@agentproto/adapter-claude-code 0.1.1 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CLAUDE-CODE.md +98 -4
- package/LICENSE +202 -21
- package/dist/index.mjs +147 -11
- package/dist/index.mjs.map +1 -1
- package/package.json +4 -3
package/CLAUDE-CODE.md
CHANGED
|
@@ -55,6 +55,15 @@ capabilities:
|
|
|
55
55
|
modes:
|
|
56
56
|
- id: default
|
|
57
57
|
description: Standard interactive mode with per-tool permission prompts.
|
|
58
|
+
- id: lean
|
|
59
|
+
description: >-
|
|
60
|
+
Drop Claude Code's bundled skills and workflows from context (built-in
|
|
61
|
+
slash commands stay typable but are hidden from the model). Plugins,
|
|
62
|
+
project `.claude/skills/`, and `.claude/commands/` are unaffected. The
|
|
63
|
+
wrapper has no CLI flag for this — the underlying `claude` binary reads
|
|
64
|
+
`CLAUDE_CODE_DISABLE_BUNDLED_SKILLS` directly, so this mode is env-only.
|
|
65
|
+
env:
|
|
66
|
+
CLAUDE_CODE_DISABLE_BUNDLED_SKILLS: "1"
|
|
58
67
|
- id: plan
|
|
59
68
|
description: Plan-only mode — Claude Code reasons and proposes but does not edit or run commands.
|
|
60
69
|
bin_args_append: ["--permission-mode", "plan"]
|
|
@@ -64,18 +73,103 @@ modes:
|
|
|
64
73
|
- id: bypass-permissions
|
|
65
74
|
description: Skip all permission prompts. Use only in trusted automation contexts.
|
|
66
75
|
bin_args_append: ["--permission-mode", "bypassPermissions"]
|
|
76
|
+
- id: moonshot
|
|
77
|
+
description: >-
|
|
78
|
+
Moonshot (Kimi) gateway. Pre-wires ANTHROPIC_BASE_URL to Moonshot's
|
|
79
|
+
Anthropic-compatible endpoint and scrubs the ambient ANTHROPIC_API_KEY
|
|
80
|
+
(via env_unset) so it can't leak to the third-party host. Supply the
|
|
81
|
+
Moonshot key via the `auth_token` option and pick a model via `model`
|
|
82
|
+
(conventional: 'kimi-k2.7-code'). Without auth_token the spawn has no
|
|
83
|
+
credentials and fails cleanly.
|
|
84
|
+
env:
|
|
85
|
+
ANTHROPIC_BASE_URL: https://api.moonshot.ai/anthropic
|
|
86
|
+
env_unset:
|
|
87
|
+
- ANTHROPIC_API_KEY
|
|
88
|
+
- CLAUDE_CODE_USE_BEDROCK
|
|
89
|
+
- CLAUDE_CODE_USE_VERTEX
|
|
90
|
+
- CLAUDE_CODE_USE_FOUNDRY
|
|
91
|
+
- CLAUDE_CODE_USE_ANTHROPIC_AWS
|
|
92
|
+
- CLAUDE_CODE_USE_MANTLE
|
|
93
|
+
- CLAUDE_CODE_USE_GATEWAY
|
|
94
|
+
- id: openrouter
|
|
95
|
+
description: >-
|
|
96
|
+
OpenRouter gateway. Pre-wires ANTHROPIC_BASE_URL to OpenRouter's
|
|
97
|
+
Anthropic-compatible endpoint and scrubs the ambient ANTHROPIC_API_KEY
|
|
98
|
+
(same auth-hygiene rationale as `moonshot`). Pick a model via `model`
|
|
99
|
+
(e.g. 'z-ai/glm-5.2', 'moonshotai/kimi-k2') and supply the OpenRouter
|
|
100
|
+
key via `auth_token`.
|
|
101
|
+
env:
|
|
102
|
+
ANTHROPIC_BASE_URL: https://openrouter.ai/api/v1
|
|
103
|
+
env_unset:
|
|
104
|
+
- ANTHROPIC_API_KEY
|
|
105
|
+
- CLAUDE_CODE_USE_BEDROCK
|
|
106
|
+
- CLAUDE_CODE_USE_VERTEX
|
|
107
|
+
- CLAUDE_CODE_USE_FOUNDRY
|
|
108
|
+
- CLAUDE_CODE_USE_ANTHROPIC_AWS
|
|
109
|
+
- CLAUDE_CODE_USE_MANTLE
|
|
110
|
+
- CLAUDE_CODE_USE_GATEWAY
|
|
111
|
+
- id: deepseek
|
|
112
|
+
description: >-
|
|
113
|
+
DeepSeek gateway. Pre-wires ANTHROPIC_BASE_URL to DeepSeek's
|
|
114
|
+
Anthropic-compatible endpoint and scrubs the ambient ANTHROPIC_API_KEY
|
|
115
|
+
(same auth-hygiene rationale as `moonshot`/`openrouter`). Pick a model
|
|
116
|
+
via `model` (conventional: 'deepseek-v4-pro', 'deepseek-v4-flash') and
|
|
117
|
+
supply the DeepSeek key via `auth_token`.
|
|
118
|
+
env:
|
|
119
|
+
ANTHROPIC_BASE_URL: https://api.deepseek.com/anthropic
|
|
120
|
+
env_unset:
|
|
121
|
+
- ANTHROPIC_API_KEY
|
|
122
|
+
- CLAUDE_CODE_USE_BEDROCK
|
|
123
|
+
- CLAUDE_CODE_USE_VERTEX
|
|
124
|
+
- CLAUDE_CODE_USE_FOUNDRY
|
|
125
|
+
- CLAUDE_CODE_USE_ANTHROPIC_AWS
|
|
126
|
+
- CLAUDE_CODE_USE_MANTLE
|
|
127
|
+
- CLAUDE_CODE_USE_GATEWAY
|
|
67
128
|
options:
|
|
68
129
|
- id: model
|
|
69
|
-
type:
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
130
|
+
type: string
|
|
131
|
+
description: >-
|
|
132
|
+
Anthropic model ID or wrapper alias (e.g. 'claude-sonnet-5', 'sonnet',
|
|
133
|
+
'opus'), applied via ACP session/set_config_option after the session is
|
|
134
|
+
created. An id the wrapper can't resolve is warned about and ignored
|
|
135
|
+
(the session keeps the claude-code default). Omit to use the default.
|
|
136
|
+
Required for non-Claude models reached through a gateway mode
|
|
137
|
+
(e.g. 'deepseek-v4-pro' under `deepseek`, 'kimi-k2.7-code' under `moonshot`).
|
|
73
138
|
- id: max_turns
|
|
74
139
|
type: integer
|
|
75
140
|
min: 1
|
|
76
141
|
max: 200
|
|
77
142
|
description: Hard cap on tool-use turns within a single send. Claude Code stops after this many cycles.
|
|
78
143
|
bin_args_template: ["--max-turns", "{value}"]
|
|
144
|
+
- id: base_url
|
|
145
|
+
type: string
|
|
146
|
+
description: >-
|
|
147
|
+
Custom Anthropic base URL, injected as ANTHROPIC_BASE_URL. Front real
|
|
148
|
+
Anthropic, Bedrock/Vertex/Azure, or an Anthropic-compatible gateway.
|
|
149
|
+
Setting it auto-scrubs the ambient ANTHROPIC_API_KEY and all cloud-provider
|
|
150
|
+
toggles (Bedrock/Vertex/Foundry/Mantle) so it can't leak to a third-party
|
|
151
|
+
host — pair with `auth_token` to supply a per-spawn gateway key. The
|
|
152
|
+
`moonshot`/`openrouter`/`deepseek` modes are pre-wired presets over this
|
|
153
|
+
same shape.
|
|
154
|
+
env:
|
|
155
|
+
ANTHROPIC_BASE_URL: "{value}"
|
|
156
|
+
env_unset:
|
|
157
|
+
- ANTHROPIC_API_KEY
|
|
158
|
+
- CLAUDE_CODE_USE_BEDROCK
|
|
159
|
+
- CLAUDE_CODE_USE_VERTEX
|
|
160
|
+
- CLAUDE_CODE_USE_FOUNDRY
|
|
161
|
+
- CLAUDE_CODE_USE_ANTHROPIC_AWS
|
|
162
|
+
- CLAUDE_CODE_USE_MANTLE
|
|
163
|
+
- CLAUDE_CODE_USE_GATEWAY
|
|
164
|
+
- id: auth_token
|
|
165
|
+
type: string
|
|
166
|
+
description: >-
|
|
167
|
+
Bearer token for the Anthropic API or a compatible gateway, injected as
|
|
168
|
+
ANTHROPIC_AUTH_TOKEN (sent as `Authorization: Bearer`). Pair with
|
|
169
|
+
`base_url` (or a `moonshot`/`openrouter`/`deepseek` mode) to target a
|
|
170
|
+
gateway with a per-spawn key instead of the ambient ANTHROPIC_API_KEY.
|
|
171
|
+
env:
|
|
172
|
+
ANTHROPIC_AUTH_TOKEN: "{value}"
|
|
79
173
|
continuation:
|
|
80
174
|
# `native-resume` is the right default now that the wrapper supports
|
|
81
175
|
# `loadSession`: each turn cold-spawns claude with no overhead, then
|
package/LICENSE
CHANGED
|
@@ -1,21 +1,202 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
1
|
+
|
|
2
|
+
Apache License
|
|
3
|
+
Version 2.0, January 2004
|
|
4
|
+
http://www.apache.org/licenses/
|
|
5
|
+
|
|
6
|
+
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
|
7
|
+
|
|
8
|
+
1. Definitions.
|
|
9
|
+
|
|
10
|
+
"License" shall mean the terms and conditions for use, reproduction,
|
|
11
|
+
and distribution as defined by Sections 1 through 9 of this document.
|
|
12
|
+
|
|
13
|
+
"Licensor" shall mean the copyright owner or entity authorized by
|
|
14
|
+
the copyright owner that is granting the License.
|
|
15
|
+
|
|
16
|
+
"Legal Entity" shall mean the union of the acting entity and all
|
|
17
|
+
other entities that control, are controlled by, or are under common
|
|
18
|
+
control with that entity. For the purposes of this definition,
|
|
19
|
+
"control" means (i) the power, direct or indirect, to cause the
|
|
20
|
+
direction or management of such entity, whether by contract or
|
|
21
|
+
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
|
22
|
+
outstanding shares, or (iii) beneficial ownership of such entity.
|
|
23
|
+
|
|
24
|
+
"You" (or "Your") shall mean an individual or Legal Entity
|
|
25
|
+
exercising permissions granted by this License.
|
|
26
|
+
|
|
27
|
+
"Source" form shall mean the preferred form for making modifications,
|
|
28
|
+
including but not limited to software source code, documentation
|
|
29
|
+
source, and configuration files.
