arcp-runtime 2.0.0

Reference runtime (server side) for the Agent Runtime Control Protocol (ARCP) — ARCPRuntime, job / session machinery, persistent store, auth validators, and the `arcp` CLI.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352

//! Job state machine and dispatch (RFC §10).
//!
//! Phase 3 implements the core lifecycle: a `tool.invoke` envelope is
//! turned into a `Job` that runs in its own tokio task with a
//! [`CancellationToken`]. The runtime emits `job.accepted`,
//! `job.started`, then a terminal `job.completed` / `job.failed` /
//! `job.cancelled`.
//!
//! The heartbeat watchdog and hard-kill escalation that the RFC describes
//! in §10.3 / §10.4 land in a follow-up phase; the cooperative cancel
//! path is in place via `CancellationToken`.

use dashmap::DashMap;
use std::sync::Arc;

use tokio::task::JoinHandle;
use tokio_util::sync::CancellationToken;

use arcp_core::ids::{JobId, MessageId, SessionId};
pub use arcp_core::messages::JobState;
use arcp_core::messages::{CredentialId, LeaseRequest};

/// Per-job runtime bookkeeping.
#[derive(Debug)]
pub struct JobEntry {
    /// Job identifier.
    pub job_id: JobId,
    /// Owning session.
    pub session_id: SessionId,
    /// Correlation back to the originating `tool.invoke` envelope.
    pub correlation_id: MessageId,
    /// Cancellation token; child of the session token.
    pub cancel: CancellationToken,
    /// Current state.
    pub state: JobState,
    /// Agent reference (`name` or `name@version`) the job is running.
    /// For v1.0-style `tool.invoke` submissions this is the tool name.
    pub agent: String,
    /// Submission timestamp.
    pub created_at: chrono::DateTime<chrono::Utc>,
    /// Highest event sequence emitted for this job (ARCP v1.1 §6.6).
    pub last_event_seq: u64,
    /// Parent job id for delegated / child jobs.
    pub parent_job_id: Option<JobId>,
    /// Provisioned credential ids issued for this job.
    pub credential_ids: Vec<CredentialId>,
    /// Accepted lease constraints for this job.
    pub lease: Option<LeaseRequest>,
}

/// Map of in-flight jobs, keyed by [`JobId`].
///
/// Cheap to clone; internally `Arc<DashMap<JobId, _>>`. The runtime's
/// dispatcher stores the spawned task's `JoinHandle` here so the runtime
/// can issue a hard kill (Phase 4+ surface) and cancellation can be
/// driven from outside the task.
#[derive(Clone, Default)]
pub struct JobRegistry {
    inner: Arc<DashMap<JobId, JobRecord>>,
}

impl std::fmt::Debug for JobRegistry {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("JobRegistry")
            .field("len", &self.inner.len())
            .finish()
    }
}

struct JobRecord {
    entry: JobEntry,
    join: Option<JoinHandle<()>>,
}

impl std::fmt::Debug for JobRecord {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("JobRecord")
            .field("entry", &self.entry)
            .field(
                "join_finished",
                &self.join.as_ref().is_some_and(JoinHandle::is_finished),
            )
            .finish()
    }
}

impl JobRegistry {
    /// Construct empty.
    #[must_use]
    pub fn new() -> Self {
        Self::default()
    }

    /// Insert a new job; the registry takes ownership of the
    /// [`JoinHandle`] so it can be aborted (Phase 4+).
    pub fn insert(&self, entry: JobEntry, join: JoinHandle<()>) {
        let id = entry.job_id.clone();
        self.inner.insert(
            id,
            JobRecord {
                entry,
                join: Some(join),
            },
        );
    }

    /// Update the state for `job_id`.
    pub fn set_state(&self, job_id: &JobId, state: JobState) {
        if let Some(mut r) = self.inner.get_mut(job_id) {
            r.entry.state = state;
        }
    }

