@aexhq/sdk 0.30.0 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (69) hide show
  1. package/README.md +23 -9
  2. package/dist/_contracts/connection-ticket.d.ts +1 -1
  3. package/dist/_contracts/connection-ticket.js +1 -1
  4. package/dist/_contracts/event-envelope.d.ts +5 -8
  5. package/dist/_contracts/event-envelope.js +5 -6
  6. package/dist/_contracts/event-stream-client.d.ts +1 -1
  7. package/dist/_contracts/http.js +1 -1
  8. package/dist/_contracts/operations.d.ts +2 -47
  9. package/dist/_contracts/operations.js +7 -112
  10. package/dist/_contracts/provider-support.d.ts +48 -138
  11. package/dist/_contracts/provider-support.js +10 -41
  12. package/dist/_contracts/proxy-protocol.d.ts +7 -7
  13. package/dist/_contracts/proxy-protocol.js +8 -8
  14. package/dist/_contracts/run-config.d.ts +7 -20
  15. package/dist/_contracts/run-config.js +8 -46
  16. package/dist/_contracts/run-cost.d.ts +1 -5
  17. package/dist/_contracts/run-cost.js +0 -8
  18. package/dist/_contracts/run-custody.d.ts +4 -6
  19. package/dist/_contracts/run-custody.js +0 -8
  20. package/dist/_contracts/run-unit.d.ts +1 -1
  21. package/dist/_contracts/run-unit.js +2 -2
  22. package/dist/_contracts/runner-event.d.ts +1 -1
  23. package/dist/_contracts/runner-event.js +1 -1
  24. package/dist/_contracts/runtime-manifest.d.ts +13 -26
  25. package/dist/_contracts/runtime-manifest.js +6 -35
  26. package/dist/_contracts/runtime-types.d.ts +1 -1
  27. package/dist/_contracts/sdk-secrets.js +4 -4
  28. package/dist/_contracts/side-effect-audit.d.ts +2 -4
  29. package/dist/_contracts/side-effect-audit.js +2 -4
  30. package/dist/_contracts/status.d.ts +1 -1
  31. package/dist/_contracts/status.js +1 -1
  32. package/dist/_contracts/submission.d.ts +5 -126
  33. package/dist/_contracts/submission.js +10 -182
  34. package/dist/_contracts/webhook-verify.d.ts +1 -1
  35. package/dist/_contracts/webhook-verify.js +1 -1
  36. package/dist/asset-upload.d.ts +4 -10
  37. package/dist/asset-upload.js +4 -47
  38. package/dist/asset-upload.js.map +1 -1
  39. package/dist/cli.mjs +19 -193
  40. package/dist/cli.mjs.sha256 +1 -1
  41. package/dist/client.d.ts +8 -69
  42. package/dist/client.js +21 -98
  43. package/dist/client.js.map +1 -1
  44. package/dist/index.d.ts +4 -4
  45. package/dist/index.js +3 -4
  46. package/dist/index.js.map +1 -1
  47. package/dist/skill.d.ts +1 -1
  48. package/dist/skill.js +1 -1
  49. package/dist/version.d.ts +1 -1
  50. package/dist/version.js +1 -1
  51. package/docs/cleanup.md +2 -2
  52. package/docs/concepts/agent-tools.md +2 -2
  53. package/docs/concepts/composition.md +1 -1
  54. package/docs/concepts/providers-and-runtimes.md +2 -4
  55. package/docs/concepts/runs.md +3 -6
  56. package/docs/credentials.md +2 -5
  57. package/docs/defaults.md +22 -22
  58. package/docs/limits-and-quotas.md +40 -40
  59. package/docs/limits.md +1 -1
  60. package/docs/networking.md +2 -2
  61. package/docs/outputs.md +1 -1
  62. package/docs/provider-runtime-capabilities.md +36 -64
  63. package/docs/public-surface.json +2 -3
  64. package/docs/quickstart.md +18 -6
  65. package/docs/run-config.md +3 -4
  66. package/docs/secrets.md +7 -5
  67. package/docs/skills.md +4 -12
  68. package/docs/vision-skills.md +1 -1
  69. package/package.json +2 -2
package/dist/cli.mjs CHANGED
@@ -11841,7 +11841,7 @@ var PROXY_RESPONSE_MODES = ["status_only", "headers_only", "full"];
11841
11841
  var PROXY_ENDPOINT_DEFAULTS = {
11842
11842
  allowHeaders: [],
11843
11843
  responseMode: "headers_only",
11844
- // 10 MiB. The body is buffered into the Worker to enforce this cap, while the
11844
+ // 10 MiB. The body is buffered in the hosted API to enforce this cap, while the
11845
11845
  // launch default fits practical multimodal/tool POSTs without every endpoint
11846
11846
  // needing an override.
