@seawork/server 1.0.22-rc.3 → 2.0.2-rc.6

package/dist/server/server/agent/providers/deepseek-agent.js

@@ -0,0 +1,811 @@
+import { applyProviderEnv, resolveProviderCommandPrefix, } from "../provider-launch-config.js";
+import { selectCodexBinary, selectEffectiveCodexBinary, verifyCommandAvailable, } from "./codex-binary-resolver.js";
+import { getSeaworkModels } from "./seawork-models.js";
+import { DEEPSEEK_BINARY, DEEPSEEK_PROVIDER } from "./deepseek/constants.js";
+import { mapHistoryItems, mapServeEvent, newAccumulator } from "./deepseek/event-mapper.js";
+import { DeepseekServeClient } from "./deepseek/serve-client.js";
+import { startDeepseekServe } from "./deepseek/serve-process.js";
+import { buildSeaworkGatewayHeaders, formatDeepseekHttpHeaders } from "./gateway-telemetry.js";
+export { DEEPSEEK_PROVIDER };
+const AVAILABILITY_TTL_MS = 30000;
+const DEEPSEEK_CAPABILITIES = {
+    supportsStreaming: true,
+    supportsSessionPersistence: true,
+    supportsDynamicModes: false,
+    supportsMcpServers: false,
+    supportsReasoningStream: true,
+    supportsToolInvocations: true,
+};
+// Modes mirror the codex auto/full-access split. CodeWhale's serve runtime
+// gates tool execution on `auto_approve`: false => emit approval.required and
+// block (Ask); true => run without prompting (Full Access).
+const DEEPSEEK_MODES = [
+    {
+        id: "auto",
+        label: "Ask First",
+        description: "Edit files and run commands after you approve each action.",
+    },
+    {
+        id: "full-access",
+        label: "Full Access",
+        description: "Edit files and run commands without per-action approval.",
+    },
+];
+const DEFAULT_DEEPSEEK_MODE = "auto";
+function readEnvString(env, key) {
+    const value = env[key];
+    return typeof value === "string" && value.trim().length > 0 ? value.trim() : null;
+}
+/**
+ * Resolve the LLM gateway the CodeWhale serve subprocess should hit.
+ *
+ * serve runs in `DEEPSEEK_PROVIDER=openai` mode and reads `OPENAI_BASE_URL` /
+ * `OPENAI_API_KEY`, then appends `/v1/chat/completions` itself. The LLM gateway
+ * lives in `SEAWORK_LLM_BASE_URL` (auth.json base_url, e.g.
+ * `https://api.seawork.ai/llm`); the desktop sets `OPENAI_BASE_URL` to the
+ * *image* gateway, which has no chat-completions route. Reading OPENAI_BASE_URL
+ * verbatim is what produced `404 Cannot POST /v1/chat/completions`. So we take
+ * the gateway ONLY from SEAWORK_LLM_BASE_URL and pass it as the gateway root
+ * (do NOT append `/v1` — serve does that).
+ */
+export function resolveDeepseekGatewayEnv(env) {
+    return {
+        baseURL: readEnvString(env, "SEAWORK_LLM_BASE_URL"),
+        apiKey: readEnvString(env, "SEAWORK_API_KEY") ?? readEnvString(env, "OPENAI_API_KEY"),
+    };
+}
+function modeToApproval(modeId) {
+    // Full access => auto-approve everything; otherwise require approvals.
+    const full = modeId === "full-access";
+    return { auto_approve: full, allow_shell: true };
+}
+function promptToText(prompt) {
+    if (typeof prompt === "string")
+        return prompt;
+    const parts = [];
+    for (const block of prompt) {
+        if (block.type === "text")
+            parts.push(block.text);
+        else if (block.type === "image")
+            throw new Error("deepseek provider does not support image inputs");
+        else
+            throw new Error(`deepseek provider does not support content block "${block.type}"`);
+    }
+    return parts.join("\n");
+}
+function hasInvalidPersistedChatMessages(items) {
+    return items.some((item) => {
+        if (item.kind !== "user_message" && item.kind !== "agent_message") {
+            return false;
+        }
+        const text = item.detail ?? item.summary ?? "";
+        return text.trim().length === 0;
+    });
+}
+function isActiveServeTurnStatus(status) {
+    if (!status)
+        return false;
+    const normalized = status.trim().toLowerCase();
+    return (normalized === "in_progress" ||
+        normalized === "in-progress" ||
+        normalized === "running" ||
+        normalized === "active" ||
+        normalized === "pending");
+}
+export class DeepseekAgentClient {
+    constructor(logger, runtimeSettings) {
+        this.logger = logger;
+        this.runtimeSettings = runtimeSettings;
+        this.provider = DEEPSEEK_PROVIDER;
+        this.capabilities = DEEPSEEK_CAPABILITIES;
+        this.availabilityCache = null;
+    }
+    async createSession(config, launchContext) {
+        return this.openSession(config, null, launchContext);
+    }
+    async resumeSession(handle, overrides, launchContext) {
+        const cwd = overrides?.cwd ??
