@a5c-ai/tasks-adapter 5.1.1-staging.52898ebfc24f

package/dist/proven/keys.js

@@ -0,0 +1,117 @@
+import { generateKeyPairSync, createHash } from "node:crypto";
+import { promises as fs } from "node:fs";
+import * as path from "node:path";
+/**
+ * Generate a new Ed25519 key pair for a responder.
+ */
+export function generateKeyPair(responderId, responderName) {
+    const { publicKey, privateKey } = generateKeyPairSync("ed25519");
+    const pubDer = publicKey.export({ type: "spki", format: "der" });
+    const privPkcs8 = privateKey.export({ type: "pkcs8", format: "der" });
+    const fingerprint = createHash("sha256").update(pubDer).digest("hex");
+    const now = new Date().toISOString();
+    return {
+        publicKeyRecord: {
+            publicKey: pubDer.toString("base64"),
+            metadata: {
+                fingerprint,
+                responderId,
+                responderName,
+                createdAt: now,
+            },
+        },
+        privateKeyRecord: {
+            privateKey: privPkcs8.toString("base64"),
+            fingerprint,
+            responderId,
+        },
+    };
+}
+/**
+ * Save a public key to the trusted keys directory (git-tracked).
+ */
+export async function saveTrustedPublicKey(publicKeyRecord, baseDir) {
+    const dir = baseDir
+        ? path.join(baseDir, ".keys", "trusted")
+        : path.resolve(process.cwd(), ".breakpoints", ".keys", "trusted");
+    await fs.mkdir(dir, { recursive: true });
+    const filePath = path.join(dir, `${publicKeyRecord.metadata.fingerprint}.pub.json`);
+    await fs.writeFile(filePath, JSON.stringify(publicKeyRecord, null, 2) + "\n", "utf-8");
+    return filePath;
+}
+/**
+ * Save a private key to the private keys directory (gitignored).
+ */
+export async function savePrivateKey(privateKeyRecord, baseDir) {
+    const dir = baseDir
+        ? path.join(baseDir, ".keys", "private")
+        : path.resolve(process.cwd(), ".breakpoints", ".keys", "private");
+    await fs.mkdir(dir, { recursive: true });
+    const filePath = path.join(dir, `${privateKeyRecord.fingerprint}.key.json`);
+    await fs.writeFile(filePath, JSON.stringify(privateKeyRecord, null, 2) + "\n", "utf-8");
+    return filePath;
+}
+/**
+ * Load all trusted public keys from the trusted directory.
+ */
+export async function loadTrustedPublicKeys(baseDir) {
+    const dir = baseDir
+        ? path.join(baseDir, ".keys", "trusted")
+        : path.resolve(process.cwd(), ".breakpoints", ".keys", "trusted");
+    let files;
+    try {
+        files = await fs.readdir(dir);
+    }
+    catch {
+        return [];
+    }
+    const keys = [];
+    for (const file of files) {
+        if (!file.endsWith(".pub.json"))
+            continue;
+        const raw = await fs.readFile(path.join(dir, file), "utf-8");
+        keys.push(JSON.parse(raw));
+    }
+    return keys;
+}
+/**
+ * Load a private key by fingerprint.
+ */
+export async function loadPrivateKey(fingerprint, baseDir) {
+    const dir = baseDir
+        ? path.join(baseDir, ".keys", "private")
+        : path.resolve(process.cwd(), ".breakpoints", ".keys", "private");
+    const filePath = path.join(dir, `${fingerprint}.key.json`);
+    try {
+        const raw = await fs.readFile(filePath, "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Rotate a key: generate new pair, save both, mark old public key as expired.
+ */
+export async function rotateKey(responderId, responderName, oldFingerprint, baseDir) {
+    // Mark old key as expired
+    const trustedDir = baseDir
+        ? path.join(baseDir, ".keys", "trusted")
+        : path.resolve(process.cwd(), ".breakpoints", ".keys", "trusted");
+    const oldKeyPath = path.join(trustedDir, `${oldFingerprint}.pub.json`);
+    try {
+        const raw = await fs.readFile(oldKeyPath, "utf-8");
+        const oldKey = JSON.parse(raw);
+        oldKey.metadata.expiresAt = new Date().toISOString();
+        oldKey.metadata.note = `Rotated. Superseded by new key for ${responderId}.`;
+        await fs.writeFile(oldKeyPath, JSON.stringify(oldKey, null, 2) + "\n", "utf-8");
+    }
+    catch {
+        // Old key may not exist; that's fine
+    }
+    // Generate and save new pair
+    const newPair = generateKeyPair(responderId, responderName);
+    await saveTrustedPublicKey(newPair.publicKeyRecord, baseDir);
+    await savePrivateKey(newPair.privateKeyRecord, baseDir);
+    return newPair;
+}

