@canonmsg/core 0.5.0 → 0.7.0

package/dist/base-url.d.ts

@@ -0,0 +1 @@
+export declare function resolveCanonBaseUrl(input?: string | null): string;

package/dist/base-url.js

@@ -0,0 +1,9 @@
+import { DEFAULT_BASE_URL } from './constants.js';
+export function resolveCanonBaseUrl(input) {
+    if (typeof input !== 'string')
+        return DEFAULT_BASE_URL;
+    const trimmed = input.trim();
+    if (!trimmed)
+        return DEFAULT_BASE_URL;
+    return trimmed.replace(/\/+$/, '');
+}

package/dist/browser.d.ts

@@ -1,5 +1,7 @@
 export { AGENT_CAPABILITIES, } from './types.js';
 export type { AgentCapabilities, AgentClientType, AgentRuntime, MediaAttachment, MediaAttachmentKind, ModelOption, SessionConfig, WorkspaceOption, } from './types.js';
+export type { CanonResolvedWorkSession, CanonWorkSession, CanonWorkSessionContext, CanonWorkSessionConversationRole, CanonWorkSessionDisclosureMode, CanonWorkSessionParticipant, CanonWorkSessionStatus, CreateWorkSessionOptions, SendLinkedMessageOptions, SendLinkedMessageResult, UpdateWorkSessionConversationOptions, WorkSessionPromptRenderOptions, } from './work-session.js';
+export { buildWorkSessionPromptLines, buildWorkSessionsPromptLines, mergeWorkSessionContexts, } from './work-session.js';
 export type { AgentBehaviorSettings, ParticipationHistoryMessage, ParticipationHistorySnapshot, ParticipationStyle, ResolvedAgentBehaviorPolicy, } from './policy.js';
 export { buildParticipationHistorySnapshot, buildParticipationHistorySnapshots, buildBehaviorPolicyLines, DEFAULT_PARTICIPATION_HISTORY_FETCH_LIMIT, evaluateParticipationPolicy, getDefaultParticipationPolicy, resolveAgentBehaviorPolicy, } from './policy.js';
 export { DEFAULT_RUNTIME_CAPABILITIES, FINAL_MESSAGE_HANDOFF_MS, isTurnOpen, normalizeTurnMetadata, normalizeTurnState, resolveTurnMessageSemantics, shouldPromoteConversationMessage, shouldTriggerAgentTurn, } from './turn-protocol.js';

package/dist/browser.js

@@ -1,3 +1,4 @@
 export { AGENT_CAPABILITIES, } from './types.js';
+export { buildWorkSessionPromptLines, buildWorkSessionsPromptLines, mergeWorkSessionContexts, } from './work-session.js';
 export { buildParticipationHistorySnapshot, buildParticipationHistorySnapshots, buildBehaviorPolicyLines, DEFAULT_PARTICIPATION_HISTORY_FETCH_LIMIT, evaluateParticipationPolicy, getDefaultParticipationPolicy, resolveAgentBehaviorPolicy, } from './policy.js';
 export { DEFAULT_RUNTIME_CAPABILITIES, FINAL_MESSAGE_HANDOFF_MS, isTurnOpen, normalizeTurnMetadata, normalizeTurnState, resolveTurnMessageSemantics, shouldPromoteConversationMessage, shouldTriggerAgentTurn, } from './turn-protocol.js';

package/dist/client.d.ts

@@ -1,4 +1,5 @@
 import { type CanonMessage, type CanonConversation, type CanonMessagesPage, type AgentContext, type MediaAttachment, type SendMessageOptions, type CreateConversationOptions, type RegistrationStatus, type SetStreamingOptions } from './types.js';
+import type { CanonResolvedWorkSession, CreateWorkSessionOptions, SendLinkedMessageOptions, SendLinkedMessageResult, UpdateWorkSessionConversationOptions } from './work-session.js';
 import type { InboundDisposition } from './turn-protocol.js';
 /**
  * Thin REST client for Canon's agent API.
@@ -21,6 +22,10 @@ export declare class CanonClient {
     sendMessage(conversationId: string, text: string, options?: SendMessageOptions): Promise<{
         messageId: string;
     }>;
+    createWorkSession(options: CreateWorkSessionOptions): Promise<CanonResolvedWorkSession>;
+    getWorkSession(workSessionId: string, conversationId: string): Promise<CanonResolvedWorkSession>;
+    upsertWorkSessionConversation(workSessionId: string, conversationId: string, options?: UpdateWorkSessionConversationOptions): Promise<CanonResolvedWorkSession>;
+    sendLinkedMessage(options: SendLinkedMessageOptions): Promise<SendLinkedMessageResult>;
     createConversation(options: CreateConversationOptions): Promise<{
         conversationId: string;
     }>;

