bonecode 1.0.0 → 1.1.0

package/bone/output/agent/src/routes/task.ts

@@ -1,105 +1,105 @@
-// Generated by BoneScript compiler. DO NOT EDIT.
-// Service: TaskService
-import { Router, Request, Response } from "express";
-import { v4 as uuid } from "uuid";
-import { query, queryOne, execute, pool } from "../db";
-import { eventBus } from "../events";
-import { requireAuth, AuthContext } from "../auth";
-import rateLimit from "express-rate-limit";
-import { auditLog } from "../audit";
-import { logger } from "../logger";
-import { counter } from "../metrics";
-import * as __algorithms from "../algorithms";
-const { shortestPath, topologicalSort, binarySearch, bipartiteMatching, roundRobin, weightedAverage, percentile, rankBy, consistentHash } = __algorithms as any;
-
-import { transitionTask, TASK_INITIAL } from "../state_machines/task";
-
-export const tasksRouter = Router();
-
-// Rate limiter from policy declaration
-const __routeRateLimit = rateLimit({ windowMs: 60000, max: 200, standardHeaders: true, legacyHeaders: false });
-
-// CREATE
-tasksRouter.post("/", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
-  try {
-    const id = uuid();
-    const { agent_id, session_id, description, priority, result, error } = req.body;
-    const state = TASK_INITIAL;
-    const sql = `INSERT INTO tasks (id, agent_id, session_id, description, priority, result, error, state) VALUES ($1, $2, $3, $4, $5, $6, $7, $8) RETURNING *`;
-    const rows = await query(sql, [id, agent_id, session_id, description, priority, result, error, state]);
-    counter("entity.created", { entity: "Task" });
-    res.status(201).json(rows[0]);
-  } catch (e: any) {
-    res.status(400).json({ error: { code: "CREATE_FAILED", message: e.message } });
-  }
-});
-
-// READ
-tasksRouter.get("/:id", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
-  try {
-    const row = await queryOne(`SELECT * FROM tasks WHERE id = $1`, [req.params.id]);
-    if (!row) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
-    res.json(row);
-  } catch (e: any) {
-    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
-  }
-});
-
-// LIST
-tasksRouter.get("/", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
-  try {
-    const page = parseInt(req.query.page as string) || 1;
-    const pageSize = Math.min(parseInt(req.query.page_size as string) || 50, 100);
-    const offset = (page - 1) * pageSize;
-    const rows = await query(`SELECT tasks.*, row_to_json(agent_instance.*) as agent FROM tasks LEFT JOIN agent_instances agent_instance ON tasks.agent_id = agent_instance.id ORDER BY tasks.created_at DESC LIMIT $1 OFFSET $2`, [pageSize, offset]);
-    const [{ count }] = await query(`SELECT COUNT(*) as count FROM tasks`);
-    res.json({ items: rows, total: parseInt(count), page, page_size: pageSize });
-  } catch (e: any) {
-    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
-  }
-});
-
-// UPDATE
-tasksRouter.put("/:id", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
-  const fields = { ...req.body };
-  // State machine enforcement
-  if (fields.state !== undefined) {
-    const current = await queryOne<{ state: string }>(`SELECT state FROM tasks WHERE id = $1`, [req.params.id]);
-    if (!current) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
-    // Find the trigger for this state transition
-    const trigger = `${current.state}_to_${fields.state}`;
-    const tr = transitionTask(current.state as any, trigger);
-    if (!tr.ok) return res.status(422).json({ error: { code: "INVALID_TRANSITION", message: `Cannot transition from ${current.state} to ${fields.state}` } });
-  }
-  const sets = Object.keys(fields).map((k, i) => `${k} = $${i + 2}`).join(", ");
