@aexhq/sdk 0.24.0 → 0.25.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +36 -125
- package/dist/_contracts/index.d.ts +0 -1
- package/dist/_contracts/index.js +0 -1
- package/dist/_contracts/models.js +1 -2
- package/dist/_contracts/operations.d.ts +13 -5
- package/dist/_contracts/operations.js +220 -10
- package/dist/_contracts/provider-support.d.ts +18 -29
- package/dist/_contracts/provider-support.js +3 -22
- package/dist/_contracts/proxy-protocol.d.ts +4 -2
- package/dist/_contracts/proxy-protocol.js +10 -3
- package/dist/_contracts/run-config.d.ts +28 -4
- package/dist/_contracts/run-config.js +10 -5
- package/dist/_contracts/run-cost.d.ts +3 -11
- package/dist/_contracts/run-cost.js +2 -57
- package/dist/_contracts/run-custody.d.ts +1 -52
- package/dist/_contracts/run-custody.js +3 -87
- package/dist/_contracts/run-retention.d.ts +1 -5
- package/dist/_contracts/run-retention.js +2 -14
- package/dist/_contracts/run-unit.d.ts +2 -2
- package/dist/_contracts/run-unit.js +3 -1
- package/dist/_contracts/runtime-security-profile.js +1 -1
- package/dist/_contracts/runtime-types.d.ts +38 -12
- package/dist/_contracts/side-effect-audit.d.ts +4 -5
- package/dist/_contracts/side-effect-audit.js +1 -4
- package/dist/_contracts/status.d.ts +3 -4
- package/dist/_contracts/status.js +3 -8
- package/dist/_contracts/submission.d.ts +68 -42
- package/dist/_contracts/submission.js +144 -30
- package/dist/bundle.d.ts +13 -0
- package/dist/bundle.js +51 -0
- package/dist/bundle.js.map +1 -1
- package/dist/cli.mjs +232 -58
- package/dist/cli.mjs.sha256 +1 -1
- package/dist/client.d.ts +25 -21
- package/dist/client.js +59 -15
- package/dist/client.js.map +1 -1
- package/dist/index.d.ts +6 -5
- package/dist/index.js +4 -3
- package/dist/index.js.map +1 -1
- package/dist/tool.d.ts +41 -0
- package/dist/tool.js +138 -0
- package/dist/tool.js.map +1 -0
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/docs/concepts/agent-tools.md +53 -0
- package/docs/concepts/composition.md +43 -0
- package/docs/concepts/providers-and-runtimes.md +53 -0
- package/docs/concepts/runs.md +40 -0
- package/docs/credentials.md +8 -4
- package/docs/events.md +12 -0
- package/docs/limits.md +53 -0
- package/docs/outputs.md +58 -0
- package/docs/provider-runtime-capabilities.md +53 -55
- package/docs/public-surface.json +81 -0
- package/docs/quickstart.md +28 -105
- package/docs/release.md +1 -1
- package/docs/run-config.md +2 -2
- package/docs/secrets.md +123 -0
- package/docs/skills.md +3 -3
- package/docs/vision-skills.md +14 -19
- package/package.json +2 -2
- package/dist/_contracts/managed-key.d.ts +0 -101
- package/dist/_contracts/managed-key.js +0 -181
- package/docs/product-boundaries.md +0 -57
package/dist/cli.mjs
CHANGED
|
@@ -25,16 +25,21 @@ var PROXY_RESPONSE_MODES = ["status_only", "headers_only", "full"];
|
|
|
25
25
|
var PROXY_ENDPOINT_DEFAULTS = {
|
|
26
26
|
allowHeaders: [],
|
|
27
27
|
responseMode: "headers_only",
|
|
28
|
-
|
|
28
|
+
// 10 MiB. The body is buffered into the Worker to enforce this cap, while the
|
|
29
|
+
// launch default fits practical multimodal/tool POSTs without every endpoint
|
|
30
|
+
// needing an override.
|
|
31
|
+
maxRequestBytes: 10 * 1024 * 1024,
|
|
29
32
|
// Unlimited (0). The request body is buffered to enforce its cap, so that
|
|
30
33
|
// stays finite; the response is streamed, so it does not need one.
|
|
31
34
|
maxResponseBytes: 0,
|
|
32
|
-
|
|
35
|
+
// 5 minutes. Long-running upstream tool/model calls should not fail under a
|
|
36
|
+
// development-oriented 10s ceiling; endpoints can still set a smaller value.
