@aexhq/sdk 0.13.7 → 0.13.8

package/dist/_contracts/run-record.d.ts

@@ -4,9 +4,9 @@ import type { Run, RunEvent, Output } from "./runtime-types.js";
 import type { PlatformSubmission } from "./submission.js";
 export declare const RUN_RECORD_SCHEMA_VERSION: "aex.run-record.v1";
 export declare const RUN_RECORD_MANIFEST_SCHEMA_VERSION: "aex.run-record.manifest.v1";
-export type RunRecordArchiveNamespaceV1 = "metadata" | "events" | "outputs" | "logs";
+export type RunRecordArchiveNamespaceV1 = "metadata" | "events" | "outputs";
 export type RunRecordFileStatusV1 = "present" | "absent" | "pending" | "unavailable" | "not_applicable" | "error";
-export type RunRecordArchiveFileRoleV1 = "run_metadata" | "submission_snapshot" | "cost" | "custody" | "typed_events" | "log_events" | "all_events" | "coordinator_events_manifest" | "output" | "log";
+export type RunRecordArchiveFileRoleV1 = "run_metadata" | "submission_snapshot" | "cost" | "custody" | "typed_events" | "coordinator_events_manifest" | "output";
 export interface RunRecordSubmissionSnapshotV1 {
     readonly submission: PlatformSubmission;
 }
@@ -21,14 +21,8 @@ export interface RunRecordMetadataV1 {
     readonly custody?: CustodyManifestV1;
 }
 export interface RunRecordEventsV1 {
-    /**
-     * Typed `channel: "event"` records. This is the current SDK
-     * `events/events.jsonl` export. Log-channel records are not mixed into this
-     * file.
-     */
+    /** Typed `channel: "event"` records in the SDK `events/events.jsonl` export. */
     readonly typed: readonly RunEvent[];
-    readonly logs?: readonly RunEvent[];
-    readonly all?: readonly RunEvent[];
 }
 export interface RunRecordV1 {
     readonly schemaVersion: typeof RUN_RECORD_SCHEMA_VERSION;
@@ -36,7 +30,6 @@ export interface RunRecordV1 {
     readonly metadata: RunRecordMetadataV1;
     readonly events: RunRecordEventsV1;
     readonly outputs: readonly Output[];
-    readonly logs: readonly Output[];
     readonly manifest: RunRecordManifestV1;
 }
 export interface RunRecordNamespaceV1 {
@@ -63,7 +56,7 @@ export interface RunRecordArtifactSummaryV1 {
     readonly contentType?: string;
 }
 export interface RunRecordDownloadErrorV1 {
-    readonly namespace: "outputs" | "logs";
+    readonly namespace: "outputs";
     readonly id: string;
     readonly filename: string | null;
     readonly message: string;
@@ -80,20 +73,16 @@ export interface RunRecordManifestV1 {
      * presence state for optional run-record members.
      */
     readonly outputs: readonly RunRecordArtifactSummaryV1[];
-    readonly logs: readonly RunRecordArtifactSummaryV1[];
     readonly errors: readonly RunRecordDownloadErrorV1[];
 }
 export interface BuildRunRecordDownloadManifestV1Input {
     readonly runId: string;
     readonly outputs: readonly RunRecordArtifactSummaryV1[];
-    readonly logs: readonly RunRecordArtifactSummaryV1[];
     readonly errors?: readonly RunRecordDownloadErrorV1[];
     readonly typedEventCount?: number;
     readonly submission?: RunRecordFileManifestInputV1;
     readonly cost?: RunRecordFileManifestInputV1;
     readonly custody?: RunRecordFileManifestInputV1;
-    readonly logEvents?: RunRecordFileManifestInputV1;
-    readonly allEvents?: RunRecordFileManifestInputV1;
     readonly coordinatorEventsManifest?: RunRecordFileManifestInputV1;
 }
 export interface RunRecordFileManifestInputV1 {
@@ -106,8 +95,7 @@ export interface RunRecordArchiveEntryForRedactionV1 {
     readonly contentType?: string;
     /**
      * Customer-authored output bytes are intentionally outside the public-record
-     * redaction guarantee. Metadata, event exports, manifests, and platform logs
-     * remain scanned.
+     * redaction guarantee. Metadata, event exports, and manifests remain scanned.
      */
     readonly customerContent?: boolean;
 }

