@keystrokehq/cli 0.0.1

package/dist/src-C0X6u_Mw.mjs

@@ -0,0 +1,1340 @@
+#!/usr/bin/env node
+
+import { A as idNoSpacesString, B as RetryConfigSchema, C as CredentialSetManifestSchema, D as anyZodSchemaSchema, E as CREDENTIAL_VISIBILITIES, F as schemaToJsonSchema, I as trimmedNonEmptyString, M as jsonValueSchema, N as optionalDescriptionString, O as createStructuralSchema, P as optionalTrimmedNonEmptyString, R as validateConfig, T as CREDENTIAL_KINDS, i as parseDurationToMs, j as jsonSchemaObject, k as descriptionString, n as IANATimezoneSchema, r as ScheduleSchema, t as DurationSchema, w as credentialSetConfigSchema } from "./schedule-BXx3uXwr.mjs";
+import { r as toDeclaredCredentialRequirements } from "./_manifest-JSRE3H8k.mjs";
+import { n as TriggerRuntimeDescriptorSchema, r as triggerBaseConfigSchema } from "./schemas-CDib1RhE.mjs";
+import { z } from "zod";
+import { AsyncLocalStorage } from "node:async_hooks";
+//#region ../../packages/workflow-core/src/internal/runtime-call-interceptor.ts
+const ASYNC_STORAGE_KEY = "__ks_runtime_call_interceptor_async_storage";
+const STACK_KEY = "__ks_runtime_call_interceptor_stack";
+function getAsyncStorage() {
+	const g = globalThis;
+	if (ASYNC_STORAGE_KEY in g) return g[ASYNC_STORAGE_KEY];
+	const AsyncLocalStorage = g.process?.getBuiltinModule?.("async_hooks")?.AsyncLocalStorage;
+	const storage = AsyncLocalStorage ? new AsyncLocalStorage() : void 0;
+	g[ASYNC_STORAGE_KEY] = storage;
+	return storage;
+}
+function getStack() {
+	const g = globalThis;
+	if (!g[STACK_KEY]) g[STACK_KEY] = [];
+	return g[STACK_KEY];
+}
+function getActiveRuntimeCallInterceptor() {
+	const asyncStorage = getAsyncStorage();
+	if (asyncStorage) return asyncStorage.getStore()?.at(-1);
+	const stack = getStack();
+	return stack.length > 0 ? stack[stack.length - 1] : void 0;
+}
+//#endregion
+//#region ../../packages/workflow-core/src/operation/integration-metadata-registry.ts
+const REGISTRY_KEY$2 = "__ks_official_integration_metadata_registry";
+function getRegistry$2() {
+	const g = globalThis;
+	if (!g[REGISTRY_KEY$2]) g[REGISTRY_KEY$2] = /* @__PURE__ */ new WeakMap();
+	return g[REGISTRY_KEY$2];
+}
+/** Register by instance identity. Parameters use `object` so consumers are not blocked when `.d.ts` bundles duplicate `Operation` (e.g. `_runtime` vs `./operation`). */
+function registerOfficialIntegrationOperation(operation, metadata) {
+	getRegistry$2().set(operation, Object.freeze({ ...metadata }));
+}
+function getOfficialIntegrationMetadata(operation) {
+	return getRegistry$2().get(operation);
+}
+//#endregion
+//#region ../../packages/workflow-core/src/shared/primitive.ts
+/**
+* Base class for all Keystroke primitives. The `kind` discriminator lets
+* downstream code narrow primitive unions (e.g. `AnyAgentToolEntry =
+* AnyOperation | AnyWorkflow`) without resorting to structural `'x' in tool`
+* checks. Each subclass declares a literal `kind` matching its identity.
+*/
+var Primitive = class {};
+//#endregion
+//#region ../../packages/workflow-core/src/internal/execution-scope.ts
+const SCOPE_STACK_KEY = "__ks_execution_scope_stack__";
+function getScopeStack() {
+	const g = globalThis;
+	if (!g[SCOPE_STACK_KEY]) g[SCOPE_STACK_KEY] = [];
+	return g[SCOPE_STACK_KEY];
+}
+function getCurrentScope() {
+	const stack = getScopeStack();
+	return stack[stack.length - 1] ?? getDefaultScope();
+}
+const DEFAULT_SCOPE_KEY = "__ks_execution_scope_default__";
+function getDefaultScope() {
+	const g = globalThis;
+	if (!g[DEFAULT_SCOPE_KEY]) g[DEFAULT_SCOPE_KEY] = { stepContextProviders: [] };
+	return g[DEFAULT_SCOPE_KEY];
+}
+function getExecutionScopeWorkflowRuntime() {
+	return getCurrentScope().workflowRuntimeProvider?.();
+}
+function setExecutionScopeWorkflowRuntime(provider) {
+	const scope = getCurrentScope();
+	scope.workflowRuntimeProvider = provider;
+}
+function pushExecutionScopeStepContext(provider) {
+	const scope = getCurrentScope();
+	scope.stepContextProviders = [...scope.stepContextProviders, provider];
+}
+function clearExecutionScopeStepContexts() {
+	const scope = getCurrentScope();
+	scope.stepContextProviders = [];
+}
+function getExecutionScopeStepContextProvider() {
+	return getCurrentScope().stepContextProviders.at(-1);
+}
+function setExecutionScopeStepCredentialResolver(resolver) {
+	const scope = getCurrentScope();
+	scope.stepCredentialResolver = resolver;
+}
+function getExecutionScopeStepCredentialResolver() {
+	return getCurrentScope().stepCredentialResolver;
+}
+//#endregion
+//#region ../../packages/workflow-core/src/workflow/context-registry.ts
+function registerRuntime(registry) {
+	setExecutionScopeWorkflowRuntime(registry.getRuntime);
+}
+function clearRuntime() {
+	setExecutionScopeWorkflowRuntime(void 0);
+}
+function getRegisteredRuntime() {
+	return getExecutionScopeWorkflowRuntime();
+}
+//#endregion
+//#region ../../packages/workflow-core/src/mcp-server/schemas.ts
+const credentialSetInstanceSchema$3 = createStructuralSchema([
+	"id",
+	"auth",
+	"needsResolve"
+], "a CredentialSet instance");
+const McpTransportSchema = z.discriminatedUnion("type", [
+	z.object({
+		type: z.literal("stdio"),
+		command: trimmedNonEmptyString("Command"),
+		args: z.array(z.string()).optional(),
+		env: z.record(z.string(), z.string()).optional()
+	}),
+	z.object({
+		type: z.literal("http"),
+		url: trimmedNonEmptyString("URL"),
+		headers: z.record(z.string(), z.string()).optional()
+	}),
+	z.object({
+		type: z.literal("sse"),
+		url: trimmedNonEmptyString("URL"),
+		headers: z.record(z.string(), z.string()).optional()
+	})
+]);
+z.object({
+	id: trimmedNonEmptyString("MCP server ID"),
+	name: optionalTrimmedNonEmptyString("MCP server name"),
+	description: optionalDescriptionString("MCP server description"),
+	transport: McpTransportSchema,
+	credentialSets: z.array(credentialSetInstanceSchema$3).optional(),
+	credentials: z.function().optional()
+});
+const McpServerManifestSchema = z.object({
+	manifestVersion: z.literal(1),
+	type: z.literal("mcpServer"),
+	id: z.string().min(1),
+	name: z.string().min(1),
+	description: z.string().optional(),
+	transport: McpTransportSchema,
+	credentialSets: z.array(CredentialSetManifestSchema),
+	credentialInjection: z.object({
+		env: z.record(z.string(), z.object({
+			credentialSetId: z.string().min(1),
+			key: z.string().min(1)
+		})).optional(),
+		headers: z.record(z.string(), z.object({
+			credentialSetId: z.string().min(1),
+			key: z.string().min(1)
+		})).optional()
+	}).optional()
+});
+//#endregion
+//#region ../../packages/workflow-core/src/messaging-gateway/schemas.ts
+const credentialSetInstanceSchema$2 = createStructuralSchema([
+	"id",
+	"auth",
+	"needsResolve"
+], "a CredentialSet instance");
+const MessagingGatewayModeSchema = z.enum(["platform", "custom"]);
+const MessagingGatewayCredentialScopeSchema = z.enum(["organization", "project"]);
+z.object({
+	id: idNoSpacesString("MessagingGateway id"),
+	name: optionalDescriptionString("MessagingGateway name"),
+	description: optionalDescriptionString("MessagingGateway description"),
+	provider: z.string().min(1, "MessagingGateway provider is required"),
+	mode: MessagingGatewayModeSchema,
+	credentialSet: credentialSetInstanceSchema$2,
+	credentialScope: MessagingGatewayCredentialScopeSchema.optional(),
+	appRef: z.string().min(1).optional()
+});
+const MessagingGatewayManifestSchema = z.object({
+	manifestVersion: z.literal(1),
+	type: z.literal("messaging-gateway"),
+	id: z.string().min(1),
+	name: z.string().min(1),
+	description: z.string().optional(),
+	provider: z.string().min(1),
+	mode: MessagingGatewayModeSchema,
+	credentialSet: CredentialSetManifestSchema,
+	credentialScope: MessagingGatewayCredentialScopeSchema.optional(),
+	appRef: z.string().min(1).optional()
+});
+//#endregion
+//#region ../../packages/workflow-core/src/sandbox/schemas.ts
+/**
+* `workdir` must be `/workspace` or a subdirectory so it lands inside the
+* persistent bind mount used by `bootSandbox`. Anything outside `/workspace`
+* is ephemeral today (and not captured by future snapshots' instance state).
