npm - @agentic-patterns/runtime - Versions diffs - 0.1.4 → 0.1.5 - Mend

@agentic-patterns/runtime 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -912,28 +912,59 @@ declare class ClaudeCodeRunner implements RunnerProtocol {
 }
 /**
- * ClaudeCodeAPIRunner — API-only mode wrapper on ClaudeCodeRunner.
+ * ClaudeCodeAPIRunner — Claude Agent SDK in plain-API mode.
  *
- * Uses Claude Code under the hood but blocks all Code-native tools
- * (file, bash, agent, etc.) so the agent behaves like a plain Claude
- * API call with a system prompt injected. MCP tools from agent
- * capabilities remain available. Uses the same Max subscription OAuth token.
+ * The agent runs through the Claude Code subprocess but in a sandboxed
+ * configuration that strips everything CC-flavored:
  *
- * Named "ClaudeCodeAPIRunner" (not "ClaudeAPIRunner") because it still
- * runs through the Claude Code subprocess — a future ClaudeAPIRunner
- * may talk directly to the Claude API without the Code layer.
+ *   - System prompt: framework's, fully replacing CC's.
+ *   - Built-in tools (Read/Bash/Edit/...): disabled via `tools: []`.
+ *   - claude.ai connector MCP servers (Gmail/Calendar/Drive/...):
+ *     disabled by isolating CLAUDE_CONFIG_DIR to an ephemeral tmpdir.
+ *   - User/project settings, plugins, skills, hooks: not loaded
+ *     (settingSources defaults to []; new CLAUDE_CONFIG_DIR is empty).
+ *   - MCP servers from agent capabilities: still wired up.
+ *
+ * Auth: reads the Max-subscription OAuth token from the OS credential
+ * store and injects it via `CLAUDE_CODE_OAUTH_TOKEN`. This bypasses
+ * the binary's path-bound Keychain lookup (which would otherwise fail
+ * when CLAUDE_CONFIG_DIR is redirected) while preserving Max-sub auth.
+ *
+ * Currently macOS-only — credential lookup uses the `security` CLI.
+ * On other platforms, falls back to the parent ClaudeCodeRunner
+ * behavior (auth works, connectors leak — see ClaudeCodeRunner docs).
  *
  * Mirrors Python: agentic_patterns/core/systems/runners/claude_api.py
  */
+interface ClaudeCodeAPIRunnerOptions extends ClaudeCodeRunnerOptions {
+    /**
+     * Disable the OAuth-injection sandboxing path. When true, behaves
+     * like a stripped ClaudeCodeRunner with `tools: []` only — auth and
+     * connectors fall through to the binary's defaults.
+     *
+     * Useful for debugging or for environments where the OS credential
+     * store is unavailable.
+     */
+    disableSandbox?: boolean;
+    /**
+     * Tool names or `mcp__<server>` server-prefixes to additionally
+     * block via SDK `disallowedTools`. Rarely needed when sandboxing
+     * is enabled (connectors are already stripped via config isolation).
+     */
+    extraDisallowedTools?: string[];
+}
 /**
- * Runner that uses Claude Code SDK in API-only mode.
+ * Runner that uses the Claude Agent SDK as a plain Claude API call,
+ * sandboxed away from the user's Claude Code environment.
  *
- * Blocks all file/bash/agent tools so the agent behaves like a plain
- * Claude API call with the framework's system prompt. MCP tools from
- * agent capabilities remain available.
+ * Drops in for AgentRunner — both implement RunnerProtocol identically.
  */
 declare class ClaudeCodeAPIRunner extends ClaudeCodeRunner {
+    private readonly _disableSandbox;
+    private readonly _extraDisallowed;
+    private readonly _isolatedConfigDir;
+    constructor(opts?: ClaudeCodeAPIRunnerOptions);
     protected _buildOptions(agent: AgentLikeForBridge, options: RunOptions | undefined, context: {
         runId: string;
         traceId: string;
@@ -1165,7 +1196,16 @@ interface ClaudeCodeProviderOptions {
     defaults?: Partial<Options>;
     /** Include Claude Code's built-in tools (Read/Write/Bash/…). Default: false. */
     allowBuiltinTools?: boolean;
-    /** Max turns inside the SDK loop. Default: 1 (one Claude call per model step). */
+    /**
+     * Max turns inside the SDK loop. Default: 10.
+     *
+     * Within one `doGenerate`, Claude may emit prose-only on its first turn
+     * and produce a tool call on a later turn. `canUseTool` aborts on the
+     * first tool call regardless, so this only needs to be generous enough
+     * to allow "plan-then-tool" sequences. A too-low value causes the SDK
+     * to throw `Reached maximum number of turns` before Claude reaches any
+     * tool call.
+     */
     maxTurns?: number;
 }
 declare class ClaudeCodeLanguageModel implements LanguageModelV1 {
@@ -1249,12 +1289,20 @@ interface CreateRunnerOptions {
     /**
      * Explicit model id. Falls through to the provider's tier default.
      * Ignored if `runner` or `model` is set.
+     *
+     * When omitted, `process.env.AGENT_MODEL` is read as a default — this
+     * is the only way to pin an exact model from a `.env` file (e.g.
+     * `AGENT_MODEL=qwen3.6:27b` to use a model the framework's tier map
+     * doesn't list).
      */
     modelId?: string;
     /**
      * Cross-provider tier selector — "opus" | "sonnet" | "haiku". Resolved
      * via each `ProviderProtocol.tiers` map. Default: "sonnet".
      * Ignored if `modelId` is set.
