@jterrats/open-orchestra 1.0.17 → 1.0.18

package/dist/web-console/index.html

@@ -4,8 +4,8 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Open Orchestra Local workflow console</title>
-    <script type="module" crossorigin src="/assets/index-BJuVTqfQ.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-BHs7OIv8.css">
+    <script type="module" crossorigin src="/assets/index-CVDOfipu.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-CJup1cIA.css">
   </head>
   <body>
     <div id="root"></div>

package/dist/web-evidence.d.ts

@@ -15,7 +15,7 @@ export interface WebEvidenceEntry {
 export interface WebArtifactReadResult {
     path: string;
     contentType: string;
-    content: string;
+    content: Buffer;
 }
 export declare function listWebEvidence(root: string, filters?: {
     task?: string;

package/dist/web-evidence.js

@@ -17,7 +17,7 @@ export async function readWorkspaceArtifact(root, relativePath) {
     return {
         path: relativePath,
         contentType: contentTypeForPath(relativePath),
-        content: await readFile(filePath, "utf8"),
+        content: await readFile(filePath),
     };
 }
 export function resolveWorkspaceLocalPath(root, relativePath) {
@@ -53,9 +53,16 @@ async function toWebEvidenceEntry(root, event) {
 }
 function contentTypeForPath(filePath) {
     const extension = path.extname(filePath).toLowerCase();
-    if (extension === ".md" || extension === ".txt" || extension === ".log") {
+    if (extension === ".md" ||
+        extension === ".mmd" ||
+        extension === ".mermaid" ||
+        extension === ".txt" ||
+        extension === ".log") {
         return "text/plain; charset=utf-8";
     }
+    if (extension === ".drawio" || extension === ".xml") {
+        return "application/xml; charset=utf-8";
+    }
     if (extension === ".json") {
         return "application/json; charset=utf-8";
     }

package/dist/web-evidence.js.map

@@ -1 +1 @@
-{"version":3,"file":"web-evidence.js","sourceRoot":"","sources":["../src/web-evidence.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAyBtD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAY,EACZ,UAA4C,EAAE;IAE9C,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI;QAC3B,CAAC,CAAC,MAAM,CAAC,MAAM,CACX,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC,IAAI,CAC9D;QACH,CAAC,CAAC,MAAM,CAAC;IACX,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,IAAY,EACZ,YAAoB;IAEpB,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC/D,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,4BAA4B,YAAY,EAAE,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,kBAAkB,CAAC,YAAY,CAAC;QAC7C,OAAO,EAAE,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;KAC1C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,IAAY,EACZ,YAAoB;IAEpB,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IACD,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;IAC5D,IACE,QAAQ,KAAK,cAAc;QAC3B,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,EACpD,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,IAAY,EACZ,KAAiB;IAEjB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CACjC,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;QAC7C,MAAM,cAAc,GAAG,MAAM,MAAM,CACjC,yBAAyB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAC1C,CAAC;QACF,MAAM,IAAI,GAAoB,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;QACzE,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,GAAG,GAAG,uBAAuB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CACH,CAAC;IACF,OAAO;QACL,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,IAAI,SAAS,CAAC;QAC9C,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS;KACV,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAgB;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IACvD,IAAI,SAAS,KAAK,KAAK,IAAI,SAAS,KAAK,MAAM,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;QACxE,OAAO,2BAA2B,CAAC;IACrC,CAAC;IACD,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;QAC1B,OAAO,iCAAiC,CAAC;IAC3C,CAAC;IACD,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;QACzB,OAAO,8BAA8B,CAAC;IACxC,CAAC;IACD,OAAO,0BAA0B,CAAC;AACpC,CAAC"}
+{"version":3,"file":"web-evidence.js","sourceRoot":"","sources":["../src/web-evidence.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAyBtD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAY,EACZ,UAA4C,EAAE;IAE9C,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI;QAC3B,CAAC,CAAC,MAAM,CAAC,MAAM,CACX,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC,IAAI,CAC9D;QACH,CAAC,CAAC,MAAM,CAAC;IACX,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,IAAY,EACZ,YAAoB;IAEpB,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC/D,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,4BAA4B,YAAY,EAAE,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,kBAAkB,CAAC,YAAY,CAAC;QAC7C,OAAO,EAAE,MAAM,QAAQ,CAAC,QAAQ,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,IAAY,EACZ,YAAoB;IAEpB,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IACD,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;IAC5D,IACE,QAAQ,KAAK,cAAc;QAC3B,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,EACpD,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,IAAY,EACZ,KAAiB;IAEjB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CACjC,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;QAC7C,MAAM,cAAc,GAAG,MAAM,MAAM,CACjC,yBAAyB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAC1C,CAAC;QACF,MAAM,IAAI,GAAoB,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;QACzE,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,GAAG,GAAG,uBAAuB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CACH,CAAC;IACF,OAAO;QACL,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,IAAI,SAAS,CAAC;QAC9C,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS;KACV,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAgB;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IACvD,IACE,SAAS,KAAK,KAAK;QACnB,SAAS,KAAK,MAAM;QACpB,SAAS,KAAK,UAAU;QACxB,SAAS,KAAK,MAAM;QACpB,SAAS,KAAK,MAAM,EACpB,CAAC;QACD,OAAO,2BAA2B,CAAC;IACrC,CAAC;IACD,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;QACpD,OAAO,gCAAgC,CAAC;IAC1C,CAAC;IACD,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;QAC1B,OAAO,iCAAiC,CAAC;IAC3C,CAAC;IACD,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;QACzB,OAAO,8BAA8B,CAAC;IACxC,CAAC;IACD,OAAO,0BAA0B,CAAC;AACpC,CAAC"}

