@exaudeus/workrail 2.0.0 → 3.0.0

package/dist/v2/durable-core/schemas/export-bundle/index.d.ts

@@ -889,8 +889,8 @@ export declare const SessionContentsV1Schema: z.ZodObject<{
             }>;
         }, "strict", z.ZodTypeAny, {
             contractRef: string;
-            validationId: string;
             attemptId: string;
+            validationId: string;
             result: {
                 issues: readonly string[];
                 valid: boolean;
@@ -898,8 +898,8 @@ export declare const SessionContentsV1Schema: z.ZodObject<{
             };
         }, {
             contractRef: string;
-            validationId: string;
             attemptId: string;
+            validationId: string;
             result: {
                 issues: readonly string[];
                 valid: boolean;
@@ -911,8 +911,8 @@ export declare const SessionContentsV1Schema: z.ZodObject<{
         sessionId: string;
         data: {
             contractRef: string;
-            validationId: string;
             attemptId: string;
+            validationId: string;
             result: {
                 issues: readonly string[];
                 valid: boolean;
@@ -932,8 +932,8 @@ export declare const SessionContentsV1Schema: z.ZodObject<{
         sessionId: string;
         data: {
             contractRef: string;
-            validationId: string;
             attemptId: string;
+            validationId: string;
             result: {
                 issues: readonly string[];
                 valid: boolean;
@@ -4385,8 +4385,8 @@ export declare const SessionContentsV1Schema: z.ZodObject<{
         sessionId: string;
         data: {
             contractRef: string;
-            validationId: string;
             attemptId: string;
+            validationId: string;
             result: {
                 issues: readonly string[];
                 valid: boolean;
@@ -4897,8 +4897,8 @@ export declare const SessionContentsV1Schema: z.ZodObject<{
         sessionId: string;
         data: {
             contractRef: string;
-            validationId: string;
             attemptId: string;
+            validationId: string;
             result: {
                 issues: readonly string[];
                 valid: boolean;
@@ -6011,8 +6011,8 @@ export declare const ExportBundleV1Schema: z.ZodObject<{
                 }>;
             }, "strict", z.ZodTypeAny, {
                 contractRef: string;
-                validationId: string;
                 attemptId: string;
+                validationId: string;
                 result: {
                     issues: readonly string[];
                     valid: boolean;
@@ -6020,8 +6020,8 @@ export declare const ExportBundleV1Schema: z.ZodObject<{
                 };
             }, {
                 contractRef: string;
-                validationId: string;
                 attemptId: string;
+                validationId: string;
                 result: {
                     issues: readonly string[];
                     valid: boolean;
@@ -6033,8 +6033,8 @@ export declare const ExportBundleV1Schema: z.ZodObject<{
             sessionId: string;
             data: {
                 contractRef: string;
-                validationId: string;
                 attemptId: string;
+                validationId: string;
                 result: {
                     issues: readonly string[];
                     valid: boolean;
@@ -6054,8 +6054,8 @@ export declare const ExportBundleV1Schema: z.ZodObject<{
             sessionId: string;
             data: {
                 contractRef: string;
-                validationId: string;
                 attemptId: string;
+                validationId: string;
                 result: {
                     issues: readonly string[];
                     valid: boolean;
@@ -9507,8 +9507,8 @@ export declare const ExportBundleV1Schema: z.ZodObject<{
             sessionId: string;
             data: {
                 contractRef: string;
-                validationId: string;
                 attemptId: string;
+                validationId: string;
                 result: {
                     issues: readonly string[];
                     valid: boolean;
@@ -10019,8 +10019,8 @@ export declare const ExportBundleV1Schema: z.ZodObject<{
             sessionId: string;
             data: {
                 contractRef: string;
-                validationId: string;
                 attemptId: string;
+                validationId: string;
                 result: {
                     issues: readonly string[];
                     valid: boolean;
@@ -10560,8 +10560,8 @@ export declare const ExportBundleV1Schema: z.ZodObject<{
             sessionId: string;
             data: {
                 contractRef: string;
-                validationId: string;
                 attemptId: string;
+                validationId: string;
                 result: {
                     issues: readonly string[];
                     valid: boolean;
@@ -11089,8 +11089,8 @@ export declare const ExportBundleV1Schema: z.ZodObject<{
             sessionId: string;
             data: {
                 contractRef: string;
-                validationId: string;
                 attemptId: string;
+                validationId: string;
                 result: {
                     issues: readonly string[];
                     valid: boolean;