|
|
30
|
+
|
|
31
|
+
"Object" form shall mean any form resulting from mechanical
|
|
32
|
+
transformation or translation of a Source form, including but
|
|
33
|
+
not limited to compiled object code, generated documentation,
|
|
34
|
+
and conversions to other media types.
|
|
35
|
+
|
|
36
|
+
"Work" shall mean the work of authorship, whether in Source or
|
|
37
|
+
Object form, made available under the License, as indicated by a
|
|
38
|
+
copyright notice that is included in or attached to the work
|
|
39
|
+
(an example is provided in the Appendix below).
|
|
40
|
+
|
|
41
|
+
"Derivative Works" shall mean any work, whether in Source or Object
|
|
42
|
+
form, that is based on (or derived from) the Work and for which the
|
|
43
|
+
editorial revisions, annotations, elaborations, or other modifications
|
|
44
|
+
represent, as a whole, an original work of authorship. For the purposes
|
|
45
|
+
of this License, Derivative Works shall not include works that remain
|
|
46
|
+
separable from, or merely link (or bind by name) to the interfaces of,
|
|
47
|
+
the Work and Derivative Works thereof.
|
|
48
|
+
|
|
49
|
+
"Contribution" shall mean any work of authorship, including
|
|
50
|
+
the original version of the Work and any modifications or additions
|
|
51
|
+
to that Work or Derivative Works thereof, that is intentionally
|
|
52
|
+
submitted to Licensor for inclusion in the Work by the copyright owner
|
|
53
|
+
or by an individual or Legal Entity authorized to submit on behalf of
|
|
54
|
+
the copyright owner. For the purposes of this definition, "submitted"
|
|
55
|
+
means any form of electronic, verbal, or written communication sent
|
|
56
|
+
to the Licensor or its representatives, including but not limited to
|
|
57
|
+
communication on electronic mailing lists, source code control systems,
|
|
58
|
+
and issue tracking systems that are managed by, or on behalf of, the
|
|
59
|
+
Licensor for the purpose of discussing and improving the Work, but
|
|
60
|
+
excluding communication that is conspicuously marked or otherwise
|
|
61
|
+
designated in writing by the copyright owner as "Not a Contribution."
|
|
62
|
+
|
|
63
|
+
"Contributor" shall mean Licensor and any individual or Legal Entity
|
|
64
|
+
on behalf of whom a Contribution has been received by Licensor and
|
|
65
|
+
subsequently incorporated within the Work.
|
|
66
|
+
|
|
67
|
+
2. Grant of Copyright License. Subject to the terms and conditions of
|
|
68
|
+
this License, each Contributor hereby grants to You a perpetual,
|
|
69
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
|
70
|
+
copyright license to reproduce, prepare Derivative Works of,
|
|
71
|
+
publicly display, publicly perform, sublicense, and distribute the
|
|
72
|
+
Work and such Derivative Works in Source or Object form.
|
|
73
|
+
|
|
74
|
+
3. Grant of Patent License. Subject to the terms and conditions of
|
|
75
|
+
this License, each Contributor hereby grants to You a perpetual,
|
|
76
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
|
77
|
+
(except as stated in this section) patent license to make, have made,
|
|
78
|
+
use, offer to sell, sell, import, and otherwise transfer the Work,
|
|
79
|
+
where such license applies only to those patent claims licensable
|
|
80
|
+
by such Contributor that are necessarily infringed by their
|
|
81
|
+
Contribution(s) alone or by combination of their Contribution(s)
|
|
82
|
+
with the Work to which such Contribution(s) was submitted. If You
|
|
83
|
+
institute patent litigation against any entity (including a
|
|
84
|
+
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
|
85
|
+
or a Contribution incorporated within the Work constitutes direct
|
|
86
|
+
or contributory patent infringement, then any patent licenses
|
|
87
|
+
granted to You under this License for that Work shall terminate
|
|
88
|
+
as of the date such litigation is filed.
|
|
89
|
+
|
|
90
|
+
4. Redistribution. You may reproduce and distribute copies of the
|
|
91
|
+
Work or Derivative Works thereof in any medium, with or without
|
|
92
|
+
modifications, and in Source or Object form, provided that You
|
|
93
|
+
meet the following conditions:
|
|
94
|
+
|
|
95
|
+
(a) You must give any other recipients of the Work or
|
|
96
|
+
Derivative Works a copy of this License; and
|
|
97
|
+
|
|
98
|
+
(b) You must cause any modified files to carry prominent notices
|
|
99
|
+
stating that You changed the files; and
|
|
100
|
+
|
|
101
|
+
(c) You must retain, in the Source form of any Derivative Works
|
|
102
|
+
that You distribute, all copyright, patent, trademark, and
|
|
103
|
+
attribution notices from the Source form of the Work,
|
|
104
|
+
excluding those notices that do not pertain to any part of
|
|
105
|
+
the Derivative Works; and
|
|
106
|
+
|
|
107
|
+
(d) If the Work includes a "NOTICE" text file as part of its
|
|
108
|
+
distribution, then any Derivative Works that You distribute must
|
|
109
|
+
include a readable copy of the attribution notices contained
|
|
110
|
+
within such NOTICE file, excluding those notices that do not
|
|
111
|
+
pertain to any part of the Derivative Works, in at least one
|
|
112
|
+
of the following places: within a NOTICE text file distributed
|
|
113
|
+
as part of the Derivative Works; within the Source form or
|
|
114
|
+
documentation, if provided along with the Derivative Works; or,
|
|
115
|
+
within a display generated by the Derivative Works, if and
|
|
116
|
+
wherever such third-party notices normally appear. The contents
|
|
117
|
+
of the NOTICE file are for informational purposes only and
|
|
118
|
+
do not modify the License. You may add Your own attribution
|
|
119
|
+
notices within Derivative Works that You distribute, alongside
|
|
120
|
+
or as an addendum to the NOTICE text from the Work, provided
|
|
121
|
+
that such additional attribution notices cannot be construed
|
|
122
|
+
as modifying the License.
|
|
123
|
+
|
|
124
|
+
You may add Your own copyright statement to Your modifications and
|
|
125
|
+
may provide additional or different license terms and conditions
|
|
126
|
+
for use, reproduction, or distribution of Your modifications, or
|
|
127
|
+
for any such Derivative Works as a whole, provided Your use,
|
|
128
|
+
reproduction, and distribution of the Work otherwise complies with
|
|
129
|
+
the conditions stated in this License.
|
|
130
|
+
|
|
131
|
+
5. Submission of Contributions. Unless You explicitly state otherwise,
|
|
132
|
+
any Contribution intentionally submitted for inclusion in the Work
|
|
133
|
+
by You to the Licensor shall be under the terms and conditions of
|
|
134
|
+
this License, without any additional terms or conditions.
|
|
135
|
+
Notwithstanding the above, nothing herein shall supersede or modify
|
|
136
|
+
the terms of any separate license agreement you may have executed
|
|
137
|
+
with Licensor regarding such Contributions.
|
|
138
|
+
|
|
139
|
+
6. Trademarks. This License does not grant permission to use the trade
|
|
140
|
+
names, trademarks, service marks, or product names of the Licensor,
|
|
141
|
+
except as required for reasonable and customary use in describing the
|
|
142
|
+
origin of the Work and reproducing the content of the NOTICE file.
|
|
143
|
+
|
|
144
|
+
7. Disclaimer of Warranty. Unless required by applicable law or
|
|
145
|
+
agreed to in writing, Licensor provides the Work (and each
|
|
146
|
+
Contributor provides its Contributions) on an "AS IS" BASIS,
|
|
147
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
148
|
+
implied, including, without limitation, any warranties or conditions
|
|
149
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
|
150
|
+
PARTICULAR PURPOSE. You are solely responsible for determining the
|
|
151
|
+
appropriateness of using or redistributing the Work and assume any
|
|
152
|
+
risks associated with Your exercise of permissions under this License.
|
|
153
|
+
|
|
154
|
+
8. Limitation of Liability. In no event and under no legal theory,
|
|
155
|
+
whether in tort (including negligence), contract, or otherwise,
|
|
156
|
+
unless required by applicable law (such as deliberate and grossly
|
|
157
|
+
negligent acts) or agreed to in writing, shall any Contributor be
|
|
158
|
+
liable to You for damages, including any direct, indirect, special,
|
|
159
|
+
incidental, or consequential damages of any character arising as a
|
|
160
|
+
result of this License or out of the use or inability to use the
|
|
161
|
+
Work (including but not limited to damages for loss of goodwill,
|
|
162
|
+
work stoppage, computer failure or malfunction, or any and all
|
|
163
|
+
other commercial damages or losses), even if such Contributor
|
|
164
|
+
has been advised of the possibility of such damages.
|
|
165
|
+
|
|
166
|
+
9. Accepting Warranty or Additional Liability. While redistributing
|
|
167
|
+
the Work or Derivative Works thereof, You may choose to offer,
|
|
168
|
+
and charge a fee for, acceptance of support, warranty, indemnity,
|
|
169
|
+
or other liability obligations and/or rights consistent with this
|
|
170
|
+
License. However, in accepting such obligations, You may act only
|
|
171
|
+
on Your own behalf and on Your sole responsibility, not on behalf
|
|
172
|
+
of any other Contributor, and only if You agree to indemnify,
|
|
173
|
+
defend, and hold each Contributor harmless for any liability
|
|
174
|
+
incurred by, or claims asserted against, such Contributor by reason
|
|
175
|
+
of your accepting any such warranty or additional liability.
|
|
176
|
+
|
|
177
|
+
END OF TERMS AND CONDITIONS
|
|
178
|
+
|
|
179
|
+
APPENDIX: How to apply the Apache License to your work.
|
|
180
|
+
|
|
181
|
+
To apply the Apache License to your work, attach the following
|
|
182
|
+
boilerplate notice, with the fields enclosed by brackets "[]"
|
|
183
|
+
replaced with your own identifying information. (Don't include
|
|
184
|
+
the brackets!) The text should be enclosed in the appropriate
|
|
185
|
+
comment syntax for the file format. We also recommend that a
|
|
186
|
+
file or class name and description of purpose be included on the
|
|
187
|
+
same "printed page" as the copyright notice for easier
|
|
188
|
+
identification within third-party archives.
|
|
189
|
+
|
|
190
|
+
Copyright [yyyy] [name of copyright owner]
|
|
191
|
+
|
|
192
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
|
193
|
+
you may not use this file except in compliance with the License.
|
|
194
|
+
You may obtain a copy of the License at
|
|
195
|
+
|
|
196
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
|
197
|
+
|
|
198
|
+
Unless required by applicable law or agreed to in writing, software
|
|
199
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
|
200
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
201
|
+
See the License for the specific language governing permissions and
|
|
202
|
+
limitations under the License.