+     *
+     * When omitted, `process.env.AGENT_TIER` is read as a default. Invalid
+     * values are silently ignored (fall through to the "sonnet" default).
      */
     tier?: ProviderTier;
     /**
@@ -3403,4 +3451,4 @@ declare class StdioAdapter {
     private _getConversation;
 }
-export { ANALYSIS, type AdminServiceProtocol, AgencyRuntime, type AgentAddress, type AgentBroadcastEvent, type AgentEvent, AgentEventBus, type AgentEventType, type AgentJoinEvent, type AgentLeaveEvent, type AgentLike, type AgentLikeForBridge, type AgentMessageEvent, AgentNode, type AgentNodeOptions, AgentRunner, type AgentStats, AgentStatsSchema, type ApprovalCallback, AuditGate, type AuditLogger, BATCH_WINDOW, type BackoffStrategy, type BaseEvent, BaseExporter, BaseGate, type BaseSandboxEvent, CLAUDE_CODE_HOOK_EVENTS, CalculatorToolbox, type CanonicalMessage, type CanonicalMessagePart, ClaudeCodeAPIRunner, type ClaudeCodeHookEvent, type ClaudeCodeHookName, ClaudeCodeLanguageModel, type ClaudeCodeProviderOptions, ClaudeCodeRunner, type ClaudeCodeRunnerOptions, CompositeRefinementEvaluator, ConsoleExporter, type ConsoleLogger, type Consolidator, Conversation, type ConversationEndEvent, type ConversationExitReason, ConversationLoop, type ConversationLoopOptions, type ConversationResult, type ConversationRunOptions, type ConversationStartEvent, type ConversationStoreProtocol, type ConversationSummary, ConversationSummarySchema, type CreateRunnerOptions, DEFAULT_GLOBAL_TIMEOUT, DEFAULT_IDLE_TIMEOUT, DEFAULT_MAX_TURNS, type DashboardStats, DashboardStatsSchema, type DateFilters, DateFiltersSchema, EVIDENCE_QUALITY, type ErrorEvent, EvaluatorChain, EvaluatorLoop, type EvaluatorLoopOptions, type EvaluatorRunOptions, EventBus, type EventHandlerFn, EventProfile, type Exchange, ExponentialBackoff, type Exporter, FixedBackoff, GATE_CATEGORY_NAMES, type Gate, GateAllow, GateBlock, GateCategory, GateModify, type GateResult, type GoalEvaluationResult, type GoalEvaluatorProtocol, type HealthPingEvent, type HealthPongEvent, HumanApprovalGate, INFORMATION_RETRIEVAL, INTENT_CLASSIFICATION, INTENT_ROUTING, InMemoryAdminService, InMemoryEventCollector, InProcessTransport, type IterationEndEvent, type IterationStartEvent, JitteredBackoff, type LLMCallEndEvent, type LLMCallStartEvent, LLMGoalEvaluator, type LLMGoalEvaluatorOptions, LLMRefinementEvaluator, type LLMRefinementEvaluatorOptions, type LangfuseClient, LangfuseExporter, type LangfuseObservation, type LangfuseSpan, MemoryStore, type MessageCancelEvent, type MessageChunkEvent, type MessageCompleteEvent, type MessageStartEvent, type MessageTemplate, MessagingToolbox, type MiddlewareFn, type MockCall, type MockResponse, MockRunner, type NodeLifecycleEvent, ORCHESTRATION, OTelExporter, type OTelSpan, OTelStatusCode, type OTelTracer, PROFILE_EVENT_TYPES, PROVIDERS, PROVIDER_PRIORITY, Parallel, type ParallelOptions, type ParallelResult, type PatternCompleteEvent, type PatternContext, type PatternEvent, type PatternHooks, type PatternIterationCompleteEvent, type PatternIterationStartEvent, type PatternProtocol, type PatternResult, type PatternRunOptions, type PatternStartEvent, type PatternStepCompleteEvent, type PatternStepErrorEvent, type PatternStepStartEvent, type ProviderProtocol, type ProviderTier, QUALITY_GATE, QUALITY_REVIEW, RESPONSE_SYNTHESIS, RETRIEVAL_STRATEGY, ROUTING, RateLimitGate, type ReasoningEvent, type Refinement, type RefinementEvaluator, type RefinementExitReason, type RefinementResult, type RetryExitReason, RetryLoop, type RetryLoopOptions, type RetryResult, type RetryRunOptions, type RubricCriterion, RubricEvaluator, type RunOptions, type RunResult, type RunnerProtocol, type RunnerSelection, type RunnerSource, type SSEEventName, SSEExporter, SSEFormatter, type SSEMapping, SSE_EVENT_NAMES, SafetyGate, type SandboxEvent, SandboxEventBus, type SandboxEventType, SelfEvalGoalEvaluator, Sequential, type SequentialOptions, type SequentialResult, SimpleGoalEvaluator, type SimpleGoalEvaluatorOptions, StdioAdapter, type Step, type StepResult, type StoredConversation, type StoredMessage, type StoredMessagePart, type StreamEvent, type SupportedProvider, type TaskAssignEvent, type TaskCreateEvent, type TaskExitReason, TaskLoop, type TaskLoopOptions, type TaskResult, type TaskRunOptions, type TaskState, type TaskUpdateEvent, type ThinkingStartEvent, TodoToolbox, type TokenUsageGroup, TokenUsageGroupSchema, type TokenUsageRow, TokenUsageRowSchema, type ToolAnalytics, ToolAnalyticsSchema, ToolCallBlocked, type ToolCallEndEvent, type ToolCallIntent, type ToolCallRecord, type ToolCallRejectedEvent, type ToolCallStartEvent, type ToolExecutor, type ToolProgressEvent, type