@kbediako/codex-orchestrator 0.1.38 → 0.2.1

package/dist/orchestrator/src/cli/control/controlActionPreflight.js

@@ -0,0 +1,476 @@
+import { isoTimestamp } from '../utils/time.js';
+const TRANSPORT_MUTATING_ACTIONS = new Set(['pause', 'resume', 'cancel']);
+const TRANSPORT_IDENTITY_PATTERN = /^[A-Za-z0-9._:@-]{1,128}$/;
+const TRANSPORT_SOURCE_PATTERN = /^[A-Za-z0-9._:-]{1,64}$/;
+const TRANSPORT_PRINCIPAL_PATTERN = /^[A-Za-z0-9._:@/=-]{1,256}$/;
+const TRANSPORT_NONCE_PATTERN = /^[A-Za-z0-9._~:/+=-]{8,256}$/;
+const TRANSPORT_METADATA_KEYS = [
+    'actor_id',
+    'actorId',
+    'actor_source',
+    'actorSource',
+    'transport_principal',
+    'transportPrincipal',
+    'principal',
+    'transport_nonce',
+    'transportNonce',
+    'transport_nonce_expires_at',
+    'transportNonceExpiresAt',
+    'nonce',
+    'nonce_expires_at',
+    'nonceExpiresAt'
+];
+const DEFAULT_TRANSPORT_IDEMPOTENCY_WINDOW_MS = 10 * 60 * 1000;
+const DEFAULT_TRANSPORT_NONCE_MAX_TTL_MS = 10 * 60 * 1000;
+const MAX_TRANSPORT_POLICY_WINDOW_MS = 24 * 60 * 60 * 1000;
+export function normalizeControlActionRequest(input) {
+    const action = readStringValue(input.body, 'action');
+    if (!isControlAction(action)) {
+        return { ok: false, status: 400, error: 'invalid_action' };
+    }
+    if (input.authKind === 'session' && action !== 'pause' && action !== 'resume') {
+        return { ok: false, status: 403, error: 'ui_action_disallowed' };
+    }
+    if (input.authKind === 'session' && hasCoordinatorMetadata(input.body)) {
+        return { ok: false, status: 403, error: 'ui_control_metadata_disallowed' };
+    }
+    const requestId = readStringValue(input.body, 'request_id', 'requestId') ?? null;
+    const intentId = readStringValue(input.body, 'intent_id', 'intentId') ?? null;
+    const requestedBy = readStringValue(input.body, 'requested_by', 'requestedBy') ?? 'ui';
+    const reason = readStringValue(input.body, 'reason');
+    const confirmNonce = action === 'cancel' ? readStringValue(input.body, 'confirm_nonce', 'confirmNonce') : undefined;
+    const deferTransportResolutionToConfirmation = action === 'cancel' && Boolean(confirmNonce) && !hasAnyOwnProperty(input.body, ['transport']);
+    const transportMutationResult = deferTransportResolutionToConfirmation
+        ? { request: null }
+        : resolveTransportMutationRequest(input.body, action);
+    if (transportMutationResult.error) {
+        return {
+            ok: false,
+            status: transportMutationResult.status ?? 400,
+            error: transportMutationResult.error,
+            traceability: buildCanonicalTraceability({
+                action,
+                decision: 'rejected',
+                requestId,
+                intentId,
+                taskId: input.taskId,
+                runId: input.snapshot.run_id,
+                manifestPath: input.manifestPath,
+                transport: transportMutationResult.partial?.transport ?? null,
+                actorId: transportMutationResult.partial?.actorId ?? null,
+                actorSource: transportMutationResult.partial?.actorSource ?? null,
+                principal: transportMutationResult.partial?.principal ?? null
+            })
+        };
+    }
+    return {
+        ok: true,
+        value: {
+            action,
+            requestId,
+            intentId,
+            requestedBy,
+            reason,
+            confirmNonce,
+            deferTransportResolutionToConfirmation,
+            transportMutation: transportMutationResult.request
+        }
+    };
+}
+export function validateTransportMutationPreflight(input) {
+    if (!input.transportMutation) {
+        return { ok: true, idempotencyWindowMs: null };
+    }
+    const transportPolicy = resolveTransportMutatingPolicy(input.snapshot.feature_toggles);
+    const traceability = buildCanonicalTraceability({
+        action: input.action,
+        decision: 'rejected',
+        requestId: input.requestId,
+        intentId: input.intentId,
+        taskId: input.taskId,
+        runId: input.snapshot.run_id,
+        manifestPath: input.manifestPath,
+        transport: input.transportMutation.transport,
+        actorId: input.transportMutation.actorId,
+        actorSource: input.transportMutation.actorSource,
+        principal: input.transportMutation.principal
+    });
+    if (!transportPolicy.enabled) {
