oris_agent_contract/

lib.rs

//! Proposal-only runtime contract for external agents.

use serde::{Deserialize, Serialize};

pub const A2A_PROTOCOL_NAME: &str = "oris.a2a";
pub const A2A_PROTOCOL_VERSION: &str = "0.1.0-experimental";
pub const A2A_PROTOCOL_VERSION_V1: &str = "1.0.0";
pub const A2A_SUPPORTED_PROTOCOL_VERSIONS: [&str; 2] =
    [A2A_PROTOCOL_VERSION_V1, A2A_PROTOCOL_VERSION];

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aProtocol {
    pub name: String,
    pub version: String,
}

impl A2aProtocol {
    pub fn current() -> Self {
        Self {
            name: A2A_PROTOCOL_NAME.to_string(),
            version: A2A_PROTOCOL_VERSION.to_string(),
        }
    }
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub enum A2aCapability {
    Coordination,
    MutationProposal,
    ReplayFeedback,
    SupervisedDevloop,
    EvolutionPublish,
    EvolutionFetch,
    EvolutionRevoke,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aHandshakeRequest {
    pub agent_id: String,
    pub role: AgentRole,
    pub capability_level: AgentCapabilityLevel,
    pub supported_protocols: Vec<A2aProtocol>,
    pub advertised_capabilities: Vec<A2aCapability>,
}

impl A2aHandshakeRequest {
    pub fn supports_protocol_version(&self, version: &str) -> bool {
        self.supported_protocols
            .iter()
            .any(|protocol| protocol.name == A2A_PROTOCOL_NAME && protocol.version == version)
    }

    pub fn supports_current_protocol(&self) -> bool {
        self.supports_protocol_version(A2A_PROTOCOL_VERSION)
    }

    pub fn negotiate_supported_protocol(&self) -> Option<A2aProtocol> {
        for version in A2A_SUPPORTED_PROTOCOL_VERSIONS {
            if self.supports_protocol_version(version) {
                return Some(A2aProtocol {
                    name: A2A_PROTOCOL_NAME.to_string(),
                    version: version.to_string(),
                });
            }
        }
        None
    }
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aHandshakeResponse {
    pub accepted: bool,
    pub negotiated_protocol: Option<A2aProtocol>,
    pub enabled_capabilities: Vec<A2aCapability>,
    pub message: Option<String>,
    pub error: Option<A2aErrorEnvelope>,
}

impl A2aHandshakeResponse {
    pub fn accept(enabled_capabilities: Vec<A2aCapability>) -> Self {
        Self {
            accepted: true,
            negotiated_protocol: Some(A2aProtocol::current()),
            enabled_capabilities,
            message: Some("handshake accepted".to_string()),
            error: None,
        }
    }

    pub fn reject(code: A2aErrorCode, message: impl Into<String>, details: Option<String>) -> Self {
        Self {
            accepted: false,
            negotiated_protocol: None,
            enabled_capabilities: Vec::new(),
            message: Some("handshake rejected".to_string()),
            error: Some(A2aErrorEnvelope {
                code,
                message: message.into(),
                retriable: true,
                details,
            }),
        }
    }
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub enum A2aTaskLifecycleState {
    Queued,
    Running,
    Succeeded,
    Failed,
    Cancelled,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aTaskLifecycleEvent {
    pub task_id: String,
    pub state: A2aTaskLifecycleState,
    pub summary: String,
    pub updated_at_ms: u64,
    pub error: Option<A2aErrorEnvelope>,
}

pub const A2A_TASK_SESSION_PROTOCOL_VERSION: &str = A2A_PROTOCOL_VERSION;

