@robota-sdk/agent-sdk 3.0.0-beta.60 → 3.0.0-beta.61

package/README.md

@@ -1,6 +1,6 @@
 # @robota-sdk/agent-sdk
 
-Programmatic SDK for building AI agents with Robota. Provides `InteractiveSession` as the central client-facing API, `query()` for one-shot use, session management, built-in tools, permissions, hooks, streaming, and context loading.
+Programmatic SDK for building AI agents with Robota. Provides `InteractiveSession` as the central client-facing API, `createQuery()` for one-shot use, session management, SDK-owned command/common APIs, permissions, hooks, streaming, context loading, bounded prompt file references, and context reference inventory.
 
 This is the **assembly layer** of the Robota ecosystem — it composes lower-level packages (`agent-core`, `agent-tools`, `agent-sessions`, `agent-provider-anthropic`) into a cohesive SDK.
 
@@ -15,40 +15,52 @@ pnpm add @robota-sdk/agent-sdk
 ## Quick Start
 
 ```typescript
-import { query } from '@robota-sdk/agent-sdk';
+import { createQuery } from '@robota-sdk/agent-sdk';
+import { AnthropicProvider } from '@robota-sdk/agent-provider-anthropic';
+
+const provider = new AnthropicProvider({ apiKey: process.env.ANTHROPIC_API_KEY });
+const query = createQuery({ provider });
 
 // Simple one-shot query
 const response = await query('Show me the file list');
 
 // With options
-const response = await query('Analyze the code', {
+const queryWithOptions = createQuery({
+  provider,
   cwd: '/path/to/project',
   permissionMode: 'acceptEdits',
   maxTurns: 10,
   onTextDelta: (delta) => process.stdout.write(delta),
 });
+
+const detailedResponse = await queryWithOptions('Analyze the code');
 ```
 
 ## Features
 
 - **InteractiveSession** — Event-driven session wrapper (composition over Session). Central client-facing API for CLI, web, API server, or any other client
 - **SystemCommandExecutor + ISystemCommand** — SDK-level command execution infrastructure for product-composed command modules
-- **CommandRegistry, BuiltinCommandSource, SkillCommandSource** — Slash command registry and discovery (owned by SDK; agent-cli re-exports `CommandRegistry` from here)
-- **query()** — Single entry point for one-shot AI agent interactions with streaming support
-- **createSession()** — Assembly factory: wires tools, provider, config, and context into a Session
-- **Built-in Tools** — Bash, Read, Write, Edit, Glob, Grep, WebFetch, WebSearch are assembled for sessions; six local file/process/search exports are re-exported from `@robota-sdk/agent-tools`
+- **CommandRegistry, BuiltinCommandSource, SkillCommandSource** — Command registry and SDK common discovery APIs. User-visible built-ins are composed through `agent-command-*` packages.
+- **Model Command Common APIs** — Provider-neutral `/model` helpers that resolve active provider catalogs and optionally invoke provider-owned refresh hooks
+- **createQuery()** — Provider-bound factory for one-shot AI agent interactions with streaming support
+- **Session assembly** — Internal factory wires tools, provider, config, and context for `InteractiveSession`
+- **Built-in Tools** — Bash, Read, Write, Edit, Glob, Grep, WebFetch, WebSearch are assembled for SDK sessions; direct tool usage imports from `@robota-sdk/agent-tools`
+- **Sandbox Execution** — Optional `sandboxClient` injection routes Bash and core file tools through a provider-backed execution plane; `workspaceManifest` can prepare a fresh sandbox workspace before session creation
+- **Sandbox Hydration** — Snapshot-capable sandbox clients persist `sandboxSnapshotId` on shutdown and restore it before saved message replay on non-fork resume
 - **Agent Tool** — Sub-agent session creation for multi-agent workflows
 - **Permissions** — 3-step evaluation (deny list, allow list, mode policy) with four modes: `plan`, `default`, `acceptEdits`, `bypassPermissions`
 - **Hooks** — `PreToolUse`, `PostToolUse`, `PreCompact`, `PostCompact`, `SessionStart`, `UserPromptSubmit`, `Stop` events with shell command execution
 - **Streaming** — Real-time text delta callbacks via `onTextDelta`
 - **Context Loading** — AGENTS.md / CLAUDE.md walk-up discovery and system prompt assembly
-- **Config Loading** — 6-file settings merge with provider profiles, legacy provider compatibility, and `$ENV:VAR` substitution for provider API keys
+- **Prompt File References** — Path-like `@file` prompt references are resolved by the SDK under the session `cwd`, bounded by size/recursion limits, recorded as structured history events, and registered as observed context references
+- **Context Reference Inventory** — Manual `/context add` references are stored by `InteractiveSession`, included in future prompt model input, and exposed through SDK command common APIs
+- **Config Loading** — 6-file settings merge with provider profiles, legacy provider compatibility, and `$ENV:VAR` substitution for provider credentials
 - **Context Window Management** — Token tracking, configurable auto-compaction (default ~83.5%), manual `session.compact()`
 - **Background Jobs** — Runtime-managed subagent tasks with transcripts and task snapshots
 - **Agent Batch Jobs** — `Agent({ jobs: [...] })` starts explicit parallel subagent requests deterministically
 - **Edit Checkpoints** — Checkpoint/rewind support for safer edit workflows
 - **Project Memory** — Command-driven memory capture and retrieval surfaces
-- **Replay Events** — Session execution can forward provider/tool boundary events into append-only logs
+- **Replay Events** — Session execution can forward provider/tool boundary events and provider-native raw payload events into append-only logs
 - **Bundle Plugin System** — Install and manage reusable extensions packaged as bundle plugins
 
