@bridge_gpt/mcp-server 0.2.2 → 0.2.3

package/build/conductor/epic-runtime.js

@@ -0,0 +1,611 @@
+/**
+ * Epic Supervisor stateless reconciliation tick (BAPI-408).
+ *
+ * `conductor epic-tick --epic-key <key>` runs one stateless pass:
+ *   1. Claim the epic supervision lease (single-writer guard)
+ *   2. Drift check (log if fired materially late)
+ *   3. Rebuild observed state from Postgres + local ledger
+ *   4. Assert plan integrity (fail-closed on hash mismatch)
+ *   5. Reconcile observed→desired (deterministic, no LLM on ordering)
+ *   6. Budget / dead-state check
+ *   7. Persist, release lease, exit
+ *
+ * Crash/sleep is the expected path: every mutation is an idempotent CAS/lease
+ * op so the next wakeup re-derives and continues.
+ *
+ * This module opens NO Postgres connection and holds NO VCS write credentials.
+ * All durable mutations go through the injectable seams that call the sibling
+ * Epic Run TS client (already available in bridge-api-client.ts as of BAPI-407).
+ */
+import { resolveConductorBridgeApiAccess, claimEpicSupervisionLease, fetchEpicRunState, advanceEpicTicketStatus, createEpicTicketStatus, recordEpicDispatch, transitionEpicDispatch, fetchParseStatus, triggerRepositoryParse, getEpicPlan, buildEpicDispatchKey, } from "./bridge-api-client.js";
+import { processGateMetMerge } from "./supervisor-merge.js";
+import { rebuildObservedState, } from "./epic-state.js";
+import { reconcileEpic } from "./epic-reconcile.js";
+import { hashPlan } from "./plan.js";
+import { pollConductorEvents } from "./store.js";
+import { dispatchSupervisorNotification } from "./supervisor-notification.js";
+import { makeSupervisorIdempotencyKey } from "./supervisor-ledger.js";
+import { createDefaultStartTicketsDeps, orchestrateStartTickets } from "../start-tickets.js";
+import { orchestrateReviewTickets } from "../review-tickets.js";
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+const DEFAULT_LEASE_TTL_SECONDS = 120;
+const DEFAULT_MAX_DRIFT_MS = 30_000;
+const DEFAULT_DISPATCH_KEY_TTL_SECONDS = 300; // independent of supervision lease TTL
+const ACTIVE_WORKER_STATUSES = new Set(["dispatched", "running"]);
+/**
+ * Module-level transient map keyed by `"${epicKey}:${ticketKey}"`. Cleared on
+ * parse completion or budget exhaustion. Process-restart safe: re-derived from
+ * the parse lock status on the next tick.
+ */
+const parseWaitStateMap = new Map();
+function defaultLeaseOwner() {
+    return `epic-tick-${process.pid}`;
+}
+async function defaultEscalateOnce(epicKey, reason) {
+    process.stderr.write(`[epic-tick] ESCALATION epic=${epicKey} reason=${reason}\n`);
+}
+async function defaultDispatchSeam(_epicKey, ticketKey) {
+    throw new Error(`dispatch seam not wired for ticket ${ticketKey}`);
+}
+async function defaultPostActionWaitSeam(_epicKey, _ticketKey) {
+    // no-op: parse-after-merge wait is a sibling ticket's concern
+}
+// ---------------------------------------------------------------------------
+// runEpicTick
+// ---------------------------------------------------------------------------
+/**
+ * Execute one stateless reconciliation pass for an Epic. Claims the lease,
+ * rebuilds observed state, asserts plan integrity, reconciles, and exits.
+ * Returns a structured result with a process exit code.
+ *
+ * Offline / fail-closed: if Bridge API credentials or the backend are
+ * unreachable, the tick takes NO privileged action, logs a sanitized
+ * diagnostic, and returns exit code 0 (observer mode).
