@oscharko-dev/keiko-server 0.2.7 → 0.2.9

package/dist/deps.js

@@ -20,12 +20,25 @@ import { dirname, join } from "node:path";
 import { createRunRegistry } from "./runs.js";
 import { assertUiDbOutsideProject, buildUiStoreOverDatabase, openNodeUiDatabase, resolveUiDbPath, validateProjectPath, } from "./store/index.js";
 import { createTerminalExecutionManager } from "./terminal.js";
+import { createCommandRunnerManager } from "./command-runner.js";
+import { createContainerRunnerManager, } from "./runtime/containerRunner.js";
 import { createBrowserSessionManager } from "@oscharko-dev/keiko-tools";
 import {} from "@oscharko-dev/keiko-memory-vault";
 import { createBffMemoryVault } from "./memory-handlers.js";
 import { createMemoryAuditHandler } from "./memory-audit-handler.js";
 import { createConsolidationJobRegistry, } from "./memory-consolidation-registry.js";
 import { createRelationshipStorePort, } from "./relationship-handlers.js";
+import { createNodeGitWorktreeAdapter } from "@oscharko-dev/keiko-tools/internal/git-mutation";
+import { buildWorkspaceInstanceStoreOverDatabase, } from "./task-workspace/store.js";
+import { buildActiveWorkspacePointerStoreOverDatabase, } from "./task-workspace/active-store.js";
+import { createWorkspaceProvisioningService } from "./task-workspace/provisioning.js";
+import { createWorkspaceLifecycleService } from "./task-workspace/lifecycle.js";
+import { createWorkspaceMutexRegistry, } from "./task-workspace/mutex.js";
+import { createWorkspaceReconciliationService } from "./task-workspace/reconciliation.js";
+import { createWorkspaceRepairService } from "./task-workspace/repair.js";
+import { createWorkspaceHealthService } from "./task-workspace/health.js";
+import { createWorkspaceCleanupService } from "./task-workspace/cleanup.js";
+import { randomUUID } from "node:crypto";
 import { resolveGroundingLimits, } from "@oscharko-dev/keiko-contracts/bff-wire";
 import { createProviderSecretResolver } from "./credentialVault.js";
 import { createLocalKnowledgeKeyProvider } from "./localKnowledgeKeyProvider.js";
@@ -310,6 +323,34 @@ function buildTerminalManager(options) {
         },
     });
 }
+// Issue #1387 — the command runner reuses the same store + evidence + live-redactor wiring as the
+// terminal manager so discovered test/build/run tasks inherit the identical workspace containment,
+// secret-shape scrubbing, and content-free audit trail.
+function buildCommandRunner(options) {
+    return createCommandRunnerManager({
+        store: options.store,
+        evidenceStore: options.evidenceStore,
+        processEnv: options.env,
+        redactor: (value) => {
+            const redacted = options.liveRedactor(value);
+            return typeof redacted === "string" ? redacted : value;
+        },
+    });
+}
+// Issue #1388 — the container runner reuses the same store + evidence + live-redactor wiring as the
+// command runner so its content-free run audit inherits the identical secret-shape scrubbing. The
+// active engine probe and the frozen-argv container run both compose the single runCommand boundary.
+function buildContainerRunner(options) {
+    return createContainerRunnerManager({
+        store: options.store,
+        evidenceStore: options.evidenceStore,
+        processEnv: options.env,
+        redactor: (value) => {
+            const redacted = options.liveRedactor(value);
+            return typeof redacted === "string" ? redacted : value;
+        },
+    });
+}
 // ADR-0019 direction rule 3c: the tools package cannot import src/audit. The BFF injects the
 // cost-class resolver and a side-file writer that closes over the resolved evidenceDir + the
 // nodeWorkspaceFs realpath-containment port, so the browser session manager stays self-contained
@@ -342,13 +383,15 @@ function resolveLoopbackWorkspaceId(env) {
         return explicit;
     return DEFAULT_LOOPBACK_WORKSPACE_ID;
 }
-// When no UiStore is injected, open one DatabaseSync against the resolved UI-DB and share it
