@openparachute/agent 0.1.0

package/src/container-runtime.test.ts

@@ -0,0 +1,169 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+
+// Mock log
+vi.mock('./log.js', () => ({
+  log: {
+    debug: vi.fn(),
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    fatal: vi.fn(),
+  },
+}));
+
+// Mock child_process — store the mock fn so tests can configure it
+const mockExecSync = vi.fn();
+vi.mock('child_process', () => ({
+  execSync: (...args: unknown[]) => mockExecSync(...args),
+}));
+
+import {
+  CONTAINER_RUNTIME_BIN,
+  readonlyMountArgs,
+  stopContainer,
+  ensureContainerRuntimeRunning,
+  cleanupOrphans,
+} from './container-runtime.js';
+import { CONTAINER_INSTALL_LABEL, LEGACY_PARACLAW_INSTALL_LABEL } from './config.js';
+import { log } from './log.js';
+
+beforeEach(() => {
+  vi.clearAllMocks();
+});
+
+// --- Pure functions ---
+
+describe('readonlyMountArgs', () => {
+  it('returns -v flag with :ro suffix', () => {
+    const args = readonlyMountArgs('/host/path', '/container/path');
+    expect(args).toEqual(['-v', '/host/path:/container/path:ro']);
+  });
+});
+
+describe('stopContainer', () => {
+  it('calls docker stop for valid container names', () => {
+    stopContainer('parachute-agent-test-123');
+    expect(mockExecSync).toHaveBeenCalledWith(`${CONTAINER_RUNTIME_BIN} stop -t 1 parachute-agent-test-123`, {
+      stdio: 'pipe',
+    });
+  });
+
+  it('rejects names with shell metacharacters', () => {
+    expect(() => stopContainer('foo; rm -rf /')).toThrow('Invalid container name');
+    expect(() => stopContainer('foo$(whoami)')).toThrow('Invalid container name');
+    expect(() => stopContainer('foo`id`')).toThrow('Invalid container name');
+    expect(mockExecSync).not.toHaveBeenCalled();
+  });
+});
+
+// --- ensureContainerRuntimeRunning ---
+
+describe('ensureContainerRuntimeRunning', () => {
+  it('does nothing when runtime is already running', () => {
+    mockExecSync.mockReturnValueOnce('');
+
+    ensureContainerRuntimeRunning();
+
+    expect(mockExecSync).toHaveBeenCalledTimes(1);
+    expect(mockExecSync).toHaveBeenCalledWith(`${CONTAINER_RUNTIME_BIN} info`, {
+      stdio: 'pipe',
+      timeout: 10000,
+    });
+    expect(log.debug).toHaveBeenCalledWith('Container runtime already running');
+  });
+
+  it('throws when docker info fails', () => {
+    mockExecSync.mockImplementationOnce(() => {
+      throw new Error('Cannot connect to the Docker daemon');
+    });
+
+    expect(() => ensureContainerRuntimeRunning()).toThrow('Container runtime is required but failed to start');
+    expect(log.error).toHaveBeenCalled();
+  });
+});
+
+// --- cleanupOrphans ---
+
+describe('cleanupOrphans', () => {
+  it('filters ps by both the new and legacy install labels so peers are not reaped', () => {
+    mockExecSync.mockReturnValue('');
+
+    cleanupOrphans();
+
+    expect(mockExecSync).toHaveBeenNthCalledWith(
+      1,
+      `${CONTAINER_RUNTIME_BIN} ps --filter label=${CONTAINER_INSTALL_LABEL} --format '{{.Names}}'`,
+      expect.any(Object),
+    );
+    expect(mockExecSync).toHaveBeenNthCalledWith(
+      2,
+      `${CONTAINER_RUNTIME_BIN} ps --filter label=${LEGACY_PARACLAW_INSTALL_LABEL} --format '{{.Names}}'`,
+      expect.any(Object),
+    );
+  });
+
+  it('stops orphaned containers from both labels and de-dupes', () => {
+    // First ps (new label) returns one container; second ps (legacy label) returns two —
+    // one duplicates the first, simulating a container that carries both labels during
+    // upgrade.
