@aexhq/sdk 0.33.1 → 0.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. package/README.md +19 -27
  2. package/dist/_contracts/operations.d.ts +2 -54
  3. package/dist/_contracts/operations.js +2 -87
  4. package/dist/_contracts/run-config.d.ts +19 -13
  5. package/dist/_contracts/run-config.js +6 -33
  6. package/dist/_contracts/run-unit.d.ts +1 -33
  7. package/dist/_contracts/run-unit.js +2 -21
  8. package/dist/_contracts/runtime-sizes.d.ts +2 -2
  9. package/dist/_contracts/runtime-sizes.js +2 -2
  10. package/dist/_contracts/status.d.ts +2 -2
  11. package/dist/_contracts/status.js +3 -0
  12. package/dist/_contracts/submission.d.ts +80 -41
  13. package/dist/_contracts/submission.js +114 -52
  14. package/dist/agents-md.d.ts +5 -5
  15. package/dist/agents-md.js +7 -7
  16. package/dist/agents-md.js.map +1 -1
  17. package/dist/asset-upload.d.ts +4 -4
  18. package/dist/asset-upload.js +4 -4
  19. package/dist/bundle.d.ts +2 -2
  20. package/dist/bundle.js +2 -2
  21. package/dist/cli.mjs +369 -12918
  22. package/dist/cli.mjs.sha256 +1 -1
  23. package/dist/client.d.ts +234 -383
  24. package/dist/client.js +436 -648
  25. package/dist/client.js.map +1 -1
  26. package/dist/data-tools.d.ts +25 -22
  27. package/dist/data-tools.js +75 -62
  28. package/dist/data-tools.js.map +1 -1
  29. package/dist/fetch-archive.js +16 -16
  30. package/dist/fetch-archive.js.map +1 -1
  31. package/dist/file.d.ts +5 -5
  32. package/dist/file.js +7 -7
  33. package/dist/file.js.map +1 -1
  34. package/dist/index.d.ts +11 -9
  35. package/dist/index.js +20 -13
  36. package/dist/index.js.map +1 -1
  37. package/dist/mcp-server.d.ts +4 -4
  38. package/dist/mcp-server.js +4 -4
  39. package/dist/proxy-endpoint.d.ts +4 -4
  40. package/dist/proxy-endpoint.js +1 -1
  41. package/dist/retry.d.ts +162 -0
  42. package/dist/retry.js +320 -0
  43. package/dist/retry.js.map +1 -0
  44. package/dist/secret.d.ts +8 -8
  45. package/dist/secret.js +8 -8
  46. package/dist/secret.js.map +1 -1
  47. package/dist/skill-tool.d.ts +102 -0
  48. package/dist/skill-tool.js +190 -0
  49. package/dist/skill-tool.js.map +1 -0
  50. package/dist/tool.d.ts +1 -1
  51. package/dist/tool.js +3 -3
  52. package/dist/tool.js.map +1 -1
  53. package/dist/version.d.ts +1 -1
  54. package/dist/version.js +1 -1
  55. package/docs/cleanup.md +3 -3
  56. package/docs/concepts/agent-tools.md +6 -25
  57. package/docs/concepts/composition.md +15 -12
  58. package/docs/concepts/providers-and-runtimes.md +3 -3
  59. package/docs/concepts/runs.md +27 -22
  60. package/docs/credentials.md +52 -84
  61. package/docs/defaults.md +6 -6
  62. package/docs/events.md +65 -44
  63. package/docs/limits-and-quotas.md +3 -4
  64. package/docs/mcp.md +3 -3
  65. package/docs/networking.md +8 -8
  66. package/docs/outputs.md +44 -40
  67. package/docs/provider-runtime-capabilities.md +1 -1
  68. package/docs/public-surface.json +2 -2
  69. package/docs/quickstart.md +20 -10
  70. package/docs/retries.md +129 -0
  71. package/docs/run-config.md +12 -14
  72. package/docs/run-record.md +8 -8
  73. package/docs/secrets.md +16 -26
  74. package/docs/skills.md +55 -110
  75. package/docs/vision-skills.md +29 -40
  76. package/examples/chat-corpus.ts +8 -9
  77. package/examples/feature-tour.ts +301 -0
  78. package/package.json +1 -1
  79. package/dist/skill.d.ts +0 -149
  80. package/dist/skill.js +0 -198
  81. package/dist/skill.js.map +0 -1
package/dist/client.d.ts CHANGED
@@ -1,11 +1,12 @@
1
- import { HttpClient, SecretString, type AexEvent, type AgentsMdRecord, type DebugSink, type FetchLike, type FileRecord, type Output, type OutputFileType, type OutputLink, type OutputLinkOptions, type OutputQuery, type OutputText, type OutputMode, type ReadOutputTextOptions, type RunListPage, type RunListQuery, type OutputSearchQuery, type OutputSearchPage, type Session, type SessionCreateRequest, type SessionEvent, type SessionListPage, type SessionListQuery, type SessionStateChangeAccepted, type SessionTurn, type PlatformEnvironmentInput, type PlatformSubmission, type PlatformInlineSecrets, type PlatformProxyEndpoint, type PlatformProxyEndpointAuth, type Run, type RunModel, type RunEvent, type RunTrace, type UsageSummary, type RunLimits, type RunWebhookDelivery, type RunProvider, type SecretRecord, type SecretReveal, type RunUnit, type BuiltinToolName, type RuntimeSize, type Skill as SkillRecord, type WebSocketFactory, type WhoAmI } from "./_contracts/index.js";
1
+ import { HttpClient, SecretString, type AexEvent, type AgentsMdRecord, type AssistantTextEntry, type DebugSink, type FetchLike, type FileRecord, type Output, type OutputFileType, type OutputLink, type OutputLinkOptions, type OutputQuery, type OutputText, type OutputMode, type ReadOutputTextOptions, type OutputSearchQuery, type OutputSearchPage, type Session, type SessionCreateRequest, type SessionEvent, type SessionListPage, type SessionListQuery, type SessionStateChangeAccepted, type SessionTurn, type PlatformEnvironmentInput, type PlatformSubmission, type PlatformProxyEndpoint, type PlatformProxyEndpointAuth, type Run, type RunModel, type RunEvent, type RunTrace, type UsageSummary, type RunWebhookDelivery, type RunProvider, type SecretRecord, type RunUnit, type BuiltinToolName, type RuntimeSize, type WebSocketFactory, type WhoAmI } from "./_contracts/index.js";
2
2
  import { AgentsMd } from "./agents-md.js";
3
3
  import { type UploadedAsset } from "./asset-upload.js";
4
4
  import { File } from "./file.js";
5
5
  import { McpServer } from "./mcp-server.js";
6
6
  import { ProxyEndpoint } from "./proxy-endpoint.js";
7
+ import { type RetryOptions } from "./retry.js";
7
8
  import { Secret } from "./secret.js";
8
- import { Skill } from "./skill.js";
9
+ import { SkillTool } from "./skill-tool.js";
9
10
  import { Tool } from "./tool.js";
10
11
  export interface AgentExecutorOptions {
11
12
  /** Workspace-scoped SDK API token. */
@@ -24,165 +25,19 @@ export interface AgentExecutorOptions {
24
25
  * route the traces elsewhere. Purely local — nothing is uploaded.
