@exaudeus/workrail 3.71.1 → 3.72.1

package/dist/trigger/trigger-router.js

@@ -36,16 +36,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.TriggerRouter = void 0;
 exports.interpolateGoalTemplate = interpolateGoalTemplate;
 const crypto = __importStar(require("node:crypto"));
-const fs = __importStar(require("node:fs/promises"));
-const path = __importStar(require("node:path"));
 const node_child_process_1 = require("node:child_process");
 const node_util_1 = require("node:util");
-const workflow_runner_js_1 = require("../daemon/workflow-runner.js");
 const assert_never_js_1 = require("../runtime/assert-never.js");
 const index_js_1 = require("../v2/infra/in-memory/keyed-async-queue/index.js");
 const delivery_client_js_1 = require("./delivery-client.js");
-const delivery_action_js_1 = require("./delivery-action.js");
+const delivery_pipeline_js_1 = require("./delivery-pipeline.js");
 const adaptive_pipeline_js_1 = require("../coordinators/adaptive-pipeline.js");
+const dispatch_deduplicator_js_1 = require("./dispatch-deduplicator.js");
 const execFileAsync = (0, node_util_1.promisify)(node_child_process_1.execFile);
 function interpolateGoalTemplate(template, staticGoal, payload, triggerId) {
     const TOKEN_RE = /\{\{([^}]+)\}\}/g;
@@ -123,68 +121,17 @@ function validateHmac(rawBody, secret, headerValue) {
 async function maybeRunDelivery(triggerId, trigger, result, execFn) {
     if (result._tag !== 'success')
         return;
-    if (trigger.autoCommit !== true) {
-        console.log(`[TriggerRouter] Delivery skipped: triggerId=${triggerId} -- autoCommit not set for this trigger.`);
-        return;
-    }
     if (result.lastStepNotes === undefined) {
-        console.warn(`[TriggerRouter] Delivery skipped: triggerId=${triggerId} -- ` +
-            `lastStepNotes is absent (agent did not provide notes on the final step). ` +
-            `Ensure the workflow produces a JSON handoff block in its final step notes.`);
+        if (trigger.autoCommit === true) {
+            console.warn(`[TriggerRouter] Delivery skipped: triggerId=${triggerId} -- ` +
+                `lastStepNotes is absent (agent did not provide notes on the final step). ` +
+                `Ensure the workflow produces a JSON handoff block in its final step notes.`);
+        }
         return;
     }
-    const parseResult = (0, delivery_action_js_1.parseHandoffArtifact)(result.lastStepNotes);
-    if (parseResult.kind === 'err') {
-        console.warn(`[TriggerRouter] Delivery skipped: triggerId=${triggerId} -- ` +
-            `handoff artifact not parseable: ${parseResult.error}. ` +
-            `Ensure the workflow's final step produces a JSON block with commitType, filesChanged, etc.`);
+    if (trigger.autoCommit !== true)
         return;
-    }
-    const deliveryCwd = result.sessionWorkspacePath ?? trigger.workspacePath;
-    const deliveryResult = await (0, delivery_action_js_1.runDelivery)(parseResult.value, deliveryCwd, {
-        autoCommit: trigger.autoCommit,
-        autoOpenPR: trigger.autoOpenPR,
-        secretScan: trigger.secretScan ?? true,
-        triggerId,
-        workflowId: trigger.workflowId,
-        ...(result.botIdentity !== undefined ? { botIdentity: result.botIdentity } : {}),
-        ...(trigger.branchStrategy === 'worktree' && result.sessionWorkspacePath
-            ? {
-                sessionId: result.sessionId ?? '',
-                branchPrefix: trigger.branchPrefix ?? 'worktrain/',
-            }
-            : {}),
-    }, execFn);
-    switch (deliveryResult._tag) {
-        case 'committed':
-            console.log(`[TriggerRouter] Delivery committed: triggerId=${triggerId} sha=${deliveryResult.sha}`);
-            break;
-        case 'pr_opened':
-            console.log(`[TriggerRouter] Delivery PR opened: triggerId=${triggerId} url=${deliveryResult.url}`);
-            break;
-        case 'skipped':
-            console.log(`[TriggerRouter] Delivery skipped: triggerId=${triggerId} reason=${deliveryResult.reason}`);
-            break;
-        case 'error':
-            console.warn(`[TriggerRouter] Delivery error: triggerId=${triggerId} phase=${deliveryResult.phase} ` +
-                `details=${deliveryResult.details}`);
-            break;
-    }
-    if (trigger.branchStrategy === 'worktree' && result.sessionWorkspacePath) {
-        try {
-            await execFn('git', ['-C', trigger.workspacePath, 'worktree', 'remove', '--force', result.sessionWorkspacePath], { cwd: trigger.workspacePath, timeout: 60000 });
-            console.log(`[TriggerRouter] Worktree removed: triggerId=${triggerId} path=${result.sessionWorkspacePath}`);
-        }
-        catch (err) {
-            console.warn(`[TriggerRouter] Could not remove worktree: triggerId=${triggerId} ` +
-                `path=${result.sessionWorkspacePath}: ${err instanceof Error ? err.message : String(err)}`);
-        }
-        if (result.sessionId !== undefined) {
-            await fs.unlink(path.join(workflow_runner_js_1.DAEMON_SESSIONS_DIR, `${result.sessionId}.json`)).catch(() => { });
-            await fs.unlink(path.join(workflow_runner_js_1.DAEMON_SESSIONS_DIR, `${result.sessionId}-conversation.jsonl`)).catch(() => { });
-            console.log(`[TriggerRouter] Session sidecar removed: triggerId=${triggerId} sessionId=${result.sessionId}`);
-        }
-    }
+    await (0, delivery_pipeline_js_1.runDeliveryPipeline)(delivery_pipeline_js_1.DEFAULT_DELIVERY_PIPELINE, result, trigger, execFn, triggerId);
 }
 class Semaphore {
     constructor(max) {
@@ -216,20 +163,19 @@ class Semaphore {
 }
 const DEFAULT_MAX_CONCURRENT_SESSIONS = 3;
 class TriggerRouter {
-    constructor(index, ctx, apiKey, runWorkflowFn, execFn, maxConcurrentSessions, emitter, notificationService, steerRegistry, abortRegistry, coordinatorDeps, modeExecutors) {
