@codemation/core-nodes-ocr 0.2.2 → 0.2.4

package/dist/codemation.plugin.d.cts

@@ -1,4 +1,4 @@
-import { l as WorkflowDefinition, n as TypeToken, t as Container, u as AnyCredentialType } from "./runtimeTypes-ffl603pJ.cjs";
+import { c as Container, l as TypeToken, s as WorkflowDefinition, u as AnyCredentialType } from "./runtimeTypes-WCvsnJMY.cjs";
 import { BetterAuthOptions } from "better-auth";
 
 //#region ../core/src/contracts/mcpTypes.d.ts
@@ -303,8 +303,6 @@ interface AppConfig {
   }>;
   readonly auth?: CodemationAuthConfig;
   readonly whitelabel: CodemationWhitelabelConfig;
-  readonly webSocketPort: number;
-  readonly webSocketBindHost: string;
 }
 //#endregion
 //#region ../host/src/presentation/config/CodemationAppContext.d.ts

package/dist/codemation.plugin.d.ts

@@ -1,4 +1,4 @@
-import { a as TypeToken, c as WorkflowDefinition, i as Container, l as AnyCredentialType, n as DefinedCollection, o as EngineExecutionLimitsPolicyConfig, s as McpServerDeclaration, t as CollectionDefinition } from "./index-C2KJPzqN.js";
+import { a as TypeToken, c as McpServerDeclaration, i as Container, l as AnyCredentialType, n as DefinedCollection, o as EngineExecutionLimitsPolicyConfig, r as WorkflowDefinition, t as CollectionDefinition } from "./index-DF2ht42F.js";
 import { ZodType, z } from "zod";
 import { BetterAuthOptions } from "better-auth";
 
@@ -243,8 +243,6 @@ interface AppConfig {
   }>;
   readonly auth?: CodemationAuthConfig;
   readonly whitelabel: CodemationWhitelabelConfig;
-  readonly webSocketPort: number;
-  readonly webSocketBindHost: string;
 }
 //#endregion
 //#region ../host/src/presentation/config/CodemationAppContext.d.ts

package/dist/codemation.plugin.js

@@ -1,6 +1,6 @@
 import { a as __toDynamicImportESM, i as __commonJS, n as require_auth_errors, o as __toESM, r as require_token_error, t as require_token_util } from "./token-util-EUxa8JtH.js";
-import { n as analyzeImageNode, o as azureContentUnderstandingCredentialType, r as analyzeDocumentNode, t as analyzeInvoiceNode } from "./analyzeInvoiceNode-uVwe3GHD.js";
-import { AgentConfigInspector, AgentGuardrailDefaults, AgentMessageConfigNormalizer, CallableToolConfig, ChildExecutionScopeFactory, CodemationTelemetryAttributeNames, CodemationTelemetryMetricNames, ConnectionInvocationIdFactory, ConnectionNodeIdFactory, CoreTokens, GenAiTelemetryAttributeNames, ItemExprResolver, ItemsInputNormalizer, NodeBackedToolConfig, NodeOutputNormalizer, RunnableOutputBehaviorResolver, chatModel, defineCredential, defineNode, emitPorts, getOriginIndexFromItem, inject, injectable, isPortsEmission, node } from "@codemation/core";
+import { n as analyzeImageNode, o as azureContentUnderstandingCredentialType, r as analyzeDocumentNode, t as analyzeInvoiceNode } from "./analyzeInvoiceNode-BqZsN8iL.js";
+import { AgentConfigInspector, AgentGuardrailDefaults, AgentMessageConfigNormalizer, CallableToolConfig, ChildExecutionScopeFactory, CodemationTelemetryAttributeNames, CodemationTelemetryMetricNames, ConnectionInvocationIdFactory, ConnectionNodeIdFactory, CoreTokens, GenAiTelemetryAttributeNames, InboxChannelResolverToken, ItemExprResolver, ItemsInputNormalizer, NodeBackedToolConfig, NodeOutputNormalizer, RunnableOutputBehaviorResolver, SuspensionRequest, chatModel, defineCredential, defineHumanApprovalNode, defineNode, emitPorts, getOriginIndexFromItem, inject, injectable, isPortsEmission, node } from "@codemation/core";
 import dns from "node:dns/promises";
 import * as z4 from "zod/v4";
 import { z } from "zod/v4";
@@ -8281,6 +8281,59 @@ var OpenAiChatModelPresets = class {
 };
 const openAiChatModelPresets = new OpenAiChatModelPresets();
 
+//#endregion
+//#region ../core-nodes/src/chatModels/ManagedHmacSignerFactory.types.ts
+/**
+* Creates an HMAC-signing fetch wrapper that authenticates requests to
+* Codemation managed services (LLM broker, doc-scanner) with the
+* Codemation-Hmac v=1 scheme.
