apcore-js 0.15.1 → 0.17.0

package/dist/executor.js

@@ -4,18 +4,16 @@
  * Async-only execution pipeline. Python's call() + call_async() merge into one async call().
  * Timeout uses Promise.race instead of threading.
  */
-import { Kind } from '@sinclair/typebox';
-import { Value } from '@sinclair/typebox/value';
-import { jsonSchemaToTypeBox } from './schema/loader.js';
-import { createApprovalRequest } from './approval.js';
 import { Context } from './context.js';
 import { ExecutionCancelledError } from './cancel.js';
-import { ACLDeniedError, ApprovalDeniedError, ApprovalPendingError, ApprovalTimeoutError, InvalidInputError, ModuleError, ModuleNotFoundError, ModuleTimeoutError, SchemaValidationError, } from './errors.js';
+import { InvalidInputError, ModuleError, } from './errors.js';
 import { AfterMiddleware, BeforeMiddleware } from './middleware/index.js';
 import { MiddlewareChainError, MiddlewareManager } from './middleware/manager.js';
-import { guardCallChain } from './utils/call-chain.js';
-import { DEFAULT_ANNOTATIONS, createPreflightResult } from './module.js';
+import { createPreflightResult } from './module.js';
 import { MODULE_ID_PATTERN } from './registry/registry.js';
+import { ExecutionStrategy, PipelineEngine, PipelineAbortError, StrategyNotFoundError } from './pipeline.js';
+import { BuiltinACLCheck, BuiltinApprovalGate, buildStandardStrategy, buildInternalStrategy, buildTestingStrategy, buildPerformanceStrategy, } from './builtin-steps.js';
+import { propagateError } from './utils/error-propagation.js';
 export const REDACTED_VALUE = '***REDACTED***';
 /** Well-known context.data keys used internally by the runtime. */
 export const CTX_GLOBAL_DEADLINE = '_apcore.executor.global_deadline';
@@ -74,26 +72,6 @@ function redactSecretPrefix(data) {
         }
     }
 }
-/**
- * Normalize a dict-form annotations object into a ModuleAnnotations interface.
- * Handles both camelCase and snake_case keys (parallel to Python's
- * ``ModuleAnnotations(**{k: v for k, v in annotations.items() if k in valid_fields})``).
- */
-function dictToAnnotations(dict) {
-    return {
-        readonly: Boolean(dict['readonly'] ?? false),
-        destructive: Boolean(dict['destructive'] ?? false),
-        idempotent: Boolean(dict['idempotent'] ?? false),
-        requiresApproval: Boolean(dict['requiresApproval'] ?? dict['requires_approval'] ?? false),
-        openWorld: Boolean(dict['openWorld'] ?? dict['open_world'] ?? true),
-        streaming: Boolean(dict['streaming'] ?? false),
-        cacheable: Boolean(dict['cacheable'] ?? false),
-        cacheTtl: Number(dict['cacheTtl'] ?? dict['cache_ttl'] ?? 0),
-        cacheKeyFields: (dict['cacheKeyFields'] ?? dict['cache_key_fields'] ?? null),
-        paginated: Boolean(dict['paginated'] ?? false),
-        paginationStyle: (dict['paginationStyle'] ?? dict['pagination_style'] ?? 'cursor'),
-    };
-}
 export class Executor {
     _registry;
     _middlewareManager;
@@ -104,6 +82,10 @@ export class Executor {
     _globalTimeout;
     _maxCallDepth;
     _maxModuleRepeat;
+    _strategy;
+    _pipelineEngine;
+    /** Global strategy registry for name-based resolution. */
+    static _strategyRegistry = new Map();
     constructor(options) {
         this._registry = options.registry;
         this._middlewareManager = new MiddlewareManager();
@@ -127,6 +109,73 @@ export class Executor {
             this._maxCallDepth = 32;
             this._maxModuleRepeat = 3;
         }
+        // Resolve strategy option (default to standard)
+        const strategyOpt = options.strategy;
+        if (strategyOpt === undefined || strategyOpt === null) {
+            // Default to standard strategy (pipeline-first)
+            this._strategy = buildStandardStrategy(this._buildStrategyDeps());
+        }
+        else if (typeof strategyOpt === 'string') {
+            // Resolve by name from the global registry
+            const resolved = Executor._strategyRegistry.get(strategyOpt);
+            if (resolved === undefined) {
+                // Try built-in factory names
+                const deps = this._buildStrategyDeps();
+                const builtinFactories = {
+                    standard: buildStandardStrategy,
+                    internal: buildInternalStrategy,
+                    testing: buildTestingStrategy,
+                    performance: buildPerformanceStrategy,
+                };
+                const factory = builtinFactories[strategyOpt];
