@exaudeus/workrail 0.9.0 → 0.11.0

package/dist/v2/infra/local/session-store/index.js

@@ -11,14 +11,19 @@ class StoreFailure extends Error {
     }
 }
 class LocalSessionEventLogStoreV2 {
-    constructor(dataDir, fs, sha256, lock) {
+    constructor(dataDir, fs, sha256) {
         this.dataDir = dataDir;
         this.fs = fs;
         this.sha256 = sha256;
-        this.lock = lock;
     }
-    append(sessionId, plan) {
-        return neverthrow_1.ResultAsync.fromPromise(this.appendImpl(sessionId, plan), (e) => {
+    append(lock, plan) {
+        if (!lock.assertHeld()) {
+            return (0, neverthrow_1.errAsync)({
+                code: 'SESSION_STORE_INVARIANT_VIOLATION',
+                message: 'WithHealthySessionLock used after gate callback ended (witness misuse-after-release)',
+            });
+        }
+        return neverthrow_1.ResultAsync.fromPromise(this.appendImpl(lock.sessionId, plan), (e) => {
             if (e instanceof StoreFailure)
                 return e.storeError;
             return { code: 'SESSION_STORE_IO_ERROR', message: e instanceof Error ? e.message : String(e) };
@@ -31,134 +36,148 @@ class LocalSessionEventLogStoreV2 {
             return { code: 'SESSION_STORE_IO_ERROR', message: e instanceof Error ? e.message : String(e) };
         });
     }
+    loadValidatedPrefix(sessionId) {
+        return neverthrow_1.ResultAsync.fromPromise(this.loadValidatedPrefixImpl(sessionId), (e) => {
+            if (e instanceof StoreFailure)
+                return e.storeError;
+            return { code: 'SESSION_STORE_IO_ERROR', message: e instanceof Error ? e.message : String(e) };
+        });
+    }
     async appendImpl(sessionId, plan) {
-        const lockHandle = await this.unwrap(this.lock.acquire(sessionId), mapLockError);
-        try {
-            const sessionDir = this.dataDir.sessionDir(sessionId);
-            const eventsDir = this.dataDir.sessionEventsDir(sessionId);
-            const manifestPath = this.dataDir.sessionManifestPath(sessionId);
-            await this.unwrap(this.fs.mkdirp(eventsDir), mapFsToStoreError);
-            const { manifest, events: existingEvents } = await this.loadTruthOrEmpty(sessionId);
-            validateManifestContiguityOrThrow(manifest);
-            const existingByDedupeKey = new Set(existingEvents.map((e) => e.dedupeKey));
-            const allExist = plan.events.every((e) => existingByDedupeKey.has(e.dedupeKey));
-            if (allExist) {
-                return;
-            }
-            const anyExist = plan.events.some((e) => existingByDedupeKey.has(e.dedupeKey));
-            if (anyExist && !allExist) {
-                throw new StoreFailure({
-                    code: 'SESSION_STORE_INVARIANT_VIOLATION',
-                    message: 'Partial dedupeKey collision detected (some events exist, some do not); this is an invariant violation',
-                });
-            }
-            const expectedFirstEventIndex = nextEventIndexFromManifest(manifest);
-            validateAppendPlanOrThrow(sessionId, plan, expectedFirstEventIndex);
-            const first = plan.events[0].eventIndex;
-            const last = plan.events[plan.events.length - 1].eventIndex;
-            const segmentRelPath = segmentRelPathFor(first, last);
-            const segmentPath = `${sessionDir}/${segmentRelPath}`;
-            const tmpPath = `${segmentPath}.tmp`;
-            const segmentBytes = concatJsonlRecords(plan.events);
-            const tmpHandle = await this.unwrap(this.fs.openWriteTruncate(tmpPath), mapFsToStoreError);
-            await this.unwrap(this.fs.writeAll(tmpHandle.fd, segmentBytes), mapFsToStoreError);
-            await this.unwrap(this.fs.fsyncFile(tmpHandle.fd), mapFsToStoreError);
-            await this.unwrap(this.fs.closeFile(tmpHandle.fd), mapFsToStoreError);
-            await this.unwrap(this.fs.rename(tmpPath, segmentPath), mapFsToStoreError);
-            await this.unwrap(this.fs.fsyncDir(eventsDir), mapFsToStoreError);
-            const digest = this.sha256.sha256(segmentBytes);
-            const segClosed = {
+        const sessionDir = this.dataDir.sessionDir(sessionId);
+        const eventsDir = this.dataDir.sessionEventsDir(sessionId);
+        const manifestPath = this.dataDir.sessionManifestPath(sessionId);
+        await this.unwrap(this.fs.mkdirp(eventsDir), mapFsToStoreError);
+        const { manifest, events: existingEvents } = await this.loadTruthOrEmpty(sessionId);
+        validateManifestContiguityOrThrow(manifest);
+        const existingByDedupeKey = new Set(existingEvents.map((e) => e.dedupeKey));
+        const allExist = plan.events.every((e) => existingByDedupeKey.has(e.dedupeKey));
+        if (allExist) {
+            return;
+        }
