@aexhq/sdk 0.24.0 → 0.25.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/README.md +36 -125
  2. package/dist/_contracts/models.js +1 -2
  3. package/dist/_contracts/operations.d.ts +2 -2
  4. package/dist/_contracts/operations.js +4 -4
  5. package/dist/_contracts/provider-support.d.ts +23 -23
  6. package/dist/_contracts/provider-support.js +7 -14
  7. package/dist/_contracts/run-config.d.ts +24 -0
  8. package/dist/_contracts/run-config.js +6 -0
  9. package/dist/_contracts/run-unit.js +3 -1
  10. package/dist/_contracts/runtime-types.d.ts +2 -2
  11. package/dist/_contracts/submission.d.ts +2 -1
  12. package/dist/_contracts/submission.js +66 -1
  13. package/dist/bundle.d.ts +13 -0
  14. package/dist/bundle.js +51 -0
  15. package/dist/bundle.js.map +1 -1
  16. package/dist/cli.mjs +12 -18
  17. package/dist/cli.mjs.sha256 +1 -1
  18. package/dist/client.d.ts +6 -4
  19. package/dist/client.js +37 -6
  20. package/dist/client.js.map +1 -1
  21. package/dist/index.d.ts +3 -2
  22. package/dist/index.js +1 -0
  23. package/dist/index.js.map +1 -1
  24. package/dist/tool.d.ts +41 -0
  25. package/dist/tool.js +138 -0
  26. package/dist/tool.js.map +1 -0
  27. package/dist/version.d.ts +1 -1
  28. package/dist/version.js +1 -1
  29. package/docs/concepts/agent-tools.md +48 -0
  30. package/docs/concepts/composition.md +43 -0
  31. package/docs/concepts/providers-and-runtimes.md +53 -0
  32. package/docs/concepts/runs.md +40 -0
  33. package/docs/credentials.md +3 -1
  34. package/docs/limits.md +44 -0
  35. package/docs/provider-runtime-capabilities.md +52 -54
  36. package/docs/public-surface.json +81 -0
  37. package/docs/quickstart.md +28 -105
  38. package/docs/run-config.md +1 -1
  39. package/docs/secrets.md +123 -0
  40. package/docs/vision-skills.md +3 -6
  41. package/package.json +2 -2
  42. package/docs/product-boundaries.md +0 -57
@@ -0,0 +1,81 @@
1
+ {
2
+ "brand": "aex",
3
+ "productName": "Agent Executor",
4
+ "oneLine": "aex is an agent execution platform for launching autonomous agents from a simple TypeScript SDK and CLI.",
5
+ "description": "Submit typed runs, stream durable events, capture outputs, and compose agents with skills, files, MCP, proxy endpoints, and subagents across the managed runtime.",
6
+ "installCommand": "npm install @aexhq/sdk",
7
+ "examples": {
8
+ "typescriptLines": [
9
+ "import { AgentExecutor, Models, Providers } from \"@aexhq/sdk\";",
10
+ "",
11
+ "const aex = new AgentExecutor({ apiToken: process.env.AEX_API_TOKEN! });",
12
+ "",
13
+ "const runId = await aex.submit({",
14
+ " provider: Providers.ANTHROPIC,",
15
+ " model: Models.CLAUDE_HAIKU_4_5,",
16
+ " prompt: \"Write the report and save outputs.\",",
17
+ " secrets: { apiKey: process.env.ANTHROPIC_API_KEY! }",
18
+ "});",
19
+ "",
20
+ "for await (const event of aex.stream(runId)) console.log(event.type);",
21
+ "await aex.wait(runId);",
22
+ "await aex.download(runId, { to: \"./run.zip\" });"
23
+ ],
24
+ "cliLines": [
25
+ "aex run \\",
26
+ " --api-token \"$AEX_API_TOKEN\" \\",
27
+ " --anthropic-api-key \"$ANTHROPIC_API_KEY\" \\",
28
+ " --model claude-haiku-4-5 \\",
29
+ " --prompt \"Write the report and save outputs.\" \\",
30
+ " --follow"
31
+ ]
32
+ },
33
+ "providers": [
34
+ { "id": "anthropic", "name": "Anthropic" },
35
+ { "id": "deepseek", "name": "DeepSeek" },
36
+ { "id": "openai", "name": "OpenAI" },
37
+ { "id": "gemini", "name": "Gemini" },
38
+ { "id": "mistral", "name": "Mistral" },
39
+ { "id": "openrouter", "name": "OpenRouter" },
40
+ { "id": "doubao", "name": "Doubao" },
41
+ { "id": "doubao-cn", "name": "Doubao China" }
42
+ ],
43
+ "featureAreas": [
44
+ {
45
+ "slug": "agent-runtime",
46
+ "href": "/docs/features/#agent-runtime",
47
+ "title": "Agent runtime",
48
+ "description": "Managed autonomous runs with shell, filesystem, editing, notebook, web fetch/search, background command, and post-hook repair tools."
