@graphorin/server 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (204) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/LICENSE +21 -0
  3. package/README.md +116 -0
  4. package/dist/app.d.ts +174 -0
  5. package/dist/app.d.ts.map +1 -0
  6. package/dist/app.js +684 -0
  7. package/dist/app.js.map +1 -0
  8. package/dist/commentary/audit-bridge.d.ts +57 -0
  9. package/dist/commentary/audit-bridge.d.ts.map +1 -0
  10. package/dist/commentary/audit-bridge.js +92 -0
  11. package/dist/commentary/audit-bridge.js.map +1 -0
  12. package/dist/commentary/built-in-patterns.d.ts +24 -0
  13. package/dist/commentary/built-in-patterns.d.ts.map +1 -0
  14. package/dist/commentary/built-in-patterns.js +62 -0
  15. package/dist/commentary/built-in-patterns.js.map +1 -0
  16. package/dist/commentary/index.d.ts +5 -0
  17. package/dist/commentary/index.js +5 -0
  18. package/dist/commentary/sanitizer.d.ts +37 -0
  19. package/dist/commentary/sanitizer.d.ts.map +1 -0
  20. package/dist/commentary/sanitizer.js +182 -0
  21. package/dist/commentary/sanitizer.js.map +1 -0
  22. package/dist/commentary/types.d.ts +120 -0
  23. package/dist/commentary/types.d.ts.map +1 -0
  24. package/dist/config.d.ts +760 -0
  25. package/dist/config.d.ts.map +1 -0
  26. package/dist/config.js +217 -0
  27. package/dist/config.js.map +1 -0
  28. package/dist/consolidator/daemon.d.ts +88 -0
  29. package/dist/consolidator/daemon.d.ts.map +1 -0
  30. package/dist/consolidator/daemon.js +54 -0
  31. package/dist/consolidator/daemon.js.map +1 -0
  32. package/dist/consolidator/index.d.ts +2 -0
  33. package/dist/consolidator/index.js +3 -0
  34. package/dist/errors/index.d.ts +104 -0
  35. package/dist/errors/index.d.ts.map +1 -0
  36. package/dist/errors/index.js +131 -0
  37. package/dist/errors/index.js.map +1 -0
  38. package/dist/health/checks.d.ts +120 -0
  39. package/dist/health/checks.d.ts.map +1 -0
  40. package/dist/health/checks.js +127 -0
  41. package/dist/health/checks.js.map +1 -0
  42. package/dist/health/index.d.ts +3 -0
  43. package/dist/health/index.js +4 -0
  44. package/dist/health/routes.d.ts +66 -0
  45. package/dist/health/routes.d.ts.map +1 -0
  46. package/dist/health/routes.js +96 -0
  47. package/dist/health/routes.js.map +1 -0
  48. package/dist/index.d.ts +88 -0
  49. package/dist/index.d.ts.map +1 -0
  50. package/dist/index.js +86 -0
  51. package/dist/index.js.map +1 -0
  52. package/dist/internal/context.d.ts +66 -0
  53. package/dist/internal/context.d.ts.map +1 -0
  54. package/dist/internal/ids.js +21 -0
  55. package/dist/internal/ids.js.map +1 -0
  56. package/dist/internal/json.js +46 -0
  57. package/dist/internal/json.js.map +1 -0
  58. package/dist/lifecycle/hooks.d.ts +57 -0
  59. package/dist/lifecycle/hooks.d.ts.map +1 -0
  60. package/dist/lifecycle/index.d.ts +2 -0
  61. package/dist/lifecycle/index.js +3 -0
  62. package/dist/lifecycle/pre-bind.d.ts +38 -0
  63. package/dist/lifecycle/pre-bind.d.ts.map +1 -0
  64. package/dist/lifecycle/pre-bind.js +62 -0
  65. package/dist/lifecycle/pre-bind.js.map +1 -0
  66. package/dist/metrics/catalog.d.ts +34 -0
  67. package/dist/metrics/catalog.d.ts.map +1 -0
  68. package/dist/metrics/catalog.js +61 -0
  69. package/dist/metrics/catalog.js.map +1 -0
  70. package/dist/metrics/index.d.ts +3 -0
  71. package/dist/metrics/index.js +4 -0
  72. package/dist/metrics/registry.d.ts +63 -0
  73. package/dist/metrics/registry.d.ts.map +1 -0
  74. package/dist/metrics/registry.js +222 -0
  75. package/dist/metrics/registry.js.map +1 -0
  76. package/dist/middleware/audit.d.ts +47 -0
  77. package/dist/middleware/audit.d.ts.map +1 -0
  78. package/dist/middleware/audit.js +71 -0
  79. package/dist/middleware/audit.js.map +1 -0
  80. package/dist/middleware/auth.d.ts +50 -0
  81. package/dist/middleware/auth.d.ts.map +1 -0
  82. package/dist/middleware/auth.js +164 -0
  83. package/dist/middleware/auth.js.map +1 -0
  84. package/dist/middleware/cors.d.ts +15 -0
  85. package/dist/middleware/cors.d.ts.map +1 -0
  86. package/dist/middleware/cors.js +45 -0
  87. package/dist/middleware/cors.js.map +1 -0
  88. package/dist/middleware/csrf.d.ts +15 -0
  89. package/dist/middleware/csrf.d.ts.map +1 -0
  90. package/dist/middleware/csrf.js +77 -0
  91. package/dist/middleware/csrf.js.map +1 -0
  92. package/dist/middleware/idempotency.d.ts +41 -0
  93. package/dist/middleware/idempotency.d.ts.map +1 -0
  94. package/dist/middleware/idempotency.js +198 -0
  95. package/dist/middleware/idempotency.js.map +1 -0
  96. package/dist/middleware/index.d.ts +9 -0
  97. package/dist/middleware/index.js +10 -0
  98. package/dist/middleware/rate-limit.d.ts +17 -0
  99. package/dist/middleware/rate-limit.d.ts.map +1 -0
  100. package/dist/middleware/rate-limit.js +47 -0
  101. package/dist/middleware/rate-limit.js.map +1 -0
  102. package/dist/middleware/request-state.d.ts +27 -0
  103. package/dist/middleware/request-state.d.ts.map +1 -0
  104. package/dist/middleware/request-state.js +42 -0
  105. package/dist/middleware/request-state.js.map +1 -0
  106. package/dist/middleware/scope.d.ts +24 -0
  107. package/dist/middleware/scope.d.ts.map +1 -0
  108. package/dist/middleware/scope.js +50 -0
  109. package/dist/middleware/scope.js.map +1 -0
  110. package/dist/registry/index.d.ts +135 -0
  111. package/dist/registry/index.d.ts.map +1 -0
  112. package/dist/registry/index.js +96 -0
  113. package/dist/registry/index.js.map +1 -0
  114. package/dist/replay/index.d.ts +2 -0
  115. package/dist/replay/index.js +3 -0
  116. package/dist/replay/routes.d.ts +46 -0
  117. package/dist/replay/routes.d.ts.map +1 -0
  118. package/dist/replay/routes.js +189 -0
  119. package/dist/replay/routes.js.map +1 -0
  120. package/dist/routes/agents.d.ts +41 -0
  121. package/dist/routes/agents.d.ts.map +1 -0
  122. package/dist/routes/agents.js +213 -0
  123. package/dist/routes/agents.js.map +1 -0
  124. package/dist/routes/audit.d.ts +57 -0
  125. package/dist/routes/audit.d.ts.map +1 -0
  126. package/dist/routes/audit.js +116 -0
  127. package/dist/routes/audit.js.map +1 -0
  128. package/dist/routes/auth.d.ts +26 -0
  129. package/dist/routes/auth.d.ts.map +1 -0
  130. package/dist/routes/auth.js +54 -0
  131. package/dist/routes/auth.js.map +1 -0
  132. package/dist/routes/health.d.ts +22 -0
  133. package/dist/routes/health.d.ts.map +1 -0
  134. package/dist/routes/health.js +33 -0
  135. package/dist/routes/health.js.map +1 -0
  136. package/dist/routes/index.d.ts +10 -0
  137. package/dist/routes/index.js +12 -0
  138. package/dist/routes/mcp.d.ts +32 -0
  139. package/dist/routes/mcp.d.ts.map +1 -0
  140. package/dist/routes/mcp.js +61 -0
  141. package/dist/routes/mcp.js.map +1 -0
  142. package/dist/routes/memory.d.ts +141 -0
  143. package/dist/routes/memory.d.ts.map +1 -0
  144. package/dist/routes/memory.js +102 -0
  145. package/dist/routes/memory.js.map +1 -0
  146. package/dist/routes/sessions.d.ts +54 -0
  147. package/dist/routes/sessions.d.ts.map +1 -0
  148. package/dist/routes/sessions.js +135 -0
  149. package/dist/routes/sessions.js.map +1 -0
  150. package/dist/routes/skills.d.ts +34 -0
  151. package/dist/routes/skills.d.ts.map +1 -0
  152. package/dist/routes/skills.js +54 -0
  153. package/dist/routes/skills.js.map +1 -0
  154. package/dist/routes/tokens.d.ts +25 -0
  155. package/dist/routes/tokens.d.ts.map +1 -0
  156. package/dist/routes/tokens.js +87 -0
  157. package/dist/routes/tokens.js.map +1 -0
  158. package/dist/routes/workflows.d.ts +27 -0
