npm - @stigmer/runner - Versions diffs - 3.0.1 - Mend

@stigmer/runner 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (904) hide show

package/README.md +212 -0
package/dist/.build-fingerprint +1 -0
package/dist/activities/call-agent-status.d.ts +37 -0
package/dist/activities/call-agent-status.js +91 -0
package/dist/activities/call-agent-status.js.map +1 -0
package/dist/activities/call-agent.d.ts +25 -0
package/dist/activities/call-agent.js +233 -0
package/dist/activities/call-agent.js.map +1 -0
package/dist/activities/call-eval.d.ts +50 -0
package/dist/activities/call-eval.js +244 -0
package/dist/activities/call-eval.js.map +1 -0
package/dist/activities/call-function.d.ts +21 -0
package/dist/activities/call-function.js +54 -0
package/dist/activities/call-function.js.map +1 -0
package/dist/activities/call-grpc.d.ts +22 -0
package/dist/activities/call-grpc.js +101 -0
package/dist/activities/call-grpc.js.map +1 -0
package/dist/activities/call-http.d.ts +32 -0
package/dist/activities/call-http.js +134 -0
package/dist/activities/call-http.js.map +1 -0
package/dist/activities/call-llm.d.ts +39 -0
package/dist/activities/call-llm.js +260 -0
package/dist/activities/call-llm.js.map +1 -0
package/dist/activities/call-transform.d.ts +20 -0
package/dist/activities/call-transform.js +33 -0
package/dist/activities/call-transform.js.map +1 -0
package/dist/activities/call-validate.d.ts +41 -0
package/dist/activities/call-validate.js +163 -0
package/dist/activities/call-validate.js.map +1 -0
package/dist/activities/classify-tool-approvals.d.ts +47 -0
package/dist/activities/classify-tool-approvals.js +207 -0
package/dist/activities/classify-tool-approvals.js.map +1 -0
package/dist/activities/discover-mcp-server.d.ts +65 -0
package/dist/activities/discover-mcp-server.js +269 -0
package/dist/activities/discover-mcp-server.js.map +1 -0
package/dist/activities/emit-event.d.ts +46 -0
package/dist/activities/emit-event.js +125 -0
package/dist/activities/emit-event.js.map +1 -0
package/dist/activities/ensure-thread.d.ts +24 -0
package/dist/activities/ensure-thread.js +44 -0
package/dist/activities/ensure-thread.js.map +1 -0
package/dist/activities/evaluate-expressions.d.ts +21 -0
package/dist/activities/evaluate-expressions.js +39 -0
package/dist/activities/evaluate-expressions.js.map +1 -0
package/dist/activities/execute-cursor/approval-policy.d.ts +104 -0
package/dist/activities/execute-cursor/approval-policy.js +193 -0
package/dist/activities/execute-cursor/approval-policy.js.map +1 -0
package/dist/activities/execute-cursor/approval-state.d.ts +157 -0
package/dist/activities/execute-cursor/approval-state.js +223 -0
package/dist/activities/execute-cursor/approval-state.js.map +1 -0
package/dist/activities/execute-cursor/attachment-resolver.d.ts +19 -0
package/dist/activities/execute-cursor/attachment-resolver.js +52 -0
package/dist/activities/execute-cursor/attachment-resolver.js.map +1 -0
package/dist/activities/execute-cursor/blueprint-resolver.d.ts +66 -0
package/dist/activities/execute-cursor/blueprint-resolver.js +169 -0
package/dist/activities/execute-cursor/blueprint-resolver.js.map +1 -0
package/dist/activities/execute-cursor/connect-backfill.d.ts +18 -0
package/dist/activities/execute-cursor/connect-backfill.js +27 -0
package/dist/activities/execute-cursor/connect-backfill.js.map +1 -0
package/dist/activities/execute-cursor/cursor-event-recorder.d.ts +24 -0
package/dist/activities/execute-cursor/cursor-event-recorder.js +66 -0
package/dist/activities/execute-cursor/cursor-event-recorder.js.map +1 -0
package/dist/activities/execute-cursor/cursor-mode.d.ts +32 -0
package/dist/activities/execute-cursor/cursor-mode.js +36 -0
package/dist/activities/execute-cursor/cursor-mode.js.map +1 -0
package/dist/activities/execute-cursor/delta-enricher.d.ts +87 -0
package/dist/activities/execute-cursor/delta-enricher.js +265 -0
package/dist/activities/execute-cursor/delta-enricher.js.map +1 -0
package/dist/activities/execute-cursor/env-resolver.d.ts +19 -0
package/dist/activities/execute-cursor/env-resolver.js +47 -0
package/dist/activities/execute-cursor/env-resolver.js.map +1 -0
package/dist/activities/execute-cursor/error-classifier.d.ts +73 -0
package/dist/activities/execute-cursor/error-classifier.js +185 -0
package/dist/activities/execute-cursor/error-classifier.js.map +1 -0
package/dist/activities/execute-cursor/fetch-interceptor.d.ts +59 -0
package/dist/activities/execute-cursor/fetch-interceptor.js +317 -0
package/dist/activities/execute-cursor/fetch-interceptor.js.map +1 -0
package/dist/activities/execute-cursor/hitl-diagnostics.d.ts +32 -0
package/dist/activities/execute-cursor/hitl-diagnostics.js +73 -0
package/dist/activities/execute-cursor/hitl-diagnostics.js.map +1 -0
package/dist/activities/execute-cursor/hook-script.d.ts +47 -0
package/dist/activities/execute-cursor/hook-script.js +156 -0
package/dist/activities/execute-cursor/hook-script.js.map +1 -0
package/dist/activities/execute-cursor/http2-interceptor.d.ts +94 -0
package/dist/activities/execute-cursor/http2-interceptor.js +209 -0
package/dist/activities/execute-cursor/http2-interceptor.js.map +1 -0
package/dist/activities/execute-cursor/index.d.ts +67 -0
package/dist/activities/execute-cursor/index.js +1176 -0
package/dist/activities/execute-cursor/index.js.map +1 -0
package/dist/activities/execute-cursor/mcp-config.d.ts +30 -0
package/dist/activities/execute-cursor/mcp-config.js +39 -0
package/dist/activities/execute-cursor/mcp-config.js.map +1 -0
package/dist/activities/execute-cursor/mcp-resolver.d.ts +91 -0
package/dist/activities/execute-cursor/mcp-resolver.js +178 -0
package/dist/activities/execute-cursor/mcp-resolver.js.map +1 -0
package/dist/activities/execute-cursor/message-translator.d.ts +211 -0
package/dist/activities/execute-cursor/message-translator.js +786 -0
package/dist/activities/execute-cursor/message-translator.js.map +1 -0
package/dist/activities/execute-cursor/model-pricing-data.d.ts +40 -0
package/dist/activities/execute-cursor/model-pricing-data.js +114 -0
package/dist/activities/execute-cursor/model-pricing-data.js.map +1 -0
package/dist/activities/execute-cursor/model-pricing.d.ts +42 -0
package/dist/activities/execute-cursor/model-pricing.js +141 -0
package/dist/activities/execute-cursor/model-pricing.js.map +1 -0
package/dist/activities/execute-cursor/placeholder-resolver.d.ts +34 -0
package/dist/activities/execute-cursor/placeholder-resolver.js +82 -0
package/dist/activities/execute-cursor/placeholder-resolver.js.map +1 -0
package/dist/activities/execute-cursor/prompt-builder.d.ts +80 -0
package/dist/activities/execute-cursor/prompt-builder.js +280 -0
package/dist/activities/execute-cursor/prompt-builder.js.map +1 -0
package/dist/activities/execute-cursor/rejection-capture.d.ts +30 -0
package/dist/activities/execute-cursor/rejection-capture.js +80 -0
package/dist/activities/execute-cursor/rejection-capture.js.map +1 -0
package/dist/activities/execute-cursor/session-lifecycle.d.ts +189 -0
package/dist/activities/execute-cursor/session-lifecycle.js +285 -0
package/dist/activities/execute-cursor/session-lifecycle.js.map +1 -0
package/dist/activities/execute-cursor/skill-resolver.d.ts +29 -0
package/dist/activities/execute-cursor/skill-resolver.js +134 -0
package/dist/activities/execute-cursor/skill-resolver.js.map +1 -0
package/dist/activities/execute-cursor/subagent-config.d.ts +34 -0
package/dist/activities/execute-cursor/subagent-config.js +55 -0
package/dist/activities/execute-cursor/subagent-config.js.map +1 -0
package/dist/activities/execute-cursor/todo-tracker.d.ts +35 -0
package/dist/activities/execute-cursor/todo-tracker.js +108 -0
package/dist/activities/execute-cursor/todo-tracker.js.map +1 -0
package/dist/activities/execute-cursor/usage-accumulator.d.ts +55 -0
package/dist/activities/execute-cursor/usage-accumulator.js +89 -0
package/dist/activities/execute-cursor/usage-accumulator.js.map +1 -0
package/dist/activities/execute-cursor/workspace-provision.d.ts +22 -0
package/dist/activities/execute-cursor/workspace-provision.js +37 -0
package/dist/activities/execute-cursor/workspace-provision.js.map +1 -0
package/dist/activities/execute-cursor/workspace-setup.d.ts +27 -0
package/dist/activities/execute-cursor/workspace-setup.js +61 -0
package/dist/activities/execute-cursor/workspace-setup.js.map +1 -0
package/dist/activities/execute-deep-agent/__test-utils__/v3-event-fixtures.d.ts +71 -0
package/dist/activities/execute-deep-agent/__test-utils__/v3-event-fixtures.js +182 -0
package/dist/activities/execute-deep-agent/__test-utils__/v3-event-fixtures.js.map +1 -0
package/dist/activities/execute-deep-agent/attachment-injector.d.ts +67 -0
package/dist/activities/execute-deep-agent/attachment-injector.js +306 -0
package/dist/activities/execute-deep-agent/attachment-injector.js.map +1 -0
package/dist/activities/execute-deep-agent/auto-publish.d.ts +17 -0
package/dist/activities/execute-deep-agent/auto-publish.js +71 -0
package/dist/activities/execute-deep-agent/auto-publish.js.map +1 -0
package/dist/activities/execute-deep-agent/environment.d.ts +24 -0
package/dist/activities/execute-deep-agent/environment.js +50 -0
package/dist/activities/execute-deep-agent/environment.js.map +1 -0
package/dist/activities/execute-deep-agent/event-recorder.d.ts +21 -0
package/dist/activities/execute-deep-agent/event-recorder.js +67 -0
package/dist/activities/execute-deep-agent/event-recorder.js.map +1 -0
package/dist/activities/execute-deep-agent/execution-state.d.ts +61 -0
package/dist/activities/execute-deep-agent/execution-state.js +76 -0
package/dist/activities/execute-deep-agent/execution-state.js.map +1 -0
package/dist/activities/execute-deep-agent/execution-status-writer.d.ts +17 -0
package/dist/activities/execute-deep-agent/execution-status-writer.js +9 -0
package/dist/activities/execute-deep-agent/execution-status-writer.js.map +1 -0
package/dist/activities/execute-deep-agent/hitl.d.ts +58 -0
package/dist/activities/execute-deep-agent/hitl.js +155 -0
package/dist/activities/execute-deep-agent/hitl.js.map +1 -0
package/dist/activities/execute-deep-agent/index.d.ts +14 -0
package/dist/activities/execute-deep-agent/index.js +286 -0
package/dist/activities/execute-deep-agent/index.js.map +1 -0
package/dist/activities/execute-deep-agent/inline-publisher.d.ts +36 -0