+ */
+export async function runEpicTick(options, deps = {}) {
+    const { epic_key, scheduled_at, lease_owner = defaultLeaseOwner(), lease_ttl_seconds = DEFAULT_LEASE_TTL_SECONDS, max_drift_ms = DEFAULT_MAX_DRIFT_MS, } = options;
+    const nowFn = deps.now ?? (() => Date.now());
+    const log = deps.log ?? ((msg) => console.log(msg));
+    const errorLog = deps.errorLog ?? ((msg) => process.stderr.write(`${msg}\n`));
+    const escalateOnce = deps.escalateOnce ?? defaultEscalateOnce;
+    const dispatchSeam = deps.dispatchSeam ?? defaultDispatchSeam;
+    const processMergeFn = deps.processMerge ?? processGateMetMerge;
+    const postActionWaitSeam = deps.postActionWaitSeam ?? defaultPostActionWaitSeam;
+    const fetchLocalEvents = deps.fetchLocalEvents ?? ((_key) => []);
+    const resolveBridgeAccess = deps.resolveBridgeAccess ?? resolveConductorBridgeApiAccess;
+    const claimLeaseFn = deps.claimLease ?? claimEpicSupervisionLease;
+    const fetchEpicStateFn = deps.fetchEpicState ?? fetchEpicRunState;
+    const releaseLease = deps.releaseLease;
+    const startMs = nowFn();
+    // ---------------------------------------------------------------------------
+    // Step 0: Resolve Bridge API access (offline / fail-closed guard)
+    // ---------------------------------------------------------------------------
+    let access;
+    try {
+        const accessResult = await resolveBridgeAccess();
+        if (!accessResult.ok) {
+            errorLog(`[epic-tick] observe-only: bridge access unavailable for epic=${epic_key}: ${accessResult.kind}`);
+            return {
+                run_id: epic_key,
+                status: "complete",
+                exit_code: 0,
+                reason: "offline: bridge access unavailable",
+                last_seq: -1,
+                worker_count: 0,
+            };
+        }
+        access = accessResult.access;
+    }
+    catch (err) {
+        const safeMsg = err instanceof Error ? err.constructor.name : "init error";
+        errorLog(`[epic-tick] observe-only: bridge access resolution failed (${safeMsg}) for epic=${epic_key}`);
+        return {
+            run_id: epic_key,
+            status: "complete",
+            exit_code: 0,
+            reason: "offline: bridge access resolution failed",
+            last_seq: -1,
+            worker_count: 0,
+        };
+    }
+    // ---------------------------------------------------------------------------
+    // Step 1: Claim the epic supervision lease (single-writer guard)
+    // ---------------------------------------------------------------------------
+    let leaseAcquired = false;
+    try {
+        const leaseResult = await claimLeaseFn(access, {
+            epicKey: epic_key,
+            leaseOwner: lease_owner,
+            ttlSeconds: lease_ttl_seconds,
+        });
+        if (!leaseResult.ok) {
+            if (leaseResult.kind === "terminal") {
+                log(`[epic-tick] epic=${epic_key} is terminal (${leaseResult.row.status}); nothing to do`);
+                return {
+                    run_id: epic_key,
+                    status: "complete",
+                    exit_code: 0,
+                    reason: `observer: epic is terminal (${leaseResult.row.status})`,
+                    last_seq: -1,
+                    worker_count: 0,
+                };
+            }
+            // held-by-other
+            log(`[epic-tick] lease held by another worker for epic=${epic_key}; exiting as observer`);
+            return {
+                run_id: epic_key,
+                status: "complete",
+                exit_code: 0,
+                reason: "observer: lease held by another worker",
+                last_seq: -1,
+                worker_count: 0,
+            };
+        }
+        leaseAcquired = true;
+    }
+    catch (err) {
+        const safeMsg = err instanceof Error ? err.constructor.name : "lease error";
+        errorLog(`[epic-tick] observe-only: lease claim failed (${safeMsg}) for epic=${epic_key}`);
+        return {
+            run_id: epic_key,
+            status: "complete",
+            exit_code: 0,
+            reason: "offline: lease claim failed",
+            last_seq: -1,
+            worker_count: 0,
+        };
+    }
+    // ---------------------------------------------------------------------------
+    // Steps 2-6: Main reconcile body (lease is held)
+    // ---------------------------------------------------------------------------
+    let exitCode = 0;
+    let reason = "reconcile complete";
+    let workerCount = 0;
+    try {
+        // Step 2: Drift check
+        if (scheduled_at !== undefined) {
+            const driftMs = startMs - scheduled_at;
+            if (driftMs > max_drift_ms) {
+                log(`[epic-tick] drift warning: epic=${epic_key} fired ${driftMs}ms late (threshold=${max_drift_ms}ms)`);
+            }
+        }
