sh3-core 0.9.0 → 0.10.1

package/dist/registry/permission-descriptions.js

@@ -0,0 +1,67 @@
+/**
+ * Human-friendly descriptions for manifest-declared permissions.
+ *
+ * The app store's install/update confirmation modal renders each permission
+ * via `describePermission`. Unknown permission IDs fall back to showing the
+ * raw ID with a generic placeholder so newer packages don't crash older
+ * cores.
+ */
+export const PERMISSION_DESCRIPTIONS = {
+    'state:manage': {
+        title: 'Manage shell state zones',
+        description: 'Read and write state zones belonging to other shards.',
+    },
+    'documents:browse': {
+        title: 'Browse tenant documents',
+        description: 'Observe all documents stored by the current tenant.',
+    },
+    'documents:read': {
+        title: 'Read tenant documents',
+        description: 'Read the content of any document in the current tenant, across all shards. Required for backup connectors that need to pull document bodies (not just metadata) out of other shards.',
+    },
+    'documents:write': {
+        title: 'Write tenant documents',
+        description: 'Create and overwrite documents in any shard\'s namespace within the current tenant. Required for restore-class connectors that re-import documents back into their owning shards.',
+    },
+    'documents:sync': {
+        title: 'Sync documents with peers',
+        description: 'Participate in cross-peer document synchronization.',
+    },
+    'sync:peer': {
+        title: 'Act as a sync peer',
+        description: 'Exchange document updates with remote peers.',
+    },
+    'sync:policy': {
+        title: 'Define sync policy',
+        description: 'Configure which documents sync and with whom.',
+    },
+    'keys:mint': {
+        title: 'Mint API keys',
+        description: 'Issue long-lived access tokens for this shell.',
+    },
+};
+export function describePermission(id) {
+    var _a;
+    return (_a = PERMISSION_DESCRIPTIONS[id]) !== null && _a !== void 0 ? _a : {
+        title: id,
+        description: 'Unknown permission.',
+    };
+}
+/**
+ * Compute the deduped union of declared permissions across every shard
+ * and app exported by a bundle. For a plain shard or app bundle this is
+ * just that manifest's permissions; for combos it merges both halves.
+ */
+export function extractBundlePermissions(loaded) {
+    var _a, _b;
+    const perms = new Set();
+    for (const s of loaded.shards) {
+        for (const p of (_a = s.manifest.permissions) !== null && _a !== void 0 ? _a : [])
+            perms.add(p);
+    }
+    for (const a of loaded.apps) {
+        for (const p of (_b = a.manifest.permissions) !== null && _b !== void 0 ? _b : [])
+            perms.add(p);
+    }
+    return [...perms];
+}

package/dist/registry/permission-descriptions.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/registry/permission-descriptions.test.js

