@viewportai/daemon 0.20.1 → 0.22.0

package/dist/cli/workflow-managed-worker.js

@@ -1,18 +1,45 @@
-import { spawn } from 'node:child_process';
+import { spawn, spawnSync } from 'node:child_process';
+import { constants, createHash, generateKeyPairSync, privateDecrypt } from 'node:crypto';
+import fs from 'node:fs';
+import os from 'node:os';
 import path from 'node:path';
-import { getFlag, hasFlag } from './args.js';
+import { getArgs, getFlag, hasFlag } from './args.js';
 import { daemonFetch, isDaemonRunning } from './daemon-client.js';
 import { isJsonMode, printJson } from './command-shared.js';
 import { parseCsvList, parseTlsVerifyMode, transportFetch } from './network.js';
 import { delay, listFlagValue, positiveIntFlagValue, safeText, } from './workflow-managed-worker-util.js';
 import { executeProviderAction, WorkflowActionError, } from '../workflows/action-provider-adapters.js';
-import { approvalActor, approvalExecutionGrant, approvalExpectedActionDigest, approvalMessage, capabilityPayload, dataFrom, localRunToSyncPayload, progressSyncEveryMs, readRun, } from './workflow-managed-worker-format.js';
+import { envNameForCredentialRef } from '../workflows/action-provider-utils.js';
+import { sanitizeActionInput } from '../workflows/action-digest.js';
+import { approvalActor, approvalExecutionGrant, approvalFeedback, approvalExpectedActionDigest, approvalMessage, capabilityPayload, dataFrom, localRunToSyncPayload, progressSyncEveryMs, readRun, } from './workflow-managed-worker-format.js';
 export async function workflowWorker() {
+    if (hasFlag('help') || getArgs().includes('-h')) {
+        console.log(workflowWorkerUsage());
+        return;
+    }
     const options = resolveWorkerOptions();
     if (!(await isDaemonRunning())) {
         throw new Error('Daemon is not running. Start it first with `vpd start`.');
     }
     await validateDaemonAgentCapabilities(options);
+    await syncDaemonModelCapabilities(options);
+    if (hasFlag('doctor')) {
+        await heartbeat(options, 'online', 'idle');
+        await safeHeartbeat(options, 'offline', 'offline');
+        if (isJsonMode()) {
+            printJson({
+                command: 'workflow worker doctor',
+                ok: true,
+                accessMode: options.accessMode,
+                runnerProfile: options.runnerProfile ?? null,
+                runnerPool: options.runnerPool ?? null,
+                capabilities: options.capabilities,
+            });
+            return;
+        }
+        console.log('Workflow worker doctor passed.');
+        return;
+    }
     if (hasFlag('preflight')) {
         if (isJsonMode()) {
             printJson({
@@ -65,11 +92,19 @@ export async function workflowWorker() {
             stats.claimed += 1;
             const localRun = await runAssignmentLocally(options, assignment);
             if (localRun.status === 'blocked' && !options.once) {
-                const approved = await approvedNodeForAssignment(options, assignment.id, assignment.assignment_claim_token);
+                const approved = await approvedNodeForAssignment(options, assignment.id, assignment.assignment_claim_token, localRun.id);
                 if (approved) {
                     const resumed = await resumeApprovedLocalRun(options, assignment.id, localRun.id, approved, assignment.assignment_claim_token);
-                    stats.completed += resumed.status === 'completed' ? 1 : 0;
-                    stats.failed += resumed.status === 'failed' || resumed.status === 'canceled' ? 1 : 0;
+                    const blockedIds = blockedNodeIds(resumed);
+                    const shouldKeepWaiting = resumed.status === 'blocked' &&
+                        (!alreadyResolvedApprovalRuns.has(resumed) || !blockedIds.has(approved.node_key)) &&
+                        (!blockedIds.has(approved.node_key) ||
+                            managedApprovalDecision(approved) === 'request_changes');
+                    const finalRun = shouldKeepWaiting
+                        ? await waitForApprovalAndResume(options, assignment.id, localRun.id, assignment.assignment_claim_token)
+                        : resumed;
+                    stats.completed += finalRun.status === 'completed' ? 1 : 0;
+                    stats.failed += finalRun.status === 'failed' || finalRun.status === 'canceled' ? 1 : 0;
                     if (options.maxRuns !== undefined && totalClaimed(stats) >= options.maxRuns) {
                         break;
                     }
