@keystrokehq/cli 0.0.1 → 0.0.3

package/dist/{credentials-OfVHOtG3.mjs → credentials-DHlK_O4L.mjs}

@@ -1,16 +1,20 @@
 #!/usr/bin/env node
 
 import { i as __toESM, n as __exportAll$1, r as __require, t as __commonJSMin$1 } from "./chunk-CH6r78ws.mjs";
-import { g as collectCredentialRequirementEntries } from "./schedule-BXx3uXwr.mjs";
-import "./_manifest-JSRE3H8k.mjs";
-import { i as Operation, p as CredentialSet, v as registerOfficialIntegrationOperation } from "./src-C0X6u_Mw.mjs";
-import { a as require_type, i as require_shams$1, n as require_hasown, t as require_get_intrinsic } from "./get-intrinsic-zLxwtrLK.mjs";
+import { n as RetryConfigSchema } from "./common-BrVAdUyD.mjs";
+import { d as schemaToJsonSchema, f as trimmedNonEmptyString, i as descriptionString, m as validateConfig, n as createStructuralSchema, o as jsonSchemaObject, t as anyZodSchemaSchema } from "./schema-kbMHVnhm.mjs";
+import { _ as CREDENTIAL_VISIBILITIES, f as collectCredentialRequirementEntries, g as CREDENTIAL_KINDS, h as credentialSetConfigSchema, m as CredentialSetManifestSchema } from "./credential-requirements-DjDFthio.mjs";
+import { r as toDeclaredCredentialRequirements } from "./declared-credential-requirements-Bwlb-KZE.mjs";
+import { i as parseDurationToMs, t as DurationSchema } from "./schedule-BRN4hzQM.mjs";
+import { _ as registerOfficialIntegrationOperation, d as getRegisteredOperationContext, g as getOfficialIntegrationMetadata, i as getRegisteredHostedActionDispatcher, l as resolveRegisteredOperationCredentials, m as getRegisteredRuntime, r as getHostedActionExecutionPolicy } from "./hosted-action-dispatcher-registry-TOVzMhUR.mjs";
+import { a as require_type, i as require_shams$1, n as require_hasown, t as require_get_intrinsic } from "./get-intrinsic-ZMBBjBEr.mjs";
 import { readFile } from "node:fs/promises";
 import { ZodType, z } from "zod";
 import { createHmac, timingSafeEqual } from "node:crypto";
 import { EventEmitter } from "events";
 import util from "util";
 import stream, { Readable } from "stream";
+import { AsyncLocalStorage } from "node:async_hooks";
 import https from "https";
 import process$1 from "process";
 import crypto$1 from "crypto";
@@ -20,7 +24,812 @@ import url from "url";
 import zlib from "zlib";
 import { ZodFirstPartyTypeKind } from "zod/v3";
 import http2 from "http2";
-//#region ../../packages/workflow-core/src/errors/credential-revoked-error.ts
+//#region ../../packages/core/src/internal/runtime-call-interceptor.ts
+const ASYNC_STORAGE_KEY = "__ks_runtime_call_interceptor_async_storage";
+const STACK_KEY = "__ks_runtime_call_interceptor_stack";
+function getAsyncStorage() {
+	const g = globalThis;
+	if (ASYNC_STORAGE_KEY in g) return g[ASYNC_STORAGE_KEY];
+	const AsyncLocalStorage = g.process?.getBuiltinModule?.("async_hooks")?.AsyncLocalStorage;
+	const storage = AsyncLocalStorage ? new AsyncLocalStorage() : void 0;
+	g[ASYNC_STORAGE_KEY] = storage;
+	return storage;
+}
+function getStack() {
+	const g = globalThis;
+	if (!g[STACK_KEY]) g[STACK_KEY] = [];
+	return g[STACK_KEY];
+}
+function getActiveRuntimeCallInterceptor() {
+	const asyncStorage = getAsyncStorage();
+	if (asyncStorage) return asyncStorage.getStore()?.at(-1);
+	const stack = getStack();
+	return stack.length > 0 ? stack[stack.length - 1] : void 0;
+}
+//#endregion
+//#region ../../packages/core/src/shared/primitive.ts
+/**
+* Base class for all Keystroke primitives. The `kind` discriminator lets
+* downstream code narrow primitive unions (e.g. `AnyAgentToolEntry =
+* AnyOperation | AnyWorkflow`) without resorting to structural `'x' in tool`
+* checks. Each subclass declares a literal `kind` matching its identity.
+*/
+var Primitive = class {};
+//#endregion
+//#region ../../packages/core/src/credential-set/zod-shape.ts
+/**
+* Shape-reflection helpers for `CredentialSet` schemas.
+*
+* Shared between the `CredentialSet` constructor (which memoizes the key
+* lists onto the instance) and the construction-time identity registry
+* (which hashes the same shape into a fingerprint). Kept in its own
+* module to avoid an import cycle between `CredentialSet.ts` and
+* `registry.ts`.
+*/
+/**
+* Inspect a `z.ZodObject` once and return its sorted property keys plus the
+* subset wrapped in `.optional()` / `.default()`.
+*
+* Tolerates both the Zod v3 `.shape` getter and the Zod v4 `_def.shape`
+* thunk so the helper stays stable across schema versions.
+*/
+function readZodObjectKeyMetadata(schema) {
+	const resolvedShape = resolveZodObjectShape(schema);
+	if (resolvedShape === null || typeof resolvedShape !== "object") return {
+		all: [],
+		optional: []
+	};
+	const entries = Object.entries(resolvedShape);
+	return {
+		all: entries.map(([key]) => key).sort(),
+		optional: entries.filter(([, field]) => field instanceof z.ZodOptional || field instanceof z.ZodDefault).map(([key]) => key).sort()
+	};
+}
+/**
+* Resolve the raw shape record of a `z.ZodObject` tolerating v3 and v4
+* internal layouts. Returns `null` when the object cannot be reflected.
