textus 0.39.1 → 0.41.0

data/lib/textus/manifest/entry/publish/subtree_mirror.rb

@@ -0,0 +1,72 @@
+module Textus
+  class Manifest
+    class Entry
+      module Publish
+        # ADR 0049: the one walk->publish->prune pipeline shared by EachDir
+        # (per-leaf subtree, ADR 0046) and Tree (whole-entry mirror, ADR 0047).
+        # The two used to be near-duplicate methods (publish_subtree +
+        # publish_tree_via, prune_orphans + prune_tree); their only real
+        # difference — whether the prune honors the entry's `ignore` — is now the
+        # explicit `prune_honors_ignore:` parameter.
+        class SubtreeMirror
+          def initialize(entry, pctx)
+            @entry = entry
+            @pctx  = pctx
+          end
+
+          # base:       store dir the entry owns — the root `ignored?` globs are
+          #             relative to (ADR 0042).
+          # walk_root:  dir the glob is rooted at (a single leaf dir for EachDir,
+          #             == base for Tree). dst paths mirror rel-to-walk_root.
+          # target_dir: repo-side destination root.
+          # key/envelope: emitted per file; envelope is nil for the keyless Tree.
+          # prune_honors_ignore: when true a managed file the entry `ignore`s
+          #   survives the prune (ADR 0047 D4 — lets a derived index live in the
+          #   mirrored dir); when false every unwritten managed file is pruned.
+          def mirror(base:, walk_root:, target_dir:, key:, envelope:, prune_honors_ignore:)
+            return { written: [], pruned: [] } unless File.directory?(walk_root)
+
+            written = publish_files(base: base, walk_root: walk_root, target_dir: target_dir, key: key, envelope: envelope)
+            { written: written, pruned: prune(target_dir, written, prune_honors_ignore) }
+          end
+
+          private
+
+          def publish_files(base:, walk_root:, target_dir:, key:, envelope:)
+            # FNM_DOTMATCH includes dotfiles; File.file? below skips dirs (and
+            # symlinks-to-dirs). Trees are authored content, not symlink graphs.
+            Dir.glob(File.join(walk_root, "**", "*"), File::FNM_DOTMATCH).sort.filter_map do |src|
+              next nil unless File.file?(src)
+              next nil if @entry.ignored?(relative(src, base))
+
+              dst = File.join(target_dir, relative(src, walk_root))
+              Textus::Ports::Publisher.publish(source: src, target: dst, store_root: @pctx.root)
+              @pctx.emit(:file_published, key: key, envelope: envelope, source: src, target: dst)
+              { "key" => key, "source" => src, "target" => dst }
+            end
+          end
+
+          # Scoped to target_dir. Safe across leaves because ADR 0046 D5
+          # (shallowest-index-wins) keeps leaf target dirs non-nesting, so
+          # targets_under can't reach another leaf's sentinels.
+          def prune(target_dir, written, honor_ignore)
+            kept = written.map { |w| File.expand_path(w["target"]) }
+            store = Textus::Ports::SentinelStore.new
+            store.targets_under(target_dir, @pctx.root).filter_map do |managed|
+              abs = File.expand_path(managed)
+              next nil if kept.include?(abs)
+              next nil if honor_ignore && @entry.ignored?(relative(abs, target_dir))
+
+              Textus::Ports::Publisher.unpublish(target: managed, store_root: @pctx.root)
+              managed
+            end
+          end
+
+          def relative(path, root)
+            path.sub(%r{\A#{Regexp.escape(root)}/}, "")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/textus/manifest/entry/publish/template.rb

@@ -0,0 +1,22 @@
+module Textus
+  class Manifest
+    class Entry
+      module Publish
+        # The publish_each template vocabulary. A publish_each value is a path
+        # with `{leaf}`, `{basename}`, `{key}`, `{ext}` placeholders; a
+        # publish_tree value must be a plain path (any var is an error), so the
+        # modes reuse VAR_RE to detect stray vars there too.
+        module Template
+          KNOWN_VARS = %w[leaf basename key ext].freeze
+          VAR_RE = /\{([a-z]+)\}/
+          REQUIRED_DISCRIMINATOR_VARS = %w[leaf basename key].freeze
+
+          # Substitute `{var}` placeholders from a string-keyed hash.
+          def self.expand(template, vars)
+            template.gsub(VAR_RE) { vars.fetch(::Regexp.last_match(1)) }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/textus/manifest/entry/publish/to_paths.rb

