@openwop/openwop 1.1.2 → 1.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client.d.ts +76 -1
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +195 -0
- package/dist/client.js.map +1 -1
- package/dist/envelope-directive.d.ts +77 -0
- package/dist/envelope-directive.d.ts.map +1 -0
- package/dist/envelope-directive.js +89 -0
- package/dist/envelope-directive.js.map +1 -0
- package/dist/event-helpers.d.ts +4 -1
- package/dist/event-helpers.d.ts.map +1 -1
- package/dist/event-helpers.js +7 -0
- package/dist/event-helpers.js.map +1 -1
- package/dist/index.d.ts +6 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +18 -1
- package/dist/index.js.map +1 -1
- package/dist/parse-refusal.d.ts +114 -0
- package/dist/parse-refusal.d.ts.map +1 -0
- package/dist/parse-refusal.js +216 -0
- package/dist/parse-refusal.js.map +1 -0
- package/dist/types.d.ts +161 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/package.json +1 -1
- package/src/client.ts +203 -0
- package/src/envelope-directive.ts +110 -0
- package/src/event-helpers.ts +13 -0
- package/src/index.ts +28 -0
- package/src/parse-refusal.ts +311 -0
- package/src/types.ts +162 -0
|
@@ -0,0 +1,311 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* parseRefusal — normalize per-provider LLM safety-stop signals to the
|
|
3
|
+
* canonical RFC 0032 §B.3 refusal shape.
|
|
4
|
+
*
|
|
5
|
+
* The three Tier-1 vendors (Anthropic / OpenAI / Google Gemini) surface
|
|
6
|
+
* refusals through different fields:
|
|
7
|
+
*
|
|
8
|
+
* - **Anthropic Messages API**: `stop_reason: "refusal"` (their 2025
|
|
9
|
+
* release) OR `stop_reason: "end_turn"` accompanied by safety-stop
|
|
10
|
+
* markers in the content. Refusal text MAY be inline in the
|
|
11
|
+
* `content[]` array's text blocks.
|
|
12
|
+
* - **OpenAI Chat Completions**: `choices[0].finish_reason:
|
|
13
|
+
* "content_filter"` OR `choices[0].message.refusal: <string>` (the
|
|
14
|
+
* refusal-text field added in their structured-output release).
|
|
15
|
+
* - **Google Gemini**: `candidates[0].finishReason: "SAFETY"` OR
|
|
16
|
+
* `promptFeedback.blockReason: "SAFETY"` (input-side block).
|
|
17
|
+
*
|
|
18
|
+
* Without normalization, every host re-implements this detection. This
|
|
19
|
+
* helper consolidates the per-vendor shape-detection and returns a
|
|
20
|
+
* canonical `RefusalSignal | null` — null when the response is a
|
|
21
|
+
* normal completion (no refusal detected).
|
|
22
|
+
*
|
|
23
|
+
* Per RFC 0032 §B.3 + RFC 0033 §D, hosts MUST NOT retry on refusal
|
|
24
|
+
* (circumvention concern). Callers route the non-null return through
|
|
25
|
+
* `envelope.refusal` emission + the `envelope_refusal` terminal error
|
|
26
|
+
* code (per RFC 0033 §F).
|
|
27
|
+
*
|
|
28
|
+
* Per SECURITY/invariants.yaml §envelope-refusal-no-prompt-leak,
|
|
29
|
+
* `refusalText` MUST be passed through the host's BYOK redaction
|
|
30
|
+
* harness BEFORE persistence — this helper does NOT redact; the
|
|
31
|
+
* caller is responsible for SR-1 carry-forward.
|
|
32
|
+
*
|
|
33
|
+
* @see RFCS/0032-envelope-reliability-events.md §B.3
|
|
34
|
+
* @see RFCS/0033-envelope-completion-contract.md §D + §F
|
|
35
|
+
* @see SECURITY/invariants.yaml §envelope-refusal-no-prompt-leak
|
|
36
|
+
*/
|
|
37
|
+
|
|
38
|
+
/**
|
|
39
|
+
* Provider identifier for the matched shape. `"unknown"` is reserved
|
|
40
|
+
* for refusals matched on heuristic signals without a definitive
|
|
41
|
+
* vendor-shape match.
