@treeseed/sdk 0.8.10 → 0.8.12

package/dist/operations/agent-tools.js

@@ -0,0 +1,183 @@
+const AGENT_OPERATION_NAMES = [
+  "switch",
+  "dev",
+  "verify",
+  "save",
+  "stage",
+  "merge_to_staging",
+  "close",
+  "release"
+];
+const AGENT_OPERATION_MODES = ["dry_run", "read_only", "mutating"];
+function normalizePath(value) {
+  return value.replace(/\\/gu, "/").replace(/^\.?\//u, "").replace(/\/+/gu, "/");
+}
+function matchesPattern(path, pattern) {
+  const normalizedPath = normalizePath(path);
+  const normalizedPattern = normalizePath(pattern);
+  if (normalizedPattern.endsWith("/**")) {
+    const prefix = normalizedPattern.slice(0, -3);
+    return normalizedPath === prefix || normalizedPath.startsWith(`${prefix}/`);
+  }
+  if (normalizedPattern.endsWith("/")) {
+    return normalizedPath.startsWith(normalizedPattern);
+  }
+  return normalizedPath === normalizedPattern || normalizedPath.startsWith(`${normalizedPattern}/`);
+}
+function listMatches(value, allowed) {
+  return !allowed?.length || value !== void 0 && allowed.includes(value);
+}
+function grantActive(grant, now) {
+  if ((grant.state ?? "active") !== "active") {
+    return "operation_grant_inactive";
+  }
+  if (grant.expiresAt && Date.parse(grant.expiresAt) <= now.valueOf()) {
+    return "operation_grant_expired";
+  }
+  return null;
+}
+function deny(code, summary, options = {}) {
+  return {
+    allowed: false,
+    status: options.status ?? "waiting",
+    code,
+    summary,
+    grant: options.grant,
+    metadata: options.metadata ?? {}
+  };
+}
+function allow(grant, metadata = {}) {
+  return {
+    allowed: true,
+    status: "completed",
+    code: "allowed",
+    summary: `Operation grant ${grant.id} allows this request.`,
+    grant,
+    metadata
+  };
+}
+function isAgentOperationName(value) {
+  return AGENT_OPERATION_NAMES.includes(value);
+}
+function resolveAgentOperationGrant(request, grants, now = /* @__PURE__ */ new Date()) {
+  return grants.find((grant) => {
+    if (request.permissionGrantId && grant.id !== request.permissionGrantId) return false;
+    if (grantActive(grant, now)) return false;
+    if (!grant.operations.includes(request.operation)) return false;
+    return true;
+  }) ?? null;
+}
+function decideAgentOperationPermission(input) {
+  const { request } = input;
+  const now = input.now ?? /* @__PURE__ */ new Date();
+  if (!isAgentOperationName(request.operation)) {
+    return deny("invalid_operation", `Unsupported agent operation "${String(request.operation)}".`, { status: "failed" });
+  }
+  if (request.operation === "release") {
+    const approval = request.approval;
+    if (!approval || approval.state !== "approved" || request.approvalId && approval.id !== request.approvalId) {
+      return deny("operation_release_approval_required", "Release requires an explicit approved release approval.");
+    }
+  }
+  const grant = resolveAgentOperationGrant(request, input.grants, now);
+  if (!grant) {
+    return deny("operation_permission_required", `No operation grant allows ${request.agentRole} to run ${request.operation}.`);
+  }
+  const activeCode = grantActive(grant, now);
+  if (activeCode) {
+    return deny(activeCode, `Operation grant ${grant.id} is not active.`, { grant });
+  }
+  if (!grant.modes.includes(request.mode)) {
+    return deny("operation_mode_not_granted", `Operation grant ${grant.id} does not allow ${request.mode} mode.`, { grant });
+  }
+  if (!listMatches(request.agentRole, grant.agentRoles)) {
+    return deny("operation_role_not_granted", `Operation grant ${grant.id} does not allow role ${request.agentRole}.`, { grant });
+  }
+  if (!listMatches(request.taskKind, grant.taskKinds)) {