+        const anyExist = plan.events.some((e) => existingByDedupeKey.has(e.dedupeKey));
+        if (anyExist && !allExist) {
+            throw new StoreFailure({
+                code: 'SESSION_STORE_INVARIANT_VIOLATION',
+                message: 'Partial dedupeKey collision detected (some events exist, some do not); this is an invariant violation',
+            });
+        }
+        const expectedFirstEventIndex = nextEventIndexFromManifest(manifest);
+        validateAppendPlanOrThrow(sessionId, plan, expectedFirstEventIndex);
+        const first = plan.events[0].eventIndex;
+        const last = plan.events[plan.events.length - 1].eventIndex;
+        const segmentRelPath = segmentRelPathFor(first, last);
+        const segmentPath = `${sessionDir}/${segmentRelPath}`;
+        const tmpPath = `${segmentPath}.tmp`;
+        const segmentBytes = concatJsonlRecords(plan.events);
+        const tmpHandle = await this.unwrap(this.fs.openWriteTruncate(tmpPath), mapFsToStoreError);
+        await this.unwrap(this.fs.writeAll(tmpHandle.fd, segmentBytes), mapFsToStoreError);
+        await this.unwrap(this.fs.fsyncFile(tmpHandle.fd), mapFsToStoreError);
+        await this.unwrap(this.fs.closeFile(tmpHandle.fd), mapFsToStoreError);
+        await this.unwrap(this.fs.rename(tmpPath, segmentPath), mapFsToStoreError);
+        await this.unwrap(this.fs.fsyncDir(eventsDir), mapFsToStoreError);
+        const digest = this.sha256.sha256(segmentBytes);
+        const segClosed = {
+            v: 1,
+            manifestIndex: nextManifestIndex(manifest),
+            sessionId,
+            kind: 'segment_closed',
+            firstEventIndex: first,
+            lastEventIndex: last,
+            segmentRelPath,
+            sha256: digest,
+            bytes: segmentBytes.length,
+        };
+        await this.appendManifestRecords(manifestPath, [segClosed]);
+        const pins = sortedPins(plan.snapshotPins);
+        if (pins.length > 0) {
+            const startIndex = segClosed.manifestIndex + 1;
+            const records = pins.map((p, i) => ({
                 v: 1,
-                manifestIndex: nextManifestIndex(manifest),
+                manifestIndex: startIndex + i,
                 sessionId,
-                kind: 'segment_closed',
-                firstEventIndex: first,
-                lastEventIndex: last,
-                segmentRelPath,
-                sha256: digest,
-                bytes: segmentBytes.length,
-            };
-            await this.appendManifestRecords(manifestPath, [segClosed]);
-            const pins = sortedPins(plan.snapshotPins);
-            if (pins.length > 0) {
-                const startIndex = segClosed.manifestIndex + 1;
-                const records = pins.map((p, i) => ({
-                    v: 1,
-                    manifestIndex: startIndex + i,
-                    sessionId,
-                    kind: 'snapshot_pinned',
-                    eventIndex: p.eventIndex,
-                    snapshotRef: p.snapshotRef,
-                    createdByEventId: p.createdByEventId,
-                }));
-                await this.appendManifestRecords(manifestPath, records);
-            }
-        }
-        finally {
-            await this.lock.release(lockHandle).match(() => undefined, () => undefined);
+                kind: 'snapshot_pinned',
+                eventIndex: p.eventIndex,
+                snapshotRef: p.snapshotRef,
+                createdByEventId: p.createdByEventId,
+            }));
+            await this.appendManifestRecords(manifestPath, records);
         }
     }
     async loadImpl(sessionId) {
-        const lockHandle = await this.unwrap(this.lock.acquire(sessionId), mapLockError);
-        try {
-            const sessionDir = this.dataDir.sessionDir(sessionId);
-            const manifestPath = this.dataDir.sessionManifestPath(sessionId);
-            const manifest = await this.readManifestOrEmpty(sessionId);
-            validateManifestContiguityOrThrow(manifest);
-            validateSegmentClosedContiguityOrThrow(manifest);
-            const segments = manifest.filter((m) => m.kind === 'segment_closed');
-            const events = [];
-            for (const seg of segments) {
-                const segmentPath = `${sessionDir}/${seg.segmentRelPath}`;
-                const bytes = await this.unwrap(this.fs.readFileBytes(segmentPath), mapFsToStoreError);
-                const actual = this.sha256.sha256(bytes);
-                if (actual !== seg.sha256) {
-                    throw new StoreFailure({
-                        code: 'SESSION_STORE_CORRUPTION_DETECTED',
-                        message: `Segment digest mismatch: ${seg.segmentRelPath}`,
-                    });
-                }