|
|
42
|
+
*/
|
|
43
|
+
export type RefusalProvider = 'anthropic' | 'openai' | 'google' | 'unknown';
|
|
44
|
+
|
|
45
|
+
/**
|
|
46
|
+
* Canonical refusal signal. All three Tier-1 vendor shapes normalize
|
|
47
|
+
* to this form. `null` from `parseRefusal()` means "no refusal detected"
|
|
48
|
+
* (a normal completion); a non-null `RefusalSignal` means the caller
|
|
49
|
+
* SHOULD route through the RFC 0032 §B.3 refusal-emission path.
|
|
50
|
+
*/
|
|
51
|
+
export interface RefusalSignal {
|
|
52
|
+
/**
|
|
53
|
+
* The provider's refusal text, when surfaced. MAY be `null` even for
|
|
54
|
+
* detected refusals — Anthropic + Gemini frequently refuse without
|
|
55
|
+
* inline text (the safety filter is opaque to the model). OpenAI's
|
|
56
|
+
* `message.refusal` field is the most consistent source of human-
|
|
57
|
+
* readable refusal text.
|
|
58
|
+
*
|
|
59
|
+
* **SECURITY:** When non-null, `refusalText` MAY contain prompt
|
|
60
|
+
* content that triggered the safety filter. Callers MUST pass it
|
|
61
|
+
* through their BYOK + prompt-content redaction harness BEFORE
|
|
62
|
+
* persistence (per `envelope-refusal-no-prompt-leak` SECURITY
|
|
63
|
+
* invariant).
|
|
64
|
+
*/
|
|
65
|
+
refusalText: string | null;
|
|
66
|
+
|
|
67
|
+
/**
|
|
68
|
+
* Provider-specific safety-category identifier, when surfaced.
|
|
69
|
+
* Examples: Gemini's safety-rating categories
|
|
70
|
+
* (`HARM_CATEGORY_HARASSMENT`, etc.), OpenAI's content-filter category,
|
|
71
|
+
* Anthropic's policy-violation tag. Hosts MAY echo this on the
|
|
72
|
+
* `envelope.refusal.safetyCategory` event field for downstream
|
|
73
|
+
* observability.
|
|
74
|
+
*/
|
|
75
|
+
safetyCategory?: string;
|
|
76
|
+
|
|
77
|
+
/**
|
|
78
|
+
* Which provider's shape was matched. Useful for debugging
|
|
79
|
+
* cross-host integration + for hosts that want to route refusals
|
|
80
|
+
* differently per vendor (e.g., different operator notifications).
|
|
81
|
+
*/
|
|
82
|
+
provider: RefusalProvider;
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
interface OpenAIChoiceMessage {
|
|
86
|
+
refusal?: unknown;
|
|
87
|
+
content?: unknown;
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
interface OpenAIChoice {
|
|
91
|
+
finish_reason?: unknown;
|
|
92
|
+
message?: unknown;
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
interface OpenAIResponse {
|
|
96
|
+
choices?: unknown;
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
interface AnthropicTextBlock {
|
|
100
|
+
type?: unknown;
|
|
101
|
+
text?: unknown;
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
interface AnthropicResponse {
|
|
105
|
+
stop_reason?: unknown;
|
|
106
|
+
content?: unknown;
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
interface GeminiSafetyRating {
|
|
110
|
+
category?: unknown;
|
|
111
|
+
probability?: unknown;
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
interface GeminiCandidate {
|
|
115
|
+
finishReason?: unknown;
|
|
116
|
+
safetyRatings?: unknown;
|
|
117
|
+
content?: unknown;
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
interface GeminiPromptFeedback {
|
|
121
|
+
blockReason?: unknown;
|
|
122
|
+
safetyRatings?: unknown;
|
|
123
|
+
}
|
|
124
|
+
|
|
125
|
+
interface GeminiResponse {
|
|
126
|
+
candidates?: unknown;
|
|
127
|
+
promptFeedback?: unknown;
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
/**
|
|
131
|
+
* Try to parse the response as OpenAI Chat Completions output.
