@hotmeshio/long-tail 0.4.21 → 0.4.23

package/build/services/auth/bot-api-key.js

@@ -43,26 +43,8 @@ exports.listBotApiKeys = listBotApiKeys;
 const crypto = __importStar(require("crypto"));
 const bcryptjs_1 = __importDefault(require("bcryptjs"));
 const db_1 = require("../../lib/db");
+const sql_1 = require("./sql");
 const TOKEN_PREFIX = 'lt_bot_';
-const INSERT_KEY = `
-  INSERT INTO lt_bot_api_keys (name, user_id, key_hash, scopes, expires_at)
-  VALUES ($1, $2, $3, $4, $5) RETURNING id`;
-const GET_KEYS_BY_USER = `
-  SELECT id, name, user_id, key_hash, scopes
-  FROM lt_bot_api_keys
-  WHERE user_id = $1
-    AND (expires_at IS NULL OR expires_at > NOW())`;
-const GET_ALL_ACTIVE_KEYS = `
-  SELECT id, name, user_id, key_hash, scopes
-  FROM lt_bot_api_keys
-  WHERE (expires_at IS NULL OR expires_at > NOW())`;
-const UPDATE_LAST_USED = `
-  UPDATE lt_bot_api_keys SET last_used_at = NOW() WHERE id = $1`;
-const DELETE_KEY = `
-  DELETE FROM lt_bot_api_keys WHERE id = $1`;
-const LIST_BY_USER = `
-  SELECT id, name, user_id, scopes, expires_at, last_used_at, created_at, updated_at
-  FROM lt_bot_api_keys WHERE user_id = $1 ORDER BY created_at`;
 /**
  * Generate a new API key for a bot account.
  * Returns the raw key once — it is never stored in plaintext.
@@ -71,7 +53,7 @@ async function generateBotApiKey(name, userId, scopes = [], expiresAt) {
     const rawKey = `${TOKEN_PREFIX}${crypto.randomBytes(32).toString('hex')}`;
     const keyHash = await bcryptjs_1.default.hash(rawKey, 10);
     const pool = await (0, db_1.getPool)();
-    const { rows } = await pool.query(INSERT_KEY, [
+    const { rows } = await pool.query(sql_1.INSERT_BOT_KEY, [
         name, userId, keyHash, scopes, expiresAt || null,
     ]);
     return { id: rows[0].id, rawKey };
@@ -84,10 +66,10 @@ async function validateBotApiKey(rawKey) {
     if (!rawKey.startsWith(TOKEN_PREFIX))
         return null;
     const pool = await (0, db_1.getPool)();
-    const { rows } = await pool.query(GET_ALL_ACTIVE_KEYS);
+    const { rows } = await pool.query(sql_1.GET_ALL_ACTIVE_BOT_KEYS);
     for (const row of rows) {
         if (await bcryptjs_1.default.compare(rawKey, row.key_hash)) {
-            await pool.query(UPDATE_LAST_USED, [row.id]);
+            await pool.query(sql_1.UPDATE_BOT_KEY_LAST_USED, [row.id]);
             const { key_hash, ...record } = row;
             return record;
         }
@@ -99,7 +81,7 @@ async function validateBotApiKey(rawKey) {
  */
 async function revokeBotApiKey(id) {
     const pool = await (0, db_1.getPool)();
-    const result = await pool.query(DELETE_KEY, [id]);
+    const result = await pool.query(sql_1.DELETE_BOT_KEY, [id]);
     return (result.rowCount ?? 0) > 0;
 }
 /**
@@ -107,6 +89,6 @@ async function revokeBotApiKey(id) {
  */
 async function listBotApiKeys(userId) {
     const pool = await (0, db_1.getPool)();
-    const { rows } = await pool.query(LIST_BY_USER, [userId]);
+    const { rows } = await pool.query(sql_1.LIST_BOT_KEYS_BY_USER, [userId]);
     return rows;
 }