+    mockExecSync.mockReturnValueOnce('parachute-agent-group1-111\n');
+    mockExecSync.mockReturnValueOnce('parachute-agent-group1-111\nparaclaw-group2-222\n');
+    mockExecSync.mockReturnValue('');
+
+    cleanupOrphans();
+
+    // 2 ps + 2 unique stop calls
+    expect(mockExecSync).toHaveBeenCalledTimes(4);
+    expect(mockExecSync).toHaveBeenNthCalledWith(3, `${CONTAINER_RUNTIME_BIN} stop -t 1 parachute-agent-group1-111`, {
+      stdio: 'pipe',
+    });
+    expect(mockExecSync).toHaveBeenNthCalledWith(4, `${CONTAINER_RUNTIME_BIN} stop -t 1 paraclaw-group2-222`, {
+      stdio: 'pipe',
+    });
+    expect(log.info).toHaveBeenCalledWith('Stopped orphaned containers', {
+      count: 2,
+      names: ['parachute-agent-group1-111', 'paraclaw-group2-222'],
+    });
+  });
+
+  it('does nothing when no orphans exist on either label', () => {
+    mockExecSync.mockReturnValue('');
+
+    cleanupOrphans();
+
+    expect(mockExecSync).toHaveBeenCalledTimes(2); // both label queries
+    expect(log.info).not.toHaveBeenCalled();
+  });
+
+  it('warns and continues when ps fails', () => {
+    mockExecSync.mockImplementationOnce(() => {
+      throw new Error('docker not available');
+    });
+
+    cleanupOrphans(); // should not throw
+
+    expect(log.warn).toHaveBeenCalledWith(
+      'Failed to clean up orphaned containers',
+      expect.objectContaining({ err: expect.any(Error) }),
+    );
+  });
+
+  it('continues stopping remaining containers when one stop fails', () => {
+    mockExecSync.mockReturnValueOnce('parachute-agent-a-1\nparachute-agent-b-2\n');
+    mockExecSync.mockReturnValueOnce(''); // legacy label query empty
+    // First stop fails
+    mockExecSync.mockImplementationOnce(() => {
+      throw new Error('already stopped');
+    });
+    // Second stop succeeds
+    mockExecSync.mockReturnValueOnce('');
+
+    cleanupOrphans(); // should not throw
+
+    expect(mockExecSync).toHaveBeenCalledTimes(4);
+    expect(log.info).toHaveBeenCalledWith('Stopped orphaned containers', {
+      count: 2,
+      names: ['parachute-agent-a-1', 'parachute-agent-b-2'],
+    });
+  });
+});

package/src/container-runtime.ts

@@ -0,0 +1,92 @@
+/**
+ * Container runtime abstraction for parachute-agent.
+ * All runtime-specific logic lives here so swapping runtimes means changing one file.
+ */
+import { execSync } from 'child_process';
+import os from 'os';
+
+import { CONTAINER_INSTALL_LABEL, LEGACY_PARACLAW_INSTALL_LABEL } from './config.js';
+import { log } from './log.js';
+
+/** The container runtime binary name. */
+export const CONTAINER_RUNTIME_BIN = 'docker';
+
+/** CLI args needed for the container to resolve the host gateway. */
+export function hostGatewayArgs(): string[] {
+  // On Linux, host.docker.internal isn't built-in — add it explicitly
+  if (os.platform() === 'linux') {
+    return ['--add-host=host.docker.internal:host-gateway'];
+  }
+  return [];
+}
+
+/** Returns CLI args for a readonly bind mount. */
+export function readonlyMountArgs(hostPath: string, containerPath: string): string[] {
+  return ['-v', `${hostPath}:${containerPath}:ro`];
+}
+
+/** Stop a container by name. Uses execFileSync to avoid shell injection. */
+export function stopContainer(name: string): void {
+  if (!/^[a-zA-Z0-9][a-zA-Z0-9_.-]*$/.test(name)) {
+    throw new Error(`Invalid container name: ${name}`);
+  }
+  execSync(`${CONTAINER_RUNTIME_BIN} stop -t 1 ${name}`, { stdio: 'pipe' });
+}
+
+/** Ensure the container runtime is running, starting it if needed. */
+export function ensureContainerRuntimeRunning(): void {
+  try {
+    execSync(`${CONTAINER_RUNTIME_BIN} info`, {
+      stdio: 'pipe',
+      timeout: 10000,
+    });
+    log.debug('Container runtime already running');
+  } catch (err) {
+    log.error('Failed to reach container runtime', { err });
+    console.error('\n╔════════════════════════════════════════════════════════════════╗');
+    console.error('║  FATAL: Container runtime failed to start                      ║');
+    console.error('║                                                                ║');
+    console.error('║  Agents cannot run without a container runtime. To fix:        ║');
+    console.error('║  1. Ensure Docker is installed and running                     ║');
+    console.error('║  2. Run: docker info                                           ║');
+    console.error('║  3. Restart parachute-agent                                    ║');
+    console.error('╚════════════════════════════════════════════════════════════════╝\n');
+    throw new Error('Container runtime is required but failed to start', {
+      cause: err,
+    });
+  }
+}
+
+/**
+ * Kill orphaned parachute-agent containers from THIS install's previous runs.