-// with the relationship-engine store so V5 sibling tables share the UI-store transaction model
-// (issue #539, storage.md §3.1). When tests inject a UiStore we leave `relationship` undefined;
-// relationship-engine tests inject their own deps.
 function composePersistence(injected, resolvedUiDbPath, redactString, env) {
-    if (injected !== undefined)
-        return { store: injected, relationship: undefined };
+    if (injected !== undefined) {
+        return {
+            store: injected,
+            relationship: undefined,
+            workspaceInstanceStore: undefined,
+            activeWorkspacePointerStore: undefined,
+        };
+    }
     const db = openNodeUiDatabase(resolvedUiDbPath);
     const store = buildUiStoreOverDatabase(db, { redactString });
     const relationship = {
@@ -357,7 +400,151 @@ function composePersistence(injected, resolvedUiDbPath, redactString, env) {
         }),
         store: createRelationshipStorePort({ db, redactString }),
     };
-    return { store, relationship };
+    return {
+        store,
+        relationship,
+        workspaceInstanceStore: buildWorkspaceInstanceStoreOverDatabase(db),
+        activeWorkspacePointerStore: buildActiveWorkspacePointerStoreOverDatabase(db),
+    };
+}
+// The Keiko-owned managed task-workspace root lives alongside the UI database (`<uiDbDir>/
+// task-workspaces`), so it inherits the same per-user data directory and 0o700 hardening posture.
+function resolveManagedWorktreeRoot(uiDbPath) {
+    return join(dirname(uiDbPath), "task-workspaces");
+}
+function buildWorkspaceProvisioning(options, store, resolvedUiDbPath, evidenceStore, redactString, mutex) {
+    if (options.workspaceProvisioning !== undefined)
+        return options.workspaceProvisioning;
+    if (store === undefined)
+        return undefined;
+    return createWorkspaceProvisioningService({
+        store,
+        evidenceStore,
+        managedRoot: resolveManagedWorktreeRoot(resolvedUiDbPath),
+        createAdapter: (workspace) => createNodeGitWorktreeAdapter({ workspace, processEnv: options.env }),
+        redactString,
+        now: () => Date.now(),
+        newId: randomUUID,
+        mutex,
+    });
+}
+// Issue #446 — the active-binding lifecycle service. It composes the SAME #445 instance store,
+// provisioning service, evidence store, and active-pointer store (no second worktree/lock/transition
+// engine). Returns undefined whenever any composed dependency is absent (injected UiStore tests), so
+// the active-binding routes degrade to 503 exactly like the provisioning routes.
+function buildWorkspaceLifecycle(options, instanceStore, activePointerStore, provisioning, resolvedUiDbPath, evidenceStore, redactString, mutex) {
+    if (options.workspaceLifecycle !== undefined)
+        return options.workspaceLifecycle;
+    if (instanceStore === undefined ||
+        activePointerStore === undefined ||
+        provisioning === undefined) {
+        return undefined;
+    }
+    return createWorkspaceLifecycleService({
+        store: instanceStore,
+        activePointerStore,
+        managedRoot: resolveManagedWorktreeRoot(resolvedUiDbPath),
+        provisioning,
+        evidenceStore,
+        redactString,
+        now: () => Date.now(),
+        newId: randomUUID,
+        mutex,
+    });
+}
+// Issue #447 — the startup reconciliation service. It composes the SAME #445 instance store, #446
+// active pointer, evidence store, managed root, and node worktree adapter (no second engine). Returns
+// undefined whenever a composed dependency is absent (injected UiStore tests) so the reconciliation
+// routes degrade to 503 exactly like the provisioning routes.
+function buildWorkspaceReconciliation(options, instanceStore, activePointerStore, resolvedUiDbPath, evidenceStore, redactString) {
+    if (options.workspaceReconciliation !== undefined)
+        return options.workspaceReconciliation;
