@rudderjs/ai 1.11.2 → 1.12.0

package/dist/continuation-validation.d.ts

@@ -0,0 +1,85 @@
+import type { AiMessage, ContinuationValidator, ValidateContinuationOptions } from './types.js';
+export type { ContinuationValidator, ValidateContinuationOptions } from './types.js';
+/**
+ * Continuation validation — defends the auto-persist / continuation path
+ * against a client that resubmits a forged conversation.
+ *
+ * `runWithPersistence` (and the explicit `forUser`/`continue` form) trusts
+ * the caller's incoming history. A continuation request after a client-tool
+ * or approval round-trip carries the prior messages back from the browser,
+ * which means a malicious caller can:
+ *
+ *  1. **Rewrite history / continue someone else's thread (IDOR)** — send
+ *     messages that don't match what the server persisted for this thread.
+ *  2. **Forge a tool result** — append a `tool` message answering a tool
+ *     call that the server never issued (smuggling attacker-chosen data in
+ *     as if a tool produced it).
+ *  3. **Forge an approval** — claim `approvedToolCallIds` for a tool call
+ *     that isn't actually pending approval.
+ *
+ * {@link validateContinuation} runs all three checks against the trusted
+ * `persisted` history and returns a verdict. {@link assertValidContinuation}
+ * throws {@link ContinuationValidationError} on failure, and
+ * {@link defaultContinuationValidator} adapts it to the
+ * {@link ContinuationValidator} hook shape consumed by `AgentPromptOptions`.
+ */
+export type ContinuationRejectionCode = 'not-a-prefix' | 'forged-tool-result' | 'forged-approval';
+export interface ContinuationValidationResult {
+    /** `true` when the incoming continuation is a legitimate extension of `persisted`. */
+    ok: boolean;
+    /** Machine-readable reason, present only when `ok` is `false`. */
+    code?: ContinuationRejectionCode;
+    /** Human-readable explanation, present only when `ok` is `false`. */
+    reason?: string;
+    /**
+     * Index of the offending message — into `incoming` for `not-a-prefix` and
+     * `forged-tool-result`. Absent for `forged-approval` (the offending id is
+     * named in `reason` instead).
+     */
+    index?: number;
+}
+/**
+ * Validate that an `incoming` continuation is a legitimate extension of the
+ * server-persisted `persisted` history. Pure and synchronous — safe to call
+ * from any runtime. Returns a verdict; never throws.
+ *
+ * Checks, in order:
+ *
+ * - **Prefix equality.** Every message the two share by position must match
+ *   (role, content, `toolCallId`, and any assistant `toolCalls`). Comparison
+ *   is order-insensitive for nested objects, so a tool-call `arguments` map
+ *   reordered across a serialization boundary still matches. A genuine
+ *   mismatch means the caller rewrote history or is replaying a different
+ *   thread (IDOR) → `not-a-prefix`.
+ * - **Tool-result forgery.** Every `tool` message in `incoming` must answer
+ *   a tool call actually requested by some assistant message (in either
+ *   `persisted` or `incoming`). A `tool` message with no matching request is
+ *   smuggled data → `forged-tool-result`.
+ * - **Approval forgery.** Every id in `opts.approvedToolCallIds` /
+ *   `opts.rejectedToolCallIds` must reference a real requested tool call →
+ *   `forged-approval`.
+ */
+export declare function validateContinuation(persisted: readonly AiMessage[], incoming: readonly AiMessage[], opts?: ValidateContinuationOptions): ContinuationValidationResult;
+/** Thrown by {@link assertValidContinuation} when validation fails. */
+export declare class ContinuationValidationError extends Error {
+    readonly code: ContinuationRejectionCode;
+    readonly index: number | undefined;
+    constructor(result: ContinuationValidationResult);
+}
+/**
+ * {@link validateContinuation} that throws {@link ContinuationValidationError}
+ * instead of returning a verdict. Use directly, or via
+ * {@link defaultContinuationValidator} as a `validate` hook.
+ */
+export declare function assertValidContinuation(persisted: readonly AiMessage[], incoming: readonly AiMessage[], opts?: ValidateContinuationOptions): void;
+/**
+ * A ready-made {@link ContinuationValidator} backed by
+ * {@link assertValidContinuation}. Drop into `AgentPromptOptions.validate`
+ * for the default prefix + tool-result-forgery + approval-forgery gate:
+ *
+ * ```ts
+ * agent.continue(id).prompt(input, { validate: defaultContinuationValidator() })
+ * ```
+ */
+export declare function defaultContinuationValidator(): ContinuationValidator;
+//# sourceMappingURL=continuation-validation.d.ts.map

package/dist/continuation-validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"continuation-validation.d.ts","sourceRoot":"","sources":["../src/continuation-validation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,qBAAqB,EAAY,2BAA2B,EAAE,MAAM,YAAY,CAAA;AAEzG,YAAY,EAAE,qBAAqB,EAAE,2BAA2B,EAAE,MAAM,YAAY,CAAA;AAEpF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,MAAM,MAAM,yBAAyB,GACjC,cAAc,GACd,oBAAoB,GACpB,iBAAiB,CAAA;AAErB,MAAM,WAAW,4BAA4B;IAC3C,sFAAsF;IACtF,EAAE,EAAE,OAAO,CAAA;IACX,kEAAkE;IAClE,IAAI,CAAC,EAAE,yBAAyB,CAAA;IAChC,qEAAqE;IACrE,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAmED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,SAAS,SAAS,EAAE,EAC/B,QAAQ,EAAE,SAAS,SAAS,EAAE,EAC9B,IAAI,GAAE,2BAAgC,GACrC,4BAA4B,CA2C9B;AAED,uEAAuE;AACvE,qBAAa,2BAA4B,SAAQ,KAAK;IACpD,QAAQ,CAAC,IAAI,EAAE,yBAAyB,CAAA;IACxC,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,CAAA;gBACtB,MAAM,EAAE,4BAA4B;CAMjD;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,SAAS,SAAS,EAAE,EAC/B,QAAQ,EAAE,SAAS,SAAS,EAAE,EAC9B,IAAI,GAAE,2BAAgC,GACrC,IAAI,CAGN;AAED;;;;;;;;GAQG;AACH,wBAAgB,4BAA4B,IAAI,qBAAqB,CAEpE"}

