@alexkroman1/aai 0.10.1 → 0.10.3

package/dist/_embeddings.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Shared embedding helpers for vector stores.
+ *
+ * Provides local embedding via `all-MiniLM-L6-v2` (384 dims),
+ * a deterministic test embedding function, and cosine similarity.
+ */
+/** Function that converts text into an embedding vector. */
+export type EmbedFn = (text: string) => Promise<number[]>;
+export declare const DEFAULT_DIMENSIONS = 384;
+/**
+ * Create a local embedding function using `all-MiniLM-L6-v2`.
+ *
+ * The model is downloaded on first use (~86 MB) and cached locally.
+ * Subsequent calls load from cache in ~90ms. Each embedding takes <2ms.
+ */
+export declare function createLocalEmbedFn(cacheDir: string): EmbedFn;
+/**
+ * Create a deterministic hash-based embedding function for testing.
+ *
+ * Produces repeatable vectors where similar text yields similar embeddings.
+ * Not suitable for production — use the default local model instead.
+ *
+ * @param dimensions - Vector dimensions (default: 384).
+ */
+export declare function createTestEmbedFn(dimensions?: number): EmbedFn;
+/** Cosine similarity between two Float32Array vectors. */
+export declare function cosineSimilarity(a: Float32Array, b: Float32Array): number;
+/** Encode an embedding as a base64 string. */
+export declare function encodeEmbedding(vec: Float32Array | number[]): string;
+/** Decode a base64 string back to a Float32Array embedding. */
+export declare function decodeEmbedding(b64: string): Float32Array;

package/dist/_internal-types-IfPcaJd5.js

@@ -0,0 +1,61 @@
+import { i as ToolChoiceSchema, t as BuiltinToolSchema } from "./types-D8ZBxTL_.js";
+import { z } from "zod";
+//#region _internal-types.ts
+/**
+* Zod schema for serializable agent configuration sent over the wire.
+*
+* This is the JSON-safe subset of the agent definition that can be
+* transmitted between the worker and the host process via structured clone.
+*/
+const AgentConfigSchema = z.object({
+	name: z.string().min(1),
+	instructions: z.string(),
+	greeting: z.string(),
+	sttPrompt: z.string().optional(),
+	maxSteps: z.number().int().positive().optional(),
+	toolChoice: ToolChoiceSchema.optional(),
+	builtinTools: z.array(BuiltinToolSchema).readonly().optional(),
+	idleTimeoutMs: z.number().nonnegative().optional()
+});
+/** Extract the serializable {@link AgentConfig} subset from a source object. */
+function toAgentConfig(src) {
+	const config = {
+		name: src.name,
+		instructions: src.instructions,
+		greeting: src.greeting
+	};
+	if (src.sttPrompt !== void 0) config.sttPrompt = src.sttPrompt;
+	if (typeof src.maxSteps !== "function" && src.maxSteps !== void 0) config.maxSteps = src.maxSteps;
+	if (src.toolChoice !== void 0) config.toolChoice = src.toolChoice;
+	if (src.builtinTools) config.builtinTools = [...src.builtinTools];
+	if (src.idleTimeoutMs !== void 0) config.idleTimeoutMs = src.idleTimeoutMs;
+	return config;
+}
+/**
+* Zod schema for serialized tool definitions sent over the wire.
+*
+* `parameters` must be a valid JSON Schema object (with `type`, `properties`,
+* etc.) — the Vercel AI SDK wraps it via `jsonSchema()`.
+*/
+const ToolSchemaSchema = z.object({
+	name: z.string().min(1),
+	description: z.string().min(1),
+	parameters: z.record(z.string(), z.unknown())
+});
+/** Empty Zod object schema used as default when tools have no parameters. */
+const EMPTY_PARAMS = z.object({});
+/**
+* Convert agent tool definitions to JSON Schema format for wire transport.
+*
+* Transforms the Zod-based `parameters` of each tool into a plain JSON Schema
+* object suitable for structured clone / JSON serialization.
+*/
+function agentToolsToSchemas(tools) {
+	return Object.entries(tools).map(([name, def]) => ({
+		name,
+		description: def.description,
+		parameters: z.toJSONSchema(def.parameters ?? EMPTY_PARAMS)
+	}));
+}
+//#endregion
+export { toAgentConfig as a, agentToolsToSchemas as i, EMPTY_PARAMS as n, ToolSchemaSchema as r, AgentConfigSchema as t };

