wyrm-mcp 7.2.0 → 7.2.2

package/dist/handlers/run.js

@@ -1,498 +1,28 @@
-/**
- * Run domain — ToolSpec contract v2 (v7 F3 T027, spec FR-5 / G5).
- *
- * `wyrm_run` is the fleet-run lifecycle tool on the migration-20 runs /
- * run_agents tables — the 32nd survivor (spec §7 criterion 1 lands the
- * advertised surface at exactly the ≤32 pin):
- *
- *   start   — mints a ULID run_id (or idempotently adopts an explicit one —
- *             the F2 orphan shape where the orchestrator already exported
- *             WYRM_RUN_ID) and registers the orchestrator in run_agents.
- *   join    — registers (agent_id, role) membership; re-join updates role.
- *   status  — run row + members + run-quarantined failure counts + claims.
- *   debrief — fans each agent's submitted learnings through the EXISTING
- *             auto_capture pipeline (src/auto-capture.ts: the LOCAL
- *             WYRM_EXTRACT_MODEL Ollama slot / deterministic fallback —
- *             NEVER a cloud LLM, Article III) into a RUN-SCOPED review
- *             queue: needs_review=1 artifacts stamped with the run's run_id
- *             + the submitting agent's agent_id (via runWithActor) and
- *             tagged `run:<run_id>`.
- *   end     — writes the run summary artifact (linked via
- *             runs.debrief_artifact_id), sets the terminal status
- *             (completed|failed|abandoned — the T015 sweep lifecycle), lets
- *             the T015 sweepRunQuarantine() explicit-verdict paths
- *             promote/expire this run's quarantined failures, and releases
- *             the run's quest claims (presence.releaseRunClaims).
- *
- * Attribution: full boundary-envelope stamping for free — `run_id` and
- * `agent_id`-style params ride the same arg names the dispatcher's
- * resolveActorEnvelope() reads, every memory.add() stamps the ambient
- * envelope, and the debrief wraps each learning in runWithActor() so the
- * SUBMITTING agent (not the orchestrator relaying the call) is the artifact's
- * recorded author.
- *
- * Writes are LOCAL (no daemonOr seam): the runs/run_agents tables have no
- * daemon-writer op, and the review-queue candidate path mirrors
- * wyrm_auto_capture's direct memory.add() precedent — recorded T027
- * deviation note.
- *
- * @copyright 2026 Ghost Protocol (Pvt) Ltd.
- * @license AGPL-3.0-or-later — dual-licensed; commercial terms: ghosts.lk@proton.me. See LICENSE.
- */
-import { TOOL_ANNOTATIONS } from '../tool-annotations.js';
-import { renderResult, withGlyph } from '../render.js';
-import { ValidationError, asEnum, asString } from '../validate.js';
-import { getActor, runWithActor, sanitizeActorId } from './boundary.js';
-import { extractCandidates, candidateToArtifact, escapeLikePattern } from '../auto-capture.js';
-import { ulid } from '../ulid.js';
-const RUN_ACTIONS = ['start', 'join', 'status', 'debrief', 'end'];
-const TERMINAL_STATUSES = ['completed', 'failed', 'abandoned'];
-const getRun = (db, runId) => db.prepare('SELECT * FROM runs WHERE run_id = ?').get(runId);
-const getAgents = (db, runId) => db.prepare('SELECT agent_id, role, joined_at FROM run_agents WHERE run_id = ? ORDER BY joined_at, agent_id').all(runId);
-/** Boundary-validate an identity-shaped param (same rules the actor envelope
- * applies: ≤64 printable-ASCII chars, no ';'). Required-ness is the caller's
- * concern — null/undefined pass through as null. */
-function asIdentity(field, v) {
-    if (v === undefined || v === null)
-        return null;
-    const safe = sanitizeActorId(v);
-    if (safe === null)
-        throw new ValidationError(field, 'must be <=64 printable-ASCII chars (no ";")');
-    return safe;
-}
-/** Register run membership (idempotent CAS on the (run_id, agent_id) PK;
- * re-join refreshes the role when one is supplied — EXCEPT off
- * 'orchestrator', which only `action=start` assigns and nothing strips.
- *
- * Second-round review of security pass #1 (confirmed finding): the plain
- * COALESCE refresh let an envelope-less caller re-join AS the orchestrator's
- * agent_id with any fleet role and silently DEMOTE the run's only
- * 'orchestrator' row — gate (2) at join only guards CLAIMING the role, not
- * stripping it — after which the start-door orphan-adoption branch (hasOrch
- * now false) handed 'orchestrator' to a different agent: a two-step takeover
- * that defeated the reserved-role invariant the pass introduced. The role is
- * now sticky at the one seam every roster write passes through; the
- * trusted-mesh self-identify re-join still succeeds, it just cannot mutate
- * owner truth. */
-function registerAgent(db, runId, agentId, role) {
-    db.prepare(`
+import{TOOL_ANNOTATIONS as z}from"../tool-annotations.js";import{renderResult as R,withGlyph as w}from"../render.js";import{ValidationError as E,asEnum as W,asString as A}from"../validate.js";import{getActor as B,runWithActor as G,sanitizeActorId as V}from"./boundary.js";import{extractCandidates as J,candidateToArtifact as Q,escapeLikePattern as K}from"../auto-capture.js";import{ulid as X}from"../ulid.js";const H=["start","join","status","debrief","end"],Z=["completed","failed","abandoned"],O=(e,a)=>e.prepare("SELECT * FROM runs WHERE run_id = ?").get(a),v=(e,a)=>e.prepare("SELECT agent_id, role, joined_at FROM run_agents WHERE run_id = ? ORDER BY joined_at, agent_id").all(a);function h(e,a){if(a==null)return null;const u=V(a);if(u===null)throw new E(e,'must be <=64 printable-ASCII chars (no ";")');return u}function q(e,a,u,r){e.prepare(`
     INSERT INTO run_agents (run_id, agent_id, role) VALUES (?, ?, ?)