11847
11847
  maxRequestBytes: 10 * 1024 * 1024,
@@ -11860,7 +11860,6 @@ var COMMON_DOCS = [
11860
11860
  ];
11861
11861
  var COMMON_EVIDENCE = [
11862
11862
  { label: "Submission parser and routing parity", href: "../../contracts/test/submission.test.ts" },
11863
- { label: "Runtime support validator", href: "../../contracts/test/runtime-support.test.ts" },
11864
11863
  { label: "Generated matrix freshness", href: "../../../scripts/validate/capability-matrix.test.ts" }
11865
11864
  ];
11866
11865
  var ANTHROPIC_LIVE_USER_EVIDENCE = [
@@ -11879,68 +11878,50 @@ var DEEPSEEK_LIVE_USER_EVIDENCE = [
11879
11878
  href: "../../../apps/user-tests/test/live/live-sdk-comprehensive.test.ts"
11880
11879
  }
11881
11880
  ];
11882
- var ANTHROPIC_MANAGED_EVIDENCE = [
11883
- ...ANTHROPIC_LIVE_USER_EVIDENCE,
11884
- { label: "Runtime support validator", href: "../../contracts/test/runtime-support.test.ts" }
11885
- ];
11886
- var DEEPSEEK_MANAGED_EVIDENCE = [
11887
- ...DEEPSEEK_LIVE_USER_EVIDENCE,
11888
- { label: "Runtime support validator", href: "../../contracts/test/runtime-support.test.ts" }
11889
- ];
11881
+ var ANTHROPIC_MANAGED_EVIDENCE = ANTHROPIC_LIVE_USER_EVIDENCE;
11882
+ var DEEPSEEK_MANAGED_EVIDENCE = DEEPSEEK_LIVE_USER_EVIDENCE;
11890
11883
  var PROVIDER_PUBLIC_SUPPORT = {
11891
11884
  anthropic: {
11892
11885
  displayName: "Anthropic",
11893
11886
  docsAnchor: "anthropic",
11894
11887
  docs: COMMON_DOCS,
11895
11888
  evidence: [...COMMON_EVIDENCE, ...ANTHROPIC_MANAGED_EVIDENCE],
11896
- runtimeEvidence: {
11897
- managed: ANTHROPIC_MANAGED_EVIDENCE
11898
- }
11889
+ managedEvidence: ANTHROPIC_MANAGED_EVIDENCE
11899
11890
  },
11900
11891
  deepseek: {
11901
11892
  displayName: "DeepSeek",
11902
11893
  docsAnchor: "deepseek",
11903
11894
  docs: COMMON_DOCS,
11904
11895
  evidence: [...COMMON_EVIDENCE, ...DEEPSEEK_MANAGED_EVIDENCE],
11905
- runtimeEvidence: {
11906
- managed: DEEPSEEK_MANAGED_EVIDENCE
11907
- }
11896
+ managedEvidence: DEEPSEEK_MANAGED_EVIDENCE
11908
11897
  },
11909
11898
  openai: {
11910
11899
  displayName: "OpenAI",
11911
11900
  docsAnchor: "openai",
11912
11901
  docs: COMMON_DOCS,
11913
11902
  evidence: COMMON_EVIDENCE,
11914
- runtimeEvidence: {
11915
- managed: COMMON_EVIDENCE
11916
- }
11903
+ managedEvidence: COMMON_EVIDENCE
11917
11904
  },
11918
11905
  gemini: {
11919
11906
  displayName: "Gemini",
11920
11907
  docsAnchor: "gemini",
11921
11908
  docs: COMMON_DOCS,
11922
11909
  evidence: COMMON_EVIDENCE,
11923
- runtimeEvidence: {
11924
- managed: COMMON_EVIDENCE
11925
- }
11910
+ managedEvidence: COMMON_EVIDENCE
11926
11911
  },
11927
11912
  mistral: {
11928
11913
  displayName: "Mistral",
11929
11914
  docsAnchor: "mistral",
11930
11915
  docs: COMMON_DOCS,
11931
11916
  evidence: COMMON_EVIDENCE,
11932
- runtimeEvidence: {
11933
- managed: COMMON_EVIDENCE
11934
- }
11917
+ managedEvidence: COMMON_EVIDENCE
11935
11918
  },
11936
11919
  openrouter: {
11937
11920
  displayName: "OpenRouter",
11938
11921
  docsAnchor: "openrouter",
11939
11922
  docs: COMMON_DOCS,
11940
11923
  evidence: COMMON_EVIDENCE,
11941
- runtimeEvidence: {
11942
- managed: COMMON_EVIDENCE
11943
- }
11924
+ managedEvidence: COMMON_EVIDENCE
11944
11925
  },
11945
11926
  // Doubao (ByteDance) via the official Ark API — international BytePlus gateway.