package/build/services/auth/service-token.js

@@ -43,20 +43,8 @@ exports.listServiceTokens = listServiceTokens;
 const crypto = __importStar(require("crypto"));
 const bcryptjs_1 = __importDefault(require("bcryptjs"));
 const db_1 = require("../../lib/db");
+const sql_1 = require("./sql");
 const TOKEN_PREFIX = 'lt_svc_';
-const INSERT_TOKEN = `
-  INSERT INTO lt_service_tokens (name, token_hash, server_id, scopes, expires_at)
-  VALUES ($1, $2, $3, $4, $5) RETURNING id`;
-const GET_ALL_TOKENS = `
-  SELECT id, name, token_hash FROM lt_service_tokens
-  WHERE (expires_at IS NULL OR expires_at > NOW())`;
-const UPDATE_LAST_USED = `
-  UPDATE lt_service_tokens SET last_used_at = NOW() WHERE id = $1`;
-const DELETE_TOKEN = `
-  DELETE FROM lt_service_tokens WHERE id = $1`;
-const LIST_BY_SERVER = `
-  SELECT id, name, server_id, scopes, expires_at, last_used_at, created_at, updated_at
-  FROM lt_service_tokens WHERE server_id = $1 ORDER BY created_at`;
 /**
  * Generate a new service token for an external MCP server.
  * Returns the raw token once — it is never stored in plaintext.
@@ -65,7 +53,7 @@ async function generateServiceToken(name, serverId, scopes, expiresAt) {
     const rawToken = `${TOKEN_PREFIX}${crypto.randomBytes(32).toString('hex')}`;
     const tokenHash = await bcryptjs_1.default.hash(rawToken, 10);
     const pool = await (0, db_1.getPool)();
-    const { rows } = await pool.query(INSERT_TOKEN, [
+    const { rows } = await pool.query(sql_1.INSERT_SERVICE_TOKEN, [
         name, tokenHash, serverId, scopes, expiresAt || null,
     ]);
     return { id: rows[0].id, rawToken };
@@ -77,10 +65,10 @@ async function validateServiceToken(rawToken) {
     if (!rawToken.startsWith(TOKEN_PREFIX))
         return null;
     const pool = await (0, db_1.getPool)();
-    const { rows } = await pool.query(GET_ALL_TOKENS);
+    const { rows } = await pool.query(sql_1.GET_ALL_ACTIVE_SERVICE_TOKENS);
     for (const row of rows) {
         if (await bcryptjs_1.default.compare(rawToken, row.token_hash)) {
-            await pool.query(UPDATE_LAST_USED, [row.id]);
+            await pool.query(sql_1.UPDATE_SERVICE_TOKEN_LAST_USED, [row.id]);
             const { token_hash, ...record } = row;
             return record;
         }
@@ -92,7 +80,7 @@ async function validateServiceToken(rawToken) {
  */
 async function revokeServiceToken(id) {
     const pool = await (0, db_1.getPool)();
-    const result = await pool.query(DELETE_TOKEN, [id]);
+    const result = await pool.query(sql_1.DELETE_SERVICE_TOKEN, [id]);
     return (result.rowCount ?? 0) > 0;
 }
 /**
@@ -100,6 +88,6 @@ async function revokeServiceToken(id) {
  */
 async function listServiceTokens(serverId) {
     const pool = await (0, db_1.getPool)();
-    const { rows } = await pool.query(LIST_BY_SERVER, [serverId]);
+    const { rows } = await pool.query(sql_1.LIST_SERVICE_TOKENS_BY_SERVER, [serverId]);
     return rows;
 }

package/build/services/auth/sql.d.ts

@@ -0,0 +1,11 @@
+export declare const INSERT_BOT_KEY = "\n  INSERT INTO lt_bot_api_keys (name, user_id, key_hash, scopes, expires_at)\n  VALUES ($1, $2, $3, $4, $5) RETURNING id";
+export declare const GET_BOT_KEYS_BY_USER = "\n  SELECT id, name, user_id, key_hash, scopes\n  FROM lt_bot_api_keys\n  WHERE user_id = $1\n    AND (expires_at IS NULL OR expires_at > NOW())";
+export declare const GET_ALL_ACTIVE_BOT_KEYS = "\n  SELECT id, name, user_id, key_hash, scopes\n  FROM lt_bot_api_keys\n  WHERE (expires_at IS NULL OR expires_at > NOW())";
+export declare const UPDATE_BOT_KEY_LAST_USED = "\n  UPDATE lt_bot_api_keys SET last_used_at = NOW() WHERE id = $1";
+export declare const DELETE_BOT_KEY = "\n  DELETE FROM lt_bot_api_keys WHERE id = $1";
+export declare const LIST_BOT_KEYS_BY_USER = "\n  SELECT id, name, user_id, scopes, expires_at, last_used_at, created_at, updated_at\n  FROM lt_bot_api_keys WHERE user_id = $1 ORDER BY created_at";
+export declare const INSERT_SERVICE_TOKEN = "\n  INSERT INTO lt_service_tokens (name, token_hash, server_id, scopes, expires_at)\n  VALUES ($1, $2, $3, $4, $5) RETURNING id";
+export declare const GET_ALL_ACTIVE_SERVICE_TOKENS = "\n  SELECT id, name, token_hash FROM lt_service_tokens\n  WHERE (expires_at IS NULL OR expires_at > NOW())";
+export declare const UPDATE_SERVICE_TOKEN_LAST_USED = "\n  UPDATE lt_service_tokens SET last_used_at = NOW() WHERE id = $1";
+export declare const DELETE_SERVICE_TOKEN = "\n  DELETE FROM lt_service_tokens WHERE id = $1";
+export declare const LIST_SERVICE_TOKENS_BY_SERVER = "\n  SELECT id, name, server_id, scopes, expires_at, last_used_at, created_at, updated_at\n  FROM lt_service_tokens WHERE server_id = $1 ORDER BY created_at";

