experimental-ash 0.25.1 → 0.26.0

package/dist/src/harness/runtime-actions.js

@@ -65,7 +65,13 @@ export function recordPendingSubagentChildToken(input) {
  */
 export async function accumulateRuntimeActionResults(input) {
     const batch = getPendingRuntimeActionBatch(input.session);
-    const buffered = [];
+    const buffered = [...(input.initialResults ?? [])];
+    if (batch !== undefined && buffered.length > 0) {
+        const ready = resolveRuntimeActionResultsForBatch({ batch, results: buffered });
+        if (ready !== undefined) {
+            return ready;
+        }
+    }
     while (true) {
         const item = await input.getNext();
         if (item === null) {
@@ -249,6 +255,17 @@ export function createRuntimeActionRequestFromToolCall(input) {
             subagentName: definition.runtimeAction.subagentName,
         };
     }
+    if (definition?.runtimeAction?.kind === "remote-agent-call") {
+        return {
+            callId: input.toolCall.toolCallId,
+            description: definition.description,
+            input: resolveToolCallInputObject(input.toolCall.input),
+            kind: "remote-agent-call",
+            name: definition.name,
+            nodeId: definition.runtimeAction.nodeId,
+            remoteAgentName: definition.runtimeAction.remoteAgentName ?? definition.name,
+        };
+    }
     return {
         callId: input.toolCall.toolCallId,
         input: resolveToolCallInputObject(input.toolCall.input),

package/dist/src/internal/application/package.js

@@ -6,7 +6,7 @@ import { ASH_PACKAGE_NAME } from "#internal/package-name.js";
 let cachedPackageInfo;
 // The package build stamps the published version into `dist` so bundled
 // deployments can still report package metadata without resolving package.json.
-const BUNDLED_FALLBACK_PACKAGE_VERSION = "0.25.1";
+const BUNDLED_FALLBACK_PACKAGE_VERSION = "0.26.0";
 const BUNDLED_FALLBACK_PACKAGE_VERSION_PLACEHOLDER = "__ASH_PACKAGE_VERSION_PLACEHOLDER__";
 const WORKFLOW_MODULE_ALIASES = {
     "workflow/api": "src/compiled/@workflow/core/runtime.js",

package/dist/src/internal/process/pnpm.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Resolved invocation for the host's pnpm executable. The shape carries
+ * everything `child_process.spawn` and `execFile` need to dispatch to the
+ * right binary across macOS/Linux PATH installs, Corepack-managed shims,
+ * and Windows runners that surface pnpm only through `PNPM_HOME`.
+ */
+export interface PnpmInvocation {
+    readonly args: readonly string[];
+    readonly command: string;
+    readonly shell?: boolean;
+}
+/**
+ * Picks the right pnpm executable for the current host. Resolution order:
+ *
+ *  1. `PNPM_HOME` — the standard install location used by Corepack and the
+ *     pnpm installers. On Windows, points at `pnpm.CMD` because the bare
+ *     `pnpm` shim is not directly invokable from a non-shell spawn.
+ *  2. `npm_execpath` — set when the current process was launched by an
+ *     npm-compatible package manager. Pointing at a `.cjs`/`.js` entry
+ *     means we have to run it through `node` (typical for Corepack
+ *     shims); otherwise treat it as a bare executable path.
+ *  3. Bare `pnpm` on PATH — the macOS/Linux happy path.
+ *
+ * Pure: no side effects, returns the invocation shape; the caller picks
+ * `spawn` vs. `execFile`. The test harness uses this to keep platform
+ * handling in one place.
+ */
+export declare function resolvePnpmInvocation(args: readonly string[]): PnpmInvocation;