-  const values = Object.values(fields);
-  const sql = `UPDATE tasks SET ${sets}, updated_at = NOW() WHERE id = $1 RETURNING *`;
-  const rows = await query(sql, [req.params.id, ...values]);
-  if (rows.length === 0) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
-  res.json(rows[0]);
-});
-
-// DELETE
-tasksRouter.delete("/:id", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
-  try {
-    const count = await execute(`DELETE FROM tasks WHERE id = $1`, [req.params.id]);
-    if (count === 0) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
-    res.status(204).send();
-  } catch (e: any) {
-    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
-  }
-});
-
-// RELATION: steps (has_many BuildStep)
-tasksRouter.get("/:id/steps", requireAuth, async (req: Request, res: Response) => {
-  try {
-    const page = parseInt(req.query.page as string) || 1;
-    const pageSize = Math.min(parseInt(req.query.page_size as string) || 50, 100);
-    const offset = (page - 1) * pageSize;
-    const rows = await query(`SELECT * FROM build_steps WHERE task_id = $1 ORDER BY created_at DESC LIMIT $2 OFFSET $3`, [req.params.id, pageSize, offset]);
-    const [{ count }] = await query(`SELECT COUNT(*) as count FROM build_steps WHERE task_id = $1`, [req.params.id]);
-    res.json({ items: rows, total: parseInt(count), page, page_size: pageSize });
-  } catch (e: any) {
-    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
-  }
-});
+// Generated by BoneScript compiler. DO NOT EDIT.
+// Service: TaskService
+import { Router, Request, Response } from "express";
+import { v4 as uuid } from "uuid";
+import { query, queryOne, execute, pool } from "../db";
+import { eventBus } from "../events";
+import { requireAuth, AuthContext } from "../auth";
+import rateLimit from "express-rate-limit";
+import { auditLog } from "../audit";
+import { logger } from "../logger";
+import { counter } from "../metrics";
+import * as __algorithms from "../algorithms";
+const { shortestPath, topologicalSort, binarySearch, bipartiteMatching, roundRobin, weightedAverage, percentile, rankBy, consistentHash } = __algorithms as any;
+
+import { transitionTask, TASK_INITIAL } from "../state_machines/task";
+
+export const tasksRouter = Router();
+
+// Rate limiter from policy declaration
+const __routeRateLimit = rateLimit({ windowMs: 60000, max: 200, standardHeaders: true, legacyHeaders: false });
+
+// CREATE
+tasksRouter.post("/", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
+  try {
+    const id = uuid();
+    const { agent_id, session_id, description, priority, result, error } = req.body;
+    const state = TASK_INITIAL;
+    const sql = `INSERT INTO tasks (id, agent_id, session_id, description, priority, result, error, state) VALUES ($1, $2, $3, $4, $5, $6, $7, $8) RETURNING *`;
+    const rows = await query(sql, [id, agent_id, session_id, description, priority, result, error, state]);
+    counter("entity.created", { entity: "Task" });
+    res.status(201).json(rows[0]);
+  } catch (e: any) {
+    res.status(400).json({ error: { code: "CREATE_FAILED", message: e.message } });
+  }
+});
+
+// READ
+tasksRouter.get("/:id", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
+  try {
+    const row = await queryOne(`SELECT * FROM tasks WHERE id = $1`, [req.params.id]);
+    if (!row) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
+    res.json(row);
+  } catch (e: any) {
+    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
+  }
+});
+
+// LIST
+tasksRouter.get("/", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
+  try {
+    const page = parseInt(req.query.page as string) || 1;
