@vertesia/workflow 1.0.0 → 1.1.0-dev.20260427.060440Z

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vertesia/workflow",
-  "version": "1.0.0",
+  "version": "1.1.0-dev.20260427.060440Z",
   "type": "module",
   "description": "Vertesia workflow DSL",
   "main": "./lib/esm/index.js",
@@ -18,7 +18,7 @@
     "@temporalio/testing": "^1.11.5",
     "@temporalio/worker": "^1.11.5",
     "@types/jsonwebtoken": "^9.0.10",
-    "@types/node": "^22.13.5",
+    "@types/node": "^25.6.0",
     "@types/papaparse": "^5.5.1",
     "@types/tmp": "^0.2.6",
     "ts-dual-module": "^0.6.3",
@@ -43,11 +43,11 @@
     "tmp": "^0.2.4",
     "tmp-promise": "^3.0.3",
     "yaml": "^2.6.0",
-    "@llumiverse/common": "1.0.0",
-    "@vertesia/client": "1.0.0",
-    "@vertesia/api-fetch-client": "1.0.0",
-    "@vertesia/common": "1.0.0",
-    "@vertesia/memory": "1.0.0"
+    "@llumiverse/common": "1.1.0-dev.20260427.054520Z",
+    "@vertesia/client": "1.1.0-dev.20260427.060440Z",
+    "@vertesia/common": "1.1.0-dev.20260427.060440Z",
+    "@vertesia/memory": "1.1.0-dev.20260427.060440Z",
+    "@vertesia/api-fetch-client": "1.1.0-dev.20260427.060440Z"
   },
   "ts_dual_module": {
     "outDir": "lib",

package/src/activities/executeRemoteActivity.test.ts

@@ -5,6 +5,14 @@ import { executeRemoteActivity, ExecuteRemoteActivityParams } from "./executeRem
 
 vi.stubGlobal("fetch", vi.fn());
 
+vi.mock("../utils/client.js", () => ({
+    getVertesiaClient: vi.fn().mockReturnValue({
+        apps: {
+            validateUrl: vi.fn().mockResolvedValue({ valid: true }),
+        },
+    }),
+}));
+
 let testEnv: MockActivityEnvironment;
 const mockFetch = vi.mocked(fetch);
 

package/src/activities/executeRemoteActivity.ts

@@ -5,6 +5,7 @@ import {
     RemoteActivityExecutionResponse,
 } from "@vertesia/common";
 import { setupActivity } from "../dsl/setup/ActivityContext.js";
+import { URLValidationError, safeFetch } from "../security/ssrf.js";
 
 /**
  * Parameters for the executeRemoteActivity bridge activity.
@@ -39,9 +40,20 @@ export async function executeRemoteActivity(
     payload: DSLActivityExecutionPayload<ExecuteRemoteActivityParams>,
 ): Promise<any> {
     const ctx = await setupActivity<ExecuteRemoteActivityParams>(payload);
-    const { params, runId } = ctx;
+    const { params, runId, client } = ctx;
     const { url, activity_name, params: activityParams, app_install_id, app_settings } = params;
 
+    // Validate the URL via Studio before forwarding the auth token
+    try {
+        await client.apps.validateUrl(url);
+    } catch (e) {
+        log.warn("URL validation blocked remote activity endpoint", { activity: activity_name, url, error: (e as Error).message });
+        throw ApplicationFailure.create({
+            message: `Remote activity ${activity_name} blocked: ${(e as Error).message}`,
+            nonRetryable: true,
+        });
+    }
+
     const executionPayload: RemoteActivityExecutionPayload = {
         activity_name,
         params: activityParams,
@@ -58,7 +70,7 @@ export async function executeRemoteActivity(
 
     let response: Response;
     try {
-        response = await fetch(url, {
+        response = await safeFetch(url, {
             method: "POST",
             headers: {
                 "Content-Type": "application/json",
@@ -68,6 +80,13 @@ export async function executeRemoteActivity(
             body: JSON.stringify(executionPayload),
         });
     } catch (err: unknown) {
+        if (err instanceof URLValidationError) {
+            log.warn("Redirect blocked on remote activity endpoint", { activity: activity_name, url, error: err.message });
+            throw ApplicationFailure.create({
+                message: `Remote activity ${activity_name} blocked: ${err.message}`,
+                nonRetryable: true,
+            });
+        }
         const message = err instanceof Error ? err.message : String(err);
         log.warn("Failed to reach remote activity endpoint", {
             error: message, activity: activity_name, endpoint: url, runId, app_install_id,

package/src/activities/generateEmbeddings.ts

@@ -218,14 +218,17 @@ async function generateTextEmbeddings(
         tokenCount = countTokens(document.text).count;
     }
 