+                if (factory !== undefined) {
+                    this._strategy = factory(deps);
+                }
+                else {
+                    throw new StrategyNotFoundError(`Strategy '${strategyOpt}' not found in registry`);
+                }
+            }
+            else {
+                this._strategy = resolved;
+            }
+        }
+        else {
+            // ExecutionStrategy instance
+            this._strategy = strategyOpt;
+        }
+        this._pipelineEngine = new PipelineEngine();
+    }
+    /** Build the dependency bag for strategy factories. */
+    _buildStrategyDeps() {
+        return {
+            config: this._config,
+            registry: this._registry,
+            acl: this._acl,
+            approvalHandler: this._approvalHandler,
+            middlewareManager: this._middlewareManager,
+        };
+    }
+    // -----------------------------------------------------------------------
+    // Static strategy registry (introspection - Task 4)
+    // -----------------------------------------------------------------------
+    /** Register a named strategy in the global registry. */
+    static registerStrategy(name, strategy) {
+        Executor._strategyRegistry.set(name, strategy);
+    }
+    /** List all registered strategy names. */
+    static listStrategies() {
+        return [...Executor._strategyRegistry.keys()];
+    }
+    /** Describe the pipeline of the given strategy (or the executor's current strategy). */
+    describePipeline(strategy) {
+        const target = strategy ?? this._strategy;
+        if (target === null)
+            return null;
+        return target.info();
+    }
+    /** Get the current execution strategy. */
+    get currentStrategy() {
+        return this._strategy;
     }
     static fromRegistry(registry, middlewares, acl, config, approvalHandler) {
         return new Executor({ registry, middlewares, acl, config, approvalHandler });
@@ -137,13 +186,25 @@ export class Executor {
     get middlewares() {
         return this._middlewareManager.snapshot();
     }
-    /** Set the access control provider. */
+    /** Set the access control provider. Updates both the executor field and the strategy's ACL step. */
     setAcl(acl) {
         this._acl = acl;
+        for (const step of this._strategy.steps) {
+            if (step.name === 'acl_check' && step instanceof BuiltinACLCheck) {
+                step.setAcl(acl);
+                break;
+            }
+        }
     }
-    /** Set the approval handler for Step 5 gate. */
+    /** Set the approval handler for Step 5 gate. Updates both the executor field and the strategy's approval step. */
     setApprovalHandler(handler) {
         this._approvalHandler = handler;
+        for (const step of this._strategy.steps) {
+            if (step.name === 'approval_gate' && step instanceof BuiltinApprovalGate) {
+                step.setApprovalHandler(handler);
+                break;
+            }
+        }
     }
     use(middleware) {
         this._middlewareManager.add(middleware);
@@ -160,9 +221,45 @@ export class Executor {
     remove(middleware) {
         return this._middlewareManager.remove(middleware);
     }
-    async call(moduleId, inputs, context, _versionHint) {
-        const { mod, effectiveInputs, ctx } = await this._prepareExecution(moduleId, inputs, context);
-        return this._executeWithMiddleware(mod, moduleId, effectiveInputs, ctx);
+    async call(moduleId, inputs, context, versionHint) {
+        this._validateModuleId(moduleId);
+        const ctx = context != null ? context.child(moduleId) : Context.create(this).child(moduleId);
+        const pipeCtx = {
+            moduleId,
+            inputs: inputs ?? {},
+            context: ctx,
+            module: null,
+            validatedInputs: null,
+            output: null,
+            validatedOutput: null,
+            stream: false,
+            outputStream: null,
+            strategy: this._strategy,
+            trace: null,
+            versionHint: versionHint ?? null,
+        };
+        try {
+            const [output, _trace] = await this._pipelineEngine.run(this._strategy, pipeCtx);
+            return (output ?? {});
+        }
+        catch (exc) {
+            if (exc instanceof ExecutionCancelledError)
+                throw exc;
+            // Pipeline errors propagate with their original types (ModuleNotFoundError, etc.)
+            // because builtin steps now throw directly.
