experimental-ash 0.24.2 → 0.25.1

package/dist/src/runtime/actions/types.js

@@ -14,7 +14,7 @@ export const runtimeToolCallActionRequestSchema = z
 /**
  * Zod schema for one runtime-owned subagent-call action request.
  */
-export const runtimeSubagentCallActionRequestSchema = z
+const runtimeSubagentCallActionRequestSchema = z
     .object({
     callId: z.string(),
     description: z.string(),
@@ -28,25 +28,17 @@ export const runtimeSubagentCallActionRequestSchema = z
 /**
  * Zod schema for one runtime-owned load-skill action request.
  */
-export const runtimeLoadSkillActionRequestSchema = z
+const runtimeLoadSkillActionRequestSchema = z
     .object({
     callId: z.string(),
     input: jsonObjectSchema,
     kind: z.literal("load-skill"),
 })
     .strict();
-/**
- * Zod schema for one runtime action request.
- */
-export const runtimeActionRequestSchema = z.discriminatedUnion("kind", [
-    runtimeLoadSkillActionRequestSchema,
-    runtimeSubagentCallActionRequestSchema,
-    runtimeToolCallActionRequestSchema,
-]);
 /**
  * Zod schema for one runtime-owned authored tool-result action result.
  */
-export const runtimeToolResultActionResultSchema = z
+const runtimeToolResultActionResultSchema = z
     .object({
     callId: z.string(),
     isError: z.boolean().optional(),
@@ -58,7 +50,7 @@ export const runtimeToolResultActionResultSchema = z
 /**
  * Zod schema for one runtime-owned subagent result action result.
  */
-export const runtimeSubagentResultActionResultSchema = z
+const runtimeSubagentResultActionResultSchema = z
     .object({
     callId: z.string(),
     isError: z.boolean().optional(),
@@ -73,7 +65,7 @@ export const runtimeSubagentResultActionResultSchema = z
  * The result still reports whether a skill became active during the turn; the
  * action name reflects how the model requests those instructions.
  */
-export const runtimeLoadSkillActionResultSchema = z
+const runtimeLoadSkillActionResultSchema = z
     .object({
     callId: z.string(),
     isError: z.boolean().optional(),
@@ -82,11 +74,3 @@ export const runtimeLoadSkillActionResultSchema = z
     name: z.string().optional(),
 })
     .strict();
-/**
- * Zod schema for one runtime action result.
- */
-export const runtimeActionResultSchema = z.discriminatedUnion("kind", [
-    runtimeLoadSkillActionResultSchema,
-    runtimeSubagentResultActionResultSchema,
-    runtimeToolResultActionResultSchema,
-]);

package/dist/src/runtime/agent/bootstrap-model-utils.d.ts

@@ -2,7 +2,7 @@ import type { MockLanguageModelV3 } from "ai/test";
 export type BootstrapGenerateOptions = Parameters<MockLanguageModelV3["doGenerate"]>[0];
 export type BootstrapPrompt = BootstrapGenerateOptions["prompt"];
 export type BootstrapGenerateResult = Awaited<ReturnType<MockLanguageModelV3["doGenerate"]>>;
-export type BootstrapStreamResult = Awaited<ReturnType<MockLanguageModelV3["doStream"]>>;
+type BootstrapStreamResult = Awaited<ReturnType<MockLanguageModelV3["doStream"]>>;
 /**
  * Builds a deterministic `doGenerate` result from a text response and token
  * estimates. Shared by the real bootstrap model and the authored-model mock.
@@ -34,3 +34,4 @@ export declare function getLastUserPromptText(prompt: BootstrapPrompt): string |
  * Joins all message content in the prompt into a single string.
  */
 export declare function getPromptText(prompt: BootstrapPrompt): string;
+export {};