+*
+* Mirrors HmacRequestSigner from @codemation/host/pairing without importing
+* that package (which would create a circular dependency since @codemation/host
+* depends on @codemation/core-nodes).
+*
+* @param workspaceId   - Workspace identifier injected by the CP provisioner.
+* @param pairingSecret - Base64-encoded 32-byte HMAC key injected by the provisioner.
+* @param options       - Optional behaviour flags and test seams.
+*/
+function managedHmacFetchFactory(workspaceId, pairingSecret, options) {
+	const signBody = options?.signBody ?? true;
+	return async (input, init) => {
+		const url = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+		const method = init?.method ?? "POST";
+		let bodyForSigning = "";
+		if (signBody && init?.body !== void 0 && init.body !== null) bodyForSigning = typeof init.body === "string" ? init.body : await new Response(init.body).text();
+		const authHeader = buildHmacAuthHeader(workspaceId, pairingSecret, method, url, bodyForSigning, options);
+		const headers = new Headers(init?.headers);
+		headers.set("Authorization", authHeader);
+		const outgoingBody = signBody ? bodyForSigning || init?.body : init?.body;
+		return fetch(input, {
+			...init,
+			body: outgoingBody,
+			headers
+		});
+	};
+}
+/**
+* Produces a Codemation-Hmac v=1 Authorization header value.
+* Algorithm must match HmacVerifier.computeSignature() in the control-plane.
+*/
+function buildHmacAuthHeader(workspaceId, pairingSecret, method, url, body, overrides) {
+	const ts = overrides?.now ? overrides.now() : Math.floor(Date.now() / 1e3);
+	const nonce = overrides?.nonce ? overrides.nonce() : randomBytes(16).toString("base64");
+	const parsed = new URL(url);
+	const path = (parsed.pathname + parsed.search).toLowerCase();
+	const bodyHash = createHash("sha256").update(body, "utf8").digest("hex");
+	const baseString = [
+		method.toUpperCase(),
+		path,
+		ts,
+		nonce,
+		bodyHash
+	].join("\n");
+	return `Codemation-Hmac v=1,workspaceId=${workspaceId},ts=${ts},nonce=${nonce},sig=${createHmac("sha256", Buffer.from(pairingSecret, "base64")).update(baseString, "utf8").digest("base64")}`;
+}
+
 //#endregion
 //#region ../core-nodes/src/chatModels/CodemationChatModelFactory.ts
 let CodemationChatModelFactory = class CodemationChatModelFactory$1 {
@@ -8290,7 +8343,7 @@ let CodemationChatModelFactory = class CodemationChatModelFactory$1 {
 		const workspaceId = process.env["WORKSPACE_ID"];
 		const pairingSecret = process.env["WORKSPACE_PAIRING_SECRET"];
 		if (!workspaceId || !pairingSecret) throw new Error("Codemation managed AI not available in this environment (workspace pairing is not configured).");
-		const hmacFetch = this.buildHmacSignedFetch(workspaceId, pairingSecret);
+		const hmacFetch = managedHmacFetchFactory(workspaceId, pairingSecret);
 		const languageModel = createOpenAI({
 			baseURL: `${gatewayUrl}/v1`,
 			apiKey: "codemation-managed",
@@ -8306,52 +8359,6 @@ let CodemationChatModelFactory = class CodemationChatModelFactory$1 {
 			}
 		});
 	}
-	/**
-	* Creates an HMAC-signed fetch wrapper for use with AI SDK's createOpenAI.
