string;
+    problem_summary: string;
+    mutation_scope: string[];
+    retry_count: number;
+    risk_level: string;
+    min_evidence_required?: string[];
+    confidence?: number;
+}
+export declare function buildMemo(input: BuildMemoInput): DecisionMemo;
+export declare function saveMemo(projectRoot: string, memo: DecisionMemo): void;
+export declare function loadMemo(projectRoot: string, runId: string, memoId: string): DecisionMemo | null;
+export declare function listMemos(projectRoot: string, runId: string): DecisionMemo[];

package/lib/runtime/decision/decision-memo.js

@@ -0,0 +1,173 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.StrategySelector = void 0;
+exports.buildBlastRadius = buildBlastRadius;
+exports.buildRollbackPlan = buildRollbackPlan;
+exports.buildMemo = buildMemo;
+exports.saveMemo = saveMemo;
+exports.loadMemo = loadMemo;
+exports.listMemos = listMemos;
+const crypto_1 = __importDefault(require("crypto"));
+const path_1 = __importDefault(require("path"));
+const fs_1 = __importDefault(require("fs"));
+// ─── BlastRadius estimation ───────────────────────────────────────────────────
+function deriveSubsystems(mutationScope) {
+    const seen = new Set();
+    for (const p of mutationScope) {
+        const parts = p.replace(/\\/g, '/').split('/');
+        if (parts.length >= 2)
+            seen.add(parts[0]);
+        else
+            seen.add(p);
+    }
+    return [...seen];
+}
+function estimateRiskScore(mutationScope, retryCount, riskLevel) {
+    let score = 0;
+    score += Math.min(0.4, mutationScope.length * 0.05);
+    score += retryCount > 0 ? Math.min(0.2, retryCount * 0.05) : 0;
+    switch (riskLevel) {
+        case 'critical':
+            score += 0.4;
+            break;
+        case 'high':
+            score += 0.3;
+            break;
+        case 'medium':
+            score += 0.15;
+            break;
+        case 'low':
+            score += 0.05;
+            break;
+        default: break;
+    }
+    return Math.min(1, score);
+}
+function buildBlastRadius(mutationScope, retryCount, riskLevel) {
+    const risk_score = estimateRiskScore(mutationScope, retryCount, riskLevel);
+    return {
+        estimated_files: mutationScope.length,
+        subsystems: deriveSubsystems(mutationScope),
+        risk_score: Math.round(risk_score * 100) / 100,
+        reversible: riskLevel !== 'critical' && mutationScope.length <= 10,
+    };
+}
+// ─── RollbackPlan ─────────────────────────────────────────────────────────────
+function buildRollbackPlan(blastRadius, retryCount) {
+    if (blastRadius.risk_score >= 0.7 || !blastRadius.reversible) {
+        return {
+            strategy: 'restore_workspace',
+            steps: ['snapshot workspace before mutation', 'restore snapshot on failure', 'verify clean state'],
+            estimated_cost: 'high',
+            preconditions: ['workspace snapshot available', 'no shared-state mutations'],
+        };
+    }
+    if (retryCount > 1 || blastRadius.estimated_files > 5) {
+        return {
+            strategy: 'revert_commit',
+            steps: ['record commit SHA before change', 'git revert on failure'],
+            estimated_cost: 'medium',
+            preconditions: ['git repo initialized', 'changes committed atomically'],
+        };
+    }
+    return {
+        strategy: 'undo_patch',
+        steps: ['apply inverse patch'],
+        estimated_cost: 'low',
+        preconditions: ['original file state recorded'],
+    };
+}
+// ─── StrategySelector ────────────────────────────────────────────────────────
+class StrategySelector {
+    select(mutationScope, retryCount, riskLevel) {
+        if (riskLevel === 'critical')
+            return 'feature_flag';
+        if (retryCount > 1)
