@synth-deploy/server 1.0.6 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (96) hide show
  1. package/dist/agent/envoy-client.d.ts +62 -7
  2. package/dist/agent/envoy-client.d.ts.map +1 -1
  3. package/dist/agent/envoy-client.js +56 -6
  4. package/dist/agent/envoy-client.js.map +1 -1
  5. package/dist/agent/stale-deployment-detector.js +1 -1
  6. package/dist/agent/stale-deployment-detector.js.map +1 -1
  7. package/dist/agent/synth-agent.d.ts +7 -5
  8. package/dist/agent/synth-agent.d.ts.map +1 -1
  9. package/dist/agent/synth-agent.js +42 -39
  10. package/dist/agent/synth-agent.js.map +1 -1
  11. package/dist/alert-webhooks/alert-parsers.d.ts +21 -0
  12. package/dist/alert-webhooks/alert-parsers.d.ts.map +1 -0
  13. package/dist/alert-webhooks/alert-parsers.js +184 -0
  14. package/dist/alert-webhooks/alert-parsers.js.map +1 -0
  15. package/dist/api/agent.d.ts +0 -6
  16. package/dist/api/agent.d.ts.map +1 -1
  17. package/dist/api/agent.js +6 -459
  18. package/dist/api/agent.js.map +1 -1
  19. package/dist/api/alert-webhooks.d.ts +13 -0
  20. package/dist/api/alert-webhooks.d.ts.map +1 -0
  21. package/dist/api/alert-webhooks.js +279 -0
  22. package/dist/api/alert-webhooks.js.map +1 -0
  23. package/dist/api/envoy-reports.js +2 -2
  24. package/dist/api/envoy-reports.js.map +1 -1
  25. package/dist/api/envoys.js +1 -1
  26. package/dist/api/envoys.js.map +1 -1
  27. package/dist/api/fleet.d.ts.map +1 -1
  28. package/dist/api/fleet.js +14 -15
  29. package/dist/api/fleet.js.map +1 -1
  30. package/dist/api/graph.js +3 -3
  31. package/dist/api/graph.js.map +1 -1
  32. package/dist/api/operations.d.ts +7 -0
  33. package/dist/api/operations.d.ts.map +1 -0
  34. package/dist/api/operations.js +1883 -0
  35. package/dist/api/operations.js.map +1 -0
  36. package/dist/api/partitions.js +1 -1
  37. package/dist/api/partitions.js.map +1 -1
  38. package/dist/api/schemas.d.ts +194 -10
  39. package/dist/api/schemas.d.ts.map +1 -1
  40. package/dist/api/schemas.js +38 -5
  41. package/dist/api/schemas.js.map +1 -1
  42. package/dist/api/system.d.ts.map +1 -1
  43. package/dist/api/system.js +22 -21
  44. package/dist/api/system.js.map +1 -1
  45. package/dist/artifact-analyzer.js +2 -2
  46. package/dist/artifact-analyzer.js.map +1 -1
  47. package/dist/fleet/fleet-executor.js +1 -1
  48. package/dist/fleet/fleet-executor.js.map +1 -1
  49. package/dist/graph/graph-executor.js +2 -2
  50. package/dist/graph/graph-executor.js.map +1 -1
  51. package/dist/index.js +44 -40
  52. package/dist/index.js.map +1 -1
  53. package/dist/mcp/resources.js +3 -3
  54. package/dist/mcp/resources.js.map +1 -1
  55. package/dist/mcp/tools.d.ts.map +1 -1
  56. package/dist/mcp/tools.js +2 -9
  57. package/dist/mcp/tools.js.map +1 -1
  58. package/dist/middleware/auth.js +1 -1
  59. package/dist/middleware/auth.js.map +1 -1
  60. package/package.json +1 -1
  61. package/src/agent/envoy-client.ts +107 -15
  62. package/src/agent/stale-deployment-detector.ts +1 -1
  63. package/src/agent/synth-agent.ts +59 -45
  64. package/src/alert-webhooks/alert-parsers.ts +291 -0
  65. package/src/api/agent.ts +9 -528
  66. package/src/api/alert-webhooks.ts +354 -0
  67. package/src/api/envoy-reports.ts +2 -2
  68. package/src/api/envoys.ts +1 -1
  69. package/src/api/fleet.ts +14 -15
  70. package/src/api/graph.ts +3 -3
  71. package/src/api/operations.ts +2240 -0
  72. package/src/api/partitions.ts +1 -1
  73. package/src/api/schemas.ts +43 -7
  74. package/src/api/system.ts +23 -21
  75. package/src/artifact-analyzer.ts +2 -2
  76. package/src/fleet/fleet-executor.ts +1 -1
  77. package/src/graph/graph-executor.ts +2 -2
  78. package/src/index.ts +46 -40
  79. package/src/mcp/resources.ts +3 -3
  80. package/src/mcp/tools.ts +5 -9
  81. package/src/middleware/auth.ts +1 -1
  82. package/tests/agent-mode.test.ts +5 -376
  83. package/tests/api-handlers.test.ts +27 -27
  84. package/tests/composite-operations.test.ts +557 -0
  85. package/tests/decision-diary.test.ts +62 -63
  86. package/tests/diary-reader.test.ts +14 -18
  87. package/tests/mcp-tools.test.ts +1 -1
  88. package/tests/orchestration.test.ts +34 -30
  89. package/tests/partition-isolation.test.ts +4 -9
  90. package/tests/rbac-enforcement.test.ts +8 -8
  91. package/tests/ui-journey.test.ts +9 -9
  92. package/dist/api/deployments.d.ts +0 -11
  93. package/dist/api/deployments.d.ts.map +0 -1
  94. package/dist/api/deployments.js +0 -1098
  95. package/dist/api/deployments.js.map +0 -1
  96. package/src/api/deployments.ts +0 -1347
package/dist/api/operations.js ADDED
@@ -0,0 +1,1883 @@
1
+ import { generatePostmortem, generatePostmortemAsync, resolveApprovalMode } from "@synth-deploy/core";
2
+ import { requirePermission } from "../middleware/permissions.js";
3
+ import { CreateOperationSchema, ApproveDeploymentSchema, RejectDeploymentSchema, ModifyDeploymentPlanSchema, SubmitPlanSchema, DeploymentListQuerySchema, DebriefQuerySchema, ProgressEventSchema, ReplanDeploymentSchema, } from "./schemas.js";
4
+ import { EnvoyClient } from "../agent/envoy-client.js";
5
+ /**
6
+ * REST API routes for deployments. These are the traditional (non-MCP) interface
7
+ * for the web UI and integrations.
8
+ */
9
+ function getArtifactId(op) {
10
+ return op.input.type === "deploy" ? op.input.artifactId : undefined;
11
+ }
12
+ export function registerOperationRoutes(app, deployments, debrief, partitions, environments, artifactStore, settings, telemetry, progressStore, envoyClient, envoyRegistry, llm) {
13
+ // Create a deployment (plan phase)
14
+ app.post("/api/operations", { preHandler: [requirePermission("deployment.create")] }, async (request, reply) => {
15
+ const parsed = CreateOperationSchema.safeParse(request.body);
16
+ if (!parsed.success) {
17
+ return reply.status(400).send({ error: parsed.error.message });
18
+ }
19
+ const { artifactId, environmentId, partitionId, envoyId, version, type: operationType, intent, allowWrite, condition, responseIntent, parentOperationId, requireApproval } = parsed.data;
20
+ // Validate artifact exists (required for deploy operations)
21
+ if (operationType === "deploy" && !artifactId) {
22
+ return reply.status(400).send({ error: "artifactId is required for deploy operations" });
23
+ }
24
+ const artifact = artifactId ? artifactStore.get(artifactId) : undefined;
25
+ if (operationType === "deploy" && !artifact) {
26
+ return reply.status(404).send({ error: `Artifact not found: ${artifactId}` });
27
+ }
28
+ // Validate environment exists (optional when targeting a partition or envoy)
29
+ const environment = environmentId ? environments.get(environmentId) : undefined;
30
+ if (environmentId && !environment) {
31
+ return reply.status(404).send({ error: `Environment not found: ${environmentId}` });
32
+ }
33
+ // Validate partition if provided
34
+ const partition = partitionId ? partitions.get(partitionId) : undefined;
35
+ if (partitionId && !partition) {
36
+ return reply.status(404).send({ error: `Partition not found: ${partitionId}` });
37
+ }
38
+ // Validate envoy if provided
39
+ const targetEnvoy = envoyId ? envoyRegistry?.get(envoyId) : undefined;
40
+ if (envoyId && !targetEnvoy) {
41
+ return reply.status(404).send({ error: `Envoy not found: ${envoyId}` });
42
+ }
43
+ // Resolve variables — partition vars are base, environment vars take precedence if present
44
+ const envVars = environment ? environment.variables : {};
45
+ const partitionVars = partition?.variables ?? {};
46
+ const resolved = { ...partitionVars, ...envVars };
47
+ const operationInput = operationType === "deploy"
48
+ ? { type: "deploy", artifactId: artifactId, ...(version ? { artifactVersionId: version } : {}) }
49
+ : operationType === "trigger"
50
+ ? { type: "trigger", condition: condition ?? intent ?? "", responseIntent: responseIntent ?? intent ?? "" }
51
+ : operationType === "composite"
52
+ ? { type: "composite", operations: (parsed.data.operations ?? []) }
53
+ : operationType === "investigate"
54
+ ? { type: "investigate", intent: intent ?? "", ...(allowWrite !== undefined ? { allowWrite } : {}) }
55
+ : { type: operationType, intent: intent ?? "" };
56
+ const deployment = {
57
+ id: crypto.randomUUID(),
58
+ input: operationInput,
59
+ intent,
60
+ lineage: parentOperationId,
61
+ triggeredBy: parentOperationId ? "user" : undefined,
62
+ environmentId,
63
+ partitionId,
64
+ envoyId: targetEnvoy?.id,
65
+ version: version ?? "",
66
+ status: "pending",
67
+ variables: resolved,
68
+ debriefEntryIds: [],
69
+ createdAt: new Date(),
70
+ ...(requireApproval ? { forceManualApproval: true } : {}),
71
+ };
72
+ deployments.save(deployment);
73
+ telemetry.record({ actor: (request.user?.email) ?? "anonymous", action: "operation.created", target: { type: "deployment", id: deployment.id }, details: { artifactId, environmentId, partitionId, envoyId } });
74
+ // Dispatch planning to the appropriate envoy asynchronously.
75
+ // The envoy reasons about the deployment (read-only) and POSTs back a plan,
76
+ // which transitions the deployment to awaiting_approval.