25
26
  */
26
27
  readonly debug?: boolean | DebugSink;
27
- }
28
- /**
29
- * Per-run submission options. Everything the user wants to send is
30
- * spelled out at the call site:
31
- *
32
- * - `model` / `system` / `prompt` — the agent's brief.
33
- * - `skills` — array of local `Skill` instances
34
- * (`Skill.fromFiles` / `Skill.fromPath`). Local skills are materialized
35
- * to the hosted asset store before the run lands.
36
- * - `mcpServers` — array of `McpServer` instances (headers split into
37
- * `secrets.mcpServers` server-side; the public submission only
38
- * carries `{ name, url }`).
39
- * - `proxyEndpoints` — array of `ProxyEndpoint` instances. The auth
40
- * secret is bundled into the constructor and split into
41
- * `secrets.proxyEndpointAuth` server-side; the public submission
42
- * only carries the declaration (`{ name, baseUrl, authShape, … }`).
43
- * - `secrets.apiKeys` — the BYOK provider key(s), keyed by provider. A key
44
- * for the selected provider is REQUIRED unless this is an admitted child
45
- * run inheriting keys from its parent. The platform never holds a
46
- * long-lived provider key on your behalf.
47
- *
48
- * `idempotencyKey` is auto-generated when omitted; pass one explicitly
49
- * if you want client-driven retry safety across process restarts.
50
- */
51
- export interface SubmitOptions {
52
- /**
53
- * Upstream provider selector. Prefer naming it explicitly with the
54
- * {@link Providers} symbol const, e.g. `provider: Providers.DEEPSEEK`. The
55
- * same model id can route through different providers, so `provider` is a
56
- * first-class field — pass it alongside `model` rather than letting the model
57
- * alone decide routing. The BYOK key for the selected provider is supplied as
58
- * `secrets.apiKeys[provider]`.
59
- *
60
- * Optional today: when omitted it is derived from `model` (each currently
61
- * supported model maps to a single provider), so existing call sites keep
62
- * working. If supplied it MUST match the model's provider or `submit`
63
- * throws.
64
- */
65
- readonly provider?: RunProvider;
66
- /**
67
- * Closed public model id. Prefer the {@link Models} symbol const, e.g.
68
- * `Models.CLAUDE_HAIKU_4_5`. Pair it with an explicit {@link Providers} value
69
- * on `provider`; if `provider` is omitted it is derived from this model.
70
- */
71
- readonly model: RunModel;
72
- readonly system?: string;
73
- readonly prompt: string | readonly string[];
74
- readonly skills?: readonly Skill[];
75
28
  /**
76
- * Tools available to the agent. Each entry is either a custom {@link Tool}
77
- * bundle, or a BUILTIN tool reference a bare name string, preferably
78
- * `BuiltinTools.<name>` (e.g. `BuiltinTools.notebook_edit`) so a typo is a
79
- * compile error. Builtin references compose with {@link includeBuiltinTools}:
80
- * use them to cherry-pick a tool the default set omits (notebook editing), or
81
- * to pick a narrow subset alongside `includeBuiltinTools: false`.
29
+ * Built-in transport retry policy. Every BFF request is retried on transient
30
+ * failures (HTTP 429/500/502/503/504/529 and network errors) with bounded
31
+ * exponential backoff + jitter, honoring `Retry-After`. Billable submits carry
32
+ * a stable idempotency key, so a retry never creates a duplicate billable run.
82
33
  *
83
- * Order in the agent's tool list: resolved builtin tools, then custom tools,
84
- * then MCP tools.
85
- */
86
- readonly tools?: readonly (Tool | BuiltinToolName)[];
87
- readonly agentsMd?: readonly AgentsMd[];
88
- readonly files?: readonly File[];
89
- readonly mcpServers?: readonly McpServer[];
90
- /**
91
- * Env-var secrets, keyed by env name. Each value is a {@link Secret}:
92
- * `Secret.value(v)` (ephemeral per-run — vaulted at submit, deleted at the
93
- * run's terminal) or `Secret.ref(handle)` (a persisted workspace secret,
94
- * resolved server-side). The SDK splits these into value-free declarations on
95
- * the hashed submission and ephemeral values into the vaulted secrets channel,
96
- * so a value never enters the run snapshot or the idempotency hash. The
97
- * runtime injects each as the named env var.
98
- */
99
- readonly secretEnv?: Readonly<Record<string, Secret>>;
100
- readonly environment?: PlatformEnvironmentInput;
101
- readonly metadata?: PlatformSubmission["metadata"];
102
- /**
103
- * Managed runtime size. One of the closed {@link RuntimeSize} preset tokens.
104
- * Prefer the {@link RuntimeSizes} symbol const, e.g.
105
- * `RuntimeSizes.SHARED_2X_8GB`.
106
- */
107
- readonly runtimeSize?: RuntimeSize;
108
- /**
109
- * Run deadline as a duration string (`"1h"`, `"90m"`, `"30s"`). Bounded to
110
- * [1m, 6h]; omit for the 1h default. Applies to both runtimes.
111
- */
112
- readonly timeout?: string;
113
- readonly proxyEndpoints?: readonly ProxyEndpoint[];
114
- /**
115
- * Output capture policy for the run's output files.
116
- *
117
- * - `allowedDirs` omitted: every regular file the session creates or
118
- * modifies is captured.