+*/
+function resolveZodObjectShape(schema) {
+	const internals = schema;
+	const rawShape = internals._def?.shape ?? internals.shape;
+	const resolved = typeof rawShape === "function" ? rawShape() : rawShape;
+	if (resolved === null || typeof resolved !== "object") return null;
+	return resolved;
+}
+//#endregion
+//#region ../../packages/core/src/credential-set/registry.ts
+/**
+* The backing map is keyed on `globalThis` under a well-known
+* `Symbol.for(...)` so (a) multiple bundles/subpaths of this package share
+* a single registry instance at runtime and (b) host-side test harnesses
+* that cannot take a direct dependency on `@keystrokehq/core`
+* (e.g. `@keystroke/test-utils`, which would otherwise form a cycle
+* through `@keystroke/local-memory`) can still drive the reset hook by
+* clearing the same `Map` via the exported {@link CREDENTIAL_SET_REGISTRY_SYMBOL}.
+*/
+const CREDENTIAL_SET_REGISTRY_SYMBOL = Symbol.for("@keystrokehq/core/credential-set-registry");
+function getRegistry$1() {
+	const globalWithRegistry = globalThis;
+	const existing = globalWithRegistry[CREDENTIAL_SET_REGISTRY_SYMBOL];
+	if (existing) return existing;
+	const fresh = /* @__PURE__ */ new Map();
+	globalWithRegistry[CREDENTIAL_SET_REGISTRY_SYMBOL] = fresh;
+	return fresh;
+}
+/**
+* Thrown when two `CredentialSet` instances share the same
+* `resolvedCredentialSetId` but declare different shapes.
+*
+* @example
+* ```ts
+* new CredentialSet({ id: 'stripe', auth: z.object({ STRIPE_SECRET_KEY: z.string() }) });
+* // later, in a maintenance script:
+* new CredentialSet({ id: 'stripe', auth: z.object({ STRIPE_API_KEY: z.string() }) });
+* // -> throws DuplicateCredentialSetDefinitionError
+* ```
+*/
+var DuplicateCredentialSetDefinitionError = class extends Error {
+	manifestId;
+	firstDeclaredAt;
+	secondDeclaredAt;
+	firstFingerprint;
+	secondFingerprint;
+	constructor(options) {
+		super([
+			`Two CredentialSet instances were declared with the same manifestId "${options.manifestId}",`,
+			`but they have different shapes:`,
+			`  first  (${options.firstDeclaredAt}): ${options.firstFingerprint}`,
+			`  second (${options.secondDeclaredAt}): ${options.secondFingerprint}`,
+			"",
+			"If you meant to share these credentials, import the same instance from a single module.",
+			"If you meant two distinct credential sets, give them different ids (or namespaces)."
+		].join("\n"));
+		this.name = "DuplicateCredentialSetDefinitionError";
+		this.manifestId = options.manifestId;
+		this.firstDeclaredAt = options.firstDeclaredAt;
+		this.secondDeclaredAt = options.secondDeclaredAt;
+		this.firstFingerprint = options.firstFingerprint;
+		this.secondFingerprint = options.secondFingerprint;
+	}
+};
+/**
+* Register a newly constructed credential set by its
+* `resolvedCredentialSetId`. Called once per `CredentialSet` constructor.
+*
+* @throws {DuplicateCredentialSetDefinitionError} when the id was
+* previously registered with a different schema fingerprint.
+*/
+function registerCredentialSet(params) {
+	const registry = getRegistry$1();
+	const existing = registry.get(params.manifestId);
+	if (existing && existing.fingerprint !== params.fingerprint) throw new DuplicateCredentialSetDefinitionError({
+		manifestId: params.manifestId,
+		firstDeclaredAt: existing.sourceHint,
+		secondDeclaredAt: params.sourceHint,
+		firstFingerprint: existing.fingerprint,
+		secondFingerprint: params.fingerprint
+	});
+	registry.set(params.manifestId, {
+		fingerprint: params.fingerprint,
+		sourceHint: params.sourceHint
+	});
+}
+/**
+* Produce a deterministic fingerprint of a `CredentialSet`'s auth (and
+* `stored`, when present) schema. The fingerprint is a stable string of
+* sorted `key:typeTag` pairs separated by `|`, with the stored shape
+* concatenated after a `#` delimiter when the credential set declares a
+* `stored` schema.
+*
+* Refinements (`.min(1)`, regex, etc.) are intentionally ignored — they
+* are not breaking changes for vault compatibility. Structural changes
+* (added keys, renamed keys, changed underlying Zod types, flipping
+* required ↔ optional) produce a different fingerprint.
+*
+* @see registerCredentialSet
+*/
+function fingerprintAuthShape(auth, stored) {
+	const authPart = shapeSignature(auth);
+	if (!stored) return authPart;
+	return `${authPart}#${shapeSignature(stored)}`;
+}
+function shapeSignature(schema) {
+	const resolvedShape = resolveZodObjectShape(schema);
+	if (!resolvedShape) return "";
+	return readZodObjectKeyMetadata(schema).all.map((key) => `${key}:${typeTag(resolvedShape[key])}`).sort().join("|");
+}
+function typeTag(zodType) {
+	if (zodType === null || zodType === void 0) return "Unknown";
+	const def = zodType._def;
+	return def?.typeName ?? def?.type ?? "Unknown";
+}
+/**
+* Best-effort source hint — a short file:line string recovered from a
+* lightweight stack trace at call time. Used only in the error message;
+* does not affect correctness of the registry comparison.
+*
+* @remarks
+* The hint format is `path/to/file.ts:line:col` when a repo frame can
+* be isolated, and `'unknown'` otherwise. Callers should treat the
+* value as opaque.