+            const ctxObj = pipeCtx.context;
+            const wrapped = propagateError(exc, moduleId, ctxObj);
+            const executedMw = pipeCtx.executedMiddlewares;
+            if (executedMw && executedMw.length > 0) {
+                const recovery = this._middlewareManager.executeOnError(moduleId, pipeCtx.inputs, wrapped, ctxObj, executedMw);
+                if (recovery !== null)
+                    return recovery;
+            }
+            if (exc instanceof MiddlewareChainError) {
+                throw new ModuleError('MODULE_EXECUTE_ERROR', String(exc), { moduleId });
+            }
+            throw wrapped;
+        }
     }
     /**
      * Alias for call(). Provided for compatibility with MCP bridge packages
@@ -171,6 +268,30 @@ export class Executor {
     async callAsync(moduleId, inputs, context, versionHint) {
         return this.call(moduleId, inputs, context, versionHint);
     }
+    /**
+     * Execute a module through the pipeline strategy and return both the output
+     * and a full execution trace. Requires a strategy to be set (either on the
+     * executor or passed via options).
+     */
+    async callWithTrace(moduleId, inputs, context, options) {
+        const strategy = options?.strategy ?? this._strategy;
+        const ctx = context ?? Context.create(this).child(moduleId);
+        const pipelineCtx = {
+            moduleId,
+            inputs: inputs ?? {},
+            context: ctx,
+            module: null,
+            validatedInputs: null,
+            output: null,
+            validatedOutput: null,
+            stream: false,
+            outputStream: null,
+            strategy,
+            trace: null,
+        };
+        const [output, trace] = await this._pipelineEngine.run(strategy, pipelineCtx);
+        return [(output ?? {}), trace];
+    }
     /**
      * Streaming execution pipeline. If the module exposes a stream() async generator,
      * yields each chunk. Otherwise falls back to call() and yields a single chunk.
@@ -182,191 +303,103 @@ export class Executor {
      * validation/side-effects but its return value is not yielded since chunks were already
      * emitted. In the non-streaming fallback, after-middleware can transform the output.
      */
-    async *stream(moduleId, inputs, context, _versionHint) {
-        const { mod, effectiveInputs, ctx } = await this._prepareExecution(moduleId, inputs, context);
-        yield* this._streamWithMiddleware(mod, moduleId, effectiveInputs, ctx);
-    }
-    async *_streamWithMiddleware(mod, moduleId, inputs, ctx) {
-        let effectiveInputs = inputs;
-        let executedMiddlewares = [];
+    /**
+     * Streaming execution pipeline using split-pipeline design.
+     *
+     * Phase 1: Pipeline runs all steps with ctx.stream=true. BuiltinExecute detects
+     *   stream mode and sets ctx.outputStream if module has stream().
+     * Phase 2: Iterate stream, accumulate chunks and yield each.
+     * Phase 3: Run output_validation + middleware_after on accumulated output.
+     *
+     * If the module has no stream(), the pipeline executes normally and yields ctx.output.
+     */
+    async *stream(moduleId, inputs, context, versionHint) {
+        this._validateModuleId(moduleId);
+        const ctx = context != null ? context.child(moduleId) : Context.create(this).child(moduleId);
+        const pipeCtx = {
+            moduleId,
+            inputs: inputs ?? {},
+            context: ctx,
+            module: null,
+            validatedInputs: null,
+            output: null,
+            validatedOutput: null,
+            stream: true,
+            outputStream: null,
+            strategy: this._strategy,
+            trace: null,
+            versionHint: versionHint ?? null,
+        };
+        // Phase 1: Run the full pipeline. BuiltinExecute detects ctx.stream=true.
