@aexhq/sdk 0.34.0 → 0.36.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -15
- package/dist/_contracts/index.d.ts +3 -4
- package/dist/_contracts/index.js +1 -4
- package/dist/_contracts/operations.d.ts +2 -1
- package/dist/_contracts/operations.js +10 -0
- package/dist/_contracts/run-config.d.ts +1 -3
- package/dist/_contracts/run-config.js +2 -7
- package/dist/_contracts/run-trace.d.ts +0 -86
- package/dist/_contracts/run-trace.js +1 -184
- package/dist/_contracts/run-unit.d.ts +2 -25
- package/dist/_contracts/run-unit.js +1 -2
- package/dist/_contracts/runtime-manifest.d.ts +1 -1
- package/dist/_contracts/runtime-security-profile.d.ts +0 -2
- package/dist/_contracts/runtime-security-profile.js +0 -9
- package/dist/_contracts/runtime-types.d.ts +25 -4
- package/dist/_contracts/stable.d.ts +1 -1
- package/dist/_contracts/stable.js +1 -1
- package/dist/_contracts/submission.d.ts +62 -95
- package/dist/_contracts/submission.js +59 -482
- package/dist/cli.mjs +99 -442
- package/dist/cli.mjs.sha256 +1 -1
- package/dist/client.d.ts +49 -25
- package/dist/client.js +341 -70
- package/dist/client.js.map +1 -1
- package/dist/index.d.ts +9 -15
- package/dist/index.js +11 -17
- package/dist/index.js.map +1 -1
- package/dist/retry.d.ts +162 -0
- package/dist/retry.js +320 -0
- package/dist/retry.js.map +1 -0
- package/dist/secret.d.ts +2 -2
- package/dist/secret.js +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/docs/concepts/composition.md +8 -14
- package/docs/credentials.md +59 -101
- package/docs/defaults.md +0 -8
- package/docs/events.md +8 -9
- package/docs/limits-and-quotas.md +1 -4
- package/docs/limits.md +2 -6
- package/docs/mcp.md +4 -5
- package/docs/networking.md +6 -16
- package/docs/outputs.md +0 -4
- package/docs/public-surface.json +3 -3
- package/docs/quickstart.md +3 -7
- package/docs/retries.md +129 -0
- package/docs/run-config.md +6 -3
- package/docs/secrets.md +1 -1
- package/docs/skills.md +3 -3
- package/docs/vision-skills.md +52 -101
- package/examples/feature-tour.ts +284 -0
- package/package.json +1 -1
- package/dist/_contracts/proxy-protocol.d.ts +0 -305
- package/dist/_contracts/proxy-protocol.js +0 -297
- package/dist/_contracts/proxy-validation.d.ts +0 -19
- package/dist/_contracts/proxy-validation.js +0 -51
- package/dist/data-tools.d.ts +0 -82
- package/dist/data-tools.js +0 -251
- package/dist/data-tools.js.map +0 -1
- package/dist/proxy-endpoint.d.ts +0 -131
- package/dist/proxy-endpoint.js +0 -144
- package/dist/proxy-endpoint.js.map +0 -1
- package/examples/chat-corpus.ts +0 -84
|
@@ -118,6 +118,27 @@ export interface SessionMessageAccepted {
|
|
|
118
118
|
readonly turn: SessionTurn;
|
|
119
119
|
readonly eventCursor?: number;
|
|
120
120
|
}
|
|
121
|
+
export type SessionMessageSender = "user" | "assistant" | "system" | "tool";
|
|
122
|
+
export interface SessionMessage {
|
|
123
|
+
readonly id: string;
|
|
124
|
+
readonly sender: SessionMessageSender;
|
|
125
|
+
readonly text: string;
|
|
126
|
+
readonly timestamp?: string;
|
|
127
|
+
readonly turnSeq?: number;
|
|
128
|
+
readonly sequence?: number;
|
|
129
|
+
readonly messageId?: string;
|
|
130
|
+
readonly content?: unknown;
|
|
131
|
+
readonly [key: string]: unknown;
|
|
132
|
+
}
|
|
133
|
+
export interface SessionMessagesQuery {
|
|
134
|
+
readonly limit?: number;
|
|
135
|
+
readonly cursor?: string;
|
|
136
|
+
readonly since?: string;
|
|
137
|
+
}
|
|
138
|
+
export interface SessionMessagesPage {
|
|
139
|
+
readonly messages: readonly SessionMessage[];
|
|
140
|
+
readonly nextCursor?: string;
|
|
141
|
+
}
|
|
121
142
|
export interface SessionStateChangeAccepted {
|
|
122
143
|
readonly session: Session;
|
|
123
144
|
readonly turn?: SessionTurn;
|
|
@@ -132,7 +153,7 @@ export interface UsageSummary {
|
|
|
132
153
|
readonly totalTokens?: number;
|
|
133
154
|
}
|
|
134
155
|
/**
|
|
135
|
-
* Filters for {@link import("./operations.js").listRuns} / `
|
|
156
|
+
* Filters for {@link import("./operations.js").listRuns} / `Aex.runs.list`.