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub enum A2aTaskSessionState {
    Started,
    Dispatched,
    InProgress,
    Completed,
    Failed,
    Cancelled,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aTaskSessionStartRequest {
    pub sender_id: String,
    pub protocol_version: String,
    pub task_id: String,
    pub task_summary: String,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aTaskSessionDispatchRequest {
    pub sender_id: String,
    pub protocol_version: String,
    pub dispatch_id: String,
    pub summary: String,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aTaskSessionProgressRequest {
    pub sender_id: String,
    pub protocol_version: String,
    pub progress_pct: u8,
    pub summary: String,
    pub retryable: bool,
    pub retry_after_ms: Option<u64>,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aTaskSessionCompletionRequest {
    pub sender_id: String,
    pub protocol_version: String,
    pub terminal_state: A2aTaskLifecycleState,
    pub summary: String,
    pub retryable: bool,
    pub retry_after_ms: Option<u64>,
    pub failure_code: Option<A2aErrorCode>,
    pub failure_details: Option<String>,
    pub used_capsule: bool,
    pub capsule_id: Option<String>,
    pub reasoning_steps_avoided: u64,
    pub fallback_reason: Option<String>,
    pub reason_code: Option<ReplayFallbackReasonCode>,
    pub repair_hint: Option<String>,
    pub next_action: Option<ReplayFallbackNextAction>,
    pub confidence: Option<u8>,
    pub task_class_id: String,
    pub task_label: String,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aTaskSessionProgressItem {
    pub progress_pct: u8,
    pub summary: String,
    pub retryable: bool,
    pub retry_after_ms: Option<u64>,
    pub updated_at_ms: u64,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aTaskSessionAck {
    pub session_id: String,
    pub task_id: String,
    pub state: A2aTaskSessionState,
    pub summary: String,
    pub retryable: bool,
    pub retry_after_ms: Option<u64>,
    pub updated_at_ms: u64,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aTaskSessionResult {
    pub terminal_state: A2aTaskLifecycleState,
    pub summary: String,
    pub retryable: bool,
    pub retry_after_ms: Option<u64>,
    pub failure_code: Option<A2aErrorCode>,
    pub failure_details: Option<String>,
    pub replay_feedback: ReplayFeedback,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aTaskSessionCompletionResponse {
    pub ack: A2aTaskSessionAck,
    pub result: A2aTaskSessionResult,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aTaskSessionSnapshot {
    pub session_id: String,
    pub sender_id: String,
    pub task_id: String,
    pub protocol_version: String,
    pub state: A2aTaskSessionState,
    pub created_at_ms: u64,
    pub updated_at_ms: u64,
    pub dispatch_ids: Vec<String>,
    pub progress: Vec<A2aTaskSessionProgressItem>,
    pub result: Option<A2aTaskSessionResult>,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub enum A2aErrorCode {
    UnsupportedProtocol,
    UnsupportedCapability,
    ValidationFailed,
    AuthorizationDenied,
    Timeout,
    Internal,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct A2aErrorEnvelope {
    pub code: A2aErrorCode,
    pub message: String,
    pub retriable: bool,
    pub details: Option<String>,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub enum AgentCapabilityLevel {
    A0,
    A1,
    A2,
    A3,
    A4,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
pub enum ProposalTarget {
    WorkspaceRoot,
    Paths(Vec<String>),
}

#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct AgentTask {
    pub id: String,
    pub description: String,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub enum AgentRole {
    Planner,
    Coder,
    Repair,
    Optimizer,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub enum CoordinationPrimitive {
    Sequential,
    Parallel,
    Conditional,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct CoordinationTask {
    pub id: String,
    pub role: AgentRole,
    pub description: String,
    pub depends_on: Vec<String>,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct CoordinationMessage {
    pub from_role: AgentRole,
    pub to_role: AgentRole,
    pub task_id: String,
    pub content: String,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct CoordinationPlan {
    pub root_goal: String,
    pub primitive: CoordinationPrimitive,
    pub tasks: Vec<CoordinationTask>,
    pub timeout_ms: u64,
    pub max_retries: u32,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct CoordinationResult {
    pub completed_tasks: Vec<String>,
    pub failed_tasks: Vec<String>,
    pub messages: Vec<CoordinationMessage>,
    pub summary: String,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct MutationProposal {
    pub intent: String,
    pub files: Vec<String>,
    pub expected_effect: String,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct ExecutionFeedback {
    pub accepted: bool,
    pub asset_state: Option<String>,
    pub summary: String,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub enum ReplayPlannerDirective {
    SkipPlanner,
    PlanFallback,
}

#[derive(Clone, Copy, Debug, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum ReplayFallbackReasonCode {
    NoCandidateAfterSelect,
    ScoreBelowThreshold,
    CandidateHasNoCapsule,
    MutationPayloadMissing,
    PatchApplyFailed,
    ValidationFailed,
    UnmappedFallbackReason,
}