-                const parsed = parseJsonlLines(bytes, index_js_1.DomainEventV1Schema);
-                if (parsed.length === 0) {
-                    throw new StoreFailure({
-                        code: 'SESSION_STORE_CORRUPTION_DETECTED',
-                        message: `Empty segment referenced by manifest: ${seg.segmentRelPath}`,
-                    });
-                }
-                if (parsed[0].eventIndex !== seg.firstEventIndex || parsed[parsed.length - 1].eventIndex !== seg.lastEventIndex) {
+        const sessionDir = this.dataDir.sessionDir(sessionId);
+        const manifest = await this.readManifestOrEmpty(sessionId);
+        validateManifestContiguityOrThrow(manifest);
+        validateSegmentClosedContiguityOrThrow(manifest);
+        const segments = manifest.filter((m) => m.kind === 'segment_closed');
+        const events = [];
+        for (const seg of segments) {
+            const segmentPath = `${sessionDir}/${seg.segmentRelPath}`;
+            const bytes = await this.fs.readFileBytes(segmentPath).match((v) => v, (e) => {
+                if (e.code === 'FS_NOT_FOUND') {
                     throw new StoreFailure({
                         code: 'SESSION_STORE_CORRUPTION_DETECTED',
-                        message: `Segment bounds mismatch: ${seg.segmentRelPath}`,
+                        location: 'tail',
+                        reason: { code: 'missing_attested_segment', message: `Missing attested segment: ${seg.segmentRelPath}` },
+                        message: `Missing attested segment: ${seg.segmentRelPath}`,
                     });
                 }
-                for (let i = 1; i < parsed.length; i++) {
-                    if (parsed[i].eventIndex !== parsed[i - 1].eventIndex + 1) {
-                        throw new StoreFailure({
-                            code: 'SESSION_STORE_CORRUPTION_DETECTED',
-                            message: `Non-contiguous eventIndex inside segment: ${seg.segmentRelPath}`,
-                        });
-                    }
-                }
-                events.push(...parsed);
+                throw new StoreFailure(mapFsToStoreError(e));
+            });
+            const actual = this.sha256.sha256(bytes);
+            if (actual !== seg.sha256) {
+                throw new StoreFailure({
+                    code: 'SESSION_STORE_CORRUPTION_DETECTED',
+                    location: 'tail',
+                    reason: { code: 'digest_mismatch', message: `Segment digest mismatch: ${seg.segmentRelPath}` },
+                    message: `Segment digest mismatch: ${seg.segmentRelPath}`,
+                });
+            }
+            const parsed = parseJsonlLines(bytes, index_js_1.DomainEventV1Schema);
+            if (parsed.length === 0) {
+                throw new StoreFailure({
+                    code: 'SESSION_STORE_CORRUPTION_DETECTED',
+                    location: 'tail',
+                    reason: { code: 'non_contiguous_indices', message: `Empty segment referenced by manifest: ${seg.segmentRelPath}` },
+                    message: `Empty segment referenced by manifest: ${seg.segmentRelPath}`,
+                });
+            }
+            if (parsed[0].eventIndex !== seg.firstEventIndex || parsed[parsed.length - 1].eventIndex !== seg.lastEventIndex) {
+                throw new StoreFailure({
+                    code: 'SESSION_STORE_CORRUPTION_DETECTED',
+                    location: 'tail',
+                    reason: { code: 'non_contiguous_indices', message: `Segment bounds mismatch: ${seg.segmentRelPath}` },
+                    message: `Segment bounds mismatch: ${seg.segmentRelPath}`,
+                });
             }
-            const expectedPins = extractSnapshotPinsFromEvents(events);
-            const actualPins = new Set(manifest
-                .filter((m) => m.kind === 'snapshot_pinned')
-                .map((p) => `${p.eventIndex}:${p.createdByEventId}:${p.snapshotRef}`));
-            for (const ep of expectedPins) {
-                const key = `${ep.eventIndex}:${ep.createdByEventId}:${ep.snapshotRef}`;
-                if (!actualPins.has(key)) {
+            for (let i = 1; i < parsed.length; i++) {
+                if (parsed[i].eventIndex !== parsed[i - 1].eventIndex + 1) {
                     throw new StoreFailure({
                         code: 'SESSION_STORE_CORRUPTION_DETECTED',
-                        message: `Missing snapshot_pinned for introduced snapshotRef (pin-after-close violation): ${key}`,
+                        location: 'tail',
+                        reason: { code: 'non_contiguous_indices', message: `Non-contiguous eventIndex inside segment: ${seg.segmentRelPath}` },
+                        message: `Non-contiguous eventIndex inside segment: ${seg.segmentRelPath}`,