  159. package/dist/routes/workflows.d.ts.map +1 -0
  160. package/dist/routes/workflows.js +220 -0
  161. package/dist/routes/workflows.js.map +1 -0
  162. package/dist/runtime/run-state.d.ts +158 -0
  163. package/dist/runtime/run-state.d.ts.map +1 -0
  164. package/dist/runtime/run-state.js +182 -0
  165. package/dist/runtime/run-state.js.map +1 -0
  166. package/dist/sse/events.d.ts +44 -0
  167. package/dist/sse/events.d.ts.map +1 -0
  168. package/dist/sse/events.js +200 -0
  169. package/dist/sse/events.js.map +1 -0
  170. package/dist/sse/index.d.ts +2 -0
  171. package/dist/sse/index.js +3 -0
  172. package/dist/triggers/daemon.d.ts +74 -0
  173. package/dist/triggers/daemon.d.ts.map +1 -0
  174. package/dist/triggers/daemon.js +114 -0
  175. package/dist/triggers/daemon.js.map +1 -0
  176. package/dist/triggers/index.d.ts +3 -0
  177. package/dist/triggers/index.js +4 -0
  178. package/dist/triggers/routes.d.ts +21 -0
  179. package/dist/triggers/routes.d.ts.map +1 -0
  180. package/dist/triggers/routes.js +117 -0
  181. package/dist/triggers/routes.js.map +1 -0
  182. package/dist/ws/dispatcher.d.ts +169 -0
  183. package/dist/ws/dispatcher.d.ts.map +1 -0
  184. package/dist/ws/dispatcher.js +303 -0
  185. package/dist/ws/dispatcher.js.map +1 -0
  186. package/dist/ws/index.d.ts +6 -0
  187. package/dist/ws/index.js +7 -0
  188. package/dist/ws/replay-buffer.d.ts +47 -0
  189. package/dist/ws/replay-buffer.d.ts.map +1 -0
  190. package/dist/ws/replay-buffer.js +88 -0
  191. package/dist/ws/replay-buffer.js.map +1 -0
  192. package/dist/ws/subjects.d.ts +71 -0
  193. package/dist/ws/subjects.d.ts.map +1 -0
  194. package/dist/ws/subjects.js +112 -0
  195. package/dist/ws/subjects.js.map +1 -0
  196. package/dist/ws/ticket.d.ts +74 -0
  197. package/dist/ws/ticket.d.ts.map +1 -0
  198. package/dist/ws/ticket.js +112 -0
  199. package/dist/ws/ticket.js.map +1 -0
  200. package/dist/ws/upgrade.d.ts +63 -0
  201. package/dist/ws/upgrade.d.ts.map +1 -0
  202. package/dist/ws/upgrade.js +324 -0
  203. package/dist/ws/upgrade.js.map +1 -0
  204. package/package.json +156 -0
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","names":[],"sources":["../../src/errors/index.ts"],"sourcesContent":["/**\n * Typed error surface for `@graphorin/server`. Every server-side\n * configuration / lifecycle / runtime failure that an operator must\n * be able to reason about flows through one of the classes in this\n * module so it carries a stable `kind` discriminator + `hint` field\n * pointing the operator at the next remediation step.\n *\n * @packageDocumentation\n */\n\n/**\n * Stable string discriminator for {@link GraphorinServerError}. Each\n * value maps to a single failure scenario; never reuse a value for a\n * different cause.\n *\n * @stable\n */\nexport type GraphorinServerErrorCode =\n | 'config-invalid'\n | 'pre-bind-pepper-missing'\n | 'pre-bind-secret-unresolvable'\n | 'pre-bind-encryption-peer-missing'\n | 'pre-bind-encryption-required'\n | 'migration-failed'\n | 'shutdown-timeout'\n | 'idempotency-conflict'\n | 'idempotency-key-required'\n | 'auth-required'\n | 'auth-invalid'\n | 'auth-revoked'\n | 'auth-expired'\n | 'auth-locked-out'\n | 'auth-overloaded'\n | 'scope-denied'\n | 'csrf-denied'\n | 'cors-denied'\n | 'rate-limit-exceeded'\n | 'route-handler-missing'\n | 'agent-not-found'\n | 'workflow-not-found'\n | 'session-not-found'\n | 'run-not-found'\n | 'run-aborted'\n | 'lifecycle-double-start'\n | 'lifecycle-not-started';\n\n/**\n * Base error class. Every server-emitted typed error inherits from\n * here so middleware can pattern-match a single union.\n *\n * @stable\n */\nexport class GraphorinServerError extends Error {\n readonly kind: GraphorinServerErrorCode;\n readonly hint?: string;\n\n constructor(\n kind: GraphorinServerErrorCode,\n message: string,\n options?: { readonly cause?: unknown; readonly hint?: string },\n ) {\n super(\n message,\n options !== undefined && options.cause !== undefined ? { cause: options.cause } : undefined,\n );\n this.name = this.constructor.name;\n this.kind = kind;\n if (options?.hint !== undefined) this.hint = options.hint;\n }\n}\n\n/** @stable */\nexport class ConfigInvalidError extends GraphorinServerError {\n readonly issues: ReadonlyArray<{\n readonly path: ReadonlyArray<string | number>;\n readonly message: string;\n }>;\n\n constructor(\n issues: ReadonlyArray<{\n readonly path: ReadonlyArray<string | number>;\n readonly message: string;\n }>,\n cause?: unknown,\n ) {\n super('config-invalid', `graphorin.config invalid: ${issues.length} issue(s)`, {\n hint: 'Inspect the issues array; each entry pinpoints the offending path.',\n ...(cause !== undefined ? { cause } : {}),\n });\n this.issues = Object.freeze(issues.slice());\n }\n}\n\n/** @stable */\nexport class PrebindPepperMissingError extends GraphorinServerError {\n constructor() {\n super(\n 'pre-bind-pepper-missing',\n 'auth.pepper SecretRef did not resolve to a non-empty pepper.',\n {\n hint: 'Run `graphorin doctor --check-secrets` (Phase 15) and verify the configured SecretRef.',\n },\n );\n }\n}\n\n/** @stable */\nexport class PrebindSecretUnresolvableError extends GraphorinServerError {\n readonly path: ReadonlyArray<string | number>;\n readonly raw: string;\n\n constructor(path: ReadonlyArray<string | number>, raw: string, cause?: unknown) {\n super(\n 'pre-bind-secret-unresolvable',\n `Could not resolve SecretRef '${raw}' at config path ${path.join('.')}`,\n {\n hint: 'Run `graphorin doctor --check-secrets` (Phase 15) and verify the configured SecretRef.',\n ...(cause !== undefined ? { cause } : {}),\n },\n );\n this.path = Object.freeze(path.slice());\n this.raw = raw;\n }\n}\n\n/** @stable */\nexport class PrebindEncryptionPeerMissingError extends GraphorinServerError {\n constructor(cause?: unknown) {\n super(\n 'pre-bind-encryption-peer-missing',\n 'storage.encryption.enabled = true but the cipher peer is not installed.',\n {\n hint: \"Install the 'better-sqlite3-multiple-ciphers' peer (or set storage.encryption.enabled = false).\",\n ...(cause !== undefined ? { cause } : {}),\n },\n );\n }\n}\n\n/** @stable */\nexport class PrebindEncryptionRequiredError extends GraphorinServerError {\n constructor(reason: string) {\n super('pre-bind-encryption-required', reason, {\n hint: 'Audit logs are mandatory-encrypted (DEC-124); enable storage.encryption or supply audit.encryption explicitly.',\n });\n }\n}\n\n/** @stable */\nexport class MigrationFailedError extends GraphorinServerError {\n constructor(message: string, cause?: unknown) {\n super('migration-failed', message, {\n hint: 'Inspect the underlying SQLite error and re-run `graphorin migrate`.',\n ...(cause !== undefined ? { cause } : {}),\n });\n }\n}\n\n/** @stable */\nexport class ShutdownTimeoutError extends GraphorinServerError {\n readonly drainTimeoutMs: number;\n readonly inflight: number;\n\n constructor(drainTimeoutMs: number, inflight: number) {\n super(\n 'shutdown-timeout',\n `Drain timed out after ${drainTimeoutMs}ms with ${inflight} request(s) still in flight.`,\n {\n hint: 'Increase server.shutdown.drainTimeoutMs or fix slow handlers.',\n },\n );\n this.drainTimeoutMs = drainTimeoutMs;\n this.inflight = inflight;\n }\n}\n\n/** @stable */\nexport class IdempotencyConflictError extends GraphorinServerError {\n constructor(key: string) {\n super(\n 'idempotency-conflict',\n `Idempotency-Key '${key}' was previously used with a different request body.