|
package/dist/index.mjs
CHANGED
|
@@ -1,10 +1,23 @@
|
|
|
1
1
|
import { defineAgentCli, createAgentCliRuntime } from '@agentproto/driver-agent-cli';
|
|
2
|
+
import { ANTHROPIC_CORE_SCRUB_ENV, ANTHROPIC_GATEWAY_PRESETS } from '@agentproto/provider-presets';
|
|
2
3
|
|
|
3
4
|
/**
|
|
4
5
|
* @agentproto/adapter-claude-code v0.1.0-alpha
|
|
5
6
|
* AIP-45 adapter for Anthropic's Claude Code via @agentclientprotocol/claude-agent-acp.
|
|
6
7
|
*/
|
|
7
8
|
|
|
9
|
+
var CLAUDE_CODE_CLOUD_TOGGLES = [
|
|
10
|
+
"CLAUDE_CODE_USE_BEDROCK",
|
|
11
|
+
"CLAUDE_CODE_USE_VERTEX",
|
|
12
|
+
"CLAUDE_CODE_USE_FOUNDRY",
|
|
13
|
+
"CLAUDE_CODE_USE_ANTHROPIC_AWS",
|
|
14
|
+
"CLAUDE_CODE_USE_MANTLE",
|
|
15
|
+
"CLAUDE_CODE_USE_GATEWAY"
|
|
16
|
+
];
|
|
17
|
+
var CLAUDE_CODE_GATEWAY_ENV_UNSET = [
|
|
18
|
+
...ANTHROPIC_CORE_SCRUB_ENV,
|
|
19
|
+
...CLAUDE_CODE_CLOUD_TOGGLES
|
|
20
|
+
];
|
|
8
21
|
var claudeCode = defineAgentCli({
|
|
9
22
|
name: "claude-code",
|
|
10
23
|
id: "claude-code",
|
|
@@ -29,6 +42,40 @@ var claudeCode = defineAgentCli({
|
|
|
29
42
|
ref: "./SECRETS.md",
|
|
30
43
|
state: { env: ["ANTHROPIC_API_KEY"] }
|
|
31
44
|
},
|
|
45
|
+
// Deterministic billing-auth (subscription vs api-key), resolved by the
|
|
46
|
+
// runtime (@agentproto/runtime's resolveAuthSpec) and applied MECHANICALLY
|
|
47
|
+
// by the driver. EXPLICIT credential selection, not scrub-by-absence: the
|
|
48
|
+
// resolver SETS exactly one credential env var (from a named config/store
|
|
49
|
+
// ref, never the ambient shell) and SCRUBS the conflicting one(s), so which
|
|
50
|
+
// credential — and thus which billing — a spawn uses is *stated*, never
|
|
51
|
+
// inferred from whatever the daemon's launching shell exported (the outage
|
|
52
|
+
// this surface exists to prevent).
|
|
53
|
+
//
|
|
54
|
+
// provider "anthropic" ⇒ api-key mode SETS providerEnvVar("anthropic") =
|
|
55
|
+
// ANTHROPIC_API_KEY (derived from the catalog, not re-listed here) and
|
|
56
|
+
// scrubs the subscription-family creds (CLAUDE_CODE_OAUTH_TOKEN +
|
|
57
|
+
// ANTHROPIC_AUTH_TOKEN). authEnforce "always" preserves #312: claude-code
|
|
58
|
+
// engages on EVERY spawn and fails fast with no credential.
|
|
59
|
+
//
|
|
60
|
+
// authSubscription: "subscription" SETS CLAUDE_CODE_OAUTH_TOKEN to a bearer
|
|
61
|
+
// token minted via `claude setup-token` (bills Max/Pro, not API credits) —
|
|
62
|
+
// the var Claude Code documents for that token and the ONLY one that yields
|
|
63
|
+
// the clean native claude.ai-login path. (The same token as
|
|
64
|
+
// ANTHROPIC_AUTH_TOKEN authenticates but is treated as a generic override
|
|
65
|
+
// that disables connectors — the degraded path, so it's a `conflictEnv` to
|
|
66
|
+
// scrub, never the setEnv.) `conflictEnv` (ANTHROPIC_AUTH_TOKEN) is scrubbed
|
|
67
|
+
// in BOTH modes; `unsetEnvAdd` (cloud toggles + ANTHROPIC_BASE_URL) only in
|
|
68
|
+
// subscription (native) mode — matching #312's exact byte-for-byte scrub set
|
|
69
|
+
// in each mode (asserted by the regression snapshot test). ANTHROPIC_API_KEY
|
|
70
|
+
// is NOT listed in unsetEnvAdd because it derives from providerEnvVar and is
|
|
71
|
+
// scrubbed as the non-set credential automatically.
|
|
72
|
+
provider: "anthropic",
|
|
73
|
+
authEnforce: "always",
|
|
74
|
+
authSubscription: {
|
|
75
|
+
setEnv: "CLAUDE_CODE_OAUTH_TOKEN",
|
|
76
|
+
conflictEnv: ["ANTHROPIC_AUTH_TOKEN"],
|
|
77
|
+
unsetEnvAdd: [...CLAUDE_CODE_CLOUD_TOGGLES, "ANTHROPIC_BASE_URL"]
|
|
78
|
+
},
|
|
32
79
|
sandbox: "./SANDBOX.md",
|
|
33
80
|
protocol: "acp",
|
|
34
81
|
acp: "./claude-code-acp.ACP.md",
|
|
@@ -37,15 +84,20 @@ var claudeCode = defineAgentCli({
|
|
|
37
84
|
idle_timeout_ms: 18e5,
|
|
38
85
|
context_carryover: true
|
|
39
86
|
},
|
|
87
|
+
// Every id below is validated against the wrapper's live
|
|
88
|
+
// `session/new` → configOptions[model] selector: the wrapper resolves
|
|
89
|
+
// these (via its own `resolveModelPreference`) and rejects anything it
|
|
90
|
+
// can't — a rejected `session/set_config_option` used to kill the spawn
|
|
91
|
+
// (agentproto#186; the apply is now best-effort, see @agentproto/acp's
|
|
92
|
+
// newSession). Stale ids that the wrapper no longer offers were removed:
|
|
93
|
+
// `claude-sonnet-4-6` (the old default), `claude-opus-4-7`, `claude-opus-4-6`.
|
|
40
94
|
models: {
|
|
41
|
-
default: "claude-sonnet-
|
|
95
|
+
default: "claude-sonnet-5",
|
|
42
96
|
allowed: [
|
|
43
97
|
"claude-sonnet-5",
|
|
44
|
-
"claude-sonnet-4-6",
|
|
45
98
|
"claude-opus-4-8",
|
|
46
|
-
"claude-
|
|
47
|
-
"claude-
|
|
48
|
-
"claude-haiku-4-5"
|
|
99
|
+
"claude-haiku-4-5",
|
|
100
|
+
"claude-fable-5"
|
|
49
101
|
],
|
|
50
102
|
env: { anthropic: "ANTHROPIC_API_KEY" }
|
|
51
103
|
},
|
|
@@ -104,6 +156,11 @@ var claudeCode = defineAgentCli({
|
|
|
104
156
|
// against a repo actively trying to escalate its own trust level.
|
|
105
157
|
modes: [
|
|
106
158
|
{ id: "default", description: "Standard interactive mode." },
|
|
159
|
+
{
|
|
160
|
+
id: "lean",
|
|
161
|
+
description: "Drop Claude Code's bundled skills and workflows from context (built-in slash commands stay typable but are hidden from the model). Plugins, project `.claude/skills/`, and `.claude/commands/` are unaffected. The ACP wrapper has no CLI flag for this \u2014 the underlying claude binary reads CLAUDE_CODE_DISABLE_BUNDLED_SKILLS directly, so this mode is env-only.",
|
|
162
|
+
env: { CLAUDE_CODE_DISABLE_BUNDLED_SKILLS: "1" }
|
|
163
|
+
},
|
|
107
164
|
{
|
|
108
165
|
id: "plan",
|
|
109
166
|
description: "Plan-only mode \u2014 Claude Code reasons and proposes a plan, requesting explicit approval before writing files or running commands. Applied via a per-session CLAUDE_CONFIG_DIR override (see comment above `modes`); can be defeated by a target repo's own committed, escalated .claude/settings.json.",
|
|
@@ -118,6 +175,43 @@ var claudeCode = defineAgentCli({
|
|
|
118
175
|
id: "bypass-permissions",
|
|
119
176
|
description: "Skip all permission prompts. Use only in trusted automation contexts.",
|
|
120
177
|
bin_args_append: ["--permission-mode", "bypassPermissions"]
|
|
178
|
+
},
|
|
179
|
+
// ── Gateway modes ───────────────────────────────────────────────
|
|
180
|
+
// The claude binary honors ANTHROPIC_BASE_URL + ANTHROPIC_AUTH_TOKEN,
|
|
181
|
+
// so it can front any Anthropic-compatible gateway (Moonshot, OpenRouter,
|
|
182
|
+
// LiteLLM, claude-code-router) the same way @agentproto/adapter-claude-sdk
|
|
183
|
+
// does. These modes pre-wire the endpoint and — critically — scrub the
|
|
184
|
+
// ambient ANTHROPIC_API_KEY plus the cloud-provider redirect toggles
|
|
185
|
+
// (CLAUDE_CODE_USE_BEDROCK/_VERTEX/…) via env_unset so the real Anthropic
|
|
186
|
+
// credential can neither leak to nor 401 against a third-party host, and
|
|
187
|
+
// a leftover cloud toggle can't override the gateway base_url. The
|
|
188
|
+
// operator supplies the gateway key via the `auth_token` option (injected
|
|
189
|
+
// as ANTHROPIC_AUTH_TOKEN, sent as `Authorization: Bearer`) and picks a
|
|
190
|
+
// model via `model` (e.g. 'kimi-k2.7-code', 'z-ai/glm-5.2') — the ACP
|
|
191
|
+
// wrapper applies it via session/set_config_option after newSession.
