@codemation/host 0.8.0 → 0.9.1

package/prisma-generated/prisma-sqlite-client/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "prisma-client-f1f592cca96cc07ff4c49ca6848788c0583fceb20133a8099c5c0d76247b55cc",
+  "name": "prisma-client-27202846702650939c7c4ff50ce95d5243619cf55a343054d3ecccc77fc95642",
   "main": "index.js",
   "types": "index.d.ts",
   "browser": "default.js",

package/prisma-generated/prisma-sqlite-client/schema.prisma

@@ -22,6 +22,7 @@ model Run {
   policySnapshotJson   String? @map("policy_snapshot_json")
   engineCountersJson   String? @map("engine_counters_json")
   mutableStateJson     String? @map("mutable_state_json")
+  hitlStateJson        String? @map("hitl_state_json")
   outputsByNodeJson    String  @map("outputs_by_node_json")
   updatedAt            String  @map("updated_at")
   testSuiteRunId       String? @map("test_suite_run_id")
@@ -346,6 +347,10 @@ model CredentialInstance {
   setupStatus      String @map("setup_status")
   createdAt        String @map("created_at")
   updatedAt        String @map("updated_at")
+  // Material provider seam — see docs/design/credentials-oauth-unification.md.
+  // Pointer to where the bytes live (workspace DB vs control plane).
+  materialSource   String @default("local") @map("material_source")
+  materialRef      String @default("") @map("material_ref")
 }
 
 model CredentialSecretMaterial {
@@ -508,3 +513,46 @@ model WorkflowAuditLog {
   @@index([workflowId, occurredAt])
   @@map("workflow_audit_log")
 }
+
+/// HMAC nonce store for replay protection (T6 security fix).
+/// Nonces are persisted across process restarts so a replayed request within
+/// the 300-second timestamp window is rejected even after a restart.
+model HmacNonce {
+  nonce     String   @id @map("nonce")
+  expiresAt DateTime @map("expires_at")
+
+  @@index([expiresAt])
+  @@map("hmac_nonce")
+}
+
+model HumanTask {
+  id                 String    @id @map("id")
+  runId              String    @map("run_id")
+  workflowId         String    @map("workflow_id")
+  workspaceId        String?   @map("workspace_id")
+  nodeId             String    @map("node_id")
+  activationId       String    @map("activation_id")
+  itemIndex          Int       @map("item_index")
+  /// pending | decided | timed_out | auto_accepted | cancelled
+  status             String    @map("status")
+  /// local | control-plane-inbox
+  channel            String    @map("channel")
+  subjectJson        String    @map("subject_json")
+  metadataJson       String    @map("metadata_json")
+  decisionSchemaJson String    @map("decision_schema_json")
+  decisionSchemaHash String    @map("decision_schema_hash")
+  /// halt | auto-accept
+  onTimeout          String    @map("on_timeout")
+  deliveryRefJson    String?   @map("delivery_ref_json")
+  decisionJson       String?   @map("decision_json")
+  decidedAt          DateTime? @map("decided_at")
+  decidedByJson      String?   @map("decided_by_json")
+  resumeTokenHash    String    @map("resume_token_hash")
+  expiresAt          DateTime  @map("expires_at")
+  createdAt          DateTime  @default(now()) @map("created_at")
+
+  @@index([runId])
+  @@index([workflowId, status])
+  @@index([workspaceId, status, expiresAt])
+  @@map("human_task")
+}

package/src/application/contracts/CredentialContractsRegistry.ts

@@ -81,6 +81,21 @@ export type UpsertCredentialBindingRequest = Readonly<{
   instanceId: CredentialInstanceId;
 }>;
 
+export type AppGalleryEntry = Readonly<{
+  mcpId: string;
+  displayName: string;
+  description: string;
+  iconUrl: string | null;
+  acceptedCredentialTypes: ReadonlyArray<string>;
+  primaryOAuthTypeId: string | null;
+  instances: ReadonlyArray<CredentialInstanceDto>;
+}>;
+
+export type AppsResponse = Readonly<{
+  apps: ReadonlyArray<AppGalleryEntry>;
+  customInstances: ReadonlyArray<CredentialInstanceDto>;
+}>;
+
 export class CredentialResponseMapper {
   static toTypeDefinitionList(types: ReadonlyArray<CredentialTypeDefinition>): ReadonlyArray<CredentialTypeDefinition> {
     return [...types];