package/dist/_contracts/run-record.js

@@ -12,7 +12,6 @@ export class RunRecordArchiveRedactionError extends Error {
 }
 export function buildRunRecordDownloadManifestV1(input) {
     const outputs = input.outputs.map((file) => normalizeArtifactSummary(file));
-    const logs = input.logs.map((file) => normalizeArtifactSummary(file));
     const errors = (input.errors ?? []).map((error) => Object.freeze({ ...error }));
     return Object.freeze({
         schemaVersion: RUN_RECORD_MANIFEST_SCHEMA_VERSION,
@@ -20,9 +19,8 @@ export function buildRunRecordDownloadManifestV1(input) {
         runId: input.runId,
         namespaces: Object.freeze([
             namespace("metadata", "Run metadata, submission snapshot, custody, and cost files."),
-            namespace("events", "Typed event-channel exports and optional full-stream/log-channel exports."),
-            namespace("outputs", "Captured deliverables produced by the run."),
-            namespace("logs", "Platform diagnostics and runtime log artifacts.")
+            namespace("events", "Typed event-channel exports."),
+            namespace("outputs", "Captured deliverables produced by the run.")
         ]),
         files: Object.freeze([
             file("metadata", "metadata/run.json", "run_metadata", "present"),
@@ -32,14 +30,10 @@ export function buildRunRecordDownloadManifestV1(input) {
             file("events", "events/events.jsonl", "typed_events", "present", {
                 recordCount: input.typedEventCount ?? 0
             }),
-            file("events", "events/logs.jsonl", "log_events", input.logEvents?.status ?? "unavailable", recordCountExtra(input.logEvents)),
-            file("events", "events/all.jsonl", "all_events", input.allEvents?.status ?? "unavailable", recordCountExtra(input.allEvents)),
             file("events", "events/manifest.json", "coordinator_events_manifest", input.coordinatorEventsManifest?.status ?? "unavailable"),
-            ...outputs.map((output) => artifactFile("outputs", "output", "outputs/", output)),
-            ...logs.map((log) => artifactFile("logs", "log", "logs/", log))
+            ...outputs.map((output) => artifactFile("outputs", "output", "outputs/", output))
         ]),
         outputs: Object.freeze(outputs),
-        logs: Object.freeze(logs),
         errors: Object.freeze(errors)
     });
 }
@@ -60,11 +54,6 @@ function file(namespaceName, path, role, status, extra) {
         ...(extra?.recordCount !== undefined ? { recordCount: extra.recordCount } : {})
     });
 }
-function recordCountExtra(input) {
-    return input?.status === "present" && input.recordCount !== undefined
-        ? { recordCount: input.recordCount }
-        : undefined;
-}
 function artifactFile(namespaceName, role, prefix, artifact) {
     return Object.freeze({
         namespace: namespaceName,
@@ -138,7 +127,7 @@ function isAllowedArchiveHighEntropyField(entryPath, finding) {
     if (finding.reason !== "high_entropy_token" || !entryPath.endsWith("manifest.json")) {
         return false;
     }
-    return /^\$(?:\.files\[\d+\]|\.outputs\[\d+\]|\.logs\[\d+\])\.id$/.test(finding.path);
+    return /^\$(?:\.files\[\d+\]|\.outputs\[\d+\])\.id$/.test(finding.path);
 }
 function parseArchiveTextValues(path, text) {
     if (/\.json$/i.test(path)) {

