npm - @lobu/core - Versions diffs - 7.1.0 → 8.0.0 - Mend

@lobu/core 7.1.0 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/dist/capabilities.d.ts +1 -1
package/dist/capabilities.d.ts.map +1 -1
package/dist/capabilities.js +1 -0
package/dist/capabilities.js.map +1 -1
package/dist/index.d.ts +8 -6
package/dist/index.d.ts.map +1 -1
package/dist/index.js +19 -7
package/dist/index.js.map +1 -1
package/dist/lobu-guidance.d.ts +5 -0
package/dist/lobu-guidance.d.ts.map +1 -0
package/dist/lobu-guidance.js +51 -0
package/dist/lobu-guidance.js.map +1 -0
package/dist/lobu-toml-schema.d.ts +49 -0
package/dist/lobu-toml-schema.d.ts.map +1 -1
package/dist/lobu-toml-schema.js +48 -0
package/dist/lobu-toml-schema.js.map +1 -1
package/dist/modules.d.ts +1 -47
package/dist/modules.d.ts.map +1 -1
package/dist/modules.js +0 -74
package/dist/modules.js.map +1 -1
package/dist/types.d.ts +38 -1
package/dist/types.d.ts.map +1 -1
package/dist/utils/encryption.d.ts +21 -0
package/dist/utils/encryption.d.ts.map +1 -1
package/dist/utils/encryption.js +50 -12
package/dist/utils/encryption.js.map +1 -1
package/dist/utils/session-file.d.ts +86 -0
package/dist/utils/session-file.d.ts.map +1 -0
package/dist/utils/session-file.js +104 -0
package/dist/utils/session-file.js.map +1 -0
package/dist/worker/auth.d.ts +18 -0
package/dist/worker/auth.d.ts.map +1 -1
package/dist/worker/auth.js +13 -0
package/dist/worker/auth.js.map +1 -1
package/dist/worker/transport.d.ts +0 -5
package/dist/worker/transport.d.ts.map +1 -1
package/dist/worker/wire.d.ts +105 -0
package/dist/worker/wire.d.ts.map +1 -0
package/dist/worker/wire.js +18 -0
package/dist/worker/wire.js.map +1 -0
package/package.json +1 -1

package/dist/types.d.ts CHANGED Viewed

@@ -182,7 +182,45 @@ export interface SkillConfig {
     modelPreference?: string;
     /** Thinking level budget for this skill */
     thinkingLevel?: ThinkingLevel;
+    /**
+     * Guardrails declared by the skill.
+     *
+     * Skills may only declare `pre-tool` guardrails — the asymmetry is
+     * deliberate. `input` (user message → worker) and `output` (worker text →
+     * user) are agent-wide concerns: a skill can't decide for the operator
+     * which messages should reach which agent or which words an agent may
+     * speak. `pre-tool` is scoped to specific tool invocations, which is what
+     * a skill knows about — it can reasonably say "before this tool runs,
+     * apply this judge".
+     *
+     * Discriminated by `kind` so invalid combinations (neither / both) are
+     * compile-time TS errors instead of runtime warnings:
+     *   - `{ kind: "builtin", name }` — reference a registered guardrail.
+     *     The optional `tools` field is ignored for builtins (built-ins
+     *     decide their own input filtering); use an inline judge if you
+     *     want per-tool narrowing.
+     *   - `{ kind: "judge", policy, tools? }` — ad-hoc LLM-judge policy;
+     *     `tools` narrows the judge to specific tool names (matched against
+     *     `toolName` in {@link PreToolGuardrailContext}); when absent, the
+     *     guardrail runs on every pre-tool invocation.
+     */
+    guardrails?: {
+        "pre-tool"?: Array<SkillPreToolGuardrail>;
+    };
 }
+/**
+ * Discriminated union of legal skill-declared pre-tool guardrail entries.
+ * Each entry must be either a built-in reference or an inline judge --
+ * setting both, or neither, is rejected by the type checker.
+ */
+export type SkillPreToolGuardrail = {
+    kind: "builtin";
+    name: string;
+} | {
+    kind: "judge";
+    policy: string;
+    tools?: string[];
+};
 /**
  * Skills configuration for agent settings.
  * Contains list of configured skills that can be enabled/disabled.
@@ -424,7 +462,6 @@ export interface ThreadResponsePayload {
     errorCode?: string;
     timestamp: number;
     originalMessageId?: string;
-    moduleData?: Record<string, unknown>;
     botResponseId?: string;
     ephemeral?: boolean;
     platformMetadata?: Record<string, unknown>;