77
+ if (envoyRegistry) {
78
+ // Find the target envoy: explicit envoyId > environment-assigned > first available
79
+ const planningEnvoy = targetEnvoy
80
+ ?? (environment ? envoyRegistry.findForEnvironment(environment.name) : undefined)
81
+ ?? envoyRegistry.list()[0];
82
+ const needsArtifact = deployment.input.type === "deploy";
83
+ if (planningEnvoy && (!needsArtifact || artifact)) {
84
+ const planningClient = new EnvoyClient(planningEnvoy.url);
85
+ const environmentForPlanning = environment
86
+ ? { id: environment.id, name: environment.name, variables: environment.variables }
87
+ : { id: `direct:${planningEnvoy.id}`, name: planningEnvoy.name, variables: {} };
88
+ // Composite: orchestrate child planning separately — do not send composite to envoy directly
89
+ if (deployment.input.type === "composite") {
90
+ planCompositeChildren(deployment, envoyRegistry, planningEnvoy).catch((err) => {
91
+ const dep = deployments.get(deployment.id);
92
+ if (dep && (dep.status === "pending" || dep.status === "planning")) {
93
+ dep.status = "failed";
94
+ dep.failureReason = `Composite planning failed unexpectedly: ${err instanceof Error ? err.message : String(err)}`;
95
+ deployments.save(dep);
96
+ }
97
+ });
98
+ return;
99
+ }
100
+ planningClient.requestPlan({
101
+ operationId: deployment.id,
102
+ operationType: deployment.input.type,
103
+ intent: deployment.intent ?? (deployment.input.type === "trigger"
104
+ ? `Monitor: ${deployment.input.condition}. When triggered: ${deployment.input.responseIntent}`
105
+ : undefined),
106
+ ...(deployment.input.type === "trigger" ? {
107
+ triggerCondition: deployment.input.condition,
108
+ triggerResponseIntent: deployment.input.responseIntent,
109
+ } : {}),
110
+ ...(artifact ? {
111
+ artifact: {
112
+ id: artifact.id,
113
+ name: artifact.name,
114
+ type: artifact.type,
115
+ analysis: {
116
+ summary: artifact.analysis.summary,
117
+ dependencies: artifact.analysis.dependencies,
118
+ configurationExpectations: artifact.analysis.configurationExpectations,
119
+ deploymentIntent: artifact.analysis.deploymentIntent,
120
+ confidence: artifact.analysis.confidence,
121
+ },
122
+ },
123
+ } : {}),
124
+ ...(deployment.input.type === "investigate" && "allowWrite" in deployment.input
125
+ ? { allowWrite: deployment.input.allowWrite }
126
+ : {}),
127
+ environment: environmentForPlanning,
128
+ partition: partition
129
+ ? { id: partition.id, name: partition.name, variables: partition.variables }
130
+ : undefined,
131
+ version: deployment.version ?? "",
132
+ resolvedVariables: resolved,
133
+ }).then((result) => {
134
+ const dep = deployments.get(deployment.id);
135
+ if (!dep || dep.status !== "pending")
136
+ return;
137
+ dep.plan = result.plan;
138
+ dep.rollbackPlan = result.rollbackPlan;
139
+ dep.envoyId = planningEnvoy.id;
140
+ // Trigger operations: construct MonitoringDirective from plan, present for approval
141
+ if (dep.input.type === "trigger" && !result.blocked) {
142
+ const triggerInput = dep.input;
143
+ // Convert plan steps to monitoring probes
144
+ const probes = result.plan.steps.map((step) => ({
145
+ command: step.action,
146
+ label: step.description,
147
+ parseAs: (step.params?.parseAs === "exitCode" ? "exitCode" : "numeric"),
148
+ }));
149
+ const directive = {
150
+ id: dep.id,
151
+ operationId: dep.id,
152
+ probes: probes.length > 0 ? probes : [{
153
+ command: "echo 0",
154
+ label: "default-probe",
155
+ parseAs: "numeric",
156
+ }],
157
+ intervalMs: result.intervalMs ?? 60_000,
158
+ cooldownMs: result.cooldownMs ?? 300_000,
159
+ condition: triggerInput.condition,
160
+ responseIntent: triggerInput.responseIntent,
161
+ responseType: "maintain",
162
+ responseParameters: triggerInput.parameters,
163
+ environmentId: dep.environmentId,
164
+ partitionId: dep.partitionId,
165
+ status: "active",
166
+ };
167
+ dep.monitoringDirective = directive;
168
+ dep.triggerStatus = "active";
169
+ dep.status = "awaiting_approval";
170
+ dep.recommendation = computeRecommendation(dep, deployments, result.assessmentSummary);
171
+ deployments.save(dep);
172
+ // Debrief plan-generation entry is recorded by the envoy's planTrigger — no duplicate here.
173
+ return;
174
+ }
175
+ // Check approval mode for query/investigate operations with findings
176
+ if ((dep.input.type === "query" || dep.input.type === "investigate") &&
177
+ (result.queryFindings || result.investigationFindings)) {
178
+ if (result.queryFindings)
179
+ dep.queryFindings = result.queryFindings;
180
+ if (result.investigationFindings)
181
+ dep.investigationFindings = result.investigationFindings;
182
+ const currentSettings = settings.get();
183
+ const envLookup = (id) => environments.get(id)?.name;
184
+ const approvalMode = dep.forceManualApproval
185
+ ? "required"
186
+ : resolveApprovalMode(dep.input.type, dep.environmentId, currentSettings, envLookup);
187
+ if (approvalMode === "auto") {
188
+ // Auto-approve — findings are the deliverable
189
+ dep.status = "succeeded";
190
+ dep.completedAt = new Date();
191
+ deployments.save(dep);
192
+ const decisionType = dep.input.type === "query"
193
+ ? "query-findings"
194
+ : "investigation-findings";
195
+ const findings = result.queryFindings ?? result.investigationFindings;
196
+ debrief.record({
197
+ partitionId: dep.partitionId ?? null,
198
+ operationId: dep.id,
199
+ agent: "envoy",
200
+ decisionType,
201
+ decision: `${dep.input.type === "query" ? "Query" : "Investigation"} complete — ${findings.targetsSurveyed.length} target(s) surveyed`,
202
+ reasoning: findings.summary,
203
+ context: { targetsSurveyed: findings.targetsSurveyed, findingCount: findings.findings.length },
204
+ });
205
+ return;
206
+ }
207
+ // approvalMode === "required" — fall through to standard approval gate
208
+ }
209
+ if (result.blocked) {
210
+ // Unrecoverable precondition failures — block execution, do not present for approval
211
+ dep.status = "failed";
212
+ dep.failureReason = result.blockReason ?? "Plan blocked due to unrecoverable precondition failures";
213
+ deployments.save(dep);
214
+ debrief.record({
215
+ partitionId: dep.partitionId ?? null,
216
+ operationId: dep.id,
217
+ agent: "envoy",
218
+ decisionType: "plan-generation",
219
+ decision: `Operation plan blocked — infrastructure prerequisites not met`,
220
+ reasoning: result.blockReason ?? result.plan.reasoning,
221
+ context: { stepCount: result.plan.steps.length, envoyId: planningEnvoy.id, blocked: true },
222
+ });
223
+ }
224
+ else {
225
+ // Plan is valid — transition to awaiting_approval
226
+ dep.status = "awaiting_approval";
227
+ dep.recommendation = computeRecommendation(dep, deployments, result.assessmentSummary);
228
+ deployments.save(dep);
229
+ debrief.record({
230
+ partitionId: dep.partitionId ?? null,
231
+ operationId: dep.id,
232
+ agent: "envoy",
233
+ decisionType: "plan-generation",
234
+ decision: `Operation plan generated with ${result.plan.steps.length} steps`,
235
+ reasoning: result.plan.reasoning,
236
+ context: { stepCount: result.plan.steps.length, envoyId: planningEnvoy.id, delta: result.delta },
237
+ });
238
+ }
239
+ }).catch((err) => {
240
+ // Planning failed — mark deployment failed so UI doesn't wait forever
241
+ const dep = deployments.get(deployment.id);
242
+ if (!dep || dep.status !== "pending")
243
+ return;
244
+ dep.status = "failed";
245
+ dep.failureReason = err instanceof Error ? err.message : "Planning failed";
246
+ deployments.save(dep);
247
+ debrief.record({
248
+ partitionId: dep.partitionId ?? null,
249
+ operationId: dep.id,
250
+ agent: "server",
251
+ decisionType: "deployment-failure",
252
+ decision: "Envoy planning failed",
253
+ reasoning: dep.failureReason,
254
+ context: { error: dep.failureReason, envoyId: planningEnvoy.id },
255
+ });
256
+ });
257
+ }
258
+ }
259
+ return reply.status(201).send({ deployment });
260
+ });
261
+ // Get deployment by ID
262
+ app.get("/api/operations/:id", { preHandler: [requirePermission("deployment.view")] }, async (request, reply) => {
263
+ const deployment = deployments.get(request.params.id);
264
+ if (!deployment) {
265
+ return reply.status(404).send({ error: "Operation not found" });
266
+ }
267
+ return {
268
+ deployment,
269
+ debrief: debrief.getByOperation(deployment.id),
270
+ };
271
+ });
272
+ // What's New — compare deployed artifact version against catalog latest
273
+ app.get("/api/operations/:id/whats-new", { preHandler: [requirePermission("deployment.view")] }, async (request, reply) => {
274
+ const deployment = deployments.get(request.params.id);
275
+ if (!deployment) {
276
+ return reply.status(404).send({ error: "Operation not found" });
277
+ }
278
+ const versions = artifactStore.getVersions(getArtifactId(deployment) ?? "");
279
+ const sorted = versions.slice().sort((a, b) => new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime());
280
+ const latest = sorted[0] ?? null;
281
+ const deployedVersion = deployment.version;
282
+ const latestVersion = latest?.version ?? null;
283
+ const isLatest = latestVersion === null || latestVersion === deployedVersion;
284
+ return {
285
+ deployedVersion,
286
+ latestVersion,
287
+ isLatest,
288
+ latestCreatedAt: latest?.createdAt ? new Date(latest.createdAt).toISOString() : null,
289
+ };
290
+ });
291
+ // List deployments (optionally filtered by partition, artifact, or envoy)
292
+ app.get("/api/operations", { preHandler: [requirePermission("deployment.view")] }, async (request) => {
293
+ const qParsed = DeploymentListQuerySchema.safeParse(request.query);
294
+ const { partitionId, artifactId, envoyId } = qParsed.success ? qParsed.data : {};
295
+ let list;
296
+ if (partitionId) {
297
+ list = deployments.getByPartition(partitionId);
298
+ }
299
+ else if (artifactId) {
300
+ list = deployments.getByArtifact(artifactId);
301
+ }
302
+ else {
303
+ list = deployments.list();
304
+ }
305
+ if (envoyId) {
306
+ list = list.filter((d) => d.envoyId === envoyId);
307
+ }
308
+ return { deployments: list };
309
+ });
310
+ // Submit a plan from envoy — transitions deployment to awaiting_approval
311
+ app.post("/api/operations/:id/plan", { preHandler: [requirePermission("deployment.create")] }, async (request, reply) => {
312
+ const deployment = deployments.get(request.params.id);
313
+ if (!deployment) {
314
+ return reply.status(404).send({ error: "Operation not found" });
315
+ }
316
+ const parsed = SubmitPlanSchema.safeParse(request.body);
317
+ if (!parsed.success) {
318
+ return reply.status(400).send({ error: "Invalid plan submission", details: parsed.error.format() });
319
+ }
320
+ if ((deployment.status) !== "pending" && (deployment.status) !== "planning") {
321
+ return reply.status(409).send({ error: `Cannot submit plan for operation in "${deployment.status}" status` });
322
+ }
323
+ deployment.plan = parsed.data.plan;
324
+ deployment.rollbackPlan = parsed.data.rollbackPlan;
325
+ deployment.status = "awaiting_approval";
326
+ // Generate recommendation from enrichment context
327
+ deployment.recommendation = computeRecommendation(deployment, deployments);
328
+ deployments.save(deployment);
329
+ debrief.record({
330
+ partitionId: deployment.partitionId ?? null,
331
+ operationId: deployment.id,
332
+ agent: "envoy",
333
+ decisionType: "plan-generation",
334
+ decision: `Operation plan submitted with ${parsed.data.plan.steps.length} steps`,
335
+ reasoning: parsed.data.plan.reasoning,
336
+ context: { stepCount: parsed.data.plan.steps.length },
337
+ });
338
+ return reply.status(200).send({ deployment });
339
+ });
340
+ // Approve a deployment plan
341
+ app.post("/api/operations/:id/approve", { preHandler: [requirePermission("deployment.approve")] }, async (request, reply) => {
342
+ const deployment = deployments.get(request.params.id);
343
+ if (!deployment) {
344
+ return reply.status(404).send({ error: "Operation not found" });
345
+ }
346
+ const parsed = ApproveDeploymentSchema.safeParse(request.body);
347
+ if (!parsed.success) {
348
+ return reply.status(400).send({ error: parsed.error.message });
349
+ }
350
+ if ((deployment.status) !== "awaiting_approval") {
351
+ return reply.status(409).send({ error: `Cannot approve operation in "${deployment.status}" status — must be "awaiting_approval"` });
352
+ }
353
+ // Transition deployment status
354
+ deployment.approvedBy = parsed.data.approvedBy;
355
+ deployment.approvedAt = new Date();
356
+ deployment.status = "approved";