package/dist/client.js

@@ -73,6 +73,54 @@ export class CanonClient {
             throw new CanonApiError(res.status, await res.text());
         return res.json();
     }
+    async createWorkSession(options) {
+        const res = await fetch(`${this.baseUrl}/work-sessions`, {
+            method: 'POST',
+            headers: this.authHeaders(),
+            body: JSON.stringify(options),
+        });
+        if (!res.ok)
+            throw new CanonApiError(res.status, await res.text());
+        return res.json();
+    }
+    async getWorkSession(workSessionId, conversationId) {
+        const params = new URLSearchParams({ conversationId });
+        const res = await fetch(`${this.baseUrl}/work-sessions/${workSessionId}?${params}`, { headers: this.authHeaders() });
+        if (!res.ok)
+            throw new CanonApiError(res.status, await res.text());
+        return res.json();
+    }
+    async upsertWorkSessionConversation(workSessionId, conversationId, options) {
+        const res = await fetch(`${this.baseUrl}/work-sessions/${workSessionId}/conversations/${conversationId}`, {
+            method: 'PUT',
+            headers: this.authHeaders(),
+            body: JSON.stringify(options ?? {}),
+        });
+        if (!res.ok)
+            throw new CanonApiError(res.status, await res.text());
+        return res.json();
+    }
+    async sendLinkedMessage(options) {
+        const res = await fetch(`${this.baseUrl}/messages/send-linked`, {
+            method: 'POST',
+            headers: this.authHeaders(),
+            body: JSON.stringify({
+                sourceConversationId: options.sourceConversationId,
+                targetConversationId: options.targetConversationId,
+                text: options.text,
+                ...(options.workSessionId ? { workSessionId: options.workSessionId } : {}),
+                ...(options.createWorkSession
+                    ? { createWorkSession: options.createWorkSession }
+                    : {}),
+                ...(options.sourceContext ? { sourceContext: options.sourceContext } : {}),
+                ...(options.targetContext ? { targetContext: options.targetContext } : {}),
+                ...(options.messageOptions ? { messageOptions: options.messageOptions } : {}),
+            }),
+        });
+        if (!res.ok)
+            throw new CanonApiError(res.status, await res.text());
+        return res.json();
+    }
     async createConversation(options) {
         const res = await fetch(`${this.baseUrl}/conversations/create`, {
             method: 'POST',

package/dist/execution-environment.d.ts

@@ -23,8 +23,8 @@ export interface ConfiguredWorkspaceOption extends WorkspaceResolverOption {
 }
 export interface SessionWorkspaceConfig {
     workspaceId?: string;
-    legacyCwd?: string;
     model?: string;
+    retiredWorkspaceConfig?: boolean;
 }
 export declare function normalizeOptionalString(value: unknown): string | undefined;
 export declare function isEnabledFlag(value: unknown): boolean;
@@ -37,7 +37,7 @@ export declare function resolveConfiguredWorkspaceCwd(input: {
     workspaceOptions: WorkspaceResolverOption[];
     config: {
         workspaceId?: string;
-        legacyCwd?: string;
+        retiredWorkspaceConfig?: boolean;
     } | null;
     defaultCwd: string;
 }): string;

package/dist/execution-environment.js

@@ -153,48 +153,43 @@ export function buildConfiguredWorkspaceOptions(primaryCwd, configured) {
 export function buildPublicWorkspaceOptions(workspaceOptions) {
     return workspaceOptions.map(({ id, label }) => ({ id, label }));
 }
+function isRetiredWorkspaceId(value) {
+    if (!value)
+        return false;
+    return value === 'default' || /^workspace-\d+$/.test(value);
+}
 export function readSessionWorkspaceConfig(raw) {
     if (!raw || typeof raw !== 'object')
         return null;
     const data = raw;
+    const rawWorkspaceId = normalizeOptionalString(data.workspaceId);
+    const stableWorkspaceId = rawWorkspaceId && !isRetiredWorkspaceId(rawWorkspaceId)
+        ? rawWorkspaceId
+        : undefined;
+    const hasRetiredWorkspaceReference = (normalizeOptionalString(data.cwd) !== undefined
+        || isRetiredWorkspaceId(rawWorkspaceId));
     return {
-        workspaceId: normalizeOptionalString(data.workspaceId),
-        legacyCwd: normalizeOptionalString(data.cwd),
+        workspaceId: stableWorkspaceId,
         model: normalizeOptionalString(data.model),
+        ...(!stableWorkspaceId && hasRetiredWorkspaceReference
+            ? { retiredWorkspaceConfig: true }
+            : {}),
     };
 }
-function findWorkspaceByLegacyCwd(workspaceOptions, legacyCwd) {
-    if (!legacyCwd)
-        return undefined;
-    const resolvedLegacyCwd = resolve(legacyCwd);
-    return workspaceOptions.find((workspace) => resolve(workspace.cwd) === resolvedLegacyCwd);
-}
 export function resolveConfiguredWorkspaceCwd(input) {
     const fallbackCwd = input.workspaceOptions[0]?.cwd ?? resolve(input.defaultCwd);
     if (!input.config)
         return fallbackCwd;
-    const legacyWorkspace = findWorkspaceByLegacyCwd(input.workspaceOptions, input.config.legacyCwd);
+    if (input.config.retiredWorkspaceConfig) {
+        throw new ExecutionEnvironmentError('Session config still references a retired workspace format.', 'This Canon coding session was saved with a retired workspace format. Recreate the session or select a current workspace.');
+    }
     const workspaceId = input.config.workspaceId;
     if (workspaceId) {
         const workspace = input.workspaceOptions.find((option) => option.id === workspaceId);
         if (workspace)
             return workspace.cwd;
-        if (workspaceId === 'default') {
-            return fallbackCwd;
-        }
-        const legacyWorkspaceMatch = /^workspace-(\d+)$/.exec(workspaceId);
-        if (legacyWorkspaceMatch) {
-            const legacyIndex = Number.parseInt(legacyWorkspaceMatch[1] ?? '', 10) - 1;
-            if (legacyIndex >= 0 && input.workspaceOptions[legacyIndex]) {
-                return input.workspaceOptions[legacyIndex].cwd;
-            }
-        }
-        if (legacyWorkspace)
-            return legacyWorkspace.cwd;
         throw new ExecutionEnvironmentError(`Workspace ${workspaceId} is not configured on this machine.`, 'The workspace saved for this Canon coding session is no longer configured on this machine.');
     }
-    if (legacyWorkspace)
-        return legacyWorkspace.cwd;
     return fallbackCwd;
 }
 export function buildConversationWorktreeSpec(input) {