@@ -139,39 +174,235 @@ async function validateDaemonAgentCapabilities(options) {
         return;
     throw new Error(`Daemon is missing workflow agent adapter(s): ${missing.join(', ')}. Start the daemon with the matching built-in agent installed, or configure a custom command agent with VIEWPORT_CUSTOM_AGENT_COMMAND.`);
 }
+async function syncDaemonModelCapabilities(options) {
+    const response = await daemonFetch('/api/models', {
+        method: 'GET',
+        timeoutMs: 30_000,
+    });
+    if (!response?.ok) {
+        return;
+    }
+    const body = (await response.json());
+    const catalog = daemonModelCatalog(body.models ?? []);
+    const allModels = [...new Set(Object.values(catalog).flat())];
+    if (allModels.length === 0) {
+        return;
+    }
+    options.capabilities.models = allModels;
+    options.capabilities.agentModels = catalog;
+}
+function daemonModelCatalog(models) {
+    const catalog = {};
+    for (const model of models) {
+        const agentId = stringValue(model.agentId) ?? stringValue(model.agent_id);
+        const value = stringValue(model.value) ?? stringValue(model.id);
+        if (!agentId || !value)
+            continue;
+        catalog[agentId] = [...new Set([...(catalog[agentId] ?? []), value])];
+    }
+    return catalog;
+}
 function resolveWorkerOptions() {
-    const server = getFlag('server') ?? process.env['VIEWPORT_SERVER_URL'] ?? process.env['VPD_SERVER_URL'];
-    const workspaceId = getFlag('workspace') ?? getFlag('resource') ?? process.env['VIEWPORT_WORKSPACE_ID'];
-    const executorId = getFlag('executor') ?? process.env['VIEWPORT_MANAGED_EXECUTOR_ID'];
+    const registrationProfile = readRegistrationProfile();
+    const server = getFlag('server') ??
+        process.env['VIEWPORT_SERVER_URL'] ??
+        process.env['VPD_SERVER_URL'] ??
+        registrationProfile?.serverUrl;
+    const workspaceId = getFlag('workspace') ??
+        getFlag('resource') ??
+        process.env['VIEWPORT_WORKSPACE_ID'] ??
+        registrationProfile?.workspaceId;
+    const executorId = getFlag('executor') ??
+        process.env['VIEWPORT_MANAGED_EXECUTOR_ID'] ??
+        registrationProfile?.executorId;
     const credential = getFlag('credential') ??
         process.env['VIEWPORT_MANAGED_EXECUTOR_TOKEN'] ??
-        process.env['VPD_MANAGED_EXECUTOR_TOKEN'];
+        process.env['VPD_MANAGED_EXECUTOR_TOKEN'] ??
+        registrationProfile?.credential;
     if (!server || !workspaceId || !executorId || !credential) {
-        throw new Error('Usage: vpd workflow worker --server <url> --workspace <id> --executor <id> --credential <token> [--workdir <path>] [--agent-command <command>] [--action-command <command>] [--provider-actions] [--once]');
+        throw new Error(workflowWorkerUsage());
     }
+    const profileCapabilities = registrationProfile?.capabilities ?? {};
+    const profileRunnerPool = stringValue(profileCapabilities['runner_pool']) ??
+        stringValue(profileCapabilities['runnerPool']);
+    const runnerKeyPair = loadOrCreateRunnerKeyPair(workspaceId, executorId);
+    const detected = detectLocalCapabilities();
     return {
         server: server.replace(/\/+$/, ''),
         workspaceId,
         executorId,
         credential,
-        accessMode: managedWorkerAccessMode(getFlag('access-mode') ?? process.env['VIEWPORT_MANAGED_EXECUTOR_ACCESS_MODE']),
-        runnerProfile: getFlag('runner-profile') ?? process.env['VIEWPORT_MANAGED_EXECUTOR_PROFILE'] ?? undefined,
+        accessMode: managedWorkerAccessMode(getFlag('access-mode') ??
+            process.env['VIEWPORT_MANAGED_EXECUTOR_ACCESS_MODE'] ??
+            registrationProfile?.accessMode),
+        runnerProfile: getFlag('runner-profile') ??
+            process.env['VIEWPORT_MANAGED_EXECUTOR_PROFILE'] ??
+            registrationProfile?.runnerProfile ??
+            undefined,
+        runnerPosture: registrationProfile?.runnerPosture,
+        runnerKeyPair,
+        runnerPool: getFlag('runner-pool') ??
+            process.env['VIEWPORT_MANAGED_RUNNER_POOL'] ??
+            process.env['VIEWPORT_MANAGED_EXECUTOR_RUNNER_POOL'] ??
+            profileRunnerPool ??
+            undefined,
         workdir: getFlag('workdir') ? path.resolve(getFlag('workdir')) : undefined,
         leaseSeconds: positiveIntFlagValue(getFlag('lease')) ?? 300,
         sleepSeconds: positiveIntFlagValue(getFlag('sleep')) ?? 5,
         maxRuns: positiveIntFlagValue(getFlag('max-runs')),
         once: hasFlag('once'),
         capabilities: {
+            runnerPool: getFlag('runner-pool') ??
