@jterrats/open-orchestra 0.1.0

package/dist/workflow-services.js

@@ -0,0 +1,1240 @@
+import path from "node:path";
+import { readdir, readFile } from "node:fs/promises";
+import { FILES } from "./constants.js";
+import { exists, ensureDir, readJson, resolveWorkflowPath, writeJson, } from "./fs-utils.js";
+import { FakeModelProvider, InMemoryModelProviderRegistry, summarizeConfiguredProviders, } from "./model-providers.js";
+import { appendEvent, loadWorkspace, readEvents, writeArtifact, } from "./workspace.js";
+import { validateEvidenceInput, validateReadiness, validateReviewInput, } from "./validation.js";
+import { getWorkflowGate } from "./workflow-gates.js";
+export async function getWorkflowStatus(root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    const counts = Object.create(null);
+    const blocked = [];
+    for (const task of workspace.tasks) {
+        counts[task.status] = (counts[task.status] ?? 0) + 1;
+        if (task.status === "blocked") {
+            blocked.push({
+                id: task.id,
+                title: task.title,
+                reason: task.blockedReason ?? "not specified",
+            });
+        }
+    }
+    return {
+        tasks: {
+            total: workspace.tasks.length,
+            byStatus: counts,
+            blocked,
+        },
+        locks: {
+            total: workspace.locks.length,
+        },
+    };
+}
+export async function addTask(input, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    if (!workspace.roleIds.has(input.ownerRole)) {
+        throw new Error(`unknown owner role: ${input.ownerRole}`);
+    }
+    if (workspace.tasks.some((task) => task.id === input.id)) {
+        throw new Error(`task already exists: ${input.id}`);
+    }
+    const now = new Date().toISOString();
+    const task = removeUndefined({
+        ...input,
+        status: "pending",
+        createdAt: now,
+        updatedAt: now,
+    });
+    await writeTasks(workspace.base, [...workspace.tasks, task]);
+    await appendEvent(root, {
+        type: "TASK_ASSIGNED",
+        taskId: input.id,
+        actor: "parent",
+        summary: `Task assigned to ${input.ownerRole}`,
+        metadata: { title: input.title, ownerRole: input.ownerRole },
+    });
+    return task;
+}
+export async function listTasks(root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    return workspace.tasks;
+}
+export async function listRoles(root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    return workspace.roles;
+}
+export async function updateTask(input, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    const taskIndex = workspace.tasks.findIndex((task) => task.id === input.id);
+    if (taskIndex < 0) {
+        throw new Error(`unknown task: ${input.id}`);
+    }
+    const current = workspace.tasks[taskIndex];
+    if (!current) {
+        throw new Error(`unknown task: ${input.id}`);
+    }
+    const updated = removeUndefined({
+        ...current,
+        status: input.status,
+        blockedReason: input.blockedReason,
+        updatedAt: new Date().toISOString(),
+    });
+    const tasks = [...workspace.tasks];
+    tasks[taskIndex] = updated;
+    await writeTasks(workspace.base, tasks);
+    await appendEvent(root, {
+        type: "TASK_UPDATED",
+        taskId: input.id,
+        actor: "parent",
+        summary: `Task updated: ${input.id}`,
+        metadata: { status: updated.status },
+    });
+    return updated;
+}
+export async function checkTaskDependencies(taskId, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    const task = workspace.tasks.find((candidate) => candidate.id === taskId);
+    if (!task) {
+        throw new Error(`unknown task: ${taskId}`);
+    }
+    const dependencies = task.dependencies.map((dependencyId) => {
+        const dependency = workspace.tasks.find((candidate) => candidate.id === dependencyId);
+        if (!dependency) {
+            throw new Error(`task ${taskId} has unknown dependency: ${dependencyId}`);
+        }
+        return {
+            id: dependency.id,
+            status: dependency.status,
+            isComplete: ["approved", "done"].includes(dependency.status),
+        };
+    });
+    const incomplete = dependencies.filter((dependency) => !dependency.isComplete);
+    return {
+        taskId,
+        isSatisfied: incomplete.length === 0,
+        dependencies,
+        incomplete,
+    };
+}
+export async function generateTaskGraphPlan(root = process.cwd()) {
+    const tasks = await listTasks(root);
+    const locks = await listLocks(root);
+    const ready = [];
+    const blocked = [];
+    const locked = [];
+    const complete = [];
+    for (const task of tasks) {
+        const item = {
+            id: task.id,
+            title: task.title,
+            status: task.status,
+            ownerRole: task.ownerRole,
+        };
+        if (["approved", "done"].includes(task.status)) {
+            complete.push(item);
+            continue;
+        }
+        if (task.status === "canceled") {
+            continue;
+        }
+        const dependencies = await checkTaskDependencies(task.id, root);
+        if (dependencies.isSatisfied) {
+            const taskLocks = locksForTask(task, locks);
+            if (taskLocks.length > 0) {
+                locked.push({
+                    ...item,
+                    locks: taskLocks,
+                });
+            }
+            else {
+                ready.push(item);
+            }
+        }
+        else {
+            blocked.push({
+                ...item,
+                incomplete: dependencies.incomplete,
+            });
+        }
+    }
+    return { ready, blocked, locked, complete };
+}
+export async function executeNextReadyTask(root = process.cwd()) {
+    const plan = await generateTaskGraphPlan(root);
+    const next = plan.ready[0];
+    if (!next) {
+        throw new Error("no ready tasks to run");
+    }
