npm - experimental-ash - Versions diffs - 0.28.1 → 0.30.0 - Mend

experimental-ash 0.28.1 → 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,45 @@
 # experimental-ash
+## 0.30.0
+### Minor Changes
+- e2bb3b9: Move durable `HarnessSession` snapshots out of every Workflow step
+  boundary into a per-driver-run `ash.session` stream wrapped in a
+  versioned `DurableSessionSnapshot`. Step inputs, step results, workflow
+  inputs, and hook payloads carry a small `DurableSessionState` — identity,
+  the closed-contract `hasProxyInputRequests` short-circuit, and the
+  `emissionState` projection workflow-body orchestrators (eg.
+  await-authorization) use to stamp protocol events without taking an
+  extra step boundary — and each session-mutating step returns a closed
+  `NextDriverAction` union (`done` | `park` | `dispatch-runtime-actions`)
+  the driver dispatches on without inspecting session shape. The persisted
+  snapshot is narrowed to the durable subset — `agent.modelReference`,
+  `agent.tools`, and compaction thresholds are rebuilt every turn from the
+  latest bundle rather than baked into every chunk. Together these changes
+  eliminate quadratic event-log growth, set up a stable cross-version
+  contract so a pinned older driver can dispatch sessions whose latest
+  code has added new optional fields, and reserve a `version` discriminator
+  (plus a version-walking migration framework) for future shape changes.
+  The harness `StepFn` contract is unchanged.
+### Patch Changes
+- e9052aa: Fix `ash dev` returning 401 when run inside `vercel dev`. The framework's
+  default auth resolvers for the ash channel and the `/__ash/info`
+  endpoint previously gated on `process.env.VERCEL` alone, but `vercel
+dev` inherits `VERCEL=1` into child processes while the REPL strips
+  auth on loopback URLs, producing a 401. Both resolvers now also require
+  `VERCEL_ENV !== "development"` before defaulting to `vercelOidc()`, so
+  local dev under `vercel dev` falls through to `none()` and the REPL
+  talks to the dev server.
+## 0.29.0
+### Minor Changes
+- 514f981: Add `ash start` for serving built Nitro output and switch smoke test helpers to run against `ash build` plus `ash start` by default.
 ## 0.28.1
 ### Patch Changes

package/README.md CHANGED Viewed

@@ -116,6 +116,7 @@ CLI commands:
 - `ash info` — discovery results and compiled artifacts
 - `ash build` — compile `.ash/` and build the host output
+- `ash start` — serve the built `.output/` app
 - `ash dev` — start the local runtime and REPL
 ## Deploying

package/dist/docs/public/cli-build-and-debugging.md CHANGED Viewed

@@ -11,6 +11,7 @@ From your app root:
 - `ash info` - inspect the discovered authored surface and runtime details
 - `ash build` - compile `.ash/` artifacts and build the host output
+- `ash start` - serve the built `.output/` app
 - `ash dev` - start the local runtime and open the REPL
 - `ash eval` - run eval suites against the current app or a remote target
@@ -22,6 +23,7 @@ For most work:
 2. run `ash info` when you want to confirm discovery or diagnostics
 3. run `ash dev` while iterating locally
 4. run `ash build` before shipping
+5. run `ash start` when you want to smoke-test the built output locally
 When `ash build` fails due to discovery errors, the CLI now prints the full discovery diagnostics
 report (severity, message, source path) and the diagnostics artifact path.

package/dist/docs/public/getting-started.md CHANGED Viewed

@@ -88,6 +88,7 @@ Useful commands:
 - `ash info`: show the active routes and compiled artifacts
 - `ash build`: compile the agent into `.ash/` and build the host output
+- `ash start`: serve the built `.output/` app
 - `ash dev`: start the local runtime and open the REPL
 ## Send A Message

package/dist/src/cli/run.d.ts CHANGED Viewed

@@ -6,6 +6,11 @@ interface DevelopmentServerHandle {
     readonly url: string;
     close(): Promise<void>;
 }
+interface ProductionServerHandle {
+    readonly url: string;
+    close(): Promise<void>;
+    wait(): Promise<void>;
+}
 interface CliRuntimeDependencies {
     buildHost(appRoot: string): Promise<string>;
     printApplicationInfo(logger: CliLogger, appRoot: string): Promise<void>;
@@ -18,6 +23,10 @@ interface CliRuntimeDependencies {
         port?: number;
         schedules?: boolean;
     }): Promise<DevelopmentServerHandle>;
+    startProductionHost(appRoot: string, options?: {
+        host?: string;
+        port?: number;
+    }): Promise<ProductionServerHandle>;
 }
 type CliRuntimeOverrides = Partial<CliRuntimeDependencies>;
 interface EvalCliOptions {

