everruns_runtime/
host.rs

1// Shared host orchestration for embedded and durable execution hosts.
2// Decision: everruns-runtime owns worker-facing turn phase execution so
3// durable/server-backed hosts reuse the same input/reason/act wiring.
4
5use async_trait::async_trait;
6use everruns_core::atoms::{
7    ActAtom, ActInput, ActResult, Atom, InputAtom, InputAtomInput, InputAtomResult, ReasonAtom,
8    ReasonInput, ReasonResult,
9};
10use everruns_core::capabilities::{SystemPromptContext, collect_capabilities_with_configs};
11use everruns_core::events::{
12    EventContext, EventRequest, OutputMessageCompletedData, SessionActivatedData, SessionIdledData,
13    TurnCompletedData, TurnFailedData, TurnStartedData,
14};
15use everruns_core::message::Message;
16use everruns_core::message_retriever::MessageRetriever;
17use everruns_core::platform_store::PlatformStore;
18use everruns_core::session::SessionStatus;
19use everruns_core::traits::{
20    AgentStore, BudgetChecker, EventEmitter, HarnessStore, ImageArtifactStore, ImageResolver,
21    LeasedResourceStore, LlmProviderStore, ModelWithProvider, PaymentAuthority,
22    ProviderCredentialStore, SessionFileSystem, SessionMutator, SessionResourceRegistry,
23    SessionScheduleStore, SessionSqlDbStoreRef, SessionStorageStore, SessionStore,
24    UserConnectionResolver,
25};
26use everruns_core::typed_id::{AgentId, HarnessId, MessageId, SessionId, TurnId};
27use everruns_core::{
28    Agent, CapabilityRegistry, CapabilityStatus, DependencyBlocker, DriverRegistry, EgressService,
29    Harness, Session, TokenUsage, ToolDefinition, ToolRegistry, UserFacingError, UtilityLlmService,
30    org_public_id_from_internal, resolve_runtime_capabilities,
31};
32use std::sync::Arc;
33use tracing::warn;
34
35/// Turn context loaded in one batched call for runtime host execution.
36#[derive(Debug, Clone)]
37pub struct RuntimeHostTurnContext {
38    pub agent: Option<Agent>,
39    pub session: Session,
40    pub messages: Vec<Message>,
41    pub model: Option<ModelWithProvider>,
42    pub mcp_tool_definitions: Vec<ToolDefinition>,
43}
44
45/// Public adapter contract for server-backed or durable runtime hosts.
46///
47/// `everruns-runtime` owns shared host orchestration for both embedded and
48/// durable execution. That includes phase execution (`input -> reason -> act`),
49/// lifecycle emission, and the generic turn-strategy decisions used by durable
50/// or custom hosts.
51///
52/// Host crates implement this trait to provide persistence, session-lifecycle
53/// plumbing, event delivery, and their own orchestration backend. The durable
54/// engine itself remains outside this crate.
55#[async_trait]
56pub trait RuntimeHostAdapter: Send + Sync + Clone + 'static {
57    async fn get_agent(
58        &self,
59        org_id: i64,
60        agent_id: AgentId,
61    ) -> everruns_core::error::Result<Option<Agent>>;
62
63    async fn get_harness(
64        &self,
65        org_id: i64,
66        harness_id: HarnessId,
67    ) -> everruns_core::error::Result<Option<Harness>>;
68
69    async fn set_session_status(
70        &self,
71        org_id: i64,
72        session_id: SessionId,
73        status: SessionStatus,
74    ) -> everruns_core::error::Result<Session>;
75
76    async fn load_turn_context(
77        &self,
78        org_id: i64,
79        session_id: SessionId,
80    ) -> everruns_core::error::Result<RuntimeHostTurnContext>;
81
82    fn capability_registry(&self) -> CapabilityRegistry;
83
84    fn driver_registry(&self) -> DriverRegistry;
85
86    fn harness_store(&self, org_id: i64) -> Arc<dyn HarnessStore>;
87
88    fn agent_store(&self, org_id: i64) -> Arc<dyn AgentStore>;
89
90    fn session_store(&self, org_id: i64) -> Arc<dyn SessionStore>;
91
92    fn session_mutator(&self, org_id: i64) -> Arc<dyn SessionMutator>;
93
94    fn provider_store(&self, org_id: i64) -> Arc<dyn LlmProviderStore>;
95
96    fn message_store(&self) -> Arc<dyn MessageRetriever>;
97
98    fn event_emitter(&self) -> Arc<dyn EventEmitter>;
99
100    fn file_store(&self) -> Arc<dyn SessionFileSystem>;
101
102    fn image_resolver(&self, _org_id: i64) -> Option<Arc<dyn ImageResolver>> {
103        None
104    }
105
106    fn image_artifact_store(&self, _org_id: i64) -> Option<Arc<dyn ImageArtifactStore>> {
107        None
108    }
109
110    fn provider_credential_store(&self, _org_id: i64) -> Option<Arc<dyn ProviderCredentialStore>> {
111        None
112    }
113
114    fn utility_llm_service(&self) -> Option<Arc<dyn UtilityLlmService>> {