+    constructor(index, ctx, apiKey, runWorkflowFn, execFn, maxConcurrentSessions, emitter, notificationService, activeSessionSet, coordinatorDeps, modeExecutors, deduplicator) {
         this.index = index;
         this.ctx = ctx;
         this.apiKey = apiKey;
         this.runWorkflowFn = runWorkflowFn;
         this.queue = new index_js_1.KeyedAsyncQueue();
-        this._recentAdaptiveDispatches = new Map();
         this.execFn = execFn ?? execFileAsync;
         this.emitter = emitter;
         this.notificationService = notificationService;
-        this.steerRegistry = steerRegistry;
-        this.abortRegistry = abortRegistry;
+        this._activeSessionSet = activeSessionSet;
         this._coordinatorDeps = coordinatorDeps;
         this._modeExecutors = modeExecutors;
+        this._deduplicator = deduplicator ?? new dispatch_deduplicator_js_1.DispatchDeduplicator(TriggerRouter.ADAPTIVE_DEDUPE_TTL_MS);
         const requested = maxConcurrentSessions ?? DEFAULT_MAX_CONCURRENT_SESSIONS;
         const cap = Number.isNaN(requested) ? DEFAULT_MAX_CONCURRENT_SESSIONS : requested;
         if (cap < 1) {
@@ -324,18 +270,10 @@ class TriggerRouter {
         };
         {
             const dedupeKey = `${workflowTrigger.workflowId}::${workflowTrigger.goal}::${workflowTrigger.workspacePath}`;
-            const now = Date.now();
-            for (const [key, ts] of this._recentAdaptiveDispatches) {
-                if (now - ts >= TriggerRouter.ADAPTIVE_DEDUPE_TTL_MS) {
-                    this._recentAdaptiveDispatches.delete(key);
-                }
-            }
-            const lastDispatch = this._recentAdaptiveDispatches.get(dedupeKey);
-            if (lastDispatch !== undefined && now - lastDispatch < TriggerRouter.ADAPTIVE_DEDUPE_TTL_MS) {
+            if (this._deduplicator.checkAndRecord(dedupeKey)) {
                 console.log(`[TriggerRouter] Skipping duplicate route dispatch: workflowId=${workflowTrigger.workflowId} goal="${workflowTrigger.goal.slice(0, 60)}" (already dispatched within 30s)`);
                 return { _tag: 'enqueued', triggerId: trigger.id };
             }
-            this._recentAdaptiveDispatches.set(dedupeKey, now);
         }
         this.emitter?.emit({ kind: 'trigger_fired', triggerId: trigger.id, workflowId: trigger.workflowId });
         const queueKey = trigger.concurrencyMode === 'parallel'
@@ -351,7 +289,7 @@ class TriggerRouter {
             await this.semaphore.acquire();
             let result;
             try {
-                result = await this.runWorkflowFn(workflowTrigger, this.ctx, this.apiKey, undefined, this.emitter, this.steerRegistry, this.abortRegistry);
+                result = await this.runWorkflowFn(workflowTrigger, this.ctx, this.apiKey, undefined, this.emitter, this._activeSessionSet);
             }
             finally {
                 this.semaphore.release();
@@ -406,21 +344,13 @@ class TriggerRouter {
         });
         return { _tag: 'enqueued', triggerId: trigger.id };
     }
-    dispatch(workflowTrigger) {
-        if (workflowTrigger._preAllocatedStartResponse === undefined) {
+    dispatch(workflowTrigger, source) {
+        if (source?.kind !== 'pre_allocated') {
             const dedupeKey = `${workflowTrigger.workflowId}::${workflowTrigger.goal}::${workflowTrigger.workspacePath}`;
-            const now = Date.now();
-            for (const [key, ts] of this._recentAdaptiveDispatches) {
-                if (now - ts >= TriggerRouter.ADAPTIVE_DEDUPE_TTL_MS) {
-                    this._recentAdaptiveDispatches.delete(key);
-                }
-            }
-            const lastDispatch = this._recentAdaptiveDispatches.get(dedupeKey);
-            if (lastDispatch !== undefined && now - lastDispatch < TriggerRouter.ADAPTIVE_DEDUPE_TTL_MS) {
+            if (this._deduplicator.checkAndRecord(dedupeKey)) {
                 console.log(`[TriggerRouter] Skipping duplicate dispatch: workflowId=${workflowTrigger.workflowId} goal="${workflowTrigger.goal.slice(0, 60)}" (already dispatched within 30s)`);
                 return workflowTrigger.workflowId;
             }
-            this._recentAdaptiveDispatches.set(dedupeKey, now);
         }
         else {
             console.log(`[TriggerRouter] Pre-allocated session dispatched: workflowId=${workflowTrigger.workflowId} goal="${workflowTrigger.goal.slice(0, 60)}"`);
@@ -434,7 +364,7 @@ class TriggerRouter {
             await this.semaphore.acquire();
             let result;
             try {
-                result = await this.runWorkflowFn(workflowTrigger, this.ctx, this.apiKey, undefined, this.emitter, this.steerRegistry, this.abortRegistry);
+                result = await this.runWorkflowFn(workflowTrigger, this.ctx, this.apiKey, undefined, this.emitter, this._activeSessionSet, undefined, undefined, source);
             }
             finally {
                 this.semaphore.release();
@@ -485,14 +415,7 @@ class TriggerRouter {
             };
         }
         const dedupeKey = `${goal}::${workspace}`;
-        const now = Date.now();
-        for (const [key, ts] of this._recentAdaptiveDispatches) {
-            if (now - ts >= TriggerRouter.ADAPTIVE_DEDUPE_TTL_MS) {
-                this._recentAdaptiveDispatches.delete(key);
-            }
-        }
-        const lastDispatch = this._recentAdaptiveDispatches.get(dedupeKey);
-        if (lastDispatch !== undefined && now - lastDispatch < TriggerRouter.ADAPTIVE_DEDUPE_TTL_MS) {
+        if (this._deduplicator.checkAndRecord(dedupeKey)) {
             console.log(`[TriggerRouter] Skipping duplicate adaptive dispatch: goal="${goal.slice(0, 60)}" ` +
                 `(already dispatched within 30s)`);
             return {
@@ -503,7 +426,6 @@ class TriggerRouter {
                 },
             };
         }
-        this._recentAdaptiveDispatches.set(dedupeKey, now);
         const opts = {
             goal,
             workspace,