`,\n {\n hint: 'Generate a fresh Idempotency-Key for the new payload.',\n },\n );\n }\n}\n\n/** @stable */\nexport class IdempotencyKeyRequiredError extends GraphorinServerError {\n constructor() {\n super(\n 'idempotency-key-required',\n 'Side-effecting endpoint requires an Idempotency-Key header.',\n {\n hint: \"Set 'Idempotency-Key: <uuid>' on the request, or relax server.idempotency.requireKey to 'warn'.\",\n },\n );\n }\n}\n\n/** @stable */\nexport class LifecycleDoubleStartError extends GraphorinServerError {\n constructor() {\n super('lifecycle-double-start', 'Server.start() invoked while the server is already started.', {\n hint: 'Call stop() before re-starting the server.',\n });\n }\n}\n\n/** @stable */\nexport class LifecycleNotStartedError extends GraphorinServerError {\n constructor() {\n super('lifecycle-not-started', 'Server.stop() invoked before start() resolved.', {\n hint: 'Await start() before calling stop().',\n });\n }\n}\n\n/** @stable */\nexport class RouteHandlerMissingError extends GraphorinServerError {\n readonly id: string;\n readonly kind_: 'agent' | 'workflow';\n\n constructor(kind: 'agent' | 'workflow', id: string) {\n super('route-handler-missing', `No ${kind} registered with id '${id}'.`, {\n hint: `Register the ${kind} via createServer({ ${kind}s: { ... } }) or the AgentRegistry / WorkflowRegistry surface.`,\n });\n this.id = id;\n this.kind_ = kind;\n }\n}\n\n/** @stable */\nexport class AgentNotFoundError extends RouteHandlerMissingError {\n constructor(id: string) {\n super('agent', id);\n }\n}\n\n/** @stable */\nexport class WorkflowNotFoundError extends RouteHandlerMissingError {\n constructor(id: string) {\n super('workflow', id);\n }\n}\n"],"mappings":";;;;;;;AAoDA,IAAa,uBAAb,cAA0C,MAAM;CAC9C,AAAS;CACT,AAAS;CAET,YACE,MACA,SACA,SACA;AACA,QACE,SACA,YAAY,UAAa,QAAQ,UAAU,SAAY,EAAE,OAAO,QAAQ,OAAO,GAAG,OACnF;AACD,OAAK,OAAO,KAAK,YAAY;AAC7B,OAAK,OAAO;AACZ,MAAI,SAAS,SAAS,OAAW,MAAK,OAAO,QAAQ;;;;AAKzD,IAAa,qBAAb,cAAwC,qBAAqB;CAC3D,AAAS;CAKT,YACE,QAIA,OACA;AACA,QAAM,kBAAkB,6BAA6B,OAAO,OAAO,YAAY;GAC7E,MAAM;GACN,GAAI,UAAU,SAAY,EAAE,OAAO,GAAG,EAAE;GACzC,CAAC;AACF,OAAK,SAAS,OAAO,OAAO,OAAO,OAAO,CAAC;;;;AAK/C,IAAa,4BAAb,cAA+C,qBAAqB;CAClE,cAAc;AACZ,QACE,2BACA,gEACA,EACE,MAAM,0FACP,CACF;;;;AAKL,IAAa,iCAAb,cAAoD,qBAAqB;CACvE,AAAS;CACT,AAAS;CAET,YAAY,MAAsC,KAAa,OAAiB;AAC9E,QACE,gCACA,gCAAgC,IAAI,mBAAmB,KAAK,KAAK,IAAI,IACrE;GACE,MAAM;GACN,GAAI,UAAU,SAAY,EAAE,OAAO,GAAG,EAAE;GACzC,CACF;AACD,OAAK,OAAO,OAAO,OAAO,KAAK,OAAO,CAAC;AACvC,OAAK,MAAM;;;;AAKf,IAAa,oCAAb,cAAuD,qBAAqB;CAC1E,YAAY,OAAiB;AAC3B,QACE,oCACA,2EACA;GACE,MAAM;GACN,GAAI,UAAU,SAAY,EAAE,OAAO,GAAG,EAAE;GACzC,CACF;;;;AAKL,IAAa,iCAAb,cAAoD,qBAAqB;CACvE,YAAY,QAAgB;AAC1B,QAAM,gCAAgC,QAAQ,EAC5C,MAAM,kHACP,CAAC;;;;AAKN,IAAa,uBAAb,cAA0C,qBAAqB;CAC7D,YAAY,SAAiB,OAAiB;AAC5C,QAAM,oBAAoB,SAAS;GACjC,MAAM;GACN,GAAI,UAAU,SAAY,EAAE,OAAO,GAAG,EAAE;GACzC,CAAC;;;;AAKN,IAAa,uBAAb,cAA0C,qBAAqB;CAC7D,AAAS;CACT,AAAS;CAET,YAAY,gBAAwB,UAAkB;AACpD,QACE,oBACA,yBAAyB,eAAe,UAAU,SAAS,+BAC3D,EACE,MAAM,iEACP,CACF;AACD,OAAK,iBAAiB;AACtB,OAAK,WAAW;;;;AAKpB,IAAa,2BAAb,cAA8C,qBAAqB;CACjE,YAAY,KAAa;AACvB,QACE,wBACA,oBAAoB,IAAI,uDACxB,EACE,MAAM,yDACP,CACF;;;;AAKL,IAAa,8BAAb,cAAiD,qBAAqB;CACpE,cAAc;AACZ,QACE,4BACA,+DACA,EACE,MAAM,mGACP,CACF;;;;AAKL,IAAa,4BAAb,cAA+C,qBAAqB;CAClE,cAAc;AACZ,QAAM,0BAA0B,+DAA+D,EAC7F,MAAM,8CACP,CAAC;;;;AAKN,IAAa,2BAAb,cAA8C,qBAAqB;CACjE,cAAc;AACZ,QAAM,yBAAyB,kDAAkD,EAC/E,MAAM,wCACP,CAAC;;;;AAKN,IAAa,2BAAb,cAA8C,qBAAqB;CACjE,AAAS;CACT,AAAS;CAET,YAAY,MAA4B,IAAY;AAClD,QAAM,yBAAyB,MAAM,KAAK,uBAAuB,GAAG,KAAK,EACvE,MAAM,gBAAgB,KAAK,sBAAsB,KAAK,iEACvD,CAAC;AACF,OAAK,KAAK;AACV,OAAK,QAAQ;;;;AAKjB,IAAa,qBAAb,cAAwC,yBAAyB;CAC/D,YAAY,IAAY;AACtB,QAAM,SAAS,GAAG;;;;AAKtB,IAAa,wBAAb,cAA2C,yBAAyB;CAClE,YAAY,IAAY;AACtB,QAAM,YAAY,GAAG"}
@@ -0,0 +1,120 @@
1
+ import { ConsolidatorDaemon } from "../consolidator/daemon.js";
2
+ import { TriggersDaemon } from "../triggers/daemon.js";
3
+ import { GraphorinSqliteStore } from "@graphorin/store-sqlite";
4
+
5
+ //#region src/health/checks.d.ts
6
+
7
+ /** @stable */
8
+ interface ReplayBufferProbe {
9
+ /** Total events buffered across all subjects. Aggregated by the caller. */
10
+ readonly eventsBuffered: number;
11
+ readonly subscribers?: number;
12
+ readonly subscriptions?: number;
13
+ }
14
+ /** @stable */
15
+ type HealthStatus = 'ok' | 'warn' | 'fail';
16
+ /** @stable */
17
+ type HealthRollup = 'ok' | 'degraded' | 'failing';
18
+ /**
19
+ * Common discriminator carried on every per-subsystem check entry.
20
+ * Concrete shapes extend this with subsystem-specific fields per the
21
+ * documented contract.
22
+ *
23
+ * @stable
24
+ */
25
+ interface BaseHealthCheck {
26
+ readonly status: HealthStatus;
27
+ readonly message?: string;
28
+ }
29
+ /** @stable */
30
+ interface StorageCheck extends BaseHealthCheck {
31
+ readonly walSizeBytes: number;
32
+ readonly warnThresholdBytes: number;
33
+ readonly lastCheckpointAt?: string;
34
+ }
35
+ /** @stable */
36
+ interface EmbedderCheck extends BaseHealthCheck {
37
+ readonly modelLoaded: boolean;
38
+ readonly model?: string;
39
+ }
40
+ /** @stable */
41
+ interface SecretsCheck extends BaseHealthCheck {
42
+ readonly activeStore: string;
43
+ }
44
+ /** @stable */
45
+ interface EncryptionCheck extends BaseHealthCheck {
46
+ readonly enabled: boolean;
47
+ readonly peerDepInstalled: boolean;
48
+ }
49
+ /** @stable */
50
+ interface ConsolidatorCheck extends BaseHealthCheck {
51
+ readonly tier: string;
52
+ readonly running: boolean;
53
+ readonly paused: boolean;
54
+ readonly queueDepth: number;
55
+ readonly dlqSize: number;
56
+ readonly budgetRemaining: {
57
+ readonly tokens: number;
58
+ readonly costUsd: number;
59
+ };
60
+ }
61
+ /** @stable */
62
+ interface TriggersCheck extends BaseHealthCheck {
63
+ readonly running: boolean;
64
+ readonly active: number;
65
+ readonly disabled: number;
66
+ readonly deferred: number;
67
+ readonly lastFireAt?: string;
68
+ }
69
+ /** @stable */
70
+ interface ReplayBufferCheck extends BaseHealthCheck {
71
+ readonly eventsBuffered: number;
72
+ readonly subscribers?: number;
73
+ readonly subscriptions?: number;
74
+ }
75
+ /** @stable */
76
+ type HealthCheck = StorageCheck | EmbedderCheck | SecretsCheck | EncryptionCheck | ConsolidatorCheck | TriggersCheck | ReplayBufferCheck;
77
+ /** @stable */
78
+ interface HealthChecks {
79
+ readonly storage?: StorageCheck;
80
+ readonly embedder?: EmbedderCheck;
81
+ readonly secrets?: SecretsCheck;
82
+ readonly encryption?: EncryptionCheck;
83
+ readonly consolidator?: ConsolidatorCheck;
84
+ readonly triggers?: TriggersCheck;
85
+ readonly replayBuffer?: ReplayBufferCheck;
86
+ }
87
+ /** @stable */
88
+ interface HealthSummary {
89
+ readonly status: HealthRollup;
90
+ readonly checks: HealthChecks;
91
+ }
92
+ /** @stable */
93
+ interface HealthCheckOptions {
94
+ readonly store?: GraphorinSqliteStore;
95
+ readonly triggers?: TriggersDaemon;
96
+ readonly consolidator?: ConsolidatorDaemon;
97
+ readonly replayBuffer?: ReplayBufferProbe;
98
+ readonly secretsActive?: string;
99
+ readonly encryptionEnabled?: boolean;
100
+ readonly cipherPeerInstalled?: boolean;
101
+ readonly embedderModel?: string;
102
+ readonly embedderLoaded?: boolean;
103
+ /** Highest acceptable WAL size in bytes before warning. Default 50 MB. */
104
+ readonly walWarnThresholdBytes?: number;
105
+ }
106
+ /**
107
+ * Build the aggregate health summary from runtime probes.
108
+ *
109
+ * @stable
110
+ */
111
+ declare function collectHealth(options: HealthCheckOptions): Promise<HealthSummary>;
112
+ /**
113
+ * Promote the worst per-check status to the rollup label.