+*/
+function captureStackOrigin() {
+	const frame = ((/* @__PURE__ */ new Error()).stack?.split("\n") ?? []).slice(1).find((line) => (line.includes("/packages/") || line.includes("/apps/")) && !/\/credential-set\/registry\.[mc]?[jt]s/.test(line) && !/\/credential-set\/CredentialSet\.[mc]?[jt]s/.test(line));
+	if (!frame) return "unknown";
+	const parens = frame.match(/\(([^)]+)\)/);
+	if (parens?.[1]) return parens[1];
+	const bare = frame.match(/at\s+(.+)$/);
+	if (bare?.[1]) return bare[1];
+	return "unknown";
+}
+//#endregion
+//#region ../../packages/core/src/credential-set/CredentialSet.ts
+var CredentialSet = class extends Primitive {
+	kind = "credential-set";
+	id;
+	/** Optional namespace. Official Keystroke integrations use 'keystroke'. */
+	namespace;
+	/**
+	* Computed namespaced identifier used for storage and manifest-facing wiring.
+	*
+	* Use this value for DB storage, manifest entries, and explicit credential
+	* bindings. Do not use it as the runtime `ctx.credentials` key inside authored
+	* code.
+	*
+	* @remarks
+	* Runtime credential context is keyed by the raw `id`, not this field. That
+	* is why `ctx.credentials.slack` uses `slack` rather than `keystroke:slack`.
+	*/
+	resolvedCredentialSetId;
+	name;
+	description;
+	auth;
+	stored;
+	resolve;
+	/**
+	* Run-scoped cache TTL in milliseconds for the {@link resolve} output.
+	*
+	* Always a number; `0` means "no cache". Consumed by the credential
+	* runtime's `ResolveCache` when present.
+	*
+	* @see {@link CredentialSetConfig.resolveCacheMs}
+	*/
+	resolveCacheMs;
+	/**
+	* Platform-side `stored`→`auth` transform. Mutually exclusive with
+	* {@link resolve}. Runs on the trusted host via
+	* `@keystroke/credential-runtime`'s `executePlatformResolve` helper.
+	*
+	* @see {@link resolveLocation}
+	* @see {@link platformEnvAllowlist}
+	*/
+	resolveAtPlatform;
+	/**
+	* Resolved description of where the `stored`→`auth` transform runs.
+	*
+	* Computed at construction as `'platform'` when `resolveAtPlatform`
+	* is declared, `'sandbox'` when `resolve` is declared, `'none'`
+	* otherwise. The credential runtime's phase 3 branches on this value
+	* to pick the right execution location.
+	*
+	* @see {@link CredentialResolveLocation}
+	*/
+	resolveLocation;
+	/**
+	* Env-var names `resolveAtPlatform` may read through `ctx.env`.
+	* Frozen at construction. Empty when `resolveLocation !== 'platform'`.
+	*
+	* @see {@link PlatformResolveContext.env}
+	*/
+	platformEnvAllowlist;
+	needsResolve;
+	/** Required when namespace is 'keystroke'. Optional for user-authored credential sets. */
+	platformMetadata;
+	proxy;
+	needsRawSecret;
+	/**
+	* Policy when a step throws `CredentialRevokedError` against this credential set.
+	*
+	* @see {@link import('./types').CredentialSetConfig.onCredentialRevoked}
+	*/
+	onCredentialRevoked;
+	/**
+	* Describe the optional user-facing connect flow for this credential set.
+	*
+	* Set this when the credential should be uploaded through a manual form or an
+	* OAuth handshake. Omit it for platform-seeded or internal credentials that do
+	* not expose a user-facing connect flow.
+	*
+	* @see {@link CredentialSetConfig.connection}
+	*/
+	connection;
+	/** Sorted keys declared on the `auth` schema. Source of truth for what the
+	* built manifest advertises this credential set requires. Memoized at
+	* construction so neither the build pipeline nor the runtime needs to walk
+	* the Zod schema again. */
+	credentialKeys;
+	/** Subset of `credentialKeys` declared as `z.optional()` / `z.default()` on
+	* `auth`. Used by the build pipeline to record which vault keys may be
+	* absent without failing manifest declaration. */
+	optionalCredentialKeys;
+	/** Sorted keys declared on `stored` (or `auth` when no `stored` schema is
+	* provided). This is what the runtime credential resolver actually fetches
+	* from the vault, since `stored` represents the persisted shape. */
+	storedCredentialKeys;
+	/** Subset of `storedCredentialKeys` declared as `z.optional()` /
+	* `z.default()`. Tells the runtime resolver which vault keys are allowed to
+	* be missing. */
+	optionalStoredCredentialKeys;
+	#manifest;
+	constructor(config) {
+		super();
+		const validatedConfig = validateConfig(credentialSetConfigSchema, (() => {
+			if (config.platformMetadata !== void 0) return config;
+			if (config.namespace === "keystroke") return config;
+			if (config.connection !== void 0) return {
+				...config,
+				platformMetadata: {
+					kind: CREDENTIAL_KINDS["user-connection"],
+					visibility: CREDENTIAL_VISIBILITIES["user-visible"]
+				}
+			};
+			return config;
+		})());
+		const hasStored = validatedConfig.stored !== void 0;
+		const hasResolve = validatedConfig.resolve !== void 0;
+		const hasResolveAtPlatform = validatedConfig.resolveAtPlatform !== void 0;
+		if (hasResolve && hasResolveAtPlatform) throw new Error(`CredentialSet "${validatedConfig.id}": "resolve" and "resolveAtPlatform" are mutually exclusive.`);
+		if ((hasResolve || hasResolveAtPlatform) && !hasStored) throw new Error(`CredentialSet "${validatedConfig.id}": "resolve" / "resolveAtPlatform" require "stored".`);
+		if (hasStored && !hasResolve && !hasResolveAtPlatform) throw new Error(`CredentialSet "${validatedConfig.id}": "stored" requires either "resolve" or "resolveAtPlatform".`);