package/dist/v2/durable-core/schemas/session/events.d.ts

@@ -874,8 +874,8 @@ export declare const DomainEventV1Schema: z.ZodDiscriminatedUnion<"kind", [z.Zod
         }>;
     }, "strict", z.ZodTypeAny, {
         contractRef: string;
-        validationId: string;
         attemptId: string;
+        validationId: string;
         result: {
             issues: readonly string[];
             valid: boolean;
@@ -883,8 +883,8 @@ export declare const DomainEventV1Schema: z.ZodDiscriminatedUnion<"kind", [z.Zod
         };
     }, {
         contractRef: string;
-        validationId: string;
         attemptId: string;
+        validationId: string;
         result: {
             issues: readonly string[];
             valid: boolean;
@@ -896,8 +896,8 @@ export declare const DomainEventV1Schema: z.ZodDiscriminatedUnion<"kind", [z.Zod
     sessionId: string;
     data: {
         contractRef: string;
-        validationId: string;
         attemptId: string;
+        validationId: string;
         result: {
             issues: readonly string[];
             valid: boolean;
@@ -917,8 +917,8 @@ export declare const DomainEventV1Schema: z.ZodDiscriminatedUnion<"kind", [z.Zod
     sessionId: string;
     data: {
         contractRef: string;
-        validationId: string;
         attemptId: string;
+        validationId: string;
         result: {
             issues: readonly string[];
             valid: boolean;

package/dist/v2/durable-core/schemas/session/validation-event.d.ts

@@ -47,8 +47,8 @@ export declare const ValidationPerformedDataV1Schema: z.ZodObject<{
     }>;
 }, "strict", z.ZodTypeAny, {
     contractRef: string;
-    validationId: string;
     attemptId: string;
+    validationId: string;
     result: {
         issues: readonly string[];
         valid: boolean;
@@ -56,8 +56,8 @@ export declare const ValidationPerformedDataV1Schema: z.ZodObject<{
     };
 }, {
     contractRef: string;
-    validationId: string;
     attemptId: string;
+    validationId: string;
     result: {
         issues: readonly string[];
         valid: boolean;

