@alexkroman1/aai 0.10.4 → 0.11.0

package/dist/_run-code.d.ts

@@ -1,6 +1,6 @@
 /**
- * run_code built-in tool — executes user JavaScript in a fresh secure-exec
- * V8 isolate with no network, filesystem writes, or env access.
+ * run_code built-in tool — executes user JavaScript in a fresh `node:vm`
+ * context with no network, filesystem, or process access.
  */
 import { z } from "zod";
 import type { ToolDef } from "./types.ts";
@@ -8,22 +8,26 @@ declare const runCodeParams: z.ZodObject<{
     code: z.ZodString;
 }, z.core.$strip>;
 /**
- * Execute JavaScript code inside a fresh secure-exec V8 isolate.
+ * Execute JavaScript code inside a fresh `node:vm` context.
  *
- * Each invocation spins up a disposable isolate with:
- * - No filesystem writes
- * - No network access
+ * Each invocation creates a disposable VM context with:
+ * - No filesystem access (`node:fs` and other built-ins unavailable)
+ * - No network access (`fetch`, `http` unavailable)
  * - No child process spawning
- * - No environment variable access
- * - 32 MB memory limit
- * - 5 second execution timeout
+ * - No environment variable access (`process` unavailable)
+ * - Execution timeout (default 5 s)
  *
- * The isolate is disposed immediately after execution, so no state
- * leaks between invocations or across sessions.
+ * The context is discarded after execution, so no state leaks between
+ * invocations or across sessions.
  */
 export declare function createRunCode(): ToolDef<typeof runCodeParams>;
 /**
- * Exported for testing — execute user code in a fresh secure-exec V8 isolate.
+ * Execute user code in a fresh `node:vm` context.
+ *
+ * @remarks
+ * The VM context only exposes standard ECMAScript globals and a console
+ * object that captures output. Node.js APIs (`process`, `require`,
+ * `import()`) are not available inside the sandbox.
  */
 export declare function executeInIsolate(code: string): Promise<string | {
     error: string;

