@aexhq/sdk 0.35.0 → 0.37.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (72) hide show
  1. package/README.md +17 -16
  2. package/dist/_contracts/event-envelope.d.ts +22 -1
  3. package/dist/_contracts/event-envelope.js +26 -2
  4. package/dist/_contracts/event-stream-client.js +7 -1
  5. package/dist/_contracts/index.d.ts +3 -4
  6. package/dist/_contracts/index.js +1 -4
  7. package/dist/_contracts/operations.d.ts +31 -1
  8. package/dist/_contracts/operations.js +64 -1
  9. package/dist/_contracts/run-config.d.ts +2 -4
  10. package/dist/_contracts/run-config.js +2 -7
  11. package/dist/_contracts/run-trace.d.ts +0 -86
  12. package/dist/_contracts/run-trace.js +1 -184
  13. package/dist/_contracts/run-unit.d.ts +14 -25
  14. package/dist/_contracts/run-unit.js +56 -2
  15. package/dist/_contracts/runtime-manifest.d.ts +1 -1
  16. package/dist/_contracts/runtime-security-profile.d.ts +0 -2
  17. package/dist/_contracts/runtime-security-profile.js +0 -9
  18. package/dist/_contracts/runtime-sizes.d.ts +2 -2
  19. package/dist/_contracts/runtime-sizes.js +5 -5
  20. package/dist/_contracts/runtime-types.d.ts +123 -4
  21. package/dist/_contracts/stable.d.ts +1 -1
  22. package/dist/_contracts/stable.js +1 -1
  23. package/dist/_contracts/submission.d.ts +8 -76
  24. package/dist/_contracts/submission.js +5 -472
  25. package/dist/cli.mjs +574 -511
  26. package/dist/cli.mjs.sha256 +1 -1
  27. package/dist/client.d.ts +69 -25
  28. package/dist/client.js +338 -68
  29. package/dist/client.js.map +1 -1
  30. package/dist/index.d.ts +8 -16
  31. package/dist/index.js +5 -17
  32. package/dist/index.js.map +1 -1
  33. package/dist/secret.d.ts +2 -2
  34. package/dist/secret.js +1 -1
  35. package/dist/version.d.ts +1 -1
  36. package/dist/version.js +1 -1
  37. package/docs/authentication.md +92 -0
  38. package/docs/billing.md +112 -0
  39. package/docs/concepts/agent-tools.md +4 -4
  40. package/docs/concepts/composition.md +8 -14
  41. package/docs/concepts/providers-and-runtimes.md +4 -1
  42. package/docs/concepts/runs.md +2 -1
  43. package/docs/concepts/subagents.md +85 -0
  44. package/docs/credentials.md +78 -96
  45. package/docs/defaults.md +9 -15
  46. package/docs/errors.md +132 -0
  47. package/docs/events.md +44 -32
  48. package/docs/limits-and-quotas.md +30 -17
  49. package/docs/limits.md +4 -8
  50. package/docs/mcp.md +5 -6
  51. package/docs/networking.md +75 -59
  52. package/docs/outputs.md +4 -7
  53. package/docs/public-surface.json +4 -4
  54. package/docs/quickstart.md +12 -13
  55. package/docs/run-config.md +7 -4
  56. package/docs/secrets.md +6 -1
  57. package/docs/skills.md +3 -3
  58. package/docs/vision-skills.md +52 -101
  59. package/docs/webhooks.md +132 -0
  60. package/examples/feature-tour.ts +4 -21
  61. package/package.json +1 -1
  62. package/dist/_contracts/proxy-protocol.d.ts +0 -305
  63. package/dist/_contracts/proxy-protocol.js +0 -297
  64. package/dist/_contracts/proxy-validation.d.ts +0 -19
  65. package/dist/_contracts/proxy-validation.js +0 -51
  66. package/dist/data-tools.d.ts +0 -82
  67. package/dist/data-tools.js +0 -251
  68. package/dist/data-tools.js.map +0 -1
  69. package/dist/proxy-endpoint.d.ts +0 -131
  70. package/dist/proxy-endpoint.js +0 -144
  71. package/dist/proxy-endpoint.js.map +0 -1
  72. package/examples/chat-corpus.ts +0 -84
package/README.md CHANGED
@@ -8,15 +8,15 @@ aex is an agent execution platform for launching autonomous agents from a simple
8
8
 
9
9
  The package ships:
10
10
 
11
- - `Aex` / `AgentExecutor` for sessions, one-shot runs, inspect, download, cancel, and delete.
11
+ - `Aex` for sessions, one-shot runs, inspect, download, cancel, and delete.
12
12
  - `sessions` / `openSession()` for durable, resumable agent sessions.
13
- - Typed run primitives: `Models`, `Providers`, `Sizes`, `Tool` / `Tools` (skill-tools), `AgentsMd`, `File`, `McpServer`, `ProxyEndpoint`, and `Secret`.
13
+ - Typed run primitives: `Models`, `Providers`, `Sizes`, `Tool` / `Tools` (skill-tools), `AgentsMd`, `File`, `McpServer`, and `Secret`.