49
+ },
50
+ {
51
+ "slug": "durable-infrastructure",
52
+ "href": "/docs/features/#durable-infrastructure",
53
+ "title": "Durable infrastructure",
54
+ "description": "Run records, status, wait/cancel/delete, idempotency, typed events, output capture, downloads, timeouts, and runtime sizes."
55
+ },
56
+ {
57
+ "slug": "agent-composition",
58
+ "href": "/docs/features/#agent-composition",
59
+ "title": "Agent composition",
60
+ "description": "Skills, files, AGENTS.md, remote MCP servers, proxy endpoints, environment variables, packages, and networking controls."
61
+ },
62
+ {
63
+ "slug": "subagents",
64
+ "href": "/docs/features/#subagents",
65
+ "title": "Subagents",
66
+ "description": "Typed parent/child lineage for async child runs, output handoff, and bounded agent delegation."
67
+ },
68
+ {
69
+ "slug": "models-and-providers",
70
+ "href": "/docs/features/#models-and-providers",
71
+ "title": "Models and providers",
72
+ "description": "Anthropic, DeepSeek, OpenAI, Gemini, Mistral, OpenRouter, Doubao, and Doubao China behind one submission shape."
73
+ },
74
+ {
75
+ "slug": "typed-control-surface",
76
+ "href": "/docs/features/#typed-control-surface",
77
+ "title": "Typed control surface",
78
+ "description": "Strongly typed SDK inputs, CLI parity, BYOK secrets, scoped proxy auth, redaction, and output modes."
79
+ }
80
+ ]
81
+ }
@@ -1,137 +1,60 @@
1
1
  ---
2
- title: aex quickstart
2
+ title: Quickstart
3
3
  ---
4
4
 
5
5
  # Quickstart
6
6
 
7
- 1. Get an aex SDK API token (`ant_…`).
8
- 2. Create `AgentExecutor` — the workspace is derived server-side from the token.
9
- 3. Submit the run with the agent's brief plus an inline `secrets` bundle. Wait for terminal status. Fetch outputs.
7
+ ## 1. Install
8
+
9
+ ```bash
10
+ npm install @aexhq/sdk
11
+ ```
12
+
13
+ ## 2. Submit a run
10
14
 
11
15
  ```ts
12
- import { AgentExecutor, RunModels } from "@aexhq/sdk";
16
+ import { AgentExecutor, Models, Providers } from "@aexhq/sdk";
13
17
 
14
18
  const aex = new AgentExecutor({
15
- apiToken: process.env.AEX_API_TOKEN!,
16
- // baseUrl defaults to https://api.aex.dev - set it for local or staging planes.
19
+ apiToken: process.env.AEX_API_TOKEN!