package/dist/src/cli/run.js CHANGED Viewed

@@ -1,3 +1,3 @@
-import{createCliTheme,renderCliTaggedLine}from"#cli/ui/output.js";import{Command,CommanderError,InvalidArgumentError}from"#compiled/commander/index.js";import{resolveApplicationRoot}from"#internal/application/paths.js";import{resolveInstalledPackageInfo}from"#internal/application/package.js";import{parseDevelopmentServerUrl}from"#cli/dev/url.js";async function loadBuildHost(){return(await import(`#internal/nitro/host.js`)).buildApplication}async function loadPrintApplicationInfo(){return(await import(`#cli/commands/info.js`)).printApplicationInfo}async function loadRunDevelopmentRepl(){return(await import(`#cli/dev/repl.js`)).runDevelopmentRepl}async function loadRunEvalCommand(){return(await import(`#evals/cli/eval.js`)).runEvalCommand}async function loadStartHost(){return(await import(`#internal/nitro/host.js`)).startDevelopmentServer}function shouldPrintCliBootBanner(e){return e.name()===`info`||e.name()===`dev`}async function waitForShutdownSignal(e){await new Promise((t,n)=>{let r=!1,cleanup=()=>{process.off(`SIGINT`,handleSignal),process.off(`SIGTERM`,handleSignal)},handleSignal=()=>{r||(r=!0,cleanup(),e.close().then(t,n))};process.once(`SIGINT`,handleSignal),process.once(`SIGTERM`,handleSignal)})}function parsePortOption(e){if(!/^-?\d+$/.test(e))throw new InvalidArgumentError(`Expected a numeric port, received "${e}".`);let t=Number(e);if(t<0||t>65535)throw new InvalidArgumentError(`Expected a port between 0 and 65535, received "${e}".`);return t}function hasInteractiveTerminal(){return!!(process.stdin.isTTY&&process.stdout.isTTY)}function rewriteDevelopmentUrlShorthand(e){let t=e[1];return e[0]!==`dev`||e.length!==2||t===void 0||t.startsWith(`-`)?[...e]:[`dev`,`--url`,t]}function resolveRemoteDevelopmentServerUrl(e){if(e.url){if(e.host!==void 0)throw new InvalidArgumentError(`The --host option cannot be used with --url.`);if(e.port!==void 0)throw new InvalidArgumentError(`The --port option cannot be used with --url.`);if(e.repl===!1)throw new InvalidArgumentError(`The --no-repl option cannot be used with --url.`);return e.url}}function createCliProgram(r,i){let c=resolveApplicationRoot(),l=resolveInstalledPackageInfo().version,u=new Command,d=createCliTheme();u.name(`ash`).description(`Build and run an Ash application.`).version(l).showHelpAfterError().exitOverride().hook(`preAction`,(e,t)=>{shouldPrintCliBootBanner(t)&&r.log(`Ash (v${l})`)}).configureOutput({writeErr:e=>{r.error(e.trimEnd())},writeOut:e=>{r.log(e.trimEnd())}});let f=u.command(`channels`).description(`Manage user-authored channels in the current project.`);return f.command(`add [kind]`).description(`Scaffold a channel (slack) into the current project.`).option(`-f, --force`,`Overwrite existing channel files`).action(async(e,t)=>{let{runChannelsAddCommand:n}=await import(`#cli/commands/channels.js`);await n(r,c,{kind:e,options:t})}),f.command(`list`).description(`List user-authored channels in the current project.`).option(`--json`,`Output as JSON`).action(async e=>{let{runChannelsListCommand:t}=await import(`#cli/commands/channels.js`);await t(r,c,e)}),u.command(`build`).description(`Build the current Ash application.`).action(async()=>{let{loadDevelopmentEnvironmentFiles:e}=await import(`#cli/dev/environment.js`);e(c);let n=await(i.buildHost??await loadBuildHost())(c);r.log(renderCliTaggedLine(d,{message:`built output at ${n}`,tag:`build`,tone:`success`}))}),u.command(`dev`).description(`Start the Ash development server or connect the REPL to an existing URL.`).option(`--host <host>`,`Host interface to bind`).option(`--no-repl`,`Start the server without the interactive REPL`).option(`--port <port>`,`Port to listen on (defaults to $PORT, then 3000)`,parsePortOption).option(`--schedules`,`Run scheduled tasks during development (off by default)`).option(`-u, --url <url>`,`Connect the REPL to an existing server URL`,parseDevelopmentServerUrl).addHelpText(`after`,`
+import{createCliTheme,renderCliTaggedLine}from"#cli/ui/output.js";import{Command,CommanderError,InvalidArgumentError}from"#compiled/commander/index.js";import{resolveApplicationRoot}from"#internal/application/paths.js";import{resolveInstalledPackageInfo}from"#internal/application/package.js";import{parseDevelopmentServerUrl}from"#cli/dev/url.js";async function loadBuildHost(){return(await import(`#internal/nitro/host.js`)).buildApplication}async function loadPrintApplicationInfo(){return(await import(`#cli/commands/info.js`)).printApplicationInfo}async function loadRunDevelopmentRepl(){return(await import(`#cli/dev/repl.js`)).runDevelopmentRepl}async function loadRunEvalCommand(){return(await import(`#evals/cli/eval.js`)).runEvalCommand}async function loadStartHost(){return(await import(`#internal/nitro/host.js`)).startDevelopmentServer}async function loadStartProductionHost(){return(await import(`#internal/nitro/host.js`)).startProductionServer}function shouldPrintCliBootBanner(e){return e.name()===`info`||e.name()===`dev`}async function waitForShutdownSignal(e){await new Promise((t,n)=>{let r=!1,cleanup=()=>{process.off(`SIGINT`,handleSignal),process.off(`SIGTERM`,handleSignal)},handleSignal=()=>{r||(r=!0,cleanup(),e.close().then(t,n))};process.once(`SIGINT`,handleSignal),process.once(`SIGTERM`,handleSignal)})}async function waitForProductionServer(e){await Promise.race([e.wait(),waitForShutdownSignal({close:()=>e.close()})])}function parsePortOption(e){if(!/^-?\d+$/.test(e))throw new InvalidArgumentError(`Expected a numeric port, received "${e}".`);let t=Number(e);if(t<0||t>65535)throw new InvalidArgumentError(`Expected a port between 0 and 65535, received "${e}".`);return t}function hasInteractiveTerminal(){return!!(process.stdin.isTTY&&process.stdout.isTTY)}function rewriteDevelopmentUrlShorthand(e){let t=e[1];return e[0]!==`dev`||e.length!==2||t===void 0||t.startsWith(`-`)?[...e]:[`dev`,`--url`,t]}function resolveRemoteDevelopmentServerUrl(e){if(e.url){if(e.host!==void 0)throw new InvalidArgumentError(`The --host option cannot be used with --url.`);if(e.port!==void 0)throw new InvalidArgumentError(`The --port option cannot be used with --url.`);if(e.repl===!1)throw new InvalidArgumentError(`The --no-repl option cannot be used with --url.`);return e.url}}function createCliProgram(r,i){let c=resolveApplicationRoot(),l=resolveInstalledPackageInfo().version,u=new Command,d=createCliTheme();u.name(`ash`).description(`Build and run an Ash application.`).version(l).showHelpAfterError().exitOverride().hook(`preAction`,(e,t)=>{shouldPrintCliBootBanner(t)&&r.log(`Ash (v${l})`)}).configureOutput({writeErr:e=>{r.error(e.trimEnd())},writeOut:e=>{r.log(e.trimEnd())}});let f=u.command(`channels`).description(`Manage user-authored channels in the current project.`);return f.command(`add [kind]`).description(`Scaffold a channel (slack) into the current project.`).option(`-f, --force`,`Overwrite existing channel files`).action(async(e,t)=>{let{runChannelsAddCommand:n}=await import(`#cli/commands/channels.js`);await n(r,c,{kind:e,options:t})}),f.command(`list`).description(`List user-authored channels in the current project.`).option(`--json`,`Output as JSON`).action(async e=>{let{runChannelsListCommand:t}=await import(`#cli/commands/channels.js`);await t(r,c,e)}),u.command(`build`).description(`Build the current Ash application.`).action(async()=>{let{loadDevelopmentEnvironmentFiles:e}=await import(`#cli/dev/environment.js`);e(c);let n=await(i.buildHost??await loadBuildHost())(c);r.log(renderCliTaggedLine(d,{message:`built output at ${n}`,tag:`build`,tone:`success`}))}),u.command(`start`).description(`Start a built Ash application.`).option(`--host <host>`,`Host interface to bind`).option(`--port <port>`,`Port to listen on (defaults to $PORT, then 3000)`,parsePortOption).action(async e=>{let{loadDevelopmentEnvironmentFiles:n}=await import(`#cli/dev/environment.js`);n(c);let a=await(i.startProductionHost??await loadStartProductionHost())(c,{host:e.host,port:e.port});r.log(renderCliTaggedLine(d,{message:`server listening at ${a.url}`,tag:`start`,tone:`success`})),await waitForProductionServer(a)}),u.command(`dev`).description(`Start the Ash development server or connect the REPL to an existing URL.`).option(`--host <host>`,`Host interface to bind`).option(`--no-repl`,`Start the server without the interactive REPL`).option(`--port <port>`,`Port to listen on (defaults to $PORT, then 3000)`,parsePortOption).option(`--schedules`,`Run scheduled tasks during development (off by default)`).option(`-u, --url <url>`,`Connect the REPL to an existing server URL`,parseDevelopmentServerUrl).addHelpText(`after`,`
 You can also pass a bare URL as the only argument, for example: ash dev https://example.com
 `).action(async e=>{let n=resolveRemoteDevelopmentServerUrl(e),{loadDevelopmentEnvironmentFiles:a}=await import(`#cli/dev/environment.js`);if(a(c),n){if(r.log(renderCliTaggedLine(d,{message:`REPL connecting to ${n}`,tag:`dev`,tone:`info`})),!hasInteractiveTerminal()){r.log(renderCliTaggedLine(d,{message:`Interactive REPL disabled because the current terminal is not a TTY.`,tag:`dev`,tone:`warning`}));return}r.log(``),await(i.runDevelopmentRepl??await loadRunDevelopmentRepl())({serverUrl:n});return}let o=await(i.startHost??await loadStartHost())(c,{host:e.host,port:e.port,schedules:e.schedules===!0}),s=!1,closeServer=async()=>{s||(s=!0,await o.close())};try{if(r.log(renderCliTaggedLine(d,{message:`server listening at ${o.url}`,tag:`dev`,tone:`success`})),e.repl===!1)return await waitForShutdownSignal({close:closeServer});if(!hasInteractiveTerminal())return r.log(renderCliTaggedLine(d,{message:`Interactive REPL disabled because the current terminal is not a TTY.`,tag:`dev`,tone:`warning`})),await waitForShutdownSignal({close:closeServer});r.log(``),await(i.runDevelopmentRepl??await loadRunDevelopmentRepl())({serverUrl:o.url})}finally{await closeServer()}}),u.command(`info`).description(`Print resolved application information.`).action(async()=>{await(i.printApplicationInfo??await loadPrintApplicationInfo())(r,c)}),u.command(`eval`).description(`Run eval suites against an Ash agent.`).option(`--suite <id...>`,`Suite IDs to run (repeatable)`).option(`--all`,`Run all discovered suites`).option(`--url <url>`,`Remote agent URL (skip local host startup)`).option(`--timeout <ms>`,`Per-case timeout in milliseconds`).option(`--max-concurrency <n>`,`Max concurrent case executions per suite`).option(`--json`,`Output results as JSON`).option(`--skip-report`,`Skip suite-defined reporters (e.g. Braintrust)`).action(async e=>{await(i.runEvalCommand??await loadRunEvalCommand())(e,r)}),u}async function runCli(e=process.argv.slice(2),t=console,n={}){let i=createCliProgram(t,n),a=e.length===0?[`info`]:rewriteDevelopmentUrlShorthand(e);try{await i.parseAsync(a,{from:`user`})}catch(e){if(e instanceof CommanderError){if(e.exitCode===0)return;throw Error(e.message)}throw e}}export{runCli};

