@jterrats/open-orchestra 1.0.16 → 1.0.18

package/dist/runtime-spawn-bridge.js

@@ -26,6 +26,7 @@ export async function renderRuntimeSpawnRequestArtifact({ root, taskId, runId, p
         role,
         ...(phasePlaybook ? { phasePlaybook } : {}),
         contextPack,
+        ownershipPaths: assignment.paths,
     });
     const contextManifestArtifact = await writeArtifact(root, "runs", `${taskId}-${runId ?? "manual"}-${phase}-runtime-${runtime.id}-context-manifest.json`, `${JSON.stringify(contextManifest, null, 2)}\n`);
     const expectedResultArtifact = `.agent-workflow/handoffs/${taskId}-${runId ?? "manual"}-${phase}-${role}-runtime-handoff.md`;
@@ -84,6 +85,7 @@ export async function renderRuntimeSpawnRequestArtifact({ root, taskId, runId, p
         contextBudget: context.contextBudget,
         guardrails,
     };
+    const topWorkflowTemplate = renderTopWorkflowTemplate(context.workflowTemplates);
     const promptContent = renderRuntimeChildPrompt({
         taskId,
         phase,
@@ -96,6 +98,7 @@ export async function renderRuntimeSpawnRequestArtifact({ root, taskId, runId, p
         expectedResultArtifact,
         parentRuntimeAction,
         ...(phasePlaybook ? { phasePlaybook } : {}),
+        ...(topWorkflowTemplate ? { topWorkflowTemplate } : {}),
     });
     await writeArtifact(root, "runs", `${taskId}-${runId ?? "manual"}-${phase}-runtime-${runtime.id}-spawn-prompt.md`, promptContent);
     const content = runtimeSpawnRequestContent({
@@ -220,6 +223,27 @@ function arrayMetadata(event, key) {
         ? value.filter((item) => typeof item === "string")
         : [];
 }
+function renderTopWorkflowTemplate(selections) {
+    if (selections.length === 0)
+        return undefined;
+    const top = selections[0];
+    const { template, missingEvidence } = top;
+    return [
+        `### ${template.name}`,
+        "",
+        template.summary,
+        "",
+        `- Roles: ${template.roles.join(", ")}`,
+        `- Inputs: ${template.inputs.join(", ")}`,
+        `- Outputs: ${template.outputs.join(", ")}`,
+        `- Evidence: ${template.evidenceRequirements.join(", ")}`,
+        `- Gates: ${template.gates.join(", ")}`,
+        `- Missing evidence: ${missingEvidence.length > 0 ? missingEvidence.join(", ") : "none"}`,
+        "",
+        "Steps:",
+        ...template.steps.map((step) => `- ${step}`),
+    ].join("\n");
+}
 function assertWorkflowArtifactPath(artifact) {
     const normalized = path.normalize(artifact);
     if (normalized.startsWith("..") ||