+            (typeof handle.metadata?.cwd === "string" ? handle.metadata.cwd : process.cwd());
+        const config = {
+            provider: DEEPSEEK_PROVIDER,
+            cwd,
+            model: overrides?.model ?? handle.metadata?.model,
+            modeId: overrides?.modeId ?? handle.metadata?.modeId,
+            ...overrides,
+        };
+        return this.openSession(config, handle, launchContext);
+    }
+    async listModels(_options) {
+        return getSeaworkModels(DEEPSEEK_PROVIDER);
+    }
+    async listModes() {
+        return DEEPSEEK_MODES;
+    }
+    async isAvailable() {
+        const now = Date.now();
+        if (this.availabilityCache && now - this.availabilityCache.at < AVAILABILITY_TTL_MS) {
+            return this.availabilityCache.value;
+        }
+        let value = false;
+        try {
+            const selection = await selectEffectiveCodexBinary(this.runtimeSettings, {
+                spawnEnv: this.spawnEnv(),
+                binary: DEEPSEEK_BINARY,
+            });
+            value = await verifyCommandAvailable(selection.binary, { spawnEnv: this.spawnEnv() });
+        }
+        catch {
+            value = false;
+        }
+        this.availabilityCache = { value, at: now };
+        return value;
+    }
+    async getDiagnostic() {
+        try {
+            const spawnEnv = this.spawnEnv();
+            const selection = await selectEffectiveCodexBinary(this.runtimeSettings, {
+                spawnEnv,
+                binary: DEEPSEEK_BINARY,
+            });
+            // Report the LLM gateway the session actually spawns with — resolved the
+            // same way openSession() does (SEAWORK_LLM_BASE_URL only), so UI
+            // availability and the real serve spawn agree on the gateway.
+            const baseURL = resolveDeepseekGatewayEnv(spawnEnv).baseURL ?? "(unset)";
+            return {
+                diagnostic: [
+                    `Binary: ${selection.binary} (${selection.source})`,
+                    `Gateway: ${baseURL}`,
+                    `Transport: codewhale serve --http`,
+                ].join("\n"),
+            };
+        }
+        catch (error) {
+            return {
+                diagnostic: `DeepSeek binary not found — ${error instanceof Error ? error.message : String(error)}`,
+            };
+        }
+    }
+    spawnEnv() {
+        return applyProviderEnv(process.env, this.runtimeSettings);
+    }
+    async openSession(config, resumeHandle, launchContext) {
+        // Resolve the launch command through the provider runtime command config
+        // (command.replace / command.append), exactly like isAvailable() and
+        // getDiagnostic() do — otherwise a user's custom wrapper would show as
+        // "available" in the UI but be ignored when actually spawning a session.
+        // The default command is the resolved codewhale/deepseek binary; any
+        // command.replace argv or command.append args ride along as prefix args.
+        const prefix = await resolveProviderCommandPrefix(this.runtimeSettings?.command, async () => {
+            const selection = await selectCodexBinary({
+                logger: this.logger,
+                spawnEnv: this.spawnEnv(),
+                binary: DEEPSEEK_BINARY,
+            });
+            return selection.binary;
+        });
+        // Route CodeWhale at the Seawork LLM gateway via its OpenAI-compatible
+        // provider. serve reads OPENAI_BASE_URL / OPENAI_API_KEY, so we OVERRIDE
+        // them with the LLM gateway from SEAWORK_LLM_BASE_URL (auth.json base_url):
+        // spawnEnv()'s OPENAI_BASE_URL is the desktop image gateway and would 404.