+    if (instanceStore === undefined || activePointerStore === undefined)
+        return undefined;
+    return createWorkspaceReconciliationService({
+        store: instanceStore,
+        activePointerStore,
+        evidenceStore,
+        managedRoot: resolveManagedWorktreeRoot(resolvedUiDbPath),
+        createAdapter: (workspace) => createNodeGitWorktreeAdapter({ workspace, processEnv: options.env }),
+        redactString,
+        now: () => Date.now(),
+        newId: randomUUID,
+    });
+}
+// Issue #447 — the controlled repair service. It reuses the #445 provisioning service for the
+// worktree-recreating strategies and the same store/pointer/adapter for the rest (no second engine).
+function buildWorkspaceRepair(options, instanceStore, activePointerStore, provisioning, resolvedUiDbPath, evidenceStore, redactString, mutex) {
+    if (options.workspaceRepair !== undefined)
+        return options.workspaceRepair;
+    if (instanceStore === undefined ||
+        activePointerStore === undefined ||
+        provisioning === undefined) {
+        return undefined;
+    }
+    return createWorkspaceRepairService({
+        store: instanceStore,
+        activePointerStore,
+        evidenceStore,
+        provisioning,
+        managedRoot: resolveManagedWorktreeRoot(resolvedUiDbPath),
+        createAdapter: (workspace) => createNodeGitWorktreeAdapter({ workspace, processEnv: options.env }),
+        redactString,
+        now: () => Date.now(),
+        newId: randomUUID,
+        mutex,
+    });
+}
+// Issue #448 — the read-only health/drift/orphan report service and the governed cleanup service. Both
+// reuse the SAME #445 instance store, #446 active pointer, evidence store, managed root, and node
+// worktree adapter (no second engine). Return undefined whenever a composed dependency is absent so the
+// health/cleanup routes degrade to 503 exactly like the provisioning routes.
+function buildWorkspaceHealth(options, instanceStore, activePointerStore, resolvedUiDbPath, evidenceStore, redactString) {
+    if (options.workspaceHealth !== undefined)
+        return options.workspaceHealth;
+    if (instanceStore === undefined || activePointerStore === undefined)
+        return undefined;
+    return createWorkspaceHealthService({
+        store: instanceStore,
+        activePointerStore,
+        evidenceStore,
+        managedRoot: resolveManagedWorktreeRoot(resolvedUiDbPath),
+        createAdapter: (workspace) => createNodeGitWorktreeAdapter({ workspace, processEnv: options.env }),
+        redactString,
+        now: () => Date.now(),
+        newId: randomUUID,
+    });
+}
+function buildWorkspaceCleanup(options, instanceStore, activePointerStore, resolvedUiDbPath, evidenceStore, redactString, mutex) {
+    if (options.workspaceCleanup !== undefined)
+        return options.workspaceCleanup;
+    if (instanceStore === undefined || activePointerStore === undefined)
+        return undefined;
+    return createWorkspaceCleanupService({
+        store: instanceStore,
+        activePointerStore,
+        evidenceStore,
+        managedRoot: resolveManagedWorktreeRoot(resolvedUiDbPath),
+        createAdapter: (workspace) => createNodeGitWorktreeAdapter({ workspace, processEnv: options.env }),
+        redactString,
+        now: () => Date.now(),
+        newId: randomUUID,
+        mutex,
+    });
+}
+// Best-effort startup reconciliation (Issue #447): mirror the QI-retention startup pass — run once at
+// bootstrap, never throw into construction, and never block server start (the reconcile IO is detached
+// and self-contained). A failure simply leaves the persisted classification untouched until the next
+// pass or an explicit refresh.
+function reconcileTaskWorkspacesAtStartup(service) {
+    if (service === undefined)
+        return;
+    try {
+        void service.reconcile().catch(() => undefined);
+    }
+    catch {
+        // construction must never fail because of reconciliation.
+    }
 }