package/dist/v2/durable-core/tokens/payloads.d.ts

@@ -17,24 +17,24 @@ export declare const StateTokenPayloadV1Schema: z.ZodObject<{
     sessionId: string & {
         readonly __brand: "v2.SessionId";
     };
+    tokenKind: "state";
     runId: string & {
         readonly __brand: "v2.RunId";
     };
     nodeId: string & {
         readonly __brand: "v2.NodeId";
     };
-    tokenVersion: 1;
-    tokenKind: "state";
     workflowHashRef: string & {
         readonly __brand: "v2.WorkflowHashRef";
     };
+    tokenVersion: 1;
 }, {
     sessionId: string;
+    tokenKind: "state";
     runId: string;
     nodeId: string;
-    tokenVersion: 1;
-    tokenKind: "state";
     workflowHashRef: string;
+    tokenVersion: 1;
 }>;
 export type StateTokenPayloadV1 = z.infer<typeof StateTokenPayloadV1Schema> & {
     readonly tokenVersion: TokenVersionV1;
@@ -55,24 +55,24 @@ export declare const AckTokenPayloadV1Schema: z.ZodObject<{
     sessionId: string & {
         readonly __brand: "v2.SessionId";
     };
-    attemptId: string & {
-        readonly __brand: "v2.AttemptId";
-    };
+    tokenKind: "ack";
     runId: string & {
         readonly __brand: "v2.RunId";
     };
     nodeId: string & {
         readonly __brand: "v2.NodeId";
     };
+    attemptId: string & {
+        readonly __brand: "v2.AttemptId";
+    };
     tokenVersion: 1;
-    tokenKind: "ack";
 }, {
     sessionId: string;
-    attemptId: string;
+    tokenKind: "ack";
     runId: string;
     nodeId: string;
+    attemptId: string;
     tokenVersion: 1;
-    tokenKind: "ack";
 }>;
 export type AckTokenPayloadV1 = z.infer<typeof AckTokenPayloadV1Schema> & {
     readonly tokenVersion: TokenVersionV1;
@@ -93,24 +93,24 @@ export declare const CheckpointTokenPayloadV1Schema: z.ZodObject<{
     sessionId: string & {
         readonly __brand: "v2.SessionId";
     };
-    attemptId: string & {
-        readonly __brand: "v2.AttemptId";
-    };
+    tokenKind: "checkpoint";
     runId: string & {
         readonly __brand: "v2.RunId";
     };
     nodeId: string & {
         readonly __brand: "v2.NodeId";
     };
+    attemptId: string & {
+        readonly __brand: "v2.AttemptId";
+    };
     tokenVersion: 1;
-    tokenKind: "checkpoint";
 }, {
     sessionId: string;
-    attemptId: string;
+    tokenKind: "checkpoint";
     runId: string;
     nodeId: string;
+    attemptId: string;
     tokenVersion: 1;
-    tokenKind: "checkpoint";
 }>;
 export type CheckpointTokenPayloadV1 = z.infer<typeof CheckpointTokenPayloadV1Schema> & {
     readonly tokenVersion: TokenVersionV1;
@@ -131,24 +131,24 @@ export declare const TokenPayloadV1Schema: z.ZodDiscriminatedUnion<"tokenKind",
     sessionId: string & {
         readonly __brand: "v2.SessionId";
     };
+    tokenKind: "state";
     runId: string & {
         readonly __brand: "v2.RunId";
     };
     nodeId: string & {
         readonly __brand: "v2.NodeId";
     };
-    tokenVersion: 1;
-    tokenKind: "state";
     workflowHashRef: string & {
         readonly __brand: "v2.WorkflowHashRef";
     };
+    tokenVersion: 1;
 }, {
     sessionId: string;
+    tokenKind: "state";
     runId: string;
     nodeId: string;
-    tokenVersion: 1;
-    tokenKind: "state";
     workflowHashRef: string;
+    tokenVersion: 1;
 }>, z.ZodObject<{
     tokenVersion: z.ZodLiteral<1>;
     tokenKind: z.ZodLiteral<"ack">;
@@ -160,24 +160,24 @@ export declare const TokenPayloadV1Schema: z.ZodDiscriminatedUnion<"tokenKind",
     sessionId: string & {
         readonly __brand: "v2.SessionId";
     };
-    attemptId: string & {
-        readonly __brand: "v2.AttemptId";
-    };
+    tokenKind: "ack";
     runId: string & {
         readonly __brand: "v2.RunId";
     };
     nodeId: string & {
         readonly __brand: "v2.NodeId";
     };
+    attemptId: string & {
+        readonly __brand: "v2.AttemptId";
+    };
     tokenVersion: 1;
-    tokenKind: "ack";
 }, {
     sessionId: string;
-    attemptId: string;
+    tokenKind: "ack";
     runId: string;
     nodeId: string;
+    attemptId: string;
     tokenVersion: 1;
-    tokenKind: "ack";
 }>, z.ZodObject<{
     tokenVersion: z.ZodLiteral<1>;
     tokenKind: z.ZodLiteral<"checkpoint">;
@@ -189,24 +189,24 @@ export declare const TokenPayloadV1Schema: z.ZodDiscriminatedUnion<"tokenKind",
     sessionId: string & {
         readonly __brand: "v2.SessionId";
     };
-    attemptId: string & {
-        readonly __brand: "v2.AttemptId";
-    };
+    tokenKind: "checkpoint";
     runId: string & {
         readonly __brand: "v2.RunId";
     };
     nodeId: string & {
         readonly __brand: "v2.NodeId";
     };
+    attemptId: string & {
+        readonly __brand: "v2.AttemptId";
+    };
     tokenVersion: 1;
-    tokenKind: "checkpoint";
 }, {
     sessionId: string;
-    attemptId: string;
+    tokenKind: "checkpoint";
     runId: string;
     nodeId: string;
+    attemptId: string;
     tokenVersion: 1;
-    tokenKind: "checkpoint";
 }>]>;
 export type TokenPayloadV1 = StateTokenPayloadV1 | AckTokenPayloadV1 | CheckpointTokenPayloadV1;
 export type TokenPrefixV1 = 'st' | 'ack' | 'chk';

