npm - @overlordai/server - Versions diffs - 1.0.1 - Mend

@overlordai/server 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (345) hide show

package/database/migrations/001-init-schema.sql +226 -0
package/database/migrations/002-add-indexes.sql +17 -0
package/database/migrations/003-add-settings-table.sql +4 -0
package/database/migrations/004-add-developer-id-index.sql +5 -0
package/dist/adapters/adapter.interface.d.ts +41 -0
package/dist/adapters/adapter.interface.d.ts.map +1 -0
package/dist/adapters/adapter.interface.js +6 -0
package/dist/adapters/adapter.interface.js.map +1 -0
package/dist/adapters/adapter.module.d.ts +3 -0
package/dist/adapters/adapter.module.d.ts.map +1 -0
package/dist/adapters/adapter.module.js +54 -0
package/dist/adapters/adapter.module.js.map +1 -0
package/dist/adapters/adapter.registry.d.ts +19 -0
package/dist/adapters/adapter.registry.d.ts.map +1 -0
package/dist/adapters/adapter.registry.js +51 -0
package/dist/adapters/adapter.registry.js.map +1 -0
package/dist/adapters/lark/lark-card.builder.d.ts +48 -0
package/dist/adapters/lark/lark-card.builder.d.ts.map +1 -0
package/dist/adapters/lark/lark-card.builder.js +259 -0
package/dist/adapters/lark/lark-card.builder.js.map +1 -0
package/dist/adapters/lark/lark-message.parser.d.ts +51 -0
package/dist/adapters/lark/lark-message.parser.d.ts.map +1 -0
package/dist/adapters/lark/lark-message.parser.js +189 -0
package/dist/adapters/lark/lark-message.parser.js.map +1 -0
package/dist/adapters/lark/lark-signature.d.ts +13 -0
package/dist/adapters/lark/lark-signature.d.ts.map +1 -0
package/dist/adapters/lark/lark-signature.js +58 -0
package/dist/adapters/lark/lark-signature.js.map +1 -0
package/dist/adapters/lark/lark.adapter.d.ts +65 -0
package/dist/adapters/lark/lark.adapter.d.ts.map +1 -0
package/dist/adapters/lark/lark.adapter.js +565 -0
package/dist/adapters/lark/lark.adapter.js.map +1 -0
package/dist/adapters/lark/lark.controller.d.ts +21 -0
package/dist/adapters/lark/lark.controller.d.ts.map +1 -0
package/dist/adapters/lark/lark.controller.js +120 -0
package/dist/adapters/lark/lark.controller.js.map +1 -0
package/dist/adapters/slack/slack.adapter.d.ts +19 -0
package/dist/adapters/slack/slack.adapter.d.ts.map +1 -0
package/dist/adapters/slack/slack.adapter.js +42 -0
package/dist/adapters/slack/slack.adapter.js.map +1 -0
package/dist/app.module.d.ts +5 -0
package/dist/app.module.d.ts.map +1 -0
package/dist/app.module.js +48 -0
package/dist/app.module.js.map +1 -0
package/dist/auth/auth.controller.d.ts +15 -0
package/dist/auth/auth.controller.d.ts.map +1 -0
package/dist/auth/auth.controller.js +67 -0
package/dist/auth/auth.controller.js.map +1 -0
package/dist/auth/auth.module.d.ts +3 -0
package/dist/auth/auth.module.d.ts.map +1 -0
package/dist/auth/auth.module.js +46 -0
package/dist/auth/auth.module.js.map +1 -0
package/dist/auth/auth.service.d.ts +62 -0
package/dist/auth/auth.service.d.ts.map +1 -0
package/dist/auth/auth.service.js +307 -0
package/dist/auth/auth.service.js.map +1 -0
package/dist/auth/decorators/allow-totp-setup.decorator.d.ts +3 -0
package/dist/auth/decorators/allow-totp-setup.decorator.d.ts.map +1 -0
package/dist/auth/decorators/allow-totp-setup.decorator.js +8 -0
package/dist/auth/decorators/allow-totp-setup.decorator.js.map +1 -0
package/dist/auth/decorators/project-roles.decorator.d.ts +4 -0
package/dist/auth/decorators/project-roles.decorator.d.ts.map +1 -0
package/dist/auth/decorators/project-roles.decorator.js +8 -0
package/dist/auth/decorators/project-roles.decorator.js.map +1 -0
package/dist/auth/decorators/roles.decorator.d.ts +4 -0
package/dist/auth/decorators/roles.decorator.d.ts.map +1 -0
package/dist/auth/decorators/roles.decorator.js +8 -0
package/dist/auth/decorators/roles.decorator.js.map +1 -0
package/dist/auth/extract-user.middleware.d.ts +21 -0
package/dist/auth/extract-user.middleware.d.ts.map +1 -0
package/dist/auth/extract-user.middleware.js +57 -0
package/dist/auth/extract-user.middleware.js.map +1 -0
package/dist/auth/guards/jwt-auth.guard.d.ts +14 -0
package/dist/auth/guards/jwt-auth.guard.d.ts.map +1 -0
package/dist/auth/guards/jwt-auth.guard.js +139 -0
package/dist/auth/guards/jwt-auth.guard.js.map +1 -0
package/dist/auth/guards/project-role.guard.d.ts +10 -0
package/dist/auth/guards/project-role.guard.d.ts.map +1 -0
package/dist/auth/guards/project-role.guard.js +72 -0
package/dist/auth/guards/project-role.guard.js.map +1 -0
package/dist/auth/guards/roles.guard.d.ts +8 -0
package/dist/auth/guards/roles.guard.d.ts.map +1 -0
package/dist/auth/guards/roles.guard.js +56 -0
package/dist/auth/guards/roles.guard.js.map +1 -0
package/dist/auth/jwt.strategy.d.ts +23 -0
package/dist/auth/jwt.strategy.d.ts.map +1 -0
package/dist/auth/jwt.strategy.js +49 -0
package/dist/auth/jwt.strategy.js.map +1 -0
package/dist/common/crypto.service.d.ts +31 -0
package/dist/common/crypto.service.d.ts.map +1 -0
package/dist/common/crypto.service.js +120 -0
package/dist/common/crypto.service.js.map +1 -0
package/dist/common/error-filter.d.ts +6 -0
package/dist/common/error-filter.d.ts.map +1 -0
package/dist/common/error-filter.js +78 -0
package/dist/common/error-filter.js.map +1 -0
package/dist/common/health.controller.d.ts +13 -0
package/dist/common/health.controller.d.ts.map +1 -0
package/dist/common/health.controller.js +75 -0
package/dist/common/health.controller.js.map +1 -0
package/dist/common/logger.service.d.ts +11 -0
package/dist/common/logger.service.d.ts.map +1 -0
package/dist/common/logger.service.js +48 -0
package/dist/common/logger.service.js.map +1 -0
package/dist/common/pagination.d.ts +18 -0
package/dist/common/pagination.d.ts.map +1 -0
package/dist/common/pagination.js +39 -0
package/dist/common/pagination.js.map +1 -0
package/dist/common/rate-limit.guard.d.ts +48 -0
package/dist/common/rate-limit.guard.d.ts.map +1 -0
package/dist/common/rate-limit.guard.js +129 -0
package/dist/common/rate-limit.guard.js.map +1 -0
package/dist/common/sensitive-filter.d.ts +7 -0
package/dist/common/sensitive-filter.d.ts.map +1 -0
package/dist/common/sensitive-filter.js +20 -0
package/dist/common/sensitive-filter.js.map +1 -0
package/dist/database/database.module.d.ts +3 -0
package/dist/database/database.module.d.ts.map +1 -0
package/dist/database/database.module.js +22 -0
package/dist/database/database.module.js.map +1 -0
package/dist/database/database.service.d.ts +13 -0
package/dist/database/database.service.d.ts.map +1 -0
package/dist/database/database.service.js +107 -0
package/dist/database/database.service.js.map +1 -0
package/dist/database/migration-runner.d.ts +5 -0
package/dist/database/migration-runner.d.ts.map +1 -0
package/dist/database/migration-runner.js +86 -0
package/dist/database/migration-runner.js.map +1 -0
package/dist/database/repositories/audit-log.repository.d.ts +29 -0
package/dist/database/repositories/audit-log.repository.d.ts.map +1 -0
package/dist/database/repositories/audit-log.repository.js +80 -0
package/dist/database/repositories/audit-log.repository.js.map +1 -0
package/dist/database/repositories/bot.repository.d.ts +67 -0
package/dist/database/repositories/bot.repository.d.ts.map +1 -0
package/dist/database/repositories/bot.repository.js +133 -0
package/dist/database/repositories/bot.repository.js.map +1 -0
package/dist/database/repositories/developer-token.repository.d.ts +40 -0
package/dist/database/repositories/developer-token.repository.d.ts.map +1 -0