+                process.env['VIEWPORT_MANAGED_RUNNER_POOL'] ??
+                process.env['VIEWPORT_MANAGED_EXECUTOR_RUNNER_POOL'] ??
+                profileRunnerPool ??
+                undefined,
             agentCommand: getFlag('agent-command') ?? process.env['VIEWPORT_MANAGED_AGENT_COMMAND'],
             actionCommand: getFlag('action-command') ?? process.env['VIEWPORT_MANAGED_ACTION_COMMAND'],
             providerActions: hasFlag('provider-actions') || process.env['VIEWPORT_MANAGED_PROVIDER_ACTIONS'] === '1',
-            agents: listFlagValue(getFlag('agents')),
-            models: listFlagValue(getFlag('models')),
-            integrations: listFlagValue(getFlag('integrations')),
-            secrets: listFlagValue(getFlag('secrets')),
+            tools: [
+                ...new Set([
+                    ...detected.tools,
+                    ...listFlagOrProfile('tools', profileCapabilities['tools']),
+                ]),
+            ],
+            agents: listFlagOrProfile('agents', profileCapabilities['agents']),
+            models: listFlagOrProfile('models', profileCapabilities['models']),
+            integrations: [
+                ...new Set([
+                    ...detected.integrations,
+                    ...listFlagOrProfile('integrations', profileCapabilities['integrations']),
+                ]),
+            ],
+            secrets: listFlagOrProfile('secrets', profileCapabilities['secrets']),
         },
     };
 }
+function workflowWorkerUsage() {
+    return 'Usage: vpd workflow worker --server <url> --workspace <id> --executor <id> --credential <token> [--workdir <path>] [--runner-pool <pool>] [--agent-command <command>] [--action-command <command>] [--provider-actions] [--doctor|--preflight|--once]\n       vpd workflow worker --registration-profile <path> [--doctor|--preflight|--once]';
+}
+function readRegistrationProfile() {
+    const profilePath = getFlag('registration-profile') ?? process.env['VIEWPORT_MANAGED_EXECUTOR_PROFILE_FILE'];
+    if (!profilePath)
+        return null;
+    const resolved = resolveProfilePath(profilePath);
+    const parsed = JSON.parse(fs.readFileSync(resolved, 'utf8'));
+    if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
+        throw new Error(`Managed executor registration profile is not a JSON object: ${resolved}`);
+    }
+    const record = parsed;
+    const schema = stringValue(record['schema']);
+    if (schema && schema !== 'viewport.managed_executor_registration/v1') {
+        throw new Error(`Unsupported managed executor registration profile schema: ${schema}`);
+    }
+    return {
+        serverUrl: stringValue(record['server_url']) ?? stringValue(record['serverUrl']),
+        workspaceId: stringValue(record['workspace_id']) ?? stringValue(record['workspaceId']),
+        executorId: stringValue(record['managed_executor_id']) ??
+            stringValue(record['executor_id']) ??
+            stringValue(record['executorId']),
+        credential: stringValue(record['credential']),
+        accessMode: stringValue(record['access_mode']) ?? stringValue(record['accessMode']),
+        runnerProfile: stringValue(record['runner_profile']) ?? stringValue(record['runnerProfile']),
+        runnerPosture: recordValue(record['runner_posture']) ?? recordValue(record['runnerPosture']),
+        capabilities: record['capabilities'] &&
+            typeof record['capabilities'] === 'object' &&
+            !Array.isArray(record['capabilities'])
+            ? record['capabilities']
+            : undefined,
+    };
+}
+function resolveProfilePath(profilePath) {
+    if (profilePath === '~')
+        return os.homedir();
+    if (profilePath.startsWith('~/'))
+        return path.join(os.homedir(), profilePath.slice(2));
+    return path.resolve(profilePath);
+}
+function loadOrCreateRunnerKeyPair(workspaceId, executorId) {
+    const keyDir = path.join(os.homedir(), '.viewport', 'runner-keys');
+    fs.mkdirSync(keyDir, { recursive: true, mode: 0o700 });
+    const safeName = `${safeFilename(workspaceId)}-${safeFilename(executorId)}.json`;
+    const keyPath = path.join(keyDir, safeName);
+    if (fs.existsSync(keyPath)) {
+        const parsed = JSON.parse(fs.readFileSync(keyPath, 'utf8'));
+        if (isRunnerKeyPair(parsed, keyPath))
+            return parsed;
+    }
+    const pair = generateKeyPairSync('rsa', {
+        modulusLength: 2048,
+        publicKeyEncoding: { type: 'spki', format: 'pem' },
+        privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+    });
+    const keyPair = {
+        schema: 'viewport.runner_keypair/v1',
+        algorithm: 'RSA-OAEP-256',
+        publicKeyPem: pair.publicKey,
+        privateKeyPem: pair.privateKey,
+        fingerprint: publicKeyFingerprint(pair.publicKey),
+        path: keyPath,
+    };
+    fs.writeFileSync(keyPath, JSON.stringify(keyPair, null, 2), { mode: 0o600 });
+    return keyPair;
+}
+function isRunnerKeyPair(value, keyPath) {