14
14
  - A bundled `aex` CLI with the same run, status, events, outputs, download, cancel, delete, and whoami operations.
15
15
 
16
16
  ## Install
17
17
 
18
18
  ```bash
19
- bun add @aexhq/sdk
19
+ npm i @aexhq/sdk
20
20
  ```
21
21
 
22
22
  This installs the TypeScript SDK exports and the bundled `aex` CLI. Set both
@@ -119,33 +119,34 @@ you can `catch` by code; CLI failures print a JSON envelope carrying the HTTP
119
119
  `status`, a one-line `remedy`, and the `runId` where known, and a wrong `--model`,
120
120
  `--provider`, or `--runtime-size` gets a "did you mean?" suggestion.
121
121
 
122
- ## Chat over a corpus of sessions
122
+ ## Continue with sessions
123
123
 
124
- Turn a selected set of sessions into a read-only chat.
125
- `createCorpusTools(client, { sessionIds })` returns vendor-neutral, corpus-scoped
126
- read tools (`list_sessions` / `get_session` / `list_outputs` / `read_output` /
127
- `search_outputs`) — every tool refuses a session outside the corpus. Drive them
128
- with any LLM; `examples/chat-corpus.ts` shows the direct-Claude loop
129
- (`@anthropic-ai/sdk`) on top of the LLM-vendor-free SDK.
124
+ Use sessions for conversational flows. `run()` is the one-shot convenience; a
125
+ `SessionHandle` is the lower-level surface when you want multiple turns,
126
+ streaming, messages, events, outputs, or downloads.
130
127
 
131
- `aex.sessions.searchOutputs({ runIds, filename, extension, contentType, limit })`
132
- finds output files across sessions (scope with the `runIds` session-id allow-list)
133
- and returns references (no bytes) you then read with `aex.sessions.outputs(id).read(...)`.
128
+ ```ts
129
+ const session = await aex.openSession(result.runId);
130
+ const next = await session.send("Turn this into a checklist.").done();
131
+ console.log(next.text);
132
+
133
+ const messages = await session.messages().list();
134
+ const outputs = await aex.sessions.outputs(session.id).list();
135
+ ```
134
136
 
135
137
  ## Feature Areas
136
138
 
137
139
  - **Agent runtime:** managed autonomous runs with filesystem read/edit, grep/glob/head/tail, open web fetch/search, background commands, code execution, git, and subagents.
138
140
  - **Durable infrastructure:** run records, status, wait/cancel/delete, idempotency, typed events, output capture, downloads, timeouts, and runtime sizes.
139
- - **Agent composition:** skills, files, AGENTS.md, remote MCP servers, proxy endpoints, environment variables, packages, and networking controls.
141
+ - **Agent composition:** skills, files, AGENTS.md, remote MCP servers, environment variables, packages, and networking controls.
140
142
  - **Subagents:** typed parent/child lineage for async child runs, output handoff, and bounded agent delegation.
141
143
  - **Models and providers:** Anthropic, DeepSeek, OpenAI, Gemini, Mistral, OpenRouter, Doubao, and Doubao China behind one submission shape.
142
- - **Typed control surface:** strongly typed SDK inputs, CLI parity, BYOK secrets, scoped proxy auth, redaction, and output modes.
144
+ - **Typed control surface:** strongly typed SDK inputs, CLI parity, BYOK provider keys, workspace secrets, redaction, and output modes.
143
145
 
144
146
  ## Docs
145
147
 
146
148
  - [Quickstart](docs/quickstart.md)
147
149
  - [Run configuration](docs/run-config.md)
148
- - [Agent tools](docs/concepts/agent-tools.md)
149
150
  - [Composition](docs/concepts/composition.md)
150
151
  - [Secrets](docs/secrets.md)
151
152
  - [Limits](docs/limits.md)
@@ -195,6 +195,21 @@ export declare function isRunFinished(e: AexEvent): boolean;
195
195
  export declare function isRunError(e: AexEvent): boolean;
196
196
  /** A terminal event of either flavour (finished or error). */
197
197
  export declare function isRunTerminal(e: AexEvent): boolean;
198
+ /**
199
+ * The CUSTOM `data.name`s the MANAGED runtime emits as a run/turn's terminal.
200
+ * A managed one-shot run PARKS (session_parked.v1 → `aex.session.idle` / `.error`
201
+ * / `.suspended`) rather than writing a `session_finished` → RUN_FINISHED, so
202
+ * these — not just the AG-UI RUN_FINISHED/RUN_ERROR — are what actually ends a
203
+ * managed run's event stream. Kept in sync with the platform journal projection
204
+ * (`journal-project.ts` session_parked.v1 mapping).
205
+ */
206
+ export declare const AEX_SESSION_PARKED_NAMES: readonly ["aex.session.idle", "aex.session.error", "aex.session.suspended"];
207
+ /**
208
+ * True for a managed-runtime session-park terminal (idle/error/suspended). The
209
+ * turn's work is done and the record has reached its terminal status; a stream
210
+ * consumer should stop here exactly as it would on RUN_FINISHED/RUN_ERROR.