package/dist/proven/sign.d.ts

@@ -0,0 +1,16 @@
+import type { BreakpointAnswer, ProvenBreakpointAnswer } from "../types.js";
+import type { PrivateKeyRecord } from "./types.js";
+/**
+ * Sign a BreakpointAnswer with the responder's private key.
+ *
+ * Returns a ProvenBreakpointAnswer with the signature and key metadata.
+ */
+export declare function signAnswer(answer: BreakpointAnswer, fingerprint: string, baseDir?: string): Promise<ProvenBreakpointAnswer>;
+/**
+ * Sign a BreakpointAnswer using an already-loaded PrivateKeyRecord.
+ *
+ * This avoids requiring the key to be persisted on disk and is useful
+ * for backends that load the key from a configured path.
+ */
+export declare function signAnswerWithKeyRecord(answer: BreakpointAnswer, keyRecord: PrivateKeyRecord): ProvenBreakpointAnswer;
+//# sourceMappingURL=sign.d.ts.map

package/dist/proven/sign.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../../src/proven/sign.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAE5E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AA4BnD;;;;GAIG;AACH,wBAAsB,UAAU,CAC9B,MAAM,EAAE,gBAAgB,EACxB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,sBAAsB,CAAC,CAOjC;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,gBAAgB,EACxB,SAAS,EAAE,gBAAgB,GAC1B,sBAAsB,CAiBxB"}

package/dist/proven/sign.js

@@ -0,0 +1,60 @@
+import { createPrivateKey, sign as cryptoSign } from "node:crypto";
+import { loadPrivateKey } from "./keys.js";
+/**
+ * Fields included in the signature. The order is canonical.
+ */
+const SIGNED_FIELDS = [
+    "id",
+    "breakpointId",
+    "responderId",
+    "text",
+    "approved",
+    "confidence",
+    "answeredAt",
+];
+/**
+ * Build the canonical signing payload from an answer.
+ * Fields are sorted, null/undefined serialized as empty string.
+ */
+function buildSigningPayload(answer) {
+    const parts = [];
+    for (const field of SIGNED_FIELDS) {
+        const value = answer[field];
+        parts.push(`${field}=${value ?? ""}`);
+    }
+    return Buffer.from(parts.join("\n"), "utf-8");
+}
+/**
+ * Sign a BreakpointAnswer with the responder's private key.
+ *
+ * Returns a ProvenBreakpointAnswer with the signature and key metadata.
+ */
+export async function signAnswer(answer, fingerprint, baseDir) {
+    const keyRecord = await loadPrivateKey(fingerprint, baseDir);
+    if (!keyRecord) {
+        throw new Error(`Private key not found for fingerprint: ${fingerprint}`);
+    }
+    return signAnswerWithKeyRecord(answer, keyRecord);
+}
+/**
+ * Sign a BreakpointAnswer using an already-loaded PrivateKeyRecord.
+ *
+ * This avoids requiring the key to be persisted on disk and is useful
+ * for backends that load the key from a configured path.
+ */
+export function signAnswerWithKeyRecord(answer, keyRecord) {
+    const privateKey = createPrivateKey({
+        key: Buffer.from(keyRecord.privateKey, "base64"),
+        format: "der",
+        type: "pkcs8",
+    });
+    const payload = buildSigningPayload(answer);
+    const signature = cryptoSign(null, payload, privateKey);
+    return {
+        ...answer,
+        signature: signature.toString("base64"),
+        publicKeyFingerprint: keyRecord.fingerprint,
+        signedAt: new Date().toISOString(),
+        signedFields: [...SIGNED_FIELDS],
+    };
+}