                     });
                 }
             }
-            return { manifest, events };
+            events.push(...parsed);
         }
-        finally {
-            await this.lock.release(lockHandle).match(() => undefined, () => undefined);
+        const expectedPins = extractSnapshotPinsFromEvents(events);
+        const actualPins = new Set(manifest
+            .filter((m) => m.kind === 'snapshot_pinned')
+            .map((p) => `${p.eventIndex}:${p.createdByEventId}:${p.snapshotRef}`));
+        for (const ep of expectedPins) {
+            const key = `${ep.eventIndex}:${ep.createdByEventId}:${ep.snapshotRef}`;
+            if (!actualPins.has(key)) {
+                throw new StoreFailure({
+                    code: 'SESSION_STORE_CORRUPTION_DETECTED',
+                    location: 'tail',
+                    reason: { code: 'missing_attested_segment', message: `Missing snapshot_pinned for introduced snapshotRef: ${key}` },
+                    message: `Missing snapshot_pinned for introduced snapshotRef: ${key}`,
+                });
+            }
         }
+        return { manifest, events };
     }
     async readManifestOrEmpty(sessionId) {
         const manifestPath = this.dataDir.sessionManifestPath(sessionId);
@@ -171,6 +190,94 @@ class LocalSessionEventLogStoreV2 {
             return [];
         return parseJsonlText(raw, index_js_1.ManifestRecordV1Schema);
     }
+    async loadValidatedPrefixImpl(sessionId) {
+        const sessionDir = this.dataDir.sessionDir(sessionId);
+        const manifestPath = this.dataDir.sessionManifestPath(sessionId);
+        const raw = await this.fs.readFileUtf8(manifestPath).match((v) => v, (e) => {
+            if (e.code === 'FS_NOT_FOUND')
+                return '';
+            throw new StoreFailure(mapFsToStoreError(e));
+        });
+        if (raw.trim() === '')
+            return { truth: { manifest: [], events: [] }, isComplete: true, tailReason: null };
+        const lines = raw.split('\n').filter((l) => l.trim() !== '');
+        const manifest = [];
+        let isComplete = true;
+        let tailReason = null;
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            let parsed;
+            try {
+                parsed = JSON.parse(line);
+            }
+            catch {
+                isComplete = false;
+                tailReason = { code: 'non_contiguous_indices', message: 'Invalid JSON in manifest (corrupt tail)' };
+                break;
+            }
+            const validated = index_js_1.ManifestRecordV1Schema.safeParse(parsed);
+            if (!validated.success) {
+                isComplete = false;
+                tailReason = { code: 'unknown_schema_version', message: 'Unknown manifest schema version (corrupt tail)' };
+                break;
+            }
+            if (validated.data.manifestIndex !== i) {
+                isComplete = false;
+                tailReason = { code: 'non_contiguous_indices', message: 'Non-contiguous manifestIndex in prefix (corrupt tail)' };
+                break;
+            }
+            manifest.push(validated.data);
+        }
+        if (manifest.length === 0) {
+            throw new StoreFailure({
+                code: 'SESSION_STORE_CORRUPTION_DETECTED',
+                location: 'head',
+                reason: { code: 'non_contiguous_indices', message: 'No validated manifest prefix' },
+                message: 'No validated manifest prefix',
+            });
+        }
+        const segments = manifest.filter((m) => m.kind === 'segment_closed');
+        const events = [];
+        for (const seg of segments) {
+            const segmentPath = `${sessionDir}/${seg.segmentRelPath}`;
+            const bytes = await this.fs.readFileBytes(segmentPath).match((v) => v, (e) => {
+                if (e.code === 'FS_NOT_FOUND')
+                    return null;
+                throw new StoreFailure(mapFsToStoreError(e));
+            });
+            if (bytes === null) {
+                isComplete = false;
+                tailReason ?? (tailReason = { code: 'missing_attested_segment', message: `Missing attested segment: ${seg.segmentRelPath}` });
+                break;
+            }
+            const actual = this.sha256.sha256(bytes);
+            if (actual !== seg.sha256) {
+                isComplete = false;
+                tailReason ?? (tailReason = { code: 'digest_mismatch', message: `Segment digest mismatch: ${seg.segmentRelPath}` });
+                break;
+            }
+            const parsed = parseJsonlLines(bytes, index_js_1.DomainEventV1Schema);
+            if (parsed.length === 0) {
+                isComplete = false;