+    return deny("operation_task_kind_not_granted", `Operation grant ${grant.id} does not allow task kind ${request.taskKind ?? "<none>"}.`, { grant });
+  }
+  if (!listMatches(request.projectId, grant.projectIds)) {
+    return deny("operation_project_not_granted", `Operation grant ${grant.id} does not allow project ${request.projectId}.`, { grant });
+  }
+  if (!listMatches(request.environment, grant.environments)) {
+    return deny("operation_environment_not_granted", `Operation grant ${grant.id} does not allow environment ${request.environment}.`, { grant });
+  }
+  if (grant.requiresApproval && (!request.approval || request.approval.state !== "approved")) {
+    return deny("operation_approval_required", `Operation grant ${grant.id} requires approval.`, { grant });
+  }
+  if (grant.approvalIds?.length && (!request.approval || !grant.approvalIds.includes(request.approval.id) || request.approval.state !== "approved")) {
+    return deny("operation_approval_required", `Operation grant ${grant.id} requires one of its approved approval ids.`, { grant });
+  }
+  if (request.mode === "mutating" && !request.worktreeRoot && request.operation !== "release") {
+    return deny("operation_worktree_required", `Mutating operation ${request.operation} requires an assigned worktree root.`, { grant });
+  }
+  const allowedPaths = request.allowedPaths?.length ? request.allowedPaths : grant.allowedPaths ?? [];
+  const forbiddenPaths = [...grant.forbiddenPaths ?? [], ...request.forbiddenPaths ?? []];
+  const changedPaths = request.changedPaths ?? [];
+  if ((request.operation === "stage" || request.operation === "merge_to_staging") && allowedPaths.length === 0) {
+    return deny("operation_allowed_paths_required", `${request.operation} requires allowed paths.`, { grant });
+  }
+  for (const changedPath of changedPaths) {
+    if (forbiddenPaths.some((pattern) => matchesPattern(changedPath, pattern))) {
+      return deny("operation_path_forbidden", `${changedPath} is forbidden.`, {
+        grant,
+        status: "failed",
+        metadata: { changedPath, forbiddenPaths }
+      });
+    }
+    if (allowedPaths.length > 0 && !allowedPaths.some((pattern) => matchesPattern(changedPath, pattern))) {
+      return deny("operation_path_not_allowed", `${changedPath} is outside allowed paths.`, {
+        grant,
+        status: "failed",
+        metadata: { changedPath, allowedPaths }
+      });
+    }
+  }
+  return allow(grant, { allowedPaths, forbiddenPaths });
+}
+function deniedAgentOperationResult(request, decision) {
+  return {
+    operation: request.operation,
+    status: decision.status,
+    summary: decision.summary,
+    changedPaths: request.changedPaths ?? [],
+    stagedPaths: [],
+    commandsRun: [],
+    artifacts: [],
+    error: {
+      code: decision.code,
+      message: decision.summary,
+      retryable: decision.status === "waiting"
+    },
+    metadata: {
+      permission: decision
+    }
+  };
+}
+function createAgentOperationEvent(input) {
+  return {
+    operation: input.request.operation,
+    mode: input.request.mode,
+    agentRole: input.request.agentRole,
+    taskId: input.request.taskId,
+    permissionGrantId: input.request.permissionGrantId,
+    inputSummary: {
+      projectId: input.request.projectId,
+      environment: input.request.environment,
+      allowedPaths: input.request.allowedPaths ?? [],
+      forbiddenPaths: input.request.forbiddenPaths ?? [],
+      changedPaths: input.request.changedPaths ?? []
+    },
+    result: input.result,
+    createdAt: input.createdAt ?? (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+export {
+  AGENT_OPERATION_MODES,
+  AGENT_OPERATION_NAMES,
+  createAgentOperationEvent,
+  decideAgentOperationPermission,
+  deniedAgentOperationResult,
+  isAgentOperationName,
+  resolveAgentOperationGrant
+};