|
|
37
|
+
timeoutMs: 5 * 60 * 1e3
|
|
33
38
|
};
|
|
34
39
|
|
|
35
40
|
// ../contracts/dist/provider-support.js
|
|
36
41
|
var COMMON_DOCS = [
|
|
37
|
-
{ label: "
|
|
42
|
+
{ label: "Secrets", href: "secrets.md" },
|
|
38
43
|
{ label: "Events", href: "events.md" }
|
|
39
44
|
];
|
|
40
45
|
var COMMON_EVIDENCE = [
|
|
@@ -69,7 +74,6 @@ var DEEPSEEK_MANAGED_EVIDENCE = [
|
|
|
69
74
|
var PROVIDER_PUBLIC_SUPPORT = {
|
|
70
75
|
anthropic: {
|
|
71
76
|
displayName: "Anthropic",
|
|
72
|
-
status: "supported",
|
|
73
77
|
docsAnchor: "anthropic",
|
|
74
78
|
docs: COMMON_DOCS,
|
|
75
79
|
evidence: [...COMMON_EVIDENCE, ...ANTHROPIC_MANAGED_EVIDENCE],
|
|
@@ -79,7 +83,6 @@ var PROVIDER_PUBLIC_SUPPORT = {
|
|
|
79
83
|
},
|
|
80
84
|
deepseek: {
|
|
81
85
|
displayName: "DeepSeek",
|
|
82
|
-
status: "supported",
|
|
83
86
|
docsAnchor: "deepseek",
|
|
84
87
|
docs: COMMON_DOCS,
|
|
85
88
|
evidence: [...COMMON_EVIDENCE, ...DEEPSEEK_MANAGED_EVIDENCE],
|
|
@@ -89,7 +92,6 @@ var PROVIDER_PUBLIC_SUPPORT = {
|
|
|
89
92
|
},
|
|
90
93
|
openai: {
|
|
91
94
|
displayName: "OpenAI",
|
|
92
|
-
status: "live-unverified",
|
|
93
95
|
docsAnchor: "openai",
|
|
94
96
|
docs: COMMON_DOCS,
|
|
95
97
|
evidence: COMMON_EVIDENCE,
|
|
@@ -99,7 +101,6 @@ var PROVIDER_PUBLIC_SUPPORT = {
|
|
|
99
101
|
},
|
|
100
102
|
gemini: {
|
|
101
103
|
displayName: "Gemini",
|
|
102
|
-
status: "live-unverified",
|
|
103
104
|
docsAnchor: "gemini",
|
|
104
105
|
docs: COMMON_DOCS,
|
|
105
106
|
evidence: COMMON_EVIDENCE,
|
|
@@ -109,7 +110,6 @@ var PROVIDER_PUBLIC_SUPPORT = {
|
|
|
109
110
|
},
|
|
110
111
|
mistral: {
|
|
111
112
|
displayName: "Mistral",
|
|
112
|
-
status: "live-unverified",
|
|
113
113
|
docsAnchor: "mistral",
|
|
114
114
|
docs: COMMON_DOCS,
|
|
115
115
|
evidence: COMMON_EVIDENCE,
|
|
@@ -119,7 +119,6 @@ var PROVIDER_PUBLIC_SUPPORT = {
|
|
|
119
119
|
},
|
|
120
120
|
openrouter: {
|
|
121
121
|
displayName: "OpenRouter",
|
|
122
|
-
status: "live-unverified",
|
|
123
122
|
docsAnchor: "openrouter",
|
|
124
123
|
docs: COMMON_DOCS,
|
|
125
124
|
evidence: COMMON_EVIDENCE,
|
|
@@ -128,13 +127,8 @@ var PROVIDER_PUBLIC_SUPPORT = {
|
|
|
128
127
|
}
|
|
129
128
|
},
|
|
130
129
|
// Doubao (ByteDance) via the official Ark API — international BytePlus gateway.
|
|
131
|
-
// Wired + parser/routing-verified but not yet proven against a live BytePlus
|
|
132
|
-
// account, so `live-unverified`. Promote to `supported` (and swap COMMON_EVIDENCE
|
|
133
|
-
// for a DOUBAO_MANAGED_EVIDENCE pointer to live-sdk-doubao.test.ts) once the
|
|
134
|
-
// live run passes.
|
|
135
130
|
doubao: {
|
|
136
131
|
displayName: "Doubao",
|
|
137
|
-
status: "live-unverified",
|
|
138
132
|
docsAnchor: "doubao",
|
|
139
133
|
docs: COMMON_DOCS,
|
|
140
134
|
evidence: COMMON_EVIDENCE,
|
|
@@ -143,11 +137,8 @@ var PROVIDER_PUBLIC_SUPPORT = {
|
|
|
143
137
|
}
|
|
144
138
|
},
|
|
145
139
|
// Doubao (ByteDance) via the official Ark API — China Volcengine gateway.
|
|
146
|
-
// Same wiring as `doubao`; additionally gated on CF Worker egress reaching the
|
|
147
|
-
// Beijing host (see apps/egress-probe). `live-unverified` until proven live.
|
|
148
140
|
"doubao-cn": {
|
|
149
141
|
displayName: "Doubao (China)",
|
|
150
|
-
status: "live-unverified",
|
|
151
142
|
docsAnchor: "doubao-cn",
|
|
152
143
|
docs: COMMON_DOCS,
|
|
153
144
|
evidence: COMMON_EVIDENCE,
|
|
@@ -179,8 +170,7 @@ var MODEL_PROVIDER_IDS = {
|
|
|
179
170
|
// China Volcengine Ark gateway (`doubao-cn`). Ark accepts the API-format
|
|
180
171
|
// model NAME directly in the chat-completions `model` field (no `ep-…`
|
|
181
172
|
// inference-endpoint id). The native strings are the same Ark catalog ids on
|
|
182
|
-
// both gateways
|
|
183
|
-
// (both providers ship `live-unverified` until then — provider-support.ts).
|
|
173
|
+
// both gateways.
|
|
184
174
|
// pro — Doubao Seed 1.8 (flagship, 256K context).
|
|
185
175
|
// flash — Doubao Seed 1.6 Flash (fast/cheap, 256K context).
