@aexhq/sdk 0.37.4 → 0.38.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -8
- package/dist/_contracts/http.d.ts +1 -1
- package/dist/_contracts/http.js +6 -6
- package/dist/_contracts/operations.d.ts +1 -1
- package/dist/_contracts/operations.js +1 -1
- package/dist/_contracts/run-retention.d.ts +1 -1
- package/dist/_contracts/runtime-types.d.ts +3 -3
- package/dist/_contracts/side-effect-audit.d.ts +4 -4
- package/dist/_contracts/side-effect-audit.js +6 -6
- package/dist/_contracts/submission.d.ts +1 -1
- package/dist/cli.mjs +52 -52
- package/dist/cli.mjs.sha256 +1 -1
- package/dist/client.d.ts +3 -5
- package/dist/client.js +3 -3
- package/dist/client.js.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/docs/authentication.md +7 -7
- package/docs/billing.md +3 -3
- package/docs/concepts/providers-and-runtimes.md +1 -1
- package/docs/concepts/runs.md +1 -1
- package/docs/credentials.md +7 -9
- package/docs/defaults.md +1 -1
- package/docs/events.md +5 -5
- package/docs/limits-and-quotas.md +2 -2
- package/docs/networking.md +1 -1
- package/docs/outputs.md +2 -2
- package/docs/public-surface.json +2 -2
- package/docs/quickstart.md +4 -4
- package/docs/retries.md +1 -1
- package/docs/run-config.md +1 -1
- package/docs/run-record.md +1 -1
- package/docs/secrets.md +4 -4
- package/docs/skills.md +1 -1
- package/docs/testing.md +1 -1
- package/docs/vision-skills.md +1 -1
- package/docs/webhooks.md +4 -4
- package/examples/feature-tour.ts +3 -3
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -20,11 +20,11 @@ npm i @aexhq/sdk
|
|
|
20
20
|
```
|
|
21
21
|
|
|
22
22
|
This installs the TypeScript SDK exports and the bundled `aex` CLI. Set both
|
|
23
|
-
credentials before running the examples: `
|
|
23
|
+
credentials before running the examples: `AEX_API_KEY` authenticates to aex,
|
|
24
24
|
and `ANTHROPIC_API_KEY` is your BYOK provider key for Claude.
|
|
25
25
|
|
|
26
26
|
```bash
|
|
27
|
-
export
|
|
27
|
+
export AEX_API_KEY="<your-aex-api-key>"
|
|
28
28
|
export ANTHROPIC_API_KEY="<your-anthropic-api-key>"
|
|
29
29
|
```
|
|
30
30
|
|
|
@@ -33,7 +33,7 @@ export ANTHROPIC_API_KEY="<your-anthropic-api-key>"
|
|
|
33
33
|
```ts
|
|
34
34
|
import { Aex, Models, Sizes } from "@aexhq/sdk";
|
|
35
35
|
|
|
36
|
-
const aex = new Aex({
|
|
36
|
+
const aex = new Aex({ apiKey: process.env.AEX_API_KEY! });
|
|
37
37
|
|
|
38
38
|
const session = await aex.openSession({
|
|
39
39
|
model: Models.CLAUDE_HAIKU_4_5,
|
|
@@ -82,7 +82,7 @@ The same request can run from the bundled CLI:
|
|
|
82
82
|
|
|
83
83
|
```bash
|
|
84
84
|
aex run \
|
|
85
|
-
--api-
|
|
85
|
+
--api-key "$AEX_API_KEY" \
|
|
86
86
|
--anthropic-api-key "$ANTHROPIC_API_KEY" \
|
|
87
87
|
--model claude-haiku-4-5 \
|
|
88
88
|
--prompt "Write the report and save outputs." \
|
|
@@ -91,14 +91,14 @@ aex run \
|
|
|
91
91
|
|
|
92
92
|
## CLI: login, discovery, typed errors
|
|
93
93
|
|
|
94
|
-
Stop re-passing `--api-
|
|
94
|
+
Stop re-passing `--api-key` on every command — log in once and the token (plus
|
|
95
95
|
your default `--aex-url`) is persisted to a `0600` config file
|
|
96
96
|
(`$XDG_CONFIG_HOME/aex/config.json` or `~/.config/aex/config.json`; `%APPDATA%\aex\config.json`
|
|
97
|
-
on Windows). An explicit `--api-
|
|
97
|
+
on Windows). An explicit `--api-key` flag always overrides the stored one.
|
|
98
98
|
|
|
99
99
|
```bash
|
|
100
|
-
aex login --api-
|
|
101
|
-
aex whoami # no --api-
|
|
100
|
+
aex login --api-key "$AEX_API_KEY" [--aex-url https://api.aex.dev]
|
|
101
|
+
aex whoami # no --api-key needed after login
|
|
102
102
|
aex auth status # show the resolved config (the token value is never printed)
|
|
103
103
|
aex logout # clear the stored token
|
|
104
104
|
```
|
|
@@ -14,7 +14,7 @@ export interface HttpClientOptions {
|
|
|
14
14
|
* own URL; no env var consults this value.