package/dist/_internal-types.js

@@ -1,61 +1,2 @@
-import { BuiltinToolSchema, ToolChoiceSchema } from "./types.js";
-import { z } from "zod";
-//#region _internal-types.ts
-/**
-* Zod schema for serializable agent configuration sent over the wire.
-*
-* This is the JSON-safe subset of the agent definition that can be
-* transmitted between the worker and the host process via structured clone.
-*/
-const AgentConfigSchema = z.object({
-	name: z.string().min(1),
-	instructions: z.string(),
-	greeting: z.string(),
-	sttPrompt: z.string().optional(),
-	maxSteps: z.number().int().positive().optional(),
-	toolChoice: ToolChoiceSchema.optional(),
-	builtinTools: z.array(BuiltinToolSchema).readonly().optional(),
-	idleTimeoutMs: z.number().nonnegative().optional()
-});
-/** Extract the serializable {@link AgentConfig} subset from a source object. */
-function toAgentConfig(src) {
-	const config = {
-		name: src.name,
-		instructions: src.instructions,
-		greeting: src.greeting
-	};
-	if (src.sttPrompt !== void 0) config.sttPrompt = src.sttPrompt;
-	if (typeof src.maxSteps !== "function" && src.maxSteps !== void 0) config.maxSteps = src.maxSteps;
-	if (src.toolChoice !== void 0) config.toolChoice = src.toolChoice;
-	if (src.builtinTools) config.builtinTools = [...src.builtinTools];
-	if (src.idleTimeoutMs !== void 0) config.idleTimeoutMs = src.idleTimeoutMs;
-	return config;
-}
-/**
-* Zod schema for serialized tool definitions sent over the wire.
-*
-* `parameters` must be a valid JSON Schema object (with `type`, `properties`,
-* etc.) — the Vercel AI SDK wraps it via `jsonSchema()`.
-*/
-const ToolSchemaSchema = z.object({
-	name: z.string().min(1),
-	description: z.string().min(1),
-	parameters: z.record(z.string(), z.unknown())
-});
-/** Empty Zod object schema used as default when tools have no parameters. */
-const EMPTY_PARAMS = z.object({});
-/**
-* Convert agent tool definitions to JSON Schema format for wire transport.
-*
-* Transforms the Zod-based `parameters` of each tool into a plain JSON Schema
-* object suitable for structured clone / JSON serialization.
-*/
-function agentToolsToSchemas(tools) {
-	return Object.entries(tools).map(([name, def]) => ({
-		name,
-		description: def.description,
-		parameters: z.toJSONSchema(def.parameters ?? EMPTY_PARAMS)
-	}));
-}
-//#endregion
+import { a as toAgentConfig, i as agentToolsToSchemas, n as EMPTY_PARAMS, r as ToolSchemaSchema, t as AgentConfigSchema } from "./_internal-types-IfPcaJd5.js";
 export { AgentConfigSchema, EMPTY_PARAMS, ToolSchemaSchema, agentToolsToSchemas, toAgentConfig };

