@haaaiawd/second-nature 0.1.26 → 0.1.29

package/runtime/connectors/base/manifest.js

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { CAPABILITY_INTENTS, CHANNEL_TYPES } from "./contract.js";
+import { CHANNEL_TYPES } from "./contract.js";
 const sourceRefPolicySchema = z
     .object({
     minSourceRefs: z.number().int().min(0).default(1),
@@ -8,9 +8,9 @@ const sourceRefPolicySchema = z
     .optional();
 const connectorManifestSchema = z.object({
     platformId: z.string().min(1),
-    supportedCapabilities: z.array(z.enum(CAPABILITY_INTENTS)).min(1),
+    supportedCapabilities: z.array(z.string().min(1).regex(/^[a-zA-Z0-9_.:-]+$/)).min(1),
     channelPriority: z.array(z.enum(CHANNEL_TYPES)).min(1),
-    credentialTypes: z.array(z.string().min(1)).min(1),
+    credentialTypes: z.array(z.string().min(1)),
     degradedChannels: z.array(z.enum(CHANNEL_TYPES)).optional(),
     sourceRefPolicy: sourceRefPolicySchema,
 });
@@ -51,8 +51,8 @@ export class CapabilityContractRegistry {
         if (colonIndex >= 0) {
             const platformId = intentWithNamespace.slice(0, colonIndex);
             const intent = intentWithNamespace.slice(colonIndex + 1);
-            if (!CAPABILITY_INTENTS.includes(intent)) {
-                throw new Error(`capability_not_recognized:${intent}`);
+            if (!intent) {
+                throw new Error("capability_not_recognized:");
             }
             if (!this.byPlatform.has(platformId)) {
                 throw new Error(`platform_not_found:${platformId}`);
@@ -60,8 +60,8 @@ export class CapabilityContractRegistry {
             return { platformId, intent, source: "namespace" };
         }
         const intent = intentWithNamespace;
-        if (!CAPABILITY_INTENTS.includes(intent)) {
-            throw new Error(`capability_not_recognized:${intent}`);
+        if (!intent) {
+            throw new Error("capability_not_recognized:");
         }
         if (explicitPlatformId) {
             if (!this.byPlatform.has(explicitPlatformId)) {

package/runtime/connectors/base/route-planner.js

@@ -72,15 +72,18 @@ export class ConnectorRoutePlanner {
         if (cooldown.blocked) {
             throw new ConnectorPolicyError("cooldown_blocked", "platform_or_intent_cooldown_blocked", cooldown.retryAfterMs);
         }
-        const credential = await this.statePort.loadCredentialState(request.platformId);
-        if (credential.status === "missing" || credential.status === "revoked" || credential.status === "failed") {
-            throw new ConnectorPolicyError("auth_failure", "credential_unavailable_for_route");
-        }
-        if (credential.status === "expired") {
-            throw new ConnectorPolicyError("credential_expired", "credential_expired_for_route");
-        }
         const channels = [...manifest.channelPriority];
-        const byCredential = chooseByCredentialState(channels, credential);
+        let byCredential;
+        if (manifest.credentialTypes.length > 0) {
+            const credential = await this.statePort.loadCredentialState(request.platformId);
+            if (credential.status === "missing" || credential.status === "revoked" || credential.status === "failed") {
+                throw new ConnectorPolicyError("auth_failure", "credential_unavailable_for_route");
+            }
+            if (credential.status === "expired") {
+                throw new ConnectorPolicyError("credential_expired", "credential_expired_for_route");
+            }
+            byCredential = chooseByCredentialState(channels, credential);
+        }
         const preferred = choosePreferred(channels, request.preferredChannel);
         const selected = byCredential ?? preferred ?? chooseHealthy(channels, request.platformId, this.channelHealth);
         if (!selected) {