         try {
-            try {
-                [effectiveInputs, executedMiddlewares] = this._middlewareManager.executeBefore(moduleId, effectiveInputs, ctx);
-            }
-            catch (e) {
-                if (e instanceof MiddlewareChainError) {
-                    executedMiddlewares = e.executedMiddlewares;
-                    const recovery = this._middlewareManager.executeOnError(moduleId, effectiveInputs, e.original, ctx, executedMiddlewares);
-                    if (recovery !== null) {
-                        yield recovery;
-                        return;
-                    }
-                    executedMiddlewares = [];
-                    throw e.original;
-                }
-                throw e;
-            }
-            // Cancel check before execution
-            if (ctx.cancelToken !== null) {
-                ctx.cancelToken.check();
-            }
-            const streamFn = mod['stream'];
-            if (typeof streamFn === 'function') {
-                // Module has a stream() method: iterate and yield each chunk
-                let accumulated = {};
-                for await (const chunk of streamFn.call(mod, effectiveInputs, ctx)) {
-                    accumulated = { ...accumulated, ...chunk };
-                    yield chunk;
-                }
-                // Validate accumulated output against output schema
-                this._validateOutput(mod, accumulated);
-                // Run after-middleware on the accumulated result
-                this._middlewareManager.executeAfter(moduleId, effectiveInputs, accumulated, ctx);
-            }
-            else {
-                // Fallback: execute normally and yield single chunk
-                let output = await this._executeWithTimeout(mod, moduleId, effectiveInputs, ctx);
-                this._validateOutput(mod, output);
-                output = this._middlewareManager.executeAfter(moduleId, effectiveInputs, output, ctx);
-                yield output;
-            }
+            await this._pipelineEngine.run(this._strategy, pipeCtx);
         }
         catch (exc) {
             if (exc instanceof ExecutionCancelledError)
                 throw exc;
-            if (executedMiddlewares.length > 0) {
-                const recovery = this._middlewareManager.executeOnError(moduleId, effectiveInputs, exc, ctx, executedMiddlewares);
+            const ctxObj = pipeCtx.context;
+            const wrapped = propagateError(exc, moduleId, ctxObj);
+            if (pipeCtx.executedMiddlewares && pipeCtx.executedMiddlewares.length > 0) {
+                const recovery = this._middlewareManager.executeOnError(moduleId, pipeCtx.inputs, wrapped, ctxObj, pipeCtx.executedMiddlewares);
                 if (recovery !== null) {
                     yield recovery;
                     return;
                 }
             }
-            throw exc;
+            throw wrapped;
         }
-    }
-    /**
-     * Shared pipeline: context -> global deadline -> safety -> lookup -> ACL -> approval -> validate.
-     */
-    async _prepareExecution(moduleId, inputs, context) {
-        let effectiveInputs = inputs ?? {};
-        const ctx = this._createContext(moduleId, context);
-        // Set global deadline on root call only
-        if (!(CTX_GLOBAL_DEADLINE in ctx.data) && this._globalTimeout > 0) {
-            ctx.data[CTX_GLOBAL_DEADLINE] = Date.now() + this._globalTimeout;
-        }
-        this._checkSafety(moduleId, ctx);
-        const mod = this._lookupModule(moduleId);
-        this._checkAcl(moduleId, ctx);
-        // Step 5 -- Approval Gate (strips internal keys like _approval_token)
-        effectiveInputs = await this._checkApproval(mod, moduleId, effectiveInputs, ctx);
-        effectiveInputs = this._validateInputs(mod, effectiveInputs, ctx);
-        return { mod, effectiveInputs, ctx };
-    }
-    _createContext(moduleId, context) {
-        if (context == null) {
-            return Context.create(this).child(moduleId);
-        }
-        return context.child(moduleId);
-    }
-    _lookupModule(moduleId) {
-        const module = this._registry.get(moduleId);
-        if (module === null) {
-            throw new ModuleNotFoundError(moduleId);
-        }
-        return module;
-    }
-    _checkAcl(moduleId, ctx) {
-        if (this._acl !== null) {
-            const allowed = this._acl.check(ctx.callerId, moduleId, ctx);
-            if (!allowed) {
-                throw new ACLDeniedError(ctx.callerId, moduleId);
-            }
-        }
-    }
-    _validateInputs(mod, inputs, ctx) {
-        const inputSchema = this._resolveSchema(mod, 'inputSchema');
-        if (inputSchema == null)
-            return inputs;
-        this._validateSchema(inputSchema, inputs, 'Input');