 ## Architecture
@@ -59,10 +71,10 @@ agent-sdk (assembly layer)
   │     └── Session       ← generic session (agent-sessions)
   ├── SystemCommandExecutor ← SDK-level command execution
   ├── CommandRegistry / BuiltinCommandSource / SkillCommandSource
-  ├── Agent tool batch jobs and background orchestration
+  ├── Agent runtime dependencies and background orchestration
   ├── Edit checkpoints and command-driven memory
-  ├── query()             ← one-shot entry point
-  ├── createSession()     ← assembly factory
+  ├── createQuery()       ← one-shot entry point factory
+  ├── createSession()     ← internal assembly factory
   └── deps:
         agent-sessions  (Session, SessionStore)
         agent-tools     (tool infrastructure + 8 built-in tools)
@@ -82,19 +94,22 @@ The SDK is **pure TypeScript with no React dependency**. The CLI is a thin TUI-o
 `InteractiveSession` wraps `Session` (composition over inheritance) to provide event-driven interaction for any client. It manages streaming text accumulation, tool execution state tracking, prompt queuing, abort orchestration, and message history. Logic that was previously embedded in CLI React hooks now lives here.
 
 ```typescript
-import { InteractiveSession } from '@robota-sdk/agent-sdk';
+import { InteractiveSession, createProjectSessionStore } from '@robota-sdk/agent-sdk';
 import type { IInteractiveSessionOptions } from '@robota-sdk/agent-sdk';
 
+const cwd = process.cwd();
+const sessionStore = createProjectSessionStore(cwd);
+
 const session = new InteractiveSession({
   config,
   context,
   projectInfo,
-  sessionStore, // SessionStore instance for persistence
-  resumeSessionId, // Session ID to restore (optional)
+  sessionStore, // SDK-owned project-local persistence facade
+  resumeSessionId, // Session ID to restore, including sandbox snapshot when available
   forkSession, // Session ID to fork from (optional)
   permissionMode: 'default',
   maxTurns: 10,
-  cwd: process.cwd(),
+  cwd,
   permissionHandler: async (toolName, toolArgs) => ({ allowed: true }),
 });
 
@@ -127,9 +142,17 @@ session.on('interrupted', (result) => {
 // Submit a prompt (queues if already executing, max 1 queued)
 await session.submit('Explain this code');
 
+// Path-like @file references are expanded into model-only prompt context by the SDK.
+// The user-visible history keeps the original prompt plus a structured file-reference event.
+await session.submit('Explain @AGENTS.md and @docs/SPEC.md');
+
 // Submit with display override (shown in UI) and raw input (for hook matching)
 await session.submit(fullPrompt, '/audit', '/rulebased-harness:audit');
 
+// Execute slash commands through the command layer. With the skills command module composed,
+// `/audit src/index.ts` is normalized by SDK to command "skills" with args "audit src/index.ts".
+await session.executeCommand('audit', 'src/index.ts');
+
 // Abort current execution and clear queue
 session.abort();
 
@@ -184,21 +207,38 @@ executor.register({
 
 // List all commands
 executor.listCommands(); // ISystemCommand[]
-executor.hasCommand('mode'); // boolean
+executor.hasCommand('permissions'); // boolean
 ```
 
-Product built-ins are supplied as `agent-command-*` modules. For example, `/help` is owned by `@robota-sdk/agent-command-help`, while `/compact` is owned by `@robota-sdk/agent-command-compact`.
+SDK core does not own user-visible built-in commands. Product built-ins are supplied as `agent-command-*` modules. SDK command identity is slash-free (`skills`, `help`, `compact`); UI shells render and parse those commands as slash syntax such as `/skills`, `/help`, and `/compact`.
+
+Command modules may use SDK common APIs for shared provider-neutral behavior. For `/model`, the SDK
+resolves the active provider from settings, reads provider-owned fallback metadata from injected
+`IProviderDefinition` records, and can invoke provider-owned catalog refresh hooks. The CLI/TUI must
+only render command results and must not own provider model lists.
+
+For provider setup, the SDK projects provider-owned setup help links from `IProviderDefinition`
+records into generic prompt descriptions. The CLI/TUI renders those descriptions without owning
+provider-specific API key or console URLs.
+
+For `/permissions`, the SDK owns permission-mode constants, subcommand descriptors, validation,
+state formatting, and command-host adapter access. The command module owns user-visible behavior and
+keeps permission-mode changes under `/permissions [mode]`.
+
+For `/validate-session`, the session command module calls SDK session command APIs to locate and
+validate the current JSONL session log. Hosts may override `validateCurrentSessionReplayLog()` in
+`ICommandHostContext` when they own a non-file-backed session log store.
 
