@a5c-ai/krate 5.0.1-staging.f672fe79b

package/src/agent-context-bundles.js

@@ -0,0 +1,242 @@
+import { createHash } from 'node:crypto';
+import { createResource, clone } from './resource-model.js';
+
+export const AGENT_CONTEXT_BUNDLES_BOUNDARY = {
+  role: 'agent-context-bundles',
+  scope: 'Context assembly, redaction, and digest computation for agent dispatch',
+  owns: ['prompt layer collection', 'redaction patterns', 'size enforcement', 'digest computation'],
+  delegatesTo: ['resource-model'],
+  mustNotOwn: ['secret values', 'runtime execution', 'Agent Mux sessions']
+};
+
+const PROMPT_LAYER_MAX = 64 * 1024;  // 64 KiB
+const BUNDLE_MAX = 750 * 1024;       // 750 KiB
+const MAX_ATTACHMENTS = 32;
+
+// Redaction patterns (ordered by priority)
+const REDACTION_PATTERNS = [
+  { kind: 'secret-key', pattern: /(?:API_KEY|API_SECRET|SECRET_KEY|ACCESS_KEY|PRIVATE_KEY|AUTH_TOKEN|PASSWORD|PASSWD|CREDENTIALS?)\s*[=:]\s*['"]?([^\s'"}{,\]]+)/gi },
+  { kind: 'provider-token', pattern: /\b(sk-[a-zA-Z0-9]{20,}|ghp_[a-zA-Z0-9]{36,}|gho_[a-zA-Z0-9]{36,}|glpat-[a-zA-Z0-9\-_]{20,}|xoxb-[a-zA-Z0-9\-]+|xoxp-[a-zA-Z0-9\-]+)\b/g },
+  { kind: 'bearer-token', pattern: /Bearer\s+[a-zA-Z0-9\-._~+\/]+=*/gi },
+  { kind: 'private-key', pattern: /-----BEGIN\s+(?:RSA\s+|EC\s+|DSA\s+|OPENSSH\s+)?PRIVATE\s+KEY-----[\s\S]*?-----END\s+(?:RSA\s+|EC\s+|DSA\s+|OPENSSH\s+)?PRIVATE\s+KEY-----/g },
+  { kind: 'base64-credential', pattern: /\b[A-Za-z0-9+\/]{40,}={0,2}\b/g },
+];
+
+function sha256(data) {
+  return createHash('sha256').update(data).digest('hex');
+}
+
+function truncateToLimit(text, limit) {
+  if (typeof text !== 'string') return '';
+  if (text.length <= limit) return text;
+  return text.slice(0, limit);
+}
+
+function applyRedactions(text) {
+  if (typeof text !== 'string' || text.length === 0) return { text, counts: {} };
+  const counts = {};
+  let redacted = text;
+  for (const { kind, pattern } of REDACTION_PATTERNS) {
+    const fresh = new RegExp(pattern.source, pattern.flags);
+    const before = redacted;
+    redacted = redacted.replace(fresh, (match) => {
+      counts[kind] = (counts[kind] || 0) + 1;
+      return `[REDACTED:${kind}]`;
+    });
+  }
+  return { text: redacted, counts };
+}
+
+function mergeRedactionCounts(target, source) {
+  for (const [kind, count] of Object.entries(source)) {
+    target[kind] = (target[kind] || 0) + count;
+  }
+}
+
+export function createRedactionManifest(redactionCounts) {
+  const total = Object.values(redactionCounts).reduce((sum, n) => sum + n, 0);
+  return { total, byKind: clone(redactionCounts) };
+}
+
+export function assembleContextBundle({ stack, repository, ref, sourceRefs = [], contextLabels = [], redactionPolicy, resources = {} }) {
+  const namespace = stack?.metadata?.namespace || 'default';
+  const organizationRef = stack?.spec?.organizationRef || 'default';
+  const allRedactionCounts = {};
+
+  // Step 1 — Collect prompt layers
+  const rawSystem = stack?.spec?.prompt?.system || '';
+  const rawDeveloper = stack?.spec?.prompt?.developer || '';
+  const rawTask = stack?.spec?.prompt?.task || '';
+
+  // Collect skill fragments
+  const skillFragments = [];
+  const skillRefs = stack?.spec?.skillRefs || [];
+  const agentSkills = resources.AgentSkill || [];
+  for (const skillRef of skillRefs) {
+    const skill = agentSkills.find((s) => s.metadata?.name === skillRef);
+    if (skill?.spec?.promptFragment) {
+      skillFragments.push({ name: skillRef, content: skill.spec.promptFragment });
+    }
+  }
+
+  // Collect label fragments
+  const labelFragments = [];
+  const agentContextLabels = resources.AgentContextLabel || [];
+  for (const labelRef of contextLabels) {
+    const label = agentContextLabels.find((l) => l.metadata?.name === labelRef);
+    if (label?.spec?.promptFragment) {