package/dist/v2/durable-core/tokens/short-token.d.ts

@@ -0,0 +1,38 @@
+import type { Result } from 'neverthrow';
+import type { HmacSha256PortV2 } from '../../ports/hmac-sha256.port.js';
+import type { Base64UrlPortV2 } from '../../ports/base64url.port.js';
+import type { KeyringV1 } from '../../ports/keyring.port.js';
+export type ShortTokenKind = 'state' | 'ack' | 'checkpoint' | 'continue';
+export declare const SHORT_TOKEN_NONCE_BYTES = 12;
+export declare const SHORT_TOKEN_HMAC_BYTES = 6;
+export declare const SHORT_TOKEN_PAYLOAD_BYTES: number;
+export type ShortTokenError = {
+    readonly code: 'SHORT_TOKEN_UNKNOWN_PREFIX';
+    readonly raw: string;
+} | {
+    readonly code: 'SHORT_TOKEN_INVALID_LENGTH';
+    readonly expected: number;
+    readonly actual: number;
+} | {
+    readonly code: 'SHORT_TOKEN_INVALID_ENCODING';
+    readonly message: string;
+} | {
+    readonly code: 'SHORT_TOKEN_BAD_SIGNATURE';
+} | {
+    readonly code: 'SHORT_TOKEN_SIGNING_FAILED';
+    readonly message: string;
+};
+export interface ParsedShortToken {
+    readonly kind: ShortTokenKind;
+    readonly nonce: Uint8Array;
+    readonly hmac6: Uint8Array;
+    readonly nonceHex: string;
+}
+export declare function mintShortToken(kind: ShortTokenKind, nonce: Uint8Array, keyring: KeyringV1, hmac: HmacSha256PortV2, base64url: Base64UrlPortV2): Result<string, ShortTokenError>;
+export declare function parseShortToken(raw: string, base64url: Base64UrlPortV2): Result<ParsedShortToken, ShortTokenError>;
+export declare function verifyShortTokenHmac(parsed: ParsedShortToken, keyring: KeyringV1, hmac: HmacSha256PortV2, base64url: Base64UrlPortV2): Result<void, ShortTokenError>;
+export interface NativeParsedShortToken {
+    readonly kind: ShortTokenKind;
+    readonly nonceHex: string;
+}
+export declare function parseShortTokenNative(raw: string): NativeParsedShortToken | null;

