@graphorin/server 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (204) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/LICENSE +21 -0
  3. package/README.md +116 -0
  4. package/dist/app.d.ts +174 -0
  5. package/dist/app.d.ts.map +1 -0
  6. package/dist/app.js +684 -0
  7. package/dist/app.js.map +1 -0
  8. package/dist/commentary/audit-bridge.d.ts +57 -0
  9. package/dist/commentary/audit-bridge.d.ts.map +1 -0
  10. package/dist/commentary/audit-bridge.js +92 -0
  11. package/dist/commentary/audit-bridge.js.map +1 -0
  12. package/dist/commentary/built-in-patterns.d.ts +24 -0
  13. package/dist/commentary/built-in-patterns.d.ts.map +1 -0
  14. package/dist/commentary/built-in-patterns.js +62 -0
  15. package/dist/commentary/built-in-patterns.js.map +1 -0
  16. package/dist/commentary/index.d.ts +5 -0
  17. package/dist/commentary/index.js +5 -0
  18. package/dist/commentary/sanitizer.d.ts +37 -0
  19. package/dist/commentary/sanitizer.d.ts.map +1 -0
  20. package/dist/commentary/sanitizer.js +182 -0
  21. package/dist/commentary/sanitizer.js.map +1 -0
  22. package/dist/commentary/types.d.ts +120 -0
  23. package/dist/commentary/types.d.ts.map +1 -0
  24. package/dist/config.d.ts +760 -0
  25. package/dist/config.d.ts.map +1 -0
  26. package/dist/config.js +217 -0
  27. package/dist/config.js.map +1 -0
  28. package/dist/consolidator/daemon.d.ts +88 -0
  29. package/dist/consolidator/daemon.d.ts.map +1 -0
  30. package/dist/consolidator/daemon.js +54 -0
  31. package/dist/consolidator/daemon.js.map +1 -0
  32. package/dist/consolidator/index.d.ts +2 -0
  33. package/dist/consolidator/index.js +3 -0
  34. package/dist/errors/index.d.ts +104 -0
  35. package/dist/errors/index.d.ts.map +1 -0
  36. package/dist/errors/index.js +131 -0
  37. package/dist/errors/index.js.map +1 -0
  38. package/dist/health/checks.d.ts +120 -0
  39. package/dist/health/checks.d.ts.map +1 -0
  40. package/dist/health/checks.js +127 -0
  41. package/dist/health/checks.js.map +1 -0
  42. package/dist/health/index.d.ts +3 -0
  43. package/dist/health/index.js +4 -0
  44. package/dist/health/routes.d.ts +66 -0
  45. package/dist/health/routes.d.ts.map +1 -0
  46. package/dist/health/routes.js +96 -0
  47. package/dist/health/routes.js.map +1 -0
  48. package/dist/index.d.ts +88 -0
  49. package/dist/index.d.ts.map +1 -0
  50. package/dist/index.js +86 -0
  51. package/dist/index.js.map +1 -0
  52. package/dist/internal/context.d.ts +66 -0
  53. package/dist/internal/context.d.ts.map +1 -0
  54. package/dist/internal/ids.js +21 -0
  55. package/dist/internal/ids.js.map +1 -0
  56. package/dist/internal/json.js +46 -0
  57. package/dist/internal/json.js.map +1 -0
  58. package/dist/lifecycle/hooks.d.ts +57 -0
  59. package/dist/lifecycle/hooks.d.ts.map +1 -0
  60. package/dist/lifecycle/index.d.ts +2 -0
  61. package/dist/lifecycle/index.js +3 -0
  62. package/dist/lifecycle/pre-bind.d.ts +38 -0
  63. package/dist/lifecycle/pre-bind.d.ts.map +1 -0
  64. package/dist/lifecycle/pre-bind.js +62 -0
  65. package/dist/lifecycle/pre-bind.js.map +1 -0
  66. package/dist/metrics/catalog.d.ts +34 -0
  67. package/dist/metrics/catalog.d.ts.map +1 -0
  68. package/dist/metrics/catalog.js +61 -0
  69. package/dist/metrics/catalog.js.map +1 -0
  70. package/dist/metrics/index.d.ts +3 -0
  71. package/dist/metrics/index.js +4 -0
  72. package/dist/metrics/registry.d.ts +63 -0
  73. package/dist/metrics/registry.d.ts.map +1 -0
  74. package/dist/metrics/registry.js +222 -0
  75. package/dist/metrics/registry.js.map +1 -0
  76. package/dist/middleware/audit.d.ts +47 -0
  77. package/dist/middleware/audit.d.ts.map +1 -0
  78. package/dist/middleware/audit.js +71 -0
  79. package/dist/middleware/audit.js.map +1 -0
  80. package/dist/middleware/auth.d.ts +50 -0
  81. package/dist/middleware/auth.d.ts.map +1 -0
  82. package/dist/middleware/auth.js +164 -0
  83. package/dist/middleware/auth.js.map +1 -0
  84. package/dist/middleware/cors.d.ts +15 -0
  85. package/dist/middleware/cors.d.ts.map +1 -0
  86. package/dist/middleware/cors.js +45 -0
  87. package/dist/middleware/cors.js.map +1 -0
  88. package/dist/middleware/csrf.d.ts +15 -0
  89. package/dist/middleware/csrf.d.ts.map +1 -0
  90. package/dist/middleware/csrf.js +77 -0
  91. package/dist/middleware/csrf.js.map +1 -0
  92. package/dist/middleware/idempotency.d.ts +41 -0
  93. package/dist/middleware/idempotency.d.ts.map +1 -0
  94. package/dist/middleware/idempotency.js +198 -0
  95. package/dist/middleware/idempotency.js.map +1 -0
  96. package/dist/middleware/index.d.ts +9 -0
  97. package/dist/middleware/index.js +10 -0
  98. package/dist/middleware/rate-limit.d.ts +17 -0
  99. package/dist/middleware/rate-limit.d.ts.map +1 -0
  100. package/dist/middleware/rate-limit.js +47 -0
  101. package/dist/middleware/rate-limit.js.map +1 -0
  102. package/dist/middleware/request-state.d.ts +27 -0
  103. package/dist/middleware/request-state.d.ts.map +1 -0
  104. package/dist/middleware/request-state.js +42 -0
  105. package/dist/middleware/request-state.js.map +1 -0
  106. package/dist/middleware/scope.d.ts +24 -0
  107. package/dist/middleware/scope.d.ts.map +1 -0
  108. package/dist/middleware/scope.js +50 -0
  109. package/dist/middleware/scope.js.map +1 -0
  110. package/dist/registry/index.d.ts +135 -0
  111. package/dist/registry/index.d.ts.map +1 -0
  112. package/dist/registry/index.js +96 -0
  113. package/dist/registry/index.js.map +1 -0
  114. package/dist/replay/index.d.ts +2 -0
  115. package/dist/replay/index.js +3 -0
  116. package/dist/replay/routes.d.ts +46 -0
  117. package/dist/replay/routes.d.ts.map +1 -0
  118. package/dist/replay/routes.js +189 -0
  119. package/dist/replay/routes.js.map +1 -0
  120. package/dist/routes/agents.d.ts +41 -0
  121. package/dist/routes/agents.d.ts.map +1 -0
  122. package/dist/routes/agents.js +213 -0
  123. package/dist/routes/agents.js.map +1 -0
  124. package/dist/routes/audit.d.ts +57 -0
  125. package/dist/routes/audit.d.ts.map +1 -0
  126. package/dist/routes/audit.js +116 -0
  127. package/dist/routes/audit.js.map +1 -0
  128. package/dist/routes/auth.d.ts +26 -0
  129. package/dist/routes/auth.d.ts.map +1 -0
  130. package/dist/routes/auth.js +54 -0
  131. package/dist/routes/auth.js.map +1 -0
  132. package/dist/routes/health.d.ts +22 -0
  133. package/dist/routes/health.d.ts.map +1 -0
  134. package/dist/routes/health.js +33 -0
  135. package/dist/routes/health.js.map +1 -0
  136. package/dist/routes/index.d.ts +10 -0
  137. package/dist/routes/index.js +12 -0
  138. package/dist/routes/mcp.d.ts +32 -0
  139. package/dist/routes/mcp.d.ts.map +1 -0
  140. package/dist/routes/mcp.js +61 -0
  141. package/dist/routes/mcp.js.map +1 -0
  142. package/dist/routes/memory.d.ts +141 -0
  143. package/dist/routes/memory.d.ts.map +1 -0
  144. package/dist/routes/memory.js +102 -0
  145. package/dist/routes/memory.js.map +1 -0
  146. package/dist/routes/sessions.d.ts +54 -0
  147. package/dist/routes/sessions.d.ts.map +1 -0
  148. package/dist/routes/sessions.js +135 -0
  149. package/dist/routes/sessions.js.map +1 -0
  150. package/dist/routes/skills.d.ts +34 -0
  151. package/dist/routes/skills.d.ts.map +1 -0
  152. package/dist/routes/skills.js +54 -0
  153. package/dist/routes/skills.js.map +1 -0
  154. package/dist/routes/tokens.d.ts +25 -0