+*/
+const WorkdirSchema = z.string().trim().min(1).refine((value) => value === "/workspace" || value.startsWith("/workspace/"), { error: "workdir must be \"/workspace\" or a subdirectory of \"/workspace\"" });
+const SandboxRuntimeSchema = z.object({
+	/**
+	* Commands the runtime executes inside the sandbox on EVERY boot, after
+	* `setupCommands` (and after a snapshot warm-boot, where setupCommands are
+	* skipped). Use for `git pull`, `pnpm build`, or anything that should
+	* refresh on each invocation. Each command runs with `cwd = workdir`.
+	*/
+	runCommands: z.array(z.string().trim().min(1)).default([]),
+	env: z.record(z.string(), z.string()).default({}),
+	workdir: WorkdirSchema.optional()
+});
+const SandboxFileSourceSchema = z.discriminatedUnion("type", [z.object({
+	type: z.literal("git"),
+	/** Remote git URL to clone. */
+	url: trimmedNonEmptyString("Git URL"),
+	/** Branch to clone. Omit for default branch. */
+	branch: z.string().optional(),
+	/**
+	* Where to clone inside the VM. Relative paths resolve against the
+	* sandbox `workdir`; absolute paths must stay under `/workspace`. Omit
+	* to default to `<workdir>/<repo-basename>`.
+	*/
+	target: z.string().optional()
+}), z.object({
+	type: z.literal("local"),
+	/** Source path on the host (the dev's machine), resolved against project root. */
+	path: trimmedNonEmptyString("Local path"),
+	/**
+	* Where the file/dir lands inside the VM. Relative paths resolve
+	* against the sandbox `workdir`; absolute paths must stay under
+	* `/workspace`. Omit to default to `<workdir>/<basename(path)>`.
+	*/
+	target: z.string().optional()
+})]);
+z.object({
+	id: optionalTrimmedNonEmptyString("Sandbox ID"),
+	name: optionalTrimmedNonEmptyString("Sandbox name"),
+	description: optionalDescriptionString("Sandbox description"),
+	runtime: SandboxRuntimeSchema.optional(),
+	fileSources: z.array(SandboxFileSourceSchema).optional(),
+	setupCommands: z.array(z.string()).optional()
+});
+const SandboxManifestSchema = z.object({
+	manifestVersion: z.literal(1),
+	type: z.literal("sandbox"),
+	id: z.string().min(1),
+	name: z.string().min(1),
+	description: z.string().optional(),
+	runtime: SandboxRuntimeSchema,
+	fileSources: z.array(SandboxFileSourceSchema),
+	setupCommands: z.array(z.string())
+});
+//#endregion
+//#region ../../packages/workflow-core/src/agent/types.ts
+const AGENT_RUNTIME_KIND_DECLARATIVE = "declarative";
+const AGENT_RUNTIME_KIND_RUNNABLE = "runnable";
+//#endregion
+//#region ../../packages/workflow-core/src/agent/schemas.ts
+const AgentThinkingLevelSchema = z.enum([
+	"off",
+	"minimal",
+	"low",
+	"medium",
+	"high",
+	"xhigh"
+]);
+const mcpServerInstanceSchema = createStructuralSchema([
+	"id",
+	"transport",
+	"credentialSets"
+], "a McpServer instance");
+const sandboxInstanceSchema = createStructuralSchema([
+	"id",
+	"runtime",
+	"fileSources",
+	"setupCommands"
+], "a Sandbox instance");
+const messagingGatewayInstanceSchema = createStructuralSchema([
+	"id",
+	"provider",
+	"mode",
+	"credentialSet"
+], "a MessagingGateway instance");
+const SkillSourceSchema = z.object({ path: z.string() });
+const AgentHooksSchema = z.object({
+	onToolStart: z.function().optional(),
+	onToolEnd: z.function().optional(),
+	onStep: z.function().optional()
+}).strict();
+const AgentToolSourceKindSchema = z.enum(["operation", "workflow"]);
+const AgentToolCredentialSetReferenceSchema = z.object({
+	id: z.string(),
+	required: z.boolean()
+});
+z.object({
+	id: trimmedNonEmptyString("Agent ID"),
+	name: trimmedNonEmptyString("Agent name"),
+	description: optionalDescriptionString("Agent description"),
+	systemPrompt: z.string().min(1, { error: "System prompt is required" }),
+	model: trimmedNonEmptyString("Model"),
+	thinkingLevel: AgentThinkingLevelSchema.optional(),
+	input: anyZodSchemaSchema.optional(),
+	output: anyZodSchemaSchema.optional(),
+	tools: z.array(z.unknown()).optional(),
+	mcpServers: z.array(mcpServerInstanceSchema).optional(),
+	sandbox: sandboxInstanceSchema.optional(),
+	skills: z.array(SkillSourceSchema).optional(),
+	enableMemory: z.boolean().default(true),
+	enableDatabase: z.boolean().default(true),
+	messaging: z.array(messagingGatewayInstanceSchema).optional(),
+	maxSteps: z.number().int().nonnegative().optional(),
+	hooks: AgentHooksSchema.optional(),
+	run: z.function().optional(),
+	stream: z.function().optional()
+});
+const AgentManifestSchema = z.object({
+	manifestVersion: z.literal(1),
+	type: z.literal("agent"),
+	id: z.string().min(1),
+	authoredAgentId: z.string().min(1),
+	name: z.string().min(1),
+	runtimeKind: z.enum([AGENT_RUNTIME_KIND_DECLARATIVE, AGENT_RUNTIME_KIND_RUNNABLE]),
+	description: z.string().optional(),
+	systemPrompt: z.string(),
+	model: z.string(),
+	thinkingLevel: AgentThinkingLevelSchema,
+	input: jsonSchemaObject,
+	output: jsonSchemaObject,
+	maxSteps: z.number(),
+	credentialSets: z.array(CredentialSetManifestSchema).optional(),
+	tools: z.array(z.object({
+		id: z.string(),
+		displayName: z.string(),
+		description: z.string().optional(),
+		sourceKind: AgentToolSourceKindSchema,
+		authoredOperationId: z.string().optional(),
+		authoredWorkflowId: z.string().optional(),
+		integrationId: z.string().optional(),
+		largeResultMode: z.enum(["reject", "ref"]).optional(),
+		midSessionSnapshot: z.boolean().optional(),
+		credentialSets: z.array(AgentToolCredentialSetReferenceSchema).optional()
+	})),
+	skills: z.array(SkillSourceSchema).optional(),
+	enableMemory: z.boolean().default(true),
+	enableDatabase: z.boolean().default(true),
+	mcpServers: z.array(McpServerManifestSchema),
+	sandbox: SandboxManifestSchema.optional(),
+	messaging: z.array(MessagingGatewayManifestSchema).optional()
+});
+z.string();
+z.unknown();
+//#endregion
+//#region ../../packages/workflow-core/src/credential-set/zod-shape.ts
+/**
+* Shape-reflection helpers for `CredentialSet` schemas.