+    if (type === SupportedEmbeddingTypes.properties && document.properties) {
+        const propertiesText = JSON.stringify(document.properties);
+        tokenCount = countTokens(propertiesText).count;
+    }
+
     const maxTokens = config.max_tokens ?? 8000;
 
     //generate embeddings for the main doc if document isn't too large
     log.debug(`Generating ${type} embeddings for document ${document.id}`);
     if (
-        type === SupportedEmbeddingTypes.text &&
-        tokenCount !== undefined &&
-        tokenCount > maxTokens
+        tokenCount !== undefined && tokenCount > maxTokens
     ) {
         //TODO: Review strategy for large documents
         log.warn(

package/src/activities/handleError.ts

@@ -8,7 +8,15 @@ export interface HandleDslErrorParams {
 
 export async function handleDslError(payload: DSLActivityExecutionPayload<HandleDslErrorParams>): Promise<void> {
     const { client, params, objectId } = await setupActivity<HandleDslErrorParams>(payload);
-    const isIntake = payload.workflow_name === "StandardDocumentIntake" || payload.workflow_name === "StandardImageIntake";
+
+    const isIntake = [
+        "StandardDocumentIntake",
+        "StandardImageIntake",
+        "StandardMediaContainerIntake",
+        "StandardVideoIntake",
+        "StandardAudioIntake",
+        "StandardDocPartIntake",
+    ].includes(payload.workflow_name);
     if (!isIntake) {
         log.warn(`Workflow execution failed, but no error handler registered for this workflow: ${payload.workflow_name}`,
             { error: params.errorMessage },

package/src/activities/index-dsl.ts

@@ -16,6 +16,8 @@ export { getObjectFromStore } from "./getObjectFromStore.js";
 export { handleDslError } from "./handleError.js";
 export { prepareAudio } from "./media/prepareAudio.js";
 export { prepareVideo } from "./media/prepareVideo.js";
+export { probeMediaStreams } from "./media/probeMediaStreams.js";
+export type { ProbeMediaStreamsResult } from "./media/probeMediaStreams.js";
 export { convertPdfToStructuredText } from "./media/processPdfWithTextract.js";
 export { saveGladiaTranscription } from "./media/saveGladiaTranscription.js";
 export { transcribeMedia } from "./media/transcribeMediaWithGladia.js";
@@ -26,4 +28,5 @@ export { checkRateLimit } from "./rateLimiter.js";
 export { generateImageRendition } from "./renditions/generateImageRendition.js";
 export { generateVideoRendition } from "./renditions/generateVideoRendition.js";
 export { setDocumentStatus } from "./setDocumentStatus.js";
+export { loadChildWorkflowSpec } from "./loadChildWorkflowSpec.js";
 

package/src/activities/loadChildWorkflowSpec.ts

@@ -0,0 +1,21 @@
+import { DSLActivityExecutionPayload, DSLWorkflowSpec } from '@vertesia/common';
+import { setupActivity } from '../dsl/setup/ActivityContext.js';
+
+export interface LoadChildWorkflowSpecParams {
+    workflowName: string;
+}
+
+export async function loadChildWorkflowSpec(
+    payload: DSLActivityExecutionPayload<LoadChildWorkflowSpecParams>,
+): Promise<DSLWorkflowSpec> {
+    const { client, params } = await setupActivity<LoadChildWorkflowSpecParams>(payload);
+    const { workflowName } = params;
+
+    const refs = await client.store.workflows.definitions.list();
+    const ref = refs.find(r => r.name === workflowName);
+    if (!ref) {
+        throw new Error(`Workflow definition not found: ${workflowName}`);
+    }
+
+    return client.store.workflows.definitions.retrieve(ref.id) as Promise<DSLWorkflowSpec>;
+}

package/src/activities/media/prepareAudio.ts

@@ -221,11 +221,12 @@ export async function prepareAudio(
         throw new DocumentNotFoundError(`Document ${objectId} has no source`, [objectId]);
     }
 