package/dist/proven/types.d.ts

@@ -0,0 +1,26 @@
+export interface KeyPairMetadata {
+    /** Hex-encoded fingerprint (SHA-256 of public key DER). */
+    fingerprint: string;
+    /** Responder identity associated with this key. */
+    responderId: string;
+    responderName: string;
+    /** ISO timestamp of key creation. */
+    createdAt: string;
+    /** ISO timestamp when this key should no longer be used for signing. */
+    expiresAt?: string;
+    /** Human-readable note. */
+    note?: string;
+}
+export interface PublicKeyRecord {
+    /** Base64-encoded Ed25519 public key (DER/SPKI format). */
+    publicKey: string;
+    metadata: KeyPairMetadata;
+}
+export interface PrivateKeyRecord {
+    /** Base64-encoded Ed25519 private key (PKCS8 format). */
+    privateKey: string;
+    /** Fingerprint linking to the corresponding public key. */
+    fingerprint: string;
+    responderId: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/proven/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/proven/types.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,eAAe;IAC9B,2DAA2D;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,wEAAwE;IACxE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,2DAA2D;IAC3D,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,eAAe,CAAC;CAC3B;AAED,MAAM,WAAW,gBAAgB;IAC/B,yDAAyD;IACzD,UAAU,EAAE,MAAM,CAAC;IACnB,2DAA2D;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB"}

package/dist/proven/types.js

@@ -0,0 +1,5 @@
+// ── Proven-specific types ───────────────────────────────────────────────
+// These types are used internally by the proven subsystem for key management.
+// The ProvenBreakpointAnswer and ProvenVerificationResult schemas live in
+// src/types.ts as they are part of the public domain model.
+export {};

package/dist/proven/verify.d.ts

@@ -0,0 +1,6 @@
+import type { ProvenBreakpointAnswer, ProvenVerificationResult } from "../types.js";
+/**
+ * Verify a proven breakpoint answer against trusted public keys.
+ */
+export declare function verifyAnswer(provenAnswer: ProvenBreakpointAnswer, baseDir?: string): Promise<ProvenVerificationResult>;
+//# sourceMappingURL=verify.d.ts.map

package/dist/proven/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/proven/verify.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,sBAAsB,EAAE,wBAAwB,EAAoB,MAAM,aAAa,CAAC;AAetG;;GAEG;AACH,wBAAsB,YAAY,CAChC,YAAY,EAAE,sBAAsB,EACpC,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,wBAAwB,CAAC,CAiDnC"}

