@exaudeus/workrail 1.1.0 → 1.2.0

package/dist/v2/durable-core/domain/blocked-node-builder.js

@@ -0,0 +1,94 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildBlockedNodeSnapshot = buildBlockedNodeSnapshot;
+const neverthrow_1 = require("neverthrow");
+const attempt_id_derivation_js_1 = require("../ids/attempt-id-derivation.js");
+function toContractViolationReason(reason) {
+    switch (reason.kind) {
+        case 'invalid_required_output':
+            return { kind: 'invalid_required_output', contractRef: reason.contractRef };
+        case 'missing_required_output':
+            return { kind: 'missing_required_output', contractRef: reason.contractRef };
+        case 'missing_context_key':
+            return { kind: 'missing_context_key', key: reason.key };
+        case 'context_budget_exceeded':
+            return { kind: 'context_budget_exceeded' };
+        default:
+            return null;
+    }
+}
+function toTerminalReason(reason) {
+    switch (reason.kind) {
+        case 'user_only_dependency':
+            return { kind: 'user_only_dependency', detail: reason.detail, stepId: reason.stepId };
+        case 'required_capability_unknown':
+            return { kind: 'required_capability_unknown', capability: reason.capability };
+        case 'required_capability_unavailable':
+            return { kind: 'required_capability_unavailable', capability: reason.capability };
+        case 'invariant_violation':
+            return { kind: 'invariant_violation' };
+        case 'storage_corruption_detected':
+            return { kind: 'storage_corruption_detected' };
+        case 'evaluation_error':
+            return { kind: 'evaluation_error' };
+        default:
+            return null;
+    }
+}
+function buildBlockedPayload(args) {
+    const retryable = toContractViolationReason(args.primaryReason);
+    if (retryable) {
+        const retryAttemptId = (0, attempt_id_derivation_js_1.deriveChildAttemptId)(args.attemptId, args.sha256);
+        return (0, neverthrow_1.ok)({
+            kind: 'retryable_block',
+            reason: retryable,
+            retryAttemptId: String(retryAttemptId),
+            validationRef: args.validationRef,
+            blockers: args.blockers,
+        });
+    }
+    const terminal = toTerminalReason(args.primaryReason);
+    if (terminal) {
+        return (0, neverthrow_1.ok)({
+            kind: 'terminal_block',
+            reason: terminal,
+            validationRef: args.validationRef,
+            blockers: args.blockers,
+        });
+    }
+    return (0, neverthrow_1.err)({
+        code: 'BLOCKED_NODE_INVARIANT_VIOLATION',
+        message: `Unsupported primary reason for blocked snapshot: ${args.primaryReason.kind}`,
+    });
+}
+function buildBlockedNodeSnapshot(args) {
+    const state = args.priorSnapshot.enginePayload.engineState;
+    if (state.kind !== 'running' && state.kind !== 'blocked') {
+        return (0, neverthrow_1.err)({
+            code: 'BLOCKED_NODE_UNSUPPORTED_STATE',
+            message: `Blocked nodes can only be created from running or blocked state (got: ${state.kind})`,
+        });
+    }
+    const blockedRes = buildBlockedPayload({
+        primaryReason: args.primaryReason,
+        attemptId: args.attemptId,
+        validationRef: args.validationRef,
+        blockers: args.blockers,
+        sha256: args.sha256,
+    });
+    if (blockedRes.isErr())
+        return (0, neverthrow_1.err)(blockedRes.error);
+    return (0, neverthrow_1.ok)({
+        ...args.priorSnapshot,
+        enginePayload: {
+            ...args.priorSnapshot.enginePayload,
+            engineState: {
+                kind: 'blocked',
+                completed: state.completed,
+                loopStack: state.loopStack,
+                pending: state.pending,
+                blocked: blockedRes.value,
+            },
+        },
+    });
+}