|
|
186
176
|
"doubao-seed-pro": { doubao: "doubao-seed-1-8-251228", "doubao-cn": "doubao-seed-1-8-251228" },
|
|
@@ -222,9 +212,7 @@ var TERMINAL_RUN_STATUSES = [
|
|
|
222
212
|
"failed",
|
|
223
213
|
"timed_out",
|
|
224
214
|
"cancelled",
|
|
225
|
-
"cleanup_failed"
|
|
226
|
-
"pending_delete",
|
|
227
|
-
"deleted"
|
|
215
|
+
"cleanup_failed"
|
|
228
216
|
];
|
|
229
217
|
var terminalRunStatuses = new Set(TERMINAL_RUN_STATUSES);
|
|
230
218
|
|
|
@@ -762,7 +750,7 @@ var RUNTIME_SECURITY_PROFILE_CONFIG = Object.freeze({
|
|
|
762
750
|
}),
|
|
763
751
|
standard: Object.freeze({
|
|
764
752
|
name: "standard",
|
|
765
|
-
defaultNetworkingMode: "
|
|
753
|
+
defaultNetworkingMode: "open",
|
|
766
754
|
allowOpenNetworking: true,
|
|
767
755
|
allowRuntimePackages: true,
|
|
768
756
|
allowCustomerEnvVars: true,
|
|
@@ -780,27 +768,6 @@ var RUNTIME_SECURITY_PROFILE_CONFIG = Object.freeze({
|
|
|
780
768
|
})
|
|
781
769
|
});
|
|
782
770
|
|
|
783
|
-
// ../contracts/dist/managed-key.js
|
|
784
|
-
var MANAGED_KEY_POLICY_SCHEMA_VERSION = 1;
|
|
785
|
-
var BLOCKED_MANAGED_KEY_FEATURE_POLICY_V1 = Object.freeze({
|
|
786
|
-
files: "disabled",
|
|
787
|
-
packages: "disabled",
|
|
788
|
-
builtins: "disabled",
|
|
789
|
-
mcpServers: "disabled",
|
|
790
|
-
proxyEndpoints: "disabled",
|
|
791
|
-
openNetworking: "disabled"
|
|
792
|
-
});
|
|
793
|
-
var BLOCKED_MANAGED_KEY_POLICY_V1 = Object.freeze({
|
|
794
|
-
schemaVersion: MANAGED_KEY_POLICY_SCHEMA_VERSION,
|
|
795
|
-
credentialMode: "managed",
|
|
796
|
-
launchStage: "blocked",
|
|
797
|
-
privateImplementationAvailable: false,
|
|
798
|
-
billingRequired: true,
|
|
799
|
-
providers: Object.freeze([]),
|
|
800
|
-
runtimes: Object.freeze([]),
|
|
801
|
-
features: BLOCKED_MANAGED_KEY_FEATURE_POLICY_V1
|
|
802
|
-
});
|
|
803
|
-
|
|
804
771
|
// ../contracts/dist/submission.js
|
|
805
772
|
var RUN_PROVIDERS = [
|
|
806
773
|
"anthropic",
|
|
@@ -904,13 +871,9 @@ var forbiddenStringPatterns = Object.freeze([
|
|
|
904
871
|
{
|
|
905
872
|
reason: "private_resource_handle",
|
|
906
873
|
// `<keyword><sep><id>` opaque handles (`session_a1B2c3D4e5`, `file_9f8e7d…`).
|
|
907
|
-
// The keyword set overlaps ordinary
|
|
908
|
-
//
|
|
909
|
-
//
|
|
910
|
-
// `session_handoff_contract`, `agent-judgment` — read straight out of a
|
|
911
|
-
// skill-pack doc in tool-result text). The `accept` predicate keeps the shape
|
|
912
|
-
// but requires the id segment to look minted rather than spelled — i.e. carry
|
|
913
|
-
// a digit — so genuine handles stay flagged while dictionary-word prose does not.
|
|
874
|
+
// The keyword set overlaps ordinary prose, so require the id segment to
|
|
875
|
+
// carry a digit. That keeps genuine minted handles flagged while avoiding
|
|
876
|
+
// dictionary-word chains such as `agent_decision_failure`.
|
|
914
877
|
regex: /\b(?:machine|session|agent|file|skill|env|resource|handle|token_hash|bearer_hash)[_:-][A-Za-z0-9][A-Za-z0-9_-]{7,}\b/i,
|
|
915
878
|
accept: isMintedResourceHandle
|
|
916
879
|
},
|
|
@@ -1397,6 +1360,7 @@ function extractErrorMessage(body) {
|
|
|
1397
1360
|
var operations_exports = {};
|
|
1398
1361
|
__export(operations_exports, {
|
|
1399
1362
|
cancelRun: () => cancelRun,
|
|
1363
|
+
classifyOutput: () => classifyOutput,
|
|
1400
1364
|
createAgentsMd: () => createAgentsMd,
|
|
1401
1365
|
createFile: () => createFile,
|
|
1402
1366
|
createOutputLink: () => createOutputLink,
|
|
@@ -1414,6 +1378,10 @@ __export(operations_exports, {
|
|
|
1414
1378
|
downloadMetadata: () => downloadMetadata,
|
|
1415
1379
|
downloadOutput: () => downloadOutput,
|
|
1416
1380
|
downloadOutputs: () => downloadOutputs,
|
|
1381
|
+
eventArchiveLink: () => eventArchiveLink,
|
|
1382
|
+
filterOutputs: () => filterOutputs,
|
|
1383
|
+
findOutput: () => findOutput,
|
|
1384
|
+
findOutputs: () => findOutputs,
|
|
1417
1385
|
findSkillByHash: () => findSkillByHash,
|
|
1418
1386
|
findSkillByName: () => findSkillByName,
|
|
1419
1387
|
getAgentsMd: () => getAgentsMd,
|
|
@@ -1422,6 +1390,7 @@ __export(operations_exports, {
|
|
|
1422
1390
|
getRun: () => getRun,
|
|