+    return executePlanWithBudgetPreflight(next.id, root);
+}
+export async function executeReadyTaskBatch(root = process.cwd()) {
+    const plan = await generateTaskGraphPlan(root);
+    const selectedTaskIds = plan.ready.map((task) => task.id);
+    if (selectedTaskIds.length === 0) {
+        throw new Error("no ready tasks to run");
+    }
+    const runs = [];
+    for (const taskId of selectedTaskIds) {
+        try {
+            runs.push(await executePlanWithBudgetPreflight(taskId, root));
+        }
+        catch (error) {
+            const batch = {
+                selectedTaskIds,
+                runs,
+                locked: plan.locked,
+                failure: {
+                    taskId,
+                    error: error instanceof Error ? error.message : String(error),
+                },
+            };
+            return recordTaskGraphBatchRun(batch, root);
+        }
+    }
+    return recordTaskGraphBatchRun({ selectedTaskIds, runs, locked: plan.locked }, root);
+}
+export async function listLocks(root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    return workspace.locks;
+}
+export async function claimLock(input, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    if (!workspace.tasks.some((task) => task.id === input.taskId)) {
+        throw new Error(`unknown task: ${input.taskId}`);
+    }
+    if (!workspace.roleIds.has(input.ownerRole)) {
+        throw new Error(`unknown owner role: ${input.ownerRole}`);
+    }
+    const conflictingLock = workspace.locks.find((lock) => lock.path === input.path);
+    if (conflictingLock) {
+        throw new Error(`path already locked by ${conflictingLock.id}`);
+    }
+    const now = new Date().toISOString();
+    const lock = removeUndefined({
+        id: input.id ?? `lock-${Date.now()}`,
+        taskId: input.taskId,
+        ownerRole: input.ownerRole,
+        path: input.path,
+        reason: input.reason,
+        createdAt: now,
+        expiresAt: input.expiresAt,
+    });
+    await writeLocks(workspace.base, [...workspace.locks, lock]);
+    await appendEvent(root, {
+        type: "LOCK_CLAIMED",
+        taskId: input.taskId,
+        actor: input.ownerRole,
+        summary: `Lock claimed for ${input.path}`,
+        metadata: { lockId: lock.id, path: input.path },
+    });
+    return lock;
+}
+export async function releaseLock(id, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    const lock = workspace.locks.find((candidate) => candidate.id === id);
+    if (!lock) {
+        throw new Error(`unknown lock: ${id}`);
+    }
+    await writeLocks(workspace.base, workspace.locks.filter((candidate) => candidate.id !== id));
+    await appendEvent(root, {
+        type: "LOCK_RELEASED",
+        taskId: lock.taskId,
+        actor: lock.ownerRole,
+        summary: `Lock released for ${lock.path}`,
+        metadata: { lockId: lock.id, path: lock.path },
+    });
+    return lock;
+}
+export async function checkReadiness(taskId, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    const task = workspace.tasks.find((candidate) => candidate.id === taskId);
+    if (!task) {
+        throw new Error(`unknown task: ${taskId}`);
+    }
+    const report = validateReadiness(task);
+    await appendEvent(root, {
+        type: report.isReady ? "GATE_PASSED" : "GATE_BLOCKED",
+        taskId,
+        actor: "parent",
+        summary: report.isReady
+            ? "Definition of Ready passed"
+            : "Definition of Ready blocked",
+        metadata: { ...report },
+    });
+    return { task, report };
+}
+export async function evaluateWorkflowGate(gateId, taskId, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    const task = workspace.tasks.find((candidate) => candidate.id === taskId);
+    if (!task) {
+        throw new Error(`unknown task: ${taskId}`);
+    }
+    const gate = getWorkflowGate(gateId);
+    const result = gate.evaluate({
+        task,
+        events: await readEvents(root),
+        locks: workspace.locks,
+    });
+    await appendEvent(root, {
+        type: result.passed ? "GATE_PASSED" : "GATE_BLOCKED",
+        taskId,
+        actor: "parent",
+        summary: result.summary,
+        metadata: {
+            gateId: result.gateId,
+            blocking: result.blocking,
+            missing: result.missing,
+            ...result.metadata,
+        },
+    });
+    return result;
+}
+export async function createHandoff(input, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    if (!workspace.roleIds.has(input.from) || !workspace.roleIds.has(input.to)) {
+        throw new Error("handoff roles must exist in roles.json");
+    }
+    const fileName = `${input.task}-${input.from}-to-${input.to}.md`;
+    const content = [
+        `# Handoff ${input.task}: ${input.from} to ${input.to}`,
+        "",
+        `- Status: ${input.status ?? "ready_for_review"}`,
+        `- Changed components: ${input.changed}`,
+        `- Behavior changed: ${input.behavior}`,
+        `- Unit tests: ${input.tests}`,
+        `- Commands run: ${input.commands}`,
+        `- Known gaps: ${input.gaps ?? "none"}`,
+        `- Risks: ${input.risks ?? "none"}`,
+        `- Recommended Playwright coverage: ${input.playwright ?? "not applicable"}`,
+        "",
+    ].join("\n");
+    const artifact = await writeArtifact(root, "handoffs", fileName, content);
+    await appendEvent(root, {
+        type: "HANDOFF_READY",
+        taskId: input.task,
+        actor: input.from,
+        summary: `Handoff ready for ${input.to}`,
+        artifacts: [artifact],
+    });
+    return { artifact, content };
+}
+export async function recordDecision(input, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    if (!workspace.tasks.some((task) => task.id === input.task)) {
+        throw new Error(`unknown task: ${input.task}`);
+    }
+    if (!workspace.roleIds.has(input.owner)) {
+        throw new Error(`unknown owner role: ${input.owner}`);
+    }