package/dist/database/repositories/developer-token.repository.js +84 -0
package/dist/database/repositories/developer-token.repository.js.map +1 -0
package/dist/database/repositories/developer.repository.d.ts +25 -0
package/dist/database/repositories/developer.repository.d.ts.map +1 -0
package/dist/database/repositories/developer.repository.js +139 -0
package/dist/database/repositories/developer.repository.js.map +1 -0
package/dist/database/repositories/machine.repository.d.ts +39 -0
package/dist/database/repositories/machine.repository.d.ts.map +1 -0
package/dist/database/repositories/machine.repository.js +176 -0
package/dist/database/repositories/machine.repository.js.map +1 -0
package/dist/database/repositories/notification.repository.d.ts +19 -0
package/dist/database/repositories/notification.repository.d.ts.map +1 -0
package/dist/database/repositories/notification.repository.js +94 -0
package/dist/database/repositories/notification.repository.js.map +1 -0
package/dist/database/repositories/project-member.repository.d.ts +30 -0
package/dist/database/repositories/project-member.repository.d.ts.map +1 -0
package/dist/database/repositories/project-member.repository.js +75 -0
package/dist/database/repositories/project-member.repository.js.map +1 -0
package/dist/database/repositories/project.repository.d.ts +24 -0
package/dist/database/repositories/project.repository.d.ts.map +1 -0
package/dist/database/repositories/project.repository.js +154 -0
package/dist/database/repositories/project.repository.js.map +1 -0
package/dist/database/repositories/session.repository.d.ts +19 -0
package/dist/database/repositories/session.repository.d.ts.map +1 -0
package/dist/database/repositories/session.repository.js +117 -0
package/dist/database/repositories/session.repository.js.map +1 -0
package/dist/database/repositories/task.repository.d.ts +37 -0
package/dist/database/repositories/task.repository.d.ts.map +1 -0
package/dist/database/repositories/task.repository.js +229 -0
package/dist/database/repositories/task.repository.js.map +1 -0
package/dist/database/repositories/worker-token.repository.d.ts +20 -0
package/dist/database/repositories/worker-token.repository.d.ts.map +1 -0
package/dist/database/repositories/worker-token.repository.js +94 -0
package/dist/database/repositories/worker-token.repository.js.map +1 -0
package/dist/database/repositories/workspace.repository.d.ts +19 -0
package/dist/database/repositories/workspace.repository.d.ts.map +1 -0
package/dist/database/repositories/workspace.repository.js +82 -0
package/dist/database/repositories/workspace.repository.js.map +1 -0
package/dist/dispatcher/capability.service.d.ts +50 -0
package/dist/dispatcher/capability.service.d.ts.map +1 -0
package/dist/dispatcher/capability.service.js +159 -0
package/dist/dispatcher/capability.service.js.map +1 -0
package/dist/dispatcher/cleanup.service.d.ts +23 -0
package/dist/dispatcher/cleanup.service.d.ts.map +1 -0
package/dist/dispatcher/cleanup.service.js +107 -0
package/dist/dispatcher/cleanup.service.js.map +1 -0
package/dist/dispatcher/dedup.service.d.ts +48 -0
package/dist/dispatcher/dedup.service.d.ts.map +1 -0
package/dist/dispatcher/dedup.service.js +189 -0
package/dist/dispatcher/dedup.service.js.map +1 -0
package/dist/dispatcher/dispatcher.module.d.ts +3 -0
package/dist/dispatcher/dispatcher.module.d.ts.map +1 -0
package/dist/dispatcher/dispatcher.module.js +76 -0
package/dist/dispatcher/dispatcher.module.js.map +1 -0
package/dist/dispatcher/dispatcher.service.d.ts +134 -0
package/dist/dispatcher/dispatcher.service.d.ts.map +1 -0
package/dist/dispatcher/dispatcher.service.js +1034 -0
package/dist/dispatcher/dispatcher.service.js.map +1 -0
package/dist/dispatcher/heartbeat.service.d.ts +50 -0
package/dist/dispatcher/heartbeat.service.d.ts.map +1 -0
package/dist/dispatcher/heartbeat.service.js +154 -0
package/dist/dispatcher/heartbeat.service.js.map +1 -0
package/dist/dispatcher/machine-selector.d.ts +18 -0
package/dist/dispatcher/machine-selector.d.ts.map +1 -0
package/dist/dispatcher/machine-selector.js +144 -0
package/dist/dispatcher/machine-selector.js.map +1 -0
package/dist/dispatcher/pty-relay.service.d.ts +75 -0
package/dist/dispatcher/pty-relay.service.d.ts.map +1 -0
package/dist/dispatcher/pty-relay.service.js +404 -0
package/dist/dispatcher/pty-relay.service.js.map +1 -0
package/dist/dispatcher/reconciler.d.ts +39 -0
package/dist/dispatcher/reconciler.d.ts.map +1 -0
package/dist/dispatcher/reconciler.js +556 -0
package/dist/dispatcher/reconciler.js.map +1 -0
package/dist/dispatcher/scheduler.service.d.ts +50 -0
package/dist/dispatcher/scheduler.service.d.ts.map +1 -0
package/dist/dispatcher/scheduler.service.js +287 -0
package/dist/dispatcher/scheduler.service.js.map +1 -0
package/dist/dispatcher/state-machine.d.ts +16 -0
package/dist/dispatcher/state-machine.d.ts.map +1 -0
package/dist/dispatcher/state-machine.js +77 -0
package/dist/dispatcher/state-machine.js.map +1 -0
package/dist/dispatcher/task-log-batcher.d.ts +50 -0
package/dist/dispatcher/task-log-batcher.d.ts.map +1 -0
package/dist/dispatcher/task-log-batcher.js +184 -0
package/dist/dispatcher/task-log-batcher.js.map +1 -0
package/dist/dispatcher/worker-connection.manager.d.ts +49 -0
package/dist/dispatcher/worker-connection.manager.d.ts.map +1 -0
package/dist/dispatcher/worker-connection.manager.js +128 -0
package/dist/dispatcher/worker-connection.manager.js.map +1 -0
package/dist/main.d.ts +2 -0
package/dist/main.d.ts.map +1 -0
package/dist/main.js +85 -0
package/dist/main.js.map +1 -0
package/dist/notifier/debouncer.d.ts +39 -0
package/dist/notifier/debouncer.d.ts.map +1 -0
package/dist/notifier/debouncer.js +123 -0
package/dist/notifier/debouncer.js.map +1 -0
package/dist/notifier/notification-consumer.d.ts +88 -0
package/dist/notifier/notification-consumer.d.ts.map +1 -0
package/dist/notifier/notification-consumer.js +186 -0
package/dist/notifier/notification-consumer.js.map +1 -0
package/dist/notifier/notifier.module.d.ts +9 -0
package/dist/notifier/notifier.module.d.ts.map +1 -0
package/dist/notifier/notifier.module.js +58 -0
package/dist/notifier/notifier.module.js.map +1 -0
package/dist/notifier/notifier.service.d.ts +40 -0
package/dist/notifier/notifier.service.d.ts.map +1 -0
package/dist/notifier/notifier.service.js +191 -0
package/dist/notifier/notifier.service.js.map +1 -0
package/dist/notifier/template.service.d.ts +42 -0
package/dist/notifier/template.service.d.ts.map +1 -0
package/dist/notifier/template.service.js +201 -0
package/dist/notifier/template.service.js.map +1 -0
package/dist/redis/redis.module.d.ts +3 -0
package/dist/redis/redis.module.d.ts.map +1 -0
package/dist/redis/redis.module.js +22 -0
package/dist/redis/redis.module.js.map +1 -0
package/dist/redis/redis.service.d.ts +19 -0
package/dist/redis/redis.service.d.ts.map +1 -0
package/dist/redis/redis.service.js +69 -0
package/dist/redis/redis.service.js.map +1 -0
package/dist/web/admin/admin-audit.controller.d.ts +7 -0
package/dist/web/admin/admin-audit.controller.d.ts.map +1 -0
package/dist/web/admin/admin-audit.controller.js +53 -0
package/dist/web/admin/admin-audit.controller.js.map +1 -0
package/dist/web/admin/admin-bot.controller.d.ts +79 -0
package/dist/web/admin/admin-bot.controller.d.ts.map +1 -0
package/dist/web/admin/admin-bot.controller.js +193 -0
package/dist/web/admin/admin-bot.controller.js.map +1 -0
package/dist/web/admin/admin-developer.controller.d.ts +52 -0
