@tt-a1i/hive 2.0.2 → 2.1.0

package/dist/src/server/workflow-runner.js

@@ -1,6 +1,7 @@
 import { randomUUID } from 'node:crypto';
 import { cpus } from 'node:os';
 import { dirname, join } from 'node:path';
+import { Worker } from 'node:worker_threads';
 import { assertWindowsSafeFilename } from './windows-filename.js';
 import { resolveWorkflowCli } from './workflow-cli-policy.js';
 import { buildSchemaInstruction, extractJsonBlock } from './workflow-output-schema.js';
@@ -14,6 +15,152 @@ import { getWorkflowAgentId } from './workspace-store-support.js';
 const DEFAULT_MAX_AGENTS_PER_RUN = 1000;
 const DEFAULT_MAX_DURATION_MS = 60 * 60 * 1000;
 const DEFAULT_MAX_CONCURRENT_AGENTS = Math.min(16, Math.max(2, cpus().length - 2));
+const WORKFLOW_VM_WORKER_SOURCE = `
+const { parentPort, workerData } = require('node:worker_threads');
+const { Script, createContext } = require('node:vm');
+
+const BRIDGE_FACTORY = new Script(\`"use strict";
+((hostCall) => {
+  const stringify = JSON.stringify;
+  const parse = JSON.parse;
+  const promiseResolve = Promise.resolve.bind(Promise);
+  const promiseThen = Promise.prototype.then;
+  return (...args) =>
+    promiseThen.call(promiseResolve(hostCall(stringify(args))), (payloadJson) => {
+      const payload = parse(payloadJson);
+      if (!payload.ok) throw new Error(payload.error || 'Hive workflow host call failed');
+      return payload.hasValue ? payload.value : undefined;
+    });
+})\`);
+const FLOW_FACTORY = new Script(\`"use strict";
+((catchPerItem) => {
+  const promiseAll = Promise.all.bind(Promise);
+  const promiseResolve = Promise.resolve.bind(Promise);
+  const promiseThen = Promise.prototype.then;
+  const promiseCatch = Promise.prototype.catch;
+  const parallel = (thunks) =>
+    promiseAll(Array.from(thunks).map((thunk) =>
+      promiseCatch.call(promiseThen.call(promiseResolve(), () => thunk()), (err) => catchPerItem(err))
+    ));
+  const pipeline = (items, ...stages) =>
+    promiseAll(Array.from(items).map((item, index) => {
+      let chain = promiseResolve(item);
+      for (const stage of stages) {
+        chain = promiseThen.call(chain, (prev) => stage(prev, item, index));
+      }
+      return promiseCatch.call(chain, (err) => catchPerItem(err));
+    }));
+  return { parallel, pipeline };
+})\`);
+const JSON_PARSE = new Script('JSON.parse');
+
+const encodeSuccess = (value) => {
+  const payload = { ok: true, hasValue: value !== undefined };
+  if (value !== undefined) payload.value = value;
+  return JSON.stringify(payload);
+};
+const encodeFailure = (error) =>
+  JSON.stringify({ ok: false, error: error instanceof Error ? error.message : String(error) });
+
+const createSafeHostCall = (fn) =>
+  new Proxy(
+    (serializedArgs) => {
+      let args;
+      try {
+        const parsed = JSON.parse(serializedArgs);
+        args = Array.isArray(parsed) ? parsed : [];
+      } catch (error) {
+        return encodeFailure(error);
+      }
+      try {
+        return Promise.resolve(fn(args)).then(encodeSuccess, encodeFailure);
+      } catch (error) {
+        return encodeFailure(error);
+      }
+    },
+    {
+      get: () => undefined,
+      getOwnPropertyDescriptor: () => undefined,
+      getPrototypeOf: () => null,
+      has: () => false,
+      ownKeys: () => [],
+      set: () => false,
+    }
+  );
+
+let nextCallId = 0;
+const pending = new Map();
+
+parentPort.on('message', (message) => {
+  if (!message || message.type !== 'hostResponse') return;
+  const entry = pending.get(message.id);
+  if (!entry) return;
+  pending.delete(message.id);
+  if (message.ok) entry.resolve(message.value);
+  else entry.reject(new Error(message.error || 'Hive workflow host call failed'));
+});
+
+const callHost = (name, args) =>
+  new Promise((resolve, reject) => {
+    const id = String(++nextCallId);
+    pending.set(id, { resolve, reject });