package/dist/_runtime-conformance.d.ts

@@ -17,12 +17,12 @@
  * });
  * ```
  *
- * @example Sandbox (integration test)
+ * @example Sandbox (integration test in aai-server)
  * ```ts
- * import { testRuntime, CONFORMANCE_AGENT_BUNDLE } from "@alexkroman1/aai/runtime-conformance";
+ * import { testRuntime } from "@alexkroman1/aai/internal";
  *
  * testRuntime("sandbox", async () => {
- *   // ... start isolate with CONFORMANCE_AGENT_BUNDLE
+ *   // ... start isolate with a bundled agent
  *   return { executeTool: buildExecuteTool(...), hooks: buildHookInvoker(...) };
  * });
  * ```
@@ -40,17 +40,8 @@ export type RuntimeTestContext = {
     executeTool: ExecuteTool;
     hooks: AgentHooks;
 };
-/**
- * Agent definition used by the conformance suite (direct executor path).
- *
- * Must be kept in sync with {@link CONFORMANCE_AGENT_BUNDLE}.
- */
+/** Agent definition used by the conformance suite (direct executor path). */
 export declare const CONFORMANCE_AGENT: AgentDef;
-/**
- * JavaScript bundle equivalent of {@link CONFORMANCE_AGENT} for the sandbox
- * isolate path. Must be kept in sync with the AgentDef above.
- */
-export declare const CONFORMANCE_AGENT_BUNDLE = "\nexport default {\n  name: \"conformance-test\",\n  instructions: \"Conformance test agent.\",\n  greeting: \"Hello!\",\n  maxSteps: 5,\n  state: () => ({ count: 0, lastTurn: \"\" }),\n  tools: {\n    echo: {\n      description: \"Echo input\",\n      execute(args) { return \"echo:\" + args.text; },\n    },\n    get_env: {\n      description: \"Get MY_VAR from env\",\n      execute(_args, ctx) { return ctx.env.MY_VAR ?? \"missing\"; },\n    },\n    get_state: {\n      description: \"Get session state\",\n      execute(_args, ctx) { return JSON.stringify(ctx.state); },\n    },\n    echo_messages: {\n      description: \"Return messages as JSON\",\n      execute(_args, ctx) { return JSON.stringify(ctx.messages); },\n    },\n    kv_roundtrip: {\n      description: \"KV set then get\",\n      async execute(args, ctx) {\n        await ctx.kv.set(\"test-key\", args.value);\n        const result = await ctx.kv.get(\"test-key\");\n        return \"stored:\" + JSON.stringify(result);\n      },\n    },\n  },\n  onConnect: (ctx) => { ctx.state.count = 1; },\n  onTurn: (text, ctx) => { ctx.state.lastTurn = text; },\n};\n";
 /**
  * Run the runtime conformance test suite against a given runtime context.
  *

package/dist/_test-utils.d.ts

@@ -1,6 +1,7 @@
 import type { AgentConfig } from "./_internal-types.ts";
 import type { ClientSink } from "./protocol.ts";
 import type { S2sEvents, S2sHandle } from "./s2s.ts";
+import type { Session } from "./session.ts";
 import { type S2sSessionOptions } from "./session.ts";
 import type { AgentDef, ToolContext, ToolDef } from "./types.ts";
 /** Yield to the microtask queue so pending promises settle. */
@@ -9,6 +10,8 @@ export declare function createMockToolContext(overrides?: Partial<ToolContext>):
 export declare function makeTool(overrides?: Partial<ToolDef>): ToolDef;
 export declare function makeAgent(overrides?: Partial<AgentDef>): AgentDef;
 export declare function makeConfig(overrides?: Partial<AgentConfig>): AgentConfig;
+/** Create a stub Session with all methods as vi.fn() spies. */
+export declare function makeStubSession(overrides?: Partial<Session>): Session;
 export type MockS2sHandle = S2sHandle & {
     _fire: <K extends keyof S2sEvents>(type: K, ...args: Parameters<S2sEvents[K]>) => void;
 };
@@ -55,7 +58,7 @@ export declare function replayFixtureMessages(handle: MockS2sHandle, messages: R
 export declare function createFixtureSession(agent: AgentDef<any>, opts?: {
     env?: Record<string, string>;
 }): {
-    session: import("./session.ts").Session;
+    session: Session;
     client: ClientSink & {
         events: unknown[];
         audioChunks: Uint8Array[];

package/dist/_utils.d.ts

@@ -5,17 +5,5 @@ export declare function errorMessage(err: unknown): string;
 export declare function errorDetail(err: unknown): string;
 /** Check whether a filesystem operation is a read-only operation. */
 export declare function isReadOnlyFsOp(op: string): boolean;
-/**
- * Lazily initialized per-session state manager.
- *
- * On first access for a given session, calls `initState()` (if provided) to
- * create the initial state. Returns `{}` if no initializer and no prior state.
- */
-export declare function createSessionStateMap(initState?: () => Record<string, unknown>): {
-    get(sessionId: string): Record<string, unknown>;
-    /** Explicitly set the state for a session. */
-    set(sessionId: string, state: Record<string, unknown>): void;
