@alexkroman1/aai 0.10.3 → 0.10.4

package/dist/_session-otel.d.ts

@@ -1,43 +0,0 @@
-/**
- * OpenTelemetry-instrumented session helpers.
- *
- * Extracted from session.ts to keep it under the file-length lint limit.
- * These functions add trace spans and metric counters to the S2S session
- * pipeline: tool calls, user turns, barge-ins, and session lifecycle.
- */
-import type { S2sSessionCtx } from "./_session-ctx.ts";
-import type { S2sHandle, S2sToolCall } from "./s2s.ts";
-export { activeSessionsUpDown, sessionCounter } from "./telemetry.ts";
-/**
- * Orchestrate the full tool call pipeline for a single S2S tool invocation.
- *
- * Steps: resolve per-turn config → check step/tool limits → run middleware
- * `interceptToolCall` (which may block, return a cached result, or modify args)
- * → execute the tool → run `afterToolCall` middleware → record metrics and
- * finish via {@link finishToolCall}. Each step is wrapped in an OpenTelemetry
- * span (`tool.call`) with agent/session/tool attributes.
- *
- * @param ctx - The shared mutable session context (see {@link S2sSessionCtx}).
- * @param detail - The tool call details from the S2S API (call ID, name, parsed args).
- */
-export declare function handleToolCall(ctx: S2sSessionCtx, detail: S2sToolCall): Promise<void>;
-/** Options for customizing S2S event listener behavior. */
-export type SetupListenersOptions = {
-    /** Custom handler for session expiration. When provided, replaces the
-     *  default behavior of closing the handle. Used by resume logic to
-     *  fall back to a fresh session when S2S resume fails. */
-    onSessionExpired?: () => void;
-};
-/**
- * Wire all S2S events to the client sink, hooks, and session state.
- *
- * Registers listeners on the S2S handle for: ready, session expiry, speech
- * start/stop, user/agent transcripts, reply lifecycle, tool calls, audio
- * chunks, errors, and close. Each listener delegates to a focused handler
- * function that updates `ctx` and emits client events.
- *
- * @param ctx - The shared mutable session context.
- * @param handle - The S2S WebSocket handle to listen on.
- * @param opts - Optional overrides for listener behavior.
- */
-export declare function setupListeners(ctx: S2sSessionCtx, handle: S2sHandle, opts?: SetupListenersOptions): void;

package/dist/_session-persist.d.ts

@@ -1,30 +0,0 @@
-/**
- * Session persistence helpers.
- *
- * Saves and restores session state, conversation messages, and S2S session ID
- * to/from the KV store for cross-reconnect session recovery.
- */
-import type { Kv } from "./kv.ts";
-import type { Logger } from "./runtime.ts";
-import type { Message } from "./types.ts";
-export declare function persistKey(sessionId: string): string;
-export type PersistedSession = {
-    s2sSessionId: string | null;
-    messages: Message[];
-    state: Record<string, unknown>;
-};
-export type SessionPersistence = {
-    kv: Kv;
-    ttl: number;
-    getState: () => Record<string, unknown>;
-    setState: (state: Record<string, unknown>) => void;
-};
-type PersistCtx = {
-    pushMessages(...msgs: Message[]): void;
-    conversationMessages: Message[];
-};
-export declare function restorePersistedSession(persistence: SessionPersistence, resumeFrom: string, ctx: PersistCtx, log: Logger): Promise<string | null>;
-export declare function saveSessionData(persistence: SessionPersistence, sessionId: string, ctx: PersistCtx, s2sSessionId: string | null, log: Logger, 
-/** Old session key to clean up (from a previous session we resumed from). */
-cleanupKey?: string): Promise<void>;
-export {};

