npm - experimental-ash - Versions diffs - 0.29.0 → 0.30.1 - Mend

experimental-ash 0.29.0 → 0.30.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,45 @@
 # experimental-ash
+## 0.30.1
+### Patch Changes
+- eec18ad: Use Vercel production callback URLs for production Ash workflows and include the Vercel automation bypass secret on generated callback URLs when configured.
+## 0.30.0
+### Minor Changes
+- e2bb3b9: Move durable `HarnessSession` snapshots out of every Workflow step
+  boundary into a per-driver-run `ash.session` stream wrapped in a
+  versioned `DurableSessionSnapshot`. Step inputs, step results, workflow
+  inputs, and hook payloads carry a small `DurableSessionState` — identity,
+  the closed-contract `hasProxyInputRequests` short-circuit, and the
+  `emissionState` projection workflow-body orchestrators (eg.
+  await-authorization) use to stamp protocol events without taking an
+  extra step boundary — and each session-mutating step returns a closed
+  `NextDriverAction` union (`done` | `park` | `dispatch-runtime-actions`)
+  the driver dispatches on without inspecting session shape. The persisted
+  snapshot is narrowed to the durable subset — `agent.modelReference`,
+  `agent.tools`, and compaction thresholds are rebuilt every turn from the
+  latest bundle rather than baked into every chunk. Together these changes
+  eliminate quadratic event-log growth, set up a stable cross-version
+  contract so a pinned older driver can dispatch sessions whose latest
+  code has added new optional fields, and reserve a `version` discriminator
+  (plus a version-walking migration framework) for future shape changes.
+  The harness `StepFn` contract is unchanged.
+### Patch Changes
+- e9052aa: Fix `ash dev` returning 401 when run inside `vercel dev`. The framework's
+  default auth resolvers for the ash channel and the `/__ash/info`
+  endpoint previously gated on `process.env.VERCEL` alone, but `vercel
+dev` inherits `VERCEL=1` into child processes while the REPL strips
+  auth on loopback URLs, producing a 401. Both resolvers now also require
+  `VERCEL_ENV !== "development"` before defaulting to `vercelOidc()`, so
+  local dev under `vercel dev` falls through to `none()` and the REPL
+  talks to the dev server.
 ## 0.29.0
 ### Minor Changes

package/dist/src/context/hook-lifecycle.d.ts CHANGED Viewed

@@ -4,18 +4,11 @@ import type { RunMode } from "#shared/run-mode.js";
 import type { RuntimeHookRegistry } from "#runtime/hooks/registry.js";
 import type { ContextContainer } from "./container.js";
 /**
- * Outcome of dispatching the per-turn hook lifecycle.
- *
- * `proceed` carries the input — augmented with any `modelContext`
- * concatenated from `lifecycle.session` (first turn only) and
- * `lifecycle.turn` returns. The next session may also include durable
- * system-history announcements for hook-contributed skills.
- *
- * `turn-failed` indicates a `lifecycle.turn` hook threw. The dispatcher
- * has already emitted the recoverable `turn.failed` cascade
- * (`session.started` once → `turn.started` → `message.received` →
- * `step.failed` → `turn.failed` → `session.waiting`); the caller
- * lowers this outcome to a parking {@link StepResult}.
+ * Outcome of {@link dispatchHookLifecycle}. `proceed` carries the
+ * input augmented with merged `modelContext` and any hook-contributed
+ * skill announcements on the session. `turn-failed` means a
+ * `lifecycle.turn` hook threw; the recoverable `turn.failed` cascade
+ * has already been emitted.
  */
 export type HookLifecycleOutcome = {
     readonly kind: "proceed";
@@ -26,9 +19,6 @@ export type HookLifecycleOutcome = {
     readonly message: string;
     readonly nextSession: HarnessSession;
 };
-/**
- * Input for {@link dispatchHookLifecycle}.
- */
 export interface DispatchHookLifecycleInput {
     readonly ctx: ContextContainer;
     readonly registry: RuntimeHookRegistry;
@@ -39,51 +29,24 @@ export interface DispatchHookLifecycleInput {
     readonly runtimeIdentity?: RuntimeIdentity;
 }
 /**
- * Runs the per-turn hook lifecycle inside the active ALS scope and
- * returns the outcome.
- *
- * Stages:
- *
- *  1. `lifecycle.session` — runs once per durable session, gated by the
- *     framework-owned {@link SessionPreparedKey} flag. The dispatcher
- *     sets the flag **before** running the chain so a thrown hook does
- *     not retry on the next turn — `lifecycle.session` errors
- *     propagate through this function and are interpreted by the
- *     runtime as a terminal session failure (`session.failed`).
- *
- *  2. `lifecycle.turn` — runs once per fresh delivery (the caller
- *     gates dispatch with `isHarnessBetweenTurns(session)`). Each
- *     hook may return `{ modelContext, skills }`; model-context
- *     contributions are concatenated in registry order and skills are
- *     materialized into the live sandbox before the model call. A
- *     thrown hook is caught here, the recoverable `turn.failed`
- *     cascade is emitted, and the dispatcher returns
- *     `kind: "turn-failed"` so the caller can park the session.
- *
- *  Errors:
- *
- *  - `lifecycle.session` throws → re-thrown. Runtime escalates to
- *    `session.failed`.
- *  - `lifecycle.turn` throws → caught, recoverable `turn.failed`
- *    emitted, outcome `kind: "turn-failed"`. Session keeps living.
- *
- *  Stream-event hook errors are not handled here — they propagate
- *  through {@link dispatchStreamEventHooks} and are caught wherever the
- *  emit composer sits inside the harness.
+ * Runs the per-turn hook lifecycle inside the active ALS scope.
+ *
+ * - `lifecycle.session` runs once per session, gated by
+ *   {@link SessionPreparedKey}. The flag is set **before** the chain
+ *   runs so a thrown hook does not retry. A throw re-propagates and
+ *   the runtime escalates to terminal `session.failed`.
+ * - `lifecycle.turn` runs once per fresh delivery. Each hook may
+ *   return `{ modelContext, skills }`; model-context contributions
+ *   are concatenated in registry order, skills are materialized into
+ *   the sandbox. A thrown hook emits the recoverable `turn.failed`
+ *   cascade and returns `kind: "turn-failed"`.
  */
 export declare function dispatchHookLifecycle(input: DispatchHookLifecycleInput): Promise<HookLifecycleOutcome>;
 /**
- * Fans one runtime stream event out to every matching subscriber on the
- * registry.
- *
- * Errors propagate out of this function. The harness's emit composer
- * is the natural caller; existing harness error paths catch propagated
- * exceptions and emit the recoverable `turn.failed` cascade. If a
- * hook subscribed to a failure-cascade event itself throws, the
- * outer runtime escalates to `session.failed`.
- *
- * Caller is responsible for running this inside an active ALS scope so
- * hook code can read the same context the rest of the step sees.
+ * Fans one runtime stream event out to every matching subscriber.
+ * Errors propagate — harness error paths convert them into the
+ * recoverable `turn.failed` cascade. Caller must hold an active ALS
+ * scope so hooks see the same context as the rest of the step.
  */
 export declare function dispatchStreamEventHooks(input: {
     readonly ctx: ContextContainer;
@@ -91,15 +54,8 @@ export declare function dispatchStreamEventHooks(input: {
     readonly event: HandleMessageStreamEvent;
 }): Promise<void>;
 /**
- * Runtime adapter on top of {@link dispatchHookLifecycle}: runs the
- * per-turn hook lifecycle, lowers a `turn-failed` outcome into a
- * parking {@link StepResult}, and otherwise hands off to `body` with
- * the (possibly augmented) input.
- *
- * The `Step` suffix signals the return type — both runtime entry points
- * call this from inside their `runStep` callback so the
- * recoverable-failure-to-`StepResult` mapping lives in one place.
- *
- * Caller must already be inside the active ALS scope.
+ * Runs the per-turn hook lifecycle, lowers a `turn-failed` outcome
+ * into a parking {@link StepResult}, and otherwise hands off to
+ * `body` with the (possibly augmented) input.
  */
 export declare function runHookLifecycleStep(input: DispatchHookLifecycleInput, body: (session: HarnessSession, input: StepInput) => Promise<StepResult>): Promise<StepResult>;