package/dist/runtime-spawn-bridge.js.map

@@ -1 +1 @@
-{"version":3,"file":"runtime-spawn-bridge.js","sourceRoot":"","sources":["../src/runtime-spawn-bridge.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EACL,2BAA2B,EAC3B,oCAAoC,GACrC,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,gCAAgC,EAAE,MAAM,qCAAqC,CAAC;AACvF,OAAO,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,EAAE,2BAA2B,EAAE,MAAM,4BAA4B,CAAC;AACzE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAYxE,MAAM,CAAC,KAAK,UAAU,iCAAiC,CAAC,EACtD,IAAI,EACJ,MAAM,EACN,KAAK,EACL,KAAK,EACL,IAAI,EACJ,OAAO,EACP,SAAS,EACT,MAAM,EACN,UAAU,EACV,OAAO,EACP,UAAU,EACV,aAAa,GAcd;IACC,IAAI,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CACb,WAAW,OAAO,CAAC,EAAE,gDAAgD,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,wBAAwB,MAAM,IAAI,KAAK,IAAI,QAAQ,IAAI,KAAK,YAAY,OAAO,CAAC,EAAE,kBAAkB,CAAC;IAC5H,MAAM,WAAW,GAAG,MAAM,gCAAgC,CAAC;QACzD,IAAI;QACJ,OAAO;QACP,MAAM;QACN,KAAK;QACL,IAAI;QACJ,UAAU;KACX,CAAC,CAAC;IACH,MAAM,eAAe,GAAG,MAAM,2BAA2B,CAAC;QACxD,IAAI;QACJ,MAAM;QACN,KAAK;QACL,IAAI;QACJ,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3C,WAAW;KACZ,CAAC,CAAC;IACH,MAAM,uBAAuB,GAAG,MAAM,aAAa,CACjD,IAAI,EACJ,MAAM,EACN,GAAG,MAAM,IAAI,KAAK,IAAI,QAAQ,IAAI,KAAK,YAAY,OAAO,CAAC,EAAE,wBAAwB,EACrF,GAAG,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAChD,CAAC;IACF,MAAM,sBAAsB,GAAG,4BAA4B,MAAM,IAAI,KAAK,IAAI,QAAQ,IAAI,KAAK,IAAI,IAAI,qBAAqB,CAAC;IAC7H,MAAM,mBAAmB,GAAG,wBAAwB,CAAC;QACnD,OAAO;QACP,SAAS;QACT,KAAK;QACL,IAAI;QACJ,UAAU;QACV,cAAc;QACd,uBAAuB;QACvB,GAAG,CAAC,WAAW,CAAC,MAAM,KAAK,OAAO;YAChC,CAAC,CAAC;gBACE,mBAAmB,EAAE,WAAW,CAAC,gBAAgB;gBACjD,iBAAiB,EAAE;oBACjB,SAAS,EAAE,WAAW,CAAC,SAAS;oBAChC,WAAW,EAAE,WAAW,CAAC,WAAW;oBACpC,SAAS,EAAE,WAAW,CAAC,SAAS;iBACjC;aACF;YACH,CAAC,CAAC,EAAE,CAAC;QACP,sBAAsB;KACvB,CAAC,CAAC;IACH,MAAM,qBAAqB,GAAG;QAC5B,MAAM;QACN,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3B,KAAK;QACL,IAAI;QACJ,OAAO,EAAE,OAAO,CAAC,EAAE;QACnB,SAAS;QACT,MAAM;QACN,eAAe,EAAE,OAAO,CAAC,SAAS,CAAC,KAAK;QACxC,mBAAmB;QACnB,UAAU;QACV,cAAc;QACd,uBAAuB;QACvB,GAAG,CAAC,WAAW,CAAC,MAAM,KAAK,OAAO;YAChC,CAAC,CAAC;gBACE,mBAAmB,EAAE,WAAW,CAAC,gBAAgB;gBACjD,iBAAiB,EAAE;oBACjB,SAAS,EAAE,WAAW,CAAC,SAAS;oBAChC,WAAW,EAAE,WAAW,CAAC,WAAW;oBACpC,SAAS,EAAE,WAAW,CAAC,SAAS;iBACjC;aACF;YACH,CAAC,CAAC,EAAE,CAAC;QACP,sBAAsB;QACtB,wBAAwB,EAAE,KAAc;QACxC,YAAY,EAAE;YACZ,IAAI,EAAE,YAAqB;YAC3B,iBAAiB,EAAE,KAAc;YACjC,UAAU,EAAE,kCAA2C;YACvD,YAAY,EAAE,mBAAmB,CAAC,iBAAiB;SACpD;QACD,eAAe,EAAE,2BAA2B,CAAC,OAAO,CAAC;QACrD,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,UAAU;KACX,CAAC;IACF,MAAM,aAAa,GAAG,wBAAwB,CAAC;QAC7C,MAAM;QACN,KAAK;QACL,IAAI;QACJ,OAAO;QACP,SAAS;QACT,UAAU;QACV,OAAO;QACP,uBAAuB,EACrB,oCAAoC,CAAC,eAAe,CAAC;QACvD,sBAAsB;QACtB,mBAAmB;QACnB,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5C,CAAC,CAAC;IACH,MAAM,aAAa,CACjB,IAAI,EACJ,MAAM,EACN,GAAG,MAAM,IAAI,KAAK,IAAI,QAAQ,IAAI,KAAK,YAAY,OAAO,CAAC,EAAE,kBAAkB,EAC/E,aAAa,CACd,CAAC;IAEF,MAAM,OAAO,GAAG,0BAA0B,CAAC;QACzC,OAAO;QACP,OAAO;QACP,OAAO,EAAE,qBAAqB;QAC9B,eAAe;QACf,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5C,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAClC,IAAI,EACJ,MAAM,EACN,GAAG,MAAM,IAAI,KAAK,IAAI,QAAQ,IAAI,KAAK,YAAY,OAAO,CAAC,EAAE,mBAAmB,EAChF,OAAO,CACR,CAAC;IACF,MAAM,OAAO,GAAwB;QACnC,GAAG,qBAAqB;QACxB,QAAQ;QACR,OAAO;KACR,CAAC;IAEF,MAAM,WAAW,CAAC,IAAI,EAAE;QACtB,IAAI,EACF,MAAM,KAAK,QAAQ;YACjB,CAAC,CAAC,mCAAmC;YACrC,CAAC,CAAC,gCAAgC;QACtC,MAAM;QACN,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,yBAAyB,MAAM,KAAK,KAAK,QAAQ,OAAO,CAAC,EAAE,EAAE;QACtE,SAAS,EAAE,CAAC,QAAQ,EAAE,cAAc,EAAE,uBAAuB,CAAC;QAC9D,QAAQ,EAAE;YACR,SAAS;YACT,OAAO,EAAE,OAAO,CAAC,EAAE;YACnB,KAAK;YACL,IAAI;YACJ,MAAM;YACN,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI;YACvC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI;YACvC,mBAAmB;YACnB,cAAc;YACd,uBAAuB;YACvB,GAAG,CAAC,WAAW,CAAC,MAAM,KAAK,OAAO;gBAChC,CAAC,CAAC;oBACE,mBAAmB,EAAE,WAAW,CAAC,gBAAgB;oBACjD,iBAAiB,EAAE;wBACjB,SAAS,EAAE,WAAW,CAAC,SAAS;wBAChC,WAAW,EAAE,WAAW,CAAC,WAAW;wBACpC,SAAS,EAAE,WAAW,CAAC,SAAS;qBACjC;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;YACP,sBAAsB;YACtB,wBAAwB,EAAE,KAAK;YAC/B,UAAU;SACX;KACF,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAaD,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,EAChD,IAAI,EACJ,SAAS,EACT,MAAM,EACN,OAAO,EACP,cAAc,EACd,QAAQ,GAQT;IACC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACtD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,uCAAuC,SAAS,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,0BAA0B,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACb,kDAAkD,SAAS,EAAE,CAC9D,CAAC;IACJ,CAAC;IACD,MAAM,eAAe,GAAG,cAAc,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;IAClE,OAAO,WAAW,CAAC,IAAI,EAAE;QACvB,IAAI,EAAE,0BAA0B,CAAC,MAAM,CAAC;QACxC,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,OAAO,IAAI,2BAA2B,MAAM,KAAK,SAAS,EAAE;QACrE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;QAC5D,QAAQ,EAAE;YACR,SAAS;YACT,OAAO,EAAE,cAAc,CAAC,OAAO,EAAE,SAAS,CAAC;YAC3C,KAAK,EAAE,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC;YACvC,IAAI,EAAE,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC;YACrC,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,MAAM;gBAC3C,CAAC,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC;gBACjC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;YACrD,cAAc,EAAE,cAAc,IAAI,eAAe;YACjD,iBAAiB,EAAE,OAAO,CAAC,IAAI;YAC/B,MAAM;YACN,wBAAwB,EAAE,KAAK;SAChC;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,gCAAgC,CAC9C,KAAa;IAEb,IACE,KAAK,KAAK,SAAS;QACnB,KAAK,KAAK,QAAQ;QAClB,KAAK,KAAK,WAAW;QACrB,KAAK,KAAK,QAAQ;QAClB,KAAK,KAAK,WAAW;QACrB,KAAK,KAAK,UAAU;QACpB,KAAK,KAAK,QAAQ,EAClB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,IAAI,KAAK,CACb,2GAA2G,CAC5G,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,MAAoB,EACpB,SAAiB;IAEjB,OAAO,MAAM;SACV,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,KAAK,SAAS,CAAC;SACzD,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,0BAA0B,CACjC,MAAmC;IAEnC,MAAM,MAAM,GAAgD;QAC1D,OAAO,EAAE,oCAAoC;QAC7C,MAAM,EAAE,sCAAsC;QAC9C,SAAS,EAAE,sCAAsC;QACjD,MAAM,EAAE,mCAAmC;QAC3C,SAAS,EAAE,sCAAsC;QACjD,QAAQ,EAAE,qCAAqC;QAC/C,MAAM,EAAE,mCAAmC;KAC5C,CAAC;IACF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,cAAc,CAAC,KAAiB,EAAE,GAAW;IACpD,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvE,CAAC;AAED,SAAS,aAAa,CAAC,KAAiB,EAAE,GAAW;IACnD,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACzB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAkB,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC;QAClE,CAAC,CAAC,EAAE,CAAC;AACT,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC5C,IACE,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAC3B,CAAC,UAAU,CAAC,UAAU,CAAC,iBAAiB,CAAC,EACzC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;AACH,CAAC"}