+    const fileName = `${input.task}-${Date.now()}-decision.md`;
+    const content = [
+        `# Decision ${input.task}: ${input.title}`,
+        "",
+        `- Status: ${input.status}`,
+        `- Owner: ${input.owner}`,
+        "",
+        "## Context",
+        input.context,
+        "",
+        "## Decision",
+        input.decision,
+        "",
+        "## Consequences",
+        input.consequences,
+        "",
+    ].join("\n");
+    const artifact = await writeArtifact(root, "decisions", fileName, content);
+    await appendEvent(root, {
+        type: "DECISION_RECORDED",
+        taskId: input.task,
+        actor: input.owner,
+        summary: input.title,
+        artifacts: [artifact],
+        metadata: {
+            status: input.status,
+            title: input.title,
+        },
+    });
+    return { ...input, artifact };
+}
+export async function listDecisions(taskId, root = process.cwd()) {
+    return filterEvents("DECISION_RECORDED", taskId, root);
+}
+export async function getTaskContext(taskId, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    const task = workspace.tasks.find((candidate) => candidate.id === taskId);
+    if (!task) {
+        throw new Error(`unknown task: ${taskId}`);
+    }
+    const events = await readEvents(root);
+    const taskEvents = events.filter((event) => event.taskId === taskId);
+    return {
+        task,
+        dependencies: await checkTaskDependencies(taskId, root),
+        locks: workspace.locks.filter((lock) => lock.taskId === taskId),
+        decisions: taskEvents.filter((event) => event.type === "DECISION_RECORDED"),
+        handoffs: taskEvents.filter((event) => event.type === "HANDOFF_READY"),
+        reviews: taskEvents.filter((event) => event.type === "REVIEW_RECORDED"),
+        evidence: taskEvents.filter((event) => event.type === "EVIDENCE_ADDED"),
+        gates: taskEvents.filter((event) => event.type === "GATE_PASSED" || event.type === "GATE_BLOCKED"),
+        modelProvenance: await listModelProvenance(taskId, root),
+        risks: task.risks ?? [],
+    };
+}
+export async function generateExecutionPlan(taskId, root = process.cwd()) {
+    const context = await getTaskContext(taskId, root);
+    const steps = [
+        {
+            id: "context",
+            role: "parent",
+            action: "Review shared task context, dependencies, decisions, risks, and evidence.",
+            dependsOn: [],
+        },
+        {
+            id: "architecture",
+            role: "architect",
+            action: "Confirm proposed architecture and user approval for non-trivial work.",
+            dependsOn: ["context"],
+            gate: "architecture",
+        },
+        {
+            id: "development",
+            role: context.task.ownerRole,
+            action: "Implement domain/model changes, services/integrations, entry points, and unit tests.",
+            dependsOn: ["architecture"],
+        },
+        {
+            id: "qa",
+            role: "qa",
+            action: "Review developer handoff, execute QA plan, and attach evidence.",
+            dependsOn: ["development"],
+            gate: "qa-release",
+        },
+        ...riskReviewSteps(context.task.riskGate?.impactAreas ?? []),
+        {
+            id: "release-readiness",
+            role: "release_manager",
+            action: "Evaluate release readiness and unresolved blockers.",
+            dependsOn: [
+                "qa",
+                ...riskReviewSteps(context.task.riskGate?.impactAreas ?? []).map((step) => step.id),
+            ],
+            gate: "release-readiness",
+        },
+        {
+            id: "summary",
+            role: "parent",
+            action: "Generate PR summary with evidence, reviews, gates, rollout, and rollback.",
+            dependsOn: ["release-readiness"],
+        },
+    ];
+    return { taskId, steps };
+}
+export async function executePlanWithFakeProvider(taskId, root = process.cwd(), { providerId = "fake", model = "fake-model", budgetEscalation, } = {}) {
+    const plan = await generateExecutionPlan(taskId, root);
+    const provider = new FakeModelProvider({ id: providerId });
+    const steps = [];
+    for (const step of plan.steps) {
+        await appendEvent(root, {
+            type: "ORCH_STEP_STARTED",
+            taskId,
+            actor: step.role,
+            summary: `Started ${step.id}`,
+            metadata: { stepId: step.id },
+        });
+        try {
+            const response = await provider.complete({
+                model,
+                messages: [
+                    {
+                        role: "user",
+                        content: `${step.role}: ${step.action}`,
+                    },
+                ],
+            });
+            await recordModelProvenance({
+                task: taskId,
+                role: step.role,
+                provider: response.provider,
+                model: response.model,
+                promptId: `plan:${taskId}:${step.id}`,
+                responseId: response.id,
+                inputTokens: response.usage.inputTokens,
+                outputTokens: response.usage.outputTokens,
+                estimatedCostUsd: 0,
+                finishReason: response.finishReason,
+            }, root);
+            const artifact = await writeRunArtifact(root, taskId, step.id, [
+                `# Run ${taskId}: ${step.id}`,
+                "",
+                `- Role: ${step.role}`,
+                `- Provider: ${response.provider}`,
+                `- Model: ${response.model}`,
+                `- Response ID: ${response.id}`,
+                "",
+                "## Output",
+                response.content,
+                "",
+            ].join("\n"));
+            await appendEvent(root, {
+                type: "ORCH_STEP_COMPLETED",
+                taskId,
+                actor: step.role,
+                summary: `Completed ${step.id}`,