+      labelFragments.push({ name: labelRef, content: label.spec.promptFragment });
+    }
+  }
+
+  // Step 2 — Truncate each layer and compute digests
+  const system = truncateToLimit(rawSystem, PROMPT_LAYER_MAX);
+  const developer = truncateToLimit(rawDeveloper, PROMPT_LAYER_MAX);
+  const task = truncateToLimit(rawTask, PROMPT_LAYER_MAX);
+
+  // Apply redaction to prompt layers
+  const systemRedacted = applyRedactions(system);
+  mergeRedactionCounts(allRedactionCounts, systemRedacted.counts);
+  const developerRedacted = applyRedactions(developer);
+  mergeRedactionCounts(allRedactionCounts, developerRedacted.counts);
+  const taskRedacted = applyRedactions(task);
+  mergeRedactionCounts(allRedactionCounts, taskRedacted.counts);
+
+  const systemDigest = sha256(systemRedacted.text);
+  const developerDigest = sha256(developerRedacted.text);
+  const taskDigest = sha256(taskRedacted.text);
+
+  const skillLayerDigests = [];
+  const redactedSkillFragments = [];
+  for (const frag of skillFragments) {
+    const truncated = truncateToLimit(frag.content, PROMPT_LAYER_MAX);
+    const redacted = applyRedactions(truncated);
+    mergeRedactionCounts(allRedactionCounts, redacted.counts);
+    const digest = sha256(redacted.text);
+    skillLayerDigests.push({ role: `skill:${frag.name}`, digest, sizeBytes: redacted.text.length });
+    redactedSkillFragments.push({ name: frag.name, content: redacted.text });
+  }
+
+  const labelLayerDigests = [];
+  const redactedLabelFragments = [];
+  for (const frag of labelFragments) {
+    const truncated = truncateToLimit(frag.content, PROMPT_LAYER_MAX);
+    const redacted = applyRedactions(truncated);
+    mergeRedactionCounts(allRedactionCounts, redacted.counts);
+    const digest = sha256(redacted.text);
+    labelLayerDigests.push({ role: `label:${frag.name}`, digest, sizeBytes: redacted.text.length });
+    redactedLabelFragments.push({ name: frag.name, content: redacted.text });
+  }
+
+  // Step 3 — Collect sources from sourceRefs
+  const sources = [];
+  const limitedSourceRefs = sourceRefs.slice(0, MAX_ATTACHMENTS);
+  for (const srcRef of limitedSourceRefs) {
+    const content = truncateToLimit(srcRef.content || '', PROMPT_LAYER_MAX);
+    const redacted = applyRedactions(content);
+    mergeRedactionCounts(allRedactionCounts, redacted.counts);
+    sources.push({
+      kind: srcRef.kind || 'unknown',
+      ref: srcRef.ref || '',
+      content: redacted.text,
+      digest: sha256(redacted.text)
+    });
+  }
+
+  // Step 5 — Enforce total size
+  let wasTruncated = false;
+  const TRUNC_MARKER = '[...truncated at 750KiB limit]';
+  const TRUNC_MARKER_LEN = TRUNC_MARKER.length;
+
+  const computeTotalSize = () =>
+    systemRedacted.text.length + developerRedacted.text.length + taskRedacted.text.length +
+    redactedSkillFragments.reduce((s, f) => s + f.content.length, 0) +
+    redactedLabelFragments.reduce((s, f) => s + f.content.length, 0) +
+    sources.reduce((s, src) => s + src.content.length, 0);
+
+  let totalSize = computeTotalSize();
+
+  if (totalSize > BUNDLE_MAX) {
+    wasTruncated = true;
+    // Build a list of truncatable items (sources first, then labels, then skills)
+    // sorted by descending size so we cut the largest first
+    const truncatableItems = [
+      ...sources.map((s, i) => ({ type: 'source', index: i })),
+      ...redactedLabelFragments.map((f, i) => ({ type: 'label', index: i })),
+      ...redactedSkillFragments.map((f, i) => ({ type: 'skill', index: i }))
+    ];
+
+    const getContent = (t) => {
+      if (t.type === 'source') return sources[t.index].content;
+      if (t.type === 'label') return redactedLabelFragments[t.index].content;
+      return redactedSkillFragments[t.index].content;
+    };
+
+    truncatableItems.sort((a, b) => getContent(b).length - getContent(a).length);