    /// Trigger cooperative cancellation for `job_id`. Returns `true` if
    /// the job was found and the token was triggered.
    #[must_use]
    pub fn cancel(&self, job_id: &JobId) -> bool {
        self.inner.get(job_id).is_some_and(|r| {
            r.entry.cancel.cancel();
            true
        })
    }

    /// Number of in-flight (or recently terminal) jobs.
    #[must_use]
    pub fn len(&self) -> usize {
        self.inner.len()
    }

    /// True if the registry is empty.
    #[must_use]
    pub fn is_empty(&self) -> bool {
        self.inner.is_empty()
    }

    /// Drop terminal jobs from the registry. Should be called periodically
    /// (Phase 5+) to cap memory.
    pub fn sweep_terminals(&self) {
        self.inner.retain(|_, r| !r.entry.state.is_terminal());
    }

    /// Snapshot of all jobs scoped to `session_id`, applying an optional
    /// filter (ARCP v1.1 §6.6). Results are sorted by `created_at`
    /// ascending so pagination cursors are stable.
    #[must_use]
    pub fn list_for_session(
        &self,
        session_id: &SessionId,
        filter: Option<&arcp_core::messages::SessionListJobsFilter>,
    ) -> Vec<arcp_core::messages::JobListEntry> {
        let mut out: Vec<arcp_core::messages::JobListEntry> = self
            .inner
            .iter()
            .filter_map(|r| {
                let e = &r.entry;
                if e.session_id != *session_id {
                    return None;
                }
                if let Some(f) = filter {
                    let status = e.state.wire_str();
                    if !f.status.is_empty() && !f.status.iter().any(|s| s == status) {
                        return None;
                    }
                    if let Some(agent) = f.agent.as_deref() {
                        if e.agent != agent {
                            return None;
                        }
                    }
                    if let Some(after) = f.created_after {
                        if e.created_at <= after {
                            return None;
                        }
                    }
                    if let Some(before) = f.created_before {
                        if e.created_at >= before {
                            return None;
                        }
                    }
                }
                Some(arcp_core::messages::JobListEntry {
                    job_id: e.job_id.clone(),
                    agent: e.agent.clone(),
                    status: e.state.wire_str().to_owned(),
                    parent_job_id: e.parent_job_id.clone(),
                    created_at: e.created_at,
                    trace_id: None,
                    last_event_seq: e.last_event_seq,
                })
            })
            .collect();
        out.sort_by_key(|e| e.created_at);
        out
    }

    /// Increment and return the new `last_event_seq` for `job_id`.
    ///
    /// Returns `None` if the job is not registered.
    #[must_use]
    pub fn bump_event_seq(&self, job_id: &JobId) -> Option<u64> {
        self.inner.get_mut(job_id).map(|mut r| {
            r.entry.last_event_seq += 1;
            r.entry.last_event_seq
        })
    }

    /// Record the session-scoped sequence number of the most recent
    /// event the runtime emitted for `job_id`. Used by the connection
    /// writer to keep `JobRegistry`'s high-water mark in lockstep with
    /// the session sequence so `job.subscribed.subscribed_from` reflects
    /// what the subscriber can actually ack from.
    pub fn record_event_seq(&self, job_id: &JobId, seq: u64) {
        if let Some(mut r) = self.inner.get_mut(job_id) {
            if seq > r.entry.last_event_seq {
                r.entry.last_event_seq = seq;
            }
        }
    }

    /// Snapshot the public-facing fields of a job, if registered.
    ///
    /// Used by `job.subscribe` (ARCP v1.1 §7.6) to populate the
    /// acknowledgement.
    #[must_use]
    pub fn snapshot(&self, job_id: &JobId) -> Option<JobSnapshot> {
        self.inner.get(job_id).map(|r| {
            let e = &r.entry;
            JobSnapshot {
                job_id: e.job_id.clone(),
                session_id: e.session_id.clone(),
                state: e.state,
                agent: e.agent.clone(),
                parent_job_id: e.parent_job_id.clone(),
                last_event_seq: e.last_event_seq,
            }
        })
    }
}