+        //
+        // Merge launchContext.env FIRST (into mergedEnv), then resolve the gateway
+        // from that merged view and apply the OPENAI_* override LAST — otherwise a
+        // launchContext-supplied OPENAI_BASE_URL (image gateway) would spread in
+        // after the override and re-introduce the 404, and a launchContext-supplied
+        // SEAWORK_LLM_BASE_URL would be missed. spawnEnv() already merges provider
+        // runtimeSettings.env over process.env (applyProviderEnv), so a per-provider
+        // override survives. Same env basis isAvailable()/getDiagnostic() use.
+        const mergedEnv = {
+            ...this.spawnEnv(),
+            ...(launchContext?.env ?? {}),
+            DEEPSEEK_PROVIDER: "openai",
+            ...(config.model ? { DEEPSEEK_MODEL: config.model } : {}),
+            DEEPSEEK_HTTP_HEADERS: formatDeepseekHttpHeaders(buildSeaworkGatewayHeaders(DEEPSEEK_PROVIDER)),
+        };
+        const gateway = resolveDeepseekGatewayEnv(mergedEnv);
+        const env = { ...mergedEnv };
+        // When SEAWORK_LLM_BASE_URL is missing there is NO LLM gateway. Don't leave
+        // the inherited OPENAI_BASE_URL (desktop's image gateway) in place — serve
+        // would silently POST to the wrong host and 404. Strip it so DeepSeek fails
+        // as "not logged in" instead. When present, OVERRIDE serve's OPENAI_* with
+        // the LLM gateway so the image gateway can never win.
+        if (gateway.baseURL) {
+            env.OPENAI_BASE_URL = gateway.baseURL;
+        }
+        else {
+            delete env.OPENAI_BASE_URL;
+        }
+        if (gateway.apiKey) {
+            env.OPENAI_API_KEY = gateway.apiKey;
+        }
+        const serve = await startDeepseekServe({
+            binary: prefix.command,
+            prefixArgs: prefix.args,
+            env,
+            logger: this.logger,
+        });
+        // If the handshake (createThread / SSE) fails, tear the serve subprocess
+        // down before propagating — otherwise the orphaned process leaks.
+        try {
+            const session = new DeepseekSession(config, resumeHandle, this.logger, serve);
+            await session.connect();
+            return session;
+        }
+        catch (err) {
+            serve.close();
+            throw err;
+        }
+    }
+}
+export class DeepseekSession {
+    constructor(config, resumeHandle, logger, serve) {
+        this.config = config;
+        this.resumeHandle = resumeHandle;
+        this.logger = logger;
+        this.serve = serve;
+        this.provider = DEEPSEEK_PROVIDER;
+        this.capabilities = DEEPSEEK_CAPABILITIES;
+        this.subscribers = new Set();
+        this.history = [];
+        // Timeline items rebuilt from the persisted thread on resume; streamHistory()
+        // replays these once so a restarted daemon shows past turns.
+        this.persistedHistory = [];
+        this.pendingPermissions = new Map();
+        // approvalId -> turnId, so terminal events can drop a turn's stale approvals.
+        this.pendingPermissionTurn = new Map();
+        this.threadId = null;
+        this.sseAbort = null;
+        this.eventStreamReady = null;
+        this.closed = false;
+        // SSE turn id from the most recent turn.started frame — the SAME id run()
+        // pins as ourTurnId — and the id of the last turn that reached a terminal
+        // event. If the stream dies after lastStartedTurnId but before that turn is
+        // terminated, we synthesize turn_failed with this exact id so run()'s turnId
+        // filter doesn't drop it.
+        this.lastStartedTurnId = null;
+        this.lastTerminatedTurnId = null;
+        // True from just before the POST /turns until that turn reaches a terminal
+        // event. Lets the SSE finally{} emit a last-resort turn_failed if the stream
+        // dies in the narrow window after connect but before turn.started AND before
+        // the POST response set activeTurnId — otherwise run() would hang forever.
+        this.turnStartInFlight = false;
+        // turnId -> ordered authoritative assistant text per completed item
+        // (itemId -> full text), populated from every completed agent_message item.
+        // run() joins these in insertion order for a correct finalText across
+        // multi-segment turns (tool rounds), independent of any lossy delta stream.
