@wopr-network/defcon 0.2.0 → 0.2.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wopr-network/defcon",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "type": "module",
   "engines": {
     "node": ">=24.0.0"
@@ -24,7 +24,8 @@
     "gates"
   ],
   "scripts": {
-    "build": "tsc",
+    "build": "rm -rf dist && tsc",
+    "prepublishOnly": "pnpm build",
     "dev": "tsx src/main.ts",
     "lint": "biome check src/",
     "lint:fix": "biome check --fix src/",

package/dist/api/router.d.ts

@@ -1,24 +0,0 @@
-export interface ParsedRequest {
-    params: Record<string, string>;
-    query: URLSearchParams;
-    body: Record<string, unknown> | null;
-    authorization?: string;
-}
-export interface ApiResponse {
-    status: number;
-    body: unknown;
-}
-type Handler = (req: ParsedRequest) => Promise<ApiResponse>;
-interface MatchResult {
-    params: Record<string, string>;
-    handler: Handler;
-    longRunning?: boolean;
-}
-export declare class Router {
-    private routes;
-    add(method: string, path: string, handler: Handler, options?: {
-        longRunning?: boolean;
-    }): void;
-    match(method: string, pathname: string): MatchResult | null;
-}
-export {};

package/dist/api/router.js

@@ -1,44 +0,0 @@
-export class Router {
-    routes = [];
-    add(method, path, handler, options) {
-        const paramNames = [];
-        // Split on param segments, escape literal segments, then reassemble
-        const patternStr = path
-            .split(/(:([^/]+))/g)
-            .map((segment, i) => {
-            // Every 3rd token (i % 3 === 1) is the full ":name" match — replace with capture group
-            if (i % 3 === 1) {
-                paramNames.push(segment.slice(1));
-                return "([^/]+)";
-            }
-            // Every 3rd+1 token (i % 3 === 2) is the captured name — skip (already handled above)
-            if (i % 3 === 2)
-                return "";
-            // Literal segment — escape regex metacharacters
-            return segment.replace(/[.+*?^${}()|[\]\\]/g, "\\$&");
-        })
-            .join("");
-        this.routes.push({
-            method,
-            pattern: new RegExp(`^${patternStr}$`),
-            paramNames,
-            handler,
-            longRunning: options?.longRunning,
-        });
-    }
-    match(method, pathname) {
-        for (const route of this.routes) {
-            if (route.method !== method)
-                continue;
-            const m = pathname.match(route.pattern);
-            if (m) {
-                const params = {};
-                route.paramNames.forEach((name, i) => {
-                    params[name] = m[i + 1];
-                });
-                return { params, handler: route.handler, longRunning: route.longRunning };
-            }
-        }
-        return null;
-    }
-}

package/dist/api/server.d.ts

@@ -1,13 +0,0 @@
-import http from "node:http";
-import type { Engine } from "../engine/engine.js";
-import type { McpServerDeps } from "../execution/mcp-server.js";
-import type { Logger } from "../logger.js";
-export interface HttpServerDeps {
-    engine: Engine;
-    mcpDeps: McpServerDeps;
-    adminToken?: string;
-    workerToken?: string;
-    corsOrigin?: string;
-    logger?: Logger;
-}
-export declare function createHttpServer(deps: HttpServerDeps): http.Server;