package/dist/operations/services/commit-message-provider.js

@@ -29,7 +29,7 @@ const danglingSubjectEndings = /* @__PURE__ */ new Set([
   "update",
   "with"
 ]);
-const defaultTimeoutMs = 3e4;
+const defaultTimeoutMs = 6e4;
 const defaultMaxDiffChars = 12e3;
 const subjectMaxLength = 72;
 function envValue(env, key) {

package/dist/operations/services/d1-migration.js

@@ -1,4 +1,5 @@
 import { existsSync, readdirSync } from "node:fs";
+import { readFileSync } from "node:fs";
 import { resolve } from "node:path";
 import { spawnSync } from "node:child_process";
 import { resolveWranglerBin } from "./runtime-tools.js";
@@ -98,6 +99,28 @@ function markMigrationApplied({ cwd, wranglerConfig, persistTo, migration }) {
     command: `INSERT OR REPLACE INTO treeseed_schema_migrations (name, applied_at) VALUES ('${migration.replace(/'/g, "''")}', datetime('now'));`
   });
 }
+function tableColumns({ cwd, wranglerConfig, persistTo, tableName }) {
+  const result = executeSqlCommand({
+    cwd,
+    wranglerConfig,
+    persistTo,
+    capture: true,
+    command: `PRAGMA table_info(${tableName.replace(/[^A-Za-z0-9_]/g, "")});`
+  });
+  const parsed = parseWranglerJsonOutput(result.stdout);
+  const rows = (Array.isArray(parsed) ? parsed : [parsed]).flatMap((entry) => entry.results ?? []);
+  return new Set(rows.map((row) => row.name).filter(Boolean));
+}
+function migrationAlreadySatisfied({ cwd, wranglerConfig, persistTo, filePath }) {
+  const sql = readFileSync(filePath, "utf8");
+  if (!sql.includes("execution_profile_id") || !sql.includes("task_estimate_profiles")) {
+    return false;
+  }
+  const estimateColumns = tableColumns({ cwd, wranglerConfig, persistTo, tableName: "task_estimates" });
+  const actualColumns = tableColumns({ cwd, wranglerConfig, persistTo, tableName: "task_usage_actuals" });
+  const profileColumns = tableColumns({ cwd, wranglerConfig, persistTo, tableName: "task_estimate_profiles" });
+  return estimateColumns.has("execution_profile_id") && actualColumns.has("execution_profile_id") && profileColumns.has("execution_profile_id") && profileColumns.has("completed_sample_count") && profileColumns.has("interrupted_sample_count") && profileColumns.has("confidence_score");
+}
 function runLocalD1Migrations({ cwd, wranglerConfig, migrationsRoot, persistTo }) {
   ensureSchemaMigrationsTable({ cwd, wranglerConfig, persistTo });
   const appliedMigrations = loadAppliedMigrations({ cwd, wranglerConfig, persistTo });
@@ -111,6 +134,10 @@ function runLocalD1Migrations({ cwd, wranglerConfig, migrationsRoot, persistTo }
       console.error(`Unable to find migration file at ${filePath}.`);
       process.exit(1);
     }
+    if (migrationAlreadySatisfied({ cwd, wranglerConfig, persistTo, filePath })) {
+      markMigrationApplied({ cwd, wranglerConfig, persistTo, migration });
+      continue;
+    }
     executeSqlFile({ cwd, wranglerConfig, filePath, persistTo });
     markMigrationApplied({ cwd, wranglerConfig, persistTo, migration });
   }

package/dist/operations/services/hub-provider-launch.js

@@ -352,7 +352,7 @@ function applyManagedProjectDefaults(projectRoot, input) {
       ...config.providers ?? {},
       forms: config.providers?.forms ?? "store_only",
       agents: {
-        execution: "copilot",
+        execution: "codex",
         mutation: "local_branch",
         repository: "git",
         verification: "local",

package/dist/operations/services/runtime-tools.js

@@ -37,7 +37,7 @@ const TREESEED_DEFAULT_PLUGIN_REFERENCES = [
 const TREESEED_DEFAULT_PROVIDER_SELECTIONS = {
   forms: "store_only",
   agents: {
-    execution: "copilot",
+    execution: "codex",
     mutation: "local_branch",
     repository: "git",
     verification: "local",