@@ -0,0 +1,86 @@
+import { describe, it, expect } from 'vitest';
+import { describePermission, extractBundlePermissions, PERMISSION_DESCRIPTIONS, } from './permission-descriptions';
+describe('describePermission', () => {
+    it('returns the registered entry for a known permission id', () => {
+        const result = describePermission('state:manage');
+        expect(result.title).toBe('Manage shell state zones');
+        expect(result.description).toContain('state zones');
+    });
+    it('covers every permission advertised in the module registry', () => {
+        expect(PERMISSION_DESCRIPTIONS['state:manage']).toBeDefined();
+        expect(PERMISSION_DESCRIPTIONS['documents:browse']).toBeDefined();
+        expect(PERMISSION_DESCRIPTIONS['documents:sync']).toBeDefined();
+        expect(PERMISSION_DESCRIPTIONS['sync:peer']).toBeDefined();
+        expect(PERMISSION_DESCRIPTIONS['sync:policy']).toBeDefined();
+        expect(PERMISSION_DESCRIPTIONS['keys:mint']).toBeDefined();
+        expect(PERMISSION_DESCRIPTIONS['documents:read']).toBeDefined();
+        expect(PERMISSION_DESCRIPTIONS['documents:write']).toBeDefined();
+    });
+    it('falls back to the raw id and a generic description for unknown ids', () => {
+        const result = describePermission('imaginary:unknown');
+        expect(result.title).toBe('imaginary:unknown');
+        expect(result.description).toMatch(/unknown/i);
+    });
+});
+describe('describePermission — documents:read / documents:write', () => {
+    it('returns a read-oriented title and description for documents:read', () => {
+        const result = describePermission('documents:read');
+        expect(result.title).toMatch(/read/i);
+        expect(result.description).toMatch(/document/i);
+        expect(result).not.toEqual(describePermission('documents:browse'));
+    });
+    it('returns a write-oriented title and description for documents:write', () => {
+        const result = describePermission('documents:write');
+        expect(result.title).toMatch(/write/i);
+        expect(result.description).toMatch(/document/i);
+        expect(result).not.toEqual(describePermission('documents:browse'));
+        expect(result).not.toEqual(describePermission('documents:read'));
+    });
+});
+function shardWithPerms(id, perms) {
+    return {
+        manifest: { id, label: id, version: '0.0.0', views: [], permissions: perms },
+        activate: () => { },
+    };
+}
+function appWithPerms(id, perms) {
+    return {
+        manifest: {
+            id,
+            label: id,
+            version: '0.0.0',
+            initialLayout: { kind: 'leaf', view: '' },
+            requiredShards: [],
+            layoutVersion: 1,
+            permissions: perms,
+        },
+        activate: () => { },
+    };
+}
+describe('extractBundlePermissions', () => {
+    it('returns an empty array when no shards or apps declare permissions', () => {
+        const bundle = { shards: [shardWithPerms('a')], apps: [] };
+        expect(extractBundlePermissions(bundle)).toEqual([]);
+    });
+    it('returns declared permissions for a single shard', () => {
+        const bundle = {
+            shards: [shardWithPerms('a', ['state:manage', 'documents:browse'])],
+            apps: [],
+        };
+        expect(extractBundlePermissions(bundle).sort()).toEqual(['documents:browse', 'state:manage']);
+    });
+    it('dedupes the union of shard and app permissions (combo case)', () => {
+        const bundle = {
+            shards: [shardWithPerms('a', ['state:manage', 'documents:browse'])],
+            apps: [appWithPerms('a-app', ['state:manage', 'keys:mint'])],
+        };
+        expect(extractBundlePermissions(bundle).sort()).toEqual(['documents:browse', 'keys:mint', 'state:manage']);
+    });
+    it('tolerates manifests with missing permissions arrays', () => {
+        const bundle = {
+            shards: [shardWithPerms('a', undefined)],
+            apps: [appWithPerms('b', ['keys:mint'])],
+        };
+        expect(extractBundlePermissions(bundle)).toEqual(['keys:mint']);
+    });
+});

package/dist/registry/schema.js

@@ -113,16 +113,29 @@ function validatePackageVersion(data, path) {
     const obj = data;
     requireString(obj, 'version', path);
     requireString(obj, 'contractVersion', path);
-    requireString(obj, 'bundleUrl', path);
-    requireString(obj, 'integrity', path);
-    // Optional server bundle URL
-    if ('serverBundleUrl' in obj && obj.serverBundleUrl !== undefined) {
+    // Client bundle fields — optional individually, but if either is present both must be.
+    const hasBundleUrl = 'bundleUrl' in obj && obj.bundleUrl !== undefined;
+    const hasIntegrity = 'integrity' in obj && obj.integrity !== undefined;
+    if (hasBundleUrl)
+        requireString(obj, 'bundleUrl', path);
+    if (hasIntegrity)
+        requireString(obj, 'integrity', path);
+    if (hasBundleUrl !== hasIntegrity) {
+        throw new RegistryValidationError(path, 'bundleUrl and integrity must be provided together');
+    }
+    // Optional server bundle URL.
+    const hasServerBundleUrl = 'serverBundleUrl' in obj && obj.serverBundleUrl !== undefined;
+    if (hasServerBundleUrl) {
         requireString(obj, 'serverBundleUrl', path);
     }
     // Optional server bundle integrity hash — provisional, see ADR-015.
     if ('serverIntegrity' in obj && obj.serverIntegrity !== undefined) {
         requireString(obj, 'serverIntegrity', path);
     }
+    // A version must ship at least one bundle.
+    if (!hasBundleUrl && !hasServerBundleUrl) {
+        throw new RegistryValidationError(path, 'expected at least one of bundleUrl+integrity or serverBundleUrl');
+    }
     let requires;
     if (obj['requires'] !== undefined) {
         if (!Array.isArray(obj['requires'])) {
@@ -133,8 +146,8 @@ function validatePackageVersion(data, path) {
     return {
         version: obj['version'],
         contractVersion: obj['contractVersion'],
-        bundleUrl: obj['bundleUrl'],
-        integrity: obj['integrity'],
+        bundleUrl: typeof obj['bundleUrl'] === 'string' ? obj['bundleUrl'] : undefined,
+        integrity: typeof obj['integrity'] === 'string' ? obj['integrity'] : undefined,
         serverBundleUrl: typeof obj['serverBundleUrl'] === 'string' ? obj['serverBundleUrl'] : undefined,
         serverIntegrity: typeof obj['serverIntegrity'] === 'string' ? obj['serverIntegrity'] : undefined,
         requires,