+        // Step 3: Rebuild observed state
+        let epicRunState;
+        try {
+            epicRunState = await fetchEpicStateFn(access, epic_key);
+        }
+        catch (err) {
+            const safeMsg = err instanceof Error ? err.constructor.name : "fetch error";
+            errorLog(`[epic-tick] state fetch failed (${safeMsg}) for epic=${epic_key}`);
+            exitCode = 1;
+            reason = "state fetch failed";
+            return {
+                run_id: epic_key,
+                status: "failed",
+                exit_code: exitCode,
+                reason,
+                last_seq: -1,
+                worker_count: 0,
+            };
+        }
+        const localEvents = fetchLocalEvents(epic_key);
+        const observed = rebuildObservedState(epicRunState, localEvents, nowFn());
+        workerCount = [...observed.ticket_statuses.values()].filter((s) => ACTIVE_WORKER_STATUSES.has(s)).length;
+        // Step 3.5: Run post-action waits (parse-after-merge)
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const pamConfig = epicRunState.epic_run.policy_json
+            ?.post_action_waits
+            ?.parse_after_merge;
+        const isParseWaitEnabled = pamConfig?.enabled === true;
+        if (isParseWaitEnabled) {
+            const maxWaitMs = typeof pamConfig?.max_wait_ms === "number" ? pamConfig.max_wait_ms : 10 * 60 * 1000;
+            const settleMs = 5000;
+            const fetchParseStatusFn = deps.fetchParseStatus ?? fetchParseStatus;
+            const triggerParseFn = deps.triggerParse ?? triggerRepositoryParse;
+            for (let i = 0; i < observed.unfolded_terminal_signals.length; i++) {
+                const signal = observed.unfolded_terminal_signals[i];
+                if (signal.signal_type !== "merge.succeeded")
+                    continue;
+                const ticketKey = signal.ticket_key;
+                const stateKey = `${epic_key}:${ticketKey}`;
+                let pState = parseWaitStateMap.get(stateKey);
+                if (!pState) {
+                    pState = {};
+                    parseWaitStateMap.set(stateKey, pState);
+                }
+                const revertSignal = () => {
+                    const origStatus = epicRunState.ticket_statuses.find((ts) => ts.ticket_key === ticketKey)?.status ??
+                        "running";
+                    observed.ticket_statuses.set(ticketKey, origStatus);
+                    observed.unfolded_terminal_signals.splice(i, 1);
+                    i -= 1;
+                };
+                const elapsedMs = nowFn() - new Date(signal.event.time).getTime();
+                // Budget exhaustion: escalate once, then permanently block
+                if (elapsedMs > maxWaitMs) {
+                    if (!pState.escalated) {
+                        await escalateOnce(epic_key, `parse-after-merge budget exhausted for ${ticketKey}`);
+                        pState.escalated = true;
+                        signal.next_status = "blocked";
+                        observed.ticket_statuses.set(ticketKey, "blocked");
+                        // Let the signal remain so the reconcile pass CASes once to blocked
+                        continue;
+                    }
+                    else {
+                        // Already escalated: map to blocked and skip redundant CAS
+                        observed.ticket_statuses.set(ticketKey, "blocked");
+                        parseWaitStateMap.delete(stateKey);
+                        observed.unfolded_terminal_signals.splice(i, 1);
+                        i -= 1;
+                        continue;
+                    }
+                }
+                // Poll the parse lock
+                let parseStatusResult;
+                try {
+                    parseStatusResult = await fetchParseStatusFn(access);
+                }
+                catch (err) {
+                    const safeMsg = err instanceof Error ? err.constructor.name : "fetch error";
+                    errorLog(`[epic-tick] parse-status check failed (${safeMsg}) for ${ticketKey}; will retry next tick`);
+                    revertSignal();
+                    continue;
+                }
+                if (parseStatusResult.status === "in_progress") {
+                    pState.seenInProgress = true;
+                    revertSignal();
+                    continue;
+                }
+                // status === "idle" — evaluate race guard and completion
+                if (pState.seenInProgress) {
+                    // Previously observed in_progress: the parse finished normally
+                    parseWaitStateMap.delete(stateKey);
+                    continue; // let the signal proceed to CAS → done
+                }
+                if (pState.triggeredAt !== undefined) {
+                    const msSinceTrigger = nowFn() - pState.triggeredAt;
