@graphorin/core 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +98 -1
- package/README.md +6 -6
- package/dist/channels/channels.d.ts +3 -3
- package/dist/channels/channels.d.ts.map +1 -1
- package/dist/channels/channels.js.map +1 -1
- package/dist/channels/directive.d.ts +8 -3
- package/dist/channels/directive.d.ts.map +1 -1
- package/dist/channels/directive.js +8 -3
- package/dist/channels/directive.js.map +1 -1
- package/dist/channels/dispatch.d.ts +9 -1
- package/dist/channels/dispatch.d.ts.map +1 -1
- package/dist/channels/dispatch.js +9 -1
- package/dist/channels/dispatch.js.map +1 -1
- package/dist/channels/durable.d.ts +94 -0
- package/dist/channels/durable.d.ts.map +1 -0
- package/dist/channels/durable.js +106 -0
- package/dist/channels/durable.js.map +1 -0
- package/dist/channels/index.d.ts +2 -1
- package/dist/channels/index.js +2 -1
- package/dist/channels/pause.d.ts +4 -4
- package/dist/channels/pause.d.ts.map +1 -1
- package/dist/channels/pause.js +4 -4
- package/dist/channels/pause.js.map +1 -1
- package/dist/contracts/auth-token-store.d.ts +2 -2
- package/dist/contracts/checkpoint-store.d.ts +41 -5
- package/dist/contracts/checkpoint-store.d.ts.map +1 -1
- package/dist/contracts/checkpoint-store.js +25 -0
- package/dist/contracts/checkpoint-store.js.map +1 -0
- package/dist/contracts/embedder.d.ts +1 -1
- package/dist/contracts/index.d.ts +4 -4
- package/dist/contracts/index.js +2 -1
- package/dist/contracts/local-provider-trust.d.ts +4 -4
- package/dist/contracts/logger.d.ts +1 -1
- package/dist/contracts/logger.js.map +1 -1
- package/dist/contracts/memory-store.d.ts +1 -1
- package/dist/contracts/memory-store.d.ts.map +1 -1
- package/dist/contracts/oauth-server-store.d.ts +1 -1
- package/dist/contracts/preferred-model.d.ts +4 -4
- package/dist/contracts/preferred-model.js.map +1 -1
- package/dist/contracts/provider.d.ts +31 -5
- package/dist/contracts/provider.d.ts.map +1 -1
- package/dist/contracts/reasoning-retention.d.ts +3 -3
- package/dist/contracts/redaction-validator.d.ts +1 -1
- package/dist/contracts/sandbox.d.ts +1 -1
- package/dist/contracts/secret-value.d.ts +1 -1
- package/dist/contracts/secret-value.js.map +1 -1
- package/dist/contracts/secrets-store.d.ts +3 -3
- package/dist/contracts/session-store.d.ts +9 -7
- package/dist/contracts/session-store.d.ts.map +1 -1
- package/dist/contracts/tool.d.ts +20 -7
- package/dist/contracts/tool.d.ts.map +1 -1
- package/dist/contracts/tracer.d.ts +1 -1
- package/dist/contracts/tracer.d.ts.map +1 -1
- package/dist/contracts/tracer.js.map +1 -1
- package/dist/index.d.ts +11 -10
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -3
- package/dist/index.js.map +1 -1
- package/dist/types/agent-event.d.ts +24 -10
- package/dist/types/agent-event.d.ts.map +1 -1
- package/dist/types/handoff.d.ts +9 -9
- package/dist/types/index.d.ts +5 -5
- package/dist/types/memory.d.ts +66 -23
- package/dist/types/memory.d.ts.map +1 -1
- package/dist/types/message.d.ts +2 -2
- package/dist/types/message.d.ts.map +1 -1
- package/dist/types/run.d.ts +57 -4
- package/dist/types/run.d.ts.map +1 -1
- package/dist/types/run.js +1 -1
- package/dist/types/run.js.map +1 -1
- package/dist/types/sensitivity.d.ts +3 -3
- package/dist/types/sensitivity.js.map +1 -1
- package/dist/types/stop-condition.d.ts +1 -1
- package/dist/types/stop-condition.js.map +1 -1
- package/dist/types/tool.d.ts +49 -24
- package/dist/types/tool.d.ts.map +1 -1
- package/dist/types/usage.d.ts +25 -1
- package/dist/types/usage.d.ts.map +1 -1
- package/dist/types/usage.js.map +1 -1
- package/dist/types/workflow-event.d.ts +8 -1
- package/dist/types/workflow-event.d.ts.map +1 -1
- package/dist/utils/assert-never.d.ts +1 -1
- package/dist/utils/assert-never.js +1 -1
- package/dist/utils/assert-never.js.map +1 -1
- package/dist/utils/hash.d.ts +9 -7
- package/dist/utils/hash.d.ts.map +1 -1
- package/dist/utils/hash.js +9 -7
- package/dist/utils/hash.js.map +1 -1
- package/dist/utils/validation.d.ts +1 -1
- package/dist/utils/validation.js +1 -1
- package/dist/utils/validation.js.map +1 -1
- package/package.json +1 -1
package/dist/types/memory.d.ts
CHANGED
|
@@ -6,7 +6,7 @@ import { Sensitivity } from "./sensitivity.js";
|
|
|
6
6
|
* Kinds of memory record in the Graphorin model. The first six are the
|
|
7
7
|
* storage tiers the {@link MemoryStore} contract exposes as 1:1
|
|
8
8
|
* sub-namespaces; `insight` is the derived, reflection-synthesized
|
|
9
|
-
* record kind (P1-1)
|
|
9
|
+
* record kind (P1-1) - it has no base-tier namespace and is persisted
|
|
10
10
|
* through the optional insight surface adapters expose. Used as the
|
|
11
11
|
* discriminator for span types and the `MemoryRecord` union.
|
|
12
12
|
*
|
|
@@ -14,7 +14,7 @@ import { Sensitivity } from "./sensitivity.js";
|
|
|
14
14
|
*/
|
|
15
15
|
type MemoryKind = 'working' | 'session' | 'episodic' | 'semantic' | 'procedural' | 'shared' | 'insight';
|
|
16
16
|
/**
|
|
17
|
-
* Where a memory came from
|
|
17
|
+
* Where a memory came from - the trust-provenance tag carried by every
|
|
18
18
|
* fact / episode / induced procedure. `user` (the human said it) and
|
|
19
19
|
* `tool` (a tool the agent invoked returned it) are first-party;
|
|
20
20
|
* `extraction` (consolidator distilled it from a transcript),
|
|
@@ -23,7 +23,7 @@ type MemoryKind = 'working' | 'session' | 'episodic' | 'semantic' | 'procedural'
|
|
|
23
23
|
* trajectory, P2-2) are *derived* and therefore land quarantined by
|
|
24
24
|
* default; `imported` is bulk-loaded from an external store. Used by
|
|
25
25
|
* P1-4 to gate action-driving recall against memory-poisoning (MINJA /
|
|
26
|
-
* MemoryGraft)
|
|
26
|
+
* MemoryGraft) - induced procedures drive *actions*, so the quarantine
|
|
27
27
|
* gate matters most for them.
|
|
28
28
|
*
|
|
29
29
|
* @stable
|
|
@@ -38,6 +38,20 @@ type MemoryProvenance = 'user' | 'tool' | 'extraction' | 'reflection' | 'inducti
|
|
|
38
38
|
* @stable
|
|
39
39
|
*/
|
|
40
40
|
type MemoryStatus = 'active' | 'quarantined';
|
|
41
|
+
/**
|
|
42
|
+
* Principal a memory belongs to (D3) - the *who-owns-this* dimension,
|
|
43
|
+
* orthogonal to {@link MemoryProvenance} (*where-it-came-from*):
|
|
44
|
+
* `user` for user-stated content, `agent` for the agent's own
|
|
45
|
+
* inferences (consolidator extraction / reflection / induction stamp
|
|
46
|
+
* this), `shared` for records deliberately published to a multi-agent
|
|
47
|
+
* shared tier. Absent (rows written before the feature, or writers
|
|
48
|
+
* that do not care) is treated as `user` at filter time; default
|
|
49
|
+
* reads apply **no owner filter**, so behaviour is unchanged until a
|
|
50
|
+
* caller opts into a retrieval-time scope filter.
|
|
51
|
+
*
|
|
52
|
+
* @stable
|
|
53
|
+
*/
|
|
54
|
+
type MemoryOwner = 'user' | 'agent' | 'shared';
|
|
41
55
|
/**
|
|
42
56
|
* Snapshot of memory-tier counters surfaced to the model via the
|
|
43
57
|
* memory-aware system prompt. Implementations live in `@graphorin/memory`;
|
|
@@ -85,7 +99,7 @@ interface MemoryRecord {
|
|
|
85
99
|
readonly tags?: ReadonlyArray<string>;
|
|
86
100
|
}
|
|
87
101
|
/**
|
|
88
|
-
* Working-memory block
|
|
102
|
+
* Working-memory block - a labeled, char-bounded slot rendered into the
|
|
89
103
|
* system prompt every turn.