+ *
+ * Scoped by the `parachute-agent-install=<slug>` label (and the pre-0.1.0
+ * `paraclaw-install=<slug>` label for one upgrade cycle) so a crash-looping
+ * peer install cannot reap our containers, and we cannot reap theirs. The
+ * label is stamped onto every container at spawn time — see
+ * container-runner.ts. Old-label compat reap is queued to drop in 0.2.0.
+ */
+export function cleanupOrphans(): void {
+  try {
+    const namesByLabel = [CONTAINER_INSTALL_LABEL, LEGACY_PARACLAW_INSTALL_LABEL].flatMap((label) => {
+      const output = execSync(`${CONTAINER_RUNTIME_BIN} ps --filter label=${label} --format '{{.Names}}'`, {
+        stdio: ['pipe', 'pipe', 'pipe'],
+        encoding: 'utf-8',
+      });
+      return output.trim().split('\n').filter(Boolean);
+    });
+    const orphans = Array.from(new Set(namesByLabel));
+    for (const name of orphans) {
+      try {
+        stopContainer(name);
+      } catch {
+        /* already stopped */
+      }
+    }
+    if (orphans.length > 0) {
+      log.info('Stopped orphaned containers', { count: orphans.length, names: orphans });
+    }
+  } catch (err) {
+    log.warn('Failed to clean up orphaned containers', { err });
+  }
+}

package/src/db/_bun-sqlite-shim.ts

@@ -0,0 +1,88 @@
+/**
+ * Test-only shim that re-exports the `bun:sqlite` surface backed by
+ * `better-sqlite3`. Wired in via vitest's `resolve.alias` so the host code
+ * (which imports `bun:sqlite`) can be exercised under Node + vitest without
+ * a real bun runtime.
+ *
+ * Production code runs under Bun and sees the real `bun:sqlite` module —
+ * never this shim. Symmetric inverse of the wrapper in connection.ts:
+ * connection.ts prefixes object keys with `@` for bun's binder; this shim
+ * strips that prefix so better-sqlite3's binder is happy.
+ */
+import BetterSqlite3 from 'better-sqlite3';
+
+type Bindable = unknown;
+
+function stripPrefix(key: string): string {
+  return key.startsWith('@') || key.startsWith('$') || key.startsWith(':') ? key.slice(1) : key;
+}
+
+function adaptArgs(args: Bindable[]): Bindable[] {
+  return args.map((a) => {
+    if (a == null) return a;
+    if (Array.isArray(a)) return a;
+    if (typeof a !== 'object') return a;
+    const out: Record<string, unknown> = {};
+    for (const [k, v] of Object.entries(a as Record<string, unknown>)) {
+      out[stripPrefix(k)] = v;
+    }
+    return out;
+  });
+}
+
+class ShimStatement {
+  constructor(private readonly stmt: BetterSqlite3.Statement) {}
+  run(...args: Bindable[]): { changes: number; lastInsertRowid: number | bigint } {
+    const r = this.stmt.run(...(adaptArgs(args) as never[]));
+    return { changes: r.changes, lastInsertRowid: r.lastInsertRowid };
+  }
+  get<T = unknown>(...args: Bindable[]): T | null {
+    const r = this.stmt.get(...(adaptArgs(args) as never[]));
+    return (r ?? null) as T | null;
+  }
+  all<T = unknown>(...args: Bindable[]): T[] {
+    return this.stmt.all(...(adaptArgs(args) as never[])) as T[];
+  }
+  values(...args: Bindable[]): unknown[][] {
+    return this.stmt.raw().all(...(adaptArgs(args) as never[])) as unknown[][];
+  }
+  iterate<T = unknown>(...args: Bindable[]): IterableIterator<T> {
+    return this.stmt.iterate(...(adaptArgs(args) as never[])) as IterableIterator<T>;
+  }
+  finalize(): void {
+    /* no-op — better-sqlite3 finalizes on GC */
+  }
+  toString(): string {
+    return this.stmt.source;
+  }
+}
+
+export class Database {
+  public readonly raw: BetterSqlite3.Database;
+  constructor(path: string, opts?: { readonly?: boolean }) {
