@saiteja1123/mcp-server 1.1.4 → 1.1.6

package/src/deep-scan/registry.js

@@ -0,0 +1,159 @@
+import { assertSourceSafePayload, cloneSourceSafe } from './sourceSafe.js';
+
+const ID_PATTERN = /^[a-zA-Z0-9_.:-]+$/;
+
+const asString = (value, name, max = 160) => {
+  if (typeof value !== 'string' || !value.trim()) throw new Error(`${name} must be a non-empty string`);
+  if (value.length > max) throw new Error(`${name} must be ${max} characters or fewer`);
+  return value;
+};
+
+const validateDefinition = (definition) => {
+  const id = asString(definition?.id, 'stepper.id');
+  if (!ID_PATTERN.test(id)) throw new Error(`stepper.id has invalid characters: ${id}`);
+  const version = asString(definition?.version, 'stepper.version', 80);
+  if (typeof definition.run !== 'function') throw new Error(`stepper ${id} must provide a run() function`);
+  const normalized = {
+    id,
+    version,
+    title: asString(definition.title || id, 'stepper.title', 200),
+    category: asString(definition.category || 'general', 'stepper.category', 80),
+    requiredInputs: Array.isArray(definition.requiredInputs) ? [...definition.requiredInputs] : [],
+    producedArtifacts: Array.isArray(definition.producedArtifacts) ? [...definition.producedArtifacts] : [],
+    defaultTimeoutMs: Number.isFinite(Number(definition.defaultTimeoutMs))
+      ? Number(definition.defaultTimeoutMs)
+      : 30000,
+    requiresApproval: Array.isArray(definition.requiresApproval) ? [...definition.requiresApproval] : [],
+    unsafeExternal: definition.unsafeExternal === true,
+    run: definition.run,
+  };
+  assertSourceSafePayload({
+    ...normalized,
+    run: '[function]',
+  }, `stepper.${id}`);
+  return normalized;
+};
+
+export class StepperRegistry {
+  constructor(definitions = []) {
+    this.definitions = new Map();
+    definitions.forEach((definition) => this.register(definition));
+  }
+
+  register(definition) {
+    const normalized = validateDefinition(definition);
+    if (this.definitions.has(normalized.id)) {
+      throw new Error(`Duplicate stepper id registered: ${normalized.id}`);
+    }
+    this.definitions.set(normalized.id, normalized);
+    return this;
+  }
+
+  unregister(id) {
+    this.definitions.delete(id);
+    return this;
+  }
+
+  get(id) {
+    return this.definitions.get(id) || null;
+  }
+
+  list() {
+    return [...this.definitions.values()].map(({ run, ...definition }) => ({ ...definition }));
+  }
+
+  validateProfile(profile = {}) {
+    const errors = [];
+    const normalizedSteps = [];
+    const seen = new Set();
+    const steppers = Array.isArray(profile.steppers) ? profile.steppers : [];
+
+    if (!profile.id || typeof profile.id !== 'string') {
+      errors.push({ code: 'PROFILE_ID_REQUIRED', message: 'GraphProfile requires a string id.' });
+    }
+    if (!profile.version || typeof profile.version !== 'string') {
+      errors.push({ code: 'PROFILE_VERSION_REQUIRED', message: 'GraphProfile requires a string version.' });
+    }
+    if (steppers.length === 0) {
+      errors.push({ code: 'PROFILE_STEPPERS_REQUIRED', message: 'GraphProfile requires at least one stepper.' });
+    }
+
+    steppers.forEach((rawStep, index) => {
+      const step = cloneSourceSafe(rawStep || {}, `graphProfile.steppers[${index}]`);
+      const id = step.id;
+      if (!id || typeof id !== 'string') {
+        errors.push({ code: 'STEPPER_ID_REQUIRED', message: `Stepper at index ${index} requires an id.` });
+        return;
+      }
+      if (seen.has(id)) {
+        errors.push({ code: 'DUPLICATE_PROFILE_STEPPER', message: `GraphProfile repeats stepper id ${id}.` });
+        return;
+      }
+      seen.add(id);
+
+      const definition = this.get(id);
+      const enabled = step.enabled !== false;
+      const required = step.required !== false;
+      if (!definition && !enabled && !required) {
+        normalizedSteps.push({
+          id,
+          enabled,
+          required,
+          config: cloneSourceSafe(step.config || {}, `graphProfile.steppers[${index}].config`),
+          definition: {
+            id,
+            version: 'disabled',
