devops-whc 1.0.1

package/dist/handlers/whc-deploy.js

@@ -0,0 +1,381 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveDeploySafetyLevel = resolveDeploySafetyLevel;
+exports.executeWhcDeploy = executeWhcDeploy;
+const node_crypto_1 = require("node:crypto");
+const whc_uapi_client_1 = require("../clients/whc-uapi-client");
+const deployment_locks_1 = require("../services/deployment-locks");
+const ssh_client_1 = require("../clients/ssh-client");
+const deploy_runtime_ops_1 = require("../services/deploy-runtime-ops");
+/**
+ * Resolves the effective safety level for this deploy operation.
+ * staging_to_live + database or everything → Level D.
+ * All other writes remain at Level C.
+ */
+function resolveDeploySafetyLevel(direction, syncScope) {
+    if (direction === "staging_to_live" && (syncScope === "database" || syncScope === "everything")) {
+        return "D";
+    }
+    return "C";
+}
+async function executeWhcDeploy(config, request, deps = {}) {
+    const startedAt = Date.now();
+    const actionIdFactory = deps.actionIdFactory ?? node_crypto_1.randomUUID;
+    const uapiClient = deps.uapiClient ?? new whc_uapi_client_1.WhcUapiClient(config);
+    const sshClient = deps.sshClient ?? new ssh_client_1.WhcSshClient(config);
+    const lockService = deps.lockService ?? new deployment_locks_1.InMemoryDeploymentLockService();
+    const verifyRunner = deps.verifyRunner ?? ((cfg, req) => (0, deploy_runtime_ops_1.runDeployVerification)(cfg, req, sshClient));
+    const rollbackRunner = deps.rollbackRunner ?? ((cfg, req) => (0, deploy_runtime_ops_1.runDeployRollback)(cfg, req, uapiClient));
+    const { workflow_mode, target_environment, release_intent, pipeline_id, source_profile, direction, sync_scope, repository_root, branch, rollback_branch, backup_reference, allow_emergency_without_backup, verify_after_deploy, auto_rollback_on_verify_failure, lock_key, } = request.payload;
+    const effectiveSafetyLevel = resolveDeploySafetyLevel(direction, sync_scope);
+    const needsBackupGate = direction === "staging_to_live" && (sync_scope === "database" || sync_scope === "everything");
+    const shouldVerify = verify_after_deploy ?? false;
+    const deployLockKey = lock_key ?? buildDefaultLockKey(target_environment, workflow_mode, repository_root);
+    const lockOwner = request.request_id;
+    const warnings = [];
+    if ((config.safety.enforceStagingFirst ?? true) && target_environment === "live") {
+        const isManagedPromoteFlow = workflow_mode === "managed_clone_sync" &&
+            direction === "staging_to_live" &&
+            release_intent === "promote";
+        if (!isManagedPromoteFlow) {
+            return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "BUSINESS_POLICY_BLOCKED", [
+                "Staging-first policy: direct live deploy is blocked.",
+                "Only promote flow from staging to live is allowed.",
+                "Required payload shape for live target:",
+                JSON.stringify({
+                    workflow_mode: "managed_clone_sync",
+                    target_environment: "live",
+                    release_intent: "promote",
+                    direction: "staging_to_live",
+                }, null, 2),
+            ].join("\n"));
+        }
+    }
+    if (target_environment === "staging" &&
+        config.workflowMode === "managed_clone_sync" &&
+        workflow_mode === "git_controlled" &&
+        !config.safety.allowStagingGitControlled) {
+        return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "BUSINESS_POLICY_BLOCKED", [
+            "Server mode lock: staging is configured as managed_clone_sync only (WHC_WORKFLOW_MODE=managed_clone_sync).",
+            "Request used workflow_mode='git_controlled' and was blocked to prevent cross-account deadlock loops.",
+            "Use this payload instead:",
+            JSON.stringify(buildStagingAlternativePayload(request), null, 2),
+        ].join("\n"));
+    }
+    if (config.safety.warnDynamicDataSync && sync_scope === "database") {
+        warnings.push("DATABASE sync detected — existing data on target will be overwritten. Ensure a backup exists before proceeding.");
+    }
+    if (config.safety.warnDynamicDataSync && sync_scope === "everything") {
+        warnings.push("FULL sync (files + database) detected — all data on target will be replaced. This is irreversible without a backup.");
+    }
+    if (workflow_mode === "managed_clone_sync" && release_intent === "deploy" && direction === "live_to_staging") {
+        return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "BUSINESS_POLICY_BLOCKED", "Invalid deploy mindset: managed live_to_staging is an environment refresh, not a release deploy. Use release_intent='refresh' for live_to_staging, or deploy a release candidate to staging via git_controlled workflow.");
+    }
+    if (workflow_mode === "git_controlled" && repository_root) {