package/dist/proven/verify.js

@@ -0,0 +1,58 @@
+import { createPublicKey, verify as cryptoVerify } from "node:crypto";
+import { loadTrustedPublicKeys } from "./keys.js";
+/**
+ * Rebuild the canonical signing payload for verification.
+ */
+function buildSigningPayload(answer, signedFields) {
+    const parts = [];
+    for (const field of signedFields) {
+        const value = answer[field];
+        parts.push(`${field}=${value ?? ""}`);
+    }
+    return Buffer.from(parts.join("\n"), "utf-8");
+}
+/**
+ * Verify a proven breakpoint answer against trusted public keys.
+ */
+export async function verifyAnswer(provenAnswer, baseDir) {
+    const trustedKeys = await loadTrustedPublicKeys(baseDir);
+    const matchingKey = trustedKeys.find((k) => k.metadata.fingerprint === provenAnswer.publicKeyFingerprint);
+    if (!matchingKey) {
+        return {
+            valid: false,
+            publicKeyFingerprint: provenAnswer.publicKeyFingerprint,
+            reason: "Public key not found in trusted keys",
+            verifiedAt: new Date().toISOString(),
+        };
+    }
+    // Check key expiration
+    if (matchingKey.metadata.expiresAt) {
+        const expiresAt = new Date(matchingKey.metadata.expiresAt);
+        const signedAt = new Date(provenAnswer.signedAt);
+        if (signedAt > expiresAt) {
+            return {
+                valid: false,
+                publicKeyFingerprint: provenAnswer.publicKeyFingerprint,
+                responderName: matchingKey.metadata.responderName,
+                reason: "Key was expired at time of signing",
+                verifiedAt: new Date().toISOString(),
+            };
+        }
+    }
+    // Verify signature
+    const publicKey = createPublicKey({
+        key: Buffer.from(matchingKey.publicKey, "base64"),
+        format: "der",
+        type: "spki",
+    });
+    const payload = buildSigningPayload(provenAnswer, provenAnswer.signedFields);
+    const signatureBuffer = Buffer.from(provenAnswer.signature, "base64");
+    const isValid = cryptoVerify(null, payload, publicKey, signatureBuffer);
+    return {
+        valid: isValid,
+        publicKeyFingerprint: provenAnswer.publicKeyFingerprint,
+        responderName: matchingKey.metadata.responderName,
+        reason: isValid ? "Signature verified successfully" : "Signature verification failed",
+        verifiedAt: new Date().toISOString(),
+    };
+}

package/dist/responders/types.d.ts

@@ -0,0 +1,38 @@
+import type { ResponderProfile, ResponderType } from "../types.js";
+export type { ResponderProfile, ResponderType } from "../types.js";
+export interface TaskRoutingHints {
+    external?: boolean;
+    responderType?: ResponderType;
+    preferredResponderId?: string;
+    capabilities?: string[];
+    requiredCapabilities?: string[];
+    adapter?: string;
+    model?: string;
+    provider?: string;
+    trackerBackend?: string;
+    fallbackType?: ResponderType;
+}
+export interface BaseResponder extends ResponderProfile {
+    type: Exclude<ResponderType, "auto">;
+    capabilities: string[];
+}
+export interface HumanResponder extends BaseResponder {
+    type: "human";
+}
+export interface AgentResponder extends BaseResponder {
+    type: "agent";
+    adapter?: string;
+    model?: string;
+    provider?: string;
+}
+export interface TrackerResponder extends BaseResponder {
+    type: "tracker";
+    trackerBackend?: string;
+    trackerConfig?: Record<string, unknown>;
+}
+export interface InternalResponder extends BaseResponder {
+    type: "internal";
+}
+export type Responder = HumanResponder | AgentResponder | TrackerResponder | InternalResponder;
+export type RoutedResponder = Responder;
+//# sourceMappingURL=types.d.ts.map

package/dist/responders/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/responders/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAEnE,YAAY,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAEnE,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,aAAa,CAAC;CAC9B;AAED,MAAM,WAAW,aAAc,SAAQ,gBAAgB;IACrD,IAAI,EAAE,OAAO,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IACrC,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,cAAe,SAAQ,aAAa;IACnD,IAAI,EAAE,OAAO,CAAC;CACf;AAED,MAAM,WAAW,cAAe,SAAQ,aAAa;IACnD,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gBAAiB,SAAQ,aAAa;IACrD,IAAI,EAAE,SAAS,CAAC;IAChB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACzC;AAED,MAAM,WAAW,iBAAkB,SAAQ,aAAa;IACtD,IAAI,EAAE,UAAU,CAAC;CAClB;AAED,MAAM,MAAM,SAAS,GACjB,cAAc,GACd,cAAc,GACd,gBAAgB,GAChB,iBAAiB,CAAC;AAEtB,MAAM,MAAM,eAAe,GAAG,SAAS,CAAC"}

package/dist/responders/types.js

@@ -0,0 +1 @@
+export {};