package/src/application/credentials/AppGalleryProjector.ts

@@ -0,0 +1,69 @@
+import { inject, injectable } from "@codemation/core";
+import type { McpServerDeclaration } from "@codemation/core";
+import type { AppGalleryEntry, AppsResponse, CredentialInstanceDto } from "../contracts/CredentialContractsRegistry";
+import { CredentialTypeRegistryImpl } from "../../domain/credentials/CredentialServices";
+
+/**
+ * Produces gallery-ready DTOs by joining MCP server declarations × credential
+ * type registry × workspace credential instances.
+ *
+ * D2 rule: an instance belongs under a tile when its typeId is in
+ * mcp.acceptedCredentialTypes. Instances with no MCP home land in customInstances.
+ * An instance can appear under multiple tiles if more than one MCP accepts its type.
+ *
+ * D4 rule: primaryOAuthTypeId = first acceptedCredentialType whose
+ * CredentialTypeDefinition.auth.kind === "oauth2". null when none found.
+ *
+ * D5 rule: when mcpServers is null (unpaired), apps is [] and all instances are custom.
+ */
+@injectable()
+export class AppGalleryProjector {
+  constructor(
+    @inject(CredentialTypeRegistryImpl)
+    private readonly credentialTypeRegistry: CredentialTypeRegistryImpl,
+  ) {}
+
+  project(
+    mcpServers: ReadonlyArray<McpServerDeclaration> | null,
+    instances: ReadonlyArray<CredentialInstanceDto>,
+  ): AppsResponse {
+    if (mcpServers === null) {
+      return { apps: [], customInstances: [...instances] };
+    }
+
+    const mcpInstancedSetIds = new Set<string>();
+
+    const apps: AppGalleryEntry[] = mcpServers.map((mcp) => {
+      const accepted = mcp.acceptedCredentialTypes ?? [];
+      const acceptedSet = new Set(accepted);
+      const mcpInstances = instances.filter((i) => acceptedSet.has(i.typeId));
+      for (const i of mcpInstances) {
+        mcpInstancedSetIds.add(i.instanceId);
+      }
+      const primaryOAuthTypeId = this.findPrimaryOAuthTypeId(accepted);
+      return {
+        mcpId: mcp.id,
+        displayName: mcp.displayName,
+        description: mcp.description,
+        iconUrl: null,
+        acceptedCredentialTypes: [...accepted],
+        primaryOAuthTypeId,
+        instances: mcpInstances,
+      };
+    });
+
+    const customInstances = instances.filter((i) => !mcpInstancedSetIds.has(i.instanceId));
+
+    return { apps, customInstances };
+  }
+
+  private findPrimaryOAuthTypeId(acceptedTypes: ReadonlyArray<string>): string | null {
+    for (const typeId of acceptedTypes) {
+      const credType = this.credentialTypeRegistry.getCredentialType(typeId);
+      if (credType?.definition.auth?.kind === "oauth2") {
+        return typeId;
+      }
+    }
+    return null;
+  }
+}