|
|
192
|
+
{
|
|
193
|
+
id: ANTHROPIC_GATEWAY_PRESETS.moonshot.id,
|
|
194
|
+
description: "Moonshot (Kimi) gateway. Pre-wires ANTHROPIC_BASE_URL to Moonshot's Anthropic-compatible endpoint and scrubs the ambient ANTHROPIC_API_KEY so it can't leak to the third-party host. Supply the Moonshot key via the `auth_token` option and pick a model via `model` (conventional: 'kimi-k2.7-code'). Without auth_token the spawn has no credentials and fails cleanly \u2014 the real Anthropic key is never sent.",
|
|
195
|
+
env: {
|
|
196
|
+
ANTHROPIC_BASE_URL: ANTHROPIC_GATEWAY_PRESETS.moonshot.baseUrl
|
|
197
|
+
},
|
|
198
|
+
env_unset: CLAUDE_CODE_GATEWAY_ENV_UNSET
|
|
199
|
+
},
|
|
200
|
+
{
|
|
201
|
+
id: ANTHROPIC_GATEWAY_PRESETS.openrouter.id,
|
|
202
|
+
description: "OpenRouter gateway. Pre-wires ANTHROPIC_BASE_URL to OpenRouter's Anthropic-compatible endpoint and scrubs the ambient ANTHROPIC_API_KEY (same auth-hygiene rationale as `moonshot`). Pick a model via `model` (e.g. 'z-ai/glm-5.2', 'deepseek/deepseek-v4-pro', 'moonshotai/kimi-k2') and supply the OpenRouter key via `auth_token`.",
|
|
203
|
+
env: {
|
|
204
|
+
ANTHROPIC_BASE_URL: ANTHROPIC_GATEWAY_PRESETS.openrouter.baseUrl
|
|
205
|
+
},
|
|
206
|
+
env_unset: CLAUDE_CODE_GATEWAY_ENV_UNSET
|
|
207
|
+
},
|
|
208
|
+
{
|
|
209
|
+
id: ANTHROPIC_GATEWAY_PRESETS.deepseek.id,
|
|
210
|
+
description: "DeepSeek gateway. Pre-wires ANTHROPIC_BASE_URL to DeepSeek's Anthropic-compatible endpoint and scrubs the ambient ANTHROPIC_API_KEY (same auth-hygiene rationale as `moonshot`/`openrouter`). Pick a model via `model` (conventional: 'deepseek-v4-pro', 'deepseek-v4-flash') and supply the DeepSeek key via `auth_token`.",
|
|
211
|
+
env: {
|
|
212
|
+
ANTHROPIC_BASE_URL: ANTHROPIC_GATEWAY_PRESETS.deepseek.baseUrl
|
|
213
|
+
},
|
|
214
|
+
env_unset: CLAUDE_CODE_GATEWAY_ENV_UNSET
|
|
121
215
|
}
|
|
122
216
|
],
|
|
123
217
|
options: [
|
|
@@ -125,12 +219,12 @@ var claudeCode = defineAgentCli({
|
|
|
125
219
|
id: "model",
|
|
126
220
|
// string (not enum) so any valid Anthropic model ID is accepted
|
|
127
221
|
// without requiring a code change to expand the list. Applied via
|
|
128
|
-
//
|
|
129
|
-
// — the claude-agent-acp wrapper
|
|
130
|
-
//
|
|
131
|
-
// cannot select the model.
|
|
222
|
+
// ANTHROPIC_MODEL env var so the claude binary picks it up directly
|
|
223
|
+
// — the claude-agent-acp wrapper only forwards CLI args when --cli
|
|
224
|
+
// is passed, otherwise it runs in ACP mode and ignores argv.
|
|
132
225
|
type: "string",
|
|
133
|
-
description: "Anthropic model ID (e.g. 'claude-opus-4-8', 'claude-sonnet-
|
|
226
|
+
description: "Anthropic model ID or wrapper alias (e.g. 'claude-opus-4-8', 'claude-sonnet-5', 'sonnet', 'opus'). Set via ANTHROPIC_MODEL env var so the claude binary uses it directly. Omit to use the claude-code default.",
|
|
227
|
+
env: { ANTHROPIC_MODEL: "{value}" }
|
|
134
228
|
},
|
|
135
229
|
{
|
|
136
230
|
id: "effort",
|
|
@@ -151,6 +245,35 @@ var claudeCode = defineAgentCli({
|
|
|
151
245
|
max: 200,
|
|
152
246
|
description: "Hard cap on tool-use turns within a single send. Claude Code stops after this many cycles.",
|
|
153
247
|
bin_args_template: ["--max-turns", "{value}"]
|
|
248
|
+
},
|
|
249
|
+
{
|
|
250
|
+
id: "base_url",
|
|
251
|
+
// Injected into the child env as ANTHROPIC_BASE_URL — the claude binary
|
|
252
|
+
// honors it, so this fronts real Anthropic, Bedrock/Vertex/Azure, or an
|
|
253
|
+
// Anthropic-compatible gateway (LiteLLM / claude-code-router / Moonshot
|
|
254
|
+
// / OpenRouter). Auto-scrubs the ambient ANTHROPIC_API_KEY + cloud
|
|
255
|
+
// redirect toggles the moment it's set (symmetric with the moonshot/
|
|
256
|
+
// openrouter modes and with claude-sdk's buildQueryOptions scrub) so the
|
|
257
|
+
// real Anthropic credential can never leak to a third-party host — pair
|
|
258
|
+
// with `auth_token` to supply the gateway key. A base_url pointed at a
|
|
259
|
+
// real-Anthropic mirror that still wants the ambient key is the one
|
|
260
|
+
// shape this breaks; that's an acceptable trade for the default being
|
|
261
|
+
// leak-safe (matches claude-sdk).
|
|
262
|
+
type: "string",
|
|
263
|
+
description: "Custom Anthropic base URL. Injected as ANTHROPIC_BASE_URL in the child env \u2014 front real Anthropic, Bedrock/Vertex/Azure, or an Anthropic-compatible gateway. Auto-scrubs the ambient ANTHROPIC_API_KEY + cloud redirect toggles when set (so the real key can't leak to a third-party host) \u2014 pair with `auth_token` to supply the gateway credential. For Moonshot/OpenRouter the dedicated modes pre-wire the URL too. Omit to use the default endpoint.",
|
|
264
|
+
env: { ANTHROPIC_BASE_URL: "{value}" },
|
|
265
|
+
env_unset: CLAUDE_CODE_GATEWAY_ENV_UNSET
|
|
266
|
+
},
|
|
267
|
+
{
|
|
268
|
+
id: "auth_token",
|
|
269
|
+
// Injected into the child env as ANTHROPIC_AUTH_TOKEN — the claude
|
|
270
|
+
// binary sends it as `Authorization: Bearer <token>`, which
|
|
271
|
+
// Anthropic-compatible gateways (Moonshot, OpenRouter) accept. Pair
|
|
272
|
+
// with base_url (or a gateway mode) for a per-spawn key instead of the
|
|
273
|
+
// ambient ANTHROPIC_API_KEY.
|
|
274
|
+
type: "string",
|
|
275
|
+
description: "Bearer token for the Anthropic API or a compatible gateway. Injected as ANTHROPIC_AUTH_TOKEN in the child env (sent as `Authorization: Bearer`). Pair with `base_url` (or a `moonshot`/`openrouter` mode) to target a gateway with a per-spawn key instead of the ambient ANTHROPIC_API_KEY. Omit to use ANTHROPIC_API_KEY from the environment.",
|
|
276
|
+
env: { ANTHROPIC_AUTH_TOKEN: "{value}" }
|
|
154
277
|
}
|
|
155
278
|
],
|
|
156
279
|
continuation: {
|
|
@@ -171,7 +294,20 @@ var claudeCode = defineAgentCli({
|
|
|
171
294
|
key_scope: ["conversation", "operator"]
|
|
172
295
|
}
|
|
173
296
|
},
|
|
174
|
-
tags: ["claude-code", "anthropic", "acp", "agent-runtime", "coding"]
|
|
297
|
+
tags: ["claude-code", "anthropic", "acp", "agent-runtime", "coding"],
|
|
298
|
+
metadata: {
|
|
299
|
+
// Opts claude-code into `agentproto install skill/<slug>` fan-out (no
|
|
300
|
+
// --target given). Claude Code skills install as a whole plugin
|
|
301
|
+
// bundle, not per-skill drops — `unit: "whole-pack"` tells the
|
|
302
|
+
// fan-out dispatcher to emit the pack once, not once per requested
|
|
303
|
+
// skill slug. See
|
|
304
|
+
// packages/cli/src/commands/skill-install/types.ts `AdapterSkillsTarget`.