package/dist/activities/execute-deep-agent/inline-publisher.js +105 -0
package/dist/activities/execute-deep-agent/inline-publisher.js.map +1 -0
package/dist/activities/execute-deep-agent/post-stream.d.ts +23 -0
package/dist/activities/execute-deep-agent/post-stream.js +71 -0
package/dist/activities/execute-deep-agent/post-stream.js.map +1 -0
package/dist/activities/execute-deep-agent/prompt-builder.d.ts +27 -0
package/dist/activities/execute-deep-agent/prompt-builder.js +200 -0
package/dist/activities/execute-deep-agent/prompt-builder.js.map +1 -0
package/dist/activities/execute-deep-agent/setup.d.ts +55 -0
package/dist/activities/execute-deep-agent/setup.js +411 -0
package/dist/activities/execute-deep-agent/setup.js.map +1 -0
package/dist/activities/execute-deep-agent/status-builder-shared.d.ts +39 -0
package/dist/activities/execute-deep-agent/status-builder-shared.js +120 -0
package/dist/activities/execute-deep-agent/status-builder-shared.js.map +1 -0
package/dist/activities/execute-deep-agent/status-builder.d.ts +81 -0
package/dist/activities/execute-deep-agent/status-builder.js +312 -0
package/dist/activities/execute-deep-agent/status-builder.js.map +1 -0
package/dist/activities/execute-deep-agent/streaming-scheduler.d.ts +60 -0
package/dist/activities/execute-deep-agent/streaming-scheduler.js +114 -0
package/dist/activities/execute-deep-agent/streaming-scheduler.js.map +1 -0
package/dist/activities/execute-deep-agent/streaming-side-effects.d.ts +22 -0
package/dist/activities/execute-deep-agent/streaming-side-effects.js +83 -0
package/dist/activities/execute-deep-agent/streaming-side-effects.js.map +1 -0
package/dist/activities/execute-deep-agent/streaming-terminal.d.ts +12 -0
package/dist/activities/execute-deep-agent/streaming-terminal.js +71 -0
package/dist/activities/execute-deep-agent/streaming-terminal.js.map +1 -0
package/dist/activities/execute-deep-agent/streaming-v3.d.ts +13 -0
package/dist/activities/execute-deep-agent/streaming-v3.js +170 -0
package/dist/activities/execute-deep-agent/streaming-v3.js.map +1 -0
package/dist/activities/execute-deep-agent/streaming.d.ts +66 -0
package/dist/activities/execute-deep-agent/streaming.js +169 -0
package/dist/activities/execute-deep-agent/streaming.js.map +1 -0
package/dist/activities/execute-deep-agent/subagent-tracker.d.ts +90 -0
package/dist/activities/execute-deep-agent/subagent-tracker.js +364 -0
package/dist/activities/execute-deep-agent/subagent-tracker.js.map +1 -0
package/dist/activities/execute-deep-agent/subagent-transformer.d.ts +150 -0
package/dist/activities/execute-deep-agent/subagent-transformer.js +450 -0
package/dist/activities/execute-deep-agent/subagent-transformer.js.map +1 -0
package/dist/activities/execute-deep-agent/subagent-wiring.d.ts +28 -0
package/dist/activities/execute-deep-agent/subagent-wiring.js +40 -0
package/dist/activities/execute-deep-agent/subagent-wiring.js.map +1 -0
package/dist/activities/execute-deep-agent/v3-event-recorder.d.ts +31 -0
package/dist/activities/execute-deep-agent/v3-event-recorder.js +71 -0
package/dist/activities/execute-deep-agent/v3-event-recorder.js.map +1 -0
package/dist/activities/execute-deep-agent/v3-events.d.ts +102 -0
package/dist/activities/execute-deep-agent/v3-events.js +35 -0
package/dist/activities/execute-deep-agent/v3-events.js.map +1 -0
package/dist/activities/execute-deep-agent/v3-protocol-normalizer.d.ts +15 -0
package/dist/activities/execute-deep-agent/v3-protocol-normalizer.js +235 -0
package/dist/activities/execute-deep-agent/v3-protocol-normalizer.js.map +1 -0
package/dist/activities/execute-deep-agent/v3-status-builder.d.ts +68 -0
package/dist/activities/execute-deep-agent/v3-status-builder.js +394 -0
package/dist/activities/execute-deep-agent/v3-status-builder.js.map +1 -0
package/dist/activities/execute-deep-agent/writeback-coordinator.d.ts +71 -0
package/dist/activities/execute-deep-agent/writeback-coordinator.js +295 -0
package/dist/activities/execute-deep-agent/writeback-coordinator.js.map +1 -0
package/dist/activities/hydrate-workflow-execution.d.ts +32 -0
package/dist/activities/hydrate-workflow-execution.js +212 -0
package/dist/activities/hydrate-workflow-execution.js.map +1 -0
package/dist/activities/notification.d.ts +19 -0
package/dist/activities/notification.js +47 -0
package/dist/activities/notification.js.map +1 -0
package/dist/activities/promote-task-output.d.ts +38 -0
package/dist/activities/promote-task-output.js +90 -0
package/dist/activities/promote-task-output.js.map +1 -0
package/dist/activities/run-command.d.ts +15 -0
package/dist/activities/run-command.js +123 -0
package/dist/activities/run-command.js.map +1 -0
package/dist/activities/workflow-event-activities.d.ts +48 -0
package/dist/activities/workflow-event-activities.js +415 -0
package/dist/activities/workflow-event-activities.js.map +1 -0
package/dist/bootstrap.d.ts +80 -0
package/dist/bootstrap.js +114 -0
package/dist/bootstrap.js.map +1 -0
package/dist/budget/index.d.ts +1 -0
package/dist/budget/index.js +2 -0
package/dist/budget/index.js.map +1 -0
package/dist/budget/tracker.d.ts +52 -0
package/dist/budget/tracker.js +123 -0
package/dist/budget/tracker.js.map +1 -0
package/dist/claimcheck/compressor.d.ts +2 -0
package/dist/claimcheck/compressor.js +8 -0
package/dist/claimcheck/compressor.js.map +1 -0
package/dist/claimcheck/config.d.ts +7 -0
package/dist/claimcheck/config.js +10 -0
package/dist/claimcheck/config.js.map +1 -0
package/dist/claimcheck/index.d.ts +3 -0
package/dist/claimcheck/index.js +4 -0
package/dist/claimcheck/index.js.map +1 -0
package/dist/claimcheck/payload-codec.d.ts +23 -0
package/dist/claimcheck/payload-codec.js +81 -0
package/dist/claimcheck/payload-codec.js.map +1 -0
package/dist/client/server-contracts.d.ts +52 -0
package/dist/client/server-contracts.js +72 -0
package/dist/client/server-contracts.js.map +1 -0
package/dist/client/stigmer-client.d.ts +131 -0
package/dist/client/stigmer-client.js +239 -0
package/dist/client/stigmer-client.js.map +1 -0
package/dist/config.d.ts +64 -0
package/dist/config.js +123 -0
package/dist/config.js.map +1 -0
package/dist/idle-watchdog.d.ts +11 -0
package/dist/idle-watchdog.js +24 -0
package/dist/idle-watchdog.js.map +1 -0
package/dist/index.d.ts +43 -0
package/dist/index.js +42 -0
package/dist/index.js.map +1 -0
package/dist/interceptors/workflow-metrics-sink.d.ts +11 -0
package/dist/interceptors/workflow-metrics-sink.js +51 -0
package/dist/interceptors/workflow-metrics-sink.js.map +1 -0
package/dist/ipc-protocol-fixtures.d.ts +32 -0
package/dist/ipc-protocol-fixtures.js +69 -0
package/dist/ipc-protocol-fixtures.js.map +1 -0
package/dist/ipc-protocol.d.ts +60 -0
package/dist/ipc-protocol.js +19 -0
package/dist/ipc-protocol.js.map +1 -0
package/dist/main.d.ts +19 -0
package/dist/main.js +292 -0
package/dist/main.js.map +1 -0
package/dist/middleware/approval-gate.d.ts +30 -0
package/dist/middleware/approval-gate.js +125 -0
package/dist/middleware/approval-gate.js.map +1 -0
package/dist/middleware/cost-cap.d.ts +22 -0
package/dist/middleware/cost-cap.js +159 -0
package/dist/middleware/cost-cap.js.map +1 -0
package/dist/middleware/error-hints.d.ts +27 -0
package/dist/middleware/error-hints.js +116 -0
package/dist/middleware/error-hints.js.map +1 -0
package/dist/middleware/execution-budget.d.ts +20 -0
package/dist/middleware/execution-budget.js +151 -0
package/dist/middleware/execution-budget.js.map +1 -0
package/dist/middleware/graceful-stop.d.ts +17 -0
package/dist/middleware/graceful-stop.js +63 -0
package/dist/middleware/graceful-stop.js.map +1 -0
package/dist/middleware/index.d.ts +27 -0
package/dist/middleware/index.js +45 -0
package/dist/middleware/index.js.map +1 -0
package/dist/middleware/loop-detection.d.ts +14 -0
package/dist/middleware/loop-detection.js +156 -0
package/dist/middleware/loop-detection.js.map +1 -0
package/dist/middleware/otel-spans.d.ts +11 -0
package/dist/middleware/otel-spans.js +177 -0
package/dist/middleware/otel-spans.js.map +1 -0
package/dist/middleware/think-tool.d.ts +23 -0
package/dist/middleware/think-tool.js +33 -0
package/dist/middleware/think-tool.js.map +1 -0
package/dist/middleware/tool-truncation.d.ts +16 -0
package/dist/middleware/tool-truncation.js +67 -0
package/dist/middleware/tool-truncation.js.map +1 -0
package/dist/middleware/types.d.ts +100 -0
package/dist/middleware/types.js +9 -0
package/dist/middleware/types.js.map +1 -0
package/dist/notification/index.d.ts +2 -0
package/dist/notification/index.js +6 -0
package/dist/notification/index.js.map +1 -0
package/dist/notification/provider.d.ts +29 -0
package/dist/notification/provider.js +25 -0
package/dist/notification/provider.js.map +1 -0
package/dist/notification/webhook.d.ts +13 -0
package/dist/notification/webhook.js +55 -0
package/dist/notification/webhook.js.map +1 -0
package/dist/otel-metrics.d.ts +21 -0
package/dist/otel-metrics.js +54 -0
package/dist/otel-metrics.js.map +1 -0
package/dist/otel.d.ts +57 -0
package/dist/otel.js +164 -0
package/dist/otel.js.map +1 -0
package/dist/runner-manager.d.ts +113 -0
package/dist/runner-manager.js +412 -0
package/dist/runner-manager.js.map +1 -0
package/dist/runner-token-coordinator.d.ts +56 -0
package/dist/runner-token-coordinator.js +84 -0
package/dist/runner-token-coordinator.js.map +1 -0
package/dist/runner.d.ts +104 -0
package/dist/runner.js +234 -0
package/dist/runner.js.map +1 -0
package/dist/shared/approval-policy.d.ts +45 -0
package/dist/shared/approval-policy.js +122 -0
package/dist/shared/approval-policy.js.map +1 -0
package/dist/shared/artifact-storage.d.ts +44 -0
package/dist/shared/artifact-storage.js +162 -0
package/dist/shared/artifact-storage.js.map +1 -0
package/dist/shared/checkpointer/factory.d.ts +28 -0
package/dist/shared/checkpointer/factory.js +55 -0
package/dist/shared/checkpointer/factory.js.map +1 -0
package/dist/shared/checkpointer/http-saver.d.ts +34 -0
package/dist/shared/checkpointer/http-saver.js +274 -0
package/dist/shared/checkpointer/http-saver.js.map +1 -0
package/dist/shared/checkpointer/types.d.ts +12 -0
package/dist/shared/checkpointer/types.js +2 -0
package/dist/shared/checkpointer/types.js.map +1 -0
package/dist/shared/connect-backfill.d.ts +58 -0
package/dist/shared/connect-backfill.js +119 -0