package/build/services/auth/sql.js

@@ -0,0 +1,37 @@
+"use strict";
+// ── Bot API key queries ─────────────────────────────────────────────────────
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LIST_SERVICE_TOKENS_BY_SERVER = exports.DELETE_SERVICE_TOKEN = exports.UPDATE_SERVICE_TOKEN_LAST_USED = exports.GET_ALL_ACTIVE_SERVICE_TOKENS = exports.INSERT_SERVICE_TOKEN = exports.LIST_BOT_KEYS_BY_USER = exports.DELETE_BOT_KEY = exports.UPDATE_BOT_KEY_LAST_USED = exports.GET_ALL_ACTIVE_BOT_KEYS = exports.GET_BOT_KEYS_BY_USER = exports.INSERT_BOT_KEY = void 0;
+exports.INSERT_BOT_KEY = `
+  INSERT INTO lt_bot_api_keys (name, user_id, key_hash, scopes, expires_at)
+  VALUES ($1, $2, $3, $4, $5) RETURNING id`;
+exports.GET_BOT_KEYS_BY_USER = `
+  SELECT id, name, user_id, key_hash, scopes
+  FROM lt_bot_api_keys
+  WHERE user_id = $1
+    AND (expires_at IS NULL OR expires_at > NOW())`;
+exports.GET_ALL_ACTIVE_BOT_KEYS = `
+  SELECT id, name, user_id, key_hash, scopes
+  FROM lt_bot_api_keys
+  WHERE (expires_at IS NULL OR expires_at > NOW())`;
+exports.UPDATE_BOT_KEY_LAST_USED = `
+  UPDATE lt_bot_api_keys SET last_used_at = NOW() WHERE id = $1`;
+exports.DELETE_BOT_KEY = `
+  DELETE FROM lt_bot_api_keys WHERE id = $1`;
+exports.LIST_BOT_KEYS_BY_USER = `
+  SELECT id, name, user_id, scopes, expires_at, last_used_at, created_at, updated_at
+  FROM lt_bot_api_keys WHERE user_id = $1 ORDER BY created_at`;
+// ── Service token queries ───────────────────────────────────────────────────
+exports.INSERT_SERVICE_TOKEN = `
+  INSERT INTO lt_service_tokens (name, token_hash, server_id, scopes, expires_at)
+  VALUES ($1, $2, $3, $4, $5) RETURNING id`;
+exports.GET_ALL_ACTIVE_SERVICE_TOKENS = `
+  SELECT id, name, token_hash FROM lt_service_tokens
+  WHERE (expires_at IS NULL OR expires_at > NOW())`;
+exports.UPDATE_SERVICE_TOKEN_LAST_USED = `
+  UPDATE lt_service_tokens SET last_used_at = NOW() WHERE id = $1`;
+exports.DELETE_SERVICE_TOKEN = `
+  DELETE FROM lt_service_tokens WHERE id = $1`;
+exports.LIST_SERVICE_TOKENS_BY_SERVER = `
+  SELECT id, name, server_id, scopes, expires_at, last_used_at, created_at, updated_at
+  FROM lt_service_tokens WHERE server_id = $1 ORDER BY created_at`;

package/build/services/controlplane/index.js

@@ -91,10 +91,12 @@ async function getStreamStats(schema, duration = '1h', streamName) {
         throw new Error(`Invalid duration: ${duration}`);
     const pool = (0, db_1.getPool)();
     const stream = streamName || null;
+    // Graceful degradation: HotMesh schema may not exist if no engine has started.
+    const emptyCount = { rows: [{ count: 0 }] };
     const [pendingRes, processedRes, byStreamRes] = await Promise.all([
-        pool.query((0, sql_1.COUNT_PENDING)(schema), [stream]),
-        pool.query((0, sql_1.COUNT_PROCESSED_SINCE)(schema), [interval, stream]),
-        pool.query((0, sql_1.VOLUME_BY_STREAM)(schema), [interval, stream]),
+        pool.query((0, sql_1.COUNT_PENDING)(schema), [stream]).catch(() => emptyCount),
+        pool.query((0, sql_1.COUNT_PROCESSED_SINCE)(schema), [interval, stream]).catch(() => emptyCount),
+        pool.query((0, sql_1.VOLUME_BY_STREAM)(schema), [interval, stream]).catch(() => ({ rows: [] })),
     ]);
     return {
         pending: pendingRes.rows[0]?.count ?? 0,
@@ -131,8 +133,8 @@ async function getStreamMessages(schema, params) {
     const queryParams = [streamName, status, msgType, topic, workflowName, jid, aid, limit, offset];
     const countParams = [streamName, status, msgType, topic, workflowName, jid, aid];
     const [messagesRes, countRes] = await Promise.all([
-        pool.query((0, stream_messages_sql_1.LIST_STREAM_MESSAGES)(schema, sortColumn, sortOrder, source), queryParams),
-        pool.query((0, stream_messages_sql_1.COUNT_STREAM_MESSAGES)(schema, source), countParams),
+        pool.query((0, stream_messages_sql_1.LIST_STREAM_MESSAGES)(schema, sortColumn, sortOrder, source), queryParams).catch(() => ({ rows: [] })),
+        pool.query((0, stream_messages_sql_1.COUNT_STREAM_MESSAGES)(schema, source), countParams).catch(() => ({ rows: [{ count: 0 }] })),
     ]);
     return {
         messages: messagesRes.rows,