+            return 'minimal_patch';
+        if (mutationScope.length > 8)
+            return 'isolated_refactor';
+        if (riskLevel === 'high')
+            return 'feature_flag';
+        if (mutationScope.length > 3)
+            return 'expand_contract';
+        if (mutationScope.length === 0)
+            return 'no_op';
+        return 'minimal_patch';
+    }
+    alternatives(chosen, mutationScope, riskLevel) {
+        const all = ['minimal_patch', 'isolated_refactor', 'expand_contract', 'feature_flag', 'no_op'];
+        return all
+            .filter((s) => s !== chosen)
+            .map((s) => ({ strategy: s, reason: this.rejectionReason(s, chosen, mutationScope, riskLevel) }));
+    }
+    rejectionReason(s, chosen, mutationScope, riskLevel) {
+        switch (s) {
+            case 'no_op': return 'mutation scope is non-empty; no-op would not satisfy requirements';
+            case 'feature_flag': return riskLevel !== 'critical' && riskLevel !== 'high' ? 'risk level does not warrant feature flag overhead' : `${chosen} preferred for scope size`;
+            case 'isolated_refactor': return mutationScope.length <= 8 ? 'scope is small enough for simpler strategy' : `${chosen} preferred`;
+            case 'expand_contract': return 'expand-contract requires coordinated deployment; overhead not justified here';
+            case 'minimal_patch': return `${chosen} preferred due to scope or risk level`;
+            default: return 'not applicable';
+        }
+    }
+}
+exports.StrategySelector = StrategySelector;
+function buildMemo(input) {
+    const selector = new StrategySelector();
+    const chosen = selector.select(input.mutation_scope, input.retry_count, input.risk_level);
+    const blast_radius = buildBlastRadius(input.mutation_scope, input.retry_count, input.risk_level);
+    const rollback_plan = buildRollbackPlan(blast_radius, input.retry_count);
+    const alternatives_rejected = selector.alternatives(chosen, input.mutation_scope, input.risk_level);
+    return {
+        memo_id: `memo-${crypto_1.default.randomBytes(4).toString('hex')}`,
+        work_item_id: input.work_item_id,
+        run_id: input.run_id,
+        problem_summary: input.problem_summary,
+        chosen_strategy: chosen,
+        alternatives_rejected,
+        blast_radius,
+        rollback_plan,
+        min_evidence_required: input.min_evidence_required ?? [],
+        confidence: input.confidence ?? (1 - blast_radius.risk_score),
+        created_at: new Date().toISOString(),
+    };
+}
+function memoDir(projectRoot, runId) {
+    return path_1.default.join(projectRoot, '.oxe', 'runs', runId, 'memos');
+}
+function saveMemo(projectRoot, memo) {
+    const dir = memoDir(projectRoot, memo.run_id);
+    fs_1.default.mkdirSync(dir, { recursive: true });
+    fs_1.default.writeFileSync(path_1.default.join(dir, `${memo.memo_id}.json`), JSON.stringify(memo, null, 2), 'utf8');
+}
+function loadMemo(projectRoot, runId, memoId) {
+    const p = path_1.default.join(memoDir(projectRoot, runId), `${memoId}.json`);
+    if (!fs_1.default.existsSync(p))
+        return null;
+    try {
+        return JSON.parse(fs_1.default.readFileSync(p, 'utf8'));
+    }
+    catch {
+        return null;
+    }
+}
+function listMemos(projectRoot, runId) {
+    const dir = memoDir(projectRoot, runId);
+    if (!fs_1.default.existsSync(dir))
+        return [];
+    return fs_1.default
+        .readdirSync(dir)
+        .filter((f) => f.endsWith('.json'))
+        .map((f) => {
+        try {
+            return JSON.parse(fs_1.default.readFileSync(path_1.default.join(dir, f), 'utf8'));
+        }
+        catch {
+            return null;
+        }
+    })
+        .filter((m) => m !== null);
+}