package/dist/shared/connect-backfill.js.map +1 -0
package/dist/shared/extract-json.d.ts +26 -0
package/dist/shared/extract-json.js +140 -0
package/dist/shared/extract-json.js.map +1 -0
package/dist/shared/grpc-retry.d.ts +35 -0
package/dist/shared/grpc-retry.js +78 -0
package/dist/shared/grpc-retry.js.map +1 -0
package/dist/shared/heartbeat.d.ts +22 -0
package/dist/shared/heartbeat.js +55 -0
package/dist/shared/heartbeat.js.map +1 -0
package/dist/shared/json-schema-to-zod.d.ts +13 -0
package/dist/shared/json-schema-to-zod.js +49 -0
package/dist/shared/json-schema-to-zod.js.map +1 -0
package/dist/shared/llm-proxy.d.ts +57 -0
package/dist/shared/llm-proxy.js +116 -0
package/dist/shared/llm-proxy.js.map +1 -0
package/dist/shared/mcp-manager.d.ts +47 -0
package/dist/shared/mcp-manager.js +118 -0
package/dist/shared/mcp-manager.js.map +1 -0
package/dist/shared/mcp-resolver.d.ts +41 -0
package/dist/shared/mcp-resolver.js +96 -0
package/dist/shared/mcp-resolver.js.map +1 -0
package/dist/shared/model-pricing-data.d.ts +18 -0
package/dist/shared/model-pricing-data.js +78 -0
package/dist/shared/model-pricing-data.js.map +1 -0
package/dist/shared/model-pricing.d.ts +24 -0
package/dist/shared/model-pricing.js +58 -0
package/dist/shared/model-pricing.js.map +1 -0
package/dist/shared/model-registry.d.ts +55 -0
package/dist/shared/model-registry.js +178 -0
package/dist/shared/model-registry.js.map +1 -0
package/dist/shared/placeholder-resolver.d.ts +27 -0
package/dist/shared/placeholder-resolver.js +75 -0
package/dist/shared/placeholder-resolver.js.map +1 -0
package/dist/shared/plan-artifact.d.ts +56 -0
package/dist/shared/plan-artifact.js +98 -0
package/dist/shared/plan-artifact.js.map +1 -0
package/dist/shared/skill-relevance.d.ts +65 -0
package/dist/shared/skill-relevance.js +175 -0
package/dist/shared/skill-relevance.js.map +1 -0
package/dist/shared/skill-writer.d.ts +73 -0
package/dist/shared/skill-writer.js +230 -0
package/dist/shared/skill-writer.js.map +1 -0
package/dist/shared/status.d.ts +37 -0
package/dist/shared/status.js +73 -0
package/dist/shared/status.js.map +1 -0
package/dist/shared/subagent-gate.d.ts +41 -0
package/dist/shared/subagent-gate.js +93 -0
package/dist/shared/subagent-gate.js.map +1 -0
package/dist/shared/tool-kind.d.ts +22 -0
package/dist/shared/tool-kind.js +79 -0
package/dist/shared/tool-kind.js.map +1 -0
package/dist/shared/workspace/file-tree.d.ts +13 -0
package/dist/shared/workspace/file-tree.js +101 -0
package/dist/shared/workspace/file-tree.js.map +1 -0
package/dist/shared/workspace/local-backend.d.ts +41 -0
package/dist/shared/workspace/local-backend.js +113 -0
package/dist/shared/workspace/local-backend.js.map +1 -0
package/dist/shared/workspace/platform-dir.d.ts +25 -0
package/dist/shared/workspace/platform-dir.js +36 -0
package/dist/shared/workspace/platform-dir.js.map +1 -0
package/dist/shared/workspace/platform-mount.d.ts +95 -0
package/dist/shared/workspace/platform-mount.js +157 -0
package/dist/shared/workspace/platform-mount.js.map +1 -0
package/dist/shared/workspace/provisioner.d.ts +47 -0
package/dist/shared/workspace/provisioner.js +84 -0
package/dist/shared/workspace/provisioner.js.map +1 -0
package/dist/shared/workspace/sources/empty.d.ts +8 -0
package/dist/shared/workspace/sources/empty.js +18 -0
package/dist/shared/workspace/sources/empty.js.map +1 -0
package/dist/shared/workspace/sources/git.d.ts +22 -0
package/dist/shared/workspace/sources/git.js +207 -0
package/dist/shared/workspace/sources/git.js.map +1 -0
package/dist/shared/workspace/sources/local-path.d.ts +17 -0
package/dist/shared/workspace/sources/local-path.js +57 -0
package/dist/shared/workspace/sources/local-path.js.map +1 -0
package/dist/shared/workspace/types.d.ts +58 -0
package/dist/shared/workspace/types.js +25 -0
package/dist/shared/workspace/types.js.map +1 -0
package/dist/shared/zip-extract.d.ts +30 -0
package/dist/shared/zip-extract.js +150 -0
package/dist/shared/zip-extract.js.map +1 -0
package/dist/worker.d.ts +27 -0
package/dist/worker.js +65 -0
package/dist/worker.js.map +1 -0
package/dist/workflow-engine/clone.d.ts +11 -0
package/dist/workflow-engine/clone.js +21 -0
package/dist/workflow-engine/clone.js.map +1 -0
package/dist/workflow-engine/do-executor.d.ts +27 -0
package/dist/workflow-engine/do-executor.js +418 -0
package/dist/workflow-engine/do-executor.js.map +1 -0
package/dist/workflow-engine/duration.d.ts +12 -0
package/dist/workflow-engine/duration.js +25 -0
package/dist/workflow-engine/duration.js.map +1 -0
package/dist/workflow-engine/error-utils.d.ts +42 -0
package/dist/workflow-engine/error-utils.js +77 -0
package/dist/workflow-engine/error-utils.js.map +1 -0
package/dist/workflow-engine/errors.d.ts +46 -0
package/dist/workflow-engine/errors.js +105 -0
package/dist/workflow-engine/errors.js.map +1 -0
package/dist/workflow-engine/expression-utils.d.ts +60 -0
package/dist/workflow-engine/expression-utils.js +108 -0
package/dist/workflow-engine/expression-utils.js.map +1 -0
package/dist/workflow-engine/expression.d.ts +132 -0
package/dist/workflow-engine/expression.js +366 -0
package/dist/workflow-engine/expression.js.map +1 -0
package/dist/workflow-engine/loader.d.ts +23 -0
package/dist/workflow-engine/loader.js +429 -0
package/dist/workflow-engine/loader.js.map +1 -0
package/dist/workflow-engine/recovery.d.ts +53 -0
package/dist/workflow-engine/recovery.js +46 -0
package/dist/workflow-engine/recovery.js.map +1 -0
package/dist/workflow-engine/resolve.d.ts +83 -0
package/dist/workflow-engine/resolve.js +257 -0
package/dist/workflow-engine/resolve.js.map +1 -0
package/dist/workflow-engine/retry.d.ts +30 -0
package/dist/workflow-engine/retry.js +97 -0
package/dist/workflow-engine/retry.js.map +1 -0
package/dist/workflow-engine/state.d.ts +26 -0
package/dist/workflow-engine/state.js +49 -0
package/dist/workflow-engine/state.js.map +1 -0
package/dist/workflow-engine/task-factory.d.ts +20 -0
package/dist/workflow-engine/task-factory.js +133 -0
package/dist/workflow-engine/task-factory.js.map +1 -0
package/dist/workflow-engine/task-status-accumulator.d.ts +59 -0
package/dist/workflow-engine/task-status-accumulator.js +164 -0
package/dist/workflow-engine/task-status-accumulator.js.map +1 -0
package/dist/workflow-engine/tasks/call-agent-output.d.ts +26 -0
package/dist/workflow-engine/tasks/call-agent-output.js +109 -0
package/dist/workflow-engine/tasks/call-agent-output.js.map +1 -0
package/dist/workflow-engine/tasks/call-agent.d.ts +31 -0
package/dist/workflow-engine/tasks/call-agent.js +161 -0
package/dist/workflow-engine/tasks/call-agent.js.map +1 -0
package/dist/workflow-engine/tasks/call-function.d.ts +19 -0
package/dist/workflow-engine/tasks/call-function.js +64 -0
package/dist/workflow-engine/tasks/call-function.js.map +1 -0
package/dist/workflow-engine/tasks/call-grpc.d.ts +15 -0
package/dist/workflow-engine/tasks/call-grpc.js +27 -0
package/dist/workflow-engine/tasks/call-grpc.js.map +1 -0
package/dist/workflow-engine/tasks/call-http.d.ts +19 -0
package/dist/workflow-engine/tasks/call-http.js +31 -0
package/dist/workflow-engine/tasks/call-http.js.map +1 -0
package/dist/workflow-engine/tasks/for.d.ts +39 -0
package/dist/workflow-engine/tasks/for.js +154 -0
package/dist/workflow-engine/tasks/for.js.map +1 -0
package/dist/workflow-engine/tasks/fork.d.ts +42 -0
package/dist/workflow-engine/tasks/fork.js +142 -0
package/dist/workflow-engine/tasks/fork.js.map +1 -0
package/dist/workflow-engine/tasks/human-input.d.ts +33 -0
package/dist/workflow-engine/tasks/human-input.js +109 -0
package/dist/workflow-engine/tasks/human-input.js.map +1 -0
package/dist/workflow-engine/tasks/listen.d.ts +34 -0
package/dist/workflow-engine/tasks/listen.js +119 -0
package/dist/workflow-engine/tasks/listen.js.map +1 -0
package/dist/workflow-engine/tasks/raise.d.ts +18 -0
package/dist/workflow-engine/tasks/raise.js +60 -0
package/dist/workflow-engine/tasks/raise.js.map +1 -0
package/dist/workflow-engine/tasks/run.d.ts +39 -0
package/dist/workflow-engine/tasks/run.js +114 -0
package/dist/workflow-engine/tasks/run.js.map +1 -0
package/dist/workflow-engine/tasks/set.d.ts +15 -0
package/dist/workflow-engine/tasks/set.js +31 -0
package/dist/workflow-engine/tasks/set.js.map +1 -0
package/dist/workflow-engine/tasks/switch.d.ts +25 -0
package/dist/workflow-engine/tasks/switch.js +76 -0
package/dist/workflow-engine/tasks/switch.js.map +1 -0
package/dist/workflow-engine/tasks/try.d.ts +49 -0
package/dist/workflow-engine/tasks/try.js +189 -0
package/dist/workflow-engine/tasks/try.js.map +1 -0
package/dist/workflow-engine/tasks/wait.d.ts +24 -0
package/dist/workflow-engine/tasks/wait.js +39 -0
package/dist/workflow-engine/tasks/wait.js.map +1 -0
package/dist/workflow-engine/types.d.ts +682 -0
package/dist/workflow-engine/types.js +47 -0
package/dist/workflow-engine/types.js.map +1 -0
package/dist/workflows/call-agent-orchestrator.d.ts +31 -0
package/dist/workflows/call-agent-orchestrator.js +214 -0
package/dist/workflows/call-agent-orchestrator.js.map +1 -0
package/dist/workflows/connect-mcp-server.d.ts +20 -0
package/dist/workflows/connect-mcp-server.js +113 -0
package/dist/workflows/connect-mcp-server.js.map +1 -0
package/dist/workflows/engine-core.d.ts +36 -0
package/dist/workflows/engine-core.js +272 -0
package/dist/workflows/engine-core.js.map +1 -0
package/dist/workflows/execute-from-execution.d.ts +32 -0
package/dist/workflows/execute-from-execution.js +71 -0
package/dist/workflows/execute-from-execution.js.map +1 -0
package/dist/workflows/execute-serverless-workflow.d.ts +32 -0
package/dist/workflows/execute-serverless-workflow.js +36 -0
package/dist/workflows/execute-serverless-workflow.js.map +1 -0
package/dist/workflows/human-input-orchestrator.d.ts +19 -0
package/dist/workflows/human-input-orchestrator.js +59 -0
package/dist/workflows/human-input-orchestrator.js.map +1 -0
package/dist/workflows/index.d.ts +22 -0
package/dist/workflows/index.js +23 -0
package/dist/workflows/index.js.map +1 -0
package/dist/workflows/listen-orchestrator.d.ts +29 -0
package/dist/workflows/listen-orchestrator.js +143 -0
package/dist/workflows/listen-orchestrator.js.map +1 -0
package/dist/workflows/metrics-sink.d.ts +33 -0
package/dist/workflows/metrics-sink.js +21 -0
package/dist/workflows/metrics-sink.js.map +1 -0
package/dist/workflows/run-orchestrator.d.ts +15 -0
