yoi/crates/workspace-server/src/hosts.rs

3055 lines
108 KiB
Rust

use crate::Error;
use chrono::Utc;
use reqwest::StatusCode;
use reqwest::blocking::{Client as BlockingHttpClient, RequestBuilder};
use reqwest::header::{AUTHORIZATION, CONTENT_TYPE};
use serde::de::DeserializeOwned;
use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256};
use std::{sync::Arc, time::Duration};
use worker_runtime::catalog::{
CapabilityRequest, ConfigBundleRef, CreateWorkerRequest, ProfileSelector,
WorkerDetail as EmbeddedWorkerDetail, WorkerIntent, WorkerStatus as EmbeddedWorkerStatus,
};
use worker_runtime::config_bundle::{ConfigBundle, ConfigBundleAvailability, ConfigBundleSummary};
use worker_runtime::error::RuntimeError as EmbeddedRuntimeError;
use worker_runtime::http_server::{
RuntimeHttpConfigBundleAvailabilityResponse, RuntimeHttpConfigBundleSyncRequest,
RuntimeHttpErrorResponse, RuntimeHttpSummaryResponse, RuntimeHttpTranscriptResponse,
RuntimeHttpWorkerInputResponse, RuntimeHttpWorkerLifecycleRequest,
RuntimeHttpWorkerLifecycleResponse, RuntimeHttpWorkerResponse, RuntimeHttpWorkersResponse,
};
use worker_runtime::identity::{
RuntimeId as EmbeddedRuntimeId, WorkerId as EmbeddedWorkerId, WorkerRef as EmbeddedWorkerRef,
};
use worker_runtime::interaction::{
WorkerInput as EmbeddedWorkerInput, WorkerInputKind as EmbeddedWorkerInputKind,
};
use worker_runtime::management::{RuntimeOptions as EmbeddedRuntimeOptions, RuntimeStatus};
use worker_runtime::observation::{
TranscriptProjection as EmbeddedTranscriptProjection, TranscriptQuery, TranscriptRole,
};
const EMBEDDED_RUNTIME_ID: &str = "embedded-worker-runtime";
const EMBEDDED_HOST_KIND: &str = "embedded-worker-runtime-host";
const REMOTE_HOST_KIND: &str = "remote-worker-runtime-host";
const MAX_DIAGNOSTICS: usize = 16;
const MAX_HOST_SCAN: usize = 256;
const MAX_IDENTIFIER_LEN: usize = 120;
const ID_DIGEST_HEX_LEN: usize = 16;
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct RuntimeDiagnostic {
pub code: String,
pub severity: DiagnosticSeverity,
pub message: String,
}
impl RuntimeDiagnostic {
pub fn new(code: impl Into<String>, severity: &str, message: impl Into<String>) -> Self {
let severity = match severity {
"error" => DiagnosticSeverity::Error,
"warning" => DiagnosticSeverity::Warning,
_ => DiagnosticSeverity::Info,
};
diagnostic(code, severity, message)
}
}
#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum DiagnosticSeverity {
Info,
Warning,
Error,
}
#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum RuntimeSourceKind {
EmbeddedWorkerRuntime,
RemoteHttp,
}
#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum RuntimeSourceStatus {
Active,
Reserved,
}
#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum RuntimeIdentityAuthority {
/// Public Runtime/Host/Worker ids are registry projections, never raw
/// socket addresses, session ids, credentials, or paths.
RuntimeRegistryProjection,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct RuntimeSourceSummary {
pub kind: RuntimeSourceKind,
pub status: RuntimeSourceStatus,
pub identity_authority: RuntimeIdentityAuthority,
pub note: String,
}
impl RuntimeSourceSummary {
pub fn embedded_worker_runtime() -> Self {
Self {
kind: RuntimeSourceKind::EmbeddedWorkerRuntime,
status: RuntimeSourceStatus::Active,
identity_authority: RuntimeIdentityAuthority::RuntimeRegistryProjection,
note: "backend-internal embedded worker-runtime Runtime exposed only through runtime_id plus worker_id projections".to_string(),
}
}
pub fn embedded_worker_runtime_reserved() -> Self {
Self {
kind: RuntimeSourceKind::EmbeddedWorkerRuntime,
status: RuntimeSourceStatus::Reserved,
identity_authority: RuntimeIdentityAuthority::RuntimeRegistryProjection,
note: "reserved boundary for an embedded worker-runtime adapter; not connected by this fixture source".to_string(),
}
}
pub fn remote_http() -> Self {
Self {
kind: RuntimeSourceKind::RemoteHttp,
status: RuntimeSourceStatus::Active,
identity_authority: RuntimeIdentityAuthority::RuntimeRegistryProjection,
note: "backend-owned remote worker-runtime REST/WS client; endpoints and credentials remain backend-private".to_string(),
}
}
pub fn remote_http_reserved() -> Self {
Self {
kind: RuntimeSourceKind::RemoteHttp,
status: RuntimeSourceStatus::Reserved,
identity_authority: RuntimeIdentityAuthority::RuntimeRegistryProjection,
note: "reserved boundary for a future remote Runtime adapter; no HTTP client or REST server is implemented here".to_string(),
}
}
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct RuntimeCapabilitySummary {
pub can_list_hosts: bool,
pub can_list_workers: bool,
pub can_get_worker: bool,
pub can_spawn_worker: bool,
pub can_stop_worker: bool,
pub can_accept_input: bool,
pub has_workspace_fs: bool,
pub has_shell: bool,
pub has_git: bool,
pub supports_worktrees: bool,
pub supports_backend_internal_tools: bool,
pub workspace_scope: String,
pub max_workers: usize,
pub os: String,
pub arch: String,
}
pub type HostCapabilitySummary = RuntimeCapabilitySummary;
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct RuntimeSummary {
pub runtime_id: String,
pub label: String,
pub kind: String,
pub status: String,
pub source: RuntimeSourceSummary,
pub host_ids: Vec<String>,
pub capabilities: RuntimeCapabilitySummary,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct HostSummary {
pub runtime_id: String,
pub host_id: String,
pub label: String,
pub kind: String,
pub status: String,
pub observed_at: String,
pub last_seen_at: Option<String>,
pub capabilities: HostCapabilitySummary,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerWorkspaceSummary {
pub visibility: String,
pub identity: String,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerImplementationSummary {
pub kind: String,
pub display_hint: String,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerCapabilitySummary {
pub can_accept_input: bool,
pub can_stop: bool,
pub can_spawn_followup: bool,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerSummary {
pub runtime_id: String,
pub worker_id: String,
pub host_id: String,
pub label: String,
pub role: Option<String>,
pub profile: Option<String>,
pub workspace: WorkerWorkspaceSummary,
pub state: String,
pub status: String,
pub last_seen_at: Option<String>,
pub implementation: WorkerImplementationSummary,
pub capabilities: WorkerCapabilitySummary,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct RuntimeList<T> {
pub items: Vec<T>,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
impl<T> RuntimeList<T> {
fn new(items: Vec<T>, diagnostics: Vec<RuntimeDiagnostic>) -> Self {
Self { items, diagnostics }
}
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerLookupResult {
#[serde(skip_serializing_if = "Option::is_none")]
pub worker: Option<WorkerSummary>,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
/// Browser-safe worker spawn request shape.
///
/// The request intentionally carries only workspace policy intents, stable
/// worker identifiers, optional profile selectors, config bundle refs, and
/// requested capability names. Raw workspace roots, child cwd, executable path,
/// Runtime endpoints/credentials, raw bundle storage paths, and host-local
/// resolved WorkerSpec content are resolved by the runtime service and never
/// accepted from Workspace API callers.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerSpawnRequest {
pub intent: WorkerSpawnIntent,
#[serde(skip_serializing_if = "Option::is_none")]
pub requested_worker_name: Option<String>,
pub acceptance: WorkerSpawnAcceptanceRequirement,
#[serde(default, skip_serializing_if = "Option::is_none")]
pub profile: Option<ProfileSelector>,
#[serde(default, skip_serializing_if = "Option::is_none")]
pub config_bundle: Option<ConfigBundleRef>,
#[serde(default, skip_serializing_if = "Vec::is_empty")]
pub requested_capabilities: Vec<CapabilityRequest>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
#[serde(tag = "kind", rename_all = "snake_case")]
pub enum WorkerSpawnIntent {
WorkspaceCompanion,
WorkspaceOrchestrator,
TicketRole {
ticket_id: String,
role: TicketWorkerRole,
},
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum TicketWorkerRole {
Intake,
Orchestrator,
Coder,
Reviewer,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
#[serde(tag = "kind", rename_all = "snake_case")]
pub enum WorkerSpawnAcceptanceRequirement {
SocketReady,
RunAccepted { expected_segments: usize },
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerSpawnResult {
pub state: WorkerOperationState,
#[serde(skip_serializing_if = "Option::is_none")]
pub worker: Option<WorkerSummary>,
pub acceptance_evidence: Vec<WorkerSpawnAcceptanceEvidence>,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct ConfigBundleSyncResult {
pub state: WorkerOperationState,
#[serde(skip_serializing_if = "Option::is_none")]
pub availability: Option<ConfigBundleAvailability>,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct ConfigBundleCheckResult {
pub state: WorkerOperationState,
#[serde(skip_serializing_if = "Option::is_none")]
pub availability: Option<ConfigBundleAvailability>,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct ConfigBundleListResult {
pub bundles: Vec<ConfigBundleSummary>,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum WorkerOperationState {
Accepted,
Unsupported,
Rejected,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerSpawnAcceptanceEvidence {
pub kind: String,
pub detail: String,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerStopRequest {
pub worker_id: String,
pub mode: WorkerStopMode,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum WorkerStopMode {
Graceful,
Force,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerStopResult {
pub state: WorkerOperationState,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
#[derive(Debug, Clone, Default, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerLifecycleRequest {
#[serde(default, skip_serializing_if = "Option::is_none")]
pub reason: Option<String>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerLifecycleResult {
pub state: WorkerOperationState,
pub runtime_id: String,
pub worker_id: String,
#[serde(skip_serializing_if = "Option::is_none")]
pub event_id: Option<u64>,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum WorkerInputKind {
User,