+                tailReason ?? (tailReason = { code: 'non_contiguous_indices', message: `Empty segment referenced by manifest: ${seg.segmentRelPath}` });
+                break;
+            }
+            if (parsed[0].eventIndex !== seg.firstEventIndex || parsed[parsed.length - 1].eventIndex !== seg.lastEventIndex) {
+                isComplete = false;
+                tailReason ?? (tailReason = { code: 'non_contiguous_indices', message: `Segment bounds mismatch: ${seg.segmentRelPath}` });
+                break;
+            }
+            for (let i = 1; i < parsed.length; i++) {
+                if (parsed[i].eventIndex !== parsed[i - 1].eventIndex + 1) {
+                    isComplete = false;
+                    tailReason ?? (tailReason = { code: 'non_contiguous_indices', message: `Non-contiguous eventIndex inside segment: ${seg.segmentRelPath}` });
+                    break;
+                }
+            }
+            events.push(...parsed);
+        }
+        return { truth: { manifest, events }, isComplete, tailReason };
+    }
     async loadTruthOrEmpty(sessionId) {
         const manifest = await this.readManifestOrEmpty(sessionId);
         if (manifest.length === 0)
@@ -200,12 +307,6 @@ class LocalSessionEventLogStoreV2 {
     }
 }
 exports.LocalSessionEventLogStoreV2 = LocalSessionEventLogStoreV2;
-function mapLockError(e) {
-    if (e.code === 'SESSION_LOCK_BUSY') {
-        return { code: 'SESSION_STORE_LOCK_BUSY', message: e.message, retry: e.retry };
-    }
-    return { code: 'SESSION_STORE_IO_ERROR', message: e.message };
-}
 function mapFsToStoreError(e) {
     return { code: 'SESSION_STORE_IO_ERROR', message: e.message };
 }
@@ -226,6 +327,11 @@ function validateManifestContiguityOrThrow(manifest) {
         if (manifest[i].manifestIndex !== expected) {
             throw new StoreFailure({
                 code: 'SESSION_STORE_CORRUPTION_DETECTED',
+                location: i === 0 ? 'head' : 'tail',
+                reason: {
+                    code: 'non_contiguous_indices',
+                    message: `Non-contiguous manifestIndex at position ${i} (expected ${expected}, got ${manifest[i].manifestIndex})`,
+                },
                 message: `Non-contiguous manifestIndex at position ${i} (expected ${expected}, got ${manifest[i].manifestIndex})`,
             });
         }
@@ -239,6 +345,11 @@ function validateSegmentClosedContiguityOrThrow(manifest) {
         if (cur.firstEventIndex !== prev.lastEventIndex + 1) {
             throw new StoreFailure({
                 code: 'SESSION_STORE_CORRUPTION_DETECTED',
+                location: 'tail',
+                reason: {
+                    code: 'non_contiguous_indices',
+                    message: `Non-contiguous segment_closed bounds (expected firstEventIndex=${prev.lastEventIndex + 1}, got ${cur.firstEventIndex})`,
+                },
                 message: `Non-contiguous segment_closed bounds (expected firstEventIndex=${prev.lastEventIndex + 1}, got ${cur.firstEventIndex})`,
             });
         }
@@ -327,11 +438,21 @@ function parseJsonlText(text, schema) {
             parsed = JSON.parse(raw);
         }
         catch {
-            throw new StoreFailure({ code: 'SESSION_STORE_CORRUPTION_DETECTED', message: `Invalid JSONL at line ${i}` });
+            throw new StoreFailure({
+                code: 'SESSION_STORE_CORRUPTION_DETECTED',
+                location: i === 0 ? 'head' : 'tail',
+                reason: { code: 'non_contiguous_indices', message: `Invalid JSONL at line ${i}` },
+                message: `Invalid JSONL at line ${i}`,
+            });
         }
         const validated = schema.safeParse(parsed);
         if (!validated.success) {
-            throw new StoreFailure({ code: 'SESSION_STORE_CORRUPTION_DETECTED', message: `Invalid record at line ${i}` });
+            throw new StoreFailure({
+                code: 'SESSION_STORE_CORRUPTION_DETECTED',
+                location: i === 0 ? 'head' : 'tail',
+                reason: { code: 'unknown_schema_version', message: `Invalid record at line ${i}` },
+                message: `Invalid record at line ${i}`,
+            });
         }
         out.push(validated.data);
     }
@@ -346,13 +467,7 @@ function extractSnapshotPinsFromEvents(events) {
     for (const e of events) {
         if (e.kind !== 'node_created')
             continue;
-        const data = e.data;
-        if (typeof data !== 'object' || data === null)
-            continue;
-        const snap = data.snapshotRef;
-        if (typeof snap === 'string') {
-            out.push({ snapshotRef: snap, eventIndex: e.eventIndex, createdByEventId: e.eventId });
-        }
+        out.push({ snapshotRef: e.data.snapshotRef, eventIndex: e.eventIndex, createdByEventId: e.eventId });
     }
     return out;
 }