-    if (!inputObject.content.type || !inputObject.content.type.startsWith('audio/')) {
+    if (!inputObject.content.type ||
+        (!inputObject.content.type.startsWith('audio/') && !inputObject.content.type.startsWith('video/'))) {
         log.error(`Document ${objectId} is not an audio file: ${inputObject.content.type}`);
         throw new InvalidContentTypeError(
             objectId,
-            'audio/*',
+            'audio/* or video/*',
             inputObject.content.type || 'unknown',
         );
     }

package/src/activities/media/prepareVideo.ts

@@ -1,4 +1,4 @@
-import { log } from '@temporalio/activity';
+import { ApplicationFailure, log } from '@temporalio/activity';
 import { DSLActivityExecutionPayload, DSLActivitySpec, VideoMetadata, VideoRendition, POSTER_RENDITION_NAME, AUDIO_RENDITION_NAME, WEB_VIDEO_RENDITION_NAME, ContentNature } from '@vertesia/common';
 import { exec } from 'child_process';
 import fs from 'fs';
@@ -84,7 +84,7 @@ async function getVideoMetadata(videoPath: string): Promise<VideoMetadataExtende
         );
 
         if (!videoStream) {
-            throw new Error('No video stream found in file');
+            throw ApplicationFailure.nonRetryable('No video stream found in file');
         }
 
         const duration = parseFloat(metadata.format.duration ?? '0') || 0;
@@ -111,6 +111,9 @@ async function getVideoMetadata(videoPath: string): Promise<VideoMetadataExtende
         log.error(
             `Failed to get video metadata: ${error instanceof Error ? error.message : 'Unknown error'}`,
         );
+        if (error instanceof ApplicationFailure) {
+            throw error;
+        }
         throw new Error(
             `Failed to probe video metadata: ${error instanceof Error ? error.message : 'Unknown error'}`,
         );