package/dist/types.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,QAAQ,CAAC;AAEnD;;;;GAIG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,kBAAkB,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,wEAAwE;AACxE,MAAM,MAAM,wBAAwB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE9D;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,aAAa,CAAC,EAAE,SAAS,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,GAAG,aAAa,GAAG,SAAS,CAAC;IAC9C,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,kEAAkE;QAClE,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sDAAsD;QACtD,eAAe,CAAC,EAAE,SAAS,CAAC;QAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,uEAAuE;AACvE,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAEjE;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,2EAA2E;IAC3E,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,6EAA6E;IAC7E,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB;AAED,MAAM,WAAW,cAAc;IAE7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAGlB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,WAAW,CAAC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,4EAA4E;IAC5E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,uFAAuF;IACvF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qEAAqE;IACrE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,0FAA0F;IAC1F,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,qFAAqF;IACrF,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,8DAA8D;IAC9D,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,KAAK,GAAG,iBAAiB,GAAG,OAAO,CAAC;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,KAAK,CAAC,EAAE,cAAc,CAAC;IACvB,MAAM,CAAC,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,4EAA4E;IAC5E,IAAI,EAAE,MAAM,CAAC;IACb,kEAAkE;IAClE,IAAI,EAAE,MAAM,CAAC;IACb,qDAAqD;IACrD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,8CAA8C;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,gDAAgD;IAChD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,oDAAoD;IACpD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,wCAAwC;IACxC,UAAU,CAAC,EAAE,cAAc,EAAE,CAAC;IAC9B,kDAAkD;IAClD,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,kDAAkD;IAClD,aAAa,CAAC,EAAE;QACd,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;QACzB,aAAa,CAAC,EAAE,eAAe,EAAE,CAAC;QAClC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACjC,CAAC;IACF,sCAAsC;IACtC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,uEAAuE;IACvE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,2CAA2C;IAC3C,aAAa,CAAC,EAAE,aAAa,CAAC;~~CAC/B~~;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,MAAM,EAAE,WAAW,EAAE,CAAC;CACvB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,GAAG,WAAW,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,aAAa;IAC5B,gFAAgF;IAChF,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,yEAAyE;IACzE,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB;;;;;OAKG;IACH,aAAa,CAAC,EAAE,eAAe,EAAE,CAAC;IAClC;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,4EAA4E;IAC5E,MAAM,EAAE,MAAM,CAAC;IACf,qDAAqD;IACrD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+DAA+D;IAC/D,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,SAAS;IACxB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC;CAC/B;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,sCAAsC;IACtC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,mEAAmE;IACnE,IAAI,CAAC,EAAE,KAAK,GAAG,iBAAiB,GAAG,OAAO,CAAC;IAC3C,yCAAyC;IACzC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,4CAA4C;IAC5C,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,4CAA4C;IAC5C,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;CAC7C;AAED,UAAU,kBAAkB;IAC1B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,sBAAsB;IACrC,WAAW,CAAC,EAAE,kBAAkB,CAAC;CAClC;AAED;;;;GAIG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACpC,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACjC,UAAU,CAAC,EAAE,sBAAsB,CAAC;IAEpC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IAEb,wDAAwD;IACxD,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,eAAe,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;CACxE;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,~~UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,~~aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,YAAY,CAAC,EAAE;QACb,cAAc,EAAE,MAAM,CAAC;QACvB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAC/B,CAAC;IAGF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,QAAQ,EAAE,KAAK,CAAC;IAEhB,OAAO,EAAE,eAAe,EAAE,CAAC;CAC5B"}
1	+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,QAAQ,CAAC;AAEnD;;;;GAIG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,kBAAkB,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,wEAAwE;AACxE,MAAM,MAAM,wBAAwB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE9D;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,aAAa,CAAC,EAAE,SAAS,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,GAAG,aAAa,GAAG,SAAS,CAAC;IAC9C,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,kEAAkE;QAClE,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,sDAAsD;QACtD,eAAe,CAAC,EAAE,SAAS,CAAC;QAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,uEAAuE;AACvE,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAEjE;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,2EAA2E;IAC3E,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,6EAA6E;IAC7E,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB;AAED,MAAM,WAAW,cAAc;IAE7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAGlB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,WAAW,CAAC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,4EAA4E;IAC5E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,uFAAuF;IACvF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qEAAqE;IACrE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,0FAA0F;IAC1F,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,qFAAqF;IACrF,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,8DAA8D;IAC9D,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,KAAK,GAAG,iBAAiB,GAAG,OAAO,CAAC;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,KAAK,CAAC,EAAE,cAAc,CAAC;IACvB,MAAM,CAAC,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,4EAA4E;IAC5E,IAAI,EAAE,MAAM,CAAC;IACb,kEAAkE;IAClE,IAAI,EAAE,MAAM,CAAC;IACb,qDAAqD;IACrD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,8CAA8C;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,gDAAgD;IAChD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,oDAAoD;IACpD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,wCAAwC;IACxC,UAAU,CAAC,EAAE,cAAc,EAAE,CAAC;IAC9B,kDAAkD;IAClD,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,kDAAkD;IAClD,aAAa,CAAC,EAAE;QACd,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAC1B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;QACzB,aAAa,CAAC,EAAE,eAAe,EAAE,CAAC;QAClC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACjC,CAAC;IACF,sCAAsC;IACtC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,uEAAuE;IACvE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,2CAA2C;IAC3C,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,UAAU,CAAC,EAAE;QACX,UAAU,CAAC,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAC;KAC3C,CAAC;CACH;AAED;;;;GAIG;AACH,MAAM,MAAM,qBAAqB,GAC7B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GACjC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC;AAExD;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,MAAM,EAAE,WAAW,EAAE,CAAC;CACvB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,GAAG,WAAW,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,aAAa;IAC5B,gFAAgF;IAChF,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,yEAAyE;IACzE,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB;;;;;OAKG;IACH,aAAa,CAAC,EAAE,eAAe,EAAE,CAAC;IAClC;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,4EAA4E;IAC5E,MAAM,EAAE,MAAM,CAAC;IACf,qDAAqD;IACrD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+DAA+D;IAC/D,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,SAAS;IACxB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC;CAC/B;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,sCAAsC;IACtC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,mEAAmE;IACnE,IAAI,CAAC,EAAE,KAAK,GAAG,iBAAiB,GAAG,OAAO,CAAC;IAC3C,yCAAyC;IACzC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,4CAA4C;IAC5C,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,4CAA4C;IAC5C,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;CAC7C;AAED,UAAU,kBAAkB;IAC1B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,sBAAsB;IACrC,WAAW,CAAC,EAAE,kBAAkB,CAAC;CAClC;AAED;;;;GAIG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACpC,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACjC,UAAU,CAAC,EAAE,sBAAsB,CAAC;IAEpC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IAEb,wDAAwD;IACxD,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,eAAe,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;CACxE;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,YAAY,CAAC,EAAE;QACb,cAAc,EAAE,MAAM,CAAC;QACvB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAC/B,CAAC;IAGF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,QAAQ,EAAE,KAAK,CAAC;IAEhB,OAAO,EAAE,eAAe,EAAE,CAAC;CAC5B"}