package/dist/v2/infra/local/snapshot-store/index.d.ts

@@ -0,0 +1,15 @@
+import type { ResultAsync } from 'neverthrow';
+import type { DataDirPortV2 } from '../../../ports/data-dir.port.js';
+import type { FileSystemPortV2 } from '../../../ports/fs.port.js';
+import type { SnapshotStoreError, SnapshotStorePortV2 } from '../../../ports/snapshot-store.port.js';
+import type { SnapshotRef } from '../../../durable-core/ids/index.js';
+import type { ExecutionSnapshotFileV1 } from '../../../durable-core/schemas/execution-snapshot/index.js';
+import type { CryptoPortV2 } from '../../../durable-core/canonical/hashing.js';
+export declare class LocalSnapshotStoreV2 implements SnapshotStorePortV2 {
+    private readonly dataDir;
+    private readonly fs;
+    private readonly crypto;
+    constructor(dataDir: DataDirPortV2, fs: FileSystemPortV2, crypto: CryptoPortV2);
+    putExecutionSnapshotV1(snapshot: ExecutionSnapshotFileV1): ResultAsync<SnapshotRef, SnapshotStoreError>;
+    getExecutionSnapshotV1(snapshotRef: SnapshotRef): ResultAsync<ExecutionSnapshotFileV1 | null, SnapshotStoreError>;
+}