114
+ *
115
+ * @stable
116
+ */
117
+ declare function rollup(checks: HealthChecks): HealthRollup;
118
+ //#endregion
119
+ export { BaseHealthCheck, ConsolidatorCheck, EmbedderCheck, EncryptionCheck, HealthCheck, HealthCheckOptions, HealthChecks, HealthRollup, HealthStatus, HealthSummary, ReplayBufferCheck, ReplayBufferProbe, SecretsCheck, StorageCheck, TriggersCheck, collectHealth, rollup };
120
+ //# sourceMappingURL=checks.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"checks.d.ts","names":[],"sources":["../../src/health/checks.ts"],"sourcesContent":[],"mappings":";;;;;;AA2FA;AAOY,UA/EK,iBAAA,CA+EM;EACnB;EACA,SAAA,cAAA,EAAA,MAAA;EACA,SAAA,WAAA,CAAA,EAAA,MAAA;EACA,SAAA,aAAA,CAAA,EAAA,MAAA;;;AAGA,KA9EQ,YAAA,GA8ER,IAAA,GAAA,MAAA,GAAA,MAAA;;AAGa,KA9EL,YAAA,GA8EiB,IAAA,GAAA,UAAA,GAAA,SAAA;;;;;;;;AAOc,UA5E1B,eAAA,CA4E0B;EAI1B,SAAA,MAAA,EA/EE,YAgFA;EAKF,SAAA,OAAA,CAAA,EAAA,MAAkB;;;AAGT,UAnFT,YAAA,SAAqB,eAmFZ,CAAA;EACA,SAAA,YAAA,EAAA,MAAA;EAAiB,SAAA,kBAAA,EAAA,MAAA;EAiBrB,SAAA,gBAAa,CAAA,EAAA,MAAA;;;AAA+B,UA9FjD,aAAA,SAAsB,eA8F2B,CAAA;EAAO,SAAA,WAAA,EAAA,OAAA;EAuHzD,SAAM,KAAA,CAAA,EAAA,MAAS;;;UA/Md,YAAA,SAAqB;;;;UAKrB,eAAA,SAAwB;;;;;UAMxB,iBAAA,SAA0B;;;;;;;;;;;;UAa1B,aAAA,SAAsB;;;;;;;;UAStB,iBAAA,SAA0B;;;;;;KAO/B,WAAA,GACR,eACA,gBACA,eACA,kBACA,oBACA,gBACA;;UAGa,YAAA;qBACI;sBACC;qBACD;wBACG;0BACE;sBACJ;0BACI;;;UAIT,aAAA;mBACE;mBACA;;;UAIF,kBAAA;mBACE;sBACG;0BACI;0BACA;;;;;;;;;;;;;;iBAiBJ,aAAA,UAAuB,qBAAqB,QAAQ;;;;;;iBAuH1D,MAAA,SAAe,eAAe"}
@@ -0,0 +1,127 @@
1
+ import { readWalSize } from "@graphorin/store-sqlite";
2
+
3
+ //#region src/health/checks.ts
4
+ const DEFAULT_WAL_WARN_THRESHOLD_BYTES = 50 * 1024 * 1024;
5
+ /**
6
+ * Build the aggregate health summary from runtime probes.
7
+ *
8
+ * @stable
9
+ */
10
+ async function collectHealth(options) {
11
+ const checks = {};
12
+ if (options.store !== void 0) {
13
+ const walSize = readWalSizeSafely(options.store);
14
+ const threshold = options.walWarnThresholdBytes ?? DEFAULT_WAL_WARN_THRESHOLD_BYTES;
15
+ checks.storage = {
16
+ status: walSize > threshold ? "warn" : "ok",
17
+ walSizeBytes: walSize,
18
+ warnThresholdBytes: threshold
19
+ };
20
+ }
21
+ if (options.embedderLoaded !== void 0) checks.embedder = {
22
+ status: options.embedderLoaded ? "ok" : "warn",
23
+ modelLoaded: options.embedderLoaded,
24
+ ...options.embedderModel !== void 0 ? { model: options.embedderModel } : {}
25
+ };
26
+ if (options.secretsActive !== void 0) checks.secrets = {
27
+ status: "ok",
28
+ activeStore: options.secretsActive
29
+ };
30
+ if (options.encryptionEnabled !== void 0) {
31
+ const peerDepInstalled = options.cipherPeerInstalled ?? true;
32
+ checks.encryption = {
33
+ status: options.encryptionEnabled && peerDepInstalled === false ? "fail" : "ok",
34
+ enabled: options.encryptionEnabled,
35
+ peerDepInstalled
36
+ };
37
+ }
38
+ if (options.consolidator !== void 0) try {
39
+ const status$1 = await options.consolidator.status();
40
+ const overall = status$1.dlqSize > 0 ? "warn" : "ok";
41
+ checks.consolidator = {
42
+ status: status$1.paused ? "warn" : overall,
43
+ tier: status$1.tier,
44
+ running: status$1.running,
45
+ paused: status$1.paused,
46
+ queueDepth: status$1.queueDepth,
47
+ dlqSize: status$1.dlqSize,
48
+ budgetRemaining: {
49
+ tokens: status$1.budget.tokensRemaining,
50
+ costUsd: status$1.budget.costRemaining
51
+ }
52
+ };
53
+ } catch (err) {
54
+ checks.consolidator = {
55
+ status: "fail",
56
+ tier: "unknown",
57
+ running: false,
58
+ paused: false,
59
+ queueDepth: 0,
60
+ dlqSize: 0,
61
+ budgetRemaining: {
62
+ tokens: 0,
63
+ costUsd: 0
64
+ },
65
+ message: err instanceof Error ? err.message : String(err)
66
+ };
67
+ }
68
+ if (options.triggers !== void 0) try {
69
+ const status$1 = await options.triggers.status();
70
+ checks.triggers = {
71
+ status: "ok",
72
+ running: status$1.running,
73
+ active: status$1.active,
74
+ disabled: status$1.disabled,
75
+ deferred: status$1.deferred,
76
+ ...status$1.lastFireAt !== void 0 ? { lastFireAt: status$1.lastFireAt } : {}
77
+ };
78
+ } catch (err) {
79
+ checks.triggers = {
80
+ status: "fail",
81
+ running: false,
82
+ active: 0,
83
+ disabled: 0,
84
+ deferred: 0,
85
+ message: err instanceof Error ? err.message : String(err)
86
+ };
87
+ }
88
+ if (options.replayBuffer !== void 0) {
89
+ const probe = options.replayBuffer;
90
+ checks.replayBuffer = {
91
+ status: "ok",
92
+ eventsBuffered: probe.eventsBuffered,
93
+ ...probe.subscribers !== void 0 ? { subscribers: probe.subscribers } : {},
94
+ ...probe.subscriptions !== void 0 ? { subscriptions: probe.subscriptions } : {}
95
+ };
96
+ }
97
+ const status = rollup(checks);
98
+ return Object.freeze({
99
+ status,
100
+ checks: Object.freeze(checks)
101
+ });
102
+ }
103
+ /**
104
+ * Promote the worst per-check status to the rollup label.
105
+ *
106
+ * @stable
107
+ */
108
+ function rollup(checks) {
109
+ let worst = "ok";
110
+ for (const value of Object.values(checks)) {
111
+ if (value === void 0) continue;
112
+ if (value.status === "fail") return "failing";
113
+ if (value.status === "warn") worst = "degraded";
114
+ }
115
+ return worst;
116
+ }
117
+ function readWalSizeSafely(store) {
118
+ try {
119
+ return readWalSize(store.connection);
120
+ } catch {
121
+ return 0;
122
+ }
123
+ }
124
+
125
+ //#endregion
126
+ export { collectHealth, rollup };
127
+ //# sourceMappingURL=checks.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"checks.js","names":["checks: {\n -readonly [K in keyof HealthChecks]?: HealthChecks[K];\n }","status","overall: HealthStatus","worst: HealthRollup"],"sources":["../../src/health/checks.ts"],"sourcesContent":["/**\n * Per-subsystem health checks aggregated by `/v1/health`. Every check\n * resolves to `'ok' | 'warn' | 'fail'`; the aggregator promotes the\n * worst status to the top-level rollup.\n *\n * The serialized shape is **flat**: each check carries its detail\n * fields directly on the same object as the `status` discriminator\n * — no nested `detail` wrapper — matching the documented response\n * contract exactly.\n *\n * @packageDocumentation\n */\n\nimport type { GraphorinSqliteStore } from '@graphorin/store-sqlite';\nimport { readWalSize } from '@graphorin/store-sqlite';\nimport type { ConsolidatorDaemon } from '../consolidator/daemon.js';\nimport type { TriggersDaemon } from '../triggers/daemon.js';\n\n/** @stable */\nexport interface ReplayBufferProbe {\n /** Total events buffered across all subjects. Aggregated by the caller. */\n readonly eventsBuffered: number;\n readonly subscribers?: number;\n readonly subscriptions?: number;\n}\n\n/** @stable */\nexport type HealthStatus = 'ok' | 'warn' | 'fail';\n\n/** @stable */\nexport type HealthRollup = 'ok' | 'degraded' | 'failing';\n\n/**\n * Common discriminator carried on every per-subsystem check entry.\n * Concrete shapes extend this with subsystem-specific fields per the\n * documented contract.\n *\n * @stable\n */\nexport interface BaseHealthCheck {\n readonly status: HealthStatus;\n readonly message?: string;\n}\n\n/** @stable */\nexport interface StorageCheck extends BaseHealthCheck {\n readonly walSizeBytes: number;\n readonly warnThresholdBytes: number;\n readonly lastCheckpointAt?: string;\n}\n\n/** @stable */\nexport interface EmbedderCheck extends BaseHealthCheck {\n readonly modelLoaded: boolean;\n readonly model?: string;\n}\n\n/** @stable */\nexport interface SecretsCheck extends BaseHealthCheck {\n readonly activeStore: string;\n}\n\n/** @stable */\nexport interface EncryptionCheck extends BaseHealthCheck {\n readonly enabled: boolean;\n readonly peerDepInstalled: boolean;\n}\n\n/** @stable */\nexport interface ConsolidatorCheck extends BaseHealthCheck {\n readonly tier: string;\n readonly running: boolean;\n readonly paused: boolean;\n readonly queueDepth: number;\n readonly dlqSize: number;\n readonly budgetRemaining: {\n readonly tokens: number;\n readonly costUsd: number;\n };\n}\n\n/** @stable */\nexport interface TriggersCheck extends BaseHealthCheck {\n readonly running: boolean;\n readonly active: number;\n readonly disabled: number;\n readonly deferred: number;\n readonly lastFireAt?: string;\n}\n\n/** @stable */\nexport interface ReplayBufferCheck extends BaseHealthCheck {\n readonly eventsBuffered: number;\n readonly subscribers?: number;\n readonly subscriptions?: number;\n}\n\n/** @stable */\nexport type HealthCheck =\n | StorageCheck\n | EmbedderCheck\n | SecretsCheck\n | EncryptionCheck\n | ConsolidatorCheck\n | TriggersCheck\n | ReplayBufferCheck;\n\n/** @stable */\nexport interface HealthChecks {\n readonly storage?: StorageCheck;\n readonly embedder?: EmbedderCheck;\n readonly secrets?: SecretsCheck;\n readonly encryption?: EncryptionCheck;\n readonly consolidator?: ConsolidatorCheck;\n readonly triggers?: TriggersCheck;\n readonly replayBuffer?: ReplayBufferCheck;\n}\n\n/** @stable */\nexport interface HealthSummary {\n readonly status: HealthRollup;\n readonly checks: HealthChecks;\n}\n\n/** @stable */\nexport interface HealthCheckOptions {\n readonly store?: GraphorinSqliteStore;\n readonly triggers?: TriggersDaemon;\n readonly consolidator?: ConsolidatorDaemon;\n readonly replayBuffer?: ReplayBufferProbe;\n readonly secretsActive?: string;\n readonly encryptionEnabled?: boolean;\n readonly cipherPeerInstalled?: boolean;\n readonly embedderModel?: string;\n readonly embedderLoaded?: boolean;\n /** Highest acceptable WAL size in bytes before warning. Default 50 MB. */\n readonly walWarnThresholdBytes?: number;\n}\n\nconst DEFAULT_WAL_WARN_THRESHOLD_BYTES = 50 * 1024 * 1024;\n\n/**\n * Build the aggregate health summary from runtime probes.