ToolStats, ToolStatsSchema, type TraceEvent, TraceEventSchema, type TraceIteration, TraceIterationSchema, type TraceResponse, TraceResponseSchema, type TraceSummary, TraceSummarySchema, type Transport, type TransportMessage, type WeightedEvaluator, agentAddressToString, analystRole, anthropicProvider, buildAgentServers, buildCalculatorAgent, buildCapabilityServer, buildTodoAgent, buildWritingCoachAgent, claudeCode, collectByName, collectContents, convertHistory, coordinatorRole, createAgentAddress, createConsoleExporter, createEvent, createRunner, createStepResult, createToolboxExecutor, deepseekProvider, deserializeSandboxEvent, deserializeSandboxEventFromString, exchangeTotalTokens, executeStep, formatSSE, getAgentEventBus, getEventBus, googleProvider, groqProvider, isClaudeCodeHookName, makeStepName, mapClaudeCodeHookToAgentEvents, matchSubject, mistralProvider, ollamaProvider, openaiProvider, openrouterProvider, orchestratorRole, resolveMessage, resolveModelId, retrievalRole, serializeSandboxEvent, serializeSandboxEventToString, setAgentEventBus, setEventBus, subjectToRegex, subscribeProfile, subscribeProfiles, toSSEMapping, unsubscribeProfile, xaiProvider };
+export { ANALYSIS, type AdminServiceProtocol, AgencyRuntime, type AgentAddress, type AgentBroadcastEvent, type AgentEvent, AgentEventBus, type AgentEventType, type AgentJoinEvent, type AgentLeaveEvent, type AgentLike, type AgentLikeForBridge, type AgentMessageEvent, AgentNode, type AgentNodeOptions, AgentRunner, type AgentStats, AgentStatsSchema, type ApprovalCallback, AuditGate, type AuditLogger, BATCH_WINDOW, type BackoffStrategy, type BaseEvent, BaseExporter, BaseGate, type BaseSandboxEvent, CLAUDE_CODE_HOOK_EVENTS, CalculatorToolbox, type CanonicalMessage, type CanonicalMessagePart, ClaudeCodeAPIRunner, type ClaudeCodeAPIRunnerOptions, type ClaudeCodeHookEvent, type ClaudeCodeHookName, ClaudeCodeLanguageModel, type ClaudeCodeProviderOptions, ClaudeCodeRunner, type ClaudeCodeRunnerOptions, CompositeRefinementEvaluator, ConsoleExporter, type ConsoleLogger, type Consolidator, Conversation, type ConversationEndEvent, type ConversationExitReason, ConversationLoop, type ConversationLoopOptions, type ConversationResult, type ConversationRunOptions, type ConversationStartEvent, type ConversationStoreProtocol, type ConversationSummary, ConversationSummarySchema, type CreateRunnerOptions, DEFAULT_GLOBAL_TIMEOUT, DEFAULT_IDLE_TIMEOUT, DEFAULT_MAX_TURNS, type DashboardStats, DashboardStatsSchema, type DateFilters, DateFiltersSchema, EVIDENCE_QUALITY, type ErrorEvent, EvaluatorChain, EvaluatorLoop, type EvaluatorLoopOptions, type EvaluatorRunOptions, EventBus, type EventHandlerFn, EventProfile, type Exchange, ExponentialBackoff, type Exporter, FixedBackoff, GATE_CATEGORY_NAMES, type Gate, GateAllow, GateBlock, GateCategory, GateModify, type GateResult, type GoalEvaluationResult, type GoalEvaluatorProtocol, type HealthPingEvent, type HealthPongEvent, HumanApprovalGate, INFORMATION_RETRIEVAL, INTENT_CLASSIFICATION, INTENT_ROUTING, InMemoryAdminService, InMemoryEventCollector, InProcessTransport, type IterationEndEvent, type IterationStartEvent, JitteredBackoff, type LLMCallEndEvent, type LLMCallStartEvent, LLMGoalEvaluator, type LLMGoalEvaluatorOptions, LLMRefinementEvaluator, type LLMRefinementEvaluatorOptions, type LangfuseClient, LangfuseExporter, type LangfuseObservation, type LangfuseSpan, MemoryStore, type MessageCancelEvent, type MessageChunkEvent, type MessageCompleteEvent, type MessageStartEvent, type MessageTemplate, MessagingToolbox, type MiddlewareFn, type MockCall, type MockResponse, MockRunner, type NodeLifecycleEvent, ORCHESTRATION, OTelExporter, type OTelSpan, OTelStatusCode, type OTelTracer, PROFILE_EVENT_TYPES, PROVIDERS, PROVIDER_PRIORITY, Parallel, type ParallelOptions, type ParallelResult, type PatternCompleteEvent, type PatternContext, type PatternEvent, type PatternHooks, type PatternIterationCompleteEvent, type PatternIterationStartEvent, type PatternProtocol, type PatternResult, type PatternRunOptions, type PatternStartEvent, type PatternStepCompleteEvent, type PatternStepErrorEvent, type PatternStepStartEvent, type ProviderProtocol, type ProviderTier, QUALITY_GATE, QUALITY_REVIEW, RESPONSE_SYNTHESIS, RETRIEVAL_STRATEGY, ROUTING, RateLimitGate, type ReasoningEvent, type Refinement, type RefinementEvaluator, type RefinementExitReason, type RefinementResult, type RetryExitReason, RetryLoop, type RetryLoopOptions, type RetryResult, type RetryRunOptions, type RubricCriterion, RubricEvaluator, type RunOptions, type RunResult, type RunnerProtocol, type RunnerSelection, type RunnerSource, type SSEEventName, SSEExporter, SSEFormatter, type