package/dist/workflows/run-orchestrator.js +27 -0
package/dist/workflows/run-orchestrator.js.map +1 -0
package/dist/workflows/types.d.ts +46 -0
package/dist/workflows/types.js +15 -0
package/dist/workflows/types.js.map +1 -0
package/dist/workflows/workflow-signals.d.ts +29 -0
package/dist/workflows/workflow-signals.js +46 -0
package/dist/workflows/workflow-signals.js.map +1 -0
package/package.json +108 -0
package/src/__test-utils__/__tests__/replay-fetch.test.ts +155 -0
package/src/__test-utils__/mock-client.ts +44 -0
package/src/__test-utils__/mock-workspace.ts +28 -0
package/src/__test-utils__/proto-helpers.ts +41 -0
package/src/__test-utils__/replay-fetch.ts +523 -0
package/src/__tests__/bootstrap.test.ts +221 -0
package/src/__tests__/claimcheck-codec.test.ts +257 -0
package/src/__tests__/config.test.ts +150 -0
package/src/__tests__/deterministic-eval-llm.test.ts +269 -0
package/src/__tests__/deterministic-mcp-hitl.test.ts +405 -0
package/src/__tests__/golden-e2e.test.ts +250 -0
package/src/__tests__/ipc-protocol-fixtures.test.ts +66 -0
package/src/__tests__/ipc-protocol.test.ts +32 -0
package/src/__tests__/otel-metrics.test.ts +40 -0
package/src/__tests__/runner-manager.test.ts +55 -0
package/src/__tests__/runner-token-coordinator.test.ts +166 -0
package/src/__tests__/runner.test.ts +182 -0
package/src/__tests__/worker.test.ts +18 -0
package/src/activities/__tests__/call-agent-contracts.test.ts +483 -0
package/src/activities/__tests__/call-agent.test.ts +263 -0
package/src/activities/__tests__/call-function.test.ts +47 -0
package/src/activities/__tests__/call-grpc.test.ts +39 -0
package/src/activities/__tests__/call-http.test.ts +288 -0
package/src/activities/__tests__/call-llm.test.ts +301 -0
package/src/activities/__tests__/classify-tool-approvals.test.ts +430 -0
package/src/activities/__tests__/discover-mcp-server.test.ts +641 -0
package/src/activities/__tests__/ensure-thread.test.ts +96 -0
package/src/activities/__tests__/error-classifier.test.ts +372 -0
package/src/activities/__tests__/evaluate-expressions.test.ts +114 -0
package/src/activities/__tests__/hydrate-workflow-execution.test.ts +321 -0
package/src/activities/__tests__/notification.test.ts +151 -0
package/src/activities/__tests__/workflow-event-activities.test.ts +664 -0
package/src/activities/call-agent-status.ts +130 -0
package/src/activities/call-agent.ts +302 -0
package/src/activities/call-eval.ts +333 -0
package/src/activities/call-function.ts +73 -0
package/src/activities/call-grpc.ts +140 -0
package/src/activities/call-http.ts +185 -0
package/src/activities/call-llm.ts +379 -0
package/src/activities/call-transform.ts +54 -0
package/src/activities/call-validate.ts +223 -0
package/src/activities/classify-tool-approvals.ts +319 -0
package/src/activities/discover-mcp-server.ts +411 -0
package/src/activities/emit-event.ts +195 -0
package/src/activities/ensure-thread.ts +45 -0
package/src/activities/evaluate-expressions.ts +47 -0
package/src/activities/execute-cursor/__tests__/approval-gate.test.ts +188 -0
package/src/activities/execute-cursor/__tests__/build-prompt.test.ts +111 -0
package/src/activities/execute-cursor/__tests__/cursor-baseurl-routing.test.ts +86 -0
package/src/activities/execute-cursor/__tests__/cursor-fetch-interceptor-bypass.test.ts +64 -0
package/src/activities/execute-cursor/__tests__/cursor-mode.test.ts +95 -0
package/src/activities/execute-cursor/__tests__/cursor-sdk-auth-smoke.test.ts +90 -0
package/src/activities/execute-cursor/__tests__/delta-enricher.test.ts +242 -0
package/src/activities/execute-cursor/__tests__/error-classifier-introspection.test.ts +156 -0
package/src/activities/execute-cursor/__tests__/fetch-interceptor.test.ts +211 -0
package/src/activities/execute-cursor/__tests__/hitl-ledger.test.ts +298 -0
package/src/activities/execute-cursor/__tests__/http2-interceptor.test.ts +360 -0
package/src/activities/execute-cursor/__tests__/message-translator.test.ts +657 -0
package/src/activities/execute-cursor/__tests__/model-pricing.test.ts +92 -0
package/src/activities/execute-cursor/__tests__/prompt-builder-delegation.test.ts +101 -0
package/src/activities/execute-cursor/__tests__/runner-error-regressions.test.ts +144 -0
package/src/activities/execute-cursor/__tests__/session-lifecycle.test.ts +65 -0
package/src/activities/execute-cursor/__tests__/skill-resolver.test.ts +265 -0
package/src/activities/execute-cursor/__tests__/subagent-config.test.ts +107 -0
package/src/activities/execute-cursor/__tests__/todo-tracker.test.ts +498 -0
package/src/activities/execute-cursor/__tests__/workspace-provision.test.ts +283 -0
package/src/activities/execute-cursor/approval-policy.ts +224 -0
package/src/activities/execute-cursor/approval-state.ts +311 -0
package/src/activities/execute-cursor/attachment-resolver.ts +78 -0
package/src/activities/execute-cursor/blueprint-resolver.ts +234 -0
package/src/activities/execute-cursor/connect-backfill.ts +49 -0
package/src/activities/execute-cursor/cursor-event-recorder.ts +83 -0
package/src/activities/execute-cursor/cursor-mode.ts +42 -0
package/src/activities/execute-cursor/delta-enricher.ts +307 -0
package/src/activities/execute-cursor/env-resolver.ts +64 -0
package/src/activities/execute-cursor/error-classifier.ts +247 -0
package/src/activities/execute-cursor/fetch-interceptor.ts +382 -0
package/src/activities/execute-cursor/hitl-diagnostics.ts +82 -0
package/src/activities/execute-cursor/hook-script.ts +159 -0
package/src/activities/execute-cursor/http2-interceptor.ts +253 -0
package/src/activities/execute-cursor/index.ts +1439 -0
package/src/activities/execute-cursor/mcp-config.ts +66 -0
package/src/activities/execute-cursor/mcp-resolver.ts +271 -0
package/src/activities/execute-cursor/message-translator.ts +896 -0
package/src/activities/execute-cursor/model-pricing-data.ts +167 -0
package/src/activities/execute-cursor/model-pricing.ts +167 -0
package/src/activities/execute-cursor/placeholder-resolver.ts +109 -0
package/src/activities/execute-cursor/prompt-builder.ts +349 -0
package/src/activities/execute-cursor/rejection-capture.ts +100 -0
package/src/activities/execute-cursor/session-lifecycle.ts +429 -0
package/src/activities/execute-cursor/skill-resolver.ts +176 -0
package/src/activities/execute-cursor/subagent-config.ts +62 -0
package/src/activities/execute-cursor/todo-tracker.ts +133 -0
package/src/activities/execute-cursor/usage-accumulator.ts +126 -0
package/src/activities/execute-cursor/workspace-provision.ts +55 -0
package/src/activities/execute-cursor/workspace-setup.ts +75 -0
package/src/activities/execute-deep-agent/__test-utils__/v3-event-fixtures.ts +281 -0
package/src/activities/execute-deep-agent/__tests__/attachment-injector.test.ts +720 -0
package/src/activities/execute-deep-agent/__tests__/auto-publish.test.ts +146 -0
package/src/activities/execute-deep-agent/__tests__/environment.test.ts +103 -0
package/src/activities/execute-deep-agent/__tests__/event-recorder.test.ts +150 -0
package/src/activities/execute-deep-agent/__tests__/execution-state-extended.test.ts +150 -0
package/src/activities/execute-deep-agent/__tests__/execution-state.test.ts +157 -0
package/src/activities/execute-deep-agent/__tests__/hitl-integration.test.ts +223 -0
package/src/activities/execute-deep-agent/__tests__/hitl.test.ts +244 -0
package/src/activities/execute-deep-agent/__tests__/index.test.ts +91 -0
package/src/activities/execute-deep-agent/__tests__/inline-publisher.test.ts +240 -0
package/src/activities/execute-deep-agent/__tests__/post-stream.test.ts +112 -0
package/src/activities/execute-deep-agent/__tests__/prompt-builder.test.ts +208 -0
package/src/activities/execute-deep-agent/__tests__/status-builder.test.ts +1771 -0
package/src/activities/execute-deep-agent/__tests__/streaming-scheduler.test.ts +199 -0
package/src/activities/execute-deep-agent/__tests__/streaming-v3.test.ts +527 -0
package/src/activities/execute-deep-agent/__tests__/streaming.test.ts +508 -0
package/src/activities/execute-deep-agent/__tests__/subagent-tracker.test.ts +474 -0
package/src/activities/execute-deep-agent/__tests__/subagent-transformer.test.ts +734 -0
package/src/activities/execute-deep-agent/__tests__/subagent-wiring.test.ts +71 -0
package/src/activities/execute-deep-agent/__tests__/summarization-verification.test.ts +323 -0
package/src/activities/execute-deep-agent/__tests__/v3-event-recorder.test.ts +186 -0
package/src/activities/execute-deep-agent/__tests__/v3-protocol-normalizer.test.ts +324 -0
package/src/activities/execute-deep-agent/__tests__/v3-status-builder.test.ts +504 -0
package/src/activities/execute-deep-agent/__tests__/writeback-coordinator.test.ts +399 -0
package/src/activities/execute-deep-agent/attachment-injector.ts +470 -0
package/src/activities/execute-deep-agent/auto-publish.ts +80 -0
package/src/activities/execute-deep-agent/environment.ts +67 -0
package/src/activities/execute-deep-agent/event-recorder.ts +95 -0
package/src/activities/execute-deep-agent/execution-state.ts +87 -0
package/src/activities/execute-deep-agent/execution-status-writer.ts +19 -0
package/src/activities/execute-deep-agent/hitl.ts +221 -0
package/src/activities/execute-deep-agent/index.ts +342 -0
package/src/activities/execute-deep-agent/inline-publisher.ts +134 -0
package/src/activities/execute-deep-agent/post-stream.ts +109 -0
package/src/activities/execute-deep-agent/prompt-builder.ts +264 -0
package/src/activities/execute-deep-agent/setup.ts +599 -0
package/src/activities/execute-deep-agent/status-builder-shared.ts +136 -0
package/src/activities/execute-deep-agent/status-builder.ts +412 -0
package/src/activities/execute-deep-agent/streaming-scheduler.ts +159 -0
package/src/activities/execute-deep-agent/streaming-side-effects.ts +89 -0
package/src/activities/execute-deep-agent/streaming-terminal.ts +96 -0
package/src/activities/execute-deep-agent/streaming-v3.ts +272 -0
package/src/activities/execute-deep-agent/streaming.ts +303 -0
package/src/activities/execute-deep-agent/subagent-tracker.ts +445 -0
package/src/activities/execute-deep-agent/subagent-transformer.ts +648 -0
package/src/activities/execute-deep-agent/subagent-wiring.ts +56 -0
package/src/activities/execute-deep-agent/v3-event-recorder.ts +111 -0
package/src/activities/execute-deep-agent/v3-events.ts +153 -0