-    delete(sessionId: string): boolean;
-};
 /** Return a JSON error string for the LLM: `'{"error":"<message>"}'`. */
 export declare function toolError(message: string): string;

package/dist/_utils.js

@@ -20,30 +20,9 @@ const READ_ONLY_FS_OPS = new Set([
 function isReadOnlyFsOp(op) {
 	return READ_ONLY_FS_OPS.has(op);
 }
-/**
-* Lazily initialized per-session state manager.
-*
-* On first access for a given session, calls `initState()` (if provided) to
-* create the initial state. Returns `{}` if no initializer and no prior state.
-*/
-function createSessionStateMap(initState) {
-	const map = /* @__PURE__ */ new Map();
-	return {
-		get(sessionId) {
-			if (!map.has(sessionId) && initState) map.set(sessionId, initState());
-			return map.get(sessionId) ?? {};
-		},
-		set(sessionId, state) {
-			map.set(sessionId, state);
-		},
-		delete(sessionId) {
-			return map.delete(sessionId);
-		}
-	};
-}
 /** Return a JSON error string for the LLM: `'{"error":"<message>"}'`. */
 function toolError(message) {
 	return JSON.stringify({ error: message });
 }
 //#endregion
-export { createSessionStateMap, errorDetail, errorMessage, isReadOnlyFsOp, toolError };
+export { errorDetail, errorMessage, isReadOnlyFsOp, toolError };

package/dist/{constants-BbAOvKl_.js → constants-CwotjpJR.js}

@@ -35,8 +35,6 @@ const MAX_VALUE_SIZE = 65536;
 const MAX_GLOB_PATTERN_LENGTH = 1024;
 /** Maximum conversation messages to retain (sliding window). */
 const DEFAULT_MAX_HISTORY = 200;
-/** Memory limit for run_code isolates (MB). */
-const RUN_CODE_MEMORY_MB = 32;
 /**
 * Content-Security-Policy applied to agent UI pages (both self-hosted and
 * platform). Single source of truth — used by `secureHeaders` middleware
@@ -44,4 +42,4 @@ const RUN_CODE_MEMORY_MB = 32;
 */
 const AGENT_CSP = "default-src 'self'; script-src 'self' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' wss: ws:; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; object-src 'none'; base-uri 'self'";
 //#endregion
-export { TOOL_EXECUTION_TIMEOUT_MS as _, DEFAULT_SHUTDOWN_TIMEOUT_MS as a, FETCH_TIMEOUT_MS as c, MAX_HTML_BYTES as d, MAX_PAGE_CHARS as f, RUN_CODE_TIMEOUT_MS as g, RUN_CODE_MEMORY_MB as h, DEFAULT_SESSION_START_TIMEOUT_MS as i, HOOK_TIMEOUT_MS as l, MAX_VALUE_SIZE as m, DEFAULT_IDLE_TIMEOUT_MS as n, DEFAULT_STT_SAMPLE_RATE as o, MAX_TOOL_RESULT_CHARS as p, DEFAULT_MAX_HISTORY as r, DEFAULT_TTS_SAMPLE_RATE as s, AGENT_CSP as t, MAX_GLOB_PATTERN_LENGTH as u };
+export { DEFAULT_SHUTDOWN_TIMEOUT_MS as a, FETCH_TIMEOUT_MS as c, MAX_HTML_BYTES as d, MAX_PAGE_CHARS as f, TOOL_EXECUTION_TIMEOUT_MS as g, RUN_CODE_TIMEOUT_MS as h, DEFAULT_SESSION_START_TIMEOUT_MS as i, HOOK_TIMEOUT_MS as l, MAX_VALUE_SIZE as m, DEFAULT_IDLE_TIMEOUT_MS as n, DEFAULT_STT_SAMPLE_RATE as o, MAX_TOOL_RESULT_CHARS as p, DEFAULT_MAX_HISTORY as r, DEFAULT_TTS_SAMPLE_RATE as s, AGENT_CSP as t, MAX_GLOB_PATTERN_LENGTH as u };

package/dist/constants.d.ts

@@ -34,8 +34,6 @@ export declare const MAX_VALUE_SIZE = 65536;
 export declare const MAX_GLOB_PATTERN_LENGTH = 1024;
 /** Maximum conversation messages to retain (sliding window). */
 export declare const DEFAULT_MAX_HISTORY = 200;
-/** Memory limit for run_code isolates (MB). */
-export declare const RUN_CODE_MEMORY_MB = 32;
 /**
  * Content-Security-Policy applied to agent UI pages (both self-hosted and
  * platform). Single source of truth — used by `secureHeaders` middleware

package/dist/{direct-executor-BfHrDdPL.js → direct-executor-DAGCZOAN.js}

@@ -1,6 +1,6 @@
 import { BuiltinToolSchema, DEFAULT_INSTRUCTIONS, ToolChoiceSchema, defineTool } from "./types.js";
-import { _ as TOOL_EXECUTION_TIMEOUT_MS, a as DEFAULT_SHUTDOWN_TIMEOUT_MS, c as FETCH_TIMEOUT_MS, d as MAX_HTML_BYTES, f as MAX_PAGE_CHARS, g as RUN_CODE_TIMEOUT_MS, l as HOOK_TIMEOUT_MS, m as MAX_VALUE_SIZE, o as DEFAULT_STT_SAMPLE_RATE, p as MAX_TOOL_RESULT_CHARS, s as DEFAULT_TTS_SAMPLE_RATE } from "./constants-BbAOvKl_.js";
-import { errorDetail, errorMessage, isReadOnlyFsOp, toolError } from "./_utils.js";
+import { a as DEFAULT_SHUTDOWN_TIMEOUT_MS, c as FETCH_TIMEOUT_MS, d as MAX_HTML_BYTES, f as MAX_PAGE_CHARS, g as TOOL_EXECUTION_TIMEOUT_MS, h as RUN_CODE_TIMEOUT_MS, l as HOOK_TIMEOUT_MS, m as MAX_VALUE_SIZE, o as DEFAULT_STT_SAMPLE_RATE, p as MAX_TOOL_RESULT_CHARS, s as DEFAULT_TTS_SAMPLE_RATE } from "./constants-CwotjpJR.js";
+import { errorDetail, errorMessage, toolError } from "./_utils.js";
 import { callResolveTurnConfig, createAgentHooks } from "./hooks.js";
 import { ClientMessageSchema, buildReadyConfig } from "./protocol.js";
 import { matchGlob, sortAndPaginate } from "./kv.js";