package/dist/utils/encryption.d.ts CHANGED Viewed

@@ -1,3 +1,24 @@
+/**
+ * Decode a candidate ENCRYPTION_KEY string into 32 canonical bytes, or
+ * return null if it doesn't satisfy the canonical base64 / base64url /
+ * hex 32-byte format. Pure (no env, no cache, no throw) so callers like
+ * the install-operator bootstrap can fail-fast with a clear message
+ * before any side effect.
+ */
+export declare function decodeEncryptionKey(key: string): Buffer | null;
+/**
+ * Canonical error message for a malformed ENCRYPTION_KEY. Centralised so
+ * the install-operator bootstrap and any other upstream validator emit
+ * the exact same actionable text the runtime encrypt/decrypt path would.
+ */
+export declare const ENCRYPTION_KEY_FORMAT_ERROR: string;
+/**
+ * Validate `process.env.ENCRYPTION_KEY` (or an explicit override) without
+ * caching. Throws with an actionable message if the value is missing or
+ * not a canonical 32-byte encoding. Use at boot to fail fast instead of
+ * letting later encrypt/decrypt calls return 500s.
+ */
+export declare function assertEncryptionKey(value?: string): void;
 /**
  * Encrypt a string using AES-256-GCM
  */

package/dist/utils/encryption.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/utils/encryption.ts"],"names":[],"mappings":"~~AAsEA~~;;GAEG;AACH,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAU5C;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAc5C;AAED,yFAAyF;AACzF,wBAAgB,iCAAiC,IAAI,IAAI,CAExD"}
1	+ {"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/utils/encryption.ts"],"names":[],"mappings":"AAeA;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAyC9D;AAED;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,QAEwC,CAAC;AAEjF;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAUxD;AAkBD;;GAEG;AACH,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAU5C;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAc5C;AAED,yFAAyF;AACzF,wBAAgB,iCAAiC,IAAI,IAAI,CAExD"}

package/dist/utils/encryption.js CHANGED Viewed

@@ -33,6 +33,9 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.ENCRYPTION_KEY_FORMAT_ERROR = void 0;
+exports.decodeEncryptionKey = decodeEncryptionKey;
+exports.assertEncryptionKey = assertEncryptionKey;
 exports.encrypt = encrypt;
 exports.decrypt = decrypt;
 exports.__resetEncryptionKeyCacheForTests = __resetEncryptionKeyCacheForTests;
@@ -48,13 +51,16 @@ const IV_LENGTH = 12; // 96-bit nonce for AES-GCM
 // once and reuse the buffer instead of re-parsing the env var on every
 // encrypt/decrypt call (these run on per-request / per-worker-RPC hot paths).
 let cachedKey;
-function getEncryptionKey() {
-    if (cachedKey)
-        return cachedKey;
-    const key = process.env.ENCRYPTION_KEY || "";
-    if (!key) {
-        throw new Error("ENCRYPTION_KEY environment variable is required for secure operation");
-    }
+/**
+ * Decode a candidate ENCRYPTION_KEY string into 32 canonical bytes, or
+ * return null if it doesn't satisfy the canonical base64 / base64url /
+ * hex 32-byte format. Pure (no env, no cache, no throw) so callers like
+ * the install-operator bootstrap can fail-fast with a clear message
+ * before any side effect.
+ */
+function decodeEncryptionKey(key) {
+    if (!key)
+        return null;
     // Try to decode as base64 first (most common format). `Buffer.from(x,
     // "base64")` silently drops non-base64 chars rather than throwing, so a
     // typo'd key can yield a short/garbled buffer. Require canonical base64 and
@@ -62,7 +68,6 @@ function getEncryptionKey() {
     if (/^[A-Za-z0-9+/]+={0,2}$/.test(key) && key.length % 4 === 0) {
         const base64Buffer = Buffer.from(key, "base64");
         if (base64Buffer.length === 32 && base64Buffer.toString("base64") === key) {
-            cachedKey = base64Buffer;
             return base64Buffer;
         }
     }
@@ -74,7 +79,6 @@ function getEncryptionKey() {
         const urlsafeBuffer = Buffer.from(key, "base64url");
         if (urlsafeBuffer.length === 32 &&
             urlsafeBuffer.toString("base64url") === key) {
-            cachedKey = urlsafeBuffer;
             return urlsafeBuffer;
         }
     }
@@ -84,12 +88,46 @@ function getEncryptionKey() {
         const hexBuffer = Buffer.from(key, "hex");
         if (hexBuffer.length === 32 &&
             hexBuffer.toString("hex") === key.toLowerCase()) {
-            cachedKey = hexBuffer;
             return hexBuffer;
         }
     }
-    throw new Error("ENCRYPTION_KEY must be a canonical base64 or hex encoded 32-byte key. " +
-        "Generate a valid key with: openssl rand -base64 32 (or openssl rand -hex 32)");
+    return null;
+}
+/**
+ * Canonical error message for a malformed ENCRYPTION_KEY. Centralised so
+ * the install-operator bootstrap and any other upstream validator emit
+ * the exact same actionable text the runtime encrypt/decrypt path would.
+ */
+exports.ENCRYPTION_KEY_FORMAT_ERROR = "ENCRYPTION_KEY must be a canonical base64 or hex encoded 32-byte key. " +
+    "Generate a valid key with: openssl rand -base64 32 (or openssl rand -hex 32)";
+/**
+ * Validate `process.env.ENCRYPTION_KEY` (or an explicit override) without
+ * caching. Throws with an actionable message if the value is missing or
+ * not a canonical 32-byte encoding. Use at boot to fail fast instead of
+ * letting later encrypt/decrypt calls return 500s.
+ */
+function assertEncryptionKey(value) {
+    const key = value ?? process.env.ENCRYPTION_KEY ?? "";
+    if (!key) {
+        throw new Error("ENCRYPTION_KEY environment variable is required for secure operation");
+    }
+    if (!decodeEncryptionKey(key)) {
+        throw new Error(exports.ENCRYPTION_KEY_FORMAT_ERROR);
+    }
+}
+function getEncryptionKey() {
+    if (cachedKey)
+        return cachedKey;
+    const key = process.env.ENCRYPTION_KEY || "";
+    if (!key) {
+        throw new Error("ENCRYPTION_KEY environment variable is required for secure operation");
+    }
+    const decoded = decodeEncryptionKey(key);
+    if (!decoded) {
+        throw new Error(exports.ENCRYPTION_KEY_FORMAT_ERROR);
+    }
+    cachedKey = decoded;
+    return decoded;
 }
 /**
  * Encrypt a string using AES-256-GCM