+        this.assistantTextByTurn = new Map();
+        this.activeTurnId = null;
+        this.recoveringConflict = false;
+        this.client = new DeepseekServeClient(serve.baseUrl, serve.token, logger);
+        this.model = config.model ?? null;
+        this.currentMode = config.modeId ?? DEFAULT_DEEPSEEK_MODE;
+    }
+    get id() {
+        return this.threadId;
+    }
+    async connect() {
+        const approval = modeToApproval(this.currentMode);
+        if (this.resumeHandle?.sessionId) {
+            const resumeThreadId = this.resumeHandle.sessionId;
+            let persistedItems = [];
+            let inspectedPersistedThread = false;
+            try {
+                const detail = await this.client.getThreadDetail(resumeThreadId);
+                persistedItems = detail.items ?? [];
+                inspectedPersistedThread = true;
+            }
+            catch (err) {
+                this.logger.warn({ err }, "deepseek: failed to inspect persisted thread before resume");
+            }
+            this.persistedHistory = mapHistoryItems(persistedItems);
+            if (hasInvalidPersistedChatMessages(persistedItems)) {
+                this.logger.warn({ threadId: resumeThreadId }, "deepseek: persisted thread contains empty chat messages; starting a fresh thread to avoid gateway 400s");
+                const thread = await this.client.createThread({
+                    model: this.model ?? undefined,
+                    workspace: this.config.cwd,
+                    mode: "agent",
+                    system_prompt: this.config.systemPrompt,
+                    ...approval,
+                });
+                this.threadId = thread.id;
+            }
+            else {
+                this.threadId = resumeThreadId;
+                await this.client.resumeThread(this.threadId).catch((err) => {
+                    this.logger.warn({ err }, "deepseek: resume thread failed; continuing");
+                });
+                if (!inspectedPersistedThread) {
+                    await this.loadPersistedHistory();
+                }
+            }
+        }
+        else {
+            const thread = await this.client.createThread({
+                model: this.model ?? undefined,
+                workspace: this.config.cwd,
+                mode: "agent",
+                system_prompt: this.config.systemPrompt,
+                ...approval,
+            });
+            this.threadId = thread.id;
+        }
+        this.emit({ type: "thread_started", sessionId: this.threadId, provider: DEEPSEEK_PROVIDER });
+    }
+    async run(prompt, options) {
+        const finalTexts = [];
+        const timeline = [];
+        return new Promise((resolve, reject) => {
+            let ourTurnId = null;
+            let settled = false;
+            const finalize = (o) => {
+                if (settled)
+                    return;
+                settled = true;
+                unsubscribe();
+                if (o.ok) {
+                    // Prefer the authoritative per-item assistant text (joined across all
+                    // completed agent_message segments of the turn) — correct even with
+                    // tool rounds or a lossy delta in any one segment. Fall back to the
+                    // concatenated streamed chunks if we somehow recorded none.
+                    const byItem = ourTurnId ? this.assistantTextByTurn.get(ourTurnId) : undefined;
+                    if (ourTurnId)
+                        this.assistantTextByTurn.delete(ourTurnId);
+                    const authoritative = byItem && byItem.size > 0 ? [...byItem.values()].join("") : undefined;
+                    resolve({
+                        sessionId: this.threadId ?? "",
+                        finalText: authoritative ?? finalTexts.join(""),
+                        timeline,
+                        canceled: o.canceled,
+                    });
+                }
+                else
+                    reject(o.error);
+            };
+            const unsubscribe = this.subscribe((event) => {
+                if (settled)
+                    return;
+                const evTurn = event.turnId;
+                if (event.type === "turn_started" && ourTurnId === null) {
+                    ourTurnId = evTurn ?? null;
+                    return;
+                }
+                if (ourTurnId !== null && evTurn && evTurn !== ourTurnId)
+                    return;
+                if (event.type === "timeline") {
+                    timeline.push(event.item);
+                    if (event.item.type === "assistant_message")
+                        finalTexts.push(event.item.text);
+                    return;
+                }
+                if (event.type === "turn_completed")
+                    finalize({ ok: true, canceled: false });
+                else if (event.type === "turn_canceled")
+                    finalize({ ok: true, canceled: true });
+                else if (event.type === "turn_failed")
+                    finalize({ ok: false, error: new Error(event.error || "deepseek turn failed") });
+            });
+            this.startTurn(prompt, options).catch((err) => finalize({ ok: false, error: err instanceof Error ? err : new Error(String(err)) }));
+        });
+    }
+    async startTurn(prompt, _options) {
+        if (!this.threadId)
+            throw new Error("deepseek session is not connected");
+        const text = promptToText(prompt);
+        const approval = modeToApproval(this.currentMode);
+        // Reset the per-turn SSE-start marker BEFORE anything for this turn can
+        // arrive on the stream. CodeWhale can emit turn.started within milliseconds
+        // — possibly before the POST /turns response returns — and the detached SSE
+        // consumer sets lastStartedTurnId from that frame. If we cleared it AFTER
+        // the POST, we'd wipe the real SSE turn id the consumer just recorded, so a
+        // later mid-turn stream death would fall back to the HTTP turn id (which can
+        // differ from the SSE id run() pinned) and run()'s turnId filter would drop
+        // the synthetic turn_failed, hanging the call. Clear first; the consumer
+        // then repopulates it from this turn's turn.started.
