@codemation/core-nodes 0.13.0 → 0.14.0

package/dist/index.cjs

@@ -33,9 +33,6 @@ let croner = require("croner");
 croner = __toESM(croner);
 
 //#region src/credentials/ApiKeyCredentialType.ts
-/**
-* API key credential that injects a key either as an HTTP header or a query parameter.
-*/
 const apiKeyCredentialType = (0, __codemation_core.defineCredential)({
 	key: "core-nodes.api-key",
 	label: "API Key",
@@ -83,10 +80,6 @@ const apiKeyCredentialType = (0, __codemation_core.defineCredential)({
 
 //#endregion
 //#region src/credentials/BasicAuthCredentialType.ts
-/**
-* HTTP Basic authentication credential.
-* Session sets `Authorization: Basic <base64(username:password)>`.
-*/
 const basicAuthCredentialType = (0, __codemation_core.defineCredential)({
 	key: "core-nodes.basic-auth",
 	label: "Basic Auth",
@@ -124,10 +117,6 @@ const basicAuthCredentialType = (0, __codemation_core.defineCredential)({
 
 //#endregion
 //#region src/credentials/BearerTokenCredentialType.ts
-/**
-* Simple Bearer token credential.
-* Session sets `Authorization: Bearer <token>` on every request.
-*/
 const bearerTokenCredentialType = (0, __codemation_core.defineCredential)({
 	key: "core-nodes.bearer-token",
 	label: "Bearer Token",
@@ -186,24 +175,6 @@ var OAuth2TokenExchangeFactory = class {
 
 //#endregion
 //#region src/credentials/OAuth2ClientCredentialsTypeFactory.ts
-/**
-* OAuth2 client-credentials flow credential.
-*
-* This is a machine-to-machine flow: no user redirect occurs. The session
-* POSTs to the configured `tokenUrl` with `client_credentials` grant, caches
-* the resulting access token for the duration of the session, and injects it
-* as `Authorization: Bearer <token>` on each request.
-*
-* Token caching is per-session only (one createSession call = one token fetch
-* at most). Cross-session caching would require host-level state and is out of
-* scope here. Because the engine creates a fresh session per execution, a new
-* token is fetched once per node activation.
-*
-* NOTE: `auth` is intentionally omitted from the definition. The OAuth2
-* `auth: { kind: "oauth2" }` shape signals an authorization-code / user-redirect
-* flow; using it here would cause the host UI to render an OAuth consent button
-* that goes nowhere. Client-credentials is a purely server-side flow.
-*/
 const oauth2ClientCredentialsType = (0, __codemation_core.defineCredential)({
 	key: "core-nodes.oauth2-client-credentials",
 	label: "OAuth2 Client Credentials",
@@ -287,10 +258,6 @@ const oauth2ClientCredentialsType = (0, __codemation_core.defineCredential)({
 
 //#endregion
 //#region src/http/SSRFBlockedError.ts
-/**
-* Thrown when an HTTP request target resolves to a private, link-local, or
-* loopback address and `allowPrivateNetworkTargets` is not set.
-*/
 var SSRFBlockedError = class extends Error {
 	resolvedIp;
 	constructor(host, resolvedIp) {
@@ -302,26 +269,7 @@ var SSRFBlockedError = class extends Error {
 
 //#endregion
 //#region src/http/SsrfGuard.ts
-/** Emitted once per process when NODE_ENV=production and no allowedOutboundHosts is set. */
 let _productionNoAllowlistWarned = false;
-/**
-* Guards HTTP requests against Server-Side Request Forgery (SSRF) by
-* DNS-resolving the target host and rejecting private/link-local/loopback
-* addresses.
-*
-* Blocked ranges:
-* - RFC-1918: 10/8, 172.16/12, 192.168/16
-* - Link-local: 169.254/16
-* - Loopback: 127/8, ::1
-*
-* When `allowedOutboundHosts` is set, every resolved DNS target must match
-* at least one entry in the list (exact hostname or `*.example.com` wildcard).
-* When unset, existing behaviour applies: private ranges blocked, public allowed.
-*
-* Call {@link check} before making any outbound HTTP request.
-* Pass `allowPrivate: true` to bypass the private-network guard for trusted workflows
-* (allowedOutboundHosts allowlist is still applied when set).
-*/
 var SsrfGuard = class {
 	constructor(allowedOutboundHosts) {
 		this.allowedOutboundHosts = allowedOutboundHosts;
@@ -330,15 +278,6 @@ var SsrfGuard = class {
 			console.warn("[SsrfGuard] WARNING: NODE_ENV=production but no allowedOutboundHosts is configured for HttpRequest. All public destinations are permitted. Set allowedOutboundHosts to restrict outbound traffic.");
 		}
 	}
-	/**
-	* Resolves the host of `url` via DNS and throws {@link SSRFBlockedError}
-	* if any resolved address falls in a blocked range, or if the host does not
-	* match the operator-configured allowlist (when set).
-	*
-	* @param url - Fully-qualified URL of the intended request target.
-	* @param allowPrivate - When `true`, the private-network check is skipped.
-	*   The allowedOutboundHosts check is still applied when set.
-	*/
 	async check(url, allowPrivate) {
 		if (allowPrivate && !this.allowedOutboundHosts?.length) return;
 		let host;
@@ -362,10 +301,6 @@ var SsrfGuard = class {
 		}
 		for (const { address } of addresses) if (this.isPrivateAddress(address)) throw new SSRFBlockedError(host, address);
 	}
-	/**
-	* Returns true when `host` matches at least one entry in `allowedOutboundHosts`.
-	* Supports exact hostnames (`api.example.com`) and wildcard prefixes (`*.example.com`).
-	*/
 	isHostAllowed(host) {
 		for (const allowed of this.allowedOutboundHosts ?? []) if (allowed.startsWith("*.")) {
 			const suffix = allowed.slice(1);
@@ -399,21 +334,6 @@ var SsrfGuard = class {
 