+        return {
+            ok: false,
+            status: 403,
+            error: 'transport_mutating_controls_disabled',
+            traceability
+        };
+    }
+    if (transportPolicy.allowedTransports &&
+        !transportPolicy.allowedTransports.has(input.transportMutation.transport)) {
+        return {
+            ok: false,
+            status: 403,
+            error: 'transport_mutating_transport_not_allowed',
+            traceability
+        };
+    }
+    if (!input.requestId && !input.intentId) {
+        return {
+            ok: false,
+            status: 400,
+            error: 'transport_idempotency_key_missing',
+            traceability
+        };
+    }
+    const nowMs = Date.now();
+    if (input.transportMutation.nonceExpiresAtMs <= nowMs) {
+        return {
+            ok: false,
+            status: 409,
+            error: 'transport_nonce_expired',
+            traceability
+        };
+    }
+    if (input.transportMutation.nonceExpiresAtMs - nowMs > transportPolicy.nonceMaxTtlMs) {
+        return {
+            ok: false,
+            status: 400,
+            error: 'transport_nonce_expiry_out_of_range',
+            traceability
+        };
+    }
+    if (input.isTransportNonceConsumed(input.transportMutation.nonce)) {
+        return {
+            ok: false,
+            status: 409,
+            error: 'transport_nonce_replayed',
+            traceability
+        };
+    }
+    return {
+        ok: true,
+        idempotencyWindowMs: transportPolicy.idempotencyWindowMs
+    };
+}
+export function resolveTransportMutationRequestFromConfirmationScope(input) {
+    const hasBodyTransportField = hasAnyOwnProperty(input.body, ['transport']);
+    const hasBodyTransportMetadata = hasAnyOwnProperty(input.body, TRANSPORT_METADATA_KEYS);
+    const hasConfirmedTransportField = hasAnyOwnProperty(input.params, ['transport']);
+    const hasConfirmedTransportMetadata = hasAnyOwnProperty(input.params, TRANSPORT_METADATA_KEYS);
+    const confirmedTransportRaw = readStringValue(input.params, 'transport');
+    const confirmedTransport = parseTransport(confirmedTransportRaw);
+    if (!confirmedTransport) {
+        if (hasConfirmedTransportField ||
+            hasConfirmedTransportMetadata ||
+            hasBodyTransportField ||
+            hasBodyTransportMetadata) {
+            return {
+                request: null,
+                status: 409,
+                error: 'confirmation_scope_mismatch',
+                partial: { transport: null }
+            };
+        }
+        return { request: null };
+    }
+    const confirmedActorId = readStringValue(input.params, 'actor_id', 'actorId');
+    const confirmedActorSource = readStringValue(input.params, 'actor_source', 'actorSource');
+    const confirmedPrincipal = readStringValue(input.params, 'transport_principal', 'transportPrincipal', 'principal');
+    const topLevelTransport = readStringValue(input.body, 'transport');
+    const topLevelActorId = readStringValue(input.body, 'actor_id', 'actorId');
+    const topLevelActorSource = readStringValue(input.body, 'actor_source', 'actorSource');
+    const topLevelPrincipal = readStringValue(input.body, 'transport_principal', 'transportPrincipal', 'principal');
+    const hasTopLevelActorId = hasAnyOwnProperty(input.body, ['actor_id', 'actorId']);
+    const hasTopLevelActorSource = hasAnyOwnProperty(input.body, ['actor_source', 'actorSource']);
+    const hasTopLevelPrincipal = hasAnyOwnProperty(input.body, [
+        'transport_principal',
+        'transportPrincipal',
+        'principal'
+    ]);
+    if ((hasBodyTransportField && topLevelTransport !== confirmedTransport) ||
+        (hasTopLevelActorId && topLevelActorId !== confirmedActorId) ||
+        (hasTopLevelActorSource && topLevelActorSource !== confirmedActorSource) ||
+        (hasTopLevelPrincipal && topLevelPrincipal !== confirmedPrincipal)) {
+        return {
+            request: null,
+            status: 409,
+            error: 'confirmation_scope_mismatch',
+            partial: {
+                transport: confirmedTransport,
+                actorId: confirmedActorId ?? null,
+                actorSource: confirmedActorSource ?? null,
+                principal: confirmedPrincipal ?? null
+            }
+        };
+    }
+    return resolveTransportMutationRequest({
+        ...input.body,