+    this.raw = new BetterSqlite3(path, opts);
+  }
+  prepare(sql: string): ShimStatement {
+    return new ShimStatement(this.raw.prepare(sql));
+  }
+  exec(sql: string): void {
+    this.raw.exec(sql);
+  }
+  query(sql: string): ShimStatement {
+    return this.prepare(sql);
+  }
+  run(sql: string): void {
+    this.raw.exec(sql);
+  }
+  transaction<F extends (...a: never[]) => unknown>(fn: F): F {
+    return this.raw.transaction(fn) as unknown as F;
+  }
+  close(): void {
+    this.raw.close();
+  }
+  get filename(): string {
+    return this.raw.name;
+  }
+}
+
+export type Statement = ShimStatement;

package/src/db/agent-activity.test.ts

@@ -0,0 +1,155 @@
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+
+import { createAgentGroup, createSession, closeDb, getDb, initTestDb, runMigrations } from './index.js';
+import {
+  getActivitySyncedSeq,
+  listActivityByAgentGroup,
+  listActivityBySession,
+  mergeActivityBatch,
+} from './agent-activity.js';
+import type { OutboundActivityRow } from './session-db.js';
+
+function now(): string {
+  return new Date().toISOString();
+}
+
+function seedAgentAndSession(): { agentGroupId: string; sessionId: string } {
+  createAgentGroup({
+    id: 'ag-1',
+    name: 'Test Agent',
+    folder: 'test-agent',
+    agent_provider: null,
+    created_at: now(),
+  });
+  createSession({
+    id: 'sess-1',
+    agent_group_id: 'ag-1',
+    messaging_group_id: null,
+    thread_id: null,
+    agent_provider: null,
+    status: 'active',
+    container_status: 'running',
+    last_active: now(),
+    created_at: now(),
+  });
+  return { agentGroupId: 'ag-1', sessionId: 'sess-1' };
+}
+
+function row(seq: number, kind: string, target: string | null, summary: string | null = null): OutboundActivityRow {
+  return { seq, ts: new Date(2026, 0, seq).toISOString(), kind, target, summary };
+}
+
+beforeEach(() => {
+  const db = initTestDb();
+  runMigrations(db);
+});
+
+afterEach(() => {
+  closeDb();
+});
+
+describe('agent_activity merge', () => {
+  it('initial cursor is 0 and merging a batch advances it', () => {
+    const { agentGroupId, sessionId } = seedAgentAndSession();
+    expect(getActivitySyncedSeq(sessionId)).toBe(0);
+
+    const newCursor = mergeActivityBatch(agentGroupId, sessionId, [
+      row(1, 'tool_call', 'Read'),
+      row(2, 'cmd_exec', 'Bash'),
+      row(3, 'mcp_call', 'mcp__parachute_agent__schedule_task'),
+    ]);
+    expect(newCursor).toBe(3);
+    expect(getActivitySyncedSeq(sessionId)).toBe(3);
+
+    const rows = listActivityBySession(sessionId);
+    expect(rows).toHaveLength(3);
+    expect(rows.map((r) => r.kind).sort()).toEqual(['cmd_exec', 'mcp_call', 'tool_call']);
+  });
+
+  it('empty batch is a no-op and returns the existing cursor', () => {
+    const { agentGroupId, sessionId } = seedAgentAndSession();
+    mergeActivityBatch(agentGroupId, sessionId, [row(1, 'tool_call', 'Read')]);
+    expect(getActivitySyncedSeq(sessionId)).toBe(1);
+
+    const c = mergeActivityBatch(agentGroupId, sessionId, []);
+    expect(c).toBe(1);
+    expect(listActivityBySession(sessionId)).toHaveLength(1);
+  });
+
+  it('cursor advance is monotonic — re-merging an older batch leaves it unchanged', () => {
+    const { agentGroupId, sessionId } = seedAgentAndSession();
+    mergeActivityBatch(agentGroupId, sessionId, [row(5, 'tool_call', 'Read'), row(6, 'tool_call', 'Glob')]);
+    expect(getActivitySyncedSeq(sessionId)).toBe(6);
+
+    // The delivery loop guards against this with `seq > cursor`, but if a
+    // caller passes older rows, the cursor should NOT regress.