@@ -0,0 +1,27 @@
+module Textus
+  class Manifest
+    class Entry
+      module Publish
+        # publish_to: copy the entry's one stored file to each fixed repo path.
+        # The default behaviour of any entry that declares `publish_to:`.
+        class ToPaths < Mode
+          def publish(pctx, prefix: nil) # rubocop:disable Lint/UnusedMethodArgument
+            targets = Array(entry.publish_to)
+            return nil if targets.empty?
+
+            source_path = pctx.manifest.resolver.resolve(entry.key).path
+            envelope = pctx.reader.call(entry.key)
+
+            targets.each do |rel|
+              target_abs = File.join(pctx.repo_root, rel)
+              Textus::Ports::Publisher.publish(source: source_path, target: target_abs, store_root: pctx.root)
+              pctx.emit(:file_published, key: entry.key, envelope: envelope, source: source_path, target: target_abs)
+            end
+
+            { kind: :built, value: { "key" => entry.key, "path" => source_path, "published_to" => targets } }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/textus/manifest/entry/publish/tree.rb

@@ -0,0 +1,54 @@
+module Textus
+  class Manifest
+    class Entry
+      module Publish
+        # publish_tree (ADR 0047): mirror this entry's whole subtree to one
+        # target dir by real path. No resolver, no keys — files are opaque
+        # payload (envelope nil). The prune honors `ignore` so a derived index
+        # (e.g. a SKILL.md written by a separate entry into the same dir)
+        # survives the whole-target prune (ADR 0047 D4).
+        class Tree < Mode
+          def publish(pctx, prefix: nil) # rubocop:disable Lint/UnusedMethodArgument
+            target_rel = entry.publish_tree
+            target_dir = repo_abs(pctx, target_rel)
+            unless inside_repo?(pctx, target_dir)
+              raise Textus::PublishError.new(
+                "entry '#{entry.key}': publish_tree target '#{target_rel}' escapes repo root",
+              )
+            end
+
+            result = SubtreeMirror.new(entry, pctx).mirror(
+              base: store_base(pctx),
+              walk_root: store_base(pctx),
+              target_dir: target_dir,
+              key: entry.key,
+              envelope: nil,
+              prune_honors_ignore: true,
+            )
+            { kind: :leaves, value: result[:written], pruned: result[:pruned] }
+          end
+
+          def validate!
+            publish_tree = entry.publish_tree
+            raise UsageError.new("entry '#{entry.key}': publish_tree must be a string") unless publish_tree.is_a?(String)
+
+            unless entry.index_filename.nil?
+              raise UsageError.new(
+                "entry '#{entry.key}': index_filename and publish_tree are mutually exclusive — " \
+                "publish_tree mirrors a whole subtree by path and never enumerates an index.",
+              )
+            end
+
+            used_vars = publish_tree.scan(Template::VAR_RE).flatten
+            return if used_vars.empty?
+
+            raise UsageError.new(
+              "entry '#{entry.key}': publish_tree names a single directory and takes no template variable(s) " \
+              "#{used_vars.map { |v| "{#{v}}" }.join(", ")} — it mirrors the whole subtree to one target dir.",
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/textus/manifest/entry/publish.rb

@@ -0,0 +1,45 @@
+module Textus
+  class Manifest
+    class Entry
+      # ADR 0049: the publish design is a three-key concept (ADR 0047 table)
+      # realized as one resolved sum type. Each directory entry resolves, once,
+      # to one Publish::* mode that owns its publish algorithm — no nil-cascade,
+      # no pairwise exclusivity guards, one shared subtree mirror.
+      #
+      #   None      — nothing to publish
+      #   ToPaths   — publish_to: 1 stored file -> N fixed repo paths
+      #   EachFile  — publish_each (file leaves): 1 leaf file -> 1 templated path
+      #   EachDir   — publish_each + index_filename: 1 leaf subtree -> 1 templated dir
+      #   Tree      — publish_tree: whole entry subtree -> 1 dir, no keys
+      module Publish
+        # Resolve an entry to its single publish mode. Raises one UsageError if
+        # more than one of {publish_to, publish_each, publish_tree} is set —
+        # exclusivity is structural here, not four scattered pairwise guards.
+        def self.resolve(entry)
+          set = []
+          set << "publish_to"   unless Array(entry.publish_to).empty?
+          set << "publish_each" unless entry.publish_each.nil?
+          set << "publish_tree" unless entry.publish_tree.nil?
+
+          if set.length > 1
+            raise Textus::UsageError.new(
+              "entry '#{entry.key}': #{set.join(", ")} are mutually exclusive — an entry publishes exactly one way",
+            )
+          end
+
+          mode_for(entry, set.first)
+        end
+
+        def self.mode_for(entry, key)
+          case key
+          when "publish_to"   then ToPaths.new(entry)
+          when "publish_tree" then Tree.new(entry)
+          when "publish_each" then entry.index_filename ? EachDir.new(entry) : EachFile.new(entry)
+          else None.new(entry)
+          end
+        end
+        private_class_method :mode_for
+      end
+    end
+  end
+end