 function seedInitialProject(store, uiDbPath, initialProjectPath) {
     if (initialProjectPath === undefined || initialProjectPath.trim().length === 0) {
@@ -375,6 +562,18 @@ function buildPeripherals(options, uiStore, evidenceStore, redactString, liveRed
             env: options.env,
             liveRedactor,
         }),
+        commandRunner: buildCommandRunner({
+            store: uiStore,
+            evidenceStore,
+            env: options.env,
+            liveRedactor,
+        }),
+        containerRunner: buildContainerRunner({
+            store: uiStore,
+            evidenceStore,
+            env: options.env,
+            liveRedactor,
+        }),
         browser: buildBrowserManager({
             evidenceDir: resolveEvidenceDir(options.evidenceDir, options.env),
             evidenceStore,
@@ -419,6 +618,79 @@ function resolveEvidenceDirAndEnforceRetention(options) {
     });
     return evidenceDir;
 }
+// Issue #448 — the health + cleanup pair, split out to keep composeTaskWorkspaceServices small.
+function composeHealthAndCleanup(options, workspaceInstanceStore, activeWorkspacePointerStore, resolvedUiDbPath, evidenceStore, redactString, mutex) {
+    return {
+        workspaceHealth: buildWorkspaceHealth(options, workspaceInstanceStore, activeWorkspacePointerStore, resolvedUiDbPath, evidenceStore, redactString),
+        workspaceCleanup: buildWorkspaceCleanup(options, workspaceInstanceStore, activeWorkspacePointerStore, resolvedUiDbPath, evidenceStore, redactString, mutex),
+    };
+}
+// Issue #445/#446/#447 — provisioning + active-binding lifecycle + reconciliation + repair.
+function composeCoreTaskWorkspaceServices(options, workspaceInstanceStore, activeWorkspacePointerStore, resolvedUiDbPath, evidenceStore, redactString, mutex) {
+    const workspaceProvisioning = buildWorkspaceProvisioning(options, workspaceInstanceStore, resolvedUiDbPath, evidenceStore, redactString, mutex);
+    return {
+        workspaceProvisioning,
+        workspaceLifecycle: buildWorkspaceLifecycle(options, workspaceInstanceStore, activeWorkspacePointerStore, workspaceProvisioning, resolvedUiDbPath, evidenceStore, redactString, mutex),
+        workspaceReconciliation: buildWorkspaceReconciliation(options, workspaceInstanceStore, activeWorkspacePointerStore, resolvedUiDbPath, evidenceStore, redactString),
+        workspaceRepair: buildWorkspaceRepair(options, workspaceInstanceStore, activeWorkspacePointerStore, workspaceProvisioning, resolvedUiDbPath, evidenceStore, redactString, mutex),
+    };
+}
+function composeTaskWorkspaceServices(options, workspaceInstanceStore, activeWorkspacePointerStore, resolvedUiDbPath, evidenceStore, redactString) {
+    // One shared in-process mutex registry across ALL mutating task-workspace services (#449, ADR-0093 D1):
+    // provisioning, lifecycle, repair, and cleanup must serialize against each other on the same `ws:`
+    // keyspace, so they receive the SAME registry instance. Read-only services (reconciliation, health) do
+    // not take it.
+    const mutex = createWorkspaceMutexRegistry();
+    const args = [
+        options,
+        workspaceInstanceStore,
+        activeWorkspacePointerStore,
+        resolvedUiDbPath,
+        evidenceStore,
+        redactString,
+        mutex,
+    ];
+    return {
+        ...composeCoreTaskWorkspaceServices(...args),
+        ...composeHealthAndCleanup(...args),
+    };
+}
+function buildPersistenceBundle(options, resolvedUiDbPath, redactString, evidenceStore) {
+    const { store, relationship, workspaceInstanceStore, activeWorkspacePointerStore } = composePersistence(options.store, resolvedUiDbPath, redactString, options.env);
+    const services = composeTaskWorkspaceServices(options, workspaceInstanceStore, activeWorkspacePointerStore, resolvedUiDbPath, evidenceStore, redactString);
+    return {
+        uiStore: store,
+        relationship,
+        ...services,
+        managedTaskWorkspaceRoot: services.workspaceProvisioning === undefined