|
|
15
15
|
*/
|
|
16
16
|
readonly baseUrl?: string;
|
|
17
|
-
readonly
|
|
17
|
+
readonly apiKey: string;
|
|
18
18
|
readonly fetch?: FetchLike;
|
|
19
19
|
/** When set, every request emits a redacted one-line trace here. */
|
|
20
20
|
readonly debug?: DebugSink;
|
package/dist/_contracts/http.js
CHANGED
|
@@ -8,12 +8,12 @@ import { AEX_DEFAULT_BASE_URL } from "./stable.js";
|
|
|
8
8
|
*/
|
|
9
9
|
export class HttpClient {
|
|
10
10
|
#baseUrl;
|
|
11
|
-
#
|
|
11
|
+
#apiKey;
|
|
12
12
|
#fetch;
|
|
13
13
|
#debug;
|
|
14
14
|
constructor(options) {
|
|
15
|
-
if (!options.
|
|
16
|
-
throw new Error("HttpClient:
|
|
15
|
+
if (!options.apiKey) {
|
|
16
|
+
throw new Error("HttpClient: apiKey is required");
|
|
17
17
|
}
|
|
18
18
|
const raw = options.baseUrl ?? AEX_DEFAULT_BASE_URL;
|
|
19
19
|
const normalized = raw.endsWith("/") ? raw : `${raw}/`;
|
|
@@ -24,7 +24,7 @@ export class HttpClient {
|
|
|
24
24
|
throw new Error(`HttpClient: invalid aex baseUrl ${JSON.stringify(redactUrl(raw))} — ` +
|
|
25
25
|
`expected an absolute URL like "${AEX_DEFAULT_BASE_URL}"`, { cause: err });
|
|
26
26
|
}
|
|
27
|
-
this.#
|
|
27
|
+
this.#apiKey = options.apiKey;
|
|
28
28
|
this.#fetch = options.fetch ?? fetch;
|
|
29
29
|
this.#debug = options.debug;
|
|
30
30
|
}
|
|
@@ -39,7 +39,7 @@ export class HttpClient {
|
|
|
39
39
|
}
|
|
40
40
|
const headers = {
|
|
41
41
|
accept: "application/json",
|
|
42
|
-
authorization: `Bearer ${this.#
|
|
42
|
+
authorization: `Bearer ${this.#apiKey}`,
|
|
43
43
|
...normalizeHeaders(init.headers)
|
|
44
44
|
};
|
|
45
45
|
if (init.body !== undefined && init.body !== null && !headers["content-type"]) {
|
|
@@ -73,7 +73,7 @@ export class HttpClient {
|
|
|
73
73
|
url.searchParams.set(key, value);
|
|
74
74
|
}
|
|
75
75
|
const headers = {
|
|
76
|
-
authorization: `Bearer ${this.#
|
|
76
|
+
authorization: `Bearer ${this.#apiKey}`,
|
|
77
77
|
...normalizeHeaders(init.headers)
|
|
78
78
|
};
|
|
79
79
|
const startedMs = Date.now();
|
|
@@ -10,7 +10,7 @@ import type { PlatformRunSubmissionInput } from "./submission.js";
|
|
|
10
10
|
* Every function takes an HttpClient (so callers control auth + fetch
|
|
11
11
|
* injection) and returns parsed responses.
|
|
12
12
|
*
|
|
13
|
-
* Workspace identity is derived server-side from the API
|
|
13
|
+
* Workspace identity is derived server-side from the API key on
|
|
14
14
|
* every request; callers do not pass `workspaceId`.
|
|
15
15
|
*/
|
|
16
16
|
export declare function getRun(http: HttpClient, runId: string): Promise<Run>;
|
|
@@ -10,7 +10,7 @@ import { assertRunRecordArchivePublicSafeV1, buildRunRecordDownloadManifestV1 }
|
|
|
10
10
|
* Every function takes an HttpClient (so callers control auth + fetch
|
|
11
11
|
* injection) and returns parsed responses.
|
|
12
12
|
*
|
|
13
|
-
* Workspace identity is derived server-side from the API
|
|
13
|
+
* Workspace identity is derived server-side from the API key on
|
|
14
14
|
* every request; callers do not pass `workspaceId`.
|
|
15
15
|
*/
|
|
16
16
|
export async function getRun(http, runId) {
|
|
@@ -79,7 +79,7 @@ export interface RunDeletionManifestRunV1 {
|
|
|
79
79
|
}
|
|
80
80
|
export interface RunDeletionManifestRequestV1 {
|
|
81
81
|
readonly reason: RunDeletionReason;
|
|
82
|
-
readonly actorClass: "user" | "
|
|
82
|
+
readonly actorClass: "user" | "api_key" | "system" | "operator";
|
|
83
83
|
}
|
|
84
84
|
export interface RunDeletionManifestSummaryV1 {
|
|
85
85
|
readonly totalCount: number;
|
|
@@ -161,7 +161,7 @@ export interface UsageSummary {
|
|
|
161
161
|
/**
|
|
162
162
|
* Filters for {@link import("./operations.js").listRuns} / the CLI's `aex runs`.
|
|
163
163
|
* Every field is optional; omitting all of them lists the most recent runs in the
|
|
164
|
-
* token's workspace. Workspace identity is derived server-side from the API
|
|
164
|
+
* token's workspace. Workspace identity is derived server-side from the API key,
|
|
165
165
|
* so there is no `workspaceId` here — a token can only ever enumerate its own runs.