package/dist/index.d.ts

@@ -1,5 +1,7 @@
 export { AGENT_CAPABILITIES, } from './types.js';
 export type { AgentCapabilities, AgentClientType, CanonMessage, CanonConversation, CanonMessagesPage, AgentContext, MediaAttachment, MediaAttachmentKind, MessageCreatedPayload, TypingPayload, PresencePayload, SendMessageOptions, CreateConversationOptions, RegistrationInput, RegistrationResult, RegistrationStatus, StreamingStatus, SetStreamingOptions, SessionControl, SessionState, SessionConfig, AgentRuntime, ModelOption, WorkspaceOption, } from './types.js';
+export type { CanonResolvedWorkSession, CanonWorkSession, CanonWorkSessionContext, CanonWorkSessionConversationRole, CreateWorkSessionOptions, CanonWorkSessionDisclosureMode, CanonWorkSessionParticipant, CanonWorkSessionStatus, SendLinkedMessageOptions, SendLinkedMessageResult, UpdateWorkSessionConversationOptions, WorkSessionPromptRenderOptions, } from './work-session.js';
+export { buildWorkSessionPromptLines, buildWorkSessionsPromptLines, mergeWorkSessionContexts, } from './work-session.js';
 export { CanonClient, CanonApiError } from './client.js';
 export { CanonStream } from './stream.js';
 export type { StreamHandler } from './stream.js';
@@ -23,3 +25,4 @@ export type { ConfiguredWorkspaceOption, ExecutionEnvironmentMode, PreparedExecu
 export { initRTDBAuth, rtdbWrite, rtdbRead, writeSessionState, clearSessionState, writeTurnState, clearTurnState, } from './rtdb-rest.js';
 export type { SessionStatePayload, TurnStatePayload } from './rtdb-rest.js';
 export { DEFAULT_BASE_URL, DEFAULT_STREAM_URL, DEFAULT_RTDB_URL, FIREBASE_WEB_API_KEY } from './constants.js';
+export { resolveCanonBaseUrl } from './base-url.js';

package/dist/index.js

@@ -1,5 +1,6 @@
 // Types
 export { AGENT_CAPABILITIES, } from './types.js';
+export { buildWorkSessionPromptLines, buildWorkSessionsPromptLines, mergeWorkSessionContexts, } from './work-session.js';
 // Client
 export { CanonClient, CanonApiError } from './client.js';
 // Stream
@@ -25,3 +26,5 @@ export { buildConfiguredWorkspaceOptions, buildConversationEnvironmentKey, build
 export { initRTDBAuth, rtdbWrite, rtdbRead, writeSessionState, clearSessionState, writeTurnState, clearTurnState, } from './rtdb-rest.js';
 // Constants
 export { DEFAULT_BASE_URL, DEFAULT_STREAM_URL, DEFAULT_RTDB_URL, FIREBASE_WEB_API_KEY } from './constants.js';
+// Base URL resolver
+export { resolveCanonBaseUrl } from './base-url.js';

package/dist/rtdb-rest.d.ts

@@ -50,8 +50,25 @@ export interface TurnStatePayload {
         '.sv': 'timestamp';
     };
 }
-/** Must be called once before any RTDB operations. */
-export declare function initRTDBAuth(client: CanonClient): void;
+interface RTDBAuthOptions {
+    rtdbUrl?: string;
+    firebaseApiKey?: string;
+}
+interface RTDBClientHandle {
+    read(path: string): Promise<unknown>;
+    write(path: string, data: unknown): Promise<void>;
+    patch(path: string, data: unknown): Promise<void>;
+    remove(path: string): Promise<void>;
+    writeSessionState(conversationId: string, agentId: string, state: Omit<SessionStatePayload, 'updatedAt'>): Promise<void>;
+    clearSessionState(conversationId: string, agentId: string): Promise<void>;
+    writeTurnState(conversationId: string, agentId: string, state: Omit<TurnStatePayload, 'updatedAt'>): Promise<void>;
+    clearTurnState(conversationId: string, agentId: string): Promise<void>;
+}
+/**
+ * Initializes the default RTDB helper and returns a scoped client for callers
+ * that need per-runtime auth and base-url isolation.
+ */
+export declare function initRTDBAuth(client: CanonClient, options?: RTDBAuthOptions): RTDBClientHandle;
 /** Generic RTDB REST write (PUT). */
 export declare function rtdbWrite(path: string, data: unknown): Promise<void>;
 /** Generic RTDB REST read (GET). */
@@ -67,3 +84,4 @@ export declare function writeSessionState(conversationId: string, agentId: strin
 export declare function clearSessionState(conversationId: string, agentId: string): Promise<void>;
 export declare function writeTurnState(conversationId: string, agentId: string, state: Omit<TurnStatePayload, 'updatedAt'>): Promise<void>;
 export declare function clearTurnState(conversationId: string, agentId: string): Promise<void>;
+export {};