package/dist/src/runtime/agent/mock-model-adapter.js

@@ -2,8 +2,8 @@ import { MockLanguageModelV3 } from "ai/test";
 import { z } from "#compiled/zod/index.js";
 import { BOOTSTRAP_RUNTIME_MODEL_ID, BOOTSTRAP_RUNTIME_SYSTEM_PROMPT, } from "#runtime/agent/bootstrap.js";
 import { createBootstrapGenerateResult, createBootstrapStreamResult, estimateTokenCount, getLastUserPromptText, getPromptContentText, getPromptText, } from "#runtime/agent/bootstrap-model-utils.js";
+import { LOAD_SKILL_TOOL_NAME } from "#runtime/skills/fragment-context.js";
 const MOCK_RUNTIME_MODEL_PROVIDER = "ash-runtime-mock";
-const LOAD_SKILL_TOOL_NAME = "load_skill";
 const LOAD_SKILL_TOOL_CALL_ID = "call_load_skill";
 const GET_WEATHER_TOOL_CALL_ID = "call_get_weather";
 const authoredRuntimeModelMocks = new Map();

package/dist/src/runtime/channels/registry.js

@@ -24,7 +24,6 @@ const ADAPTER_NON_EVENT_FIELDS = new Set([
     "kind",
     "state",
     "deliver",
-    "contextProviders",
     "createAdapterContext",
     "fetchFile",
 ]);
@@ -64,9 +63,8 @@ export function createRuntimeAdapterRegistry(input) {
                 throw new RuntimeRegistryError("adapter", `Channel adapter kind "${kind}" is reserved by the framework. ` +
                     `A route-declared adapter may share a framework kind only as a ` +
                     `pass-through with no \`deliver\` hook, event handlers, ` +
-                    `\`attachments\` resolver, \`contextProviders\`, or ` +
-                    `\`createAdapterContext\` factory. Use a custom \`kind\` to add ` +
-                    `channel-specific behavior.`, { ...location, entryName: kind });
+                    `\`attachments\` resolver, or \`createAdapterContext\` factory. ` +
+                    `Use a custom \`kind\` to add channel-specific behavior.`, { ...location, entryName: kind });
             }
             // Additive pass-through — the framework adapter stays in place.
             continue;
@@ -98,7 +96,7 @@ export function deserializeRuntimeAdapter(registry, data) {
 }
 function requireAdapterKind(adapter, location) {
     const kind = getAdapterKind(adapter);
-    if (kind === "unknown") {
+    if (typeof kind !== "string" || kind.length === 0) {
         throw new RuntimeRegistryError("adapter", "Adapters must declare a non-empty `kind` field.", {
             entryName: "unknown",
             logicalPath: location?.logicalPath,
@@ -121,9 +119,6 @@ function carriesAdapterBehavior(adapter) {
     if (adapter.createAdapterContext !== undefined) {
         return true;
     }
-    if (adapter.contextProviders !== undefined && adapter.contextProviders.length > 0) {
-        return true;
-    }
     // Remaining keys on a ChannelAdapter object correspond to stream
     // event handlers (keyed by event type, e.g. "input.requested").
     for (const [key, value] of Object.entries(adapter)) {

package/dist/src/runtime/compiled-artifacts-source.d.ts

@@ -17,18 +17,12 @@ export interface RuntimeDiskCompiledArtifactsSource {
     readonly kind: "disk";
     /**
      * Native filesystem path to the package-owned authored-source module map
-     * loader. Required when `moduleMapLoadMode` is `"authored-source"` so
-     * bundled dev hosts do not resolve Ash internals relative to app `.ash`
-     * output.
+     * loader. When set, the runtime loads modules directly from authored
+     * source instead of the bundled-compiled module map. Omitted in deployed
+     * runtimes, where the module map must come from the compiled artifact
+     * emitted by the build.
      */
     readonly moduleMapLoaderPath?: string;
-    /**
-     * Optional module-map loader override for package-internal dev/build flows.
-     *
-     * Omitted in deployed runtimes, where the module map must come from the
-     * compiled artifact emitted by the build.
-     */
-    readonly moduleMapLoadMode?: "authored-source";
 }
 /**
  * Creates the bundled compiled-artifact source.
@@ -38,7 +32,6 @@ export declare function createBundledRuntimeCompiledArtifactsSource(): RuntimeBu
  * Creates the disk-backed compiled-artifact source for one authored app root.
  */
 export declare function createDiskRuntimeCompiledArtifactsSource(appRoot: string, options?: {
-    readonly moduleMapLoadMode?: RuntimeDiskCompiledArtifactsSource["moduleMapLoadMode"];
     readonly moduleMapLoaderPath?: string;
 }): RuntimeDiskCompiledArtifactsSource;
 /**

