@lobu/core 7.1.0 → 8.0.0

package/dist/worker/wire.d.ts

@@ -0,0 +1,105 @@
+/**
+ * Gateway ↔ worker wire contract.
+ *
+ * `MessagePayload` is what `MessageConsumer` (gateway) enqueues on the runs
+ * queue, what `EmbeddedDeploymentManager.dispatch*` writes to the worker SSE
+ * stream, and what the worker's `GatewayClient.handleThreadMessage` /
+ * `handleExecJob` consumes. Same shape on both sides — keep it here.
+ *
+ * Before this lived in core, the worker had its own `MessagePayload`
+ * declaration that was a structural subset of the gateway's (missing
+ * `organizationId`, `networkConfig`, `egressConfig`, `mcpConfig`, `nixConfig`,
+ * `preApprovedTools`). At runtime the worker's zod schema was patched with
+ * `.passthrough()` so the extra fields survived parsing, but the static type
+ * silently lied. Hoisting closes the gap.
+ */
+import type { AgentEgressConfig, AgentMcpConfig, AgentOptions, NetworkConfig, NixConfig } from "../types";
+/**
+ * Job type for queue messages.
+ * - `message`: standard agent message execution.
+ * - `exec`: direct command execution in the sandbox.
+ */
+export type JobType = "message" | "exec";
+/**
+ * Universal message payload for every gateway → worker hop.
+ * Used by: platform inbound → runs queue → MessageConsumer → worker.
+ */
+export interface MessagePayload {
+    userId: string;
+    conversationId: string;
+    messageId: string;
+    channelId: string;
+    /**
+     * Team/workspace ID. Required in the gateway-produced payload (always
+     * stamped by `buildMessagePayload`), but optional in the wire type
+     * because Slack carries the workspace ID in `platformMetadata` and the
+     * worker reads it defensively (`payload.teamId ?? platformMetadata.teamId`).
+     * The worker SSE schema parses it with `z.string().optional()`.
+     */
+    teamId?: string;
+    /** Agent / session ID for tenant isolation. */
+    agentId: string;
+    /**
+     * Owning organization of the agent. Plumbed through so child queries
+     * (grants, user-agents, channel-bindings, secrets) can scope by org —
+     * agent IDs are per-org-unique, so `agent_id = ?` alone is ambiguous.
+     */
+    organizationId?: string;
+    /** Bot identifier. */
+    botId: string;
+    /** Platform name (`slack`, `telegram`, ...). */
+    platform: string;
+    messageText: string;
+    platformMetadata: Record<string, unknown>;
+    agentOptions: AgentOptions;
+    networkConfig?: NetworkConfig;
+    /**
+     * The runs.id of the row the runs-queue claimed when this message was
+     * dispatched. Threaded all the way to the worker so the per-run
+     * agent_transcript_snapshot POST can attribute the snapshot to the
+     * correct run unambiguously — codex P1#1 on PR #865.
+     */
+    runId?: number;
+    /**
+     * Per-run worker JWT bound to `runId` above. Minted by the runs-queue
+     * dispatcher (`MessageConsumer.handleMessage`) so the snapshot route can
+     * require `tokenData.runId === body.runId` and reject any attempt by a
+     * same-(org, agent, conv) deployment-lifetime token to write under a
+     * different run's slot — codex round 2 finding A on PR #865.
+     */
+    runJobToken?: string;
+    /** Per-agent egress judge configuration. */
+    egressConfig?: AgentEgressConfig;
+    /** Per-agent MCP configuration (additive to global MCPs). */
+    mcpConfig?: AgentMcpConfig;
+    /** Nix environment configuration for the agent workspace. */
+    nixConfig?: NixConfig;
+    /**
+     * MCP tool grant patterns the operator has pre-approved.
+     * Synced to the grant store at deployment time to bypass the approval card.
+     */
+    preApprovedTools?: string[];
+    /**
+     * Job ID from the gateway (set when the payload rode through the worker
+     * SSE stream). Optional — direct-enqueue paths leave it unset.
+     */
+    jobId?: string;
+    /** Job type (default: `message`). */
+    jobType?: JobType;
+    /** Unique ID for the exec job (for response routing). */
+    execId?: string;
+    /** Command to execute. */
+    execCommand?: string;
+    /** Working directory for the command. */
+    execCwd?: string;
+    /** Additional environment variables. */
+    execEnv?: Record<string, string>;
+    /** Timeout in milliseconds. */
+    execTimeout?: number;
+}
+/** Queued message envelope used by the worker's in-process batcher. */
+export interface QueuedMessage {
+    payload: MessagePayload;
+    timestamp: number;
+}
+//# sourceMappingURL=wire.d.ts.map

package/dist/worker/wire.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wire.d.ts","sourceRoot":"","sources":["../../src/worker/wire.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,aAAa,EACb,SAAS,EACV,MAAM,UAAU,CAAC;AAElB;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;AAEzC;;;GAGG;AACH,MAAM,WAAW,cAAc;IAE7B,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB;;;;;;OAMG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+CAA+C;IAC/C,OAAO,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAGxB,sBAAsB;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,gDAAgD;IAChD,QAAQ,EAAE,MAAM,CAAC;IAGjB,WAAW,EAAE,MAAM,CAAC;IAGpB,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAG1C,YAAY,EAAE,YAAY,CAAC;IAG3B,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;;;;OAKG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,4CAA4C;IAC5C,YAAY,CAAC,EAAE,iBAAiB,CAAC;IAEjC,6DAA6D;IAC7D,SAAS,CAAC,EAAE,cAAc,CAAC;IAE3B,6DAA6D;IAC7D,SAAS,CAAC,EAAE,SAAS,CAAC;IAEtB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE5B;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,qCAAqC;IACrC,OAAO,CAAC,EAAE,OAAO,CAAC;IAGlB,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,0BAA0B;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yCAAyC;IACzC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,+BAA+B;IAC/B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,uEAAuE;AACvE,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,cAAc,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB"}

package/dist/worker/wire.js

@@ -0,0 +1,18 @@
+"use strict";
+/**
+ * Gateway ↔ worker wire contract.
+ *
+ * `MessagePayload` is what `MessageConsumer` (gateway) enqueues on the runs
+ * queue, what `EmbeddedDeploymentManager.dispatch*` writes to the worker SSE
+ * stream, and what the worker's `GatewayClient.handleThreadMessage` /
+ * `handleExecJob` consumes. Same shape on both sides — keep it here.
+ *
+ * Before this lived in core, the worker had its own `MessagePayload`
+ * declaration that was a structural subset of the gateway's (missing
+ * `organizationId`, `networkConfig`, `egressConfig`, `mcpConfig`, `nixConfig`,
+ * `preApprovedTools`). At runtime the worker's zod schema was patched with
+ * `.passthrough()` so the extra fields survived parsing, but the static type
+ * silently lied. Hoisting closes the gap.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=wire.js.map

package/dist/worker/wire.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wire.js","sourceRoot":"","sources":["../../src/worker/wire.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lobu/core",
-  "version": "7.1.0",
+  "version": "8.0.0",
   "license": "Apache-2.0",
   "description": "Core types and utilities for Lobu agent platform",
   "repository": {