package/dist/registry/types.d.ts

@@ -100,16 +100,18 @@ export interface PackageVersion {
     /**
      * Absolute or registry-relative URL to the pre-built ESM bundle.
      * The client fetches this URL and verifies the download against `integrity`
-     * before executing.
+     * before executing. Optional for server-only packages that ship only a
+     * `serverBundleUrl` — in that case `integrity` must also be omitted.
      */
-    bundleUrl: string;
+    bundleUrl?: string;
     /**
      * SRI integrity hash for the bundle file.
      * Format: `"<algorithm>-<base64digest>"` (e.g. `"sha384-abc123..."`).
      * Algorithms: sha256, sha384 (recommended), sha512.
      * See: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
+     * Omitted when the package has no client bundle.
      */
-    integrity: string;
+    integrity?: string;
     /**
      * Optional URL to the server-side bundle for shards that have a backend
      * component. Same resolution rules as `bundleUrl` (absolute or registry-
@@ -191,6 +193,15 @@ export interface InstalledPackage {
      * Example: `"2026-04-06T12:34:56.789Z"`.
      */
     installedAt: string;
+    /**
+     * Declared permissions captured from the bundle's manifest(s) at install
+     * time. For a shard or app, this is `manifest.permissions ?? []`. For a
+     * combo, the deduped union of the shard's and app's permissions.
+     *
+     * Legacy records written before this field existed may omit it; consumers
+     * must treat a missing value as `[]`.
+     */
+    permissions: string[];
 }
 /**
  * Result of an install operation.
@@ -250,9 +261,10 @@ export interface PackageMeta {
     sourceRegistry: string;
     /**
      * SRI hash to verify the downloaded bundle against before executing.
-     * Must match `PackageVersion.integrity`.
+     * Must match `PackageVersion.integrity`. Omitted for server-only packages
+     * that ship no client bundle.
      */
-    integrity: string;
+    integrity?: string;
     /**
      * Declared shard dependencies. Mirrors `PackageVersion.requires`.
      * Undefined if no dependencies.