package/dist/_ssrf-DCp_27V4.js

@@ -0,0 +1,123 @@
+import { lookup } from "node:dns/promises";
+import { BlockList } from "node:net";
+//#region _ssrf.ts
+/**
+* SSRF protection for AAI network tools.
+*
+* Validates URLs against private/reserved IP ranges and handles redirects
+* safely by re-validating each redirect target. Used by both the SDK
+* (self-hosted built-in tools) and the platform server.
+*/
+const privateBlocks = new BlockList();
+for (const [prefix, bits] of [
+	["0.0.0.0", 8],
+	["10.0.0.0", 8],
+	["100.64.0.0", 10],
+	["127.0.0.0", 8],
+	["169.254.0.0", 16],
+	["172.16.0.0", 12],
+	["192.0.0.0", 24],
+	["192.168.0.0", 16],
+	["198.18.0.0", 15],
+	["224.0.0.0", 4],
+	["240.0.0.0", 4]
+]) privateBlocks.addSubnet(prefix, bits, "ipv4");
+for (const [prefix, bits] of [
+	["::1", 128],
+	["::", 128],
+	["fc00::", 7],
+	["fe80::", 10],
+	["ff00::", 8]
+]) privateBlocks.addSubnet(prefix, bits, "ipv6");
+/**
+* Check whether an IP address falls within a private or reserved range.
+*
+* @param ip - An IPv4 or IPv6 address string.
+* @returns `true` if the address is in a private/reserved range.
+*/
+function isPrivateIp(ip) {
+	const type = ip.includes(":") ? "ipv6" : "ipv4";
+	return privateBlocks.check(ip, type);
+}
+/**
+* Detect IPv4-mapped IPv6 addresses and extract the embedded IPv4.
+* Handles both dotted form (`::ffff:127.0.0.1`) and hex form (`::ffff:7f00:1`).
+*/
+function extractMappedIp(ip) {
+	const mappedDotted = ip.match(/^::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/i);
+	if (mappedDotted) return mappedDotted[1];
+	const mappedHex = ip.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i);
+	if (mappedHex) {
+		const hi = Number.parseInt(mappedHex[1], 16);
+		const lo = Number.parseInt(mappedHex[2], 16);
+		return `${hi >> 8 & 255}.${hi & 255}.${lo >> 8 & 255}.${lo & 255}`;
+	}
+	return ip;
+}
+function isBlockedHostname(hostname) {
+	const lower = hostname.toLowerCase();
+	return lower === "localhost" || lower.endsWith(".local") || lower.endsWith(".internal") || lower === "169.254.169.254";
+}
+function isLiteralIp(hostname) {
+	return /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname) || hostname.includes(":");
+}
+/** Resolve hostname and block if it points to a private IP (DNS rebinding). */
+async function assertDnsResolvesPublic(hostname) {
+	try {
+		const { address } = await Promise.race([lookup(hostname), new Promise((_, reject) => setTimeout(() => reject(/* @__PURE__ */ new Error("DNS lookup timed out")), 2e3))]);
+		const resolved = extractMappedIp(address);
+		if (isPrivateIp(address) || isPrivateIp(resolved)) throw new Error(`Blocked request: ${hostname} resolves to private address ${address}`);
+	} catch (err) {
+		if (err instanceof Error && err.message.startsWith("Blocked request")) throw err;
+	}
+}
+/**
+* SSRF guard: assert that a URL targets a public internet address.
+*
+* Blocks requests to:
+* - Private IPv4 ranges (RFC 1918: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
+* - Loopback (127.0.0.0/8), link-local (169.254.0.0/16), shared (100.64.0.0/10)
+* - IPv4-mapped IPv6 addresses embedding private IPs (e.g. `::ffff:127.0.0.1`)
+* - IPv6 loopback (`::1`), ULA (`fc00::/7`), link-local (`fe80::/10`)
+* - `localhost`, `.local` (mDNS), `.internal` domains
+* - Cloud metadata endpoints (`169.254.169.254`, `metadata.google.internal`)
+* - Non-http(s) schemes (e.g. `file:`, `ftp:`)
+* - Hostnames that resolve to private IPs via DNS (prevents DNS rebinding)
+*
+* @param url - The URL to validate (must be parseable by `new URL()`).
+* @throws {Error} If the URL targets a private/reserved address or uses a
+*   disallowed protocol scheme.
+*/
+async function assertPublicUrl(url) {
+	const parsed = new URL(url);
+	const hostname = parsed.hostname.replace(/^\[|\]$/g, "");
+	const effective = extractMappedIp(hostname);
+	if (isPrivateIp(hostname) || isPrivateIp(effective)) throw new Error(`Blocked request to private address: ${hostname}`);
+	if (isBlockedHostname(hostname)) throw new Error(`Blocked request to private address: ${hostname}`);
+	if (parsed.protocol !== "http:" && parsed.protocol !== "https:") throw new Error(`Blocked request with disallowed protocol: ${parsed.protocol}`);
+	if (!isLiteralIp(hostname)) await assertDnsResolvesPublic(hostname);
+}
+/** Maximum number of redirects to follow manually. */
+const MAX_REDIRECTS = 5;
+/**
+* Fetch with SSRF-safe redirect handling: validates each redirect URL
+* against private/reserved IP ranges before following.
+*/
+async function ssrfSafeFetch(url, init, fetchFn) {
+	await assertPublicUrl(url);
+	let currentUrl = url;
+	for (let i = 0; i <= MAX_REDIRECTS; i++) {
+		const resp = await fetchFn(currentUrl, {
+			...init,
+			redirect: "manual"
+		});
+		if (resp.status < 300 || resp.status >= 400) return resp;
+		const location = resp.headers.get("location");
+		if (!location) return resp;
+		currentUrl = new URL(location, currentUrl).href;
+		await assertPublicUrl(currentUrl);
+	}
+	throw new Error("Too many redirects");
+}
+//#endregion
+export { isPrivateIp as n, ssrfSafeFetch as r, assertPublicUrl as t };