+    if (!value || typeof value !== 'object' || Array.isArray(value))
+        return false;
+    const record = value;
+    if (record['schema'] !== 'viewport.runner_keypair/v1' ||
+        record['algorithm'] !== 'RSA-OAEP-256' ||
+        typeof record['publicKeyPem'] !== 'string' ||
+        typeof record['privateKeyPem'] !== 'string' ||
+        typeof record['fingerprint'] !== 'string') {
+        return false;
+    }
+    if (typeof record['path'] !== 'string') {
+        record['path'] = keyPath;
+    }
+    return true;
+}
+function publicKeyFingerprint(publicKeyPem) {
+    const body = publicKeyPem
+        .replace(/-----BEGIN PUBLIC KEY-----/g, '')
+        .replace(/-----END PUBLIC KEY-----/g, '')
+        .replace(/\s+/g, '');
+    const der = Buffer.from(body, 'base64');
+    return `sha256:${createHash('sha256').update(der).digest('hex')}`;
+}
+function safeFilename(value) {
+    return value.replace(/[^A-Za-z0-9._-]+/g, '-').replace(/^-+|-+$/g, '') || 'runner';
+}
+function detectLocalCapabilities() {
+    const tools = ['git', 'node', 'pnpm', 'docker', 'gh'].filter(commandExists);
+    const integrations = [
+        ...(commandExists('gh') ? ['github'] : []),
+        ...(process.env['NOTION_TOKEN'] ? ['notion'] : []),
+        ...(process.env['CONFLUENCE_API_TOKEN'] && process.env['CONFLUENCE_BASE_URL']
+            ? ['confluence']
+            : []),
+    ];
+    return { tools, integrations };
+}
+function commandExists(command) {
+    return (spawnSync('sh', ['-lc', `command -v ${shellQuote(command)} >/dev/null 2>&1`], {
+        stdio: 'ignore',
+    }).status === 0);
+}
+function shellQuote(value) {
+    return `'${value.replace(/'/g, "'\\''")}'`;
+}
+function listFlagOrProfile(flag, profileValue) {
+    const fromFlag = listFlagValue(getFlag(flag));
+    return fromFlag.length > 0 ? fromFlag : stringList(profileValue);
+}
+function stringList(value) {
+    if (!Array.isArray(value))
+        return [];
+    return value.filter((entry) => typeof entry === 'string' && entry.trim() !== '');
+}
+function stringValue(value) {
+    return typeof value === 'string' && value.trim() !== '' ? value : undefined;
+}
 async function heartbeat(options, status, healthStatus) {
     await platformJson(options, 'POST', 'heartbeat', {
         status,
@@ -179,9 +410,57 @@ async function heartbeat(options, status, healthStatus) {
         access_mode: options.accessMode,
         runner_profile: options.runnerProfile ?? null,
         runner_posture: {
-            transport: { mode: options.accessMode },
-            execution: { kind: 'customer-managed' },
-            version: process.env['npm_package_version'] ?? null,
+            ...(options.runnerPosture ?? {}),
+            transport: {
+                ...recordValue(options.runnerPosture?.['transport']),
+                mode: options.accessMode,
+            },
+            execution: recordValue(options.runnerPosture?.['execution']) ?? { kind: 'customer-managed' },
+            secrets: {
+                ...recordValue(options.runnerPosture?.['secrets']),
+                modes: [
+                    ...new Set([
+                        'runner_local',
+                        'runner_encrypted',
+                        'run_scoped_grant',
+                        ...stringList(recordValue(options.runnerPosture?.['secrets'])?.['modes']),
+                    ]),
+                ],
+                public_key: {
+                    schema: 'viewport.runner_public_key/v1',
+                    algorithm: options.runnerKeyPair.algorithm,
+                    public_key_pem: options.runnerKeyPair.publicKeyPem,
+                    fingerprint: options.runnerKeyPair.fingerprint,
+                },
+            },
+            model_credentials: {
+                ...recordValue(options.runnerPosture?.['model_credentials']),
+                anthropic: process.env['ANTHROPIC_API_KEY'] ? 'available' : 'missing',
+                openai: process.env['OPENAI_API_KEY'] ? 'available' : 'missing',
+            },
+            repo_credentials: {
+                ...recordValue(options.runnerPosture?.['repo_credentials']),
+                runner_local: process.env['GITHUB_TOKEN'] || process.env['GH_TOKEN'] || commandExists('gh')
+                    ? 'available'
+                    : 'missing',
+                run_scoped_grant: 'available',
+            },
+            context_worker: {
+                ...recordValue(options.runnerPosture?.['context_worker']),
+                enabled: true,
+                supports: [
+                    ...new Set([
+                        'git',
+                        ...(process.env['NOTION_TOKEN'] ? ['notion'] : []),
+                        ...(process.env['CONFLUENCE_API_TOKEN'] && process.env['CONFLUENCE_BASE_URL']
+                            ? ['confluence']
+                            : []),
+                    ]),
+                ],
+            },
+            version: stringValue(options.runnerPosture?.['version']) ??