357
+ deployments.save(deployment);
358
+ const actor = (request.user?.email) ?? parsed.data.approvedBy;
359
+ // Record approval in debrief
360
+ debrief.record({
361
+ partitionId: deployment.partitionId ?? null,
362
+ operationId: deployment.id,
363
+ agent: "server",
364
+ decisionType: "system",
365
+ decision: `Operation approved by ${actor}`,
366
+ reasoning: parsed.data.modifications
367
+ ? `Approved with modifications: ${parsed.data.modifications}`
368
+ : "Approved without modifications",
369
+ context: { approvedBy: actor },
370
+ actor: request.user?.email,
371
+ });
372
+ telemetry.record({ actor, action: "operation.approved", target: { type: "deployment", id: deployment.id }, details: { modifications: parsed.data.modifications } });
373
+ telemetry.record({
374
+ actor,
375
+ action: parsed.data.modifications ? "agent.recommendation.overridden" : "agent.recommendation.followed",
376
+ target: { type: "deployment", id: deployment.id },
377
+ details: parsed.data.modifications
378
+ ? { modifications: parsed.data.modifications }
379
+ : { planStepCount: deployment.plan?.steps.length ?? 0 },
380
+ });
381
+ // Composite operations: execute children sequentially
382
+ if (deployment.input.type === "composite") {
383
+ deployment.status = "running";
384
+ deployments.save(deployment);
385
+ const compositeChildren = deployments.list()
386
+ .filter((d) => d.lineage === deployment.id)
387
+ .sort((a, b) => (a.sequenceIndex ?? 0) - (b.sequenceIndex ?? 0));
388
+ // Approve all children before executing sequentially
389
+ for (const child of compositeChildren) {
390
+ child.approvedBy = parsed.data.approvedBy;
391
+ child.approvedAt = new Date();
392
+ child.status = "approved";
393
+ deployments.save(child);
394
+ }
395
+ executeCompositeSequentially(deployment.id, compositeChildren.map((c) => c.id)).catch((err) => {
396
+ const dep = deployments.get(deployment.id);
397
+ if (dep && dep.status === "running") {
398
+ dep.status = "failed";
399
+ dep.failureReason = `Composite execution failed unexpectedly: ${err instanceof Error ? err.message : String(err)}`;
400
+ dep.completedAt = new Date();
401
+ deployments.save(dep);
402
+ }
403
+ });
404
+ return { deployment, approved: true };
405
+ }
406
+ // Trigger operations: install monitoring directive on envoy
407
+ if (deployment.input.type === "trigger" && deployment.monitoringDirective && envoyRegistry) {
408
+ const targetEnvoyForTrigger = deployment.envoyId
409
+ ? envoyRegistry.get(deployment.envoyId)
410
+ : envoyRegistry.list()[0];
411
+ if (targetEnvoyForTrigger) {
412
+ const triggerClient = new EnvoyClient(targetEnvoyForTrigger.url);
413
+ deployment.status = "running";
414
+ deployment.triggerStatus = "active";
415
+ deployments.save(deployment);
416
+ triggerClient.installMonitoringDirective(deployment.monitoringDirective).then(() => {
417
+ deployment.status = "succeeded";
418
+ deployment.completedAt = new Date();
419
+ deployments.save(deployment);
420
+ debrief.record({
421
+ partitionId: deployment.partitionId ?? null,
422
+ operationId: deployment.id,
423
+ agent: "server",
424
+ decisionType: "trigger-activated",
425
+ decision: `Monitoring directive installed on ${targetEnvoyForTrigger.name}`,
426
+ reasoning: `Trigger activated: monitoring "${deployment.monitoringDirective.condition}" every ${deployment.monitoringDirective.intervalMs / 1000}s with ${deployment.monitoringDirective.cooldownMs / 1000}s cooldown`,
427
+ context: { envoyId: targetEnvoyForTrigger.id, directiveId: deployment.monitoringDirective.id },
428
+ });
429
+ telemetry.record({ actor, action: "trigger.activated", target: { type: "trigger", id: deployment.id }, details: { envoyId: targetEnvoyForTrigger.id } });
430
+ }).catch((err) => {
431
+ deployment.status = "failed";
432
+ deployment.triggerStatus = "disabled";
433
+ deployment.failureReason = err instanceof Error ? err.message : "Failed to install monitoring directive";
434
+ deployments.save(deployment);
435
+ debrief.record({
436
+ partitionId: deployment.partitionId ?? null,
437
+ operationId: deployment.id,
438
+ agent: "server",
439
+ decisionType: "deployment-failure",
440
+ decision: "Failed to install monitoring directive on envoy",
441
+ reasoning: deployment.failureReason,
442
+ context: { error: deployment.failureReason },
443
+ });
444
+ });
445
+ }
446
+ }
447
+ // Normal operations: dispatch approved plan to envoy for execution
448
+ else if (envoyClient && deployment.plan && deployment.rollbackPlan) {
449
+ const artifact = artifactStore.get(getArtifactId(deployment) ?? "");
450
+ const serverPort = process.env.PORT ?? "9410";
451
+ const serverUrl = process.env.SYNTH_SERVER_URL ?? `http://localhost:${serverPort}`;
452
+ const progressCallbackUrl = `${serverUrl}/api/operations/${deployment.id}/progress`;
453
+ const callbackToken = envoyRegistry?.list().find(r => r.url === envoyClient.url)?.token;
454
+ deployment.status = "running";
455
+ deployments.save(deployment);
456
+ // Fire-and-forget: execution runs async, progress comes via callback
457
+ envoyClient.executeApprovedPlan({
458
+ operationId: deployment.id,
459
+ plan: deployment.plan,
460
+ rollbackPlan: deployment.rollbackPlan,
461
+ artifactType: artifact?.type ?? "unknown",
462
+ artifactName: artifact?.name ?? "unknown",
463
+ environmentId: deployment.environmentId ?? "",
464
+ progressCallbackUrl,
465
+ callbackToken,
466
+ }).catch((err) => {
467
+ // Execution dispatch failed — record failure
468
+ deployment.status = "failed";
469
+ deployment.failureReason = err instanceof Error ? err.message : "Execution dispatch failed";
470
+ deployments.save(deployment);
471
+ debrief.record({
472
+ partitionId: deployment.partitionId ?? null,
473
+ operationId: deployment.id,
474
+ agent: "server",
475
+ decisionType: "deployment-failure",
476
+ decision: "Failed to dispatch approved plan to envoy",
477
+ reasoning: deployment.failureReason,
478
+ context: { error: deployment.failureReason },
479
+ });
480
+ });
481
+ }
482
+ return { deployment, approved: true };
483
+ });
484
+ // Reject a deployment plan
485
+ app.post("/api/operations/:id/reject", { preHandler: [requirePermission("deployment.reject")] }, async (request, reply) => {
486
+ const deployment = deployments.get(request.params.id);
487
+ if (!deployment) {
488
+ return reply.status(404).send({ error: "Operation not found" });
489
+ }
490
+ const parsed = RejectDeploymentSchema.safeParse(request.body);
491
+ if (!parsed.success) {
492
+ return reply.status(400).send({ error: parsed.error.message });
493
+ }
494
+ if ((deployment.status) !== "awaiting_approval") {
495
+ return reply.status(409).send({ error: `Cannot reject operation in "${deployment.status}" status — must be "awaiting_approval"` });
496
+ }
497
+ // Transition deployment status and store rejection reason
498
+ deployment.status = "rejected";
499
+ deployment.rejectionReason = parsed.data.reason;
500
+ deployments.save(deployment);
501
+ const actor = (request.user?.email) ?? "anonymous";
502
+ // Record rejection in debrief
503
+ debrief.record({
504
+ partitionId: deployment.partitionId ?? null,
505
+ operationId: deployment.id,
506
+ agent: "server",
507
+ decisionType: "system",
508
+ decision: "Operation plan rejected",
509
+ reasoning: parsed.data.reason,
510
+ context: { reason: parsed.data.reason },
511
+ actor: request.user?.email,
512
+ });
513
+ telemetry.record({ actor, action: "operation.rejected", target: { type: "deployment", id: deployment.id }, details: { reason: parsed.data.reason } });
514
+ return { deployment, rejected: true };
515
+ });
516
+ // Modify a deployment plan (user edits steps before approval)
517
+ app.post("/api/operations/:id/modify", { preHandler: [requirePermission("deployment.approve")] }, async (request, reply) => {
518
+ const deployment = deployments.get(request.params.id);
519
+ if (!deployment) {
520
+ return reply.status(404).send({ error: "Operation not found" });
521
+ }
522
+ const parsed = ModifyDeploymentPlanSchema.safeParse(request.body);
523
+ if (!parsed.success) {
524
+ return reply.status(400).send({ error: parsed.error.message });
525
+ }
526
+ if ((deployment.status) !== "awaiting_approval") {
527
+ return reply.status(409).send({ error: `Cannot modify operation in "${deployment.status}" status — must be "awaiting_approval"` });
528
+ }
529
+ if (!deployment.plan) {
530
+ return reply.status(409).send({ error: "Operation has no plan to modify" });
531
+ }
532
+ // Validate modified plan with envoy if available
533
+ if (envoyClient) {
534
+ try {
535
+ const validation = await envoyClient.validatePlan(parsed.data.steps);
536
+ if (!validation.valid) {
537
+ return reply.status(422).send({
538
+ error: "Modified plan failed envoy validation",
539
+ violations: validation.violations,
540
+ });
541
+ }
542
+ }
543
+ catch {
544
+ // Envoy unreachable — proceed without validation but note it
545
+ }
546
+ }
547
+ // Build structured diff: what changed between old and new steps
548
+ const oldSteps = deployment.plan.steps;
549
+ const newSteps = parsed.data.steps;
550
+ const diffLines = [];
551
+ const maxLen = Math.max(oldSteps.length, newSteps.length);
552
+ for (let i = 0; i < maxLen; i++) {
553
+ const old = oldSteps[i];
554
+ const cur = newSteps[i];
555
+ if (!old) {
556
+ diffLines.push(`+ Step ${i + 1} (added): ${cur.action} ${cur.target} — ${cur.description}`);
557
+ }
558
+ else if (!cur) {
559
+ diffLines.push(`- Step ${i + 1} (removed): ${old.action} ${old.target} — ${old.description}`);
560
+ }
561
+ else if (old.action !== cur.action || old.target !== cur.target || old.description !== cur.description) {
562
+ diffLines.push(`~ Step ${i + 1} (changed): ${old.action} ${old.target} → ${cur.action} ${cur.target}`);
563
+ if (old.description !== cur.description) {
564
+ diffLines.push(` was: ${old.description}`);
565
+ diffLines.push(` now: ${cur.description}`);
566
+ }
567
+ }
568
+ }
569
+ const diffFromPreviousPlan = diffLines.length > 0
570
+ ? diffLines.join("\n")
571
+ : "Steps reordered or metadata changed (actions and targets unchanged)";
572
+ // Apply modifications
573
+ deployment.plan = {
574
+ ...deployment.plan,
575
+ steps: parsed.data.steps,
576
+ diffFromPreviousPlan,
577
+ };
578
+ deployments.save(deployment);
579
+ const actor = (request.user?.email) ?? "anonymous";
580
+ // Record modification in debrief
581
+ debrief.record({
582
+ partitionId: deployment.partitionId ?? null,
583
+ operationId: deployment.id,
584
+ agent: "server",
585
+ decisionType: "plan-modification",
586
+ decision: `Operation plan modified by ${actor}`,
587
+ reasoning: parsed.data.reason,
588
+ context: {
589
+ modifiedBy: actor,
590
+ stepCount: parsed.data.steps.length,
591
+ reason: parsed.data.reason,
592
+ },
593
+ actor: request.user?.email,
594
+ });
595
+ telemetry.record({
596
+ actor,
597
+ action: "operation.modified",
598
+ target: { type: "deployment", id: deployment.id },
599
+ details: { reason: parsed.data.reason, stepCount: parsed.data.steps.length },
600
+ });
601
+ telemetry.record({
602
+ actor,
603
+ action: "agent.recommendation.overridden",
604
+ target: { type: "deployment", id: deployment.id },
605
+ details: { reason: parsed.data.reason, stepCount: parsed.data.steps.length, diff: diffFromPreviousPlan },
606
+ });
607
+ return { deployment, modified: true };
608
+ });
609
+ // Replan a deployment with user feedback — triggers a new LLM planning pass
610
+ app.post("/api/operations/:id/replan", { preHandler: [requirePermission("deployment.approve")] }, async (request, reply) => {
611
+ const deploymentId = request.params.id;
612
+ const deployment = deployments.get(deploymentId);
613
+ if (!deployment) {
614
+ return reply.status(404).send({ error: "Operation not found" });
615
+ }
616
+ if ((deployment.status) !== "awaiting_approval") {
617
+ return reply.status(409).send({ error: `Cannot replan operation in "${deployment.status}" status — must be "awaiting_approval"` });
618
+ }
619
+ const parsed = ReplanDeploymentSchema.safeParse(request.body);
620
+ if (!parsed.success) {
621
+ return reply.status(400).send({ error: parsed.error.message });
622
+ }
623
+ const artifact = artifactStore.get(getArtifactId(deployment) ?? "");
624
+ if (!artifact) {
625
+ return reply.status(404).send({ error: `Artifact not found: ${getArtifactId(deployment)}` });
626
+ }
627
+ const environment = deployment.environmentId ? environments.get(deployment.environmentId) : undefined;