package/dist/web-public-route-inputs.d.ts

@@ -0,0 +1,14 @@
+import type http from "node:http";
+import type { PublicApiCreateMessageInput, PublicApiCreateThreadInput, PublicApiListInput, PublicApiThreadInput } from "./types/public-api.js";
+export interface PublicCreateThreadRequest {
+    input: PublicApiCreateThreadInput;
+    bodyHash: string;
+}
+export interface PublicCreateMessageRequest {
+    input: PublicApiCreateMessageInput;
+}
+export declare function listInput(url: URL, requestId: string): PublicApiListInput;
+export declare function threadInput(requestId: string, threadId: string): PublicApiThreadInput;
+export declare function createThreadInput(request: http.IncomingMessage, url: URL): Promise<PublicCreateThreadRequest>;
+export declare function createMessageInput(request: http.IncomingMessage, url: URL, threadId: string): Promise<PublicCreateMessageRequest>;
+export declare function requestIdFromRequest(request: http.IncomingMessage, url: URL): string;

package/dist/web-public-route-inputs.js

@@ -0,0 +1,136 @@
+import { createHash } from "node:crypto";
+import { ChatApiError } from "./chat-api-errors.js";
+import { safeJsonBody } from "./web-chat-route-inputs.js";
+const MAX_PAGE_SIZE = 100;
+const MAX_REQUEST_ID_LENGTH = 128;
+const MAX_THREAD_ID_LENGTH = 160;
+const MAX_TITLE_LENGTH = 200;
+const MAX_MESSAGE_TEXT_LENGTH = 8_000;
+const MAX_CURSOR_LENGTH = 512;
+const MAX_IDEMPOTENCY_KEY_LENGTH = 180;
+const FORBIDDEN_FIELDS = [
+    "actor",
+    "apiKey",
+    "baseUrl",
+    "model",
+    "phase",
+    "provider",
+    "runId",
+    "scope",
+    "sessionId",
+    "taskId",
+    "tenantId",
+    "workspaceId",
+];
+export function listInput(url, requestId) {
+    return {
+        requestId,
+        ...optionalPaging(url, requestId),
+    };
+}
+export function threadInput(requestId, threadId) {
+    return {
+        requestId,
+        threadId: requiredText(boundedStringValue(threadId, "threadId", requestId, MAX_THREAD_ID_LENGTH), "threadId", requestId),
+    };
+}
+export async function createThreadInput(request, url) {
+    const requestId = requestIdFromRequest(request, url);
+    const body = objectBody(await safeJsonBody(request), requestId);
+    assertNoForbiddenFields(body, requestId);
+    const title = stringField(body, "title", requestId, MAX_TITLE_LENGTH);
+    const idempotencyKey = optionalHeaderValue(request.headers["idempotency-key"], "Idempotency-Key header", requestId, MAX_IDEMPOTENCY_KEY_LENGTH);
+    return {
+        input: {
+            requestId,
+            title,
+            ...(idempotencyKey ? { idempotencyKey } : {}),
+        },
+        bodyHash: digestBody({ title }),
+    };
+}
+export async function createMessageInput(request, url, threadId) {
+    const requestId = requestIdFromRequest(request, url);
+    const body = objectBody(await safeJsonBody(request), requestId);
+    assertNoForbiddenFields(body, requestId);
+    const idempotencyKey = requiredText(optionalHeaderValue(request.headers["idempotency-key"], "Idempotency-Key header", requestId, MAX_IDEMPOTENCY_KEY_LENGTH), "Idempotency-Key header", requestId);
+    const formatValue = stringValue(body.format);
+    return {
+        input: {
+            requestId,
+            threadId: requiredText(boundedStringValue(threadId, "threadId", requestId, MAX_THREAD_ID_LENGTH), "threadId", requestId),
+            idempotencyKey,
+            text: stringField(body, "text", requestId, MAX_MESSAGE_TEXT_LENGTH),
+            ...(formatValue === "markdown" ? { format: "markdown" } : {}),
+        },
+    };
+}
+export function requestIdFromRequest(request, url) {
+    return (optionalHeaderValue(request.headers["x-request-id"], "X-Request-Id header", "public-request", MAX_REQUEST_ID_LENGTH) ??
+        boundedStringValue(url.searchParams.get("requestId"), "requestId", "public-request", MAX_REQUEST_ID_LENGTH) ??
+        "public-request");
+}
+function optionalPaging(url, requestId) {
+    const limitParam = url.searchParams.get("limit");
+    const cursor = boundedStringValue(url.searchParams.get("cursor"), "cursor", requestId, MAX_CURSOR_LENGTH);
+    if (limitParam === null) {
+        return cursor ? { cursor } : {};
+    }
+    const limit = Number(limitParam);
+    if (!Number.isInteger(limit) || limit < 1 || limit > MAX_PAGE_SIZE) {
+        throw invalidRequest("limit must be an integer between 1 and 100", requestId);
+    }
+    return {
+        limit,
+        ...(cursor ? { cursor } : {}),
+    };
+}
+function assertNoForbiddenFields(body, requestId) {
+    for (const field of FORBIDDEN_FIELDS) {
+        if (field in body) {
+            throw invalidRequest(`${field} is not allowed in the public API contract`, requestId);
+        }
+    }
+}
+function digestBody(body) {
+    return createHash("sha256").update(JSON.stringify(body)).digest("base64url");
+}
+function objectBody(body, requestId) {
+    if (typeof body !== "object" || body === null || Array.isArray(body)) {
+        throw invalidRequest("JSON object body is required", requestId);
+    }
+    return body;
+}
+function stringField(body, field, requestId, maxLength) {
+    return requiredText(boundedStringValue(body[field], field, requestId, maxLength), field, requestId);
+}
+function requiredText(value, field, requestId) {
+    if (!value) {
+        throw invalidRequest(`${field} is required`, requestId);
+    }
+    return value;
+}
+function boundedStringValue(value, field, requestId, maxLength) {
+    if (typeof value !== "string")
+        return undefined;
+    const normalized = value.trim();
+    if (!normalized)
+        return undefined;
+    if (normalized.length > maxLength) {
+        throw invalidRequest(`${field} is too long`, requestId);
+    }
+    return normalized;
+}
+function stringValue(value) {
+    return typeof value === "string" && value.trim() ? value.trim() : undefined;
+}
+function optionalHeaderValue(value, field, requestId, maxLength) {
+    if (Array.isArray(value)) {
+        throw invalidRequest(`${field} must have a single value`, requestId);
+    }
+    return boundedStringValue(value, field, requestId, maxLength);
+}
+function invalidRequest(message, requestId) {
+    return new ChatApiError("invalid_request", message, 400, requestId);
+}
+//# sourceMappingURL=web-public-route-inputs.js.map

