@aexhq/sdk 0.26.4 → 0.27.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/_contracts/operations.d.ts +25 -1
- package/dist/_contracts/operations.js +115 -0
- package/dist/_contracts/run-custody.js +1 -1
- package/dist/_contracts/runtime-types.d.ts +67 -0
- package/dist/_contracts/side-effect-audit.js +1 -1
- package/dist/_contracts/submission.d.ts +98 -66
- package/dist/_contracts/submission.js +162 -105
- package/dist/cli.mjs +109 -10
- package/dist/cli.mjs.sha256 +1 -1
- package/dist/client.d.ts +47 -21
- package/dist/client.js +60 -9
- package/dist/client.js.map +1 -1
- package/dist/data-tools.d.ts +56 -0
- package/dist/data-tools.js +149 -0
- package/dist/data-tools.js.map +1 -0
- package/dist/index.d.ts +5 -3
- package/dist/index.js +9 -5
- package/dist/index.js.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/docs/concepts/agent-tools.md +45 -30
- package/docs/credentials.md +21 -3
- package/docs/run-config.md +1 -1
- package/package.json +10 -6
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { HttpClient } from "./http.js";
|
|
2
2
|
import type { RunUnit } from "./run-unit.js";
|
|
3
|
-
import type { AgentsMdRecord, FileRecord, Output, OutputLink, OutputLinkOptions, OutputFileDownload, OutputFileSelector, OutputFileType, OutputQuery, Run, RunEvent, RunWebhookDelivery, SecretRecord, SecretReveal, Skill, WhoAmI } from "./runtime-types.js";
|
|
3
|
+
import type { AgentsMdRecord, FileRecord, Output, OutputLink, OutputLinkOptions, OutputFileDownload, OutputFileSelector, OutputFileType, OutputQuery, OutputText, ReadOutputTextOptions, Run, RunEvent, RunListPage, RunListQuery, RunWebhookDelivery, SecretRecord, SecretReveal, Skill, WhoAmI } from "./runtime-types.js";
|
|
4
4
|
import type { PlatformRunSubmissionInput } from "./submission.js";
|
|
5
5
|
/**
|
|
6
6
|
* The single source of truth for SDK<->BFF transport. The SDK class
|
|
@@ -27,6 +27,16 @@ export declare function getRun(http: HttpClient, runId: string): Promise<Run>;
|
|
|
27
27
|
* stays for callers that only need the loose record.
|
|
28
28
|
*/
|
|
29
29
|
export declare function getRunUnit(http: HttpClient, runId: string): Promise<RunUnit>;
|
|
30
|
+
/**
|
|
31
|
+
* List the runs in the token's workspace, most-recent first, one page at a time.
|
|
32
|
+
* Backed by `GET /api/runs` (workspace-token gated; the bare collection path, NOT
|
|
33
|
+
* the run-keyed `GET /api/runs/:runId`). The server clamps `limit` to [1, 100] and
|
|
34
|
+
* returns an opaque `nextCursor` for the next page (absent on the last page).
|
|
35
|
+
*
|
|
36
|
+
* Returns public-safe {@link RunSummary} rows only — never the submission snapshot.
|
|
37
|
+
* For a single page; callers wanting every run loop on `nextCursor` themselves.
|
|
38
|
+
*/
|
|
39
|
+
export declare function listRuns(http: HttpClient, query?: RunListQuery): Promise<RunListPage>;
|
|
30
40
|
/**
|
|
31
41
|
* List a run's events. The read endpoint is PAGED (bounded per response so a
|
|
32
42
|
* long run can't return an unbounded body); this follows `nextCursor` across
|
|
@@ -56,6 +66,20 @@ export declare function createOutputLink(http: HttpClient, runId: string, select
|
|
|
56
66
|
export declare function eventArchiveLink(http: HttpClient, runId: string, options?: OutputLinkOptions): Promise<OutputLink>;
|
|
57
67
|
export declare function resolveOutputFileSelector(outputs: readonly Output[], selector: OutputFileSelector, runId?: string): Output;
|
|
58
68
|
export declare function downloadOutput(http: HttpClient, runId: string, selector: OutputFileSelector): Promise<OutputFileDownload>;
|
|
69
|
+
/** Byte ceiling for {@link readOutputText} — a hard cap even if a caller asks for more. */
|
|
70
|
+
export declare const READ_OUTPUT_TEXT_MAX_BYTES = 10000000;
|
|
71
|
+
/** Default `maxBytes` for {@link readOutputText} — a chat-sized preview. */
|
|
72
|
+
export declare const READ_OUTPUT_TEXT_DEFAULT_BYTES = 50000;
|
|
73
|
+
/**
|
|
74
|
+
* Read ONE output file as byte-capped, decoded UTF-8 text. Built for handing a run
|
|
75
|
+
* deliverable to an LLM tool: it streams the file body and STOPS at `maxBytes`, so
|
|
76
|
+
* a 200 MB artifact never fully buffers in memory or context. `truncated` is true
|
|
77
|
+
* when the file is larger than the cap. Optionally `grep` keeps only matching lines.