+{"version":3,"file":"runtime-spawn-bridge.js","sourceRoot":"","sources":["../src/runtime-spawn-bridge.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EACL,2BAA2B,EAC3B,oCAAoC,GACrC,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,gCAAgC,EAAE,MAAM,qCAAqC,CAAC;AACvF,OAAO,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,EAAE,2BAA2B,EAAE,MAAM,4BAA4B,CAAC;AACzE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAaxE,MAAM,CAAC,KAAK,UAAU,iCAAiC,CAAC,EACtD,IAAI,EACJ,MAAM,EACN,KAAK,EACL,KAAK,EACL,IAAI,EACJ,OAAO,EACP,SAAS,EACT,MAAM,EACN,UAAU,EACV,OAAO,EACP,UAAU,EACV,aAAa,GAcd;IACC,IAAI,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CACb,WAAW,OAAO,CAAC,EAAE,gDAAgD,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,wBAAwB,MAAM,IAAI,KAAK,IAAI,QAAQ,IAAI,KAAK,YAAY,OAAO,CAAC,EAAE,kBAAkB,CAAC;IAC5H,MAAM,WAAW,GAAG,MAAM,gCAAgC,CAAC;QACzD,IAAI;QACJ,OAAO;QACP,MAAM;QACN,KAAK;QACL,IAAI;QACJ,UAAU;KACX,CAAC,CAAC;IACH,MAAM,eAAe,GAAG,MAAM,2BAA2B,CAAC;QACxD,IAAI;QACJ,MAAM;QACN,KAAK;QACL,IAAI;QACJ,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3C,WAAW;QACX,cAAc,EAAE,UAAU,CAAC,KAAK;KACjC,CAAC,CAAC;IACH,MAAM,uBAAuB,GAAG,MAAM,aAAa,CACjD,IAAI,EACJ,MAAM,EACN,GAAG,MAAM,IAAI,KAAK,IAAI,QAAQ,IAAI,KAAK,YAAY,OAAO,CAAC,EAAE,wBAAwB,EACrF,GAAG,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAChD,CAAC;IACF,MAAM,sBAAsB,GAAG,4BAA4B,MAAM,IAAI,KAAK,IAAI,QAAQ,IAAI,KAAK,IAAI,IAAI,qBAAqB,CAAC;IAC7H,MAAM,mBAAmB,GAAG,wBAAwB,CAAC;QACnD,OAAO;QACP,SAAS;QACT,KAAK;QACL,IAAI;QACJ,UAAU;QACV,cAAc;QACd,uBAAuB;QACvB,GAAG,CAAC,WAAW,CAAC,MAAM,KAAK,OAAO;YAChC,CAAC,CAAC;gBACE,mBAAmB,EAAE,WAAW,CAAC,gBAAgB;gBACjD,iBAAiB,EAAE;oBACjB,SAAS,EAAE,WAAW,CAAC,SAAS;oBAChC,WAAW,EAAE,WAAW,CAAC,WAAW;oBACpC,SAAS,EAAE,WAAW,CAAC,SAAS;iBACjC;aACF;YACH,CAAC,CAAC,EAAE,CAAC;QACP,sBAAsB;KACvB,CAAC,CAAC;IACH,MAAM,qBAAqB,GAAG;QAC5B,MAAM;QACN,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3B,KAAK;QACL,IAAI;QACJ,OAAO,EAAE,OAAO,CAAC,EAAE;QACnB,SAAS;QACT,MAAM;QACN,eAAe,EAAE,OAAO,CAAC,SAAS,CAAC,KAAK;QACxC,mBAAmB;QACnB,UAAU;QACV,cAAc;QACd,uBAAuB;QACvB,GAAG,CAAC,WAAW,CAAC,MAAM,KAAK,OAAO;YAChC,CAAC,CAAC;gBACE,mBAAmB,EAAE,WAAW,CAAC,gBAAgB;gBACjD,iBAAiB,EAAE;oBACjB,SAAS,EAAE,WAAW,CAAC,SAAS;oBAChC,WAAW,EAAE,WAAW,CAAC,WAAW;oBACpC,SAAS,EAAE,WAAW,CAAC,SAAS;iBACjC;aACF;YACH,CAAC,CAAC,EAAE,CAAC;QACP,sBAAsB;QACtB,wBAAwB,EAAE,KAAc;QACxC,YAAY,EAAE;YACZ,IAAI,EAAE,YAAqB;YAC3B,iBAAiB,EAAE,KAAc;YACjC,UAAU,EAAE,kCAA2C;YACvD,YAAY,EAAE,mBAAmB,CAAC,iBAAiB;SACpD;QACD,eAAe,EAAE,2BAA2B,CAAC,OAAO,CAAC;QACrD,aAAa,EAAE,OAAO,CAAC,aAAa;QACpC,UAAU;KACX,CAAC;IACF,MAAM,mBAAmB,GAAG,yBAAyB,CACnD,OAAO,CAAC,iBAAiB,CAC1B,CAAC;IACF,MAAM,aAAa,GAAG,wBAAwB,CAAC;QAC7C,MAAM;QACN,KAAK;QACL,IAAI;QACJ,OAAO;QACP,SAAS;QACT,UAAU;QACV,OAAO;QACP,uBAAuB,EACrB,oCAAoC,CAAC,eAAe,CAAC;QACvD,sBAAsB;QACtB,mBAAmB;QACnB,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3C,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxD,CAAC,CAAC;IACH,MAAM,aAAa,CACjB,IAAI,EACJ,MAAM,EACN,GAAG,MAAM,IAAI,KAAK,IAAI,QAAQ,IAAI,KAAK,YAAY,OAAO,CAAC,EAAE,kBAAkB,EAC/E,aAAa,CACd,CAAC;IAEF,MAAM,OAAO,GAAG,0BAA0B,CAAC;QACzC,OAAO;QACP,OAAO;QACP,OAAO,EAAE,qBAAqB;QAC9B,eAAe;QACf,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC5C,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAClC,IAAI,EACJ,MAAM,EACN,GAAG,MAAM,IAAI,KAAK,IAAI,QAAQ,IAAI,KAAK,YAAY,OAAO,CAAC,EAAE,mBAAmB,EAChF,OAAO,CACR,CAAC;IACF,MAAM,OAAO,GAAwB;QACnC,GAAG,qBAAqB;QACxB,QAAQ;QACR,OAAO;KACR,CAAC;IAEF,MAAM,WAAW,CAAC,IAAI,EAAE;QACtB,IAAI,EACF,MAAM,KAAK,QAAQ;YACjB,CAAC,CAAC,mCAAmC;YACrC,CAAC,CAAC,gCAAgC;QACtC,MAAM;QACN,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,yBAAyB,MAAM,KAAK,KAAK,QAAQ,OAAO,CAAC,EAAE,EAAE;QACtE,SAAS,EAAE,CAAC,QAAQ,EAAE,cAAc,EAAE,uBAAuB,CAAC;QAC9D,QAAQ,EAAE;YACR,SAAS;YACT,OAAO,EAAE,OAAO,CAAC,EAAE;YACnB,KAAK;YACL,IAAI;YACJ,MAAM;YACN,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI;YACvC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI;YACvC,mBAAmB;YACnB,cAAc;YACd,uBAAuB;YACvB,GAAG,CAAC,WAAW,CAAC,MAAM,KAAK,OAAO;gBAChC,CAAC,CAAC;oBACE,mBAAmB,EAAE,WAAW,CAAC,gBAAgB;oBACjD,iBAAiB,EAAE;wBACjB,SAAS,EAAE,WAAW,CAAC,SAAS;wBAChC,WAAW,EAAE,WAAW,CAAC,WAAW;wBACpC,SAAS,EAAE,WAAW,CAAC,SAAS;qBACjC;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;YACP,sBAAsB;YACtB,wBAAwB,EAAE,KAAK;YAC/B,UAAU;SACX;KACF,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAaD,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,EAChD,IAAI,EACJ,SAAS,EACT,MAAM,EACN,OAAO,EACP,cAAc,EACd,QAAQ,GAQT;IACC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACtD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,uCAAuC,SAAS,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,0BAA0B,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACb,kDAAkD,SAAS,EAAE,CAC9D,CAAC;IACJ,CAAC;IACD,MAAM,eAAe,GAAG,cAAc,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;IAClE,OAAO,WAAW,CAAC,IAAI,EAAE;QACvB,IAAI,EAAE,0BAA0B,CAAC,MAAM,CAAC;QACxC,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,OAAO,IAAI,2BAA2B,MAAM,KAAK,SAAS,EAAE;QACrE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;QAC5D,QAAQ,EAAE;YACR,SAAS;YACT,OAAO,EAAE,cAAc,CAAC,OAAO,EAAE,SAAS,CAAC;YAC3C,KAAK,EAAE,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC;YACvC,IAAI,EAAE,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC;YACrC,KAAK,EAAE,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,MAAM;gBAC3C,CAAC,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC;gBACjC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;YACrD,cAAc,EAAE,cAAc,IAAI,eAAe;YACjD,iBAAiB,EAAE,OAAO,CAAC,IAAI;YAC/B,MAAM;YACN,wBAAwB,EAAE,KAAK;SAChC;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,gCAAgC,CAC9C,KAAa;IAEb,IACE,KAAK,KAAK,SAAS;QACnB,KAAK,KAAK,QAAQ;QAClB,KAAK,KAAK,WAAW;QACrB,KAAK,KAAK,QAAQ;QAClB,KAAK,KAAK,WAAW;QACrB,KAAK,KAAK,UAAU;QACpB,KAAK,KAAK,QAAQ,EAClB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,IAAI,KAAK,CACb,2GAA2G,CAC5G,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,MAAoB,EACpB,SAAiB;IAEjB,OAAO,MAAM;SACV,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,KAAK,SAAS,CAAC;SACzD,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,0BAA0B,CACjC,MAAmC;IAEnC,MAAM,MAAM,GAAgD;QAC1D,OAAO,EAAE,oCAAoC;QAC7C,MAAM,EAAE,sCAAsC;QAC9C,SAAS,EAAE,sCAAsC;QACjD,MAAM,EAAE,mCAAmC;QAC3C,SAAS,EAAE,sCAAsC;QACjD,QAAQ,EAAE,qCAAqC;QAC/C,MAAM,EAAE,mCAAmC;KAC5C,CAAC;IACF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,cAAc,CAAC,KAAiB,EAAE,GAAW;IACpD,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvE,CAAC;AAED,SAAS,aAAa,CAAC,KAAiB,EAAE,GAAW;IACnD,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACzB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAkB,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC;QAClE,CAAC,CAAC,EAAE,CAAC;AACT,CAAC;AAED,SAAS,yBAAyB,CAChC,UAAuC;IAEvC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC9C,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAE,CAAC;IAC3B,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,GAAG,GAAG,CAAC;IAC1C,OAAO;QACL,OAAO,QAAQ,CAAC,IAAI,EAAE;QACtB,EAAE;QACF,QAAQ,CAAC,OAAO;QAChB,EAAE;QACF,YAAY,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACvC,aAAa,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACzC,cAAc,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAC3C,eAAe,QAAQ,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACzD,YAAY,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACvC,uBAAuB,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE;QACzF,EAAE;QACF,QAAQ;QACR,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;KAC7C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC5C,IACE,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAC3B,CAAC,UAAU,CAAC,UAAU,CAAC,iBAAiB,CAAC,EACzC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;AACH,CAAC"}

