npm - @stigmer/runner - Versions diffs - 3.0.1 - Mend

@stigmer/runner 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (904) hide show

package/README.md +212 -0
package/dist/.build-fingerprint +1 -0
package/dist/activities/call-agent-status.d.ts +37 -0
package/dist/activities/call-agent-status.js +91 -0
package/dist/activities/call-agent-status.js.map +1 -0
package/dist/activities/call-agent.d.ts +25 -0
package/dist/activities/call-agent.js +233 -0
package/dist/activities/call-agent.js.map +1 -0
package/dist/activities/call-eval.d.ts +50 -0
package/dist/activities/call-eval.js +244 -0
package/dist/activities/call-eval.js.map +1 -0
package/dist/activities/call-function.d.ts +21 -0
package/dist/activities/call-function.js +54 -0
package/dist/activities/call-function.js.map +1 -0
package/dist/activities/call-grpc.d.ts +22 -0
package/dist/activities/call-grpc.js +101 -0
package/dist/activities/call-grpc.js.map +1 -0
package/dist/activities/call-http.d.ts +32 -0
package/dist/activities/call-http.js +134 -0
package/dist/activities/call-http.js.map +1 -0
package/dist/activities/call-llm.d.ts +39 -0
package/dist/activities/call-llm.js +260 -0
package/dist/activities/call-llm.js.map +1 -0
package/dist/activities/call-transform.d.ts +20 -0
package/dist/activities/call-transform.js +33 -0
package/dist/activities/call-transform.js.map +1 -0
package/dist/activities/call-validate.d.ts +41 -0
package/dist/activities/call-validate.js +163 -0
package/dist/activities/call-validate.js.map +1 -0
package/dist/activities/classify-tool-approvals.d.ts +47 -0
package/dist/activities/classify-tool-approvals.js +207 -0
package/dist/activities/classify-tool-approvals.js.map +1 -0
package/dist/activities/discover-mcp-server.d.ts +65 -0
package/dist/activities/discover-mcp-server.js +269 -0
package/dist/activities/discover-mcp-server.js.map +1 -0
package/dist/activities/emit-event.d.ts +46 -0
package/dist/activities/emit-event.js +125 -0
package/dist/activities/emit-event.js.map +1 -0
package/dist/activities/ensure-thread.d.ts +24 -0
package/dist/activities/ensure-thread.js +44 -0
package/dist/activities/ensure-thread.js.map +1 -0
package/dist/activities/evaluate-expressions.d.ts +21 -0
package/dist/activities/evaluate-expressions.js +39 -0
package/dist/activities/evaluate-expressions.js.map +1 -0
package/dist/activities/execute-cursor/approval-policy.d.ts +104 -0
package/dist/activities/execute-cursor/approval-policy.js +193 -0
package/dist/activities/execute-cursor/approval-policy.js.map +1 -0
package/dist/activities/execute-cursor/approval-state.d.ts +157 -0
package/dist/activities/execute-cursor/approval-state.js +223 -0
package/dist/activities/execute-cursor/approval-state.js.map +1 -0
package/dist/activities/execute-cursor/attachment-resolver.d.ts +19 -0
package/dist/activities/execute-cursor/attachment-resolver.js +52 -0
package/dist/activities/execute-cursor/attachment-resolver.js.map +1 -0
package/dist/activities/execute-cursor/blueprint-resolver.d.ts +66 -0
package/dist/activities/execute-cursor/blueprint-resolver.js +169 -0
package/dist/activities/execute-cursor/blueprint-resolver.js.map +1 -0
package/dist/activities/execute-cursor/connect-backfill.d.ts +18 -0
package/dist/activities/execute-cursor/connect-backfill.js +27 -0
package/dist/activities/execute-cursor/connect-backfill.js.map +1 -0
package/dist/activities/execute-cursor/cursor-event-recorder.d.ts +24 -0
package/dist/activities/execute-cursor/cursor-event-recorder.js +66 -0
package/dist/activities/execute-cursor/cursor-event-recorder.js.map +1 -0
package/dist/activities/execute-cursor/cursor-mode.d.ts +32 -0
package/dist/activities/execute-cursor/cursor-mode.js +36 -0
package/dist/activities/execute-cursor/cursor-mode.js.map +1 -0
package/dist/activities/execute-cursor/delta-enricher.d.ts +87 -0
package/dist/activities/execute-cursor/delta-enricher.js +265 -0
package/dist/activities/execute-cursor/delta-enricher.js.map +1 -0
package/dist/activities/execute-cursor/env-resolver.d.ts +19 -0
package/dist/activities/execute-cursor/env-resolver.js +47 -0
package/dist/activities/execute-cursor/env-resolver.js.map +1 -0
package/dist/activities/execute-cursor/error-classifier.d.ts +73 -0
package/dist/activities/execute-cursor/error-classifier.js +185 -0
package/dist/activities/execute-cursor/error-classifier.js.map +1 -0
package/dist/activities/execute-cursor/fetch-interceptor.d.ts +59 -0
package/dist/activities/execute-cursor/fetch-interceptor.js +317 -0
package/dist/activities/execute-cursor/fetch-interceptor.js.map +1 -0
package/dist/activities/execute-cursor/hitl-diagnostics.d.ts +32 -0
package/dist/activities/execute-cursor/hitl-diagnostics.js +73 -0
package/dist/activities/execute-cursor/hitl-diagnostics.js.map +1 -0
package/dist/activities/execute-cursor/hook-script.d.ts +47 -0
package/dist/activities/execute-cursor/hook-script.js +156 -0
package/dist/activities/execute-cursor/hook-script.js.map +1 -0
package/dist/activities/execute-cursor/http2-interceptor.d.ts +94 -0
package/dist/activities/execute-cursor/http2-interceptor.js +209 -0
package/dist/activities/execute-cursor/http2-interceptor.js.map +1 -0
package/dist/activities/execute-cursor/index.d.ts +67 -0
package/dist/activities/execute-cursor/index.js +1176 -0
package/dist/activities/execute-cursor/index.js.map +1 -0
package/dist/activities/execute-cursor/mcp-config.d.ts +30 -0
package/dist/activities/execute-cursor/mcp-config.js +39 -0
package/dist/activities/execute-cursor/mcp-config.js.map +1 -0
package/dist/activities/execute-cursor/mcp-resolver.d.ts +91 -0
package/dist/activities/execute-cursor/mcp-resolver.js +178 -0
package/dist/activities/execute-cursor/mcp-resolver.js.map +1 -0
package/dist/activities/execute-cursor/message-translator.d.ts +211 -0
package/dist/activities/execute-cursor/message-translator.js +786 -0
package/dist/activities/execute-cursor/message-translator.js.map +1 -0
package/dist/activities/execute-cursor/model-pricing-data.d.ts +40 -0
package/dist/activities/execute-cursor/model-pricing-data.js +114 -0
package/dist/activities/execute-cursor/model-pricing-data.js.map +1 -0
package/dist/activities/execute-cursor/model-pricing.d.ts +42 -0
package/dist/activities/execute-cursor/model-pricing.js +141 -0
package/dist/activities/execute-cursor/model-pricing.js.map +1 -0
package/dist/activities/execute-cursor/placeholder-resolver.d.ts +34 -0
package/dist/activities/execute-cursor/placeholder-resolver.js +82 -0
package/dist/activities/execute-cursor/placeholder-resolver.js.map +1 -0
package/dist/activities/execute-cursor/prompt-builder.d.ts +80 -0
package/dist/activities/execute-cursor/prompt-builder.js +280 -0
package/dist/activities/execute-cursor/prompt-builder.js.map +1 -0
package/dist/activities/execute-cursor/rejection-capture.d.ts +30 -0
package/dist/activities/execute-cursor/rejection-capture.js +80 -0
package/dist/activities/execute-cursor/rejection-capture.js.map +1 -0
package/dist/activities/execute-cursor/session-lifecycle.d.ts +189 -0
package/dist/activities/execute-cursor/session-lifecycle.js +285 -0
package/dist/activities/execute-cursor/session-lifecycle.js.map +1 -0
package/dist/activities/execute-cursor/skill-resolver.d.ts +29 -0
package/dist/activities/execute-cursor/skill-resolver.js +134 -0
package/dist/activities/execute-cursor/skill-resolver.js.map +1 -0
package/dist/activities/execute-cursor/subagent-config.d.ts +34 -0
package/dist/activities/execute-cursor/subagent-config.js +55 -0
package/dist/activities/execute-cursor/subagent-config.js.map +1 -0
package/dist/activities/execute-cursor/todo-tracker.d.ts +35 -0
package/dist/activities/execute-cursor/todo-tracker.js +108 -0
package/dist/activities/execute-cursor/todo-tracker.js.map +1 -0
package/dist/activities/execute-cursor/usage-accumulator.d.ts +55 -0
package/dist/activities/execute-cursor/usage-accumulator.js +89 -0
package/dist/activities/execute-cursor/usage-accumulator.js.map +1 -0
package/dist/activities/execute-cursor/workspace-provision.d.ts +22 -0
package/dist/activities/execute-cursor/workspace-provision.js +37 -0
package/dist/activities/execute-cursor/workspace-provision.js.map +1 -0
package/dist/activities/execute-cursor/workspace-setup.d.ts +27 -0
package/dist/activities/execute-cursor/workspace-setup.js +61 -0
package/dist/activities/execute-cursor/workspace-setup.js.map +1 -0
package/dist/activities/execute-deep-agent/__test-utils__/v3-event-fixtures.d.ts +71 -0
package/dist/activities/execute-deep-agent/__test-utils__/v3-event-fixtures.js +182 -0
package/dist/activities/execute-deep-agent/__test-utils__/v3-event-fixtures.js.map +1 -0
package/dist/activities/execute-deep-agent/attachment-injector.d.ts +67 -0
package/dist/activities/execute-deep-agent/attachment-injector.js +306 -0
package/dist/activities/execute-deep-agent/attachment-injector.js.map +1 -0
package/dist/activities/execute-deep-agent/auto-publish.d.ts +17 -0
package/dist/activities/execute-deep-agent/auto-publish.js +71 -0
package/dist/activities/execute-deep-agent/auto-publish.js.map +1 -0
package/dist/activities/execute-deep-agent/environment.d.ts +24 -0
package/dist/activities/execute-deep-agent/environment.js +50 -0
package/dist/activities/execute-deep-agent/environment.js.map +1 -0
package/dist/activities/execute-deep-agent/event-recorder.d.ts +21 -0