+                process.env['npm_package_version'] ??
+                null,
         },
         capabilities: capabilityPayload(options.capabilities),
     });
@@ -197,7 +476,7 @@ async function safeHeartbeat(options, status, healthStatus) {
 function managedWorkerAccessMode(value) {
     if (value === 'polling' || value === 'direct' || value === 'relay')
         return value;
-    return 'relay';
+    return 'polling';
 }
 async function claimAssignment(options) {
     const response = await platformFetch(options, 'POST', 'claim', {
@@ -283,7 +562,7 @@ async function runProviderActionReplay(assignment) {
                 action: {
                     adapter: assignment.adapter,
                     action: assignment.action,
-                    input: actionInput,
+                    input: sanitizeActionInput(actionInput),
                     response: response ?? null,
                 },
             },
@@ -305,7 +584,7 @@ async function runProviderActionReplay(assignment) {
                     action: {
                         adapter: assignment.adapter,
                         action: assignment.action,
-                        input: actionInput,
+                        input: sanitizeActionInput(actionInput),
                         response: response ?? null,
                     },
                 },
@@ -503,14 +782,24 @@ async function runAssignmentLocally(options, assignment) {
         return existingRun;
     }
     const directory = await ensureDirectory(options.workdir ?? assignment.directory_path ?? process.cwd());
+    const material = await materializeRunCredentials(options, assignment);
     const started = await daemonJson('POST', '/api/workflows/runs', {
         workflowYaml: assignment.yaml_snapshot,
         workflowSourceRef: assignment.source_ref ?? `viewport://managed-executor/${assignment.id}`,
         directoryId: directory.id,
-        inputs: assignmentInputs(assignment),
+        inputs: assignmentInputs(assignment, material.metadata),
+        runtimeSecretEnv: material.runtimeSecretEnv,
         resourceId: options.workspaceId,
         runtimeTargetId: assignment.runtime_target_id ?? undefined,
         platformRunId: assignment.id,
+        resourceManifest: assignment.resource_manifest ?? undefined,
+        workflowAuthorityContract: assignment.workflow_authority_contract ??
+            recordChildValue(assignment.route_snapshot, 'workflow_authority_contract') ??
+            recordChildValue(assignment.execution_profile_snapshot, 'workflow_authority_contract') ??
+            recordChildValue(assignment.workflow_snapshot, 'workflow_authority_contract') ??
+            recordChildValue(assignment.runner_workspace_snapshot, 'workflow_authority_contract') ??
+            recordChildValue(recordChildValue(assignment.input_snapshot, 'viewport'), 'workflowAuthorityContract') ??
