@agentstep/agent-sdk 0.1.0

package/src/handlers/docs.ts

@@ -0,0 +1,87 @@
+const CUSTOM_CSS = `
+/* AgentStep Gateway Design System — Scalar Theme */
+.light-mode {
+  --scalar-color-1: #171717;
+  --scalar-color-2: #525252;
+  --scalar-color-3: #737373;
+  --scalar-color-accent: #65a30d;
+  --scalar-color-green: #65a30d;
+  --scalar-background-1: #ffffff;
+  --scalar-background-2: #f5f5f5;
+  --scalar-background-3: #e5e5e5;
+  --scalar-background-accent: #ecfccb;
+  --scalar-border-color: #e5e5e5;
+  --scalar-sidebar-background-1: #f5f5f5;
+  --scalar-sidebar-color-1: #171717;
+  --scalar-sidebar-color-2: #525252;
+  --scalar-sidebar-color-active: #65a30d;
+  --scalar-sidebar-border-color: #e5e5e5;
+  --scalar-button-1: #171717;
+  --scalar-button-1-color: #ffffff;
+  --scalar-button-1-hover: #262626;
+}
+.dark-mode {
+  --scalar-color-1: #e5e5e5;
+  --scalar-color-2: #a3a3a3;
+  --scalar-color-3: #737373;
+  --scalar-color-accent: #a3e635;
+  --scalar-color-green: #a3e635;
+  --scalar-background-1: #0a0a0a;
+  --scalar-background-2: #171717;
+  --scalar-background-3: #262626;
+  --scalar-background-accent: rgba(163,230,53,0.1);
+  --scalar-border-color: rgba(255,255,255,0.1);
+  --scalar-sidebar-background-1: #171717;
+  --scalar-sidebar-color-1: #e5e5e5;
+  --scalar-sidebar-color-2: #a3a3a3;
+  --scalar-sidebar-color-active: #a3e635;
+  --scalar-sidebar-border-color: rgba(255,255,255,0.1);
+  --scalar-button-1: #a3e635;
+  --scalar-button-1-color: #0a0a0a;
+  --scalar-button-1-hover: #bef264;
+}
+`.trim();
+
+const SCALAR_CONFIG_JSON = JSON.stringify({
+  spec: { url: "/v1/openapi.json" },
+  theme: "none",
+  layout: "modern",
+  documentDownloadType: "direct",
+  darkMode: true,
+  customCss: CUSTOM_CSS,
+  hiddenClients: true,
+  hideGenerateMcpServer: true,
+  metaData: {
+    title: "AgentStep Gateway — API Reference",
+  },
+}).replace(/"/g, """);
+
+const HTML = `<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>AgentStep Gateway — API Reference</title>
+    <link rel="icon" href="/favicon.svg" type="image/svg+xml" />
+    <style>
+      body { margin: 0; }
+    </style>
+  </head>
+  <body>
+    <script
+      id="api-reference"
+      data-configuration="${SCALAR_CONFIG_JSON}"
+    ></script>
+    <script src="https://cdn.jsdelivr.net/npm/@scalar/api-reference"></script>
+  </body>
+</html>
+`;
+
+export async function handleGetDocs(): Promise<Response> {
+  return new Response(HTML, {
+    headers: {
+      "content-type": "text/html; charset=utf-8",
+      "cache-control": "no-cache",
+    },
+  });
+}

