@percena/weft 0.4.0-next.0 → 0.4.0-next.10

package/dist/index.d.ts

@@ -1,5 +1,9 @@
-export { AgentCommandSink, AgentEventStream, AgentRuntime, AgentRuntimeKind, AgentRuntimeState, AgentRuntimeStatus, AgentTimelineStream, RuntimeCapabilityReport, RuntimePolicyHook, SessionToolBridge, createRuntimeCapabilityReport, createRuntimeExtensionContext, invokeSessionTool, reduceRuntimeState, sanitizeProviderSourceTools, selectRuntimeCandidate };
-export { PermissionApproval, PermissionPolicy, PermissionScope, PolicyDecisionReceipt, PolicyLayer, PolicyRuleMatch, ToolIntent, ToolPolicyDecision, ToolPolicyRequest, createInMemoryApprovalStore, createPermissionPolicy, createPermissionPolicyFromConfig, createPolicyDecisionReceipt, createSourcePolicyLayer, evaluateToolPolicy, explainToolPolicy, validatePolicyConfig };
+export { AgentCommandSink, AgentEventStream, AgentRuntime, AgentRuntimeKind, AgentRuntimeState, AgentRuntimeStatus, AgentTimelineStream, SendMessageOptions };
+export { TimelineCursor, TimelineEnvelope, TimelineFetchRequest, TimelineFetchResult, TimelineItem, TimelinePermissionRequest, TimelinePermissionResolution };
+export { AgentSession, UseAgentSessionOptions, useAgentSession };
+export { CreateFlitroEmbedRuntimeOptions, createFlitroEmbedRuntime };
+export { AgentChatPanel, TimelineAgentChatPanel, useAgentChatSession, useTimelineAgentChatSession };
+export { EN_FALLBACK };
 
 // ── inlined from @weft/core ──
 // -- @weft/core/index.d.ts --
@@ -3092,273 +3096,582 @@ declare function createRuntimeCapabilityReport(options: CreateRuntimeCapabilityR
 
 export { type AgentCommandSink, type AgentEventStream, type AgentRuntime, type AgentRuntimeKind, type AgentRuntimeOptions, type AgentRuntimeState, type AgentRuntimeStatus, type AgentTimelineStream, type BrowserActionReceipt, type BrowserActionRequest, type CodexPermissionParams, type CommandOrigin, type CommandReceipt, type CreateRuntimeCapabilityReportOptions, type CreateSkillRequest, type CreateSkillResult, type CreateSourceRequest, type CreateSourceResult, type DeleteSkillRequest, type DeleteSkillResult, type DeleteSourceRequest, type DeleteSourceResult, type GetAutomationsConfigRequest, type GetAutomationsConfigResult, type GetSkillRequest, type GetSkillResult, type GetSourceRequest, type GetSourceResult, type InterSessionMessageRequest, type InvokeSessionToolOptions, type ListSchedulesRequest, type ListSchedulesResult, type ListSkillsRequest, type ListSkillsResult, type ListSourcesRequest, type ListSourcesResult, type LlmToolRequest, type LlmToolResult, type ProviderAuthDetection, type ProviderAuthMode, type ProviderSourceCredentialRef, type ProviderSourceToolDescriptor, RUNTIME_KINDS, type RuntimeAction, type RuntimeAuthDetection, type RuntimeAutomationCapabilities, type RuntimeCandidate, type RuntimeCapabilityReport, type RuntimeExtensionCapabilities, type RuntimeExtensionContext, type RuntimeFeatureCapabilities, type RuntimeHostServices, type RuntimeHostToolCapabilities, type RuntimePermissionScope, type RuntimePermissionScopeInput, type RuntimePolicyCapabilities, type RuntimePolicyExtension, type RuntimePolicyHook, type RuntimeSelection, type RuntimeSelectionOptions, type RuntimeSkillCapabilities, type RuntimeSourceCapabilities, type RuntimeToolIntent, type ScheduleSummary, type SendMessageOptions, type SessionListRequest, type SessionListResult, type SessionMetadataPatch, type SessionMetadataSnapshot, type SessionToolBridge, type SessionToolInvocationReceipt, type SessionToolName, type SessionToolRequest, type SessionToolTimelineRef, type SkillSelection, type SkillSummary, type SourceActivationReceipt, type SourceActivationRequest, type SourceAuthReceipt, type SourceAuthRequest, type SourceSelection, type SourceSummary, type SpawnSessionReceipt, type SpawnSessionRequest, type StartScheduleRequest, type StartScheduleResult, type StopScheduleRequest, type StopScheduleResult, type SubmitPlanReceipt, type SubmitPlanRequest, type ToolPolicyDecision, type ToolPolicyRequest, type UpdateAutomationsConfigRequest, type UpdateAutomationsConfigResult, type UpdateSkillRequest, type UpdateSkillResult, type UpdateSourceRequest, type UpdateSourceResult, createRuntimeCapabilityReport, createRuntimeExtensionContext, initialRuntimeState, invokeSessionTool, mapCodexSandboxModeToSandboxPolicy, mapPermissionModeToCodexParams, reduceRuntimeState, sanitizeProviderSourceTools, selectRuntimeCandidate };
 
-// ── inlined from @weft/policy ──
-// -- @weft/policy/index.d.ts --
-
-type ToolPolicyDecision = {
-    decision: 'allow';
-} | {
-    decision: 'ask';
-    reason: string;
-} | {
-    decision: 'deny';
-    reason: string;
-};
-type ToolIntent = {
-    kind: 'bash';
-    command: string;
-    baseCommand: string;