package/dist/continuation-validation.js

@@ -0,0 +1,166 @@
+/**
+ * Recursively sort object keys (and drop `undefined`) so two semantically
+ * equal values compare equal regardless of key insertion order. Without this,
+ * a tool-call `arguments` object reordered across a serialization boundary
+ * (e.g. loaded back from a Postgres `jsonb` column, which does not preserve
+ * key order, or rebuilt by the client) would be read as a forgery.
+ */
+function canonicalize(value) {
+    if (value === null || typeof value !== 'object')
+        return value;
+    if (Array.isArray(value))
+        return value.map(canonicalize);
+    const out = {};
+    for (const key of Object.keys(value).sort()) {
+        const v = value[key];
+        if (v === undefined)
+            continue;
+        out[key] = canonicalize(v);
+    }
+    return out;
+}
+/** Order-insensitive JSON of a value. */
+function canonicalJson(value) {
+    return JSON.stringify(canonicalize(value));
+}
+/** Order-insensitive string form of message content. */
+function contentString(content) {
+    return typeof content === 'string' ? content : canonicalJson(content);
+}
+/**
+ * Compare two messages field by field, order-insensitively. Returns a
+ * human-readable reason naming the first diverging field, or `null` when the
+ * messages are equivalent. Used by the prefix check so a rejection points at
+ * exactly what diverged.
+ */
+function messageDiffReason(a, b) {
+    if (a.role !== b.role)
+        return `role: persisted "${a.role}" vs incoming "${b.role}"`;
+    if (contentString(a.content) !== contentString(b.content))
+        return 'content differs';
+    if ((a.toolCallId ?? null) !== (b.toolCallId ?? null)) {
+        return `toolCallId: persisted "${a.toolCallId ?? 'null'}" vs incoming "${b.toolCallId ?? 'null'}"`;
+    }
+    const aCalls = a.toolCalls ?? [];
+    const bCalls = b.toolCalls ?? [];
+    if (aCalls.length !== bCalls.length)
+        return `toolCalls length: persisted ${aCalls.length} vs incoming ${bCalls.length}`;
+    for (let i = 0; i < aCalls.length; i++) {
+        const ac = aCalls[i];
+        const bc = bCalls[i];
+        if (ac.id !== bc.id)
+            return `toolCalls[${i}].id: persisted "${ac.id}" vs incoming "${bc.id}"`;
+        if (ac.name !== bc.name)
+            return `toolCalls[${i}].name: persisted "${ac.name}" vs incoming "${bc.name}"`;
+        if (canonicalJson(ac.arguments) !== canonicalJson(bc.arguments))
+            return `toolCalls[${i}].arguments differ (${ac.name})`;
+    }
+    return null;
+}
+/** Collect every tool-call id the model requested across the given messages. */
+function requestedToolCallIds(messages) {
+    const ids = new Set();
+    for (const m of messages) {
+        if (m.role === 'assistant' && m.toolCalls) {
+            for (const c of m.toolCalls)
+                ids.add(c.id);
+        }
+    }
+    return ids;
+}
+/**
+ * Validate that an `incoming` continuation is a legitimate extension of the
+ * server-persisted `persisted` history. Pure and synchronous — safe to call
+ * from any runtime. Returns a verdict; never throws.
+ *
+ * Checks, in order:
+ *
+ * - **Prefix equality.** Every message the two share by position must match
+ *   (role, content, `toolCallId`, and any assistant `toolCalls`). Comparison
+ *   is order-insensitive for nested objects, so a tool-call `arguments` map
+ *   reordered across a serialization boundary still matches. A genuine
+ *   mismatch means the caller rewrote history or is replaying a different
+ *   thread (IDOR) → `not-a-prefix`.
+ * - **Tool-result forgery.** Every `tool` message in `incoming` must answer
+ *   a tool call actually requested by some assistant message (in either
+ *   `persisted` or `incoming`). A `tool` message with no matching request is
+ *   smuggled data → `forged-tool-result`.
+ * - **Approval forgery.** Every id in `opts.approvedToolCallIds` /
+ *   `opts.rejectedToolCallIds` must reference a real requested tool call →
+ *   `forged-approval`.
+ */
+export function validateContinuation(persisted, incoming, opts = {}) {
+    // 1. Prefix equality over the shared region. Comparison is order-insensitive
+    //    for nested objects (tool-call arguments, structured content) so a
+    //    legitimately reordered argument map is not mistaken for a forgery.
+    const overlap = Math.min(persisted.length, incoming.length);
+    for (let i = 0; i < overlap; i++) {
+        const diff = messageDiffReason(persisted[i], incoming[i]);
+        if (diff) {
+            return {
+                ok: false,
+                code: 'not-a-prefix',
+                index: i,
+                reason: `incoming message at index ${i} diverges from the persisted history (${diff})`,
+            };
+        }
+    }
+    // 2. Tool-result forgery — a tool message must answer a requested call.
+    const requested = requestedToolCallIds([...persisted, ...incoming]);
+    for (let i = 0; i < incoming.length; i++) {
+        const m = incoming[i];
+        if (m.role === 'tool' && (!m.toolCallId || !requested.has(m.toolCallId))) {
+            return {
+                ok: false,
+                code: 'forged-tool-result',
+                index: i,
+                reason: `tool message at index ${i} references tool call "${m.toolCallId ?? '<missing>'}" that was never requested`,
+            };
+        }
+    }
+    // 3. Approval forgery — approved/rejected ids must be real requested calls.
+    for (const id of [...(opts.approvedToolCallIds ?? []), ...(opts.rejectedToolCallIds ?? [])]) {
+        if (!requested.has(id)) {
+            return {
+                ok: false,
+                code: 'forged-approval',
+                reason: `tool call "${id}" was approved or rejected but was never requested`,
+            };
+        }
+    }
+    return { ok: true };
+}
+/** Thrown by {@link assertValidContinuation} when validation fails. */
+export class ContinuationValidationError extends Error {
+    code;
+    index;
+    constructor(result) {
+        super(`[RudderJS AI] Rejected continuation: ${result.reason ?? result.code ?? 'invalid'}`);
+        this.name = 'ContinuationValidationError';
+        this.code = result.code ?? 'not-a-prefix';
+        this.index = result.index;
+    }
+}
+/**
+ * {@link validateContinuation} that throws {@link ContinuationValidationError}
+ * instead of returning a verdict. Use directly, or via
+ * {@link defaultContinuationValidator} as a `validate` hook.
+ */
+export function assertValidContinuation(persisted, incoming, opts = {}) {
+    const result = validateContinuation(persisted, incoming, opts);
+    if (!result.ok)
+        throw new ContinuationValidationError(result);
+}
+/**
+ * A ready-made {@link ContinuationValidator} backed by
+ * {@link assertValidContinuation}. Drop into `AgentPromptOptions.validate`
+ * for the default prefix + tool-result-forgery + approval-forgery gate:
+ *
+ * ```ts
+ * agent.continue(id).prompt(input, { validate: defaultContinuationValidator() })
+ * ```
+ */
+export function defaultContinuationValidator() {
+    return (persisted, incoming, opts) => assertValidContinuation(persisted, incoming, opts);
+}
+//# sourceMappingURL=continuation-validation.js.map