package/dist/_contracts/run-retention.d.ts

@@ -12,7 +12,7 @@ export declare const RUN_DELETION_CANDIDATE_STATUSES: readonly ["selected", "blo
 export type RunDeletionCandidateStatus = (typeof RUN_DELETION_CANDIDATE_STATUSES)[number];
 export declare const RUN_DELETION_BLOCKERS: readonly ["non_terminal", "already_deleted", "concurrent_delete", "retention_policy_disabled", "unexpired", "held", "retention_exempt", "unresolved_cleanup", "unresolved_custody"];
 export type RunDeletionBlocker = (typeof RUN_DELETION_BLOCKERS)[number];
-export declare const RUN_DELETION_COUNT_CLASSES: readonly ["r2_objects", "outputs", "logs", "events", "assets", "db_event_rows", "db_output_rows", "capture_failures", "storage_samples", "custody_manifests"];
+export declare const RUN_DELETION_COUNT_CLASSES: readonly ["object_store_objects", "outputs", "logs", "events", "assets", "db_event_rows", "db_output_rows", "capture_failures", "storage_samples", "custody_manifests"];
 export type RunDeletionCountClass = (typeof RUN_DELETION_COUNT_CLASSES)[number];
 export declare const RUN_DELETION_COUNT_STATUSES: readonly ["counted", "not_counted", "partial", "failed"];
 export type RunDeletionCountStatus = (typeof RUN_DELETION_COUNT_STATUSES)[number];
@@ -180,7 +180,7 @@ export interface RunDeletionManifestWriteResult {
 export interface RunDeletionManifestWriter {
     writeRunDeletionManifest(input: RunDeletionManifestInput): Promise<RunDeletionManifestWriteResult>;
 }
-export type RunRetentionRedactionReason = "forbidden_field_name" | "signed_url" | "r2_object_key" | "vault_id" | "private_resource_handle" | "hash_like_value";
+export type RunRetentionRedactionReason = "forbidden_field_name" | "signed_url" | "object_store_key" | "vault_id" | "private_resource_handle" | "hash_like_value";
 export interface RunRetentionRedactionFinding {
     readonly path: string;
     readonly reason: RunRetentionRedactionReason;

package/dist/_contracts/run-retention.js

@@ -19,7 +19,7 @@ export const RUN_DELETION_BLOCKERS = [
     "unresolved_custody"
 ];
 export const RUN_DELETION_COUNT_CLASSES = [
-    "r2_objects",
+    "object_store_objects",
     "outputs",
     "logs",
     "events",
@@ -426,7 +426,7 @@ function scanStringValue(value, path, findings) {
 }
 const forbiddenStringPatterns = Object.freeze([
     { reason: "signed_url", regex: /[?&](?:X-Amz-Signature|X-Amz-Credential|X-Amz-Algorithm|AWSAccessKeyId)=/i },
-    { reason: "r2_object_key", regex: /(^|[\s"'`])(?:runs|assets)\/[^?<#\s"'`]+/i },
+    { reason: "object_store_key", regex: /(^|[\s"'`])(?:runs|assets)\/[^?<#\s"'`]+/i },
     { reason: "vault_id", regex: /\b(?:vault|vlt|secret)[_:-][A-Za-z0-9][A-Za-z0-9_-]{7,}\b/i },
     {
         reason: "private_resource_handle",
@@ -435,7 +435,7 @@ const forbiddenStringPatterns = Object.freeze([
     { reason: "hash_like_value", regex: /\b(?:sha256|hash)[:_-][A-Fa-f0-9]{16,}\b/ }
 ]);
 function isForbiddenRetentionFieldName(key) {
-    return /^(path|paths|objectKey|objectKeys|r2Key|r2Keys|fileName|filename|filenames|size|sizes|bytes|byteCount|hash|hashes|providerId|providerIds|vaultId|vaultIds|resourceId|resourceIds|handle|handles|signedUrl|signedUrls|url|urls)$/i.test(key);
+    return /^(path|paths|objectKey|objectKeys|objectStoreKey|objectStoreKeys|fileName|filename|filenames|size|sizes|bytes|byteCount|hash|hashes|providerId|providerIds|vaultId|vaultIds|resourceId|resourceIds|handle|handles|signedUrl|signedUrls|url|urls)$/i.test(key);
 }
 function assertSafeIdentifier(value, field) {
     assertNonEmptyString(value, field);

package/dist/_contracts/run-unit.d.ts

@@ -70,17 +70,16 @@ export interface RunUnitEventPage {
     readonly nextCursor?: string;
 }
 /**
- * One gzipped JSONL page of raw provider events captured to Storage.
- * Bytes are downloaded via signed URL or surfaced inside the per-run
- * archive zip. `storagePath` is bucket-relative; the BFF turns it
- * into a signed URL for clients.
+ * One gzipped JSONL page of raw provider events captured for the run record.
+ * Bytes are downloaded through auth-gated routes or surfaced inside the
+ * per-run archive zip. `artifactPath` is run-record relative.
  */
 export interface RunUnitRawEventPage {
     readonly attempt: number;
     readonly page: number;
     readonly byteSize: number;
     readonly eventCount: number;
-    readonly storagePath: string;
+    readonly artifactPath: string;
     readonly contentEncoding: "gzip";
     readonly createdAt: string;
 }