1423
1391
|
getRunUnit: () => getRunUnit,
|
|
1424
1392
|
getSecret: () => getSecret,
|
|
1393
|
+
getSecretValue: () => getSecretValue,
|
|
1425
1394
|
getSkill: () => getSkill,
|
|
1426
1395
|
listAgentsMd: () => listAgentsMd,
|
|
1427
1396
|
listFiles: () => listFiles,
|
|
@@ -1429,8 +1398,9 @@ __export(operations_exports, {
|
|
|
1429
1398
|
listRunEvents: () => listRunEvents,
|
|
1430
1399
|
listSecrets: () => listSecrets,
|
|
1431
1400
|
listSkills: () => listSkills,
|
|
1401
|
+
normalizeOutputLinkExpiresIn: () => normalizeOutputLinkExpiresIn,
|
|
1402
|
+
outputLink: () => outputLink,
|
|
1432
1403
|
resolveOutputFileSelector: () => resolveOutputFileSelector,
|
|
1433
|
-
revealSecret: () => revealSecret,
|
|
1434
1404
|
rotateSecret: () => rotateSecret,
|
|
1435
1405
|
submitRun: () => submitRun,
|
|
1436
1406
|
submitRunMultipart: () => submitRunMultipart,
|
|
@@ -2180,12 +2150,50 @@ async function listRunEvents(http, runId) {
|
|
|
2180
2150
|
async function getCoordinatorTicket(http, runId) {
|
|
2181
2151
|
return http.request(`/api/runs/${encodeURIComponent(runId)}/events/ticket`, { method: "POST" });
|
|
2182
2152
|
}
|
|
2183
|
-
async function listOutputs(http, runId) {
|
|
2153
|
+
async function listOutputs(http, runId, query) {
|
|
2184
2154
|
const result = await http.request(`/api/runs/${encodeURIComponent(runId)}/outputs`);
|
|
2185
|
-
return result.outputs;
|
|
2155
|
+
return query === void 0 ? result.outputs : filterOutputs(result.outputs, query);
|
|
2156
|
+
}
|
|
2157
|
+
async function findOutputs(http, runId, query) {
|
|
2158
|
+
return listOutputs(http, runId, query);
|
|
2159
|
+
}
|
|
2160
|
+
async function findOutput(http, runId, query) {
|
|
2161
|
+
const matches = await findOutputs(http, runId, query);
|
|
2162
|
+
if (matches.length === 0)
|
|
2163
|
+
return null;
|
|
2164
|
+
if (matches.length === 1)
|
|
2165
|
+
return matches[0];
|
|
2166
|
+
throw new RunStateError("findOutput: output query matched multiple files", {
|
|
2167
|
+
runId,
|
|
2168
|
+
matches: matches.map((output) => output.filename ?? output.id)
|
|
2169
|
+
});
|
|
2170
|
+
}
|
|
2171
|
+
async function outputLink(http, runId, selectorOrQuery, options) {
|
|
2172
|
+
const output = await resolveOutputLinkTarget(http, runId, selectorOrQuery);
|
|
2173
|
+
const expiresInSeconds = normalizeOutputLinkExpiresIn(options?.expiresIn);
|
|
2174
|
+
const result = await http.request(`/api/runs/${encodeURIComponent(runId)}/outputs/${encodeURIComponent(output.id)}/link`, {
|
|
2175
|
+
method: "POST",
|
|
2176
|
+
body: JSON.stringify({ expiresInSeconds })
|
|
2177
|
+
});
|
|
2178
|
+
return {
|
|
2179
|
+
...result,
|
|
2180
|
+
expiresInSeconds: result.expiresInSeconds ?? expiresInSeconds,
|
|
2181
|
+
output: result.output ?? output
|
|
2182
|
+
};
|
|
2186
2183
|
}
|
|
2187
|
-
async function createOutputLink(http, runId,
|
|
2188
|
-
return http
|
|
2184
|
+
async function createOutputLink(http, runId, selectorOrQuery, options) {
|
|
2185
|
+
return outputLink(http, runId, selectorOrQuery, options);
|
|
2186
|
+
}
|
|
2187
|
+
async function eventArchiveLink(http, runId, options) {
|
|
2188
|
+
const expiresInSeconds = normalizeOutputLinkExpiresIn(options?.expiresIn);
|
|
2189
|
+
const result = await http.request(`/api/runs/${encodeURIComponent(runId)}/events/link`, {
|
|
2190
|
+
method: "POST",
|
|
2191
|
+
body: JSON.stringify({ expiresInSeconds })
|
|
2192
|
+
});
|
|
2193
|
+
return {
|
|
2194
|
+
...result,
|
|
2195
|
+
expiresInSeconds: result.expiresInSeconds ?? expiresInSeconds
|
|
2196
|
+
};
|
|
2189
2197
|
}
|
|
2190
2198
|
function resolveOutputFileSelector(outputs, selector, runId) {
|
|
2191
2199
|
if (isPathSelector(selector)) {
|
|
@@ -2270,6 +2278,171 @@ function isPathSelector(selector) {
|
|
|
2270
2278
|
function normalizeOutputLookupPath(path) {
|
|
2271
2279
|
return path.replace(/\\/g, "/").replace(/^\/+/, "");
|
|
2272
2280
|
}
|
|
2281
|
+
function filterOutputs(outputs, query) {
|
|
2282
|
+
return outputs.filter((output) => outputMatchesQuery(output, query));
|
|
2283
|
+
}
|
|
2284
|
+
function classifyOutput(output) {
|
|
2285
|
+