|
|
166
166
|
*/
|
|
167
167
|
export interface RunListQuery {
|
|
@@ -377,9 +377,9 @@ export interface WhoAmI {
|
|
|
377
377
|
/**
|
|
378
378
|
* Kind of principal the bearer resolved to. OPTIONAL IN PRACTICE: current
|
|
379
379
|
* managed deployments do not serve it (`GET /whoami` returns only
|
|
380
|
-
* `workspaceId` + `scopes` + `limits`) — treat `undefined` as "
|
|
380
|
+
* `workspaceId` + `scopes` + `limits`) — treat `undefined` as "api_key".
|
|
381
381
|
*/
|
|
382
|
-
readonly principalType?: "
|
|
382
|
+
readonly principalType?: "api_key" | "user";
|
|
383
383
|
readonly workspaceId?: string;
|
|
384
384
|
readonly tokenId?: string;
|
|
385
385
|
readonly tokenName?: string | null;
|
|
@@ -2,15 +2,15 @@ import type { RunProvider } from "./submission.js";
|
|
|
2
2
|
export declare const SIDE_EFFECT_AUDIT_SCHEMA_VERSION = 1;
|
|
3
3
|
export declare const SIDE_EFFECT_AUDIT_REDACTION_SCANNER_VERSION = 1;
|
|
4
4
|
export declare const SIDE_EFFECT_AUDIT_KIND = "aex.side_effect_audit.v1";
|
|
5
|
-
export declare const SIDE_EFFECT_AUDIT_ACTIONS: readonly ["run.submit.accepted", "run.submit.rejected", "run.cancel.requested", "run.delete.requested", "run.delete.completed", "run.delete.failed", "run.download.requested", "run.output.downloaded", "run.log.downloaded", "run.event.downloaded", "workspace.asset.uploaded", "workspace.asset.deleted", "proxy.endpoint.called", "mcp.credential.accessed", "mcp.proxy.called", "provider.proxy.called", "custody.manifest.written", "custody.transition.recorded", "runtime.cleanup.completed", "runtime.cleanup.failed", "terminal_redrive.attempted", "terminal_redrive.completed", "
|
|
5
|
+
export declare const SIDE_EFFECT_AUDIT_ACTIONS: readonly ["run.submit.accepted", "run.submit.rejected", "run.cancel.requested", "run.delete.requested", "run.delete.completed", "run.delete.failed", "run.download.requested", "run.output.downloaded", "run.log.downloaded", "run.event.downloaded", "workspace.asset.uploaded", "workspace.asset.deleted", "proxy.endpoint.called", "mcp.credential.accessed", "mcp.proxy.called", "provider.proxy.called", "custody.manifest.written", "custody.transition.recorded", "runtime.cleanup.completed", "runtime.cleanup.failed", "terminal_redrive.attempted", "terminal_redrive.completed", "api_key.created", "api_key.deleted", "api_key.used"];
|
|
6
6
|
export type SideEffectAuditAction = (typeof SIDE_EFFECT_AUDIT_ACTIONS)[number];
|
|
7
|
-
export declare const SIDE_EFFECT_AUDIT_ACTOR_PRINCIPAL_TYPES: readonly ["user", "
|
|
7
|
+
export declare const SIDE_EFFECT_AUDIT_ACTOR_PRINCIPAL_TYPES: readonly ["user", "api_key", "system", "runtime"];
|
|
8
8
|
export type SideEffectAuditActorPrincipalType = (typeof SIDE_EFFECT_AUDIT_ACTOR_PRINCIPAL_TYPES)[number];
|
|
9
9
|
export declare const SIDE_EFFECT_AUDIT_SOURCE_PLANES: readonly ["dashboard", "api", "runtime", "system"];
|
|
10
10
|
export type SideEffectAuditSourcePlane = (typeof SIDE_EFFECT_AUDIT_SOURCE_PLANES)[number];
|
|
11
|
-
export declare const SIDE_EFFECT_AUDIT_AUTHENTICATION_KINDS: readonly ["dashboard_auth", "
|
|
11
|
+
export declare const SIDE_EFFECT_AUDIT_AUTHENTICATION_KINDS: readonly ["dashboard_auth", "api_key", "runner_token", "system"];
|
|
12
12
|
export type SideEffectAuditAuthenticationKind = (typeof SIDE_EFFECT_AUDIT_AUTHENTICATION_KINDS)[number];
|
|
13
|
-
export declare const SIDE_EFFECT_AUDIT_TARGET_TYPES: readonly ["workspace", "run", "proxy_endpoint", "mcp_credential", "mcp_proxy", "provider_proxy", "output_archive", "run_output", "run_log", "run_event_stream", "workspace_asset", "custody_manifest", "custody_transition", "cleanup", "deletion", "terminal_redrive", "
|
|
13
|
+
export declare const SIDE_EFFECT_AUDIT_TARGET_TYPES: readonly ["workspace", "run", "proxy_endpoint", "mcp_credential", "mcp_proxy", "provider_proxy", "output_archive", "run_output", "run_log", "run_event_stream", "workspace_asset", "custody_manifest", "custody_transition", "cleanup", "deletion", "terminal_redrive", "api_key"];
|
|
14
14
|
export type SideEffectAuditTargetType = (typeof SIDE_EFFECT_AUDIT_TARGET_TYPES)[number];
|
|
15
15
|