|
|
132
|
+
*
|
|
133
|
+
* Detection: top-level `choices` array. Refusal signals:
|
|
134
|
+
* - `choices[0].finish_reason === "content_filter"`
|
|
135
|
+
* - `choices[0].message.refusal` is a non-empty string
|
|
136
|
+
*/
|
|
137
|
+
function tryParseOpenAI(response: unknown): RefusalSignal | null {
|
|
138
|
+
if (!response || typeof response !== 'object') return null;
|
|
139
|
+
const r = response as OpenAIResponse;
|
|
140
|
+
if (!Array.isArray(r.choices) || r.choices.length === 0) return null;
|
|
141
|
+
const choice = r.choices[0] as OpenAIChoice;
|
|
142
|
+
if (!choice || typeof choice !== 'object') return null;
|
|
143
|
+
|
|
144
|
+
const finishReason = choice.finish_reason;
|
|
145
|
+
const message = choice.message as OpenAIChoiceMessage | undefined;
|
|
146
|
+
const refusalField = message && typeof message === 'object' ? message.refusal : undefined;
|
|
147
|
+
|
|
148
|
+
// Primary signal: explicit refusal-text field. OpenAI's structured-output
|
|
149
|
+
// release populates this when the safety filter intervenes.
|
|
150
|
+
if (typeof refusalField === 'string' && refusalField.length > 0) {
|
|
151
|
+
return { refusalText: refusalField, provider: 'openai' };
|
|
152
|
+
}
|
|
153
|
+
|
|
154
|
+
// Secondary signal: finish_reason. content_filter is the canonical
|
|
155
|
+
// safety-stop value.
|
|
156
|
+
if (finishReason === 'content_filter') {
|
|
157
|
+
const text =
|
|
158
|
+
message && typeof message === 'object' && typeof message.content === 'string'
|
|
159
|
+
? message.content
|
|
160
|
+
: null;
|
|
161
|
+
return { refusalText: text, safetyCategory: 'content_filter', provider: 'openai' };
|
|
162
|
+
}
|
|
163
|
+
|
|
164
|
+
return null;
|
|
165
|
+
}
|
|
166
|
+
|
|
167
|
+
/**
|
|
168
|
+
* Try to parse the response as Anthropic Messages API output.
|
|
169
|
+
*
|
|
170
|
+
* Detection: top-level `stop_reason` field (Anthropic's distinctive
|
|
171
|
+
* marker). Refusal signals:
|
|
172
|
+
* - `stop_reason === "refusal"` (their 2025 release)
|
|
173
|
+
*
|
|
174
|
+
* Anthropic does not surface a distinct safety-category field on
|
|
175
|
+
* refusals; the `refusal` stop_reason is the binary signal.
|
|
176
|
+
*/
|
|
177
|
+
function tryParseAnthropic(response: unknown): RefusalSignal | null {
|
|
178
|
+
if (!response || typeof response !== 'object') return null;
|
|
179
|
+
const r = response as AnthropicResponse;
|
|
180
|
+
if (typeof r.stop_reason !== 'string') return null;
|
|
181
|
+
|
|
182
|
+
if (r.stop_reason === 'refusal') {
|
|
183
|
+
// Extract refusal text from the content array (Anthropic returns an
|
|
184
|
+
// array of typed blocks; refusal text appears in `text`-type blocks).