 //#endregion
 //#region src/http/HttpRequestExecutor.ts
-/**
-* Executes a single HTTP request described by {@link HttpRequestSpec}.
-*
-* - Credential sessions provide header/query deltas via `applyToRequest`.
-* - Body encoding is delegated to {@link HttpBodyBuilder}.
-* - URL query merging is delegated to {@link HttpUrlBuilder}.
-* - SSRF protection is delegated to {@link SsrfGuard} (injected).
-* - Binary response bodies: when `download.mode` triggers binary attach, the
-*   `bodyBinaryName` field is set in the result but the body is NOT read here.
-*   Callers that need binary attachment should use `buildRequest` to get the
-*   resolved URL + init and make the fetch + binary attach themselves.
-*
-* Collaborators (`fetch`, body builder, url builder, ssrfGuard) are injected so
-* callers own construction at composition roots and tests can supply deterministic stubs.
-*/
 var HttpRequestExecutor = class {
 	constructor(fetchFn, bodyBuilder, urlBuilder, ssrfGuard) {
 		this.fetchFn = fetchFn;
@@ -421,14 +341,6 @@ var HttpRequestExecutor = class {
 		this.urlBuilder = urlBuilder;
 		this.ssrfGuard = ssrfGuard;
 	}
-	/**
-	* Builds the fetch init (headers, query, body) from the spec + credential delta,
-	* returning both the resolved URL and the RequestInit so callers can make the
-	* actual fetch call themselves (useful for streaming / binary attach).
-	*
-	* Also performs SSRF protection via the injected {@link SsrfGuard} before
-	* returning — throws {@link SSRFBlockedError} if the target is a private address.
-	*/
 	async buildRequest(spec, item) {
 		await this.ssrfGuard.check(spec.url, spec.allowPrivateNetworkTargets ?? false);
 		const credentialDelta = spec.credential?.applyToRequest(spec) ?? {};
@@ -452,12 +364,6 @@ var HttpRequestExecutor = class {
 			}
 		};
 	}
-	/**
-	* Executes an HTTP request and returns parsed result.
-	* For binary downloads (when `shouldAttachBody` is true), the body is NOT consumed
-	* and callers must call `ctx.binary.attach` directly using the resolved URL + init
-	* (available via `buildRequest`).
-	*/
 	async execute(spec, item) {
 		const { url: resolvedUrl, init } = await this.buildRequest(spec, item);
 		const response = await this.fetchFn(resolvedUrl, init);
@@ -514,10 +420,6 @@ var HttpRequestExecutor = class {
 
 //#endregion
 //#region src/http/HttpBodyBuilder.ts
-/**
-* Builds a fetch-compatible `BodyInit` + Content-Type pair from an {@link HttpBodySpec}.
-* Multipart binaries are read from `item.binary` via `ctx.binary.openReadStream`.
-*/
 var HttpBodyBuilder = class {
 	async build(spec, item, ctx) {
 		if (!spec || spec.kind === "none") return;
@@ -588,10 +490,6 @@ var HttpBodyBuilder = class {
 
 //#endregion
 //#region src/http/HttpUrlBuilder.ts
-/**
-* Merges query parameters into a base URL.
-* Handles both scalar and array values, and preserves any existing params.
-*/
 var HttpUrlBuilder = class {
 	build(baseUrl, query) {
 		if (!query || Object.keys(query).length === 0) return baseUrl;
@@ -604,39 +502,12 @@ var HttpUrlBuilder = class {
 
 //#endregion
 //#region src/authoring/defineRestNode.types.ts
-/**
-* Substitutes `{name}` placeholders in a path template using values from `params`.
-*/
 function substitutePath(template, params) {
 	return template.replace(/\{([^}]+)}/g, (_match, key) => {
 		const value = params[key];
 		return value !== void 0 ? String(value) : `{${key}}`;
 	});
 }
-/**
-* Declarative helper for creating thin API-wrapper nodes.
-*
-* Usage:
-* ```ts
-* export const postMessage = defineRestNode({
-*   key: "slack.post-message",
-*   title: "Send Slack message",
-*   icon: "si:slack",
-*   api: { baseUrl: "https://slack.com/api", path: "/chat.postMessage", method: "POST" },
-*   credentials: { auth: bearerTokenCredentialType },
-*   inputSchema: z.object({ channel: z.string(), text: z.string() }),
-*   request: ({ input }) => ({
-*     body: { kind: "json", data: { channel: input.channel, text: input.text } },
-*   }),
-*   response: ({ json }) => ({ messageTs: (json as any).ts }),
-* });
-* ```
-*
-* - `defineRestNode` is a thin wrapper over `defineNode`; it does not introduce a new runtime kind.
-* - Credential sessions are resolved via the `credentials` binding map (same as `defineNode`).
-* - Path `{placeholder}` substitution is applied from `input` keys before the request is made.
-* - Non-2xx responses throw an `Error` by default (`errorPolicy: "throw"`).
-*/
 function defineRestNode(options) {
 	const errorPolicy = options.errorPolicy ?? "throw";
 	return (0, __codemation_core.defineNode)({
@@ -4174,11 +4045,6 @@ function toJSONSchema(input, params) {
 