+        this.lastStartedTurnId = null;
+        // Await the SSE subscription BEFORE starting the turn. CodeWhale can emit
+        // turn.started/item.delta/turn.completed within milliseconds for a short
+        // reply; if the /events connection weren't established first, run() could
+        // miss turn_completed and hang. ensureEventStream resolves only after the
+        // HTTP connection is open.
+        await this.ensureEventStream();
+        // Mark a turn-start as in flight BEFORE the POST. If the SSE stream dies in
+        // the window between here and the POST returning — with no turn.started and
+        // no activeTurnId yet — the stream finally{} uses this flag to emit a
+        // last-resort turn_failed so a waiting run() settles instead of hanging.
+        this.turnStartInFlight = true;
+        let res;
+        try {
+            res = await this.client.startTurn(this.threadId, {
+                prompt: text,
+                model: this.model ?? undefined,
+                mode: "agent",
+                ...approval,
+            });
+        }
+        catch (err) {
+            const recovered = await this.tryRecoverActiveTurnConflict(err);
+            if (recovered) {
+                try {
+                    // Recovery reopened the SSE stream and cleared the old turn state.
+                    // Re-arm the start window before the retry POST so a new stream EOF
+                    // still triggers the keyless turn_failed protection until this turn
+                    // either emits turn.started or the POST returns an HTTP turn id.
+                    this.turnStartInFlight = true;
+                    res = await this.client.startTurn(this.threadId, {
+                        prompt: text,
+                        model: this.model ?? undefined,
+                        mode: "agent",
+                        ...approval,
+                    });
+                }
+                catch (retryErr) {
+                    this.turnStartInFlight = false;
+                    throw retryErr;
+                }
+            }
+            else {
+                // The POST itself failed. run() settles via its own startTurn().catch(),
+                // so clear the in-flight flag here — otherwise a later unrelated stream
+                // EOF would trip the keyless synthetic-failure branch and emit a spurious
+                // turn_failed for a turn that never started.
+                this.turnStartInFlight = false;
+                throw err;
+            }
+        }
+        const turnId = res.turn?.id ?? `turn-${Date.now()}`;
+        this.activeTurnId = turnId;
+        return { turnId };
+    }
+    async tryRecoverActiveTurnConflict(error) {
+        if (!this.threadId)
+            return false;
+        if (this.recoveringConflict)
+            return false;
+        const message = error instanceof Error ? error.message : String(error);
+        if (!/\/turns -> 409\b/.test(message) || !/active turn/i.test(message)) {
+            return false;
+        }
+        this.recoveringConflict = true;
+        try {
+            const conflictTurnId = await this.resolveConflictingTurnId();
+            if (!conflictTurnId)
+                return false;
+            this.logger.warn({ threadId: this.threadId, conflictTurnId }, "deepseek: canceling conflicting active turn before retrying");
+            await this.client.cancelTurn(this.threadId, conflictTurnId);
+            this.lastStartedTurnId = null;
+            this.lastTerminatedTurnId = conflictTurnId;
+            this.clearPendingPermissionsForTurn(conflictTurnId);
+            this.turnStartInFlight = false;
+            this.sseAbort?.abort();
+            this.eventStreamReady = null;
+            await this.ensureEventStream();
+            return true;
+        }
+        catch (recoverErr) {
+            this.logger.warn({ err: recoverErr }, "deepseek: failed to recover from active turn conflict");
+            return false;
+        }
+        finally {
+            this.recoveringConflict = false;
+        }
+    }
+    async resolveConflictingTurnId() {
+        try {
+            const detail = await this.client.getThreadDetail(this.threadId);
+            const detailTurn = detail.turn;
+            return (detail.active_turn_id ??
+                detail.activeTurnId ??
+                detail.active_turn?.id ??
+                detail.activeTurn?.id ??
+                detail.current_turn?.id ??
+                detail.currentTurn?.id ??
+                (isActiveServeTurnStatus(detailTurn?.status) ? (detailTurn?.id ?? null) : null) ??