11946
11927
  doubao: {
@@ -11948,9 +11929,7 @@ var PROVIDER_PUBLIC_SUPPORT = {
11948
11929
  docsAnchor: "doubao",
11949
11930
  docs: COMMON_DOCS,
11950
11931
  evidence: COMMON_EVIDENCE,
11951
- runtimeEvidence: {
11952
- managed: COMMON_EVIDENCE
11953
- }
11932
+ managedEvidence: COMMON_EVIDENCE
11954
11933
  },
11955
11934
  // Doubao (ByteDance) via the official Ark API — China Volcengine gateway.
11956
11935
  "doubao-cn": {
@@ -11958,9 +11937,7 @@ var PROVIDER_PUBLIC_SUPPORT = {
11958
11937
  docsAnchor: "doubao-cn",
11959
11938
  docs: COMMON_DOCS,
11960
11939
  evidence: COMMON_EVIDENCE,
11961
- runtimeEvidence: {
11962
- managed: COMMON_EVIDENCE
11963
- }
11940
+ managedEvidence: COMMON_EVIDENCE
11964
11941
  }
11965
11942
  };
11966
11943
 
@@ -12177,35 +12154,10 @@ function parseSkillRef(input, path5) {
12177
12154
  }
12178
12155
  const record = input;
12179
12156
  const kind = record.kind;
12180
- if (kind === "provider") {
12181
- for (const key of Object.keys(record)) {
12182
- if (key !== "kind" && key !== "vendor" && key !== "skillId" && key !== "version") {
12183
- throw new Error(`${path5} contains unexpected field for provider SkillRef: ${key}`);
12184
- }
12185
- }
12186
- const vendor = record.vendor;
12187
- if (vendor !== "anthropic" && vendor !== "custom") {
12188
- throw new Error(`${path5}.vendor must be 'anthropic' or 'custom'`);
12189
- }
12190
- const skillId = record.skillId;
12191
- if (typeof skillId !== "string" || skillId.length === 0 || skillId.length > 256) {
12192
- throw new Error(`${path5}.skillId must be a non-empty string (<= 256 chars)`);
12193
- }
12194
- const version = record.version;
12195
- if (version !== void 0 && (typeof version !== "string" || version.length === 0 || version.length > 64)) {
12196
- throw new Error(`${path5}.version, when provided, must be a non-empty string (<= 64 chars)`);
12197
- }
12198
- return {
12199
- kind: "provider",
12200
- vendor,
12201
- skillId,
12202
- ...version !== void 0 ? { version } : {}
12203
- };
12204
- }
12205
12157
  if (kind === "asset") {
12206
12158
  return parseAssetRefFields(record, path5);
12207
12159
  }
12208
- throw new Error(`${path5}.kind must be 'provider' or 'asset'`);
12160
+ throw new Error(`${path5}.kind must be 'asset'`);
12209
12161
  }
12210
12162
  function parseAssetRefFields(record, path5) {
12211
12163
  for (const key of Object.keys(record)) {
@@ -12463,7 +12415,6 @@ function parseRunRequestConfig(input) {
12463
12415
  "mcpServers",
12464
12416
  "environment",
12465
12417
  "runtimeSize",
12466
- "region",
12467
12418
  "timeout",
12468
12419
  "postHook",
12469
12420
  "proxyEndpoints",
@@ -12482,7 +12433,6 @@ function parseRunRequestConfig(input) {
12482
12433
  const prompt = parseRunRequestConfigPrompt(record.prompt);
12483
12434
  const skills = parseRunRequestConfigSkills(record.skills);
12484
12435
  const mcpServers = parseRunRequestConfigMcpServers(record.mcpServers);
12485
- const region = parseRegion(record.region);
12486
12436
  const postHook = parsePostHook(record.postHook, "run request config postHook");
12487
12437
  return {
12488
12438
  model,
@@ -12496,7 +12446,6 @@ function parseRunRequestConfig(input) {
12496
12446
  // of truth. The CLI surfaces structural errors at submission time.