data/lib/textus/manifest/entry/validators/events.rb

@@ -4,7 +4,7 @@ module Textus
       module Validators
         module Events
           def self.call(entry, policy: nil) # rubocop:disable Lint/UnusedMethodArgument
-            pubsub_events = Textus::Hooks::EventBus::EVENTS.keys
+            pubsub_events = Textus::Hooks::Catalog::PUBSUB.keys
             events = entry.events
             events.each_key do |evt|
               next if pubsub_events.include?(evt.to_sym)

data/lib/textus/manifest/entry/validators/publish.rb

@@ -0,0 +1,26 @@
+module Textus
+  class Manifest
+    class Entry
+      module Validators
+        # ADR 0049: one publish validator. Exclusivity among the publish keys is
+        # enforced structurally by Publish.resolve (reached via #publish_mode),
+        # and each mode's shape rules run *because that mode resolved* — replacing
+        # the four scattered pairwise "not-both" guards of the old PublishEach +
+        # PublishTree validators. Misuse on a non-nested entry is still caught
+        # here from raw, since the typed attrs stub nil on Base.
+        module Publish
+          def self.call(entry, policy: nil) # rubocop:disable Lint/UnusedMethodArgument
+            unless entry.nested?
+              %w[publish_each publish_tree].each do |key|
+                raise UsageError.new("entry '#{entry.key}': #{key} requires nested: true") if entry.raw[key]
+              end
+              return
+            end
+
+            entry.publish_mode.validate!
+          end
+        end
+      end
+    end
+  end
+end

data/lib/textus/manifest/entry/validators.rb

@@ -4,7 +4,7 @@ module Textus
       module Validators
         REGISTERED = [
           Events,
-          PublishEach,
+          Publish,
           InjectBoot,
           IndexFilename,
           Ignore,

data/lib/textus/manifest/policy.rb

@@ -34,6 +34,13 @@ module Textus
         (proposers - roles_with_capability("author")).first || proposers.first
       end
 
+      # The role textus acts AS for a system-initiated operation requiring
+      # `verb` (no human passed --as). Capability-derived — a role name that
+      # exists in the manifest, or nil. Never a hardcoded literal (ADR 0044).
+      def actor_for(verb)
+        roles_with_capability(verb).first
+      end
+
       # The roles authorized to write `zone_name`: those holding the verb its
       # kind requires. Raises on an undeclared zone.
       def zone_writers(zone_name)

data/lib/textus/manifest/resolver.rb

@@ -72,8 +72,21 @@ module Textus
         return [] unless File.directory?(base)
 
         entry_index_filename = entry.index_filename
-        glob_pattern = entry_index_filename ? "**/#{entry_index_filename}" : nested_glob(entry.format)
-        Dir.glob(File.join(base, glob_pattern)).filter_map { |path| nested_row_for(entry, base, path) }
+        unless entry_index_filename
+          return Dir.glob(File.join(base, nested_glob(entry.format)))
+                    .filter_map { |path| nested_row_for(entry, base, path) }
+        end
+
+        claimed = []
+        Dir.glob(File.join(base, "**", entry_index_filename))
+           .sort_by { |path| path.count("/") }
+           .filter_map do |path|
+          leaf_dir = File.dirname(path)
+          next nil if claimed.any? { |d| leaf_dir.start_with?("#{d}/") }
+
+          claimed << leaf_dir
+          nested_row_for(entry, base, path)
+        end
       end
 
       def nested_row_for(entry, base, path)

data/lib/textus/manifest/schema.rb

@@ -24,7 +24,7 @@ module Textus
       KIND_REQUIRES_VERB = LANES
       ENTRY_KEYS = %w[
         key path zone kind schema owner nested format
-        compute template publish_to publish_each
+        compute template publish_to publish_each publish_tree
         intake events inject_boot index_filename ignore tracked
       ].freeze
       COMPUTE_KEYS = %w[kind select pluck sort_by limit transform command sources].freeze
@@ -35,6 +35,13 @@ module Textus
       RETENTION_KEYS = %w[expire_after archive_after].freeze
       AUDIT_KEYS = %w[max_size keep].freeze
 
