@aexhq/sdk 0.37.4 → 0.38.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -20,11 +20,11 @@ npm i @aexhq/sdk
20
20
  ```
21
21
 
22
22
  This installs the TypeScript SDK exports and the bundled `aex` CLI. Set both
23
- credentials before running the examples: `AEX_API_TOKEN` authenticates to aex,
23
+ credentials before running the examples: `AEX_API_KEY` authenticates to aex,
24
24
  and `ANTHROPIC_API_KEY` is your BYOK provider key for Claude.
25
25
 
26
26
  ```bash
27
- export AEX_API_TOKEN="<your-aex-token>"
27
+ export AEX_API_KEY="<your-aex-api-key>"
28
28
  export ANTHROPIC_API_KEY="<your-anthropic-api-key>"
29
29
  ```
30
30
 
@@ -33,7 +33,7 @@ export ANTHROPIC_API_KEY="<your-anthropic-api-key>"
33
33
  ```ts
34
34
  import { Aex, Models, Sizes } from "@aexhq/sdk";
35
35
 
36
- const aex = new Aex({ apiToken: process.env.AEX_API_TOKEN! });
36
+ const aex = new Aex({ apiKey: process.env.AEX_API_KEY! });
37
37
 
38
38
  const session = await aex.openSession({
39
39
  model: Models.CLAUDE_HAIKU_4_5,
@@ -82,7 +82,7 @@ The same request can run from the bundled CLI:
82
82
 
83
83
  ```bash
84
84
  aex run \
85
- --api-token "$AEX_API_TOKEN" \
85
+ --api-key "$AEX_API_KEY" \
86
86
  --anthropic-api-key "$ANTHROPIC_API_KEY" \
87
87
  --model claude-haiku-4-5 \
88
88
  --prompt "Write the report and save outputs." \
@@ -91,14 +91,14 @@ aex run \
91
91
 
92
92
  ## CLI: login, discovery, typed errors
93
93
 
94
- Stop re-passing `--api-token` on every command — log in once and the token (plus
94
+ Stop re-passing `--api-key` on every command — log in once and the token (plus
95
95
  your default `--aex-url`) is persisted to a `0600` config file
96
96
  (`$XDG_CONFIG_HOME/aex/config.json` or `~/.config/aex/config.json`; `%APPDATA%\aex\config.json`
97
- on Windows). An explicit `--api-token` flag always overrides the stored one.
97
+ on Windows). An explicit `--api-key` flag always overrides the stored one.
98
98
 
99
99
  ```bash
100
- aex login --api-token "$AEX_API_TOKEN" [--aex-url https://api.aex.dev]
101
- aex whoami # no --api-token needed after login
100
+ aex login --api-key "$AEX_API_KEY" [--aex-url https://api.aex.dev]
101
+ aex whoami # no --api-key needed after login
102
102
  aex auth status # show the resolved config (the token value is never printed)
103
103
  aex logout # clear the stored token
104
104
  ```
@@ -14,7 +14,7 @@ export interface HttpClientOptions {
14
14
  * own URL; no env var consults this value.
15
15
  */
16
16
  readonly baseUrl?: string;
17
- readonly apiToken: string;
17
+ readonly apiKey: string;
18
18
  readonly fetch?: FetchLike;
19
19
  /** When set, every request emits a redacted one-line trace here. */
20
20
  readonly debug?: DebugSink;
@@ -8,12 +8,12 @@ import { AEX_DEFAULT_BASE_URL } from "./stable.js";
8
8
  */
9
9
  export class HttpClient {
10
10
  #baseUrl;
11
- #apiToken;
11
+ #apiKey;
12
12
  #fetch;
13
13
  #debug;
14
14
  constructor(options) {
15
- if (!options.apiToken) {
16
- throw new Error("HttpClient: apiToken is required");
15
+ if (!options.apiKey) {
16
+ throw new Error("HttpClient: apiKey is required");
17
17
  }
18
18
  const raw = options.baseUrl ?? AEX_DEFAULT_BASE_URL;
19
19
  const normalized = raw.endsWith("/") ? raw : `${raw}/`;
@@ -24,7 +24,7 @@ export class HttpClient {
24
24
  throw new Error(`HttpClient: invalid aex baseUrl ${JSON.stringify(redactUrl(raw))} — ` +
25
25
  `expected an absolute URL like "${AEX_DEFAULT_BASE_URL}"`, { cause: err });
26
26
  }
27
- this.#apiToken = options.apiToken;
27
+ this.#apiKey = options.apiKey;
28
28
  this.#fetch = options.fetch ?? fetch;
29
29
  this.#debug = options.debug;
30
30
  }
@@ -39,7 +39,7 @@ export class HttpClient {
39
39
  }
40
40
  const headers = {
41
41
  accept: "application/json",
42
- authorization: `Bearer ${this.#apiToken}`,
42
+ authorization: `Bearer ${this.#apiKey}`,
43
43
  ...normalizeHeaders(init.headers)
44
44
  };
45
45
  if (init.body !== undefined && init.body !== null && !headers["content-type"]) {
@@ -73,7 +73,7 @@ export class HttpClient {
73
73
  url.searchParams.set(key, value);
74
74
  }
75
75
  const headers = {
76
- authorization: `Bearer ${this.#apiToken}`,
76
+ authorization: `Bearer ${this.#apiKey}`,
77
77
  ...normalizeHeaders(init.headers)
78
78
  };
79
79
  const startedMs = Date.now();
@@ -10,7 +10,7 @@ import type { PlatformRunSubmissionInput } from "./submission.js";
10
10
  * Every function takes an HttpClient (so callers control auth + fetch
11
11
  * injection) and returns parsed responses.
