Campus Pack

The Campus Pack (@lumenflow/packs-campus) exposes campus-scale compute as governed tool surfaces: read-only facility telemetry and an approval-gated tenant proof-export wedge. It is the pack-side of the campus governance boundary — it proposes observations and serializes proof bundles; it never actuates facility infrastructure, and it never seals a bundle (the cloud applies the cryptographic seal downstream).

Campus Telemetry

Five read-only facility tools — list, node inventory, PUE, power signal, and facility energy. Every tool requests read permission with a narrow path scope.

Tenant Evidence

Four read-only proof-record tools plus one write tool — proof:export_attested_bundle — gated on the tenant-evidence:export approval.

Published surface

The pack’s tool handlers ship in @lumenflow/packs-campus. The contract surface that cloud consumers pin — the event-kind maps, tool-name tuples, tool contracts, and the CanonicalReceipt shape — ships in @lumenflow/conductor-sdk and is re-exported from the package root:

import {
  // Campus telemetry (MD1)
  CAMPUS_TELEMETRY_CHANNEL_ID,
  CAMPUS_TELEMETRY_EVENT_KINDS,
  CAMPUS_TELEMETRY_EVENT_KIND_VALUES,
  CAMPUS_TELEMETRY_TOOL_NAMES,
  CAMPUS_TELEMETRY_TOOL_CONTRACTS,
  type CampusEvent,
  type CampusToolContract,
  // Tenant evidence (MD2)
  TENANT_EVIDENCE_CHANNEL_ID,
  TENANT_EVIDENCE_EXPORT_APPROVAL_ID,
  TENANT_EVIDENCE_EVENT_KIND_VALUES,
  TENANT_EVIDENCE_RECORD_KIND_VALUES,
  TENANT_EVIDENCE_TOOL_NAMES,
  TENANT_EVIDENCE_TOOL_CONTRACTS,
  type CanonicalReceipt,
} from '@lumenflow/conductor-sdk';

The dual export shape (an event-kind map and an _VALUES tuple exported as const) mirrors software-delivery.ts, so cloud consumers can pin both the named map and the value array — for example to build an exhaustive never-guard or a mirrored Zod enum directly from the source of truth.

Campus telemetry (read-only)

The campus-telemetry pack (INIT-MOONSHOT MD1) is read-only and governance-bounded: it proposes telemetry observations and never actuates facility infrastructure. Every declared tool requests read permission with a narrow path scope (.lumenflow/state/campus/**) — not a broad ** wildcard — so the manifest passes validateDomainPackToolSafety.

Tool	Permission	Reads
`campus:list_facilities`	`read`	All registered campus facilities.
`campus:node_inventory`	`read`	Node / GPU inventory for one facility.
`campus:pue_telemetry`	`read`	PUE (power usage effectiveness) samples.
`campus:power_signal`	`read`	The latest power signal for one facility.
`campus:facility_energy`	`read`	Facility energy windows mapped to EMIT.

The pack emits six canonical event kinds on the campus-telemetry channel, each carrying the campus: slug prefix:

campus:facility_registered
campus:node_inventory_updated
campus:pue_sampled
campus:power_signal_ingested
campus:facility_energy_recorded
campus:gpu_attestation_recorded (recorded from a verified GPU-TEE attestation)

Facility energy telemetry

campus:facility_energy normalizes operator-provided facility meter windows into the shared EMIT joules meter contract. It accepts PDU, IPMI, Redfish, and smart_meter source labels, plus optional PUE, grid carbon intensity, price, curtailment-window metadata, and an optional compute_assignment_run_id when a facility window can be correlated to a specific compute assignment.

const output = await facilityEnergyTool({
  workspace_id: 'ws-campus-energy',
  facility_id: 'campus-fac-001',
  event_id: 'evt-campus-energy-smart-meter',
  seq: 10,
  timestamp: '2026-06-13T16:00:00.000Z',
  valid_from: '2026-06-13T15:45:00.000Z',
  valid_to: '2026-06-13T16:00:00.000Z',
  region: 'eu-west-1',
  source: 'facility_meter:utility-smart-meter-a',
  quantity_joules: 982000,
  energy_source: 'smart_meter',
  energy_provenance: 'measured',
});

const event = output.data.energy_meter_event;
event.kind; // 'emit:energy_meter_recorded'
event.unit; // 'joules'

Facility energy remains a Campus Pack extension, not a separate Energy Pack. The Campus Pack owns facility-grain observations; connected compute owns run-grain IT-load meters. Both surfaces emit the same shared EMIT event shape so cloud can attribute joules without any pack owning billing, carbon conversion, or proof composition.