|
|
90
104
|
*
|
|
91
105
|
* @stable
|
|
@@ -113,7 +127,7 @@ interface Fact extends MemoryRecord {
|
|
|
113
127
|
* `subject`/`object` are the graph *entities* (resolved to canonical
|
|
114
128
|
* ids in `fact_entities`); `predicate` is the relation label and is
|
|
115
129
|
* not itself an entity. Absent on rows written before the feature, and
|
|
116
|
-
* on plain free-text facts
|
|
130
|
+
* on plain free-text facts - they are a soft enrichment that powers
|
|
117
131
|
* one-hop expansion ({@link MemorySearchOptions} has no field; the
|
|
118
132
|
* memory tier's search opts in), never a recall gate.
|
|
119
133
|
*/
|
|
@@ -125,7 +139,7 @@ interface Fact extends MemoryRecord {
|
|
|
125
139
|
readonly confidence?: number;
|
|
126
140
|
/**
|
|
127
141
|
* Optional salience hint in `[0, 1]` for multi-signal forgetting
|
|
128
|
-
* (X-1). A *soft* signal
|
|
142
|
+
* (X-1). A *soft* signal - higher importance slows a fact's decay and
|
|
129
143
|
* delays capacity-bounded eviction, but never gates recall and never
|
|
130
144
|
* forces retention. Absent on rows written before the feature
|
|
131
145
|
* (treated as neutral, `0.5`).
|
|
@@ -150,9 +164,15 @@ interface Fact extends MemoryRecord {
|
|
|
150
164
|
* default recall.
|
|
151
165
|
*/
|
|
152
166
|
readonly status?: MemoryStatus;
|
|
167
|
+
/**
|
|
168
|
+
* Principal dimension (D3). `'agent'` on consolidator-synthesized
|
|
169
|
+
* facts; absent ⇒ treated as `'user'` at filter time. Never gates
|
|
170
|
+
* default recall - only an explicit owner search filter reads it.
|
|
171
|
+
*/
|
|
172
|
+
readonly owner?: MemoryOwner;
|
|
153
173
|
}
|
|
154
174
|
/**
|
|
155
|
-
* Episode
|
|
175
|
+
* Episode - a summarized stretch of past activity.
|
|
156
176
|
*
|
|
157
177
|
* @stable
|
|
158
178
|
*/
|
|
@@ -169,9 +189,11 @@ interface Episode extends MemoryRecord {
|
|
|
169
189
|
readonly provenance?: MemoryProvenance;
|
|
170
190
|
/** Retrieval-trust state (P1-4). See {@link MemoryStatus}. */
|
|
171
191
|
readonly status?: MemoryStatus;
|
|
192
|
+
/** Principal dimension (D3). See {@link MemoryOwner}. */
|
|
193
|
+
readonly owner?: MemoryOwner;
|
|
172
194
|
}
|
|
173
195
|
/**
|
|
174
|
-
* Procedural rule
|
|
196
|
+
* Procedural rule - a standing order activated when its `condition` matches.
|
|
175
197
|
*
|
|
176
198
|
* @stable
|
|
177
199
|
*/
|
|
@@ -182,14 +204,14 @@ interface Rule extends MemoryRecord {
|
|
|
182
204
|
readonly priority: number;
|
|
183
205
|
/**
|
|
184
206
|
* Ordered, value-abstracted step sequence of an *induced* workflow
|
|
185
|
-
* (P2-2)
|
|
207
|
+
* (P2-2) - e.g. `['search for {product}', 'add {quantity} to cart',
|
|
186
208
|
* 'check out']`. Present only on procedures distilled from successful
|
|
187
209
|
* agent trajectories; author-defined rules omit it.
|
|
188
210
|
*/
|
|
189
211
|
readonly steps?: ReadonlyArray<string>;
|
|
190
212
|
/**
|
|
191
213
|
* Names of the variables abstracted from the trajectory's concrete
|
|
192
|
-
* values (P2-2)
|
|
214
|
+
* values (P2-2) - the `{product}` / `{quantity}` placeholders that
|
|
193
215
|
* appear in {@link Rule.steps}. Lets a reused procedure be re-bound to
|
|
194
216
|
* fresh arguments instead of replaying one run's literals.
|
|
195
217
|
*/
|
|
@@ -221,17 +243,19 @@ interface Rule extends MemoryRecord {
|
|
|
221
243
|
* Absent ⇒ never counted (adapters without the column).
|
|
222
244
|
*/
|
|
223
245
|
readonly successCount?: number;
|
|
246
|
+
/** Principal dimension (D3). `'agent'` on induced procedures. See {@link MemoryOwner}. */
|
|
247
|
+
readonly owner?: MemoryOwner;
|
|
224
248
|
}
|
|
225
249
|
/**
|
|
226
|
-
* Insight
|
|
250
|
+
* Insight - a higher-order observation the consolidator's reflection
|
|
227
251
|
* pass (P1-1) synthesizes over recent memories ("the user has cancelled
|
|
228
|
-
* three evening plans this month
|
|
252
|
+
* three evening plans this month - they may be overcommitted"). No
|
|
229
253
|
* single turn states it; it is *inferred*, so it is always
|
|
230
254
|
* `provenance: 'reflection'` and lands `status: 'quarantined'` (P1-4),
|
|
231
255
|
* excluded from action-driving recall until validated.
|
|
232
256
|
*
|
|
233
|
-
* Every insight carries **mandatory citations** (`cites`)
|
|
234
|
-
* the supporting memories it was synthesized from
|
|
257
|
+
* Every insight carries **mandatory citations** (`cites`) - the ids of
|
|
258
|
+
* the supporting memories it was synthesized from - so a reader can
|
|
235
259
|
* trace it back to evidence; this is the "trustworthy reflection"
|
|
236
260
|
* mitigation against confirmation-bias loops. Insights are managed with
|
|
237
261
|
* an ExpeL-style salience counter (new insights start at `2`, pruned at
|
|
@@ -245,7 +269,7 @@ interface Insight extends MemoryRecord {
|
|
|
245
269
|
readonly text: string;
|
|
246
270
|
/**
|
|
247
271
|
* IDs of the supporting memories (facts / episodes) this insight was
|
|
248
|
-
* synthesized from. Always ≥ 1
|
|
272
|
+
* synthesized from. Always ≥ 1 - citations are mandatory; an insight
|
|
249
273
|
* with no traceable evidence is never persisted.
|
|
250
274
|
*/
|
|
251
275
|
readonly cites: ReadonlyArray<string>;
|
|
@@ -265,10 +289,12 @@ interface Insight extends MemoryRecord {
|
|
|
265
289
|
* {@link MemoryStatus}.
|
|
266
290
|
*/
|
|
267
291
|
readonly status?: MemoryStatus;
|
|
292
|
+
/** Principal dimension (D3). Reflection-synthesized insights are `'agent'`. */
|
|
293
|
+
readonly owner?: MemoryOwner;
|
|
268
294
|
}
|
|
269
295
|
/**
|
|
270
296
|
* Role a {@link GraphEntity} plays in a {@link Fact}'s s/p/o triple
|
|
271
|
-
* (P2-1)
|
|
297
|
+
* (P2-1) - the `subject` or the `object`. The `predicate` is a relation
|
|
272
298
|
* label, not an entity, so it has no role here.
|
|
273
299
|
*
|
|
274
300
|
* @stable
|
|
@@ -277,13 +303,13 @@ type EntityRole = 'subject' | 'object';
|
|
|
277
303
|
/**
|
|
278
304
|
* Canonical entity in the lightweight in-SQLite relation graph (P2-1).
|
|
279
305
|
* The entity resolver (`@graphorin/memory`) deduplicates the raw
|
|
280
|
-
* `subject`/`object` strings on facts into canonical entities
|
|
306
|
+
* `subject`/`object` strings on facts into canonical entities - merging
|
|
281
307
|
* aliases ("Anna", "Anna S.", "my sister") via lexical + embedding
|
|
282
|
-
* similarity (with optional LLM adjudication)
|
|
308
|
+
* similarity (with optional LLM adjudication) - so multi-hop recall can
|
|
283
309
|
* traverse relationships instead of fragmenting them.
|
|
284
310
|
*
|
|
285
311
|
* Merges are **append-only and reversible**: a merged entity is never
|
|
286
|
-
* deleted
|
|
312
|
+
* deleted - its {@link GraphEntity.mergedInto} points at the surviving
|
|
287
313
|
* canonical entity, every merge / unmerge is recorded in an audit
|
|
288
314
|
* ledger, and `mergedInto` is single-level (it always points directly at
|
|
289
315
|
* a root), so `mergedInto ?? id` is the canonical id.