SSEMapping, SSE_EVENT_NAMES, SafetyGate, type SandboxEvent, SandboxEventBus, type SandboxEventType, SelfEvalGoalEvaluator, Sequential, type SequentialOptions, type SequentialResult, SimpleGoalEvaluator, type SimpleGoalEvaluatorOptions, StdioAdapter, type Step, type StepResult, type StoredConversation, type StoredMessage, type StoredMessagePart, type StreamEvent, type SupportedProvider, type TaskAssignEvent, type TaskCreateEvent, type TaskExitReason, TaskLoop, type TaskLoopOptions, type TaskResult, type TaskRunOptions, type TaskState, type TaskUpdateEvent, type ThinkingStartEvent, TodoToolbox, type TokenUsageGroup, TokenUsageGroupSchema, type TokenUsageRow, TokenUsageRowSchema, type ToolAnalytics, ToolAnalyticsSchema, ToolCallBlocked, type ToolCallEndEvent, type ToolCallIntent, type ToolCallRecord, type ToolCallRejectedEvent, type ToolCallStartEvent, type ToolExecutor, type ToolProgressEvent, type ToolStats, ToolStatsSchema, type TraceEvent, TraceEventSchema, type TraceIteration, TraceIterationSchema, type TraceResponse, TraceResponseSchema, type TraceSummary, TraceSummarySchema, type Transport, type TransportMessage, type WeightedEvaluator, agentAddressToString, analystRole, anthropicProvider, buildAgentServers, buildCalculatorAgent, buildCapabilityServer, buildTodoAgent, buildWritingCoachAgent, claudeCode, collectByName, collectContents, convertHistory, coordinatorRole, createAgentAddress, createConsoleExporter, createEvent, createRunner, createStepResult, createToolboxExecutor, deepseekProvider, deserializeSandboxEvent, deserializeSandboxEventFromString, exchangeTotalTokens, executeStep, formatSSE, getAgentEventBus, getEventBus, googleProvider, groqProvider, isClaudeCodeHookName, makeStepName, mapClaudeCodeHookToAgentEvents, matchSubject, mistralProvider, ollamaProvider, openaiProvider, openrouterProvider, orchestratorRole, resolveMessage, resolveModelId, retrievalRole, serializeSandboxEvent, serializeSandboxEventToString, setAgentEventBus, setEventBus, subjectToRegex, subscribeProfile, subscribeProfiles, toSSEMapping, unsubscribeProfile, xaiProvider };

package/dist/index.d.ts CHANGED Viewed

@@ -912,28 +912,59 @@ declare class ClaudeCodeRunner implements RunnerProtocol {
 }
 /**
- * ClaudeCodeAPIRunner — API-only mode wrapper on ClaudeCodeRunner.
+ * ClaudeCodeAPIRunner — Claude Agent SDK in plain-API mode.
  *
- * Uses Claude Code under the hood but blocks all Code-native tools
- * (file, bash, agent, etc.) so the agent behaves like a plain Claude
- * API call with a system prompt injected. MCP tools from agent
- * capabilities remain available. Uses the same Max subscription OAuth token.
+ * The agent runs through the Claude Code subprocess but in a sandboxed
+ * configuration that strips everything CC-flavored:
  *
- * Named "ClaudeCodeAPIRunner" (not "ClaudeAPIRunner") because it still
- * runs through the Claude Code subprocess — a future ClaudeAPIRunner
- * may talk directly to the Claude API without the Code layer.
+ *   - System prompt: framework's, fully replacing CC's.
+ *   - Built-in tools (Read/Bash/Edit/...): disabled via `tools: []`.
+ *   - claude.ai connector MCP servers (Gmail/Calendar/Drive/...):
+ *     disabled by isolating CLAUDE_CONFIG_DIR to an ephemeral tmpdir.
+ *   - User/project settings, plugins, skills, hooks: not loaded
+ *     (settingSources defaults to []; new CLAUDE_CONFIG_DIR is empty).
+ *   - MCP servers from agent capabilities: still wired up.
+ *
+ * Auth: reads the Max-subscription OAuth token from the OS credential
+ * store and injects it via `CLAUDE_CODE_OAUTH_TOKEN`. This bypasses
+ * the binary's path-bound Keychain lookup (which would otherwise fail
+ * when CLAUDE_CONFIG_DIR is redirected) while preserving Max-sub auth.
+ *
+ * Currently macOS-only — credential lookup uses the `security` CLI.
+ * On other platforms, falls back to the parent ClaudeCodeRunner
+ * behavior (auth works, connectors leak — see ClaudeCodeRunner docs).
  *
  * Mirrors Python: agentic_patterns/core/systems/runners/claude_api.py
  */
+interface ClaudeCodeAPIRunnerOptions extends ClaudeCodeRunnerOptions {
+    /**
+     * Disable the OAuth-injection sandboxing path. When true, behaves
+     * like a stripped ClaudeCodeRunner with `tools: []` only — auth and
+     * connectors fall through to the binary's defaults.
+     *
+     * Useful for debugging or for environments where the OS credential
+     * store is unavailable.
+     */
+    disableSandbox?: boolean;
+    /**
+     * Tool names or `mcp__<server>` server-prefixes to additionally
+     * block via SDK `disallowedTools`. Rarely needed when sandboxing
+     * is enabled (connectors are already stripped via config isolation).