package/runtime/connectors/base/structured-unavailable-reason.d.ts

@@ -0,0 +1,59 @@
+/**
+ * StructuredUnavailableReason Builder — T-CS.C.3
+ *
+ * Core logic: Every unavailable-connector scenario MUST return a machine-
+ * readable reason code. No silent failures allowed.
+ *
+ * Reason codes:
+ * - credentials_missing   → credential not found for platform
+ * - not_registered        → connector manifest not in registry
+ * - trust_denied          → credential verification failed
+ * - circuit_open          → circuit breaker is open (cooldown blocked)
+ * - platform_error        → platform returned 5xx / transport failure
+ * - probe_failed          → wet probe returned non-2xx
+ * - probe_policy_denied   → strict idempotencyClass blocked probe (DR-006)
+ *
+ * Dependencies:
+ * - `FailureClass` from `./failure-taxonomy.js`
+ *
+ * Boundary:
+ * - All builder methods are pure; no side effects.
+ * - `build()` validates that code and message are present.
+ *
+ * Test coverage: tests/unit/connectors/structured-unavailable-reason.test.ts
+ */
+import type { FailureClass } from "./failure-taxonomy.js";
+export type UnavailableReasonCode = "credentials_missing" | "not_registered" | "trust_denied" | "circuit_open" | "platform_error" | "probe_failed" | "probe_policy_denied";
+export interface StructuredUnavailableReason {
+    code: UnavailableReasonCode;
+    message: string;
+    platformId?: string;
+    capabilityId?: string;
+    failureClass?: FailureClass;
+    retryAfterMs?: number;
+    timestamp: string;
+}
+export declare class UnavailableReasonBuilder {
+    private code?;
+    private message?;
+    private platformId?;
+    private capabilityId?;
+    private failureClass?;
+    private retryAfterMs?;
+    static for(code: UnavailableReasonCode, message: string): UnavailableReasonBuilder;
+    withPlatformId(platformId: string): this;
+    withCapabilityId(capabilityId: string): this;
+    withFailureClass(failureClass: FailureClass): this;
+    withRetryAfterMs(ms: number): this;
+    build(): StructuredUnavailableReason;
+}
+/**
+ * Convenience factory for common unavailable scenarios.
+ */
+export declare function unavailableCredentialsMissing(platformId: string): StructuredUnavailableReason;
+export declare function unavailableNotRegistered(platformId: string): StructuredUnavailableReason;
+export declare function unavailableTrustDenied(platformId: string): StructuredUnavailableReason;
+export declare function unavailableCircuitOpen(platformId: string, retryAfterMs?: number): StructuredUnavailableReason;
+export declare function unavailablePlatformError(platformId: string, failureClass?: FailureClass): StructuredUnavailableReason;
+export declare function unavailableProbeFailed(platformId: string, capabilityId: string): StructuredUnavailableReason;
+export declare function unavailableProbePolicyDenied(platformId: string, capabilityId: string): StructuredUnavailableReason;