211
+ */
212
+ export declare function isSessionParked(e: AexEvent): boolean;
198
213
  export declare function isTextMessage(e: AexEvent): boolean;
199
214
  export declare function isToolCallStart(e: AexEvent): boolean;
200
215
  export declare function isToolCallResult(e: AexEvent): boolean;
@@ -213,7 +228,13 @@ export declare function customName(e: AexEvent): string | null;
213
228
  * platform mirrors this constant in `@aexhq/shared`.
214
229
  */
215
230
  export declare const AEX_RUN_SETTLED_NAME = "aex.run.settled";
216
- /** True for the settle-consistency barrier event (post-mirror, read-consistent). */
231
+ /**
232
+ * True for the settle-consistency barrier event (post-mirror, read-consistent).
233
+ * Also true for a managed-runtime session-park terminal: the managed plane does
234
+ * NOT broadcast the `aex.run.settled` barrier, and by the time a run parks its
235
+ * record has reached a terminal status — so a `settleConsistent` stream ends at
236
+ * the park instead of hanging forever waiting for a barrier that never arrives.
237
+ */
217
238
  export declare function isRunSettled(e: AexEvent): boolean;
218
239
  export declare function isFromSource(e: AexEvent, source: AexEventSource): boolean;
219
240
  /** The channel a record rides, defaulting an absent value to `"event"`. */
@@ -212,6 +212,24 @@ export function isRunError(e) {
212
212
  export function isRunTerminal(e) {
213
213
  return e.type === "RUN_FINISHED" || e.type === "RUN_ERROR";
214
214
  }
215
+ /**
216
+ * The CUSTOM `data.name`s the MANAGED runtime emits as a run/turn's terminal.
217
+ * A managed one-shot run PARKS (session_parked.v1 → `aex.session.idle` / `.error`
218
+ * / `.suspended`) rather than writing a `session_finished` → RUN_FINISHED, so
219
+ * these — not just the AG-UI RUN_FINISHED/RUN_ERROR — are what actually ends a
220
+ * managed run's event stream. Kept in sync with the platform journal projection
221
+ * (`journal-project.ts` session_parked.v1 mapping).
222
+ */
223
+ export const AEX_SESSION_PARKED_NAMES = ["aex.session.idle", "aex.session.error", "aex.session.suspended"];
224
+ /**
225
+ * True for a managed-runtime session-park terminal (idle/error/suspended). The
226
+ * turn's work is done and the record has reached its terminal status; a stream
227
+ * consumer should stop here exactly as it would on RUN_FINISHED/RUN_ERROR.
228
+ */
229
+ export function isSessionParked(e) {
230
+ const name = customName(e);
231
+ return name !== null && AEX_SESSION_PARKED_NAMES.includes(name);
232
+ }
215
233
  export function isTextMessage(e) {
216
234
  return e.type === "TEXT_MESSAGE_CONTENT";
217
235
  }
@@ -240,9 +258,15 @@ export function customName(e) {
240
258
  * platform mirrors this constant in `@aexhq/shared`.
241
259
  */
242
260
  export const AEX_RUN_SETTLED_NAME = "aex.run.settled";
243
- /** True for the settle-consistency barrier event (post-mirror, read-consistent). */
261
+ /**
262
+ * True for the settle-consistency barrier event (post-mirror, read-consistent).
263
+ * Also true for a managed-runtime session-park terminal: the managed plane does
264
+ * NOT broadcast the `aex.run.settled` barrier, and by the time a run parks its
265
+ * record has reached a terminal status — so a `settleConsistent` stream ends at
266
+ * the park instead of hanging forever waiting for a barrier that never arrives.
267
+ */
244
268
  export function isRunSettled(e) {
245
- return customName(e) === AEX_RUN_SETTLED_NAME;
269
+ return customName(e) === AEX_RUN_SETTLED_NAME || isSessionParked(e);
246
270
  }
247
271
  export function isFromSource(e, source) {
248
272
  return e.source === source;
@@ -24,7 +24,13 @@
24
24
  * The WebSocket is injectable so the SDK/CLI use the global `WebSocket`
25
25
  * (Bun and Node 22+ ship it; no dependency) and tests drive a fake.
26
26
  */
27
- const isTerminalType = (e) => e.type === "RUN_FINISHED" || e.type === "RUN_ERROR";
27
+ import { isSessionParked } from "./event-envelope.js";
28
+ // The default terminal predicate ends the stream on the AG-UI terminals AND on
29
+ // the managed runtime's CUSTOM session-park terminal (aex.session.idle/.error/
30
+ // .suspended). A managed one-shot run parks instead of emitting RUN_FINISHED, so
31
+ // WITHOUT the session-park arm a `streamEnvelopes()` over a finished managed run
32
+ // never sees a terminal and hangs on the idle watchdog forever.