package/dist/continuation-validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"continuation-validation.js","sourceRoot":"","sources":["../src/continuation-validation.ts"],"names":[],"mappings":"AAgDA;;;;;;GAMG;AACH,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IAC7D,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;IACxD,MAAM,GAAG,GAA4B,EAAE,CAAA;IACvC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAgC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACvE,MAAM,CAAC,GAAI,KAAiC,CAAC,GAAG,CAAC,CAAA;QACjD,IAAI,CAAC,KAAK,SAAS;YAAE,SAAQ;QAC7B,GAAG,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,CAAA;IAC5B,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,yCAAyC;AACzC,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAA;AAC5C,CAAC;AAED,wDAAwD;AACxD,SAAS,aAAa,CAAC,OAA6B;IAClD,OAAO,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;AACvE,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,CAAY,EAAE,CAAY;IACnD,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI;QAAE,OAAO,oBAAoB,CAAC,CAAC,IAAI,kBAAkB,CAAC,CAAC,IAAI,GAAG,CAAA;IACnF,IAAI,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,iBAAiB,CAAA;IACnF,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,EAAE,CAAC;QACtD,OAAO,0BAA0B,CAAC,CAAC,UAAU,IAAI,MAAM,kBAAkB,CAAC,CAAC,UAAU,IAAI,MAAM,GAAG,CAAA;IACpG,CAAC;IACD,MAAM,MAAM,GAAG,CAAC,CAAC,SAAS,IAAI,EAAE,CAAA;IAChC,MAAM,MAAM,GAAG,CAAC,CAAC,SAAS,IAAI,EAAE,CAAA;IAChC,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM;QAAE,OAAO,+BAA+B,MAAM,CAAC,MAAM,gBAAgB,MAAM,CAAC,MAAM,EAAE,CAAA;IACvH,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAE,CAAA;QACrB,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAE,CAAA;QACrB,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;YAAM,OAAO,aAAa,CAAC,oBAAoB,EAAE,CAAC,EAAE,kBAAkB,EAAE,CAAC,EAAE,GAAG,CAAA;QACjG,IAAI,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC,IAAI;YAAE,OAAO,aAAa,CAAC,sBAAsB,EAAE,CAAC,IAAI,kBAAkB,EAAE,CAAC,IAAI,GAAG,CAAA;QACvG,IAAI,aAAa,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,aAAa,CAAC,EAAE,CAAC,SAAS,CAAC;YAAE,OAAO,aAAa,CAAC,uBAAuB,EAAE,CAAC,IAAI,GAAG,CAAA;IACzH,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,gFAAgF;AAChF,SAAS,oBAAoB,CAAC,QAA8B;IAC1D,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAA;IAC7B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,IAAI,KAAK,WAAW,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;YAC1C,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,SAAuB;gBAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;QAC1D,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,oBAAoB,CAClC,SAA+B,EAC/B,QAA8B,EAC9B,OAAoC,EAAE;IAEtC,6EAA6E;IAC7E,uEAAuE;IACvE,wEAAwE;IACxE,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAA;IAC3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;QACjC,MAAM,IAAI,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC,CAAE,EAAE,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAA;QAC3D,IAAI,IAAI,EAAE,CAAC;YACT,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,IAAI,EAAE,cAAc;gBACpB,KAAK,EAAE,CAAC;gBACR,MAAM,EAAE,6BAA6B,CAAC,yCAAyC,IAAI,GAAG;aACvF,CAAA;QACH,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,MAAM,SAAS,GAAG,oBAAoB,CAAC,CAAC,GAAG,SAAS,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAA;IACnE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAE,CAAA;QACtB,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YACzE,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,IAAI,EAAE,oBAAoB;gBAC1B,KAAK,EAAE,CAAC;gBACR,MAAM,EAAE,yBAAyB,CAAC,0BAA0B,CAAC,CAAC,UAAU,IAAI,WAAW,4BAA4B;aACpH,CAAA;QACH,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,KAAK,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,mBAAmB,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,mBAAmB,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;QAC5F,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YACvB,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,IAAI,EAAE,iBAAiB;gBACvB,MAAM,EAAE,cAAc,EAAE,oDAAoD;aAC7E,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAA;AACrB,CAAC;AAED,uEAAuE;AACvE,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IAC3C,IAAI,CAA2B;IAC/B,KAAK,CAAoB;IAClC,YAAY,MAAoC;QAC9C,KAAK,CAAC,wCAAwC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,IAAI,SAAS,EAAE,CAAC,CAAA;QAC1F,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAA;QACzC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,cAAc,CAAA;QACzC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAA;IAC3B,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CACrC,SAA+B,EAC/B,QAA8B,EAC9B,OAAoC,EAAE;IAEtC,MAAM,MAAM,GAAG,oBAAoB,CAAC,SAAS,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;IAC9D,IAAI,CAAC,MAAM,CAAC,EAAE;QAAE,MAAM,IAAI,2BAA2B,CAAC,MAAM,CAAC,CAAA;AAC/D,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,4BAA4B;IAC1C,OAAO,CAAC,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,uBAAuB,CAAC,SAAS,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;AAC1F,CAAC"}