package/dist/operations.d.ts

@@ -5,5 +5,6 @@ export { TreeseedOperationsSdk } from './operations/runtime.ts';
 export type { HubContentResolutionPolicy, KnowledgeHubLaunchIntent, KnowledgeHubLaunchPhase, KnowledgeHubLaunchPlan, KnowledgeHubLaunchResult, KnowledgeHubRepositoryPlan, RepositoryHost, } from './operations/services/hub-launch.ts';
 export type { TreeseedOperationContext, TreeseedOperationImplementation, TreeseedOperationId, TreeseedOperationMetadata, TreeseedOperationProvider, TreeseedOperationProviderId, TreeseedOperationRequest, TreeseedOperationResult, TreeseedOperationGroup, } from './operations-types.ts';
 export { TreeseedOperationError } from './operations-types.ts';
+export { AGENT_OPERATION_MODES, AGENT_OPERATION_NAMES, createAgentOperationEvent, decideAgentOperationPermission, deniedAgentOperationResult, isAgentOperationName, resolveAgentOperationGrant, type AgentDeterministicOperationStep, type AgentOperationApprovalRef, type AgentOperationEvent, type AgentOperationGrant, type AgentOperationMergeFailure, type AgentOperationMode, type AgentOperationName, type AgentOperationPermissionCode, type AgentOperationPermissionDecision, type AgentOperationRequest, type AgentOperationResult, type AgentOperationStatus, } from './operations/agent-tools.ts';
 export { TreeseedWorkflowSdk } from './workflow.ts';
 export type * from './workflow.ts';

package/dist/operations.js

@@ -15,20 +15,36 @@ import {
 } from "./operations/services/hub-launch.js";
 import { TreeseedOperationsSdk } from "./operations/runtime.js";
 import { TreeseedOperationError } from "./operations-types.js";
+import {
+  AGENT_OPERATION_MODES,
+  AGENT_OPERATION_NAMES,
+  createAgentOperationEvent,
+  decideAgentOperationPermission,
+  deniedAgentOperationResult,
+  isAgentOperationName,
+  resolveAgentOperationGrant
+} from "./operations/agent-tools.js";
 import { TreeseedWorkflowSdk } from "./workflow.js";
 export {
+  AGENT_OPERATION_MODES,
+  AGENT_OPERATION_NAMES,
   TRESEED_OPERATION_SPECS,
   TreeseedOperationError,
   TreeseedOperationsSdk,
   TreeseedWorkflowSdk,
   collectTreeseedConfigSeedValues,
+  createAgentOperationEvent,
   createKnowledgeHubRepositories,
+  decideAgentOperationPermission,
   defaultHubContentResolutionPolicy,
+  deniedAgentOperationResult,
   executeKnowledgeHubLaunch,
   findTreeseedOperation,
+  isAgentOperationName,
   listTreeseedOperationNames,
   normalizeKnowledgeHubLaunchIntent,
   planKnowledgeHubLaunch,
   planKnowledgeHubRepositories,
+  resolveAgentOperationGrant,
   validateRepositoryHost
 };

package/dist/platform/environment.js

@@ -106,6 +106,10 @@ function processingPlaneEnabled(context) {
 function formsEnabled(context) {
   return webSurfaceEnabled(context) && (context.deployConfig.providers?.forms ?? "store_only") !== "none";
 }
+function codexExecutionSelected(context) {
+  const execution = context.deployConfig.providers?.agents?.execution ?? "codex";
+  return execution === "codex" || execution === "codex_subscription";
+}
 function railwayManagedEnabled(context) {
   if (!workflowPlaneAllows("processing")) {
     return false;
@@ -333,6 +337,7 @@ const PREDICATES = {
   apiSurfaceEnabled: (context) => apiSurfaceEnabled(context),
   processingPlaneEnabled: (context) => processingPlaneEnabled(context),
   formsEnabled: (context) => formsEnabled(context),
+  codexExecutionSelected: (context) => codexExecutionSelected(context),
   railwayManagedEnabled: (context) => railwayManagedEnabled(context),
   hubTreeseedHosted: (context) => resolveHubMode(context) === "treeseed_hosted",
   hubCustomerHosted: (context) => resolveHubMode(context) === "customer_hosted",

package/dist/platform/plugins/constants.js

@@ -3,7 +3,7 @@ const TREESEED_DEFAULT_PROVIDER_SELECTIONS = {
   forms: "store_only",
   operations: "default",
   agents: {
-    execution: "copilot",
+    execution: "codex",
     mutation: "local_branch",
     repository: "git",
     verification: "local",