+        if (target_environment === "staging" && config.paths.staging && repository_root !== config.paths.staging) {
+            return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "BUSINESS_POLICY_BLOCKED", [
+                `Invalid staging target for git_controlled deploy: repository_root='${repository_root}' does not match WHC_STAGING_PATH='${config.paths.staging}'.`,
+                "This prevents accidental deploys to a live path while target_environment is staging.",
+                "Use the configured staging path, or switch to managed_clone_sync refresh for cross-account WHC staging.",
+                "Copy-ready payload using configured staging path:",
+                JSON.stringify(buildSuggestedStagingGitControlledPayload(request, config.paths.staging), null, 2),
+            ].join("\n"));
+        }
+        const pathOwner = extractHomeOwner(repository_root);
+        if (pathOwner && pathOwner !== config.user) {
+            const lines = [
+                `Path owner mismatch: repository_root belongs to '${pathOwner}' but WHC_USER is '${config.user}'.`,
+            ];
+            if (target_environment === "staging") {
+                lines.push("git_controlled via UAPI cannot deploy to a separate-account staging environment.", "WHC managed staging uses a different cPanel account and is not reachable via these credentials.", "Use managed_clone_sync + release_intent='refresh' + direction='live_to_staging' to sync the environment,", "then deploy your release candidate over SSH using whc_ssh_exec, or configure separate staging credentials.", "Suggested alternative payload (managed_clone_sync refresh):", JSON.stringify(buildStagingAlternativePayload(request), null, 2));
+            }
+            else {
+                const suggestedPayload = buildSuggestedDeployPayload(request, config.user);
+                lines.push(`Use /home/${config.user}/... for git_controlled deploy or switch credentials.`, "Copy-ready payload using current WHC_USER:", JSON.stringify(suggestedPayload, null, 2));
+            }
+            return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "BUSINESS_POLICY_BLOCKED", lines.join("\n"));
+        }
+    }
+    if (direction === "live_to_staging" && sync_scope !== "files") {
+        warnings.push("Refreshing staging from live with database/everything scope — any staging-only changes will be lost.");
+    }
+    if (needsBackupGate && !backup_reference && !allow_emergency_without_backup) {
+        return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "BUSINESS_POLICY_BLOCKED", "Backup reference is required for staging_to_live database/everything sync. Provide payload.backup_reference or set allow_emergency_without_backup=true.");
+    }
+    if (needsBackupGate && !backup_reference && allow_emergency_without_backup) {
+        warnings.push("Emergency override enabled without backup_reference. Data loss recovery is not guaranteed.");
+    }
+    // Dry run: return preview without making changes
+    if (request.dry_run) {
+        const phaseCoverage = buildPhaseCoverage({
+            workflowMode: workflow_mode,
+            syncScope: sync_scope,
+            verifyStatus: "skipped",
+            dryRun: true,
+        });
+        return {
+            ok: true,
+            action_id: actionIdFactory(),
+            tool: "whc_deploy",
+            data: {
+                outcome: "dry_run_preview",
+                workflow_mode,
+                target_environment,
+                direction,
+                sync_scope,
+                repository_root,
+                branch,
+                rollback_branch,
+                lock_key: deployLockKey,
+                backup_reference,
+                pipeline_status: derivePipelineStatus(phaseCoverage),
+                phase_coverage: phaseCoverage,
+                warnings,
+            },
+            error: null,
+            meta: {
+                latency_ms: Date.now() - startedAt,
+                safety_level: effectiveSafetyLevel,
+                workflow_mode,
+                pipeline_id,
+                release_intent,
+                source_profile,
+                delivery_mechanism: workflow_mode === "git_controlled" ? "git_deploy" : "managed_sync",
+            },
+        };
+    }
+    const lockAcquired = lockService.acquire(deployLockKey, lockOwner);
+    if (!lockAcquired.ok) {
+        return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "BUSINESS_POLICY_BLOCKED", `Concurrent deployment blocked: ${lockAcquired.reason}`);
+    }
+    try {
+        // managed_clone_sync mode: use WHC staging sync
+        if (workflow_mode === "managed_clone_sync") {
+            if (!direction) {
+                return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "VALIDATION_ERROR", "managed_clone_sync mode requires 'direction' field.");
+            }
+            // WHC managed sync is represented with guarded intent + recovery contract.