package/src/handlers/environments.ts

@@ -0,0 +1,154 @@
+import { z } from "zod";
+import { routeWrap, jsonOk } from "../http";
+import {
+  createEnvironment,
+  getEnvironment,
+  listEnvironments,
+  archiveEnvironment,
+  deleteEnvironment,
+  hasSessionsAttached,
+} from "../db/environments";
+import { kickoffEnvironmentSetup } from "../sprite/setup";
+import { resolveContainerProvider as resolveProvider } from "../providers/registry";
+import { isProxied, markProxied, unmarkProxied } from "../db/proxy";
+import { forwardToAnthropic } from "../proxy/forward";
+import { badRequest, conflict, notFound } from "../errors";
+
+const PackagesSchema = z
+  .object({
+    apt: z.array(z.string()).optional(),
+    cargo: z.array(z.string()).optional(),
+    gem: z.array(z.string()).optional(),
+    go: z.array(z.string()).optional(),
+    npm: z.array(z.string()).optional(),
+    pip: z.array(z.string()).optional(),
+  })
+  .optional();
+
+const NetworkingSchema = z.union([
+  z.object({ type: z.literal("unrestricted") }),
+  z.object({
+    type: z.literal("limited"),
+    allowed_hosts: z.array(z.string()).optional(),
+    allow_mcp_servers: z.boolean().optional(),
+    allow_package_managers: z.boolean().optional(),
+  }),
+]);
+
+const ConfigSchema = z.object({
+  type: z.literal("cloud"),
+  provider: z.enum(["sprites", "docker", "apple", "podman", "e2b", "vercel", "daytona", "fly", "modal"]).optional(),
+  packages: PackagesSchema,
+  networking: NetworkingSchema.optional(),
+});
+
+const CreateSchema = z.object({
+  name: z.string().min(1),
+  config: ConfigSchema,
+  backend: z.enum(["anthropic"]).optional(),
+});
+
+export function handleCreateEnvironment(request: Request): Promise<Response> {
+  return routeWrap(request, async () => {
+    const rawBody = await request.text();
+    const body = rawBody ? JSON.parse(rawBody) : null;
+    const parsed = CreateSchema.safeParse(body);
+    if (!parsed.success) throw badRequest(parsed.error.message);
+
+    if (parsed.data.backend === "anthropic") {
+      const { backend: _, ...rest } = body as Record<string, unknown>;
+      const forwardBody = JSON.stringify(rest);
+      const proxyRes = await forwardToAnthropic(request, "/v1/environments", { body: forwardBody });
+      if (proxyRes.ok) {
+        try {
+          const data = (await proxyRes.clone().json()) as { id: string };
+          markProxied(data.id, "environment");
+        } catch { /* best-effort */ }
+      }
+      return proxyRes;
+    }
+
+    // Pre-flight: check provider is available before creating the environment
+    const providerName = parsed.data.config.provider ?? "sprites";
+    const provider = await resolveProvider(providerName);
+    if (provider.checkAvailability) {
+      const result = await provider.checkAvailability();
+      if (!result.available) {
+        throw badRequest(`Provider "${providerName}" is not available: ${result.message}`);
+      }
+    }
+
+    const env = createEnvironment({
+      name: parsed.data.name,
+      config: parsed.data.config,
+    });
+
+    kickoffEnvironmentSetup(env.id);
+    return jsonOk(env, 201);
+  });
+}
+
+export function handleListEnvironments(request: Request): Promise<Response> {
+  return routeWrap(request, async ({ request: req }) => {
+    const url = new URL(req.url);
+    const limit = url.searchParams.get("limit");
+    const order = url.searchParams.get("order") as "asc" | "desc" | null;
+    const includeArchived = url.searchParams.get("include_archived") === "true";
+    const cursor = url.searchParams.get("page") ?? undefined;
+
+    const data = listEnvironments({
+      limit: limit ? Number(limit) : undefined,
+      order: order ?? undefined,
+      includeArchived,
+      cursor,
+    });
+    return jsonOk({
+      data,
+      next_page: data.length > 0 ? data[data.length - 1].id : null,
+    });
+  });
+}
+
+export function handleGetEnvironment(request: Request, id: string): Promise<Response> {
+  return routeWrap(request, async () => {
+    if (isProxied(id)) return forwardToAnthropic(request, `/v1/environments/${id}`);
+    const env = getEnvironment(id);
+    if (!env) throw notFound(`environment ${id} not found`);
+    return jsonOk(env);
+  });
+}
+
+export function handleDeleteEnvironment(request: Request, id: string): Promise<Response> {
+  return routeWrap(request, async () => {
+    if (isProxied(id)) {
+      const res = await forwardToAnthropic(request, `/v1/environments/${id}`);
+      if (res.ok) unmarkProxied(id);
+      return res;
+    }
+    const env = getEnvironment(id);
+    if (!env) throw notFound(`environment ${id} not found`);
+    if (hasSessionsAttached(id)) {
+      throw conflict(`environment ${id} still has active sessions attached`);
+    }
+    deleteEnvironment(id);
+    return jsonOk({ id, type: "environment_deleted" });
+  });
+}
+
+export function handleArchiveEnvironment(request: Request, id: string): Promise<Response> {
+  return routeWrap(request, async () => {
+    if (isProxied(id)) {
+      const res = await forwardToAnthropic(request, `/v1/environments/${id}/archive`);
+      if (res.ok) unmarkProxied(id);
+      return res;
+    }
+    const existed = getEnvironment(id);
+    if (!existed) throw notFound(`environment ${id} not found`);
+    if (hasSessionsAttached(id)) {
+      throw conflict(`environment ${id} still has active sessions attached`);
+    }
+    archiveEnvironment(id);
+    const env = getEnvironment(id)!;
+    return jsonOk(env);
+  });
+}

