@aexhq/sdk 0.35.0 → 0.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/README.md +16 -15
  2. package/dist/_contracts/index.d.ts +3 -4
  3. package/dist/_contracts/index.js +1 -4
  4. package/dist/_contracts/operations.d.ts +2 -1
  5. package/dist/_contracts/operations.js +10 -0
  6. package/dist/_contracts/run-config.d.ts +1 -3
  7. package/dist/_contracts/run-config.js +2 -7
  8. package/dist/_contracts/run-trace.d.ts +0 -86
  9. package/dist/_contracts/run-trace.js +1 -184
  10. package/dist/_contracts/run-unit.d.ts +2 -25
  11. package/dist/_contracts/run-unit.js +1 -2
  12. package/dist/_contracts/runtime-manifest.d.ts +1 -1
  13. package/dist/_contracts/runtime-security-profile.d.ts +0 -2
  14. package/dist/_contracts/runtime-security-profile.js +0 -9
  15. package/dist/_contracts/runtime-types.d.ts +25 -4
  16. package/dist/_contracts/stable.d.ts +1 -1
  17. package/dist/_contracts/stable.js +1 -1
  18. package/dist/_contracts/submission.d.ts +4 -72
  19. package/dist/_contracts/submission.js +5 -472
  20. package/dist/cli.mjs +20 -442
  21. package/dist/cli.mjs.sha256 +1 -1
  22. package/dist/client.d.ts +30 -25
  23. package/dist/client.js +251 -66
  24. package/dist/client.js.map +1 -1
  25. package/dist/index.d.ts +7 -15
  26. package/dist/index.js +5 -17
  27. package/dist/index.js.map +1 -1
  28. package/dist/secret.d.ts +2 -2
  29. package/dist/secret.js +1 -1
  30. package/dist/version.d.ts +1 -1
  31. package/dist/version.js +1 -1
  32. package/docs/concepts/composition.md +8 -14
  33. package/docs/credentials.md +59 -101
  34. package/docs/defaults.md +0 -8
  35. package/docs/events.md +8 -9
  36. package/docs/limits-and-quotas.md +1 -4
  37. package/docs/limits.md +2 -6
  38. package/docs/mcp.md +4 -5
  39. package/docs/networking.md +6 -16
  40. package/docs/outputs.md +0 -4
  41. package/docs/public-surface.json +3 -3
  42. package/docs/quickstart.md +3 -7
  43. package/docs/run-config.md +6 -3
  44. package/docs/secrets.md +1 -1
  45. package/docs/skills.md +3 -3
  46. package/docs/vision-skills.md +52 -101
  47. package/examples/feature-tour.ts +4 -21
  48. package/package.json +1 -1
  49. package/dist/_contracts/proxy-protocol.d.ts +0 -305
  50. package/dist/_contracts/proxy-protocol.js +0 -297
  51. package/dist/_contracts/proxy-validation.d.ts +0 -19
  52. package/dist/_contracts/proxy-validation.js +0 -51
  53. package/dist/data-tools.d.ts +0 -82
  54. package/dist/data-tools.js +0 -251
  55. package/dist/data-tools.js.map +0 -1
  56. package/dist/proxy-endpoint.d.ts +0 -131
  57. package/dist/proxy-endpoint.js +0 -144
  58. package/dist/proxy-endpoint.js.map +0 -1
  59. package/examples/chat-corpus.ts +0 -84
@@ -118,6 +118,27 @@ export interface SessionMessageAccepted {
118
118
  readonly turn: SessionTurn;
119
119
  readonly eventCursor?: number;
120
120
  }
121
+ export type SessionMessageSender = "user" | "assistant" | "system" | "tool";
122
+ export interface SessionMessage {
123
+ readonly id: string;
124
+ readonly sender: SessionMessageSender;
125
+ readonly text: string;
126
+ readonly timestamp?: string;
127
+ readonly turnSeq?: number;
128
+ readonly sequence?: number;
129
+ readonly messageId?: string;
130
+ readonly content?: unknown;
131
+ readonly [key: string]: unknown;
132
+ }
133
+ export interface SessionMessagesQuery {
134
+ readonly limit?: number;
135
+ readonly cursor?: string;
136
+ readonly since?: string;
137
+ }
138
+ export interface SessionMessagesPage {
139
+ readonly messages: readonly SessionMessage[];
140
+ readonly nextCursor?: string;
141
+ }
121
142
  export interface SessionStateChangeAccepted {
122
143
  readonly session: Session;
123
144
  readonly turn?: SessionTurn;
@@ -132,7 +153,7 @@ export interface UsageSummary {
132
153
  readonly totalTokens?: number;
133
154
  }
134
155
  /**
135
- * Filters for {@link import("./operations.js").listRuns} / `AgentExecutor.listRuns`.