12
12
  *
13
- * Workspace identity is derived server-side from the API token on
13
+ * Workspace identity is derived server-side from the API key on
14
14
  * every request; callers do not pass `workspaceId`.
15
15
  */
16
16
  export declare function getRun(http: HttpClient, runId: string): Promise<Run>;
@@ -10,7 +10,7 @@ import { assertRunRecordArchivePublicSafeV1, buildRunRecordDownloadManifestV1 }
10
10
  * Every function takes an HttpClient (so callers control auth + fetch
11
11
  * injection) and returns parsed responses.
12
12
  *
13
- * Workspace identity is derived server-side from the API token on
13
+ * Workspace identity is derived server-side from the API key on
14
14
  * every request; callers do not pass `workspaceId`.
15
15
  */
16
16
  export async function getRun(http, runId) {
@@ -79,7 +79,7 @@ export interface RunDeletionManifestRunV1 {
79
79
  }
80
80
  export interface RunDeletionManifestRequestV1 {
81
81
  readonly reason: RunDeletionReason;
82
- readonly actorClass: "user" | "api_token" | "system" | "operator";
82
+ readonly actorClass: "user" | "api_key" | "system" | "operator";
83
83
  }
84
84
  export interface RunDeletionManifestSummaryV1 {
85
85
  readonly totalCount: number;
@@ -161,7 +161,7 @@ export interface UsageSummary {
161
161
  /**
162
162
  * Filters for {@link import("./operations.js").listRuns} / the CLI's `aex runs`.
163
163
  * Every field is optional; omitting all of them lists the most recent runs in the
164
- * token's workspace. Workspace identity is derived server-side from the API token,
164
+ * token's workspace. Workspace identity is derived server-side from the API key,
165
165
  * so there is no `workspaceId` here — a token can only ever enumerate its own runs.
166
166
  */
167
167
  export interface RunListQuery {
@@ -377,9 +377,9 @@ export interface WhoAmI {
377
377
  /**
378
378
  * Kind of principal the bearer resolved to. OPTIONAL IN PRACTICE: current
379
379
  * managed deployments do not serve it (`GET /whoami` returns only
380
- * `workspaceId` + `scopes` + `limits`) — treat `undefined` as "api_token".
380
+ * `workspaceId` + `scopes` + `limits`) — treat `undefined` as "api_key".