package/dist/runtime-spawn-guidance.js

@@ -1,52 +1,21 @@
+import { getRuntimeAdapter } from "./runtime-adapters.js";
+const COMMON_SPAWN_PROTOCOL_LINES = [
+    "- Spawn only from an Orchestra `runtime spawn-request` artifact; do not invent child context.",
+    "- Keep detached children in background and let the parent continue talking to the user.",
+    "- Record `spawned`, terminal status, evidence artifact, and agent id through `runtime spawn-lifecycle`.",
+];
+const GENERIC_SPAWN_PROTOCOL_FALLBACK = "- Unknown runtimes: keep the request-only packet and ask before falling back to single-agent execution.";
 export function runtimeBootstrapSpawnLines(target) {
-    if (target === "codex") {
-        return [
-            "- Codex parent runtimes should use `spawn_agent` for the rendered packet and avoid waiting by default.",
-        ];
-    }
-    if (target === "claude") {
-        return [
-            "- Claude Code parent runtimes should launch the rendered packet with the native Agent/Subagent tool; use Task only when that is the exposed legacy alias.",
-            "- Prefer a role-named Claude subagent and record the resulting id or label in spawn lifecycle.",
-        ];
-    }
-    if (target === "cursor") {
-        return [
-            "- Cursor parent runtimes should launch the rendered packet as a Background Agent so work continues in parallel with the current chat.",
-            "- Record the Cursor Background Agent id or branch label in spawn lifecycle before resuming the workflow.",
-        ];
-    }
-    return [
+    const adapter = getRuntimeAdapter(target);
+    return (adapter.bootstrapSpawnLines ?? [
         "- If the runtime has no safe native background-agent mechanism, leave the packet as request-only and ask the user before falling back to single-agent execution.",
-    ];
+    ]);
 }
 export function runtimeSpawnProtocolLines(target) {
-    const common = [
-        "- Spawn only from an Orchestra `runtime spawn-request` artifact; do not invent child context.",
-        "- Keep detached children in background and let the parent continue talking to the user.",
-        "- Record `spawned`, terminal status, evidence artifact, and agent id through `runtime spawn-lifecycle`.",
-    ];
-    if (target === "claude") {
-        return [
-            ...common,
-            "- Claude Code: use the native Agent/Subagent tool for the packet; use Task only if exposed as the legacy alias.",
-        ];
-    }
-    if (target === "cursor") {
-        return [
-            ...common,
-            "- Cursor: launch the packet as a Background Agent and record the Background Agent id or branch label.",
-        ];
-    }
-    if (target === "codex") {
-        return [
-            ...common,
-            "- Codex: use `spawn_agent` for the packet and avoid `wait_agent` unless the next critical step is blocked.",
-        ];
-    }
-    return [
-        ...common,
-        "- Unknown runtimes: keep the request-only packet and ask before falling back to single-agent execution.",
-    ];
+    const adapter = getRuntimeAdapter(target);
+    return (adapter.spawnProtocolLines ?? [
+        ...COMMON_SPAWN_PROTOCOL_LINES,
+        GENERIC_SPAWN_PROTOCOL_FALLBACK,
+    ]);
 }
 //# sourceMappingURL=runtime-spawn-guidance.js.map

package/dist/runtime-spawn-guidance.js.map

@@ -1 +1 @@
-{"version":3,"file":"runtime-spawn-guidance.js","sourceRoot":"","sources":["../src/runtime-spawn-guidance.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,0BAA0B,CACxC,MAAyB;IAEzB,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO;YACL,wGAAwG;SACzG,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,OAAO;YACL,2JAA2J;YAC3J,gGAAgG;SACjG,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,OAAO;YACL,uIAAuI;YACvI,0GAA0G;SAC3G,CAAC;IACJ,CAAC;IACD,OAAO;QACL,kKAAkK;KACnK,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,MAAyB;IACjE,MAAM,MAAM,GAAG;QACb,+FAA+F;QAC/F,yFAAyF;QACzF,yGAAyG;KAC1G,CAAC;IACF,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,OAAO;YACL,GAAG,MAAM;YACT,iHAAiH;SAClH,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,OAAO;YACL,GAAG,MAAM;YACT,uGAAuG;SACxG,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO;YACL,GAAG,MAAM;YACT,4GAA4G;SAC7G,CAAC;IACJ,CAAC;IACD,OAAO;QACL,GAAG,MAAM;QACT,yGAAyG;KAC1G,CAAC;AACJ,CAAC"}
+{"version":3,"file":"runtime-spawn-guidance.js","sourceRoot":"","sources":["../src/runtime-spawn-guidance.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAG1D,MAAM,2BAA2B,GAAG;IAClC,+FAA+F;IAC/F,yFAAyF;IACzF,yGAAyG;CAC1G,CAAC;AAEF,MAAM,+BAA+B,GACnC,yGAAyG,CAAC;AAE5G,MAAM,UAAU,0BAA0B,CACxC,MAAyB;IAEzB,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAC1C,OAAO,CACL,OAAO,CAAC,mBAAmB,IAAI;QAC7B,kKAAkK;KACnK,CACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,MAAyB;IACjE,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAC1C,OAAO,CACL,OAAO,CAAC,kBAAkB,IAAI;QAC5B,GAAG,2BAA2B;QAC9B,+BAA+B;KAChC,CACF,CAAC;AACJ,CAAC"}