|
|
@@ -324,7 +350,7 @@ interface MemorySearchOptions {
|
|
|
324
350
|
/**
|
|
325
351
|
* Include quarantined memories in the result set (P1-4). Defaults to
|
|
326
352
|
* `false`: action-driving recall never returns quarantined rows. Set
|
|
327
|
-
* `true` only for the validation / inspector path
|
|
353
|
+
* `true` only for the validation / inspector path - never for
|
|
328
354
|
* auto-recall fed back into the model.
|
|
329
355
|
*/
|
|
330
356
|
readonly includeQuarantined?: boolean;
|
|
@@ -333,10 +359,27 @@ interface MemorySearchOptions {
|
|
|
333
359
|
* Point-in-time ("as of") read. When set, only records whose
|
|
334
360
|
* validity interval contains this instant are returned. For facts:
|
|
335
361
|
* `(valid_from IS NULL OR valid_from <= asOf) AND (valid_to IS NULL OR valid_to > asOf)`;
|
|
336
|
-
* for episodes: `started_at <= asOf`. ISO-8601. Absent ⇒
|
|
337
|
-
*
|
|
362
|
+
* for episodes: `started_at <= asOf`. ISO-8601. Absent ⇒ fact reads
|
|
363
|
+
* evaluate validity at NOW (see {@link includeSuperseded}).
|
|
338
364
|
*/
|
|
339
365
|
readonly asOf?: string;
|
|
366
|
+
/**
|
|
367
|
+
* Include superseded / validity-expired facts in the result set
|
|
368
|
+
* (memory-retrieval-01). Defaults to `false`: a default read behaves
|
|
369
|
+
* as `asOf = now`, so a fact whose `validTo` was closed (e.g. by
|
|
370
|
+
* `supersede`) never surfaces as current - exactly what the
|
|
371
|
+
* `fact_supersede` tool promises. Set `true` only for inspector /
|
|
372
|
+
* audit paths that need the full history. Ignored when an explicit
|
|
373
|
+
* {@link asOf} is supplied.
|
|
374
|
+
*/
|
|
375
|
+
readonly includeSuperseded?: boolean;
|
|
376
|
+
/**
|
|
377
|
+
* Retrieval-time principal filter (D3). When set, only records whose
|
|
378
|
+
* owner is in the requested set match; rows written before the
|
|
379
|
+
* feature (owner absent) are treated as `'user'`. Absent ⇒ no owner
|
|
380
|
+
* filter - behaviour is unchanged.
|
|
381
|
+
*/
|
|
382
|
+
readonly owner?: MemoryOwner | ReadonlyArray<MemoryOwner>;
|
|
340
383
|
}
|
|
341
384
|
/**
|
|
342
385
|
* A single retrieval hit with similarity / relevance metadata.
|
|
@@ -350,5 +393,5 @@ interface MemoryHit<TRecord extends MemoryRecord = MemoryRecord> {
|
|
|
350
393
|
readonly signals?: Readonly<Record<string, number>>;
|
|
351
394
|
}
|
|
352
395
|
//#endregion
|
|
353
|
-
export { Block, EntityRole, Episode, Fact, GraphEntity, Insight, MemoryHit, MemoryKind, MemoryMetadata, MemoryProvenance, MemoryRecord, MemorySearchOptions, MemoryStatus, Rule };
|
|
396
|
+
export { Block, EntityRole, Episode, Fact, GraphEntity, Insight, MemoryHit, MemoryKind, MemoryMetadata, MemoryOwner, MemoryProvenance, MemoryRecord, MemorySearchOptions, MemoryStatus, Rule };
|
|
354
397
|
//# sourceMappingURL=memory.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"memory.d.ts","names":[],"sources":["../../src/types/memory.ts"],"sourcesContent":[],"mappings":";;;;;;AAYA;AAwBA;AAgBA;AAUA;AAuBA
|
|
1
|
+
{"version":3,"file":"memory.d.ts","names":[],"sources":["../../src/types/memory.ts"],"sourcesContent":[],"mappings":";;;;;;AAYA;AAwBA;AAgBA;AAeA;AAUA;AAuBA;;;AAckB,KAtGN,UAAA,GAsGM,SAAA,GAAA,SAAA,GAAA,UAAA,GAAA,UAAA,GAAA,YAAA,GAAA,QAAA,GAAA,SAAA;;AASlB;AAcA;;;;;;AA4DA;;;;;;AAsBA;AAWmB,KAlMP,gBAAA,GAkMO,MAAA,GAAA,MAAA,GAAA,YAAA,GAAA,YAAA,GAAA,WAAA,GAAA,UAAA;;;;;;;;AAwDnB;AASkB,KAnPN,YAAA,GAmPM,QAAA,GAAA,aAAA;;;;;;AA4BlB;AAkBA;AAuBA;;;;;;AAsC8C,KA/UlC,WAAA,GA+UkC,MAAA,GAAA,OAAA,GAAA,QAAA;AAQ9C;;;;;;;;UA7UiB,cAAA;;;;;;;;;;;;;;kBAcC;;;;;;;;UASD,YAAA;;iBAEA;;;;wBAIO;;;;;;;;kBAQN;;;;;;;;UASD,KAAA,SAAc;;;;;;;;;;;;;UAcd,IAAA,SAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wBAwCN;;;;;;oBAMJ;;;;;;mBAMD;;;;;;;UAQF,OAAA,SAAgB;;;;;;;;;;wBAUT;;oBAEJ;;mBAED;;;;;;;UAQF,IAAA,SAAa;;;;;;;;;;;mBAWX;;;;;;;uBAOI;;;;;;6BAMM;;;;;;wBAML;;;;;;;oBAOJ;;;;;;;;;;mBAUD;;;;;;;;;;;;;;;;;;;UAoBF,OAAA,SAAgB;;;;;;;;;kBASf;;;;;;;;;;;wBAWM;;;;;oBAKJ;;mBAED;;;;;;;;;KAUP,UAAA;;;;;;;;;;;;;;;;;UAkBK,WAAA;;;;;;;;;;;;;;;;;;;;;;UAuBA,mBAAA;;;kBAGC;;;;;;;;;;;;;oBAUE;;;;;;;;;;;;;;;;;;;;;;;;;mBAyBD,cAAc,cAAc;;;;;;;UAQ9B,0BAA0B,eAAe;mBACvC;;;qBAGE,SAAS"}
|
package/dist/types/message.d.ts
CHANGED
|
@@ -31,7 +31,7 @@ interface TextContent {
|
|
|
31
31
|
}
|
|
32
32
|
/**
|
|
33
33
|
* Image attachment. The `image` field accepts either raw bytes or a `URL`
|
|
34
|
-
*
|
|
34
|
+
* - adapters dereference the URL when the provider only accepts inline
|
|
35
35
|
* payloads.
|
|
36
36
|
*
|
|
37
37
|
* @stable
|
|
@@ -45,7 +45,7 @@ interface ImageContent {
|
|
|
45
45
|
}
|
|
46
46
|
/**
|
|
47
47
|
* Audio attachment (e.g. voice messages). Note: voice realtime / TTS / STT
|
|
48
|
-
* are out of scope for v0.1
|
|
48
|
+
* are out of scope for v0.1 - these messages are static blobs.