-	* Each call signs the request body with the workspace pairing secret so the
-	* LLM broker can authenticate the workspace without a user-managed API key.
-	*
-	* Mirrors HmacRequestSigner from @codemation/host/pairing without importing
-	* that package (which would create a circular dependency since @codemation/host
-	* depends on @codemation/core-nodes).
-	*/
-	buildHmacSignedFetch(workspaceId, pairingSecret) {
-		return async (input, init) => {
-			const url = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
-			const method = init?.method ?? "POST";
-			let bodyString = "";
-			if (init?.body !== void 0 && init.body !== null) if (typeof init.body === "string") bodyString = init.body;
-			else bodyString = await new Response(init.body).text();
-			const authHeader = this.buildHmacAuthHeader(workspaceId, pairingSecret, method, url, bodyString);
-			const headers = new Headers(init?.headers);
-			headers.set("Authorization", authHeader);
-			const effectiveBody = bodyString || init?.body;
-			return fetch(input, {
-				...init,
-				body: effectiveBody,
-				headers
-			});
-		};
-	}
-	/**
-	* Produces a Codemation-Hmac v1 Authorization header value.
-	* The algorithm must match HmacVerifier.computeSignature() in the control-plane.
-	*/
-	buildHmacAuthHeader(workspaceId, pairingSecret, method, url, body) {
-		const ts = Math.floor(Date.now() / 1e3);
-		const nonce = randomBytes(16).toString("base64");
-		const parsed = new URL(url);
-		const path = (parsed.pathname + parsed.search).toLowerCase();
-		const bodyHash = createHash("sha256").update(body, "utf8").digest("hex");
-		const baseString = [
-			method.toUpperCase(),
-			path,
-			ts,
-			nonce,
-			bodyHash
-		].join("\n");
-		return `Codemation-Hmac v=1,workspaceId=${workspaceId},ts=${ts},nonce=${nonce},sig=${createHmac("sha256", Buffer.from(pairingSecret, "base64")).update(baseString, "utf8").digest("base64")}`;
-	}
 };
 CodemationChatModelFactory = __decorate([chatModel({ packageName: "@codemation/core-nodes" })], CodemationChatModelFactory);
 
@@ -8730,12 +8737,22 @@ let AgentToolExecutionCoordinator = class AgentToolExecutionCoordinator$1 {
 		this.repairPolicy = repairPolicy;
 	}
 	async execute(args) {
+		if (args.plannedToolCalls.filter((c) => c.binding.humanApproval !== void 0).length > 0 && args.plannedToolCalls.length > 1) return args.plannedToolCalls.map((c) => ({
+			toolName: c.binding.config.name,
+			toolCallId: c.toolCall.id ?? c.binding.config.name,
+			result: { error: c.binding.humanApproval !== void 0 ? `HITL tool '${c.binding.config.name}' cannot be called alongside other tools in the same turn; call it alone.` : `deferred: a HITL tool in the same turn blocked execution. Retry this tool alone in the next turn.` },
+			serialized: JSON.stringify({ error: c.binding.humanApproval !== void 0 ? `HITL tool '${c.binding.config.name}' cannot be called alongside other tools in the same turn; call it alone.` : `deferred: a HITL tool in the same turn blocked execution. Retry this tool alone in the next turn.` })
+		}));
 		const results = await Promise.allSettled(args.plannedToolCalls.map(async (plannedToolCall) => await this.executePlannedToolCall({
 			...args,
 			plannedToolCall
 		})));
 		const rejected = results.find((result) => result.status === "rejected");
-		if (rejected?.status === "rejected") throw rejected.reason instanceof Error ? rejected.reason : new Error(String(rejected.reason));
+		if (rejected?.status === "rejected") {
+			const reason = rejected.reason;
+			if (reason instanceof SuspensionRequest) throw reason;
+			throw reason instanceof Error ? reason : new Error(String(reason));
+		}