+
+    for (const target of truncatableItems) {
+      totalSize = computeTotalSize();
+      if (totalSize <= BUNDLE_MAX) break;
+
+      const currentContent = getContent(target);
+      const excess = totalSize - BUNDLE_MAX;
+      // We need to remove at least `excess` bytes, but also account for the marker we add
+      const cutAmount = excess + TRUNC_MARKER_LEN;
+      const newLen = Math.max(0, currentContent.length - cutAmount);
+      const truncatedContent = currentContent.slice(0, newLen) + TRUNC_MARKER;
+
+      if (target.type === 'source') {
+        sources[target.index].content = truncatedContent;
+        sources[target.index].digest = sha256(truncatedContent);
+      } else if (target.type === 'label') {
+        redactedLabelFragments[target.index].content = truncatedContent;
+        labelLayerDigests[target.index].digest = sha256(truncatedContent);
+        labelLayerDigests[target.index].sizeBytes = truncatedContent.length;
+      } else if (target.type === 'skill') {
+        redactedSkillFragments[target.index].content = truncatedContent;
+        skillLayerDigests[target.index].digest = sha256(truncatedContent);
+        skillLayerDigests[target.index].sizeBytes = truncatedContent.length;
+      }
+    }
+  }
+
+  // Step 6 — Compute bundle digest
+  const promptLayers = [
+    { role: 'system', digest: systemDigest, sizeBytes: systemRedacted.text.length },
+    { role: 'developer', digest: developerDigest, sizeBytes: developerRedacted.text.length },
+    { role: 'task', digest: taskDigest, sizeBytes: taskRedacted.text.length },
+    ...skillLayerDigests,
+    ...labelLayerDigests,
+  ];
+
+  const digestPayload = JSON.stringify({
+    promptLayers,
+    sources: sources.map((s) => ({ kind: s.kind, ref: s.ref, digest: s.digest }))
+  });
+  const digest = sha256(digestPayload);
+
+  const redactionManifest = createRedactionManifest(allRedactionCounts);
+
+  // Step 7 — Build the resource
+  const resource = createResource('AgentContextBundle', { name: `bundle-${digest.slice(0, 12)}`, namespace }, {
+    organizationRef,
+    dispatchRun: '',
+    digest,
+    sources: limitedSourceRefs.map((s) => ({ kind: s.kind || 'unknown', ref: s.ref || '' })),
+    promptLayers,
+    redactions: redactionManifest,
+    limits: { maxBytes: BUNDLE_MAX, truncated: wasTruncated },
+  });
+
+  // Store actual text content in _content (in-memory only, not part of resource spec)
+  resource._content = {
+    system: systemRedacted.text,
+    developer: developerRedacted.text,
+    task: taskRedacted.text,
+    skillFragments: redactedSkillFragments,
+    labelFragments: redactedLabelFragments,
+    sources
+  };
+
+  return resource;
+}

package/src/agent-dispatch-controller.js

@@ -0,0 +1,86 @@
+import { createPermissionReviewer } from './agent-permission-review.js';
+import { createAgentStackController } from './agent-stack-controller.js';
+import { assembleContextBundle } from './agent-context-bundles.js';
+import { createResource, clone } from './resource-model.js';
+import { createAgentMuxClient } from './agent-mux-client.js';
+
+export const AGENT_DISPATCH_CONTROLLER_BOUNDARY = {
+  role: 'agent-dispatch-controller',
+  scope: 'Manual dispatch orchestration with permission gating and context assembly',
+  owns: ['dispatch creation', 'attempt lifecycle', 'Agent Mux session binding'],
+  delegatesTo: ['agent-permission-review', 'agent-stack-controller', 'agent-context-bundles', 'agent-mux-client'],
+  mustNotOwn: ['secret values', 'UI rendering']
+};
+
+export function createAgentDispatchController(options = {}) {
+  const permissionReviewer = options.permissionReviewer || createPermissionReviewer();
+  const stackController = options.stackController || createAgentStackController();
