npm - @lumenflow/cli - Versions diffs - 4.24.0 → 5.0.1 - Mend

@lumenflow/cli 4.24.0 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

package/README.md +54 -52
package/dist/agent-issues-query.js +10 -2
package/dist/agent-issues-query.js.map +1 -1
package/dist/agent-runtime-enrollment-events.js +44 -0
package/dist/agent-runtime-enrollment-events.js.map +1 -0
package/dist/agent-session-end.js +47 -0
package/dist/agent-session-end.js.map +1 -1
package/dist/agent-session-heartbeat.js +250 -0
package/dist/agent-session-heartbeat.js.map +1 -0
package/dist/agent-session.js +299 -5
package/dist/agent-session.js.map +1 -1
package/dist/capacity-snapshot-emitter.js +73 -0
package/dist/capacity-snapshot-emitter.js.map +1 -0
package/dist/claim-queue.js +276 -0
package/dist/claim-queue.js.map +1 -0
package/dist/config-set.js +22 -3
package/dist/config-set.js.map +1 -1
package/dist/control-plane-sidecar-runner.js +145 -0
package/dist/control-plane-sidecar-runner.js.map +1 -0
package/dist/delegation-list.js +160 -1
package/dist/delegation-list.js.map +1 -1
package/dist/delegation-role-resolver.js +69 -0
package/dist/delegation-role-resolver.js.map +1 -0
package/dist/docs-generate-pack-reference.js +500 -0
package/dist/docs-generate-pack-reference.js.map +1 -0
package/dist/docs-sync.js +116 -1
package/dist/docs-sync.js.map +1 -1
package/dist/file-edit.js +28 -8
package/dist/file-edit.js.map +1 -1
package/dist/file-write.js +29 -5
package/dist/file-write.js.map +1 -1
package/dist/gate-co-change.js +25 -7
package/dist/gate-co-change.js.map +1 -1
package/dist/gate-conditional.js +19 -7
package/dist/gate-conditional.js.map +1 -1
package/dist/gates-runners.js +42 -33
package/dist/gates-runners.js.map +1 -1
package/dist/gates-utils.js +34 -20
package/dist/gates-utils.js.map +1 -1
package/dist/gates.js +79 -7
package/dist/gates.js.map +1 -1
package/dist/hooks/config-resolver.js +10 -1
package/dist/hooks/config-resolver.js.map +1 -1
package/dist/init-package-config.js +1 -1
package/dist/init-package-config.js.map +1 -1
package/dist/init-scaffolding.js +5 -1
package/dist/init-scaffolding.js.map +1 -1
package/dist/init-templates.js +10 -0
package/dist/init-templates.js.map +1 -1
package/dist/init.js +1 -1
package/dist/init.js.map +1 -1
package/dist/initiative-create.js +17 -0
package/dist/initiative-create.js.map +1 -1
package/dist/initiative-remove-wu.js +17 -3
package/dist/initiative-remove-wu.js.map +1 -1
package/dist/kernel-event-sync/emitters.js +104 -0
package/dist/kernel-event-sync/emitters.js.map +1 -0
package/dist/kernel-event-sync/index.js +13 -0
package/dist/kernel-event-sync/index.js.map +1 -0
package/dist/kernel-event-sync/lifecycle-emitters.js +160 -0
package/dist/kernel-event-sync/lifecycle-emitters.js.map +1 -0
package/dist/kernel-event-sync/narrow-emissions.js +89 -0
package/dist/kernel-event-sync/narrow-emissions.js.map +1 -0
package/dist/kernel-event-sync/software-delivery-emitters.js +297 -0
package/dist/kernel-event-sync/software-delivery-emitters.js.map +1 -0
package/dist/lane-lock.js +14 -1
package/dist/lane-lock.js.map +1 -1
package/dist/lane-suggest.js +21 -0
package/dist/lane-suggest.js.map +1 -1
package/dist/lumenflow-upgrade.js +7 -5
package/dist/lumenflow-upgrade.js.map +1 -1
package/dist/mem-context.js +145 -0
package/dist/mem-context.js.map +1 -1
package/dist/mem-create.js +39 -6
package/dist/mem-create.js.map +1 -1
package/dist/mem-inbox.js +16 -0
package/dist/mem-inbox.js.map +1 -1
package/dist/mem-roster.js +95 -0
package/dist/mem-roster.js.map +1 -0
package/dist/mem-signal.js +97 -2
package/dist/mem-signal.js.map +1 -1
package/dist/metrics-snapshot.js +3 -2
package/dist/metrics-snapshot.js.map +1 -1
package/dist/orchestrate-init-status.js +117 -2
package/dist/orchestrate-init-status.js.map +1 -1
package/dist/orchestrate-initiative.js +83 -10
package/dist/orchestrate-initiative.js.map +1 -1
package/dist/orchestrate-monitor-quality.js +289 -0
package/dist/orchestrate-monitor-quality.js.map +1 -0
package/dist/orchestrate-monitor.js +85 -0
package/dist/orchestrate-monitor.js.map +1 -1
package/dist/pack-validate.js +127 -2
package/dist/pack-validate.js.map +1 -1
package/dist/plan-create.js +18 -0
package/dist/plan-create.js.map +1 -1