+    const pageSize = Math.min(parseInt(req.query.page_size as string) || 50, 100);
+    const offset = (page - 1) * pageSize;
+    const rows = await query(`SELECT tasks.*, row_to_json(agent_instance.*) as agent FROM tasks LEFT JOIN agent_instances agent_instance ON tasks.agent_id = agent_instance.id ORDER BY tasks.created_at DESC LIMIT $1 OFFSET $2`, [pageSize, offset]);
+    const [{ count }] = await query(`SELECT COUNT(*) as count FROM tasks`);
+    res.json({ items: rows, total: parseInt(count), page, page_size: pageSize });
+  } catch (e: any) {
+    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
+  }
+});
+
+// UPDATE
+tasksRouter.put("/:id", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
+  const fields = { ...req.body };
+  // State machine enforcement
+  if (fields.state !== undefined) {
+    const current = await queryOne<{ state: string }>(`SELECT state FROM tasks WHERE id = $1`, [req.params.id]);
+    if (!current) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
+    // Find the trigger for this state transition
+    const trigger = `${current.state}_to_${fields.state}`;
+    const tr = transitionTask(current.state as any, trigger);
+    if (!tr.ok) return res.status(422).json({ error: { code: "INVALID_TRANSITION", message: `Cannot transition from ${current.state} to ${fields.state}` } });
+  }
+  const sets = Object.keys(fields).map((k, i) => `${k} = $${i + 2}`).join(", ");
+  const values = Object.values(fields);
+  const sql = `UPDATE tasks SET ${sets}, updated_at = NOW() WHERE id = $1 RETURNING *`;
+  const rows = await query(sql, [req.params.id, ...values]);
+  if (rows.length === 0) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
+  res.json(rows[0]);
+});
+
+// DELETE
+tasksRouter.delete("/:id", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
+  try {
+    const count = await execute(`DELETE FROM tasks WHERE id = $1`, [req.params.id]);
+    if (count === 0) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
+    res.status(204).send();
+  } catch (e: any) {
+    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
+  }
+});
+
+// RELATION: steps (has_many BuildStep)
+tasksRouter.get("/:id/steps", requireAuth, async (req: Request, res: Response) => {
+  try {
+    const page = parseInt(req.query.page as string) || 1;
+    const pageSize = Math.min(parseInt(req.query.page_size as string) || 50, 100);
+    const offset = (page - 1) * pageSize;
+    const rows = await query(`SELECT * FROM build_steps WHERE task_id = $1 ORDER BY created_at DESC LIMIT $2 OFFSET $3`, [req.params.id, pageSize, offset]);
+    const [{ count }] = await query(`SELECT COUNT(*) as count FROM build_steps WHERE task_id = $1`, [req.params.id]);
+    res.json({ items: rows, total: parseInt(count), page, page_size: pageSize });
+  } catch (e: any) {
+    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
+  }
+});

package/bone/output/agent/src/routes/tool_call.ts

@@ -1,166 +1,166 @@
-// Generated by BoneScript compiler. DO NOT EDIT.
-// Service: ToolCallService
-import { Router, Request, Response } from "express";
-import { v4 as uuid } from "uuid";
-import { query, queryOne, execute, pool } from "../db";
-import { eventBus } from "../events";
-import { requireAuth, AuthContext } from "../auth";
-import rateLimit from "express-rate-limit";
-import { auditLog } from "../audit";
-import { logger } from "../logger";
-import { counter } from "../metrics";
-import * as __algorithms from "../algorithms";
-const { shortestPath, topologicalSort, binarySearch, bipartiteMatching, roundRobin, weightedAverage, percentile, rankBy, consistentHash } = __algorithms as any;
-
-import { transitionToolCall, TOOLCALL_INITIAL } from "../state_machines/tool_call";
