@purista/harness 1.2.1 → 1.2.3

package/dist/skills/index.js

@@ -178,16 +178,29 @@ export function loadSkillsSync(skills) {
 export async function loadSkills(skills) {
     return loadSkillsSync(skills);
 }
-async function readDirRecursive(root) {
+const SKILL_MOUNT_MAX_FILES = 5_000;
+const SKILL_MOUNT_MAX_BYTES = 100_000_000;
+async function readDirRecursive(root, skillId) {
     const files = new Map();
+    let totalBytes = 0;
     const walk = async (dir) => {
         const entries = await fsp.readdir(dir, { withFileTypes: true });
         for (const entry of entries) {
             const abs = path.join(dir, entry.name);
-            if (entry.isDirectory())
+            if (entry.isDirectory()) {
                 await walk(abs);
-            else if (entry.isFile())
-                files.set(path.posix.normalize(path.relative(root, abs).split(path.sep).join('/')), await fsp.readFile(abs));
+            }
+            else if (entry.isFile()) {
+                if (files.size >= SKILL_MOUNT_MAX_FILES) {
+                    throw new SkillManifestError('Skill exceeds the mount file-count limit.', { reason: 'scan_limit_reached', skill_id: skillId, directory: root });
+                }
+                const data = await fsp.readFile(abs);
+                totalBytes += data.byteLength;
+                if (totalBytes > SKILL_MOUNT_MAX_BYTES) {
+                    throw new SkillManifestError('Skill exceeds the mount byte limit.', { reason: 'scan_limit_reached', skill_id: skillId, directory: root });
+                }
+                files.set(path.posix.normalize(path.relative(root, abs).split(path.sep).join('/')), data);
+            }
         }
     };
     await walk(root);
@@ -195,7 +208,7 @@ async function readDirRecursive(root) {
 }
 export async function mountSkillsOnce(session, mounted, skills, skillIds) {
     if (skillIds.length > 0 && typeof session.mount !== 'function') {
-        throw new SkillManifestError('Sandbox does not support skill mounting.', { reason: 'invalid_frontmatter', directory: '' });
+        throw new SkillManifestError('Sandbox does not support skill mounting.', { reason: 'skill_sandbox_unsupported' });
     }
     for (const skillId of skillIds) {
         if (mounted.has(skillId))
@@ -203,7 +216,7 @@ export async function mountSkillsOnce(session, mounted, skills, skillIds) {
         const skill = skills[skillId];
         if (!skill)
             throw new SkillNotFoundError('Skill not found.', { skill_id: skillId });
-        const files = await readDirRecursive(skill.directory);
+        const files = await readDirRecursive(skill.directory, skillId);
         await session.mount(files, skill.mountPath);
         mounted.add(skillId);
     }

package/dist/state/in-memory.d.ts

@@ -18,6 +18,7 @@ export declare class InMemoryStateStore implements StateStore {
         before?: string;
     }): Promise<Message[]>;
     clearMessages(sessionId: string): Promise<void>;
+    replaceMessages(sessionId: string, messages: Message[]): Promise<void>;
     createRun(record: RunRecord): Promise<void>;
     finishRun(runId: string, patch: FinishRunPatch): Promise<void>;
     getRun(runId: string): Promise<RunRecord | undefined>;

package/dist/state/in-memory.js

@@ -32,6 +32,7 @@ export class InMemoryStateStore {
     async closeSession(id) {
         this.sessions.delete(id);
         this.messages.delete(id);
+        this.messageLocks.delete(id);
         for (const [runId, run] of this.runs) {
             if (run.sessionId === id) {
                 this.runs.delete(runId);
@@ -71,6 +72,20 @@ export class InMemoryStateStore {
             this.messages.delete(sessionId);
         });
     }
+    async replaceMessages(sessionId, messages) {
+        return this.withMessageLock(sessionId, async () => {
+            const ids = new Set();
+            for (const message of messages) {
+                if (ids.has(message.id)) {
+                    throw new StateError('Duplicate message id.', { op: 'appendMessages', reason: 'duplicate_message_id' });
+                }
+                ids.add(message.id);
+            }
+            // Atomic clear+append under one lock: validate first, then commit so a
+            // failure never leaves history partially replaced.
+            this.messages.set(sessionId, [...messages]);
+        });
+    }
     async createRun(record) {
         this.runs.set(record.id, record);
     }