package/src/application/hitl/DecideHumanTaskCommandHandler.ts

@@ -0,0 +1,149 @@
+import { inject, injectable } from "@codemation/core";
+import type { HumanTaskActor, HumanTaskStore, JsonValue } from "@codemation/core";
+import { CodemationTelemetryAttributeNames, HumanTaskStoreToken } from "@codemation/core";
+import { Engine } from "@codemation/core/bootstrap";
+import { ApplicationRequestError } from "../ApplicationRequestError";
+import { HitlResumeTokenSigner } from "../../hitl/HitlResumeTokenSigner";
+import { HitlTimeoutJobScheduler } from "../../hitl/HitlTimeoutJobScheduler";
+import { DecisionSchemaValidator } from "./DecisionSchemaValidator";
+import { ResumeTelemetryContextForRun } from "../telemetry/ResumeTelemetryContextForRun";
+
+export interface DecideHumanTaskArgs {
+  taskId: string;
+  decision: JsonValue;
+  decidedBy: HumanTaskActor;
+}
+
+export interface DecideHumanTaskResult {
+  status: "decided";
+  runStatus: "running" | "halted";
+}
+
+@injectable()
+export class DecideHumanTaskCommandHandler {
+  private readonly taskStore: HumanTaskStore | undefined;
+
+  constructor(
+    @inject(HumanTaskStoreToken) taskStore: HumanTaskStore | undefined,
+    @inject(Engine) private readonly engine: Engine,
+    @inject(HitlResumeTokenSigner) private readonly tokenSigner: HitlResumeTokenSigner,
+    @inject(HitlTimeoutJobScheduler) private readonly timeoutScheduler: HitlTimeoutJobScheduler,
+    @inject(DecisionSchemaValidator) private readonly schemaValidator: DecisionSchemaValidator,
+    @inject(ResumeTelemetryContextForRun) private readonly resumeTelemetry: ResumeTelemetryContextForRun,
+  ) {
+    this.taskStore = taskStore;
+  }
+
+  async decide(args: DecideHumanTaskArgs): Promise<DecideHumanTaskResult> {
+    if (!this.taskStore) {
+      throw new ApplicationRequestError(503, "HITL is not available in this configuration");
+    }
+    const task = await this.taskStore.findById(args.taskId);
+    if (!task) {
+      throw new ApplicationRequestError(404, "HumanTask not found");
+    }
+
+    if (task.status !== "pending") {
+      throw new ApplicationRequestError(409, `HumanTask is not pending (current status: ${task.status})`);
+    }
+
+    // Validate decision body against the stored schema
+    const validationResult = this.schemaValidator.validate({
+      schemaJson: task.decisionSchemaJson,
+      value: args.decision,
+    });
+    if (!validationResult.valid) {
+      throw new ApplicationRequestError(
+        422,
+        `Decision does not match the expected schema: ${validationResult.message}`,
+      );
+    }
+
+    const decidedAt = new Date();
+    await this.taskStore.markDecided({
+      taskId: args.taskId,
+      decision: args.decision,
+      decidedBy: args.decidedBy,
+      decidedAt,
+    });
+
+    // Cancel the timeout job to prevent double-resolution
+    await this.timeoutScheduler.cancelTimeoutJob(args.taskId);
+
+    // Emit hitl.task.decided on the run's trace.
+    const telemetry = await this.resumeTelemetry.forTask(args.taskId);
+    const latencyMs = decidedAt.getTime() - task.createdAt.getTime();
+    const decisionPayload = args.decision as Record<string, unknown> | null;
+    const decisionStatus =
+      typeof decisionPayload?.["approved"] === "boolean"
+        ? decisionPayload["approved"]
+          ? "approved"
+          : "rejected"
+        : "decided";
+    await telemetry?.addSpanEvent({
+      name: "hitl.task.decided",
+      attributes: {
+        [CodemationTelemetryAttributeNames.hitlTaskId]: args.taskId,
+        [CodemationTelemetryAttributeNames.hitlDecisionStatus]: decisionStatus,
+        actor: args.decidedBy.actorId,
+        latencyMs,
+      },
+    });
+
+    // Resume the suspended run
+    const resumeResult = await this.engine.resumeRun({
+      runId: task.runId,
+      taskId: task.id,
+      resumeContext: {
+        decision: {
+          kind: "decided",
+          value: args.decision,
+          actor: args.decidedBy,
+          decidedAt,
+        },
+        delivery: task.deliveryRef ?? null,
+        task: {
+          taskId: task.id,
+          runId: task.runId,
+          nodeId: task.nodeId,
+          expiresAt: task.expiresAt,
+          resumeUrl: "",
+        },
+      },
+    });
+
+    return {
+      status: "decided",
+      runStatus: resumeResult.status === "failed" || resumeResult.status === "halted" ? "halted" : "running",
+    };
+  }
+
+  /** Used by the token-authenticated resume endpoint to validate the token and extract the actor. */
+  async validateResumeToken(args: { taskId: string; token: string }): Promise<{ schemaHash: string }> {
+    const result = this.tokenSigner.verify(args.token);
+    if (!result.ok) {
+      if (result.reason === "expired") {
+        throw new ApplicationRequestError(410, "Resume token has expired");
+      }
+      throw new ApplicationRequestError(401, "Invalid resume token");
+    }
+    if (result.taskId !== args.taskId) {
+      throw new ApplicationRequestError(401, "Token taskId does not match");
+    }
+
+    if (!this.taskStore) {
+      throw new ApplicationRequestError(503, "HITL is not available in this configuration");
+    }
+    const task = await this.taskStore.findById(args.taskId);
+    if (!task) {
+      throw new ApplicationRequestError(404, "HumanTask not found");
+    }
+
+    // Schema hash drift detection (D6): token was signed with a hash of the schema at creation
+    if (task.decisionSchemaHash.slice(0, 8) !== result.schemaHash) {
+      throw new ApplicationRequestError(410, "Schema has changed since this token was issued");
+    }
+
+    return { schemaHash: result.schemaHash };
+  }
+}