package/dist/runtime-worker-registry.d.ts

@@ -0,0 +1,19 @@
+import type { RuntimeCapacityUnit, RuntimeWorkerHealth, RuntimeWorkerRecord } from "./types.js";
+export interface RuntimeWorkerRegistry {
+    listWorkers(): RuntimeWorkerRecord[];
+    registerWorker(worker: RuntimeWorkerRecord): void;
+    updateWorkerHealth(workerId: string, health: RuntimeWorkerHealth): void;
+    reserveWorkerCapacity(workerId: string, capacity: RuntimeCapacityUnit): void;
+    releaseWorkerCapacity(workerId: string, capacity: RuntimeCapacityUnit): void;
+}
+export declare class InMemoryRuntimeWorkerRegistry implements RuntimeWorkerRegistry {
+    private readonly workers;
+    constructor(workers?: RuntimeWorkerRecord[]);
+    listWorkers(): RuntimeWorkerRecord[];
+    registerWorker(worker: RuntimeWorkerRecord): void;
+    updateWorkerHealth(workerId: string, health: RuntimeWorkerHealth): void;
+    reserveWorkerCapacity(workerId: string, capacity: RuntimeCapacityUnit): void;
+    releaseWorkerCapacity(workerId: string, capacity: RuntimeCapacityUnit): void;
+    private requireWorker;
+}
+export declare function createLocalRuntimeWorker(worker?: Partial<RuntimeWorkerRecord>): RuntimeWorkerRecord;

package/dist/runtime-worker-registry.js

@@ -0,0 +1,84 @@
+export class InMemoryRuntimeWorkerRegistry {
+    workers = new Map();
+    constructor(workers = []) {
+        for (const worker of workers) {
+            this.registerWorker(worker);
+        }
+    }
+    listWorkers() {
+        return [...this.workers.values()].map((worker) => ({ ...worker }));
+    }
+    registerWorker(worker) {
+        this.workers.set(worker.workerId, { ...worker });
+    }
+    updateWorkerHealth(workerId, health) {
+        const worker = this.requireWorker(workerId);
+        this.workers.set(workerId, {
+            ...worker,
+            health,
+            lastHeartbeatAt: new Date().toISOString(),
+        });
+    }
+    reserveWorkerCapacity(workerId, capacity) {
+        const worker = this.requireWorker(workerId);
+        this.workers.set(workerId, {
+            ...worker,
+            availableConcurrencyUnits: worker.availableConcurrencyUnits - capacity.concurrencyUnits,
+        });
+    }
+    releaseWorkerCapacity(workerId, capacity) {
+        const worker = this.requireWorker(workerId);
+        this.workers.set(workerId, {
+            ...worker,
+            availableConcurrencyUnits: Math.min(worker.maxConcurrencyUnits, worker.availableConcurrencyUnits + capacity.concurrencyUnits),
+        });
+    }
+    requireWorker(workerId) {
+        const worker = this.workers.get(workerId);
+        if (!worker) {
+            throw new Error(`runtime worker ${workerId} is not registered`);
+        }
+        return worker;
+    }
+}
+export function createLocalRuntimeWorker(worker = {}) {
+    return {
+        workerId: worker.workerId ?? "local-parent",
+        workerKind: worker.workerKind ?? "local-parent",
+        tenantAffinity: worker.tenantAffinity ?? "platform-shared",
+        allowedTenantIds: worker.allowedTenantIds ?? [],
+        deniedTenantIds: worker.deniedTenantIds ?? [],
+        regions: worker.regions ?? ["local"],
+        runtimeIds: worker.runtimeIds ?? [],
+        providerIds: worker.providerIds ?? [],
+        workloadClasses: worker.workloadClasses ?? [
+            "interactive",
+            "workflow-phase",
+            "runtime-native-spawn",
+            "provider-backed-phase",
+            "background-maintenance",
+            "evidence-processing",
+        ],
+        toolCapabilities: worker.toolCapabilities ?? [],
+        maxConcurrencyUnits: worker.maxConcurrencyUnits ?? 3,
+        availableConcurrencyUnits: worker.availableConcurrencyUnits ?? 3,
+        health: worker.health ?? "healthy",
+        lastHeartbeatAt: worker.lastHeartbeatAt ?? new Date().toISOString(),
+        failureCount: worker.failureCount ?? 0,
+        leaseTtlMs: worker.leaseTtlMs ?? 30_000,
+        isolation: worker.isolation ?? {
+            version: "local",
+            policyVersion: "local",
+            sandboxProfile: "local",
+            secretScope: "workspace",
+            dataResidencyTags: ["local"],
+        },
+        ...(worker.tokenBudgetRemaining !== undefined
+            ? { tokenBudgetRemaining: worker.tokenBudgetRemaining }
+            : {}),
+        ...(worker.cpuWeight !== undefined ? { cpuWeight: worker.cpuWeight } : {}),
+        ...(worker.memoryMb !== undefined ? { memoryMb: worker.memoryMb } : {}),
+        ...(worker.openedUntil ? { openedUntil: worker.openedUntil } : {}),
+    };
+}
+//# sourceMappingURL=runtime-worker-registry.js.map

package/dist/runtime-worker-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime-worker-registry.js","sourceRoot":"","sources":["../src/runtime-worker-registry.ts"],"names":[],"mappings":"AAcA,MAAM,OAAO,6BAA6B;IACvB,OAAO,GAAG,IAAI,GAAG,EAA+B,CAAC;IAElE,YAAY,UAAiC,EAAE;QAC7C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,WAAW;QACT,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,cAAc,CAAC,MAA2B;QACxC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,kBAAkB,CAAC,QAAgB,EAAE,MAA2B;QAC9D,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;YACzB,GAAG,MAAM;YACT,MAAM;YACN,eAAe,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SAC1C,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB,CAAC,QAAgB,EAAE,QAA6B;QACnE,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;YACzB,GAAG,MAAM;YACT,yBAAyB,EACvB,MAAM,CAAC,yBAAyB,GAAG,QAAQ,CAAC,gBAAgB;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB,CAAC,QAAgB,EAAE,QAA6B;QACnE,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;YACzB,GAAG,MAAM;YACT,yBAAyB,EAAE,IAAI,CAAC,GAAG,CACjC,MAAM,CAAC,mBAAmB,EAC1B,MAAM,CAAC,yBAAyB,GAAG,QAAQ,CAAC,gBAAgB,CAC7D;SACF,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,QAAgB;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,kBAAkB,QAAQ,oBAAoB,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,MAAM,UAAU,wBAAwB,CACtC,SAAuC,EAAE;IAEzC,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,cAAc;QAC3C,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,cAAc;QAC/C,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,iBAAiB;QAC1D,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,EAAE;QAC/C,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,EAAE;QAC7C,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC;QACpC,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,EAAE;QACnC,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,EAAE;QACrC,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI;YACzC,aAAa;YACb,gBAAgB;YAChB,sBAAsB;YACtB,uBAAuB;YACvB,wBAAwB;YACxB,qBAAqB;SACtB;QACD,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,EAAE;QAC/C,mBAAmB,EAAE,MAAM,CAAC,mBAAmB,IAAI,CAAC;QACpD,yBAAyB,EAAE,MAAM,CAAC,yBAAyB,IAAI,CAAC;QAChE,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,SAAS;QAClC,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnE,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,CAAC;QACtC,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,MAAM;QACvC,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI;YAC7B,OAAO,EAAE,OAAO;YAChB,aAAa,EAAE,OAAO;YACtB,cAAc,EAAE,OAAO;YACvB,WAAW,EAAE,WAAW;YACxB,iBAAiB,EAAE,CAAC,OAAO,CAAC;SAC7B;QACD,GAAG,CAAC,MAAM,CAAC,oBAAoB,KAAK,SAAS;YAC3C,CAAC,CAAC,EAAE,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,EAAE;YACvD,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1E,GAAG,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACnE,CAAC;AACJ,CAAC"}