115        None
116    }
117
118    fn egress_service(&self) -> Option<Arc<dyn EgressService>> {
119        None
120    }
121
122    fn storage_store(&self) -> Option<Arc<dyn SessionStorageStore>> {
123        None
124    }
125
126    fn memory_store(&self, _org_id: i64) -> Option<Arc<dyn everruns_core::MemoryStoreBackend>> {
127        None
128    }
129
130    fn connection_resolver(&self) -> Option<Arc<dyn UserConnectionResolver>> {
131        None
132    }
133
134    fn sqldb_store(&self) -> Option<SessionSqlDbStoreRef> {
135        None
136    }
137
138    fn leased_resource_store(&self) -> Option<Arc<dyn LeasedResourceStore>> {
139        None
140    }
141
142    fn session_resource_registry(&self) -> Option<Arc<dyn SessionResourceRegistry>> {
143        None
144    }
145
146    fn schedule_store(&self, _org_id: i64) -> Option<Arc<dyn SessionScheduleStore>> {
147        None
148    }
149
150    fn platform_store(
151        &self,
152        _org_id: i64,
153        _session_id: SessionId,
154    ) -> Option<Arc<dyn PlatformStore>> {
155        None
156    }
157
158    fn budget_checker(
159        &self,
160        _org_id: i64,
161        _agent_id: Option<AgentId>,
162    ) -> Option<Arc<dyn BudgetChecker>> {
163        None
164    }
165
166    fn payment_authority(
167        &self,
168        _org_id: i64,
169        _agent_id: Option<AgentId>,
170    ) -> Option<Arc<dyn PaymentAuthority>> {
171        None
172    }
173
174    /// Per-org outbound tool-call rate limiter (TM-TOOL-009).
175    /// Default: `None` (no rate limiting — suitable for in-process / test environments).
176    fn outbound_tool_rate_limiter(
177        &self,
178        _org_id: i64,
179    ) -> Option<Arc<dyn everruns_core::OutboundToolRateLimiter>> {
180        None
181    }
182
183    /// MCP executor routing `mcp_*` tool calls for this session, if the host
184    /// configures MCP (specs/runtime-mcp.md D4). Default: `None`, so hosts
185    /// without scoped MCP servers keep the plain tool registry unchanged.
186    async fn mcp_executor(
187        &self,
188        _org_id: i64,
189        _session_id: SessionId,
190    ) -> Option<Arc<everruns_mcp::McpExecutor>> {
191        None
192    }
193}
194
195struct RuntimeExecutionCapabilities {
196    tool_registry: ToolRegistry,
197    post_tool_hooks: Vec<Arc<dyn everruns_core::PostToolExecHook>>,
198    pre_tool_hooks: Vec<Arc<dyn everruns_core::atoms::PreToolUseHook>>,
199    tool_call_hooks: Vec<Arc<dyn everruns_core::ToolCallHook>>,
200}
201
202/// Collect and finalize user-hook specs for a session from its resolved
203/// capability configs, plus the shared bash dispatcher used to run them.
204///
205/// This is the single place hook specs are gathered so every firing point —
206/// the act path (`load_execution_capabilities`) and the lifecycle firing
207/// points (`execute_reason_activity` for `user_prompt_submit`, turn completion
208/// for `turn_end`, and the server session paths) — applies identical
209/// `finalize_hook_specs` semantics: `{capability_id}:` namespace stamping,
210/// stable default ids, and `disabled_contributions` muting (TM-HOOK-004).
211fn finalize_specs_from_configs(
212    resolved_capability_configs: &[everruns_core::capability_types::AgentCapabilityConfig],
213    capability_registry: &CapabilityRegistry,
214) -> Vec<everruns_core::user_hook_types::UserHookSpec> {
215    let mut hook_contributions: Vec<(String, Vec<everruns_core::user_hook_types::UserHookSpec>)> =
216        Vec::new();
217    let mut disabled_contributions: Vec<String> = Vec::new();
218    for config in resolved_capability_configs {
219        let Some(capability) = capability_registry.get(config.capability_id()) else {
220            continue;
221        };
222        let specs = capability.user_hooks_with_config(&config.config);
223        if !specs.is_empty() {
224            hook_contributions.push((config.capability_id().to_string(), specs));
225        }
226        if config.capability_id() == "user_hooks" {
227            disabled_contributions.extend(
228                everruns_core::capabilities::user_hooks::disabled_contributions(&config.config),
229            );
230        }
231    }
232    everruns_core::hook_adapter::finalize_hook_specs(hook_contributions, &disabled_contributions)
233}
234
235/// Resolve a session's capability configs and collect finalized hook specs.
236/// Used by the lifecycle firing points, which need specs outside the act path.