+     */
+    extraDisallowedTools?: string[];
+}
 /**
- * Runner that uses Claude Code SDK in API-only mode.
+ * Runner that uses the Claude Agent SDK as a plain Claude API call,
+ * sandboxed away from the user's Claude Code environment.
  *
- * Blocks all file/bash/agent tools so the agent behaves like a plain
- * Claude API call with the framework's system prompt. MCP tools from
- * agent capabilities remain available.
+ * Drops in for AgentRunner — both implement RunnerProtocol identically.
  */
 declare class ClaudeCodeAPIRunner extends ClaudeCodeRunner {
+    private readonly _disableSandbox;
+    private readonly _extraDisallowed;
+    private readonly _isolatedConfigDir;
+    constructor(opts?: ClaudeCodeAPIRunnerOptions);
     protected _buildOptions(agent: AgentLikeForBridge, options: RunOptions | undefined, context: {
         runId: string;
         traceId: string;
@@ -1165,7 +1196,16 @@ interface ClaudeCodeProviderOptions {
     defaults?: Partial<Options>;
     /** Include Claude Code's built-in tools (Read/Write/Bash/…). Default: false. */
     allowBuiltinTools?: boolean;
-    /** Max turns inside the SDK loop. Default: 1 (one Claude call per model step). */
+    /**
+     * Max turns inside the SDK loop. Default: 10.
+     *
+     * Within one `doGenerate`, Claude may emit prose-only on its first turn
+     * and produce a tool call on a later turn. `canUseTool` aborts on the
+     * first tool call regardless, so this only needs to be generous enough
+     * to allow "plan-then-tool" sequences. A too-low value causes the SDK
+     * to throw `Reached maximum number of turns` before Claude reaches any
+     * tool call.
+     */
     maxTurns?: number;
 }
 declare class ClaudeCodeLanguageModel implements LanguageModelV1 {
@@ -1249,12 +1289,20 @@ interface CreateRunnerOptions {
     /**
      * Explicit model id. Falls through to the provider's tier default.
      * Ignored if `runner` or `model` is set.
+     *
+     * When omitted, `process.env.AGENT_MODEL` is read as a default — this
+     * is the only way to pin an exact model from a `.env` file (e.g.
+     * `AGENT_MODEL=qwen3.6:27b` to use a model the framework's tier map
+     * doesn't list).
      */
     modelId?: string;
     /**
      * Cross-provider tier selector — "opus" | "sonnet" | "haiku". Resolved
      * via each `ProviderProtocol.tiers` map. Default: "sonnet".
      * Ignored if `modelId` is set.
+     *
+     * When omitted, `process.env.AGENT_TIER` is read as a default. Invalid
+     * values are silently ignored (fall through to the "sonnet" default).
      */
     tier?: ProviderTier;
     /**
@@ -3403,4 +3451,4 @@ declare class StdioAdapter {
     private _getConversation;
 }
-export { ANALYSIS, type AdminServiceProtocol, AgencyRuntime, type AgentAddress, type AgentBroadcastEvent, type AgentEvent, AgentEventBus, type AgentEventType, type AgentJoinEvent, type AgentLeaveEvent, type AgentLike, type AgentLikeForBridge, type AgentMessageEvent, AgentNode, type AgentNodeOptions, AgentRunner, type AgentStats, AgentStatsSchema, type ApprovalCallback, AuditGate, type AuditLogger, BATCH_WINDOW, type BackoffStrategy, type BaseEvent, BaseExporter, BaseGate, type BaseSandboxEvent, CLAUDE_CODE_HOOK_EVENTS, CalculatorToolbox, type CanonicalMessage, type CanonicalMessagePart, ClaudeCodeAPIRunner, type ClaudeCodeHookEvent, type ClaudeCodeHookName, ClaudeCodeLanguageModel, type ClaudeCodeProviderOptions, ClaudeCodeRunner, type ClaudeCodeRunnerOptions, CompositeRefinementEvaluator, ConsoleExporter, type ConsoleLogger, type Consolidator, Conversation, type ConversationEndEvent, type ConversationExitReason, ConversationLoop, type ConversationLoopOptions, type ConversationResult, type ConversationRunOptions, type ConversationStartEvent, type ConversationStoreProtocol, type ConversationSummary, ConversationSummarySchema, type CreateRunnerOptions, DEFAULT_GLOBAL_TIMEOUT, DEFAULT_IDLE_TIMEOUT, DEFAULT_MAX_TURNS, type DashboardStats, DashboardStatsSchema, type DateFilters, DateFiltersSchema, EVIDENCE_QUALITY, type ErrorEvent, EvaluatorChain, EvaluatorLoop, type EvaluatorLoopOptions, type EvaluatorRunOptions, EventBus, type EventHandlerFn, EventProfile, type Exchange, ExponentialBackoff, type Exporter, FixedBackoff, GATE_CATEGORY_NAMES, type Gate, GateAllow, GateBlock, GateCategory, GateModify, type GateResult, type GoalEvaluationResult, type GoalEvaluatorProtocol, type HealthPingEvent, type HealthPongEvent, HumanApprovalGate, INFORMATION_RETRIEVAL, INTENT_CLASSIFICATION, INTENT_ROUTING, InMemoryAdminService, InMemoryEventCollector, InProcessTransport, type IterationEndEvent, type IterationStartEvent, JitteredBackoff, type LLMCallEndEvent, type LLMCallStartEvent, LLMGoalEvaluator, type