-        ctx.redactedInputs = redactSensitive(inputs, inputSchema);
-        return inputs;
-    }
-    _resolveSchema(mod, key) {
-        const schema = mod[key];
-        if (schema == null)
-            return null;
-        if (Kind in schema)
-            return schema;
-        const converted = jsonSchemaToTypeBox(schema);
-        mod[key] = converted;
-        return converted;
-    }
-    _validateSchema(schema, data, direction) {
-        if (Value.Check(schema, data))
+        // If no outputStream, pipeline already executed normally — yield single result
+        if (pipeCtx.outputStream == null) {
+            yield (pipeCtx.output ?? {});
             return;
-        const errors = [];
-        for (const error of Value.Errors(schema, data)) {
-            errors.push({
-                field: error.path || '/',
-                code: String(error.type),
-                message: error.message,
-            });
         }
-        throw new SchemaValidationError(`${direction} validation failed`, errors);
-    }
-    async _executeWithMiddleware(mod, moduleId, inputs, ctx) {
-        let effectiveInputs = inputs;
-        let executedMiddlewares = [];
+        // Phase 2: Iterate stream, accumulate chunks
+        const outputStream = pipeCtx.outputStream;
+        let accumulated = {};
         try {
-            try {
-                [effectiveInputs, executedMiddlewares] = this._middlewareManager.executeBefore(moduleId, effectiveInputs, ctx);
+            for await (const chunk of outputStream) {
+                accumulated = { ...accumulated, ...chunk };
+                yield chunk;
             }
-            catch (e) {
-                if (e instanceof MiddlewareChainError) {
-                    executedMiddlewares = e.executedMiddlewares;
-                    const recovery = this._middlewareManager.executeOnError(moduleId, effectiveInputs, e.original, ctx, executedMiddlewares);
-                    if (recovery !== null)
-                        return recovery;
-                    executedMiddlewares = [];
-                    throw e.original;
-                }
-                throw e;
-            }
-            // Cancel check before execution
-            if (ctx.cancelToken !== null) {
-                ctx.cancelToken.check();
-            }
-            let output = await this._executeWithTimeout(mod, moduleId, effectiveInputs, ctx);
-            this._validateOutput(mod, output);
-            output = this._middlewareManager.executeAfter(moduleId, effectiveInputs, output, ctx);
-            return output;
         }
         catch (exc) {
             if (exc instanceof ExecutionCancelledError)
                 throw exc;
-            if (executedMiddlewares.length > 0) {
-                const recovery = this._middlewareManager.executeOnError(moduleId, effectiveInputs, exc, ctx, executedMiddlewares);
-                if (recovery !== null)
-                    return recovery;
+            const ctxObj = pipeCtx.context;
+            const wrapped = propagateError(exc, moduleId, ctxObj);
+            if (pipeCtx.executedMiddlewares && pipeCtx.executedMiddlewares.length > 0) {
+                const recovery = this._middlewareManager.executeOnError(moduleId, pipeCtx.inputs, wrapped, ctxObj, pipeCtx.executedMiddlewares);
+                if (recovery !== null) {
+                    yield recovery;
+                    return;
+                }
             }
-            throw exc;
+            throw wrapped;
         }
-    }
-    _validateOutput(mod, output) {
-        const outputSchema = this._resolveSchema(mod, 'outputSchema');
-        if (outputSchema != null) {
-            this._validateSchema(outputSchema, output, 'Output');
+        // Phase 3: Output validation + middleware_after on accumulated result
+        pipeCtx.output = accumulated;
+        const postSteps = this._strategy.steps.filter((s) => s.name === 'output_validation' || s.name === 'middleware_after' || s.name === 'return_result');
+        if (postSteps.length > 0) {
+            const postStrategy = new ExecutionStrategy('post_stream', postSteps);
+            try {
+                await this._pipelineEngine.run(postStrategy, pipeCtx);
+            }
+            catch {
+                // Post-stream validation errors are non-fatal for already-yielded chunks
+            }
         }
     }
     /**
-     * Non-destructive preflight check through Steps 1-6 of the pipeline.
-     * Returns a PreflightResult that is duck-type compatible with ValidationResult.
+     * Non-destructive preflight check using pipeline dry_run mode.
+     *
+     * Runs all pure steps (context creation, call chain guard, module lookup,
+     * ACL, input validation). Steps with pure=false (approval, middleware,
+     * execute) are automatically skipped. Returns a PreflightResult.