\n *\n * @stable\n */\nexport async function collectHealth(options: HealthCheckOptions): Promise<HealthSummary> {\n const checks: {\n -readonly [K in keyof HealthChecks]?: HealthChecks[K];\n } = {};\n\n if (options.store !== undefined) {\n const walSize = readWalSizeSafely(options.store);\n const threshold = options.walWarnThresholdBytes ?? DEFAULT_WAL_WARN_THRESHOLD_BYTES;\n const status: HealthStatus = walSize > threshold ? 'warn' : 'ok';\n checks.storage = {\n status,\n walSizeBytes: walSize,\n warnThresholdBytes: threshold,\n };\n }\n\n if (options.embedderLoaded !== undefined) {\n checks.embedder = {\n status: options.embedderLoaded ? 'ok' : 'warn',\n modelLoaded: options.embedderLoaded,\n ...(options.embedderModel !== undefined ? { model: options.embedderModel } : {}),\n };\n }\n\n if (options.secretsActive !== undefined) {\n checks.secrets = {\n status: 'ok',\n activeStore: options.secretsActive,\n };\n }\n\n if (options.encryptionEnabled !== undefined) {\n // IP-1: a server that is serving this health endpoint with\n // encryption enabled has already opened the store WITH its key at\n // boot (createServer threads the resolved passphrase into\n // createSqliteStore and fails fast otherwise) — that successful\n // keyed open is the factual basis of this check. 'fail' is\n // reserved for an explicit negative cipher-peer probe; the old\n // default blamed a missing peer dep on every encrypted boot.\n const peerDepInstalled = options.cipherPeerInstalled ?? true;\n checks.encryption = {\n status: options.encryptionEnabled && peerDepInstalled === false ? 'fail' : 'ok',\n enabled: options.encryptionEnabled,\n peerDepInstalled,\n };\n }\n\n if (options.consolidator !== undefined) {\n try {\n const status = await options.consolidator.status();\n const overall: HealthStatus = status.dlqSize > 0 ? 'warn' : 'ok';\n checks.consolidator = {\n status: status.paused ? 'warn' : overall,\n tier: status.tier,\n running: status.running,\n paused: status.paused,\n queueDepth: status.queueDepth,\n dlqSize: status.dlqSize,\n budgetRemaining: {\n tokens: status.budget.tokensRemaining,\n costUsd: status.budget.costRemaining,\n },\n };\n } catch (err) {\n checks.consolidator = {\n status: 'fail',\n tier: 'unknown',\n running: false,\n paused: false,\n queueDepth: 0,\n dlqSize: 0,\n budgetRemaining: { tokens: 0, costUsd: 0 },\n message: err instanceof Error ? err.message : String(err),\n };\n }\n }\n\n if (options.triggers !== undefined) {\n try {\n const status = await options.triggers.status();\n checks.triggers = {\n status: 'ok',\n running: status.running,\n active: status.active,\n disabled: status.disabled,\n deferred: status.deferred,\n ...(status.lastFireAt !== undefined ? { lastFireAt: status.lastFireAt } : {}),\n };\n } catch (err) {\n checks.triggers = {\n status: 'fail',\n running: false,\n active: 0,\n disabled: 0,\n deferred: 0,\n message: err instanceof Error ? err.message : String(err),\n };\n }\n }\n\n if (options.replayBuffer !== undefined) {\n const probe = options.replayBuffer;\n checks.replayBuffer = {\n status: 'ok',\n eventsBuffered: probe.eventsBuffered,\n ...(probe.subscribers !== undefined ? { subscribers: probe.subscribers } : {}),\n ...(probe.subscriptions !== undefined ? { subscriptions: probe.subscriptions } : {}),\n };\n }\n\n const status = rollup(checks);\n return Object.freeze({ status, checks: Object.freeze(checks) as HealthChecks });\n}\n\n/**\n * Promote the worst per-check status to the rollup label.\n *\n * @stable\n */\nexport function rollup(checks: HealthChecks): HealthRollup {\n let worst: HealthRollup = 'ok';\n for (const value of Object.values(checks)) {\n if (value === undefined) continue;\n if (value.status === 'fail') return 'failing';\n if (value.status === 'warn') worst = 'degraded';\n }\n return worst;\n}\n\nfunction readWalSizeSafely(store: GraphorinSqliteStore): number {\n try {\n return readWalSize(store.connection);\n } catch {\n return 0;\n }\n}\n"],"mappings":";;;AA2IA,MAAM,mCAAmC,KAAK,OAAO;;;;;;AAOrD,eAAsB,cAAc,SAAqD;CACvF,MAAMA,SAEF,EAAE;AAEN,KAAI,QAAQ,UAAU,QAAW;EAC/B,MAAM,UAAU,kBAAkB,QAAQ,MAAM;EAChD,MAAM,YAAY,QAAQ,yBAAyB;AAEnD,SAAO,UAAU;GACf,QAF2B,UAAU,YAAY,SAAS;GAG1D,cAAc;GACd,oBAAoB;GACrB;;AAGH,KAAI,QAAQ,mBAAmB,OAC7B,QAAO,WAAW;EAChB,QAAQ,QAAQ,iBAAiB,OAAO;EACxC,aAAa,QAAQ;EACrB,GAAI,QAAQ,kBAAkB,SAAY,EAAE,OAAO,QAAQ,eAAe,GAAG,EAAE;EAChF;AAGH,KAAI,QAAQ,kBAAkB,OAC5B,QAAO,UAAU;EACf,QAAQ;EACR,aAAa,QAAQ;EACtB;AAGH,KAAI,QAAQ,sBAAsB,QAAW;EAQ3C,MAAM,mBAAmB,QAAQ,uBAAuB;AACxD,SAAO,aAAa;GAClB,QAAQ,QAAQ,qBAAqB,qBAAqB,QAAQ,SAAS;GAC3E,SAAS,QAAQ;GACjB;GACD;;AAGH,KAAI,QAAQ,iBAAiB,OAC3B,KAAI;EACF,MAAMC,WAAS,MAAM,QAAQ,aAAa,QAAQ;EAClD,MAAMC,UAAwBD,SAAO,UAAU,IAAI,SAAS;AAC5D,SAAO,eAAe;GACpB,QAAQA,SAAO,SAAS,SAAS;GACjC,MAAMA,SAAO;GACb,SAASA,SAAO;GAChB,QAAQA,SAAO;GACf,YAAYA,SAAO;GACnB,SAASA,SAAO;GAChB,iBAAiB;IACf,QAAQA,SAAO,OAAO;IACtB,SAASA,SAAO,OAAO;IACxB;GACF;UACM,KAAK;AACZ,SAAO,eAAe;GACpB,QAAQ;GACR,MAAM;GACN,SAAS;GACT,QAAQ;GACR,YAAY;GACZ,SAAS;GACT,iBAAiB;IAAE,QAAQ;IAAG,SAAS;IAAG;GAC1C,SAAS,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;GAC1D;;AAIL,KAAI,QAAQ,aAAa,OACvB,KAAI;EACF,MAAMA,WAAS,MAAM,QAAQ,SAAS,QAAQ;AAC9C,SAAO,WAAW;GAChB,QAAQ;GACR,SAASA,SAAO;GAChB,QAAQA,SAAO;GACf,UAAUA,SAAO;GACjB,UAAUA,SAAO;GACjB,GAAIA,SAAO,eAAe,SAAY,EAAE,YAAYA,SAAO,YAAY,GAAG,EAAE;GAC7E;UACM,KAAK;AACZ,SAAO,WAAW;GAChB,QAAQ;GACR,SAAS;GACT,QAAQ;GACR,UAAU;GACV,UAAU;GACV,SAAS,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;GAC1D;;AAIL,KAAI,QAAQ,iBAAiB,QAAW;EACtC,MAAM,QAAQ,QAAQ;AACtB,SAAO,eAAe;GACpB,QAAQ;GACR,gBAAgB,MAAM;GACtB,GAAI,MAAM,gBAAgB,SAAY,EAAE,aAAa,MAAM,aAAa,GAAG,EAAE;GAC7E,GAAI,MAAM,kBAAkB,SAAY,EAAE,eAAe,MAAM,eAAe,GAAG,EAAE;GACpF;;CAGH,MAAM,SAAS,OAAO,OAAO;AAC7B,QAAO,OAAO,OAAO;EAAE;EAAQ,QAAQ,OAAO,OAAO,OAAO;EAAkB,CAAC;;;;;;;AAQjF,SAAgB,OAAO,QAAoC;CACzD,IAAIE,QAAsB;AAC1B,MAAK,MAAM,SAAS,OAAO,OAAO,OAAO,EAAE;AACzC,MAAI,UAAU,OAAW;AACzB,MAAI,MAAM,WAAW,OAAQ,QAAO;AACpC,MAAI,MAAM,WAAW,OAAQ,SAAQ;;AAEvC,QAAO;;AAGT,SAAS,kBAAkB,OAAqC;AAC9D,KAAI;AACF,SAAO,YAAY,MAAM,WAAW;SAC9B;AACN,SAAO"}
@@ -0,0 +1,3 @@
1
+ import { BaseHealthCheck, ConsolidatorCheck, EmbedderCheck, EncryptionCheck, HealthCheck, HealthCheckOptions, HealthChecks, HealthRollup, HealthStatus, HealthSummary, ReplayBufferCheck, ReplayBufferProbe, SecretsCheck, StorageCheck, TriggersCheck, collectHealth, rollup } from "./checks.js";
2
+ import { HealthRouteOptions, MetricsRoutesOptions, createExtendedHealthRoutes, createMetricsRoutes, createSecretsHealthRoutes } from "./routes.js";
3
+ export { type BaseHealthCheck, type ConsolidatorCheck, type EmbedderCheck, type EncryptionCheck, type HealthCheck, type HealthCheckOptions, type HealthChecks, type HealthRollup, type HealthRouteOptions, type HealthStatus, type HealthSummary, type MetricsRoutesOptions, type ReplayBufferCheck, type ReplayBufferProbe, type SecretsCheck, type StorageCheck, type TriggersCheck, collectHealth, createExtendedHealthRoutes, createMetricsRoutes, createSecretsHealthRoutes, rollup };
@@ -0,0 +1,4 @@
1
+ import { collectHealth, rollup } from "./checks.js";
2
+ import { createExtendedHealthRoutes, createMetricsRoutes, createSecretsHealthRoutes } from "./routes.js";
3
+
4
+ export { collectHealth, createExtendedHealthRoutes, createMetricsRoutes, createSecretsHealthRoutes, rollup };
@@ -0,0 +1,66 @@
1
+ import { HealthCheckOptions } from "./checks.js";
2
+ import { ServerVariables } from "../internal/context.js";
3
+ import { MetricRegistry } from "../metrics/registry.js";
4
+ import { Hono } from "hono";
5
+
6
+ //#region src/health/routes.d.ts
7
+
8
+ /**
9
+ * @stable
10
+ */
11
+ interface HealthRouteOptions {
12
+ readonly version: string;
13
+ readonly startedAt: number;
14
+ readonly now?: () => number;
15
+ readonly probes: () => HealthCheckOptions | Promise<HealthCheckOptions>;
16
+ }
17
+ /**
18
+ * Public health route (anonymous; mounted before auth middleware).