package/dist/src/internal/process/pnpm.js

@@ -0,0 +1,50 @@
+import { existsSync } from "node:fs";
+import { extname, join } from "node:path";
+/**
+ * Picks the right pnpm executable for the current host. Resolution order:
+ *
+ *  1. `PNPM_HOME` — the standard install location used by Corepack and the
+ *     pnpm installers. On Windows, points at `pnpm.CMD` because the bare
+ *     `pnpm` shim is not directly invokable from a non-shell spawn.
+ *  2. `npm_execpath` — set when the current process was launched by an
+ *     npm-compatible package manager. Pointing at a `.cjs`/`.js` entry
+ *     means we have to run it through `node` (typical for Corepack
+ *     shims); otherwise treat it as a bare executable path.
+ *  3. Bare `pnpm` on PATH — the macOS/Linux happy path.
+ *
+ * Pure: no side effects, returns the invocation shape; the caller picks
+ * `spawn` vs. `execFile`. The test harness uses this to keep platform
+ * handling in one place.
+ */
+export function resolvePnpmInvocation(args) {
+    const pnpmHome = process.env.PNPM_HOME;
+    if (pnpmHome !== undefined) {
+        const command = join(pnpmHome, process.platform === "win32" ? "pnpm.CMD" : "pnpm");
+        if (existsSync(command)) {
+            return {
+                args,
+                command,
+                shell: process.platform === "win32",
+            };
+        }
+    }
+    const npmExecPath = process.env.npm_execpath;
+    if (npmExecPath !== undefined && npmExecPath.toLowerCase().includes("pnpm")) {
+        const extension = extname(npmExecPath).toLowerCase();
+        if (extension === ".cjs" || extension === ".js") {
+            return {
+                args: [npmExecPath, ...args],
+                command: process.execPath,
+            };
+        }
+        return {
+            args,
+            command: npmExecPath,
+            shell: process.platform === "win32",
+        };
+    }
+    return {
+        args,
+        command: "pnpm",
+    };
+}

package/dist/src/protocol/message.d.ts

@@ -180,6 +180,9 @@ export interface SubagentCalledStreamEvent {
         sessionId: string;
         sequence: number;
         name: string;
+        remote?: {
+            url: string;
+        };
         toolName: string;
         turnId: string;
         workflowId: string;
@@ -579,6 +582,9 @@ export declare function createSubagentCalledEvent(input: {
     readonly sessionId: string;
     readonly sequence: number;
     readonly name: string;
+    readonly remote?: {
+        readonly url: string;
+    };
     readonly toolName: string;
     readonly turnId: string;
     readonly workflowId: string;

package/dist/src/protocol/message.js

@@ -200,6 +200,7 @@ export function createSubagentCalledEvent(input) {
             sessionId: input.sessionId,
             sequence: input.sequence,
             name: input.name,
+            remote: input.remote,
             toolName: input.toolName,
             turnId: input.turnId,
             workflowId: input.workflowId,

package/dist/src/protocol/routes.d.ts

@@ -45,6 +45,13 @@ export declare const ASH_MESSAGE_STREAM_ROUTE_PATTERN = "/ash/v1/session/:sessio
  * exactly what the IdP needs to do.
  */
 export declare const ASH_CONNECTION_CALLBACK_ROUTE_PATTERN = "/ash/v1/connections/:name/callback/:token";
+/**
+ * Stable framework-owned route pattern for terminal session callbacks.
+ *
+ * The `:token` segment is an unguessable workflow hook capability. The route
+ * is unauthenticated by design and resumes the matching parked runtime action.
+ */
+export declare const ASH_CALLBACK_ROUTE_PATTERN = "/ash/v1/callback/:token";
 /**
  * Creates the stable framework-owned message stream route path for one session.
  */
@@ -64,3 +71,7 @@ export declare function createAshContinueSessionRoutePath(sessionId: string): st
  * `resumeHook(token, payload)`.
  */
 export declare function createAshConnectionCallbackRoutePath(name: string, token: string): string;
+/**
+ * Creates the stable framework-owned terminal callback route path.
+ */
+export declare function createAshCallbackRoutePath(token: string): string;