|
|
78
|
+
*
|
|
79
|
+
* Selector is the same `{ path }` / `{ id }` shape as `downloadOutput`. A path
|
|
80
|
+
* selector lists the run's outputs to resolve the id; an id selector skips that.
|
|
81
|
+
*/
|
|
82
|
+
export declare function readOutputText(http: HttpClient, runId: string, selector: OutputFileSelector, options?: ReadOutputTextOptions): Promise<OutputText>;
|
|
59
83
|
export declare function cancelRun(http: HttpClient, runId: string): Promise<void>;
|
|
60
84
|
export declare function deleteRun(http: HttpClient, runId: string): Promise<void>;
|
|
61
85
|
/**
|
|
@@ -31,6 +31,27 @@ export async function getRun(http, runId) {
|
|
|
31
31
|
export async function getRunUnit(http, runId) {
|
|
32
32
|
return http.request(`/api/runs/${encodeURIComponent(runId)}`);
|
|
33
33
|
}
|
|
34
|
+
/**
|
|
35
|
+
* List the runs in the token's workspace, most-recent first, one page at a time.
|
|
36
|
+
* Backed by `GET /api/runs` (workspace-token gated; the bare collection path, NOT
|
|
37
|
+
* the run-keyed `GET /api/runs/:runId`). The server clamps `limit` to [1, 100] and
|
|
38
|
+
* returns an opaque `nextCursor` for the next page (absent on the last page).
|
|
39
|
+
*
|
|
40
|
+
* Returns public-safe {@link RunSummary} rows only — never the submission snapshot.
|
|
41
|
+
* For a single page; callers wanting every run loop on `nextCursor` themselves.
|
|
42
|
+
*/
|
|
43
|
+
export async function listRuns(http, query) {
|
|
44
|
+
const params = {};
|
|
45
|
+
if (query?.status !== undefined)
|
|
46
|
+
params.status = query.status;
|
|
47
|
+
if (query?.since !== undefined)
|
|
48
|
+
params.since = query.since;
|
|
49
|
+
if (query?.limit !== undefined)
|
|
50
|
+
params.limit = String(query.limit);
|
|
51
|
+
if (query?.cursor !== undefined)
|
|
52
|
+
params.cursor = query.cursor;
|
|
53
|
+
return http.request("/api/runs", {}, params);
|
|
54
|
+
}
|
|
34
55
|
// Bound the transparent pager: the read route caps each page at 1000, so this
|
|
35
56
|
// admits up to ~1e6 events before bailing — past any real run, but bounded so a
|
|
36
57
|
// server that never clears `nextCursor` can't loop forever.
|
|
@@ -146,6 +167,100 @@ export async function downloadOutput(http, runId, selector) {
|
|
|
146
167
|
const { response } = await http.download(`/api/runs/${encodeURIComponent(runId)}/outputs/${encodeURIComponent(output.id)}/download`);
|
|
147
168
|
return { output, bytes: new Uint8Array(await response.arrayBuffer()) };
|
|
148
169
|
}
|
|
170
|
+
/** Byte ceiling for {@link readOutputText} — a hard cap even if a caller asks for more. */
|
|
171
|
+
export const READ_OUTPUT_TEXT_MAX_BYTES = 10_000_000;
|
|
172
|
+
/** Default `maxBytes` for {@link readOutputText} — a chat-sized preview. */
|
|
173
|
+
export const READ_OUTPUT_TEXT_DEFAULT_BYTES = 50_000;
|
|
174
|
+
/**
|
|
175
|
+
* Read ONE output file as byte-capped, decoded UTF-8 text. Built for handing a run
|
|
176
|
+
* deliverable to an LLM tool: it streams the file body and STOPS at `maxBytes`, so
|
|
177
|
+
* a 200 MB artifact never fully buffers in memory or context. `truncated` is true
|
|
178
|
+
* when the file is larger than the cap. Optionally `grep` keeps only matching lines.