19
+ * Returns the rollup + per-check breakdown; HTTP 200 even when the
20
+ * rollup is `'degraded'` so liveness probes do not flap on minor
21
+ * degradations. Only `'failing'` short-circuits with 503.
22
+ *
23
+ * @stable
24
+ */
25
+ declare function createExtendedHealthRoutes(options: HealthRouteOptions): Hono<{
26
+ Variables: ServerVariables;
27
+ }>;
28
+ /**
29
+ * Authed health route. Mounted at `${base}/health/secrets` AFTER the
30
+ * auth middleware so the scope check has a verified token to inspect.
31
+ * Returns the active secrets store + fallback chain + downgrade
32
+ * reason per the secrets capability matrix.
33
+ *
34
+ * @stable
35
+ */
36
+ declare function createSecretsHealthRoutes(): Hono<{
37
+ Variables: ServerVariables;
38
+ }>;
39
+ /**
40
+ * @stable
41
+ */
42
+ interface MetricsRoutesOptions {
43
+ readonly registry: MetricRegistry;
44
+ readonly requireAuth?: boolean;
45
+ /**
46
+ * Optional refresh callback invoked before every scrape. Use it to
47
+ * sample live signals (WAL size, in-flight runs, daemon status,
48
+ * replay buffer occupancy) into the registry so the scraped output
49
+ * reflects the moment of the request.
50
+ *
51
+ * Refresh failures are swallowed — a broken probe never blocks a
52
+ * Prometheus scrape — and surfaced through the optional `onError`
53
+ * sink.
54
+ */
55
+ readonly refresh?: () => void | Promise<void>;
56
+ readonly onError?: (err: unknown) => void;
57
+ }
58
+ /**
59
+ * @stable
60
+ */
61
+ declare function createMetricsRoutes(options: MetricsRoutesOptions): Hono<{
62
+ Variables: ServerVariables;
63
+ }>;
64
+ //#endregion
65
+ export { HealthRouteOptions, MetricsRoutesOptions, createExtendedHealthRoutes, createMetricsRoutes, createSecretsHealthRoutes };
66
+ //# sourceMappingURL=routes.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"routes.d.ts","names":[],"sources":["../../src/health/routes.ts"],"sourcesContent":[],"mappings":";;;;;;;AA+GA;AAoBA;;AAEqB,UA3GJ,kBAAA,CA2GI;EAAlB,SAAA,OAAA,EAAA,MAAA;EAAI,SAAA,SAAA,EAAA,MAAA;;yBAvGkB,qBAAqB,QAAQ;;;;;;;;;;iBAWtC,0BAAA,UACL,qBACR;aAAkB;;;;;;;;;;iBA8BL,yBAAA,CAAA,GAA6B;aAAkB;;;;;UAsC9C,oBAAA;qBACI;;;;;;;;;;;;kCAYa;;;;;;iBAOlB,mBAAA,UACL,uBACR;aAAkB"}
@@ -0,0 +1,96 @@
1
+ import { collectHealth } from "./checks.js";
2
+ import { createScopeMiddleware } from "../middleware/scope.js";
3
+ import { Hono } from "hono";
4
+ import { getSecretsStoreStatus } from "@graphorin/security/secrets";
5
+
6
+ //#region src/health/routes.ts
7
+ /**
8
+ * Health-family REST routes.
9
+ *
10
+ * GET /health (unauthenticated; liveness)
11
+ * GET /health/secrets (admin scope)
12
+ * GET /metrics (Prometheus exposition)
13
+ *
14
+ * `/health` returns 200 even when the rollup is `'degraded'`; only
15
+ * `'failing'` short-circuits with 503 so liveness probes do not flap
16
+ * on minor degradations (e.g. WAL above the warn threshold).
17
+ *
18
+ * @packageDocumentation
19
+ */
20
+ /**
21
+ * Public health route (anonymous; mounted before auth middleware).
22
+ * Returns the rollup + per-check breakdown; HTTP 200 even when the
23
+ * rollup is `'degraded'` so liveness probes do not flap on minor
24
+ * degradations. Only `'failing'` short-circuits with 503.
25
+ *
26
+ * @stable
27
+ */
28
+ function createExtendedHealthRoutes(options) {
29
+ const app = new Hono();
30
+ const now = options.now ?? Date.now;
31
+ app.get("/", async (c) => {
32
+ const summary = await collectHealth(await options.probes());
33
+ const body = {
34
+ status: summary.status,
35
+ version: options.version,
36
+ uptimeSeconds: Math.max(0, Math.floor((now() - options.startedAt) / 1e3)),
37
+ checks: summary.checks
38
+ };
39
+ if (summary.status === "failing") return c.json(body, 503);
40
+ return c.json(body, 200);
41
+ });
42
+ return app;
43
+ }
44
+ /**
45
+ * Authed health route. Mounted at `${base}/health/secrets` AFTER the
46
+ * auth middleware so the scope check has a verified token to inspect.
47
+ * Returns the active secrets store + fallback chain + downgrade
48
+ * reason per the secrets capability matrix.
49
+ *
50
+ * @stable
51
+ */
52
+ function createSecretsHealthRoutes() {
53
+ const app = new Hono();
54
+ app.get("/", createScopeMiddleware("secrets:read"), (c) => {
55
+ const status = getSecretsStoreStatus();
56
+ if (status === void 0) return c.json({
57
+ active: "unknown",
58
+ fallbackChain: [],
59
+ strictMode: false,
60
+ headlessReasons: [],
61
+ message: "Secrets store has not been activated yet."
