refactor(runtime): consolidate followup, gateway, and provider dedupe paths

2026-05-08 00:31:24 +00:00 · 2026-02-22 14:06:03 +00:00
parent 38752338dc
commit d116bcfb14
36 changed files with 848 additions and 908 deletions
--- a/src/gateway/protocol/schema/exec-approvals.ts
+++ b/src/gateway/protocol/schema/exec-approvals.ts
@@ -12,22 +12,20 @@ export const ExecApprovalsAllowlistEntrySchema = Type.Object(
  { additionalProperties: false },
 );

-export const ExecApprovalsDefaultsSchema = Type.Object(
-  {
-    security: Type.Optional(Type.String()),
-    ask: Type.Optional(Type.String()),
-    askFallback: Type.Optional(Type.String()),
-    autoAllowSkills: Type.Optional(Type.Boolean()),
-  },
-  { additionalProperties: false },
-);
+const ExecApprovalsPolicyFields = {
+  security: Type.Optional(Type.String()),
+  ask: Type.Optional(Type.String()),
+  askFallback: Type.Optional(Type.String()),
+  autoAllowSkills: Type.Optional(Type.Boolean()),
+};
+
+export const ExecApprovalsDefaultsSchema = Type.Object(ExecApprovalsPolicyFields, {
+  additionalProperties: false,
+});

 export const ExecApprovalsAgentSchema = Type.Object(
  {
-    security: Type.Optional(Type.String()),
-    ask: Type.Optional(Type.String()),
-    askFallback: Type.Optional(Type.String()),
-    autoAllowSkills: Type.Optional(Type.Boolean()),
+    ...ExecApprovalsPolicyFields,
    allowlist: Type.Optional(Type.Array(ExecApprovalsAllowlistEntrySchema)),
  },
  { additionalProperties: false },
--- a/src/gateway/server/ws-connection/message-handler.ts
+++ b/src/gateway/server/ws-connection/message-handler.ts
@@ -622,19 +622,22 @@ export function attachGatewayWsMessageHandler(params: {
              `security audit: device access upgrade requested reason=${reason} device=${device.id} ip=${reportedClientIp ?? "unknown-ip"} auth=${authMethod} roleFrom=${formatAuditList(currentRoles)} roleTo=${role} scopesFrom=${formatAuditList(currentScopes)} scopesTo=${formatAuditList(scopes)} client=${connectParams.client.id} conn=${connId}`,
            );
          };
+          const clientAccessMetadata = {
+            displayName: connectParams.client.displayName,
+            platform: connectParams.client.platform,
+            clientId: connectParams.client.id,
+            clientMode: connectParams.client.mode,
+            role,
+            scopes,
+            remoteIp: reportedClientIp,
+          };
          const requirePairing = async (
            reason: "not-paired" | "role-upgrade" | "scope-upgrade",
          ) => {
            const pairing = await requestDevicePairing({
              deviceId: device.id,
              publicKey: devicePublicKey,
-              displayName: connectParams.client.displayName,
-              platform: connectParams.client.platform,
-              clientId: connectParams.client.id,
-              clientMode: connectParams.client.mode,
-              role,
-              scopes,
-              remoteIp: reportedClientIp,
+              ...clientAccessMetadata,
              silent: isLocalClient && reason === "not-paired",
            });
            const context = buildRequestContext();
@@ -735,15 +738,7 @@ export function attachGatewayWsMessageHandler(params: {
              }
            }

-            await updatePairedDeviceMetadata(device.id, {
-              displayName: connectParams.client.displayName,
-              platform: connectParams.client.platform,
-              clientId: connectParams.client.id,
-              clientMode: connectParams.client.mode,
-              role,
-              scopes,
-              remoteIp: reportedClientIp,
-            });
+            await updatePairedDeviceMetadata(device.id, clientAccessMetadata);
          }
        }