+            undefined,
         initiation: 'cli',
         dataCapturePolicy: assignment.data_capture_policy ?? undefined,
     });
@@ -519,7 +808,15 @@ async function runAssignmentLocally(options, assignment) {
         await syncLocalRun(options, assignment.id, run, assignment.assignment_claim_token);
     }, progressSyncEveryMs(options.leaseSeconds));
 }
-function assignmentInputs(assignment) {
+function recordChildValue(value, key) {
+    if (!value || typeof value !== 'object' || Array.isArray(value))
+        return undefined;
+    const entry = value[key];
+    if (!entry || typeof entry !== 'object' || Array.isArray(entry))
+        return undefined;
+    return entry;
+}
+function assignmentInputs(assignment, credentialMetadata = []) {
     const inputs = { ...(assignment.input_snapshot ?? {}) };
     inputs['viewport'] = {
         ...(isRecord(inputs['viewport']) ? inputs['viewport'] : {}),
@@ -530,9 +827,162 @@ function assignmentInputs(assignment) {
         workflow: assignment.workflow_snapshot ?? null,
         runnerWorkspace: assignment.runner_workspace_snapshot ?? null,
         contextReceipts: assignment.context_receipts_snapshot ?? null,
+        credentials: credentialMetadata,
     };
     return inputs;
 }
+async function materializeRunCredentials(options, assignment) {
+    const handles = collectCredentialHandles(assignment);
+    if (handles.length === 0)
+        return { runtimeSecretEnv: {}, metadata: [] };
+    const runtimeSecretEnv = {};
+    const metadata = [];
+    for (const handle of handles) {
+        const response = await materializeCredential(options, assignment, handle);
+        const envName = envNameForCredentialRef(handle);
+        const secret = stringField(response, 'secret');
+        if (secret) {
+            runtimeSecretEnv[envName] = secret;
+        }
+        const wrappedSecret = recordField(response, 'wrapped_secret');
+        if (wrappedSecret) {
+            runtimeSecretEnv[envName] = decryptRunnerWrappedSecret(options.runnerKeyPair, wrappedSecret);
+        }
+        metadata.push({
+            handle,
+            envName,
+            kind: stringField(response, 'kind') ?? null,
+            storagePosture: stringField(response, 'storage_posture') ?? null,
+            materialAvailable: response['material_available'] === true,
+            runnerLocalRequired: response['runner_local_required'] === true,
+            provider: stringField(response, 'provider') ?? null,
+            credentialId: stringField(response, 'credential_id') ?? numberField(response, 'credential_id') ?? null,
+            scopes: response['scopes'],
+        });
+    }
+    return { runtimeSecretEnv, metadata };
+}
+async function materializeCredential(options, assignment, handle) {
+    if (!assignment.assignment_claim_token) {
+        throw new Error(`Managed workflow assignment ${assignment.id} is missing claim_token.`);
+    }
+    const body = await platformJson(options, 'POST', `workflow-runs/${encodeURIComponent(assignment.id)}/credential-material`, {
+        credential: options.credential,
+        handle,
+        ...repositoryForCredentialMaterialization(assignment, handle),
+    }, assignment.assignment_claim_token);
+    const data = dataFrom(body);
+    if (!isRecord(data)) {
+        throw new Error(`Credential material response for ${handle} was not an object.`);
+    }
+    return data;
+}
+function repositoryForCredentialMaterialization(assignment, handle) {
+    const checkoutEntries = [
+        ...credentialEntriesFrom(pathValue(asRecord(assignment.execution_profile_snapshot), ['credentials', 'repo_checkout'])),
+        ...credentialEntriesFrom(pathValue(asRecord(assignment.workflow_snapshot), ['credentials', 'repo_checkout'])),
+    ];
+    const explicit = checkoutEntries.find((entry) => {
+        if (!isRecord(entry))
+            return entry === handle;
+        const entryHandle = stringField(entry, 'handle') ??
+            stringField(entry, 'ref') ??
+            stringField(entry, 'credential_ref');
+        return entryHandle === handle;
+    });
+    const explicitRepo = explicit && isRecord(explicit)
+        ? (stringField(explicit, 'repository') ?? stringField(explicit, 'repo'))
+        : null;
+    if (explicitRepo)
+        return { repository: explicitRepo };
+    const allowed = allowedRepositoriesFromAssignment(assignment);
+    return allowed.length === 1 && allowed[0] ? { repository: allowed[0] } : {};
+}
+function allowedRepositoriesFromAssignment(assignment) {
+    const candidates = [
+        pathValue(assignment.workflow_authority_contract ?? {}, ['repos', 'allowed']),
+        pathValue(recordChildValue(assignment.route_snapshot, 'workflow_authority_contract') ?? {}, [
+            'repos',
+            'allowed',
+        ]),
+        pathValue(recordChildValue(assignment.execution_profile_snapshot, 'workflow_authority_contract') ?? {}, ['repos', 'allowed']),
+        pathValue(recordChildValue(assignment.workflow_snapshot, 'workflow_authority_contract') ?? {}, [
+            'repos',
+            'allowed',
+        ]),