package/dist/v2/durable-core/domain/decision-trace-builder.d.ts

@@ -0,0 +1,33 @@
+import type { Result } from 'neverthrow';
+export type DecisionTraceEntryKind = 'selected_next_step' | 'evaluated_condition' | 'entered_loop' | 'exited_loop' | 'detected_non_tip_advance';
+export type DecisionTraceRef = {
+    readonly kind: 'step_id';
+    readonly stepId: string;
+} | {
+    readonly kind: 'loop_id';
+    readonly loopId: string;
+} | {
+    readonly kind: 'condition_id';
+    readonly conditionId: string;
+} | {
+    readonly kind: 'iteration';
+    readonly value: number;
+};
+export interface DecisionTraceEntry {
+    readonly kind: DecisionTraceEntryKind;
+    readonly summary: string;
+    readonly refs?: readonly DecisionTraceRef[];
+}
+export declare function traceEnteredLoop(loopId: string, iteration: number): DecisionTraceEntry;
+export declare function traceEvaluatedCondition(loopId: string, iteration: number, result: boolean, source: 'artifact' | 'context' | 'legacy'): DecisionTraceEntry;
+export declare function traceExitedLoop(loopId: string, reason: string): DecisionTraceEntry;
+export declare function traceSelectedNextStep(stepId: string): DecisionTraceEntry;
+export declare function applyTraceBudget(entries: readonly DecisionTraceEntry[]): readonly DecisionTraceEntry[];
+export declare function buildDecisionTraceEventData(traceId: string, entries: readonly DecisionTraceEntry[]): Result<{
+    readonly traceId: string;
+    readonly entries: readonly {
+        readonly kind: string;
+        readonly summary: string;
+        readonly refs?: readonly DecisionTraceRef[];
+    }[];
+}, never>;

package/dist/v2/durable-core/domain/decision-trace-builder.js

@@ -0,0 +1,92 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.traceEnteredLoop = traceEnteredLoop;
+exports.traceEvaluatedCondition = traceEvaluatedCondition;
+exports.traceExitedLoop = traceExitedLoop;
+exports.traceSelectedNextStep = traceSelectedNextStep;
+exports.applyTraceBudget = applyTraceBudget;
+exports.buildDecisionTraceEventData = buildDecisionTraceEventData;
+const neverthrow_1 = require("neverthrow");
+const constants_js_1 = require("../constants.js");
+function traceEnteredLoop(loopId, iteration) {
+    return {
+        kind: 'entered_loop',
+        summary: `Entered loop '${loopId}' at iteration ${iteration}.`,
+        refs: [{ kind: 'loop_id', loopId }, { kind: 'iteration', value: iteration }],
+    };
+}
+function traceEvaluatedCondition(loopId, iteration, result, source) {
+    const decision = result ? 'continue' : 'exit';
+    return {
+        kind: 'evaluated_condition',
+        summary: `Evaluated ${source} condition for loop '${loopId}' at iteration ${iteration}: ${decision}.`,
+        refs: [{ kind: 'loop_id', loopId }, { kind: 'iteration', value: iteration }],
+    };
+}
+function traceExitedLoop(loopId, reason) {
+    return {
+        kind: 'exited_loop',
+        summary: `Exited loop '${loopId}': ${reason}.`,
+        refs: [{ kind: 'loop_id', loopId }],
+    };
+}
+function traceSelectedNextStep(stepId) {
+    return {
+        kind: 'selected_next_step',
+        summary: `Selected next step '${stepId}'.`,
+        refs: [{ kind: 'step_id', stepId }],
+    };
+}
+const textEncoder = new TextEncoder();
+function utf8ByteLength(s) {
+    return textEncoder.encode(s).length;
+}
+function applyTraceBudget(entries) {
+    const capped = entries.slice(0, constants_js_1.MAX_DECISION_TRACE_ENTRIES);
+    let totalBytes = 0;
+    const result = [];
+    for (const entry of capped) {
+        let summary = entry.summary;
+        if (utf8ByteLength(summary) > constants_js_1.MAX_DECISION_TRACE_ENTRY_SUMMARY_BYTES) {
+            summary = truncateToUtf8Budget(summary, constants_js_1.MAX_DECISION_TRACE_ENTRY_SUMMARY_BYTES);
+        }
+        const entryBytes = utf8ByteLength(summary);
+        if (totalBytes + entryBytes > constants_js_1.MAX_DECISION_TRACE_TOTAL_BYTES) {
+            const remaining = constants_js_1.MAX_DECISION_TRACE_TOTAL_BYTES - totalBytes;
+            if (remaining > utf8ByteLength(constants_js_1.TRUNCATION_MARKER) + 10) {
+                summary = truncateToUtf8Budget(summary, remaining);
+                result.push({ ...entry, summary });
+            }
+            break;
+        }
+        totalBytes += entryBytes;
+        result.push(summary === entry.summary ? entry : { ...entry, summary });
+    }
+    return result;
+}
+function truncateToUtf8Budget(s, maxBytes) {
+    const markerBytes = utf8ByteLength(constants_js_1.TRUNCATION_MARKER);
+    const targetBytes = maxBytes - markerBytes;
+    if (targetBytes <= 0)
+        return constants_js_1.TRUNCATION_MARKER;
+    const encoded = textEncoder.encode(s);
+    if (encoded.length <= maxBytes)
+        return s;
+    let end = targetBytes;
+    while (end > 0 && (encoded[end] & 0xc0) === 0x80) {
+        end--;
+    }
+    const decoder = new TextDecoder();
+    return decoder.decode(encoded.slice(0, end)) + constants_js_1.TRUNCATION_MARKER;
+}
+function buildDecisionTraceEventData(traceId, entries) {
+    const budgeted = applyTraceBudget(entries);
+    return (0, neverthrow_1.ok)({
+        traceId,
+        entries: budgeted.map((e) => ({
+            kind: e.kind,
+            summary: e.summary,
+            refs: e.refs && e.refs.length > 0 ? e.refs : undefined,
+        })),
+    });
+}