package/src/activities/execute-deep-agent/v3-protocol-normalizer.ts +264 -0
package/src/activities/execute-deep-agent/v3-status-builder.ts +490 -0
package/src/activities/execute-deep-agent/writeback-coordinator.ts +420 -0
package/src/activities/hydrate-workflow-execution.ts +306 -0
package/src/activities/notification.ts +71 -0
package/src/activities/promote-task-output.ts +126 -0
package/src/activities/run-command.ts +148 -0
package/src/activities/workflow-event-activities.ts +481 -0
package/src/bootstrap.ts +173 -0
package/src/budget/__tests__/tracker.test.ts +293 -0
package/src/budget/index.ts +9 -0
package/src/budget/tracker.ts +171 -0
package/src/claimcheck/compressor.ts +9 -0
package/src/claimcheck/config.ts +20 -0
package/src/claimcheck/index.ts +3 -0
package/src/claimcheck/payload-codec.ts +107 -0
package/src/client/__tests__/server-contracts.test.ts +149 -0
package/src/client/__tests__/stigmer-client.test.ts +142 -0
package/src/client/server-contracts.ts +125 -0
package/src/client/stigmer-client.ts +339 -0
package/src/config.ts +185 -0
package/src/idle-watchdog.ts +28 -0
package/src/index.ts +48 -0
package/src/interceptors/workflow-metrics-sink.ts +56 -0
package/src/ipc-protocol-fixtures.ts +117 -0
package/src/ipc-protocol.ts +113 -0
package/src/main.ts +324 -0
package/src/middleware/__tests__/approval-gate.test.ts +231 -0
package/src/middleware/__tests__/cost-cap.test.ts +192 -0
package/src/middleware/__tests__/error-hints.test.ts +90 -0
package/src/middleware/__tests__/execution-budget.test.ts +138 -0
package/src/middleware/__tests__/graceful-stop.test.ts +105 -0
package/src/middleware/__tests__/loop-detection.test.ts +137 -0
package/src/middleware/__tests__/otel-spans.test.ts +89 -0
package/src/middleware/__tests__/think-tool.test.ts +26 -0
package/src/middleware/__tests__/tool-truncation.test.ts +112 -0
package/src/middleware/approval-gate.ts +179 -0
package/src/middleware/cost-cap.ts +213 -0
package/src/middleware/error-hints.ts +136 -0
package/src/middleware/execution-budget.ts +176 -0
package/src/middleware/graceful-stop.ts +86 -0
package/src/middleware/index.ts +70 -0
package/src/middleware/loop-detection.ts +192 -0
package/src/middleware/otel-spans.ts +205 -0
package/src/middleware/think-tool.ts +38 -0
package/src/middleware/tool-truncation.ts +94 -0
package/src/middleware/types.ts +114 -0
package/src/notification/__tests__/provider.test.ts +85 -0
package/src/notification/__tests__/webhook.test.ts +127 -0
package/src/notification/index.ts +15 -0
package/src/notification/provider.ts +52 -0
package/src/notification/webhook.ts +61 -0
package/src/otel-metrics.ts +73 -0
package/src/otel.ts +194 -0
package/src/runner-manager.ts +652 -0
package/src/runner-token-coordinator.ts +135 -0
package/src/runner.ts +380 -0
package/src/shared/__tests__/approval-policy.test.ts +256 -0
package/src/shared/__tests__/artifact-storage-extended.test.ts +208 -0
package/src/shared/__tests__/artifact-storage.test.ts +365 -0
package/src/shared/__tests__/connect-backfill.test.ts +346 -0
package/src/shared/__tests__/extract-json.test.ts +153 -0
package/src/shared/__tests__/grpc-retry-extended.test.ts +176 -0
package/src/shared/__tests__/grpc-retry.test.ts +172 -0
package/src/shared/__tests__/json-schema-to-zod.test.ts +227 -0
package/src/shared/__tests__/llm-proxy.test.ts +179 -0
package/src/shared/__tests__/mcp-manager.test.ts +154 -0
package/src/shared/__tests__/model-pricing.test.ts +85 -0
package/src/shared/__tests__/model-registry.test.ts +197 -0
package/src/shared/__tests__/placeholder-resolver.test.ts +210 -0
package/src/shared/__tests__/plan-artifact.test.ts +142 -0
package/src/shared/__tests__/skill-relevance.test.ts +292 -0
package/src/shared/__tests__/skill-writer.test.ts +349 -0
package/src/shared/__tests__/status.test.ts +142 -0
package/src/shared/__tests__/subagent-gate.test.ts +112 -0
package/src/shared/__tests__/tool-kind.test.ts +58 -0
package/src/shared/__tests__/zip-extract.test.ts +204 -0
package/src/shared/approval-policy.ts +146 -0
package/src/shared/artifact-storage.ts +207 -0
package/src/shared/checkpointer/__tests__/factory.test.ts +42 -0
package/src/shared/checkpointer/__tests__/http-saver.test.ts +176 -0
package/src/shared/checkpointer/factory.ts +73 -0
package/src/shared/checkpointer/http-saver.ts +349 -0
package/src/shared/checkpointer/types.ts +12 -0
package/src/shared/connect-backfill.ts +162 -0
package/src/shared/extract-json.ts +153 -0
package/src/shared/grpc-retry.ts +113 -0
package/src/shared/heartbeat.ts +70 -0
package/src/shared/json-schema-to-zod.ts +53 -0
package/src/shared/llm-proxy.ts +138 -0
package/src/shared/mcp-manager.ts +150 -0
package/src/shared/mcp-resolver.ts +150 -0
package/src/shared/model-pricing-data.ts +109 -0
package/src/shared/model-pricing.ts +81 -0
package/src/shared/model-registry.ts +214 -0
package/src/shared/placeholder-resolver.ts +102 -0
package/src/shared/plan-artifact.ts +120 -0
package/src/shared/skill-relevance.ts +222 -0
package/src/shared/skill-writer.ts +300 -0
package/src/shared/status.ts +94 -0
package/src/shared/subagent-gate.ts +117 -0
package/src/shared/tool-kind.ts +91 -0
package/src/shared/workspace/__tests__/file-tree.test.ts +210 -0
package/src/shared/workspace/__tests__/git-source.test.ts +423 -0
package/src/shared/workspace/__tests__/local-backend-platform.test.ts +259 -0
package/src/shared/workspace/__tests__/local-backend.test.ts +154 -0
package/src/shared/workspace/__tests__/platform-mount.test.ts +378 -0
package/src/shared/workspace/__tests__/provisioner.test.ts +145 -0
package/src/shared/workspace/file-tree.ts +116 -0
package/src/shared/workspace/local-backend.ts +140 -0
package/src/shared/workspace/platform-dir.ts +38 -0
package/src/shared/workspace/platform-mount.ts +190 -0
package/src/shared/workspace/provisioner.ts +150 -0
package/src/shared/workspace/sources/empty.ts +20 -0
package/src/shared/workspace/sources/git.ts +285 -0
package/src/shared/workspace/sources/local-path.ts +89 -0
package/src/shared/workspace/types.ts +69 -0
package/src/shared/zip-extract.ts +193 -0
package/src/worker.ts +98 -0
package/src/workflow-engine/__tests__/do-executor-recovery.test.ts +382 -0
package/src/workflow-engine/__tests__/do-executor.test.ts +963 -0
package/src/workflow-engine/__tests__/errors.test.ts +174 -0
package/src/workflow-engine/__tests__/expression.test.ts +776 -0
package/src/workflow-engine/__tests__/for.test.ts +575 -0
package/src/workflow-engine/__tests__/fork.test.ts +838 -0
package/src/workflow-engine/__tests__/golden-execution.test.ts +1085 -0
package/src/workflow-engine/__tests__/jq-wasm-spike.test.ts +90 -0
package/src/workflow-engine/__tests__/loader.test.ts +1393 -0
package/src/workflow-engine/__tests__/pause-resume.test.ts +267 -0
package/src/workflow-engine/__tests__/recovery.test.ts +115 -0
package/src/workflow-engine/__tests__/resolve.test.ts +432 -0
package/src/workflow-engine/__tests__/retry.test.ts +306 -0
package/src/workflow-engine/__tests__/state.test.ts +174 -0
package/src/workflow-engine/__tests__/task-status-accumulator.test.ts +373 -0
package/src/workflow-engine/__tests__/tasks/call-agent-output.test.ts +120 -0
package/src/workflow-engine/__tests__/tasks/call-agent.test.ts +816 -0
package/src/workflow-engine/__tests__/tasks/call-function.test.ts +205 -0
package/src/workflow-engine/__tests__/tasks/call-grpc.test.ts +133 -0
package/src/workflow-engine/__tests__/tasks/call-http.test.ts +150 -0
package/src/workflow-engine/__tests__/tasks/emit-event.test.ts +322 -0
package/src/workflow-engine/__tests__/tasks/human-input.test.ts +416 -0
package/src/workflow-engine/__tests__/tasks/listen.test.ts +422 -0
package/src/workflow-engine/__tests__/tasks/raise.test.ts +166 -0
package/src/workflow-engine/__tests__/tasks/run.test.ts +272 -0
package/src/workflow-engine/__tests__/tasks/set.test.ts +127 -0
package/src/workflow-engine/__tests__/tasks/switch.test.ts +277 -0
package/src/workflow-engine/__tests__/tasks/try.test.ts +590 -0
package/src/workflow-engine/__tests__/tasks/wait.test.ts +173 -0
package/src/workflow-engine/clone.ts +18 -0
package/src/workflow-engine/do-executor.ts +569 -0
package/src/workflow-engine/duration.ts +22 -0
package/src/workflow-engine/error-utils.ts +97 -0
package/src/workflow-engine/errors.ts +130 -0
package/src/workflow-engine/expression-utils.ts +129 -0
package/src/workflow-engine/expression.ts +430 -0
package/src/workflow-engine/loader.ts +524 -0
package/src/workflow-engine/recovery.ts +80 -0
package/src/workflow-engine/resolve.ts +342 -0
package/src/workflow-engine/retry.ts +109 -0
package/src/workflow-engine/state.ts +56 -0
package/src/workflow-engine/task-factory.ts +160 -0
package/src/workflow-engine/task-status-accumulator.ts +204 -0
package/src/workflow-engine/tasks/call-agent-output.ts +132 -0
package/src/workflow-engine/tasks/call-agent.ts +221 -0
package/src/workflow-engine/tasks/call-function.ts +107 -0
package/src/workflow-engine/tasks/call-grpc.ts +47 -0
package/src/workflow-engine/tasks/call-http.ts +51 -0
package/src/workflow-engine/tasks/for.ts +244 -0
package/src/workflow-engine/tasks/fork.ts +228 -0
package/src/workflow-engine/tasks/human-input.ts +147 -0
package/src/workflow-engine/tasks/listen.ts +166 -0
package/src/workflow-engine/tasks/raise.ts +81 -0
package/src/workflow-engine/tasks/run.ts +142 -0
package/src/workflow-engine/tasks/set.ts +47 -0
package/src/workflow-engine/tasks/switch.ts +102 -0
package/src/workflow-engine/tasks/try.ts +274 -0
package/src/workflow-engine/tasks/wait.ts +53 -0
package/src/workflow-engine/types.ts +911 -0
package/src/workflows/__tests__/connect-mcp-server.test.ts +359 -0
package/src/workflows/__tests__/execute-serverless-workflow.test.ts +277 -0
package/src/workflows/call-agent-orchestrator.ts +283 -0
package/src/workflows/connect-mcp-server.ts +152 -0
package/src/workflows/engine-core.ts +406 -0
package/src/workflows/execute-from-execution.ts +101 -0
package/src/workflows/execute-serverless-workflow.ts +60 -0
package/src/workflows/human-input-orchestrator.ts +76 -0
package/src/workflows/index.ts +32 -0
package/src/workflows/listen-orchestrator.ts +200 -0
package/src/workflows/metrics-sink.ts +48 -0
package/src/workflows/run-orchestrator.ts +34 -0
package/src/workflows/types.ts +64 -0
package/src/workflows/workflow-signals.ts +55 -0