export declare const SIDE_EFFECT_AUDIT_OUTCOMES: readonly ["accepted", "rejected", "succeeded", "failed", "denied", "canceled", "pending"];
|
|
16
16
|
export type SideEffectAuditOutcome = (typeof SIDE_EFFECT_AUDIT_OUTCOMES)[number];
|
|
@@ -24,13 +24,13 @@ export const SIDE_EFFECT_AUDIT_ACTIONS = [
|
|
|
24
24
|
"runtime.cleanup.failed",
|
|
25
25
|
"terminal_redrive.attempted",
|
|
26
26
|
"terminal_redrive.completed",
|
|
27
|
-
"
|
|
28
|
-
"
|
|
29
|
-
"
|
|
27
|
+
"api_key.created",
|
|
28
|
+
"api_key.deleted",
|
|
29
|
+
"api_key.used"
|
|
30
30
|
];
|
|
31
31
|
export const SIDE_EFFECT_AUDIT_ACTOR_PRINCIPAL_TYPES = [
|
|
32
32
|
"user",
|
|
33
|
-
"
|
|
33
|
+
"api_key",
|
|
34
34
|
"system",
|
|
35
35
|
"runtime"
|
|
36
36
|
];
|
|
@@ -42,7 +42,7 @@ export const SIDE_EFFECT_AUDIT_SOURCE_PLANES = [
|
|
|
42
42
|
];
|
|
43
43
|
export const SIDE_EFFECT_AUDIT_AUTHENTICATION_KINDS = [
|
|
44
44
|
"dashboard_auth",
|
|
45
|
-
"
|
|
45
|
+
"api_key",
|
|
46
46
|
"runner_token",
|
|
47
47
|
"system"
|
|
48
48
|
];
|
|
@@ -63,7 +63,7 @@ export const SIDE_EFFECT_AUDIT_TARGET_TYPES = [
|
|
|
63
63
|
"cleanup",
|
|
64
64
|
"deletion",
|
|
65
65
|
"terminal_redrive",
|
|
66
|
-
"
|
|
66
|
+
"api_key"
|
|
67
67
|
];
|
|
68
68
|
export const SIDE_EFFECT_AUDIT_OUTCOMES = [
|
|
69
69
|
"accepted",
|
|
@@ -397,7 +397,7 @@ export interface RunMachine {
|
|
|
397
397
|
/**
|
|
398
398
|
* Wire shape posted by the SDK and CLI. `workspaceId` is **omitted by
|
|
399
399
|
* design** — token-authenticated clients never name the workspace
|
|
400
|
-
* because it is derived from their API
|
|
400
|
+
* because it is derived from their API key on the server. The BFF
|
|
401
401
|
* route resolves the workspace from the token and injects it before
|
|
402
402
|
* calling the parser. The dashboard UI (Auth.js user principal,
|
|
403
403
|
* multi-workspace) is the only caller that supplies `workspaceId`
|
package/dist/cli.mjs
CHANGED
|
@@ -1581,12 +1581,12 @@ var encoder2 = new TextEncoder();
|
|
|
1581
1581
|
// ../contracts/dist/http.js
|
|
1582
1582
|
var HttpClient = class {
|
|
1583
1583
|
#baseUrl;
|
|
1584
|
-
#
|
|
1584
|
+
#apiKey;
|
|
1585
1585
|
#fetch;
|
|
1586
1586
|
#debug;
|
|
1587
1587
|
constructor(options) {
|
|
1588
|
-
if (!options.
|
|
1589
|
-
throw new Error("HttpClient:
|
|
1588
|
+
if (!options.apiKey) {
|
|
1589
|
+
throw new Error("HttpClient: apiKey is required");
|
|
1590
1590
|
}
|
|
1591
1591
|
const raw = options.baseUrl ?? AEX_DEFAULT_BASE_URL;
|
|
1592
1592
|
const normalized = raw.endsWith("/") ? raw : `${raw}/`;
|
|
@@ -1595,7 +1595,7 @@ var HttpClient = class {
|
|
|
1595
1595
|
} catch (err2) {
|
|
1596
1596
|
throw new Error(`HttpClient: invalid aex baseUrl ${JSON.stringify(redactUrl(raw))} \u2014 expected an absolute URL like "${AEX_DEFAULT_BASE_URL}"`, { cause: err2 });
|
|
1597
1597
|
}
|
|
1598
|
-
this.#
|
|
1598
|
+
this.#apiKey = options.apiKey;
|
|
1599
1599
|
this.#fetch = options.fetch ?? fetch;
|
|
1600
1600
|
this.#debug = options.debug;
|
|
1601
1601
|
}
|
|
@@ -1610,7 +1610,7 @@ var HttpClient = class {
|
|
|
1610
1610
|
}
|
|
1611
1611
|
const headers = {
|
|
1612
1612
|
accept: "application/json",
|
|
1613
|
-
authorization: `Bearer ${this.#
|
|
1613
|
+
authorization: `Bearer ${this.#apiKey}`,
|
|
1614
1614
|
...normalizeHeaders(init.headers)
|
|
1615
1615
|
};
|
|
1616
1616
|
if (init.body !== void 0 && init.body !== null && !headers["content-type"]) {
|
|
@@ -1639,7 +1639,7 @@ var HttpClient = class {
|
|
|
1639
1639
|
url.searchParams.set(key, value);
|
|
1640
1640
|
}
|
|
1641
1641
|
const headers = {
|
|
1642
|
-
authorization: `Bearer ${this.#
|
|
1642
|
+
authorization: `Bearer ${this.#apiKey}`,
|
|
1643
1643
|
...normalizeHeaders(init.headers)
|
|
1644
1644
|
};
|
|
1645
1645
|
const startedMs = Date.now();
|
|
@@ -3252,7 +3252,7 @@ function isSessionOk(status2) {
|
|
|
3252
3252
|
return status2 === "idle" || status2 === "suspended" || status2 === "succeeded";
|
|
3253
3253
|
}
|
|
3254
3254
|
function extractCommonHostFlags(argv) {
|
|
3255
|
-
let
|
|
3255
|
+
let apiKey = null;
|
|
3256
3256
|
let aexUrl = null;