+            const outcome = direction === "live_to_staging" ? "synced_live_to_staging" : "synced_staging_to_live";
+            let verifyStatus = "skipped";
+            let rollbackStatus = "not_needed";
+            if (shouldVerify) {
+                const verifyResult = await verifyRunner(config, request);
+                if (!verifyResult.ok) {
+                    verifyStatus = "failed";
+                    if (auto_rollback_on_verify_failure) {
+                        rollbackStatus = "attempted";
+                        const rollbackResult = await rollbackRunner(config, request);
+                        rollbackStatus = rollbackResult.ok ? "succeeded" : "failed";
+                    }
+                    return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "TEMPORARY_UPSTREAM_ERROR", `Post-deploy verification failed: ${verifyResult.message}`);
+                }
+                verifyStatus = "passed";
+            }
+            const phaseCoverage = buildPhaseCoverage({
+                workflowMode: workflow_mode,
+                syncScope: sync_scope,
+                verifyStatus,
+                dryRun: false,
+            });
+            return {
+                ok: true,
+                action_id: actionIdFactory(),
+                tool: "whc_deploy",
+                data: {
+                    outcome,
+                    workflow_mode,
+                    target_environment,
+                    direction,
+                    sync_scope,
+                    verify_status: verifyStatus,
+                    rollback_status: rollbackStatus,
+                    lock_key: deployLockKey,
+                    backup_reference,
+                    pipeline_status: derivePipelineStatus(phaseCoverage),
+                    phase_coverage: phaseCoverage,
+                    warnings,
+                },
+                error: null,
+                meta: {
+                    latency_ms: Date.now() - startedAt,
+                    safety_level: effectiveSafetyLevel,
+                    workflow_mode,
+                    pipeline_id,
+                    release_intent,
+                    source_profile,
+                    delivery_mechanism: "managed_sync",
+                },
+            };
+        }
+        // git_controlled mode: trigger UAPI VersionControl::deployment
+        if (!repository_root) {
+            return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "VALIDATION_ERROR", "git_controlled mode requires 'repository_root' field.");
+        }
+        let deployResult;
+        try {
+            deployResult = await uapiClient.triggerDeployment(repository_root, branch);
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : "UAPI deployment trigger failed";
+            return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "AUTH_ERROR", message);
+        }
+        if (!deployResult.ok) {
+            return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "TEMPORARY_UPSTREAM_ERROR", deployResult.message);
+        }
+        let verifyStatus = "skipped";
+        let rollbackStatus = "not_needed";
+        if (shouldVerify) {
+            const verifyResult = await verifyRunner(config, request);
+            if (!verifyResult.ok) {
+                verifyStatus = "failed";
+                if (auto_rollback_on_verify_failure) {
+                    rollbackStatus = "attempted";
+                    const rollbackResult = await rollbackRunner(config, request);
+                    rollbackStatus = rollbackResult.ok ? "succeeded" : "failed";
+                }
+                return buildErrorResponse(actionIdFactory(), startedAt, effectiveSafetyLevel, "TEMPORARY_UPSTREAM_ERROR", `Post-deploy verification failed: ${verifyResult.message}`);
+            }
+            verifyStatus = "passed";
+        }
+        const phaseCoverage = buildPhaseCoverage({
+            workflowMode: workflow_mode,
+            syncScope: sync_scope,
+            verifyStatus,
+            dryRun: false,
+        });
+        return {
+            ok: true,
+            action_id: actionIdFactory(),
+            tool: "whc_deploy",
+            data: {
+                outcome: "deployed",
+                workflow_mode,
+                target_environment,