33
+ const isTerminalType = (e) => e.type === "RUN_FINISHED" || e.type === "RUN_ERROR" || isSessionParked(e);
28
34
  /**
29
35
  * Keep-alive ping the client sends; the coordinator answers it with the matching
30
36
  * pong in its WebSocket message handler. Must stay byte-identical to
@@ -1,15 +1,15 @@
1
- export * from "./proxy-protocol.js";
2
1
  export * from "./provider-support.js";
3
2
  export * from "./models.js";
4
3
  export * from "./status.js";
5
- export * from "./submission.js";
4
+ export { AEX_RESERVED_ENV_PREFIX, BUILTIN_TOOL_NAMES, BuiltinTools, DEFAULT_BUILTIN_TOOLS, DEFAULT_OUTPUT_MODE, DEFAULT_RUN_PROVIDER, ENV_VARS_MAX_ENTRIES, ENV_VARS_MAX_TOTAL_BYTES, ENV_VARS_MAX_VALUE_BYTES, OUTPUT_MODES, PLATFORM_PACKAGE_ECOSYSTEMS, Providers, RUN_PROVIDERS, SECRETS_KEY, SECRET_ENV_NAME_PATTERN, SECRET_HANDLE_PATTERN, crossValidateSecretEnvAndValues, packageInstallString, parseInlineSecrets, parseRunLimits, parseRunProvider, parseRunSubmissionRequest, parseRunWebhook, parseSubmission, resolveBuiltinToolNames } from "./submission.js";
5
+ export type { BuiltinToolName, JsonPrimitive, JsonValue, OutputMode, ParseRunSubmissionOptions, PlatformEnvironment, PlatformEnvironmentInput, PlatformInlineSecrets, PlatformInjectionConfig, PlatformMcpServerSecret, PlatformNetworking, PlatformOutputCaptureConfig, PlatformPackage, PlatformPackageEcosystem, PlatformPackageInput, PlatformRunSubmissionInput, PlatformRunSubmissionRequest, PlatformSecretEnvEntry, PlatformSubmission, RunLimits, RunMachine, RunProvider, RunWebhookSpec } from "./submission.js";
6
6
  export * from "./runtime-sizes.js";
7
7
  export * from "./runner-event.js";
8
8
  export * from "./event-envelope.js";
9
9
  export * from "./connection-ticket.js";
10
10
  export * from "./event-stream-client.js";
11
11
  export * from "./run-unit.js";
12
- export * from "./run-trace.js";
12
+ export type { AssistantTextEntry, RunTrace, ToolCallResult, ToolCallTrace } from "./run-trace.js";
13
13
  export * from "./runtime-manifest.js";
14
14
  export * from "./runtime-security-profile.js";
15
15
  export * from "./run-record.js";
@@ -26,7 +26,6 @@ export * from "./webhook-verify.js";
26
26
  export * from "./http.js";
27
27
  export * from "./run-artifacts.js";
28
28
  export * as operations from "./operations.js";
29
- export * from "./proxy-validation.js";
30
29
  export * from "./sse.js";
31
30
  export { isRunFinished, isTextMessage, isToolCallResult, isToolCallStart } from "./event-guards.js";
32
31
  export type { RunFinishedRunEvent, TextMessageRunEvent, ToolCallResultRunEvent, ToolCallStartRunEvent } from "./event-guards.js";
@@ -1,15 +1,13 @@
1
- export * from "./proxy-protocol.js";
2
1
  export * from "./provider-support.js";
3
2
  export * from "./models.js";
4
3
  export * from "./status.js";
5
- export * from "./submission.js";
4
+ export { AEX_RESERVED_ENV_PREFIX, BUILTIN_TOOL_NAMES, BuiltinTools, DEFAULT_BUILTIN_TOOLS, DEFAULT_OUTPUT_MODE, DEFAULT_RUN_PROVIDER, ENV_VARS_MAX_ENTRIES, ENV_VARS_MAX_TOTAL_BYTES, ENV_VARS_MAX_VALUE_BYTES, OUTPUT_MODES, PLATFORM_PACKAGE_ECOSYSTEMS, Providers, RUN_PROVIDERS, SECRETS_KEY, SECRET_ENV_NAME_PATTERN, SECRET_HANDLE_PATTERN, crossValidateSecretEnvAndValues, packageInstallString, parseInlineSecrets, parseRunLimits, parseRunProvider, parseRunSubmissionRequest, parseRunWebhook, parseSubmission, resolveBuiltinToolNames } from "./submission.js";
6
5
  export * from "./runtime-sizes.js";
7
6
  export * from "./runner-event.js";
8
7
  export * from "./event-envelope.js";
9
8
  export * from "./connection-ticket.js";
10
9
  export * from "./event-stream-client.js";
11
10
  export * from "./run-unit.js";
12
- export * from "./run-trace.js";
13
11
  export * from "./runtime-manifest.js";
14
12
  export * from "./runtime-security-profile.js";
15
13
  export * from "./run-record.js";
@@ -26,7 +24,6 @@ export * from "./webhook-verify.js";
26
24
  export * from "./http.js";
27
25
  export * from "./run-artifacts.js";
28
26
  export * as operations from "./operations.js";
29
- export * from "./proxy-validation.js";
30
27
  export * from "./sse.js";
31
28
  // Explicit re-export (shadows the same-named `AexEvent` guards from
32
29
  // `event-envelope.js`): the public `is*` guards narrow the loose `RunEvent`
@@ -1,6 +1,6 @@
1
1
  import type { HttpClient } from "./http.js";
2
2