237/// Returns `(specs, dispatcher)`; `specs` is empty when the session has no
238/// hook-contributing capabilities.
239async fn collect_lifecycle_hook_specs<A: RuntimeHostAdapter>(
240    adapter: &A,
241    org_id: i64,
242    session_id: SessionId,
243    harness_id: HarnessId,
244    agent_id: Option<AgentId>,
245) -> everruns_core::error::Result<(
246    Vec<everruns_core::user_hook_types::UserHookSpec>,
247    Arc<dyn everruns_core::hook_executor::BashHookDispatcher>,
248)> {
249    let capability_registry = adapter.capability_registry();
250    let harness_chain = adapter
251        .harness_store(org_id)
252        .get_harness_chain(harness_id)
253        .await?;
254    if harness_chain.is_empty() {
255        return Err(everruns_core::error::AgentLoopError::harness_not_found(
256            harness_id,
257        ));
258    }
259    let session = adapter
260        .session_store(org_id)
261        .get_session(session_id)
262        .await?
263        .ok_or_else(|| everruns_core::error::AgentLoopError::session_not_found(session_id))?;
264    let agent = match agent_id {
265        Some(agent_id) => adapter.agent_store(org_id).get_agent(agent_id).await?,
266        None => None,
267    };
268    let resolved = resolve_runtime_capabilities(
269        &harness_chain,
270        agent.as_ref(),
271        &session,
272        &capability_registry,
273    );
274    let specs =
275        finalize_specs_from_configs(&resolved.resolved_capability_configs, &capability_registry);
276    let dispatcher: Arc<dyn everruns_core::hook_executor::BashHookDispatcher> = Arc::new(
277        everruns_core::hook_dispatch::VirtualBashHookDispatcher::new(adapter.file_store()),
278    );
279    Ok((specs, dispatcher))
280}
281
282async fn load_execution_capabilities<A: RuntimeHostAdapter>(
283    adapter: &A,
284    org_id: i64,
285    session_id: SessionId,
286    harness_id: HarnessId,
287    agent_id: Option<AgentId>,
288    locale: Option<String>,
289    blueprint_id: Option<&str>,
290) -> everruns_core::error::Result<RuntimeExecutionCapabilities> {
291    let capability_registry = adapter.capability_registry();
292    if let Some(blueprint_id) = blueprint_id {
293        let mut registry = ToolRegistry::with_defaults();
294        let blueprint = capability_registry.blueprint(blueprint_id).ok_or_else(|| {
295            everruns_core::error::AgentLoopError::config(format!(
296                "Blueprint \"{blueprint_id}\" not found in registry"
297            ))
298        })?;
299        for tool in blueprint.tools {
300            registry.register_boxed(tool);
301        }
302        return Ok(RuntimeExecutionCapabilities {
303            tool_registry: registry,
304            post_tool_hooks: Vec::new(),
305            pre_tool_hooks: Vec::new(),
306            tool_call_hooks: Vec::new(),
307        });
308    }
309
310    let harness_chain = adapter
311        .harness_store(org_id)
312        .get_harness_chain(harness_id)
313        .await?;
314    if harness_chain.is_empty() {
315        return Err(everruns_core::error::AgentLoopError::harness_not_found(
316            harness_id,
317        ));
318    }
319
320    let session = adapter
321        .session_store(org_id)
322        .get_session(session_id)
323        .await?
324        .ok_or_else(|| everruns_core::error::AgentLoopError::session_not_found(session_id))?;
325
326    let agent_store = adapter.agent_store(org_id);
327    let agent = match agent_id {
328        Some(agent_id) => Some(
329            agent_store
330                .get_agent(agent_id)
331                .await?
332                .ok_or_else(|| everruns_core::error::AgentLoopError::agent_not_found(agent_id))?,
333        ),
334        None => None,
335    };
336
337    let resolved = resolve_runtime_capabilities(
338        &harness_chain,
339        agent.as_ref(),
340        &session,
341        &capability_registry,
342    );
343    let prompt_ctx = SystemPromptContext {
344        session_id,
345        locale: locale.or(session.locale.clone()),
346        file_store: Some(adapter.file_store()),
347    };
348    let collected = collect_capabilities_with_configs(
349        &resolved.resolved_capability_configs,
350        &capability_registry,
351        &prompt_ctx,
352    )
353    .await;
354
355    let mut registry = ToolRegistry::with_defaults();
356    for tool in collected.tools {
357        registry.register_boxed(tool);
358    }
359
360    // Only `Available` capabilities contribute hooks, matching
361    // `collect_capabilities_with_configs` (which skips non-available
362    // capabilities). This keeps a `ComingSoon`/unavailable capability from
363    // affecting execution via any of its hook seams.
