@aexhq/sdk 0.13.7 → 0.13.9

package/docs/run-record.md

@@ -4,9 +4,9 @@ title: Run record
 
 # Run record
 
-The run record is the durable product primitive for one run id. It is the public-safe bundle of status metadata, the non-secret submission snapshot when available, typed events, captured outputs, platform diagnostics, and manifest entries for custody and cost telemetry.
+The run record is the durable product primitive for one run id. It is the public-safe bundle of status metadata, the non-secret submission snapshot when available, typed events, captured outputs, and manifest entries for custody and cost telemetry.
 
-`client.download(runId)` and `aex download <run-id>` return a zip with this layout:
+`aex.download(runId)` and `aex download <run-id>` return a zip with this layout:
 
 ```text
 manifest.json
@@ -14,10 +14,7 @@ metadata/run.json
 metadata/submission.json      # when a public-safe submission snapshot is returned by the read API
 metadata/cost.json            # when public cost telemetry is returned by the read API
 events/events.jsonl
-events/logs.jsonl             # when the event API serves channel=log
-events/all.jsonl              # when the event API serves channel=all
 outputs/<captured deliverable files>
-logs/<platform diagnostic files>
 ```
 
 `manifest.json` is versioned as `RunRecordManifestV1`:
@@ -27,13 +24,13 @@ logs/<platform diagnostic files>
 | `schemaVersion` | `aex.run-record.manifest.v1`. |
 | `runRecordSchemaVersion` | `aex.run-record.v1`. |
 | `runId` | The run the archive was assembled for. |
-| `namespaces[]` | The documented top-level namespaces: `metadata`, `events`, `outputs`, `logs`. |
+| `namespaces[]` | The documented top-level namespaces: `metadata`, `events`, `outputs`. |
 | `files[]` | Inventory of expected and present files with `namespace`, `path`, `role`, and `status`. |
-| `outputs[]` / `logs[]` | Compatibility aliases for present captured artifacts. |
+| `outputs[]` | Compatibility alias for present captured output artifacts. |
 | `errors[]` | Per-artifact byte fetch failures during archive assembly. |
 
-Current v1 downloads always include `metadata/run.json` and `events/events.jsonl`. `events/events.jsonl` contains typed event-channel records only; log-channel or full-stream exports are not mixed into that file. The client also probes the existing event API opt-ins and includes `events/logs.jsonl` / `events/all.jsonl` when `?channel=log` / `?channel=all` prove those streams are available. Older deployments that do not serve those channel reads keep the manifest entries as `unavailable`.
+Current v1 downloads always include `metadata/run.json` and `events/events.jsonl`. `events/events.jsonl` contains typed event-channel records only; internal diagnostics and full internal streams are not mixed into that file.
 
 `metadata/submission.json` is present only when the run read shape includes a public-safe submission snapshot. `metadata/cost.json` is present only when the run read shape includes public `costTelemetry`; otherwise cost stays `pending`. `metadata/custody.json` remains `pending` until the custody manifest writer and public read surface land. `events/manifest.json` remains `unavailable` in this client-side slice because there is no public coordinator-manifest download route.
 
-The record boundary is public-safe. It must not contain provider API keys, runner bearers, workspace tokens, signed URLs, raw provider response bodies, R2 object keys, Vault ids, raw query strings, or secret-shaped values. Credentials are supplied per run and vaulted separately for the run lifetime.
+The record boundary is public-safe. It must not contain provider API keys, runner bearers, workspace tokens, signed URLs, raw provider response bodies, object-store keys, Vault ids, raw query strings, secret-shaped values, or internal diagnostic files. Credentials are supplied per run and vaulted separately for the run lifetime.

package/docs/skills.md

@@ -18,20 +18,18 @@ Skill inputs accepted by the platform:
   persist on aex as workspace skills with auto-suffixed names,
   one row per submission (see "Inline supply" below).
 