+                repository_root,
+                branch,
+                rollback_branch,
+                deployment_id: deployResult.deployment_id,
+                verify_status: verifyStatus,
+                rollback_status: rollbackStatus,
+                lock_key: deployLockKey,
+                backup_reference,
+                pipeline_status: derivePipelineStatus(phaseCoverage),
+                phase_coverage: phaseCoverage,
+                warnings,
+            },
+            error: null,
+            meta: {
+                latency_ms: Date.now() - startedAt,
+                safety_level: effectiveSafetyLevel,
+                workflow_mode,
+                pipeline_id,
+                release_intent,
+                source_profile,
+                delivery_mechanism: "git_deploy",
+            },
+        };
+    }
+    finally {
+        lockService.release(deployLockKey, lockOwner);
+    }
+}
+function buildErrorResponse(actionId, startedAt, safetyLevel, code, message) {
+    return {
+        ok: false,
+        action_id: actionId,
+        tool: "whc_deploy",
+        data: null,
+        error: { code, message, retryable: code === "TEMPORARY_UPSTREAM_ERROR" },
+        meta: { latency_ms: Date.now() - startedAt, safety_level: safetyLevel },
+    };
+}
+function buildDefaultLockKey(targetEnvironment, workflowMode, repositoryRoot) {
+    return `whc_deploy:${targetEnvironment}:${workflowMode}:${repositoryRoot ?? "-"}`;
+}
+function extractHomeOwner(pathValue) {
+    const match = pathValue.match(/^\/home\/([^\/]+)\//);
+    return match?.[1];
+}
+function buildSuggestedDeployPayload(request, currentUser) {
+    return {
+        request_id: request.request_id,
+        actor: request.actor,
+        dry_run: request.dry_run,
+        confirmed: request.confirmed,
+        idempotency_key: request.idempotency_key,
+        payload: {
+            ...request.payload,
+            target_environment: "live",
+            repository_root: `/home/${currentUser}/public_html`,
+        },
+    };
+}
+function buildStagingAlternativePayload(request) {
+    return {
+        workflow_mode: "managed_clone_sync",
+        target_environment: "staging",
+        release_intent: "refresh",
+        pipeline_id: request.payload.pipeline_id,
+        source_profile: request.payload.source_profile,
+        direction: "live_to_staging",
+        sync_scope: "files",
+        verify_after_deploy: request.payload.verify_after_deploy,
+        auto_rollback_on_verify_failure: request.payload.auto_rollback_on_verify_failure,
+    };
+}
+function buildSuggestedStagingGitControlledPayload(request, stagingPath) {
+    return {
+        request_id: request.request_id,
+        actor: request.actor,
+        dry_run: request.dry_run,
+        confirmed: request.confirmed,
+        idempotency_key: request.idempotency_key,
+        payload: {
+            ...request.payload,
+            target_environment: "staging",
+            repository_root: stagingPath,
+        },
+    };
+}
+function buildPhaseCoverage(input) {
+    const notes = [];
+    let codeState = "excluded";
+    let runtimeState = "excluded";
+    let dataState = "excluded";
+    const deploymentState = input.dryRun ? "excluded" : "included";
+    if (input.workflowMode === "git_controlled") {
+        codeState = input.dryRun ? "excluded" : "included";
+        runtimeState = input.verifyStatus === "passed" ? "included" : "excluded";
+        dataState = "excluded";
+        notes.push("git_controlled deploy covers code transport/deployment state; data/content bootstrap is out of scope.");
+    }
+    if (input.workflowMode === "managed_clone_sync") {
+        if (input.syncScope === "files" || input.syncScope === "everything") {
+            codeState = input.dryRun ? "excluded" : "included";
+        }
+        if (input.syncScope === "database" || input.syncScope === "everything") {
+            dataState = input.dryRun ? "excluded" : "included";
+        }
+        runtimeState = "excluded";
+        notes.push("managed_clone_sync does not bootstrap app runtime configuration (plugin/theme activation, rewrite, Woo setup).", "Managed verification is transport-level unless additional runtime checks are run externally.");