+    parentPort.postMessage({ type: 'hostCall', id, name, args });
+  });
+
+const cloneIntoVm = (context, value) => {
+  if (value === undefined) return undefined;
+  const serialized = JSON.stringify(value);
+  if (serialized === undefined) return undefined;
+  return JSON_PARSE.runInContext(context)(serialized);
+};
+
+const cloneOutOfVm = (value) => {
+  if (value === undefined) return undefined;
+  const serialized = JSON.stringify(value);
+  return serialized === undefined ? undefined : JSON.parse(serialized);
+};
+
+(async () => {
+  try {
+    const context = createContext(Object.create(null), {
+      codeGeneration: { strings: false, wasm: false },
+    });
+    const bridgeFactory = BRIDGE_FACTORY.runInContext(context, { timeout: 1000 });
+    const bridge = (name) =>
+      bridgeFactory(createSafeHostCall((args) => callHost(name, args)));
+    const vmAgent = bridge('agent');
+    const vmPhase = bridge('phase');
+    const vmLog = bridge('log');
+    const vmWorkflow = bridge('workflow');
+    const vmCatchPerItem = bridge('catchPerItem');
+    const { parallel, pipeline } = FLOW_FACTORY.runInContext(context, { timeout: 1000 })(
+      vmCatchPerItem
+    );
+    const fn = new Script(\`"use strict";\\n\${workerData.compiledFunctionSource}\\n; __wf\`, {
+      filename: workerData.scriptPath,
+    }).runInContext(context, { timeout: 1000 });
+    const value = cloneOutOfVm(
+      await fn(
+        vmAgent,
+        parallel,
+        pipeline,
+        vmPhase,
+        vmLog,
+        vmWorkflow,
+        cloneIntoVm(context, workerData.args)
+      )
+    );
+    parentPort.postMessage({ type: 'done', ok: true, value });
+  } catch (error) {
+    parentPort.postMessage({
+      type: 'done',
+      ok: false,
+      error: error instanceof Error ? error.message : String(error),
+    });
+  }
+})();
+`;
+const errorToMessage = (error) => error instanceof Error ? error.message : String(error);
 const BUILT_IN_WORKER_ROLES = new Set(['coder', 'reviewer', 'tester', 'custom']);
 const isBuiltInWorkerRole = (value) => BUILT_IN_WORKER_ROLES.has(value);
 const buildModelArgs = (_cli, model) => {
@@ -36,14 +183,21 @@ const toNestedWorkflowFilename = (scriptName) => {
 export const createWorkflowRunner = (deps) => {
     const { store, workflowRunStore, awaiter, dispatchPort, resolveWorkspacePath, roleTemplateResolver, logStore, resolveCliLaunchConfig, getWorkflowCliPolicy, } = deps;
     const stoppedRuns = new Set();
+    const activeScriptWorkers = new Map();
     // In-memory map: runId → triggering agent. Lost on restart; the spec already
     // doesn't auto-resume interrupted runs, so this is consistent.
     const triggeringAgentByRun = new Map();
+    const isRunStopped = (runId) => stoppedRuns.has(runId) || workflowRunStore.getRun(runId)?.status === 'stopped';
+    const assertRunActive = (runId) => {
+        if (isRunStopped(runId))
+            throw new Error('Stopped by user');
+    };
     const executeWorkflow = async (run, loaded, args, hivePort) => {
         const workspaceId = run.workspaceId;
         const workflowAgentId = getWorkflowAgentId(workspaceId);
         let stepCounter = 0;
         const spawnedWorkers = [];
+        const activeAgentCalls = new Set();
         // Read the CLI policy once per run so a 1000-way fan-out doesn't hit the
         // app_state table per agent() call.
         const cliPolicy = getWorkflowCliPolicy();
@@ -94,99 +248,123 @@ export const createWorkflowRunner = (deps) => {
             workflowRunStore.updateRun(run.id, { phase: currentPhaseTitle });
         };
         const agent = async (prompt, opts = {}) => {
-            // TIER 2 #11 — hard ceiling so a runaway `while (true) await agent()`
-            // can't spawn unbounded PTY subprocesses. The check is BEFORE the
-            // step counter increments so the error message names the cap, not
-            // the over-cap step.