package/dist/_ssrf.js

@@ -1,123 +1,2 @@
-import { lookup } from "node:dns/promises";
-import { BlockList } from "node:net";
-//#region _ssrf.ts
-/**
-* SSRF protection for AAI network tools.
-*
-* Validates URLs against private/reserved IP ranges and handles redirects
-* safely by re-validating each redirect target. Used by both the SDK
-* (self-hosted built-in tools) and the platform server.
-*/
-const privateBlocks = new BlockList();
-for (const [prefix, bits] of [
-	["0.0.0.0", 8],
-	["10.0.0.0", 8],
-	["100.64.0.0", 10],
-	["127.0.0.0", 8],
-	["169.254.0.0", 16],
-	["172.16.0.0", 12],
-	["192.0.0.0", 24],
-	["192.168.0.0", 16],
-	["198.18.0.0", 15],
-	["224.0.0.0", 4],
-	["240.0.0.0", 4]
-]) privateBlocks.addSubnet(prefix, bits, "ipv4");
-for (const [prefix, bits] of [
-	["::1", 128],
-	["::", 128],
-	["fc00::", 7],
-	["fe80::", 10],
-	["ff00::", 8]
-]) privateBlocks.addSubnet(prefix, bits, "ipv6");
-/**
-* Check whether an IP address falls within a private or reserved range.
-*
-* @param ip - An IPv4 or IPv6 address string.
-* @returns `true` if the address is in a private/reserved range.
-*/
-function isPrivateIp(ip) {
-	const type = ip.includes(":") ? "ipv6" : "ipv4";
-	return privateBlocks.check(ip, type);
-}
-/**
-* Detect IPv4-mapped IPv6 addresses and extract the embedded IPv4.
-* Handles both dotted form (`::ffff:127.0.0.1`) and hex form (`::ffff:7f00:1`).
-*/
-function extractMappedIp(ip) {
-	const mappedDotted = ip.match(/^::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/i);
-	if (mappedDotted) return mappedDotted[1];
-	const mappedHex = ip.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i);
-	if (mappedHex) {
-		const hi = Number.parseInt(mappedHex[1], 16);
-		const lo = Number.parseInt(mappedHex[2], 16);
-		return `${hi >> 8 & 255}.${hi & 255}.${lo >> 8 & 255}.${lo & 255}`;
-	}
-	return ip;
-}
-function isBlockedHostname(hostname) {
-	const lower = hostname.toLowerCase();
-	return lower === "localhost" || lower.endsWith(".local") || lower.endsWith(".internal") || lower === "169.254.169.254";
-}
-function isLiteralIp(hostname) {
-	return /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname) || hostname.includes(":");
-}
-/** Resolve hostname and block if it points to a private IP (DNS rebinding). */
-async function assertDnsResolvesPublic(hostname) {
-	try {
-		const { address } = await Promise.race([lookup(hostname), new Promise((_, reject) => setTimeout(() => reject(/* @__PURE__ */ new Error("DNS lookup timed out")), 2e3))]);
-		const resolved = extractMappedIp(address);