#[derive(Clone, Copy, Debug, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum ReplayFallbackNextAction {
    PlanFromScratch,
    ValidateSignalsThenPlan,
    RebuildCapsule,
    RegenerateMutationPayload,
    RebasePatchAndRetry,
    RepairAndRevalidate,
    EscalateFailClosed,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct ReplayFallbackContract {
    pub reason_code: ReplayFallbackReasonCode,
    pub fallback_reason: String,
    pub repair_hint: String,
    pub next_action: ReplayFallbackNextAction,
    /// Confidence score in [0, 100].
    pub confidence: u8,
}

pub fn infer_replay_fallback_reason_code(reason: &str) -> Option<ReplayFallbackReasonCode> {
    let normalized = reason.trim().to_ascii_lowercase();
    if normalized.is_empty() {
        return None;
    }
    if normalized == "no_candidate_after_select" || normalized.contains("no matching gene") {
        return Some(ReplayFallbackReasonCode::NoCandidateAfterSelect);
    }
    if normalized == "score_below_threshold" || normalized.contains("below replay threshold") {
        return Some(ReplayFallbackReasonCode::ScoreBelowThreshold);
    }
    if normalized == "candidate_has_no_capsule" || normalized.contains("has no capsule") {
        return Some(ReplayFallbackReasonCode::CandidateHasNoCapsule);
    }
    if normalized == "mutation_payload_missing" || normalized.contains("payload missing") {
        return Some(ReplayFallbackReasonCode::MutationPayloadMissing);
    }
    if normalized == "patch_apply_failed" || normalized.contains("patch apply failed") {
        return Some(ReplayFallbackReasonCode::PatchApplyFailed);
    }
    if normalized == "validation_failed" || normalized.contains("validation failed") {
        return Some(ReplayFallbackReasonCode::ValidationFailed);
    }
    None
}

pub fn normalize_replay_fallback_contract(
    planner_directive: &ReplayPlannerDirective,
    fallback_reason: Option<&str>,
    reason_code: Option<ReplayFallbackReasonCode>,
    repair_hint: Option<&str>,
    next_action: Option<ReplayFallbackNextAction>,
    confidence: Option<u8>,
) -> Option<ReplayFallbackContract> {
    if !matches!(planner_directive, ReplayPlannerDirective::PlanFallback) {
        return None;
    }

    let normalized_reason = normalize_optional_text(fallback_reason);
    let normalized_repair_hint = normalize_optional_text(repair_hint);
    let mut resolved_reason_code = reason_code
        .or_else(|| {
            normalized_reason
                .as_deref()
                .and_then(infer_replay_fallback_reason_code)
        })
        .unwrap_or(ReplayFallbackReasonCode::UnmappedFallbackReason);
    let mut defaults = replay_fallback_defaults(&resolved_reason_code);

    let mut force_fail_closed = false;
    if let Some(provided_action) = next_action {
        if provided_action != defaults.next_action {
            resolved_reason_code = ReplayFallbackReasonCode::UnmappedFallbackReason;
            defaults = replay_fallback_defaults(&resolved_reason_code);
            force_fail_closed = true;
        }
    }

    Some(ReplayFallbackContract {
        reason_code: resolved_reason_code,
        fallback_reason: normalized_reason.unwrap_or_else(|| defaults.fallback_reason.to_string()),
        repair_hint: normalized_repair_hint.unwrap_or_else(|| defaults.repair_hint.to_string()),
        next_action: if force_fail_closed {
            defaults.next_action
        } else {
            next_action.unwrap_or(defaults.next_action)
        },
        confidence: if force_fail_closed {
            defaults.confidence
        } else {
            confidence.unwrap_or(defaults.confidence).min(100)
        },
    })
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct ReplayFeedback {
    pub used_capsule: bool,
    pub capsule_id: Option<String>,
    pub planner_directive: ReplayPlannerDirective,
    pub reasoning_steps_avoided: u64,
    pub fallback_reason: Option<String>,
    pub reason_code: Option<ReplayFallbackReasonCode>,
    pub repair_hint: Option<String>,
    pub next_action: Option<ReplayFallbackNextAction>,
    pub confidence: Option<u8>,
    pub task_class_id: String,
    pub task_label: String,
    pub summary: String,
}

#[derive(Clone, Copy, Debug, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum MutationNeededFailureReasonCode {
    PolicyDenied,
    ValidationFailed,
    UnsafePatch,
    Timeout,
    MutationPayloadMissing,
    UnknownFailClosed,
}