  import type { RunUnit } from "./run-unit.js";
3
- import type { AgentsMdRecord, FileRecord, Output, OutputLink, OutputLinkOptions, OutputFileDownload, OutputFileSelector, OutputFileType, OutputQuery, OutputText, ReadOutputTextOptions, Run, RunEvent, RunListPage, RunListQuery, Session, SessionCreateRequest, SessionEvent, SessionListPage, SessionListQuery, SessionMessageAccepted, SessionMessageRequest, SessionStateChangeAccepted, RunWebhookDelivery, SecretRecord, SecretReveal, WhoAmI } from "./runtime-types.js";
3
+ import type { AgentsMdRecord, BillingCheckoutRequest, BillingHostedSession, BillingLedgerPage, BillingLedgerQuery, BillingPortalRequest, BillingSummary, FileRecord, Output, OutputLink, OutputLinkOptions, OutputFileDownload, OutputFileSelector, OutputFileType, OutputQuery, OutputText, ReadOutputTextOptions, Run, RunEvent, RunListPage, RunListQuery, Session, SessionCreateRequest, SessionEvent, SessionListPage, SessionListQuery, SessionMessageAccepted, SessionMessageRequest, SessionMessagesPage, SessionMessagesQuery, SessionStateChangeAccepted, RunWebhookDelivery, SecretRecord, SecretReveal, WebhookSigningSecret, WhoAmI } from "./runtime-types.js";
4
4
  import type { PlatformRunSubmissionInput } from "./submission.js";
5
5
  /**
6
6
  * The single source of truth for SDK<->BFF transport. The SDK class
@@ -43,6 +43,7 @@ export declare function createSession(http: HttpClient, request: SessionCreateRe
43
43
  export declare function getSession(http: HttpClient, sessionId: string): Promise<Session>;
44
44
  export declare function listSessions(http: HttpClient, query?: SessionListQuery): Promise<SessionListPage>;
45
45
  export declare function sendSessionMessage(http: HttpClient, sessionId: string, request: SessionMessageRequest, options?: IdempotencyOptions): Promise<SessionMessageAccepted>;
46
+ export declare function listSessionMessages(http: HttpClient, sessionId: string, query?: SessionMessagesQuery): Promise<SessionMessagesPage>;
46
47
  export declare function suspendSession(http: HttpClient, sessionId: string, options?: IdempotencyOptions): Promise<SessionStateChangeAccepted>;
47
48
  export declare function cancelSession(http: HttpClient, sessionId: string, options?: IdempotencyOptions): Promise<SessionStateChangeAccepted>;
48
49
  export declare function resumeSession(http: HttpClient, sessionId: string, options?: IdempotencyOptions): Promise<SessionStateChangeAccepted>;
@@ -115,6 +116,35 @@ export declare function redeliverRunWebhook(http: HttpClient, runId: string, del
115
116
  */
116
117
  export declare function deleteWorkspaceAsset(http: HttpClient, hash: string): Promise<void>;
117
118
  export declare function whoami(http: HttpClient): Promise<WhoAmI>;
119
+ /**
120
+ * Read the workspace billing summary (`GET /api/billing`, scope `billing:read`):
121
+ * prepaid balance, current-month spend, spend cap, and plan fields. The result
122
+ * is additive-tolerant — server fields this SDK does not know yet pass through.
123
+ */
124
+ export declare function getBilling(http: HttpClient): Promise<BillingSummary>;
125
+ /**
126
+ * Create a hosted checkout session for a paid plan. Returns only the hosted
127
+ * URL; plan activation happens after checkout completes.
128
+ */
129
+ export declare function createBillingCheckout(http: HttpClient, request: BillingCheckoutRequest): Promise<BillingHostedSession>;
130
+ /**
131
+ * Create a hosted billing-portal session for the workspace customer.
132
+ * Returns only the hosted URL.
133
+ */
134
+ export declare function createBillingPortal(http: HttpClient, request?: BillingPortalRequest): Promise<BillingHostedSession>;
135
+ /**
136
+ * Read recent workspace credit-ledger rows (`GET /api/billing/ledger`, scope
137
+ * `billing:read`), newest first. `limit` is clamped server-side to [1, 100]
138
+ * (default 25); the read is not cursor-paged.
139
+ */
140
+ export declare function getBillingLedger(http: HttpClient, query?: BillingLedgerQuery): Promise<BillingLedgerPage>;
141
+ /**
142
+ * Reveal the workspace webhook signing secret (`POST /api/webhook/signing-secret`),
143
+ * CREATING one on first use. Repeat calls return the same `whsec_<base64>` value —
144
+ * the hosted API does not rotate it. POST (not GET) so a reveal is a logged action.
145
+ * Pass the returned `whsec` to `verifyAexWebhook` as `secret`.