package/dist/activities/execute-deep-agent/event-recorder.js +67 -0
package/dist/activities/execute-deep-agent/event-recorder.js.map +1 -0
package/dist/activities/execute-deep-agent/execution-state.d.ts +61 -0
package/dist/activities/execute-deep-agent/execution-state.js +76 -0
package/dist/activities/execute-deep-agent/execution-state.js.map +1 -0
package/dist/activities/execute-deep-agent/execution-status-writer.d.ts +17 -0
package/dist/activities/execute-deep-agent/execution-status-writer.js +9 -0
package/dist/activities/execute-deep-agent/execution-status-writer.js.map +1 -0
package/dist/activities/execute-deep-agent/hitl.d.ts +58 -0
package/dist/activities/execute-deep-agent/hitl.js +155 -0
package/dist/activities/execute-deep-agent/hitl.js.map +1 -0
package/dist/activities/execute-deep-agent/index.d.ts +14 -0
package/dist/activities/execute-deep-agent/index.js +286 -0
package/dist/activities/execute-deep-agent/index.js.map +1 -0
package/dist/activities/execute-deep-agent/inline-publisher.d.ts +36 -0
package/dist/activities/execute-deep-agent/inline-publisher.js +105 -0
package/dist/activities/execute-deep-agent/inline-publisher.js.map +1 -0
package/dist/activities/execute-deep-agent/post-stream.d.ts +23 -0
package/dist/activities/execute-deep-agent/post-stream.js +71 -0
package/dist/activities/execute-deep-agent/post-stream.js.map +1 -0
package/dist/activities/execute-deep-agent/prompt-builder.d.ts +27 -0
package/dist/activities/execute-deep-agent/prompt-builder.js +200 -0
package/dist/activities/execute-deep-agent/prompt-builder.js.map +1 -0
package/dist/activities/execute-deep-agent/setup.d.ts +55 -0
package/dist/activities/execute-deep-agent/setup.js +411 -0
package/dist/activities/execute-deep-agent/setup.js.map +1 -0
package/dist/activities/execute-deep-agent/status-builder-shared.d.ts +39 -0
package/dist/activities/execute-deep-agent/status-builder-shared.js +120 -0
package/dist/activities/execute-deep-agent/status-builder-shared.js.map +1 -0
package/dist/activities/execute-deep-agent/status-builder.d.ts +81 -0
package/dist/activities/execute-deep-agent/status-builder.js +312 -0
package/dist/activities/execute-deep-agent/status-builder.js.map +1 -0
package/dist/activities/execute-deep-agent/streaming-scheduler.d.ts +60 -0
package/dist/activities/execute-deep-agent/streaming-scheduler.js +114 -0
package/dist/activities/execute-deep-agent/streaming-scheduler.js.map +1 -0
package/dist/activities/execute-deep-agent/streaming-side-effects.d.ts +22 -0
package/dist/activities/execute-deep-agent/streaming-side-effects.js +83 -0
package/dist/activities/execute-deep-agent/streaming-side-effects.js.map +1 -0
package/dist/activities/execute-deep-agent/streaming-terminal.d.ts +12 -0
package/dist/activities/execute-deep-agent/streaming-terminal.js +71 -0
package/dist/activities/execute-deep-agent/streaming-terminal.js.map +1 -0
package/dist/activities/execute-deep-agent/streaming-v3.d.ts +13 -0
package/dist/activities/execute-deep-agent/streaming-v3.js +170 -0
package/dist/activities/execute-deep-agent/streaming-v3.js.map +1 -0
package/dist/activities/execute-deep-agent/streaming.d.ts +66 -0
package/dist/activities/execute-deep-agent/streaming.js +169 -0
package/dist/activities/execute-deep-agent/streaming.js.map +1 -0
package/dist/activities/execute-deep-agent/subagent-tracker.d.ts +90 -0
package/dist/activities/execute-deep-agent/subagent-tracker.js +364 -0
package/dist/activities/execute-deep-agent/subagent-tracker.js.map +1 -0
package/dist/activities/execute-deep-agent/subagent-transformer.d.ts +150 -0
package/dist/activities/execute-deep-agent/subagent-transformer.js +450 -0
package/dist/activities/execute-deep-agent/subagent-transformer.js.map +1 -0
package/dist/activities/execute-deep-agent/subagent-wiring.d.ts +28 -0
package/dist/activities/execute-deep-agent/subagent-wiring.js +40 -0
package/dist/activities/execute-deep-agent/subagent-wiring.js.map +1 -0
package/dist/activities/execute-deep-agent/v3-event-recorder.d.ts +31 -0
package/dist/activities/execute-deep-agent/v3-event-recorder.js +71 -0
package/dist/activities/execute-deep-agent/v3-event-recorder.js.map +1 -0
package/dist/activities/execute-deep-agent/v3-events.d.ts +102 -0
package/dist/activities/execute-deep-agent/v3-events.js +35 -0
package/dist/activities/execute-deep-agent/v3-events.js.map +1 -0
package/dist/activities/execute-deep-agent/v3-protocol-normalizer.d.ts +15 -0
package/dist/activities/execute-deep-agent/v3-protocol-normalizer.js +235 -0
package/dist/activities/execute-deep-agent/v3-protocol-normalizer.js.map +1 -0
package/dist/activities/execute-deep-agent/v3-status-builder.d.ts +68 -0
package/dist/activities/execute-deep-agent/v3-status-builder.js +394 -0
package/dist/activities/execute-deep-agent/v3-status-builder.js.map +1 -0
package/dist/activities/execute-deep-agent/writeback-coordinator.d.ts +71 -0
package/dist/activities/execute-deep-agent/writeback-coordinator.js +295 -0
package/dist/activities/execute-deep-agent/writeback-coordinator.js.map +1 -0
package/dist/activities/hydrate-workflow-execution.d.ts +32 -0
package/dist/activities/hydrate-workflow-execution.js +212 -0
package/dist/activities/hydrate-workflow-execution.js.map +1 -0
package/dist/activities/notification.d.ts +19 -0
package/dist/activities/notification.js +47 -0
package/dist/activities/notification.js.map +1 -0
package/dist/activities/promote-task-output.d.ts +38 -0
package/dist/activities/promote-task-output.js +90 -0
package/dist/activities/promote-task-output.js.map +1 -0
package/dist/activities/run-command.d.ts +15 -0
package/dist/activities/run-command.js +123 -0
package/dist/activities/run-command.js.map +1 -0
package/dist/activities/workflow-event-activities.d.ts +48 -0
package/dist/activities/workflow-event-activities.js +415 -0
package/dist/activities/workflow-event-activities.js.map +1 -0
package/dist/bootstrap.d.ts +80 -0
package/dist/bootstrap.js +114 -0
package/dist/bootstrap.js.map +1 -0
package/dist/budget/index.d.ts +1 -0
package/dist/budget/index.js +2 -0
package/dist/budget/index.js.map +1 -0
package/dist/budget/tracker.d.ts +52 -0
package/dist/budget/tracker.js +123 -0
package/dist/budget/tracker.js.map +1 -0
package/dist/claimcheck/compressor.d.ts +2 -0
package/dist/claimcheck/compressor.js +8 -0
package/dist/claimcheck/compressor.js.map +1 -0
package/dist/claimcheck/config.d.ts +7 -0
package/dist/claimcheck/config.js +10 -0
package/dist/claimcheck/config.js.map +1 -0
package/dist/claimcheck/index.d.ts +3 -0
package/dist/claimcheck/index.js +4 -0
package/dist/claimcheck/index.js.map +1 -0
package/dist/claimcheck/payload-codec.d.ts +23 -0
package/dist/claimcheck/payload-codec.js +81 -0
package/dist/claimcheck/payload-codec.js.map +1 -0
package/dist/client/server-contracts.d.ts +52 -0
package/dist/client/server-contracts.js +72 -0
package/dist/client/server-contracts.js.map +1 -0
package/dist/client/stigmer-client.d.ts +131 -0
package/dist/client/stigmer-client.js +239 -0
package/dist/client/stigmer-client.js.map +1 -0
package/dist/config.d.ts +64 -0
package/dist/config.js +123 -0
package/dist/config.js.map +1 -0
package/dist/idle-watchdog.d.ts +11 -0
package/dist/idle-watchdog.js +24 -0
package/dist/idle-watchdog.js.map +1 -0
package/dist/index.d.ts +43 -0
package/dist/index.js +42 -0
package/dist/index.js.map +1 -0
package/dist/interceptors/workflow-metrics-sink.d.ts +11 -0
package/dist/interceptors/workflow-metrics-sink.js +51 -0
package/dist/interceptors/workflow-metrics-sink.js.map +1 -0
package/dist/ipc-protocol-fixtures.d.ts +32 -0
package/dist/ipc-protocol-fixtures.js +69 -0
package/dist/ipc-protocol-fixtures.js.map +1 -0
package/dist/ipc-protocol.d.ts +60 -0
package/dist/ipc-protocol.js +19 -0
package/dist/ipc-protocol.js.map +1 -0
package/dist/main.d.ts +19 -0
package/dist/main.js +292 -0
package/dist/main.js.map +1 -0
package/dist/middleware/approval-gate.d.ts +30 -0
package/dist/middleware/approval-gate.js +125 -0
package/dist/middleware/approval-gate.js.map +1 -0
package/dist/middleware/cost-cap.d.ts +22 -0
package/dist/middleware/cost-cap.js +159 -0
package/dist/middleware/cost-cap.js.map +1 -0
package/dist/middleware/error-hints.d.ts +27 -0
package/dist/middleware/error-hints.js +116 -0
package/dist/middleware/error-hints.js.map +1 -0
package/dist/middleware/execution-budget.d.ts +20 -0
package/dist/middleware/execution-budget.js +151 -0
package/dist/middleware/execution-budget.js.map +1 -0
package/dist/middleware/graceful-stop.d.ts +17 -0
package/dist/middleware/graceful-stop.js +63 -0
package/dist/middleware/graceful-stop.js.map +1 -0
package/dist/middleware/index.d.ts +27 -0
package/dist/middleware/index.js +45 -0
package/dist/middleware/index.js.map +1 -0
package/dist/middleware/loop-detection.d.ts +14 -0
package/dist/middleware/loop-detection.js +156 -0
package/dist/middleware/loop-detection.js.map +1 -0
package/dist/middleware/otel-spans.d.ts +11 -0
package/dist/middleware/otel-spans.js +177 -0
package/dist/middleware/otel-spans.js.map +1 -0
package/dist/middleware/think-tool.d.ts +23 -0
package/dist/middleware/think-tool.js +33 -0
package/dist/middleware/think-tool.js.map +1 -0
package/dist/middleware/tool-truncation.d.ts +16 -0
package/dist/middleware/tool-truncation.js +67 -0