|
|
49
49
|
*
|
|
50
50
|
* @stable
|
|
51
51
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"message.d.ts","names":[],"sources":["../../src/types/message.ts"],"sourcesContent":[],"mappings":";;;;;;AAYA;;;;;;;AAYA;AAmBiB,KA/BL,cAAA,GACR,WA8ByB,GA7BzB,YA6ByB,GA5BzB,YA4ByB,GA3BzB,WA2ByB,GA1BzB,gBA0ByB;;;;;AAc7B;AAEkB,UAnCD,WAAA,CAmCC;EAAa,SAAA,IAAA,EAAA,MAAA;EAGH,SAAA,IAAA,EAAA,MAAA;EAAa;AASzC;;;;;EAiBiB,SAAA,cAAgB,CAAA,EAvDL,aAsEV,CAAA,MAAA,CAAA;AAWlB;AAYA;AAcA;;;;;;AAGiB,UApGA,YAAA,CAoGa;EAMb,SAAA,IAAA,EAAW,OAAA;EAQX,SAAA,KAAA,EAhHC,UAgHe,GAhHF,GAkHO;EAUrB,SAAA,QAAW,CAAA,EAAA,
|
|
1
|
+
{"version":3,"file":"message.d.ts","names":[],"sources":["../../src/types/message.ts"],"sourcesContent":[],"mappings":";;;;;;AAYA;;;;;;;AAYA;AAmBiB,KA/BL,cAAA,GACR,WA8ByB,GA7BzB,YA6ByB,GA5BzB,YA4ByB,GA3BzB,WA2ByB,GA1BzB,gBA0ByB;;;;;AAc7B;AAEkB,UAnCD,WAAA,CAmCC;EAAa,SAAA,IAAA,EAAA,MAAA;EAGH,SAAA,IAAA,EAAA,MAAA;EAAa;AASzC;;;;;EAiBiB,SAAA,cAAgB,CAAA,EAvDL,aAsEV,CAAA,MAAA,CAAA;AAWlB;AAYA;AAcA;;;;;;AAGiB,UApGA,YAAA,CAoGa;EAMb,SAAA,IAAA,EAAW,OAAA;EAQX,SAAA,KAAA,EAhHC,UAgHe,GAhHF,GAkHO;EAUrB,SAAA,QAAW,CAAA,EAAA,MAAA;;4BAzHA;;;;;;;;UASX,YAAA;;kBAEC,aAAa;;;4BAGH;;;;;;;;UASX,WAAA;;iBAEA,aAAa;;;;4BAIF;;;;;;;;;;UAWX,gBAAA;;;;;;;;;;;;;;;kBAeC;;4BAEU;;;;;;;;UASX,oBAAA;;;;;;;;;;;KAYL,WAAA;;;;;;;;;;;;;KAcA,OAAA,GAAU,gBAAgB,cAAc,mBAAmB;;UAGtD,aAAA;;;;;UAMA,WAAA;;sCAEqB;;;;;UAMrB,gBAAA;;sCAEqB;gCACN;;;;;;;;UASf,WAAA;;;sCAGqB"}
|
package/dist/types/run.d.ts
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
|
+
import { ToolCall } from "./tool-call.js";
|
|
1
2
|
import { Message } from "./message.js";
|
|
3
|
+
import { AISpan, Tracer } from "../contracts/tracer.js";
|
|
2
4
|
import { ModelUsage, Usage, UsageAccumulator } from "./usage.js";
|
|
3
5
|
import { HandoffRecord } from "./handoff.js";
|
|
4
|
-
import { Tracer } from "../contracts/tracer.js";
|
|
5
6
|
import { CompletedToolCall, ToolApproval } from "./tool.js";
|
|
6
7
|
|
|
7
8
|
//#region src/types/run.d.ts
|
|
@@ -29,6 +30,26 @@ interface RunStep {
|
|
|
29
30
|
* Stable agent id active for this step (changes after a handoff).
|
|
30
31
|
*/
|
|
31
32
|
readonly agentId: string;
|
|
33
|
+
/**
|
|
34
|
+
* The model response this step produced, recorded when the agent runs
|
|
35
|
+
* with `recordProviderResponses: true` (C3). Enables deterministic
|
|
36
|
+
* replay: `createReplayProvider(state)` serves these back in order so
|
|
37
|
+
* a run re-executes without live model calls.
|
|
38
|
+
*/
|
|
39
|
+
readonly providerResponse?: RunStepProviderResponse;
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Journaled model response for one step (C3, opt-in via the agent's
|
|
43
|
+
* `recordProviderResponses`). Captures the RAW model output - the text
|
|
44
|
+
* before any lateral-leak block replaced it in the transcript - so a
|
|
45
|
+
* replay reproduces the original run faithfully.
|
|
46
|
+
*
|
|
47
|
+
* @stable
|
|
48
|
+
*/
|
|
49
|
+
interface RunStepProviderResponse {
|
|
50
|
+
readonly modelId: string;
|
|
51
|
+
readonly text?: string;
|
|
52
|
+
readonly toolCalls?: ReadonlyArray<ToolCall>;
|
|
32
53
|
}
|
|
33
54
|
/**
|
|
34
55
|
* Per-model usage breakdown carried alongside the aggregate
|
|
@@ -82,7 +103,7 @@ interface RunState {
|
|
|
82
103
|
* resumed run does not start with an empty ledger that silently un-gates
|
|
83
104
|
* sinks exposed before the suspend. Structurally matches
|
|
84
105
|
* `@graphorin/security`'s `TaintLedgerSnapshot` (core takes no security
|
|
85
|
-
* dependency); only the load-bearing flags are persisted
|
|
106
|
+
* dependency); only the load-bearing flags are persisted - never the tracked
|
|
86
107
|
* untrusted text spans.
|
|
87
108
|
*/
|
|
88
109
|
taintSummary?: RunTaintSummary;
|
|
@@ -91,6 +112,13 @@ interface RunState {
|
|
|
91
112
|
* across suspend/resume so discovered tools remain in the per-step catalogue.
|
|
92
113
|
*/
|
|
93
114
|
promotedTools?: ReadonlyArray<string>;
|
|
115
|
+
/**
|
|
116
|
+
* D6 structured plan/todo list - the agent's own working plan,
|
|
117
|
+
* journaled so it survives suspend/resume (a TodoWrite-style tool
|
|
118
|
+
* mutates it, and attention-recitation renders it back into the
|
|
119
|
+
* prompt each turn). Absent until the agent writes one.
|
|
120
|
+
*/
|
|
121
|
+
todos?: ReadonlyArray<TodoItem>;
|
|
94
122
|
readonly startedAt: string;
|
|
95
123
|
finishedAt?: string;
|
|
96
124
|
error?: RunError;
|
|
@@ -106,11 +134,30 @@ interface RunTaintSummary {
|
|
|
106
134
|
readonly untrustedSeen: boolean;
|
|
107
135
|
readonly sensitiveSeen: boolean;
|
|
108
136
|
readonly untrustedSourceKinds: ReadonlyArray<string>;
|
|
137
|
+
/**
|
|
138
|
+
* C6: one-way FNV-1a hashes of normalized untrusted-span tiles. Re-arms
|
|
139
|
+
* the verbatim-carry probe after a resume at tile granularity. Hashes
|
|
140
|
+
* only - no untrusted text is ever persisted (the invariant above
|
|
141
|
+
* holds).
|
|
142
|
+
*/
|
|
143
|
+
readonly spanTileHashes?: ReadonlyArray<string>;
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* One item in the agent's structured plan (D6). `status` drives both
|
|
147
|
+
* the recitation rendering and progress reporting; `id` lets a
|
|
148
|
+
* status-flip mutation target an item without rewriting the list.
|
|
149
|
+
*
|
|
150
|
+
* @stable
|
|
151
|
+
*/
|
|
152
|
+
interface TodoItem {
|
|
153
|
+
readonly id: string;
|
|
154
|
+
readonly content: string;
|
|
155
|
+
readonly status: 'pending' | 'in_progress' | 'completed';
|
|
109
156
|
}
|
|
110
157
|
/**
|
|
111
158
|
* Snapshot helper used by `@graphorin/observability` aggregators to
|
|
112
159
|
* convert the on-disk `usageByModel` shape into the canonical
|
|
113
|
-
* {@link ModelUsage} array. Pure utility
|
|
160
|
+
* {@link ModelUsage} array. Pure utility - kept in core so consumers
|
|
114
161
|
* do not have to take an observability dependency just to flatten a
|
|
115
162
|
* run-state breakdown.
|
|
116
163
|
*
|
|
@@ -149,7 +196,13 @@ interface RunContext<TDeps = unknown> {
|
|
|
149
196
|
readonly stepNumber: number;
|
|
150
197
|
readonly messages: ReadonlyArray<Message>;
|
|
151
198
|
readonly state: RunState;
|
|
199
|
+
/**
|
|
200
|
+
* C7: the current `agent.step` span (when the runtime traces). Spans
|
|
201
|
+
* created inside tool execution parent under it so a run's traces
|
|
202
|
+
* form one tree.
