experimental-ash 0.24.2 → 0.25.0

package/dist/src/runtime/compiled-artifacts-source.d.ts

@@ -17,18 +17,12 @@ export interface RuntimeDiskCompiledArtifactsSource {
     readonly kind: "disk";
     /**
      * Native filesystem path to the package-owned authored-source module map
-     * loader. Required when `moduleMapLoadMode` is `"authored-source"` so
-     * bundled dev hosts do not resolve Ash internals relative to app `.ash`
-     * output.
+     * loader. When set, the runtime loads modules directly from authored
+     * source instead of the bundled-compiled module map. Omitted in deployed
+     * runtimes, where the module map must come from the compiled artifact
+     * emitted by the build.
      */
     readonly moduleMapLoaderPath?: string;
-    /**
-     * Optional module-map loader override for package-internal dev/build flows.
-     *
-     * Omitted in deployed runtimes, where the module map must come from the
-     * compiled artifact emitted by the build.
-     */
-    readonly moduleMapLoadMode?: "authored-source";
 }
 /**
  * Creates the bundled compiled-artifact source.
@@ -38,7 +32,6 @@ export declare function createBundledRuntimeCompiledArtifactsSource(): RuntimeBu
  * Creates the disk-backed compiled-artifact source for one authored app root.
  */
 export declare function createDiskRuntimeCompiledArtifactsSource(appRoot: string, options?: {
-    readonly moduleMapLoadMode?: RuntimeDiskCompiledArtifactsSource["moduleMapLoadMode"];
     readonly moduleMapLoaderPath?: string;
 }): RuntimeDiskCompiledArtifactsSource;
 /**

package/dist/src/runtime/compiled-artifacts-source.js

@@ -10,12 +10,11 @@ export function createBundledRuntimeCompiledArtifactsSource() {
  * Creates the disk-backed compiled-artifact source for one authored app root.
  */
 export function createDiskRuntimeCompiledArtifactsSource(appRoot, options = {}) {
-    if (options.moduleMapLoadMode !== undefined || options.moduleMapLoaderPath !== undefined) {
+    if (options.moduleMapLoaderPath !== undefined) {
         return {
             appRoot,
             kind: "disk",
             moduleMapLoaderPath: options.moduleMapLoaderPath,
-            moduleMapLoadMode: options.moduleMapLoadMode,
         };
     }
     return {
@@ -36,11 +35,8 @@ export function getRuntimeCompiledArtifactsCacheKey(source) {
     if (source.kind !== "disk") {
         return "bundled";
     }
-    if (source.moduleMapLoadMode !== undefined) {
-        if (source.moduleMapLoaderPath !== undefined) {
-            return `disk:${source.appRoot}:${source.moduleMapLoadMode}:${source.moduleMapLoaderPath}`;
-        }
-        return `disk:${source.appRoot}:${source.moduleMapLoadMode}`;
+    if (source.moduleMapLoaderPath !== undefined) {
+        return `disk:${source.appRoot}:authored-source:${source.moduleMapLoaderPath}`;
     }
     return `disk:${source.appRoot}`;
 }

package/dist/src/runtime/connections/authorization-tokens.d.ts

@@ -15,10 +15,6 @@
 import type { AshContext } from "#context/container.js";
 import { ContextKey } from "#context/key.js";
 import type { TokenResult } from "#runtime/connections/types.js";
-/**
- * Inner map of `principalKey` → {@link TokenResult} for one connection.
- */
-export type PrincipalTokenCache = Readonly<Record<string, TokenResult>>;
 /**
  * Virtual context key mapping connection name to a per-principal
  * {@link TokenResult} cache.
@@ -35,7 +31,7 @@ export declare const ConnectionAuthorizationTokensKey: ContextKey<Readonly<Recor
  * (not expired). Expired entries are treated as a cache miss so
  * callers re-run the authorization flow.
  */
-export declare function readCachedToken(ctx: AshContext, connectionName: string, principalKey: string, now?: number): TokenResult | undefined;
+export declare function readCachedToken(ctx: AshContext, connectionName: string, principalKey: string): TokenResult | undefined;
 /**
  * Persists a freshly resolved {@link TokenResult} on the cache under
  * `(connectionName, principalKey)`. Existing entries for other
@@ -45,12 +41,3 @@ export declare function readCachedToken(ctx: AshContext, connectionName: string,
  * into the durable step payload. See the module docblock.
  */
 export declare function writeCachedToken(ctx: AshContext, connectionName: string, principalKey: string, token: TokenResult): void;
-/**
- * Removes the cached token for `(connectionName, principalKey)`.
- * Called when a connection's token is rejected downstream (for
- * example the server returns 401 with the cached bearer) so the next
- * `getToken` call runs fresh.
- *
- * Other principals' tokens on the same connection are preserved.
- */
-export declare function clearCachedToken(ctx: AshContext, connectionName: string, principalKey: string): void;