|
|
305
|
+
skills: {
|
|
306
|
+
format: "claude-plugin",
|
|
307
|
+
unit: "whole-pack",
|
|
308
|
+
outDir: "~/.claude/plugins/agentproto"
|
|
309
|
+
}
|
|
310
|
+
}
|
|
175
311
|
});
|
|
176
312
|
function claudeCodeRuntime() {
|
|
177
313
|
return createAgentCliRuntime(claudeCode);
|
package/dist/index.mjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;AAYO,IAAM,aAA6B,cAAA,CAAe;AAAA,EACvD,IAAA,EAAM,aAAA;AAAA,EACN,EAAA,EAAI,aAAA;AAAA,EACJ,WAAA,EACE,uLAAA;AAAA,EACF,OAAA,EAAS,OAAA;AAAA,EACT,GAAA,EAAK,KAAA;AAAA,EACL,QAAA,EAAU,CAAC,IAAA,EAAM,uCAAuC,CAAA;AAAA,EACxD,OAAA,EAAS;AAAA,IACP;AAAA,MACE,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,uCAAA;AAAA,MACT,MAAA,EAAQ;AAAA;AACV,GACF;AAAA,EACA,aAAA,EAAe;AAAA,IACb,GAAA,EAAK,wDAAA;AAAA,IACL,KAAA,EAAO,sBAAA;AAAA,IACP,KAAA,EAAO,UAAA;AAAA,IACP,UAAA,EAAY;AAAA,GACd;AAAA,EACA,IAAA,EAAM;AAAA,IACJ,GAAA,EAAK,cAAA;AAAA,IACL,KAAA,EAAO,EAAE,GAAA,EAAK,CAAC,mBAAmB,CAAA;AAAE,GACtC;AAAA,EACA,OAAA,EAAS,cAAA;AAAA,EACT,QAAA,EAAU,KAAA;AAAA,EACV,GAAA,EAAK,0BAAA;AAAA,EACL,OAAA,EAAS;AAAA,IACP,IAAA,EAAM,YAAA;AAAA,IACN,eAAA,EAAiB,IAAA;AAAA,IACjB,iBAAA,EAAmB;AAAA,GACrB;AAAA,EACA,MAAA,EAAQ;AAAA,IACN,OAAA,EAAS,mBAAA;AAAA,IACT,OAAA,EAAS;AAAA,MACP,iBAAA;AAAA,MACA,mBAAA;AAAA,MACA,iBAAA;AAAA,MACA,iBAAA;AAAA,MACA,iBAAA;AAAA,MACA;AAAA,KACF;AAAA,IACA,GAAA,EAAK,EAAE,SAAA,EAAW,mBAAA;AAAoB,GACxC;AAAA,EACA,YAAA,EAAc;AAAA,IACZ,SAAA,EAAW,IAAA;AAAA,IACX,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY,KAAA;AAAA,IACZ,OAAA,EAAS,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAKT,UAAA,EAAY,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQZ,SAAA,EAAW,IAAA;AAAA,IACX,aAAA,EAAe,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOf,WAAA,EAAa;AAAA,GACf;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BA,KAAA,EAAO;AAAA,IACL,EAAE,EAAA,EAAI,SAAA,EAAW,WAAA,EAAa,4BAAA,EAA6B;AAAA,IAC3D;AAAA,MACE,EAAA,EAAI,MAAA;AAAA,MACJ,WAAA,EACE,4SAAA;AAAA,MAIF,eAAA,EAAiB,CAAC,mBAAA,EAAqB,MAAM;AAAA,KAC/C;AAAA,IACA;AAAA,MACE,EAAA,EAAI,cAAA;AAAA,MACJ,WAAA,EAAa,gDAAA;AAAA,MACb,eAAA,EAAiB,CAAC,mBAAA,EAAqB,aAAa;AAAA,KACtD;AAAA,IACA;AAAA,MACE,EAAA,EAAI,oBAAA;AAAA,MACJ,WAAA,EACE,uEAAA;AAAA,MACF,eAAA,EAAiB,CAAC,mBAAA,EAAqB,mBAAmB;AAAA;AAC5D,GACF;AAAA,EACA,OAAA,EAAS;AAAA,IACP;AAAA,MACE,EAAA,EAAI,OAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAOJ,IAAA,EAAM,QAAA;AAAA,MACN,WAAA,EACE;AAAA,KAGJ;AAAA,IACA;AAAA,MACE,EAAA,EAAI,QAAA;AAAA,MACJ,IAAA,EAAM,MAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAON,MAAM,CAAC,KAAA,EAAO,UAAU,MAAA,EAAQ,OAAA,EAAS,OAAO,WAAW,CAAA;AAAA,MAC3D,WAAA,EACE;AAAA,KAIJ;AAAA,IACA;AAAA,MACE,EAAA,EAAI,WAAA;AAAA,MACJ,IAAA,EAAM,SAAA;AAAA,MACN,GAAA,EAAK,CAAA;AAAA,MACL,GAAA,EAAK,GAAA;AAAA,MACL,WAAA,EACE,4FAAA;AAAA,MACF,iBAAA,EAAmB,CAAC,aAAA,EAAe,SAAS;AAAA;AAC9C,GACF;AAAA,EACA,YAAA,EAAc;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAWZ,OAAA,EAAS,eAAA;AAAA,IACT,SAAA,EAAW,CAAC,eAAA,EAAiB,gBAAA,EAAkB,cAAc,MAAM,CAAA;AAAA,IACnE,cAAA,EAAgB;AAAA,MACd,eAAA,EAAiB,IAAA;AAAA,MACjB,SAAA,EAAW,CAAC,cAAA,EAAgB,UAAU;AAAA;AACxC,GACF;AAAA,EACA,MAAM,CAAC,aAAA,EAAe,WAAA,EAAa,KAAA,EAAO,iBAAiB,QAAQ;AACrE,CAAC;AAEM,SAAS,iBAAA,GAAqC;AACnD,EAAA,OAAO,sBAAsB,UAAU,CAAA;AACzC","file":"index.mjs","sourcesContent":["/**\n * @agentproto/adapter-claude-code — AIP-45 adapter for Anthropic's\n * Claude Code via the @agentclientprotocol/claude-agent-acp wrapper.\n */\n\nimport {\n createAgentCliRuntime,\n defineAgentCli,\n type AgentCliHandle,\n type AgentCliRuntime,\n} from \"@agentproto/driver-agent-cli\"\n\nexport const claudeCode: AgentCliHandle = defineAgentCli({\n name: \"claude-code\",\n id: \"claude-code\",\n description:\n \"Anthropic's Claude Code wrapped as an ACP agent via @agentclientprotocol/claude-agent-acp. Spawned via `npx -y @agentclientprotocol/claude-agent-acp` and driven over stdio JSON-RPC.\",\n version: \"0.1.0\",\n bin: \"npx\",\n bin_args: [\"-y\", \"@agentclientprotocol/claude-agent-acp\"],\n install: [\n {\n method: \"npm\",\n package: \"@agentclientprotocol/claude-agent-acp\",\n global: true,\n },\n ],\n version_check: {\n cmd: \"npm view @agentclientprotocol/claude-agent-acp version\",\n parse: \"(\\\\d+\\\\.\\\\d+\\\\.\\\\d+)\",\n range: \">=0.30.0\",\n timeout_ms: 15_000,\n },\n auth: {\n ref: \"./SECRETS.md\",\n state: { env: [\"ANTHROPIC_API_KEY\"] },\n },\n sandbox: \"./SANDBOX.md\",\n protocol: \"acp\",\n acp: \"./claude-code-acp.ACP.md\",\n session: {\n mode: \"persistent\",\n idle_timeout_ms: 1_800_000,\n context_carryover: true,\n },\n models: {\n default: \"claude-sonnet-4-6\",\n allowed: [\n \"claude-sonnet-5\",\n \"claude-sonnet-4-6\",\n \"claude-opus-4-8\",\n \"claude-opus-4-7\",\n \"claude-opus-4-6\",\n \"claude-haiku-4-5\",\n ],\n env: { anthropic: \"ANTHROPIC_API_KEY\" },\n },\n capabilities: {\n streaming: true,\n tool_calls: true,\n sub_agents: false,\n file_io: true,\n // ACP wrapper forwards `image` content blocks in user prompts\n // straight to Anthropic Messages API. Hosts SHOULD send images\n // inline (see CLAUDE-CODE.md) instead of passing paths and\n // hoping the model uses Read.\n multimodal: true,\n // The wrapper (@agentclientprotocol/claude-agent-acp >= 0.30)\n // advertises `loadSession: true` and exposes the full session\n // lifecycle (newSession / loadSession / resumeSession / forkSession)\n // over JSON-RPC. Pairs with `continuation.default: native-resume`\n // below — the host persists the sessionId and reattaches to the\n // existing session across cold starts (api restart, sandbox reap,\n // multi-machine).\n resumable: true,\n bidirectional: true,\n // Claude Code's Read tool can ingest any absolute path the host\n // surfaces via the prompt. Pair with the daemon's POST /files/upload\n // route + a host UI drag-drop handler: drop a file → daemon writes\n // to `cwd/.agentproto-attachments/<name>` → host pastes the path\n // into the terminal → Claude reads it natively. No protocol-level\n // multimodal round-trip needed; pure file-path injection.\n file_attach: true,\n },\n // `bin_args_append: [\"--permission-mode\", ...]` below is a no-op against\n // the @agentclientprotocol/claude-agent-acp wrapper — it never reads\n // `--permission-mode` from argv. The wrapper instead resolves\n // `permissions.defaultMode` exclusively via the SDK's `resolveSettings`,\n // which merges `${CLAUDE_CONFIG_DIR}/settings.json` (user tier),\n // `<cwd>/.claude/settings(.local).json` (project tier), and a managed\n // tier. The driver (`packages/driver/agent-cli/src/define-agent-cli.ts`,\n // `resolveClaudeCodePermissionMode`) makes the mode actually take effect\n // by pointing a per-session `CLAUDE_CONFIG_DIR` at a throwaway temp dir\n // containing `{\"permissions\":{\"defaultMode\":\"<value>\"}}` — reading the\n // same `--permission-mode <value>` pair declared here as its one source\n // of truth for the value vocabulary. `bin_args_append` is kept for a\n // future wrapper version that might start reading argv.\n //\n // Known limitation (empirically confirmed, not just theorized): a target\n // repo that commits its own escalated `.claude/settings.json`\n // `permissions.defaultMode` (e.g. \"bypassPermissions\") does NOT let the\n // repo's escalation win — the wrapper's `filterEscalatingDefaultMode`\n // strips an escalating project-tier value entirely — but it also means\n // OUR requested mode is defeated in the same merge pass (project tier\n // out-prioritizes the user tier for the raw merge, before the filter\n // ever runs). The net effect for that adversarial case is the session\n // falls back to \"default\" (normal per-action prompting) rather than the\n // requested mode. This does not reintroduce the original bug (silent,\n // zero-prompt writes) — it just doesn't guarantee plan-only reasoning\n // against a repo actively trying to escalate its own trust level.\n modes: [\n { id: \"default\", description: \"Standard interactive mode.\" },\n {\n id: \"plan\",\n description:\n \"Plan-only mode — Claude Code reasons and proposes a plan, requesting explicit \" +\n \"approval before writing files or running commands. Applied via a per-session \" +\n \"CLAUDE_CONFIG_DIR override (see comment above `modes`); can be defeated by a \" +\n \"target repo's own committed, escalated .claude/settings.json.\",\n bin_args_append: [\"--permission-mode\", \"plan\"],\n },\n {\n id: \"accept-edits\",\n description: \"Auto-accept file edits; commands still prompt.\",\n bin_args_append: [\"--permission-mode\", \"acceptEdits\"],\n },\n {\n id: \"bypass-permissions\",\n description:\n \"Skip all permission prompts. Use only in trusted automation contexts.