package/runtime/connectors/base/structured-unavailable-reason.js

@@ -0,0 +1,113 @@
+/**
+ * StructuredUnavailableReason Builder — T-CS.C.3
+ *
+ * Core logic: Every unavailable-connector scenario MUST return a machine-
+ * readable reason code. No silent failures allowed.
+ *
+ * Reason codes:
+ * - credentials_missing   → credential not found for platform
+ * - not_registered        → connector manifest not in registry
+ * - trust_denied          → credential verification failed
+ * - circuit_open          → circuit breaker is open (cooldown blocked)
+ * - platform_error        → platform returned 5xx / transport failure
+ * - probe_failed          → wet probe returned non-2xx
+ * - probe_policy_denied   → strict idempotencyClass blocked probe (DR-006)
+ *
+ * Dependencies:
+ * - `FailureClass` from `./failure-taxonomy.js`
+ *
+ * Boundary:
+ * - All builder methods are pure; no side effects.
+ * - `build()` validates that code and message are present.
+ *
+ * Test coverage: tests/unit/connectors/structured-unavailable-reason.test.ts
+ */
+export class UnavailableReasonBuilder {
+    code;
+    message;
+    platformId;
+    capabilityId;
+    failureClass;
+    retryAfterMs;
+    static for(code, message) {
+        const b = new UnavailableReasonBuilder();
+        b.code = code;
+        b.message = message;
+        return b;
+    }
+    withPlatformId(platformId) {
+        this.platformId = platformId;
+        return this;
+    }
+    withCapabilityId(capabilityId) {
+        this.capabilityId = capabilityId;
+        return this;
+    }
+    withFailureClass(failureClass) {
+        this.failureClass = failureClass;
+        return this;
+    }
+    withRetryAfterMs(ms) {
+        this.retryAfterMs = ms;
+        return this;
+    }
+    build() {
+        if (!this.code) {
+            throw new Error("UnavailableReasonBuilder: code is required");
+        }
+        if (!this.message) {
+            throw new Error("UnavailableReasonBuilder: message is required");
+        }
+        return {
+            code: this.code,
+            message: this.message,
+            platformId: this.platformId,
+            capabilityId: this.capabilityId,
+            failureClass: this.failureClass,
+            retryAfterMs: this.retryAfterMs,
+            timestamp: new Date().toISOString(),
+        };
+    }
+}
+/**
+ * Convenience factory for common unavailable scenarios.
+ */
+export function unavailableCredentialsMissing(platformId) {
+    return UnavailableReasonBuilder.for("credentials_missing", `No active credential found for platform ${platformId}`)
+        .withPlatformId(platformId)
+        .build();
+}
+export function unavailableNotRegistered(platformId) {
+    return UnavailableReasonBuilder.for("not_registered", `Connector manifest not registered for platform ${platformId}`)
+        .withPlatformId(platformId)
+        .build();
+}
+export function unavailableTrustDenied(platformId) {
+    return UnavailableReasonBuilder.for("trust_denied", `Credential verification failed for platform ${platformId}`)
+        .withPlatformId(platformId)
+        .build();
+}
+export function unavailableCircuitOpen(platformId, retryAfterMs) {
+    const b = UnavailableReasonBuilder.for("circuit_open", `Circuit breaker open for platform ${platformId}`).withPlatformId(platformId);
+    if (retryAfterMs !== undefined)
+        b.withRetryAfterMs(retryAfterMs);
+    return b.build();
+}
+export function unavailablePlatformError(platformId, failureClass) {
+    const b = UnavailableReasonBuilder.for("platform_error", `Platform error for ${platformId}`).withPlatformId(platformId);
+    if (failureClass)
+        b.withFailureClass(failureClass);
+    return b.build();
+}
+export function unavailableProbeFailed(platformId, capabilityId) {
+    return UnavailableReasonBuilder.for("probe_failed", `Wet probe failed for ${platformId}:${capabilityId}`)
+        .withPlatformId(platformId)
+        .withCapabilityId(capabilityId)
+        .build();
+}
+export function unavailableProbePolicyDenied(platformId, capabilityId) {
+    return UnavailableReasonBuilder.for("probe_policy_denied", `Probe blocked by policy (strict idempotencyClass) for ${platformId}:${capabilityId}`)
+        .withPlatformId(platformId)
+        .withCapabilityId(capabilityId)
+        .build();
+}

package/runtime/connectors/base/wet-probe-runner.d.ts

@@ -0,0 +1,40 @@
+/**
+ * WetProbeRunner — T-CS.C.2
+ *
+ * Core logic: Performs real HTTP GET against a connector's safe probe endpoint.
+ * Double-verifies `safe_for_probe` before issuing the request:
+ *  1. IdempotencyClass check: `strict` side-effects are rejected with
+ *     `probe_policy_denied` (DR-006).
+ *  2. Endpoint validation: only `safeEndpoint` from probeConfig is allowed.
+ *
+ * Returns a CapabilityProbeResult containing capabilityId, actualStatus,
+ * httpStatus, and sampleResponseRef.
+ *
+ * Dependencies:
+ * - `CapabilityContractRegistryV7` from `./manifest-v7.js`
+ * - `CapabilityProbeResult` from `../../shared/types/v7-entities.js`
+ * - `ProbeActualStatus` from `../../shared/types/v7-entities.js`
+ *
+ * Boundary:
+ * - Never probes endpoints not explicitly marked safe.
+ * - Never probes capabilities with idempotencyClass = "strict".
+ * - HTTP layer is injectable (`httpGet`) for testability.
+ *
+ * Test coverage: tests/unit/connectors/wet-probe-runner.test.ts
+ */
+import type { CapabilityContractRegistryV7 } from "./manifest-v7.js";
+import type { CapabilityProbeResult } from "../../shared/types/v7-entities.js";
+export type HttpGetFn = (url: string) => Promise<{
+    status: number;
+    body?: string;
+}>;
+export interface WetProbeResult {
+    probeResult: CapabilityProbeResult;
+    httpStatus: number;
+}
+export interface WetProbeRunner {
+    runWetProbe(platformId: string, capabilityId: string, registry: CapabilityContractRegistryV7, options?: {
+        httpGet?: HttpGetFn;
+    }): Promise<WetProbeResult>;
+}
+export declare function createWetProbeRunner(): WetProbeRunner;