package/dist/src/context/hook-lifecycle.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{ContinuationTokenKey,SandboxKey,SessionIdKey,SessionPreparedKey}from"./keys.js";import{createLogger}from"#internal/logging.js";import{toErrorMessage}from"#shared/errors.js";import{normalizeSkillPackage,writeSkillPackageToSandbox}from"#shared/skill-package.js";import{getAdapterKind}from"#channel/adapter.js";import{emitRecoverableFailedTurn,emitTurnPreamble,getHarnessEmissionState,setHarnessEmissionState}from"#harness/emission.js";import{formatAvailableSkillsSection}from"#execution/skills/instructions.js";import{BundleKey,ChannelKey}from"#runtime/sessions/runtime-context-keys.js";const log=createLogger(`hooks.lifecycle`);async function dispatchHookLifecycle(e){let{ctx:t,registry:n,emit:i}=e,o=getHarnessEmissionState(e.session),s=`turn_${o.sequence}`,c=o.sequence,l=buildHookContext(t),u={session:{sessionId:e.session.sessionId},turn:{sequence:c,turnId:s}},d=[],f=e.session;if(n.session.length>0&&t.get(SessionPreparedKey)!==!0){t.set(SessionPreparedKey,!0);let e=[];for(let r of n.session){let n=await r.handler(u,l);n?.modelContext!==void 0&&n.modelContext.length>0&&d.push(...n.modelContext),e.push(...normalizeLifecycleSkillResults(t,n))}f=await materializeLifecycleSkills(t,f,e)}let p=!1,m=o;try{let e=[];for(let r of n.turn){let n=await r.handler(u,l);n?.modelContext!==void 0&&n.modelContext.length>0&&d.push(...n.modelContext),e.push(...normalizeLifecycleSkillResults(t,n))}f=await materializeLifecycleSkills(t,f,e)}catch(t){let n=toErrorMessage(t);try{p\|\|=(m=await emitTurnPreamble(i,{message:e.input.message},o,e.runtimeIdentity),!0);let t=await emitRecoverableFailedTurn(i,m,{code:`HOOK_TURN_FAILED`,message:n});return{kind:`turn-failed`,message:n,nextSession:setHarnessEmissionState(f,t)}}catch(e){throw log.error(`Event hook threw while emitting the turn.failed cascade for a lifecycle.turn failure — escalating to session.failed.`,{error:toErrorMessage(e)}),e}}let h=e.input.modelContext??[],g=h.length===0?d:[...h,...d];return{kind:`proceed`,input:g.length>0?{...e.input,modelContext:g}:e.input,nextSession:f}}function normalizeLifecycleSkillResults(e,t){if(t?.skills===void 0\|\|t.skills.length===0)return[];let n=new Set(e.require(BundleKey).resolvedAgent.skills.map(e=>e.name)),r=new Map;for(let e of t.skills){let t=normalizeSkillPackage(e);if(n.has(t.name))throw Error(`Hook-contributed skill "${t.name}" conflicts with an authored skill.`);r.set(t.name,t)}return[...r.values()]}async function materializeLifecycleSkills(e,n,r){if(r.length===0)return n;let i=new Map(r.map(e=>[e.name,e])),a=await e.require(SandboxKey).get();if(a===null)throw Error(`Dynamic skills require a sandbox for the current agent.`);for(let e of i.values())await writeSkillPackageToSandbox({sandbox:a,skill:e});let o=formatAvailableSkillsSection([...i.values()]);return o===null?n:{...n,history:[...n.history,{role:`system`,content:o}]}}async function dispatchStreamEventHooks(e){let t=e.registry.streamEventsByType.get(e.event.type)??[],n=e.registry.streamEventsWildcard;if(t.length===0&&n.length===0)return;let r=buildHookContext(e.ctx);for(let n of t)await n.handler(e.event,r);for(let t of n)await t.handler(e.event,r)}function buildHookContext(t){let r=t.require(BundleKey),i=t.get(ChannelKey),a=t.get(ContinuationTokenKey),o=i===void 0?void 0:getAdapterKind(i);return{agent:{name:r.resolvedAgent.config.name??`agent`,nodeId:r.nodeId},channel:{kind:o,continuationToken:a},session:{sessionId:t.get(SessionIdKey)??``},ash:t}}async function runHookLifecycleStep(e,t){let n=await dispatchHookLifecycle(e);return n.kind===`turn-failed`?{next:e.mode===`conversation`?null:{done:!0,output:n.message},session:n.nextSession}:t(n.nextSession,n.input)}export{dispatchHookLifecycle,dispatchStreamEventHooks,runHookLifecycleStep};
1	+ import{ContinuationTokenKey,SandboxKey,SessionIdKey,SessionPreparedKey}from"./keys.js";import{createLogger}from"#internal/logging.js";import{toErrorMessage}from"#shared/errors.js";import{normalizeSkillPackage,writeSkillPackageToSandbox}from"#shared/skill-package.js";import{getAdapterKind}from"#channel/adapter.js";import{emitRecoverableFailedTurn,emitTurnPreamble,getHarnessEmissionState,setHarnessEmissionState}from"#harness/emission.js";import{formatAvailableSkillsSection}from"#execution/skills/instructions.js";import{BundleKey,ChannelKey}from"#runtime/sessions/runtime-context-keys.js";const log=createLogger(`hooks.lifecycle`);async function dispatchHookLifecycle(e){let{ctx:t,registry:n,emit:i}=e,o=getHarnessEmissionState(e.session.state),s=`turn_${o.sequence}`,c=o.sequence,l=buildHookContext(t),u={session:{sessionId:e.session.sessionId},turn:{sequence:c,turnId:s}},d=[],f=e.session;if(n.session.length>0&&t.get(SessionPreparedKey)!==!0){t.set(SessionPreparedKey,!0);let e=[];for(let r of n.session){let n=await r.handler(u,l);n?.modelContext!==void 0&&n.modelContext.length>0&&d.push(...n.modelContext),e.push(...normalizeLifecycleSkillResults(t,n))}f=await materializeLifecycleSkills(t,f,e)}let p=!1,m=o;try{let e=[];for(let r of n.turn){let n=await r.handler(u,l);n?.modelContext!==void 0&&n.modelContext.length>0&&d.push(...n.modelContext),e.push(...normalizeLifecycleSkillResults(t,n))}f=await materializeLifecycleSkills(t,f,e)}catch(t){let n=toErrorMessage(t);try{p\|\|=(m=await emitTurnPreamble(i,{message:e.input.message},o,e.runtimeIdentity),!0);let t=await emitRecoverableFailedTurn(i,m,{code:`HOOK_TURN_FAILED`,message:n});return{kind:`turn-failed`,message:n,nextSession:setHarnessEmissionState(f,t)}}catch(e){throw log.error(`Event hook threw while emitting the turn.failed cascade for a lifecycle.turn failure — escalating to session.failed.`,{error:toErrorMessage(e)}),e}}let h=e.input.modelContext??[],g=h.length===0?d:[...h,...d];return{kind:`proceed`,input:g.length>0?{...e.input,modelContext:g}:e.input,nextSession:f}}function normalizeLifecycleSkillResults(e,t){if(t?.skills===void 0\|\|t.skills.length===0)return[];let n=new Set(e.require(BundleKey).resolvedAgent.skills.map(e=>e.name)),r=new Map;for(let e of t.skills){let t=normalizeSkillPackage(e);if(n.has(t.name))throw Error(`Hook-contributed skill "${t.name}" conflicts with an authored skill.`);r.set(t.name,t)}return[...r.values()]}async function materializeLifecycleSkills(e,n,r){if(r.length===0)return n;let i=new Map(r.map(e=>[e.name,e])),a=await e.require(SandboxKey).get();if(a===null)throw Error(`Dynamic skills require a sandbox for the current agent.`);for(let e of i.values())await writeSkillPackageToSandbox({sandbox:a,skill:e});let o=formatAvailableSkillsSection([...i.values()]);return o===null?n:{...n,history:[...n.history,{role:`system`,content:o}]}}async function dispatchStreamEventHooks(e){let t=e.registry.streamEventsByType.get(e.event.type)??[],n=e.registry.streamEventsWildcard;if(t.length===0&&n.length===0)return;let r=buildHookContext(e.ctx);for(let n of t)await n.handler(e.event,r);for(let t of n)await t.handler(e.event,r)}function buildHookContext(t){let r=t.require(BundleKey),i=t.get(ChannelKey),a=t.get(ContinuationTokenKey),o=i===void 0?void 0:getAdapterKind(i);return{agent:{name:r.resolvedAgent.config.name??`agent`,nodeId:r.nodeId},channel:{kind:o,continuationToken:a},session:{sessionId:t.get(SessionIdKey)??``},ash:t}}async function runHookLifecycleStep(e,t){let n=await dispatchHookLifecycle(e);return n.kind===`turn-failed`?{next:e.mode===`conversation`?null:{done:!0,output:n.message},session:n.nextSession}:t(n.nextSession,n.input)}export{dispatchHookLifecycle,dispatchStreamEventHooks,runHookLifecycleStep};