+                detail.turns?.find((turn) => isActiveServeTurnStatus(turn?.status))?.id ??
+                this.getRecoverableLocalActiveTurnId());
+        }
+        catch (error) {
+            const fallbackTurnId = this.getRecoverableLocalActiveTurnId();
+            if (fallbackTurnId) {
+                this.logger.warn({ err: error, threadId: this.threadId, conflictTurnId: fallbackTurnId }, "deepseek: getThreadDetail failed during conflict recovery; falling back to local activeTurnId");
+                return fallbackTurnId;
+            }
+            throw error;
+        }
+    }
+    getRecoverableLocalActiveTurnId() {
+        if (!this.activeTurnId)
+            return null;
+        if (this.activeTurnId === this.lastTerminatedTurnId)
+            return null;
+        return this.activeTurnId;
+    }
+    // Establish the per-thread SSE subscription and resolve only after the
+    // connection is open. Idempotent while a healthy stream is live: concurrent
+    // and later callers await the same promise. RECOVERABLE: if the connection
+    // fails to open, or the stream later ends/errors, `eventStreamReady` is
+    // cleared so the next startTurn reopens `/events` instead of reusing a stale
+    // (rejected or dead) promise — which would otherwise hang the next turn.
+    ensureEventStream() {
+        if (this.eventStreamReady)
+            return this.eventStreamReady;
+        if (this.closed)
+            return Promise.reject(new Error("deepseek session is closed"));
+        const abort = new AbortController();
+        this.sseAbort = abort;
+        const acc = newAccumulator();
+        const ready = (async () => {
+            const { frames } = await this.client.openEventStream(this.threadId, abort.signal);
+            // Connection is open here; consume frames detached so the caller can
+            // proceed to POST /turns without blocking on the (endless) stream.
+            (async () => {
+                try {
+                    for await (const frame of frames) {
+                        const { events, pendingApproval, divergentFinalText, completedAssistantItem } = mapServeEvent(frame, acc);
+                        // Track the SSE turn id (what run() pins) so a mid-turn stream death
+                        // can synthesize turn_failed with the matching id.
+                        if (frame.event === "turn.started" && frame.data?.turn_id) {
+                            this.lastStartedTurnId = frame.data.turn_id;
+                        }
+                        if (pendingApproval) {
+                            this.pendingPermissions.set(pendingApproval.id, pendingApproval);
+                            const apprTurn = frame.data?.turn_id ?? this.activeTurnId;
+                            if (apprTurn)
+                                this.pendingPermissionTurn.set(pendingApproval.id, apprTurn);
+                        }
+                        if (divergentFinalText) {
+                            this.logger.warn("deepseek: completed item text diverged from streamed deltas; live timeline keeps the streamed text");
+                        }
+                        // Record the authoritative per-item assistant text so run() can
+                        // rebuild finalText from ALL segments of the turn. Key by the SSE
+                        // frame's turn id — the SAME id run() pins from turn.started — so
+                        // write/read keys can't drift from activeTurnId (the HTTP response).
+                        if (completedAssistantItem) {
+                            const frameTurnId = frame.data?.turn_id ?? this.activeTurnId;
+                            if (frameTurnId) {
+                                let byItem = this.assistantTextByTurn.get(frameTurnId);
+                                if (!byItem) {
+                                    byItem = new Map();
+                                    this.assistantTextByTurn.set(frameTurnId, byItem);
+                                }
+                                byItem.set(completedAssistantItem.itemId, completedAssistantItem.text);
+                            }
+                        }
+                        for (const ev of events)
+                            this.emit(ev);
+                        // Terminal-event cleanup. The accumulator and per-turn maps only
+                        // matter WITHIN a turn (delta coalescing + finalText rebuild), so
+                        // reset them when the turn ends. This bounds memory on a long-lived
+                        // session and prevents a non-unique server item id from a later
+                        // turn colliding with a stale entry from an earlier one.
+                        if (frame.event === "turn.completed" ||
+                            frame.event === "turn.failed" ||
+                            frame.event === "turn.canceled") {
+                            acc.items.clear();
+                            const tid = frame.data?.turn_id;
+                            // Record that this turn reached a terminal event, so the stream's
+                            // finally{} doesn't synthesize a duplicate turn_failed for it.