+            requiresApproval: [],
+            unsafeExternal: false,
+          },
+        });
+        return;
+      }
+      if (!definition) {
+        errors.push({ code: 'STEPPER_NOT_REGISTERED', message: `Stepper id ${id} is not registered.` });
+        return;
+      }
+
+      if (!enabled && required) {
+        errors.push({ code: 'REQUIRED_STEPPER_DISABLED', message: `Required stepper ${id} cannot be disabled.` });
+      }
+      if (enabled && definition.unsafeExternal && definition.requiresApproval.length === 0) {
+        errors.push({
+          code: 'UNSAFE_EXTERNAL_MISSING_APPROVAL_REQUIREMENTS',
+          message: `Unsafe external stepper ${id} must define concrete approval requirements.`,
+        });
+      }
+      if (
+        enabled
+        && definition.unsafeExternal
+        && step.requiresApproval !== true
+        && profile.humanReview?.allowExternalTests !== true
+      ) {
+        errors.push({
+          code: 'UNSAFE_EXTERNAL_REQUIRES_APPROVAL',
+          message: `Stepper ${id} requires explicit approval before external execution.`,
+        });
+      }
+
+      normalizedSteps.push({
+        id,
+        enabled,
+        required,
+        config: cloneSourceSafe(step.config || {}, `graphProfile.steppers[${index}].config`),
+        definition,
+      });
+    });
+
+    return {
+      valid: errors.length === 0,
+      errors,
+      steps: normalizedSteps,
+      profile: {
+        id: profile.id || '',
+        version: profile.version || '',
+        checkpoint: profile.checkpoint !== false,
+        humanReview: cloneSourceSafe(profile.humanReview || {}, 'graphProfile.humanReview'),
+      },
+    };
+  }
+}

package/src/deep-scan/runtime.js

@@ -0,0 +1,275 @@
+import crypto from 'crypto';
+import {
+  validateApproval,
+  validateStepResult,
+} from './contracts.js';
+import { assertSourceSafePayload, cloneSourceSafe } from './sourceSafe.js';
+
+const nowIso = () => new Date().toISOString();
+
+const terminalForResume = new Set(['passed', 'skipped']);
+const stopStatuses = new Set(['failed', 'blocked', 'needs_human']);
+
+const hasApproved = (state, requirementId) =>
+  (state.approvals || []).some((approval) =>
+    approval.requirementId === requirementId && approval.decision === 'approved');
+
+const hasDenied = (state, requirementId) =>
+  (state.approvals || []).some((approval) =>
+    approval.requirementId === requirementId && approval.decision === 'denied');
+
+const hasRequested = (state, requirementId) =>
+  (state.approvals || []).some((approval) =>
+    approval.requirementId === requirementId && approval.decision === 'requested');
+
+const makeStepResult = ({
+  stepperId,
+  version,
+  status,
+  summary,
+  skippedReason,
+  blockedReason,
+  needsHumanReason,
+  nextActions = [],
+}) => {
+  const startedAt = nowIso();
+  return validateStepResult({
+    stepperId,
+    version,
+    status,
+    startedAt,
+    finishedAt: nowIso(),
+    evidence: [],
+    findings: [],
+    artifacts: [],
+    receipts: [],
+    summary,
+    nextActions,
+    skippedReason,
+    blockedReason,
+    needsHumanReason,
+  }, { stepperId, version });
+};
+
+export class DeepScanRuntime {
+  constructor({ registry, store, idFactory = () => `deep_scan_${crypto.randomUUID()}` }) {
+    if (!registry) throw new Error('DeepScanRuntime requires a registry');
+    if (!store) throw new Error('DeepScanRuntime requires a store');
+    this.registry = registry;
+    this.store = store;
+    this.idFactory = idFactory;
+  }
+
+  async createRun({
+    projectId,
+    projectHash = null,
+    graphProfile,
+    metadata = {},
+  }) {
+    assertSourceSafePayload({ graphProfile, metadata }, 'deepScanRun.create');
+    const validation = this.registry.validateProfile(graphProfile);
+    if (!validation.valid) {
+      const message = validation.errors.map((error) => error.message).join('; ');
+      throw new Error(`Invalid GraphProfile: ${message}`);
+    }
+    const timestamp = nowIso();
+    const state = {
+      runId: this.idFactory(),
+      projectId,
+      projectHash,
+      graphProfileId: graphProfile.id,