@@ -8,6 +8,7 @@ import { z } from "zod";
 import WsWebSocket from "ws";
 import pTimeout from "p-timeout";
 import { createStorage, prefixStorage } from "unstorage";
+import vm from "node:vm";
 import { createNanoEvents } from "nanoevents";
 //#region runtime.ts
 /**
@@ -112,131 +113,71 @@ function agentToolsToSchemas(tools) {
 //#endregion
 //#region _run-code.ts
 /**
-* run_code built-in tool — executes user JavaScript in a fresh secure-exec
-* V8 isolate with no network, filesystem writes, or env access.
+* run_code built-in tool — executes user JavaScript in a fresh `node:vm`
+* context with no network, filesystem, or process access.
 */
 const runCodeParams = z.object({ code: z.string().describe("JavaScript code to execute. Use console.log() for output.") });
 /**
-* Execute JavaScript code inside a fresh secure-exec V8 isolate.
+* Execute JavaScript code inside a fresh `node:vm` context.
 *
-* Each invocation spins up a disposable isolate with:
-* - No filesystem writes
-* - No network access
+* Each invocation creates a disposable VM context with:
+* - No filesystem access (`node:fs` and other built-ins unavailable)
+* - No network access (`fetch`, `http` unavailable)
 * - No child process spawning
-* - No environment variable access
-* - 32 MB memory limit
-* - 5 second execution timeout
+* - No environment variable access (`process` unavailable)
+* - Execution timeout (default 5 s)
 *
-* The isolate is disposed immediately after execution, so no state
-* leaks between invocations or across sessions.
+* The context is discarded after execution, so no state leaks between
+* invocations or across sessions.
 */
 function createRunCode() {
 	return {
-		description: "Execute JavaScript code in a secure sandbox and return the output. Use this for calculations, data transformations, string manipulation, or any task that benefits from running code. Output is captured from console.log(). No network or filesystem access.",
+		description: "Execute JavaScript code in a sandbox and return the output. Use this for calculations, data transformations, string manipulation, or any task that benefits from running code. Output is captured from console.log(). No network or filesystem access.",
 		parameters: runCodeParams,
 		async execute(args) {
 			return executeInIsolate(args.code);
 		}
 	};
 }
-/** Lazily import secure-exec to avoid top-level side effects. */
-let _secureExecPromise;
-function getSecureExec() {
-	_secureExecPromise ??= import("secure-exec");
-	return _secureExecPromise;
-}
-const RUN_CODE_HARNESS = `
-import { readFileSync } from "node:fs";
-
-const __output = [];
-const __capture = (...args) => __output.push(args.map(String).join(" "));
-const __console = {
-  log: __capture, info: __capture, warn: __capture,
-  error: __capture, debug: __capture,
-};
-try {
-  const __userCode = readFileSync("/app/user-code.js", "utf8");
-  const __AsyncFn = Object.getPrototypeOf(async function(){}).constructor;
-  const __fn = new __AsyncFn("console", __userCode);
-  await __fn(__console);
-  const result = __output.join("\\n").trim();
-  process.stdout.write(JSON.stringify({ ok: true, result: result || "Code ran successfully (no output)" }));
-} catch (err) {
-  process.stdout.write(JSON.stringify({ ok: false, error: String(err?.message ?? err) }));
-}
-`;
-const IsolateOutputSchema = z.object({
-	ok: z.boolean(),
-	result: z.string().optional(),
-	error: z.string().optional()
-});
-/** Parse stdout from the run_code harness into a result or error. */
-function parseIsolateOutput(stdout, stderr) {
-	if (!stdout) {
-		if (stderr) return { error: stderr.trim() };
-		return { error: "Code execution timed out" };
-	}
-	try {
-		const parsed = IsolateOutputSchema.parse(JSON.parse(stdout));
-		if (parsed.ok) return parsed.result ?? "Code ran successfully (no output)";
-		return { error: parsed.error ?? "Unknown error" };
-	} catch {
-		return stdout.trim() || "Code ran successfully (no output)";
-	}
-}
 /**
-* Exported for testing — execute user code in a fresh secure-exec V8 isolate.
+* Execute user code in a fresh `node:vm` context.
+*
+* @remarks
+* The VM context only exposes standard ECMAScript globals and a console
+* object that captures output. Node.js APIs (`process`, `require`,
+* `import()`) are not available inside the sandbox.
 */
 async function executeInIsolate(code) {
-	const { createInMemoryFileSystem, createNodeDriver, createNodeRuntimeDriverFactory, NodeRuntime } = await getSecureExec();
-	const fs = createInMemoryFileSystem();
-	await fs.writeFile("/app/harness.js", RUN_CODE_HARNESS);
-	await fs.writeFile("/app/user-code.js", code);
