@neus/sdk 1.1.7 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/README.md +17 -4
  2. package/cjs/cli-commands.cjs +101 -0
  3. package/cjs/index.cjs +612 -0
  4. package/cjs/mcp-hosts.cjs +91 -8
  5. package/cjs/runtime-adapters.cjs +218 -0
  6. package/cjs/runtime-mount.cjs +452 -0
  7. package/cli/neus.mjs +337 -86
  8. package/cli-commands.js +75 -0
  9. package/index.js +60 -2
  10. package/mcp-hosts.js +54 -12
  11. package/package.json +17 -2
  12. package/runtime-adapters.js +214 -0
  13. package/runtime-mount.js +522 -0
  14. package/types.d.ts +89 -0
package/cjs/runtime-mount.cjs ADDED
@@ -0,0 +1,452 @@
1
+ "use strict";
2
+ var __defProp = Object.defineProperty;
3
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
+ var __getOwnPropNames = Object.getOwnPropertyNames;
5
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
6
+ var __export = (target, all) => {
7
+ for (var name in all)
8
+ __defProp(target, name, { get: all[name], enumerable: true });
9
+ };
10
+ var __copyProps = (to, from, except, desc) => {
11
+ if (from && typeof from === "object" || typeof from === "function") {
12
+ for (let key of __getOwnPropNames(from))
13
+ if (!__hasOwnProp.call(to, key) && key !== except)
14
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
+ }
16
+ return to;
17
+ };
18
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
+
20
+ // runtime-mount.js
21
+ var runtime_mount_exports = {};
22
+ __export(runtime_mount_exports, {
23
+ RUNTIME_MOUNT_SCHEMA: () => RUNTIME_MOUNT_SCHEMA,
24
+ buildRuntimeBundle: () => buildRuntimeBundle,
25
+ evaluateMountFileHealth: () => evaluateMountFileHealth,
26
+ extractAgentContextFromProofs: () => extractAgentContextFromProofs,
27
+ isDelegationExpired: () => isDelegationExpired,
28
+ isRuntimeBundle: () => isRuntimeBundle,
29
+ normalizeWallet: () => normalizeWallet,
30
+ pickActiveDelegation: () => pickActiveDelegation,
31
+ pickIdentity: () => pickIdentity,
32
+ profileAgentToIdentitySeed: () => profileAgentToIdentitySeed,
33
+ resolveEffectiveRuntime: () => resolveEffectiveRuntime,
34
+ resolveRuntimeBundleFromMcp: () => resolveRuntimeBundleFromMcp
35
+ });
36
+ module.exports = __toCommonJS(runtime_mount_exports);
37
+ var RUNTIME_MOUNT_SCHEMA = "neus.runtime-mount.v1";
38
+ var PROOF_URL_BASE = "https://neus.network/proof/";
39
+ function normalizeWallet(value) {
40
+ const wallet = String(value || "").trim().toLowerCase();
41
+ return /^0x[a-f0-9]{40}$/.test(wallet) ? wallet : "";
42
+ }
43
+ function asString(value) {
44
+ const trimmed = String(value ?? "").trim();
45
+ return trimmed.length > 0 ? trimmed : "";
46
+ }
47
+ function asStringArray(value) {
48
+ if (!Array.isArray(value)) return [];
49
+ return value.map((item) => String(item || "").trim()).filter(Boolean);
50
+ }
51
+ function capabilitiesToArray(caps) {
52
+ if (Array.isArray(caps)) return asStringArray(caps);
53
+ if (!caps || typeof caps !== "object") return [];
54
+ return Object.entries(caps).filter(([, enabled]) => enabled === true).map(([key]) => String(key).trim()).filter(Boolean);
55
+ }
56
+ function isDelegationExpired(expiresAt) {
57
+ if (expiresAt === null || expiresAt === 0) return false;
58
+ const ms = Number(expiresAt);
59
+ return Number.isFinite(ms) && ms > 0 && ms <= Date.now();
60