System,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerInputRequest {
#[serde(default = "default_worker_input_kind")]
pub kind: WorkerInputKind,
pub content: String,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerInputResult {
pub state: WorkerOperationState,
pub runtime_id: String,
pub worker_id: String,
#[serde(skip_serializing_if = "Option::is_none")]
pub transcript_sequence: Option<u64>,
#[serde(skip_serializing_if = "Option::is_none")]
pub event_id: Option<u64>,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerTranscriptItem {
pub sequence: u64,
pub role: String,
pub content: String,
pub event_id: u64,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerTranscriptProjection {
pub state: WorkerOperationState,
pub runtime_id: String,
pub worker_id: String,
pub start: usize,
pub limit: usize,
pub total_items: usize,
#[serde(skip_serializing_if = "Option::is_none")]
pub next_start: Option<usize>,
pub items: Vec<WorkerTranscriptItem>,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerProxyConnectPoint {
pub kind: String,
pub status: String,
pub diagnostics: Vec<RuntimeDiagnostic>,
}
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum RuntimeRegistryError {
InvalidIdentifier {
kind: &'static str,
value: String,
},
UnknownRuntime(String),
UnknownHost(String),
UnknownWorker {
runtime_id: String,
worker_id: String,
},
RuntimeOperationFailed {
runtime_id: String,
code: String,
message: String,
},
}
impl RuntimeRegistryError {
pub fn into_error(self) -> Error {
match self {
Self::InvalidIdentifier { kind, value } => Error::InvalidRuntimeIdentifier {
kind: kind.to_string(),
value,
},
Self::UnknownRuntime(runtime_id) => Error::UnknownRuntime(runtime_id),
Self::UnknownHost(host_id) => Error::UnknownHost(host_id),
Self::UnknownWorker {
runtime_id,
worker_id,
} => Error::UnknownWorker {
runtime_id,
worker_id,
},
Self::RuntimeOperationFailed {
runtime_id,
code,
message,
} => Error::RuntimeOperationFailed {
runtime_id,
code,
message,
},
}
}
}
fn default_worker_input_kind() -> WorkerInputKind {
WorkerInputKind::User
}
pub trait WorkspaceWorkerRuntime: Send + Sync {
fn runtime_id(&self) -> &str;
fn runtime_summary(&self, limit: usize) -> RuntimeSummary;
fn list_hosts(&self, limit: usize) -> RuntimeList<HostSummary>;
fn list_workers(&self, limit: usize) -> RuntimeList<WorkerSummary>;
fn worker(&self, worker_id: &str) -> WorkerLookupResult;
fn spawn_worker(&self, request: WorkerSpawnRequest) -> WorkerSpawnResult {
WorkerSpawnResult {
state: WorkerOperationState::Unsupported,
worker: None,
acceptance_evidence: Vec::new(),
diagnostics: vec![diagnostic(
"worker_spawn_resolver_pending",
DiagnosticSeverity::Info,
format!(
"worker spawn intent '{}' was accepted as a typed request shape, but launch resolution is not implemented by this registry surface",
worker_spawn_intent_label(&request.intent)
),
)],
}
}
fn sync_config_bundle(&self, _bundle: ConfigBundle) -> ConfigBundleSyncResult {
ConfigBundleSyncResult {
state: WorkerOperationState::Unsupported,
availability: None,
diagnostics: vec![diagnostic(
"config_bundle_sync_unsupported",
DiagnosticSeverity::Info,
"runtime does not implement config bundle sync".to_string(),
)],
}
}
fn check_config_bundle(&self, _reference: ConfigBundleRef) -> ConfigBundleCheckResult {
ConfigBundleCheckResult {
state: WorkerOperationState::Unsupported,
availability: None,
diagnostics: vec![diagnostic(
"config_bundle_check_unsupported",
DiagnosticSeverity::Info,
"runtime does not implement config bundle availability checks".to_string(),
)],
}
}
fn list_config_bundles(&self) -> ConfigBundleListResult {
ConfigBundleListResult {
bundles: Vec::new(),
diagnostics: vec![diagnostic(
"config_bundle_list_unsupported",
DiagnosticSeverity::Info,
"runtime does not implement config bundle listing".to_string(),
)],
}
}
fn stop_worker(
&self,
worker_id: &str,
_request: WorkerLifecycleRequest,
) -> WorkerLifecycleResult {
WorkerLifecycleResult {
state: WorkerOperationState::Unsupported,
runtime_id: self.runtime_id().to_string(),
worker_id: worker_id.to_string(),
event_id: None,
diagnostics: vec![diagnostic(
"worker_stop_pending",
DiagnosticSeverity::Info,
format!(
"worker stop for '{worker_id}' is reserved for the runtime service boundary and is not implemented by this registry surface"
),
)],
}
}
fn cancel_worker(
&self,
worker_id: &str,
_request: WorkerLifecycleRequest,
) -> WorkerLifecycleResult {
WorkerLifecycleResult {
state: WorkerOperationState::Unsupported,
runtime_id: self.runtime_id().to_string(),
worker_id: worker_id.to_string(),
event_id: None,
diagnostics: vec![diagnostic(
"worker_cancel_pending",
DiagnosticSeverity::Info,
format!(
"worker cancel for '{worker_id}' is reserved for the runtime service boundary and is not implemented by this registry surface"
),
)],
}
}
fn observation_source(
&self,
_worker_id: &str,
) -> Option<crate::observation::RuntimeObservationSource> {
None
}
fn send_input(&self, worker_id: &str, _request: WorkerInputRequest) -> WorkerInputResult {
WorkerInputResult {
state: WorkerOperationState::Unsupported,
runtime_id: self.runtime_id().to_string(),
worker_id: worker_id.to_string(),
transcript_sequence: None,
event_id: None,
diagnostics: vec![diagnostic(
"worker_input_pending",
DiagnosticSeverity::Info,
format!(
"worker input for '{worker_id}' is reserved for the runtime service boundary and is not implemented by this registry source"
),
)],
}
}
fn transcript(
&self,
worker_id: &str,
start: usize,
limit: usize,
) -> WorkerTranscriptProjection {
WorkerTranscriptProjection {
state: WorkerOperationState::Unsupported,
runtime_id: self.runtime_id().to_string(),
worker_id: worker_id.to_string(),
start,
limit,
total_items: 0,
next_start: None,
items: Vec::new(),
diagnostics: vec![diagnostic(
"worker_transcript_pending",
DiagnosticSeverity::Info,
format!(
"bounded transcript for '{worker_id}' is not implemented by this registry source"
),
)],
}
}
fn proxy_connect_points(&self, worker_id: &str) -> Vec<WorkerProxyConnectPoint> {
vec![WorkerProxyConnectPoint {
kind: "stream_proxy".to_string(),
status: "not_implemented".to_string(),
diagnostics: vec![diagnostic(
"worker_proxy_pending",
DiagnosticSeverity::Info,
format!(
"worker proxy connect points for '{}' are not implemented by this overview-only registry surface",
worker_id
),
)],
}]
}
}
#[derive(Clone)]
pub struct RuntimeRegistry {
runtimes: Vec<Arc<dyn WorkspaceWorkerRuntime>>,
}
impl RuntimeRegistry {
pub fn new(runtimes: Vec<Arc<dyn WorkspaceWorkerRuntime>>) -> Self {
Self { runtimes }
}
pub fn for_workspace(embedded_runtime: EmbeddedWorkerRuntime) -> Self {
Self::new(vec![Arc::new(embedded_runtime)])
}
pub fn register<R>(&mut self, runtime: R)
where
R: WorkspaceWorkerRuntime + 'static,
{
self.runtimes.push(Arc::new(runtime));
}
pub fn list_runtimes(&self, limit: usize) -> RuntimeList<RuntimeSummary> {
let mut diagnostics = Vec::new();
let mut items = Vec::new();
for runtime in self.runtimes.iter().take(limit) {
let summary = runtime.runtime_summary(limit);
diagnostics.extend(summary.diagnostics.iter().cloned());
items.push(summary);
}
diagnostics.truncate(MAX_DIAGNOSTICS);
RuntimeList::new(items, diagnostics)
}
pub fn list_hosts(&self, limit: usize) -> RuntimeList<HostSummary> {
let mut items = Vec::new();
let mut diagnostics = Vec::new();
for runtime in &self.runtimes {
if items.len() >= limit {
break;
}
let mut list = runtime.list_hosts(limit.saturating_sub(items.len()));
diagnostics.append(&mut list.diagnostics);
items.append(&mut list.items);
}
diagnostics.truncate(MAX_DIAGNOSTICS);
RuntimeList::new(items, diagnostics)
}
pub fn list_workers(&self, limit: usize) -> RuntimeList<WorkerSummary> {
let mut items = Vec::new();
let mut diagnostics = Vec::new();
for runtime in &self.runtimes {
if items.len() >= limit {
break;
}
let mut list = runtime.list_workers(limit.saturating_sub(items.len()));
diagnostics.append(&mut list.diagnostics);
items.append(&mut list.items);
}
diagnostics.truncate(MAX_DIAGNOSTICS);
RuntimeList::new(items, diagnostics)
}
pub fn list_workers_for_host(
&self,
host_id: &str,
limit: usize,
) -> Result<RuntimeList<WorkerSummary>, RuntimeRegistryError> {
validate_backend_identifier("host_id", host_id)?;
let mut host_found = false;
let mut diagnostics = Vec::new();
let mut items = Vec::new();
for runtime in &self.runtimes {
let host_list = runtime.list_hosts(MAX_HOST_SCAN);
diagnostics.extend(host_list.diagnostics);
if !host_list.items.iter().any(|host| host.host_id == host_id) {
continue;
}
host_found = true;
let worker_list = runtime.list_workers(limit);
diagnostics.extend(worker_list.diagnostics);
items.extend(
worker_list
.items
.into_iter()
.filter(|worker| worker.host_id == host_id)
.take(limit.saturating_sub(items.len())),
);
if items.len() >= limit {
break;
}
}
diagnostics.truncate(MAX_DIAGNOSTICS);
if host_found {
Ok(RuntimeList::new(items, diagnostics))
} else {
Err(RuntimeRegistryError::UnknownHost(host_id.to_string()))
}
}
pub fn worker(
&self,
runtime_id: &str,
worker_id: &str,
) -> Result<WorkerSummary, RuntimeRegistryError> {
validate_backend_identifier("runtime_id", runtime_id)?;
validate_backend_identifier("worker_id", worker_id)?;
let runtime = self.runtime(runtime_id)?;
let lookup = runtime.worker(worker_id);
lookup.worker.ok_or_else(|| {
operation_failed_or_unknown_worker(runtime_id, worker_id, lookup.diagnostics)
})
}
pub fn spawn_worker(
&self,
runtime_id: &str,
request: WorkerSpawnRequest,
) -> Result<WorkerSpawnResult, RuntimeRegistryError> {
validate_backend_identifier("runtime_id", runtime_id)?;
let runtime = self.runtime(runtime_id)?;
Ok(runtime.spawn_worker(request))
}
pub fn sync_config_bundle(
&self,
runtime_id: &str,
bundle: ConfigBundle,
) -> Result<ConfigBundleSyncResult, RuntimeRegistryError> {
validate_backend_identifier("runtime_id", runtime_id)?;
let runtime = self.runtime(runtime_id)?;
Ok(runtime.sync_config_bundle(bundle))
}
pub fn check_config_bundle(
&self,
runtime_id: &str,
reference: ConfigBundleRef,
) -> Result<ConfigBundleCheckResult, RuntimeRegistryError> {
validate_backend_identifier("runtime_id", runtime_id)?;
let runtime = self.runtime(runtime_id)?;
Ok(runtime.check_config_bundle(reference))
}
pub fn list_config_bundles(
&self,
runtime_id: &str,
) -> Result<ConfigBundleListResult, RuntimeRegistryError> {
validate_backend_identifier("runtime_id", runtime_id)?;