+		if (validatedConfig.platformEnvAllowlist !== void 0 && validatedConfig.platformEnvAllowlist.length > 0 && !hasResolveAtPlatform) throw new Error(`CredentialSet "${validatedConfig.id}": "platformEnvAllowlist" requires "resolveAtPlatform".`);
+		this.id = validatedConfig.id;
+		this.namespace = validatedConfig.namespace;
+		this.resolvedCredentialSetId = this.namespace ? `${this.namespace}:${this.id}` : this.id;
+		registerCredentialSet({
+			manifestId: this.resolvedCredentialSetId,
+			fingerprint: fingerprintAuthShape(validatedConfig.auth, validatedConfig.stored),
+			sourceHint: captureStackOrigin()
+		});
+		this.name = validatedConfig.name ?? validatedConfig.id;
+		this.description = validatedConfig.description;
+		this.auth = validatedConfig.auth;
+		this.stored = validatedConfig.stored;
+		this.resolve = validatedConfig.resolve;
+		this.resolveCacheMs = hasResolve && typeof validatedConfig.resolveCacheMs === "number" ? validatedConfig.resolveCacheMs : 0;
+		this.resolveAtPlatform = validatedConfig.resolveAtPlatform;
+		this.resolveLocation = hasResolve ? "sandbox" : hasResolveAtPlatform ? "platform" : "none";
+		this.platformEnvAllowlist = Object.freeze(validatedConfig.platformEnvAllowlist ? [...validatedConfig.platformEnvAllowlist] : []);
+		this.needsResolve = hasStored && (hasResolve || hasResolveAtPlatform);
+		this.platformMetadata = validatedConfig.platformMetadata;
+		this.proxy = validatedConfig.proxy;
+		this.needsRawSecret = validatedConfig.needsRawSecret;
+		this.onCredentialRevoked = validatedConfig.onCredentialRevoked;
+		this.connection = validatedConfig.connection;
+		if (this.onCredentialRevoked === "retry-once" && !this.resolve) warnRetryOnceWithoutResolve(this.resolvedCredentialSetId);
+		const authKeyMetadata = readZodObjectKeyMetadata(this.auth);
+		const storedKeyMetadata = this.stored ? readZodObjectKeyMetadata(this.stored) : authKeyMetadata;
+		this.credentialKeys = Object.freeze(authKeyMetadata.all);
+		this.optionalCredentialKeys = Object.freeze(authKeyMetadata.optional);
+		this.storedCredentialKeys = Object.freeze(storedKeyMetadata.all);
+		this.optionalStoredCredentialKeys = Object.freeze(storedKeyMetadata.optional);
+		if (this.connection?.kind === "oauth") {
+			assertDeclarativeVaultKeysAreKnown(validatedConfig.id, this.connection.vault, this.storedCredentialKeys);
+			assertOAuthClientSourceIsWellFormed(validatedConfig.id, this.connection);
+		}
+		this.#manifest = Object.freeze(CredentialSetManifestSchema.parse({
+			manifestVersion: 1,
+			type: "credentialSet",
+			id: this.id,
+			namespace: this.namespace,
+			resolvedCredentialSetId: this.resolvedCredentialSetId,
+			name: this.name,
+			auth: schemaToJsonSchema(this.auth),
+			...this.description ? { description: this.description } : {},
+			...this.stored ? { stored: schemaToJsonSchema(this.stored) } : {},
+			...this.needsResolve ? { needsResolve: true } : {},
+			...this.resolveCacheMs > 0 ? { resolveCacheMs: this.resolveCacheMs } : {},
+			...this.resolveLocation !== "none" ? { resolveLocation: this.resolveLocation } : {},
+			...this.platformEnvAllowlist.length > 0 ? { platformEnvAllowlist: [...this.platformEnvAllowlist] } : {},
+			...this.platformMetadata ? { platformMetadata: this.platformMetadata } : {},
+			...this.proxy ? { proxy: this.proxy } : {},
+			...this.needsRawSecret === true ? { needsRawSecret: true } : {},
+			...this.onCredentialRevoked ? { onCredentialRevoked: this.onCredentialRevoked } : {},
+			...this.connection ? { connection: serializeConnectionForManifest(this.connection) } : {}
+		}));
+		Object.freeze(this);
+	}
+	describe() {
+		return `CredentialSet "${this.name}" (${this.resolvedCredentialSetId})`;
+	}
+	toManifest() {
+		return this.#manifest;
+	}
+};
+/** Strip runtime hooks from the connection config before serializing to the
+* manifest. Hooks are functions and not manifest-safe; the manifest captures
+* only declarative metadata (kind, URLs, scopes, etc.).
+*
+* Declarative {@link Vault} mappings serialize as-is. Function-form vault
+* mappings cannot be serialized (they are runtime closures); the serialized
+* manifest records only the kind marker so the shape stays well-typed. */
+function serializeConnectionForManifest(connection) {
+	if (connection.kind === "manual") return {
+		kind: "manual",
+		...connection.instructions ? { instructions: connection.instructions } : {}
+	};
+	if (connection.kind === "oauth") return {
+		kind: "oauth",
+		authUrl: connection.authUrl,
+		tokenUrl: connection.tokenUrl,
+		scopes: connection.scopes,
+		tokenType: connection.tokenType,
+		vault: serializeVaultForManifest(connection.vault),
+		...connection.revokeUrl !== void 0 ? { revokeUrl: connection.revokeUrl } : {},
+		...connection.pkce === true ? { pkce: true } : {},
+		...typeof connection.defaultExpiresInSeconds === "number" ? { defaultExpiresInSeconds: connection.defaultExpiresInSeconds } : {},
+		...connection.oauthClientSource ? { oauthClientSource: serializeOAuthClientSourceForManifest(connection.oauthClientSource) } : {}
+	};
+	if (connection.kind === "credentials-exchange") return {
+		kind: "credentials-exchange",
+		input: schemaToJsonSchema(connection.input),
+		...connection.instructions ? { instructions: connection.instructions } : {}
+	};
+	throw new Error(`Unknown connection kind: ${JSON.stringify(connection)}`);
+}
+/** Project the live {@link OAuthClientSource} into its manifest-safe form.