const contentType = normalizeContentType(output.contentType);
|
|
2286
|
+
if (contentType) {
|
|
2287
|
+
if (contentType === "application/json" || contentType.endsWith("+json") || contentType.includes("json")) {
|
|
2288
|
+
return "json";
|
|
2289
|
+
}
|
|
2290
|
+
if (contentType.startsWith("text/"))
|
|
2291
|
+
return "text";
|
|
2292
|
+
if (contentType.startsWith("image/"))
|
|
2293
|
+
return "image";
|
|
2294
|
+
if (contentType.startsWith("audio/"))
|
|
2295
|
+
return "audio";
|
|
2296
|
+
if (contentType.startsWith("video/"))
|
|
2297
|
+
return "video";
|
|
2298
|
+
if (contentType === "application/pdf")
|
|
2299
|
+
return "pdf";
|
|
2300
|
+
if (contentType === "application/zip" || contentType === "application/gzip" || contentType === "application/x-gzip" || contentType === "application/x-tar" || contentType === "application/x-7z-compressed" || contentType === "application/vnd.rar" || contentType === "application/zstd") {
|
|
2301
|
+
return "archive";
|
|
2302
|
+
}
|
|
2303
|
+
if (contentType === "application/octet-stream")
|
|
2304
|
+
return "binary";
|
|
2305
|
+
return "unknown";
|
|
2306
|
+
}
|
|
2307
|
+
const extension = extensionOf(output.filename);
|
|
2308
|
+
if (!extension)
|
|
2309
|
+
return "unknown";
|
|
2310
|
+
if (["json", "jsonl", "ndjson"].includes(extension))
|
|
2311
|
+
return "json";
|
|
2312
|
+
if (["txt", "log", "md", "markdown", "csv", "tsv", "xml", "html", "htm", "yaml", "yml"].includes(extension)) {
|
|
2313
|
+
return "text";
|
|
2314
|
+
}
|
|
2315
|
+
if (["png", "jpg", "jpeg", "gif", "webp", "avif", "bmp", "tif", "tiff", "svg"].includes(extension)) {
|
|
2316
|
+
return "image";
|
|
2317
|
+
}
|
|
2318
|
+
if (["mp3", "wav", "flac", "m4a", "aac", "ogg", "oga", "opus"].includes(extension))
|
|
2319
|
+
return "audio";
|
|
2320
|
+
if (["mp4", "mov", "m4v", "webm", "mkv", "avi"].includes(extension))
|
|
2321
|
+
return "video";
|
|
2322
|
+
if (extension === "pdf")
|
|
2323
|
+
return "pdf";
|
|
2324
|
+
if (["zip", "tar", "tgz", "gz", "bz2", "xz", "7z", "rar", "zst"].includes(extension))
|
|
2325
|
+
return "archive";
|
|
2326
|
+
if (["bin", "exe", "dll", "so", "dylib", "dmg", "iso"].includes(extension))
|
|
2327
|
+
return "binary";
|
|
2328
|
+
return "unknown";
|
|
2329
|
+
}
|
|
2330
|
+
function normalizeOutputLinkExpiresIn(input = "1h") {
|
|
2331
|
+
if (typeof input === "number") {
|
|
2332
|
+
if (!Number.isFinite(input) || input <= 0) {
|
|
2333
|
+
throw new RunStateError("outputLink: expiresIn must be a positive number of seconds", {
|
|
2334
|
+
expiresIn: input
|
|
2335
|
+
});
|
|
2336
|
+
}
|
|
2337
|
+
return Math.floor(input);
|
|
2338
|
+
}
|
|
2339
|
+
if (input === "15m")
|
|
2340
|
+
return 15 * 60;
|
|
2341
|
+
if (input === "1h")
|
|
2342
|
+
return 60 * 60;
|
|
2343
|
+
if (input === "1d")
|
|
2344
|
+
return 24 * 60 * 60;
|
|
2345
|
+
throw new RunStateError('outputLink: expiresIn must be seconds, "15m", "1h", or "1d"', {
|
|
2346
|
+
expiresIn: input
|
|
2347
|
+
});
|
|
2348
|
+
}
|
|
2349
|
+
async function resolveOutputLinkTarget(http, runId, selectorOrQuery) {
|
|
2350
|
+
if (typeof selectorOrQuery === "string") {
|
|
2351
|
+
if (selectorOrQuery.length === 0) {
|
|
2352
|
+
throw new RunStateError("outputLink: selector must include an output id or query", { runId });
|
|
2353
|
+
}
|
|
2354
|
+
return { id: selectorOrQuery };
|
|
2355
|
+
}
|
|
2356
|
+
if (hasOutputId(selectorOrQuery)) {
|
|
2357
|
+
if (selectorOrQuery.id.length === 0) {
|
|
2358
|
+
throw new RunStateError("outputLink: selector must include an output id or query", { runId });
|
|
2359
|
+
}
|
|
2360
|
+
return selectorOrQuery;
|
|
2361
|
+
}
|
|
2362
|
+
if (isPathSelector(selectorOrQuery) && selectorOrQuery.match === "suffix") {
|
|
2363
|
+
return resolveOutputFileSelector(await listOutputs(http, runId), selectorOrQuery, runId);
|
|
2364
|
+
}
|
|
2365
|
+
const match = await findOutput(http, runId, selectorOrQuery);
|
|
2366
|
+
if (match)
|
|
2367
|
+
return match;
|
|
2368
|
+
throw new RunStateError("outputLink: output query matched no files", { runId });
|
|
2369
|
+
}
|
|
2370
|
+
function outputMatchesQuery(output, query) {