+                            this.lastTerminatedTurnId = tid ?? this.activeTurnId;
+                            this.activeTurnId = null;
+                            this.turnStartInFlight = false;
+                            if (tid) {
+                                // emit() ran run()'s finalize synchronously above, so it has
+                                // already read+deleted this entry on the normal path; deleting
+                                // again reclaims it if no run() was waiting (e.g. a turn that
+                                // failed before turn_started was observed).
+                                this.assistantTextByTurn.delete(tid);
+                                // Drop any approvals still pending for this turn — the server
+                                // won't act on them once the turn is terminal, and the UI
+                                // shouldn't keep showing a stale prompt.
+                                this.clearPendingPermissionsForTurn(tid);
+                            }
+                        }
+                    }
+                }
+                catch (err) {
+                    if (!abort.signal.aborted) {
+                        this.logger.warn({ err }, "deepseek: event stream ended unexpectedly");
+                    }
+                }
+                finally {
+                    // If the stream died (EOF/error, not a deliberate abort) while a turn
+                    // was in flight, synthesize turn_failed so a waiting run() settles and
+                    // the UI leaves the running state instead of hanging forever. Use the
+                    // SSE turn id run() pinned (lastStartedTurnId) so its turnId filter
+                    // accepts the event; fall back to activeTurnId when turn.started was
+                    // never observed (then run()'s ourTurnId is still null and accepts any
+                    // turn_failed).
+                    const inFlightTurnId = this.lastStartedTurnId ?? this.activeTurnId;
+                    if (!abort.signal.aborted &&
+                        inFlightTurnId &&
+                        inFlightTurnId !== this.lastTerminatedTurnId) {
+                        this.emit({
+                            type: "turn_failed",
+                            provider: DEEPSEEK_PROVIDER,
+                            error: "deepseek event stream ended before the turn completed",
+                            turnId: inFlightTurnId,
+                        });
+                        this.activeTurnId = null;
+                        this.lastTerminatedTurnId = inFlightTurnId;
+                        this.turnStartInFlight = false;
+                        acc.items.clear();
+                        this.assistantTextByTurn.delete(inFlightTurnId);
+                        this.clearPendingPermissionsForTurn(inFlightTurnId);
+                    }
+                    else if (!abort.signal.aborted && this.turnStartInFlight) {
+                        // Edge race: the stream died after connect but BEFORE turn.started
+                        // and before the POST set activeTurnId, so we have no turn id to key
+                        // on. Emit a turnId-less turn_failed — run() accepts it while its
+                        // ourTurnId is still null — so a turn whose start is in flight still
+                        // settles instead of hanging once the POST later resolves.
+                        this.turnStartInFlight = false;
+                        this.emit({
+                            type: "turn_failed",
+                            provider: DEEPSEEK_PROVIDER,
+                            error: "deepseek event stream ended before the turn started",
+                        });
+                    }
+                    // The reader is exhausted — allow a future turn to reopen the stream
+                    // (unless we resumed/closed). Only clear if this is still the active
+                    // stream (guard against a newer ensureEventStream having replaced it).
+                    if (this.sseAbort === abort && !this.closed) {
+                        this.eventStreamReady = null;
+                    }
+                }
+            })();
+        })();
+        // On connect failure, clear so the next call retries rather than reusing a
+        // permanently-rejected promise.
+        this.eventStreamReady = ready.catch((err) => {
+            if (this.sseAbort === abort)
+                this.eventStreamReady = null;
+            throw err;
+        });
+        return this.eventStreamReady;
+    }
+    subscribe(callback) {
+        this.subscribers.add(callback);
+        return () => this.subscribers.delete(callback);
+    }
+    async *streamHistory() {
+        // Replay persisted turns first (oldest → newest), then live events from
+        // this process. Drained so a second call doesn't double up.
+        if (this.persistedHistory.length > 0) {
+            const items = this.persistedHistory;
+            this.persistedHistory = [];
+            for (const item of items) {
+                yield { type: "timeline", provider: DEEPSEEK_PROVIDER, item };
+            }
+        }
+        for (const event of this.history)
+            yield event;
+    }
+    // Fetch the persisted thread items and rebuild them as timeline items so the
+    // UI shows prior turns after a resume. Best-effort: a failure here must not
+    // block the session from connecting.