package/dist/src/runtime/connections/authorization-tokens.js

@@ -29,11 +29,11 @@ export const ConnectionAuthorizationTokensKey = new ContextKey("ash.connectionAu
  * (not expired). Expired entries are treated as a cache miss so
  * callers re-run the authorization flow.
  */
-export function readCachedToken(ctx, connectionName, principalKey, now = Date.now()) {
+export function readCachedToken(ctx, connectionName, principalKey) {
     const entry = ctx.get(ConnectionAuthorizationTokensKey)?.[connectionName]?.[principalKey];
     if (entry === undefined)
         return undefined;
-    if (entry.expiresAt !== undefined && entry.expiresAt <= now) {
+    if (entry.expiresAt !== undefined && entry.expiresAt <= Date.now()) {
         return undefined;
     }
     return entry;
@@ -54,32 +54,6 @@ export function writeCachedToken(ctx, connectionName, principalKey, token) {
         [connectionName]: { ...perConnection, [principalKey]: token },
     });
 }
-/**
- * Removes the cached token for `(connectionName, principalKey)`.
- * Called when a connection's token is rejected downstream (for
- * example the server returns 401 with the cached bearer) so the next
- * `getToken` call runs fresh.
- *
- * Other principals' tokens on the same connection are preserved.
- */
-export function clearCachedToken(ctx, connectionName, principalKey) {
-    const existing = ctx.get(ConnectionAuthorizationTokensKey);
-    const perConnection = existing?.[connectionName];
-    if (existing === undefined || perConnection === undefined)
-        return;
-    if (perConnection[principalKey] === undefined)
-        return;
-    const nextPerConnection = { ...perConnection };
-    delete nextPerConnection[principalKey];
-    const next = { ...existing };
-    if (Object.keys(nextPerConnection).length === 0) {
-        delete next[connectionName];
-    }
-    else {
-        next[connectionName] = nextPerConnection;
-    }
-    asContainer(ctx).setVirtualContext(ConnectionAuthorizationTokensKey, next);
-}
 /**
  * Runtime installs `ContextContainer` as the concrete `AshContext`;
  * we reach through the interface here because `setVirtualContext` is

package/dist/src/runtime/connections/principal-context.d.ts

@@ -42,13 +42,13 @@ import type { ConnectionPrincipal } from "#runtime/connections/types.js";
 /**
  * Per-connection principal overrides keyed by connection name.
  */
-export type ConnectionPrincipalOverrides = Readonly<Record<string, ConnectionPrincipal>>;
+type ConnectionPrincipalOverrides = Readonly<Record<string, ConnectionPrincipal>>;
 /**
  * One frame on the principal-override stack. Frames are compared by
  * object identity when popping so concurrent entries can
  * deterministically remove the frame they pushed.
  */
-export interface ConnectionPrincipalOverrideFrame {
+interface ConnectionPrincipalOverrideFrame {
     readonly overrides: ConnectionPrincipalOverrides;
 }
 /**
@@ -98,3 +98,4 @@ export declare function lookupConnectionPrincipalOverride(ctx: {
  * of the stack.
  */
 export declare function withConnectionPrincipalOverride<T>(ctx: ContextContainer, overrides: ConnectionPrincipalOverrides, fn: () => Promise<T>): Promise<T>;
+export {};

package/dist/src/runtime/connections/validate-authorization.d.ts

@@ -12,17 +12,6 @@ import type { AuthorizationDefinition } from "#runtime/connections/types.js";
  * to prefix with its own context.
  */
 export declare function validateAuthorizationSpec(authorization: unknown, fieldName?: string): string | undefined;
-/**
- * Narrow convenience that asserts `auth` is structurally valid and mutates
- * defaulted fields into place, otherwise throws an `Error` with the caller's
- * `prefix` joined to the validation message.
- *
- * Most call sites want a richer error (e.g. `ResolveAgentError`
- * with `logicalPath`/`sourceId`) and should call
- * {@link validateAuthorizationSpec} directly and wrap themselves.
- * This helper is for the simple prefix-and-throw case.
- */
-export declare function assertAuthorizationSpec(authorization: unknown, prefix: string, fieldName?: string): asserts authorization is AuthorizationDefinition;
 /**
  * Validates and normalizes an authored auth definition into the runtime shape.
  *