 		return results.filter((result) => result.status === "fulfilled").map((result) => result.value);
 	}
 	async executePlannedToolCall(args) {
@@ -8820,6 +8837,34 @@ let AgentToolExecutionCoordinator = class AgentToolExecutionCoordinator$1 {
 				result
 			};
 		} catch (error) {
+			if (error instanceof SuspensionRequest) {
+				const pendingToolCallId = plannedToolCall.toolCall.id ?? plannedToolCall.binding.config.name;
+				const checkpoint = {
+					conversation: args.conversationSnapshot ? [...args.conversationSnapshot] : [],
+					turnCount: args.turnCount ?? 0,
+					toolCallCount: args.toolCallCount ?? 0,
+					pendingToolCallId,
+					agentName: args.agentName,
+					modelId: args.modelId ?? ""
+				};
+				const agentReasoning = this.extractLastAssistantText(args.conversationSnapshot ?? []);
+				const augmented = new SuspensionRequest({
+					...error.request,
+					metadata: {
+						...error.request.metadata,
+						agentCheckpoint: checkpoint,
+						pendingToolCallId,
+						agentReasoning,
+						onRejected: plannedToolCall.binding.humanApproval?.onRejected ?? "return"
+					}
+				});
+				await span.end({
+					status: "error",
+					statusMessage: "suspended",
+					endedAt: /* @__PURE__ */ new Date()
+				});
+				throw augmented;
+			}
 			const classification = this.errorClassifier.classify({
 				error,
 				toolName: plannedToolCall.binding.config.name,
@@ -8995,6 +9040,24 @@ let AgentToolExecutionCoordinator = class AgentToolExecutionCoordinator$1 {
 	extractErrorDetails(error) {
 		return error.details;
 	}
+	/**
+	* Extracts the text content from the last assistant message in the conversation snapshot.
+	* Used to populate `agentReasoning` in the HITL suspension metadata.
+	*/
+	extractLastAssistantText(conversation) {
+		for (let i = conversation.length - 1; i >= 0; i--) {
+			const msg = conversation[i];
+			if (msg?.role !== "assistant") continue;
+			const content = msg.content;
+			if (typeof content === "string") return content;
+			if (Array.isArray(content)) {
+				const textParts = content.filter((part) => typeof part === "object" && part.type === "text").map((part) => part.text);
+				if (textParts.length > 0) return textParts.join("");
+			}
+			break;
+		}
+		return "";
+	}
 	serializeIssue(issue) {
 		const result = {
 			path: [...issue.path],
@@ -15325,6 +15388,7 @@ var AgentItemPortMap = class {
 //#endregion
 //#region ../core-nodes/src/nodes/AIAgentNode.ts
 var _ref, _ref2, _ref3, _ref4, _ref5;
+const HITL_SOLO_CONSTRAINT_SENTENCE = "This tool requires human approval and may take time. Call it alone — do not invoke other tools in the same turn. Your turn will be paused until a decision is made.";
 let AIAgentNode = class AIAgentNode$1 {
 	kind = "node";
 	outputPorts = ["main"];
@@ -15342,13 +15406,90 @@ let AIAgentNode = class AIAgentNode$1 {
 		this.connectionCredentialExecutionContextFactory = this.executionHelpers.createConnectionCredentialExecutionContextFactory(credentialSessions);
 	}
 	async execute(args) {
-		const prepared = await this.getOrPrepareExecution(args.ctx);
+		const { ctx } = args;
+		if (ctx.resumeContext) return this.executeResumed(args, ctx.resumeContext);
+		const prepared = await this.getOrPrepareExecution(ctx);
 		const itemWithMappedJson = {
 			...args.item,
 			json: args.input
 		};
 		return (await this.runAgentForItem(prepared, itemWithMappedJson, args.itemIndex, args.items)).json;
 	}
+	/**
+	* Resume path: re-enters the agent loop after a HITL suspension.
+	* Reconstructs the conversation from the checkpoint, injects the human decision
+	* as a tool_result, and continues the loop from where it suspended.