119
- * - `allowedDirs` present: the listed roots narrow capture to those paths.
120
- * - `deniedDirs` subtracts noise from the allowed roots.
121
- *
122
- * Captured bytes land in private storage and can be retrieved via
123
- * `client.outputs(runId)` / `client.download(runId)`. See
124
- * `packages/sdk/docs/outputs.md` for the full contract.
125
- */
126
- readonly outputs?: {
127
- readonly allowedDirs?: readonly string[];
128
- readonly deniedDirs?: readonly string[];
129
- readonly captureTimeoutMs?: number;
130
- readonly maxFileBytes?: number;
131
- readonly maxTotalBytes?: number;
132
- readonly maxFiles?: number;
133
- };
134
- /**
135
- * Whether to inject the standard builtin tool set
136
- * ({@link DEFAULT_BUILTIN_TOOLS} — every builtin except `notebook_edit`).
137
- *
138
- * - Omitted / `true` (default): inject the standard builtins.
139
- * - `false`: inject NO builtins — useful for a pure-MCP / pure-custom run.
140
- * Cherry-pick a narrow subset back by listing builtin names in `tools`.
141
- */
142
- readonly includeBuiltinTools?: boolean;
143
- /**
144
- * Assistant-output granularity. `"buffered"` (default) delivers one event per
145
- * assistant message; `"stream"` delivers per-token text deltas for live
146
- * typing UIs.
147
- */
148
- readonly outputMode?: OutputMode;
149
- /**
150
- * Advanced inline secrets bundle (per-provider `apiKeys`, MCP headers, proxy
151
- * auth, env secrets). Provider keys must use `secrets.apiKeys`.
152
- */
153
- readonly secrets?: PlatformInlineSecrets;
154
- readonly idempotencyKey?: string;
155
- /**
156
- * Lineage parent (agent-session §9). When set, the server admits this run as
157
- * a CHILD of `parentRunId` (same workspace required), enforcing the
158
- * max-subagent-depth + per-root concurrency caps and persisting the lineage.
159
- * The depth is always derived server-side from the parent row — clients name
160
- * the parent, never the depth.
161
- */
162
- readonly parentRunId?: string;
163
- /**
164
- * Optional per-run callback URL. The platform delivers exactly the terminal
165
- * `run.finished` event to `webhook.url` at the settle-consistent barrier,
166
- * signed Standard-Webhooks style (verify with {@link verifyAexWebhook}). The
167
- * URL must be https. It rides alongside `idempotencyKey` and never enters the
168
- * idempotency hash, so re-submitting the same key with a different callback
169
- * URL does not 409 (the URL is bound at first accept only).
170
- */
171
- readonly webhook?: {
172
- readonly url: string;
173
- };
174
- /**
175
- * Optional per-run override of the lineage limits — the max number of
176
- * concurrent child runs and the max subagent depth. A sibling of
177
- * {@link parentRunId}: these are dials the client *requests*; the server
178
- * resolves each against the per-workspace ceiling and the hard platform
179
- * ceiling, and an absent field falls back to the platform default. Only
180
- * shape + positivity are validated client-side.
34
+ * Omit for sensible defaults (4 attempts, ~2 min budget); pass an object to
35
+ * tune `maxAttempts` / delays / `maxElapsedMs`; pass `false` to disable.
181
36
  */
182
- readonly limits?: RunLimits;
37
+ readonly retry?: RetryOptions | false;
183
38
  }
184
39
  /**
185
- * The settle-consistent result of {@link AgentExecutor.run} / `runAndCollect`:
40
+ * The settle-consistent result of {@link AgentExecutor.run}:
186
41
  * the one-shot session record plus its events, decoded trace, assistant text,
187
42
  * and captured outputs — everything a "do it and give me the result" caller
188
43
  * needs without hand-rolling a session/message/stream loop.
@@ -215,7 +70,7 @@ export interface RunResult {
215
70
  /** The run's error message when `!ok`. */
216
71
  readonly error?: string;
217
72
  }
218
- /** Options for {@link AgentExecutor.run} / `runAndCollect`. */
73
+ /** Options for {@link AgentExecutor.run}. */
219
74
  export interface RunCollectOptions {
220
75
  /** Overall wait budget (ms) for the one-shot session turn to park. */
221
76
  readonly timeoutMs?: number;
@@ -226,7 +81,6 @@ export interface RunCollectOptions {
226
81
  readonly throwOnFailure?: boolean;
227
82
  }
228
83
  export type SessionInput = string | readonly string[];
229
- export type ChatInput = SessionInput;
230
84
  export interface SessionEnvironmentOptions extends Omit<PlatformEnvironmentInput, "envVars"> {
231
85
  readonly variables?: Readonly<Record<string, string>>;
232
86
  readonly secrets?: Readonly<Record<string, Secret>>;
@@ -236,13 +90,94 @@ export interface SessionOverrides {
236
90
  readonly timeout?: string;
237
91
  readonly maxSpendUsd?: number;
238
92
  }
239
- export interface SessionCreateOptions extends Omit<SubmitOptions, "prompt" | "webhook" | "environment" | "secretEnv" | "secrets" | "runtimeSize" | "parentRunId" | "limits" | "timeout"> {
93
+ /**
94
+ * Options for opening a session (the low-level API) or a one-shot `run`.
95
+ * Everything the agent needs is spelled out at the call site:
96
+ *
97
+ * - `model` / `system` — the agent's brief.
98
+ * - `tools` — custom `Tool` bundles, skill-tools
99
+ * (`Tools.fromSkillDir` / `Tools.fromSkillUrl`), and builtin tool-name
100
+ * references; local composition instances are materialized to the hosted
101
+ * asset store before the session lands.
102
+ * - `agentsMd` / `files` — local composition instances
103
+ * (`AgentsMd.fromContent` / `File.fromBytes`, …), materialized to the
104
+ * hosted asset store before the session lands.
105
+ * - `mcpServers` / `proxyEndpoints` — instances whose secrets are split into
106
+ * the vaulted secrets channel server-side; the public submission carries
107
+ * only the declarations.
108
+ * - `apiKeys` — the BYOK provider key(s), keyed by provider. A key for the
109
+ * selected provider is REQUIRED. The platform never holds a long-lived
110
+ * provider key on your behalf.