package/runtime/connectors/base/wet-probe-runner.js

@@ -0,0 +1,132 @@
+/**
+ * WetProbeRunner — T-CS.C.2
+ *
+ * Core logic: Performs real HTTP GET against a connector's safe probe endpoint.
+ * Double-verifies `safe_for_probe` before issuing the request:
+ *  1. IdempotencyClass check: `strict` side-effects are rejected with
+ *     `probe_policy_denied` (DR-006).
+ *  2. Endpoint validation: only `safeEndpoint` from probeConfig is allowed.
+ *
+ * Returns a CapabilityProbeResult containing capabilityId, actualStatus,
+ * httpStatus, and sampleResponseRef.
+ *
+ * Dependencies:
+ * - `CapabilityContractRegistryV7` from `./manifest-v7.js`
+ * - `CapabilityProbeResult` from `../../shared/types/v7-entities.js`
+ * - `ProbeActualStatus` from `../../shared/types/v7-entities.js`
+ *
+ * Boundary:
+ * - Never probes endpoints not explicitly marked safe.
+ * - Never probes capabilities with idempotencyClass = "strict".
+ * - HTTP layer is injectable (`httpGet`) for testability.
+ *
+ * Test coverage: tests/unit/connectors/wet-probe-runner.test.ts
+ */
+const PROBE_POLICY_DENIED = {
+    probeResult: {
+        probeResultId: "probe_policy_denied",
+        capabilityId: "",
+        connectorId: "",
+        actualStatus: "unavailable",
+        probeConfigRef: "policy:denied",
+        createdAt: new Date().toISOString(),
+    },
+    httpStatus: 0,
+};
+function resolveProbeConfig(registry, platformId, capabilityId) {
+    const resolved = registry.resolveCapability(`${platformId}:${capabilityId}`);
+    if (!resolved)
+        return undefined;
+    const probeConfig = resolved.probeConfig;
+    if (!probeConfig)
+        return undefined;
+    return {
+        safeEndpoint: probeConfig.safeEndpoint,
+        idempotencyClass: probeConfig.idempotencyClass,
+    };
+}
+function actualStatusFromHttpStatus(status) {
+    if (status >= 200 && status < 300)
+        return "available";
+    if (status === 429 || status === 503)
+        return "degraded";
+    return "unavailable";
+}
+export function createWetProbeRunner() {
+    const defaultHttpGet = async (url) => {
+        const response = await fetch(url, { method: "GET" });
+        const body = await response.text().catch(() => undefined);
+        return { status: response.status, body };
+    };
+    return {
+        async runWetProbe(platformId, capabilityId, registry, options = {}) {
+            const httpGet = options.httpGet ?? defaultHttpGet;
+            // 1. Resolve capability and probe config
+            const config = resolveProbeConfig(registry, platformId, capabilityId);
+            if (!config) {
+                return {
+                    ...PROBE_POLICY_DENIED,
+                    probeResult: {
+                        ...PROBE_POLICY_DENIED.probeResult,
+                        probeResultId: `probe_no_config:${capabilityId}`,
+                        capabilityId,
+                        connectorId: platformId,
+                        actualStatus: "unavailable",
+                        probeConfigRef: "registry:missing",
+                        createdAt: new Date().toISOString(),
+                    },
+                    httpStatus: 0,
+                };
+            }
+            // 2. DR-006: strict side-effect → probe_policy_denied
+            if (config.idempotencyClass === "strict") {
+                return {
+                    ...PROBE_POLICY_DENIED,
+                    probeResult: {
+                        ...PROBE_POLICY_DENIED.probeResult,
+                        probeResultId: `probe_policy_denied:${capabilityId}`,
+                        capabilityId,
+                        connectorId: platformId,
+                        actualStatus: "unavailable",
+                        probeConfigRef: config.safeEndpoint,
+                        createdAt: new Date().toISOString(),
+                    },
+                    httpStatus: 0,
+                };
+            }
+            // 3. Execute HTTP GET against safe endpoint
+            try {
+                const response = await httpGet(config.safeEndpoint);
+                const actualStatus = actualStatusFromHttpStatus(response.status);
+                return {
+                    probeResult: {
+                        probeResultId: `probe:${platformId}:${capabilityId}:${Date.now()}`,
+                        capabilityId,
+                        connectorId: platformId,
+                        actualStatus,
+                        httpStatus: response.status,
+                        sampleResponseRef: response.body
+                            ? `probe:body:${Buffer.from(response.body).toString("base64").slice(0, 64)}`
+                            : undefined,
+                        probeConfigRef: config.safeEndpoint,
+                        createdAt: new Date().toISOString(),
+                    },
+                    httpStatus: response.status,
+                };
+            }
+            catch {
+                return {
+                    probeResult: {
+                        probeResultId: `probe_error:${platformId}:${capabilityId}:${Date.now()}`,
+                        capabilityId,
+                        connectorId: platformId,
+                        actualStatus: "unavailable",
+                        probeConfigRef: config.safeEndpoint,
+                        createdAt: new Date().toISOString(),
+                    },
+                    httpStatus: 0,
+                };
+            }
+        },
+    };
+}