package/dist/v2/infra/local/snapshot-store/index.js

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LocalSnapshotStoreV2 = void 0;
+const neverthrow_1 = require("neverthrow");
+const index_js_1 = require("../../../durable-core/ids/index.js");
+const index_js_2 = require("../../../durable-core/schemas/execution-snapshot/index.js");
+const jcs_js_1 = require("../../../durable-core/canonical/jcs.js");
+function isFsErrorV2(e) {
+    if (typeof e !== 'object' || e === null)
+        return false;
+    const code = e.code;
+    return (code === 'FS_IO_ERROR' ||
+        code === 'FS_NOT_FOUND' ||
+        code === 'FS_ALREADY_EXISTS' ||
+        code === 'FS_PERMISSION_DENIED' ||
+        code === 'FS_UNSUPPORTED');
+}
+class LocalSnapshotStoreV2 {
+    constructor(dataDir, fs, crypto) {
+        this.dataDir = dataDir;
+        this.fs = fs;
+        this.crypto = crypto;
+    }
+    putExecutionSnapshotV1(snapshot) {
+        const canonical = (0, jcs_js_1.toCanonicalBytes)(snapshot).mapErr((e) => ({
+            code: 'SNAPSHOT_STORE_INVARIANT_VIOLATION',
+            message: e.message,
+        }));
+        if (canonical.isErr())
+            return (0, neverthrow_1.errAsync)(canonical.error);
+        const ref = (0, index_js_1.asSnapshotRef)(this.crypto.sha256(canonical.value));
+        const dir = this.dataDir.snapshotsDir();
+        const filePath = this.dataDir.snapshotPath(String(ref));
+        const tmpPath = `${filePath}.tmp`;
+        return this.fs
+            .mkdirp(dir)
+            .andThen(() => this.fs.openWriteTruncate(tmpPath))
+            .andThen((h) => this.fs
+            .writeAll(h.fd, canonical.value)
+            .andThen(() => this.fs.fsyncFile(h.fd))
+            .andThen(() => this.fs.closeFile(h.fd)))
+            .andThen(() => this.fs.rename(tmpPath, filePath))
+            .andThen(() => this.fs.fsyncDir(dir))
+            .map(() => ref)
+            .mapErr((e) => ({ code: 'SNAPSHOT_STORE_IO_ERROR', message: e.message }));
+    }
+    getExecutionSnapshotV1(snapshotRef) {
+        const filePath = this.dataDir.snapshotPath(String(snapshotRef));
+        return this.fs
+            .readFileBytes(filePath)
+            .andThen((bytes) => neverthrow_1.ResultAsync.fromPromise((async () => {
+            const parsed = JSON.parse(new TextDecoder().decode(bytes));
+            const validated = index_js_2.ExecutionSnapshotFileV1Schema.safeParse(parsed);
+            if (!validated.success) {
+                throw new Error('invalid_snapshot_shape');
+            }
+            return validated.data;
+        })(), (e) => {
+            const msg = e instanceof Error ? e.message : String(e);
+            if (msg === 'invalid_snapshot_shape') {
+                return { code: 'SNAPSHOT_STORE_CORRUPTION_DETECTED', message: `Invalid execution snapshot file: ${filePath}` };
+            }
+            return { code: 'SNAPSHOT_STORE_CORRUPTION_DETECTED', message: `Invalid JSON snapshot file: ${filePath}` };
+        }))
+            .map((v) => v)
+            .orElse((e) => {
+            if (isFsErrorV2(e)) {
+                if (e.code === 'FS_NOT_FOUND')
+                    return (0, neverthrow_1.okAsync)(null);
+                return (0, neverthrow_1.errAsync)({ code: 'SNAPSHOT_STORE_IO_ERROR', message: e.message });
+            }
+            return (0, neverthrow_1.errAsync)(e);
+        });
+    }
+}
+exports.LocalSnapshotStoreV2 = LocalSnapshotStoreV2;

package/dist/v2/ports/data-dir.port.d.ts

@@ -1,6 +1,10 @@
 export interface DataDirPortV2 {
     pinnedWorkflowsDir(): string;
     pinnedWorkflowPath(workflowHash: string): string;
+    snapshotsDir(): string;
+    snapshotPath(snapshotRef: string): string;
+    keysDir(): string;
+    keyringPath(): string;
     sessionsDir(): string;
     sessionDir(sessionId: string): string;
     sessionEventsDir(sessionId: string): string;

package/dist/v2/ports/hmac-sha256.port.d.ts

@@ -0,0 +1,4 @@
+export interface HmacSha256PortV2 {
+    hmacSha256(key: Uint8Array, message: Uint8Array): Uint8Array;
+    timingSafeEqual(a: Uint8Array, b: Uint8Array): boolean;
+}

package/dist/v2/ports/hmac-sha256.port.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/v2/ports/keyring.port.d.ts