364    let mut post_tool_hooks: Vec<Arc<dyn everruns_core::PostToolExecHook>> = resolved
365        .resolved_capability_configs
366        .iter()
367        .flat_map(|config| {
368            capability_registry
369                .get(config.capability_id())
370                .filter(|capability| capability.status() == CapabilityStatus::Available)
371                .map(|capability| capability.post_tool_exec_hooks())
372                .unwrap_or_default()
373        })
374        .collect();
375
376    // User-hook contributions (see `specs/user-hooks.md`). `finalize_specs_from_configs`
377    // gathers specs across every resolved capability — both the user-facing
378    // `user_hooks` capability and any capability that bundles hooks — and applies
379    // `finalize_hook_specs` (namespace stamping, stable ids, `disabled_contributions`
380    // muting; TM-HOOK-004). The same helper backs the lifecycle firing points so
381    // every event finalizes specs identically.
382    let user_hook_specs =
383        finalize_specs_from_configs(&resolved.resolved_capability_configs, &capability_registry);
384    // Capability-contributed pre-tool hooks run first (e.g. approval gating),
385    // then user-hook (`PreToolUse`) specs. The first hook to block wins.
386    let mut pre_tool_hooks: Vec<Arc<dyn everruns_core::atoms::PreToolUseHook>> = resolved
387        .resolved_capability_configs
388        .iter()
389        .flat_map(|config| {
390            capability_registry
391                .get(config.capability_id())
392                .filter(|capability| capability.status() == CapabilityStatus::Available)
393                .map(|capability| capability.pre_tool_use_hooks())
394                .unwrap_or_default()
395        })
396        .collect();
397    if !user_hook_specs.is_empty() {
398        let dispatcher: Arc<dyn everruns_core::hook_executor::BashHookDispatcher> = Arc::new(
399            everruns_core::hook_dispatch::VirtualBashHookDispatcher::new(adapter.file_store()),
400        );
401        post_tool_hooks.extend(everruns_core::hook_adapter::build_post_tool_use_hooks(
402            &user_hook_specs,
403            dispatcher.clone(),
404        ));
405        pre_tool_hooks.extend(everruns_core::hook_adapter::build_pre_tool_use_hooks(
406            &user_hook_specs,
407            dispatcher,
408        ));
409    }
410
411    let tool_call_hooks = resolved
412        .resolved_capability_configs
413        .iter()
414        .flat_map(|config| {
415            capability_registry
416                .get(config.capability_id())
417                .filter(|capability| capability.status() == CapabilityStatus::Available)
418                .map(|capability| capability.tool_call_hooks())
419                .unwrap_or_default()
420        })
421        .collect();
422
423    Ok(RuntimeExecutionCapabilities {
424        tool_registry: registry,
425        post_tool_hooks,
426        pre_tool_hooks,
427        tool_call_hooks,
428    })
429}
430
431/// Shared lifecycle helper for runtime-backed hosts.
432pub struct RuntimeSessionLifecycle<A: RuntimeHostAdapter> {
433    adapter: A,
434    org_id: i64,
435    session_id: SessionId,
436}
437
438impl<A: RuntimeHostAdapter> RuntimeSessionLifecycle<A> {
439    pub fn new(adapter: A, org_id: i64, session_id: SessionId) -> Self {
440        Self {
441            adapter,
442            org_id,
443            session_id,
444        }
445    }
446
447    async fn set_session_status(&self, status: SessionStatus, action: &'static str) {
448        if let Err(error) = self
449            .adapter
450            .set_session_status(self.org_id, self.session_id, status)
451            .await
452        {
453            warn!(
454                session_id = %self.session_id,
455                org_id = self.org_id,
456                action,
457                %error,
458                "runtime host lifecycle status update failed"
459            );
460        }
461    }
462
463    async fn emit_event(&self, request: EventRequest) {
464        let event_type = request.event_type.clone();
465        if let Err(error) = self.adapter.event_emitter().emit(request).await {
466            warn!(
467                session_id = %self.session_id,
468                org_id = self.org_id,
469                event_type,
470                %error,
471                "runtime host lifecycle event emission failed"
472            );
473        }
474    }
475
476    pub async fn turn_started(&self, turn_id: TurnId, input_message_id: MessageId) {
477        let input_content = self
478            .adapter
479            .message_store()
480            .get(self.session_id, input_message_id)
481            .await
482            .ok()
483            .flatten()
484            .map(|message| message.content_to_llm_string());