17
20
  });
18
21
 
19
22
  const runId = await aex.submit({
20
- model: RunModels.CLAUDE_HAIKU_4_5,
21
- prompt: "Write a short answer about agent-first SDK design.",
23
+ provider: Providers.ANTHROPIC,
24
+ model: Models.CLAUDE_HAIKU_4_5,
25
+ prompt: "Write a short report and save it as a file.",
22
26
  secrets: { apiKey: process.env.ANTHROPIC_API_KEY! }
23
27
  });
24
-
25
- const run = await aex.wait(runId);
26
- console.log(run.status);
27
- console.log(await aex.outputs(runId));
28
28
  ```
29
29
 
30
- For reusable, credential-free configs, use an ordinary function:
30
+ ## 3. Stream, wait, and download
31
31
 
32
32
  ```ts
33
- function summarise(topic: string) {
34
- return {
35
- model: RunModels.CLAUDE_HAIKU_4_5,
36
- prompt: `Write a short answer about ${topic}.`
37
- };
33
+ for await (const event of aex.stream(runId)) {
34
+ console.log(event.type);
38
35
  }
39
36
 
40
- const runId = await aex.submit({
41
- ...summarise("agent-first SDK design"),
42
- secrets: { apiKey: process.env.ANTHROPIC_API_KEY! }
43
- });
37
+ const run = await aex.wait(runId);
38
+ console.log(run.status);
39
+
40
+ await aex.download(runId, { to: "./run.zip" });
44
41
  ```
45
42
 
46
- Or from the shell:
43
+ The same run from the CLI:
47
44
 
48
45
  ```bash
49
46
  aex run \
50
47
  --api-token "$AEX_API_TOKEN" \
51
48
  --anthropic-api-key "$ANTHROPIC_API_KEY" \
52
49
  --model claude-haiku-4-5 \
53
- --prompt "Write a short answer about agent-first SDK design." \
50
+ --prompt "Write a short report and save it as a file." \
54
51
  --follow
55
52
  ```
56
53
 
57
- For a config-file flow, pass `--config <path>` with a run-config JSON file for a single run request (`{ model, system?, prompt, skills?, mcpServers?, environment?, runtimeSize?, timeout?, postHook?, proxyEndpoints?, metadata? }`). Both surfaces hit the same aex backend and operate on the same durable run records. The JSON `model` value is validated against `RUN_MODELS`.
58
-
59
- ## Runtime controls
60
-
61
- `submit` also accepts per-run controls that are not secrets:
62
-
63
- - `runtimeSize` - a closed managed-runtime preset. Prefer `RuntimeSizes`, e.g. `RuntimeSizes.SHARED_2X_2GB`.
64
- - `timeout` - run deadline as a duration string such as `"30m"` or `"2h"`; bounded server-side.
65
- - `postHook` - optional post-agent verifier, e.g. `{ command: "pnpm test", timeout: "5m", maxTurns: 3, maxChars: 12000 }`. It runs after the agent process exits successfully; failures are sent back to the agent for repair until `maxTurns` is exhausted. Empty `command` is treated as omitted.
66
- - `builtins` - managed-runtime builtin extensions. Omit it to use the default `["developer"]` toolkit. Pass `[]` for a pure-MCP run with no builtins.
67
- - `outputMode` - `"buffered"` by default; pass `"stream"` for per-token assistant text deltas.
68
-
69
- ## Where things go: customer → primitive mapping
70
-
71
- Every kind of thing you want to ship at run time has exactly one right primitive in the SDK. Reach for the right one rather than rolling your own wrapper.