     ON CONFLICT(run_id, agent_id) DO UPDATE SET role =
       CASE WHEN run_agents.role = 'orchestrator' THEN run_agents.role
            ELSE COALESCE(excluded.role, run_agents.role) END
-  `).run(runId, agentId, role);
-}
-// ── run authority (F3 security pass #1, confirmed findings) ────────────────
-// The trusted-mesh model has no cryptographic identity, so these gates are
-// accident/impersonation guards, not auth: roster mutations and run teardown
-// were previously open to ANY caller holding the run_id (join injected
-// arbitrary (agent_id, role) rows — including role='orchestrator', which
-// presence.membershipRole treats as board truth — and end force-released
-// EVERY claim the run held). Denials are visible (isError), never silent.
-/** TRUE when `agentId` is registered on the run with the orchestrator role. */
-function isOrchestratorMember(db, runId, agentId) {
-    if (!agentId)
-        return false;
-    return db.prepare("SELECT 1 FROM run_agents WHERE run_id = ? AND agent_id = ? AND role = 'orchestrator'").get(runId, agentId) !== undefined;
-}
-/** TRUE when `agentId` is a registered member of the run (any role). */
-function isRunMember(db, runId, agentId) {
-    return db.prepare('SELECT 1 FROM run_agents WHERE run_id = ? AND agent_id = ?').get(runId, agentId) !== undefined;
-}
-/** TRUE when the ambient envelope carries an EXPLICIT agent identity (the
- * hasExplicitAttribution rule, agent-field slice): param/meta/env levels
- * only — the clientInfo fallback is what every anonymous caller gets for
- * free, so it can never carry on-behalf-of authority. */
-function hasExplicitAgent(ambient) {
-    return ambient.agent_id !== null && ambient.source !== 'client' && ambient.source !== 'legacy';
-}
-const touchRun = (db, runId) => {
-    db.prepare(`UPDATE runs SET updated_at = datetime('now') WHERE run_id = ?`).run(runId);
-};
-const notFound = (runId) => ({
-    content: [{ type: 'text', text: `Run not found: ${runId}` }], isError: true,
-});
-export const runToolSpecs = [
-    {
-        name: "wyrm_run",
-        description: "Use to manage a fleet run lifecycle from the orchestrator: action=start mints a ULID run_id and registers the orchestrator, join registers each subagent (agent_id, role), status reports agents, run-quarantined failure counts, and quest claims, debrief fans each agent's learnings through the LOCAL extractor (never a cloud LLM) into a run-scoped review queue for wyrm_review, and end writes the run summary, promotes or expires quarantined failures, and releases claims.",
-        inputSchema: {
-            type: "object",
-            properties: {
-                action: { type: "string", enum: ["start", "join", "status", "debrief", "end"] },
-                run_id: { type: "string", description: "start mints if omitted" },
-                agent_id: { type: "string", description: "default: ambient envelope" },
-                role: { type: "string", description: "join" },
-                orchestrator: { type: "string", description: "start" },
-                parent_run_id: { type: "string", description: "start: nested fleets" },
-                project_path: { type: "string", description: "debrief/end" },
-                learnings: { type: "array", items: { type: "object" }, description: "debrief: [{agent_id?, text}]" },
-                status: { type: "string", enum: ["completed", "failed", "abandoned"], description: "end (default completed)" },
-            },
-            required: ["action"],
-        },
-        // Flat result union (lean under the 8K default-surface pin): the
-        // per-action count fields are top-level optionals, never nested objects.
-        outputSchema: {
-            type: "object",
-            properties: {
-                action: { type: "string" },
-                run_id: { type: "string" },
-                status: { type: "string" },
-                orchestrator: { type: ["string", "null"] },
-                agents: {
-                    type: "array",
-                    items: {
-                        type: "object",
-                        properties: { agent_id: { type: "string" }, role: { type: ["string", "null"] } },
-                        required: ["agent_id", "role"],
-                    },
-                },
-                quarantined: { type: "integer" },
-                resolved: { type: "integer" },
-                claims: { type: "integer" },
-                method: { type: "string" },
-                queued: { type: "integer" },
-                skipped: { type: "integer" },
-                promoted: { type: "integer" },
-                expired: { type: "integer" },
-                claims_released: { type: "integer" },
-                summary_artifact_id: { type: ["integer", "null"] },
-            },
-            required: ["action", "run_id", "status"],
-        },
-        annotations: TOOL_ANNOTATIONS.wyrm_run,
-        aliases: [],
-        handler: async (args, ctx) => {
-            const action = asEnum('action', args.action, RUN_ACTIONS);
-            if (!action)
-                throw new ValidationError('action', `must be one of: ${RUN_ACTIONS.join(', ')}`);
-            const db = ctx.raw();
-            // Ambient boundary envelope (T009): the dispatcher stashed it in ALS
-            // before the registry fork — same read every attributed write uses.