package/dist/v2/usecases/console-routes.js

@@ -646,8 +646,16 @@ function mountConsoleRoutes(app, consoleService, workflowService, timingRingBuff
         else {
             sessionHandle = workflowId;
         }
-        const trigger = { workflowId, goal, workspacePath, context, _preAllocatedStartResponse: startResponse };
-        void (0, workflow_runner_js_1.runWorkflow)(trigger, v2ToolContext, apiKey ?? '', undefined, undefined, undefined).then((result) => {
+        const trigger = { workflowId, goal, workspacePath, context };
+        const allocatedSession = {
+            continueToken: startResponse.continueToken ?? '',
+            checkpointToken: startResponse.checkpointToken,
+            firstStepPrompt: startResponse.pending?.prompt ?? '',
+            isComplete: startResponse.isComplete,
+            triggerSource: 'mcp',
+        };
+        const source = { kind: 'pre_allocated', trigger, session: allocatedSession };
+        void (0, workflow_runner_js_1.runWorkflow)(trigger, v2ToolContext, apiKey ?? '', undefined, undefined, undefined, undefined, undefined, source).then((result) => {
             if (result._tag === 'success') {
                 console.log(`[ConsoleRoutes] Auto dispatch completed: workflowId=${workflowId} stopReason=${result.stopReason}`);
             }

package/docs/ideas/backlog.md

@@ -74,6 +74,22 @@ Agent writes a complete handoff block (commitType, prTitle, prBody, filesChanged
 The autonomous workflow runner (`worktrain daemon`). Completely separate from the MCP server -- calls the engine directly in-process.
 
 
+### Daemon architecture: remaining migrations (Apr 29, 2026)
+
+**Status: partial** | A9 shipped Apr 29, 2026.
+
+Track A (A1-A9) shipped and the `SessionSource` migration is complete. `WorkflowTrigger._preAllocatedStartResponse` is gone.
+
+**Remaining items:**
+
+- `CriticalEffect<T>` / `ObservabilityEffect` type distinction -- categorize side effects in `runAgentLoop` and finalization as either crash-relevant or observability-only
+- `StateRef` mutation wrapper -- replace direct `state.pendingSteerParts.push()` mutations with an explicit mutation API
+- Zod tool param validation -- replace manual `typeof` checks in tool factories with Zod schema validation (requires `zodToJsonSchema` or maintaining two sources of truth for param schemas)
+- `createCoordinatorDeps` unit tests -- extraction in B3 improved testability; cover `spawnSession`, `awaitSessions`, `getAgentResult` at minimum
+- Wire `AllocatedSession.triggerSource` to the `run_started` event for session attribution (one-liner once the event schema field is added -- see "Session trigger source attribution" entry below)
+
+---
+
 ### `wr.refactoring` workflow (Apr 28, 2026)
 
 **Status: idea** | Priority: medium
@@ -103,59 +119,35 @@ The `wr.coding-task` workflow has too much overhead for pure refactors (design r
 
 ---
 
-### runWorkflow() functional core refactor -- Phase 2 (Apr 24, 2026)
+### runWorkflow() functional core refactor -- Phases 2-4 (Apr 24-29, 2026)
 
-**Status: done** | Shipped in PR #830 (Apr 29, 2026)
+**Status: done** | Phases 2-3 shipped Apr 29, 2026. Phase 4 (A1-A8) shipped Apr 29, 2026.
 
-Phase 1 landed in PR #818: extracted `tagToStatsOutcome`, `buildAgentClient`, `evaluateStuckSignals`, `SessionState`, and `finalizeSession`. Phase 2 landed in PR #830:
+Phase 1 (PR #818): `tagToStatsOutcome`, `buildAgentClient`, `evaluateStuckSignals`, `SessionState`, `finalizeSession`.
+Phase 2 (PR #830): `PreAgentSession`/`PreAgentSessionResult`, `buildPreAgentSession`, `constructTools`, `persistTokens` Result type, TDZ fix.
+Phase 3 (PRs #835, #837): `buildTurnEndSubscriber`, `buildAgentCallbacks`, `buildSessionResult`. runWorkflow() body: 539 → 308 lines.
 
-**What remains:**
+**Phase 4 (Track A, PRs #839-#861, Apr 29, 2026):**
+- A1: `runStartupRecovery` apiKey injected as parameter (removes process.env read)
+- A2: Turn-end collaborators extracted to `src/daemon/turn-end/` (`step-injector`, `detect-stuck`, `conversation-flusher`)
+- A3: `SessionScope` + `FileStateTracker` -- typed tool-layer contract, raw Map encapsulated (#843)
+- A4: All 11 tool factories extracted to `src/daemon/tools/` -- workflow-runner.ts -1,500 lines (#851)
+- A5: `ContextLoader` + `ContextBundle` -- two-phase context assembly, parallelized with pre-agent session setup (#855)
+- A6: `ActiveSessionSet` + `SessionHandle` -- replaces `SteerRegistry` + `AbortRegistry` dual Maps; closes TDZ hazard (#856)
+- A7: `buildAgentReadySession` + `runAgentLoop` extracted -- runWorkflow() body: 302 → 92 lines (#859)
+- A8: `SessionSource` discriminated union + `AllocatedSession` -- typed vocabulary for `_preAllocatedStartResponse` migration (#861)
+- A9: Full `SessionSource` migration -- `WorkflowTrigger._preAllocatedStartResponse` removed; all 4 call sites construct `SessionSource` directly; `runWorkflow()` accepts `source?: SessionSource` (#869)
 
-**Extract `buildSessionConfig(trigger, loadedCtx) -> SessionConfig`** -- a pure function that takes already-loaded context (soul content, workspace context string, session notes array -- all loaded by I/O before the call) and returns everything the agent loop needs: system prompt, tool list, session limits, model/client config. Currently this logic is scattered through the setup phase alongside the I/O calls that load the data.
+**Also shipped (Track B, PRs #846-#848):**
+- B1: `DispatchDeduplicator` -- compile-enforced dedup contract, replaces verbal MUST comment
+- B2: `DeliveryPipeline` + `DeliveryStage` -- staged delivery, preempts accretion in trigger-router.ts
+- B3: `createCoordinatorDeps` + `setDispatch` -- extracted from 900-line trigger-listener.ts; circular dep fixed
 
-```typescript
-interface SessionContext {
-  readonly systemPrompt: string;
-  readonly tools: readonly AgentTool[];
-  readonly sessionTimeoutMs: number;
-  readonly maxTurns: number;
-  readonly initialPrompt: string;
-  readonly agentCallbacks: AgentLoopCallbacks;
-}
+**Unit tests added (PRs #863-#865):** `DefaultFileStateTracker` (15), `DefaultContextLoader` (12), `ActiveSessionSet`/`SessionHandle` (11).
 
