@mugwork/mug 0.1.0

package/dist/runtime/workflow.js

@@ -0,0 +1,1008 @@
+import { WorkspaceContext } from "./context.js";
+import { getConnector } from "./source.js";
+const OPS_DB = "_mug_ops";
+export class HttpError extends Error {
+    status;
+    result;
+    constructor(result) {
+        super(`HTTP ${result.status}: ${result.body.slice(0, 200)}`);
+        this.name = "HttpError";
+        this.status = result.status;
+        this.result = result;
+    }
+}
+const DEFAULT_MAX_OPERATIONS = 100;
+function truncate(value, maxLen = 4096) {
+    const s = JSON.stringify(value);
+    return s.length > maxLen ? s.slice(0, maxLen) + "…" : s;
+}
+function isBillableStep(type) {
+    return type === "exec" || type === "http" || type.startsWith("action.");
+}
+export class WorkflowContext {
+    ctx;
+    env;
+    stepCounter = 0;
+    workflowBilling;
+    operationCount = 0;
+    maxOperations;
+    steps = [];
+    params = {};
+    changesetId;
+    changesetSource;
+    instanceId;
+    _webhookResponse;
+    get isDemo() {
+        return this.params._demo === true;
+    }
+    get demoNotify() {
+        return this.params._demoNotify ?? null;
+    }
+    resolveDemoRecipient(channel, originalTo) {
+        const cfg = this.demoNotify;
+        if (!cfg)
+            return originalTo;
+        if (cfg.overrides?.[channel])
+            return cfg.overrides[channel];
+        switch (cfg.mode) {
+            case "off":
+                return null;
+            case "demo-user": {
+                const isEmail = cfg.identity.includes("@");
+                if (channel === "email" && isEmail)
+                    return cfg.identity;
+                if (channel === "sms" && !isEmail)
+                    return cfg.identity;
+                return null;
+            }
+            case "dev": {
+                if (channel === "email" && cfg.devEmail)
+                    return cfg.devEmail;
+                return null;
+            }
+            default:
+                return null;
+        }
+    }
+    constructor(env, options) {
+        this.env = env;
+        this.ctx = new WorkspaceContext(env);
+        this.workflowBilling = options?.billing;
+        this.maxOperations = options?.maxOperations ?? DEFAULT_MAX_OPERATIONS;
+    }
+    secret(name) {
+        const val = this.env[name];
+        if (typeof val !== "string")
+            throw new Error(`Secret "${name}" not found`);
+        return val;
+    }
+    /** @internal */
+    _nextStep(type, target) {
+        this.stepCounter++;
+        return `${type}-${target}-${this.stepCounter}`;
+    }
+    /** @internal */
+    _recordStep(name, type, startedAt, opts) {
+        const completedAt = Date.now();
+        const record = {
+            name,
+            type,
+            billable: isBillableStep(type),
+            startedAt,
+            completedAt,
+            durationMs: completedAt - startedAt,
+        };
+        if (opts?.input != null)
+            record.input = truncate(opts.input);
+        if (opts?.output != null)
+            record.output = truncate(opts.output);
+        if (opts?.error)
+            record.error = opts.error;
+        if (opts?.tokensUsed)
+            record.tokensUsed = opts.tokensUsed;
+        this.steps.push(record);
+        return record;
+    }
+    async query(database, sql, params) {
+        const name = this._nextStep("query", database);
+        const start = Date.now();
+        try {
+            const rows = await this.ctx.query(database, sql, params);
+            this._recordStep(name, "query", start, { input: { sql, params }, output: `${rows.length} rows` });
+            return rows;
+        }
+        catch (e) {
+            this._recordStep(name, "query", start, { input: { sql, params }, error: e.message });
+            throw e;
+        }
+    }
+    async exec(database, sql, params) {
+        const name = this._nextStep("exec", database);
+        const start = Date.now();
+        const changeset = this.changesetId
+            ? { id: this.changesetId, source: this.changesetSource ?? "unknown" }
+            : undefined;
+        try {
+            const changes = await this.ctx.exec(database, sql, params, changeset);
+            this._recordStep(name, "exec", start, { input: { sql, params }, output: `${changes} changes` });
+            return changes;
+        }
+        catch (e) {
+            this._recordStep(name, "exec", start, { input: { sql, params }, error: e.message });
+            throw e;
+        }
+    }
+    async ai(model, options) {
+        const name = this._nextStep("ai", model);
+        const start = Date.now();
+        const opts = this.workflowBilling && !options.billing
+            ? { ...options, billing: this.workflowBilling }
+            : options;
+        try {
+            const result = await this.ctx.ai(model, opts);
+            this._recordStep(name, "ai", start, {
+                input: { prompt: options.prompt.slice(0, 200) },
+                output: result.text.slice(0, 200),
+                tokensUsed: result.usage.input_tokens + result.usage.output_tokens,
+            });
+            return result;
+        }
+        catch (e) {
+            this._recordStep(name, "ai", start, { input: { prompt: options.prompt.slice(0, 200) }, error: e.message });
+            throw e;
+        }
+    }
+    async search(query, options) {
+        const name = this._nextStep("search", options?.source ?? "all");