+    async loadPersistedHistory() {
+        if (!this.threadId)
+            return;
+        try {
+            const detail = await this.client.getThreadDetail(this.threadId);
+            this.persistedHistory = mapHistoryItems(detail.items ?? []);
+        }
+        catch (err) {
+            this.logger.warn({ err }, "deepseek: failed to load persisted history");
+        }
+    }
+    async getRuntimeInfo() {
+        return { provider: DEEPSEEK_PROVIDER, sessionId: this.threadId, model: this.model };
+    }
+    async getAvailableModes() {
+        return DEEPSEEK_MODES;
+    }
+    async getCurrentMode() {
+        return this.currentMode;
+    }
+    async setMode(modeId) {
+        this.currentMode = modeId;
+    }
+    getPendingPermissions() {
+        return [...this.pendingPermissions.values()];
+    }
+    async respondToPermission(requestId, response) {
+        const pending = this.pendingPermissions.get(requestId);
+        if (!pending)
+            return;
+        this.pendingPermissions.delete(requestId);
+        this.pendingPermissionTurn.delete(requestId);
+        await this.client.decideApproval(requestId, response.behavior === "allow" ? "allow" : "deny");
+        this.emit({
+            type: "permission_resolved",
+            provider: DEEPSEEK_PROVIDER,
+            requestId,
+            resolution: response,
+            turnId: this.activeTurnId ?? undefined,
+        });
+    }
+    // Drop approvals still pending for a turn that just ended (completed/failed/
+    // canceled). The server won't act on them anymore, so emit a deny resolution
+    // for each so the UI stops showing the stale prompt.
+    clearPendingPermissionsForTurn(turnId) {
+        for (const [approvalId, ownerTurn] of [...this.pendingPermissionTurn]) {
+            if (ownerTurn !== turnId)
+                continue;
+            this.pendingPermissionTurn.delete(approvalId);
+            if (this.pendingPermissions.delete(approvalId)) {
+                this.emit({
+                    type: "permission_resolved",
+                    provider: DEEPSEEK_PROVIDER,
+                    requestId: approvalId,
+                    resolution: { behavior: "deny", message: "turn ended before approval" },
+                    turnId,
+                });
+            }
+        }
+    }
+    describePersistence() {
+        if (!this.threadId)
+            return null;
+        return {
+            provider: DEEPSEEK_PROVIDER,
+            sessionId: this.threadId,
+            nativeHandle: this.threadId,
+            metadata: {
+                cwd: this.config.cwd,
+                modeId: this.currentMode,
+                ...(this.model ? { model: this.model } : {}),
+            },
+        };
+    }
+    async interrupt() {
+        // The server-side cancel addresses the turn by its HTTP id...
+        if (this.threadId && this.activeTurnId) {
+            await this.client.cancelTurn(this.threadId, this.activeTurnId, { suppressErrors: true });
+        }
+        // ...but the locally-emitted terminal event must use the id run() pinned
+        // from turn.started (lastStartedTurnId), since run()'s turnId filter drops
+        // events whose turnId != ourTurnId. The SSE turn id can differ from the
+        // HTTP startTurn() id; using activeTurnId here would let an interrupt fail
+        // to settle a waiting run(), leaving the UI stuck if the server's terminal
+        // SSE frame is then lost/delayed. Fall back to activeTurnId only when
+        // turn.started hasn't been seen (then ourTurnId is null and accepts any id).
+        const runTurnId = this.lastStartedTurnId ?? this.activeTurnId;
+        // Mark the turn terminated so a subsequent mid-turn stream death does NOT
+        // synthesize a duplicate turn_failed for it.
+        this.lastTerminatedTurnId = runTurnId;
+        this.activeTurnId = null;
+        this.turnStartInFlight = false;
+        this.emit({
+            type: "turn_canceled",
+            provider: DEEPSEEK_PROVIDER,
+            reason: "interrupted",
+            turnId: runTurnId ?? undefined,
+        });
+    }
+    async close() {
+        this.closed = true;
+        this.sseAbort?.abort();
+        this.eventStreamReady = null;
+        this.assistantTextByTurn.clear();
+        this.pendingPermissions.clear();
+        this.pendingPermissionTurn.clear();
+        this.serve.close();
+    }
+    getRecentStderrTail() {
+        return this.serve.stderrTail() || undefined;
+    }
+    async setModel(modelId) {
+        this.model = modelId;
+    }
+    emit(event) {
+        this.history.push(event);
+        for (const subscriber of this.subscribers) {
+            try {
+                subscriber(event);
+            }
+            catch (error) {
+                this.logger.warn({ error }, "deepseek subscriber threw");
+            }
+        }
+    }
+}
+//# sourceMappingURL=deepseek-agent.js.map