+      graphProfileVersion: graphProfile.version,
+      status: 'pending',
+      graphProfile: cloneSourceSafe(graphProfile, 'deepScanRun.graphProfile'),
+      metadata: cloneSourceSafe(metadata, 'deepScanRun.metadata'),
+      artifacts: {},
+      findings: [],
+      receipts: [],
+      approvals: [],
+      stepResults: {},
+      createdAt: timestamp,
+      updatedAt: timestamp,
+    };
+    await this.store.saveRun(state);
+    return state;
+  }
+
+  async startRun(runId) {
+    const state = await this.store.getRun(runId);
+    if (state.status !== 'pending') return this.resumeRun(runId);
+    return this.#execute(state);
+  }
+
+  async resumeRun(runId) {
+    const state = await this.store.getRun(runId);
+    return this.#execute(state);
+  }
+
+  async recordApproval({
+    runId,
+    requirementId,
+    decision,
+    approvedBy,
+    reason,
+    relatedFindingId,
+    relatedArtifactId,
+    metadata = {},
+  }) {
+    const state = await this.store.getRun(runId);
+    const approval = validateApproval({
+      id: `approval_${crypto.randomUUID()}`,
+      requirementId,
+      decision,
+      approvedBy,
+      reason,
+      relatedFindingId,
+      relatedArtifactId,
+      metadata,
+      createdAt: nowIso(),
+    });
+    state.approvals = [...(state.approvals || []), approval];
+    state.updatedAt = nowIso();
+    await this.store.saveRun(state);
+    return approval;
+  }
+
+  async #execute(state) {
+    const validation = this.registry.validateProfile(state.graphProfile);
+    if (!validation.valid) {
+      throw new Error(`Invalid GraphProfile: ${validation.errors.map((error) => error.message).join('; ')}`);
+    }
+
+    state.status = 'running';
+    state.updatedAt = nowIso();
+    await this.store.saveRun(state);
+
+    for (const step of validation.steps) {
+      const existing = state.stepResults[step.id];
+      if (existing && terminalForResume.has(existing.status)) continue;
+      if (existing && stopStatuses.has(existing.status)) {
+        const requirements = step.definition.requiresApproval || [];
+        const deniedRequirement = requirements.find((requirementId) => hasDenied(state, requirementId));
+        if (existing.status === 'needs_human' && deniedRequirement) {
+          const blocked = makeStepResult({
+            stepperId: step.id,
+            version: step.definition.version,
+            status: 'blocked',
+            summary: `Stepper ${step.id} was blocked because approval ${deniedRequirement} was denied.`,
+            blockedReason: `Approval denied for ${deniedRequirement}.`,
+            nextActions: ['Resolve the denied approval or create a new run with a safe graph profile.'],
+          });
+          this.#applyStepResult(state, blocked);
+          state.status = 'blocked';
+          state.updatedAt = nowIso();
+          await this.store.saveRun(state);
+          return state;
+        }
+        const approvalsSatisfied = requirements.every((requirementId) => hasApproved(state, requirementId));
+        if (existing.status === 'needs_human' && approvalsSatisfied) {
+          delete state.stepResults[step.id];
+        } else {
+          state.status = existing.status;
+          state.updatedAt = nowIso();
+          await this.store.saveRun(state);
+          return state;
+        }
+      }
+
+      if (!step.enabled) {
+        const skipped = makeStepResult({
+          stepperId: step.id,
+          version: step.definition.version,
+          status: 'skipped',
+          summary: `Optional stepper ${step.id} is disabled by the active GraphProfile.`,
+          skippedReason: 'Disabled optional stepper.',
+          nextActions: ['Continue to the next enabled stepper.'],
+        });
+        this.#applyStepResult(state, skipped);
+        await this.store.saveRun(state);
+        continue;
+      }
+
+      const unmetApproval = (step.definition.requiresApproval || [])
+        .find((requirementId) => !hasApproved(state, requirementId));
+      if (unmetApproval) {
+        if (hasDenied(state, unmetApproval)) {
+          const blocked = makeStepResult({
+            stepperId: step.id,
