@neeter/server 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +81 -0
  2. package/dist/hooks.d.ts +25 -1
  3. package/dist/hooks.js +19 -1
  4. package/package.json +4 -3
package/README.md ADDED
@@ -0,0 +1,81 @@
1
+ # @neeter/server
2
+
3
+ A Hono server toolkit that puts a browser UI on the [Claude Agent SDK](https://github.com/anthropics/claude-agent-sdk). Manages multi-turn sessions, translates SDK messages into named SSE events, and handles tool-approval permissions — so your React client gets a clean event stream out of the box.
4
+
5
+ Part of the [neeter](https://github.com/quantumleeps/neeter) toolkit.
6
+
7
+ ## Install
8
+
9
+ ```bash
10
+ pnpm add @neeter/server
11
+ ```
12
+
13
+ Peer dependencies:
14
+
15
+ ```json
16
+ {
17
+ "@anthropic-ai/claude-agent-sdk": ">=0.2.0",
18
+ "hono": ">=4.0.0"
19
+ }
20
+ ```
21
+
22
+ ## Quick start
23
+
24
+ ```typescript
25
+ import { Hono } from "hono";
26
+ import { serve } from "@hono/node-server";
27
+ import {
28
+ createAgentRouter,
29
+ SessionManager,
30
+ MessageTranslator,
31
+ } from "@neeter/server";
32
+
33
+ const sessions = new SessionManager(() => ({
34
+ context: {},
35
+ model: "claude-sonnet-4-5-20250929",
36
+ systemPrompt: "You are a helpful assistant.",
37
+ maxTurns: 50,
38
+ }));
39
+
40
+ const translator = new MessageTranslator();
41
+
42
+ const app = new Hono();
43
+ app.route("/", createAgentRouter({ sessions, translator }));
44
+
45
+ serve({ fetch: app.fetch, port: 3000 });
46
+ ```
47
+
48
+ This gives you five endpoints:
49
+
50
+ | Method | Path | Description |
51
+ |--------|------|-------------|
52
+ | `POST` | `/api/sessions` | Create a session |
53
+ | `POST` | `/api/sessions/:id/messages` | Send a message |
54
+ | `GET` | `/api/sessions/:id/events` | SSE event stream |
55
+ | `POST` | `/api/sessions/:id/permissions` | Respond to a permission request |
56
+ | `POST` | `/api/sessions/:id/abort` | Abort the current turn |
57
+
58
+ ## Key features
59
+
60
+ - **Multi-turn sessions** — `SessionManager` + `PushChannel` let users send messages at any time, even while the agent is running.
61
+ - **Named SSE events** — `MessageTranslator` reshapes the SDK's flat message stream into `text_delta`, `tool_start`, `tool_call`, `tool_result`, and more.
62
+ - **Tool result hooks** — `onToolResult` lets you inspect what the agent did and emit structured custom events.
63
+ - **Permission modes** — `bypassPermissions`, `default`, `acceptEdits`, or `plan` — with browser-side approval via `PermissionGate`.
64
+ - **Extended thinking** — Pass `thinking: { type: "enabled", budgetTokens: N }` to stream chain-of-thought reasoning.
65
+ - **Abort** — Cancel the current agent turn mid-stream.
66
+ - **Sandbox hooks** — `createSandboxHook` restricts file operations to a directory.
67
+
68
+ ## Examples
69
+
70
+ | Example | Description |
71
+ |---------|-------------|
72
+ | [basic-chat](https://github.com/quantumleeps/neeter/tree/main/examples/basic-chat) | Minimal server + client setup |
73
+ | [live-preview](https://github.com/quantumleeps/neeter/tree/main/examples/live-preview) | Per-session sandboxes, custom events, abort |
74
+
75
+ ## Documentation
76
+
77
+ See the [neeter README](https://github.com/quantumleeps/neeter#readme) for full API reference, session context examples, and permission configuration.
78
+
79
+ ## License
80
+
81
+ MIT
package/dist/hooks.d.ts CHANGED
@@ -1,10 +1,34 @@
1
1
  import type { HookCallbackMatcher } from "@anthropic-ai/claude-agent-sdk";
2
+ export interface SandboxHookOptions {
3
+ /**
4
+ * Allow Bash tool calls through the sandbox hook (default: `false`).
5
+ *
6
+ * Bash commands can reference arbitrary filesystem paths via subshells,
7
+ * variable expansion, redirects, and other shell features that can't be
8
+ * reliably inspected. When `false`, all Bash calls are blocked.