|
|
136
157
|
* Every field is optional; omitting all of them lists the most recent runs in the
|
|
137
158
|
* token's workspace. Workspace identity is derived server-side from the API token,
|
|
138
159
|
* so there is no `workspaceId` here — a token can only ever enumerate its own runs.
|
|
@@ -166,7 +187,7 @@ export interface RunListPage {
|
|
|
166
187
|
readonly nextCursor?: string;
|
|
167
188
|
}
|
|
168
189
|
/**
|
|
169
|
-
* Cross-run output search query (`
|
|
190
|
+
* Cross-run output search query (`Aex.outputs.search`). Restrict to a
|
|
170
191
|
* corpus with `runIds`; filter by filename substring / extension / content type.
|
|
171
192
|
* The MVP composes this client-side (per-run `listOutputs` + filter) — a future
|
|
172
193
|
* server-side `GET /api/outputs/search` can back the same contract with a real
|
|
@@ -301,7 +322,7 @@ export interface OutputFileDownload {
|
|
|
301
322
|
readonly output: Output;
|
|
302
323
|
readonly bytes: Uint8Array;
|
|
303
324
|
}
|
|
304
|
-
/** Options for `
|
|
325
|
+
/** Options for `Aex.outputs.read` / {@link import("./operations.js").readOutputText}. */
|
|
305
326
|
export interface ReadOutputTextOptions {
|
|
306
327
|
/**
|
|
307
328
|
* Stop reading after this many bytes. Defaults to 50_000; clamped server-side
|
|
@@ -317,7 +338,7 @@ export interface ReadOutputTextOptions {
|
|
|
317
338
|
}
|
|
318
339
|
/**
|
|
319
340
|
* A byte-capped, decoded text read of one output file, as returned by
|
|
320
|
-
* `
|
|
341
|
+
* `Aex.outputs.read`. Built for feeding run deliverables to an LLM
|
|
321
342
|
* without loading the whole (possibly very large) file into memory or context:
|
|
322
343
|
* the read streams and stops at `maxBytes`, so `text` is at most that many bytes
|
|
323
344
|
* decoded as UTF-8. Check {@link truncated} before treating `text` as complete.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Canonical hosted aex API plane URL. Used as the default `baseUrl`
|
|
3
|
-
* for the SDK `
|
|
3
|
+
* for the SDK `Aex` client and the host-side CLI `--aex-url`
|
|
4
4
|
* flag.
|
|
5
5
|
*
|
|
6
6
|
* Pinned to `api.aex.dev` on purpose: the dashboard at
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { createHash } from "node:crypto";
|
|
2
2
|
/**
|
|
3
3
|
* Canonical hosted aex API plane URL. Used as the default `baseUrl`
|
|
4
|
-
* for the SDK `
|
|
4
|
+
* for the SDK `Aex` client and the host-side CLI `--aex-url`
|
|
5
5
|
* flag.