111
+ */
112
+ export interface SessionCreateOptions {
113
+ /**
114
+ * Upstream provider selector. Prefer naming it explicitly with the
115
+ * {@link Providers} symbol const, e.g. `provider: Providers.DEEPSEEK`. When
116
+ * omitted it is derived from `model`; if supplied it MUST serve the model.
117
+ */
118
+ readonly provider?: RunProvider;
119
+ /**
120
+ * Closed public model id. Prefer the {@link Models} symbol const, e.g.
121
+ * `Models.CLAUDE_HAIKU_4_5`.
122
+ */
123
+ readonly model: RunModel;
124
+ readonly system?: string;
125
+ /**
126
+ * Tools available to the agent. Each entry is a custom {@link Tool} bundle, a
127
+ * skill-tool ({@link SkillTool} from `Tools.fromSkillDir` / `Tools.fromSkillUrl`),
128
+ * or a BUILTIN tool reference — a bare name string, preferably
129
+ * `BuiltinTools.<name>` so a typo is a compile error.
130
+ */
131
+ readonly tools?: readonly (Tool | SkillTool | BuiltinToolName)[];
132
+ readonly agentsMd?: readonly AgentsMd[];
133
+ readonly files?: readonly File[];
134
+ readonly mcpServers?: readonly McpServer[];
135
+ /**
136
+ * Output capture policy for the session's output files. `allowedDirs` omitted
137
+ * captures every regular file the session creates or modifies; the listed
138
+ * roots narrow capture; `deniedDirs` subtracts noise.
139
+ */
140
+ readonly outputs?: {
141
+ readonly allowedDirs?: readonly string[];
142
+ readonly deniedDirs?: readonly string[];
143
+ readonly captureTimeoutMs?: number;
144
+ readonly maxFileBytes?: number;
145
+ readonly maxTotalBytes?: number;
146
+ readonly maxFiles?: number;
147
+ };
148
+ /**
149
+ * Whether to inject the standard builtin tool set
150
+ * ({@link DEFAULT_BUILTIN_TOOLS}). Omitted / `true` injects the standard
151
+ * builtins; `false` injects none. Cherry-pick a subset back via `tools`.
152
+ */
153
+ readonly includeBuiltinTools?: boolean;
154
+ /**
155
+ * Assistant-output granularity. `"buffered"` (default) delivers one event per
156
+ * assistant message; `"stream"` delivers per-token text deltas.
157
+ */
158
+ readonly outputMode?: OutputMode;
159
+ readonly metadata?: PlatformSubmission["metadata"];
160
+ readonly idempotencyKey?: string;
161
+ readonly proxyEndpoints?: readonly ProxyEndpoint[];
162
+ /** BYOK provider key(s), keyed by provider. */
240
163
  readonly apiKeys?: Partial<Record<RunProvider, string>>;
241
164
  readonly environment?: SessionEnvironmentOptions;
165
+ /**
166
+ * Managed runtime size. One of the closed {@link RuntimeSize} preset tokens.
167
+ * Prefer the {@link Sizes} symbol const.
168
+ */
242
169
  readonly runtime?: RuntimeSize;
243
170
  readonly overrides?: SessionOverrides;
171
+ /**
172
+ * Optional per-session callback URL. The platform delivers the terminal
173
+ * event to `webhook.url` at the settle-consistent barrier, signed
174
+ * Standard-Webhooks style (verify with {@link verifyAexWebhook}). The URL
175
+ * must be https.
176
+ */
177
+ readonly webhook?: {
178
+ readonly url: string;
179
+ };
244
180
  }
245
- export type ChatCreateOptions = SessionCreateOptions;
246
181
  export interface SessionSendOptions {
247
182
  readonly idempotencyKey?: string;
248
183
  readonly from?: number;
@@ -250,14 +185,12 @@ export interface SessionSendOptions {
250
185
  readonly idleTimeoutMs?: number;
251
186
  readonly pingIntervalMs?: number;
252
187
  }
253
- export type ChatSendOptions = SessionSendOptions;
254
188
  export interface SessionRunOptions extends SessionCreateOptions {
255
189
  readonly message: SessionInput;
256
190
  readonly deleteAfter?: boolean;
257
191
  readonly messageIdempotencyKey?: string;
258
192
  readonly stream?: Omit<SessionSendOptions, "idempotencyKey">;
259
193
  }
260
- export type ChatRunOptions = SessionRunOptions;
261
194
  export interface SessionTurnResult {
262
195
  readonly sessionId: string;
263
196
  readonly session: Session;
@@ -267,46 +200,155 @@ export interface SessionTurnResult {
267
200
  readonly events: readonly SessionEvent[];
268
201
  readonly outputs: readonly Output[];
269
202
  }
270
- export interface ChatTurnResult extends SessionTurnResult {
271
- }
272
203
  export interface SessionRunResult extends SessionTurnResult {
273
204
  }
274
- export interface ChatRunResult extends SessionRunResult {
275
- }
276
205
  export declare class SessionTurnStream implements AsyncIterable<SessionEvent> {
277
206
  #private;
278
207
  constructor(run: () => AsyncGenerator<SessionEvent, SessionTurnResult, void>);
279
208
  [Symbol.asyncIterator](): AsyncIterator<SessionEvent>;
280
209
  done(): Promise<SessionTurnResult>;
281
210
  }
282
- export declare const ChatTurnStream: typeof SessionTurnStream;
283
- export type ChatTurnStream = SessionTurnStream;
211
+ /**
212
+ * Accessor over the session's decoded assistant messages. `session.messages()`
213
+ * returns this synchronously; each method fetches on call.
214
+ */
215
+ export interface SessionMessages {
216
+ list(): Promise<readonly AssistantTextEntry[]>;
217
+ last(): Promise<AssistantTextEntry | undefined>;
218
+ first(): Promise<AssistantTextEntry | undefined>;
219
+ }
220
+ /**
221
+ * Accessor over the session's event stream (`session.events()`): the buffered
222
+ * `SessionEvent` snapshots, the polling `RunEvent` iterator, the live
223
+ * coordinator envelope iterator, and the events-namespace archive.