-	const stdoutChunks = [];
-	const stderrChunks = [];
-	let resolveOutput = null;
-	const outputReady = new Promise((r) => {
-		resolveOutput = r;
-	});
-	const runtime = new NodeRuntime({
-		systemDriver: createNodeDriver({
-			filesystem: fs,
-			permissions: {
-				fs: (req) => isReadOnlyFsOp(req.op) ? { allow: true } : {
-					allow: false,
-					reason: "Filesystem is read-only"
-				},
-				network: () => ({
-					allow: false,
-					reason: "Network access is disabled in run_code"
-				}),
-				childProcess: () => ({
-					allow: false,
-					reason: "Subprocess spawning is disabled"
-				}),
-				env: () => ({
-					allow: false,
-					reason: "Env access is disabled in run_code"
-				})
-			}
-		}),
-		runtimeDriverFactory: createNodeRuntimeDriverFactory(),
-		memoryLimit: 32,
-		onStdio(event) {
-			if (event.channel === "stdout") stdoutChunks.push(event.message);
-			if (event.channel === "stderr") stderrChunks.push(event.message);
-			resolveOutput?.();
-		}
+	const output = [];
+	const capture = (...args) => output.push(args.map(String).join(" "));
+	const context = vm.createContext({
+		console: {
+			log: capture,
+			info: capture,
+			warn: capture,
+			error: capture,
+			debug: capture
+		},
+		setTimeout,
+		clearTimeout,
+		setInterval,
+		clearInterval,
+		URL,
+		URLSearchParams,
+		TextEncoder,
+		TextDecoder,
+		atob,
+		btoa,
+		structuredClone,
+		queueMicrotask
 	});
-	const execPromise = runtime.exec("import \"/app/harness.js\";", { cwd: "/app" });
 	try {
-		await Promise.race([outputReady, new Promise((r) => setTimeout(r, RUN_CODE_TIMEOUT_MS))]);
-		await Promise.race([execPromise.catch(() => {}), new Promise((r) => setTimeout(r, 200))]);
-		return parseIsolateOutput(stdoutChunks.join(""), stderrChunks.join(""));
+		const wrapped = `(async () => {\n${code}\n})()`;
+		const promise = new vm.Script(wrapped, { filename: "run_code.js" }).runInContext(context, { timeout: RUN_CODE_TIMEOUT_MS });
+		await Promise.race([promise, new Promise((_, reject) => setTimeout(() => reject(/* @__PURE__ */ new Error("Code execution timed out")), RUN_CODE_TIMEOUT_MS))]);
+		return output.join("\n").trim() || "Code ran successfully (no output)";
 	} catch (err) {
 		return { error: errorMessage(err) };
-	} finally {
-		runtime.dispose();
 	}
 }
 //#endregion

package/dist/internal.js

@@ -1,7 +1,7 @@
 import { defineTool } from "./types.js";
-import { _ as TOOL_EXECUTION_TIMEOUT_MS, a as DEFAULT_SHUTDOWN_TIMEOUT_MS, c as FETCH_TIMEOUT_MS, d as MAX_HTML_BYTES, f as MAX_PAGE_CHARS, g as RUN_CODE_TIMEOUT_MS, h as RUN_CODE_MEMORY_MB, i as DEFAULT_SESSION_START_TIMEOUT_MS, l as HOOK_TIMEOUT_MS, m as MAX_VALUE_SIZE, n as DEFAULT_IDLE_TIMEOUT_MS, o as DEFAULT_STT_SAMPLE_RATE, p as MAX_TOOL_RESULT_CHARS, r as DEFAULT_MAX_HISTORY, s as DEFAULT_TTS_SAMPLE_RATE, t as AGENT_CSP, u as MAX_GLOB_PATTERN_LENGTH } from "./constants-BbAOvKl_.js";
-import { _ as consoleLogger, a as _internals, c as buildSystemPrompt, d as AgentConfigSchema, f as EMPTY_PARAMS, g as DEFAULT_S2S_CONFIG, h as toAgentConfig, i as createUnstorageKv, l as connectS2s, m as agentToolsToSchemas, n as executeToolCall, o as buildCtx, p as ToolSchemaSchema, r as wireSessionSocket, s as createS2sSession, t as createRuntime, u as defaultCreateS2sWebSocket, v as jsonLogger } from "./direct-executor-BfHrDdPL.js";
-import { createSessionStateMap, errorDetail, errorMessage, isReadOnlyFsOp, toolError } from "./_utils.js";
+import { a as DEFAULT_SHUTDOWN_TIMEOUT_MS, c as FETCH_TIMEOUT_MS, d as MAX_HTML_BYTES, f as MAX_PAGE_CHARS, g as TOOL_EXECUTION_TIMEOUT_MS, h as RUN_CODE_TIMEOUT_MS, i as DEFAULT_SESSION_START_TIMEOUT_MS, l as HOOK_TIMEOUT_MS, m as MAX_VALUE_SIZE, n as DEFAULT_IDLE_TIMEOUT_MS, o as DEFAULT_STT_SAMPLE_RATE, p as MAX_TOOL_RESULT_CHARS, r as DEFAULT_MAX_HISTORY, s as DEFAULT_TTS_SAMPLE_RATE, t as AGENT_CSP, u as MAX_GLOB_PATTERN_LENGTH } from "./constants-CwotjpJR.js";
+import { _ as consoleLogger, a as _internals, c as buildSystemPrompt, d as AgentConfigSchema, f as EMPTY_PARAMS, g as DEFAULT_S2S_CONFIG, h as toAgentConfig, i as createUnstorageKv, l as connectS2s, m as agentToolsToSchemas, n as executeToolCall, o as buildCtx, p as ToolSchemaSchema, r as wireSessionSocket, s as createS2sSession, t as createRuntime, u as defaultCreateS2sWebSocket, v as jsonLogger } from "./direct-executor-DAGCZOAN.js";
+import { errorDetail, errorMessage, isReadOnlyFsOp, toolError } from "./_utils.js";
 import { callResolveTurnConfig, createAgentHooks } from "./hooks.js";