+        const start = Date.now();
+        try {
+            const results = await this.ctx.search(query, options);
+            this._recordStep(name, "search", start, {
+                input: { query: query.slice(0, 200), source: options?.source },
+                output: `${results.length} results`,
+            });
+            return results;
+        }
+        catch (e) {
+            this._recordStep(name, "search", start, {
+                input: { query: query.slice(0, 200) },
+                error: e.message,
+            });
+            throw e;
+        }
+    }
+    async ask(question, options) {
+        const name = this._nextStep("ask", options?.source ?? "all");
+        const start = Date.now();
+        try {
+            const result = await this.ctx.ask(question, options);
+            this._recordStep(name, "ask", start, {
+                input: { question: question.slice(0, 200), source: options?.source },
+                output: result.answer.slice(0, 200),
+                tokensUsed: result.usage.input_tokens + result.usage.output_tokens,
+            });
+            return result;
+        }
+        catch (e) {
+            this._recordStep(name, "ask", start, {
+                input: { question: question.slice(0, 200) },
+                error: e.message,
+            });
+            throw e;
+        }
+    }
+    get notify() {
+        return {
+            sms: (options) => this.sendNotification("sms", options),
+            email: (options) => this.sendNotification("email", options),
+            slack: (options) => this.sendNotification("slack", options),
+            channel: (name, options) => this.sendNotification(name, options),
+        };
+    }
+    async sendNotification(channel, options) {
+        const name = this._nextStep("notify", channel);
+        const start = Date.now();
+        if (this.isDemo) {
+            const resolved = this.resolveDemoRecipient(channel, options.to);
+            if (resolved === null) {
+                const suppressed = `suppressed (demo mode: ${this.demoNotify?.mode ?? "off"})`;
+                this._recordStep(name, "notify", start, {
+                    input: { to: options.to },
+                    output: suppressed,
+                });
+                return "suppressed";
+            }
+            options = { ...options, to: resolved };
+        }
+        try {
+            const status = await this.ctx.notify[channel](options);
+            this._recordStep(name, "notify", start, { input: { to: options.to }, output: status });
+            return status;
+        }
+        catch (e) {
+            this._recordStep(name, "notify", start, { input: { to: options.to }, error: e.message });
+            throw e;
+        }
+    }
+    get slack() {
+        return {
+            updateMessage: (options) => this.slackUpdateMessage(options),
+            openModal: (options) => this.slackOpenModal(options),
+            updateModal: (options) => this.slackUpdateModal(options),
+        };
+    }
+    async slackUpdateMessage(options) {
+        const name = this._nextStep("slack", "updateMessage");
+        const start = Date.now();
+        try {
+            await this.ctx.slackApiCall("chat.update", {
+                channel: options.channel,
+                ts: options.ts,
+                text: options.text ?? "",
+                ...(options.blocks ? { blocks: options.blocks } : {}),
+            });
+            this._recordStep(name, "slack.updateMessage", start, { input: { channel: options.channel, ts: options.ts }, output: "updated" });
+        }
+        catch (e) {
+            this._recordStep(name, "slack.updateMessage", start, { input: { channel: options.channel, ts: options.ts }, error: e.message });
+            throw e;
+        }
+    }
+    async slackOpenModal(options) {
+        const name = this._nextStep("slack", "openModal");
+        const start = Date.now();
+        try {
+            await this.ctx.slackApiCall("views.open", {
+                trigger_id: options.triggerId,
+                view: options.view,
+            });
+            this._recordStep(name, "slack.openModal", start, { output: "opened" });
+        }
+        catch (e) {
+            this._recordStep(name, "slack.openModal", start, { error: e.message });
+            throw e;
+        }
+    }
+    async slackUpdateModal(options) {
+        const name = this._nextStep("slack", "updateModal");
+        const start = Date.now();
+        try {
+            await this.ctx.slackApiCall("views.update", {
+                view_id: options.viewId,
+                view: options.view,
+            });
+            this._recordStep(name, "slack.updateModal", start, { input: { viewId: options.viewId }, output: "updated" });
+        }
+        catch (e) {
+            this._recordStep(name, "slack.updateModal", start, { input: { viewId: options.viewId }, error: e.message });
+            throw e;
+        }
+    }
+    async file(path) {
+        const name = this._nextStep("file", path);
+        const start = Date.now();
+        try {
+            const buffer = await this.ctx.file(path);
+            this._recordStep(name, "file", start, { input: { path }, output: `${buffer.byteLength} bytes` });
+            return buffer;
+        }
+        catch (e) {
+            this._recordStep(name, "file", start, { input: { path }, error: e.message });
+            throw e;