628
+ const partition = deployment.partitionId ? partitions.get(deployment.partitionId) : undefined;
629
+ const planningEnvoy = deployment.envoyId ? envoyRegistry?.get(deployment.envoyId) : envoyRegistry?.list()[0];
630
+ if (!planningEnvoy) {
631
+ return reply.status(422).send({ error: "No envoy available for replanning" });
632
+ }
633
+ // Validate feedback with LLM before triggering expensive replan
634
+ const planningClientForValidation = new EnvoyClient(planningEnvoy.url);
635
+ try {
636
+ const validation = await planningClientForValidation.validateRefinementFeedback({
637
+ feedback: parsed.data.feedback,
638
+ currentPlanSteps: (deployment.plan?.steps ?? []).map((s) => ({
639
+ description: s.description,
640
+ action: s.action,
641
+ target: s.target,
642
+ })),
643
+ artifactName: artifact?.name ?? "unknown",
644
+ environmentName: environment?.name ?? "unknown",
645
+ });
646
+ if (validation.mode === "rejection") {
647
+ return reply.status(422).send({ error: validation.message, mode: "rejection" });
648
+ }
649
+ if (validation.mode === "response") {
650
+ return reply.status(200).send({ mode: "response", message: validation.message });
651
+ }
652
+ // mode === "replan" — fall through to full replan
653
+ }
654
+ catch {
655
+ // Validation call failed — proceed with replan rather than blocking the user
656
+ }
657
+ deployment.status = "planning";
658
+ deployments.save(deployment);
659
+ const planningClient = new EnvoyClient(planningEnvoy.url);
660
+ const environmentForPlanning = environment
661
+ ? { id: environment.id, name: environment.name, variables: environment.variables }
662
+ : { id: `direct:${planningEnvoy.id}`, name: planningEnvoy.name, variables: {} };
663
+ let result;
664
+ try {
665
+ result = await planningClient.requestPlan({
666
+ operationId: deploymentId,
667
+ artifact: {
668
+ id: artifact.id,
669
+ name: artifact.name,
670
+ type: artifact.type,
671
+ analysis: {
672
+ summary: artifact.analysis.summary,
673
+ dependencies: artifact.analysis.dependencies,
674
+ configurationExpectations: artifact.analysis.configurationExpectations,
675
+ deploymentIntent: artifact.analysis.deploymentIntent,
676
+ confidence: artifact.analysis.confidence,
677
+ },
678
+ },
679
+ environment: environmentForPlanning,
680
+ partition: partition
681
+ ? { id: partition.id, name: partition.name, variables: partition.variables }
682
+ : undefined,
683
+ version: deployment.version ?? "",
684
+ resolvedVariables: deployment.variables,
685
+ refinementFeedback: parsed.data.feedback,
686
+ });
687
+ }
688
+ catch (err) {
689
+ const dep = deployments.get(deploymentId);
690
+ if (dep) {
691
+ dep.status = "awaiting_approval";
692
+ deployments.save(dep);
693
+ }
694
+ return reply.status(500).send({ error: err instanceof Error ? err.message : "Replanning failed" });
695
+ }
696
+ const dep = deployments.get(deploymentId);
697
+ if (!dep) {
698
+ return reply.status(404).send({ error: "Operation not found after replanning" });
699
+ }
700
+ dep.plan = result.plan;
701
+ dep.rollbackPlan = result.rollbackPlan;
702
+ dep.recommendation = computeRecommendation(dep, deployments, result.assessmentSummary);
703
+ dep.status = "awaiting_approval";
704
+ deployments.save(dep);
705
+ debrief.record({
706
+ partitionId: dep.partitionId ?? null,
707
+ operationId: dep.id,
708
+ agent: "envoy",
709
+ decisionType: "plan-generation",
710
+ decision: `Plan regenerated with user feedback (${result.plan.steps.length} steps)`,
711
+ reasoning: result.plan.reasoning,
712
+ context: { stepCount: result.plan.steps.length, envoyId: planningEnvoy.id, refinementFeedback: parsed.data.feedback },
713
+ });
714
+ return { deployment: dep, replanned: true };
715
+ });
716
+ // Get cross-system enrichment context for a deployment
717
+ app.get("/api/operations/:id/context", { preHandler: [requirePermission("deployment.view")] }, async (request, reply) => {
718
+ const deployment = deployments.get(request.params.id);
719
+ if (!deployment) {
720
+ return reply.status(404).send({ error: "Operation not found" });
721
+ }
722
+ const now = new Date();
723
+ const twentyFourHoursAgo = new Date(now.getTime() - 24 * 60 * 60 * 1000);
724
+ // Count recent operations to the same environment (only meaningful when environmentId is set)
725
+ const recentOperationsToEnv = deployment.environmentId
726
+ ? deployments.countByEnvironment(deployment.environmentId, twentyFourHoursAgo)
727
+ : 0;
728
+ // Check if the same artifact version was previously rolled back
729
+ const previouslyRolledBack = deployment.version
730
+ ? deployments.findByArtifactVersion(getArtifactId(deployment) ?? "", deployment.version, "rolled_back").length > 0
731
+ : false;
732
+ // Check for other in-progress operations to the same environment
733
+ const conflictingOperations = deployment.environmentId
734
+ ? deployments.list()
735
+ .filter((d) => d.environmentId === deployment.environmentId &&
736
+ d.id !== deployment.id &&
737
+ ((d.status) === "running" || (d.status) === "approved" || (d.status) === "awaiting_approval"))
738
+ .map((d) => d.id)
739
+ : [];
740
+ // Find last operation to the same environment
741
+ const lastDeploy = deployment.environmentId
742
+ ? deployments.findLatestByEnvironment(deployment.environmentId)
743
+ : undefined;
744
+ const lastOperationToEnv = lastDeploy && lastDeploy.id !== deployment.id
745
+ ? {
746
+ id: lastDeploy.id,
747
+ status: lastDeploy.status,
748
+ version: lastDeploy.version ?? "",
749
+ completedAt: lastDeploy.completedAt,
750
+ }
751
+ : undefined;
752
+ const enrichment = {
753
+ recentOperationsToEnv,
754
+ previouslyRolledBack,
755
+ conflictingOperations,
756
+ lastOperationToEnv,
757
+ };
758
+ return {
759
+ enrichment,
760
+ recommendation: deployment.recommendation ?? computeRecommendation(deployment, deployments),
761
+ };
762
+ });
763
+ // Request a post-hoc rollback plan — asks the envoy to reason about
764
+ // what actually ran and produce a targeted rollback plan
765
+ app.post("/api/operations/:id/request-rollback-plan", { preHandler: [requirePermission("deployment.approve")] }, async (request, reply) => {
766
+ const deployment = deployments.get(request.params.id);
767
+ if (!deployment) {
768
+ return reply.status(404).send({ error: "Operation not found" });
769
+ }
770
+ const finishedStatuses = new Set(["succeeded", "failed", "rolled_back"]);
771
+ if (!finishedStatuses.has(deployment.status)) {
772
+ return reply.status(409).send({
773
+ error: `Cannot request rollback plan for operation in "${deployment.status}" status — operation must be finished`,
774
+ });
775
+ }
776
+ const artifact = artifactStore.get(getArtifactId(deployment) ?? "");
777
+ if (!artifact) {
778
+ return reply.status(404).send({ error: "Artifact not found" });
779
+ }
780
+ // Determine which envoy to ask
781
+ const targetEnvoy = deployment.envoyId
782
+ ? envoyRegistry?.get(deployment.envoyId)
783
+ : envoyRegistry?.list()[0];
784
+ if (!targetEnvoy) {
785
+ return reply.status(503).send({ error: "No envoy available to generate rollback plan" });
786
+ }
787
+ const environment = deployment.environmentId ? environments.get(deployment.environmentId) : undefined;
788
+ // Build the list of completed steps from execution record (or plan as fallback)
789
+ const completedSteps = deployment.executionRecord?.steps.map((s) => ({
790
+ description: s.description,
791
+ action: deployment.plan?.steps.find((p) => p.description === s.description)?.action ?? "unknown",
792
+ target: deployment.plan?.steps.find((p) => p.description === s.description)?.target ?? "",
793
+ status: s.status,
794
+ output: s.output ?? s.error,
795
+ })) ?? deployment.plan?.steps.map((s) => ({
796
+ description: s.description,
797
+ action: s.action,
798
+ target: s.target,
799
+ status: "completed",
800
+ })) ?? [];
801
+ const rollbackClient = new EnvoyClient(targetEnvoy.url);
802
+ try {
803
+ const rollbackPlan = await rollbackClient.requestRollbackPlan({
804
+ operationId: deployment.id,
805
+ artifact: {
806
+ name: artifact.name,
807
+ type: artifact.type,
808
+ analysis: {
809
+ summary: artifact.analysis.summary,
810
+ dependencies: artifact.analysis.dependencies,
811
+ configurationExpectations: artifact.analysis.configurationExpectations,
812
+ deploymentIntent: artifact.analysis.deploymentIntent,
813
+ confidence: artifact.analysis.confidence,
814
+ },
815
+ },
816
+ environment: {
817
+ id: deployment.environmentId ?? "",
818
+ name: environment?.name ?? deployment.environmentId ?? "unknown",
819
+ },
820
+ completedSteps,
821
+ deployedVariables: deployment.variables,
822
+ version: deployment.version ?? "",
823
+ failureReason: deployment.failureReason ?? undefined,
824
+ });
825
+ // Store the generated rollback plan on the deployment
826
+ deployment.rollbackPlan = rollbackPlan;
827
+ deployments.save(deployment);
828
+ const actor = (request.user?.email) ?? "anonymous";
829
+ debrief.record({
830
+ partitionId: deployment.partitionId ?? null,
831
+ operationId: deployment.id,
832
+ agent: "server",
833
+ decisionType: "plan-generation",
834
+ decision: `Rollback plan requested and generated for ${artifact.name} v${deployment.version}`,
835
+ reasoning: rollbackPlan.reasoning,
836
+ context: {
837
+ requestedBy: actor,
838
+ stepCount: rollbackPlan.steps.length,
839
+ envoyId: targetEnvoy.id,
840
+ deploymentStatus: deployment.status,
841
+ },
842
+ actor: request.user?.email,
843
+ });
844
+ telemetry.record({
845
+ actor,
846
+ action: "deployment.rollback-plan-requested",
847
+ target: { type: "deployment", id: deployment.id },
848
+ details: { stepCount: rollbackPlan.steps.length },
849
+ });
850
+ return reply.status(200).send({ deployment, rollbackPlan });
851
+ }
852
+ catch (err) {
853
+ return reply.status(500).send({
854
+ error: "Failed to generate rollback plan",
855
+ details: err instanceof Error ? err.message : String(err),
856
+ });
857
+ }
858
+ });
859
+ // Execute rollback — runs the stored rollback plan against the envoy
860
+ app.post("/api/operations/:id/execute-rollback", { preHandler: [requirePermission("deployment.approve")] }, async (request, reply) => {
861
+ const deployment = deployments.get(request.params.id);
862
+ if (!deployment) {
863
+ return reply.status(404).send({ error: "Operation not found" });
864
+ }
865
+ if (!deployment.rollbackPlan) {
866
+ return reply.status(409).send({ error: "No rollback plan available — request one first" });
867
+ }
868
+ const finishedStatuses = new Set(["succeeded", "failed"]);
869
+ if (!finishedStatuses.has(deployment.status)) {
870
+ return reply.status(409).send({
871
+ error: `Cannot execute rollback for operation in "${deployment.status}" status`,
872
+ });
873
+ }
874
+ const artifact = artifactStore.get(getArtifactId(deployment) ?? "");
875
+ const targetEnvoy = deployment.envoyId
876
+ ? envoyRegistry?.get(deployment.envoyId)
877
+ : envoyRegistry?.list()[0];
878
+ if (!targetEnvoy) {
879
+ return reply.status(503).send({ error: "No envoy available to execute rollback" });
880
+ }
881
+ const actor = (request.user?.email) ?? "anonymous";
882
+ const serverPort = process.env.PORT ?? "9410";
883
+ const serverUrl = process.env.SYNTH_SERVER_URL ?? `http://localhost:${serverPort}`;
884
+ const progressCallbackUrl = `${serverUrl}/api/operations/${deployment.id}/progress`;
885
+ deployment.status = "running";
886
+ deployments.save(deployment);
887
+ debrief.record({
888
+ partitionId: deployment.partitionId ?? null,
889
+ operationId: deployment.id,
890
+ agent: "server",
891
+ decisionType: "rollback-execution",
892
+ decision: `Rollback execution initiated for ${artifact?.name ?? getArtifactId(deployment)} v${deployment.version}`,
893
+ reasoning: `Rollback requested by ${actor}. Executing ${deployment.rollbackPlan.steps.length} rollback step(s).`,
894
+ context: { initiatedBy: actor, stepCount: deployment.rollbackPlan.steps.length },
895
+ actor: request.user?.email,
896
+ });
897
+ telemetry.record({
898
+ actor,
899
+ action: "deployment.rollback-executed",
900
+ target: { type: "deployment", id: deployment.id },
901
+ details: { stepCount: deployment.rollbackPlan.steps.length },
902
+ });
903
+ const rollbackClient = new EnvoyClient(targetEnvoy.url);
904
+ // Execute the rollback plan as if it were a forward plan — it IS a forward plan
905
+ // (just in the reverse direction). Use an empty no-op plan as the "rollback of rollback".