|
|
185
|
+
let refusalText: string | null = null;
|
|
186
|
+
if (Array.isArray(r.content)) {
|
|
187
|
+
const textBlocks: string[] = [];
|
|
188
|
+
for (const block of r.content) {
|
|
189
|
+
if (block && typeof block === 'object') {
|
|
190
|
+
const b = block as AnthropicTextBlock;
|
|
191
|
+
if (b.type === 'text' && typeof b.text === 'string') {
|
|
192
|
+
textBlocks.push(b.text);
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
}
|
|
196
|
+
if (textBlocks.length > 0) refusalText = textBlocks.join('\n');
|
|
197
|
+
}
|
|
198
|
+
return { refusalText, provider: 'anthropic' };
|
|
199
|
+
}
|
|
200
|
+
|
|
201
|
+
return null;
|
|
202
|
+
}
|
|
203
|
+
|
|
204
|
+
/**
|
|
205
|
+
* Try to parse the response as Google Gemini `generateContent` output.
|
|
206
|
+
*
|
|
207
|
+
* Detection: top-level `candidates` array OR top-level `promptFeedback`
|
|
208
|
+
* object. Refusal signals:
|
|
209
|
+
* - `candidates[0].finishReason === "SAFETY"` (output-side block)
|
|
210
|
+
* - `promptFeedback.blockReason === "SAFETY"` (input-side block)
|
|
211
|
+
*
|
|
212
|
+
* Gemini surfaces safety categories on `safetyRatings[]`; this helper
|
|
213
|
+
* picks the highest-probability HIGH/MEDIUM-tier category as
|
|
214
|
+
* `safetyCategory` when available.
|
|
215
|
+
*/
|
|
216
|
+
function tryParseGemini(response: unknown): RefusalSignal | null {
|
|
217
|
+
if (!response || typeof response !== 'object') return null;
|
|
218
|
+
const r = response as GeminiResponse;
|
|
219
|
+
|
|
220
|
+
// Output-side safety block.
|
|
221
|
+
if (Array.isArray(r.candidates) && r.candidates.length > 0) {
|
|
222
|
+
const candidate = r.candidates[0] as GeminiCandidate;
|
|
223
|
+
if (candidate && typeof candidate === 'object' && candidate.finishReason === 'SAFETY') {
|
|
224
|
+
const safetyCategory = extractGeminiHighestRiskCategory(candidate.safetyRatings);
|
|
225
|
+
const result: RefusalSignal = { refusalText: null, provider: 'google' };
|
|
226
|
+
if (safetyCategory !== undefined) result.safetyCategory = safetyCategory;
|
|
227
|
+
return result;
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
|
|
231
|
+
// Input-side safety block (Gemini rejected the prompt itself).
|
|
232
|
+
if (r.promptFeedback && typeof r.promptFeedback === 'object') {
|
|
233
|
+
const pf = r.promptFeedback as GeminiPromptFeedback;
|
|
234
|
+
if (typeof pf.blockReason === 'string' && pf.blockReason.toUpperCase().includes('SAFETY')) {
|
|
235
|
+
const safetyCategory = extractGeminiHighestRiskCategory(pf.safetyRatings);
|
|
236
|
+
const result: RefusalSignal = { refusalText: null, provider: 'google' };
|
|
237
|
+
if (safetyCategory !== undefined) result.safetyCategory = safetyCategory;
|
|
238
|
+
return result;
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
return null;
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
/**
|
|
246
|
+
* From a Gemini `safetyRatings[]` array, return the highest-probability
|
|
247
|
+
* non-NEGLIGIBLE category identifier. Returns `undefined` when the
|
|
248
|
+
* array is absent or all ratings are NEGLIGIBLE.