-            if (stepCounter >= maxAgents) {
-                throw new Error(`Workflow agent cap exceeded: ${maxAgents} calls (set meta.maxAgentCalls to raise)`);
-            }
-            const myStep = ++stepCounter;
-            // TIER 2 #4 — resolve agentType. If it's a built-in WorkerRole
-            // (coder/reviewer/tester/custom) we honour it directly with the
-            // CLI default. Otherwise look up a workspace custom role template
-            // by name: on hit we clone its command + args; on miss we throw a
-            // clear error (silent fallback to 'coder' would mask typos and
-            // make the Hive-distinctive custom-role library invisible).
-            const requestedType = opts.agentType ?? 'coder';
-            let role;
-            let command;
-            let templateArgs = [];
-            if (typeof requestedType === 'string' && !isBuiltInWorkerRole(requestedType)) {
-                const template = roleTemplateResolver.findByName(requestedType);
-                if (!template) {
-                    throw new Error(`Workflow agentType '${requestedType}' is not a built-in role (coder/reviewer/tester/custom) and no matching role template exists in this workspace. ` +
-                        `Create one via Add Worker → custom role, or use a built-in role.`);
-                }
-                /* Templates can carry roleType='orchestrator' for the system-level
-                   Orchestrator template; that's not a valid workflow worker role,
-                   so we collapse it to 'custom'. Anything else maps through as-is. */
-                role = template.roleType === 'orchestrator' ? 'custom' : template.roleType;
-                command = resolveWorkflowCli({
-                    ...(opts.cli !== undefined ? { requestedCli: opts.cli } : {}),
-                    isCustomTemplate: true,
-                    templateDefaultCommand: template.defaultCommand,
-                    policy: cliPolicy,
-                });
-                templateArgs = template.defaultArgs;
-            }
-            else {
-                role = requestedType;
-                command = resolveWorkflowCli({
-                    ...(opts.cli !== undefined ? { requestedCli: opts.cli } : {}),
-                    isCustomTemplate: false,
-                    policy: cliPolicy,
-                });
-            }
-            const name = opts.label ?? `${requestedType}-${myStep}-${randomUUID()}`;
-            const baseLaunchConfig = resolveCliLaunchConfig(command) ?? { command, args: [] };
-            /* Model flag goes AFTER the template's own args so an explicit
-               opts.model overrides any --model the template baked in. */
-            const launchArgs = [
-                ...(baseLaunchConfig.args ?? []),
-                ...templateArgs,
-                ...buildModelArgs(baseLaunchConfig.command, opts.model),
-            ];
-            // TIER 2 #2 — semaphore. Holding the slot across the full
-            // dispatch+await means a parallel(100) fan-out gets paced at
-            // min(16, cores-2) concurrent PTYs instead of 100 simultaneous
-            // process spawns.
-            const releaseSlot = await acquireSlot();
-            const worker = store.addWorkerWithLaunch(workspaceId, { name, role, ephemeral: true, spawnedBy: 'workflow' }, { ...baseLaunchConfig, args: launchArgs });
-            spawnedWorkers.push(worker.id);
+            let markAgentCallDone;
+            const agentCallDone = new Promise((resolve) => {
+                markAgentCallDone = resolve;
+            });
+            activeAgentCalls.add(agentCallDone);
             try {
-                await store.startAgent(workspaceId, worker.id, { hivePort });
-                const dispatchPrompt = opts.outputSchema
-                    ? prompt + buildSchemaInstruction(opts.outputSchema)
-                    : prompt;
-                const dispatch = await store.dispatchTaskByWorkerName(workspaceId, name, dispatchPrompt, {
-                    fromAgentId: workflowAgentId,
-                    hivePort,
-                    workflowRunId: run.id,
-                    stepIndex: myStep,
-                    ...(currentPhaseTitle ? { phase: currentPhaseTitle } : {}),
-                    label: opts.label ?? name,
-                });
-                const report = await awaiter.awaitReport(dispatch.id, opts.timeoutMs);
-                // Structured output: hand back the parsed object, or { text } on a
-                // parse miss so the script can still branch (treating an absent field
-                // as the safe default).
-                if (opts.outputSchema) {
-                    return extractJsonBlock(report.text) ?? { text: report.text };
+                assertRunActive(run.id);
+                // TIER 2 #11 — hard ceiling so a runaway `while (true) await agent()`
+                // can't spawn unbounded PTY subprocesses. The check is BEFORE the
+                // step counter increments so the error message names the cap, not
+                // the over-cap step.