package/dist/middleware/tool-truncation.js.map +1 -0
package/dist/middleware/types.d.ts +100 -0
package/dist/middleware/types.js +9 -0
package/dist/middleware/types.js.map +1 -0
package/dist/notification/index.d.ts +2 -0
package/dist/notification/index.js +6 -0
package/dist/notification/index.js.map +1 -0
package/dist/notification/provider.d.ts +29 -0
package/dist/notification/provider.js +25 -0
package/dist/notification/provider.js.map +1 -0
package/dist/notification/webhook.d.ts +13 -0
package/dist/notification/webhook.js +55 -0
package/dist/notification/webhook.js.map +1 -0
package/dist/otel-metrics.d.ts +21 -0
package/dist/otel-metrics.js +54 -0
package/dist/otel-metrics.js.map +1 -0
package/dist/otel.d.ts +57 -0
package/dist/otel.js +164 -0
package/dist/otel.js.map +1 -0
package/dist/runner-manager.d.ts +113 -0
package/dist/runner-manager.js +412 -0
package/dist/runner-manager.js.map +1 -0
package/dist/runner-token-coordinator.d.ts +56 -0
package/dist/runner-token-coordinator.js +84 -0
package/dist/runner-token-coordinator.js.map +1 -0
package/dist/runner.d.ts +104 -0
package/dist/runner.js +234 -0
package/dist/runner.js.map +1 -0
package/dist/shared/approval-policy.d.ts +45 -0
package/dist/shared/approval-policy.js +122 -0
package/dist/shared/approval-policy.js.map +1 -0
package/dist/shared/artifact-storage.d.ts +44 -0
package/dist/shared/artifact-storage.js +162 -0
package/dist/shared/artifact-storage.js.map +1 -0
package/dist/shared/checkpointer/factory.d.ts +28 -0
package/dist/shared/checkpointer/factory.js +55 -0
package/dist/shared/checkpointer/factory.js.map +1 -0
package/dist/shared/checkpointer/http-saver.d.ts +34 -0
package/dist/shared/checkpointer/http-saver.js +274 -0
package/dist/shared/checkpointer/http-saver.js.map +1 -0
package/dist/shared/checkpointer/types.d.ts +12 -0
package/dist/shared/checkpointer/types.js +2 -0
package/dist/shared/checkpointer/types.js.map +1 -0
package/dist/shared/connect-backfill.d.ts +58 -0
package/dist/shared/connect-backfill.js +119 -0
package/dist/shared/connect-backfill.js.map +1 -0
package/dist/shared/extract-json.d.ts +26 -0
package/dist/shared/extract-json.js +140 -0
package/dist/shared/extract-json.js.map +1 -0
package/dist/shared/grpc-retry.d.ts +35 -0
package/dist/shared/grpc-retry.js +78 -0
package/dist/shared/grpc-retry.js.map +1 -0
package/dist/shared/heartbeat.d.ts +22 -0
package/dist/shared/heartbeat.js +55 -0
package/dist/shared/heartbeat.js.map +1 -0
package/dist/shared/json-schema-to-zod.d.ts +13 -0
package/dist/shared/json-schema-to-zod.js +49 -0
package/dist/shared/json-schema-to-zod.js.map +1 -0
package/dist/shared/llm-proxy.d.ts +57 -0
package/dist/shared/llm-proxy.js +116 -0
package/dist/shared/llm-proxy.js.map +1 -0
package/dist/shared/mcp-manager.d.ts +47 -0
package/dist/shared/mcp-manager.js +118 -0
package/dist/shared/mcp-manager.js.map +1 -0
package/dist/shared/mcp-resolver.d.ts +41 -0
package/dist/shared/mcp-resolver.js +96 -0
package/dist/shared/mcp-resolver.js.map +1 -0
package/dist/shared/model-pricing-data.d.ts +18 -0
package/dist/shared/model-pricing-data.js +78 -0
package/dist/shared/model-pricing-data.js.map +1 -0
package/dist/shared/model-pricing.d.ts +24 -0
package/dist/shared/model-pricing.js +58 -0
package/dist/shared/model-pricing.js.map +1 -0
package/dist/shared/model-registry.d.ts +55 -0
package/dist/shared/model-registry.js +178 -0
package/dist/shared/model-registry.js.map +1 -0
package/dist/shared/placeholder-resolver.d.ts +27 -0
package/dist/shared/placeholder-resolver.js +75 -0
package/dist/shared/placeholder-resolver.js.map +1 -0
package/dist/shared/plan-artifact.d.ts +56 -0
package/dist/shared/plan-artifact.js +98 -0
package/dist/shared/plan-artifact.js.map +1 -0
package/dist/shared/skill-relevance.d.ts +65 -0
package/dist/shared/skill-relevance.js +175 -0
package/dist/shared/skill-relevance.js.map +1 -0
package/dist/shared/skill-writer.d.ts +73 -0
package/dist/shared/skill-writer.js +230 -0
package/dist/shared/skill-writer.js.map +1 -0
package/dist/shared/status.d.ts +37 -0
package/dist/shared/status.js +73 -0
package/dist/shared/status.js.map +1 -0
package/dist/shared/subagent-gate.d.ts +41 -0
package/dist/shared/subagent-gate.js +93 -0
package/dist/shared/subagent-gate.js.map +1 -0
package/dist/shared/tool-kind.d.ts +22 -0
package/dist/shared/tool-kind.js +79 -0
package/dist/shared/tool-kind.js.map +1 -0
package/dist/shared/workspace/file-tree.d.ts +13 -0
package/dist/shared/workspace/file-tree.js +101 -0
package/dist/shared/workspace/file-tree.js.map +1 -0
package/dist/shared/workspace/local-backend.d.ts +41 -0
package/dist/shared/workspace/local-backend.js +113 -0
package/dist/shared/workspace/local-backend.js.map +1 -0
package/dist/shared/workspace/platform-dir.d.ts +25 -0
package/dist/shared/workspace/platform-dir.js +36 -0
package/dist/shared/workspace/platform-dir.js.map +1 -0
package/dist/shared/workspace/platform-mount.d.ts +95 -0
package/dist/shared/workspace/platform-mount.js +157 -0
package/dist/shared/workspace/platform-mount.js.map +1 -0
package/dist/shared/workspace/provisioner.d.ts +47 -0
package/dist/shared/workspace/provisioner.js +84 -0
package/dist/shared/workspace/provisioner.js.map +1 -0
package/dist/shared/workspace/sources/empty.d.ts +8 -0
package/dist/shared/workspace/sources/empty.js +18 -0
package/dist/shared/workspace/sources/empty.js.map +1 -0
package/dist/shared/workspace/sources/git.d.ts +22 -0
package/dist/shared/workspace/sources/git.js +207 -0
package/dist/shared/workspace/sources/git.js.map +1 -0
package/dist/shared/workspace/sources/local-path.d.ts +17 -0
package/dist/shared/workspace/sources/local-path.js +57 -0
package/dist/shared/workspace/sources/local-path.js.map +1 -0
package/dist/shared/workspace/types.d.ts +58 -0
package/dist/shared/workspace/types.js +25 -0
package/dist/shared/workspace/types.js.map +1 -0
package/dist/shared/zip-extract.d.ts +30 -0
package/dist/shared/zip-extract.js +150 -0
package/dist/shared/zip-extract.js.map +1 -0
package/dist/worker.d.ts +27 -0
package/dist/worker.js +65 -0
package/dist/worker.js.map +1 -0
package/dist/workflow-engine/clone.d.ts +11 -0
package/dist/workflow-engine/clone.js +21 -0
package/dist/workflow-engine/clone.js.map +1 -0
package/dist/workflow-engine/do-executor.d.ts +27 -0
package/dist/workflow-engine/do-executor.js +418 -0
package/dist/workflow-engine/do-executor.js.map +1 -0
package/dist/workflow-engine/duration.d.ts +12 -0
package/dist/workflow-engine/duration.js +25 -0
package/dist/workflow-engine/duration.js.map +1 -0
package/dist/workflow-engine/error-utils.d.ts +42 -0
package/dist/workflow-engine/error-utils.js +77 -0
package/dist/workflow-engine/error-utils.js.map +1 -0
package/dist/workflow-engine/errors.d.ts +46 -0
package/dist/workflow-engine/errors.js +105 -0
package/dist/workflow-engine/errors.js.map +1 -0
package/dist/workflow-engine/expression-utils.d.ts +60 -0
package/dist/workflow-engine/expression-utils.js +108 -0
package/dist/workflow-engine/expression-utils.js.map +1 -0
package/dist/workflow-engine/expression.d.ts +132 -0
package/dist/workflow-engine/expression.js +366 -0
package/dist/workflow-engine/expression.js.map +1 -0
package/dist/workflow-engine/loader.d.ts +23 -0
package/dist/workflow-engine/loader.js +429 -0
package/dist/workflow-engine/loader.js.map +1 -0
package/dist/workflow-engine/recovery.d.ts +53 -0
package/dist/workflow-engine/recovery.js +46 -0
package/dist/workflow-engine/recovery.js.map +1 -0
package/dist/workflow-engine/resolve.d.ts +83 -0
package/dist/workflow-engine/resolve.js +257 -0
package/dist/workflow-engine/resolve.js.map +1 -0
package/dist/workflow-engine/retry.d.ts +30 -0
package/dist/workflow-engine/retry.js +97 -0
package/dist/workflow-engine/retry.js.map +1 -0
package/dist/workflow-engine/state.d.ts +26 -0
package/dist/workflow-engine/state.js +49 -0
package/dist/workflow-engine/state.js.map +1 -0
package/dist/workflow-engine/task-factory.d.ts +20 -0
package/dist/workflow-engine/task-factory.js +133 -0
package/dist/workflow-engine/task-factory.js.map +1 -0
package/dist/workflow-engine/task-status-accumulator.d.ts +59 -0
package/dist/workflow-engine/task-status-accumulator.js +164 -0
package/dist/workflow-engine/task-status-accumulator.js.map +1 -0
package/dist/workflow-engine/tasks/call-agent-output.d.ts +26 -0
package/dist/workflow-engine/tasks/call-agent-output.js +109 -0
package/dist/workflow-engine/tasks/call-agent-output.js.map +1 -0
package/dist/workflow-engine/tasks/call-agent.d.ts +31 -0
package/dist/workflow-engine/tasks/call-agent.js +161 -0
package/dist/workflow-engine/tasks/call-agent.js.map +1 -0
package/dist/workflow-engine/tasks/call-function.d.ts +19 -0
package/dist/workflow-engine/tasks/call-function.js +64 -0
package/dist/workflow-engine/tasks/call-function.js.map +1 -0
package/dist/workflow-engine/tasks/call-grpc.d.ts +15 -0
package/dist/workflow-engine/tasks/call-grpc.js +27 -0
package/dist/workflow-engine/tasks/call-grpc.js.map +1 -0
package/dist/workflow-engine/tasks/call-http.d.ts +19 -0
package/dist/workflow-engine/tasks/call-http.js +31 -0
package/dist/workflow-engine/tasks/call-http.js.map +1 -0
package/dist/workflow-engine/tasks/for.d.ts +39 -0
package/dist/workflow-engine/tasks/for.js +154 -0
package/dist/workflow-engine/tasks/for.js.map +1 -0