+        }
+    }
+    async fileText(path) {
+        const name = this._nextStep("fileText", path);
+        const start = Date.now();
+        try {
+            const text = await this.ctx.fileText(path);
+            this._recordStep(name, "fileText", start, { input: { path }, output: `${text.length} chars` });
+            return text;
+        }
+        catch (e) {
+            this._recordStep(name, "fileText", start, { input: { path }, error: e.message });
+            throw e;
+        }
+    }
+    async embed(texts) {
+        if (texts.length === 0)
+            return [];
+        const name = this._nextStep("embed", `${texts.length} texts`);
+        const start = Date.now();
+        try {
+            const vectors = await this.ctx.embed(texts);
+            this._recordStep(name, "embed", start, { input: { count: texts.length }, output: `${vectors.length} vectors` });
+            return vectors;
+        }
+        catch (e) {
+            this._recordStep(name, "embed", start, { input: { count: texts.length }, error: e.message });
+            throw e;
+        }
+    }
+    async slackApiCall(method, body) {
+        const name = this._nextStep("slack.api", method);
+        const start = Date.now();
+        try {
+            const data = await this.ctx.slackApiCall(method, body);
+            this._recordStep(name, "slack.api", start, { input: { method }, output: "ok" });
+            return data;
+        }
+        catch (e) {
+            this._recordStep(name, "slack.api", start, { input: { method }, error: e.message });
+            throw e;
+        }
+    }
+    surfaceUrl(surfaceId, path) {
+        return this.ctx.surfaceUrl(surfaceId, path);
+    }
+    async respond(body, status) {
+        if (this._webhookResponse)
+            return;
+        this._webhookResponse = { body, status: status ?? 200 };
+    }
+    async agent(name, options) {
+        const stepName = this._nextStep("agent", name);
+        const start = Date.now();
+        const sessionKey = options.sessionKey ?? `${this.changesetId ?? "run"}-${name}`;
+        try {
+            const res = await this.ctx.invokeAgent(name, {
+                goal: options.goal,
+                context: options.context,
+                sessionKey,
+                caps: options.caps,
+            });
+            if (res.status === "pending_approval" && res.pendingApproval) {
+                const pending = res.pendingApproval;
+                console.log(`[agent] "${name}" needs approval for ${pending.tool} — auto-approving in local dev`);
+                this._recordStep(stepName, "agent", start, {
+                    input: { goal: options.goal.slice(0, 200) },
+                    output: `pending approval: ${pending.tool} (auto-approved in dev)`,
+                });
+                const approveRes = await this.ctx.invokeAgent(name, {
+                    goal: "__approve__",
+                    context: { _approve: true, sessionKey },
+                    sessionKey,
+                });
+                const duration = Date.now() - start;
+                return {
+                    response: approveRes.response,
+                    output: approveRes.output ?? res.output ?? undefined,
+                    usage: { credits: (res.usage?.credits ?? 0) + (approveRes.usage?.credits ?? 0), turns: (res.usage?.turns ?? 0) + (approveRes.usage?.turns ?? 0), duration },
+                    capped: approveRes.capped,
+                    cappedReason: approveRes.cappedReason,
+                };
+            }
+            const duration = Date.now() - start;
+            const result = {
+                response: res.response,
+                output: res.output ?? undefined,
+                usage: { credits: res.usage?.credits ?? 0, turns: res.usage?.turns ?? 0, duration },
+                capped: res.capped,
+                cappedReason: res.cappedReason,
+            };
+            this._recordStep(stepName, "agent", start, {
+                input: { goal: options.goal.slice(0, 200) },
+                output: res.response.slice(0, 200),
+            });
+            return result;
+        }
+        catch (e) {
+            this._recordStep(stepName, "agent", start, {
+                input: { goal: options.goal.slice(0, 200) },
+                error: e.message,
+            });
+            throw e;
+        }
+    }
+    async collect(options) {
+        const name = this._nextStep("collect", options.title);
+        const start = Date.now();
+        try {
+            const url = await this.ctx.collect(options);
+            this._recordStep(name, "collect", start, { input: { title: options.title }, output: url });
+            return url;
+        }
+        catch (e) {
+            this._recordStep(name, "collect", start, { input: { title: options.title }, error: e.message });
+            throw e;
+        }
+    }
+    async waitFor(eventName, options) {
+        const name = this._nextStep("waitFor", eventName);
+        const start = Date.now();
+        console.log(`[waitFor] Waiting for "${eventName}" — in production, workflow pauses here (zero cost).`);
+        if (options?.message)
+            console.log(`[waitFor] ${options.message}`);
+        console.log(`[waitFor] Resolving immediately for local development.`);
+        const result = { payload: {}, type: eventName, timedOut: false };
+        this._recordStep(name, "waitFor", start, { output: "resolved (local dev)" });