-
-export const toolCallsRouter = Router();
-
-// Rate limiter from policy declaration
-const __routeRateLimit = rateLimit({ windowMs: 60000, max: 200, standardHeaders: true, legacyHeaders: false });
-
-// CREATE
-toolCallsRouter.post("/", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
-  try {
-    const id = uuid();
-    const { session_id, agent_id, build_step_id, tool_name, tool_input, tool_output, error, duration_ms, permission_decision } = req.body;
-    const state = TOOLCALL_INITIAL;
-    const sql = `INSERT INTO tool_calls (id, session_id, agent_id, build_step_id, tool_name, tool_input, tool_output, error, duration_ms, permission_decision, state) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11) RETURNING *`;
-    const rows = await query(sql, [id, session_id, agent_id, build_step_id, tool_name, tool_input, tool_output, error, duration_ms, permission_decision, state]);
-    counter("entity.created", { entity: "ToolCall" });
-    res.status(201).json(rows[0]);
-  } catch (e: any) {
-    res.status(400).json({ error: { code: "CREATE_FAILED", message: e.message } });
-  }
-});
-
-// READ
-toolCallsRouter.get("/:id", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
-  try {
-    const row = await queryOne(`SELECT * FROM tool_calls WHERE id = $1`, [req.params.id]);
-    if (!row) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
-    res.json(row);
-  } catch (e: any) {
-    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
-  }
-});
-
-// LIST
-toolCallsRouter.get("/", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
-  try {
-    const page = parseInt(req.query.page as string) || 1;
-    const pageSize = Math.min(parseInt(req.query.page_size as string) || 50, 100);
-    const offset = (page - 1) * pageSize;
-    const rows = await query(`SELECT tool_calls.*, row_to_json(build_step.*) as build_step FROM tool_calls LEFT JOIN build_steps build_step ON tool_calls.build_step_id = build_step.id ORDER BY tool_calls.created_at DESC LIMIT $1 OFFSET $2`, [pageSize, offset]);
-    const [{ count }] = await query(`SELECT COUNT(*) as count FROM tool_calls`);
-    res.json({ items: rows, total: parseInt(count), page, page_size: pageSize });
-  } catch (e: any) {
-    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
-  }
-});
-
-// UPDATE
-toolCallsRouter.put("/:id", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
-  const fields = { ...req.body };
-  // State machine enforcement
-  if (fields.state !== undefined) {
-    const current = await queryOne<{ state: string }>(`SELECT state FROM tool_calls WHERE id = $1`, [req.params.id]);
-    if (!current) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
-    // Find the trigger for this state transition
-    const trigger = `${current.state}_to_${fields.state}`;
-    const tr = transitionToolCall(current.state as any, trigger);
-    if (!tr.ok) return res.status(422).json({ error: { code: "INVALID_TRANSITION", message: `Cannot transition from ${current.state} to ${fields.state}` } });
-  }
-  const sets = Object.keys(fields).map((k, i) => `${k} = $${i + 2}`).join(", ");
-  const values = Object.values(fields);
-  const sql = `UPDATE tool_calls SET ${sets}, updated_at = NOW() WHERE id = $1 RETURNING *`;
-  const rows = await query(sql, [req.params.id, ...values]);
-  if (rows.length === 0) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
-  res.json(rows[0]);
-});
-
-// DELETE
-toolCallsRouter.delete("/:id", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
-  try {
-    const count = await execute(`DELETE FROM tool_calls WHERE id = $1`, [req.params.id]);
-    if (count === 0) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