package/dist/_contracts/runner-event.d.ts

@@ -2,9 +2,9 @@
  * Unified runner event schema. The managed runtime feeds one shape into
  * the hosted aex event pipeline:
  *
- *   - **Goose Managed** — the per-run managed runtime POSTs batches of
- *     NDJSON events to `/runs/{id}/runner/events`; the Goose adapter
- *     translates each event into one or more `RunnerEvent`s.
+ *   - The per-run managed runtime POSTs batches of NDJSON events to
+ *     `/runs/{id}/runner/events`; the runtime adapter translates each
+ *     event into one or more `RunnerEvent`s.
  *
  * The downstream subscribers (dashboard, SDK `streamEvents`, observable
  * spans) never see runtime-specific wire shapes — they only see
@@ -25,14 +25,13 @@ export declare const RUNNER_EVENT_VERSION: 1;
  * doesn't fit is mapped to `notification` so the data is captured
  * even when no UI handler exists yet.
  *
- *   - `runtime_started`  — either runtime announced "ready" (Fly
- *                          machine running goose; Anthropic session
- *                          accepted the first turn).
+ *   - `runtime_started`  — the managed runtime announced "ready" or
+ *                          accepted the first turn.
  *   - `assistant_text`   — model text delta.
  *   - `tool_request`     — model emitted a tool_use / function call.
  *   - `tool_response`    — tool result delivered back to the model.
- *   - `skill_loaded`     — a skill was loaded (Anthropic Skills API
- *                          ref OR a workspace folder mount).
+ *   - `skill_loaded`     — a skill was loaded from a provider ref or
+ *                          a workspace folder mount.
  *   - `file_uploaded`    — a file became available to the agent
  *                          (Files API id OR workspace path).
  *   - `notification`     — runtime/extension notification; catch-all

package/dist/_contracts/runner-event.js

@@ -2,9 +2,9 @@
  * Unified runner event schema. The managed runtime feeds one shape into
  * the hosted aex event pipeline:
  *
- *   - **Goose Managed** — the per-run managed runtime POSTs batches of
- *     NDJSON events to `/runs/{id}/runner/events`; the Goose adapter
- *     translates each event into one or more `RunnerEvent`s.
+ *   - The per-run managed runtime POSTs batches of NDJSON events to
+ *     `/runs/{id}/runner/events`; the runtime adapter translates each
+ *     event into one or more `RunnerEvent`s.
  *
  * The downstream subscribers (dashboard, SDK `streamEvents`, observable
  * spans) never see runtime-specific wire shapes — they only see
@@ -24,14 +24,13 @@ export const RUNNER_EVENT_VERSION = 1;
  * doesn't fit is mapped to `notification` so the data is captured
  * even when no UI handler exists yet.
  *
- *   - `runtime_started`  — either runtime announced "ready" (Fly
- *                          machine running goose; Anthropic session
- *                          accepted the first turn).
+ *   - `runtime_started`  — the managed runtime announced "ready" or
+ *                          accepted the first turn.
  *   - `assistant_text`   — model text delta.
  *   - `tool_request`     — model emitted a tool_use / function call.
  *   - `tool_response`    — tool result delivered back to the model.
- *   - `skill_loaded`     — a skill was loaded (Anthropic Skills API
- *                          ref OR a workspace folder mount).
+ *   - `skill_loaded`     — a skill was loaded from a provider ref or
+ *                          a workspace folder mount.
  *   - `file_uploaded`    — a file became available to the agent
  *                          (Files API id OR workspace path).
  *   - `notification`     — runtime/extension notification; catch-all