+        return result;
+    }
+    async waitForUrl(eventName) {
+        return `http://localhost:8787/_event?type=${encodeURIComponent(eventName)}`;
+    }
+    async http(url, options) {
+        const method = (options?.method ?? "GET").toUpperCase();
+        const name = this._nextStep("http", new URL(url).hostname);
+        const start = Date.now();
+        const timeout = options?.timeout ?? 30000;
+        const throwOnError = options?.throwOnError !== false;
+        const retryConfig = options?.retry;
+        const shouldRetry = retryConfig !== false;
+        const maxAttempts = shouldRetry && typeof retryConfig === "object" && retryConfig?.attempts
+            ? retryConfig.attempts
+            : (shouldRetry ? 3 : 1);
+        const headers = { ...options?.headers };
+        let bodyStr;
+        if (options?.body != null) {
+            bodyStr = typeof options.body === "string" ? options.body : JSON.stringify(options.body);
+            if (!headers["Content-Type"] && !headers["content-type"]) {
+                headers["Content-Type"] = "application/json";
+            }
+        }
+        if (options?.sign) {
+            const secretValue = this.secret(options.sign.secret);
+            const encoder = new TextEncoder();
+            const key = await crypto.subtle.importKey("raw", encoder.encode(secretValue), { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+            const sig = await crypto.subtle.sign("HMAC", key, encoder.encode(bodyStr ?? ""));
+            const hex = Array.from(new Uint8Array(sig)).map(b => b.toString(16).padStart(2, "0")).join("");
+            headers[options.sign.header ?? "X-Hub-Signature-256"] = `sha256=${hex}`;
+        }
+        // Route api.mug.work requests through MUG_DISPATCH service binding to avoid
+        // self-referential fetch (CF error 1019/522) in Workers for Platforms tenants
+        const dispatchBinding = this.env.MUG_DISPATCH;
+        const internalSecret = this.env.MUG_INTERNAL_SECRET;
+        const isDispatchUrl = url.includes("api.mug.work");
+        const useServiceBinding = isDispatchUrl && dispatchBinding && internalSecret;
+        let lastError;
+        for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+            try {
+                const controller = new AbortController();
+                const timer = setTimeout(() => controller.abort(), timeout);
+                let fetchUrl = url;
+                if (useServiceBinding) {
+                    fetchUrl = url.replace(/https?:\/\/api\.mug\.work/, "https://mug-dispatch");
+                    if (!headers["X-Mug-Internal"])
+                        headers["X-Mug-Internal"] = internalSecret;
+                }
+                const res = useServiceBinding
+                    ? await dispatchBinding.fetch(fetchUrl, { method, headers, body: bodyStr, signal: controller.signal })
+                    : await fetch(url, { method, headers, body: bodyStr, signal: controller.signal });
+                clearTimeout(timer);
+                const resHeaders = {};
+                res.headers.forEach((v, k) => { resHeaders[k] = v; });
+                const resBody = await res.text();
+                let json = null;
+                const ct = resHeaders["content-type"] ?? "";
+                if (ct.includes("json")) {
+                    try {
+                        json = JSON.parse(resBody);
+                    }
+                    catch { }
+                }
+                const result = {
+                    status: res.status,
+                    headers: resHeaders,
+                    body: resBody,
+                    json,
+                    ok: res.status >= 200 && res.status < 300,
+                };
+                if (res.status === 429 && shouldRetry && attempt < maxAttempts) {
+                    const delay = Math.min(1000 * Math.pow(2, attempt - 1), 30000);
+                    console.log(`[http] ${method} ${url} → 429, retrying in ${delay}ms (attempt ${attempt}/${maxAttempts})`);
+                    await new Promise(r => setTimeout(r, delay));
+                    continue;
+                }
+                this._recordStep(name, "http", start, {
+                    input: { method, url },
+                    output: `${res.status} ${resBody.slice(0, 200)}`,
+                });
+                if (!result.ok && throwOnError) {
+                    throw new HttpError(result);
+                }
+                return result;
+            }
+            catch (e) {
+                if (e instanceof HttpError)
+                    throw e;
+                lastError = e;
+                const isRetryable = lastError.name === "AbortError" || lastError.message?.includes("fetch failed");
+                if (isRetryable && shouldRetry && attempt < maxAttempts) {
+                    const delay = Math.min(1000 * Math.pow(2, attempt - 1), 30000);
+                    console.log(`[http] ${method} ${url} → ${lastError.message}, retrying in ${delay}ms (attempt ${attempt}/${maxAttempts})`);
+                    await new Promise(r => setTimeout(r, delay));
+                    continue;
+                }
+                this._recordStep(name, "http", start, {
+                    input: { method, url },
+                    error: lastError.message,
+                });
+                throw lastError;
+            }
+        }