+	*/
+	async executeResumed(args, resumeContext) {
+		const { ctx } = args;
+		const taskMetadata = resumeContext.task.metadata ?? {};
+		const checkpoint = taskMetadata["agentCheckpoint"];
+		const onRejected = taskMetadata["onRejected"] ?? "return";
+		if (!checkpoint) {
+			const prepared$1 = await this.getOrPrepareExecution(ctx);
+			const itemWithMappedJson = {
+				...args.item,
+				json: args.input
+			};
+			return (await this.runAgentForItem(prepared$1, itemWithMappedJson, args.itemIndex, args.items)).json;
+		}
+		if (resumeContext.decision.kind === "decided" && resumeContext.decision.value === null && onRejected === "halt") return;
+		const decision = this.normalizeDecision(resumeContext);
+		if (decision.status === "rejected" && onRejected === "halt") return;
+		const prepared = await this.getOrPrepareExecution(ctx);
+		const item = args.item;
+		const itemInputsByPort = AgentItemPortMap.fromItem(item);
+		const itemScopedTools = this.createItemScopedTools(prepared.resolvedTools, ctx, item, args.itemIndex, args.items);
+		const toolResultEntry = {
+			toolName: checkpoint.pendingToolCallId,
+			toolCallId: checkpoint.pendingToolCallId,
+			result: decision,
+			serialized: JSON.stringify(decision)
+		};
+		const conversation = [...checkpoint.conversation, AgentMessageFactory.createToolResultsMessage([toolResultEntry])];
+		const loopResult = await this.runTurnLoopUntilFinalAnswer({
+			prepared,
+			itemInputsByPort,
+			itemScopedTools,
+			conversation,
+			resumedTurnCount: checkpoint.turnCount,
+			resumedToolCallCount: checkpoint.toolCallCount
+		});
+		await ctx.telemetry.recordMetric({
+			name: CodemationTelemetryMetricNames.agentTurns,
+			value: loopResult.turnCount
+		});
+		await ctx.telemetry.recordMetric({
+			name: CodemationTelemetryMetricNames.agentToolCalls,
+			value: loopResult.toolCallCount
+		});
+		const outputJson = await this.resolveFinalOutputJson(prepared, itemInputsByPort, conversation, loopResult.finalText, itemScopedTools.length > 0);
+		return this.buildOutputItem(item, outputJson).json;
+	}
+	/**
+	* Normalizes a {@link ResumeContext} decision into a flat JSON-serializable shape
+	* suitable for injection as a tool_result content.
+	*/
+	normalizeDecision(resumeContext) {
+		const { decision } = resumeContext;
+		if (decision.kind === "decided") {
+			const value = decision.value;
+			return {
+				status: (typeof value === "object" && value !== null && "approved" in value ? Boolean(value["approved"]) : true) ? "approved" : "rejected",
+				value: decision.value,
+				actor: decision.actor,
+				decidedAt: decision.decidedAt.toISOString()
+			};
+		}
+		if (decision.kind === "timed_out") return {
+			status: "timed_out",
+			at: decision.at.toISOString()
+		};
+		return {
+			status: "auto_accepted",
+			at: decision.at.toISOString()
+		};
+	}
 	async getOrPrepareExecution(ctx) {
 		let pending = this.preparedByExecutionContext.get(ctx);
 		if (!pending) {
@@ -15469,7 +15610,7 @@ let AIAgentNode = class AIAgentNode$1 {