-            const ambient = getActor();
-            // ── start ─────────────────────────────────────────────────────────────
-            if (action === 'start') {
-                const explicit = asIdentity('run_id', args.run_id);
-                const runId = explicit ?? ulid();
-                const orchestratorName = asString('orchestrator', args.orchestrator, { maxLen: 200 })
-                    ?? ambient.agent_id ?? null;
-                const orchAgent = asIdentity('agent_id', args.agent_id) ?? ambient.agent_id;
-                const parentId = asIdentity('parent_run_id', args.parent_run_id);
-                const existing = getRun(db, runId);
-                if (existing) {
-                    if (!explicit || existing.status !== 'running') {
-                        // A minted-ULID collision is practically impossible; an explicit
-                        // re-start of a TERMINAL run is an orchestration bug — visible,
-                        // never silently re-opened.
-                        return { content: [{ type: 'text', text: `Run ${runId} already exists (status: ${existing.status}).` }], isError: true };
-                    }
-                    // Idempotent re-start of a still-running explicit run (safe retry).
-                    // Security pass #1: the retry must be by the SAME orchestrator —
-                    // re-start with a different agent_id would otherwise quietly add a
-                    // second 'orchestrator' roster row (the join-injection root cause
-                    // through the start door). A run with no orchestrator member yet
-                    // (the F2 orphan shape: WYRM_RUN_ID exported before any agent
-                    // registered) may still adopt one.
-                    if (orchAgent) {
-                        const hasOrch = db.prepare("SELECT 1 FROM run_agents WHERE run_id = ? AND role = 'orchestrator' LIMIT 1").get(runId) !== undefined;
-                        if (hasOrch && !isOrchestratorMember(db, runId, orchAgent)) {
-                            return { content: [{ type: 'text', text: `Run ${runId} already has an orchestrator — re-start with the same agent_id, or join as a member instead.` }], isError: true };
-                        }
-                        registerAgent(db, runId, orchAgent, 'orchestrator');
-                    }
-                    touchRun(db, runId);
-                }
-                else {
-                    if (parentId && !getRun(db, parentId)) {
-                        return { content: [{ type: 'text', text: `Parent run not found: ${parentId}` }], isError: true };
-                    }
-                    db.prepare(`
+  `).run(a,u,r)}function S(e,a,u){return u?e.prepare("SELECT 1 FROM run_agents WHERE run_id = ? AND agent_id = ? AND role = 'orchestrator'").get(a,u)!==void 0:!1}function ee(e,a,u){return e.prepare("SELECT 1 FROM run_agents WHERE run_id = ? AND agent_id = ?").get(a,u)!==void 0}function te(e){return e.agent_id!==null&&e.source!=="client"&&e.source!=="legacy"}const C=(e,a)=>{e.prepare("UPDATE runs SET updated_at = datetime('now') WHERE run_id = ?").run(a)},re=e=>({content:[{type:"text",text:`Run not found: ${e}`}],isError:!0}),ce=[{name:"wyrm_run",description:"Use to manage a fleet run lifecycle from the orchestrator: action=start mints a ULID run_id and registers the orchestrator, join registers each subagent (agent_id, role), status reports agents, run-quarantined failure counts, and quest claims, debrief fans each agent's learnings through the LOCAL extractor (never a cloud LLM) into a run-scoped review queue for wyrm_review, and end writes the run summary, promotes or expires quarantined failures, and releases claims.",inputSchema:{type:"object",properties:{action:{type:"string",enum:["start","join","status","debrief","end"]},run_id:{type:"string",description:"start mints if omitted"},agent_id:{type:"string",description:"default: ambient envelope"},role:{type:"string",description:"join"},orchestrator:{type:"string",description:"start"},parent_run_id:{type:"string",description:"start: nested fleets"},project_path:{type:"string",description:"debrief/end"},learnings:{type:"array",items:{type:"object"},description:"debrief: [{agent_id?, text}]"},status:{type:"string",enum:["completed","failed","abandoned"],description:"end (default completed)"}},required:["action"]},outputSchema:{type:"object",properties:{action:{type:"string"},run_id:{type:"string"},status:{type:"string"},orchestrator:{type:["string","null"]},agents:{type:"array",items:{type:"object",properties:{agent_id:{type:"string"},role:{type:["string","null"]}},required:["agent_id","role"]}},quarantined:{type:"integer"},resolved:{type:"integer"},claims:{type:"integer"},method:{type:"string"},queued:{type:"integer"},skipped:{type:"integer"},promoted:{type:"integer"},expired:{type:"integer"},claims_released:{type:"integer"},summary_artifact_id:{type:["integer","null"]}},required:["action","run_id","status"]},annotations:z.wyrm_run,aliases:[],handler:async(e,a)=>{const u=W("action",e.action,H);if(!u)throw new E("action",`must be one of: ${H.join(", ")}`);const r=a.raw(),_=B();if(u==="start"){const n=h("run_id",e.run_id),i=n??X(),s=A("orchestrator",e.orchestrator,{maxLen:200})??