package/lib/runtime/decision/index.d.ts

@@ -0,0 +1,2 @@
+export * from './decision-engine';
+export * from './decision-memo';

package/lib/runtime/decision/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./decision-engine"), exports);
+__exportStar(require("./decision-memo"), exports);

package/lib/runtime/delivery/index.d.ts

@@ -1,3 +1,4 @@
 export * from './branch-manager';
 export * from './pr-manager';
 export * from './ci-checks';
+export * from './promotion-pipeline';

package/lib/runtime/delivery/index.js

@@ -17,3 +17,4 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./branch-manager"), exports);
 __exportStar(require("./pr-manager"), exports);
 __exportStar(require("./ci-checks"), exports);
+__exportStar(require("./promotion-pipeline"), exports);

package/lib/runtime/delivery/promotion-pipeline.d.ts

@@ -0,0 +1,39 @@
+import type { PRManager } from './pr-manager';
+import type { BranchManager } from './branch-manager';
+import type { VerificationManifest, ResidualRiskLedger } from '../verification/verification-manifest';
+import type { RunResult } from '../scheduler/scheduler';
+export interface RunPRLink {
+    run_id: string;
+    branch: string;
+    pr_url: string | null;
+    pr_number: number | null;
+    status: 'pending' | 'open' | 'merged' | 'closed' | 'blocked';
+    created_at: string;
+    merged_at: string | null;
+}
+export interface PromotionOptions {
+    baseBranch?: string;
+    draftPR?: boolean;
+    autoMerge?: boolean;
+    mergeMethod?: 'merge' | 'squash' | 'rebase';
+}
+export type MergeGateVerdict = 'approved' | 'blocked' | 'needs_review';
+export interface MergeGateReport {
+    verdict: MergeGateVerdict;
+    reasons: string[];
+    blocking_risks: string[];
+}
+export declare class MergeGateEvaluator {
+    evaluate(runResult: RunResult, manifest: VerificationManifest | null, riskLedger: ResidualRiskLedger | null): MergeGateReport;
+}
+export declare class PromotionPipeline {
+    private readonly projectRoot;
+    private readonly branchManager;
+    private readonly prManager;
+    private readonly gateEvaluator;
+    constructor(projectRoot: string, branchManager: BranchManager, prManager: PRManager, gateEvaluator?: MergeGateEvaluator);
+    buildPRBody(runResult: RunResult, manifest: VerificationManifest | null, riskLedger: ResidualRiskLedger | null): string;
+    promote(runResult: RunResult, manifest: VerificationManifest | null, riskLedger: ResidualRiskLedger | null, opts?: PromotionOptions): Promise<RunPRLink>;
+    savePRLink(runId: string, link: RunPRLink): void;
+    loadPRLink(runId: string): RunPRLink | null;
+}