For the shared event shape, measured/modelled provenance tiers, pue_applied double-counting guard, and sensor/coefficient references, see EMIT Energy Telemetry.

Tenant evidence (proof export)

The tenant-evidence pack (INIT-MOONSHOT MD2) is the sellable wedge: LumenFlow serializes a CanonicalReceipt for a tenant’s proof bundle; LumenFlow Cloud applies the cryptographic seal. No sealing happens in the pack — the receipt it produces deliberately carries no seal / signature field. content_digest is a plain content reference the cloud sealer binds its signature to; it is not itself a signature.

The four proof:*_record tools are read-only. The single proof:export_attested_bundle tool is the one write surface, and it is gated on the tenant-evidence:export approval so a bundle export always traces to an explicit operator decision (refuse-over-fallback: the call is refused unless the caller passes that approval in input.approvals).

Tool	Permission	Required approval
`proof:checkpoint_record`	`read`	—
`proof:gate_record`	`read`	—
`proof:approval_record`	`read`	—
`proof:attestation_record`	`read`	—
`proof:export_attested_bundle`	`write`	`tenant-evidence:export`

The read tools scope to .lumenflow/state/campus/evidence/**; the export tool’s write scope is narrowed to the exports subtree (.lumenflow/state/campus/evidence/exports/**) so the write permission cannot reach the whole evidence tree.

Compute resolution (campus governance policy)

The capability-tier resolver (INIT-MOONSHOT MD4) routes a workload to a peer descriptor under campus governance. The port contract and descriptor vocabulary ship in @lumenflow/core; the concrete ComputeResolver ships in @lumenflow/runtime:

import {
  type ComputeResolveRequest,
  type ComputeResolveResult,
  type ComputeResolverPolicy,
  type IComputeResolver,
  type PeerDescriptor,
  PeerDescriptorSchema,
  PEER_DESCRIPTOR_KINDS, // ['runner-node', 'campus-node']
} from '@lumenflow/core';
import { ComputeResolver } from '@lumenflow/runtime';

peerDescriptor.kind adds campus-node as a first-class target: a compute node subject to campus governance, alongside the general-purpose runner-node. Every descriptor label (capability_tier, provider_family, campus_affinity) is an opaque, semantic identifier — no vendor brand string appears in the published type or its enums.

Resolution is refuse-over-fallback. A ComputeResolveResult is a discriminated union:

resolved — a clean resolution to a target descriptor.
refused — the safe default: no candidate satisfies the policy and no opt-out permits a relaxation. Carries a human-readable reason.
permitted-with-warning — a same-family reviewer permitted under the allow_same_family_reviewer opt-out, carrying an audit_warning naming the relaxed constraint, the family involved, and that an operator decision enabled it.

ComputeResolverPolicy.allow_same_family_reviewer is the single, narrow opt-out to the refuse posture, and it is default-off. When omitted or false, the resolver refuses if only a same-family reviewer exists.

Governance invariants

The campus pack enforces the three load-bearing invariants of the campus governance boundary:

Proposes, never actuates. The pack emits telemetry observations and serializes proof bundles. No campus capability actuates physical power.
Vendor-name-free. All published types reason in opaque, semantic labels (capability_tier, provider_family, data_egress_class, campus_affinity). No vendor brand string appears in a published type or in branch logic.
Refuse over fallback. The export tool refuses without the tenant-evidence:export approval; the resolver refuses rather than silently downgrading. The only relaxation is the default-off, audited allow_same_family_reviewer opt-out.