|
|
3257
3257
|
let debug2 = false;
|
|
3258
3258
|
const rest = [];
|
|
@@ -3262,11 +3262,11 @@ function extractCommonHostFlags(argv) {
|
|
|
3262
3262
|
debug2 = true;
|
|
3263
3263
|
continue;
|
|
3264
3264
|
}
|
|
3265
|
-
if (arg === "--api-
|
|
3265
|
+
if (arg === "--api-key") {
|
|
3266
3266
|
const v = argv[++i2];
|
|
3267
3267
|
if (v === void 0)
|
|
3268
|
-
return { ok: false, reason: "--api-
|
|
3269
|
-
|
|
3268
|
+
return { ok: false, reason: "--api-key requires a value" };
|
|
3269
|
+
apiKey = v;
|
|
3270
3270
|
continue;
|
|
3271
3271
|
}
|
|
3272
3272
|
if (arg === "--aex-url") {
|
|
@@ -3279,18 +3279,18 @@ function extractCommonHostFlags(argv) {
|
|
|
3279
3279
|
if (arg === "--workspace" || arg === "--workspace-id") {
|
|
3280
3280
|
return {
|
|
3281
3281
|
ok: false,
|
|
3282
|
-
reason: `unknown flag ${arg}: workspace is derived from --api-
|
|
3282
|
+
reason: `unknown flag ${arg}: workspace is derived from --api-key on the server; drop this flag`
|
|
3283
3283
|
};
|
|
3284
3284
|
}
|
|
3285
3285
|
rest.push(arg);
|
|
3286
3286
|
}
|
|
3287
|
-
return { ok: true, flags: {
|
|
3287
|
+
return { ok: true, flags: { apiKey, aexUrl, debug: debug2, rest } };
|
|
3288
3288
|
}
|
|
3289
3289
|
async function resolveCommonHostFlags(io2, argv) {
|
|
3290
3290
|
const extracted = extractCommonHostFlags(argv);
|
|
3291
3291
|
if (!extracted.ok)
|
|
3292
3292
|
return extracted;
|
|
3293
|
-
const {
|
|
3293
|
+
const { apiKey: flagToken, aexUrl: flagUrl, debug: debug2, rest } = extracted.flags;
|
|
3294
3294
|
let token = flagToken;
|
|
3295
3295
|
let url = flagUrl;
|
|
3296
3296
|
let source = flagToken ? "flag" : "none";
|
|
@@ -3298,8 +3298,8 @@ async function resolveCommonHostFlags(io2, argv) {
|
|
|
3298
3298
|
if (!token && io2.configStore) {
|
|
3299
3299
|
const stored = await io2.configStore.read();
|
|
3300
3300
|
storedLocation = io2.configStore.location();
|
|
3301
|
-
if (stored?.
|
|
3302
|
-
token = stored.
|
|
3301
|
+
if (stored?.apiKey) {
|
|
3302
|
+
token = stored.apiKey;
|
|
3303
3303
|
source = "stored";
|
|
3304
3304
|
if (!url && stored.aexUrl)
|
|
3305
3305
|
url = stored.aexUrl;
|
|
@@ -3307,14 +3307,14 @@ async function resolveCommonHostFlags(io2, argv) {
|
|
|
3307
3307
|
}
|
|
3308
3308
|
const resolvedUrl = url ?? AEX_DEFAULT_BASE_URL;
|
|
3309
3309
|
if (debug2) {
|
|
3310
|
-
const where = source === "flag" ? "--api-
|
|
3310
|
+
const where = source === "flag" ? "--api-key flag" : source === "stored" ? `stored token (${storedLocation})` : "none";
|
|
3311
3311
|
io2.stderr(`[aex] auth: ${where}; aex-url=${resolvedUrl}
|
|
3312
3312
|
`);
|
|
3313
3313
|
}
|
|
3314
3314
|
if (!token) {
|
|
3315
|
-
return { ok: false, reason: "no API
|
|
3315
|
+
return { ok: false, reason: "no API key \u2014 pass --api-key or run `aex login`" };
|
|
3316
3316
|
}
|
|
3317
|
-
return { ok: true, flags: {
|
|
3317
|
+
return { ok: true, flags: { apiKey: token, aexUrl: resolvedUrl, debug: debug2 }, rest };
|
|
3318
3318
|
}
|
|
3319
3319
|
function describeApiError(err2) {
|
|
3320
3320
|
if (err2 instanceof AexApiError) {
|
|
@@ -3354,9 +3354,9 @@ function describeErrorBody(body) {
|
|
|
3354
3354
|
}
|
|
3355
3355
|
function remedyForStatus(status2) {
|
|
3356
3356
|
if (status2 === 400)
|
|
3357
|
-
return "malformed request \u2014 if this is an auth failure, check --api-
|
|
3357
|
+
return "malformed request \u2014 if this is an auth failure, check --api-key or run `aex login`";
|
|
3358
3358
|
if (status2 === 401)
|
|
3359
|
-
return "check --api-
|
|
3359
|
+
return "check --api-key, or run `aex login`";
|
|
3360
3360
|
if (status2 === 403)
|
|
3361
3361
|
return "token lacks permission for this workspace/action";
|
|
3362
3362
|
if (status2 === 404)
|
|
@@ -3428,7 +3428,7 @@ function levenshtein(a, b) {
|
|
|
3428
3428
|
function makeHttpClient(io2, flags) {
|
|
3429
3429
|
return new HttpClient({
|
|
3430
3430
|
baseUrl: flags.aexUrl,
|
|
3431
|
-
|
|
3431
|
+
apiKey: flags.apiKey,
|
|
3432
3432
|
fetch: io2.fetchImpl,
|
|
3433
3433
|
// `--debug`: route the transport's redacted per-request traces to stderr.