381
381
  */
382
- readonly principalType?: "api_token" | "user";
382
+ readonly principalType?: "api_key" | "user";
383
383
  readonly workspaceId?: string;
384
384
  readonly tokenId?: string;
385
385
  readonly tokenName?: string | null;
@@ -2,15 +2,15 @@ import type { RunProvider } from "./submission.js";
2
2
  export declare const SIDE_EFFECT_AUDIT_SCHEMA_VERSION = 1;
3
3
  export declare const SIDE_EFFECT_AUDIT_REDACTION_SCANNER_VERSION = 1;
4
4
  export declare const SIDE_EFFECT_AUDIT_KIND = "aex.side_effect_audit.v1";
5
- export declare const SIDE_EFFECT_AUDIT_ACTIONS: readonly ["run.submit.accepted", "run.submit.rejected", "run.cancel.requested", "run.delete.requested", "run.delete.completed", "run.delete.failed", "run.download.requested", "run.output.downloaded", "run.log.downloaded", "run.event.downloaded", "workspace.asset.uploaded", "workspace.asset.deleted", "proxy.endpoint.called", "mcp.credential.accessed", "mcp.proxy.called", "provider.proxy.called", "custody.manifest.written", "custody.transition.recorded", "runtime.cleanup.completed", "runtime.cleanup.failed", "terminal_redrive.attempted", "terminal_redrive.completed", "api_token.created", "api_token.deleted", "api_token.used"];
5
+ export declare const SIDE_EFFECT_AUDIT_ACTIONS: readonly ["run.submit.accepted", "run.submit.rejected", "run.cancel.requested", "run.delete.requested", "run.delete.completed", "run.delete.failed", "run.download.requested", "run.output.downloaded", "run.log.downloaded", "run.event.downloaded", "workspace.asset.uploaded", "workspace.asset.deleted", "proxy.endpoint.called", "mcp.credential.accessed", "mcp.proxy.called", "provider.proxy.called", "custody.manifest.written", "custody.transition.recorded", "runtime.cleanup.completed", "runtime.cleanup.failed", "terminal_redrive.attempted", "terminal_redrive.completed", "api_key.created", "api_key.deleted", "api_key.used"];
6
6
  export type SideEffectAuditAction = (typeof SIDE_EFFECT_AUDIT_ACTIONS)[number];
7
- export declare const SIDE_EFFECT_AUDIT_ACTOR_PRINCIPAL_TYPES: readonly ["user", "api_token", "system", "runtime"];
7
+ export declare const SIDE_EFFECT_AUDIT_ACTOR_PRINCIPAL_TYPES: readonly ["user", "api_key", "system", "runtime"];
8
8
  export type SideEffectAuditActorPrincipalType = (typeof SIDE_EFFECT_AUDIT_ACTOR_PRINCIPAL_TYPES)[number];
9
9
  export declare const SIDE_EFFECT_AUDIT_SOURCE_PLANES: readonly ["dashboard", "api", "runtime", "system"];
10
10
  export type SideEffectAuditSourcePlane = (typeof SIDE_EFFECT_AUDIT_SOURCE_PLANES)[number];
11
- export declare const SIDE_EFFECT_AUDIT_AUTHENTICATION_KINDS: readonly ["dashboard_auth", "api_token", "runner_token", "system"];
11
+ export declare const SIDE_EFFECT_AUDIT_AUTHENTICATION_KINDS: readonly ["dashboard_auth", "api_key", "runner_token", "system"];
12
12
  export type SideEffectAuditAuthenticationKind = (typeof SIDE_EFFECT_AUDIT_AUTHENTICATION_KINDS)[number];
13
- export declare const SIDE_EFFECT_AUDIT_TARGET_TYPES: readonly ["workspace", "run", "proxy_endpoint", "mcp_credential", "mcp_proxy", "provider_proxy", "output_archive", "run_output", "run_log", "run_event_stream", "workspace_asset", "custody_manifest", "custody_transition", "cleanup", "deletion", "terminal_redrive", "api_token"];
13
+ export declare const SIDE_EFFECT_AUDIT_TARGET_TYPES: readonly ["workspace", "run", "proxy_endpoint", "mcp_credential", "mcp_proxy", "provider_proxy", "output_archive", "run_output", "run_log", "run_event_stream", "workspace_asset", "custody_manifest", "custody_transition", "cleanup", "deletion", "terminal_redrive", "api_key"];
14
14
  export type SideEffectAuditTargetType = (typeof SIDE_EFFECT_AUDIT_TARGET_TYPES)[number];
15
15
  export declare const SIDE_EFFECT_AUDIT_OUTCOMES: readonly ["accepted", "rejected", "succeeded", "failed", "denied", "canceled", "pending"];
16
16
  export type SideEffectAuditOutcome = (typeof SIDE_EFFECT_AUDIT_OUTCOMES)[number];