+        transport: confirmedTransport,
+        actor_id: confirmedActorId,
+        actor_source: confirmedActorSource,
+        transport_principal: confirmedPrincipal
+    }, input.action);
+}
+export function resolveTransportMutationRequest(body, action) {
+    const mutatingAction = TRANSPORT_MUTATING_ACTIONS.has(action);
+    const hasTransportField = Object.prototype.hasOwnProperty.call(body, 'transport');
+    const hasTransportMetadata = TRANSPORT_METADATA_KEYS.some((key) => Object.prototype.hasOwnProperty.call(body, key));
+    if (mutatingAction && hasTransportMetadata && !hasTransportField) {
+        return { request: null, status: 400, error: 'transport_invalid', partial: { transport: null } };
+    }
+    const rawTransport = body.transport;
+    const normalizedTransport = typeof rawTransport === 'string' ? rawTransport.trim() : undefined;
+    if (hasTransportField && mutatingAction && !normalizedTransport) {
+        return { request: null, status: 400, error: 'transport_invalid', partial: { transport: null } };
+    }
+    const transport = parseTransport(normalizedTransport);
+    if (normalizedTransport && !transport) {
+        return { request: null, status: 400, error: 'transport_unsupported', partial: { transport: null } };
+    }
+    if (!transport || !mutatingAction) {
+        return { request: null };
+    }
+    const actorId = readStringValue(body, 'actor_id', 'actorId');
+    if (!actorId) {
+        return { request: null, status: 400, error: 'transport_actor_id_missing', partial: { transport } };
+    }
+    if (!TRANSPORT_IDENTITY_PATTERN.test(actorId)) {
+        return {
+            request: null,
+            status: 400,
+            error: 'transport_actor_id_invalid',
+            partial: { transport, actorId }
+        };
+    }
+    const actorSource = readStringValue(body, 'actor_source', 'actorSource');
+    if (!actorSource) {
+        return {
+            request: null,
+            status: 400,
+            error: 'transport_actor_source_missing',
+            partial: { transport, actorId }
+        };
+    }
+    if (!TRANSPORT_SOURCE_PATTERN.test(actorSource)) {
+        return {
+            request: null,
+            status: 400,
+            error: 'transport_actor_source_invalid',
+            partial: { transport, actorId, actorSource }
+        };
+    }
+    if (!actorSource.toLowerCase().startsWith(transport)) {
+        return {
+            request: null,
+            status: 400,
+            error: 'transport_actor_source_mismatch',
+            partial: { transport, actorId, actorSource }
+        };
+    }
+    const principal = readStringValue(body, 'transport_principal', 'transportPrincipal', 'principal');
+    if (!principal) {
+        return {
+            request: null,
+            status: 400,
+            error: 'transport_principal_missing',
+            partial: { transport, actorId, actorSource }
+        };
+    }
+    if (!TRANSPORT_PRINCIPAL_PATTERN.test(principal)) {
+        return {
+            request: null,
+            status: 400,
+            error: 'transport_principal_invalid',
+            partial: { transport, actorId, actorSource, principal }
+        };
+    }
+    const nonce = readStringValue(body, 'transport_nonce', 'transportNonce', 'nonce');
+    if (!nonce) {
+        return {
+            request: null,
+            status: 400,
+            error: 'transport_nonce_missing',
+            partial: { transport, actorId, actorSource, principal }
+        };
+    }
+    if (!TRANSPORT_NONCE_PATTERN.test(nonce)) {
+        return {
+            request: null,
+            status: 400,
+            error: 'transport_nonce_invalid',
+            partial: { transport, actorId, actorSource, principal }
+        };
+    }
+    const rawExpiry = readStringValue(body, 'transport_nonce_expires_at', 'transportNonceExpiresAt', 'nonce_expires_at', 'nonceExpiresAt');
+    if (!rawExpiry) {
+        return {
+            request: null,
+            status: 400,
+            error: 'transport_nonce_expiry_missing',
+            partial: { transport, actorId, actorSource, principal }
+        };
+    }
+    const nonceExpiresAtMs = Date.parse(rawExpiry);
+    if (!Number.isFinite(nonceExpiresAtMs)) {
+        return {
+            request: null,
+            status: 400,
+            error: 'transport_nonce_expiry_invalid',
