@aexhq/sdk 0.35.0 → 0.37.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -16
- package/dist/_contracts/event-envelope.d.ts +22 -1
- package/dist/_contracts/event-envelope.js +26 -2
- package/dist/_contracts/event-stream-client.js +7 -1
- package/dist/_contracts/index.d.ts +3 -4
- package/dist/_contracts/index.js +1 -4
- package/dist/_contracts/operations.d.ts +31 -1
- package/dist/_contracts/operations.js +64 -1
- package/dist/_contracts/run-config.d.ts +2 -4
- package/dist/_contracts/run-config.js +2 -7
- package/dist/_contracts/run-trace.d.ts +0 -86
- package/dist/_contracts/run-trace.js +1 -184
- package/dist/_contracts/run-unit.d.ts +14 -25
- package/dist/_contracts/run-unit.js +56 -2
- package/dist/_contracts/runtime-manifest.d.ts +1 -1
- package/dist/_contracts/runtime-security-profile.d.ts +0 -2
- package/dist/_contracts/runtime-security-profile.js +0 -9
- package/dist/_contracts/runtime-sizes.d.ts +2 -2
- package/dist/_contracts/runtime-sizes.js +5 -5
- package/dist/_contracts/runtime-types.d.ts +123 -4
- package/dist/_contracts/stable.d.ts +1 -1
- package/dist/_contracts/stable.js +1 -1
- package/dist/_contracts/submission.d.ts +8 -76
- package/dist/_contracts/submission.js +5 -472
- package/dist/cli.mjs +574 -511
- package/dist/cli.mjs.sha256 +1 -1
- package/dist/client.d.ts +69 -25
- package/dist/client.js +338 -68
- package/dist/client.js.map +1 -1
- package/dist/index.d.ts +8 -16
- package/dist/index.js +5 -17
- package/dist/index.js.map +1 -1
- package/dist/secret.d.ts +2 -2
- package/dist/secret.js +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/docs/authentication.md +92 -0
- package/docs/billing.md +112 -0
- package/docs/concepts/agent-tools.md +4 -4
- package/docs/concepts/composition.md +8 -14
- package/docs/concepts/providers-and-runtimes.md +4 -1
- package/docs/concepts/runs.md +2 -1
- package/docs/concepts/subagents.md +85 -0
- package/docs/credentials.md +78 -96
- package/docs/defaults.md +9 -15
- package/docs/errors.md +132 -0
- package/docs/events.md +44 -32
- package/docs/limits-and-quotas.md +30 -17
- package/docs/limits.md +4 -8
- package/docs/mcp.md +5 -6
- package/docs/networking.md +75 -59
- package/docs/outputs.md +4 -7
- package/docs/public-surface.json +4 -4
- package/docs/quickstart.md +12 -13
- package/docs/run-config.md +7 -4
- package/docs/secrets.md +6 -1
- package/docs/skills.md +3 -3
- package/docs/vision-skills.md +52 -101
- package/docs/webhooks.md +132 -0
- package/examples/feature-tour.ts +4 -21
- package/package.json +1 -1
- package/dist/_contracts/proxy-protocol.d.ts +0 -305
- package/dist/_contracts/proxy-protocol.js +0 -297
- package/dist/_contracts/proxy-validation.d.ts +0 -19
- package/dist/_contracts/proxy-validation.js +0 -51
- package/dist/data-tools.d.ts +0 -82
- package/dist/data-tools.js +0 -251
- package/dist/data-tools.js.map +0 -1
- package/dist/proxy-endpoint.d.ts +0 -131
- package/dist/proxy-endpoint.js +0 -144
- package/dist/proxy-endpoint.js.map +0 -1
- package/examples/chat-corpus.ts +0 -84
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
import { PROXY_ENDPOINT_DEFAULTS, type ProxyAuthShape, type ProxyMethod, type ProxyRetryPolicy, type ProxyResponseMode } from "./proxy-protocol.js";
|
|
2
|
-
export { PROXY_ENDPOINT_DEFAULTS };
|
|
3
1
|
import type { AgentsMdRef, FileRef, McpServerRef, SkillToolRef, ToolRef } from "./run-config.js";
|
|
4
2
|
import { type RuntimeSize } from "./runtime-sizes.js";
|
|
5
3
|
import { type RunModel } from "./models.js";
|
|
@@ -141,43 +139,18 @@ export interface PlatformMcpServerSecret {
|
|
|
141
139
|
readonly url: string;
|
|
142
140
|
readonly headers?: Record<string, string>;
|
|
143
141
|
}
|
|
144
|
-
/**
|
|
145
|
-
* Per-run auth value for a declared proxy endpoint. The `name` must
|
|
146
|
-
* match a `proxyEndpoints[i].name` in the same submission, and `value`'s
|
|
147
|
-
* shape must match that endpoint's `authShape.type`. The cross-validation
|
|
148
|
-
* lives in `parseRunSubmissionRequest`.