package/dist/activities/execute-cursor/hitl-diagnostics.js ADDED Viewed

@@ -0,0 +1,73 @@
+/**
+ * Deny-time diagnostic utilities for HITL (human-in-the-loop) approvals.
+ *
+ * These helpers capture the agent's rationale and the workspace's git state
+ * at the moment a tool call is proposed/denied, so the approval record
+ * (PendingApproval.agent_rationale / branch_at_deny / head_sha_at_deny)
+ * carries enough context for a human reviewer and for later reinvocation.
+ */
+import { MessageType } from "@stigmer/protos/ai/stigmer/agentic/agentexecution/v1/enum_pb";
+const MAX_RATIONALE_CHARS = 500;
+/**
+ * Extract the agent's rationale for a tool call from the message history.
+ *
+ * Heuristic: Takes the content of the last AI message, which typically
+ * contains the agent's explanation of what it's about to do. Truncated
+ * to MAX_RATIONALE_CHARS to keep the approval record concise.
+ *
+ * Returns empty string if no AI messages exist.
+ */
+export function extractAgentRationale(messages, _toolCallId) {
+    const aiMessages = messages.filter((m) => m.type === MessageType.MESSAGE_AI);
+    if (aiMessages.length === 0)
+        return "";
+    const lastAi = aiMessages[aiMessages.length - 1];
+    if (!lastAi.content)
+        return "";
+    if (lastAi.content.length <= MAX_RATIONALE_CHARS) {
+        return lastAi.content;
+    }
+    return lastAi.content.slice(-MAX_RATIONALE_CHARS);
+}
+/**
+ * Get the current git branch name for a workspace directory.
+ *
+ * Best-effort: returns empty string on failure (non-git workspace,
+ * missing git binary, detached HEAD). Never throws.
+ */
+export async function getGitBranch(workspaceDir) {
+    try {
+        const { execFile } = await import("node:child_process");
+        const { promisify } = await import("node:util");
+        const execFileAsync = promisify(execFile);
+        const { stdout } = await execFileAsync("git", ["rev-parse", "--abbrev-ref", "HEAD"], {
+            cwd: workspaceDir,
+            timeout: 5_000,
+        });
+        return stdout.trim();
+    }
+    catch {
+        return "";
+    }
+}
+/**
+ * Get the current git HEAD SHA for a workspace directory.
+ *
+ * Best-effort: returns empty string on failure. Never throws.
+ */
+export async function getGitHeadSha(workspaceDir) {
+    try {
+        const { execFile } = await import("node:child_process");
+        const { promisify } = await import("node:util");
+        const execFileAsync = promisify(execFile);
+        const { stdout } = await execFileAsync("git", ["rev-parse", "HEAD"], {
+            cwd: workspaceDir,
+            timeout: 5_000,
+        });
+        return stdout.trim();
+    }
+    catch {
+        return "";
+    }
+}
+//# sourceMappingURL=hitl-diagnostics.js.map

package/dist/activities/execute-cursor/hitl-diagnostics.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"hitl-diagnostics.js","sourceRoot":"","sources":["../../../src/activities/execute-cursor/hitl-diagnostics.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,8DAA8D,CAAC;AAE3F,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAEhC;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,QAAwB,EACxB,WAAmB;IAEnB,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC,UAAU,CAAC,CAAC;IAC7E,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEvC,MAAM,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjD,IAAI,CAAC,MAAM,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAE/B,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,mBAAmB,EAAE,CAAC;QACjD,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;IAED,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,mBAAmB,CAAC,CAAC;AACpD,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,YAAoB;IACrD,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACxD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAE1C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,cAAc,EAAE,MAAM,CAAC,EAAE;YACnF,GAAG,EAAE,YAAY;YACjB,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,YAAoB;IACtD,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACxD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAE1C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE;YACnE,GAAG,EAAE,YAAY;YACjB,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/activities/execute-cursor/hook-script.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+/**
+ * Template for the preToolUse hook script that Cursor spawns.
+ *
+ * This module doesn't execute as a hook itself — it generates the shell
+ * script that is written to .cursor/hooks/stigmer-approval.sh. That script
+ * is invoked by Cursor for every tool call via the preToolUse hook.
+ *
+ * The hook script:
+ * 1. Reads the tool call JSON from stdin
+ * 2. Reads the approval state JSON file written by the cursor-runner
+ * 3. Evaluates the policy: auto-approve, approved grants (reinvocation),
+ *    gated built-in tools, MCP require-approval policies
+ * 4. On a deny, appends the call's identity token to the denial ledger
+ *    (stigmer-denials.jsonl) so the runner can mark the gated tool call as
+ *    WAITING_APPROVAL — the hook is the only place the deny decision is made,
+ *    so its ledger is the authoritative record of what was gated this turn
+ * 5. Returns { "permission": "allow" } or { "permission": "deny" } on stdout
+ *
+ * The script is self-contained (no Node.js required) for portability. It uses
+ * bash + grep/cut for lightweight JSON field extraction. All policy decisions
+ * are pre-computed by the runner into the state file; the hook only performs
+ * mechanical field extraction and string lookups — the policy itself is
+ * authored once in TypeScript (approval-policy.ts / approval-state.ts).
+ *
+ * Policy evaluation order (first match wins). The model is "gate the dangerous
+ * set, allow the rest" — matching the native harness and avoiding denial of
+ * auto-approved MCP tools (which are absent from mcpToolPolicies):
+ * 1. autoApproveAll → allow
+ * 2. Matches an approved grant token → allow (reinvocation after approval)
+ * 3. Tool name in builtInGatedList → deny
+ * 4. Tool name in mcpToolPolicies (require-approval) → deny
+ * 5. Everything else (read-only built-ins, auto-approved MCP, unknown) → allow
+ */
+/**
+ * Generates the bash hook script content.
+ *
+ * The script reads a JSON state file written by the cursor-runner before
+ * each agent.send() call. The state file is the single source of truth
+ * for all approval decisions.
+ *
+ * Approved grants are matched by a base64 token of `toolName \n salientArg`,
+ * recomputed here from the incoming tool call. The salient-arg field list is
+ * injected from SALIENT_ARG_FIELDS so the runner and the hook never disagree on
+ * which argument identifies the resource. The encoding must stay byte-identical
+ * to grantToken() in approval-state.ts.
+ */
+export declare function generateHookScript(stateFilePath: string, ledgerFilePath: string): string;

package/dist/activities/execute-cursor/hook-script.js ADDED Viewed

@@ -0,0 +1,156 @@
+/**
+ * Template for the preToolUse hook script that Cursor spawns.
+ *
+ * This module doesn't execute as a hook itself — it generates the shell
+ * script that is written to .cursor/hooks/stigmer-approval.sh. That script
+ * is invoked by Cursor for every tool call via the preToolUse hook.
+ *
+ * The hook script:
+ * 1. Reads the tool call JSON from stdin
+ * 2. Reads the approval state JSON file written by the cursor-runner
+ * 3. Evaluates the policy: auto-approve, approved grants (reinvocation),
+ *    gated built-in tools, MCP require-approval policies
+ * 4. On a deny, appends the call's identity token to the denial ledger
+ *    (stigmer-denials.jsonl) so the runner can mark the gated tool call as
+ *    WAITING_APPROVAL — the hook is the only place the deny decision is made,
+ *    so its ledger is the authoritative record of what was gated this turn
+ * 5. Returns { "permission": "allow" } or { "permission": "deny" } on stdout
+ *
+ * The script is self-contained (no Node.js required) for portability. It uses
+ * bash + grep/cut for lightweight JSON field extraction. All policy decisions
+ * are pre-computed by the runner into the state file; the hook only performs
+ * mechanical field extraction and string lookups — the policy itself is
+ * authored once in TypeScript (approval-policy.ts / approval-state.ts).
+ *
+ * Policy evaluation order (first match wins). The model is "gate the dangerous
+ * set, allow the rest" — matching the native harness and avoiding denial of
+ * auto-approved MCP tools (which are absent from mcpToolPolicies):
+ * 1. autoApproveAll → allow
+ * 2. Matches an approved grant token → allow (reinvocation after approval)
+ * 3. Tool name in builtInGatedList → deny
+ * 4. Tool name in mcpToolPolicies (require-approval) → deny
+ * 5. Everything else (read-only built-ins, auto-approved MCP, unknown) → allow
+ */
+import { SALIENT_ARG_FIELDS } from "./approval-policy.js";
+const APPROVAL_REQUIRED_AGENT_MESSAGE = "STIGMER_APPROVAL_REQUIRED: This tool call requires user approval before " +
+    "execution. Do not attempt alternative approaches or workarounds. The " +
+    "execution will resume after the user reviews and approves this tool call.";
+/**
+ * Generates the bash hook script content.
+ *
+ * The script reads a JSON state file written by the cursor-runner before
+ * each agent.send() call. The state file is the single source of truth
+ * for all approval decisions.
+ *
+ * Approved grants are matched by a base64 token of `toolName \n salientArg`,
+ * recomputed here from the incoming tool call. The salient-arg field list is
+ * injected from SALIENT_ARG_FIELDS so the runner and the hook never disagree on
+ * which argument identifies the resource. The encoding must stay byte-identical
+ * to grantToken() in approval-state.ts.
+ */
+export function generateHookScript(stateFilePath, ledgerFilePath) {
+    const salientFields = SALIENT_ARG_FIELDS.join(" ");
+    return `#!/bin/bash
+# Stigmer HITL approval hook for Cursor preToolUse
+# Generated by cursor-runner — do not edit manually.
+#
+# Reads tool call from stdin (JSON), checks approval state file,
+# returns permission decision on stdout (JSON). On a deny, appends the call's
+# identity token to the denial ledger so the runner can mark the gated tool call
+# as WAITING_APPROVAL.
+set -euo pipefail
+INPUT=$(cat)
+# Extract tool_name from the hook input JSON.
+# Cursor sends the actual tool name (e.g. "search_services" for MCP tools).
+# Every extraction ends with '|| true': under 'set -e' a non-matching grep would
+# otherwise abort the script and emit no decision.
+TOOL_NAME=$(echo "$INPUT" | grep -o '"tool_name":"[^"]*"' | head -1 | cut -d'"' -f4 || true)
+STATE_FILE="${stateFilePath}"
+LEDGER_FILE="${ledgerFilePath}"
+# --- Failsafe: missing state file → deny (fail-closed) ---
+if [ ! -f "$STATE_FILE" ]; then
+  echo '{"permission":"deny","agent_message":"${APPROVAL_REQUIRED_AGENT_MESSAGE}","user_message":"Tool requires approval: '"$TOOL_NAME"'"}'
+  exit 0
+fi
+STATE=$(cat "$STATE_FILE")
+# --- 1. Auto-approve all ---
+if echo "$STATE" | grep -q '"autoApproveAll":true'; then
+  echo '{"permission":"allow"}'
+  exit 0
+fi
+# --- 2. Approved grants (reinvocation after SubmitApproval) ---
+# Build the same base64 token the runner stored for an approved tool call and
+# match it against approvedGrantTokens. Match by (name + salient arg); fall back
+# to name-only for grants with no salient arg (MCP tools). Salient-arg field
+# order is injected from SALIENT_ARG_FIELDS (single source of truth).
+TOKEN_NAME=$(printf '%s\\n' "$TOOL_NAME" | base64 | tr -d '\\n')
+if echo "$STATE" | grep -q "\\"$TOKEN_NAME\\""; then
+  echo '{"permission":"allow"}'
+  exit 0
+fi
+SALIENT=""
+for field in ${salientFields}; do
+  v=$(echo "$INPUT" | grep -o "\\"$field\\":\\"[^\\"]*\\"" | head -1 | cut -d'"' -f4 || true)
+  if [ -n "$v" ]; then SALIENT="$v"; break; fi
+done
+if [ -n "$SALIENT" ]; then
+  TOKEN_SALIENT=$(printf '%s\\n%s' "$TOOL_NAME" "$SALIENT" | base64 | tr -d '\\n')
+  if echo "$STATE" | grep -q "\\"$TOKEN_SALIENT\\""; then
+    echo '{"permission":"allow"}'
+    exit 0
+  fi
+fi
+# Identity token recorded on a deny so the runner can correlate the gated call
+# back to its streamed tool call. Prefer the salient-arg token (identifies the
+# specific resource); fall back to name-only. Byte-identical to grantToken().
+if [ -n "$SALIENT" ]; then DENY_TOKEN="$TOKEN_SALIENT"; else DENY_TOKEN="$TOKEN_NAME"; fi
+# Append a denial record to the ledger. Best-effort: a ledger write failure must
+# never abort the decision (the deny still goes out on stdout). toolName is raw
+# for human-readable debugging; token drives correlation in the runner.
+record_denial() {
+  echo '{"toolName":"'"$TOOL_NAME"'","token":"'"$DENY_TOKEN"'"}' >> "$LEDGER_FILE" 2>/dev/null || true
+}
+# --- 3. Gated built-in tools (Write, StrReplace, Shell, ...) → deny ---
+GATED_LIST=$(echo "$STATE" | grep -o '"builtInGatedList":\\[[^]]*\\]' | head -1 || true)
+if [ -n "$GATED_LIST" ] && [ -n "$TOOL_NAME" ] && echo "$GATED_LIST" | grep -q "\\"$TOOL_NAME\\""; then
+  record_denial
+  echo '{"permission":"deny","agent_message":"${APPROVAL_REQUIRED_AGENT_MESSAGE}","user_message":"Tool requires approval: '"$TOOL_NAME"'"}'
+  exit 0
+fi
+# --- 4. MCP tools that require approval → deny ---
+# mcpToolPolicies holds only require-approval tools (auto-approved MCP tools are
+# absent), so presence means "deny" unless an entry is explicitly false.
+if echo "$STATE" | grep -q "\\"mcpToolPolicies\\"" && [ -n "$TOOL_NAME" ]; then
+  TOOL_POLICY=$(echo "$STATE" | grep -o "\\"$TOOL_NAME\\":{[^}]*}" | head -1 || true)
+  if [ -n "$TOOL_POLICY" ] && ! echo "$TOOL_POLICY" | grep -q '"requiresApproval":false'; then
+    MSG=$(echo "$TOOL_POLICY" | grep -o '"message":"[^"]*"' | head -1 | cut -d'"' -f4 || true)
+    if [ -z "$MSG" ]; then
+      MSG="Tool requires approval: $TOOL_NAME"
+    fi
+    record_denial
+    echo '{"permission":"deny","agent_message":"${APPROVAL_REQUIRED_AGENT_MESSAGE}","user_message":"'"$MSG"'"}'
+    exit 0
+  fi
+fi
+# --- 5. Everything else → allow ---
+# Read-only built-ins, auto-approved MCP tools, and anything not explicitly
+# gated. Fail-open mirrors the native harness (gate the dangerous set, allow the
+# rest) and prevents denying auto-approved MCP tools the state cannot enumerate.
+echo '{"permission":"allow"}'
+exit 0
+`;
+}
+//# sourceMappingURL=hook-script.js.map