_.agent_id??null,c=h("agent_id",e.agent_id)??_.agent_id,o=h("parent_run_id",e.parent_run_id),p=O(r,i);if(p){if(!n||p.status!=="running")return{content:[{type:"text",text:`Run ${i} already exists (status: ${p.status}).`}],isError:!0};if(c){if(r.prepare("SELECT 1 FROM run_agents WHERE run_id = ? AND role = 'orchestrator' LIMIT 1").get(i)!==void 0&&!S(r,i,c))return{content:[{type:"text",text:`Run ${i} already has an orchestrator \u2014 re-start with the same agent_id, or join as a member instead.`}],isError:!0};q(r,i,c,"orchestrator")}C(r,i)}else{if(o&&!O(r,o))return{content:[{type:"text",text:`Parent run not found: ${o}`}],isError:!0};r.prepare(`
             INSERT INTO runs (run_id, parent_run_id, orchestrator, status) VALUES (?, ?, ?, 'running')
-          `).run(runId, parentId, orchestratorName);
-                    if (orchAgent)
-                        registerAgent(db, runId, orchAgent, 'orchestrator');
-                }
-                const body = {
-                    action: 'start',
-                    run_id: runId,
-                    status: 'running',
-                    parent_run_id: parentId,
-                    orchestrator: orchestratorName,
-                    agents: orchAgent ? [{ agent_id: orchAgent, role: 'orchestrator' }] : [],
-                };
-                return renderResult(body, (b, g) => withGlyph(g.brand, `Run ${b.run_id} started${b.orchestrator ? ` by ${b.orchestrator}` : ''}.`)
-                    + `\nSubagents join with: wyrm_run({ action: 'join', run_id: '${b.run_id}', agent_id, role })`
-                    + `\nExport WYRM_RUN_ID=${b.run_id} so every write in the fleet carries run attribution.`
-                    + `\nPrime ONCE per role: wyrm_session_prime({ run_id: '${b.run_id}', role, for_spawn: true }) -> embed the returned brief in each same-role agent's spawn prefix (don't re-prime per agent).`);
-            }
-            // ── everything else requires an existing run ─────────────────────────
-            const runId = asIdentity('run_id', args.run_id);
-            if (!runId)
-                throw new ValidationError('run_id', `is required for action=${action}`);
-            const run = getRun(db, runId);
-            if (!run)
-                return notFound(runId);
-            if (action === 'join') {
-                if (run.status !== 'running') {
-                    return { content: [{ type: 'text', text: `Run ${runId} already ended (status: ${run.status}) — cannot join.` }], isError: true };
-                }
-                const explicitAgent = asIdentity('agent_id', args.agent_id);
-                const agentId = explicitAgent ?? ambient.agent_id;
-                if (!agentId) {
-                    throw new ValidationError('agent_id', 'no agent identity — pass agent_id or supply the actor envelope (actor param / _meta / WYRM_AGENT_ID)');
-                }
-                const role = asString('role', args.role, { maxLen: 200 }) ?? null;
-                // ── roster authority (security pass #1) ──
-                // (1) A caller whose envelope carries an EXPLICIT identity may only
-                // self-join under it — registering a DIFFERENT agent_id is roster
-                // mutation on behalf of someone else, orchestrator-only. (An
-                // envelope-less caller passing agent_id IS self-identifying — the
-                // documented subagent flow — so it stays open; this gate narrows the
-                // attributed case without breaking the trusted-mesh join shape.)
-                if (explicitAgent && hasExplicitAgent(ambient) && explicitAgent !== ambient.agent_id
-                    && !isOrchestratorMember(db, runId, ambient.agent_id)) {
-                    return { content: [{ type: 'text', text: `Joining run ${runId} as '${explicitAgent}' while attributed as '${ambient.agent_id}' is orchestrator-only — join as yourself, or have the orchestrator register the agent.` }], isError: true };
-                }
-                // (2) role 'orchestrator' is RESERVED: presence.membershipRole and
-                // the status board read it as run-owner truth. Allowed only as an
-                // idempotent re-join of the existing orchestrator, or when delegated
-                // by the registered orchestrator's own envelope identity.