|
|
179
|
+
*
|
|
180
|
+
* Selector is the same `{ path }` / `{ id }` shape as `downloadOutput`. A path
|
|
181
|
+
* selector lists the run's outputs to resolve the id; an id selector skips that.
|
|
182
|
+
*/
|
|
183
|
+
export async function readOutputText(http, runId, selector, options) {
|
|
184
|
+
const maxBytes = Math.max(1, Math.min(options?.maxBytes ?? READ_OUTPUT_TEXT_DEFAULT_BYTES, READ_OUTPUT_TEXT_MAX_BYTES));
|
|
185
|
+
const output = isPathSelector(selector)
|
|
186
|
+
? resolveOutputFileSelector(await listOutputs(http, runId), selector, runId)
|
|
187
|
+
: resolveOutputFileSelector([], selector, runId);
|
|
188
|
+
const { response } = await http.download(`/api/runs/${encodeURIComponent(runId)}/outputs/${encodeURIComponent(output.id)}/download`);
|
|
189
|
+
const capped = await readCappedText(response, maxBytes);
|
|
190
|
+
const text = options?.grep === undefined ? capped.text : grepLines(capped.text, options.grep);
|
|
191
|
+
return { output, text, truncated: capped.truncated, totalBytes: capped.totalBytes };
|
|
192
|
+
}
|
|
193
|
+
/**
|
|
194
|
+
* Read a streamed response body up to `maxBytes`, decode as UTF-8, and report
|
|
195
|
+
* whether the file was larger than the cap. Prefers the `content-length` header
|
|
196
|
+
* for `totalBytes`; falls back to the bytes actually read. Cancels the stream
|
|
197
|
+
* once the cap is reached so the remainder is never transferred.
|
|
198
|
+
*/
|
|
199
|
+
async function readCappedText(response, maxBytes) {
|
|
200
|
+
const declaredRaw = response.headers.get("content-length");
|
|
201
|
+
const declared = declaredRaw !== null && /^\d+$/.test(declaredRaw) ? Number(declaredRaw) : undefined;
|
|
202
|
+
const decoder = new TextDecoder("utf-8");
|
|
203
|
+
const body = response.body;
|
|
204
|
+
if (!body) {
|
|
205
|
+
// No streaming body (some fetch polyfills) — buffer, then slice to the cap.
|
|
206
|
+
const buf = new Uint8Array(await response.arrayBuffer());
|
|
207
|
+
const total = declared ?? buf.byteLength;
|
|
208
|
+
return {
|
|
209
|
+
text: decoder.decode(buf.subarray(0, maxBytes)),
|
|
210
|
+
truncated: buf.byteLength > maxBytes,
|
|
211
|
+
totalBytes: total
|
|
212
|
+
};
|
|
213
|
+
}
|
|
214
|
+
const reader = body.getReader();
|
|
215
|
+
const chunks = [];
|
|
216
|
+
let read = 0;
|
|
217
|
+
let sawMore = false;
|
|
218
|
+
try {
|
|
219
|
+
while (read < maxBytes) {
|
|
220
|
+
const { done, value } = await reader.read();
|
|
221
|
+
if (done)
|
|
222
|
+
break;
|
|
223
|
+
if (value && value.byteLength > 0) {
|
|
224
|
+
read += value.byteLength;
|
|
225
|
+
chunks.push(value);
|
|
226
|
+
}
|
|
227
|
+
}
|
|
228
|
+
if (read >= maxBytes) {
|
|
229
|
+
// We hit the cap; peek once more to learn whether bytes remain, then stop.