package/dist/web/admin/admin-developer.controller.d.ts.map +1 -0
package/dist/web/admin/admin-developer.controller.js +160 -0
package/dist/web/admin/admin-developer.controller.js.map +1 -0
package/dist/web/admin/admin-machine.controller.d.ts +64 -0
package/dist/web/admin/admin-machine.controller.d.ts.map +1 -0
package/dist/web/admin/admin-machine.controller.js +111 -0
package/dist/web/admin/admin-machine.controller.js.map +1 -0
package/dist/web/admin/admin-project.controller.d.ts +45 -0
package/dist/web/admin/admin-project.controller.d.ts.map +1 -0
package/dist/web/admin/admin-project.controller.js +207 -0
package/dist/web/admin/admin-project.controller.js.map +1 -0
package/dist/web/admin/admin-settings.controller.d.ts +18 -0
package/dist/web/admin/admin-settings.controller.d.ts.map +1 -0
package/dist/web/admin/admin-settings.controller.js +93 -0
package/dist/web/admin/admin-settings.controller.js.map +1 -0
package/dist/web/admin/admin-token.controller.d.ts +45 -0
package/dist/web/admin/admin-token.controller.d.ts.map +1 -0
package/dist/web/admin/admin-token.controller.js +182 -0
package/dist/web/admin/admin-token.controller.js.map +1 -0
package/dist/web/dashboard.controller.d.ts +16 -0
package/dist/web/dashboard.controller.d.ts.map +1 -0
package/dist/web/dashboard.controller.js +78 -0
package/dist/web/dashboard.controller.js.map +1 -0
package/dist/web/dashboard.service.d.ts +39 -0
package/dist/web/dashboard.service.d.ts.map +1 -0
package/dist/web/dashboard.service.js +234 -0
package/dist/web/dashboard.service.js.map +1 -0
package/dist/web/interaction.service.d.ts +42 -0
package/dist/web/interaction.service.d.ts.map +1 -0
package/dist/web/interaction.service.js +102 -0
package/dist/web/interaction.service.js.map +1 -0
package/dist/web/machine.controller.d.ts +102 -0
package/dist/web/machine.controller.d.ts.map +1 -0
package/dist/web/machine.controller.js +121 -0
package/dist/web/machine.controller.js.map +1 -0
package/dist/web/notification.controller.d.ts +22 -0
package/dist/web/notification.controller.d.ts.map +1 -0
package/dist/web/notification.controller.js +70 -0
package/dist/web/notification.controller.js.map +1 -0
package/dist/web/profile.controller.d.ts +70 -0
package/dist/web/profile.controller.d.ts.map +1 -0
package/dist/web/profile.controller.js +262 -0
package/dist/web/profile.controller.js.map +1 -0
package/dist/web/project.controller.d.ts +8 -0
package/dist/web/project.controller.d.ts.map +1 -0
package/dist/web/project.controller.js +54 -0
package/dist/web/project.controller.js.map +1 -0
package/dist/web/pty.gateway.d.ts +32 -0
package/dist/web/pty.gateway.d.ts.map +1 -0
package/dist/web/pty.gateway.js +358 -0
package/dist/web/pty.gateway.js.map +1 -0
package/dist/web/search.service.d.ts +34 -0
package/dist/web/search.service.d.ts.map +1 -0
package/dist/web/search.service.js +106 -0
package/dist/web/search.service.js.map +1 -0
package/dist/web/task.controller.d.ts +54 -0
package/dist/web/task.controller.d.ts.map +1 -0
package/dist/web/task.controller.js +266 -0
package/dist/web/task.controller.js.map +1 -0
package/dist/web/web.module.d.ts +3 -0
package/dist/web/web.module.d.ts.map +1 -0
package/dist/web/web.module.js +97 -0
package/dist/web/web.module.js.map +1 -0
package/dist/web/worker-channel.gateway.d.ts +45 -0
package/dist/web/worker-channel.gateway.d.ts.map +1 -0
package/dist/web/worker-channel.gateway.js +283 -0
package/dist/web/worker-channel.gateway.js.map +1 -0
package/dist/web/worker.controller.d.ts +14 -0
package/dist/web/worker.controller.d.ts.map +1 -0
package/dist/web/worker.controller.js +73 -0
package/dist/web/worker.controller.js.map +1 -0
package/dist/web/workspace.controller.d.ts +109 -0
package/dist/web/workspace.controller.d.ts.map +1 -0
package/dist/web/workspace.controller.js +386 -0
package/dist/web/workspace.controller.js.map +1 -0
package/package.json +61 -0

package/dist/dispatcher/dispatcher.service.js ADDED Viewed

@@ -0,0 +1,1034 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var DispatcherService_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DispatcherService = void 0;
+const common_1 = require("@nestjs/common");
+const crypto = __importStar(require("node:crypto"));
+const protocol_1 = require("@overlordai/protocol");
+const task_repository_1 = require("../database/repositories/task.repository");
+const machine_repository_1 = require("../database/repositories/machine.repository");
+const project_repository_1 = require("../database/repositories/project.repository");
+const project_member_repository_1 = require("../database/repositories/project-member.repository");
+const worker_token_repository_1 = require("../database/repositories/worker-token.repository");
+const audit_log_repository_1 = require("../database/repositories/audit-log.repository");
+const developer_repository_1 = require("../database/repositories/developer.repository");
+const database_service_1 = require("../database/database.service");
+const auth_service_1 = require("../auth/auth.service");
+const crypto_service_1 = require("../common/crypto.service");
+const redis_service_1 = require("../redis/redis.service");
+const state_machine_1 = require("./state-machine");
+const dedup_service_1 = require("./dedup.service");
+const scheduler_service_1 = require("./scheduler.service");
+const worker_connection_manager_1 = require("./worker-connection.manager");
+const cleanup_service_1 = require("./cleanup.service");
+const workspace_repository_1 = require("../database/repositories/workspace.repository");
+let DispatcherService = DispatcherService_1 = class DispatcherService {
+    taskRepo;
+    machineRepo;
+    projectRepo;
+    projectMemberRepo;
+    workerTokenRepo;
+    auditLogRepo;
+    developerRepo;
+    databaseService;
+    authService;
+    cryptoService;
+    redis;
+    dedupService;
+    schedulerService;
+    workerConnectionManager;
+    cleanupService;
+    workspaceRepo;
+    logger = new common_1.Logger(DispatcherService_1.name);
+    constructor(taskRepo, machineRepo, projectRepo, projectMemberRepo, workerTokenRepo, auditLogRepo, developerRepo, databaseService, authService, cryptoService, redis, dedupService, schedulerService, workerConnectionManager, cleanupService, workspaceRepo) {
+        this.taskRepo = taskRepo;
+        this.machineRepo = machineRepo;
+        this.projectRepo = projectRepo;
+        this.projectMemberRepo = projectMemberRepo;
+        this.workerTokenRepo = workerTokenRepo;
+        this.auditLogRepo = auditLogRepo;
+        this.developerRepo = developerRepo;
+        this.databaseService = databaseService;
+        this.authService = authService;
+        this.cryptoService = cryptoService;
+        this.redis = redis;
+        this.dedupService = dedupService;
+        this.schedulerService = schedulerService;
+        this.workerConnectionManager = workerConnectionManager;
+        this.cleanupService = cleanupService;
+        this.workspaceRepo = workspaceRepo;
+    }
+    // ---------------------------------------------------------------------------
+    // handleCommand — unified entry point from adapters
+    // ---------------------------------------------------------------------------
+    async handleCommand(command) {
+        // Event-level dedup: checkEventDedup returns true if this is the first
+        // occurrence (Redis SET NX succeeded). False means the key already existed.