146
+ */
147
+ export declare function getWebhookSigningSecret(http: HttpClient): Promise<WebhookSigningSecret>;
118
148
  export declare function filterOutputs(outputs: readonly Output[], query: OutputQuery): readonly Output[];
119
149
  export declare function classifyOutput(output: Pick<Output, "filename" | "contentType">): OutputFileType;
120
150
  export declare function normalizeOutputLinkExpiresIn(input?: OutputLinkOptions["expiresIn"]): number;
@@ -1,4 +1,5 @@
1
1
  import { strToU8, zipSync } from "fflate";
2
+ import { normalizeRunUnit } from "./run-unit.js";
2
3
  import { RunStateError } from "./sdk-errors.js";
3
4
  import { assertRunRecordArchivePublicSafeV1, buildRunRecordDownloadManifestV1 } from "./run-record.js";
4
5
  /**
@@ -28,7 +29,11 @@ export async function getRun(http, runId) {
28
29
  * stays for callers that only need the loose record.
29
30
  */
30
31
  export async function getRunUnit(http, runId) {
31
- return http.request(`/api/runs/${encodeURIComponent(runId)}`);
32
+ // Normalize so the RunUnit type contract holds at runtime: the managed plane
33
+ // returns a lean record and omits the aggregate collections (F25). The
34
+ // aggregates default to empty (safe array/page access) — read outputs()/events()
35
+ // for the authoritative per-run data on that plane.
36
+ return normalizeRunUnit(await http.request(`/api/runs/${encodeURIComponent(runId)}`));
32
37
  }
33
38
  /**
34
39
  * List the runs in the token's workspace, most-recent first, one page at a time.
@@ -87,6 +92,16 @@ export async function sendSessionMessage(http, sessionId, request, options) {
87
92
  body: JSON.stringify(request)
88
93
  });
89
94
  }
95
+ export async function listSessionMessages(http, sessionId, query) {
96
+ const params = {};
97
+ if (query?.limit !== undefined)
98
+ params.limit = String(query.limit);
99
+ if (query?.cursor !== undefined)
100
+ params.cursor = query.cursor;
101
+ if (query?.since !== undefined)
102
+ params.since = query.since;
103
+ return http.request(`/api/sessions/${encodeURIComponent(sessionId)}/messages`, {}, params);
104
+ }
90
105
  export async function suspendSession(http, sessionId, options) {
91
106
  const headers = idempotencyHeaders(options);
92
107
  return http.request(`/api/sessions/${encodeURIComponent(sessionId)}/suspend`, { method: "POST", ...(headers ? { headers } : {}) });
@@ -373,6 +388,54 @@ export async function deleteWorkspaceAsset(http, hash) {
373
388
  export async function whoami(http) {
374
389
  return http.request("/api/whoami");
375
390
  }
391
+ /**
392
+ * Read the workspace billing summary (`GET /api/billing`, scope `billing:read`):
393
+ * prepaid balance, current-month spend, spend cap, and plan fields. The result
394
+ * is additive-tolerant — server fields this SDK does not know yet pass through.
395
+ */
396
+ export async function getBilling(http) {
397
+ return http.request("/api/billing");
398
+ }
399
+ /**
400
+ * Create a hosted checkout session for a paid plan. Returns only the hosted
401
+ * URL; plan activation happens after checkout completes.
402
+ */
403
+ export async function createBillingCheckout(http, request) {
404
+ return http.request("/api/billing/checkout", {
405
+ method: "POST",
406
+ body: JSON.stringify(request)
407
+ });
408
+ }
409
+ /**
410
+ * Create a hosted billing-portal session for the workspace customer.
411
+ * Returns only the hosted URL.
412
+ */
413
+ export async function createBillingPortal(http, request = {}) {
414
+ return http.request("/api/billing/portal", {
415
+ method: "POST",
416
+ body: JSON.stringify(request)
417
+ });
418
+ }
419
+ /**
420
+ * Read recent workspace credit-ledger rows (`GET /api/billing/ledger`, scope
421
+ * `billing:read`), newest first. `limit` is clamped server-side to [1, 100]
422
+ * (default 25); the read is not cursor-paged.
423
+ */
424
+ export async function getBillingLedger(http, query) {
425
+ const params = {};
426
+ if (query?.limit !== undefined)
427
+ params.limit = String(query.limit);
428
+ return http.request("/api/billing/ledger", {}, params);
429
+ }
430
+ /**
431
+ * Reveal the workspace webhook signing secret (`POST /api/webhook/signing-secret`),
432
+ * CREATING one on first use. Repeat calls return the same `whsec_<base64>` value —
433
+ * the hosted API does not rotate it. POST (not GET) so a reveal is a logged action.
434
+ * Pass the returned `whsec` to `verifyAexWebhook` as `secret`.
435
+ */
436
+ export async function getWebhookSigningSecret(http) {
437
+ return http.request("/api/webhook/signing-secret", { method: "POST" });
438
+ }
376
439
  /**
377
440
  * Download each artifact's bytes into a zip-file map keyed by
378
441
  * `<zipPrefix><relative-path>`, fetched from the `outputs`
@@ -30,7 +30,7 @@
30
30
  * Keep this as the public source of truth for the SDK/CLI composition
31
31
  * boundary.