-		if (isPrivateIp(address) || isPrivateIp(resolved)) throw new Error(`Blocked request: ${hostname} resolves to private address ${address}`);
-	} catch (err) {
-		if (err instanceof Error && err.message.startsWith("Blocked request")) throw err;
-	}
-}
-/**
-* SSRF guard: assert that a URL targets a public internet address.
-*
-* Blocks requests to:
-* - Private IPv4 ranges (RFC 1918: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
-* - Loopback (127.0.0.0/8), link-local (169.254.0.0/16), shared (100.64.0.0/10)
-* - IPv4-mapped IPv6 addresses embedding private IPs (e.g. `::ffff:127.0.0.1`)
-* - IPv6 loopback (`::1`), ULA (`fc00::/7`), link-local (`fe80::/10`)
-* - `localhost`, `.local` (mDNS), `.internal` domains
-* - Cloud metadata endpoints (`169.254.169.254`, `metadata.google.internal`)
-* - Non-http(s) schemes (e.g. `file:`, `ftp:`)
-* - Hostnames that resolve to private IPs via DNS (prevents DNS rebinding)
-*
-* @param url - The URL to validate (must be parseable by `new URL()`).
-* @throws {Error} If the URL targets a private/reserved address or uses a
-*   disallowed protocol scheme.
-*/
-async function assertPublicUrl(url) {
-	const parsed = new URL(url);
-	const hostname = parsed.hostname.replace(/^\[|\]$/g, "");
-	const effective = extractMappedIp(hostname);
-	if (isPrivateIp(hostname) || isPrivateIp(effective)) throw new Error(`Blocked request to private address: ${hostname}`);
-	if (isBlockedHostname(hostname)) throw new Error(`Blocked request to private address: ${hostname}`);
-	if (parsed.protocol !== "http:" && parsed.protocol !== "https:") throw new Error(`Blocked request with disallowed protocol: ${parsed.protocol}`);
-	if (!isLiteralIp(hostname)) await assertDnsResolvesPublic(hostname);
-}
-/** Maximum number of redirects to follow manually. */
-const MAX_REDIRECTS = 5;
-/**
-* Fetch with SSRF-safe redirect handling: validates each redirect URL
-* against private/reserved IP ranges before following.
-*/
-async function ssrfSafeFetch(url, init, fetchFn) {
-	await assertPublicUrl(url);
-	let currentUrl = url;
-	for (let i = 0; i <= MAX_REDIRECTS; i++) {
-		const resp = await fetchFn(currentUrl, {
-			...init,
-			redirect: "manual"
-		});
-		if (resp.status < 300 || resp.status >= 400) return resp;
-		const location = resp.headers.get("location");
-		if (!location) return resp;
-		currentUrl = new URL(location, currentUrl).href;
-		await assertPublicUrl(currentUrl);
-	}
-	throw new Error("Too many redirects");
-}
-//#endregion
+import { n as isPrivateIp, r as ssrfSafeFetch, t as assertPublicUrl } from "./_ssrf-DCp_27V4.js";
 export { assertPublicUrl, isPrivateIp, ssrfSafeFetch };