package/build/services/dba.d.ts

@@ -4,10 +4,11 @@ import type { PruneOptions, PruneResult } from '@hotmeshio/hotmesh/build/types/d
  * any schema migrations (e.g. adding the `pruned_at` column).
  * Idempotent — safe to call on every startup.
  */
-export declare function deploy(): Promise<void>;
+export declare function deploy(appId: string): Promise<void>;
 /**
  * Prune expired jobs, streams, and/or execution artifacts.
  *
+ * - `appId` — HotMesh application namespace (required)
  * - `jobs` — hard-delete expired job rows older than `expire`
  * - `streams` — hard-delete expired stream messages (engine + worker) older than `expire`
  * - `attributes` — strip execution artifacts from completed jobs
@@ -17,6 +18,7 @@ export declare function deploy(): Promise<void>;
  * - `keepHmark` — preserve hmark rows during stripping
  */
 export declare function prune(options: {
+    appId: string;
     expire?: string;
     jobs?: boolean;
     streams?: boolean;

package/build/services/dba.js

@@ -4,18 +4,18 @@ exports.deploy = deploy;
 exports.prune = prune;
 const hotmesh_1 = require("@hotmeshio/hotmesh");
 const db_1 = require("../lib/db");
-const APP_ID = 'durable';
 /**
  * Deploy the server-side prune() Postgres function and run
  * any schema migrations (e.g. adding the `pruned_at` column).
  * Idempotent — safe to call on every startup.
  */
-async function deploy() {
-    await hotmesh_1.DBA.deploy((0, db_1.getConnection)(), APP_ID);
+async function deploy(appId) {
+    await hotmesh_1.DBA.deploy((0, db_1.getConnection)(), appId);
 }
 /**
  * Prune expired jobs, streams, and/or execution artifacts.
  *
+ * - `appId` — HotMesh application namespace (required)
  * - `jobs` — hard-delete expired job rows older than `expire`
  * - `streams` — hard-delete expired stream messages (engine + worker) older than `expire`
  * - `attributes` — strip execution artifacts from completed jobs
@@ -25,5 +25,6 @@ async function deploy() {
  * - `keepHmark` — preserve hmark rows during stripping
  */
 async function prune(options) {
-    return hotmesh_1.DBA.prune({ appId: APP_ID, connection: (0, db_1.getConnection)(), ...options });
+    const { appId, ...rest } = options;
+    return hotmesh_1.DBA.prune({ appId, connection: (0, db_1.getConnection)(), ...rest });
 }

package/build/services/escalation/crud.d.ts

@@ -61,8 +61,24 @@ export declare function findByMetadata(key: string, value: string, status?: stri
 export declare function claimByMetadata(key: string, value: string, userId: string, durationMinutes?: number, metadata?: Record<string, any>, allowedRoles?: string[] | null): Promise<(ClaimResult & {
     candidatesExist: number;
 }) | null>;
+export interface ResolveByMetadataResult {
+    /** 'resolved' = done atomically. 'signal_required' = signal_id present, caller must signal. */
+    outcome: 'resolved' | 'signal_required' | 'not_found';
+    /** The resolved escalation (when outcome = 'resolved') */
+    escalation?: LTEscalationRecord;
+    /** Signal info (when outcome = 'signal_required') */
+    signalId?: string;
+    escalationId?: string;
+    workflowId?: string;
+    workflowType?: string;
+    taskQueue?: string;
+}
 /**
- * Atomic resolve by metadata: find + claim + resolve in one CTE.
- * RBAC is enforced in the SQL WHERE clause via allowedRoles.
+ * Atomic resolve by metadata with signal guard.
+ *
+ * Single query, two outcomes:
+ * 1. No signal_id → claim + resolve atomically. Returns { outcome: 'resolved', escalation }.
+ * 2. signal_id present → resolve skipped. Returns { outcome: 'signal_required', signalId, escalationId, ... }
+ *    so the caller can signal the workflow. conditionLT handles the rest.
  */
-export declare function resolveByMetadataAtomic(key: string, value: string, userId: string, resolverPayload: Record<string, any>, metadata?: Record<string, any>, allowedRoles?: string[] | null): Promise<LTEscalationRecord | null>;
+export declare function resolveByMetadataAtomic(key: string, value: string, userId: string, resolverPayload: Record<string, any>, metadata?: Record<string, any>, allowedRoles?: string[] | null): Promise<ResolveByMetadataResult>;