12497
12447
  ...record.environment !== void 0 ? { environment: record.environment } : {},
12498
12448
  ...record.runtimeSize !== void 0 ? { runtimeSize: record.runtimeSize } : {},
12499
- ...region !== void 0 ? { region } : {},
12500
12449
  ...record.timeout !== void 0 ? { timeout: record.timeout } : {},
12501
12450
  ...postHook !== void 0 ? { postHook: record.postHook } : {},
12502
12451
  ...record.proxyEndpoints !== void 0 ? { proxyEndpoints: record.proxyEndpoints } : {},
@@ -12596,20 +12545,9 @@ var RUN_PROVIDERS = [
12596
12545
  "doubao-cn"
12597
12546
  ];
12598
12547
  var DEFAULT_RUN_PROVIDER = "anthropic";
12599
- var REGIONS = ["eu-west", "us-west", "ap-northeast"];
12600
- var RUNTIME_KINDS = ["managed"];
12601
12548
  var MIN_REDACTION_TARGET_BYTES = 4;
12602
12549
  var MIN_PROXY_SECRET_BYTES = 8;
12603
12550
  var _MIN_PROXY_SECRET_BYTES_OK = MIN_PROXY_SECRET_BYTES >= MIN_REDACTION_TARGET_BYTES;
12604
- function parseRegion(input) {
12605
- if (input === void 0) {
12606
- return void 0;
12607
- }
12608
- if (typeof input !== "string" || !REGIONS.includes(input)) {
12609
- throw new Error(`region must be one of: ${REGIONS.join(", ")} (got ${JSON.stringify(input)})`);
12610
- }
12611
- return input;
12612
- }
12613
12551
  var BUILTIN_TOOL_NAMES = [
12614
12552
  "bash",
12615
12553
  "read_file",
@@ -12635,7 +12573,7 @@ var DEFAULT_BUILTIN_TOOLS = BUILTIN_TOOL_NAMES.filter((name) => name !== "notebo
12635
12573
  var MAX_OUTPUT_CAPTURE_TIMEOUT_MS = 6 * 60 * 60 * 1e3;
12636
12574
 
12637
12575
  // ../contracts/dist/event-envelope.js
12638
- var AEX_EVENT_SOURCES = ["agent", "worker", "runtime", "mcp", "aex", "workflow", "host"];
12576
+ var AEX_EVENT_SOURCES = ["agent", "api", "runtime", "mcp", "aex", "workflow", "host"];
12639
12577
  var AEX_EVENT_TYPES = [
12640
12578
  "RUN_STARTED",
12641
12579
  "RUN_FINISHED",
@@ -12872,7 +12810,7 @@ function sleep(ms, signal) {
12872
12810
  }
12873
12811
 
12874
12812
  // ../contracts/dist/runtime-manifest.js
12875
- var ANTHROPIC_PATHS = Object.freeze({
12813
+ var RUNTIME_PATHS = Object.freeze({
12876
12814
  skillsRoot: "/workspace/skills",
12877
12815
  filesRoot: "/mnt/session/uploads/aex/files",
12878
12816
  assetsRoot: "/mnt/session/uploads/aex/assets",
@@ -13452,7 +13390,6 @@ __export(operations_exports, {
13452
13390
  createFile: () => createFile,
13453
13391
  createOutputLink: () => createOutputLink,
13454
13392
  createSecret: () => createSecret,
13455
- createSkillBundle: () => createSkillBundle,
13456
13393
  createSkillBundleDirect: () => createSkillBundleDirect,
13457
13394
  deleteAgentsMd: () => deleteAgentsMd,
13458
13395
  deleteFile: () => deleteFile,
@@ -13494,7 +13431,6 @@ __export(operations_exports, {
13494
13431
  resolveOutputFileSelector: () => resolveOutputFileSelector,
13495
13432
  rotateSecret: () => rotateSecret,
13496
13433
  submitRun: () => submitRun,
13497
- submitRunMultipart: () => submitRunMultipart,
13498
13434
  uploadWorkspaceAsset: () => uploadWorkspaceAsset,
13499
13435
  whoami: () => whoami
13500
13436
  });
@@ -14707,87 +14643,12 @@ async function submitRun(http, request) {
14707
14643
  body: JSON.stringify(request)
14708
14644
  });
14709
14645
  }
14710
- async function submitRunMultipart(http, request, bundles, agentsMdParts, fileParts) {
14711
- const hasBundles = Array.isArray(bundles) && bundles.length > 0;
14712
- const hasAgentsMd = Array.isArray(agentsMdParts) && agentsMdParts.length > 0;
14713
- const hasFiles = Array.isArray(fileParts) && fileParts.length > 0;
14714
- if (!hasBundles && !hasAgentsMd && !hasFiles) {
14715
- throw new Error("submitRunMultipart: bundles, agentsMdParts, or fileParts must be non-empty");
14716
- }
14717
- const form = new FormData();
14718
- form.append("submission", new Blob([JSON.stringify(request)], { type: "application/json" }), "submission.json");
14719
- const seen = /* @__PURE__ */ new Set();
14720
- for (const bundle of bundles) {
14721
- if (typeof bundle.slot !== "string" || !bundle.slot) {
14722
- throw new Error("submitRunMultipart: each bundle must have a non-empty slot id");