|
|
230
|
+
const next = await reader.read();
|
|
231
|
+
if (!next.done && next.value && next.value.byteLength > 0)
|
|
232
|
+
sawMore = true;
|
|
233
|
+
}
|
|
234
|
+
}
|
|
235
|
+
finally {
|
|
236
|
+
await reader.cancel().catch(() => { });
|
|
237
|
+
}
|
|
238
|
+
const merged = concatBytes(chunks).subarray(0, maxBytes);
|
|
239
|
+
const truncated = declared !== undefined ? declared > maxBytes : sawMore;
|
|
240
|
+
const totalBytes = declared ?? read;
|
|
241
|
+
return { text: decoder.decode(merged), truncated, totalBytes };
|
|
242
|
+
}
|
|
243
|
+
function concatBytes(chunks) {
|
|
244
|
+
if (chunks.length === 1)
|
|
245
|
+
return chunks[0];
|
|
246
|
+
const total = chunks.reduce((n, c) => n + c.byteLength, 0);
|
|
247
|
+
const out = new Uint8Array(total);
|
|
248
|
+
let offset = 0;
|
|
249
|
+
for (const c of chunks) {
|
|
250
|
+
out.set(c, offset);
|
|
251
|
+
offset += c.byteLength;
|
|
252
|
+
}
|
|
253
|
+
return out;
|
|
254
|
+
}
|
|
255
|
+
function grepLines(text, pattern) {
|
|
256
|
+
const test = typeof pattern === "string"
|
|
257
|
+
? (line) => line.toLowerCase().includes(pattern.toLowerCase())
|
|
258
|
+
: (line) => pattern.test(line);
|
|
259
|
+
return text
|
|
260
|
+
.split("\n")
|
|
261
|
+
.filter((line) => test(line))
|
|
262
|
+
.join("\n");
|
|
263
|
+
}
|
|
149
264
|
export async function cancelRun(http, runId) {
|
|
150
265
|
await http.request(`/api/runs/${encodeURIComponent(runId)}/cancel`, { method: "POST" });
|
|
151
266
|
}
|
|
@@ -452,7 +452,7 @@ function highEntropyShannonBits(value) {
|
|
|
452
452
|
return bits;
|
|
453
453
|
}
|
|
454
454
|
function isForbiddenCustodyFieldName(key) {
|
|
455
|
-
return /^(apiKey|secretValue|bearerHash|signedUrl|objectStoreKey|objectKey|vaultId|providerResponseBody|responseBody|privateResourceHandle|resourceHandle|rawBody)$/i.test(key);
|
|
455
|
+
return /^(apiKey|apiKeys|secretValue|bearerHash|signedUrl|objectStoreKey|objectKey|vaultId|providerResponseBody|responseBody|privateResourceHandle|resourceHandle|rawBody)$/i.test(key);
|
|
456
456
|
}
|
|
457
457
|
function assertSafeIdentifier(value, field) {
|
|
458
458
|
assertNonEmptyString(value, field);
|
|
@@ -45,6 +45,40 @@ export interface UsageSummary {
|
|
|
45
45
|
readonly cacheCreationInputTokens?: number;
|
|
46
46
|
readonly totalTokens?: number;
|
|
47
47
|
}
|
|
48
|
+
/**
|
|
49
|
+
* Filters for {@link import("./operations.js").listRuns} / `AgentExecutor.listRuns`.
|
|
50
|
+
* Every field is optional; omitting all of them lists the most recent runs in the
|
|
51
|
+
* token's workspace. Workspace identity is derived server-side from the API token,
|
|
52
|
+
* so there is no `workspaceId` here — a token can only ever enumerate its own runs.
|
|
53
|
+
*/
|
|
54
|
+
export interface RunListQuery {
|
|
55
|
+
/** Restrict to a single run status, e.g. `"succeeded"`. */
|
|
56
|
+
readonly status?: string;
|
|
57
|
+
/** ISO-8601 lower bound on `createdAt` (inclusive). */
|
|
58
|
+
readonly since?: string;
|
|
59
|
+
/** Page size. Defaults to 25, clamped server-side to [1, 100]. */
|
|
60
|
+
readonly limit?: number;
|
|
61
|
+
/** Opaque keyset cursor from a prior page's `nextCursor`. */
|
|
62
|
+
readonly cursor?: string;
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* A public-safe run summary as returned by `GET /api/runs` (the workspace run
|
|
66
|
+
* list). DELIBERATELY omits the submission snapshot (model/prompt/env) — the full,
|
|
67
|
+
* redaction-scanned submission is only reachable through `getRunUnit(runId)`.
|
|
68
|
+
*/
|
|
69
|
+
export interface RunSummary {
|
|
70
|
+
readonly id: string;
|
|
71
|
+
readonly status: string;
|
|
72
|
+
readonly createdAt: string;
|
|
73
|
+
readonly updatedAt: string;
|
|
74
|
+
/** Settled showback estimate (USD), present once the run has cost telemetry. */
|
|
75
|
+
readonly costUsd?: number;
|
|
76
|
+
}
|
|
77
|
+
/** One page of the workspace run list. `nextCursor` absent ⇒ last page. */
|
|
78
|
+
export interface RunListPage {
|
|
79
|
+
readonly runs: readonly RunSummary[];
|
|
80
|
+
readonly nextCursor?: string;
|
|
81
|
+
}
|
|
48
82
|
/**
|
|
49
83
|
* A run event as recorded by the dashboard. Includes the `type` field
|
|
50
84
|
* that the `is*Event` type guards narrow on plus any provider payload.