      */
-    validate(moduleId, inputs, context) {
+    async validate(moduleId, inputs, context) {
         const effectiveInputs = inputs ?? {};
         const checks = [];
-        let requiresApproval = false;
-        // Check 1: module_id format
+        // Check 0: module_id format (before pipeline)
         if (!MODULE_ID_PATTERN.test(moduleId)) {
             checks.push({
                 check: 'module_id', passed: false,
@@ -375,100 +408,117 @@ export class Executor {
             return createPreflightResult(checks);
         }
         checks.push({ check: 'module_id', passed: true });
-        // Check 2: module lookup
-        const module = this._registry.get(moduleId);
-        if (module === null) {
-            checks.push({
-                check: 'module_lookup', passed: false,
-                error: { code: 'MODULE_NOT_FOUND', message: `Module not found: ${moduleId}` },
-            });
-            return createPreflightResult(checks);
-        }
-        checks.push({ check: 'module_lookup', passed: true });
-        const mod = module;
-        // Check 3: call chain safety
-        const ctx = this._createContext(moduleId, context);
+        // Run pipeline in dry_run mode — pure=false steps are skipped
+        const pipeCtx = {
+            moduleId,
+            inputs: effectiveInputs,
+            context: context ?? Context.create(this).child(moduleId),
+            module: null,
+            validatedInputs: null,
+            output: null,
+            validatedOutput: null,
+            stream: false,
+            outputStream: null,
+            strategy: this._strategy,
+            trace: null,
+            dryRun: true,
+        };
+        let trace = null;
         try {
-            this._checkSafety(moduleId, ctx);
-            checks.push({ check: 'call_chain', passed: true });
+            const [, t] = await this._pipelineEngine.run(this._strategy, pipeCtx);
+            trace = t;
         }
         catch (e) {
-            const err = e instanceof ModuleError
-                ? { code: e.code, message: e.message }
-                : { code: 'CALL_CHAIN_ERROR', message: String(e) };
-            checks.push({ check: 'call_chain', passed: false, error: err });
-        }
-        // Check 4: ACL
-        if (this._acl !== null) {
-            const allowed = this._acl.check(ctx.callerId, moduleId, ctx);
-            if (!allowed) {
-                checks.push({
-                    check: 'acl', passed: false,
-                    error: { code: 'ACL_DENIED', message: `Access denied: ${ctx.callerId} -> ${moduleId}` },
-                });
+            // Step raised a domain error (ModuleNotFoundError, ACLDeniedError, etc.)
+            if (e instanceof PipelineAbortError) {
+                trace = e.pipelineTrace;
             }
             else {
-                checks.push({ check: 'acl', passed: true });
+                const errorDict = (e instanceof ModuleError)
+                    ? { code: e.code, message: e.message }
+                    : { code: e.constructor?.name ?? 'Error', message: String(e) };
+                const code = (e instanceof ModuleError) ? e.code : e.constructor?.name ?? 'Error';
+                let checkName;
+                if (code === 'MODULE_NOT_FOUND')
+                    checkName = 'module_lookup';
+                else if (code === 'ACL_DENIED')
+                    checkName = 'acl';
+                else if (code === 'SCHEMA_VALIDATION_ERROR' || code === 'INVALID_INPUT')
+                    checkName = 'schema';
+                else if (code === 'CALL_DEPTH_EXCEEDED' || code === 'CIRCULAR_CALL' || code === 'CALL_FREQUENCY_EXCEEDED')
+                    checkName = 'call_chain';
+                else
+                    checkName = 'unknown';
+                checks.push({ check: checkName, passed: false, error: errorDict });
             }
         }
-        else {
-            checks.push({ check: 'acl', passed: true });
-        }
-        // Check 5: approval detection (report only, no handler invocation)
-        if (this._needsApproval(mod)) {
-            requiresApproval = true;
+        // Convert pipeline trace to PreflightResult checks
+        if (trace !== null) {
+            checks.push(...this._traceToChecks(trace));
         }
-        checks.push({ check: 'approval', passed: true });
-        // Check 6: input schema validation
-        const inputSchema = mod['inputSchema'];
-        if (inputSchema != null) {
-            if (Value.Check(inputSchema, effectiveInputs)) {
-                checks.push({ check: 'schema', passed: true });
-            }
-            else {
-                const errors = [];
-                for (const error of Value.Errors(inputSchema, effectiveInputs)) {
-                    errors.push({
-                        field: error.path || '/',
-                        code: String(error.type),