package/build/services/escalation/crud.js

@@ -249,8 +249,12 @@ async function claimByMetadata(key, value, userId, durationMinutes = 30, metadat
     };
 }
 /**
- * Atomic resolve by metadata: find + claim + resolve in one CTE.
- * RBAC is enforced in the SQL WHERE clause via allowedRoles.
+ * Atomic resolve by metadata with signal guard.
+ *
+ * Single query, two outcomes:
+ * 1. No signal_id → claim + resolve atomically. Returns { outcome: 'resolved', escalation }.
+ * 2. signal_id present → resolve skipped. Returns { outcome: 'signal_required', signalId, escalationId, ... }
+ *    so the caller can signal the workflow. conditionLT handles the rest.
  */
 async function resolveByMetadataAtomic(key, value, userId, resolverPayload, metadata, allowedRoles) {
     const pool = (0, db_1.getPool)();
@@ -260,17 +264,30 @@ async function resolveByMetadataAtomic(key, value, userId, resolverPayload, meta
     const roles = allowedRoles ?? null;
     const { rows } = await pool.query(sql_1.RESOLVE_BY_METADATA_ATOMIC, [filter, userId, payloadJson, metaPatch, roles]);
     if (rows.length === 0)
-        return null;
-    const escalation = rows[0];
-    (0, publish_1.publishEscalationEvent)({
-        type: 'escalation.resolved',
-        source: 'service',
-        workflowId: escalation.workflow_id || '',
-        workflowName: escalation.workflow_type || '',
-        taskQueue: escalation.task_queue || '',
-        escalationId: escalation.id,
-        status: 'resolved',
-        data: { resolved_by: userId },
-    });
-    return escalation;
+        return { outcome: 'not_found' };
+    const row = rows[0];
+    if (row.outcome === 'resolved') {
+        const { target_id, signal_id, target_workflow_id, target_workflow_type, target_task_queue, outcome, ...rest } = row;
+        const escalation = rest;
+        (0, publish_1.publishEscalationEvent)({
+            type: 'escalation.resolved',
+            source: 'service',
+            workflowId: escalation.workflow_id || '',
+            workflowName: escalation.workflow_type || '',
+            taskQueue: escalation.task_queue || '',
+            escalationId: escalation.id,
+            status: 'resolved',
+            data: { resolved_by: userId },
+        });
+        return { outcome: 'resolved', escalation };
+    }
+    // Signal-backed escalation — return the signal info for the caller
+    return {
+        outcome: 'signal_required',
+        signalId: row.signal_id,
+        escalationId: row.target_id,
+        workflowId: row.target_workflow_id,
+        workflowType: row.target_workflow_type,
+        taskQueue: row.target_task_queue,
+    };
 }

package/build/services/escalation/sql.d.ts

@@ -28,8 +28,15 @@ export declare const FIND_BY_METADATA = "SELECT *, COUNT(*) OVER() AS _total\nFR
  */
 export declare const CLAIM_BY_METADATA_GUARDED = "WITH target AS (\n  SELECT id, assigned_to\n  FROM lt_escalations\n  WHERE metadata @> $1::jsonb\n    AND status = 'pending'\n    AND (assigned_to IS NULL OR assigned_until <= NOW() OR assigned_to = $2)\n    AND ($5::text[] IS NULL OR role = ANY($5))\n  ORDER BY priority ASC, created_at ASC\n  LIMIT 1\n  FOR UPDATE SKIP LOCKED\n),\nupdated AS (\n  UPDATE lt_escalations e\n  SET assigned_to = $2,\n      claimed_at = NOW(),\n      assigned_until = NOW() + INTERVAL '1 minute' * $3,\n      metadata = CASE WHEN $4::jsonb IS NOT NULL\n        THEN COALESCE(e.metadata, '{}'::jsonb) || $4::jsonb\n        ELSE e.metadata END,\n      updated_at = NOW()\n  FROM target t\n  WHERE e.id = t.id\n  RETURNING e.*, t.assigned_to AS prev_assigned_to\n)\nSELECT *,\n  (SELECT COUNT(*) FROM lt_escalations WHERE metadata @> $1::jsonb AND status = 'pending') AS candidates_exist\nFROM updated";
 /**
- * Atomic resolve by metadata: find + claim + resolve in one CTE.
+ * Atomic resolve by metadata with signal guard.
+ *
+ * Single query, two outcomes:
+ * 1. No signal_id → claim + resolve atomically. `resolved` is populated.
+ * 2. signal_id present → resolve CTE skips (guard in WHERE). `resolved` is null,
+ *    but `target_id`, `signal_id`, `workflow_id`, `task_queue`, `workflow_type`
+ *    are returned so the caller can signal the workflow directly.
+ *
  * $1 = metadata filter (jsonb), $2 = userId, $3 = resolver_payload (jsonb),
  * $4 = metadata patch (jsonb, nullable), $5 = allowed roles (text[], null = no filter)
  */
-export declare const RESOLVE_BY_METADATA_ATOMIC = "WITH target AS (\n  SELECT id\n  FROM lt_escalations\n  WHERE metadata @> $1::jsonb\n    AND status = 'pending'\n    AND ($5::text[] IS NULL OR role = ANY($5))\n  ORDER BY priority ASC, created_at ASC\n  LIMIT 1\n  FOR UPDATE SKIP LOCKED\n),\nclaimed AS (\n  UPDATE lt_escalations e\n  SET assigned_to = $2,\n      claimed_at = NOW(),\n      assigned_until = NOW() + INTERVAL '5 minutes',\n      metadata = CASE WHEN $4::jsonb IS NOT NULL\n        THEN COALESCE(e.metadata, '{}'::jsonb) || $4::jsonb\n        ELSE e.metadata END\n  FROM target\n  WHERE e.id = target.id\n  RETURNING e.*\n)\nUPDATE lt_escalations e\nSET status = 'resolved',\n    resolved_at = NOW(),\n    resolver_payload = $3,\n    updated_at = NOW()\nFROM claimed\nWHERE e.id = claimed.id\nRETURNING e.*";
+export declare const RESOLVE_BY_METADATA_ATOMIC = "WITH target AS (\n  SELECT *\n  FROM lt_escalations\n  WHERE metadata @> $1::jsonb\n    AND status = 'pending'\n    AND ($5::text[] IS NULL OR role = ANY($5))\n  ORDER BY priority ASC, created_at ASC\n  LIMIT 1\n  FOR UPDATE\n),\nclaimed AS (\n  UPDATE lt_escalations e\n  SET assigned_to = COALESCE(e.assigned_to, $2),\n      claimed_at = COALESCE(e.claimed_at, NOW()),\n      assigned_until = CASE\n        WHEN e.assigned_to IS NOT NULL AND e.assigned_until > NOW() THEN e.assigned_until\n        ELSE NOW() + INTERVAL '5 minutes' END,\n      metadata = CASE WHEN $4::jsonb IS NOT NULL\n        THEN COALESCE(e.metadata, '{}'::jsonb) || $4::jsonb\n        ELSE e.metadata END\n  FROM target\n  WHERE e.id = target.id\n    AND (target.metadata->>'signal_id') IS NULL\n  RETURNING e.*\n),\nresolved AS (\n  UPDATE lt_escalations e\n  SET status = 'resolved',\n      resolved_at = NOW(),\n      resolver_payload = $3,\n      updated_at = NOW()\n  FROM claimed\n  WHERE e.id = claimed.id\n  RETURNING e.*\n)\nSELECT\n  resolved.*,\n  target.id AS target_id,\n  target.metadata->>'signal_id' AS signal_id,\n  target.workflow_id AS target_workflow_id,\n  target.workflow_type AS target_workflow_type,\n  target.task_queue AS target_task_queue,\n  CASE WHEN resolved.id IS NOT NULL THEN 'resolved' ELSE 'signal_required' END AS outcome\nFROM target\nLEFT JOIN resolved ON resolved.id = target.id";