package/dist/_contracts/side-effect-audit.d.ts

@@ -19,7 +19,7 @@ export declare const SIDE_EFFECT_AUDIT_COUNT_NAMES: readonly ["requestBytes", "r
 export type SideEffectAuditCountName = (typeof SIDE_EFFECT_AUDIT_COUNT_NAMES)[number];
 export declare const SIDE_EFFECT_AUDIT_TIMESTAMP_NAMES: readonly ["startedAt", "finishedAt", "observedAt", "decidedAt", "deletedAt", "tombstonedAt", "terminalAt", "expiresAt"];
 export type SideEffectAuditTimestampName = (typeof SIDE_EFFECT_AUDIT_TIMESTAMP_NAMES)[number];
-export declare const SIDE_EFFECT_AUDIT_METADATA_EXCLUDED_VALUE_CLASSES: readonly ["headers", "bodies", "raw_urls", "raw_paths", "query_strings", "provider_response_bodies", "signed_urls", "r2_object_keys", "vault_ids", "resource_handles", "bearer_hashes", "secret_values", "customer_or_agent_identity", "private_pricing_or_provider_deployment"];
+export declare const SIDE_EFFECT_AUDIT_METADATA_EXCLUDED_VALUE_CLASSES: readonly ["headers", "bodies", "raw_urls", "raw_paths", "query_strings", "provider_response_bodies", "signed_urls", "object_store_keys", "vault_ids", "resource_handles", "bearer_hashes", "secret_values", "customer_or_agent_identity", "private_pricing_or_provider_deployment"];
 export type SideEffectAuditMetadataExcludedValueClass = (typeof SIDE_EFFECT_AUDIT_METADATA_EXCLUDED_VALUE_CLASSES)[number];
 export interface SideEffectAuditPrincipalV1 {
     readonly type: SideEffectAuditActorPrincipalType;
@@ -107,7 +107,7 @@ export interface SideEffectAuditRunScopedInput {
     readonly correlation?: SideEffectAuditCorrelationInput;
     readonly metadata?: SideEffectAuditMetadataInput;
 }
-export type SideEffectAuditRedactionReason = "forbidden_field_name" | "bearer_token" | "provider_key" | "signed_url" | "r2_object_key" | "vault_id" | "private_resource_handle" | "raw_url" | "raw_path" | "high_entropy_token";
+export type SideEffectAuditRedactionReason = "forbidden_field_name" | "bearer_token" | "provider_key" | "signed_url" | "object_store_key" | "vault_id" | "private_resource_handle" | "raw_url" | "raw_path" | "high_entropy_token";
 export interface SideEffectAuditRedactionFinding {
     readonly path: string;
     readonly reason: SideEffectAuditRedactionReason;

package/dist/_contracts/side-effect-audit.js

@@ -116,7 +116,7 @@ export const SIDE_EFFECT_AUDIT_METADATA_EXCLUDED_VALUE_CLASSES = [
     "query_strings",
     "provider_response_bodies",
     "signed_urls",
-    "r2_object_keys",
+    "object_store_keys",
     "vault_ids",
     "resource_handles",
     "bearer_hashes",
@@ -422,7 +422,7 @@ const forbiddenStringPatterns = Object.freeze([
         regex: /\b(?:sk-(?:ant|proj|live|test|deepseek|openai)|xox[baprs]-|AIza)[A-Za-z0-9_-]{8,}/i
     },
     { reason: "signed_url", regex: /[?&](?:X-Amz-Signature|X-Amz-Credential|X-Amz-Algorithm|AWSAccessKeyId)=/i },
-    { reason: "r2_object_key", regex: /(^|[\s"'`])(?:runs|assets)\/[^?<#\s"'`]+/i },
+    { reason: "object_store_key", regex: /(^|[\s"'`])(?:runs|assets)\/[^?<#\s"'`]+/i },
     { reason: "vault_id", regex: /\b(?:vault|vlt|secret)[_:-][A-Za-z0-9][A-Za-z0-9_-]{7,}\b/i },
     {
         reason: "private_resource_handle",
@@ -433,7 +433,7 @@ const forbiddenStringPatterns = Object.freeze([
     { reason: "high_entropy_token", regex: /\b(?=[A-Za-z0-9_-]{40,}\b)(?=.*[A-Za-z])(?=.*\d)[A-Za-z0-9_-]{40,}\b/ }
 ]);
 function isForbiddenAuditFieldName(key) {
-    return /^(authorization|headers?|requestHeaders?|responseHeaders?|body|requestBody|responseBody|rawBody|prompt|url|rawUrl|href|query|queryString|path|rawPath|signedUrl|r2Key|objectKey|vaultId|providerResponseBody|providerAccountId|providerDeployment|rateCard|rateCardVersion|margin|discount|calculator|reconciliation|resourceHandle|privateResourceHandle|bearerHash|tokenHash|apiKey|secretValue|sessionId|providerSessionId|agentId|customerId|endUserId|identity|email)$/i.test(key);
+    return /^(authorization|headers?|requestHeaders?|responseHeaders?|body|requestBody|responseBody|rawBody|prompt|url|rawUrl|href|query|queryString|path|rawPath|signedUrl|objectStoreKey|objectKey|vaultId|providerResponseBody|providerAccountId|providerDeployment|rateCard|rateCardVersion|margin|discount|calculator|reconciliation|resourceHandle|privateResourceHandle|bearerHash|tokenHash|apiKey|secretValue|sessionId|providerSessionId|agentId|customerId|endUserId|identity|email)$/i.test(key);
 }
 function assertSafeIdentifier(value, field) {
     assertNonEmptyString(value, field);