+        this._recordStep(name, "http", start, { input: { method, url }, error: lastError?.message ?? "max retries" });
+        throw lastError ?? new Error("ctx.http() failed after retries");
+    }
+    action(connectorName) {
+        const def = getConnector(connectorName);
+        if (!def)
+            throw new Error(`Connector "${connectorName}" not found`);
+        return new ConnectorHandle(this, def, connectorName);
+    }
+    async rollback(actionId) {
+        const rows = await this.ctx.query(OPS_DB, `SELECT * FROM actions WHERE id = ?`, [actionId]);
+        if (rows.length === 0)
+            throw new Error(`Action "${actionId}" not found`);
+        const original = rows[0];
+        if (original.rolled_back === 1) {
+            throw new Error(`Action ${actionId} has already been rolled back.`);
+        }
+        if (original.operation === "read") {
+            throw new Error(`Cannot rollback a read action.`);
+        }
+        if (!original.before_snapshot && original.operation !== "create") {
+            throw new Error(`Action ${actionId} has no before-snapshot — cannot rollback.`);
+        }
+        const connectorName = original.connector;
+        const tableName = original.table_name;
+        const recordId = original.record_id;
+        const snapshot = original.before_snapshot ? JSON.parse(original.before_snapshot) : null;
+        const confirmed = original.after_confirmed ? JSON.parse(original.after_confirmed) : null;
+        let result;
+        const handle = this.action(connectorName);
+        switch (original.operation) {
+            case "create": {
+                const createdId = confirmed?.id ?? recordId;
+                if (!createdId)
+                    throw new Error(`Cannot rollback create — no record ID available.`);
+                result = await handle.delete(tableName, createdId);
+                break;
+            }
+            case "update":
+                result = await handle.update(tableName, recordId, snapshot);
+                break;
+            case "delete":
+                result = await handle.create(tableName, snapshot);
+                break;
+            case "upsert":
+                if (snapshot) {
+                    result = await handle.update(tableName, recordId, snapshot);
+                }
+                else {
+                    result = await handle.delete(tableName, recordId);
+                }
+                break;
+            default:
+                throw new Error(`Cannot rollback operation type "${original.operation}".`);
+        }
+        await this.ctx.exec(OPS_DB, `UPDATE actions SET rolled_back = 1, rolled_back_at = ?, rollback_action_id = ? WHERE id = ?`, [new Date().toISOString(), result.operationId, actionId]);
+        return result;
+    }
+    async rollbackRun(workflowRunId) {
+        const actions = await this.ctx.query(OPS_DB, `SELECT id FROM actions WHERE workflow_run_id = ? AND operation != 'read' AND rolled_back = 0 ORDER BY created_at DESC`, [workflowRunId]);
+        const rolledBack = [];
+        const failed = [];
+        for (const action of actions) {
+            try {
+                const result = await this.rollback(action.id);
+                rolledBack.push(result);
+            }
+            catch (e) {
+                failed.push({ actionId: action.id, error: e.message });
+            }
+        }
+        return { rolledBack, failed };
+    }
+    /** @internal */
+    _checkOpsCap() {
+        this.operationCount++;
+        if (this.operationCount > this.maxOperations) {
+            throw new Error(`Workflow exceeded max operations per run (${this.maxOperations}). ` +
+                `Adjust maxOperations in workflow config to allow more.`);
+        }
+    }
+    /** @internal */
+    async _logAction(result, afterPayload) {
+        try {
+            await this.ctx.exec(OPS_DB, `CREATE TABLE IF NOT EXISTS actions (
+        id TEXT PRIMARY KEY, workflow_run_id TEXT NOT NULL, step_id TEXT,
+        connector TEXT NOT NULL, table_name TEXT NOT NULL, operation TEXT NOT NULL,
+        record_id TEXT, before_snapshot TEXT, after_payload TEXT, after_confirmed TEXT,
+        rolled_back INTEGER DEFAULT 0, rolled_back_at TEXT, rollback_action_id TEXT, created_at TEXT NOT NULL
+      )`);
+            await this.ctx.exec(OPS_DB, `INSERT INTO actions (id, workflow_run_id, connector, table_name, operation, record_id, before_snapshot, after_payload, after_confirmed, created_at)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`, [
+                result.operationId,
+                this.changesetId ?? "unknown",
+                result.connector,
+                result.table,
+                result.operation,
+                result.recordId ?? null,
+                result.snapshot ? JSON.stringify(result.snapshot) : null,
+                afterPayload ? JSON.stringify(afterPayload) : null,
+                JSON.stringify(result.data),
+                new Date().toISOString(),
+            ]);
+        }
+        catch (e) {
+            console.error(`[ops] Failed to log action: ${e.message}`);
+        }
+    }
+    /** @internal */
+    _makeSourceCtx(connectorName) {
+        const env = this.env;
+        const sources = JSON.parse(env.MUG_SOURCES || "{}");
+        const src = sources[connectorName];
+        return {
+            credential: async (name) => {
+                if (src?.auth?.value) {
+                    const resolved = env[src.auth.value];