package/dist/router.d.ts

@@ -0,0 +1,51 @@
+import type { BreakpointBackend } from "./backend.js";
+import type { ResponderProfile, ResponderType } from "./types.js";
+import type { RoutedResponder, TaskRoutingHints } from "./responders/types.js";
+export interface RoutableTaskDef {
+    kind: string;
+    title?: string;
+    agent?: TaskRoutingHints & Record<string, unknown>;
+    breakpoint?: TaskRoutingHints & Record<string, unknown>;
+    metadata?: TaskRoutingHints & Record<string, unknown>;
+}
+export interface TaskRouteContext {
+    agentBackend?: BreakpointBackend;
+    humanBackend?: BreakpointBackend;
+    trackerBackend?: BreakpointBackend;
+    responders?: ResponderProfile[];
+}
+export type TaskRouteDecision = {
+    responderType: "internal";
+    responder: RoutedResponder;
+    route: "agent-core";
+    reason: string;
+} | {
+    responderType: "human";
+    responder: RoutedResponder;
+    route: "breakpoint";
+    backend?: BreakpointBackend;
+    reason: string;
+} | {
+    responderType: "agent";
+    responder: RoutedResponder;
+    route: "adapters";
+    backend?: BreakpointBackend;
+    reason: string;
+} | {
+    responderType: "tracker";
+    responder?: RoutedResponder;
+    route: "external-tracker";
+    backend?: BreakpointBackend;
+    unavailable?: boolean;
+    reason: string;
+};
+export declare function routeTask(task: RoutableTaskDef, context?: TaskRouteContext): TaskRouteDecision;
+export declare class TaskRouter {
+    private readonly context;
+    constructor(context?: TaskRouteContext);
+    routeTask(task: RoutableTaskDef, context?: TaskRouteContext): TaskRouteDecision;
+    matchResponder(type: Exclude<ResponderType, "auto">, hints?: TaskRoutingHints): RoutedResponder | undefined;
+}
+export declare function routingHints(task: RoutableTaskDef): TaskRoutingHints;
+export declare function isHostDelegableRoute(decision: TaskRouteDecision): boolean;
+//# sourceMappingURL=router.d.ts.map

package/dist/router.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../src/router.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,KAAK,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAClE,OAAO,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAE/E,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,gBAAgB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnD,UAAU,CAAC,EAAE,gBAAgB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxD,QAAQ,CAAC,EAAE,gBAAgB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACvD;AAED,MAAM,WAAW,gBAAgB;IAC/B,YAAY,CAAC,EAAE,iBAAiB,CAAC;IACjC,YAAY,CAAC,EAAE,iBAAiB,CAAC;IACjC,cAAc,CAAC,EAAE,iBAAiB,CAAC;IACnC,UAAU,CAAC,EAAE,gBAAgB,EAAE,CAAC;CACjC;AAED,MAAM,MAAM,iBAAiB,GACzB;IACE,aAAa,EAAE,UAAU,CAAC;IAC1B,SAAS,EAAE,eAAe,CAAC;IAC3B,KAAK,EAAE,YAAY,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB,GACD;IACE,aAAa,EAAE,OAAO,CAAC;IACvB,SAAS,EAAE,eAAe,CAAC;IAC3B,KAAK,EAAE,YAAY,CAAC;IACpB,OAAO,CAAC,EAAE,iBAAiB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;CAChB,GACD;IACE,aAAa,EAAE,OAAO,CAAC;IACvB,SAAS,EAAE,eAAe,CAAC;IAC3B,KAAK,EAAE,UAAU,CAAC;IAClB,OAAO,CAAC,EAAE,iBAAiB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;CAChB,GACD;IACE,aAAa,EAAE,SAAS,CAAC;IACzB,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,KAAK,EAAE,kBAAkB,CAAC;IAC1B,OAAO,CAAC,EAAE,iBAAiB,CAAC;IAC5B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEN,wBAAgB,SAAS,CAAC,IAAI,EAAE,eAAe,EAAE,OAAO,GAAE,gBAAqB,GAAG,iBAAiB,CAElG;AAED,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAmB;gBAE/B,OAAO,GAAE,gBAAqB;IAI1C,SAAS,CAAC,IAAI,EAAE,eAAe,EAAE,OAAO,GAAE,gBAAqB,GAAG,iBAAiB;IA0CnF,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC,aAAa,EAAE,MAAM,CAAC,EAAE,KAAK,GAAE,gBAAqB,GAAG,eAAe,GAAG,SAAS;CAGhH;AA6BD,wBAAgB,YAAY,CAAC,IAAI,EAAE,eAAe,GAAG,gBAAgB,CAcpE;AAED,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,OAAO,CAEzE"}