+            ? undefined
+            : resolveManagedWorktreeRoot(resolvedUiDbPath),
+        preferredProjectPath: seedInitialProject(store, resolvedUiDbPath, options.initialProjectPath),
+    };
+}
+// The optional persistence services (relationship engine + the #445/#446/#447 task-workspace
+// services) spread onto the handler deps only when they were composed (production) — absent ones leave
+// the corresponding routes to degrade to 503, exactly as before.
+function optionalPersistenceServices(bundle) {
+    return {
+        ...(bundle.relationship === undefined ? {} : { relationship: bundle.relationship }),
+        ...(bundle.workspaceProvisioning === undefined
+            ? {}
+            : { workspaceProvisioning: bundle.workspaceProvisioning }),
+        ...(bundle.managedTaskWorkspaceRoot === undefined
+            ? {}
+            : { managedTaskWorkspaceRoot: bundle.managedTaskWorkspaceRoot }),
+        ...(bundle.workspaceLifecycle === undefined
+            ? {}
+            : { workspaceLifecycle: bundle.workspaceLifecycle }),
+        ...(bundle.workspaceReconciliation === undefined
+            ? {}
+            : { workspaceReconciliation: bundle.workspaceReconciliation }),
+        ...(bundle.workspaceRepair === undefined ? {} : { workspaceRepair: bundle.workspaceRepair }),
+        ...(bundle.workspaceHealth === undefined ? {} : { workspaceHealth: bundle.workspaceHealth }),
+        ...(bundle.workspaceCleanup === undefined ? {} : { workspaceCleanup: bundle.workspaceCleanup }),
+    };
+}
 export function buildUiHandlerDeps(options) {
     const resolvedUiDbPath = resolveUiDbPath(options.uiDbPath, options.env);
     const runtimeConfigPath = localGatewayConfigPath(resolvedUiDbPath);
@@ -429,8 +701,11 @@ export function buildUiHandlerDeps(options) {
     const evidenceStore = createNodeEvidenceStore(resolvedEvidenceDir);
     const redactString = runtimeRedactString(options.env, runtimeConfig, egress);
     const liveRedactor = (value) => deepRedactStrings(value, redactString);
-    const { store: uiStore, relationship } = composePersistence(options.store, resolvedUiDbPath, redactString, options.env);
-    const preferredProjectPath = seedInitialProject(uiStore, resolvedUiDbPath, options.initialProjectPath);
+    const bundle = buildPersistenceBundle(options, resolvedUiDbPath, redactString, evidenceStore);
+    // Issue #447: run a best-effort startup reconciliation only on the real bootstrap path (no injected
+    // store), so test fixtures stay deterministic and trigger reconcile() explicitly when they need it.
+    if (options.store === undefined)
+        reconcileTaskWorkspacesAtStartup(bundle.workspaceReconciliation);
     return {
         config,
         configPresent,
@@ -442,17 +717,17 @@ export function buildUiHandlerDeps(options) {
         registry: options.registry ?? createRunRegistry(),
         modelPortFactory: options.modelPortFactory ?? defaultModelPortFactory(runtimeConfig),
         redactionSecrets: runtimeRedactionSecrets(options.env, runtimeConfig, egress),
-        store: uiStore,
+        store: bundle.uiStore,
         uiDbPath: resolvedUiDbPath,
-        preferredProjectPath,
+        preferredProjectPath: bundle.preferredProjectPath,
         gatewayConfig: runtimeConfig,
         gatewaySetupTester: options.gatewaySetupTester,
         gatewayModelDiscovery: options.gatewayModelDiscovery,
         figmaCredentialTester: options.figmaCredentialTester,
         localKnowledgeKeyProvider: createLocalKnowledgeKeyProvider({ env: options.env }),
         contextProfile: DEFAULT_CONTEXT_PROFILE,
-        ...buildPeripherals(options, uiStore, evidenceStore, redactString, liveRedactor),
+        ...buildPeripherals(options, bundle.uiStore, evidenceStore, redactString, liveRedactor),
         consolidationJobs: createConsolidationJobRegistry(),
-        ...(relationship === undefined ? {} : { relationship }),
+        ...optionalPersistenceServices(bundle),
     };
 }