|
|
249
|
+
*/
|
|
250
|
+
function extractGeminiHighestRiskCategory(safetyRatings: unknown): string | undefined {
|
|
251
|
+
if (!Array.isArray(safetyRatings)) return undefined;
|
|
252
|
+
const PROBABILITY_RANK: Record<string, number> = {
|
|
253
|
+
HIGH: 3,
|
|
254
|
+
MEDIUM: 2,
|
|
255
|
+
LOW: 1,
|
|
256
|
+
NEGLIGIBLE: 0,
|
|
257
|
+
};
|
|
258
|
+
let best: { category: string; rank: number } | null = null;
|
|
259
|
+
for (const rating of safetyRatings) {
|
|
260
|
+
if (!rating || typeof rating !== 'object') continue;
|
|
261
|
+
const r = rating as GeminiSafetyRating;
|
|
262
|
+
if (typeof r.category !== 'string' || typeof r.probability !== 'string') continue;
|
|
263
|
+
const rank = PROBABILITY_RANK[r.probability.toUpperCase()] ?? 0;
|
|
264
|
+
if (rank === 0) continue;
|
|
265
|
+
if (best === null || rank > best.rank) {
|
|
266
|
+
best = { category: r.category, rank };
|
|
267
|
+
}
|
|
268
|
+
}
|
|
269
|
+
return best?.category;
|
|
270
|
+
}
|
|
271
|
+
|
|
272
|
+
/**
|
|
273
|
+
* Parse a provider response into a canonical refusal signal.
|
|
274
|
+
*
|
|
275
|
+
* Returns `null` when no refusal is detected (normal completion).
|
|
276
|
+
* Returns a `RefusalSignal` when the response matches one of the
|
|
277
|
+
* three Tier-1 vendors' safety-stop shapes.
|
|
278
|
+
*
|
|
279
|
+
* Detection order: OpenAI → Anthropic → Gemini. Each detector inspects
|
|
280
|
+
* a distinctive top-level field, so cross-vendor false-positives are
|
|
281
|
+
* unlikely. A response that doesn't match any vendor shape returns
|
|
282
|
+
* `null` (hosts that route through novel providers add their own
|
|
283
|
+
* detector + fall back to this for the three known ones).
|
|
284
|
+
*
|
|
285
|
+
* @example
|
|
286
|
+
* ```ts
|
|
287
|
+
* import { parseRefusal } from '@openwop/openwop';
|
|
288
|
+
*
|
|
289
|
+
* const response = await callOpenAI({...});
|
|
290
|
+
* const refusal = parseRefusal(response);
|
|
291
|
+
* if (refusal) {
|
|
292
|
+
* // Route through envelope.refusal emission + envelope_refusal error code.
|
|
293
|
+
* // REMEMBER to redact refusalText through the BYOK harness before
|
|
294
|
+
* // persistence (SECURITY invariant envelope-refusal-no-prompt-leak).
|
|
295
|
+
* await emitEnvelopeRefusal({
|
|
296
|
+
* refusalText: redactBYOK(refusal.refusalText),
|
|
297
|
+
* safetyCategory: refusal.safetyCategory,
|
|
298
|
+
* provider: refusal.provider,
|
|
299
|
+
* });
|
|
300
|
+
* throw new EnvelopeRefusalError(...);
|
|
301
|
+
* }
|
|
302
|
+
* // ...normal-completion handling...
|
|
303
|
+
* ```
|
|
304
|
+
*/
|
|
305
|
+
export function parseRefusal(providerResponse: unknown): RefusalSignal | null {
|
|
306
|
+
return (
|
|
307
|
+
tryParseOpenAI(providerResponse) ??
|
|
308
|
+
tryParseAnthropic(providerResponse) ??
|
|
309
|
+
tryParseGemini(providerResponse)
|
|
310
|
+
);
|
|
311
|
+
}
|
package/src/types.ts
CHANGED
|
@@ -32,6 +32,10 @@ export interface Capabilities {
|
|
|
32
32
|
schemaRounds: number;
|
|
33
33
|
envelopesPerTurn: number;
|
|
34
34
|
maxNodeExecutions?: number;
|
|
35
|
+
/** RFC 0058. Engine-side wall-clock ceiling per run (ms); upper bound for `RunConfigurable.runTimeoutMs`. */
|
|
36
|
+
maxRunDurationMs?: number;
|
|
37
|
+
/** RFC 0058. Engine-side agent-loop iteration ceiling; upper bound for `RunConfigurable.maxLoopIterations`. */
|
|
38
|
+
maxLoopIterations?: number;
|
|
35
39
|
};
|
|
36
40
|
extensions?: Record<string, unknown>;
|
|
37
41
|
// Network-handshake superset (all `(future)` fields per capabilities.md)
|
|
@@ -44,6 +48,22 @@ export interface Capabilities {
|
|
|
44
48
|
minClientVersion?: string;
|
|
45
49
|
}
|
|
46
50
|
|
|
51
|
+
/**
|
|
52
|
+
* The `kind` discriminator on a `cap.breached` event payload
|
|
53
|
+
* (`run-event-payloads.schema.json#capBreached`). The four engine kinds, the
|
|
54
|
+
* RFC 0008 §K `wasm-*` runtime caps, and the RFC 0058 run-scoped bounds.