let runtime = self.runtime(runtime_id)?;
Ok(runtime.list_config_bundles())
}
pub fn send_input(
&self,
runtime_id: &str,
worker_id: &str,
request: WorkerInputRequest,
) -> Result<WorkerInputResult, RuntimeRegistryError> {
validate_backend_identifier("runtime_id", runtime_id)?;
validate_backend_identifier("worker_id", worker_id)?;
let runtime = self.runtime(runtime_id)?;
let lookup = runtime.worker(worker_id);
if lookup.worker.is_none() {
return Err(operation_failed_or_unknown_worker(
runtime_id,
worker_id,
lookup.diagnostics,
));
}
Ok(runtime.send_input(worker_id, request))
}
pub fn transcript(
&self,
runtime_id: &str,
worker_id: &str,
start: usize,
limit: usize,
) -> Result<WorkerTranscriptProjection, RuntimeRegistryError> {
validate_backend_identifier("runtime_id", runtime_id)?;
validate_backend_identifier("worker_id", worker_id)?;
let runtime = self.runtime(runtime_id)?;
let lookup = runtime.worker(worker_id);
if lookup.worker.is_none() {
return Err(operation_failed_or_unknown_worker(
runtime_id,
worker_id,
lookup.diagnostics,
));
}
Ok(runtime.transcript(worker_id, start, limit))
}
pub fn stop_worker(
&self,
runtime_id: &str,
worker_id: &str,
request: WorkerLifecycleRequest,
) -> Result<WorkerLifecycleResult, RuntimeRegistryError> {
validate_backend_identifier("runtime_id", runtime_id)?;
validate_backend_identifier("worker_id", worker_id)?;
let runtime = self.runtime(runtime_id)?;
let lookup = runtime.worker(worker_id);
if lookup.worker.is_none() {
return Err(operation_failed_or_unknown_worker(
runtime_id,
worker_id,
lookup.diagnostics,
));
}
Ok(runtime.stop_worker(worker_id, request))
}
pub fn cancel_worker(
&self,
runtime_id: &str,
worker_id: &str,
request: WorkerLifecycleRequest,
) -> Result<WorkerLifecycleResult, RuntimeRegistryError> {
validate_backend_identifier("runtime_id", runtime_id)?;
validate_backend_identifier("worker_id", worker_id)?;
let runtime = self.runtime(runtime_id)?;
let lookup = runtime.worker(worker_id);
if lookup.worker.is_none() {
return Err(operation_failed_or_unknown_worker(
runtime_id,
worker_id,
lookup.diagnostics,
));
}
Ok(runtime.cancel_worker(worker_id, request))
}
pub fn observation_source(
&self,
runtime_id: &str,
worker_id: &str,
) -> Result<crate::observation::RuntimeObservationSource, RuntimeRegistryError> {
validate_backend_identifier("runtime_id", runtime_id)?;
validate_backend_identifier("worker_id", worker_id)?;
let runtime = self.runtime(runtime_id)?;
runtime
.observation_source(worker_id)
.ok_or_else(|| RuntimeRegistryError::UnknownWorker {
runtime_id: runtime_id.to_string(),
worker_id: worker_id.to_string(),
})
}
fn runtime(
&self,
runtime_id: &str,
) -> Result<&Arc<dyn WorkspaceWorkerRuntime>, RuntimeRegistryError> {
self.runtimes
.iter()
.find(|runtime| runtime.runtime_id() == runtime_id)
.ok_or_else(|| RuntimeRegistryError::UnknownRuntime(runtime_id.to_string()))
}
}
#[derive(Clone)]
pub struct EmbeddedWorkerRuntime {
runtime_id: String,
host_id: String,
runtime: worker_runtime::Runtime,
}
impl EmbeddedWorkerRuntime {
pub fn new_memory(workspace_id: impl AsRef<str>) -> Self {
let runtime_id = EmbeddedRuntimeId::new(EMBEDDED_RUNTIME_ID)
.expect("embedded runtime id is a non-empty literal");
let runtime = worker_runtime::Runtime::with_options(EmbeddedRuntimeOptions {
runtime_id: Some(runtime_id),
display_name: Some("Workspace backend embedded Runtime".to_string()),
..EmbeddedRuntimeOptions::default()
});
Self::from_runtime(workspace_id, runtime)
}
pub fn from_runtime(workspace_id: impl AsRef<str>, runtime: worker_runtime::Runtime) -> Self {
let runtime_id = runtime
.runtime_id()
.ok()
.map(|id| id.as_str().to_string())
.unwrap_or_else(|| EMBEDDED_RUNTIME_ID.to_string());
Self {
runtime_id,
host_id: host_id_for_embedded_workspace(workspace_id.as_ref()),
runtime,
}
}
fn worker_ref(&self, worker_id: &str) -> Option<EmbeddedWorkerRef> {
Some(EmbeddedWorkerRef::new(
EmbeddedRuntimeId::new(self.runtime_id.clone())?,
EmbeddedWorkerId::new(worker_id.to_string())?,
))
}
fn map_worker_summary(&self, summary: worker_runtime::catalog::WorkerSummary) -> WorkerSummary {
WorkerSummary {
runtime_id: self.runtime_id.clone(),
worker_id: summary.worker_ref.worker_id.as_str().to_string(),
host_id: self.host_id.clone(),
label: safe_display_hint(summary.worker_ref.worker_id.as_str()),
role: embedded_intent_label(&summary.intent),
profile: embedded_profile_label(&summary.profile),
workspace: WorkerWorkspaceSummary {
visibility: "backend_internal".to_string(),
identity: "runtime_registry_worker".to_string(),
},
state: embedded_worker_status_label(summary.status).to_string(),
status: embedded_worker_status_label(summary.status).to_string(),
last_seen_at: None,
implementation: WorkerImplementationSummary {
kind: "embedded_worker_runtime".to_string(),
display_hint: "backend-internal worker-runtime Worker".to_string(),
},
capabilities: WorkerCapabilitySummary {
can_accept_input: true,
can_stop: false,
can_spawn_followup: false,
},
diagnostics: vec![diagnostic(
"embedded_runtime_projection",
DiagnosticSeverity::Info,
"Worker identity is projected only as runtime_id plus worker_id; embedded runtime internals remain backend-private".to_string(),
)],
}
}
fn map_worker_detail(&self, detail: EmbeddedWorkerDetail) -> WorkerSummary {
WorkerSummary {
runtime_id: self.runtime_id.clone(),
worker_id: detail.worker_id.as_str().to_string(),
host_id: self.host_id.clone(),
label: safe_display_hint(detail.worker_id.as_str()),
role: embedded_intent_label(&detail.intent),
profile: embedded_profile_label(&detail.profile),
workspace: WorkerWorkspaceSummary {
visibility: "backend_internal".to_string(),
identity: "runtime_registry_worker".to_string(),
},
state: embedded_worker_status_label(detail.status).to_string(),
status: embedded_worker_status_label(detail.status).to_string(),
last_seen_at: None,
implementation: WorkerImplementationSummary {
kind: "embedded_worker_runtime".to_string(),
display_hint: "backend-internal worker-runtime Worker".to_string(),
},
capabilities: WorkerCapabilitySummary {
can_accept_input: true,
can_stop: false,
can_spawn_followup: false,
},
diagnostics: vec![diagnostic(
"embedded_runtime_projection",
DiagnosticSeverity::Info,
"Worker identity is projected only as runtime_id plus worker_id; embedded runtime internals remain backend-private".to_string(),
)],
}
}
}
impl WorkspaceWorkerRuntime for EmbeddedWorkerRuntime {
fn runtime_id(&self) -> &str {
&self.runtime_id
}
fn runtime_summary(&self, limit: usize) -> RuntimeSummary {
let mut diagnostics = Vec::new();
let summary = match self.runtime.summary() {
Ok(summary) => summary,
Err(err) => {
diagnostics.push(embedded_runtime_diagnostic(&err));
return RuntimeSummary {
runtime_id: self.runtime_id.clone(),
label: "Embedded backend Runtime".to_string(),
kind: "embedded_worker_runtime".to_string(),
status: "unavailable".to_string(),
source: RuntimeSourceSummary::embedded_worker_runtime(),
host_ids: Vec::new(),
capabilities: embedded_runtime_capabilities(limit, false),
diagnostics,
};
}
};
RuntimeSummary {
runtime_id: self.runtime_id.clone(),
label: summary
.display_name
.clone()
.unwrap_or_else(|| "Embedded backend Runtime".to_string()),
kind: "embedded_worker_runtime".to_string(),
status: embedded_runtime_status_label(summary.status).to_string(),
source: RuntimeSourceSummary::embedded_worker_runtime(),
host_ids: if limit == 0 {
Vec::new()
} else {
vec![self.host_id.clone()]
},
capabilities: embedded_runtime_capabilities(limit, true),
diagnostics,
}
}
fn list_hosts(&self, limit: usize) -> RuntimeList<HostSummary> {
if limit == 0 {
return RuntimeList::new(Vec::new(), Vec::new());
}
RuntimeList::new(
vec![HostSummary {
runtime_id: self.runtime_id.clone(),
host_id: self.host_id.clone(),
label: "Workspace backend embedded Runtime".to_string(),
kind: EMBEDDED_HOST_KIND.to_string(),
status: "available".to_string(),
observed_at: Utc::now().to_rfc3339(),
last_seen_at: None,
capabilities: embedded_runtime_capabilities(limit, true),
diagnostics: vec![diagnostic(
"embedded_runtime_host_boundary",
DiagnosticSeverity::Info,
"Backend-internal host exposes only bounded runtime and worker projections"
.to_string(),
)],
}],
Vec::new(),
)
}
fn list_workers(&self, limit: usize) -> RuntimeList<WorkerSummary> {
if limit == 0 {
return RuntimeList::new(Vec::new(), Vec::new());
}
match self.runtime.list_workers() {
Ok(workers) => RuntimeList::new(
workers
.into_iter()
.take(limit)
.map(|worker| self.map_worker_summary(worker))
.collect(),
Vec::new(),
),
Err(err) => RuntimeList::new(Vec::new(), vec![embedded_runtime_diagnostic(&err)]),
}
}
fn worker(&self, worker_id: &str) -> WorkerLookupResult {
let Some(worker_ref) = self.worker_ref(worker_id) else {
return WorkerLookupResult {
worker: None,
diagnostics: vec![diagnostic(
"embedded_worker_id_invalid",
DiagnosticSeverity::Warning,
"Worker id was empty and cannot be resolved".to_string(),
)],
};
};
match self.runtime.worker_detail(&worker_ref) {
Ok(detail) => WorkerLookupResult {
worker: Some(self.map_worker_detail(detail)),
diagnostics: Vec::new(),
},
Err(EmbeddedRuntimeError::WorkerNotFound { .. }) => WorkerLookupResult {
worker: None,
diagnostics: Vec::new(),
},
Err(err) => WorkerLookupResult {
worker: None,
diagnostics: vec![embedded_runtime_diagnostic(&err)],
},
}
}
fn spawn_worker(&self, request: WorkerSpawnRequest) -> WorkerSpawnResult {
let mut diagnostics = Vec::new();
if matches!(
request.acceptance,
WorkerSpawnAcceptanceRequirement::SocketReady
) {
diagnostics.push(diagnostic(
"embedded_runtime_no_socket",
DiagnosticSeverity::Warning,
"Embedded backend Runtime is transportless; use run_accepted/create acceptance for backend-internal Workers".to_string(),
));
return WorkerSpawnResult {
state: WorkerOperationState::Rejected,
worker: None,
acceptance_evidence: Vec::new(),
diagnostics,
};
}
if request.requested_worker_name.is_some() {
diagnostics.push(diagnostic(
"embedded_worker_name_ignored",
DiagnosticSeverity::Info,
"Embedded Runtime v0 allocates opaque runtime-local worker ids; requested display names are not authority".to_string(),
));
}
if matches!(request.acceptance, WorkerSpawnAcceptanceRequirement::RunAccepted { expected_segments } if expected_segments > 0)
{
diagnostics.push(diagnostic(
"embedded_runtime_tools_less",
DiagnosticSeverity::Info,