+                artifacts: [artifact],
+                metadata: { stepId: step.id, responseId: response.id },
+            });
+            steps.push({
+                id: step.id,
+                role: step.role,
+                status: "completed",
+                provider: response.provider,
+                model: response.model,
+                responseId: response.id,
+                artifact,
+            });
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            await appendEvent(root, {
+                type: "ORCH_STEP_FAILED",
+                taskId,
+                actor: step.role,
+                summary: `Failed ${step.id}`,
+                metadata: { stepId: step.id, error: message },
+            });
+            steps.push({
+                id: step.id,
+                role: step.role,
+                status: "failed",
+                provider: provider.id,
+                model,
+                error: message,
+            });
+            break;
+        }
+    }
+    return removeUndefined({
+        taskId,
+        provider: provider.id,
+        model,
+        steps,
+        budgetEscalation,
+    });
+}
+export async function executePlanWithBudgetPreflight(taskId, root = process.cwd(), decision) {
+    await enforceLockPreflight(taskId, root);
+    await enforceDependencyPreflight(taskId, root);
+    const budget = await checkUsageBudget(taskId, root);
+    if (budget.passed) {
+        return executePlanWithFakeProvider(taskId, root);
+    }
+    const proposal = await createBudgetFallbackProposal(taskId, budget, root);
+    const artifacts = proposal?.artifact ? [proposal.artifact] : undefined;
+    const storedApproval = proposal
+        ? await findStoredApprovalForProposal(proposal, root)
+        : undefined;
+    await appendEvent(root, removeUndefined({
+        type: "BUDGET_ESCALATION_REQUESTED",
+        taskId,
+        actor: "parent",
+        summary: "Budget fallback approval requested",
+        artifacts,
+        metadata: { proposal },
+    }));
+    if (!decision && proposal && storedApproval?.status === "approved") {
+        return executeApprovedBudgetFallback(taskId, root, proposal, removeUndefined({
+            approver: storedApproval.approver,
+            rationale: storedApproval.rationale,
+            approvalId: storedApproval.id,
+            approvalSource: "stored",
+        }));
+    }
+    if (!proposal || !decision?.approved) {
+        await appendEvent(root, removeUndefined({
+            type: "BUDGET_ESCALATION_REJECTED",
+            taskId,
+            actor: "parent",
+            summary: "Budget fallback approval rejected",
+            artifacts,
+            metadata: {
+                proposal,
+                approver: decision?.approver,
+                rationale: decision?.rationale ?? "approval not provided",
+            },
+        }));
+        throw new Error("budget fallback approval required");
+    }
+    await appendEvent(root, removeUndefined({
+        type: "BUDGET_ESCALATION_APPROVED",
+        taskId,
+        actor: "parent",
+        summary: `Budget fallback approved: ${proposal.toProvider}/${proposal.toModel}`,
+        artifacts,
+        metadata: {
+            proposal,
+            approver: decision.approver,
+            rationale: decision.rationale,
+        },
+    }));
+    return executeApprovedBudgetFallback(taskId, root, proposal, removeUndefined({
+        approver: decision.approver,
+        rationale: decision.rationale,
+        approvalSource: "explicit",
+    }));
+}
+async function executeApprovedBudgetFallback(taskId, root, proposal, approval) {
+    await appendEvent(root, removeUndefined({
+        type: "MODEL_FALLBACK_USED",
+        taskId,
+        actor: "parent",
+        summary: `Approved budget fallback used: ${proposal.toProvider}/${proposal.toModel}`,
+        artifacts: proposal.artifact ? [proposal.artifact] : undefined,
+        metadata: {
+            proposal,
+            approver: approval.approver,
+            rationale: approval.rationale,
+            approvalId: approval.approvalId,
+            approvalSource: approval.approvalSource,
+        },
+    }));
+    return executePlanWithFakeProvider(taskId, root, {
+        providerId: proposal.toProvider,
+        model: proposal.toModel,
+        budgetEscalation: removeUndefined({
+            status: "approved",
+            proposal,
+            approver: approval.approver,
+            rationale: approval.rationale,
+            approvalId: approval.approvalId,
+            approvalSource: approval.approvalSource,
+        }),
+    });
+}
+async function enforceLockPreflight(taskId, root) {
+    const workspace = await loadWorkspace(root);
+    const task = workspace.tasks.find((candidate) => candidate.id === taskId);
+    if (!task) {
+        throw new Error(`unknown task: ${taskId}`);
+    }
+    const locks = locksForTask(task, workspace.locks);
+    if (locks.length === 0) {
+        return;
+    }
+    throw new Error(`task locks active: ${locks.map((lock) => lock.id).join(", ")}`);
+}
+async function enforceDependencyPreflight(taskId, root) {
+    const report = await checkTaskDependencies(taskId, root);
+    if (report.isSatisfied) {
+        return;
+    }
+    await appendEvent(root, {
+        type: "TASK_DEPENDENCIES_BLOCKED",
+        taskId,
+        actor: "parent",
+        summary: `Task dependencies blocked: ${taskId}`,
+        metadata: { report },
+    });
+    throw new Error(`task dependencies blocked: ${report.incomplete
+        .map((dependency) => dependency.id)
+        .join(", ")}`);
+}
+function locksForTask(task, locks) {
+    return locks.flatMap((lock) => {
+        const conflictPath = pathConflict(task.paths ?? [], lock.path);
+        if (lock.taskId !== task.id && !conflictPath) {
+            return [];
+        }
+        return [
+            removeUndefined({
+                id: lock.id,