package/dist/src/context/hook-lifecycle.d.ts CHANGED Viewed

@@ -4,18 +4,11 @@ import type { RunMode } from "#shared/run-mode.js";
 import type { RuntimeHookRegistry } from "#runtime/hooks/registry.js";
 import type { ContextContainer } from "./container.js";
 /**
- * Outcome of dispatching the per-turn hook lifecycle.
- *
- * `proceed` carries the input — augmented with any `modelContext`
- * concatenated from `lifecycle.session` (first turn only) and
- * `lifecycle.turn` returns. The next session may also include durable
- * system-history announcements for hook-contributed skills.
- *
- * `turn-failed` indicates a `lifecycle.turn` hook threw. The dispatcher
- * has already emitted the recoverable `turn.failed` cascade
- * (`session.started` once → `turn.started` → `message.received` →
- * `step.failed` → `turn.failed` → `session.waiting`); the caller
- * lowers this outcome to a parking {@link StepResult}.
+ * Outcome of {@link dispatchHookLifecycle}. `proceed` carries the
+ * input augmented with merged `modelContext` and any hook-contributed
+ * skill announcements on the session. `turn-failed` means a
+ * `lifecycle.turn` hook threw; the recoverable `turn.failed` cascade
+ * has already been emitted.
  */
 export type HookLifecycleOutcome = {
     readonly kind: "proceed";
@@ -26,9 +19,6 @@ export type HookLifecycleOutcome = {
     readonly message: string;
     readonly nextSession: HarnessSession;
 };
-/**
- * Input for {@link dispatchHookLifecycle}.
- */
 export interface DispatchHookLifecycleInput {
     readonly ctx: ContextContainer;
     readonly registry: RuntimeHookRegistry;
@@ -39,51 +29,24 @@ export interface DispatchHookLifecycleInput {
     readonly runtimeIdentity?: RuntimeIdentity;
 }
 /**
- * Runs the per-turn hook lifecycle inside the active ALS scope and
- * returns the outcome.
- *
- * Stages:
- *
- *  1. `lifecycle.session` — runs once per durable session, gated by the
- *     framework-owned {@link SessionPreparedKey} flag. The dispatcher
- *     sets the flag **before** running the chain so a thrown hook does
- *     not retry on the next turn — `lifecycle.session` errors
- *     propagate through this function and are interpreted by the
- *     runtime as a terminal session failure (`session.failed`).
- *
- *  2. `lifecycle.turn` — runs once per fresh delivery (the caller
- *     gates dispatch with `isHarnessBetweenTurns(session)`). Each
- *     hook may return `{ modelContext, skills }`; model-context
- *     contributions are concatenated in registry order and skills are
- *     materialized into the live sandbox before the model call. A
- *     thrown hook is caught here, the recoverable `turn.failed`
- *     cascade is emitted, and the dispatcher returns
- *     `kind: "turn-failed"` so the caller can park the session.
- *
- *  Errors:
- *
- *  - `lifecycle.session` throws → re-thrown. Runtime escalates to
- *    `session.failed`.
- *  - `lifecycle.turn` throws → caught, recoverable `turn.failed`
- *    emitted, outcome `kind: "turn-failed"`. Session keeps living.
- *
- *  Stream-event hook errors are not handled here — they propagate
- *  through {@link dispatchStreamEventHooks} and are caught wherever the
- *  emit composer sits inside the harness.
+ * Runs the per-turn hook lifecycle inside the active ALS scope.
+ *
+ * - `lifecycle.session` runs once per session, gated by
+ *   {@link SessionPreparedKey}. The flag is set **before** the chain
+ *   runs so a thrown hook does not retry. A throw re-propagates and
+ *   the runtime escalates to terminal `session.failed`.
+ * - `lifecycle.turn` runs once per fresh delivery. Each hook may
+ *   return `{ modelContext, skills }`; model-context contributions
+ *   are concatenated in registry order, skills are materialized into
+ *   the sandbox. A thrown hook emits the recoverable `turn.failed`
+ *   cascade and returns `kind: "turn-failed"`.
  */
 export declare function dispatchHookLifecycle(input: DispatchHookLifecycleInput): Promise<HookLifecycleOutcome>;
 /**
- * Fans one runtime stream event out to every matching subscriber on the
- * registry.
- *
- * Errors propagate out of this function. The harness's emit composer
- * is the natural caller; existing harness error paths catch propagated
- * exceptions and emit the recoverable `turn.failed` cascade. If a
- * hook subscribed to a failure-cascade event itself throws, the
- * outer runtime escalates to `session.failed`.
- *
- * Caller is responsible for running this inside an active ALS scope so
- * hook code can read the same context the rest of the step sees.
+ * Fans one runtime stream event out to every matching subscriber.
+ * Errors propagate — harness error paths convert them into the
+ * recoverable `turn.failed` cascade. Caller must hold an active ALS
+ * scope so hooks see the same context as the rest of the step.
  */
 export declare function dispatchStreamEventHooks(input: {
     readonly ctx: ContextContainer;
@@ -91,15 +54,8 @@ export declare function dispatchStreamEventHooks(input: {
     readonly event: HandleMessageStreamEvent;
 }): Promise<void>;
 /**
- * Runtime adapter on top of {@link dispatchHookLifecycle}: runs the
- * per-turn hook lifecycle, lowers a `turn-failed` outcome into a
- * parking {@link StepResult}, and otherwise hands off to `body` with
- * the (possibly augmented) input.
- *
- * The `Step` suffix signals the return type — both runtime entry points
- * call this from inside their `runStep` callback so the
- * recoverable-failure-to-`StepResult` mapping lives in one place.
- *
- * Caller must already be inside the active ALS scope.
+ * Runs the per-turn hook lifecycle, lowers a `turn-failed` outcome
+ * into a parking {@link StepResult}, and otherwise hands off to
+ * `body` with the (possibly augmented) input.
  */
 export declare function runHookLifecycleStep(input: DispatchHookLifecycleInput, body: (session: HarnessSession, input: StepInput) => Promise<StepResult>): Promise<StepResult>;