package/dist/web-public-route-inputs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"web-public-route-inputs.js","sourceRoot":"","sources":["../src/web-public-route-inputs.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAQ1D,MAAM,aAAa,GAAG,GAAG,CAAC;AAC1B,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACjC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,uBAAuB,GAAG,KAAK,CAAC;AACtC,MAAM,iBAAiB,GAAG,GAAG,CAAC;AAC9B,MAAM,0BAA0B,GAAG,GAAG,CAAC;AACvC,MAAM,gBAAgB,GAAG;IACvB,OAAO;IACP,QAAQ;IACR,SAAS;IACT,OAAO;IACP,OAAO;IACP,UAAU;IACV,OAAO;IACP,OAAO;IACP,WAAW;IACX,QAAQ;IACR,UAAU;IACV,aAAa;CACL,CAAC;AAeX,MAAM,UAAU,SAAS,CAAC,GAAQ,EAAE,SAAiB;IACnD,OAAO;QACL,SAAS;QACT,GAAG,cAAc,CAAC,GAAG,EAAE,SAAS,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,SAAiB,EACjB,QAAgB;IAEhB,OAAO;QACL,SAAS;QACT,QAAQ,EAAE,YAAY,CACpB,kBAAkB,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,oBAAoB,CAAC,EACzE,UAAU,EACV,SAAS,CACV;KACF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAA6B,EAC7B,GAAQ;IAER,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC;IAChE,uBAAuB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;IACtE,MAAM,cAAc,GAAG,mBAAmB,CACxC,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAClC,wBAAwB,EACxB,SAAS,EACT,0BAA0B,CAC3B,CAAC;IACF,OAAO;QACL,KAAK,EAAE;YACL,SAAS;YACT,KAAK;YACL,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC9C;QACD,QAAQ,EAAE,UAAU,CAAC,EAAE,KAAK,EAAE,CAAC;KAChC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAA6B,EAC7B,GAAQ,EACR,QAAgB;IAEhB,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC;IAChE,uBAAuB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACzC,MAAM,cAAc,GAAG,YAAY,CACjC,mBAAmB,CACjB,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAClC,wBAAwB,EACxB,SAAS,EACT,0BAA0B,CAC3B,EACD,wBAAwB,EACxB,SAAS,CACV,CAAC;IACF,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO;QACL,KAAK,EAAE;YACL,SAAS;YACT,QAAQ,EAAE,YAAY,CACpB,kBAAkB,CAChB,QAAQ,EACR,UAAU,EACV,SAAS,EACT,oBAAoB,CACrB,EACD,UAAU,EACV,SAAS,CACV;YACD,cAAc;YACd,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,uBAAuB,CAAC;YACnE,GAAG,CAAC,WAAW,KAAK,UAAU,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,UAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvE;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,OAA6B,EAC7B,GAAQ;IAER,OAAO,CACL,mBAAmB,CACjB,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,EAC/B,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,CACtB;QACD,kBAAkB,CAChB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,EACjC,WAAW,EACX,gBAAgB,EAChB,qBAAqB,CACtB;QACD,gBAAgB,CACjB,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,GAAQ,EAAE,SAAiB;IACjD,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,kBAAkB,CAC/B,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC9B,QAAQ,EACR,SAAS,EACT,iBAAiB,CAClB,CAAC;IACF,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAClC,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IACjC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,aAAa,EAAE,CAAC;QACnE,MAAM,cAAc,CAClB,4CAA4C,EAC5C,SAAS,CACV,CAAC;IACJ,CAAC;IACD,OAAO;QACL,KAAK;QACL,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9B,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAAC,IAAiB,EAAE,SAAiB;IACnE,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACrC,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;YAClB,MAAM,cAAc,CAClB,GAAG,KAAK,4CAA4C,EACpD,SAAS,CACV,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,IAAuB;IACzC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,UAAU,CAAC,IAAa,EAAE,SAAiB;IAClD,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACrE,MAAM,cAAc,CAAC,8BAA8B,EAAE,SAAS,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,IAAmB,CAAC;AAC7B,CAAC;AAED,SAAS,WAAW,CAClB,IAAiB,EACjB,KAAa,EACb,SAAiB,EACjB,SAAiB;IAEjB,OAAO,YAAY,CACjB,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,CAAC,EAC5D,KAAK,EACL,SAAS,CACV,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CACnB,KAAyB,EACzB,KAAa,EACb,SAAiB;IAEjB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,cAAc,CAAC,GAAG,KAAK,cAAc,EAAE,SAAS,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,kBAAkB,CACzB,KAAc,EACd,KAAa,EACb,SAAiB,EACjB,SAAiB;IAEjB,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAChD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,UAAU;QAAE,OAAO,SAAS,CAAC;IAClC,IAAI,UAAU,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAClC,MAAM,cAAc,CAAC,GAAG,KAAK,cAAc,EAAE,SAAS,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9E,CAAC;AAED,SAAS,mBAAmB,CAC1B,KAAoC,EACpC,KAAa,EACb,SAAiB,EACjB,SAAiB;IAEjB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,cAAc,CAAC,GAAG,KAAK,2BAA2B,EAAE,SAAS,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,SAAiB;IACxD,OAAO,IAAI,YAAY,CAAC,iBAAiB,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;AACtE,CAAC"}