package/dist/rtdb-rest.js

@@ -6,163 +6,208 @@
  * is exchanged for a Firebase ID token before use with RTDB REST.
  */
 import { DEFAULT_RTDB_URL, FIREBASE_WEB_API_KEY } from './constants.js';
-const RTDB_BASE = process.env.CANON_RTDB_URL || DEFAULT_RTDB_URL;
-const FIREBASE_API_KEY = process.env.CANON_FIREBASE_API_KEY || FIREBASE_WEB_API_KEY;
-// ── Token management ──────────────────────────────────────────────────
-let cachedIdToken = null;
-let idTokenExpiresAt = 0;
-let tokenClient = null;
-/** Must be called once before any RTDB operations. */
-export function initRTDBAuth(client) {
-    tokenClient = client;
+const DEFAULT_RTDB_BASE = normalizeRTDBBase(process.env.CANON_RTDB_URL || DEFAULT_RTDB_URL);
+const DEFAULT_FIREBASE_API_KEY = process.env.CANON_FIREBASE_API_KEY || FIREBASE_WEB_API_KEY;
+let defaultRTDBClient = null;
+function normalizeRTDBBase(url) {
+    return url.replace(/\/+$/, '');
 }
-/**
- * Exchange a Firebase custom token for an ID token via the Identity Toolkit API.
- */
-async function exchangeCustomTokenForIdToken(customToken) {
-    const url = `https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${FIREBASE_API_KEY}`;
-    const res = await fetch(url, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ token: customToken, returnSecureToken: true }),
-    });
-    if (!res.ok) {
-        const text = await res.text();
-        throw new Error(`Token exchange failed (${res.status}): ${text}`);
-    }
-    const data = await res.json();
-    return { idToken: data.idToken, expiresIn: parseInt(data.expiresIn, 10) };
+function normalizeRTDBPath(path) {
+    return path.startsWith('/') ? path : `/${path}`;
 }
-/** Get a valid ID token for RTDB REST, refreshing if expired or expiring soon. */
-async function getToken() {
-    // Refresh if missing, expired, or expiring within 5 minutes
-    if (!cachedIdToken || Date.now() > idTokenExpiresAt - 5 * 60 * 1000) {
-        if (!tokenClient)
+function createRTDBClientHandle(client, options) {
+    const rtdbBase = normalizeRTDBBase(options?.rtdbUrl || DEFAULT_RTDB_BASE);
+    const firebaseApiKey = options?.firebaseApiKey || DEFAULT_FIREBASE_API_KEY;
+    let cachedIdToken = null;
+    let idTokenExpiresAt = 0;
+    let refreshPromise = null;
+    async function exchangeCustomTokenForIdToken(customToken) {
+        const url = `https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${firebaseApiKey}`;
+        const res = await fetch(url, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ token: customToken, returnSecureToken: true }),
+        });
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(`Token exchange failed (${res.status}): ${text}`);
+        }
+        const data = await res.json();
+        return {
+            idToken: data.idToken,
+            expiresIn: Number.parseInt(data.expiresIn, 10),
+        };
+    }
+    async function getToken(forceRefresh = false) {
+        const now = Date.now();
+        if (!forceRefresh && cachedIdToken && now <= idTokenExpiresAt - 5 * 60 * 1000) {
+            return cachedIdToken;
+        }
+        if (refreshPromise) {
+            return refreshPromise;
+        }
+        const staleToken = forceRefresh ? null : cachedIdToken;
+        refreshPromise = (async () => {
+            try {
+                const auth = await client.getAuthToken();
+                const { idToken, expiresIn } = await exchangeCustomTokenForIdToken(auth.token);
+                cachedIdToken = idToken;
+                idTokenExpiresAt = Date.now() + (expiresIn * 1000);
+                return cachedIdToken;
+            }
+            catch (err) {
+                console.error('[canon] RTDB token refresh failed:', err);
+                return staleToken;
+            }
+            finally {
+                refreshPromise = null;
+            }
+        })();
+        return refreshPromise;
+    }
+    async function request(method, path, data, options = {}) {
+        const token = await getToken(false);
+        if (!token)
             return null;
+        const url = `${rtdbBase}${normalizeRTDBPath(path)}.json?auth=${encodeURIComponent(token)}`;
+        const res = await fetch(url, {
+            method,
+            ...(method === 'GET'
+                ? {}
+                : {
+                    headers: { 'Content-Type': 'application/json' },
+                    ...(data === undefined ? {} : { body: JSON.stringify(data) }),
+                }),
+        });
+        if (options.retryUnauthorized !== false
+            && (res.status === 401 || res.status === 403)) {
+            cachedIdToken = null;
+            idTokenExpiresAt = 0;
+            const refreshedToken = await getToken(true);
+            if (!refreshedToken) {
+                return res;
+            }
+            const retryUrl = `${rtdbBase}${normalizeRTDBPath(path)}.json?auth=${encodeURIComponent(refreshedToken)}`;
+            return fetch(retryUrl, {
+                method,
+                ...(method === 'GET'
+                    ? {}
+                    : {
+                        headers: { 'Content-Type': 'application/json' },
+                        ...(data === undefined ? {} : { body: JSON.stringify(data) }),
+                    }),
+            });
+        }
+        return res;
+    }
+    async function requireSuccess(method, path, data, errorPrefix) {
+        const res = await request(method, path, data);
+        if (!res)
+            return;
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(`${errorPrefix} (${res.status}): ${text}`);
+        }
+    }
+    async function read(path) {
+        const res = await request('GET', path);
+        if (!res?.ok)
+            return null;
+        return res.json();
+    }
+    async function write(path, data) {
+        await requireSuccess('PUT', path, data, 'RTDB write failed');
+    }
+    async function patch(path, data) {
+        await requireSuccess('PATCH', path, data, 'RTDB patch failed');
+    }
+    async function remove(path) {
+        await requireSuccess('DELETE', path, undefined, 'RTDB delete failed');
+    }
+    async function writeSessionStateImpl(conversationId, agentId, state) {
+        await write(`/session-state/${conversationId}/${agentId}`, {
+            ...state,