|
|
2371
|
+
const normalizedPath = typeof output.filename === "string" ? normalizeOutputQueryPath(output.filename) : "";
|
|
2372
|
+
if (query.path !== void 0 && normalizedPath !== normalizeOutputQueryPath(query.path)) {
|
|
2373
|
+
return false;
|
|
2374
|
+
}
|
|
2375
|
+
if (query.filename !== void 0) {
|
|
2376
|
+
const basename2 = basenameOf(normalizedPath);
|
|
2377
|
+
if (typeof query.filename === "string") {
|
|
2378
|
+
if (basename2 !== query.filename)
|
|
2379
|
+
return false;
|
|
2380
|
+
} else {
|
|
2381
|
+
query.filename.lastIndex = 0;
|
|
2382
|
+
if (!query.filename.test(basename2))
|
|
2383
|
+
return false;
|
|
2384
|
+
}
|
|
2385
|
+
}
|
|
2386
|
+
if (query.dir !== void 0 && !directoryMatches(normalizedPath, query.dir, query.recursive ?? true)) {
|
|
2387
|
+
return false;
|
|
2388
|
+
}
|
|
2389
|
+
if (query.extension !== void 0 && extensionOf(normalizedPath) !== normalizeExtension(query.extension)) {
|
|
2390
|
+
return false;
|
|
2391
|
+
}
|
|
2392
|
+
if (query.contentType !== void 0 && !contentTypeMatches(output.contentType, query.contentType)) {
|
|
2393
|
+
return false;
|
|
2394
|
+
}
|
|
2395
|
+
if (query.type !== void 0 && classifyOutput(output) !== query.type) {
|
|
2396
|
+
return false;
|
|
2397
|
+
}
|
|
2398
|
+
return true;
|
|
2399
|
+
}
|
|
2400
|
+
function hasOutputId(value) {
|
|
2401
|
+
return Boolean(value && typeof value === "object" && "id" in value && typeof value.id === "string");
|
|
2402
|
+
}
|
|
2403
|
+
function normalizeOutputQueryPath(path) {
|
|
2404
|
+
let normalized = path.replace(/\\/g, "/").replace(/^\/+/, "");
|
|
2405
|
+
while (normalized === "outputs" || normalized.startsWith("outputs/")) {
|
|
2406
|
+
normalized = normalized === "outputs" ? "" : normalized.slice("outputs/".length);
|
|
2407
|
+
}
|
|
2408
|
+
return normalized.replace(/\/+$/, "");
|
|
2409
|
+
}
|
|
2410
|
+
function basenameOf(path) {
|
|
2411
|
+
return path.split("/").filter(Boolean).pop() ?? "";
|
|
2412
|
+
}
|
|
2413
|
+
function directoryMatches(path, dir, recursive) {
|
|
2414
|
+
const normalizedDir = normalizeOutputQueryPath(dir);
|
|
2415
|
+
if (normalizedDir.length === 0)
|
|
2416
|
+
return true;
|
|
2417
|
+
const prefix = `${normalizedDir}/`;
|
|
2418
|
+
if (!path.startsWith(prefix))
|
|
2419
|
+
return false;
|
|
2420
|
+
const remainder = path.slice(prefix.length);
|
|
2421
|
+
return remainder.length > 0 && (recursive || !remainder.includes("/"));
|
|
2422
|
+
}
|
|
2423
|
+
function normalizeExtension(extension) {
|
|
2424
|
+
return extension.replace(/^\.+/, "").toLowerCase();
|
|
2425
|
+
}
|
|
2426
|
+
function extensionOf(path) {
|
|
2427
|
+
if (!path)
|
|
2428
|
+
return "";
|
|
2429
|
+
const basename2 = basenameOf(normalizeOutputQueryPath(path));
|
|
2430
|
+
const index = basename2.lastIndexOf(".");
|
|
2431
|
+
return index > 0 && index < basename2.length - 1 ? basename2.slice(index + 1).toLowerCase() : "";
|
|
2432
|
+
}
|
|
2433
|
+
function normalizeContentType(contentType) {
|
|
2434
|
+
return (contentType ?? "").split(";")[0].trim().toLowerCase();
|
|
2435
|
+
}
|
|
2436
|
+
function contentTypeMatches(actual, expected) {
|
|
2437
|
+
const normalizedActual = normalizeContentType(actual);
|
|
2438
|
+
const normalizedExpected = normalizeContentType(expected);
|
|
2439
|
+
if (!normalizedActual || !normalizedExpected)
|
|
2440
|
+
return false;
|
|
2441
|
+
if (normalizedExpected.endsWith("/*")) {
|
|
2442
|
+
return normalizedActual.startsWith(normalizedExpected.slice(0, -1));
|
|
2443
|
+
}
|
|
2444
|
+
return normalizedActual === normalizedExpected;
|
|
2445
|
+
}
|
|
2273
2446
|
async function download(http, runId) {
|
|
2274
2447
|
const [run, events, outputs] = await Promise.all([
|
|
2275
2448
|
getRun(http, runId),
|
|
@@ -2558,8 +2731,8 @@ async function getSecret(http, name) {
|
|
|
2558
2731
|
const result = await http.request(`/api/secrets/${encodeURIComponent(name)}`);
|
|
2559
2732
|
return unwrapSecret(result);
|
|
2560
2733
|
}
|
|
2561
|
-
async function
|
|
2562
|
-
return http.request(`/api/secrets/${encodeURIComponent(name)}/
|
|
2734
|
+