  155. package/dist/routes/tokens.d.ts.map +1 -0
  156. package/dist/routes/tokens.js +87 -0
  157. package/dist/routes/tokens.js.map +1 -0
  158. package/dist/routes/workflows.d.ts +27 -0
  159. package/dist/routes/workflows.d.ts.map +1 -0
  160. package/dist/routes/workflows.js +220 -0
  161. package/dist/routes/workflows.js.map +1 -0
  162. package/dist/runtime/run-state.d.ts +158 -0
  163. package/dist/runtime/run-state.d.ts.map +1 -0
  164. package/dist/runtime/run-state.js +182 -0
  165. package/dist/runtime/run-state.js.map +1 -0
  166. package/dist/sse/events.d.ts +44 -0
  167. package/dist/sse/events.d.ts.map +1 -0
  168. package/dist/sse/events.js +200 -0
  169. package/dist/sse/events.js.map +1 -0
  170. package/dist/sse/index.d.ts +2 -0
  171. package/dist/sse/index.js +3 -0
  172. package/dist/triggers/daemon.d.ts +74 -0
  173. package/dist/triggers/daemon.d.ts.map +1 -0
  174. package/dist/triggers/daemon.js +114 -0
  175. package/dist/triggers/daemon.js.map +1 -0
  176. package/dist/triggers/index.d.ts +3 -0
  177. package/dist/triggers/index.js +4 -0
  178. package/dist/triggers/routes.d.ts +21 -0
  179. package/dist/triggers/routes.d.ts.map +1 -0
  180. package/dist/triggers/routes.js +117 -0
  181. package/dist/triggers/routes.js.map +1 -0
  182. package/dist/ws/dispatcher.d.ts +169 -0
  183. package/dist/ws/dispatcher.d.ts.map +1 -0
  184. package/dist/ws/dispatcher.js +303 -0
  185. package/dist/ws/dispatcher.js.map +1 -0
  186. package/dist/ws/index.d.ts +6 -0
  187. package/dist/ws/index.js +7 -0
  188. package/dist/ws/replay-buffer.d.ts +47 -0
  189. package/dist/ws/replay-buffer.d.ts.map +1 -0
  190. package/dist/ws/replay-buffer.js +88 -0
  191. package/dist/ws/replay-buffer.js.map +1 -0
  192. package/dist/ws/subjects.d.ts +71 -0
  193. package/dist/ws/subjects.d.ts.map +1 -0
  194. package/dist/ws/subjects.js +112 -0
  195. package/dist/ws/subjects.js.map +1 -0
  196. package/dist/ws/ticket.d.ts +74 -0
  197. package/dist/ws/ticket.d.ts.map +1 -0
  198. package/dist/ws/ticket.js +112 -0
  199. package/dist/ws/ticket.js.map +1 -0
  200. package/dist/ws/upgrade.d.ts +63 -0
  201. package/dist/ws/upgrade.d.ts.map +1 -0
  202. package/dist/ws/upgrade.js +324 -0
  203. package/dist/ws/upgrade.js.map +1 -0
  204. package/package.json +156 -0
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.d.ts","names":[],"sources":["../src/config.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;AA0WA;;;KA9UY,eAAA;;;;;;;KAQA,aAAA;;KAGA,yBAAA;;KAGA,8BAAA;;UAGK,gBAAA;;;;;;6BAMY;;6BAEA;6BACA;;;;;;;4BAOD;;;;;;;;;2BASD;;;;;;;;;;;;;;;;;;;;;;;yBAuBF;gCACO;;;;;;;;;;;;;;;;+BAgBD;;;;;;6BAMF;;;;qBAIR;;;;;yBAKI;;gCAEO;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA2OnB,oBAAkB,CAAA,CAAA,WAAA,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAAA,YAAA,EAAA,MAAA;IAAA,CAAA,EAAA;MAAA,OAAA,CAAA,EAAA,OAAA,GAAA,SAAA;MAqBnB,UAAA,CAAA,EAAiB,KAAA,GAAA,MAAkB,GAAA,SAAA,GAAA,SAAR;MAUvB,UAAY,CAAA,EAAA,MAAQ,GAAA,SAAA;MAWpB,oBAAiB,CAAA,EAAkB,OAAA,GAAA,SAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KArBvD,iBAAA,GAAoB,CAAA,CAAE,aAAa;;;;;;;;;iBAU/B,YAAA,QAAoB,oBAAoB;;;;;;;;iBAWxC,iBAAA,kBAAmC"}
package/dist/config.js ADDED
@@ -0,0 +1,217 @@
1
+ import { ConfigInvalidError } from "./errors/index.js";
2
+ import { z } from "zod";
3
+
4
+ //#region src/config.ts
5
+ /**
6
+ * Strongly-typed configuration loader for the Graphorin server.
7
+ *
8
+ * Operators ship a `graphorin.config.ts` (or `.js` / `.mjs` / JSON)
9
+ * file that calls {@link defineConfig} to construct a typed config
10
+ * object; the server runtime accepts either the raw object, a path
11
+ * to such a file, or a function that returns one.
12
+ *
13
+ * Validation is performed via Zod so user-facing errors include the
14
+ * exact path of every failing field, not just a generic
15
+ * "TypeError: undefined".
16
+ *
17
+ * @packageDocumentation
18
+ */
19
+ const corsSchema = z.object({
20
+ allowOrigins: z.array(z.string()).default([]),
21
+ allowCredentials: z.boolean().default(false),
22
+ allowMethods: z.array(z.string()).default([
23
+ "GET",
24
+ "POST",
25
+ "PUT",
26
+ "PATCH",
27
+ "DELETE",
28
+ "OPTIONS"
29
+ ]),
30
+ allowHeaders: z.array(z.string()).default([
31
+ "Authorization",
32
+ "Content-Type",
33
+ "Idempotency-Key",
34
+ "X-CSRF-Token"
35
+ ]),
36
+ maxAgeSeconds: z.number().int().nonnegative().default(600)
37
+ }).strict().default({});
38
+ const csrfSchema = z.object({
39
+ enabled: z.boolean().default(true),
40
+ cookieName: z.string().default("graphorin_csrf"),
41
+ headerName: z.string().default("X-CSRF-Token"),
42
+ safeMethods: z.array(z.string()).default([
43
+ "GET",
44
+ "HEAD",
45
+ "OPTIONS"
46
+ ])
47
+ }).strict().default({});
48
+ const rateLimitSchema = z.object({
49
+ enabled: z.boolean().default(true),
50
+ windowMs: z.number().int().positive().default(6e4),
51
+ perIpRequests: z.number().int().positive().default(60)
52
+ }).strict().default({});
53
+ const idempotencySchema = z.object({
54
+ enabled: z.boolean().default(true),
55
+ requireKey: z.enum([
56
+ "off",
57
+ "warn",
58
+ "enforce"
59
+ ]).default("warn"),
60
+ ttlSeconds: z.number().int().positive().default(86400),
61
+ checkBodyFingerprint: z.boolean().default(true),
62
+ lruCacheSize: z.number().int().positive().default(1e3)
63
+ }).strict().default({});
64
+ const shutdownSchema = z.object({ drainTimeoutMs: z.number().int().positive().default(3e4) }).strict().default({});
65
+ const streamReplayBufferSchema = z.object({
66
+ maxEvents: z.number().int().positive().default(1e3),
67
+ ttlSeconds: z.number().int().positive().default(300)
68
+ }).strict().default({});
69
+ const streamSchema = z.object({
70
+ disconnectPolicy: z.enum([
71
+ "continue",
72
+ "pause-on-disconnect",
73
+ "abort-on-disconnect"
74
+ ]).default("continue"),
75
+ disconnectGracePeriodMs: z.number().int().nonnegative().default(1e4),
76
+ replayBuffer: streamReplayBufferSchema,
77
+ perConnectionQueueLimit: z.number().int().positive().default(1e3)
78
+ }).strict().default({});
79
+ const wsCommentarySchema = z.object({
80
+ policy: z.enum([
81
+ "wrap",
82
+ "strip",
83
+ "pass-through"
84
+ ]).default("wrap"),
85
+ applyToEvents: z.array(z.string().min(1)).default([
86
+ "tool.execute.end",
87
+ "tool.execute.error",
88
+ "text.delta"
89
+ ])
90
+ }).strict().default({});
91
+ const wsSchema = z.object({
92
+ enabled: z.boolean().default(true),
93
+ path: z.string().default("/ws"),
94
+ ticketTtlMs: z.number().int().positive().default(5 * 6e4),
95
+ commentarySanitization: wsCommentarySchema
96
+ }).strict().default({});
97
+ const sseSchema = z.object({
98
+ enabled: z.boolean().default(true),
99
+ path: z.string().default("/sessions"),
100
+ keepAliveMs: z.number().int().positive().default(15e3)
101
+ }).strict().default({});
102
+ const serverSchema = z.object({
103
+ host: z.string().min(1).default("127.0.0.1"),
104
+ port: z.number().int().min(0).max(65535).default(8080),
105
+ basePath: z.string().default("/v1"),
106
+ cors: corsSchema,
107
+ csrf: csrfSchema,
108
+ rateLimit: rateLimitSchema,
109
+ idempotency: idempotencySchema,
110
+ shutdown: shutdownSchema,
111
+ trustProxy: z.boolean().default(false),
112
+ stream: streamSchema,
113
+ ws: wsSchema,
114
+ sse: sseSchema
115
+ }).strict().default({});
116
+ const encryptionSchema = z.object({
117