 //#endregion
 //#region src/nodes/ConnectionCredentialExecutionContextFactory.ts
-/**
-* Builds a {@link NodeExecutionContext} whose identity for credential binding and `getCredential`
-* is a **connection-owned** workflow node id (`ConnectionNodeIdFactory` in `@codemation/core`),
-* not the executing parent node. Use for LLM slots, tool slots, or any connection-scoped owner.
-*/
 var ConnectionCredentialExecutionContextFactory = class {
 	credentialResolverFactory;
 	constructor(credentialSessions) {
@@ -4201,15 +4067,6 @@ let AIAgentExecutionHelpersFactory = class AIAgentExecutionHelpersFactory$1 {
 	createConnectionCredentialExecutionContextFactory(credentialSessions) {
 		return new ConnectionCredentialExecutionContextFactory(credentialSessions);
 	}
-	/**
-	* Produces a plain JSON Schema object (`draft-07`) from a Zod schema, as needed by
-	* OpenAI tool-parameter schemas and the structured-output repair prompt.
-	* - Prefers the schema's **instance** `toJSONSchema(...)` method so we stay inside the Zod
-	*   instance that created the schema (works across consumer/framework tsx namespaces — see
-	*   {@link ZodInstanceToJsonSchema}). Falls back to the framework-imported module function.
-	* - Strips root `$schema` (OpenAI ignores it).
-	* - Sanitizes `required` for cfworker json-schema compatibility (must be a string array or absent).
-	*/
 	createJsonSchemaRecord(inputSchema, options) {
 		const { $schema: _draftSchemaOmitted,...rest } = this.convertZodSchemaToJsonSchema(inputSchema, { target: "draft-07" });
 		if (options.requireObjectRoot && rest.type !== "object") throw new Error(`Cannot create tool "${options.schemaName}": tool input schema must be a JSON Schema object type (got type=${String(rest.type)}).`);
@@ -4218,20 +4075,11 @@ let AIAgentExecutionHelpersFactory = class AIAgentExecutionHelpersFactory$1 {
 		this.sanitizeJsonSchemaRequiredKeywordsForCfworker(rest);
 		return rest;
 	}
-	/**
-	* Runs Zod's `toJSONSchema` via the schema's own instance method when available, so consumer
-	* schemas loaded under a different tsx namespace still convert correctly. If the caller handed us
-	* a payload that lacks that method (e.g. a plain JSON Schema record or a Zod instance whose
-	* prototype was stripped), we fall back to the framework-bundled module function.
-	*/
 	convertZodSchemaToJsonSchema(inputSchema, params) {
 		const candidate = inputSchema.toJSONSchema;
 		if (typeof candidate === "function") return candidate.call(inputSchema, params);
 		return toJSONSchema(inputSchema, params);
 	}
-	/**
-	* `@cfworker/json-schema` iterates `schema.required` with `for...of`; it must be a string array or absent.
-	*/
 	sanitizeJsonSchemaRequiredKeywordsForCfworker(node$20) {
 		if (!node$20 || typeof node$20 !== "object" || Array.isArray(node$20)) return;
 		const o = node$20;
@@ -4378,11 +4226,6 @@ var OpenAIChatModelConfig = class {
 
 //#endregion
 //#region src/chatModels/OpenAiChatModelPresetsFactory.ts
-/**
-* Default OpenAI chat model configs for scaffolds and demos (icon + label match {@link OpenAIChatModelConfig} defaults).
-* Prefer importing {@link openAiChatModelPresets} from here or from the consumer template re-export
-* instead of repeating {@link OpenAIChatModelConfig} construction in app workflows.
-*/
 var OpenAiChatModelPresets = class {
 	demoGpt4oMini = new OpenAIChatModelConfig("OpenAI", "gpt-4o-mini");
 	demoGpt41 = new OpenAIChatModelConfig("OpenAI", "gpt-4.1");
@@ -4391,19 +4234,6 @@ const openAiChatModelPresets = new OpenAiChatModelPresets();
 
 //#endregion
 //#region src/chatModels/ManagedHmacSignerFactory.types.ts
-/**
-* Creates an HMAC-signing fetch wrapper that authenticates requests to
-* Codemation managed services (LLM broker, doc-scanner) with the
-* Codemation-Hmac v=1 scheme.
-*
-* Mirrors HmacRequestSigner from @codemation/host/pairing without importing
-* that package (which would create a circular dependency since @codemation/host
-* depends on @codemation/core-nodes).
-*
-* @param workspaceId   - Workspace identifier injected by the CP provisioner.
-* @param pairingSecret - Base64-encoded 32-byte HMAC key injected by the provisioner.
-* @param options       - Optional behaviour flags and test seams.
-*/
 function managedHmacFetchFactory(workspaceId, pairingSecret, options) {
 	const signBody = options?.signBody ?? true;
 	return async (input, init) => {
@@ -4422,10 +4252,6 @@ function managedHmacFetchFactory(workspaceId, pairingSecret, options) {
 		});
 	};
 }
-/**
-* Produces a Codemation-Hmac v=1 Authorization header value.
-* Algorithm must match HmacVerifier.computeSignature() in the control-plane.
-*/
 function buildHmacAuthHeader(workspaceId, pairingSecret, method, url, body, overrides) {
 	const ts = overrides?.now ? overrides.now() : Math.floor(Date.now() / 1e3);
 	const nonce = overrides?.nonce ? overrides.nonce() : (0, node_crypto.randomBytes)(16).toString("base64");
@@ -4488,12 +4314,7 @@ var CodemationChatModelConfig = class {
 
 //#endregion
 //#region src/nodes/AgentToolResultContentFactory.ts
-/**
-* Cap on raw (pre-base64) bytes inlined from a single tool result. Base64 inflates ~33% and every
-* inlined byte eats model context, so oversize binaries are replaced with a text placeholder.
-*/
 const MAX_INLINE_BYTES = 8 * 1024 * 1024;
-/** MCP content-block discriminators. At least one must appear for a result to be treated as MCP-shaped. */
 const KNOWN_MCP_BLOCK_TYPES = new Set([
 	"text",
 	"image",
@@ -4501,19 +4322,6 @@ const KNOWN_MCP_BLOCK_TYPES = new Set([
 	"resource",
 	"resource_link"
 ]);
-/**
-* Maps a tool result that is **content-block-shaped** (an MCP `CallToolResult` with a `content`
-* array) into AI SDK `{ type: "content" }` tool-result output, so binaries reach the chat model as
-* native multimodal tool-result blocks instead of being flattened to inert JSON text.
-*
-* The `@ai-sdk/anthropic` provider maps a `content`-output part as follows:
-* `text` → text block, `image-data` → image block, `file-data` (only `application/pdf`) → document
-* block. Non-PDF `file-data` is dropped by the provider, so this factory emits `image-data` for
-* images, `file-data` only for PDFs, and a text marker for every other binary type.
-*
-* Returns `undefined` when the result is not content-block-shaped — callers keep the existing
-* `{ type: "json" }` path, so plain string/object tool results are unaffected.
-*/
 var AgentToolResultContentFactory = class AgentToolResultContentFactory {
 	static tryMapToContentOutput(result) {
 		const blocks = AgentToolResultContentFactory.contentBlocks(result);
@@ -4527,12 +4335,6 @@ var AgentToolResultContentFactory = class AgentToolResultContentFactory {
 		}
 		return parts;
 	}
-	/**
-	* Returns the `content` array iff `result` is an object whose `content` is an array of typed
-	* blocks AND at least one block carries a known MCP discriminator. A plain JSON result that merely
-	* has a `content` key of some other shape (e.g. Notion/Slack rich-text blocks) is rejected,
-	* preserving the `{ type: "json" }` path so its payload is never lost.
-	*/
 	static contentBlocks(result) {
 		if (result === null || typeof result !== "object") return void 0;
 		const content = result.content;
@@ -4637,19 +4439,10 @@ var AgentToolResultContentFactory = class AgentToolResultContentFactory {
 