-**Routing at session create:** bundles that contain `SKILL.md` at the
-bundle root are registered with Anthropic's Skills API
-(`POST /v1/skills`) and surface to the agent as auto-discoverable
-skills. Bundles without `SKILL.md` mount under
-`/mnt/session/uploads/aex/assets/<skl_id>/<rel-path>` in the agent
-container — the agent reads them by explicit path reference in the
-prompt.
-
-The platform also mounts the `aex` CLI at
-`/mnt/session/uploads/aex/aex` and a per-run manifest at
-`/mnt/session/uploads/aex/index.json` on **every** run. Skills
-invoke the managed HTTP proxy via
-`node /mnt/session/uploads/aex/aex proxy …` — see
-`credentials.md` for the policy/auth model.
+**How skills reach the agent:** every skill bundle is materialized into
+the run's workspace under `skills/<name>/` before the first agent turn.
+A bundle's `SKILL.md` is composed into the agent's instructions, so the
+agent is told the skill exists and what it does without the model having
+to discover it. Bundles without `SKILL.md` are still mounted as files at
+`skills/<name>/`, but nothing prompts the agent to read them — reference
+them explicitly from the prompt or your `AGENTS.md`.
+
+The platform also mounts the `aex` CLI and a per-run manifest into the
+workspace on **every** run. Skills invoke the managed HTTP proxy via the
+mounted CLI (`aex proxy …`) — see `credentials.md` for the policy/auth
+model.
 
 ## Inline supply at `submitRun`
 
@@ -40,20 +38,20 @@ build an **unstaged** `Skill`. The instance carries the canonicalised
 zip bytes and the `sha256:<hex>` content hash:
 
 ```ts
-import { AexClient, Skill } from "@aexhq/sdk";
+import { AgentExecutor, Skill } from "@aexhq/sdk";
 
-const client = new AexClient({ apiToken });
+const aex = new AgentExecutor({ apiToken });
 
-await client.submitRun({
+await aex.submitRun({
   model, prompt,
   skills: [await Skill.fromFiles({ name: "rules", files })],
   secrets: { anthropic: { apiKey } }
 });
 ```
 
-`client.submitRun` walks the `skills` array, sends a multipart body
+`aex.submitRun` walks the `skills` array, sends a multipart body
 alongside the JSON submission, and materializes the bytes to
-content-addressable, workspace-scoped R2 storage before the run lands.
+content-addressable, workspace-scoped asset storage before the run lands.
 The BFF re-canonicalises the bundle, verifies the advisory hash, and
 persists it as a workspace skill — but with an **auto-suffixed name**
 (`rules-x8q7lk2`) so repeated supplies of the same logical skill across
@@ -79,11 +77,11 @@ rules-az3lkmt
 
 Same prefix, different suffix. Each is a real workspace skill — you
 can list, get, download, and delete it through the regular
-`client.skills.*` verbs.
+`aex.skills.*` verbs.
 
 ### Deletion semantics
 
-Soft-deleting a skill (`client.skills.delete(skl_id)` or the
+Soft-deleting a skill (`aex.skills.delete(skl_id)` or the
 dashboard's Delete button) marks the row tombstoned. Existing runs
 that pinned a snapshot of the skill keep working — they read from
 `run_skill_snapshots` which preserves the name, hash, size, and
@@ -103,11 +101,11 @@ bundle skill bytes with it. Host the skill yourself as a **zip archive**
 URL — e.g. an S3 presigned URL:
 
 ```ts
-import { AexClient, Skill } from "@aexhq/sdk";
+import { AgentExecutor, Skill } from "@aexhq/sdk";
 
-const client = new AexClient({ apiToken });
+const aex = new AgentExecutor({ apiToken });
 
-await client.submitRun({
+await aex.submitRun({
   model, prompt,
   skills: [
     await Skill.fromUrl(signedUrl, { name: "rules", sha256: "sha256:<hex>" })
@@ -125,7 +123,7 @@ produce the **same canonical asset** and dedup against each other.
 - The archive must contain `SKILL.md` at its root, or inside a single
   top-level folder, which is stripped automatically. Anything else is
   rejected with an error listing the archive's actual top-level entries.
-- The signed URL only needs to be valid **for this call**. `client.submitRun`
+- The signed URL only needs to be valid **for this call**. `aex.submitRun`
   snapshots the bytes into the run immediately, so the URL can expire
   afterwards with no effect on the run.
 - `sha256` is an optional source-integrity check on the downloaded archive

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aexhq/sdk",
-  "version": "0.13.7",
+  "version": "0.13.9",
   "description": "TypeScript SDK for running autonomous agent sessions across providers (Anthropic, OpenAI, DeepSeek, Gemini, Mistral) behind one interface.",
   "license": "Apache-2.0",
   "repository": {
@@ -26,7 +26,7 @@
     "examples"
   ],
   "devDependencies": {
-    "@aexhq/contracts": "0.13.7"
+    "@aexhq/contracts": "0.13.9"
   },
   "engines": {
     "node": ">=20"