package/dist/src/runtime/compiled-artifacts-source.js

@@ -10,12 +10,11 @@ export function createBundledRuntimeCompiledArtifactsSource() {
  * Creates the disk-backed compiled-artifact source for one authored app root.
  */
 export function createDiskRuntimeCompiledArtifactsSource(appRoot, options = {}) {
-    if (options.moduleMapLoadMode !== undefined || options.moduleMapLoaderPath !== undefined) {
+    if (options.moduleMapLoaderPath !== undefined) {
         return {
             appRoot,
             kind: "disk",
             moduleMapLoaderPath: options.moduleMapLoaderPath,
-            moduleMapLoadMode: options.moduleMapLoadMode,
         };
     }
     return {
@@ -36,11 +35,8 @@ export function getRuntimeCompiledArtifactsCacheKey(source) {
     if (source.kind !== "disk") {
         return "bundled";
     }
-    if (source.moduleMapLoadMode !== undefined) {
-        if (source.moduleMapLoaderPath !== undefined) {
-            return `disk:${source.appRoot}:${source.moduleMapLoadMode}:${source.moduleMapLoaderPath}`;
-        }
-        return `disk:${source.appRoot}:${source.moduleMapLoadMode}`;
+    if (source.moduleMapLoaderPath !== undefined) {
+        return `disk:${source.appRoot}:authored-source:${source.moduleMapLoaderPath}`;
     }
     return `disk:${source.appRoot}`;
 }

package/dist/src/runtime/connections/authorization-tokens.d.ts

@@ -15,10 +15,6 @@
 import type { AshContext } from "#context/container.js";
 import { ContextKey } from "#context/key.js";
 import type { TokenResult } from "#runtime/connections/types.js";
-/**
- * Inner map of `principalKey` → {@link TokenResult} for one connection.
- */
-export type PrincipalTokenCache = Readonly<Record<string, TokenResult>>;
 /**
  * Virtual context key mapping connection name to a per-principal
  * {@link TokenResult} cache.
@@ -35,7 +31,7 @@ export declare const ConnectionAuthorizationTokensKey: ContextKey<Readonly<Recor
  * (not expired). Expired entries are treated as a cache miss so
  * callers re-run the authorization flow.
  */
-export declare function readCachedToken(ctx: AshContext, connectionName: string, principalKey: string, now?: number): TokenResult | undefined;
+export declare function readCachedToken(ctx: AshContext, connectionName: string, principalKey: string): TokenResult | undefined;
 /**
  * Persists a freshly resolved {@link TokenResult} on the cache under
  * `(connectionName, principalKey)`. Existing entries for other
@@ -45,12 +41,3 @@ export declare function readCachedToken(ctx: AshContext, connectionName: string,
  * into the durable step payload. See the module docblock.
  */
 export declare function writeCachedToken(ctx: AshContext, connectionName: string, principalKey: string, token: TokenResult): void;
-/**
- * Removes the cached token for `(connectionName, principalKey)`.
- * Called when a connection's token is rejected downstream (for
- * example the server returns 401 with the cached bearer) so the next
- * `getToken` call runs fresh.
- *
- * Other principals' tokens on the same connection are preserved.
- */
-export declare function clearCachedToken(ctx: AshContext, connectionName: string, principalKey: string): void;