|
|
203
|
+
*/
|
|
204
|
+
readonly span?: AISpan;
|
|
152
205
|
}
|
|
153
206
|
//#endregion
|
|
154
|
-
export { RunContext, RunError, RunState, RunStateUsageByModel, RunStatus, RunStep, RunTaintSummary, flattenUsageByModel };
|
|
207
|
+
export { RunContext, RunError, RunState, RunStateUsageByModel, RunStatus, RunStep, RunStepProviderResponse, RunTaintSummary, TodoItem, flattenUsageByModel };
|
|
155
208
|
//# sourceMappingURL=run.d.ts.map
|
package/dist/types/run.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"run.d.ts","names":[],"sources":["../../src/types/run.ts"],"sourcesContent":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"run.d.ts","names":[],"sources":["../../src/types/run.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;AAaA;AAQA;;;AAgB8B,KAxBlB,SAAA,GAwBkB,SAAA,GAAA,WAAA,GAAA,QAAA,GAAA,SAAA,GAAA,mBAAA;;AAW9B;AAkBA;AAcA;;;AAQqB,UAnEJ,OAAA,CAmEI;EACQ,SAAA,UAAA,EAAA,MAAA;EACR,SAAA,SAAA,EAAA,MAAA;EACH,SAAA,OAAA,CAAA,EAAA,MAAA;EAQD,SAAA,KAAA,CAAA,EA1EE,KA0EF;EASA,SAAA,SAAA,EAAA,SAlFc,iBAkFd,EAAA;EAKC;;;EAUR,SAAA,OAAA,EAAA,MAAA;EAAQ;AAUlB;AAoBA;AAeA;;;EAEG,SAAA,gBAAA,CAAA,EArI2B,uBAqI3B;;AAwBH;AAeA;;;;;;;AAWkB,UA5KD,uBAAA,CA4KC;EAAQ,SAAA,OAAA,EAAA,MAAA;EAM+B,SAAA,IAAA,CAAA,EAAA,MAAA;uBA/KlC,cAAc;;;;;;;;;;;;;;UAepB,oBAAA;8BACa;;;;;;;;;;;;;;UAab,QAAA;;;;;;UAMP;kBACQ;qBACG;6BACQ;qBACR;kBACH;;;;;;;;iBAQD;;;;;;;;;iBASA;;;;;kBAKC;;;;;;;UAOR,cAAc;;;UAGd;;;;;;;;;UAUO,eAAA;;;iCAGgB;;;;;;;4BAOL;;;;;;;;;UAUX,QAAA;;;;;;;;;;;;;;iBAeD,mBAAA,UACL,mCACR,cAAc;;;;;;;UAwBA,QAAA;;;;;;;;;;;;;;UAeA;;;;;iBAKA;mBACE;mBACA;kBACD;;qBAEG,cAAc;kBACjB;;;;;;kBAAQ"}
|
package/dist/types/run.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
/**
|
|
3
3
|
* Snapshot helper used by `@graphorin/observability` aggregators to
|
|
4
4
|
* convert the on-disk `usageByModel` shape into the canonical
|
|
5
|
-
* {@link ModelUsage} array. Pure utility
|
|
5
|
+
* {@link ModelUsage} array. Pure utility - kept in core so consumers
|
|
6
6
|
* do not have to take an observability dependency just to flatten a
|
|
7
7
|
* run-state breakdown.
|
|
8
8
|
*
|
package/dist/types/run.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"run.js","names":["out: ModelUsage[]","m: ModelUsage"],"sources":["../../src/types/run.ts"],"sourcesContent":["import type { Tracer } from '../contracts/tracer.js';\nimport type { HandoffRecord } from './handoff.js';\nimport type { Message } from './message.js';\nimport type { CompletedToolCall, ToolApproval } from './tool.js';\nimport type { ModelUsage, Usage, UsageAccumulator } from './usage.js';\n\n/**\n * Status of an in-flight or completed agent run. Append-only persistence\n * stores expose this verbatim on the `runs` table.\n *\n * @stable\n */\nexport type RunStatus = 'running' | 'completed' | 'failed' | 'aborted' | 'awaiting_approval';\n\n/**\n * Single step inside an agent run. The agent runtime appends one\n * `RunStep` per provider call.\n *\n * @stable\n */\nexport interface RunStep {\n readonly stepNumber: number;\n readonly startedAt: string;\n readonly endedAt?: string;\n readonly usage?: Usage;\n readonly toolCalls: readonly CompletedToolCall[];\n /**\n * Stable agent id active for this step (changes after a handoff).\n */\n readonly agentId: string;\n}\n\n/**\n * Per-model usage breakdown carried alongside the aggregate\n * {@link Usage} on {@link RunState}. Populated by the per-step retry\n * loop when `Agent.fallbackModels` fires; for runs that never fall\n * back, the map carries a single entry for the primary model with\n * `attemptCount: 1`.\n *\n * The aggregate `RunState.usage` is always the sum of every entry's\n * `Usage` portion (the field is asserted in tests).\n *\n * @stable\n */\nexport interface RunStateUsageByModel {\n readonly [modelId: string]: Usage & { readonly attemptCount: number };\n}\n\n/**\n * The full, serializable state of a run. The agent runtime persists this\n * to the checkpoint store on every `awaiting_approval` boundary, so a\n * separate process can resume the run.\n *\n * The shape is intentionally JSON-stable: every nested type is plain\n * `JSON`-encodable (no `Map`, no `Set`, no `Date`).\n *\n * @stable\n */\nexport interface RunState {\n readonly id: string;\n readonly agentId: string;\n readonly currentAgentId: string;\n readonly sessionId: string;\n readonly userId?: string;\n status: RunStatus;\n readonly steps: RunStep[];\n readonly messages: Message[];\n readonly pendingApprovals: ToolApproval[];\n readonly handoffs: HandoffRecord[];\n readonly usage: Usage;\n /**\n * Per-model usage breakdown. Populated by the per-step retry loop\n * when `Agent.fallbackModels` fires (RB-48 / suggested DEC-164 /\n * suggested ADR-052). Backward-compat: rehydrating a serialized\n * state that omits the field synthesizes a single-entry map for\n * the primary model.\n */\n usageByModel?: RunStateUsageByModel;\n /**\n * AG-19: coarse data-flow taint summary, carried across suspend/resume so a\n * resumed run does not start with an empty ledger that silently un-gates\n * sinks exposed before the suspend. Structurally matches\n * `@graphorin/security`'s `TaintLedgerSnapshot` (core takes no security\n * dependency); only the load-bearing flags are persisted
|
|
1
|
+
{"version":3,"file":"run.js","names":["out: ModelUsage[]","m: ModelUsage"],"sources":["../../src/types/run.ts"],"sourcesContent":["import type { Tracer } from '../contracts/tracer.js';\nimport type { HandoffRecord } from './handoff.js';\nimport type { Message } from './message.js';\nimport type { CompletedToolCall, ToolApproval } from './tool.js';\nimport type { ToolCall } from './tool-call.js';\nimport type { ModelUsage, Usage, UsageAccumulator } from './usage.js';\n\n/**\n * Status of an in-flight or completed agent run. Append-only persistence\n * stores expose this verbatim on the `runs` table.\n *\n * @stable\n */\nexport type RunStatus = 'running' | 'completed' | 'failed' | 'aborted' | 'awaiting_approval';\n\n/**\n * Single step inside an agent run. The agent runtime appends one\n * `RunStep` per provider call.\n *\n * @stable\n */\nexport interface RunStep {\n readonly stepNumber: number;\n readonly startedAt: string;\n readonly endedAt?: string;\n readonly usage?: Usage;\n readonly toolCalls: readonly CompletedToolCall[];\n /**\n * Stable agent id active for this step (changes after a handoff).\n */\n readonly agentId: string;\n /**\n * The model response this step produced, recorded when the agent runs\n * with `recordProviderResponses: true` (C3). Enables deterministic\n * replay: `createReplayProvider(state)` serves these back in order so\n * a run re-executes without live model calls.\n */\n readonly providerResponse?: RunStepProviderResponse;\n}\n\n/**\n * Journaled model response for one step (C3, opt-in via the agent's\n * `recordProviderResponses`). Captures the RAW model output - the text\n * before any lateral-leak block replaced it in the transcript - so a\n * replay reproduces the original run faithfully.\n *\n * @stable\n */\nexport interface RunStepProviderResponse {\n readonly modelId: string;\n readonly text?: string;\n readonly toolCalls?: ReadonlyArray<ToolCall>;\n}\n\n/**\n * Per-model usage breakdown carried alongside the aggregate\n * {@link Usage} on {@link RunState}. Populated by the per-step retry\n * loop when `Agent.fallbackModels` fires; for runs that never fall\n * back, the map carries a single entry for the primary model with\n * `attemptCount: 1`.\n *\n * The aggregate `RunState.usage` is always the sum of every entry's\n * `Usage` portion (the field is asserted in tests).\n *\n * @stable\n */\nexport interface RunStateUsageByModel {\n readonly [modelId: string]: Usage & { readonly attemptCount: number };\n}\n\n/**\n * The full, serializable state of a run. The agent runtime persists this\n * to the checkpoint store on every `awaiting_approval` boundary, so a\n * separate process can resume the run.\n *\n * The shape is intentionally JSON-stable: every nested type is plain\n * `JSON`-encodable (no `Map`, no `Set`, no `Date`).