156
+ * Filters for {@link import("./operations.js").listRuns} / `Aex.runs.list`.
136
157
  * Every field is optional; omitting all of them lists the most recent runs in the
137
158
  * token's workspace. Workspace identity is derived server-side from the API token,
138
159
  * so there is no `workspaceId` here — a token can only ever enumerate its own runs.
@@ -166,7 +187,7 @@ export interface RunListPage {
166
187
  readonly nextCursor?: string;
167
188
  }
168
189
  /**
169
- * Cross-run output search query (`AgentExecutor.searchOutputs`). Restrict to a
190
+ * Cross-run output search query (`Aex.outputs.search`). Restrict to a
170
191
  * corpus with `runIds`; filter by filename substring / extension / content type.
171
192
  * The MVP composes this client-side (per-run `listOutputs` + filter) — a future
172
193
  * server-side `GET /api/outputs/search` can back the same contract with a real
@@ -301,7 +322,7 @@ export interface OutputFileDownload {
301
322
  readonly output: Output;
302
323
  readonly bytes: Uint8Array;
303
324
  }
304
- /** Options for `AgentExecutor.readOutputText` / {@link import("./operations.js").readOutputText}. */
325
+ /** Options for `Aex.outputs.read` / {@link import("./operations.js").readOutputText}. */
305
326
  export interface ReadOutputTextOptions {
306
327
  /**
307
328
  * Stop reading after this many bytes. Defaults to 50_000; clamped server-side
@@ -317,7 +338,7 @@ export interface ReadOutputTextOptions {
317
338
  }
318
339
  /**
319
340
  * A byte-capped, decoded text read of one output file, as returned by
320
- * `AgentExecutor.readOutputText`. Built for feeding run deliverables to an LLM
341
+ * `Aex.outputs.read`. Built for feeding run deliverables to an LLM
321
342
  * without loading the whole (possibly very large) file into memory or context:
322
343
  * the read streams and stops at `maxBytes`, so `text` is at most that many bytes
323
344
  * decoded as UTF-8. Check {@link truncated} before treating `text` as complete.
@@ -1,6 +1,6 @@
1
1
  /**
2
2
  * Canonical hosted aex API plane URL. Used as the default `baseUrl`
3
- * for the SDK `AgentExecutor` and the host-side CLI `--aex-url`
3
+ * for the SDK `Aex` client and the host-side CLI `--aex-url`
4
4
  * flag.
5
5
  *
6
6
  * Pinned to `api.aex.dev` on purpose: the dashboard at
@@ -1,7 +1,7 @@
1
1
  import { createHash } from "node:crypto";
2
2
  /**
3
3
  * Canonical hosted aex API plane URL. Used as the default `baseUrl`
4
- * for the SDK `AgentExecutor` and the host-side CLI `--aex-url`
4
+ * for the SDK `Aex` client and the host-side CLI `--aex-url`
5
5
  * flag.