package/dist/src/runtime/connections/authorization-tokens.js

@@ -29,11 +29,11 @@ export const ConnectionAuthorizationTokensKey = new ContextKey("ash.connectionAu
  * (not expired). Expired entries are treated as a cache miss so
  * callers re-run the authorization flow.
  */
-export function readCachedToken(ctx, connectionName, principalKey, now = Date.now()) {
+export function readCachedToken(ctx, connectionName, principalKey) {
     const entry = ctx.get(ConnectionAuthorizationTokensKey)?.[connectionName]?.[principalKey];
     if (entry === undefined)
         return undefined;
-    if (entry.expiresAt !== undefined && entry.expiresAt <= now) {
+    if (entry.expiresAt !== undefined && entry.expiresAt <= Date.now()) {
         return undefined;
     }
     return entry;
@@ -54,32 +54,6 @@ export function writeCachedToken(ctx, connectionName, principalKey, token) {
         [connectionName]: { ...perConnection, [principalKey]: token },
     });
 }
-/**
- * Removes the cached token for `(connectionName, principalKey)`.
- * Called when a connection's token is rejected downstream (for
- * example the server returns 401 with the cached bearer) so the next
- * `getToken` call runs fresh.
- *
- * Other principals' tokens on the same connection are preserved.
- */
-export function clearCachedToken(ctx, connectionName, principalKey) {
-    const existing = ctx.get(ConnectionAuthorizationTokensKey);
-    const perConnection = existing?.[connectionName];
-    if (existing === undefined || perConnection === undefined)
-        return;
-    if (perConnection[principalKey] === undefined)
-        return;
-    const nextPerConnection = { ...perConnection };
-    delete nextPerConnection[principalKey];
-    const next = { ...existing };
-    if (Object.keys(nextPerConnection).length === 0) {
-        delete next[connectionName];
-    }
-    else {
-        next[connectionName] = nextPerConnection;
-    }
-    asContainer(ctx).setVirtualContext(ConnectionAuthorizationTokensKey, next);
-}
 /**
  * Runtime installs `ContextContainer` as the concrete `AshContext`;
  * we reach through the interface here because `setVirtualContext` is

package/dist/src/runtime/connections/principal-context.d.ts

@@ -42,13 +42,13 @@ import type { ConnectionPrincipal } from "#runtime/connections/types.js";
 /**
  * Per-connection principal overrides keyed by connection name.
  */
-export type ConnectionPrincipalOverrides = Readonly<Record<string, ConnectionPrincipal>>;
+type ConnectionPrincipalOverrides = Readonly<Record<string, ConnectionPrincipal>>;
 /**
  * One frame on the principal-override stack. Frames are compared by
  * object identity when popping so concurrent entries can
  * deterministically remove the frame they pushed.
  */
-export interface ConnectionPrincipalOverrideFrame {
+interface ConnectionPrincipalOverrideFrame {
     readonly overrides: ConnectionPrincipalOverrides;
 }
 /**
@@ -98,3 +98,4 @@ export declare function lookupConnectionPrincipalOverride(ctx: {
  * of the stack.
  */
 export declare function withConnectionPrincipalOverride<T>(ctx: ContextContainer, overrides: ConnectionPrincipalOverrides, fn: () => Promise<T>): Promise<T>;
+export {};

package/dist/src/runtime/connections/validate-authorization.d.ts

@@ -12,17 +12,6 @@ import type { AuthorizationDefinition } from "#runtime/connections/types.js";
  * to prefix with its own context.
  */
 export declare function validateAuthorizationSpec(authorization: unknown, fieldName?: string): string | undefined;
-/**
- * Narrow convenience that asserts `auth` is structurally valid and mutates
- * defaulted fields into place, otherwise throws an `Error` with the caller's
- * `prefix` joined to the validation message.
- *
- * Most call sites want a richer error (e.g. `ResolveAgentError`
- * with `logicalPath`/`sourceId`) and should call
- * {@link validateAuthorizationSpec} directly and wrap themselves.
- * This helper is for the simple prefix-and-throw case.
- */
-export declare function assertAuthorizationSpec(authorization: unknown, prefix: string, fieldName?: string): asserts authorization is AuthorizationDefinition;
 /**
  * Validates and normalizes an authored auth definition into the runtime shape.
  *