72
-
73
- | What you have | Primitive | What it does |
74
- |---|---|---|
75
- | Non-secret paths or config (`BROLL_STORE`, mode flags) | `environment.envVars` | Mounted as `RUNTIME.env` / `RUNTIME.json`; `__KEY__` substitution in agent-facing markdown; echoed back as `run.runtimeManifest.envVars` |
76
- | Upstream HTTPS API keys (TMDB, Brave, Tavily, …) | `ProxyEndpoint` | Credentials live server-side; aex proxy injects them on outbound calls. The key never enters the container. |
77
- | MCP server credentials | `secrets.mcpServers` | Held in run-scoped custody, attached per run |
78
- | Provider API key | `secrets.apiKey` | Required on every `submit`; held in run-scoped custody. Carries the BYOK key for the selected `provider` |
79
- | Non-secret reference data files or folders (transcripts, persona docs, PDFs) | `File.fromPath('./subtitles.srt')` / `File.fromPath('./customer-folder/')` | Unzipped into the `mountPath` directory (default `/workspace`, the agent's cwd), preserving the real filename + extension — e.g. `/workspace/subtitles.srt`. See [Files: where they land](#files-where-they-land). |
80
- | Executable skill code (a `.pyz` wrapper, scripts, prompts) | `Skill.fromPath('./skills/my-skill/')` | Mounted under `skills/<name>/`; the bundle's `SKILL.md` is composed into the agent's instructions |
81
- | Agent instructions file | `AgentsMd.fromPath('./AGENTS.md')` | Prepended as the first user turn |
82
-
83
- `Skill`, `AgentsMd`, and `File` values are materialized for the run before the first agent turn. `environment.envVars` values surface in runtime metadata and can be referenced by `__KEY__` placeholders in agent-facing markdown.
84
-
85
- ### Files: where they land
86
-
87
- A `File` is uploaded as a content-addressed archive and **unzipped on the runtime into a directory**, preserving the real filename + extension — the agent sees the actual file, never a `.zip` to unpack.
88
-
89
- - **`mountPath` is the directory the archive unzips into.** It must be an absolute container path (`/...`, no `..` traversal). It defaults to **`/workspace`**, which is also the agent's default working directory — so a file handed with no `mountPath` lands directly in the agent's cwd.
90
- - **A single file keeps its real basename.** `File.fromPath('./source-video-subtitles.srt')` lands at `/workspace/source-video-subtitles.srt` (not a slug, not a `.zip`). `File.fromBytes({ name: 'data.csv', bytes })` lands at `/workspace/data.csv` — `name` is the real filename here.
91
- - **A folder lands its entries under the mount directory.** `File.fromPath('./repo/', { mountPath: '/workspace/repo' })` puts each file at `/workspace/repo/<relative-path>`.
92
- - **The resolved mount directory is surfaced back on the run.** Read `run.runtimeManifest.mountedFiles` (an array of `{ name, mountPath }`) to learn where each handed file landed.
93
-
94
- ```ts
95
- const subtitles = await File.fromPath('./source-video-subtitles.srt'); // → /workspace/source-video-subtitles.srt
96
- const dataset = await File.fromPath('./data/', { mountPath: '/workspace/input' }); // → /workspace/input/<files>
97
- const run = await client.submit({ model, prompt, files: [subtitles, dataset], secrets: { apiKey } });
98
- const resolved = (await client.getRun(run.id)).runtimeManifest?.mountedFiles;
99
- // [{ name: 'source-video-subtitles', mountPath: '/workspace' }, { name: 'data', mountPath: '/workspace/input' }]
100
- ```
101
-
102
- ## Safe retries with `idempotencyKey`
103
-
104
- Every `submit` call carries an `idempotencyKey`. When omitted the SDK auto-generates a UUID per call. Supplying your own key makes retries deterministic:
105
-
106
- | Submit shape | Server response |
107
- | --- | --- |
108
- | New `idempotencyKey` | HTTP 202 — returns the new run id. |
109
- | Same key + identical request body hash | HTTP 200 — returns the original run id. The SDK call resolves with that id. |
110
- | Same key + **different** request body hash | HTTP 409 — body `{ error: { message, code: "idempotency_conflict", details: { existingRunId } } }`. The SDK throws an `HttpError` carrying that body. Use `details.existingRunId` to adopt the pre-existing run, or pick a fresh key. |
111
- | Omitted `idempotencyKey` | A new UUID is generated on every call — repeat submissions create new runs. |
112
-
113
- The request hash is computed server-side over the canonical submission JSON (model, prompt, system, environment, skill refs, MCP server descriptors, proxy endpoints, `outputs`, etc.) so reordering JSON keys, adding whitespace, or rotating the inline secret bundle does **not** change the hash. Changing the prompt, model, system, or any other non-secret field does.