+        const isFirstOccurrence = await this.dedupService.checkEventDedup(command.eventId);
+        if (!isFirstOccurrence) {
+            this.logger.debug(`Duplicate event ${command.eventId}, discarding`);
+            return { success: false, message: 'Duplicate event' };
+        }
+        switch (command.type) {
+            case protocol_1.CommandType.DEVELOP:
+                return this.handleDevelopCommand(command);
+            case protocol_1.CommandType.CANCEL:
+                return this.handleCancelCommand(command);
+            case protocol_1.CommandType.RETRY:
+                return this.handleRetryCommand(command);
+            case protocol_1.CommandType.CONFIRM:
+                return this.handleConfirmCommand(command);
+            case protocol_1.CommandType.LIST:
+                return this.handleListCommand(command);
+            case protocol_1.CommandType.PROGRESS: {
+                const taskId = command.args.taskId;
+                if (!taskId) {
+                    return { success: false, message: 'taskId is required' };
+                }
+                const task = this.taskRepo.findById(taskId);
+                if (!task) {
+                    return { success: false, message: `Task #${taskId} not found` };
+                }
+                return { success: true, task };
+            }
+            case protocol_1.CommandType.LOGS: {
+                const taskId = command.args.taskId;
+                if (!taskId) {
+                    return { success: false, message: 'taskId is required' };
+                }
+                const task = this.taskRepo.findById(taskId);
+                if (!task) {
+                    return { success: false, message: `Task #${taskId} not found` };
+                }
+                return { success: true, task };
+            }
+            case protocol_1.CommandType.DRAIN:
+                return this.handleDrainCommand(command, true);
+            case protocol_1.CommandType.UNDRAIN:
+                return this.handleDrainCommand(command, false);
+            case protocol_1.CommandType.WORKSPACE: {
+                const taskId = command.args.taskId;
+                if (!taskId) {
+                    return { success: false, message: 'taskId is required' };
+                }
+                const task = this.taskRepo.findById(taskId);
+                if (!task) {
+                    return { success: false, message: `Task #${taskId} not found` };
+                }
+                return { success: true, task };
+            }
+            default:
+                return { success: false, message: `Unknown command type: ${command.type}` };
+        }
+    }
+    // ---------------------------------------------------------------------------
+    // Command handlers
+    // ---------------------------------------------------------------------------
+    async handleDevelopCommand(command) {
+        const { description, project: projectKeyOrAlias } = command.args;
+        if (!description) {
+            return { success: false, message: 'Description is required' };
+        }
+        const request = {
+            description,
+            projectKey: projectKeyOrAlias ?? '',
+            machineId: command.args.machine,
+            developerId: command.user.id,
+        };
+        try {
+            const task = await this.createTask(request, command.user.id, {
+                platform: command.platform,
+                msgId: command.source.msgId,
+                chatId: command.source.chatId,
+                appId: command.source.appId,
+            });
+            return { success: true, task };
+        }
+        catch (err) {
+            if (err instanceof common_1.ConflictException) {
+                // Fingerprint dedup — check if there is a pending confirm
+                const body = err.getResponse();
+                if (body && typeof body === 'object' && body['confirmRequired']) {
+                    return {
+                        success: false,
+                        confirmRequired: body['confirmRequired'],
+                    };
+                }
+            }
+            throw err;
+        }
+    }
+    async handleCancelCommand(command) {
+        const taskId = command.args.taskId;
+        if (!taskId) {
+            return { success: false, message: 'taskId is required' };
+        }
+        await this.cancelTask(taskId, command.user.id);
+        const task = this.taskRepo.findById(taskId);
+        return { success: true, task, message: `Task #${taskId} cancelled` };
+    }
+    async handleRetryCommand(command) {
+        const taskId = command.args.taskId;
+        if (!taskId) {
+            return { success: false, message: 'taskId is required' };
+        }
+        try {
+            const task = await this.retryTask(taskId, command.user.id);
+            return { success: true, task, message: `Task #${taskId} retried` };
+        }
+        catch (err) {
+            if (err instanceof common_1.ConflictException) {
+                const body = err.getResponse();
+                if (body && typeof body === 'object' && body['confirmRequired']) {
+                    return {
+                        success: false,
+                        confirmRequired: body['confirmRequired'],
+                    };
+                }
+            }
+            throw err;
+        }
+    }
+    async handleConfirmCommand(command) {
+        const taskId = command.args.taskId;
+        if (!taskId) {
+            return { success: false, message: 'taskId is required' };
+        }
+        // Resolve pending confirm from Redis.
+        // Priority: reply-to msgId association, fallback to #taskId lookup.
+        const pendingData = await this.resolvePendingConfirm(taskId, command.user.id, command.source.msgId);
+        if (!pendingData) {
+            return { success: false, message: 'No pending confirmation found or expired' };
+        }
+        if (pendingData.action === 'create_task' && pendingData.request) {
+            // Confirmed dedup override — create the task anyway
+            const task = await this.createTaskInternal(pendingData.request, pendingData.createdBy, pendingData.source, true);
+            return { success: true, task, message: 'Task created (dedup override)' };
+        }
+        if (pendingData.action === 'retry' && pendingData.taskId) {
+            // Confirmed retry with existing MR
+            const task = await this.executeRetry(pendingData.taskId, pendingData.createdBy);
+            return { success: true, task, message: `Task #${pendingData.taskId} retried (MR override)` };
+        }
+        return { success: false, message: 'Unknown confirm action' };
+    }
+    handleListCommand(command) {
+        const projectKey = command.args.project;
+        const tasks = this.taskRepo.findByStatus([
+            protocol_1.TaskStatus.QUEUED,
+            protocol_1.TaskStatus.ASSIGNED,
+            protocol_1.TaskStatus.RUNNING,
+            protocol_1.TaskStatus.SUSPENDED,
+        ]);
+        const filtered = projectKey
+            ? tasks.filter((t) => t.projectKey === projectKey)
+            : tasks;
+        return { success: true, tasks: filtered };
+    }
+    handleDrainCommand(command, drain) {
+        const machineName = command.args.machine;
+        if (!machineName) {
+            return { success: false, message: 'Machine name is required' };
+        }
+        const machine = this.machineRepo.findByName(machineName);
+        if (!machine) {
+            return { success: false, message: `Machine '${machineName}' not found` };
+        }
+        const developer = this.developerRepo.findById(command.user.id);
+        if (!developer || developer.role !== protocol_1.DeveloperRole.ADMIN) {
+            return { success: false, message: 'Only admins can drain/undrain machines' };
+        }
+        const newStatus = drain ? protocol_1.MachineStatus.DRAINING : protocol_1.MachineStatus.ONLINE;
+        this.machineRepo.updateStatus(machine.id, newStatus);
+        this.auditLogRepo.create({
+            userId: command.user.id,
+            action: drain ? 'machine_drain' : 'machine_undrain',
+            resource: `machine:${machine.id}`,
+            detail: `Machine '${machine.name}' ${drain ? 'drained' : 'undrained'}`,
+        });
+        return { success: true, message: `Machine '${machine.name}' ${drain ? 'drained' : 'undrained'}` };
+    }
+    // ---------------------------------------------------------------------------
+    // createTask
+    // ---------------------------------------------------------------------------
+    async createTask(request, createdBy, source) {
+        return this.createTaskInternal(request, createdBy, source, false);
+    }
+    async createTaskInternal(request, createdBy, source, skipDedup = false) {
+        // 1. Find project by key or alias