package/dist/src/protocol/routes.js

@@ -45,6 +45,13 @@ export const ASH_MESSAGE_STREAM_ROUTE_PATTERN = `${ASH_ROUTE_PREFIX}/session/:se
  * exactly what the IdP needs to do.
  */
 export const ASH_CONNECTION_CALLBACK_ROUTE_PATTERN = `${ASH_ROUTE_PREFIX}/connections/:name/callback/:token`;
+/**
+ * Stable framework-owned route pattern for terminal session callbacks.
+ *
+ * The `:token` segment is an unguessable workflow hook capability. The route
+ * is unauthenticated by design and resumes the matching parked runtime action.
+ */
+export const ASH_CALLBACK_ROUTE_PATTERN = `${ASH_ROUTE_PREFIX}/callback/:token`;
 /**
  * Creates the stable framework-owned message stream route path for one session.
  */
@@ -70,3 +77,9 @@ export function createAshContinueSessionRoutePath(sessionId) {
 export function createAshConnectionCallbackRoutePath(name, token) {
     return `${ASH_ROUTE_PREFIX}/connections/${encodeURIComponent(name)}/callback/${encodeURIComponent(token)}`;
 }
+/**
+ * Creates the stable framework-owned terminal callback route path.
+ */
+export function createAshCallbackRoutePath(token) {
+    return `${ASH_ROUTE_PREFIX}/callback/${encodeURIComponent(token)}`;
+}

package/dist/src/public/channels/ash.js

@@ -1,4 +1,5 @@
 import {} from "ai";
+import { parseSessionCallback } from "#channel/session-callback.js";
 import { ASH_MESSAGE_STREAM_CONTENT_TYPE, ASH_MESSAGE_STREAM_FORMAT, ASH_MESSAGE_STREAM_VERSION, ASH_SESSION_ID_HEADER, ASH_STREAM_FORMAT_HEADER, ASH_STREAM_VERSION_HEADER, } from "#protocol/message.js";
 import { isInputResponse } from "#runtime/input/types.js";
 import { createUnauthorizedResponse } from "#public/channels/auth.js";
@@ -33,7 +34,9 @@ export function ashChannel(input) {
                 const token = `ash:${crypto.randomUUID()}`;
                 const session = await send(createSendPayload(body), {
                     auth: sessionAuth,
+                    callback: body.callback,
                     continuationToken: token,
+                    mode: body.mode,
                 });
                 return Response.json({
                     continuationToken: session.continuationToken,
@@ -143,10 +146,16 @@ function parseCreateBody(payload) {
     const modelContext = parseClientContextField(payload.clientContext);
     if (modelContext instanceof Response)
         return modelContext;
+    const callback = parseCallbackField(payload.callback);
+    if (callback instanceof Response)
+        return callback;
+    const mode = parseModeField(payload.mode);
+    if (mode instanceof Response)
+        return mode;
     if (message === undefined) {
         return Response.json({ error: "Missing or empty 'message' field.", ok: false }, { status: 400 });
     }
-    return { message, modelContext };
+    return { callback, message, mode, modelContext };
 }
 function parseContinueBody(payload) {
     const continuationToken = typeof payload.continuationToken === "string" && payload.continuationToken.length > 0
@@ -178,6 +187,21 @@ function createSendPayload(body) {
     }
     return { message: body.message, modelContext: body.modelContext };
 }
+function parseCallbackField(value) {
+    if (value === undefined)
+        return undefined;
+    const parsed = parseSessionCallback(value);
+    if (parsed.ok)
+        return parsed.callback;
+    return Response.json({ error: parsed.message, ok: false }, { status: 400 });
+}
+function parseModeField(value) {
+    if (value === undefined)
+        return undefined;
+    if (value === "conversation" || value === "task")
+        return value;
+    return Response.json({ error: "Expected 'mode' to be either 'conversation' or 'task'.", ok: false }, { status: 400 });
+}
 function parseMessageField(value) {
     if (value === undefined)
         return undefined;