package/dist/telemetry/shim.js

@@ -1,7 +1,8 @@
 import { SpanStatusCode, context, metrics, propagation, trace } from '@opentelemetry/api';
 import { ATTR_ERROR_TYPE } from '@opentelemetry/semantic-conventions';
 import { HarnessError } from '../errors/index.js';
-import { sanitizeForLog } from '../errors/redaction.js';
+import { sanitizeForLog, sanitizeProviderBody } from '../errors/redaction.js';
+import { HARNESS_VERSION } from '../version.js';
 function sanitizeAttrs(attrs) {
     const out = {};
     for (const [key, value] of Object.entries(attrs)) {
@@ -19,12 +20,16 @@ function sanitizeAttrs(attrs) {
 function errorAttributes(error) {
     if (error instanceof HarnessError) {
         const meta = asRecord(error.meta);
-        const providerBody = meta ? jsonAttr(sanitizeForLog(meta['providerBody'])) : undefined;
+        // Content-aware redaction so prompt/message/output content in a provider
+        // body never reaches a span, independent of content-capture mode.
+        const providerBody = meta ? jsonAttr(sanitizeProviderBody(meta['providerBody'])) : undefined;
         return {
             [ATTR_ERROR_TYPE]: error.code,
             'harness.error.code': error.code,
             'harness.error.category': error.category,
             'harness.error.retriable': error.retriable,
+            'harness.error.scope': stringAttr(meta?.['scope']),
+            'harness.error.timeout_ms': numberAttr(meta?.['timeout_ms']),
             'harness.error.provider': stringAttr(meta?.['provider']),
             'harness.error.model': stringAttr(meta?.['model']),
             'harness.error.model_provider_status': numberAttr(meta?.['status']),
@@ -65,8 +70,8 @@ function jsonAttr(value) {
 }
 /** OpenTelemetry-backed implementation of {@link TelemetryShim}. */
 export class OtelTelemetryShim {
-    tracer = trace.getTracer('@purista/harness');
-    meter = metrics.getMeter('@purista/harness');
+    tracer = trace.getTracer('@purista/harness', HARNESS_VERSION);
+    meter = metrics.getMeter('@purista/harness', HARNESS_VERSION);
     histograms = new Map();
     counters = new Map();
     async span(name, attrs, fn) {

package/dist/testing/durableWorkspaceStoreContract.d.ts

@@ -1,3 +1,3 @@
 import type { DurableWorkspaceStore } from '../ports/workspace.js';
-/** Shared Vitest contract for durable workspace store implementations. */
+/** Shared Vitest contract for durable workspace store implementations (spec 21 §18). */
 export declare function durableWorkspaceStoreContract(make: () => DurableWorkspaceStore | Promise<DurableWorkspaceStore>): void;