@@ -24,13 +24,13 @@ export const SIDE_EFFECT_AUDIT_ACTIONS = [
24
24
  "runtime.cleanup.failed",
25
25
  "terminal_redrive.attempted",
26
26
  "terminal_redrive.completed",
27
- "api_token.created",
28
- "api_token.deleted",
29
- "api_token.used"
27
+ "api_key.created",
28
+ "api_key.deleted",
29
+ "api_key.used"
30
30
  ];
31
31
  export const SIDE_EFFECT_AUDIT_ACTOR_PRINCIPAL_TYPES = [
32
32
  "user",
33
- "api_token",
33
+ "api_key",
34
34
  "system",
35
35
  "runtime"
36
36
  ];
@@ -42,7 +42,7 @@ export const SIDE_EFFECT_AUDIT_SOURCE_PLANES = [
42
42
  ];
43
43
  export const SIDE_EFFECT_AUDIT_AUTHENTICATION_KINDS = [
44
44
  "dashboard_auth",
45
- "api_token",
45
+ "api_key",
46
46
  "runner_token",
47
47
  "system"
48
48
  ];
@@ -63,7 +63,7 @@ export const SIDE_EFFECT_AUDIT_TARGET_TYPES = [
63
63
  "cleanup",
64
64
  "deletion",
65
65
  "terminal_redrive",
66
- "api_token"
66
+ "api_key"
67
67
  ];
68
68
  export const SIDE_EFFECT_AUDIT_OUTCOMES = [
69
69
  "accepted",
@@ -397,7 +397,7 @@ export interface RunMachine {
397
397
  /**
398
398
  * Wire shape posted by the SDK and CLI. `workspaceId` is **omitted by
399
399
  * design** — token-authenticated clients never name the workspace
400
- * because it is derived from their API token on the server. The BFF
400
+ * because it is derived from their API key on the server. The BFF
401
401
  * route resolves the workspace from the token and injects it before
402
402
  * calling the parser. The dashboard UI (Auth.js user principal,
403
403
  * multi-workspace) is the only caller that supplies `workspaceId`
package/dist/cli.mjs CHANGED
@@ -1581,12 +1581,12 @@ var encoder2 = new TextEncoder();
1581
1581
  // ../contracts/dist/http.js
1582
1582
  var HttpClient = class {
1583
1583
  #baseUrl;
1584
- #apiToken;
1584
+ #apiKey;
1585
1585
  #fetch;
1586
1586
  #debug;
1587
1587
  constructor(options) {
1588
- if (!options.apiToken) {
1589
- throw new Error("HttpClient: apiToken is required");
1588
+ if (!options.apiKey) {
1589
+ throw new Error("HttpClient: apiKey is required");
1590
1590
  }
1591
1591
  const raw = options.baseUrl ?? AEX_DEFAULT_BASE_URL;
1592
1592
  const normalized = raw.endsWith("/") ? raw : `${raw}/`;
@@ -1595,7 +1595,7 @@ var HttpClient = class {
1595
1595
  } catch (err2) {
1596
1596
  throw new Error(`HttpClient: invalid aex baseUrl ${JSON.stringify(redactUrl(raw))} \u2014 expected an absolute URL like "${AEX_DEFAULT_BASE_URL}"`, { cause: err2 });
1597
1597
  }
1598
- this.#apiToken = options.apiToken;
1598
+ this.#apiKey = options.apiKey;
1599
1599
  this.#fetch = options.fetch ?? fetch;
1600
1600
  this.#debug = options.debug;
1601
1601
  }
@@ -1610,7 +1610,7 @@ var HttpClient = class {
1610
1610
  }
1611
1611
  const headers = {
1612
1612
  accept: "application/json",
1613
- authorization: `Bearer ${this.#apiToken}`,
1613
+ authorization: `Bearer ${this.#apiKey}`,
1614
1614
  ...normalizeHeaders(init.headers)
1615
1615
  };
1616
1616
  if (init.body !== void 0 && init.body !== null && !headers["content-type"]) {
@@ -1639,7 +1639,7 @@ var HttpClient = class {
1639
1639
  url.searchParams.set(key, value);
1640
1640
  }
1641
1641
  const headers = {
1642
- authorization: `Bearer ${this.#apiToken}`,
1642
+ authorization: `Bearer ${this.#apiKey}`,
1643
1643
  ...normalizeHeaders(init.headers)
1644
1644
  };
1645
1645
  const startedMs = Date.now();
@@ -3252,7 +3252,7 @@ function isSessionOk(status2) {
3252
3252
  return status2 === "idle" || status2 === "suspended" || status2 === "succeeded";
3253
3253
  }
3254
3254
  function extractCommonHostFlags(argv) {
3255
- let apiToken = null;
3255
+ let apiKey = null;
3256
3256
  let aexUrl = null;
3257
3257
  let debug2 = false;
3258
3258
  const rest = [];
@@ -3262,11 +3262,11 @@ function extractCommonHostFlags(argv) {
3262
3262
  debug2 = true;
3263
3263
  continue;
3264
3264
  }
3265
- if (arg === "--api-token") {
3265
+ if (arg === "--api-key") {
3266
3266