+                    if (msSinceTrigger < settleMs) {
+                        // Idle observed before the async job acquired its lock (race window)
+                        revertSignal();
+                        continue;
+                    }
+                    // Settle window elapsed without in_progress: treat as instantaneous completion
+                    parseWaitStateMap.delete(stateKey);
+                    continue; // let the signal proceed to CAS → done
+                }
+                // No trigger yet — fire it now
+                try {
+                    await triggerParseFn(access);
+                    pState.triggeredAt = nowFn();
+                    log(`[epic-tick] triggered parse-after-merge for ${ticketKey} in epic=${epic_key}`);
+                }
+                catch (err) {
+                    const safeMsg = err instanceof Error ? err.constructor.name : "trigger error";
+                    errorLog(`[epic-tick] parse trigger failed (${safeMsg}) for ${ticketKey}; will retry next tick`);
+                }
+                revertSignal();
+            }
+        }
+        // Step 4: Fetch + assert plan integrity (only if fetchPlan injected)
+        const fetchPlanFn = deps.fetchPlan;
+        let plan = null;
+        if (fetchPlanFn !== undefined) {
+            try {
+                plan = await fetchPlanFn(epic_key, access);
+            }
+            catch (err) {
+                const safeMsg = err instanceof Error ? err.constructor.name : "plan fetch error";
+                errorLog(`[epic-tick] plan fetch failed (${safeMsg}) for epic=${epic_key}; fail-closed`);
+                await escalateOnce(epic_key, "plan-unavailable");
+                exitCode = 1;
+                reason = "plan unavailable";
+                return {
+                    run_id: epic_key,
+                    status: "failed",
+                    exit_code: exitCode,
+                    reason,
+                    last_seq: -1,
+                    worker_count: workerCount,
+                };
+            }
+            if (plan !== null) {
+                const approvedHash = epicRunState.epic_run.approved_plan_hash;
+                if (approvedHash !== null && approvedHash !== plan.plan_hash) {
+                    errorLog(`[epic-tick] plan hash mismatch for epic=${epic_key}; fail-closed (no dispatch, no merge)`);
+                    await escalateOnce(epic_key, "plan-hash-mismatch");
+                    exitCode = 1;
+                    reason = "plan hash mismatch";
+                    return {
+                        run_id: epic_key,
+                        status: "failed",
+                        exit_code: exitCode,
+                        reason,
+                        last_seq: -1,
+                        worker_count: workerCount,
+                    };
+                }
+            }
+        }
+        // Step 5: Reconcile observed→desired
+        if (plan !== null) {
+            const reconcileDeps = {
+                casTicketStatus: async (ek, tk, rowVersion, nextStatus, planVersion) => advanceEpicTicketStatus(access, {
+                    epicKey: ek,
+                    ticketKey: tk,
+                    expectedRowVersion: rowVersion,
+                    nextStatus,
+                    planVersion,
+                }),
+                seedTicketStatus: async (ek, tk, planVersion) => {
+                    await createEpicTicketStatus(access, {
+                        epicKey: ek,
+                        ticketKey: tk,
+                        status: "planned",
+                        planVersion,
+                    });
+                },
+                claimDispatchKey: async (ek, tk, planVersion) => recordEpicDispatch(access, {
+                    epicKey: ek,
+                    ticketKey: tk,
+                    planVersion,
+                    leaseOwner: lease_owner,
+                    ttlSeconds: DEFAULT_DISPATCH_KEY_TTL_SECONDS,
+                }),
+                correlateRunId: async (dispatchKey, runId) => {
+                    await transitionEpicDispatch(access, {
+                        dispatchKey,
+                        nextStatus: "run_spawned",
+                        runId,
+                    });
+                },
+                dispatchSeam: async (ek, tk) => dispatchSeam(ek, tk),
+                processMerge: async (acc, event) => processMergeFn(acc, event),
+                postActionWaitSeam: async (ek, tk) => postActionWaitSeam(ek, tk),
+                escalateOnce: async (ek, reason) => escalateOnce(ek, reason),
+                log,
+            };
+            const reconcileResult = await reconcileEpic(access, observed, plan, reconcileDeps);
+            log(`[epic-tick] reconcile done: epic=${epic_key} ` +
+                `signals=${reconcileResult.signals_folded} ` +
+                `dispatched=${reconcileResult.dispatched} ` +