package/dist/src/runtime/connections/validate-authorization.js

@@ -39,22 +39,6 @@ export function validateAuthorizationSpec(authorization, fieldName = "auth") {
     }
     return undefined;
 }
-/**
- * Narrow convenience that asserts `auth` is structurally valid and mutates
- * defaulted fields into place, otherwise throws an `Error` with the caller's
- * `prefix` joined to the validation message.
- *
- * Most call sites want a richer error (e.g. `ResolveAgentError`
- * with `logicalPath`/`sourceId`) and should call
- * {@link validateAuthorizationSpec} directly and wrap themselves.
- * This helper is for the simple prefix-and-throw case.
- */
-export function assertAuthorizationSpec(authorization, prefix, fieldName = "auth") {
-    const normalized = normalizeAuthorizationSpec(authorization, prefix, fieldName);
-    if (authorization !== null && typeof authorization === "object") {
-        Object.assign(authorization, normalized);
-    }
-}
 /**
  * Validates and normalizes an authored auth definition into the runtime shape.
  *

package/dist/src/runtime/framework-channels/index.d.ts

@@ -1,4 +1,3 @@
 import type { ResolvedChannelDefinition } from "#runtime/types.js";
-export declare const ASH_CHANNEL_NAME = "ash";
 export declare function getFrameworkChannelDefinitions(): readonly ResolvedChannelDefinition[];
 export declare function getAllFrameworkChannelNames(): ReadonlySet<string>;

package/dist/src/runtime/framework-channels/index.js

@@ -1,7 +1,7 @@
 import { none, vercelOidc } from "#public/channels/auth.js";
 import { ashChannel } from "#public/channels/ash.js";
 import { getConnectionCallbackChannelDefinitions, getConnectionCallbackChannelNames, } from "#runtime/connections/callback-route.js";
-export const ASH_CHANNEL_NAME = "ash";
+const ASH_CHANNEL_NAME = "ash";
 export function getFrameworkChannelDefinitions() {
     const auth = resolveFrameworkAshAuth();
     const compiled = ashChannel({ auth });

package/dist/src/runtime/framework-tools/connection-search.d.ts

@@ -1,7 +1,4 @@
-import { type AshContext } from "#context/container.js";
 import { ContextKey } from "#context/key.js";
-import { createConnectionAuthorizationRequiredEvent } from "#protocol/message.js";
-import type { ConnectionAuthorizationChallenge } from "#public/connections/errors.js";
 import { type ConnectionRegistry, type ConnectionToolMetadata } from "#runtime/connections/types.js";
 import type { ResolvedToolDefinition } from "#runtime/types.js";
 import { CONNECTION_AUTHORIZATION_PLACEHOLDER } from "#runtime/framework-tools/pending-connection-tool-calls.js";
@@ -24,24 +21,6 @@ export declare const ConnectionRegistryKey: ContextKey<ConnectionRegistry>;
 export interface DiscoveredConnectionToolsState {
     readonly byConnection: Readonly<Record<string, readonly ConnectionToolMetadata[]>>;
 }
-/**
- * One connection that requires user authorization before its tools
- * can be used.
- */
-export interface PendingConnectionAuthorization {
-    readonly connectionName: string;
-    readonly description: string;
-    readonly authorization?: ConnectionAuthorizationChallenge;
-}
-/**
- * Durable context key for connections awaiting user authorization.
- *
- * Written by `connection_search` when a connection throws
- * {@link ConnectionAuthorizationRequiredError}. Read by the harness after
- * the step completes to emit `connection.authorization_required`
- * events and optionally suspend the workflow on a webhook.
- */
-export declare const PendingConnectionAuthorizationsKey: ContextKey<readonly PendingConnectionAuthorization[]>;
 /**
  * Durable context key for discovered connection tools.
  *
@@ -73,29 +52,4 @@ export declare function executeConnectionSearch(input: ConnectionSearchInput, me
 }): Promise<ConnectionSearchResultItem[] | typeof CONNECTION_AUTHORIZATION_PLACEHOLDER>;
 export declare function tokenize(text: string): string[];
 export declare function scoreMatch(queryTokens: string[], tool: ConnectionToolMetadata): number;
-/** Emit function passed to {@link drainPendingConnectionAuthorizations}. */
-type ConnectionAuthorizationEmitFn = (event: ReturnType<typeof createConnectionAuthorizationRequiredEvent>) => Promise<void>;
-/**
- * Emits queued non-interactive authorization-required events and clears
- * the drained entries.
- */
-export declare function drainPendingConnectionAuthorizations(params: {
-    readonly ctx: AshContext;
-    readonly emit: ConnectionAuthorizationEmitFn;
-    readonly state: {
-        readonly sequence: number;
-        readonly stepIndex: number;
-        readonly turnId: string;
-    };
-}): Promise<void>;
-/**
- * Adds `pending` to {@link PendingConnectionAuthorizationsKey} if no
- * entry for the same `connectionName` already exists on the context.
- *
- * Single source of truth for the dedup-by-name rule: called from
- * `wrapConnectionToolExecute` (single connection per pending call) and
- * from the fan-out loop inside {@link executeConnectionSearch} (many
- * connections per search call).
- */
-export declare function recordPendingAuthorization(ctx: AshContext, pending: PendingConnectionAuthorization): void;
 export {};