+*
+* Shared between the `CredentialSet` constructor (which memoizes the key
+* lists onto the instance) and the construction-time identity registry
+* (which hashes the same shape into a fingerprint). Kept in its own
+* module to avoid an import cycle between `CredentialSet.ts` and
+* `registry.ts`.
+*/
+/**
+* Inspect a `z.ZodObject` once and return its sorted property keys plus the
+* subset wrapped in `.optional()` / `.default()`.
+*
+* Tolerates both the Zod v3 `.shape` getter and the Zod v4 `_def.shape`
+* thunk so the helper stays stable across schema versions.
+*/
+function readZodObjectKeyMetadata(schema) {
+	const resolvedShape = resolveZodObjectShape(schema);
+	if (resolvedShape === null || typeof resolvedShape !== "object") return {
+		all: [],
+		optional: []
+	};
+	const entries = Object.entries(resolvedShape);
+	return {
+		all: entries.map(([key]) => key).sort(),
+		optional: entries.filter(([, field]) => field instanceof z.ZodOptional || field instanceof z.ZodDefault).map(([key]) => key).sort()
+	};
+}
+/**
+* Resolve the raw shape record of a `z.ZodObject` tolerating v3 and v4
+* internal layouts. Returns `null` when the object cannot be reflected.
+*/
+function resolveZodObjectShape(schema) {
+	const internals = schema;
+	const rawShape = internals._def?.shape ?? internals.shape;
+	const resolved = typeof rawShape === "function" ? rawShape() : rawShape;
+	if (resolved === null || typeof resolved !== "object") return null;
+	return resolved;
+}
+//#endregion
+//#region ../../packages/workflow-core/src/credential-set/registry.ts
+/**
+* The backing map is keyed on `globalThis` under a well-known
+* `Symbol.for(...)` so (a) multiple bundles/subpaths of this package share
+* a single registry instance at runtime and (b) host-side test harnesses
+* that cannot take a direct dependency on `@keystroke/workflow-core`
+* (e.g. `@keystroke/test-utils`, which would otherwise form a cycle
+* through `@keystroke/local-memory`) can still drive the reset hook by
+* clearing the same `Map` via the exported {@link CREDENTIAL_SET_REGISTRY_SYMBOL}.
+*/
+const CREDENTIAL_SET_REGISTRY_SYMBOL = Symbol.for("@keystroke/workflow-core/credential-set-registry");
+function getRegistry$1() {
+	const globalWithRegistry = globalThis;
+	const existing = globalWithRegistry[CREDENTIAL_SET_REGISTRY_SYMBOL];
+	if (existing) return existing;
+	const fresh = /* @__PURE__ */ new Map();
+	globalWithRegistry[CREDENTIAL_SET_REGISTRY_SYMBOL] = fresh;
+	return fresh;
+}
+/**
+* Thrown when two `CredentialSet` instances share the same
+* `resolvedCredentialSetId` but declare different shapes.
+*
+* @example
+* ```ts
+* new CredentialSet({ id: 'stripe', auth: z.object({ STRIPE_SECRET_KEY: z.string() }) });
+* // later, in a maintenance script:
+* new CredentialSet({ id: 'stripe', auth: z.object({ STRIPE_API_KEY: z.string() }) });
+* // -> throws DuplicateCredentialSetDefinitionError
+* ```
+*/
+var DuplicateCredentialSetDefinitionError = class extends Error {
+	manifestId;
+	firstDeclaredAt;
+	secondDeclaredAt;
+	firstFingerprint;
+	secondFingerprint;
+	constructor(options) {
+		super([
+			`Two CredentialSet instances were declared with the same manifestId "${options.manifestId}",`,
+			`but they have different shapes:`,
+			`  first  (${options.firstDeclaredAt}): ${options.firstFingerprint}`,
+			`  second (${options.secondDeclaredAt}): ${options.secondFingerprint}`,
+			"",
+			"If you meant to share these credentials, import the same instance from a single module.",
+			"If you meant two distinct credential sets, give them different ids (or namespaces)."
+		].join("\n"));
+		this.name = "DuplicateCredentialSetDefinitionError";
+		this.manifestId = options.manifestId;
+		this.firstDeclaredAt = options.firstDeclaredAt;
+		this.secondDeclaredAt = options.secondDeclaredAt;
+		this.firstFingerprint = options.firstFingerprint;
+		this.secondFingerprint = options.secondFingerprint;
+	}
+};
+/**
+* Register a newly constructed credential set by its
+* `resolvedCredentialSetId`. Called once per `CredentialSet` constructor.
+*
+* @throws {DuplicateCredentialSetDefinitionError} when the id was
+* previously registered with a different schema fingerprint.
+*/
+function registerCredentialSet(params) {
+	const registry = getRegistry$1();
+	const existing = registry.get(params.manifestId);
+	if (existing && existing.fingerprint !== params.fingerprint) throw new DuplicateCredentialSetDefinitionError({
+		manifestId: params.manifestId,
+		firstDeclaredAt: existing.sourceHint,
+		secondDeclaredAt: params.sourceHint,
+		firstFingerprint: existing.fingerprint,
+		secondFingerprint: params.fingerprint
+	});
+	registry.set(params.manifestId, {
+		fingerprint: params.fingerprint,
+		sourceHint: params.sourceHint
+	});
+}
+/**
+* Produce a deterministic fingerprint of a `CredentialSet`'s auth (and
+* `stored`, when present) schema. The fingerprint is a stable string of
+* sorted `key:typeTag` pairs separated by `|`, with the stored shape
+* concatenated after a `#` delimiter when the credential set declares a
+* `stored` schema.
+*
+* Refinements (`.min(1)`, regex, etc.) are intentionally ignored — they
+* are not breaking changes for vault compatibility. Structural changes
+* (added keys, renamed keys, changed underlying Zod types, flipping
+* required ↔ optional) produce a different fingerprint.
+*
+* @see registerCredentialSet
+*/
+function fingerprintAuthShape(auth, stored) {
+	const authPart = shapeSignature(auth);
+	if (!stored) return authPart;
+	return `${authPart}#${shapeSignature(stored)}`;
+}
+function shapeSignature(schema) {
+	const resolvedShape = resolveZodObjectShape(schema);
+	if (!resolvedShape) return "";
+	return readZodObjectKeyMetadata(schema).all.map((key) => `${key}:${typeTag(resolvedShape[key])}`).sort().join("|");
+}
+function typeTag(zodType) {
+	if (zodType === null || zodType === void 0) return "Unknown";
+	const def = zodType._def;
+	return def?.typeName ?? def?.type ?? "Unknown";
+}
+/**
+* Best-effort source hint — a short file:line string recovered from a
+* lightweight stack trace at call time. Used only in the error message;
+* does not affect correctness of the registry comparison.
+*
+* @remarks
+* The hint format is `path/to/file.ts:line:col` when a repo frame can
+* be isolated, and `'unknown'` otherwise. Callers should treat the
+* value as opaque.
+*/
+function captureStackOrigin() {
+	const frame = ((/* @__PURE__ */ new Error()).stack?.split("\n") ?? []).slice(1).find((line) => (line.includes("/packages/") || line.includes("/apps/")) && !/\/credential-set\/registry\.[mc]?[jt]s/.test(line) && !/\/credential-set\/CredentialSet\.[mc]?[jt]s/.test(line));
+	if (!frame) return "unknown";
+	const parens = frame.match(/\(([^)]+)\)/);
+	if (parens?.[1]) return parens[1];
+	const bare = frame.match(/at\s+(.+)$/);
+	if (bare?.[1]) return bare[1];
+	return "unknown";
+}
+//#endregion
+//#region ../../packages/workflow-core/src/credential-set/CredentialSet.ts
+var CredentialSet = class extends Primitive {
+	kind = "credential-set";
+	id;
+	/** Optional namespace. Official Keystroke integrations use 'keystroke'. */
+	namespace;
+	/**
+	* Computed namespaced identifier used for storage and manifest-facing wiring.