+                    if (typeof resolved === "string")
+                        return resolved;
+                    return src.auth.value;
+                }
+                if (env.MUG_DISPATCH && env.MUG_INTERNAL_SECRET) {
+                    const provider = name ?? connectorName;
+                    const res = await env.MUG_DISPATCH.fetch(`https://mug-dispatch/credential/${env.WORKSPACE_ID}/${provider}`, { headers: { "X-Mug-Internal": env.MUG_INTERNAL_SECRET } });
+                    if (res.ok) {
+                        const data = (await res.json());
+                        return data.access_token;
+                    }
+                }
+                throw new Error(`No credentials for "${connectorName}"`);
+            },
+            fetch: (url, init) => {
+                if (url.includes("api.mug.work") && env.MUG_DISPATCH && env.MUG_INTERNAL_SECRET) {
+                    const proxyUrl = url.replace(/https?:\/\/api\.mug\.work/, "https://mug-dispatch");
+                    const headers = new Headers(init?.headers);
+                    if (!headers.has("X-Mug-Internal"))
+                        headers.set("X-Mug-Internal", env.MUG_INTERNAL_SECRET);
+                    return env.MUG_DISPATCH.fetch(proxyUrl, { ...init, headers });
+                }
+                return fetch(url, init);
+            },
+            lastSync: null,
+        };
+    }
+}
+class ConnectorHandle {
+    wfCtx;
+    def;
+    connectorName;
+    constructor(wfCtx, def, connectorName) {
+        this.wfCtx = wfCtx;
+        this.def = def;
+        this.connectorName = connectorName;
+    }
+    resolveTable(tableName) {
+        const table = this.def.tables.find((t) => t.name === tableName);
+        if (!table)
+            throw new Error(`Table "${tableName}" not found in connector "${this.connectorName}"`);
+        return table;
+    }
+    async read(tableName, recordId) {
+        this.wfCtx._checkOpsCap();
+        const table = this.resolveTable(tableName);
+        if (!table.get)
+            throw new Error(`Connector "${this.connectorName}" table "${tableName}" has no get() method`);
+        const stepName = this.wfCtx._nextStep("action.read", `${this.connectorName}.${tableName}`);
+        const start = Date.now();
+        const operationId = `action-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+        const sourceCtx = this.wfCtx._makeSourceCtx(this.connectorName);
+        try {
+            const data = (await table.get(sourceCtx, recordId)) ?? {};
+            this.wfCtx._recordStep(stepName, "action.read", start, {
+                input: { connector: this.connectorName, table: tableName, recordId },
+                output: `read ${recordId}`,
+            });
+            const result = { connector: this.connectorName, table: tableName, operation: "read", recordId, data, operationId };
+            await this.wfCtx._logAction(result);
+            return result;
+        }
+        catch (e) {
+            this.wfCtx._recordStep(stepName, "action.read", start, {
+                input: { connector: this.connectorName, table: tableName, recordId },
+                error: e.message,
+            });
+            throw e;
+        }
+    }
+    async create(tableName, fields) {
+        this.wfCtx._checkOpsCap();
+        const table = this.resolveTable(tableName);
+        if (!table.actions?.create)
+            throw new Error(`Connector "${this.connectorName}" table "${tableName}" has no create action`);
+        const stepName = this.wfCtx._nextStep("action.create", `${this.connectorName}.${tableName}`);
+        const start = Date.now();
+        const operationId = `action-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+        const sourceCtx = this.wfCtx._makeSourceCtx(this.connectorName);
+        try {
+            const data = await table.actions.create(sourceCtx, fields);
+            this.wfCtx._recordStep(stepName, "action.create", start, {
+                input: { connector: this.connectorName, table: tableName, fields },
+                output: `created`,
+            });
+            const result = { connector: this.connectorName, table: tableName, operation: "create", data, operationId };
+            await this.wfCtx._logAction(result, fields);
+            return result;
+        }
+        catch (e) {
+            this.wfCtx._recordStep(stepName, "action.create", start, {
+                input: { connector: this.connectorName, table: tableName },
+                error: e.message,
+            });
+            throw e;
+        }
+    }
+    async update(tableName, recordId, fields) {
+        this.wfCtx._checkOpsCap();
+        const table = this.resolveTable(tableName);
+        if (!table.actions?.update)
+            throw new Error(`Connector "${this.connectorName}" table "${tableName}" has no update action`);
+        const stepName = this.wfCtx._nextStep("action.update", `${this.connectorName}.${tableName}`);
+        const start = Date.now();
+        const operationId = `action-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+        const sourceCtx = this.wfCtx._makeSourceCtx(this.connectorName);
+        let snapshot;
+        if (table.get) {
+            snapshot = (await table.get(sourceCtx, recordId)) ?? undefined;
+        }
+        try {
+            const data = await table.actions.update(sourceCtx, recordId, fields);
+            this.wfCtx._recordStep(stepName, "action.update", start, {