+                if (stepCounter >= maxAgents) {
+                    throw new Error(`Workflow agent cap exceeded: ${maxAgents} calls (set meta.maxAgentCalls to raise)`);
                 }
-                return report.text;
-            }
-            finally {
+                const myStep = ++stepCounter;
+                // TIER 2 #4 — resolve agentType. If it's a built-in WorkerRole
+                // (coder/reviewer/tester/custom) we honour it directly with the
+                // CLI default. Otherwise look up a workspace custom role template
+                // by name: on hit we clone its command + args; on miss we throw a
+                // clear error (silent fallback to 'coder' would mask typos and
+                // make the Hive-distinctive custom-role library invisible).
+                const requestedType = opts.agentType ?? 'coder';
+                let role;
+                let command;
+                let templateArgs = [];
+                if (typeof requestedType === 'string' && !isBuiltInWorkerRole(requestedType)) {
+                    const template = roleTemplateResolver.findByName(requestedType);
+                    if (!template) {
+                        throw new Error(`Workflow agentType '${requestedType}' is not a built-in role (coder/reviewer/tester/custom) and no matching role template exists in this workspace. ` +
+                            `Use a built-in role or an existing dispatchable role template.`);
+                    }
+                    if (template.roleType === 'sentinel') {
+                        throw new Error(`Workflow agentType '${requestedType}' resolves to a sentinel role, but sentinels are read-only observers and cannot receive workflow dispatches. Use coder, reviewer, tester, custom, or a dispatchable role template.`);
+                    }
+                    /* Templates can carry roleType='orchestrator' for the system-level
+                     Orchestrator template; that's not a valid workflow worker role,
+                     so we collapse it to 'custom'. Anything else maps through as-is. */
+                    role = template.roleType === 'orchestrator' ? 'custom' : template.roleType;
+                    command = resolveWorkflowCli({
+                        ...(opts.cli !== undefined ? { requestedCli: opts.cli } : {}),
+                        isCustomTemplate: true,
+                        templateDefaultCommand: template.defaultCommand,
+                        policy: cliPolicy,
+                    });
+                    templateArgs = template.defaultArgs;
+                }
+                else {
+                    role = requestedType;
+                    command = resolveWorkflowCli({
+                        ...(opts.cli !== undefined ? { requestedCli: opts.cli } : {}),
+                        isCustomTemplate: false,
+                        policy: cliPolicy,
+                    });
+                }
+                const name = opts.label ?? `${requestedType}-${myStep}-${randomUUID()}`;
+                const baseLaunchConfig = resolveCliLaunchConfig(command) ?? { command, args: [] };
+                /* Model flag goes AFTER the template's own args so an explicit
+                 opts.model overrides any --model the template baked in. */
+                const launchArgs = [
+                    ...(baseLaunchConfig.args ?? []),
+                    ...templateArgs,
+                    ...buildModelArgs(baseLaunchConfig.command, opts.model),
+                ];
+                // TIER 2 #2 — semaphore. Holding the slot across the full
+                // dispatch+await means a parallel(100) fan-out gets paced at
+                // min(16, cores-2) concurrent PTYs instead of 100 simultaneous
+                // process spawns.
+                const releaseSlot = await acquireSlot();
+                let worker;
                 try {
-                    store.deleteWorker(workspaceId, worker.id);
+                    assertRunActive(run.id);
+                    worker = store.addWorkerWithLaunch(workspaceId, { name, role, ephemeral: true, spawnedBy: 'workflow' }, { ...baseLaunchConfig, args: launchArgs });
+                    spawnedWorkers.push(worker.id);
+                    assertRunActive(run.id);
+                    const liveRun = await store.startAgent(workspaceId, worker.id, { hivePort });
+                    await liveRun.postStartInputReady;
+                    assertRunActive(run.id);
+                    const dispatchPrompt = opts.outputSchema
+                        ? prompt + buildSchemaInstruction(opts.outputSchema)
+                        : prompt;
+                    const dispatch = await store.dispatchTaskByWorkerName(workspaceId, name, dispatchPrompt, {
+                        fromAgentId: workflowAgentId,
+                        hivePort,
+                        workflowRunId: run.id,
+                        stepIndex: myStep,
+                        ...(currentPhaseTitle ? { phase: currentPhaseTitle } : {}),
+                        label: opts.label ?? name,
+                    });
+                    assertRunActive(run.id);
+                    const report = await awaiter.awaitReport(dispatch.id, opts.timeoutMs);
+                    assertRunActive(run.id);
+                    // Structured output: hand back the parsed object, or { text } on a
+                    // parse miss so the script can still branch (treating an absent field
+                    // as the safe default).