-function buildSessionContext(
-  trigger: WorkflowTrigger,
-  agentClient: AgentClientInterface,
-  modelId: string,
-  soulContent: string,           // already loaded by loadDaemonSoul()
-  workspaceContext: string | null, // already loaded by loadWorkspaceContext()
-  sessionNotes: readonly string[], // already loaded by loadSessionNotes()
-  state: SessionState,
-  // ... tool factories, schemas, etc.
-): SessionContext
-```
-
-The shell then does:
-1. All I/O in sequence: `loadDaemonSoul`, `loadWorkspaceContext`, `loadSessionNotes`, `git worktree add`, `executeStartWorkflow`, `parseContinueTokenOrFail`, `persistTokens`
-**What Phase 2 delivered (PR #830):**
-- `PreAgentSession` interface + `PreAgentSessionResult` discriminated union -- all early-exit paths type-enforced
-- `buildPreAgentSession()` -- all pre-agent I/O extracted; steer+daemon registries registered after all failing I/O (FM1 invariant)
-- `constructTools()` -- explicitly impure named function, `state` as explicit parameter
-- `persistTokens()` returns `Promise<Result<void, PersistTokensError>>` using `src/runtime/result.ts`
-- `sidecardLifecycleFor()` pure function with `assertNever` exhaustiveness
-- TDZ hazard fixed: `abortRegistry.set()` now registered after `const agent = new AgentLoop()`
+**Total workflow-runner.ts reduction: ~4,955 → ~2,800 lines (44%).**
 
-**Phase 3 (PRs #835, #837)** continued the refactor:
-- `buildTurnEndSubscriber()` extracted -- runWorkflow() body: 539 → 426 lines
-- Tool param validation at LLM boundary (8 tool factories)
-- `buildAgentCallbacks()` + `buildSessionResult()` pure functions -- body: 426 → 308 lines
-- Test flakiness fix: `settleFireAndForget()` + `retry: 2` in vitest config
-
-**Still deferred:**
-- `CriticalEffect<T>` / `ObservabilityEffect` type distinction
-- `StateRef` mutation wrapper
-- Zod tool param validation (replacing manual typeof checks -- requires zodToJsonSchema or two sources of truth)
-- `wr.refactoring` workflow (see backlog entry above)
+**Follow-on:** `wr.refactoring` workflow (see backlog entry above). Remaining items in "Daemon architecture: remaining migrations" entry below.
 
 ---
 
@@ -623,6 +615,29 @@ The stdio/HTTP MCP server that Claude Code (and other MCP clients) connect to. M
 
 ## Console
 
+### Task picker mode: browse and launch available work (Apr 29, 2026)
+
+**Status: idea** | Priority: high
+
+**Problem:** Once WorkTrain is configured (workspace set up, triggers.yml written, daemon running), there is still no easy way to say "run this workflow now" from the console. Dispatch requires knowing the API or writing a webhook. The console has a dispatch endpoint but no UI to drive it.
+
+**Vision:** A console panel that lists the triggers already configured in triggers.yml and lets the user click one to fire it immediately -- without leaving the browser, without touching the API, without writing YAML.
+
+**How it works:**
+1. Console calls `GET /api/v2/triggers` to list all triggers loaded by the daemon.
+2. User sees a list: trigger ID, workflow, goal, last-fired timestamp. Clicks "Run".
+3. Console POSTs to `/api/v2/auto/dispatch` (already implemented) with the trigger's workflowId + goal + workspace.
+4. New session appears in the session list immediately. User watches the DAG advance live.
+5. On completion: outcome, PR link (if opened), and step notes all visible in the same panel.
+
+**What this is not:** An onboarding wizard or zero-setup flow -- the daemon and environment must already be configured. This is a dispatch surface for *already-configured* users who want to trigger work without using the CLI or waiting for a webhook.
+
+**Why it matters:** Makes the console a control plane, not just a read-only viewer. The daemon gains a "run this now" button. Users get to watch the agent work in real time, which builds confidence before trusting it on unattended tasks.
+
+**Dependency:** `GET /api/v2/triggers` endpoint (returns the live trigger index -- may need to be added). `POST /api/v2/auto/dispatch` already exists. No new daemon work required.
+
+---
+
 ### Console interactivity and liveliness
 
 **Status: idea** | Priority: medium
@@ -733,6 +748,14 @@ A workflow that aggregates activity across git history, GitLab/GitHub MRs and re
 
 ## Platform Vision (longer-term)
 
+### Inspiration: openclaw (Apr 29, 2026)
+
+**Source:** https://github.com/openclaw/openclaw
+
+openclaw is worth studying deeply before building out the platform layer. Draw inspiration from it when designing: multi-agent orchestration patterns, coordinator architecture, context packaging for subagents, task queue and dispatch models, and the overall shape of an autonomous engineering platform. Review it before making architectural decisions on any of the Platform Vision items below.
+
+---
+
 ### Knowledge graph for agent context
 