|
|
6
6
|
*
|
|
7
7
|
* Pinned to `api.aex.dev` on purpose: the dashboard at
|
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
import { PROXY_ENDPOINT_DEFAULTS, type ProxyAuthShape, type ProxyMethod, type ProxyRetryPolicy, type ProxyResponseMode } from "./proxy-protocol.js";
|
|
2
|
-
export { PROXY_ENDPOINT_DEFAULTS };
|
|
3
1
|
import type { AgentsMdRef, FileRef, McpServerRef, SkillToolRef, ToolRef } from "./run-config.js";
|
|
4
2
|
import { type RuntimeSize } from "./runtime-sizes.js";
|
|
5
3
|
import { type RunModel } from "./models.js";
|
|
@@ -141,43 +139,18 @@ export interface PlatformMcpServerSecret {
|
|
|
141
139
|
readonly url: string;
|
|
142
140
|
readonly headers?: Record<string, string>;
|
|
143
141
|
}
|
|
144
|
-
/**
|
|
145
|
-
* Per-run auth value for a declared proxy endpoint. The `name` must
|
|
146
|
-
* match a `proxyEndpoints[i].name` in the same submission, and `value`'s
|
|
147
|
-
* shape must match that endpoint's `authShape.type`. The cross-validation
|
|
148
|
-
* lives in `parseRunSubmissionRequest`.
|
|
149
|
-
*/
|
|
150
|
-
export interface PlatformProxyEndpointAuth {
|
|
151
|
-
readonly name: string;
|
|
152
|
-
readonly value: PlatformProxyAuthValue;
|
|
153
|
-
}
|
|
154
|
-
export type PlatformProxyAuthValue = {
|
|
155
|
-
readonly type: "bearer";
|
|
156
|
-
readonly token: string;
|
|
157
|
-
} | {
|
|
158
|
-
readonly type: "basic";
|
|
159
|
-
readonly username: string;
|
|
160
|
-
readonly password: string;
|
|
161
|
-
} | {
|
|
162
|
-
readonly type: "header";
|
|
163
|
-
readonly value: string;
|
|
164
|
-
} | {
|
|
165
|
-
readonly type: "query";
|
|
166
|
-
readonly value: string;
|
|
167
|
-
};
|
|
168
142
|
/**
|
|
169
143
|
* Per-run inline secrets bundle. `apiKeys` holds the BYOK provider keys, keyed
|
|
170
144
|
* by {@link RunProvider}. A run REQUIRES a key for its own `provider`; it MAY
|
|
171
145
|
* carry keys for additional providers so a subagent spawned with a
|
|
172
146
|
* different-family model inherits them server-side from the vault (the keys
|
|
173
|
-
* never transit the container). `mcpServers`
|
|
174
|
-
*
|
|
175
|
-
*
|
|
147
|
+
* never transit the container). `mcpServers` credentials are cross-provider
|
|
148
|
+
* (an MCP credential is the same secret whichever model is driving the MCP
|
|
149
|
+
* client).
|
|
176
150
|
*/
|
|
177
151
|
export interface PlatformInlineSecrets {
|
|
178
152
|
readonly apiKeys?: Partial<Record<RunProvider, string>>;
|
|
179
153
|
readonly mcpServers?: readonly PlatformMcpServerSecret[];
|
|
180
|
-
readonly proxyEndpointAuth?: readonly PlatformProxyEndpointAuth[];
|
|
181
154
|
/**
|
|
182
155
|
* Per-run env-var secret VALUES, keyed by env name. Each entry pairs with a
|
|
183
156
|
* `submission.secretEnv[<envName>] = { ephemeral: true }` declaration. Lives
|
|
@@ -188,29 +161,6 @@ export interface PlatformInlineSecrets {
|
|
|
188
161
|
*/
|
|
189
162
|
readonly envSecrets?: Readonly<Record<string, string>>;
|
|
190
163
|
}
|
|
191
|
-
/**
|
|
192
|
-
* Per-run named HTTP proxy endpoint. The `authShape` describes how the
|
|
193
|
-
* upstream expects auth; the actual value is supplied separately via
|
|
194
|
-
* `secrets.proxyEndpointAuth`. The auth value never enters the
|
|
195
|
-
* container — the BFF proxy injects it on outbound calls.
|
|
196
|
-
*
|
|
197
|
-
* Caps and allow-lists below are intentionally pessimistic by default
|
|
198
|
-
* so a misconfigured endpoint can't accidentally permit a wide attack
|
|
199
|
-
* surface; raise per endpoint if needed.