package/dist/utils/encryption.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../src/utils/encryption.ts"],"names":[],"mappings":"~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyEA~~,0BAUC;AAKD,0BAcC;AAGD,8EAEC;~~AA3GD~~,oDAAsC;AAEtC,MAAM,SAAS,GAAG,EAAE,CAAC,CAAC,2BAA2B;AAEjD;;;;;GAKG;AACH,6EAA6E;AAC7E,uEAAuE;AACvE,8EAA8E;AAC9E,IAAI,SAA6B,CAAC;AAElC~~,SAAS,gBAAgB~~;~~IACvB~~,~~IAAI~~,~~SAAS;QAAE~~,~~OAAO,SAAS,~~CAAC~~;IAChC~~,~~MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC~~;IAC7C,IAAI,CAAC,GAAG~~,EAAE,CAAC~~;~~QACT~~,~~MAAM~~,IAAI,~~KAAK,CACb,sEAAsE,CACvE,~~CAAC;~~IACJ~~,~~CAAC;IAED,~~sEAAsE;IACtE,wEAAwE;IACxE,4EAA4E;IAC5E,wDAAwD;IACxD,IAAI,wBAAwB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAChD,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE,IAAI,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,GAAG,EAAE,CAAC;YAC1E,~~SAAS,GAAG,YAAY,CAAC;YACzB,~~OAAO,YAAY,CAAC;QACtB,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,8EAA8E;IAC9E,yEAAyE;IACzE,gDAAgD;IAChD,IAAI,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QACpD,IACE,aAAa,CAAC,MAAM,KAAK,EAAE;YAC3B,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,GAAG,EAC3C,CAAC;YACD,~~SAAS,GAAG,aAAa,CAAC;YAC1B,~~OAAO,aAAa,CAAC;QACvB,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,iEAAiE;IACjE,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC1C,IACE,SAAS,CAAC,MAAM,KAAK,EAAE;YACvB,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,WAAW,EAAE,EAC/C,CAAC;YACD,SAAS,GAAG,~~SAAS~~,CAAC;~~YACtB~~,OAAO,SAAS,CAAC;~~QACnB~~,CAAC;~~IACH~~,CAAC;~~IAED~~,MAAM,IAAI,KAAK,CACb,~~wEAAwE~~;~~QACtE~~,~~8EAA8E~~,~~CACjF~~,CAAC;~~AACJ~~,CAAC;AAED;;GAEG;AACH,SAAgB,OAAO,CAAC,IAAY;IAClC,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;IACzC,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;IACvE,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC;QAC3B,MAAM,CAAC,KAAK,EAAE;KACf,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACrF,CAAC;AAED;;GAEG;AACH,SAAgB,OAAO,CAAC,IAAY;IAClC,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IACpE,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,KAAK,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,KAAK,CAAC,CAAC;IAC1C,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,KAAK,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;IAC3E,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9B,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC;QAC9B,QAAQ,CAAC,KAAK,EAAE;KACjB,CAAC,CAAC;IACH,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,yFAAyF;AACzF,SAAgB,iCAAiC;IAC/C,SAAS,GAAG,SAAS,CAAC;AACxB,CAAC"}
1	+ {"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../src/utils/encryption.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsBA,kDAyCC;AAiBD,kDAUC;AAqBD,0BAUC;AAKD,0BAcC;AAGD,8EAEC;AAjJD,oDAAsC;AAEtC,MAAM,SAAS,GAAG,EAAE,CAAC,CAAC,2BAA2B;AAEjD;;;;;GAKG;AACH,6EAA6E;AAC7E,uEAAuE;AACvE,8EAA8E;AAC9E,IAAI,SAA6B,CAAC;AAElC;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,GAAW;IAC7C,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,sEAAsE;IACtE,wEAAwE;IACxE,4EAA4E;IAC5E,wDAAwD;IACxD,IAAI,wBAAwB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAChD,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE,IAAI,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,GAAG,EAAE,CAAC;YAC1E,OAAO,YAAY,CAAC;QACtB,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,8EAA8E;IAC9E,yEAAyE;IACzE,gDAAgD;IAChD,IAAI,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QACpD,IACE,aAAa,CAAC,MAAM,KAAK,EAAE;YAC3B,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,GAAG,EAC3C,CAAC;YACD,OAAO,aAAa,CAAC;QACvB,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,iEAAiE;IACjE,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC1C,IACE,SAAS,CAAC,MAAM,KAAK,EAAE;YACvB,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,WAAW,EAAE,EAC/C,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACU,QAAA,2BAA2B,GACtC,wEAAwE;IACxE,8EAA8E,CAAC;AAEjF;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,KAAc;IAChD,MAAM,GAAG,GAAG,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC;IACtD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CACb,sEAAsE,CACvE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,mCAA2B,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB;IACvB,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC;IAChC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC;IAC7C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CACb,sEAAsE,CACvE,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACzC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,mCAA2B,CAAC,CAAC;IAC/C,CAAC;IACD,SAAS,GAAG,OAAO,CAAC;IACpB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,OAAO,CAAC,IAAY;IAClC,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;IACzC,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;IACvE,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC;QAC3B,MAAM,CAAC,KAAK,EAAE;KACf,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACrF,CAAC;AAED;;GAEG;AACH,SAAgB,OAAO,CAAC,IAAY;IAClC,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IACpE,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,KAAK,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,KAAK,CAAC,CAAC;IAC1C,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,KAAK,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;IAC3E,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9B,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC;QAC9B,QAAQ,CAAC,KAAK,EAAE;KACjB,CAAC,CAAC;IACH,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,yFAAyF;AACzF,SAAgB,iCAAiC;IAC/C,SAAS,GAAG,SAAS,CAAC;AACxB,CAAC"}