package/dist/conversation-orm/index.d.ts

@@ -0,0 +1,109 @@
+/**
+ * `@rudderjs/ai/conversation-orm` - ORM-backed {@link ConversationStore}.
+ *
+ * Production-grade replacement for `MemoryConversationStore` (which is
+ * single-process, in-memory, and loses every thread on restart). Persists
+ * conversation threads and their messages via the registered `@rudderjs/orm`
+ * adapter - works across web processes, queue workers, and horizontally
+ * scaled deployments. Mirrors the `@rudderjs/ai/memory-orm` /
+ * `@rudderjs/ai/budget-orm` pattern.
+ *
+ * Wire it as the conversation store:
+ *
+ * ```ts
+ * import { setConversationStore } from '@rudderjs/ai'
+ * import { OrmConversationStore } from '@rudderjs/ai/conversation-orm'
+ *
+ * setConversationStore(new OrmConversationStore())
+ * ```
+ *
+ * The schema lives at {@link conversationOrmPrismaSchema} - copy it into your
+ * Prisma schema (or a new `prisma/schema/<file>.prisma` if you use the
+ * multi-file setup). On the native engine, add an equivalent migration; on
+ * Drizzle, define matching tables and register them via `tables: { ... }`.
+ *
+ * # Adapter coverage
+ *
+ * - Prisma - works out of the box; copy {@link conversationOrmPrismaSchema}.
+ * - Native - add a migration with the same columns.
+ * - Drizzle - define the two tables and register them on the `drizzle()`
+ *   config.
+ *
+ * # Ordering & concurrency
+ *
+ * Messages carry a monotonic per-thread `position` so `load()` returns them
+ * in append order regardless of timestamp granularity. `append()` reads the
+ * current max position and assigns the next slots; like
+ * `OrmBudgetStorage.checkAndDebit`, the read-then-write is not isolated, so
+ * two concurrent appends to the SAME thread could collide on a position.
+ * Conversation threads are single-writer in practice (one user, one turn at
+ * a time), so this is a non-issue for typical apps. File an issue if you hit
+ * it; strict ordering needs a serializable transaction or a DB sequence.
+ */
+import { Model } from '@rudderjs/orm';
+import type { AiMessage, ConversationStore, ConversationStoreListEntry, ConversationStoreMeta } from '../types.js';
+/**
+ * The thread row backing {@link OrmConversationStore}. Exposed so apps that
+ * want their own queries (admin views, analytics) can use
+ * `AiConversationRecord.where(...).get()` directly.
+ *
+ * `userId` / `agent` mirror {@link ConversationStoreMeta} - `userId` scopes
+ * `list()`, `agent` carries the thread-segregation key the auto-persist
+ * machinery uses to keep one user's threads per agent class apart.
+ */
+export declare class AiConversationRecord extends Model {
+    static table: string;
+    static fillable: string[];
+    id: string;
+    title: string;
+    userId: string | null;
+    agent: string | null;
+    createdAt: Date;
+    updatedAt: Date | null;
+}
+/**
+ * One message row in a thread. `content` and `toolCalls` are JSON-encoded
+ * strings (so a `string` content and a `ContentPart[]` content both
+ * round-trip through a portable `text` column); `position` orders them.
+ */
+export declare class AiConversationMessageRecord extends Model {
+    static table: string;
+    static fillable: string[];
+    id: string;
+    conversationId: string;
+    position: number;
+    role: string;
+    /** JSON-encoded `string | ContentPart[]`. */
+    content: string;
+    toolCallId: string | null;
+    /** JSON-encoded `ToolCall[]` or null. */
+    toolCalls: string | null;
+    createdAt: Date;
+}
+/**
+ * {@link ConversationStore} implementation that persists rows to the
+ * registered ORM adapter. Designed for production use - the in-process
+ * `MemoryConversationStore` is for tests and dev.
+ */
+export declare class OrmConversationStore implements ConversationStore {
+    create(title?: string, meta?: ConversationStoreMeta): Promise<string>;
+    load(conversationId: string): Promise<AiMessage[]>;
+    append(conversationId: string, messages: AiMessage[]): Promise<void>;
+    setTitle(conversationId: string, title: string): Promise<void>;
+    list(userId?: string): Promise<ConversationStoreListEntry[]>;
+    delete(conversationId: string): Promise<void>;
+    /** Throw the same not-found error shape as `MemoryConversationStore`. */
+    private requireThread;
+    /** Next monotonic position for the thread (0 when empty). */
+    private nextPosition;
+}
+/** Convenience factory mirroring `ormBudgetStorage()` / `OrmUserMemory`. */
+export declare function ormConversationStore(): OrmConversationStore;
+/**
+ * Reference Prisma schema for `OrmConversationStore`. Copy into your
+ * `prisma/schema/<file>.prisma`. SQLite stores the `text` content as TEXT;
+ * Postgres as `text`. The `@@index` keeps `list()` (by user) and `load()`
+ * (by thread, ordered) cheap.
+ */
+export declare const conversationOrmPrismaSchema = "model AiConversation {\n  id        String   @id @default(cuid())\n  title     String\n  userId    String?\n  /// Thread-segregation key - the agent class name by default\n  agent     String?\n  createdAt DateTime @default(now())\n  updatedAt DateTime @updatedAt\n\n  @@index([userId])\n}\n\nmodel AiConversationMessage {\n  id             String   @id @default(cuid())\n  conversationId String\n  /// Monotonic per-thread ordering\n  position       Int\n  role           String\n  /// JSON-encoded `string | ContentPart[]`\n  content        String\n  toolCallId     String?\n  /// JSON-encoded `ToolCall[]` or null\n  toolCalls      String?\n  createdAt      DateTime @default(now())\n\n  @@index([conversationId, position])\n}\n";
+//# sourceMappingURL=index.d.ts.map