package/dist/src/execution/await-authorization-orchestrator.d.ts CHANGED Viewed

@@ -1,37 +1,26 @@
 /**
- * Workflow-body orchestrator for the interactive OAuth
- * await-authorization-and-splice flow.
- *
- * The workflow body owns hook creation and waiting; model-facing side
- * effects stay inside durable steps.
+ * Workflow-body orchestrator for the interactive OAuth flow.
+ * Owns hook creation and waiting; side effects stay inside steps.
  */
-import type { HarnessSession } from "#harness/types.js";
+import type { DurableSessionSnapshot, DurableSessionState } from "#execution/durable-session-store.js";
 import type { PendingConnectionToolCall } from "#runtime/framework-tools/pending-connection-tool-calls.js";
-/**
- * Return value of {@link awaitAuthorizationAndResolve}. The workflow
- * body replaces its current session + serialized context with these
- * so the next turn step sees the spliced history and
- * cached tokens.
- */
-export interface AwaitAuthorizationResolveResult {
+export interface AwaitAuthorizationInput {
+    readonly parentWritable: WritableStream<Uint8Array>;
+    readonly pendingToolCalls: readonly PendingConnectionToolCall[];
     readonly serializedContext: Record<string, unknown>;
-    readonly session: HarnessSession;
+    readonly sessionState: DurableSessionState;
+    readonly sessionWritable: WritableStream<DurableSessionSnapshot>;
+}
+export interface AwaitAuthorizationResult {
+    readonly serializedContext: Record<string, unknown>;
+    readonly sessionState: DurableSessionState;
 }
 /**
- * Orchestrates one await-authorization-and-splice cycle for all
- * interactive-authorization connections that have pending tool calls.
- * Connections that only implement `getToken` are ignored here — they
- * surface via `drainPendingConnectionAuthorizations` on the harness
- * step boundary and rely on out-of-band auth.
+ * Orchestrates one authorization cycle for every interactive
+ * connection with pending tool calls. `getToken`-only connections
+ * are handled elsewhere via `drainPendingConnectionAuthorizations`.
  *
- * Error behaviour: one connection's failure does not block the
- * others. Connections that fail `startAuthorization` or
- * `completeAuthorization` surface a structured error result on the
- * spliced tool call rather than an exception in the workflow body.
+ * One connection's failure surfaces as a structured error result on
+ * the spliced tool call; it never aborts the workflow body.
  */
-export declare function awaitAuthorizationAndResolve(input: {
-    readonly parentWritable: WritableStream<Uint8Array>;
-    readonly pendingToolCalls: readonly PendingConnectionToolCall[];
-    readonly serializedContext: Record<string, unknown>;
-    readonly session: HarnessSession;
-}): Promise<AwaitAuthorizationResolveResult>;
+export declare function awaitAuthorizationAndResolve(input: AwaitAuthorizationInput): Promise<AwaitAuthorizationResult>;

package/dist/src/execution/await-authorization-orchestrator.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{createAshConnectionCallbackRoutePath}from"#protocol/routes.js";import{~~getHarnessEmissionState}from"#harness/emission.js";import{~~createHook,getWorkflowMetadata}from"#compiled/@workflow/core/index.js";import{completeAuthorizationForConnectionStep,emitConnectionAuthorizationPendingStep,resolvePendingToolCallsStep,startAuthorizationForConnectionStep}from"#execution/connection-auth-steps.js";async function awaitAuthorizationAndResolve(s){let ~~c=getHarnessEmissionState(s.session),~~l=uniqueConnectionNames(s.pendingToolCalls);if(l.length===0)return{serializedContext:s.serializedContext,~~session~~:s.~~session~~};let u=~~trimTrailingSlash~~(getWorkflowMetadata().url),d=l.map(t=>{let r=createHook();return{connectionName:t,hook:r,webhookUrl~~:`${u}${~~createAshConnectionCallbackRoutePath(t,r.token)}`}}),f=await Promise.all(d.map(async({connectionName:e,hook:t,webhookUrl:n})=>({connectionName:e,hook:t,webhookUrl:n,start:await startAuthorizationForConnectionStep({connectionName:e,emissionState:c,parentWritable:s.parentWritable,serializedContext:s.serializedContext,webhookUrl:n})}))),p=f.flatMap(e=>e.start.ok?[{connectionName:e.connectionName,hook:e.hook,principal:e.start.principal,serializedContext:e.start.serializedContext,state:e.start.state,webhookUrl:e.webhookUrl}]:[]);p.length>0&&await emitConnectionAuthorizationPendingStep({connectionNames:p.map(e=>e.connectionName),emissionState:c,parentWritable:s.parentWritable,serializedContext:s.serializedContext});let m=await Promise.all(p.map(async({connectionName:e,hook:t,principal:n,serializedContext:r,state:i,webhookUrl:a})=>{try{let o=await awaitHookRequest(t);return{complete:await completeAuthorizationForConnectionStep({connectionName:e,emissionState:c,parentWritable:s.parentWritable,principal:n,request:o,serializedContext:r,state:i,webhookUrl:a}),connectionName:e,principal:n}}finally{t.dispose()}})),h={},g={},_={},v=[];for(let e of f)e.start.ok\|\|(_[e.connectionName]={reason:e.start.reason,retryable:!1});for(let e of m)e.complete.ok?(h[e.connectionName]=e.complete.token,g[e.connectionName]=e.principal,v.push(e.connectionName)):_[e.connectionName]={reason:e.complete.reason,retryable:e.complete.retryable};return resolvePendingToolCallsStep({failedConnections:_,parentWritable:s.parentWritable,pendingCalls:s.pendingToolCalls,principals:g,resolvedConnectionNames:v,serializedContext:s.serializedContext,~~session~~:s.~~session~~,tokens:h})}function uniqueConnectionNames(e){let t=new Set;for(let n of e){let e=n.kind===`connection-execute`?[n.connectionName]:n.connectionNames;for(let n of e)t.add(n)}return[...t]}async function awaitHookRequest(e){let t=await e[Symbol.asyncIterator]().next();if(t.done===!0\|\|t.value===void 0)throw Error(`Connection callback hook closed before delivering a request.`);return t.value}~~function trimTrailingSlash(e){return e.endsWith(`/`)?e.slice(0,-1):e}~~export{awaitAuthorizationAndResolve};
1	+ import{createAshConnectionCallbackRoutePath}from"#protocol/routes.js";import{createHook,getWorkflowMetadata}from"#compiled/@workflow/core/index.js";import{completeAuthorizationForConnectionStep,emitConnectionAuthorizationPendingStep,resolvePendingToolCallsStep,startAuthorizationForConnectionStep}from"#execution/connection-auth-steps.js";import{resolveVercelProductionCallbackBaseUrl}from"#execution/workflow-callback-url.js";async function awaitAuthorizationAndResolve(c){let l=uniqueConnectionNames(c.pendingToolCalls);if(l.length===0)return{serializedContext:c.serializedContext,sessionState:c.sessionState};let u=c.sessionState.emissionState,d=resolveVercelProductionCallbackBaseUrl()??getWorkflowMetadata().url,f=l.map(n=>{let r=createHook();return{connectionName:n,hook:r,webhookUrl:new URL(createAshConnectionCallbackRoutePath(n,r.token),d).toString()}}),p=await Promise.all(f.map(async({connectionName:e,hook:t,webhookUrl:n})=>({connectionName:e,hook:t,webhookUrl:n,start:await startAuthorizationForConnectionStep({connectionName:e,emissionState:u,parentWritable:c.parentWritable,serializedContext:c.serializedContext,webhookUrl:n})}))),m=p.flatMap(e=>e.start.ok?[{connectionName:e.connectionName,hook:e.hook,principal:e.start.principal,serializedContext:e.start.serializedContext,state:e.start.state,webhookUrl:e.webhookUrl}]:[]);m.length>0&&await emitConnectionAuthorizationPendingStep({connectionNames:m.map(e=>e.connectionName),emissionState:u,parentWritable:c.parentWritable,serializedContext:c.serializedContext});let h=await Promise.all(m.map(async({connectionName:e,hook:t,principal:n,serializedContext:i,state:a,webhookUrl:o})=>{try{let s=await awaitHookRequest(t);return{complete:await completeAuthorizationForConnectionStep({connectionName:e,emissionState:u,parentWritable:c.parentWritable,principal:n,request:s,serializedContext:i,state:a,webhookUrl:o}),connectionName:e,principal:n}}finally{t.dispose()}})),g={},_={},v={},y=[];for(let e of p)e.start.ok\|\|(v[e.connectionName]={reason:e.start.reason,retryable:!1});for(let e of h)e.complete.ok?(g[e.connectionName]=e.complete.token,_[e.connectionName]=e.principal,y.push(e.connectionName)):v[e.connectionName]={reason:e.complete.reason,retryable:e.complete.retryable};return resolvePendingToolCallsStep({failedConnections:v,parentWritable:c.parentWritable,pendingCalls:c.pendingToolCalls,principals:_,resolvedConnectionNames:y,serializedContext:c.serializedContext,sessionState:c.sessionState,sessionWritable:c.sessionWritable,tokens:g})}function uniqueConnectionNames(e){let t=new Set;for(let n of e){let e=n.kind===`connection-execute`?[n.connectionName]:n.connectionNames;for(let n of e)t.add(n)}return[...t]}async function awaitHookRequest(e){let t=await e[Symbol.asyncIterator]().next();if(t.done===!0\|\|t.value===void 0)throw Error(`Connection callback hook closed before delivering a request.`);return t.value}export{awaitAuthorizationAndResolve};