package/dist/src/public/channels/discord/api.d.ts

@@ -0,0 +1,99 @@
+/**
+ * Minimal Discord REST API wrapper used by the Discord channel.
+ *
+ * The channel talks directly to Discord's JSON HTTP API instead of
+ * exposing a third-party SDK through Ash public surfaces.
+ */
+import { type JsonObject } from "#shared/json.js";
+import { resolveDiscordPublicKey, type DiscordPublicKey } from "#public/channels/discord/verify.js";
+/** Discord application id, materialized directly or from an async secret provider. */
+export type DiscordApplicationId = string | (() => string | Promise<string>);
+/** Discord bot token, materialized directly or from an async secret provider. */
+export type DiscordBotToken = string | (() => string | Promise<string>);
+/** Fetch implementation override used by tests or non-standard runtimes. */
+export type DiscordFetch = typeof fetch;
+/** Credentials used by the native Discord channel. */
+export interface DiscordCredentials {
+    readonly applicationId?: DiscordApplicationId;
+    readonly botToken?: DiscordBotToken;
+    readonly publicKey?: DiscordPublicKey;
+}
+/** Shared Discord API options. */
+export interface DiscordApiOptions {
+    readonly apiBaseUrl?: string;
+    readonly credentials?: DiscordCredentials;
+    readonly fetch?: DiscordFetch;
+}
+/** Raw Discord API response body. */
+export interface DiscordApiResponse {
+    readonly status: number;
+    readonly ok: boolean;
+    readonly body: unknown;
+}
+/** Minimal Discord message object returned by channel write operations. */
+export interface DiscordPostedMessage {
+    /** Discord message id, when Discord returned one. */
+    readonly id: string;
+    /** Channel id associated with the message, when Discord returned one. */
+    readonly channelId?: string;
+    /** Discord's raw JSON response. */
+    readonly raw: unknown;
+}
+/** Allowed mentions payload that suppresses all generated pings. */
+export declare const DISCORD_NO_MENTIONS: JsonObject;
+/** Discord's documented message-content cap. */
+export declare const DISCORD_MESSAGE_CONTENT_MAX_LENGTH = 2000;
+/** Builds the channel-local continuation token (`<channelId>:<conversationId>`). */
+export declare function discordContinuationToken(channelId: string, conversationId: string | undefined): string;
+/** Resolves a Discord application id, falling back to `DISCORD_APPLICATION_ID`. */
+export declare function resolveDiscordApplicationId(applicationId?: DiscordApplicationId): Promise<string>;
+/** Resolves a Discord bot token, falling back to `DISCORD_BOT_TOKEN`. */
+export declare function resolveDiscordBotToken(botToken?: DiscordBotToken): Promise<string>;
+/** Resolves a Discord public key, falling back to `DISCORD_PUBLIC_KEY`. */
+export { resolveDiscordPublicKey };
+/**
+ * Low-level Discord JSON API call. Bot-token auth is included only when
+ * a token is supplied; interaction webhook endpoints intentionally run
+ * without bot auth.
+ */
+export declare function callDiscordApi(input: {
+    readonly apiBaseUrl?: string;
+    readonly body?: JsonObject;
+    readonly botToken?: DiscordBotToken;
+    readonly fetch?: DiscordFetch;
+    readonly method?: "DELETE" | "GET" | "PATCH" | "POST" | "PUT";
+    readonly path: string;
+}): Promise<DiscordApiResponse>;
+/** Sends a bot-authenticated message to one Discord channel. */
+export declare function sendDiscordChannelMessage(input: DiscordApiOptions & {
+    readonly body: DiscordMessageBody;
+    readonly channelId: string;
+}): Promise<DiscordPostedMessage>;
+/** Triggers Discord's short-lived channel typing indicator with bot auth. */
+export declare function triggerDiscordTypingIndicator(input: DiscordApiOptions & {
+    readonly channelId: string;
+}): Promise<void>;
+/** Edits the original response for a deferred Discord interaction. */
+export declare function editDiscordOriginalResponse(input: DiscordApiOptions & {
+    readonly body: DiscordMessageBody;
+    readonly interactionToken: string;
+}): Promise<DiscordPostedMessage>;
+/** Creates a Discord interaction followup message. */
+export declare function createDiscordFollowupMessage(input: DiscordApiOptions & {
+    readonly body: DiscordMessageBody;
+    readonly interactionToken: string;
+}): Promise<DiscordPostedMessage>;
+/** JSON body supported by Discord message endpoints used by Ash. */
+export interface DiscordMessageBody {
+    readonly allowed_mentions?: Readonly<Record<string, unknown>>;
+    readonly components?: readonly Readonly<Record<string, unknown>>[];
+    readonly content?: string;
+    readonly flags?: number;
+    readonly tts?: boolean;
+}
+/**
+ * Splits text into chunks Discord will accept as individual message
+ * contents. Empty strings produce one empty chunk so callers can still
+ * decide how to handle a no-content message.
+ */
+export declare function splitDiscordMessageContent(content: string): readonly string[];