package/dist/src/runtime/connections/validate-authorization.js

@@ -39,22 +39,6 @@ export function validateAuthorizationSpec(authorization, fieldName = "auth") {
     }
     return undefined;
 }
-/**
- * Narrow convenience that asserts `auth` is structurally valid and mutates
- * defaulted fields into place, otherwise throws an `Error` with the caller's
- * `prefix` joined to the validation message.
- *
- * Most call sites want a richer error (e.g. `ResolveAgentError`
- * with `logicalPath`/`sourceId`) and should call
- * {@link validateAuthorizationSpec} directly and wrap themselves.
- * This helper is for the simple prefix-and-throw case.
- */
-export function assertAuthorizationSpec(authorization, prefix, fieldName = "auth") {
-    const normalized = normalizeAuthorizationSpec(authorization, prefix, fieldName);
-    if (authorization !== null && typeof authorization === "object") {
-        Object.assign(authorization, normalized);
-    }
-}
 /**
  * Validates and normalizes an authored auth definition into the runtime shape.
  *

package/dist/src/runtime/framework-channels/index.d.ts

@@ -1,4 +1,3 @@
 import type { ResolvedChannelDefinition } from "#runtime/types.js";
-export declare const ASH_CHANNEL_NAME = "ash";
 export declare function getFrameworkChannelDefinitions(): readonly ResolvedChannelDefinition[];
 export declare function getAllFrameworkChannelNames(): ReadonlySet<string>;

package/dist/src/runtime/framework-channels/index.js

@@ -1,7 +1,7 @@
 import { none, vercelOidc } from "#public/channels/auth.js";
 import { ashChannel } from "#public/channels/ash.js";
 import { getConnectionCallbackChannelDefinitions, getConnectionCallbackChannelNames, } from "#runtime/connections/callback-route.js";
-export const ASH_CHANNEL_NAME = "ash";
+const ASH_CHANNEL_NAME = "ash";
 export function getFrameworkChannelDefinitions() {
     const auth = resolveFrameworkAshAuth();
     const compiled = ashChannel({ auth });

package/dist/src/runtime/framework-tools/index.d.ts

@@ -14,7 +14,8 @@ interface FrameworkToolConfig {
 export declare function getFrameworkToolDefinitions(config: FrameworkToolConfig): readonly ResolvedToolDefinition[];
 /**
  * Returns the names of every framework-provided tool the framework knows
- * about, regardless of whether the current agent has skills enabled.
+ * about, regardless of whether the current agent gates any of them on
+ * runtime configuration.
  *
  * Used by the graph resolver to validate `disableTool(name)` arguments —
  * disabling a name that does not match any known framework tool is treated

package/dist/src/runtime/framework-tools/index.js

@@ -40,7 +40,8 @@ export function getFrameworkToolDefinitions(config) {
 }
 /**
  * Returns the names of every framework-provided tool the framework knows
- * about, regardless of whether the current agent has skills enabled.
+ * about, regardless of whether the current agent gates any of them on
+ * runtime configuration.
  *
  * Used by the graph resolver to validate `disableTool(name)` arguments —
  * disabling a name that does not match any known framework tool is treated

package/dist/src/runtime/framework-tools/skill.d.ts

@@ -1,15 +1,2 @@
 import type { ResolvedToolDefinition } from "#runtime/types.js";
-/**
- * Typed input accepted by {@link executeLoadSkillTool}.
- */
-export interface LoadSkillInput {
-    readonly skill: string;
-}
-/**
- * Executes the `load_skill` tool.
- *
- * Reads the requested skill's `SKILL.md` from the active sandbox and
- * returns it as the tool result.
- */
-export declare function executeLoadSkillTool(args: LoadSkillInput): Promise<unknown>;
 export declare const SKILL_TOOL_DEFINITION: ResolvedToolDefinition;