package/src/application/hitl/DecisionSchemaValidator.ts

@@ -0,0 +1,22 @@
+import Ajv from "ajv/dist/2020.js";
+import { injectable } from "@codemation/core";
+import type { JsonValue } from "@codemation/core";
+
+// Zod v4's z.toJSONSchema() emits draft 2020-12, so we must use Ajv's 2020 build.
+const ajv = new Ajv({ strict: false });
+
+/**
+ * Validates a HITL decision payload against the JSON Schema that was recorded
+ * when the human task was created.
+ */
+@injectable()
+export class DecisionSchemaValidator {
+  validate(args: { schemaJson: string; value: JsonValue }): { valid: true } | { valid: false; message: string } {
+    const schema = JSON.parse(args.schemaJson) as object;
+    const fn = ajv.compile(schema);
+    if (fn(args.value)) {
+      return { valid: true };
+    }
+    return { valid: false, message: ajv.errorsText(fn.errors) };
+  }
+}

package/src/application/hitl/HitlCallbackHandler.ts

@@ -0,0 +1,96 @@
+import { inject, injectable } from "@codemation/core";
+import type { HumanTaskStore, JsonValue } from "@codemation/core";
+import { HumanTaskStoreToken } from "@codemation/core";
+import type { Logger } from "../logging/Logger";
+import type { PairingConfig } from "../../pairing/pairing.types";
+import { PairingConfigToken } from "../../pairing/PairingConfigToken";
+import { ServerLoggerFactory } from "../../infrastructure/logging/ServerLoggerFactory";
+import { DecideHumanTaskCommandHandler } from "./DecideHumanTaskCommandHandler";
+import { ApplicationRequestError } from "../ApplicationRequestError";
+
+export type HitlCallbackBody =
+  | { kind: "timeout" }
+  | {
+      decision: JsonValue;
+      actor?: { actorId: string; displayName?: string };
+    };
+
+export type HitlCallbackResult =
+  | { status: 200; body: { ok: true } }
+  | { status: 400 | 403 | 404 | 409 | 422 | 503; body: { error: string } };
+
+/**
+ * Handler for inbound HITL decision callbacks from the control plane.
+ *
+ * Validates the callback body, checks workspace identity, and delegates to
+ * `DecideHumanTaskCommandHandler` for the actual decision/timeout logic.
+ *
+ * Workspace identity is asserted via `PairingConfig.workspaceId` — the HMAC
+ * middleware already guarantees the request is signed by the paired CP, so
+ * this is a secondary assertion matching the task's stored workspace.
+ *
+ * The framework's timeout worker and CP's callback can both fire for the
+ * same task. Whichever lands first wins; the second gets a 409 from
+ * `markDecided`/`markTimedOut` (task already resolved). This is intentional.
+ */
+@injectable()
+export class HitlCallbackHandler {
+  private readonly logger: Logger;
+
+  constructor(
+    @inject(HumanTaskStoreToken) private readonly taskStore: HumanTaskStore | undefined,
+    @inject(PairingConfigToken) private readonly pairingConfig: PairingConfig,
+    @inject(DecideHumanTaskCommandHandler) private readonly decideHandler: DecideHumanTaskCommandHandler,
+    @inject(ServerLoggerFactory) loggerFactory: ServerLoggerFactory,
+  ) {
+    this.logger = loggerFactory.create("codemation.hitl.callback");
+  }
+
+  async handle(taskId: string, body: HitlCallbackBody): Promise<HitlCallbackResult> {
+    if (!this.taskStore) {
+      return { status: 503, body: { error: "HITL is not available in this configuration" } };
+    }
+
+    const task = await this.taskStore.findById(taskId);
+    if (!task) {
+      return { status: 404, body: { error: "HumanTask not found" } };
+    }
+
+    // Assert workspace identity: only the CP paired to this workspace may call back
+    if (task.workspaceId !== undefined && task.workspaceId !== this.pairingConfig.workspaceId) {
+      this.logger.warn(
+        `HITL callback workspace mismatch — taskId=${taskId} taskWorkspaceId=${task.workspaceId} pairingWorkspaceId=${this.pairingConfig.workspaceId}`,
+      );
+      return { status: 403, body: { error: "Workspace mismatch" } };
+    }
+
+    if (task.status !== "pending") {
+      return { status: 409, body: { error: `HumanTask is not pending (current status: ${task.status})` } };
+    }
+
+    // Timeout path (CP-originated timeout)
+    if ("kind" in body && body.kind === "timeout") {
+      await this.taskStore.markTimedOut(taskId);
+      this.logger.info(`HITL task timed out via CP callback — taskId=${taskId}`);
+      return { status: 200, body: { ok: true } };
+    }
+
+    const decisionBody = body as { decision: JsonValue; actor?: { actorId: string; displayName?: string } };
+
+    try {
+      await this.decideHandler.decide({
+        taskId,
+        decision: decisionBody.decision,
+        decidedBy: decisionBody.actor ?? { actorId: "cp-reviewer" },
+      });
+    } catch (err) {
+      if (err instanceof ApplicationRequestError) {
+        return { status: err.status as 400 | 403 | 404 | 409 | 422 | 503, body: { error: err.message } };
+      }
+      throw err;
+    }
+
+    this.logger.info(`HITL task decided via CP callback — taskId=${taskId}`);
+    return { status: 200, body: { ok: true } };
+  }
+}