|
|
@@ -150,6 +184,39 @@ export interface OutputFileDownload {
|
|
|
150
184
|
readonly output: Output;
|
|
151
185
|
readonly bytes: Uint8Array;
|
|
152
186
|
}
|
|
187
|
+
/** Options for `AgentExecutor.readOutputText` / {@link import("./operations.js").readOutputText}. */
|
|
188
|
+
export interface ReadOutputTextOptions {
|
|
189
|
+
/**
|
|
190
|
+
* Stop reading after this many bytes. Defaults to 50_000; clamped server-side
|
|
191
|
+
* of the SDK to [1, 10_000_000]. The read streams and cancels once the cap is
|
|
192
|
+
* reached, so the remainder of a large file is never transferred.
|
|
193
|
+
*/
|
|
194
|
+
readonly maxBytes?: number;
|
|
195
|
+
/**
|
|
196
|
+
* When set, return only the lines of the (capped) text matching this pattern.
|
|
197
|
+
* A string is matched literally (case-insensitive); a RegExp is used as given.
|
|
198
|
+
*/
|
|
199
|
+
readonly grep?: string | RegExp;
|
|
200
|
+
}
|
|
201
|
+
/**
|
|
202
|
+
* A byte-capped, decoded text read of one output file, as returned by
|
|
203
|
+
* `AgentExecutor.readOutputText`. Built for feeding run deliverables to an LLM
|
|
204
|
+
* without loading the whole (possibly very large) file into memory or context:
|
|
205
|
+
* the read streams and stops at `maxBytes`, so `text` is at most that many bytes
|
|
206
|
+
* decoded as UTF-8. Check {@link truncated} before treating `text` as complete.
|
|
207
|
+
*/
|
|
208
|
+
export interface OutputText {
|
|
209
|
+
readonly output: Output;
|
|
210
|
+
/** Decoded UTF-8, capped to the requested `maxBytes`. */
|
|
211
|
+
readonly text: string;
|
|
212
|
+
/** True when the file is larger than `maxBytes` (so `text` is a prefix). */
|
|
213
|
+
readonly truncated: boolean;
|
|
214
|
+
/**
|
|
215
|
+
* Full size of the file in bytes when the server reports it (`content-length`);
|
|
216
|
+
* otherwise the number of bytes actually read.
|
|
217
|
+
*/
|
|
218
|
+
readonly totalBytes: number;
|
|
219
|
+
}
|
|
153
220
|
export type OutputLinkExpiresIn = number | "15m" | "1h" | "1d";
|
|
154
221
|
export interface OutputLinkOptions {
|
|
155
222
|
/** Seconds or one of the documented presets. Defaults to `"1h"`. */
|
|
@@ -430,7 +430,7 @@ const forbiddenStringPatterns = Object.freeze([
|
|
|
430
430
|
{ reason: "high_entropy_token", regex: /\b(?=[A-Za-z0-9_-]{40,}\b)(?=.*[A-Za-z])(?=.*\d)[A-Za-z0-9_-]{40,}\b/ }
|
|
431
431
|
]);
|
|
432
432
|
function isForbiddenAuditFieldName(key) {
|
|
433
|
-
return /^(authorization|headers?|requestHeaders?|responseHeaders?|body|requestBody|responseBody|rawBody|prompt|url|rawUrl|href|query|queryString|path|rawPath|signedUrl|objectStoreKey|objectKey|vaultId|providerResponseBody|providerAccountId|providerDeployment|rateCard|rateCardVersion|margin|discount|calculator|reconciliation|resourceHandle|privateResourceHandle|bearerHash|tokenHash|apiKey|secretValue|sessionId|providerSessionId|agentId|customerId|endUserId|identity|email)$/i.test(key);
|
|
433
|
+
return /^(authorization|headers?|requestHeaders?|responseHeaders?|body|requestBody|responseBody|rawBody|prompt|url|rawUrl|href|query|queryString|path|rawPath|signedUrl|objectStoreKey|objectKey|vaultId|providerResponseBody|providerAccountId|providerDeployment|rateCard|rateCardVersion|margin|discount|calculator|reconciliation|resourceHandle|privateResourceHandle|bearerHash|tokenHash|apiKey|apiKeys|secretValue|sessionId|providerSessionId|agentId|customerId|endUserId|identity|email)$/i.test(key);
|
|
434
434
|
}
|
|
435
435
|
function assertSafeIdentifier(value, field) {
|
|
436
436
|
assertNonEmptyString(value, field);
|
|
@@ -212,14 +212,23 @@ export type PlatformProxyAuthValue = {
|
|
|
212
212
|
readonly value: string;
|
|
213
213
|
};
|
|
214
214
|
/**
|
|
215
|
-
* Per-run inline secrets bundle. `
|
|
216
|
-
*
|
|
217
|
-
*
|
|
218
|
-
*
|
|
219
|
-
*
|
|
215
|
+
* Per-run inline secrets bundle. `apiKeys` holds the BYOK provider keys, keyed
|
|
216
|
+
* by {@link RunProvider}. A run REQUIRES a key for its own `provider`; it MAY
|
|
217
|
+
* carry keys for additional providers so a subagent spawned with a
|
|
218
|
+
* different-family model inherits them server-side from the vault (the keys
|
|
219
|
+
* never transit the container). `mcpServers` and `proxyEndpointAuth` are
|
|
220
|
+
* cross-provider (an MCP credential is the same secret whichever model is
|
|
221
|
+
* driving the MCP client).