+        const project = this.resolveProject(request.projectKey);
+        if (!project) {
+            throw new common_1.NotFoundException(`Project '${request.projectKey}' not found`);
+        }
+        // 2. Authorization: check developer is a project member (or admin bypass)
+        const developer = this.developerRepo.findById(createdBy);
+        if (!developer) {
+            throw new common_1.NotFoundException(`Developer #${createdBy} not found`);
+        }
+        if (developer.role !== protocol_1.DeveloperRole.ADMIN) {
+            const membership = this.projectMemberRepo.findByProjectAndDeveloper(project.key, createdBy);
+            if (!membership) {
+                throw new common_1.ForbiddenException(`Developer '${developer.name}' is not a member of project '${project.key}'`);
+            }
+        }
+        // 3. Compute fingerprint and check dedup
+        const fingerprint = this.dedupService.computeFingerprint(project.key, request.description);
+        if (!skipDedup) {
+            const existingTask = this.taskRepo.findActiveByFingerprint(fingerprint);
+            if (existingTask) {
+                // Store pending confirm in Redis
+                const confirmKey = `pending_confirm:dedup:${crypto.randomUUID()}`;
+                const pendingData = JSON.stringify({
+                    action: 'create_task',
+                    request: { ...request, projectKey: project.key },
+                    createdBy,
+                    source,
+                    existingTaskId: existingTask.id,
+                });
+                await this.redis.setex(confirmKey, protocol_1.CONFIRM_PENDING_TTL_SEC, pendingData);
+                // Store index from taskId to confirmKey for lookup during confirm
+                await this.redis.setex(`pending_confirm_idx:task:${existingTask.id}`, protocol_1.CONFIRM_PENDING_TTL_SEC, confirmKey);
+                throw new common_1.ConflictException({
+                    message: `A similar task already exists: #${existingTask.id} (${existingTask.status})`,
+                    confirmRequired: {
+                        reason: 'duplicate_fingerprint',
+                        message: `Task #${existingTask.id} with the same description is already ${existingTask.status}. Create anyway?`,
+                        pendingAction: 'create_task',
+                        taskId: existingTask.id,
+                        confirmKey,
+                    },
+                });
+            }
+        }
+        // 4. Snapshot config (14 fields from project)
+        const configSnapshot = {
+            repoUrl: project.repoUrl,
+            gitPlatform: project.gitPlatform,
+            defaultBranch: project.defaultBranch,
+            workspaceRoot: project.workspaceRoot,
+            setupCommands: project.setupCommands,
+            testCommand: project.testCommand,
+            agentType: project.agentType,
+            agentCommand: project.agentCommand,
+            agentEnv: project.agentEnv,
+            allowedTools: project.allowedTools,
+            maxTurns: project.maxTurns,
+            skillsPath: project.skillsPath,
+            pipeline: project.pipeline,
+            ptyOutputFilter: project.ptyOutputFilter,
+        };
+        // 5. Insert task (QUEUED)
+        let task;
+        try {
+            task = this.taskRepo.create({
+                description: request.description,
+                fingerprint,
+                projectKey: project.key,
+                machineId: request.machineId,
+                developerId: request.developerId ?? createdBy,
+                configSnapshot: JSON.stringify(configSnapshot),
+                sourcePlatform: source?.platform,
+                sourceMsgId: source?.msgId,
+                sourceChatId: source?.chatId,
+                sourceAppId: source?.appId,
+                createdBy,
+            });
+        }
+        catch (err) {
+            // Catch UNIQUE constraint violation on fingerprint (concurrent create)
+            const errMsg = err instanceof Error ? err.message : String(err);
+            if (errMsg.includes('UNIQUE') || errMsg.includes('unique')) {
+                throw new common_1.ConflictException('A task with the same fingerprint was just created concurrently');
+            }
+            throw err;
+        }
+        // 6. Enqueue to BullMQ
+        await this.schedulerService.enqueueTask(task.id);
+        this.logger.log(`Task #${task.id} created for project '${project.key}' by developer #${createdBy}`);
+        this.auditLogRepo.create({
+            userId: createdBy,
+            action: 'task_create',
+            resource: `task:${task.id}`,
+            detail: `Created task for project '${project.key}': ${request.description.slice(0, 100)}`,
+        });
+        return task;
+    }
+    // ---------------------------------------------------------------------------
+    // cancelTask
+    // ---------------------------------------------------------------------------
+    async cancelTask(taskId, cancelledBy) {
+        const task = this.taskRepo.findById(taskId);
+        if (!task) {
+            throw new common_1.NotFoundException(`Task #${taskId} not found`);
+        }
+        // Validate transition
+        state_machine_1.TaskStateMachine.assertTransition(task.status, protocol_1.TaskStatus.CANCELLED);
+        switch (task.status) {
+            case protocol_1.TaskStatus.QUEUED: {
+                // Remove from BullMQ — task stays QUEUED until we set CANCELLED below
+                this.updateTaskStatusWithRetry(taskId, protocol_1.TaskStatus.CANCELLED, task.revision);
+                break;
+            }
+            case protocol_1.TaskStatus.RUNNING: {
+                // Send cancel to Worker via WS, wait ack with timeout
+                if (task.machineId) {
+                    const acked = await this.sendCancelToWorkerWithAck(task.machineId, taskId);
+                    if (!acked) {
+                        this.logger.warn(`Cancel ack timeout for task #${taskId} on machine ${task.machineId}, forcing cancel`);
+                    }
+                }
+                // Reload task to get latest revision (may have changed during ack wait)
+                const freshTask = this.taskRepo.findById(taskId);
+                if (freshTask && freshTask.status !== protocol_1.TaskStatus.CANCELLED) {
+                    this.updateTaskStatusWithRetry(taskId, protocol_1.TaskStatus.CANCELLED, freshTask.revision, { completedAt: new Date().toISOString() });
+                }
+                break;
+            }
+            case protocol_1.TaskStatus.ASSIGNED: {
+                // Re-read to catch ASSIGNED->RUNNING race between initial read and CAS
+                const freshAssigned = this.taskRepo.findById(taskId);
+                if (!freshAssigned || freshAssigned.status === protocol_1.TaskStatus.CANCELLED) {
+                    break;
+                }
+                state_machine_1.TaskStateMachine.assertTransition(freshAssigned.status, protocol_1.TaskStatus.CANCELLED);
+                // Send cancel to Worker if assigned, set CANCELLED
+                if (freshAssigned.machineId) {
+                    this.sendCancelToWorker(freshAssigned.machineId, taskId);
+                }
+                this.updateTaskStatusWithRetry(taskId, protocol_1.TaskStatus.CANCELLED, freshAssigned.revision, { completedAt: new Date().toISOString() });
+                break;
+            }
+            case protocol_1.TaskStatus.SUSPENDED: {
+                // Direct set CANCELLED — no Worker ack needed
+                this.updateTaskStatusWithRetry(taskId, protocol_1.TaskStatus.CANCELLED, task.revision, { completedAt: new Date().toISOString() });
+                break;
+            }
+            default:
+                throw new common_1.BadRequestException(`Cannot cancel task #${taskId} in status ${task.status}`);
+        }
+        this.auditLogRepo.create({
+            userId: cancelledBy,
+            action: 'task_cancel',
+            resource: `task:${taskId}`,
+            detail: `Cancelled task #${taskId} from status ${task.status}`,
+        });
+        // Schedule workspace cleanup for the cancelled task
+        if (task.machineId) {
+            const workspace = this.workspaceRepo.findByTaskId(taskId);
+            if (workspace) {
+                this.cleanupService.scheduleCleanup(taskId, task.machineId, workspace.path).catch((err) => {
+                    this.logger.error(`Failed to schedule cleanup for cancelled task #${taskId}: ${err instanceof Error ? err.message : String(err)}`);
+                });
+            }
+        }
+        this.logger.log(`Task #${taskId} cancelled by developer #${cancelledBy}`);
+    }
+    // ---------------------------------------------------------------------------
+    // retryTask
+    // ---------------------------------------------------------------------------