+                `merges=${reconcileResult.merges_actioned}`);
+            for (const w of reconcileResult.warnings) {
+                errorLog(`[epic-tick] warning: ${w}`);
+            }
+        }
+        else {
+            log(`[epic-tick] no plan available for epic=${epic_key}; skipping dispatch and merge steps`);
+        }
+        // Step 6: Budget / dead-state check
+        const epicRun = epicRunState.epic_run;
+        if (epicRun.budget_wall_clock_seconds !== null &&
+            epicRun.consumed_wall_clock_seconds !== null) {
+            const elapsedMs = nowFn() - startMs;
+            const consumedTotalMs = epicRun.consumed_wall_clock_seconds * 1000 + elapsedMs;
+            if (consumedTotalMs > epicRun.budget_wall_clock_seconds * 1000) {
+                errorLog(`[epic-tick] wall-clock budget exhausted for epic=${epic_key}`);
+                await escalateOnce(epic_key, "budget-exhausted");
+                exitCode = 1;
+                reason = "budget exhausted";
+            }
+        }
+        return {
+            run_id: epic_key,
+            status: exitCode === 0 ? "complete" : "failed",
+            exit_code: exitCode,
+            reason,
+            last_seq: -1,
+            worker_count: workerCount,
+        };
+    }
+    catch (err) {
+        const safeMsg = err instanceof Error ? err.constructor.name : "runtime error";
+        errorLog(`[epic-tick] unexpected error (${safeMsg}) for epic=${epic_key}`);
+        exitCode = 2;
+        reason = "unexpected runtime error";
+        return {
+            run_id: epic_key,
+            status: "failed",
+            exit_code: exitCode,
+            reason,
+            last_seq: -1,
+            worker_count: workerCount,
+        };
+    }
+    finally {
+        // Step 7: Release the lease unconditionally
+        if (leaseAcquired) {
+            if (releaseLease !== undefined) {
+                try {
+                    await releaseLease(epic_key);
+                    log(`[epic-tick] lease released for epic=${epic_key}`);
+                }
+                catch {
+                    // Best-effort; TTL expiry is the fallback
+                }
+            }
+            else {
+                log(`[epic-tick] lease will expire via TTL for epic=${epic_key}`);
+            }
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// Production EpicRuntimeDeps factory
+// ---------------------------------------------------------------------------
+/**
+ * Build the production EpicRuntimeDeps for use inside `runEpicTickCommand`.
+ *
+ * Fail-open: if Bridge API access is unresolvable, returns an empty `{}`
+ * object so `runEpicTick` falls back to its observe-only defaults (exit 0).
+ * Never throws out of this factory.
+ */
+export async function buildProductionEpicRuntimeDeps(epicKey) {
+    let access;
+    try {
+        const accessResult = await resolveConductorBridgeApiAccess();
+        if (!accessResult.ok) {
+            process.stderr.write(`[epic-tick] factory: observe-only — bridge access unavailable (${accessResult.kind})\n`);
+            return {};
+        }
+        access = accessResult.access;
+    }
+    catch {
+        process.stderr.write(`[epic-tick] factory: observe-only — bridge access resolution failed\n`);
+        return {};
+    }
+    // Shared closure state populated by fetchPlan and consumed by dispatchSeam.
+    let cachedPlanVersion = 0;
+    const automationMap = new Map();
+    const fetchPlan = async (ek, acc) => {
+        let response;
+        try {
+            response = await getEpicPlan(acc, ek, "approved");
+        }
+        catch (err) {
+            // 404 / no approved plan → null (no-plan mode); other errors bubble up
+            // so the fail-closed plan-unavailable path in runEpicTick fires.
+            const status = err.status;
+            if (status === 404)
+                return null;
+            throw err;
+        }
+        if (!response || !response.plan_blob)
+            return null;
+        const dag = response.plan_blob;
+        cachedPlanVersion = response.plan_version;
+        // Populate the automation map for the dispatch seam.
+        for (const node of dag.nodes) {
+            const kind = node.automations?.[0]?.kind;
+            if (kind) {
+                automationMap.set(node.ticket_key.trim(), kind);
+            }
+        }
+        // Map DAG nodes to EpicTicketNode (drop automations/status/edges).
+        const tickets = dag.nodes.map((n) => ({
+            ticket_key: n.ticket_key.trim(),
+            depends_on: (n.depends_on ?? []).map((k) => k.trim()),
+        }));
+        // Recompute the hash locally — do NOT trust the server-returned plan_hash.
+        // This makes the integrity gate fail-closed: a tampered or drifted blob
+        // will hash differently than approved_plan_hash and halt the tick.