+                    if (opts.outputSchema) {
+                        return extractJsonBlock(report.text) ?? { text: report.text };
+                    }
+                    return report.text;
                 }
-                catch {
-                    /* idempotent — worker may already be gone via cascade or boot cleanup */
+                finally {
+                    if (worker) {
+                        try {
+                            store.deleteWorker(workspaceId, worker.id);
+                        }
+                        catch {
+                            /* idempotent — worker may already be gone via cascade or boot cleanup */
+                        }
+                        const idx = spawnedWorkers.indexOf(worker.id);
+                        if (idx !== -1)
+                            spawnedWorkers.splice(idx, 1);
+                    }
+                    releaseSlot();
                 }
-                const idx = spawnedWorkers.indexOf(worker.id);
-                if (idx !== -1)
-                    spawnedWorkers.splice(idx, 1);
-                releaseSlot();
+            }
+            finally {
+                markAgentCallDone();
+                activeAgentCalls.delete(agentCallDone);
             }
         };
         // TIER 1 #3 — per-item rejections become null (preserves the
@@ -197,24 +375,13 @@ export const createWorkflowRunner = (deps) => {
         // they're not entirely invisible (TIER 2 #3 will pipe these into the
         // run timeline via log()).
         const catchPerItem = (value) => {
-            if (stoppedRuns.has(run.id))
+            if (isRunStopped(run.id))
                 throw value;
             console.warn(`[workflow ${loaded.meta.name}] item failed:`, value);
             return null;
         };
-        const parallel = async (thunks) => {
-            return Promise.all(thunks.map((thunk) => thunk().catch((err) => catchPerItem(err))));
-        };
-        const pipeline = async (items, ...stages) => {
-            return Promise.all(items.map((item, index) => {
-                let chain = Promise.resolve(item);
-                for (const stage of stages) {
-                    chain = chain.then((prev) => stage(prev, item, index));
-                }
-                return chain.catch((err) => catchPerItem(err));
-            }));
-        };
         const log = (message) => {
+            assertRunActive(run.id);
             // TIER 2 #3 — persist + still echo to stdout for server-log
             // visibility. Authors expect `log()` to surface in the Drawer's
             // narrator lane and in the orchestrator's completion reminder.
@@ -242,6 +409,7 @@ export const createWorkflowRunner = (deps) => {
         // sibling-script location.
         const isSyntheticParentPath = run.scriptPath.startsWith('<inline');
         const workflow = async (scriptName, childArgs) => {
+            assertRunActive(run.id);
             if (typeof scriptName !== 'string' || !scriptName.trim()) {
                 throw new Error('workflow(scriptName): scriptName must be a non-empty string');
             }
@@ -249,7 +417,7 @@ export const createWorkflowRunner = (deps) => {
             const childPath = isSyntheticParentPath
                 ? join(resolveWorkspacePath(workspaceId), '.hive', 'workflows', filename)
                 : join(dirname(run.scriptPath), filename);
-            return runWorkflow({
+            const child = await runWorkflow({
                 workspaceId,
                 scriptPath: childPath,
                 hivePort,
@@ -258,7 +426,112 @@ export const createWorkflowRunner = (deps) => {
                 parentRunId: run.id,
                 ...(childArgs !== undefined ? { args: childArgs } : {}),
             });
+            assertRunActive(run.id);
+            return child;
         };
+        const runScriptWorker = () => new Promise((resolve, reject) => {
+            const worker = new Worker(WORKFLOW_VM_WORKER_SOURCE, {
+                eval: true,
+                workerData: {
+                    args,
+                    compiledFunctionSource: loaded.compiledFunctionSource,
+                    scriptPath: loaded.scriptPath,
+                },
+            });
+            activeScriptWorkers.set(run.id, worker);
+            let settled = false;
+            const activeHostCalls = new Set();
+            const settle = (fn) => {
+                if (settled)
+                    return;
+                settled = true;
+                activeScriptWorkers.delete(run.id);
+                void (async () => {
+                    await Promise.allSettled(activeHostCalls);
+                    fn();
+                    void worker.terminate().catch(() => { });
+                })();
+            };
+            const respond = (id, response) => {
+                try {
+                    worker.postMessage({ type: 'hostResponse', id, ...response });
+                }
+                catch {
+                    /* worker already terminated */
+                }
+            };
+            worker.on('message', (message) => {
+                const record = message;
+                if (!record)
+                    return;
+                if (record.type === 'done') {