 **Status: idea** | Priority: medium
@@ -1089,8 +1112,7 @@ WorkTrain is a persistent background daemon that initiates workflows autonomousl
 - Bot identity (`botIdentity`) and acting-as-user support
 - Dynamic model selection (`agentConfig.model`)
 - macOS notifications
-- SteerRegistry + mid-session injection
-- AbortRegistry + SIGTERM graceful shutdown
+- `ActiveSessionSet` + mid-session steer injection + SIGTERM graceful shutdown (replaces SteerRegistry + AbortRegistry)
 - `maxOutputTokens` per trigger, `maxQueueDepth` with HTTP 429
 - Crash recovery Phase B
 - `daemon-soul.md` / workspace context injection
@@ -1103,6 +1125,7 @@ WorkTrain is a persistent background daemon that initiates workflows autonomousl
 - Worktree orphan cleanup on delivery failure
 - runWorkflow() Phase 2 architecture (PR #830): `PreAgentSession`/`buildPreAgentSession`, `constructTools`, `persistTokens` Result type, `sidecardLifecycleFor` pure function, TDZ hazard fix for abort registry
 - runWorkflow() Phase 3 architecture (PRs #835, #837): `buildTurnEndSubscriber` (539→426 lines), tool param validation at LLM boundary (8 factories), `buildAgentCallbacks` + `buildSessionResult` pure functions (426→308 lines), test flakiness fix (settleFireAndForget + retry:2)
+- runWorkflow() Phase 4 / Track A+B architecture (PRs #839-#869, Apr 29, 2026): six-layer daemon decomposition -- `SessionScope`+`FileStateTracker`, tool extraction to `src/daemon/tools/`, `ContextLoader`+`ContextBundle`, `ActiveSessionSet`+`SessionHandle` (TDZ fix), `buildAgentReadySession`+`runAgentLoop`, `SessionSource`+`AllocatedSession`+full `_preAllocatedStartResponse` removal, `DispatchDeduplicator`, `DeliveryPipeline`, `createCoordinatorDeps`. workflow-runner.ts: 4,955 → 2,800 lines (44%). 38 new unit tests for new abstractions. `ActiveSessionSet` replaces `SteerRegistry`+`AbortRegistry`.
 
 ### WorkRail engine / MCP features
 
@@ -1165,3 +1188,14 @@ The agent is expensive, inconsistent, and slow. Scripts are free, deterministic,
 
 ---
 
+### Worktree and branch lifecycle management
+
+WorkTrain has no tooling to surface the state of worktrees and branches relative to main. Doing this manually today requires running git commands across every registered worktree, cross-referencing merged PR lists, and inspecting each branch's unique commits to determine if the work landed. Pain points observed in practice:
+
+- Worktrees persist after their branch's PR is squash-merged -- no signal that they are safe to delete
+- No inventory of which branches have genuinely unmerged work vs. fully superseded content
+- Abandoned in-progress branches have no attached context about why they were abandoned or what state they were in
+- Daemon-spawned worktrees under `~/.workrail/worktrees/` are opaque -- no indication of which session created them or whether cleanup is safe
+
+---
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@exaudeus/workrail",
-  "version": "3.71.1",
+  "version": "3.72.1",
   "description": "Step-by-step workflow enforcement for AI agents via MCP",
   "license": "MIT",
   "repository": {