906
+ const emptyPlan = { steps: [], reasoning: "No rollback of rollback." };
907
+ rollbackClient.executeApprovedPlan({
908
+ operationId: deployment.id,
909
+ plan: deployment.rollbackPlan,
910
+ rollbackPlan: emptyPlan,
911
+ artifactType: artifact?.type ?? "unknown",
912
+ artifactName: artifact?.name ?? "unknown",
913
+ environmentId: deployment.environmentId ?? "",
914
+ progressCallbackUrl,
915
+ callbackToken: targetEnvoy.token,
916
+ }).then((result) => {
917
+ const dep = deployments.get(deployment.id);
918
+ if (!dep)
919
+ return;
920
+ dep.status = result.success ? "rolled_back" : "failed";
921
+ if (!result.success) {
922
+ dep.failureReason = result.failureReason ?? "Rollback execution failed";
923
+ }
924
+ dep.completedAt = new Date();
925
+ deployments.save(dep);
926
+ debrief.record({
927
+ partitionId: dep.partitionId ?? null,
928
+ operationId: dep.id,
929
+ agent: "server",
930
+ decisionType: "rollback-execution",
931
+ decision: result.success
932
+ ? `Rollback completed successfully for ${artifact?.name ?? getArtifactId(dep)} v${dep.version}`
933
+ : `Rollback failed for ${artifact?.name ?? getArtifactId(dep)} v${dep.version}`,
934
+ reasoning: result.success
935
+ ? `All rollback steps executed successfully.`
936
+ : `Rollback failed: ${result.failureReason}`,
937
+ context: { success: result.success, failureReason: result.failureReason },
938
+ });
939
+ }).catch((err) => {
940
+ const dep = deployments.get(deployment.id);
941
+ if (!dep)
942
+ return;
943
+ dep.status = "failed";
944
+ dep.failureReason = err instanceof Error ? err.message : "Rollback execution dispatch failed";
945
+ deployments.save(dep);
946
+ });
947
+ return reply.status(202).send({ deployment, accepted: true });
948
+ });
949
+ // Retry (redeploy) — create a new deployment with the same parameters as the source
950
+ app.post("/api/operations/:id/retry", { preHandler: [requirePermission("deployment.create")] }, async (request, reply) => {
951
+ const source = deployments.get(request.params.id);
952
+ if (!source) {
953
+ return reply.status(404).send({ error: "Operation not found" });
954
+ }
955
+ // Calculate attempt number by following the retryOf chain
956
+ let attemptNumber = 1;
957
+ let cursor = source;
958
+ while (cursor?.retryOf) {
959
+ attemptNumber++;
960
+ cursor = deployments.get(cursor.retryOf);
961
+ }
962
+ attemptNumber++; // this new deployment is one more
963
+ // Validate artifact still exists
964
+ const artifact = artifactStore.get(getArtifactId(source) ?? "");
965
+ if (!artifact) {
966
+ return reply.status(404).send({ error: `Artifact not found: ${getArtifactId(source)}` });
967
+ }
968
+ // Validate environment still exists (if present on source)
969
+ const environment = source.environmentId ? environments.get(source.environmentId) : undefined;
970
+ if (source.environmentId && !environment) {
971
+ return reply.status(404).send({ error: `Environment not found: ${source.environmentId}` });
972
+ }
973
+ // Validate partition still exists (if present on source)
974
+ const partition = source.partitionId ? partitions.get(source.partitionId) : undefined;
975
+ if (source.partitionId && !partition) {
976
+ return reply.status(404).send({ error: `Partition not found: ${source.partitionId}` });
977
+ }
978
+ // Validate envoy still exists (if present on source)
979
+ const targetEnvoy = source.envoyId ? envoyRegistry?.get(source.envoyId) : undefined;
980
+ if (source.envoyId && !targetEnvoy) {
981
+ return reply.status(404).send({ error: `Envoy not found: ${source.envoyId}` });
982
+ }
983
+ // Resolve variables — same logic as POST /api/deployments
984
+ const envVars = environment ? environment.variables : {};
985
+ const partitionVars = partition?.variables ?? {};
986
+ const resolved = { ...partitionVars, ...envVars };
987
+ const deployment = {
988
+ id: crypto.randomUUID(),
989
+ input: source.input,
990
+ environmentId: source.environmentId,
991
+ partitionId: source.partitionId,
992
+ envoyId: targetEnvoy?.id,
993
+ version: source.version ?? "",
994
+ status: "pending",
995
+ variables: resolved,
996
+ retryOf: source.id,
997
+ debriefEntryIds: [],
998
+ createdAt: new Date(),
999
+ };
1000
+ deployments.save(deployment);
1001
+ const actor = (request.user?.email) ?? "anonymous";
1002
+ telemetry.record({ actor, action: "operation.created", target: { type: "deployment", id: deployment.id }, details: { artifactId: getArtifactId(source), environmentId: source.environmentId, partitionId: source.partitionId, envoyId: source.envoyId, retryOf: source.id } });
1003
+ // Record retry debrief entry
1004
+ debrief.record({
1005
+ partitionId: deployment.partitionId ?? null,
1006
+ operationId: deployment.id,
1007
+ agent: "server",
1008
+ decisionType: "system",
1009
+ decision: `Retry of operation ${source.id} (attempt #${attemptNumber})`,
1010
+ reasoning: `User initiated retry of operation ${source.id}. Same artifact, version, environment, and partition.`,
1011
+ context: { retryOf: source.id, attemptNumber, actor },
1012
+ actor: request.user?.email,
1013
+ });
1014
+ // Dispatch planning — same logic as POST /api/deployments
1015
+ if (envoyRegistry) {
1016
+ const planningEnvoy = targetEnvoy
1017
+ ?? (environment ? envoyRegistry.findForEnvironment(environment.name) : undefined)
1018
+ ?? envoyRegistry.list()[0];
1019
+ if (planningEnvoy) {
1020
+ const planningClient = new EnvoyClient(planningEnvoy.url);
1021
+ const environmentForPlanning = environment
1022
+ ? { id: environment.id, name: environment.name, variables: environment.variables }
1023
+ : { id: `direct:${planningEnvoy.id}`, name: planningEnvoy.name, variables: {} };
1024
+ planningClient.requestPlan({
1025
+ operationId: deployment.id,
1026
+ artifact: {
1027
+ id: artifact.id,
1028
+ name: artifact.name,
1029
+ type: artifact.type,
1030
+ analysis: {
1031
+ summary: artifact.analysis.summary,
1032
+ dependencies: artifact.analysis.dependencies,
1033
+ configurationExpectations: artifact.analysis.configurationExpectations,
1034
+ deploymentIntent: artifact.analysis.deploymentIntent,
1035
+ confidence: artifact.analysis.confidence,
1036
+ },
1037
+ },
1038
+ environment: environmentForPlanning,
1039
+ partition: partition
1040
+ ? { id: partition.id, name: partition.name, variables: partition.variables }
1041
+ : undefined,
1042
+ version: deployment.version ?? "",
1043
+ resolvedVariables: resolved,
1044
+ }).then((result) => {
1045
+ const dep = deployments.get(deployment.id);
1046
+ if (!dep || dep.status !== "pending")
1047
+ return;
1048
+ dep.plan = result.plan;
1049
+ dep.rollbackPlan = result.rollbackPlan;
1050
+ dep.envoyId = planningEnvoy.id;
1051
+ if (result.blocked) {
1052
+ dep.status = "failed";
1053
+ dep.failureReason = result.blockReason ?? "Plan blocked due to unrecoverable precondition failures";
1054
+ deployments.save(dep);
1055
+ debrief.record({
1056
+ partitionId: dep.partitionId ?? null,
1057
+ operationId: dep.id,
1058
+ agent: "envoy",
1059
+ decisionType: "plan-generation",
1060
+ decision: `Operation plan blocked — infrastructure prerequisites not met`,
1061
+ reasoning: result.blockReason ?? result.plan.reasoning,
1062
+ context: { stepCount: result.plan.steps.length, envoyId: planningEnvoy.id, blocked: true },
1063
+ });
1064
+ }
1065
+ else {
1066
+ dep.status = "awaiting_approval";
1067
+ dep.recommendation = computeRecommendation(dep, deployments, result.assessmentSummary);
1068
+ deployments.save(dep);
1069
+ debrief.record({
1070
+ partitionId: dep.partitionId ?? null,
1071
+ operationId: dep.id,
1072
+ agent: "envoy",
1073
+ decisionType: "plan-generation",
1074
+ decision: `Operation plan generated with ${result.plan.steps.length} steps`,
1075
+ reasoning: result.plan.reasoning,
1076
+ context: { stepCount: result.plan.steps.length, envoyId: planningEnvoy.id, delta: result.delta },
1077
+ });
1078
+ }
1079
+ }).catch((err) => {
1080
+ const dep = deployments.get(deployment.id);
1081
+ if (!dep || dep.status !== "pending")
1082
+ return;
1083
+ dep.status = "failed";
1084
+ dep.failureReason = err instanceof Error ? err.message : "Planning failed";
1085
+ deployments.save(dep);
1086
+ debrief.record({
1087
+ partitionId: dep.partitionId ?? null,
1088
+ operationId: dep.id,
1089
+ agent: "server",
1090
+ decisionType: "deployment-failure",
1091
+ decision: "Envoy planning failed",
1092
+ reasoning: dep.failureReason,
1093
+ context: { error: dep.failureReason, envoyId: planningEnvoy.id },
1094
+ });
1095
+ });
1096
+ }
1097
+ }
1098
+ return reply.status(201).send({ deployment, sourceDeploymentId: source.id, attemptNumber });
1099
+ });
1100
+ // Get deployment postmortem
1101
+ app.get("/api/operations/:id/postmortem", { preHandler: [requirePermission("deployment.view")] }, async (request, reply) => {
1102
+ const deployment = deployments.get(request.params.id);
1103
+ if (!deployment) {
1104
+ return reply.status(404).send({ error: "Operation not found" });
1105
+ }
1106
+ const entries = debrief.getByOperation(deployment.id);
1107
+ const postmortem = generatePostmortem(entries, deployment);
1108
+ const llmResult = await generatePostmortemAsync(entries, deployment, llm);
1109
+ return {
1110
+ postmortem,
1111
+ ...(llmResult.heuristicFallback ? {} : { llmPostmortem: llmResult.llmPostmortem }),
1112
+ };
1113
+ });
1114
+ // Get recent debrief entries (supports filtering by partition, decision type, and full-text search)
1115
+ app.get("/api/debrief", { preHandler: [requirePermission("deployment.view")] }, async (request) => {
1116
+ const qParsed = DebriefQuerySchema.safeParse(request.query);
1117
+ const { limit, partitionId, decisionType, q: searchQuery } = qParsed.success ? qParsed.data : {};
1118
+ const max = limit ?? 50;
1119
+ // Full-text search — takes priority over filters
1120
+ if (searchQuery) {
1121
+ let entries = debrief.search(searchQuery, max);
1122
+ if (partitionId)
1123
+ entries = entries.filter((e) => e.partitionId === partitionId);
1124
+ if (decisionType)
1125
+ entries = entries.filter((e) => e.decisionType === decisionType);
1126
+ return { entries };
1127
+ }
1128
+ // No filters — fast path
1129
+ if (!partitionId && !decisionType) {
1130
+ return { entries: debrief.getRecent(max) };
1131
+ }
1132
+ // Start with the most selective filter, then narrow
1133
+ let entries;
1134
+ if (partitionId && decisionType) {
1135
+ entries = debrief.getByPartition(partitionId).filter((e) => e.decisionType === decisionType);
1136
+ }
1137
+ else if (partitionId) {
1138
+ entries = debrief.getByPartition(partitionId);
1139
+ }
1140
+ else {
1141
+ entries = debrief.getByType(decisionType);
1142
+ }
1143
+ entries.sort((a, b) => b.timestamp.getTime() - a.timestamp.getTime());
1144
+ return { entries: entries.slice(0, max) };
1145
+ });
1146
+ // Pin/unpin an operation for quick-access
1147
+ // Static route registered before parameterized :id routes to avoid shadowing
1148
+ app.get("/api/operations/pinned", { preHandler: [requirePermission("deployment.view")] }, async () => {