224
+ */
225
+ export interface SessionEvents {
226
+ list(): Promise<readonly SessionEvent[]>;
227
+ last(): Promise<SessionEvent | undefined>;
228
+ first(): Promise<SessionEvent | undefined>;
229
+ stream(options?: StreamEventsOptions): AsyncIterable<RunEvent>;
230
+ streamEnvelopes(options?: StreamEnvelopesOptions): AsyncIterable<AexEvent>;
231
+ archiveLink(options?: OutputLinkOptions): Promise<OutputLink>;
232
+ /** Download the events-namespace archive as a zip. */
233
+ download(options?: OutputDownloadOptions): Promise<Uint8Array>;
234
+ }
235
+ /**
236
+ * Accessor over the session's captured output files (`session.outputs()`):
237
+ * enumerate, read one as capped text, locate/resolve, and download.
238
+ */
239
+ export interface SessionOutputs {
240
+ list(query?: OutputQuery): Promise<readonly Output[]>;
241
+ last(): Promise<Output | undefined>;
242
+ first(): Promise<Output | undefined>;
243
+ read(selector: OutputFileSelector, options?: ReadOutputTextOptions): Promise<OutputText>;
244
+ find(query: OutputQuery): Promise<readonly Output[]>;
245
+ findOne(query: OutputQuery): Promise<Output | null>;
246
+ link(selectorOrQuery: OutputLinkSelector, options?: OutputLinkOptions): Promise<OutputLink>;
247
+ fetch(selectorOrQuery: OutputLinkSelector, options?: OutputLinkOptions): Promise<Response>;
248
+ /** No selector = outputs-namespace zip; with selector = one file's raw bytes. */
249
+ download(selector?: OutputFileSelector, options?: OutputDownloadOptions): Promise<Uint8Array>;
250
+ }
251
+ /**
252
+ * Accessor over the session's webhook delivery ledger (`session.webhooks()`).
253
+ */
254
+ export interface SessionWebhooks {
255
+ list(): Promise<readonly RunWebhookDelivery[]>;
256
+ redeliver(deliveryId: string): Promise<void>;
257
+ }
284
258
  export declare class SessionHandle {
285
259
  #private;
286
- constructor(http: HttpClient, session: Session);
260
+ constructor(http: HttpClient, session: Session, fetch?: FetchLike);
287
261
  get id(): string;
288
262
  get record(): Session;
289
263
  send(input: SessionInput, options?: SessionSendOptions): SessionTurnStream;
264
+ /**
265
+ * Re-send the last message on this session — the clean way to retry a turn a
266
+ * throttle or transient failure interrupted. By default it REUSES the previous
267
+ * message's idempotency key, so if the original turn actually landed
268
+ * server-side the replay de-duplicates instead of creating a second billable
269
+ * turn; pass a fresh `idempotencyKey` to force a brand-new turn.
270
+ */
271
+ replayLast(options?: SessionSendOptions): SessionTurnStream;
290
272
  suspend(options?: Pick<SessionSendOptions, "idempotencyKey">): Promise<SessionStateChangeAccepted>;
291
273
  cancel(options?: Pick<SessionSendOptions, "idempotencyKey">): Promise<SessionStateChangeAccepted>;
292
274
  resume(options?: Pick<SessionSendOptions, "idempotencyKey">): Promise<SessionStateChangeAccepted>;
293
275
  delete(options?: Pick<SessionSendOptions, "idempotencyKey">): Promise<void>;
294
- listEvents(): Promise<readonly SessionEvent[]>;
295
- listOutputs(query?: OutputQuery): Promise<readonly Output[]>;
276
+ /**
277
+ * Accessor for the session's decoded assistant messages (buffered output
278
+ * mode: one entry per assistant message). `list()` returns them oldest-first;
279
+ * `last()`/`first()` return a single entry or `undefined` when empty.
280
+ */
281
+ messages(): SessionMessages;
282
+ /**
283
+ * Accessor for the session's event stream: the buffered `SessionEvent`
284
+ * snapshots (`list`/`last`/`first`), the polling `RunEvent` iterator
285
+ * (`stream`), the live coordinator envelope iterator (`streamEnvelopes`), and
286
+ * the events-namespace archive (`archiveLink`/`download`).
287
+ */
288
+ events(): SessionEvents;
289
+ /**
290
+ * Accessor for the session's captured output files: `list`/`last`/`first`
291
+ * enumerate them; `read` streams one as capped text; `find`/`findOne`/`link`/
292
+ * `fetch` locate and resolve them; `download` fetches the outputs-namespace
293
+ * zip (no selector) or one file's raw bytes (with selector).
294
+ */
295
+ outputs(): SessionOutputs;
296
+ /**
297
+ * Accessor for the session's webhook delivery ledger: `list()` returns the
298
+ * delivery attempts; `redeliver(id)` re-sends the frozen payload under the
299
+ * same `webhook-id` so the consumer dedupes.
300
+ */
301
+ webhooks(): SessionWebhooks;
302
+ /** Re-read the session record from the server and store it as the current record. */
303
+ refresh(): Promise<Session>;
304
+ /**
305
+ * Poll the session record until it reaches a parked/terminal status (idle,
306
+ * suspended, error, or any terminal run status). Throws if `timeoutMs`
307
+ * elapses first. Updates the stored record.
308
+ */
309
+ wait(options?: WaitForRunOptions): Promise<Session>;
310
+ /**
311
+ * Fetch the self-contained `RunUnit` for this session: parsed submission,
312
+ * attempts, indexed events, outputs, capture failures, proxy-call audit, and
313
+ * resolved skills. Use this when you need fields beyond the session record.
314
+ */
315
+ unit(): Promise<RunUnit>;
316
+ /**
317
+ * Download EVERYTHING public about this session as one zip, assembled
318
+ * client-side from the public read endpoints. Organised into `metadata/`,
319
+ * `events/`, and `outputs/` folders, plus a `manifest.json`. Pass `to` to
320
+ * also write the bytes to a file path while still returning them.