package/dist/security/chat-guardrail-policy.d.ts

@@ -0,0 +1,7 @@
+import type { ChatGuardrailAction, ChatGuardrailOutcome, ChatGuardrailRequest } from "./chat-guardrail-types.js";
+import type { DataClassification, PolicyAction, PolicyDecisionOutcome, PolicyResource, PolicySubject, PromptSegment } from "./policy-types.js";
+export declare function chatOutcomeForPolicy(outcome: PolicyDecisionOutcome): ChatGuardrailOutcome;
+export declare function policySubjectFor(request: ChatGuardrailRequest): PolicySubject;
+export declare function policyResourceFor(resource: ChatGuardrailRequest["resource"]): PolicyResource;
+export declare function policyActionFor(action: ChatGuardrailAction, resource: ChatGuardrailRequest["resource"]): PolicyAction;
+export declare function highestClassification(segments: PromptSegment[]): DataClassification;

package/dist/security/chat-guardrail-policy.js

@@ -0,0 +1,61 @@
+export function chatOutcomeForPolicy(outcome) {
+    if (outcome === "allow")
+        return "allow";
+    if (outcome === "deny")
+        return "block";
+    return "defer";
+}
+export function policySubjectFor(request) {
+    return {
+        id: request.actor.id,
+        subjectType: request.actor.actorType,
+        tenantId: request.tenantId,
+        workspaceId: request.workspaceId,
+    };
+}
+export function policyResourceFor(resource) {
+    return {
+        resourceType: policyResourceTypeFor(resource.resourceType),
+        summary: resource.summary,
+        tenantId: resource.tenantId,
+        workspaceId: resource.workspaceId,
+    };
+}
+export function policyActionFor(action, resource) {
+    if (action === "providerMessage")
+        return "provider.message";
+    if (action === "evidenceWrite")
+        return "evidence.write";
+    if (action === "toolRequest") {
+        if (resource.resourceType === "url")
+            return "url.fetch";
+        if (resource.resourceType === "file")
+            return "file.write";
+        return "command.execute";
+    }
+    return "content.ingest";
+}
+export function highestClassification(segments) {
+    if (segments.some((segment) => segment.classification.classification === "restricted")) {
+        return "restricted";
+    }
+    if (segments.some((segment) => segment.classification.classification === "unknown")) {
+        return "unknown";
+    }
+    if (segments.some((segment) => segment.classification.classification === "internal")) {
+        return "internal";
+    }
+    return "public";
+}
+function policyResourceTypeFor(resourceType) {
+    if (resourceType === "command")
+        return "command";
+    if (resourceType === "evidence")
+        return "evidence";
+    if (resourceType === "file")
+        return "file";
+    if (resourceType === "url")
+        return "url";
+    return "prompt";
+}
+//# sourceMappingURL=chat-guardrail-policy.js.map

package/dist/security/chat-guardrail-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chat-guardrail-policy.js","sourceRoot":"","sources":["../../src/security/chat-guardrail-policy.ts"],"names":[],"mappings":"AAeA,MAAM,UAAU,oBAAoB,CAClC,OAA8B;IAE9B,IAAI,OAAO,KAAK,OAAO;QAAE,OAAO,OAAO,CAAC;IACxC,IAAI,OAAO,KAAK,MAAM;QAAE,OAAO,OAAO,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,OAA6B;IAC5D,OAAO;QACL,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;QACpB,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;QACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,QAA0C;IAE1C,OAAO;QACL,YAAY,EAAE,qBAAqB,CAAC,QAAQ,CAAC,YAAY,CAAC;QAC1D,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,WAAW,EAAE,QAAQ,CAAC,WAAW;KAClC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,MAA2B,EAC3B,QAA0C;IAE1C,IAAI,MAAM,KAAK,iBAAiB;QAAE,OAAO,kBAAkB,CAAC;IAC5D,IAAI,MAAM,KAAK,eAAe;QAAE,OAAO,gBAAgB,CAAC;IACxD,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;QAC7B,IAAI,QAAQ,CAAC,YAAY,KAAK,KAAK;YAAE,OAAO,WAAW,CAAC;QACxD,IAAI,QAAQ,CAAC,YAAY,KAAK,MAAM;YAAE,OAAO,YAAY,CAAC;QAC1D,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,QAAyB;IAEzB,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,YAAY,CACpE,EACD,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,SAAS,CACjE,EACD,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,KAAK,UAAU,CAClE,EACD,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,qBAAqB,CAC5B,YAAuC;IAEvC,IAAI,YAAY,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACjD,IAAI,YAAY,KAAK,UAAU;QAAE,OAAO,UAAU,CAAC;IACnD,IAAI,YAAY,KAAK,MAAM;QAAE,OAAO,MAAM,CAAC;IAC3C,IAAI,YAAY,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IACzC,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/security/chat-guardrail-types.d.ts