|
|
55
|
+
*/
|
|
56
|
+
export type CapBreachedKind =
|
|
57
|
+
| 'clarification'
|
|
58
|
+
| 'schema'
|
|
59
|
+
| 'envelopes'
|
|
60
|
+
| 'node-executions'
|
|
61
|
+
| 'wasm-memory'
|
|
62
|
+
| 'wasm-fuel'
|
|
63
|
+
| 'wasm-execution-time'
|
|
64
|
+
| 'run-duration'
|
|
65
|
+
| 'loop-iterations';
|
|
66
|
+
|
|
47
67
|
export interface RunSnapshot {
|
|
48
68
|
runId: string;
|
|
49
69
|
workflowId: string;
|
|
@@ -83,6 +103,15 @@ export interface RunSnapshot {
|
|
|
83
103
|
export interface RunConfigurable {
|
|
84
104
|
/** Override the per-run node-execution ceiling. Clamped server-side. */
|
|
85
105
|
recursionLimit?: number;
|
|
106
|
+
/** RFC 0058. Wall-clock run deadline (ms from `run.started`); clamped to
|
|
107
|
+
* `Capabilities.limits.maxRunDurationMs`. Breach → `cap.breached
|
|
108
|
+
* { kind: 'run-duration' }` + `run_timeout`. */
|
|
109
|
+
runTimeoutMs?: number;
|
|
110
|
+
/** RFC 0058. Agent-loop iteration ceiling (one per orchestrator turn);
|
|
111
|
+
* clamped to `Capabilities.limits.maxLoopIterations`. Breach →
|
|
112
|
+
* `cap.breached { kind: 'loop-iterations' }` + `loop_limit_exceeded`.
|
|
113
|
+
* Ignored unless the host advertises `capabilities.agents.loop.supported`. */
|
|
114
|
+
maxLoopIterations?: number;
|
|
86
115
|
/** Override AI model for nodes that consume `ctx.config.configurable.model`. */
|
|
87
116
|
model?: string;
|
|
88
117
|
/** Override AI temperature (server SHOULD enforce 0..2). */
|
|
@@ -254,6 +283,99 @@ export interface ForkRunResponse {
|
|
|
254
283
|
eventsUrl: string;
|
|
255
284
|
}
|
|
256
285
|
|
|
286
|
+
/** RFC 0056 — a non-blocking quality signal on a run/event/node. */
|
|
287
|
+
export type AnnotationSignal =
|
|
288
|
+
| { kind: 'rating'; rating: number }
|
|
289
|
+
| { kind: 'flag' }
|
|
290
|
+
| { kind: 'label'; label: string }
|
|
291
|
+
| { kind: 'correction'; correction: string };
|
|
292
|
+
|
|
293
|
+
/** RFC 0056 persisted annotation (`annotation.schema.json`). A side-resource —
|
|
294
|
+
* not a replayable run-event-log entry. */
|
|
295
|
+
export interface Annotation {
|
|
296
|
+
annotationId: string;
|
|
297
|
+
target: { runId: string; eventId?: string; nodeId?: string };
|
|
298
|
+
signal: AnnotationSignal;
|
|
299
|
+
actor: { principalRef: string };
|
|
300
|
+
note?: string;
|
|
301
|
+
createdAt: string;
|
|
302
|
+
}
|
|
303
|
+
|
|
304
|
+
/** RFC 0056 request body for `createAnnotation` (`annotation-create.schema.json`).