+*  The workspace variant substitutes the object reference with the
+*  referenced credential set's `resolvedCredentialSetId` so the manifest
+*  carries a stable, persistable id instead of a closure-backed object. */
+function serializeOAuthClientSourceForManifest(source) {
+	if (source.kind === "keystroke-platform") return { kind: "keystroke-platform" };
+	return {
+		kind: "workspace-provider-app",
+		credentialSetId: source.credentialSet.resolvedCredentialSetId,
+		...source.keyMap ? { keyMap: source.keyMap } : {}
+	};
+}
+function serializeVaultForManifest(vault) {
+	if ("build" in vault) return {
+		kind: "function",
+		accessTokenKey: vault.accessTokenKey
+	};
+	return {
+		kind: "declarative",
+		accessToken: vault.accessToken,
+		...vault.instanceUrl !== void 0 ? { instanceUrl: vault.instanceUrl } : {},
+		...vault.raw !== void 0 ? { raw: { ...vault.raw } } : {}
+	};
+}
+/** Tracks credential-set ids that already emitted the `retry-once + no resolve`
+*  construction warning so repeated tree-shake re-registration in the same
+*  process does not spam the log. */
+const warnedRetryOnceWithoutResolve = /* @__PURE__ */ new Set();
+function warnRetryOnceWithoutResolve(resolvedCredentialSetId) {
+	if (warnedRetryOnceWithoutResolve.has(resolvedCredentialSetId)) return;
+	warnedRetryOnceWithoutResolve.add(resolvedCredentialSetId);
+	console.warn(`CredentialSet "${resolvedCredentialSetId}": onCredentialRevoked: 'retry-once' is set but no resolve is declared. The retry will be a no-op because re-resolving stored values would produce the same result.`);
+}
+/** Runtime safety net: the referenced `clientApp` for a
+* `workspace-provider-app` `oauthClientSource` must declare both the
+* clientId and clientSecret keys (either under the default names or via
+* `keyMap` aliases). The `visibility: 'internal'` check happens earlier at
+* the Zod refinement layer; this validator covers the deeper schema-shape
+* check so authors catch mismatches at construction rather than at
+* handshake time. */
+function assertOAuthClientSourceIsWellFormed(credentialSetId, connection) {
+	const source = connection.oauthClientSource;
+	if (!source || source.kind !== "workspace-provider-app") return;
+	const clientIdKey = source.keyMap?.clientId ?? "clientId";
+	const clientSecretKey = source.keyMap?.clientSecret ?? "clientSecret";
+	const referenced = source.credentialSet;
+	const keys = new Set(referenced.credentialKeys);
+	const missing = [];
+	if (!keys.has(clientIdKey)) missing.push(`clientId key "${clientIdKey}"`);
+	if (!keys.has(clientSecretKey)) missing.push(`clientSecret key "${clientSecretKey}"`);
+	if (missing.length > 0) throw new Error(`CredentialSet "${credentialSetId}": oauthClientSource.credentialSet "${referenced.id}" does not declare ${missing.join(" or ")}. Adjust the referenced credential set's auth schema or pass an explicit keyMap.`);
+}
+/** Runtime safety net: when a caller constructs with a typed-erased shape
+* (e.g. via `as never`), verify every declared vault slot still maps to a
+* known stored/auth schema key. The static `CredentialVaultKeys` parameter on
+* `CredentialSetConfig.connection` catches typos at the construction site;
+* this runtime check catches the erased case. */
+function assertDeclarativeVaultKeysAreKnown(credentialSetId, vault, knownKeys) {
+	if ("build" in vault) return;
+	const known = new Set(knownKeys);
+	const invalid = [];
+	if (!known.has(vault.accessToken)) invalid.push(`vault.accessToken="${vault.accessToken}"`);
+	if (vault.instanceUrl !== void 0 && !known.has(vault.instanceUrl)) invalid.push(`vault.instanceUrl="${vault.instanceUrl}"`);
+	if (vault.raw) {
+		for (const rawKey of Object.keys(vault.raw)) if (!known.has(rawKey)) invalid.push(`vault.raw.${rawKey}`);
+	}
+	if (invalid.length > 0) throw new Error(`CredentialSet "${credentialSetId}": OAuth vault references unknown credential keys (${invalid.join(", ")}). Valid keys are [${[...known].sort().join(", ")}].`);
+}
+//#endregion
+//#region ../../packages/core/src/shared/credential-sets.ts
+function cloneCredentialSets(credentialSets) {
+	return credentialSets ? [...credentialSets] : void 0;
+}
+function assertUniqueCredentialSetIds(credentialSets, ownerKind, ownerName) {
+	const seenCredentialSetIds = /* @__PURE__ */ new Set();
+	for (const credentialSet of credentialSets) {
+		if (seenCredentialSetIds.has(credentialSet.id)) throw new Error(`${ownerKind} "${ownerName}" declares duplicate credential set id "${credentialSet.id}".`);
+		seenCredentialSetIds.add(credentialSet.id);
+	}
+}
+//#endregion