package/dist/discussion-prompt.d.ts

@@ -0,0 +1,4 @@
+import { type DiscussionMode } from "@oscharko-dev/keiko-contracts";
+export declare const CONVERSATION_DISCUSSION_BLOCK_HEADER = "Discussion mode directives:";
+export declare function composeDiscussionDirectiveBlock(mode: DiscussionMode): string;
+//# sourceMappingURL=discussion-prompt.d.ts.map

package/dist/discussion-prompt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"discussion-prompt.d.ts","sourceRoot":"","sources":["../src/discussion-prompt.ts"],"names":[],"mappings":"AASA,OAAO,EAGL,KAAK,cAAc,EACpB,MAAM,+BAA+B,CAAC;AAIvC,eAAO,MAAM,oCAAoC,gCAAgC,CAAC;AAKlF,wBAAgB,+BAA+B,CAAC,IAAI,EAAE,cAAc,GAAG,MAAM,CAK5E"}

package/dist/discussion-prompt.js

@@ -0,0 +1,19 @@
+// Issue #502 — Pure renderer for the discussion-mode directive block (ADR-0065).
+//
+// When a discussion mode is selected, the model receives the mode's directives as an ADDITIVE,
+// labeled prompt block. This module turns the content-free contract plan
+// (`DISCUSSION_MODE_PLANS[mode].directives`) into deterministic prompt text via the fixed
+// `DISCUSSION_DIRECTIVE_TEMPLATES`. It performs no IO and echoes no raw input: every line is one
+// of the bounded, content-free templates the contract defines, so the block can never leak user
+// or assistant text, credentials, or provider URLs.
+import { DISCUSSION_DIRECTIVE_TEMPLATES, DISCUSSION_MODE_PLANS, } from "@oscharko-dev/keiko-contracts";
+// Fixed label that opens the directive block. Exported so the prompt composer and the test suite
+// can assert the block boundary directly (mirrors the CONVERSATION_*_BLOCK_HEADER constants).
+export const CONVERSATION_DISCUSSION_BLOCK_HEADER = "Discussion mode directives:";
+// Renders the selected mode's directives into a deterministic labeled block: the header line
+// followed by one bulleted template line per directive, in the contract's declared directive
+// order. Pure and content-free — driven entirely by the frozen contract plan + templates.
+export function composeDiscussionDirectiveBlock(mode) {
+    const directiveLines = DISCUSSION_MODE_PLANS[mode].directives.map((directive) => `- ${DISCUSSION_DIRECTIVE_TEMPLATES[directive]}`);
+    return [CONVERSATION_DISCUSSION_BLOCK_HEADER, ...directiveLines].join("\n");
+}

package/dist/editor/agentActionAudit.d.ts

@@ -0,0 +1,18 @@
+import { type EditorAgentActionAuditRecord, type EditorAgentActionPolicyDecision, type EditorAgentActionStatus, type EditorAgentActionType, type EditorAgentConflictCode, type EditorAgentFailureCode } from "@oscharko-dev/keiko-contracts";
+export interface EditorAgentAuditInput {
+    readonly occurredAt: number;
+    readonly sessionId: string;
+    readonly actionId: string;
+    readonly actionType: EditorAgentActionType;
+    readonly decision: EditorAgentActionPolicyDecision;
+    readonly outcome: EditorAgentActionStatus;
+    readonly conflictCode?: EditorAgentConflictCode | undefined;
+    readonly failureCode?: EditorAgentFailureCode | undefined;
+    readonly targetPath?: string | null | undefined;
+    readonly editCount?: number | undefined;
+    readonly patchByteLength?: number | undefined;
+}
+export declare function recordEditorAgentActionAudit(input: EditorAgentAuditInput): EditorAgentActionAuditRecord | null;
+export declare function listEditorAgentActionAudit(sessionId?: string): readonly EditorAgentActionAuditRecord[];
+export declare function _resetEditorAgentAuditForTests(): void;
+//# sourceMappingURL=agentActionAudit.d.ts.map