1149
+ const ids = debrief.getPinnedOperationIds();
1150
+ const operations = ids.map((id) => deployments.get(id)).filter(Boolean);
1151
+ return { operations, pinnedIds: ids };
1152
+ });
1153
+ app.post("/api/operations/:id/pin", { preHandler: [requirePermission("deployment.view")] }, async (request) => {
1154
+ debrief.pinOperation(request.params.id);
1155
+ return { pinned: true };
1156
+ });
1157
+ app.delete("/api/operations/:id/pin", { preHandler: [requirePermission("deployment.view")] }, async (request) => {
1158
+ debrief.unpinOperation(request.params.id);
1159
+ return { pinned: false };
1160
+ });
1161
+ // ---------------------------------------------------------------------------
1162
+ // Progress streaming — envoy callback and SSE endpoints
1163
+ // ---------------------------------------------------------------------------
1164
+ // POST /api/deployments/:id/progress — receives progress events from envoy
1165
+ app.post("/api/operations/:id/progress", async (request, reply) => {
1166
+ if (!progressStore) {
1167
+ return reply.status(501).send({ error: "Progress streaming not configured" });
1168
+ }
1169
+ // Validate envoy token — this route is exempt from JWT auth
1170
+ if (envoyRegistry) {
1171
+ const authHeader = (request.headers.authorization ?? "");
1172
+ const token = authHeader.startsWith("Bearer ") ? authHeader.slice(7) : null;
1173
+ if (!token || !envoyRegistry.validateToken(token)) {
1174
+ return reply.status(401).send({ error: "Invalid or missing envoy token" });
1175
+ }
1176
+ }
1177
+ const parsed = ProgressEventSchema.safeParse(request.body);
1178
+ if (!parsed.success) {
1179
+ return reply.status(400).send({ error: "Invalid progress event", details: parsed.error.format() });
1180
+ }
1181
+ const event = parsed.data;
1182
+ // Validate the deploymentId in the URL matches the body
1183
+ if (event.deploymentId !== request.params.id) {
1184
+ return reply.status(400).send({ error: "Operation ID in URL does not match event body" });
1185
+ }
1186
+ progressStore.push(event);
1187
+ return reply.status(200).send({ received: true });
1188
+ });
1189
+ // GET /api/deployments/:id/stream — SSE endpoint for live progress
1190
+ // Auth is via ?token= query param since EventSource cannot send headers
1191
+ app.get("/api/operations/:id/stream", { preHandler: [requirePermission("deployment.view")] }, (request, reply) => {
1192
+ if (!progressStore) {
1193
+ reply.status(501).send({ error: "Progress streaming not configured" });
1194
+ return;
1195
+ }
1196
+ // Hijack the connection so Fastify does not finalize the response
1197
+ reply.hijack();
1198
+ // Set SSE headers
1199
+ reply.raw.writeHead(200, {
1200
+ "Content-Type": "text/event-stream",
1201
+ "Cache-Control": "no-cache",
1202
+ "Connection": "keep-alive",
1203
+ "X-Accel-Buffering": "no",
1204
+ });
1205
+ const deploymentId = request.params.id;
1206
+ // Check for Last-Event-ID header (reconnection with replay)
1207
+ const lastEventIdHeader = request.headers["last-event-id"];
1208
+ const lastEventId = lastEventIdHeader ? parseInt(String(lastEventIdHeader), 10) : 0;
1209
+ // Send catch-up events — either all (fresh connect) or since last ID (reconnect)
1210
+ const existing = lastEventId
1211
+ ? progressStore.getEventsSince(deploymentId, lastEventId)
1212
+ : progressStore.getEvents(deploymentId);
1213
+ for (const event of existing) {
1214
+ reply.raw.write(`id: ${event.id}\ndata: ${JSON.stringify(event)}\n\n`);
1215
+ }
1216
+ // Check if deployment already completed — if so, close after catch-up
1217
+ const lastEvent = existing[existing.length - 1];
1218
+ if (lastEvent?.type === "deployment-completed") {
1219
+ reply.raw.end();
1220
+ return;
1221
+ }
1222
+ // Subscribe to new events
1223
+ const listener = (event) => {
1224
+ try {
1225
+ reply.raw.write(`id: ${event.id}\ndata: ${JSON.stringify(event)}\n\n`);
1226
+ // Close the stream when deployment completes
1227
+ if (event.type === "deployment-completed") {
1228
+ reply.raw.end();
1229
+ }
1230
+ }
1231
+ catch {
1232
+ // Client disconnected — clean up
1233
+ progressStore.removeListener(deploymentId, listener);
1234
+ }
1235
+ };
1236
+ progressStore.addListener(deploymentId, listener);
1237
+ // Clean up on client disconnect
1238
+ request.raw.on("close", () => {
1239
+ progressStore.removeListener(deploymentId, listener);
1240
+ });
1241
+ });
1242
+ // -- Health reports from envoys (trigger system) ---------------------------
1243
+ app.post("/api/health-reports", async (request, reply) => {
1244
+ // Validate envoy token — same pattern as /api/envoy/report
1245
+ if (envoyRegistry) {
1246
+ const authHeader = (request.headers.authorization ?? "");
1247
+ const token = authHeader.startsWith("Bearer ") ? authHeader.slice(7) : null;
1248
+ if (!token || !envoyRegistry.validateToken(token)) {
1249
+ return reply.status(401).send({ error: "Invalid or missing envoy token" });
1250
+ }
1251
+ }
1252
+ const { HealthReportSchema } = await import("@synth-deploy/core");
1253
+ const parsed = HealthReportSchema.safeParse(request.body);
1254
+ if (!parsed.success) {
1255
+ return reply.status(400).send({ error: "Invalid health report", details: parsed.error.format() });
1256
+ }
1257
+ const report = parsed.data;
1258
+ // Find the trigger operation
1259
+ const triggerOp = deployments.get(report.triggerOperationId);
1260
+ if (!triggerOp || triggerOp.input.type !== "trigger") {
1261
+ return reply.status(404).send({ error: `Trigger operation not found: ${report.triggerOperationId}` });
1262
+ }
1263
+ // Record the health report
1264
+ debrief.record({
1265
+ partitionId: report.partitionId ?? null,
1266
+ operationId: triggerOp.id,
1267
+ agent: "envoy",
1268
+ decisionType: "health-report-received",
1269
+ decision: `Health report: ${report.summary}`,
1270
+ reasoning: `Trigger condition met on ${report.envoyId}. Probes: ${report.probeResults.map(p => `${p.label}=${p.parsedValue ?? p.output}`).join(", ")}`,
1271
+ context: { directiveId: report.directiveId, envoyId: report.envoyId, probeResults: report.probeResults },
1272
+ });
1273
+ // Deduplication: check for active child operations from this trigger
1274
+ const allOps = deployments.list();
1275
+ const activeChild = allOps.find((op) => op.lineage === triggerOp.id &&
1276
+ ["pending", "planning", "awaiting_approval", "approved", "running"].includes(op.status));
1277
+ if (activeChild) {
1278
+ // Suppress — record that we suppressed
1279
+ triggerOp.triggerSuppressedCount = (triggerOp.triggerSuppressedCount ?? 0) + 1;
1280
+ deployments.save(triggerOp);
1281
+ debrief.record({
1282
+ partitionId: report.partitionId ?? null,
1283
+ operationId: triggerOp.id,
1284
+ agent: "server",
1285
+ decisionType: "trigger-suppressed",
1286
+ decision: `Trigger suppressed — child operation ${activeChild.id} is still in progress (${activeChild.status})`,
1287
+ reasoning: `Deduplication: an operation spawned by this trigger is already active. Suppressed ${triggerOp.triggerSuppressedCount} time(s) total.`,
1288
+ context: { activeChildId: activeChild.id, activeChildStatus: activeChild.status, suppressedCount: triggerOp.triggerSuppressedCount },
1289
+ });
1290
+ return reply.status(200).send({ spawned: false, reason: "deduplicated", activeChildId: activeChild.id });
1291
+ }
1292
+ // Spawn child operation
1293
+ const triggerInput = triggerOp.input;
1294
+ const responseType = triggerOp.monitoringDirective?.responseType ?? "maintain";
1295
+ const childOp = {
1296
+ id: crypto.randomUUID(),
1297
+ input: responseType === "deploy"
1298
+ ? { type: "deploy", artifactId: "" }
1299
+ : { type: "maintain", intent: triggerInput.responseIntent, parameters: triggerInput.parameters },
1300
+ intent: triggerInput.responseIntent,
1301
+ lineage: triggerOp.id,
1302
+ triggeredBy: "trigger",
1303
+ environmentId: report.environmentId ?? triggerOp.environmentId,
1304
+ partitionId: report.partitionId ?? triggerOp.partitionId,
1305
+ envoyId: report.envoyId,
1306
+ version: "",
1307
+ status: "pending",
1308
+ variables: triggerOp.variables,
1309
+ debriefEntryIds: [],
1310
+ createdAt: new Date(),
1311
+ };
1312
+ deployments.save(childOp);
1313
+ // Update trigger stats
1314
+ triggerOp.triggerFireCount = (triggerOp.triggerFireCount ?? 0) + 1;
1315
+ triggerOp.triggerLastFiredAt = new Date();
1316
+ deployments.save(triggerOp);
1317
+ debrief.record({
1318
+ partitionId: childOp.partitionId ?? null,
1319
+ operationId: childOp.id,
1320
+ agent: "server",
1321
+ decisionType: "trigger-fired",
1322
+ decision: `Trigger fired — spawned child operation ${childOp.id}`,
1323
+ reasoning: `Condition "${triggerInput.condition}" met. Response: "${triggerInput.responseIntent}". Fire count: ${triggerOp.triggerFireCount}.`,
1324
+ context: { triggerId: triggerOp.id, envoyId: report.envoyId, fireCount: triggerOp.triggerFireCount },
1325
+ });
1326
+ telemetry.record({ actor: "agent", action: "trigger.fired", target: { type: "trigger", id: triggerOp.id }, details: { childOperationId: childOp.id } });
1327
+ // Dispatch planning for the child operation (same as new operation flow)
1328
+ if (envoyRegistry) {
1329
+ const childEnvoy = report.envoyId
1330
+ ? envoyRegistry.get(report.envoyId)
1331
+ : envoyRegistry.list()[0];
1332
+ if (childEnvoy) {
1333
+ const planningClient = new EnvoyClient(childEnvoy.url);
1334
+ const environment = childOp.environmentId ? environments.get(childOp.environmentId) : undefined;
1335
+ const environmentForPlanning = environment
1336
+ ? { id: environment.id, name: environment.name, variables: environment.variables }
1337
+ : { id: `direct:${childEnvoy.id}`, name: childEnvoy.name, variables: {} };
1338
+ planningClient.requestPlan({
1339
+ operationId: childOp.id,
1340
+ operationType: responseType,
1341
+ intent: childOp.intent,
1342
+ environment: environmentForPlanning,
1343
+ version: "",
1344
+ resolvedVariables: childOp.variables,
1345
+ }).then((result) => {
1346
+ const dep = deployments.get(childOp.id);
1347
+ if (!dep || dep.status !== "pending")
1348
+ return;
1349
+ dep.plan = result.plan;
1350
+ dep.rollbackPlan = result.rollbackPlan;
1351
+ dep.envoyId = childEnvoy.id;
1352
+ if (result.blocked) {
1353
+ dep.status = "failed";
1354
+ dep.failureReason = result.blockReason ?? "Plan blocked";
1355
+ deployments.save(dep);
1356
+ }
1357
+ else {
1358
+ dep.status = "awaiting_approval";
1359
+ dep.recommendation = computeRecommendation(dep, deployments, result.assessmentSummary);
1360
+ deployments.save(dep);
1361
+ }
1362
+ }).catch((err) => {
1363
+ const dep = deployments.get(childOp.id);
1364
+ if (!dep || dep.status !== "pending")
1365
+ return;
1366
+ dep.status = "failed";
1367
+ dep.failureReason = err instanceof Error ? err.message : "Planning failed";
1368
+ deployments.save(dep);
1369
+ });
1370
+ }
1371
+ }
1372
+ return reply.status(201).send({ spawned: true, childOperationId: childOp.id });
1373
+ });
1374
+ // -- Trigger management (pause/resume/disable) ----------------------------
1375