package/src/application/mapping/WorkflowDefinitionMapper.ts

@@ -226,9 +226,7 @@ export class WorkflowDefinitionMapper implements DataMapper<WorkflowDefinition,
       if (!AgentConfigInspector.isAgentNodeConfig(node.config)) {
         continue;
       }
-      const descriptors = AgentConnectionNodeCollector.collect(node.id, node.config, (id) =>
-        this.mcpCatalog.get(id),
-      );
+      const descriptors = AgentConnectionNodeCollector.collect(node.id, node.config, (id) => this.mcpCatalog.get(id));
       byAgentNodeId.set(node.id, descriptors);
       const byChildId = new Map<string, AgentConnectionNodeDescriptor>();
       for (const descriptor of descriptors) {

package/src/application/queries/CredentialQueryHandlers.ts

@@ -10,3 +10,5 @@ export { ListCredentialTypesQuery } from "./ListCredentialTypesQuery";
 export { ListCredentialTypesQueryHandler } from "./ListCredentialTypesQueryHandler";
 export { GetCredentialFieldEnvStatusQuery } from "./GetCredentialFieldEnvStatusQuery";
 export { GetCredentialFieldEnvStatusQueryHandler } from "./GetCredentialFieldEnvStatusQueryHandler";
+export { GetCredentialAppsQuery } from "./GetCredentialAppsQuery";
+export { GetCredentialAppsQueryHandler } from "./GetCredentialAppsQueryHandler";

package/src/application/queries/GetCredentialAppsQuery.ts

@@ -0,0 +1,4 @@
+import type { AppsResponse } from "../contracts/CredentialContractsRegistry";
+import { Query } from "../bus/Query";
+
+export class GetCredentialAppsQuery extends Query<AppsResponse> {}

package/src/application/queries/GetCredentialAppsQueryHandler.ts

@@ -0,0 +1,27 @@
+import { inject } from "@codemation/core";
+import { QueryHandler } from "../bus/QueryHandler";
+import { HandlesQuery } from "../../infrastructure/di/HandlesQueryRegistry";
+import type { AppsResponse } from "../contracts/CredentialContractsRegistry";
+import { GetCredentialAppsQuery } from "./GetCredentialAppsQuery";
+import { CredentialInstanceService } from "../../domain/credentials/CredentialInstanceService";
+import { AppGalleryProjector } from "../credentials/AppGalleryProjector";
+import { ControlPlaneCatalogFetcher } from "../../credentials/ControlPlaneCatalogFetcher";
+
+@HandlesQuery.for(GetCredentialAppsQuery)
+export class GetCredentialAppsQueryHandler extends QueryHandler<GetCredentialAppsQuery, AppsResponse> {
+  constructor(
+    @inject(CredentialInstanceService)
+    private readonly credentialInstanceService: CredentialInstanceService,
+    @inject(AppGalleryProjector)
+    private readonly appGalleryProjector: AppGalleryProjector,
+    @inject(ControlPlaneCatalogFetcher)
+    private readonly catalogFetcher: ControlPlaneCatalogFetcher,
+  ) {
+    super();
+  }
+
+  async execute(): Promise<AppsResponse> {
+    const instances = await this.credentialInstanceService.listInstances();
+    return this.appGalleryProjector.project(this.catalogFetcher.mcpServers, instances);
+  }
+}