|
|
220
222
|
*/
|
|
221
223
|
export interface PlatformInlineSecrets {
|
|
224
|
+
/**
|
|
225
|
+
* Deprecated compatibility field: the BYOK key for the run's selected
|
|
226
|
+
* provider. New multi-provider callers should use `apiKeys`, but the parser
|
|
227
|
+
* still accepts and preserves this flat field so existing SDK/CLI callers
|
|
228
|
+
* continue to work.
|
|
229
|
+
*/
|
|
222
230
|
readonly apiKey?: string;
|
|
231
|
+
readonly apiKeys?: Partial<Record<RunProvider, string>>;
|
|
223
232
|
readonly mcpServers?: readonly PlatformMcpServerSecret[];
|
|
224
233
|
readonly proxyEndpointAuth?: readonly PlatformProxyEndpointAuth[];
|
|
225
234
|
/**
|
|
@@ -345,23 +354,24 @@ export interface PlatformSubmission {
|
|
|
345
354
|
*/
|
|
346
355
|
readonly outputs?: PlatformOutputCaptureConfig;
|
|
347
356
|
/**
|
|
348
|
-
*
|
|
349
|
-
* runner container. Each entry is one of the closed {@link BUILTINS} set
|
|
350
|
-
* (prefer the {@link Builtins} symbol const).
|
|
357
|
+
* Whether to inject the standard builtin tool set ({@link DEFAULT_BUILTIN_TOOLS}).
|
|
351
358
|
*
|
|
352
|
-
*
|
|
353
|
-
*
|
|
354
|
-
* of all builtins for pure-MCP runs. Pass a custom list to narrow or extend
|
|
355
|
-
* the tool surface, for example `[Builtins.WEB_SEARCH, Builtins.NOTEBOOK]`.
|
|
359
|
+
* - omitted / `true` (default): inject the standard builtins.
|
|
360
|
+
* - `false`: inject NO builtins — useful for a pure-MCP / pure-custom run.
|
|
356
361
|
*
|
|
357
|
-
*
|
|
358
|
-
*
|
|
359
|
-
*
|
|
360
|
-
* - Deduplicated.
|
|
361
|
-
*
|
|
362
|
-
* The dispatcher accepts and persists it for snapshot fidelity.
|
|
362
|
+
* Cherry-pick individual builtins (e.g. opt the notebook in, or pick a narrow
|
|
363
|
+
* subset alongside `includeBuiltinTools: false`) by listing their names in
|
|
364
|
+
* `tools` (a bare-string builtin reference, prefer `BuiltinTools.<name>`).
|
|
363
365
|
*/
|
|
364
|
-
readonly
|
|
366
|
+
readonly includeBuiltinTools?: boolean;
|
|
367
|
+
/**
|
|
368
|
+
* Explicit builtin tool NAME references the caller listed in the wire `tools`
|
|
369
|
+
* union (the bare-string members), extracted at parse time. Each is a member
|
|
370
|
+
* of {@link BUILTIN_TOOL_NAMES}. Composed with {@link includeBuiltinTools} via
|
|
371
|
+
* {@link resolveBuiltinToolNames} to produce the run's final builtin tool set.
|
|
372
|
+
* `tools` itself carries only the custom tool bundles ({@link ToolRef}).
|
|
373
|
+
*/
|
|
374
|
+
readonly builtinTools?: readonly BuiltinToolName[];
|
|
365
375
|
/**
|
|
366
376
|
* Assistant-output granularity. `buffered` (the default) emits one event per
|
|
367
377
|
* assistant message; `stream` emits the agent's per-token text deltas as they
|
|
@@ -533,66 +543,88 @@ export declare function parseRuntimeKind(input: unknown): RuntimeKind | undefine
|
|
|
533
543
|
export declare function parseRunProvider(input: unknown): RunProvider;
|
|
534
544
|
/**
|
|
535
545
|
* Cross-check the supplied secrets bundle against the credential mode. BYOK
|
|
536
|
-
* requires `secrets.