+ app.post("/api/operations/:id/trigger/pause", { preHandler: [requirePermission("deployment.approve")] }, async (request, reply) => {
1376
+ const op = deployments.get(request.params.id);
1377
+ if (!op || op.input.type !== "trigger") {
1378
+ return reply.status(404).send({ error: "Trigger operation not found" });
1379
+ }
1380
+ if (op.triggerStatus !== "active") {
1381
+ return reply.status(409).send({ error: `Cannot pause trigger in "${op.triggerStatus}" status` });
1382
+ }
1383
+ // Pause on envoy
1384
+ if (op.envoyId && envoyRegistry) {
1385
+ const envoy = envoyRegistry.get(op.envoyId);
1386
+ if (envoy) {
1387
+ const client = new EnvoyClient(envoy.url);
1388
+ await client.pauseMonitoringDirective(op.id);
1389
+ }
1390
+ }
1391
+ op.triggerStatus = "paused";
1392
+ if (op.monitoringDirective)
1393
+ op.monitoringDirective.status = "paused";
1394
+ deployments.save(op);
1395
+ const actor = (request.user?.email) ?? "anonymous";
1396
+ debrief.record({
1397
+ partitionId: op.partitionId ?? null,
1398
+ operationId: op.id,
1399
+ agent: "server",
1400
+ decisionType: "trigger-paused",
1401
+ decision: `Trigger paused by ${actor}`,
1402
+ reasoning: "User requested trigger pause",
1403
+ context: {},
1404
+ actor: request.user?.email,
1405
+ });
1406
+ telemetry.record({ actor, action: "trigger.paused", target: { type: "trigger", id: op.id }, details: {} });
1407
+ return { operation: op, paused: true };
1408
+ });
1409
+ app.post("/api/operations/:id/trigger/resume", { preHandler: [requirePermission("deployment.approve")] }, async (request, reply) => {
1410
+ const op = deployments.get(request.params.id);
1411
+ if (!op || op.input.type !== "trigger") {
1412
+ return reply.status(404).send({ error: "Trigger operation not found" });
1413
+ }
1414
+ if (op.triggerStatus !== "paused") {
1415
+ return reply.status(409).send({ error: `Cannot resume trigger in "${op.triggerStatus}" status` });
1416
+ }
1417
+ // Resume on envoy
1418
+ if (op.envoyId && envoyRegistry) {
1419
+ const envoy = envoyRegistry.get(op.envoyId);
1420
+ if (envoy) {
1421
+ const client = new EnvoyClient(envoy.url);
1422
+ await client.resumeMonitoringDirective(op.id);
1423
+ }
1424
+ }
1425
+ op.triggerStatus = "active";
1426
+ if (op.monitoringDirective)
1427
+ op.monitoringDirective.status = "active";
1428
+ deployments.save(op);
1429
+ const actor = (request.user?.email) ?? "anonymous";
1430
+ debrief.record({
1431
+ partitionId: op.partitionId ?? null,
1432
+ operationId: op.id,
1433
+ agent: "server",
1434
+ decisionType: "trigger-resumed",
1435
+ decision: `Trigger resumed by ${actor}`,
1436
+ reasoning: "User requested trigger resume",
1437
+ context: {},
1438
+ actor: request.user?.email,
1439
+ });
1440
+ telemetry.record({ actor, action: "trigger.resumed", target: { type: "trigger", id: op.id }, details: {} });
1441
+ return { operation: op, resumed: true };
1442
+ });
1443
+ app.post("/api/operations/:id/trigger/disable", { preHandler: [requirePermission("deployment.approve")] }, async (request, reply) => {
1444
+ const op = deployments.get(request.params.id);
1445
+ if (!op || op.input.type !== "trigger") {
1446
+ return reply.status(404).send({ error: "Trigger operation not found" });
1447
+ }
1448
+ // Remove from envoy
1449
+ if (op.envoyId && envoyRegistry) {
1450
+ const envoy = envoyRegistry.get(op.envoyId);
1451
+ if (envoy) {
1452
+ const client = new EnvoyClient(envoy.url);
1453
+ await client.removeMonitoringDirective(op.id).catch(() => { });
1454
+ }
1455
+ }
1456
+ op.triggerStatus = "disabled";
1457
+ if (op.monitoringDirective)
1458
+ op.monitoringDirective.status = "disabled";
1459
+ deployments.save(op);
1460
+ const actor = (request.user?.email) ?? "anonymous";
1461
+ debrief.record({
1462
+ partitionId: op.partitionId ?? null,
1463
+ operationId: op.id,
1464
+ agent: "server",
1465
+ decisionType: "trigger-disabled",
1466
+ decision: `Trigger disabled by ${actor}`,
1467
+ reasoning: "User requested trigger disable",
1468
+ context: {},
1469
+ actor: request.user?.email,
1470
+ });
1471
+ telemetry.record({ actor, action: "trigger.disabled", target: { type: "trigger", id: op.id }, details: {} });
1472
+ return { operation: op, disabled: true };
1473
+ });
1474
+ // ---------------------------------------------------------------------------
1475
+ // Composite operation helpers — defined inside registerOperationRoutes so
1476
+ // they close over the stores and registry.
1477
+ // ---------------------------------------------------------------------------
1478
+ async function planCompositeChildren(parentOp, _registry, planningEnvoy) {
1479
+ const compositeInput = parentOp.input;
1480
+ const childInputs = compositeInput.operations;
1481
+ if (childInputs.length === 0) {
1482
+ const dep = deployments.get(parentOp.id);
1483
+ if (dep) {
1484
+ dep.status = "failed";
1485
+ dep.failureReason = "Composite operation has no child operations";
1486
+ deployments.save(dep);
1487
+ }
1488
+ return;
1489
+ }
1490
+ const childIds = [];
1491
+ const environment = parentOp.environmentId ? environments.get(parentOp.environmentId) : undefined;
1492
+ const partition = parentOp.partitionId ? partitions.get(parentOp.partitionId) : undefined;
1493
+ for (let seqIdx = 0; seqIdx < childInputs.length; seqIdx++) {
1494
+ const childInput = childInputs[seqIdx];
1495
+ const childOp = {
1496
+ id: crypto.randomUUID(),
1497
+ input: childInput,
1498
+ intent: "intent" in childInput ? childInput.intent
1499
+ : childInput.type === "trigger" ? `Monitor: ${childInput.condition}`
1500
+ : undefined,
1501
+ lineage: parentOp.id,
1502
+ triggeredBy: "agent",
1503
+ environmentId: parentOp.environmentId,
1504
+ partitionId: parentOp.partitionId,
1505
+ envoyId: planningEnvoy.id,
1506
+ version: parentOp.version ?? "",
1507
+ status: "pending",
1508
+ variables: parentOp.variables,
1509
+ debriefEntryIds: [],
1510
+ createdAt: new Date(),
1511
+ sequenceIndex: seqIdx,
1512
+ };
1513
+ deployments.save(childOp);
1514
+ childIds.push(childOp.id);
1515
+ }
1516
+ debrief.record({
1517
+ partitionId: parentOp.partitionId ?? null,
1518
+ operationId: parentOp.id,
1519
+ agent: "server",
1520
+ decisionType: "composite-started",
1521
+ decision: `Composite operation started — planning ${childIds.length} child operation(s) sequentially`,
1522
+ reasoning: `Sequential composite: ${childInputs.map((c) => c.type).join(" → ")}`,
1523
+ context: { childIds, childCount: childIds.length, sequence: childInputs.map((c) => c.type) },
1524
+ });
1525
+ const environmentForPlanning = environment
1526
+ ? { id: environment.id, name: environment.name, variables: environment.variables }
1527
+ : { id: `direct:${planningEnvoy.id}`, name: planningEnvoy.name, variables: {} };
1528
+ let anyFailed = false;
1529
+ for (const childId of childIds) {
1530
+ const child = deployments.get(childId);
1531
+ if (!child)
1532
+ continue;
1533
+ const childInput = child.input;
1534
+ const childArtifact = childInput.type === "deploy"
1535
+ ? artifactStore.get(childInput.artifactId)
1536
+ : undefined;
1537
+ const planningClient = new EnvoyClient(planningEnvoy.url);
1538
+ try {
1539
+ const result = await planningClient.requestPlan({
1540
+ operationId: childId,
1541
+ operationType: childInput.type,
1542
+ intent: "intent" in childInput ? childInput.intent
1543
+ : childInput.type === "trigger" ? `Monitor: ${childInput.condition}`
1544
+ : undefined,
1545
+ ...(childArtifact ? {
1546
+ artifact: {
1547
+ id: childArtifact.id,
1548
+ name: childArtifact.name,
1549
+ type: childArtifact.type,
1550
+ analysis: childArtifact.analysis,
1551
+ },
1552
+ } : {}),
1553
+ ...(childInput.type === "investigate" && "allowWrite" in childInput
1554
+ ? { allowWrite: childInput.allowWrite }
1555
+ : {}),
1556
+ environment: environmentForPlanning,
1557
+ partition: partition ? { id: partition.id, name: partition.name, variables: partition.variables } : undefined,
1558
+ version: parentOp.version ?? "",
1559
+ resolvedVariables: parentOp.variables,
1560
+ });
1561
+ const childDep = deployments.get(childId);
1562
+ if (!childDep)
1563
+ continue;
1564
+ if (result.blocked) {
1565
+ childDep.status = "failed";
1566
+ childDep.failureReason = result.blockReason ?? "Plan blocked";
1567
+ deployments.save(childDep);
1568
+ anyFailed = true;
1569
+ const parentDep = deployments.get(parentOp.id);
1570
+ if (parentDep && parentDep.status === "pending") {
1571
+ parentDep.status = "failed";
1572
+ parentDep.failureReason = `Child operation (${childInput.type}) plan blocked: ${childDep.failureReason}`;
1573
+ deployments.save(parentDep);
1574
+ debrief.record({
1575
+ partitionId: parentDep.partitionId ?? null,
1576
+ operationId: parentDep.id,
1577
+ agent: "server",
1578
+ decisionType: "composite-failed",
1579
+ decision: `Child operation planning blocked — composite cannot proceed`,
1580
+ reasoning: childDep.failureReason,
1581
+ context: { childId, childType: childInput.type },
1582
+ });
1583
+ }
1584
+ break;
1585
+ }
1586
+ childDep.plan = result.plan;
1587
+ childDep.rollbackPlan = result.rollbackPlan;
1588
+ childDep.envoyId = planningEnvoy.id;
1589
+ if (childInput.type === "query" && result.queryFindings)
1590
+ childDep.queryFindings = result.queryFindings;
1591
+ if (childInput.type === "investigate" && result.investigationFindings)
1592
+ childDep.investigationFindings = result.investigationFindings;
1593
+ childDep.status = "awaiting_approval";
1594
+ deployments.save(childDep);
1595
+ debrief.record({
1596
+ partitionId: childDep.partitionId ?? null,
1597
+ operationId: childDep.id,
1598
+ agent: "envoy",
1599
+ decisionType: "plan-generation",
1600
+ decision: `Child operation plan generated with ${result.plan.steps.length} steps`,
1601
+ reasoning: result.plan.reasoning,
1602
+ context: { stepCount: result.plan.steps.length, envoyId: planningEnvoy.id, parentOperationId: parentOp.id },
1603
+ });
1604
+ }
1605
+ catch (err) {
1606
+ const childDep = deployments.get(childId);
1607
+ if (childDep) {
1608
+ childDep.status = "failed";
1609
+ childDep.failureReason = err instanceof Error ? err.message : "Planning failed";
1610
+ deployments.save(childDep);
1611
+ }
1612
+ anyFailed = true;
1613
+ const parentDep = deployments.get(parentOp.id);
1614
+ if (parentDep && parentDep.status === "pending") {
1615
+ parentDep.status = "failed";
1616
+ parentDep.failureReason = `Child operation (${childInput.type}) planning failed: ${err instanceof Error ? err.message : "unknown error"}`;
1617
+ deployments.save(parentDep);
1618
+ debrief.record({
1619
+ partitionId: parentDep.partitionId ?? null,
1620
+ operationId: parentDep.id,
1621
+ agent: "server",
1622
+ decisionType: "composite-failed",
1623
+ decision: `Child operation planning failed — composite cannot proceed`,
1624
+ reasoning: parentDep.failureReason,
1625
+ context: { childId, childType: childInput.type, error: parentDep.failureReason },
1626
+ });
1627
+ }
1628
+ break;
1629
+ }
1630
+ }
1631
+ if (!anyFailed) {
1632