package/dist/src/execution/connection-auth-steps.d.ts CHANGED Viewed

@@ -2,32 +2,21 @@
  * Durable step boundaries that make up the interactive OAuth
  * await-authorization-and-splice flow.
  */
+import { type DurableSessionSnapshot, type DurableSessionState } from "#execution/durable-session-store.js";
 import type { HarnessEmissionState } from "#harness/emission.js";
-import type { HarnessSession } from "#harness/types.js";
 import type { JsonValue } from "#public/types/json.js";
 import type { AuthorizationCallbackRequest, ConnectionPrincipal, TokenResult } from "#runtime/connections/types.js";
 import { type PendingConnectionToolCall } from "#runtime/framework-tools/pending-connection-tool-calls.js";
 /**
  * Result of one `startAuthorization` step.
  *
- * On success the runtime journals
- * `{ ok: true, principal, state, serializedContext }`. The
- * `principal` is the framework-resolved {@link ConnectionPrincipal}
- * captured at `startAuthorization` time; the orchestrator carries it
- * forward so `completeAuthorization` and the post-resume retry observe
- * the same identity even when the webhook-hit session has different
- * auth. The `state` travels to the matching `completeAuthorization`
- * step. The `serializedContext` carries any channel-state mutations
- * the `connection.authorization_required` handler made (e.g. the
- * Slack base layer's tracked status-message ts) forward into the
- * matching `completeAuthorization` step so the handler can edit that
- * same surface in place.
- *
- * On failure the runtime journals `{ ok: false, reason }` and the
- * workflow body skips webhook provisioning for this connection. The
- * workflow still emits a corresponding
- * `connection.authorization_completed` event with
- * `outcome: "failed"` so channels clean up their UI.
+ * On success carries the resolved `principal`, the IdP `state`, and
+ * the post-emit `serializedContext` (so channel-state mutations made
+ * by the `connection.authorization_required` handler — eg. tracked
+ * status-message ts — survive into the matching
+ * `completeAuthorization` step). Failures emit a
+ * `connection.authorization_completed` event with `outcome: "failed"`
+ * so channels clean up their UI.
  */
 export type StartAuthorizationStepResult = {
     readonly ok: true;
@@ -39,13 +28,10 @@ export type StartAuthorizationStepResult = {
     readonly reason: string;
 };
 /**
- * Runs one connection's `startAuthorization` callback inside a durable
- * step and emits the matching `connection.authorization_required`
- * event.
- *
- * Failures are captured as {@link StartAuthorizationStepResult.ok} =
- * `false` instead of thrown, so one connection's misconfigured
- * authorization does not abort the entire authorization cycle.
+ * Runs one connection's `startAuthorization` callback and emits the
+ * matching `connection.authorization_required` event. Failures are
+ * captured as `ok: false` so one connection's misconfig does not
+ * abort the entire cycle.
  */
 export declare function startAuthorizationForConnectionStep(input: {
     readonly connectionName: string;
@@ -54,11 +40,7 @@ export declare function startAuthorizationForConnectionStep(input: {
     readonly serializedContext: Record<string, unknown>;
     readonly webhookUrl: string;
 }): Promise<StartAuthorizationStepResult>;
-/**
- * Emits the `connection.authorization_pending` event once per
- * authorization cycle, after every `authorization_required` has been
- * written.
- */
+/** Emits the cycle's single `connection.authorization_pending` event. */
 export declare function emitConnectionAuthorizationPendingStep(input: {
     readonly connectionNames: readonly string[];
     readonly emissionState: HarnessEmissionState;
@@ -68,8 +50,10 @@ export declare function emitConnectionAuthorizationPendingStep(input: {
 /**
  * Result of one `completeAuthorization` step.
  *
- * `ok: true` carries the freshly minted {@link TokenResult}; the
- * workflow caches it on the context before retrying pending tool calls.
+ * Failures default to `retryable: true` so the model can re-prompt for
+ * authorization; only explicit
+ * `ConnectionAuthorizationFailedError({ retryable: false })` opts out
+ * (canonically: user clicked "Cancel").
  */
 export type CompleteAuthorizationStepResult = {
     readonly ok: true;
@@ -77,27 +61,12 @@ export type CompleteAuthorizationStepResult = {
 } | {
     readonly ok: false;
     readonly reason: string;
-    /**
-     * When `true`, downstream pending tool calls for this connection
-     * are spliced with a soft `authorization_required` result so the
-     * model can prompt the user to retry authorization rather than
-     * treating the turn as terminally failed. This is the default
-     * for any `completeAuthorization` throw — the runtime only marks
-     * a failure as non-retryable when the author explicitly sets
-     * `ConnectionAuthorizationFailedError({ retryable: false })`
-     * (canonically: user clicked "Cancel", `reason: "access_denied"`).
-     */
     readonly retryable: boolean;
 };
 /**
- * Runs one connection's `completeAuthorization` callback inside a
- * durable step and emits the matching
- * `connection.authorization_completed` event.
- *
- * Any error surfaces as a failure result with an appropriate
- * {@link ConnectionAuthorizationOutcome}. The workflow body continues
- * even when one connection fails, so the remainder of the authorization
- * cycle still resolves.
+ * Runs one connection's `completeAuthorization` callback and emits
+ * the matching `connection.authorization_completed` event. One
+ * connection's failure does not abort the cycle.
  */
 export declare function completeAuthorizationForConnectionStep(input: {
     readonly connectionName: string;
@@ -110,15 +79,9 @@ export declare function completeAuthorizationForConnectionStep(input: {
     readonly webhookUrl: string;
 }): Promise<CompleteAuthorizationStepResult>;
 /**
- * Structured failure information for a single connection whose
- * authorization round-trip did not produce a token.
- *
- * `retryable: true` (the default for any `completeAuthorization`
- * throw) means the model should be prompted to retry authorization.
- * `retryable: false` means the failure is terminal for this turn
- * (canonically: user clicked "Cancel" on the IdP consent screen, so
- * the author threw `ConnectionAuthorizationFailedError` with
- * `{ reason: "access_denied", retryable: false }`).
+ * Structured failure for one connection's authorization round-trip.
+ * `retryable: true` lets the model re-prompt; `retryable: false` is
+ * terminal for this turn (canonically: user clicked "Cancel").
  */
 export interface ConnectionAuthorizationFailure {
     readonly reason: string;
@@ -126,9 +89,8 @@ export interface ConnectionAuthorizationFailure {
 }
 /**
  * Retries every pending tool call whose connection has a freshly
- * minted token, splices the real results over the placeholder outputs
- * in history, clears the resolved cycle's context entries, and returns
- * the new session + serialized context.
+ * minted token, splices the real results over the placeholders in
+ * history, and clears the resolved cycle's context entries.
  */
 export declare function resolvePendingToolCallsStep(input: {
     readonly failedConnections: Readonly<Record<string, ConnectionAuthorizationFailure>>;
@@ -137,9 +99,10 @@ export declare function resolvePendingToolCallsStep(input: {
     readonly principals: Readonly<Record<string, ConnectionPrincipal>>;
     readonly resolvedConnectionNames: readonly string[];
     readonly serializedContext: Record<string, unknown>;
-    readonly session: HarnessSession;
+    readonly sessionState: DurableSessionState;
+    readonly sessionWritable: WritableStream<DurableSessionSnapshot>;
     readonly tokens: Readonly<Record<string, TokenResult>>;
 }): Promise<{
     readonly serializedContext: Record<string, unknown>;
-    readonly session: HarnessSession;
+    readonly sessionState: DurableSessionState;
 }>;