\n *\n * @stable\n */\nexport interface RunState {\n readonly id: string;\n readonly agentId: string;\n readonly currentAgentId: string;\n readonly sessionId: string;\n readonly userId?: string;\n status: RunStatus;\n readonly steps: RunStep[];\n readonly messages: Message[];\n readonly pendingApprovals: ToolApproval[];\n readonly handoffs: HandoffRecord[];\n readonly usage: Usage;\n /**\n * Per-model usage breakdown. Populated by the per-step retry loop\n * when `Agent.fallbackModels` fires (RB-48 / suggested DEC-164 /\n * suggested ADR-052). Backward-compat: rehydrating a serialized\n * state that omits the field synthesizes a single-entry map for\n * the primary model.\n */\n usageByModel?: RunStateUsageByModel;\n /**\n * AG-19: coarse data-flow taint summary, carried across suspend/resume so a\n * resumed run does not start with an empty ledger that silently un-gates\n * sinks exposed before the suspend. Structurally matches\n * `@graphorin/security`'s `TaintLedgerSnapshot` (core takes no security\n * dependency); only the load-bearing flags are persisted - never the tracked\n * untrusted text spans.\n */\n taintSummary?: RunTaintSummary;\n /**\n * AG-19: names of deferred tools promoted by `tool_search` this run, carried\n * across suspend/resume so discovered tools remain in the per-step catalogue.\n */\n promotedTools?: ReadonlyArray<string>;\n /**\n * D6 structured plan/todo list - the agent's own working plan,\n * journaled so it survives suspend/resume (a TodoWrite-style tool\n * mutates it, and attention-recitation renders it back into the\n * prompt each turn). Absent until the agent writes one.\n */\n todos?: ReadonlyArray<TodoItem>;\n readonly startedAt: string;\n finishedAt?: string;\n error?: RunError;\n}\n\n/**\n * Coarse, serializable data-flow taint summary persisted in {@link RunState}\n * across suspend/resume (AG-19). Structurally identical to\n * `@graphorin/security`'s `TaintLedgerSnapshot`; carries no untrusted text.\n *\n * @stable\n */\nexport interface RunTaintSummary {\n readonly untrustedSeen: boolean;\n readonly sensitiveSeen: boolean;\n readonly untrustedSourceKinds: ReadonlyArray<string>;\n /**\n * C6: one-way FNV-1a hashes of normalized untrusted-span tiles. Re-arms\n * the verbatim-carry probe after a resume at tile granularity. Hashes\n * only - no untrusted text is ever persisted (the invariant above\n * holds).\n */\n readonly spanTileHashes?: ReadonlyArray<string>;\n}\n\n/**\n * One item in the agent's structured plan (D6). `status` drives both\n * the recitation rendering and progress reporting; `id` lets a\n * status-flip mutation target an item without rewriting the list.\n *\n * @stable\n */\nexport interface TodoItem {\n readonly id: string;\n readonly content: string;\n readonly status: 'pending' | 'in_progress' | 'completed';\n}\n\n/**\n * Snapshot helper used by `@graphorin/observability` aggregators to\n * convert the on-disk `usageByModel` shape into the canonical\n * {@link ModelUsage} array. Pure utility - kept in core so consumers\n * do not have to take an observability dependency just to flatten a\n * run-state breakdown.\n *\n * @stable\n */\nexport function flattenUsageByModel(\n byModel: RunStateUsageByModel | undefined,\n): ReadonlyArray<ModelUsage> {\n if (byModel === undefined) return [];\n const out: ModelUsage[] = [];\n for (const [modelId, entry] of Object.entries(byModel)) {\n const m: ModelUsage = {\n modelId,\n promptTokens: entry.promptTokens,\n completionTokens: entry.completionTokens,\n totalTokens: entry.totalTokens,\n callCount: entry.attemptCount,\n ...(entry.reasoningTokens !== undefined ? { reasoningTokens: entry.reasoningTokens } : {}),\n ...(entry.cost !== undefined ? { cost: entry.cost } : {}),\n };\n out.push(m);\n }\n return out;\n}\n\n/**\n * Failure carried by `RunState.error`. The shape mirrors the wire format\n * used by `agent.error` events.\n *\n * @stable\n */\nexport interface RunError {\n readonly message: string;\n readonly code: string;\n readonly details?: unknown;\n}\n\n/**\n * Per-run dependency / context bag handed to every tool, hook and\n * provider middleware in scope. Generic over the user-defined deps shape.\n *\n * `tracer`, `signal`, `usage` and `state` are always present; everything\n * else is optional.\n *\n * @stable\n */\nexport interface RunContext<TDeps = unknown> {\n readonly runId: string;\n readonly sessionId: string;\n readonly userId?: string;\n readonly agentId: string;\n readonly deps: TDeps;\n readonly tracer: Tracer;\n readonly signal: AbortSignal;\n readonly usage: UsageAccumulator;\n readonly stepNumber: number;\n readonly messages: ReadonlyArray<Message>;\n readonly state: RunState;\n /**\n * C7: the current `agent.step` span (when the runtime traces). Spans\n * created inside tool execution parent under it so a run's traces\n * form one tree.\n */\n readonly span?: import('../contracts/tracer.js').AISpan;\n}\n"],"mappings":";;;;;;;;;;AAwKA,SAAgB,oBACd,SAC2B;AAC3B,KAAI,YAAY,OAAW,QAAO,EAAE;CACpC,MAAMA,MAAoB,EAAE;AAC5B,MAAK,MAAM,CAAC,SAAS,UAAU,OAAO,QAAQ,QAAQ,EAAE;EACtD,MAAMC,IAAgB;GACpB;GACA,cAAc,MAAM;GACpB,kBAAkB,MAAM;GACxB,aAAa,MAAM;GACnB,WAAW,MAAM;GACjB,GAAI,MAAM,oBAAoB,SAAY,EAAE,iBAAiB,MAAM,iBAAiB,GAAG,EAAE;GACzF,GAAI,MAAM,SAAS,SAAY,EAAE,MAAM,MAAM,MAAM,GAAG,EAAE;GACzD;AACD,MAAI,KAAK,EAAE;;AAEb,QAAO"}
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
/**
|
|
3
3
|
* Sensitivity tier for any piece of data flowing through Graphorin.
|
|
4
4
|
*
|
|
5
|
-
* - `'public'`
|
|
6
|
-
* - `'internal'`
|
|
5
|
+
* - `'public'` - non-sensitive content; safe for any provider, any sink.
|
|
6
|
+
* - `'internal'` - default for user-generated content; safe for trusted
|
|
7
7
|
* providers (loopback / private-network) but redacted for public-tls
|
|
8
8
|
* exporters and replay consumers.
|
|
9
|
-
* - `'secret'`
|
|
9
|
+
* - `'secret'` - credentials, tokens, encryption keys; only ever stays
|
|
10
10
|
* in-process and is never serialized to the wire by default.
|
|
11
11
|
*
|
|
12
12
|
* @stable
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sensitivity.js","names":["SENSITIVITY_ORDER: readonly Sensitivity[]"],"sources":["../../src/types/sensitivity.ts"],"sourcesContent":["/**\n * Sensitivity tier for any piece of data flowing through Graphorin.\n *\n * - `'public'`
|
|
1
|
+
{"version":3,"file":"sensitivity.js","names":["SENSITIVITY_ORDER: readonly Sensitivity[]"],"sources":["../../src/types/sensitivity.ts"],"sourcesContent":["/**\n * Sensitivity tier for any piece of data flowing through Graphorin.\n *\n * - `'public'` - non-sensitive content; safe for any provider, any sink.\n * - `'internal'` - default for user-generated content; safe for trusted\n * providers (loopback / private-network) but redacted for public-tls\n * exporters and replay consumers.\n * - `'secret'` - credentials, tokens, encryption keys; only ever stays\n * in-process and is never serialized to the wire by default.\n *\n * @stable\n */\nexport type Sensitivity = 'public' | 'internal' | 'secret';\n\n/**\n * Strict ordering used by sensitivity-aware filters\n * (`record.sensitivity ⊆ provider.acceptsSensitivity`).\n *\n * @stable\n */\nexport const SENSITIVITY_ORDER: readonly Sensitivity[] = ['public', 'internal', 'secret'] as const;\n\n/**\n * Return `true` iff `record` is allowed to flow to a sink declaring `accepts`.\n *\n * Comparison is **subset** semantics: the record's tier must be one of the\n * tiers in `accepts` (it's not enough for the record's tier to be lower).\n * That mirrors the way provider `acceptsSensitivity` is declared in the\n * Graphorin trust matrix.\n *\n * @stable\n */\nexport function acceptsSensitivity(accepts: readonly Sensitivity[], record: Sensitivity): boolean {\n return accepts.includes(record);\n}\n"],"mappings":";;;;;;;AAoBA,MAAaA,oBAA4C;CAAC;CAAU;CAAY;CAAS;;;;;;;;;;;AAYzF,SAAgB,mBAAmB,SAAiC,QAA8B;AAChG,QAAO,QAAQ,SAAS,OAAO"}
|
|
@@ -6,7 +6,7 @@ import { RunState } from "./run.js";
|
|
|
6
6
|
* Predicate consulted by the agent runtime after every step to decide
|
|
7
7
|
* whether the loop should stop.