package/dist/router.js

@@ -0,0 +1,200 @@
+export function routeTask(task, context = {}) {
+    return new TaskRouter(context).routeTask(task);
+}
+export class TaskRouter {
+    context;
+    constructor(context = {}) {
+        this.context = context;
+    }
+    routeTask(task, context = {}) {
+        const mergedContext = { ...this.context, ...context };
+        const hints = routingHints(task);
+        const requested = hints.responderType ?? (hints.external ? "agent" : defaultResponderType(task));
+        if (requested === "auto") {
+            const agent = selectResponder(mergedContext.responders, "agent", preferredResponder(hints), requiredCapabilities(hints));
+            if (agent || (mergedContext.agentBackend && !hasResponderInventory(mergedContext))) {
+                return agentDecision(hints, mergedContext, agent, "auto selected available agent responder");
+            }
+            return humanDecision(mergedContext, "auto fell back to human responder", hints);
+        }
+        if (requested === "agent") {
+            const responder = selectResponder(mergedContext.responders, "agent", preferredResponder(hints), requiredCapabilities(hints));
+            if (!responder && !mergedContext.agentBackend && hints.fallbackType && hints.fallbackType !== "agent") {
+                return fallbackDecision(hints.fallbackType, task, mergedContext, `agent responder unavailable; fell back to ${hints.fallbackType}`);
+            }
+            return agentDecision(hints, mergedContext, responder, "agent responder requested");
+        }
+        if (requested === "human") {
+            return humanDecision(mergedContext, "human responder requested", hints);
+        }
+        if (requested === "tracker") {
+            const responder = selectResponder(mergedContext.responders, "tracker", hints.trackerBackend, requiredCapabilities(hints));
+            return {
+                responderType: "tracker",
+                responder,
+                route: "external-tracker",
+                backend: mergedContext.trackerBackend,
+                unavailable: !mergedContext.trackerBackend,
+                reason: mergedContext.trackerBackend
+                    ? "tracker responder requested"
+                    : `ExternalTrackerBackend unavailable for ${hints.trackerBackend ?? "default tracker"}`,
+            };
+        }
+        return internalDecision("internal responder requested");
+    }
+    matchResponder(type, hints = {}) {
+        return selectResponder(this.context.responders, type, preferredResponder(hints), requiredCapabilities(hints));
+    }
+}
+function fallbackDecision(fallbackType, task, context, reason) {
+    if (fallbackType === "human") {
+        return humanDecision(context, reason, routingHints(task));
+    }
+    if (fallbackType === "tracker") {
+        const hints = routingHints(task);
+        const responder = selectResponder(context.responders, "tracker", hints.trackerBackend, requiredCapabilities(hints));
+        return {
+            responderType: "tracker",
+            responder,
+            route: "external-tracker",
+            backend: context.trackerBackend,
+            unavailable: !context.trackerBackend,
+            reason,
+        };
+    }
+    if (fallbackType === "auto") {
+        return humanDecision(context, reason);
+    }
+    return internalDecision(reason);
+}
+export function routingHints(task) {
+    const source = task.agent ?? task.breakpoint ?? {};
+    return {
+        responderType: source.responderType ?? task.metadata?.responderType,
+        external: source.external ?? task.metadata?.external,
+        preferredResponderId: source.preferredResponderId ?? task.metadata?.preferredResponderId,
+        capabilities: source.capabilities ?? task.metadata?.capabilities,
+        requiredCapabilities: source.requiredCapabilities ?? task.metadata?.requiredCapabilities,
+        adapter: source.adapter ?? task.metadata?.adapter,
+        model: source.model ?? task.metadata?.model,
+        provider: source.provider ?? task.metadata?.provider,
+        trackerBackend: source.trackerBackend ?? task.metadata?.trackerBackend,