LLMGoalEvaluatorOptions, LLMRefinementEvaluator, type LLMRefinementEvaluatorOptions, type LangfuseClient, LangfuseExporter, type LangfuseObservation, type LangfuseSpan, MemoryStore, type MessageCancelEvent, type MessageChunkEvent, type MessageCompleteEvent, type MessageStartEvent, type MessageTemplate, MessagingToolbox, type MiddlewareFn, type MockCall, type MockResponse, MockRunner, type NodeLifecycleEvent, ORCHESTRATION, OTelExporter, type OTelSpan, OTelStatusCode, type OTelTracer, PROFILE_EVENT_TYPES, PROVIDERS, PROVIDER_PRIORITY, Parallel, type ParallelOptions, type ParallelResult, type PatternCompleteEvent, type PatternContext, type PatternEvent, type PatternHooks, type PatternIterationCompleteEvent, type PatternIterationStartEvent, type PatternProtocol, type PatternResult, type PatternRunOptions, type PatternStartEvent, type PatternStepCompleteEvent, type PatternStepErrorEvent, type PatternStepStartEvent, type ProviderProtocol, type ProviderTier, QUALITY_GATE, QUALITY_REVIEW, RESPONSE_SYNTHESIS, RETRIEVAL_STRATEGY, ROUTING, RateLimitGate, type ReasoningEvent, type Refinement, type RefinementEvaluator, type RefinementExitReason, type RefinementResult, type RetryExitReason, RetryLoop, type RetryLoopOptions, type RetryResult, type RetryRunOptions, type RubricCriterion, RubricEvaluator, type RunOptions, type RunResult, type RunnerProtocol, type RunnerSelection, type RunnerSource, type SSEEventName, SSEExporter, SSEFormatter, type SSEMapping, SSE_EVENT_NAMES, SafetyGate, type SandboxEvent, SandboxEventBus, type SandboxEventType, SelfEvalGoalEvaluator, Sequential, type SequentialOptions, type SequentialResult, SimpleGoalEvaluator, type SimpleGoalEvaluatorOptions, StdioAdapter, type Step, type StepResult, type StoredConversation, type StoredMessage, type StoredMessagePart, type StreamEvent, type SupportedProvider, type TaskAssignEvent, type TaskCreateEvent, type TaskExitReason, TaskLoop, type TaskLoopOptions, type TaskResult, type TaskRunOptions, type TaskState, type TaskUpdateEvent, type ThinkingStartEvent, TodoToolbox, type TokenUsageGroup, TokenUsageGroupSchema, type TokenUsageRow, TokenUsageRowSchema, type ToolAnalytics, ToolAnalyticsSchema, ToolCallBlocked, type ToolCallEndEvent, type ToolCallIntent, type ToolCallRecord, type ToolCallRejectedEvent, type ToolCallStartEvent, type ToolExecutor, type ToolProgressEvent, type ToolStats, ToolStatsSchema, type TraceEvent, TraceEventSchema, type TraceIteration, TraceIterationSchema, type TraceResponse, TraceResponseSchema, type TraceSummary, TraceSummarySchema, type Transport, type TransportMessage, type WeightedEvaluator, agentAddressToString, analystRole, anthropicProvider, buildAgentServers, buildCalculatorAgent, buildCapabilityServer, buildTodoAgent, buildWritingCoachAgent, claudeCode, collectByName, collectContents, convertHistory, coordinatorRole, createAgentAddress, createConsoleExporter, createEvent, createRunner, createStepResult, createToolboxExecutor, deepseekProvider, deserializeSandboxEvent, deserializeSandboxEventFromString, exchangeTotalTokens, executeStep, formatSSE, getAgentEventBus, getEventBus, googleProvider, groqProvider, isClaudeCodeHookName, makeStepName, mapClaudeCodeHookToAgentEvents, matchSubject, mistralProvider, ollamaProvider, openaiProvider, openrouterProvider, orchestratorRole, resolveMessage, resolveModelId, retrievalRole, serializeSandboxEvent, serializeSandboxEventToString, setAgentEventBus, setEventBus, subjectToRegex, subscribeProfile, subscribeProfiles, toSSEMapping, unsubscribeProfile, xaiProvider };
+export { ANALYSIS, type AdminServiceProtocol, AgencyRuntime, type AgentAddress, type AgentBroadcastEvent, type AgentEvent, AgentEventBus, type AgentEventType, type AgentJoinEvent, type AgentLeaveEvent, type AgentLike, type AgentLikeForBridge, type AgentMessageEvent, AgentNode, type AgentNodeOptions, AgentRunner, type AgentStats, AgentStatsSchema, type ApprovalCallback, AuditGate, type AuditLogger, BATCH_WINDOW, type BackoffStrategy, type BaseEvent, BaseExporter, BaseGate, type BaseSandboxEvent, CLAUDE_CODE_HOOK_EVENTS, CalculatorToolbox, type CanonicalMessage, type CanonicalMessagePart, ClaudeCodeAPIRunner, type ClaudeCodeAPIRunnerOptions, type ClaudeCodeHookEvent, type ClaudeCodeHookName, ClaudeCodeLanguageModel, type ClaudeCodeProviderOptions, ClaudeCodeRunner, type ClaudeCodeRunnerOptions, CompositeRefinementEvaluator, ConsoleExporter, type ConsoleLogger, type Consolidator, Conversation, type ConversationEndEvent, type ConversationExitReason, ConversationLoop, type ConversationLoopOptions, type ConversationResult, type ConversationRunOptions, type ConversationStartEvent, type ConversationStoreProtocol, type ConversationSummary, ConversationSummarySchema, type