package/dist/workflow-engine/tasks/fork.d.ts +42 -0
package/dist/workflow-engine/tasks/fork.js +142 -0
package/dist/workflow-engine/tasks/fork.js.map +1 -0
package/dist/workflow-engine/tasks/human-input.d.ts +33 -0
package/dist/workflow-engine/tasks/human-input.js +109 -0
package/dist/workflow-engine/tasks/human-input.js.map +1 -0
package/dist/workflow-engine/tasks/listen.d.ts +34 -0
package/dist/workflow-engine/tasks/listen.js +119 -0
package/dist/workflow-engine/tasks/listen.js.map +1 -0
package/dist/workflow-engine/tasks/raise.d.ts +18 -0
package/dist/workflow-engine/tasks/raise.js +60 -0
package/dist/workflow-engine/tasks/raise.js.map +1 -0
package/dist/workflow-engine/tasks/run.d.ts +39 -0
package/dist/workflow-engine/tasks/run.js +114 -0
package/dist/workflow-engine/tasks/run.js.map +1 -0
package/dist/workflow-engine/tasks/set.d.ts +15 -0
package/dist/workflow-engine/tasks/set.js +31 -0
package/dist/workflow-engine/tasks/set.js.map +1 -0
package/dist/workflow-engine/tasks/switch.d.ts +25 -0
package/dist/workflow-engine/tasks/switch.js +76 -0
package/dist/workflow-engine/tasks/switch.js.map +1 -0
package/dist/workflow-engine/tasks/try.d.ts +49 -0
package/dist/workflow-engine/tasks/try.js +189 -0
package/dist/workflow-engine/tasks/try.js.map +1 -0
package/dist/workflow-engine/tasks/wait.d.ts +24 -0
package/dist/workflow-engine/tasks/wait.js +39 -0
package/dist/workflow-engine/tasks/wait.js.map +1 -0
package/dist/workflow-engine/types.d.ts +682 -0
package/dist/workflow-engine/types.js +47 -0
package/dist/workflow-engine/types.js.map +1 -0
package/dist/workflows/call-agent-orchestrator.d.ts +31 -0
package/dist/workflows/call-agent-orchestrator.js +214 -0
package/dist/workflows/call-agent-orchestrator.js.map +1 -0
package/dist/workflows/connect-mcp-server.d.ts +20 -0
package/dist/workflows/connect-mcp-server.js +113 -0
package/dist/workflows/connect-mcp-server.js.map +1 -0
package/dist/workflows/engine-core.d.ts +36 -0
package/dist/workflows/engine-core.js +272 -0
package/dist/workflows/engine-core.js.map +1 -0
package/dist/workflows/execute-from-execution.d.ts +32 -0
package/dist/workflows/execute-from-execution.js +71 -0
package/dist/workflows/execute-from-execution.js.map +1 -0
package/dist/workflows/execute-serverless-workflow.d.ts +32 -0
package/dist/workflows/execute-serverless-workflow.js +36 -0
package/dist/workflows/execute-serverless-workflow.js.map +1 -0
package/dist/workflows/human-input-orchestrator.d.ts +19 -0
package/dist/workflows/human-input-orchestrator.js +59 -0
package/dist/workflows/human-input-orchestrator.js.map +1 -0
package/dist/workflows/index.d.ts +22 -0
package/dist/workflows/index.js +23 -0
package/dist/workflows/index.js.map +1 -0
package/dist/workflows/listen-orchestrator.d.ts +29 -0
package/dist/workflows/listen-orchestrator.js +143 -0
package/dist/workflows/listen-orchestrator.js.map +1 -0
package/dist/workflows/metrics-sink.d.ts +33 -0
package/dist/workflows/metrics-sink.js +21 -0
package/dist/workflows/metrics-sink.js.map +1 -0
package/dist/workflows/run-orchestrator.d.ts +15 -0
package/dist/workflows/run-orchestrator.js +27 -0
package/dist/workflows/run-orchestrator.js.map +1 -0
package/dist/workflows/types.d.ts +46 -0
package/dist/workflows/types.js +15 -0
package/dist/workflows/types.js.map +1 -0
package/dist/workflows/workflow-signals.d.ts +29 -0
package/dist/workflows/workflow-signals.js +46 -0
package/dist/workflows/workflow-signals.js.map +1 -0
package/package.json +108 -0
package/src/__test-utils__/__tests__/replay-fetch.test.ts +155 -0
package/src/__test-utils__/mock-client.ts +44 -0
package/src/__test-utils__/mock-workspace.ts +28 -0
package/src/__test-utils__/proto-helpers.ts +41 -0
package/src/__test-utils__/replay-fetch.ts +523 -0
package/src/__tests__/bootstrap.test.ts +221 -0
package/src/__tests__/claimcheck-codec.test.ts +257 -0
package/src/__tests__/config.test.ts +150 -0
package/src/__tests__/deterministic-eval-llm.test.ts +269 -0
package/src/__tests__/deterministic-mcp-hitl.test.ts +405 -0
package/src/__tests__/golden-e2e.test.ts +250 -0
package/src/__tests__/ipc-protocol-fixtures.test.ts +66 -0
package/src/__tests__/ipc-protocol.test.ts +32 -0
package/src/__tests__/otel-metrics.test.ts +40 -0
package/src/__tests__/runner-manager.test.ts +55 -0
package/src/__tests__/runner-token-coordinator.test.ts +166 -0
package/src/__tests__/runner.test.ts +182 -0
package/src/__tests__/worker.test.ts +18 -0
package/src/activities/__tests__/call-agent-contracts.test.ts +483 -0
package/src/activities/__tests__/call-agent.test.ts +263 -0
package/src/activities/__tests__/call-function.test.ts +47 -0
package/src/activities/__tests__/call-grpc.test.ts +39 -0
package/src/activities/__tests__/call-http.test.ts +288 -0
package/src/activities/__tests__/call-llm.test.ts +301 -0
package/src/activities/__tests__/classify-tool-approvals.test.ts +430 -0
package/src/activities/__tests__/discover-mcp-server.test.ts +641 -0
package/src/activities/__tests__/ensure-thread.test.ts +96 -0
package/src/activities/__tests__/error-classifier.test.ts +372 -0
package/src/activities/__tests__/evaluate-expressions.test.ts +114 -0
package/src/activities/__tests__/hydrate-workflow-execution.test.ts +321 -0
package/src/activities/__tests__/notification.test.ts +151 -0
package/src/activities/__tests__/workflow-event-activities.test.ts +664 -0
package/src/activities/call-agent-status.ts +130 -0
package/src/activities/call-agent.ts +302 -0
package/src/activities/call-eval.ts +333 -0
package/src/activities/call-function.ts +73 -0
package/src/activities/call-grpc.ts +140 -0
package/src/activities/call-http.ts +185 -0
package/src/activities/call-llm.ts +379 -0
package/src/activities/call-transform.ts +54 -0
package/src/activities/call-validate.ts +223 -0
package/src/activities/classify-tool-approvals.ts +319 -0
package/src/activities/discover-mcp-server.ts +411 -0
package/src/activities/emit-event.ts +195 -0
package/src/activities/ensure-thread.ts +45 -0
package/src/activities/evaluate-expressions.ts +47 -0
package/src/activities/execute-cursor/__tests__/approval-gate.test.ts +188 -0
package/src/activities/execute-cursor/__tests__/build-prompt.test.ts +111 -0
package/src/activities/execute-cursor/__tests__/cursor-baseurl-routing.test.ts +86 -0
package/src/activities/execute-cursor/__tests__/cursor-fetch-interceptor-bypass.test.ts +64 -0
package/src/activities/execute-cursor/__tests__/cursor-mode.test.ts +95 -0
package/src/activities/execute-cursor/__tests__/cursor-sdk-auth-smoke.test.ts +90 -0
package/src/activities/execute-cursor/__tests__/delta-enricher.test.ts +242 -0
package/src/activities/execute-cursor/__tests__/error-classifier-introspection.test.ts +156 -0
package/src/activities/execute-cursor/__tests__/fetch-interceptor.test.ts +211 -0
package/src/activities/execute-cursor/__tests__/hitl-ledger.test.ts +298 -0
package/src/activities/execute-cursor/__tests__/http2-interceptor.test.ts +360 -0
package/src/activities/execute-cursor/__tests__/message-translator.test.ts +657 -0
package/src/activities/execute-cursor/__tests__/model-pricing.test.ts +92 -0
package/src/activities/execute-cursor/__tests__/prompt-builder-delegation.test.ts +101 -0
package/src/activities/execute-cursor/__tests__/runner-error-regressions.test.ts +144 -0
package/src/activities/execute-cursor/__tests__/session-lifecycle.test.ts +65 -0
package/src/activities/execute-cursor/__tests__/skill-resolver.test.ts +265 -0
package/src/activities/execute-cursor/__tests__/subagent-config.test.ts +107 -0
package/src/activities/execute-cursor/__tests__/todo-tracker.test.ts +498 -0
package/src/activities/execute-cursor/__tests__/workspace-provision.test.ts +283 -0
package/src/activities/execute-cursor/approval-policy.ts +224 -0
package/src/activities/execute-cursor/approval-state.ts +311 -0
package/src/activities/execute-cursor/attachment-resolver.ts +78 -0
package/src/activities/execute-cursor/blueprint-resolver.ts +234 -0
package/src/activities/execute-cursor/connect-backfill.ts +49 -0
package/src/activities/execute-cursor/cursor-event-recorder.ts +83 -0
package/src/activities/execute-cursor/cursor-mode.ts +42 -0
package/src/activities/execute-cursor/delta-enricher.ts +307 -0
package/src/activities/execute-cursor/env-resolver.ts +64 -0
package/src/activities/execute-cursor/error-classifier.ts +247 -0
package/src/activities/execute-cursor/fetch-interceptor.ts +382 -0
package/src/activities/execute-cursor/hitl-diagnostics.ts +82 -0
package/src/activities/execute-cursor/hook-script.ts +159 -0
package/src/activities/execute-cursor/http2-interceptor.ts +253 -0
package/src/activities/execute-cursor/index.ts +1439 -0
package/src/activities/execute-cursor/mcp-config.ts +66 -0
package/src/activities/execute-cursor/mcp-resolver.ts +271 -0
package/src/activities/execute-cursor/message-translator.ts +896 -0
package/src/activities/execute-cursor/model-pricing-data.ts +167 -0
package/src/activities/execute-cursor/model-pricing.ts +167 -0
package/src/activities/execute-cursor/placeholder-resolver.ts +109 -0
package/src/activities/execute-cursor/prompt-builder.ts +349 -0
package/src/activities/execute-cursor/rejection-capture.ts +100 -0
package/src/activities/execute-cursor/session-lifecycle.ts +429 -0
package/src/activities/execute-cursor/skill-resolver.ts +176 -0