+      # Syntactic shape of an `owner:` subject token (the `patrick` in
+      # `human:patrick`) — the subject half of the owner-validation rule below.
+      # Role supplies the archetype set (Role::NAMES); this pattern is the
+      # owner-specific part, so it lives with the rule that composes them
+      # (ADR 0045 D1). Acting-role *names* are gated by Role::NAMES, not a regex.
+      OWNER_SUBJECT_PATTERN = /\A[a-z][a-z0-9_-]*\z/
+
       def self.validate!(raw)
         raise BadManifest.new("manifest must be a hash") unless raw.is_a?(Hash)
 
@@ -42,6 +49,7 @@ module Textus
         validate_roles!(raw["roles"])
         validate_zones!(raw["zones"])
         validate_entries!(raw["entries"])
+        validate_owners!(raw["zones"], raw["entries"])
         validate_rules!(raw["rules"])
         walk(raw["audit"], AUDIT_KEYS, "$.audit") if raw["audit"].is_a?(Hash)
         validate_single_queue!(raw)
@@ -91,6 +99,12 @@ module Textus
           path = "$.roles[#{i}]"
           walk(r, ROLE_KEYS, path)
           name = r["name"] or raise BadManifest.new("role at '#{path}' missing name")
+          unless Textus::Role::NAMES.include?(name)
+            raise BadManifest.new(
+              "unknown role name '#{name}' at '#{path}' " \
+              "(allowed: #{Textus::Role::NAMES.join(", ")})",
+            )
+          end
           Array(r["can"]).each do |verb|
             next if CAPABILITIES.include?(verb)
 
@@ -109,6 +123,47 @@ module Textus
         )
       end
 
+      # Owners are validated against the SAME closed archetype set as role names
+      # (ADR 0045 D1) so attribution can't bypass the closed-name guarantee.
+      # Applies to both zone owners and entry owners; owner is optional, so a
+      # nil owner is not an error.
+      def self.validate_owners!(zones, entries)
+        Array(zones).each_with_index do |z, i|
+          check_owner!(z["owner"], "$.zones[#{i}]")
+        end
+        Array(entries).each_with_index do |e, i|
+          check_owner!(e["owner"], "$.entries[#{i}]")
+        end
+      end
+
+      def self.check_owner!(owner, path)
+        return if owner.nil?
+        return if valid_owner?(owner)
+
+        raise BadManifest.new(
+          "invalid owner '#{owner}' at '#{path}' " \
+          "(expected <archetype> or <archetype>:<subject>, " \
+          "archetype one of: #{Textus::Role::NAMES.join(", ")})",
+        )
+      end
+
+      # The owner-validation rule: an `owner:` token is either a bare archetype
+      # (`agent`) or `<archetype>:<subject>` (`human:patrick`). The archetype is
+      # gated against the closed Role::NAMES set (so attribution can't smuggle in
+      # a name the role side rejects, ADR 0045 D1); the subject is the free-form
+      # principal, validated by OWNER_SUBJECT_PATTERN. Split on the FIRST ':'
+      # only — a subject may not itself contain ':' (the pattern excludes it), so
+      # `human:a:b` is rejected.
+      def self.valid_owner?(token)
+        return false unless token.is_a?(String) && !token.empty?
+
+        archetype, subject = token.split(":", 2)
+        return false unless Textus::Role::NAMES.include?(archetype)
+        return true if subject.nil?
+
+        OWNER_SUBJECT_PATTERN.match?(subject)
+      end
+
       def self.validate_fetch_timeout!(value, path)
         return if value.nil?
         return if value.is_a?(Integer) && value.positive? && value <= FETCH_TIMEOUT_SECONDS_CEILING

data/lib/textus/ports/audit_subscriber.rb

@@ -33,7 +33,7 @@ module Textus
         extras["target_key"]  = kwargs[:target_key]  if kwargs.key?(:target_key)
         extras["pending_key"] = kwargs[:pending_key] if kwargs.key?(:pending_key)
         @audit_log.append(
-          role: "automation", verb: "event_error", key: key,
+          role: Textus::Role::AUTOMATION, verb: "event_error", key: key,
           etag_before: nil, etag_after: nil, extras: extras
         )
       end

data/lib/textus/ports/fetch/detached.rb

@@ -8,6 +8,10 @@ module Textus
           Process.respond_to?(:fork)
         end
 