#[derive(Clone, Copy, Debug, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "snake_case")]
pub enum MutationNeededRecoveryAction {
    NarrowScopeAndRetry,
    RepairAndRevalidate,
    ProduceSafePatch,
    ReduceExecutionBudget,
    RegenerateMutationPayload,
    EscalateFailClosed,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct MutationNeededFailureContract {
    pub reason_code: MutationNeededFailureReasonCode,
    pub failure_reason: String,
    pub recovery_hint: String,
    pub recovery_action: MutationNeededRecoveryAction,
    pub fail_closed: bool,
}

pub fn infer_mutation_needed_failure_reason_code(
    reason: &str,
) -> Option<MutationNeededFailureReasonCode> {
    let normalized = reason.trim().to_ascii_lowercase();
    if normalized.is_empty() {
        return None;
    }
    if normalized.contains("mutation payload missing") || normalized == "mutation_payload_missing" {
        return Some(MutationNeededFailureReasonCode::MutationPayloadMissing);
    }
    if normalized.contains("command timed out") || normalized.contains(" timeout") {
        return Some(MutationNeededFailureReasonCode::Timeout);
    }
    if normalized.contains("patch rejected")
        || normalized.contains("patch apply failed")
        || normalized.contains("target violation")
        || normalized.contains("unsafe patch")
    {
        return Some(MutationNeededFailureReasonCode::UnsafePatch);
    }
    if normalized.contains("validation failed") {
        return Some(MutationNeededFailureReasonCode::ValidationFailed);
    }
    if normalized.contains("command denied by policy")
        || normalized.contains("rejected task")
        || normalized.contains("unsupported task outside the bounded scope")
        || normalized.contains("budget exceeds bounded policy")
    {
        return Some(MutationNeededFailureReasonCode::PolicyDenied);
    }
    None
}

pub fn normalize_mutation_needed_failure_contract(
    failure_reason: Option<&str>,
    reason_code: Option<MutationNeededFailureReasonCode>,
) -> MutationNeededFailureContract {
    let normalized_reason = normalize_optional_text(failure_reason);
    let resolved_reason_code = reason_code
        .or_else(|| {
            normalized_reason
                .as_deref()
                .and_then(infer_mutation_needed_failure_reason_code)
        })
        .unwrap_or(MutationNeededFailureReasonCode::UnknownFailClosed);
    let defaults = mutation_needed_failure_defaults(&resolved_reason_code);

    MutationNeededFailureContract {
        reason_code: resolved_reason_code,
        failure_reason: normalized_reason.unwrap_or_else(|| defaults.failure_reason.to_string()),
        recovery_hint: defaults.recovery_hint.to_string(),
        recovery_action: defaults.recovery_action,
        fail_closed: true,
    }
}

fn normalize_optional_text(value: Option<&str>) -> Option<String> {
    let trimmed = value?.trim();
    if trimmed.is_empty() {
        None
    } else {
        Some(trimmed.to_string())
    }
}

#[derive(Clone, Copy)]
struct ReplayFallbackDefaults {
    fallback_reason: &'static str,
    repair_hint: &'static str,
    next_action: ReplayFallbackNextAction,
    confidence: u8,
}

fn replay_fallback_defaults(reason_code: &ReplayFallbackReasonCode) -> ReplayFallbackDefaults {
    match reason_code {
        ReplayFallbackReasonCode::NoCandidateAfterSelect => ReplayFallbackDefaults {
            fallback_reason: "no matching gene",
            repair_hint:
                "No reusable capsule matched deterministic signals; run planner for a minimal patch.",
            next_action: ReplayFallbackNextAction::PlanFromScratch,
            confidence: 92,
        },
        ReplayFallbackReasonCode::ScoreBelowThreshold => ReplayFallbackDefaults {
            fallback_reason: "candidate score below replay threshold",
            repair_hint:
                "Best replay candidate is below threshold; validate task signals and re-plan.",
            next_action: ReplayFallbackNextAction::ValidateSignalsThenPlan,
            confidence: 86,
        },
        ReplayFallbackReasonCode::CandidateHasNoCapsule => ReplayFallbackDefaults {
            fallback_reason: "candidate gene has no capsule",
            repair_hint: "Matched gene has no executable capsule; rebuild capsule from planner output.",
            next_action: ReplayFallbackNextAction::RebuildCapsule,
            confidence: 80,
        },
        ReplayFallbackReasonCode::MutationPayloadMissing => ReplayFallbackDefaults {
            fallback_reason: "mutation payload missing from store",
            repair_hint:
                "Mutation payload is missing; regenerate and persist a minimal mutation payload.",
            next_action: ReplayFallbackNextAction::RegenerateMutationPayload,
            confidence: 76,
        },
        ReplayFallbackReasonCode::PatchApplyFailed => ReplayFallbackDefaults {
            fallback_reason: "replay patch apply failed",
            repair_hint: "Replay patch cannot be applied cleanly; rebase patch and retry planning.",
            next_action: ReplayFallbackNextAction::RebasePatchAndRetry,
            confidence: 68,
        },
        ReplayFallbackReasonCode::ValidationFailed => ReplayFallbackDefaults {
            fallback_reason: "replay validation failed",
            repair_hint: "Replay validation failed; produce a repair mutation and re-run validation.",
            next_action: ReplayFallbackNextAction::RepairAndRevalidate,
            confidence: 64,
        },
        ReplayFallbackReasonCode::UnmappedFallbackReason => ReplayFallbackDefaults {
            fallback_reason: "unmapped replay fallback reason",
            repair_hint:
                "Fallback reason is unmapped; fail closed and require explicit planner intervention.",
            next_action: ReplayFallbackNextAction::EscalateFailClosed,
            confidence: 0,
        },
    }
}