package/dist/v2/durable-core/domain/function-definition-expander.js

@@ -57,7 +57,7 @@ function expandFunctionDefinitions(args) {
         const bPri = scopePriority[bScope] ?? 2;
         if (aPri !== bPri)
             return aPri - bPri;
-        return a.name.localeCompare(b.name);
+        return a.name.localeCompare(b.name, 'en-US');
     });
     return (0, neverthrow_1.ok)(sorted);
 }

package/dist/v2/durable-core/domain/loop-control-evaluator.d.ts

@@ -0,0 +1,13 @@
+import { type LoopControlDecision, type LoopControlArtifactV1 } from '../schemas/artifacts/index.js';
+export type LoopControlEvaluationResult = {
+    readonly kind: 'found';
+    readonly decision: LoopControlDecision;
+    readonly artifact: LoopControlArtifactV1;
+} | {
+    readonly kind: 'not_found';
+    readonly reason: string;
+} | {
+    readonly kind: 'invalid';
+    readonly reason: string;
+};
+export declare function evaluateLoopControlFromArtifacts(artifacts: readonly unknown[], loopId: string): LoopControlEvaluationResult;

package/dist/v2/durable-core/domain/loop-control-evaluator.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.evaluateLoopControlFromArtifacts = evaluateLoopControlFromArtifacts;
+const index_js_1 = require("../schemas/artifacts/index.js");
+function evaluateLoopControlFromArtifacts(artifacts, loopId) {
+    if (artifacts.length === 0) {
+        return {
+            kind: 'not_found',
+            reason: `No artifacts provided to evaluate loop control for loopId=${loopId}`,
+        };
+    }
+    const artifact = (0, index_js_1.findLoopControlArtifact)(artifacts, loopId);
+    if (!artifact) {
+        return {
+            kind: 'not_found',
+            reason: `No loop control artifact found for loopId=${loopId}`,
+        };
+    }
+    return {
+        kind: 'found',
+        decision: artifact.decision,
+        artifact,
+    };
+}

package/dist/v2/durable-core/domain/observation-builder.d.ts

@@ -0,0 +1,16 @@
+import type { WorkspaceAnchor } from '../../ports/workspace-anchor.port.js';
+export interface ObservationEventData {
+    readonly key: 'git_branch' | 'git_head_sha' | 'repo_root_hash';
+    readonly value: {
+        readonly type: 'short_string';
+        readonly value: string;
+    } | {
+        readonly type: 'git_sha1';
+        readonly value: string;
+    } | {
+        readonly type: 'sha256';
+        readonly value: string;
+    };
+    readonly confidence: 'low' | 'med' | 'high';
+}
+export declare function anchorsToObservations(anchors: readonly WorkspaceAnchor[]): readonly ObservationEventData[];

