@neeter/server 0.8.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +81 -0
- package/dist/hooks.d.ts +25 -1
- package/dist/hooks.js +19 -1
- package/package.json +4 -3
package/README.md
ADDED
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
# @neeter/server
|
|
2
|
+
|
|
3
|
+
A Hono server toolkit that puts a browser UI on the [Claude Agent SDK](https://github.com/anthropics/claude-agent-sdk). Manages multi-turn sessions, translates SDK messages into named SSE events, and handles tool-approval permissions — so your React client gets a clean event stream out of the box.
|
|
4
|
+
|
|
5
|
+
Part of the [neeter](https://github.com/quantumleeps/neeter) toolkit.
|
|
6
|
+
|
|
7
|
+
## Install
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
pnpm add @neeter/server
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
Peer dependencies:
|
|
14
|
+
|
|
15
|
+
```json
|
|
16
|
+
{
|
|
17
|
+
"@anthropic-ai/claude-agent-sdk": ">=0.2.0",
|
|
18
|
+
"hono": ">=4.0.0"
|
|
19
|
+
}
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
## Quick start
|
|
23
|
+
|
|
24
|
+
```typescript
|
|
25
|
+
import { Hono } from "hono";
|
|
26
|
+
import { serve } from "@hono/node-server";
|
|
27
|
+
import {
|
|
28
|
+
createAgentRouter,
|
|
29
|
+
SessionManager,
|
|
30
|
+
MessageTranslator,
|
|
31
|
+
} from "@neeter/server";
|
|
32
|
+
|
|
33
|
+
const sessions = new SessionManager(() => ({
|
|
34
|
+
context: {},
|
|
35
|
+
model: "claude-sonnet-4-5-20250929",
|
|
36
|
+
systemPrompt: "You are a helpful assistant.",
|
|
37
|
+
maxTurns: 50,
|
|
38
|
+
}));
|
|
39
|
+
|
|
40
|
+
const translator = new MessageTranslator();
|
|
41
|
+
|
|
42
|
+
const app = new Hono();
|
|
43
|
+
app.route("/", createAgentRouter({ sessions, translator }));
|
|
44
|
+
|
|
45
|
+
serve({ fetch: app.fetch, port: 3000 });
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
This gives you five endpoints:
|
|
49
|
+
|
|
50
|
+
| Method | Path | Description |
|
|
51
|
+
|--------|------|-------------|
|
|
52
|
+
| `POST` | `/api/sessions` | Create a session |
|
|
53
|
+
| `POST` | `/api/sessions/:id/messages` | Send a message |
|
|
54
|
+
| `GET` | `/api/sessions/:id/events` | SSE event stream |
|
|
55
|
+
| `POST` | `/api/sessions/:id/permissions` | Respond to a permission request |
|
|
56
|
+
| `POST` | `/api/sessions/:id/abort` | Abort the current turn |
|
|
57
|
+
|
|
58
|
+
## Key features
|
|
59
|
+
|
|
60
|
+
- **Multi-turn sessions** — `SessionManager` + `PushChannel` let users send messages at any time, even while the agent is running.
|
|
61
|
+
- **Named SSE events** — `MessageTranslator` reshapes the SDK's flat message stream into `text_delta`, `tool_start`, `tool_call`, `tool_result`, and more.
|
|
62
|
+
- **Tool result hooks** — `onToolResult` lets you inspect what the agent did and emit structured custom events.
|
|
63
|
+
- **Permission modes** — `bypassPermissions`, `default`, `acceptEdits`, or `plan` — with browser-side approval via `PermissionGate`.
|
|
64
|
+
- **Extended thinking** — Pass `thinking: { type: "enabled", budgetTokens: N }` to stream chain-of-thought reasoning.
|
|
65
|
+
- **Abort** — Cancel the current agent turn mid-stream.
|
|
66
|
+
- **Sandbox hooks** — `createSandboxHook` restricts file operations to a directory.
|
|
67
|
+
|
|
68
|
+
## Examples
|
|
69
|
+
|
|
70
|
+
| Example | Description |
|
|
71
|
+
|---------|-------------|
|
|
72
|
+
| [basic-chat](https://github.com/quantumleeps/neeter/tree/main/examples/basic-chat) | Minimal server + client setup |
|
|
73
|
+
| [live-preview](https://github.com/quantumleeps/neeter/tree/main/examples/live-preview) | Per-session sandboxes, custom events, abort |
|
|
74
|
+
|
|
75
|
+
## Documentation
|
|
76
|
+
|
|
77
|
+
See the [neeter README](https://github.com/quantumleeps/neeter#readme) for full API reference, session context examples, and permission configuration.
|
|
78
|
+
|
|
79
|
+
## License
|
|
80
|
+
|
|
81
|
+
MIT
|
package/dist/hooks.d.ts
CHANGED
|
@@ -1,10 +1,34 @@
|
|
|
1
1
|
import type { HookCallbackMatcher } from "@anthropic-ai/claude-agent-sdk";
|
|
2
|
+
export interface SandboxHookOptions {
|
|
3
|
+
/**
|
|
4
|
+
* Allow Bash tool calls through the sandbox hook (default: `false`).
|
|
5
|
+
*
|
|
6
|
+
* Bash commands can reference arbitrary filesystem paths via subshells,
|
|
7
|
+
* variable expansion, redirects, and other shell features that can't be
|
|
8
|
+
* reliably inspected. When `false`, all Bash calls are blocked.