package/dist/src/runtime/framework-tools/connection-search.js

@@ -1,7 +1,6 @@
 import { loadContext } from "#context/container.js";
 import { ContextKey } from "#context/key.js";
 import { createLogger } from "#internal/logging.js";
-import { createConnectionAuthorizationRequiredEvent } from "#protocol/message.js";
 import { isConnectionAuthorizationFailedError, isConnectionAuthorizationRequiredError, } from "#public/connections/errors.js";
 import { supportsInteractiveAuthorization, } from "#runtime/connections/types.js";
 import { qualifiedConnectionToolName } from "#runtime/framework-tools/connection-tools.js";
@@ -15,15 +14,6 @@ const logger = createLogger("framework.connection-search");
  * The `connectionProvider` reconstructs it each step.
  */
 export const ConnectionRegistryKey = new ContextKey("ash.connectionRegistry");
-/**
- * Durable context key for connections awaiting user authorization.
- *
- * Written by `connection_search` when a connection throws
- * {@link ConnectionAuthorizationRequiredError}. Read by the harness after
- * the step completes to emit `connection.authorization_required`
- * events and optionally suspend the workflow on a webhook.
- */
-export const PendingConnectionAuthorizationsKey = new ContextKey("ash.pendingConnectionAuthorizations");
 /**
  * Durable context key for discovered connection tools.
  *
@@ -70,7 +60,6 @@ export const CONNECTION_SEARCH_TOOL_DEFINITION = {
     name: "connection_search",
     onCompact({ ctx }) {
         ctx.set(DiscoveredConnectionToolsKey, { byConnection: {} });
-        ctx.set(PendingConnectionAuthorizationsKey, []);
         ctx.set(PendingConnectionToolCallsKey, []);
         return {};
     },
@@ -96,7 +85,7 @@ export async function executeConnectionSearch(input, meta) {
     const discoveredByConnection = {
         ...previouslyDiscovered?.byConnection,
     };
-    const pendingAuthorizations = [];
+    const authRequiredConnections = [];
     for (const conn of targetConnections) {
         let tools;
         try {
@@ -105,10 +94,7 @@ export async function executeConnectionSearch(input, meta) {
         }
         catch (err) {
             if (isConnectionAuthorizationRequiredError(err)) {
-                pendingAuthorizations.push({
-                    connectionName: conn.connectionName,
-                    description: conn.description,
-                });
+                authRequiredConnections.push(conn.connectionName);
                 failedConnections.push({
                     connection: conn.connectionName,
                     description: conn.description,
@@ -169,17 +155,7 @@ export async function executeConnectionSearch(input, meta) {
     // Persist discovered tools so they materialize as first-class
     // AI SDK tools on the next step.
     ctx.set(DiscoveredConnectionToolsKey, { byConnection: discoveredByConnection });
-    let interactiveConnectionNames = [];
-    if (pendingAuthorizations.length > 0) {
-        for (const auth of pendingAuthorizations) {
-            recordPendingAuthorization(ctx, auth);
-        }
-        // Only connections with `startAuthorization` can suspend on a
-        // framework-owned webhook.
-        interactiveConnectionNames = pendingAuthorizations
-            .map((a) => a.connectionName)
-            .filter((name) => isInteractive(registry, name));
-    }
+    const interactiveConnectionNames = authRequiredConnections.filter((name) => isInteractive(registry, name));
