ContractSpec
ContractSpecOpen spec system
Menu

Choose your entry point

ProductTemplatesPricingDocsChangelogGitHub
Start with OSSExplore Studio
Back to changelog index

0.3.8

May 25, 2026 · 14 packages · 11 unique changes · 4 release entries

integrationslibsmodules

This release affects the integrations, sharedLibs, solutions familyies.

Run contractspec connect adoption resolve --family integrations to see how it impacts your project.

Release summaries

  • authos-module-v0

    Add the experimental AuthOS module and reusable deterministic UI preview surface.

    maintainer

    The AuthOS module adds fake-adapter preview flows and deterministic UI without taking ownership of production auth behavior.

    integrator

    Reuse the AuthOS module UI for preview and planning while keeping provider execution host/integration owned.

  • authos-uplift-w1-to-w5

    AuthOS Uplift Waves 1–4 — 9 atoms, 10 molecules, 10 organisms, and 5 templates added additively. All pre-existing exports preserved. AuthOsTemplate retained as deprecated alias.

    maintainer

    Waves 1–4 of the AuthOS UI uplift land additively on top of the Track 1/2 baseline. Phase 0 expands AuthOsScreen to 12 values, adds AuthRoute + AuthFlowStep types, and locks bundle-adapter template prop signatures via a compile-time contract test. Phase 1 adds 9 new atoms (AuthCodeInput, PasswordStrengthMeter, IdentityChip, DeviceTrustBadge, RiskScoreMeter, EmailDomainBadge, RecoveryCodeChip, PolicySnippet, OrgRoleChip). Phase 2 adds 10 new molecules (PasswordField, EmailField, OtpField, EmailVerificationBanner, MagicLinkRequestPanel, DeviceCard, ConsentSummary, OrgMemberCard, InviteByEmailComposer, SignInProvidersStrip). Phase 3 adds 10 new organisms (SignUpForm, PasskeySetupForm, EmailVerificationFlow, MagicLinkRequestForm, MagicLinkConsumeFlow, ForgotPasswordForm, ResetPasswordForm, AuditLogTable, InvitationsTable, SsoLandingChooser). Phase 4 adds 5 templates (AuthCenteredTemplate, AuthSplitTemplate, AuthFullScreenTemplate, AuthStepperTemplate, AuthDashboardTemplate) with .web/.native pairs; AuthOsTemplate kept as deprecated alias. All exports added to src/ui/index.ts additively. Waves 5 (hooks) and 6–7 (screens refactor / pages / dual-app wiring) deferred.

    integrator

    Import new atoms, molecules, organisms, and templates from @lssm-tech/module.auth-os. All existing imports continue to work unchanged. To migrate away from the deprecated AuthOsTemplate, replace it with AuthCenteredTemplate (same prop surface).

  • provider-runtime-mode-taxonomy

    Keep Builder provider credential ownership modes distinct from runtime target modes.

    maintainer

    Provider-runtime resolvers now filter credential ownership tokens out of runtime target mode arrays and document the separate mode taxonomies.

    integrator

    Integrators can keep BYOK and ephemeral credential ownership metadata separate from managed/local/hybrid runtime target selection without accidental managed fallback.

  • release-provenance-metadata-fix

    Restore npm provenance-safe publishing for the public integration packages by declaring repository metadata and failing release discovery before publish when it is missing.

    maintainer

    Release discovery now blocks publishable manifests that omit repository metadata, and the affected integration packages declare the canonical GitHub repository URL and directory before npm provenance is requested.

    integrator

    Integrator release automation can republish the affected integration packages with npm provenance enabled without hitting the empty repository URL validation failure.

    customer

    This patch only corrects publish metadata for the affected integration packages; their runtime APIs and behavior are unchanged.

Deprecations

  • - identifier: AuthOsTemplate; replacement: AuthCenteredTemplate; removalVersion: 1.0.0; reason: AuthOsTemplate was a flat-file alias predating the template taxonomy. AuthCenteredTemplate is the canonical centered layout template and accepts the same props.

Migration guide

  • Replace `import { AuthOsTemplate } from '@lssm-tech/module.auth-os'` with `impor

    Required

    Replace `import { AuthOsTemplate } from '@lssm-tech/module.auth-os'` with `import { AuthCenteredTemplate } from '@lssm-tech/module.auth-os'`.

    1. Replace `import { AuthOsTemplate } from '@lssm-tech/module.auth-os'` with `import { AuthCenteredTemplate } from '@lssm-tech/module.auth-os'`.

Upgrade steps

  • Switch from AuthOsTemplate to AuthCenteredTemplate

    assisted

    AuthOsTemplate still works but is deprecated. Rename the import to AuthCenteredTemplate and verify prop types — they are compatible.

    Packages: @lssm-tech/module.auth-os

  • Adopt new organisms for auth flows

    manual

    SignUpForm, MagicLinkRequestForm, MagicLinkConsumeFlow, ForgotPasswordForm, ResetPasswordForm, SsoLandingChooser, AuditLogTable, and InvitationsTable replace ad-hoc auth UI in host apps. Each accepts an optional AuthObservability port for analytics.