package/src/activities/execute-cursor/subagent-config.ts +62 -0
package/src/activities/execute-cursor/todo-tracker.ts +133 -0
package/src/activities/execute-cursor/usage-accumulator.ts +126 -0
package/src/activities/execute-cursor/workspace-provision.ts +55 -0
package/src/activities/execute-cursor/workspace-setup.ts +75 -0
package/src/activities/execute-deep-agent/__test-utils__/v3-event-fixtures.ts +281 -0
package/src/activities/execute-deep-agent/__tests__/attachment-injector.test.ts +720 -0
package/src/activities/execute-deep-agent/__tests__/auto-publish.test.ts +146 -0
package/src/activities/execute-deep-agent/__tests__/environment.test.ts +103 -0
package/src/activities/execute-deep-agent/__tests__/event-recorder.test.ts +150 -0
package/src/activities/execute-deep-agent/__tests__/execution-state-extended.test.ts +150 -0
package/src/activities/execute-deep-agent/__tests__/execution-state.test.ts +157 -0
package/src/activities/execute-deep-agent/__tests__/hitl-integration.test.ts +223 -0
package/src/activities/execute-deep-agent/__tests__/hitl.test.ts +244 -0
package/src/activities/execute-deep-agent/__tests__/index.test.ts +91 -0
package/src/activities/execute-deep-agent/__tests__/inline-publisher.test.ts +240 -0
package/src/activities/execute-deep-agent/__tests__/post-stream.test.ts +112 -0
package/src/activities/execute-deep-agent/__tests__/prompt-builder.test.ts +208 -0
package/src/activities/execute-deep-agent/__tests__/status-builder.test.ts +1771 -0
package/src/activities/execute-deep-agent/__tests__/streaming-scheduler.test.ts +199 -0
package/src/activities/execute-deep-agent/__tests__/streaming-v3.test.ts +527 -0
package/src/activities/execute-deep-agent/__tests__/streaming.test.ts +508 -0
package/src/activities/execute-deep-agent/__tests__/subagent-tracker.test.ts +474 -0
package/src/activities/execute-deep-agent/__tests__/subagent-transformer.test.ts +734 -0
package/src/activities/execute-deep-agent/__tests__/subagent-wiring.test.ts +71 -0
package/src/activities/execute-deep-agent/__tests__/summarization-verification.test.ts +323 -0
package/src/activities/execute-deep-agent/__tests__/v3-event-recorder.test.ts +186 -0
package/src/activities/execute-deep-agent/__tests__/v3-protocol-normalizer.test.ts +324 -0
package/src/activities/execute-deep-agent/__tests__/v3-status-builder.test.ts +504 -0
package/src/activities/execute-deep-agent/__tests__/writeback-coordinator.test.ts +399 -0
package/src/activities/execute-deep-agent/attachment-injector.ts +470 -0
package/src/activities/execute-deep-agent/auto-publish.ts +80 -0
package/src/activities/execute-deep-agent/environment.ts +67 -0
package/src/activities/execute-deep-agent/event-recorder.ts +95 -0
package/src/activities/execute-deep-agent/execution-state.ts +87 -0
package/src/activities/execute-deep-agent/execution-status-writer.ts +19 -0
package/src/activities/execute-deep-agent/hitl.ts +221 -0
package/src/activities/execute-deep-agent/index.ts +342 -0
package/src/activities/execute-deep-agent/inline-publisher.ts +134 -0
package/src/activities/execute-deep-agent/post-stream.ts +109 -0
package/src/activities/execute-deep-agent/prompt-builder.ts +264 -0
package/src/activities/execute-deep-agent/setup.ts +599 -0
package/src/activities/execute-deep-agent/status-builder-shared.ts +136 -0
package/src/activities/execute-deep-agent/status-builder.ts +412 -0
package/src/activities/execute-deep-agent/streaming-scheduler.ts +159 -0
package/src/activities/execute-deep-agent/streaming-side-effects.ts +89 -0
package/src/activities/execute-deep-agent/streaming-terminal.ts +96 -0
package/src/activities/execute-deep-agent/streaming-v3.ts +272 -0
package/src/activities/execute-deep-agent/streaming.ts +303 -0
package/src/activities/execute-deep-agent/subagent-tracker.ts +445 -0
package/src/activities/execute-deep-agent/subagent-transformer.ts +648 -0
package/src/activities/execute-deep-agent/subagent-wiring.ts +56 -0
package/src/activities/execute-deep-agent/v3-event-recorder.ts +111 -0
package/src/activities/execute-deep-agent/v3-events.ts +153 -0
package/src/activities/execute-deep-agent/v3-protocol-normalizer.ts +264 -0
package/src/activities/execute-deep-agent/v3-status-builder.ts +490 -0
package/src/activities/execute-deep-agent/writeback-coordinator.ts +420 -0
package/src/activities/hydrate-workflow-execution.ts +306 -0
package/src/activities/notification.ts +71 -0
package/src/activities/promote-task-output.ts +126 -0
package/src/activities/run-command.ts +148 -0
package/src/activities/workflow-event-activities.ts +481 -0
package/src/bootstrap.ts +173 -0
package/src/budget/__tests__/tracker.test.ts +293 -0
package/src/budget/index.ts +9 -0
package/src/budget/tracker.ts +171 -0
package/src/claimcheck/compressor.ts +9 -0
package/src/claimcheck/config.ts +20 -0
package/src/claimcheck/index.ts +3 -0
package/src/claimcheck/payload-codec.ts +107 -0
package/src/client/__tests__/server-contracts.test.ts +149 -0
package/src/client/__tests__/stigmer-client.test.ts +142 -0
package/src/client/server-contracts.ts +125 -0
package/src/client/stigmer-client.ts +339 -0
package/src/config.ts +185 -0
package/src/idle-watchdog.ts +28 -0
package/src/index.ts +48 -0
package/src/interceptors/workflow-metrics-sink.ts +56 -0
package/src/ipc-protocol-fixtures.ts +117 -0
package/src/ipc-protocol.ts +113 -0
package/src/main.ts +324 -0
package/src/middleware/__tests__/approval-gate.test.ts +231 -0
package/src/middleware/__tests__/cost-cap.test.ts +192 -0
package/src/middleware/__tests__/error-hints.test.ts +90 -0
package/src/middleware/__tests__/execution-budget.test.ts +138 -0
package/src/middleware/__tests__/graceful-stop.test.ts +105 -0
package/src/middleware/__tests__/loop-detection.test.ts +137 -0
package/src/middleware/__tests__/otel-spans.test.ts +89 -0
package/src/middleware/__tests__/think-tool.test.ts +26 -0
package/src/middleware/__tests__/tool-truncation.test.ts +112 -0
package/src/middleware/approval-gate.ts +179 -0
package/src/middleware/cost-cap.ts +213 -0
package/src/middleware/error-hints.ts +136 -0
package/src/middleware/execution-budget.ts +176 -0
package/src/middleware/graceful-stop.ts +86 -0
package/src/middleware/index.ts +70 -0
package/src/middleware/loop-detection.ts +192 -0
package/src/middleware/otel-spans.ts +205 -0
package/src/middleware/think-tool.ts +38 -0
package/src/middleware/tool-truncation.ts +94 -0
package/src/middleware/types.ts +114 -0
package/src/notification/__tests__/provider.test.ts +85 -0
package/src/notification/__tests__/webhook.test.ts +127 -0
package/src/notification/index.ts +15 -0
package/src/notification/provider.ts +52 -0
package/src/notification/webhook.ts +61 -0
package/src/otel-metrics.ts +73 -0
package/src/otel.ts +194 -0
package/src/runner-manager.ts +652 -0
package/src/runner-token-coordinator.ts +135 -0
package/src/runner.ts +380 -0
package/src/shared/__tests__/approval-policy.test.ts +256 -0
package/src/shared/__tests__/artifact-storage-extended.test.ts +208 -0
package/src/shared/__tests__/artifact-storage.test.ts +365 -0
package/src/shared/__tests__/connect-backfill.test.ts +346 -0
package/src/shared/__tests__/extract-json.test.ts +153 -0
package/src/shared/__tests__/grpc-retry-extended.test.ts +176 -0
package/src/shared/__tests__/grpc-retry.test.ts +172 -0
package/src/shared/__tests__/json-schema-to-zod.test.ts +227 -0
package/src/shared/__tests__/llm-proxy.test.ts +179 -0
package/src/shared/__tests__/mcp-manager.test.ts +154 -0
package/src/shared/__tests__/model-pricing.test.ts +85 -0
package/src/shared/__tests__/model-registry.test.ts +197 -0
package/src/shared/__tests__/placeholder-resolver.test.ts +210 -0
package/src/shared/__tests__/plan-artifact.test.ts +142 -0
package/src/shared/__tests__/skill-relevance.test.ts +292 -0
package/src/shared/__tests__/skill-writer.test.ts +349 -0
package/src/shared/__tests__/status.test.ts +142 -0
package/src/shared/__tests__/subagent-gate.test.ts +112 -0
package/src/shared/__tests__/tool-kind.test.ts +58 -0
package/src/shared/__tests__/zip-extract.test.ts +204 -0
package/src/shared/approval-policy.ts +146 -0
package/src/shared/artifact-storage.ts +207 -0
package/src/shared/checkpointer/__tests__/factory.test.ts +42 -0
package/src/shared/checkpointer/__tests__/http-saver.test.ts +176 -0
package/src/shared/checkpointer/factory.ts +73 -0
package/src/shared/checkpointer/http-saver.ts +349 -0
package/src/shared/checkpointer/types.ts +12 -0
package/src/shared/connect-backfill.ts +162 -0
package/src/shared/extract-json.ts +153 -0
package/src/shared/grpc-retry.ts +113 -0
package/src/shared/heartbeat.ts +70 -0
package/src/shared/json-schema-to-zod.ts +53 -0
package/src/shared/llm-proxy.ts +138 -0
package/src/shared/mcp-manager.ts +150 -0
package/src/shared/mcp-resolver.ts +150 -0
package/src/shared/model-pricing-data.ts +109 -0
package/src/shared/model-pricing.ts +81 -0
package/src/shared/model-registry.ts +214 -0
package/src/shared/placeholder-resolver.ts +102 -0
package/src/shared/plan-artifact.ts +120 -0
package/src/shared/skill-relevance.ts +222 -0
package/src/shared/skill-writer.ts +300 -0
package/src/shared/status.ts +94 -0
package/src/shared/subagent-gate.ts +117 -0
package/src/shared/tool-kind.ts +91 -0
package/src/shared/workspace/__tests__/file-tree.test.ts +210 -0
package/src/shared/workspace/__tests__/git-source.test.ts +423 -0