 //#endregion
 //#region src/nodes/AgentMessageFactory.ts
-/**
-* AI-SDK-shaped message construction for the AIAgent stack. Emits plain `ModelMessage[]`
-* ( `{ role: 'system' | 'user' | 'assistant' | 'tool', content: ... }` ) as consumed by
-* `generateText({ messages })` from the `ai` package.
-*/
 var AgentMessageFactory = class AgentMessageFactory {
 	static createPromptMessages(messages) {
 		return messages.map((message) => this.createPromptMessage(message));
 	}
-	/**
-	* Builds the assistant message that contains optional text plus one or more tool-call parts,
-	* matching the shape AI SDK emits between steps.
-	*/
 	static createAssistantWithToolCalls(text, toolCalls) {
 		const content = [];
 		if (text && text.length > 0) content.push({
@@ -4667,10 +4460,6 @@ var AgentMessageFactory = class AgentMessageFactory {
 			content
 		};
 	}
-	/**
-	* Builds the `{ role: "tool", content: [{ type: "tool-result", ... }, ...] }` message returned
-	* to the model after each tool round.
-	*/
 	static createToolResultsMessage(executedToolCalls, passToolBinariesToModel = true) {
 		return {
 			role: "tool",
@@ -4682,11 +4471,6 @@ var AgentMessageFactory = class AgentMessageFactory {
 			}))
 		};
 	}
-	/**
-	* Routes a tool result to a native multimodal `{ type: "content" }` output when it is
-	* content-block-shaped (an MCP `CallToolResult`) and binary passdown is enabled; otherwise keeps
-	* the inert `{ type: "json" }` path.
-	*/
 	static toToolResultOutput(result, passToolBinariesToModel) {
 		if (passToolBinariesToModel) {
 			const content = AgentToolResultContentFactory.tryMapToContentOutput(result);
@@ -5496,10 +5280,6 @@ let AgentStructuredOutputRunner = class AgentStructuredOutputRunner$1 {
 		}
 		throw new Error(`Structured output required for AIAgent "${args.agentName}" (${args.nodeId}) but validation still failed after ${_AgentStructuredOutputRunner.repairAttemptCount} repair attempts: ${failure.validationError}`);
 	}
-	/**
-	* Chooses strict mode for OpenAI chat-model configs, off otherwise.  Extendable in future for
-	* other providers that adopt the same "supply a JSON Schema record directly" contract.
-	*/
 	resolveStructuredOutputOptions(chatModelConfig) {
 		if (chatModelConfig.type !== OpenAIChatModelFactory) return;
 		return {
@@ -5982,10 +5762,6 @@ let AgentToolExecutionCoordinator = class AgentToolExecutionCoordinator$1 {
 	extractErrorDetails(error) {
 		return error.details;
 	}
-	/**
-	* Extracts the text content from the last assistant message in the conversation snapshot.
-	* Used to populate `agentReasoning` in the HITL suspension metadata.
-	*/
 	extractLastAssistantText(conversation) {
 		for (let i = conversation.length - 1; i >= 0; i--) {
 			const msg = conversation[i];
@@ -6020,16 +5796,6 @@ AgentToolExecutionCoordinator = __decorate([
 
 //#endregion
 //#region src/nodes/AgentBinaryContentFactory.ts
-/**
-* Turns resolved file binaries into native AI SDK multimodal content parts and merges them into the
-* agent prompt. Images (`image/*`) become {@link ImagePart}s; every other type (PDFs, office docs,
-* CSV, JSON, …) becomes a {@link FilePart}. The provider maps these to its wire-level `image` /
-* `document` blocks; an unsupported file type surfaces as a provider error at runtime.
-*
-* Parts are appended to the LAST user message so the binary travels alongside the author's prompt
-* text (preserving any untrusted-source preamble that already wrapped that text). When no user
-* message exists, a new user message carrying only the binaries is appended.
-*/
 var AgentBinaryContentFactory = class AgentBinaryContentFactory {
 	static toContentPart(binary) {
 		if (binary.mediaType.startsWith("image/")) return {
@@ -6108,20 +5874,6 @@ let NodeBackedToolRuntime = class NodeBackedToolRuntime$1 {
 			outputs
 		});
 	}
-	/**
-	* Returns a re-rooted child ctx for nested-agent tools (so their LLM/tool connection ids derive
-	* from the tool connection node, telemetry parents under the tool-call span, and connection
-	* invocations carry `parentInvocationId`). Plain runnable tools (non-agent) keep the orchestrator
-	* ctx with only `config` swapped — no nesting concern.
-	*
-	* The caller (`AIAgentNode.createItemScopedTools`) already wraps the orchestrator ctx via
-	* `ConnectionCredentialExecutionContextFactory.forConnectionNode`, so `args.ctx.nodeId` is the
-	* tool's own connection node id (e.g. `AIAgentNode:2__conn__tool__searchInMail`). We pass that
-	* through as the sub-agent's `nodeId`; deriving another `toolConnectionNodeId(args.ctx.nodeId,
-	* config.name)` here would prepend a duplicate `__conn__tool__<name>` segment and exponentially
-	* deepen ids on each invocation, which also breaks credential resolution because user-provided
-	* bindings sit on the single-level connection node id.
-	*/
 	resolveNodeCtx(config$1, args) {
 		const isNestedAgent = __codemation_core.AgentConfigInspector.isAgentNodeConfig(config$1.node);
 		const hooks = args.hooks;
@@ -6186,22 +5938,12 @@ NodeBackedToolRuntime = __decorate([
 