package/dist/plan-link.js +13 -0
package/dist/plan-link.js.map +1 -1
package/dist/plan-promote.js +14 -0
package/dist/plan-promote.js.map +1 -1
package/dist/pre-commit-check.js +4 -3
package/dist/pre-commit-check.js.map +1 -1
package/dist/public-manifest.js +17 -3
package/dist/public-manifest.js.map +1 -1
package/dist/release.js +28 -10
package/dist/release.js.map +1 -1
package/dist/session-cross-link.js +139 -0
package/dist/session-cross-link.js.map +1 -0
package/dist/sidecar-manager.js +208 -0
package/dist/sidecar-manager.js.map +1 -0
package/dist/state-path-resolvers.js +18 -0
package/dist/state-path-resolvers.js.map +1 -1
package/dist/stream-heartbeat.js +151 -0
package/dist/stream-heartbeat.js.map +1 -0
package/dist/sync-templates.js +56 -2
package/dist/sync-templates.js.map +1 -1
package/dist/wu-block.js +47 -5
package/dist/wu-block.js.map +1 -1
package/dist/wu-claim-branch.js +8 -4
package/dist/wu-claim-branch.js.map +1 -1
package/dist/wu-claim-state.js +5 -3
package/dist/wu-claim-state.js.map +1 -1
package/dist/wu-claim-worktree.js +5 -3
package/dist/wu-claim-worktree.js.map +1 -1
package/dist/wu-claim.js +261 -9
package/dist/wu-claim.js.map +1 -1
package/dist/wu-done-auto-cleanup.js +3 -2
package/dist/wu-done-auto-cleanup.js.map +1 -1
package/dist/wu-done-git-ops.js +12 -8
package/dist/wu-done-git-ops.js.map +1 -1
package/dist/wu-done-preflight.js +3 -3
package/dist/wu-done-preflight.js.map +1 -1
package/dist/wu-done.js +46 -10
package/dist/wu-done.js.map +1 -1
package/dist/wu-lifecycle-sync/gate-scope-resolver.js +16 -0
package/dist/wu-lifecycle-sync/gate-scope-resolver.js.map +1 -0
package/dist/wu-lifecycle-sync/kernel-event-sync-shim.js +10 -0
package/dist/wu-lifecycle-sync/kernel-event-sync-shim.js.map +1 -0
package/dist/wu-prep.js +363 -22
package/dist/wu-prep.js.map +1 -1
package/dist/wu-prune.js +68 -27
package/dist/wu-prune.js.map +1 -1
package/dist/wu-release.js +34 -3
package/dist/wu-release.js.map +1 -1
package/dist/wu-review.js +167 -0
package/dist/wu-review.js.map +1 -0
package/dist/wu-spawn-prompt-builders.js +296 -40
package/dist/wu-spawn-prompt-builders.js.map +1 -1
package/dist/wu-spawn-strategy-resolver.js +126 -14
package/dist/wu-spawn-strategy-resolver.js.map +1 -1
package/dist/wu-unblock.js +52 -22
package/dist/wu-unblock.js.map +1 -1
package/package.json +13 -8
package/packs/agent-runtime/agent-heartbeat.ts +163 -0
package/packs/agent-runtime/auto-session-integration.ts +874 -0
package/packs/agent-runtime/delegation-registry-schema.ts +220 -0
package/packs/agent-runtime/delegation-registry-store.ts +269 -0
package/packs/agent-runtime/delegation-tree.ts +328 -0
package/packs/agent-runtime/index.ts +9 -0
package/packs/agent-runtime/manifest.ts +109 -19
package/packs/agent-runtime/manifest.yaml +150 -0
package/packs/agent-runtime/memory-coordination-contract.ts +86 -0
package/packs/agent-runtime/memory.d.ts +19 -0
package/packs/agent-runtime/orchestration.ts +238 -23
package/packs/agent-runtime/package.json +11 -2
package/packs/agent-runtime/remote-controls/index.ts +7 -0
package/packs/agent-runtime/remote-controls/operations.ts +399 -0
package/packs/agent-runtime/remote-controls/port.ts +48 -0
package/packs/agent-runtime/remote-controls/state-store.ts +258 -0
package/packs/agent-runtime/remote-controls/types.ts +105 -0
package/packs/agent-runtime/session-schema.ts +423 -0
package/packs/agent-runtime/tool-impl/index.ts +1 -0
package/packs/agent-runtime/tool-impl/remote-controls.mock.ts +252 -0
package/packs/agent-runtime/tool-impl/remote-controls.ts +273 -0
package/packs/agent-runtime/tsconfig.json +1 -1
package/packs/agent-runtime/turn-lifecycle-events.ts +501 -0
package/packs/sidekick/channel-ingress.ts +137 -0
package/packs/sidekick/manifest.ts +74 -0
package/packs/sidekick/manifest.yaml +88 -0
package/packs/sidekick/package.json +3 -1
package/packs/sidekick/sidekick-events.ts +517 -0
package/packs/sidekick/src/adapters/cloud-queue.ts +101 -0
package/packs/sidekick/src/adapters/control-plane-bridge.adapter.ts +378 -0
package/packs/sidekick/src/adapters/filesystem-bridge.adapter.ts +224 -0
package/packs/sidekick/src/domain/channel.types.ts +84 -0
package/packs/sidekick/src/ports/channel-bridge.port.ts +75 -0