-                        message: error.message,
+        // Detect requires_approval
+        let requiresApproval = false;
+        if (pipeCtx.module != null) {
+            requiresApproval = this._needsApproval(pipeCtx.module);
+        }
+        // Module-level preflight (optional)
+        if (pipeCtx.module != null) {
+            const mod = pipeCtx.module;
+            const modWithPreflight = mod;
+            if (typeof modWithPreflight.preflight === 'function') {
+                try {
+                    const preflightWarnings = modWithPreflight.preflight(effectiveInputs, pipeCtx.context);
+                    if (Array.isArray(preflightWarnings) && preflightWarnings.length > 0) {
+                        checks.push({ check: 'module_preflight', passed: true, warnings: preflightWarnings });
+                    }
+                    else {
+                        checks.push({ check: 'module_preflight', passed: true });
+                    }
+                }
+                catch (exc) {
+                    const excName = exc instanceof Error ? exc.constructor.name : 'Error';
+                    const excMsg = exc instanceof Error ? exc.message : String(exc);
+                    checks.push({
+                        check: 'module_preflight',
+                        passed: true,
+                        warnings: [`preflight() raised ${excName}: ${excMsg}`],
                     });
                 }
-                checks.push({
-                    check: 'schema', passed: false,
-                    error: { code: 'SCHEMA_VALIDATION_ERROR', errors },
-                });
             }
         }
-        else {
-            checks.push({ check: 'schema', passed: true });
-        }
-        // Check 7: module-level preflight (optional)
-        const modWithPreflight = mod;
-        if (typeof modWithPreflight.preflight === 'function') {
-            try {
-                const preflightWarnings = modWithPreflight.preflight(effectiveInputs, ctx);
-                if (Array.isArray(preflightWarnings) && preflightWarnings.length > 0) {
-                    checks.push({ check: 'module_preflight', passed: true, warnings: preflightWarnings });
-                }
-                else {
-                    checks.push({ check: 'module_preflight', passed: true });
-                }
-            }
-            catch (exc) {
-                const excName = exc instanceof Error ? exc.constructor.name : 'Error';
-                const excMsg = exc instanceof Error ? exc.message : String(exc);
-                checks.push({
-                    check: 'module_preflight',
-                    passed: true,
-                    warnings: [`preflight() raised ${excName}: ${excMsg}`],
-                });
+        return createPreflightResult(checks, requiresApproval);
+    }
+    /** Map pipeline step names to PreflightResult check names. */
+    static _STEP_TO_CHECK = {
+        context_creation: 'context',
+        call_chain_guard: 'call_chain',
+        module_lookup: 'module_lookup',
+        acl_check: 'acl',
+        approval_gate: 'approval',
+        middleware_before: 'middleware',
+        input_validation: 'schema',
+    };
+    /** Convert PipelineTrace steps to PreflightCheckResult list. */
+    _traceToChecks(trace) {
+        const checks = [];
+        for (const st of trace.steps) {
+            if (st.skipped)
+                continue;
+            const checkName = Executor._STEP_TO_CHECK[st.name] ?? st.name;
+            const passed = st.result.action !== 'abort';
+            let error;
+            if (!passed && st.result.explanation) {
+                error = { code: `STEP_${st.name.toUpperCase()}_FAILED`, message: st.result.explanation };
             }
+            checks.push({ check: checkName, passed, error });
         }
-        return createPreflightResult(checks, requiresApproval);
+        return checks;
     }
-    _checkSafety(moduleId, ctx) {
-        guardCallChain(moduleId, ctx.callChain, this._maxCallDepth, this._maxModuleRepeat);
+    /** Validate module_id format at public entry points. */
+    _validateModuleId(moduleId) {
+        if (!moduleId || !MODULE_ID_PATTERN.test(moduleId)) {
+            throw new InvalidInputError(`Invalid module ID: '${moduleId}'. Must match pattern: ${MODULE_ID_PATTERN.source}`);
+        }
     }
     /** Check if a module requires approval, handling both interface and dict annotations. */
     _needsApproval(mod) {
@@ -477,127 +527,13 @@ export class Executor {
             return false;
         if (typeof annotations !== 'object')
             return false;
-        // ModuleAnnotations interface (camelCase)
         if ('requiresApproval' in annotations) {
             return Boolean(annotations.requiresApproval);
         }
-        // Dict-form annotations (snake_case)
         if ('requires_approval' in annotations) {