package/runtime/connectors/manifest/manifest-schema.d.ts

@@ -20,6 +20,8 @@ export declare const capabilityDeclarationSchema: z.ZodObject<{
     id: z.ZodString;
     channel: z.ZodOptional<z.ZodString>;
     description: z.ZodOptional<z.ZodString>;
+    sourceRefs: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    observedCount: z.ZodOptional<z.ZodNumber>;
 }, z.core.$strip>;
 export type ConnectorCapabilityDeclaration = z.infer<typeof capabilityDeclarationSchema>;
 export declare const runnerDeclarationSchema: z.ZodObject<{
@@ -72,6 +74,8 @@ export declare const connectorManifestV6Schema: z.ZodObject<{
         id: z.ZodString;
         channel: z.ZodOptional<z.ZodString>;
         description: z.ZodOptional<z.ZodString>;
+        sourceRefs: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        observedCount: z.ZodOptional<z.ZodNumber>;
     }, z.core.$strip>>;
     runner: z.ZodObject<{
         kind: z.ZodEnum<{

package/runtime/connectors/manifest/manifest-schema.js

@@ -18,6 +18,8 @@ export const capabilityDeclarationSchema = z.object({
     id: z.string().min(1),
     channel: z.string().optional(),
     description: z.string().optional(),
+    sourceRefs: z.array(z.string().min(1)).optional(),
+    observedCount: z.number().int().positive().optional(),
 });
 export const runnerDeclarationSchema = z.object({
     kind: connectorRunnerKindSchema,

package/runtime/connectors/services/connector-executor-adapter.d.ts

@@ -12,5 +12,6 @@ import type { StateDatabase } from "../../storage/db/index.js";
 export interface ConnectorExecutorAdapterOptions {
     stateDb: StateDatabase;
     observabilityDb: ObservabilityDatabase;
+    workspaceRoot?: string;
 }
 export declare function createConnectorExecutorAdapter(options: ConnectorExecutorAdapterOptions): ConnectorExecutor;