"Embedded Runtime v0 creates a tools-less catalog Worker and does not spawn provider segments".to_string(),
));
}
let create_request = CreateWorkerRequest {
intent: embedded_create_intent(&request.intent),
profile: request
.profile
.clone()
.unwrap_or_else(|| embedded_profile_selector(&request.intent)),
config_bundle: request.config_bundle.clone(),
requested_capabilities: if request.requested_capabilities.is_empty() {
vec![CapabilityRequest::named("read")]
} else {
request.requested_capabilities.clone()
},
workspace_refs: Vec::new(),
mount_refs: Vec::new(),
};
match self.runtime.create_worker(create_request) {
Ok(detail) => WorkerSpawnResult {
state: WorkerOperationState::Accepted,
worker: Some(self.map_worker_detail(detail)),
acceptance_evidence: vec![
WorkerSpawnAcceptanceEvidence {
kind: "embedded_runtime_worker_created".to_string(),
detail:
"worker-runtime catalog accepted a backend-internal tools-less Worker"
.to_string(),
},
WorkerSpawnAcceptanceEvidence {
kind: "embedded_runtime_backend_internal_projection".to_string(),
detail: "only runtime_id plus worker_id backend projections were exposed"
.to_string(),
},
],
diagnostics,
},
Err(err) => {
diagnostics.push(embedded_runtime_diagnostic(&err));
WorkerSpawnResult {
state: WorkerOperationState::Rejected,
worker: None,
acceptance_evidence: Vec::new(),
diagnostics,
}
}
}
}
fn sync_config_bundle(&self, bundle: ConfigBundle) -> ConfigBundleSyncResult {
match self.runtime.store_config_bundle(bundle) {
Ok(availability) => ConfigBundleSyncResult {
state: WorkerOperationState::Accepted,
availability: Some(availability),
diagnostics: Vec::new(),
},
Err(error) => ConfigBundleSyncResult {
state: WorkerOperationState::Rejected,
availability: None,
diagnostics: vec![embedded_runtime_diagnostic(&error)],
},
}
}
fn check_config_bundle(&self, reference: ConfigBundleRef) -> ConfigBundleCheckResult {
match self.runtime.check_config_bundle(&reference) {
Ok(availability) => ConfigBundleCheckResult {
state: WorkerOperationState::Accepted,
availability: Some(availability),
diagnostics: Vec::new(),
},
Err(error) => ConfigBundleCheckResult {
state: WorkerOperationState::Rejected,
availability: None,
diagnostics: vec![embedded_runtime_diagnostic(&error)],
},
}
}
fn list_config_bundles(&self) -> ConfigBundleListResult {
match self.runtime.list_config_bundles() {
Ok(bundles) => ConfigBundleListResult {
bundles,
diagnostics: Vec::new(),
},
Err(error) => ConfigBundleListResult {
bundles: Vec::new(),
diagnostics: vec![embedded_runtime_diagnostic(&error)],
},
}
}
fn observation_source(
&self,
worker_id: &str,
) -> Option<crate::observation::RuntimeObservationSource> {
let worker_ref = self.worker_ref(worker_id)?;
if self.runtime.worker_detail(&worker_ref).is_err() {
return None;
}
Some(crate::observation::RuntimeObservationSource::embedded(
crate::observation::EmbeddedRuntimeObservationSource {
runtime_id: self.runtime_id.clone(),
worker_id: worker_id.to_string(),
runtime: self.runtime.clone(),
worker_ref,
},
))
}
fn send_input(&self, worker_id: &str, request: WorkerInputRequest) -> WorkerInputResult {
let Some(worker_ref) = self.worker_ref(worker_id) else {
return embedded_input_rejected(
&self.runtime_id,
worker_id,
diagnostic(
"embedded_worker_id_invalid",
DiagnosticSeverity::Warning,
"Worker id was empty and cannot be resolved".to_string(),
),
);
};
let input = EmbeddedWorkerInput {
kind: match request.kind {
WorkerInputKind::User => EmbeddedWorkerInputKind::User,
WorkerInputKind::System => EmbeddedWorkerInputKind::System,
},
content: request.content,
};
match self.runtime.send_input(&worker_ref, input) {
Ok(ack) => WorkerInputResult {
state: WorkerOperationState::Accepted,
runtime_id: self.runtime_id.clone(),
worker_id: worker_id.to_string(),
transcript_sequence: Some(ack.transcript_sequence),
event_id: Some(ack.event_id),
diagnostics: Vec::new(),
},
Err(err) => embedded_input_rejected(
&self.runtime_id,
worker_id,
embedded_runtime_diagnostic(&err),
),
}
}
fn transcript(
&self,
worker_id: &str,
start: usize,
limit: usize,
) -> WorkerTranscriptProjection {
let Some(worker_ref) = self.worker_ref(worker_id) else {
return embedded_transcript_rejected(
&self.runtime_id,
worker_id,
start,
limit,
diagnostic(
"embedded_worker_id_invalid",
DiagnosticSeverity::Warning,
"Worker id was empty and cannot be resolved".to_string(),
),
);
};
match self
.runtime
.transcript_projection(&worker_ref, TranscriptQuery::new(start, limit))
{
Ok(projection) => {
embedded_transcript_projection(&self.runtime_id, worker_id, projection)
}
Err(err) => embedded_transcript_rejected(
&self.runtime_id,
worker_id,
start,
limit,
embedded_runtime_diagnostic(&err),
),
}
}
}
#[derive(Clone)]
pub struct RemoteRuntimeConfig {
pub runtime_id: String,
pub display_name: String,
pub base_url: String,
pub bearer_token: Option<String>,
pub cached_capabilities: RuntimeCapabilitySummary,
pub cached_status: String,
pub timeout: Duration,
}
impl std::fmt::Debug for RemoteRuntimeConfig {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
f.debug_struct("RemoteRuntimeConfig")
.field("runtime_id", &self.runtime_id)
.field("display_name", &self.display_name)
.field("base_url", &"<backend-private>")
.field(
"bearer_token",
&self.bearer_token.as_ref().map(|_| "<redacted>"),
)
.field("cached_capabilities", &self.cached_capabilities)
.field("cached_status", &self.cached_status)
.field("timeout", &self.timeout)
.finish()
}
}
impl RemoteRuntimeConfig {
pub fn new(
runtime_id: impl Into<String>,
display_name: impl Into<String>,
base_url: impl Into<String>,
bearer_token: Option<String>,
) -> Self {
Self {
runtime_id: runtime_id.into(),
display_name: display_name.into(),
base_url: base_url.into(),
bearer_token,
cached_capabilities: remote_runtime_capabilities(200, false),
cached_status: "configured".to_string(),
timeout: Duration::from_secs(10),
}
}
pub fn with_cached_capabilities(mut self, capabilities: RuntimeCapabilitySummary) -> Self {
self.cached_capabilities = capabilities;
self
}
pub fn with_cached_status(mut self, status: impl Into<String>) -> Self {
self.cached_status = status.into();
self
}
pub fn with_timeout(mut self, timeout: Duration) -> Self {
self.timeout = timeout;
self
}
}
#[derive(Clone)]
pub struct RemoteWorkerRuntime {
runtime_id: String,
display_name: String,
base_url: String,
bearer_token: Option<String>,
cached_capabilities: RuntimeCapabilitySummary,
cached_status: String,
host_id: String,
http: BlockingHttpClient,
}
impl RemoteWorkerRuntime {
pub fn new(config: RemoteRuntimeConfig) -> Result<Self, RuntimeRegistryError> {
validate_backend_identifier("runtime_id", &config.runtime_id)?;
let base_url = config.base_url.trim_end_matches('/').to_string();
let http = BlockingHttpClient::builder()
.timeout(config.timeout)
.build()
.map_err(|err| RuntimeRegistryError::RuntimeOperationFailed {
runtime_id: config.runtime_id.clone(),
code: "remote_runtime_client_build_failed".to_string(),
message: err.to_string(),
})?;
Ok(Self {
host_id: host_id_for_remote_runtime(&config.runtime_id),
runtime_id: config.runtime_id,
display_name: config.display_name,
base_url,
bearer_token: config.bearer_token,
cached_capabilities: config.cached_capabilities,
cached_status: config.cached_status,
http,
})
}
fn endpoint(&self, path: &str) -> String {
format!("{}{}", self.base_url, path)
}
fn bundle_availability_path(reference: &ConfigBundleRef) -> String {
format!(
"/v1/config-bundles/{}/availability?digest={}",
url_path_segment_encode(&reference.id),
url_query_value_encode(&reference.digest)
)
}
fn ws_endpoint(&self, worker_id: &str) -> String {
let mut base = self.base_url.clone();
if let Some(rest) = base.strip_prefix("https://") {
base = format!("wss://{rest}");
} else if let Some(rest) = base.strip_prefix("http://") {
base = format!("ws://{rest}");
}
format!("{base}/v1/workers/{worker_id}/events/ws")
}
fn authorize(&self, request: RequestBuilder) -> RequestBuilder {
let request = request.header(CONTENT_TYPE, "application/json");
if let Some(token) = self.bearer_token.as_deref() {
request.header(AUTHORIZATION, format!("Bearer {token}"))
} else {
request
}
}
fn get_json<T>(&self, path: &str) -> Result<T, RuntimeDiagnostic>
where
T: DeserializeOwned,
{
self.send_json(self.http.get(self.endpoint(path)))
}
fn post_json<B, T>(&self, path: &str, body: &B) -> Result<T, RuntimeDiagnostic>
where
B: Serialize + ?Sized,
T: DeserializeOwned,
{
self.send_json(self.http.post(self.endpoint(path)).json(body))
}
fn send_json<T>(&self, request: RequestBuilder) -> Result<T, RuntimeDiagnostic>
where
T: DeserializeOwned,
{
let response = self
.authorize(request)
.send()
.map_err(|err| remote_reqwest_diagnostic(&self.runtime_id, err))?;
let status = response.status();
if status.is_success() {
response.json::<T>().map_err(|err| {
diagnostic(
"remote_runtime_malformed_response",
DiagnosticSeverity::Error,
format!(
"Remote Runtime returned malformed JSON for '{}': {err}",
self.runtime_id
),
)
})
} else {
Err(remote_http_status_diagnostic(
&self.runtime_id,
status,
response,
))
}
}
fn map_worker_summary(&self, summary: worker_runtime::catalog::WorkerSummary) -> WorkerSummary {
WorkerSummary {
runtime_id: self.runtime_id.clone(),
worker_id: summary.worker_ref.worker_id.as_str().to_string(),
host_id: self.host_id.clone(),
label: safe_display_hint(summary.worker_ref.worker_id.as_str()),
role: embedded_intent_label(&summary.intent),
profile: embedded_profile_label(&summary.profile),
workspace: WorkerWorkspaceSummary {
visibility: "remote_runtime".to_string(),
identity: "runtime_registry_worker".to_string(),
},
state: embedded_worker_status_label(summary.status).to_string(),
status: embedded_worker_status_label(summary.status).to_string(),
last_seen_at: None,
implementation: WorkerImplementationSummary {
kind: "remote_worker_runtime".to_string(),
display_hint: "Backend-proxied remote worker-runtime Worker".to_string(),
},
capabilities: WorkerCapabilitySummary {
can_accept_input: true,
can_stop: true,
can_spawn_followup: false,
},
diagnostics: vec![diagnostic(
"remote_runtime_projection",
DiagnosticSeverity::Info,
"Remote Worker identity is projected only as runtime_id plus worker_id; endpoint and credentials remain backend-private".to_string(),
)],
}
}
fn map_worker_detail(&self, detail: EmbeddedWorkerDetail) -> WorkerSummary {
WorkerSummary {
runtime_id: self.runtime_id.clone(),
worker_id: detail.worker_id.as_str().to_string(),