6
6
  *
7
7
  * Pinned to `api.aex.dev` on purpose: the dashboard at
@@ -1,5 +1,3 @@
1
- import { PROXY_ENDPOINT_DEFAULTS, type ProxyAuthShape, type ProxyMethod, type ProxyRetryPolicy, type ProxyResponseMode } from "./proxy-protocol.js";
2
- export { PROXY_ENDPOINT_DEFAULTS };
3
1
  import type { AgentsMdRef, FileRef, McpServerRef, SkillToolRef, ToolRef } from "./run-config.js";
4
2
  import { type RuntimeSize } from "./runtime-sizes.js";
5
3
  import { type RunModel } from "./models.js";
@@ -141,43 +139,18 @@ export interface PlatformMcpServerSecret {
141
139
  readonly url: string;
142
140
  readonly headers?: Record<string, string>;
143
141
  }
144
- /**
145
- * Per-run auth value for a declared proxy endpoint. The `name` must
146
- * match a `proxyEndpoints[i].name` in the same submission, and `value`'s
147
- * shape must match that endpoint's `authShape.type`. The cross-validation
148
- * lives in `parseRunSubmissionRequest`.
149
- */
150
- export interface PlatformProxyEndpointAuth {
151
- readonly name: string;
152
- readonly value: PlatformProxyAuthValue;
153
- }
154
- export type PlatformProxyAuthValue = {
155
- readonly type: "bearer";
156
- readonly token: string;
157
- } | {
158
- readonly type: "basic";
159
- readonly username: string;
160
- readonly password: string;
161
- } | {
162
- readonly type: "header";
163
- readonly value: string;
164
- } | {
165
- readonly type: "query";
166
- readonly value: string;
167
- };
168
142
  /**
169
143
  * Per-run inline secrets bundle. `apiKeys` holds the BYOK provider keys, keyed
170
144
  * by {@link RunProvider}. A run REQUIRES a key for its own `provider`; it MAY
171
145
  * carry keys for additional providers so a subagent spawned with a
172
146
  * different-family model inherits them server-side from the vault (the keys
173
- * never transit the container). `mcpServers` and `proxyEndpointAuth` are
174
- * cross-provider (an MCP credential is the same secret whichever model is
175
- * driving the MCP client).
147
+ * never transit the container). `mcpServers` credentials are cross-provider
148
+ * (an MCP credential is the same secret whichever model is driving the MCP
149
+ * client).
176
150
  */
177
151
  export interface PlatformInlineSecrets {
178
152
  readonly apiKeys?: Partial<Record<RunProvider, string>>;
179
153
  readonly mcpServers?: readonly PlatformMcpServerSecret[];
180
- readonly proxyEndpointAuth?: readonly PlatformProxyEndpointAuth[];
181
154
  /**
182
155
  * Per-run env-var secret VALUES, keyed by env name. Each entry pairs with a
183
156
  * `submission.secretEnv[<envName>] = { ephemeral: true }` declaration. Lives
@@ -188,29 +161,6 @@ export interface PlatformInlineSecrets {
188
161
  */
189
162
  readonly envSecrets?: Readonly<Record<string, string>>;
190
163
  }
191
- /**
192
- * Per-run named HTTP proxy endpoint. The `authShape` describes how the
193
- * upstream expects auth; the actual value is supplied separately via
194
- * `secrets.proxyEndpointAuth`. The auth value never enters the
195
- * container — the BFF proxy injects it on outbound calls.
196
- *
197
- * Caps and allow-lists below are intentionally pessimistic by default
198
- * so a misconfigured endpoint can't accidentally permit a wide attack
199
- * surface; raise per endpoint if needed.