package/src/activities/media/probeMediaStreams.test.ts

@@ -0,0 +1,126 @@
+import { MockActivityEnvironment } from '@temporalio/testing';
+import type { VertesiaClient } from '@vertesia/client';
+import { ContentEventName, DSLActivityExecutionPayload } from '@vertesia/common';
+import type { ActivityContext } from '@vertesia/workflow';
+import { beforeAll, beforeEach, describe, expect, it, vi } from 'vitest';
+import { probeMediaStreams, ProbeMediaStreamsParams, ProbeMediaStreamsResult } from './probeMediaStreams.js';
+
+vi.mock('../../dsl/setup/ActivityContext.js', async (importOriginal) => {
+    const actual = await importOriginal<typeof import('../../dsl/setup/ActivityContext.js')>();
+    return { ...actual, setupActivity: vi.fn() };
+});
+
+// child_process.exec uses util.promisify.custom to return { stdout, stderr }.
+// vi.hoisted ensures these are defined before the vi.mock factory runs.
+const { execMock, execCustom } = vi.hoisted(() => {
+    const custom = vi.fn();
+    const mock = Object.assign(vi.fn(), { [Symbol.for('nodejs.util.promisify.custom')]: custom });
+    return { execMock: mock, execCustom: custom };
+});
+vi.mock('child_process', () => ({ exec: execMock }));
+
+let testEnv: MockActivityEnvironment;
+
+beforeAll(async () => {
+    testEnv = new MockActivityEnvironment();
+});
+
+beforeEach(() => {
+    vi.clearAllMocks();
+});
+
+const createPayload = (objectId = 'test-object-id'): DSLActivityExecutionPayload<ProbeMediaStreamsParams> => ({
+    auth_token: 'mock-token',
+    account_id: 'test-account',
+    project_id: 'test-project',
+    params: {},
+    config: { studio_url: 'http://mock-studio', store_url: 'http://mock-store' },
+    workflow_name: 'test-workflow',
+    event: ContentEventName.create,
+    objectIds: [objectId],
+    input: { inputType: 'objectIds', objectIds: [objectId] },
+    vars: {},
+    activity: { name: 'probeMediaStreams', params: {} },
+});
+
+function mockExec(stdout: string) {
+    execCustom.mockResolvedValue({ stdout, stderr: '' });
+}
+
+async function setupMockContext(objectId: string, signedUrl: string): Promise<void> {
+    const { setupActivity } = await import('../../dsl/setup/ActivityContext.js');
+    const mockClient = {
+        objects: {
+            retrieve: vi.fn().mockResolvedValue({
+                content: { source: 'gs://bucket/file.mp4', type: 'video/mp4' },
+            }),
+        },
+        files: {
+            getDownloadUrl: vi.fn().mockResolvedValue({ url: signedUrl }),
+        },
+    } as unknown as VertesiaClient;
+    vi.mocked(setupActivity).mockResolvedValue({
+        client: mockClient,
+        objectId,
+        inputType: 'objectIds',
+        params: {} satisfies ProbeMediaStreamsParams,
+    } as unknown as ActivityContext<ProbeMediaStreamsParams>);
+}
+
+describe('probeMediaStreams', () => {
+    it('returns hasVideo=true and hasAudio=true for a video+audio container', async () => {
+        await setupMockContext('test-object-id', 'https://storage.example.com/file.mp4?token=abc');
+        mockExec(JSON.stringify({ streams: [{ codec_type: 'video' }, { codec_type: 'audio' }] }));
+
+        const result: ProbeMediaStreamsResult = await testEnv.run(probeMediaStreams, createPayload());
+
+        expect(result).toEqual({ hasVideo: true, hasAudio: true });
+    });
+
+    it('returns hasVideo=true and hasAudio=false for a video-only container', async () => {
+        await setupMockContext('test-object-id', 'https://storage.example.com/file.mp4');
+        mockExec(JSON.stringify({ streams: [{ codec_type: 'video' }] }));
+
+        const result: ProbeMediaStreamsResult = await testEnv.run(probeMediaStreams, createPayload());
+
+        expect(result).toEqual({ hasVideo: true, hasAudio: false });
+    });
+
+    it('returns hasVideo=false and hasAudio=true for an audio-only container (the bug case)', async () => {
+        await setupMockContext('test-object-id', 'https://storage.example.com/audio-only.mp4');
+        mockExec(JSON.stringify({ streams: [{ codec_type: 'audio' }] }));
+
+        const result: ProbeMediaStreamsResult = await testEnv.run(probeMediaStreams, createPayload());
+
+        expect(result).toEqual({ hasVideo: false, hasAudio: true });
+    });
+
+    it('throws nonRetryable ApplicationFailure when no usable streams are found', async () => {
+        await setupMockContext('test-object-id', 'https://storage.example.com/bad.mp4');
+        mockExec(JSON.stringify({ streams: [] }));
+
+        await expect(testEnv.run(probeMediaStreams, createPayload())).rejects.toThrow(
+            'No audio or video streams found in container',
+        );
+    });
+
+    it('throws DocumentNotFoundError when the object has no source', async () => {
+        const { setupActivity } = await import('../../dsl/setup/ActivityContext.js');
+        const mockClient = {
+            objects: {
+                retrieve: vi.fn().mockResolvedValue({ content: {} }),
+            },
+            files: { getDownloadUrl: vi.fn() },
+        } as unknown as VertesiaClient;
+        vi.mocked(setupActivity).mockResolvedValue({
+            client: mockClient,
+            objectId: 'test-object-id',
+            inputType: 'objectIds',
+            params: {},
+        } as unknown as ActivityContext<ProbeMediaStreamsParams>);
+
+        await expect(testEnv.run(probeMediaStreams, createPayload())).rejects.toThrow(
+            'has no source',
+        );
+    });
+});