+ }
61
+ function pickIdentity(identities, selector) {
62
+ const list = Array.isArray(identities) ? identities : [];
63
+ const qHash = asString(selector.identityQHash).toLowerCase();
64
+ if (qHash) {
65
+ return list.find((row) => asString(row.qHash).toLowerCase() === qHash) || null;
66
+ }
67
+ const agentId = asString(selector.agentId).toLowerCase();
68
+ const agentWallet = normalizeWallet(selector.agentWallet);
69
+ if (agentId) {
70
+ const byId = list.filter((row) => asString(row.agentId).toLowerCase() === agentId);
71
+ if (agentWallet) {
72
+ return byId.find((row) => normalizeWallet(row.agentWallet) === agentWallet) || byId[0] || null;
73
+ }
74
+ return byId[0] || null;
75
+ }
76
+ if (agentWallet) {
77
+ return list.find((row) => normalizeWallet(row.agentWallet) === agentWallet) || null;
78
+ }
79
+ return null;
80
+ }
81
+ function pickActiveDelegation(delegations, controllerWallet, agentWallet, agentId) {
82
+ const list = Array.isArray(delegations) ? delegations : [];
83
+ const controller = normalizeWallet(controllerWallet);
84
+ const agent = normalizeWallet(agentWallet);
85
+ const id = asString(agentId).toLowerCase();
86
+ const candidates = list.filter((row) => {
87
+ if (isDelegationExpired(row.expiresAt)) return false;
88
+ const rowAgent = normalizeWallet(row.agentWallet);
89
+ const rowController = normalizeWallet(row.controllerWallet);
90
+ if (agent && rowAgent && rowAgent !== agent) return false;
91
+ if (controller && rowController && rowController !== controller) return false;
92
+ if (id && row.agentId && asString(row.agentId).toLowerCase() !== id) return false;
93
+ return true;
94
+ });
95
+ return candidates[0] || null;
96
+ }
97
+ function resolveEffectiveRuntime(identity, delegation) {
98
+ const delProvider = asString(delegation?.provider);
99
+ const delModel = asString(delegation?.model);
100
+ if (delProvider || delModel) {
101
+ return {
102
+ provider: delProvider || "openai",
103
+ model: delModel || ""
104
+ };
105
+ }
106
+ const defaultRuntime = identity?.defaultRuntime && typeof identity.defaultRuntime === "object" ? identity.defaultRuntime : null;
107
+ const idProvider = asString(defaultRuntime?.provider);
108
+ const idModel = asString(defaultRuntime?.model);
109
+ if (idProvider || idModel) {
110
+ return {
111
+ provider: idProvider || "openai",
112
+ model: idModel || ""
113
+ };
114
+ }
115
+ return null;
116
+ }
117
+ function extractAgentContextFromProofs(proofs) {
118
+ const identities = [];
119
+ const delegations = [];
120
+ const list = Array.isArray(proofs) ? proofs : [];
121
+ for (const proof of list) {
122
+ const qHash = asString(proof?.qHash);
123
+ const verifiedVerifiers = Array.isArray(proof?.verifiedVerifiers) ? proof.verifiedVerifiers : [];
124
+ for (const vv of verifiedVerifiers) {
125
+ const verifierId = asString(vv?.verifierId);
126
+ const vvData = vv?.data && typeof vv.data === "object" ? vv.data : {};
127
+ if (verifierId === "agent-identity") {
128
+ identities.push({
129
+ qHash,
130
+ agentId: vvData.agentId || null,
131
+ agentWallet: vvData.agentWallet || null,
132
+ agentLabel: vvData.agentLabel || vvData.agentId || "Agent",
133
+ agentType: vvData.agentType || "agent",
134
+ description: vvData.description || null,
135