+                path: lock.path,
+                conflictPath,
+                ownerRole: lock.ownerRole,
+                reason: lock.reason,
+            }),
+        ];
+    });
+}
+function pathConflict(paths, lockPath) {
+    const normalizedLockPath = normalizePath(lockPath);
+    return paths.find((candidate) => pathsConflict(normalizePath(candidate), normalizedLockPath));
+}
+function pathsConflict(taskPath, lockPath) {
+    return (taskPath === lockPath ||
+        taskPath.startsWith(`${lockPath}/`) ||
+        lockPath.startsWith(`${taskPath}/`));
+}
+function normalizePath(value) {
+    return value.replaceAll("\\", "/").replace(/\/+$/, "");
+}
+export async function listApprovals(taskId, root = process.cwd()) {
+    const approvalDir = resolveWorkflowPath(root, "approvals");
+    const fileNames = (await exists(approvalDir))
+        ? (await readdir(approvalDir)).filter((fileName) => fileName.endsWith(".md"))
+        : [];
+    const events = await readEvents(root);
+    const records = fileNames.map((fileName) => approvalRecordForArtifact(path.join(".agent-workflow", "approvals", fileName), events));
+    const filtered = taskId
+        ? records.filter((record) => record.taskId === taskId)
+        : records;
+    return filtered.sort((left, right) => left.id.localeCompare(right.id));
+}
+export async function showApproval(id, root = process.cwd()) {
+    const record = await getApprovalRecord(id, root);
+    const content = await readFile(path.join(root, record.artifact), "utf8");
+    return { ...record, content };
+}
+export async function approveApproval(input, root = process.cwd()) {
+    return recordApprovalDecision(input, "approved", root);
+}
+export async function rejectApproval(input, root = process.cwd()) {
+    return recordApprovalDecision(input, "rejected", root);
+}
+export async function recordReview(input, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    validateReviewInput(input, workspace.roleIds);
+    const fileName = `${input.task}-${input.role}-review.md`;
+    const content = [
+        `# Review ${input.task}: ${input.role}`,
+        "",
+        `- Result: ${input.result}`,
+        `- Severity: ${input.severity}`,
+        `- Findings: ${input.findings}`,
+        `- Recommendation: ${input.recommendation}`,
+        "",
+    ].join("\n");
+    const artifact = await writeArtifact(root, "reviews", fileName, content);
+    await appendEvent(root, {
+        type: "REVIEW_RECORDED",
+        taskId: input.task,
+        actor: input.role,
+        summary: `Review recorded: ${input.result}`,
+        artifacts: [artifact],
+        metadata: { result: input.result, severity: input.severity },
+    });
+    return { artifact, content };
+}
+function riskReviewSteps(impactAreas) {
+    const roleByImpact = {
+        security: "security",
+        sre: "sre",
+        dba: "dba",
+        devops: "devops",
+        compliance: "compliance_privacy",
+        ux: "ux_ui_designer",
+    };
+    const roles = impactAreas
+        .map((area) => roleByImpact[area])
+        .filter((role) => Boolean(role));
+    return [...new Set(roles)].map((role) => ({
+        id: `risk-${role}`,
+        role,
+        action: "Review risk impact and approve, block, or record accepted risk.",
+        dependsOn: ["development"],
+        gate: "risk-review",
+    }));
+}
+async function writeRunArtifact(root, taskId, stepId, content) {
+    await ensureDir(resolveWorkflowPath(root, "runs", taskId));
+    return writeArtifact(root, path.join("runs", taskId), `${stepId}.md`, content);
+}
+async function recordTaskGraphBatchRun(batch, root) {
+    const artifact = await writeTaskGraphBatchArtifact(root, batch);
+    const result = removeUndefined({
+        ...batch,
+        artifact,
+    });
+    await appendEvent(root, {
+        type: batch.failure ? "ORCH_BATCH_FAILED" : "ORCH_BATCH_COMPLETED",
+        actor: "parent",
+        summary: batch.failure
+            ? `Task graph batch failed: ${batch.failure.taskId}`
+            : "Task graph batch completed",
+        artifacts: [artifact],
+        metadata: {
+            selectedTaskIds: batch.selectedTaskIds,
+            completedTaskIds: batch.runs.map((run) => run.taskId),
+            failure: batch.failure,
+        },
+    });
+    return result;
+}
+async function writeTaskGraphBatchArtifact(root, batch) {
+    const timestamp = new Date().toISOString();
+    await ensureDir(resolveWorkflowPath(root, "runs", "batches"));
+    return writeArtifact(root, path.join("runs", "batches"), `${timestamp.replace(/[:.]/g, "-")}-graph-batch.md`, [
+        "# Task Graph Batch Run",
+        "",
+        `- Timestamp: ${timestamp}`,
+        `- Selected tasks: ${batch.selectedTaskIds.join(", ")}`,
+        `- Completed runs: ${batch.runs.length}`,
+        `- Locked tasks: ${batch.locked.map((task) => task.id).join(", ") || "none"}`,
+        `- Failure: ${batch.failure
+            ? `${batch.failure.taskId}: ${batch.failure.error}`
+            : "none"}`,
+        "",
+        "## Runs",
+        ...(batch.runs.length === 0
+            ? ["- none"]
+            : batch.runs.map((run) => `- ${run.taskId}: ${run.steps.length} steps via ${run.provider}/${run.model}`)),
+        "",
+    ].join("\n"));
+}
+export async function listReviews(taskId, root = process.cwd()) {
+    return filterEvents("REVIEW_RECORDED", taskId, root);
+}
+export async function addEvidence(input, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    validateEvidenceInput(input, workspace.roleIds);
+    if (typeof input.path === "string" &&
+        !(await exists(path.resolve(root, input.path)))) {
+        throw new Error(`evidence path does not exist: ${input.path}`);
+    }
+    const fileName = `${input.task}-${Date.now()}-${input.type}.md`;
+    const content = [
+        `# Evidence ${input.task}: ${input.type}`,
+        "",
+        `- Role: ${input.role}`,
+        `- Summary: ${input.summary}`,