|
|
200
|
-
*/
|
|
201
|
-
export interface PlatformProxyEndpoint {
|
|
202
|
-
readonly name: string;
|
|
203
|
-
readonly baseUrl: string;
|
|
204
|
-
readonly authShape: ProxyAuthShape;
|
|
205
|
-
readonly allowMethods: readonly ProxyMethod[];
|
|
206
|
-
readonly allowPathPrefixes: readonly string[];
|
|
207
|
-
readonly allowHeaders?: readonly string[];
|
|
208
|
-
readonly responseMode?: ProxyResponseMode;
|
|
209
|
-
readonly maxRequestBytes?: number;
|
|
210
|
-
readonly maxResponseBytes?: number;
|
|
211
|
-
readonly timeoutMs?: number;
|
|
212
|
-
readonly retry?: ProxyRetryPolicy;
|
|
213
|
-
}
|
|
214
164
|
export declare const SECRETS_KEY = "secrets";
|
|
215
165
|
/** POSIX-style env var name a `secretEnv` entry binds to (e.g. `SERPER_API_KEY`). */
|
|
216
166
|
export declare const SECRET_ENV_NAME_PATTERN: RegExp;
|
|
@@ -227,18 +177,10 @@ export type PlatformSecretEnvEntry = {
|
|
|
227
177
|
} | {
|
|
228
178
|
readonly ephemeral: true;
|
|
229
179
|
};
|
|
230
|
-
export declare const PROXY_ENDPOINT_NAME_PATTERN: RegExp;
|
|
231
|
-
export declare const RESERVED_PROXY_ENDPOINT_NAMES: Set<string>;
|
|
232
180
|
export declare const deniedSecretFields: Set<string>;
|
|
233
|
-
export declare function parseProxyRetryPolicy(input: unknown, field: string): ProxyRetryPolicy | undefined;
|
|
234
|
-
export declare function parseProxyAuthShape(input: unknown, field: string): ProxyAuthShape;
|
|
235
|
-
export declare function parseProxyMethods(input: unknown, field: string): readonly ProxyMethod[];
|
|
236
|
-
export declare function parseProxyPathPrefixes(input: unknown, field: string): readonly string[];
|
|
237
|
-
export declare function parseProxyAllowedHeaders(input: unknown, field: string, authShape: ProxyAuthShape): readonly string[] | undefined;
|
|
238
|
-
export declare function crossValidateProxyEndpointsAndAuth(endpoints: readonly PlatformProxyEndpoint[] | undefined, auth: readonly PlatformProxyEndpointAuth[] | undefined): void;
|
|
239
181
|
/**
|
|
240
182
|
* Cross-check `submission.secretEnv` declarations against `secrets.envSecrets`
|
|
241
|
-
* values
|
|
183
|
+
* values:
|
|
242
184
|
*
|
|
243
185
|
* - `{ ephemeral: true }` MUST have a matching `secrets.envSecrets` value.
|
|
244
186
|
* - `{ ref }` MUST NOT supply a value (the value lives in the workspace store).
|
|
@@ -247,15 +189,6 @@ export declare function crossValidateProxyEndpointsAndAuth(endpoints: readonly P
|
|
|
247
189
|
*/
|
|
248
190
|
export declare function crossValidateSecretEnvAndValues(secretEnv: Readonly<Record<string, PlatformSecretEnvEntry>> | undefined, envSecrets: Readonly<Record<string, string>> | undefined): void;
|
|
249
191
|
export declare function parseInlineSecrets(input: unknown): PlatformInlineSecrets;
|
|
250
|
-
/**
|
|
251
|
-
* The proxy body-redactor refuses to mask any derived target string shorter
|
|
252
|
-
* than this many bytes — masking a 1-byte literal would corrupt the response
|
|
253
|
-
* body. This is the floor for the *derived* redaction targets (e.g.
|
|
254
|
-
* `Bearer <token>`, base64 fragments), used by
|
|
255
|
-
* the hosted proxy redactor, which imports this constant so the two sides can
|
|
256
|
-
* never silently diverge.