-} | {
-    kind: 'file_write';
-    path: string;
-    toolName: string;
-} | {
-    kind: 'mcp';
-    name: string;
-} | {
-    kind: 'api';
-    method: string;
-    path: string;
-    url?: string;
-} | {
-    kind: 'unknown';
-    toolName: string;
-};
-interface PolicyRuleMatch {
-    layerId: string;
-    ruleType: 'bash-pattern' | 'mcp-pattern' | 'api-endpoint' | 'write-path' | 'blocked-command-hint';
-    pattern: string;
-}
-type ToolPolicyExplanation = ToolPolicyDecision & {
-    intent: ToolIntent;
-    matchedRule?: PolicyRuleMatch;
-    hint?: string;
-    tryInstead?: string[];
-    hintContext?: string;
-};
+// ── inlined from @weft/client ──
+// -- @weft/client/index.d.ts --
 /**
- * Policy decision receipt — a full audit record for every allow/ask/deny decision.
+ * Structural timeline types.
  *
- * Required by §11.8.2: each policy decision must produce a machine-readable receipt
- * with requestId, matchedRule, scope, origin, ttl, and explain, plus timelineRef
- * for cross-referencing with the canonical timeline.
+ * These mirror `@weft/timeline`'s `TimelineEnvelope` and `@weft/runtime-core`'s
+ * `AgentTimelineStream` so this package stays zero-dependency. TypeScript's
+ * structural typing keeps them interchangeable with the Weft originals: the
+ * `item` payload is left as `unknown` here (the SSE protocol does not constrain
+ * it), and `@weft/provider-flitro` narrows it when bridging into a runtime.
  */
-interface PolicyDecisionReceipt {
-    /** Unique request identifier for audit trail */
-    requestId: string;
-    /** The policy decision (allow/ask/deny) */
-    decision: ToolPolicyDecision;
-    /** Full explain output used to derive the receipt */
-    explain: ToolPolicyExplanation;
-    /** The tool intent that was evaluated */
-    intent: ToolIntent;
-    /** Which rule matched (if any) */
-    matchedRule?: PolicyRuleMatch;
-    /** The scope in which the decision applies */
-    scope?: PermissionScopeInput;
-    /** Who or what originated the request */
-    origin?: PermissionApprovalOrigin;
-    /** How long the allow decision is valid (ms since epoch), if applicable */
-    ttl?: number;
-    /** Blocked command hint for deny decisions */
-    hint?: string;
-    /** Timeline envelope references for audit cross-referencing */
-    timelineRefs?: Array<{
-        epoch: string;
-        seq: number;
-    }>;
-}
-interface CreatePolicyDecisionReceiptOptions {
-    requestId: string;
-    policy: PermissionPolicy;
-    request: ToolPolicyRequest;
-    origin?: PermissionApprovalOrigin;
-    ttl?: number;
-    timelineRefs?: Array<{
-        epoch: string;
-        seq: number;
-    }>;
-}
-type PermissionScope = {
-    type: 'session';
+interface TimelineEnvelope<TItem = unknown> {
     sessionId: string;
-} | {
-    type: 'workspace';
-    workspaceId: string;
-} | {
-    type: 'source';
-    sourceSlug: string;
-} | {
-    type: 'skill';
-    skillSlug: string;
-} | {
-    type: 'automation';
-    automationId: string;
-} | {
-    type: 'tool-call';
-    callId: string;
-};
-type PermissionScopeInput = string | PermissionScope;
-type PermissionApprovalOrigin = {
-    type: 'user';
-    id?: string;
-} | {
-    type: 'automation';
-    id: string;
-} | {
-    type: 'system';
-    id?: string;
-};
-interface AlwaysAllowRule {
-    toolName: string;
-    scope?: PermissionScopeInput;
-}
-interface ApiEndpointRule {
-    method: string;
-    pattern: string;
-}
-interface BlockedCommandHintRule {
-    command: string;
-    reason: string;
-    whenNotMatching?: string;
-    tryInstead?: string[];
-    context?: string;
-}
-interface PolicyRuleSet {
-    allowedBashPatterns?: string[];
-    allowedMcpPatterns?: string[];
-    allowedApiEndpoints?: ApiEndpointRule[];
-    allowedWritePaths?: string[];
-    blockedCommandHints?: BlockedCommandHintRule[];
-}
-interface PolicyLayer {
-    id: string;
-    rules: PolicyRuleSet;
-    scope?: PermissionScopeInput;
+    provider: string;
+    seq: number;
+    epoch: string;
+    timestamp: number;
+    item: TItem;
+    rawRef?: unknown;
 }
-interface PermissionApproval {
-    id: string;
-    toolName: string;
-    scope: PermissionScope;
-    origin: PermissionApprovalOrigin;
-    createdAt?: number;
-    expiresAt?: number;
+interface TimelineStream {
+    connect(onEvent: (event: TimelineEnvelope) => void, onError?: (error: Error) => void, onClose?: () => void): void;
+    disconnect(): void;
+    isConnected(): boolean;
 }
-interface PermissionApprovalStore {
-    remember(approval: PermissionApproval): void;
-    revoke(id: string): void;
-    snapshot(): PermissionApproval[];
+
+/**
+ * WeftHttpClient
+ *
+ * Typed HTTP client for the Weft Server REST API.