+        `- Path: ${input.path ?? "not applicable"}`,
+        `- Command: ${input.command ?? "not applicable"}`,
+        `- Exit code: ${input.exitCode ?? "not applicable"}`,
+        "",
+    ].join("\n");
+    const artifact = await writeArtifact(root, "evidence", fileName, content);
+    await appendEvent(root, {
+        type: "EVIDENCE_ADDED",
+        taskId: input.task,
+        actor: input.role,
+        summary: input.summary,
+        artifacts: [artifact],
+        metadata: { type: input.type },
+    });
+    return { artifact, content };
+}
+export async function listEvidence(taskId, root = process.cwd()) {
+    return filterEvents("EVIDENCE_ADDED", taskId, root);
+}
+export async function getWorkflowSummary(root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    const events = await readEvents(root);
+    return {
+        tasks: workspace.tasks,
+        locks: workspace.locks,
+        reviews: events.filter((event) => event.type === "REVIEW_RECORDED"),
+        evidence: events.filter((event) => event.type === "EVIDENCE_ADDED"),
+        blockers: workspace.tasks.filter((task) => task.status === "blocked"),
+        eventCount: events.length,
+    };
+}
+export async function generatePullRequestSummary(taskId, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    const task = workspace.tasks.find((candidate) => candidate.id === taskId);
+    if (!task) {
+        throw new Error(`unknown task: ${taskId}`);
+    }
+    const events = await readEvents(root);
+    const taskEvents = events.filter((event) => event.taskId === taskId);
+    return {
+        task,
+        handoffs: taskEvents.filter((event) => event.type === "HANDOFF_READY"),
+        reviews: taskEvents.filter((event) => event.type === "REVIEW_RECORDED"),
+        evidence: taskEvents.filter((event) => event.type === "EVIDENCE_ADDED"),
+        gates: taskEvents.filter((event) => event.type === "GATE_PASSED" || event.type === "GATE_BLOCKED"),
+        locks: workspace.locks.filter((lock) => lock.taskId === taskId),
+        risks: task.risks ?? [],
+        rollout: "Use the project release process after required gates pass.",
+        rollback: "Revert the related commit or disable the changed behavior.",
+    };
+}
+export async function generatePlaywrightTestPlan(taskId, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    const task = workspace.tasks.find((candidate) => candidate.id === taskId);
+    if (!task) {
+        throw new Error(`unknown task: ${taskId}`);
+    }
+    const criteria = task.acceptanceCriteria && task.acceptanceCriteria.length > 0
+        ? task.acceptanceCriteria
+        : [task.goal ?? task.title];
+    return {
+        taskId: task.id,
+        title: task.title,
+        targetUser: "end user",
+        scenarios: criteria.map((criterion, index) => ({
+            name: `Scenario ${index + 1}: ${criterion}`,
+            source: criterion,
+            pageObject: `${toPascalCase(task.id)}Page`,
+            selectors: [
+                "Use role, label, and test-id selectors before CSS selectors",
+                "Keep selectors in page object methods",
+            ],
+            assertions: [
+                `Verify user-visible outcome: ${criterion}`,
+                "Verify no blocking error state is shown",
+            ],
+            evidence: ["screenshot", "trace-on-failure"],
+        })),
+        fixtures: ["authenticated user when the flow requires identity"],
+        notes: [
+            "Prefer mobile-first viewport coverage before desktop expansion",
+            "Attach trace, screenshot, or video when failures occur",
+        ],
+    };
+}
+export async function getWorkflowConfig(root = process.cwd()) {
+    return readJson(resolveWorkflowPath(root, FILES.config), {});
+}
+export async function listConfiguredModelProviders(root = process.cwd()) {
+    return summarizeConfiguredProviders(await getWorkflowConfig(root));
+}
+export async function completeWithProviderFallback(routing, prompt, { failingProviders = [], root = process.cwd(), taskId, role = "parent", } = {}) {
+    const registry = new InMemoryModelProviderRegistry();
+    const providerIds = [routing.provider, ...routing.fallbacks];
+    for (const providerId of providerIds) {
+        registry.register(new FakeModelProvider({
+            id: providerId,
+            shouldFail: failingProviders.includes(providerId),
+        }));
+    }
+    const failedProviders = [];
+    for (const [index, providerId] of providerIds.entries()) {
+        try {
+            const provider = registry.get(providerId);
+            const response = await provider.complete({
+                model: routing.model,
+                messages: [{ role: "user", content: prompt }],
+            });
+            if (index > 0) {
+                await appendEvent(root, removeUndefined({
+                    type: "MODEL_FALLBACK_USED",
+                    actor: role,
+                    taskId,
+                    summary: `Fallback provider used: ${providerId}`,
+                    metadata: { provider: providerId, failedProviders },
+                }));
+            }
+            return {
+                provider: providerId,
+                model: routing.model,
+                response,
+                fallbackUsed: index > 0,
+                failedProviders,
+            };
+        }
+        catch (error) {
+            failedProviders.push({
+                provider: providerId,
+                reason: error instanceof Error ? error.message : String(error),
+            });
+        }
+    }
+    throw new Error(`all providers failed: ${failedProviders
+        .map((failure) => failure.provider)
+        .join(", ")}`);
+}
+export async function setRoleModelProvider(role, routing, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    if (!workspace.roleIds.has(role)) {
+        throw new Error(`unknown role: ${role}`);
+    }