+                    settle(() => {
+                        if (record.ok)
+                            resolve(record.value);
+                        else
+                            reject(new Error(record.error || 'Hive workflow script failed'));
+                    });
+                    return;
+                }
+                if (record.type !== 'hostCall' || typeof record.id !== 'string')
+                    return;
+                const callId = record.id;
+                if (settled) {
+                    respond(callId, { ok: false, error: 'Stopped by user' });
+                    return;
+                }
+                const hostCall = (async () => {
+                    try {
+                        assertRunActive(run.id);
+                        const callArgs = Array.isArray(record.args) ? record.args : [];
+                        let value;
+                        switch (record.name) {
+                            case 'agent': {
+                                const [prompt, opts] = callArgs;
+                                value = await agent(typeof prompt === 'string' ? prompt : String(prompt), (opts ?? {}));
+                                break;
+                            }
+                            case 'phase': {
+                                const [title] = callArgs;
+                                phase(typeof title === 'string' ? title : String(title ?? ''));
+                                break;
+                            }
+                            case 'log': {
+                                const [message] = callArgs;
+                                log(typeof message === 'string' ? message : String(message));
+                                break;
+                            }
+                            case 'workflow': {
+                                const [scriptName, childArgs] = callArgs;
+                                value = await workflow(typeof scriptName === 'string' ? scriptName : String(scriptName), childArgs);
+                                break;
+                            }
+                            case 'catchPerItem': {
+                                const [item] = callArgs;
+                                value = catchPerItem(item);
+                                break;
+                            }
+                            default:
+                                throw new Error(`Unknown workflow host call: ${record.name}`);
+                        }
+                        assertRunActive(run.id);
+                        respond(callId, { ok: true, value });
+                    }
+                    catch (error) {
+                        respond(callId, { ok: false, error: errorToMessage(error) });
+                    }
+                })();
+                activeHostCalls.add(hostCall);
+                void hostCall.finally(() => activeHostCalls.delete(hostCall));
+            });
+            worker.on('error', (error) => settle(() => reject(error)));
+            worker.on('exit', (code) => {
+                if (settled)
+                    return;
+                activeScriptWorkers.delete(run.id);
+                reject(new Error(`Hive workflow VM worker exited before completion (code ${code})`));
+            });
+        });
         // TIER 2 #11 — wall-clock budget timer. Triggers stopRun on
         // expiry, which routes through the same path as a user-initiated
         // stop (in-flight awaiters reject; outer catch records 'stopped').
@@ -272,9 +545,8 @@ export const createWorkflowRunner = (deps) => {
         }, maxDurationMs);
         budgetTimer.unref?.();
         try {
-            const factory = new Function(`${loaded.compiledFunctionSource}; return __wf`);
-            const fn = factory();
-            const returnValue = await fn(agent, parallel, pipeline, phase, log, workflow, args);
+            assertRunActive(run.id);
+            const returnValue = await runScriptWorker();
             // TIER 1 #2 — if stop was called DURING the run, parallel/pipeline may
             // have caught the cancel rejections (one per in-flight thunk) before
             // the per-item catch could re-throw, e.g. when the user stops AFTER
@@ -283,8 +555,7 @@ export const createWorkflowRunner = (deps) => {
             // degraded result (often a list of nulls), which both lies to the UI
             // and lies to the orchestrator's completion notification. Check the
             // marker after fn returns and record the truth instead.
-            if (stoppedRuns.has(run.id)) {
-                stoppedRuns.delete(run.id);
+            if (stoppedRuns.has(run.id) || workflowRunStore.getRun(run.id)?.status === 'stopped') {
                 workflowRunStore.updateRun(run.id, {
                     status: 'stopped',
                     finishedAt: Date.now(),
@@ -292,7 +563,6 @@ export const createWorkflowRunner = (deps) => {
                 });
             }
             else {
-                stoppedRuns.delete(run.id);
                 // M10: capture the script's return value so the UI can render a single
                 // canonical "Result" panel and the orchestrator notification can quote
                 // it. `undefined` (no explicit return) stays null on the row.