#[derive(Clone, Copy)]
struct MutationNeededFailureDefaults {
    failure_reason: &'static str,
    recovery_hint: &'static str,
    recovery_action: MutationNeededRecoveryAction,
}

fn mutation_needed_failure_defaults(
    reason_code: &MutationNeededFailureReasonCode,
) -> MutationNeededFailureDefaults {
    match reason_code {
        MutationNeededFailureReasonCode::PolicyDenied => MutationNeededFailureDefaults {
            failure_reason: "mutation needed denied by bounded execution policy",
            recovery_hint:
                "Narrow changed scope to the approved docs boundary and re-run with explicit approval.",
            recovery_action: MutationNeededRecoveryAction::NarrowScopeAndRetry,
        },
        MutationNeededFailureReasonCode::ValidationFailed => MutationNeededFailureDefaults {
            failure_reason: "mutation needed validation failed",
            recovery_hint:
                "Repair mutation and re-run validation to produce a deterministic pass before capture.",
            recovery_action: MutationNeededRecoveryAction::RepairAndRevalidate,
        },
        MutationNeededFailureReasonCode::UnsafePatch => MutationNeededFailureDefaults {
            failure_reason: "mutation needed rejected unsafe patch",
            recovery_hint:
                "Generate a safer minimal diff confined to approved paths and verify patch applicability.",
            recovery_action: MutationNeededRecoveryAction::ProduceSafePatch,
        },
        MutationNeededFailureReasonCode::Timeout => MutationNeededFailureDefaults {
            failure_reason: "mutation needed execution timed out",
            recovery_hint:
                "Reduce execution budget or split the mutation into smaller steps before retrying.",
            recovery_action: MutationNeededRecoveryAction::ReduceExecutionBudget,
        },
        MutationNeededFailureReasonCode::MutationPayloadMissing => MutationNeededFailureDefaults {
            failure_reason: "mutation payload missing from store",
            recovery_hint: "Regenerate and persist mutation payload before retrying mutation-needed.",
            recovery_action: MutationNeededRecoveryAction::RegenerateMutationPayload,
        },
        MutationNeededFailureReasonCode::UnknownFailClosed => MutationNeededFailureDefaults {
            failure_reason: "mutation needed failed with unmapped reason",
            recovery_hint:
                "Unknown failure class; fail closed and require explicit maintainer triage before retry.",
            recovery_action: MutationNeededRecoveryAction::EscalateFailClosed,
        },
    }
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub enum BoundedTaskClass {
    DocsSingleFile,
    DocsMultiFile,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub struct HumanApproval {
    pub approved: bool,
    pub approver: Option<String>,
    pub note: Option<String>,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct SupervisedDevloopRequest {
    pub task: AgentTask,
    pub proposal: MutationProposal,
    pub approval: HumanApproval,
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub enum SupervisedDevloopStatus {
    AwaitingApproval,
    RejectedByPolicy,
    FailedClosed,
    Executed,
}

#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct SupervisedDevloopOutcome {
    pub task_id: String,
    pub task_class: Option<BoundedTaskClass>,
    pub status: SupervisedDevloopStatus,
    pub execution_feedback: Option<ExecutionFeedback>,
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub failure_contract: Option<MutationNeededFailureContract>,
    pub summary: String,
}