package/packs/sidekick/src/routines/commit.ts +74 -0
package/packs/sidekick/tool-impl/channel-tools.ts +47 -0
package/packs/sidekick/tool-impl/memory-tools.ts +17 -0
package/packs/sidekick/tool-impl/routine-commit.ts +102 -0
package/packs/sidekick/tool-impl/routine-tools.ts +67 -7
package/packs/sidekick/tool-impl/runtime-context.ts +4 -0
package/packs/sidekick/tool-impl/storage.ts +3 -0
package/packs/sidekick/tool-impl/system-tools.ts +7 -0
package/packs/sidekick/tool-impl/task-tools.ts +46 -0
package/packs/sidekick/tsconfig.json +1 -1
package/packs/software-delivery/manifest-schema.ts +30 -0
package/packs/software-delivery/manifest.ts +160 -11
package/packs/software-delivery/manifest.yaml +210 -230
package/packs/software-delivery/package.json +88 -3
package/packs/software-delivery/src/commands/index.ts +5 -0
package/packs/software-delivery/src/config/delivery-review-contract.ts +20 -0
package/packs/software-delivery/src/config/env-accessors.ts +19 -0
package/packs/software-delivery/src/config/index.ts +8 -0
package/packs/software-delivery/src/config/normalize-config-keys.ts +19 -0
package/packs/software-delivery/src/config/schemas/lumenflow-config-schema-types.ts +436 -0
package/packs/software-delivery/src/config/workspace-reader.ts +310 -0
package/packs/software-delivery/src/constants/backlog-patterns.ts +31 -0
package/packs/software-delivery/src/constants/client-ids.ts +19 -0
package/packs/software-delivery/src/constants/config-contract.ts +7 -0
package/packs/software-delivery/src/constants/docs-layout-presets.ts +50 -0
package/packs/software-delivery/src/constants/duration-constants.ts +20 -0
package/packs/software-delivery/src/constants/gate-constants.ts +32 -0
package/packs/software-delivery/src/constants/index.ts +29 -0
package/packs/software-delivery/src/constants/lock-constants.ts +35 -0
package/packs/software-delivery/src/constants/object-guards.ts +12 -0
package/packs/software-delivery/src/constants/section-headings.ts +107 -0
package/packs/software-delivery/src/constants/wu-cli-constants.ts +485 -0
package/packs/software-delivery/src/constants/wu-domain-constants.ts +466 -0
package/packs/software-delivery/src/constants/wu-git-constants.ts +7 -0
package/packs/software-delivery/src/constants/wu-id-format.ts +327 -0
package/packs/software-delivery/src/constants/wu-paths-constants.ts +358 -0
package/packs/software-delivery/src/constants/wu-statuses.ts +287 -0
package/packs/software-delivery/src/constants/wu-type-helpers.ts +67 -0
package/packs/software-delivery/src/constants/wu-ui-constants.ts +267 -0
package/packs/software-delivery/src/constants/wu-validation-constants.ts +73 -0
package/packs/software-delivery/src/domain/index.ts +5 -0
package/packs/software-delivery/src/domain/orchestration.constants.ts +168 -0
package/packs/software-delivery/src/domain/orchestration.schemas.ts +239 -0
package/packs/software-delivery/src/domain/orchestration.types.ts +178 -0
package/packs/software-delivery/src/methodology/incremental-test.ts +90 -0
package/packs/software-delivery/src/methodology/index.ts +6 -0
package/packs/software-delivery/src/methodology/manual-test-validator.ts +292 -0
package/packs/software-delivery/src/policy/coverage-gate.ts +270 -0
package/packs/software-delivery/src/policy/gates-agent-mode.ts +223 -0
package/packs/software-delivery/src/policy/gates-config-internal.ts +121 -0
package/packs/software-delivery/src/policy/gates-config.ts +293 -0
package/packs/software-delivery/src/policy/gates-coverage.ts +247 -0
package/packs/software-delivery/src/policy/gates-presets.ts +134 -0
package/packs/software-delivery/src/policy/gates-schemas.ts +173 -0
package/packs/software-delivery/src/policy/index.ts +22 -0
package/packs/software-delivery/src/policy/package-manager-resolver.ts +319 -0
package/packs/software-delivery/src/policy/resolve-policy.ts +518 -0
package/packs/software-delivery/src/ports/config.ports.ts +90 -0
package/packs/software-delivery/src/ports/dashboard-renderer.port.ts +125 -0
package/packs/software-delivery/src/ports/index.ts +10 -0
package/packs/software-delivery/src/ports/sync-validator.ports.ts +59 -0
package/packs/software-delivery/src/ports/wu-helpers.ports.ts +168 -0