package/dist/v2/durable-core/tokens/short-token.js

@@ -0,0 +1,126 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SHORT_TOKEN_PAYLOAD_BYTES = exports.SHORT_TOKEN_HMAC_BYTES = exports.SHORT_TOKEN_NONCE_BYTES = void 0;
+exports.mintShortToken = mintShortToken;
+exports.parseShortToken = parseShortToken;
+exports.verifyShortTokenHmac = verifyShortTokenHmac;
+exports.parseShortTokenNative = parseShortTokenNative;
+const neverthrow_1 = require("neverthrow");
+const KIND_PREFIXES = {
+    state: 'st_',
+    ack: 'ak_',
+    checkpoint: 'ck_',
+    continue: 'ct_',
+};
+const PREFIX_TO_KIND = {
+    'st_': 'state',
+    'ak_': 'ack',
+    'ck_': 'checkpoint',
+    'ct_': 'continue',
+};
+const KIND_BYTES = {
+    state: 0x01,
+    ack: 0x02,
+    checkpoint: 0x03,
+    continue: 0x04,
+};
+exports.SHORT_TOKEN_NONCE_BYTES = 12;
+exports.SHORT_TOKEN_HMAC_BYTES = 6;
+exports.SHORT_TOKEN_PAYLOAD_BYTES = exports.SHORT_TOKEN_NONCE_BYTES + exports.SHORT_TOKEN_HMAC_BYTES;
+function mintShortToken(kind, nonce, keyring, hmac, base64url) {
+    if (nonce.length !== exports.SHORT_TOKEN_NONCE_BYTES) {
+        return (0, neverthrow_1.err)({
+            code: 'SHORT_TOKEN_INVALID_LENGTH',
+            expected: exports.SHORT_TOKEN_NONCE_BYTES,
+            actual: nonce.length,
+        });
+    }
+    const keyResult = decodeKey(keyring.current.keyBase64Url, base64url);
+    if (keyResult.isErr())
+        return (0, neverthrow_1.err)(keyResult.error);
+    const key = keyResult.value;
+    const hmacInput = buildHmacInput(nonce, kind);
+    const hmacFull = hmac.hmacSha256(key, hmacInput);
+    const hmac6 = hmacFull.slice(0, exports.SHORT_TOKEN_HMAC_BYTES);
+    const payload = new Uint8Array(exports.SHORT_TOKEN_PAYLOAD_BYTES);
+    payload.set(nonce, 0);
+    payload.set(hmac6, exports.SHORT_TOKEN_NONCE_BYTES);
+    const encoded = base64url.encodeBase64Url(payload);
+    return (0, neverthrow_1.ok)(`${KIND_PREFIXES[kind]}${encoded}`);
+}
+function parseShortToken(raw, base64url) {
+    const prefix = raw.slice(0, 3);
+    const kind = PREFIX_TO_KIND[prefix];
+    if (!kind) {
+        return (0, neverthrow_1.err)({ code: 'SHORT_TOKEN_UNKNOWN_PREFIX', raw });
+    }
+    const encoded = raw.slice(3);
+    const decoded = base64url.decodeBase64Url(encoded);
+    if (decoded.isErr()) {
+        return (0, neverthrow_1.err)({ code: 'SHORT_TOKEN_INVALID_ENCODING', message: decoded.error.message });
+    }
+    const bytes = decoded.value;
+    if (bytes.length !== exports.SHORT_TOKEN_PAYLOAD_BYTES) {
+        return (0, neverthrow_1.err)({
+            code: 'SHORT_TOKEN_INVALID_LENGTH',
+            expected: exports.SHORT_TOKEN_PAYLOAD_BYTES,
+            actual: bytes.length,
+        });
+    }
+    const nonce = bytes.slice(0, exports.SHORT_TOKEN_NONCE_BYTES);
+    const hmac6 = bytes.slice(exports.SHORT_TOKEN_NONCE_BYTES);
+    const nonceHex = bufToHex(nonce);
+    return (0, neverthrow_1.ok)({ kind, nonce, hmac6, nonceHex });
+}
+function verifyShortTokenHmac(parsed, keyring, hmac, base64url) {
+    const hmacInput = buildHmacInput(parsed.nonce, parsed.kind);
+    if (checkHmac(parsed.hmac6, hmacInput, keyring.current.keyBase64Url, hmac, base64url)) {
+        return (0, neverthrow_1.ok)(undefined);
+    }
+    if (keyring.previous) {
+        if (checkHmac(parsed.hmac6, hmacInput, keyring.previous.keyBase64Url, hmac, base64url)) {
+            return (0, neverthrow_1.ok)(undefined);
+        }
+    }
+    return (0, neverthrow_1.err)({ code: 'SHORT_TOKEN_BAD_SIGNATURE' });
+}
+function buildHmacInput(nonce, kind) {
+    const input = new Uint8Array(exports.SHORT_TOKEN_NONCE_BYTES + 1);
+    input.set(nonce, 0);
+    input[exports.SHORT_TOKEN_NONCE_BYTES] = KIND_BYTES[kind];
+    return input;
+}
+function checkHmac(expected6, hmacInput, keyBase64Url, hmac, base64url) {
+    const keyResult = decodeKey(keyBase64Url, base64url);
+    if (keyResult.isErr())
+        return false;
+    const full = hmac.hmacSha256(keyResult.value, hmacInput);
+    const truncated = full.slice(0, exports.SHORT_TOKEN_HMAC_BYTES);
+    return hmac.timingSafeEqual(truncated, expected6);
+}
+function decodeKey(keyBase64Url, base64url) {
+    const r = base64url.decodeBase64Url(keyBase64Url);
+    if (r.isErr())
+        return (0, neverthrow_1.err)({ code: 'SHORT_TOKEN_SIGNING_FAILED', message: r.error.message });
+    return (0, neverthrow_1.ok)(r.value);
+}
+function bufToHex(bytes) {
+    return Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('');
+}
+function parseShortTokenNative(raw) {
+    const prefix = raw.slice(0, 3);
+    const kind = PREFIX_TO_KIND[prefix];
+    if (!kind)
+        return null;
+    const encoded = raw.slice(3);
+    try {
+        const bytes = Buffer.from(encoded, 'base64url');
+        if (bytes.length !== exports.SHORT_TOKEN_PAYLOAD_BYTES)
+            return null;
+        const nonceHex = Buffer.from(bytes.slice(0, exports.SHORT_TOKEN_NONCE_BYTES)).toString('hex');
+        return { kind, nonceHex };
+    }
+    catch {
+        return null;
+    }
+}