package/src/handlers/events.ts

@@ -0,0 +1,234 @@
+import { z } from "zod";
+import { routeWrap, jsonOk } from "../http";
+import { getSession, getSessionRow, setOutcomeCriteria } from "../db/sessions";
+import { listEvents, rowToManagedEvent } from "../db/events";
+import { appendEvent } from "../sessions/bus";
+import { getActor } from "../sessions/actor";
+import { interruptSession } from "../sessions/interrupt";
+import { runTurn, writePermissionResponse } from "../sessions/driver";
+import { enqueueTurn } from "../queue";
+import { pushPendingUserInput, type TurnInput } from "../state";
+import { isProxied } from "../db/proxy";
+import { forwardToAnthropic } from "../proxy/forward";
+import { badRequest, notFound } from "../errors";
+import { getAgent } from "../db/agents";
+import { nowMs } from "../util/clock";
+import type { EventRow } from "../types";
+
+const TextBlock = z.object({ type: z.literal("text"), text: z.string() });
+
+const UserMessage = z.object({
+  type: z.literal("user.message"),
+  content: z.array(TextBlock).min(1),
+});
+
+const UserInterrupt = z.object({ type: z.literal("user.interrupt") });
+
+const UserToolConfirmation = z.object({
+  type: z.literal("user.tool_confirmation"),
+  tool_use_id: z.string().optional(),
+  result: z.enum(["allow", "deny"]).optional(),
+  deny_message: z.string().optional(),
+});
+
+const UserCustomToolResult = z.object({
+  type: z.literal("user.custom_tool_result"),
+  custom_tool_use_id: z.string(),
+  content: z.array(z.unknown()),
+});
+
+const UserDefineOutcome = z.object({
+  type: z.literal("user.define_outcome"),
+  description: z.string().min(1),
+  rubric: z.string().optional(),
+  max_iterations: z.number().int().min(1).max(20).optional(),
+});
+
+const UserEvent = z.union([
+  UserMessage,
+  UserInterrupt,
+  UserToolConfirmation,
+  UserCustomToolResult,
+  UserDefineOutcome,
+]);
+
+const BatchSchema = z.object({
+  events: z.array(UserEvent).min(1),
+});
+
+export function handlePostEvents(request: Request, sessionId: string): Promise<Response> {
+  return routeWrap(request, async () => {
+    if (isProxied(sessionId)) return forwardToAnthropic(request, `/v1/sessions/${sessionId}/events`);
+    const session = getSession(sessionId);
+    if (!session) throw notFound(`session ${sessionId} not found`);
+
+    const body = await request.json().catch(() => null);
+    const parsed = BatchSchema.safeParse(body);
+    if (!parsed.success) throw badRequest(parsed.error.message);
+
+    for (const event of parsed.data.events) {
+      if (event.type === "user.tool_confirmation") {
+        const agent = getAgent(session.agent.id, session.agent.version);
+        if (!agent?.confirmation_mode) {
+          throw badRequest(
+            "user.tool_confirmation is not supported: this agent does not have confirmation_mode enabled. " +
+            "Set confirmation_mode: true on the agent to use tool confirmation.",
+          );
+        }
+      }
+    }
+
+    const idemHeader = request.headers.get("idempotency-key") || request.headers.get("Idempotency-Key");
+    const actor = getActor(sessionId);
+
+    const hasInterrupt = parsed.data.events.some((e) => e.type === "user.interrupt");
+    if (hasInterrupt) {
+      interruptSession(sessionId);
+    }
+
+    const appended: { rows: EventRow[]; pendingForTurn: TurnInput[] } = await actor.enqueue(async () => {
+      const rows: EventRow[] = [];
+      const pendingForTurn: TurnInput[] = [];
+      let sawInterrupt = false;
+
+      for (const [idx, event] of parsed.data.events.entries()) {
+        const ik = idemHeader ? `${idemHeader}:${idx}` : null;
+
+        if (event.type === "user.interrupt") {
+          const row = appendEvent(sessionId, {
+            type: "user.interrupt",
+            payload: {},
+            origin: "user",
+            idempotencyKey: ik,
+            processedAt: nowMs(),
+          });
+          rows.push(row);
+          sawInterrupt = true;
+          continue;
+        }
+
+        if (event.type === "user.message") {
+          const text = event.content.map((b) => b.text).join("");
+          const row = appendEvent(sessionId, {
+            type: "user.message",