+    mergeActivityBatch(agentGroupId, sessionId, [row(2, 'tool_call', 'Read')]);
+    expect(getActivitySyncedSeq(sessionId)).toBe(6);
+  });
+
+  it('listActivityByAgentGroup returns rows for a single group, newest first', () => {
+    const { agentGroupId, sessionId } = seedAgentAndSession();
+    createAgentGroup({
+      id: 'ag-2',
+      name: 'Other',
+      folder: 'other',
+      agent_provider: null,
+      created_at: now(),
+    });
+    createSession({
+      id: 'sess-2',
+      agent_group_id: 'ag-2',
+      messaging_group_id: null,
+      thread_id: null,
+      agent_provider: null,
+      status: 'active',
+      container_status: 'running',
+      last_active: now(),
+      created_at: now(),
+    });
+
+    mergeActivityBatch(agentGroupId, sessionId, [row(1, 'tool_call', 'Read'), row(2, 'cmd_exec', 'Bash')]);
+    mergeActivityBatch('ag-2', 'sess-2', [row(1, 'tool_call', 'Glob')]);
+
+    const ag1 = listActivityByAgentGroup(agentGroupId);
+    expect(ag1).toHaveLength(2);
+    expect(ag1.every((r) => r.agent_group_id === agentGroupId)).toBe(true);
+    // DESC by created_at — row(2) was minted later (Jan 2 > Jan 1).
+    expect(ag1[0].target).toBe('Bash');
+    expect(ag1[1].target).toBe('Read');
+
+    const ag2 = listActivityByAgentGroup('ag-2');
+    expect(ag2).toHaveLength(1);
+    expect(ag2[0].target).toBe('Glob');
+  });
+
+  it('honors `since` and `limit`', () => {
+    const { agentGroupId, sessionId } = seedAgentAndSession();
+    mergeActivityBatch(agentGroupId, sessionId, [
+      row(1, 'tool_call', 'A'),
+      row(2, 'tool_call', 'B'),
+      row(3, 'tool_call', 'C'),
+      row(4, 'tool_call', 'D'),
+    ]);
+
+    const limited = listActivityBySession(sessionId, { limit: 2 });
+    expect(limited).toHaveLength(2);
+    expect(limited[0].target).toBe('D'); // newest first
+    expect(limited[1].target).toBe('C');
+
+    // since = ts of seq=2 (Jan 2). Should include C (Jan 3) and D (Jan 4).
+    const since = new Date(2026, 0, 2).toISOString();
+    const sinceRows = listActivityBySession(sessionId, { since });
+    expect(sinceRows.map((r) => r.target)).toEqual(['D', 'C']);
+  });
+
+  it('cascades on session delete', () => {
+    const { agentGroupId, sessionId } = seedAgentAndSession();
+    mergeActivityBatch(agentGroupId, sessionId, [row(1, 'tool_call', 'Read')]);
+    expect(listActivityBySession(sessionId)).toHaveLength(1);
+
+    getDb().prepare('DELETE FROM sessions WHERE id = ?').run(sessionId);
+    expect(listActivityBySession(sessionId)).toHaveLength(0);
+    expect(listActivityByAgentGroup(agentGroupId)).toHaveLength(0);
+  });
+});

package/src/db/agent-activity.ts

@@ -0,0 +1,121 @@
+/**
+ * Central `agent_activity` ledger — append-only, drained from each session's
+ * outbound.db `activity` table during delivery. Read paths feed the web UI's
+ * "what is this agent doing" surface; the table is intended to be
+ * inexpensively scannable per-agent-group and per-session, hence the two
+ * descending indexes added in migration 017.