host_id: self.host_id.clone(),
label: safe_display_hint(detail.worker_id.as_str()),
role: embedded_intent_label(&detail.intent),
profile: embedded_profile_label(&detail.profile),
workspace: WorkerWorkspaceSummary {
visibility: "remote_runtime".to_string(),
identity: "runtime_registry_worker".to_string(),
},
state: embedded_worker_status_label(detail.status).to_string(),
status: embedded_worker_status_label(detail.status).to_string(),
last_seen_at: None,
implementation: WorkerImplementationSummary {
kind: "remote_worker_runtime".to_string(),
display_hint: "Backend-proxied remote worker-runtime Worker".to_string(),
},
capabilities: WorkerCapabilitySummary {
can_accept_input: true,
can_stop: true,
can_spawn_followup: false,
},
diagnostics: vec![diagnostic(
"remote_runtime_projection",
DiagnosticSeverity::Info,
"Remote Worker identity is projected only as runtime_id plus worker_id; endpoint and credentials remain backend-private".to_string(),
)],
}
}
fn lifecycle_result_from_response(
&self,
worker_id: &str,
response: RuntimeHttpWorkerLifecycleResponse,
) -> WorkerLifecycleResult {
WorkerLifecycleResult {
state: WorkerOperationState::Accepted,
runtime_id: self.runtime_id.clone(),
worker_id: worker_id.to_string(),
event_id: Some(response.ack.event_id),
diagnostics: vec![diagnostic(
"remote_runtime_lifecycle_accepted",
DiagnosticSeverity::Info,
format!(
"Remote Runtime acknowledged lifecycle operation for '{worker_id}' with status {}",
embedded_worker_status_label(response.ack.status)
),
)],
}
}
}
impl WorkspaceWorkerRuntime for RemoteWorkerRuntime {
fn runtime_id(&self) -> &str {
&self.runtime_id
}
fn runtime_summary(&self, limit: usize) -> RuntimeSummary {
match self.get_json::<RuntimeHttpSummaryResponse>("/v1/runtime") {
Ok(response) => RuntimeSummary {
runtime_id: self.runtime_id.clone(),
label: response
.runtime
.display_name
.unwrap_or_else(|| self.display_name.clone()),
kind: "remote_worker_runtime".to_string(),
status: embedded_runtime_status_label(response.runtime.status).to_string(),
source: RuntimeSourceSummary::remote_http(),
host_ids: if limit == 0 {
Vec::new()
} else {
vec![self.host_id.clone()]
},
capabilities: remote_runtime_capabilities(limit, true),
diagnostics: vec![diagnostic(
"remote_runtime_backend_proxy",
DiagnosticSeverity::Info,
"Remote Runtime is accessed only by backend-owned REST/WS clients".to_string(),
)],
},
Err(diagnostic) => RuntimeSummary {
runtime_id: self.runtime_id.clone(),
label: self.display_name.clone(),
kind: "remote_worker_runtime".to_string(),
status: self.cached_status.clone(),
source: RuntimeSourceSummary::remote_http(),
host_ids: if limit == 0 {
Vec::new()
} else {
vec![self.host_id.clone()]
},
capabilities: self.cached_capabilities.clone(),
diagnostics: vec![diagnostic],
},
}
}
fn list_hosts(&self, limit: usize) -> RuntimeList<HostSummary> {
if limit == 0 {
return RuntimeList::new(Vec::new(), Vec::new());
}
RuntimeList::new(
vec![HostSummary {
runtime_id: self.runtime_id.clone(),
host_id: self.host_id.clone(),
label: self.display_name.clone(),
kind: REMOTE_HOST_KIND.to_string(),
status: "configured".to_string(),
observed_at: Utc::now().to_rfc3339(),
last_seen_at: None,
capabilities: remote_runtime_capabilities(limit, true),
diagnostics: vec![diagnostic(
"remote_runtime_backend_proxy",
DiagnosticSeverity::Info,
"Remote host endpoint and credentials are backend-private".to_string(),
)],
}],
Vec::new(),
)
}
fn list_workers(&self, limit: usize) -> RuntimeList<WorkerSummary> {
if limit == 0 {
return RuntimeList::new(Vec::new(), Vec::new());
}
match self.get_json::<RuntimeHttpWorkersResponse>("/v1/workers") {
Ok(response) => RuntimeList::new(
response
.workers
.into_iter()
.take(limit)
.map(|worker| self.map_worker_summary(worker))
.collect(),
Vec::new(),
),
Err(diagnostic) => RuntimeList::new(Vec::new(), vec![diagnostic]),
}
}
fn worker(&self, worker_id: &str) -> WorkerLookupResult {
match self.get_json::<RuntimeHttpWorkerResponse>(&format!("/v1/workers/{worker_id}")) {
Ok(response) => WorkerLookupResult {
worker: Some(self.map_worker_detail(response.worker)),
diagnostics: Vec::new(),
},
Err(diagnostic) if diagnostic.code == "remote_worker_not_found" => WorkerLookupResult {
worker: None,
diagnostics: Vec::new(),
},
Err(diagnostic) => WorkerLookupResult {
worker: None,
diagnostics: vec![diagnostic],
},
}
}
fn spawn_worker(&self, request: WorkerSpawnRequest) -> WorkerSpawnResult {
if matches!(
request.acceptance,
WorkerSpawnAcceptanceRequirement::SocketReady
) {
return WorkerSpawnResult {
state: WorkerOperationState::Rejected,
worker: None,
acceptance_evidence: Vec::new(),
diagnostics: vec![diagnostic(
"remote_runtime_no_socket_ready_acceptance",
DiagnosticSeverity::Warning,
"Remote Runtime v0 exposes backend-proxied REST/WS control, not direct socket readiness".to_string(),
)],
};
}
let create = CreateWorkerRequest {
intent: embedded_create_intent(&request.intent),
profile: request
.profile
.clone()
.unwrap_or_else(|| embedded_profile_selector(&request.intent)),
config_bundle: request.config_bundle.clone(),
requested_capabilities: if request.requested_capabilities.is_empty() {
vec![CapabilityRequest::named("read")]
} else {
request.requested_capabilities.clone()
},
workspace_refs: Vec::new(),
mount_refs: Vec::new(),
};
match self.post_json::<_, RuntimeHttpWorkerResponse>("/v1/workers", &create) {
Ok(response) => WorkerSpawnResult {
state: WorkerOperationState::Accepted,
worker: Some(self.map_worker_detail(response.worker)),
acceptance_evidence: vec![WorkerSpawnAcceptanceEvidence {
kind: "remote_runtime_worker_created".to_string(),
detail: "worker-runtime REST create endpoint accepted the Worker".to_string(),
}],
diagnostics: vec![diagnostic(
"remote_runtime_backend_proxy",
DiagnosticSeverity::Info,
"Remote create used a backend-owned REST client; browser-facing payload exposes only runtime_id plus worker_id".to_string(),
)],
},
Err(diagnostic) => WorkerSpawnResult {
state: WorkerOperationState::Rejected,
worker: None,
acceptance_evidence: Vec::new(),
diagnostics: vec![diagnostic],
},
}
}
fn sync_config_bundle(&self, bundle: ConfigBundle) -> ConfigBundleSyncResult {
let request = RuntimeHttpConfigBundleSyncRequest { bundle };
match self.post_json::<_, RuntimeHttpConfigBundleAvailabilityResponse>(
"/v1/config-bundles",
&request,
) {
Ok(response) => ConfigBundleSyncResult {
state: WorkerOperationState::Accepted,
availability: Some(response.availability),
diagnostics: Vec::new(),
},
Err(diagnostic) => ConfigBundleSyncResult {
state: WorkerOperationState::Rejected,
availability: None,
diagnostics: vec![diagnostic],
},
}
}
fn check_config_bundle(&self, reference: ConfigBundleRef) -> ConfigBundleCheckResult {
let path = Self::bundle_availability_path(&reference);
match self.get_json::<RuntimeHttpConfigBundleAvailabilityResponse>(&path) {
Ok(response) => ConfigBundleCheckResult {
state: WorkerOperationState::Accepted,
availability: Some(response.availability),
diagnostics: Vec::new(),
},
Err(diagnostic) => ConfigBundleCheckResult {
state: WorkerOperationState::Rejected,
availability: None,
diagnostics: vec![diagnostic],
},
}
}
fn stop_worker(
&self,
worker_id: &str,
request: WorkerLifecycleRequest,
) -> WorkerLifecycleResult {
let body = RuntimeHttpWorkerLifecycleRequest {
reason: request.reason,
};
match self.post_json::<_, RuntimeHttpWorkerLifecycleResponse>(
&format!("/v1/workers/{worker_id}/stop"),
&body,
) {
Ok(response) => self.lifecycle_result_from_response(worker_id, response),
Err(diagnostic) => remote_lifecycle_rejected(&self.runtime_id, worker_id, diagnostic),
}
}
fn cancel_worker(
&self,
worker_id: &str,
request: WorkerLifecycleRequest,
) -> WorkerLifecycleResult {
let body = RuntimeHttpWorkerLifecycleRequest {
reason: request.reason,
};
match self.post_json::<_, RuntimeHttpWorkerLifecycleResponse>(
&format!("/v1/workers/{worker_id}/cancel"),
&body,
) {
Ok(response) => self.lifecycle_result_from_response(worker_id, response),
Err(diagnostic) => remote_lifecycle_rejected(&self.runtime_id, worker_id, diagnostic),
}
}
fn observation_source(
&self,
worker_id: &str,
) -> Option<crate::observation::RuntimeObservationSource> {
Some(crate::observation::RuntimeObservationSource::remote_ws(
crate::observation::RuntimeObservationSourceConfig {
runtime_id: self.runtime_id.clone(),
worker_id: worker_id.to_string(),
endpoint: self.ws_endpoint(worker_id),
bearer_token: self.bearer_token.clone(),
},
))
}
fn send_input(&self, worker_id: &str, request: WorkerInputRequest) -> WorkerInputResult {
let input = EmbeddedWorkerInput {
kind: match request.kind {
WorkerInputKind::User => EmbeddedWorkerInputKind::User,
WorkerInputKind::System => EmbeddedWorkerInputKind::System,
},
content: request.content,
};
match self.post_json::<_, RuntimeHttpWorkerInputResponse>(
&format!("/v1/workers/{worker_id}/input"),
&input,
) {
Ok(response) => WorkerInputResult {
state: WorkerOperationState::Accepted,
runtime_id: self.runtime_id.clone(),
worker_id: worker_id.to_string(),
transcript_sequence: Some(response.ack.transcript_sequence),
event_id: Some(response.ack.event_id),
diagnostics: Vec::new(),
},
Err(diagnostic) => remote_input_rejected(&self.runtime_id, worker_id, diagnostic),
}
}
fn transcript(
&self,
worker_id: &str,
start: usize,
limit: usize,
) -> WorkerTranscriptProjection {
match self.get_json::<RuntimeHttpTranscriptResponse>(&format!(
"/v1/workers/{worker_id}/transcript?start={start}&limit={limit}"
)) {
Ok(response) => {
embedded_transcript_projection(&self.runtime_id, worker_id, response.transcript)
}
Err(diagnostic) => {
embedded_transcript_rejected(&self.runtime_id, worker_id, start, limit, diagnostic)
}
}
}
}
fn embedded_runtime_capabilities(limit: usize, available: bool) -> RuntimeCapabilitySummary {
RuntimeCapabilitySummary {
can_list_hosts: true,
can_list_workers: available,
can_get_worker: available,
can_spawn_worker: available,
can_stop_worker: false,
can_accept_input: available,
has_workspace_fs: false,
has_shell: false,
has_git: false,
supports_worktrees: false,
supports_backend_internal_tools: true,
workspace_scope: "backend_internal".to_string(),
max_workers: limit,
os: std::env::consts::OS.to_string(),
arch: std::env::consts::ARCH.to_string(),
}
}
fn embedded_runtime_status_label(status: RuntimeStatus) -> &'static str {
match status {