package/build/services/escalation/sql.js

@@ -176,38 +176,60 @@ SELECT *,
   (SELECT COUNT(*) FROM lt_escalations WHERE metadata @> $1::jsonb AND status = 'pending') AS candidates_exist
 FROM updated`;
 /**
- * Atomic resolve by metadata: find + claim + resolve in one CTE.
+ * Atomic resolve by metadata with signal guard.
+ *
+ * Single query, two outcomes:
+ * 1. No signal_id → claim + resolve atomically. `resolved` is populated.
+ * 2. signal_id present → resolve CTE skips (guard in WHERE). `resolved` is null,
+ *    but `target_id`, `signal_id`, `workflow_id`, `task_queue`, `workflow_type`
+ *    are returned so the caller can signal the workflow directly.
+ *
  * $1 = metadata filter (jsonb), $2 = userId, $3 = resolver_payload (jsonb),
  * $4 = metadata patch (jsonb, nullable), $5 = allowed roles (text[], null = no filter)
  */
 exports.RESOLVE_BY_METADATA_ATOMIC = `\
 WITH target AS (
-  SELECT id
+  SELECT *
   FROM lt_escalations
   WHERE metadata @> $1::jsonb
     AND status = 'pending'
     AND ($5::text[] IS NULL OR role = ANY($5))
   ORDER BY priority ASC, created_at ASC
   LIMIT 1
-  FOR UPDATE SKIP LOCKED
+  FOR UPDATE
 ),
 claimed AS (
   UPDATE lt_escalations e
-  SET assigned_to = $2,
-      claimed_at = NOW(),
-      assigned_until = NOW() + INTERVAL '5 minutes',
+  SET assigned_to = COALESCE(e.assigned_to, $2),
+      claimed_at = COALESCE(e.claimed_at, NOW()),
+      assigned_until = CASE
+        WHEN e.assigned_to IS NOT NULL AND e.assigned_until > NOW() THEN e.assigned_until
+        ELSE NOW() + INTERVAL '5 minutes' END,
       metadata = CASE WHEN $4::jsonb IS NOT NULL
         THEN COALESCE(e.metadata, '{}'::jsonb) || $4::jsonb
         ELSE e.metadata END
   FROM target
   WHERE e.id = target.id
+    AND (target.metadata->>'signal_id') IS NULL
+  RETURNING e.*
+),
+resolved AS (
+  UPDATE lt_escalations e
+  SET status = 'resolved',
+      resolved_at = NOW(),
+      resolver_payload = $3,
+      updated_at = NOW()
+  FROM claimed
+  WHERE e.id = claimed.id
   RETURNING e.*
 )
-UPDATE lt_escalations e
-SET status = 'resolved',
-    resolved_at = NOW(),
-    resolver_payload = $3,
-    updated_at = NOW()
-FROM claimed
-WHERE e.id = claimed.id
-RETURNING e.*`;
+SELECT
+  resolved.*,
+  target.id AS target_id,
+  target.metadata->>'signal_id' AS signal_id,
+  target.workflow_id AS target_workflow_id,
+  target.workflow_type AS target_workflow_type,
+  target.task_queue AS target_task_queue,
+  CASE WHEN resolved.id IS NOT NULL THEN 'resolved' ELSE 'signal_required' END AS outcome
+FROM target
+LEFT JOIN resolved ON resolved.id = target.id`;

package/build/services/export/index.d.ts

@@ -33,7 +33,7 @@ export declare function getWorkflowState(workflowId: string, taskQueue: string,
     state: Record<string, any>;
 }>;
 /**
- * List workflow jobs from durable.jobs where entity IS NOT NULL.
+ * List workflow jobs from {schema}.jobs where entity IS NOT NULL.
  * Returns paginated results sorted by active first, then created_at DESC.
  */
-export declare function listJobs(params: JobListParams): Promise<JobListResult>;
+export declare function listJobs(app_id: string, params: JobListParams): Promise<JobListResult>;