+ * All methods map 1-to-1 with the server's HTTP endpoints.
+ */
+interface WeftHttpClientOptions {
+    /** Base URL of the Weft server, e.g. http://localhost:8080 */
+    baseUrl: string;
+    /** Optional bearer token for API-key auth */
+    apiKey?: string;
+    /** Optional tenant ID header */
+    tenantId?: string;
+    /** Optional timeout in milliseconds (default: 30000) */
+    timeout?: number;
+    /**
+     * Scoped embed session token minted by the host backend via
+     * `POST /v1/embed/sessions`. Sent as the Authorization bearer; the token
+     * already carries tenant and session scope, so apiKey/tenantId are not
+     * needed (and are ignored) when it is set.
+     */
+    token?: string;
+    /**
+     * Called when the server rejects the scoped token (HTTP 401, typically
+     * expiry). Return a fresh token (e.g. by re-asking the host backend) and
+     * the failed request is retried once; return undefined to surface the 401.
+     */
+    onTokenExpired?: () => Promise<string | undefined> | string | undefined;
 }
-interface PermissionPolicy {
-    mode: PermissionMode;
-    alwaysAllow: AlwaysAllowRule[];
-    approvals: PermissionApproval[];
-    layers: PolicyLayer[];
+interface CreateEmbedSessionResponse {
+    session_id: string;
+    token: string;
+    expires_at: number;
+    base_url?: string;
 }
-interface CreatePermissionPolicyOptions {
-    mode?: PermissionMode;
-    alwaysAllow?: AlwaysAllowRule[];
-    approvals?: PermissionApproval[];
-    layers?: PolicyLayer[];
+interface RefreshEmbedTokenResponse {
+    session_id?: string;
+    token: string;
+    expires_at: number;
+}
+interface WeftSession {
+    session_id: string;
+    tenant_id: string;
+    app_id?: string;
+    external_account_id?: string;
+    external_user_id?: string;
+    principal_id?: string;
+    auth_method?: string;
+    project_id?: string;
+    workspace_id?: string;
+    title: string;
+    status: string;
+    labels?: string[];
+    flagged?: boolean;
+    topic?: string;
+    config_snapshot: unknown;
+    summary_snapshot?: unknown;
+    created_at: string;
+    updated_at: string;
+}
+interface WeftRun {
+    run_id: string;
+    session_id: string;
+    tenant_id?: string;
+    app_id?: string;
+    external_account_id?: string;
+    external_user_id?: string;
+    parent_run_id?: string;
+    status: string;
+    execution_mode: string;
+    permission_envelope?: string;
+    input_message: string;
+    config_snapshot?: unknown;
+    model_profile?: string;
+    skill_names?: string[];
+    budget?: {
+        max_steps?: number;
+        max_tokens?: number;
+        max_wall_time_sec?: number;
+    };
+    error?: string;
+    started_at?: string;
+    finished_at?: string;
+    created_at: string;
+    updated_at: string;
 }
-interface CreateSourcePolicyLayerOptions {
-    sourceSlug: string;
-    rules: PolicyRuleSet;
-    id?: string;
+interface WeftCapabilityReport {
+    provider: string;
+    runtimeKind: string;
+    selected: string;
+    fallback: boolean;
+    auth: {
+        mode: string;
+        configured: boolean;
+        source: string;
+        accountPresent?: boolean;
+        method?: string;
+        provider?: string;
+        error?: string;
+    };
+    features: string[];
+    policyCapabilities: Record<string, unknown>;
+    sourceCapabilities: Record<string, unknown>;
+    skillCapabilities: Record<string, unknown>;
+    automationCapabilities: Record<string, unknown>;
+    hostToolCapabilities: Record<string, unknown>;
+}
+interface WeftPatchSessionOptions {
+    title?: string;
+    status?: string;
+    labels?: string[];
+    flagged?: boolean;
+    topic?: string;
 }
-interface PolicyConfigLayer {
+interface WeftModelInfo {
     id: string;
-    sourceSlug?: string;
-    scope?: PermissionScopeInput;
-    rules: PolicyRuleSet;
-}
-interface PolicyConfigFile {
-    mode?: PermissionMode;
-    alwaysAllow?: AlwaysAllowRule[];
-    approvals?: PermissionApproval[];