-                if (role === 'orchestrator'
-                    && !isOrchestratorMember(db, runId, agentId)
-                    && !isOrchestratorMember(db, runId, ambient.agent_id)) {
-                    return { content: [{ type: 'text', text: `Role 'orchestrator' on run ${runId} is reserved — it is registered at action=start. Join with a fleet role instead.` }], isError: true };
-                }
-                registerAgent(db, runId, agentId, role);
-                touchRun(db, runId);
-                const agents = getAgents(db, runId);
-                const body = {
-                    action: 'join',
-                    run_id: runId,
-                    status: run.status,
-                    agents: agents.map((a) => ({ agent_id: a.agent_id, role: a.role })),
-                };
-                return renderResult(body, (b, g) => withGlyph(g.brand, `${agentId} joined run ${b.run_id}${role ? ` as ${role}` : ''} (${b.agents.length} agent(s) registered).`));
-            }
-            if (action === 'status') {
-                const agents = getAgents(db, runId);
-                const fails = db.prepare(`
+          `).run(i,o,s),c&&q(r,i,c,"orchestrator")}return R({action:"start",run_id:i,status:"running",parent_run_id:o,orchestrator:s,agents:c?[{agent_id:c,role:"orchestrator"}]:[]},(l,d)=>w(d.brand,`Run ${l.run_id} started${l.orchestrator?` by ${l.orchestrator}`:""}.`)+`
+Subagents join with: wyrm_run({ action: 'join', run_id: '${l.run_id}', agent_id, role })
+Export WYRM_RUN_ID=${l.run_id} so every write in the fleet carries run attribution.
+Prime ONCE per role: wyrm_session_prime({ run_id: '${l.run_id}', role, for_spawn: true }) -> embed the returned brief in each same-role agent's spawn prefix (don't re-prime per agent).`)}const t=h("run_id",e.run_id);if(!t)throw new E("run_id",`is required for action=${u}`);const g=O(r,t);if(!g)return re(t);if(u==="join"){if(g.status!=="running")return{content:[{type:"text",text:`Run ${t} already ended (status: ${g.status}) \u2014 cannot join.`}],isError:!0};const n=h("agent_id",e.agent_id),i=n??_.agent_id;if(!i)throw new E("agent_id","no agent identity \u2014 pass agent_id or supply the actor envelope (actor param / _meta / WYRM_AGENT_ID)");const s=A("role",e.role,{maxLen:200})??null;if(n&&te(_)&&n!==_.agent_id&&!S(r,t,_.agent_id))return{content:[{type:"text",text:`Joining run ${t} as '${n}' while attributed as '${_.agent_id}' is orchestrator-only \u2014 join as yourself, or have the orchestrator register the agent.`}],isError:!0};if(s==="orchestrator"&&!S(r,t,i)&&!S(r,t,_.agent_id))return{content:[{type:"text",text:`Role 'orchestrator' on run ${t} is reserved \u2014 it is registered at action=start. Join with a fleet role instead.`}],isError:!0};q(r,t,i,s),C(r,t);const c=v(r,t),o={action:"join",run_id:t,status:g.status,agents:c.map(p=>({agent_id:p.agent_id,role:p.role}))};return R(o,(p,m)=>w(m.brand,`${i} joined run ${p.run_id}${s?` as ${s}`:""} (${p.agents.length} agent(s) registered).`))}if(u==="status"){const n=v(r,t),i=r.prepare(`
           SELECT
             SUM(CASE WHEN quarantine_scope = 'run' AND resolved = 0 THEN 1 ELSE 0 END) AS quarantined,
             SUM(CASE WHEN resolved = 1 THEN 1 ELSE 0 END) AS resolved
           FROM failure_patterns WHERE run_id = ?
-        `).get(runId);
-                const claims = db.prepare('SELECT COUNT(*) AS n FROM quest_claims WHERE run_id = ?').get(runId).n;
-                const body = {
-                    action: 'status',
-                    run_id: runId,
-                    status: run.status,
-                    parent_run_id: run.parent_run_id,
-                    orchestrator: run.orchestrator,
-                    agents: agents.map((a) => ({ agent_id: a.agent_id, role: a.role })),
-                    quarantined: fails.quarantined ?? 0,
-                    resolved: fails.resolved ?? 0,
-                    claims,
-                };
-                return renderResult(body, (b, g) => {
-                    const lines = b.agents.map((a) => `${g.bullet} ${a.agent_id}${a.role ? ` (${a.role})` : ''}`).join('\n');
-                    return withGlyph(g.brand, `Run ${b.run_id} [${b.status}]`)
-                        + `${b.orchestrator ? `\nOrchestrator: ${b.orchestrator}` : ''}`
-                        + `\nAgents (${b.agents.length}):${lines ? `\n${lines}` : ' none'}`
-                        + `\nFailures: ${b.quarantined} run-quarantined unresolved, ${b.resolved} resolved`
-                        + `\nQuest claims held: ${b.claims}`;
-                });
-            }
-            if (action === 'debrief') {
-                const projectPath = asString('project_path', args.project_path, { maxLen: 500 });
-                if (!projectPath)
-                    throw new ValidationError('project_path', 'is required for action=debrief (the project the candidates file under)');
-                const project = ctx.store.getProject(projectPath);
-                if (!project)
-                    return { content: [{ type: 'text', text: `Project not found: ${projectPath}` }], isError: true };
-                const rawLearnings = args.learnings;
-                if (!Array.isArray(rawLearnings) || rawLearnings.length === 0) {
-                    throw new ValidationError('learnings', 'is required for action=debrief — an array of { agent_id?, text }');
-                }
-                if (rawLearnings.length > 64) {
-                    throw new ValidationError('learnings', 'too many entries (max 64 per debrief call)');
-                }
-                // Boundary bound (F3 security pass #1, confirmed finding): every
-                // sibling string param is length-bounded; an unbounded learning
-                // would materialize a proportional segment array in the
-                // deterministic extractor (auto-capture.ts splits the FULL text —
-                // only the LLM path slices to 8000) — a memory-DoS on the shared
-                // stdio server. 32K chars ≫ any honest learning; oversize is a
-                // deterministic ValidationError, not a silent skip.