+        pathValue(recordChildValue(assignment.runner_workspace_snapshot, 'workflow_authority_contract') ?? {}, ['repos', 'allowed']),
+    ];
+    return [
+        ...new Set(candidates
+            .flatMap((value) => (Array.isArray(value) ? value : []))
+            .filter((value) => typeof value === 'string' && value.trim() !== '')
+            .map((value) => value.trim())),
+    ];
+}
+function decryptRunnerWrappedSecret(keyPair, wrapped) {
+    const schema = stringField(wrapped, 'schema');
+    const algorithm = stringField(wrapped, 'algorithm');
+    const fingerprint = stringField(wrapped, 'runner_public_key_fingerprint');
+    const ciphertext = stringField(wrapped, 'ciphertext');
+    if (schema !== 'viewport.runner_wrapped_secret/v1' ||
+        algorithm !== 'RSA-OAEP-256' ||
+        !fingerprint ||
+        !ciphertext) {
+        throw new Error('Runner-encrypted credential material is malformed.');
+    }
+    if (fingerprint !== keyPair.fingerprint) {
+        throw new Error(`Runner-encrypted credential was wrapped for ${fingerprint}, but this runner key is ${keyPair.fingerprint}. Rotate or re-wrap the credential for this runner pool.`);
+    }
+    return privateDecrypt({
+        key: keyPair.privateKeyPem,
+        oaepHash: 'sha256',
+        padding: constants.RSA_PKCS1_OAEP_PADDING,
+    }, Buffer.from(ciphertext, 'base64')).toString('utf8');
+}
+function collectCredentialHandles(assignment) {
+    const snapshots = [assignment.execution_profile_snapshot, assignment.workflow_snapshot].filter(isRecord);
+    const handles = new Set();
+    for (const snapshot of snapshots) {
+        for (const handle of [
+            ...credentialRefsFrom(pathValue(snapshot, ['credentials', 'include'])),
+            ...credentialRefsFrom(pathValue(snapshot, ['credentials', 'repo_checkout'])),
+            ...credentialRefsFrom(pathValue(snapshot, ['credentials', 'mcp_api'])),
+            ...credentialRefsFrom(snapshot['credential_refs']),
+        ]) {
+            handles.add(handle);
+        }
+    }
+    return [...handles].sort();
+}
+function credentialRefsFrom(entries) {
+    return credentialEntriesFrom(entries).flatMap((entry) => {
+        if (typeof entry === 'string' && entry.trim() !== '')
+            return [entry];
+        if (!isRecord(entry))
+            return [];
+        for (const key of ['handle', 'ref', 'credential_ref']) {
+            const value = stringField(entry, key);
+            if (value)
+                return [value];
+        }
+        return [];
+    });
+}
+function credentialEntriesFrom(entries) {
+    return Array.isArray(entries) ? entries : [];
+}
+function asRecord(value) {
+    return isRecord(value) ? value : {};
+}
+function pathValue(value, pathParts) {
+    let current = value;
+    for (const part of pathParts) {
+        if (!isRecord(current))
+            return undefined;
+        current = current[part];
+    }
+    return current;
+}
 function isRecord(value) {
     return Boolean(value) && typeof value === 'object' && !Array.isArray(value);
 }
@@ -554,9 +1004,27 @@ async function waitForApprovalAndResume(options, platformRunId, localRunId, assi
     while (true) {
         await heartbeat(options, 'online', 'busy');
         const assignment = await getAssignment(options, platformRunId, assignmentClaimToken);
-        const approved = assignment.nodes?.find(isApprovedManagedGateNode);
+        const approved = await approvedNodeForAssignment(options, platformRunId, assignmentClaimToken, localRunId);
         if (approved) {
-            return resumeApprovedLocalRun(options, platformRunId, localRunId, approved, assignmentClaimToken);
+            const resumed = await resumeApprovedLocalRun(options, platformRunId, localRunId, approved, assignmentClaimToken);
+            if (resumed.status !== 'blocked')
+                return resumed;
+            const blockedIds = blockedNodeIds(resumed);
+            if (alreadyResolvedApprovalRuns.has(resumed) && !blockedIds.has(approved.node_key)) {
+                const nextApproved = await approvedNodeForAssignment(options, platformRunId, assignmentClaimToken, localRunId);
+                if (nextApproved &&
+                    nextApproved.node_key !== approved.node_key &&
+                    blockedIds.has(nextApproved.node_key)) {
+                    await delay(options.sleepSeconds * 1000);
+                    continue;
+                }
+                await delay(options.sleepSeconds * 1000);
+                return resumed;
+            }
+            if (blockedIds.has(approved.node_key) &&
+                managedApprovalDecision(approved) !== 'request_changes') {
+                return resumed;
+            }
         }
         if (assignment.status === 'canceled' || assignment.status === 'failed') {
             const canceled = await daemonJson('POST', `/api/workflows/runs/${encodeURIComponent(localRunId)}/cancel`, {
@@ -570,42 +1038,103 @@ async function waitForApprovalAndResume(options, platformRunId, localRunId, assi
         await delay(options.sleepSeconds * 1000);
     }
 }
-async function approvedNodeForAssignment(options, platformRunId, assignmentClaimToken) {
+const alreadyResolvedApprovalRuns = new WeakSet();