+            payload: { content: event.content },
+            origin: "user",
+            idempotencyKey: ik,
+            processedAt: null,
+          });
+          rows.push(row);
+
+          const inp: TurnInput = { kind: "text", eventId: row.id, text };
+          const currentStatus = getSessionRow(sessionId)?.status ?? "idle";
+          if (currentStatus === "running" || sawInterrupt) {
+            pushPendingUserInput({ sessionId, input: inp });
+          } else {
+            pendingForTurn.push(inp);
+          }
+          continue;
+        }
+
+        if (event.type === "user.custom_tool_result") {
+          const row = appendEvent(sessionId, {
+            type: "user.custom_tool_result",
+            payload: {
+              custom_tool_use_id: event.custom_tool_use_id,
+              content: event.content,
+            },
+            origin: "user",
+            idempotencyKey: ik,
+            processedAt: nowMs(),
+          });
+          rows.push(row);
+
+          const inp: TurnInput = {
+            kind: "tool_result",
+            eventId: row.id,
+            custom_tool_use_id: event.custom_tool_use_id,
+            content: event.content as unknown[],
+          };
+          const currentStatus = getSessionRow(sessionId)?.status ?? "idle";
+          if (currentStatus === "running" || sawInterrupt) {
+            pushPendingUserInput({ sessionId, input: inp });
+          } else {
+            pendingForTurn.push(inp);
+          }
+          continue;
+        }
+
+        if (event.type === "user.tool_confirmation") {
+          const confirmResult = event.result ?? "allow";
+          const row = appendEvent(sessionId, {
+            type: "user.tool_confirmation",
+            payload: {
+              tool_use_id: event.tool_use_id ?? null,
+              result: confirmResult,
+              deny_message: event.deny_message ?? null,
+            },
+            origin: "user",
+            idempotencyKey: ik,
+            processedAt: nowMs(),
+          });
+          rows.push(row);
+
+          void writePermissionResponse(
+            sessionId,
+            confirmResult,
+            event.deny_message ?? undefined,
+          ).catch((err: unknown) => {
+            console.warn(`[events] writePermissionResponse failed:`, err);
+          });
+          continue;
+        }
+
+        if (event.type === "user.define_outcome") {
+          const { type: _type, ...criteria } = event;
+          const row = appendEvent(sessionId, {
+            type: "user.define_outcome",
+            payload: criteria,
+            origin: "user",
+            idempotencyKey: ik,
+            processedAt: nowMs(),
+          });
+          rows.push(row);
+          setOutcomeCriteria(sessionId, criteria);
+          continue;
+        }
+      }
+
+      return { rows, pendingForTurn };
+    });
+
+    if (appended.pendingForTurn.length > 0) {
+      const row = getSessionRow(sessionId);
+      if (row) {
+        void enqueueTurn(row.environment_id, () => runTurn(sessionId, appended.pendingForTurn)).catch(
+          (err: unknown) => {
+            console.error(`[events] enqueueTurn failed:`, err);
+          },
+        );
+      }
+    }
+
+    return jsonOk({ events: appended.rows.map(rowToManagedEvent) });
+  });
+}
+
+export function handleListEvents(request: Request, sessionId: string): Promise<Response> {
+  return routeWrap(request, async () => {
+    if (isProxied(sessionId)) return forwardToAnthropic(request, `/v1/sessions/${sessionId}/events`);
+    const session = getSession(sessionId);
+    if (!session) throw notFound(`session ${sessionId} not found`);
+
+    const url = new URL(request.url);
+    const limit = Number(url.searchParams.get("limit") ?? "50");
+    const order = (url.searchParams.get("order") === "desc" ? "desc" : "asc") as "asc" | "desc";
+    const afterSeq = Number(url.searchParams.get("after_seq") ?? "0");
+
+    const rows = listEvents(sessionId, { limit, order, afterSeq });
+    return jsonOk({
+      data: rows.map(rowToManagedEvent),
+      next_page: rows.length > 0 ? String(rows[rows.length - 1].seq) : null,
+    });
+  });
+}