package/build/services/export/index.js

@@ -6,6 +6,7 @@ exports.exportWorkflowExecution = exportWorkflowExecution;
 exports.getWorkflowState = getWorkflowState;
 exports.listJobs = listJobs;
 const db_1 = require("../../lib/db");
+const hotmesh_utils_1 = require("../hotmesh-utils");
 const client_1 = require("./client");
 const post_process_1 = require("./post-process");
 /** Error thrown when a workflow job is not found (expired or never existed). */
@@ -131,10 +132,13 @@ function buildJobOrderBy(sortBy, order) {
     return `j.${sortBy} ${dir}`;
 }
 /**
- * List workflow jobs from durable.jobs where entity IS NOT NULL.
+ * List workflow jobs from {schema}.jobs where entity IS NOT NULL.
  * Returns paginated results sorted by active first, then created_at DESC.
  */
-async function listJobs(params) {
+async function listJobs(app_id, params) {
+    const appId = (0, hotmesh_utils_1.sanitizeAppId)(app_id);
+    const schema = (0, hotmesh_utils_1.quoteSchema)(appId);
+    const keyPrefix = `hmsh:${appId}:j:`;
     const limit = Math.min(params.limit ?? 20, 100);
     const offset = params.offset ?? 0;
     const pool = (0, db_1.getPool)();
@@ -172,11 +176,13 @@ async function listJobs(params) {
         conditions.push('j.status < 0');
     }
     const where = conditions.join(' AND ');
+    // Graceful degradation: schema may not exist if no engine has started.
+    const emptyCount = { rows: [{ count: '0' }] };
     const [countResult, dataResult] = await Promise.all([
-        pool.query(`SELECT COUNT(*) FROM durable.jobs j WHERE ${where}`, values),
+        pool.query(`SELECT COUNT(*) FROM ${schema}.jobs j WHERE ${where}`, values).catch(() => emptyCount),
         pool.query(`WITH ju_symbols AS (
-         SELECT value FROM durable.symbols
-         WHERE key LIKE 'hmsh:durable:sym:keys:%' AND field = 'metadata/ju'
+         SELECT value FROM ${schema}.symbols
+         WHERE key LIKE 'hmsh:${appId}:sym:keys:%' AND field = 'metadata/ju'
        )
        SELECT j.key, j.entity, j.status, j.is_live, j.created_at,
          CASE WHEN j.updated_at != j.created_at THEN j.updated_at
@@ -184,20 +190,20 @@ async function listJobs(params) {
               ELSE j.updated_at
          END as updated_at,
          ws.id as set_id
-       FROM durable.jobs j
-       LEFT JOIN durable.jobs_attributes ju
+       FROM ${schema}.jobs j
+       LEFT JOIN ${schema}.jobs_attributes ju
          ON ju.job_id = j.id
          AND ju.symbol IN (SELECT value FROM ju_symbols)
          AND (ju.dimension IS NULL OR ju.dimension = '')
        LEFT JOIN lt_workflow_sets ws
-         ON ws.source_workflow_id = REPLACE(j.key, 'hmsh:durable:j:', '')
+         ON ws.source_workflow_id = REPLACE(j.key, '${keyPrefix}', '')
          AND j.entity = 'mcpWorkflowPlanner'
        WHERE ${where}
        ORDER BY ${buildJobOrderBy(params.sort_by, params.order)}
-       LIMIT $${idx++} OFFSET $${idx++}`, [...values, limit, offset]),
+       LIMIT $${idx++} OFFSET $${idx++}`, [...values, limit, offset]).catch(() => ({ rows: [] })),
     ]);
     const jobs = dataResult.rows.map((row) => ({
-        workflow_id: row.key.replace('hmsh:durable:j:', ''),
+        workflow_id: row.key.replace(keyPrefix, ''),
         entity: row.entity,
         status: (row.status > 0 ? 'running' : row.status === 0 ? 'completed' : 'failed'),
         is_live: row.is_live,