#[cfg(test)]
mod tests {
    use super::*;

    fn handshake_request_with_versions(versions: &[&str]) -> A2aHandshakeRequest {
        A2aHandshakeRequest {
            agent_id: "agent-test".into(),
            role: AgentRole::Planner,
            capability_level: AgentCapabilityLevel::A2,
            supported_protocols: versions
                .iter()
                .map(|version| A2aProtocol {
                    name: A2A_PROTOCOL_NAME.into(),
                    version: (*version).into(),
                })
                .collect(),
            advertised_capabilities: vec![A2aCapability::Coordination],
        }
    }

    #[test]
    fn negotiate_supported_protocol_prefers_v1_when_available() {
        let req = handshake_request_with_versions(&[A2A_PROTOCOL_VERSION, A2A_PROTOCOL_VERSION_V1]);
        let negotiated = req
            .negotiate_supported_protocol()
            .expect("expected protocol negotiation success");
        assert_eq!(negotiated.name, A2A_PROTOCOL_NAME);
        assert_eq!(negotiated.version, A2A_PROTOCOL_VERSION_V1);
    }

    #[test]
    fn negotiate_supported_protocol_falls_back_to_experimental() {
        let req = handshake_request_with_versions(&[A2A_PROTOCOL_VERSION]);
        let negotiated = req
            .negotiate_supported_protocol()
            .expect("expected protocol negotiation success");
        assert_eq!(negotiated.version, A2A_PROTOCOL_VERSION);
    }

    #[test]
    fn negotiate_supported_protocol_returns_none_without_overlap() {
        let req = handshake_request_with_versions(&["0.0.1"]);
        assert!(req.negotiate_supported_protocol().is_none());
    }

    #[test]
    fn normalize_replay_fallback_contract_maps_known_reason() {
        let contract = normalize_replay_fallback_contract(
            &ReplayPlannerDirective::PlanFallback,
            Some("no matching gene"),
            None,
            None,
            None,
            None,
        )
        .expect("contract should exist");

        assert_eq!(
            contract.reason_code,
            ReplayFallbackReasonCode::NoCandidateAfterSelect
        );
        assert_eq!(
            contract.next_action,
            ReplayFallbackNextAction::PlanFromScratch
        );
        assert_eq!(contract.confidence, 92);
    }

    #[test]
    fn normalize_replay_fallback_contract_fails_closed_for_unknown_reason() {
        let contract = normalize_replay_fallback_contract(
            &ReplayPlannerDirective::PlanFallback,
            Some("something unexpected"),
            None,
            None,
            None,
            None,
        )
        .expect("contract should exist");

        assert_eq!(
            contract.reason_code,
            ReplayFallbackReasonCode::UnmappedFallbackReason
        );
        assert_eq!(
            contract.next_action,
            ReplayFallbackNextAction::EscalateFailClosed
        );
        assert_eq!(contract.confidence, 0);
    }

    #[test]
    fn normalize_replay_fallback_contract_rejects_conflicting_next_action() {
        let contract = normalize_replay_fallback_contract(
            &ReplayPlannerDirective::PlanFallback,
            Some("replay validation failed"),
            Some(ReplayFallbackReasonCode::ValidationFailed),
            None,
            Some(ReplayFallbackNextAction::PlanFromScratch),
            Some(88),
        )
        .expect("contract should exist");

        assert_eq!(
            contract.reason_code,
            ReplayFallbackReasonCode::UnmappedFallbackReason
        );
        assert_eq!(
            contract.next_action,
            ReplayFallbackNextAction::EscalateFailClosed
        );
        assert_eq!(contract.confidence, 0);
    }

    #[test]
    fn normalize_mutation_needed_failure_contract_maps_policy_denied() {
        let contract = normalize_mutation_needed_failure_contract(
            Some("supervised devloop rejected task because it is outside bounded scope"),
            None,
        );

        assert_eq!(
            contract.reason_code,
            MutationNeededFailureReasonCode::PolicyDenied
        );
        assert_eq!(
            contract.recovery_action,
            MutationNeededRecoveryAction::NarrowScopeAndRetry
        );
        assert!(contract.fail_closed);
    }