package/src/handlers/index.ts

@@ -0,0 +1,12 @@
+export { handleCreateAgent, handleListAgents, handleGetAgent, handleUpdateAgent, handleDeleteAgent } from "./agents";
+export { handleCreateEnvironment, handleListEnvironments, handleGetEnvironment, handleDeleteEnvironment, handleArchiveEnvironment } from "./environments";
+export { handleCreateSession, handleListSessions, handleGetSession, handleUpdateSession, handleDeleteSession, handleArchiveSession } from "./sessions";
+export { handlePostEvents, handleListEvents } from "./events";
+export { handleSessionStream } from "./stream";
+export { handleCreateVault, handleListVaults, handleGetVault, handleDeleteVault, handleListEntries, handleGetEntry, handlePutEntry, handleDeleteEntry } from "./vaults";
+export { handleBatch } from "./batch";
+export { handleListThreads } from "./threads";
+export { handleCreateMemoryStore, handleListMemoryStores, handleGetMemoryStore, handleDeleteMemoryStore, handleCreateMemory, handleListMemories, handleGetMemory, handleUpdateMemory, handleDeleteMemory } from "./memory";
+export { handleGetOpenApiSpec } from "./openapi";
+export { handleGetDocs } from "./docs";
+export { handleGetUI } from "./ui";