package/dist/_utils-DgzpOMSV.js

@@ -0,0 +1,61 @@
+//#region _utils.ts
+/** Shared utility functions. */
+/** Extract an error message from an unknown thrown value. */
+function errorMessage(err) {
+	return err instanceof Error ? err.message : String(err);
+}
+/** Extract a detailed error string (message + stack) for diagnostic logging. */
+function errorDetail(err) {
+	if (err instanceof Error) return err.stack ?? err.message;
+	return String(err);
+}
+/** Filter out undefined values from an env record. */
+function filterEnv(env) {
+	return Object.fromEntries(Object.entries(env).filter((e) => e[1] !== void 0));
+}
+/** Set of filesystem operations that are safe for read-only access. */
+const READ_ONLY_FS_OPS = new Set([
+	"read",
+	"stat",
+	"readdir",
+	"exists"
+]);
+/** Check whether a filesystem operation is a read-only operation. */
+function isReadOnlyFsOp(op) {
+	return READ_ONLY_FS_OPS.has(op);
+}
+/**
+* Safely extract the port from `server.address()`, guarding against the
+* string (pipe/socket) and null return types.
+*/
+function getServerPort(addr) {
+	if (addr && typeof addr === "object" && "port" in addr && typeof addr.port === "number") return addr.port;
+	throw new Error(`Expected server address with numeric port, got: ${JSON.stringify(addr)}`);
+}
+/**
+* Lazily initialized per-session state manager.
+*
+* On first access for a given session, calls `initState()` (if provided) to
+* create the initial state. Returns `{}` if no initializer and no prior state.
+*/
+function createSessionStateMap(initState) {
+	const map = /* @__PURE__ */ new Map();
+	return {
+		get(sessionId) {
+			if (!map.has(sessionId) && initState) map.set(sessionId, initState());
+			return map.get(sessionId) ?? {};
+		},
+		set(sessionId, state) {
+			map.set(sessionId, state);
+		},
+		delete(sessionId) {
+			return map.delete(sessionId);
+		}
+	};
+}
+/** Return a JSON error string for the LLM: `'{"error":"<message>"}'`. */
+function toolError(message) {
+	return JSON.stringify({ error: message });
+}
+//#endregion
+export { getServerPort as a, filterEnv as i, errorDetail as n, isReadOnlyFsOp as o, errorMessage as r, toolError as s, createSessionStateMap as t };

package/dist/_utils.js

@@ -1,61 +1,2 @@
-//#region _utils.ts
-/** Shared utility functions. */
-/** Extract an error message from an unknown thrown value. */
-function errorMessage(err) {
-	return err instanceof Error ? err.message : String(err);
-}
-/** Extract a detailed error string (message + stack) for diagnostic logging. */
-function errorDetail(err) {
-	if (err instanceof Error) return err.stack ?? err.message;
-	return String(err);
-}
-/** Filter out undefined values from an env record. */
-function filterEnv(env) {
-	return Object.fromEntries(Object.entries(env).filter((e) => e[1] !== void 0));
-}
-/** Set of filesystem operations that are safe for read-only access. */
-const READ_ONLY_FS_OPS = new Set([
-	"read",
-	"stat",
-	"readdir",
-	"exists"
-]);
-/** Check whether a filesystem operation is a read-only operation. */
-function isReadOnlyFsOp(op) {
-	return READ_ONLY_FS_OPS.has(op);
-}
-/**
-* Safely extract the port from `server.address()`, guarding against the
-* string (pipe/socket) and null return types.
-*/
-function getServerPort(addr) {
-	if (addr && typeof addr === "object" && "port" in addr && typeof addr.port === "number") return addr.port;
-	throw new Error(`Expected server address with numeric port, got: ${JSON.stringify(addr)}`);
-}
-/**
-* Lazily initialized per-session state manager.
-*
-* On first access for a given session, calls `initState()` (if provided) to
-* create the initial state. Returns `{}` if no initializer and no prior state.
-*/
-function createSessionStateMap(initState) {
-	const map = /* @__PURE__ */ new Map();
-	return {
-		get(sessionId) {
-			if (!map.has(sessionId) && initState) map.set(sessionId, initState());
-			return map.get(sessionId) ?? {};
-		},
-		set(sessionId, state) {
-			map.set(sessionId, state);
-		},
-		delete(sessionId) {
-			return map.delete(sessionId);
-		}
-	};
-}
-/** Return a JSON error string for the LLM: `'{"error":"<message>"}'`. */
-function toolError(message) {
-	return JSON.stringify({ error: message });
-}
-//#endregion
+import { a as getServerPort, i as filterEnv, n as errorDetail, o as isReadOnlyFsOp, r as errorMessage, s as toolError, t as createSessionStateMap } from "./_utils-DgzpOMSV.js";
 export { createSessionStateMap, errorDetail, errorMessage, filterEnv, getServerPort, isReadOnlyFsOp, toolError };