package/dist/utils/session-file.d.ts ADDED Viewed

@@ -0,0 +1,86 @@
+/**
+ * Shared parser for OpenClaw `session.jsonl` files.
+ *
+ * Two HTTP surfaces read these files: the worker's `/session/messages` /
+ * `/session/stats` endpoints (rooted at the worker's own `WORKSPACE_DIR`)
+ * and the gateway's `/session/messages` / `/session/stats` REST endpoints
+ * (rooted at the gateway's `workspaces/<agentId>` tree, queried when the
+ * worker is offline). The gateway proxies to the worker when it's online
+ * and falls back to its own copy otherwise — so the two parsers must
+ * agree, and historically they had drifted (different fields kept on
+ * `SessionEntry`, different `JSON.parse` error handling, the same logic
+ * copy-pasted twice).
+ *
+ * Anything path-policy related (where to *look* for the file) stays at
+ * the call site — the worker scans one level under `WORKSPACE_DIR`; the
+ * gateway scans up to three levels under the per-agent workspace dir
+ * with a `SAFE_AGENT_ID` regex guarding the join. Those are intentionally
+ * different and must not be collapsed without an operator decision.
+ */
+/**
+ * Raw entry shape as written to `session.jsonl` by the worker.
+ *
+ * `tokensBefore` / `firstKeptEntryId` (worker memory-flush bookkeeping)
+ * are not read by either parser today — left off this canonical shape on
+ * purpose; reintroduce when a consumer actually needs them.
+ */
+export interface SessionEntry {
+    type: string;
+    id: string;
+    parentId: string | null;
+    timestamp: string;
+    message?: {
+        role: string;
+        content: unknown;
+        usage?: {
+            inputTokens?: number;
+            outputTokens?: number;
+        };
+    };
+    summary?: string;
+    provider?: string;
+    modelId?: string;
+    customType?: string;
+    content?: unknown;
+    display?: boolean;
+}
+/** Display-friendly projection emitted to API consumers (`/session/messages`). */
+export interface ParsedMessage {
+    id: string;
+    type: string;
+    role?: string;
+    content: unknown;
+    model?: string;
+    timestamp: string;
+    isVerbose?: boolean;
+    usage?: {
+        inputTokens?: number;
+        outputTokens?: number;
+    };
+}
+/**
+ * Parse a session.jsonl blob into entries + the synthetic session id
+ * found on the leading `{type: "session", id}` line.
+ *
+ * - Splits on `\n` and skips blank lines (same as both pre-existing copies).
+ * - Uses {@link safeJsonParse} so malformed lines are skipped quietly with
+ *   a debug log (debug-only because production sessions occasionally
+ *   contain partial writes after crash/kill).
+ * - The leading `session` entry is extracted, not pushed into `entries`.
+ */
+export declare function parseSessionEntries(content: string): {
+    entries: SessionEntry[];
+    sessionId?: string;
+};
+/**
+ * Project a single {@link SessionEntry} into the {@link ParsedMessage}
+ * display shape, or `null` for entry kinds that don't surface as
+ * user-visible messages (everything other than `message`, `compaction`,
+ * `model_change`, `custom_message`).
+ *
+ * `isVerbose` marks entries the UI hides behind a "verbose" toggle —
+ * tool results, compaction/model-change markers, custom system events
+ * that aren't explicitly displayed.
+ */
+export declare function entryToMessage(entry: SessionEntry): ParsedMessage | null;
+//# sourceMappingURL=session-file.d.ts.map

package/dist/utils/session-file.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session-file.d.ts","sourceRoot":"","sources":["../../src/utils/session-file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH;;;;;;GAMG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,OAAO,CAAC;QACjB,KAAK,CAAC,EAAE;YAAE,WAAW,CAAC,EAAE,MAAM,CAAC;YAAC,YAAY,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;KACzD,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,kFAAkF;AAClF,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,KAAK,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACzD;AAED;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG;IACpD,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAcA;AAED;;;;;;;;;GASG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,YAAY,GAAG,aAAa,GAAG,IAAI,CA0CxE"}