package/dist/web-public-routes.d.ts

@@ -0,0 +1,6 @@
+import type http from "node:http";
+export interface WebPublicRouteResult {
+    status: number;
+    body: unknown;
+}
+export declare function handleWebPublicRoute(request: http.IncomingMessage, root: string, url: URL): Promise<WebPublicRouteResult | null>;

package/dist/web-public-routes.js

@@ -0,0 +1,194 @@
+import { createLocalChatStorage } from "./chat-storage-local.js";
+import { ChatApiError, ChatApiService } from "./chat-api-service.js";
+import { enforceRestrictedIngressQuarantine } from "./security/restricted-content-quarantine.js";
+import { createMessageInput, createThreadInput, listInput, requestIdFromRequest, threadInput, } from "./web-public-route-inputs.js";
+import { authenticatePublicApiRequest, workspaceKeyForRoot, } from "./security/public-api-auth.js";
+import { admitPublicApiRequest } from "./security/public-api-policy.js";
+import { WebPublicService } from "./web-public-service.js";
+export async function handleWebPublicRoute(request, root, url) {
+    if (!url.pathname.startsWith("/api/v1"))
+        return null;
+    const storage = createLocalChatStorage({ workspaceRoot: root });
+    const chatService = new ChatApiService({
+        storage,
+        root,
+    });
+    const service = new WebPublicService({ chatService, root });
+    try {
+        return await dispatchPublicRoute(request, url, service, root);
+    }
+    catch (error) {
+        return errorResult(error, requestIdFromRequest(request, url));
+    }
+}
+async function dispatchPublicRoute(request, url, service, root) {
+    const requestId = requestIdFromRequest(request, url);
+    const context = authenticatePublicApiRequest({
+        request,
+        requestId,
+        workspaceKey: workspaceKeyForRoot(root),
+    });
+    const admission = admitPublicApiRequest({
+        key: context.rateLimitKey,
+        requestId,
+    });
+    try {
+        return await dispatchAuthorizedPublicRoute(request, url, service, root, context);
+    }
+    finally {
+        admission.release();
+    }
+}
+async function dispatchAuthorizedPublicRoute(request, url, service, root, context) {
+    if (request.method === "GET" && url.pathname === "/api/v1/models") {
+        return { status: 200, body: await service.listModels(context.requestId) };
+    }
+    if (request.method === "GET" && url.pathname === "/api/v1/threads") {
+        return {
+            status: 200,
+            body: await service.listThreads(listInput(url, context.requestId), context),
+        };
+    }
+    if (request.method === "POST" && url.pathname === "/api/v1/threads") {
+        const parsed = await createThreadInput(request, url);
+        await quarantinePublicThreadInput(root, parsed.input, context);
+        return {
+            status: 201,
+            body: await service.createThread(parsed.input, parsed.bodyHash, context),
+        };
+    }
+    const parts = url.pathname.split("/").filter(Boolean);
+    if (parts.length >= 4 &&
+        parts[0] === "api" &&
+        parts[1] === "v1" &&
+        parts[2] === "threads") {
+        const input = threadInput(requestIdFromRequest(request, url), parts[3] ?? "");
+        if (request.method === "GET" && parts.length === 4) {
+            return { status: 200, body: await service.getThread(input, context) };
+        }
+        if (request.method === "GET" && parts[4] === "messages") {
+            return {
+                status: 200,
+                body: await service.listMessages({
+                    ...input,
+                    ...listInput(url, input.requestId ?? "public-request"),
+                }, context),
+            };
+        }
+        if (request.method === "POST" && parts[4] === "messages") {
+            const parsed = await createMessageInput(request, url, input.threadId);
+            await quarantinePublicMessageInput(root, parsed.input, context);
+            return {
+                status: 201,
+                body: await service.createMessage(parsed.input, context),
+            };
+        }
+    }
+    return {
+        status: 404,
+        body: {
+            error: {
+                code: "not_found",
+                message: "requested resource was not found",
+                requestId: requestIdFromRequest(request, url),
+                retryable: false,
+            },
+        },
+    };
+}
+async function quarantinePublicThreadInput(root, input, context) {
+    await enforceRestrictedIngressQuarantine({
+        root,
+        requestId: input.requestId ?? context.requestId,
+        boundary: "public_api_ingress",
+        fields: [{ name: "title", text: input.title }],
+        actorId: context.principal.id,
+        tenantId: context.scope.tenantId,
+        workspaceId: context.scope.workspaceId,
+        taskId: context.scope.taskId,
+    });
+}
+async function quarantinePublicMessageInput(root, input, context) {
+    await enforceRestrictedIngressQuarantine({
+        root,
+        requestId: input.requestId ?? context.requestId,
+        boundary: "public_api_ingress",
+        fields: [{ name: "text", text: input.text }],
+        actorId: context.principal.id,
+        tenantId: context.scope.tenantId,
+        workspaceId: context.scope.workspaceId,
+        taskId: context.scope.taskId,
+        threadId: input.threadId,
+    });
+}
+function errorResult(error, requestId) {
+    const chatError = error instanceof ChatApiError ? mapPublicError(error) : undefined;
+    const body = {
+        error: chatError ?? {
+            code: "internal_error",
+            message: "public API request failed",
+            requestId,
+            retryable: false,
+        },
+    };
+    return { status: chatError?.status ?? 500, body };
+}
+function mapPublicError(error) {
+    if (error.code === "thread_not_found") {
+        return {
+            code: "not_found",
+            message: "requested resource was not found",
+            requestId: error.requestId,
+            retryable: false,
+            status: 404,
+        };
+    }
+    if (error.code === "invalid_cursor") {
+        return {
+            code: "invalid_request",
+            message: "request parameters are invalid",
+            requestId: error.requestId,
+            retryable: false,
+            status: 400,
+        };
+    }
+    if (error.code === "invalid_request" ||
+        error.code === "invalid_json" ||
+        error.code === "payload_too_large" ||
+        error.code === "idempotency_conflict" ||
+        error.code === "policy_blocked" ||
+        error.code === "rate_limited" ||
+        error.code === "unauthorized") {
+        return {
+            code: error.code,
+            message: safePublicMessage(error.code, error.message),
+            requestId: error.requestId,
+            retryable: error.retryable,
+            status: error.status,
+        };
+    }
+    return {
+        code: "internal_error",
+        message: "public API request failed",
+        requestId: error.requestId,
+        retryable: false,
+        status: 500,
+    };
+}
+function safePublicMessage(code, message) {
+    if (code === "invalid_json")
+        return "request body must be valid JSON";
+    if (code === "payload_too_large")
+        return "request body is too large";
+    if (code === "policy_blocked")
+        return "request was blocked by policy";
+    if (code === "rate_limited")
+        return "too many requests";
+    if (code === "unauthorized")
+        return "authentication is required";
+    return sanitize(message);
+}
+function sanitize(message) {
+    return message.replace(/\/Users\/[^ ]+/gu, "[path]").slice(0, 240);
+}
+//# sourceMappingURL=web-public-routes.js.map