+            updatedAt: { '.sv': 'timestamp' },
+        });
+    }
+    async function clearSessionStateImpl(conversationId, agentId) {
         try {
-            const auth = await tokenClient.getAuthToken();
-            const { idToken, expiresIn } = await exchangeCustomTokenForIdToken(auth.token);
-            cachedIdToken = idToken;
-            idTokenExpiresAt = Date.now() + expiresIn * 1000;
+            await write(`/session-state/${conversationId}/${agentId}`, {
+                isActive: false,
+                updatedAt: { '.sv': 'timestamp' },
+            });
         }
-        catch (err) {
-            console.error('[canon] RTDB token refresh failed:', err);
-            return cachedIdToken; // Return stale token as fallback
+        catch (error) {
+            console.error('[canon] RTDB clear failed:', error);
         }
     }
-    return cachedIdToken;
+    async function writeTurnStateImpl(conversationId, agentId, state) {
+        await write(`/turn-state/${conversationId}/${agentId}`, {
+            ...state,
+            updatedAt: { '.sv': 'timestamp' },
+        });
+    }
+    async function clearTurnStateImpl(conversationId, agentId) {
+        try {
+            await write(`/turn-state/${conversationId}/${agentId}`, {
+                state: 'idle',
+                queueDepth: 0,
+                updatedAt: { '.sv': 'timestamp' },
+                completedAt: { '.sv': 'timestamp' },
+            });
+        }
+        catch (error) {
+            console.error('[canon] RTDB turn clear failed:', error);
+        }
+    }
+    return {
+        read,
+        write,
+        patch,
+        remove,
+        writeSessionState: writeSessionStateImpl,
+        clearSessionState: clearSessionStateImpl,
+        writeTurnState: writeTurnStateImpl,
+        clearTurnState: clearTurnStateImpl,
+    };
+}
+/**
+ * Initializes the default RTDB helper and returns a scoped client for callers
+ * that need per-runtime auth and base-url isolation.
+ */
+export function initRTDBAuth(client, options) {
+    const scopedClient = createRTDBClientHandle(client, options);
+    defaultRTDBClient = scopedClient;
+    return scopedClient;
+}
+function getDefaultRTDBClient() {
+    return defaultRTDBClient;
 }
 // ── RTDB operations ───────────────────────────────────────────────────
 /** Generic RTDB REST write (PUT). */
 export async function rtdbWrite(path, data) {
-    const token = await getToken();
-    if (!token)
-        return;
-    const url = `${RTDB_BASE}${path}.json?auth=${token}`;
-    const res = await fetch(url, {
-        method: 'PUT',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(data),
-    });
-    if (!res.ok) {
-        const text = await res.text();
-        throw new Error(`RTDB write failed (${res.status}): ${text}`);
-    }
+    await getDefaultRTDBClient()?.write(path, data);
 }
 /** Generic RTDB REST read (GET). */
 export async function rtdbRead(path) {
-    const token = await getToken();
-    if (!token)
-        return null;
-    const url = `${RTDB_BASE}${path}.json?auth=${token}`;
-    const res = await fetch(url);
-    if (!res.ok)
-        return null;
-    return res.json();
+    return getDefaultRTDBClient()?.read(path) ?? null;
 }
 /**
  * Write session state to RTDB via REST API.
  * Path: /session-state/{conversationId}/{agentId}
  */
 export async function writeSessionState(conversationId, agentId, state) {
-    const token = await getToken();
-    if (!token)
-        return;
-    const url = `${RTDB_BASE}/session-state/${conversationId}/${agentId}.json?auth=${token}`;
-    const body = {
-        ...state,
-        updatedAt: { '.sv': 'timestamp' },
-    };
-    const res = await fetch(url, {
-        method: 'PUT',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(body),
-    });
-    if (!res.ok) {
-        const text = await res.text();
-        throw new Error(`RTDB write failed (${res.status}): ${text}`);
-    }
+    await getDefaultRTDBClient()?.writeSessionState(conversationId, agentId, state);
 }
 /**
  * Clear session state from RTDB (full overwrite with isActive: false).
  */
 export async function clearSessionState(conversationId, agentId) {
-    const token = await getToken();
-    if (!token)
-        return;
-    const url = `${RTDB_BASE}/session-state/${conversationId}/${agentId}.json?auth=${token}`;
-    const body = {
-        isActive: false,
-        updatedAt: { '.sv': 'timestamp' },
-    };
-    // Use PUT (not PATCH) to clear stale fields like model/cwd
-    const res = await fetch(url, {
-        method: 'PUT',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(body),
-    });
-    if (!res.ok) {
-        const text = await res.text();
-        console.error(`[canon] RTDB clear failed (${res.status}): ${text}`);
-    }
+    await getDefaultRTDBClient()?.clearSessionState(conversationId, agentId);
 }
 export async function writeTurnState(conversationId, agentId, state) {
-    const token = await getToken();
-    if (!token)
-        return;
-    const url = `${RTDB_BASE}/turn-state/${conversationId}/${agentId}.json?auth=${token}`;
-    const body = {
-        ...state,
-        updatedAt: { '.sv': 'timestamp' },
-    };
-    const res = await fetch(url, {
-        method: 'PUT',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(body),
-    });
-    if (!res.ok) {
-        const text = await res.text();
-        throw new Error(`RTDB write failed (${res.status}): ${text}`);
-    }
+    await getDefaultRTDBClient()?.writeTurnState(conversationId, agentId, state);
 }
 export async function clearTurnState(conversationId, agentId) {
-    const token = await getToken();
-    if (!token)
-        return;
-    const url = `${RTDB_BASE}/turn-state/${conversationId}/${agentId}.json?auth=${token}`;
-    const body = {
-        state: 'idle',
-        queueDepth: 0,
-        updatedAt: { '.sv': 'timestamp' },
-        completedAt: { '.sv': 'timestamp' },
-    };
-    const res = await fetch(url, {
-        method: 'PUT',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(body),
-    });
-    if (!res.ok) {
-        const text = await res.text();
-        console.error(`[canon] RTDB turn clear failed (${res.status}): ${text}`);
-    }
+    await getDefaultRTDBClient()?.clearTurnState(conversationId, agentId);
 }