package/dist/activities/execute-cursor/hook-script.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"hook-script.js","sourceRoot":"","sources":["../../../src/activities/execute-cursor/hook-script.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,MAAM,+BAA+B,GACnC,0EAA0E;IAC1E,uEAAuE;IACvE,2EAA2E,CAAC;AAE9E;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,kBAAkB,CAAC,aAAqB,EAAE,cAAsB;IAC9E,MAAM,aAAa,GAAG,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnD,OAAO;;;;;;;;;;;;;;;;;;;cAmBK,aAAa;eACZ,cAAc;;;;gDAImB,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;eAuBhE,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;gDA4BoB,+BAA+B;;;;;;;;;;;;;;;kDAe7B,+BAA+B;;;;;;;;;;;CAWhF,CAAC;AACF,CAAC"}

package/dist/activities/execute-cursor/http2-interceptor.d.ts ADDED Viewed

@@ -0,0 +1,94 @@
+/**
+ * HTTP/2 session interceptor for Cursor SDK Connect RPC proxy support.
+ *
+ * The Cursor SDK's Connect RPC transport (@connectrpc/connect-node) uses
+ * Node's native `http2` module, completely bypassing globalThis.fetch.
+ * This means the fetch interceptor (fetch-interceptor.ts) cannot inject
+ * the `x-stigmer-execution-id` header on BiDi streams.
+ *
+ * CHALLENGE: connect-node uses `import * as http2 from "node:http2"`. Node
+ * builds that ESM namespace by snapshotting the builtin's CJS exports at the
+ * FIRST `import` of the module, then freezes the namespace bindings. Patching
+ * `http2.connect` via `require()` mutates the shared CJS singleton, and that
+ * mutation is only visible to ESM namespace imports performed AFTER the patch.
+ * If connect-node imports `node:http2` first, its namespace is already frozen
+ * to the original `connect` and our later patch is invisible to it.
+ *
+ * LOAD ORDER IS THEREFORE LOAD-BEARING: this interceptor MUST be installed
+ * before the first connect-node import in the process. The runner enforces this
+ * by (a) keeping connect-node out of the pre-install static module graph
+ * (bootstrap.ts loads StigmerClient via dynamic import) and (b) installing this
+ * interceptor before resolving Temporal coordinates / importing the SDK in the
+ * runner factories. assertHttp2ConnectPatched() verifies the ESM-facade view at
+ * boot so any future regression fails loudly instead of silently 401-ing.
+ *
+ * This module patches `http2.connect()` to wrap returned sessions. The
+ * wrapped session's `request()` method reads the execution ID from the
+ * shared AsyncLocalStorage and injects it as an HTTP/2 header on each
+ * stream targeting the proxy endpoint.
+ *
+ * This is the same instrumentation approach used by OpenTelemetry's
+ * @opentelemetry/instrumentation-http2 for Node.js HTTP/2 tracing.
+ *
+ * EXIT CONDITION: This patch becomes unnecessary if @cursor/sdk ever
+ * exposes a mechanism to inject custom headers on its Connect RPC
+ * transport (e.g., interceptors option, defaultHeaders config, or a
+ * transport factory). At that point, replace this with a single Connect
+ * interceptor and remove the http2 patch.
+ *
+ * IMPORTANT: This module must be imported and installed BEFORE @cursor/sdk
+ * to ensure the patch is in place when the SDK opens its HTTP/2 session.
+ */
+/**
+ * Install the HTTP/2 interceptor. Call once at startup, BEFORE importing
+ * @cursor/sdk.
+ *
+ * When proxyEndpoint is not provided, the interceptor is not installed
+ * and all http2.connect() calls pass through to the original.
+ */
+export declare function installHttp2Interceptor(opts: {
+    proxyEndpoint: string | undefined;
+    stigmerToken: string | undefined;
+}): void;
+/**
+ * Verify the patch is visible to ESM namespace importers of `node:http2`
+ * (i.e. @connectrpc/connect-node). Call once at boot, immediately after
+ * {@link installHttp2Interceptor}.
+ *
+ * Unlike the CJS `require("node:http2")` singleton, the ESM namespace produced
+ * by `import * as http2 from "node:http2"` is snapshotted at the module's first
+ * import and frozen. If connect-node imported `node:http2` before the patch was
+ * applied, this namespace still exposes the ORIGINAL `connect`, so BiDi streams
+ * would silently omit `x-stigmer-auth` and hit HTTP 401. Importing the module
+ * here and comparing `ns.connect` against our patched `http2.connect` is the
+ * only honest check — comparing two `require()` views is tautological because
+ * they are the same object.
+ *
+ * No-op when the interceptor is not configured (no proxy/token), since there is
+ * nothing to patch in that case.
+ *
+ * @throws if the interceptor is configured but the ESM facade is unpatched —
+ * a load-order regression that must fail loudly at boot, not at request time.
+ */
+export declare function assertHttp2ConnectPatched(): Promise<void>;
+/**
+ * Update the auth token on the live interceptor config. Must be called
+ * whenever the Stigmer JWT is refreshed (e.g. via IPC updateToken) so
+ * that HTTP/2-intercepted streams use the current token instead of the
+ * one frozen at install time.
+ */
+export declare function updateHttp2InterceptorToken(token: string): void;
+/**
+ * Remove the interceptor and restore the original http2.connect.
+ * Primarily for testing.
+ */
+export declare function uninstallHttp2Interceptor(): void;
+/**
+ * Close all tracked HTTP/2 sessions to the proxy endpoint, forcing
+ * the SDK to establish a fresh connection on next use.
+ *
+ * Call between sequential workflow task activities to prevent a
+ * degraded session from one task poisoning the next. No-op when
+ * no sessions are tracked (e.g., first activity in a workflow).
+ */
+export declare function closeProxySessions(): void;