package/dist/src/execution/connection-auth-steps.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{createConnectionAuthorizationCompletedEvent,createConnectionAuthorizationPendingEvent,createConnectionAuthorizationRequiredEvent,encodeMessageStreamEvent,timestampHandleMessageStreamEvent}from"#protocol/message.js";import{contextStorage}from"#context/container.js";import{callAdapterEventHandler}from"#channel/adapter.js";import{BundleKey,ChannelKey}from"#runtime/sessions/runtime-context-keys.js";import{ConnectionRegistryImpl}from"#runtime/connections/registry.js";import{ConnectionRegistryKey,executeConnectionSearch}from"#runtime/framework-tools/connection-search.js";import{getActiveRuntimeNode}from"#context/node.js";import{PendingConnectionToolCallsKey,isConnectionAuthorizationPlaceholder}from"#runtime/framework-tools/pending-connection-tool-calls.js";import{buildAdapterContext}from"#channel/adapter-context.js";import{deserializeContext,serializeContext}from"#context/serialize.js";import{isConnectionAuthorizationFailedError,isConnectionAuthorizationRequiredError}from"#public/connections/errors.js";import{writeCachedToken}from"#runtime/connections/authorization-tokens.js";import{withConnectionPrincipalOverride}from"#runtime/connections/principal-context.js";import{principalKey,resolveConnectionPrincipal}from"#runtime/connections/principal.js";import{withDefaultAuthorizationInstructions}from"#execution/authorization-challenge-defaults.js";import{splicePendingToolResults}from"#execution/await-authorization-splice.js";async function startAuthorizationForConnectionStep(t){"use step";let r=await deserializeContext(t.serializedContext),i=findConnection(r,t.connectionName);if(i?.authorization?.startAuthorization===void 0){let n=`Connection "${t.connectionName}" does not define startAuthorization.`;return await emitAuthorizationEvent(r,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:n,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:n}}let a=i.description??t.connectionName,o,s,c;try{o=resolveConnectionPrincipal(t.connectionName,i.authorization,r);let e=await i.authorization.startAuthorization({principal:o,connection:{url:i.url},callbackUrl:t.webhookUrl});s=withDefaultAuthorizationInstructions(e.challenge,t.connectionName),c=e.state}catch(n){let i=n instanceof Error?n.message:String(n);return await emitAuthorizationEvent(r,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:i,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:i}}return await emitAuthorizationEvent(r,createConnectionAuthorizationRequiredEvent({authorization:s,connectionName:t.connectionName,description:a,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId,webhookUrl:t.webhookUrl}),t.parentWritable),{ok:!0,principal:o,serializedContext:serializeContext(r),state:c}}async function emitConnectionAuthorizationPendingStep(e){"use step";e.connectionNames.length!==0&&await emitAuthorizationEvent(await deserializeContext(e.serializedContext),createConnectionAuthorizationPendingEvent({connectionNames:e.connectionNames,sequence:e.emissionState.sequence,stepIndex:e.emissionState.stepIndex,turnId:e.emissionState.turnId}),e.parentWritable)}async function completeAuthorizationForConnectionStep(t){"use step";let n=await deserializeContext(t.serializedContext),r=findConnection(n,t.connectionName);if(r?.authorization?.completeAuthorization===void 0){let r=`Connection "${t.connectionName}" does not define completeAuthorization.`;return await emitAuthorizationEvent(n,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:r,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:r,retryable:!1}}try{let i=await r.authorization.completeAuthorization({principal:t.principal,connection:{url:r.url},request:t.request,state:t.state,callbackUrl:t.webhookUrl});return await emitAuthorizationEvent(n,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`authorized`,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!0,token:i}}catch(r){let i=isConnectionAuthorizationFailedError(r)?r:null,a=i?.retryable??!0,o=i?.reason??(r instanceof Error?r.message:String(r));return await emitAuthorizationEvent(n,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:o,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:o,retryable:a}}}async function resolvePendingToolCallsStep(e){"use step";let t=await deserializeContext(e.serializedContext),n=new ConnectionRegistryImpl(getActiveRuntimeNode(t).agent?.connections??[]);t.setVirtualContext(ConnectionRegistryKey,n);for(let[n,r]of Object.entries(e.tokens)){let i=e.principals[n];if(i===void 0)throw Error(`Internal error: missing resolved principal for connection "${n}".`);writeCachedToken(t,n,principalKey(i),r)}let r={},i=new Set(e.resolvedConnectionNames);await contextStorage.run(t,()=>withConnectionPrincipalOverride(t,e.principals,async()=>{for(let t of e.pendingCalls){let a=t.kind===`connection-execute`?[t.connectionName]:t.connectionNames,o;for(let t of a){let n=e.failedConnections[t];if(n!==void 0){o={connectionName:t,...n};break}}if(o!==void 0&&t.kind===`connection-execute`){r[t.toolCallId]=o.retryable?{error:`authorization_required`,retryable:!0}:{connectionName:o.connectionName,error:`authorization_failed`,message:o.reason,retryable:!1};continue}if(!a.every(e=>i.has(e))&&t.kind===`connection-execute`){r[t.toolCallId]={error:`authorization_required`,retryable:!0};continue}try{if(t.kind===`connection-execute`){let e=await n.getClient(t.connectionName).executeTool(t.toolName,t.args);r[t.toolCallId]=normalizeToolResult(e)}else{let e=await executeConnectionSearch(t.args,{toolCallId:t.toolCallId});isConnectionAuthorizationPlaceholder(e)?r[t.toolCallId]={error:`authorization_required`,retryable:!0}:r[t.toolCallId]=normalizeToolResult(e)}}catch(e){if(isConnectionAuthorizationRequiredError(e)){r[t.toolCallId]={error:`authorization_required`,retryable:!0};continue}let n=e instanceof Error?e.message:String(e);r[t.toolCallId]={error:`tool_execution_failed`,message:n,retryable:!1}}}}));let o=splicePendingToolResults(~~e.session~~,r),s=e.pendingCalls.filter(t=>(t.kind===`connection-execute`?[t.connectionName]:t.connectionNames).some(t=>!i.has(t)&&e.failedConnections[t]===void 0));~~return t~~.set(PendingConnectionToolCallsKey,s),{serializedContext:serializeContext(t),~~session~~:o}}function findConnection(e,t){return e.get(BundleKey)===void 0?void 0:(getActiveRuntimeNode(e).agent?.connections??[]).find(e=>e.connectionName===t)}async function emitAuthorizationEvent(e,t,n){let a=e.require(ChannelKey),s=buildAdapterContext(a,e),l=await callAdapterEventHandler(a,t,s);e.set(ChannelKey,{...a,state:{...s.state}});let u=n.getWriter();try{await u.write(encodeMessageStreamEvent(timestampHandleMessageStreamEvent(l)))}finally{u.releaseLock()}}function normalizeToolResult(e){if(e===void 0)return null;try{return JSON.parse(JSON.stringify(e))}catch{return{error:`tool_result_not_serializable`,retryable:!1}}}export{completeAuthorizationForConnectionStep,emitConnectionAuthorizationPendingStep,resolvePendingToolCallsStep,startAuthorizationForConnectionStep};