package/dist/shards/activate-browse.test.js

@@ -2,14 +2,14 @@ import { describe, it, expect, beforeEach } from 'vitest';
 import { MemoryDocumentBackend } from '../documents/backends';
 import { __setDocumentBackend, __setTenantId } from '../documents/config';
 import { registerShard, activateShard, __resetShardRegistryForTest } from './activate.svelte';
-import { PERMISSION_DOCUMENTS_BROWSE } from '../documents/types';
+import { PERMISSION_DOCUMENTS_BROWSE, PERMISSION_DOCUMENTS_READ, PERMISSION_DOCUMENTS_WRITE, } from '../documents/types';
 describe('ctx.browse permission gating', () => {
     beforeEach(() => {
         __resetShardRegistryForTest();
         __setDocumentBackend(new MemoryDocumentBackend());
         __setTenantId('tenant-a');
     });
-    it('is undefined when permission is absent', async () => {
+    it('is undefined when no documents permission is declared', async () => {
         let captured = null;
         registerShard({
             manifest: { id: 'no-browse', label: 'n', version: '0.0.0', views: [] },
@@ -18,7 +18,7 @@ describe('ctx.browse permission gating', () => {
         await activateShard('no-browse');
         expect(captured.browse).toBeUndefined();
     });
-    it('is defined when documents:browse is declared', async () => {
+    it('exposes metadata methods when documents:browse is declared', async () => {
         var _a, _b, _c;
         let captured = null;
         registerShard({
@@ -33,4 +33,88 @@ describe('ctx.browse permission gating', () => {
         expect(typeof ((_b = captured.browse) === null || _b === void 0 ? void 0 : _b.watchDocuments)).toBe('function');
         expect(typeof ((_c = captured.browse) === null || _c === void 0 ? void 0 : _c.listShards)).toBe('function');
     });
+    it('omits readFrom and writeTo when only documents:browse is declared', async () => {
+        var _a, _b;
+        let captured = null;
+        registerShard({
+            manifest: {
+                id: 'browse-only', label: 'b', version: '0.0.0', views: [],
+                permissions: [PERMISSION_DOCUMENTS_BROWSE],
+            },
+            activate(ctx) { captured = ctx; },
+        });
+        await activateShard('browse-only');
+        expect((_a = captured.browse) === null || _a === void 0 ? void 0 : _a.readFrom).toBeUndefined();
+        expect((_b = captured.browse) === null || _b === void 0 ? void 0 : _b.writeTo).toBeUndefined();
+    });
+    it('exposes readFrom when documents:browse + documents:read are declared', async () => {
+        var _a, _b;
+        let captured = null;
+        registerShard({
+            manifest: {
+                id: 'browse-and-read', label: 'br', version: '0.0.0', views: [],
+                permissions: [PERMISSION_DOCUMENTS_BROWSE, PERMISSION_DOCUMENTS_READ],
+            },
+            activate(ctx) { captured = ctx; },
+        });
+        await activateShard('browse-and-read');
+        expect(typeof ((_a = captured.browse) === null || _a === void 0 ? void 0 : _a.readFrom)).toBe('function');
+        expect((_b = captured.browse) === null || _b === void 0 ? void 0 : _b.writeTo).toBeUndefined();
+    });
+    it('exposes writeTo when documents:browse + documents:write are declared', async () => {
+        var _a, _b;
+        let captured = null;
+        registerShard({
+            manifest: {
+                id: 'browse-and-write', label: 'bw', version: '0.0.0', views: [],
+                permissions: [PERMISSION_DOCUMENTS_BROWSE, PERMISSION_DOCUMENTS_WRITE],
+            },
+            activate(ctx) { captured = ctx; },
+        });
+        await activateShard('browse-and-write');
+        expect((_a = captured.browse) === null || _a === void 0 ? void 0 : _a.readFrom).toBeUndefined();
+        expect(typeof ((_b = captured.browse) === null || _b === void 0 ? void 0 : _b.writeTo)).toBe('function');
+    });
+    it('exposes both readFrom and writeTo when all three permissions are declared', async () => {
+        var _a, _b;
+        let captured = null;
+        registerShard({
+            manifest: {
+                id: 'full-access', label: 'full', version: '0.0.0', views: [],
+                permissions: [
+                    PERMISSION_DOCUMENTS_BROWSE,
+                    PERMISSION_DOCUMENTS_READ,
+                    PERMISSION_DOCUMENTS_WRITE,
+                ],
+            },
+            activate(ctx) { captured = ctx; },
+        });
+        await activateShard('full-access');
+        expect(typeof ((_a = captured.browse) === null || _a === void 0 ? void 0 : _a.readFrom)).toBe('function');
+        expect(typeof ((_b = captured.browse) === null || _b === void 0 ? void 0 : _b.writeTo)).toBe('function');
+    });
+    it('yields no ctx.browse when documents:read is declared without documents:browse', async () => {
+        let captured = null;
+        registerShard({
+            manifest: {
+                id: 'read-only', label: 'r', version: '0.0.0', views: [],
+                permissions: [PERMISSION_DOCUMENTS_READ],
+            },
+            activate(ctx) { captured = ctx; },
+        });
+        await activateShard('read-only');
+        expect(captured.browse).toBeUndefined();
+    });
+    it('yields no ctx.browse when documents:write is declared without documents:browse', async () => {
+        let captured = null;
+        registerShard({
+            manifest: {
+                id: 'write-only', label: 'w', version: '0.0.0', views: [],
+                permissions: [PERMISSION_DOCUMENTS_WRITE],
+            },
+            activate(ctx) { captured = ctx; },
+        });
+        await activateShard('write-only');
+        expect(captured.browse).toBeUndefined();
+    });
 });

package/dist/shards/activate-contributions.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/shards/activate-contributions.test.js