package/dist/testing/durableWorkspaceStoreContract.js

@@ -1,41 +1,77 @@
 import { describe, expect, it } from 'vitest';
+import { WorkspaceError, WorkspaceQuotaExceededError } from '../errors/index.js';
 import { validateDurableWorkspaceStore } from '../ports/workspace.js';
-/** Shared Vitest contract for durable workspace store implementations. */
+/** Shared Vitest contract for durable workspace store implementations (spec 21 §18). */
 export function durableWorkspaceStoreContract(make) {
     describe('durableWorkspaceStoreContract', () => {
+        const signal = new AbortController().signal;
         it('validates metadata and round-trips checkpointed workspaces', async () => {
             const adapter = await make();
             validateDurableWorkspaceStore(adapter);
-            const signal = new AbortController().signal;
-            const handle = await adapter.startWorkspace({
-                sessionId: 'session-1',
-                runId: 'run-1',
-                agentId: 'agent-1',
-                attempt: 1,
-                idempotencyKey: 'start-1',
-                signal
-            });
-            const checkpoint = await adapter.pauseWorkspace({
-                handle,
-                stepId: 'step-1',
-                sequence: 1,
-                attempt: 1,
-                reason: 'step_completed',
-                idempotencyKey: 'pause-1',
-                signal
-            });
-            const resumed = await adapter.resumeWorkspace({
-                workspaceRef: handle.workspaceRef,
-                checkpointRef: checkpoint.checkpointRef,
-                sessionId: 'session-1',
-                runId: 'run-2',
-                attempt: 2,
-                idempotencyKey: 'resume-1',
-                signal
-            });
+            const handle = await adapter.startWorkspace({ sessionId: 'session-1', runId: 'run-1', agentId: 'agent-1', attempt: 1, idempotencyKey: 'start-1', signal });
+            const checkpoint = await adapter.pauseWorkspace({ handle, stepId: 'step-1', sequence: 1, attempt: 1, reason: 'step_completed', idempotencyKey: 'pause-1', signal });
+            const resumed = await adapter.resumeWorkspace({ workspaceRef: handle.workspaceRef, checkpointRef: checkpoint.checkpointRef, sessionId: 'session-1', runId: 'run-2', attempt: 2, idempotencyKey: 'resume-1', signal });
             const inspection = await adapter.inspectWorkspace?.({ workspaceRef: resumed.workspaceRef, signal });
             expect(resumed.workspaceRef).toBe(handle.workspaceRef);
             expect(inspection?.checkpoints.map((item) => item.checkpointRef)).toEqual([checkpoint.checkpointRef]);
         });
+        it('start is idempotent and conflicts on a reused key with a different identity', async () => {
+            const adapter = await make();
+            const first = await adapter.startWorkspace({ sessionId: 's', runId: 'r', attempt: 1, idempotencyKey: 'k', signal });
+            const replay = await adapter.startWorkspace({ sessionId: 's', runId: 'r', attempt: 1, idempotencyKey: 'k', signal });
+            expect(replay.workspaceRef).toBe(first.workspaceRef);
+            await expect(adapter.startWorkspace({ sessionId: 's2', runId: 'r2', attempt: 1, idempotencyKey: 'k', signal })).rejects.toMatchObject({
+                constructor: WorkspaceError,
+                meta: { reason: 'idempotency_conflict' }
+            });
+        });
+        it('blocks resume after abort and is idempotent on repeated cleanup', async () => {
+            const adapter = await make();
