Expand description
/v1/worker/* endpoints (SubAgent self-fetch path).
HTTP /v1/worker/* endpoints (SubAgent self-fetch path).
§7-Entry pointer #6 (Output Event design)
This endpoint accesses OutputStore directly and does NOT go through the engine.
It is one of the seven entry points enumerated in project CLAUDE.md §“Output Event
Design SoT”. For the canonical description, see the crate root doc of
mlua-swarm-output-store (cargo doc -p mlua-swarm-output-store).
§Path
A thin-payload path where a SubAgent (= worker process launched by a MainAI) uses
the capability token it received via WS Spawn to self-fetch its prompt and
submit its result — putting the token in Authorization: Bearer <encoded CapToken>.
§Routes
GET /v1/worker/prompt?task_id=<tid>— viaengine.fetch_worker_payload, returns{task_id, attempt, agent, system?, prompt}.POST /v1/worker/resultwith body{task_id, value, ok}— appends oneFinalto the output tail viaengine.submit_output(Final)(= the canonical path through which the dispatch layer decides Pass/Blocked) and updatestask.last_resultviaengine.post_result.
§Bearer authentication
The Bearer value is the string produced by CapToken::encode() (= URL-safe
base64 of serde_json). The server decodes it with CapToken::decode and then,
inside the engine, verifies HMAC sig + role × verb gate + TTL via
verify_token_for_task (= self-contained capability token; no server-side
store lookup required).
Tokens are minted during the “2) mint outside the lock” phase of
engine.dispatch_attempt (Role::Worker, 600s TTL, scopes=["*"]).
The verb gate covers FetchPrompt / EmitOutput / PostResult — the worker
leaf capability set (crate::types::WORKER_LEAF_VERBS).
Structs§
- Prompt
Query - Query params for
GET /v1/worker/prompt. - Submit
Query POST /v1/worker/submit. Bearer = encodedCapToken. Body = raw text/octet.- Worker
Result Req - Body for
POST /v1/worker/result.
Functions§
- worker_
prompt GET /v1/worker/prompt?task_id=<tid>. Bearer = encodedCapTokenor shortwh-handle. Thin HTTP wrapper overengine.fetch_worker_payload/fetch_worker_payload_trusted. Short-handle path (recommended for SubAgents): handle → task_id cross-check → trusted fetch. Full-CapTokenpath: token decode → verify → fetch.- worker_
result POST /v1/worker/result. Bearer = encodedCapToken. Firesengine.submit_output(Final)+engine.post_result.- worker_
submit POST /v1/worker/submit. Simplified counterpart ofworker_result: the caller sends only the raw result body,task_idis resolved server-side from the Bearer handle/token, andokdefaults totrueunless overridden viaSubmitQuery::ok. See the module doc for the short-handle vs full-CapTokenBearer forms.