+//#region ../../packages/core/src/operation/nesting-guard.ts
+const NESTING_GUARD_KEY = "__ks_operation_nesting_guard__";
+function getStorage() {
+	const g = globalThis;
+	if (!g[NESTING_GUARD_KEY]) g[NESTING_GUARD_KEY] = new AsyncLocalStorage();
+	return g[NESTING_GUARD_KEY];
+}
+function getActiveOperationRun() {
+	return getStorage().getStore()?.operationName;
+}
+function runWithOperationScope(operationName, fn) {
+	return getStorage().run({ operationName }, fn);
+}
+//#endregion
+//#region ../../packages/core/src/operation/schemas.ts
+const credentialSetInstanceSchema = createStructuralSchema([
+	"id",
+	"auth",
+	"needsResolve"
+], "a CredentialSet instance");
+const operationConfigSchema = z.object({
+	credentialSets: z.array(credentialSetInstanceSchema).optional(),
+	description: descriptionString("Operation description"),
+	id: trimmedNonEmptyString("Operation id"),
+	input: anyZodSchemaSchema,
+	name: trimmedNonEmptyString("Operation name"),
+	needsApproval: z.boolean().optional(),
+	output: anyZodSchemaSchema,
+	requiredOAuthScopes: z.array(z.string()).optional(),
+	retries: RetryConfigSchema.optional(),
+	run: z.function(),
+	tags: z.array(z.string()).optional(),
+	timeout: DurationSchema.optional(),
+	maxDurationMs: z.number().int().positive().optional(),
+	workflowGlobals: anyZodSchemaSchema.optional()
+});
+const OperationManifestSchema = z.object({
+	manifestVersion: z.literal(1),
+	type: z.literal("operation"),
+	name: trimmedNonEmptyString("Operation name"),
+	id: trimmedNonEmptyString("Operation id"),
+	description: descriptionString("Operation description"),
+	credentialSets: z.array(CredentialSetManifestSchema),
+	input: jsonSchemaObject,
+	output: jsonSchemaObject,
+	timeout: DurationSchema.optional(),
+	tags: z.array(z.string()).optional(),
+	retries: RetryConfigSchema.optional(),
+	needsApproval: z.boolean().optional(),
+	requiredOAuthScopes: z.array(z.string()).optional(),
+	maxDurationMs: z.number().int().positive().optional(),
+	workflowGlobals: jsonSchemaObject.optional()
+});
+//#endregion
+//#region ../../packages/core/src/operation/step-registry.ts
+const REGISTRY_KEY = "__ks_step_registry";
+function getRegistry() {
+	const g = globalThis;
+	if (!g[REGISTRY_KEY]) g[REGISTRY_KEY] = [];
+	return g[REGISTRY_KEY];
+}
+function registerStep(step) {
+	getRegistry().push(step);
+}
+//#endregion
+//#region ../../packages/core/src/operation/Operation.ts
+function createHostedOperationExecutionError(integrationId, detail) {
+	return /* @__PURE__ */ new Error(`Hosted integration "${integrationId}" cannot run locally in this environment. ${detail}`);
+}
+var Operation = class Operation extends Primitive {
+	kind = "operation";
+	credentialSets;
+	description;
+	id;
+	input;
+	name;
+	needsApproval;
+	output;
+	requiredOAuthScopes;
+	retries;
+	tags;
+	timeout;
+	/**
+	* Upper bound on the operation's expected duration, in milliseconds.
+	* See {@link OperationConfig.maxDurationMs}.
+	*/
+	maxDurationMs;
+	workflowGlobals;
+	#manifest;
+	#runImplementation;
+	#config;
+	constructor(config) {
+		super();
+		const validatedConfig = validateConfig(operationConfigSchema, {
+			...config,
+			credentialSets: cloneCredentialSets(config.credentialSets),
+			tags: config.tags ? [...config.tags] : void 0,
+			requiredOAuthScopes: config.requiredOAuthScopes ? [...config.requiredOAuthScopes] : void 0
+		});
+		this.#config = {
+			...config,
+			...validatedConfig,
+			credentialSets: validatedConfig.credentialSets ?? config.credentialSets ?? [],
+			timeout: validatedConfig.timeout,
+			input: validatedConfig.input,
+			output: validatedConfig.output,
+			run: config.run,
+			workflowGlobals: validatedConfig.workflowGlobals
+		};
+		this.credentialSets = this.#config.credentialSets ?? [];
+		assertUniqueCredentialSetIds(this.credentialSets, "Operation", this.#config.name);
+		this.description = validatedConfig.description;
+		this.id = validatedConfig.id;
+		this.input = this.#config.input;
+		this.name = validatedConfig.name;
+		this.needsApproval = validatedConfig.needsApproval;
+		this.output = this.#config.output;
+		this.requiredOAuthScopes = validatedConfig.requiredOAuthScopes ? [...validatedConfig.requiredOAuthScopes] : void 0;
+		this.retries = validatedConfig.retries;
+		this.tags = [...validatedConfig.tags ?? []];
+		this.timeout = validatedConfig.timeout;
+		this.maxDurationMs = validatedConfig.maxDurationMs;
+		this.workflowGlobals = this.#config.workflowGlobals;
+		this.#runImplementation = this.#config.run;
+		registerStep(this);