package/dist/v2/durable-core/tokens/token-patterns.d.ts

@@ -0,0 +1,4 @@
+export declare const STATE_TOKEN_PATTERN: RegExp;
+export declare const ACK_TOKEN_PATTERN: RegExp;
+export declare const CHECKPOINT_TOKEN_PATTERN: RegExp;
+export declare const CONTINUE_TOKEN_PATTERN: RegExp;

package/dist/v2/durable-core/tokens/token-patterns.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CONTINUE_TOKEN_PATTERN = exports.CHECKPOINT_TOKEN_PATTERN = exports.ACK_TOKEN_PATTERN = exports.STATE_TOKEN_PATTERN = void 0;
+const BECH32_CHARS = '[023456789acdefghjklmnpqrstuvwxyz]+';
+const BASE64URL_24 = '[A-Za-z0-9_-]{24}';
+exports.STATE_TOKEN_PATTERN = new RegExp(`^(st1${BECH32_CHARS}|st_${BASE64URL_24})$`);
+exports.ACK_TOKEN_PATTERN = new RegExp(`^(ack1${BECH32_CHARS}|ak_${BASE64URL_24})$`);
+exports.CHECKPOINT_TOKEN_PATTERN = new RegExp(`^(chk1${BECH32_CHARS}|ck_${BASE64URL_24})$`);
+exports.CONTINUE_TOKEN_PATTERN = new RegExp(`^ct_${BASE64URL_24}$`);

package/dist/v2/infra/in-memory/token-alias-store/index.d.ts

@@ -0,0 +1,11 @@
+import type { ResultAsync } from 'neverthrow';
+import type { TokenAliasStorePortV2, TokenAliasEntryV2, TokenAliasRegistrationError, TokenAliasLoadError } from '../../../ports/token-alias-store.port.js';
+import type { ShortTokenKind } from '../../../durable-core/tokens/short-token.js';
+export declare class InMemoryTokenAliasStoreV2 implements TokenAliasStorePortV2 {
+    private readonly index;
+    private readonly positionIndex;
+    register(entry: TokenAliasEntryV2): ResultAsync<void, TokenAliasRegistrationError>;
+    lookup(nonceHex: string): TokenAliasEntryV2 | null;
+    lookupByPosition(tokenKind: ShortTokenKind, sessionId: string, nodeId: string, attemptId?: string, aliasSlot?: 'retry'): TokenAliasEntryV2 | null;
+    loadIndex(): ResultAsync<void, TokenAliasLoadError>;
+}