package/dist/types.d.ts

@@ -1,4 +1,5 @@
 import type { ResolvedAgentBehaviorPolicy } from './policy.js';
+import type { CanonWorkSessionContext } from './work-session.js';
 export type MediaAttachmentKind = 'image' | 'audio' | 'file';
 export interface MediaAttachment {
     kind: MediaAttachmentKind;
@@ -25,6 +26,7 @@ export interface CanonMessage {
     mentions: string[];
     replyTo: string | null;
     replyToPosition: number | null;
+    workSession?: CanonWorkSessionContext | null;
     metadata?: Record<string, unknown>;
     status: 'sent' | 'read';
     deleted: boolean;
@@ -50,6 +52,7 @@ export interface CanonConversation {
 export interface CanonMessagesPage {
     messages: CanonMessage[];
     behavior?: ResolvedAgentBehaviorPolicy;
+    workSessions?: CanonWorkSessionContext[];
 }
 export type AgentClientType = 'claude-code' | 'openclaw' | 'codex' | 'generic';
 /** Declares what session controls an agent type supports. */
@@ -88,6 +91,7 @@ export interface AgentContext {
 export interface MessageCreatedPayload {
     conversationId: string;
     behavior?: ResolvedAgentBehaviorPolicy;
+    workSessions?: CanonWorkSessionContext[];
     message: {
         id: string;
         senderId: string;
@@ -105,6 +109,7 @@ export interface MessageCreatedPayload {
         replyToPosition?: number;
         mentions?: string[];
         createdAt?: string;
+        workSession?: CanonWorkSessionContext | null;
         /** Structured metadata for rich UI (approval cards, etc.) */
         metadata?: Record<string, unknown>;
     };
@@ -129,6 +134,7 @@ export interface SendMessageOptions {
     attachments?: MediaAttachment[];
     contactCardUserId?: string;
     mentions?: string[];
+    workSessionId?: string;
     /** Structured metadata for rich UI (approval cards, etc.) */
     metadata?: Record<string, unknown>;
 }

package/dist/work-session.d.ts

@@ -0,0 +1,88 @@
+import type { RepresentationMode } from './policy.js';
+import type { SendMessageOptions } from './types.js';
+export type CanonWorkSessionStatus = 'active' | 'paused' | 'completed';
+export type CanonWorkSessionConversationRole = 'requester' | 'coordinator' | 'participant' | 'delegate' | 'observer';
+export type CanonWorkSessionDisclosureMode = 'none' | 'summary' | 'full';
+export interface CanonWorkSessionParticipant {
+    conversationId?: string | null;
+    participantId?: string | null;
+    label?: string | null;
+    role?: CanonWorkSessionConversationRole | null;
+}
+export interface CanonWorkSessionContext {
+    id: string;
+    title?: string | null;
+    objective?: string | null;
+    status?: CanonWorkSessionStatus | null;
+    summary?: string | null;
+    representation?: RepresentationMode | null;
+    currentConversationRole?: CanonWorkSessionConversationRole | null;
+    sourceConversationId?: string | null;
+    sourceConversationLabel?: string | null;
+    sourceParticipantId?: string | null;
+    sourceParticipantLabel?: string | null;
+    disclosure?: CanonWorkSessionDisclosureMode | null;
+    disclosureNotes?: string[];
+    visibleFacts?: string[];
+    pendingQuestions?: string[];
+    participants?: CanonWorkSessionParticipant[];
+    updatedAt?: string | null;
+}
+export interface CanonWorkSession {
+    id: string;
+    title?: string | null;
+    objective?: string | null;
+    status: CanonWorkSessionStatus;
+    createdAt?: string | null;
+    updatedAt?: string | null;
+}
+export interface UpdateWorkSessionConversationOptions {
+    summary?: string | null;
+    representation?: RepresentationMode | null;
+    currentConversationRole?: CanonWorkSessionConversationRole | null;
+    sourceConversationId?: string | null;
+    sourceConversationLabel?: string | null;
+    sourceParticipantId?: string | null;
+    sourceParticipantLabel?: string | null;
+    disclosure?: CanonWorkSessionDisclosureMode | null;
+    disclosureNotes?: string[];
+    visibleFacts?: string[];
+    pendingQuestions?: string[];
+    participants?: CanonWorkSessionParticipant[];
+}
+export interface CreateWorkSessionOptions extends UpdateWorkSessionConversationOptions {
+    conversationId: string;
+    title?: string | null;
+    objective?: string | null;
+    status?: CanonWorkSessionStatus | null;
+}
+export interface CanonResolvedWorkSession {
+    workSession: CanonWorkSession;
+    context: CanonWorkSessionContext;
+}
+export interface SendLinkedMessageOptions {
+    sourceConversationId: string;
+    targetConversationId: string;
+    text: string;
+    workSessionId?: string;
+    createWorkSession?: Omit<CreateWorkSessionOptions, 'conversationId'>;
+    sourceContext?: UpdateWorkSessionConversationOptions;
+    targetContext?: UpdateWorkSessionConversationOptions;
+    messageOptions?: Omit<SendMessageOptions, 'workSessionId'>;
+}
+export interface SendLinkedMessageResult {
+    messageId: string;
+    workSessionId: string;
+    workSessionCreated: boolean;
+}
+export interface WorkSessionPromptRenderOptions {
+    maxVisibleFacts?: number;
+    maxPendingQuestions?: number;
+    maxDisclosureNotes?: number;
+    maxParticipants?: number;
+    maxDetailedWorkSessions?: number;
+    maxOtherWorkSessions?: number;
+}
+export declare function mergeWorkSessionContexts(explicitWorkSession?: CanonWorkSessionContext | null, activeWorkSessions?: CanonWorkSessionContext[] | null): CanonWorkSessionContext[];
+export declare function buildWorkSessionPromptLines(workSession?: CanonWorkSessionContext | null, options?: WorkSessionPromptRenderOptions): string[];
+export declare function buildWorkSessionsPromptLines(workSessions?: CanonWorkSessionContext[] | null, options?: WorkSessionPromptRenderOptions): string[];