 		const { prepared, itemInputsByPort, itemScopedTools, conversation } = args;
 		const { ctx, guardrails, toolLoadingStrategy } = prepared;
 		let finalText = "";
-		let toolCallCount = 0;
+		let toolCallCount = args.resumedToolCallCount ?? 0;
 		let turnCount = 0;
 		const repairAttemptsByToolName = /* @__PURE__ */ new Map();
 		/** Tool IDs surfaced by find_tools across all prior turns in this item run. */
@@ -15510,11 +15651,17 @@ let AIAgentNode = class AIAgentNode$1 {
 				const plannedToolCalls = this.planToolCalls(itemScopedTools, coordinatorCalls, ctx.nodeId);
 				toolCallCount += plannedToolCalls.length;
 				await this.markQueuedTools(plannedToolCalls, ctx);
+				const assistantMsg = result.assistantMessage ?? AgentMessageFactory.createAssistantWithToolCalls(result.text, result.toolCalls);
+				const conversationWithAssistant = [...conversation, assistantMsg];
 				const executed = await this.toolExecutionCoordinator.execute({
 					plannedToolCalls,
 					ctx,
 					agentName: this.getAgentDisplayName(ctx),
-					repairAttemptsByToolName
+					repairAttemptsByToolName,
+					conversationSnapshot: conversationWithAssistant,
+					turnCount,
+					toolCallCount,
+					modelId: this.resolveChatModelName(ctx.config.chatModel)
 				});
 				coordinatorExecutedCalls.push(...executed);
 			}
@@ -15576,6 +15723,7 @@ let AIAgentNode = class AIAgentNode$1 {
 				connectionNodeId: ConnectionNodeIdFactory.toolConnectionNodeId(ctx.nodeId, entry.config.name),
 				getCredentialRequirements: () => entry.config.getCredentialRequirements?.() ?? []
 			});
+			const hitlBehavior = this.resolveHumanApprovalBehavior(entry.config);
 			return {
 				config: entry.config,
 				inputSchema: entry.runtime.inputSchema,
@@ -15590,11 +15738,22 @@ let AIAgentNode = class AIAgentNode$1 {
 						items,
 						hooks
 					});
-				}
+				},
+				...hitlBehavior !== void 0 ? { humanApproval: hitlBehavior } : {}
 			};
 		});
 	}
 	/**
+	* Detects whether a tool config is backed by a `defineHumanApprovalNode` marker
+	* and returns the HITL behavior config, or `undefined` when not a HITL tool.
+	*/
+	resolveHumanApprovalBehavior(config) {
+		if (!this.isNodeBackedToolConfig(config)) return void 0;
+		const marker$3 = config.node.humanApprovalToolBehavior;
+		if (marker$3 === void 0) return void 0;
+		return { onRejected: marker$3.onRejected ?? "return" };
+	}
+	/**
 	* Invoke a text turn using the merged tool set from item-scoped tools (coordinator-managed)
 	* and strategy tools (find_tools + discovered MCP tools).
 	* Strategy tools take precedence for names that overlap.
@@ -15624,6 +15783,8 @@ let AIAgentNode = class AIAgentNode$1 {
 	/**
 	* Builds a ToolSet from resolved tools for strategy initialization.
 	* The strategy uses this for its "always-included" node-backed tool descriptions.
+	* HITL tools (detected via the `humanApprovalToolBehavior` field set by `defineHumanApprovalNode`) get the solo-constraint sentence
+	* appended to their description.