package/dist/conversation-orm/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/conversation-orm/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AACrC,OAAO,KAAK,EACV,SAAS,EACT,iBAAiB,EACjB,0BAA0B,EAC1B,qBAAqB,EAEtB,MAAM,aAAa,CAAA;AAIpB;;;;;;;;GAQG;AACH,qBAAa,oBAAqB,SAAQ,KAAK;IAC7C,OAAgB,KAAK,SAAsB;IAC3C,OAAgB,QAAQ,WAA4C;IAE5D,EAAE,EAAS,MAAM,CAAA;IACjB,KAAK,EAAM,MAAM,CAAA;IACjB,MAAM,EAAK,MAAM,GAAG,IAAI,CAAA;IACxB,KAAK,EAAM,MAAM,GAAG,IAAI,CAAA;IACxB,SAAS,EAAE,IAAI,CAAA;IACf,SAAS,EAAE,IAAI,GAAG,IAAI,CAAA;CAC/B;AAED;;;;GAIG;AACH,qBAAa,2BAA4B,SAAQ,KAAK;IACpD,OAAgB,KAAK,SAA6B;IAClD,OAAgB,QAAQ,WAA+E;IAE/F,EAAE,EAAc,MAAM,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,QAAQ,EAAQ,MAAM,CAAA;IACtB,IAAI,EAAY,MAAM,CAAA;IAC9B,6CAA6C;IACrC,OAAO,EAAS,MAAM,CAAA;IACtB,UAAU,EAAM,MAAM,GAAG,IAAI,CAAA;IACrC,yCAAyC;IACjC,SAAS,EAAO,MAAM,GAAG,IAAI,CAAA;IAC7B,SAAS,EAAO,IAAI,CAAA;CAC7B;AAID;;;;GAIG;AACH,qBAAa,oBAAqB,YAAW,iBAAiB;IACtD,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC;IASrE,IAAI,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IASlD,MAAM,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAapE,QAAQ,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO9D,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAO5D,MAAM,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKnD,yEAAyE;YAC3D,aAAa;IAK3B,6DAA6D;YAC/C,YAAY;CAO3B;AAED,4EAA4E;AAC5E,wBAAgB,oBAAoB,IAAI,oBAAoB,CAE3D;AAID;;;;;GAKG;AACH,eAAO,MAAM,2BAA2B,+tBA2BvC,CAAA"}