package/dist/work-session.js

@@ -0,0 +1,238 @@
+const DEFAULT_WORK_SESSION_PROMPT_OPTIONS = {
+    maxVisibleFacts: 3,
+    maxPendingQuestions: 2,
+    maxDisclosureNotes: 1,
+    maxParticipants: 3,
+    maxDetailedWorkSessions: 1,
+    maxOtherWorkSessions: 3,
+};
+function normalizeString(value) {
+    if (typeof value !== 'string')
+        return null;
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : null;
+}
+function normalizeStringList(value) {
+    if (!Array.isArray(value))
+        return [];
+    return value
+        .map((entry) => normalizeString(entry))
+        .filter((entry) => entry != null);
+}
+function mergeStringLists(primary, secondary) {
+    const merged = [...normalizeStringList(primary), ...normalizeStringList(secondary)];
+    const unique = Array.from(new Set(merged));
+    return unique.length > 0 ? unique : undefined;
+}
+function mergeParticipants(primary, secondary) {
+    const result = [];
+    const seen = new Set();
+    const pushParticipant = (participant) => {
+        if (!participant)
+            return;
+        const key = [
+            normalizeString(participant.conversationId),
+            normalizeString(participant.participantId),
+            normalizeString(participant.label),
+            normalizeString(participant.role),
+        ].join('::');
+        if (seen.has(key))
+            return;
+        seen.add(key);
+        result.push(participant);
+    };
+    for (const participant of primary ?? [])
+        pushParticipant(participant);
+    for (const participant of secondary ?? [])
+        pushParticipant(participant);
+    return result.length > 0 ? result : undefined;
+}
+function mergeTwoWorkSessions(primary, secondary) {
+    const disclosureNotes = mergeStringLists(primary.disclosureNotes, secondary.disclosureNotes);
+    const visibleFacts = mergeStringLists(primary.visibleFacts, secondary.visibleFacts);
+    const pendingQuestions = mergeStringLists(primary.pendingQuestions, secondary.pendingQuestions);
+    const participants = mergeParticipants(primary.participants, secondary.participants);
+    return {
+        id: primary.id,
+        title: primary.title ?? secondary.title ?? null,
+        objective: primary.objective ?? secondary.objective ?? null,
+        status: primary.status ?? secondary.status ?? null,
+        summary: primary.summary ?? secondary.summary ?? null,
+        representation: primary.representation ?? secondary.representation ?? null,
+        currentConversationRole: primary.currentConversationRole ?? secondary.currentConversationRole ?? null,
+        sourceConversationId: primary.sourceConversationId ?? secondary.sourceConversationId ?? null,
+        sourceConversationLabel: primary.sourceConversationLabel ?? secondary.sourceConversationLabel ?? null,
+        sourceParticipantId: primary.sourceParticipantId ?? secondary.sourceParticipantId ?? null,
+        sourceParticipantLabel: primary.sourceParticipantLabel ?? secondary.sourceParticipantLabel ?? null,
+        disclosure: primary.disclosure ?? secondary.disclosure ?? null,
+        ...(disclosureNotes ? { disclosureNotes } : {}),
+        ...(visibleFacts ? { visibleFacts } : {}),
+        ...(pendingQuestions ? { pendingQuestions } : {}),
+        ...(participants ? { participants } : {}),
+        updatedAt: primary.updatedAt ?? secondary.updatedAt ?? null,
+    };
+}
+export function mergeWorkSessionContexts(explicitWorkSession, activeWorkSessions) {
+    const merged = new Map();
+    const add = (workSession) => {
+        if (!workSession?.id)
+            return;
+        const existing = merged.get(workSession.id);
+        merged.set(workSession.id, existing ? mergeTwoWorkSessions(existing, workSession) : workSession);
+    };
+    add(explicitWorkSession);
+    for (const workSession of activeWorkSessions ?? []) {
+        add(workSession);
+    }
+    return Array.from(merged.values());
+}
+function formatParticipantLabel(participant) {
+    const label = normalizeString(participant.label);
+    if (label)
+        return label;
+    const participantId = normalizeString(participant.participantId);
+    if (participantId)
+        return participantId;
+    return normalizeString(participant.conversationId);
+}
+function resolvePromptOptions(options) {
+    return {
+        maxVisibleFacts: Math.max(0, options?.maxVisibleFacts
+            ?? DEFAULT_WORK_SESSION_PROMPT_OPTIONS.maxVisibleFacts),
+        maxPendingQuestions: Math.max(0, options?.maxPendingQuestions
+            ?? DEFAULT_WORK_SESSION_PROMPT_OPTIONS.maxPendingQuestions),
+        maxDisclosureNotes: Math.max(0, options?.maxDisclosureNotes
+            ?? DEFAULT_WORK_SESSION_PROMPT_OPTIONS.maxDisclosureNotes),
+        maxParticipants: Math.max(0, options?.maxParticipants ?? DEFAULT_WORK_SESSION_PROMPT_OPTIONS.maxParticipants),
+        maxDetailedWorkSessions: Math.max(1, options?.maxDetailedWorkSessions
+            ?? DEFAULT_WORK_SESSION_PROMPT_OPTIONS.maxDetailedWorkSessions),
+        maxOtherWorkSessions: Math.max(0, options?.maxOtherWorkSessions
+            ?? DEFAULT_WORK_SESSION_PROMPT_OPTIONS.maxOtherWorkSessions),
+    };
+}
+function takeWithHiddenCount(values, maxCount) {
+    if (maxCount <= 0) {
+        return { visible: [], hiddenCount: values.length };
+    }
+    return {
+        visible: values.slice(0, maxCount),
+        hiddenCount: Math.max(0, values.length - maxCount),
+    };
+}
+function buildOriginLabel(workSession) {
+    const sourceConversation = normalizeString(workSession.sourceConversationLabel)
+        ?? normalizeString(workSession.sourceConversationId);
+    const sourceParticipant = normalizeString(workSession.sourceParticipantLabel)
+        ?? normalizeString(workSession.sourceParticipantId);
+    if (sourceConversation && sourceParticipant) {
+        return `${sourceParticipant} in ${sourceConversation}`;
+    }
+    return sourceParticipant ?? sourceConversation;
+}
+function formatWorkSessionReference(workSession) {
+    const title = normalizeString(workSession.title);