14723
- }
14724
- if (seen.has(bundle.slot)) {
14725
- throw new Error(`submitRunMultipart: duplicate inline skill slot "${bundle.slot}"`);
14726
- }
14727
- seen.add(bundle.slot);
14728
- const blob = toBlob(bundle.bytes, "application/zip");
14729
- form.append(`skill:${bundle.slot}`, blob, bundle.filename);
14730
- }
14731
- for (const part of agentsMdParts ?? []) {
14732
- if (typeof part.slot !== "string" || !part.slot) {
14733
- throw new Error("submitRunMultipart: each agentsMd part must have a non-empty slot id");
14734
- }
14735
- const partKey = `agentsmd:${part.slot}`;
14736
- if (seen.has(partKey)) {
14737
- throw new Error(`submitRunMultipart: duplicate agentsMd slot "${part.slot}"`);
14738
- }
14739
- seen.add(partKey);
14740
- const blob = new Blob([part.content], { type: "text/plain" });
14741
- form.append(partKey, blob, part.filename);
14742
- }
14743
- for (const part of fileParts ?? []) {
14744
- if (typeof part.slot !== "string" || !part.slot) {
14745
- throw new Error("submitRunMultipart: each file part must have a non-empty slot id");
14746
- }
14747
- const partKey = `file:${part.slot}`;
14748
- if (seen.has(partKey)) {
14749
- throw new Error(`submitRunMultipart: duplicate file slot "${part.slot}"`);
14750
- }
14751
- seen.add(partKey);
14752
- const blob = toBlob(part.bytes, "application/zip");
14753
- form.append(partKey, blob, part.filename);
14754
- }
14755
- return http.request("/api/runs", {
14756
- method: "POST",
14757
- body: form
14758
- });
14759
- }
14760
- async function createSkillBundle(http, args) {
14761
- const form = new FormData();
14762
- form.append("name", args.name);
14763
- const blobBody = toBlob(args.body, args.contentType ?? "application/zip");
14764
- form.append("bundle", blobBody, args.filename ?? `${args.name}.zip`);
14765
- const result = await http.request("/api/skills", {
14646
+ async function createSkillBundleDirect(http, fetchImpl, args) {
14647
+ const presign = await http.request("/api/skills/presign", {
14766
14648
  method: "POST",
14767
- body: form
14649
+ headers: { "content-type": "application/json" },
14650
+ body: JSON.stringify({ name: args.name, hash: args.contentHash, sizeBytes: args.body.byteLength })
14768
14651
  });
14769
- return unwrapSkill(result);
14770
- }
14771
- async function createSkillBundleDirect(http, fetchImpl, args) {
14772
- let presign;
14773
- try {
14774
- presign = await http.request("/api/skills/presign", {
14775
- method: "POST",
14776
- headers: { "content-type": "application/json" },
14777
- body: JSON.stringify({ name: args.name, hash: args.contentHash, sizeBytes: args.body.byteLength })
14778
- });
14779
- } catch (err2) {
14780
- const status2 = err2.status;
14781
- const code = (err2.details ?? {}).code;
14782
- if (status2 === 503 && code === "presign_unconfigured") {
14783
- return createSkillBundle(http, {
14784
- name: args.name,
14785
- body: args.body,
14786
- ...args.contentType ? { contentType: args.contentType } : {}
14787
- });
14788
- }
14789
- throw err2;
14790
- }
14791
14652
  const putRes = await fetchImpl(presign.uploadUrl, {
14792
14653
  method: "PUT",
14793
14654
  headers: { "content-type": args.contentType ?? "application/zip", ...presign.requiredHeaders ?? {} },
@@ -15648,35 +15509,6 @@ async function runRunCmd(io2, argv) {
15648
15509
  }
15649
15510
  if (!providerKeyValues[provider]) {
15650
15511
  io2.stderr(`--${provider}-api-key is required when --provider is ${provider} (the platform does not store provider keys on your behalf)
15651
- `);
15652
- return USAGE_ERR;
15653
- }
15654
- const runtimeFlag = takeFlagValue(rest, "--runtime");
15655
- if (runtimeFlag.error) {
15656
- io2.stderr(`${runtimeFlag.error}
15657
- `);
15658
- return USAGE_ERR;
15659
- }
15660
- rest = runtimeFlag.remaining;
15661
- let runtime;
15662
- if (runtimeFlag.value !== null) {
15663
- if (!RUNTIME_KINDS.includes(runtimeFlag.value)) {
15664
- io2.stderr(`--runtime must be one of: ${RUNTIME_KINDS.join(", ")} (got: ${runtimeFlag.value})
15665
- `);
15666
- return USAGE_ERR;
15667