package/packs/software-delivery/src/ports/wu-state.ports.ts +241 -0
package/packs/software-delivery/src/primitives/index.ts +5 -0
package/packs/software-delivery/src/runtime/index.ts +6 -0
package/packs/software-delivery/src/runtime/work-classifier.ts +561 -0
package/packs/software-delivery/src/sandbox/index.ts +10 -0
package/packs/software-delivery/src/sandbox/sandbox-allowlist.ts +118 -0
package/packs/software-delivery/src/sandbox/sandbox-backend-linux.ts +88 -0
package/packs/software-delivery/src/sandbox/sandbox-backend-macos.ts +154 -0
package/packs/software-delivery/src/sandbox/sandbox-backend-windows.ts +47 -0
package/packs/software-delivery/src/sandbox/sandbox-profile.ts +153 -0
package/packs/software-delivery/src/schemas/index.ts +5 -0
package/packs/software-delivery/src/state/date-utils.ts +158 -0
package/packs/software-delivery/src/state/index.ts +15 -0
package/packs/software-delivery/src/state/state-machine.ts +119 -0
package/packs/software-delivery/src/state/wu-doc-types.ts +51 -0
package/packs/software-delivery/src/state/wu-paths.ts +381 -0
package/packs/software-delivery/src/state/wu-schema.ts +1139 -0
package/packs/software-delivery/src/state/wu-state-schema.ts +255 -0
package/packs/software-delivery/src/state/wu-yaml.ts +338 -0
package/packs/software-delivery/src/types.d.ts +16 -0
package/packs/software-delivery/tool-impl/wu-lifecycle-tools.ts +18 -0
package/packs/software-delivery/tsconfig.json +28 -2
package/templates/core/AGENTS.md.template +76 -17
package/templates/core/LUMENFLOW.md.template +265 -66
package/templates/core/_frameworks/lumenflow/wu-sizing-guide.md.template +180 -116
package/templates/core/ai/onboarding/agent-invocation-guide.md.template +26 -8
package/templates/core/ai/onboarding/existing-project-bootstrap.md.template +171 -0
package/templates/core/ai/onboarding/first-15-mins.md.template +3 -1
package/templates/core/ai/onboarding/first-wu-mistakes.md.template +1 -1
package/templates/core/ai/onboarding/initiative-orchestration.md.template +46 -30
package/templates/core/ai/onboarding/quick-ref-commands.md.template +36 -33
package/templates/core/ai/onboarding/release-process.md.template +8 -7
package/templates/core/ai/onboarding/starting-prompt.md.template +2 -0
package/templates/core/ai/onboarding/troubleshooting-wu-done.md.template +62 -0
package/templates/vendors/claude/.claude/CLAUDE.md.template +29 -54
package/templates/vendors/cursor/.cursor/rules/lumenflow.md.template +24 -52
package/templates/vendors/windsurf/.windsurf/rules/lumenflow.md.template +24 -52
package/packs/agent-runtime/.turbo/turbo-build.log +0 -4
package/packs/sidekick/.turbo/turbo-build.log +0 -4
package/packs/software-delivery/.turbo/turbo-build.log +0 -4

package/packs/agent-runtime/turn-lifecycle-events.ts ADDED Viewed

@@ -0,0 +1,501 @@
+// Copyright (c) 2026 Hellmai Ltd
+// SPDX-License-Identifier: AGPL-3.0-only
+import { createHash, randomUUID } from 'node:crypto';
+const SCHEMA_VERSION_V2 = 2 as const;
+const CONTENT_HASH_ALGORITHM = 'sha256';
+const CONTENT_HASH_ENCODING = 'hex';
+const CONTENT_HASH_PREFIX_LENGTH = 32;
+export const AGENT_RUNTIME_CHANNEL_ID = 'agent-runtime' as const;
+export const AGENT_RUNTIME_EVENT_KINDS = {
+  TURN_STARTED: 'agent-runtime:turn_started',
+  TURN_COMPLETED: 'agent-runtime:turn_completed',
+  TURN_ABORTED: 'agent-runtime:turn_aborted',
+  TOOL_CALLED: 'agent-runtime:tool_called',
+  APPROVAL_REQUIRED: 'agent-runtime:approval_required',
+  WORKFLOW_NODE_STARTED: 'agent-runtime:workflow_node_started',
+  WORKFLOW_NODE_COMPLETED: 'agent-runtime:workflow_node_completed',
+  WORKFLOW_NODE_FAILED: 'agent-runtime:workflow_node_failed',
+  WORKFLOW_PAUSED: 'agent-runtime:workflow_paused',
+  SCHEDULED_WAKEUP_SET: 'agent-runtime:scheduled_wakeup_set',
+  BUDGET_THRESHOLD: 'agent-runtime:budget_threshold',
+  AGENT_SESSION_ENROLLED: 'agent-runtime:agent_session_enrolled',
+  AGENT_SESSION_ENDED: 'agent-runtime:agent_session_ended',
+  AGENT_SESSION_STALLED: 'agent-runtime:agent_session_stalled',
+  // WU-2733 (INIT-060 Phase 3, ADR-013 §6 governance):
+  // autonomy_changed emitted by elevate_autonomy / lower_autonomy real
+  // remote-control impls. Cloud conductor subscribes to render the new
+  // autonomy band in the session UI.