+	*
+	* Use this value for DB storage, manifest entries, and explicit credential
+	* bindings. Do not use it as the runtime `ctx.credentials` key inside authored
+	* code.
+	*
+	* @remarks
+	* Runtime credential context is keyed by the raw `id`, not this field. That
+	* is why `ctx.credentials.slack` uses `slack` rather than `keystroke:slack`.
+	*/
+	resolvedCredentialSetId;
+	name;
+	description;
+	auth;
+	stored;
+	resolve;
+	/**
+	* Run-scoped cache TTL in milliseconds for the {@link resolve} output.
+	*
+	* Always a number; `0` means "no cache". Consumed by the credential
+	* runtime's `ResolveCache` when present.
+	*
+	* @see {@link CredentialSetConfig.resolveCacheMs}
+	*/
+	resolveCacheMs;
+	/**
+	* Platform-side `stored`→`auth` transform. Mutually exclusive with
+	* {@link resolve}. Runs on the trusted host via
+	* `@keystroke/credential-runtime`'s `executePlatformResolve` helper.
+	*
+	* @see {@link resolveLocation}
+	* @see {@link platformEnvAllowlist}
+	*/
+	resolveAtPlatform;
+	/**
+	* Resolved description of where the `stored`→`auth` transform runs.
+	*
+	* Computed at construction as `'platform'` when `resolveAtPlatform`
+	* is declared, `'sandbox'` when `resolve` is declared, `'none'`
+	* otherwise. The credential runtime's phase 3 branches on this value
+	* to pick the right execution location.
+	*
+	* @see {@link CredentialResolveLocation}
+	*/
+	resolveLocation;
+	/**
+	* Env-var names `resolveAtPlatform` may read through `ctx.env`.
+	* Frozen at construction. Empty when `resolveLocation !== 'platform'`.
+	*
+	* @see {@link PlatformResolveContext.env}
+	*/
+	platformEnvAllowlist;
+	needsResolve;
+	/** Required when namespace is 'keystroke'. Optional for user-authored credential sets. */
+	platformMetadata;
+	proxy;
+	needsRawSecret;
+	/**
+	* Policy when a step throws `CredentialRevokedError` against this credential set.
+	*
+	* @see {@link import('./types').CredentialSetConfig.onCredentialRevoked}
+	*/
+	onCredentialRevoked;
+	/**
+	* Describe the optional user-facing connect flow for this credential set.
+	*
+	* Set this when the credential should be uploaded through a manual form or an
+	* OAuth handshake. Omit it for platform-seeded or internal credentials that do
+	* not expose a user-facing connect flow.
+	*
+	* @see {@link CredentialSetConfig.connection}
+	*/
+	connection;
+	/** Sorted keys declared on the `auth` schema. Source of truth for what the
+	* built manifest advertises this credential set requires. Memoized at
+	* construction so neither the build pipeline nor the runtime needs to walk
+	* the Zod schema again. */
+	credentialKeys;
+	/** Subset of `credentialKeys` declared as `z.optional()` / `z.default()` on
+	* `auth`. Used by the build pipeline to record which vault keys may be
+	* absent without failing manifest declaration. */
+	optionalCredentialKeys;
+	/** Sorted keys declared on `stored` (or `auth` when no `stored` schema is
+	* provided). This is what the runtime credential resolver actually fetches
+	* from the vault, since `stored` represents the persisted shape. */
+	storedCredentialKeys;
+	/** Subset of `storedCredentialKeys` declared as `z.optional()` /
+	* `z.default()`. Tells the runtime resolver which vault keys are allowed to
+	* be missing. */
+	optionalStoredCredentialKeys;
+	#manifest;
+	constructor(config) {
+		super();
+		const validatedConfig = validateConfig(credentialSetConfigSchema, (() => {
+			if (config.platformMetadata !== void 0) return config;
+			if (config.namespace === "keystroke") return config;
+			if (config.connection !== void 0) return {
+				...config,
+				platformMetadata: {
+					kind: CREDENTIAL_KINDS["user-connection"],
+					visibility: CREDENTIAL_VISIBILITIES["user-visible"]
+				}
+			};
+			return config;
+		})());
+		const hasStored = validatedConfig.stored !== void 0;
+		const hasResolve = validatedConfig.resolve !== void 0;
+		const hasResolveAtPlatform = validatedConfig.resolveAtPlatform !== void 0;
+		if (hasResolve && hasResolveAtPlatform) throw new Error(`CredentialSet "${validatedConfig.id}": "resolve" and "resolveAtPlatform" are mutually exclusive.`);
+		if ((hasResolve || hasResolveAtPlatform) && !hasStored) throw new Error(`CredentialSet "${validatedConfig.id}": "resolve" / "resolveAtPlatform" require "stored".`);
+		if (hasStored && !hasResolve && !hasResolveAtPlatform) throw new Error(`CredentialSet "${validatedConfig.id}": "stored" requires either "resolve" or "resolveAtPlatform".`);
+		if (validatedConfig.platformEnvAllowlist !== void 0 && validatedConfig.platformEnvAllowlist.length > 0 && !hasResolveAtPlatform) throw new Error(`CredentialSet "${validatedConfig.id}": "platformEnvAllowlist" requires "resolveAtPlatform".`);
+		this.id = validatedConfig.id;
+		this.namespace = validatedConfig.namespace;
+		this.resolvedCredentialSetId = this.namespace ? `${this.namespace}:${this.id}` : this.id;
+		registerCredentialSet({
+			manifestId: this.resolvedCredentialSetId,
+			fingerprint: fingerprintAuthShape(validatedConfig.auth, validatedConfig.stored),
+			sourceHint: captureStackOrigin()
+		});
+		this.name = validatedConfig.name ?? validatedConfig.id;
+		this.description = validatedConfig.description;
+		this.auth = validatedConfig.auth;
+		this.stored = validatedConfig.stored;
+		this.resolve = validatedConfig.resolve;
+		this.resolveCacheMs = hasResolve && typeof validatedConfig.resolveCacheMs === "number" ? validatedConfig.resolveCacheMs : 0;
+		this.resolveAtPlatform = validatedConfig.resolveAtPlatform;
+		this.resolveLocation = hasResolve ? "sandbox" : hasResolveAtPlatform ? "platform" : "none";
+		this.platformEnvAllowlist = Object.freeze(validatedConfig.platformEnvAllowlist ? [...validatedConfig.platformEnvAllowlist] : []);
+		this.needsResolve = hasStored && (hasResolve || hasResolveAtPlatform);
+		this.platformMetadata = validatedConfig.platformMetadata;
+		this.proxy = validatedConfig.proxy;
+		this.needsRawSecret = validatedConfig.needsRawSecret;
+		this.onCredentialRevoked = validatedConfig.onCredentialRevoked;
+		this.connection = validatedConfig.connection;
+		if (this.onCredentialRevoked === "retry-once" && !this.resolve) warnRetryOnceWithoutResolve(this.resolvedCredentialSetId);
+		const authKeyMetadata = readZodObjectKeyMetadata(this.auth);
+		const storedKeyMetadata = this.stored ? readZodObjectKeyMetadata(this.stored) : authKeyMetadata;
+		this.credentialKeys = Object.freeze(authKeyMetadata.all);
+		this.optionalCredentialKeys = Object.freeze(authKeyMetadata.optional);
+		this.storedCredentialKeys = Object.freeze(storedKeyMetadata.all);
+		this.optionalStoredCredentialKeys = Object.freeze(storedKeyMetadata.optional);
+		if (this.connection?.kind === "oauth") {
+			assertDeclarativeVaultKeysAreKnown(validatedConfig.id, this.connection.vault, this.storedCredentialKeys);
+			assertOAuthClientSourceIsWellFormed(validatedConfig.id, this.connection);
+		}
+		this.#manifest = Object.freeze(CredentialSetManifestSchema.parse({
+			manifestVersion: 1,
+			type: "credentialSet",
+			id: this.id,
+			namespace: this.namespace,
+			resolvedCredentialSetId: this.resolvedCredentialSetId,
+			name: this.name,
+			auth: schemaToJsonSchema(this.auth),
+			...this.description ? { description: this.description } : {},
+			...this.stored ? { stored: schemaToJsonSchema(this.stored) } : {},
+			...this.needsResolve ? { needsResolve: true } : {},
+			...this.resolveCacheMs > 0 ? { resolveCacheMs: this.resolveCacheMs } : {},
+			...this.resolveLocation !== "none" ? { resolveLocation: this.resolveLocation } : {},
+			...this.platformEnvAllowlist.length > 0 ? { platformEnvAllowlist: [...this.platformEnvAllowlist] } : {},
+			...this.platformMetadata ? { platformMetadata: this.platformMetadata } : {},
+			...this.proxy ? { proxy: this.proxy } : {},
+			...this.needsRawSecret === true ? { needsRawSecret: true } : {},
+			...this.onCredentialRevoked ? { onCredentialRevoked: this.onCredentialRevoked } : {},
+			...this.connection ? { connection: serializeConnectionForManifest(this.connection) } : {}
+		}));
+		Object.freeze(this);
+	}
+	describe() {
+		return `CredentialSet "${this.name}" (${this.resolvedCredentialSetId})`;
+	}
+	toManifest() {
+		return this.#manifest;
+	}
+};
+/** Strip runtime hooks from the connection config before serializing to the
+* manifest. Hooks are functions and not manifest-safe; the manifest captures
+* only declarative metadata (kind, URLs, scopes, etc.).