- }
15668
- runtime = runtimeFlag.value;
15669
- }
15670
- const regionFlag = takeFlagValue(rest, "--region");
15671
- if (regionFlag.error) {
15672
- io2.stderr(`${regionFlag.error}
15673
- `);
15674
- return USAGE_ERR;
15675
- }
15676
- rest = regionFlag.remaining;
15677
- if (regionFlag.value && !REGIONS.includes(regionFlag.value)) {
15678
- const hint = suggest(regionFlag.value, REGIONS);
15679
- io2.stderr(`--region must be one of: ${REGIONS.join(", ")}${hint ? `; did you mean "${hint}"?` : ""}
15680
15512
  `);
15681
15513
  return USAGE_ERR;
15682
15514
  }
@@ -15959,18 +15791,15 @@ async function runRunCmd(io2, argv) {
15959
15791
  };
15960
15792
  const hasAdditionalProviderKeys = Object.keys(providerKeyValues).some((p) => p !== provider);
15961
15793
  const secrets = {
15962
- apiKey: providerKeyValues[provider],
15963
- ...hasAdditionalProviderKeys ? { apiKeys: providerKeyValues } : {},
15794
+ apiKeys: hasAdditionalProviderKeys ? providerKeyValues : { [provider]: providerKeyValues[provider] },
15964
15795
  ...mcpServerSecrets.length > 0 ? { mcpServers: mcpServerSecrets } : {},
15965
15796
  ...proxyAuth.length > 0 ? { proxyEndpointAuth: proxyAuth } : {}
15966
15797
  };
15967
15798
  const request = {
15968
15799
  idempotencyKey: idempotency.value ?? generateIdempotencyKey(),
15969
15800
  provider,
15970
- ...runtime ? { runtime } : {},
15971
15801
  submission,
15972
15802
  secrets,
15973
- ...regionFlag.value ? { region: regionFlag.value } : runConfig.region ? { region: runConfig.region } : {},
15974
15803
  ...runtimeSizeFlag.value ? { runtimeSize: runtimeSizeFlag.value } : runConfig.runtimeSize ? { runtimeSize: runConfig.runtimeSize } : {},
15975
15804
  ...runTimeoutFlag.value ? { timeout: runTimeoutFlag.value } : runConfig.timeout ? { timeout: runConfig.timeout } : {},
15976
15805
  ...runConfig.postHook ? { postHook: runConfig.postHook } : {},
@@ -18572,7 +18401,6 @@ Protocol version: ${manifest.protocolVersion}
18572
18401
  io2.stdout("aex run flags:\n");
18573
18402
  io2.stdout(` --provider <name> Optional; one of: ${RUN_PROVIDERS.join(", ")} (default anthropic)
18574
18403
  `);
18575
- io2.stdout(" --runtime managed Optional runtime selector; omitted also uses managed\n");
18576
18404
  for (const provider of RUN_PROVIDERS) {
18577
18405
  io2.stdout(` --${provider}-api-key <key>${" ".repeat(Math.max(1, 13 - provider.length))}REQUIRED when --provider ${provider}; never stored
18578
18406
  `);
@@ -18586,8 +18414,6 @@ Protocol version: ${manifest.protocolVersion}
18586
18414
  io2.stdout(" --metadata key=value Submission metadata entry (repeatable)\n");
18587
18415
  io2.stdout(" --proxy-endpoint '<json>' PlatformProxyEndpoint JSON (repeatable)\n");
18588
18416
  io2.stdout(" --proxy-auth name=<spec> bearer:tok | basic:u:p | header:v | query:v (repeatable)\n");
18589
- io2.stdout(` --region <region> Product placement region; one of: ${REGIONS.join(", ")}
18590
- `);
18591
18417
  io2.stdout(" --runtime-size <size> managed runtime preset\n");
18592
18418
  io2.stdout(" --run-timeout <dur> Server-side run deadline (e.g. 1h); distinct from --timeout\n");
18593
18419
  io2.stdout(" --idempotency-key <key> Optional; defaults to a fresh UUID\n");
@@ -1 +1 @@
1
- 88682d1f64442fabb34e7f3645f950c2a109b192183b100cd75dbaf92fd8f385 cli.mjs
1
+ 6fdbb02bcedc98dc959c46f14b44bc0d061c799e01627d2550e58980d954e722 cli.mjs
package/dist/client.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { HttpClient, SecretString, type AexEvent, type AgentsMdRecord, type CredentialMode, type DebugSink, type FetchLike, type FileRecord, type Output, type OutputFileType, type OutputLink, type OutputLinkOptions, type OutputQuery, type OutputText, type OutputMode, type ReadOutputTextOptions, type RunListPage, type RunListQuery, type OutputSearchQuery, type OutputSearchPage, type PlatformEnvironmentInput, type PlatformSubmission, type PlatformInlineSecrets, type PlatformProxyEndpoint, type PlatformProxyEndpointAuth, type PlatformPostHookInput, type Run, type RunModel, type RunEvent, type RunTrace, type UsageSummary, type RunLimits, type RunWebhookDelivery, type RunProvider, type Region, type SecretRecord, type SecretReveal, type RunUnit, type BuiltinToolName, type RuntimeSize, type RuntimeKind, type Skill as SkillRecord, type WhoAmI } from "./_contracts/index.js";