 //#endregion
 //#region src/nodes/BM25Index.ts
-/**
-* Minimal BM25 (Okapi BM25) implementation for indexing MCP tool descriptions.
-*
-* Parameters: k1=1.5, b=0.75 (standard defaults).
-* Tokenisation: lowercase, split on non-alphanumerics, filter empties.
-*/
 var BM25Index = class {
 	k1 = 1.5;
 	b = .75;
 	tf = [];
 	df = /* @__PURE__ */ new Map();
 	avgDocLen = 0;
-	/**
-	* Add all documents at once. After calling this, search is available.
-	* Documents are indexed in insertion order; search returns their indices.
-	*/
 	add(docs) {
 		const docTerms = docs.map((d) => this.tokenize(d));
 		let totalLen = 0;
@@ -6214,10 +5956,6 @@ var BM25Index = class {
 		}
 		this.avgDocLen = docTerms.length > 0 ? totalLen / docTerms.length : 0;
 	}
-	/**
-	* Returns up to `limit` document indices ranked by BM25 score (highest first).
-	* Returns an empty array if the index is empty or the query matches nothing.
-	*/
 	search(query, limit) {
 		const n = this.tf.length;
 		if (n === 0) return [];
@@ -6258,26 +5996,12 @@ const PINNED_TOOLS_SOFT_LIMIT = 8;
 const PINNED_TOOLS_HARD_LIMIT = 16;
 const FIND_TOOLS_NAME = "find_tools";
 const FIND_TOOLS_DEFAULT_LIMIT = 5;
-/**
-* Default tool-loading strategy: BM25-indexed MCP tool deferral via a `find_tools` meta-tool.
-*
-* - Node-backed tools and pinned MCP tools are always included in every turn.
-* - `find_tools(query, limit?)` is added to the tool set when MCP tools are indexed.
-* - Tools surfaced by `find_tools` are included in subsequent turns.
-*
-* Not DI-managed; instantiated per agent execution by DeferredMetaToolStrategyFactory.
-*/
 var DeferredMetaToolStrategy = class {
 	nodeBackedTools = {};
 	pinnedTools = {};
 	mcpEntries = [];
 	toolsByServerId = /* @__PURE__ */ new Map();
 	foundToolIds = /* @__PURE__ */ new Set();
-	/**
-	* `jsonSchema` from the `ai` SDK, loaded lazily in {@link initialize} so the SDK
-	* (~28MB RSS) stays off the boot path. `initialize` always runs before the sync
-	* `getToolsForTurn` → `buildFindToolsDefinition` path, so this is set before use.
-	*/
 	jsonSchema;
 	constructor(bm25, warnFn) {
 		this.bm25 = bm25;
@@ -6425,11 +6149,6 @@ let AIAgentNode = class AIAgentNode$1 {
 	inputSchema = unknown();
 	connectionCredentialExecutionContextFactory;
 	preparedByExecutionContext = /* @__PURE__ */ new WeakMap();
-	/**
-	* The `ai` SDK, loaded lazily in {@link execute} so the SDK (~28MB RSS) stays
-	* off the boot path — non-AI workflows never load it. Every path runs through
-	* `execute` → `ensureAiSdk` before any sync helper touches `this.aiSdk`.
-	*/
 	aiSdk;
 	aiSdkPromise = null;
 	constructor(nodeResolver, credentialSessions, nodeBackedToolRuntime, executionHelpers, structuredOutputRunner, toolExecutionCoordinator, toolLoadingStrategyFactory, agentMcpIntegration) {
@@ -6453,15 +6172,9 @@ let AIAgentNode = class AIAgentNode$1 {
 		};
 		return (await this.runAgentForItem(prepared, itemWithMappedJson, args.itemIndex, args.items)).json;
 	}
-	/** Load the `ai` SDK once per node instance (cached promise guards concurrent items). */
 	async ensureAiSdk() {
 		this.aiSdk = await (this.aiSdkPromise ??= import("ai"));
 	}
-	/**
-	* Resume path: re-enters the agent loop after a HITL suspension.
-	* Reconstructs the conversation from the checkpoint, injects the human decision
-	* as a tool_result, and continues the loop from where it suspended.
-	*/
 	async executeResumed(args, resumeContext) {
 		const { ctx } = args;
 		const taskMetadata = resumeContext.task.metadata ?? {};
@@ -6508,10 +6221,6 @@ let AIAgentNode = class AIAgentNode$1 {
 		const outputJson = await this.resolveFinalOutputJson(prepared, itemInputsByPort, conversation, loopResult.finalText, itemScopedTools.length > 0);
 		return this.buildOutputItem(item, outputJson).json;
 	}
-	/**
-	* Normalizes a {@link ResumeContext} decision into a flat JSON-serializable shape
-	* suitable for injection as a tool_result content.
-	*/
 	normalizeDecision(resumeContext) {
 		const { decision } = resumeContext;
 		if (decision.kind === "decided") {
@@ -6638,16 +6347,6 @@ let AIAgentNode = class AIAgentNode$1 {
 		const outputJson = await this.resolveFinalOutputJson(prepared, itemInputsByPort, conversation, loopResult.finalText, itemScopedTools.length > 0);
 		return this.buildOutputItem(item, outputJson);
 	}
-	/**
-	* Multi-turn loop:
-	* - Each turn is a single `generateText` call with tools exposed but **not auto-executed**
-	*   (we control tool dispatch so that {@link AgentToolExecutionCoordinator} drives repair /
-	*   connection-invocation recording / transient-error handling exactly like before).
-	* - When the model returns no tool calls the loop ends with the model's text as the final answer.
-	* - Respects `guardrails.maxTurns` and `guardrails.onTurnLimitReached`.
-	* - Strategy-owned tool calls (e.g. `find_tools`) are dispatched via the strategy, not the
-	*   coordinator; their results are tracked so subsequent turns receive the discovered tools.
-	*/
 	async runTurnLoopUntilFinalAnswer(args) {
 		const { prepared, itemInputsByPort, itemScopedTools, conversation } = args;
 		const { ctx, guardrails, toolLoadingStrategy } = prepared;
@@ -6655,7 +6354,6 @@ let AIAgentNode = class AIAgentNode$1 {
 		let toolCallCount = args.resumedToolCallCount ?? 0;
 		let turnCount = 0;
 		const repairAttemptsByToolName = /* @__PURE__ */ new Map();
-		/** Tool IDs surfaced by find_tools across all prior turns in this item run. */
 		let previousFoundToolIds = [];
 		for (let turn = 1; turn <= guardrails.maxTurns; turn++) {
 			turnCount = turn;
@@ -6785,12 +6483,6 @@ let AIAgentNode = class AIAgentNode$1 {
 			};
 		});
 	}
-	/**
-	* Resolves the HITL behavior for a tool binding, or `undefined` when it is not a HITL tool.
-	* A binding is HITL if either the backing node carries a `defineHumanApprovalNode` marker or the
-	* binding sets a per-binding `onRejected` via `asTool(..., { onRejected })`. The per-binding value
-	* wins over the node marker, so two tools backed by the same node can reject differently.
-	*/
 	resolveHumanApprovalBehavior(config$1) {
 		if (!this.isNodeBackedToolConfig(config$1)) return void 0;
 		const marker = config$1.node.humanApprovalToolBehavior;
@@ -6798,11 +6490,6 @@ let AIAgentNode = class AIAgentNode$1 {
 		if (marker === void 0 && perBinding === void 0) return void 0;
 		return { onRejected: perBinding ?? marker?.onRejected ?? "return" };
 	}
-	/**
-	* Invoke a text turn using the merged tool set from item-scoped tools (coordinator-managed)