+    }
+    if (input.dryRun) {
+        notes.push("dry_run preview only; no target state has been changed.");
+    }
+    return {
+        code_state: codeState,
+        runtime_state: runtimeState,
+        data_state: dataState,
+        deployment_state: deploymentState,
+        notes,
+    };
+}
+function derivePipelineStatus(phaseCoverage) {
+    if (phaseCoverage.code_state === "included" &&
+        phaseCoverage.runtime_state === "included" &&
+        phaseCoverage.data_state === "included" &&
+        phaseCoverage.deployment_state === "included") {
+        return "full_pass";
+    }
+    return "pass_partial";
+}

package/dist/handlers/whc-get-logs.js

@@ -0,0 +1,108 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.executeWhcGetLogs = executeWhcGetLogs;
+const node_crypto_1 = require("node:crypto");
+const ssh_client_1 = require("../clients/ssh-client");
+const LOG_PATHS = {
+    apache_error: {
+        live: "/usr/local/apache/logs/error_log",
+        staging: "/usr/local/apache/logs/error_log",
+    },
+    apache_access: {
+        live: "/usr/local/apache/logs/access_log",
+        staging: "/usr/local/apache/logs/access_log",
+    },
+    php_error: {
+        live: "~/public_html/error_log",
+        staging: "~/public_html/error_log",
+    },
+    cron: {
+        live: "~/var/log/cron_log",
+        staging: "~/var/log/cron_log",
+    },
+};
+function resolveLogPath(logType, targetEnvironment) {
+    return LOG_PATHS[logType]?.[targetEnvironment] ?? `~/logs/${logType}.log`;
+}
+async function executeWhcGetLogs(config, request, deps = {}) {
+    const startedAt = Date.now();
+    const actionIdFactory = deps.actionIdFactory ?? node_crypto_1.randomUUID;
+    const sshClient = deps.sshClient ?? new ssh_client_1.WhcSshClient(config);
+    const { target_environment, log_type, lines } = request.payload;
+    const logPath = resolveLogPath(log_type, target_environment);
+    const command = `tail -n ${lines} ${logPath} 2>/dev/null || echo '__LOG_NOT_FOUND__'`;
+    let execResult;
+    try {
+        if (target_environment === "staging" && config.sshTargets.staging?.privateKeyPath) {
+            const stagingTarget = config.sshTargets.staging;
+            execResult = await sshClient.execWithKey({
+                host: stagingTarget.host,
+                port: stagingTarget.port,
+                username: stagingTarget.username,
+                privateKeyPath: stagingTarget.privateKeyPath,
+            }, command);
+        }
+        else if (target_environment === "staging" && !config.sshTargets.staging) {
+            return {
+                ok: false,
+                action_id: actionIdFactory(),
+                tool: "whc_get_logs",
+                data: null,
+                error: {
+                    code: "BUSINESS_POLICY_BLOCKED",
+                    message: "Staging SSH target is not configured. Set WHC_STAGING_SSH_* env vars.",
+                    retryable: false,
+                },
+                meta: { latency_ms: Date.now() - startedAt, safety_level: "A" },
+            };
+        }
+        else {
+            execResult = await sshClient.execWithKey(config.sshTargets.prod, command);
+        }
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : "SSH exec failed";
+        return {
+            ok: false,
+            action_id: actionIdFactory(),
+            tool: "whc_get_logs",
+            data: null,
+            error: { code: "AUTH_ERROR", message, retryable: false },
+            meta: { latency_ms: Date.now() - startedAt, safety_level: "A" },
+        };
+    }
+    if (execResult.stdout.includes("__LOG_NOT_FOUND__")) {
+        return {
+            ok: true,
+            action_id: actionIdFactory(),
+            tool: "whc_get_logs",
+            data: {
+                target_environment,
+                log_type,
+                lines_returned: 0,
+                entries: [],
+                log_path: logPath,
+            },
+            error: null,
+            meta: { latency_ms: Date.now() - startedAt, safety_level: "A", delivery_mechanism: "ssh_exec" },
+        };
+    }
+    const entries = execResult.stdout
+        .split("\n")
+        .map((line) => line.trimEnd())
+        .filter((line) => line.length > 0);