package/src/handlers/memory.ts

@@ -0,0 +1,141 @@
+import { z } from "zod";
+import { routeWrap, jsonOk } from "../http";
+import {
+  createMemoryStore,
+  getMemoryStore,
+  listMemoryStores,
+  deleteMemoryStore,
+  createOrUpsertMemory,
+  getMemory,
+  listMemories,
+  updateMemory,
+  deleteMemory,
+} from "../db/memory";
+import { badRequest, notFound, conflict } from "../errors";
+
+// ── Memory Stores ─────────────────────────────────────────���──────────────
+
+const CreateStoreSchema = z.object({
+  name: z.string().min(1),
+  description: z.string().optional(),
+});
+
+export function handleCreateMemoryStore(request: Request): Promise<Response> {
+  return routeWrap(request, async () => {
+    const body = await request.json();
+    const parsed = CreateStoreSchema.safeParse(body);
+    if (!parsed.success) throw badRequest(parsed.error.message);
+
+    const store = createMemoryStore({
+      name: parsed.data.name,
+      description: parsed.data.description,
+    });
+    return jsonOk(store, 201);
+  });
+}
+
+export function handleListMemoryStores(request: Request): Promise<Response> {
+  return routeWrap(request, async () => {
+    const data = listMemoryStores();
+    return jsonOk({ data });
+  });
+}
+
+export function handleGetMemoryStore(request: Request, id: string): Promise<Response> {
+  return routeWrap(request, async () => {
+    const store = getMemoryStore(id);
+    if (!store) throw notFound(`memory store not found: ${id}`);
+    return jsonOk(store);
+  });
+}
+
+export function handleDeleteMemoryStore(request: Request, id: string): Promise<Response> {
+  return routeWrap(request, async () => {
+    const deleted = deleteMemoryStore(id);
+    if (!deleted) throw notFound(`memory store not found: ${id}`);
+    return jsonOk({ id, type: "memory_store_deleted" });
+  });
+}
+
+// ── Memories ─────────────────────────────────────────────────────────────
+
+const CreateMemorySchema = z.object({
+  path: z.string().min(1),
+  content: z.string(),
+});
+
+const UpdateMemorySchema = z.object({
+  content: z.string(),
+  content_sha256: z.string().optional(),
+});
+
+export function handleCreateMemory(request: Request, storeId: string): Promise<Response> {
+  return routeWrap(request, async () => {
+    const store = getMemoryStore(storeId);
+    if (!store) throw notFound(`memory store not found: ${storeId}`);
+
+    const body = await request.json();
+    const parsed = CreateMemorySchema.safeParse(body);
+    if (!parsed.success) throw badRequest(parsed.error.message);
+
+    const memory = createOrUpsertMemory(storeId, parsed.data.path, parsed.data.content);
+    return jsonOk(memory, 201);
+  });
+}
+
+export function handleListMemories(request: Request, storeId: string): Promise<Response> {
+  return routeWrap(request, async () => {
+    const store = getMemoryStore(storeId);
+    if (!store) throw notFound(`memory store not found: ${storeId}`);
+
+    const data = listMemories(storeId);
+    return jsonOk({ data });
+  });
+}
+
+export function handleGetMemory(request: Request, storeId: string, memId: string): Promise<Response> {
+  return routeWrap(request, async () => {
+    const store = getMemoryStore(storeId);
+    if (!store) throw notFound(`memory store not found: ${storeId}`);
+
+    const memory = getMemory(memId);
+    if (!memory || memory.store_id !== storeId) throw notFound(`memory not found: ${memId}`);
+    return jsonOk(memory);
+  });
+}
+
+export function handleUpdateMemory(request: Request, storeId: string, memId: string): Promise<Response> {
+  return routeWrap(request, async () => {
+    const store = getMemoryStore(storeId);
+    if (!store) throw notFound(`memory store not found: ${storeId}`);
+
+    const body = await request.json();
+    const parsed = UpdateMemorySchema.safeParse(body);
+    if (!parsed.success) throw badRequest(parsed.error.message);
+
+    const { memory, conflict: isConflict } = updateMemory(
+      memId,
+      parsed.data.content,
+      parsed.data.content_sha256,
+    );
+
+    if (isConflict) {
+      throw conflict(
+        `content_sha256 precondition failed: the memory has been modified since you last read it. Re-read and retry.`,
+      );
+    }
+    if (!memory) throw notFound(`memory not found: ${memId}`);
+    return jsonOk(memory);
+  });
+}
+
+export function handleDeleteMemory(request: Request, storeId: string, memId: string): Promise<Response> {
+  return routeWrap(request, async () => {
+    const store = getMemoryStore(storeId);
+    if (!store) throw notFound(`memory store not found: ${storeId}`);
+
+    const deleted = deleteMemory(memId);
+    if (!deleted) throw notFound(`memory not found: ${memId}`);
+    return jsonOk({ id: memId, type: "memory_deleted" });
+  });
+}

package/src/handlers/openapi.ts

@@ -0,0 +1,14 @@
+import { buildOpenApiDocument } from "../openapi/spec";
+
+function originFromRequest(request: Request): string {
+  const headers = request.headers;
+  const proto = headers.get("x-forwarded-proto") ?? new URL(request.url).protocol.replace(":", "");
+  const host = headers.get("x-forwarded-host") ?? headers.get("host") ?? new URL(request.url).host;
+  return `${proto}://${host}`;
+}
+
+export async function handleGetOpenApiSpec(request: Request): Promise<Response> {
+  const serverUrl = originFromRequest(request);
+  const doc = buildOpenApiDocument({ serverUrl });
+  return Response.json(doc);
+}