+    async retryTask(taskId, retriedBy) {
+        const task = this.taskRepo.findById(taskId);
+        if (!task) {
+            throw new common_1.NotFoundException(`Task #${taskId} not found`);
+        }
+        if (task.status !== protocol_1.TaskStatus.FAILED) {
+            throw new common_1.BadRequestException(`Cannot retry task #${taskId}: status is ${task.status}, expected FAILED`);
+        }
+        // Validate transition
+        state_machine_1.TaskStateMachine.assertTransition(task.status, protocol_1.TaskStatus.QUEUED);
+        // Check fingerprint conflict — another active task with same fingerprint
+        if (task.fingerprint) {
+            const conflicting = this.taskRepo.findActiveByFingerprint(task.fingerprint);
+            if (conflicting && conflicting.id !== taskId) {
+                throw new common_1.ConflictException(`Cannot retry: active task #${conflicting.id} has the same fingerprint`);
+            }
+        }
+        // Check for existing MR/PR on the branch (if branch exists)
+        if (task.branch && task.configSnapshot) {
+            const mrCheckResult = await this.checkExistingMergeRequest(task);
+            if (mrCheckResult) {
+                // Store pending confirm for retry with existing MR
+                const confirmKey = `pending_confirm:retry:${crypto.randomUUID()}`;
+                const pendingData = JSON.stringify({
+                    action: 'retry',
+                    taskId,
+                    createdBy: retriedBy,
+                });
+                await this.redis.setex(confirmKey, protocol_1.CONFIRM_PENDING_TTL_SEC, pendingData);
+                // Store index from taskId to confirmKey for lookup during confirm
+                await this.redis.setex(`pending_confirm_idx:task:${taskId}`, protocol_1.CONFIRM_PENDING_TTL_SEC, confirmKey);
+                throw new common_1.ConflictException({
+                    message: `Task #${taskId} branch '${task.branch}' has an open MR/PR`,
+                    confirmRequired: {
+                        reason: 'existing_mr',
+                        message: `Task #${taskId} branch '${task.branch}' has an open MR/PR (${mrCheckResult}). Retry will force push to the same branch. Continue?`,
+                        pendingAction: 'retry',
+                        taskId,
+                        mrUrl: mrCheckResult,
+                        confirmKey,
+                    },
+                });
+            }
+        }
+        return this.executeRetry(taskId, retriedBy);
+    }
+    async executeRetry(taskId, retriedBy) {
+        const task = this.taskRepo.findById(taskId);
+        if (!task) {
+            throw new common_1.NotFoundException(`Task #${taskId} not found`);
+        }
+        // CAS update: FAILED -> QUEUED
+        const updated = this.updateTaskStatusWithRetry(taskId, protocol_1.TaskStatus.QUEUED, task.revision, {
+            retryCount: task.retryCount + 1,
+            errorMessage: null,
+            machineId: null,
+            assignedAt: null,
+            startedAt: null,
+            completedAt: null,
+            currentStage: null,
+            currentSessionId: null,
+        });
+        if (!updated) {
+            throw new common_1.ConflictException(`Failed to retry task #${taskId}: concurrent modification`);
+        }
+        // Re-enqueue to BullMQ
+        await this.schedulerService.enqueueTask(taskId);
+        this.auditLogRepo.create({
+            userId: retriedBy,
+            action: 'task_retry',
+            resource: `task:${taskId}`,
+            detail: `Retried task #${taskId} (attempt ${task.retryCount + 1})`,
+        });
+        this.logger.log(`Task #${taskId} retried by developer #${retriedBy}`);
+        return this.taskRepo.findById(taskId);
+    }
+    // ---------------------------------------------------------------------------
+    // confirmStage — forward interactive stage confirm result to Worker
+    // ---------------------------------------------------------------------------
+    async confirmStage(taskId, stageIndex, result) {
+        const task = this.taskRepo.findById(taskId);
+        if (!task) {
+            throw new common_1.NotFoundException(`Task #${taskId} not found`);
+        }
+        if (task.status !== protocol_1.TaskStatus.RUNNING &&
+            task.status !== protocol_1.TaskStatus.SUSPENDED) {
+            throw new common_1.BadRequestException(`Task #${taskId} is not in a confirmable state (${task.status})`);
+        }
+        if (!task.machineId) {
+            throw new common_1.BadRequestException(`Task #${taskId} has no assigned machine`);
+        }
+        // Forward confirm response to Worker via WS
+        const frame = {
+            type: 'stage_confirm_response',
+            taskId,
+            stageIndex,
+            result,
+        };
+        const ws = this.workerConnectionManager.getConnection(task.machineId);
+        if (!ws || ws.readyState !== 1 /* WebSocket.OPEN */) {
+            throw new common_1.BadRequestException(`Worker for task #${taskId} is not connected`);
+        }
+        ws.send(JSON.stringify(frame));
+        // Set a short TTL on the stage confirm key instead of deleting immediately.
+        // This gives a 60-second window for retry if the worker doesn't process the message,
+        // while still ensuring eventual cleanup.
+        const stageConfirmKey = `confirm:stage:${taskId}:${stageIndex}`;
+        await this.redis.expire(stageConfirmKey, 60);
+        this.logger.log(`Stage confirm forwarded to Worker for task #${taskId}, stage ${stageIndex}`);
+    }
+    // ---------------------------------------------------------------------------
+    // getTask / listTasks
+    // ---------------------------------------------------------------------------
+    getTask(taskId) {
+        return this.taskRepo.findById(taskId);
+    }
+    listTasks(query) {
+        return this.taskRepo.listPaginated(query);
+    }
+    // ---------------------------------------------------------------------------
+    // registerWorker
+    // ---------------------------------------------------------------------------
+    async registerWorker(request) {
+        // 1. Parse token format: ovw_<id>_<secret>
+        const { tokenId, secret } = this.parseWorkerToken(request.token);
+        // 2. Find token by id, verify it's active and unused
+        const token = this.workerTokenRepo.findActiveUnused(tokenId);
+        if (!token) {
+            throw new common_1.UnauthorizedException('Invalid or already used worker token');
+        }
+        // 3. Verify bcrypt(secret, hash)
+        const secretValid = await this.cryptoService.comparePassword(secret, token.tokenHash);
+        if (!secretValid) {
+            throw new common_1.UnauthorizedException('Invalid worker token secret');
+        }
+        // 4. Validate protocol version (major must match)
+        this.validateProtocolVersion(request.protocolVersion);
+        // 5. Mark token as used
+        this.workerTokenRepo.markUsed(tokenId);
+        // 6. Create or update machine record
+        const machineId = request.machineId ?? crypto.randomUUID();
+        const isFirstRegistration = !request.machineId;
+        let machine = this.machineRepo.findById(machineId);
+        if (machine) {
+            // Update existing machine
+            this.machineRepo.updateStatus(machineId, protocol_1.MachineStatus.ONLINE);
+            this.machineRepo.updateTokenId(machineId, tokenId);
+        }
+        else {
+            // Create new machine
+            machine = this.machineRepo.create({
+                id: machineId,
+                name: request.machineName,
+                host: request.host,
+                port: request.port,
+                tokenId,
+                os: request.os,
+                cpuCores: request.cpuCores,
+                memoryGb: request.memoryGb,
+                capabilities: request.capabilities,
+                tags: request.tags,
+                protocolVersion: request.protocolVersion,
+            });
+        }
+        // 7. Generate recovery secret on first registration
+        let recoverySecret;
+        if (isFirstRegistration) {
+            recoverySecret = crypto.randomBytes(32).toString('hex');
+            const recoveryHash = await this.cryptoService.hashPassword(recoverySecret);
+            this.machineRepo.updateRecoverySecretHash(machineId, recoveryHash);
+        }
+        // 8. Sign Worker JWT
+        const jwt = this.authService.signWorkerJwt(machineId, tokenId);
+        this.auditLogRepo.create({
+            action: 'worker_register',
+            resource: `machine:${machineId}`,
+            detail: `Worker '${request.machineName}' registered (token #${tokenId}, first=${isFirstRegistration})`,
+        });
+        this.logger.log(`Worker '${request.machineName}' registered as ${machineId}`);