+            partial: { transport, actorId, actorSource, principal }
+        };
+    }
+    return {
+        request: {
+            transport,
+            actorId,
+            actorSource,
+            principal,
+            nonce,
+            nonceExpiresAt: new Date(nonceExpiresAtMs).toISOString(),
+            nonceExpiresAtMs
+        }
+    };
+}
+export function buildCanonicalTraceability(input) {
+    const timestamp = input.timestamp ?? isoTimestamp();
+    return {
+        actor_id: input.actorId,
+        actor_source: input.actorSource,
+        transport: input.transport,
+        transport_principal: input.principal,
+        intent_id: input.intentId,
+        request_id: input.requestId,
+        task_id: input.taskId,
+        run_id: input.runId,
+        manifest_path: input.manifestPath,
+        action: input.action,
+        decision: input.decision,
+        timestamp
+    };
+}
+function isControlAction(action) {
+    return action === 'pause' || action === 'resume' || action === 'cancel' || action === 'fail';
+}
+function parseTransport(value) {
+    if (!value) {
+        return null;
+    }
+    if (value === 'discord' || value === 'telegram') {
+        return value;
+    }
+    return null;
+}
+function resolveTransportMutatingPolicy(featureToggles) {
+    const toggles = featureToggles ?? {};
+    const direct = readRecordValue(toggles, 'transport_mutating_controls');
+    const coordinator = readRecordValue(toggles, 'coordinator');
+    const nested = coordinator ? readRecordValue(coordinator, 'transport_mutating_controls') : undefined;
+    const policy = nested ?? direct ?? {};
+    const allowedTransportValues = readStringArrayValue(policy, 'allowed_transports', 'allowedTransports');
+    return {
+        enabled: readBooleanValue(policy, 'enabled') ?? false,
+        idempotencyWindowMs: clampPolicyWindow(readNumberValue(policy, 'idempotency_window_ms', 'idempotencyWindowMs'), DEFAULT_TRANSPORT_IDEMPOTENCY_WINDOW_MS),
+        nonceMaxTtlMs: clampPolicyWindow(readNumberValue(policy, 'nonce_max_ttl_ms', 'nonceMaxTtlMs'), DEFAULT_TRANSPORT_NONCE_MAX_TTL_MS),
+        allowedTransports: resolveAllowedTransportPolicy(allowedTransportValues)
+    };
+}
+function resolveAllowedTransportPolicy(values) {
+    if (!values) {
+        return null;
+    }
+    const allowed = new Set();
+    for (const value of values) {
+        const transport = parseTransport(value);
+        if (transport) {
+            allowed.add(transport);
+        }
+    }
+    return allowed;
+}
+function clampPolicyWindow(value, fallback) {
+    if (typeof value !== 'number' || !Number.isFinite(value)) {
+        return fallback;
+    }
+    return Math.min(Math.max(Math.floor(value), 1), MAX_TRANSPORT_POLICY_WINDOW_MS);
+}
+function hasCoordinatorMetadata(body) {
+    const disallowedKeys = [
+        'intent_id',
+        'intentId',
+        'request_id',
+        'requestId',
+        'task_id',
+        'taskId',
+        'run_id',
+        'runId',
+        'manifest_path',
+        'manifestPath'
+    ];
+    return disallowedKeys.some((key) => Object.prototype.hasOwnProperty.call(body, key));
+}
+function readStringValue(record, ...keys) {
+    for (const key of keys) {
+        const value = record[key];
+        if (typeof value === 'string' && value.trim().length > 0) {
+            return value.trim();
+        }
+    }
+    return undefined;
+}
+function hasAnyOwnProperty(record, keys) {
+    for (const key of keys) {
+        if (Object.prototype.hasOwnProperty.call(record, key)) {
+            return true;
+        }
+    }
+    return false;
+}
+function readNumberValue(record, ...keys) {
+    for (const key of keys) {
+        const value = record[key];
+        if (typeof value === 'number' && Number.isFinite(value)) {
+            return value;
+        }
+        if (typeof value === 'string' && value.trim().length > 0) {
+            const parsed = Number(value);
+            if (Number.isFinite(parsed)) {
+                return parsed;
+            }
+        }
+    }
+    return undefined;
+}
+function readBooleanValue(record, ...keys) {
+    for (const key of keys) {
+        const value = record[key];
+        if (typeof value === 'boolean') {
+            return value;
+        }
+    }
+    return undefined;
+}
+function readRecordValue(record, key) {
+    const value = record[key];