package/dist/v2/durable-core/domain/observation-builder.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.anchorsToObservations = anchorsToObservations;
+function anchorsToObservations(anchors) {
+    const observations = [];
+    for (const anchor of anchors) {
+        switch (anchor.key) {
+            case 'git_branch':
+                if (anchor.value.length > 80)
+                    break;
+                observations.push({
+                    key: 'git_branch',
+                    value: { type: 'short_string', value: anchor.value },
+                    confidence: 'high',
+                });
+                break;
+            case 'git_head_sha':
+                if (!/^[0-9a-f]{40}$/.test(anchor.value))
+                    break;
+                observations.push({
+                    key: 'git_head_sha',
+                    value: { type: 'git_sha1', value: anchor.value },
+                    confidence: 'high',
+                });
+                break;
+            case 'repo_root_hash':
+                if (!/^sha256:[0-9a-f]{64}$/.test(anchor.value))
+                    break;
+                observations.push({
+                    key: 'repo_root_hash',
+                    value: { type: 'sha256', value: anchor.value },
+                    confidence: 'high',
+                });
+                break;
+            default: {
+                const _exhaustive = anchor;
+                return _exhaustive;
+            }
+        }
+    }
+    return observations;
+}

package/dist/v2/durable-core/domain/outputs.js

@@ -9,10 +9,10 @@ function normalizeOutputsForAppend(outputs) {
         const aSha = a.payload.sha256 ?? '';
         const bSha = b.payload.sha256 ?? '';
         if (aSha !== bSha)
-            return aSha.localeCompare(bSha);
+            return aSha.localeCompare(bSha, 'en-US');
         const aType = a.payload.contentType ?? '';
         const bType = b.payload.contentType ?? '';
-        return aType.localeCompare(bType);
+        return aType.localeCompare(bType, 'en-US');
     });
     return [...recapFirst, ...sortedArtifacts];
 }

package/dist/v2/durable-core/domain/prompt-renderer.js

@@ -9,6 +9,8 @@ const node_outputs_js_1 = require("../../projections/node-outputs.js");
 const recap_recovery_js_1 = require("./recap-recovery.js");
 const function_definition_expander_js_1 = require("./function-definition-expander.js");
 const constants_js_1 = require("../constants.js");
+const validation_requirements_extractor_js_1 = require("./validation-requirements-extractor.js");
+const index_js_2 = require("../schemas/artifacts/index.js");
 function buildNonTipSections(args) {
     const sections = [];
     const childSummary = (0, recap_recovery_js_1.buildChildSummary)({ nodeId: args.nodeId, dag: args.run });
@@ -112,6 +114,24 @@ function applyPromptBudget(combinedPrompt) {
     const decoder = new TextDecoder('utf-8');
     return decoder.decode(truncatedBytes) + markerText + omissionNote;
 }
+function formatOutputContractRequirements(outputContract) {
+    const contractRef = outputContract?.contractRef;
+    if (!contractRef)
+        return [];
+    switch (contractRef) {
+        case index_js_2.LOOP_CONTROL_CONTRACT_REF:
+            return [
+                `Artifact contract: ${index_js_2.LOOP_CONTROL_CONTRACT_REF}`,
+                `Provide an artifact with kind: "wr.loop_control"`,
+                `Fields: loopId (lowercase, delimiter-safe), decision ("continue" | "stop")`,
+            ];
+        default:
+            return [
+                `Artifact contract: ${contractRef}`,
+                `Provide an artifact matching the contract schema`,
+            ];
+    }
+}
 function loadRecoveryProjections(args) {
     const dagRes = (0, run_dag_js_1.projectRunDagV2)(args.truth.events);
     if (dagRes.isErr()) {
@@ -134,15 +154,28 @@ function renderPendingPrompt(args) {
     const basePrompt = step?.prompt ?? `Pending step: ${args.stepId}`;
     const requireConfirmation = Boolean(step?.requireConfirmation);
     const functionReferences = step?.functionReferences ?? [];
+    const validationCriteria = step?.validationCriteria;
+    const requirements = (0, validation_requirements_extractor_js_1.extractValidationRequirements)(validationCriteria);
+    const requirementsSection = requirements.length > 0
+        ? `\n\n**OUTPUT REQUIREMENTS:**\n${requirements.map(r => `- ${r}`).join('\n')}`
+        : '';
+    const outputContract = step && typeof step === 'object' && 'outputContract' in step
+        ? step.outputContract
+        : undefined;
+    const contractRequirements = formatOutputContractRequirements(outputContract);
+    const contractSection = contractRequirements.length > 0
+        ? `\n\n**OUTPUT REQUIREMENTS (System):**\n${contractRequirements.map(r => `- ${r}`).join('\n')}`
+        : '';
+    const enhancedPrompt = basePrompt + requirementsSection + contractSection;
     if (!args.rehydrateOnly) {
-        return (0, neverthrow_1.ok)({ stepId: args.stepId, title: baseTitle, prompt: basePrompt, requireConfirmation });
+        return (0, neverthrow_1.ok)({ stepId: args.stepId, title: baseTitle, prompt: enhancedPrompt, requireConfirmation });
     }
     const projectionsRes = loadRecoveryProjections({ truth: args.truth, runId: args.runId });
     if (projectionsRes.isErr()) {
         return (0, neverthrow_1.ok)({
             stepId: args.stepId,
             title: baseTitle,
-            prompt: basePrompt + '\n\n' + projectionsRes.error,
+            prompt: enhancedPrompt + '\n\n' + projectionsRes.error,
             requireConfirmation,
         });
     }
@@ -158,10 +191,10 @@ function renderPendingPrompt(args) {
         functionReferences,
     });
     if (sections.length === 0) {
-        return (0, neverthrow_1.ok)({ stepId: args.stepId, title: baseTitle, prompt: basePrompt, requireConfirmation });
+        return (0, neverthrow_1.ok)({ stepId: args.stepId, title: baseTitle, prompt: enhancedPrompt, requireConfirmation });
     }
     const recoveryText = `## Recovery Context\n\n${sections.join('\n\n')}`;
-    const combinedPrompt = `${basePrompt}\n\n${recoveryText}`;
+    const combinedPrompt = `${enhancedPrompt}\n\n${recoveryText}`;
     const finalPrompt = applyPromptBudget(combinedPrompt);
     return (0, neverthrow_1.ok)({ stepId: args.stepId, title: baseTitle, prompt: finalPrompt, requireConfirmation });
 }