package/dist/_ssrf-DCp_27V4.js

@@ -1,123 +0,0 @@
-import { lookup } from "node:dns/promises";
-import { BlockList } from "node:net";
-//#region _ssrf.ts
-/**
-* SSRF protection for AAI network tools.
-*
-* Validates URLs against private/reserved IP ranges and handles redirects
-* safely by re-validating each redirect target. Used by both the SDK
-* (self-hosted built-in tools) and the platform server.
-*/
-const privateBlocks = new BlockList();
-for (const [prefix, bits] of [
-	["0.0.0.0", 8],
-	["10.0.0.0", 8],
-	["100.64.0.0", 10],
-	["127.0.0.0", 8],
-	["169.254.0.0", 16],
-	["172.16.0.0", 12],
-	["192.0.0.0", 24],
-	["192.168.0.0", 16],
-	["198.18.0.0", 15],
-	["224.0.0.0", 4],
-	["240.0.0.0", 4]
-]) privateBlocks.addSubnet(prefix, bits, "ipv4");
-for (const [prefix, bits] of [
-	["::1", 128],
-	["::", 128],
-	["fc00::", 7],
-	["fe80::", 10],
-	["ff00::", 8]
-]) privateBlocks.addSubnet(prefix, bits, "ipv6");
-/**
-* Check whether an IP address falls within a private or reserved range.
-*
-* @param ip - An IPv4 or IPv6 address string.
-* @returns `true` if the address is in a private/reserved range.
-*/
-function isPrivateIp(ip) {
-	const type = ip.includes(":") ? "ipv6" : "ipv4";
-	return privateBlocks.check(ip, type);
-}
-/**
-* Detect IPv4-mapped IPv6 addresses and extract the embedded IPv4.
-* Handles both dotted form (`::ffff:127.0.0.1`) and hex form (`::ffff:7f00:1`).
-*/
-function extractMappedIp(ip) {
-	const mappedDotted = ip.match(/^::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/i);
-	if (mappedDotted) return mappedDotted[1];
-	const mappedHex = ip.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i);
-	if (mappedHex) {
-		const hi = Number.parseInt(mappedHex[1], 16);
-		const lo = Number.parseInt(mappedHex[2], 16);
-		return `${hi >> 8 & 255}.${hi & 255}.${lo >> 8 & 255}.${lo & 255}`;
-	}
-	return ip;
-}
-function isBlockedHostname(hostname) {
-	const lower = hostname.toLowerCase();
-	return lower === "localhost" || lower.endsWith(".local") || lower.endsWith(".internal") || lower === "169.254.169.254";
-}
-function isLiteralIp(hostname) {
-	return /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname) || hostname.includes(":");
-}
-/** Resolve hostname and block if it points to a private IP (DNS rebinding). */
-async function assertDnsResolvesPublic(hostname) {
-	try {
-		const { address } = await Promise.race([lookup(hostname), new Promise((_, reject) => setTimeout(() => reject(/* @__PURE__ */ new Error("DNS lookup timed out")), 2e3))]);
-		const resolved = extractMappedIp(address);
-		if (isPrivateIp(address) || isPrivateIp(resolved)) throw new Error(`Blocked request: ${hostname} resolves to private address ${address}`);
-	} catch (err) {
-		if (err instanceof Error && err.message.startsWith("Blocked request")) throw err;
-	}
-}
-/**
-* SSRF guard: assert that a URL targets a public internet address.
-*
-* Blocks requests to:
-* - Private IPv4 ranges (RFC 1918: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
-* - Loopback (127.0.0.0/8), link-local (169.254.0.0/16), shared (100.64.0.0/10)
-* - IPv4-mapped IPv6 addresses embedding private IPs (e.g. `::ffff:127.0.0.1`)
-* - IPv6 loopback (`::1`), ULA (`fc00::/7`), link-local (`fe80::/10`)
-* - `localhost`, `.local` (mDNS), `.internal` domains
-* - Cloud metadata endpoints (`169.254.169.254`, `metadata.google.internal`)
-* - Non-http(s) schemes (e.g. `file:`, `ftp:`)
-* - Hostnames that resolve to private IPs via DNS (prevents DNS rebinding)
-*
-* @param url - The URL to validate (must be parseable by `new URL()`).
-* @throws {Error} If the URL targets a private/reserved address or uses a
-*   disallowed protocol scheme.
-*/
-async function assertPublicUrl(url) {
-	const parsed = new URL(url);
-	const hostname = parsed.hostname.replace(/^\[|\]$/g, "");
-	const effective = extractMappedIp(hostname);
-	if (isPrivateIp(hostname) || isPrivateIp(effective)) throw new Error(`Blocked request to private address: ${hostname}`);
-	if (isBlockedHostname(hostname)) throw new Error(`Blocked request to private address: ${hostname}`);
-	if (parsed.protocol !== "http:" && parsed.protocol !== "https:") throw new Error(`Blocked request with disallowed protocol: ${parsed.protocol}`);
-	if (!isLiteralIp(hostname)) await assertDnsResolvesPublic(hostname);
-}
-/** Maximum number of redirects to follow manually. */
-const MAX_REDIRECTS = 5;
-/**
-* Fetch with SSRF-safe redirect handling: validates each redirect URL
-* against private/reserved IP ranges before following.
-*/
-async function ssrfSafeFetch(url, init, fetchFn) {
-	await assertPublicUrl(url);
-	let currentUrl = url;
-	for (let i = 0; i <= MAX_REDIRECTS; i++) {
-		const resp = await fetchFn(currentUrl, {
-			...init,
-			redirect: "manual"
-		});
-		if (resp.status < 300 || resp.status >= 400) return resp;
-		const location = resp.headers.get("location");
-		if (!location) return resp;
-		currentUrl = new URL(location, currentUrl).href;
-		await assertPublicUrl(currentUrl);
-	}
-	throw new Error("Too many redirects");
-}
-//#endregion
-export { isPrivateIp as n, ssrfSafeFetch as r, assertPublicUrl as t };