\",\n bin_args_append: [\"--permission-mode\", \"bypassPermissions\"],\n },\n ],\n options: [\n {\n id: \"model\",\n // string (not enum) so any valid Anthropic model ID is accepted\n // without requiring a code change to expand the list. Applied via\n // ACP session/set_config_option(configId:\"model\") after newSession\n // — the claude-agent-acp wrapper does not forward its own CLI args\n // to the underlying claude process, so bin_args_template alone\n // cannot select the model.\n type: \"string\" as const,\n description:\n \"Anthropic model ID (e.g. 'claude-opus-4-8', 'claude-sonnet-4-6'). \" +\n \"Applied via ACP session/set_config_option after the session is created. \" +\n \"Omit to use the claude-code default.\",\n },\n {\n id: \"effort\",\n type: \"enum\" as const,\n // Effort is model-dependent: the same label maps to different\n // underlying compute budgets across models, and the model's own\n // default differs (Sonnet 4.6 / Opus 4.8 default to \"high\";\n // Opus 4.7 defaults to \"xhigh\"). \"max\" and \"ultracode\" are\n // session-only — not valid in persisted settings. Omit to keep\n // the model's own default rather than hardcoding one here.\n enum: [\"low\", \"medium\", \"high\", \"xhigh\", \"max\", \"ultracode\"],\n description:\n \"Reasoning effort level. Model-dependent: the same label ≠ the same \" +\n \"compute budget across models, and defaults differ by model \" +\n \"(e.g. Sonnet 4.6 / Opus 4.8 default to 'high'; Opus 4.7 to 'xhigh'). \" +\n \"'max' and 'ultracode' are session-only. Omit to keep the model's own default.\",\n },\n {\n id: \"max_turns\",\n type: \"integer\" as const,\n min: 1,\n max: 200,\n description:\n \"Hard cap on tool-use turns within a single send. Claude Code stops after this many cycles.\",\n bin_args_template: [\"--max-turns\", \"{value}\"],\n },\n ],\n continuation: {\n // native-resume: each turn cold-spawns claude, then ACP `loadSession`\n // reattaches to the saved sessionId. Survives api restarts, sandbox\n // reaps, multi-machine — claude reads its own JSONL session store.\n // Requires the host to register `configureNativeResume({load, save})`\n // hooks; without them the strategy degrades to per-spawn behaviour\n // (no continuity).\n //\n // pinned-session is still supported as a fallback for hosts that\n // haven't wired the resume hooks yet — same warm-process semantics\n // as pre-AIP-45-extension behaviour.\n default: \"native-resume\",\n supported: [\"native-resume\", \"pinned-session\", \"transcript\", \"none\"],\n pinned_session: {\n idle_timeout_ms: 1_800_000,\n key_scope: [\"conversation\", \"operator\"],\n },\n },\n tags: [\"claude-code\", \"anthropic\", \"acp\", \"agent-runtime\", \"coding\"],\n})\n\nexport function claudeCodeRuntime(): AgentCliRuntime {\n return createAgentCliRuntime(claudeCode)\n}\n\nexport type { AgentCliHandle, AgentCliRuntime }\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;AAwBA,IAAM,yBAAA,GAAsC;AAAA,EAC1C,yBAAA;AAAA,EACA,wBAAA;AAAA,EACA,yBAAA;AAAA,EACA,+BAAA;AAAA,EACA,wBAAA;AAAA,EACA;AACF,CAAA;AACA,IAAM,6BAAA,GAA0C;AAAA,EAC9C,GAAG,wBAAA;AAAA,EACH,GAAG;AACL,CAAA;AAEO,IAAM,aAA6B,cAAA,CAAe;AAAA,EACvD,IAAA,EAAM,aAAA;AAAA,EACN,EAAA,EAAI,aAAA;AAAA,EACJ,WAAA,EACE,uLAAA;AAAA,EACF,OAAA,EAAS,OAAA;AAAA,EACT,GAAA,EAAK,KAAA;AAAA,EACL,QAAA,EAAU,CAAC,IAAA,EAAM,uCAAuC,CAAA;AAAA,EACxD,OAAA,EAAS;AAAA,IACP;AAAA,MACE,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,uCAAA;AAAA,MACT,MAAA,EAAQ;AAAA;AACV,GACF;AAAA,EACA,aAAA,EAAe;AAAA,IACb,GAAA,EAAK,wDAAA;AAAA,IACL,KAAA,EAAO,sBAAA;AAAA,IACP,KAAA,EAAO,UAAA;AAAA,IACP,UAAA,EAAY;AAAA,GACd;AAAA,EACA,IAAA,EAAM;AAAA,IACJ,GAAA,EAAK,cAAA;AAAA,IACL,KAAA,EAAO,EAAE,GAAA,EAAK,CAAC,mBAAmB,CAAA;AAAE,GACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA4BA,QAAA,EAAU,WAAA;AAAA,EACV,WAAA,EAAa,QAAA;AAAA,EACb,gBAAA,EAAkB;AAAA,IAChB,MAAA,EAAQ,yBAAA;AAAA,IACR,WAAA,EAAa,CAAC,sBAAsB,CAAA;AAAA,IACpC,WAAA,EAAa,CAAC,GAAG,yBAAA,EAA2B,oBAAoB;AAAA,GAClE;AAAA,EACA,OAAA,EAAS,cAAA;AAAA,EACT,QAAA,EAAU,KAAA;AAAA,EACV,GAAA,EAAK,0BAAA;AAAA,EACL,OAAA,EAAS;AAAA,IACP,IAAA,EAAM,YAAA;AAAA,IACN,eAAA,EAAiB,IAAA;AAAA,IACjB,iBAAA,EAAmB;AAAA,GACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAA,EAAQ;AAAA,IACN,OAAA,EAAS,iBAAA;AAAA,IACT,OAAA,EAAS;AAAA,MACP,iBAAA;AAAA,MACA,iBAAA;AAAA,MACA,kBAAA;AAAA,MACA;AAAA,KACF;AAAA,IACA,GAAA,EAAK,EAAE,SAAA,EAAW,mBAAA;AAAoB,GACxC;AAAA,EACA,YAAA,EAAc;AAAA,IACZ,SAAA,EAAW,IAAA;AAAA,IACX,UAAA,EAAY,IAAA;AAAA,IACZ,UAAA,EAAY,KAAA;AAAA,IACZ,OAAA,EAAS,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAKT,UAAA,EAAY,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQZ,SAAA,EAAW,IAAA;AAAA,IACX,aAAA,EAAe,IAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOf,WAAA,EAAa;AAAA,GACf;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2BA,KAAA,EAAO;AAAA,IACL,EAAE,EAAA,EAAI,SAAA,EAAW,WAAA,EAAa,4BAAA,EAA6B;AAAA,IAC3D;AAAA,MACE,EAAA,EAAI,MAAA;AAAA,MACJ,WAAA,EACE,0WAAA;AAAA,MAKF,GAAA,EAAK,EAAE,kCAAA,EAAoC,GAAA;AAAI,KACjD;AAAA,IACA;AAAA,MACE,EAAA,EAAI,MAAA;AAAA,MACJ,WAAA,EACE,4SAAA;AAAA,MAIF,eAAA,EAAiB,CAAC,mBAAA,EAAqB,MAAM;AAAA,KAC/C;AAAA,IACA;AAAA,MACE,EAAA,EAAI,cAAA;AAAA,MACJ,WAAA,EAAa,gDAAA;AAAA,MACb,eAAA,EAAiB,CAAC,mBAAA,EAAqB,aAAa;AAAA,KACtD;AAAA,IACA;AAAA,MACE,EAAA,EAAI,oBAAA;AAAA,MACJ,WAAA,EACE,uEAAA;AAAA,MACF,eAAA,EAAiB,CAAC,mBAAA,EAAqB,mBAAmB;AAAA,KAC5D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAcA;AAAA,MACE,EAAA,EAAI,0BAA0B,QAAA,CAAS,EAAA;AAAA,MACvC,WAAA,EACE,wZAAA;AAAA,MAMF,GAAA,EAAK;AAAA,QACH,kBAAA,EAAoB,0BAA0B,QAAA,CAAS;AAAA,OACzD;AAAA,MACA,SAAA,EAAW;AAAA,KACb;AAAA,IACA;AAAA,MACE,EAAA,EAAI,0BAA0B,UAAA,CAAW,EAAA;AAAA,MACzC,WAAA,EACE,uUAAA;AAAA,MAKF,GAAA,EAAK;AAAA,QACH,kBAAA,EAAoB,0BAA0B,UAAA,CAAW;AAAA,OAC3D;AAAA,MACA,SAAA,EAAW;AAAA,KACb;AAAA,IACA;AAAA,MACE,EAAA,EAAI,0BAA0B,QAAA,CAAS,EAAA;AAAA,MACvC,WAAA,EACE,6TAAA;AAAA,MAKF,GAAA,EAAK;AAAA,QACH,kBAAA,EAAoB,0BAA0B,QAAA,CAAS;AAAA,OACzD;AAAA,MACA,SAAA,EAAW;AAAA;AACb,GACF;AAAA,EACA,OAAA,EAAS;AAAA,IACP;AAAA,MACE,EAAA,EAAI,OAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAMJ,IAAA,EAAM,QAAA;AAAA,MACN,WAAA,EACE,gNAAA;AAAA,MAGF,GAAA,EAAK,EAAE,eAAA,EAAiB,SAAA;AAAU,KACpC;AAAA,IACA;AAAA,MACE,EAAA,EAAI,QAAA;AAAA,MACJ,IAAA,EAAM,MAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAON,MAAM,CAAC,KAAA,EAAO,UAAU,MAAA,EAAQ,OAAA,EAAS,OAAO,WAAW,CAAA;AAAA,MAC3D,WAAA,EACE;AAAA,KAIJ;AAAA,IACA;AAAA,MACE,EAAA,EAAI,WAAA;AAAA,MACJ,IAAA,EAAM,SAAA;AAAA,MACN,GAAA,EAAK,CAAA;AAAA,MACL,GAAA,EAAK,GAAA;AAAA,MACL,WAAA,EACE,4FAAA;AAAA,MACF,iBAAA,EAAmB,CAAC,aAAA,EAAe,SAAS;AAAA,KAC9C;AAAA,IACA;AAAA,MACE,EAAA,EAAI,UAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAYJ,IAAA,EAAM,QAAA;AAAA,MACN,WAAA,EACE,scAAA;AAAA,MAOF,GAAA,EAAK,EAAE,kBAAA,EAAoB,SAAA,EAAU;AAAA,MACrC,SAAA,EAAW;AAAA,KACb;AAAA,IACA;AAAA,MACE,EAAA,EAAI,YAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAMJ,IAAA,EAAM,QAAA;AAAA,MACN,WAAA,EACE,kVAAA;AAAA,MAKF,GAAA,EAAK,EAAE,oBAAA,EAAsB,SAAA;AAAU;AACzC,GACF;AAAA,EACA,YAAA,EAAc;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAWZ,OAAA,EAAS,eAAA;AAAA,IACT,SAAA,EAAW,CAAC,eAAA,EAAiB,gBAAA,EAAkB,cAAc,MAAM,CAAA;AAAA,IACnE,cAAA,EAAgB;AAAA,MACd,eAAA,EAAiB,IAAA;AAAA,MACjB,SAAA,EAAW,CAAC,cAAA,EAAgB,UAAU;AAAA;AACxC,GACF;AAAA,EACA,MAAM,CAAC,aAAA,EAAe,WAAA,EAAa,KAAA,EAAO,iBAAiB,QAAQ,CAAA;AAAA,EACnE,QAAA,EAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOR,MAAA,EAAQ;AAAA,MACN,MAAA,EAAQ,eAAA;AAAA,MACR,IAAA,EAAM,YAAA;AAAA,MACN,MAAA,EAAQ;AAAA;AACV;AAEJ,CAAC;AAEM,SAAS,iBAAA,GAAqC;AACnD,EAAA,OAAO,sBAAsB,UAAU,CAAA;AACzC","file":"index.mjs","sourcesContent":["/**\n * @agentproto/adapter-claude-code — AIP-45 adapter for Anthropic's\n * Claude Code via the @agentclientprotocol/claude-agent-acp wrapper.\n */\n\nimport {\n createAgentCliRuntime,\n defineAgentCli,\n type AgentCliHandle,\n type AgentCliRuntime,\n} from \"@agentproto/driver-agent-cli\"\nimport {\n ANTHROPIC_CORE_SCRUB_ENV,\n ANTHROPIC_GATEWAY_PRESETS,\n} from \"@agentproto/provider-presets\"\n\n// Cloud-provider redirect toggles that must be scrubbed alongside the core\n// ANTHROPIC_API_KEY whenever the claude binary is pointed at a non-Anthropic\n// gateway — a leftover toggle would override ANTHROPIC_BASE_URL and silently\n// route back to Bedrock/Vertex/etc. The core ANTHROPIC_API_KEY scrub itself\n// is sourced from @agentproto/provider-presets (the single source of truth for\n// gateway facts), so a new native-Anthropic credential env var added there is\n// picked up here automatically. Shared by the moonshot/openrouter modes and\n// the base_url option.\nconst CLAUDE_CODE_CLOUD_TOGGLES: string[] = [\n \"CLAUDE_CODE_USE_BEDROCK\",\n \"CLAUDE_CODE_USE_VERTEX\",\n \"CLAUDE_CODE_USE_FOUNDRY\",\n \"CLAUDE_CODE_USE_ANTHROPIC_AWS\",\n \"CLAUDE_CODE_USE_MANTLE\",\n \"CLAUDE_CODE_USE_GATEWAY\",\n]\nconst CLAUDE_CODE_GATEWAY_ENV_UNSET: string[] = [\n ...ANTHROPIC_CORE_SCRUB_ENV,\n ...CLAUDE_CODE_CLOUD_TOGGLES,\n]\n\nexport const claudeCode: AgentCliHandle = defineAgentCli({\n name: \"claude-code\",\n id: \"claude-code\",\n description:\n \"Anthropic's Claude Code wrapped as an ACP agent via @agentclientprotocol/claude-agent-acp. Spawned via `npx -y @agentclientprotocol/claude-agent-acp` and driven over stdio JSON-RPC.