package/dist/v2/durable-core/domain/reason-model.d.ts

@@ -14,7 +14,7 @@ export type GapReasonV1 = {
     readonly detail: 'required_capability_unavailable' | 'required_capability_unknown';
 } | {
     readonly category: 'unexpected';
-    readonly detail: 'invariant_violation' | 'storage_corruption_detected';
+    readonly detail: 'invariant_violation' | 'storage_corruption_detected' | 'evaluation_error';
 };
 export type BlockerCodeV1 = 'USER_ONLY_DEPENDENCY' | 'MISSING_REQUIRED_OUTPUT' | 'INVALID_REQUIRED_OUTPUT' | 'REQUIRED_CAPABILITY_UNKNOWN' | 'REQUIRED_CAPABILITY_UNAVAILABLE' | 'INVARIANT_VIOLATION' | 'STORAGE_CORRUPTION_DETECTED';
 export type BlockerPointerV1 = {
@@ -66,6 +66,8 @@ export type ReasonV1 = {
     readonly kind: 'invariant_violation';
 } | {
     readonly kind: 'storage_corruption_detected';
+} | {
+    readonly kind: 'evaluation_error';
 };
 export type ReasonModelError = {
     readonly code: 'INVALID_DELIMITER_SAFE_ID';

package/dist/v2/durable-core/domain/reason-model.js

@@ -78,6 +78,12 @@ function reasonToGap(reason) {
                 reason: { category: 'unexpected', detail: 'storage_corruption_detected' },
                 summary: 'Storage corruption detected',
             };
+        case 'evaluation_error':
+            return {
+                severity: 'critical',
+                reason: { category: 'unexpected', detail: 'evaluation_error' },
+                summary: 'Validation evaluation failed',
+            };
         case 'missing_context_key':
             return {
                 severity: 'critical',
@@ -152,7 +158,7 @@ function reasonToBlocker(reason) {
                 code: 'MISSING_REQUIRED_OUTPUT',
                 pointer: { kind: 'output_contract', contractRef },
                 message: `Missing required output (contractRef=${contractRef}).`,
-                suggestedFix: 'Provide output.notesMarkdown that satisfies the step output requirements.',
+                suggestedFix: 'Call continue_workflow WITHOUT ackToken to rehydrate and receive a fresh ackToken, then retry with output.notesMarkdown that satisfies the step output requirements.',
             }))
                 .andThen(ensureBlockerTextBudgets);
         case 'invalid_required_output':
@@ -161,7 +167,7 @@ function reasonToBlocker(reason) {
                 code: 'INVALID_REQUIRED_OUTPUT',
                 pointer: { kind: 'output_contract', contractRef },
                 message: `Invalid output for contractRef=${contractRef}.`,
-                suggestedFix: 'Adjust output.notesMarkdown to satisfy validation and retry continue_workflow with the same ackToken.',
+                suggestedFix: 'Update output.notesMarkdown to satisfy validation. Then call continue_workflow WITHOUT ackToken (rehydrate) to receive a fresh ackToken, and retry advance with that new ackToken. Replaying the same ackToken is idempotent and will keep returning this blocked result.',
             }))
                 .andThen(ensureBlockerTextBudgets);
         case 'required_capability_unknown':
@@ -201,6 +207,13 @@ function reasonToBlocker(reason) {
                 message: 'Storage corruption detected: durable session data failed validation.',
                 suggestedFix: 'Stop and investigate the session store; do not continue advancing this session.',
             });
+        case 'evaluation_error':