+ // All children planned — build combined summary plan and await approval
1633
+ const allChildren = childIds.map((id) => deployments.get(id)).filter(Boolean);
1634
+ const combinedSteps = allChildren.flatMap((c, idx) => {
1635
+ if (!c.plan)
1636
+ return [];
1637
+ return c.plan.steps.map((step) => ({
1638
+ ...step,
1639
+ description: `[${idx + 1}/${allChildren.length}: ${c.input.type}] ${step.description}`,
1640
+ }));
1641
+ });
1642
+ const combinedReasoning = allChildren.map((c, idx) => `Step ${idx + 1} (${c.input.type}): ${c.plan?.reasoning ?? "no reasoning"}`).join("\n\n");
1643
+ const parentDep = deployments.get(parentOp.id);
1644
+ if (parentDep && parentDep.status === "pending") {
1645
+ parentDep.plan = { steps: combinedSteps, reasoning: combinedReasoning };
1646
+ parentDep.rollbackPlan = { steps: [], reasoning: "Child operations handle their own rollback" };
1647
+ parentDep.status = "awaiting_approval";
1648
+ parentDep.recommendation = computeRecommendation(parentDep, deployments);
1649
+ deployments.save(parentDep);
1650
+ debrief.record({
1651
+ partitionId: parentDep.partitionId ?? null,
1652
+ operationId: parentDep.id,
1653
+ agent: "server",
1654
+ decisionType: "composite-plan-ready",
1655
+ decision: `All ${allChildren.length} child plans ready — composite awaiting approval`,
1656
+ reasoning: combinedReasoning,
1657
+ context: { childIds, totalSteps: combinedSteps.length },
1658
+ });
1659
+ }
1660
+ }
1661
+ }
1662
+ async function executeCompositeSequentially(parentId, childIds) {
1663
+ const parentOp = deployments.get(parentId);
1664
+ if (!parentOp)
1665
+ return;
1666
+ debrief.record({
1667
+ partitionId: parentOp.partitionId ?? null,
1668
+ operationId: parentOp.id,
1669
+ agent: "server",
1670
+ decisionType: "composite-started",
1671
+ decision: `Composite execution started — running ${childIds.length} child operations sequentially`,
1672
+ reasoning: `Composite operation approved — executing children in order`,
1673
+ context: { childIds, totalChildren: childIds.length },
1674
+ });
1675
+ for (let i = 0; i < childIds.length; i++) {
1676
+ const childId = childIds[i];
1677
+ const child = deployments.get(childId);
1678
+ if (!child || !child.plan || !child.rollbackPlan) {
1679
+ const dep = deployments.get(parentId);
1680
+ if (dep) {
1681
+ dep.status = "failed";
1682
+ dep.failureReason = `Child operation ${i + 1} has no plan — cannot execute`;
1683
+ deployments.save(dep);
1684
+ debrief.record({
1685
+ partitionId: dep.partitionId ?? null,
1686
+ operationId: dep.id,
1687
+ agent: "server",
1688
+ decisionType: "composite-failed",
1689
+ decision: `Child operation ${i + 1} missing plan — composite failed`,
1690
+ reasoning: dep.failureReason,
1691
+ context: { childId, childIndex: i },
1692
+ });
1693
+ }
1694
+ return;
1695
+ }
1696
+ const targetEnvoy = child.envoyId ? envoyRegistry?.get(child.envoyId) : envoyRegistry?.list()[0];
1697
+ if (!targetEnvoy) {
1698
+ const dep = deployments.get(parentId);
1699
+ if (dep) {
1700
+ dep.status = "failed";
1701
+ dep.failureReason = `No envoy available for child operation ${i + 1}`;
1702
+ deployments.save(dep);
1703
+ }
1704
+ return;
1705
+ }
1706
+ child.status = "running";
1707
+ deployments.save(child);
1708
+ debrief.record({
1709
+ partitionId: child.partitionId ?? null,
1710
+ operationId: child.id,
1711
+ agent: "server",
1712
+ decisionType: "composite-child-started",
1713
+ decision: `Executing child operation ${i + 1}/${childIds.length} (${child.input.type})`,
1714
+ reasoning: `Sequential composite execution — child ${i + 1} of ${childIds.length}`,
1715
+ context: { childId, childIndex: i, parentOperationId: parentId, childType: child.input.type },
1716
+ });
1717
+ const artifact = artifactStore.get(getArtifactId(child) ?? "");
1718
+ const serverPort = process.env.PORT ?? "9410";
1719
+ const serverUrl = process.env.SYNTH_SERVER_URL ?? `http://localhost:${serverPort}`;
1720
+ const progressCallbackUrl = `${serverUrl}/api/operations/${child.id}/progress`;
1721
+ const callbackToken = envoyRegistry?.list().find((r) => r.url === targetEnvoy.url)?.token;
1722
+ const childEnvoyClient = new EnvoyClient(targetEnvoy.url);
1723
+ try {
1724
+ await childEnvoyClient.executeApprovedPlan({
1725
+ operationId: child.id,
1726
+ plan: child.plan,
1727
+ rollbackPlan: child.rollbackPlan,
1728
+ artifactType: artifact?.type ?? "unknown",
1729
+ artifactName: artifact?.name ?? "unknown",
1730
+ environmentId: child.environmentId ?? "",
1731
+ progressCallbackUrl,
1732
+ callbackToken,
1733
+ });
1734
+ }
1735
+ catch (err) {
1736
+ const dep = deployments.get(parentId);
1737
+ if (dep) {
1738
+ dep.status = "failed";
1739
+ dep.failureReason = `Child operation ${i + 1} (${child.input.type}) execution dispatch failed: ${err instanceof Error ? err.message : "unknown error"}`;
1740
+ dep.completedAt = new Date();
1741
+ deployments.save(dep);
1742
+ debrief.record({
1743
+ partitionId: dep.partitionId ?? null,
1744
+ operationId: dep.id,
1745
+ agent: "server",
1746
+ decisionType: "composite-failed",
1747
+ decision: `Child operation ${i + 1} execution dispatch failed`,
1748
+ reasoning: dep.failureReason,
1749
+ context: { childId, childIndex: i, error: dep.failureReason },
1750
+ });
1751
+ }
1752
+ return;
1753
+ }
1754
+ // Wait for child to complete (poll every 2 seconds, 5-minute timeout)
1755
+ const timeoutMs = 300_000;
1756
+ const pollIntervalMs = 2_000;
1757
+ const start = Date.now();
1758
+ let childSucceeded = false;
1759
+ while (Date.now() - start < timeoutMs) {
1760
+ await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
1761
+ const updated = deployments.get(childId);
1762
+ if (updated?.status === "succeeded") {
1763
+ childSucceeded = true;
1764
+ break;
1765
+ }
1766
+ if (updated?.status === "failed" || updated?.status === "rolled_back" || updated?.status === "cancelled") {
1767
+ break;
1768
+ }
1769
+ // Stop if the parent was externally cancelled or failed while we were waiting
1770
+ const parentNow = deployments.get(parentId);
1771
+ if (!parentNow || parentNow.status === "failed" || parentNow.status === "cancelled") {
1772
+ return;
1773
+ }
1774
+ }
1775
+ const finalChild = deployments.get(childId);
1776
+ if (!childSucceeded) {
1777
+ const reason = finalChild?.failureReason ?? `Child operation ${i + 1} did not complete in time`;
1778
+ const dep = deployments.get(parentId);
1779
+ if (dep) {
1780
+ dep.status = "failed";
1781
+ dep.failureReason = `Composite stopped at step ${i + 1}/${childIds.length} (${child.input.type}): ${reason}`;
1782
+ dep.completedAt = new Date();
1783
+ deployments.save(dep);
1784
+ debrief.record({
1785
+ partitionId: dep.partitionId ?? null,
1786
+ operationId: dep.id,
1787
+ agent: "server",
1788
+ decisionType: "composite-failed",
1789
+ decision: `Composite stopped at child ${i + 1}/${childIds.length} — ${child.input.type} failed`,
1790
+ reasoning: dep.failureReason,
1791
+ context: { childId, childIndex: i, failedChildType: child.input.type, completedChildren: i },
1792
+ });
1793
+ }
1794
+ return;
1795
+ }
1796
+ debrief.record({
1797
+ partitionId: finalChild?.partitionId ?? null,
1798
+ operationId: childId,
1799
+ agent: "server",
1800
+ decisionType: "composite-child-completed",
1801
+ decision: `Child operation ${i + 1}/${childIds.length} (${child.input.type}) completed successfully`,
1802
+ reasoning: `Child execution succeeded — proceeding to next child`,
1803
+ context: { childId, childIndex: i, parentOperationId: parentId },
1804
+ });
1805
+ }
1806
+ // All children succeeded
1807
+ const dep = deployments.get(parentId);
1808
+ if (dep) {
1809
+ dep.status = "succeeded";
1810
+ dep.completedAt = new Date();
1811
+ deployments.save(dep);
1812
+ debrief.record({
1813
+ partitionId: dep.partitionId ?? null,
1814
+ operationId: dep.id,
1815
+ agent: "server",
1816
+ decisionType: "composite-completed",
1817
+ decision: `Composite operation completed — all ${childIds.length} child operations succeeded`,
1818
+ reasoning: `All child operations executed successfully in sequence`,
1819
+ context: { childIds, totalChildren: childIds.length },
1820
+ });
1821
+ }
1822
+ }
1823
+ }
1824
+ // ---------------------------------------------------------------------------
1825
+ // Recommendation engine — synthesizes enrichment context into a verdict
1826
+ // ---------------------------------------------------------------------------
1827
+ function computeRecommendation(deployment, store, llmSummary) {
1828
+ const factors = [];
1829
+ let verdict = "proceed";
1830
+ const now = new Date();
1831
+ const twentyFourHoursAgo = new Date(now.getTime() - 24 * 60 * 60 * 1000);
1832
+ // Check for previously rolled-back version
1833
+ if (deployment.version) {
1834
+ const rolledBack = store.findByArtifactVersion(getArtifactId(deployment) ?? "", deployment.version, "rolled_back");
1835
+ if (rolledBack.length > 0) {
1836
+ verdict = "caution";
1837
+ factors.push("This artifact version was previously rolled back");
1838
+ }
1839
+ }
1840
+ // Check for conflicting deployments (only meaningful when environmentId is set)
1841
+ if (deployment.environmentId) {
1842
+ const conflicting = store.list().filter((d) => d.environmentId === deployment.environmentId &&
1843
+ d.id !== deployment.id &&
1844
+ ((d.status) === "running" || (d.status) === "approved"));
1845
+ if (conflicting.length > 0) {
1846
+ verdict = "hold";
1847
+ factors.push(`${conflicting.length} other operation(s) in progress for this environment`);
1848
+ }
1849
+ }
1850
+ // Check deployment frequency
1851
+ const recentCount = deployment.environmentId
1852
+ ? store.countByEnvironment(deployment.environmentId, twentyFourHoursAgo)
1853
+ : 0;
1854
+ if (recentCount > 5) {
1855
+ if (verdict === "proceed")
1856
+ verdict = "caution";
1857
+ factors.push(`High operation frequency: ${recentCount} operations in the last 24h`);
1858
+ }
1859
+ // Check last deployment status
1860
+ const lastDeploy = deployment.environmentId
1861
+ ? store.findLatestByEnvironment(deployment.environmentId)
1862
+ : undefined;
1863
+ if (lastDeploy && lastDeploy.id !== deployment.id) {
1864
+ if ((lastDeploy.status) === "failed" || (lastDeploy.status) === "rolled_back") {
1865
+ if (verdict === "proceed")
1866
+ verdict = "caution";
1867
+ factors.push(`Last operation to this environment ${lastDeploy.status}`);
1868
+ }
1869
+ else if ((lastDeploy.status) === "succeeded") {
1870
+ factors.push("Last operation to this environment succeeded");
1871
+ }
1872
+ }
1873
+ if (factors.length === 0) {
1874
+ factors.push("No risk factors detected — target is stable");
1875
+ }
1876
+ const summaryMap = {
1877
+ proceed: "Proceed — no conflicting operations, target environment is stable",
1878
+ caution: "Proceed with caution — review risk factors before greenlighting",
1879
+ hold: "Hold — resolve conflicting operations before proceeding",
1880
+ };
1881
+ return { verdict, summary: llmSummary ?? summaryMap[verdict], factors };
1882
+ }
1883
+ //# sourceMappingURL=operations.js.map