package/dist/src/context/hook-lifecycle.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{ContinuationTokenKey,SandboxKey,SessionIdKey,SessionPreparedKey}from"./keys.js";import{createLogger}from"#internal/logging.js";import{toErrorMessage}from"#shared/errors.js";import{normalizeSkillPackage,writeSkillPackageToSandbox}from"#shared/skill-package.js";import{getAdapterKind}from"#channel/adapter.js";import{emitRecoverableFailedTurn,emitTurnPreamble,getHarnessEmissionState,setHarnessEmissionState}from"#harness/emission.js";import{formatAvailableSkillsSection}from"#execution/skills/instructions.js";import{BundleKey,ChannelKey}from"#runtime/sessions/runtime-context-keys.js";const log=createLogger(`hooks.lifecycle`);async function dispatchHookLifecycle(e){let{ctx:t,registry:n,emit:i}=e,o=getHarnessEmissionState(e.session),s=`turn_${o.sequence}`,c=o.sequence,l=buildHookContext(t),u={session:{sessionId:e.session.sessionId},turn:{sequence:c,turnId:s}},d=[],f=e.session;if(n.session.length>0&&t.get(SessionPreparedKey)!==!0){t.set(SessionPreparedKey,!0);let e=[];for(let r of n.session){let n=await r.handler(u,l);n?.modelContext!==void 0&&n.modelContext.length>0&&d.push(...n.modelContext),e.push(...normalizeLifecycleSkillResults(t,n))}f=await materializeLifecycleSkills(t,f,e)}let p=!1,m=o;try{let e=[];for(let r of n.turn){let n=await r.handler(u,l);n?.modelContext!==void 0&&n.modelContext.length>0&&d.push(...n.modelContext),e.push(...normalizeLifecycleSkillResults(t,n))}f=await materializeLifecycleSkills(t,f,e)}catch(t){let n=toErrorMessage(t);try{p\|\|=(m=await emitTurnPreamble(i,{message:e.input.message},o,e.runtimeIdentity),!0);let t=await emitRecoverableFailedTurn(i,m,{code:`HOOK_TURN_FAILED`,message:n});return{kind:`turn-failed`,message:n,nextSession:setHarnessEmissionState(f,t)}}catch(e){throw log.error(`Event hook threw while emitting the turn.failed cascade for a lifecycle.turn failure — escalating to session.failed.`,{error:toErrorMessage(e)}),e}}let h=e.input.modelContext??[],g=h.length===0?d:[...h,...d];return{kind:`proceed`,input:g.length>0?{...e.input,modelContext:g}:e.input,nextSession:f}}function normalizeLifecycleSkillResults(e,t){if(t?.skills===void 0\|\|t.skills.length===0)return[];let n=new Set(e.require(BundleKey).resolvedAgent.skills.map(e=>e.name)),r=new Map;for(let e of t.skills){let t=normalizeSkillPackage(e);if(n.has(t.name))throw Error(`Hook-contributed skill "${t.name}" conflicts with an authored skill.`);r.set(t.name,t)}return[...r.values()]}async function materializeLifecycleSkills(e,n,r){if(r.length===0)return n;let i=new Map(r.map(e=>[e.name,e])),a=await e.require(SandboxKey).get();if(a===null)throw Error(`Dynamic skills require a sandbox for the current agent.`);for(let e of i.values())await writeSkillPackageToSandbox({sandbox:a,skill:e});let o=formatAvailableSkillsSection([...i.values()]);return o===null?n:{...n,history:[...n.history,{role:`system`,content:o}]}}async function dispatchStreamEventHooks(e){let t=e.registry.streamEventsByType.get(e.event.type)??[],n=e.registry.streamEventsWildcard;if(t.length===0&&n.length===0)return;let r=buildHookContext(e.ctx);for(let n of t)await n.handler(e.event,r);for(let t of n)await t.handler(e.event,r)}function buildHookContext(t){let r=t.require(BundleKey),i=t.get(ChannelKey),a=t.get(ContinuationTokenKey),o=i===void 0?void 0:getAdapterKind(i);return{agent:{name:r.resolvedAgent.config.name??`agent`,nodeId:r.nodeId},channel:{kind:o,continuationToken:a},session:{sessionId:t.get(SessionIdKey)??``},ash:t}}async function runHookLifecycleStep(e,t){let n=await dispatchHookLifecycle(e);return n.kind===`turn-failed`?{next:e.mode===`conversation`?null:{done:!0,output:n.message},session:n.nextSession}:t(n.nextSession,n.input)}export{dispatchHookLifecycle,dispatchStreamEventHooks,runHookLifecycleStep};
1	+ import{ContinuationTokenKey,SandboxKey,SessionIdKey,SessionPreparedKey}from"./keys.js";import{createLogger}from"#internal/logging.js";import{toErrorMessage}from"#shared/errors.js";import{normalizeSkillPackage,writeSkillPackageToSandbox}from"#shared/skill-package.js";import{getAdapterKind}from"#channel/adapter.js";import{emitRecoverableFailedTurn,emitTurnPreamble,getHarnessEmissionState,setHarnessEmissionState}from"#harness/emission.js";import{formatAvailableSkillsSection}from"#execution/skills/instructions.js";import{BundleKey,ChannelKey}from"#runtime/sessions/runtime-context-keys.js";const log=createLogger(`hooks.lifecycle`);async function dispatchHookLifecycle(e){let{ctx:t,registry:n,emit:i}=e,o=getHarnessEmissionState(e.session.state),s=`turn_${o.sequence}`,c=o.sequence,l=buildHookContext(t),u={session:{sessionId:e.session.sessionId},turn:{sequence:c,turnId:s}},d=[],f=e.session;if(n.session.length>0&&t.get(SessionPreparedKey)!==!0){t.set(SessionPreparedKey,!0);let e=[];for(let r of n.session){let n=await r.handler(u,l);n?.modelContext!==void 0&&n.modelContext.length>0&&d.push(...n.modelContext),e.push(...normalizeLifecycleSkillResults(t,n))}f=await materializeLifecycleSkills(t,f,e)}let p=!1,m=o;try{let e=[];for(let r of n.turn){let n=await r.handler(u,l);n?.modelContext!==void 0&&n.modelContext.length>0&&d.push(...n.modelContext),e.push(...normalizeLifecycleSkillResults(t,n))}f=await materializeLifecycleSkills(t,f,e)}catch(t){let n=toErrorMessage(t);try{p\|\|=(m=await emitTurnPreamble(i,{message:e.input.message},o,e.runtimeIdentity),!0);let t=await emitRecoverableFailedTurn(i,m,{code:`HOOK_TURN_FAILED`,message:n});return{kind:`turn-failed`,message:n,nextSession:setHarnessEmissionState(f,t)}}catch(e){throw log.error(`Event hook threw while emitting the turn.failed cascade for a lifecycle.turn failure — escalating to session.failed.`,{error:toErrorMessage(e)}),e}}let h=e.input.modelContext??[],g=h.length===0?d:[...h,...d];return{kind:`proceed`,input:g.length>0?{...e.input,modelContext:g}:e.input,nextSession:f}}function normalizeLifecycleSkillResults(e,t){if(t?.skills===void 0\|\|t.skills.length===0)return[];let n=new Set(e.require(BundleKey).resolvedAgent.skills.map(e=>e.name)),r=new Map;for(let e of t.skills){let t=normalizeSkillPackage(e);if(n.has(t.name))throw Error(`Hook-contributed skill "${t.name}" conflicts with an authored skill.`);r.set(t.name,t)}return[...r.values()]}async function materializeLifecycleSkills(e,n,r){if(r.length===0)return n;let i=new Map(r.map(e=>[e.name,e])),a=await e.require(SandboxKey).get();if(a===null)throw Error(`Dynamic skills require a sandbox for the current agent.`);for(let e of i.values())await writeSkillPackageToSandbox({sandbox:a,skill:e});let o=formatAvailableSkillsSection([...i.values()]);return o===null?n:{...n,history:[...n.history,{role:`system`,content:o}]}}async function dispatchStreamEventHooks(e){let t=e.registry.streamEventsByType.get(e.event.type)??[],n=e.registry.streamEventsWildcard;if(t.length===0&&n.length===0)return;let r=buildHookContext(e.ctx);for(let n of t)await n.handler(e.event,r);for(let t of n)await t.handler(e.event,r)}function buildHookContext(t){let r=t.require(BundleKey),i=t.get(ChannelKey),a=t.get(ContinuationTokenKey),o=i===void 0?void 0:getAdapterKind(i);return{agent:{name:r.resolvedAgent.config.name??`agent`,nodeId:r.nodeId},channel:{kind:o,continuationToken:a},session:{sessionId:t.get(SessionIdKey)??``},ash:t}}async function runHookLifecycleStep(e,t){let n=await dispatchHookLifecycle(e);return n.kind===`turn-failed`?{next:e.mode===`conversation`?null:{done:!0,output:n.message},session:n.nextSession}:t(n.nextSession,n.input)}export{dispatchHookLifecycle,dispatchStreamEventHooks,runHookLifecycleStep};

package/dist/src/execution/await-authorization-orchestrator.d.ts CHANGED Viewed

@@ -1,37 +1,26 @@
 /**
- * Workflow-body orchestrator for the interactive OAuth
- * await-authorization-and-splice flow.
- *
- * The workflow body owns hook creation and waiting; model-facing side
- * effects stay inside durable steps.
+ * Workflow-body orchestrator for the interactive OAuth flow.
+ * Owns hook creation and waiting; side effects stay inside steps.
  */
-import type { HarnessSession } from "#harness/types.js";
+import type { DurableSessionSnapshot, DurableSessionState } from "#execution/durable-session-store.js";
 import type { PendingConnectionToolCall } from "#runtime/framework-tools/pending-connection-tool-calls.js";
-/**
- * Return value of {@link awaitAuthorizationAndResolve}. The workflow
- * body replaces its current session + serialized context with these
- * so the next turn step sees the spliced history and
- * cached tokens.
- */
-export interface AwaitAuthorizationResolveResult {
+export interface AwaitAuthorizationInput {
+    readonly parentWritable: WritableStream<Uint8Array>;
+    readonly pendingToolCalls: readonly PendingConnectionToolCall[];
     readonly serializedContext: Record<string, unknown>;
-    readonly session: HarnessSession;
+    readonly sessionState: DurableSessionState;
+    readonly sessionWritable: WritableStream<DurableSessionSnapshot>;
+}
+export interface AwaitAuthorizationResult {
+    readonly serializedContext: Record<string, unknown>;
+    readonly sessionState: DurableSessionState;
 }
 /**
- * Orchestrates one await-authorization-and-splice cycle for all
- * interactive-authorization connections that have pending tool calls.
- * Connections that only implement `getToken` are ignored here — they
- * surface via `drainPendingConnectionAuthorizations` on the harness
- * step boundary and rely on out-of-band auth.
+ * Orchestrates one authorization cycle for every interactive
+ * connection with pending tool calls. `getToken`-only connections
+ * are handled elsewhere via `drainPendingConnectionAuthorizations`.
  *
- * Error behaviour: one connection's failure does not block the
- * others. Connections that fail `startAuthorization` or
- * `completeAuthorization` surface a structured error result on the
- * spliced tool call rather than an exception in the workflow body.
+ * One connection's failure surfaces as a structured error result on
+ * the spliced tool call; it never aborts the workflow body.
  */
-export declare function awaitAuthorizationAndResolve(input: {
-    readonly parentWritable: WritableStream<Uint8Array>;
-    readonly pendingToolCalls: readonly PendingConnectionToolCall[];
-    readonly serializedContext: Record<string, unknown>;
-    readonly session: HarnessSession;
-}): Promise<AwaitAuthorizationResolveResult>;
+export declare function awaitAuthorizationAndResolve(input: AwaitAuthorizationInput): Promise<AwaitAuthorizationResult>;