+        def acting_role(store)
+          store.manifest.policy.actor_for("fetch")
+        end
+
         def spawn(store_root:, key:)
           return nil unless supported?
 
@@ -21,7 +25,13 @@ module Textus
 
             begin
               store = Textus::Store.new(store_root)
-              store.as("automation").fetch(key)
+              # No fetch-holder configured — exit the child cleanly. In practice
+              # this is unreachable: the background fork only happens after a
+              # foreground fetch was already authorized (so a fetch-holder
+              # exists). Config-time detection is doctor's job (ADR 0044 Q2).
+              role = acting_role(store)
+              exit(0) unless role
+              store.as(role).fetch(key)
             rescue StandardError
               # Already logged via :fetch_failed; exit cleanly.
             ensure

data/lib/textus/ports/publisher.rb

@@ -12,19 +12,41 @@ module Textus
     module Publisher
       def self.publish(source:, target:, store_root:)
         FileUtils.mkdir_p(File.dirname(target))
-        refuse_if_unmanaged(target, store_root)
+        guard_clobber(source, target, store_root)
         File.delete(target) if File.symlink?(target)
         FileUtils.cp(source, target)
         Textus::Ports::SentinelStore.new.write!(target: target, source: source, store_root: store_root)
       end
 
-      def self.refuse_if_unmanaged(target, store_root)
+      # Removes a previously-published file and its sentinel. No-op unless the
+      # target is textus-managed — never deletes an unmanaged file.
+      def self.unpublish(target:, store_root:)
+        return unless managed?(target, store_root)
+
+        FileUtils.rm_f(target)
+        sentinel = Textus::Ports::SentinelStore.new.sentinel_path(target, store_root)
+        FileUtils.rm_f(sentinel)
+      end
+
+      # Refuse to clobber an unmanaged target — EXCEPT adopt one whose bytes
+      # already equal the source (ADR 0050: a migration copies files into the
+      # store and publishes them back to where they already live, so the target
+      # is byte-identical — nothing is at risk). Adoption writes no sentinel
+      # here; the normal publish path below does, and the cp is a content no-op.
+      # An unmanaged target whose content DIFFERS, or any unmanaged symlink, is
+      # still refused — that is the guard's real job.
+      def self.guard_clobber(source, target, store_root)
         return unless File.exist?(target) || File.symlink?(target)
         return if managed?(target, store_root)
+        return if adoptable?(source, target)
 
         raise PublishError.new("refusing to clobber unmanaged file at #{target}", target: target)
       end
 
+      def self.adoptable?(source, target)
+        !File.symlink?(target) && File.file?(target) && FileUtils.identical?(source, target)
+      end
+
       def self.managed?(target, store_root)
         File.exist?(Textus::Ports::SentinelStore.new.sentinel_path(target, store_root))
       end

data/lib/textus/ports/sentinel_store.rb

@@ -42,6 +42,21 @@ module Textus
         File.join(store_root, DIR, rel + SUFFIX)
       end
 
+      # Absolute target paths of every sentinel recorded under `target_dir`.
+      def targets_under(target_dir, store_root)
+        repo_root = File.dirname(store_root)
+        rel = relative_to(target_dir, repo_root) or return []
+        sdir = File.join(store_root, DIR, rel)
+        return [] unless File.directory?(sdir)
+
+        prefix = File.join(store_root, DIR) + "/"
+        Dir.glob(File.join(sdir, "**", "*#{SUFFIX}")).map do |spath|
+          # strip the sentinel-store prefix and the .textus-managed.json suffix to recover the repo-relative target path
+          trel = spath.delete_prefix(prefix).delete_suffix(SUFFIX)
+          File.join(repo_root, trel)
+        end
+      end
+
       private
 
       def rel_or_abs(path, repo_root)