package/lib/runtime/delivery/promotion-pipeline.js

@@ -0,0 +1,127 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PromotionPipeline = exports.MergeGateEvaluator = void 0;
+const path_1 = __importDefault(require("path"));
+const fs_1 = __importDefault(require("fs"));
+class MergeGateEvaluator {
+    evaluate(runResult, manifest, riskLedger) {
+        const reasons = [];
+        const blockingRisks = [];
+        if (runResult.failed.length > 0) {
+            reasons.push(`${runResult.failed.length} task(s) failed: ${runResult.failed.join(', ')}`);
+        }
+        if (runResult.blocked.length > 0) {
+            reasons.push(`${runResult.blocked.length} task(s) blocked: ${runResult.blocked.join(', ')}`);
+        }
+        if (manifest && !manifest.summary.all_passed) {
+            reasons.push(`Verification: ${manifest.summary.fail} check(s) failed, ${manifest.summary.error} error(s)`);
+        }
+        if (riskLedger) {
+            const critical = riskLedger.risks.filter((r) => r.severity === 'critical' || r.severity === 'high');
+            for (const risk of critical) {
+                blockingRisks.push(`[${risk.severity.toUpperCase()}] ${risk.description}`);
+            }
+        }
+        const hasBlockers = reasons.length > 0 || blockingRisks.length > 0;
+        const verdict = hasBlockers ? 'blocked' : 'approved';
+        return { verdict, reasons, blocking_risks: blockingRisks };
+    }
+}
+exports.MergeGateEvaluator = MergeGateEvaluator;
+class PromotionPipeline {
+    constructor(projectRoot, branchManager, prManager, gateEvaluator = new MergeGateEvaluator()) {
+        this.projectRoot = projectRoot;
+        this.branchManager = branchManager;
+        this.prManager = prManager;
+        this.gateEvaluator = gateEvaluator;
+    }
+    buildPRBody(runResult, manifest, riskLedger) {
+        const lines = [];
+        lines.push('## OXE Run Summary');
+        lines.push('');
+        lines.push(`**Run ID:** \`${runResult.run_id}\``);
+        lines.push(`**Status:** ${runResult.status}`);
+        lines.push(`**Completed:** ${runResult.completed.length} tasks`);
+        if (runResult.failed.length > 0) {
+            lines.push(`**Failed:** ${runResult.failed.join(', ')}`);
+        }
+        if (runResult.blocked.length > 0) {
+            lines.push(`**Blocked:** ${runResult.blocked.join(', ')}`);
+        }
+        if (manifest) {
+            lines.push('');
+            lines.push('## Verification');
+            lines.push(`- Total: ${manifest.summary.total}`);
+            lines.push(`- Pass: ${manifest.summary.pass}`);
+            lines.push(`- Fail: ${manifest.summary.fail}`);
+            lines.push(`- Skip: ${manifest.summary.skip}`);
+        }
+        if (riskLedger && riskLedger.risks.length > 0) {
+            lines.push('');
+            lines.push('## Residual Risks');
+            for (const risk of riskLedger.risks) {
+                lines.push(`- [${risk.severity.toUpperCase()}] ${risk.description}`);
+                if (risk.mitigation)
+                    lines.push(`  - Mitigation: ${risk.mitigation}`);
+            }
+        }
+        lines.push('');
+        lines.push('---');
+        lines.push('*Generated by OXE Runtime*');
+        return lines.join('\n');
+    }
+    async promote(runResult, manifest, riskLedger, opts = {}) {
+        const gateReport = this.gateEvaluator.evaluate(runResult, manifest, riskLedger);
+        const link = {
+            run_id: runResult.run_id,
+            branch: this.branchManager.currentBranch(),
+            pr_url: null,
+            pr_number: null,
+            status: 'pending',
+            created_at: new Date().toISOString(),
+            merged_at: null,
+        };
+        if (gateReport.verdict === 'blocked') {
+            link.status = 'blocked';
+            this.savePRLink(runResult.run_id, link);
+            return link;
+        }
+        const body = this.buildPRBody(runResult, manifest, riskLedger);
+        const title = `oxe: run ${runResult.run_id} — ${runResult.completed.length} tasks`;
+        const prResult = this.prManager.createDraft({
+            title,
+            body,
+            base: opts.baseBranch ?? 'main',
+            draft: opts.draftPR !== false,
+        });
+        if (!prResult.success || !prResult.url) {
+            link.status = 'blocked';
+            this.savePRLink(runResult.run_id, link);
+            return link;
+        }
+        link.pr_url = prResult.url;
+        link.status = 'open';
+        this.savePRLink(runResult.run_id, link);
+        return link;
+    }
+    savePRLink(runId, link) {
+        const p = path_1.default.join(this.projectRoot, '.oxe', 'runs', runId, 'pr-link.json');
+        fs_1.default.mkdirSync(path_1.default.dirname(p), { recursive: true });
+        fs_1.default.writeFileSync(p, JSON.stringify(link, null, 2), 'utf8');
+    }
+    loadPRLink(runId) {
+        const p = path_1.default.join(this.projectRoot, '.oxe', 'runs', runId, 'pr-link.json');
+        if (!fs_1.default.existsSync(p))
+            return null;
+        try {
+            return JSON.parse(fs_1.default.readFileSync(p, 'utf8'));
+        }
+        catch {
+            return null;
+        }
+    }
+}
+exports.PromotionPipeline = PromotionPipeline;

package/lib/runtime/index.d.ts

@@ -7,6 +7,7 @@ export * from './workspace/index';
 export * from './evidence/index';
 export { compile as compileVerification, runCheck, runSuite, summarizeSuite, } from './verification/verification-compiler';
 export type { CheckType, AcceptanceCheck, AcceptanceCheckSuite, CheckResult, } from './verification/verification-compiler';
+export * from './verification/verification-manifest';
 export * from './policy/index';
 export * from './gate/index';
 export * from './projection/index';
@@ -14,3 +15,5 @@ export * from './plugins/index';
 export * from './delivery/index';
 export * from './context/index';
 export * from './scheduler/multi-agent-coordinator';
+export * from './decision/index';
+export * from './audit/index';

package/lib/runtime/index.js

@@ -30,6 +30,7 @@ Object.defineProperty(exports, "compileVerification", { enumerable: true, get: f
 Object.defineProperty(exports, "runCheck", { enumerable: true, get: function () { return verification_compiler_1.runCheck; } });
 Object.defineProperty(exports, "runSuite", { enumerable: true, get: function () { return verification_compiler_1.runSuite; } });
 Object.defineProperty(exports, "summarizeSuite", { enumerable: true, get: function () { return verification_compiler_1.summarizeSuite; } });
+__exportStar(require("./verification/verification-manifest"), exports);
 __exportStar(require("./policy/index"), exports);
 __exportStar(require("./gate/index"), exports);
 __exportStar(require("./projection/index"), exports);
@@ -38,3 +39,6 @@ __exportStar(require("./plugins/index"), exports);
 __exportStar(require("./delivery/index"), exports);
 __exportStar(require("./context/index"), exports);
 __exportStar(require("./scheduler/multi-agent-coordinator"), exports);
+// R4 Public ABI — Decision, Audit & Enterprise
+__exportStar(require("./decision/index"), exports);
+__exportStar(require("./audit/index"), exports);