@@ -0,0 +1,65 @@
+import type { PolicyDecisionOutcome, PolicySink, PromptSegment, RedactedSegment, RedactionReport, RedactionStatus } from "./policy-types.js";
+import type { PromptSegmentInput } from "./prompt-intake.js";
+export declare const chatGuardrailOutcomes: readonly ["allow", "block", "defer"];
+export type ChatGuardrailOutcome = (typeof chatGuardrailOutcomes)[number];
+export type ChatGuardrailAction = "providerMessage" | "toolRequest" | "subagentRequest" | "messagePersist" | "evidenceWrite" | "outputRender";
+export type ChatGuardrailActorType = "human" | "runtime" | "system" | "tool";
+export type ChatGuardrailResourceType = "artifact" | "command" | "evidence" | "file" | "message" | "prompt" | "subagent" | "thread" | "url";
+export interface ChatGuardrailActor {
+    id: string;
+    actorType: ChatGuardrailActorType;
+    tenantId: string;
+    workspaceId: string;
+}
+export interface ChatGuardrailResource {
+    resourceType: ChatGuardrailResourceType;
+    summary: string;
+    tenantId: string;
+    workspaceId: string;
+}
+export interface ChatGuardrailSink {
+    kind: PolicySink;
+}
+export interface ChatGuardrailRequest {
+    requestId: string;
+    tenantId: string;
+    workspaceId: string;
+    taskId?: string;
+    runId?: string;
+    threadId?: string;
+    messageId?: string;
+    actor: ChatGuardrailActor;
+    action: ChatGuardrailAction;
+    sink: ChatGuardrailSink;
+    resource: ChatGuardrailResource;
+    segments: PromptSegmentInput[];
+    redactionReportOverride?: RedactionReport;
+}
+export interface ChatGuardrailScope {
+    tenantId: string;
+    workspaceId: string;
+    resourceTenantId: string;
+    resourceWorkspaceId: string;
+}
+export interface ChatHumanReviewMetadata {
+    required: true;
+    reason: string;
+    decisionId: string;
+    matchedRuleIds: string[];
+    redactionStatus: RedactionStatus;
+    scope: ChatGuardrailScope;
+}
+export interface ChatGuardrailDecision {
+    requestId: string;
+    outcome: ChatGuardrailOutcome;
+    policyOutcome: PolicyDecisionOutcome;
+    matchedRuleIds: string[];
+    redactionStatus: RedactionStatus;
+    redactedSegments: RedactedSegment[];
+    sanitizedReasons: string[];
+    evidenceSummary: string;
+    humanReview?: ChatHumanReviewMetadata;
+    scope: ChatGuardrailScope;
+    canProceed: boolean;
+    policySegments: PromptSegment[];
+}

package/dist/security/chat-guardrail-types.js

@@ -0,0 +1,2 @@
+export const chatGuardrailOutcomes = ["allow", "block", "defer"];
+//# sourceMappingURL=chat-guardrail-types.js.map

package/dist/security/chat-guardrail-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chat-guardrail-types.js","sourceRoot":"","sources":["../../src/security/chat-guardrail-types.ts"],"names":[],"mappings":"AAUA,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAU,CAAC"}

package/dist/security/chat-guardrail-validation.d.ts

@@ -0,0 +1,9 @@
+import type { ChatGuardrailRequest, ChatGuardrailScope } from "./chat-guardrail-types.js";
+export interface ChatGuardrailRule {
+    ruleId: string;
+    reason: string;
+}
+export declare function validateChatRequestShape(request: Partial<ChatGuardrailRequest>): ChatGuardrailRule[];
+export declare function validateScope(request: ChatGuardrailRequest): ChatGuardrailRule[];
+export declare function scopeFor(request: ChatGuardrailRequest): ChatGuardrailScope;
+export declare function emptyScope(): ChatGuardrailScope;

package/dist/security/chat-guardrail-validation.js

@@ -0,0 +1,64 @@
+export function validateChatRequestShape(request) {
+    return [
+        requiredRule("chat.input.request-id", "request id", request.requestId),
+        requiredRule("chat.input.tenant-id", "tenant id", request.tenantId),
+        requiredRule("chat.input.workspace-id", "workspace id", request.workspaceId),
+        requiredRule("chat.input.actor", "actor", request.actor),
+        requiredRule("chat.input.action", "action", request.action),
+        requiredRule("chat.input.sink", "sink", request.sink),
+        requiredRule("chat.input.sink-kind", "sink kind", request.sink?.kind),
+        requiredRule("chat.input.resource", "resource", request.resource),
+        requiredRule("chat.input.segments", "segments", request.segments),
+    ].filter((rule) => rule !== null);
+}
+export function validateScope(request) {
+    const rules = [
+        requiredRule("chat.scope.actor-tenant", "actor tenant id", request.actor.tenantId),
+        requiredRule("chat.scope.actor-workspace", "actor workspace id", request.actor.workspaceId),
+        requiredRule("chat.scope.resource-tenant", "resource tenant id", request.resource.tenantId),
+        requiredRule("chat.scope.resource-workspace", "resource workspace id", request.resource.workspaceId),
+    ].filter((rule) => rule !== null);
+    if (rules.length > 0)
+        return rules;
+    if (request.tenantId !== request.actor.tenantId ||
+        request.tenantId !== request.resource.tenantId) {
+        return [
+            {
+                ruleId: "chat.scope.tenant-mismatch",
+                reason: "request scope is not authorized for this tenant",
+            },
+        ];
+    }
+    if (request.workspaceId !== request.actor.workspaceId ||
+        request.workspaceId !== request.resource.workspaceId) {
+        return [
+            {
+                ruleId: "chat.scope.workspace-mismatch",
+                reason: "request scope is not authorized for this workspace",
+            },
+        ];
+    }
+    return [];
+}
+export function scopeFor(request) {
+    return {
+        tenantId: request.tenantId,
+        workspaceId: request.workspaceId,
+        resourceTenantId: request.resource.tenantId,
+        resourceWorkspaceId: request.resource.workspaceId,
+    };
+}
+export function emptyScope() {
+    return {
+        tenantId: "unknown",
+        workspaceId: "unknown",
+        resourceTenantId: "unknown",
+        resourceWorkspaceId: "unknown",
+    };
+}
+function requiredRule(ruleId, label, value) {
+    if (value)
+        return null;
+    return { ruleId, reason: `missing ${label}` };
+}
+//# sourceMappingURL=chat-guardrail-validation.js.map

package/dist/security/chat-guardrail-validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chat-guardrail-validation.js","sourceRoot":"","sources":["../../src/security/chat-guardrail-validation.ts"],"names":[],"mappings":"AAUA,MAAM,UAAU,wBAAwB,CACtC,OAAsC;IAEtC,OAAO;QACL,YAAY,CAAC,uBAAuB,EAAE,YAAY,EAAE,OAAO,CAAC,SAAS,CAAC;QACtE,YAAY,CAAC,sBAAsB,EAAE,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC;QACnE,YAAY,CACV,yBAAyB,EACzB,cAAc,EACd,OAAO,CAAC,WAAW,CACpB;QACD,YAAY,CAAC,kBAAkB,EAAE,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC;QACxD,YAAY,CAAC,mBAAmB,EAAE,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC;QAC3D,YAAY,CAAC,iBAAiB,EAAE,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC;QACrD,YAAY,CAAC,sBAAsB,EAAE,WAAW,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC;QACrE,YAAY,CAAC,qBAAqB,EAAE,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC;QACjE,YAAY,CAAC,qBAAqB,EAAE,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC;KAClE,CAAC,MAAM,CAAC,CAAC,IAAI,EAA6B,EAAE,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,aAAa,CAC3B,OAA6B;IAE7B,MAAM,KAAK,GAAG;QACZ,YAAY,CACV,yBAAyB,EACzB,iBAAiB,EACjB,OAAO,CAAC,KAAK,CAAC,QAAQ,CACvB;QACD,YAAY,CACV,4BAA4B,EAC5B,oBAAoB,EACpB,OAAO,CAAC,KAAK,CAAC,WAAW,CAC1B;QACD,YAAY,CACV,4BAA4B,EAC5B,oBAAoB,EACpB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAC1B;QACD,YAAY,CACV,+BAA+B,EAC/B,uBAAuB,EACvB,OAAO,CAAC,QAAQ,CAAC,WAAW,CAC7B;KACF,CAAC,MAAM,CAAC,CAAC,IAAI,EAA6B,EAAE,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IAC7D,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,IACE,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,KAAK,CAAC,QAAQ;QAC3C,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAC9C,CAAC;QACD,OAAO;YACL;gBACE,MAAM,EAAE,4BAA4B;gBACpC,MAAM,EAAE,iDAAiD;aAC1D;SACF,CAAC;IACJ,CAAC;IACD,IACE,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,KAAK,CAAC,WAAW;QACjD,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,WAAW,EACpD,CAAC;QACD,OAAO;YACL;gBACE,MAAM,EAAE,+BAA+B;gBACvC,MAAM,EAAE,oDAAoD;aAC7D;SACF,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,OAA6B;IACpD,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,gBAAgB,EAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ;QAC3C,mBAAmB,EAAE,OAAO,CAAC,QAAQ,CAAC,WAAW;KAClD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO;QACL,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,SAAS;QACtB,gBAAgB,EAAE,SAAS;QAC3B,mBAAmB,EAAE,SAAS;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CACnB,MAAc,EACd,KAAa,EACb,KAAc;IAEd,IAAI,KAAK;QAAE,OAAO,IAAI,CAAC;IACvB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,KAAK,EAAE,EAAE,CAAC;AAChD,CAAC"}