package/dist/src/public/channels/discord/api.js

@@ -0,0 +1,167 @@
+/**
+ * Minimal Discord REST API wrapper used by the Discord channel.
+ *
+ * The channel talks directly to Discord's JSON HTTP API instead of
+ * exposing a third-party SDK through Ash public surfaces.
+ */
+import { parseJsonObject } from "#shared/json.js";
+import { isObject } from "#shared/guards.js";
+import { resolveDiscordPublicKey } from "#public/channels/discord/verify.js";
+/** Allowed mentions payload that suppresses all generated pings. */
+export const DISCORD_NO_MENTIONS = { parse: [] };
+/** Discord's documented message-content cap. */
+export const DISCORD_MESSAGE_CONTENT_MAX_LENGTH = 2000;
+/** Builds the channel-local continuation token (`<channelId>:<conversationId>`). */
+export function discordContinuationToken(channelId, conversationId) {
+    return `${channelId}:${conversationId ?? ""}`;
+}
+/** Resolves a Discord application id, falling back to `DISCORD_APPLICATION_ID`. */
+export async function resolveDiscordApplicationId(applicationId) {
+    const source = applicationId ?? process.env.DISCORD_APPLICATION_ID;
+    if (!source)
+        throw new Error("DISCORD_APPLICATION_ID is required.");
+    return typeof source === "function" ? await source() : source;
+}
+/** Resolves a Discord bot token, falling back to `DISCORD_BOT_TOKEN`. */
+export async function resolveDiscordBotToken(botToken) {
+    const source = botToken ?? process.env.DISCORD_BOT_TOKEN;
+    if (!source)
+        throw new Error("DISCORD_BOT_TOKEN is required.");
+    return typeof source === "function" ? await source() : source;
+}
+/** Resolves a Discord public key, falling back to `DISCORD_PUBLIC_KEY`. */
+export { resolveDiscordPublicKey };
+/**
+ * Low-level Discord JSON API call. Bot-token auth is included only when
+ * a token is supplied; interaction webhook endpoints intentionally run
+ * without bot auth.
+ */
+export async function callDiscordApi(input) {
+    const apiFetch = input.fetch ?? fetch;
+    const headers = new Headers();
+    headers.set("content-type", "application/json; charset=utf-8");
+    if (input.botToken !== undefined) {
+        const token = await resolveDiscordBotToken(input.botToken);
+        headers.set("authorization", `Bot ${token}`);
+    }
+    const init = {
+        headers,
+        method: input.method ?? "POST",
+    };
+    if (input.body !== undefined) {
+        init.body = JSON.stringify(parseJsonObject(input.body));
+    }
+    const response = await apiFetch(`${input.apiBaseUrl ?? "https://discord.com/api/v10"}${input.path}`, init);
+    return {
+        body: await parseResponseBody(response),
+        ok: response.ok,
+        status: response.status,
+    };
+}
+/** Sends a bot-authenticated message to one Discord channel. */
+export async function sendDiscordChannelMessage(input) {
+    const response = await callDiscordApi({
+        apiBaseUrl: input.apiBaseUrl,
+        body: normalizeMessageBody(input.body),
+        botToken: input.credentials?.botToken,
+        fetch: input.fetch,
+        path: `/channels/${encodeURIComponent(input.channelId)}/messages`,
+    });
+    if (!response.ok) {
+        throw new Error(`Discord create message failed with HTTP ${response.status}.`);
+    }
+    return toPostedMessage(response.body);
+}
+/** Triggers Discord's short-lived channel typing indicator with bot auth. */
+export async function triggerDiscordTypingIndicator(input) {