package/src/activities/media/probeMediaStreams.ts

@@ -0,0 +1,81 @@
+import { ApplicationFailure, log } from '@temporalio/activity';
+import { DSLActivityExecutionPayload, DSLActivitySpec } from '@vertesia/common';
+import { RequestError } from '@vertesia/api-fetch-client';
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import { setupActivity } from '../../dsl/setup/ActivityContext.js';
+import { DocumentNotFoundError } from '../../errors.js';
+
+const execAsync = promisify(exec);
+
+const FFPROBE_MAX_BUFFER = 1024 * 1024; // 1MB is more than enough for stream metadata JSON
+
+export interface ProbeMediaStreamsResult {
+    hasVideo: boolean;
+    hasAudio: boolean;
+}
+
+// eslint-disable-next-line @typescript-eslint/no-empty-object-type
+export interface ProbeMediaStreamsParams {}
+
+export interface ProbeMediaStreams extends DSLActivitySpec<ProbeMediaStreamsParams> {
+    name: 'probeMediaStreams';
+}
+
+interface FFProbeStream {
+    codec_type: string;
+}
+
+interface FFProbeOutput {
+    streams: FFProbeStream[];
+}
+
+export async function probeMediaStreams(payload: DSLActivityExecutionPayload<ProbeMediaStreamsParams>): Promise<ProbeMediaStreamsResult> {
+    const { client, objectId } = await setupActivity<ProbeMediaStreamsParams>(payload);
+
+    const inputObject = await client.objects.retrieve(objectId).catch((err: unknown) => {
+        log.error(`Failed to retrieve object ${objectId}`, { err });
+        if (err instanceof RequestError && err.status === 404) {
+            throw new DocumentNotFoundError(`Object ${objectId} not found`, [objectId]);
+        }
+        throw err;
+    });
+
+    const source = inputObject.content?.source;
+    if (!source) {
+        throw new DocumentNotFoundError(`Object ${objectId} has no source`, [objectId]);
+    }
+
+    const { url } = await client.files.getDownloadUrl(source);
+    if (!url) {
+        throw new DocumentNotFoundError(`Failed to get download URL for object ${objectId}`);
+    }
+
+    // ffprobe reads only the container headers via HTTP range requests.
+    // -probesize 32k caps the amount read from the network to ~32 KB.
+    let stdout: string;
+    try {
+        ({ stdout } = await execAsync(
+            `ffprobe -v quiet -probesize 32k -print_format json -show_streams "${url}"`,
+            { maxBuffer: FFPROBE_MAX_BUFFER },
+        ));
+    } catch (err: unknown) {
+        const message = err instanceof Error ? err.message : String(err);
+        log.error(`ffprobe failed for object ${objectId}: ${message}`);
+        throw new Error(`Failed to probe media streams for object ${objectId}: ${message}`);
+    }
+
+    const { streams } = JSON.parse(stdout) as FFProbeOutput;
+    const hasVideo = streams.some(s => s.codec_type === 'video');
+    const hasAudio = streams.some(s => s.codec_type === 'audio');
+
+    log.info(`Media probe result for object ${objectId}`, { hasVideo, hasAudio });
+
+    if (!hasVideo && !hasAudio) {
+        throw ApplicationFailure.nonRetryable(
+            `No audio or video streams found in container for object ${objectId}`,
+        );
+    }
+
+    return { hasVideo, hasAudio };
+}

package/src/activities/resolveRemoteActivities.test.ts

@@ -1,7 +1,7 @@
 import { MockActivityEnvironment } from "@temporalio/testing";
 import { ContentEventName, DSLActivityExecutionPayload } from "@vertesia/common";
 import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
-import { resolveRemoteActivities, ResolveRemoteActivitiesParams } from "./resolveRemoteActivities.js";
+import { resolveRemoteActivities, type RemoteActivityMap, ResolveRemoteActivitiesParams } from "./resolveRemoteActivities.js";
 
 vi.stubGlobal("fetch", vi.fn());
 
@@ -11,6 +11,7 @@ vi.mock("../utils/client.js", () => ({
     getVertesiaClient: vi.fn().mockReturnValue({
         apps: {
             getInstalledApps: (...args: any[]) => mockGetInstalledApps(...args),
+            validateUrl: vi.fn().mockResolvedValue({ valid: true }),
         },
     }),
 }));
@@ -46,7 +47,7 @@ describe("resolveRemoteActivities", () => {
     it("returns empty map when no apps installed", async () => {
         mockGetInstalledApps.mockResolvedValueOnce([]);
 