+		this.#manifest = Object.freeze(OperationManifestSchema.parse({
+			manifestVersion: 1,
+			type: "operation",
+			name: this.name,
+			id: this.id,
+			description: this.description,
+			credentialSets: this.credentialSets.map((cs) => cs.toManifest()),
+			input: schemaToJsonSchema(this.input),
+			output: schemaToJsonSchema(this.output),
+			tags: [...this.tags],
+			...this.timeout ? { timeout: this.timeout } : {},
+			...this.retries ? { retries: this.retries } : {},
+			...typeof this.maxDurationMs === "number" ? { maxDurationMs: this.maxDurationMs } : {},
+			...this.needsApproval !== void 0 ? { needsApproval: this.needsApproval } : {},
+			...this.requiredOAuthScopes?.length ? { requiredOAuthScopes: [...this.requiredOAuthScopes] } : {},
+			...this.workflowGlobals ? { workflowGlobals: schemaToJsonSchema(this.workflowGlobals) } : {}
+		}));
+		Object.freeze(this);
+	}
+	withTimeout(duration) {
+		return new Operation({
+			...this.#config,
+			timeout: duration
+		});
+	}
+	retry(policy) {
+		return new Operation({
+			...this.#config,
+			retries: policy
+		});
+	}
+	configure(config) {
+		return new Operation({
+			...this.#config,
+			...config
+		});
+	}
+	getCredentialRequirements() {
+		return toDeclaredCredentialRequirements(this.credentialSets);
+	}
+	/** @internal Used by the flow graph builder for nesting detection. */
+	getRunFunctionSource() {
+		return this.#runImplementation.toString();
+	}
+	mapInput(schema, fn) {
+		const originalRun = this.#runImplementation;
+		return new Operation({
+			...this.#config,
+			input: schema,
+			run: async (input, ctx) => {
+				return originalRun(fn(input), ctx);
+			}
+		});
+	}
+	mapOutput(schema, fn) {
+		const originalRun = this.#runImplementation;
+		return new Operation({
+			...this.#config,
+			output: schema,
+			run: async (input, ctx) => {
+				return fn(await originalRun(input, ctx));
+			}
+		});
+	}
+	async run(input, ctx) {
+		const parsedInput = this.input.parse(input);
+		const interceptor = getActiveRuntimeCallInterceptor();
+		if (interceptor) {
+			const intercepted = await interceptor({
+				instance: this,
+				kind: "workflow-step",
+				name: this.name,
+				input: parsedInput,
+				outputSchema: this.output
+			});
+			return this.output.parse(intercepted);
+		}
+		if (!ctx) {
+			const workflowRuntime = getRegisteredRuntime();
+			if (workflowRuntime?.handleStep) {
+				const intercepted = await workflowRuntime.handleStep(this, parsedInput);
+				return this.output.parse(intercepted);
+			}
+		}
+		const integrationMetadata = getOfficialIntegrationMetadata(this);
+		if (integrationMetadata?.hosted) {
+			const hostedActionExecutionPolicy = getHostedActionExecutionPolicy();
+			const dispatcher = getRegisteredHostedActionDispatcher();
+			if (!dispatcher) {
+				if (hostedActionExecutionPolicy === "strict") throw createHostedOperationExecutionError(integrationMetadata.integrationId, "Use `keystrokeTestPlugin()` in auto mode, run `keystroke auth`, and ensure the Keystroke dev server is running.");
+			} else {
+				const dispatchResult = await dispatcher.dispatch(this, integrationMetadata.integrationId, parsedInput);
+				if (dispatchResult.handled) return this.output.parse(dispatchResult.result);
+				if (hostedActionExecutionPolicy === "strict") throw createHostedOperationExecutionError(integrationMetadata.integrationId, "The hosted-action dispatcher declined execution. Hosted integrations must execute through the Keystroke dev server.");
+			}
+		}
+		const execute = async () => {
+			const parentOperation = getActiveOperationRun();
+			if (parentOperation) throw new Error(`Operation "${this.name}" was called inside the run function of "${parentOperation}". Steps and Operations cannot call other Operations inside their run function. Move the "${this.name}" call into the Workflow's run function, or use a plain async helper function instead of a Step.`);
+			return runWithOperationScope(this.name, async () => {
+				const result = await this.#runImplementation(parsedInput, await this.#resolveRuntimeContext(ctx));
+				return this.output.parse(result);
+			});
+		};
+		if (this.timeout) {
+			const ms = parseDurationToMs(this.timeout);
+			return Promise.race([execute(), new Promise((_, reject) => setTimeout(() => reject(/* @__PURE__ */ new Error(`Operation "${this.name}" timed out after ${ms}ms`)), ms))]);
+		}
+		return execute();
+	}
+	/**
+	* Execute the step implementation directly, bypassing interceptors and
+	* runtime checks. Used by the inline step execution runtime to avoid
+	* recursion through handleStep.