async function getSecretValue(http, name) {
|
|
2735
|
+
return http.request(`/api/secrets/${encodeURIComponent(name)}/get_value`, {
|
|
2563
2736
|
method: "POST"
|
|
2564
2737
|
});
|
|
2565
2738
|
}
|
|
@@ -3498,6 +3671,7 @@ async function runRunCmd(io2, argv) {
|
|
|
3498
3671
|
agentsMd: [],
|
|
3499
3672
|
files: [],
|
|
3500
3673
|
mcpServers: mcpServersForSubmission,
|
|
3674
|
+
tools: [],
|
|
3501
3675
|
...runConfig.environment ? { environment: runConfig.environment } : {},
|
|
3502
3676
|
...runConfig.metadata ? { metadata: runConfig.metadata } : {}
|
|
3503
3677
|
};
|
package/dist/cli.mjs.sha256
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
1b28b0b2c5ae5867dad0581510c232cf2cf956226db8efc20e66d97549a0d3b0 cli.mjs
|
package/dist/client.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { HttpClient, SecretString, type AexEvent, type AgentsMdRecord, type CredentialMode, type DebugSink, type FetchLike, type FileRecord, type Output, type OutputMode, type PlatformEnvironmentInput, type PlatformSubmission, type PlatformInlineSecrets, type PlatformProxyEndpoint, type PlatformProxyEndpointAuth, type PlatformPostHookInput, type Run, type RunModel, type RunEvent, type RunProvider, type SecretRecord, type SecretReveal, type RunUnit, type Builtin, type RuntimeSize, type RuntimeKind, type
|
|
1
|
+
import { HttpClient, SecretString, type AexEvent, type AgentsMdRecord, type CredentialMode, type DebugSink, type FetchLike, type FileRecord, type Output, type OutputFileType, type OutputLink, type OutputLinkOptions, type OutputQuery, type OutputMode, type PlatformEnvironmentInput, type PlatformSubmission, type PlatformInlineSecrets, type PlatformProxyEndpoint, type PlatformProxyEndpointAuth, type PlatformPostHookInput, type Run, type RunModel, type RunEvent, type RunProvider, type SecretRecord, type SecretReveal, type RunUnit, type Builtin, type RuntimeSize, type RuntimeKind, type Skill as SkillRecord, type WhoAmI } from "./_contracts/index.js";
|
|
2
2
|
import { AgentsMd } from "./agents-md.js";
|
|
3
3
|
import { type UploadedAsset } from "./asset-upload.js";
|
|
4
4
|
import { File } from "./file.js";
|
|
@@ -6,6 +6,7 @@ import { McpServer } from "./mcp-server.js";
|
|
|
6
6
|
import { ProxyEndpoint } from "./proxy-endpoint.js";
|
|
7
7
|
import { Secret } from "./secret.js";
|
|
8
8
|
import { Skill } from "./skill.js";
|
|
9
|
+
import { Tool } from "./tool.js";
|
|
9
10
|
export interface AgentExecutorOptions {
|
|
10
11
|
/** Workspace-scoped SDK API token. */
|
|
11
12
|
readonly apiToken: string;
|
|
@@ -50,8 +51,6 @@ export interface SubmitOptions {
|
|
|
50
51
|
/**
|
|
51
52
|
* Credential source for upstream provider access. Omitted defaults to
|
|
52
53
|
* `"byok"`, which requires `secrets.apiKey`.
|
|
53
|
-
* `"managed"` is reserved for paid managed-key mode and currently fails
|
|
54
|
-
* closed until the hosted private implementation is wired.
|
|
55
54
|
*/
|
|
56
55
|
readonly credentialMode?: CredentialMode;
|
|
57
56
|
/**
|
|
@@ -83,6 +82,7 @@ export interface SubmitOptions {
|
|
|
83
82
|
readonly system?: string;
|
|
84
83
|
readonly prompt: string | readonly string[];
|
|
85
84
|
readonly skills?: readonly Skill[];
|
|
85
|
+
readonly tools?: readonly Tool[];
|
|
86
86
|
readonly agentsMd?: readonly AgentsMd[];
|
|
87
87
|
readonly files?: readonly File[];
|
|
88
88
|
readonly mcpServers?: readonly McpServer[];
|
|
@@ -137,19 +137,17 @@ export interface SubmitOptions {
|
|
|
137
137
|
readonly maxFiles?: number;
|
|
138
138
|
};
|
|
139
139
|
/**
|
|
140
|
-
* Override the managed runtime
|
|
140
|
+
* Override the managed runtime builtins enabled inside the runner.
|
|
141
141
|
* Each entry is one of the closed {@link Builtin} set — prefer the
|
|
142
142
|
* {@link Builtins} symbol const so a typo is a compile error.
|
|
143
143
|
*
|
|
144
|
-
* - Omitted (default): the runner enables `
|
|
145
|
-
*
|
|
146
|
-
*
|
|
147
|
-
* - Empty array: the agent runs with zero
|
|
148
|
-
*
|
|
149
|
-
*
|
|
150
|
-
*
|
|
151
|
-
* `[Builtins.DEVELOPER, Builtins.COMPUTER_CONTROLLER]` to add
|
|
152
|
-
* web fetch/scrape alongside the default shell/edit toolkit.