+    const configPath = resolveWorkflowPath(root, FILES.config);
+    const config = await readJson(configPath, {});
+    config.providers = {
+        defaults: config.providers.defaults,
+        byRole: {
+            ...(config.providers.byRole ?? {}),
+            [role]: routing,
+        },
+    };
+    await writeJson(configPath, config);
+    await appendEvent(root, {
+        type: "MODEL_ROUTING_CONFIGURED",
+        actor: "parent",
+        summary: `Model routing configured for ${role}`,
+        metadata: { role, provider: routing.provider, model: routing.model },
+    });
+    return routing;
+}
+export async function recordModelProvenance(input, root = process.cwd()) {
+    const workspace = await loadWorkspace(root);
+    if (!workspace.tasks.some((task) => task.id === input.task)) {
+        throw new Error(`unknown task: ${input.task}`);
+    }
+    if (!workspace.roleIds.has(input.role)) {
+        throw new Error(`unknown role: ${input.role}`);
+    }
+    const timestamp = new Date().toISOString();
+    const record = { ...input, timestamp };
+    await appendEvent(root, {
+        type: "MODEL_PROVENANCE_RECORDED",
+        taskId: input.task,
+        actor: input.role,
+        summary: `Model provenance recorded for ${input.provider}/${input.model}`,
+        metadata: { ...record },
+    });
+    return record;
+}
+export async function listModelProvenance(taskId, root = process.cwd()) {
+    const events = await filterEvents("MODEL_PROVENANCE_RECORDED", taskId, root);
+    return events.map((event) => event.metadata);
+}
+export async function getUsageReport(taskId, root = process.cwd()) {
+    const records = await listModelProvenance(taskId, root);
+    return {
+        ...(taskId ? { taskId } : {}),
+        totals: aggregateUsage("total", records),
+        byRole: aggregateUsageBy(records, (record) => record.role),
+        byProvider: aggregateUsageBy(records, (record) => record.provider),
+    };
+}
+export async function checkUsageBudget(taskId, root = process.cwd()) {
+    const config = await readJson(resolveWorkflowPath(root, FILES.config), {});
+    if (taskId) {
+        const workspace = await loadWorkspace(root);
+        if (!workspace.tasks.some((task) => task.id === taskId)) {
+            throw new Error(`unknown task: ${taskId}`);
+        }
+    }
+    const usage = await getUsageReport(taskId, root);
+    const budgets = config.budgets;
+    const appliedBudgets = [];
+    const violations = [];
+    if (budgets?.defaults) {
+        appliedBudgets.push("defaults");
+        violations.push(...budgetViolations("defaults", usage.totals, budgets.defaults));
+    }
+    if (taskId && budgets?.byTask?.[taskId]) {
+        appliedBudgets.push(`task:${taskId}`);
+        violations.push(...budgetViolations(`task:${taskId}`, usage.totals, budgets.byTask[taskId]));
+    }
+    for (const roleUsage of usage.byRole) {
+        const roleBudget = budgets?.byRole?.[roleUsage.key];
+        if (roleBudget) {
+            appliedBudgets.push(`role:${roleUsage.key}`);
+            violations.push(...budgetViolations(`role:${roleUsage.key}`, roleUsage, roleBudget));
+        }
+    }
+    return {
+        ...(taskId ? { taskId } : {}),
+        passed: violations.length === 0,
+        usage,
+        appliedBudgets,
+        violations,
+    };
+}
+async function createBudgetFallbackProposal(taskId, budget, root) {
+    const workspace = await loadWorkspace(root);
+    const task = workspace.tasks.find((candidate) => candidate.id === taskId);
+    if (!task) {
+        throw new Error(`unknown task: ${taskId}`);
+    }
+    const config = await readJson(resolveWorkflowPath(root, FILES.config), {});
+    const routing = config.providers.byRole?.[task.ownerRole] ?? config.providers.defaults;
+    const fallbackProvider = routing.fallbacks[0];
+    if (!fallbackProvider) {
+        return undefined;
+    }
+    const proposal = {
+        fromProvider: routing.provider,
+        fromModel: routing.model,
+        toProvider: fallbackProvider,
+        toModel: routing.model,
+        violations: budget.violations,
+    };
+    const artifact = await writeBudgetEscalationProposal(root, taskId, proposal);
+    return {
+        ...proposal,
+        artifact,
+    };
+}
+async function getApprovalRecord(id, root) {
+    const artifact = approvalArtifactForId(id);
+    if (!(await exists(path.join(root, artifact)))) {
+        throw new Error(`unknown approval: ${id}`);
+    }
+    const events = await readEvents(root);
+    return approvalRecordForArtifact(artifact, events);
+}
+async function findStoredApprovalForProposal(proposal, root) {
+    if (!proposal.artifact) {
+        return undefined;
+    }
+    const events = await readEvents(root);
+    return approvalRecordForArtifact(proposal.artifact, events);
+}
+async function recordApprovalDecision(input, status, root) {
+    const current = await getApprovalRecord(input.id, root);
+    const requested = approvalEventsForArtifact(await readEvents(root), current.artifact).find((event) => event.type === "BUDGET_ESCALATION_REQUESTED");
+    await appendEvent(root, removeUndefined({
+        type: status === "approved"
+            ? "BUDGET_ESCALATION_APPROVED"
+            : "BUDGET_ESCALATION_REJECTED",
+        taskId: current.taskId,
+        actor: "parent",
+        summary: `Budget escalation ${status}: ${input.id}`,
+        artifacts: [current.artifact],
+        metadata: {
+            approvalId: input.id,
+            proposal: requested?.metadata.proposal,
+            approver: input.approver,
+            rationale: input.rationale,
+        },
+    }));
+    return getApprovalRecord(input.id, root);
+}
+function approvalRecordForArtifact(artifact, events) {
+    const id = approvalIdForArtifact(artifact);
+    const related = approvalEventsForArtifact(events, artifact);
+    const requested = related.find((event) => event.type === "BUDGET_ESCALATION_REQUESTED");
+    const decision = [...related]