package/runtime/connectors/services/connector-executor-adapter.js

@@ -12,11 +12,114 @@ import { createAgentWorldRunner } from "../agent-network/agent-world/adapter.js"
 import { ExecutionTelemetry } from "../../observability/services/execution-telemetry.js";
 import { createCredentialVault } from "../../storage/services/credential-vault.js";
 import { createCredentialRouteContextPort } from "./credential-route-context.js";
+import { scanConnectorManifests } from "../registry/manifest-scanner.js";
+import { parseConnectorManifestV6 } from "../manifest/manifest-parser.js";
+const DEFAULT_AGENT_WORLD_USERNAME = "nyx_ha";
+const DEFAULT_AGENT_WORLD_PROFILE_PATH_TEMPLATE = "/api/agents/profile/{username}";
+function readString(value) {
+    return typeof value === "string" && value.trim().length > 0
+        ? value.trim()
+        : undefined;
+}
+function channelPriorityForRunner(manifest) {
+    const declared = manifest.capabilities
+        .map((capability) => capability.channel)
+        .filter((channel) => channel === "api_rest" ||
+        channel === "api_rpc" ||
+        channel === "a2a" ||
+        channel === "mcp" ||
+        channel === "cli" ||
+        channel === "skill" ||
+        channel === "browser");
+    if (declared.length > 0)
+        return [...new Set(declared)];
+    if (manifest.runner.kind === "declarative_a2a")
+        return ["a2a"];
+    if (manifest.runner.kind === "declarative_mcp")
+        return ["mcp"];
+    if (manifest.runner.kind === "cli_descriptor")
+        return ["cli"];
+    if (manifest.runner.kind === "skill")
+        return ["skill"];
+    if (manifest.runner.kind === "browser")
+        return ["browser"];
+    return ["api_rest"];
+}
+function registerWorkspaceManifests(registry, workspaceRoot) {
+    if (!workspaceRoot)
+        return;
+    for (const file of scanConnectorManifests(workspaceRoot)) {
+        const parsed = parseConnectorManifestV6(file.content, file.path);
+        if (!parsed.ok)
+            continue;
+        const manifest = parsed.manifest;
+        try {
+            registry.register({
+                platformId: manifest.platformId,
+                supportedCapabilities: manifest.capabilities.map((capability) => capability.id),
+                channelPriority: channelPriorityForRunner(manifest),
+                credentialTypes: manifest.credentials.map((credential) => credential.type),
+                sourceRefPolicy: manifest.sourceRefPolicy,
+            });
+        }
+        catch {
+            // Invalid workspace manifests remain visible through connector_status validation.
+            // Execution side keeps fail-closed behavior by not registering them here.
+        }
+    }
+}
+function resolveAgentWorldUsername(payload, purpose) {
+    const payloadUsername = (purpose === "discover" ? readString(payload.targetUsername) : undefined) ??
+        readString(payload.username) ??
+        readString(payload.agentUsername);
+    return (payloadUsername ??
+        readString(process.env.SECOND_NATURE_AGENT_WORLD_USERNAME) ??
+        DEFAULT_AGENT_WORLD_USERNAME);
+}
+function resolveAgentWorldProfilePath(payload, username) {
+    const template = readString(payload.profilePathTemplate) ??
+        readString(process.env.SECOND_NATURE_AGENT_WORLD_PROFILE_PATH_TEMPLATE) ??
+        DEFAULT_AGENT_WORLD_PROFILE_PATH_TEMPLATE;
+    return template.replaceAll("{username}", encodeURIComponent(username));
+}
+function joinAgentWorldUrl(baseUrl, path) {
+    if (/^https?:\/\//i.test(path))
+        return path;
+    return `${baseUrl.replace(/\/+$/, "")}/${path.replace(/^\/+/, "")}`;
+}
+async function fetchAgentWorldJson(input) {
+    const resp = await fetch(joinAgentWorldUrl(input.baseUrl, input.path), {
+        method: input.method ?? "GET",
+        headers: {
+            "Authorization": `Bearer ${input.apiKey}`,
+            "Content-Type": "application/json",
+        },
+        body: input.body === undefined ? undefined : JSON.stringify(input.body),
+    });
+    if (!resp.ok) {
+        throw { code: "api_error", detail: `agent-world ${input.label}: ${resp.status}` };
+    }
+    return resp.json();
+}
 function createAdaptiveExecutionRunner(vault) {
     return {
         async run(_plan, request) {
             const platformId = request.platformId;
             const started = Date.now();
+            if (platformId !== "moltbook" &&
+                platformId !== "evomap" &&
+                platformId !== "agent-world") {
+                return {
+                    platformId,
+                    channel: request.preferredChannel ?? "api_rest",
+                    latencyMs: Date.now() - started,
+                    success: false,
+                    error: {
+                        code: "unknown_platform",
+                        detail: `no execution runner for ${platformId}`,
+                    },
+                };
+            }
             const credential = await vault.loadCredentialContext(platformId);