+*
+* Declarative {@link Vault} mappings serialize as-is. Function-form vault
+* mappings cannot be serialized (they are runtime closures); the serialized
+* manifest records only the kind marker so the shape stays well-typed. */
+function serializeConnectionForManifest(connection) {
+	if (connection.kind === "manual") return {
+		kind: "manual",
+		...connection.instructions ? { instructions: connection.instructions } : {}
+	};
+	if (connection.kind === "oauth") return {
+		kind: "oauth",
+		authUrl: connection.authUrl,
+		tokenUrl: connection.tokenUrl,
+		scopes: connection.scopes,
+		tokenType: connection.tokenType,
+		vault: serializeVaultForManifest(connection.vault),
+		...connection.revokeUrl !== void 0 ? { revokeUrl: connection.revokeUrl } : {},
+		...connection.pkce === true ? { pkce: true } : {},
+		...typeof connection.defaultExpiresInSeconds === "number" ? { defaultExpiresInSeconds: connection.defaultExpiresInSeconds } : {},
+		...connection.oauthClientSource ? { oauthClientSource: serializeOAuthClientSourceForManifest(connection.oauthClientSource) } : {}
+	};
+	if (connection.kind === "credentials-exchange") return {
+		kind: "credentials-exchange",
+		input: schemaToJsonSchema(connection.input),
+		...connection.instructions ? { instructions: connection.instructions } : {}
+	};
+	throw new Error(`Unknown connection kind: ${JSON.stringify(connection)}`);
+}
+/** Project the live {@link OAuthClientSource} into its manifest-safe form.
+*  The workspace variant substitutes the object reference with the
+*  referenced credential set's `resolvedCredentialSetId` so the manifest
+*  carries a stable, persistable id instead of a closure-backed object. */
+function serializeOAuthClientSourceForManifest(source) {
+	if (source.kind === "keystroke-platform") return { kind: "keystroke-platform" };
+	return {
+		kind: "workspace-provider-app",
+		credentialSetId: source.credentialSet.resolvedCredentialSetId,
+		...source.keyMap ? { keyMap: source.keyMap } : {}
+	};
+}
+function serializeVaultForManifest(vault) {
+	if ("build" in vault) return {
+		kind: "function",
+		accessTokenKey: vault.accessTokenKey
+	};
+	return {
+		kind: "declarative",
+		accessToken: vault.accessToken,
+		...vault.instanceUrl !== void 0 ? { instanceUrl: vault.instanceUrl } : {},
+		...vault.raw !== void 0 ? { raw: { ...vault.raw } } : {}
+	};
+}
+/** Tracks credential-set ids that already emitted the `retry-once + no resolve`
+*  construction warning so repeated tree-shake re-registration in the same
+*  process does not spam the log. */
+const warnedRetryOnceWithoutResolve = /* @__PURE__ */ new Set();
+function warnRetryOnceWithoutResolve(resolvedCredentialSetId) {
+	if (warnedRetryOnceWithoutResolve.has(resolvedCredentialSetId)) return;
+	warnedRetryOnceWithoutResolve.add(resolvedCredentialSetId);
+	console.warn(`CredentialSet "${resolvedCredentialSetId}": onCredentialRevoked: 'retry-once' is set but no resolve is declared. The retry will be a no-op because re-resolving stored values would produce the same result.`);
+}
+/** Runtime safety net: the referenced `clientApp` for a
+* `workspace-provider-app` `oauthClientSource` must declare both the
+* clientId and clientSecret keys (either under the default names or via
+* `keyMap` aliases). The `visibility: 'internal'` check happens earlier at
+* the Zod refinement layer; this validator covers the deeper schema-shape
+* check so authors catch mismatches at construction rather than at
+* handshake time. */
+function assertOAuthClientSourceIsWellFormed(credentialSetId, connection) {
+	const source = connection.oauthClientSource;
+	if (!source || source.kind !== "workspace-provider-app") return;
+	const clientIdKey = source.keyMap?.clientId ?? "clientId";
+	const clientSecretKey = source.keyMap?.clientSecret ?? "clientSecret";
+	const referenced = source.credentialSet;
+	const keys = new Set(referenced.credentialKeys);
+	const missing = [];
+	if (!keys.has(clientIdKey)) missing.push(`clientId key "${clientIdKey}"`);
+	if (!keys.has(clientSecretKey)) missing.push(`clientSecret key "${clientSecretKey}"`);
+	if (missing.length > 0) throw new Error(`CredentialSet "${credentialSetId}": oauthClientSource.credentialSet "${referenced.id}" does not declare ${missing.join(" or ")}. Adjust the referenced credential set's auth schema or pass an explicit keyMap.`);
+}
+/** Runtime safety net: when a caller constructs with a typed-erased shape
+* (e.g. via `as never`), verify every declared vault slot still maps to a
+* known stored/auth schema key. The static `CredentialVaultKeys` parameter on
+* `CredentialSetConfig.connection` catches typos at the construction site;
+* this runtime check catches the erased case. */
+function assertDeclarativeVaultKeysAreKnown(credentialSetId, vault, knownKeys) {
+	if ("build" in vault) return;
+	const known = new Set(knownKeys);
+	const invalid = [];
+	if (!known.has(vault.accessToken)) invalid.push(`vault.accessToken="${vault.accessToken}"`);
+	if (vault.instanceUrl !== void 0 && !known.has(vault.instanceUrl)) invalid.push(`vault.instanceUrl="${vault.instanceUrl}"`);
+	if (vault.raw) {
+		for (const rawKey of Object.keys(vault.raw)) if (!known.has(rawKey)) invalid.push(`vault.raw.${rawKey}`);
+	}
+	if (invalid.length > 0) throw new Error(`CredentialSet "${credentialSetId}": OAuth vault references unknown credential keys (${invalid.join(", ")}). Valid keys are [${[...known].sort().join(", ")}].`);
+}
+//#endregion
+//#region ../../packages/workflow-core/src/shared/credential-sets.ts
+function cloneCredentialSets(credentialSets) {