package/src/shared/workspace/__tests__/local-backend-platform.test.ts +259 -0
package/src/shared/workspace/__tests__/local-backend.test.ts +154 -0
package/src/shared/workspace/__tests__/platform-mount.test.ts +378 -0
package/src/shared/workspace/__tests__/provisioner.test.ts +145 -0
package/src/shared/workspace/file-tree.ts +116 -0
package/src/shared/workspace/local-backend.ts +140 -0
package/src/shared/workspace/platform-dir.ts +38 -0
package/src/shared/workspace/platform-mount.ts +190 -0
package/src/shared/workspace/provisioner.ts +150 -0
package/src/shared/workspace/sources/empty.ts +20 -0
package/src/shared/workspace/sources/git.ts +285 -0
package/src/shared/workspace/sources/local-path.ts +89 -0
package/src/shared/workspace/types.ts +69 -0
package/src/shared/zip-extract.ts +193 -0
package/src/worker.ts +98 -0
package/src/workflow-engine/__tests__/do-executor-recovery.test.ts +382 -0
package/src/workflow-engine/__tests__/do-executor.test.ts +963 -0
package/src/workflow-engine/__tests__/errors.test.ts +174 -0
package/src/workflow-engine/__tests__/expression.test.ts +776 -0
package/src/workflow-engine/__tests__/for.test.ts +575 -0
package/src/workflow-engine/__tests__/fork.test.ts +838 -0
package/src/workflow-engine/__tests__/golden-execution.test.ts +1085 -0
package/src/workflow-engine/__tests__/jq-wasm-spike.test.ts +90 -0
package/src/workflow-engine/__tests__/loader.test.ts +1393 -0
package/src/workflow-engine/__tests__/pause-resume.test.ts +267 -0
package/src/workflow-engine/__tests__/recovery.test.ts +115 -0
package/src/workflow-engine/__tests__/resolve.test.ts +432 -0
package/src/workflow-engine/__tests__/retry.test.ts +306 -0
package/src/workflow-engine/__tests__/state.test.ts +174 -0
package/src/workflow-engine/__tests__/task-status-accumulator.test.ts +373 -0
package/src/workflow-engine/__tests__/tasks/call-agent-output.test.ts +120 -0
package/src/workflow-engine/__tests__/tasks/call-agent.test.ts +816 -0
package/src/workflow-engine/__tests__/tasks/call-function.test.ts +205 -0
package/src/workflow-engine/__tests__/tasks/call-grpc.test.ts +133 -0
package/src/workflow-engine/__tests__/tasks/call-http.test.ts +150 -0
package/src/workflow-engine/__tests__/tasks/emit-event.test.ts +322 -0
package/src/workflow-engine/__tests__/tasks/human-input.test.ts +416 -0
package/src/workflow-engine/__tests__/tasks/listen.test.ts +422 -0
package/src/workflow-engine/__tests__/tasks/raise.test.ts +166 -0
package/src/workflow-engine/__tests__/tasks/run.test.ts +272 -0
package/src/workflow-engine/__tests__/tasks/set.test.ts +127 -0
package/src/workflow-engine/__tests__/tasks/switch.test.ts +277 -0
package/src/workflow-engine/__tests__/tasks/try.test.ts +590 -0
package/src/workflow-engine/__tests__/tasks/wait.test.ts +173 -0
package/src/workflow-engine/clone.ts +18 -0
package/src/workflow-engine/do-executor.ts +569 -0
package/src/workflow-engine/duration.ts +22 -0
package/src/workflow-engine/error-utils.ts +97 -0
package/src/workflow-engine/errors.ts +130 -0
package/src/workflow-engine/expression-utils.ts +129 -0
package/src/workflow-engine/expression.ts +430 -0
package/src/workflow-engine/loader.ts +524 -0
package/src/workflow-engine/recovery.ts +80 -0
package/src/workflow-engine/resolve.ts +342 -0
package/src/workflow-engine/retry.ts +109 -0
package/src/workflow-engine/state.ts +56 -0
package/src/workflow-engine/task-factory.ts +160 -0
package/src/workflow-engine/task-status-accumulator.ts +204 -0
package/src/workflow-engine/tasks/call-agent-output.ts +132 -0
package/src/workflow-engine/tasks/call-agent.ts +221 -0
package/src/workflow-engine/tasks/call-function.ts +107 -0
package/src/workflow-engine/tasks/call-grpc.ts +47 -0
package/src/workflow-engine/tasks/call-http.ts +51 -0
package/src/workflow-engine/tasks/for.ts +244 -0
package/src/workflow-engine/tasks/fork.ts +228 -0
package/src/workflow-engine/tasks/human-input.ts +147 -0
package/src/workflow-engine/tasks/listen.ts +166 -0
package/src/workflow-engine/tasks/raise.ts +81 -0
package/src/workflow-engine/tasks/run.ts +142 -0
package/src/workflow-engine/tasks/set.ts +47 -0
package/src/workflow-engine/tasks/switch.ts +102 -0
package/src/workflow-engine/tasks/try.ts +274 -0
package/src/workflow-engine/tasks/wait.ts +53 -0
package/src/workflow-engine/types.ts +911 -0
package/src/workflows/__tests__/connect-mcp-server.test.ts +359 -0
package/src/workflows/__tests__/execute-serverless-workflow.test.ts +277 -0
package/src/workflows/call-agent-orchestrator.ts +283 -0
package/src/workflows/connect-mcp-server.ts +152 -0
package/src/workflows/engine-core.ts +406 -0
package/src/workflows/execute-from-execution.ts +101 -0
package/src/workflows/execute-serverless-workflow.ts +60 -0
package/src/workflows/human-input-orchestrator.ts +76 -0
package/src/workflows/index.ts +32 -0
package/src/workflows/listen-orchestrator.ts +200 -0
package/src/workflows/metrics-sink.ts +48 -0
package/src/workflows/run-orchestrator.ts +34 -0
package/src/workflows/types.ts +64 -0
package/src/workflows/workflow-signals.ts +55 -0

package/dist/activities/execute-cursor/approval-policy.d.ts ADDED Viewed

@@ -0,0 +1,104 @@
+/**
+ * Tool approval policy evaluation for the Cursor harness.
+ *
+ * Implements the four-level policy chain documented in the ToolCall proto:
+ *
+ * 1. McpServerStatus.tool_approvals — system-generated defaults from the
+ *    LLM classifier during the connect flow.
+ * 2. McpServerSpec.pinned_tool_approvals — manual overrides by the server
+ *    owner. Presence in the list means "requires approval."
+ * 3. McpServerUsage.tool_approval_overrides — per-agent customization with
+ *    an explicit requires_approval boolean.
+ * 4. AgentExecutionSpec.auto_approve_all — runtime bypass (highest priority).
+ *
+ * For MCP tools, the merged result determines whether the preToolUse hook
+ * allows or denies the call. For built-in Cursor tools (Shell, Read, etc.),
+ * a separate local policy applies.
+ */
+import type { ToolApprovalOverride } from "@stigmer/protos/ai/stigmer/agentic/agent/v1/spec_pb";
+import type { ResolvedMcpServer } from "./mcp-resolver.js";
+/**
+ * A single tool's merged approval decision after evaluating all policy layers.
+ */
+export interface MergedToolPolicy {
+    toolName: string;
+    mcpServerSlug: string;
+    requiresApproval: boolean;
+    approvalMessage: string;
+}
+/**
+ * Top-level tool-argument fields, in priority order, that identify the specific
+ * resource a built-in tool acts on. Used to render approval messages and to key
+ * HITL approval grants (see approval-state.ts). Authored here once and injected
+ * into the generated preToolUse hook script so the runner and the hook always
+ * agree on which field to match.
+ */
+export declare const SALIENT_ARG_FIELDS: readonly ["path", "command", "target_notebook"];
+/**
+ * Check whether a built-in (non-MCP) Cursor tool requires user approval.
+ *
+ * Only the explicitly gated, mutating/destructive tools require approval;
+ * everything else (read-only built-ins, and — at the hook layer — auto-approved
+ * MCP tools) is allowed. This "gate the dangerous set, allow the rest" model
+ * mirrors the native harness's resolveToolApproval, which also defaults
+ * unlisted tools to no-approval. It is deliberately fail-OPEN for unknown
+ * tools: the merged MCP policy map carries only the tools that REQUIRE
+ * approval, so a fail-closed default would wrongly deny every auto-approved
+ * MCP tool, which the hook cannot distinguish from an unknown built-in by name.
+ */
+export declare function builtInRequiresApproval(toolName: string): boolean;
+/**
+ * Returns the built-in tool names that require approval (the gated set the
+ * preToolUse hook denies unless auto-approved or granted on reinvocation).
+ */
+export declare function getBuiltInGatedList(): string[];
+/**
+ * Approval-message template for a gated built-in tool, or undefined when the
+ * tool is not a known gated built-in. Callers resolve the placeholders against
+ * the tool args via resolveApprovalMessage.
+ */
+export declare function getBuiltInApprovalMessage(toolName: string): string | undefined;
+/**
+ * Extract the canonical "salient" argument value that identifies the resource a
+ * built-in tool acts on (the file path, the shell command, …). Returns "" when
+ * no salient field is present. Kept in lockstep with SALIENT_ARG_FIELDS and the
+ * generated hook script so grant matching at deny-time and reinvoke-time never
+ * drift.
+ */
+export declare function extractArgKey(args: Record<string, unknown> | undefined): string;
+/**
+ * Merge approval policies from all four levels into a single lookup map.
+ *
+ * Keys are the raw tool name (e.g., "apply_cloud_resource"). Each MCP server
+ * contributes its own set of policies, so the map is keyed by
+ * "serverSlug/toolName" to avoid collisions between servers.
+ *
+ * Policy chain (each level overrides the previous):
+ * 1. status.toolApprovals — presence means "requires approval"
+ * 2. spec.pinnedToolApprovals — presence means "requires approval" (overrides)
+ * 3. agent tool_approval_overrides — explicit boolean per tool
+ * 4. auto_approve_all — bypasses everything
+ *
+ * When auto_approve_all is true, the returned map is empty (no tool
+ * requires approval).