-    layers?: PolicyConfigLayer[];
+    provider: string;
+    display_name?: string;
+    aliases?: string[];
+    capabilities: Record<string, unknown>;
 }
-interface PolicyConfigIssue {
-    path: string;
-    message: string;
-    suggestion?: string;
+interface WeftModelListResult {
+    models: WeftModelInfo[];
+    default?: string;
 }
-interface PolicyConfigValidationResult {
-    valid: boolean;
-    errors: PolicyConfigIssue[];
-    warnings: PolicyConfigIssue[];
+interface WeftTimelineItem {
+    sessionId: string;
+    provider: string;
+    seq: number;
+    epoch: string;
+    timestamp: number;
+    item: Record<string, unknown>;
 }
-interface CreatePermissionPolicyFromConfigResult {
-    validation: PolicyConfigValidationResult;
-    policy?: PermissionPolicy;
+interface WeftTimelineFetchResult {
+    items: WeftTimelineItem[];
+    nextCursor: {
+        epoch: string;
+        afterSeq: number;
+    };
+    hasGap: boolean;
 }
-interface ToolPolicyRequest {
-    toolName: string;
-    input?: Record<string, unknown>;
-    toolIntent?: ToolIntent;
-    scope?: PermissionScopeInput;
+declare class WeftHttpClient {
+    private readonly baseUrl;
+    private readonly timeout;
+    private readonly apiKey;
+    private readonly tenantId;
+    private readonly onTokenExpired?;
+    private token;
+    private readonly embedMode;
+    constructor(options: WeftHttpClientOptions);
+    private sessionPath;
+    /** Current Authorization bearer (scoped token wins over apiKey). */
+    getBearerToken(): string;
+    /** Replace the scoped token (e.g. after a host-backend refresh). */
+    setToken(token: string): void;
+    private buildHeaders;
+    preflight(): Promise<WeftCapabilityReport>;
+    health(): Promise<{
+        status: string;
+    }>;
+    createSession(options?: {
+        title?: string;
+        model?: string;
+        skillNames?: string[];
+        mcpServerNames?: string[];
+    }): Promise<WeftSession>;
+    getSession(sessionId: string): Promise<WeftSession>;
+    sendMessage(sessionId: string, message: string, options?: {
+        model?: string;
+        skillNames?: string[];
+        mcpServerNames?: string[];
+        toolNames?: string[];
+        approvalPolicy?: string;
+        executionMode?: string;
+        workspaceId?: string;
+        budget?: {
+            maxSteps?: number;
+            maxTokens?: number;
+            maxWallTimeSec?: number;
+        };
+    }): Promise<WeftRun>;
+    cancelRun(runId: string): Promise<{
+        status: string;
+    }>;
+    /**
+     * Refresh a session's scoped embed token from the developer backend
+     * (tenant API key bearer). `expires_at` is Unix seconds, matching
+     * server-go/internal/api/handlers_embed.go CreateEmbedSessionResponse.
+     */
+    refreshSessionToken(sessionId: string, options?: {
+        ttlSeconds?: number;
+        credential?: unknown;
+    }): Promise<RefreshEmbedTokenResponse>;
+    resumeTool(runId: string, resumeData: Record<string, unknown>): Promise<{
+        status: string;
+    }>;
+    respondToPermission(sessionId: string, requestId: string, allowed: boolean, options?: {
+        remember?: boolean;
+        text?: string;
+        answer?: unknown;
+    }): Promise<{
+        ok: boolean;
+        type: string;
+        requestId: string;
+    }>;
+    patchSession(sessionId: string, patch: WeftPatchSessionOptions): Promise<WeftSession>;
+    listModels(): Promise<WeftModelListResult>;
+    fetchTimeline(sessionId: string, afterSeq?: number, limit?: number): Promise<WeftTimelineFetchResult>;
+    /** Returns the SSE stream URL for a session's canonical timeline. */
+    sessionTimelineUrl(sessionId: string): string;
+    private get;
+    private post;
+    private patch;
+    private request;
 }
-interface CreateApprovalStoreOptions {
+
+/**
+ * WeftSseTimelineStream
+ *
+ * Consumes the session-scoped SSE timeline endpoint and exposes it as
+ * a Weft TimelineStream. Handles reconnection with cursor tracking.