+            version: step.definition.version,
+            status: 'blocked',
+            summary: `Stepper ${step.id} was blocked because approval ${unmetApproval} was denied.`,
+            blockedReason: `Approval denied for ${unmetApproval}.`,
+            nextActions: ['Resolve the denied approval or create a new run with a safe graph profile.'],
+          });
+          this.#applyStepResult(state, blocked);
+          state.status = 'blocked';
+          state.updatedAt = nowIso();
+          await this.store.saveRun(state);
+          return state;
+        }
+        if (!hasRequested(state, unmetApproval)) {
+          state.approvals.push(validateApproval({
+            id: `approval_${crypto.randomUUID()}`,
+            requirementId: unmetApproval,
+            decision: 'requested',
+            createdAt: nowIso(),
+          }));
+        }
+        const needsHuman = makeStepResult({
+          stepperId: step.id,
+          version: step.definition.version,
+          status: 'needs_human',
+          summary: `Stepper ${step.id} requires human approval before it can continue.`,
+          needsHumanReason: `Approval required for ${unmetApproval}.`,
+          nextActions: [`Record approval for ${unmetApproval}, then resume this run.`],
+        });
+        this.#applyStepResult(state, needsHuman);
+        state.status = 'needs_human';
+        state.updatedAt = nowIso();
+        await this.store.saveRun(state);
+        return state;
+      }
+
+      const result = validateStepResult(await step.definition.run({
+        runId: state.runId,
+        projectId: state.projectId,
+        state: cloneSourceSafe(state, 'stepperInput.state'),
+        config: step.config,
+        policyPack: state.graphProfile.policyPack || {},
+        tools: {
+          rootPath: this.store.rootPath,
+          artifactBaseDir: this.store.baseDir,
+        },
+      }), {
+        stepperId: step.id,
+        version: step.definition.version,
+      });
+      this.#applyStepResult(state, result);
+      state.updatedAt = nowIso();
+      await this.store.saveRun(state);
+
+      if (step.required && stopStatuses.has(result.status)) {
+        state.status = result.status;
+        state.updatedAt = nowIso();
+        await this.store.saveRun(state);
+        return state;
+      }
+    }
+
+    state.status = 'passed';
+    state.updatedAt = nowIso();
+    await this.store.saveRun(state);
+    return state;
+  }
+
+  #applyStepResult(state, result) {
+    state.stepResults[result.stepperId] = result;
+    for (const artifact of result.artifacts || []) {
+      state.artifacts[result.stepperId] = artifact;
+      state.artifacts[artifact.id] = artifact;
+    }
+    state.findings = [...(state.findings || []), ...(result.findings || [])];
+    state.receipts = [...(state.receipts || []), ...(result.receipts || [])];
+    state.status = result.status === 'passed' || result.status === 'skipped' ? 'running' : result.status;
+  }
+}

package/src/deep-scan/sample-steppers.js

@@ -0,0 +1,128 @@
+import { createArtifactRef } from './contracts.js';
+import { deterministicScanStepper } from './deterministic-scan.js';
+import { ralphComparisonStepper } from './ralph-compare.js';
+import { ralphFailureTrackStepper } from './ralph-track.js';
+import { ralphAcceptStepper } from './ralph-accept.js';
+import { projectMapStepper } from './project-map.js';
+import { ralphTaskStepper } from './ralph-tasks.js';
+import { securityTestPlanStepper } from './test-plan.js';
+
+const now = () => new Date().toISOString();
+
+export function sampleNoopStepper() {
+  return {
+    id: 'sample.noop',
+    version: '1.0.0',
+    title: 'No-op Stepper',
+    category: 'runtime_proof',
+    requiredInputs: [],
+    producedArtifacts: [],
+    defaultTimeoutMs: 5000,
+    async run({ runId }) {
+      const startedAt = now();
+      return {
+        stepperId: 'sample.noop',
+        version: '1.0.0',
+        status: 'passed',
+        startedAt,
+        finishedAt: now(),
+        evidence: [{
+          type: 'runtime',
+          label: 'No-op execution',