             return Boolean(annotations['requires_approval']);
         }
         return false;
     }
-    /** Build an ApprovalRequest from module metadata. */
-    _buildApprovalRequest(mod, moduleId, inputs, ctx) {
-        const annotations = mod['annotations'];
-        let ann;
-        if (annotations != null && typeof annotations === 'object' && 'requiresApproval' in annotations) {
-            ann = annotations;
-        }
-        else if (annotations != null && typeof annotations === 'object') {
-            ann = dictToAnnotations(annotations);
-        }
-        else {
-            ann = DEFAULT_ANNOTATIONS;
-        }
-        return createApprovalRequest({
-            moduleId,
-            arguments: inputs,
-            context: ctx,
-            annotations: ann,
-            description: mod['description'] ?? null,
-            tags: mod['tags'] ?? [],
-        });
-    }
-    /** Map an ApprovalResult status to the appropriate action or error. */
-    _handleApprovalResult(result, moduleId) {
-        if (result.status === 'approved')
-            return;
-        if (result.status === 'rejected') {
-            throw new ApprovalDeniedError(result, moduleId);
-        }
-        if (result.status === 'timeout') {
-            throw new ApprovalTimeoutError(result, moduleId);
-        }
-        if (result.status === 'pending') {
-            throw new ApprovalPendingError(result, moduleId);
-        }
-        // Unknown status treated as denied
-        console.warn(`[apcore:executor] Unknown approval status '${result.status}' for module ${moduleId}, treating as denied`);
-        throw new ApprovalDeniedError(result, moduleId);
-    }
-    /** Emit an audit event for the approval decision (logging + span event). */
-    _emitApprovalEvent(result, moduleId, ctx) {
-        console.warn(`[apcore:executor] Approval decision: module=${moduleId} status=${result.status} approved_by=${result.approvedBy} reason=${result.reason}`);
-        const spansStack = ctx.data[CTX_TRACING_SPANS];
-        if (spansStack && spansStack.length > 0) {
-            spansStack[spansStack.length - 1].events.push({
-                name: 'approval_decision',
-                module_id: moduleId,
-                status: result.status,
-                approved_by: result.approvedBy ?? '',
-                reason: result.reason ?? '',
-                approval_id: result.approvalId ?? '',
-            });
-        }
-    }
-    /** Step 5: Approval gate. Returns inputs with internal keys stripped. */
-    async _checkApproval(mod, moduleId, inputs, ctx) {
-        if (this._approvalHandler === null)
-            return inputs;
-        if (!this._needsApproval(mod))
-            return inputs;
-        let result;
-        let cleanInputs = inputs;
-        if ('_approval_token' in inputs) {
-            const token = inputs['_approval_token'];
-            const { _approval_token: _, ...rest } = inputs;
-            cleanInputs = rest;
-            result = await this._approvalHandler.checkApproval(token);
-        }
-        else {
-            const request = this._buildApprovalRequest(mod, moduleId, inputs, ctx);
-            result = await this._approvalHandler.requestApproval(request);
-        }
-        this._emitApprovalEvent(result, moduleId, ctx);
-        this._handleApprovalResult(result, moduleId);
-        return cleanInputs;
-    }
-    async _executeWithTimeout(mod, moduleId, inputs, ctx) {
-        let timeoutMs = this._defaultTimeout;
-        // Respect global deadline: use whichever is shorter
-        const globalDeadline = ctx.data[CTX_GLOBAL_DEADLINE];
-        if (globalDeadline !== undefined) {
-            const remaining = globalDeadline - Date.now();
-            if (remaining <= 0) {
-                throw new ModuleTimeoutError(moduleId, 0);
-            }
-            if (timeoutMs === 0 || remaining < timeoutMs) {
-                timeoutMs = remaining;
-            }
-        }
-        if (timeoutMs < 0) {
-            throw new InvalidInputError(`Negative timeout: ${timeoutMs}ms`);
-        }
-        const executeFn = mod['execute'];
-        if (typeof executeFn !== 'function') {
-            throw new InvalidInputError(`Module '${moduleId}' has no execute method`);
-        }
-        const executionPromise = Promise.resolve(executeFn
-            .call(mod, inputs, ctx));
-        if (timeoutMs === 0) {
-            console.warn('[apcore:executor] Timeout is 0, timeout limit disabled');
-            return executionPromise;
-        }
-        let timer;
-        const timeoutPromise = new Promise((_, reject) => {
-            timer = setTimeout(() => {
-                reject(new ModuleTimeoutError(moduleId, timeoutMs));
-            }, timeoutMs);
-        });
-        return Promise.race([executionPromise, timeoutPromise]).finally(() => {
-            clearTimeout(timer);
-        });
-    }
 }
 //# sourceMappingURL=executor.js.map