  const v = argv[++i2];
3267
3267
  if (v === void 0)
3268
- return { ok: false, reason: "--api-token requires a value" };
3269
- apiToken = v;
3268
+ return { ok: false, reason: "--api-key requires a value" };
3269
+ apiKey = v;
3270
3270
  continue;
3271
3271
  }
3272
3272
  if (arg === "--aex-url") {
@@ -3279,18 +3279,18 @@ function extractCommonHostFlags(argv) {
3279
3279
  if (arg === "--workspace" || arg === "--workspace-id") {
3280
3280
  return {
3281
3281
  ok: false,
3282
- reason: `unknown flag ${arg}: workspace is derived from --api-token on the server; drop this flag`
3282
+ reason: `unknown flag ${arg}: workspace is derived from --api-key on the server; drop this flag`
3283
3283
  };
3284
3284
  }
3285
3285
  rest.push(arg);
3286
3286
  }
3287
- return { ok: true, flags: { apiToken, aexUrl, debug: debug2, rest } };
3287
+ return { ok: true, flags: { apiKey, aexUrl, debug: debug2, rest } };
3288
3288
  }
3289
3289
  async function resolveCommonHostFlags(io2, argv) {
3290
3290
  const extracted = extractCommonHostFlags(argv);
3291
3291
  if (!extracted.ok)
3292
3292
  return extracted;
3293
- const { apiToken: flagToken, aexUrl: flagUrl, debug: debug2, rest } = extracted.flags;
3293
+ const { apiKey: flagToken, aexUrl: flagUrl, debug: debug2, rest } = extracted.flags;
3294
3294
  let token = flagToken;
3295
3295
  let url = flagUrl;
3296
3296
  let source = flagToken ? "flag" : "none";
@@ -3298,8 +3298,8 @@ async function resolveCommonHostFlags(io2, argv) {
3298
3298
  if (!token && io2.configStore) {
3299
3299
  const stored = await io2.configStore.read();
3300
3300
  storedLocation = io2.configStore.location();
3301
- if (stored?.apiToken) {
3302
- token = stored.apiToken;
3301
+ if (stored?.apiKey) {
3302
+ token = stored.apiKey;
3303
3303
  source = "stored";
3304
3304
  if (!url && stored.aexUrl)
3305
3305
  url = stored.aexUrl;
@@ -3307,14 +3307,14 @@ async function resolveCommonHostFlags(io2, argv) {
3307
3307
  }
3308
3308
  const resolvedUrl = url ?? AEX_DEFAULT_BASE_URL;
3309
3309
  if (debug2) {
3310
- const where = source === "flag" ? "--api-token flag" : source === "stored" ? `stored token (${storedLocation})` : "none";
3310
+ const where = source === "flag" ? "--api-key flag" : source === "stored" ? `stored token (${storedLocation})` : "none";
3311
3311
  io2.stderr(`[aex] auth: ${where}; aex-url=${resolvedUrl}
3312
3312
  `);
3313
3313
  }
3314
3314
  if (!token) {
3315
- return { ok: false, reason: "no API token \u2014 pass --api-token or run `aex login`" };
3315
+ return { ok: false, reason: "no API key \u2014 pass --api-key or run `aex login`" };
3316
3316
  }
3317
- return { ok: true, flags: { apiToken: token, aexUrl: resolvedUrl, debug: debug2 }, rest };
3317
+ return { ok: true, flags: { apiKey: token, aexUrl: resolvedUrl, debug: debug2 }, rest };
3318
3318
  }
3319
3319
  function describeApiError(err2) {
3320
3320
  if (err2 instanceof AexApiError) {
@@ -3354,9 +3354,9 @@ function describeErrorBody(body) {
3354
3354
  }
3355
3355
  function remedyForStatus(status2) {
3356
3356
  if (status2 === 400)
3357
- return "malformed request \u2014 if this is an auth failure, check --api-token or run `aex login`";
3357
+ return "malformed request \u2014 if this is an auth failure, check --api-key or run `aex login`";
3358
3358
  if (status2 === 401)
3359
- return "check --api-token, or run `aex login`";
3359
+ return "check --api-key, or run `aex login`";
3360
3360
  if (status2 === 403)
3361
3361
  return "token lacks permission for this workspace/action";
3362
3362
  if (status2 === 404)
@@ -3428,7 +3428,7 @@ function levenshtein(a, b) {
3428
3428
  function makeHttpClient(io2, flags) {
3429
3429
  return new HttpClient({
3430
3430
  baseUrl: flags.aexUrl,
3431
- apiToken: flags.apiToken,
3431
+ apiKey: flags.apiKey,
3432
3432
  fetch: io2.fetchImpl,
3433
3433
  // `--debug`: route the transport's redacted per-request traces to stderr.