    Packages: @lssm-tech/module.auth-os

  • Adopt AuthOS module previews safely

    assisted

    Use the module UI as an additive deterministic preview surface with production auth delegated to hosts and integrations.

    Packages: @lssm-tech/module.auth-os

    1. Use fake adapters for local previews.
    2. Keep production provider wiring outside the module preview layer.

  • Keep credential ownership separate from runtime target modes

    auto

    Continue sending BYOK/local/ephemeral ownership through provider auth metadata, and send only managed/local/hybrid through runtime target mode fields.

    Packages: @lssm-tech/lib.provider-runtime

    1. Use `authMode` for credential ownership values such as `byok` or `ephemeral`.
    2. Use `supportedRuntimeModes`, runtime targets, and capability handshakes only for `managed`, `local`, or `hybrid` runtime target modes.

  • Republish the affected integration packages with provenance enabled

    manual

    Pull the patch releases for the affected integration packages or rerun the release job after the metadata fix lands.

    Packages: @lssm-tech/integration.builder-telegram, @lssm-tech/integration.builder-voice, @lssm-tech/integration.builder-whatsapp, @lssm-tech/integration.provider-claude-code, @lssm-tech/integration.provider-codex, @lssm-tech/integration.provider-copilot, @lssm-tech/integration.provider-gemini, @lssm-tech/integration.provider-local-model, @lssm-tech/integration.provider-stt, @lssm-tech/integration.runtime-hybrid, @lssm-tech/integration.runtime-local, @lssm-tech/integration.runtime-managed

    1. Upgrade the affected integration packages to the patched versions once they are published.
    2. Re-run the release workflow with npm provenance enabled and verify release discovery completes before the publish step starts.

Unique release changes

  • - Pull the patch releases for the affected integration packages or rerun the release job after the metadata fix lands.

    12 packages · 12 occurrences

  • - Restore npm provenance-safe publishing for the public integration packages by declaring repository metadata and failing release discovery before publish when it is missing.

    12 packages · 12 occurrences

  • - Add the experimental AuthOS module and reusable deterministic UI preview surface.

    1 packages · 1 occurrences

  • - AuthOS Uplift Waves 1–4 — 9 atoms, 10 molecules, 10 organisms, and 5 templates added additively. All pre-existing exports preserved. AuthOsTemplate retained as deprecated alias.

    1 packages · 1 occurrences

  • - AuthOsTemplate still works but is deprecated. Rename the import to AuthCenteredTemplate and verify prop types — they are compatible.

    1 packages · 1 occurrences

  • - Continue sending BYOK/local/ephemeral ownership through provider auth metadata, and send only managed/local/hybrid through runtime target mode fields.

    1 packages · 1 occurrences

  • - identifier: AuthOsTemplate; replacement: AuthCenteredTemplate; removalVersion: 1.0.0; reason: AuthOsTemplate was a flat-file alias predating the template taxonomy. AuthCenteredTemplate is the canonical centered layout template and accepts the same props.

    1 packages · 1 occurrences

  • - Keep Builder provider credential ownership modes distinct from runtime target modes.

    1 packages · 1 occurrences

  • - Replace `import { AuthOsTemplate } from '@lssm-tech/module.auth-os'` with `import { AuthCenteredTemplate } from '@lssm-tech/module.auth-os'`.

    1 packages · 1 occurrences

  • - SignUpForm, MagicLinkRequestForm, MagicLinkConsumeFlow, ForgotPasswordForm, ResetPasswordForm, SsoLandingChooser, AuditLogTable, and InvitationsTable replace ad-hoc auth UI in host apps. Each accepts an optional AuthObservability port for analytics.

    1 packages · 1 occurrences

  • - Use the module UI as an additive deterministic preview surface with production auth delegated to hosts and integrations.

    1 packages · 1 occurrences

Impacted packages

  • @lssm-tech/integration.builder-telegram

    Layer: integrations · 2 changes

  • @lssm-tech/integration.builder-voice

    Layer: integrations · 2 changes

  • @lssm-tech/integration.builder-whatsapp

    Layer: integrations · 2 changes

  • @lssm-tech/integration.provider-claude-code

    Layer: integrations · 2 changes

  • @lssm-tech/integration.provider-codex

    Layer: integrations · 2 changes

  • @lssm-tech/integration.provider-copilot

    Layer: integrations · 2 changes

  • @lssm-tech/integration.provider-gemini

    Layer: integrations · 2 changes

  • @lssm-tech/integration.provider-local-model

    Layer: integrations · 2 changes

  • @lssm-tech/integration.provider-stt

    Layer: integrations · 2 changes

  • @lssm-tech/integration.runtime-hybrid

    Layer: integrations · 2 changes

  • @lssm-tech/integration.runtime-local

    Layer: integrations · 2 changes

  • @lssm-tech/integration.runtime-managed

    Layer: integrations · 2 changes

  • @lssm-tech/lib.provider-runtime

    Layer: libs · 2 changes

  • @lssm-tech/module.auth-os

    Layer: modules · 2 changes