|
|
305
|
+
* The host assigns `annotationId`/`createdAt`/`actor` and binds `target.runId`. */
|
|
306
|
+
export interface CreateAnnotationRequest {
|
|
307
|
+
target?: { eventId?: string; nodeId?: string };
|
|
308
|
+
signal: AnnotationSignal;
|
|
309
|
+
note?: string;
|
|
310
|
+
}
|
|
311
|
+
|
|
312
|
+
/** RFC 0059 versioned, tenant·workspace-scoped ground-truth file
|
|
313
|
+
* (`workspace-file.schema.json`). The `list` endpoint returns this shape
|
|
314
|
+
* minus `content` (metadata only). */
|
|
315
|
+
export interface WorkspaceFile {
|
|
316
|
+
path: string;
|
|
317
|
+
content: string;
|
|
318
|
+
contentType?: string;
|
|
319
|
+
version: number;
|
|
320
|
+
etag?: string;
|
|
321
|
+
updatedAt: string;
|
|
322
|
+
}
|
|
323
|
+
|
|
324
|
+
/** RFC 0059 request body for `putWorkspaceFile` (`workspace-file-create.schema.json`).
|
|
325
|
+
* `path` is URL-bound; the host assigns `version`/`etag`/`updatedAt`.
|
|
326
|
+
* Optimistic concurrency is expressed via the `If-Match` header, not the body. */
|
|
327
|
+
export interface PutWorkspaceFileRequest {
|
|
328
|
+
content: string;
|
|
329
|
+
contentType?: string;
|
|
330
|
+
}
|
|
331
|
+
|
|
332
|
+
/**
|
|
333
|
+
* Response from `GET /v1/runs/{runId}/ancestry` — RFC 0040 §C cross-host
|
|
334
|
+
* composition parent. `parent: null` for top-level runs (not dispatched
|
|
335
|
+
* from any other run); otherwise `parent.wellKnownUrl` is set when the
|
|
336
|
+
* parent is on a different host so callers can walk the chain.
|
|
337
|
+
*
|
|
338
|
+
* Capability-gated: hosts not advertising
|
|
339
|
+
* `capabilities.multiAgent.executionModel.crossHostCausation.ancestryEndpointSupported: true`
|
|
340
|
+
* return 404; the SDK surfaces that as `null` via `runs.ancestry()`.
|
|
341
|
+
*/
|
|
342
|
+
export interface RunAncestryResponse {
|
|
343
|
+
runId: string;
|
|
344
|
+
hostId: string;
|
|
345
|
+
parent: null | {
|
|
346
|
+
runId: string;
|
|
347
|
+
hostId: string;
|
|
348
|
+
wellKnownUrl?: string;
|
|
349
|
+
cause: 'mcp-tool-call' | 'a2a-message' | 'core.subWorkflow' | 'core.dispatch';
|
|
350
|
+
};
|
|
351
|
+
}
|
|
352
|
+
|
|
353
|
+
/** RFC 0054 — response from `GET /v1/runs/{runId}:diff?against={otherRunId}`.