+	return credentialSets ? [...credentialSets] : void 0;
+}
+function assertUniqueCredentialSetIds(credentialSets, ownerKind, ownerName) {
+	const seenCredentialSetIds = /* @__PURE__ */ new Set();
+	for (const credentialSet of credentialSets) {
+		if (seenCredentialSetIds.has(credentialSet.id)) throw new Error(`${ownerKind} "${ownerName}" declares duplicate credential set id "${credentialSet.id}".`);
+		seenCredentialSetIds.add(credentialSet.id);
+	}
+}
+//#endregion
+//#region ../../packages/workflow-core/src/operation/context-registry.ts
+function getCurrentRegistry() {
+	const provider = getExecutionScopeStepContextProvider();
+	if (!provider) return;
+	return { getOperationContext: provider };
+}
+function registerOperationContext(registry) {
+	pushExecutionScopeStepContext(registry.getOperationContext);
+}
+function clearOperationContext() {
+	clearExecutionScopeStepContexts();
+}
+function getRegisteredOperationContext(operation) {
+	return getCurrentRegistry()?.getOperationContext(operation);
+}
+//#endregion
+//#region ../../packages/workflow-core/src/operation/credential-resolver-registry.ts
+function registerOperationCredentialResolver(resolver) {
+	setExecutionScopeStepCredentialResolver(resolver.resolveOperationCredentials);
+}
+function clearOperationCredentialResolver() {
+	setExecutionScopeStepCredentialResolver(void 0);
+}
+function getRegisteredOperationCredentialResolver() {
+	const resolveOperationCredentials = getExecutionScopeStepCredentialResolver();
+	if (!resolveOperationCredentials) return;
+	return { resolveOperationCredentials };
+}
+async function resolveRegisteredOperationCredentials(operation, partialContext) {
+	return getRegisteredOperationCredentialResolver()?.resolveOperationCredentials(operation, partialContext);
+}
+//#endregion
+//#region ../../packages/workflow-core/src/operation/hosted-action-dispatcher-registry.ts
+const REGISTRY_KEY$1 = "__ks_hosted_action_dispatcher";
+const EXECUTION_POLICY_KEY = "__ks_hosted_action_execution_policy";
+function registerHostedActionDispatcher(dispatcher) {
+	globalThis[REGISTRY_KEY$1] = dispatcher;
+}
+function clearHostedActionDispatcher() {
+	globalThis[REGISTRY_KEY$1] = void 0;
+}
+function getRegisteredHostedActionDispatcher() {
+	return globalThis[REGISTRY_KEY$1];
+}
+function registerHostedActionExecutionPolicy(policy) {
+	globalThis[EXECUTION_POLICY_KEY] = policy;
+}
+function clearHostedActionExecutionPolicy() {
+	globalThis[EXECUTION_POLICY_KEY] = void 0;
+}
+function getHostedActionExecutionPolicy() {
+	return globalThis[EXECUTION_POLICY_KEY] ?? "permissive";
+}
+//#endregion
+//#region ../../packages/workflow-core/src/operation/nesting-guard.ts
+const NESTING_GUARD_KEY = "__ks_operation_nesting_guard__";
+function getStorage() {
+	const g = globalThis;
+	if (!g[NESTING_GUARD_KEY]) g[NESTING_GUARD_KEY] = new AsyncLocalStorage();
+	return g[NESTING_GUARD_KEY];
+}
+function getActiveOperationRun() {
+	return getStorage().getStore()?.operationName;
+}
+function runWithOperationScope(operationName, fn) {
+	return getStorage().run({ operationName }, fn);
+}
+//#endregion
+//#region ../../packages/workflow-core/src/operation/schemas.ts
+const credentialSetInstanceSchema$1 = createStructuralSchema([
+	"id",
+	"auth",
+	"needsResolve"
+], "a CredentialSet instance");
+const operationConfigSchema = z.object({
+	credentialSets: z.array(credentialSetInstanceSchema$1).optional(),
+	description: descriptionString("Operation description"),
+	id: trimmedNonEmptyString("Operation id"),
+	input: anyZodSchemaSchema,
+	name: trimmedNonEmptyString("Operation name"),
+	needsApproval: z.boolean().optional(),
+	output: anyZodSchemaSchema,
+	requiredOAuthScopes: z.array(z.string()).optional(),
+	retries: RetryConfigSchema.optional(),
+	run: z.function(),
+	tags: z.array(z.string()).optional(),
+	timeout: DurationSchema.optional(),
+	maxDurationMs: z.number().int().positive().optional(),
+	workflowGlobals: anyZodSchemaSchema.optional()
+});
+const OperationManifestSchema = z.object({
+	manifestVersion: z.literal(1),
+	type: z.literal("operation"),
+	name: trimmedNonEmptyString("Operation name"),
+	id: trimmedNonEmptyString("Operation id"),
+	description: descriptionString("Operation description"),
+	credentialSets: z.array(CredentialSetManifestSchema),
+	input: jsonSchemaObject,
+	output: jsonSchemaObject,
+	timeout: DurationSchema.optional(),
+	tags: z.array(z.string()).optional(),
+	retries: RetryConfigSchema.optional(),
+	needsApproval: z.boolean().optional(),
+	requiredOAuthScopes: z.array(z.string()).optional(),
+	maxDurationMs: z.number().int().positive().optional(),
+	workflowGlobals: jsonSchemaObject.optional()
+});
+//#endregion
+//#region ../../packages/workflow-core/src/operation/step-registry.ts
+const REGISTRY_KEY = "__ks_step_registry";
+function getRegistry() {
+	const g = globalThis;
+	if (!g[REGISTRY_KEY]) g[REGISTRY_KEY] = [];
+	return g[REGISTRY_KEY];
+}
+function registerStep(step) {
+	getRegistry().push(step);
+}
+//#endregion
+//#region ../../packages/workflow-core/src/operation/Operation.ts
+function createHostedOperationExecutionError(integrationId, detail) {
+	return /* @__PURE__ */ new Error(`Hosted integration "${integrationId}" cannot run locally in this environment. ${detail}`);
+}
+var Operation = class Operation extends Primitive {
+	kind = "operation";
+	credentialSets;
+	description;
+	id;
+	input;
+	name;
+	needsApproval;
+	output;
+	requiredOAuthScopes;
+	retries;
+	tags;
+	timeout;
+	/**
+	* Upper bound on the operation's expected duration, in milliseconds.
+	* See {@link OperationConfig.maxDurationMs}.