|
|
149
|
-
*/
|
|
150
|
-
export interface PlatformProxyEndpointAuth {
|
|
151
|
-
readonly name: string;
|
|
152
|
-
readonly value: PlatformProxyAuthValue;
|
|
153
|
-
}
|
|
154
|
-
export type PlatformProxyAuthValue = {
|
|
155
|
-
readonly type: "bearer";
|
|
156
|
-
readonly token: string;
|
|
157
|
-
} | {
|
|
158
|
-
readonly type: "basic";
|
|
159
|
-
readonly username: string;
|
|
160
|
-
readonly password: string;
|
|
161
|
-
} | {
|
|
162
|
-
readonly type: "header";
|
|
163
|
-
readonly value: string;
|
|
164
|
-
} | {
|
|
165
|
-
readonly type: "query";
|
|
166
|
-
readonly value: string;
|
|
167
|
-
};
|
|
168
142
|
/**
|
|
169
143
|
* Per-run inline secrets bundle. `apiKeys` holds the BYOK provider keys, keyed
|
|
170
144
|
* by {@link RunProvider}. A run REQUIRES a key for its own `provider`; it MAY
|
|
171
145
|
* carry keys for additional providers so a subagent spawned with a
|
|
172
146
|
* different-family model inherits them server-side from the vault (the keys
|
|
173
|
-
* never transit the container). `mcpServers`
|
|
174
|
-
*
|
|
175
|
-
*
|
|
147
|
+
* never transit the container). `mcpServers` credentials are cross-provider
|
|
148
|
+
* (an MCP credential is the same secret whichever model is driving the MCP
|
|
149
|
+
* client).
|
|
176
150
|
*/
|
|
177
151
|
export interface PlatformInlineSecrets {
|
|
178
152
|
readonly apiKeys?: Partial<Record<RunProvider, string>>;
|
|
179
153
|
readonly mcpServers?: readonly PlatformMcpServerSecret[];
|
|
180
|
-
readonly proxyEndpointAuth?: readonly PlatformProxyEndpointAuth[];
|
|
181
154
|
/**
|
|
182
155
|
* Per-run env-var secret VALUES, keyed by env name. Each entry pairs with a
|
|
183
156
|
* `submission.secretEnv[<envName>] = { ephemeral: true }` declaration. Lives
|
|
@@ -188,29 +161,6 @@ export interface PlatformInlineSecrets {
|
|
|
188
161
|
*/
|
|
189
162
|
readonly envSecrets?: Readonly<Record<string, string>>;
|
|
190
163
|
}
|
|
191
|
-
/**
|
|
192
|
-
* Per-run named HTTP proxy endpoint. The `authShape` describes how the
|
|
193
|
-
* upstream expects auth; the actual value is supplied separately via
|
|
194
|
-
* `secrets.proxyEndpointAuth`. The auth value never enters the
|
|
195
|
-
* container — the BFF proxy injects it on outbound calls.
|
|
196
|
-
*
|
|
197
|
-
* Caps and allow-lists below are intentionally pessimistic by default
|
|
198
|
-
* so a misconfigured endpoint can't accidentally permit a wide attack
|
|
199
|
-
* surface; raise per endpoint if needed.
|
|
200
|
-
*/
|
|
201
|
-
export interface PlatformProxyEndpoint {
|
|
202
|
-
readonly name: string;
|
|
203
|
-
readonly baseUrl: string;
|
|
204
|
-
readonly authShape: ProxyAuthShape;
|
|
205
|
-
readonly allowMethods: readonly ProxyMethod[];
|
|
206
|
-
readonly allowPathPrefixes: readonly string[];
|
|
207
|
-
readonly allowHeaders?: readonly string[];
|
|
208
|
-
readonly responseMode?: ProxyResponseMode;
|
|
209
|
-
readonly maxRequestBytes?: number;
|
|
210
|
-
readonly maxResponseBytes?: number;
|
|
211
|
-
readonly timeoutMs?: number;
|
|
212
|
-
readonly retry?: ProxyRetryPolicy;
|
|
213
|
-
}
|
|
214
164
|
export declare const SECRETS_KEY = "secrets";
|
|
215
165
|
/** POSIX-style env var name a `secretEnv` entry binds to (e.g. `SERPER_API_KEY`). */
|
|
216
166
|
export declare const SECRET_ENV_NAME_PATTERN: RegExp;
|
|
@@ -227,18 +177,10 @@ export type PlatformSecretEnvEntry = {
|
|
|
227
177
|
} | {
|
|
228
178
|
readonly ephemeral: true;
|
|
229
179
|
};
|
|
230
|
-
export declare const PROXY_ENDPOINT_NAME_PATTERN: RegExp;
|
|
231
|
-
export declare const RESERVED_PROXY_ENDPOINT_NAMES: Set<string>;
|
|
232
180
|
export declare const deniedSecretFields: Set<string>;
|
|
233
|
-
export declare function parseProxyRetryPolicy(input: unknown, field: string): ProxyRetryPolicy | undefined;
|
|
234
|
-
export declare function parseProxyAuthShape(input: unknown, field: string): ProxyAuthShape;
|
|
235
|
-
export declare function parseProxyMethods(input: unknown, field: string): readonly ProxyMethod[];
|
|
236
|
-
export declare function parseProxyPathPrefixes(input: unknown, field: string): readonly string[];
|
|
237
|
-
export declare function parseProxyAllowedHeaders(input: unknown, field: string, authShape: ProxyAuthShape): readonly string[] | undefined;
|
|
238
|
-
export declare function crossValidateProxyEndpointsAndAuth(endpoints: readonly PlatformProxyEndpoint[] | undefined, auth: readonly PlatformProxyEndpointAuth[] | undefined): void;
|
|
239
181
|
/**
|
|
240
182
|
* Cross-check `submission.secretEnv` declarations against `secrets.envSecrets`
|
|
241
|
-
* values
|
|
183
|
+
* values:
|
|
242
184
|
*
|
|
243
185
|
* - `{ ephemeral: true }` MUST have a matching `secrets.envSecrets` value.