package/dist/plugin-default.js

@@ -6,7 +6,7 @@ var plugin_default_default = defineTreeseedPlugin({
     forms: ["store_only", "notify_admin", "full_email"],
     operations: ["default"],
     agents: {
-      execution: ["stub", "manual", "copilot"],
+      execution: ["stub", "manual", "copilot", "codex", "codex_subscription"],
       mutation: ["local_branch"],
       repository: ["stub", "git"],
       verification: ["stub", "local"],

package/dist/sdk-types.d.ts

@@ -412,6 +412,224 @@ export type CapacityReservationState = 'reserved' | 'consuming' | 'consumed' | '
 export type CapacityEstimatePhase = 'intent' | 'discovery' | 'plan' | 'execution' | 'actual';
 export type CapacityEstimateConfidence = 'low' | 'medium' | 'high';
 export type CapacityApprovalState = 'pending' | 'approved' | 'rejected' | 'expired' | 'superseded';
+export type TaskRiskClass = 'low' | 'medium' | 'high';
+export type TaskMutationScope = 'none' | 'repository_read' | 'repository_write' | 'production';
+export type TaskConcurrencyClass = 'read_only' | 'repository_claim' | 'exclusive_project' | 'human_attention';
+export type TaskAdmissionOutcome = 'admitted' | 'planning_required' | 'approval_required' | 'budget_blocked' | 'deferred' | 'rejected';
+export type CanonicalTaskState = 'pending' | 'queued' | 'claimed' | 'running' | 'completed' | 'failed' | 'waiting' | 'paused_for_approval' | 'checkpointing' | 'checkpointed' | 'continuation_required' | 'rollback_required' | 'rollback_complete' | 'provider_exhausted' | 'reservation_exhausted';
+export type RepositoryWorkState = 'clean' | 'claimed_dirty' | 'checkpointed_dirty' | 'parked_dirty' | 'rollback_required';
+export interface TaskClassification {
+    taskSignature: string;
+    risk: TaskRiskClass;
+    mutationScope: TaskMutationScope;
+    concurrencyClass: TaskConcurrencyClass;
+    expectedFanout: number;
+    confidence: CapacityEstimateConfidence;
+    requiresPlanning: boolean;
+    requiresApproval: boolean;
+    features?: Record<string, unknown>;
+}
+export interface ExecutionProfile {
+    id: string;
+    providerId?: string | null;
+    laneId?: string | null;
+    modelFamily?: string | null;
+    modelClass?: string | null;
+    contextWindowTokens?: number | null;
+    qualityWeight: number;
+    costMultiplier: number;
+    latencyClass: 'low' | 'medium' | 'high' | string;
+    concurrencyClass?: TaskConcurrencyClass | null;
+    quotaBehavior?: 'api_metered' | 'subscription_limited' | 'compute_bound' | 'attention_bound' | string | null;
+    metadata?: Record<string, unknown>;
+}
+export interface AttentionEstimate {
+    attentionWeight: number;
+    coordinationWeight: number;
+    totalAttentionWeight: number;
+    estimatedContextTokens: number;
+    requiredContextTokens: number;
+    source: string;
+    metadata?: Record<string, unknown>;
+}
+export interface AttentionPolicy {
+    maxAttentionLoad: number | null;
+    reserveAttentionPercent: number;
+    maxContextTokens: number | null;
+    maxContextSaturationPercent: number;
+    coordinationOverheadFactor: number;
+}
+export interface UtilityEstimate {
+    utilityValue: number;
+    maintenanceValue: number;
+    deadlinePressure: number;
+    successProbability: number;
+    qualityScore: number;
+    riskPenalty: number;
+    utilityScore: number;
+    utilityPerCredit: number;
+    source: string;
+    metadata?: Record<string, unknown>;
+}
+export interface UtilityPolicy {
+    minimumUtilityScore: number | null;
+    minimumUtilityPerCredit: number | null;
+    riskPenaltyFactor: number;
+    deadlineWindowHours: number;
+    maintenanceWeight: number;
+    priorityWeight: number;
+}
+export interface PredictiveReservePolicy {
+    enabled: boolean;
+    baseReservePercent: number;
+    maxReservePercent: number;
+    incidentReservePercent: number;
+    triggerBurstReservePercent: number;