package/dist/{direct-executor-Ca0wt5H0.js → direct-executor-B-5mq3cu.js}

@@ -1,15 +1,15 @@
-import { defineTool } from "./types.js";
-import { EMPTY_PARAMS, agentToolsToSchemas, toAgentConfig } from "./_internal-types.js";
-import { ssrfSafeFetch } from "./_ssrf.js";
-import { createSessionStateMap, errorMessage, isReadOnlyFsOp, toolError } from "./_utils.js";
-import { runAfterToolCallMiddleware, runAfterTurnMiddleware, runBeforeTurnMiddleware, runInputFilters, runOutputFilters, runToolCallInterceptors } from "./middleware-core.js";
-import { DEFAULT_S2S_CONFIG, consoleLogger } from "./runtime.js";
-import { n as createS2sSession } from "./session-BkN9u0ni.js";
-import { createSqliteKv } from "./sqlite-kv.js";
-import { createSqliteVectorStore } from "./sqlite-vector.js";
-import { executeToolCall } from "./worker-entry.js";
+import { s as defineTool } from "./types-D8ZBxTL_.js";
+import { t as createUnstorageVectorStore } from "./unstorage-vector-Cj5llNhg.js";
+import { a as toAgentConfig, i as agentToolsToSchemas, n as EMPTY_PARAMS } from "./_internal-types-IfPcaJd5.js";
+import { r as ssrfSafeFetch } from "./_ssrf-DCp_27V4.js";
+import { o as isReadOnlyFsOp, r as errorMessage, s as toolError, t as createSessionStateMap } from "./_utils-DgzpOMSV.js";
+import { a as runOutputFilters, i as runInputFilters, n as runAfterTurnMiddleware, o as runToolCallInterceptors, r as runBeforeTurnMiddleware, t as runAfterToolCallMiddleware } from "./middleware-core-BwyBIPed.js";
+import { n as consoleLogger, t as DEFAULT_S2S_CONFIG } from "./runtime-CxcwaK68.js";
+import { n as createS2sSession } from "./session-BYlwcrya.js";
+import { t as createUnstorageKv } from "./unstorage-kv-CDgP-frt.js";
+import { t as executeToolCall } from "./worker-entry-2jaiqIj0.js";
 import { z } from "zod";
-import { mkdirSync } from "node:fs";
+import { createStorage } from "unstorage";
 //#region _run-code.ts
 /**
 * run_code built-in tool — executes user JavaScript in a fresh secure-exec
@@ -415,15 +415,13 @@ function getBuiltinToolSchemas(names) {
 * In self-hosted mode, agent code is trusted (you're running your own code).
 * Tools execute directly in-process — no sandbox, no RPC.
 */
-/** Create a SQLite-backed KV store in `.aai/local.db`. */
+/** Create an in-memory KV store (default for self-hosted). */
 function createLocalKv() {
-	mkdirSync(".aai", { recursive: true });
-	return createSqliteKv();
+	return createUnstorageKv({ storage: createStorage() });
 }
-/** Create a SQLite-vec backed vector store in `.aai/vectors.db`. */
+/** Create an in-memory vector store (default for self-hosted). */
 function createLocalVectorStore() {
-	mkdirSync(".aai", { recursive: true });
-	return createSqliteVectorStore({ path: ".aai/vectors.db" });
+	return createUnstorageVectorStore({ storage: createStorage() });
 }
 /**
 * Create a direct (in-process) tool executor and hook invoker for an agent.