+ enabled: z.boolean().default(false),
118
+ cipher: z.string().optional(),
119
+ passphraseRef: z.string().optional()
120
+ }).strict().default({});
121
+ const storageSchema = z.object({
122
+ path: z.string().min(1).default("./.graphorin/data.db"),
123
+ mode: z.enum(["lib", "server"]).default("server"),
124
+ walCheckpointIntervalMs: z.number().int().positive().optional(),
125
+ encryption: encryptionSchema
126
+ }).strict().default({});
127
+ const auditSchema = z.object({
128
+ enabled: z.boolean().default(false),
129
+ path: z.string().optional(),
130
+ passphraseRef: z.string().optional(),
131
+ cipher: z.string().optional()
132
+ }).strict().default({});
133
+ const secretsSchema = z.object({
134
+ source: z.enum([
135
+ "auto",
136
+ "keyring",
137
+ "encrypted-file",
138
+ "env"
139
+ ]).default("auto"),
140
+ strict: z.boolean().default(false)
141
+ }).strict().default({});
142
+ const authSchema = z.object({
143
+ kind: z.enum(["token", "none"]).default("token"),
144
+ pepperRef: z.string().optional(),
145
+ tokenPrefix: z.string().default("gph"),
146
+ tokenEnvironments: z.array(z.string()).default([
147
+ "live",
148
+ "test",
149
+ "local"
150
+ ]),
151
+ perIpFailureThreshold: z.number().int().positive().optional(),
152
+ perIpLockoutMs: z.number().int().positive().optional()
153
+ }).strict().default({});
154
+ const observabilitySchema = z.object({ logger: z.enum([
155
+ "json",
156
+ "pretty",
157
+ "silent"
158
+ ]).default("json") }).strict().default({});
159
+ const hardeningSchema = z.object({
160
+ applyOnStart: z.boolean().default(true),
161
+ refuseRoot: z.boolean().default(true),
162
+ umask: z.number().int().nonnegative().default(63)
163
+ }).strict().default({});
164
+ const metricsSchema = z.object({
165
+ enabled: z.boolean().default(true),
166
+ path: z.string().default("/metrics"),
167
+ requireAuth: z.boolean().default(false)
168
+ }).strict().default({});
169
+ const healthSchema = z.object({ walWarnThresholdBytes: z.number().int().positive().default(50 * 1024 * 1024) }).strict().default({});
170
+ /**
171
+ * Zod schema for the resolved {@link ServerConfigSpec}. Exposed for
172
+ * advanced users that want to validate other config sources (env-only
173
+ * launch, CLI overrides, etc.).
174
+ *
175
+ * @stable
176
+ */
177
+ const ServerConfigSchema = z.object({
178
+ server: serverSchema,
179
+ storage: storageSchema,
180
+ audit: auditSchema,
181
+ secrets: secretsSchema,
182
+ auth: authSchema,
183
+ observability: observabilitySchema,
184
+ hardening: hardeningSchema,
185
+ metrics: metricsSchema,
186
+ health: healthSchema
187
+ }).strict().default({});
188
+ /**
189
+ * Helper for `graphorin.config.ts` files. Pure pass-through that
190
+ * provides editor autocomplete; the actual parsing happens at server
191
+ * startup so callers always see the same error path regardless of
192
+ * which loader (TS / JS / JSON) the operator picked.
193
+ *
194
+ * @stable
195
+ */
196
+ function defineConfig(input) {
197
+ return input;
198
+ }
199
+ /**
200
+ * Parse + validate user input. Returns a strongly-typed
201
+ * {@link ServerConfigSpec}; throws {@link ConfigInvalidError} on
202
+ * any invalid field with a flattened issue list.
203
+ *
204
+ * @stable
205
+ */
206
+ function parseServerConfig(input) {
207
+ const result = ServerConfigSchema.safeParse(input ?? {});
208
+ if (!result.success) throw new ConfigInvalidError(result.error.issues.map((issue) => ({
209
+ path: issue.path,
210
+ message: issue.message
211
+ })), result.error);
212
+ return result.data;
213
+ }
214
+
215
+ //#endregion
216
+ export { ServerConfigSchema, defineConfig, parseServerConfig };
217
+ //# sourceMappingURL=config.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.js","names":[],"sources":["../src/config.ts"],"sourcesContent":["/**\n * Strongly-typed configuration loader for the Graphorin server.\n *\n * Operators ship a `graphorin.config.ts` (or `.js` / `.mjs` / JSON)\n * file that calls {@link defineConfig} to construct a typed config\n * object; the server runtime accepts either the raw object, a path\n * to such a file, or a function that returns one.\n *\n * Validation is performed via Zod so user-facing errors include the\n * exact path of every failing field, not just a generic\n * \"TypeError: undefined\".\n *\n * @packageDocumentation\n */\n\nimport { z } from 'zod';\n\nimport { ConfigInvalidError } from './errors/index.js';\n\n/**\n * String literal that flags a value as a `SecretRef` URI. The\n * server's pre-bind step resolves every `*Ref` field through the\n * `@graphorin/security` resolver registry before binding the\n * listener; an unresolvable ref fails fast with\n * {@link import('./errors/index.js').PrebindSecretUnresolvableError}.\n *\n * @stable\n */\nexport type SecretRefString = string;\n\n/**\n * Selector for which `SecretsStore` flavour the server activates.\n * Mirrors `--secrets-source` from DEC-136.\n *\n * @stable\n */\nexport type SecretsSource = 'auto' | 'keyring' | 'encrypted-file' | 'env';\n\n/** @stable */\nexport type IdempotencyRequireKeyMode = 'off' | 'warn' | 'enforce';\n\n/** @stable */\nexport type DeliveryCommentaryPolicyConfig = 'wrap' | 'strip' | 'pass-through';\n\n/** @stable */\nexport interface ServerConfigSpec {\n readonly server: {\n readonly host: string;\n readonly port: number;\n readonly basePath: string;\n readonly cors: {\n readonly allowOrigins: ReadonlyArray<string>;\n readonly allowCredentials: boolean;\n readonly allowMethods: ReadonlyArray<string>;\n readonly allowHeaders: ReadonlyArray<string>;\n readonly maxAgeSeconds: number;\n };\n readonly csrf: {\n readonly enabled: boolean;\n readonly cookieName: string;\n readonly headerName: string;\n readonly safeMethods: ReadonlyArray<string>;\n };\n readonly rateLimit: {\n readonly enabled: boolean;\n readonly windowMs: number;\n readonly perIpRequests: number;\n };\n readonly idempotency: {\n readonly enabled: boolean;\n readonly requireKey: IdempotencyRequireKeyMode;\n readonly ttlSeconds: number;\n readonly checkBodyFingerprint: boolean;\n readonly lruCacheSize: number;\n };\n readonly shutdown: {\n readonly drainTimeoutMs: number;\n };\n readonly trustProxy: boolean;\n readonly stream: {\n readonly disconnectPolicy: 'continue' | 'pause-on-disconnect' | 'abort-on-disconnect';\n readonly disconnectGracePeriodMs: number;\n readonly replayBuffer: {\n readonly maxEvents: number;\n readonly ttlSeconds: number;\n };\n readonly perConnectionQueueLimit: number;\n };\n readonly ws: {\n readonly enabled: boolean;\n readonly path: string;\n readonly ticketTtlMs: number;\n readonly commentarySanitization: {\n readonly policy: DeliveryCommentaryPolicyConfig;\n readonly applyToEvents: ReadonlyArray<string>;\n };\n };\n readonly sse: {\n readonly enabled: boolean;\n readonly path: string;\n readonly keepAliveMs: number;\n };\n };\n readonly storage: {\n readonly path: string;\n readonly mode: 'lib' | 'server';\n readonly walCheckpointIntervalMs?: number;\n readonly encryption: {\n readonly enabled: boolean;\n readonly cipher?: string;\n readonly passphraseRef?: SecretRefString;\n };\n };\n readonly audit: {\n readonly enabled: boolean;\n readonly path?: string;\n readonly passphraseRef?: SecretRefString;\n readonly cipher?: string;\n };\n readonly secrets: {\n readonly source: SecretsSource;\n