Skip to main content

Module worker

Module worker 

Source
Expand description

/v1/worker/* endpoints (SubAgent self-fetch path). HTTP /v1/worker/* endpoints (SubAgent self-fetch path).

§7-Entry pointer #6 (Output Event design)

This endpoint accesses OutputStore directly and does NOT go through the engine. It is one of the seven entry points enumerated in project CLAUDE.md §“Output Event Design SoT”. For the canonical description, see the crate root doc of mlua-swarm-output-store (cargo doc -p mlua-swarm-output-store).

§Path

A thin-payload path where a SubAgent (= worker process launched by a MainAI) uses the capability token it received via WS Spawn to self-fetch its prompt and submit its result — putting the token in Authorization: Bearer <encoded CapToken>.

§Routes

  • GET /v1/worker/prompt?task_id=<tid> — via engine.fetch_worker_payload, returns {task_id, attempt, agent, system?, prompt}.
  • POST /v1/worker/result with body {task_id, value, ok} — appends one Final to the output tail via engine.submit_output(Final) (= the canonical path through which the dispatch layer decides Pass/Blocked) and updates task.last_result via engine.post_result.

§Bearer authentication

The Bearer value is the string produced by CapToken::encode() (= URL-safe base64 of serde_json). The server decodes it with CapToken::decode and then, inside the engine, verifies HMAC sig + role × verb gate + TTL via verify_token_for_task (= self-contained capability token; no server-side store lookup required).

Tokens are minted during the “2) mint outside the lock” phase of engine.dispatch_attempt (Role::Worker, 600s TTL, scopes=["*"]). The verb gate covers FetchPrompt / EmitOutput / PostResult — the worker leaf capability set (crate::types::WORKER_LEAF_VERBS).

Structs§

PromptQuery
Query params for GET /v1/worker/prompt.
SubmitQuery
POST /v1/worker/submit. Bearer = encoded CapToken. Body = raw text/octet.
WorkerResultReq
Body for POST /v1/worker/result.

Functions§

worker_prompt
GET /v1/worker/prompt?task_id=<tid>. Bearer = encoded CapToken or short wh- handle. Thin HTTP wrapper over engine.fetch_worker_payload / fetch_worker_payload_trusted. Short-handle path (recommended for SubAgents): handle → task_id cross-check → trusted fetch. Full-CapToken path: token decode → verify → fetch.
worker_result
POST /v1/worker/result. Bearer = encoded CapToken. Fires engine.submit_output(Final) + engine.post_result.
worker_submit
POST /v1/worker/submit. Simplified counterpart of worker_result: the caller sends only the raw result body, task_id is resolved server-side from the Bearer handle/token, and ok defaults to true unless overridden via SubmitQuery::ok. See the module doc for the short-handle vs full-CapToken Bearer forms.