+ capabilities: capabilitiesToArray(vvData.capabilities),
136
+ skills: Array.isArray(vvData.skills) ? vvData.skills : [],
137
+ instructions: vvData.instructions || null,
138
+ services: Array.isArray(vvData.services) ? vvData.services : [],
139
+ defaultRuntime: vvData.defaultRuntime && typeof vvData.defaultRuntime === "object" ? vvData.defaultRuntime : void 0
140
+ });
141
+ }
142
+ if (verifierId === "agent-delegation") {
143
+ delegations.push({
144
+ qHash,
145
+ controllerWallet: vvData.controllerWallet || null,
146
+ agentWallet: vvData.agentWallet || null,
147
+ agentId: vvData.agentId || null,
148
+ scope: vvData.scope || "global",
149
+ allowedActions: asStringArray(vvData.allowedActions),
150
+ deniedActions: asStringArray(vvData.deniedActions),
151
+ runtimePolicy: vvData.runtimePolicy && typeof vvData.runtimePolicy === "object" ? vvData.runtimePolicy : void 0,
152
+ expiresAt: vvData.expiresAt ?? null,
153
+ isExpired: isDelegationExpired(vvData.expiresAt),
154
+ maxSpend: vvData.maxSpend !== null ? String(vvData.maxSpend) : void 0,
155
+ instructions: vvData.instructions || null,
156
+ skills: Array.isArray(vvData.skills) ? vvData.skills : [],
157
+ provider: vvData.provider || vvData.modelProvider || null,
158
+ model: vvData.model || null
159
+ });
160
+ }
161
+ }
162
+ }
163
+ return { identities, delegations };
164
+ }
165
+ function buildRuntimeBundle(input) {
166
+ const identity = input.identity || {};
167
+ const delegation = input.delegation || null;
168
+ const identityQHash = asString(input.identityQHash || identity.qHash);
169
+ const delegationQHash = delegation ? asString(input.delegationQHash || delegation.qHash) : null;
170
+ const agentId = asString(identity.agentId);
171
+ const agentWallet = normalizeWallet(identity.agentWallet);
172
+ if (!identityQHash || !agentId || !agentWallet) {
173
+ throw new Error("Runtime mount requires verified agent identity (agentId, agentWallet, identityQHash).");
174
+ }
175
+ const effectiveRuntime = resolveEffectiveRuntime(identity, delegation);
176
+ const deniedActions = delegation ? asStringArray(delegation.deniedActions) : [];
177
+ const allowedActions = delegation ? asStringArray(delegation.allowedActions) : void 0;
178
+ const requiresHumanApproval = delegation?.runtimePolicy && typeof delegation.runtimePolicy === "object" && delegation.runtimePolicy.requiresHumanApproval === true;
179
+ const capabilities = asStringArray(identity.capabilities);
180
+ const skills = Array.isArray(identity.skills) ? identity.skills : [];
181
+ const skillIds = skills.map(
182
+ (skill) => typeof skill === "string" ? skill : asString(skill?.id || skill?.label)
183
+ ).filter(Boolean);
184
+ const delegations = delegation ? [delegation] : [];
185
+ const activeDelegations = delegations.filter((row) => !row.isExpired).length;
186
+ return {
187
+ schema: RUNTIME_MOUNT_SCHEMA,
188
+ mountedAt: (/* @__PURE__ */ new Date()).toISOString(),
189
+ trust: {
190
+ identityQHash,
191
+ delegationQHash: delegationQHash || null,
192
+ identityProofUrl: `${PROOF_URL_BASE}${identityQHash}`,
193
+ delegationProofUrl: delegationQHash ? `${PROOF_URL_BASE}${delegationQHash}` : null
194
+ },
195
+ identity: {
196
+ agentId,
197
+ agentWallet,
198
+ agentLabel: asString(identity.agentLabel) || agentId,
199