package/dist/web-public-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"web-public-routes.js","sourceRoot":"","sources":["../src/web-public-routes.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,kCAAkC,EAAE,MAAM,6CAA6C,CAAC;AACjG,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACT,oBAAoB,EACpB,WAAW,GACZ,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,4BAA4B,EAC5B,mBAAmB,GACpB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAa3D,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAA6B,EAC7B,IAAY,EACZ,GAAQ;IAER,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,MAAM,OAAO,GAAG,sBAAsB,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAChE,MAAM,WAAW,GAAG,IAAI,cAAc,CAAC;QACrC,OAAO;QACP,IAAI;KACL,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,IAAI,gBAAgB,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5D,IAAI,CAAC;QACH,OAAO,MAAM,mBAAmB,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,WAAW,CAAC,KAAK,EAAE,oBAAoB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,OAA6B,EAC7B,GAAQ,EACR,OAAyB,EACzB,IAAY;IAEZ,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,4BAA4B,CAAC;QAC3C,OAAO;QACP,SAAS;QACT,YAAY,EAAE,mBAAmB,CAAC,IAAI,CAAC;KACxC,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,qBAAqB,CAAC;QACtC,GAAG,EAAE,OAAO,CAAC,YAAY;QACzB,SAAS;KACV,CAAC,CAAC;IACH,IAAI,CAAC;QACH,OAAO,MAAM,6BAA6B,CACxC,OAAO,EACP,GAAG,EACH,OAAO,EACP,IAAI,EACJ,OAAO,CACR,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,SAAS,CAAC,OAAO,EAAE,CAAC;IACtB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,6BAA6B,CAC1C,OAA6B,EAC7B,GAAQ,EACR,OAAyB,EACzB,IAAY,EACZ,OAA6B;IAE7B,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;QAClE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;IAC5E,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,QAAQ,KAAK,iBAAiB,EAAE,CAAC;QACnE,OAAO;YACL,MAAM,EAAE,GAAG;YACX,IAAI,EAAE,MAAM,OAAO,CAAC,WAAW,CAC7B,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,SAAS,CAAC,EACjC,OAAO,CACR;SACF,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,QAAQ,KAAK,iBAAiB,EAAE,CAAC;QACpE,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACrD,MAAM,2BAA2B,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC/D,OAAO;YACL,MAAM,EAAE,GAAG;YACX,IAAI,EAAE,MAAM,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACtD,IACE,KAAK,CAAC,MAAM,IAAI,CAAC;QACjB,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK;QAClB,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI;QACjB,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,EACtB,CAAC;QACD,MAAM,KAAK,GAAG,WAAW,CACvB,oBAAoB,CAAC,OAAO,EAAE,GAAG,CAAC,EAClC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CACf,CAAC;QACF,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnD,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC;QACxE,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE,CAAC;YACxD,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,MAAM,OAAO,CAAC,YAAY,CAC9B;oBACE,GAAG,KAAK;oBACR,GAAG,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,SAAS,IAAI,gBAAgB,CAAC;iBACvD,EACD,OAAO,CACR;aACF,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE,CAAC;YACzD,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;YACtE,MAAM,4BAA4B,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAChE,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,MAAM,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC;aACzD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,GAAG;QACX,IAAI,EAAE;YACJ,KAAK,EAAE;gBACL,IAAI,EAAE,WAAW;gBACjB,OAAO,EAAE,kCAAkC;gBAC3C,SAAS,EAAE,oBAAoB,CAAC,OAAO,EAAE,GAAG,CAAC;gBAC7C,SAAS,EAAE,KAAK;aACjB;SACF;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,IAAY,EACZ,KAAiC,EACjC,OAA6B;IAE7B,MAAM,kCAAkC,CAAC;QACvC,IAAI;QACJ,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS;QAC/C,QAAQ,EAAE,oBAAoB;QAC9B,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC;QAC9C,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE;QAC7B,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ;QAChC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,WAAW;QACtC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,MAAM;KAC7B,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,4BAA4B,CACzC,IAAY,EACZ,KAAkC,EAClC,OAA6B;IAE7B,MAAM,kCAAkC,CAAC;QACvC,IAAI;QACJ,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS;QAC/C,QAAQ,EAAE,oBAAoB;QAC9B,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;QAC5C,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE;QAC7B,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ;QAChC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,WAAW;QACtC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,MAAM;QAC5B,QAAQ,EAAE,KAAK,CAAC,QAAQ;KACzB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,KAAc,EAAE,SAAiB;IACpD,MAAM,SAAS,GACb,KAAK,YAAY,YAAY,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACpE,MAAM,IAAI,GAAuB;QAC/B,KAAK,EAAE,SAAS,IAAI;YAClB,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,2BAA2B;YACpC,SAAS;YACT,SAAS,EAAE,KAAK;SACjB;KACF,CAAC;IACF,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,IAAI,GAAG,EAAE,IAAI,EAAE,CAAC;AACpD,CAAC;AAED,SAAS,cAAc,CAAC,KAAmB;IAGzC,IAAI,KAAK,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACtC,OAAO;YACL,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,kCAAkC;YAC3C,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,GAAG;SACZ,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACpC,OAAO;YACL,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,gCAAgC;YACzC,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,GAAG;SACZ,CAAC;IACJ,CAAC;IACD,IACE,KAAK,CAAC,IAAI,KAAK,iBAAiB;QAChC,KAAK,CAAC,IAAI,KAAK,cAAc;QAC7B,KAAK,CAAC,IAAI,KAAK,mBAAmB;QAClC,KAAK,CAAC,IAAI,KAAK,sBAAsB;QACrC,KAAK,CAAC,IAAI,KAAK,gBAAgB;QAC/B,KAAK,CAAC,IAAI,KAAK,cAAc;QAC7B,KAAK,CAAC,IAAI,KAAK,cAAc,EAC7B,CAAC;QACD,OAAO;YACL,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,OAAO,EAAE,iBAAiB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC;YACrD,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;SACrB,CAAC;IACJ,CAAC;IACD,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,2BAA2B;QACpC,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS,EAAE,KAAK;QAChB,MAAM,EAAE,GAAG;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY,EAAE,OAAe;IACtD,IAAI,IAAI,KAAK,cAAc;QAAE,OAAO,iCAAiC,CAAC;IACtE,IAAI,IAAI,KAAK,mBAAmB;QAAE,OAAO,2BAA2B,CAAC;IACrE,IAAI,IAAI,KAAK,gBAAgB;QAAE,OAAO,+BAA+B,CAAC;IACtE,IAAI,IAAI,KAAK,cAAc;QAAE,OAAO,mBAAmB,CAAC;IACxD,IAAI,IAAI,KAAK,cAAc;QAAE,OAAO,4BAA4B,CAAC;IACjE,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,QAAQ,CAAC,OAAe;IAC/B,OAAO,OAAO,CAAC,OAAO,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACrE,CAAC"}