package/dist/src/runtime/framework-tools/skill.js

@@ -7,7 +7,7 @@ import { loadSkillFromSandbox } from "#runtime/skills/sandbox-access.js";
  * Reads the requested skill's `SKILL.md` from the active sandbox and
  * returns it as the tool result.
  */
-export async function executeLoadSkillTool(args) {
+async function executeLoadSkillTool(args) {
     const ctx = loadContext();
     const sandbox = ctx.get(SandboxKey);
     if (sandbox === undefined) {

package/dist/src/runtime/governance/auth/token-claims.d.ts

@@ -1,15 +1,5 @@
 import type { JWTPayload } from "#compiled/jose/index.js";
-import type { AuthenticatedCallerPrincipal, ResolvedTokenClaimMatchers, RouteAuthAttributes } from "#runtime/governance/auth/types.js";
-/**
- * Returns the normalized string-valued JWT claim projection used by Ash's
- * runtime auth layer.
- */
-export declare function normalizeJwtClaims(payload: JWTPayload): RouteAuthAttributes;
-/**
- * Returns the non-standard string-valued JWT claim projection exposed as public
- * session auth attributes.
- */
-export declare function createJwtAttributeProjection(payload: JWTPayload): RouteAuthAttributes;
+import type { AuthenticatedCallerPrincipal, ResolvedTokenClaimMatchers } from "#runtime/governance/auth/types.js";
 /**
  * Returns whether the verified JWT payload satisfies the authored subject and
  * claim selectors.
@@ -23,8 +13,3 @@ export declare function createJwtAuthenticatedCallerPrincipal(input: {
     readonly payload: JWTPayload;
     readonly principalType: AuthenticatedCallerPrincipal["principalType"];
 }): AuthenticatedCallerPrincipal;
-/**
- * Returns whether the value matches one AWS IAM-style whole-string wildcard
- * pattern where `*` matches zero or more characters.
- */
-export declare function matchesWildcardPattern(pattern: string, value: string): boolean;

package/dist/src/runtime/governance/auth/token-claims.js

@@ -3,7 +3,7 @@ const STANDARD_PROJECTED_CLAIM_KEYS = new Set(["aud", "exp", "iat", "iss", "jti"
  * Returns the normalized string-valued JWT claim projection used by Ash's
  * runtime auth layer.
  */
-export function normalizeJwtClaims(payload) {
+function normalizeJwtClaims(payload) {
     const normalized = {};
     for (const [key, value] of Object.entries(payload)) {
         if (typeof value === "string") {
@@ -20,7 +20,7 @@ export function normalizeJwtClaims(payload) {
  * Returns the non-standard string-valued JWT claim projection exposed as public
  * session auth attributes.
  */
-export function createJwtAttributeProjection(payload) {
+function createJwtAttributeProjection(payload) {
     const claims = normalizeJwtClaims(payload);
     return Object.freeze(Object.fromEntries(Object.entries(claims).filter(([key]) => !STANDARD_PROJECTED_CLAIM_KEYS.has(key))));
 }
@@ -75,7 +75,7 @@ export function createJwtAuthenticatedCallerPrincipal(input) {
  * Returns whether the value matches one AWS IAM-style whole-string wildcard
  * pattern where `*` matches zero or more characters.
  */
-export function matchesWildcardPattern(pattern, value) {
+function matchesWildcardPattern(pattern, value) {
     if (!pattern.includes("*")) {
         return pattern === value;
     }

package/dist/src/runtime/governance/auth/types.d.ts

@@ -77,10 +77,6 @@ export interface ResolvedOidcAuthStrategy extends ResolvedTokenClaimMatchers {
     readonly issuer: string;
     readonly kind: "oidc";
 }
-/**
- * One resolved route-auth strategy authored in `agent.ts`.
- */
-export type ResolvedAuthStrategy = ResolvedHttpBasicAuthStrategy | ResolvedJwtEcdsaAuthStrategy | ResolvedJwtHmacAuthStrategy | ResolvedOidcAuthStrategy;
 /**
  * Internal strategy verification outcomes used by the route-auth orchestrator.
  */