485
486        self.set_session_status(SessionStatus::Active, "turn_started")
487            .await;
488
489        self.emit_event(EventRequest::new(
490            self.session_id,
491            EventContext::turn(turn_id, input_message_id),
492            SessionActivatedData {
493                turn_id,
494                input_message_id,
495            },
496        ))
497        .await;
498
499        self.emit_event(EventRequest::new(
500            self.session_id,
501            EventContext::turn(turn_id, input_message_id),
502            TurnStartedData {
503                turn_id,
504                input_message_id,
505                input_content,
506            },
507        ))
508        .await;
509    }
510
511    pub async fn emit_turn_completed(&self, input_message_id: MessageId, data: TurnCompletedData) {
512        let turn_id = data.turn_id;
513        self.emit_event(EventRequest::new(
514            self.session_id,
515            EventContext::turn(turn_id, input_message_id),
516            data,
517        ))
518        .await;
519    }
520
521    pub async fn emit_session_idled(
522        &self,
523        turn_id: TurnId,
524        input_message_id: MessageId,
525        iterations: Option<u32>,
526        usage: Option<TokenUsage>,
527    ) {
528        self.set_session_status(SessionStatus::Idle, "emit_session_idled")
529            .await;
530
531        self.emit_event(EventRequest::new(
532            self.session_id,
533            EventContext::turn(turn_id, input_message_id),
534            SessionIdledData {
535                turn_id,
536                iterations,
537                usage,
538            },
539        ))
540        .await;
541    }
542
543    pub async fn turn_completed(
544        &self,
545        turn_id: TurnId,
546        input_message_id: MessageId,
547        iterations: u32,
548        usage: Option<TokenUsage>,
549        input_content: Option<String>,
550    ) {
551        self.emit_turn_completed(
552            input_message_id,
553            TurnCompletedData {
554                turn_id,
555                iterations,
556                duration_ms: None,
557                usage: usage.clone(),
558                input_content,
559                final_message_id: None,
560                final_answer_preview: None,
561                time_to_first_token_ms: None,
562                tool_call_count: None,
563                llm_call_count: None,
564                status: Some("completed".to_string()),
565            },
566        )
567        .await;
568        self.emit_session_idled(turn_id, input_message_id, Some(iterations), usage)
569            .await;
570    }
571
572    /// Fire `turn_end` lifecycle hooks (advisory). Collects the session's hook
573    /// specs and runs every `turn_end` hook; failures are logged, never fatal.
574    /// `harness_id`/`agent_id` are required to resolve the capability chain.
575    pub async fn fire_turn_end_hooks(
576        &self,
577        harness_id: HarnessId,
578        agent_id: Option<AgentId>,
579        turn_id: TurnId,
580        success: bool,
581    ) {
582        let (specs, dispatcher) = match collect_lifecycle_hook_specs(
583            &self.adapter,
584            self.org_id,
585            self.session_id,
586            harness_id,
587            agent_id,
588        )
589        .await
590        {
591            Ok(pair) => pair,
592            Err(error) => {
593                warn!(
594                    session_id = %self.session_id,
595                    %error,
596                    "failed to collect turn_end hook specs; skipping"
597                );
598                return;
599            }
600        };
601        let hooks = everruns_core::lifecycle_hooks::build_turn_lifecycle_hooks(
602            &specs,
603            everruns_core::user_hook_types::HookEvent::TurnEnd,
604            dispatcher,
605        );
606        if hooks.is_empty() {
607            return;
608        }
609        let ctx = everruns_core::lifecycle_hooks::TurnHookContext {
610            session_id: self.session_id,
611            turn_id: Some(turn_id),
612            org_id: org_public_id_from_internal(self.org_id).parse().ok(),
613            agent_id: agent_id.map(|a| a.to_string()),
614        };
615        everruns_core::lifecycle_hooks::run_turn_end_hooks(
616            &hooks,
617            &ctx,
618            serde_json::json!({ "success": success }),
619        )
620        .await;
621    }
622
623    /// Abort a turn because a `user_prompt_submit` hook returned `Block`.
624    /// Reuses the dependency-blocked failure shape: emit a user-facing message
625    /// carrying the hook's `user_message` (or `reason`), then mark the turn
626    /// failed and idle the session.