@@ -0,0 +1,110 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { MemoryDocumentBackend } from '../documents/backends';
+import { __setDocumentBackend, __setTenantId } from '../documents/config';
+import { registerShard, activateShard, deactivateShard, __resetShardRegistryForTest, } from './activate.svelte';
+import { __resetContributionsForTest, list, listPoints } from '../contributions';
+describe('ctx.contributions', () => {
+    beforeEach(() => {
+        __resetShardRegistryForTest();
+        __resetContributionsForTest();
+        __setDocumentBackend(new MemoryDocumentBackend());
+        __setTenantId('tenant-a');
+    });
+    it('is always present on ShardContext (no permission required)', async () => {
+        let captured = null;
+        registerShard({
+            manifest: { id: 'a', label: 'A', version: '0.0.0', views: [] },
+            activate(ctx) { captured = ctx; },
+        });
+        await activateShard('a');
+        expect(typeof captured.contributions.register).toBe('function');
+        expect(typeof captured.contributions.list).toBe('function');
+        expect(typeof captured.contributions.listPoints).toBe('function');
+        expect(typeof captured.contributions.onChange).toBe('function');
+    });
+    it('register() makes the descriptor visible via the global list()', async () => {
+        registerShard({
+            manifest: { id: 'provider', label: 'P', version: '0.0.0', views: [] },
+            activate(ctx) {
+                ctx.contributions.register('my.point', { id: 'alpha' });
+            },
+        });
+        await activateShard('provider');
+        expect(list('my.point')).toEqual([{ id: 'alpha' }]);
+    });
+    it('deactivate auto-unregisters every descriptor the shard registered', async () => {
+        registerShard({
+            manifest: { id: 'provider', label: 'P', version: '0.0.0', views: [] },
+            activate(ctx) {
+                ctx.contributions.register('p1', { id: 'a' });
+                ctx.contributions.register('p1', { id: 'b' });
+                ctx.contributions.register('p2', { id: 'c' });
+            },
+        });
+        await activateShard('provider');
+        expect(list('p1')).toHaveLength(2);
+        expect(list('p2')).toHaveLength(1);
+        deactivateShard('provider');
+        expect(list('p1')).toEqual([]);
+        expect(list('p2')).toEqual([]);
+        expect(listPoints()).toEqual([]);
+    });
+    it('deactivate auto-unsubscribes every onChange listener the shard registered', async () => {
+        const cb = vi.fn();
+        registerShard({
+            manifest: { id: 'watcher', label: 'W', version: '0.0.0', views: [] },
+            activate(ctx) {
+                ctx.contributions.onChange('p', cb);
+            },
+        });
+        await activateShard('watcher');
+        registerShard({
+            manifest: { id: 'provider', label: 'P', version: '0.0.0', views: [] },
+            activate(ctx) {
+                ctx.contributions.register('p', { id: 'x' });
+            },
+        });
+        await activateShard('provider');
+        expect(cb).toHaveBeenCalledTimes(1);
+        deactivateShard('watcher');
+        // Further registrations must not reach the watcher's callback.
+        registerShard({
+            manifest: { id: 'provider-2', label: 'P2', version: '0.0.0', views: [] },
+            activate(ctx) {
+                ctx.contributions.register('p', { id: 'y' });
+            },
+        });
+        await activateShard('provider-2');
+        expect(cb).toHaveBeenCalledTimes(1);
+    });
+    it('two shards can contribute to the same point independently', async () => {
+        registerShard({
+            manifest: { id: 'a', label: 'A', version: '0.0.0', views: [] },
+            activate(ctx) { ctx.contributions.register('shared', { from: 'a' }); },
+        });
+        registerShard({
+            manifest: { id: 'b', label: 'B', version: '0.0.0', views: [] },
+            activate(ctx) { ctx.contributions.register('shared', { from: 'b' }); },
+        });
+        await activateShard('a');
+        await activateShard('b');
+        expect(list('shared')).toEqual([{ from: 'a' }, { from: 'b' }]);
+        deactivateShard('a');
+        expect(list('shared')).toEqual([{ from: 'b' }]);
+    });
+    it('explicit unregister returned by register() is safe alongside auto-cleanup', async () => {
+        let earlyUnregister;
+        registerShard({
+            manifest: { id: 'p', label: 'P', version: '0.0.0', views: [] },
+            activate(ctx) {
+                earlyUnregister = ctx.contributions.register('p', { id: 'a' });
+            },
+        });
+        await activateShard('p');
+        expect(list('p')).toHaveLength(1);
+        earlyUnregister();
+        expect(list('p')).toEqual([]);
+        // Deactivate must not throw when the entry is already gone.
+        expect(() => deactivateShard('p')).not.toThrow();
+    });
+});