-        const result = await testEnv.run(resolveRemoteActivities, createPayload());
+        const result: RemoteActivityMap = await testEnv.run(resolveRemoteActivities, createPayload());
         expect(result).toEqual({});
         expect(mockGetInstalledApps).toHaveBeenCalledWith("tools");
     });
@@ -73,7 +74,7 @@ describe("resolveRemoteActivities", () => {
             ),
         );
 
-        const result = await testEnv.run(resolveRemoteActivities, createPayload());
+        const result: RemoteActivityMap = await testEnv.run(resolveRemoteActivities, createPayload());
 
         expect(Object.keys(result)).toHaveLength(2);
         expect(result["app:my-nlp-app:nlp:analyze_sentiment"]).toBeDefined();
@@ -108,7 +109,7 @@ describe("resolveRemoteActivities", () => {
                 new Response(JSON.stringify({ activities: [{ name: "task_b", collection: "main" }] }), { status: 200 }),
             );
 
-        const result = await testEnv.run(resolveRemoteActivities, createPayload());
+        const result: RemoteActivityMap = await testEnv.run(resolveRemoteActivities, createPayload());
 
         expect(Object.keys(result)).toHaveLength(2);
         expect(result["app:app-one:main:task_a"]).toBeDefined();
@@ -125,7 +126,7 @@ describe("resolveRemoteActivities", () => {
             new Response(JSON.stringify({ activities: [] }), { status: 200 }),
         );
 
-        const result = await testEnv.run(resolveRemoteActivities, createPayload());
+        const result: RemoteActivityMap = await testEnv.run(resolveRemoteActivities, createPayload());
         expect(result).toEqual({});
     });
 
@@ -135,7 +136,7 @@ describe("resolveRemoteActivities", () => {
             manifest: { name: "no-endpoint" },
         }]);
 
-        const result = await testEnv.run(resolveRemoteActivities, createPayload());
+        const result: RemoteActivityMap = await testEnv.run(resolveRemoteActivities, createPayload());
         expect(result).toEqual({});
         expect(mockFetch).not.toHaveBeenCalled();
     });
@@ -160,7 +161,7 @@ describe("resolveRemoteActivities", () => {
                 new Response(JSON.stringify({ activities: [{ name: "task", collection: "main" }] }), { status: 200 }),
             );
 
-        const result = await testEnv.run(resolveRemoteActivities, createPayload());
+        const result: RemoteActivityMap = await testEnv.run(resolveRemoteActivities, createPayload());
         expect(Object.keys(result)).toHaveLength(1);
         expect(result["app:same-app:main:task"].app_install_id).toBe("install-1");
     });
@@ -183,7 +184,7 @@ describe("resolveRemoteActivities", () => {
                 new Response(JSON.stringify({ activities: [{ name: "task", collection: "main" }] }), { status: 200 }),
             );
 
-        const result = await testEnv.run(resolveRemoteActivities, createPayload());
+        const result: RemoteActivityMap = await testEnv.run(resolveRemoteActivities, createPayload());
         expect(Object.keys(result)).toHaveLength(1);
         expect(result["app:working-app:main:task"]).toBeDefined();
     });
@@ -191,7 +192,7 @@ describe("resolveRemoteActivities", () => {
     it("returns empty map when getInstalledApps fails", async () => {
         mockGetInstalledApps.mockRejectedValueOnce(new Error("API error"));
 
-        const result = await testEnv.run(resolveRemoteActivities, createPayload());
+        const result: RemoteActivityMap = await testEnv.run(resolveRemoteActivities, createPayload());
         expect(result).toEqual({});
     });
 
@@ -213,7 +214,7 @@ describe("resolveRemoteActivities", () => {
             ),
         );
 
-        const result = await testEnv.run(resolveRemoteActivities, createPayload()) as Record<string, unknown>;
+        const result: RemoteActivityMap = await testEnv.run(resolveRemoteActivities, createPayload());
         expect(Object.keys(result)).toHaveLength(1);
         expect(result["app:bad-app:main:has_collection"]).toBeDefined();
     });

package/src/activities/resolveRemoteActivities.ts

@@ -5,7 +5,9 @@ import {
     DSLActivityExecutionPayload,
     RemoteActivityDefinition,
 } from "@vertesia/common";
+import { VertesiaClient } from "@vertesia/client";
 import { setupActivity } from "../dsl/setup/ActivityContext.js";
+import { URLValidationError, safeFetch } from "../security/ssrf.js";
 