3434
3434
  ...flags.debug ? { debug: (line) => io2.stderr(`${line}
@@ -5335,7 +5335,7 @@ function makeAwsSources(region) {
5335
5335
  }
5336
5336
  };
5337
5337
  }
5338
- var USAGE = "usage: aex debug <run-id> [--plane dev|prd] [--region eu-west-2] [--out dir] [--account <id>] [--cloudwatch] [--since <dur>] [--with-outputs]\n operator command \u2014 uses the standard AWS SDK credential chain (env/profile), NOT --api-token\n";
5338
+ var USAGE = "usage: aex debug <run-id> [--plane dev|prd] [--region eu-west-2] [--out dir] [--account <id>] [--cloudwatch] [--since <dur>] [--with-outputs]\n operator command \u2014 uses the standard AWS SDK credential chain (env/profile), NOT --api-key\n";
5339
5339
  async function runDebugCmd(io2, argv) {
5340
5340
  if (await refuseInsideManagedRun(io2, "debug"))
5341
5341
  return USAGE_ERR;
@@ -5437,19 +5437,19 @@ async function runLoginCmd(io2, argv) {
5437
5437
  `);
5438
5438
  return USAGE_ERR;
5439
5439
  }
5440
- const { apiToken, aexUrl, debug: debug2, rest } = extracted.flags;
5440
+ const { apiKey, aexUrl, debug: debug2, rest } = extracted.flags;
5441
5441
  const positional = rest.filter((a) => !a.startsWith("--"));
5442
5442
  if (positional.length > 0) {
5443
5443
  io2.stderr(`unexpected arguments: ${positional.join(" ")}
5444
5444
  `);
5445
5445
  return USAGE_ERR;
5446
5446
  }
5447
- if (!apiToken) {
5448
- io2.stderr("usage: aex login --api-token <token> [--aex-url <url>]\n");
5447
+ if (!apiKey) {
5448
+ io2.stderr("usage: aex login --api-key <token> [--aex-url <url>]\n");
5449
5449
  return USAGE_ERR;
5450
5450
  }
5451
5451
  const resolvedUrl = aexUrl ?? AEX_DEFAULT_BASE_URL;
5452
- const http = makeHttpClient(io2, { apiToken, aexUrl: resolvedUrl, debug: debug2 });
5452
+ const http = makeHttpClient(io2, { apiKey, aexUrl: resolvedUrl, debug: debug2 });
5453
5453
  let workspaceId;
5454
5454
  try {
5455
5455
  const me = await operations_exports.whoami(http);
@@ -5466,7 +5466,7 @@ async function runLoginCmd(io2, argv) {
5466
5466
  ...described.remedy ? { remedy: described.remedy } : {}
5467
5467
  });
5468
5468
  }
5469
- await io2.configStore.write({ schemaVersion: 1, apiToken, ...aexUrl ? { aexUrl: resolvedUrl } : {} });
5469
+ await io2.configStore.write({ schemaVersion: 1, apiKey, ...aexUrl ? { aexUrl: resolvedUrl } : {} });
5470
5470
  if (debug2)
5471
5471
  io2.stderr(`[aex] login: persisted to ${io2.configStore.location()}
5472
5472
  `);
@@ -5507,8 +5507,8 @@ async function runAuthStatusCmd(io2, argv) {
5507
5507
  return USAGE_ERR;
5508
5508
  }
5509
5509
  const stored = await io2.configStore.read();
5510
- const hasToken = Boolean(stored?.apiToken);
5511
- const tokenSuffix = hasToken ? stored.apiToken.slice(-4) : void 0;
5510
+ const hasToken = Boolean(stored?.apiKey);
5511
+ const tokenSuffix = hasToken ? stored.apiKey.slice(-4) : void 0;
5512
5512
  io2.stdout(JSON.stringify({
5513
5513
  configPath: io2.configStore.location(),
5514
5514
  hasToken,
@@ -6103,28 +6103,28 @@ async function dispatch(io2, args) {
6103
6103
  async function printGlobalHelp(io2) {
6104
6104
  io2.stdout("aex \u2014 unified CLI for the aex platform (mirrors the SDK 1:1)\n\n");
6105
6105
  io2.stdout("Usage:\n");
6106
- io2.stdout(" aex run --config <run.json> --<provider>-api-key K --api-token T [flags]\n");
6107
- io2.stdout(" aex run --model M --prompt P [--system S] [--mcp name=url ...] --<provider>-api-key K --api-token T [flags]\n");
6108
- io2.stdout(" aex status <session-id> --api-token T\n");
6109
- io2.stdout(" aex deliveries <session-id> --api-token T\n");
6110
- io2.stdout(" aex wait <session-id> [--timeout 8m] [--interval 2s] --api-token T\n");
6111
- io2.stdout(" aex events <session-id> [--follow] [--timeout 8m] --api-token T\n");
6112
- io2.stdout(" aex tail <session-id> [--json] [--filter <type|source>] [--logs] [--settle] [--timeout 8m] --api-token T\n");
6113