|
|
537
|
-
*
|
|
546
|
+
* requires `secrets.apiKeys[provider]` (the key for the run's own `provider`).
|
|
547
|
+
* Additional provider keys are optional (validated for shape only) so the run
|
|
548
|
+
* can supply keys for the other providers its subagents may use. MCP / proxy
|
|
549
|
+
* endpoint auth carry across providers and are not checked here.
|
|
550
|
+
*
|
|
551
|
+
* A CHILD run (`inheritsFromParent`) is exempt from the own-key requirement: it
|
|
552
|
+
* inherits its provider keys server-side from the parent's vaulted bundle, so
|
|
553
|
+
* it need not carry any of its own. The server still verifies, at admission,
|
|
554
|
+
* that the parent actually holds a key for the child's provider.
|
|
538
555
|
*/
|
|
539
|
-
export declare function enforceCredentialSecretPolicy(credentialMode: CredentialMode, secrets: PlatformInlineSecrets
|
|
556
|
+
export declare function enforceCredentialSecretPolicy(credentialMode: CredentialMode, secrets: PlatformInlineSecrets, provider: RunProvider, opts?: {
|
|
557
|
+
readonly inheritsFromParent?: boolean;
|
|
558
|
+
}): void;
|
|
540
559
|
export declare function parseSubmission(input: unknown): PlatformSubmission;
|
|
541
560
|
/** Assistant-output granularity values. Buffered is the platform default. */
|
|
542
561
|
export declare const OUTPUT_MODES: readonly ["buffered", "stream"];
|
|
543
562
|
export type OutputMode = (typeof OUTPUT_MODES)[number];
|
|
544
563
|
export declare const DEFAULT_OUTPUT_MODE: OutputMode;
|
|
545
564
|
/**
|
|
546
|
-
*
|
|
547
|
-
*
|
|
548
|
-
*
|
|
565
|
+
* The CLOSED set of builtin tool NAMES the managed runtime can inject — one per
|
|
566
|
+
* machine tool the hands implement. This list is the single source of truth for
|
|
567
|
+
* validating builtin tool references; the platform's `HANDS_TOOLS` (the execute
|
|
568
|
+
* vocabulary) is pinned EQUAL to it at module load (`platform-runtime-agent`
|
|
569
|
+
* `assertNamesMatch`), so a rename on either side fails loudly rather than
|
|
570
|
+
* silently shipping a name the executors do not speak.
|
|
549
571
|
*
|
|
550
|
-
*
|
|
551
|
-
*
|
|
572
|
+
* Order mirrors `HANDS_TOOLS`. A builtin tool reference (a bare string in
|
|
573
|
+
* `submission.tools`) must be a member of this set.
|
|
552
574
|
*/
|
|
553
|
-
export declare const
|
|
554
|
-
export type
|
|
575
|
+
export declare const BUILTIN_TOOL_NAMES: readonly ["bash", "read_file", "write_file", "edit_file", "grep", "glob", "head", "tail", "todo_write", "subagent", "subagent_result", "web_fetch", "web_search", "notebook_edit", "bash_output", "bash_kill", "code_execution", "wait", "git"];
|
|
576
|
+
export type BuiltinToolName = (typeof BUILTIN_TOOL_NAMES)[number];
|
|
555
577
|
/**
|
|
556
|
-
*
|
|
557
|
-
*
|
|
578
|
+
* Typo-safe accessors for the closed builtin tool set: each key maps to the
|
|
579
|
+
* real tool NAME string. Reference a builtin in `submission.tools` via
|
|
580
|
+
* `BuiltinTools.notebook_edit` rather than the bare string so a rename is a
|
|
581
|
+
* compile error, not a runtime 400.
|
|
582
|
+
*
|
|
583
|
+
* Keys are the real tool names; a unit test asserts `Object.values(BuiltinTools)`
|
|
584
|
+
* deep-equals `BUILTIN_TOOL_NAMES` so the two can never drift.