 import { AUDIO_FORMAT, ClientEventSchema, ClientMessageSchema, KvRequestSchema, ReadyConfigSchema, ServerMessageSchema, SessionErrorCodeSchema, TurnConfigSchema, buildReadyConfig } from "./protocol.js";
 import { z } from "zod";
@@ -26,21 +26,17 @@ import { describe, expect, test } from "vitest";
 * });
 * ```
 *
-* @example Sandbox (integration test)
+* @example Sandbox (integration test in aai-server)
 * ```ts
-* import { testRuntime, CONFORMANCE_AGENT_BUNDLE } from "@alexkroman1/aai/runtime-conformance";
+* import { testRuntime } from "@alexkroman1/aai/internal";
 *
 * testRuntime("sandbox", async () => {
-*   // ... start isolate with CONFORMANCE_AGENT_BUNDLE
+*   // ... start isolate with a bundled agent
 *   return { executeTool: buildExecuteTool(...), hooks: buildHookInvoker(...) };
 * });
 * ```
 */
-/**
-* Agent definition used by the conformance suite (direct executor path).
-*
-* Must be kept in sync with {@link CONFORMANCE_AGENT_BUNDLE}.
-*/
+/** Agent definition used by the conformance suite (direct executor path). */
 const CONFORMANCE_AGENT = {
 	name: "conformance-test",
 	instructions: "Conformance test agent.",
@@ -86,47 +82,6 @@ const CONFORMANCE_AGENT = {
 	}
 };
 /**
-* JavaScript bundle equivalent of {@link CONFORMANCE_AGENT} for the sandbox
-* isolate path. Must be kept in sync with the AgentDef above.
-*/
-const CONFORMANCE_AGENT_BUNDLE = `
-export default {
-  name: "conformance-test",
-  instructions: "Conformance test agent.",
-  greeting: "Hello!",
-  maxSteps: 5,
-  state: () => ({ count: 0, lastTurn: "" }),
-  tools: {
-    echo: {
-      description: "Echo input",
-      execute(args) { return "echo:" + args.text; },
-    },
-    get_env: {
-      description: "Get MY_VAR from env",
-      execute(_args, ctx) { return ctx.env.MY_VAR ?? "missing"; },
-    },
-    get_state: {
-      description: "Get session state",
-      execute(_args, ctx) { return JSON.stringify(ctx.state); },
-    },
-    echo_messages: {
-      description: "Return messages as JSON",
-      execute(_args, ctx) { return JSON.stringify(ctx.messages); },
-    },
-    kv_roundtrip: {
-      description: "KV set then get",
-      async execute(args, ctx) {
-        await ctx.kv.set("test-key", args.value);
-        const result = await ctx.kv.get("test-key");
-        return "stored:" + JSON.stringify(result);
-      },
-    },
-  },
-  onConnect: (ctx) => { ctx.state.count = 1; },
-  onTurn: (text, ctx) => { ctx.state.lastTurn = text; },
-};
-`;
-/**
 * Run the runtime conformance test suite against a given runtime context.
 *
 * The `getContext` callback is invoked once per test to retrieve the
@@ -206,4 +161,4 @@ function testRuntime(label, getContext) {
 	});
 }
 //#endregion
-export { AGENT_CSP, AUDIO_FORMAT, AgentConfigSchema, CONFORMANCE_AGENT, CONFORMANCE_AGENT_BUNDLE, ClientEventSchema, ClientMessageSchema, DEFAULT_IDLE_TIMEOUT_MS, DEFAULT_MAX_HISTORY, DEFAULT_S2S_CONFIG, DEFAULT_SESSION_START_TIMEOUT_MS, DEFAULT_SHUTDOWN_TIMEOUT_MS, DEFAULT_STT_SAMPLE_RATE, DEFAULT_TTS_SAMPLE_RATE, EMPTY_PARAMS, FETCH_TIMEOUT_MS, HOOK_TIMEOUT_MS, KvRequestSchema, MAX_GLOB_PATTERN_LENGTH, MAX_HTML_BYTES, MAX_PAGE_CHARS, MAX_TOOL_RESULT_CHARS, MAX_VALUE_SIZE, RUN_CODE_MEMORY_MB, RUN_CODE_TIMEOUT_MS, ReadyConfigSchema, ServerMessageSchema, SessionErrorCodeSchema, TOOL_EXECUTION_TIMEOUT_MS, ToolSchemaSchema, TurnConfigSchema, _internals, agentToolsToSchemas, buildCtx, buildReadyConfig, buildSystemPrompt, callResolveTurnConfig, connectS2s, consoleLogger, createAgentHooks, createRuntime, createS2sSession, createSessionStateMap, createUnstorageKv, defaultCreateS2sWebSocket, errorDetail, errorMessage, executeToolCall, isReadOnlyFsOp, jsonLogger, testRuntime, toAgentConfig, toolError, wireSessionSocket };
+export { AGENT_CSP, AUDIO_FORMAT, AgentConfigSchema, CONFORMANCE_AGENT, ClientEventSchema, ClientMessageSchema, DEFAULT_IDLE_TIMEOUT_MS, DEFAULT_MAX_HISTORY, DEFAULT_S2S_CONFIG, DEFAULT_SESSION_START_TIMEOUT_MS, DEFAULT_SHUTDOWN_TIMEOUT_MS, DEFAULT_STT_SAMPLE_RATE, DEFAULT_TTS_SAMPLE_RATE, EMPTY_PARAMS, FETCH_TIMEOUT_MS, HOOK_TIMEOUT_MS, KvRequestSchema, MAX_GLOB_PATTERN_LENGTH, MAX_HTML_BYTES, MAX_PAGE_CHARS, MAX_TOOL_RESULT_CHARS, MAX_VALUE_SIZE, RUN_CODE_TIMEOUT_MS, ReadyConfigSchema, ServerMessageSchema, SessionErrorCodeSchema, TOOL_EXECUTION_TIMEOUT_MS, ToolSchemaSchema, TurnConfigSchema, _internals, agentToolsToSchemas, buildCtx, buildReadyConfig, buildSystemPrompt, callResolveTurnConfig, connectS2s, consoleLogger, createAgentHooks, createRuntime, createS2sSession, createUnstorageKv, defaultCreateS2sWebSocket, errorDetail, errorMessage, executeToolCall, isReadOnlyFsOp, jsonLogger, testRuntime, toAgentConfig, toolError, wireSessionSocket };