package/dist/src/runtime/governance/network/ip-allow-list.d.ts

@@ -15,20 +15,3 @@ export declare function createRuntimeIpAllowList(entries: readonly string[]): Ru
  * entry.
  */
 export declare function isRuntimeIpAllowed(address: string, allowList: RuntimeIpAllowList): boolean;
-/**
- * Resolves the first trusted request IP candidate from the request headers
- * and the platform-supplied socket peer IP.
- *
- * On Vercel, the `x-vercel-forwarded-for` header carries the original
- * caller's IP through the platform proxies and takes precedence over the
- * socket-level address. Off Vercel, the socket address (passed in by the
- * host plumbing) is the source of truth.
- *
- * `socketIp` is `null` when the host can't observe a peer IP (e.g. during
- * unit tests). The function returns `null` when neither candidate yields a
- * valid normalized IP.
- */
-export declare function resolveTrustedRequestIp(input: {
-    readonly headers: Headers;
-    readonly socketIp: string | null;
-}): string | null;

package/dist/src/runtime/governance/network/ip-allow-list.js

@@ -42,45 +42,6 @@ export function isRuntimeIpAllowed(address, allowList) {
     const family = getIpFamily(normalizedAddress);
     return allowList.blockList.check(normalizedAddress, family);
 }
-/**
- * Resolves the first trusted request IP candidate from the request headers
- * and the platform-supplied socket peer IP.
- *
- * On Vercel, the `x-vercel-forwarded-for` header carries the original
- * caller's IP through the platform proxies and takes precedence over the
- * socket-level address. Off Vercel, the socket address (passed in by the
- * host plumbing) is the source of truth.
- *
- * `socketIp` is `null` when the host can't observe a peer IP (e.g. during
- * unit tests). The function returns `null` when neither candidate yields a
- * valid normalized IP.
- */
-export function resolveTrustedRequestIp(input) {
-    const headerCandidates = process.env.VERCEL === "1" ? [input.headers.get("x-vercel-forwarded-for")] : [];
-    for (const candidate of headerCandidates) {
-        const resolved = selectForwardedIpCandidate(candidate);
-        if (resolved !== null) {
-            return resolved;
-        }
-    }
-    return input.socketIp === null ? null : normalizeIfValidIp(input.socketIp);
-}
-function selectForwardedIpCandidate(value) {
-    if (value === null) {
-        return null;
-    }
-    for (const part of value.split(",")) {
-        const normalized = normalizeIfValidIp(part);
-        if (normalized !== null) {
-            return normalized;
-        }
-    }
-    return null;
-}
-function normalizeIfValidIp(value) {
-    const normalized = normalizeIpAddress(value);
-    return isIP(normalized) === 0 ? null : normalized;
-}
 function normalizeIpAddress(value) {
     const trimmed = value.trim().replace(/^\[(.*)\]$/, "$1");
     const percentIndex = trimmed.indexOf("%");

package/dist/src/runtime/hooks/registry.d.ts

@@ -4,7 +4,7 @@ import type { ResolvedHookDefinition } from "../types.js";
  * One ordered lifecycle subscriber paired with the slug of its source.
  * The slug is used for diagnostics.
  */
-export interface RuntimeLifecycleHookEntry {
+interface RuntimeLifecycleHookEntry {
     readonly slug: string;
     readonly handler: LifecycleHook;
 }
@@ -14,7 +14,7 @@ export interface RuntimeLifecycleHookEntry {
  * `eventType` is `"*"` for wildcard subscribers, otherwise the typed
  * event name.
  */
-export interface RuntimeStreamEventHookEntry {
+interface RuntimeStreamEventHookEntry {
     readonly slug: string;
     readonly handler: StreamEventHook<unknown>;
     readonly eventType: string;
@@ -37,8 +37,10 @@ export interface RuntimeHookRegistry {
     readonly streamEventsWildcard: readonly RuntimeStreamEventHookEntry[];
 }
 /**
- * Returns an empty registry — used by tests and any production path that
- * needs a "no hooks" agent stub.
+ * Returns an empty registry. Used by tests that build a runtime bundle
+ * stub without authored hooks — production registries are constructed
+ * via {@link createRuntimeHookRegistry} from the resolved authored
+ * graph.
  */
 export declare function createEmptyHookRegistry(): RuntimeHookRegistry;
 /**
@@ -50,3 +52,4 @@ export declare function createEmptyHookRegistry(): RuntimeHookRegistry;
  * helper, so callers usually pass `resolvedHooks` directly.
  */
 export declare function createRuntimeHookRegistry(resolvedHooks: readonly ResolvedHookDefinition[]): RuntimeHookRegistry;
+export {};