-	* and strategy tools (find_tools + discovered MCP tools).
-	* Strategy tools take precedence for names that overlap.
-	*/
 	async invokeTextTurnWithStrategyTools(prepared, itemInputsByPort, messages, itemScopedTools, strategyTools) {
 		const itemToolSet = this.buildToolSet(itemScopedTools);
 		const strategyHasTools = Object.keys(strategyTools).length > 0;
@@ -6813,10 +6500,6 @@ let AIAgentNode = class AIAgentNode$1 {
 		} : void 0;
 		return this.invokeTextTurnWithToolSet(prepared, itemInputsByPort, messages, mergedTools);
 	}
-	/**
-	* Removes `execute` properties from ToolSet entries so the AI SDK does not
-	* auto-execute them within `generateText`. Codemation owns all tool dispatch.
-	*/
 	stripExecuteCallbacks(tools) {
 		const stripped = {};
 		for (const [name, def] of Object.entries(tools)) {
@@ -6825,12 +6508,6 @@ let AIAgentNode = class AIAgentNode$1 {
 		}
 		return stripped;
 	}
-	/**
-	* Builds a ToolSet from resolved tools for strategy initialization.
-	* The strategy uses this for its "always-included" node-backed tool descriptions.
-	* HITL tools (detected via the `humanApprovalToolBehavior` field set by `defineHumanApprovalNode`) get the solo-constraint sentence
-	* appended to their description.
-	*/
 	buildToolSetFromResolved(resolvedTools) {
 		if (resolvedTools.length === 0) return {};
 		const toolSet = {};
@@ -6848,20 +6525,6 @@ let AIAgentNode = class AIAgentNode$1 {
 		}
 		return toolSet;
 	}
-	/**
-	* Builds an AI SDK {@link ToolSet} where every tool ships a pre-converted JSON Schema (via
-	* {@link jsonSchema}) — not the raw Zod schema — and carries **no** `execute`. Two reasons:
-	*
-	* 1. Codemation owns tool dispatch + the per-tool repair loop (see {@link AgentToolExecutionCoordinator}),
-	*    so the AI SDK must surface tool calls back to us instead of auto-running them.
-	* 2. The AI SDK's `asSchema` helper discriminates between Zod v3 / Zod v4 / Standard Schema via
-	*    runtime feature-detection (`~standard`, `_zod`, etc.). Handing it a pre-built
-	*    {@link jsonSchema} record — which is tagged with `Symbol.for('vercel.ai.schema')` — skips all
-	*    of that detection and guarantees the provider receives a draft-07 JSON Schema with
-	*    `additionalProperties: false` at every object depth (see {@link OpenAiStrictJsonSchemaFactory}
-	*    for the same logic applied to structured-output schemas). Codemation still runs its own Zod
-	*    validation on tool inputs before execute — the schema handed to the model is advisory.
-	*/
 	buildToolSet(itemScopedTools) {
 		if (itemScopedTools.length === 0) return void 0;
 		const toolSet = {};
@@ -6879,10 +6542,6 @@ let AIAgentNode = class AIAgentNode$1 {
 		}
 		return toolSet;
 	}
-	/**
-	* One `generateText` turn (no auto tool execution) with Codemation-owned child-span telemetry
-	* and connection-invocation state recording. Accepts a pre-built ToolSet.
-	*/
 	async invokeTextTurnWithToolSet(prepared, itemInputsByPort, messages, tools) {
 		const invocationId = __codemation_core.ConnectionInvocationIdFactory.create();
 		const startedAt = /* @__PURE__ */ new Date();
@@ -6993,11 +6652,6 @@ let AIAgentNode = class AIAgentNode$1 {
 			});
 		}
 	}
-	/**
-	* Structured-output turn: runs `generateText({ output: Output.object({ schema }) })` via the
-	* structured-output runner.  We keep this as a separate helper because the runner needs the raw
-	* validated value (not just text) back, and must be able to retry on Zod failures.
-	*/
 	async invokeStructuredTurn(prepared, itemInputsByPort, schema, messages, structuredOptions) {
 		const invocationId = __codemation_core.ConnectionInvocationIdFactory.create();
 		const startedAt = /* @__PURE__ */ new Date();
@@ -7122,13 +6776,6 @@ let AIAgentNode = class AIAgentNode$1 {
 			providerOptions: overrides?.providerOptions ?? defaults.providerOptions
 		};
 	}
-	/**
-	* Build a no-code-friendly output payload for an LLM round.
-	*
-	* Always includes `content` (matching the canvas snapshot shape used elsewhere) and adds a
-	* `toolCalls` array when the round produced tool calls so the execution inspector surfaces the
-	* planned calls instead of just an empty `""` for tool-only rounds.
-	*/
 	summarizeTurnOutput(turnResult) {
 		if (turnResult.toolCalls.length === 0) return { content: turnResult.text };
 		const toolCalls = turnResult.toolCalls.map((toolCall) => ({
@@ -7331,12 +6978,6 @@ let AIAgentNode = class AIAgentNode$1 {
 		const binaries = await this.resolveInlineBinaries(attachments, ctx);
 		return AgentBinaryContentFactory.withBinaries(promptMessages, binaries);
 	}
-	/**
-	* Picks which attachments feed the passdown. When the author supplies `config.binaries`
-	* (a static array or a per-item function — e.g. to forward binaries from an earlier node),
-	* those replace the current item's attachments; otherwise the current item's `item.binary`
-	* is used.
-	*/
 	selectBinaryAttachments(item, itemIndex, items, ctx) {
 		const manual = ctx.config.binaries;
 		if (manual !== void 0) return typeof manual === "function" ? manual({
@@ -7347,14 +6988,6 @@ let AIAgentNode = class AIAgentNode$1 {
 		}) : manual;
 		return item.binary ? Object.values(item.binary) : [];
 	}
-	/**
-	* Reads every attachment through `ctx.binary` (storage-backed, by reference — never base64 on
-	* `item.json`) and resolves it to inline base64 so the agent can pass it to the chat model as a
-	* native multimodal block. Images become image blocks; every other type (PDF, office docs, CSV,
-	* JSON, …) becomes a file block — we don't filter by media type, so any binary can be fed to the
-	* model. If the provider rejects an unsupported type the error surfaces at runtime, and the
-	* workflow can filter the binary upstream.
-	*/
 	async resolveInlineBinaries(attachments, ctx) {
 		const resolved = [];
 		for (const attachment of attachments) {
@@ -7367,12 +7000,6 @@ let AIAgentNode = class AIAgentNode$1 {
 		}
 		return resolved;
 	}
-	/**
-	* When `item.json.__source` matches an entry in `config.untrustedSources`
-	* (default: `["gmail", "ocr", "webhook"]`), wraps every user-role message
-	* content with an untrusted-external-source preamble so the LLM treats the
-	* content as data, not instructions.
-	*/
 	wrapUntrustedSourceMessages(messages, item, config$1) {
 		const source = item.json !== null && typeof item.json === "object" ? item.json.__source : void 0;
 		if (typeof source !== "string") return messages;
@@ -7465,10 +7092,6 @@ AIAgentNode = __decorate([
 