+        return {
+            jwt,
+            machineId,
+            recoverySecret,
+        };
+    }
+    // ---------------------------------------------------------------------------
+    // refreshWorkerToken
+    // ---------------------------------------------------------------------------
+    async refreshWorkerToken(request, currentJwt) {
+        const { machineId } = request;
+        // Verify tokenId matches the current JWT's tokenId
+        const machine = this.machineRepo.findById(machineId);
+        if (!machine) {
+            throw new common_1.NotFoundException(`Machine '${machineId}' not found`);
+        }
+        if (machine.tokenId !== currentJwt.tokenId) {
+            throw new common_1.UnauthorizedException('Token ID mismatch — token may have been revoked');
+        }
+        // Verify the token hasn't been revoked
+        const token = this.workerTokenRepo.findById(currentJwt.tokenId);
+        if (!token || token.status === 'revoked') {
+            throw new common_1.UnauthorizedException('Worker token has been revoked');
+        }
+        // Sign new Worker JWT
+        const jwt = this.authService.signWorkerJwt(machineId, currentJwt.tokenId);
+        this.logger.debug(`Worker JWT refreshed for machine ${machineId}`);
+        return { jwt };
+    }
+    // ---------------------------------------------------------------------------
+    // recoverWorker
+    // ---------------------------------------------------------------------------
+    async recoverWorker(request) {
+        const { machineId, machineName, recoverySecret } = request;
+        // 1. Find machine
+        const machine = this.machineRepo.findById(machineId);
+        if (!machine) {
+            throw new common_1.NotFoundException(`Machine '${machineId}' not found`);
+        }
+        // 2. Validate machine name matches
+        if (machine.name !== machineName) {
+            throw new common_1.UnauthorizedException('Machine name does not match the registered name');
+        }
+        // 3. Validate recovery secret hash exists
+        if (!machine.recoverySecretHash) {
+            throw new common_1.UnauthorizedException('No recovery secret configured for this machine');
+        }
+        // 4. Validate recovery secret
+        const secretValid = await this.cryptoService.comparePassword(recoverySecret, machine.recoverySecretHash);
+        if (!secretValid) {
+            throw new common_1.UnauthorizedException('Invalid recovery secret');
+        }
+        // 5. Atomically claim the recovery token via Redis GETDEL to prevent
+        //    race conditions where two concurrent recovery requests consume
+        //    the same token.
+        const recoveryClaimKey = `recovery_claim:${machineId}`;
+        // Set the claim key if not already present (first recovery wins)
+        const claimed = await this.redis.getClient().set(recoveryClaimKey, '1', 'EX', 30, 'NX');
+        if (claimed === null) {
+            throw new common_1.ConflictException('Recovery already in progress for this machine');
+        }
+        try {
+            // 6. Wrap SQLite updates in a transaction for atomicity
+            const db = this.databaseService.getDb();
+            const runRecoveryTransaction = db.transaction(() => {
+                // Update machine status to online
+                db.prepare('UPDATE machines SET status = ? WHERE id = ?')
+                    .run(protocol_1.MachineStatus.ONLINE, machineId);
+                // Record audit log
+                db.prepare(`INSERT INTO audit_logs (user_id, action, resource, detail)
+           VALUES (?, ?, ?, ?)`).run(null, 'worker_recover', `machine:${machineId}`, `Worker '${machineName}' recovered via recovery secret`);
+            });
+            runRecoveryTransaction();
+            // 7. Issue new token — sign Worker JWT with existing tokenId
+            const jwt = this.authService.signWorkerJwt(machineId, machine.tokenId);
+            this.logger.log(`Worker '${machineName}' (${machineId}) recovered via recovery secret`);
+            return { jwt, machineId };
+        }
+        finally {
+            // Clean up the claim key
+            await this.redis.del(recoveryClaimKey);
+        }
+    }
+    // ---------------------------------------------------------------------------
+    // issuePtyToken
+    // ---------------------------------------------------------------------------
+    issuePtyToken(taskId, aud) {
+        const task = this.taskRepo.findById(taskId);
+        if (!task) {
+            throw new common_1.NotFoundException(`Task #${taskId} not found`);
+        }
+        return this.authService.signChannelToken(taskId, aud);
+    }
+    // ---------------------------------------------------------------------------
+    // Helpers
+    // ---------------------------------------------------------------------------
+    resolveProject(keyOrAlias) {
+        if (!keyOrAlias) {
+            // Try default project
+            return this.projectRepo.findDefault();
+        }
+        // Try by key first
+        const byKey = this.projectRepo.findByKey(keyOrAlias);
+        if (byKey)
+            return byKey;
+        // Try by alias
+        return this.projectRepo.findByAlias(keyOrAlias);
+    }
+    parseWorkerToken(raw) {
+        // Format: ovw_<id>_<secret>
+        const match = /^ovw_(\d+)_(.+)$/.exec(raw);
+        if (!match) {
+            throw new common_1.UnauthorizedException('Invalid token format. Expected: ovw_<id>_<secret>');
+        }
+        return {
+            tokenId: parseInt(match[1], 10),
+            secret: match[2],
+        };
+    }
+    validateProtocolVersion(workerVersion) {
+        const [serverMajor] = protocol_1.PROTOCOL_VERSION.split('.');
+        const [workerMajor] = workerVersion.split('.');
+        if (serverMajor !== workerMajor) {
+            throw new common_1.BadRequestException(`Protocol version mismatch: server=${protocol_1.PROTOCOL_VERSION}, worker=${workerVersion}. Major version must match.`);
+        }
+        if (workerVersion !== protocol_1.PROTOCOL_VERSION) {
+            this.logger.warn(`Protocol minor version mismatch: server=${protocol_1.PROTOCOL_VERSION}, worker=${workerVersion}`);
+        }
+    }
+    /**
+     * Resolve a pending confirmation from Redis.
+     * Tries reply-to msgId lookup first, then taskId-based index.
+     * Validates that the confirming user matches the original creator.
+     * Consumes (deletes) the pending confirm on success.
+     */
+    async resolvePendingConfirm(taskId, userId, _msgId) {
+        // Look up the confirm key via taskId index (non-destructive read)
+        const indexKey = `pending_confirm_idx:task:${taskId}`;
+        const confirmKey = await this.redis.get(indexKey);
+        if (!confirmKey)
+            return null;
+        // Atomically consume the confirm data (GETDEL prevents double-confirm race)
+        const raw = await this.redis.getdel(confirmKey);
+        if (!raw)
+            return null;
+        let data;
+        try {
+            data = JSON.parse(raw);
+        }
+        catch {
+            return null;
+        }
+        // Validate user matches original creator.
+        // If auth fails the confirm data is already consumed (intentional —
+        // prevents an unauthorized user from probing indefinitely, and the
+        // confirm would have expired via TTL anyway).
+        if (data.createdBy !== userId) {
+            this.logger.warn(`Confirm attempt by user #${userId} but pending confirm belongs to user #${data.createdBy}`);
+            return null;
+        }
+        // Clean up the index key
+        await this.redis.del(indexKey);
+        return data;
+    }
+    /**
+     * Update task status with CAS retry (up to CAS_MAX_RETRIES).
+     * Returns true if successful, throws ConflictException on exhaustion.
+     */
+    updateTaskStatusWithRetry(taskId, status, initialRevision, extra) {
+        let revision = initialRevision;
+        for (let attempt = 0; attempt < protocol_1.CAS_MAX_RETRIES; attempt++) {
+            const success = this.taskRepo.updateStatus(taskId, status, revision, extra);
+            if (success)
+                return true;
+            // Reload task to get fresh revision
+            const freshTask = this.taskRepo.findById(taskId);
+            if (!freshTask) {
+                throw new common_1.NotFoundException(`Task #${taskId} not found during CAS retry`);
+            }
+            // If task already reached target status, that's fine
+            if (freshTask.status === status)
+                return true;
+            revision = freshTask.revision;
+        }
+        throw new common_1.ConflictException(`CAS retry exhausted for task #${taskId} after ${protocol_1.CAS_MAX_RETRIES} attempts`);
+    }
+    /**
+     * Send cancel frame to Worker and wait for ack within CANCEL_ACK_TIMEOUT_MS.