+ */
+
+interface WeftSseTimelineStreamOptions {
+    /** Full URL to the session timeline SSE endpoint */
+    url: string;
+    /** Optional bearer token */
+    apiKey?: string;
+    /** Optional tenant ID header */
+    tenantId?: string;
+    /** Reconnect delay in ms (default: 1500) */
+    reconnectDelayMs?: number;
+    /** Maximum reconnect attempts (default: 20) */
+    maxReconnectAttempts?: number;
+    /** Starting afterSeq cursor for gap-aware reconnection */
+    initialAfterSeq?: number;
     now?: () => number;
+    /**
+     * Returns the current Authorization bearer (e.g. a scoped embed token that
+     * may rotate). Wins over apiKey when it returns a non-empty value.
+     */
+    getBearerToken?: () => string;
+    /**
+     * Called when the stream is rejected with HTTP 401. Return a fresh token to
+     * resume streaming (also update the HTTP client), or undefined to give up.
+     */
+    onTokenExpired?: () => Promise<string | undefined> | string | undefined;
+}
+declare class WeftSseTimelineStream implements TimelineStream {
+    private listeners;
+    private eventSource;
+    private disposed;
+    private reconnectAttempts;
+    private afterSeq;
+    private readonly getBearerToken?;
+    private readonly options;
+    constructor(options: WeftSseTimelineStreamOptions);
+    connect(onEvent: (event: TimelineEnvelope) => void, onError?: (error: Error) => void, onClose?: () => void): void;
+    disconnect(): void;
+    isConnected(): boolean;
+    private openEventSource;
+    private closeEventSource;
+    private scheduleReconnect;
+    private emitError;
+}
+/**
+ * In Node.js environments (Node 18+) EventSource may not be available globally.
+ * This minimal polyfill wraps the fetch API for SSE consumption.
+ */
+declare class WeftFetchSseTimelineStream implements TimelineStream {
+    private listeners;
+    private abortController;
+    private connected;
+    private disposed;
+    private afterSeq;
+    private reconnectAttempts;
+    private tokenOverride;
+    private readonly getBearerToken?;
+    private readonly onTokenExpired?;
+    private readonly options;
+    constructor(options: WeftSseTimelineStreamOptions);
+    connect(onEvent: (event: TimelineEnvelope) => void, onError?: (error: Error) => void, onClose?: () => void): void;
+    disconnect(): void;
+    isConnected(): boolean;
+    private buildUrl;
+    private buildHeaders;
+    private startFetch;
+    private scheduleReconnect;
+    private emitError;
 }
-declare function createPermissionPolicy(options?: CreatePermissionPolicyOptions): PermissionPolicy;
-declare function createSourcePolicyLayer(options: CreateSourcePolicyLayerOptions): PolicyLayer;
-declare function validatePolicyConfig(input: unknown): PolicyConfigValidationResult;
-declare function createPermissionPolicyFromConfig(input: unknown): CreatePermissionPolicyFromConfigResult;
-declare function evaluateToolPolicy(policy: PermissionPolicy, request: ToolPolicyRequest): ToolPolicyDecision;
-declare function createPolicyDecisionReceipt(options: CreatePolicyDecisionReceiptOptions): PolicyDecisionReceipt;
-declare function explainToolPolicy(policy: PermissionPolicy, request: ToolPolicyRequest): ToolPolicyExplanation;
-declare function createInMemoryApprovalStore(options?: CreateApprovalStoreOptions): PermissionApprovalStore;
-interface BlockedCommandHintResult {
-    reason: string;
-    match: PolicyRuleMatch;
-    tryInstead?: string[];
-    context?: string;
+/**
+ * Create an SSE stream for the timeline endpoint.
+ * Always uses the fetch-based implementation so credentials are sent via
+ * Authorization header rather than URL query parameters.
+ */
+declare function createTimelineStream(options: WeftSseTimelineStreamOptions): TimelineStream;
+
+/**
+ * WeftClient — the public L2 ("headless") contract.
+ *
+ * A thin namespaced facade over WeftHttpClient + the SSE timeline stream:
+ *
+ * ```ts
+ * const client = new WeftClient({ server, token })
+ * const stream = client.timeline.subscribe(sessionId)   // SSE, auto-reconnect
+ * for await (const envelope of stream) render(envelope)
+ * await client.runs.create(sessionId, { message: '买一个机械键盘并付款' })
+ * ```
+ */
+
+interface WeftClientOptions {
+    /** Base URL of the agent server, e.g. https://agents.example.com */
+    server: string;
+    /**
+     * Scoped embed-session token minted by your backend
+     * (`POST /v1/embed/sessions`). Carries tenant + session scope.