321
+ */
322
+ download(options?: OutputDownloadOptions): Promise<Uint8Array>;
323
+ /** Download only the session record (the `metadata` namespace) as a zip. */
324
+ downloadMetadata(options?: OutputDownloadOptions): Promise<Uint8Array>;
296
325
  }
297
- export declare const ChatSession: typeof SessionHandle;
298
- export type ChatSession = SessionHandle;
299
326
  export declare class SessionClient {
300
327
  #private;
301
- constructor(http: HttpClient, buildCreateRequest: (options: SessionCreateOptions) => Promise<SessionCreateRequest>);
328
+ constructor(http: HttpClient, buildCreateRequest: (options: SessionCreateOptions) => Promise<SessionCreateRequest>, fetch?: FetchLike);
302
329
  create(options: SessionCreateOptions): Promise<SessionHandle>;
303
330
  open(sessionId: string): Promise<SessionHandle>;
304
331
  get(sessionId: string): Promise<Session>;
305
332
  list(query?: SessionListQuery): Promise<SessionListPage>;
333
+ /**
334
+ * Accessor over one session's captured output files, addressed by id without
335
+ * opening a handle. Returns the SAME rich {@link SessionOutputs} surface as
336
+ * `session.outputs()` — `aex.sessions.outputs(id).list()` /
337
+ * `.read(selector)` / `.download()` / … — so the workspace client and the
338
+ * live handle share one accessor convention.
339
+ */
340
+ outputs(sessionId: string): SessionOutputs;
341
+ /**
342
+ * Find output files across sessions by filename / extension / content type.
343
+ * Returns lean REFERENCE hits (never bytes; fetch content with `readOutput`).
344
+ * Scope the search to a corpus with `query.runIds` (a session-id allow-list);
345
+ * omit it to scan every session in the workspace. Composed client-side (per-
346
+ * session `listSessionOutputs` + the contracts output filter), bounded by
347
+ * `query.limit` (default 100).
348
+ */
349
+ searchOutputs(query?: OutputSearchQuery): Promise<OutputSearchPage>;
306
350
  run(options: SessionRunOptions): Promise<SessionRunResult>;
307
351
  }
308
- export declare const ChatClient: typeof SessionClient;
309
- export type ChatClient = SessionClient;
310
352
  export interface StreamEventsOptions {
311
353
  /** Poll interval in ms for the `RunEvent` snapshot loop. Default 1000. */
312
354
  readonly intervalMs?: number;
@@ -347,52 +389,12 @@ export type OutputLinkSelector = string | OutputFileSelector | OutputQuery;
347
389
  export interface OutputDownloadOptions {
348
390
  readonly to?: string;
349
391
  }
350
- /**
351
- * Workspace skill admin operations exposed under `client.skills`.
352
- *
353
- * New run submissions usually use `Skill.fromFiles(...)` or
354
- * `Skill.fromPath(...)` directly inside `submit`; the SDK materializes
355
- * those bytes to the hosted asset store before the run lands. This namespace is the read/delete
356
- * surface for workspace skill records and the internal transport used by the
357
- * legacy CLI upload command.
358
- */
359
- export declare class SkillsClient {
360
- #private;
361
- constructor(http: HttpClient);
362
- list(): Promise<readonly SkillRecord[]>;
363
- get(skillId: string): Promise<SkillRecord>;
364
- delete(skillId: string): Promise<void>;
365
- /**
366
- * Lookup a live workspace skill by `(name, contentHash)`.
367
- *
368
- * Returns the matching `Skill` record or `null` when no live row
369
- * carries that hash. The `contentHash` is the wire format
370
- * `sha256:<hex>` returned by `hashSkillBundle` (and stored verbatim
371
- * on every skill row). The hash space is unique enough that one
372
- * row at most can match, so this is a single keyed lookup.
373
- *
374
- * Consumers can call this directly when they already have a hash in hand
375
- * and want to know whether the skill is already persisted.
376
- */
377
- findByHash(args: {
378
- readonly name: string;
379
- readonly contentHash: string;
380
- }): Promise<SkillRecord | null>;
381
- /**
382
- * Lookup a live workspace skill by `name`. Returns the matching
383
- * `Skill` record or `null` when no live row carries that name.
384
- * Implemented as a list-and-filter against the existing `/api/skills`
385
- * endpoint — typical workspace skill counts are small enough that
386
- * the cost is negligible.
387
- */
388
- findByName(name: string): Promise<SkillRecord | null>;
389
- }
390
392
  /**
391
393
  * Workspace AgentsMd admin operations exposed under `client.agentsMd`.
392
394
  *
393
- * New run submissions usually use `AgentsMd.fromContent(...)` or
394
- * `AgentsMd.fromPath(...)` directly inside `submit`; the SDK
395
- * materializes those bytes to the hosted asset store before the run lands. This namespace is
395
+ * New sessions usually use `AgentsMd.fromContent(...)` or
396
+ * `AgentsMd.fromPath(...)` directly on `openSession` / `run`; the SDK
397
+ * materializes those bytes to the hosted asset store before the session starts. This namespace is
396
398
  * the read/delete surface for persisted AgentsMd records.
397
399
  */
398
400
  export declare class AgentsMdClient {
@@ -405,9 +407,9 @@ export declare class AgentsMdClient {
405
407
  /**
406
408
  * Workspace File admin operations exposed under `client.files`.
407
409
  *
408
- * New run submissions usually use `File.fromPath(...)` or
409
- * `File.fromBytes(...)` directly inside `submit`; the SDK materializes
410
- * those bytes to the hosted asset store before the run lands. This namespace is the read/delete
410
+ * New sessions usually use `File.fromPath(...)` or
411
+ * `File.fromBytes(...)` directly on `openSession` / `run`; the SDK materializes
412
+ * those bytes to the hosted asset store before the session starts. This namespace is the read/delete
411
413
  * surface for persisted file records.
412
414
  */
413
415
  export declare class FilesClient {
@@ -419,17 +421,16 @@ export declare class FilesClient {
419
421
  }
420
422
  /**
421
423
  * Workspace secret management exposed under `client.secrets`, mirroring
422
- * `client.skills` / `client.files`.
424
+ * `client.agentsMd` / `client.files`.
423
425
  *
424
- * Lifecycle parity with assets/skills: a `Secret.value(...)` is per-run and
426
+ * Lifecycle parity with assets: a `Secret.value(...)` is per-run and
425
427
  * gone at terminal; `set` (or promoting an ephemeral via `secret.upload`)
426
428
  * persists a named, searchable workspace secret you can `get` (metadata),
427
- * `get_value` (audited value), `rotate`, `list`, and `delete`. The identity is the
428
- * `name`; the value rotates under that stable name.
429
+ * `rotate`, `list`, and `delete`. The identity is the `name`; the value rotates
430
+ * under that stable name.
429
431
  *
430
- * Values are write-only: `set`/`rotate` send the value in the request BODY (never
431
- * the URL); `get`/`list` return metadata only; `get_value` is the explicit audited
432
- * value read.