+            const handle = await adapter.startWorkspace({ sessionId: 's', runId: 'r', attempt: 1, idempotencyKey: 'start', signal });
+            await adapter.abortWorkspace?.({ workspaceRef: handle.workspaceRef, runId: 'r', sessionId: 's', reason: 'cancelled', idempotencyKey: 'abort', signal });
+            await expect(adapter.resumeWorkspace({ workspaceRef: handle.workspaceRef, sessionId: 's', runId: 'r2', attempt: 2, idempotencyKey: 'resume', signal })).rejects.toMatchObject({
+                constructor: WorkspaceError,
+                meta: { reason: 'aborted' }
+            });
+            const cleaned = await adapter.cleanupWorkspace?.({ workspaceRef: handle.workspaceRef, reason: 'aborted', idempotencyKey: 'cleanup-1', signal });
+            expect(cleaned?.state).toBe('cleaned');
+            const cleanedAgain = await adapter.cleanupWorkspace?.({ workspaceRef: handle.workspaceRef, reason: 'aborted', idempotencyKey: 'cleanup-2', signal });
+            expect(cleanedAgain?.state).toBe('cleaned');
+        });
+        it('resume of a cleaned workspace reports not_found', async () => {
+            const adapter = await make();
+            const handle = await adapter.startWorkspace({ sessionId: 's', runId: 'r', attempt: 1, idempotencyKey: 'start', signal });
+            await adapter.cleanupWorkspace?.({ workspaceRef: handle.workspaceRef, reason: 'manual', idempotencyKey: 'cleanup', signal });
+            await expect(adapter.resumeWorkspace({ workspaceRef: handle.workspaceRef, sessionId: 's', runId: 'r2', attempt: 2, idempotencyKey: 'resume', signal })).rejects.toMatchObject({
+                constructor: WorkspaceError,
+                meta: { reason: 'not_found' }
+            });
+        });
+        it('missing checkpoint on resume reports missing_checkpoint', async () => {
+            const adapter = await make();
+            const handle = await adapter.startWorkspace({ sessionId: 's', runId: 'r', attempt: 1, idempotencyKey: 'start', signal });
+            await expect(adapter.resumeWorkspace({ workspaceRef: handle.workspaceRef, checkpointRef: 'nope', sessionId: 's', runId: 'r2', attempt: 2, idempotencyKey: 'resume', signal })).rejects.toMatchObject({
+                constructor: WorkspaceError,
+                meta: { reason: 'missing_checkpoint' }
+            });
+        });
+        it('cancellation surfaces OperationCancelledError with workspace scope', async () => {
+            const adapter = await make();
+            const aborted = AbortSignal.abort();
+            await expect(adapter.startWorkspace({ sessionId: 's', runId: 'r', attempt: 1, idempotencyKey: 'start', signal: aborted })).rejects.toMatchObject({
+                code: 'OPERATION_CANCELLED',
+                meta: { scope: 'workspace' }
+            });
+        });
+        it('enforces the active workspace quota when advertised', async () => {
+            const adapter = await make();
+            const quota = adapter.info?.policy?.quota?.maxActiveWorkspaces;
+            if (!quota || quota > 200)
+                return; // only exercise small, declared quotas
+            for (let i = 0; i < quota; i += 1) {
+                await adapter.startWorkspace({ sessionId: 's', runId: `r${i}`, attempt: 1, idempotencyKey: `start-${i}`, signal });
+            }
+            await expect(adapter.startWorkspace({ sessionId: 's', runId: 'overflow', attempt: 1, idempotencyKey: 'overflow', signal })).rejects.toBeInstanceOf(WorkspaceQuotaExceededError);
+        });
     });
 }