package/src/application/telemetry/ResumeTelemetryContextForRun.ts

@@ -0,0 +1,53 @@
+import { inject, injectable } from "@codemation/core";
+import type { ExecutionTelemetry } from "@codemation/core";
+import type { HumanTaskStore } from "@codemation/core";
+import { HumanTaskStoreToken } from "@codemation/core";
+import { OtelExecutionTelemetryFactory } from "./OtelExecutionTelemetryFactory";
+
+/**
+ * Reconstructs an {@link ExecutionTelemetry} scope for a run that is resuming from a
+ * `pending` HITL state.
+ *
+ * **Trace context note:** When the decide/timeout/cancel endpoint fires, the original
+ * run's OTel trace context is not available (different HTTP request, no propagation header).
+ * The `traceId` and root `spanId` are re-derived deterministically from `runId` using the
+ * same {@link OtelIdentityFactory} hashing that was used at run-start time. This means the
+ * span events emitted here (`hitl.task.decided`, `hitl.task.timed_out`, `hitl.task.cancelled`)
+ * are correctly routed into the run's existing trace tree in the span store — the join is
+ * by `traceId` / `runId`, not by a live in-process scope.
+ *
+ * If a future requirement calls for full W3C trace-context propagation across the
+ * suspend/resume boundary, store `traceId` + parent `spanId` on the `HumanTask` row and
+ * restore them here instead of re-deriving.
+ */
+@injectable()
+export class ResumeTelemetryContextForRun {
+  private readonly taskStore: HumanTaskStore | undefined;
+
+  constructor(
+    @inject(OtelExecutionTelemetryFactory) private readonly telemetryFactory: OtelExecutionTelemetryFactory,
+    @inject(HumanTaskStoreToken) taskStore: HumanTaskStore | undefined,
+  ) {
+    this.taskStore = taskStore;
+  }
+
+  /**
+   * Returns an {@link ExecutionTelemetry} scope keyed to the run's trace, or `undefined`
+   * when the task store is not available or the task is not found.
+   *
+   * Loads `workflowId` from the task record so callers don't need to look it up separately.
+   */
+  async forTask(taskId: string): Promise<ExecutionTelemetry | undefined> {
+    if (!this.taskStore) {
+      return undefined;
+    }
+    const task = await this.taskStore.findById(taskId);
+    if (!task) {
+      return undefined;
+    }
+    return this.telemetryFactory.create({
+      runId: task.runId,
+      workflowId: task.workflowId,
+    });
+  }
+}

package/src/application/telemetry/TelemetryRetentionTimestampFactory.ts

@@ -19,26 +19,27 @@ export class TelemetryRetentionTimestampFactory {
 
   createArtifactExpiry(policySnapshot: PersistedRunPolicySnapshot | undefined, observedAt: Date): string {
     return this.createExpiry(
-      policySnapshot?.telemetryArtifactRetentionSeconds ?? TelemetryRetentionTimestampFactory.defaultArtifactRetentionSeconds,
+      policySnapshot?.telemetryArtifactRetentionSeconds ??
+        TelemetryRetentionTimestampFactory.defaultArtifactRetentionSeconds,
       observedAt,
     );
   }
 
   createMetricExpiry(policySnapshot: PersistedRunPolicySnapshot | undefined, observedAt: Date): string {
     return this.createExpiry(
-      policySnapshot?.telemetryMetricRetentionSeconds ?? TelemetryRetentionTimestampFactory.defaultMetricRetentionSeconds,
+      policySnapshot?.telemetryMetricRetentionSeconds ??
+        TelemetryRetentionTimestampFactory.defaultMetricRetentionSeconds,
       observedAt,
     );
   }
 