package/dist/kv.js

@@ -1,4 +1,4 @@
-import { m as MAX_VALUE_SIZE, u as MAX_GLOB_PATTERN_LENGTH } from "./constants-BbAOvKl_.js";
+import { m as MAX_VALUE_SIZE, u as MAX_GLOB_PATTERN_LENGTH } from "./constants-CwotjpJR.js";
 //#region kv.ts
 /**
 * Key-value storage interface and shared utilities.

package/dist/matchers.js

@@ -1,4 +1,4 @@
-import { n as TurnResult } from "./testing-BonJtfHJ.js";
+import { n as TurnResult } from "./testing-Dmx-dudh.js";
 import { expect } from "vitest";
 //#region matchers.ts
 /**

package/dist/protocol.js

@@ -1,4 +1,4 @@
-import { p as MAX_TOOL_RESULT_CHARS } from "./constants-BbAOvKl_.js";
+import { p as MAX_TOOL_RESULT_CHARS } from "./constants-CwotjpJR.js";
 import { z } from "zod";
 //#region protocol.ts
 /**

package/dist/server.js

@@ -1,5 +1,5 @@
-import { t as AGENT_CSP } from "./constants-BbAOvKl_.js";
-import { _ as consoleLogger, t as createRuntime } from "./direct-executor-BfHrDdPL.js";
+import { t as AGENT_CSP } from "./constants-CwotjpJR.js";
+import { _ as consoleLogger, t as createRuntime } from "./direct-executor-DAGCZOAN.js";
 import fs from "node:fs";
 import http from "node:http";
 import path from "node:path";

