@wopr-network/defcon 1.14.0 → 1.16.0

package/dist/src/api/wire-types.d.ts

@@ -7,15 +7,12 @@ export type ClaimResponse = {
     retry_after_ms: number;
     message: string;
 } | {
-    worker_id?: string;
     entity_id: string;
     invocation_id: string;
     flow: string | null;
-    stage: string;
-    agent_role: string | null;
-    prompt: string;
-    context: Record<string, unknown> | null;
-    worker_notice?: string;
+    state: string;
+    refs: Record<string, unknown> | null;
+    artifacts: Record<string, unknown> | null;
 };
 export type ReportResponse = {
     next_action: "continue";

package/dist/src/config/seed-loader.js

@@ -95,6 +95,7 @@ async function parseSeedAndLoad(json, flowRepo, gateRepo, db) {
                     onEnter: s.onEnter,
                     onExit: s.onExit,
                     retryAfterMs: s.retryAfterMs,
+                    meta: s.meta,
                 });
             }
             const flowTransitions = parsed.transitions.filter((t) => t.flowName === f.name);

package/dist/src/config/zod-schemas.d.ts

@@ -45,6 +45,7 @@ export declare const StateDefinitionSchema: z.ZodObject<{
         timeout_ms: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
     }, z.core.$strip>>;
     retryAfterMs: z.ZodOptional<z.ZodNumber>;
+    meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, z.core.$strip>;
 export declare const CommandGateSchema: z.ZodObject<{
     name: z.ZodString;
@@ -165,6 +166,7 @@ export declare const SeedFileSchema: z.ZodObject<{
             timeout_ms: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
         }, z.core.$strip>>;
         retryAfterMs: z.ZodOptional<z.ZodNumber>;
+        meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
     }, z.core.$strip>>;
     gates: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
         name: z.ZodString;

package/dist/src/config/zod-schemas.js

@@ -60,6 +60,8 @@ export const StateDefinitionSchema = z.object({
     onEnter: OnEnterSchema.optional(),
     onExit: OnExitSchema.optional(),
     retryAfterMs: z.number().int().min(0).optional(),
+    /** Opaque metadata passed through to consumers (e.g. radar). Defcon stores but does not interpret. */
+    meta: z.record(z.string(), z.unknown()).optional(),
 });
 // Gate: discriminated union on `type`
 const GateOutcomeSchema = z.object({

package/dist/src/engine/engine.d.ts

@@ -21,8 +21,8 @@ export interface ClaimWorkResult {
     invocationId: string;
     flowName: string;
     stage: string;
-    prompt: string;
-    context: Record<string, unknown> | null;
+    refs: Record<string, unknown> | null;
+    artifacts: Record<string, unknown> | null;
 }
 export interface EngineStatus {
     flows: Record<string, Record<string, number>>;