62
+ }, 200);
63
+ return c.json({
64
+ active: status.active,
65
+ fallbackChain: [...status.fallbackChain],
66
+ ...status.downgradedFrom !== void 0 ? { downgradedFrom: status.downgradedFrom } : {},
67
+ ...status.downgradeReason !== void 0 ? { downgradeReason: status.downgradeReason } : {},
68
+ strictMode: status.strictMode,
69
+ headlessReasons: [...status.headlessReasons]
70
+ }, 200);
71
+ });
72
+ return app;
73
+ }
74
+ /**
75
+ * @stable
76
+ */
77
+ function createMetricsRoutes(options) {
78
+ const app = new Hono();
79
+ const handler = async (c) => {
80
+ if (options.refresh !== void 0) try {
81
+ await options.refresh();
82
+ } catch (err) {
83
+ options.onError?.(err);
84
+ }
85
+ const body = options.registry.render();
86
+ c.header("Content-Type", options.registry.contentType());
87
+ return c.body(body, 200);
88
+ };
89
+ if (options.requireAuth === true) app.get("/", createScopeMiddleware("admin:metrics:read"), handler);
90
+ else app.get("/", handler);
91
+ return app;
92
+ }
93
+
94
+ //#endregion
95
+ export { createExtendedHealthRoutes, createMetricsRoutes, createSecretsHealthRoutes };
96
+ //# sourceMappingURL=routes.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"routes.js","names":[],"sources":["../../src/health/routes.ts"],"sourcesContent":["/**\n * Health-family REST routes.\n *\n * GET /health (unauthenticated; liveness)\n * GET /health/secrets (admin scope)\n * GET /metrics (Prometheus exposition)\n *\n * `/health` returns 200 even when the rollup is `'degraded'`; only\n * `'failing'` short-circuits with 503 so liveness probes do not flap\n * on minor degradations (e.g. WAL above the warn threshold).\n *\n * @packageDocumentation\n */\n\nimport { getSecretsStoreStatus } from '@graphorin/security/secrets';\nimport type { Context } from 'hono';\nimport { Hono } from 'hono';\n\nimport type { ServerVariables } from '../internal/context.js';\nimport type { MetricRegistry } from '../metrics/registry.js';\nimport { createScopeMiddleware } from '../middleware/scope.js';\nimport { collectHealth, type HealthCheckOptions } from './checks.js';\n\n/**\n * @stable\n */\nexport interface HealthRouteOptions {\n readonly version: string;\n readonly startedAt: number;\n readonly now?: () => number;\n readonly probes: () => HealthCheckOptions | Promise<HealthCheckOptions>;\n}\n\n/**\n * Public health route (anonymous; mounted before auth middleware).\n * Returns the rollup + per-check breakdown; HTTP 200 even when the\n * rollup is `'degraded'` so liveness probes do not flap on minor\n * degradations. Only `'failing'` short-circuits with 503.\n *\n * @stable\n */\nexport function createExtendedHealthRoutes(\n options: HealthRouteOptions,\n): Hono<{ Variables: ServerVariables }> {\n const app = new Hono<{ Variables: ServerVariables }>();\n const now = options.now ?? Date.now;\n\n app.get('/', async (c) => {\n const probes = await options.probes();\n const summary = await collectHealth(probes);\n const body = {\n status: summary.status,\n version: options.version,\n uptimeSeconds: Math.max(0, Math.floor((now() - options.startedAt) / 1000)),\n checks: summary.checks,\n };\n if (summary.status === 'failing') {\n return c.json(body, 503);\n }\n return c.json(body, 200);\n });\n\n return app;\n}\n\n/**\n * Authed health route. Mounted at `${base}/health/secrets` AFTER the\n * auth middleware so the scope check has a verified token to inspect.\n * Returns the active secrets store + fallback chain + downgrade\n * reason per the secrets capability matrix.\n *\n * @stable\n */\nexport function createSecretsHealthRoutes(): Hono<{ Variables: ServerVariables }> {\n const app = new Hono<{ Variables: ServerVariables }>();\n\n app.get('/', createScopeMiddleware('secrets:read'), (c) => {\n const status = getSecretsStoreStatus();\n if (status === undefined) {\n return c.json(\n {\n active: 'unknown',\n fallbackChain: [] as ReadonlyArray<string>,\n strictMode: false,\n headlessReasons: [] as ReadonlyArray<string>,\n message: 'Secrets store has not been activated yet.',\n },\n 200,\n );\n }\n return c.json(\n {\n active: status.active,\n fallbackChain: [...status.fallbackChain],\n ...(status.downgradedFrom !== undefined ? { downgradedFrom: status.downgradedFrom } : {}),\n ...(status.downgradeReason !== undefined\n ? { downgradeReason: status.downgradeReason }\n : {}),\n strictMode: status.strictMode,\n headlessReasons: [...status.headlessReasons],\n },\n 200,\n );\n });\n\n return app;\n}\n\n/**\n * @stable\n */\nexport interface MetricsRoutesOptions {\n readonly registry: MetricRegistry;\n readonly requireAuth?: boolean;\n /**\n * Optional refresh callback invoked before every scrape. Use it to\n * sample live signals (WAL size, in-flight runs, daemon status,\n * replay buffer occupancy) into the registry so the scraped output\n * reflects the moment of the request.\n *\n * Refresh failures are swallowed — a broken probe never blocks a\n * Prometheus scrape — and surfaced through the optional `onError`\n * sink.\n */\n readonly refresh?: () => void | Promise<void>;\n readonly onError?: (err: unknown) => void;\n}\n\n/**\n * @stable\n */\nexport function createMetricsRoutes(\n options: MetricsRoutesOptions,\n): Hono<{ Variables: ServerVariables }> {\n const app = new Hono<{ Variables: ServerVariables }>();\n const handler = async (c: Context<{ Variables: ServerVariables }>) => {\n if (options.refresh !== undefined) {\n try {\n await options.refresh();\n } catch (err) {\n options.onError?.(err);\n }\n }\n const body = options.registry.render();\n c.header('Content-Type', options.registry.contentType());\n return c.body(body, 200);\n };\n if (options.requireAuth === true) {\n app.get('/', createScopeMiddleware('admin:metrics:read'), handler);\n } else {\n app.get('/', handler);\n }\n return app;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAyCA,SAAgB,2BACd,SACsC;CACtC,MAAM,MAAM,IAAI,MAAsC;CACtD,MAAM,MAAM,QAAQ,OAAO,KAAK;AAEhC,KAAI,IAAI,KAAK,OAAO,MAAM;EAExB,MAAM,UAAU,MAAM,cADP,MAAM,QAAQ,QAAQ,CACM;EAC3C,MAAM,OAAO;GACX,QAAQ,QAAQ;GAChB,SAAS,QAAQ;GACjB,eAAe,KAAK,IAAI,GAAG,KAAK,OAAO,KAAK,GAAG,QAAQ,aAAa,IAAK,CAAC;GAC1E,QAAQ,QAAQ;GACjB;AACD,MAAI,QAAQ,WAAW,UACrB,QAAO,EAAE,KAAK,MAAM,IAAI;AAE1B,SAAO,EAAE,KAAK,MAAM,IAAI;GACxB;AAEF,QAAO;;;;;;;;;;AAWT,SAAgB,4BAAkE;CAChF,MAAM,MAAM,IAAI,MAAsC;AAEtD,KAAI,IAAI,KAAK,sBAAsB,eAAe,GAAG,MAAM;EACzD,MAAM,SAAS,uBAAuB;AACtC,MAAI,WAAW,OACb,QAAO,EAAE,KACP;GACE,QAAQ;GACR,eAAe,EAAE;GACjB,YAAY;GACZ,iBAAiB,EAAE;GACnB,SAAS;GACV,EACD,IACD;AAEH,SAAO,EAAE,KACP;GACE,QAAQ,OAAO;GACf,eAAe,CAAC,GAAG,OAAO,cAAc;GACxC,GAAI,OAAO,mBAAmB,SAAY,EAAE,gBAAgB,OAAO,gBAAgB,GAAG,EAAE;GACxF,GAAI,OAAO,oBAAoB,SAC3B,EAAE,iBAAiB,OAAO,iBAAiB,GAC3C,EAAE;GACN,YAAY,OAAO;GACnB,iBAAiB,CAAC,GAAG,OAAO,gBAAgB;GAC7C,EACD,IACD;GACD;AAEF,QAAO;;;;;AA0BT,SAAgB,oBACd,SACsC;CACtC,MAAM,MAAM,IAAI,MAAsC;CACtD,MAAM,UAAU,OAAO,MAA+C;AACpE,MAAI,QAAQ,YAAY,OACtB,KAAI;AACF,SAAM,QAAQ,SAAS;WAChB,KAAK;AACZ,WAAQ,UAAU,IAAI;;EAG1B,MAAM,OAAO,QAAQ,SAAS,QAAQ;AACtC,IAAE,OAAO,gBAAgB,QAAQ,SAAS,aAAa,CAAC;AACxD,SAAO,EAAE,KAAK,MAAM,IAAI;;AAE1B,KAAI,QAAQ,gBAAgB,KAC1B,KAAI,IAAI,KAAK,sBAAsB,qBAAqB,EAAE,QAAQ;KAElE,KAAI,IAAI,KAAK,QAAQ;AAEvB,QAAO"}
@@ -0,0 +1,88 @@
1
+ import { DeliveryCommentaryConfig, DeliveryCommentaryDecision, DeliveryCommentaryPattern, DeliveryCommentaryPolicy, DeliveryCommentaryReason, DeliveryCommentarySink, DeliveryCommentaryTransport } from "./commentary/types.js";
2
+ import { DEFAULT_APPLY_TO_EVENTS, DEFAULT_DELIVERY_COMMENTARY_PATTERNS } from "./commentary/built-in-patterns.js";
3
+ import { DeliveryCommentarySanitizer, createDeliveryCommentarySanitizer } from "./commentary/sanitizer.js";
4
+ import "./commentary/index.js";
5
+ import { DeliveryCommentaryPolicyConfig, IdempotencyRequireKeyMode, SecretRefString, SecretsSource, ServerConfigInput, ServerConfigSchema, ServerConfigSpec, defineConfig, parseServerConfig } from "./config.js";
6
+ import { ConsolidatorDaemon, ConsolidatorLike, ConsolidatorStatusLike, CreateConsolidatorDaemonOptions, createConsolidatorDaemon } from "./consolidator/daemon.js";
7
+ import "./consolidator/index.js";
8
+ import { AgentNotFoundError, ConfigInvalidError, GraphorinServerError, GraphorinServerErrorCode, IdempotencyConflictError, IdempotencyKeyRequiredError, LifecycleDoubleStartError, LifecycleNotStartedError, MigrationFailedError, PrebindEncryptionPeerMissingError, PrebindEncryptionRequiredError, PrebindPepperMissingError, PrebindSecretUnresolvableError, RouteHandlerMissingError, ShutdownTimeoutError, WorkflowNotFoundError } from "./errors/index.js";
9
+ import { CreateTriggersDaemonOptions, TriggersDaemon, TriggersDaemonMetrics, TriggersDaemonStatus, createTriggersDaemon, defaultCatchupPolicy } from "./triggers/daemon.js";
10
+ import { BaseHealthCheck, ConsolidatorCheck, EmbedderCheck, EncryptionCheck, HealthCheck, HealthCheckOptions, HealthChecks, HealthRollup, HealthStatus, HealthSummary, ReplayBufferCheck, ReplayBufferProbe, SecretsCheck, StorageCheck, TriggersCheck, collectHealth, rollup } from "./health/checks.js";
11
+ import { RequestToken, ServerRequestState, ServerVariables } from "./internal/context.js";
12
+ import { LabelSet, MetricKind, MetricRegistry } from "./metrics/registry.js";
13
+ import { HealthRouteOptions, MetricsRoutesOptions, createExtendedHealthRoutes, createMetricsRoutes, createSecretsHealthRoutes } from "./health/routes.js";