114
-
115
- Pattern for safe retries:
116
-
117
- ```ts
118
- const idempotencyKey = crypto.randomUUID();
119
- async function submitWithRetry() {
120
- for (let attempt = 0; attempt < 3; attempt++) {
121
- try {
122
- return await aex.submit({
123
- model: RunModels.CLAUDE_HAIKU_4_5,
124
- prompt: "...",
125
- idempotencyKey,
126
- secrets: { apiKey: process.env.ANTHROPIC_API_KEY! }
127
- });
128
- } catch (err) {
129
- if (err instanceof Error && err.message.includes("network")) continue;
130
- throw err;
131
- }
132
- }
133
- throw new Error("submit failed after retries");
134
- }
135
- ```
54
+ ## Add capabilities
136
55
 
137
- The same `idempotencyKey` reused with the same body will deterministically resolve to the same run id regardless of how many times the network drops between attempts. Query, stream, wait, or download the run by that id.
56
+ - Add files, skills, AGENTS.md, MCP servers, proxy endpoints, packages, and networking controls with [Composition](concepts/composition.md).
57
+ - Inspect runtime tools with [Agent tools](concepts/agent-tools.md).
58
+ - Use parent/child run delegation from the [Features](https://aex.dev/docs/features/#subagents) page.
59
+ - Narrow output capture or download individual files with [Outputs](outputs.md).
60
+ - Check supported providers and models in the [provider/runtime capability matrix](provider-runtime-capabilities.md).
@@ -22,7 +22,7 @@ Allowed fields:
22
22
 
23
23
  `agentsMd`, `files`, `outputs`, `builtins`, and `outputMode` are top-level `submit` options, not run-config fields. They carry bytes, capture behavior, or agent tool/output controls that belong on a concrete run submission.
24
24
 
25
- Secrets never live in run config. Pass credentials through `submit({ ...config, secrets })` in the SDK or the equivalent host-mode flags (`--anthropic-api-key`, `--mcp-auth`, `--proxy-auth`) in the CLI. See [Credentials](credentials.md) for the proxy endpoint policy/auth split and retry fields.
25
+ Secrets never live in run config. Pass credentials through `submit({ ...config, secrets })` in the SDK or the equivalent host-mode flags (`--anthropic-api-key`, `--mcp-auth`, `--proxy-auth`) in the CLI. See [Secrets](secrets.md) for secret lifecycles and [Credentials](credentials.md) for the proxy endpoint policy/auth split and retry fields.
26
26
 
27
27
  ## Reuse in code
28
28
 
@@ -0,0 +1,123 @@
1
+ ---
2
+ title: Secrets
3
+ ---
4
+
5
+ # Secrets
6
+
7
+ aex supports BYOK provider keys, per-run credentials, and reusable workspace
8
+ secrets. Secret values are excluded from the idempotency fingerprint and do not
9
+ belong in run config.
10
+
11
+ ## Use A Provider Key For One Run
12
+
13
+ ### TypeScript
14
+
15
+ ```ts
16
+ import { AgentExecutor, Models, Providers } from "@aexhq/sdk";
17
+
18
+ const aex = new AgentExecutor({ apiToken: process.env.AEX_API_TOKEN! });
19
+
20
+ await aex.submit({
21
+ provider: Providers.ANTHROPIC,
22
+ model: Models.CLAUDE_HAIKU_4_5,
23
+ prompt: "Write the report and save outputs.",
24
+ secrets: { apiKey: process.env.ANTHROPIC_API_KEY! }
25
+ });
26
+ ```
27
+
28
+ ### CLI
29
+
30
+ ```bash
31
+ aex run \
32
+ --api-token "$AEX_API_TOKEN" \
33
+ --anthropic-api-key "$ANTHROPIC_API_KEY" \
34
+ --model claude-haiku-4-5 \
35
+ --prompt "Write the report and save outputs."