432
+ * Values are write-only through the public SDK: `set`/`rotate` send the value in
433
+ * the request BODY (never the URL); `get`/`list` return metadata only.
433
434
  */
434
435
  export declare class SecretsClient {
435
436
  #private;
@@ -443,8 +444,6 @@ export declare class SecretsClient {
443
444
  list(): Promise<readonly SecretRecord[]>;
444
445
  /** Metadata for one workspace secret by name. Never returns the value. */
445
446
  get(name: string): Promise<SecretRecord>;
446
- /** Audited value read — the preferred path that returns a workspace secret value. */
447
- get_value(name: string): Promise<SecretReveal>;
448
447
  /** Replace the value of an existing workspace secret; bumps its version. */
449
448
  rotate(args: {
450
449
  readonly name: string;
@@ -476,12 +475,10 @@ export declare class SecretsClient {
476
475
  */
477
476
  export declare class AgentExecutor {
478
477
  #private;
479
- readonly skills: SkillsClient;
480
478
  readonly agentsMd: AgentsMdClient;
481
479
  readonly files: FilesClient;
482
480
  readonly secrets: SecretsClient;
483
481
  readonly sessions: SessionClient;
484
- readonly chat: ChatClient;
485
482
  constructor(options: AgentExecutorOptions);
486
483
  /**
487
484
  * Internal: satisfies the `SecretUploader` surface so a
@@ -497,9 +494,10 @@ export declare class AgentExecutor {
497
494
  }>;
498
495
  /**
499
496
  * Internal: materialize raw bytes to the content-addressable asset store
500
- * (`/assets/presign` → PUT → `/assets/finalize`). Used by `Skill.upload(this)`
501
- * to pre-upload a draft skill bundle so a later run carries only a plain
502
- * `kind:"asset"` ref. NOT part of the public API.
497
+ * (`/assets/presign` → PUT → `/assets/finalize`). Used by the session-create
498
+ * prepare step to upload draft skill-tool / tool / agentsMd / file bundles so
499
+ * the wire submission carries only plain `kind:"asset"` / `kind:"skill"` refs.
500
+ * NOT part of the public API.
503
501
  */
504
502
  _uploadAsset(args: {
505
503
  readonly bytes: Uint8Array;
@@ -514,140 +512,8 @@ export declare class AgentExecutor {
514
512
  * so callers can resume later with `openSession(runId)`.
515
513
  */
516
514
  run(options: SessionRunOptions, opts?: RunCollectOptions): Promise<RunResult>;
517
- /**
518
- * Explicit, discoverable alias for {@link run}: open a one-shot session turn
519
- * and collect the full {@link RunResult} in one call.
520
- */
521
- runAndCollect(options: SessionRunOptions, opts?: RunCollectOptions): Promise<RunResult>;
522
515
  openSession(options: SessionCreateOptions): Promise<SessionHandle>;
523
516
  openSession(sessionId: string): Promise<SessionHandle>;
524
- /**
525
- * Submit a run and return its run id immediately. Use that id with
526
- * `wait`, `stream`, `outputs`, `download`, `cancel`, or `delete`.
527
- *
528
- * The SDK splits `mcpServers[i].headers` into `secrets.mcpServers`
529
- * and `proxyEndpoints[i]` auth values into `secrets.proxyEndpointAuth`
530
- * before sending so credentials never enter the hashed submission or
531
- * the run snapshot.
532
- *
533
- * Unstaged inline skills / agentsMd / files (`Skill.fromFiles` /
534
- * `Skill.fromPath` / `AgentsMd.fromContent` / `File.fromBytes` without a
535
- * prior `.upload`) are auto-uploaded to the content-addressable asset
536
- * store (`/assets/presign` → PUT → `/assets/finalize`) before `POST /runs`,
537
- * deduped by content hash, and referenced in the submission as plain
538
- * `{ kind:"asset" }` refs — identical to a pre-staged `.upload(client)`.
539
- */
540
- submit(options: SubmitOptions): Promise<string>;
541
- getRun(runId: string): Promise<Run>;
542
- /** Short alias for `getRun`. */
543
- get(runId: string): Promise<Run>;
544
- /**
545
- * List the runs in this workspace, most-recent first, one page at a time.
546
- * The workspace is derived server-side from the API token, so this only ever
547
- * enumerates your own runs. Pass `query.cursor` (from a prior page's
548
- * `nextCursor`) to page; omit it for the first page. Returns public-safe
549
- * {@link RunSummary} rows — the full submission stays behind `getRunUnit`.
550
- *
551
- * This is the workspace-wide discovery entry point: combine it with
552
- * `listOutputs` / `readOutputText` to reach any run's deliverables.
553
- */
554
- listRuns(query?: RunListQuery): Promise<RunListPage>;
555
- /**
556
- * Find output files across runs by filename / extension / content type.
557
- * Returns lean REFERENCE hits (runId, outputId, filename, size, content type)
558
- * — never bytes; fetch content with {@link readOutputText}. Scope the search
559
- * to a corpus with `query.runIds`; omit it to scan the whole workspace (needs
560
- * the owner-gated `listRuns`). Composed client-side for the MVP (per-run
561
- * `listOutputs` + the contracts output filter), so it works against any
562
- * already-terminal run with no new server endpoint. Bounded by
563
- * `query.limit` (default 100) — for very large corpora prefer the deferred
564
- * server-side index.
565
- */
566
- searchOutputs(query?: OutputSearchQuery): Promise<OutputSearchPage>;
567
- /**
568
- * Fetch the self-contained `RunUnit`: parsed submission inputs,
569
- * attempts, indexed events (inline + cursor for the tail), raw
570
- * provider-event Storage manifest, outputs, capture failures,
571
- * proxy-call audit, pinned workspace skills, provider skills,
572
- * inline skills. Backed by the same endpoint as `getRun` but
573
- * typed against the full wire shape — use this when you need
574
- * fields beyond `{id, status, timestamps, usage}`.
575
- */
576
- getRunUnit(runId: string): Promise<RunUnit>;
577
- /** Short alias for `getRunUnit`. */
578
- getUnit(runId: string): Promise<RunUnit>;
579
- listEvents(runId: string): Promise<readonly RunEvent[]>;
580
- /** Short alias for `listEvents`. */
581
- events(runId: string): Promise<readonly RunEvent[]>;
582
- /**
583
- * Yield run events (the `RunEvent` snapshot shape) as they arrive, by
584
- * polling the coordinator-backed `/events` endpoint until the run reaches
585
- * a terminal state, the signal aborts, or the caller breaks the iterator.