package/dist/utils/session-file.js ADDED Viewed

@@ -0,0 +1,104 @@
+"use strict";
+/**
+ * Shared parser for OpenClaw `session.jsonl` files.
+ *
+ * Two HTTP surfaces read these files: the worker's `/session/messages` /
+ * `/session/stats` endpoints (rooted at the worker's own `WORKSPACE_DIR`)
+ * and the gateway's `/session/messages` / `/session/stats` REST endpoints
+ * (rooted at the gateway's `workspaces/<agentId>` tree, queried when the
+ * worker is offline). The gateway proxies to the worker when it's online
+ * and falls back to its own copy otherwise — so the two parsers must
+ * agree, and historically they had drifted (different fields kept on
+ * `SessionEntry`, different `JSON.parse` error handling, the same logic
+ * copy-pasted twice).
+ *
+ * Anything path-policy related (where to *look* for the file) stays at
+ * the call site — the worker scans one level under `WORKSPACE_DIR`; the
+ * gateway scans up to three levels under the per-agent workspace dir
+ * with a `SAFE_AGENT_ID` regex guarding the join. Those are intentionally
+ * different and must not be collapsed without an operator decision.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseSessionEntries = parseSessionEntries;
+exports.entryToMessage = entryToMessage;
+const json_1 = require("./json");
+/**
+ * Parse a session.jsonl blob into entries + the synthetic session id
+ * found on the leading `{type: "session", id}` line.
+ *
+ * - Splits on `\n` and skips blank lines (same as both pre-existing copies).
+ * - Uses {@link safeJsonParse} so malformed lines are skipped quietly with
+ *   a debug log (debug-only because production sessions occasionally
+ *   contain partial writes after crash/kill).
+ * - The leading `session` entry is extracted, not pushed into `entries`.
+ */
+function parseSessionEntries(content) {
+    const lines = content.split("\n").filter((l) => l.trim());
+    const entries = [];
+    let sessionId;
+    for (const line of lines) {
+        const parsed = (0, json_1.safeJsonParse)(line);
+        if (!parsed)
+            continue;
+        if (parsed.type === "session") {
+            sessionId = parsed.id;
+            continue;
+        }
+        entries.push(parsed);
+    }
+    return { entries, sessionId };
+}
+/**
+ * Project a single {@link SessionEntry} into the {@link ParsedMessage}
+ * display shape, or `null` for entry kinds that don't surface as
+ * user-visible messages (everything other than `message`, `compaction`,
+ * `model_change`, `custom_message`).
+ *
+ * `isVerbose` marks entries the UI hides behind a "verbose" toggle —
+ * tool results, compaction/model-change markers, custom system events
+ * that aren't explicitly displayed.
+ */
+function entryToMessage(entry) {
+    if (entry.type === "message" && entry.message) {
+        return {
+            id: entry.id,
+            type: "message",
+            role: entry.message.role,
+            content: entry.message.content,
+            timestamp: entry.timestamp,
+            isVerbose: entry.message.role === "toolResult",
+            usage: entry.message.usage,
+        };
+    }
+    if (entry.type === "compaction") {
+        return {
+            id: entry.id,
+            type: "compaction",
+            content: entry.summary || "",
+            timestamp: entry.timestamp,
+            isVerbose: true,
+        };
+    }
+    if (entry.type === "model_change") {
+        return {
+            id: entry.id,
+            type: "model_change",
+            content: `${entry.provider}/${entry.modelId}`,
+            model: `${entry.provider}/${entry.modelId}`,
+            timestamp: entry.timestamp,
+            isVerbose: true,
+        };
+    }
+    if (entry.type === "custom_message") {
+        return {
+            id: entry.id,
+            type: "custom_message",
+            role: "user",
+            content: entry.content,
+            timestamp: entry.timestamp,
+            isVerbose: !entry.display,
+        };
+    }
+    return null;
+}
+//# sourceMappingURL=session-file.js.map

package/dist/utils/session-file.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session-file.js","sourceRoot":"","sources":["../../src/utils/session-file.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;GAkBG;;AAmDH,kDAiBC;AAYD,wCA0CC;AAxHD,iCAAuC;AAuCvC;;;;;;;;;GASG;AACH,SAAgB,mBAAmB,CAAC,OAAe;IAIjD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,IAAI,SAA6B,CAAC;IAClC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,IAAA,oBAAa,EAAgC,IAAI,CAAC,CAAC;QAClE,IAAI,CAAC,MAAM;YAAE,SAAS;QACtB,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC9B,SAAS,GAAG,MAAM,CAAC,EAAE,CAAC;YACtB,SAAS;QACX,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvB,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AAChC,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,cAAc,CAAC,KAAmB;IAChD,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAC9C,OAAO;YACL,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI;YACxB,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO;YAC9B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,KAAK,YAAY;YAC9C,KAAK,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK;SAC3B,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAChC,OAAO;YACL,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,EAAE;YAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,IAAI;SAChB,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QAClC,OAAO;YACL,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,OAAO,EAAE;YAC7C,KAAK,EAAE,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,OAAO,EAAE;YAC3C,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,IAAI;SAChB,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACpC,OAAO;YACL,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,IAAI,EAAE,gBAAgB;YACtB,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,CAAC,KAAK,CAAC,OAAO;SAC1B,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/worker/auth.d.ts CHANGED Viewed

@@ -24,6 +24,16 @@ export interface WorkerTokenData {
     traceId?: string;
     /** Unique token ID — enables targeted revocation. */
     jti?: string;
+    /**
+     * Optional `runs.id` this token is scoped to. Present only on per-job
+     * tokens minted by the runs queue dispatcher at thread-message time;
+     * the deployment-lifetime WORKER_TOKEN minted at spawn time does NOT
+     * carry it. The snapshot route requires equality between this field
+     * and the request body's `runId` so a worker bearing a same-(org,
+     * agent, conv) token cannot POST under a different run's slot —
+     * codex round 2, finding A on PR #865.
+     */
+    runId?: number;
 }
 export declare function generateWorkerToken(userId: string, conversationId: string, deploymentName: string, options: {
     channelId: string;
@@ -34,6 +44,14 @@ export declare function generateWorkerToken(userId: string, conversationId: stri
     platform?: string;
     sessionKey?: string;
     traceId?: string;
+    /**
+     * Bind the token to a single `runs.id`. Set only by the runs-queue
+     * dispatcher's per-job token mint (MessageConsumer.handleMessage on
+     * the gateway side). Long-lived deployment tokens must NOT pass this
+     * — they'd be wrong for subsequent runs. See WorkerTokenData.runId
+     * for the consumption contract.
+     */
+    runId?: number;
 }): string;
 /**
  * Verify and decrypt a worker authentication token