+  const agentMuxClient = options.agentMuxClient || createAgentMuxClient();
+
+  return {
+    role: 'agent-dispatch-controller',
+
+    async createManualDispatch({ repository, ref, sourceRefs = [], agentStack, taskKind, actor, namespace = 'default', organizationRef = 'default', resources = {} }) {
+      // 1. Find stack
+      const stack = (resources.AgentStack || []).find(s => s.metadata?.name === agentStack);
+      if (!stack) return { error: true, reason: 'stack-not-found', message: `AgentStack '${agentStack}' not found` };
+
+      // 2. Permission review
+      const review = permissionReviewer.reviewPermissions({ repository, ref, actor, agentStack, resources });
+      if (review.decision === 'denied') {
+        return { error: true, reason: 'permission-denied', message: 'Dispatch denied by permission review', review };
+      }
+      const permissionSnapshot = permissionReviewer.createPermissionSnapshot(review);
+
+      // 3. Assemble context bundle
+      const contextBundle = assembleContextBundle({ stack, repository, ref, sourceRefs, contextLabels: [], resources });
+
+      // 4. Create resources
+      const now = new Date().toISOString();
+      const runName = `dispatch-${Date.now()}`;
+
+      const run = createResource('AgentDispatchRun', { name: runName, namespace }, {
+        organizationRef,
+        repository,
+        sourceRefs: clone(sourceRefs),
+        agentStack,
+        taskKind: taskKind || 'diagnostic',
+        contextBundleRef: contextBundle.metadata.name,
+      });
+      run.status = { phase: 'Pending', queuedAt: now };
+
+      const attempt = createResource('AgentDispatchAttempt', { name: `${runName}-attempt-1`, namespace }, {
+        organizationRef,
+        agentDispatchRun: runName,
+        attemptReason: 'initial',
+        agentStackSnapshot: clone(stack.spec),
+        contextBundleDigest: contextBundle.spec.digest,
+      });
+      attempt.status = { permissionSnapshot, queueEnteredAt: now };
+
+      // 5. Try Agent Mux launch
+      if (agentMuxClient.isAvailable()) {
+        try {
+          const session = await agentMuxClient.launchSession({ stack, contextBundle, permissionSnapshot });
+          if (session && session.runId) {
+            attempt.status.agentMuxRunId = session.runId;
+            attempt.status.agentMuxSessionId = session.sessionId;
+            run.status.phase = 'Running';
+            attempt.status.startedAt = now;
+          } else {
+            run.status.phase = 'Queued';
+            run.status.conditions = [{ type: 'AgentMuxBound', status: 'False', reason: 'LaunchFailed', message: 'Agent Mux launch returned no session' }];
+          }
+        } catch {
+          run.status.phase = 'Queued';
+          run.status.conditions = [{ type: 'AgentMuxBound', status: 'False', reason: 'LaunchFailed' }];
+        }
+      } else {
+        run.status.phase = 'Queued';
+        run.status.conditions = [{ type: 'AgentMuxBound', status: 'False', reason: 'Unavailable', message: 'Agent Mux gateway not configured' }];
+      }
+
+      return { error: false, run, attempt, contextBundle, permissionSnapshot };
+    }
+  };
+}

package/src/agent-mux-client.js

@@ -0,0 +1,280 @@
+import http from 'node:http';
+import https from 'node:https';
+import { URL } from 'node:url';
+import { createResource } from './resource-model.js';
+
+export const AGENT_MUX_CLIENT_BOUNDARY = {
+  role: 'agent-mux-client',
+  scope: 'HTTP/SSE adapter for Agent Mux gateway — capabilities, sessions, events, transcripts',
+  owns: ['gateway HTTP calls', 'SSE event streaming', 'transcript reconciliation'],
+  delegatesTo: ['resource-model'],
+  mustNotOwn: ['secret values', 'permission review', 'resource persistence']
+};
+
+/**
+ * Internal HTTP request helper. Zero external deps — uses node:http / node:https.