package/dist/tools/index.d.ts

@@ -3,6 +3,8 @@ import type { Message } from '../models/state.js';
 import type { BuiltinToolName } from '../harness/defineHarness.js';
 import type { ModelToolSpec } from '../ports/model-provider.js';
 import type { SandboxSession } from '../sandbox/index.js';
+/** Canonical built-in tool names. Custom tool ids and skill ids must not collide with these. */
+export declare const BUILTIN_TOOL_NAMES: readonly BuiltinToolName[];
 export declare const BUILTIN_ALIAS_TO_CANONICAL: Record<string, BuiltinToolName>;
 export declare function getBuiltinToolSpecs(enabled: readonly BuiltinToolName[], session: SandboxSession): ModelToolSpec[];
 export declare function invokeBuiltinTool(nameOrAlias: string, input: unknown, session: SandboxSession, signal?: AbortSignal): Promise<JsonValue>;

package/dist/tools/index.js

@@ -1,6 +1,11 @@
 import { z } from 'zod';
 import { SandboxNoExecutorError, ToolNotFoundError, ValidationError, serializeError } from '../errors/index.js';
 import { ulid } from '../ulid/index.js';
+/** Canonical built-in tool names. Custom tool ids and skill ids must not collide with these. */
+export const BUILTIN_TOOL_NAMES = ['bash', 'read', 'write', 'edit', 'glob', 'grep', 'list'];
+/** Per-file and total byte caps for the built-in `grep` read-and-match fallback. */
+const GREP_MAX_FILE_BYTES = 2_000_000;
+const GREP_MAX_TOTAL_BYTES = 50_000_000;
 export const BUILTIN_ALIAS_TO_CANONICAL = {
     bash: 'bash', Bash: 'bash',
     read: 'read', Read: 'read',
@@ -81,10 +86,19 @@ export async function invokeBuiltinTool(nameOrAlias, input, session, signal) {
                 }
                 const entries = await session.list(parsed.path, { recursive: true });
                 const matches = [];
+                let scannedBytes = 0;
                 for (const entry of entries) {
                     if (entry.kind !== 'file')
                         continue;
-                    const lines = (await session.readText(entry.path)).split('\n');
+                    // Bound memory and regex work: skip individual files over the cap and
+                    // stop once the total scanned size cap is reached.
+                    if (entry.size !== undefined && entry.size > GREP_MAX_FILE_BYTES)
+                        continue;
+                    if (scannedBytes >= GREP_MAX_TOTAL_BYTES)
+                        break;
+                    const content = await session.readText(entry.path);
+                    scannedBytes += content.length;
+                    const lines = content.split('\n');
                     for (let i = 0; i < lines.length; i += 1) {
                         const currentLine = lines[i];
                         if (currentLine !== undefined && rx.test(currentLine))

package/dist/tools/mcp/runner.js

@@ -3,15 +3,14 @@ import { assertMcpJsonSchema, validateMcpJsonSchema } from './schema.js';
 const discoveredCache = new WeakMap();
 export async function getMcpToolSpecs(tools, allowlist, ctx = {}) {
     const allowed = new Set(allowlist);
-    const specs = [];
     const registry = ctx.registry ?? createMcpRunnerRegistry();
-    for (const [toolId, tool] of Object.entries(tools)) {
+    const specs = await Promise.all(Object.entries(tools).map(async ([toolId, tool]) => {
         if (!allowed.has(toolId) || !isMcpToolDefinition(tool))
-            continue;
+            return undefined;
         const config = resolveMcpTool(toolId, tool, ctx);
-        specs.push(await getResolvedModelToolSpec(config, registry.getRunner(config), ctx.signal, ctx.warn));
-    }
-    return specs;
+        return getResolvedModelToolSpec(config, registry.getRunner(config), ctx.signal, ctx.warn);
+    }));
+    return specs.filter((spec) => spec !== undefined);
 }
 export async function invokeMcpTool(first, second, input, fourth) {
     if (typeof first === 'string') {
@@ -90,6 +89,10 @@ async function discoverConfiguredTool(config, runner, signal, warn) {
     let promise = discoveredCache.get(runner);
     if (!promise) {
         promise = runner.listTools({ ...(signal ? { signal } : {}), timeoutMs: config.timeoutMs });
+        void promise.catch(() => {
+            if (discoveredCache.get(runner) === promise)
+                discoveredCache.delete(runner);
+        });
         discoveredCache.set(runner, promise);
     }
     const tools = await promise;
@@ -196,6 +199,8 @@ export async function withMcpTimeout(opts, fn) {
     const controller = new AbortController();
     const relay = () => controller.abort(opts.signal?.reason);
     opts.signal?.addEventListener('abort', relay, { once: true });
+    if (opts.signal?.aborted)
+        relay();
     let timeoutId;
     const timeout = new Promise((_, reject) => {
         timeoutId = setTimeout(() => {