package/lib/runtime/plugins/capability-matrix.d.ts

@@ -0,0 +1,20 @@
+import type { PluginRegistry } from './plugin-registry';
+export type ApiStability = 'stable' | 'experimental' | 'deprecated';
+export interface ProviderCapabilityEntry {
+    name: string;
+    provider_type: 'tool' | 'workspace' | 'verifier' | 'context';
+    stability: ApiStability;
+    since_abi_version: string;
+    deprecated_in?: string;
+    replacement?: string;
+}
+export interface CapabilityMatrix {
+    abi_version: string;
+    entries: ProviderCapabilityEntry[];
+}
+export declare function buildMatrix(registry: PluginRegistry): CapabilityMatrix;
+export declare function getStableEntries(matrix: CapabilityMatrix): ProviderCapabilityEntry[];
+export declare function getExperimentalEntries(matrix: CapabilityMatrix): ProviderCapabilityEntry[];
+export declare function getDeprecatedEntries(matrix: CapabilityMatrix): ProviderCapabilityEntry[];
+export declare function markDeprecated(matrix: CapabilityMatrix, name: string, deprecatedIn: string, replacement?: string): CapabilityMatrix;
+export declare function addEntry(matrix: CapabilityMatrix, entry: ProviderCapabilityEntry): CapabilityMatrix;

package/lib/runtime/plugins/capability-matrix.js

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildMatrix = buildMatrix;
+exports.getStableEntries = getStableEntries;
+exports.getExperimentalEntries = getExperimentalEntries;
+exports.getDeprecatedEntries = getDeprecatedEntries;
+exports.markDeprecated = markDeprecated;
+exports.addEntry = addEntry;
+const plugin_manifest_1 = require("./plugin-manifest");
+function buildMatrix(registry) {
+    const entries = [];
+    for (const plugin of registry.list()) {
+        const providers = plugin.providers ?? [];
+        for (const prov of providers) {
+            let provider_type;
+            if (prov.startsWith('tool:'))
+                provider_type = 'tool';
+            else if (prov.startsWith('workspace:'))
+                provider_type = 'workspace';
+            else if (prov.startsWith('verifier:'))
+                provider_type = 'verifier';
+            else if (prov.startsWith('context:'))
+                provider_type = 'context';
+            else
+                continue;
+            const name = prov.slice(prov.indexOf(':') + 1);
+            entries.push({
+                name,
+                provider_type,
+                stability: 'stable',
+                since_abi_version: plugin_manifest_1.CURRENT_ABI_VERSION,
+            });
+        }
+    }
+    return { abi_version: plugin_manifest_1.CURRENT_ABI_VERSION, entries };
+}
+function getStableEntries(matrix) {
+    return matrix.entries.filter((e) => e.stability === 'stable');
+}
+function getExperimentalEntries(matrix) {
+    return matrix.entries.filter((e) => e.stability === 'experimental');
+}
+function getDeprecatedEntries(matrix) {
+    return matrix.entries.filter((e) => e.stability === 'deprecated');
+}
+function markDeprecated(matrix, name, deprecatedIn, replacement) {
+    return {
+        ...matrix,
+        entries: matrix.entries.map((e) => e.name === name
+            ? { ...e, stability: 'deprecated', deprecated_in: deprecatedIn, replacement }
+            : e),
+    };
+}
+function addEntry(matrix, entry) {
+    if (matrix.entries.some((e) => e.name === entry.name && e.provider_type === entry.provider_type)) {
+        return matrix;
+    }
+    return { ...matrix, entries: [...matrix.entries, entry] };
+}

package/lib/runtime/plugins/index.d.ts

@@ -1,2 +1,4 @@
 export * from './plugin-abi';
 export * from './plugin-registry';
+export * from './plugin-manifest';
+export * from './capability-matrix';