|
|
3434
3434
|
...flags.debug ? { debug: (line) => io2.stderr(`${line}
|
|
@@ -5335,7 +5335,7 @@ function makeAwsSources(region) {
|
|
|
5335
5335
|
}
|
|
5336
5336
|
};
|
|
5337
5337
|
}
|
|
5338
|
-
var USAGE = "usage: aex debug <run-id> [--plane dev|prd] [--region eu-west-2] [--out dir] [--account <id>] [--cloudwatch] [--since <dur>] [--with-outputs]\n operator command \u2014 uses the standard AWS SDK credential chain (env/profile), NOT --api-
|
|
5338
|
+
var USAGE = "usage: aex debug <run-id> [--plane dev|prd] [--region eu-west-2] [--out dir] [--account <id>] [--cloudwatch] [--since <dur>] [--with-outputs]\n operator command \u2014 uses the standard AWS SDK credential chain (env/profile), NOT --api-key\n";
|
|
5339
5339
|
async function runDebugCmd(io2, argv) {
|
|
5340
5340
|
if (await refuseInsideManagedRun(io2, "debug"))
|
|
5341
5341
|
return USAGE_ERR;
|
|
@@ -5437,19 +5437,19 @@ async function runLoginCmd(io2, argv) {
|
|
|
5437
5437
|
`);
|
|
5438
5438
|
return USAGE_ERR;
|
|
5439
5439
|
}
|
|
5440
|
-
const {
|
|
5440
|
+
const { apiKey, aexUrl, debug: debug2, rest } = extracted.flags;
|
|
5441
5441
|
const positional = rest.filter((a) => !a.startsWith("--"));
|
|
5442
5442
|
if (positional.length > 0) {
|
|
5443
5443
|
io2.stderr(`unexpected arguments: ${positional.join(" ")}
|
|
5444
5444
|
`);
|
|
5445
5445
|
return USAGE_ERR;
|
|
5446
5446
|
}
|
|
5447
|
-
if (!
|
|
5448
|
-
io2.stderr("usage: aex login --api-
|
|
5447
|
+
if (!apiKey) {
|
|
5448
|
+
io2.stderr("usage: aex login --api-key <token> [--aex-url <url>]\n");
|
|
5449
5449
|
return USAGE_ERR;
|
|
5450
5450
|
}
|
|
5451
5451
|
const resolvedUrl = aexUrl ?? AEX_DEFAULT_BASE_URL;
|
|
5452
|
-
const http = makeHttpClient(io2, {
|
|
5452
|
+
const http = makeHttpClient(io2, { apiKey, aexUrl: resolvedUrl, debug: debug2 });
|
|
5453
5453
|
let workspaceId;
|
|
5454
5454
|
try {
|
|
5455
5455
|
const me = await operations_exports.whoami(http);
|
|
@@ -5466,7 +5466,7 @@ async function runLoginCmd(io2, argv) {
|
|
|
5466
5466
|
...described.remedy ? { remedy: described.remedy } : {}
|
|
5467
5467
|
});
|
|
5468
5468
|
}
|
|
5469
|
-
await io2.configStore.write({ schemaVersion: 1,
|
|
5469
|
+
await io2.configStore.write({ schemaVersion: 1, apiKey, ...aexUrl ? { aexUrl: resolvedUrl } : {} });
|
|
5470
5470
|
if (debug2)
|
|
5471
5471
|
io2.stderr(`[aex] login: persisted to ${io2.configStore.location()}
|
|
5472
5472
|
`);
|
|
@@ -5507,8 +5507,8 @@ async function runAuthStatusCmd(io2, argv) {
|
|
|
5507
5507
|
return USAGE_ERR;
|
|
5508
5508
|
}
|
|
5509
5509
|
const stored = await io2.configStore.read();
|
|
5510
|
-
const hasToken = Boolean(stored?.
|
|
5511
|
-
const tokenSuffix = hasToken ? stored.