-                // Second-round review of that fix (confirmed): the bound must reject
-                // BEFORE any sibling is extracted/queued — checked mid-loop, an
-                // oversize entry at index N threw AFTER entries 0..N-1 had already
-                // written review-queue artifacts: a partial commit hiding behind a
-                // ValidationError that reads as "nothing happened". Pre-scan the
-                // whole batch at the boundary (T020: validation precedes side
-                // effects); the >=20 floor / non-string per-entry SKIP semantics
-                // stay in the processing loop unchanged.
-                for (const entry of rawLearnings) {
-                    const t = entry && typeof entry === 'object' ? entry.text : undefined;
-                    if (typeof t === 'string')
-                        asString('learnings[].text', t, { maxLen: 32_000 });
-                }
-                let queued = 0;
-                let skipped = 0;
-                let candidateCount = 0;
-                const methods = new Set();
-                for (const entry of rawLearnings) {
-                    const rawText = entry && typeof entry === 'object' ? entry.text : undefined;
-                    if (typeof rawText !== 'string' || rawText.trim().length < 20) {
-                        skipped++;
-                        continue;
-                    }
-                    const text = rawText; // length pre-validated above (whole batch, pre-side-effect)
-                    const submitter = asIdentity('learnings[].agent_id', entry.agent_id)
-                        ?? ambient.agent_id;
-                    // The EXISTING auto_capture pipeline: local Ollama (WYRM_EXTRACT_MODEL,
-                    // the DragonSpark slot) or the deterministic fallback. Never a cloud
-                    // LLM (Article III; locked by tests/run-lifecycle.test.ts).
-                    const { candidates, method } = await extractCandidates(text);
-                    methods.add(method);
-                    candidateCount += candidates.length;
-                    for (const c of candidates) {
-                        const a = candidateToArtifact(c);
-                        const sig = a.tags[a.tags.length - 1]; // the 'ax:' dedup signature (auto_capture convention)
-                        // Security pass #1: sig is learning-derived, so its %/_ must be
-                        // LITERAL in the probe (escapeLikePattern + ESCAPE) — unescaped,
-                        // a wildcard-bearing learning broad-matched other ax: tags and
-                        // silently suppressed its own capture.
-                        if (db.prepare("SELECT 1 FROM memory_artifacts WHERE project_id = ? AND tags LIKE ? ESCAPE '\\' LIMIT 1")
-                            .get(project.id, '%' + escapeLikePattern(sig) + '%')) {
-                            skipped++;
-                            continue;
-                        }
-                        // RUN-SCOPED review queue: stamp the SUBMITTING agent + THIS run
-                        // on the artifact row (memory.add reads the ambient envelope) and
-                        // tag it run:<id> so the queue slices per run.
-                        runWithActor({ agent_id: submitter, run_id: runId, source: 'param' }, () => ctx.memory.add(project.id, {
-                            kind: a.kind,
-                            problem: a.problem,
-                            tags: [...a.tags, `run:${runId}`],
-                            confidence: a.confidence,
-                            needsReview: 1,
-                            createdBy: 'run-debrief',
-                        }));
-                        queued++;
-                    }
-                }
-                touchRun(db, runId);
-                if (queued > 0)
-                    ctx.cache.invalidate();
-                const body = {
-                    action: 'debrief',
-                    run_id: runId,
-                    status: run.status,
-                    method: methods.size === 1 ? [...methods][0] : methods.size === 0 ? 'none' : 'mixed',
-                    submitted: rawLearnings.length,
-                    candidates: candidateCount,
-                    queued,
-                    skipped,
-                };
-                return renderResult(body, (b, g) => withGlyph(g.brand, `Run ${b.run_id} debrief (${b.method}): ${b.submitted} learning(s) -> `
-                    + `${b.queued} candidate(s) queued for review, ${b.skipped} skipped.`)
-                    + `\nApprove/reject with wyrm_review (run-scoped tag run:${b.run_id}).`);
-            }
-            // ── end ───────────────────────────────────────────────────────────────
-            if (run.status !== 'running') {
-                return { content: [{ type: 'text', text: `Run ${runId} already ended (status: ${run.status}).` }], isError: true };
-            }
-            // end authority (security pass #1): end is MEMBER-only — it sets the
-            // terminal status, drives the quarantine verdict, and force-releases
-            // EVERY claim the run holds (releaseRunClaims is a run-wide bulk
-            // delete, unlike the holder-scoped releaseClaim), so an outsider with
-            // the run_id must not be able to tear a live fleet's leases down.
