nexo-tool-meta 0.1.2

Wire-shape types shared between the Nexo agent runtime and any third-party microapp that consumes its events.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201

//! Phase 83.16 — `nexo/notify/microapp_error` wire shape.
//!
//! When a microapp subprocess misbehaves, the daemon's stdio
//! supervisor emits a structured notification on the broker so
//! operators get an actionable signal in admin-ui, Prometheus,
//! and the audit log — instead of having to tail the
//! microapp's stderr.
//!
//! Four canonical error kinds (forward-compat with `#[non_exhaustive]`):
//!
//! | Kind | When the daemon emits |
//! |---|---|
//! | `InitTimeout` | `initialize` did not return within timeout |
//! | `HandlerPanic` | `tools/call` returned `error.data.unhandled = true` |
//! | `Exit` | Subprocess exited with non-zero code |
//! | `CapabilityDenied` | Microapp called an admin RPC it does not hold |
//!
//! The notification is `{"jsonrpc":"2.0","method":
//! "nexo/notify/microapp_error","params":<MicroappError>}`.

use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};

/// Method string for the JSON-RPC notification.
pub const MICROAPP_ERROR_NOTIFY_METHOD: &str = "nexo/notify/microapp_error";

/// Kind discriminator. `#[non_exhaustive]` so future kinds
/// (e.g. `RateLimitTripped` once 83.16's respawn-throttle
/// follow-up ships) can land non-major.
#[non_exhaustive]
#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum MicroappErrorKind {
    /// Microapp didn't reply to `initialize` within the
    /// configured timeout.
    InitTimeout,
    /// `tools/call` returned an error with
    /// `data.unhandled = true` — i.e. a panic / unhandled
    /// exception inside the microapp's handler.
    HandlerPanic,
    /// Subprocess exited with a non-zero exit code (or
    /// SIGSEGV / SIGTERM / etc).
    Exit,
    /// Microapp issued an admin-RPC call (`nexo/admin/*`)
    /// that it does not hold the capability for.
    CapabilityDenied,
}

impl MicroappErrorKind {
    /// Stable wire string. Matches `serde(rename_all =
    /// "snake_case")` so admin-ui / Prometheus labels stay
    /// consistent.
    pub fn as_wire_str(self) -> &'static str {
        match self {
            MicroappErrorKind::InitTimeout => "init_timeout",
            MicroappErrorKind::HandlerPanic => "handler_panic",
            MicroappErrorKind::Exit => "exit",
            MicroappErrorKind::CapabilityDenied => "capability_denied",
        }
    }
}

/// Notification payload.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct MicroappError {
    /// Operator-facing extension id (`extensions.yaml.entries.<id>`).
    pub microapp_id: String,
    /// Discriminator for the four canonical error categories.
    pub kind: MicroappErrorKind,
    /// JSON-RPC `id` that triggered the error, when applicable.
    /// `None` for `Exit` (no in-flight call) and for boot-time
    /// failures.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub correlation_id: Option<String>,
    /// UTC wall-clock at which the daemon observed the error.
    pub occurred_at: DateTime<Utc>,
    /// One-line human-readable summary surfaced in the admin-ui
    /// hover tooltip and Prometheus annotations. Keep terse —
    /// stack trace goes in `stack_trace`.
    pub summary: String,
    /// Optional multi-line stack trace / traceback. Bounded by
    /// the daemon's stdio reader (16 KiB cap by convention) so
    /// a runaway microapp can't blow up the broker.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub stack_trace: Option<String>,
}

impl MicroappError {
    /// Convenience: build a notification with `Utc::now()` as
    /// the timestamp.
    pub fn new(
        microapp_id: impl Into<String>,
        kind: MicroappErrorKind,
        summary: impl Into<String>,
    ) -> Self {
        Self {
            microapp_id: microapp_id.into(),
            kind,
            correlation_id: None,
            occurred_at: Utc::now(),
            summary: summary.into(),
            stack_trace: None,
        }
    }

    /// Set the JSON-RPC `id` correlation. Use the `app:<uuid>`
    /// id when reporting failures of microapp-initiated outbound
    /// calls.
    pub fn with_correlation_id(mut self, id: impl Into<String>) -> Self {
        self.correlation_id = Some(id.into());
        self
    }

    /// Attach a multi-line stack trace. Daemon caps it at 16 KiB
    /// before broadcasting on the broker.
    pub fn with_stack_trace(mut self, trace: impl Into<String>) -> Self {
        self.stack_trace = Some(trace.into());
        self
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn notify_method_constant_is_stable() {
        // Operators key admin-ui subscriptions on this string —
        // changing it is a breaking wire change.
        assert_eq!(MICROAPP_ERROR_NOTIFY_METHOD, "nexo/notify/microapp_error");
    }

    #[test]
    fn kind_serialises_snake_case() {
        let json = serde_json::to_string(&MicroappErrorKind::InitTimeout).unwrap();
        assert_eq!(json, "\"init_timeout\"");
        let json = serde_json::to_string(&MicroappErrorKind::HandlerPanic).unwrap();
        assert_eq!(json, "\"handler_panic\"");
        let json = serde_json::to_string(&MicroappErrorKind::CapabilityDenied).unwrap();
        assert_eq!(json, "\"capability_denied\"");
        let json = serde_json::to_string(&MicroappErrorKind::Exit).unwrap();
        assert_eq!(json, "\"exit\"");
    }

    #[test]
    fn kind_wire_str_matches_serde() {
        for k in [
            MicroappErrorKind::InitTimeout,
            MicroappErrorKind::HandlerPanic,
            MicroappErrorKind::Exit,
            MicroappErrorKind::CapabilityDenied,
        ] {
            let serde_json = serde_json::to_string(&k).unwrap();
            // serde_json wraps in quotes; strip them.
            let trimmed = serde_json.trim_matches('"');
            assert_eq!(trimmed, k.as_wire_str());
        }
    }

    #[test]
    fn microapp_error_round_trips_full_payload() {
        let err = MicroappError {
            microapp_id: "agent-creator".into(),
            kind: MicroappErrorKind::HandlerPanic,
            correlation_id: Some("12".into()),
            occurred_at: chrono::DateTime::parse_from_rfc3339("2026-05-02T12:00:00Z")
                .unwrap()
                .with_timezone(&Utc),
            summary: "tool 'register' panicked: index out of bounds".into(),
            stack_trace: Some("at handler.rs:42\nat dispatch.rs:118".into()),
        };
        let json = serde_json::to_string(&err).unwrap();
        let back: MicroappError = serde_json::from_str(&json).unwrap();
        assert_eq!(back, err);
    }

    #[test]
    fn microapp_error_optional_fields_skip_when_none() {
        let err = MicroappError::new(
            "agent-creator",
            MicroappErrorKind::Exit,
            "exit code 137 (SIGKILL)",
        );
        let json = serde_json::to_string(&err).unwrap();
        assert!(!json.contains("correlation_id"));
        assert!(!json.contains("stack_trace"));
    }

    #[test]
    fn builder_chain_sets_optional_fields() {
        let err = MicroappError::new(
            "x",
            MicroappErrorKind::CapabilityDenied,
            "needs agents_crud",
        )
        .with_correlation_id("app:abc-123")
        .with_stack_trace("at admin.rs:99");
        assert_eq!(err.correlation_id.as_deref(), Some("app:abc-123"));
        assert_eq!(err.stack_trace.as_deref(), Some("at admin.rs:99"));
    }
}