package/dist/api/server.js

@@ -1,280 +0,0 @@
-import { createHash, timingSafeEqual } from "node:crypto";
-import http from "node:http";
-import { callToolHandler } from "../execution/mcp-server.js";
-import { consoleLogger } from "../logger.js";
-import { Router } from "./router.js";
-function extractBearerToken(header) {
-    if (!header)
-        return undefined;
-    const lower = header.toLowerCase();
-    if (!lower.startsWith("bearer "))
-        return undefined;
-    return header.slice(7).trim() || undefined;
-}
-function requireWorkerToken(deps, req) {
-    const configuredToken = deps.workerToken?.trim() || undefined; // treat "" and whitespace-only as unset
-    if (!configuredToken)
-        return null; // open mode
-    const callerToken = extractBearerToken(req.authorization);
-    if (!callerToken) {
-        return { status: 401, body: { error: "Unauthorized: worker endpoints require authentication." } };
-    }
-    const hashA = createHash("sha256").update(configuredToken.trim()).digest();
-    const hashB = createHash("sha256").update(callerToken.trim()).digest();
-    if (!timingSafeEqual(hashA, hashB)) {
-        return { status: 401, body: { error: "Unauthorized: worker endpoints require authentication." } };
-    }
-    return null;
-}
-const BODY_SIZE_LIMIT = 1024 * 1024; // 1MB
-function readBody(req) {
-    return new Promise((resolve, reject) => {
-        const chunks = [];
-        let size = 0;
-        let tooLarge = false;
-        req.on("data", (chunk) => {
-            size += chunk.length;
-            if (size > BODY_SIZE_LIMIT) {
-                tooLarge = true;
-                req.destroy();
-                return;
-            }
-            chunks.push(chunk);
-        });
-        req.on("end", () => resolve({ body: Buffer.concat(chunks).toString("utf8"), tooLarge }));
-        req.on("error", (err) => {
-            if (tooLarge)
-                resolve({ body: "", tooLarge: true });
-            else
-                reject(err);
-        });
-    });
-}
-/** Unwrap MCP tool result into HTTP response */
-function mcpResultToApi(result) {
-    const text = result.content[0]?.text ?? "";
-    let body;
-    try {
-        body = JSON.parse(text);
-    }
-    catch {
-        body = { message: text };
-    }
-    if (result.isError) {
-        const msg = typeof body === "object" && body !== null && "message" in body ? body.message : text;
-        const msgStr = String(msg);
-        if (msgStr.includes("not found") || msgStr.includes("Not found"))
-            return { status: 404, body: { error: msgStr } };
-        if (msgStr.includes("Unauthorized"))
-            return { status: 401, body: { error: msgStr } };
-        if (msgStr.includes("Validation error"))
-            return { status: 400, body: { error: msgStr } };
-        if (msgStr.includes("No active invocation"))
-            return { status: 409, body: { error: msgStr } };
-        return { status: 500, body: { error: msgStr } };
-    }
-    if (body === null)
-        return { status: 204, body: null };
-    return { status: 200, body };
-}
-export function createHttpServer(deps) {
-    const router = new Router();
-    // Ensure engine is set on mcpDeps
-    deps.mcpDeps.engine = deps.engine;
-    if (deps.logger)
-        deps.mcpDeps.logger = deps.logger;
-    // --- Status ---
-    router.add("GET", "/api/status", async () => {
-        const status = await deps.engine.getStatus();
-        return { status: 200, body: status };
-    });
-    // --- Flow claim (cross-flow: no flow filter) ---
-    router.add("POST", "/api/claim", async (req) => {
-        const authErr = requireWorkerToken(deps, req);
-        if (authErr)
-            return authErr;
-        const args = { role: req.body?.role };
-        const result = await callToolHandler(deps.mcpDeps, "flow.claim", args);
-        return mcpResultToApi(result);
-    });
-    // --- Flow claim ---
-    router.add("POST", "/api/flows/:flow/claim", async (req) => {
-        const authErr = requireWorkerToken(deps, req);
-        if (authErr)
-            return authErr;
-        const args = { role: req.body?.role, flow: req.params.flow };
-        const result = await callToolHandler(deps.mcpDeps, "flow.claim", args);
-        return mcpResultToApi(result);
-    });
-    // --- Entity report ---
-    // longRunning: true — flow.report blocks for the duration of gate evaluation
-    // (potentially many minutes). The server handler calls req.setTimeout(0) for
-    // this route specifically so only this connection bypasses the global 30s timeout.
-    router.add("POST", "/api/entities/:id/report", async (req) => {
-        const authErr = requireWorkerToken(deps, req);
-        if (authErr)
-            return authErr;
-        const args = {
-            entity_id: req.params.id,
-            signal: req.body?.signal,
-        };
-        if (req.body?.worker_id)
-            args.worker_id = req.body.worker_id;
-        if (req.body?.artifacts)
-            args.artifacts = req.body.artifacts;
-        const result = await callToolHandler(deps.mcpDeps, "flow.report", args);
-        return mcpResultToApi(result);
-    }, { longRunning: true });
-    // --- Entity fail ---
-    router.add("POST", "/api/entities/:id/fail", async (req) => {
-        const authErr = requireWorkerToken(deps, req);
-        if (authErr)
-            return authErr;
-        const args = { entity_id: req.params.id, error: req.body?.error };
-        const result = await callToolHandler(deps.mcpDeps, "flow.fail", args);
-        return mcpResultToApi(result);
-    });
-    // --- Entity CRUD ---
-    router.add("POST", "/api/entities", async (req) => {
-        const flowName = req.body?.flow;
-        const refs = req.body?.refs;
-        if (!flowName)
-            return { status: 400, body: { error: "Missing required field: flow" } };
-        try {
-            const entity = await deps.engine.createEntity(flowName, refs);
-            return { status: 201, body: entity };
-        }
-        catch (err) {