|
|
5510
|
+
const hasToken = Boolean(stored?.apiKey);
|
|
5511
|
+
const tokenSuffix = hasToken ? stored.apiKey.slice(-4) : void 0;
|
|
5512
5512
|
io2.stdout(JSON.stringify({
|
|
5513
5513
|
configPath: io2.configStore.location(),
|
|
5514
5514
|
hasToken,
|
|
@@ -6103,28 +6103,28 @@ async function dispatch(io2, args) {
|
|
|
6103
6103
|
async function printGlobalHelp(io2) {
|
|
6104
6104
|
io2.stdout("aex \u2014 unified CLI for the aex platform (mirrors the SDK 1:1)\n\n");
|
|
6105
6105
|
io2.stdout("Usage:\n");
|
|
6106
|
-
io2.stdout(" aex run --config <run.json> --<provider>-api-key K --api-
|
|
6107
|
-
io2.stdout(" aex run --model M --prompt P [--system S] [--mcp name=url ...] --<provider>-api-key K --api-
|
|
6108
|
-
io2.stdout(" aex status <session-id> --api-
|
|
6109
|
-
io2.stdout(" aex deliveries <session-id> --api-
|
|
6110
|
-
io2.stdout(" aex wait <session-id> [--timeout 8m] [--interval 2s] --api-
|
|
6111
|
-
io2.stdout(" aex events <session-id> [--follow] [--timeout 8m] --api-
|
|
6112
|
-
io2.stdout(" aex tail <session-id> [--json] [--filter <type|source>] [--logs] [--settle] [--timeout 8m] --api-
|
|
6113
|
-
io2.stdout(" aex inspect <session-id> [--json] [--filter <type|source>] [--logs] [--timeout 8m] --api-
|
|
6114
|
-
io2.stdout(" aex outputs <session-id> --api-
|
|
6115
|
-
io2.stdout(" aex download <session-id> [--only outputs|events|metadata] [--out path] --api-
|
|
6116
|
-
io2.stdout(" aex cancel <session-id> --api-
|
|
6117
|
-
io2.stdout(" aex delete <session-id> --api-
|
|
6118
|
-
io2.stdout(" aex delete-asset <assetId|hash> --api-
|
|
6119
|
-
io2.stdout(" aex runs [--limit N] [--since ISO] --api-
|
|
6120
|
-
io2.stdout(" aex sessions [--limit N] --api-
|
|
6121
|
-
io2.stdout(" aex whoami --api-
|
|
6122
|
-
io2.stdout(" aex billing [--json] --api-
|
|
6123
|
-
io2.stdout(" aex billing ledger [--limit N] --api-
|
|
6124
|
-
io2.stdout(" aex billing upgrade pro|team --api-
|
|
6125
|
-
io2.stdout(" aex billing portal --api-
|
|
6126
|
-
io2.stdout(" aex webhooks secret --api-
|
|
6127
|
-
io2.stdout(" aex login --api-
|
|
6106
|
+
io2.stdout(" aex run --config <run.json> --<provider>-api-key K --api-key T [flags]\n");
|
|
6107
|
+
io2.stdout(" aex run --model M --prompt P [--system S] [--mcp name=url ...] --<provider>-api-key K --api-key T [flags]\n");
|
|
6108
|
+
io2.stdout(" aex status <session-id> --api-key T\n");
|
|
6109
|
+
io2.stdout(" aex deliveries <session-id> --api-key T\n");
|
|
6110
|
+
io2.stdout(" aex wait <session-id> [--timeout 8m] [--interval 2s] --api-key T\n");
|
|
6111
|
+
io2.stdout(" aex events <session-id> [--follow] [--timeout 8m] --api-key T\n");
|
|
6112
|
+
io2.stdout(" aex tail <session-id> [--json] [--filter <type|source>] [--logs] [--settle] [--timeout 8m] --api-key T\n");
|
|
6113
|
+
io2.stdout(" aex inspect <session-id> [--json] [--filter <type|source>] [--logs] [--timeout 8m] --api-key T\n");
|
|
6114
|
+
io2.stdout(" aex outputs <session-id> --api-key T\n");
|
|
6115
|
+
io2.stdout(" aex download <session-id> [--only outputs|events|metadata] [--out path] --api-key T\n");
|
|
6116
|
+
io2.stdout(" aex cancel <session-id> --api-key T\n");
|
|
6117
|
+
io2.stdout(" aex delete <session-id> --api-key T\n");
|
|
6118
|
+
io2.stdout(" aex delete-asset <assetId|hash> --api-key T\n");
|
|
6119
|
+
io2.stdout(" aex runs [--limit N] [--since ISO] --api-key T List the workspace's runs (newest first, JSON)\n");
|
|
6120
|
+
io2.stdout(" aex sessions [--limit N] --api-key T List the workspace's sessions (newest first, JSON)\n");
|
|
6121
|
+
io2.stdout(" aex whoami --api-key T\n");
|
|
6122
|
+
io2.stdout(" aex billing [--json] --api-key T Show prepaid balance, month spend, and spend cap\n");
|
|
6123
|
+
io2.stdout(" aex billing ledger [--limit N] --api-key T Recent credit-ledger entries (newest first, JSON)\n");
|
|
6124
|
+
io2.stdout(" aex billing upgrade pro|team --api-key T Create a hosted checkout session and print its URL\n");
|
|
6125
|
+
io2.stdout(" aex billing portal --api-key T Create a hosted billing portal session and print its URL\n");
|
|
6126
|
+
io2.stdout(" aex webhooks secret --api-key T Reveal (create on first use) the webhook signing secret\n");
|
|
6127
|
+
io2.stdout(" aex login --api-key T [--aex-url U] Persist token + url (then other verbs need no --api-key)\n");
|