+     */
+    async sendCancelToWorkerWithAck(machineId, taskId) {
+        const msgId = crypto.randomUUID();
+        try {
+            await this.workerConnectionManager
+                .sendWithAck(machineId, { type: 'cancel', msgId, taskId }, protocol_1.CANCEL_ACK_TIMEOUT_MS);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Send cancel frame to Worker (fire and forget).
+     */
+    sendCancelToWorker(machineId, taskId) {
+        const msgId = crypto.randomUUID();
+        this.workerConnectionManager.send(machineId, {
+            type: 'cancel',
+            msgId,
+            taskId,
+        });
+    }
+    /**
+     * Check if the task's branch has an existing open MR/PR on the Git platform.
+     * Returns the MR/PR URL if found, null otherwise.
+     * On timeout or error, returns null (allows retry to proceed).
+     *
+     * Supports GitLab and GitHub APIs. Extracts the project path from the repo URL
+     * and queries the platform API for open merge/pull requests on the branch.
+     */
+    async checkExistingMergeRequest(task) {
+        if (!task.branch || !task.configSnapshot)
+            return null;
+        try {
+            const config = JSON.parse(task.configSnapshot);
+            const { repoUrl, gitPlatform } = config;
+            if (!repoUrl)
+                return null;
+            // Extract the project path from the repo URL.
+            const projectPath = this.extractProjectPath(repoUrl);
+            if (!projectPath) {
+                this.logger.warn(`Cannot extract project path from repo URL '${repoUrl}' for task #${task.id}`);
+                return task.mrUrl ?? null;
+            }
+            // Extract the base URL for API calls
+            const baseUrl = this.extractGitBaseUrl(repoUrl);
+            if (!baseUrl) {
+                this.logger.warn(`Cannot extract base URL from repo URL '${repoUrl}' for task #${task.id}`);
+                return task.mrUrl ?? null;
+            }
+            // Look up the git token. Since the DB schema does not currently include
+            // git_token_encrypted, use the GIT_TOKEN environment variable as fallback.
+            const gitToken = process.env.GIT_TOKEN || '';
+            if (!gitToken) {
+                this.logger.debug(`No GIT_TOKEN configured; skipping MR/PR API check for task #${task.id}`);
+                return task.mrUrl ?? null;
+            }
+            const abortController = new AbortController();
+            const timeout = setTimeout(() => abortController.abort(), 10_000);
+            try {
+                let mrUrl = null;
+                if (gitPlatform === 'gitlab') {
+                    mrUrl = await this.checkGitLabMergeRequest(baseUrl, projectPath, task.branch, gitToken, abortController.signal);
+                }
+                else if (gitPlatform === 'github') {
+                    mrUrl = await this.checkGitHubPullRequest(baseUrl, projectPath, task.branch, gitToken, abortController.signal);
+                }
+                else {
+                    this.logger.debug(`Unsupported git platform '${gitPlatform}' for MR/PR check on task #${task.id}`);
+                    return task.mrUrl ?? null;
+                }
+                return mrUrl;
+            }
+            finally {
+                clearTimeout(timeout);
+            }
+        }
+        catch (err) {
+            this.logger.warn(`MR/PR check failed for task #${task.id}: ${err instanceof Error ? err.message : String(err)}`);
+            // On error, allow retry to proceed
+            return null;
+        }
+    }
+    /**
+     * Query GitLab API for open merge requests on a branch.
+     * GET /api/v4/projects/:id/merge_requests?source_branch=...&state=opened
+     */
+    async checkGitLabMergeRequest(baseUrl, projectPath, branch, token, signal) {
+        const encodedPath = encodeURIComponent(projectPath);
+        const url = `${baseUrl}/api/v4/projects/${encodedPath}/merge_requests?source_branch=${encodeURIComponent(branch)}&state=opened&per_page=1`;
+        const response = await fetch(url, {
+            headers: {
+                'PRIVATE-TOKEN': token,
+                'Accept': 'application/json',
+            },
+            signal,
+        });
+        if (!response.ok) {
+            this.logger.warn(`GitLab MR check returned ${response.status} for project '${projectPath}', branch '${branch}'`);
+            return null;
+        }
+        const data = (await response.json());
+        if (Array.isArray(data) && data.length > 0 && data[0].web_url) {
+            this.logger.debug(`Found open GitLab MR for branch '${branch}': ${data[0].web_url}`);
+            return data[0].web_url;
+        }
+        return null;
+    }
+    /**
+     * Query GitHub API for open pull requests on a branch.
+     * GET /repos/:owner/:repo/pulls?head=owner:branch&state=open
+     */
+    async checkGitHubPullRequest(baseUrl, projectPath, branch, token, signal) {
+        const owner = projectPath.split('/')[0];
+        const apiBase = baseUrl === 'https://github.com'
+            ? 'https://api.github.com'
+            : `${baseUrl}/api/v3`;
+        const url = `${apiBase}/repos/${projectPath}/pulls?head=${encodeURIComponent(`${owner}:${branch}`)}&state=open&per_page=1`;
+        const response = await fetch(url, {
+            headers: {
+                'Authorization': `Bearer ${token}`,
+                'Accept': 'application/vnd.github+json',
+                'X-GitHub-Api-Version': '2022-11-28',
+            },
+            signal,
+        });
+        if (!response.ok) {
+            this.logger.warn(`GitHub PR check returned ${response.status} for project '${projectPath}', branch '${branch}'`);
+            return null;
+        }
+        const data = (await response.json());
+        if (Array.isArray(data) && data.length > 0 && data[0].html_url) {
+            this.logger.debug(`Found open GitHub PR for branch '${branch}': ${data[0].html_url}`);
+            return data[0].html_url;
+        }
+        return null;
+    }
+    /**
+     * Extract the project path (e.g. "group/project") from a git repo URL.
+     * Supports HTTPS and SSH formats.
+     */
+    extractProjectPath(repoUrl) {
+        // SSH format: git@host:path.git
+        const sshMatch = /^git@[^:]+:(.+?)(?:\.git)?$/.exec(repoUrl);
+        if (sshMatch)
+            return sshMatch[1];
+        // HTTPS format: https://host/path.git or https://host/path
+        try {
+            const parsed = new URL(repoUrl);
+            let path = parsed.pathname;
+            path = path.replace(/^\//, '').replace(/\.git$/, '');
+            return path || null;
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Extract the base URL (scheme + host) from a git repo URL.
+     */
+    extractGitBaseUrl(repoUrl) {
+        // SSH format: git@host:path -> https://host
+        const sshMatch = /^git@([^:]+):/.exec(repoUrl);
+        if (sshMatch)
+            return `https://${sshMatch[1]}`;
+        // HTTPS format
+        try {
+            const parsed = new URL(repoUrl);
+            return `${parsed.protocol}//${parsed.host}`;
+        }
+        catch {
+            return null;
+        }
+    }
+};
+exports.DispatcherService = DispatcherService;
+exports.DispatcherService = DispatcherService = DispatcherService_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [task_repository_1.TaskRepository,
+        machine_repository_1.MachineRepository,
+        project_repository_1.ProjectRepository,
+        project_member_repository_1.ProjectMemberRepository,
+        worker_token_repository_1.WorkerTokenRepository,
+        audit_log_repository_1.AuditLogRepository,
+        developer_repository_1.DeveloperRepository,
+        database_service_1.DatabaseService,
+        auth_service_1.AuthService,
+        crypto_service_1.CryptoService,
+        redis_service_1.RedisService,
+        dedup_service_1.DedupService,
+        scheduler_service_1.SchedulerService,
+        worker_connection_manager_1.WorkerConnectionManager,
+        cleanup_service_1.CleanupService,
+        workspace_repository_1.WorkspaceRepository])
+], DispatcherService);
+//# sourceMappingURL=dispatcher.service.js.map