package/dist/src/execution/await-authorization-orchestrator.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{createAshConnectionCallbackRoutePath}from"#protocol/routes.js";import{~~getHarnessEmissionState}from"#harness/emission.js";import{~~createHook,getWorkflowMetadata}from"#compiled/@workflow/core/index.js";import{completeAuthorizationForConnectionStep,emitConnectionAuthorizationPendingStep,resolvePendingToolCallsStep,startAuthorizationForConnectionStep}from"#execution/connection-auth-steps.js";async function awaitAuthorizationAndResolve(s){let c=~~getHarnessEmissionState(s.session),l=~~uniqueConnectionNames(s.pendingToolCalls);if(l.length===0)return{serializedContext:s.serializedContext,~~session~~:s.~~session~~};let u=trimTrailingSlash(getWorkflowMetadata().url),d=l.map(t=>{let r=createHook();return{connectionName:t,hook:r,webhookUrl:`${u}${createAshConnectionCallbackRoutePath(t,r.token)}`}}),f=await Promise.all(d.map(async({connectionName:e,hook:t,webhookUrl:n})=>({connectionName:e,hook:t,webhookUrl:n,start:await startAuthorizationForConnectionStep({connectionName:e,emissionState:c,parentWritable:s.parentWritable,serializedContext:s.serializedContext,webhookUrl:n})}))),p=f.flatMap(e=>e.start.ok?[{connectionName:e.connectionName,hook:e.hook,principal:e.start.principal,serializedContext:e.start.serializedContext,state:e.start.state,webhookUrl:e.webhookUrl}]:[]);p.length>0&&await emitConnectionAuthorizationPendingStep({connectionNames:p.map(e=>e.connectionName),emissionState:c,parentWritable:s.parentWritable,serializedContext:s.serializedContext});let m=await Promise.all(p.map(async({connectionName:e,hook:t,principal:n,serializedContext:r,state:i,webhookUrl:a})=>{try{let o=await awaitHookRequest(t);return{complete:await completeAuthorizationForConnectionStep({connectionName:e,emissionState:c,parentWritable:s.parentWritable,principal:n,request:o,serializedContext:r,state:i,webhookUrl:a}),connectionName:e,principal:n}}finally{t.dispose()}})),h={},g={},_={},v=[];for(let e of f)e.start.ok\|\|(_[e.connectionName]={reason:e.start.reason,retryable:!1});for(let e of m)e.complete.ok?(h[e.connectionName]=e.complete.token,g[e.connectionName]=e.principal,v.push(e.connectionName)):_[e.connectionName]={reason:e.complete.reason,retryable:e.complete.retryable};return resolvePendingToolCallsStep({failedConnections:_,parentWritable:s.parentWritable,pendingCalls:s.pendingToolCalls,principals:g,resolvedConnectionNames:v,serializedContext:s.serializedContext,~~session~~:s.~~session~~,tokens:h})}function uniqueConnectionNames(e){let t=new Set;for(let n of e){let e=n.kind===`connection-execute`?[n.connectionName]:n.connectionNames;for(let n of e)t.add(n)}return[...t]}async function awaitHookRequest(e){let t=await e[Symbol.asyncIterator]().next();if(t.done===!0\|\|t.value===void 0)throw Error(`Connection callback hook closed before delivering a request.`);return t.value}function trimTrailingSlash(e){return e.endsWith(`/`)?e.slice(0,-1):e}export{awaitAuthorizationAndResolve};
1	+ import{createAshConnectionCallbackRoutePath}from"#protocol/routes.js";import{createHook,getWorkflowMetadata}from"#compiled/@workflow/core/index.js";import{completeAuthorizationForConnectionStep,emitConnectionAuthorizationPendingStep,resolvePendingToolCallsStep,startAuthorizationForConnectionStep}from"#execution/connection-auth-steps.js";async function awaitAuthorizationAndResolve(s){let c=uniqueConnectionNames(s.pendingToolCalls);if(c.length===0)return{serializedContext:s.serializedContext,sessionState:s.sessionState};let l=s.sessionState.emissionState,u=trimTrailingSlash(getWorkflowMetadata().url),d=c.map(n=>{let r=createHook();return{connectionName:n,hook:r,webhookUrl:`${u}${createAshConnectionCallbackRoutePath(n,r.token)}`}}),f=await Promise.all(d.map(async({connectionName:e,hook:t,webhookUrl:n})=>({connectionName:e,hook:t,webhookUrl:n,start:await startAuthorizationForConnectionStep({connectionName:e,emissionState:l,parentWritable:s.parentWritable,serializedContext:s.serializedContext,webhookUrl:n})}))),p=f.flatMap(e=>e.start.ok?[{connectionName:e.connectionName,hook:e.hook,principal:e.start.principal,serializedContext:e.start.serializedContext,state:e.start.state,webhookUrl:e.webhookUrl}]:[]);p.length>0&&await emitConnectionAuthorizationPendingStep({connectionNames:p.map(e=>e.connectionName),emissionState:l,parentWritable:s.parentWritable,serializedContext:s.serializedContext});let m=await Promise.all(p.map(async({connectionName:e,hook:t,principal:n,serializedContext:i,state:a,webhookUrl:o})=>{try{let c=await awaitHookRequest(t);return{complete:await completeAuthorizationForConnectionStep({connectionName:e,emissionState:l,parentWritable:s.parentWritable,principal:n,request:c,serializedContext:i,state:a,webhookUrl:o}),connectionName:e,principal:n}}finally{t.dispose()}})),h={},g={},_={},v=[];for(let e of f)e.start.ok\|\|(_[e.connectionName]={reason:e.start.reason,retryable:!1});for(let e of m)e.complete.ok?(h[e.connectionName]=e.complete.token,g[e.connectionName]=e.principal,v.push(e.connectionName)):_[e.connectionName]={reason:e.complete.reason,retryable:e.complete.retryable};return resolvePendingToolCallsStep({failedConnections:_,parentWritable:s.parentWritable,pendingCalls:s.pendingToolCalls,principals:g,resolvedConnectionNames:v,serializedContext:s.serializedContext,sessionState:s.sessionState,sessionWritable:s.sessionWritable,tokens:h})}function uniqueConnectionNames(e){let t=new Set;for(let n of e){let e=n.kind===`connection-execute`?[n.connectionName]:n.connectionNames;for(let n of e)t.add(n)}return[...t]}async function awaitHookRequest(e){let t=await e[Symbol.asyncIterator]().next();if(t.done===!0\|\|t.value===void 0)throw Error(`Connection callback hook closed before delivering a request.`);return t.value}function trimTrailingSlash(e){return e.endsWith(`/`)?e.slice(0,-1):e}export{awaitAuthorizationAndResolve};