-    res.status(204).send();
-  } catch (e: any) {
-    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
-  }
-});
-
-// CAPABILITY: complete_tool_call [transactional]
-toolCallsRouter.post("/complete-tool-call", __routeRateLimit, requireAuth, auditLog("complete_tool_call", "ToolCall"), async (req: Request, res: Response) => {
-  const auth: AuthContext = (req as any).auth;
-  const __client = await pool.connect();
-  try {
-    await __client.query("BEGIN");
-    const { output } = req.body;
-
-    // Fetch entities
-    const tool_call = await queryOne(`SELECT * FROM tool_calls WHERE id = $1`, [req.body.tool_call_id || req.params.id]);
-    if (!tool_call) {
-      return res.status(404).json({ error: { code: "NOT_FOUND", message: "tool_call not found" } });
-    }
-
-    // Preconditions
-    if (!(tool_call?.state === "running")) {
-      return res.status(422).json({ error: { code: "PRECONDITION_FAILED", message: "tool_call.state == \\\"running\\\"" } });
-    }
-
-    // Effects (applied in declaration order)
-    const __effect_0 = await query(`UPDATE tool_calls SET state = $1, updated_at = NOW() WHERE id = $2 RETURNING *`, ["done", req.body.tool_call_id || req.params.id]);
-    if (!__effect_0 || __effect_0.length === 0) {
-      throw new Error("Effect failed: tool_call.state = \"done\"");
-    }
-    const __effect_1 = await query(`UPDATE tool_calls SET tool_output = $1, updated_at = NOW() WHERE id = $2 RETURNING *`, [output, req.body.tool_call_id || req.params.id]);
-    if (!__effect_1 || __effect_1.length === 0) {
-      throw new Error("Effect failed: tool_call.tool_output = output");
-    }
-
-    // Emit events
-    await eventBus.publish("ToolCallCompleted", { tool_call_id: tool_call?.id, timestamp: new Date().toISOString(), actor_id: auth.actor_id }, "ToolCallService", auth.trace_id, __client);
-
-    res.json({ ok: true, action: "complete_tool_call", entity: tool_call });
-    await __client.query("COMMIT");
-  } catch (e: any) {
-    await __client.query("ROLLBACK");
-    res.status(400).json({ error: { code: "CAPABILITY_FAILED", message: e.message } });
-  } finally {
-    __client.release();
-  }
-});
-
-// CAPABILITY: deny_tool_call [transactional]
-toolCallsRouter.post("/deny-tool-call", __routeRateLimit, requireAuth, auditLog("deny_tool_call", "ToolCall"), async (req: Request, res: Response) => {
-  const auth: AuthContext = (req as any).auth;
-  const __client = await pool.connect();
-  try {
-    await __client.query("BEGIN");
-    // Fetch entities
-    const tool_call = await queryOne(`SELECT * FROM tool_calls WHERE id = $1`, [req.body.tool_call_id || req.params.id]);
-    if (!tool_call) {
-      return res.status(404).json({ error: { code: "NOT_FOUND", message: "tool_call not found" } });
-    }
-
-    // Preconditions
-    if (!(tool_call?.state === "pending")) {
-      return res.status(422).json({ error: { code: "PRECONDITION_FAILED", message: "tool_call.state == \\\"pending\\\"" } });
-    }
-
-    // Effects (applied in declaration order)
-    const __effect_0 = await query(`UPDATE tool_calls SET state = $1, updated_at = NOW() WHERE id = $2 RETURNING *`, ["denied", req.body.tool_call_id || req.params.id]);
-    if (!__effect_0 || __effect_0.length === 0) {
-      throw new Error("Effect failed: tool_call.state = \"denied\"");
-    }
-
-    res.json({ ok: true, action: "deny_tool_call", entity: tool_call });
-    await __client.query("COMMIT");
-  } catch (e: any) {
-    await __client.query("ROLLBACK");
-    res.status(400).json({ error: { code: "CAPABILITY_FAILED", message: e.message } });
-  } finally {
-    __client.release();
-  }
-});
+// Generated by BoneScript compiler. DO NOT EDIT.