- io2.stdout(" aex inspect <session-id> [--json] [--filter <type|source>] [--logs] [--timeout 8m] --api-token T\n");
6114
- io2.stdout(" aex outputs <session-id> --api-token T\n");
6115
- io2.stdout(" aex download <session-id> [--only outputs|events|metadata] [--out path] --api-token T\n");
6116
- io2.stdout(" aex cancel <session-id> --api-token T\n");
6117
- io2.stdout(" aex delete <session-id> --api-token T\n");
6118
- io2.stdout(" aex delete-asset <assetId|hash> --api-token T\n");
6119
- io2.stdout(" aex runs [--limit N] [--since ISO] --api-token T List the workspace's runs (newest first, JSON)\n");
6120
- io2.stdout(" aex sessions [--limit N] --api-token T List the workspace's sessions (newest first, JSON)\n");
6121
- io2.stdout(" aex whoami --api-token T\n");
6122
- io2.stdout(" aex billing [--json] --api-token T Show prepaid balance, month spend, and spend cap\n");
6123
- io2.stdout(" aex billing ledger [--limit N] --api-token T Recent credit-ledger entries (newest first, JSON)\n");
6124
- io2.stdout(" aex billing upgrade pro|team --api-token T Create a hosted checkout session and print its URL\n");
6125
- io2.stdout(" aex billing portal --api-token T Create a hosted billing portal session and print its URL\n");
6126
- io2.stdout(" aex webhooks secret --api-token T Reveal (create on first use) the webhook signing secret\n");
6127
- io2.stdout(" aex login --api-token T [--aex-url U] Persist token + url (then other verbs need no --api-token)\n");
6106
+ io2.stdout(" aex run --config <run.json> --<provider>-api-key K --api-key T [flags]\n");
6107
+ io2.stdout(" aex run --model M --prompt P [--system S] [--mcp name=url ...] --<provider>-api-key K --api-key T [flags]\n");
6108
+ io2.stdout(" aex status <session-id> --api-key T\n");
6109
+ io2.stdout(" aex deliveries <session-id> --api-key T\n");
6110
+ io2.stdout(" aex wait <session-id> [--timeout 8m] [--interval 2s] --api-key T\n");
6111
+ io2.stdout(" aex events <session-id> [--follow] [--timeout 8m] --api-key T\n");
6112
+ io2.stdout(" aex tail <session-id> [--json] [--filter <type|source>] [--logs] [--settle] [--timeout 8m] --api-key T\n");
6113
+ io2.stdout(" aex inspect <session-id> [--json] [--filter <type|source>] [--logs] [--timeout 8m] --api-key T\n");
6114
+ io2.stdout(" aex outputs <session-id> --api-key T\n");
6115
+ io2.stdout(" aex download <session-id> [--only outputs|events|metadata] [--out path] --api-key T\n");
6116
+ io2.stdout(" aex cancel <session-id> --api-key T\n");
6117
+ io2.stdout(" aex delete <session-id> --api-key T\n");
6118
+ io2.stdout(" aex delete-asset <assetId|hash> --api-key T\n");
6119
+ io2.stdout(" aex runs [--limit N] [--since ISO] --api-key T List the workspace's runs (newest first, JSON)\n");
6120
+ io2.stdout(" aex sessions [--limit N] --api-key T List the workspace's sessions (newest first, JSON)\n");
6121
+ io2.stdout(" aex whoami --api-key T\n");
6122
+ io2.stdout(" aex billing [--json] --api-key T Show prepaid balance, month spend, and spend cap\n");
6123
+ io2.stdout(" aex billing ledger [--limit N] --api-key T Recent credit-ledger entries (newest first, JSON)\n");
6124
+ io2.stdout(" aex billing upgrade pro|team --api-key T Create a hosted checkout session and print its URL\n");
6125
+ io2.stdout(" aex billing portal --api-key T Create a hosted billing portal session and print its URL\n");
6126
+ io2.stdout(" aex webhooks secret --api-key T Reveal (create on first use) the webhook signing secret\n");
6127
+ io2.stdout(" aex login --api-key T [--aex-url U] Persist token + url (then other verbs need no --api-key)\n");
6128
6128
  io2.stdout(" aex logout Clear the stored token\n");
6129
6129
  io2.stdout(" aex auth status Show the resolved config (token never printed)\n");
6130
6130
  io2.stdout(" aex models list [--json] List models + default provider (no token needed)\n");
@@ -6134,7 +6134,7 @@ async function printGlobalHelp(io2) {