32
32
  */
33
- import { type JsonValue, type PlatformProxyEndpoint, type PlatformEnvironment } from "./submission.js";
33
+ import { type JsonValue, type PlatformEnvironment } from "./submission.js";
34
34
  import { type RunModel } from "./models.js";
35
35
  import type { RuntimeSize } from "./runtime-sizes.js";
36
36
  /**
@@ -303,9 +303,8 @@ export interface RunRequestConfig {
303
303
  readonly environment?: PlatformEnvironment;
304
304
  /** Managed runtime size preset (see {@link RuntimeSize}). */
305
305
  readonly runtimeSize?: RuntimeSize;
306
- /** Run deadline as a duration string (`"1h"`, `"30m"`); bounded [1m, 6h] server-side. */
306
+ /** Run deadline as a duration string (`"1h"`, `"30m"`); bounded [1m, 8h] server-side. */
307
307
  readonly timeout?: string;
308
- readonly proxyEndpoints?: readonly PlatformProxyEndpoint[];
309
308
  readonly metadata?: Readonly<Record<string, JsonValue>>;
310
309
  }
311
310
  /**
@@ -331,7 +330,6 @@ export interface NormalisedRunRequestConfig {
331
330
  readonly prompt: readonly string[];
332
331
  readonly mcpServers: readonly McpServerRef[];
333
332
  readonly environment?: PlatformEnvironment;
334
- readonly proxyEndpoints?: readonly PlatformProxyEndpoint[];
335
333
  readonly metadata?: Readonly<Record<string, JsonValue>>;
336
334
  /**
337
335
  * MCP servers whose run-config entry carried `headers`. Keyed by the `name`
@@ -602,7 +602,6 @@ export function parseRunRequestConfig(input) {
602
602
  "environment",
603
603
  "runtimeSize",
604
604
  "timeout",
605
- "proxyEndpoints",
606
605
  "metadata"
607
606
  ]);
608
607
  for (const key of Object.keys(record)) {
@@ -622,8 +621,8 @@ export function parseRunRequestConfig(input) {
622
621
  ...(system !== undefined ? { system } : {}),
623
622
  prompt,
624
623
  ...(mcpServers !== undefined ? { mcpServers } : {}),
625
- // environment / proxyEndpoints / metadata: passed through
626
- // as-is — the BFF revalidates them via `parseRunSubmissionRequest`,
624
+ // environment / metadata: passed through as-is — the BFF revalidates
625
+ // them via `parseRunSubmissionRequest`,
627
626
  // so duplicating the heavyweight parsers here would mean two sources
628
627
  // of truth. The CLI surfaces structural errors at submission time.
629
628
  ...(record.environment !== undefined
@@ -635,9 +634,6 @@ export function parseRunRequestConfig(input) {
635
634
  ...(record.timeout !== undefined
636
635
  ? { timeout: record.timeout }
637
636
  : {}),
638
- ...(record.proxyEndpoints !== undefined
639
- ? { proxyEndpoints: record.proxyEndpoints }
640
- : {}),
641
637
  ...(record.metadata !== undefined
642
638
  ? { metadata: record.metadata }
643
639
  : {})
@@ -699,7 +695,6 @@ export function normaliseRunRequestConfig(config) {
699
695
  prompt,
700
696
  mcpServers,
701
697
  ...(config.environment !== undefined ? { environment: config.environment } : {}),
702
- ...(config.proxyEndpoints !== undefined ? { proxyEndpoints: config.proxyEndpoints } : {}),
703
698
  ...(config.metadata !== undefined ? { metadata: config.metadata } : {}),
704
699
  mcpServerSecrets
705
700
  };
@@ -1,114 +1,28 @@
1
- /**
2
- * Typed decoders for a `listEvents(runId)` stream.
3
- *
4
- * `listEvents` returns the loose {@link RunEvent} wire shape: `type` at the top
5
- * level, but the tool name at `data.name`, the call args at `data.arguments`,
6
- * assistant text at `data.text`, and — the awkward part — a `TOOL_CALL_RESULT`
7
- * carries no name, so a consumer must correlate each result back to its
8
- * `TOOL_CALL_START` by `data.id` (the tool-call id). Every consumer ended up
9
- * re-implementing that correlation; these helpers do it once, typed and pure.
10
- *
11
- * They are total and side-effect-free: pass the array `listEvents` returns and
12
- * get back structured traces. Unknown event types are ignored (forward-compat),
13
- * a result with no matching start surfaces as an orphan (never dropped silently),
14
- * and timing falls back gracefully when a `recordedAt` is absent.
15
- *
16
- * `summarizeRunUsage` remains tolerant of historical/internal `aex.usage`
17
- * CUSTOM records when a caller has them, but the normal public `listEvents`
18
- * stream is not the live usage-reporting surface. Settled provider/runtime
19
- * usage is exposed through the run's `costTelemetry`.