package/dist/src/engine/engine.js

@@ -8,6 +8,8 @@ import { buildInvocation } from "./invocation-builder.js";
 import { executeOnEnter } from "./on-enter.js";
 import { executeOnExit } from "./on-exit.js";
 import { findTransition, isTerminal } from "./state-machine.js";
+const MERGE_BLOCKED_THRESHOLD = 3;
+const MERGE_BLOCKED_STUCK_MESSAGE = "PR blocked in merge queue 3+ times — likely branch protection or queue contention issue";
 export class Engine {
     entityRepo;
     flowRepo;
@@ -93,10 +95,31 @@ export class Engine {
             return { gated: true, ...routing, terminal: false };
         }
         // Gate passed or redirected — determine the actual destination.
-        const toState = routing.kind === "redirect" ? routing.toState : transition.toState;
+        let toState = routing.kind === "redirect" ? routing.toState : transition.toState;
         const trigger = routing.kind === "redirect" ? routing.trigger : signal;
         const spawnFlow = routing.kind === "redirect" ? null : transition.spawnFlow;
         const { gatesPassed } = routing;
+        // 4a. Merge-blocked loop detection: if the watcher sends "blocked" from
+        // "merging", increment a counter. After MERGE_BLOCKED_THRESHOLD cycles,
+        // override the destination to "stuck" to break the loop.
+        if (signal === "blocked" && entity.state === "merging") {
+            const prevCount = (typeof entity.artifacts?.merge_blocked_count === "number" ? entity.artifacts.merge_blocked_count : 0);
+            const newCount = prevCount + 1;
+            await this.entityRepo.updateArtifacts(entityId, { merge_blocked_count: newCount });
+            if (newCount >= MERGE_BLOCKED_THRESHOLD) {
+                const stuckState = flow.states.find((s) => s.name === "stuck");
+                if (stuckState) {
+                    toState = "stuck";
+                    await this.entityRepo.updateArtifacts(entityId, {
+                        merge_blocked_message: MERGE_BLOCKED_STUCK_MESSAGE,
+                    });
+                    this.logger.warn(`[engine] Entity ${entityId} merge-blocked ${newCount} times, transitioning to stuck`);
+                }
+                else {
+                    this.logger.warn(`merge_blocked_count >= threshold but no stuck state in flow ${flow.name} — entity ${entityId} will continue looping`);
+                }
+            }
+        }
         // 4b. Execute onExit hook on the DEPARTING state (before transition)
         const departingStateDef = flow.states.find((s) => s.name === entity.state);
         if (departingStateDef?.onExit) {
@@ -556,12 +579,6 @@ export class Engine {
                     this.logger.warn(`[engine] setAffinity failed for entity ${claimed.id} worker ${worker_id} — continuing:`, err);
                 }
             }
-            const versionedFlow = await this.flowRepo.getAtVersion(claimed.flowId, claimed.flowVersion);
-            const effectiveFlow = versionedFlow ?? flow;
-            const state = effectiveFlow.states.find((s) => s.name === pending.stage);
-            const build = state
-                ? await this.buildPromptForEntity(state, claimed, effectiveFlow)
-                : { prompt: pending.prompt, context: null };
             await this.eventEmitter.emit({
                 type: "entity.claimed",
                 entityId: claimed.id,
@@ -574,8 +591,8 @@ export class Engine {
                 invocationId: claimedInvocation.id,
                 flowName: flow.name,
                 stage: pending.stage,
-                prompt: build.prompt,
-                context: build.context,
+                refs: claimed.refs ?? null,
+                artifacts: claimed.artifacts ?? null,
             };
         }
         // 8. Fallback: no unclaimed invocations — claim entity directly and create invocation
@@ -653,8 +670,8 @@ export class Engine {
                     invocationId: claimedInvocation.id,
                     flowName: flow.name,
                     stage: state.name,
-                    prompt: build.prompt,
-                    context: build.context,
+                    refs: claimed.refs ?? null,
+                    artifacts: claimed.artifacts ?? null,
                 };
             }
         }

package/dist/src/engine/invocation-builder.js

@@ -46,7 +46,7 @@ export async function buildInvocation(state, entity, adapters, flow, logger = co
     let systemPrompt = "";
     let userContent = "";
     if (state.promptTemplate) {
-        const template = getHandlebars().compile(state.promptTemplate);
+        const template = getHandlebars().compile(state.promptTemplate, { noEscape: true });
         prompt = template(context);
         systemPrompt = `${INJECTION_WARNING}\n\n${prompt}`;
         userContent = `<external-data>\n${JSON.stringify(entityDataForContext(entity), null, 2)}\n</external-data>`;

package/dist/src/execution/cli.js

@@ -474,9 +474,11 @@ program
     sqlite.close();
 });
 // ─── provision-worktree ───
+// TODO(WOP-2014): Remove this subcommand once nuke containers are deployed and stable.
+// Nuke workers provision their own workspace inside the container, making this unnecessary.
 program
     .command("provision-worktree")
-    .description("Provision a git worktree and branch for an issue")
+    .description("[DEPRECATED] Provision a git worktree and branch for an issue (superseded by nuke containers)")
     .argument("<repo>", "GitHub repo (e.g. wopr-network/defcon)")
     .argument("<issue-key>", "Issue key (e.g. WOP-392)")
     .option("--base-path <path>", "Worktree base directory", join(homedir(), "worktrees"))

package/dist/src/execution/handlers/flow.js

@@ -173,8 +173,15 @@ export async function handleFlowClaim(deps, args) {
             continue;
         }
         const flow = entity ? flowById.get(entity.flowId) : undefined;
+        if (!flow) {
+            await deps.entities.release(entity.id, claimerId).catch(() => { });
+            await deps.invocations
+                .fail(claimed.id, `Flow not found for entity ${entity.id} (flowId: ${entity.flowId})`)
+                .catch(() => { });
+            continue;
+        }
         // Record affinity for the claiming worker (best-effort; failure must not block the claim)
-        if (worker_id && entity && flow) {
+        if (worker_id && entity) {
             try {
                 const windowMs = flow.affinityWindowMs ?? 300000;
                 await deps.entities.setAffinity(claimed.entityId, worker_id, role, new Date(Date.now() + windowMs));
@@ -198,14 +205,12 @@ export async function handleFlowClaim(deps, args) {
             });
         }
         return jsonResult({
-            worker_id: worker_id,
-            entity_id: claimed.entityId,
+            entity_id: entity.id,
             invocation_id: claimed.id,
-            flow: flow?.name ?? null,
-            stage: claimed.stage,
-            agent_role: claimed.agentRole || null,
-            prompt: claimed.prompt,
-            context: claimed.context,
+            flow: flow.name,
+            state: claimed.stage,
+            refs: claimedEntity.refs ?? null,
+            artifacts: claimedEntity.artifacts ?? null,
         });
     }
     return noWorkResult(RETRY_SHORT_MS, role);