627    pub async fn user_prompt_blocked(
628        &self,
629        turn_id: TurnId,
630        input_message_id: MessageId,
631        reason: &str,
632        user_message: Option<&str>,
633    ) {
634        let user_error =
635            UserFacingError::new(everruns_core::user_facing_error_codes::BLOCKED_BY_HOOK);
636        let shown = user_message.unwrap_or(reason);
637        let mut error_message = Message::assistant(shown);
638        let mut metadata = std::collections::HashMap::new();
639        user_error.apply_to_message_metadata(&mut metadata);
640        error_message.metadata = Some(metadata);
641
642        self.emit_event(EventRequest::new(
643            self.session_id,
644            EventContext::turn(turn_id, input_message_id),
645            OutputMessageCompletedData::new(error_message).with_user_facing_error(&user_error),
646        ))
647        .await;
648
649        self.turn_failed(turn_id, input_message_id, reason, Some(&user_error))
650            .await;
651    }
652
653    pub async fn turn_failed(
654        &self,
655        turn_id: TurnId,
656        input_message_id: MessageId,
657        error: &str,
658        user_error: Option<&UserFacingError>,
659    ) {
660        self.set_session_status(SessionStatus::Idle, "turn_failed")
661            .await;
662
663        self.emit_event(EventRequest::new(
664            self.session_id,
665            EventContext::turn(turn_id, input_message_id),
666            {
667                let mut data = TurnFailedData {
668                    turn_id,
669                    error: error.to_string(),
670                    error_code: None,
671                    error_fields: None,
672                };
673                if let Some(user_error) = user_error {
674                    user_error.apply_to_event_fields(&mut data.error_code, &mut data.error_fields);
675                }
676                data
677            },
678        ))
679        .await;
680
681        self.emit_event(EventRequest::new(
682            self.session_id,
683            EventContext::turn(turn_id, input_message_id),
684            SessionIdledData {
685                turn_id,
686                iterations: None,
687                usage: None,
688            },
689        ))
690        .await;
691    }
692
693    pub async fn waiting_for_tool_results(&self) {
694        self.set_session_status(
695            SessionStatus::WaitingForToolResults,
696            "waiting_for_tool_results",
697        )
698        .await;
699    }
700
701    pub async fn dependency_blocked(
702        &self,
703        turn_id: TurnId,
704        input_message_id: MessageId,
705        blocker: DependencyBlocker,
706    ) {
707        let user_error = UserFacingError::new(blocker.error_code())
708            .with_field(
709                "dependency",
710                match blocker {
711                    DependencyBlocker::HarnessArchived | DependencyBlocker::HarnessDeleted => {
712                        "harness"
713                    }
714                    DependencyBlocker::AgentArchived | DependencyBlocker::AgentDeleted => "agent",
715                },
716            )
717            .with_field(
718                "state",
719                match blocker {
720                    DependencyBlocker::HarnessArchived | DependencyBlocker::AgentArchived => {
721                        "archived"
722                    }
723                    DependencyBlocker::HarnessDeleted | DependencyBlocker::AgentDeleted => {
724                        "deleted"
725                    }
726                },
727            );
728        let mut error_message = Message::assistant(blocker.message());
729        let mut metadata = std::collections::HashMap::new();
730        user_error.apply_to_message_metadata(&mut metadata);
731        error_message.metadata = Some(metadata);
732
733        self.emit_event(EventRequest::new(
734            self.session_id,
735            EventContext::turn(turn_id, input_message_id),
736            OutputMessageCompletedData::new(error_message).with_user_facing_error(&user_error),
737        ))
738        .await;
739
740        self.turn_failed(
741            turn_id,
742            input_message_id,
743            blocker.message(),
744            Some(&user_error),
745        )
746        .await;
747    }
748}
749
750pub async fn detect_dependency_blocker<A: RuntimeHostAdapter>(
751    adapter: &A,
752    org_id: i64,
753    harness_id: HarnessId,
754    agent_id: Option<AgentId>,
755) -> everruns_core::error::Result<Option<DependencyBlocker>> {
756    let harness_store = adapter.harness_store(org_id);
757    let agent_store = adapter.agent_store(org_id);
758    everruns_core::detect_dependency_blocker(
759        harness_store.as_ref(),
760        agent_store.as_ref(),
761        harness_id,
762        agent_id,
763    )
764    .await
765}
766
767pub async fn execute_input_activity<A: RuntimeHostAdapter>(
768    adapter: &A,
769    org_id: i64,
770    input: InputAtomInput,
771) -> everruns_core::error::Result<InputAtomResult> {
772    RuntimeSessionLifecycle::new(adapter.clone(), org_id, input.context.session_id)
773        .turn_started(input.context.turn_id, input.context.input_message_id)
774        .await;
775
776    let atom = InputAtom::new(adapter.message_store());
777    atom.execute(input).await
778}
779
780/// Collect `user_prompt_submit` hooks for this turn and run them against the
781/// inbound user message text. Returns `None` when the session has no such
782/// hooks (the common case — no overhead beyond the spec collection, which is
783/// skipped early). Errors loading specs are logged and treated as "no hooks"
784/// so a hook-collection failure never blocks a turn that wasn't asking to be
785/// hooked.