1	+ import{createConnectionAuthorizationCompletedEvent,createConnectionAuthorizationPendingEvent,createConnectionAuthorizationRequiredEvent,encodeMessageStreamEvent,timestampHandleMessageStreamEvent}from"#protocol/message.js";import{contextStorage}from"#context/container.js";import{callAdapterEventHandler}from"#channel/adapter.js";import{BundleKey,ChannelKey}from"#runtime/sessions/runtime-context-keys.js";import{ConnectionRegistryImpl}from"#runtime/connections/registry.js";import{ConnectionRegistryKey,executeConnectionSearch}from"#runtime/framework-tools/connection-search.js";import{getActiveRuntimeNode}from"#context/node.js";import{PendingConnectionToolCallsKey,isConnectionAuthorizationPlaceholder}from"#runtime/framework-tools/pending-connection-tool-calls.js";import{buildAdapterContext}from"#channel/adapter-context.js";import{deserializeContext,serializeContext}from"#context/serialize.js";import{readDurableSession,writeDurableSession}from"#execution/durable-session-store.js";import{hydrateDurableSession}from"#execution/session.js";import{isConnectionAuthorizationFailedError,isConnectionAuthorizationRequiredError}from"#public/connections/errors.js";import{writeCachedToken}from"#runtime/connections/authorization-tokens.js";import{withConnectionPrincipalOverride}from"#runtime/connections/principal-context.js";import{principalKey,resolveConnectionPrincipal}from"#runtime/connections/principal.js";import{withDefaultAuthorizationInstructions}from"#execution/authorization-challenge-defaults.js";import{splicePendingToolResults}from"#execution/await-authorization-splice.js";async function startAuthorizationForConnectionStep(t){"use step";let r=await deserializeContext(t.serializedContext),i=findConnection(r,t.connectionName);if(i?.authorization?.startAuthorization===void 0){let n=`Connection "${t.connectionName}" does not define startAuthorization.`;return await emitAuthorizationEvent(r,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:n,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:n}}let a=i.description??t.connectionName,o,s,c;try{o=resolveConnectionPrincipal(t.connectionName,i.authorization,r);let e=await i.authorization.startAuthorization({principal:o,connection:{url:i.url},callbackUrl:t.webhookUrl});s=withDefaultAuthorizationInstructions(e.challenge,t.connectionName),c=e.state}catch(n){let i=n instanceof Error?n.message:String(n);return await emitAuthorizationEvent(r,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:i,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:i}}return await emitAuthorizationEvent(r,createConnectionAuthorizationRequiredEvent({authorization:s,connectionName:t.connectionName,description:a,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId,webhookUrl:t.webhookUrl}),t.parentWritable),{ok:!0,principal:o,serializedContext:serializeContext(r),state:c}}async function emitConnectionAuthorizationPendingStep(e){"use step";e.connectionNames.length!==0&&await emitAuthorizationEvent(await deserializeContext(e.serializedContext),createConnectionAuthorizationPendingEvent({connectionNames:e.connectionNames,sequence:e.emissionState.sequence,stepIndex:e.emissionState.stepIndex,turnId:e.emissionState.turnId}),e.parentWritable)}async function completeAuthorizationForConnectionStep(t){"use step";let n=await deserializeContext(t.serializedContext),r=findConnection(n,t.connectionName);if(r?.authorization?.completeAuthorization===void 0){let r=`Connection "${t.connectionName}" does not define completeAuthorization.`;return await emitAuthorizationEvent(n,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:r,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:r,retryable:!1}}try{let i=await r.authorization.completeAuthorization({principal:t.principal,connection:{url:r.url},request:t.request,state:t.state,callbackUrl:t.webhookUrl});return await emitAuthorizationEvent(n,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`authorized`,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!0,token:i}}catch(r){let i=isConnectionAuthorizationFailedError(r)?r:null,a=i?.retryable??!0,o=i?.reason??(r instanceof Error?r.message:String(r));return await emitAuthorizationEvent(n,createConnectionAuthorizationCompletedEvent({connectionName:t.connectionName,outcome:`failed`,reason:o,sequence:t.emissionState.sequence,stepIndex:t.emissionState.stepIndex,turnId:t.emissionState.turnId}),t.parentWritable),{ok:!1,reason:o,retryable:a}}}async function resolvePendingToolCallsStep(e){"use step";let t=await readDurableSession(e.sessionState),n=await deserializeContext(e.serializedContext),r=n.require(BundleKey),i=hydrateDurableSession({compactionOverrides:{thresholdPercent:r.resolvedAgent.config.compaction?.thresholdPercent},durable:t,turnAgent:r.turnAgent}),o=new ConnectionRegistryImpl(getActiveRuntimeNode(n).agent?.connections??[]);n.setVirtualContext(ConnectionRegistryKey,o);for(let[t,r]of Object.entries(e.tokens)){let i=e.principals[t];if(i===void 0)throw Error(`Internal error: missing resolved principal for connection "${t}".`);writeCachedToken(n,t,principalKey(i),r)}let c={},d=new Set(e.resolvedConnectionNames);await contextStorage.run(n,()=>withConnectionPrincipalOverride(n,e.principals,async()=>{for(let t of e.pendingCalls){let n=t.kind===`connection-execute`?[t.connectionName]:t.connectionNames,r;for(let t of n){let n=e.failedConnections[t];if(n!==void 0){r={connectionName:t,...n};break}}if(r!==void 0&&t.kind===`connection-execute`){c[t.toolCallId]=r.retryable?{error:`authorization_required`,retryable:!0}:{connectionName:r.connectionName,error:`authorization_failed`,message:r.reason,retryable:!1};continue}if(!n.every(e=>d.has(e))&&t.kind===`connection-execute`){c[t.toolCallId]={error:`authorization_required`,retryable:!0};continue}try{if(t.kind===`connection-execute`){let e=await o.getClient(t.connectionName).executeTool(t.toolName,t.args);c[t.toolCallId]=normalizeToolResult(e)}else{let e=await executeConnectionSearch(t.args,{toolCallId:t.toolCallId});isConnectionAuthorizationPlaceholder(e)?c[t.toolCallId]={error:`authorization_required`,retryable:!0}:c[t.toolCallId]=normalizeToolResult(e)}}catch(e){if(isConnectionAuthorizationRequiredError(e)){c[t.toolCallId]={error:`authorization_required`,retryable:!0};continue}let n=e instanceof Error?e.message:String(e);c[t.toolCallId]={error:`tool_execution_failed`,message:n,retryable:!1}}}}));let f=splicePendingToolResults(i,c),p=e.pendingCalls.filter(t=>(t.kind===`connection-execute`?[t.connectionName]:t.connectionNames).some(t=>!d.has(t)&&e.failedConnections[t]===void 0));n.set(PendingConnectionToolCallsKey,p);let m=await writeDurableSession({session:f,writable:e.sessionWritable});return{serializedContext:serializeContext(n),sessionState:m}}function findConnection(e,t){return e.get(BundleKey)===void 0?void 0:(getActiveRuntimeNode(e).agent?.connections??[]).find(e=>e.connectionName===t)}async function emitAuthorizationEvent(e,t,n){let a=e.require(ChannelKey),s=buildAdapterContext(a,e),l=await callAdapterEventHandler(a,t,s);e.set(ChannelKey,{...a,state:{...s.state}});let u=n.getWriter();try{await u.write(encodeMessageStreamEvent(timestampHandleMessageStreamEvent(l)))}finally{u.releaseLock()}}function normalizeToolResult(e){if(e===void 0)return null;try{return JSON.parse(JSON.stringify(e))}catch{return{error:`tool_result_not_serializable`,retryable:!1}}}export{completeAuthorizationForConnectionStep,emitConnectionAuthorizationPendingStep,resolvePendingToolCallsStep,startAuthorizationForConnectionStep};