+     */
+    token?: string;
+    /** Developer API key (server-side use; prefer `token` in browsers). */
+    apiKey?: string;
+    /** Tenant ID header for apiKey auth (ignored when `token` is set). */
+    tenantId?: string;
+    /** Request timeout in milliseconds (default 30000). */
+    timeout?: number;
+    /**
+     * Called on HTTP 401 with a scoped token. Return a fresh token (e.g. by
+     * re-asking your backend) to retry once; return undefined to surface the 401.
+     */
+    onTokenExpired?: WeftHttpClientOptions['onTokenExpired'];
+}
+interface TimelineSubscription extends TimelineStream, AsyncIterable<TimelineEnvelope> {
+}
+declare class WeftClient {
+    /** The underlying 1:1 HTTP client, for endpoints not wrapped below. */
+    readonly http: WeftHttpClient;
+    private readonly options;
+    constructor(options: WeftClientOptions);
+    /** Replace the scoped token (e.g. after a backend-driven refresh). */
+    setToken(token: string): void;
+    readonly sessions: {
+        create: (options?: Parameters<WeftHttpClient["createSession"]>[0]) => Promise<WeftSession>;
+        get: (sessionId: string) => Promise<WeftSession>;
+        patch: (sessionId: string, patch: WeftPatchSessionOptions) => Promise<WeftSession>;
+        respondToPermission: (sessionId: string, requestId: string, allowed: boolean, options?: {
+            remember?: boolean;
+            text?: string;
+            answer?: unknown;
+        }) => Promise<{
+            ok: boolean;
+            type: string;
+            requestId: string;
+        }>;
+    };
+    readonly runs: {
+        create: (sessionId: string, options: {
+            message: string;
+        } & NonNullable<Parameters<WeftHttpClient["sendMessage"]>[2]>) => Promise<WeftRun>;
+        cancel: (runId: string) => Promise<{
+            status: string;
+        }>;
+        resumeTool: (runId: string, resumeData: Record<string, unknown>) => Promise<{
+            status: string;
+        }>;
+    };
+    readonly timeline: {
+        fetch: (sessionId: string, afterSeq?: number, limit?: number) => Promise<WeftTimelineFetchResult>;
+        /**
+         * Subscribe to the session's SSE timeline. Reconnects automatically with
+         * cursor tracking; usable both callback-style (`connect`) and as an
+         * async iterable (`for await`).
+         */
+        subscribe: (sessionId: string, options?: Partial<Omit<WeftSseTimelineStreamOptions, "url">>) => TimelineSubscription;
+    };
 }
 
-export { type AlwaysAllowRule, type ApiEndpointRule, type BlockedCommandHintResult, type BlockedCommandHintRule, type CreateApprovalStoreOptions, type CreatePermissionPolicyFromConfigResult, type CreatePermissionPolicyOptions, type CreatePolicyDecisionReceiptOptions, type CreateSourcePolicyLayerOptions, type PermissionApproval, type PermissionApprovalOrigin, type PermissionApprovalStore, type PermissionPolicy, type PermissionScope, type PermissionScopeInput, type PolicyConfigFile, type PolicyConfigIssue, type PolicyConfigLayer, type PolicyConfigValidationResult, type PolicyDecisionReceipt, type PolicyLayer, type PolicyRuleMatch, type PolicyRuleSet, type ToolIntent, type ToolPolicyDecision, type ToolPolicyExplanation, type ToolPolicyRequest, createInMemoryApprovalStore, createPermissionPolicy, createPermissionPolicyFromConfig, createPolicyDecisionReceipt, createSourcePolicyLayer, evaluateToolPolicy, explainToolPolicy, validatePolicyConfig };
+export { type CreateEmbedSessionResponse, type RefreshEmbedTokenResponse, type TimelineEnvelope, type TimelineStream, type TimelineSubscription, type WeftCapabilityReport, WeftClient, type WeftClientOptions, WeftFetchSseTimelineStream, WeftHttpClient, type WeftHttpClientOptions, type WeftModelInfo, type WeftModelListResult, type WeftPatchSessionOptions, type WeftRun, type WeftSession, WeftSseTimelineStream, type WeftSseTimelineStreamOptions, type WeftTimelineFetchResult, type WeftTimelineItem, createTimelineStream };
 
-// -- @weft/policy/loader.d.ts --
-import '@weft/core';
+// ── inlined from @weft/provider-flitro ──
+// -- @weft/provider-flitro/index.d.ts --
 
-interface PolicyFileContents {
-    allowedBashPatterns?: string[];
-    allowedMcpPatterns?: string[];
-    allowedApiEndpoints?: ApiEndpointRule[];
-    allowedWritePaths?: string[];
-    blockedCommandHints?: BlockedCommandHintRule[];
-}
-interface PolicyFileLoadResult {
-    rules: PolicyRuleSet;
-    path: string;
-    errors: string[];
+/**
+ * FlitroProviderRuntimeDriver
+ *
+ * Sends messages to the Flitro Go server and routes permission responses back.