RuntimeStatus::Running => "running",
RuntimeStatus::Stopped => "stopped",
}
}
fn embedded_worker_status_label(status: EmbeddedWorkerStatus) -> &'static str {
match status {
EmbeddedWorkerStatus::Running => "running",
EmbeddedWorkerStatus::Stopped => "stopped",
EmbeddedWorkerStatus::Cancelled => "cancelled",
}
}
fn embedded_create_intent(intent: &WorkerSpawnIntent) -> WorkerIntent {
match intent {
WorkerSpawnIntent::WorkspaceCompanion => WorkerIntent::Role {
role: "workspace_companion".to_string(),
purpose: Some("workspace backend internal companion".to_string()),
},
WorkerSpawnIntent::WorkspaceOrchestrator => WorkerIntent::Role {
role: "workspace_orchestrator".to_string(),
purpose: Some("workspace backend internal orchestration".to_string()),
},
WorkerSpawnIntent::TicketRole { ticket_id, role } => WorkerIntent::Role {
role: ticket_role_profile_slug(role).to_string(),
purpose: Some(format!("ticket {ticket_id}")),
},
}
}
fn embedded_profile_selector(intent: &WorkerSpawnIntent) -> ProfileSelector {
match intent {
WorkerSpawnIntent::TicketRole { role, .. } => {
ProfileSelector::Builtin(format!("builtin:{}", ticket_role_profile_slug(role)))
}
WorkerSpawnIntent::WorkspaceCompanion | WorkerSpawnIntent::WorkspaceOrchestrator => {
ProfileSelector::RuntimeDefault
}
}
}
fn ticket_role_profile_slug(role: &TicketWorkerRole) -> &'static str {
match role {
TicketWorkerRole::Intake => "intake",
TicketWorkerRole::Orchestrator => "orchestrator",
TicketWorkerRole::Coder => "coder",
TicketWorkerRole::Reviewer => "reviewer",
}
}
fn embedded_intent_label(intent: &WorkerIntent) -> Option<String> {
match intent {
WorkerIntent::Assistant { purpose } => {
purpose.clone().or_else(|| Some("assistant".to_string()))
}
WorkerIntent::Task { objective } => Some(safe_display_hint(objective)),
WorkerIntent::Role { role, .. } => Some(safe_display_hint(role)),
}
}
fn embedded_profile_label(profile: &ProfileSelector) -> Option<String> {
Some(match profile {
ProfileSelector::RuntimeDefault => "runtime_default".to_string(),
ProfileSelector::Builtin(name) | ProfileSelector::Named(name) => safe_display_hint(name),
})
}
fn embedded_input_rejected(
runtime_id: &str,
worker_id: &str,
diagnostic: RuntimeDiagnostic,
) -> WorkerInputResult {
WorkerInputResult {
state: WorkerOperationState::Rejected,
runtime_id: runtime_id.to_string(),
worker_id: worker_id.to_string(),
transcript_sequence: None,
event_id: None,
diagnostics: vec![diagnostic],
}
}
fn remote_input_rejected(
runtime_id: &str,
worker_id: &str,
diagnostic: RuntimeDiagnostic,
) -> WorkerInputResult {
WorkerInputResult {
state: WorkerOperationState::Rejected,
runtime_id: runtime_id.to_string(),
worker_id: worker_id.to_string(),
transcript_sequence: None,
event_id: None,
diagnostics: vec![diagnostic],
}
}
fn remote_lifecycle_rejected(
runtime_id: &str,
worker_id: &str,
diagnostic: RuntimeDiagnostic,
) -> WorkerLifecycleResult {
WorkerLifecycleResult {
state: WorkerOperationState::Rejected,
runtime_id: runtime_id.to_string(),
worker_id: worker_id.to_string(),
event_id: None,
diagnostics: vec![diagnostic],
}
}
fn embedded_transcript_projection(
runtime_id: &str,
worker_id: &str,
projection: EmbeddedTranscriptProjection,
) -> WorkerTranscriptProjection {
WorkerTranscriptProjection {
state: WorkerOperationState::Accepted,
runtime_id: runtime_id.to_string(),
worker_id: worker_id.to_string(),
start: projection.start,
limit: projection.limit,
total_items: projection.total_items,
next_start: projection.next_start,
items: projection
.items
.into_iter()
.map(|item| WorkerTranscriptItem {
sequence: item.sequence,
role: embedded_transcript_role_label(item.role).to_string(),
content: item.content,
event_id: item.event_id,
})
.collect(),
diagnostics: Vec::new(),
}
}
fn embedded_transcript_rejected(
runtime_id: &str,
worker_id: &str,
start: usize,
limit: usize,
diagnostic: RuntimeDiagnostic,
) -> WorkerTranscriptProjection {
WorkerTranscriptProjection {
state: WorkerOperationState::Rejected,
runtime_id: runtime_id.to_string(),
worker_id: worker_id.to_string(),
start,
limit,
total_items: 0,
next_start: None,
items: Vec::new(),
diagnostics: vec![diagnostic],
}
}
fn embedded_transcript_role_label(role: TranscriptRole) -> &'static str {
match role {
TranscriptRole::User => "user",
TranscriptRole::Assistant => "assistant",
TranscriptRole::System => "system",
}
}
fn embedded_runtime_diagnostic(error: &EmbeddedRuntimeError) -> RuntimeDiagnostic {
match error {
EmbeddedRuntimeError::RuntimeStopped { .. } => diagnostic(
"embedded_runtime_stopped",
DiagnosticSeverity::Warning,
"Embedded Runtime is stopped".to_string(),
),
EmbeddedRuntimeError::WrongRuntime { .. }
| EmbeddedRuntimeError::WrongRuntimeCursor { .. } => diagnostic(
"embedded_runtime_wrong_identity",
DiagnosticSeverity::Warning,
"Embedded Runtime rejected a worker/runtime identity mismatch".to_string(),
),
EmbeddedRuntimeError::WorkerNotFound { .. } => diagnostic(
"embedded_worker_not_found",
DiagnosticSeverity::Warning,
"Embedded Runtime worker was not found".to_string(),
),
EmbeddedRuntimeError::LimitTooLarge { requested, max } => diagnostic(
"embedded_runtime_limit_too_large",
DiagnosticSeverity::Warning,
format!("Requested limit {requested} exceeds embedded Runtime maximum {max}"),
),
EmbeddedRuntimeError::InvalidRequest(_)
| EmbeddedRuntimeError::ConfigBundleMissing { .. }
| EmbeddedRuntimeError::ConfigBundleDigestMismatch { .. }
| EmbeddedRuntimeError::InvalidProfileSelector { .. }
| EmbeddedRuntimeError::UnsupportedConfigDeclaration { .. } => diagnostic(
"embedded_runtime_invalid_request",
DiagnosticSeverity::Warning,
"Embedded Runtime rejected the request".to_string(),
),
EmbeddedRuntimeError::StoreIo { .. }
| EmbeddedRuntimeError::StoreMissing { .. }
| EmbeddedRuntimeError::StoreCorrupt { .. } => diagnostic(
"embedded_runtime_store_error",
DiagnosticSeverity::Error,
"Embedded Runtime storage operation failed; internal paths are not exposed".to_string(),
),
EmbeddedRuntimeError::StatePoisoned => diagnostic(
"embedded_runtime_state_unavailable",
DiagnosticSeverity::Error,
"Embedded Runtime state is unavailable".to_string(),
),
}
}
fn host_id_for_embedded_workspace(workspace_id: &str) -> String {
bounded_backend_identifier("embedded-", workspace_id)
}
fn host_id_for_remote_runtime(runtime_id: &str) -> String {
bounded_backend_identifier("remote-", runtime_id)
}
fn url_path_segment_encode(input: &str) -> String {
percent_encode(input, |byte| {
byte.is_ascii_alphanumeric() || matches!(byte, b'-' | b'_' | b'.' | b'~' | b':')
})
}
fn url_query_value_encode(input: &str) -> String {
percent_encode(input, |byte| {
byte.is_ascii_alphanumeric() || matches!(byte, b'-' | b'_' | b'.' | b'~')
})
}
fn percent_encode(input: &str, keep: impl Fn(u8) -> bool) -> String {
let mut encoded = String::with_capacity(input.len());
for byte in input.bytes() {
if keep(byte) {
encoded.push(byte as char);
} else {
encoded.push_str(&format!("%{byte:02X}"));
}
}
encoded
}
fn remote_runtime_capabilities(limit: usize, available: bool) -> RuntimeCapabilitySummary {
RuntimeCapabilitySummary {
can_list_hosts: true,
can_list_workers: available,
can_get_worker: available,
can_spawn_worker: available,
can_stop_worker: available,
can_accept_input: available,
has_workspace_fs: false,
has_shell: false,
has_git: false,
supports_worktrees: false,
supports_backend_internal_tools: false,
workspace_scope: "remote_runtime_backend_private".to_string(),
max_workers: limit,
os: "remote".to_string(),
arch: "remote".to_string(),
}
}
fn remote_reqwest_diagnostic(runtime_id: &str, err: reqwest::Error) -> RuntimeDiagnostic {
if err.is_timeout() {
diagnostic(
"remote_runtime_timeout",
DiagnosticSeverity::Error,
format!("Timed out while contacting remote Runtime '{runtime_id}'"),
)
} else if err.is_connect() || err.is_request() {
diagnostic(
"remote_runtime_network_error",
DiagnosticSeverity::Error,
format!("Failed to contact remote Runtime '{runtime_id}'"),
)
} else {
diagnostic(
"remote_runtime_client_error",
DiagnosticSeverity::Error,
format!("Remote Runtime client error for '{runtime_id}'"),
)
}
}
fn remote_http_status_diagnostic(
runtime_id: &str,
status: StatusCode,
response: reqwest::blocking::Response,
) -> RuntimeDiagnostic {
let error = response.json::<RuntimeHttpErrorResponse>().ok();
let remote_code = error
.as_ref()
.map(|error| error.error.code.as_str())
.unwrap_or("remote_http_error");
let (code, severity) = match status {
StatusCode::UNAUTHORIZED | StatusCode::FORBIDDEN => {
("remote_runtime_auth_failed", DiagnosticSeverity::Error)
}
StatusCode::NOT_FOUND => ("remote_worker_not_found", DiagnosticSeverity::Warning),
StatusCode::METHOD_NOT_ALLOWED | StatusCode::NOT_IMPLEMENTED => {
("remote_runtime_unsupported", DiagnosticSeverity::Warning)
}
_ if status.is_server_error() => ("remote_runtime_http_error", DiagnosticSeverity::Error),
_ => ("remote_runtime_http_rejected", DiagnosticSeverity::Warning),
};
diagnostic(
code,
severity,
format!(
"Remote Runtime '{runtime_id}' rejected request ({remote_code}, HTTP {status}); internal details were sanitized"
),
)
}
fn diagnostic(
code: impl Into<String>,
severity: DiagnosticSeverity,
message: impl Into<String>,
) -> RuntimeDiagnostic {
RuntimeDiagnostic {
code: code.into(),
severity,
message: message.into(),
}
}
fn operation_failed_or_unknown_worker(
runtime_id: &str,
worker_id: &str,
diagnostics: Vec<RuntimeDiagnostic>,
) -> RuntimeRegistryError {
diagnostics
.into_iter()
.find(|diagnostic| matches!(diagnostic.severity, DiagnosticSeverity::Error))
.map(|diagnostic| RuntimeRegistryError::RuntimeOperationFailed {
runtime_id: runtime_id.to_string(),
code: diagnostic.code,
message: diagnostic.message,
})
.unwrap_or_else(|| RuntimeRegistryError::UnknownWorker {
runtime_id: runtime_id.to_string(),
worker_id: worker_id.to_string(),
})
}
fn bounded_backend_identifier(prefix: &str, value: &str) -> String {
let digest = digest_hex(value.as_bytes(), ID_DIGEST_HEX_LEN);
let mut body = sanitize_identifier_body(value);
if body.is_empty() {
body = "id".to_string();
}
let suffix_len = 1 + ID_DIGEST_HEX_LEN;
let body_budget = MAX_IDENTIFIER_LEN
.saturating_sub(prefix.len())
.saturating_sub(suffix_len)
.max(1);
if body.len() > body_budget {
body.truncate(body_budget);
body = body.trim_matches('-').to_string();
if body.is_empty() {
body = "id".to_string();
}
}