+            return ensureBlockerTextBudgets({
+                code: 'INVARIANT_VIOLATION',
+                pointer: { kind: 'context_budget' },
+                message: 'Validation evaluation failed: ValidationEngine encountered an error.',
+                suggestedFix: 'Check validation criteria for malformed rules or circular references.',
+            });
         default: {
             const _exhaustive = reason;
             return _exhaustive;
@@ -218,7 +231,7 @@ function buildBlockerReport(reasons) {
             return (0, neverthrow_1.err)(b.error);
         blockers.push(b.value);
     }
-    blockers.sort((a, b) => blockerSortKey(a).localeCompare(blockerSortKey(b)));
+    blockers.sort((a, b) => blockerSortKey(a).localeCompare(blockerSortKey(b), 'en-US'));
     return (0, neverthrow_1.ok)({ blockers: blockers.slice(0, constants_js_1.MAX_BLOCKERS) });
 }
 function shouldBlock(autonomy, reasons) {

package/dist/v2/durable-core/domain/recommendation-warnings.d.ts

@@ -0,0 +1,20 @@
+import type { AutonomyV2, RiskPolicyV2 } from '../schemas/session/preferences.js';
+export interface RecommendedPreferencesV2 {
+    readonly recommendedAutonomy?: AutonomyV2;
+    readonly recommendedRiskPolicy?: RiskPolicyV2;
+}
+export type RecommendationWarning = {
+    readonly kind: 'autonomy_exceeds_recommendation';
+    readonly effective: AutonomyV2;
+    readonly recommended: AutonomyV2;
+    readonly summary: string;
+} | {
+    readonly kind: 'risk_policy_exceeds_recommendation';
+    readonly effective: RiskPolicyV2;
+    readonly recommended: RiskPolicyV2;
+    readonly summary: string;
+};
+export declare function checkRecommendationExceedance(effective: {
+    readonly autonomy: AutonomyV2;
+    readonly riskPolicy: RiskPolicyV2;
+}, recommended: RecommendedPreferencesV2): readonly RecommendationWarning[];

package/dist/v2/durable-core/domain/recommendation-warnings.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkRecommendationExceedance = checkRecommendationExceedance;
+const AUTONOMY_ORDER = {
+    guided: 0,
+    full_auto_stop_on_user_deps: 1,
+    full_auto_never_stop: 2,
+};
+const RISK_POLICY_ORDER = {
+    conservative: 0,
+    balanced: 1,
+    aggressive: 2,
+};
+function checkRecommendationExceedance(effective, recommended) {
+    const warnings = [];
+    if (recommended.recommendedAutonomy !== undefined &&
+        AUTONOMY_ORDER[effective.autonomy] > AUTONOMY_ORDER[recommended.recommendedAutonomy]) {
+        warnings.push({
+            kind: 'autonomy_exceeds_recommendation',
+            effective: effective.autonomy,
+            recommended: recommended.recommendedAutonomy,
+            summary: `Effective autonomy '${effective.autonomy}' exceeds workflow recommendation '${recommended.recommendedAutonomy}'.`,
+        });
+    }
+    if (recommended.recommendedRiskPolicy !== undefined &&
+        RISK_POLICY_ORDER[effective.riskPolicy] > RISK_POLICY_ORDER[recommended.recommendedRiskPolicy]) {
+        warnings.push({
+            kind: 'risk_policy_exceeds_recommendation',
+            effective: effective.riskPolicy,
+            recommended: recommended.recommendedRiskPolicy,
+            summary: `Effective riskPolicy '${effective.riskPolicy}' exceeds workflow recommendation '${recommended.recommendedRiskPolicy}'.`,
+        });
+    }
+    return warnings;
+}