readonly strict: boolean;\n };\n readonly auth: {\n readonly kind: 'token' | 'none';\n readonly pepperRef?: SecretRefString;\n readonly tokenPrefix: string;\n readonly tokenEnvironments: ReadonlyArray<string>;\n readonly perIpFailureThreshold?: number;\n readonly perIpLockoutMs?: number;\n };\n readonly observability: {\n readonly logger: 'json' | 'pretty' | 'silent';\n };\n readonly hardening: {\n readonly applyOnStart: boolean;\n readonly refuseRoot: boolean;\n readonly umask: number;\n };\n readonly metrics: {\n readonly enabled: boolean;\n readonly path: string;\n readonly requireAuth: boolean;\n };\n readonly health: {\n readonly walWarnThresholdBytes: number;\n };\n}\n\nconst corsSchema = z\n .object({\n allowOrigins: z.array(z.string()).default([]),\n allowCredentials: z.boolean().default(false),\n allowMethods: z.array(z.string()).default(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS']),\n allowHeaders: z\n .array(z.string())\n .default(['Authorization', 'Content-Type', 'Idempotency-Key', 'X-CSRF-Token']),\n maxAgeSeconds: z.number().int().nonnegative().default(600),\n })\n .strict()\n .default({});\n\nconst csrfSchema = z\n .object({\n enabled: z.boolean().default(true),\n cookieName: z.string().default('graphorin_csrf'),\n headerName: z.string().default('X-CSRF-Token'),\n safeMethods: z.array(z.string()).default(['GET', 'HEAD', 'OPTIONS']),\n })\n .strict()\n .default({});\n\nconst rateLimitSchema = z\n .object({\n enabled: z.boolean().default(true),\n windowMs: z.number().int().positive().default(60_000),\n perIpRequests: z.number().int().positive().default(60),\n })\n .strict()\n .default({});\n\nconst idempotencySchema = z\n .object({\n enabled: z.boolean().default(true),\n requireKey: z.enum(['off', 'warn', 'enforce']).default('warn'),\n ttlSeconds: z.number().int().positive().default(86_400),\n checkBodyFingerprint: z.boolean().default(true),\n lruCacheSize: z.number().int().positive().default(1_000),\n })\n .strict()\n .default({});\n\nconst shutdownSchema = z\n .object({\n drainTimeoutMs: z.number().int().positive().default(30_000),\n })\n .strict()\n .default({});\n\nconst streamReplayBufferSchema = z\n .object({\n maxEvents: z.number().int().positive().default(1_000),\n ttlSeconds: z.number().int().positive().default(300),\n })\n .strict()\n .default({});\n\nconst streamSchema = z\n .object({\n disconnectPolicy: z\n .enum(['continue', 'pause-on-disconnect', 'abort-on-disconnect'])\n .default('continue'),\n disconnectGracePeriodMs: z.number().int().nonnegative().default(10_000),\n replayBuffer: streamReplayBufferSchema,\n perConnectionQueueLimit: z.number().int().positive().default(1_000),\n })\n .strict()\n .default({});\n\nconst wsCommentarySchema = z\n .object({\n policy: z.enum(['wrap', 'strip', 'pass-through']).default('wrap'),\n applyToEvents: z\n .array(z.string().min(1))\n .default(['tool.execute.end', 'tool.execute.error', 'text.delta']),\n })\n .strict()\n .default({});\n\nconst wsSchema = z\n .object({\n enabled: z.boolean().default(true),\n path: z.string().default('/ws'),\n ticketTtlMs: z\n .number()\n .int()\n .positive()\n .default(5 * 60_000),\n commentarySanitization: wsCommentarySchema,\n })\n .strict()\n .default({});\n\nconst sseSchema = z\n .object({\n enabled: z.boolean().default(true),\n path: z.string().default('/sessions'),\n keepAliveMs: z.number().int().positive().default(15_000),\n })\n .strict()\n .default({});\n\nconst serverSchema = z\n .object({\n host: z.string().min(1).default('127.0.0.1'),\n port: z.number().int().min(0).max(65_535).default(8_080),\n basePath: z.string().default('/v1'),\n cors: corsSchema,\n csrf: csrfSchema,\n rateLimit: rateLimitSchema,\n idempotency: idempotencySchema,\n shutdown: shutdownSchema,\n trustProxy: z.boolean().default(false),\n stream: streamSchema,\n ws: wsSchema,\n sse: sseSchema,\n })\n .strict()\n .default({});\n\nconst encryptionSchema = z\n .object({\n enabled: z.boolean().default(false),\n cipher: z.string().optional(),\n passphraseRef: z.string().optional(),\n })\n .strict()\n .default({});\n\nconst storageSchema = z\n .object({\n path: z.string().min(1).default('./.graphorin/data.db'),\n mode: z.enum(['lib', 'server']).default('server'),\n walCheckpointIntervalMs: z.number().int().positive().optional(),\n encryption: encryptionSchema,\n })\n .strict()\n .default({});\n\nconst auditSchema = z\n .object({\n enabled: z.boolean().default(false),\n path: z.string().optional(),\n passphraseRef: z.string().optional(),\n cipher: z.string().optional(),\n })\n .strict()\n .default({});\n\nconst secretsSchema = z\n .object({\n source: z.enum(['auto', 'keyring', 'encrypted-file', 'env']).default('auto'),\n strict: z.boolean().default(false),\n })\n .strict()\n .default({});\n\nconst authSchema = z\n .object({\n kind: z.enum(['token', 'none']).default('token'),\n pepperRef: z.string().optional(),\n tokenPrefix: z.string().default('gph'),\n tokenEnvironments: z.array(z.string()).default(['live', 'test', 'local']),\n perIpFailureThreshold: z.number().int().positive().optional(),\n perIpLockoutMs: z.number().int().positive().optional(),\n })\n .strict()\n .default({});\n\nconst observabilitySchema = z\n .object({\n logger: z.enum(['json', 'pretty', 'silent']).default('json'),\n })\n .strict()\n .default({});\n\nconst hardeningSchema = z\n .object({\n applyOnStart: z.boolean().default(true),\n refuseRoot: z.boolean().default(true),\n umask: z.number().int().nonnegative().default(0o077),\n })\n .strict()\n .default({});\n\nconst metricsSchema = z\n .object({\n enabled: z.boolean().default(true),\n path: z.string().default('/metrics'),\n requireAuth: z.boolean().default(false),\n })\n .strict()\n .default({});\n\nconst healthSchema = z\n .object({\n walWarnThresholdBytes: z\n .number()\n .int()\n .positive()\n .default(50 * 1024 * 1024),\n })\n .strict()\n .default({});\n\n/**\n * Zod schema for the resolved {@link ServerConfigSpec}. Exposed for\n * advanced users that want to validate other config sources (env-only\n * launch, CLI overrides, etc.).\n *\n * @stable\n */\nexport const ServerConfigSchema = z\n .object({\n server: serverSchema,\n storage: storageSchema,\n audit: auditSchema,\n secrets: secretsSchema,\n auth: authSchema,\n observability: observabilitySchema,\n hardening: hardeningSchema,\n metrics: metricsSchema,\n health: healthSchema,\n })\n .strict()\n .default({});\n\n/**\n * Input shape accepted by {@link defineConfig}. Every field is\n * optional; missing values fall back to a documented default.\n *\n * @stable\n */\nexport type ServerConfigInput = z.input<typeof ServerConfigSchema>;\n\n/**\n * Helper for `graphorin.config.ts` files. Pure pass-through that\n * provides editor autocomplete; the actual parsing happens at server\n * startup so callers always see the same error path regardless of\n * which loader (TS / JS / JSON) the operator picked.\n *\n * @stable\n */\nexport function defineConfig(input: ServerConfigInput): ServerConfigInput {\n return input;\n}\n\n/**\n * Parse + validate user input. Returns a strongly-typed\n * {@link ServerConfigSpec}; throws {@link ConfigInvalidError} on\n * any invalid field with a flattened issue list.