786async fn run_user_prompt_submit_for_turn<A: RuntimeHostAdapter>(
787    adapter: &A,
788    org_id: i64,
789    input: &ReasonInput,
790) -> everruns_core::error::Result<Option<everruns_core::lifecycle_hooks::UserPromptDecision>> {
791    let (specs, dispatcher) = match collect_lifecycle_hook_specs(
792        adapter,
793        org_id,
794        input.context.session_id,
795        input.harness_id,
796        input.agent_id,
797    )
798    .await
799    {
800        Ok(pair) => pair,
801        Err(error) => {
802            warn!(
803                session_id = %input.context.session_id,
804                %error,
805                "failed to collect user_prompt_submit hook specs; continuing without them"
806            );
807            return Ok(None);
808        }
809    };
810    let hooks = everruns_core::lifecycle_hooks::build_turn_lifecycle_hooks(
811        &specs,
812        everruns_core::user_hook_types::HookEvent::UserPromptSubmit,
813        dispatcher,
814    );
815    if hooks.is_empty() {
816        return Ok(None);
817    }
818
819    let message_text = adapter
820        .message_store()
821        .get(input.context.session_id, input.context.input_message_id)
822        .await
823        .ok()
824        .flatten()
825        .map(|m| m.content_to_llm_string())
826        .unwrap_or_default();
827
828    let ctx = everruns_core::lifecycle_hooks::TurnHookContext {
829        session_id: input.context.session_id,
830        turn_id: Some(input.context.turn_id),
831        org_id: org_public_id_from_internal(org_id).parse().ok(),
832        agent_id: input.agent_id.map(|a| a.to_string()),
833    };
834    Ok(Some(
835        everruns_core::lifecycle_hooks::run_user_prompt_submit_hooks(&hooks, &ctx, message_text)
836            .await,
837    ))
838}
839
840pub async fn execute_reason_activity<A: RuntimeHostAdapter>(
841    adapter: &A,
842    org_id: i64,
843    input: ReasonInput,
844) -> everruns_core::error::Result<ReasonResult> {
845    if let Some(blocker) =
846        detect_dependency_blocker(adapter, org_id, input.harness_id, input.agent_id).await?
847    {
848        RuntimeSessionLifecycle::new(adapter.clone(), org_id, input.context.session_id)
849            .dependency_blocked(
850                input.context.turn_id,
851                input.context.input_message_id,
852                blocker,
853            )
854            .await;
855        return Ok(ReasonResult {
856            success: false,
857            text: blocker.message().to_string(),
858            tool_calls: vec![],
859            has_tool_calls: false,
860            tool_definitions: vec![],
861            max_iterations: everruns_core::runtime_agent::default_max_iterations(),
862            error: Some("dependency_unavailable".to_string()),
863            usage: None,
864            output_message_id: None,
865            time_to_first_token_ms: None,
866            response_id: None,
867            locale: None,
868            network_access: None,
869        });
870    }
871
872    // user_prompt_submit hook (see `specs/user-hooks.md`). Fires once per turn,
873    // on the first reason iteration, before the LLM is consulted — the closest
874    // choke point to "inbound user message accepted, before reason" that both
875    // the in-process loop and the durable worker share. A `Block` aborts the
876    // turn by reusing the same failure path as `dependency_blocked`: emit a
877    // user-facing message + turn.failed, idle the session, and return a
878    // non-success `ReasonResult` so no LLM/act work runs.
879    if input.iteration <= 1
880        && let Some(everruns_core::lifecycle_hooks::UserPromptDecision::Block {
881            reason,
882            user_message,
883        }) = run_user_prompt_submit_for_turn(adapter, org_id, &input).await?
884    {
885        RuntimeSessionLifecycle::new(adapter.clone(), org_id, input.context.session_id)
886            .user_prompt_blocked(
887                input.context.turn_id,
888                input.context.input_message_id,
889                &reason,
890                user_message.as_deref(),
891            )
892            .await;
893        return Ok(ReasonResult {
894            success: false,
895            text: user_message.unwrap_or_else(|| reason.clone()),
896            tool_calls: vec![],
897            has_tool_calls: false,
898            tool_definitions: vec![],
899            max_iterations: everruns_core::runtime_agent::default_max_iterations(),
900            error: Some("blocked_by_user_prompt_hook".to_string()),
901            usage: None,
902            output_message_id: None,
903            time_to_first_token_ms: None,
904            response_id: None,
905            locale: None,
906            network_access: None,
907        });
908    }
909
910    let turn_context = adapter
911        .load_turn_context(org_id, input.context.session_id)
912        .await?;
913
914    let mut atom = ReasonAtom::new(
915        adapter.harness_store(org_id),
916        adapter.agent_store(org_id),
917        adapter.session_store(org_id),
918        adapter.message_store(),
919        adapter.provider_store(org_id),
920        adapter.capability_registry(),
921        adapter.driver_registry(),
922        adapter.event_emitter(),
923    )
924    .with_file_store(adapter.file_store());
925    if let Some(image_resolver) = adapter.image_resolver(org_id) {
926        atom = atom.with_image_resolver(image_resolver);
927    }
928
929    atom.execute(ReasonInput {
930        mcp_tool_definitions: turn_context.mcp_tool_definitions,
931        ..input
932    })
933    .await
934}
935
936pub async fn execute_act_activity<A: RuntimeHostAdapter>(
937    adapter: &A,
938    input: ActInput,
939) -> everruns_core::error::Result<ActResult> {
940    let org_id = input.org_id.ok_or_else(|| {
941        everruns_core::error::AgentLoopError::config(
942            "ActInput.org_id must be set for runtime host execution",
943        )
944    })?;
945
946    if let Some(blocker) =
947        detect_dependency_blocker(adapter, org_id, input.harness_id, input.agent_id).await?