+  AUTONOMY_CHANGED: 'agent-runtime:autonomy_changed',
+} as const;
+export const AGENT_RUNTIME_EVENT_KIND_VALUES = [
+  AGENT_RUNTIME_EVENT_KINDS.TURN_STARTED,
+  AGENT_RUNTIME_EVENT_KINDS.TURN_COMPLETED,
+  AGENT_RUNTIME_EVENT_KINDS.TURN_ABORTED,
+  AGENT_RUNTIME_EVENT_KINDS.TOOL_CALLED,
+  AGENT_RUNTIME_EVENT_KINDS.APPROVAL_REQUIRED,
+  AGENT_RUNTIME_EVENT_KINDS.WORKFLOW_NODE_STARTED,
+  AGENT_RUNTIME_EVENT_KINDS.WORKFLOW_NODE_COMPLETED,
+  AGENT_RUNTIME_EVENT_KINDS.WORKFLOW_NODE_FAILED,
+  AGENT_RUNTIME_EVENT_KINDS.WORKFLOW_PAUSED,
+  AGENT_RUNTIME_EVENT_KINDS.SCHEDULED_WAKEUP_SET,
+  AGENT_RUNTIME_EVENT_KINDS.BUDGET_THRESHOLD,
+  AGENT_RUNTIME_EVENT_KINDS.AGENT_SESSION_ENROLLED,
+  AGENT_RUNTIME_EVENT_KINDS.AGENT_SESSION_ENDED,
+  AGENT_RUNTIME_EVENT_KINDS.AGENT_SESSION_STALLED,
+  AGENT_RUNTIME_EVENT_KINDS.AUTONOMY_CHANGED,
+] as const;
+export type AgentRuntimeEventKind = (typeof AGENT_RUNTIME_EVENT_KIND_VALUES)[number];
+interface AgentRuntimeEventEnvelope {
+  schema_version: typeof SCHEMA_VERSION_V2;
+  timestamp: string;
+  event_id: string;
+  channel_id: typeof AGENT_RUNTIME_CHANNEL_ID;
+  seq: number;
+}
+export interface AgentRuntimeTurnCostBreakdown {
+  input_tokens_usd: number;
+  output_tokens_usd: number;
+  tool_calls_usd: number;
+  total_usd: number;
+}
+export type AgentRuntimeCleanupStatus = 'clean' | 'partial' | 'needs_recovery';
+export interface TurnStartedEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.TURN_STARTED;
+  session_id: string;
+  turn_index: number;
+  model_profile: string;
+}
+export interface TurnCompletedEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.TURN_COMPLETED;
+  session_id: string;
+  turn_index: number;
+  status: string;
+  cost_breakdown: AgentRuntimeTurnCostBreakdown;
+}
+export interface TurnAbortedEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.TURN_ABORTED;
+  session_id: string;
+  turn_index: number;
+  cleanup_status: AgentRuntimeCleanupStatus;
+  recovery_action: string | null;
+  reason: string;
+}
+export interface ToolCalledEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.TOOL_CALLED;
+  session_id: string;
+  turn_index: number;
+  tool_name: string;
+  tool_call_id: string;
+}
+export interface ApprovalRequiredEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.APPROVAL_REQUIRED;
+  session_id: string;
+  turn_index: number;
+  tool_name: string;
+  request_id: string;
+}
+export interface WorkflowNodeStartedEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.WORKFLOW_NODE_STARTED;
+  session_id: string;
+  node_id: string;
+}
+export interface WorkflowNodeCompletedEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.WORKFLOW_NODE_COMPLETED;
+  session_id: string;
+  node_id: string;
+}
+export interface WorkflowNodeFailedEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.WORKFLOW_NODE_FAILED;
+  session_id: string;
+  node_id: string;
+  error_code: string;
+  error_message: string;
+}
+export interface WorkflowPausedEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.WORKFLOW_PAUSED;
+  session_id: string;
+  node_id: string;
+  reason: string;
+}
+export interface ScheduledWakeupSetEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.SCHEDULED_WAKEUP_SET;
+  session_id: string;
+  node_id: string;
+  wake_at: string;
+}
+export interface BudgetThresholdEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.BUDGET_THRESHOLD;
+  session_id: string;
+  budget_name: string;
+  threshold: number;
+  observed_value: number;
+}
+export interface AgentSessionEnrolledEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.AGENT_SESSION_ENROLLED;
+  session_id: string;
+  wu_id: string;
+  lane: string;
+  client_type: string;
+}
+export interface AgentSessionEndedEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.AGENT_SESSION_ENDED;
+  session_id: string;
+  wu_id: string;
+  lane: string;
+  incidents_logged: number;
+  incidents_major: number;
+}
+export interface AgentSessionStalledEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.AGENT_SESSION_STALLED;
+  session_id: string;
+  wu_id: string;
+  lane: string;
+  stage: string;
+  reason: string;
+}
+/**