|
|
558
585
|
*/
|
|
559
|
-
export declare const
|
|
586
|
+
export declare const BuiltinTools: {
|
|
587
|
+
readonly bash: "bash";
|
|
588
|
+
readonly read_file: "read_file";
|
|
589
|
+
readonly write_file: "write_file";
|
|
590
|
+
readonly edit_file: "edit_file";
|
|
591
|
+
readonly grep: "grep";
|
|
592
|
+
readonly glob: "glob";
|
|
593
|
+
readonly head: "head";
|
|
594
|
+
readonly tail: "tail";
|
|
595
|
+
readonly todo_write: "todo_write";
|
|
596
|
+
readonly subagent: "subagent";
|
|
597
|
+
readonly subagent_result: "subagent_result";
|
|
598
|
+
readonly web_fetch: "web_fetch";
|
|
599
|
+
readonly web_search: "web_search";
|
|
600
|
+
readonly notebook_edit: "notebook_edit";
|
|
601
|
+
readonly bash_output: "bash_output";
|
|
602
|
+
readonly bash_kill: "bash_kill";
|
|
603
|
+
readonly code_execution: "code_execution";
|
|
604
|
+
readonly wait: "wait";
|
|
605
|
+
readonly git: "git";
|
|
606
|
+
};
|
|
560
607
|
/**
|
|
561
|
-
*
|
|
562
|
-
* `
|
|
608
|
+
* The default builtin tool set injected when `includeBuiltinTools !== false`:
|
|
609
|
+
* every builtin tool EXCEPT `notebook_edit` (notebook editing stays opt-in —
|
|
610
|
+
* add `BuiltinTools.notebook_edit` to `tools` to enable it). Derived by
|
|
611
|
+
* filtering {@link BUILTIN_TOOL_NAMES} so it can never drift from the closed
|
|
612
|
+
* set.
|
|
563
613
|
*/
|
|
564
|
-
export declare const
|
|
565
|
-
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
|
|
577
|
-
|
|
578
|
-
readonly HEAD: "head";
|
|
579
|
-
/** Read the last lines of a file. Included in {@link DEFAULT_BUILTINS}. */
|
|
580
|
-
readonly TAIL: "tail";
|
|
581
|
-
/** Shell command execution. Included in {@link DEFAULT_BUILTINS}. */
|
|
582
|
-
readonly BASH: "bash";
|
|
583
|
-
/** Jupyter notebook editing. Optional; not in {@link DEFAULT_BUILTINS}. */
|
|
584
|
-
readonly NOTEBOOK: "notebook";
|
|
585
|
-
/** Legacy aggregate: shell/filesystem/navigation/web/notebook tools. */
|
|
586
|
-
readonly DEVELOPER: "developer";
|
|
587
|
-
/** Legacy aggregate alias retained for existing callers. */
|
|
588
|
-
readonly COMPUTER_CONTROLLER: "computercontroller";
|
|
589
|
-
/** Legacy aggregate alias retained for existing callers. */
|
|
590
|
-
readonly MEMORY: "memory";
|
|
591
|
-
/** Legacy aggregate alias retained for existing callers. */
|
|
592
|
-
readonly AUTOVISUALISER: "autovisualiser";
|
|
593
|
-
/** Legacy aggregate alias retained for existing callers. */
|
|
594
|
-
readonly TUTORIAL: "tutorial";
|
|
595
|
-
};
|
|
614
|
+
export declare const DEFAULT_BUILTIN_TOOLS: readonly BuiltinToolName[];
|
|
615
|
+
/**
|
|
616
|
+
* Resolve the set of builtin tool NAMES a submission injects, deduplicated and
|
|
617
|
+
* in {@link BUILTIN_TOOL_NAMES} order.
|
|
618
|
+
*
|
|
619
|
+
* - `includeBuiltinTools !== false` ⇒ start from {@link DEFAULT_BUILTIN_TOOLS}
|
|
620
|
+
* (the standard set); `false` ⇒ start from none (pure-MCP / pure-custom).
|
|
621
|
+
* - union in every builtin-name string the caller listed in `tools` (a
|
|
622
|
+
* cherry-pick, e.g. `BuiltinTools.notebook_edit` to opt the notebook in).
|
|
623
|
+
*
|
|
624
|
+
* Every `toolRefs` string MUST be a member of {@link BUILTIN_TOOL_NAMES}; the
|
|
625
|
+
* union is validated ⊆ the closed set so an invalid name can never leak through.
|
|
626
|
+
*/
|
|
627
|
+
export declare function resolveBuiltinToolNames(includeBuiltinTools: boolean | undefined, toolRefs?: readonly string[]): readonly BuiltinToolName[];
|
|
596
628
|
/**
|
|
597
629
|
* Codes emitted when a submission contains features the active runtime cannot
|
|
598
630
|
* serve. Code values are stable so dashboard / SDK error rendering can branch
|