CreateRunnerOptions, DEFAULT_GLOBAL_TIMEOUT, DEFAULT_IDLE_TIMEOUT, DEFAULT_MAX_TURNS, type DashboardStats, DashboardStatsSchema, type DateFilters, DateFiltersSchema, EVIDENCE_QUALITY, type ErrorEvent, EvaluatorChain, EvaluatorLoop, type EvaluatorLoopOptions, type EvaluatorRunOptions, EventBus, type EventHandlerFn, EventProfile, type Exchange, ExponentialBackoff, type Exporter, FixedBackoff, GATE_CATEGORY_NAMES, type Gate, GateAllow, GateBlock, GateCategory, GateModify, type GateResult, type GoalEvaluationResult, type GoalEvaluatorProtocol, type HealthPingEvent, type HealthPongEvent, HumanApprovalGate, INFORMATION_RETRIEVAL, INTENT_CLASSIFICATION, INTENT_ROUTING, InMemoryAdminService, InMemoryEventCollector, InProcessTransport, type IterationEndEvent, type IterationStartEvent, JitteredBackoff, type LLMCallEndEvent, type LLMCallStartEvent, LLMGoalEvaluator, type LLMGoalEvaluatorOptions, LLMRefinementEvaluator, type LLMRefinementEvaluatorOptions, type LangfuseClient, LangfuseExporter, type LangfuseObservation, type LangfuseSpan, MemoryStore, type MessageCancelEvent, type MessageChunkEvent, type MessageCompleteEvent, type MessageStartEvent, type MessageTemplate, MessagingToolbox, type MiddlewareFn, type MockCall, type MockResponse, MockRunner, type NodeLifecycleEvent, ORCHESTRATION, OTelExporter, type OTelSpan, OTelStatusCode, type OTelTracer, PROFILE_EVENT_TYPES, PROVIDERS, PROVIDER_PRIORITY, Parallel, type ParallelOptions, type ParallelResult, type PatternCompleteEvent, type PatternContext, type PatternEvent, type PatternHooks, type PatternIterationCompleteEvent, type PatternIterationStartEvent, type PatternProtocol, type PatternResult, type PatternRunOptions, type PatternStartEvent, type PatternStepCompleteEvent, type PatternStepErrorEvent, type PatternStepStartEvent, type ProviderProtocol, type ProviderTier, QUALITY_GATE, QUALITY_REVIEW, RESPONSE_SYNTHESIS, RETRIEVAL_STRATEGY, ROUTING, RateLimitGate, type ReasoningEvent, type Refinement, type RefinementEvaluator, type RefinementExitReason, type RefinementResult, type RetryExitReason, RetryLoop, type RetryLoopOptions, type RetryResult, type RetryRunOptions, type RubricCriterion, RubricEvaluator, type RunOptions, type RunResult, type RunnerProtocol, type RunnerSelection, type RunnerSource, type SSEEventName, SSEExporter, SSEFormatter, type SSEMapping, SSE_EVENT_NAMES, SafetyGate, type SandboxEvent, SandboxEventBus, type SandboxEventType, SelfEvalGoalEvaluator, Sequential, type SequentialOptions, type SequentialResult, SimpleGoalEvaluator, type SimpleGoalEvaluatorOptions, StdioAdapter, type Step, type StepResult, type StoredConversation, type StoredMessage, type StoredMessagePart, type StreamEvent, type SupportedProvider, type TaskAssignEvent, type TaskCreateEvent, type TaskExitReason, TaskLoop, type TaskLoopOptions, type TaskResult, type TaskRunOptions, type TaskState, type TaskUpdateEvent, type ThinkingStartEvent, TodoToolbox, type TokenUsageGroup, TokenUsageGroupSchema, type TokenUsageRow, TokenUsageRowSchema, type ToolAnalytics, ToolAnalyticsSchema, ToolCallBlocked, type ToolCallEndEvent, type ToolCallIntent, type ToolCallRecord, type ToolCallRejectedEvent, type ToolCallStartEvent, type ToolExecutor, type ToolProgressEvent, type ToolStats, ToolStatsSchema, type TraceEvent, TraceEventSchema, type TraceIteration, TraceIterationSchema, type TraceResponse, TraceResponseSchema, type TraceSummary, TraceSummarySchema, type Transport, type TransportMessage, type WeightedEvaluator, agentAddressToString, analystRole, anthropicProvider, buildAgentServers, buildCalculatorAgent, buildCapabilityServer, buildTodoAgent, buildWritingCoachAgent, claudeCode, collectByName, collectContents, convertHistory, coordinatorRole, createAgentAddress, createConsoleExporter, createEvent, createRunner, createStepResult, createToolboxExecutor, deepseekProvider, deserializeSandboxEvent, deserializeSandboxEventFromString, exchangeTotalTokens, executeStep, formatSSE, getAgentEventBus, getEventBus, googleProvider, groqProvider, isClaudeCodeHookName, makeStepName, mapClaudeCodeHookToAgentEvents, matchSubject, mistralProvider, ollamaProvider, openaiProvider, openrouterProvider, orchestratorRole, resolveMessage, resolveModelId, retrievalRole, serializeSandboxEvent, serializeSandboxEventToString, setAgentEventBus, setEventBus, subjectToRegex, subscribeProfile, subscribeProfiles, toSSEMapping, unsubscribeProfile, xaiProvider };

package/dist/index.js CHANGED Viewed

@@ -2114,24 +2114,60 @@ var ClaudeCodeRunner = class {
 };
 // src/runner/claude-code-api-runner.ts
-var BLOCKED_TOOLS = [
-  "Read",
-  "Write",
-  "Edit",
-  "Bash",
-  "Glob",
-  "Grep",
-  "Agent",
-  "NotebookEdit",
-  "TodoRead",
-  "TodoWrite",
-  "WebFetch",
-  "WebSearch"
-];
+import { execSync } from "child_process";