+    if (value && typeof value === 'object' && !Array.isArray(value)) {
+        return value;
+    }
+    return undefined;
+}
+function readStringArrayValue(record, ...keys) {
+    for (const key of keys) {
+        const value = record[key];
+        if (!Array.isArray(value)) {
+            continue;
+        }
+        const parsed = [];
+        for (const item of value) {
+            if (typeof item !== 'string') {
+                continue;
+            }
+            const trimmed = item.trim();
+            if (trimmed.length > 0) {
+                parsed.push(trimmed);
+            }
+        }
+        return parsed;
+    }
+    return undefined;
+}

package/dist/orchestrator/src/cli/control/controlAuthenticatedRouteHandoff.js

@@ -0,0 +1,57 @@
+import { basename, dirname } from 'node:path';
+import { createControlQuestionChildResolutionAdapter } from './controlQuestionChildResolution.js';
+import { emitControlActionAuditEvent, emitDispatchPilotAuditEvents, writeControlError } from './controlServerAuditAndErrorHelpers.js';
+import { runProviderIssueHandoffRefresh } from './controlServerPublicLifecycle.js';
+import { readJsonBody } from './controlServerRequestBodyHelpers.js';
+export function createControlAuthenticatedRouteContext(input) {
+    const questionChildResolutionAdapter = createControlQuestionChildResolutionAdapter(input.context);
+    return {
+        pathname: input.pathname,
+        method: input.req.method,
+        authKind: input.authKind,
+        req: input.req,
+        res: input.res,
+        clients: input.context.clients,
+        presenterContext: input.presenterContext,
+        confirmAutoPause: input.context.config.confirm.autoPause,
+        taskId: resolveTaskIdFromManifestPath(input.context.paths.manifestPath),
+        manifestPath: input.context.paths.manifestPath,
+        controlStore: input.context.controlStore,
+        confirmationStore: input.context.confirmationStore,
+        questionQueue: input.context.questionQueue,
+        delegationTokens: input.context.delegationTokens,
+        persist: input.context.persist,
+        runtime: input.context.runtime,
+        refreshProviderIssues: () => input.context.providerIssueHandoff
+            ? runProviderIssueHandoffRefresh(input.context.providerIssueHandoff, {
+                queueIfBusy: true,
+                acknowledgeAccepted: true,
+                allowIdleRestartRequiredRetry: true
+            })
+            : Promise.resolve(null),
+        readRequestBody: () => readJsonBody(input.req),
+        readDispatchEvaluation: () => input.runtimeSnapshot.readDispatchEvaluation(),
+        onDispatchEvaluated: (record) => emitDispatchPilotAuditEvents(input.context, record),
+        emitControlEvent: (eventInput) => input.context.eventTransport.emitControlEvent(eventInput),
+        emitControlActionAuditEvent: (auditInput) => emitControlActionAuditEvent(input.context, auditInput),
+        writeControlError: (status, error, traceability) => writeControlError(input.res, status, error, traceability),
+        expireConfirmations: () => input.context.expiryLifecycle?.expireConfirmations() ?? Promise.resolve(),
+        expireQuestions: () => input.context.expiryLifecycle?.expireQuestions(questionChildResolutionAdapter) ?? Promise.resolve(),
+        queueQuestionResolutions: (records) => questionChildResolutionAdapter.queueQuestionResolutions(records),
+        readDelegationHeaders: () => questionChildResolutionAdapter.readDelegationHeaders(input.req),
+        validateDelegation: (delegationAuth) => questionChildResolutionAdapter.validateDelegation(delegationAuth),
+        resolveManifestPath: (rawPath) => questionChildResolutionAdapter.resolveManifestPath(rawPath),
+        readManifest: (path) => questionChildResolutionAdapter.readManifest(path),
+        resolveChildQuestion: (record, outcome) => questionChildResolutionAdapter.resolveChildQuestion(record, outcome)
+    };
+}
+function resolveTaskIdFromManifestPath(manifestPath) {
+    const runDir = dirname(manifestPath);
+    const cliDir = dirname(runDir);
+    if (basename(cliDir) !== 'cli') {
+        return null;
+    }
+    const taskDir = dirname(cliDir);
+    const taskId = basename(taskDir);
+    return taskId || null;
+}

package/dist/orchestrator/src/cli/control/controlBootstrapAssembly.js

@@ -0,0 +1,39 @@
+import { createControlExpiryLifecycle } from './controlExpiryLifecycle.js';