36
+ ```
37
+
38
+ ## Upload An Env Secret
39
+
40
+ Use `Secret.value(...).upload(...)` when you start with an ephemeral value and
41
+ want to persist it as a named workspace secret for later runs.
42
+
43
+ ```ts
44
+ import { AgentExecutor, Models, Providers, Secret } from "@aexhq/sdk";
45
+
46
+ const aex = new AgentExecutor({ apiToken: process.env.AEX_API_TOKEN! });
47
+
48
+ const githubToken = await Secret.value(process.env.GITHUB_TOKEN!).upload(aex, {
49
+ name: "github-token"
50
+ });
51
+
52
+ await aex.submit({
53
+ provider: Providers.ANTHROPIC,
54
+ model: Models.CLAUDE_HAIKU_4_5,
55
+ prompt: "Inspect the repository issues.",
56
+ secretEnv: { GITHUB_TOKEN: githubToken },
57
+ secrets: { apiKey: process.env.ANTHROPIC_API_KEY! }
58
+ });
59
+ ```
60
+
61
+ ## Set Or Rotate A Workspace Secret
62
+
63
+ Use `client.secrets.set(...)` to create a named secret directly. Use
64
+ `client.secrets.rotate(...)` to replace its value while keeping the same name.
65
+
66
+ ```ts
67
+ await aex.secrets.set({
68
+ name: "serper-api-key",
69
+ value: process.env.SERPER_API_KEY!
70
+ });
71
+
72
+ await aex.secrets.rotate({
73
+ name: "serper-api-key",
74
+ value: process.env.SERPER_API_KEY_NEXT!
75
+ });
76
+ ```
77
+
78
+ ## Retrieve Secret Metadata
79
+
80
+ `list` and `get` return metadata only. They never return the secret value.
81
+
82
+ ```ts
83
+ const secrets = await aex.secrets.list();
84
+ const metadata = await aex.secrets.get("serper-api-key");
85
+ ```
86
+
87
+ ## Get A Secret Value
88
+
89
+ Use `get_value` only when the value is intentionally needed outside a run. It is
90
+ the explicit audited value-read path.
91
+
92
+ ```ts
93
+ const secretValue = await aex.secrets.get_value("serper-api-key");
94
+ console.log(secretValue.value);
95
+ ```
96
+
97
+ ## Inject A Workspace Secret Into A Run
98
+
99
+ Reference workspace secrets with `Secret.ref(name)`. The value resolves
100
+ server-side and is injected as the named environment variable.
101
+
102
+ ```ts
103
+ import { Models, Providers, Secret } from "@aexhq/sdk";
104
+
105
+ await aex.submit({
106
+ provider: Providers.ANTHROPIC,
107
+ model: Models.CLAUDE_HAIKU_4_5,
108
+ prompt: "Use SERPER_API_KEY for web search.",
109
+ secretEnv: {
110
+ SERPER_API_KEY: Secret.ref("serper-api-key")
111
+ },
112
+ secrets: { apiKey: process.env.ANTHROPIC_API_KEY! }
113
+ });
114
+ ```
115
+
116
+ ## Delete A Workspace Secret
117
+
118
+ ```ts
119
+ await aex.secrets.delete("serper-api-key");
120
+ ```
121
+
122
+ The CLI supports per-run provider, MCP, and proxy credentials. Workspace secret
123
+ administration is exposed through the SDK.