|
|
354
|
+
* Mirror of `run-diff-response.schema.json`. Deterministic, replay-aware
|
|
355
|
+
* structured diff of two runs' event sequences + terminal states. */
|
|
356
|
+
export interface RunDiffEventDiff {
|
|
357
|
+
seq: number;
|
|
358
|
+
op: 'added' | 'removed' | 'changed';
|
|
359
|
+
/** Present unless `op === 'added'`. */
|
|
360
|
+
aEvent?: RunEventDoc;
|
|
361
|
+
/** Present unless `op === 'removed'`. */
|
|
362
|
+
bEvent?: RunEventDoc;
|
|
363
|
+
}
|
|
364
|
+
|
|
365
|
+
export interface RunDiffResponse {
|
|
366
|
+
/** The `{runId}` run. */
|
|
367
|
+
a: string;
|
|
368
|
+
/** The `against` run. */
|
|
369
|
+
b: string;
|
|
370
|
+
/** Sequence at which the logs first diverge; null if identical. */
|
|
371
|
+
divergedAtSeq: number | null;
|
|
372
|
+
eventDiffs: RunDiffEventDiff[];
|
|
373
|
+
/** Diff of terminal RunSnapshot states (redaction-safe). */
|
|
374
|
+
stateDiff: Record<string, unknown>;
|
|
375
|
+
/** True if either run was in-flight and only a prefix was compared. */
|
|
376
|
+
truncated?: boolean;
|
|
377
|
+
}
|
|
378
|
+
|
|
257
379
|
export interface ResolveInterruptRequest {
|
|
258
380
|
resumeValue: unknown;
|
|
259
381
|
}
|
|
@@ -568,6 +690,19 @@ export interface AgentDecidedPayload {
|
|
|
568
690
|
[key: string]: unknown;
|
|
569
691
|
}
|
|
570
692
|
|
|
693
|
+
/** `memory.written` payload (RFC 0057). Content-free per-write attribution:
|
|
694
|
+
* identifiers + non-secret tags only — never the entry content (the read
|
|
695
|
+
* side serves that, already SR-1-redacted). `nodeId` is omitted for host
|
|
696
|
+
* session-end writes with no node attribution. */
|
|
697
|
+
export interface MemoryWrittenPayload {
|
|
698
|
+
memoryRef: string;
|
|
699
|
+
memoryId: string;
|
|
700
|
+
nodeId?: string;
|
|
701
|
+
agentId?: string;
|
|
702
|
+
tags?: string[];
|
|
703
|
+
[key: string]: unknown;
|
|
704
|
+
}
|
|
705
|
+
|
|
571
706
|
/** A `RunEventDoc` narrowed to a specific event-type discriminator +
|
|
572
707
|
* payload shape. Returned by the `isAgent*` type guards in
|
|
573
708
|
* `event-helpers.ts`. */
|
|
@@ -892,3 +1027,30 @@ function extractTraceId(traceparent: string): string | undefined {
|
|
|
892
1027
|
if (!traceId || !/^[0-9a-f]{32}$/i.test(traceId)) return undefined;
|
|
893
1028
|
return traceId;
|
|
894
1029
|
}
|
|
1030
|
+
|
|
1031
|
+
/**
|
|
1032
|
+
* One installed manifest agent, as projected by `GET /v1/agents` /
|
|
1033
|
+
* `GET /v1/agents/{agentId}` (RFC 0072 §A). Read-only — never carries the
|
|
1034
|
+
* system-prompt body, resolved handoff schemas, or credential material (SR-1).
|
|
1035
|
+
*/
|
|
1036
|
+
export interface AgentInventoryEntry {
|
|
1037
|
+
agentId: string;
|
|
1038
|
+
persona: string;
|
|
1039
|
+
label: string;
|
|
1040
|
+
description?: string;
|
|
1041
|
+
modelClass: string;
|
|
1042
|
+
packName: string;
|
|
1043
|
+
packVersion: string;
|
|
1044
|
+
toolAllowlist: string[];
|
|
1045
|
+
hasHandoffSchemas: boolean;
|
|
1046
|
+
memoryShape?: { scratchpad?: boolean; conversation?: boolean; longTerm?: boolean };
|
|
1047
|
+
confidenceThreshold?: number;
|
|
1048
|
+
/** RFC 0072 §C — optional capability tiers this host does not satisfy, inert here. */
|
|
1049
|
+
degraded?: string[];
|
|
1050
|
+
}
|
|
1051
|
+
|
|
1052
|
+
/** Response body for `GET /v1/agents` (RFC 0072 §A). */
|
|
1053
|
+
export interface AgentInventoryResponse {
|
|
1054
|
+
agents: AgentInventoryEntry[];
|
|
1055
|
+
total: number;
|
|
1056
|
+
}
|