package/dist/editor/agentActionAudit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agentActionAudit.d.ts","sourceRoot":"","sources":["../../src/editor/agentActionAudit.ts"],"names":[],"mappings":"AASA,OAAO,EAGL,KAAK,4BAA4B,EACjC,KAAK,+BAA+B,EACpC,KAAK,uBAAuB,EAC5B,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,sBAAsB,EAC5B,MAAM,+BAA+B,CAAC;AAOvC,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,UAAU,EAAE,qBAAqB,CAAC;IAC3C,QAAQ,CAAC,QAAQ,EAAE,+BAA+B,CAAC;IACnD,QAAQ,CAAC,OAAO,EAAE,uBAAuB,CAAC;IAC1C,QAAQ,CAAC,YAAY,CAAC,EAAE,uBAAuB,GAAG,SAAS,CAAC;IAC5D,QAAQ,CAAC,WAAW,CAAC,EAAE,sBAAsB,GAAG,SAAS,CAAC;IAC1D,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;IAChD,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACxC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC/C;AAkCD,wBAAgB,4BAA4B,CAC1C,KAAK,EAAE,qBAAqB,GAC3B,4BAA4B,GAAG,IAAI,CA0BrC;AAID,wBAAgB,0BAA0B,CACxC,SAAS,CAAC,EAAE,MAAM,GACjB,SAAS,4BAA4B,EAAE,CAKzC;AAED,wBAAgB,8BAA8B,IAAI,IAAI,CAGrD"}

package/dist/editor/agentActionAudit.js

@@ -0,0 +1,80 @@
+// Issue #1395, ADR-0062 — bounded, content-free audit ledger for agent editor actions.
+//
+// A per-session, append-only, FIFO-evicted in-memory ledger surfaces "recent agent editor actions"
+// to the BFF read route and the UI. It is intentionally ephemeral (not persisted to disk): the issue
+// excludes long-term telemetry collection. The record shape is content-free by construction (the
+// contract builder is handed only enums, counts, identifiers, and a workspace-relative path) and is
+// run through the keiko-security redactor (defense in depth) before it is stored or served, so raw
+// source text and secrets cannot reach the ledger.
+import { buildEditorAgentActionAuditRecord, isMutatingEditorAgentAction, } from "@oscharko-dev/keiko-contracts";
+import { deepRedactStrings, redact } from "@oscharko-dev/keiko-security";
+// Bounded like the route-edge idempotency map: a long-lived server cannot grow this without limit.
+const MAX_RECORDS_PER_SESSION = 100;
+const MAX_SESSIONS = 256;
+const state = { bySession: new Map(), seq: 0 };
+// Defense in depth: re-redact every string leaf of the already-content-free record so a secret-shaped
+// substring that slipped into a workspace-relative path or summary is scrubbed before storage.
+function redactRecord(record) {
+    return deepRedactStrings(record, redact);
+}
+function appendRecord(sessionId, record) {
+    const existing = state.bySession.get(sessionId) ?? [];
+    const next = [...existing, record];
+    if (next.length > MAX_RECORDS_PER_SESSION) {
+        next.splice(0, next.length - MAX_RECORDS_PER_SESSION);
+    }
+    state.bySession.set(sessionId, next);
+    while (state.bySession.size > MAX_SESSIONS) {
+        const oldest = state.bySession.keys().next().value;
+        if (oldest === undefined)
+            break;
+        state.bySession.delete(oldest);
+    }
+}
+// Record one content-free audit entry for an agent editor action. Best-effort and throw-free: a
+// ledger failure must never break the action path. AC1: every mutating action is audited. A denied
+// action is audited even if it is not mutating, so a blocked attempt stays visible. Allowed
+// navigation/layout actions are not recorded — the ledger is for governance-relevant activity.
+// Returns the stored (redacted) record, or null when the action is not audited or recording failed.
+export function recordEditorAgentActionAudit(input) {
+    if (!isMutatingEditorAgentAction(input.actionType) && input.decision.disposition !== "denied") {
+        return null;
+    }
+    try {
+        state.seq += 1;
+        const record = buildEditorAgentActionAuditRecord({
+            auditId: `editor-agent-audit-${String(state.seq)}`,
+            occurredAt: input.occurredAt,
+            sessionId: input.sessionId,
+            actionId: input.actionId,
+            actionType: input.actionType,
+            decision: input.decision,
+            outcome: input.outcome,
+            conflictCode: input.conflictCode,
+            failureCode: input.failureCode,
+            targetPath: input.targetPath,
+            editCount: input.editCount,
+            patchByteLength: input.patchByteLength,
+        });
+        const redacted = redactRecord(record);
+        appendRecord(input.sessionId, redacted);
+        return redacted;
+    }
+    catch {
+        return null;
+    }
+}
+// Recent records, newest last. With a sessionId, returns that session's bounded list; without one,
+// returns a bounded flattened view across sessions (the global observer's recent-activity feed).
+export function listEditorAgentActionAudit(sessionId) {
+    if (sessionId !== undefined)
+        return state.bySession.get(sessionId) ?? [];
+    const all = [];
+    for (const records of state.bySession.values())
+        all.push(...records);
+    return all.slice(-MAX_RECORDS_PER_SESSION);
+}
+export function _resetEditorAgentAuditForTests() {
+    state.bySession.clear();
+    state.seq = 0;
+}