 //#endregion
 //#region src/nodes/AIAgentConfig.ts
-/**
-* AI agent: credential bindings are keyed to connection-owned LLM/tool node ids (ConnectionNodeIdFactory),
-* not to the agent workflow node id.
-*/
 var AIAgent = class {
 	kind = "node";
 	type = AIAgentNode;
@@ -7566,11 +7189,6 @@ AssertionNode = __decorate([(0, __codemation_core.node)({ packageName: "@codemat
 
 //#endregion
 //#region src/nodes/assertion.ts
-/**
-* Generic assertion node — the "callback" form. For declarative shorthands (StringEquals,
-* JudgeByAgent) compose this with helpers added in later phases. Sets `emitsAssertions: true`
-* so host-side persisters know to record its outputs as `TestAssertion` rows.
-*/
 var Assertion = class {
 	kind = "node";
 	type = AssertionNode;
@@ -7833,17 +7451,12 @@ HttpRequestNode = __decorate([(0, __codemation_core.node)({ packageName: "@codem
 
 //#endregion
 //#region src/nodes/httpRequest.ts
-/**
-* The built-in HTTP request credential type IDs accepted by the `HttpRequest` node.
-* These match the four generic credential types shipped with `@codemation/core-nodes`.
-*/
 const HTTP_REQUEST_ACCEPTED_CREDENTIAL_TYPES = [
 	bearerTokenCredentialType.definition.typeId,
 	apiKeyCredentialType.definition.typeId,
 	basicAuthCredentialType.definition.typeId,
 	oauth2ClientCredentialsType.definition.typeId
 ];
-/** Default maximum response size for binary mode: 100 MiB. */
 const DEFAULT_RESPONSE_SIZE_CAP_BYTES = 100 * 1024 * 1024;
 var HttpRequest = class {
 	kind = "node";
@@ -8012,9 +7625,6 @@ var Filter = class {
 function getOriginIndex(item) {
 	return (0, __codemation_core.getOriginIndexFromItem)(item);
 }
-/**
-* Tags items routed to fan-in merge-by-origin (same contract as {@link IfNode} / {@link SwitchNode}).
-*/
 function tagItemForRouterFanIn(args) {
 	const { item, itemIndex, nodeId, inputPortLabel = "$in" } = args;
 	const metaBase = item.meta && typeof item.meta === "object" ? item.meta : {};
@@ -8105,10 +7715,6 @@ IsTestRunNode = __decorate([(0, __codemation_core.node)({ packageName: "@codemat
 
 //#endregion
 //#region src/nodes/isTestRun.ts
-/**
-* Branches per-item on whether the current run is a test run. Output ports: `true`, `false`.
-* The wire payload is unchanged — this is a router, not a transform.
-*/
 var IsTestRun = class {
 	kind = "node";
 	type = IsTestRunNode;
@@ -8192,10 +7798,6 @@ var Split = class {
 	type = SplitNode;
 	execution = { hint: "local" };
 	keepBinaries = true;
-	/**
-	* When splitting yields zero items for a batch, downstream single-input nodes still run once with an empty batch.
-	* Mirrors {@link MapData}'s empty-output behavior.
-	*/
 	continueWhenEmptyOutput = true;
 	icon = "builtin:split-rows";
 	id;
@@ -8249,15 +7851,6 @@ CronTriggerNode = __decorate([(0, __codemation_core.node)({ packageName: "@codem
 