/// Public projection of [`JobEntry`] returned by [`JobRegistry::snapshot`].
#[derive(Debug, Clone)]
pub struct JobSnapshot {
    /// Job identifier.
    pub job_id: JobId,
    /// Originating session.
    pub session_id: SessionId,
    /// Current state.
    pub state: JobState,
    /// Agent reference (`name` or `name@version`) the job is running.
    pub agent: String,
    /// Parent job id for delegated / child jobs.
    pub parent_job_id: Option<JobId>,
    /// Highest event sequence emitted for this job.
    pub last_event_seq: u64,
}

#[cfg(test)]
#[allow(
    clippy::expect_used,
    clippy::unwrap_used,
    clippy::panic,
    clippy::missing_panics_doc
)]
mod tests {
    use super::*;
    use arcp_core::ids::{JobId, MessageId, SessionId};

    fn make_entry(state: JobState) -> (JobEntry, tokio::task::JoinHandle<()>) {
        let cancel = CancellationToken::new();
        let entry = JobEntry {
            job_id: JobId::new(),
            session_id: SessionId::new(),
            correlation_id: MessageId::new(),
            cancel,
            state,
            agent: "test-tool".to_owned(),
            created_at: chrono::Utc::now(),
            last_event_seq: 0,
            parent_job_id: None,
            credential_ids: vec![],
            lease: None,
        };
        // A no-op task so the JoinHandle is well-formed.
        let join = tokio::spawn(async {});
        (entry, join)
    }

    #[test]
    fn job_state_terminals_are_classified_correctly() {
        for s in [JobState::Completed, JobState::Failed, JobState::Cancelled] {
            assert!(s.is_terminal(), "{s:?} should be terminal");
        }
        for s in [
            JobState::Accepted,
            JobState::Queued,
            JobState::Running,
            JobState::Blocked,
            JobState::Paused,
        ] {
            assert!(!s.is_terminal(), "{s:?} should NOT be terminal");
        }
    }

    #[tokio::test]
    async fn registry_insert_and_set_state_round_trip() {
        let reg = JobRegistry::new();
        assert!(reg.is_empty());
        let (entry, join) = make_entry(JobState::Accepted);
        let id = entry.job_id.clone();
        reg.insert(entry, join);
        assert_eq!(reg.len(), 1);
        reg.set_state(&id, JobState::Running);
    }

    #[tokio::test]
    async fn cancel_returns_false_for_unknown_job() {
        let reg = JobRegistry::new();
        let id = JobId::new();
        assert!(!reg.cancel(&id));
    }

    #[tokio::test]
    async fn cancel_triggers_token_for_known_job() {
        let reg = JobRegistry::new();
        let (entry, join) = make_entry(JobState::Running);
        let token = entry.cancel.clone();
        let id = entry.job_id.clone();
        reg.insert(entry, join);
        assert!(reg.cancel(&id));
        assert!(token.is_cancelled());
    }

    #[tokio::test]
    async fn sweep_terminals_drops_only_terminal_jobs() {
        let reg = JobRegistry::new();
        let (running, jh1) = make_entry(JobState::Running);
        let (done, jh2) = make_entry(JobState::Completed);
        let running_id = running.job_id.clone();
        let done_id = done.job_id.clone();
        reg.insert(running, jh1);
        reg.insert(done, jh2);
        assert_eq!(reg.len(), 2);
        reg.sweep_terminals();
        assert_eq!(reg.len(), 1);
        // Sweep is idempotent.
        reg.sweep_terminals();
        assert_eq!(reg.len(), 1);
        // Running job is the survivor; cancel still finds it.
        assert!(reg.cancel(&running_id));
        // Terminal job was already swept.
        assert!(!reg.cancel(&done_id));
    }
}