package/workflows/wr.research.json

@@ -0,0 +1,158 @@
+{
+  "id": "wr.research",
+  "name": "General-Purpose Research",
+  "description": "General-purpose agentic research workflow for any topic — technology evaluation, design decisions, codebase exploration, markets, frameworks, architectural patterns. Produces a BLUF-headed Research Brief with ranked findings, falsified priors, and explicit what-was-not-verified boundaries. Two scale modes: quick (~20 min) and deep (~2 hr).",
+  "about": "Use `wr.research` when you have an open-ended question and want a structured, evidence-grounded answer rather than a summary dump. The workflow is built for the everyday research moment: you're considering adopting a framework, you need to understand a technology before a design review, you're trying to figure out who's doing the most interesting work in some space, or you need to inform a real decision. It is *not* the right tool for a competitor battlecard (use `wr.competitive-analysis` instead) or for a documented bug investigation (use `wr.bug-investigation`).\n\n**What you get out**: a Research Brief that opens with the answer in 3–5 sentences (BLUF), then ranked findings with confidence bands, the contradictions found between sources, the priors of yours and the agent's that were *falsified* during the run, an explicit 'what we still don't know' section, and recommended next steps tied to specific unanswered sub-questions. The brief earns its conclusions: every load-bearing claim is multi-source verified; single-source claims are confined to the body with explicit [unconfirmed] markers; training-time agent priors are inadmissible to the BLUF.\n\n**How to get good results**: be specific at intake. The workflow asks what you already believe — give it concrete claims, not vague impressions, because falsifiable priors are what produces the 'oh, that is not actually true' moments that distinguish insight from summary. Pick `decision` mode if you have a real choice to make and a deadline; pick `understanding` mode if you are building a mental model. Pick `quick` (~20 min) for a directional answer, `deep` (~2 hr) when you would otherwise spend a day reading. There is one human gate after planning where you approve or edit the Source Map and sub-question decomposition; everything after that runs unattended.\n\n**Mode budgets** (quick / deep): subagent fan-out cap 5/10; per-subagent token budget 8k/25k; total depth-serial token budget 30k/120k; iteration cap 1/2; brief word budget 800/2500; source map cap 5/8.",
+  "examples": [
+    "Should we adopt Kotlin Multiplatform for our shared business logic?",
+    "How do modern Android apps typically handle navigation state in 2026?",
+    "Decide between FSRS, SM-2, and Anki default scheduler for a vocabulary app",
+    "Survey current published work on agent memory architectures"
+  ],
+  "version": "1.0.0",
+  "validatedAgainstSpecVersion": 3,
+  "metricsProfile": "research",
+  "preconditions": [
+    "User can supply a research question they care about, including what they already believe, what good enough looks like, and if applicable the decision the research is meant to inform.",
+    "Environment has web_search, web_fetch, file read/write, and bash tools available.",
+    "Working directory is writable; the workflow creates ./research/<sessionId>/ for durable artifacts."
+  ],
+  "metaGuidance": [
+    "Notes-first durability: notesMarkdown and context variables are the durable execution truth. Disk artifacts under ./research/<sessionId>/ are rich content backing the notes.",
+    "The main agent owns every merge, every confidence promotion, every narrative decision, every word-budget cut, and every emission gate. Subagents produce raw outputs; they never produce canonical answers.",
+    "Parallelize only breadth-regime collection in Phase 3. All synthesis (merge, gap-analysis, brief-writing, dissent integration) is serial main-agent work.",
+    "Confidence laundering is the highest-stakes failure: a finding's confidence band cannot exceed the lowest-tier claim it depends on. prior:unverified claims are inadmissible to BLUF and ranked findings, period.",
+    "Hard word budget at Phase 8 enforces anti-completionism. The agent must cut, not expand, to fit. Empty 'What we do not know' sections fail the validation gate.",
+    "Adversarial review (Phase 7) must run as a separate Executor with artifacts-only context — no chain-of-thought sharing. Pass only file paths and an explicit 'do not infer prior reasoning' clause.",
+    "The collection-gap loop (Phases 3-5) runs at most iterationCap times (1 quick / 2 deep). Encode the cap as a context variable check: refuse the loop continuation when iterationCount >= iterationCap."
+  ],
+  "references": [
+    {
+      "id": "spec-bluf",
+      "title": "BLUF communication standard",
+      "source": "docs/reference/worktrain-daemon-invariants.md",
+      "purpose": "Reference for the brief's required opening structure: answer in 3-5 sentences, then evidence, then caveats.",
+      "authoritative": false
+    },
+    {
+      "id": "spec-authoring",
+      "title": "WorkRail authoring principles",
+      "source": "docs/authoring-v2.md",
+      "purpose": "Authoring rules for step prompts, output contracts, and loop control patterns used throughout this workflow.",
+      "authoritative": true
+    }
+  ],
+  "assessments": [
+    {
+      "id": "assessment-brief-quality",
+      "purpose": "Final Research Brief meets structural, confidence, and focus requirements before emission.",
+      "dimensions": [
+        {
+          "id": "structural_integrity",
+          "purpose": "All required sections present in canonical order, within size caps, with non-empty required sections.",
+          "levels": [
+            "low",
+            "high"
+          ]
+        },
+        {
+          "id": "confidence_integrity",
+          "purpose": "Every BLUF and ranked-finding claim is verified or inferred; no prior:unverified claims; confidence bands respect lowest-tier rule.",
+          "levels": [
+            "low",
+            "high"
+          ]
+        },
+        {
+          "id": "focus_integrity",
+          "purpose": "Brief stays within word budget, every claim ties to a sub-question, BLUF directly answers the intake question.",
+          "levels": [
+            "low",
+            "high"
+          ]
+        }
+      ]
+    }
+  ],
+  "steps": [
+    {
+      "id": "phase-0-intake",
+      "title": "Phase 0: Intake",
+      "prompt": "Capture exactly what the user wants to know, what they already believe, and what 'good enough' looks like. Seed the Priors Ledger to distinguish verified evidence from training-time memory.\n\nConstraints: Do not start any web_search or web_fetch. Treat your own training-time knowledge with suspicion -- anything you already know about the topic is a prior, not a fact, until you fetch it in-session.\n\nProcedure:\n1. Create ./research/<sessionId>/. If research-log.md already exists, this is a resume -- read the log, find the last completed phase marker, and skip ahead.\n2. Initialize research-log.md with: '# Research Log -- <sessionId> -- <ISO timestamp>'\n3. Present the user with this seven-field intake form (all required):\n   - Q1: Question (one sentence, no jargon)\n   - Q2: Mode (decision | understanding). If decision: also capture decision deadline and decision owner.\n   - Q3: What you already believe (free text; seeds the Priors Ledger)\n   - Q4: What 'good enough' looks like (e.g., 'I can confidently choose between A and B')\n   - Q5: Out-of-scope (explicit list)\n   - Q6: Source preferences or exclusions (optional)\n   - Q7: Run mode (quick | deep)\n4. Write intake.json.\n5. Initialize priors-ledger.json: extract atomic falsifiable claims from Q3 tagged `prior:unverified` source `user`. Then write your own atomic priors about the topic tagged `prior:unverified` source `agent`. Ask one focused follow-up if Q3 yields no atomic claims.\n6. Append '## Phase 0 complete' plus a one-line summary to research-log.md.\n\nOutput context keys: sessionId, workingDir, intakeQuestion, intakeMode (decision|understanding), mode (quick|deep), goodEnoughCriteria, outOfScope, priorsLedgerPath, intakeJsonPath, iterationCount (set to 0), iterationCap (1 if quick else 2).\n\nVerify: working directory and both JSON files exist; priors-ledger.json has at least one prior or an explicit 'no priors' note; research-log.md ends with Phase 0 marker."