586
- *
587
- * For the live, low-latency envelope stream prefer {@link streamEnvelopes}
588
- * (coordinator WebSocket). This polling form stays for consumers that want
589
- * the loose `RunEvent` shape without a WS.
590
- */
591
- streamEvents(runId: string, options?: StreamEventsOptions): AsyncIterable<RunEvent>;
592
- /** Short alias for `streamEvents`. */
593
- stream(runId: string, options?: StreamEventsOptions): AsyncIterable<RunEvent>;
594
- /**
595
- * Stream the unified {@link AexEvent} envelope live over the coordinator
596
- * WebSocket. The hosted API's ticket broker authorizes the connection (workspace
597
- * token → short-lived coordinator ticket); the shared client replays from
598
- * the cursor, tails live, and resumes exactly-once across reconnects. The
599
- * ticket is re-minted on each (re)connect so a long run never outlives it.
600
- */
601
- streamEnvelopes(runId: string, options?: StreamEnvelopesOptions): AsyncIterable<AexEvent>;
602
- /**
603
- * Poll the run record until it reaches a terminal status (succeeded,
604
- * failed, terminated). Throws if `timeoutMs` elapses first.
605
- */
606
- waitForRun(runId: string, options?: WaitForRunOptions): Promise<Run>;
607
- /** Short alias for `waitForRun`. */
608
- wait(runId: string, options?: WaitForRunOptions): Promise<Run>;
609
- listOutputs(runId: string, query?: OutputQuery): Promise<readonly Output[]>;
610
- /** Short alias for `listOutputs`. */
611
- outputs(runId: string, query?: OutputQuery): Promise<readonly Output[]>;
612
- findOutputs(runId: string, query: OutputQuery): Promise<readonly Output[]>;
613
- findOutput(runId: string, query: OutputQuery): Promise<Output | null>;
614
- outputLink(runId: string, selectorOrQuery: OutputLinkSelector, options?: OutputLinkOptions): Promise<OutputLink>;
615
- createOutputLink(runId: string, selectorOrQuery: OutputLinkSelector, options?: OutputLinkOptions): Promise<OutputLink>;
616
- fetchOutput(runId: string, selectorOrQuery: OutputLinkSelector, options?: OutputLinkOptions): Promise<Response>;
617
- /**
618
- * Read ONE output file as byte-capped, decoded UTF-8 text. Streams the file and
619
- * STOPS at `options.maxBytes` (default 50 KB, ceiling 10 MB), so a huge
620
- * deliverable never fully buffers — ideal for handing a run's output to an LLM
621
- * tool. Check `result.truncated` before treating the text as complete; pass
622
- * `options.grep` to keep only matching lines. Select by `{ path }` or `{ id }`,
623
- * same as `downloadOutput`.
624
- */
625
- readOutputText(runId: string, selector: OutputFileSelector, options?: ReadOutputTextOptions): Promise<OutputText>;
626
- eventArchiveLink(runId: string, options?: OutputLinkOptions): Promise<OutputLink>;
627
- /**
628
- * Download captured deliverables. Omit `selector` to receive the full
629
- * outputs namespace as a zip; pass an id, Output object, or path selector
630
- * to receive one file's raw bytes.
631
- */
632
- downloadOutput(runId: string, options?: OutputDownloadOptions): Promise<Uint8Array>;
633
- downloadOutput(runId: string, selector: undefined, options?: OutputDownloadOptions): Promise<Uint8Array>;
634
- downloadOutput(runId: string, selector: OutputFileSelector, options?: OutputDownloadOptions): Promise<Uint8Array>;
635
- cancelRun(runId: string): Promise<void>;
636
- /** Short alias for `cancelRun`. */
637
- cancel(runId: string): Promise<void>;
638
- deleteRun(runId: string): Promise<void>;
639
- /** Short alias for `deleteRun`. */
640
- delete(runId: string): Promise<void>;
641
- /**
642
- * List a run's webhook delivery attempts (the per-run delivery ledger).
643
- * Empty when the run carried no `webhook` or has not yet terminated.
644
- */
645
- getRunWebhookDeliveries(runId: string): Promise<readonly RunWebhookDelivery[]>;
646
- /**
647
- * Manually re-trigger a run's webhook delivery: re-sends the frozen payload
648
- * with the SAME `webhook-id` so the consumer dedupes.
649
- */
650
- redeliverRunWebhook(runId: string, deliveryId: string): Promise<void>;
651
517
  /**
652
518
  * Delete a workspace asset blob from the shared content-addressed store
653
519
  * (`assets/<workspaceId>/<hash>`). Accepts `sha256:<hex>` or a bare
@@ -655,21 +521,6 @@ export declare class AgentExecutor {
655
521
  */
656
522
  deleteWorkspaceAsset(hash: string): Promise<void>;
657
523
  whoami(): Promise<WhoAmI>;
658
- /**
659
- * Download EVERYTHING public about a run as one zip, assembled client-side
660
- * from the public read endpoints (`getRun` + `listEvents` +
661
- * `listOutputs` + per-output `/download`). Organised into the namespace
662
- * folders `metadata/`, `events/`, and `outputs/`, plus a `manifest.json`.
663
- * Pass `to` to also write the
664
- * bytes to a file path while still returning the bytes.
665
- */
666
- download(runId: string, options?: OutputDownloadOptions): Promise<Uint8Array>;
667
- /** Download only the run's deliverables (the `outputs` namespace) as a zip. */
668
- downloadOutputs(runId: string, options?: OutputDownloadOptions): Promise<Uint8Array>;
669
- /** Download only the indexed event archive (the `events` namespace) as a zip. */
670
- downloadEvents(runId: string, options?: OutputDownloadOptions): Promise<Uint8Array>;
671
- /** Download only the run record (the `metadata` namespace) as a zip. */
672
- downloadMetadata(runId: string, options?: OutputDownloadOptions): Promise<Uint8Array>;
673
524
  }
674
525
  /** Canonical SDK client name. `AgentExecutor` remains as a compatibility alias. */
675
526
  export declare class Aex extends AgentExecutor {