package/dist/tools/mcp/stdio.js

@@ -1,7 +1,18 @@
 import { McpProtocolError, OperationTimeoutError, SandboxNoExecutorError } from '../../errors/index.js';
+import { isSpawnCapableSession } from '../../sandbox/index.js';
+import { HARNESS_VERSION } from '../../version.js';
 import { withMcpTimeout } from './runner.js';
 const protocolVersion = '2025-06-18';
 export function createStdioMcpTransportRunner(config) {
+    // A spawn-capable sandbox hosts a single long-lived server multiplexed across
+    // calls (server-side state is preserved); otherwise each call is a one-shot
+    // exec exchange (leak-free but stateless). See spec 07.
+    if (isSpawnCapableSession(config.sandbox)) {
+        return createPersistentStdioRunner(config, config.sandbox);
+    }
+    return createOneShotStdioRunner(config);
+}
+function createOneShotStdioRunner(config) {
     let installPromise;
     async function ensureInstalled(signal) {
         if (!config.install)
@@ -33,6 +44,164 @@ export function createStdioMcpTransportRunner(config) {
         }
     };
 }
+/**
+ * Persistent stdio transport: spawns the server once, performs the MCP
+ * `initialize` handshake a single time, and multiplexes every subsequent
+ * request over the same pipe correlating responses by JSON-RPC id.
+ */
+function createPersistentStdioRunner(config, session) {
+    let installPromise;
+    let session_proc;
+    let readyPromise;
+    let nextId = 1;
+    const pending = new Map();
+    async function ensureInstalled(signal) {
+        if (!config.install)
+            return;
+        installPromise ??= runInstall(config, signal);
+        return installPromise;
+    }
+    function rejectAllPending(error) {
+        for (const request of pending.values())
+            request.reject(error);
+        pending.clear();
+    }
+    function teardown() {
+        session_proc = undefined;
+        readyPromise = undefined;
+    }
+    async function spawnAndInitialize(signal) {
+        const proc = await session.spawn(config.command, {
+            ...(config.args ? { args: config.args } : {}),
+            ...(config.env ? { env: config.env } : {}),
+            ...(signal ? { signal } : {})
+        });
+        session_proc = proc;
+        // Consume stdout line-by-line, dispatching responses to pending requests.
+        void (async () => {
+            let buffer = '';
+            try {
+                for await (const chunk of proc.stdout) {
+                    buffer += chunk;
+                    let newlineIndex = buffer.indexOf('\n');
+                    while (newlineIndex >= 0) {
+                        const line = buffer.slice(0, newlineIndex).trim();
+                        buffer = buffer.slice(newlineIndex + 1);
+                        if (line.startsWith('{'))
+                            dispatchLine(line, pending);
+                        newlineIndex = buffer.indexOf('\n');
+                    }
+                }
+            }
+            catch {
+                // stdout ended or aborted; exit handler performs cleanup.
+            }
+        })();
+        // When the process exits, fail every in-flight request and force a respawn.
+        void proc.exit.then((result) => {
+            rejectAllPending(mapStdioError(config, 'call', new Error(`MCP server exited with code ${result.exitCode}.`)));
+            if (session_proc === proc)
+                teardown();
+        });
+        await writeMessage(proc, {
+            jsonrpc: '2.0',
+            id: 0,
+            method: 'initialize',
+            params: { protocolVersion, capabilities: {}, clientInfo: { name: '@purista/harness', version: HARNESS_VERSION } }
+        }, pending, 0, signal);
+        await proc.writeStdin(`${JSON.stringify({ jsonrpc: '2.0', method: 'notifications/initialized', params: {} })}\n`);
+    }
+    async function ensureReady(signal) {
+        await ensureInstalled(signal);
+        if (!readyPromise) {