+	* @internal
+	*/
+	async executeDirectly(input, ctx) {
+		const parsedInput = this.input.parse(input);
+		const result = await this.#runImplementation(parsedInput, await this.#resolveRuntimeContext(ctx));
+		return this.output.parse(result);
+	}
+	describe() {
+		return `Operation "${this.name}"`;
+	}
+	toManifest() {
+		return this.#manifest;
+	}
+	#createImplicitRuntimeContext() {
+		return {
+			credentials: {},
+			workflowGlobals: void 0
+		};
+	}
+	#normalizeRuntimeContext(ctx) {
+		const tracing = ctx;
+		return {
+			attempt: ctx.attempt,
+			credentials: ctx.credentials ?? {},
+			maxAttempts: ctx.maxAttempts,
+			stepId: ctx.stepId,
+			toolCallId: tracing.toolCallId,
+			traceparent: tracing.traceparent,
+			tracestate: tracing.tracestate,
+			workflowGlobals: ctx.workflowGlobals
+		};
+	}
+	async #resolveRuntimeContext(ctx) {
+		const runtimeContext = ctx ?? getRegisteredOperationContext(this);
+		if (runtimeContext) {
+			const normalizedContext = this.#normalizeRuntimeContext(runtimeContext);
+			return this.#validateRuntimeContext(await this.#resolveMissingCredentials(normalizedContext));
+		}
+		if (this.credentialSets.length === 0 && !this.workflowGlobals) return this.#createImplicitRuntimeContext();
+		throw new Error(`Operation "${this.name}" was executed without a runtime context. Pass one explicitly to .run(input, ctx), or use keystrokeTestPlugin() from "@keystrokehq/core/vitest" in Vitest.`);
+	}
+	async #resolveMissingCredentials(ctx) {
+		if (this.credentialSets.map((credentialSet) => credentialSet.id).filter((credentialSetId) => ctx.credentials[credentialSetId] === void 0).length === 0) return ctx;
+		const resolvedCredentials = await resolveRegisteredOperationCredentials(this, ctx);
+		if (!resolvedCredentials) return ctx;
+		return {
+			...ctx,
+			credentials: {
+				...resolvedCredentials,
+				...ctx.credentials
+			}
+		};
+	}
+	#validateRuntimeContext(ctx) {
+		const validatedCredentials = {};
+		for (const credentialSet of this.credentialSets) {
+			const credentialId = credentialSet.id;
+			const rawCredential = ctx.credentials[credentialId];
+			validatedCredentials[credentialSet.id] = credentialSet.auth.parse(rawCredential);
+		}
+		return {
+			attempt: ctx.attempt,
+			credentials: validatedCredentials,
+			maxAttempts: ctx.maxAttempts,
+			stepId: ctx.stepId,
+			...ctx.toolCallId !== void 0 ? { toolCallId: ctx.toolCallId } : {},
+			...ctx.traceparent !== void 0 ? { traceparent: ctx.traceparent } : {},
+			...ctx.tracestate !== void 0 ? { tracestate: ctx.tracestate } : {},
+			workflowGlobals: this.workflowGlobals ? this.workflowGlobals.parse(ctx.workflowGlobals) : ctx.workflowGlobals
+		};
+	}
+};
+//#endregion
+//#region ../../packages/core/src/errors/credential-revoked-error.ts
 /**
 * Thrown by integration client wrappers when a provider returns 401/403,
 * indicating the stored credentials have been revoked or expired.
@@ -45538,7 +46347,7 @@ const gustoBundle = defineOfficialIntegration({
 });
 gustoBundle.connection;
 //#endregion
-//#region ../../packages/integrations/integration-hubspot/dist/integration-Dr8wpq1-.mjs
+//#region ../../packages/integrations/integration-hubspot/dist/integration-C4wYr0hZ.mjs
 /**
 * Internal credential set for the Keystroke-managed HubSpot OAuth app.
 * Used for webhook signature verification on inbound webhooks.
@@ -54244,7 +55053,7 @@ const linearAppCredentialSet = new CredentialSet({
 });
 z.string().optional(), z.string().optional(), z.string().optional();
 //#endregion
-//#region ../../packages/workflow-core/src/shared/create-error-normalizing-proxy.ts
+//#region ../../packages/core/src/shared/create-error-normalizing-proxy.ts
 function isThenable$1(value) {
 	return !!value && typeof value === "object" && "then" in value && typeof value.then === "function";
 }
@@ -139221,7 +140030,7 @@ var LinearClient = class extends LinearSdk {
 	}
 };
 //#endregion
-//#region ../../packages/integrations/integration-linear/dist/schemas-gcIdf9Pt.mjs
+//#region ../../packages/integrations/integration-linear/dist/schemas-aVLy3iV7.mjs
 /**
 * Linear OAuth connection configuration.
 *
@@ -141575,7 +142384,7 @@ z.string().optional(), z.string().optional(), z.string().optional();
 */
 const SENTRY_DEFAULT_BASE_URL = "https://sentry.io";
 //#endregion
-//#region ../../packages/integrations/integration-sentry/dist/integration-DlTslkB6.mjs
+//#region ../../packages/integrations/integration-sentry/dist/integration-C7EDI5L4.mjs
 const sentryOAuthConnection = {
 	kind: "oauth",
 	tokenType: "refreshable",
@@ -144409,7 +145218,7 @@ const slackAppCredentialSet = new CredentialSet({
 });
 z.string().optional(), z.string().optional(), z.string().optional(), z.string().optional();
 //#endregion
-//#region ../../packages/integrations/integration-slack/dist/integration-CXzavV_C.mjs
+//#region ../../packages/integrations/integration-slack/dist/integration-CTNuSaOh.mjs
 /**
 * Slack OAuth connection configuration.
 *
@@ -144465,7 +145274,7 @@ const slackBundle = defineOfficialIntegration({
 });
 slackBundle.connection;
 //#endregion
-//#region ../../packages/integrations/integration-snowflake/dist/integration-Qu0_oO7s.mjs
+//#region ../../packages/integrations/integration-snowflake/dist/integration-lylQDjSA.mjs
 /**
 * Webhook credential sets for the Snowflake auto-ingest triggers.
 *
@@ -150747,12 +151556,12 @@ zoomBundle.connection;
 * Registry of Keystroke-managed (a.k.a. "official") platform providers.
 *
 * This registry is intentionally part of `@keystroke/official-integrations`
-* (not `@keystroke/workflow-core`) because the providers it lists are platform
+* (not `@keystrokehq/core`) because the providers it lists are platform
 * concerns: which integrations Keystroke ships out of the box, which of them
 * support a chat-style messaging gateway, and which messaging adapter id
 * each one delivers through.
 *
-* `@keystroke/workflow-core` itself is provider-agnostic: its `MessagingGateway`
+* `@keystrokehq/core` itself is provider-agnostic: its `MessagingGateway`
 * and `ProviderTrigger` primitives accept any string `provider`, and
 * integration packages narrow that string at their own boundary.
 */
@@ -151163,7 +151972,7 @@ async function verifyCredentialResolvable(params) {
 * Enforces an 8-second platform timeout so a hung provider endpoint cannot
 * stall the CLI indefinitely.
 *
-* @see packages/workflow-core/src/credential-set/connection.ts — `ValidateManualHook`
+* @see packages/core/src/credential-set/connection.ts — `ValidateManualHook`
 */
 /**
 * Run the manual `validate` hook for an official integration's credential