package/dist/conversation-orm/index.js

@@ -0,0 +1,211 @@
+/**
+ * `@rudderjs/ai/conversation-orm` - ORM-backed {@link ConversationStore}.
+ *
+ * Production-grade replacement for `MemoryConversationStore` (which is
+ * single-process, in-memory, and loses every thread on restart). Persists
+ * conversation threads and their messages via the registered `@rudderjs/orm`
+ * adapter - works across web processes, queue workers, and horizontally
+ * scaled deployments. Mirrors the `@rudderjs/ai/memory-orm` /
+ * `@rudderjs/ai/budget-orm` pattern.
+ *
+ * Wire it as the conversation store:
+ *
+ * ```ts
+ * import { setConversationStore } from '@rudderjs/ai'
+ * import { OrmConversationStore } from '@rudderjs/ai/conversation-orm'
+ *
+ * setConversationStore(new OrmConversationStore())
+ * ```
+ *
+ * The schema lives at {@link conversationOrmPrismaSchema} - copy it into your
+ * Prisma schema (or a new `prisma/schema/<file>.prisma` if you use the
+ * multi-file setup). On the native engine, add an equivalent migration; on
+ * Drizzle, define matching tables and register them via `tables: { ... }`.
+ *
+ * # Adapter coverage
+ *
+ * - Prisma - works out of the box; copy {@link conversationOrmPrismaSchema}.
+ * - Native - add a migration with the same columns.
+ * - Drizzle - define the two tables and register them on the `drizzle()`
+ *   config.
+ *
+ * # Ordering & concurrency
+ *
+ * Messages carry a monotonic per-thread `position` so `load()` returns them
+ * in append order regardless of timestamp granularity. `append()` reads the
+ * current max position and assigns the next slots; like
+ * `OrmBudgetStorage.checkAndDebit`, the read-then-write is not isolated, so
+ * two concurrent appends to the SAME thread could collide on a position.
+ * Conversation threads are single-writer in practice (one user, one turn at
+ * a time), so this is a non-issue for typical apps. File an issue if you hit
+ * it; strict ordering needs a serializable transaction or a DB sequence.
+ */
+import { Model } from '@rudderjs/orm';
+// ─── ORM Models ───────────────────────────────────────────
+/**
+ * The thread row backing {@link OrmConversationStore}. Exposed so apps that
+ * want their own queries (admin views, analytics) can use
+ * `AiConversationRecord.where(...).get()` directly.
+ *
+ * `userId` / `agent` mirror {@link ConversationStoreMeta} - `userId` scopes
+ * `list()`, `agent` carries the thread-segregation key the auto-persist
+ * machinery uses to keep one user's threads per agent class apart.
+ */
+export class AiConversationRecord extends Model {
+    static table = 'aiConversation';
+    static fillable = ['title', 'userId', 'agent', 'updatedAt'];
+}
+/**
+ * One message row in a thread. `content` and `toolCalls` are JSON-encoded
+ * strings (so a `string` content and a `ContentPart[]` content both
+ * round-trip through a portable `text` column); `position` orders them.
+ */
+export class AiConversationMessageRecord extends Model {
+    static table = 'aiConversationMessage';
+    static fillable = ['conversationId', 'position', 'role', 'content', 'toolCallId', 'toolCalls'];
+}
+// ─── ConversationStore adapter ────────────────────────────
+/**
+ * {@link ConversationStore} implementation that persists rows to the
+ * registered ORM adapter. Designed for production use - the in-process
+ * `MemoryConversationStore` is for tests and dev.
+ */
+export class OrmConversationStore {
+    async create(title, meta) {
+        const data = { title: title ?? 'New conversation' };
+        if (meta?.userId !== undefined)
+            data['userId'] = meta.userId;
+        if (meta?.agent !== undefined)
+            data['agent'] = meta.agent;
+        const created = await AiConversationRecord.create(data);
+        return created.id;
+    }
+    async load(conversationId) {
+        await this.requireThread(conversationId);
+        const rows = await AiConversationMessageRecord
+            .where('conversationId', conversationId)
+            .orderBy('position', 'ASC')
+            .get();
+        return rows.map(rowToMessage);
+    }
+    async append(conversationId, messages) {
+        await this.requireThread(conversationId);
+        if (messages.length === 0)
+            return;
+        let position = await this.nextPosition(conversationId);
+        for (const message of messages) {
+            await AiConversationMessageRecord.create(messageToRow(conversationId, position, message));
+            position++;
+        }
+        await AiConversationRecord.where('id', conversationId).updateAll({ updatedAt: new Date() });
+    }
+    async setTitle(conversationId, title) {
+        const updated = await AiConversationRecord
+            .where('id', conversationId)
+            .updateAll({ title, updatedAt: new Date() });
+        if (!updated)
+            throw notFound(conversationId);
+    }
+    async list(userId) {
+        let q = AiConversationRecord.query();
+        if (userId != null)
+            q = q.where('userId', userId);
+        const rows = await q.orderBy('updatedAt', 'DESC').get();
+        return rows.map(rowToListEntry);
+    }
+    async delete(conversationId) {
+        await AiConversationMessageRecord.where('conversationId', conversationId).deleteAll();
+        await AiConversationRecord.where('id', conversationId).deleteAll();
+    }
+    /** Throw the same not-found error shape as `MemoryConversationStore`. */
+    async requireThread(conversationId) {
+        const thread = await AiConversationRecord.where('id', conversationId).first();
+        if (!thread)
+            throw notFound(conversationId);
+    }
+    /** Next monotonic position for the thread (0 when empty). */
+    async nextPosition(conversationId) {
+        const last = await AiConversationMessageRecord
+            .where('conversationId', conversationId)
+            .orderBy('position', 'DESC')
+            .first();
+        return last ? last.position + 1 : 0;
+    }
+}
+/** Convenience factory mirroring `ormBudgetStorage()` / `OrmUserMemory`. */
+export function ormConversationStore() {
+    return new OrmConversationStore();
+}
+// ─── Schema reference ─────────────────────────────────────
+/**
+ * Reference Prisma schema for `OrmConversationStore`. Copy into your
+ * `prisma/schema/<file>.prisma`. SQLite stores the `text` content as TEXT;
+ * Postgres as `text`. The `@@index` keeps `list()` (by user) and `load()`
+ * (by thread, ordered) cheap.
+ */
+export const conversationOrmPrismaSchema = `model AiConversation {
+  id        String   @id @default(cuid())
+  title     String
+  userId    String?
+  /// Thread-segregation key - the agent class name by default
+  agent     String?
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  @@index([userId])
+}
+
+model AiConversationMessage {
+  id             String   @id @default(cuid())
+  conversationId String
+  /// Monotonic per-thread ordering
+  position       Int
+  role           String
+  /// JSON-encoded \`string | ContentPart[]\`
+  content        String
+  toolCallId     String?
+  /// JSON-encoded \`ToolCall[]\` or null
+  toolCalls      String?
+  createdAt      DateTime @default(now())
+
+  @@index([conversationId, position])
+}
+`;
+// ─── Helpers ──────────────────────────────────────────────
+function notFound(conversationId) {
+    return new Error(`[RudderJS AI] Conversation "${conversationId}" not found.`);
+}
+function messageToRow(conversationId, position, m) {
+    return {
+        conversationId,
+        position,
+        role: m.role,
+        content: JSON.stringify(m.content),
+        toolCallId: m.toolCallId ?? null,
+        toolCalls: m.toolCalls ? JSON.stringify(m.toolCalls) : null,
+    };
+}
+function rowToMessage(row) {
+    const out = {
+        role: row.role,
+        content: JSON.parse(row.content),
+    };
+    if (row.toolCallId != null)
+        out.toolCallId = row.toolCallId;
+    if (row.toolCalls != null)
+        out.toolCalls = JSON.parse(row.toolCalls);
+    return out;
+}
+function rowToListEntry(row) {
+    const out = {
+        id: row.id,
+        title: row.title,
+        createdAt: row.createdAt,
+    };
+    if (row.updatedAt != null)
+        out.updatedAt = row.updatedAt;
+    if (row.agent != null)
+        out.agent = row.agent;
+    return out;
+}
+//# sourceMappingURL=index.js.map