@@ -32,7 +32,7 @@ a raised `maxRequestBytes` (so the base64 image fits):
32
32
  ```ts
33
33
  import { AgentExecutor, RunModels, Skill, ProxyEndpoint, validateProxyAuth } from "@aexhq/sdk";
34
34
 
35
- const aex = new AgentExecutor({ apiToken: process.env.AEX_WORKSPACE_TOKEN! });
35
+ const aex = new AgentExecutor({ apiToken: process.env.AEX_API_TOKEN! });
36
36
 
37
37
  const proxyEndpoints = [
38
38
  ProxyEndpoint.bearer({
@@ -146,11 +146,8 @@ frame_%03d.jpg`) — full-res adds payload and cost, not signal.
146
146
 
147
147
  ## Notes
148
148
 
149
- - **Egress.** The named proxy reaches any HTTPS host you declare as `baseUrl`
150
- (no upstream allow-list; only a literal-IP SSRF deny-list). The international
151
- BytePlus host (`ark.ap-southeast.bytepluses.com`) is a normal public host. The
152
- China host (`ark.cn-beijing.volces.com`) is reachable in principle but the
153
- platform's egress to Beijing is currently unverified — prefer the BytePlus host.
149
+ - **Host selection.** Use the provider endpoint that matches your account and
150
+ declare it as the proxy endpoint `baseUrl`.
154
151
  - **Keyless model hosts.** If the upstream takes no credential, declare the
155
152
  endpoint with `authShape: { type: "none" }` and omit the `proxyEndpointAuth`
156
153
  entry (see `credentials.md`).
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aexhq/sdk",
3
- "version": "0.24.0",
3
+ "version": "0.25.0",
4
4
  "description": "TypeScript SDK for running autonomous agent sessions across providers (Anthropic, OpenAI, DeepSeek, Gemini, Mistral) behind one interface.",
5
5
  "license": "Apache-2.0",
6
6
  "repository": {
@@ -26,7 +26,7 @@
26
26
  "examples"
27
27
  ],
28
28
  "devDependencies": {
29
- "@aexhq/contracts": "0.24.0"
29
+ "@aexhq/contracts": "0.25.0"
30
30
  },
31
31
  "engines": {
32
32
  "node": ">=20"
@@ -1,57 +0,0 @@
1
- ---
2
- title: Product capabilities and boundaries
3
- ---
4
-
5
- # Product capabilities and boundaries
6
-
7
- aex is the serverless control plane for autonomous agent sessions. It accepts a complete run request, dispatches it to the managed runtime, records typed events, captures outputs, and exposes auth-gated reads and downloads.
8
-
9
- aex is not a custom agent loop, a general-purpose sandbox, an interactive approval system, or a provider compliance layer. True self-host and customer-cloud deployment modes are not supported today.
10
-
11
- Start with the generated [provider/runtime capability matrix](provider-runtime-capabilities.md) for supported providers, runtime routing, and evidence pointers.
12
-
13
- ## Owned by aex today
14
-
15
- - Run submission, idempotency, status, cancellation, reads, downloads, and workspace auth.
16
- - Runtime dispatch through the managed runtime, with unsupported runtime selectors rejected at submission.
17
- - Ordered event capture through the per-run coordinator and durable archive, with platform diagnostics kept on internal/admin surfaces.
18
- - Output capture into the run record, subject to runtime behavior and storage limits.
19
- - BYOK provider-key custody for a single run, using the top-level `secrets` carrier and terminal cleanup/revocation attempts for aex-controlled references.
20
- - Named proxy endpoint policy, auth injection, redaction, call budgets, and audit metadata on the aex-owned proxy path.
21
- - Default cleanup attempts for tracked aex runtime resources.