package/dist/src/execution/provision-worktree.js

@@ -1,3 +1,8 @@
+/**
+ * @deprecated provision-worktree is superseded by nuke containerized workers (WOP-2014).
+ * Nuke containers provision their own workspace inside the container.
+ * TODO: remove this file once nuke is deployed and stable.
+ */
 import { execFileSync } from "node:child_process";
 import { existsSync } from "node:fs";
 import { homedir } from "node:os";

package/dist/src/repositories/drizzle/flow.repo.js

@@ -17,6 +17,7 @@ function rowToState(r) {
         onEnter: r.onEnter ?? null,
         onExit: r.onExit ?? null,
         retryAfterMs: r.retryAfterMs ?? null,
+        meta: r.meta,
     };
 }
 function rowToTransition(r) {
@@ -161,6 +162,7 @@ export class DrizzleFlowRepository {
                 onEnter: s.onEnter ?? null,
                 onExit: s.onExit ?? null,
                 retryAfterMs: s.retryAfterMs ?? null,
+                meta: s.meta ?? null,
             })),
             transitions: (snap.transitions ?? []).map((t) => ({
                 id: t.id,
@@ -238,6 +240,7 @@ export class DrizzleFlowRepository {
             onEnter: (state.onEnter ?? null),
             onExit: (state.onExit ?? null),
             retryAfterMs: state.retryAfterMs ?? null,
+            meta: (state.meta ?? null),
         };
         this.db.transaction((tx) => {
             tx.insert(stateDefinitions).values(row).run();
@@ -268,6 +271,8 @@ export class DrizzleFlowRepository {
             updateValues.onExit = changes.onExit;
         if (changes.retryAfterMs !== undefined)
             updateValues.retryAfterMs = changes.retryAfterMs;
+        if (changes.meta !== undefined)
+            updateValues.meta = changes.meta;
         if (Object.keys(updateValues).length > 0) {
             this.db.update(stateDefinitions).set(updateValues).where(eq(stateDefinitions.id, stateId)).run();
         }

package/dist/src/repositories/drizzle/schema.d.ts

@@ -532,6 +532,23 @@ export declare const stateDefinitions: import("drizzle-orm/sqlite-core").SQLiteT
             identity: undefined;
             generated: undefined;
         }, {}, {}>;
+        meta: import("drizzle-orm/sqlite-core").SQLiteColumn<{
+            name: "meta";
+            tableName: "state_definitions";
+            dataType: "json";
+            columnType: "SQLiteTextJson";
+            data: unknown;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
     };
     dialect: "sqlite";
 }>;

package/dist/src/repositories/drizzle/schema.js

@@ -34,6 +34,8 @@ export const stateDefinitions = sqliteTable("state_definitions", {
     onEnter: text("on_enter", { mode: "json" }),
     onExit: text("on_exit", { mode: "json" }),
     retryAfterMs: integer("retry_after_ms"),
+    /** Opaque metadata passed through to consumers. Defcon stores but does not interpret. */
+    meta: text("meta", { mode: "json" }),
 }, (table) => ({
     flowNameUnique: uniqueIndex("state_definitions_flow_name_unique").on(table.flowId, table.name),
 }));

package/dist/src/repositories/interfaces.d.ts

@@ -99,6 +99,8 @@ export interface State {
     onExit: OnExitConfig | null;
     /** Override check_back delay for workers claiming this state. Falls back to Flow.claimRetryAfterMs. */
     retryAfterMs: number | null;
+    /** Opaque metadata passed through to consumers (e.g. radar). Defcon stores but does not interpret. */
+    meta: Record<string, unknown> | null;
 }
 /** A transition rule between two states */
 export interface Transition {
@@ -195,6 +197,7 @@ export interface CreateStateInput {
     onEnter?: OnEnterConfig;
     onExit?: OnExitConfig;
     retryAfterMs?: number;
+    meta?: Record<string, unknown>;
 }
 /** Input for adding a transition rule */
 export interface CreateTransitionInput {

package/drizzle/0019_same_rhodey.sql

@@ -0,0 +1 @@
+ALTER TABLE `state_definitions` ADD `meta` text;