+    deploymentWindowReservePercent: number;
+    providerDegradationReservePercent: number;
+    quotaPressureReservePercent: number;
+}
+export interface ReservePrediction {
+    reservePercent: number;
+    reserveCredits: number;
+    activelyAllocatableCredits: number;
+    reasons: string[];
+    signals: Record<string, unknown>;
+}
+export interface HybridExecutionPhase {
+    id: string;
+    kind: 'planning' | 'implementation' | 'review' | 'human_escalation' | string;
+    executionProfileId: string;
+    taskSignature?: string | null;
+    required: boolean;
+    admissionRequired: boolean;
+    mutationAllowed: boolean;
+    metadata?: Record<string, unknown>;
+}
+export interface HybridExecutionPlan {
+    schemaVersion: 1;
+    planId: string;
+    phases: HybridExecutionPhase[];
+    escalationPolicy?: Record<string, unknown>;
+    metadata?: Record<string, unknown>;
+}
+export interface WorkdayBudgetEnvelope {
+    dailyCreditBudget: number;
+    usedCredits: number;
+    queuedCredits: number;
+    reserveBufferCredits: number;
+    recoveryBudgetCredits: number;
+    activelyAllocatableCredits: number;
+    remainingCredits: number;
+}
+export interface TaskAdmissionPolicy {
+    planningThresholdCredits: number;
+    approvalThresholdCredits: number;
+    reserveBufferPercent: number;
+    recoveryBudgetCredits: number;
+    maxDownstreamTasks: number;
+    maxPlanningDepth: number;
+    maxAdmittedPlanTasksPerCycle: number;
+    planningTaskSignature: string;
+    allowBackfill?: boolean;
+    maxAttentionLoad?: number | null;
+    reserveAttentionPercent?: number | null;
+    maxContextTokens?: number | null;
+    maxContextSaturationPercent?: number | null;
+    coordinationOverheadFactor?: number | null;
+    predictiveReservePolicy?: Partial<PredictiveReservePolicy> | null;
+    utilityPolicy?: Partial<UtilityPolicy> | null;
+}
+export interface TaskAdmissionDecision {
+    outcome: TaskAdmissionOutcome;
+    taskSignature: string;
+    estimatedCreditsP50: number;
+    estimatedCreditsP90: number;
+    reservedCredits: number;
+    baseReservedCredits?: number;
+    executionProfileId?: string | null;
+    costMultiplier?: number | null;
+    reasons: string[];
+    requiresApproval: boolean;
+    requiresPlanning: boolean;
+    budget: WorkdayBudgetEnvelope;
+    policySnapshot: TaskAdmissionPolicy;
+    metadata?: Record<string, unknown>;
+}
+export interface TaskCheckpointArtifact {
+    id?: string;
+    taskId: string;
+    checkpointId?: string;
+    branch?: string | null;
+    baseCommit?: string | null;
+    currentCommit?: string | null;
+    currentGoal?: string | null;
+    currentPhase?: string | null;
+    filesChanged: string[];
+    commandsRun: string[];
+    testStatus?: 'not_run' | 'passing' | 'failing' | 'unknown' | string;
+    knownFailures: string[];
+    completedWork: string[];
+    remainingWorkEstimate?: {
+        p50: number;
+        p90: number;
+    } | null;
+    rollbackStrategy?: string | null;
+    continuationStrategy?: string | null;
+    repositoryState: RepositoryWorkState;
+    createdAt: string;
+    metadata?: Record<string, unknown>;
+}
+export interface PlannedTaskNode {
+    id?: string;
+    type: string;
+    agentId?: string | null;
+    title?: string | null;
+    priority?: number | null;
+    taskSignature?: string | null;
+    payload?: Record<string, unknown>;
+    estimatedCreditsP50?: number | null;
+    estimatedCreditsP90?: number | null;
+    risk?: TaskRiskClass | null;
+    mutationScope?: TaskMutationScope | null;
+    confidence?: CapacityEstimateConfidence | null;
+    expectedFanout?: number | null;
+    requiresApproval?: boolean | null;
+    requiresPlanning?: boolean | null;
+    dependsOn?: string[];
+    metadata?: Record<string, unknown>;
+}
+export interface TaskPlanProposal {
+    schemaVersion: 1;
+    planId: string;