package/dist/{testing-BonJtfHJ.js → testing-Dmx-dudh.js}

@@ -1,5 +1,5 @@
 import "./types.js";
-import { i as createUnstorageKv, t as createRuntime } from "./direct-executor-BfHrDdPL.js";
+import { i as createUnstorageKv, t as createRuntime } from "./direct-executor-DAGCZOAN.js";
 import { resolve } from "node:path";
 import { createStorage } from "unstorage";
 import "nanoevents";
@@ -162,6 +162,20 @@ function installMockWebSocket() {
 function flush() {
 	return new Promise((r) => queueMicrotask(r));
 }
+/** Create a stub Session with all methods as vi.fn() spies. */
+function makeStubSession(overrides) {
+	return {
+		start: vi.fn(() => Promise.resolve()),
+		stop: vi.fn(() => Promise.resolve()),
+		onAudio: vi.fn(),
+		onAudioReady: vi.fn(),
+		onCancel: vi.fn(),
+		onReset: vi.fn(),
+		onHistory: vi.fn(),
+		waitForTurn: vi.fn(() => Promise.resolve()),
+		...overrides
+	};
+}
 vi.fn(), vi.fn(), vi.fn(), vi.fn();
 resolve(import.meta.dirname, "__fixtures__");
 //#endregion
@@ -496,4 +510,4 @@ function createTestHarness(agent, options = {}) {
 	}), `test-${Date.now()}`);
 }
 //#endregion
-export { MockWebSocket as a, flush as i, TurnResult as n, installMockWebSocket as o, createTestHarness as r, TestHarness as t };
+export { makeStubSession as a, flush as i, TurnResult as n, MockWebSocket as o, createTestHarness as r, installMockWebSocket as s, TestHarness as t };

package/dist/testing.d.ts

@@ -39,7 +39,7 @@ import { type Runtime } from "./direct-executor.ts";
 import type { Kv } from "./kv.ts";
 import type { AgentDef, Message } from "./types.ts";
 export { installMockWebSocket, MockWebSocket } from "./_mock-ws.ts";
-export { flush } from "./_test-utils.ts";
+export { flush, makeStubSession } from "./_test-utils.ts";
 /**
  * A single tool call recorded during a turn.
  *

package/dist/testing.js

@@ -1,2 +1,2 @@
-import { a as MockWebSocket, i as flush, n as TurnResult, o as installMockWebSocket, r as createTestHarness, t as TestHarness } from "./testing-BonJtfHJ.js";
-export { MockWebSocket, TestHarness, TurnResult, createTestHarness, flush, installMockWebSocket };
+import { a as makeStubSession, i as flush, n as TurnResult, o as MockWebSocket, r as createTestHarness, s as installMockWebSocket, t as TestHarness } from "./testing-Dmx-dudh.js";
+export { MockWebSocket, TestHarness, TurnResult, createTestHarness, flush, installMockWebSocket, makeStubSession };

package/package.json

@@ -1,63 +1,63 @@
 {
   "name": "@alexkroman1/aai",
-  "version": "0.10.4",
+  "version": "0.11.0",
   "type": "module",
   "files": [
     "dist"
   ],
   "exports": {
     ".": {
-      "source": "./index.ts",
+      "@dev/source": "./index.ts",
       "types": "./dist/index.d.ts",
       "import": "./dist/index.js"
     },
     "./server": {
-      "source": "./server.ts",
+      "@dev/source": "./server.ts",
       "types": "./dist/server.d.ts",
       "import": "./dist/server.js"
     },
     "./types": {
-      "source": "./types.ts",
+      "@dev/source": "./types.ts",
       "types": "./dist/types.d.ts",
       "import": "./dist/types.js"
     },
     "./kv": {
-      "source": "./kv.ts",
+      "@dev/source": "./kv.ts",
       "types": "./dist/kv.d.ts",
       "import": "./dist/kv.js"
     },
     "./protocol": {
-      "source": "./protocol.ts",
+      "@dev/source": "./protocol.ts",
       "types": "./dist/protocol.d.ts",
       "import": "./dist/protocol.js"
     },
     "./testing": {
-      "source": "./testing.ts",
+      "@dev/source": "./testing.ts",
       "types": "./dist/testing.d.ts",
       "import": "./dist/testing.js"
     },
     "./testing/matchers": {
-      "source": "./matchers.ts",
+      "@dev/source": "./matchers.ts",
       "types": "./dist/matchers.d.ts",
       "import": "./dist/matchers.js"
     },
     "./internal": {
-      "source": "./internal.ts",
+      "@dev/source": "./internal.ts",
       "types": "./dist/internal.d.ts",
       "import": "./dist/internal.js"
     },
     "./hooks": {
-      "source": "./hooks.ts",
+      "@dev/source": "./hooks.ts",
       "types": "./dist/hooks.d.ts",
       "import": "./dist/hooks.js"
     },
     "./utils": {
-      "source": "./_utils.ts",
+      "@dev/source": "./_utils.ts",
       "types": "./dist/_utils.d.ts",
       "import": "./dist/_utils.js"
     },
     "./vite-plugin": {
-      "source": "./vite-plugin.ts",
+      "@dev/source": "./vite-plugin.ts",
       "types": "./dist/vite-plugin.d.ts",
       "import": "./dist/vite-plugin.js"
     }
@@ -66,7 +66,6 @@
     "hookable": "^6.1.0",
     "nanoevents": "^9.1.0",
     "p-timeout": "^7.0.1",
-    "secure-exec": "^0.1.0",
     "unstorage": "^1.17.5",
     "ws": "^8.20.0",
     "zod": "^4.3.6"