let mut id = format!("{prefix}{body}-{digest}");
if id.len() > MAX_IDENTIFIER_LEN {
let digest_suffix = format!("-{digest}");
let prefix_budget = MAX_IDENTIFIER_LEN.saturating_sub(digest_suffix.len());
id = format!(
"{}{}",
prefix.chars().take(prefix_budget).collect::<String>(),
digest_suffix
);
}
id
}
fn sanitize_identifier_body(value: &str) -> String {
let mut out = String::with_capacity(value.len());
for ch in value.chars() {
if ch.is_ascii_alphanumeric() {
out.push(ch.to_ascii_lowercase());
} else if ch == '-' || ch == '_' {
out.push(ch);
} else {
out.push('-');
}
}
out.trim_matches('-').to_string()
}
fn digest_hex(bytes: &[u8], hex_len: usize) -> String {
let digest = Sha256::digest(bytes);
let mut out = String::with_capacity(hex_len);
for byte in digest {
if out.len() >= hex_len {
break;
}
out.push_str(&format!("{byte:02x}"));
}
out.truncate(hex_len);
out
}
fn validate_backend_identifier(
kind: &'static str,
value: &str,
) -> Result<(), RuntimeRegistryError> {
if value.is_empty()
|| value.len() > MAX_IDENTIFIER_LEN
|| value
.chars()
.any(|ch| !(ch.is_ascii_alphanumeric() || ch == '-' || ch == '_' || ch == ':'))
{
return Err(RuntimeRegistryError::InvalidIdentifier {
kind,
value: value.chars().take(MAX_IDENTIFIER_LEN).collect(),
});
}
Ok(())
}
fn safe_display_hint(value: &str) -> String {
value
.chars()
.filter(|ch| !ch.is_control() && *ch != '/' && *ch != '\\')
.take(80)
.collect()
}
fn worker_spawn_intent_label(intent: &WorkerSpawnIntent) -> &'static str {
match intent {
WorkerSpawnIntent::WorkspaceCompanion => "workspace_companion",
WorkerSpawnIntent::WorkspaceOrchestrator => "workspace_orchestrator",
WorkerSpawnIntent::TicketRole { role, .. } => match role {
TicketWorkerRole::Intake => "ticket_intake",
TicketWorkerRole::Orchestrator => "ticket_orchestrator",
TicketWorkerRole::Coder => "ticket_coder",
TicketWorkerRole::Reviewer => "ticket_reviewer",
},
}
}
pub fn placeholder_worker(host_id: impl Into<String>) -> WorkerSummary {
let host_id = host_id.into();
WorkerSummary {
runtime_id: "placeholder".to_string(),
worker_id: "worker-placeholder".to_string(),
host_id,
label: "Worker runtime actions are not implemented".to_string(),
role: None,
profile: None,
workspace: WorkerWorkspaceSummary {
visibility: "none".to_string(),
identity: "unsupported".to_string(),
},
state: "unsupported".to_string(),
status: "Worker runtime control is not wired yet".to_string(),
last_seen_at: None,
implementation: WorkerImplementationSummary {
kind: "placeholder".to_string(),
display_hint: "unsupported".to_string(),
},
capabilities: WorkerCapabilitySummary {
can_accept_input: false,
can_stop: false,
can_spawn_followup: false,
},
diagnostics: vec![diagnostic(
"runtime_capability_unsupported",
DiagnosticSeverity::Info,
"worker control is outside this overview-only registry surface".to_string(),
)],
}
}
pub fn placeholder_spawn_response(host_id: impl Into<String>) -> WorkerSpawnResult {
WorkerSpawnResult {
state: WorkerOperationState::Unsupported,
worker: Some(placeholder_worker(host_id)),
acceptance_evidence: Vec::new(),
diagnostics: vec![diagnostic(
"worker_spawn_unsupported",
DiagnosticSeverity::Info,
"Workspace worker runtime control is not implemented yet".to_string(),
)],
}
}
#[cfg(test)]
mod tests {
use super::*;
use serde_json::json;
use std::io::{Read as _, Write as _};
use std::net::TcpListener;
use std::sync::Arc;
use std::thread;
fn test_config_bundle() -> ConfigBundle {
ConfigBundle {
metadata: worker_runtime::config_bundle::ConfigBundleMetadata {
id: "bundle-1".to_string(),
digest: String::new(),
revision: "rev-1".to_string(),
workspace_id: "local:test".to_string(),
created_at: "2026-06-26T00:00:00Z".to_string(),
provenance: worker_runtime::config_bundle::ConfigBundleProvenance {
source: "workspace-server-test".to_string(),
detail: None,
},
},
profiles: vec![worker_runtime::config_bundle::ConfigProfileDescriptor {
selector: ProfileSelector::Builtin("builtin:coder".to_string()),
label: Some("Coder".to_string()),
}],
declarations: vec![worker_runtime::config_bundle::ConfigDeclaration {
kind: worker_runtime::config_bundle::ConfigDeclarationKind::CapabilityGrant,
name: "read".to_string(),
reference: "capability:read".to_string(),
}],
}
.with_computed_digest()
}
#[derive(Clone)]
struct FixtureRuntime {
runtime_id: String,
host_id: String,
workers: Vec<WorkerSummary>,
}
impl FixtureRuntime {
fn with_worker(runtime_id: &str, host_id: &str, worker_id: &str, label: &str) -> Self {
Self {
runtime_id: runtime_id.to_string(),
host_id: host_id.to_string(),
workers: vec![WorkerSummary {
runtime_id: runtime_id.to_string(),
worker_id: worker_id.to_string(),
host_id: host_id.to_string(),
label: label.to_string(),
role: None,
profile: None,
workspace: WorkerWorkspaceSummary {
visibility: "opaque".to_string(),
identity: host_id.to_string(),
},
state: "running".to_string(),
status: "available".to_string(),
last_seen_at: None,
implementation: WorkerImplementationSummary {
kind: "fixture".to_string(),
display_hint: "test fixture".to_string(),
},
capabilities: WorkerCapabilitySummary {
can_accept_input: false,
can_stop: false,
can_spawn_followup: false,
},
diagnostics: Vec::new(),
}],
}
}
}
impl WorkspaceWorkerRuntime for FixtureRuntime {
fn runtime_id(&self) -> &str {
&self.runtime_id
}
fn runtime_summary(&self, _limit: usize) -> RuntimeSummary {
RuntimeSummary {
runtime_id: self.runtime_id.clone(),
label: self.runtime_id.clone(),
kind: "fixture".to_string(),
status: "available".to_string(),
source: RuntimeSourceSummary::embedded_worker_runtime_reserved(),
host_ids: vec![self.host_id.clone()],
capabilities: RuntimeCapabilitySummary {
can_list_hosts: true,
can_list_workers: true,
can_get_worker: true,
can_spawn_worker: false,
can_stop_worker: false,
can_accept_input: false,
has_workspace_fs: false,
has_shell: false,
has_git: false,
supports_worktrees: false,
supports_backend_internal_tools: false,
workspace_scope: "none".to_string(),
max_workers: self.workers.len(),
os: "test".to_string(),
arch: "test".to_string(),
},
diagnostics: Vec::new(),
}
}
fn list_hosts(&self, _limit: usize) -> RuntimeList<HostSummary> {
RuntimeList::new(
vec![HostSummary {
runtime_id: self.runtime_id.clone(),
host_id: self.host_id.clone(),
label: "fixture host".to_string(),
kind: "fixture".to_string(),
status: "available".to_string(),
observed_at: "unknown".to_string(),
last_seen_at: None,
capabilities: self.runtime_summary(1).capabilities,
diagnostics: Vec::new(),
}],
Vec::new(),
)
}
fn list_workers(&self, limit: usize) -> RuntimeList<WorkerSummary> {
RuntimeList::new(
self.workers.iter().take(limit).cloned().collect(),
Vec::new(),
)
}
fn worker(&self, worker_id: &str) -> WorkerLookupResult {
WorkerLookupResult {
worker: self
.workers
.iter()
.find(|worker| worker.worker_id == worker_id)
.cloned(),
diagnostics: Vec::new(),
}
}
}
#[test]
fn registry_worker_lookup_is_scoped_by_runtime_id() {
let registry = RuntimeRegistry::new(vec![
Arc::new(FixtureRuntime::with_worker(
"runtime-a",
"host-a",
"shared-worker",
"worker from runtime a",
)),
Arc::new(FixtureRuntime::with_worker(
"runtime-b",
"host-b",
"shared-worker",
"worker from runtime b",
)),
]);
let from_runtime_b = registry.worker("runtime-b", "shared-worker").unwrap();
assert_eq!(from_runtime_b.runtime_id, "runtime-b");
assert_eq!(from_runtime_b.host_id, "host-b");
assert_eq!(from_runtime_b.label, "worker from runtime b");
let from_runtime_a = registry.worker("runtime-a", "shared-worker").unwrap();
assert_eq!(from_runtime_a.runtime_id, "runtime-a");
assert_eq!(from_runtime_a.host_id, "host-a");
assert_eq!(from_runtime_a.label, "worker from runtime a");
}
#[test]
fn registry_worker_lookup_reports_unknown_runtime_and_worker_separately() {
let registry = RuntimeRegistry::new(vec![Arc::new(FixtureRuntime::with_worker(
"runtime-a",
"host-a",
"worker-a",
"worker from runtime a",
))]);
let unknown_runtime = registry.worker("runtime-missing", "worker-a").unwrap_err();
assert_eq!(
unknown_runtime,
RuntimeRegistryError::UnknownRuntime("runtime-missing".to_string())
);
assert!(matches!(
unknown_runtime.into_error(),
Error::UnknownRuntime(runtime_id) if runtime_id == "runtime-missing"
));
let unknown_worker = registry.worker("runtime-a", "worker-missing").unwrap_err();
assert_eq!(
unknown_worker,
RuntimeRegistryError::UnknownWorker {
runtime_id: "runtime-a".to_string(),
worker_id: "worker-missing".to_string(),
}
);
assert!(matches!(
unknown_worker.into_error(),
Error::UnknownWorker { runtime_id, worker_id }
if runtime_id == "runtime-a" && worker_id == "worker-missing"
));
}
#[test]
fn embedded_runtime_registers_routes_input_and_transcript_without_internal_leaks() {
let registry =
RuntimeRegistry::for_workspace(EmbeddedWorkerRuntime::new_memory("local:test"));
let runtimes = registry.list_runtimes(10);
let embedded_summary = runtimes
.items
.iter()
.find(|runtime| runtime.runtime_id == EMBEDDED_RUNTIME_ID)
.expect("embedded runtime summary");
assert_eq!(
embedded_summary.source.kind,
RuntimeSourceKind::EmbeddedWorkerRuntime
);
assert_eq!(embedded_summary.source.status, RuntimeSourceStatus::Active);
assert!(embedded_summary.capabilities.can_spawn_worker);
assert!(embedded_summary.capabilities.can_accept_input);
let spawned = registry
.spawn_worker(
EMBEDDED_RUNTIME_ID,
WorkerSpawnRequest {
intent: WorkerSpawnIntent::TicketRole {
ticket_id: "00001KVZSGT0Q".to_string(),
role: TicketWorkerRole::Coder,
},
requested_worker_name: Some("friendly-name-is-not-authority".to_string()),
acceptance: WorkerSpawnAcceptanceRequirement::RunAccepted {
expected_segments: 0,
},
profile: None,
config_bundle: None,
requested_capabilities: Vec::new(),
},
)
.unwrap();
assert_eq!(spawned.state, WorkerOperationState::Accepted);
assert!(
spawned
.acceptance_evidence
.iter()
.any(|evidence| evidence.kind == "embedded_runtime_backend_internal_projection")
);
let worker = spawned.worker.expect("created embedded worker");
assert_eq!(worker.runtime_id, EMBEDDED_RUNTIME_ID);
assert_eq!(worker.workspace.visibility, "backend_internal");
assert_eq!(worker.workspace.identity, "runtime_registry_worker");
assert_eq!(worker.implementation.kind, "embedded_worker_runtime");
assert_eq!(worker.profile.as_deref(), Some("builtin:coder"));
assert!(worker.capabilities.can_accept_input);
let input = registry
.send_input(
EMBEDDED_RUNTIME_ID,
&worker.worker_id,
WorkerInputRequest {