+ * WU-2733 (INIT-060 Phase 3, ADR-013 §6 governance): autonomy_changed
+ * carries the transition between autonomy bands ("manual" ↔ "assisted"
+ * ↔ "auto") so cloud renders the shift and operators see the change
+ * reflected in the evidence feed. `reason` surfaces the operator-supplied
+ * rationale when provided.
+ */
+export interface AutonomyChangedEvent extends AgentRuntimeEventEnvelope {
+  kind: typeof AGENT_RUNTIME_EVENT_KINDS.AUTONOMY_CHANGED;
+  session_id: string;
+  previous_level: string;
+  new_level: string;
+  direction: 'elevate' | 'lower';
+  reason: string | null;
+}
+export type AgentRuntimeEvent =
+  | TurnStartedEvent
+  | TurnCompletedEvent
+  | TurnAbortedEvent
+  | ToolCalledEvent
+  | ApprovalRequiredEvent
+  | WorkflowNodeStartedEvent
+  | WorkflowNodeCompletedEvent
+  | WorkflowNodeFailedEvent
+  | WorkflowPausedEvent
+  | ScheduledWakeupSetEvent
+  | BudgetThresholdEvent
+  | AgentSessionEnrolledEvent
+  | AgentSessionEndedEvent
+  | AgentSessionStalledEvent
+  | AutonomyChangedEvent;
+export type AgentRuntimeEventSink = (event: AgentRuntimeEvent) => void;
+export interface AgentRuntimeEventBuildOptions {
+  timestamp?: string;
+  idempotencyKey?: string;
+}
+export function resetAgentRuntimeSeqCounter(): void {
+  channelSeqCounters.clear();
+}
+export function createZeroTurnCostBreakdown(): AgentRuntimeTurnCostBreakdown {
+  return {
+    input_tokens_usd: 0,
+    output_tokens_usd: 0,
+    tool_calls_usd: 0,
+    total_usd: 0,
+  };
+}
+export function buildTurnStartedEvent(
+  input: Omit<TurnStartedEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): TurnStartedEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.TURN_STARTED,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildTurnCompletedEvent(
+  input: Omit<TurnCompletedEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): TurnCompletedEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.TURN_COMPLETED,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildTurnAbortedEvent(
+  input: Omit<TurnAbortedEvent, keyof AgentRuntimeEventEnvelope | 'kind' | 'recovery_action'> & {
+    recovery_action?: string | null;
+  },
+  options?: AgentRuntimeEventBuildOptions,
+): TurnAbortedEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.TURN_ABORTED,
+      ...input,
+      recovery_action: resolveRecoveryAction(input.cleanup_status, input.recovery_action),
+    },
+    options,
+  );
+}
+export function buildToolCalledEvent(
+  input: Omit<ToolCalledEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): ToolCalledEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.TOOL_CALLED,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildApprovalRequiredEvent(
+  input: Omit<ApprovalRequiredEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): ApprovalRequiredEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.APPROVAL_REQUIRED,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildWorkflowNodeStartedEvent(
+  input: Omit<WorkflowNodeStartedEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): WorkflowNodeStartedEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.WORKFLOW_NODE_STARTED,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildWorkflowNodeCompletedEvent(
+  input: Omit<WorkflowNodeCompletedEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): WorkflowNodeCompletedEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.WORKFLOW_NODE_COMPLETED,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildWorkflowNodeFailedEvent(
+  input: Omit<WorkflowNodeFailedEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): WorkflowNodeFailedEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.WORKFLOW_NODE_FAILED,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildWorkflowPausedEvent(
+  input: Omit<WorkflowPausedEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): WorkflowPausedEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.WORKFLOW_PAUSED,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildScheduledWakeupSetEvent(
+  input: Omit<ScheduledWakeupSetEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): ScheduledWakeupSetEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.SCHEDULED_WAKEUP_SET,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildBudgetThresholdEvent(
+  input: Omit<BudgetThresholdEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): BudgetThresholdEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.BUDGET_THRESHOLD,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildAgentSessionEnrolledEvent(
+  input: Omit<AgentSessionEnrolledEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): AgentSessionEnrolledEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.AGENT_SESSION_ENROLLED,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildAgentSessionEndedEvent(
+  input: Omit<AgentSessionEndedEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): AgentSessionEndedEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.AGENT_SESSION_ENDED,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildAgentSessionStalledEvent(
+  input: Omit<AgentSessionStalledEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): AgentSessionStalledEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.AGENT_SESSION_STALLED,
+      ...input,
+    },
+    options,
+  );
+}
+export function buildAutonomyChangedEvent(
+  input: Omit<AutonomyChangedEvent, keyof AgentRuntimeEventEnvelope | 'kind'>,
+  options?: AgentRuntimeEventBuildOptions,
+): AutonomyChangedEvent {
+  return buildAgentRuntimeEvent(
+    {
+      kind: AGENT_RUNTIME_EVENT_KINDS.AUTONOMY_CHANGED,
+      ...input,
+    },
+    options,
+  );
+}
+export function emitAgentRuntimeEvent(
+  sink: AgentRuntimeEventSink | undefined,
+  event: AgentRuntimeEvent,
+): void {
+  if (!sink) {
+    return;
+  }
+  try {
+    sink(event);
+  } catch {
+    // Ephemeral telemetry must never break the host/session workflow.
+  }
+}
+const channelSeqCounters = new Map<string, number>();
+function buildAgentRuntimeEvent<T extends { kind: AgentRuntimeEventKind }>(
+  payload: T,
+  options?: AgentRuntimeEventBuildOptions,
+): T & AgentRuntimeEventEnvelope {
+  const timestamp = options?.timestamp ?? new Date().toISOString();
+  const payloadRecord = payload as unknown as Record<string, unknown>;
+  return {
+    ...payload,
+    schema_version: SCHEMA_VERSION_V2,
+    timestamp,
+    event_id: resolveEventId(payload.kind, payloadRecord, timestamp, options),
+    channel_id: AGENT_RUNTIME_CHANNEL_ID,
+    seq: nextSeq(AGENT_RUNTIME_CHANNEL_ID),
+  };
+}
+function resolveEventId(
+  kind: string,
+  payload: Record<string, unknown>,
+  timestamp: string,
+  options?: AgentRuntimeEventBuildOptions,
+): string {
+  const key = options?.idempotencyKey;
+  if (!key) {
+    return randomUUID();
+  }
+  const canonicalPayload = JSON.stringify(payload, Object.keys(payload).sort());
+  return createHash(CONTENT_HASH_ALGORITHM)
+    .update(`${key}|${kind}|${timestamp}|${canonicalPayload}`)
+    .digest(CONTENT_HASH_ENCODING)
+    .slice(0, CONTENT_HASH_PREFIX_LENGTH);
+}
+function nextSeq(channelId: string): number {
+  const current = channelSeqCounters.get(channelId) ?? 0;
+  const next = current + 1;
+  channelSeqCounters.set(channelId, next);
+  return next;
+}
+function resolveRecoveryAction(
+  cleanupStatus: AgentRuntimeCleanupStatus,
+  recoveryAction?: string | null,
+): string | null {
+  if (cleanupStatus === 'clean') {
+    return null;
+  }
+  if (recoveryAction && recoveryAction.trim().length > 0) {
+    return recoveryAction.trim();
+  }
+  if (cleanupStatus === 'partial') {
+    return 'Review the partially applied state and re-run wu:prep before resuming.';
+  }
+  return 'Run wu:recover after reviewing the current session state.';
+}

package/packs/sidekick/channel-ingress.ts ADDED Viewed

@@ -0,0 +1,137 @@
+// Copyright (c) 2026 Hellmai Ltd
+// SPDX-License-Identifier: AGPL-3.0-only
+/**
+ * WU-2731 (INIT-060 phase 3, ADR-013 §5 Identity):
+ * Pure inbound-channel ingress sanitizer.
+ *
+ * ADR-013 §5 rules, enforced here:
+ *
+ * - The authoritative `from` value for an inbound phone POST comes from the
+ *   authenticated token subject (`{workspace_id}:phone:{device_id}`). Cloud
+ *   MUST NOT trust a `from` field supplied in the request body.