+        .reverse()
+        .find((event) => ["BUDGET_ESCALATION_APPROVED", "BUDGET_ESCALATION_REJECTED"].includes(event.type));
+    const status = decisionStatus(decision);
+    return removeUndefined({
+        id,
+        taskId: String(requested?.taskId ?? decision?.taskId ?? "") || undefined,
+        artifact,
+        status,
+        summary: requested?.summary ?? `Approval proposal ${id}`,
+        requestedAt: requested?.timestamp,
+        decidedAt: decision?.timestamp,
+        approver: typeof decision?.metadata.approver === "string"
+            ? decision.metadata.approver
+            : undefined,
+        rationale: typeof decision?.metadata.rationale === "string"
+            ? decision.metadata.rationale
+            : undefined,
+    });
+}
+function approvalEventsForArtifact(events, artifact) {
+    return events.filter((event) => event.artifacts?.includes(artifact));
+}
+function decisionStatus(decision) {
+    if (decision?.type === "BUDGET_ESCALATION_APPROVED") {
+        return "approved";
+    }
+    if (decision?.type === "BUDGET_ESCALATION_REJECTED") {
+        return "rejected";
+    }
+    return "pending";
+}
+function approvalArtifactForId(id) {
+    if (!/^[a-zA-Z0-9._-]+$/.test(id)) {
+        throw new Error(`invalid approval id: ${id}`);
+    }
+    return path.join(".agent-workflow", "approvals", `${id}.md`);
+}
+function approvalIdForArtifact(artifact) {
+    return path.basename(artifact, ".md");
+}
+export async function addPlaywrightEvidence(input, root = process.cwd()) {
+    return addEvidence(removeUndefined({
+        task: input.task,
+        role: "qa",
+        type: input.kind,
+        summary: input.summary,
+        path: input.path,
+        command: input.runId,
+    }), root);
+}
+function aggregateUsage(key, records) {
+    const inputTokens = records.reduce((sum, record) => sum + record.inputTokens, 0);
+    const outputTokens = records.reduce((sum, record) => sum + record.outputTokens, 0);
+    const estimatedCostUsd = records.reduce((sum, record) => sum + record.estimatedCostUsd, 0);
+    return {
+        key,
+        requests: records.length,
+        inputTokens,
+        outputTokens,
+        totalTokens: inputTokens + outputTokens,
+        estimatedCostUsd,
+    };
+}
+function aggregateUsageBy(records, keyFor) {
+    const groups = new Map();
+    for (const record of records) {
+        const key = keyFor(record);
+        groups.set(key, [...(groups.get(key) ?? []), record]);
+    }
+    return [...groups.entries()].map(([key, group]) => aggregateUsage(key, group));
+}
+function budgetViolations(scope, usage, budget) {
+    return [
+        budgetViolation(scope, "requests", usage.requests, budget.maxRequests),
+        budgetViolation(scope, "inputTokens", usage.inputTokens, budget.maxInputTokens),
+        budgetViolation(scope, "outputTokens", usage.outputTokens, budget.maxOutputTokens),
+        budgetViolation(scope, "totalTokens", usage.totalTokens, budget.maxTotalTokens),
+        budgetViolation(scope, "estimatedCostUsd", usage.estimatedCostUsd, budget.maxEstimatedCostUsd),
+    ].filter((violation) => Boolean(violation));
+}
+function budgetViolation(scope, metric, actual, limit) {
+    if (limit === undefined || actual <= limit) {
+        return undefined;
+    }
+    return {
+        scope,
+        metric,
+        actual,
+        limit,
+    };
+}
+async function writeBudgetEscalationProposal(root, taskId, proposal) {
+    const content = [
+        `# Budget Escalation Proposal: ${taskId}`,
+        "",
+        "## Summary",
+        "- Status: approval required before execution",
+        "- Usage source: local model provenance events",
+        "- Cost source: estimated cost recorded in provenance",
+        "",
+        "## Current Routing",
+        `- Provider: ${proposal.fromProvider}`,
+        `- Model: ${proposal.fromModel}`,
+        "",
+        "## Proposed Fallback",
+        `- Provider: ${proposal.toProvider}`,
+        `- Model: ${proposal.toModel}`,
+        "",
+        "## Budget Violations",
+        ...proposal.violations.map((violation) => `- ${violation.scope} ${violation.metric}: ${violation.actual} > ${violation.limit}`),
+        "",
+        "## Expected Impact",
+        "- May continue execution using the configured fallback provider.",
+        "- Quality, latency, and cost can differ from the original provider.",
+        "- Approval applies only to this execution request.",
+        "",
+        "## Risks",
+        "- Estimated usage may differ from provider invoice totals.",
+        "- Fallback output quality must still pass QA and release gates.",
+        "- No raw prompts, raw responses, or secrets are included in this proposal.",
+        "",
+        "## Approval Commands",
+        `- Approve: orchestra run --task ${taskId} --approve-budget-fallback --approver <name> --rationale "<reason>"`,
+        `- Reject: orchestra run --task ${taskId} --reject-budget-fallback --approver <name> --rationale "<reason>"`,
+        "",
+    ].join("\n");
+    return writeArtifact(root, "approvals", `${taskId}-budget-fallback.md`, content);
+}
+async function filterEvents(type, taskId, root) {
+    const events = (await readEvents(root)).filter((event) => event.type === type);
+    return taskId ? events.filter((event) => event.taskId === taskId) : events;
+}
+async function writeTasks(base, tasks) {
+    await writeJson(path.join(base, FILES.tasks), tasks);
+}
+async function writeLocks(base, locks) {
+    await writeJson(path.join(base, FILES.locks), locks);
+}
+function removeUndefined(value) {
+    return Object.fromEntries(Object.entries(value).filter(([, entry]) => entry !== undefined));
+}
+function toPascalCase(value) {
+    return value
+        .split(/[^a-zA-Z0-9]+/)
+        .filter(Boolean)
+        .map((part) => `${part.charAt(0).toUpperCase()}${part.slice(1)}`)
+        .join("");
+}
+//# sourceMappingURL=workflow-services.js.map