package/dist/index.js

@@ -1,2 +1,2 @@
-import { createToolFactory, defineAgent, defineTool } from "./types.js";
+import { a as createToolFactory, o as defineAgent, s as defineTool } from "./types-D8ZBxTL_.js";
 export { createToolFactory, defineAgent, defineTool, defineTool as tool };

package/dist/kv-iXtikQmR.js

@@ -0,0 +1,32 @@
+//#region kv.ts
+const MAX_VALUE_SIZE = 65536;
+/** Sort entries by key and apply reverse/limit options. Mutates the array. */
+function sortAndPaginate(entries, options) {
+	entries.sort((a, b) => a.key.localeCompare(b.key));
+	if (options?.reverse) entries.reverse();
+	if (options?.limit && options.limit > 0) entries.length = Math.min(entries.length, options.limit);
+	return entries;
+}
+/** Maximum allowed glob pattern length to prevent ReDoS. */
+const MAX_GLOB_PATTERN_LENGTH = 1024;
+/** Simple glob matcher — supports `*` as a wildcard for any characters. */
+function matchGlob(key, pattern) {
+	if (pattern.length > MAX_GLOB_PATTERN_LENGTH) throw new Error(`Glob pattern exceeds maximum length of ${MAX_GLOB_PATTERN_LENGTH}`);
+	const parts = pattern.split("*");
+	if (parts.length === 1) return key === pattern;
+	const first = parts[0];
+	if (!key.startsWith(first)) return false;
+	const last = parts.at(-1);
+	if (key.length < first.length + last.length) return false;
+	if (!key.endsWith(last)) return false;
+	let pos = first.length;
+	const end = key.length - last.length;
+	for (const part of parts.slice(1, -1)) {
+		const idx = key.indexOf(part, pos);
+		if (idx === -1 || idx > end) return false;
+		pos = idx + part.length;
+	}
+	return pos <= end;
+}
+//#endregion
+export { matchGlob as n, sortAndPaginate as r, MAX_VALUE_SIZE as t };

package/dist/kv.js

@@ -1,32 +1,2 @@
-//#region kv.ts
-const MAX_VALUE_SIZE = 65536;
-/** Sort entries by key and apply reverse/limit options. Mutates the array. */
-function sortAndPaginate(entries, options) {
-	entries.sort((a, b) => a.key.localeCompare(b.key));
-	if (options?.reverse) entries.reverse();
-	if (options?.limit && options.limit > 0) entries.length = Math.min(entries.length, options.limit);
-	return entries;
-}
-/** Maximum allowed glob pattern length to prevent ReDoS. */
-const MAX_GLOB_PATTERN_LENGTH = 1024;
-/** Simple glob matcher — supports `*` as a wildcard for any characters. */
-function matchGlob(key, pattern) {
-	if (pattern.length > MAX_GLOB_PATTERN_LENGTH) throw new Error(`Glob pattern exceeds maximum length of ${MAX_GLOB_PATTERN_LENGTH}`);
-	const parts = pattern.split("*");
-	if (parts.length === 1) return key === pattern;
-	const first = parts[0];
-	if (!key.startsWith(first)) return false;
-	const last = parts.at(-1);
-	if (key.length < first.length + last.length) return false;
-	if (!key.endsWith(last)) return false;
-	let pos = first.length;
-	const end = key.length - last.length;
-	for (const part of parts.slice(1, -1)) {
-		const idx = key.indexOf(part, pos);
-		if (idx === -1 || idx > end) return false;
-		pos = idx + part.length;
-	}
-	return pos <= end;
-}
-//#endregion
+import { n as matchGlob, r as sortAndPaginate, t as MAX_VALUE_SIZE } from "./kv-iXtikQmR.js";
 export { MAX_VALUE_SIZE, matchGlob, sortAndPaginate };

package/dist/matchers.js

@@ -1,4 +1,4 @@
-import { n as TurnResult } from "./testing-MRl3SXsI.js";
+import { n as TurnResult } from "./testing-BbitshLb.js";
 import { expect } from "vitest";
 //#region matchers.ts
 /**