+        const planHash = hashPlan(dag);
+        return { plan_hash: planHash, plan_version: response.plan_version, tickets };
+    };
+    const dispatchSeam = async (ek, tk) => {
+        // Guard: fetchPlan must run before dispatchSeam so cachedPlanVersion and
+        // automationMap are populated. A zero version means the factory seam was
+        // wired but fetchPlan was never called — fail explicitly rather than silently
+        // creating a dispatch key with version 0.
+        if (cachedPlanVersion === 0) {
+            throw new Error(`dispatchSeam called before fetchPlan for epic ${ek} ticket ${tk}; cachedPlanVersion is 0`);
+        }
+        const kind = automationMap.get(tk) ?? "start-tickets";
+        const identity = {
+            epic_key: ek,
+            epic_run_id: ek,
+            plan_version: cachedPlanVersion,
+            dispatch_key: buildEpicDispatchKey(ek, tk, cachedPlanVersion),
+        };
+        const deps = createDefaultStartTicketsDeps();
+        let runId;
+        if (kind === "review-tickets") {
+            const result = await orchestrateReviewTickets(deps, {
+                keys: [tk],
+                epic: identity,
+                agentName: "claude",
+                dryRun: false,
+                maxParallel: 1,
+                auto: true,
+                reviewOverrides: {},
+            });
+            if (!result.ok) {
+                throw new Error(`review-tickets dispatch failed: ${result.error}`);
+            }
+            runId = result.rows[0]?.runId;
+        }
+        else {
+            const result = await orchestrateStartTickets(deps, {
+                keys: [tk],
+                epic: identity,
+                agentName: "claude",
+                dryRun: false,
+                autoApprove: true,
+                maxParallel: 1,
+                refreshMain: false,
+                branchOverrides: {},
+                baseBranch: "main",
+            });
+            if (!result.ok) {
+                throw new Error(`start-tickets dispatch failed: ${result.error}`);
+            }
+            runId = result.rows[0]?.runId;
+        }
+        if (!runId) {
+            throw new Error(`dispatch returned no runId for ticket ${tk}`);
+        }
+        return runId;
+    };
+    const fetchLocalEvents = (_ek) => {
+        // Workers and the epic-tick process share the same local SQLite ledger
+        // (~/.config/bridge/events.db). pollConductorEvents opens it read-only.
+        const result = pollConductorEvents({ data_mode: "full" });
+        return result.events;
+    };
+    const escalateOnce = async (ek, reason) => {
+        const candidate = {
+            reason,
+            kind: "escalation",
+            worker_id: null,
+            state: null,
+            liveness: null,
+            elapsed_ms: 0,
+            ambiguous: false,
+            context: {},
+        };
+        // Attempt to extract a ticket key from structured reason strings like
+        // "dispatch-orphan:TICKET-123".
+        const ticketMatch = /^dispatch-orphan:(.+)$/.exec(reason);
+        if (ticketMatch) {
+            candidate.worker_id = ticketMatch[1];
+            candidate.context = { ticket_key: ticketMatch[1] };
+        }
+        const assessment = {
+            classification: "stuck",
+            confidence: 1,
+            should_escalate: true,
+            reason,
+            draft_escalation_text: null,
+            source: "degraded",
+        };
+        const idempotencyKey = makeSupervisorIdempotencyKey({
+            run_id: ek,
+            worker_id: candidate.worker_id,
+            reason,
+            kind: "escalation",
+            cooldown_window: "epic-escalation",
+        });
+        await dispatchSupervisorNotification(ek, candidate, assessment, idempotencyKey);
+    };
+    // postActionWaitSeam: the inline parse-after-merge path in runEpicTick
+    // (epic-runtime.ts Step 3.5) is the authoritative execution path when
+    // post_action_waits.parse_after_merge.enabled is true. The postActionWaitSeam
+    // in reconcile is a scheduling hook for a separate async wait; wiring it to
+    // a real action here would cause double-running. Leave it as a no-op.
+    const postActionWaitSeam = async (_ek, _tk) => { };
+    void epicKey; // epicKey reserved for future factory-level per-epic setup
+    // Note: `access` is not closed over by the returned seams — fetchPlan receives
+    // credentials as a parameter from runEpicTick's resolver, and dispatchSeam
+    // calls createDefaultStartTicketsDeps() which resolves credentials independently.
+    // The variable exists only to satisfy the availability guard above.
+    void access;
+    return {
+        fetchPlan,
+        dispatchSeam,
+        fetchLocalEvents,
+        escalateOnce,
+        postActionWaitSeam,
+    };
+}