9
+ *
10
+ * If you need Bash access inside a sandbox, set this to `true` and use
11
+ * OS-level isolation instead: containers with `--network none` and a
12
+ * read-only filesystem, `@anthropic-ai/sandbox-runtime`, or VMs.
13
+ *
14
+ * @see https://platform.claude.com/docs/en/agent-sdk/secure-deployment
15
+ */
16
+ allowBash?: boolean;
17
+ }
2
18
  /**
3
19
  * Creates a PreToolUse hook that blocks file operations outside a sandbox directory.
4
20
  * Inspects `file_path` and `path` fields in tool input and blocks any resolved path
5
21
  * that falls outside the given directory.
6
22
  *
23
+ * Bash is blocked by default because shell commands can reference paths outside the
24
+ * sandbox in ways that can't be reliably detected (subshells, variable expansion,
25
+ * redirects, backticks). To sandbox Bash, use OS-level isolation — containers,
26
+ * `@anthropic-ai/sandbox-runtime`, or VMs — and set `options.allowBash` to `true`.
27
+ *
28
+ * @see https://platform.claude.com/docs/en/agent-sdk/secure-deployment
29
+ *
7
30
  * @param sandboxDir - Absolute path to the sandbox directory (must already be resolved)
8
31
  * @param resolvePath - Path resolver function (e.g. `path.resolve` from `node:path`)
32
+ * @param options - Configuration options
9
33
  */
10
- export declare function createSandboxHook(sandboxDir: string, resolvePath: (...segments: string[]) => string): HookCallbackMatcher[];
34
+ export declare function createSandboxHook(sandboxDir: string, resolvePath: (...segments: string[]) => string, options?: SandboxHookOptions): HookCallbackMatcher[];
package/dist/hooks.js CHANGED
@@ -3,17 +3,35 @@
3
3
  * Inspects `file_path` and `path` fields in tool input and blocks any resolved path
4
4
  * that falls outside the given directory.
5
5
  *
6
+ * Bash is blocked by default because shell commands can reference paths outside the
7
+ * sandbox in ways that can't be reliably detected (subshells, variable expansion,
8
+ * redirects, backticks). To sandbox Bash, use OS-level isolation — containers,
9
+ * `@anthropic-ai/sandbox-runtime`, or VMs — and set `options.allowBash` to `true`.
10
+ *
11
+ * @see https://platform.claude.com/docs/en/agent-sdk/secure-deployment
12
+ *
6
13
  * @param sandboxDir - Absolute path to the sandbox directory (must already be resolved)
7
14
  * @param resolvePath - Path resolver function (e.g. `path.resolve` from `node:path`)
15
+ * @param options - Configuration options
8
16
  */
9
- export function createSandboxHook(sandboxDir, resolvePath) {
17
+ export function createSandboxHook(sandboxDir, resolvePath, options) {
10
18
  const normalizedDir = resolvePath(sandboxDir);
19
+ const allowBash = options?.allowBash ?? false;
11
20
  return [
12
21
  {
13
22
  hooks: [
14
23
  async (input) => {
15
24
  if (input.hook_event_name !== "PreToolUse")
16
25
  return {};
26
+ const toolName = input.tool_name;
27
+ if (toolName === "Bash" && !allowBash) {
28
+ return {
29
+ decision: "block",
30
+ reason: "Bash is blocked in sandbox mode — shell commands can reference arbitrary paths. " +
31
+ "Use allowBash with OS-level isolation (containers, sandbox-runtime) for Bash access. " +
32
+ "See https://platform.claude.com/docs/en/agent-sdk/secure-deployment",
33
+ };
34
+ }
17
35
  const toolInput = input.tool_input;
18
36
  const filePath = (toolInput.file_path ?? toolInput.path);
19
37
  if (!filePath)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@neeter/server",
3
- "version": "0.8.0",
3
+ "version": "0.9.0",
4
4
  "description": "Hono server toolkit for building chat UIs on top of the Claude Agent SDK",
5
5
  "license": "MIT",
6
6
  "author": "Dan Leeper",
@@ -17,10 +17,11 @@
17
17
  }
18
18
  },
19
19
  "files": [
20
- "dist"
20
+ "dist",
21
+ "README.md"
21
22
  ],
22
23
  "dependencies": {
23
- "@neeter/types": "0.8.0"
24
+ "@neeter/types": "0.9.0"
24
25
  },
25
26
  "peerDependencies": {
26
27
  "@anthropic-ai/claude-agent-sdk": ">=0.2.0",