 	*/
 	buildToolSetFromResolved(resolvedTools) {
 		if (resolvedTools.length === 0) return {};
@@ -15633,8 +15794,10 @@ let AIAgentNode = class AIAgentNode$1 {
 				schemaName: entry.config.name,
 				requireObjectRoot: true
 			});
+			const baseDescription = entry.config.description ?? entry.runtime.defaultDescription;
+			const description = this.resolveHumanApprovalBehavior(entry.config) !== void 0 ? `${baseDescription} ${HITL_SOLO_CONSTRAINT_SENTENCE}` : baseDescription;
 			toolSet[entry.config.name] = {
-				description: entry.config.description ?? entry.runtime.defaultDescription,
+				description,
 				inputSchema: jsonSchema(schemaRecord)
 			};
 		}
@@ -15662,8 +15825,10 @@ let AIAgentNode = class AIAgentNode$1 {
 				schemaName: entry.config.name,
 				requireObjectRoot: true
 			});
+			const baseDescription = entry.config.description;
+			const description = entry.humanApproval !== void 0 && baseDescription !== void 0 ? `${baseDescription} ${HITL_SOLO_CONSTRAINT_SENTENCE}` : entry.humanApproval !== void 0 ? HITL_SOLO_CONSTRAINT_SENTENCE : baseDescription;
 			toolSet[entry.config.name] = {
-				description: entry.config.description,
+				description,
 				inputSchema: jsonSchema(schemaRecord)
 			};
 		}
@@ -15831,7 +15996,11 @@ let AIAgentNode = class AIAgentNode$1 {
 		});
 		try {
 			const callOptions = this.resolveCallOptions(model, guardrails.modelInvocationOptions);
-			const outputSchema$1 = structuredOptions?.strict && !this.isZodSchema(schema) ? output_exports.object({ schema: jsonSchema(schema) }) : output_exports.object({ schema });
+			const schemaRecord = this.isZodSchema(schema) ? this.executionHelpers.createJsonSchemaRecord(schema, {
+				schemaName: structuredOptions?.schemaName ?? "structured_output",
+				requireObjectRoot: true
+			}) : schema;
+			const outputSchema$1 = output_exports.object({ schema: jsonSchema(schemaRecord) });
 			const result = await generateText({
 				model: model.languageModel,
 				messages: [...messages],
@@ -17755,6 +17924,173 @@ const collectionDeleteNode = defineNode({
 	}
 });
 
+//#endregion
+//#region ../core-nodes/src/nodes/InboxApprovalNode.types.ts
+function resolveSubjectField(field, item) {
+	return typeof field === "function" ? field({ item }) : field;
+}
+/**
+* Auto-detecting inbox approval node.
+*
+* Uses `ctx.resolve(InboxChannelResolverToken)` to pick the right inbox channel
+* at runtime:
+* - In managed mode (PairingConfig present): routes to the control-plane inbox.
+* - Otherwise: routes to the local inbox.
+*
+* Authors use this node directly; no extra wiring needed per deployment mode.
+*/
+const inboxApproval = defineHumanApprovalNode({
+	key: "inbox.approval",
+	title: "Inbox Approval",
+	description: "Suspend and wait for a human reviewer to approve or reject.",
+	icon: "lucide:inbox",
+	channel: "inbox",
+	configSchema: z$1.object({
+		title: z$1.custom((v$1) => typeof v$1 === "string" || typeof v$1 === "function"),
+		body: z$1.custom((v$1) => typeof v$1 === "string" || typeof v$1 === "function"),
+		priority: z$1.enum([
+			"low",
+			"normal",
+			"high"
+		]).default("normal"),
+		timeout: z$1.string().default("24h"),
+		onTimeout: z$1.enum(["halt", "auto-accept"]).default("halt")
+	}),
+	decisionSchema: z$1.object({
+		approved: z$1.boolean(),
+		note: z$1.string().optional()
+	}),
+	defaultTimeout: "24h",
+	defaultOnTimeout: "halt",
+	async deliver({ task, config, item }, ctx) {
+		const resolver = ctx.resolve(InboxChannelResolverToken);
+		if (!resolver) throw new Error("inboxApproval: no InboxChannelResolver registered. Ensure the host DI container is wired.");
+		const { channel, workspaceId } = resolver.resolve();
+		const subject = {
+			title: resolveSubjectField(config.title, item),
+			summary: resolveSubjectField(config.body, item),
+			attributes: {
+				workflowId: ctx.workflowId,
+				item: item.json
+			}
+		};
+		const delivery = await channel.deliver({
+			task,
+			subject,
+			priority: config.priority,
+			item,
+			workspaceId
+		});
+		ctx.telemetry.addSpanEvent({
+			name: "hitl.task.delivered",