package/dist/src/runtime/hooks/registry.js

@@ -1,6 +1,8 @@
 /**
- * Returns an empty registry — used by tests and any production path that
- * needs a "no hooks" agent stub.
+ * Returns an empty registry. Used by tests that build a runtime bundle
+ * stub without authored hooks — production registries are constructed
+ * via {@link createRuntimeHookRegistry} from the resolved authored
+ * graph.
  */
 export function createEmptyHookRegistry() {
     return {

package/dist/src/runtime/loaders/bundled-artifacts.d.ts

@@ -17,11 +17,6 @@ export interface BundledCompiledArtifacts {
  * scoped session so tests cannot leak installations across each other.
  */
 export declare function installBundledCompiledArtifacts(input: BundledCompiledArtifacts): void;
-/**
- * Clears the installed bundled compiled-artifact snapshot on the active
- * runtime session.
- */
-export declare function resetBundledCompiledArtifacts(): void;
 /**
  * Reads the bundled compiled-artifact snapshot for the active runtime
  * session, or `null` if none has been installed.

package/dist/src/runtime/loaders/bundled-artifacts.js

@@ -12,13 +12,6 @@ export function installBundledCompiledArtifacts(input) {
         moduleMap: input.moduleMap,
     };
 }
-/**
- * Clears the installed bundled compiled-artifact snapshot on the active
- * runtime session.
- */
-export function resetBundledCompiledArtifacts() {
-    getActiveRuntimeSession().compiledArtifacts = null;
-}
 /**
  * Reads the bundled compiled-artifact snapshot for the active runtime
  * session, or `null` if none has been installed.

package/dist/src/runtime/loaders/compile-metadata.d.ts

@@ -1,21 +1,14 @@
-import type { CompileMetadata } from "#compiler/artifacts.js";
+import { type CompileMetadata } from "#compiler/artifacts.js";
 import type { RuntimeCompiledArtifactsSource } from "#runtime/compiled-artifacts-source.js";
 /**
  * Input for loading compile metadata from disk or bundled artifacts.
  */
-export interface LoadCompileMetadataInput {
+interface LoadCompileMetadataInput {
     readonly compiledArtifactsSource: RuntimeCompiledArtifactsSource;
-    readonly metadataPath?: string;
-}
-/**
- * Error raised when compile metadata cannot be loaded or validated.
- */
-export declare class LoadCompileMetadataError extends Error {
-    readonly metadataPath?: string;
-    constructor(message: string, metadataPath?: string);
 }
 /**
  * Loads and validates compile metadata when it is available for the current
  * artifact source.
  */
 export declare function loadCompileMetadata(input: LoadCompileMetadataInput): Promise<CompileMetadata | null>;
+export {};

package/dist/src/runtime/loaders/compile-metadata.js

@@ -1,9 +1,8 @@
 import { z } from "#compiled/zod/index.js";
+import { COMPILE_METADATA_KIND, COMPILE_METADATA_VERSION, } from "#compiler/artifacts.js";
 import { formatValidationError } from "#runtime/validation.js";
 import { resolveRuntimeCompilerArtifactPaths } from "#runtime/loaders/artifact-paths.js";
 import { readBundledCompiledArtifacts } from "#runtime/loaders/bundled-artifacts.js";
-const COMPILE_METADATA_KIND = "ash-compile-metadata";
-const COMPILE_METADATA_VERSION = 5;
 const compileArtifactDigestSchema = z
     .object({
     path: z.string(),
@@ -45,7 +44,7 @@ const BUNDLED_COMPILE_METADATA_SOURCE = "bundled compile metadata";
 /**
  * Error raised when compile metadata cannot be loaded or validated.
  */
-export class LoadCompileMetadataError extends Error {
+class LoadCompileMetadataError extends Error {
     metadataPath;
     constructor(message, metadataPath) {
         super(message);
@@ -60,11 +59,10 @@ export class LoadCompileMetadataError extends Error {
  * artifact source.
  */
 export async function loadCompileMetadata(input) {
-    const metadataPath = input.metadataPath ??
-        (input.compiledArtifactsSource.kind === "disk"
-            ? resolveRuntimeCompilerArtifactPaths(input.compiledArtifactsSource.appRoot)
-                .compileMetadataPath
-            : undefined);
+    const metadataPath = input.compiledArtifactsSource.kind === "disk"
+        ? resolveRuntimeCompilerArtifactPaths(input.compiledArtifactsSource.appRoot)
+            .compileMetadataPath
+        : undefined;
     if (metadataPath !== undefined) {
         const { readFile } = await import("node:fs/promises");
         let metadataJson;