+                input: { connector: this.connectorName, table: tableName, recordId, fields },
+                output: `updated ${recordId}`,
+            });
+            const result = { connector: this.connectorName, table: tableName, operation: "update", recordId, data, snapshot, operationId };
+            await this.wfCtx._logAction(result, fields);
+            return result;
+        }
+        catch (e) {
+            this.wfCtx._recordStep(stepName, "action.update", start, {
+                input: { connector: this.connectorName, table: tableName, recordId },
+                error: e.message,
+            });
+            throw e;
+        }
+    }
+    async delete(tableName, recordId) {
+        this.wfCtx._checkOpsCap();
+        const table = this.resolveTable(tableName);
+        if (!table.actions?.delete)
+            throw new Error(`Connector "${this.connectorName}" table "${tableName}" has no delete action`);
+        const stepName = this.wfCtx._nextStep("action.delete", `${this.connectorName}.${tableName}`);
+        const start = Date.now();
+        const operationId = `action-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+        const sourceCtx = this.wfCtx._makeSourceCtx(this.connectorName);
+        let snapshot;
+        if (table.get) {
+            snapshot = (await table.get(sourceCtx, recordId)) ?? undefined;
+        }
+        try {
+            const data = await table.actions.delete(sourceCtx, recordId);
+            this.wfCtx._recordStep(stepName, "action.delete", start, {
+                input: { connector: this.connectorName, table: tableName, recordId },
+                output: `deleted ${recordId}`,
+            });
+            const result = { connector: this.connectorName, table: tableName, operation: "delete", recordId, data, snapshot, operationId };
+            await this.wfCtx._logAction(result);
+            return result;
+        }
+        catch (e) {
+            this.wfCtx._recordStep(stepName, "action.delete", start, {
+                input: { connector: this.connectorName, table: tableName, recordId },
+                error: e.message,
+            });
+            throw e;
+        }
+    }
+    async upsert(tableName, recordId, fields) {
+        this.wfCtx._checkOpsCap();
+        const table = this.resolveTable(tableName);
+        if (!table.actions?.upsert)
+            throw new Error(`Connector "${this.connectorName}" table "${tableName}" has no upsert action`);
+        const stepName = this.wfCtx._nextStep("action.upsert", `${this.connectorName}.${tableName}`);
+        const start = Date.now();
+        const operationId = `action-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+        const sourceCtx = this.wfCtx._makeSourceCtx(this.connectorName);
+        let snapshot;
+        if (table.get) {
+            snapshot = (await table.get(sourceCtx, recordId)) ?? undefined;
+        }
+        try {
+            const data = await table.actions.upsert(sourceCtx, recordId, fields);
+            this.wfCtx._recordStep(stepName, "action.upsert", start, {
+                input: { connector: this.connectorName, table: tableName, recordId, fields },
+                output: snapshot ? `updated ${recordId}` : `created ${recordId}`,
+            });
+            const result = { connector: this.connectorName, table: tableName, operation: "upsert", recordId, data, snapshot, operationId };
+            await this.wfCtx._logAction(result, fields);
+            return result;
+        }
+        catch (e) {
+            this.wfCtx._recordStep(stepName, "action.upsert", start, {
+                input: { connector: this.connectorName, table: tableName, recordId },
+                error: e.message,
+            });
+            throw e;
+        }
+    }
+}
+const registry = new Map();
+export function workflow(name, handler, options) {
+    const def = { name, handler, options };
+    registry.set(name, def);
+    return def;
+}
+export function getWorkflow(name) {
+    return registry.get(name);
+}
+export function allWorkflows() {
+    return [...registry.values()];
+}
+export function findTriggeredWorkflows(sourceName, tableName, event, isInitialSync) {
+    return allWorkflows().filter((def) => {
+        const t = def.options?.trigger;
+        if (!t || t.source !== sourceName)
+            return false;
+        if (t.table && t.table !== tableName)
+            return false;
+        if (isInitialSync && !t.includeInitialSync)
+            return false;
+        const on = t.on ?? "change";
+        return on === "change" || on === event;
+    });
+}
+async function ensureOpsSchema(ctx) {
+    await ctx.exec(OPS_DB, `CREATE TABLE IF NOT EXISTS workflow_runs (
+    id TEXT PRIMARY KEY,
+    workflow TEXT NOT NULL,
+    status TEXT NOT NULL,
+    started_at TEXT NOT NULL,
+    completed_at TEXT,
+    duration_ms INTEGER,
+    params TEXT,
+    result TEXT,
+    error TEXT
+  )`);
+    await ctx.exec(OPS_DB, `CREATE TABLE IF NOT EXISTS workflow_steps (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    run_id TEXT NOT NULL REFERENCES workflow_runs(id),
+    step_name TEXT NOT NULL,
+    step_type TEXT NOT NULL,
+    started_at TEXT NOT NULL,
+    completed_at TEXT,
+    duration_ms INTEGER,
+    input TEXT,
+    output TEXT,
+    error TEXT,
+    tokens_used INTEGER,
+    retries INTEGER DEFAULT 0
+  )`);
+    await ctx.exec(OPS_DB, `CREATE TABLE IF NOT EXISTS actions (
+    id TEXT PRIMARY KEY,