+ * Implements the same driver interface pattern as provider-claude's
+ * ClaudeProviderRuntimeDriver.
+ */
+
+interface FlitroDriverInput {
+    message: string;
+    options?: SendMessageOptions;
 }
-interface LoadPolicyLayersOptions {
-    globalPath?: string;
-    workspacePath?: string;
+interface FlitroProviderRuntimeDriver {
+    sendMessage(input: FlitroDriverInput, sequencer: TimelineSequencer): Promise<void>;
+    abort?(reason?: string): Promise<void>;
+    respondToPermission?(requestId: string, allowed: boolean, remember?: boolean): Promise<void>;
+    resumeTool?(runId: string, resumeData: Record<string, unknown>): Promise<void>;
+    dispose?(): Promise<void>;
 }
-declare function loadPolicyFile(filePath: string): Promise<PolicyFileLoadResult>;
-declare function loadPolicyLayers(options?: LoadPolicyLayersOptions): Promise<{
-    layers: PolicyLayer[];
-    errors: string[];
-}>;
+interface CreateFlitroDriverOptions {
+    client: WeftHttpClient;
+    sessionId: string;
+    /** LLM model override sent to Flitro */
+    model?: string;
+    /** Skill names to activate for each message */
+    skillNames?: string[];
+    /** MCP server names to attach */
+    mcpServerNames?: string[];
+    /** Default approval policy: "never", "on-request", "always", "auto" */
+    approvalPolicy?: string;
+}
+/**
+ * Creates a runtime driver that delegates to the Flitro server.
+ *
+ * sendMessage creates a Flitro Run (one message = one turn = one Run).
+ * The timeline events flow back via the SSE stream set up separately.
+ */
+declare function createFlitroDriver(options: CreateFlitroDriverOptions): FlitroProviderRuntimeDriver;
 
-export { type LoadPolicyLayersOptions, type PolicyFileContents, type PolicyFileLoadResult, loadPolicyFile, loadPolicyLayers };
+/**
+ * FlitroCapabilityProbe
+ *
+ * Detects whether a Flitro server is reachable and authenticated, then
+ * builds the RuntimeCandidate list for createFlitroRuntimeCapabilityReport.
+ */
 
-// -- @weft/policy/merge.d.ts --
-import '@weft/core';
+interface FlitroCapabilityProbeResult {
+    serverAvailable: boolean;
+    authenticated: boolean;
+    serverReason?: string;
+    authReason?: string;
+    candidates: RuntimeCandidate[];
+    auth: RuntimeAuthDetection;
+}
+/**
+ * Probe the Flitro server and return availability + auth candidates.
+ *
+ * Flitro is always an "app-server" runtime kind — it runs as an external
+ * process (the Go agentd binary) that the TypeScript provider communicates
+ * with over HTTP.
+ */
+declare function probeFlitroCapabilities(client: WeftHttpClient): Promise<FlitroCapabilityProbeResult>;
 
 /**
- * Merge multiple PolicyRuleSets into one. Later entries take precedence
- * for blockedCommandHints (last hint per command wins), while array fields
- * (patterns, paths, endpoints) are concatenated and deduplicated.
+ * @weft/provider-flitro
+ *
+ * Weft Runtime Provider for the Flitro Go Agent Server.