1
+ import { HttpClient, SecretString, type AexEvent, type AgentsMdRecord, type DebugSink, type FetchLike, type FileRecord, type Output, type OutputFileType, type OutputLink, type OutputLinkOptions, type OutputQuery, type OutputText, type OutputMode, type ReadOutputTextOptions, type RunListPage, type RunListQuery, type OutputSearchQuery, type OutputSearchPage, type PlatformEnvironmentInput, type PlatformSubmission, type PlatformInlineSecrets, type PlatformProxyEndpoint, type PlatformProxyEndpointAuth, type PlatformPostHookInput, type Run, type RunModel, type RunEvent, type RunTrace, type UsageSummary, type RunLimits, type RunWebhookDelivery, type RunProvider, type SecretRecord, type SecretReveal, type RunUnit, type BuiltinToolName, type RuntimeSize, type Skill as SkillRecord, type WhoAmI } from "./_contracts/index.js";
2
2
  import { AgentsMd } from "./agents-md.js";
3
3
  import { type UploadedAsset } from "./asset-upload.js";
4
4
  import { File } from "./file.js";
@@ -40,30 +40,22 @@ export interface AgentExecutorOptions {
40
40
  * secret is bundled into the constructor and split into
41
41
  * `secrets.proxyEndpointAuth` server-side; the public submission
42
42
  * only carries the declaration (`{ name, baseUrl, authShape, … }`).
43
- * - `apiKey` / `credentials` / `secrets` — the BYOK provider key(s). A key for
44
- * the selected provider is REQUIRED; the simplest call passes just `apiKey`.
45
- * Use `credentials` (or `secrets.apiKeys`) to carry keys for additional
46
- * providers so subagents spawned with a different-family model can use them
47
- * (the child inherits the parent's keys server-side). The platform never
48
- * holds a long-lived provider key on your behalf.
43
+ * - `secrets.apiKeys` — the BYOK provider key(s), keyed by provider. A key
44
+ * for the selected provider is REQUIRED unless this is an admitted child
45
+ * run inheriting keys from its parent. The platform never holds a
46
+ * long-lived provider key on your behalf.
49
47
  *
50
48
  * `idempotencyKey` is auto-generated when omitted; pass one explicitly
51
49
  * if you want client-driven retry safety across process restarts.
52
50
  */
53
51
  export interface SubmitOptions {
54
- /**
55
- * Credential source for upstream provider access. Omitted defaults to
56
- * `"byok"`, which requires `secrets.apiKey` or
57
- * `secrets.apiKeys[provider]`.
58
- */
59
- readonly credentialMode?: CredentialMode;
60
52
  /**
61
53
  * Upstream provider selector. Prefer naming it explicitly with the
62
54
  * {@link Providers} symbol const, e.g. `provider: Providers.DEEPSEEK`. The
63
55
  * same model id can route through different providers, so `provider` is a
64
56
  * first-class field — pass it alongside `model` rather than letting the model
65
57
  * alone decide routing. The BYOK key for the selected provider is supplied as
66
- * `secrets.apiKey` or `secrets.apiKeys[provider]`.
58
+ * `secrets.apiKeys[provider]`.
67
59
  *
68
60
  * Optional today: when omitted it is derived from `model` (each currently
69
61
  * supported model maps to a single provider), so existing call sites keep
@@ -71,18 +63,6 @@ export interface SubmitOptions {
71
63
  * throws.
72
64
  */
73
65
  readonly provider?: RunProvider;
74
- /**
75
- * Optional runtime selector. Omit it or pass `"managed"`; both run on
76
- * the managed runtime through the hosted BYOK provider-proxy. `"native"`
77
- * is no longer accepted.
78
- */
79
- readonly runtime?: RuntimeKind;
80
- /**
81
- * Optional hosted-platform placement region for this run. These are
82
- * product-level tokens, not exact city guarantees; omit to let the platform
83
- * infer a configured region and fall back when no hint matches.
84
- */
85
- readonly region?: Region;
86
66
  /**
87
67
  * Closed public model id. Prefer the {@link Models} symbol const, e.g.