+        fallbackType: source.fallbackType ?? task.metadata?.fallbackType,
+    };
+}
+export function isHostDelegableRoute(decision) {
+    return decision.route === "agent-core";
+}
+function defaultResponderType(task) {
+    if (task.kind === "breakpoint")
+        return "human";
+    return "internal";
+}
+function internalDecision(reason) {
+    return {
+        responderType: "internal",
+        route: "agent-core",
+        reason,
+        responder: {
+            id: "agent-core",
+            type: "internal",
+            name: "Internal Agent",
+            title: "Internal Agent",
+            capabilities: ["text", "agent-core", "internal"],
+            domains: [],
+            tags: ["internal"],
+            availability: true,
+            responseTimeSla: 1,
+        },
+    };
+}
+function humanDecision(context, reason, hints = {}) {
+    const responder = selectResponder(context.responders, "human", preferredResponder(hints), requiredCapabilities(hints)) ?? {
+        id: "human",
+        type: "human",
+        name: "Human Responder",
+        title: "Human Responder",
+        capabilities: ["text", "review", "approval"],
+        domains: [],
+        tags: ["human"],
+        availability: true,
+        responseTimeSla: 300_000,
+    };
+    return { responderType: "human", route: "breakpoint", backend: context.humanBackend, responder, reason };
+}
+function agentDecision(hints, context, responder, reason) {
+    return {
+        responderType: "agent",
+        route: "adapters",
+        backend: context.agentBackend,
+        reason,
+        responder: responder ?? {
+            id: hints.adapter ?? "adapters",
+            type: "agent",
+            name: hints.adapter ?? "AgentMux Responder",
+            title: "AgentMux Responder",
+            capabilities: requiredCapabilities(hints),
+            domains: [],
+            tags: ["agent"],
+            availability: true,
+            responseTimeSla: 300_000,
+            adapter: hints.adapter,
+            model: hints.model,
+            provider: hints.provider,
+        },
+    };
+}
+function selectResponder(responders, type, preferred, capabilities = []) {
+    const available = responders
+        ?.map((responder) => normalizeResponder(responder))
+        .filter((responder) => responder.type === type &&
+        responder.availability &&
+        hasCapabilities(responder, capabilities)) ?? [];
+    if (preferred) {
+        const preferredMatch = available.find((responder) => responder.id === preferred ||
+            responder.adapter === preferred ||
+            responder.trackerBackend === preferred);
+        if (preferredMatch)
+            return preferredMatch;
+    }
+    return available.sort(compareResponderPriority)[0];
+}
+function normalizeResponder(responder) {
+    const type = responder.type ?? "human";
+    return {
+        ...responder,
+        type,
+        capabilities: normalizedCapabilities(responder),
+    };
+}
+function normalizedCapabilities(responder) {
+    return uniqueLowercase([
+        ...(responder.capabilities ?? []),
+        ...responder.domains,
+        ...responder.tags,
+    ]);
+}
+function hasCapabilities(responder, capabilities) {
+    if (capabilities.length === 0)
+        return true;
+    const available = new Set(responder.capabilities.map((capability) => capability.toLowerCase()));
+    return capabilities.every((capability) => available.has(capability.toLowerCase()));
+}
+function requiredCapabilities(hints) {
+    return uniqueLowercase(hints.requiredCapabilities ?? hints.capabilities ?? []);
+}
+function preferredResponder(hints) {
+    return hints.preferredResponderId ?? hints.adapter ?? hints.trackerBackend;
+}
+function hasResponderInventory(context) {
+    return Array.isArray(context.responders);
+}
+function compareResponderPriority(a, b) {
+    const sla = a.responseTimeSla - b.responseTimeSla;
+    if (sla !== 0)
+        return sla;
+    return a.id.localeCompare(b.id);
+}
+function uniqueLowercase(values) {
+    return [...new Set(values.filter(Boolean).map((value) => value.toLowerCase()))];
+}