+    return {
+        ok: true,
+        action_id: actionIdFactory(),
+        tool: "whc_get_logs",
+        data: {
+            target_environment,
+            log_type,
+            lines_returned: entries.length,
+            entries,
+            log_path: logPath,
+        },
+        error: null,
+        meta: { latency_ms: Date.now() - startedAt, safety_level: "A", delivery_mechanism: "ssh_exec" },
+    };
+}

package/dist/handlers/whc-pipeline-status.js

@@ -0,0 +1,96 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.executeWhcPipelineStatus = executeWhcPipelineStatus;
+const node_crypto_1 = require("node:crypto");
+const workspace_state_1 = require("../state/workspace-state");
+async function executeWhcPipelineStatus(config, request) {
+    const startedAt = Date.now();
+    const rootDir = request.payload.workspace_root ?? process.cwd();
+    const status = (0, workspace_state_1.readPipelineStatus)(rootDir);
+    if (!status) {
+        return {
+            ok: true,
+            action_id: (0, node_crypto_1.randomUUID)(),
+            tool: "whc_pipeline_status",
+            data: {
+                started: false,
+                completed: false,
+                status: "idle",
+                tool: "",
+                request_id: "",
+                next_step: "Run whc_prepare then a write tool to initialize pipeline state.",
+                artifacts: {
+                    state_file: (0, workspace_state_1.getPipelineStatusFile)(rootDir),
+                    flow_log_file: config.flowLogPath ?? ".mcp/whc-mcp/logs/flow-events.jsonl",
+                },
+            },
+            error: null,
+            meta: {
+                latency_ms: Date.now() - startedAt,
+                safety_level: "A",
+                delivery_mechanism: "read_probe",
+            },
+        };
+    }
+    const statusRequestId = readString(status.request_id);
+    const requestedId = request.payload.request_id;
+    const effectiveId = requestedId && requestedId.length > 0 ? requestedId : statusRequestId;
+    const manifestFile = effectiveId ? (0, workspace_state_1.getReleaseManifestFile)(rootDir, effectiveId) : undefined;
+    return {
+        ok: true,
+        action_id: (0, node_crypto_1.randomUUID)(),
+        tool: "whc_pipeline_status",
+        data: {
+            started: readBoolean(status.started),
+            completed: readBoolean(status.completed),
+            status: readStatus(status.status),
+            tool: readString(status.tool),
+            request_id: statusRequestId,
+            action_id: readOptionalString(status.action_id),
+            target_environment: readOptionalString(status.target_environment),
+            pipeline_id: readOptionalString(status.pipeline_id),
+            release_intent: readOptionalString(status.release_intent),
+            started_at: readOptionalString(status.started_at),
+            completed_at: readOptionalString(status.completed_at),
+            next_step: readOptionalString(status.next_step),
+            error: readError(status.error),
+            artifacts: {
+                state_file: (0, workspace_state_1.getPipelineStatusFile)(rootDir),
+                manifest_file: manifestFile,
+                flow_log_file: config.flowLogPath ?? ".mcp/whc-mcp/logs/flow-events.jsonl",
+            },
+        },
+        error: null,
+        meta: {
+            latency_ms: Date.now() - startedAt,
+            safety_level: "A",
+            delivery_mechanism: "read_probe",
+        },
+    };
+}
+function readBoolean(input) {
+    return input === true;
+}
+function readString(input) {
+    return typeof input === "string" ? input : "";
+}
+function readOptionalString(input) {
+    return typeof input === "string" && input.length > 0 ? input : undefined;
+}
+function readStatus(input) {
+    if (input === "in_progress" || input === "success" || input === "failure") {
+        return input;
+    }
+    return "idle";
+}
+function readError(input) {
+    if (!input || typeof input !== "object") {
+        return null;
+    }
+    const code = readString(input.code);
+    const message = readString(input.message);
+    if (!code || !message) {
+        return null;
+    }
+    return { code, message };
+}