 //#endregion
 //#region src/nodes/CronTriggerFactory.ts
-/**
-* Schedules a workflow on a standard cron expression.
-*
-* Each tick emits one item: `{ firedAt: string, scheduledFor: string }` — both ISO-8601 timestamps.
-* `firedAt` is the wall-clock moment the callback ran; `scheduledFor` is the cron-computed
-* firing instant (these differ when the job was delayed).
-*
-* Timezone defaults to UTC when omitted — cron without an explicit TZ is a DST footgun.
-*/
 var CronTrigger = class {
 	kind = "trigger";
 	type = CronTriggerNode;
@@ -8328,7 +7921,6 @@ var ManualTrigger = class ManualTrigger {
 	defaultItems;
 	id;
 	description;
-	/** Manual runs often emit an empty batch; still schedule downstream by default. */
 	continueWhenEmptyOutput = true;
 	constructor(name = "Manual trigger", defaultItemsOrId, idOrOptions) {
 		this.name = name;
@@ -8383,7 +7975,6 @@ var MapData = class {
 	kind = "node";
 	type = MapDataNode;
 	execution = { hint: "local" };
-	/** Zero mapped items should still allow downstream nodes to run. */
 	continueWhenEmptyOutput = true;
 	icon = "lucide:square-pen";
 	keepBinaries;
@@ -8616,11 +8207,6 @@ TestTriggerNode = __decorate([(0, __codemation_core.node)({ packageName: "@codem
 
 //#endregion
 //#region src/nodes/testTrigger.ts
-/**
-* Trigger config for a test fixture source. Drop one (or more) of these on the canvas alongside
-* a workflow's live triggers; clicking "Run tests" on the Tests tab invokes
-* {@link TestTriggerOptions.generateItems} via the TestSuiteOrchestrator.
-*/
 var TestTrigger = class {
 	kind = "trigger";
 	triggerKind = "test";
@@ -8694,7 +8280,6 @@ var Wait = class {
 	kind = "node";
 	type = WaitNode;
 	execution = { hint: "local" };
-	/** Pass-through empty batches should still advance to downstream nodes. */
 	continueWhenEmptyOutput = true;
 	icon = "lucide:hourglass";
 	id;
@@ -8796,6 +8381,39 @@ var WebhookTrigger = class WebhookTrigger {
 	}
 };
 
+//#endregion
+//#region src/nodes/schedulePollingTrigger.ts
+const schedulePollingTrigger = (0, __codemation_core.definePollingTrigger)({
+	key: "schedule.interval",
+	packageName: "@codemation/core-nodes",
+	title: "Run on schedule",
+	description: "Emit one tick item on every poll cycle.",
+	icon: "lucide:clock",
+	pollIntervalMs: 6e4,
+	initialState() {
+		return { tick: 0 };
+	},
+	poll({ state }) {
+		const tick = (state ?? { tick: 0 }).tick + 1;
+		return {
+			items: [{ json: {
+				firedAt: (/* @__PURE__ */ new Date()).toISOString(),
+				tick
+			} }],
+			nextState: { tick }
+		};
+	},
+	execute(items) {
+		return { main: items };
+	},
+	testItems() {
+		return [{ json: {
+			firedAt: (/* @__PURE__ */ new Date()).toISOString(),
+			tick: 0
+		} }];
+	}
+});
+
 //#endregion
 //#region src/nodes/ConnectionCredentialNode.ts
 let ConnectionCredentialNode = class ConnectionCredentialNode$1 {
@@ -8809,11 +8427,6 @@ ConnectionCredentialNode = __decorate([(0, __codemation_core.node)({ packageName
 
 //#endregion
 //#region src/register.types.ts
-/**
-* Registrar for built-in nodes. In a real project, this would use tsyringe's
-* container.registerSingleton(...). For the skeleton we keep it token-based:
-* the engine resolves node implementations by class token.
-*/
 function registerCoreNodes(container) {}
 
 //#endregion
@@ -9042,9 +8655,6 @@ function workflow(id) {
 
 //#endregion
 //#region src/workflows/AIAgentConnectionWorkflowExpander.ts
-/**
-* Materializes connection-owned child nodes and {@link WorkflowDefinition.connections} for AI agent nodes.
-*/
 var AIAgentConnectionWorkflowExpander = class {
 	constructor(connectionCredentialNodeConfigFactory, mcpServerResolver) {
 		this.connectionCredentialNodeConfigFactory = connectionCredentialNodeConfigFactory;
@@ -9312,16 +8922,6 @@ const collectionDeleteNode = (0, __codemation_core.defineNode)({
 function resolveSubjectField(field, item) {
 	return typeof field === "function" ? field({ item }) : field;
 }
-/**
-* Auto-detecting inbox approval node.
-*
-* Uses `ctx.resolve(InboxChannelResolverToken)` to pick the right inbox channel
-* at runtime:
-* - In managed mode (PairingConfig present): routes to the control-plane inbox.
-* - Otherwise: routes to the local inbox.
-*
-* Authors use this node directly; no extra wiring needed per deployment mode.
-*/
 const inboxApproval = (0, __codemation_core.defineHumanApprovalNode)({
 	key: "inbox.approval",
 	title: "Inbox Approval",
@@ -9714,5 +9314,6 @@ exports.inboxApproval = inboxApproval;
 exports.oauth2ClientCredentialsType = oauth2ClientCredentialsType;
 exports.openAiChatModelPresets = openAiChatModelPresets;
 exports.registerCoreNodes = registerCoreNodes;
+exports.schedulePollingTrigger = schedulePollingTrigger;
 exports.workflow = workflow;
 //# sourceMappingURL=index.cjs.map