\",\n version: \"0.1.0\",\n bin: \"npx\",\n bin_args: [\"-y\", \"@agentclientprotocol/claude-agent-acp\"],\n install: [\n {\n method: \"npm\",\n package: \"@agentclientprotocol/claude-agent-acp\",\n global: true,\n },\n ],\n version_check: {\n cmd: \"npm view @agentclientprotocol/claude-agent-acp version\",\n parse: \"(\\\\d+\\\\.\\\\d+\\\\.\\\\d+)\",\n range: \">=0.30.0\",\n timeout_ms: 15_000,\n },\n auth: {\n ref: \"./SECRETS.md\",\n state: { env: [\"ANTHROPIC_API_KEY\"] },\n },\n // Deterministic billing-auth (subscription vs api-key), resolved by the\n // runtime (@agentproto/runtime's resolveAuthSpec) and applied MECHANICALLY\n // by the driver. EXPLICIT credential selection, not scrub-by-absence: the\n // resolver SETS exactly one credential env var (from a named config/store\n // ref, never the ambient shell) and SCRUBS the conflicting one(s), so which\n // credential — and thus which billing — a spawn uses is *stated*, never\n // inferred from whatever the daemon's launching shell exported (the outage\n // this surface exists to prevent).\n //\n // provider \"anthropic\" ⇒ api-key mode SETS providerEnvVar(\"anthropic\") =\n // ANTHROPIC_API_KEY (derived from the catalog, not re-listed here) and\n // scrubs the subscription-family creds (CLAUDE_CODE_OAUTH_TOKEN +\n // ANTHROPIC_AUTH_TOKEN). authEnforce \"always\" preserves #312: claude-code\n // engages on EVERY spawn and fails fast with no credential.\n //\n // authSubscription: \"subscription\" SETS CLAUDE_CODE_OAUTH_TOKEN to a bearer\n // token minted via `claude setup-token` (bills Max/Pro, not API credits) —\n // the var Claude Code documents for that token and the ONLY one that yields\n // the clean native claude.ai-login path. (The same token as\n // ANTHROPIC_AUTH_TOKEN authenticates but is treated as a generic override\n // that disables connectors — the degraded path, so it's a `conflictEnv` to\n // scrub, never the setEnv.) `conflictEnv` (ANTHROPIC_AUTH_TOKEN) is scrubbed\n // in BOTH modes; `unsetEnvAdd` (cloud toggles + ANTHROPIC_BASE_URL) only in\n // subscription (native) mode — matching #312's exact byte-for-byte scrub set\n // in each mode (asserted by the regression snapshot test). ANTHROPIC_API_KEY\n // is NOT listed in unsetEnvAdd because it derives from providerEnvVar and is\n // scrubbed as the non-set credential automatically.\n provider: \"anthropic\",\n authEnforce: \"always\",\n authSubscription: {\n setEnv: \"CLAUDE_CODE_OAUTH_TOKEN\",\n conflictEnv: [\"ANTHROPIC_AUTH_TOKEN\"],\n unsetEnvAdd: [...CLAUDE_CODE_CLOUD_TOGGLES, \"ANTHROPIC_BASE_URL\"],\n },\n sandbox: \"./SANDBOX.md\",\n protocol: \"acp\",\n acp: \"./claude-code-acp.ACP.md\",\n session: {\n mode: \"persistent\",\n idle_timeout_ms: 1_800_000,\n context_carryover: true,\n },\n // Every id below is validated against the wrapper's live\n // `session/new` → configOptions[model] selector: the wrapper resolves\n // these (via its own `resolveModelPreference`) and rejects anything it\n // can't — a rejected `session/set_config_option` used to kill the spawn\n // (agentproto#186; the apply is now best-effort, see @agentproto/acp's\n // newSession). Stale ids that the wrapper no longer offers were removed:\n // `claude-sonnet-4-6` (the old default), `claude-opus-4-7`, `claude-opus-4-6`.\n models: {\n default: \"claude-sonnet-5\",\n allowed: [\n \"claude-sonnet-5\",\n \"claude-opus-4-8\",\n \"claude-haiku-4-5\",\n \"claude-fable-5\",\n ],\n env: { anthropic: \"ANTHROPIC_API_KEY\" },\n },\n capabilities: {\n streaming: true,\n tool_calls: true,\n sub_agents: false,\n file_io: true,\n // ACP wrapper forwards `image` content blocks in user prompts\n // straight to Anthropic Messages API. Hosts SHOULD send images\n // inline (see CLAUDE-CODE.md) instead of passing paths and\n // hoping the model uses Read.\n multimodal: true,\n // The wrapper (@agentclientprotocol/claude-agent-acp >= 0.30)\n // advertises `loadSession: true` and exposes the full session\n // lifecycle (newSession / loadSession / resumeSession / forkSession)\n // over JSON-RPC. Pairs with `continuation.default: native-resume`\n // below — the host persists the sessionId and reattaches to the\n // existing session across cold starts (api restart, sandbox reap,\n // multi-machine).\n resumable: true,\n bidirectional: true,\n // Claude Code's Read tool can ingest any absolute path the host\n // surfaces via the prompt. Pair with the daemon's POST /files/upload\n // route + a host UI drag-drop handler: drop a file → daemon writes\n // to `cwd/.agentproto-attachments/<name>` → host pastes the path\n // into the terminal → Claude reads it natively. No protocol-level\n // multimodal round-trip needed; pure file-path injection.\n file_attach: true,\n },\n // `bin_args_append: [\"--permission-mode\", ...]` below is a no-op against\n // the @agentclientprotocol/claude-agent-acp wrapper — it never reads\n // `--permission-mode` from argv. The wrapper instead resolves\n // `permissions.defaultMode` exclusively via the SDK's `resolveSettings`,\n // which merges `${CLAUDE_CONFIG_DIR}/settings.json` (user tier),\n // `<cwd>/.claude/settings(.local).json` (project tier), and a managed\n // tier. The driver (`packages/driver/agent-cli/src/define-agent-cli.ts`,\n // `resolveClaudeCodePermissionMode`) makes the mode actually take effect\n // by pointing a per-session `CLAUDE_CONFIG_DIR` at a throwaway temp dir\n // containing `{\"permissions\":{\"defaultMode\":\"<value>\"}}` — reading the\n // same `--permission-mode <value>` pair declared here as its one source\n // of truth for the value vocabulary. `bin_args_append` is kept for a\n // future wrapper version that might start reading argv.\n //\n // Known limitation (empirically confirmed, not just theorized): a target\n // repo that commits its own escalated `.claude/settings.json`\n // `permissions.defaultMode` (e.g. \"bypassPermissions\") does NOT let the\n // repo's escalation win — the wrapper's `filterEscalatingDefaultMode`\n // strips an escalating project-tier value entirely — but it also means\n // OUR requested mode is defeated in the same merge pass (project tier\n // out-prioritizes the user tier for the raw merge, before the filter\n // ever runs). The net effect for that adversarial case is the session\n // falls back to \"default\" (normal per-action prompting) rather than the\n // requested mode. This does not reintroduce the original bug (silent,\n // zero-prompt writes) — it just doesn't guarantee plan-only reasoning\n // against a repo actively trying to escalate its own trust level.\n modes: [\n { id: \"default\", description: \"Standard interactive mode.\" },\n {\n id: \"lean\",\n description:\n \"Drop Claude Code's bundled skills and workflows from context (built-in slash \" +\n \"commands stay typable but are hidden from the model). Plugins, project \" +\n \"`.claude/skills/`, and `.claude/commands/` are unaffected. The ACP wrapper has \" +\n \"no CLI flag for this — the underlying claude binary reads \" +\n \"CLAUDE_CODE_DISABLE_BUNDLED_SKILLS directly, so this mode is env-only.\",\n env: { CLAUDE_CODE_DISABLE_BUNDLED_SKILLS: \"1\" },\n },\n {\n id: \"plan\",\n description:\n \"Plan-only mode — Claude Code reasons and proposes a plan, requesting explicit \" +\n \"approval before writing files or running commands. Applied via a per-session \" +\n \"CLAUDE_CONFIG_DIR override (see comment above `modes`); can be defeated by a \" +\n \"target repo's own committed, escalated .claude/settings.json.\",\n bin_args_append: [\"--permission-mode\", \"plan\"],\n },\n {\n id: \"accept-edits\",\n description: \"Auto-accept file edits; commands still prompt.\",\n bin_args_append: [\"--permission-mode\", \"acceptEdits\"],\n },\n {\n id: \"bypass-permissions\",\n description:\n \"Skip all permission prompts. Use only in trusted automation contexts.\",\n bin_args_append: [\"--permission-mode\", \"bypassPermissions\"],\n },\n // ── Gateway modes ───────────────────────────────────────────────\n // The claude binary honors ANTHROPIC_BASE_URL + ANTHROPIC_AUTH_TOKEN,\n // so it can front any Anthropic-compatible gateway (Moonshot, OpenRouter,\n // LiteLLM, claude-code-router) the same way @agentproto/adapter-claude-sdk\n // does. These modes pre-wire the endpoint and — critically — scrub the\n // ambient ANTHROPIC_API_KEY plus the cloud-provider redirect toggles\n // (CLAUDE_CODE_USE_BEDROCK/_VERTEX/…) via env_unset so the real Anthropic\n // credential can neither leak to nor 401 against a third-party host, and\n // a leftover cloud toggle can't override the gateway base_url. The\n // operator supplies the gateway key via the `auth_token` option (injected\n // as ANTHROPIC_AUTH_TOKEN, sent as `Authorization: Bearer`) and picks a\n // model via `model` (e.g. 