package/dist/v2/infra/in-memory/token-alias-store/index.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryTokenAliasStoreV2 = void 0;
+const neverthrow_1 = require("neverthrow");
+function positionKey(tokenKind, sessionId, nodeId, attemptId, aliasSlot) {
+    return `${tokenKind}:${aliasSlot ?? ''}:${sessionId}:${nodeId}:${attemptId ?? ''}`;
+}
+class InMemoryTokenAliasStoreV2 {
+    constructor() {
+        this.index = new Map();
+        this.positionIndex = new Map();
+    }
+    register(entry) {
+        if (this.index.has(entry.nonceHex)) {
+            return (0, neverthrow_1.errAsync)({
+                code: 'ALIAS_DUPLICATE_NONCE',
+                nonceHex: entry.nonceHex,
+            });
+        }
+        this.index.set(entry.nonceHex, entry);
+        this.positionIndex.set(positionKey(entry.tokenKind, entry.sessionId, entry.nodeId, entry.attemptId, entry.aliasSlot), entry.nonceHex);
+        return (0, neverthrow_1.okAsync)(undefined);
+    }
+    lookup(nonceHex) {
+        return this.index.get(nonceHex) ?? null;
+    }
+    lookupByPosition(tokenKind, sessionId, nodeId, attemptId, aliasSlot) {
+        const key = positionKey(tokenKind, sessionId, nodeId, attemptId, aliasSlot);
+        const nonceHex = this.positionIndex.get(key);
+        if (!nonceHex)
+            return null;
+        return this.index.get(nonceHex) ?? null;
+    }
+    loadIndex() {
+        return (0, neverthrow_1.okAsync)(undefined);
+    }
+}
+exports.InMemoryTokenAliasStoreV2 = InMemoryTokenAliasStoreV2;

package/dist/v2/infra/local/data-dir/index.d.ts

@@ -16,4 +16,5 @@ export declare class LocalDataDirV2 implements DataDirPortV2 {
     sessionEventsDir(sessionId: SessionId): string;
     sessionManifestPath(sessionId: SessionId): string;
     sessionLockPath(sessionId: SessionId): string;
+    tokenIndexPath(): string;
 }

package/dist/v2/infra/local/data-dir/index.js

@@ -80,5 +80,8 @@ class LocalDataDirV2 {
     sessionLockPath(sessionId) {
         return path.join(this.sessionDir(sessionId), '.lock');
     }
+    tokenIndexPath() {
+        return path.join(this.keysDir(), 'token-index.jsonl');
+    }
 }
 exports.LocalDataDirV2 = LocalDataDirV2;

package/dist/v2/infra/local/token-alias-store/index.d.ts

@@ -0,0 +1,16 @@
+import type { ResultAsync } from 'neverthrow';
+import type { DataDirPortV2 } from '../../../ports/data-dir.port.js';
+import type { FileSystemPortV2 } from '../../../ports/fs.port.js';
+import type { TokenAliasStorePortV2, TokenAliasEntryV2, TokenAliasRegistrationError, TokenAliasLoadError } from '../../../ports/token-alias-store.port.js';
+import type { ShortTokenKind } from '../../../durable-core/tokens/short-token.js';
+export declare class LocalTokenAliasStoreV2 implements TokenAliasStorePortV2 {
+    private readonly dataDir;
+    private readonly fs;
+    private readonly index;
+    private readonly positionIndex;
+    constructor(dataDir: DataDirPortV2, fs: FileSystemPortV2);
+    register(entry: TokenAliasEntryV2): ResultAsync<void, TokenAliasRegistrationError>;
+    lookup(nonceHex: string): TokenAliasEntryV2 | null;
+    lookupByPosition(tokenKind: ShortTokenKind, sessionId: string, nodeId: string, attemptId?: string, aliasSlot?: 'retry'): TokenAliasEntryV2 | null;
+    loadIndex(): ResultAsync<void, TokenAliasLoadError>;
+}