@@ -0,0 +1,26 @@
+import type { ResultAsync } from 'neverthrow';
+export interface KeyringV1 {
+    readonly v: 1;
+    readonly current: {
+        readonly alg: 'hmac_sha256';
+        readonly keyBase64Url: string;
+    };
+    readonly previous: {
+        readonly alg: 'hmac_sha256';
+        readonly keyBase64Url: string;
+    } | null;
+}
+export type KeyringError = {
+    readonly code: 'KEYRING_IO_ERROR';
+    readonly message: string;
+} | {
+    readonly code: 'KEYRING_CORRUPTION_DETECTED';
+    readonly message: string;
+} | {
+    readonly code: 'KEYRING_INVARIANT_VIOLATION';
+    readonly message: string;
+};
+export interface KeyringPortV2 {
+    loadOrCreate(): ResultAsync<KeyringV1, KeyringError>;
+    rotate(): ResultAsync<KeyringV1, KeyringError>;
+}

package/dist/v2/ports/keyring.port.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/v2/ports/session-event-log-store.port.d.ts

@@ -1,6 +1,8 @@
 import type { ResultAsync } from 'neverthrow';
 import type { SessionId, SnapshotRef } from '../durable-core/ids/index.js';
 import type { DomainEventV1, ManifestRecordV1 } from '../durable-core/schemas/session/index.js';
+import type { WithHealthySessionLock } from '../durable-core/ids/with-healthy-session-lock.js';
+import type { CorruptionReasonV2 } from '../durable-core/schemas/session/session-health.js';
 export interface SnapshotPinV2 {
     readonly snapshotRef: SnapshotRef;
     readonly eventIndex: number;
@@ -23,6 +25,8 @@ export type SessionEventLogStoreError = {
 } | {
     readonly code: 'SESSION_STORE_CORRUPTION_DETECTED';
     readonly message: string;
+    readonly location: 'head' | 'tail';
+    readonly reason: CorruptionReasonV2;
 } | {
     readonly code: 'SESSION_STORE_INVARIANT_VIOLATION';
     readonly message: string;
@@ -31,7 +35,15 @@ export interface LoadedSessionTruthV2 {
     readonly manifest: readonly ManifestRecordV1[];
     readonly events: readonly DomainEventV1[];
 }
-export interface SessionEventLogStorePortV2 {
-    append(sessionId: SessionId, plan: AppendPlanV2): ResultAsync<void, SessionEventLogStoreError>;
+export type LoadedValidatedPrefixV2 = {
+    readonly truth: LoadedSessionTruthV2;
+    readonly isComplete: boolean;
+    readonly tailReason: CorruptionReasonV2 | null;
+};
+export interface SessionEventLogReadonlyStorePortV2 {
     load(sessionId: SessionId): ResultAsync<LoadedSessionTruthV2, SessionEventLogStoreError>;
+    loadValidatedPrefix(sessionId: SessionId): ResultAsync<LoadedValidatedPrefixV2, SessionEventLogStoreError>;
+}
+export interface SessionEventLogAppendStorePortV2 {
+    append(lock: WithHealthySessionLock, plan: AppendPlanV2): ResultAsync<void, SessionEventLogStoreError>;
 }

package/dist/v2/ports/snapshot-store.port.d.ts

@@ -0,0 +1,17 @@
+import type { ResultAsync } from 'neverthrow';
+import type { SnapshotRef } from '../durable-core/ids/index.js';
+import type { ExecutionSnapshotFileV1 } from '../durable-core/schemas/execution-snapshot/index.js';
+export type SnapshotStoreError = {
+    readonly code: 'SNAPSHOT_STORE_IO_ERROR';
+    readonly message: string;
+} | {
+    readonly code: 'SNAPSHOT_STORE_CORRUPTION_DETECTED';
+    readonly message: string;
+} | {
+    readonly code: 'SNAPSHOT_STORE_INVARIANT_VIOLATION';
+    readonly message: string;
+};
+export interface SnapshotStorePortV2 {
+    putExecutionSnapshotV1(snapshot: ExecutionSnapshotFileV1): ResultAsync<SnapshotRef, SnapshotStoreError>;
+    getExecutionSnapshotV1(snapshotRef: SnapshotRef): ResultAsync<ExecutionSnapshotFileV1 | null, SnapshotStoreError>;
+}