     // Suspend the entire tool call when at least one auth-required
     // connection has the full interactive-OAuth surface. The
     // connection-discover retry re-runs this search after tokens land,
@@ -240,60 +216,9 @@ export function scoreMatch(queryTokens, tool) {
     }
     return score;
 }
-/**
- * Emits queued non-interactive authorization-required events and clears
- * the drained entries.
- */
-export async function drainPendingConnectionAuthorizations(params) {
-    const pending = params.ctx.get(PendingConnectionAuthorizationsKey);
-    if (pending === undefined || pending.length === 0) {
-        return;
-    }
-    const registry = params.ctx.get(ConnectionRegistryKey);
-    const drained = [];
-    const deferred = [];
-    for (const auth of pending) {
-        if (isInteractive(registry, auth.connectionName)) {
-            deferred.push(auth);
-        }
-        else {
-            drained.push(auth);
-        }
-    }
-    for (const auth of drained) {
-        const payload = {
-            connectionName: auth.connectionName,
-            description: auth.description,
-            sequence: params.state.sequence,
-            stepIndex: params.state.stepIndex,
-            turnId: params.state.turnId,
-        };
-        if (auth.authorization !== undefined) {
-            payload.authorization = auth.authorization;
-        }
-        await params.emit(createConnectionAuthorizationRequiredEvent(payload));
-    }
-    params.ctx.set(PendingConnectionAuthorizationsKey, deferred);
-}
 function isInteractive(registry, connectionName) {
     if (registry === undefined)
         return false;
     const def = registry.getConnections().find((c) => c.connectionName === connectionName);
     return supportsInteractiveAuthorization(def?.authorization);
 }
-/**
- * Adds `pending` to {@link PendingConnectionAuthorizationsKey} if no
- * entry for the same `connectionName` already exists on the context.
- *
- * Single source of truth for the dedup-by-name rule: called from
- * `wrapConnectionToolExecute` (single connection per pending call) and
- * from the fan-out loop inside {@link executeConnectionSearch} (many
- * connections per search call).
- */
-export function recordPendingAuthorization(ctx, pending) {
-    const existing = ctx.get(PendingConnectionAuthorizationsKey) ?? [];
-    if (existing.some((entry) => entry.connectionName === pending.connectionName)) {
-        return;
-    }
-    ctx.set(PendingConnectionAuthorizationsKey, [...existing, pending]);
-}

package/dist/src/runtime/framework-tools/connection-tools.d.ts

@@ -24,12 +24,9 @@ export declare function resolveConnectionToolsFromState(registry: ConnectionRegi
  */
 type ToolExecuteFn = (args: unknown, options: unknown) => Promise<unknown>;
 /**
- * Wraps one connection tool's `execute` to translate
- * {@link ConnectionAuthorizationRequiredError} into the
- * await-authorization-and-splice protocol.
- *
- * Interactive auth records a pending retry and returns a placeholder
- * result; non-interactive auth returns a model-visible retryable error.
+ * Wraps one connection tool's `execute` to record a pending retry and
+ * return a placeholder when interactive auth is required. Non-interactive
+ * connections let the error propagate — the model sees the failure.
  */
 export declare function wrapConnectionToolExecute(params: {
     readonly connectionDefinition: ResolvedConnectionDefinition | undefined;