'kimi-k2.7-code', 'z-ai/glm-5.2') — the ACP\n // wrapper applies it via session/set_config_option after newSession.\n {\n id: ANTHROPIC_GATEWAY_PRESETS.moonshot.id,\n description:\n \"Moonshot (Kimi) gateway. Pre-wires ANTHROPIC_BASE_URL to Moonshot's \" +\n \"Anthropic-compatible endpoint and scrubs the ambient ANTHROPIC_API_KEY \" +\n \"so it can't leak to the third-party host. Supply the Moonshot key via \" +\n \"the `auth_token` option and pick a model via `model` (conventional: \" +\n \"'kimi-k2.7-code'). Without auth_token the spawn has no credentials and \" +\n \"fails cleanly — the real Anthropic key is never sent.\",\n env: {\n ANTHROPIC_BASE_URL: ANTHROPIC_GATEWAY_PRESETS.moonshot.baseUrl,\n },\n env_unset: CLAUDE_CODE_GATEWAY_ENV_UNSET,\n },\n {\n id: ANTHROPIC_GATEWAY_PRESETS.openrouter.id,\n description:\n \"OpenRouter gateway. Pre-wires ANTHROPIC_BASE_URL to OpenRouter's \" +\n \"Anthropic-compatible endpoint and scrubs the ambient ANTHROPIC_API_KEY \" +\n \"(same auth-hygiene rationale as `moonshot`). Pick a model via `model` \" +\n \"(e.g. 'z-ai/glm-5.2', 'deepseek/deepseek-v4-pro', 'moonshotai/kimi-k2') \" +\n \"and supply the OpenRouter key via `auth_token`.\",\n env: {\n ANTHROPIC_BASE_URL: ANTHROPIC_GATEWAY_PRESETS.openrouter.baseUrl,\n },\n env_unset: CLAUDE_CODE_GATEWAY_ENV_UNSET,\n },\n {\n id: ANTHROPIC_GATEWAY_PRESETS.deepseek.id,\n description:\n \"DeepSeek gateway. Pre-wires ANTHROPIC_BASE_URL to DeepSeek's \" +\n \"Anthropic-compatible endpoint and scrubs the ambient ANTHROPIC_API_KEY \" +\n \"(same auth-hygiene rationale as `moonshot`/`openrouter`). Pick a model \" +\n \"via `model` (conventional: 'deepseek-v4-pro', 'deepseek-v4-flash') and \" +\n \"supply the DeepSeek key via `auth_token`.\",\n env: {\n ANTHROPIC_BASE_URL: ANTHROPIC_GATEWAY_PRESETS.deepseek.baseUrl,\n },\n env_unset: CLAUDE_CODE_GATEWAY_ENV_UNSET,\n },\n ],\n options: [\n {\n id: \"model\",\n // string (not enum) so any valid Anthropic model ID is accepted\n // without requiring a code change to expand the list. Applied via\n // ANTHROPIC_MODEL env var so the claude binary picks it up directly\n // — the claude-agent-acp wrapper only forwards CLI args when --cli\n // is passed, otherwise it runs in ACP mode and ignores argv.\n type: \"string\" as const,\n description:\n \"Anthropic model ID or wrapper alias (e.g. 'claude-opus-4-8', \" +\n \"'claude-sonnet-5', 'sonnet', 'opus'). Set via ANTHROPIC_MODEL env \" +\n \"var so the claude binary uses it directly. Omit to use the claude-code default.\",\n env: { ANTHROPIC_MODEL: \"{value}\" },\n },\n {\n id: \"effort\",\n type: \"enum\" as const,\n // Effort is model-dependent: the same label maps to different\n // underlying compute budgets across models, and the model's own\n // default differs (Sonnet 4.6 / Opus 4.8 default to \"high\";\n // Opus 4.7 defaults to \"xhigh\"). \"max\" and \"ultracode\" are\n // session-only — not valid in persisted settings. Omit to keep\n // the model's own default rather than hardcoding one here.\n enum: [\"low\", \"medium\", \"high\", \"xhigh\", \"max\", \"ultracode\"],\n description:\n \"Reasoning effort level. Model-dependent: the same label ≠ the same \" +\n \"compute budget across models, and defaults differ by model \" +\n \"(e.g. Sonnet 4.6 / Opus 4.8 default to 'high'; Opus 4.7 to 'xhigh'). \" +\n \"'max' and 'ultracode' are session-only. Omit to keep the model's own default.\",\n },\n {\n id: \"max_turns\",\n type: \"integer\" as const,\n min: 1,\n max: 200,\n description:\n \"Hard cap on tool-use turns within a single send. Claude Code stops after this many cycles.\",\n bin_args_template: [\"--max-turns\", \"{value}\"],\n },\n {\n id: \"base_url\",\n // Injected into the child env as ANTHROPIC_BASE_URL — the claude binary\n // honors it, so this fronts real Anthropic, Bedrock/Vertex/Azure, or an\n // Anthropic-compatible gateway (LiteLLM / claude-code-router / Moonshot\n // / OpenRouter). Auto-scrubs the ambient ANTHROPIC_API_KEY + cloud\n // redirect toggles the moment it's set (symmetric with the moonshot/\n // openrouter modes and with claude-sdk's buildQueryOptions scrub) so the\n // real Anthropic credential can never leak to a third-party host — pair\n // with `auth_token` to supply the gateway key. A base_url pointed at a\n // real-Anthropic mirror that still wants the ambient key is the one\n // shape this breaks; that's an acceptable trade for the default being\n // leak-safe (matches claude-sdk).\n type: \"string\" as const,\n description:\n \"Custom Anthropic base URL. Injected as ANTHROPIC_BASE_URL in the \" +\n \"child env — front real Anthropic, Bedrock/Vertex/Azure, or an \" +\n \"Anthropic-compatible gateway. Auto-scrubs the ambient \" +\n \"ANTHROPIC_API_KEY + cloud redirect toggles when set (so the real \" +\n \"key can't leak to a third-party host) — pair with `auth_token` to \" +\n \"supply the gateway credential. For Moonshot/OpenRouter the dedicated \" +\n \"modes pre-wire the URL too. Omit to use the default endpoint.\",\n env: { ANTHROPIC_BASE_URL: \"{value}\" },\n env_unset: CLAUDE_CODE_GATEWAY_ENV_UNSET,\n },\n {\n id: \"auth_token\",\n // Injected into the child env as ANTHROPIC_AUTH_TOKEN — the claude\n // binary sends it as `Authorization: Bearer <token>`, which\n // Anthropic-compatible gateways (Moonshot, OpenRouter) accept. Pair\n // with base_url (or a gateway mode) for a per-spawn key instead of the\n // ambient ANTHROPIC_API_KEY.\n type: \"string\" as const,\n description:\n \"Bearer token for the Anthropic API or a compatible gateway. Injected \" +\n \"as ANTHROPIC_AUTH_TOKEN in the child env (sent as `Authorization: \" +\n \"Bearer`). Pair with `base_url` (or a `moonshot`/`openrouter` mode) \" +\n \"to target a gateway with a per-spawn key instead of the ambient \" +\n \"ANTHROPIC_API_KEY. Omit to use ANTHROPIC_API_KEY from the environment.\",\n env: { ANTHROPIC_AUTH_TOKEN: \"{value}\" },\n },\n ],\n continuation: {\n // native-resume: each turn cold-spawns claude, then ACP `loadSession`\n // reattaches to the saved sessionId. Survives api restarts, sandbox\n // reaps, multi-machine — claude reads its own JSONL session store.\n // Requires the host to register `configureNativeResume({load, save})`\n // hooks; without them the strategy degrades to per-spawn behaviour\n // (no continuity).\n //\n // pinned-session is still supported as a fallback for hosts that\n // haven't wired the resume hooks yet — same warm-process semantics\n // as pre-AIP-45-extension behaviour.\n default: \"native-resume\",\n supported: [\"native-resume\", \"pinned-session\", \"transcript\", \"none\"],\n pinned_session: {\n idle_timeout_ms: 1_800_000,\n key_scope: [\"conversation\", \"operator\"],\n },\n },\n tags: [\"claude-code\", \"anthropic\", \"acp\", \"agent-runtime\", \"coding\"],\n metadata: {\n // Opts claude-code into `agentproto install skill/<slug>` fan-out (no\n // --target given). Claude Code skills install as a whole plugin\n // bundle, not per-skill drops — `unit: \"whole-pack\"` tells the\n // fan-out dispatcher to emit the pack once, not once per requested\n // skill slug. See\n // packages/cli/src/commands/skill-install/types.ts `AdapterSkillsTarget`.\n skills: {\n format: \"claude-plugin\",\n unit: \"whole-pack\",\n outDir: \"~/.claude/plugins/agentproto\",\n },\n },\n})\n\nexport function claudeCodeRuntime(): AgentCliRuntime {\n return createAgentCliRuntime(claudeCode)\n}\n\nexport type { AgentCliHandle, AgentCliRuntime }\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agentproto/adapter-claude-code",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "1.0.0",
|
|
4
4
|
"description": "@agentproto/adapter-claude-code — AIP-45 AGENT-CLI adapter for Anthropic's Claude Code via @agentclientprotocol/claude-agent-acp. Spawns the ACP wrapper and drives Claude Code as an agentproto agent CLI.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"agentproto",
|
|
@@ -17,7 +17,7 @@
|
|
|
17
17
|
"url": "https://github.com/agentproto/ts",
|
|
18
18
|
"directory": "adapters/claude-code"
|
|
19
19
|
},
|
|
20
|
-
"license": "
|
|
20
|
+
"license": "Apache-2.0",
|
|
21
21
|
"type": "module",
|
|
22
22
|
"main": "dist/index.mjs",
|
|
23
23
|
"module": "dist/index.mjs",
|
|
@@ -41,7 +41,8 @@
|
|
|
41
41
|
"access": "public"
|
|
42
42
|
},
|
|
43
43
|
"dependencies": {
|
|
44
|
-
"@agentproto/driver-agent-cli": "0.
|
|
44
|
+
"@agentproto/driver-agent-cli": "1.0.0",
|
|
45
|
+
"@agentproto/provider-presets": "0.3.0"
|
|
45
46
|
},
|
|
46
47
|
"devDependencies": {
|
|
47
48
|
"@types/node": "^25.6.2",
|