+    workflow_run_id TEXT NOT NULL,
+    step_id TEXT,
+    connector TEXT NOT NULL,
+    table_name TEXT NOT NULL,
+    operation TEXT NOT NULL,
+    record_id TEXT,
+    before_snapshot TEXT,
+    after_payload TEXT,
+    after_confirmed TEXT,
+    rolled_back INTEGER DEFAULT 0,
+    rolled_back_at TEXT,
+    rollback_action_id TEXT,
+    created_at TEXT NOT NULL
+  )`);
+    await ctx.exec(OPS_DB, `CREATE INDEX IF NOT EXISTS idx_actions_workflow ON actions(workflow_run_id)`);
+    await ctx.exec(OPS_DB, `CREATE INDEX IF NOT EXISTS idx_actions_connector ON actions(connector, table_name)`);
+    await ctx.exec(OPS_DB, `CREATE INDEX IF NOT EXISTS idx_actions_operation ON actions(operation)`);
+}
+async function persistRun(ctx, result) {
+    try {
+        await ensureOpsSchema(ctx);
+        await ctx.exec(OPS_DB, `INSERT INTO workflow_runs (id, workflow, status, started_at, completed_at, duration_ms, result, error)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?)`, [result.runId, result.workflow, result.status, result.startedAt, result.completedAt,
+            result.durationMs, result.result != null ? JSON.stringify(result.result) : null,
+            result.error ?? null]);
+        for (const step of result.steps) {
+            await ctx.exec(OPS_DB, `INSERT INTO workflow_steps (run_id, step_name, step_type, started_at, completed_at, duration_ms, input, output, error, tokens_used)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`, [result.runId, step.name, step.type,
+                new Date(step.startedAt).toISOString(), step.completedAt ? new Date(step.completedAt).toISOString() : null,
+                step.durationMs ?? null, step.input ?? null, step.output ?? null, step.error ?? null, step.tokensUsed ?? null]);
+        }
+    }
+    catch (e) {
+        console.error(`[ops] Failed to persist workflow run: ${e.message}`);
+    }
+}
+export async function runWorkflow(name, env, params) {
+    const def = getWorkflow(name);
+    if (!def)
+        throw new Error(`Workflow "${name}" not found`);
+    const runId = `${name}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+    const wfCtx = new WorkflowContext(env, def.options);
+    wfCtx.changesetId = runId;
+    wfCtx.changesetSource = `workflow:${name}`;
+    wfCtx.instanceId = `local-${runId}`;
+    if (params)
+        wfCtx.params = params;
+    const opsCtx = new WorkspaceContext(env);
+    const startedAt = new Date();
+    let result;
+    try {
+        const value = await def.handler(wfCtx);
+        const completedAt = new Date();
+        result = {
+            workflow: name,
+            runId,
+            status: "complete",
+            startedAt: startedAt.toISOString(),
+            completedAt: completedAt.toISOString(),
+            durationMs: completedAt.getTime() - startedAt.getTime(),
+            stepCount: wfCtx.steps.length,
+            steps: wfCtx.steps,
+            result: value,
+            webhookResponse: wfCtx._webhookResponse,
+        };
+    }
+    catch (e) {
+        const completedAt = new Date();
+        result = {
+            workflow: name,
+            runId,
+            status: "errored",
+            startedAt: startedAt.toISOString(),
+            completedAt: completedAt.toISOString(),
+            durationMs: completedAt.getTime() - startedAt.getTime(),
+            stepCount: wfCtx.steps.length,
+            steps: wfCtx.steps,
+            error: e.message,
+            webhookResponse: wfCtx._webhookResponse,
+        };
+    }
+    await persistRun(opsCtx, result);
+    return result;
+}
+export async function queryLogs(env, workflowName, limit = 10) {
+    const ctx = new WorkspaceContext(env);
+    await ensureOpsSchema(ctx);
+    if (workflowName) {
+        const runs = await ctx.query(OPS_DB, `SELECT id, workflow, status, started_at, completed_at, duration_ms, error
+       FROM workflow_runs WHERE workflow = ? ORDER BY started_at DESC LIMIT ?`, [workflowName, limit]);
+        const result = [];
+        for (const run of runs) {
+            const steps = await ctx.query(OPS_DB, `SELECT step_name, step_type, duration_ms, input, output, error, tokens_used
+         FROM workflow_steps WHERE run_id = ? ORDER BY id`, [run.id]);
+            result.push({ ...run, steps });
+        }
+        return result;
+    }
+    return ctx.query(OPS_DB, `SELECT id, workflow, status, started_at, completed_at, duration_ms, error
+     FROM workflow_runs ORDER BY started_at DESC LIMIT ?`, [limit]);
+}
+export async function queryActions(env, filters, limit = 50) {
+    const ctx = new WorkspaceContext(env);
+    await ensureOpsSchema(ctx);
+    const conditions = [];
+    const params = [];
+    if (filters?.workflowRunId) {
+        conditions.push("workflow_run_id = ?");
+        params.push(filters.workflowRunId);
+    }
+    if (filters?.connector) {
+        conditions.push("connector = ?");
+        params.push(filters.connector);
+    }
+    if (filters?.operation) {
+        conditions.push("operation = ?");
+        params.push(filters.operation);
+    }
+    const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+    params.push(limit);
+    return ctx.query(OPS_DB, `SELECT id, workflow_run_id, connector, table_name, operation, record_id,
+            before_snapshot, after_payload, after_confirmed, rolled_back,
+            rolled_back_at, rollback_action_id, created_at
+     FROM actions ${where} ORDER BY created_at DESC LIMIT ?`, params);
+}