 /** Prefix identifying a remote activity name in DSL workflow steps */
 const REMOTE_ACTIVITY_PREFIX = "app:";
@@ -66,7 +68,7 @@ export async function resolveRemoteActivities(
         }
 
         try {
-            const pkg = await fetchActivitiesPackage(manifest.endpoint, payload.auth_token);
+            const pkg = await fetchActivitiesPackage(manifest.endpoint, payload.auth_token, client);
             if (!pkg.activities || pkg.activities.length === 0) {
                 continue;
             }
@@ -94,7 +96,7 @@ export async function resolveRemoteActivities(
                 }
 
                 // Resolve the activity execution URL (collection-specific endpoint)
-                const activityUrl = resolveActivityUrl(manifest.endpoint, activity, collection);
+                const activityUrl = await resolveActivityUrl(manifest.endpoint, activity, collection, client);
 
                 map[qualifiedName] = {
                     url: activityUrl,
@@ -126,11 +128,13 @@ export async function resolveRemoteActivities(
 /**
  * Fetches the activities scope from a tool server package endpoint.
  */
-async function fetchActivitiesPackage(endpoint: string, authToken: string): Promise<AppPackage> {
+async function fetchActivitiesPackage(endpoint: string, authToken: string, client: VertesiaClient): Promise<AppPackage> {
     const url = new URL(endpoint);
     url.searchParams.set('scope', 'activities');
 
-    const response = await fetch(url.toString(), {
+    await client.apps.validateUrl(url.toString());
+
+    const response = await safeFetch(url.toString(), {
         method: 'GET',
         headers: {
             'Accept': 'application/json',
@@ -147,21 +151,32 @@ async function fetchActivitiesPackage(endpoint: string, authToken: string): Prom
 }
 
 /**
- * Resolves the execution URL for a remote activity.
+ * Resolves and validates the execution URL for a remote activity.
  * If the activity has a `url` field, resolve it relative to the endpoint base.
  * Otherwise, use the collection-specific activities endpoint: `/api/activities/{collection}`.
+ * Validates the resolved URL to prevent second-hop SSRF from tool server responses.
  */
-function resolveActivityUrl(endpoint: string, activity: RemoteActivityDefinition, collection: string): string {
+async function resolveActivityUrl(endpoint: string, activity: RemoteActivityDefinition, collection: string, client: VertesiaClient): Promise<string> {
+    let resolved: string;
     if (activity.url) {
-        // Absolute URLs are used as-is
-        if (activity.url.startsWith('http://') || activity.url.startsWith('https://')) {
-            return activity.url;
-        }
-        // Resolve relative URLs against the endpoint's base path (not just origin)
-        return new URL(activity.url, endpoint).toString();
+        // Absolute URLs are used as-is; relative URLs are resolved against the endpoint base
+        resolved = (activity.url.startsWith('http://') || activity.url.startsWith('https://'))
+            ? activity.url
+            : new URL(activity.url, endpoint).toString();
+    } else {
+        // Default: POST to the collection-specific activities endpoint
+        const base = new URL(endpoint);
+        const activitiesPath = base.pathname.replace(/\/package\/?$/, `/activities/${collection}`);
+        resolved = new URL(activitiesPath, base.origin).toString();
+    }
+
+    // Validate the resolved URL via Studio — safeFetch on the discovery request does NOT protect this
+    // second-hop URL which comes from the tool server response body.
+    try {
+        await client.apps.validateUrl(resolved);
+    } catch (e) {
+        throw new URLValidationError(`Blocked activity URL from app response: ${(e as Error).message}`);
     }
-    // Default: POST to the collection-specific activities endpoint
-    const base = new URL(endpoint);
-    const activitiesPath = base.pathname.replace(/\/package\/?$/, `/activities/${collection}`);
-    return new URL(activitiesPath, base.origin).toString();
+
+    return resolved;
 }