+ *
+ * Cursor: `sessions.activity_synced_seq` is the per-session high-water mark
+ * — every row from outbound.db with `seq <= cursor` has either been merged
+ * here or was emitted by a session whose container has since stopped (we
+ * still drained it on the way out). The merge is single-writer because the
+ * delivery loop already serializes per-session via `inflightDeliveries`.
+ */
+import crypto from 'node:crypto';
+
+import { getDb } from './connection.js';
+import type { OutboundActivityRow } from './session-db.js';
+
+export type ActivityKind = 'tool_call' | 'mcp_call' | 'cmd_exec' | 'secret_use';
+
+export interface ActivityRow {
+  id: string;
+  agent_group_id: string;
+  session_id: string;
+  kind: string;
+  target: string | null;
+  summary: string | null;
+  created_at: string;
+}
+
+export function getActivitySyncedSeq(sessionId: string): number {
+  const row = getDb().prepare('SELECT activity_synced_seq AS seq FROM sessions WHERE id = ?').get(sessionId) as
+    | { seq: number }
+    | undefined;
+  return row?.seq ?? 0;
+}
+
+/**
+ * Insert a batch of outbound activity rows into central `agent_activity` and
+ * advance the session's merge cursor in one transaction. No-op when the
+ * input is empty so callers don't have to short-circuit. Returns the new
+ * cursor value (max input seq, or the unchanged prior cursor).
+ */
+export function mergeActivityBatch(agentGroupId: string, sessionId: string, rows: OutboundActivityRow[]): number {
+  if (rows.length === 0) return getActivitySyncedSeq(sessionId);
+
+  const db = getDb();
+  const insert = db.prepare(
+    `INSERT INTO agent_activity (id, agent_group_id, session_id, kind, target, summary, created_at)
+     VALUES (@id, @agent_group_id, @session_id, @kind, @target, @summary, @created_at)`,
+  );
+  const updateCursor = db.prepare(
+    `UPDATE sessions SET activity_synced_seq = ? WHERE id = ? AND activity_synced_seq < ?`,
+  );
+
+  const maxSeq = rows.reduce((acc, r) => (r.seq > acc ? r.seq : acc), 0);
+
+  db.transaction(() => {
+    for (const r of rows) {
+      insert.run({
+        id: crypto.randomUUID(),
+        agent_group_id: agentGroupId,
+        session_id: sessionId,
+        kind: r.kind,
+        target: r.target,
+        summary: r.summary,
+        created_at: r.ts,
+      });
+    }
+    updateCursor.run(maxSeq, sessionId, maxSeq);
+  })();
+
+  return maxSeq;
+}
+
+export interface ListActivityOpts {
+  /** Only return rows with created_at > since (ISO 8601). */
+  since?: string;
+  /** Cap row count. Defaults to 100, hard-capped at 500 by the route layer. */
+  limit?: number;
+}
+
+export function listActivityByAgentGroup(agentGroupId: string, opts: ListActivityOpts = {}): ActivityRow[] {
+  const limit = opts.limit ?? 100;
+  if (opts.since) {
+    return getDb()
+      .prepare(
+        `SELECT * FROM agent_activity
+          WHERE agent_group_id = ? AND created_at > ?
+          ORDER BY created_at DESC LIMIT ?`,
+      )
+      .all(agentGroupId, opts.since, limit) as ActivityRow[];
+  }
+  return getDb()
+    .prepare(
+      `SELECT * FROM agent_activity
+        WHERE agent_group_id = ?
+        ORDER BY created_at DESC LIMIT ?`,
+    )
+    .all(agentGroupId, limit) as ActivityRow[];
+}
+
+export function listActivityBySession(sessionId: string, opts: ListActivityOpts = {}): ActivityRow[] {
+  const limit = opts.limit ?? 100;
+  if (opts.since) {
+    return getDb()
+      .prepare(
+        `SELECT * FROM agent_activity
+          WHERE session_id = ? AND created_at > ?
+          ORDER BY created_at DESC LIMIT ?`,
+      )
+      .all(sessionId, opts.since, limit) as ActivityRow[];
+  }
+  return getDb()
+    .prepare(
+      `SELECT * FROM agent_activity
+        WHERE session_id = ?
+        ORDER BY created_at DESC LIMIT ?`,
+    )
+    .all(sessionId, limit) as ActivityRow[];
+}