+    const response = await callDiscordApi({
+        apiBaseUrl: input.apiBaseUrl,
+        botToken: input.credentials?.botToken,
+        fetch: input.fetch,
+        path: `/channels/${encodeURIComponent(input.channelId)}/typing`,
+    });
+    if (!response.ok) {
+        throw new Error(`Discord typing indicator failed with HTTP ${response.status}.`);
+    }
+}
+/** Edits the original response for a deferred Discord interaction. */
+export async function editDiscordOriginalResponse(input) {
+    const applicationId = await resolveDiscordApplicationId(input.credentials?.applicationId);
+    const response = await callDiscordApi({
+        apiBaseUrl: input.apiBaseUrl,
+        body: normalizeMessageBody(input.body),
+        fetch: input.fetch,
+        method: "PATCH",
+        path: `/webhooks/${encodeURIComponent(applicationId)}/${encodeURIComponent(input.interactionToken)}/messages/@original`,
+    });
+    if (!response.ok) {
+        throw new Error(`Discord edit original response failed with HTTP ${response.status}.`);
+    }
+    return toPostedMessage(response.body);
+}
+/** Creates a Discord interaction followup message. */
+export async function createDiscordFollowupMessage(input) {
+    const applicationId = await resolveDiscordApplicationId(input.credentials?.applicationId);
+    const response = await callDiscordApi({
+        apiBaseUrl: input.apiBaseUrl,
+        body: normalizeMessageBody(input.body),
+        fetch: input.fetch,
+        path: `/webhooks/${encodeURIComponent(applicationId)}/${encodeURIComponent(input.interactionToken)}`,
+    });
+    if (!response.ok) {
+        throw new Error(`Discord followup message failed with HTTP ${response.status}.`);
+    }
+    return toPostedMessage(response.body);
+}
+/**
+ * Splits text into chunks Discord will accept as individual message
+ * contents. Empty strings produce one empty chunk so callers can still
+ * decide how to handle a no-content message.
+ */
+export function splitDiscordMessageContent(content) {
+    if (content.length <= DISCORD_MESSAGE_CONTENT_MAX_LENGTH)
+        return [content];
+    const chunks = [];
+    let rest = content;
+    while (rest.length > DISCORD_MESSAGE_CONTENT_MAX_LENGTH) {
+        let cut = rest.lastIndexOf("\n", DISCORD_MESSAGE_CONTENT_MAX_LENGTH);
+        if (cut <= 0) {
+            cut = rest.lastIndexOf(" ", DISCORD_MESSAGE_CONTENT_MAX_LENGTH);
+        }
+        if (cut <= 0)
+            cut = DISCORD_MESSAGE_CONTENT_MAX_LENGTH;
+        chunks.push(rest.slice(0, cut).trimEnd());
+        rest = rest.slice(cut).trimStart();
+    }
+    chunks.push(rest);
+    return chunks;
+}
+function normalizeMessageBody(body) {
+    const normalized = { ...body };
+    if (normalized.allowed_mentions === undefined) {
+        normalized.allowed_mentions = DISCORD_NO_MENTIONS;
+    }
+    return parseJsonObject(normalized);
+}
+function toPostedMessage(body) {
+    const raw = parseMaybeObject(body);
+    return {
+        channelId: typeof raw.channel_id === "string" ? raw.channel_id : undefined,
+        id: typeof raw.id === "string" ? raw.id : "",
+        raw: body,
+    };
+}
+function parseMaybeObject(value) {
+    return isObject(value) ? value : {};
+}
+async function parseResponseBody(response) {
+    const text = await response.text();
+    if (!text)
+        return null;
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return text;
+    }
+}