|
|
8
8
|
*
|
|
9
|
-
* Stop conditions are pure
|
|
9
|
+
* Stop conditions are pure - they look at the current `RunState` and
|
|
10
10
|
* return a boolean. The runtime never re-orders or short-circuits the
|
|
11
11
|
* order in which operands of `and` / `or` are evaluated, so users can
|
|
12
12
|
* rely on the obvious left-to-right semantics.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"stop-condition.js","names":["isTerminal: StopCondition"],"sources":["../../src/types/stop-condition.ts"],"sourcesContent":["import type { RunState } from './run.js';\n\n/**\n * Predicate consulted by the agent runtime after every step to decide\n * whether the loop should stop.\n *\n * Stop conditions are pure
|
|
1
|
+
{"version":3,"file":"stop-condition.js","names":["isTerminal: StopCondition"],"sources":["../../src/types/stop-condition.ts"],"sourcesContent":["import type { RunState } from './run.js';\n\n/**\n * Predicate consulted by the agent runtime after every step to decide\n * whether the loop should stop.\n *\n * Stop conditions are pure - they look at the current `RunState` and\n * return a boolean. The runtime never re-orders or short-circuits the\n * order in which operands of `and` / `or` are evaluated, so users can\n * rely on the obvious left-to-right semantics.\n *\n * @stable\n */\nexport interface StopCondition {\n /** Human-friendly label included in observability spans. */\n readonly description: string;\n /** Returns `true` when the run should stop on this state. */\n readonly check: (state: RunState) => boolean;\n}\n\n/**\n * Stop after `n` total steps (`stepNumber >= n`). The default condition\n * for the agent runtime is `isStepCount(50)`.\n *\n * @stable\n */\nexport function isStepCount(n: number): StopCondition {\n if (!Number.isFinite(n) || n <= 0) {\n throw new RangeError(`isStepCount: n must be a positive integer (got ${String(n)})`);\n }\n return {\n description: `step >= ${n}`,\n check: (state): boolean => state.steps.length >= n,\n };\n}\n\n/**\n * Stop as soon as the most recent assistant message contains a tool call\n * with the given name.\n *\n * @stable\n */\nexport function hasToolCall(toolName: string): StopCondition {\n return {\n description: `tool-call:${toolName}`,\n check: (state): boolean => {\n for (let i = state.messages.length - 1; i >= 0; i--) {\n const msg = state.messages[i];\n if (msg && msg.role === 'assistant') {\n const calls = msg.toolCalls;\n if (calls?.some((c) => c.toolName === toolName)) {\n return true;\n }\n // First assistant message without the call → not yet matched.\n return false;\n }\n }\n return false;\n },\n };\n}\n\n/**\n * Stop when the run reaches a terminal status.\n *\n * @stable\n */\nexport const isTerminal: StopCondition = {\n description: 'status:terminal',\n check: (state): boolean =>\n state.status === 'completed' || state.status === 'failed' || state.status === 'aborted',\n};\n\n/**\n * Stop when **any** of the supplied conditions is satisfied.\n *\n * @stable\n */\nexport function or(...conditions: readonly StopCondition[]): StopCondition {\n return {\n description: `or(${conditions.map((c) => c.description).join(', ')})`,\n check: (state): boolean => conditions.some((c) => c.check(state)),\n };\n}\n\n/**\n * Stop only when **all** of the supplied conditions are satisfied.\n *\n * @stable\n */\nexport function and(...conditions: readonly StopCondition[]): StopCondition {\n return {\n description: `and(${conditions.map((c) => c.description).join(', ')})`,\n check: (state): boolean => conditions.every((c) => c.check(state)),\n };\n}\n\n/**\n * Negate the supplied condition.\n *\n * @stable\n */\nexport function not(condition: StopCondition): StopCondition {\n return {\n description: `not(${condition.description})`,\n check: (state): boolean => !condition.check(state),\n };\n}\n"],"mappings":";;;;;;;AA0BA,SAAgB,YAAY,GAA0B;AACpD,KAAI,CAAC,OAAO,SAAS,EAAE,IAAI,KAAK,EAC9B,OAAM,IAAI,WAAW,kDAAkD,OAAO,EAAE,CAAC,GAAG;AAEtF,QAAO;EACL,aAAa,WAAW;EACxB,QAAQ,UAAmB,MAAM,MAAM,UAAU;EAClD;;;;;;;;AASH,SAAgB,YAAY,UAAiC;AAC3D,QAAO;EACL,aAAa,aAAa;EAC1B,QAAQ,UAAmB;AACzB,QAAK,IAAI,IAAI,MAAM,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;IACnD,MAAM,MAAM,MAAM,SAAS;AAC3B,QAAI,OAAO,IAAI,SAAS,aAAa;AAEnC,SADc,IAAI,WACP,MAAM,MAAM,EAAE,aAAa,SAAS,CAC7C,QAAO;AAGT,YAAO;;;AAGX,UAAO;;EAEV;;;;;;;AAQH,MAAaA,aAA4B;CACvC,aAAa;CACb,QAAQ,UACN,MAAM,WAAW,eAAe,MAAM,WAAW,YAAY,MAAM,WAAW;CACjF;;;;;;AAOD,SAAgB,GAAG,GAAG,YAAqD;AACzE,QAAO;EACL,aAAa,MAAM,WAAW,KAAK,MAAM,EAAE,YAAY,CAAC,KAAK,KAAK,CAAC;EACnE,QAAQ,UAAmB,WAAW,MAAM,MAAM,EAAE,MAAM,MAAM,CAAC;EAClE;;;;;;;AAQH,SAAgB,IAAI,GAAG,YAAqD;AAC1E,QAAO;EACL,aAAa,OAAO,WAAW,KAAK,MAAM,EAAE,YAAY,CAAC,KAAK,KAAK,CAAC;EACpE,QAAQ,UAAmB,WAAW,OAAO,MAAM,EAAE,MAAM,MAAM,CAAC;EACnE;;;;;;;AAQH,SAAgB,IAAI,WAAyC;AAC3D,QAAO;EACL,aAAa,OAAO,UAAU,YAAY;EAC1C,QAAQ,UAAmB,CAAC,UAAU,MAAM,MAAM;EACnD"}
|
package/dist/types/tool.d.ts
CHANGED
|
@@ -21,14 +21,14 @@ type SandboxPolicy = 'none' | 'sandboxed' | 'isolated' | 'docker';
|
|
|
21
21
|
* metadata against this discriminator without a hard dependency on the
|
|
22
22
|
* security package.
|
|
23
23
|
*
|
|
24
|
-
* - `'pure'`
|
|
25
|
-
* - `'side-effecting-no-memory'`
|
|
24
|
+
* - `'pure'` - no side effects of any kind.
|
|
25
|
+
* - `'side-effecting-no-memory'` - observable side effects outside of
|
|
26
26
|
* the framework's memory tiers (e.g. external HTTP).
|
|
27
|
-
* - `'memory-aware'`
|
|
27
|
+
* - `'memory-aware'` - mutates the framework's memory
|
|
28
28
|
* tiers via the sanctioned `ctx.memory.*` surface only.
|
|
29
|
-
* - `'unknown'`
|
|
29
|
+
* - `'unknown'` - no declaration; the runtime applies
|
|
30
30
|
* the audit-only baseline.
|
|
31
|
-
* - `'untrusted'`
|
|
31
|
+
* - `'untrusted'` - third-party / untrusted skill code;
|
|
32
32
|
* the runtime forces the strictest snapshot policy.
|
|
33
33
|
*
|
|
34
34
|
* @stable
|
|
@@ -40,13 +40,13 @@ type MemoryGuardTier = 'pure' | 'side-effecting-no-memory' | 'memory-aware' | 'u
|
|
|
40
40
|
* Surfaced uniformly by the tool dispatcher, downstream session
|
|
41
41
|
* cassette layers, retry middleware, and approval-policy derivations.
|
|
42
42
|
*
|
|
43
|
-
* - `'pure'`
|
|
43
|
+
* - `'pure'` - deterministic; same `(input, ctx)` always
|
|
44
44
|
* yields the same output; no I/O of any kind.
|
|
45
|
-
* - `'read-only'`
|
|
45
|
+
* - `'read-only'` - queries external systems but never
|
|
46
46
|
* mutates them (e.g. database SELECT, HTTP GET).
|
|
47
|
-
* - `'side-effecting'`
|
|
47
|
+
* - `'side-effecting'` - mutates state inside the agent's logical
|
|
48
48
|
* boundary (e.g. memory writes, cache writes).
|
|
49
|
-
* - `'external-stateful'`
|
|
49
|
+
* - `'external-stateful'` - mutates state outside the agent's
|
|
50
50
|
* boundary that other systems can observe (e.g. issue creation,
|
|
51
51
|
* message dispatch, payment).