-            const msg = err instanceof Error ? err.message : String(err);
-            if (msg.includes("not found"))
-                return { status: 404, body: { error: msg } };
-            return { status: 500, body: { error: msg } };
-        }
-    });
-    router.add("GET", "/api/entities/:id", async (req) => {
-        const result = await callToolHandler(deps.mcpDeps, "query.entity", { id: req.params.id });
-        return mcpResultToApi(result);
-    });
-    router.add("GET", "/api/entities", async (req) => {
-        const flow = req.query.get("flow");
-        const state = req.query.get("state");
-        if (!flow || !state)
-            return { status: 400, body: { error: "Required query params: flow, state" } };
-        const limitStr = req.query.get("limit");
-        const args = { flow, state };
-        if (limitStr) {
-            const limit = parseInt(limitStr, 10);
-            if (!Number.isNaN(limit) && limit > 0)
-                args.limit = limit;
-        }
-        const result = await callToolHandler(deps.mcpDeps, "query.entities", args);
-        return mcpResultToApi(result);
-    });
-    // --- Flow definition CRUD ---
-    router.add("GET", "/api/flows", async () => {
-        const flows = await deps.mcpDeps.flows.listAll();
-        return { status: 200, body: flows };
-    });
-    router.add("GET", "/api/flows/:id", async (req) => {
-        const result = await callToolHandler(deps.mcpDeps, "query.flow", { name: req.params.id });
-        return mcpResultToApi(result);
-    });
-    router.add("PUT", "/api/flows/:id", async (req) => {
-        const existing = await deps.mcpDeps.flows.getByName(req.params.id);
-        // Only pick known fields from body — never spread req.body to prevent param injection
-        const definition = req.body?.definition;
-        const description = req.body?.description;
-        const callerToken = extractBearerToken(req.authorization);
-        if (existing) {
-            const result = await callToolHandler(deps.mcpDeps, "admin.flow.update", { flow_name: req.params.id, definition, description }, { adminToken: deps.adminToken, callerToken });
-            return mcpResultToApi(result);
-        }
-        else {
-            const result = await callToolHandler(deps.mcpDeps, "admin.flow.create", { name: req.params.id, definition, description }, { adminToken: deps.adminToken, callerToken });
-            return mcpResultToApi(result);
-        }
-    });
-    router.add("DELETE", "/api/flows/:id", async () => {
-        return { status: 501, body: { error: "Flow deletion not implemented" } };
-    });
-    // --- HTTP server ---
-    const server = http.createServer(async (req, res) => {
-        // CORS
-        const origin = req.headers.origin;
-        if (origin) {
-            const isLoopbackOrigin = /^https?:\/\/localhost(:\d+)?$/.test(origin) ||
-                /^https?:\/\/127\.0\.0\.1(:\d+)?$/.test(origin) ||
-                /^https?:\/\/\[::1\](:\d+)?$/.test(origin);
-            const corsAllowed = deps.corsOrigin
-                ? origin === deps.corsOrigin // explicit origin: exact match only
-                : isLoopbackOrigin; // loopback mode: only reflect loopback origins
-            if (corsAllowed) {
-                res.setHeader("Vary", "Origin");
-                res.setHeader("Access-Control-Allow-Origin", origin);
-                res.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
-                res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
-            }
-        }
-        if (req.method === "OPTIONS") {
-            res.writeHead(204).end();
-            return;
-        }
-        const url = new URL(req.url ?? "/", `http://localhost`);
-        const match = router.match(req.method ?? "GET", url.pathname);
-        if (!match) {
-            res.writeHead(404, { "Content-Type": "application/json" });
-            res.end(JSON.stringify({ error: "Not found" }));
-            return;
-        }
-        // flow.report blocks until gate evaluation completes (potentially many
-        // minutes). Extend timeout per-request for this route only; all other
-        // routes keep the global 30s limit.
-        if (match.longRunning) {
-            req.setTimeout(0);
-        }
-        let body = null;
-        if (req.method === "POST" || req.method === "PUT") {
-            try {
-                const { body: raw, tooLarge } = await readBody(req);
-                if (tooLarge) {
-                    res.writeHead(413, { "Content-Type": "application/json" });
-                    res.end(JSON.stringify({ error: "Request body too large" }));
-                    return;
-                }
-                body = raw ? JSON.parse(raw) : null;
-            }
-            catch {
-                res.writeHead(400, { "Content-Type": "application/json" });
-                res.end(JSON.stringify({ error: "Invalid JSON" }));
-                return;
-            }
-        }
-        const parsed = {
-            params: match.params,
-            query: url.searchParams,
-            body,
-            authorization: req.headers.authorization,
-        };
-        try {
-            const apiRes = await match.handler(parsed);
-            if (apiRes.status === 204) {
-                res.writeHead(204).end();
-            }
-            else {
-                res.writeHead(apiRes.status, { "Content-Type": "application/json" });
-                res.end(JSON.stringify(apiRes.body));
-            }
-        }
-        catch (err) {
-            (deps.logger ?? consoleLogger).error("Request error:", err);
-            res.writeHead(500, { "Content-Type": "application/json" });
-            res.end(JSON.stringify({ error: "Internal server error" }));
-        }
-    });
-    // Sensible defaults protect all routes from Slowloris/slow-header DoS.
-    // The entity report route calls req.setTimeout(0) per-request to bypass this
-    // limit only for connections that need long-running gate evaluation.
-    server.requestTimeout = 30000;
-    server.headersTimeout = 10000;
-    return server;
-}