package/build/services/maintenance/index.js

@@ -43,11 +43,12 @@ const CRON_ID = 'lt-maintenance-nightly';
 /**
  * Translate a single maintenance rule into the appropriate dbaService.prune() call.
  */
-async function executeRule(rule) {
+async function executeRule(appId, rule) {
     switch (true) {
         // Delete stream messages
         case rule.target === 'streams' && rule.action === 'delete':
             await dbaService.prune({
+                appId,
                 expire: rule.olderThan,
                 streams: true,
                 jobs: false,
@@ -56,6 +57,7 @@ async function executeRule(rule) {
         // Delete transient jobs (entity IS NULL)
         case rule.target === 'jobs' && rule.action === 'delete' && rule.hasEntity === false:
             await dbaService.prune({
+                appId,
                 expire: rule.olderThan,
                 jobs: false,
                 streams: false,
@@ -65,6 +67,7 @@ async function executeRule(rule) {
         // Strip execution artifacts from entity jobs (keep jdata/udata/jmark/hmark)
         case rule.target === 'jobs' && rule.action === 'prune' && rule.hasEntity === true:
             await dbaService.prune({
+                appId,
                 expire: rule.olderThan,
                 jobs: false,
                 streams: false,
@@ -75,6 +78,7 @@ async function executeRule(rule) {
         // Hard-delete old pruned jobs
         case rule.target === 'jobs' && rule.action === 'delete' && rule.pruned === true:
             await dbaService.prune({
+                appId,
                 expire: rule.olderThan,
                 jobs: true,
                 streams: false,
@@ -112,8 +116,7 @@ class LTMaintenanceRegistry {
     async connect() {
         if (this.connected || !this._config)
             return;
-        const rules = this._config.rules;
-        const schedule = this._config.schedule;
+        const { appId, rules, schedule } = this._config;
         const connection = (0, db_1.getConnection)();
         await hotmesh_1.Virtual.cron({
             topic: CRON_TOPIC,
@@ -122,7 +125,7 @@ class LTMaintenanceRegistry {
                 logger_1.loggerRegistry.info('[lt-maintenance] starting maintenance cycle...');
                 for (const rule of rules) {
                     try {
-                        await executeRule(rule);
+                        await executeRule(appId, rule);
                     }
                     catch (err) {
                         logger_1.loggerRegistry.error(`[lt-maintenance] rule failed: ${JSON.stringify(rule)} ${err?.message}`);

package/build/services/pipelines/queries.js

@@ -65,9 +65,12 @@ async function listJobs(params) {
     const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
     const keyPrefix = `hmsh:${appId}:j:`;
     const orderBy = buildOrderBy(params.sort_by, params.order);
+    // Graceful degradation: HotMesh schema may not exist yet if no
+    // engine/worker has initialized. Return empty results, not 500.
+    const empty = { rows: [{ count: '0' }] };
     const [countResult, dataResult] = await Promise.all([
-        pool.query((0, sql_1.COUNT_JOBS)(schema, where), values),
-        pool.query((0, sql_1.LIST_JOBS)(schema, appId, where, idx++, idx++, orderBy), [...values, limit, offset]),
+        pool.query((0, sql_1.COUNT_JOBS)(schema, where), values).catch(() => empty),
+        pool.query((0, sql_1.LIST_JOBS)(schema, appId, where, idx++, idx++, orderBy), [...values, limit, offset]).catch(() => ({ rows: [] })),
     ]);
     const jobs = dataResult.rows.map((row) => ({
         workflow_id: row.key.startsWith(keyPrefix) ? row.key.slice(keyPrefix.length) : row.key,

package/build/services/pipelines/sql.d.ts

@@ -1,4 +1,3 @@
-export declare const DISTINCT_ENTITIES_DURABLE = "\n  SELECT DISTINCT entity FROM durable.jobs WHERE entity IS NOT NULL AND entity != '' ORDER BY entity";
 export declare const DISTINCT_ENTITIES: (schema: string) => string;
 export declare const ACTIVE_GRAPH_TOPICS = "SELECT DISTINCT graph_topic FROM lt_yaml_workflows WHERE app_id = $1 AND status IN ('active', 'deployed')";
 export declare const COUNT_JOBS: (schema: string, where: string) => string;

package/build/services/pipelines/sql.js

@@ -3,9 +3,7 @@
 // Schema placeholders (${schema}) are interpolated at call time
 // because Postgres does not support parameterized schema names.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.LIST_JOBS = exports.GET_JOB_ATTRIBUTES = exports.GET_JOB = exports.COUNT_JOBS = exports.ACTIVE_GRAPH_TOPICS = exports.DISTINCT_ENTITIES = exports.DISTINCT_ENTITIES_DURABLE = void 0;
-exports.DISTINCT_ENTITIES_DURABLE = `
-  SELECT DISTINCT entity FROM durable.jobs WHERE entity IS NOT NULL AND entity != '' ORDER BY entity`;
+exports.LIST_JOBS = exports.GET_JOB_ATTRIBUTES = exports.GET_JOB = exports.COUNT_JOBS = exports.ACTIVE_GRAPH_TOPICS = exports.DISTINCT_ENTITIES = void 0;
 const DISTINCT_ENTITIES = (schema) => `SELECT DISTINCT entity FROM ${schema}.jobs WHERE entity IS NOT NULL AND entity != '' ORDER BY entity`;
 exports.DISTINCT_ENTITIES = DISTINCT_ENTITIES;
 exports.ACTIVE_GRAPH_TOPICS = `SELECT DISTINCT graph_topic FROM lt_yaml_workflows WHERE app_id = $1 AND status IN ('active', 'deployed')`;

package/build/system/mcp-servers/admin/controlplane.js

@@ -57,7 +57,7 @@ function registerControlPlaneTools(server) {
         inputSchema: schemas_1.rollCallSchema,
     }, async (args) => {
         const result = await api.rollCall({
-            appId: args.app_id || 'durable',
+            appId: args.app_id,
             delay: args.delay,
         });
         if (result.error) {

package/build/system/mcp-servers/admin/maintenance.js

@@ -45,6 +45,7 @@ function registerMaintenanceTools(server) {
         inputSchema: schemas_1.pruneSchema,
     }, async (args) => {
         const result = await dbaService.prune({
+            appId: args.app_id,
             expire: args.expire,
             jobs: args.jobs,
             streams: args.streams,