+            readyPromise = spawnAndInitialize(signal).catch((error) => {
+                teardown();
+                throw error;
+            });
+        }
+        await readyPromise;
+        if (!session_proc)
+            throw mapStdioError(config, 'connect', new Error('MCP server is not running.'));
+        return session_proc;
+    }
+    async function request(method, params, phase, map, options) {
+        return withMcpTimeout({ ...(options?.signal ? { signal: options.signal } : {}), timeoutMs: options?.timeoutMs ?? config.timeoutMs, scope: 'tool' }, async (signal) => {
+            const proc = await ensureReady(signal);
+            const id = ++nextId;
+            try {
+                const response = await writeMessage(proc, { jsonrpc: '2.0', id, method, params }, pending, id, signal);
+                if (response.error)
+                    throw mapStdioError(config, phase, new Error(response.error.message ?? `MCP ${phase} failed.`));
+                return map(response.result);
+            }
+            catch (error) {
+                pending.delete(id);
+                if (error instanceof OperationTimeoutError)
+                    throw error;
+                if (error instanceof McpProtocolError)
+                    throw error;
+                throw mapStdioError(config, phase, error);
+            }
+        });
+    }
+    return {
+        async listTools(options) {
+            return request('tools/list', {}, 'list', (value) => {
+                if (!isRecord(value) || !Array.isArray(value['tools']))
+                    return [];
+                return value['tools'];
+            }, options);
+        },
+        async callTool(name, input, options) {
+            return request('tools/call', { name, arguments: input }, 'call', (value) => value, options);
+        },
+        async close() {
+            const proc = session_proc;
+            teardown();
+            installPromise = undefined;
+            rejectAllPending(mapStdioError(config, 'call', new Error('MCP runner closed.')));
+            if (proc)
+                await proc.kill('SIGTERM').catch(() => undefined);
+        }
+    };
+}
+/** Sends one JSON-RPC message and (when `id` is set) awaits the correlated response. */
+async function writeMessage(proc, message, pending, id, signal) {
+    const response = new Promise((resolve, reject) => {
+        pending.set(id, { resolve, reject });
+        if (signal) {
+            const onAbort = () => {
+                pending.delete(id);
+                reject(signal.reason ?? new Error('MCP request was aborted.'));
+            };
+            if (signal.aborted)
+                onAbort();
+            else
+                signal.addEventListener('abort', onAbort, { once: true });
+        }
+    });
+    await proc.writeStdin(`${JSON.stringify(message)}\n`);
+    return response;
+}
+function dispatchLine(line, pending) {
+    let parsed;
+    try {
+        parsed = JSON.parse(line);
+    }
+    catch {
+        return;
+    }
+    if (!isRecord(parsed) || !('id' in parsed))
+        return;
+    const id = parsed['id'];
+    if (typeof id !== 'number')
+        return;
+    const request = pending.get(id);
+    if (!request)
+        return;
+    pending.delete(id);
+    request.resolve(parsed);
+}
 async function runInstall(config, signal) {
     if (config.sandbox.executor !== 'available') {
         throw new SandboxNoExecutorError('MCP stdio install requires a sandbox executor.', { session_id: 'unknown' });
@@ -62,7 +231,7 @@ async function exchange(config, calls, signal, timeoutMs) {
             params: {
                 protocolVersion,
                 capabilities: {},
-                clientInfo: { name: '@purista/harness', version: '0.0.0' }
+                clientInfo: { name: '@purista/harness', version: HARNESS_VERSION }
             }
         }),
         JSON.stringify({ jsonrpc: '2.0', method: 'notifications/initialized', params: {} }),