6134
6134
  io2.stdout(" aex debug <run-id> [--plane dev|prd] [--region eu-west-2] [--cloudwatch] [--with-outputs] (operator; AWS creds)\n");
6135
6135
  io2.stdout(" aex --help\n\n");
6136
6136
  io2.stdout("Common flags on every host subcommand:\n");
6137
- io2.stdout(" --api-token <token> REQUIRED \u2014 aex SDK API token (workspace is derived from it)\n");
6137
+ io2.stdout(" --api-key <token> REQUIRED \u2014 aex SDK API key (workspace is derived from it)\n");
6138
6138
  io2.stdout(" --aex-url <url> Optional; defaults to https://api.aex.dev (local/staging/hosted plane)\n");
6139
6139
  io2.stdout(" --debug Optional; print a redacted per-request trace to stderr (uploads nothing)\n\n");
6140
6140
  io2.stdout("aex run flags:\n");
@@ -1 +1 @@
1
- c8d969d9ee5c6e6bb2e0a642ba8adce0aa235ef2bba96b99d8832ae1957ed2a3 cli.mjs
1
+ 5e34d5001f6ad9cd7e95730c6b14e0a5ebce55d732b19288a95f04df76fba078 cli.mjs
package/dist/client.d.ts CHANGED
@@ -8,10 +8,8 @@ import { Secret } from "./secret.js";
8
8
  import { SkillTool } from "./skill-tool.js";
9
9
  import { Tool } from "./tool.js";
10
10
  export interface AexOptions {
11
- /** Workspace-scoped SDK API token. */
11
+ /** Workspace-scoped SDK API key. */
12
12
  readonly apiKey?: string;
13
- /** @deprecated Use `apiKey`; kept as a source-compatible alias during launch. */
14
- readonly apiToken?: string;
15
13
  /**
16
14
  * API plane root, e.g. `https://aex.example.com`. Optional —
17
15
  * defaults to the canonical hosted URL (`https://api.aex.dev`).
@@ -498,7 +496,7 @@ export declare class SecretsClient {
498
496
  * the dashboard BFF and operate on durable run records.
499
497
  *
500
498
  * The SDK never asks the caller for a workspace id — workspace identity
501
- * is derived server-side from the API token on every request. Use
499
+ * is derived server-side from the API key on every request. Use
502
500
  * `client.whoami()` if you want to introspect which workspace the
503
501
  * token resolves to.
504
502
  */
@@ -508,7 +506,7 @@ export declare class Aex {
508
506
  readonly files: FilesClient;
509
507
  readonly secrets: SecretsClient;
510
508
  readonly sessions: SessionClient;
511
- constructor(apiKey: string, options?: Omit<AexOptions, "apiKey" | "apiToken">);
509
+ constructor(apiKey: string, options?: Omit<AexOptions, "apiKey">);
512
510
  constructor(options: AexOptions);
513
511
  /**
514
512
  * Internal: satisfies the `SecretUploader` surface so a
package/dist/client.js CHANGED
@@ -889,7 +889,7 @@ function unwrapSecretValue(value) {
889
889
  * the dashboard BFF and operate on durable run records.
890
890
  *
891
891
  * The SDK never asks the caller for a workspace id — workspace identity
892
- * is derived server-side from the API token on every request. Use
892
+ * is derived server-side from the API key on every request. Use
893
893
  * `client.whoami()` if you want to introspect which workspace the
894
894
  * token resolves to.
895
895
  */
@@ -903,7 +903,7 @@ export class Aex {
903
903
  sessions;
904
904
  constructor(options, overrides = {}) {
905
905
  const resolved = typeof options === "string" ? { ...overrides, apiKey: options } : options;
906
- const apiKey = resolved.apiKey ?? resolved.apiToken;
906
+ const apiKey = resolved.apiKey;
907
907
  if (!apiKey) {
908
908
  // Typed so a caller catching AexError (the SDK's error base) catches a
909
909
  // missing credential too, instead of a bare Error slipping the taxonomy.
@@ -917,7 +917,7 @@ export class Aex {
917
917
  const retryingFetch = withRetry(baseFetch, resolved.retry);
918
918
  this.#http = new HttpClient({
919
919
  ...(resolved.baseUrl ? { baseUrl: resolved.baseUrl } : {}),
920
- apiToken: apiKey,
920
+ apiKey,
921
921
  fetch: retryingFetch,
922
922
  // Opt-in local diagnostics: emit a redacted per-request trace to
923
923
  // stderr. Uploads nothing. A caller wanting a custom sink can pass