@@ -304,17 +574,22 @@ export const createWorkflowRunner = (deps) => {
             }
         }
         catch (error) {
-            const wasStopped = stoppedRuns.has(run.id);
+            if (stoppedRuns.has(run.id)) {
+                return;
+            }
+            const wasStopped = workflowRunStore.getRun(run.id)?.status === 'stopped';
+            if (wasStopped)
+                return;
             const message = error instanceof Error ? error.message : String(error);
             workflowRunStore.updateRun(run.id, {
-                status: wasStopped ? 'stopped' : 'failed',
+                status: 'failed',
                 finishedAt: Date.now(),
-                error: wasStopped ? 'Stopped by user' : message,
+                error: message,
             });
-            stoppedRuns.delete(run.id);
         }
         finally {
             clearTimeout(budgetTimer);
+            await Promise.allSettled(activeAgentCalls);
             // Belt-and-suspenders: dismiss any ephemeral worker still alive. The
             // per-call try/finally should already have cleaned each one up; this is
             // an idempotent safety net for unexpected paths.
@@ -341,6 +616,7 @@ export const createWorkflowRunner = (deps) => {
                     }
                 }
             }
+            stoppedRuns.delete(run.id);
         }
     };
     const buildCreateInput = (input, loaded) => {
@@ -360,8 +636,17 @@ export const createWorkflowRunner = (deps) => {
         if (triggeredByAgentId)
             triggeringAgentByRun.set(runId, triggeredByAgentId);
     };
+    const assertParentRunStillRunning = (input) => {
+        if (!input.parentRunId)
+            return;
+        const parent = workflowRunStore.getRun(input.parentRunId);
+        if (stoppedRuns.has(input.parentRunId) || parent?.status === 'stopped') {
+            throw new Error('Stopped by user');
+        }
+    };
     const runWorkflow = async (input) => {
         const loaded = await loadWorkflowScriptFile(input.scriptPath);
+        assertParentRunStillRunning(input);
         const run = workflowRunStore.createRun(buildCreateInput(input, loaded));
         rememberTrigger(run.id, input.triggeredByAgentId);
         await executeWorkflow(run, loaded, input.args, input.hivePort);
@@ -372,6 +657,7 @@ export const createWorkflowRunner = (deps) => {
     };
     const startWorkflow = async (input) => {
         const loaded = await loadWorkflowScriptFile(input.scriptPath);
+        assertParentRunStillRunning(input);
         const run = workflowRunStore.createRun(buildCreateInput(input, loaded));
         rememberTrigger(run.id, input.triggeredByAgentId);
         queueMicrotask(() => {
@@ -393,24 +679,38 @@ export const createWorkflowRunner = (deps) => {
         });
         return run;
     };
-    const stopRun = (runId) => {
+    const stopRunAndChildren = (runId, visited) => {
+        if (visited.has(runId))
+            return false;
+        visited.add(runId);
         const current = workflowRunStore.getRun(runId);
         if (!current || current.status !== 'running')
             return false;
         stoppedRuns.add(runId);
+        void activeScriptWorkers
+            .get(runId)
+            ?.terminate()
+            .catch(() => { });
         // Cancel every open workflow dispatch tied to this run; this rejects the
         // runner's pending `awaitReport` promises, which propagates up the
         // executeWorkflow try → its catch sets status='stopped'.
         for (const dispatchId of dispatchPort.listOpenDispatchIdsForRun(runId)) {
             awaiter.notifyCancel(dispatchId, 'Stopped by user');
         }
+        for (const child of workflowRunStore.listChildRuns(runId)) {
+            if (child.status === 'running')
+                stopRunAndChildren(child.id, visited);
+        }
+        workflowRunStore.updateRun(runId, {
+            status: 'stopped',
+            finishedAt: Date.now(),
+            error: 'Stopped by user',
+        });
         // If the script had no in-flight agent() call when stop was requested,
-        // the workflow may simply continue to its natural end. We still record
-        // the intent so a subsequent agent() call rejects immediately. To make
-        // single-step or no-agent() scripts also reflect 'stopped', mark the row
-        // synchronously as a hint to UI — the runner will overwrite to 'stopped'
-        // (or 'completed' if it really did finish) when executeWorkflow exits.
+        // it may never reject on its own. Persist the stopped state immediately
+        // so UI/API truth does not depend on the script reaching a later awaiter.
         return true;
     };
+    const stopRun = (runId) => stopRunAndChildren(runId, new Set());
     return { runWorkflow, startWorkflow, startWorkflowInline, stopRun };
 };