-  createTraceContextExpiry(
-    policySnapshot: PersistedRunPolicySnapshot | undefined,
-    observedAt: Date,
-  ): string {
+  createTraceContextExpiry(policySnapshot: PersistedRunPolicySnapshot | undefined, observedAt: Date): string {
     const candidates = [
       policySnapshot?.telemetrySpanRetentionSeconds ?? TelemetryRetentionTimestampFactory.defaultSpanRetentionSeconds,
-      policySnapshot?.telemetryArtifactRetentionSeconds ?? TelemetryRetentionTimestampFactory.defaultArtifactRetentionSeconds,
-      policySnapshot?.telemetryMetricRetentionSeconds ?? TelemetryRetentionTimestampFactory.defaultMetricRetentionSeconds,
+      policySnapshot?.telemetryArtifactRetentionSeconds ??
+        TelemetryRetentionTimestampFactory.defaultArtifactRetentionSeconds,
+      policySnapshot?.telemetryMetricRetentionSeconds ??
+        TelemetryRetentionTimestampFactory.defaultMetricRetentionSeconds,
     ].filter((value): value is number => typeof value === "number" && value > 0);
     const maxSeconds = Math.max(...candidates);
     return this.createExpiry(maxSeconds, observedAt);

package/src/applicationTokens.ts

@@ -1,4 +1,4 @@
-import type { Clock, OAuthFlowExecutor, TypeToken } from "@codemation/core";
+import type { Clock, CredentialMaterialProvider, OAuthFlowExecutor, TypeToken } from "@codemation/core";
 import type { SessionVerifier } from "./application/auth/SessionVerifier";
 import type { Command } from "./application/bus/Command";
 import type { CommandBus } from "./application/bus/CommandBus";
@@ -106,4 +106,14 @@ export const ApplicationTokens = {
   WorkflowAuditEmitter: Symbol.for("codemation.application.WorkflowAuditEmitter") as TypeToken<IWorkflowAuditEmitter>,
   ProcessRunner: Symbol.for("codemation.application.ProcessRunner") as TypeToken<ProcessRunner>,
   OAuthFlowExecutor: Symbol.for("codemation.application.OAuthFlowExecutor") as TypeToken<OAuthFlowExecutor>,
+  /**
+   * The provider that `CachingCredentialMaterialProvider` wraps. Bound to
+   * `LocalCredentialMaterialProvider` in standalone mode and to
+   * `CompositeCredentialMaterialProvider` in managed mode (which dispatches
+   * by `ref.source`). See `packages/host/src/credentials/` and
+   * `planning/sprints/credentials-vault/02-controlplane-material-provider.md`.
+   */
+  CredentialMaterialInnerProvider: Symbol.for(
+    "codemation.application.CredentialMaterialInnerProvider",
+  ) as TypeToken<CredentialMaterialProvider>,
 } as const;

package/src/auth/managed/ManagedCorsMiddleware.ts

@@ -4,12 +4,27 @@ import type { MiddlewareHandler } from "hono";
 /**
  * CORS allowlist middleware for managed mode.
  *
- * Only the single `CP_WEB_ORIGIN` value (provisioner-injected) is permitted.
- * All other origins are refused on preflight with a 403.
+ * `CP_WEB_ORIGIN` (provisioner-injected) is a comma-separated allowlist of the
+ * browser origins the CP UI may be served from — e.g. the Caddy origin and the
+ * direct dev port. The request's own origin is echoed back only when it is a
+ * member; all other origins are refused on preflight with a 403.
  */
 @injectable()
 export class ManagedCorsMiddleware {
-  constructor(private readonly allowedOrigin: string) {}
+  private readonly allowedOrigins: ReadonlySet<string>;
+
+  constructor(allowedOrigin: string) {
+    this.allowedOrigins = new Set(
+      allowedOrigin
+        .split(",")
+        .map((o) => o.trim())
+        .filter(Boolean),
+    );
+  }
+
+  private isAllowed(origin: string | undefined): origin is string {
+    return origin !== undefined && this.allowedOrigins.has(origin);
+  }
 
   handle(): MiddlewareHandler {
     return async (c, next) => {
@@ -17,7 +32,7 @@ export class ManagedCorsMiddleware {
 
       // Respond to CORS preflight
       if (c.req.method === "OPTIONS") {
-        if (origin === this.allowedOrigin) {
+        if (this.isAllowed(origin)) {
           c.header("access-control-allow-origin", origin);
           c.header("access-control-allow-methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS");
           c.header("access-control-allow-headers", "content-type, authorization");
@@ -29,7 +44,7 @@ export class ManagedCorsMiddleware {
       }
 
       // For actual requests, set CORS headers after the handler runs
-      if (origin === this.allowedOrigin) {
+      if (this.isAllowed(origin)) {
         await next();
         c.header("access-control-allow-origin", origin);
         c.header("access-control-allow-credentials", "true");