-            const endAgent = asIdentity('agent_id', args.agent_id) ?? ambient.agent_id;
-            if (!endAgent) {
-                throw new ValidationError('agent_id', 'no agent identity — action=end is member-only; pass agent_id or supply the actor envelope (actor param / _meta / WYRM_AGENT_ID)');
-            }
-            if (!isRunMember(db, runId, endAgent)) {
-                return { content: [{ type: 'text', text: `'${endAgent}' is not a registered member of run ${runId} — only run members may end it (action=join first).` }], isError: true };
-            }
-            const terminal = asEnum('status', args.status, TERMINAL_STATUSES, 'completed');
-            const projectPath = asString('project_path', args.project_path, { maxLen: 500 });
-            const project = projectPath ? ctx.store.getProject(projectPath) : undefined;
-            if (projectPath && !project) {
-                return { content: [{ type: 'text', text: `Project not found: ${projectPath}` }], isError: true };
-            }
-            // Snapshot this run's unresolved quarantined failures BEFORE the sweep so
-            // the per-run promoted/expired counts are exact (the sweep itself reports
-            // globals across every settled run).
-            const snapshot = db.prepare(`
+        `).get(t),s=r.prepare("SELECT COUNT(*) AS n FROM quest_claims WHERE run_id = ?").get(t).n,c={action:"status",run_id:t,status:g.status,parent_run_id:g.parent_run_id,orchestrator:g.orchestrator,agents:n.map(o=>({agent_id:o.agent_id,role:o.role})),quarantined:i.quarantined??0,resolved:i.resolved??0,claims:s};return R(c,(o,p)=>{const m=o.agents.map(l=>`${p.bullet} ${l.agent_id}${l.role?` (${l.role})`:""}`).join(`
+`);return w(p.brand,`Run ${o.run_id} [${o.status}]`)+`${o.orchestrator?`
+Orchestrator: ${o.orchestrator}`:""}
+Agents (${o.agents.length}):${m?`
+${m}`:" none"}
+Failures: ${o.quarantined} run-quarantined unresolved, ${o.resolved} resolved
+Quest claims held: ${o.claims}`})}if(u==="debrief"){const n=A("project_path",e.project_path,{maxLen:500});if(!n)throw new E("project_path","is required for action=debrief (the project the candidates file under)");const i=a.store.getProject(n);if(!i)return{content:[{type:"text",text:`Project not found: ${n}`}],isError:!0};const s=e.learnings;if(!Array.isArray(s)||s.length===0)throw new E("learnings","is required for action=debrief \u2014 an array of { agent_id?, text }");if(s.length>64)throw new E("learnings","too many entries (max 64 per debrief call)");for(const d of s){const f=d&&typeof d=="object"?d.text:void 0;typeof f=="string"&&A("learnings[].text",f,{maxLen:32e3})}let c=0,o=0,p=0;const m=new Set;for(const d of s){const f=d&&typeof d=="object"?d.text:void 0;if(typeof f!="string"||f.trim().length<20){o++;continue}const F=f,P=h("learnings[].agent_id",d.agent_id)??_.agent_id,{candidates:M,method:U}=await J(F);m.add(U),p+=M.length;for(const k of M){const y=Q(k),Y=y.tags[y.tags.length-1];if(r.prepare("SELECT 1 FROM memory_artifacts WHERE project_id = ? AND tags LIKE ? ESCAPE '\\' LIMIT 1").get(i.id,"%"+K(Y)+"%")){o++;continue}G({agent_id:P,run_id:t,source:"param"},()=>a.memory.add(i.id,{kind:y.kind,problem:y.problem,tags:[...y.tags,`run:${t}`],confidence:y.confidence,needsReview:1,createdBy:"run-debrief"})),c++}}C(r,t),c>0&&a.cache.invalidate();const l={action:"debrief",run_id:t,status:g.status,method:m.size===1?[...m][0]:m.size===0?"none":"mixed",submitted:s.length,candidates:p,queued:c,skipped:o};return R(l,(d,f)=>w(f.brand,`Run ${d.run_id} debrief (${d.method}): ${d.submitted} learning(s) -> ${d.queued} candidate(s) queued for review, ${d.skipped} skipped.`)+`
+Approve/reject with wyrm_review (run-scoped tag run:${d.run_id}).`)}if(g.status!=="running")return{content:[{type:"text",text:`Run ${t} already ended (status: ${g.status}).`}],isError:!0};const T=h("agent_id",e.agent_id)??_.agent_id;if(!T)throw new E("agent_id","no agent identity \u2014 action=end is member-only; pass agent_id or supply the actor envelope (actor param / _meta / WYRM_AGENT_ID)");if(!ee(r,t,T))return{content:[{type:"text",text:`'${T}' is not a registered member of run ${t} \u2014 only run members may end it (action=join first).`}],isError:!0};const $=W("status",e.status,Z,"completed"),x=A("project_path",e.project_path,{maxLen:500}),j=x?a.store.getProject(x):void 0;if(x&&!j)return{content:[{type:"text",text:`Project not found: ${x}`}],isError:!0};const I=r.prepare(`
         SELECT id FROM failure_patterns
         WHERE run_id = ? AND quarantine_scope = 'run' AND resolved = 0
-      `).all(runId).map((r) => r.id);
-            db.prepare(`UPDATE runs SET status = ?, updated_at = datetime('now') WHERE run_id = ?`)
-                .run(terminal, runId);
-            // Promote/expire via the T015 API: with the terminal status set, the
-            // sweep's EXPLICIT-VERDICT paths act on this run (completed/failed →
-            // promote to project/global; abandoned → TTL auto-expiry) — they work
-            // even in WYRM_LIVE_MEMORY=0 degraded mode.