kind: WorkerInputKind::User,
content: "hello embedded runtime".to_string(),
},
)
.unwrap();
assert_eq!(input.state, WorkerOperationState::Accepted);
assert_eq!(input.runtime_id, EMBEDDED_RUNTIME_ID);
assert_eq!(input.worker_id, worker.worker_id);
assert_eq!(input.transcript_sequence, Some(1));
let transcript = registry
.transcript(EMBEDDED_RUNTIME_ID, &worker.worker_id, 0, 10)
.unwrap();
assert_eq!(transcript.state, WorkerOperationState::Accepted);
assert_eq!(transcript.items.len(), 2);
assert_eq!(transcript.items[0].role, "user");
assert_eq!(transcript.items[0].content, "hello embedded runtime");
assert_eq!(transcript.items[1].role, "assistant");
assert!(
transcript.items[1]
.content
.contains("LLM execution is not connected")
);
let json = serde_json::to_string(&(embedded_summary, worker, transcript)).unwrap();
for forbidden in [
"/workspace/project",
"metadata.json",
"session",
"socket",
"token",
"credential",
"provider",
] {
assert!(
!json.contains(forbidden),
"embedded runtime projection leaked forbidden term: {forbidden}: {json}"
);
}
}
#[test]
fn embedded_backend_syncs_config_bundle_and_spawns_with_bundle_ref() {
let registry = RuntimeRegistry::new(vec![Arc::new(EmbeddedWorkerRuntime::new_memory(
"local:test",
))]);
let bundle = test_config_bundle();
let sync = registry
.sync_config_bundle(EMBEDDED_RUNTIME_ID, bundle.clone())
.unwrap();
assert_eq!(sync.state, WorkerOperationState::Accepted);
let reference = sync.availability.expect("bundle availability").reference;
assert_eq!(reference.id, bundle.metadata.id);
assert_eq!(reference.digest, bundle.metadata.digest);
let check = registry
.check_config_bundle(EMBEDDED_RUNTIME_ID, reference.clone())
.unwrap();
assert_eq!(check.state, WorkerOperationState::Accepted);
let spawned = registry
.spawn_worker(
EMBEDDED_RUNTIME_ID,
WorkerSpawnRequest {
intent: WorkerSpawnIntent::TicketRole {
ticket_id: "00001KVZSGT0Q".to_string(),
role: TicketWorkerRole::Coder,
},
requested_worker_name: None,
acceptance: WorkerSpawnAcceptanceRequirement::RunAccepted {
expected_segments: 0,
},
profile: Some(ProfileSelector::Builtin("builtin:coder".to_string())),
config_bundle: Some(reference),
requested_capabilities: vec![CapabilityRequest::named("read")],
},
)
.unwrap();
assert_eq!(spawned.state, WorkerOperationState::Accepted);
assert_eq!(
spawned.worker.unwrap().profile.as_deref(),
Some("builtin:coder")
);
}
#[test]
fn embedded_runtime_rejects_socket_ready_acceptance_without_socket_identity() {
let registry = RuntimeRegistry::new(vec![Arc::new(EmbeddedWorkerRuntime::new_memory(
"local:test",
))]);
let result = registry
.spawn_worker(
EMBEDDED_RUNTIME_ID,
WorkerSpawnRequest {
intent: WorkerSpawnIntent::WorkspaceCompanion,
requested_worker_name: None,
acceptance: WorkerSpawnAcceptanceRequirement::SocketReady,
profile: None,
config_bundle: None,
requested_capabilities: Vec::new(),
},
)
.unwrap();
assert_eq!(result.state, WorkerOperationState::Rejected);
assert!(result.worker.is_none());
assert!(
result
.diagnostics
.iter()
.any(|diag| diag.code == "embedded_runtime_no_socket")
);
}
#[test]
fn remote_runtime_registry_routes_commands_without_browser_secret_leaks() {
let worker_json = worker_json("remote:primary", "worker-remote-1");
let (base_url, server) = serve_mock_http(vec![
mock_response(
"GET",
"/v1/workers",
true,
200,
json!({ "workers": [worker_json.clone()] }).to_string(),
),
mock_response(
"GET",
"/v1/workers/worker-remote-1",
true,
200,
json!({ "worker": worker_json.clone() }).to_string(),
),
mock_response(
"POST",
"/v1/workers/worker-remote-1/input",
true,
200,
json!({
"ack": {
"worker_ref": { "runtime_id": "remote:primary", "worker_id": "worker-remote-1" },
"status": "running",
"transcript_sequence": 7,
"event_id": 8
}
})
.to_string(),
),
]);
let secret = "secret-token-do-not-leak".to_string();
let mut registry = RuntimeRegistry::new(Vec::new());
registry.register(
RemoteWorkerRuntime::new(RemoteRuntimeConfig::new(
"remote:primary",
"Remote Primary",
base_url.clone(),
Some(secret.clone()),
))
.unwrap(),
);
let observation = registry
.observation_source("remote:primary", "worker-remote-1")
.expect("remote runtime exposes backend-owned WS observation source");
let crate::observation::RuntimeObservationSource::RemoteWs(observation) = observation
else {
panic!("remote runtime should expose a remote WS observation source");
};
assert!(observation.endpoint.starts_with("ws://127.0.0.1:"));
assert!(
observation
.endpoint
.ends_with("/v1/workers/worker-remote-1/events/ws")
);
assert_eq!(observation.bearer_token.as_deref(), Some(secret.as_str()));
let workers = registry.list_workers(10);
assert_eq!(workers.items.len(), 1);
assert_eq!(workers.items[0].runtime_id, "remote:primary");
assert_eq!(workers.items[0].worker_id, "worker-remote-1");
assert_eq!(
workers.items[0].implementation.kind,
"remote_worker_runtime"
);
assert_eq!(
workers.items[0].workspace.identity,
"runtime_registry_worker"
);
let input = registry
.send_input(
"remote:primary",
"worker-remote-1",
WorkerInputRequest {
kind: WorkerInputKind::User,
content: "hello remote".to_string(),
},
)
.unwrap();
assert_eq!(input.state, WorkerOperationState::Accepted);
assert_eq!(input.transcript_sequence, Some(7));
assert_eq!(input.event_id, Some(8));
server.join().expect("mock remote server finished");
let browser_payload = serde_json::to_string(&(workers, input)).unwrap();
assert!(
!browser_payload.contains(&base_url),
"leaked base URL: {browser_payload}"
);
assert!(
!browser_payload.contains(&secret),
"leaked token: {browser_payload}"
);
assert!(browser_payload.contains("runtime_id"));
assert!(browser_payload.contains("worker_id"));
}
#[test]
fn remote_config_bundle_sync_and_check_diagnostics_are_sanitized_and_path_safe() {
let leaked_store_path = "/var/lib/yoi/runtime/bundles/bundle-1.json";
let leaked_session_path = ".yoi/sessions/session.jsonl";
let digest = "0".repeat(64);
let (base_url, server) = serve_mock_http(vec![
mock_response(
"POST",
"/v1/config-bundles",
true,
500,
json!({
"error": {
"code": "store_io",
"message": format!("failed to write {leaked_store_path}")
}
})
.to_string(),
),
mock_response(
"GET",
"/v1/config-bundles/bundle%2F1%3Fx/availability?digest=0000000000000000000000000000000000000000000000000000000000000000",
true,
400,
json!({
"error": {
"code": "invalid_request",
"message": format!("invalid path {leaked_session_path}")
}
})
.to_string(),
),
]);
let mut registry = RuntimeRegistry::new(Vec::new());
registry.register(
RemoteWorkerRuntime::new(RemoteRuntimeConfig::new(
"remote:primary",
"Remote Primary",
base_url,
Some("secret-token".to_string()),
))
.unwrap(),
);
let sync = registry
.sync_config_bundle("remote:primary", test_config_bundle())
.unwrap();
assert_eq!(sync.state, WorkerOperationState::Rejected);
let sync_payload = serde_json::to_string(&sync).unwrap();
assert!(!sync_payload.contains(leaked_store_path), "{sync_payload}");
let check = registry
.check_config_bundle(
"remote:primary",
ConfigBundleRef {
id: "bundle/1?x".to_string(),
digest,
},
)
.unwrap();
assert_eq!(check.state, WorkerOperationState::Rejected);
let check_payload = serde_json::to_string(&check).unwrap();
assert!(
!check_payload.contains(leaked_session_path),
"{check_payload}"
);
assert!(!check_payload.contains(".yoi/sessions"), "{check_payload}");
server.join().expect("mock remote server finished");
}
#[test]
fn remote_runtime_auth_errors_map_to_typed_backend_error() {
let (base_url, server) = serve_mock_http(vec![mock_response(
"GET",
"/v1/workers/worker-missing",
true,
401,
json!({ "error": { "code": "unauthorized", "message": "bad token" } }).to_string(),
)]);
let mut registry = RuntimeRegistry::new(Vec::new());
registry.register(
RemoteWorkerRuntime::new(RemoteRuntimeConfig::new(
"remote:primary",
"Remote Primary",
base_url,
Some("secret-token".to_string()),
))
.unwrap(),
);
let error = registry
.worker("remote:primary", "worker-missing")
.expect_err("auth failure is a backend operation error");
assert!(matches!(
error,
RuntimeRegistryError::RuntimeOperationFailed { runtime_id, code, .. }
if runtime_id == "remote:primary" && code == "remote_runtime_auth_failed"
));
server.join().expect("mock remote server finished");
}
#[derive(Clone)]
struct MockResponse {
method: &'static str,
path: &'static str,
require_auth: bool,
status: u16,
body: String,
}
fn mock_response(
method: &'static str,
path: &'static str,
require_auth: bool,
status: u16,
body: String,
) -> MockResponse {
MockResponse {
method,
path,
require_auth,
status,
body,
}
}
fn serve_mock_http(responses: Vec<MockResponse>) -> (String, thread::JoinHandle<()>) {
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
let base_url = format!("http://{}", listener.local_addr().unwrap());
let handle = thread::spawn(move || {
for expected in responses {
let (mut stream, _) = listener.accept().unwrap();
let mut buffer = [0_u8; 8192];
let read = stream.read(&mut buffer).unwrap();
let request = String::from_utf8_lossy(&buffer[..read]);
let first_line = request.lines().next().unwrap_or_default();
let expected_line = format!("{} {} ", expected.method, expected.path);
assert!(
first_line.starts_with(&expected_line),
"unexpected request line: {first_line}, expected prefix {expected_line}"
);
if expected.require_auth {
assert!(
request
.to_ascii_lowercase()
.contains("authorization: bearer secret-token"),
"authorization header missing from request: {request}"
);
}
let status_text = match expected.status {
200 => "OK",
401 => "Unauthorized",
404 => "Not Found",
_ => "Mock",
};
let response = format!(
"HTTP/1.1 {} {status_text}\r\ncontent-type: application/json\r\ncontent-length: {}\r\nconnection: close\r\n\r\n{}",
expected.status,
expected.body.len(),
expected.body
);
stream.write_all(response.as_bytes()).unwrap();
}
});
(base_url, handle)
}
fn worker_json(runtime_id: &str, worker_id: &str) -> serde_json::Value {
json!({
"worker_ref": { "runtime_id": runtime_id, "worker_id": worker_id },
"runtime_id": runtime_id,
"worker_id": worker_id,
"status": "running",
"intent": { "kind": "role", "role": "coder", "purpose": "remote test" },
"profile": { "kind": "builtin", "value": "coder" },
"config_bundle": null,
"requested_capabilities": [],
"workspace_refs": [],
"mount_refs": [],
"requested_capability_count": 0,
"has_config_bundle": false,
"transcript_len": 0,
"last_event_id": 0
})
}
}