+          preview: `Run ${runId} executed the no-op stepper.`,
+        }],
+        findings: [],
+        artifacts: [],
+        summary: 'No-op stepper executed successfully.',
+        nextActions: ['Continue to the next Deep Scan stepper.'],
+      };
+    },
+  };
+}
+
+export function sampleArtifactStepper() {
+  return {
+    id: 'sample.artifact',
+    version: '1.0.0',
+    title: 'Sample Artifact Stepper',
+    category: 'runtime_proof',
+    requiredInputs: [],
+    producedArtifacts: ['runtime.sample_artifact'],
+    defaultTimeoutMs: 5000,
+    async run({ runId }) {
+      const startedAt = now();
+      const artifact = createArtifactRef({
+        id: `artifact-${runId}-sample`,
+        type: 'runtime_sample',
+        storage: 'local',
+        uri: `.vibesecur/deep-scans/${runId}/sample-artifact.json`,
+        hash: 'd'.repeat(64),
+        preview: 'Synthetic metadata-only runtime proof artifact.',
+        metadata: { generatedBy: 'sample.artifact' },
+      });
+      return {
+        stepperId: 'sample.artifact',
+        version: '1.0.0',
+        status: 'passed',
+        startedAt,
+        finishedAt: now(),
+        evidence: [{
+          type: 'hash',
+          label: 'Sample artifact hash',
+          hash: artifact.hash,
+          preview: 'Metadata-only artifact reference created.',
+        }],
+        findings: [],
+        artifacts: [artifact],
+        summary: 'Sample artifact reference created.',
+        nextActions: ['Inspect Deep Scan status.'],
+      };
+    },
+  };
+}
+
+export function sampleNeedsHumanStepper() {
+  return {
+    id: 'sample.needsHuman',
+    version: '1.0.0',
+    title: 'Human Approval Stepper',
+    category: 'runtime_proof',
+    requiredInputs: [],
+    producedArtifacts: [],
+    defaultTimeoutMs: 5000,
+    requiresApproval: ['sample.needsHuman'],
+    async run() {
+      const startedAt = now();
+      return {
+        stepperId: 'sample.needsHuman',
+        version: '1.0.0',
+        status: 'passed',
+        startedAt,
+        finishedAt: now(),
+        evidence: [{
+          type: 'approval',
+          label: 'Human approval recorded',
+          preview: 'Approval metadata was present before the step ran.',
+        }],
+        findings: [],
+        artifacts: [],
+        summary: 'Human approval requirement satisfied.',
+        nextActions: ['Continue to the next Deep Scan stepper.'],
+      };
+    },
+  };
+}
+
+export function createSampleStepperRegistry(registry) {
+  return registry
+    .register(sampleNoopStepper())
+    .register(projectMapStepper())
+    .register(deterministicScanStepper())
+    .register(securityTestPlanStepper())
+    .register(ralphTaskStepper())
+    .register(ralphComparisonStepper())
+    .register(ralphAcceptStepper())
+    .register(ralphFailureTrackStepper())
+    .register(sampleArtifactStepper())
+    .register(sampleNeedsHumanStepper());
+}

package/src/deep-scan/sourceSafe.js

@@ -0,0 +1,73 @@
+const RAW_SOURCE_KEYS = new Set([
+  'code',
+  'sourcecode',
+  'source_code',
+  'rawsource',
+  'raw_source',
+  'sourceblob',
+  'source_blob',
+  'filecontent',
+  'file_content',
+  'content',
+  'contents',
+  'secret',
+  'secrets',
+  'apikey',
+  'api_key',
+  'privatekey',
+  'private_key',
+  'tokenvalue',
+  'token_value',
+]);
+
+const RAW_SOURCE_VALUE_PATTERNS = [
+  /\bsk_(?:live|test)_[a-zA-Z0-9_=-]{8,}\b/i,
+  /-----BEGIN [A-Z ]*(?:PRIVATE KEY|SECRET|TOKEN|CERTIFICATE)-----/i,
+  /\b(?:const|let|var)\s+[a-zA-Z_$][\w$]*\s*=/,
+  /\b(?:async\s+)?function\s+[a-zA-Z_$][\w$]*\s*\(/,
+  /^\s*(?:def|class)\s+[a-zA-Z_][\w]*\s*(?:\([^)]*\))?\s*:/m,
+  /=>\s*[{(]/,
+];
+
+const normalizeKey = (key) => String(key || '').replace(/[^a-zA-Z0-9_]/g, '').toLowerCase();
+
+export function findRawSourceField(value, path = 'payload', seen = new WeakSet()) {
+  if (typeof value === 'string') {
+    return RAW_SOURCE_VALUE_PATTERNS.some((pattern) => pattern.test(value)) ? path : null;
+  }
+  if (!value || typeof value !== 'object') return null;
+  if (seen.has(value)) return null;
+  seen.add(value);
+
+  if (Array.isArray(value)) {
+    for (let i = 0; i < value.length; i += 1) {