package/dist/src/execution/create-session-step.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { RuntimeCompiledArtifactsSource } from "#runtime/compiled-artifacts-source.js";
+import { type DurableSessionSnapshot, type DurableSessionState } from "#execution/durable-session-store.js";
+/**
+ * Creates the durable session and writes the initial snapshot to the
+ * `ash.session` stream before the workflow enters its turn loop.
+ * `nodeId` targets a subagent node in the compiled graph; omitted for
+ * the root agent.
+ */
+export declare function createSessionStep(input: {
+    readonly compiledArtifactsSource: RuntimeCompiledArtifactsSource;
+    readonly continuationToken: string;
+    readonly nodeId?: string;
+    readonly sessionId: string;
+    readonly sessionWritable: WritableStream<DurableSessionSnapshot>;
+}): Promise<DurableSessionState>;

package/dist/src/execution/create-session-step.js ADDED Viewed

@@ -0,0 +1 @@

+ import{writeDurableSession}from"#execution/durable-session-store.js";import{createSession}from"#execution/session.js";import{getCompiledRuntimeAgentBundle}from"#runtime/sessions/compiled-agent-cache.js";async function createSessionStep(e){"use step";let t=await getCompiledRuntimeAgentBundle({compiledArtifactsSource:e.compiledArtifactsSource,nodeId:e.nodeId});return await writeDurableSession({session:createSession({compactionOverrides:{thresholdPercent:t.resolvedAgent.config.compaction?.thresholdPercent},continuationToken:e.continuationToken,sessionId:e.sessionId,turnAgent:t.turnAgent}),writable:e.sessionWritable})}export{createSessionStep};

package/dist/src/execution/delegated-parent-notification.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * Bridges a delegated subagent's terminal outcome back to its parent
+ * driver via the subagent-result hook. Pure projection helpers live
+ * in `delegated-parent-result.ts` so the workflow step-proxy transform
+ * doesn't strip them from this file.
+ */
+import type { RuntimeSubagentResultActionResult } from "#runtime/actions/types.js";
+/**
+ * Resumes the parent driver's hook with a delegated subagent result.
+ * No-op for root sessions.
+ */
+export declare function notifyDelegatedParentStep(input: {
+    readonly result: RuntimeSubagentResultActionResult | undefined;
+    readonly serializedContext: Record<string, unknown>;
+}): Promise<void>;

package/dist/src/execution/delegated-parent-notification.js ADDED Viewed

@@ -0,0 +1 @@

+ import{ChannelKey}from"#runtime/sessions/runtime-context-keys.js";import{deserializeContext}from"#context/serialize.js";import{SUBAGENT_ADAPTER_KIND}from"#execution/subagent-adapter.js";async function notifyDelegatedParentStep(e){"use step";if(e.result===void 0)return;let t=(await deserializeContext(e.serializedContext)).get(ChannelKey);if(t?.kind!==SUBAGENT_ADAPTER_KIND)return;let n=String(t.state?.parentContinuationToken??``);if(n===``)return;let{resumeHook:r}=await import(`#compiled/@workflow/core/runtime.js`);await r(n,{kind:`runtime-action-result`,results:[e.result]})}export{notifyDelegatedParentStep};

package/dist/src/execution/delegated-parent-result.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Pure helpers that project a delegated subagent's terminal output
+ * into the runtime-action result shape its parent driver expects.
+ * Lives in its own (non-directive) file to escape the workflow
+ * step-proxy transform.
+ */
+import type { RuntimeSubagentResultActionResult } from "#runtime/actions/types.js";
+/**
+ * Builds the success-shaped {@link RuntimeSubagentResultActionResult}.
+ * Returns `undefined` for root sessions (no parent to notify).
+ */
+export declare function createDelegatedSubagentSuccessResult(serializedContext: Record<string, unknown>, output: string): RuntimeSubagentResultActionResult | undefined;
+/** Failure-path mirror of {@link createDelegatedSubagentSuccessResult}. */
+export declare function createDelegatedSubagentErrorResult(serializedContext: Record<string, unknown>, error: unknown): RuntimeSubagentResultActionResult | undefined;

package/dist/src/execution/delegated-parent-result.js ADDED Viewed

@@ -0,0 +1 @@

+ import{toErrorMessage}from"#shared/errors.js";import{SUBAGENT_ADAPTER_KIND}from"#execution/subagent-adapter.js";function createDelegatedSubagentSuccessResult(e,n){let r=e[`ash.channel`];if(r?.kind===SUBAGENT_ADAPTER_KIND)return{callId:String(r.state?.callId??``),kind:`subagent-result`,output:n,subagentName:String(r.state?.subagentName??``)}}function createDelegatedSubagentErrorResult(t,n){let r=createDelegatedSubagentSuccessResult(t,``);if(r!==void 0)return{...r,isError:!0,output:{code:`SUBAGENT_EXECUTION_FAILED`,message:toErrorMessage(n)}}}export{createDelegatedSubagentErrorResult,createDelegatedSubagentSuccessResult};

package/dist/src/execution/dispatch-runtime-actions-step.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * Starts every pending runtime action for the parked parent session.
+ *
+ * Each child run starts in task mode, emits a parent `subagent.called`
+ * control-plane event, and then runs independently on its own child
+ * stream. Records each child's continuation token on the parent
+ * session and appends the updated snapshot to `ash.session`.
+ */
+import type { RuntimeSubagentResultActionResult } from "#runtime/actions/types.js";
+import { type DurableSessionSnapshot, type DurableSessionState } from "#execution/durable-session-store.js";
+export declare function dispatchRuntimeActionsStep(input: {
+    readonly callbackBaseUrl?: string;
+    readonly parentWritable: WritableStream<Uint8Array>;
+    readonly serializedContext: Record<string, unknown>;
+    readonly sessionState: DurableSessionState;
+    readonly sessionWritable: WritableStream<DurableSessionSnapshot>;
+}): Promise<{
+    readonly results: readonly RuntimeSubagentResultActionResult[];
+    readonly sessionState: DurableSessionState;
+}>;