|
|
244
186
|
* - `{ ref }` MUST NOT supply a value (the value lives in the workspace store).
|
|
@@ -247,15 +189,6 @@ export declare function crossValidateProxyEndpointsAndAuth(endpoints: readonly P
|
|
|
247
189
|
*/
|
|
248
190
|
export declare function crossValidateSecretEnvAndValues(secretEnv: Readonly<Record<string, PlatformSecretEnvEntry>> | undefined, envSecrets: Readonly<Record<string, string>> | undefined): void;
|
|
249
191
|
export declare function parseInlineSecrets(input: unknown): PlatformInlineSecrets;
|
|
250
|
-
/**
|
|
251
|
-
* The proxy body-redactor refuses to mask any derived target string shorter
|
|
252
|
-
* than this many bytes — masking a 1-byte literal would corrupt the response
|
|
253
|
-
* body. This is the floor for the *derived* redaction targets (e.g.
|
|
254
|
-
* `Bearer <token>`, base64 fragments), used by
|
|
255
|
-
* the hosted proxy redactor, which imports this constant so the two sides can
|
|
256
|
-
* never silently diverge.
|
|
257
|
-
*/
|
|
258
|
-
export declare const MIN_REDACTION_TARGET_BYTES = 4;
|
|
259
192
|
export declare function assertNoSecretBearingFields(input: unknown, path: readonly string[]): void;
|
|
260
193
|
export declare function requireRecord(input: unknown, field: string): Record<string, unknown>;
|
|
261
194
|
export declare function requireString(input: unknown, field: string): string;
|
|
@@ -389,7 +322,6 @@ export interface PlatformRunSubmissionRequest {
|
|
|
389
322
|
readonly provider: RunProvider;
|
|
390
323
|
readonly submission: PlatformSubmission;
|
|
391
324
|
readonly secrets: PlatformInlineSecrets;
|
|
392
|
-
readonly proxyEndpoints?: readonly PlatformProxyEndpoint[];
|
|
393
325
|
/**
|
|
394
326
|
* Managed runtime size. One of the closed {@link RuntimeSize} preset tokens
|
|
395
327
|
* or absent (downstream applies the default).
|
|
@@ -397,8 +329,8 @@ export interface PlatformRunSubmissionRequest {
|
|
|
397
329
|
readonly runtimeSize?: RuntimeSize;
|
|
398
330
|
/**
|
|
399
331
|
* Run deadline in milliseconds, normalised by the parser from the wire
|
|
400
|
-
* `timeout` duration string (bounded to [1m,
|
|
401
|
-
* {@link DEFAULT_RUN_TIMEOUT_MS} (
|
|
332
|
+
* `timeout` duration string (bounded to [1m, 8h]). Absent ⇒
|
|
333
|
+
* {@link DEFAULT_RUN_TIMEOUT_MS} (8h). Applies to the managed runner's
|
|
402
334
|
* terminal wait window and self-kill deadline.
|
|
403
335
|
*/
|
|
404
336
|
readonly timeoutMs?: number;
|
|
@@ -480,8 +412,8 @@ export type PlatformRunSubmissionInput = Omit<PlatformRunSubmissionRequest, "wor
|
|
|
480
412
|
readonly provider?: RunProvider;
|
|
481
413
|
/**
|
|
482
414
|
* Run deadline as a human duration string (`"1h"`, `"90m"`, `"30s"`).
|
|
483
|
-
* Parsed + bounded to [1m,
|
|
484
|
-
* {@link PlatformRunSubmissionRequest.timeoutMs}. Absent ⇒
|
|
415
|
+
* Parsed + bounded to [1m, 8h] server-side into
|
|
416
|
+
* {@link PlatformRunSubmissionRequest.timeoutMs}. Absent ⇒ 8h default.
|
|
485
417
|
*/
|
|
486
418
|
readonly timeout?: string;
|
|
487
419
|
};
|