\n *\n * @stable\n */\nexport function parseServerConfig(input: unknown): ServerConfigSpec {\n const result = ServerConfigSchema.safeParse(input ?? {});\n if (!result.success) {\n const issues = result.error.issues.map((issue) => ({\n path: issue.path,\n message: issue.message,\n }));\n throw new ConfigInvalidError(issues, result.error);\n }\n return result.data as unknown as ServerConfigSpec;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAqJA,MAAM,aAAa,EAChB,OAAO;CACN,cAAc,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC7C,kBAAkB,EAAE,SAAS,CAAC,QAAQ,MAAM;CAC5C,cAAc,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ;EAAC;EAAO;EAAQ;EAAO;EAAS;EAAU;EAAU,CAAC;CAC/F,cAAc,EACX,MAAM,EAAE,QAAQ,CAAC,CACjB,QAAQ;EAAC;EAAiB;EAAgB;EAAmB;EAAe,CAAC;CAChF,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,QAAQ,IAAI;CAC3D,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,aAAa,EAChB,OAAO;CACN,SAAS,EAAE,SAAS,CAAC,QAAQ,KAAK;CAClC,YAAY,EAAE,QAAQ,CAAC,QAAQ,iBAAiB;CAChD,YAAY,EAAE,QAAQ,CAAC,QAAQ,eAAe;CAC9C,aAAa,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ;EAAC;EAAO;EAAQ;EAAU,CAAC;CACrE,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,kBAAkB,EACrB,OAAO;CACN,SAAS,EAAE,SAAS,CAAC,QAAQ,KAAK;CAClC,UAAU,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,IAAO;CACrD,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,GAAG;CACvD,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,oBAAoB,EACvB,OAAO;CACN,SAAS,EAAE,SAAS,CAAC,QAAQ,KAAK;CAClC,YAAY,EAAE,KAAK;EAAC;EAAO;EAAQ;EAAU,CAAC,CAAC,QAAQ,OAAO;CAC9D,YAAY,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,MAAO;CACvD,sBAAsB,EAAE,SAAS,CAAC,QAAQ,KAAK;CAC/C,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,IAAM;CACzD,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,iBAAiB,EACpB,OAAO,EACN,gBAAgB,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,IAAO,EAC5D,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,2BAA2B,EAC9B,OAAO;CACN,WAAW,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,IAAM;CACrD,YAAY,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,IAAI;CACrD,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,eAAe,EAClB,OAAO;CACN,kBAAkB,EACf,KAAK;EAAC;EAAY;EAAuB;EAAsB,CAAC,CAChE,QAAQ,WAAW;CACtB,yBAAyB,EAAE,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,QAAQ,IAAO;CACvE,cAAc;CACd,yBAAyB,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,IAAM;CACpE,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,qBAAqB,EACxB,OAAO;CACN,QAAQ,EAAE,KAAK;EAAC;EAAQ;EAAS;EAAe,CAAC,CAAC,QAAQ,OAAO;CACjE,eAAe,EACZ,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CACxB,QAAQ;EAAC;EAAoB;EAAsB;EAAa,CAAC;CACrE,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,WAAW,EACd,OAAO;CACN,SAAS,EAAE,SAAS,CAAC,QAAQ,KAAK;CAClC,MAAM,EAAE,QAAQ,CAAC,QAAQ,MAAM;CAC/B,aAAa,EACV,QAAQ,CACR,KAAK,CACL,UAAU,CACV,QAAQ,IAAI,IAAO;CACtB,wBAAwB;CACzB,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,YAAY,EACf,OAAO;CACN,SAAS,EAAE,SAAS,CAAC,QAAQ,KAAK;CAClC,MAAM,EAAE,QAAQ,CAAC,QAAQ,YAAY;CACrC,aAAa,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,KAAO;CACzD,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,eAAe,EAClB,OAAO;CACN,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,QAAQ,YAAY;CAC5C,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,MAAO,CAAC,QAAQ,KAAM;CACxD,UAAU,EAAE,QAAQ,CAAC,QAAQ,MAAM;CACnC,MAAM;CACN,MAAM;CACN,WAAW;CACX,aAAa;CACb,UAAU;CACV,YAAY,EAAE,SAAS,CAAC,QAAQ,MAAM;CACtC,QAAQ;CACR,IAAI;CACJ,KAAK;CACN,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,mBAAmB,EACtB,OAAO;CACN,SAAS,EAAE,SAAS,CAAC,QAAQ,MAAM;CACnC,QAAQ,EAAE,QAAQ,CAAC,UAAU;CAC7B,eAAe,EAAE,QAAQ,CAAC,UAAU;CACrC,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,gBAAgB,EACnB,OAAO;CACN,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,QAAQ,uBAAuB;CACvD,MAAM,EAAE,KAAK,CAAC,OAAO,SAAS,CAAC,CAAC,QAAQ,SAAS;CACjD,yBAAyB,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU;CAC/D,YAAY;CACb,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,cAAc,EACjB,OAAO;CACN,SAAS,EAAE,SAAS,CAAC,QAAQ,MAAM;CACnC,MAAM,EAAE,QAAQ,CAAC,UAAU;CAC3B,eAAe,EAAE,QAAQ,CAAC,UAAU;CACpC,QAAQ,EAAE,QAAQ,CAAC,UAAU;CAC9B,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,gBAAgB,EACnB,OAAO;CACN,QAAQ,EAAE,KAAK;EAAC;EAAQ;EAAW;EAAkB;EAAM,CAAC,CAAC,QAAQ,OAAO;CAC5E,QAAQ,EAAE,SAAS,CAAC,QAAQ,MAAM;CACnC,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,aAAa,EAChB,OAAO;CACN,MAAM,EAAE,KAAK,CAAC,SAAS,OAAO,CAAC,CAAC,QAAQ,QAAQ;CAChD,WAAW,EAAE,QAAQ,CAAC,UAAU;CAChC,aAAa,EAAE,QAAQ,CAAC,QAAQ,MAAM;CACtC,mBAAmB,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ;EAAC;EAAQ;EAAQ;EAAQ,CAAC;CACzE,uBAAuB,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU;CAC7D,gBAAgB,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU;CACvD,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,sBAAsB,EACzB,OAAO,EACN,QAAQ,EAAE,KAAK;CAAC;CAAQ;CAAU;CAAS,CAAC,CAAC,QAAQ,OAAO,EAC7D,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,kBAAkB,EACrB,OAAO;CACN,cAAc,EAAE,SAAS,CAAC,QAAQ,KAAK;CACvC,YAAY,EAAE,SAAS,CAAC,QAAQ,KAAK;CACrC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,QAAQ,GAAM;CACrD,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,gBAAgB,EACnB,OAAO;CACN,SAAS,EAAE,SAAS,CAAC,QAAQ,KAAK;CAClC,MAAM,EAAE,QAAQ,CAAC,QAAQ,WAAW;CACpC,aAAa,EAAE,SAAS,CAAC,QAAQ,MAAM;CACxC,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;AAEd,MAAM,eAAe,EAClB,OAAO,EACN,uBAAuB,EACpB,QAAQ,CACR,KAAK,CACL,UAAU,CACV,QAAQ,KAAK,OAAO,KAAK,EAC7B,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;;;;;;;;AASd,MAAa,qBAAqB,EAC/B,OAAO;CACN,QAAQ;CACR,SAAS;CACT,OAAO;CACP,SAAS;CACT,MAAM;CACN,eAAe;CACf,WAAW;CACX,SAAS;CACT,QAAQ;CACT,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,CAAC;;;;;;;;;AAkBd,SAAgB,aAAa,OAA6C;AACxE,QAAO;;;;;;;;;AAUT,SAAgB,kBAAkB,OAAkC;CAClE,MAAM,SAAS,mBAAmB,UAAU,SAAS,EAAE,CAAC;AACxD,KAAI,CAAC,OAAO,QAKV,OAAM,IAAI,mBAJK,OAAO,MAAM,OAAO,KAAK,WAAW;EACjD,MAAM,MAAM;EACZ,SAAS,MAAM;EAChB,EAAE,EACkC,OAAO,MAAM;AAEpD,QAAO,OAAO"}
@@ -0,0 +1,88 @@
1
+ import * as _graphorin_triggers0 from "@graphorin/triggers";
2
+
3
+ //#region src/consolidator/daemon.d.ts
4
+
5
+ /**
6
+ * Lifecycle wrapper around an externally-built `Consolidator`. Phase
7
+ * 14c wires the runtime into `beforeStart` / `beforeShutdown` so the
8
+ * background pipeline starts and stops cleanly with the daemon. The
9
+ * adapter does not own the consolidator construction — operators
10
+ * supply the instance through the `createServer({ consolidator })`
11
+ * option so the framework stays decoupled from the heavy
12
+ * `@graphorin/memory` package.
13
+ *
14
+ * @packageDocumentation
15
+ */
16
+ /**
17
+ * Structurally-typed view of the `@graphorin/memory` Consolidator
18
+ * surface. Importing the full type would force a hard dependency on
19
+ * `@graphorin/memory`; the structural subset captured here is enough
20
+ * for the lifecycle integration + the `/v1/health` aggregator.
21
+ *
22
+ * @stable
23
+ */
24
+ interface ConsolidatorLike {
25
+ start(): Promise<void>;
26
+ stop(): Promise<void>;
27
+ status(): Promise<ConsolidatorStatusLike>;
28
+ setTier?(tier: string): Promise<void>;
29
+ pause?(): Promise<void>;
30
+ resume?(): Promise<void>;
31
+ drainDlq?(): Promise<number>;
32
+ /**
33
+ * Register the consolidator's cron / idle triggers with the server's
34
+ * triggers scheduler so background consolidation actually fires (MCON-4).
35
+ * Called from `beforeStart` when both a consolidator and a triggers daemon
36
+ * are configured. Optional so a consolidator without a `defaultScope` (or a
37
+ * custom surface) simply opts out.