package/dist/web-public-service.d.ts

@@ -0,0 +1,16 @@
+import type { ChatApiService } from "./chat-api-service.js";
+import type { PublicApiCreateMessageInput, PublicApiCreateThreadInput, PublicApiListInput, PublicApiListMessages, PublicApiListModels, PublicApiListThreads, PublicApiMessage, PublicApiSuccess, PublicApiThread, PublicApiThreadDetail, PublicApiThreadInput } from "./types/public-api.js";
+import type { PublicApiAuthContext } from "./security/public-api-auth.js";
+export declare class WebPublicService {
+    private readonly chatService;
+    constructor({ chatService }: {
+        chatService: ChatApiService;
+        root: string;
+    });
+    listModels(requestId?: string): Promise<PublicApiSuccess<PublicApiListModels>>;
+    listThreads(input: PublicApiListInput, context: PublicApiAuthContext): Promise<PublicApiSuccess<PublicApiListThreads>>;
+    createThread(input: PublicApiCreateThreadInput, bodyHash: string, context: PublicApiAuthContext): Promise<PublicApiSuccess<PublicApiThread>>;
+    getThread(input: PublicApiThreadInput, context: PublicApiAuthContext): Promise<PublicApiSuccess<PublicApiThreadDetail>>;
+    listMessages(input: PublicApiThreadInput & PublicApiListInput, context: PublicApiAuthContext): Promise<PublicApiSuccess<PublicApiListMessages>>;
+    createMessage(input: PublicApiCreateMessageInput, context: PublicApiAuthContext): Promise<PublicApiSuccess<PublicApiMessage>>;
+}