+	*/
+	maxDurationMs;
+	workflowGlobals;
+	#manifest;
+	#runImplementation;
+	#config;
+	constructor(config) {
+		super();
+		const validatedConfig = validateConfig(operationConfigSchema, {
+			...config,
+			credentialSets: cloneCredentialSets(config.credentialSets),
+			tags: config.tags ? [...config.tags] : void 0,
+			requiredOAuthScopes: config.requiredOAuthScopes ? [...config.requiredOAuthScopes] : void 0
+		});
+		this.#config = {
+			...config,
+			...validatedConfig,
+			credentialSets: validatedConfig.credentialSets ?? config.credentialSets ?? [],
+			timeout: validatedConfig.timeout,
+			input: validatedConfig.input,
+			output: validatedConfig.output,
+			run: config.run,
+			workflowGlobals: validatedConfig.workflowGlobals
+		};
+		this.credentialSets = this.#config.credentialSets ?? [];
+		assertUniqueCredentialSetIds(this.credentialSets, "Operation", this.#config.name);
+		this.description = validatedConfig.description;
+		this.id = validatedConfig.id;
+		this.input = this.#config.input;
+		this.name = validatedConfig.name;
+		this.needsApproval = validatedConfig.needsApproval;
+		this.output = this.#config.output;
+		this.requiredOAuthScopes = validatedConfig.requiredOAuthScopes ? [...validatedConfig.requiredOAuthScopes] : void 0;
+		this.retries = validatedConfig.retries;
+		this.tags = [...validatedConfig.tags ?? []];
+		this.timeout = validatedConfig.timeout;
+		this.maxDurationMs = validatedConfig.maxDurationMs;
+		this.workflowGlobals = this.#config.workflowGlobals;
+		this.#runImplementation = this.#config.run;
+		registerStep(this);
+		this.#manifest = Object.freeze(OperationManifestSchema.parse({
+			manifestVersion: 1,
+			type: "operation",
+			name: this.name,
+			id: this.id,
+			description: this.description,
+			credentialSets: this.credentialSets.map((cs) => cs.toManifest()),
+			input: schemaToJsonSchema(this.input),
+			output: schemaToJsonSchema(this.output),
+			tags: [...this.tags],
+			...this.timeout ? { timeout: this.timeout } : {},
+			...this.retries ? { retries: this.retries } : {},
+			...typeof this.maxDurationMs === "number" ? { maxDurationMs: this.maxDurationMs } : {},
+			...this.needsApproval !== void 0 ? { needsApproval: this.needsApproval } : {},
+			...this.requiredOAuthScopes?.length ? { requiredOAuthScopes: [...this.requiredOAuthScopes] } : {},
+			...this.workflowGlobals ? { workflowGlobals: schemaToJsonSchema(this.workflowGlobals) } : {}
+		}));
+		Object.freeze(this);
+	}
+	withTimeout(duration) {
+		return new Operation({
+			...this.#config,
+			timeout: duration
+		});
+	}
+	retry(policy) {
+		return new Operation({
+			...this.#config,
+			retries: policy
+		});
+	}
+	configure(config) {
+		return new Operation({
+			...this.#config,
+			...config
+		});
+	}
+	getCredentialRequirements() {
+		return toDeclaredCredentialRequirements(this.credentialSets);
+	}
+	/** @internal Used by the flow graph builder for nesting detection. */
+	getRunFunctionSource() {
+		return this.#runImplementation.toString();
+	}
+	mapInput(schema, fn) {
+		const originalRun = this.#runImplementation;
+		return new Operation({
+			...this.#config,
+			input: schema,
+			run: async (input, ctx) => {
+				return originalRun(fn(input), ctx);
+			}
+		});
+	}
+	mapOutput(schema, fn) {
+		const originalRun = this.#runImplementation;
+		return new Operation({
+			...this.#config,
+			output: schema,
+			run: async (input, ctx) => {
+				return fn(await originalRun(input, ctx));
+			}
+		});
+	}
+	async run(input, ctx) {
+		const parsedInput = this.input.parse(input);
+		const interceptor = getActiveRuntimeCallInterceptor();
+		if (interceptor) {
+			const intercepted = await interceptor({
+				instance: this,
+				kind: "workflow-step",
+				name: this.name,
+				input: parsedInput,
+				outputSchema: this.output
+			});
+			return this.output.parse(intercepted);
+		}
+		if (!ctx) {
+			const workflowRuntime = getRegisteredRuntime();
+			if (workflowRuntime?.handleStep) {
+				const intercepted = await workflowRuntime.handleStep(this, parsedInput);
+				return this.output.parse(intercepted);
+			}
+		}
+		const integrationMetadata = getOfficialIntegrationMetadata(this);
+		if (integrationMetadata?.hosted) {
+			const hostedActionExecutionPolicy = getHostedActionExecutionPolicy();
+			const dispatcher = getRegisteredHostedActionDispatcher();
+			if (!dispatcher) {
+				if (hostedActionExecutionPolicy === "strict") throw createHostedOperationExecutionError(integrationMetadata.integrationId, "Use `keystrokeTestPlugin()` in auto mode, run `keystroke auth`, and ensure the Keystroke dev server is running.");
+			} else {
+				const dispatchResult = await dispatcher.dispatch(this, integrationMetadata.integrationId, parsedInput);
+				if (dispatchResult.handled) return this.output.parse(dispatchResult.result);
+				if (hostedActionExecutionPolicy === "strict") throw createHostedOperationExecutionError(integrationMetadata.integrationId, "The hosted-action dispatcher declined execution. Hosted integrations must execute through the Keystroke dev server.");
+			}
+		}
+		const execute = async () => {
+			const parentOperation = getActiveOperationRun();
+			if (parentOperation) throw new Error(`Operation "${this.name}" was called inside the run function of "${parentOperation}". Steps and Operations cannot call other Operations inside their run function. Move the "${this.name}" call into the Workflow's run function, or use a plain async helper function instead of a Step.`);
+			return runWithOperationScope(this.name, async () => {
+				const result = await this.#runImplementation(parsedInput, await this.#resolveRuntimeContext(ctx));
+				return this.output.parse(result);
+			});
+		};
+		if (this.timeout) {
+			const ms = parseDurationToMs(this.timeout);
+			return Promise.race([execute(), new Promise((_, reject) => setTimeout(() => reject(/* @__PURE__ */ new Error(`Operation "${this.name}" timed out after ${ms}ms`)), ms))]);
+		}
+		return execute();
+	}
+	/**
+	* Execute the step implementation directly, bypassing interceptors and
+	* runtime checks. Used by the inline step execution runtime to avoid
+	* recursion through handleStep.
+	* @internal
+	*/
+	async executeDirectly(input, ctx) {
+		const parsedInput = this.input.parse(input);
+		const result = await this.#runImplementation(parsedInput, await this.#resolveRuntimeContext(ctx));
+		return this.output.parse(result);
+	}
+	describe() {
+		return `Operation "${this.name}"`;
+	}
+	toManifest() {
+		return this.#manifest;
+	}
+	#createImplicitRuntimeContext() {
+		return {
+			credentials: {},
+			workflowGlobals: void 0
+		};
+	}
+	#normalizeRuntimeContext(ctx) {
+		const tracing = ctx;
+		return {
+			attempt: ctx.attempt,
+			credentials: ctx.credentials ?? {},
+			maxAttempts: ctx.maxAttempts,
+			stepId: ctx.stepId,
+			toolCallId: tracing.toolCallId,
+			traceparent: tracing.traceparent,
+			tracestate: tracing.tracestate,
+			workflowGlobals: ctx.workflowGlobals
+		};
+	}
+	async #resolveRuntimeContext(ctx) {
+		const runtimeContext = ctx ?? getRegisteredOperationContext(this);
+		if (runtimeContext) {
+			const normalizedContext = this.#normalizeRuntimeContext(runtimeContext);
+			return this.#validateRuntimeContext(await this.#resolveMissingCredentials(normalizedContext));
+		}
+		if (this.credentialSets.length === 0 && !this.workflowGlobals) return this.#createImplicitRuntimeContext();
+		throw new Error(`Operation "${this.name}" was executed without a runtime context. Pass one explicitly to .run(input, ctx), or use keystrokeTestPlugin() from "@keystroke/workflow-core/vitest" in Vitest.`);
+	}
+	async #resolveMissingCredentials(ctx) {
+		if (this.credentialSets.map((credentialSet) => credentialSet.id).filter((credentialSetId) => ctx.credentials[credentialSetId] === void 0).length === 0) return ctx;
+		const resolvedCredentials = await resolveRegisteredOperationCredentials(this, ctx);
+		if (!resolvedCredentials) return ctx;
+		return {
+			...ctx,
+			credentials: {
+				...resolvedCredentials,
+				...ctx.credentials