+    },
+    {
+      "id": "phase-1-plan",
+      "title": "Phase 1: Plan, Source Map, and Dependency Matrix",
+      "prompt": "Produce three artifacts that commit the run to a specific shape before any collection happens.\n\nConstraints: Light web_search to map the source landscape is permitted, but do NOT begin substantive collection. The regime is determined by a mechanical rule, not judgment. Source Map: max 5 entries (quick) / 8 (deep). Sub-questions: 3-8 entries.\n\nProcedure:\n1. Source Map (source-map.md): enumerate source types most relevant to THIS specific question. One-line rationale per entry tied to this question. Include critic/contrarian sources proactively if the topic has hype.\n2. Sub-question decomposition (dependency-matrix.json): split the intake question into 3-8 sub-questions whose conjunction would answer it. For each, list IDs of other sub-questions it depends on.\n3. Regime decision (mechanical rule):\n   - All dependency lists empty -> regime = breadth (answers can be gathered in parallel)\n   - Any sub-question has dependencies -> regime = depth_serial (produce topological ordering)\n4. Plan (plan.md): per sub-question: planned subagent task, source-map entries to prioritize, stop rule (min 3 fetches AND 2 consecutive zero-novelty fetches OR token budget hit), token budget (8k quick / 25k deep per subagent).\n5. Append '## Phase 1 complete' plus regime and sub-question count to research-log.md.\n\nOutput context keys: sourceMapPath, dependencyMatrixPath, planPath, regime (breadth | depth_serial), subQuestionCount, subagentCap (5 quick / 10 deep), perSubagentTokenBudget (8000 quick / 25000 deep).\n\nVerify: Source Map respects mode cap; sub-question count 3-8; regime set by mechanical rule; all three files exist."
+    },
+    {
+      "id": "phase-2-confirm-plan",
+      "title": "Phase 2: Confirm plan with user (single human gate)",
+      "prompt": "Get user approval or edits on the Plan, Source Map, and Dependency Matrix before any collection tokens are spent. This is the workflow's only human gate.\n\nConstraints: Do not proceed without explicit user response. User edits to the Dependency Matrix can flip the regime; honor that. Show artifact content inline, not just file paths.\n\nProcedure:\n1. Present inline: the intake question, the Source Map, the sub-questions with dependencies and declared regime, and the per-sub-question Plan.\n2. Ask: 'Approve, edit, or abort?' with a one-sentence summary of each option.\n3. If edit: capture edits, revise artifacts on disk, present again. Repeat until approve or abort.\n4. If abort: append '## Phase 2: aborted by user' to research-log.md and end.\n5. If approve: append '## Phase 2 complete' to research-log.md.\n\nOutput context keys: planApproved (true/false), regime (possibly updated), aborted (true/false).\n\nVerify: User explicitly approved or aborted; if edits applied, artifacts on disk reflect them; if regime flipped, topological ordering updated.",
+      "requireConfirmation": true
+    },
+    {
+      "id": "collection-gap-loop",
+      "title": "Collection and gap-analysis loop (bounded)",
+      "type": "loop",
+      "loop": {
+        "type": "while",
+        "conditionSource": {
+          "kind": "artifact_contract",
+          "contractRef": "wr.contracts.loop_control",
+          "loopId": "research_collection_loop"
+        },
+        "maxIterations": 3
+      },
+      "body": [
+        {
+          "id": "phase-3-collection",
+          "title": "Phase 3: Collection (regime-dependent)",
+          "prompt": "Execute collection in the declared regime. Produce per-pass claim files under ./research/<sessionId>/claims/.\n\nConstraints: Each claim must include: text, source_url, source_type, confidence (single-source|inferred -- NEVER verified, that is Phase 4's job), answers_subquestion (ID), fetched_at (ISO timestamp). Per-pass token budgets are hard caps. Do not mix regimes within a pass.\n\nIf regime = breadth:\n1. Spawn N WorkRail Executors in parallel (N = min(subQuestionCount, subagentCap)).\n2. Each Executor receives: its sub-question, Source Map, relevant priors-ledger.json slice. Tools: web_search, web_fetch, file:read, bash.\n3. Each Executor: stop after min 3 fetches AND 2 consecutive zero-novelty fetches OR token budget (perSubagentTokenBudget) OR 5-minute wall-clock. Write exactly one file: claims/pass-<iterationCount+1>-sub-<subQuestionId>.json. NEVER tag `verified`. Do NOT modify other files or spawn subagents.\n4. Wait for all Executors.\n\nIf regime = depth_serial:\n1. Walk topological ordering of sub-questions.\n2. For each sub-question: fetch sources; you may revise earlier claims in this same pass.\n3. Stop per-sub-question: min 3 fetches AND 2 consecutive zero-novelty OR budget hit OR 5-minute wall-clock.\n4. Write claims/pass-<iterationCount+1>-step-<i>-<subQuestionId>.json.\n5. Total token budget: 30000 (quick) / 120000 (deep).\n\nBoth regimes: append '## Phase 3 complete (pass <iterationCount+1>)' plus one-line summary per Executor/step to research-log.md.\n\nOutput context keys: claimsThisPass (int), claimFilesThisPass (paths array).\n\nVerify: Every Executor/step produced exactly one claims file; no subagent tagged `verified`; budgets respected."
+        },
+        {
+          "id": "phase-4-merge",
+          "title": "Phase 4: Merge and corroborate",
+          "prompt": "Merge all claim files from Phase 3, apply the typed corroboration rule, and flag falsified priors. Main-agent only -- no delegation.\n\nCorroboration rule:\n- verified: >= 2 source URLs from distinct hostnames, not syndicated copies citing the same primary article.\n- single-source: 1 URL supports it.\n- inferred: derived across multiple fetched sources; record the derivation chain.\n\nPriors Ledger update:\n- prior:unverified contradicted by >= 1 verified or single-source claim -> tag falsified-pending-review.\n- prior:unverified corroborated by >= 1 verified claim -> tag corroborated.\n- Untouched priors remain prior:unverified and inadmissible to user-facing claims.\n\nProcedure:\n1. Read all claims/ files for current pass.\n2. Deduplicate by claim text + source URL.\n3. Apply corroboration rule to each unique claim.\n4. Cross-reference against priors-ledger.json; update tags.\n5. Write claims/merged-pass-<passNumber>.json.\n6. Update priors-ledger.json.\n7. Append '## Phase 4 complete (pass <passNumber>): <X> verified, <Y> single-source, <Z> inferred, <P> falsified-pending, <Q> corroborated' to research-log.md.\n\nOutput context keys: verifiedClaimCount, singleSourceClaimCount, inferredClaimCount, falsifiedPendingPriorCount, corroboratedPriorCount, mergedLedgerPath.\n\nVerify: merged-pass-<passNumber>.json exists with final confidence tags; no claim promoted to verified on a single source; priors-ledger.json updated."
+        },
+        {
+          "id": "phase-5-gap-analysis",
+          "title": "Phase 5: Gap analysis and loop decision",