|
|
9
|
+
*
|
|
10
|
+
* If you need Bash access inside a sandbox, set this to `true` and use
|
|
11
|
+
* OS-level isolation instead: containers with `--network none` and a
|
|
12
|
+
* read-only filesystem, `@anthropic-ai/sandbox-runtime`, or VMs.
|
|
13
|
+
*
|
|
14
|
+
* @see https://platform.claude.com/docs/en/agent-sdk/secure-deployment
|
|
15
|
+
*/
|
|
16
|
+
allowBash?: boolean;
|
|
17
|
+
}
|
|
2
18
|
/**
|
|
3
19
|
* Creates a PreToolUse hook that blocks file operations outside a sandbox directory.
|
|
4
20
|
* Inspects `file_path` and `path` fields in tool input and blocks any resolved path
|
|
5
21
|
* that falls outside the given directory.
|
|
6
22
|
*
|
|
23
|
+
* Bash is blocked by default because shell commands can reference paths outside the
|
|
24
|
+
* sandbox in ways that can't be reliably detected (subshells, variable expansion,
|
|
25
|
+
* redirects, backticks). To sandbox Bash, use OS-level isolation — containers,
|
|
26
|
+
* `@anthropic-ai/sandbox-runtime`, or VMs — and set `options.allowBash` to `true`.
|
|
27
|
+
*
|
|
28
|
+
* @see https://platform.claude.com/docs/en/agent-sdk/secure-deployment
|
|
29
|
+
*
|
|
7
30
|
* @param sandboxDir - Absolute path to the sandbox directory (must already be resolved)
|
|
8
31
|
* @param resolvePath - Path resolver function (e.g. `path.resolve` from `node:path`)
|
|
32
|
+
* @param options - Configuration options
|
|
9
33
|
*/
|
|
10
|
-
export declare function createSandboxHook(sandboxDir: string, resolvePath: (...segments: string[]) => string): HookCallbackMatcher[];
|
|
34
|
+
export declare function createSandboxHook(sandboxDir: string, resolvePath: (...segments: string[]) => string, options?: SandboxHookOptions): HookCallbackMatcher[];
|
package/dist/hooks.js
CHANGED
|
@@ -3,17 +3,35 @@
|
|
|
3
3
|
* Inspects `file_path` and `path` fields in tool input and blocks any resolved path
|
|
4
4
|
* that falls outside the given directory.
|
|
5
5
|
*
|
|
6
|
+
* Bash is blocked by default because shell commands can reference paths outside the
|
|
7
|
+
* sandbox in ways that can't be reliably detected (subshells, variable expansion,
|
|
8
|
+
* redirects, backticks). To sandbox Bash, use OS-level isolation — containers,
|
|
9
|
+
* `@anthropic-ai/sandbox-runtime`, or VMs — and set `options.allowBash` to `true`.
|
|
10
|
+
*
|
|
11
|
+
* @see https://platform.claude.com/docs/en/agent-sdk/secure-deployment
|
|
12
|
+
*
|
|
6
13
|
* @param sandboxDir - Absolute path to the sandbox directory (must already be resolved)
|
|
7
14
|
* @param resolvePath - Path resolver function (e.g. `path.resolve` from `node:path`)
|
|
15
|
+
* @param options - Configuration options
|
|
8
16
|
*/
|
|
9
|
-
export function createSandboxHook(sandboxDir, resolvePath) {
|
|
17
|
+
export function createSandboxHook(sandboxDir, resolvePath, options) {
|
|
10
18
|
const normalizedDir = resolvePath(sandboxDir);
|
|
19
|
+
const allowBash = options?.allowBash ?? false;
|
|
11
20
|
return [
|
|
12
21
|
{
|
|
13
22
|
hooks: [
|
|
14
23
|
async (input) => {
|
|
15
24
|
if (input.hook_event_name !== "PreToolUse")
|
|
16
25
|
return {};
|
|
26
|
+
const toolName = input.tool_name;
|
|
27
|
+
if (toolName === "Bash" && !allowBash) {
|
|
28
|
+
return {
|
|
29
|
+
decision: "block",
|
|
30
|
+
reason: "Bash is blocked in sandbox mode — shell commands can reference arbitrary paths. " +
|
|
31
|
+
"Use allowBash with OS-level isolation (containers, sandbox-runtime) for Bash access. " +
|
|
32
|
+
"See https://platform.claude.com/docs/en/agent-sdk/secure-deployment",
|
|
33
|
+
};
|
|
34
|
+
}
|
|
17
35
|
const toolInput = input.tool_input;
|
|
18
36
|
const filePath = (toolInput.file_path ?? toolInput.path);
|
|
19
37
|
if (!filePath)
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@neeter/server",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.9.0",
|
|
4
4
|
"description": "Hono server toolkit for building chat UIs on top of the Claude Agent SDK",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Dan Leeper",
|
|
@@ -17,10 +17,11 @@
|
|
|
17
17
|
}
|
|
18
18
|
},
|
|
19
19
|
"files": [
|
|
20
|
-
"dist"
|
|
20
|
+
"dist",
|
|
21
|
+
"README.md"
|
|
21
22
|
],
|
|
22
23
|
"dependencies": {
|
|
23
|
-
"@neeter/types": "0.
|
|
24
|
+
"@neeter/types": "0.9.0"
|
|
24
25
|
},
|
|
25
26
|
"peerDependencies": {
|
|
26
27
|
"@anthropic-ai/claude-agent-sdk": ">=0.2.0",
|