package/dist/web-public-service.js

@@ -0,0 +1,154 @@
+import { ChatApiError } from "./chat-api-service.js";
+import { listPublicModelAliases } from "./model-aliases.js";
+const threadReplayCache = new Map();
+export class WebPublicService {
+    chatService;
+    constructor({ chatService }) {
+        this.chatService = chatService;
+    }
+    async listModels(requestId = "public-request") {
+        return {
+            data: { models: listPublicModelAliases() },
+            meta: { requestId },
+        };
+    }
+    async listThreads(input, context) {
+        const result = await this.chatService.listThreads({
+            scope: context.scope,
+            ...(input.requestId ? { requestId: input.requestId } : {}),
+            ...(input.limit !== undefined ? { limit: input.limit } : {}),
+            ...(input.cursor ? { cursor: input.cursor } : {}),
+        });
+        return {
+            data: { threads: result.data.threads.map(mapThread) },
+            meta: result.meta,
+        };
+    }
+    async createThread(input, bodyHash, context) {
+        const replayKey = replayKeyFor(input.idempotencyKey, context);
+        if (replayKey) {
+            const existing = threadReplayCache.get(replayKey);
+            if (existing) {
+                if (existing.bodyHash !== bodyHash) {
+                    throw new ChatApiError("idempotency_conflict", "idempotency key was already used with a different payload", 409, input.requestId ?? "public-request");
+                }
+                return {
+                    data: existing.thread,
+                    meta: {
+                        requestId: input.requestId ?? "public-request",
+                        idempotentReplay: true,
+                        ...(input.idempotencyKey
+                            ? { idempotencyKey: input.idempotencyKey }
+                            : {}),
+                    },
+                };
+            }
+        }
+        const created = await this.chatService.createThread({
+            scope: context.scope,
+            title: input.title,
+            actor: publicActor(context),
+            ...(input.requestId ? { requestId: input.requestId } : {}),
+        });
+        const thread = mapThread(created.data);
+        if (replayKey) {
+            threadReplayCache.set(replayKey, { bodyHash, thread });
+        }
+        return {
+            data: thread,
+            meta: {
+                ...created.meta,
+                ...(input.idempotencyKey
+                    ? { idempotencyKey: input.idempotencyKey }
+                    : {}),
+            },
+        };
+    }
+    async getThread(input, context) {
+        const result = await this.chatService.getThread({
+            scope: context.scope,
+            threadId: input.threadId,
+            ...(input.requestId ? { requestId: input.requestId } : {}),
+        });
+        return {
+            data: { thread: mapThread(result.data.thread) },
+            meta: result.meta,
+        };
+    }
+    async listMessages(input, context) {
+        const result = await this.chatService.listMessages({
+            scope: context.scope,
+            threadId: input.threadId,
+            ...(input.requestId ? { requestId: input.requestId } : {}),
+            ...(input.limit !== undefined ? { limit: input.limit } : {}),
+            ...(input.cursor ? { cursor: input.cursor } : {}),
+        });
+        return {
+            data: { messages: result.data.messages.map(mapMessage) },
+            meta: result.meta,
+        };
+    }
+    async createMessage(input, context) {
+        const result = await this.chatService.createMessage({
+            scope: context.scope,
+            threadId: input.threadId,
+            idempotencyKey: input.idempotencyKey,
+            actor: publicActor(context),
+            text: input.text,
+            ...(input.requestId ? { requestId: input.requestId } : {}),
+            ...(input.format ? { format: input.format } : {}),
+        });
+        return {
+            data: mapMessage(result.data),
+            meta: result.meta,
+        };
+    }
+}
+function replayKeyFor(idempotencyKey, context) {
+    return idempotencyKey?.trim()
+        ? `thread:${context.rateLimitKey}:${idempotencyKey.trim()}`
+        : undefined;
+}
+function publicActor(context) {
+    return {
+        kind: "human",
+        actorId: context.principal.id,
+        displayName: context.principal.displayName,
+        source: "api",
+        sessionId: context.scope.sessionId,
+    };
+}
+function mapThread(thread) {
+    return {
+        id: thread.id,
+        object: "thread",
+        title: thread.title,
+        createdAt: thread.createdAt,
+        updatedAt: thread.updatedAt,
+    };
+}
+function mapMessage(message) {
+    return {
+        id: message.id,
+        object: "message",
+        threadId: message.threadId,
+        role: publicMessageRole(message),
+        text: message.content.text,
+        format: message.content.format === "markdown" ? "markdown" : "plain_text",
+        createdAt: message.createdAt,
+    };
+}
+function publicMessageRole(message) {
+    if (message.actor?.kind === "human")
+        return "user";
+    if (message.actor?.kind === "parent_agent" ||
+        message.actor?.kind === "subagent" ||
+        message.actor?.kind === "provider_agent") {
+        return "agent";
+    }
+    if (message.timelineEvent || message.content.format === "workflow_event") {
+        return "system";
+    }
+    return "system";
+}
+//# sourceMappingURL=web-public-service.js.map