200
- */
201
- export interface PlatformProxyEndpoint {
202
- readonly name: string;
203
- readonly baseUrl: string;
204
- readonly authShape: ProxyAuthShape;
205
- readonly allowMethods: readonly ProxyMethod[];
206
- readonly allowPathPrefixes: readonly string[];
207
- readonly allowHeaders?: readonly string[];
208
- readonly responseMode?: ProxyResponseMode;
209
- readonly maxRequestBytes?: number;
210
- readonly maxResponseBytes?: number;
211
- readonly timeoutMs?: number;
212
- readonly retry?: ProxyRetryPolicy;
213
- }
214
164
  export declare const SECRETS_KEY = "secrets";
215
165
  /** POSIX-style env var name a `secretEnv` entry binds to (e.g. `SERPER_API_KEY`). */
216
166
  export declare const SECRET_ENV_NAME_PATTERN: RegExp;
@@ -227,18 +177,10 @@ export type PlatformSecretEnvEntry = {
227
177
  } | {
228
178
  readonly ephemeral: true;
229
179
  };
230
- export declare const PROXY_ENDPOINT_NAME_PATTERN: RegExp;
231
- export declare const RESERVED_PROXY_ENDPOINT_NAMES: Set<string>;
232
180
  export declare const deniedSecretFields: Set<string>;
233
- export declare function parseProxyRetryPolicy(input: unknown, field: string): ProxyRetryPolicy | undefined;
234
- export declare function parseProxyAuthShape(input: unknown, field: string): ProxyAuthShape;
235
- export declare function parseProxyMethods(input: unknown, field: string): readonly ProxyMethod[];
236
- export declare function parseProxyPathPrefixes(input: unknown, field: string): readonly string[];
237
- export declare function parseProxyAllowedHeaders(input: unknown, field: string, authShape: ProxyAuthShape): readonly string[] | undefined;
238
- export declare function crossValidateProxyEndpointsAndAuth(endpoints: readonly PlatformProxyEndpoint[] | undefined, auth: readonly PlatformProxyEndpointAuth[] | undefined): void;
239
181
  /**
240
182
  * Cross-check `submission.secretEnv` declarations against `secrets.envSecrets`
241
- * values. Mirrors {@link crossValidateProxyEndpointsAndAuth}:
183
+ * values:
242
184
  *
243
185
  * - `{ ephemeral: true }` MUST have a matching `secrets.envSecrets` value.
244
186
  * - `{ ref }` MUST NOT supply a value (the value lives in the workspace store).
@@ -247,15 +189,6 @@ export declare function crossValidateProxyEndpointsAndAuth(endpoints: readonly P
247
189
  */
248
190
  export declare function crossValidateSecretEnvAndValues(secretEnv: Readonly<Record<string, PlatformSecretEnvEntry>> | undefined, envSecrets: Readonly<Record<string, string>> | undefined): void;
249
191
  export declare function parseInlineSecrets(input: unknown): PlatformInlineSecrets;
250
- /**
251
- * The proxy body-redactor refuses to mask any derived target string shorter
252
- * than this many bytes — masking a 1-byte literal would corrupt the response
253
- * body. This is the floor for the *derived* redaction targets (e.g.
254
- * `Bearer <token>`, base64 fragments), used by
255
- * the hosted proxy redactor, which imports this constant so the two sides can
256
- * never silently diverge.
257
- */
258
- export declare const MIN_REDACTION_TARGET_BYTES = 4;
259
192
  export declare function assertNoSecretBearingFields(input: unknown, path: readonly string[]): void;
260
193
  export declare function requireRecord(input: unknown, field: string): Record<string, unknown>;
261
194
  export declare function requireString(input: unknown, field: string): string;
@@ -389,7 +322,6 @@ export interface PlatformRunSubmissionRequest {
389
322
  readonly provider: RunProvider;
390
323
  readonly submission: PlatformSubmission;
391
324
  readonly secrets: PlatformInlineSecrets;
392
- readonly proxyEndpoints?: readonly PlatformProxyEndpoint[];
393
325
  /**
394
326
  * Managed runtime size. One of the closed {@link RuntimeSize} preset tokens
395
327
  * or absent (downstream applies the default).