-            ctx.failures.sweepRunQuarantine();
-            let promoted = 0;
-            let expired = 0;
-            if (snapshot.length > 0) {
-                const stmt = db.prepare('SELECT quarantine_scope, resolved FROM failure_patterns WHERE id = ?');
-                for (const id of snapshot) {
-                    const row = stmt.get(id);
-                    if (!row)
-                        continue;
-                    if (row.quarantine_scope !== 'run')
-                        promoted++;
-                    else if (row.resolved === 1)
-                        expired++;
-                }
-            }
-            const claimsReleased = ctx.presence.releaseRunClaims(runId);
-            // Security pass #1: evict this run's cached fleet briefs eagerly — a
-            // brief is only meaningful DURING its run, and the run_briefs cache is
-            // mintable via soft-ref run_id, so waiting 90 days for the maintenance
-            // retention prune left a growth window. (Maintenance also gained a
-            // count cap — WYRM_RUN_BRIEFS_MAX — for runs that never end cleanly.)
-            try {
-                db.prepare('DELETE FROM run_briefs WHERE run_id = ?').run(runId);
-            }
-            catch { /* run_briefs is a cache — never fail end on its eviction */ }
-            // The run summary artifact (spec FR-5: "end writes the run summary
-            // artifact") — filed when a project is given; runs are not project-bound,
-            // so a project-less end skips it visibly (summary_artifact_id: null).
-            let summaryArtifactId = null;
-            if (project) {
-                const agents = getAgents(db, runId);
-                const summary = ctx.memory.add(project.id, {
-                    kind: 'reasoning_trace',
-                    problem: `Fleet run ${runId} ended ${terminal}: ${agents.length} agent(s), `
-                        + `${promoted} quarantined failure(s) promoted, ${expired} expired, ${claimsReleased} quest claim(s) released.`,
-                    outcome: terminal === 'completed' ? 'positive' : terminal === 'failed' ? 'negative' : 'neutral',
-                    tags: ['run-summary', `run:${runId}`],
-                    confidence: 1.0,
-                    createdBy: 'wyrm_run',
-                });
-                summaryArtifactId = summary.id;
-                db.prepare('UPDATE runs SET debrief_artifact_id = ? WHERE run_id = ?').run(summaryArtifactId, runId);
-            }
-            ctx.cache.invalidate();
-            const body = {
-                action: 'end',
-                run_id: runId,
-                status: terminal,
-                promoted,
-                expired,
-                claims_released: claimsReleased,
-                summary_artifact_id: summaryArtifactId,
-            };
-            return renderResult(body, (b, g) => withGlyph(g.brand, `Run ${b.run_id} ended (${b.status}): ${b.promoted} failure(s) promoted, `
-                + `${b.expired} expired, ${b.claims_released} claim(s) released.`)
-                + (b.summary_artifact_id !== null
-                    ? `\nSummary artifact #${b.summary_artifact_id} filed.`
-                    : '\nNo project_path given -- summary artifact skipped.'));
-        },
-    },
-];
-//# sourceMappingURL=run.js.map
+      `).all(t).map(n=>n.id);r.prepare("UPDATE runs SET status = ?, updated_at = datetime('now') WHERE run_id = ?").run($,t),a.failures.sweepRunQuarantine();let N=0,L=0;if(I.length>0){const n=r.prepare("SELECT quarantine_scope, resolved FROM failure_patterns WHERE id = ?");for(const i of I){const s=n.get(i);s&&(s.quarantine_scope!=="run"?N++:s.resolved===1&&L++)}}const D=a.presence.releaseRunClaims(t);try{r.prepare("DELETE FROM run_briefs WHERE run_id = ?").run(t)}catch{}let b=null;if(j){const n=v(r,t);b=a.memory.add(j.id,{kind:"reasoning_trace",problem:`Fleet run ${t} ended ${$}: ${n.length} agent(s), ${N} quarantined failure(s) promoted, ${L} expired, ${D} quest claim(s) released.`,outcome:$==="completed"?"positive":$==="failed"?"negative":"neutral",tags:["run-summary",`run:${t}`],confidence:1,createdBy:"wyrm_run"}).id,r.prepare("UPDATE runs SET debrief_artifact_id = ? WHERE run_id = ?").run(b,t)}return a.cache.invalidate(),R({action:"end",run_id:t,status:$,promoted:N,expired:L,claims_released:D,summary_artifact_id:b},(n,i)=>w(i.brand,`Run ${n.run_id} ended (${n.status}): ${n.promoted} failure(s) promoted, ${n.expired} expired, ${n.claims_released} claim(s) released.`)+(n.summary_artifact_id!==null?`
+Summary artifact #${n.summary_artifact_id} filed.`:`
+No project_path given -- summary artifact skipped.`))}}];export{ce as runToolSpecs};