package/dist/web-public-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"web-public-service.js","sourceRoot":"","sources":["../src/web-public-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAsB5D,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAA8B,CAAC;AAEhE,MAAM,OAAO,gBAAgB;IACV,WAAW,CAAiB;IAE7C,YAAY,EAAE,WAAW,EAAiD;QACxE,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,UAAU,CACd,SAAS,GAAG,gBAAgB;QAE5B,OAAO;YACL,IAAI,EAAE,EAAE,MAAM,EAAE,sBAAsB,EAAE,EAAE;YAC1C,IAAI,EAAE,EAAE,SAAS,EAAE;SACpB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CACf,KAAyB,EACzB,OAA6B;QAE7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC;YAChD,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1D,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5D,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAClD,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE;YACrD,IAAI,EAAE,MAAM,CAAC,IAAI;SAClB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,KAAiC,EACjC,QAAgB,EAChB,OAA6B;QAE7B,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC9D,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,QAAQ,GAAG,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAClD,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,QAAQ,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBACnC,MAAM,IAAI,YAAY,CACpB,sBAAsB,EACtB,2DAA2D,EAC3D,GAAG,EACH,KAAK,CAAC,SAAS,IAAI,gBAAgB,CACpC,CAAC;gBACJ,CAAC;gBACD,OAAO;oBACL,IAAI,EAAE,QAAQ,CAAC,MAAM;oBACrB,IAAI,EAAE;wBACJ,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,gBAAgB;wBAC9C,gBAAgB,EAAE,IAAI;wBACtB,GAAG,CAAC,KAAK,CAAC,cAAc;4BACtB,CAAC,CAAC,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE;4BAC1C,CAAC,CAAC,EAAE,CAAC;qBACR;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC;YAClD,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,KAAK,EAAE,WAAW,CAAC,OAAO,CAAC;YAC3B,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3D,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,SAAS,EAAE,CAAC;YACd,iBAAiB,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;QACzD,CAAC;QACD,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE;gBACJ,GAAG,OAAO,CAAC,IAAI;gBACf,GAAG,CAAC,KAAK,CAAC,cAAc;oBACtB,CAAC,CAAC,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE;oBAC1C,CAAC,CAAC,EAAE,CAAC;aACR;SACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,SAAS,CACb,KAA2B,EAC3B,OAA6B;QAE7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC;YAC9C,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3D,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;YAC/C,IAAI,EAAE,MAAM,CAAC,IAAI;SAClB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,KAAgD,EAChD,OAA6B;QAE7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC;YACjD,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1D,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5D,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAClD,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE;YACxD,IAAI,EAAE,MAAM,CAAC,IAAI;SAClB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,KAAkC,EAClC,OAA6B;QAE7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC;YAClD,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,KAAK,EAAE,WAAW,CAAC,OAAO,CAAC;YAC3B,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1D,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAClD,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC;YAC7B,IAAI,EAAE,MAAM,CAAC,IAAI;SAClB,CAAC;IACJ,CAAC;CACF;AAED,SAAS,YAAY,CACnB,cAAkC,EAClC,OAA6B;IAE7B,OAAO,cAAc,EAAE,IAAI,EAAE;QAC3B,CAAC,CAAC,UAAU,OAAO,CAAC,YAAY,IAAI,cAAc,CAAC,IAAI,EAAE,EAAE;QAC3D,CAAC,CAAC,SAAS,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAAC,OAA6B;IAChD,OAAO;QACL,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE;QAC7B,WAAW,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW;QAC1C,MAAM,EAAE,KAAK;QACb,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;KACnC,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,MAKlB;IACC,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;KAC5B,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,OAKnB;IACC,OAAO;QACL,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,IAAI,EAAE,iBAAiB,CAAC,OAAO,CAAC;QAChC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,IAAI;QAC1B,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,YAAY;QACzE,SAAS,EAAE,OAAO,CAAC,SAAS;KAC7B,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,OAI1B;IACC,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,KAAK,OAAO;QAAE,OAAO,MAAM,CAAC;IACnD,IACE,OAAO,CAAC,KAAK,EAAE,IAAI,KAAK,cAAc;QACtC,OAAO,CAAC,KAAK,EAAE,IAAI,KAAK,UAAU;QAClC,OAAO,CAAC,KAAK,EAAE,IAAI,KAAK,gBAAgB,EACxC,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,OAAO,CAAC,MAAM,KAAK,gBAAgB,EAAE,CAAC;QACzE,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/workflow-services.js

@@ -1476,6 +1476,11 @@ export async function getUsageReport(taskId, root = process.cwd()) {
         totals: aggregateUsage("total", records),
         byRole: aggregateUsageBy(records, (record) => record.role),
         byProvider: aggregateUsageBy(records, (record) => record.provider),
+        byTenant: aggregateUsageBy(records, (record) => record.tenantId ?? "local"),
+        byWorkspace: aggregateUsageBy(records, (record) => record.workspaceId ?? "local"),
+        byActor: aggregateUsageBy(records, (record) => record.actor ?? record.role),
+        byInitiator: aggregateUsageBy(records, (record) => record.initiatedBy ?? "unknown"),
+        byPhase: aggregateUsageBy(records, (record) => record.phase ?? "unknown"),
     };
 }
 export async function checkUsageBudget(taskId, root = process.cwd()) {