+ agentType: asString(identity.agentType) || "agent",
200
+ description: asString(identity.description) || void 0,
201
+ instructions: asString(identity.instructions) || void 0,
202
+ capabilities,
203
+ skills,
204
+ services: Array.isArray(identity.services) ? identity.services : void 0,
205
+ defaultRuntime: identity.defaultRuntime && typeof identity.defaultRuntime === "object" ? identity.defaultRuntime : void 0
206
+ },
207
+ delegation: delegation ? {
208
+ controllerWallet: normalizeWallet(delegation.controllerWallet) || asString(delegation.controllerWallet),
209
+ scope: asString(delegation.scope) || void 0,
210
+ allowedActions,
211
+ deniedActions,
212
+ runtimePolicy: delegation.runtimePolicy,
213
+ expiresAt: delegation.expiresAt ?? null,
214
+ isExpired: Boolean(delegation.isExpired),
215
+ maxSpend: delegation.maxSpend,
216
+ instructions: asString(delegation.instructions) || void 0,
217
+ skills: Array.isArray(delegation.skills) ? delegation.skills : void 0,
218
+ provider: asString(delegation.provider) || void 0,
219
+ model: asString(delegation.model) || void 0
220
+ } : null,
221
+ effectiveRuntime,
222
+ tools: Array.isArray(input.tools) ? input.tools : [],
223
+ secretBindings: Array.isArray(input.secretBindings) ? input.secretBindings : [],
224
+ memoryRefs: Array.isArray(input.memoryRefs) ? input.memoryRefs : void 0,
225
+ enforce: {
226
+ deniedActions,
227
+ ...allowedActions?.length ? { allowedActions } : {},
228
+ ...requiresHumanApproval ? { requiresHumanApproval: true } : {}
229
+ },
230
+ contextPack: {
231
+ identityCount: 1,
232
+ delegationCount: delegations.length,
233
+ activeDelegations,
234
+ capabilitiesSummary: capabilities.slice(0, 32),
235
+ skillsSummary: skillIds.slice(0, 32)
236
+ }
237
+ };
238
+ }
239
+ function profileAgentToIdentitySeed(profileAgent) {
240
+ return {
241
+ agentId: profileAgent.agentId,
242
+ agentWallet: profileAgent.agentWallet,
243
+ agentLabel: profileAgent.agentLabel || profileAgent.name,
244
+ agentType: profileAgent.agentType || profileAgent.typeLabel,
245
+ description: profileAgent.description,
246
+ instructions: profileAgent.instructions,
247
+ capabilities: capabilitiesToArray(profileAgent.capabilities),
248
+ skills: Array.isArray(profileAgent.skills) ? profileAgent.skills : [],
249
+ services: Array.isArray(profileAgent.services) ? profileAgent.services : [],
250
+ identityQHash: profileAgent.identityQHash || profileAgent.qHash
251
+ };
252
+ }
253
+ function isRuntimeBundle(value) {
254
+ return Boolean(value && typeof value === "object" && value.schema === RUNTIME_MOUNT_SCHEMA);
255
+ }
256
+ async function resolveRuntimeBundleFromMcp(input) {
257
+ const accessKey = asString(input.accessKey);
258
+ if (!accessKey) {
259
+ throw new Error("NEUS access key or authenticated MCP session is required for runtime mount.");
260
+ }
261
+ const selector = {
262
+ agentId: input.agentId,
263
+ agentWallet: input.agentWallet,
264
+ identityQHash: input.identityQHash
265
+ };
266
+ if (!selector.agentId && !selector.agentWallet && !selector.identityQHash) {
267
+ throw new Error("Provide agentId, agentWallet, or identityQHash.");
268
+ }
269
+ let sessionId = "";
270
+ if (input.initializeMcp) {
271
+ const init = await input.initializeMcp();
272