package/dist/ulid/index.d.ts

@@ -1,6 +1,11 @@
 /**
  * Generates a monotonic ULID-like identifier.
  *
- * Subsequent calls within the same millisecond increment the random suffix to preserve ordering.
+ * Ordering is guaranteed even across same-millisecond bursts and wall-clock
+ * regressions: the time component never moves backward (it is clamped to a
+ * monotonic high-water mark), and within a millisecond the 80-bit random
+ * component is incremented. Each new millisecond seeds the random component
+ * from a cryptographically-strong source, so intra-millisecond collisions are
+ * negligible across calls and processes.
  */
 export declare function ulid(): string;

package/dist/ulid/index.js

@@ -1,4 +1,6 @@
+import { webcrypto } from 'node:crypto';
 const ENCODING = '0123456789ABCDEFGHJKMNPQRSTVWXYZ';
+const RANDOM_MAX = (1n << 80n) - 1n;
 let lastTime = -1;
 let lastRandom = 0n;
 function encode(value, length) {
@@ -12,24 +14,40 @@ function encode(value, length) {
     }
     return out;
 }
-function nextRandom() {
-    const now = Date.now();
-    if (now !== lastTime) {
-        lastTime = now;
-        const seed = BigInt(Math.floor(Math.random() * 2 ** 24));
-        lastRandom = seed << 56n;
-        return lastRandom;
+/** Cryptographically-strong 80-bit random component. */
+function randomEntropy() {
+    const bytes = new Uint8Array(10);
+    webcrypto.getRandomValues(bytes);
+    let value = 0n;
+    for (const byte of bytes) {
+        value = (value << 8n) | BigInt(byte);
     }
-    lastRandom += 1n;
-    return lastRandom;
+    return value;
 }
 /**
  * Generates a monotonic ULID-like identifier.
  *
- * Subsequent calls within the same millisecond increment the random suffix to preserve ordering.
+ * Ordering is guaranteed even across same-millisecond bursts and wall-clock
+ * regressions: the time component never moves backward (it is clamped to a
+ * monotonic high-water mark), and within a millisecond the 80-bit random
+ * component is incremented. Each new millisecond seeds the random component
+ * from a cryptographically-strong source, so intra-millisecond collisions are
+ * negligible across calls and processes.
  */
 export function ulid() {
-    const timePart = encode(BigInt(Date.now()), 10);
-    const randomPart = encode(nextRandom(), 16);
-    return `${timePart}${randomPart}`;
+    const now = Date.now();
+    if (now > lastTime) {
+        lastTime = now;
+        lastRandom = randomEntropy();
+    }
+    else {
+        // Same millisecond or a backward clock step: keep ordering by never
+        // emitting a smaller time, and advance the random component instead.
+        lastRandom += 1n;
+        if (lastRandom > RANDOM_MAX) {
+            lastTime += 1;
+            lastRandom = randomEntropy();
+        }
+    }
+    return `${encode(BigInt(lastTime), 10)}${encode(lastRandom, 16)}`;
 }

package/dist/version.d.ts

@@ -0,0 +1,2 @@
+/** Harness package version, used as the OpenTelemetry instrumentation scope version. */
+export declare const HARNESS_VERSION = "0.0.0";

package/dist/version.js

@@ -0,0 +1,2 @@
+/** Harness package version, used as the OpenTelemetry instrumentation scope version. */
+export const HARNESS_VERSION = '0.0.0';

package/dist/workflows/index.js

@@ -1,5 +1,6 @@
 import { z } from 'zod';
 import { OperationCancelledError, ValidationError } from '../errors/index.js';
+import { withAbortSignal } from '../runtime/abort.js';
 export async function runWorkflow(args) {
     if (args.ctx['signal'].aborted)
         throw new OperationCancelledError('Workflow execution was cancelled.', { scope: 'workflow' });
@@ -11,7 +12,12 @@ export async function runWorkflow(args) {
     catch (error) {
         throw new ValidationError('Workflow input validation failed.', { where: 'workflow_input', issues: validationIssues(error) }, error);
     }
-    const output = await args.workflow.handler({ ...args.ctx, input: parsed });
+    // The handler error (including errors bubbling from agent/model/tool calls) is
+    // intentionally preserved by identity so failure terminalization never masks
+    // the original failure. See spec 10 "Errors".
+    const output = await withAbortSignal(args.ctx['signal'], 'workflow', 'Workflow execution was cancelled.', () => args.workflow.handler({ ...args.ctx, input: parsed }));
+    if (args.ctx['signal'].aborted)
+        throw new OperationCancelledError('Workflow execution was cancelled.', { scope: 'workflow' });
     if (!args.workflow.output)
         return output;
     try {