+          "prompt": "Identify which sub-questions are resolved, partial, or open. Decide whether to iterate or proceed to synthesis. Emit a wr.loop_control artifact to control the loop.\n\nClassification:\n- resolved: >= 2 verified claims OR (1 verified claim AND no contradicting evidence)\n- partial: only single-source or inferred claims, OR verified claims that contradict each other unresolvedly\n- open: no claims or only prior:unverified speculation\n\nIteration is justified ONLY IF: at least one partial/open sub-question is on the critical path to the deliverable AND iterationCount < iterationCap AND named gap differs from lastGapName (no-progress detector).\n\nProcedure:\n1. Read merged-pass-<passNumber>.json and dependency-matrix.json.\n2. Classify each sub-question. Write gap-analysis.md with three sections.\n3. Determine loop decision:\n   - If iterationCount >= iterationCap: decision = stop.\n   - If all resolved OR no critical-path gap: decision = stop.\n   - If named gap = lastGapName: decision = stop (no-progress).\n   - Else: decision = continue. Name the single highest-priority gap; update Plan with focused sub-question; increment iterationCount; set lastGapName.\n4. Append '## Phase 5 complete (pass <passNumber>): <decision>' to research-log.md.\n5. Emit the wr.loop_control artifact in complete_step artifacts: { kind: 'wr.loop_control', decision: <'continue'|'stop'> }\n\nOutput context keys: iterationCount (incremented if continuing), lastGapName, focusedSubQuestion (if continuing).\n\nVerify: Every sub-question classified; iteration decision respects cap and no-progress detector; wr.loop_control artifact emitted.",
+          "outputContract": {
+            "contractRef": "wr.contracts.loop_control"
+          }
+        }
+      ]
+    },
+    {
+      "id": "phase-6-synthesis",
+      "title": "Phase 6: Synthesis — structured findings before any prose",
+      "prompt": "Produce, in strict order, the structured contents of the Research Brief before any narrative prose. This discipline is what produces insight rather than summary.\n\nConstraints:\n- Restate the intake question verbatim at the top. Do not drift the question.\n- Structured sections first, prose last -- a summary cannot be produced from these artifacts, only synthesis can.\n- BLUF and ranked findings: only verified or inferred (with shown derivation) claims. prior:unverified inadmissible. single-source admissible in body only with [unconfirmed] marker.\n- Finding confidence band cannot exceed lowest-tier load-bearing claim.\n- Word budget: 800 (quick) / 2500 (deep) excluding appendices. Cut to fit.\n- Caps: <= 5 ranked findings, <= 3 recommended next steps.\n- 'What we do not know' must be non-empty and specific.\n\nProcedure:\n1. Restate intake question verbatim.\n2. Produce in exact order before any prose:\n   a. Ranked findings (<= 5): confidence band H|M|L|U, strongest evidence for (cite), strongest evidence against (cite or 'no significant counter-evidence found').\n   b. Contradictions: source pairs that disagree, both citations, one-line resolution or 'unresolved'.\n   c. Falsified priors: every priors-ledger entry tagged falsified-pending-review, with the overturning claim. Promote to 'falsified' here.\n   d. What we now know / What we still do not know: partition from Phase 5 sub-question statuses.\n   e. Implications for the requestor's decision/goal: from intakeMode and goodEnoughCriteria.\n   f. Recommended next steps (<= 3): each tied to a specific remaining unknown with estimated cost.\n3. Write BLUF (3-5 sentences answering the question directly). Then weave (a)-(f) into body prose. Stay under word budget.\n4. Save draft as brief.md.\n5. Append '## Phase 6 complete: <wordCount> words' to research-log.md.\n\nOutput context keys: briefPath, draftWordCount, rankedFindingsCount, falsifiedPriorCount, contradictionsCount.\n\nVerify: Intake question restated verbatim; structured sections exist before prose; no prior:unverified in BLUF or ranked findings; 'What we do not know' non-empty and specific; word count at or under budget."
+    },
+    {
+      "id": "phase-7-adversarial-review",
+      "title": "Phase 7: Adversarial review — isolated Executor, artifacts only",
+      "prompt": "Spawn a separate WorkRail Executor with artifacts-only context to produce the strongest argument that the BLUF and ranked-finding #1 are wrong. Structural isolation is the whole point.\n\nConstraints:\n- Executor receives ONLY: brief.md, claims/, priors-ledger.json, source-map.md file paths. NOT notesMarkdown from Phase 6, NOT any in-context narrative.\n- Executor has NO web tools. Its job is to challenge the existing evidence base, not extend it.\n- Executor writes only dissent.md.\n- 'Looks good' is not acceptable output.\n\nProcedure:\n1. Spawn one WorkRail Executor with file paths to brief.md, claims/ directory, priors-ledger.json, source-map.md. Tools: file:read only.\n2. Executor prompt (verbatim contract to include): 'Read brief.md, claims/, priors-ledger.json, and source-map.md. Produce the strongest written argument that the BLUF and ranked-finding #1 are wrong, using ONLY the evidence in these artifacts. If you cannot mount such an argument, identify the single weakest claim and explain in detail why -- citing evidence gaps, single-source dependencies, or unresolved contradictions. No significant dissent is acceptable ONLY IF you explicitly state the brief is unfalsifiable with available evidence and name what would change that. Write to dissent.md.'\n3. Wait for Executor. Read dissent.md.\n4. Append '## Phase 7 complete: dissent type = <substantive|weakest-claim|unfalsifiable>' to research-log.md.\n\nOutput context keys: dissentPath, dissentType (substantive|weakest-claim|unfalsifiable), dissentIdentifiesLoadBearingError (boolean).\n\nVerify: dissent.md exists and is non-trivial; Executor had file paths only; Executor had no web tools."
+    },
+    {
+      "id": "phase-8-finalize",
+      "title": "Phase 8: Finalize, integrate dissent, validate, emit",
+      "prompt": "Integrate dissent into the brief, add the premortem, run the three-dimension validation gate, and emit the final brief.\n\nDissent integration:\n- If dissentIdentifiesLoadBearingError: revise brief to address it.\n- If dissent is legitimate weaker case: append verbatim under 'Dissent' section.\n- If unfalsifiable disclosure: include as 'No significant dissent reached threshold; reviewer noted: <quote>'.\n\nAdd premortem paragraph: 'If this brief turns out to be wrong six months from now, the most likely reason is ___'.\n\nAssemble final brief in canonical order: BLUF -> Ranked findings -> Contradictions -> Falsified priors -> What we know/do not know -> Implications -> Recommended next steps -> Dissent -> Premortem -> Evidence base [1]... -> Appendix A (Priors Ledger) -> Appendix B (Source Map) -> Appendix C (Dependency Matrix) -> Appendix D (Gap analysis log).\n\nRun validation gate (assessmentRefs: assessment-brief-quality). For each failed dimension:\n- structural_integrity low: fix section order, caps, or missing required sections (max 2 revise attempts).\n- confidence_integrity low: remove prior:unverified claims from BLUF/findings or add missing confidence bands (max 1 revise attempt).\n- focus_integrity low: cut to word budget, remove orphan claims, or fix question drift (max 1 revise attempt).\nAfter revise caps: set validationGateResult = fail and surface to user with named failed dimension.\n\nIf all pass: append '## Phase 8 complete: RESEARCH COMPLETE -- brief.md emitted' to research-log.md. Present the brief to the user.\n\nOutput context keys: validationGateResult (pass|fail), finalWordCount, finalBriefPath.\n\nVerify: Sections in canonical order; validation passed or failure named; premortem present; word count at or under budget; 'What we do not know' non-empty; no prior:unverified in BLUF or ranked findings.",
+      "assessmentRefs": [
+        "assessment-brief-quality"
+      ],
+      "assessmentConsequences": [
+        {
+          "when": {
+            "anyEqualsLevel": "low"
+          },
+          "effect": {
+            "kind": "require_followup",
+            "guidance": "structural_integrity low: fix section order, caps, or missing required sections (BLUF 3-5 sentences, findings <=5, next-steps <=3, What-we-do-not-know non-empty, Dissent present, Premortem present). confidence_integrity low: remove prior:unverified claims from BLUF and ranked findings; ensure all findings have confidence bands; check no finding band exceeds its lowest-tier supporting claim. focus_integrity low: cut prose to word budget (800 quick / 2500 deep excluding appendices); tie all body claims to ..."
+          }
+        }
+      ]
+    }
+  ]
+}