+import { buildControlInternalContext } from './controlRequestContext.js';
+import { createControlQuestionChildResolutionAdapter } from './controlQuestionChildResolution.js';
+import { createControlTelegramBridgeBootstrapLifecycle } from './controlTelegramBridgeBootstrapLifecycle.js';
+export function createControlBootstrapAssembly(options) {
+    let expiryLifecycle = null;
+    const assembledExpiryLifecycle = createControlExpiryLifecycle({
+        intervalMs: options.intervalMs,
+        confirmationStore: options.requestContextShared.confirmationStore,
+        questionQueue: options.requestContextShared.questionQueue,
+        persist: {
+            confirmations: options.requestContextShared.persist.confirmations,
+            questions: options.requestContextShared.persist.questions
+        },
+        runtime: options.requestContextShared.runtime,
+        emitControlEvent: (input) => options.requestContextShared.eventTransport.emitControlEvent(input),
+        createQuestionChildResolutionAdapter: () => createControlQuestionChildResolutionAdapter(buildControlInternalContext({
+            ...options.requestContextShared,
+            expiryLifecycle
+        }))
+    });
+    expiryLifecycle = assembledExpiryLifecycle;
+    const bootstrapLifecycle = createControlTelegramBridgeBootstrapLifecycle({
+        paths: {
+            runDir: options.requestContextShared.paths.runDir,
+            controlAuthPath: options.requestContextShared.paths.controlAuthPath,
+            controlEndpointPath: options.requestContextShared.paths.controlEndpointPath
+        },
+        persistControl: options.requestContextShared.persist.control,
+        startExpiryLifecycle: () => expiryLifecycle?.start(),
+        requestContextShared: options.requestContextShared,
+        getExpiryLifecycle: () => expiryLifecycle,
+        emitDispatchPilotAuditEvents: options.emitDispatchPilotAuditEvents
+    });
+    return {
+        expiryLifecycle: assembledExpiryLifecycle,
+        bootstrapLifecycle
+    };
+}

package/dist/orchestrator/src/cli/control/controlBootstrapMetadataPersistence.js

@@ -0,0 +1,16 @@
+import { chmod } from 'node:fs/promises';
+import { writeJsonAtomic } from '../utils/fs.js';
+import { isoTimestamp } from '../utils/time.js';
+export async function persistControlBootstrapMetadata(context, input) {
+    await writeJsonAtomic(context.paths.controlAuthPath, {
+        token: input.controlToken,
+        created_at: isoTimestamp()
+    });
+    await chmod(context.paths.controlAuthPath, 0o600).catch(() => undefined);
+    await writeJsonAtomic(context.paths.controlEndpointPath, {
+        base_url: input.baseUrl,
+        token_path: context.paths.controlAuthPath
+    });
+    await chmod(context.paths.controlEndpointPath, 0o600).catch(() => undefined);
+    await context.persistControl();
+}

package/dist/orchestrator/src/cli/control/controlEventTransport.js

@@ -0,0 +1,49 @@
+import { logger } from '../../logger.js';
+export function createControlEventTransport(options) {
+    return new ControlEventTransportRuntime(options);
+}
+class ControlEventTransportRuntime {
+    eventStream;
+    clients;
+    runtime;
+    constructor(options) {
+        this.eventStream = options.eventStream;
+        this.clients = options.clients;
+        this.runtime = options.runtime;
+    }
+    async emitControlEvent(input) {
+        if (!this.eventStream) {
+            return;
+        }
+        let entry;
+        try {
+            entry = await this.eventStream.append({
+                event: input.event,
+                actor: input.actor,
+                payload: input.payload
+            });
+        }
+        catch (error) {
+            logger.warn(`Failed to append control event ${input.event}: ${error?.message ?? error}`);
+            return;
+        }
+        this.writeToClients(entry);
+    }
+    broadcast(entry) {
+        this.writeToClients(entry);
+        this.runtime.publish({
+            eventSeq: entry.seq,
+            source: entry.event
+        });
+    }
+    writeToClients(entry) {
+        const payload = `data: ${JSON.stringify(entry)}\n\n`;
+        for (const client of this.clients) {
+            client.write(payload, (error) => {
+                if (error) {
+                    this.clients.delete(client);
+                }
+            });
+        }
+    }
+}