+ *
+ * - Body-supplied `from` (and any alias under `metadata.from`) is stripped
+ *   before the envelope reaches domain code. The surface that calls this
+ *   module is expected to pass the resolved `from` separately; attempting to
+ *   ingest a body-only envelope (no authoritative from) fails closed.
+ *
+ * The module is HTTP-independent: both the kernel tool-api surface and the
+ * future control-plane adapter (WU-2737) call the same sanitizer so the
+ * ignore-body-from rule is enforced in one place.
+ */
+const ENVELOPE_BODY_FIELD_FROM = 'from' as const;
+const ENVELOPE_METADATA_KEY = 'metadata' as const;
+const ENVELOPE_FROM_SOURCE_TOKEN = 'token' as const;
+export interface PhoneChannelIngressInput {
+  /**
+   * Raw request body as parsed from JSON. Opaque record; the sanitizer does
+   * not inspect `body`, only the `from` attribution fields.
+   */
+  body: Readonly<Record<string, unknown>>;
+  /**
+   * Authoritative identity claim resolved from the bearer token. Required:
+   * without a token subject, cloud cannot attribute the message, and the
+   * ingress path rejects the request.
+   */
+  authoritativeFrom: string;
+}
+export interface PhoneChannelIngressEnvelope {
+  /**
+   * Sanitised request body with any body-level `from` stripped. Everything
+   * else the caller supplied is preserved so downstream code (channel.send,
+   * routing) can consume arbitrary payload fields.
+   */
+  body: Record<string, unknown>;
+  /** Authoritative attribution string (`{workspace_id}:phone:{device_id}`). */
+  from: string;
+  /** Always `'token'` — cloud-safe invariant per ADR-013 §5. */
+  from_source: typeof ENVELOPE_FROM_SOURCE_TOKEN;
+}
+export class PhoneChannelIngressError extends Error {
+  readonly statusCode: number;
+  constructor(message: string, statusCode: number) {
+    super(message);
+    this.name = 'PhoneChannelIngressError';
+    this.statusCode = statusCode;
+  }
+}
+/**
+ * Sanitize an inbound phone-channel request. Returns a cleaned envelope with
+ * the authoritative `from` baked in. Throws `PhoneChannelIngressError` (HTTP
+ * 400) when the authoritative `from` is missing — the surface translates the
+ * error to a 400/403 response.
+ */
+export function sanitizePhoneChannelIngress(
+  input: PhoneChannelIngressInput,
+): PhoneChannelIngressEnvelope {
+  if (typeof input.authoritativeFrom !== 'string' || input.authoritativeFrom.length === 0) {
+    throw new PhoneChannelIngressError(
+      'Inbound phone channel requires authoritative from (token subject); body-only attribution is rejected.',
+      400,
+    );
+  }
+  const sanitizedBody = stripKey(input.body, ENVELOPE_BODY_FIELD_FROM);
+  const rawMetadata = sanitizedBody[ENVELOPE_METADATA_KEY];
+  if (
+    rawMetadata !== null &&
+    typeof rawMetadata === 'object' &&
+    !Array.isArray(rawMetadata) &&
+    ENVELOPE_BODY_FIELD_FROM in (rawMetadata as Record<string, unknown>)
+  ) {
+    sanitizedBody[ENVELOPE_METADATA_KEY] = stripKey(
+      rawMetadata as Record<string, unknown>,
+      ENVELOPE_BODY_FIELD_FROM,
+    );
+  }
+  return {
+    body: sanitizedBody,
+    from: input.authoritativeFrom,
+    from_source: ENVELOPE_FROM_SOURCE_TOKEN,
+  };
+}
+/**
+ * Copy `record` omitting the given key. Implemented with a filtered
+ * `Object.entries` rather than `delete` to satisfy the linter's ban on
+ * dynamic-delete (which would otherwise be a no-op for literal keys but
+ * fails the rule uniformly).
+ */
+function stripKey(record: Readonly<Record<string, unknown>>, key: string): Record<string, unknown> {
+  const result: Record<string, unknown> = {};
+  for (const [entryKey, entryValue] of Object.entries(record)) {
+    if (entryKey !== key) {
+      result[entryKey] = entryValue;
+    }
+  }
+  return result;
+}
+/**
+ * Convenience: reports whether the given `from` subject matches the
+ * phone-device grammar (`{workspace_id}:phone:{device_id}`). Useful to
+ * tell workspace-scoped actors from phone-device actors in the audit log
+ * without reaching for the enrollment parser.
+ */
+export function isPhoneSubject(subject: string): boolean {
+  const parts = subject.split(':');
+  if (parts.length !== 3) {
+    return false;
+  }
+  const [workspace, kind, device] = parts;
+  return (
+    kind === 'phone' &&
+    typeof workspace === 'string' &&
+    workspace.length > 0 &&
+    typeof device === 'string' &&
+    device.length > 0
+  );
+}