             if (!credential ||
                 credential.status !== "active" ||
@@ -91,47 +194,48 @@ function createAdaptiveExecutionRunner(vault) {
                     };
                 }
                 const runner = createAgentWorldRunner({
+                    apiKey: credential.encryptedValue,
                     apiClient: {
                         async readFeed(payload, _apiKey) {
-                            const resp = await fetch(`${baseUrl}/api/v1/feed`, {
-                                headers: { "Authorization": `Bearer ${_apiKey}`, "Content-Type": "application/json" },
+                            const username = resolveAgentWorldUsername(payload, "feed");
+                            return fetchAgentWorldJson({
+                                baseUrl,
+                                path: resolveAgentWorldProfilePath(payload, username),
+                                apiKey: _apiKey,
+                                label: "profile feed",
                             });
-                            if (!resp.ok)
-                                throw { code: "api_error", detail: `agent-world feed: ${resp.status}` };
-                            return resp.json();
                         },
                         async discoverWork(payload, _apiKey) {
-                            const resp = await fetch(`${baseUrl}/api/v1/work`, {
-                                headers: { "Authorization": `Bearer ${_apiKey}`, "Content-Type": "application/json" },
+                            const username = resolveAgentWorldUsername(payload, "discover");
+                            return fetchAgentWorldJson({
+                                baseUrl,
+                                path: resolveAgentWorldProfilePath(payload, username),
+                                apiKey: _apiKey,
+                                label: "profile discover",
                             });
-                            if (!resp.ok)
-                                throw { code: "api_error", detail: `agent-world work: ${resp.status}` };
-                            return resp.json();
                         },
                         async claimTask(payload, _apiKey) {
-                            const resp = await fetch(`${baseUrl}/api/v1/tasks/${payload.taskId ?? "unknown"}/claim`, {
+                            const claimPath = readString(payload.claimEndpointPath);
+                            if (!claimPath) {
+                                throw {
+                                    code: "protocol_mismatch",
+                                    detail: "agent_world_task_claim_endpoint_not_configured",
+                                };
+                            }
+                            return fetchAgentWorldJson({
+                                baseUrl,
+                                path: claimPath,
+                                apiKey: _apiKey,
                                 method: "POST",
-                                headers: { "Authorization": `Bearer ${_apiKey}`, "Content-Type": "application/json" },
-                                body: JSON.stringify(payload),
+                                body: payload,
+                                label: "task claim",
                             });
-                            if (!resp.ok)
-                                throw { code: "api_error", detail: `agent-world claim: ${resp.status}` };
-                            return resp.json();
                         },
                     },
                 });
                 return runner.run(_plan, request);
             }
-            return {
-                platformId,
-                channel: request.preferredChannel ?? "api_rest",
-                latencyMs: Date.now() - started,
-                success: false,
-                error: {
-                    code: "unknown_platform",
-                    detail: `no execution runner for ${platformId}`,
-                },
-            };
+            throw new Error(`unreachable_connector_platform:${platformId}`);
         },
     };
 }
@@ -141,6 +245,7 @@ export function createConnectorExecutorAdapter(options) {
     registry.register({ ...moltbookManifest });
     registry.register({ ...evomapManifest });
     registry.register({ ...agentWorldManifest });
+    registerWorkspaceManifests(registry, options.workspaceRoot);
     const routeContextPort = createCredentialRouteContextPort(vault);
     const routePlanner = new ConnectorRoutePlanner(registry, routeContextPort, new ChannelHealthStore());
     const telemetry = new ExecutionTelemetry(options.observabilityDb);
@@ -154,6 +259,7 @@ export function createConnectorExecutorAdapter(options) {
     });
     return {
         async executeEffect(input) {
+            registerWorkspaceManifests(registry, options.workspaceRoot);
             return policy.executeWithPolicy(input.intent, {
                 platformId: input.platformId,
                 intent: input.intent,