package/dist/activities/execute-cursor/http2-interceptor.js ADDED Viewed

@@ -0,0 +1,209 @@
+/**
+ * HTTP/2 session interceptor for Cursor SDK Connect RPC proxy support.
+ *
+ * The Cursor SDK's Connect RPC transport (@connectrpc/connect-node) uses
+ * Node's native `http2` module, completely bypassing globalThis.fetch.
+ * This means the fetch interceptor (fetch-interceptor.ts) cannot inject
+ * the `x-stigmer-execution-id` header on BiDi streams.
+ *
+ * CHALLENGE: connect-node uses `import * as http2 from "node:http2"`. Node
+ * builds that ESM namespace by snapshotting the builtin's CJS exports at the
+ * FIRST `import` of the module, then freezes the namespace bindings. Patching
+ * `http2.connect` via `require()` mutates the shared CJS singleton, and that
+ * mutation is only visible to ESM namespace imports performed AFTER the patch.
+ * If connect-node imports `node:http2` first, its namespace is already frozen
+ * to the original `connect` and our later patch is invisible to it.
+ *
+ * LOAD ORDER IS THEREFORE LOAD-BEARING: this interceptor MUST be installed
+ * before the first connect-node import in the process. The runner enforces this
+ * by (a) keeping connect-node out of the pre-install static module graph
+ * (bootstrap.ts loads StigmerClient via dynamic import) and (b) installing this
+ * interceptor before resolving Temporal coordinates / importing the SDK in the
+ * runner factories. assertHttp2ConnectPatched() verifies the ESM-facade view at
+ * boot so any future regression fails loudly instead of silently 401-ing.
+ *
+ * This module patches `http2.connect()` to wrap returned sessions. The
+ * wrapped session's `request()` method reads the execution ID from the
+ * shared AsyncLocalStorage and injects it as an HTTP/2 header on each
+ * stream targeting the proxy endpoint.
+ *
+ * This is the same instrumentation approach used by OpenTelemetry's
+ * @opentelemetry/instrumentation-http2 for Node.js HTTP/2 tracing.
+ *
+ * EXIT CONDITION: This patch becomes unnecessary if @cursor/sdk ever
+ * exposes a mechanism to inject custom headers on its Connect RPC
+ * transport (e.g., interceptors option, defaultHeaders config, or a
+ * transport factory). At that point, replace this with a single Connect
+ * interceptor and remove the http2 patch.
+ *
+ * IMPORTANT: This module must be imported and installed BEFORE @cursor/sdk
+ * to ensure the patch is in place when the SDK opens its HTTP/2 session.
+ */
+import { createRequire } from "node:module";
+import { getExecutionContext } from "./fetch-interceptor.js";
+// Use require() to get the ACTUAL CJS module singleton. Mutations here
+// are visible to all importers including ESM namespace imports, because
+// Node.js builtins expose a single shared exports object.
+const require = createRequire(import.meta.url);
+const http2 = require("node:http2");
+const EXECUTION_ID_HEADER = "x-stigmer-execution-id";
+const STIGMER_AUTH_HEADER = "x-stigmer-auth";
+let config = null;
+let originalConnect = http2.connect;
+// Tracks all wrapped proxy sessions for inter-activity lifecycle management.
+// Sessions are added on wrap and auto-removed on close.
+const proxySessions = new Set();
+/**
+ * Parses an authority (URL or host:port string) into hostname + port
+ * for comparison against the configured proxy endpoint.
+ */
+function parseAuthority(authority) {
+    try {
+        const url = authority instanceof URL ? authority : new URL(authority);
+        const port = url.port || (url.protocol === "https:" ? "443" : "80");
+        return { hostname: url.hostname, port };
+    }
+    catch {
+        return null;
+    }
+}
+function isProxyAuthority(authority) {
+    if (!config)
+        return false;
+    const parsed = parseAuthority(authority);
+    if (!parsed)
+        return false;
+    return parsed.hostname === config.proxyHostname && parsed.port === config.proxyPort;
+}
+/**
+ * Wraps a ClientHttp2Session's `request()` method to inject the
+ * execution ID header from the current AsyncLocalStorage context.
+ *
+ * HTTP/2 multiplexes multiple streams on a single connection, so
+ * different executions may share the same session. Reading from ALS
+ * at request() time (per-stream) is the correct approach.
+ */
+function wrapSession(session) {
+    proxySessions.add(session);
+    session.once("close", () => proxySessions.delete(session));
+    const originalRequest = session.request.bind(session);
+    session.request = function patchedRequest(headers, options) {
+        if (!config) {
+            return originalRequest(headers, options);
+        }
+        const ctx = getExecutionContext().getStore();
+        const augmented = {
+            ...headers,
+            [STIGMER_AUTH_HEADER]: `Bearer ${config.stigmerToken}`,
+        };
+        if (ctx?.executionId) {
+            augmented[EXECUTION_ID_HEADER] = ctx.executionId;
+        }
+        return originalRequest(augmented, options);
+    };
+    return session;
+}
+/**
+ * Install the HTTP/2 interceptor. Call once at startup, BEFORE importing
+ * @cursor/sdk.
+ *
+ * When proxyEndpoint is not provided, the interceptor is not installed
+ * and all http2.connect() calls pass through to the original.
+ */
+export function installHttp2Interceptor(opts) {
+    if (!opts.proxyEndpoint) {
+        return;
+    }
+    if (!opts.stigmerToken) {
+        return;
+    }
+    const parsed = parseAuthority(opts.proxyEndpoint);
+    if (!parsed) {
+        console.warn(`[http2-interceptor] Could not parse proxyEndpoint "${opts.proxyEndpoint}", skipping install`);
+        return;
+    }
+    config = { proxyHostname: parsed.hostname, proxyPort: parsed.port, stigmerToken: opts.stigmerToken };
+    originalConnect = http2.connect;
+    http2.connect = function patchedConnect(authority, optionsOrListener, listener) {
+        const isProxy = isProxyAuthority(authority);
+        const session = originalConnect.call(http2, authority, optionsOrListener, listener);
+        if (isProxy) {
+            return wrapSession(session);
+        }
+        return session;
+    };
+    console.log(`[http2-interceptor] Installed: Connect RPC streams to ${parsed.hostname}:${parsed.port} ` +
+        `will carry x-stigmer-auth + x-stigmer-execution-id`);
+}
+/**
+ * Verify the patch is visible to ESM namespace importers of `node:http2`
+ * (i.e. @connectrpc/connect-node). Call once at boot, immediately after
+ * {@link installHttp2Interceptor}.
+ *
+ * Unlike the CJS `require("node:http2")` singleton, the ESM namespace produced
+ * by `import * as http2 from "node:http2"` is snapshotted at the module's first
+ * import and frozen. If connect-node imported `node:http2` before the patch was
+ * applied, this namespace still exposes the ORIGINAL `connect`, so BiDi streams
+ * would silently omit `x-stigmer-auth` and hit HTTP 401. Importing the module
+ * here and comparing `ns.connect` against our patched `http2.connect` is the
+ * only honest check — comparing two `require()` views is tautological because
+ * they are the same object.
+ *
+ * No-op when the interceptor is not configured (no proxy/token), since there is
+ * nothing to patch in that case.
+ *
+ * @throws if the interceptor is configured but the ESM facade is unpatched —
+ * a load-order regression that must fail loudly at boot, not at request time.
+ */
+export async function assertHttp2ConnectPatched() {
+    if (!config) {
+        return;
+    }
+    const ns = await import("node:http2");
+    if (ns.connect !== http2.connect) {
+        throw new Error("[http2-interceptor] node:http2 ESM facade is unpatched: connect-node imported " +
+            "node:http2 before installHttp2Interceptor() ran, so its frozen namespace still " +
+            "holds the original http2.connect. BiDi streams would omit x-stigmer-auth and 401. " +
+            "Fix the load order: keep @connectrpc/connect-node out of the pre-install static " +
+            "module graph (load StigmerClient via dynamic import) and install this interceptor " +
+            "before resolving Temporal coordinates / importing @cursor/sdk. See bootstrap.ts " +
+            "and the runner factories.");
+    }
+}
+/**
+ * Update the auth token on the live interceptor config. Must be called
+ * whenever the Stigmer JWT is refreshed (e.g. via IPC updateToken) so
+ * that HTTP/2-intercepted streams use the current token instead of the
+ * one frozen at install time.
+ */
+export function updateHttp2InterceptorToken(token) {
+    if (config) {
+        config = { ...config, stigmerToken: token };
+    }
+}
+/**
+ * Remove the interceptor and restore the original http2.connect.
+ * Primarily for testing.
+ */
+export function uninstallHttp2Interceptor() {
+    config = null;
+    http2.connect = originalConnect;
+    proxySessions.clear();
+}
+/**
+ * Close all tracked HTTP/2 sessions to the proxy endpoint, forcing
+ * the SDK to establish a fresh connection on next use.
+ *
+ * Call between sequential workflow task activities to prevent a
+ * degraded session from one task poisoning the next. No-op when
+ * no sessions are tracked (e.g., first activity in a workflow).
+ */
+export function closeProxySessions() {
+    for (const session of proxySessions) {
+        if (!session.closed && !session.destroyed) {
+            session.close();
+        }
+    }
+    proxySessions.clear();
+}
+//# sourceMappingURL=http2-interceptor.js.map

package/dist/activities/execute-cursor/http2-interceptor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http2-interceptor.js","sourceRoot":"","sources":["../../../src/activities/execute-cursor/http2-interceptor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAE7D,uEAAuE;AACvE,wEAAwE;AACxE,0DAA0D;AAC1D,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,KAAK,GAAqB,OAAO,CAAC,YAAY,CAAC,CAAC;AAEtD,MAAM,mBAAmB,GAAG,wBAAwB,CAAC;AACrD,MAAM,mBAAmB,GAAG,gBAAgB,CAAC;AAQ7C,IAAI,MAAM,GAAkC,IAAI,CAAC;AACjD,IAAI,eAAe,GAAyB,KAAK,CAAC,OAAO,CAAC;AAE1D,6EAA6E;AAC7E,wDAAwD;AACxD,MAAM,aAAa,GAAG,IAAI,GAAG,EAAgC,CAAC;AAE9D;;;GAGG;AACH,SAAS,cAAc,CAAC,SAAuB;IAC7C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,YAAY,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QACtE,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACpE,OAAO,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,SAAuB;IAC/C,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,OAAO,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,SAAS,CAAC;AACtF,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,WAAW,CAAC,OAAqC;IACxD,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC3B,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IAE3D,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEtD,OAAO,CAAC,OAAO,GAAG,SAAS,cAAc,CACvC,OAAuC,EACvC,OAA+C;QAE/C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,GAAG,GAAG,mBAAmB,EAAE,CAAC,QAAQ,EAAE,CAAC;QAC7C,MAAM,SAAS,GAAkC;YAC/C,GAAG,OAAO;YACV,CAAC,mBAAmB,CAAC,EAAE,UAAU,MAAM,CAAC,YAAY,EAAE;SACvD,CAAC;QACF,IAAI,GAAG,EAAE,WAAW,EAAE,CAAC;YACrB,SAAS,CAAC,mBAAmB,CAAC,GAAG,GAAG,CAAC,WAAW,CAAC;QACnD,CAAC;QACD,OAAO,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC7C,CAA2B,CAAC;IAE5B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAGvC;IACC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QACxB,OAAO;IACT,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QACvB,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAClD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,CACV,sDAAsD,IAAI,CAAC,aAAa,qBAAqB,CAC9F,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,GAAG,EAAE,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;IACrG,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC;IAEhC,KAAK,CAAC,OAAO,GAAG,SAAS,cAAc,CACrC,SAAuB,EACvB,iBAAuB,EACvB,QAAc;QAEd,MAAM,OAAO,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,EAAE,SAAgB,EAAE,iBAAiB,EAAE,QAAQ,CAAC,CAAC;QAE3F,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,WAAW,CAAC,OAAO,CAAC,CAAC;QAC9B,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAyB,CAAC;IAE1B,OAAO,CAAC,GAAG,CACT,yDAAyD,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,GAAG;QACxF,oDAAoD,CACvD,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAC7C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;IACT,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IACtC,IAAI,EAAE,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,gFAAgF;YAC9E,iFAAiF;YACjF,oFAAoF;YACpF,kFAAkF;YAClF,oFAAoF;YACpF,kFAAkF;YAClF,2BAA2B,CAC9B,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CAAC,KAAa;IACvD,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;IAC9C,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,yBAAyB;IACvC,MAAM,GAAG,IAAI,CAAC;IACd,KAAK,CAAC,OAAO,GAAG,eAAe,CAAC;IAChC,aAAa,CAAC,KAAK,EAAE,CAAC;AACxB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB;IAChC,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YAC1C,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,CAAC;IACH,CAAC;IACD,aAAa,CAAC,KAAK,EAAE,CAAC;AACxB,CAAC"}

package/dist/activities/execute-cursor/index.d.ts ADDED Viewed

@@ -0,0 +1,67 @@
+/**
+ * ExecuteCursor Temporal activity — the core of the cursor-runner service.
+ *
+ * Implements the same Slim-Payload Pattern as ExecuteGraphton:
+ * - Receives only executionId + harnessStateId (Cursor agentId)
+ * - Hydrates execution from DB via gRPC
+ * - Resolves full agent blueprint (instructions, MCP servers, skills, sub-agents)
+ * - Runs the Cursor agent, streams events, reports status
+ * - Returns slim AgentExecutionStatus to workflow
+ *
+ * Durable HITL Model:
+ * When a tool requires approval, the preToolUse hook denies it. The activity
+ * captures the denied tool details, reports WAITING_FOR_APPROVAL, and RETURNS
+ * to the workflow. The workflow waits for the approvalGateResolved signal,
+ * then reinvokes this activity. On reinvocation, the activity resumes the
+ * Cursor Agent and prompts it to execute the approved tool.
+ *
+ * This is identical to the LangGraph flow from the workflow's perspective.
+ *
+ * Durable Continuation Model:
+ * Conversation continuity is carried by the Cursor SDK's native local agent
+ * state, whose SQLite store is persisted on the durable workspace volume
+ * (see resolvePlatformOptions) so Agent.resume() survives pod restart,
+ * reschedule, and snapshot restore. When resume fails (store lost/corrupted
+ * or agent unknown), resolveAgent() creates a fresh agent and the next turn
+ * starts from the user message plus re-injected instructions.
+ */
+import { InteractionMode, ApprovalAction } from "@stigmer/protos/ai/stigmer/agentic/agentexecution/v1/enum_pb";
+import type { Config } from "../../config.js";
+import type { AgentResolution } from "./session-lifecycle.js";
+/**
+ * Creates the activity functions bound to the runner config.
+ * Returned object is passed to Temporal Worker.create({ activities }).
+ */
+export declare function createCursorActivities(config: Config): {
+    ExecuteCursor: (executionId: string, threadId: string) => Promise<unknown>;
+};
+export interface BuildPromptInput {
+    resolution: AgentResolution;
+    approvalDecisions: Map<string, ApprovalAction> | undefined;
+    instructions: string;
+    userMessage: string;
+    skills: import("./prompt-builder.js").SkillMetadata[];
+    subAgents: import("@stigmer/protos/ai/stigmer/agentic/agent/v1/spec_pb").SubAgent[];
+    workspaceDirs: string[];
+    workspaceFileRefs: string[];
+    attachmentPaths: string[];
+    pendingApprovals: import("@stigmer/protos/ai/stigmer/agentic/agentexecution/v1/approval_pb").PendingApproval[];
+    interactionMode?: InteractionMode;
+}
+/**
+ * Select and build the appropriate prompt based on resolution reason and
+ * HITL state.
+ *
+ * Conversation continuation is carried entirely by the Cursor SDK's native
+ * agent state (the local SQLite store persisted on the durable workspace
+ * volume, or cloud server-side state) — there is no separate continuation
+ * store. The prompt therefore depends only on how the agent was resolved:
+ *
+ * 1. HITL reinvocation        -> buildReinvocationPrompt (approval decisions;
+ *                                 the resumed agent's native context carries
+ *                                 the prior conversation)
+ * 2. resumed_successfully      -> raw userMessage (native context carries it)
+ * 3. first execution / fresh   -> buildEnhancedPrompt (full instructions +
+ *    agent after resume failure   skills; no prior conversation to inherit)
+ */
+export declare function buildPrompt(input: BuildPromptInput): string;