package/dist/api/wire-types.d.ts

@@ -1,46 +0,0 @@
-/**
- * Wire types for defcon's REST and MCP APIs.
- * Exported for consumers (e.g. norad) to import instead of duplicating.
- */
-export type ClaimResponse = {
-    next_action: "check_back";
-    retry_after_ms: number;
-    message: string;
-} | {
-    worker_id?: string;
-    entity_id: string;
-    invocation_id: string;
-    flow: string | null;
-    stage: string;
-    prompt: string;
-    context: Record<string, unknown> | null;
-    worker_notice?: string;
-};
-export type ReportResponse = {
-    next_action: "continue";
-    new_state: string;
-    gates_passed?: string[];
-    prompt: string | null;
-    context: Record<string, unknown> | null;
-} | {
-    next_action: "waiting";
-    new_state: null;
-    gated: true;
-    gate_output: string;
-    gateName: string;
-    failure_prompt: string | null;
-} | {
-    next_action: "check_back";
-    message: string;
-    retry_after_ms: number;
-    timeout_prompt?: string;
-} | {
-    next_action: "completed";
-    new_state: string;
-    gates_passed?: string[];
-    prompt: null;
-    context: null;
-};
-export interface CreateEntityResponse {
-    id: string;
-}

package/dist/api/wire-types.js

@@ -1,5 +0,0 @@
-/**
- * Wire types for defcon's REST and MCP APIs.
- * Exported for consumers (e.g. norad) to import instead of duplicating.
- */
-export {};

package/dist/config/db-path.d.ts

@@ -1 +0,0 @@
-export declare const DB_PATH = "./agentic-flow.db";

package/dist/config/db-path.js

@@ -1 +0,0 @@
-export const DB_PATH = "./agentic-flow.db";

package/dist/config/exporter.d.ts

@@ -1,3 +0,0 @@
-import type { IFlowRepository, IGateRepository } from "../repositories/interfaces.js";
-import type { SeedFile } from "./zod-schemas.js";
-export declare function exportSeed(flowRepo: IFlowRepository, gateRepo: IGateRepository): Promise<SeedFile>;