package/dist/worker/auth.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/worker/auth.ts"],"names":[],"mappings":"AAMA;;;GAGG;AAEH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qDAAqD;IACrD,GAAG,CAAC,EAAE,MAAM,CAAC;~~CACd~~;AAED,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,EACtB,cAAc,EAAE,MAAM,EACtB,OAAO,EAAE;IACP,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;~~CAClB~~,GACA,MAAM,~~CAsBR~~;AAaD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,~~CAmEvE~~"}
1	+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/worker/auth.ts"],"names":[],"mappings":"AAMA;;;GAGG;AAEH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qDAAqD;IACrD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;;;;;;;OAQG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,EACtB,cAAc,EAAE,MAAM,EACtB,OAAO,EAAE;IACP,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;;;OAMG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GACA,MAAM,CAuBR;AAaD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CAiFvE"}

package/dist/worker/auth.js CHANGED Viewed

@@ -24,6 +24,7 @@ function generateWorkerToken(userId, conversationId, deploymentName, options) {
         sessionKey: options.sessionKey,
         traceId: options.traceId,
         jti: (0, node_crypto_1.randomUUID)(),
+        runId: options.runId,
     };
     return (0, encryption_1.encrypt)(JSON.stringify(payload));
 }
@@ -61,6 +62,18 @@ function verifyWorkerToken(token) {
             logger.error("Worker token rejected: missing or wrongly-typed required fields");
             return null;
         }
+        // `runId` is optional but must be a positive integer when present.
+        // A forged token with `runId: "*"` (or NaN, or negative) would pass
+        // the verification check and then defeat the snapshot route's
+        // equality check below if downstream code compared loosely.
+        if (data.runId !== undefined) {
+            if (typeof data.runId !== "number" ||
+                !Number.isInteger(data.runId) ||
+                data.runId <= 0) {
+                logger.error("Worker token rejected: runId must be a positive integer");
+                return null;
+            }
+        }
         // Default TTL 2h (was 24h — a leaked token had no revocation path for a
         // full day). Override via WORKER_TOKEN_TTL_MS. Clock-skew tolerance via
         // WORKER_TOKEN_CLOCK_SKEW_MS. Tokens timestamped further in the future

package/dist/worker/auth.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/worker/auth.ts"],"names":[],"mappings":";;~~AAmCA~~,~~kDAoCC~~;AAgBD,~~8CAmEC~~;~~AA1JD~~,6CAAyC;AACzC,sCAAyC;AACzC,oDAAuD;AAEvD,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,aAAa,CAAC,CAAC;~~AA+B3C~~,SAAgB,mBAAmB,CACjC,MAAc,EACd,cAAsB,EACtB,cAAsB,EACtB,~~OASC~~;IAED,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,OAAO,GAAoB;QAC/B,MAAM;QACN,cAAc;QACd,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,cAAc;QACd,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,GAAG,EAAE,IAAA,wBAAU,GAAE;~~KAClB~~,CAAC;IAEF,OAAO,IAAA,oBAAO,EAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED,SAAS,mBAAmB,CAC1B,IAAY,EACZ,QAAgB,EAChB,SAAS,GAAG,KAAK;IAEjB,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAClD,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACvC,IAAI,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;QAAE,OAAO,QAAQ,CAAC;IACpD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,KAAa;IAC7C,IAAI,CAAC;QACH,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,IAAA,oBAAO,EAAC,KAAK,CAAC,CAAC,CAAC;QAEnD,yEAAyE;QACzE,iEAAiE;QACjE,sEAAsE;QACtE,mCAAmC;QACnC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnE,MAAM,CAAC,KAAK,CAAC,sDAAsD,CAAC,CAAC;YACrE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,IAAI,GAAG,MAAyB,CAAC;QAEvC,IACE,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ;YACvC,CAAC,IAAI,CAAC,cAAc;YACpB,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ;YAC/B,CAAC,IAAI,CAAC,MAAM;YACZ,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ;YACvC,CAAC,IAAI,CAAC,cAAc;YACpB,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ;YAClC,CAAC,IAAI,CAAC,SAAS,EACf,CAAC;YACD,MAAM,CAAC,KAAK,CACV,iEAAiE,CAClE,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,wEAAwE;QACxE,wEAAwE;QACxE,uEAAuE;QACvE,uEAAuE;QACvE,gCAAgC;QAChC,MAAM,GAAG,GAAG,mBAAmB,CAAC,qBAAqB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,mBAAmB,CAChC,4BAA4B,EAC5B,EAAE,GAAG,IAAI,EACT,IAAI,CACL,CAAC;QACF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC;QACxC,IAAI,GAAG,GAAG,GAAG,GAAG,MAAM,EAAE,CAAC;YACvB,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC,GAAG,GAAG,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,kEAAkE;QAClE,wEAAwE;QACxE,sEAAsE;QACtE,MAAM,CAAC,KAAK,CACV;YACE,GAAG,EACD,KAAK,YAAY,KAAK;gBACpB,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE;gBAC9C,CAAC,CAAC,KAAK;SACZ,EACD,uBAAuB,CACxB,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
1	+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/worker/auth.ts"],"names":[],"mappings":";;AA6CA,kDA6CC;AAgBD,8CAiFC;AA3LD,6CAAyC;AACzC,sCAAyC;AACzC,oDAAuD;AAEvD,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,aAAa,CAAC,CAAC;AAyC3C,SAAgB,mBAAmB,CACjC,MAAc,EACd,cAAsB,EACtB,cAAsB,EACtB,OAiBC;IAED,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,OAAO,GAAoB;QAC/B,MAAM;QACN,cAAc;QACd,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,cAAc;QACd,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,GAAG,EAAE,IAAA,wBAAU,GAAE;QACjB,KAAK,EAAE,OAAO,CAAC,KAAK;KACrB,CAAC;IAEF,OAAO,IAAA,oBAAO,EAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED,SAAS,mBAAmB,CAC1B,IAAY,EACZ,QAAgB,EAChB,SAAS,GAAG,KAAK;IAEjB,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAClD,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACvC,IAAI,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;QAAE,OAAO,QAAQ,CAAC;IACpD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,KAAa;IAC7C,IAAI,CAAC;QACH,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,IAAA,oBAAO,EAAC,KAAK,CAAC,CAAC,CAAC;QAEnD,yEAAyE;QACzE,iEAAiE;QACjE,sEAAsE;QACtE,mCAAmC;QACnC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnE,MAAM,CAAC,KAAK,CAAC,sDAAsD,CAAC,CAAC;YACrE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,IAAI,GAAG,MAAyB,CAAC;QAEvC,IACE,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ;YACvC,CAAC,IAAI,CAAC,cAAc;YACpB,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ;YAC/B,CAAC,IAAI,CAAC,MAAM;YACZ,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ;YACvC,CAAC,IAAI,CAAC,cAAc;YACpB,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ;YAClC,CAAC,IAAI,CAAC,SAAS,EACf,CAAC;YACD,MAAM,CAAC,KAAK,CACV,iEAAiE,CAClE,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,mEAAmE;QACnE,oEAAoE;QACpE,8DAA8D;QAC9D,4DAA4D;QAC5D,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC7B,IACE,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;gBAC9B,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC;gBAC7B,IAAI,CAAC,KAAK,IAAI,CAAC,EACf,CAAC;gBACD,MAAM,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;gBACxE,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,wEAAwE;QACxE,wEAAwE;QACxE,uEAAuE;QACvE,uEAAuE;QACvE,gCAAgC;QAChC,MAAM,GAAG,GAAG,mBAAmB,CAAC,qBAAqB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,mBAAmB,CAChC,4BAA4B,EAC5B,EAAE,GAAG,IAAI,EACT,IAAI,CACL,CAAC;QACF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC;QACxC,IAAI,GAAG,GAAG,GAAG,GAAG,MAAM,EAAE,CAAC;YACvB,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAC/C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC,GAAG,GAAG,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,kEAAkE;QAClE,wEAAwE;QACxE,sEAAsE;QACtE,MAAM,CAAC,KAAK,CACV;YACE,GAAG,EACD,KAAK,YAAY,KAAK;gBACpB,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE;gBAC9C,CAAC,CAAC,KAAK;SACZ,EACD,uBAAuB,CACxB,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/worker/transport.d.ts CHANGED Viewed