948    {
949        RuntimeSessionLifecycle::new(adapter.clone(), org_id, input.context.session_id)
950            .dependency_blocked(
951                input.context.turn_id,
952                input.context.input_message_id,
953                blocker,
954            )
955            .await;
956        return Ok(ActResult {
957            results: vec![],
958            completed: true,
959            success_count: 0,
960            error_count: 1,
961            waiting_for_tool_results: false,
962            blocked: true,
963            client_tool_calls: vec![],
964            client_tool_definitions: vec![],
965        });
966    }
967
968    let execution_capabilities = load_execution_capabilities(
969        adapter,
970        org_id,
971        input.context.session_id,
972        input.harness_id,
973        input.agent_id,
974        input.locale.clone(),
975        input.blueprint_id.as_deref(),
976    )
977    .await?;
978    let mut tool_registry = execution_capabilities.tool_registry;
979
980    // Register the session's MCP tools as first-class registry tools, so they
981    // execute through the regular `ToolExecutor` path and are visible to
982    // everything that introspects the registry (spawn_background, tool_search,
983    // openai_tool_search namespaces, ...). The turn's tool definitions already
984    // include the discovered MCP tools, so no re-discovery is needed; the host's
985    // MCP executor supplies execution (specs/runtime-mcp.md D5).
986    if let Some(mcp) = adapter.mcp_executor(org_id, input.context.session_id).await {
987        let invoker: Arc<dyn everruns_core::McpToolInvoker> = mcp;
988        for tool in everruns_core::build_mcp_proxy_tools(&input.tool_definitions, invoker) {
989            tool_registry.register_boxed(tool);
990        }
991    }
992
993    let builtin_tool_registry = Arc::new(tool_registry.clone());
994    let executor: Arc<dyn everruns_core::traits::ToolExecutor> = Arc::new(tool_registry);
995
996    let mut atom =
997        ActAtom::with_file_store(executor, adapter.event_emitter(), adapter.file_store())
998            .with_session_store(adapter.session_store(org_id))
999            .with_session_mutator(adapter.session_mutator(org_id))
1000            .with_agent_store(adapter.agent_store(org_id))
1001            .with_tool_registry(builtin_tool_registry)
1002            .with_org_id(
1003                org_public_id_from_internal(org_id)
1004                    .parse()
1005                    .expect("internal org id converts to valid public org id"),
1006            )
1007            .with_capability_registry(adapter.capability_registry())
1008            .with_post_tool_hooks(execution_capabilities.post_tool_hooks)
1009            .with_pre_tool_hooks(execution_capabilities.pre_tool_hooks)
1010            .with_tool_call_hooks(execution_capabilities.tool_call_hooks);
1011
1012    if let Some(storage_store) = adapter.storage_store() {
1013        atom = atom.with_storage_store(storage_store);
1014    }
1015    if let Some(image_store) = adapter.image_artifact_store(org_id) {
1016        atom = atom.with_image_store(image_store);
1017    }
1018    if let Some(provider_credential_store) = adapter.provider_credential_store(org_id) {
1019        atom = atom.with_provider_credential_store(provider_credential_store);
1020    }
1021    if let Some(utility_llm_service) = adapter.utility_llm_service() {
1022        atom = atom.with_utility_llm_service(utility_llm_service);
1023    }
1024    if let Some(egress_service) = adapter.egress_service() {
1025        atom = atom.with_egress_service(egress_service);
1026    }
1027    if let Some(memory_store) = adapter.memory_store(org_id) {
1028        atom = atom.with_memory_store(memory_store);
1029    }
1030    if let Some(connection_resolver) = adapter.connection_resolver() {
1031        atom = atom.with_connection_resolver(connection_resolver);
1032    }
1033    if let Some(sqldb_store) = adapter.sqldb_store() {
1034        atom = atom.with_sqldb_store(sqldb_store);
1035    }
1036    if let Some(leased_resource_store) = adapter.leased_resource_store() {
1037        atom = atom.with_leased_resource_store(leased_resource_store);
1038    }
1039    if let Some(registry) = adapter.session_resource_registry() {
1040        atom = atom.with_session_resource_registry(registry);
1041    }
1042    if let Some(schedule_store) = adapter.schedule_store(org_id) {
1043        atom = atom.with_schedule_store(schedule_store);
1044    }
1045    if let Some(platform_store) = adapter.platform_store(org_id, input.context.session_id) {
1046        atom = atom.with_platform_store(platform_store);
1047    }
1048    if let Some(budget_checker) = adapter.budget_checker(org_id, input.agent_id) {
1049        atom = atom.with_budget_checker(budget_checker);
1050    }
1051    if let Some(payment_authority) = adapter.payment_authority(org_id, input.agent_id) {
1052        atom = atom.with_payment_authority(payment_authority);
1053    }
1054    if let Some(limiter) = adapter.outbound_tool_rate_limiter(org_id) {
1055        atom = atom.with_outbound_tool_rate_limiter(limiter);
1056    }
1057
1058    atom.execute(input).await
1059}
everruns_runtime/host.rs

everruns_runtime/
host.rs