|
|
257
|
-
*/
|
|
258
|
-
export declare const MIN_REDACTION_TARGET_BYTES = 4;
|
|
259
192
|
export declare function assertNoSecretBearingFields(input: unknown, path: readonly string[]): void;
|
|
260
193
|
export declare function requireRecord(input: unknown, field: string): Record<string, unknown>;
|
|
261
194
|
export declare function requireString(input: unknown, field: string): string;
|
|
@@ -389,7 +322,6 @@ export interface PlatformRunSubmissionRequest {
|
|
|
389
322
|
readonly provider: RunProvider;
|
|
390
323
|
readonly submission: PlatformSubmission;
|
|
391
324
|
readonly secrets: PlatformInlineSecrets;
|
|
392
|
-
readonly proxyEndpoints?: readonly PlatformProxyEndpoint[];
|
|
393
325
|
/**
|
|
394
326
|
* Managed runtime size. One of the closed {@link RuntimeSize} preset tokens
|
|
395
327
|
* or absent (downstream applies the default).
|
|
@@ -402,33 +334,31 @@ export interface PlatformRunSubmissionRequest {
|
|
|
402
334
|
* terminal wait window and self-kill deadline.
|
|
403
335
|
*/
|
|
404
336
|
readonly timeoutMs?: number;
|
|
405
|
-
/**
|
|
406
|
-
* Lineage parent (agent-session §9). When present the server admits this
|
|
407
|
-
* run as a CHILD of `parentRunId`: it walks the parent's lineage, enforces
|
|
408
|
-
* the max-subagent-depth + per-root concurrency caps, and persists
|
|
409
|
-
* `parent_run_id` + a server-derived `depth`. The client may name a parent
|
|
410
|
-
* but NEVER the depth — depth is computed server-side from the parent row,
|
|
411
|
-
* so a forged value cannot bypass the cap.
|
|
412
|
-
*/
|
|
413
|
-
readonly parentRunId?: string;
|
|
414
337
|
/**
|
|
415
338
|
* Optional per-run callback URL. The platform delivers exactly the terminal
|
|
416
339
|
* `run.finished` event to this URL at the settle-consistent barrier, signed
|
|
417
|
-
* Standard-Webhooks style. It is a sibling of {@link idempotencyKey}
|
|
418
|
-
*
|
|
419
|
-
*
|
|
420
|
-
*
|
|
340
|
+
* Standard-Webhooks style. It is a sibling of {@link idempotencyKey} — an
|
|
341
|
+
* operational/delivery concern, NOT part of the hashed submission brief, so
|
|
342
|
+
* the same idempotency key with a different callback URL never 409s and the
|
|
343
|
+
* field never enters `request_hash`.
|
|
421
344
|
*/
|
|
422
345
|
readonly webhook?: RunWebhookSpec;
|
|
423
346
|
/**
|
|
424
347
|
* Optional per-run override of the lineage limits (max concurrent child runs,
|
|
425
|
-
* max subagent depth
|
|
426
|
-
*
|
|
427
|
-
*
|
|
428
|
-
*
|
|
348
|
+
* max subagent depth, per-run spend cap). These are dials the client may
|
|
349
|
+
* *request*; the server resolves them against the per-workspace ceiling and
|
|
350
|
+
* the hard platform ceiling (clamping happens in the resolver, NOT this
|
|
351
|
+
* parser). Absent fields fall back to the platform defaults. Only shape +
|
|
429
352
|
* positivity are validated here.
|
|
430
353
|
*/
|
|
431
354
|
readonly limits?: RunLimits;
|
|
355
|
+
/**
|
|
356
|
+
* Optional capacity intent for the run's managed machine. `spot: true` opts
|
|
357
|
+
* the run into interruptible capacity; absent / `spot: false` requests
|
|
358
|
+
* standard capacity (the default). Intent only — the managed runtime selects
|
|
359
|
+
* capacity from it.
|
|
360
|
+
*/
|
|
361
|
+
readonly machine?: RunMachine;
|
|
432
362
|
}
|
|
433
363
|
/** Per-run webhook callback. v1: terminal-only; the URL must be https. */
|
|
434
364
|
export interface RunWebhookSpec {
|
|
@@ -444,15 +374,26 @@ export interface RunLimits {
|
|
|
444
374
|
readonly maxConcurrentChildRuns?: number;
|
|
445
375
|
readonly maxSubagentDepth?: number;
|
|
446
376
|
/**
|
|
447
|
-
* Per-run spend cap in USD (defense-in-depth). The platform
|
|
448
|
-
*
|
|
449
|
-
*
|
|
450
|
-
*
|
|
451
|
-
*
|
|
452
|
-
*
|
|
377
|
+
* Per-run spend cap in USD (defense-in-depth). The platform kills the run once
|
|
378
|
+
* it would out-spend the cap. A positive number; omitted ⇒ unbounded per-run
|
|
379
|
+
* (only the run's wall-clock `timeout` + the per-workspace spend cap apply).
