1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
//! Type definitions for the durable observability layer.
//!
//! These types build on the live event vocabulary in
//! [`crate::harness::events`] to add **durability**: an envelope
//! ([`AgentObservation`]) that carries the run lineage and a timestamp so a
//! single event can be journaled, replayed, and correlated across a recursive
//! run tree; pluggable journal and status traits; and a set of
//! [`EventListener`] sinks that fan out, redact, and persist events.
//!
//! All public items here are re-exported through [`super`]. Trait
//! implementations, sink logic, and tests live in the sibling `mod.rs` and
//! `test.rs` files.
use HashMap;
use ;
use async_trait;
use ;
use crateResult;
use crate;
use crate;
use crate;
// ---------------------------------------------------------------------------
// AgentObservation
// ---------------------------------------------------------------------------
/// A durable observability envelope around an [`AgentEvent`].
///
/// Where [`crate::harness::events::EventRecord`] is the lightweight,
/// in-process fan-out record (just id, offset, and event), an
/// `AgentObservation` adds everything a durable journal or external trace
/// needs to correlate the event without an in-memory broadcast: the run's
/// `run_id`, its `parent_run_id` / `root_run_id` lineage, the stream `offset`,
/// and a wall-clock `ts_ms` timestamp.
// ---------------------------------------------------------------------------
// HarnessEventJournal
// ---------------------------------------------------------------------------
/// A durable, append-only journal of [`AgentObservation`]s keyed by run id.
///
/// Journals decouple durable replay from live broadcast: a UI or supervisor
/// can attach after a run has started and reconstruct history by reading from
/// a known offset rather than relying on having subscribed to an in-memory
/// [`crate::harness::events::EventSink`].
/// In-memory [`HarnessEventJournal`] backed by a per-run `Vec`.
///
/// Cheaply clonable through an inner [`Arc`]; clones share the same streams.
/// There is no durability — entries are lost when the last clone drops.
/// [`HarnessEventJournal`] backed by any [`AppendStore`].
///
/// Each run's observations are appended to the store under a stream named by
/// the run id, so `read_from` resumes from a durable offset. Pair with
/// [`crate::harness::store::JsonlAppendStore`] for a local durable journal or
/// [`crate::harness::store::InMemoryAppendStore`] for deterministic tests.
// ---------------------------------------------------------------------------
// HarnessStatusStore
// ---------------------------------------------------------------------------
/// A readable status surface for harness runs.
///
/// Status records are overwritten by `run_id` ("what is running now?") in
/// contrast to the append-only journal ("what happened?"). Writes must stay
/// compact: counters, ids, phase, error summaries, and timestamps — never full
/// prompts or provider payloads (see [`HarnessRunStatus`]).
/// In-memory [`HarnessStatusStore`] backed by a `run_id → status` map.
///
/// Cheaply clonable through an inner [`Arc`]; clones share the same map.
// ---------------------------------------------------------------------------
// Sinks
// ---------------------------------------------------------------------------
/// An [`EventListener`] that broadcasts every record to N inner listeners.
///
/// Listeners are notified in registration order. A failure or panic in one
/// listener is not isolated, so listeners should themselves be best-effort.
/// An [`EventListener`] that masks configured secret substrings in an event's
/// string fields before forwarding to an inner listener.
///
/// Redaction is generic: the event is serialized to JSON, every string value
/// (at any depth) has each secret substring replaced by the mask, and the
/// result is deserialized back into an [`AgentEvent`]. If (de)serialization
/// fails the original record is forwarded unchanged so observability is never
/// silently dropped.
/// An [`EventListener`] that writes each event as an [`AgentObservation`] into
/// a [`HarnessEventJournal`].
///
/// The sink is configured with the emitting run's lineage; each received
/// [`EventRecord`] is wrapped into an [`AgentObservation`] and appended. The
/// async append is bridged synchronously with `futures::executor::block_on`,
/// and append errors are swallowed so a failing journal never aborts the run.
///
/// [`EventRecord`]: crate::harness::events::EventRecord
/// An [`EventListener`] that appends each [`EventRecord`] as a JSON line into a
/// [`JsonlAppendStore`] stream.
///
/// This is the lightweight durable sink: it persists the live record (id,
/// offset, event) under a fixed stream name. The async append is bridged
/// synchronously and errors are swallowed (best-effort).
///
/// [`EventRecord`]: crate::harness::events::EventRecord
/// Returns the current time in Unix-epoch milliseconds, saturating at `0`.
pub