|
|
144
|
+
* - Omitted (default): the runner enables `DEFAULT_BUILTINS`
|
|
145
|
+
* (`web_search`, `web_fetch`, `read`, `edit`, `glob`, `grep`, `head`,
|
|
146
|
+
* `tail`).
|
|
147
|
+
* - Empty array: the agent runs with zero builtins — useful for pure-MCP
|
|
148
|
+
* setups where every tool comes from a submitted `mcpServers` entry.
|
|
149
|
+
* - Custom list: narrows or extends the surface, e.g.
|
|
150
|
+
* `[Builtins.WEB_SEARCH, Builtins.NOTEBOOK]`.
|
|
153
151
|
*
|
|
154
152
|
* Validation: each entry must be a member of {@link Builtins}, max 16
|
|
155
153
|
* entries, deduplicated server-side.
|
|
@@ -211,6 +209,7 @@ export interface OutputFileIdSelector {
|
|
|
211
209
|
readonly id: string;
|
|
212
210
|
}
|
|
213
211
|
export type OutputFileSelector = Output | OutputFileIdSelector | OutputFilePathSelector;
|
|
212
|
+
export type OutputLinkSelector = string | OutputFileSelector | OutputQuery;
|
|
214
213
|
export interface OutputDownloadOptions {
|
|
215
214
|
readonly to?: string;
|
|
216
215
|
}
|
|
@@ -317,11 +316,11 @@ export declare class FilesClient {
|
|
|
317
316
|
* Lifecycle parity with assets/skills: a `Secret.value(...)` is per-run and
|
|
318
317
|
* gone at terminal; `set` (or promoting an ephemeral via `secret.upload`)
|
|
319
318
|
* persists a named, searchable workspace secret you can `get` (metadata),
|
|
320
|
-
* `
|
|
319
|
+
* `get_value` (audited value), `rotate`, `list`, and `delete`. The identity is the
|
|
321
320
|
* `name`; the value rotates under that stable name.
|
|
322
321
|
*
|
|
323
322
|
* Values are write-only: `set`/`rotate` send the value in the request BODY (never
|
|
324
|
-
* the URL); `get`/`list` return metadata only; `
|
|
323
|
+
* the URL); `get`/`list` return metadata only; `get_value` is the explicit audited
|
|
325
324
|
* value read.
|
|
326
325
|
*/
|
|
327
326
|
export declare class SecretsClient {
|
|
@@ -336,8 +335,8 @@ export declare class SecretsClient {
|
|
|
336
335
|
list(): Promise<readonly SecretRecord[]>;
|
|
337
336
|
/** Metadata for one workspace secret by name. Never returns the value. */
|
|
338
337
|
get(name: string): Promise<SecretRecord>;
|
|
339
|
-
/** Audited value read — the
|
|
340
|
-
|
|
338
|
+
/** Audited value read — the preferred path that returns a workspace secret value. */
|
|
339
|
+
get_value(name: string): Promise<SecretReveal>;
|
|
341
340
|
/** Replace the value of an existing workspace secret; bumps its version. */
|
|
342
341
|
rotate(args: {
|
|
343
342
|
readonly name: string;
|
|
@@ -503,10 +502,15 @@ export declare class AgentExecutor {
|
|
|
503
502
|
waitForRun(runId: string, options?: WaitForRunOptions): Promise<Run>;
|
|
504
503
|
/** Short alias for `waitForRun`. */
|
|
505
504
|
wait(runId: string, options?: WaitForRunOptions): Promise<Run>;
|
|
506
|
-
listOutputs(runId: string): Promise<readonly Output[]>;
|
|
505
|
+
listOutputs(runId: string, query?: OutputQuery): Promise<readonly Output[]>;
|
|
507
506
|
/** Short alias for `listOutputs`. */
|
|
508
|
-
outputs(runId: string): Promise<readonly Output[]>;
|
|
509
|
-
|
|
507
|
+
outputs(runId: string, query?: OutputQuery): Promise<readonly Output[]>;
|
|
508
|
+
findOutputs(runId: string, query: OutputQuery): Promise<readonly Output[]>;
|
|
509
|
+
findOutput(runId: string, query: OutputQuery): Promise<Output | null>;
|
|
510
|
+
outputLink(runId: string, selectorOrQuery: OutputLinkSelector, options?: OutputLinkOptions): Promise<OutputLink>;
|
|
511
|
+
createOutputLink(runId: string, selectorOrQuery: OutputLinkSelector, options?: OutputLinkOptions): Promise<OutputLink>;
|
|
512
|
+
fetchOutput(runId: string, selectorOrQuery: OutputLinkSelector, options?: OutputLinkOptions): Promise<Response>;
|
|
513
|
+
eventArchiveLink(runId: string, options?: OutputLinkOptions): Promise<OutputLink>;
|
|
510
514
|
/**
|
|
511
515
|
* Download captured deliverables. Omit `selector` to receive the full
|
|
512
516
|
* outputs namespace as a zip; pass an id, Output object, or path selector
|
|
@@ -544,4 +548,4 @@ export declare class AgentExecutor {
|
|
|
544
548
|
/** Download only the run record (the `metadata` namespace) as a zip. */
|
|
545
549
|
downloadMetadata(runId: string, options?: OutputDownloadOptions): Promise<Uint8Array>;
|
|
546
550
|
}
|
|
547
|
-
export type { PlatformProxyEndpoint, PlatformProxyEndpointAuth };
|
|
551
|
+
export type { OutputFileType, OutputLink, OutputLinkOptions, OutputQuery, PlatformProxyEndpoint, PlatformProxyEndpointAuth };
|