+      const found = findRawSourceField(value[i], `${path}[${i}]`, seen);
+      if (found) return found;
+    }
+    return null;
+  }
+
+  for (const [key, child] of Object.entries(value)) {
+    const childPath = `${path}.${key}`;
+    if (RAW_SOURCE_KEYS.has(normalizeKey(key))) return childPath;
+    const found = findRawSourceField(child, childPath, seen);
+    if (found) return found;
+  }
+  return null;
+}
+
+export function assertSourceSafePayload(value, label = 'payload') {
+  const found = findRawSourceField(value, label);
+  if (found) {
+    throw new Error(
+      `Deep Scan stores metadata only; raw source or secret-like value at "${found}" is not source-safe.`,
+    );
+  }
+  return value;
+}
+
+export function cloneSourceSafe(value, label = 'payload') {
+  assertSourceSafePayload(value, label);
+  if (value === undefined) return undefined;
+  return JSON.parse(JSON.stringify(value));
+}

package/src/deep-scan/status.js

@@ -0,0 +1,70 @@
+const STEP_ORDER = ['pending', 'running', 'needs_human', 'blocked', 'failed', 'skipped', 'passed'];
+
+function uniqueArtifactRefs(artifacts = {}) {
+  const seen = new Set();
+  const refs = [];
+  for (const ref of Object.values(artifacts)) {
+    const key = ref?.id || `${ref?.type || 'artifact'}:${ref?.uri || ''}:${ref?.hash || ''}`;
+    if (seen.has(key)) continue;
+    seen.add(key);
+    refs.push(ref);
+  }
+  return refs;
+}
+
+export function nextActionForState(state) {
+  if (state.status === 'pending') return 'Start or resume the local MCP Deep Scan runtime for this run.';
+  if (state.status === 'running') return 'Wait for the current stepper to checkpoint, then inspect status again.';
+  if (state.status === 'needs_human') return 'Record the required human approval or denial, then resume the run.';
+  if (state.status === 'blocked') return 'Resolve the blocked reason shown on the step result, then resume when safe.';
+  if (state.status === 'failed') return 'Inspect failed step evidence and rerun after the local issue is fixed.';
+  if (state.status === 'passed') return 'Use the receipt-backed artifacts to generate the next report or passport step.';
+  if (state.status === 'skipped') return 'Review skipped reasons before relying on the run.';
+  return 'Inspect Deep Scan status for the next safe action.';
+}
+
+export function buildDeepScanStatus(state) {
+  const profileOrder = new Map((state.graphProfile?.steppers || [])
+    .map((step, index) => [step.id, index]));
+  const steps = Object.values(state.stepResults || {})
+    .map((result) => ({
+      stepperId: result.stepperId,
+      version: result.version,
+      status: result.status,
+      summary: result.summary,
+      skippedReason: result.skippedReason || null,
+      blockedReason: result.blockedReason || null,
+      needsHumanReason: result.needsHumanReason || null,
+      artifactCount: (result.artifacts || []).length,
+      findingCount: (result.findings || []).length,
+      receiptCount: (result.receipts || []).length,
+      startedAt: result.startedAt,
+      finishedAt: result.finishedAt,
+    }))
+    .sort((a, b) => {
+      const profileDelta = (profileOrder.get(a.stepperId) ?? Number.MAX_SAFE_INTEGER)
+        - (profileOrder.get(b.stepperId) ?? Number.MAX_SAFE_INTEGER);
+      if (profileDelta) return profileDelta;
+      const statusDelta = STEP_ORDER.indexOf(a.status) - STEP_ORDER.indexOf(b.status);
+      return statusDelta || a.stepperId.localeCompare(b.stepperId);
+    });
+
+  return {
+    runId: state.runId,
+    projectId: state.projectId,
+    projectHash: state.projectHash || null,
+    graphProfileId: state.graphProfileId,
+    graphProfileVersion: state.graphProfileVersion,
+    status: state.status,
+    stepCount: steps.length,
+    steps,
+    artifactRefs: uniqueArtifactRefs(state.artifacts),
+    findingCount: (state.findings || []).length,
+    receiptCount: (state.receipts || []).length,
+    receiptRefs: state.receipts || [],
+    approvals: state.approvals || [],
+    createdAt: state.createdAt,
+    updatedAt: state.updatedAt,
+    nextAction: nextActionForState(state),
+  };
+}