package/dist/src/public/channels/discord/defaults.d.ts

@@ -0,0 +1,9 @@
+import type { SessionAuthContext } from "#channel/types.js";
+import type { DiscordCommandInteraction } from "#public/channels/discord/inbound.js";
+import type { DiscordChannelEvents, DiscordCommandResult, DiscordContext } from "#public/channels/discord/discordChannel.js";
+/** Default auth projection for Discord interaction actors. */
+export declare function defaultDiscordAuth(interaction: DiscordCommandInteraction): SessionAuthContext;
+/** Default command hook: dispatch with Discord user auth. */
+export declare function defaultOnCommand(_ctx: DiscordContext, interaction: DiscordCommandInteraction): DiscordCommandResult;
+/** Built-in Discord event handlers for typing, replies, HITL, and terminal errors. */
+export declare const defaultEvents: DiscordChannelEvents;

package/dist/src/public/channels/discord/defaults.js

@@ -0,0 +1,74 @@
+import { extractErrorId, formatErrorHint } from "#internal/logging.js";
+import { splitDiscordMessageContent } from "#public/channels/discord/api.js";
+import { renderInputRequestComponents } from "#public/channels/discord/hitl.js";
+/** Default auth projection for Discord interaction actors. */
+export function defaultDiscordAuth(interaction) {
+    const attributes = {
+        channel_id: interaction.channelId,
+        interaction_id: interaction.id,
+        user_id: interaction.user.id,
+        username: interaction.user.username,
+    };
+    if (interaction.guildId !== undefined)
+        attributes.guild_id = interaction.guildId;
+    if (interaction.member?.nick !== undefined)
+        attributes.member_nick = interaction.member.nick;
+    const issuer = interaction.guildId ? `discord:${interaction.guildId}` : "discord";
+    const principalId = interaction.guildId
+        ? `discord:${interaction.guildId}:${interaction.user.id}`
+        : `discord:${interaction.user.id}`;
+    return {
+        attributes,
+        authenticator: "discord-interaction",
+        issuer,
+        principalId,
+        principalType: interaction.user.isBot ? "service" : "user",
+    };
+}
+/** Default command hook: dispatch with Discord user auth. */
+export function defaultOnCommand(_ctx, interaction) {
+    return { auth: defaultDiscordAuth(interaction) };
+}
+/** Built-in Discord event handlers for typing, replies, HITL, and terminal errors. */
+export const defaultEvents = {
+    async "turn.started"(_event, ctx) {
+        await ctx.discord.startTyping();
+    },
+    async "actions.requested"(_event, ctx) {
+        await ctx.discord.startTyping();
+    },
+    async "input.requested"(event, ctx) {
+        for (const request of event.requests) {
+            const content = splitDiscordMessageContent(request.prompt)[0] ?? request.prompt;
+            await ctx.discord.post({
+                components: renderInputRequestComponents(request),
+                content,
+            });
+        }
+    },
+    async "message.completed"(event, ctx) {
+        if (event.finishReason === "tool-calls" || !event.message)
+            return;
+        await ctx.discord.post(event.message);
+    },
+    async "session.failed"(event, ctx) {
+        const hint = formatErrorHint(event);
+        const errorId = extractErrorId(event.details);
+        await ctx.discord.post([
+            `This session could not recover from an error${hint}.`,
+            "",
+            "Start a new command to continue.",
+            ...(errorId ? ["", `Error id: ${errorId}`] : []),
+        ].join("\n"));
+    },
+    async "turn.failed"(event, ctx) {
+        const hint = formatErrorHint(event);
+        const errorId = extractErrorId(event.details);
+        await ctx.discord.post([
+            `I hit an error while handling your request${hint}.`,
+            "",
+            "Please try again, rephrase, or reach out if it keeps failing.",
+            ...(errorId ? ["", `Error id: ${errorId}`] : []),
+        ].join("\n"));
+    },
+};