38
+ */
39
+ registerWithScheduler?(scheduler: _graphorin_triggers0.Scheduler): Promise<unknown>;
40
+ }
41
+ /**
42
+ * Subset of `ConsolidatorStatus` the server health endpoint and the
43
+ * Prometheus metrics consume. The full struct lives in
44
+ * `@graphorin/memory/consolidator`.
45
+ *
46
+ * @stable
47
+ */
48
+ interface ConsolidatorStatusLike {
49
+ readonly tier: string;
50
+ readonly running: boolean;
51
+ readonly paused: boolean;
52
+ readonly queueDepth: number;
53
+ readonly dlqSize: number;
54
+ readonly deferredRuns: number;
55
+ readonly emptyExtractions: number;
56
+ readonly budget: {
57
+ readonly tokensUsedToday: number;
58
+ readonly costUsedToday: number;
59
+ readonly tokensRemaining: number;
60
+ readonly costRemaining: number;
61
+ readonly resetAt: string;
62
+ };
63
+ }
64
+ /**
65
+ * @stable
66
+ */
67
+ interface CreateConsolidatorDaemonOptions {
68
+ readonly consolidator: ConsolidatorLike;
69
+ /** Hard timeout on `consolidator.stop()`. Defaults to 10 s. */
70
+ readonly stopTimeoutMs?: number;
71
+ readonly warn?: (message: string) => void;
72
+ }
73
+ /**
74
+ * @stable
75
+ */
76
+ interface ConsolidatorDaemon {
77
+ start(): Promise<void>;
78
+ stop(): Promise<void>;
79
+ status(): Promise<ConsolidatorStatusLike>;
80
+ readonly consolidator: ConsolidatorLike;
81
+ }
82
+ /**
83
+ * @stable
84
+ */
85
+ declare function createConsolidatorDaemon(options: CreateConsolidatorDaemonOptions): ConsolidatorDaemon;
86
+ //#endregion
87
+ export { ConsolidatorDaemon, ConsolidatorLike, ConsolidatorStatusLike, CreateConsolidatorDaemonOptions, createConsolidatorDaemon };
88
+ //# sourceMappingURL=daemon.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"daemon.d.ts","names":[],"sources":["../../src/consolidator/daemon.ts"],"sourcesContent":[],"mappings":";;;;;;;AAoBA;;;;;;;;;;;;AAyBA;AAoBA;AAUA;;AAEU,UAzDO,gBAAA,CAyDP;EACU,KAAA,EAAA,EAzDT,OAyDS,CAAA,IAAA,CAAA;EAAR,IAAA,EAAA,EAxDF,OAwDE,CAAA,IAAA,CAAA;EACa,MAAA,EAAA,EAxDb,OAwDa,CAxDL,sBAwDK,CAAA;EAAgB,OAAA,EAAA,IAAA,EAAA,MAAA,CAAA,EAvDf,OAuDe,CAAA,IAAA,CAAA;EAMzB,KAAA,GAAA,EA5DJ,OA4DI,CAAA,IAAA,CAAA;aA3DH;eACE;;;;;;;;oCAAO,oBAAA,CAQ4C,YAAY;;;;;;;;;UAU7D,sBAAA;;;;;;;;;;;;;;;;;;;UAoBA,+BAAA;yBACQ;;;;;;;;UASR,kBAAA;WACN;UACD;YACE,QAAQ;yBACK;;;;;iBAMT,wBAAA,UACL,kCACR"}
@@ -0,0 +1,54 @@
1
+ //#region src/consolidator/daemon.ts
2
+ /**
3
+ * @stable
4
+ */
5
+ function createConsolidatorDaemon(options) {
6
+ const stopTimeoutMs = options.stopTimeoutMs ?? 1e4;
7
+ const warn = options.warn ?? ((m) => process.stderr.write(`${m}\n`));
8
+ let started = false;
9
+ return {
10
+ get consolidator() {
11
+ return options.consolidator;
12
+ },
13
+ async start() {
14
+ if (started) return;
15
+ started = true;
16
+ await options.consolidator.start();
17
+ },
18
+ async stop() {
19
+ if (!started) return;
20
+ started = false;
21
+ try {
22
+ await withTimeout(options.consolidator.stop(), stopTimeoutMs);
23
+ } catch (err) {
24
+ warn(`[graphorin/server] consolidator daemon: stop() exceeded ${stopTimeoutMs}ms; force-aborting (${describeError(err)}).`);
25
+ }
26
+ },
27
+ async status() {
28
+ return options.consolidator.status();
29
+ }
30
+ };
31
+ }
32
+ async function withTimeout(p, ms) {
33
+ return new Promise((resolve, reject) => {
34
+ const timer = setTimeout(() => {
35
+ reject(/* @__PURE__ */ new Error(`timeout after ${ms}ms`));
36
+ }, ms);
37
+ p.then((value) => {
38
+ clearTimeout(timer);
39
+ resolve(value);
40
+ }, (err) => {
41
+ clearTimeout(timer);
42
+ reject(err);
43
+ });
44
+ });
45
+ }
46
+ function describeError(err) {
47
+ if (err === null || err === void 0) return "unknown";
48
+ if (err instanceof Error) return err.message;
49
+ return String(err);
50
+ }
51
+
52
+ //#endregion
53
+ export { createConsolidatorDaemon };
54
+ //# sourceMappingURL=daemon.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"daemon.js","names":[],"sources":["../../src/consolidator/daemon.ts"],"sourcesContent":["/**\n * Lifecycle wrapper around an externally-built `Consolidator`. Phase\n * 14c wires the runtime into `beforeStart` / `beforeShutdown` so the\n * background pipeline starts and stops cleanly with the daemon. The\n * adapter does not own the consolidator construction — operators\n * supply the instance through the `createServer({ consolidator })`\n * option so the framework stays decoupled from the heavy\n * `@graphorin/memory` package.\n *\n * @packageDocumentation\n */\n\n/**\n * Structurally-typed view of the `@graphorin/memory` Consolidator\n * surface. Importing the full type would force a hard dependency on\n * `@graphorin/memory`; the structural subset captured here is enough\n * for the lifecycle integration + the `/v1/health` aggregator.\n *\n * @stable\n */\nexport interface ConsolidatorLike {\n start(): Promise<void>;\n stop(): Promise<void>;\n status(): Promise<ConsolidatorStatusLike>;\n setTier?(tier: string): Promise<void>;\n pause?(): Promise<void>;\n resume?(): Promise<void>;\n drainDlq?(): Promise<number>;\n /**\n * Register the consolidator's cron / idle triggers with the server's\n * triggers scheduler so background consolidation actually fires (MCON-4).\n * Called from `beforeStart` when both a consolidator and a triggers daemon\n * are configured. Optional so a consolidator without a `defaultScope` (or a\n * custom surface) simply opts out.\n */\n registerWithScheduler?(scheduler: import('@graphorin/triggers').Scheduler): Promise<unknown>;\n}\n\n/**\n * Subset of `ConsolidatorStatus` the server health endpoint and the\n * Prometheus metrics consume. The full struct lives in\n * `@graphorin/memory/consolidator`.\n *\n * @stable\n */\nexport interface ConsolidatorStatusLike {\n readonly tier: string;\n readonly running: boolean;\n readonly paused: boolean;\n readonly queueDepth: number;\n readonly dlqSize: number;\n readonly deferredRuns: number;\n readonly emptyExtractions: number;\n readonly budget: {\n readonly tokensUsedToday: number;\n readonly costUsedToday: number;\n readonly tokensRemaining: number;\n readonly costRemaining: number;\n readonly resetAt: string;\n };\n}\n\n/**\n * @stable\n */\nexport interface CreateConsolidatorDaemonOptions {\n readonly consolidator: ConsolidatorLike;\n /** Hard timeout on `consolidator.stop()`. Defaults to 10 s. */\n readonly stopTimeoutMs?: number;\n readonly warn?: (message: string) => void;\n}\n\n/**\n * @stable\n */\nexport interface ConsolidatorDaemon {\n start(): Promise<void>;\n stop(): Promise<void>;\n status(): Promise<ConsolidatorStatusLike>;\n readonly consolidator: ConsolidatorLike;\n}\n\n/**\n * @stable\n */\nexport function createConsolidatorDaemon(\n options: CreateConsolidatorDaemonOptions,\n): ConsolidatorDaemon {\n const stopTimeoutMs = options.stopTimeoutMs ?? 10_000;\n const warn = options.warn ?? ((m: string) => process.stderr.write(`${m}\\n`));\n let started = false;\n\n return {\n get consolidator() {\n return options.consolidator;\n },\n async start() {\n if (started) return;\n started = true;\n await options.consolidator.start();\n },\n async stop() {\n if (!started) return;\n started = false;\n try {\n await withTimeout(options.consolidator.stop(), stopTimeoutMs);\n } catch (err) {\n warn(\n `[graphorin/server] consolidator daemon: stop() exceeded ${stopTimeoutMs}ms; force-aborting (${describeError(err)}).