package/dist/config/exporter.js

@@ -1,87 +0,0 @@
-export async function exportSeed(flowRepo, gateRepo) {
-    const flows = await flowRepo.listAll();
-    // Fetch all gates once, build ID->name map (no N+1)
-    const allGates = await gateRepo.listAll();
-    const gateIdToName = new Map(allGates.map((g) => [g.id, g.name]));
-    const gateById = new Map(allGates.map((g) => [g.id, g]));
-    const exportedFlows = flows.filter((f) => f.discipline !== null);
-    // Collect gate IDs referenced by transitions of exported flows only
-    const referencedGateIds = new Set();
-    for (const flow of exportedFlows) {
-        for (const t of flow.transitions) {
-            if (t.gateId)
-                referencedGateIds.add(t.gateId);
-        }
-    }
-    // Build gates array from referenced gates (already loaded)
-    const gateEntries = [];
-    for (const gateId of referencedGateIds) {
-        const gate = gateById.get(gateId);
-        if (!gate)
-            continue;
-        if (gate.type === "command" && gate.command) {
-            gateEntries.push({
-                name: gate.name,
-                type: "command",
-                command: gate.command,
-                timeoutMs: gate.timeoutMs ?? undefined,
-            });
-        }
-        else if (gate.type === "function" && gate.functionRef) {
-            gateEntries.push({
-                name: gate.name,
-                type: "function",
-                functionRef: gate.functionRef,
-                timeoutMs: gate.timeoutMs ?? undefined,
-            });
-        }
-        else if (gate.type === "api" && gate.apiConfig) {
-            gateEntries.push({
-                name: gate.name,
-                type: "api",
-                apiConfig: gate.apiConfig,
-                timeoutMs: gate.timeoutMs ?? undefined,
-            });
-        }
-    }
-    const seedFlows = exportedFlows.map((f) => ({
-        name: f.name,
-        description: f.description ?? undefined,
-        entitySchema: f.entitySchema ?? undefined,
-        initialState: f.initialState,
-        maxConcurrent: f.maxConcurrent,
-        maxConcurrentPerRepo: f.maxConcurrentPerRepo,
-        affinityWindowMs: f.affinityWindowMs,
-        gateTimeoutMs: f.gateTimeoutMs ?? undefined,
-        version: f.version,
-        createdBy: f.createdBy ?? undefined,
-        discipline: f.discipline,
-        defaultModelTier: f.defaultModelTier ?? undefined,
-        timeoutPrompt: f.timeoutPrompt ?? undefined,
-    }));
-    const seedStates = exportedFlows.flatMap((f) => f.states.map((s) => ({
-        name: s.name,
-        flowName: f.name,
-        modelTier: s.modelTier ?? undefined,
-        mode: s.mode,
-        promptTemplate: s.promptTemplate ?? undefined,
-        constraints: s.constraints ?? undefined,
-    })));
-    const seedTransitions = exportedFlows.flatMap((f) => f.transitions.map((t) => ({
-        flowName: f.name,
-        fromState: t.fromState,
-        toState: t.toState,
-        trigger: t.trigger,
-        gateName: t.gateId ? gateIdToName.get(t.gateId) : undefined,
-        condition: t.condition ?? undefined,
-        priority: t.priority,
-        spawnFlow: t.spawnFlow ?? undefined,
-        spawnTemplate: t.spawnTemplate ?? undefined,
-    })));
-    return {
-        flows: seedFlows,
-        states: seedStates,
-        gates: gateEntries,
-        transitions: seedTransitions,
-    };
-}

package/dist/config/index.d.ts

@@ -1,4 +0,0 @@
-export { exportSeed } from "./exporter.js";
-export type { LoadSeedOptions, LoadSeedResult } from "./seed-loader.js";
-export { loadSeed } from "./seed-loader.js";
-export * from "./zod-schemas.js";

package/dist/config/index.js

@@ -1,4 +0,0 @@
-// Config module — seed loader, Zod schemas
-export { exportSeed } from "./exporter.js";
-export { loadSeed } from "./seed-loader.js";
-export * from "./zod-schemas.js";

package/dist/config/seed-loader.d.ts

@@ -1,10 +0,0 @@
-import type Database from "better-sqlite3";
-import type { IFlowRepository, IGateRepository } from "../repositories/interfaces.js";
-export interface LoadSeedOptions {
-    allowedRoot?: string;
-}
-export interface LoadSeedResult {
-    flows: number;
-    gates: number;
-}
-export declare function loadSeed(seedPath: string, flowRepo: IFlowRepository, gateRepo: IGateRepository, sqlite: InstanceType<typeof Database>, options?: LoadSeedOptions): Promise<LoadSeedResult>;