package/dist/src/execution/connection-auth-steps.d.ts CHANGED Viewed

@@ -2,32 +2,21 @@
  * Durable step boundaries that make up the interactive OAuth
  * await-authorization-and-splice flow.
  */
+import { type DurableSessionSnapshot, type DurableSessionState } from "#execution/durable-session-store.js";
 import type { HarnessEmissionState } from "#harness/emission.js";
-import type { HarnessSession } from "#harness/types.js";
 import type { JsonValue } from "#public/types/json.js";
 import type { AuthorizationCallbackRequest, ConnectionPrincipal, TokenResult } from "#runtime/connections/types.js";
 import { type PendingConnectionToolCall } from "#runtime/framework-tools/pending-connection-tool-calls.js";
 /**
  * Result of one `startAuthorization` step.
  *
- * On success the runtime journals
- * `{ ok: true, principal, state, serializedContext }`. The
- * `principal` is the framework-resolved {@link ConnectionPrincipal}
- * captured at `startAuthorization` time; the orchestrator carries it
- * forward so `completeAuthorization` and the post-resume retry observe
- * the same identity even when the webhook-hit session has different
- * auth. The `state` travels to the matching `completeAuthorization`
- * step. The `serializedContext` carries any channel-state mutations
- * the `connection.authorization_required` handler made (e.g. the
- * Slack base layer's tracked status-message ts) forward into the
- * matching `completeAuthorization` step so the handler can edit that
- * same surface in place.
- *
- * On failure the runtime journals `{ ok: false, reason }` and the
- * workflow body skips webhook provisioning for this connection. The
- * workflow still emits a corresponding
- * `connection.authorization_completed` event with
- * `outcome: "failed"` so channels clean up their UI.
+ * On success carries the resolved `principal`, the IdP `state`, and
+ * the post-emit `serializedContext` (so channel-state mutations made
+ * by the `connection.authorization_required` handler — eg. tracked
+ * status-message ts — survive into the matching
+ * `completeAuthorization` step). Failures emit a
+ * `connection.authorization_completed` event with `outcome: "failed"`
+ * so channels clean up their UI.
  */
 export type StartAuthorizationStepResult = {
     readonly ok: true;
@@ -39,13 +28,10 @@ export type StartAuthorizationStepResult = {
     readonly reason: string;
 };
 /**
- * Runs one connection's `startAuthorization` callback inside a durable
- * step and emits the matching `connection.authorization_required`
- * event.
- *
- * Failures are captured as {@link StartAuthorizationStepResult.ok} =
- * `false` instead of thrown, so one connection's misconfigured
- * authorization does not abort the entire authorization cycle.
+ * Runs one connection's `startAuthorization` callback and emits the
+ * matching `connection.authorization_required` event. Failures are
+ * captured as `ok: false` so one connection's misconfig does not
+ * abort the entire cycle.
  */
 export declare function startAuthorizationForConnectionStep(input: {
     readonly connectionName: string;
@@ -54,11 +40,7 @@ export declare function startAuthorizationForConnectionStep(input: {
     readonly serializedContext: Record<string, unknown>;
     readonly webhookUrl: string;
 }): Promise<StartAuthorizationStepResult>;
-/**
- * Emits the `connection.authorization_pending` event once per
- * authorization cycle, after every `authorization_required` has been
- * written.
- */
+/** Emits the cycle's single `connection.authorization_pending` event. */
 export declare function emitConnectionAuthorizationPendingStep(input: {
     readonly connectionNames: readonly string[];
     readonly emissionState: HarnessEmissionState;
@@ -68,8 +50,10 @@ export declare function emitConnectionAuthorizationPendingStep(input: {
 /**
  * Result of one `completeAuthorization` step.
  *
- * `ok: true` carries the freshly minted {@link TokenResult}; the
- * workflow caches it on the context before retrying pending tool calls.
+ * Failures default to `retryable: true` so the model can re-prompt for
+ * authorization; only explicit
+ * `ConnectionAuthorizationFailedError({ retryable: false })` opts out
+ * (canonically: user clicked "Cancel").
  */
 export type CompleteAuthorizationStepResult = {
     readonly ok: true;
@@ -77,27 +61,12 @@ export type CompleteAuthorizationStepResult = {
 } | {
     readonly ok: false;
     readonly reason: string;
-    /**
-     * When `true`, downstream pending tool calls for this connection
-     * are spliced with a soft `authorization_required` result so the
-     * model can prompt the user to retry authorization rather than
-     * treating the turn as terminally failed. This is the default
-     * for any `completeAuthorization` throw — the runtime only marks
-     * a failure as non-retryable when the author explicitly sets
-     * `ConnectionAuthorizationFailedError({ retryable: false })`
-     * (canonically: user clicked "Cancel", `reason: "access_denied"`).
-     */
     readonly retryable: boolean;
 };
 /**
- * Runs one connection's `completeAuthorization` callback inside a
- * durable step and emits the matching
- * `connection.authorization_completed` event.
- *
- * Any error surfaces as a failure result with an appropriate
- * {@link ConnectionAuthorizationOutcome}. The workflow body continues
- * even when one connection fails, so the remainder of the authorization
- * cycle still resolves.
+ * Runs one connection's `completeAuthorization` callback and emits
+ * the matching `connection.authorization_completed` event. One
+ * connection's failure does not abort the cycle.
  */
 export declare function completeAuthorizationForConnectionStep(input: {
     readonly connectionName: string;
@@ -110,15 +79,9 @@ export declare function completeAuthorizationForConnectionStep(input: {
     readonly webhookUrl: string;
 }): Promise<CompleteAuthorizationStepResult>;
 /**
- * Structured failure information for a single connection whose
- * authorization round-trip did not produce a token.
- *
- * `retryable: true` (the default for any `completeAuthorization`
- * throw) means the model should be prompted to retry authorization.
- * `retryable: false` means the failure is terminal for this turn
- * (canonically: user clicked "Cancel" on the IdP consent screen, so
- * the author threw `ConnectionAuthorizationFailedError` with
- * `{ reason: "access_denied", retryable: false }`).
+ * Structured failure for one connection's authorization round-trip.
+ * `retryable: true` lets the model re-prompt; `retryable: false` is
+ * terminal for this turn (canonically: user clicked "Cancel").
  */
 export interface ConnectionAuthorizationFailure {
     readonly reason: string;
@@ -126,9 +89,8 @@ export interface ConnectionAuthorizationFailure {
 }
 /**
  * Retries every pending tool call whose connection has a freshly
- * minted token, splices the real results over the placeholder outputs
- * in history, clears the resolved cycle's context entries, and returns
- * the new session + serialized context.
+ * minted token, splices the real results over the placeholders in
+ * history, and clears the resolved cycle's context entries.
  */
 export declare function resolvePendingToolCallsStep(input: {
     readonly failedConnections: Readonly<Record<string, ConnectionAuthorizationFailure>>;
@@ -137,9 +99,10 @@ export declare function resolvePendingToolCallsStep(input: {
     readonly principals: Readonly<Record<string, ConnectionPrincipal>>;
     readonly resolvedConnectionNames: readonly string[];
     readonly serializedContext: Record<string, unknown>;
-    readonly session: HarnessSession;
+    readonly sessionState: DurableSessionState;
+    readonly sessionWritable: WritableStream<DurableSessionSnapshot>;
     readonly tokens: Readonly<Record<string, TokenResult>>;
 }): Promise<{
     readonly serializedContext: Record<string, unknown>;
-    readonly session: HarnessSession;
+    readonly sessionState: DurableSessionState;
 }>;