data/lib/textus/role.rb

@@ -1,15 +1,26 @@
 module Textus
   module Role
-    PATTERN = /\A[a-z][a-z0-9_-]*\z/
-    DEFAULT = "human".freeze
-    # The default acting identity for the MCP transport (ADR 0040): an agent
-    # over stdio proposes; it does not inherit the human's authority. CLI
-    # callers keep the `human` DEFAULT.
-    AGENT = "agent".freeze
+    # The three role archetypes, each string sourced exactly once: human curates
+    # canon, agent proposes, automation fetches/builds (explanation/concepts.md).
+    # Reference these constants instead of bare literals (ADR 0044).
+    HUMAN      = "human".freeze
+    AGENT      = "agent".freeze
+    AUTOMATION = "automation".freeze
+
+    # The closed set of legal role names (ADR 0045), built FROM the archetypes
+    # above so it stays the single source of truth — a manifest declaring any
+    # other name is rejected at load, and DEFAULT ∈ NAMES holds structurally.
+    # Capabilities (`can:`) remain freely tunable per role.
+    NAMES = [HUMAN, AGENT, AUTOMATION].freeze
+
+    # Default acting identity (ADR 0040): a *choice* over the vocabulary, not a
+    # new name. CLI callers act as the human; an agent over stdio proposes and
+    # does not inherit the human's authority (it defaults to AGENT per transport).
+    DEFAULT = HUMAN
 
     def self.resolve(root:, flag: nil, env: ENV, default: DEFAULT)
       candidate = flag || env["TEXTUS_ROLE"] || read_file(root) || default
-      raise InvalidRole.new(candidate) unless candidate.match?(PATTERN)
+      raise InvalidRole.new(candidate) unless NAMES.include?(candidate)
 
       candidate
     end

data/lib/textus/version.rb

@@ -1,4 +1,4 @@
 module Textus
-  VERSION = "0.39.1"
+  VERSION = "0.41.0"
   PROTOCOL = "textus/3"
 end

data/lib/textus/write/fetch_events.rb

@@ -0,0 +1,42 @@
+module Textus
+  module Write
+    # Single home for the fetch lifecycle event vocabulary (ADR 0048 D5). Both
+    # FetchWorker (synchronous semantics) and FetchOrchestrator (async policy)
+    # emit through this seam so the event names and payload shapes live in one
+    # place with one derived hook context.
+    class FetchEvents
+      def self.from(container:, call:)
+        new(
+          events: container.events,
+          hook_context: Textus::Hooks::Context.for(container: container, call: call),
+        )
+      end
+
+      def initialize(events:, hook_context:)
+        @events = events
+        @hook_context = hook_context
+      end
+
+      def started(key, mode: :sync)
+        @events.publish(:fetch_started, ctx: @hook_context, key: key, mode: mode)
+      end
+
+      def failed(key, error)
+        @events.publish(:fetch_failed, ctx: @hook_context, key: key,
+                                       error_class: error.class.name, error_message: error.message)
+      end
+
+      def fetched(key, envelope, change)
+        return if change == :unchanged
+
+        @events.publish(:entry_fetched, ctx: @hook_context, key: key, envelope: envelope, change: change)
+      end
+
+      def backgrounded(key, started_at:, budget_ms:)
+        payload = { key: key, started_at: started_at, budget_ms: budget_ms }
+        payload[:ctx] = @hook_context if @hook_context
+        @events.publish(:fetch_backgrounded, **payload)
+      end
+    end
+  end
+end

data/lib/textus/write/fetch_orchestrator.rb

@@ -10,6 +10,7 @@ module Textus
         @events       = events
         @hook_context = hook_context
         @detached_spawner = detached_spawner || default_spawner
+        @fetch_events = Textus::Write::FetchEvents.new(events: @events, hook_context: @hook_context)
       end
 
       def execute(action, key:)
@@ -82,9 +83,7 @@ module Textus
 
           probe.release
 
-          payload = { key: key, started_at: Time.now.utc.iso8601, budget_ms: budget_ms }
-          payload[:ctx] = @hook_context if @hook_context
-          @events.publish(:fetch_backgrounded, **payload)
+          @fetch_events.backgrounded(key, started_at: Time.now.utc.iso8601, budget_ms: budget_ms)
           @detached_spawner.call(store_root: @store_root, key: key)
           Textus::Domain::Outcome::Detached.new
         elsif result.is_a?(Textus::Error)