feat: extract pipeline core for library consumption (#282)

* feat: extract pipeline core for library consumption

* fix: chmod workspace directory for container write access

* fix: resolve playwright output dir relative to deliverables parent

* feat: add multi-provider LLM support via ProviderConfig

* fix: resolve model overrides via options.model, remove unused model env passthrough

* fix: use ANTHROPIC_AUTH_TOKEN for custom base URL and router auth

* fix: skip env-based credential validation when providerConfig is present

* fix: support large UID/GID values for AD/LDAP users in container

apps/worker/src/interfaces/checkpoint-provider.ts

@@ -0,0 +1,26 @@
+/**
+ * CheckpointProvider — injectable interface for external state persistence.
+ *
+ * Called after each agent completes to allow external progress tracking.
+ * During the concurrent vulnerability-exploitation phase, 5 pipelines run
+ * in parallel — onAgentComplete fires per-agent for granular progress.
+ *
+ * Default: no-op.
+ */
+
+import type { PipelineState } from '../temporal/shared.js';
+
+export interface CheckpointProvider {
+  onAgentComplete(
+    agentName: string,
+    phase: string,
+    state: PipelineState,
+  ): Promise<void>;
+}
+
+/** Default no-op implementation — no external checkpointing. */
+export class NoOpCheckpointProvider implements CheckpointProvider {
+  async onAgentComplete(): Promise<void> {
+    // No-op
+  }
+}