package/dist/editor/agentRoutes.d.ts

@@ -3,5 +3,6 @@ export declare function handleEditorAgentSessions(): RouteResult;
 export declare function handleEditorAgentSnapshot(ctx: RouteContext): Promise<RouteResult>;
 export declare function handleEditorAgentActions(ctx: RouteContext): Promise<RouteResult>;
 export declare function handleEditorAgentEvents(ctx: RouteContext): HandlerOutcome;
+export declare function handleEditorAgentAudit(ctx: RouteContext): RouteResult;
 export declare function _resetEditorAgentStateForTests(): void;
 //# sourceMappingURL=agentRoutes.d.ts.map

package/dist/editor/agentRoutes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"agentRoutes.d.ts","sourceRoot":"","sources":["../../src/editor/agentRoutes.ts"],"names":[],"mappings":"AAYA,OAAO,EAAwB,KAAK,cAAc,EAAE,KAAK,YAAY,EAAE,KAAK,WAAW,EAAE,MAAM,cAAc,CAAC;AAiJ9G,wBAAgB,yBAAyB,IAAI,WAAW,CAEvD;AAED,wBAAsB,yBAAyB,CAAC,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CAsBvF;AAED,wBAAsB,wBAAwB,CAAC,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CAsCtF;AAED,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,YAAY,GAAG,cAAc,CAMzE;AAeD,wBAAgB,8BAA8B,IAAI,IAAI,CAKrD"}
+{"version":3,"file":"agentRoutes.d.ts","sourceRoot":"","sources":["../../src/editor/agentRoutes.ts"],"names":[],"mappings":"AAiDA,OAAO,EAGL,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,WAAW,EACjB,MAAM,cAAc,CAAC;AA+WtB,wBAAgB,yBAAyB,IAAI,WAAW,CAEvD;AAED,wBAAsB,yBAAyB,CAAC,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CAkBvF;AAgDD,wBAAsB,wBAAwB,CAAC,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CAqCtF;AAoCD,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,YAAY,GAAG,cAAc,CAIzE;AAKD,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,YAAY,GAAG,WAAW,CAGrE;AAoBD,wBAAgB,8BAA8B,IAAI,IAAI,CAIrD"}