+// Service: ToolCallService
+import { Router, Request, Response } from "express";
+import { v4 as uuid } from "uuid";
+import { query, queryOne, execute, pool } from "../db";
+import { eventBus } from "../events";
+import { requireAuth, AuthContext } from "../auth";
+import rateLimit from "express-rate-limit";
+import { auditLog } from "../audit";
+import { logger } from "../logger";
+import { counter } from "../metrics";
+import * as __algorithms from "../algorithms";
+const { shortestPath, topologicalSort, binarySearch, bipartiteMatching, roundRobin, weightedAverage, percentile, rankBy, consistentHash } = __algorithms as any;
+
+import { transitionToolCall, TOOLCALL_INITIAL } from "../state_machines/tool_call";
+
+export const toolCallsRouter = Router();
+
+// Rate limiter from policy declaration
+const __routeRateLimit = rateLimit({ windowMs: 60000, max: 200, standardHeaders: true, legacyHeaders: false });
+
+// CREATE
+toolCallsRouter.post("/", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
+  try {
+    const id = uuid();
+    const { session_id, agent_id, build_step_id, tool_name, tool_input, tool_output, error, duration_ms, permission_decision } = req.body;
+    const state = TOOLCALL_INITIAL;
+    const sql = `INSERT INTO tool_calls (id, session_id, agent_id, build_step_id, tool_name, tool_input, tool_output, error, duration_ms, permission_decision, state) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11) RETURNING *`;
+    const rows = await query(sql, [id, session_id, agent_id, build_step_id, tool_name, tool_input, tool_output, error, duration_ms, permission_decision, state]);
+    counter("entity.created", { entity: "ToolCall" });
+    res.status(201).json(rows[0]);
+  } catch (e: any) {
+    res.status(400).json({ error: { code: "CREATE_FAILED", message: e.message } });
+  }
+});
+
+// READ
+toolCallsRouter.get("/:id", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
+  try {
+    const row = await queryOne(`SELECT * FROM tool_calls WHERE id = $1`, [req.params.id]);
+    if (!row) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
+    res.json(row);
+  } catch (e: any) {
+    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
+  }
+});
+
+// LIST
+toolCallsRouter.get("/", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
+  try {
+    const page = parseInt(req.query.page as string) || 1;
+    const pageSize = Math.min(parseInt(req.query.page_size as string) || 50, 100);
+    const offset = (page - 1) * pageSize;
+    const rows = await query(`SELECT tool_calls.*, row_to_json(build_step.*) as build_step FROM tool_calls LEFT JOIN build_steps build_step ON tool_calls.build_step_id = build_step.id ORDER BY tool_calls.created_at DESC LIMIT $1 OFFSET $2`, [pageSize, offset]);
+    const [{ count }] = await query(`SELECT COUNT(*) as count FROM tool_calls`);
+    res.json({ items: rows, total: parseInt(count), page, page_size: pageSize });
+  } catch (e: any) {
+    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
+  }
+});
+
+// UPDATE
+toolCallsRouter.put("/:id", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
+  const fields = { ...req.body };
+  // State machine enforcement
+  if (fields.state !== undefined) {
+    const current = await queryOne<{ state: string }>(`SELECT state FROM tool_calls WHERE id = $1`, [req.params.id]);
+    if (!current) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
+    // Find the trigger for this state transition
+    const trigger = `${current.state}_to_${fields.state}`;
+    const tr = transitionToolCall(current.state as any, trigger);
+    if (!tr.ok) return res.status(422).json({ error: { code: "INVALID_TRANSITION", message: `Cannot transition from ${current.state} to ${fields.state}` } });
+  }
+  const sets = Object.keys(fields).map((k, i) => `${k} = $${i + 2}`).join(", ");
+  const values = Object.values(fields);
+  const sql = `UPDATE tool_calls SET ${sets}, updated_at = NOW() WHERE id = $1 RETURNING *`;
+  const rows = await query(sql, [req.params.id, ...values]);