    #[test]
    fn normalize_mutation_needed_failure_contract_maps_timeout() {
        let contract = normalize_mutation_needed_failure_contract(
            Some("command timed out: git apply --check patch.diff"),
            None,
        );

        assert_eq!(
            contract.reason_code,
            MutationNeededFailureReasonCode::Timeout
        );
        assert_eq!(
            contract.recovery_action,
            MutationNeededRecoveryAction::ReduceExecutionBudget
        );
        assert!(contract.fail_closed);
    }

    #[test]
    fn normalize_mutation_needed_failure_contract_fails_closed_for_unknown_reason() {
        let contract =
            normalize_mutation_needed_failure_contract(Some("unexpected runner panic"), None);

        assert_eq!(
            contract.reason_code,
            MutationNeededFailureReasonCode::UnknownFailClosed
        );
        assert_eq!(
            contract.recovery_action,
            MutationNeededRecoveryAction::EscalateFailClosed
        );
        assert!(contract.fail_closed);
    }
}

/// Hub trust tier - defines operational permissions for a Hub
#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
pub enum HubTrustTier {
    /// Full trust - allows all operations (internal/private Hub)
    Full,
    /// Read-only - allows only read operations (public Hub)
    ReadOnly,
}

/// Hub operation class - classifies the type of A2A operation
#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Hash)]
pub enum HubOperationClass {
    Hello,
    Fetch,
    Publish,
    Revoke,
    TaskClaim,
    TaskComplete,
    WorkerRegister,
    Recipe,
    Session,
    Dispute,
    Swarm,
}

impl HubOperationClass {
    /// Returns true if the operation is read-only (allowed for ReadOnly hubs)
    pub fn is_read_only(&self) -> bool {
        matches!(self, HubOperationClass::Hello | HubOperationClass::Fetch)
    }
}

/// Hub profile - describes a Hub's capabilities and configuration
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct HubProfile {
    pub hub_id: String,
    pub base_url: String,
    pub trust_tier: HubTrustTier,
    /// Priority for hub selection (higher = preferred)
    pub priority: u32,
    /// Optional health check endpoint
    pub health_url: Option<String>,
}

impl HubProfile {
    /// Check if this hub allows the given operation class
    pub fn allows_operation(&self, operation: &HubOperationClass) -> bool {
        match &self.trust_tier {
            HubTrustTier::Full => true,
            HubTrustTier::ReadOnly => operation.is_read_only(),
        }
    }
}

/// Hub selection policy - defines how to choose between multiple hubs
#[derive(Clone, Debug)]
pub struct HubSelectionPolicy {
    /// Map operation class to allowed trust tiers
    pub allowed_tiers_for_operation: Vec<(HubOperationClass, Vec<HubTrustTier>)>,
    /// Default trust tiers if no specific mapping
    pub default_allowed_tiers: Vec<HubTrustTier>,
}

impl Default for HubSelectionPolicy {
    fn default() -> Self {
        Self {
            allowed_tiers_for_operation: vec![
                (
                    HubOperationClass::Hello,
                    vec![HubTrustTier::Full, HubTrustTier::ReadOnly],
                ),
                (
                    HubOperationClass::Fetch,
                    vec![HubTrustTier::Full, HubTrustTier::ReadOnly],
                ),
                // All write operations require Full trust
                (HubOperationClass::Publish, vec![HubTrustTier::Full]),
                (HubOperationClass::Revoke, vec![HubTrustTier::Full]),
                (HubOperationClass::TaskClaim, vec![HubTrustTier::Full]),
                (HubOperationClass::TaskComplete, vec![HubTrustTier::Full]),
                (HubOperationClass::WorkerRegister, vec![HubTrustTier::Full]),
                (HubOperationClass::Recipe, vec![HubTrustTier::Full]),
                (HubOperationClass::Session, vec![HubTrustTier::Full]),
                (HubOperationClass::Dispute, vec![HubTrustTier::Full]),
                (HubOperationClass::Swarm, vec![HubTrustTier::Full]),
            ],
            default_allowed_tiers: vec![HubTrustTier::Full],
        }
    }
}

impl HubSelectionPolicy {
    /// Get allowed trust tiers for a given operation
    pub fn allowed_tiers(&self, operation: &HubOperationClass) -> &[HubTrustTier] {
        self.allowed_tiers_for_operation
            .iter()
            .find(|(op, _)| op == operation)
            .map(|(_, tiers)| tiers.as_slice())
            .unwrap_or(&self.default_allowed_tiers)
    }
}