`,\n );\n }\n },\n async status() {\n return options.consolidator.status();\n },\n };\n}\n\nasync function withTimeout<T>(p: Promise<T>, ms: number): Promise<T> {\n return new Promise<T>((resolve, reject) => {\n const timer = setTimeout(() => {\n reject(new Error(`timeout after ${ms}ms`));\n }, ms);\n p.then(\n (value) => {\n clearTimeout(timer);\n resolve(value);\n },\n (err) => {\n clearTimeout(timer);\n reject(err);\n },\n );\n });\n}\n\nfunction describeError(err: unknown): string {\n if (err === null || err === undefined) return 'unknown';\n if (err instanceof Error) return err.message;\n return String(err);\n}\n"],"mappings":";;;;AAqFA,SAAgB,yBACd,SACoB;CACpB,MAAM,gBAAgB,QAAQ,iBAAiB;CAC/C,MAAM,OAAO,QAAQ,UAAU,MAAc,QAAQ,OAAO,MAAM,GAAG,EAAE,IAAI;CAC3E,IAAI,UAAU;AAEd,QAAO;EACL,IAAI,eAAe;AACjB,UAAO,QAAQ;;EAEjB,MAAM,QAAQ;AACZ,OAAI,QAAS;AACb,aAAU;AACV,SAAM,QAAQ,aAAa,OAAO;;EAEpC,MAAM,OAAO;AACX,OAAI,CAAC,QAAS;AACd,aAAU;AACV,OAAI;AACF,UAAM,YAAY,QAAQ,aAAa,MAAM,EAAE,cAAc;YACtD,KAAK;AACZ,SACE,2DAA2D,cAAc,sBAAsB,cAAc,IAAI,CAAC,IACnH;;;EAGL,MAAM,SAAS;AACb,UAAO,QAAQ,aAAa,QAAQ;;EAEvC;;AAGH,eAAe,YAAe,GAAe,IAAwB;AACnE,QAAO,IAAI,SAAY,SAAS,WAAW;EACzC,MAAM,QAAQ,iBAAiB;AAC7B,0BAAO,IAAI,MAAM,iBAAiB,GAAG,IAAI,CAAC;KACzC,GAAG;AACN,IAAE,MACC,UAAU;AACT,gBAAa,MAAM;AACnB,WAAQ,MAAM;MAEf,QAAQ;AACP,gBAAa,MAAM;AACnB,UAAO,IAAI;IAEd;GACD;;AAGJ,SAAS,cAAc,KAAsB;AAC3C,KAAI,QAAQ,QAAQ,QAAQ,OAAW,QAAO;AAC9C,KAAI,eAAe,MAAO,QAAO,IAAI;AACrC,QAAO,OAAO,IAAI"}
@@ -0,0 +1,2 @@
1
+ import { ConsolidatorDaemon, ConsolidatorLike, ConsolidatorStatusLike, CreateConsolidatorDaemonOptions, createConsolidatorDaemon } from "./daemon.js";
2
+ export { type ConsolidatorDaemon, type ConsolidatorLike, type ConsolidatorStatusLike, type CreateConsolidatorDaemonOptions, createConsolidatorDaemon };
@@ -0,0 +1,3 @@
1
+ import { createConsolidatorDaemon } from "./daemon.js";
2
+
3
+ export { createConsolidatorDaemon };
@@ -0,0 +1,104 @@
1
+ //#region src/errors/index.d.ts
2
+ /**
3
+ * Typed error surface for `@graphorin/server`. Every server-side
4
+ * configuration / lifecycle / runtime failure that an operator must
5
+ * be able to reason about flows through one of the classes in this
6
+ * module so it carries a stable `kind` discriminator + `hint` field
7
+ * pointing the operator at the next remediation step.
8
+ *
9
+ * @packageDocumentation
10
+ */
11
+ /**
12
+ * Stable string discriminator for {@link GraphorinServerError}. Each
13
+ * value maps to a single failure scenario; never reuse a value for a
14
+ * different cause.
15
+ *
16
+ * @stable
17
+ */
18
+ type GraphorinServerErrorCode = 'config-invalid' | 'pre-bind-pepper-missing' | 'pre-bind-secret-unresolvable' | 'pre-bind-encryption-peer-missing' | 'pre-bind-encryption-required' | 'migration-failed' | 'shutdown-timeout' | 'idempotency-conflict' | 'idempotency-key-required' | 'auth-required' | 'auth-invalid' | 'auth-revoked' | 'auth-expired' | 'auth-locked-out' | 'auth-overloaded' | 'scope-denied' | 'csrf-denied' | 'cors-denied' | 'rate-limit-exceeded' | 'route-handler-missing' | 'agent-not-found' | 'workflow-not-found' | 'session-not-found' | 'run-not-found' | 'run-aborted' | 'lifecycle-double-start' | 'lifecycle-not-started';
19
+ /**
20
+ * Base error class. Every server-emitted typed error inherits from
21
+ * here so middleware can pattern-match a single union.
22
+ *
23
+ * @stable
24
+ */
25
+ declare class GraphorinServerError extends Error {
26
+ readonly kind: GraphorinServerErrorCode;
27
+ readonly hint?: string;
28
+ constructor(kind: GraphorinServerErrorCode, message: string, options?: {
29
+ readonly cause?: unknown;
30
+ readonly hint?: string;
31
+ });
32
+ }
33
+ /** @stable */
34
+ declare class ConfigInvalidError extends GraphorinServerError {
35
+ readonly issues: ReadonlyArray<{
36
+ readonly path: ReadonlyArray<string | number>;
37
+ readonly message: string;
38
+ }>;
39
+ constructor(issues: ReadonlyArray<{
40
+ readonly path: ReadonlyArray<string | number>;
41
+ readonly message: string;
42
+ }>, cause?: unknown);
43
+ }
44
+ /** @stable */
45
+ declare class PrebindPepperMissingError extends GraphorinServerError {
46
+ constructor();
47
+ }
48
+ /** @stable */
49
+ declare class PrebindSecretUnresolvableError extends GraphorinServerError {
50
+ readonly path: ReadonlyArray<string | number>;
51
+ readonly raw: string;
52
+ constructor(path: ReadonlyArray<string | number>, raw: string, cause?: unknown);
53
+ }
54
+ /** @stable */
55
+ declare class PrebindEncryptionPeerMissingError extends GraphorinServerError {
56
+ constructor(cause?: unknown);
57
+ }
58
+ /** @stable */
59
+ declare class PrebindEncryptionRequiredError extends GraphorinServerError {
60
+ constructor(reason: string);
61
+ }
62
+ /** @stable */
63
+ declare class MigrationFailedError extends GraphorinServerError {
64
+ constructor(message: string, cause?: unknown);
65
+ }
66
+ /** @stable */
67
+ declare class ShutdownTimeoutError extends GraphorinServerError {
68
+ readonly drainTimeoutMs: number;
69
+ readonly inflight: number;
70
+ constructor(drainTimeoutMs: number, inflight: number);
71
+ }
72
+ /** @stable */
73
+ declare class IdempotencyConflictError extends GraphorinServerError {
74
+ constructor(key: string);
75
+ }
76
+ /** @stable */
77
+ declare class IdempotencyKeyRequiredError extends GraphorinServerError {
78
+ constructor();
79
+ }
80
+ /** @stable */
81
+ declare class LifecycleDoubleStartError extends GraphorinServerError {
82
+ constructor();
83
+ }
84
+ /** @stable */
85
+ declare class LifecycleNotStartedError extends GraphorinServerError {
86
+ constructor();
87
+ }
88
+ /** @stable */
89
+ declare class RouteHandlerMissingError extends GraphorinServerError {
90
+ readonly id: string;
91
+ readonly kind_: 'agent' | 'workflow';
92
+ constructor(kind: 'agent' | 'workflow', id: string);
93
+ }
94
+ /** @stable */
95
+ declare class AgentNotFoundError extends RouteHandlerMissingError {
96
+ constructor(id: string);
97
+ }
98
+ /** @stable */
99
+ declare class WorkflowNotFoundError extends RouteHandlerMissingError {
100
+ constructor(id: string);
101
+ }
102
+ //#endregion
103
+ export { AgentNotFoundError, ConfigInvalidError, GraphorinServerError, GraphorinServerErrorCode, IdempotencyConflictError, IdempotencyKeyRequiredError, LifecycleDoubleStartError, LifecycleNotStartedError, MigrationFailedError, PrebindEncryptionPeerMissingError, PrebindEncryptionRequiredError, PrebindPepperMissingError, PrebindSecretUnresolvableError, RouteHandlerMissingError, ShutdownTimeoutError, WorkflowNotFoundError };
104
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","names":[],"sources":["../../src/errors/index.ts"],"sourcesContent":[],"mappings":";;AAiBA;AAmCA;;;;;AAoBA;;;;;;;AAsBA;AAaA;AACiB,KA3FL,wBAAA,GA2FK,gBAAA,GAAA,yBAAA,GAAA,8BAAA,GAAA,kCAAA,GAAA,8BAAA,GAAA,kBAAA,GAAA,kBAAA,GAAA,sBAAA,GAAA,0BAAA,GAAA,eAAA,GAAA,cAAA,GAAA,cAAA,GAAA,cAAA,GAAA,iBAAA,GAAA,iBAAA,GAAA,cAAA,GAAA,aAAA,GAAA,aAAA,GAAA,qBAAA,GAAA,uBAAA,GAAA,iBAAA,GAAA,oBAAA,GAAA,mBAAA,GAAA,eAAA,GAAA,aAAA,GAAA,wBAAA,GAAA,uBAAA;;;;AAkBjB;AAcA;AASA;AAUa,cA3GA,oBAAA,SAA6B,KAAA,CA2GA;EAkB7B,SAAA,IAAA,EA5HI,wBA4H6B;EAajC,SAAA,IAAA,CAAA,EAAA,MAAA;EAaA,WAAA,CAAA,IAAA,EAlJH,wBAkJqC,EAAA,OAAA,EAAA,MAAA,EAAoB,OAgCtD,CAhCsD,EAAA;IAStD,SAAA,KAAA,CAAA,EAAA,OAAyB;IASzB,SAAA,IAAA,CAAA,EAAA,MAAA;EAcA,CAAA;AAOb;;cA1Ka,kBAAA,SAA2B,oBAAA;mBACrB;mBACA;;;sBAKP;mBACS;;;;;cAcR,yBAAA,SAAkC,oBAAA;;;;cAalC,8BAAA,SAAuC,oBAAA;iBACnC;;oBAGG;;;cAeP,iCAAA,SAA0C,oBAAA;;;;cAc1C,8BAAA,SAAuC,oBAAA;;;;cASvC,oBAAA,SAA6B,oBAAA;;;;cAU7B,oBAAA,SAA6B,oBAAA;;;;;;cAkB7B,wBAAA,SAAiC,oBAAA;;;;cAajC,2BAAA,SAAoC,oBAAA;;;;cAapC,yBAAA,SAAkC,oBAAA;;;;cASlC,wBAAA,SAAiC,oBAAA;;;;cASjC,wBAAA,SAAiC,oBAAA;;;;;;cAcjC,kBAAA,SAA2B,wBAAA;;;;cAO3B,qBAAA,SAA8B,wBAAA"}
@@ -0,0 +1,131 @@
1
+ //#region src/errors/index.ts
2
+ /**
3
+ * Base error class. Every server-emitted typed error inherits from
4
+ * here so middleware can pattern-match a single union.