package/dist/src/execution/connection-auth-steps.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{createConnectionAuthorizationCompletedEvent,createConnectionAuthorizationPendingEvent,createConnectionAuthorizationRequiredEvent,encodeMessageStreamEvent,timestampHandleMessageStreamEvent}from"#protocol/message.js";import{contextStorage}from"#context/container.js";import{callAdapterEventHandler}from"#channel/adapter.js";import{BundleKey,ChannelKey}from"#runtime/sessions/runtime-context-keys.js";import{ConnectionRegistryImpl}from"#runtime/connections/registry.js";import{ConnectionRegistryKey,executeConnectionSearch}from"#runtime/framework-tools/connection-search.js";import{getActiveRuntimeNode}from"#context/node.js";import{PendingConnectionToolCallsKey,isConnectionAuthorizationPlaceholder}from"#runtime/framework-tools/pending-connection-tool-calls.js";import{buildAdapterContext}from"#channel/adapter-context.js";import{deserializeContext,serializeContext}from"#context/serialize.js";import{isConnectionAuthorizationFailedError,isConnectionAuthorizationRequiredError}from"#public/connections/errors.js";import{writeCachedToken}from"#runtime/connections/authorization-tokens.js";import{withConnectionPrincipalOverride}from"#runtime/connections/principal-context.js";import{principalKey,resolveConnectionPrincipal}from"#runtime/connections/principal.js";import{withDefaultAuthorizationInstructions}from"#execution/authorization-challenge-defaults.js";import{splicePendingToolResults}from"#execution/await-authorization-splice.js";async function startAuthorizationForConnectionStep(t){"use step";let r=await deserializeContext(t.serializedContext),i=findConnection(r,t.connectionName);if(i?.authorization?.startAuthorization===void 0){let n=`Connection "${t.connectionName}" does not define startAuthorization.`;return await emitAuthorizationEvent(r,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:n,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:n}}let a=i.description??t.connectionName,o,s,c;try{o=resolveConnectionPrincipal(t.connectionName,i.authorization,r);let e=await i.authorization.startAuthorization({principal:o,connection:{url:i.url},callbackUrl:t.webhookUrl});s=withDefaultAuthorizationInstructions(e.challenge,t.connectionName),c=e.state}catch(n){let i=n instanceof Error?n.message:String(n);return await emitAuthorizationEvent(r,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:i,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:i}}return await emitAuthorizationEvent(r,createConnectionAuthorizationRequiredEvent({authorization:s,connectionName:t.connectionName,description:a,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId,webhookUrl:t.webhookUrl}),t.parentWritable),{ok:!0,principal:o,serializedContext:serializeContext(r),state:c}}async function emitConnectionAuthorizationPendingStep(e){"use step";e.connectionNames.length!==0&&await emitAuthorizationEvent(await deserializeContext(e.serializedContext),createConnectionAuthorizationPendingEvent({connectionNames:e.connectionNames,sequence:e.emissionState.sequence,stepIndex:e.emissionState.stepIndex,turnId:e.emissionState.turnId}),e.parentWritable)}async function completeAuthorizationForConnectionStep(t){"use step";let n=await deserializeContext(t.serializedContext),r=findConnection(n,t.connectionName);if(r?.authorization?.completeAuthorization===void 0){let r=`Connection "${t.connectionName}" does not define completeAuthorization.`;return await emitAuthorizationEvent(n,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:r,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:r,retryable:!1}}try{let i=await r.authorization.completeAuthorization({principal:t.principal,connection:{url:r.url},request:t.request,state:t.state,callbackUrl:t.webhookUrl});return await emitAuthorizationEvent(n,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`authorized`,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!0,token:i}}catch(r){let i=isConnectionAuthorizationFailedError(r)?r:null,a=i?.retryable??!0,o=i?.reason??(r instanceof Error?r.message:String(r));return await emitAuthorizationEvent(n,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:o,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:o,retryable:a}}}async function resolvePendingToolCallsStep(e){"use step";let t=await deserializeContext(e.serializedContext),n=new ConnectionRegistryImpl(getActiveRuntimeNode(t).agent?.connections??[]);t.setVirtualContext(ConnectionRegistryKey,n);for(let[n,r]of Object.entries(e.tokens)){let i=e.principals[n];if(i===void 0)throw Error(`Internal error: missing resolved principal for connection "${n}".`);writeCachedToken(t,n,principalKey(i),r)}let r={},i=new Set(e.resolvedConnectionNames);await contextStorage.run(t,()=>withConnectionPrincipalOverride(t,e.principals,async()=>{for(let t of e.pendingCalls){let a=t.kind===`connection-execute`?[t.connectionName]:t.connectionNames,o;for(let t of a){let n=e.failedConnections[t];if(n!==void 0){o={connectionName:t,...n};break}}if(o!==void 0&&t.kind===`connection-execute`){r[t.toolCallId]=o.retryable?{error:`authorization_required`,retryable:!0}:{connectionName:o.connectionName,error:`authorization_failed`,message:o.reason,retryable:!1};continue}if(!a.every(e=>i.has(e))&&t.kind===`connection-execute`){r[t.toolCallId]={error:`authorization_required`,retryable:!0};continue}try{if(t.kind===`connection-execute`){let e=await n.getClient(t.connectionName).executeTool(t.toolName,t.args);r[t.toolCallId]=normalizeToolResult(e)}else{let e=await executeConnectionSearch(t.args,{toolCallId:t.toolCallId});isConnectionAuthorizationPlaceholder(e)?r[t.toolCallId]={error:`authorization_required`,retryable:!0}:r[t.toolCallId]=normalizeToolResult(e)}}catch(e){if(isConnectionAuthorizationRequiredError(e)){r[t.toolCallId]={error:`authorization_required`,retryable:!0};continue}let n=e instanceof Error?e.message:String(e);r[t.toolCallId]={error:`tool_execution_failed`,message:n,retryable:!1}}}}));let o=splicePendingToolResults(~~e.session~~,r),s=e.pendingCalls.filter(t=>(t.kind===`connection-execute`?[t.connectionName]:t.connectionNames).some(t=>!i.has(t)&&e.failedConnections[t]===void 0));~~return t~~.set(PendingConnectionToolCallsKey,s),{serializedContext:serializeContext(t),~~session~~:o}}function findConnection(e,t){return e.get(BundleKey)===void 0?void 0:(getActiveRuntimeNode(e).agent?.connections??[]).find(e=>e.connectionName===t)}async function emitAuthorizationEvent(e,t,n){let a=e.require(ChannelKey),s=buildAdapterContext(a,e),l=await callAdapterEventHandler(a,t,s);e.set(ChannelKey,{...a,state:{...s.state}});let u=n.getWriter();try{await u.write(encodeMessageStreamEvent(timestampHandleMessageStreamEvent(l)))}finally{u.releaseLock()}}function normalizeToolResult(e){if(e===void 0)return null;try{return JSON.parse(JSON.stringify(e))}catch{return{error:`tool_result_not_serializable`,retryable:!1}}}export{completeAuthorizationForConnectionStep,emitConnectionAuthorizationPendingStep,resolvePendingToolCallsStep,startAuthorizationForConnectionStep};
1	+ import{createConnectionAuthorizationCompletedEvent,createConnectionAuthorizationPendingEvent,createConnectionAuthorizationRequiredEvent,encodeMessageStreamEvent,timestampHandleMessageStreamEvent}from"#protocol/message.js";import{contextStorage}from"#context/container.js";import{callAdapterEventHandler}from"#channel/adapter.js";import{BundleKey,ChannelKey}from"#runtime/sessions/runtime-context-keys.js";import{ConnectionRegistryImpl}from"#runtime/connections/registry.js";import{ConnectionRegistryKey,executeConnectionSearch}from"#runtime/framework-tools/connection-search.js";import{getActiveRuntimeNode}from"#context/node.js";import{PendingConnectionToolCallsKey,isConnectionAuthorizationPlaceholder}from"#runtime/framework-tools/pending-connection-tool-calls.js";import{buildAdapterContext}from"#channel/adapter-context.js";import{deserializeContext,serializeContext}from"#context/serialize.js";import{readDurableSession,writeDurableSession}from"#execution/durable-session-store.js";import{hydrateDurableSession}from"#execution/session.js";import{isConnectionAuthorizationFailedError,isConnectionAuthorizationRequiredError}from"#public/connections/errors.js";import{writeCachedToken}from"#runtime/connections/authorization-tokens.js";import{withConnectionPrincipalOverride}from"#runtime/connections/principal-context.js";import{principalKey,resolveConnectionPrincipal}from"#runtime/connections/principal.js";import{withDefaultAuthorizationInstructions}from"#execution/authorization-challenge-defaults.js";import{splicePendingToolResults}from"#execution/await-authorization-splice.js";async function startAuthorizationForConnectionStep(t){"use step";let r=await deserializeContext(t.serializedContext),i=findConnection(r,t.connectionName);if(i?.authorization?.startAuthorization===void 0){let n=`Connection "${t.connectionName}" does not define startAuthorization.`;return await emitAuthorizationEvent(r,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:n,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:n}}let a=i.description??t.connectionName,o,s,c;try{o=resolveConnectionPrincipal(t.connectionName,i.authorization,r);let e=await i.authorization.startAuthorization({principal:o,connection:{url:i.url},callbackUrl:t.webhookUrl});s=withDefaultAuthorizationInstructions(e.challenge,t.connectionName),c=e.state}catch(n){let i=n instanceof Error?n.message:String(n);return await emitAuthorizationEvent(r,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:i,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:i}}return await emitAuthorizationEvent(r,createConnectionAuthorizationRequiredEvent({authorization:s,connectionName:t.connectionName,description:a,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId,webhookUrl:t.webhookUrl}),t.parentWritable),{ok:!0,principal:o,serializedContext:serializeContext(r),state:c}}async function emitConnectionAuthorizationPendingStep(e){"use step";e.connectionNames.length!==0&&await emitAuthorizationEvent(await deserializeContext(e.serializedContext),createConnectionAuthorizationPendingEvent({connectionNames:e.connectionNames,sequence:e.emissionState.sequence,stepIndex:e.emissionState.stepIndex,turnId:e.emissionState.turnId}),e.parentWritable)}async function completeAuthorizationForConnectionStep(t){"use step";let n=await deserializeContext(t.serializedContext),r=findConnection(n,t.connectionName);if(r?.authorization?.completeAuthorization===void 0){let r=`Connection "${t.connectionName}" does not define completeAuthorization.`;return await emitAuthorizationEvent(n,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:r,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:r,retryable:!1}}try{let i=await r.authorization.completeAuthorization({principal:t.principal,connection:{url:r.url},request:t.request,state:t.state,callbackUrl:t.webhookUrl});return await emitAuthorizationEvent(n,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`authorized`,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!0,token:i}}catch(r){let i=isConnectionAuthorizationFailedError(r)?r:null,a=i?.retryable??!0,o=i?.reason??(r instanceof Error?r.message:String(r));return await emitAuthorizationEvent(n,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:o,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:o,retryable:a}}}async function resolvePendingToolCallsStep(e){"use step";let t=await readDurableSession(e.sessionState),n=await deserializeContext(e.serializedContext),r=n.require(BundleKey),i=hydrateDurableSession({compactionOverrides:{thresholdPercent:r.resolvedAgent.config.compaction?.thresholdPercent},durable:t,turnAgent:r.turnAgent}),o=new ConnectionRegistryImpl(getActiveRuntimeNode(n).agent?.connections??[]);n.setVirtualContext(ConnectionRegistryKey,o);for(let[t,r]of Object.entries(e.tokens)){let i=e.principals[t];if(i===void 0)throw Error(`Internal error: missing resolved principal for connection "${t}".`);writeCachedToken(n,t,principalKey(i),r)}let c={},d=new Set(e.resolvedConnectionNames);await contextStorage.run(n,()=>withConnectionPrincipalOverride(n,e.principals,async()=>{for(let t of e.pendingCalls){let n=t.kind===`connection-execute`?[t.connectionName]:t.connectionNames,r;for(let t of n){let n=e.failedConnections[t];if(n!==void 0){r={connectionName:t,...n};break}}if(r!==void 0&&t.kind===`connection-execute`){c[t.toolCallId]=r.retryable?{error:`authorization_required`,retryable:!0}:{connectionName:r.connectionName,error:`authorization_failed`,message:r.reason,retryable:!1};continue}if(!n.every(e=>d.has(e))&&t.kind===`connection-execute`){c[t.toolCallId]={error:`authorization_required`,retryable:!0};continue}try{if(t.kind===`connection-execute`){let e=await o.getClient(t.connectionName).executeTool(t.toolName,t.args);c[t.toolCallId]=normalizeToolResult(e)}else{let e=await executeConnectionSearch(t.args,{toolCallId:t.toolCallId});isConnectionAuthorizationPlaceholder(e)?c[t.toolCallId]={error:`authorization_required`,retryable:!0}:c[t.toolCallId]=normalizeToolResult(e)}}catch(e){if(isConnectionAuthorizationRequiredError(e)){c[t.toolCallId]={error:`authorization_required`,retryable:!0};continue}let n=e instanceof Error?e.message:String(e);c[t.toolCallId]={error:`tool_execution_failed`,message:n,retryable:!1}}}}));let f=splicePendingToolResults(i,c),p=e.pendingCalls.filter(t=>(t.kind===`connection-execute`?[t.connectionName]:t.connectionNames).some(t=>!d.has(t)&&e.failedConnections[t]===void 0));n.set(PendingConnectionToolCallsKey,p);let m=await writeDurableSession({session:f,writable:e.sessionWritable});return{serializedContext:serializeContext(n),sessionState:m}}function findConnection(e,t){return e.get(BundleKey)===void 0?void 0:(getActiveRuntimeNode(e).agent?.connections??[]).find(e=>e.connectionName===t)}async function emitAuthorizationEvent(e,t,n){let a=e.require(ChannelKey),s=buildAdapterContext(a,e),l=await callAdapterEventHandler(a,t,s);e.set(ChannelKey,{...a,state:{...s.state}});let u=n.getWriter();try{await u.write(encodeMessageStreamEvent(timestampHandleMessageStreamEvent(l)))}finally{u.releaseLock()}}function normalizeToolResult(e){if(e===void 0)return null;try{return JSON.parse(JSON.stringify(e))}catch{return{error:`tool_result_not_serializable`,retryable:!1}}}export{completeAuthorizationForConnectionStep,emitConnectionAuthorizationPendingStep,resolvePendingToolCallsStep,startAuthorizationForConnectionStep};