package/dist/security/chat-guardrails.d.ts

@@ -0,0 +1,3 @@
+import type { ChatGuardrailDecision, ChatGuardrailRequest } from "./chat-guardrail-types.js";
+export { chatOutcomeForPolicy } from "./chat-guardrail-policy.js";
+export declare function evaluateChatGuardrail(request: Partial<ChatGuardrailRequest>): ChatGuardrailDecision;

package/dist/security/chat-guardrails.js

@@ -0,0 +1,136 @@
+import { evaluateSecurityPolicy } from "./policy-engine.js";
+import { intakePromptPacket } from "./prompt-intake.js";
+import { redactPromptSegments } from "./redaction.js";
+import { chatOutcomeForPolicy, highestClassification, policyActionFor, policyResourceFor, policySubjectFor, } from "./chat-guardrail-policy.js";
+import { emptyScope, scopeFor, validateChatRequestShape, validateScope, } from "./chat-guardrail-validation.js";
+export { chatOutcomeForPolicy } from "./chat-guardrail-policy.js";
+const unsafeToolFindingKinds = [
+    "pathTraversal",
+    "shellLike",
+    "unsafeUrl",
+];
+export function evaluateChatGuardrail(request) {
+    const shapeRules = validateChatRequestShape(request);
+    if (shapeRules.length > 0) {
+        return chatDecisionFromRules(request.requestId, shapeRules);
+    }
+    const scopedRequest = request;
+    const scopeRules = validateScope(scopedRequest);
+    const scope = scopeFor(scopedRequest);
+    if (scopeRules.length > 0) {
+        return chatDecisionFromRules(scopedRequest.requestId, scopeRules, scope);
+    }
+    try {
+        const rawSegments = intakePromptPacket({
+            segments: scopedRequest.segments,
+        });
+        const redactionReport = scopedRequest.redactionReportOverride ??
+            redactPromptSegments(rawSegments);
+        const policySegments = policySegmentsFor(scopedRequest, rawSegments, redactionReport);
+        const unsafeToolRules = unsafeToolRequestRules(scopedRequest.action, rawSegments);
+        if (unsafeToolRules.length > 0) {
+            return chatDecisionFromRules(scopedRequest.requestId, unsafeToolRules, scope, redactionReport, policySegments);
+        }
+        const policyDecision = evaluateSecurityPolicy({
+            requestId: scopedRequest.requestId,
+            subject: policySubjectFor(scopedRequest),
+            action: policyActionFor(scopedRequest.action, scopedRequest.resource),
+            resource: policyResourceFor(scopedRequest.resource),
+            sink: scopedRequest.sink.kind,
+            dataClassification: highestClassification(policySegments),
+            segments: policySegments,
+            redactionReport,
+        });
+        return chatDecisionFromPolicy(scopedRequest, scope, policyDecision, redactionReport, policySegments);
+    }
+    catch {
+        return chatDecisionFromRules(scopedRequest.requestId, [
+            {
+                ruleId: "chat.guardrail.exception",
+                reason: "chat guardrail failed closed",
+            },
+        ], scope);
+    }
+}
+function unsafeToolRequestRules(action, segments) {
+    if (action !== "toolRequest")
+        return [];
+    return segments.flatMap((segment) => segment.classification.findings
+        .filter((finding) => isUnsafeToolFinding(finding.kind))
+        .map((finding) => ({
+        ruleId: `chat.tool.block.${finding.kind}`,
+        reason: `segment ${segment.id} matched unsafe tool request content`,
+    })));
+}
+function isUnsafeToolFinding(kind) {
+    return unsafeToolFindingKinds.some((unsafeKind) => unsafeKind === kind);
+}
+function policySegmentsFor(request, rawSegments, redactionReport) {
+    return redactionReport.redactedSegments.map((redactedSegment, index) => {
+        const rawSegment = rawSegments[index];
+        return intakePromptPacket({
+            segments: [
+                {
+                    id: redactedSegment.id,
+                    kind: rawSegment?.kind ?? "unknown",
+                    provenance: rawSegment?.provenance ?? "unknown",
+                    sink: request.sink.kind,
+                    text: redactedSegment.text,
+                },
+            ],
+        })[0];
+    });
+}
+function chatDecisionFromPolicy(request, scope, policyDecision, redactionReport, policySegments) {
+    const outcome = chatOutcomeForPolicy(policyDecision.outcome);
+    const decision = {
+        requestId: request.requestId,
+        outcome,
+        policyOutcome: policyDecision.outcome,
+        matchedRuleIds: policyDecision.matchedRuleIds,
+        redactionStatus: policyDecision.redactionStatus,
+        redactedSegments: redactionReport.redactedSegments,
+        sanitizedReasons: [
+            ...policyDecision.sanitizedReasons,
+            ...redactionReport.sanitizedReasons,
+        ],
+        evidenceSummary: `${outcome}: chat guardrail mapped ${policyDecision.outcome}`,
+        scope,
+        canProceed: outcome === "allow",
+        policySegments,
+    };
+    if (outcome === "defer") {
+        decision.humanReview = {
+            required: true,
+            reason: policyDecision.sanitizedReasons[0] ?? "human review required",
+            decisionId: request.requestId,
+            matchedRuleIds: policyDecision.matchedRuleIds,
+            redactionStatus: policyDecision.redactionStatus,
+            scope,
+        };
+    }
+    return decision;
+}
+function chatDecisionFromRules(requestId, rules, scope = emptyScope(), redactionReport = emptyRedactionReport(), policySegments = []) {
+    return {
+        requestId: requestId ?? "unknown",
+        outcome: "block",
+        policyOutcome: "deny",
+        matchedRuleIds: rules.map((rule) => rule.ruleId),
+        redactionStatus: redactionReport.status,
+        redactedSegments: redactionReport.redactedSegments,
+        sanitizedReasons: rules.map((rule) => rule.reason),
+        evidenceSummary: "block: chat guardrail failed closed",
+        scope,
+        canProceed: false,
+        policySegments,
+    };
+}
+function emptyRedactionReport() {
+    return {
+        status: "unsafeUnredacted",
+        redactedSegments: [],
+        sanitizedReasons: ["redaction unavailable"],
+    };
+}
+//# sourceMappingURL=chat-guardrails.js.map