+ */
+export declare function mergeApprovalPolicies(resolvedServers: ResolvedMcpServer[], agentOverrides: ToolApprovalOverride[], autoApproveAll: boolean): Map<string, MergedToolPolicy>;
+/**
+ * Look up whether an MCP tool requires approval.
+ *
+ * @param toolName - The actual MCP tool name (e.g., "apply_cloud_resource")
+ * @param mcpServerSlug - The MCP server slug (e.g., "planton")
+ * @param policies - The merged policy map from mergeApprovalPolicies()
+ * @returns The policy if approval is required, undefined if auto-approved
+ */
+export declare function lookupMcpToolPolicy(toolName: string, mcpServerSlug: string, policies: Map<string, MergedToolPolicy>): MergedToolPolicy | undefined;
+/**
+ * Resolve {{args.field}} placeholders in an approval message using the
+ * tool's actual arguments.
+ *
+ * Placeholder syntax matches the proto-documented format:
+ * - {{args.field_name}} — replaced with the argument value
+ * - {{tool_name}} — replaced with the tool name
+ * - Missing fields are replaced with "<unknown>"
+ */
+export declare function resolveApprovalMessage(template: string, toolName: string, args: Record<string, unknown>): string;

package/dist/activities/execute-cursor/approval-policy.js ADDED Viewed

@@ -0,0 +1,193 @@
+/**
+ * Tool approval policy evaluation for the Cursor harness.
+ *
+ * Implements the four-level policy chain documented in the ToolCall proto:
+ *
+ * 1. McpServerStatus.tool_approvals — system-generated defaults from the
+ *    LLM classifier during the connect flow.
+ * 2. McpServerSpec.pinned_tool_approvals — manual overrides by the server
+ *    owner. Presence in the list means "requires approval."
+ * 3. McpServerUsage.tool_approval_overrides — per-agent customization with
+ *    an explicit requires_approval boolean.
+ * 4. AgentExecutionSpec.auto_approve_all — runtime bypass (highest priority).
+ *
+ * For MCP tools, the merged result determines whether the preToolUse hook
+ * allows or denies the call. For built-in Cursor tools (Shell, Read, etc.),
+ * a separate local policy applies.
+ */
+/**
+ * Built-in (non-MCP) Cursor tools that mutate the workspace or execute
+ * commands. These require approval when auto_approve_all is false, mirroring
+ * the native harness's DANGEROUS_PLATFORM_TOOLS (write/edit/create/delete/
+ * execute/shell). Each value is an approval-message template resolved against
+ * the tool args (see resolveApprovalMessage); its placeholder names the same
+ * field the grant matcher keys on (path/command/target_notebook).
+ */
+const BUILT_IN_GATED = new Map([
+    ["Write", "Write file: {{args.path}}"],
+    ["StrReplace", "Edit file: {{args.path}}"],
+    ["EditNotebook", "Edit notebook: {{args.target_notebook}}"],
+    ["Shell", "Run command: {{args.command}}"],
+    ["Delete", "Delete: {{args.path}}"],
+]);
+/**
+ * Top-level tool-argument fields, in priority order, that identify the specific
+ * resource a built-in tool acts on. Used to render approval messages and to key
+ * HITL approval grants (see approval-state.ts). Authored here once and injected
+ * into the generated preToolUse hook script so the runner and the hook always
+ * agree on which field to match.
+ */
+export const SALIENT_ARG_FIELDS = ["path", "command", "target_notebook"];
+/**
+ * Check whether a built-in (non-MCP) Cursor tool requires user approval.
+ *
+ * Only the explicitly gated, mutating/destructive tools require approval;
+ * everything else (read-only built-ins, and — at the hook layer — auto-approved
+ * MCP tools) is allowed. This "gate the dangerous set, allow the rest" model
+ * mirrors the native harness's resolveToolApproval, which also defaults
+ * unlisted tools to no-approval. It is deliberately fail-OPEN for unknown
+ * tools: the merged MCP policy map carries only the tools that REQUIRE
+ * approval, so a fail-closed default would wrongly deny every auto-approved
+ * MCP tool, which the hook cannot distinguish from an unknown built-in by name.
+ */
+export function builtInRequiresApproval(toolName) {
+    return BUILT_IN_GATED.has(toolName);
+}
+/**
+ * Returns the built-in tool names that require approval (the gated set the
+ * preToolUse hook denies unless auto-approved or granted on reinvocation).
+ */
+export function getBuiltInGatedList() {
+    return [...BUILT_IN_GATED.keys()];
+}
+/**
+ * Approval-message template for a gated built-in tool, or undefined when the
+ * tool is not a known gated built-in. Callers resolve the placeholders against
+ * the tool args via resolveApprovalMessage.
+ */
+export function getBuiltInApprovalMessage(toolName) {
+    return BUILT_IN_GATED.get(toolName);
+}
+/**
+ * Extract the canonical "salient" argument value that identifies the resource a
+ * built-in tool acts on (the file path, the shell command, …). Returns "" when
+ * no salient field is present. Kept in lockstep with SALIENT_ARG_FIELDS and the
+ * generated hook script so grant matching at deny-time and reinvoke-time never
+ * drift.
+ */
+export function extractArgKey(args) {
+    if (!args)
+        return "";
+    for (const field of SALIENT_ARG_FIELDS) {
+        const v = args[field];
+        if (typeof v === "string" && v.length > 0)
+            return v;
+    }
+    return "";
+}
+/**
+ * Merge approval policies from all four levels into a single lookup map.
+ *
+ * Keys are the raw tool name (e.g., "apply_cloud_resource"). Each MCP server
+ * contributes its own set of policies, so the map is keyed by
+ * "serverSlug/toolName" to avoid collisions between servers.
+ *
+ * Policy chain (each level overrides the previous):
+ * 1. status.toolApprovals — presence means "requires approval"
+ * 2. spec.pinnedToolApprovals — presence means "requires approval" (overrides)
+ * 3. agent tool_approval_overrides — explicit boolean per tool
+ * 4. auto_approve_all — bypasses everything
+ *
+ * When auto_approve_all is true, the returned map is empty (no tool
+ * requires approval).
+ */
+export function mergeApprovalPolicies(resolvedServers, agentOverrides, autoApproveAll) {
+    const merged = new Map();
+    if (autoApproveAll)
+        return merged;
+    for (const server of resolvedServers) {
+        const serverPolicies = new Map();
+        // Layer 1: system-generated defaults (presence = requires approval)
+        for (const policy of server.toolApprovals) {
+            if (!policy.toolName)
+                continue;
+            serverPolicies.set(policy.toolName, {
+                requiresApproval: true,
+                message: policy.message || `Execute tool: ${policy.toolName}`,
+            });
+        }
+        // Layer 2: manual overrides (presence = requires approval, overrides layer 1)
+        for (const pinned of server.pinnedToolApprovals) {
+            if (!pinned.toolName)
+                continue;
+            serverPolicies.set(pinned.toolName, {
+                requiresApproval: true,
+                message: pinned.message || serverPolicies.get(pinned.toolName)?.message || `Execute tool: ${pinned.toolName}`,
+            });
+        }
+        // Layer 3: per-agent overrides (explicit boolean, can enable or disable)
+        for (const override of agentOverrides) {
+            if (!override.toolName)
+                continue;
+            const existing = serverPolicies.get(override.toolName);
+            if (existing) {
+                existing.requiresApproval = override.requiresApproval;
+                if (override.message) {
+                    existing.message = override.message;
+                }
+            }
+            else if (override.requiresApproval) {
+                serverPolicies.set(override.toolName, {
+                    requiresApproval: true,
+                    message: override.message || `Execute tool: ${override.toolName}`,
+                });
+            }
+        }
+        // Write merged policies into the result map
+        for (const [toolName, policy] of serverPolicies) {
+            if (!policy.requiresApproval)
+                continue;
+            const key = `${server.slug}/${toolName}`;
+            merged.set(key, {
+                toolName,
+                mcpServerSlug: server.slug,
+                requiresApproval: true,
+                approvalMessage: policy.message,
+            });
+        }
+    }
+    return merged;
+}
+/**
+ * Look up whether an MCP tool requires approval.
+ *
+ * @param toolName - The actual MCP tool name (e.g., "apply_cloud_resource")
+ * @param mcpServerSlug - The MCP server slug (e.g., "planton")
+ * @param policies - The merged policy map from mergeApprovalPolicies()
+ * @returns The policy if approval is required, undefined if auto-approved
+ */
+export function lookupMcpToolPolicy(toolName, mcpServerSlug, policies) {
+    return policies.get(`${mcpServerSlug}/${toolName}`);
+}
+/**
+ * Resolve {{args.field}} placeholders in an approval message using the
+ * tool's actual arguments.