+			attributes: {
+				taskId: task.taskId,
+				channel: channel.kind
+			}
+		});
+		return delivery;
+	},
+	async onDecision({ decision, actor, delivery }, ctx) {
+		const resolver = ctx.resolve(InboxChannelResolverToken);
+		if (!resolver) return;
+		const { channel } = resolver.resolve();
+		await channel.updateOnDecision?.({
+			delivery,
+			decision,
+			actor
+		});
+	},
+	async onTimeout({ delivery, policy }, ctx) {
+		const resolver = ctx.resolve(InboxChannelResolverToken);
+		if (!resolver) return;
+		const { channel } = resolver.resolve();
+		await channel.updateOnTimeout?.({
+			delivery,
+			policy
+		});
+	}
+});
+
+//#endregion
+//#region ../core-nodes/src/nodes/codemationDocumentScannerNode.ts
+const ANALYZER_TYPES = [
+	"document",
+	"invoice",
+	"image",
+	"auto"
+];
+const codemationDocumentScannerNode = defineNode({
+	key: "codemation.document-scanner",
+	title: "Codemation Document Scanner",
+	description: "Analyzes a binary attachment (document or image) via the managed Codemation document-scanning service and returns markdown text plus structured fields. No Azure credential required — auth uses the workspace pairing secret. Enable includeConfidence to get per-field confidence scores (0–1).",
+	icon: "lucide:scan-text",
+	input: {
+		binaryField: "data",
+		analyzerType: "auto",
+		contentType: void 0,
+		includeConfidence: false,
+		maxBytes: void 0
+	},
+	configSchema: z$1.object({
+		binaryField: z$1.string().optional(),
+		analyzerType: z$1.enum(ANALYZER_TYPES).optional(),
+		contentType: z$1.string().optional(),
+		includeConfidence: z$1.boolean().optional(),
+		maxBytes: z$1.number().int().positive().optional()
+	}),
+	inspectorSummary({ config }) {
+		const cfg = config;
+		const rows = [{
+			label: "Analyzer type",
+			value: cfg.analyzerType ?? "auto"
+		}];
+		const binaryField = cfg.binaryField ?? "data";
+		if (binaryField !== "data") rows.push({
+			label: "Binary field",
+			value: binaryField
+		});
+		if (cfg.includeConfidence) rows.push({
+			label: "Confidence",
+			value: "enabled"
+		});
+		if (cfg.contentType) rows.push({
+			label: "Content type",
+			value: cfg.contentType
+		});
+		return rows;
+	},
+	async execute({ item, ctx }, { config: rawConfig }) {
+		const config = rawConfig;
+		const gatewayUrl = process.env["DOC_SCANNER_GATEWAY_URL"];
+		if (!gatewayUrl) throw new Error("Codemation Document Scanner not available in this environment (DOC_SCANNER_GATEWAY_URL is not set).");
+		const workspaceId = process.env["WORKSPACE_ID"];
+		const pairingSecret = process.env["WORKSPACE_PAIRING_SECRET"];
+		if (!workspaceId || !pairingSecret) throw new Error("Codemation Document Scanner not available (workspace pairing is not configured).");
+		const binaryField = config.binaryField ?? "data";
+		const attachment = item.binary?.[binaryField];
+		if (!attachment) throw new Error(`Codemation Document Scanner: no binary attachment at key "${binaryField}".`);
+		const body = await ctx.binary.getBytes(attachment, config.maxBytes);
+		const contentType = config.contentType ?? attachment.mimeType ?? "application/octet-stream";
+		const analyzerType = config.analyzerType ?? "auto";
+		const confidenceSuffix = config.includeConfidence ?? false ? "&confidence=true" : "";
+		const url = `${gatewayUrl}/analyze?type=${encodeURIComponent(analyzerType)}${confidenceSuffix}`;
+		const response = await managedHmacFetchFactory(workspaceId, pairingSecret, { signBody: false })(url, {
+			method: "POST",
+			body: body.buffer,
+			headers: {
+				"Content-Type": contentType,
+				"Content-Length": String(body.byteLength),
+				"X-Codemation-Caller": "workflow-node"
+			}
+		});
+		if (!response.ok) {
+			const text$1 = await response.text().catch(() => "(unreadable)");
+			throw new Error(`Codemation Document Scanner: service responded ${response.status} ${response.statusText} — ${text$1}`);
+		}
+		return await response.json();
+	}
+});
+
 //#endregion
 //#region ../host/src/presentation/config/CodemationAuthoring.types.ts
 var CodemationAuthoringConfigFactory = class {