+ * @param {string} url
+ * @param {{ method?: string, body?: object, headers?: Record<string,string>, timeout?: number }} options
+ * @returns {Promise<{ status: number, body: any }>}
+ */
+function httpRequest(url, { method = 'GET', body, headers = {}, timeout = 30000 } = {}) {
+  return new Promise((resolve, reject) => {
+    const parsed = new URL(url);
+    const transport = parsed.protocol === 'https:' ? https : http;
+    const opts = {
+      hostname: parsed.hostname,
+      port: parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
+      path: parsed.pathname + parsed.search,
+      method,
+      headers: { 'Accept': 'application/json', ...headers },
+      timeout,
+    };
+    if (body) {
+      const payload = JSON.stringify(body);
+      opts.headers['Content-Type'] = 'application/json';
+      opts.headers['Content-Length'] = Buffer.byteLength(payload);
+    }
+    const req = transport.request(opts, (res) => {
+      const chunks = [];
+      res.on('data', chunk => chunks.push(chunk));
+      res.on('end', () => {
+        const raw = Buffer.concat(chunks).toString();
+        try {
+          resolve({ status: res.statusCode, body: JSON.parse(raw) });
+        } catch {
+          resolve({ status: res.statusCode, body: raw });
+        }
+      });
+    });
+    req.on('timeout', () => { req.destroy(); reject(new Error('Request timeout')); });
+    req.on('error', reject);
+    if (body) req.write(JSON.stringify(body));
+    req.end();
+  });
+}
+
+/**
+ * Parse SSE text into an array of parsed JSON data payloads.
+ * Each `data: {...}` line is extracted; malformed JSON is silently skipped.
+ * @param {string} text
+ * @returns {object[]}
+ */
+export function parseSseLines(text) {
+  const events = [];
+  for (const block of text.split('\n\n')) {
+    for (const line of block.split('\n')) {
+      if (line.startsWith('data: ')) {
+        try { events.push(JSON.parse(line.slice(6))); } catch { /* skip malformed */ }
+      }
+    }
+  }
+  return events;
+}
+
+/**
+ * @param {{ gateway?: string, enabled?: boolean }} options
+ */
+export function createAgentMuxClient(options = {}) {
+  const { gateway = '', enabled = false } = options;
+
+  return {
+    role: 'agent-mux-client',
+
+    isAvailable() {
+      return enabled && !!gateway;
+    },
+
+    /**
+     * Query adapter capabilities from the gateway.
+     * GET {gateway}/api/v1/agents/{adapter}/capabilities
+     * @param {string} adapter
+     * @returns {Promise<object|null>}
+     */
+    async queryCapabilities(adapter) {
+      if (!this.isAvailable()) return null;
+      try {
+        const { status, body } = await httpRequest(`${gateway}/api/v1/agents/${encodeURIComponent(adapter)}/capabilities`);
+        if (status >= 200 && status < 300) return body;
+        return null;
+      } catch {
+        return null;
+      }
+    },
+
+    /**
+     * Launch a new agent session through the gateway.
+     * POST {gateway}/api/v1/sessions
+     * @param {{ stack: object, contextBundle?: object, permissionSnapshot?: object, workspace?: object }} params
+     * @returns {Promise<{ runId: string, sessionId: string }|null>}
+     */
+    async launchSession({ stack, contextBundle, permissionSnapshot, workspace }) {
+      if (!this.isAvailable()) return null;
+      try {
+        const payload = {
+          agent: stack?.baseAgent,
+          model: stack?.model,
+          prompt: contextBundle?.prompt,
+          systemPrompt: contextBundle?.systemPrompt,
+          attachments: contextBundle?.attachments,
+          workspace: workspace?.workspacePath,
+        };
+        const { status, body } = await httpRequest(`${gateway}/api/v1/sessions`, { method: 'POST', body: payload });
+        if (status >= 200 && status < 300 && body?.runId && body?.sessionId) {
+          return { runId: body.runId, sessionId: body.sessionId };
+        }
+        return null;
+      } catch {
+        return null;
+      }
+    },
+
+    /**
+     * Get session status from the gateway.
+     * GET {gateway}/api/v1/sessions/{sessionId}
+     * @param {string} sessionId
+     * @returns {Promise<object|null>}
+     */
+    async getSessionStatus(sessionId) {
+      if (!this.isAvailable()) return null;
+      try {
+        const { status, body } = await httpRequest(`${gateway}/api/v1/sessions/${encodeURIComponent(sessionId)}`);
+        if (status >= 200 && status < 300) return body;
+        return null;
+      } catch {
+        return null;
+      }
+    },
+
+    /**
+     * Subscribe to SSE events for a run. Reconnects with exponential backoff (1s, 2s, 4s... max 30s).