+ *
+ * Placeholder syntax matches the proto-documented format:
+ * - {{args.field_name}} — replaced with the argument value
+ * - {{tool_name}} — replaced with the tool name
+ * - Missing fields are replaced with "<unknown>"
+ */
+export function resolveApprovalMessage(template, toolName, args) {
+    return template
+        .replace(/\{\{tool_name\}\}/g, toolName)
+        .replace(/\{\{args\.(\w+)\}\}/g, (_match, field) => {
+        const value = args[field];
+        if (value === undefined || value === null)
+            return "<unknown>";
+        if (typeof value === "string")
+            return value;
+        return JSON.stringify(value);
+    });
+}
+//# sourceMappingURL=approval-policy.js.map

package/dist/activities/execute-cursor/approval-policy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"approval-policy.js","sourceRoot":"","sources":["../../../src/activities/execute-cursor/approval-policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAgBH;;;;;;;GAOG;AACH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAiB;IAC7C,CAAC,OAAO,EAAE,2BAA2B,CAAC;IACtC,CAAC,YAAY,EAAE,0BAA0B,CAAC;IAC1C,CAAC,cAAc,EAAE,yCAAyC,CAAC;IAC3D,CAAC,OAAO,EAAE,+BAA+B,CAAC;IAC1C,CAAC,QAAQ,EAAE,uBAAuB,CAAC;CACpC,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,iBAAiB,CAAU,CAAC;AAElF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,uBAAuB,CAAC,QAAgB;IACtD,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,CAAC,GAAG,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC;AACpC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CAAC,QAAgB;IACxD,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACtC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,IAAyC;IACrE,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,KAAK,MAAM,KAAK,IAAI,kBAAkB,EAAE,CAAC;QACvC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QACtB,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,qBAAqB,CACnC,eAAoC,EACpC,cAAsC,EACtC,cAAuB;IAEvB,MAAM,MAAM,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEnD,IAAI,cAAc;QAAE,OAAO,MAAM,CAAC;IAElC,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;QACrC,MAAM,cAAc,GAAG,IAAI,GAAG,EAA0D,CAAC;QAEzF,oEAAoE;QACpE,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YAC1C,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAAE,SAAS;YAC/B,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE;gBAClC,gBAAgB,EAAE,IAAI;gBACtB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,iBAAiB,MAAM,CAAC,QAAQ,EAAE;aAC9D,CAAC,CAAC;QACL,CAAC;QAED,8EAA8E;QAC9E,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;YAChD,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAAE,SAAS;YAC/B,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE;gBAClC,gBAAgB,EAAE,IAAI;gBACtB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,OAAO,IAAI,iBAAiB,MAAM,CAAC,QAAQ,EAAE;aAC9G,CAAC,CAAC;QACL,CAAC;QAED,yEAAyE;QACzE,KAAK,MAAM,QAAQ,IAAI,cAAc,EAAE,CAAC;YACtC,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBAAE,SAAS;YACjC,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACvD,IAAI,QAAQ,EAAE,CAAC;gBACb,QAAQ,CAAC,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAC;gBACtD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;oBACrB,QAAQ,CAAC,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC;gBACtC,CAAC;YACH,CAAC;iBAAM,IAAI,QAAQ,CAAC,gBAAgB,EAAE,CAAC;gBACrC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE;oBACpC,gBAAgB,EAAE,IAAI;oBACtB,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,iBAAiB,QAAQ,CAAC,QAAQ,EAAE;iBAClE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,MAAM,CAAC,gBAAgB;gBAAE,SAAS;YACvC,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,IAAI,IAAI,QAAQ,EAAE,CAAC;YACzC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE;gBACd,QAAQ;gBACR,aAAa,EAAE,MAAM,CAAC,IAAI;gBAC1B,gBAAgB,EAAE,IAAI;gBACtB,eAAe,EAAE,MAAM,CAAC,OAAO;aAChC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAgB,EAChB,aAAqB,EACrB,QAAuC;IAEvC,OAAO,QAAQ,CAAC,GAAG,CAAC,GAAG,aAAa,IAAI,QAAQ,EAAE,CAAC,CAAC;AACtD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CACpC,QAAgB,EAChB,QAAgB,EAChB,IAA6B;IAE7B,OAAO,QAAQ;SACZ,OAAO,CAAC,oBAAoB,EAAE,QAAQ,CAAC;SACvC,OAAO,CAAC,sBAAsB,EAAE,CAAC,MAAM,EAAE,KAAa,EAAE,EAAE;QACzD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,WAAW,CAAC;QAC9D,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/activities/execute-cursor/approval-state.d.ts ADDED Viewed

@@ -0,0 +1,157 @@
+/**
+ * Approval state management for the hook-deny + reinvoke HITL model.
+ *
+ * Before starting a Cursor Agent run, the cursor-runner writes a state file
+ * to the workspace. The preToolUse hook script reads this file to decide
+ * whether to allow or deny each tool call.
+ *
+ * State file format (JSON):
+ * {
+ *   "autoApproveAll": false,
+ *   "builtInGatedList": ["Write", "StrReplace", "Shell", ...],
+ *   "mcpToolPolicies": {
+ *     "apply_cloud_resource": { "requiresApproval": true, "message": "..." }
+ *   },
+ *   "approvedGrants": [{ "toolName": "Write", "mcpServerSlug": "", "argKey": "a.txt" }],
+ *   "approvedGrantTokens": ["V3JpdGUKYS50eHQ="]
+ * }
+ *
+ * The hook gates only the explicitly dangerous set (builtInGatedList) and the
+ * MCP tools that require approval (mcpToolPolicies, which by construction holds
+ * only require-approval entries); every other tool is allowed. This mirrors the
+ * native harness and avoids denying auto-approved MCP tools, which are absent
+ * from the policy map and indistinguishable from unknown tools by name.
+ *
+ * Why grants instead of tool-call ids: a resumed Cursor agent re-issues the
+ * approved tool with a BRAND NEW call id, so matching on the original call id
+ * can never let the re-attempt through. Instead we grant by tool identity —
+ * tool name plus a "salient" argument (the file path for Write, the command for
+ * Shell, …; see extractArgKey). On reinvocation the hook allows a tool call
+ * only if its (name, salient-arg) matches an approved grant; rejected/skipped
+ * tools and any newly proposed dangerous tool are re-gated.
+ *
+ * Tokens: the hook is a self-contained bash script, so it cannot parse an array
+ * of grant objects. `approvedGrantTokens` is the flat, base64-encoded form of
+ * each grant that the hook matches by simple string membership. The structured
+ * `approvedGrants` is retained for readability, debugging, and tests; the two
+ * are always generated together from the same source.
+ *
+ * Denial ledger (hook → runner):
+ * The state file is the runner's INPUT to the hook. Its symmetric OUTPUT is the
+ * denial ledger (stigmer-denials.jsonl): when the hook denies a tool, it appends
+ * the call's identity token to this file. The runner reads the ledger after the
+ * run to learn which tool calls were gated — the hook is the only component that
+ * actually makes the per-call allow/deny decision, so its ledger is the
+ * authoritative "what was denied this turn" signal (the cursor analog of the
+ * native harness's LangGraph interrupts). The token uses the SAME identity space
+ * as approvedGrantTokens, so a denial token approved this turn becomes a grant
+ * token next turn.
+ */
+import { ApprovalAction } from "@stigmer/protos/ai/stigmer/agentic/agentexecution/v1/enum_pb";
+import type { PendingApproval } from "@stigmer/protos/ai/stigmer/agentic/agentexecution/v1/approval_pb";
+import type { AgentMessage } from "@stigmer/protos/ai/stigmer/agentic/agentexecution/v1/message_pb";
+import type { MergedToolPolicy } from "./approval-policy.js";
+export interface McpToolPolicyEntry {
+    requiresApproval: boolean;
+    message?: string;
+}
+/**
+ * The identity of an approved tool call, stable across agent resume.
+ *
+ * - argKey is the salient argument (path/command/…) for built-in tools; matched
+ *   exactly so only the approved resource is allowed through on the resumed turn.
+ * - argKey is empty for MCP tools (and built-in tools with no salient field);
+ *   the grant then matches by name alone, since the user approved that tool.
+ */
+export interface ApprovalGrant {
+    toolName: string;
+    mcpServerSlug: string;
+    argKey: string;
+}
+export interface ApprovalStateFile {
+    autoApproveAll: boolean;
+    builtInGatedList: string[];
+    mcpToolPolicies: Record<string, McpToolPolicyEntry>;
+    approvedGrants: ApprovalGrant[];
+    approvedGrantTokens: string[];
+}
+/**
+ * Compute the flat token the bash hook matches on. The hook recomputes the same
+ * token from the incoming tool call (`base64(toolName \n salientArg)`), so the
+ * encoding here must stay byte-identical to the hook script in hook-script.ts.
+ */
+export declare function grantToken(toolName: string, argKey: string): string;
+/**
+ * Build approval grants from the pending approvals the user adjudicated and
+ * their decisions. Only APPROVE decisions produce grants. Built-in tools are
+ * keyed by their salient argument; MCP tools are keyed by name only.
+ */
+export declare function buildApprovalGrants(pendingApprovals: PendingApproval[], decisions: Map<string, ApprovalAction>): ApprovalGrant[];
+/**
+ * Build the approval state file content from merged policies and any approval
+ * grants from a previous HITL cycle.
+ *
+ * The state file drives the hook script's allow/deny decisions:
+ * - builtInGatedList: dangerous built-in tools the hook denies (unless granted)
+ * - mcpToolPolicies: per-tool policy for MCP tools requiring approval
+ * - approvedGrants / approvedGrantTokens: tools approved in the current HITL
+ *   cycle, allowed through on reinvocation
+ */
+export declare function buildApprovalState(mergedPolicies: Map<string, MergedToolPolicy>, autoApproveAll: boolean, grants?: ApprovalGrant[]): ApprovalStateFile;
+/**
+ * Write the approval state file to the workspace for the hook script to read.
+ *
+ * Written as COMPACT JSON (no indentation): the bash hook parses it with
+ * line-oriented grep patterns that assume `"key":value` with no spaces or
+ * newlines (e.g. `"autoApproveAll":true`, `"name":{...}`). Pretty-printing
+ * would break every lookup.
+ */
+export declare function writeApprovalStateFile(workspaceRoot: string, state: ApprovalStateFile): Promise<string>;
+/**
+ * One denial recorded by the preToolUse hook. `token` is the call's identity in
+ * the same space as grantToken() (base64 of `toolName \n salientArg`), used to
+ * correlate the denial back to the streamed tool call. `toolName` is carried raw
+ * for human-readable debugging of the ledger file.
+ */
+export interface DeniedLedgerEntry {
+    toolName: string;
+    token: string;
+}
+/** Absolute path of the per-turn denial ledger the hook appends to. */
+export declare function denialLedgerPath(workspaceRoot: string): string;
+/**
+ * Truncate the denial ledger to empty for a fresh turn, returning its path.
+ *
+ * Called every turn alongside writeApprovalStateFile (the workspace is durable
+ * and reused across HITL reinvocations), so the runner only ever reads denials
+ * produced by the current run. A Temporal activity retry re-runs this reset
+ * before re-running the agent, so the read stays deterministic under retries.
+ */
+export declare function resetDenialLedger(workspaceRoot: string): Promise<string>;
+/**
+ * Read the denial ledger written by the hook during the turn. Missing file →
+ * no denials. Blank or partially-written lines are tolerated (the hook appends
+ * line-by-line and a run can be interrupted), so a malformed tail never hides
+ * the valid denials before it.
+ */
+export declare function readDenialLedger(workspaceRoot: string): Promise<DeniedLedgerEntry[]>;
+/**
+ * Reconstruct the adjudicated approvals for a HITL reinvocation directly from
+ * the tool calls in messages.
+ *
+ * The tool call — not pending_approvals — is the source of truth for an approval
+ * decision. The backend projects pending_approvals from tool-call status
+ * (PendingApprovalComputer) and CLEARS entries once they carry an approval_action,
+ * so by the time the workflow reinvokes this activity, pending_approvals is empty
+ * and the decision survives only on the tool call (status WAITING_APPROVAL +
+ * approval_action set). This mirrors the native harness
+ * (execute-deep-agent/hitl.ts extractApprovalDecisions).
+ *
+ * Returns a PendingApproval list reconstructed from those tool calls (so the
+ * existing grant/prompt builders work unchanged) alongside the decision map.
+ */
+export interface AdjudicatedApprovals {
+    pendingApprovals: PendingApproval[];
+    decisions: Map<string, ApprovalAction>;
+}
+export declare function reconstructAdjudicatedApprovals(messages: AgentMessage[]): AdjudicatedApprovals;