package/dist/v2/durable-core/domain/risk-policy-guardrails.d.ts

@@ -0,0 +1,15 @@
+import type { RiskPolicyV2 } from '../schemas/session/preferences.js';
+import type { ReasonV1 } from './reason-model.js';
+export type GuardrailOutcome = {
+    readonly disposition: 'block';
+    readonly reason: ReasonV1;
+} | {
+    readonly disposition: 'downgrade_to_warning';
+    readonly reason: ReasonV1;
+    readonly rationale: string;
+};
+export declare function applyGuardrail(policy: RiskPolicyV2, reason: ReasonV1): GuardrailOutcome;
+export declare function applyGuardrails(policy: RiskPolicyV2, reasons: readonly ReasonV1[]): {
+    readonly blocking: readonly ReasonV1[];
+    readonly downgraded: readonly GuardrailOutcome[];
+};

package/dist/v2/durable-core/domain/risk-policy-guardrails.js

@@ -0,0 +1,78 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.applyGuardrail = applyGuardrail;
+exports.applyGuardrails = applyGuardrails;
+function isNeverDowngradable(reason) {
+    switch (reason.kind) {
+        case 'missing_required_output':
+        case 'invalid_required_output':
+            return true;
+        case 'user_only_dependency':
+            return true;
+        case 'invariant_violation':
+        case 'storage_corruption_detected':
+        case 'evaluation_error':
+            return true;
+        case 'missing_context_key':
+        case 'context_budget_exceeded':
+            return true;
+        case 'required_capability_unknown':
+        case 'required_capability_unavailable':
+            return false;
+        default: {
+            const _exhaustive = reason;
+            return _exhaustive;
+        }
+    }
+}
+function applyGuardrail(policy, reason) {
+    if (isNeverDowngradable(reason)) {
+        return { disposition: 'block', reason };
+    }
+    switch (policy) {
+        case 'conservative':
+            return { disposition: 'block', reason };
+        case 'balanced':
+            if (reason.kind === 'required_capability_unknown') {
+                return {
+                    disposition: 'downgrade_to_warning',
+                    reason,
+                    rationale: `riskPolicy=balanced: capability '${reason.capability}' status unknown — proceeding with warning`,
+                };
+            }
+            return { disposition: 'block', reason };
+        case 'aggressive':
+            if (reason.kind === 'required_capability_unknown' || reason.kind === 'required_capability_unavailable') {
+                return {
+                    disposition: 'downgrade_to_warning',
+                    reason,
+                    rationale: `riskPolicy=aggressive: capability '${reason.capability}' issue downgraded to warning`,
+                };
+            }
+            return { disposition: 'block', reason };
+        default: {
+            const _exhaustive = policy;
+            return _exhaustive;
+        }
+    }
+}
+function applyGuardrails(policy, reasons) {
+    const blocking = [];
+    const downgraded = [];
+    for (const reason of reasons) {
+        const outcome = applyGuardrail(policy, reason);
+        switch (outcome.disposition) {
+            case 'block':
+                blocking.push(outcome.reason);
+                break;
+            case 'downgrade_to_warning':
+                downgraded.push(outcome);
+                break;
+            default: {
+                const _exhaustive = outcome;
+                return _exhaustive;
+            }
+        }
+    }
+    return { blocking, downgraded };
+}

package/dist/v2/durable-core/domain/validation-criteria-validator.d.ts

@@ -1,4 +1,5 @@
 import type { ValidationCriteria, ValidationResult } from '../../../types/validation.js';
+import type { OutputContract } from '../../../types/workflow-definition.js';
 import type { OutputRequirementStatus } from './blocking-decision.js';
 export declare const VALIDATION_CRITERIA_CONTRACT_REF: "wr.validationCriteria";
 export declare function getOutputRequirementStatusV1(args: {
@@ -6,3 +7,10 @@ export declare function getOutputRequirementStatusV1(args: {
     readonly notesMarkdown: string | undefined;
     readonly validation: ValidationResult | undefined;
 }): OutputRequirementStatus;
+export declare function getOutputRequirementStatusWithArtifactsV1(args: {
+    readonly outputContract: OutputContract | undefined;
+    readonly artifacts: readonly unknown[];
+    readonly validationCriteria: ValidationCriteria | undefined;
+    readonly notesMarkdown: string | undefined;
+    readonly validation: ValidationResult | undefined;
+}): OutputRequirementStatus;