20
- */
21
1
  import type { UsageSummary } from "./runtime-types.js";
22
- /**
23
- * One decoded tool call: the `TOOL_CALL_START` and its correlated
24
- * `TOOL_CALL_RESULT` (when present), with timing. `result` is undefined while a
25
- * call is still in flight (the start has arrived but not the result), so a
26
- * mid-run decode shows in-progress calls honestly rather than dropping them.
27
- */
28
2
  export interface ToolCallTrace {
29
- /** The tool-call id (`data.id`) that pairs the start with its result. */
30
3
  readonly id: string;
31
- /** The tool name (from the `TOOL_CALL_START`). */
32
4
  readonly name: string;
33
- /** The call arguments (`data.arguments`), or `{}` when absent. */
34
5
  readonly args: Readonly<Record<string, unknown>>;
35
- /** The id of the assistant message that issued the call, when present. */
36
6
  readonly messageId?: string;
37
- /** Event sequence of the `TOOL_CALL_START` (ordering within the run). */
38
7
  readonly startSeq?: number;
39
- /** ISO-8601 time of the `TOOL_CALL_START`, when the event carried one. */
40
8
  readonly startedAt?: string;
41
- /** The correlated result; undefined while the call is still in flight. */
42
9
  readonly result?: ToolCallResult;
43
- /** Result wall-clock minus start wall-clock (ms); undefined if either time is missing. */
44
10
  readonly durationMs?: number;
45
11
  }
46
- /** The result half of a {@link ToolCallTrace}, decoded from `TOOL_CALL_RESULT`. */
47
12
  export interface ToolCallResult {
48
- /** True when the tool reported an error (`data.isError`). */
49
13
  readonly isError: boolean;
50
- /** The tool's result content, passed through verbatim (`data.content`). */
51
14
  readonly content: unknown;
52
- /** Event sequence of the `TOOL_CALL_RESULT`. */
53
15
  readonly seq?: number;
54
- /** ISO-8601 time of the `TOOL_CALL_RESULT`, when the event carried one. */
55
16
  readonly recordedAt?: string;
56
17
  }
57
- /** One assistant text block, decoded from a `TEXT_MESSAGE_CONTENT` event. */
58
18
  export interface AssistantTextEntry {
59
19
  readonly text: string;
60
20
  readonly messageId?: string;
61
21
  readonly seq?: number;
62
22
  readonly recordedAt?: string;
63
23
  }
64
- /**
65
- * A decoded view of a run's event stream: the correlated tool calls, the
66
- * aggregate token usage, and the assistant text — everything a consumer
67
- * previously hand-decoded from `listEvents`.
68
- */
69
24
  export interface RunTrace {
70
25
  readonly toolCalls: readonly ToolCallTrace[];
71
26
  readonly usage: UsageSummary;
72
27
  readonly text: readonly AssistantTextEntry[];
73
28
  }
74
- /** The loose event shape these decoders read — the {@link RunEvent} subset they touch. */
75
- interface TraceEvent {
76
- readonly type: string;
77
- readonly seq?: number;
78
- readonly recordedAt?: string;
79
- readonly data?: unknown;
80
- readonly [key: string]: unknown;
81
- }
82
- /**
83
- * Decode a `listEvents` stream into correlated tool-call traces, in start order.
84
- *
85
- * Each `TOOL_CALL_START` opens a trace keyed by `data.id`; the matching
86
- * `TOOL_CALL_RESULT` (same `data.id`) fills in `result` + `durationMs`. A result
87
- * whose id never had a start is surfaced as an orphan trace (empty `name`, no
88
- * `args`) rather than dropped, so a partial/mis-ordered stream never hides a
89
- * result. Pure — no I/O, input is not mutated.
90
- */
91
- export declare function decodeToolCalls(events: readonly TraceEvent[]): readonly ToolCallTrace[];
92
- /**
93
- * Sum any `aex.usage` CUSTOM events present in the supplied stream into one
94
- * {@link UsageSummary}. This is mainly for historical/internal event arrays;
95
- * current public reads expose settled provider usage through cost telemetry.
96
- * `totalTokens` is the sum of input + output tokens. Pure.
97
- */
98
- export declare function summarizeRunUsage(events: readonly TraceEvent[]): UsageSummary;
99
- /**
100
- * The run's final assistant text: every `TEXT_MESSAGE_CONTENT` block in stream
101
- * order, concatenated. The one-line "what did the agent say" accessor over
102
- * {@link decodeAssistantText} (buffered mode yields whole messages, stream mode
103
- * yields token deltas — both concatenate correctly). Pure.
104
- */
105
- export declare function textOf(events: readonly TraceEvent[]): string;
106
- /** Decode the assistant text blocks (`TEXT_MESSAGE_CONTENT`) in stream order. Pure. */
107
- export declare function decodeAssistantText(events: readonly TraceEvent[]): readonly AssistantTextEntry[];
108
- /**
109
- * Decode a whole `listEvents` stream in one pass: correlated tool calls,
110
- * aggregate {@link UsageSummary}, and assistant text. Convenience over the three
111
- * focused decoders; pure.
112
- */
113
- export declare function summarizeRunTrace(events: readonly TraceEvent[]): RunTrace;
114
- export {};