package/dist/conversation-orm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/conversation-orm/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAA;AASrC,6DAA6D;AAE7D;;;;;;;;GAQG;AACH,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7C,MAAM,CAAU,KAAK,GAAM,gBAAgB,CAAA;IAC3C,MAAM,CAAU,QAAQ,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,CAAC,CAAA;;AAUtE;;;;GAIG;AACH,MAAM,OAAO,2BAA4B,SAAQ,KAAK;IACpD,MAAM,CAAU,KAAK,GAAM,uBAAuB,CAAA;IAClD,MAAM,CAAU,QAAQ,GAAG,CAAC,gBAAgB,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAA;;AAczG,6DAA6D;AAE7D;;;;GAIG;AACH,MAAM,OAAO,oBAAoB;IAC/B,KAAK,CAAC,MAAM,CAAC,KAAc,EAAE,IAA4B;QACvD,MAAM,IAAI,GAA4B,EAAE,KAAK,EAAE,KAAK,IAAI,kBAAkB,EAAE,CAAA;QAC5E,IAAI,IAAI,EAAE,MAAM,KAAK,SAAS;YAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,MAAM,CAAA;QAC5D,IAAI,IAAI,EAAE,KAAK,KAAM,SAAS;YAAE,IAAI,CAAC,OAAO,CAAC,GAAI,IAAI,CAAC,KAAK,CAAA;QAE3D,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAoC,CAAA;QAC1F,OAAO,OAAO,CAAC,EAAE,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,cAAsB;QAC/B,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,CAAA;QACxC,MAAM,IAAI,GAAG,MAAM,2BAA2B;aAC3C,KAAK,CAAC,gBAAgB,EAAE,cAAc,CAAC;aACvC,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC;aAC1B,GAAG,EAA8C,CAAA;QACpD,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAAsB,EAAE,QAAqB;QACxD,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,CAAA;QACxC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAM;QAEjC,IAAI,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,CAAA;QACtD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,2BAA2B,CAAC,MAAM,CAAC,YAAY,CAAC,cAAc,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAA;YACzF,QAAQ,EAAE,CAAA;QACZ,CAAC;QAED,MAAM,oBAAoB,CAAC,KAAK,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAA;IAC7F,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,cAAsB,EAAE,KAAa;QAClD,MAAM,OAAO,GAAG,MAAM,oBAAoB;aACvC,KAAK,CAAC,IAAI,EAAE,cAAc,CAAC;aAC3B,SAAS,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAA;QAC9C,IAAI,CAAC,OAAO;YAAE,MAAM,QAAQ,CAAC,cAAc,CAAC,CAAA;IAC9C,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,MAAe;QACxB,IAAI,CAAC,GAAG,oBAAoB,CAAC,KAAK,EAAE,CAAA;QACpC,IAAI,MAAM,IAAI,IAAI;YAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;QACjD,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,GAAG,EAAuC,CAAA;QAC5F,OAAO,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAAsB;QACjC,MAAM,2BAA2B,CAAC,KAAK,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC,SAAS,EAAE,CAAA;QACrF,MAAM,oBAAoB,CAAC,KAAK,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC,SAAS,EAAE,CAAA;IACpE,CAAC;IAED,yEAAyE;IACjE,KAAK,CAAC,aAAa,CAAC,cAAsB;QAChD,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,KAAK,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC,KAAK,EAAE,CAAA;QAC7E,IAAI,CAAC,MAAM;YAAE,MAAM,QAAQ,CAAC,cAAc,CAAC,CAAA;IAC7C,CAAC;IAED,6DAA6D;IACrD,KAAK,CAAC,YAAY,CAAC,cAAsB;QAC/C,MAAM,IAAI,GAAG,MAAM,2BAA2B;aAC3C,KAAK,CAAC,gBAAgB,EAAE,cAAc,CAAC;aACvC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC;aAC3B,KAAK,EAAmD,CAAA;QAC3D,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACrC,CAAC;CACF;AAED,4EAA4E;AAC5E,MAAM,UAAU,oBAAoB;IAClC,OAAO,IAAI,oBAAoB,EAAE,CAAA;AACnC,CAAC;AAED,6DAA6D;AAE7D;;;;;GAKG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2B1C,CAAA;AAED,6DAA6D;AAE7D,SAAS,QAAQ,CAAC,cAAsB;IACtC,OAAO,IAAI,KAAK,CAAC,+BAA+B,cAAc,cAAc,CAAC,CAAA;AAC/E,CAAC;AAED,SAAS,YAAY,CAAC,cAAsB,EAAE,QAAgB,EAAE,CAAY;IAC1E,OAAO;QACL,cAAc;QACd,QAAQ;QACR,IAAI,EAAQ,CAAC,CAAC,IAAI;QAClB,OAAO,EAAK,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC;QACrC,UAAU,EAAE,CAAC,CAAC,UAAU,IAAI,IAAI;QAChC,SAAS,EAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI;KAC7D,CAAA;AACH,CAAC;AAED,SAAS,YAAY,CAAC,GAAgC;IACpD,MAAM,GAAG,GAAc;QACrB,IAAI,EAAK,GAAG,CAAC,IAAyB;QACtC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAyB;KACzD,CAAA;IACD,IAAI,GAAG,CAAC,UAAU,IAAI,IAAI;QAAE,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU,CAAA;IAC3D,IAAI,GAAG,CAAC,SAAS,IAAK,IAAI;QAAE,GAAG,CAAC,SAAS,GAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAe,CAAA;IACpF,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAS,cAAc,CAAC,GAAyB;IAC/C,MAAM,GAAG,GAA+B;QACtC,EAAE,EAAS,GAAG,CAAC,EAAE;QACjB,KAAK,EAAM,GAAG,CAAC,KAAK;QACpB,SAAS,EAAE,GAAG,CAAC,SAAS;KACzB,CAAA;IACD,IAAI,GAAG,CAAC,SAAS,IAAI,IAAI;QAAE,GAAG,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS,CAAA;IACxD,IAAI,GAAG,CAAC,KAAK,IAAQ,IAAI;QAAE,GAAG,CAAC,KAAK,GAAO,GAAG,CAAC,KAAK,CAAA;IACpD,OAAO,GAAG,CAAA;AACZ,CAAC"}