+async function approvedNodeForAssignment(options, platformRunId, assignmentClaimToken, localRunId) {
     const assignment = await getAssignment(options, platformRunId, assignmentClaimToken);
-    return assignment.nodes?.find(isApprovedManagedGateNode) ?? null;
+    const approvedNodes = assignment.nodes?.filter(isResolvedManagedGateNode) ?? [];
+    if (approvedNodes.length === 0)
+        return null;
+    if (!localRunId)
+        return approvedNodes[0] ?? null;
+    const localRun = await readExistingLocalRun(localRunId);
+    const blockedIds = blockedNodeIds(localRun);
+    if (blockedIds.size > 0) {
+        return approvedNodes.find((node) => blockedIds.has(node.node_key)) ?? null;
+    }
+    return approvedNodes[0] ?? null;
+}
+function blockedNodeIds(run) {
+    return new Set(Object.values(run?.nodes ?? {})
+        .filter((node) => node.status === 'blocked')
+        .map((node) => node.id));
 }
 async function resumeApprovedLocalRun(options, platformRunId, localRunId, approved, assignmentClaimToken) {
-    await daemonJson('POST', `/api/workflows/runs/${encodeURIComponent(localRunId)}/approvals/${encodeURIComponent(approved.node_key)}`, {
-        approved: true,
-        message: approvalMessage(approved),
-        actor: approvalActor(approved),
-        expectedActionDigest: approvalExpectedActionDigest(approved),
-        executionGrant: approvalExecutionGrant(approved),
-    });
+    try {
+        await daemonJson('POST', `/api/workflows/runs/${encodeURIComponent(localRunId)}/approvals/${encodeURIComponent(approved.node_key)}`, {
+            approved: managedApprovalApproved(approved),
+            decision: managedApprovalDecision(approved),
+            message: approvalMessage(approved),
+            actor: approvalActor(approved),
+            expectedActionDigest: approvalExpectedActionDigest(approved),
+            executionGrant: approvalExecutionGrant(approved),
+            feedback: approvalFeedback(approved),
+        });
+    }
+    catch (error) {
+        if (!isAlreadyResolvedApprovalError(error))
+            throw error;
+        const current = await readExistingLocalRun(localRunId);
+        if (!current)
+            throw error;
+        alreadyResolvedApprovalRuns.add(current);
+        await syncLocalRun(options, platformRunId, current, assignmentClaimToken);
+        return current;
+    }
     const resumed = await pollLocalRun(localRunId, async (run) => {
         await syncLocalRun(options, platformRunId, run, assignmentClaimToken);
     }, progressSyncEveryMs(options.leaseSeconds));
     await syncLocalRun(options, platformRunId, resumed, assignmentClaimToken);
     return resumed;
 }
-function isApprovedManagedGateNode(node) {
+function isAlreadyResolvedApprovalError(error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return message.includes('Workflow node is not awaiting approval');
+}
+function isResolvedManagedGateNode(node) {
     if (!['approval', 'gate', 'plan', 'action'].includes(String(node.type ?? '')))
         return false;
     if (node.status === 'completed')
         return true;
+    const approval = node.metadata?.['approval'];
+    if ((node.type === 'plan' || node.type === 'gate' || node.type === 'approval') &&
+        node.status === 'blocked' &&
+        approval &&
+        typeof approval === 'object' &&
+        'approved' in approval) {
+        return true;
+    }
     if (node.type !== 'action' || node.status !== 'queued')
         return false;
-    const approval = node.metadata?.['approval'];
     return (!!approval &&
         typeof approval === 'object' &&
         approval.approved === true);
 }
+function managedApprovalApproved(node) {
+    const approval = node.metadata?.['approval'];
+    if (approval && typeof approval === 'object' && 'approved' in approval) {
+        return approval.approved === true;
+    }
+    return true;
+}
+function managedApprovalDecision(node) {
+    const approval = node.metadata?.['approval'];
+    if (approval && typeof approval === 'object') {
+        const approved = approval.approved;
+        const decision = approval.decision;
+        if (approved === false) {
+            if (decision === 'request_changes' || decision === 'changes_requested')
+                return 'request_changes';
+            return 'reject';
+        }
+    }
+    return 'approve';
+}
 async function getAssignment(options, platformRunId, assignmentClaimToken) {
     const body = await platformJson(options, 'GET', `workflow-runs/${encodeURIComponent(platformRunId)}`, undefined, assignmentClaimToken);
     return dataFrom(body);
 }
 async function syncLocalRun(options, platformRunId, run, assignmentClaimToken) {
-    const body = await platformJson(options, 'PATCH', `workflow-runs/${encodeURIComponent(platformRunId)}/sync`, localRunToSyncPayload(run), assignmentClaimToken);
+    const body = await platformJson(options, 'PATCH', `workflow-runs/${encodeURIComponent(platformRunId)}/sync`, localRunToSyncPayload(run, { includeApprovalDecisions: false }), assignmentClaimToken);
     return dataFrom(body);
 }
 async function ensureDirectory(directoryPath) {