88
68
  * `Models.CLAUDE_HAIKU_4_5`. Pair it with an explicit {@link Providers} value
@@ -172,24 +152,9 @@ export interface SubmitOptions {
172
152
  * typing UIs.
173
153
  */
174
154
  readonly outputMode?: OutputMode;
175
- /**
176
- * Single-provider BYOK key sugar — the key for the run's selected `provider`.
177
- * The simplest call passes just `apiKey` (no nested `secrets` envelope). When
178
- * several sources name a key for the same provider they must agree (else submit
179
- * throws); resolution precedence is
180
- * `secrets.apiKeys[provider] ?? secrets.apiKey ?? credentials[provider] ?? apiKey`.
181
- */
182
- readonly apiKey?: string;
183
- /**
184
- * Multi-provider BYOK key map — the clean way to supply keys for more than one
185
- * provider (e.g. so a subagent spawned with a different-family model inherits a
186
- * key server-side). Folded into the `secrets.apiKeys` wire shape.
187
- */
188
- readonly credentials?: Partial<Record<RunProvider, string>>;
189
155
  /**
190
156
  * Advanced inline secrets bundle (per-provider `apiKeys`, MCP headers, proxy
191
- * auth, env secrets). OPTIONAL the common case uses `apiKey` / `credentials`.
192
- * `secrets.apiKey` / `secrets.apiKeys` keep working unchanged.
157
+ * auth, env secrets). Provider keys must use `secrets.apiKeys`.
193
158
  */
194
159
  readonly secrets?: PlatformInlineSecrets;
195
160
  readonly idempotencyKey?: string;
@@ -223,8 +188,6 @@ export interface SubmitOptions {
223
188
  readonly limits?: RunLimits;
224
189
  readonly signal?: AbortSignal;
225
190
  }
226
- /** @deprecated Renamed to {@link SubmitOptions}. Kept for one release. */
227
- export type SubmitRunOptions = SubmitOptions;
228
191
  /**
229
192
  * The settle-consistent result of {@link AgentExecutor.run} / `runAndCollect`:
230
193
  * the terminal run record plus its settle-bracketed events, decoded trace,
@@ -340,14 +303,6 @@ export declare class SkillsClient {
340
303
  * the cost is negligible.
341
304
  */
342
305
  findByName(name: string): Promise<SkillRecord | null>;
343
- /**
344
- * Internal: post a pre-bundled skill zip to the BFF. Only
345
- * `Skill.upload` calls this. NOT part of the public API.
346
- */
347
- _uploadSkillBundle(args: {
348
- readonly name: string;
349
- readonly body: Uint8Array;
350
- }): Promise<SkillRecord>;
351
306
  }
352
307
  /**
353
308
  * Workspace AgentsMd admin operations exposed under `client.agentsMd`.
@@ -461,22 +416,6 @@ export declare class AgentExecutor {
461
416
  readonly files: FilesClient;
462
417
  readonly secrets: SecretsClient;
463
418
  constructor(options: AgentExecutorOptions);
464
- /**
465
- * Internal: forwards to `SkillsClient._uploadSkillBundle`. NOT part of
466
- * the public API.
467
- *
468
- * NOTE (tech-debt): this is part of the legacy workspace-skill upload
469
- * surface (`SkillsClient` + `operations.createSkillBundle` + the TUS
470
- * chunked path in asset-upload.ts). The live submit path materializes
471
- * inline skills via `uploadAsset` instead; `Skill.upload(client)`
472
- * pre-stages a draft explicitly for reuse. This surface is retained
473
- * pending a deliberate deprecation pass (it still threads into the CLI
474
- * host commands), tracked in the remediation plan as item 4a.
475
- */
476
- _uploadSkillBundle(args: {
477
- readonly name: string;
478
- readonly body: Uint8Array;
479
- }): Promise<SkillRecord>;
480
419
  /**
481
420
  * Internal: an `AgentsMd.upload(this)` shortcut that bypasses
482
421
  * `client.agentsMd` indirection. Forwarded to
@@ -611,7 +550,7 @@ export declare class AgentExecutor {
611
550
  stream(runId: string, options?: StreamEventsOptions): AsyncIterable<RunEvent>;
612
551
  /**
613
552
  * Stream the unified {@link AexEvent} envelope live over the coordinator
614
- * WebSocket. The Worker's ticket broker authorizes the connection (workspace
553
+ * WebSocket. The hosted API's ticket broker authorizes the connection (workspace
615
554
  * token → short-lived coordinator ticket); the shared client replays from
616
555
  * the cursor, tails live, and resumes exactly-once across reconnects. The
617
556
  * ticket is re-minted on each (re)connect so a long run never outlives it.