+ sessionId = init.sessionId || "";
273
+ }
274
+ const mountArgs = {
275
+ ...selector.agentId ? { agentId: selector.agentId } : {},
276
+ ...selector.agentWallet ? { agentWallet: selector.agentWallet } : {},
277
+ ...selector.identityQHash ? { identityQHash: selector.identityQHash } : {}
278
+ };
279
+ const serverMount = await input.callMcpTool({
280
+ name: "neus_agent_mount",
281
+ args: mountArgs,
282
+ accessKey,
283
+ sessionId,
284
+ signal: input.signal
285
+ });
286
+ if (serverMount.ok) {
287
+ const payload = serverMount.payload;
288
+ if (isRuntimeBundle(payload)) {
289
+ return (
290
+ /** @type {import('./runtime-mount.js').RuntimeBundle} */
291
+ payload
292
+ );
293
+ }
294
+ if (payload && typeof payload === "object" && isRuntimeBundle(payload.data)) {
295
+ return (
296
+ /** @type {import('./runtime-mount.js').RuntimeBundle} */
297
+ payload.data
298
+ );
299
+ }
300
+ }
301
+ const me = await input.callMcpTool({
302
+ name: "neus_me",
303
+ args: {},
304
+ accessKey,
305
+ sessionId,
306
+ signal: input.signal
307
+ });
308
+ if (!me.ok) {
309
+ throw new Error(me.error || "Could not load profile context. Run `neus auth` and retry.");
310
+ }
311
+ const mePayload = (
312
+ /** @type {Record<string, unknown>} */
313
+ me.payload || {}
314
+ );
315
+ if (mePayload.status === "auth_required") {
316
+ throw new Error("Profile authentication required. Run `neus auth` or set NEUS_ACCESS_KEY.");
317
+ }
318
+ const principal = (
319
+ /** @type {Record<string, unknown>} */
320
+ mePayload.principal || {}
321
+ );
322
+ const controllerWallet = normalizeWallet(principal.primaryAccount);
323
+ const profileAgents = Array.isArray(mePayload.agents) ? mePayload.agents : [];
324
+ let agentWallet = normalizeWallet(selector.agentWallet);
325
+ let agentId = asString(selector.agentId);
326
+ if (!agentWallet && agentId) {
327
+ const row = profileAgents.find(
328
+ (row2) => asString(row2.agentId).toLowerCase() === agentId.toLowerCase()
329
+ );
330
+ if (row) {
331
+ agentWallet = normalizeWallet(row.agentWallet);
332
+ }
333
+ }
334
+ if (!agentId && agentWallet) {
335
+ const row = profileAgents.find((row2) => normalizeWallet(row2.agentWallet) === agentWallet);
336
+ if (row) agentId = asString(row.agentId);
337
+ }
338
+ if (!agentWallet && selector.identityQHash) {
339
+ const idProof = await input.callMcpTool({
340
+ name: "neus_proofs_get",
341
+ args: { qHash: selector.identityQHash, verifierId: "agent-identity" },
342
+ accessKey,
343
+ sessionId,
344
+ signal: input.signal
345
+ });
346
+ if (idProof.ok) {
347
+ const data = (
348
+ /** @type {Record<string, unknown>} */
349
+ idProof.payload?.data || idProof.payload || {}
350
+ );
351
+ const proofs = Array.isArray(data.proofs) ? data.proofs : [];
352
+ const extracted = extractAgentContextFromProofs(proofs);
353
+ const identity2 = pickIdentity(extracted.identities, selector);
354
+ if (identity2) {
355
+ agentWallet = normalizeWallet(identity2.agentWallet);
356
+ agentId = asString(identity2.agentId);
357
+ }
358
+ }
359
+ }
360
+ if (!agentWallet) {
361
+ throw new Error("Could not resolve agent wallet. Check agentId or link the agent on your profile.");
362
+ }
363
+ const [identityPage, delegationPage] = await Promise.all([
364
+ input.callMcpTool({
365