+    sourceTaskId?: string | null;
+    parentTaskId?: string | null;
+    planningDepth: number;
+    tasks: PlannedTaskNode[];
+    totalEstimatedCreditsP50: number;
+    totalEstimatedCreditsP90: number;
+    createdAt?: string | null;
+    metadata?: Record<string, unknown>;
+}
+export interface PlanningPolicy {
+    maxDownstreamTasks: number;
+    maxPlanningDepth: number;
+    maxAdmittedPlanTasksPerCycle: number;
+    planningTaskSignature: string;
+}
+export interface PlanningAdmissionResult {
+    proposal: TaskPlanProposal;
+    admitted: PlannedTaskNode[];
+    deferred: PlannedTaskNode[];
+    rejected: Array<{
+        node: PlannedTaskNode;
+        reasons: string[];
+    }>;
+    totalEstimatedCreditsP50: number;
+    totalEstimatedCreditsP90: number;
+    admittedCreditsP90: number;
+    reasons: string[];
+}
 export interface CapacityProvider {
     id: string;
     teamId: string | null;
@@ -536,6 +754,7 @@ export interface TaskEstimate {
     projectId: string;
     estimatePhase: CapacityEstimatePhase;
     taskSignature: string;
+    executionProfileId: string;
     confidence: CapacityEstimateConfidence;
     estimatedCreditsP50: number;
     estimatedCreditsP90: number;
@@ -555,6 +774,7 @@ export interface TaskUsageActual {
     workDayId: string | null;
     projectId: string;
     taskSignature: string;
+    executionProfileId: string;
     capacityProviderId: string | null;
     laneId: string | null;
     businessModel: CapacityBusinessModel | string;
@@ -577,7 +797,10 @@ export interface TaskUsageActual {
 }
 export interface TaskEstimateProfile {
     taskSignature: string;
+    executionProfileId: string;
     sampleCount: number;
+    completedSampleCount?: number;
+    interruptedSampleCount?: number;
     inputTokensP50: number | null;
     inputTokensP90: number | null;
     outputTokensP50: number | null;
@@ -588,6 +811,12 @@ export interface TaskEstimateProfile {
     filesChangedP90: number | null;
     creditsP50: number | null;
     creditsP90: number | null;
+    creditsVariance?: number | null;
+    confidenceScore?: number | null;
+    outlierCount?: number;
+    partialCredits?: number | null;
+    firstSampleAt?: string | null;
+    lastSampleAt?: string | null;
     updatedAt: string;
 }
 export interface ApprovalRequest {
@@ -1690,6 +1919,7 @@ export interface CreateTaskEstimateRequest {
     projectId: string;
     estimatePhase: CapacityEstimatePhase;
     taskSignature: string;
+    executionProfileId?: string | null;
     confidence: CapacityEstimateConfidence;
     estimatedCreditsP50: number;
     estimatedCreditsP90: number;
@@ -1708,6 +1938,7 @@ export interface CreateTaskUsageActualRequest {
     workDayId?: string | null;
     projectId: string;
     taskSignature: string;
+    executionProfileId?: string | null;
     capacityProviderId?: string | null;
     laneId?: string | null;
     businessModel: CapacityBusinessModel | string;

package/dist/treeseed/template-catalog/templates/starter-basic/template/treeseed.site.yaml

@@ -72,7 +72,7 @@ plugins:
 providers:
   forms: store_only
   agents:
-    execution: copilot
+    execution: codex
     mutation: local_branch
     repository: git
     verification: local

package/dist/types/agents.d.ts

@@ -27,6 +27,18 @@ export interface AgentOutputContract {
     modelMutations: string[];
 }
 export interface AgentExecutionConfig {
+    provider?: string;
+    model?: string;
+    approvalPolicy?: 'never' | 'on_request' | 'always' | string;
+    sandboxMode?: 'read_only' | 'workspace_write' | string;
+    reasoningEffort?: 'low' | 'medium' | 'high' | string;
+    allowedPaths?: string[];
+    forbiddenPaths?: string[];
+    worktree?: {
+        enabled?: boolean;
+        root?: string;
+        branchPrefix?: string;
+    };
     maxConcurrency: number;
     timeoutSeconds: number;
     cooldownSeconds: number;