@@ -17,11 +17,6 @@ export interface WorkerTransport {
      * Used to correlate responses with the originating request
      */
     setJobId(jobId: string): void;
-    /**
-     * Set module-specific data to be included in responses
-     * Allows modules to attach metadata to worker responses
-     */
-    setModuleData(moduleData: Record<string, unknown>): void;
     /**
      * Send a streaming delta to the gateway
      *

package/dist/worker/transport.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"transport.d.ts","sourceRoot":"","sources":["../../src/worker/transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAE9B~~;;;OAGG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAEzD~~;;;;;;OAMG;IACH,eAAe,CACb,KAAK,EAAE,MAAM,EACb,iBAAiB,CAAC,EAAE,OAAO,EAC3B,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB;;;;;OAKG;IACH,UAAU,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/C;;OAEG;IACH,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAElC;;;;OAIG;IACH,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7D;;;;;;OAMG;IACH,gBAAgB,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvE;;;OAGG;IACH,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7E;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,wCAAwC;IACxC,UAAU,EAAE,MAAM,CAAC;IAEnB,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;IAEpB,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC;IAEf,8BAA8B;IAC9B,SAAS,EAAE,MAAM,CAAC;IAElB,8CAA8C;IAC9C,cAAc,EAAE,MAAM,CAAC;IAEvB,oCAAoC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAE1B,sDAAsD;IACtD,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,qDAAqD;IACrD,MAAM,EAAE,MAAM,CAAC;IAEf,uDAAuD;IACvD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,6DAA6D;IAC7D,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE3C,4DAA4D;IAC5D,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;CAChC"}
1	+ {"version":3,"file":"transport.d.ts","sourceRoot":"","sources":["../../src/worker/transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAE9B;;;;;;OAMG;IACH,eAAe,CACb,KAAK,EAAE,MAAM,EACb,iBAAiB,CAAC,EAAE,OAAO,EAC3B,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB;;;;;OAKG;IACH,UAAU,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/C;;OAEG;IACH,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAElC;;;;OAIG;IACH,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7D;;;;;;OAMG;IACH,gBAAgB,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvE;;;OAGG;IACH,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7E;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,wCAAwC;IACxC,UAAU,EAAE,MAAM,CAAC;IAEnB,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;IAEpB,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC;IAEf,8BAA8B;IAC9B,SAAS,EAAE,MAAM,CAAC;IAElB,8CAA8C;IAC9C,cAAc,EAAE,MAAM,CAAC;IAEvB,oCAAoC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAE1B,sDAAsD;IACtD,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,qDAAqD;IACrD,MAAM,EAAE,MAAM,CAAC;IAEf,uDAAuD;IACvD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,6DAA6D;IAC7D,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE3C,4DAA4D;IAC5D,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;CAChC"}