+ name: "neus_proofs_get",
366
+ args: { identifier: agentWallet, verifierId: "agent-identity", limit: 25 },
367
+ accessKey,
368
+ sessionId,
369
+ signal: input.signal
370
+ }),
371
+ controllerWallet ? input.callMcpTool({
372
+ name: "neus_proofs_get",
373
+ args: { identifier: controllerWallet, verifierId: "agent-delegation", limit: 50 },
374
+ accessKey,
375
+ sessionId,
376
+ signal: input.signal
377
+ }) : Promise.resolve({ ok: false })
378
+ ]);
379
+ const identityProofs = identityPage.ok ? (
380
+ /** @type {unknown[]} */
381
+ identityPage.payload?.data?.proofs || identityPage.payload?.proofs || []
382
+ ) : [];
383
+ const delegationProofs = delegationPage.ok ? (
384
+ /** @type {unknown[]} */
385
+ delegationPage.payload?.data?.proofs || delegationPage.payload?.proofs || []
386
+ ) : [];
387
+ const idCtx = extractAgentContextFromProofs(identityProofs);
388
+ const delCtx = extractAgentContextFromProofs(delegationProofs);
389
+ let identity = pickIdentity(idCtx.identities, { ...selector, agentId, agentWallet });
390
+ if (!identity && profileAgents.length > 0) {
391
+ const row = profileAgents.find(
392
+ (a) => asString(a.agentId).toLowerCase() === agentId.toLowerCase() || normalizeWallet(a.agentWallet) === agentWallet
393
+ );
394
+ if (row) {
395
+ identity = { ...profileAgentToIdentitySeed(row), agentWallet, agentId: agentId || asString(row.agentId) };
396
+ }
397
+ }
398
+ if (!identity) {
399
+ throw new Error("Agent identity proof not found. Complete agent setup on neus.network first.");
400
+ }
401
+ const delegation = pickActiveDelegation(
402
+ delCtx.delegations,
403
+ controllerWallet,
404
+ agentWallet,
405
+ agentId || asString(identity.agentId)
406
+ );
407
+ return buildRuntimeBundle({
408
+ identity,
409
+ delegation,
410
+ identityQHash: asString(identity.qHash || selector.identityQHash),
411
+ delegationQHash: delegation ? asString(delegation.qHash) : null,
412
+ tools: [],
413
+ secretBindings: []
414
+ });
415
+ }
416
+ function evaluateMountFileHealth(manifest) {
417
+ if (!manifest || manifest.schema !== RUNTIME_MOUNT_SCHEMA) {
418
+ return {
419
+ mountFileValid: false,
420
+ missingDelegation: true,
421
+ delegationExpired: false,
422
+ needsRefresh: true,
423
+ reason: "missing_or_invalid"
424
+ };
425
+ }
426
+ const delegationQHash = asString(manifest.trust?.delegationQHash);
427
+ const missingDelegation = !delegationQHash;
428
+ const expiresAt = manifest.delegation?.expiresAt;
429
+ const delegationExpired = Boolean(manifest.delegation?.isExpired) || isDelegationExpired(expiresAt);
430
+ return {
431
+ mountFileValid: true,
432
+ missingDelegation,
433
+ delegationExpired,
434
+ needsRefresh: missingDelegation || delegationExpired,
435
+ reason: delegationExpired ? "delegation_expired" : missingDelegation ? "delegation_missing" : null
436
+ };
437
+ }
438
+ // Annotate the CommonJS export names for ESM import in node:
439
+ 0 && (module.exports = {
440
+ RUNTIME_MOUNT_SCHEMA,
441
+ buildRuntimeBundle,
442
+ evaluateMountFileHealth,
443
+ extractAgentContextFromProofs,
444
+ isDelegationExpired,
445
+ isRuntimeBundle,
446
+ normalizeWallet,
447
+ pickActiveDelegation,
448
+ pickIdentity,
449
+ profileAgentToIdentitySeed,
450
+ resolveEffectiveRuntime,
451
+ resolveRuntimeBundleFromMcp
452
+ });