package/dist/src/runtime/framework-tools/connection-tools.js

@@ -2,7 +2,7 @@ import { loadContext } from "#context/container.js";
 import { isConnectionAuthorizationRequiredError } from "#public/connections/errors.js";
 import { isObject } from "#shared/guards.js";
 import { supportsInteractiveAuthorization, } from "#runtime/connections/types.js";
-import { recordPendingAuthorization, } from "#runtime/framework-tools/connection-search.js";
+import {} from "#runtime/framework-tools/connection-search.js";
 import { appendPendingConnectionToolCalls, CONNECTION_AUTHORIZATION_PLACEHOLDER, PendingConnectionToolCallsKey, } from "#runtime/framework-tools/pending-connection-tool-calls.js";
 /**
  * Builds the qualified tool name for a connection tool.
@@ -59,12 +59,9 @@ export async function resolveConnectionToolsFromState(registry, discovered, inpu
     return result;
 }
 /**
- * Wraps one connection tool's `execute` to translate
- * {@link ConnectionAuthorizationRequiredError} into the
- * await-authorization-and-splice protocol.
- *
- * Interactive auth records a pending retry and returns a placeholder
- * result; non-interactive auth returns a model-visible retryable error.
+ * Wraps one connection tool's `execute` to record a pending retry and
+ * return a placeholder when interactive auth is required. Non-interactive
+ * connections let the error propagate — the model sees the failure.
  */
 export function wrapConnectionToolExecute(params) {
     const { connectionDefinition, connectionName, originalExecute, toolName } = params;
@@ -80,12 +77,8 @@ export function wrapConnectionToolExecute(params) {
             }
             const toolCallId = readToolCallId(options);
             const isInteractive = supportsInteractiveAuthorization(connectionDefinition?.authorization);
-            const ctx = loadContext();
-            recordPendingAuthorization(ctx, {
-                connectionName,
-                description: connectionDefinition?.description ?? connectionName,
-            });
             if (isInteractive && toolCallId !== undefined) {
+                const ctx = loadContext();
                 const existing = ctx.get(PendingConnectionToolCallsKey);
                 ctx.set(PendingConnectionToolCallsKey, appendPendingConnectionToolCalls(existing, [
                     {
@@ -98,7 +91,7 @@ export function wrapConnectionToolExecute(params) {
                 ]));
                 return CONNECTION_AUTHORIZATION_PLACEHOLDER;
             }
-            return { error: "authorization_required", retryable: true };
+            throw err;
         }
     };
 }

package/dist/src/runtime/framework-tools/index.d.ts

@@ -14,7 +14,8 @@ interface FrameworkToolConfig {
 export declare function getFrameworkToolDefinitions(config: FrameworkToolConfig): readonly ResolvedToolDefinition[];
 /**
  * Returns the names of every framework-provided tool the framework knows
- * about, regardless of whether the current agent has skills enabled.
+ * about, regardless of whether the current agent gates any of them on
+ * runtime configuration.
  *
  * Used by the graph resolver to validate `disableTool(name)` arguments —
  * disabling a name that does not match any known framework tool is treated

package/dist/src/runtime/framework-tools/index.js

@@ -40,7 +40,8 @@ export function getFrameworkToolDefinitions(config) {
 }
 /**
  * Returns the names of every framework-provided tool the framework knows
- * about, regardless of whether the current agent has skills enabled.
+ * about, regardless of whether the current agent gates any of them on
+ * runtime configuration.
  *
  * Used by the graph resolver to validate `disableTool(name)` arguments —
  * disabling a name that does not match any known framework tool is treated

package/dist/src/runtime/framework-tools/skill.d.ts

@@ -1,15 +1,2 @@
 import type { ResolvedToolDefinition } from "#runtime/types.js";
-/**
- * Typed input accepted by {@link executeLoadSkillTool}.
- */
-export interface LoadSkillInput {
-    readonly skill: string;
-}
-/**
- * Executes the `load_skill` tool.
- *
- * Reads the requested skill's `SKILL.md` from the active sandbox and
- * returns it as the tool result.
- */
-export declare function executeLoadSkillTool(args: LoadSkillInput): Promise<unknown>;
 export declare const SKILL_TOOL_DEFINITION: ResolvedToolDefinition;