5
+ *
6
+ * @stable
7
+ */
8
+ var GraphorinServerError = class extends Error {
9
+ kind;
10
+ hint;
11
+ constructor(kind, message, options) {
12
+ super(message, options !== void 0 && options.cause !== void 0 ? { cause: options.cause } : void 0);
13
+ this.name = this.constructor.name;
14
+ this.kind = kind;
15
+ if (options?.hint !== void 0) this.hint = options.hint;
16
+ }
17
+ };
18
+ /** @stable */
19
+ var ConfigInvalidError = class extends GraphorinServerError {
20
+ issues;
21
+ constructor(issues, cause) {
22
+ super("config-invalid", `graphorin.config invalid: ${issues.length} issue(s)`, {
23
+ hint: "Inspect the issues array; each entry pinpoints the offending path.",
24
+ ...cause !== void 0 ? { cause } : {}
25
+ });
26
+ this.issues = Object.freeze(issues.slice());
27
+ }
28
+ };
29
+ /** @stable */
30
+ var PrebindPepperMissingError = class extends GraphorinServerError {
31
+ constructor() {
32
+ super("pre-bind-pepper-missing", "auth.pepper SecretRef did not resolve to a non-empty pepper.", { hint: "Run `graphorin doctor --check-secrets` (Phase 15) and verify the configured SecretRef." });
33
+ }
34
+ };
35
+ /** @stable */
36
+ var PrebindSecretUnresolvableError = class extends GraphorinServerError {
37
+ path;
38
+ raw;
39
+ constructor(path, raw, cause) {
40
+ super("pre-bind-secret-unresolvable", `Could not resolve SecretRef '${raw}' at config path ${path.join(".")}`, {
41
+ hint: "Run `graphorin doctor --check-secrets` (Phase 15) and verify the configured SecretRef.",
42
+ ...cause !== void 0 ? { cause } : {}
43
+ });
44
+ this.path = Object.freeze(path.slice());
45
+ this.raw = raw;
46
+ }
47
+ };
48
+ /** @stable */
49
+ var PrebindEncryptionPeerMissingError = class extends GraphorinServerError {
50
+ constructor(cause) {
51
+ super("pre-bind-encryption-peer-missing", "storage.encryption.enabled = true but the cipher peer is not installed.", {
52
+ hint: "Install the 'better-sqlite3-multiple-ciphers' peer (or set storage.encryption.enabled = false).",
53
+ ...cause !== void 0 ? { cause } : {}
54
+ });
55
+ }
56
+ };
57
+ /** @stable */
58
+ var PrebindEncryptionRequiredError = class extends GraphorinServerError {
59
+ constructor(reason) {
60
+ super("pre-bind-encryption-required", reason, { hint: "Audit logs are mandatory-encrypted (DEC-124); enable storage.encryption or supply audit.encryption explicitly." });
61
+ }
62
+ };
63
+ /** @stable */
64
+ var MigrationFailedError = class extends GraphorinServerError {
65
+ constructor(message, cause) {
66
+ super("migration-failed", message, {
67
+ hint: "Inspect the underlying SQLite error and re-run `graphorin migrate`.",
68
+ ...cause !== void 0 ? { cause } : {}
69
+ });
70
+ }
71
+ };
72
+ /** @stable */
73
+ var ShutdownTimeoutError = class extends GraphorinServerError {
74
+ drainTimeoutMs;
75
+ inflight;
76
+ constructor(drainTimeoutMs, inflight) {
77
+ super("shutdown-timeout", `Drain timed out after ${drainTimeoutMs}ms with ${inflight} request(s) still in flight.`, { hint: "Increase server.shutdown.drainTimeoutMs or fix slow handlers." });
78
+ this.drainTimeoutMs = drainTimeoutMs;
79
+ this.inflight = inflight;
80
+ }
81
+ };
82
+ /** @stable */
83
+ var IdempotencyConflictError = class extends GraphorinServerError {
84
+ constructor(key) {
85
+ super("idempotency-conflict", `Idempotency-Key '${key}' was previously used with a different request body.`, { hint: "Generate a fresh Idempotency-Key for the new payload." });
86
+ }
87
+ };
88
+ /** @stable */
89
+ var IdempotencyKeyRequiredError = class extends GraphorinServerError {
90
+ constructor() {
91
+ super("idempotency-key-required", "Side-effecting endpoint requires an Idempotency-Key header.", { hint: "Set 'Idempotency-Key: <uuid>' on the request, or relax server.idempotency.requireKey to 'warn'." });
92
+ }
93
+ };
94
+ /** @stable */
95
+ var LifecycleDoubleStartError = class extends GraphorinServerError {
96
+ constructor() {
97
+ super("lifecycle-double-start", "Server.start() invoked while the server is already started.", { hint: "Call stop() before re-starting the server." });
98
+ }
99
+ };
100
+ /** @stable */
101
+ var LifecycleNotStartedError = class extends GraphorinServerError {
102
+ constructor() {
103
+ super("lifecycle-not-started", "Server.stop() invoked before start() resolved.", { hint: "Await start() before calling stop()." });
104
+ }
105
+ };
106
+ /** @stable */
107
+ var RouteHandlerMissingError = class extends GraphorinServerError {
108
+ id;
109
+ kind_;
110
+ constructor(kind, id) {
111
+ super("route-handler-missing", `No ${kind} registered with id '${id}'.`, { hint: `Register the ${kind} via createServer({ ${kind}s: { ... } }) or the AgentRegistry / WorkflowRegistry surface.` });
112
+ this.id = id;
113
+ this.kind_ = kind;
114
+ }
115
+ };
116
+ /** @stable */
117
+ var AgentNotFoundError = class extends RouteHandlerMissingError {
118
+ constructor(id) {
119
+ super("agent", id);
120
+ }
121
+ };
122
+ /** @stable */
123
+ var WorkflowNotFoundError = class extends RouteHandlerMissingError {
124
+ constructor(id) {
125
+ super("workflow", id);
126
+ }
127
+ };
128
+
129
+ //#endregion
130
+ export { AgentNotFoundError, ConfigInvalidError, GraphorinServerError, IdempotencyConflictError, IdempotencyKeyRequiredError, LifecycleDoubleStartError, LifecycleNotStartedError, MigrationFailedError, PrebindEncryptionPeerMissingError, PrebindEncryptionRequiredError, PrebindPepperMissingError, PrebindSecretUnresolvableError, RouteHandlerMissingError, ShutdownTimeoutError, WorkflowNotFoundError };
131
+ //# sourceMappingURL=index.js.map