+     * GET {gateway}/api/v1/runs/{runId}/events (Accept: text/event-stream)
+     * @param {string} runId
+     * @param {(event: object) => void} callback
+     * @returns {{ abort: () => void }}
+     */
+    subscribeToEvents(runId, callback) {
+      let aborted = false;
+      let currentReq = null;
+      let backoff = 1000;
+
+      const connect = () => {
+        if (aborted) return;
+        try {
+          const parsed = new URL(`${gateway}/api/v1/runs/${encodeURIComponent(runId)}/events`);
+          const transport = parsed.protocol === 'https:' ? https : http;
+          const opts = {
+            hostname: parsed.hostname,
+            port: parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
+            path: parsed.pathname + parsed.search,
+            method: 'GET',
+            headers: { 'Accept': 'text/event-stream' },
+          };
+          currentReq = transport.request(opts, (res) => {
+            if (aborted) return;
+            // Reset backoff on successful connection
+            backoff = 1000;
+            let buffer = '';
+            res.on('data', (chunk) => {
+              if (aborted) return;
+              buffer += chunk.toString();
+              // Process complete SSE blocks (separated by double newlines)
+              const parts = buffer.split('\n\n');
+              // Keep the last part as it may be incomplete
+              buffer = parts.pop() || '';
+              for (const block of parts) {
+                for (const line of block.split('\n')) {
+                  if (line.startsWith('data: ')) {
+                    try {
+                      callback(JSON.parse(line.slice(6)));
+                    } catch { /* skip malformed */ }
+                  }
+                }
+              }
+            });
+            res.on('end', () => {
+              if (!aborted) reconnect();
+            });
+            res.on('error', () => {
+              if (!aborted) reconnect();
+            });
+          });
+          currentReq.on('error', () => {
+            if (!aborted) reconnect();
+          });
+          currentReq.end();
+        } catch {
+          if (!aborted) reconnect();
+        }
+      };
+
+      const reconnect = () => {
+        if (aborted) return;
+        const delay = backoff;
+        backoff = Math.min(backoff * 2, 30000);
+        setTimeout(connect, delay);
+      };
+
+      connect();
+
+      return {
+        abort() {
+          aborted = true;
+          if (currentReq) {
+            currentReq.destroy();
+            currentReq = null;
+          }
+        }
+      };
+    },
+
+    /**
+     * Reconcile SSE events into an AgentSessionTranscript resource.
+     * Parses events by role, computes cost, creates the resource via createResource().
+     * @param {string} sessionId
+     * @param {object[]} events
+     * @param {{ namespace?: string, organizationRef?: string }} options
+     * @returns {object} AgentSessionTranscript resource
+     */
+    reconcileTranscript(sessionId, events, { namespace = 'default', organizationRef = 'default' } = {}) {
+      const messages = [];
+      let totalInputTokens = 0;
+      let totalOutputTokens = 0;
+
+      for (const event of events) {
+        if (!event || typeof event !== 'object') continue;
+        const role = event.role || 'unknown';
+        const content = event.content || event.text || event.message || '';
+        const node = {
+          role,
+          content: typeof content === 'string' ? content : JSON.stringify(content),
+          timestamp: event.timestamp || new Date().toISOString(),
+        };
+        if (event.toolUse) node.toolUse = event.toolUse;
+        if (event.toolResult) node.toolResult = event.toolResult;
+        messages.push(node);
+
+        // Accumulate token usage if present
+        if (event.usage) {
+          totalInputTokens += event.usage.inputTokens || 0;
+          totalOutputTokens += event.usage.outputTokens || 0;
+        }
+      }
+
+      return createResource(
+        'AgentSessionTranscript',
+        { name: `transcript-${sessionId}`, namespace },
+        {
+          organizationRef,
+          sessionRef: sessionId,
+          messages,
+          cost: {
+            inputTokens: totalInputTokens,
+            outputTokens: totalOutputTokens,
+            totalTokens: totalInputTokens + totalOutputTokens,
+          },
+        },
+        { phase: 'Reconciled', reconciledAt: new Date().toISOString() }
+      );
+    },
+  };
+}