+import { mkdtempSync } from "fs";
+import { tmpdir } from "os";
+import { join } from "path";
+function loadMaxSubOAuth() {
+  if (process.platform !== "darwin") return null;
+  const user = process.env.USER;
+  if (!user) return null;
+  try {
+    const raw = execSync(
+      `security find-generic-password -a "${user}" -s "Claude Code-credentials" -w`,
+      { encoding: "utf8", stdio: ["ignore", "pipe", "ignore"] }
+    ).trim();
+    const parsed = JSON.parse(raw);
+    const oauth = parsed.claudeAiOauth;
+    if (!oauth?.accessToken) return null;
+    return oauth;
+  } catch {
+    return null;
+  }
+}
 var ClaudeCodeAPIRunner = class extends ClaudeCodeRunner {
+  _disableSandbox;
+  _extraDisallowed;
+  _isolatedConfigDir;
+  constructor(opts) {
+    super(opts);
+    this._disableSandbox = opts?.disableSandbox ?? false;
+    this._extraDisallowed = opts?.extraDisallowedTools ?? [];
+    this._isolatedConfigDir = this._disableSandbox ? null : mkdtempSync(join(tmpdir(), "ap-cc-api-"));
+  }
   _buildOptions(agent, options, context) {
     const sdkOpts = super._buildOptions(agent, options, context);
-    sdkOpts.disallowedTools = [...BLOCKED_TOOLS];
+    sdkOpts.tools = [];
+    if (this._extraDisallowed.length > 0) {
+      sdkOpts.disallowedTools = [
+        ...sdkOpts.disallowedTools ?? [],
+        ...this._extraDisallowed
+      ];
+    }
+    if (!this._disableSandbox && this._isolatedConfigDir) {
+      const oauth = loadMaxSubOAuth();
+      if (oauth) {
+        const baseEnv = Object.fromEntries(
+          Object.entries(process.env).filter(([, v]) => typeof v === "string")
+        );
+        sdkOpts.env = {
+          ...baseEnv,
+          ...sdkOpts.env ?? {},
+          CLAUDE_CONFIG_DIR: this._isolatedConfigDir,
+          CLAUDE_CODE_OAUTH_TOKEN: oauth.accessToken
+        };
+      }
+    }
     return sdkOpts;
   }
 };
@@ -2322,9 +2358,7 @@ function createToolboxExecutor(agent) {
         const actualName = name.includes("__") ? name.split("__").pop() : name;
         return tb.execute(actualName, args);
       }
-      throw new Error(
-        `Tool "${name}" not found. Available: ${[...lookup.keys()].join(", ")}`
-      );
+      throw new Error(`Tool "${name}" not found. Available: ${[...lookup.keys()].join(", ")}`);
     }
   };
 }
@@ -2800,7 +2834,7 @@ var ClaudeCodeLanguageModel = class {
     const sdkOptions = {
       ...this._opts.defaults ?? {},
       model: mapModel2(this.modelId) ?? this._opts.defaults?.model ?? this.modelId,
-      maxTurns: this._opts.maxTurns ?? 1,
+      maxTurns: this._opts.maxTurns ?? 10,
       permissionMode: "default",
       canUseTool
     };
@@ -2869,6 +2903,8 @@ function resolveModelId(provider, explicitModelId, tier = "sonnet") {
 // src/runner/create-runner.ts
 async function createRunner(opts = {}) {
   const verbose = opts.verbose ?? true;
+  const tier = opts.tier ?? envTier();
+  const modelId = opts.modelId ?? process.env.AGENT_MODEL;
   if (opts.runner) {
     return log(verbose, {
       runner: opts.runner,
@@ -2885,11 +2921,11 @@ async function createRunner(opts = {}) {
   }
   if (opts.provider) {
     const provider = PROVIDERS[opts.provider];
-    const modelId = resolveModelId(provider, opts.modelId, opts.tier);
-    const model = await provider.load(modelId);
+    const resolved = resolveModelId(provider, modelId, tier);
+    const model = await provider.load(resolved);
     return log(verbose, {
       runner: new AgentRunner(model, opts.eventBus),
-      reason: `using ${opts.provider} (explicit, model=${modelId})`,
+      reason: `using ${opts.provider} (explicit, model=${resolved})`,
       source: "explicit-provider"
     });
   }
@@ -2897,11 +2933,11 @@ async function createRunner(opts = {}) {
     const provider = PROVIDERS[name];
     const matchedEnv = provider.envVars.find((v) => process.env[v]);
     if (matchedEnv) {
-      const modelId = resolveModelId(provider, opts.modelId, opts.tier);
-      const model = await provider.load(modelId);
+      const resolved = resolveModelId(provider, modelId, tier);
+      const model = await provider.load(resolved);
       return log(verbose, {
         runner: new AgentRunner(model, opts.eventBus),
-        reason: `using ${name} (env ${matchedEnv}, model=${modelId})`,
+        reason: `using ${name} (env ${matchedEnv}, model=${resolved})`,
         source: `env-${name}`
       });
     }
@@ -2939,6 +2975,10 @@ async function createRunner(opts = {}) {
     ].join("\n")
   );
 }
+function envTier() {
+  const v = process.env.AGENT_TIER;
+  return v === "opus" || v === "sonnet" || v === "haiku" ? v : void 0;
+}
 function log(verbose, selection) {
   if (verbose) {
     process.stdout.write(`[runner] ${selection.reason}