14
+ import "./health/index.js";
15
+ import { BeforeShutdownContext, BeforeStartContext, LifecycleHooks, OnErrorContext, OnReadyContext } from "./lifecycle/hooks.js";
16
+ import { PreBindResult, RunPreBindOptions, runPreBind } from "./lifecycle/pre-bind.js";
17
+ import "./lifecycle/index.js";
18
+ import { AgentRegistration, AgentRegistry, AgentSummary, ServerAgentLike, ServerWorkflowLike, WorkflowRegistration, WorkflowRegistry, WorkflowSummary } from "./registry/index.js";
19
+ import { ReplayApi, ReplayMode, ReplayResponse, ReplayRoutesDeps, createReplayRoutes } from "./replay/routes.js";
20
+ import "./replay/index.js";
21
+ import { ReplayBuffer, ReplayBufferOptions, ReplayBufferSlice, createReplayBuffer } from "./ws/replay-buffer.js";
22
+ import { ParsedSubject, requiredScopeFor, tryParseSubject } from "./ws/subjects.js";
23
+ import { BareEventFrame, SubscribeResult, WsDispatcher, WsDispatcherOptions, WsDispatcherWarning, WsSubscriberHandle, WsSubscriptionSnapshot, createWsDispatcher } from "./ws/dispatcher.js";
24
+ import { RunDescriptor, RunHandle, RunStateSnapshot, RunStateTracker, RunStatus } from "./runtime/run-state.js";
25
+ import { AgentRoutesDeps, createAgentRoutes, createRunRoutes } from "./routes/agents.js";
26
+ import { AuditApi, AuditRoutesDeps, createAuditRoutes } from "./routes/audit.js";
27
+ import { WsTicket, WsTicketConsumeResult, WsTicketStore, WsTicketStoreOptions, createWsTicketStore } from "./ws/ticket.js";
28
+ import { AuthRoutesDeps, createAuthRoutes } from "./routes/auth.js";
29
+ import { HealthRoutesDeps, createHealthRoutes } from "./routes/health.js";
30
+ import { McpApi, McpRoutesDeps, createMcpRoutes } from "./routes/mcp.js";
31
+ import { MemoryApi, MemoryRoutesDeps, createMemoryRoutes } from "./routes/memory.js";
32
+ import { SessionApi, SessionRoutesDeps, createSessionRoutes } from "./routes/sessions.js";
33
+ import { SkillsApi, SkillsRoutesDeps, createSkillsRoutes } from "./routes/skills.js";
34
+ import { TokensRoutesDeps, createTokensRoutes } from "./routes/tokens.js";
35
+ import { WorkflowRoutesDeps, createWorkflowRoutes } from "./routes/workflows.js";
36
+ import "./routes/index.js";
37
+ import { WsUpgradeOptions, createWsUpgradeEvents } from "./ws/upgrade.js";
38
+ import "./ws/index.js";
39
+ import { CreateServerOptions, GraphorinServer, TriggersDaemonInput, createServer, ensureStoreAuditBinding } from "./app.js";
40
+ import { SERVER_METRIC_NAMES, createServerMetricRegistry } from "./metrics/catalog.js";
41
+ import { AuditErrorSink, AuditMiddlewareOptions, HTTP_REQUEST_AUDIT_ACTION, createAuditMiddleware } from "./middleware/audit.js";
42
+ import { AuthMiddlewareOptions, createAuthMiddleware } from "./middleware/auth.js";
43
+ import { createCorsMiddleware } from "./middleware/cors.js";
44
+ import { createCsrfMiddleware } from "./middleware/csrf.js";
45
+ import { IdempotencyMiddlewareOptions, createIdempotencyMiddleware } from "./middleware/idempotency.js";
46
+ import { createRateLimitMiddleware } from "./middleware/rate-limit.js";
47
+ import { RequestStateMiddlewareOptions, createRequestStateMiddleware } from "./middleware/request-state.js";
48
+ import { ScopeRequirement, createScopeMiddleware } from "./middleware/scope.js";
49
+ import "./middleware/index.js";
50
+ import { SseRoutesDeps, createSseRoutes } from "./sse/events.js";
51
+ import "./sse/index.js";
52
+ import { TriggersRoutesDeps, createTriggersRoutes } from "./triggers/routes.js";
53
+ import "./triggers/index.js";
54
+
55
+ //#region src/index.d.ts
56
+ /**
57
+ * `@graphorin/server` — standalone server runtime for the Graphorin
58
+ * framework.
59
+ *
60
+ * Phase 14a entry point. Ships:
61
+ *
62
+ * - {@link createServer} — the single programmatic entry that wires
63
+ * the Hono app, the auth + scope + idempotency + audit middleware
64
+ * stack, REST endpoints (agents / workflows / sessions / memory /
65
+ * skills / mcp / tokens / audit / health), the lifecycle hooks
66
+ * (`beforeStart` / `onReady` / `beforeShutdown` / `onError`), the
67
+ * pre-bind secrets-resolution + storage-migration runner, and the
68
+ * graceful SIGTERM drain.
69
+ * - {@link defineConfig} + {@link parseServerConfig} — typed
70
+ * configuration loader with a Zod-validated schema; missing fields
71
+ * fall back to documented production-ready defaults.
72
+ * - {@link AgentRegistry} + {@link WorkflowRegistry} — read/write
73
+ * registries the route handlers consult to look up user-defined
74
+ * agents / workflows.
75
+ * - {@link RunStateTracker} — in-memory bookkeeping for in-flight
76
+ * runs (run id, status, AbortController). Phase 14b/c promote the
77
+ * tracker to a SQLite-backed durable variant.
78
+ * - The full middleware factory suite — re-exported from
79
+ * `@graphorin/server/middleware` so operators can compose a custom
80
+ * Hono app on top of the same primitives.
81
+ *
82
+ * @packageDocumentation
83
+ */
84
+ /** Canonical version constant. Mirrors the `package.json` version. */
85
+ declare const VERSION = "0.5.0";
86
+ //#endregion
87
+ export { AgentNotFoundError, type AgentRegistration, AgentRegistry, type AgentRoutesDeps, type AgentSummary, type AuditApi, type AuditErrorSink, type AuditMiddlewareOptions, type AuditRoutesDeps, type AuthMiddlewareOptions, type AuthRoutesDeps, type BareEventFrame, type BaseHealthCheck, type BeforeShutdownContext, type BeforeStartContext, ConfigInvalidError, type ConsolidatorCheck, type ConsolidatorDaemon, type ConsolidatorLike, type ConsolidatorStatusLike, type CreateConsolidatorDaemonOptions, type CreateServerOptions, type CreateTriggersDaemonOptions, DEFAULT_APPLY_TO_EVENTS, DEFAULT_DELIVERY_COMMENTARY_PATTERNS, type DeliveryCommentaryConfig, type DeliveryCommentaryDecision, type DeliveryCommentaryPattern, type DeliveryCommentaryPolicy, type DeliveryCommentaryPolicyConfig, type DeliveryCommentaryReason, type DeliveryCommentarySanitizer, type DeliveryCommentarySink, type DeliveryCommentaryTransport, type EmbedderCheck, type EncryptionCheck, type GraphorinServer, GraphorinServerError, GraphorinServerErrorCode, HTTP_REQUEST_AUDIT_ACTION, type HealthCheck, type HealthCheckOptions, type HealthChecks, type HealthRollup, type HealthRouteOptions, type HealthRoutesDeps, type HealthStatus, type HealthSummary, IdempotencyConflictError, IdempotencyKeyRequiredError, type IdempotencyMiddlewareOptions, type IdempotencyRequireKeyMode, type LabelSet, LifecycleDoubleStartError, type LifecycleHooks, LifecycleNotStartedError, type McpApi, type McpRoutesDeps, type MemoryApi, type MemoryRoutesDeps, type MetricKind, MetricRegistry, type MetricsRoutesOptions, MigrationFailedError, type OnErrorContext, type OnReadyContext, type ParsedSubject, type PreBindResult, PrebindEncryptionPeerMissingError, PrebindEncryptionRequiredError, PrebindPepperMissingError, PrebindSecretUnresolvableError, type ReplayApi, type ReplayBuffer, type ReplayBufferCheck, type ReplayBufferOptions, type ReplayBufferProbe, type ReplayBufferSlice, type ReplayMode, type ReplayResponse, type ReplayRoutesDeps, type RequestStateMiddlewareOptions, type RequestToken, RouteHandlerMissingError, type RunDescriptor, type RunHandle, type RunPreBindOptions, type RunStateSnapshot, RunStateTracker, type RunStatus, SERVER_METRIC_NAMES, type ScopeRequirement, type SecretRefString, type SecretsCheck, type SecretsSource, type ServerAgentLike, type ServerConfigInput, ServerConfigSchema, type ServerConfigSpec, type ServerRequestState, type ServerVariables, type ServerWorkflowLike, type SessionApi, type SessionRoutesDeps, ShutdownTimeoutError, type SkillsApi, type SkillsRoutesDeps, type SseRoutesDeps, type StorageCheck, type SubscribeResult, type TokensRoutesDeps, type TriggersCheck, type TriggersDaemon, type TriggersDaemonInput, type TriggersDaemonMetrics, type TriggersDaemonStatus, type TriggersRoutesDeps, VERSION, WorkflowNotFoundError, type WorkflowRegistration, WorkflowRegistry, type WorkflowRoutesDeps, type WorkflowSummary, type WsDispatcher, type WsDispatcherOptions, type WsDispatcherWarning, type WsSubscriberHandle, type WsSubscriptionSnapshot, type WsTicket, type WsTicketConsumeResult, type WsTicketStore, type WsTicketStoreOptions, type WsUpgradeOptions, collectHealth, createAgentRoutes, createAuditMiddleware, createAuditRoutes, createAuthMiddleware, createAuthRoutes, createConsolidatorDaemon, createCorsMiddleware, createCsrfMiddleware, createDeliveryCommentarySanitizer, createExtendedHealthRoutes, createHealthRoutes, createIdempotencyMiddleware, createMcpRoutes, createMemoryRoutes, createMetricsRoutes, createRateLimitMiddleware, createReplayBuffer, createReplayRoutes, createRequestStateMiddleware, createRunRoutes, createScopeMiddleware, createSecretsHealthRoutes, createServer, createServerMetricRegistry, createSessionRoutes, createSkillsRoutes, createSseRoutes, createTokensRoutes, createTriggersDaemon, createTriggersRoutes, createWorkflowRoutes, createWsDispatcher, createWsTicketStore, createWsUpgradeEvents, defaultCatchupPolicy, defineConfig, ensureStoreAuditBinding, parseServerConfig, requiredScopeFor, rollup, runPreBind, tryParseSubject };
88
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","names":[],"sources":["../src/index.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA8Ba,OAAA"}