+  if (rows.length === 0) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
+  res.json(rows[0]);
+});
+
+// DELETE
+toolCallsRouter.delete("/:id", __routeRateLimit, requireAuth, async (req: Request, res: Response) => {
+  try {
+    const count = await execute(`DELETE FROM tool_calls WHERE id = $1`, [req.params.id]);
+    if (count === 0) return res.status(404).json({ error: { code: "NOT_FOUND", message: "Not found" } });
+    res.status(204).send();
+  } catch (e: any) {
+    res.status(500).json({ error: { code: "DB_ERROR", message: e.message } });
+  }
+});
+
+// CAPABILITY: complete_tool_call [transactional]
+toolCallsRouter.post("/complete-tool-call", __routeRateLimit, requireAuth, auditLog("complete_tool_call", "ToolCall"), async (req: Request, res: Response) => {
+  const auth: AuthContext = (req as any).auth;
+  const __client = await pool.connect();
+  try {
+    await __client.query("BEGIN");
+    const { output } = req.body;
+
+    // Fetch entities
+    const tool_call = await queryOne(`SELECT * FROM tool_calls WHERE id = $1`, [req.body.tool_call_id || req.params.id]);
+    if (!tool_call) {
+      return res.status(404).json({ error: { code: "NOT_FOUND", message: "tool_call not found" } });
+    }
+
+    // Preconditions
+    if (!(tool_call?.state === "running")) {
+      return res.status(422).json({ error: { code: "PRECONDITION_FAILED", message: "tool_call.state == \\\"running\\\"" } });
+    }
+
+    // Effects (applied in declaration order)
+    const __effect_0 = await query(`UPDATE tool_calls SET state = $1, updated_at = NOW() WHERE id = $2 RETURNING *`, ["done", req.body.tool_call_id || req.params.id]);
+    if (!__effect_0 || __effect_0.length === 0) {
+      throw new Error("Effect failed: tool_call.state = \"done\"");
+    }
+    const __effect_1 = await query(`UPDATE tool_calls SET tool_output = $1, updated_at = NOW() WHERE id = $2 RETURNING *`, [output, req.body.tool_call_id || req.params.id]);
+    if (!__effect_1 || __effect_1.length === 0) {
+      throw new Error("Effect failed: tool_call.tool_output = output");
+    }
+
+    // Emit events
+    await eventBus.publish("ToolCallCompleted", { tool_call_id: tool_call?.id, timestamp: new Date().toISOString(), actor_id: auth.actor_id }, "ToolCallService", auth.trace_id, __client);
+
+    res.json({ ok: true, action: "complete_tool_call", entity: tool_call });
+    await __client.query("COMMIT");
+  } catch (e: any) {
+    await __client.query("ROLLBACK");
+    res.status(400).json({ error: { code: "CAPABILITY_FAILED", message: e.message } });
+  } finally {
+    __client.release();
+  }
+});
+
+// CAPABILITY: deny_tool_call [transactional]
+toolCallsRouter.post("/deny-tool-call", __routeRateLimit, requireAuth, auditLog("deny_tool_call", "ToolCall"), async (req: Request, res: Response) => {
+  const auth: AuthContext = (req as any).auth;
+  const __client = await pool.connect();
+  try {
+    await __client.query("BEGIN");
+    // Fetch entities
+    const tool_call = await queryOne(`SELECT * FROM tool_calls WHERE id = $1`, [req.body.tool_call_id || req.params.id]);
+    if (!tool_call) {
+      return res.status(404).json({ error: { code: "NOT_FOUND", message: "tool_call not found" } });
+    }
+
+    // Preconditions
+    if (!(tool_call?.state === "pending")) {
+      return res.status(422).json({ error: { code: "PRECONDITION_FAILED", message: "tool_call.state == \\\"pending\\\"" } });
+    }
+
+    // Effects (applied in declaration order)
+    const __effect_0 = await query(`UPDATE tool_calls SET state = $1, updated_at = NOW() WHERE id = $2 RETURNING *`, ["denied", req.body.tool_call_id || req.params.id]);
+    if (!__effect_0 || __effect_0.length === 0) {
+      throw new Error("Effect failed: tool_call.state = \"denied\"");
+    }
+
+    res.json({ ok: true, action: "deny_tool_call", entity: tool_call });
+    await __client.query("COMMIT");
+  } catch (e: any) {
+    await __client.query("ROLLBACK");
+    res.status(400).json({ error: { code: "CAPABILITY_FAILED", message: e.message } });
+  } finally {
+    __client.release();
+  }
+});