package/dist/shards/activate.svelte.js

@@ -23,11 +23,12 @@ import { fetchEnvState, putEnvState } from '../env/client';
 import { isAdmin as checkIsAdmin } from '../auth/index';
 import { createZoneManager } from '../state/manage';
 import { PERMISSION_STATE_MANAGE } from '../state/types';
-import { PERMISSION_DOCUMENTS_BROWSE } from '../documents/types';
+import { PERMISSION_DOCUMENTS_BROWSE, PERMISSION_DOCUMENTS_READ, PERMISSION_DOCUMENTS_WRITE, } from '../documents/types';
 import { createBrowseCapability } from '../documents/browse';
 import { createShardKeysApi } from '../keys/client';
 import { PERMISSION_KEYS_MINT } from '../keys/types';
 import { subscribe } from '../keys/revocation-bus.svelte';
+import { register as contributionsRegister, list as contributionsList, listPoints as contributionsListPoints, onChange as contributionsOnChange, } from '../contributions';
 /**
  * Reactive registry of every shard known to the host. Keys are shard ids.
  * Populated once at boot by the glob-discovery loop in main.ts (through
@@ -87,6 +88,27 @@ export async function activateShard(id) {
         proxy: null,
         defaults: null,
     });
+    // Per-shard wrapper: every register/onChange call goes into the
+    // global registry, and its disposer is pushed into entry.cleanupFns
+    // so deactivate auto-unregisters.
+    const contributions = {
+        register(pointId, descriptor) {
+            const dispose = contributionsRegister(pointId, descriptor);
+            entry.cleanupFns.push(async () => dispose());
+            return dispose;
+        },
+        list(pointId) {
+            return contributionsList(pointId);
+        },
+        listPoints() {
+            return contributionsListPoints();
+        },
+        onChange(pointId, cb) {
+            const off = contributionsOnChange(pointId, cb);
+            entry.cleanupFns.push(async () => off());
+            return off;
+        },
+    };
     const ctx = {
         state: (schema) => shell.state(id, schema),
         registerView: (viewId, factory) => {
@@ -137,7 +159,10 @@ export async function activateShard(id) {
             ? createZoneManager()
             : undefined,
         browse: ((_b = shard.manifest.permissions) === null || _b === void 0 ? void 0 : _b.includes(PERMISSION_DOCUMENTS_BROWSE))
-            ? createBrowseCapability(getTenantId(), getDocumentBackend())
+            ? createBrowseCapability(getTenantId(), getDocumentBackend(), {
+                canRead: shard.manifest.permissions.includes(PERMISSION_DOCUMENTS_READ),
+                canWrite: shard.manifest.permissions.includes(PERMISSION_DOCUMENTS_WRITE),
+            })
             : undefined,
         keys: ((_c = shard.manifest.permissions) === null || _c === void 0 ? void 0 : _c.includes(PERMISSION_KEYS_MINT))
             ? createShardKeysApi({
@@ -145,6 +170,7 @@ export async function activateShard(id) {
                 shardPermissions: (_d = shard.manifest.permissions) !== null && _d !== void 0 ? _d : [],
             })
             : undefined,
+        contributions,
     };
     entry.ctx = ctx;
     // Wire onKeyRevoked hook: subscribe to the revocation bus for this shard.

package/dist/shards/types.d.ts

@@ -5,6 +5,7 @@ import type { BrowseCapability } from '../documents/browse';
 import type { EnvState } from '../env/types';
 import type { Verb } from '../verbs/types';
 import type { ShardContextKeys } from '../keys/types';
+import type { ContributionsApi } from '../contributions/types';
 export { PERMISSION_KEYS_MINT, type ShardContextKeys, type ApiKeyPublic, type MintOpts, ScopeEscalationError, ConsentDeniedError } from '../keys/types';
 /**
  * The object returned by `ViewFactory.mount`. The framework calls
@@ -225,6 +226,12 @@ export interface ShardContext {
      * manifest declares the `keys:mint` permission.
      */
     keys?: ShardContextKeys;
+    /**
+     * Runtime registry for inter-shard contribution points. Every
+     * shard receives this — no permission gate in v1. See
+     * docs/sh3-rfcs/2026-04-20-shard-contribution-points.md.
+     */
+    contributions: ContributionsApi;
 }
 /**
  * A shard module. Shards are the fundamental unit of contribution in SH3.

package/dist/version.d.ts

@@ -1,2 +1,2 @@
 /** Auto-generated from package.json — do not edit manually. */
-export declare const VERSION = "0.9.0";
+export declare const VERSION = "0.10.1";

package/dist/version.js

@@ -1,2 +1,2 @@
 /** Auto-generated from package.json — do not edit manually. */
-export const VERSION = '0.9.0';
+export const VERSION = '0.10.1';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sh3-core",
-  "version": "0.9.0",
+  "version": "0.10.1",
   "type": "module",
   "files": [
     "dist"