package/dist/_contracts/stable.d.ts

@@ -1,6 +1,6 @@
 /**
  * Canonical hosted aex API plane URL. Used as the default `baseUrl`
- * for the SDK `AexClient` and the host-side CLI `--aex-url`
+ * for the SDK `AgentExecutor` and the host-side CLI `--aex-url`
  * flag.
  *
  * Pinned to `api.aex.dev` on purpose: the dashboard at

package/dist/_contracts/stable.js

@@ -1,7 +1,7 @@
 import { createHash } from "node:crypto";
 /**
  * Canonical hosted aex API plane URL. Used as the default `baseUrl`
- * for the SDK `AexClient` and the host-side CLI `--aex-url`
+ * for the SDK `AgentExecutor` and the host-side CLI `--aex-url`
  * flag.
  *
  * Pinned to `api.aex.dev` on purpose: the dashboard at

package/dist/_contracts/submission.d.ts

@@ -228,10 +228,9 @@ export interface PlatformSubmission {
      */
     readonly outputs?: PlatformOutputCaptureConfig;
     /**
-     * Optional override for the Goose builtin extensions enabled inside
-     * the runner container. Each entry is the bare name accepted by
-     * `goose run --with-builtin <NAME>` (see Goose v1.34.1's
-     * `crates/goose-cli/src/cli.rs` `with-builtin` flag). The platform
+     * Optional override for the managed-runtime builtin extensions enabled
+     * inside the runner container. Each entry is the bare extension name
+     * accepted by the selected runtime. The platform
      * default is `["developer"]` which gives the agent shell + write +
      * edit + tree tools (bash, grep via shell, file read via shell or
      * editor, file edit). To opt in to more tools (e.g. web search via
@@ -239,8 +238,8 @@ export interface PlatformSubmission {
      * out of all builtins (pure-MCP setup), pass an empty array.
      *
      * Validation:
-     *   - Each entry matches /^[a-z][a-z0-9_-]{0,63}$/ (Goose builtin
-     *     naming convention).
+     *   - Each entry matches /^[a-z][a-z0-9_-]{0,63}$/ (managed-runtime
+     *     builtin naming convention).
      *   - Max 16 entries.
      *   - Deduplicated.
      *

package/dist/_contracts/submission.js

@@ -1047,7 +1047,7 @@ function parseBuiltins(input) {
             throw new Error(`submission.builtins[${i}] must be a string`);
         }
         if (!BUILTIN_NAME_PATTERN.test(v)) {
-            throw new Error(`submission.builtins[${i}] (${JSON.stringify(v)}) is not a valid Goose builtin name; expected /^[a-z][a-z0-9_-]{0,63}$/`);
+            throw new Error(`submission.builtins[${i}] (${JSON.stringify(v)}) is not a valid managed-runtime builtin name; expected /^[a-z][a-z0-9_-]{0,63}$/`);
         }
         if (seen.has(v))
             continue; // dedupe silently