+			}
+		};
+	}
+	#validateRuntimeContext(ctx) {
+		const validatedCredentials = {};
+		for (const credentialSet of this.credentialSets) {
+			const credentialId = credentialSet.id;
+			const rawCredential = ctx.credentials[credentialId];
+			validatedCredentials[credentialSet.id] = credentialSet.auth.parse(rawCredential);
+		}
+		return {
+			attempt: ctx.attempt,
+			credentials: validatedCredentials,
+			maxAttempts: ctx.maxAttempts,
+			stepId: ctx.stepId,
+			...ctx.toolCallId !== void 0 ? { toolCallId: ctx.toolCallId } : {},
+			...ctx.traceparent !== void 0 ? { traceparent: ctx.traceparent } : {},
+			...ctx.tracestate !== void 0 ? { tracestate: ctx.tracestate } : {},
+			workflowGlobals: this.workflowGlobals ? this.workflowGlobals.parse(ctx.workflowGlobals) : ctx.workflowGlobals
+		};
+	}
+};
+triggerBaseConfigSchema.extend({
+	input: anyZodSchemaSchema,
+	payload: z.custom((value) => {
+		return jsonValueSchema.safeParse(value).success;
+	}, "Expected a JSON-serializable payload"),
+	schedule: ScheduleSchema,
+	timezone: IANATimezoneSchema.optional()
+});
+const cronTriggerRuntimeSchema = TriggerRuntimeDescriptorSchema.extend({
+	input: jsonSchemaObject,
+	payloadMode: z.literal("static"),
+	schedule: z.string(),
+	timezone: z.string().optional()
+});
+const cronTriggerManifestSchema = z.object({
+	manifestVersion: z.literal(1),
+	type: z.literal("trigger"),
+	triggerType: z.literal("cron"),
+	name: trimmedNonEmptyString("Trigger name"),
+	description: descriptionString("Trigger description"),
+	enabled: z.boolean(),
+	modeDefault: z.enum(["managed", "subscribable"]),
+	executionIdentityPolicy: triggerBaseConfigSchema.shape.executionIdentityPolicy,
+	credentialSets: z.array(CredentialSetManifestSchema).optional(),
+	runtime: cronTriggerRuntimeSchema,
+	/** Static payload for cron triggers — the workflow input when this trigger fires */
+	payload: jsonValueSchema.optional()
+});
+z.object({
+	lastPolledAt: z.string().optional(),
+	lastResponse: z.unknown().optional()
+});
+triggerBaseConfigSchema.extend({
+	poll: z.function(),
+	filter: z.function().optional(),
+	idempotencyKey: z.function().optional(),
+	response: anyZodSchemaSchema,
+	schedule: ScheduleSchema
+});
+const pollingTriggerRuntimeSchema = TriggerRuntimeDescriptorSchema.extend({
+	response: jsonSchemaObject,
+	schedule: z.string(),
+	state: z.object({
+		lastPolledAt: z.literal(true),
+		lastResponse: z.literal(true)
+	})
+});
+const pollingTriggerManifestSchema = z.object({
+	manifestVersion: z.literal(1),
+	type: z.literal("trigger"),
+	triggerType: z.literal("polling"),
+	name: trimmedNonEmptyString("Trigger name"),
+	description: descriptionString("Trigger description"),
+	enabled: z.boolean(),
+	modeDefault: z.enum(["managed", "subscribable"]),
+	executionIdentityPolicy: triggerBaseConfigSchema.shape.executionIdentityPolicy,
+	credentialSets: z.array(CredentialSetManifestSchema).optional(),
+	runtime: pollingTriggerRuntimeSchema
+});
+//#endregion
+//#region ../../packages/workflow-core/src/trigger/webhook/schemas.ts
+const WebhookMethodSchema = z.enum([
+	"PATCH",
+	"POST",
+	"PUT"
+]);
+z.object({
+	method: z.string(),
+	path: z.string(),
+	query: z.record(z.string(), z.union([
+		z.string(),
+		z.array(z.string()),
+		z.undefined()
+	])),
+	headers: z.record(z.string(), z.string().optional()),
+	rawBody: z.string()
+});
+const WebhookResponseConfigSchema = z.object({
+	ignoredBody: jsonValueSchema.optional(),
+	ignoredStatus: z.number().int().positive().optional(),
+	successBody: jsonValueSchema.optional(),
+	successStatus: z.number().int().positive().optional()
+});
+/**
+* Custom webhook trigger paths describe the suffix that a request URL has
+* after the organization id. The router serves these triggers at
+* `/api/v1/webhooks/{orgId}{path}` (e.g. `path: '/orders'` → request
+* `/api/v1/webhooks/{orgId}/orders`). Authors must therefore supply only the
+* trailing path segment, not the `/webhooks/` prefix that the route already
+* provides.
+*/
+const webhookPathSchema = z.string().trim().min(1, { error: "Webhook path cannot be empty" }).max(50, { error: "Webhook path cannot exceed 50 characters" }).refine((s) => !/\s/.test(s), { error: "Webhook path cannot contain spaces or whitespace" }).refine((s) => s.startsWith("/"), { error: "Webhook path must start with /" }).refine((s) => s.length > 1, { error: "Webhook path must include a path segment after the leading \"/\"" }).refine((s) => !/^\/webhooks(\/|$)/i.test(s), { error: "Webhook path must not start with \"/webhooks\". Provide just the suffix that follows the organization id in the URL — e.g. use \"/orders\" for a webhook served at \"/api/v1/webhooks/{orgId}/orders\"." });
+const credentialSetInstanceSchema = createStructuralSchema([
+	"id",
+	"auth",
+	"needsResolve"
+], "a CredentialSet instance");
+const webhookCustomSourceConfigSchema = z.object({
+	type: z.literal("custom"),
+	method: WebhookMethodSchema,
+	path: webhookPathSchema,
+	verify: z.function().optional(),
+	response: WebhookResponseConfigSchema.optional(),
+	credentialSets: z.array(credentialSetInstanceSchema).optional()
+});
+const webhookAppSourceConfigSchema = z.object({
+	type: z.literal("app"),
+	appRef: trimmedNonEmptyString("appRef")
+});
+const webhookSourceConfigSchema = z.discriminatedUnion("type", [webhookCustomSourceConfigSchema, webhookAppSourceConfigSchema]);
+const webhookCustomSourceManifestSchema = z.object({
+	type: z.literal("custom"),
+	method: WebhookMethodSchema,
+	path: z.string().min(1).max(1024),
+	response: WebhookResponseConfigSchema.optional()
+});
+const webhookAppSourceManifestSchema = z.object({
+	type: z.literal("app"),
+	appRef: trimmedNonEmptyString("appRef")
+});
+const WebhookSourceManifestSchema = z.discriminatedUnion("type", [webhookCustomSourceManifestSchema, webhookAppSourceManifestSchema]);
+triggerBaseConfigSchema.omit({ credentialSets: true }).extend({
+	source: webhookSourceConfigSchema,
+	payload: anyZodSchemaSchema.optional(),
+	filter: z.function().optional(),
+	idempotencyKey: z.function().optional()
+});
+const webhookTriggerRuntimeSchema = TriggerRuntimeDescriptorSchema.extend({
+	source: WebhookSourceManifestSchema,
+	payload: jsonSchemaObject
+});
+const webhookTriggerManifestSchema = z.object({
+	manifestVersion: z.literal(1),
+	type: z.literal("trigger"),
+	triggerType: z.literal("webhook"),
+	name: trimmedNonEmptyString("Trigger name"),
+	description: descriptionString("Trigger description"),
+	enabled: z.boolean(),
+	modeDefault: z.enum(["managed", "subscribable"]),
+	executionIdentityPolicy: triggerBaseConfigSchema.shape.executionIdentityPolicy,
+	credentialSets: z.array(CredentialSetManifestSchema).optional(),
+	runtime: webhookTriggerRuntimeSchema
+});
+z.unknown();
+z.object({
+	author: optionalTrimmedNonEmptyString("Workflow author"),
+	description: optionalDescriptionString("Workflow description"),
+	id: idNoSpacesString("Workflow id"),
+	input: anyZodSchemaSchema,
+	name: trimmedNonEmptyString("Workflow name"),
+	output: anyZodSchemaSchema,
+	timeout: DurationSchema.optional(),
+	largeResultMode: z.enum(["reject", "ref"]).optional(),
+	midSessionSnapshot: z.boolean().optional(),
+	retries: RetryConfigSchema.optional(),
+	tags: z.array(z.string()).optional(),
+	version: optionalTrimmedNonEmptyString("Workflow version"),
+	workflowGlobals: anyZodSchemaSchema.optional()
+}).extend({
+	run: z.function(),
+	triggers: z.array(z.unknown()).optional()
+});
+//#endregion
+export { getOfficialIntegrationMetadata as _, clearHostedActionDispatcher as a, registerHostedActionExecutionPolicy as c, clearOperationContext as d, registerOperationContext as f, registerRuntime as g, clearRuntime as h, Operation as i, clearOperationCredentialResolver as l, AgentManifestSchema as m, pollingTriggerManifestSchema as n, clearHostedActionExecutionPolicy as o, CredentialSet as p, cronTriggerManifestSchema as r, registerHostedActionDispatcher as s, webhookTriggerManifestSchema as t, registerOperationCredentialResolver as u, registerOfficialIntegrationOperation as v };