+    const objective = normalizeString(workSession.objective);
+    if (title)
+        return `${title} (${workSession.id})`;
+    if (objective)
+        return `${objective} (${workSession.id})`;
+    return workSession.id;
+}
+export function buildWorkSessionPromptLines(workSession, options) {
+    if (!workSession)
+        return [];
+    const promptOptions = resolvePromptOptions(options);
+    const title = normalizeString(workSession.title);
+    const objective = normalizeString(workSession.objective);
+    const summary = normalizeString(workSession.summary);
+    const origin = buildOriginLabel(workSession);
+    const visibleFacts = takeWithHiddenCount(normalizeStringList(workSession.visibleFacts), promptOptions.maxVisibleFacts);
+    const pendingQuestions = takeWithHiddenCount(normalizeStringList(workSession.pendingQuestions), promptOptions.maxPendingQuestions);
+    const disclosureNotes = takeWithHiddenCount(normalizeStringList(workSession.disclosureNotes), promptOptions.maxDisclosureNotes);
+    const participants = takeWithHiddenCount(Array.isArray(workSession.participants) ? workSession.participants : [], promptOptions.maxParticipants);
+    return [
+        `Canon work session ID: ${workSession.id}`,
+        ...(title ? [`Canon work session title: ${title}`] : []),
+        ...(objective ? [`Canon work session objective: ${objective}`] : []),
+        ...(workSession.status
+            ? [`Canon work session status: ${workSession.status}`]
+            : []),
+        ...(workSession.currentConversationRole
+            ? [
+                `This conversation's role in the work session: ${workSession.currentConversationRole}`,
+            ]
+            : []),
+        ...(workSession.representation
+            ? [`Participate in this conversation as: ${workSession.representation}`]
+            : []),
+        ...(origin ? [`Work session origin: ${origin}`] : []),
+        ...(workSession.disclosure
+            ? [`Allowed disclosure level in this conversation: ${workSession.disclosure}`]
+            : []),
+        ...(summary ? [`Shared work session summary: ${summary}`] : []),
+        ...visibleFacts.visible.map((fact, index) => `Shared fact ${index + 1}: ${fact}`),
+        ...(visibleFacts.hiddenCount > 0
+            ? [`Additional shared facts omitted for brevity: ${visibleFacts.hiddenCount}`]
+            : []),
+        ...pendingQuestions.visible.map((question, index) => `Open question ${index + 1}: ${question}`),
+        ...(pendingQuestions.hiddenCount > 0
+            ? [
+                `Additional open questions omitted for brevity: ${pendingQuestions.hiddenCount}`,
+            ]
+            : []),
+        ...disclosureNotes.visible.map((note, index) => `Disclosure note ${index + 1}: ${note}`),
+        ...(disclosureNotes.hiddenCount > 0
+            ? [
+                `Additional disclosure notes omitted for brevity: ${disclosureNotes.hiddenCount}`,
+            ]
+            : []),
+        ...participants.visible.flatMap((participant, index) => {
+            const label = formatParticipantLabel(participant);
+            if (!label)
+                return [];
+            const role = normalizeString(participant.role);
+            return [
+                `Related participant ${index + 1}: ${label}${role ? ` (${role})` : ''}`,
+            ];
+        }),
+        ...(participants.hiddenCount > 0
+            ? [
+                `Additional related participants omitted for brevity: ${participants.hiddenCount}`,
+            ]
+            : []),
+        'Canon rule: this shared work-session context is scoped to this conversation only and does not grant access to other conversation transcripts.',
+    ];
+}
+export function buildWorkSessionsPromptLines(workSessions, options) {
+    const promptOptions = resolvePromptOptions(options);
+    if (!Array.isArray(workSessions) || workSessions.length === 0)
+        return [];
+    if (workSessions.length === 1) {
+        return [
+            'Canon active work session for this conversation:',
+            ...buildWorkSessionPromptLines(workSessions[0], promptOptions),
+        ];
+    }
+    const detailedWorkSessions = workSessions.slice(0, promptOptions.maxDetailedWorkSessions);
+    const hiddenWorkSessions = workSessions.slice(promptOptions.maxDetailedWorkSessions);
+    const lines = ['Canon active work sessions for this conversation:'];
+    detailedWorkSessions.forEach((workSession, index) => {
+        lines.push(detailedWorkSessions.length === 1
+            ? 'Primary active work session:'
+            : `Detailed work session ${index + 1}:`);
+        lines.push(...buildWorkSessionPromptLines(workSession, promptOptions));
+    });
+    if (hiddenWorkSessions.length > 0) {
+        lines.push('Other active work sessions linked here:');
+        hiddenWorkSessions
+            .slice(0, promptOptions.maxOtherWorkSessions)
+            .forEach((workSession, index) => {
+            lines.push(`Other work session ${index + 1}: ${formatWorkSessionReference(workSession)}`);
+        });
+        if (hiddenWorkSessions.length > promptOptions.maxOtherWorkSessions) {
+            lines.push(`Additional active work sessions omitted for brevity: ${hiddenWorkSessions.length - promptOptions.maxOtherWorkSessions}`);
+        }
+        lines.push('Canon rule: do not assume the current message refers to another linked work session unless the conversation clearly points to it.');
+    }
+    return lines;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@canonmsg/core",
-  "version": "0.5.0",
+  "version": "0.7.0",
   "description": "Canon core — shared types, REST client, SSE stream, and registration for Canon messaging",
   "type": "module",
   "main": "dist/index.js",
@@ -8,10 +8,12 @@
   "exports": {
     ".": {
       "import": "./dist/index.js",
+      "default": "./dist/index.js",
       "types": "./dist/index.d.ts"
     },
     "./browser": {
       "import": "./dist/browser.js",
+      "default": "./dist/browser.js",
       "types": "./dist/browser.d.ts"
     }
   },