+ *
+ * Flitro is the 3rd AgentRuntime alongside Claude and Codex:
+ *  - provider-claude  → Claude Agent SDK (native-sdk) / claude -p (cli-fallback)
+ *  - provider-codex   → Codex app-server / codex exec (cli-fallback)
+ *  - provider-flitro  → Flitro agentd HTTP API (app-server)
+ *
+ * Integration model:
+ *  - Flitro runs as the Go backend (stateful, multi-tenant, concurrent)
+ *  - This provider wraps Flitro's REST+SSE API as a Weft AgentRuntime
+ *  - Weft policy, sources, and skills are forwarded as API parameters
+ *  - The Weft UI (TurnCard, etc.) consumes the canonical timeline
  */
-declare function mergePolicyRuleSets(...sets: PolicyRuleSet[]): PolicyRuleSet;
+
+interface CreateFlitroRuntimeCandidatesOptions {
+    appServerAvailable: boolean;
+    appServerReason?: string;
+}
+declare function createFlitroRuntimeCandidates(options: CreateFlitroRuntimeCandidatesOptions): RuntimeCandidate[];
+interface CreateFlitroRuntimeCapabilityReportOptions {
+    candidates: RuntimeCandidate[];
+    auth: RuntimeAuthDetection;
+    allowFallback?: boolean;
+    extensions?: RuntimeExtensionContext;
+}
+declare function createFlitroRuntimeCapabilityReport(options: CreateFlitroRuntimeCapabilityReportOptions): RuntimeCapabilityReport;
+interface CreateFlitroProviderRuntimeOptions extends CreateFlitroRuntimeCapabilityReportOptions {
+    /** Flitro server connection options */
+    server: WeftHttpClientOptions;
+    /** Session ID — if omitted a new session is created on first sendMessage */
+    sessionId?: string;
+    /** Epoch string for the timeline (default: derived from sessionId) */
+    epoch?: string;
+    now?: () => number;
+    /** LLM model to use */
+    model?: string;
+    /** Skills to activate per turn */
+    skillNames?: string[];
+    /** MCP servers to attach per turn */
+    mcpServerNames?: string[];
+    /** Approval policy */
+    approvalPolicy?: string;
+    /** Injected runtime extensions (policy, sources, etc.) */
+    extensions?: RuntimeExtensionContext;
+    /** Pre-built driver (for testing) */
+    driver?: FlitroProviderRuntimeDriver;
+}
+/**
+ * Create a Weft AgentRuntime backed by the Flitro Go server.
+ *
+ * Usage:
+ * ```ts
+ * const runtime = createFlitroProviderRuntime({
+ *   server: { baseUrl: 'http://localhost:8080', apiKey: 'secret' },
+ *   candidates: [{ kind: 'app-server', available: true }],
+ *   auth: { mode: 'provider-owned', configured: true, source: 'flitro' },
+ *   sessionId: 'my-session',
+ * })
+ * await runtime.preflight()
+ * await runtime.commands.sendMessage('Hello!')
+ * ```
+ */
+declare function createFlitroProviderRuntime(options: CreateFlitroProviderRuntimeOptions): AgentRuntime;
+interface CreateFlitroEmbedRuntimeOptions {
+    /** Flitro server base URL, as returned by `POST /v1/embed/sessions`. */
+    baseUrl: string;
+    /** Scoped session token, as returned by `POST /v1/embed/sessions`. */
+    token: string;
+    /** Session bound to the token, as returned by `POST /v1/embed/sessions`. */
+    sessionId: string;
+    /** Re-fetch a token from the host backend when the current one expires. */
+    onTokenExpired?: () => Promise<string | undefined> | string | undefined;
+    epoch?: string;
+    now?: () => number;
+    extensions?: RuntimeExtensionContext;
+}
+/**
+ * Create an AgentRuntime for an embedded (third-party website) chat panel.
+ *
+ * The host backend bootstraps the session via Flitro's `POST /v1/embed/sessions`
+ * (with its developer API key) and hands `{ baseUrl, token, sessionId }` to the
+ * browser. Execution mode, permission envelope, approval policy, and the tool
+ * whitelist are fixed server-side, so no runtime auth or policy configuration
+ * is needed here.
+ */
+declare function createFlitroEmbedRuntime(options: CreateFlitroEmbedRuntimeOptions): AgentRuntime;
+interface CreateFlitroRuntimeOptions {
+    /** Flitro server connection options */
+    server: WeftHttpClientOptions;
+    sessionId?: string;
+    epoch?: string;
+    now?: () => number;
+    model?: string;
+    skillNames?: string[];
+    mcpServerNames?: string[];
+    approvalPolicy?: string;
+    allowFallback?: boolean;
+    extensions?: RuntimeExtensionContext;
+}
 /**
- * Merge multiple PolicyLayers into a single flat layer. Used when
- * combining global + workspace file-based layers into one layer
- * before appending to a policy's existing layers.
+ * High-level factory: probes the Flitro server, then creates the runtime.
+ *
+ * Equivalent to the pattern used by createHostAgentRuntime() in runtime-factory.
  */
-declare function mergePolicyLayers(layers: PolicyLayer[], id: string): PolicyLayer | undefined;
+declare function createFlitroRuntime(options: CreateFlitroRuntimeOptions): Promise<AgentRuntime>;
 
-export { mergePolicyLayers, mergePolicyRuleSets };
+export { type CreateFlitroDriverOptions, type CreateFlitroEmbedRuntimeOptions, type CreateFlitroProviderRuntimeOptions, type CreateFlitroRuntimeCandidatesOptions, type CreateFlitroRuntimeCapabilityReportOptions, type CreateFlitroRuntimeOptions, type FlitroCapabilityProbeResult, type FlitroProviderRuntimeDriver, createFlitroDriver, createFlitroEmbedRuntime, createFlitroProviderRuntime, createFlitroRuntime, createFlitroRuntimeCandidates, createFlitroRuntimeCapabilityReport, probeFlitroCapabilities };