|
|
380
|
+
* Only shape/positivity are validated here.
|
|
381
|
+
*
|
|
382
|
+
* The frozen boot session config the managed runtime folds the loop against
|
|
383
|
+
* names this same USD value `budgetUsd`; {@link sessionBudgetLimits} is the
|
|
384
|
+
* single source of truth for that wire→boot name mapping.
|
|
453
385
|
*/
|
|
454
386
|
readonly maxSpendUsd?: number;
|
|
455
387
|
}
|
|
388
|
+
/**
|
|
389
|
+
* Per-run machine/capacity intent. v1 exposes only `spot`: opt the run into
|
|
390
|
+
* interruptible capacity (`spot: true`) vs standard capacity (absent /
|
|
391
|
+
* `spot: false`, the default). Only the boolean intent is public — capacity
|
|
392
|
+
* selection is a runtime concern.
|
|
393
|
+
*/
|
|
394
|
+
export interface RunMachine {
|
|
395
|
+
readonly spot?: boolean;
|
|
396
|
+
}
|
|
456
397
|
/**
|
|
457
398
|
* Wire shape posted by the SDK and CLI. `workspaceId` is **omitted by
|
|
458
399
|
* design** — token-authenticated clients never name the workspace
|
|
@@ -500,6 +441,32 @@ export declare function parseRunWebhook(input: unknown): RunWebhookSpec | undefi
|
|
|
500
441
|
* collapses to `undefined` so it carries no signal onto the request.
|
|
501
442
|
*/
|
|
502
443
|
export declare function parseRunLimits(input: unknown): RunLimits | undefined;
|
|
444
|
+
/**
|
|
445
|
+
* Boot-session budget fragment. The public submit surface names a run's spend
|
|
446
|
+
* cap `limits.maxSpendUsd`; the frozen boot session config the managed runtime
|
|
447
|
+
* folds the loop against names the SAME USD value `budgetUsd` — the field the
|
|
448
|
+
* session planner reads to enforce/terminate a run that would out-spend its cap.
|
|
449
|
+
* This is the single source of truth for that wire→boot name mapping so the two
|
|
450
|
+
* layers can never drift.
|
|
451
|
+
*
|
|
452
|
+
* Returns a fragment safe to spread into `sessionConfig.limits`: `{ budgetUsd }`
|
|
453
|
+
* when a cap is set, `{}` when none is (an absent cap stays absent — the run is
|
|
454
|
+
* unbounded per-run, subject only to the run timeout + the per-workspace cap).
|
|
455
|
+
* Pure: same input ⇒ same output.
|
|
456
|
+
*/
|
|
457
|
+
export declare function sessionBudgetLimits(limits: RunLimits | undefined): {
|
|
458
|
+
budgetUsd?: number;
|
|
459
|
+
};
|
|
460
|
+
/**
|
|
461
|
+
* Parse the optional per-run `machine` capacity intent. Mirrors
|
|
462
|
+
* {@link parseRunWebhook}: absent ⇒ `undefined`; a non-object or any unknown
|
|
463
|
+
* subfield is rejected so the strict top-level allow-list extends to the nested
|
|
464
|
+
* object. `spot` must be a boolean when present. A no-signal object (e.g.
|
|
465
|
+
* `machine: {}`) collapses to `undefined` so it never lands an empty object on
|
|
466
|
+
* the request. An explicit `spot` (true or false) is preserved verbatim. Only
|
|
467
|
+
* shape is validated here — capacity selection is a runtime concern.
|
|
468
|
+
*/
|
|
469
|
+
export declare function parseRunMachine(input: unknown): RunMachine | undefined;
|
|
503
470
|
export declare function parseRunProvider(input: unknown): RunProvider;
|
|
504
471
|
/**
|
|
505
472
|
* Cross-check the supplied secrets bundle against the credential mode. BYOK
|