package/dist/src/execution/dispatch-runtime-actions-step.js ADDED Viewed

@@ -0,0 +1 @@

+ import{toErrorMessage}from"#shared/errors.js";import{AuthKey,CapabilitiesKey,InitiatorAuthKey}from"#context/keys.js";import{createSubagentCalledEvent,encodeMessageStreamEvent,timestampHandleMessageStreamEvent}from"#protocol/message.js";import{callAdapterEventHandler}from"#channel/adapter.js";import{BundleKey,ChannelKey}from"#runtime/sessions/runtime-context-keys.js";import{buildAdapterContext}from"#channel/adapter-context.js";import{deserializeContext}from"#context/serialize.js";import{readDurableSession,writeDurableSession}from"#execution/durable-session-store.js";import{hydrateDurableSession}from"#execution/session.js";import{getPendingRuntimeActionBatch,recordPendingSubagentChildToken}from"#harness/runtime-actions.js";import{resolveRemoteAgentForAction,startRemoteAgentSession}from"#execution/remote-agent-dispatch.js";import{buildSubagentRunInput}from"#execution/subagent-tool.js";import{createWorkflowRuntime,workflowEntryReference}from"#execution/workflow-runtime.js";async function dispatchRuntimeActionsStep(e){"use step";let u=await readDurableSession(e.sessionState),d=getPendingRuntimeActionBatch(u.state);if(d===void 0||d.actions.length===0)return{results:[],sessionState:e.sessionState};let f=await deserializeContext(e.serializedContext),p=f.require(BundleKey),m=hydrateDurableSession({compactionOverrides:{thresholdPercent:p.resolvedAgent.config.compaction?.thresholdPercent},durable:u,turnAgent:p.turnAgent}),h=f.require(ChannelKey),g=f.get(AuthKey)??null,_=f.get(CapabilitiesKey),v=f.get(InitiatorAuthKey)??null,y=e.parentWritable.getWriter(),b=buildAdapterContext(h,f),x=m,S=[];try{for(let t of d.actions){let n,r,s,c;switch(t.kind){case`subagent-call`:{let e=createWorkflowRuntime({compiledArtifactsSource:p.compiledArtifactsSource,nodeId:t.nodeId}),{childContinuationToken:i,runInput:a}=buildSubagentRunInput({action:t,auth:g,batchEvent:d.event,capabilities:_,initiatorAuth:v,session:m}),o=await e.run(a);x=recordPendingSubagentChildToken({callId:t.callId,childContinuationToken:i,session:x}),n=o.sessionId,r=t.name,c=t.subagentName;break}case`remote-agent-call`:{let i;try{i=resolveRemoteAgentForAction({nodeId:t.nodeId,remoteAgentName:t.remoteAgentName,registry:p.subagentRegistry.subagentsByNodeId}),n=await startRemoteAgentSession({action:t,callbackBaseUrl:e.callbackBaseUrl,remote:i,session:m})}catch(e){S.push(createRemoteAgentStartFailureResult({action:t,error:e}));continue}r=t.name,s={url:i.url},c=t.remoteAgentName;break}default:throw Error(`Unsupported runtime action kind "${t.kind}" in workflow runtime.`)}let l=await callAdapterEventHandler(h,createSubagentCalledEvent({callId:t.callId,childSessionId:n,name:r,remote:s,sequence:d.event.sequence,sessionId:m.sessionId,toolName:c,turnId:d.event.turnId,workflowId:workflowEntryReference.workflowId}),b);await y.write(encodeMessageStreamEvent(timestampHandleMessageStreamEvent(l)))}}finally{y.releaseLock()}return{results:S,sessionState:x===m?e.sessionState:await writeDurableSession({session:x,writable:e.sessionWritable})}}function createRemoteAgentStartFailureResult(t){return{callId:t.action.callId,isError:!0,kind:`subagent-result`,output:{code:`REMOTE_AGENT_START_FAILED`,message:toErrorMessage(t.error)},subagentName:t.action.remoteAgentName}}export{dispatchRuntimeActionsStep};

package/dist/src/execution/durable-session-migrations/chain.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * Generic version-walking migration framework for versioned durable
+ * wire shapes. Each migration steps a value one version forward; the
+ * runner chains them so a value written at any historic version can
+ * be read at the current one.
+ */
+/**
+ * One migration step in a version chain. `to` MUST equal `from + 1`
+ * and `migrate` MUST stamp the returned value's `version` field with
+ * `to`; the runner verifies both.
+ */
+export interface VersionMigration {
+    readonly from: number;
+    readonly to: number;
+    migrate: (prior: unknown) => {
+        readonly version: number;
+    };
+}
+/**
+ * Walks `value` through `migrations` until its `version` matches
+ * `targetVersion`. Throws on missing migrations, malformed steps, or
+ * a value newer than the runner supports.
+ */
+export declare function runMigrationChain<TOut extends {
+    readonly version: number;
+}>(input: {
+    readonly value: unknown;
+    readonly migrations: readonly VersionMigration[];
+    readonly targetVersion: number;
+    readonly label: string;
+}): TOut;

package/dist/src/execution/durable-session-migrations/chain.js ADDED Viewed

@@ -0,0 +1 @@

+ function runMigrationChain(e){if(typeof e.value!=`object`||e.value===null||!(`version`in e.value)||typeof e.value.version!=`number`)throw Error(`${e.label}: value has no numeric "version" field.`);let t=e.value;if(!Number.isInteger(t.version)||t.version<1)throw Error(`${e.label}: version ${t.version} is not a positive integer.`);if(t.version>e.targetVersion)throw Error(`${e.label}: encountered version ${t.version}, which is newer than the supported version ${e.targetVersion}. This usually indicates the wire was written by a newer Ash deployment than the one reading it.`);for(;t.version<e.targetVersion;){let n=e.migrations.find(e=>e.from===t.version);if(!n)throw Error(`${e.label}: no migration registered for version ${t.version} → ${t.version+1}.`);if(n.to!==n.from+1)throw Error(`${e.label}: migration ${n.from} → ${n.to} must step exactly one version at a time.`);let r=n.migrate(t);if(r.version!==n.to)throw Error(`${e.label}: migration ${n.from} → ${n.to} produced a value with version ${r.version}.`);t=r}return t}export{runMigrationChain};

package/dist/src/execution/durable-session-migrations/snapshot.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Durable session snapshot migrations.
+ *
+ * ## Adding a new snapshot version
+ *
+ * When a shape change cannot be expressed as a purely additive field:
+ *
+ * 1. Bump `DURABLE_SESSION_VERSION` in `durable-session-store.ts`.
+ * 2. Update {@link DurableSessionSnapshot}, {@link DurableSession},
+ *    `projectToDurableSession`, and `hydrateDurableSession`.
+ * 3. Add `snapshot-v{N}-to-v{N+1}.ts` exporting one
+ *    {@link VersionMigration} (`from: N`, `to: N + 1`, pure
+ *    function, stamps the new `version`).
+ * 4. Append the migration to {@link snapshotMigrations}.
+ * 5. Cover it in `snapshot.test.ts`.
+ */
+import type { DurableSessionSnapshot } from "#execution/durable-session-store.js";
+/**
+ * Migrates a {@link DurableSessionSnapshot} up to
+ * {@link DURABLE_SESSION_VERSION}. Pure; safe to call inline.
+ */
+export declare function migrateDurableSessionSnapshot(value: unknown): DurableSessionSnapshot;

package/dist/src/execution/durable-session-migrations/snapshot.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ import{runMigrationChain}from"./chain.js";import{DURABLE_SESSION_VERSION}from"#execution/durable-session-store.js";const snapshotMigrations=[];function migrateDurableSessionSnapshot(e){return runMigrationChain({label:`durable session snapshot`,migrations:snapshotMigrations,targetVersion:DURABLE_SESSION_VERSION,value:e})}export{migrateDurableSessionSnapshot};