package/dist/_ssrf.d.ts

@@ -1,30 +0,0 @@
-/**
- * Check whether an IP address falls within a private or reserved range.
- *
- * @param ip - An IPv4 or IPv6 address string.
- * @returns `true` if the address is in a private/reserved range.
- */
-export declare function isPrivateIp(ip: string): boolean;
-/**
- * SSRF guard: assert that a URL targets a public internet address.
- *
- * Blocks requests to:
- * - Private IPv4 ranges (RFC 1918: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
- * - Loopback (127.0.0.0/8), link-local (169.254.0.0/16), shared (100.64.0.0/10)
- * - IPv4-mapped IPv6 addresses embedding private IPs (e.g. `::ffff:127.0.0.1`)
- * - IPv6 loopback (`::1`), ULA (`fc00::/7`), link-local (`fe80::/10`)
- * - `localhost`, `.local` (mDNS), `.internal` domains
- * - Cloud metadata endpoints (`169.254.169.254`, `metadata.google.internal`)
- * - Non-http(s) schemes (e.g. `file:`, `ftp:`)
- * - Hostnames that resolve to private IPs via DNS (prevents DNS rebinding)
- *
- * @param url - The URL to validate (must be parseable by `new URL()`).
- * @throws {Error} If the URL targets a private/reserved address or uses a
- *   disallowed protocol scheme.
- */
-export declare function assertPublicUrl(url: string): Promise<void>;
-/**
- * Fetch with SSRF-safe redirect handling: validates each redirect URL
- * against private/reserved IP ranges before following.
- */
-export declare function ssrfSafeFetch(url: string, init: RequestInit, fetchFn: typeof globalThis.fetch): Promise<Response>;

package/dist/_ssrf.js

@@ -1,2 +0,0 @@
-import { n as isPrivateIp, r as ssrfSafeFetch, t as assertPublicUrl } from "./_ssrf-DCp_27V4.js";
-export { assertPublicUrl, isPrivateIp, ssrfSafeFetch };

package/dist/_utils-DgzpOMSV.js

@@ -1,61 +0,0 @@
-//#region _utils.ts
-/** Shared utility functions. */
-/** Extract an error message from an unknown thrown value. */
-function errorMessage(err) {
-	return err instanceof Error ? err.message : String(err);
-}
-/** Extract a detailed error string (message + stack) for diagnostic logging. */
-function errorDetail(err) {
-	if (err instanceof Error) return err.stack ?? err.message;
-	return String(err);
-}
-/** Filter out undefined values from an env record. */
-function filterEnv(env) {
-	return Object.fromEntries(Object.entries(env).filter((e) => e[1] !== void 0));
-}
-/** Set of filesystem operations that are safe for read-only access. */
-const READ_ONLY_FS_OPS = new Set([
-	"read",
-	"stat",
-	"readdir",
-	"exists"
-]);
-/** Check whether a filesystem operation is a read-only operation. */
-function isReadOnlyFsOp(op) {
-	return READ_ONLY_FS_OPS.has(op);
-}
-/**
-* Safely extract the port from `server.address()`, guarding against the
-* string (pipe/socket) and null return types.
-*/
-function getServerPort(addr) {
-	if (addr && typeof addr === "object" && "port" in addr && typeof addr.port === "number") return addr.port;
-	throw new Error(`Expected server address with numeric port, got: ${JSON.stringify(addr)}`);
-}
-/**
-* Lazily initialized per-session state manager.
-*
-* On first access for a given session, calls `initState()` (if provided) to
-* create the initial state. Returns `{}` if no initializer and no prior state.
-*/
-function createSessionStateMap(initState) {
-	const map = /* @__PURE__ */ new Map();
-	return {
-		get(sessionId) {
-			if (!map.has(sessionId) && initState) map.set(sessionId, initState());
-			return map.get(sessionId) ?? {};
-		},
-		set(sessionId, state) {
-			map.set(sessionId, state);
-		},
-		delete(sessionId) {
-			return map.delete(sessionId);
-		}
-	};
-}
-/** Return a JSON error string for the LLM: `'{"error":"<message>"}'`. */
-function toolError(message) {
-	return JSON.stringify({ error: message });
-}
-//#endregion
-export { getServerPort as a, filterEnv as i, errorDetail as n, isReadOnlyFsOp as o, errorMessage as r, toolError as s, createSessionStateMap as t };