package/dist/src/runtime/loaders/manifest.d.ts

@@ -4,9 +4,8 @@ import type { RuntimeCompiledArtifactsSource } from "#runtime/compiled-artifacts
  * Input for loading the compiled source manifest from disk or the bundled
  * runtime alias.
  */
-export interface LoadCompiledManifestInput {
+interface LoadCompiledManifestInput {
     readonly compiledArtifactsSource: RuntimeCompiledArtifactsSource;
-    manifestPath?: string;
 }
 /**
  * Error raised when the compiled manifest cannot be loaded or validated.
@@ -19,3 +18,4 @@ export declare class LoadCompiledManifestError extends Error {
  * Loads and validates the compiler-owned source manifest.
  */
 export declare function loadCompiledManifest(input: LoadCompiledManifestInput): Promise<CompiledAgentManifest>;
+export {};

package/dist/src/runtime/loaders/manifest.js

@@ -20,11 +20,10 @@ export class LoadCompiledManifestError extends Error {
  * Loads and validates the compiler-owned source manifest.
  */
 export async function loadCompiledManifest(input) {
-    const manifestPath = input.manifestPath ??
-        (input.compiledArtifactsSource.kind === "disk"
-            ? resolveRuntimeCompilerArtifactPaths(input.compiledArtifactsSource.appRoot)
-                .compiledManifestPath
-            : undefined);
+    const manifestPath = input.compiledArtifactsSource.kind === "disk"
+        ? resolveRuntimeCompilerArtifactPaths(input.compiledArtifactsSource.appRoot)
+            .compiledManifestPath
+        : undefined;
     if (manifestPath !== undefined) {
         const { readFile } = await import("node:fs/promises");
         let manifestJson;

package/dist/src/runtime/loaders/module-map.d.ts

@@ -4,9 +4,8 @@ import type { RuntimeCompiledArtifactsSource } from "#runtime/compiled-artifacts
  * Input for loading the compiled module map from disk or the bundled runtime
  * alias.
  */
-export interface LoadCompiledModuleMapInput {
+interface LoadCompiledModuleMapInput {
     readonly compiledArtifactsSource: RuntimeCompiledArtifactsSource;
-    moduleMapPath?: string;
 }
 /**
  * Error raised when the compiled module map cannot be loaded or validated.
@@ -19,3 +18,4 @@ export declare class LoadCompiledModuleMapError extends Error {
  * Loads and validates the compiler-owned module map.
  */
 export declare function loadCompiledModuleMap(input: LoadCompiledModuleMapInput): Promise<CompiledModuleMap>;
+export {};

package/dist/src/runtime/loaders/module-map.js

@@ -20,10 +20,9 @@ export class LoadCompiledModuleMapError extends Error {
  * Loads and validates the compiler-owned module map.
  */
 export async function loadCompiledModuleMap(input) {
-    const moduleMapPath = input.moduleMapPath ??
-        (input.compiledArtifactsSource.kind === "disk"
-            ? resolveRuntimeCompilerArtifactPaths(input.compiledArtifactsSource.appRoot).moduleMapPath
-            : undefined);
+    const moduleMapPath = input.compiledArtifactsSource.kind === "disk"
+        ? resolveRuntimeCompilerArtifactPaths(input.compiledArtifactsSource.appRoot).moduleMapPath
+        : undefined;
     if (moduleMapPath !== undefined) {
         const moduleMapImportSpecifier = createFileImportSpecifier(moduleMapPath);
         try {

package/dist/src/runtime/prompt/compose.d.ts

@@ -4,7 +4,7 @@ import type { WorkspaceRuntimeSpec } from "#runtime/workspace/types.js";
  * Input for composing the base authored instructions prompt for one
  * resolved agent.
  */
-export interface ComposeRuntimeBasePromptInput {
+interface ComposeRuntimeBasePromptInput {
     connections?: readonly ResolvedConnectionDefinition[];
     instructions?: ResolvedInstructions;
     skills?: readonly ResolvedSkillDefinition[];
@@ -16,3 +16,4 @@ export interface ComposeRuntimeBasePromptInput {
  * without flattening skills into always-on instructions.
  */
 export declare function composeRuntimeBasePrompt(input: ComposeRuntimeBasePromptInput): readonly string[];
+export {};