package/dist/src/execution/create-session-step.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { RuntimeCompiledArtifactsSource } from "#runtime/compiled-artifacts-source.js";
+import { type DurableSessionSnapshot, type DurableSessionState } from "#execution/durable-session-store.js";
+/**
+ * Creates the durable session and writes the initial snapshot to the
+ * `ash.session` stream before the workflow enters its turn loop.
+ * `nodeId` targets a subagent node in the compiled graph; omitted for
+ * the root agent.
+ */
+export declare function createSessionStep(input: {
+    readonly compiledArtifactsSource: RuntimeCompiledArtifactsSource;
+    readonly continuationToken: string;
+    readonly nodeId?: string;
+    readonly sessionId: string;
+    readonly sessionWritable: WritableStream<DurableSessionSnapshot>;
+}): Promise<DurableSessionState>;

package/dist/src/execution/create-session-step.js ADDED Viewed

@@ -0,0 +1 @@

+ import{writeDurableSession}from"#execution/durable-session-store.js";import{createSession}from"#execution/session.js";import{getCompiledRuntimeAgentBundle}from"#runtime/sessions/compiled-agent-cache.js";async function createSessionStep(e){"use step";let t=await getCompiledRuntimeAgentBundle({compiledArtifactsSource:e.compiledArtifactsSource,nodeId:e.nodeId});return await writeDurableSession({session:createSession({compactionOverrides:{thresholdPercent:t.resolvedAgent.config.compaction?.thresholdPercent},continuationToken:e.continuationToken,sessionId:e.sessionId,turnAgent:t.turnAgent}),writable:e.sessionWritable})}export{createSessionStep};

package/dist/src/execution/delegated-parent-notification.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * Bridges a delegated subagent's terminal outcome back to its parent
+ * driver via the subagent-result hook. Pure projection helpers live
+ * in `delegated-parent-result.ts` so the workflow step-proxy transform
+ * doesn't strip them from this file.
+ */
+import type { RuntimeSubagentResultActionResult } from "#runtime/actions/types.js";
+/**
+ * Resumes the parent driver's hook with a delegated subagent result.
+ * No-op for root sessions.
+ */
+export declare function notifyDelegatedParentStep(input: {
+    readonly result: RuntimeSubagentResultActionResult | undefined;
+    readonly serializedContext: Record<string, unknown>;
+}): Promise<void>;

package/dist/src/execution/delegated-parent-notification.js ADDED Viewed

@@ -0,0 +1 @@

+ import{ChannelKey}from"#runtime/sessions/runtime-context-keys.js";import{deserializeContext}from"#context/serialize.js";import{SUBAGENT_ADAPTER_KIND}from"#execution/subagent-adapter.js";async function notifyDelegatedParentStep(e){"use step";if(e.result===void 0)return;let t=(await deserializeContext(e.serializedContext)).get(ChannelKey);if(t?.kind!==SUBAGENT_ADAPTER_KIND)return;let n=String(t.state?.parentContinuationToken??``);if(n===``)return;let{resumeHook:r}=await import(`#compiled/@workflow/core/runtime.js`);await r(n,{kind:`runtime-action-result`,results:[e.result]})}export{notifyDelegatedParentStep};

package/dist/src/execution/delegated-parent-result.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Pure helpers that project a delegated subagent's terminal output
+ * into the runtime-action result shape its parent driver expects.
+ * Lives in its own (non-directive) file to escape the workflow
+ * step-proxy transform.
+ */
+import type { RuntimeSubagentResultActionResult } from "#runtime/actions/types.js";
+/**
+ * Builds the success-shaped {@link RuntimeSubagentResultActionResult}.
+ * Returns `undefined` for root sessions (no parent to notify).
+ */
+export declare function createDelegatedSubagentSuccessResult(serializedContext: Record<string, unknown>, output: string): RuntimeSubagentResultActionResult | undefined;
+/** Failure-path mirror of {@link createDelegatedSubagentSuccessResult}. */
+export declare function createDelegatedSubagentErrorResult(serializedContext: Record<string, unknown>, error: unknown): RuntimeSubagentResultActionResult | undefined;

package/dist/src/execution/delegated-parent-result.js ADDED Viewed

@@ -0,0 +1 @@

+ import{toErrorMessage}from"#shared/errors.js";import{SUBAGENT_ADAPTER_KIND}from"#execution/subagent-adapter.js";function createDelegatedSubagentSuccessResult(e,n){let r=e[`ash.channel`];if(r?.kind===SUBAGENT_ADAPTER_KIND)return{callId:String(r.state?.callId??``),kind:`subagent-result`,output:n,subagentName:String(r.state?.subagentName??``)}}function createDelegatedSubagentErrorResult(t,n){let r=createDelegatedSubagentSuccessResult(t,``);if(r!==void 0)return{...r,isError:!0,output:{code:`SUBAGENT_EXECUTION_FAILED`,message:toErrorMessage(n)}}}export{createDelegatedSubagentErrorResult,createDelegatedSubagentSuccessResult};