package/dist/config/seed-loader.js

@@ -1,108 +0,0 @@
-import { readFileSync, realpathSync } from "node:fs";
-import { relative, resolve, sep } from "node:path";
-import { SeedFileSchema } from "./zod-schemas.js";
-export async function loadSeed(seedPath, flowRepo, gateRepo, sqlite, options) {
-    const allowedRoot = options?.allowedRoot ?? process.cwd();
-    const resolvedRoot = resolve(allowedRoot);
-    const resolvedSeed = resolve(seedPath);
-    const lexicalRel = relative(resolvedRoot, resolvedSeed);
-    if (lexicalRel === ".." || lexicalRel.startsWith(`..${sep}`)) {
-        throw new Error(`Seed path escapes allowed root: ${resolvedSeed} is not under ${resolvedRoot}`);
-    }
-    const realSeed = realpathSync(resolvedSeed);
-    let realRoot;
-    try {
-        realRoot = realpathSync(resolvedRoot);
-    }
-    catch {
-        realRoot = resolvedRoot;
-    }
-    const realRel = relative(realRoot, realSeed);
-    if (realRel === ".." || realRel.startsWith(`..${sep}`)) {
-        throw new Error(`Seed path escapes allowed root: resolved symlink ${realSeed} is not under ${realRoot}`);
-    }
-    const raw = readFileSync(realSeed, "utf-8");
-    return parseSeedAndLoad(parseJson(raw, realSeed), flowRepo, gateRepo, sqlite);
-}
-function parseJson(raw, path) {
-    try {
-        return JSON.parse(raw);
-    }
-    catch (e) {
-        const msg = e instanceof Error ? e.message : String(e);
-        throw new Error(`Invalid JSON in seed file: ${path}: ${msg}`, { cause: e });
-    }
-}
-async function parseSeedAndLoad(json, flowRepo, gateRepo, sqlite) {
-    const parsed = SeedFileSchema.parse(json);
-    sqlite.exec("BEGIN");
-    try {
-        // 1. Create gates first (transitions reference them by name)
-        const gateNameToId = new Map();
-        for (const g of parsed.gates) {
-            const gate = await gateRepo.create({
-                name: g.name,
-                type: g.type,
-                command: "command" in g ? g.command : undefined,
-                functionRef: "functionRef" in g ? g.functionRef : undefined,
-                apiConfig: "apiConfig" in g ? g.apiConfig : undefined,
-                timeoutMs: g.timeoutMs,
-                failurePrompt: g.failurePrompt,
-                timeoutPrompt: g.timeoutPrompt,
-            });
-            gateNameToId.set(g.name, gate.id);
-        }
-        // 2. Create flows, states, and transitions
-        for (const f of parsed.flows) {
-            const flow = await flowRepo.create({
-                name: f.name,
-                description: f.description,
-                entitySchema: f.entitySchema,
-                initialState: f.initialState,
-                maxConcurrent: f.maxConcurrent,
-                maxConcurrentPerRepo: f.maxConcurrentPerRepo,
-                gateTimeoutMs: f.gateTimeoutMs,
-                createdBy: f.createdBy,
-                discipline: f.discipline,
-                defaultModelTier: f.defaultModelTier,
-                timeoutPrompt: f.timeoutPrompt,
-            });
-            const flowStates = parsed.states.filter((s) => s.flowName === f.name);
-            for (const s of flowStates) {
-                await flowRepo.addState(flow.id, {
-                    name: s.name,
-                    modelTier: s.modelTier,
-                    mode: s.mode,
-                    promptTemplate: s.promptTemplate,
-                    constraints: s.constraints,
-                    onEnter: s.onEnter,
-                });
-            }
-            const flowTransitions = parsed.transitions.filter((t) => t.flowName === f.name);
-            for (const t of flowTransitions) {
-                if (t.gateName && !gateNameToId.has(t.gateName)) {
-                    throw new Error(`Transition from "${t.fromState}" to "${t.toState}" in flow "${f.name}" references unknown gate "${t.gateName}"`);
-                }
-                await flowRepo.addTransition(flow.id, {
-                    fromState: t.fromState,
-                    toState: t.toState,
-                    trigger: t.trigger,
-                    gateId: t.gateName ? gateNameToId.get(t.gateName) : undefined,
-                    condition: t.condition,
-                    priority: t.priority,
-                    spawnFlow: t.spawnFlow,
-                    spawnTemplate: t.spawnTemplate,
-                });
-            }
-        }
-        sqlite.exec("COMMIT");
-    }
-    catch (err) {
-        sqlite.exec("ROLLBACK");
-        throw err;
-    }
-    return {
-        flows: parsed.flows.length,
-        gates: parsed.gates.length,
-    };
-}