|
|
52
52
|
*
|
|
@@ -57,15 +57,15 @@ type SideEffectClass = 'pure' | 'read-only' | 'side-effecting' | 'external-state
|
|
|
57
57
|
* Inbound prompt-injection sanitization policy applied to a tool's
|
|
58
58
|
* result body before it reaches the conversation history.
|
|
59
59
|
*
|
|
60
|
-
* - `'pass-through'`
|
|
60
|
+
* - `'pass-through'` - no scan; bytes-equal forwarding
|
|
61
61
|
* (the trusted-built-in default).
|
|
62
|
-
* - `'detect-and-flag'`
|
|
62
|
+
* - `'detect-and-flag'` - scan; emit a flag span attribute
|
|
63
63
|
* + audit row but do not modify the body.
|
|
64
|
-
* - `'detect-and-strip'`
|
|
64
|
+
* - `'detect-and-strip'` - replace each match with the
|
|
65
65
|
* `[REDACTED:imperative-pattern]` literal token.
|
|
66
|
-
* - `'detect-and-wrap'`
|
|
66
|
+
* - `'detect-and-wrap'` - wrap the body in the
|
|
67
67
|
* `<<<untrusted_content>>>` envelope without stripping matches.
|
|
68
|
-
* - `'detect-and-strip-and-wrap'`
|
|
68
|
+
* - `'detect-and-strip-and-wrap'` - both strip matches and wrap the
|
|
69
69
|
* resulting body (the untrusted-source default).
|
|
70
70
|
*
|
|
71
71
|
* @stable
|
|
@@ -75,14 +75,14 @@ type InboundSanitizationPolicy = 'pass-through' | 'detect-and-flag' | 'detect-an
|
|
|
75
75
|
* Result-envelope truncation strategy applied to a tool's assembled
|
|
76
76
|
* output before it reaches the conversation history.
|
|
77
77
|
*
|
|
78
|
-
* - `'middle'`
|
|
78
|
+
* - `'middle'` - keep head and tail; insert annotation in the
|
|
79
79
|
* middle (the default).
|
|
80
|
-
* - `'tail'`
|
|
80
|
+
* - `'tail'` - keep the tail; insert annotation at the
|
|
81
81
|
* head.
|
|
82
|
-
* - `'spill-to-file'`
|
|
82
|
+
* - `'spill-to-file'` - keep the head; spill the un-truncated body
|
|
83
83
|
* to a per-run artifact file; insert annotation with the artifact
|
|
84
84
|
* path.
|
|
85
|
-
* - `'summarize'`
|
|
85
|
+
* - `'summarize'` - invoke the agent's configured summarizer
|
|
86
86
|
* and replace the body with the summary.
|
|
87
87
|
*
|
|
88
88
|
* @stable
|
|
@@ -158,7 +158,7 @@ interface ToolResult<TOutput = unknown> {
|
|
|
158
158
|
readonly durationMs: number;
|
|
159
159
|
/**
|
|
160
160
|
* Set when the tool's output was large enough to be stored behind a
|
|
161
|
-
* handle (the `'spill-to-file'` truncation strategy, or
|
|
161
|
+
* handle (the `'spill-to-file'` truncation strategy, or - later - an MCP
|
|
162
162
|
* `resource_link`) instead of being inlined in full. The runtime inlines
|
|
163
163
|
* only the bounded {@link ResultHandle.preview} and lets the model fetch
|
|
164
164
|
* the rest on demand via the built-in `read_result` tool. Absent for
|
|
@@ -171,14 +171,14 @@ interface ToolResult<TOutput = unknown> {
|
|
|
171
171
|
* out of the conversation buffer rather than inlined in full. The agent
|
|
172
172
|
* inlines {@link preview} (plus a retrieval hint) and registers the
|
|
173
173
|
* built-in `read_result` tool so the model can page through the full
|
|
174
|
-
* artifact behind {@link uri} on demand
|
|
174
|
+
* artifact behind {@link uri} on demand - keeping large results out of the
|
|
175
175
|
* context window (P1-4).
|
|
176
176
|
*
|
|
177
177
|
* @stable
|
|
178
178
|
*/
|
|
179
179
|
interface ResultHandle {
|
|
180
180
|
/**
|
|
181
|
-
* Opaque, run-scoped URI
|
|
181
|
+
* Opaque, run-scoped URI - e.g. `graphorin-spill:<runId>/<toolCallId>.json`
|
|
182
182
|
* for a spill artifact. Never a raw filesystem path: the reader resolves
|
|
183
183
|
* it within the configured artifact root, so the model cannot use it to
|
|
184
184
|
* read arbitrary files.
|
|
@@ -206,7 +206,24 @@ interface ResultHandle {
|
|
|
206
206
|
*
|
|
207
207
|
* @stable
|
|
208
208
|
*/
|
|
209
|
-
type ToolErrorKind = 'approval_denied' | 'sandbox_violation' | 'timeout' | 'invalid_input' | 'invalid_output' | 'execution_failed' | 'unknown_tool' | 'aborted' | 'inbound_sanitization_blocked' | 'dataflow_policy_blocked' | 'rate_limited';
|
|
209
|
+
type ToolErrorKind = 'approval_denied' | 'sandbox_violation' | 'timeout' | 'invalid_input' | 'invalid_output' | 'execution_failed' | 'unknown_tool' | 'aborted' | 'inbound_sanitization_blocked' | 'dataflow_policy_blocked' | 'capability_blocked' | 'rate_limited';
|
|
210
|
+
/**
|
|
211
|
+
* Model-facing recovery guidance attached to a {@link ToolError} (C3).
|
|
212
|
+
* Practitioner evidence converges on these two fields being what changes
|
|
213
|
+
* model behaviour after a failure:
|
|
214
|
+
*
|
|
215
|
+
* - `'retry_later'` - transient; the same call is expected to work
|
|
216
|
+
* after a pause (rate limits, timeouts).
|
|
217
|
+
* - `'check_input'` - the arguments are wrong; re-read the schema
|
|
218
|
+
* and fix them before retrying.
|
|
219
|
+
* - `'try_alternative'` - this tool/approach failed non-transiently;
|
|
220
|
+
* try a different tool or strategy.
|
|
221
|
+
* - `'report_to_user'` - a policy/authorization stop; do not retry,
|
|
222
|
+
* surface the situation instead.
|
|
223
|
+
*
|
|
224
|
+
* @stable
|
|
225
|
+
*/
|
|
226
|
+
type RecoveryHint = 'retry_later' | 'check_input' | 'try_alternative' | 'report_to_user';
|
|
210
227
|
/**
|
|
211
228
|
* The unsuccessful outcome of a tool invocation. The model sees a textual
|
|
212
229
|
* representation of `message`; the runtime sees the typed shape.
|
|
@@ -222,10 +239,18 @@ interface ToolError {
|
|
|
222
239
|
readonly cause?: unknown;
|
|
223
240
|
/** Optional remediation hint for human readers. */
|
|
224
241
|
readonly hint?: string;
|
|
242
|
+
/**
|
|
243
|
+
* Whether retrying the SAME call can plausibly succeed (C3). Stamped
|
|
244
|
+
* from the error kind by the executor; the harness-side transparent
|
|
245
|
+
* retry consults it together with the tool's side-effect safety.
|
|
246
|
+
*/
|
|
247
|
+
readonly recoverable?: boolean;
|
|
248
|
+
/** Model-facing recovery guidance derived from the error kind (C3). */
|
|
249
|
+
readonly recoveryHint?: RecoveryHint;
|
|
225
250
|
}
|
|
226
251
|
/**
|
|
227
252
|
* Either a `ToolResult` or a `ToolError`. The runtime always returns one
|
|
228
|
-
* of the two
|
|
253
|
+
* of the two - there is no implicit "tool fell through" outcome.
|
|
229
254
|
*
|
|
230
255
|
* @stable
|
|
231
256
|
*/
|
|
@@ -256,5 +281,5 @@ interface CompletedToolCall<TOutput = unknown> {
|
|
|
256
281
|
readonly stepNumber: number;
|
|
257
282
|
}
|
|
258
283
|
//#endregion
|
|
259
|
-
export { CompletedToolCall, ContentChunk, InboundSanitizationPolicy, MemoryGuardTier, ResultHandle, SandboxPolicy, SideEffectClass, ToolApproval, ToolError, ToolErrorKind, ToolOutcome, ToolResult, ToolSource, ToolTrustClass, TruncationStrategy };
|
|
284
|
+
export { CompletedToolCall, ContentChunk, InboundSanitizationPolicy, MemoryGuardTier, RecoveryHint, ResultHandle, SandboxPolicy, SideEffectClass, ToolApproval, ToolError, ToolErrorKind, ToolOutcome, ToolResult, ToolSource, ToolTrustClass, TruncationStrategy };
|
|
260
285
|
//# sourceMappingURL=tool.d.ts.map
|