|
6128
6128
|
io2.stdout(" aex logout Clear the stored token\n");
|
|
6129
6129
|
io2.stdout(" aex auth status Show the resolved config (token never printed)\n");
|
|
6130
6130
|
io2.stdout(" aex models list [--json] List models + default provider (no token needed)\n");
|
|
@@ -6134,7 +6134,7 @@ async function printGlobalHelp(io2) {
|
|
|
6134
6134
|
io2.stdout(" aex debug <run-id> [--plane dev|prd] [--region eu-west-2] [--cloudwatch] [--with-outputs] (operator; AWS creds)\n");
|
|
6135
6135
|
io2.stdout(" aex --help\n\n");
|
|
6136
6136
|
io2.stdout("Common flags on every host subcommand:\n");
|
|
6137
|
-
io2.stdout(" --api-
|
|
6137
|
+
io2.stdout(" --api-key <token> REQUIRED \u2014 aex SDK API key (workspace is derived from it)\n");
|
|
6138
6138
|
io2.stdout(" --aex-url <url> Optional; defaults to https://api.aex.dev (local/staging/hosted plane)\n");
|
|
6139
6139
|
io2.stdout(" --debug Optional; print a redacted per-request trace to stderr (uploads nothing)\n\n");
|
|
6140
6140
|
io2.stdout("aex run flags:\n");
|
package/dist/cli.mjs.sha256
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
5e34d5001f6ad9cd7e95730c6b14e0a5ebce55d732b19288a95f04df76fba078 cli.mjs
|
package/dist/client.d.ts
CHANGED
|
@@ -8,10 +8,8 @@ import { Secret } from "./secret.js";
|
|
|
8
8
|
import { SkillTool } from "./skill-tool.js";
|
|
9
9
|
import { Tool } from "./tool.js";
|
|
10
10
|
export interface AexOptions {
|
|
11
|
-
/** Workspace-scoped SDK API
|
|
11
|
+
/** Workspace-scoped SDK API key. */
|
|
12
12
|
readonly apiKey?: string;
|
|
13
|
-
/** @deprecated Use `apiKey`; kept as a source-compatible alias during launch. */
|
|
14
|
-
readonly apiToken?: string;
|
|
15
13
|
/**
|
|
16
14
|
* API plane root, e.g. `https://aex.example.com`. Optional —
|
|
17
15
|
* defaults to the canonical hosted URL (`https://api.aex.dev`).
|
|
@@ -498,7 +496,7 @@ export declare class SecretsClient {
|
|
|
498
496
|
* the dashboard BFF and operate on durable run records.
|
|
499
497
|
*
|
|
500
498
|
* The SDK never asks the caller for a workspace id — workspace identity
|
|
501
|
-
* is derived server-side from the API
|
|
499
|
+
* is derived server-side from the API key on every request. Use
|
|
502
500
|
* `client.whoami()` if you want to introspect which workspace the
|
|
503
501
|
* token resolves to.
|
|
504
502
|
*/
|
|
@@ -508,7 +506,7 @@ export declare class Aex {
|
|
|
508
506
|
readonly files: FilesClient;
|
|
509
507
|
readonly secrets: SecretsClient;
|
|
510
508
|
readonly sessions: SessionClient;
|
|
511
|
-
constructor(apiKey: string, options?: Omit<AexOptions, "apiKey"
|
|
509
|
+
constructor(apiKey: string, options?: Omit<AexOptions, "apiKey">);
|
|
512
510
|
constructor(options: AexOptions);
|
|
513
511
|
/**
|
|
514
512
|
* Internal: satisfies the `SecretUploader` surface so a
|
package/dist/client.js
CHANGED
|
@@ -889,7 +889,7 @@ function unwrapSecretValue(value) {
|
|
|
889
889
|
* the dashboard BFF and operate on durable run records.
|
|
890
890
|
*
|
|
891
891
|
* The SDK never asks the caller for a workspace id — workspace identity
|
|
892
|
-
* is derived server-side from the API
|
|
892
|
+
* is derived server-side from the API key on every request. Use
|
|
893
893
|
* `client.whoami()` if you want to introspect which workspace the
|
|
894
894
|
* token resolves to.
|
|
895
895
|
*/
|
|
@@ -903,7 +903,7 @@ export class Aex {
|
|
|
903
903
|
sessions;
|
|
904
904
|
constructor(options, overrides = {}) {
|
|
905
905
|
const resolved = typeof options === "string" ? { ...overrides, apiKey: options } : options;
|
|
906
|
-
const apiKey = resolved.apiKey
|
|
906
|
+
const apiKey = resolved.apiKey;
|
|
907
907
|
if (!apiKey) {
|
|
908
908
|
// Typed so a caller catching AexError (the SDK's error base) catches a
|
|
909
909
|
// missing credential too, instead of a bare Error slipping the taxonomy.
|
|
@@ -917,7 +917,7 @@ export class Aex {
|
|
|
917
917
|
const retryingFetch = withRetry(baseFetch, resolved.retry);
|
|
918
918
|
this.#http = new HttpClient({
|
|
919
919
|
...(resolved.baseUrl ? { baseUrl: resolved.baseUrl } : {}),
|
|
920
|
-
|
|
920
|
+
apiKey,
|
|
921
921
|
fetch: retryingFetch,
|
|
922
922
|
// Opt-in local diagnostics: emit a redacted per-request trace to
|
|
923
923
|
// stderr. Uploads nothing. A caller wanting a custom sink can pass
|