22
-
23
- ## Boundary matrix
24
-
25
- | Area | aex-owned behavior | Inherited or customer-owned behavior |
26
- | --- | --- | --- |
27
- | Provider and model policy | aex validates the selected provider, injects the run-scoped BYOK credential, and records public-safe runtime events. | Provider retention, training exclusion, zero-retention, HIPAA/BAA, data residency, abuse policy, and pricing are properties of the selected provider account, endpoint, and contract. |
28
- | Runtime isolation | Managed runs execute in an isolated managed runtime. aex tracks resources and runs cleanup attempts. | Runtime isolation guarantees belong to the managed runtime provider. |
29
- | Secrets | Provider keys, MCP credentials, and proxy auth values are supplied inline per run, held in run-scoped custody, excluded from idempotency, and targeted for cleanup/revocation at terminal where aex controls the reference. | Customers choose and rotate their provider keys and MCP/proxy credentials. Provider-side credentials, sessions, and data may have their own retention rules. |
30
- | MCP servers | aex accepts remote HTTP/SSE MCP servers, validates their declaration, attaches run-scoped credentials, and records access metadata on the aex-controlled edge. | MCP servers are customer-trusted remote systems. aex does not sandbox their downstream behavior or make an untrusted MCP server safe. |
31
- | Proxy endpoints | The named endpoint proxy enforces declared host/path/method/auth policy and response caps for calls routed through it. | The upstream service's own auth, data handling, side effects, and compliance posture remain with the upstream service and customer. |
32
- | Outputs and run record | Captured outputs, events, and metadata are stored under the public run record and downloaded through auth-gated routes. Internal diagnostics are stored separately under internal/admin access. | Output content is customer content. Storage, deletion, and retention follow the run policy and infrastructure behavior; deletion-proof custody manifests are roadmap work until shipped. |
33
- | Human review | Runs execute full-auto after submission. Cancellation is available as an abort control. | Required input, approval, and planning happen before submission or after inspecting the completed run record. aex does not pause a run for platform-mediated human approval or interactive clarification. |
34
- | Agent identity and memory | The durable product primitive is the run record, addressed by run id. | Persistent agent identity, agent profiles, stateful memory, reusable provider sessions, and saved-definition products are out of scope. |
35
- | Deployment model | The supported product is the hosted aex control plane, plus the SDK and CLI used to submit and inspect runs. | True self-host and customer-cloud deployments are not supported product modes today. Alternate `baseUrl` values are for local, staging, or hosted aex API planes, not a self-host promise. |
36
- | Cost | BYOK provider-token charges accrue to the customer's provider account. aex can expose run/runtime/output metadata that helps operators reason about usage. | Paid managed-key mode, free trials, billing-grade cost telemetry, public rate cards, margins, and reconciliation are not shipped in the public product unless explicitly documented later. |
37
-
38
- ## Provider and infrastructure policy links
39
-
40
- Use these links as starting points for the policy areas aex does not own:
41
-
42
- - Anthropic API data retention policy: <https://platform.claude.com/docs/en/manage-claude/api-and-data-retention>
43
- - OpenAI API data controls: <https://platform.openai.com/docs/guides/your-data>
44
- - Mistral privacy and API data handling: <https://docs.mistral.ai/admin/security-access/privacy>
45
- - Gemini API data handling: <https://ai.google.dev/gemini-api/docs/logs-policy>
46
- These links do not create aex guarantees. They identify the provider whose current terms and product behavior must be reviewed for a given workload.
47
-
48
- ## Non-goals and unsupported claims
49
-
50
- Do not describe aex as providing:
51
-
52
- - true self-host or customer-cloud deployment support;
53
- - aex does not provide zero retention, HIPAA, BAA, or data-residency guarantees across providers;
54
- - aex does not provide a free trial or low-cost managed-key mode;
55
- - a general-purpose sandbox for every runtime and downstream MCP service;
56
- - human-in-the-loop approval checkpoints, ask-the-user loops, or interactive resume;
57
- - persistent agent identity, agent profiles, stateful memory, reusable sessions, or saved agent definitions.