package/dist/conversation-persistence.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"conversation-persistence.d.ts","sourceRoot":"","sources":["../src/conversation-persistence.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,kBAAkB,EAClB,aAAa,EACb,mBAAmB,EACnB,SAAS,EACT,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EAElB,MAAM,YAAY,CAAA;AAEnB;;;;;GAKG;AACH,MAAM,MAAM,uBAAuB,GAAG,MAAM,iBAAiB,GAAG,IAAI,GAAG,SAAS,CAAA;AAEhF;;;;;;;;;;;;;GAaG;AACH,wBAAsB,sBAAsB,CAC1C,SAAS,EAAK,MAAM,KAAK,GAAG,kBAAkB,GAAG,OAAO,CAAC,KAAK,GAAG,kBAAkB,CAAC,EACpF,OAAO,EAAO,sBAAsB,GAAG,SAAS,GAC/C,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAWpC;AA4DD;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,SAAS,EAAE,CAUvF;AAED;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAY,kBAAkB,EAClC,cAAc,EAAE,MAAM,EACtB,WAAW,EAAK,uBAAuB,EACvC,KAAK,EAAW,MAAM,EACtB,OAAO,EAAS,kBAAkB,GAAG,SAAS,EAC9C,KAAK,EAAW,CAAC,UAAU,EAAE,kBAAkB,GAAG,SAAS,KAAK,OAAO,CAAC,aAAa,CAAC,GACrF,OAAO,CAAC,aAAa,CAAC,CAUxB;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACzC,IAAI,EAAY,kBAAkB,EAClC,cAAc,EAAE,MAAM,EACtB,WAAW,EAAK,uBAAuB,EACvC,KAAK,EAAW,MAAM,EACtB,OAAO,EAAS,kBAAkB,GAAG,SAAS,EAC9C,KAAK,EAAW,CAAC,UAAU,EAAE,kBAAkB,GAAG,SAAS,KAAK,mBAAmB,GAClF,mBAAmB,CAwCrB"}
+{"version":3,"file":"conversation-persistence.d.ts","sourceRoot":"","sources":["../src/conversation-persistence.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,kBAAkB,EAClB,aAAa,EACb,mBAAmB,EACnB,SAAS,EACT,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EAElB,MAAM,YAAY,CAAA;AAEnB;;;;;GAKG;AACH,MAAM,MAAM,uBAAuB,GAAG,MAAM,iBAAiB,GAAG,IAAI,GAAG,SAAS,CAAA;AAEhF;;;;;;;;;;;;;GAaG;AACH,wBAAsB,sBAAsB,CAC1C,SAAS,EAAK,MAAM,KAAK,GAAG,kBAAkB,GAAG,OAAO,CAAC,KAAK,GAAG,kBAAkB,CAAC,EACpF,OAAO,EAAO,sBAAsB,GAAG,SAAS,GAC/C,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAWpC;AA0FD;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,SAAS,EAAE,CAUvF;AAED;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAY,kBAAkB,EAClC,cAAc,EAAE,MAAM,EACtB,WAAW,EAAK,uBAAuB,EACvC,KAAK,EAAW,MAAM,EACtB,OAAO,EAAS,kBAAkB,GAAG,SAAS,EAC9C,KAAK,EAAW,CAAC,UAAU,EAAE,kBAAkB,GAAG,SAAS,KAAK,OAAO,CAAC,aAAa,CAAC,GACrF,OAAO,CAAC,aAAa,CAAC,CAWxB;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACzC,IAAI,EAAY,kBAAkB,EAClC,cAAc,EAAE,MAAM,EACtB,WAAW,EAAK,uBAAuB,EACvC,KAAK,EAAW,MAAM,EACtB,OAAO,EAAS,kBAAkB,GAAG,SAAS,EAC9C,KAAK,EAAW,CAAC,UAAU,EAAE,kBAAkB,GAAG,SAAS,KAAK,mBAAmB,GAClF,mBAAmB,CAyCrB"}

package/dist/conversation-persistence.js

@@ -63,11 +63,33 @@ async function preparePersistence(spec, agentClassName, store, callerHistory) {
     else {
         throw new Error('[RudderJS AI] ConversationalSpec must include either `user` or `id`.');
     }
+    // Snapshot the trusted baseline before any limit slice — the validation
+    // hook compares the caller's incoming messages against the FULL persisted
+    // thread, not the windowed view fed to the model.
+    const persisted = loaded;
+    let windowed = loaded;
     if (spec.historyLimit !== undefined && spec.historyLimit > 0) {
-        loaded = loaded.slice(-spec.historyLimit);
+        windowed = loaded.slice(-spec.historyLimit);
     }
-    const history = [...loaded, ...(callerHistory ?? [])];
-    return { spec, store, convId, history };
+    const history = [...windowed, ...(callerHistory ?? [])];
+    return { spec, store, convId, history, persisted };
+}
+/**
+ * Run the caller-supplied `validate` continuation hook, if present. The
+ * "incoming" view is the caller's claimed prior conversation — their
+ * `options.messages` (full continuation list) when set, else
+ * `options.history`. Throws (propagating the rejection) when the hook does.
+ */
+async function runValidation(ctx, options) {
+    if (!options?.validate)
+        return;
+    const incoming = options.messages ?? options.history ?? [];
+    const opts = {};
+    if (options.approvedToolCallIds)
+        opts.approvedToolCallIds = options.approvedToolCallIds;
+    if (options.rejectedToolCallIds)
+        opts.rejectedToolCallIds = options.rejectedToolCallIds;
+    await options.validate(ctx.persisted, incoming, opts);
 }
 /**
  * Compose the new turn's messages from the user input + the steps the
@@ -98,6 +120,7 @@ export async function runWithPersistence(spec, agentClassName, storeLookup, inpu
     if (!store)
         throw new Error('[RudderJS AI] No ConversationStore registered. Bind one via `setConversationStore()` or the `ai.conversations` DI key.');
     const ctx = await preparePersistence(spec, agentClassName, store, options?.history);
+    await runValidation(ctx, options);
     const effOptions = { ...options, history: ctx.history };
     const response = await inner(effOptions);
     await store.append(ctx.convId, newMessagesFromTurn(input, response));
@@ -123,6 +146,7 @@ export function runWithPersistenceStreaming(spec, agentClassName, storeLookup, i
         let ctx;
         try {
             ctx = await preparePersistence(spec, agentClassName, store, options?.history);
+            await runValidation(ctx, options);
         }
         catch (err) {
             rejectResponse(err);