 ### CommandRegistry, BuiltinCommandSource, SkillCommandSource
 
 These classes provide slash command discovery and aggregation for clients that expose a command palette or autocomplete UI.
 
 ```typescript
-import { CommandRegistry, BuiltinCommandSource, SkillCommandSource } from '@robota-sdk/agent-sdk';
+import { CommandRegistry } from '@robota-sdk/agent-sdk';
+import { createSkillsCommandModule } from '@robota-sdk/agent-command-skills';
 
 const registry = new CommandRegistry();
-registry.addSource(new BuiltinCommandSource());
-registry.addSource(new SkillCommandSource(process.cwd()));
+registry.addModule(createSkillsCommandModule({ cwd: process.cwd() }));
 
 // Get all commands (returns ICommand[])
 const commands = registry.getCommands();
@@ -210,59 +250,100 @@ const filtered = registry.getCommands('mod'); // matches "mode", "model"
 registry.resolveQualifiedName('audit'); // "my-plugin:audit"
 ```
 
-`SkillCommandSource` discovers skills from (highest priority first):
+`SkillCommandSource` is the SDK common API used by the skills command module. It discovers skills from (highest priority first):
 
 - `<cwd>/.claude/skills/*/SKILL.md`
 - `<cwd>/.claude/commands/*.md` (Claude Code compatible)
 - `~/.robota/skills/*/SKILL.md`
 - `<cwd>/.agents/skills/*/SKILL.md`
 
-### query()
+Model-invocable skills are exposed to the model as metadata only when the session has a composed
+model-invocable `skills` command descriptor. `@robota-sdk/agent-command-skills` owns `skills` and
+activates skills through the SDK host API. Models use the SDK-projected `robota_command_skills`
+tool with skill arguments in `args`. Mentioning a skill in ordinary prose,
+recommending a skill in assistant text, or matching a natural-language phrase in SDK/TUI code does
+not activate the skill.
+
+### createQuery()
 
 ```typescript
-import { query } from '@robota-sdk/agent-sdk';
+import { createQuery } from '@robota-sdk/agent-sdk';
+import { AnthropicProvider } from '@robota-sdk/agent-provider-anthropic';
+
+const provider = new AnthropicProvider({ apiKey: process.env.ANTHROPIC_API_KEY });
+const query = createQuery({ provider });
 
 const response = await query('Show me the file list');
 
-const response = await query('Analyze the code', {
+const queryWithOptions = createQuery({
+  provider,
   cwd: '/path/to/project',
   permissionMode: 'acceptEdits',
   maxTurns: 10,
-  autoCompactThreshold: 0.75,
   onTextDelta: (delta) => process.stdout.write(delta),
-  onCompact: () => console.log('Context compacted'),
 });
-```
-
-### createSession()
 
-```typescript
-import { createSession, loadConfig, loadContext, detectProject } from '@robota-sdk/agent-sdk';
+const detailedResponse = await queryWithOptions('Analyze the code');
+```
 
-const [config, context, projectInfo] = await Promise.all([
-  loadConfig(cwd),
-  loadContext(cwd),
-  detectProject(cwd),
-]);
+### Session Assembly
 
-const session = createSession({ config, context, terminal, projectInfo, permissionMode });
-const response = await session.run('Hello');
-```
+`createSession()`, `loadConfig()`, `loadContext()`, and `detectProject()` are internal SDK assembly
+details. Use `InteractiveSession` for event-driven sessions or `createQuery()` for prompt-only
+one-shot calls.
 
 ### Built-in Tools
 
-`@robota-sdk/agent-sdk` re-exports 6 of the 8 built-in tools from `@robota-sdk/agent-tools`:
+`@robota-sdk/agent-sdk` assembles built-in tools for SDK sessions, but direct tool usage imports
+from the owner package:
 
 ```typescript
-import { bashTool, readTool, writeTool, editTool, globTool, grepTool } from '@robota-sdk/agent-sdk';
+import {
+  bashTool,
+  editTool,
+  globTool,
+  grepTool,
+  readTool,
+  webFetchTool,
+  webSearchTool,
+  writeTool,
+} from '@robota-sdk/agent-tools';
 ```
 
-`webFetchTool` and `webSearchTool` are **not** re-exported from `@robota-sdk/agent-sdk`. Import them directly from the owning package:
+### Sandbox Execution
+
+SDK sessions can receive a provider-neutral sandbox client. When provided, Bash, Read, Write, and Edit use the sandbox execution plane instead of the host process/filesystem:
 
 ```typescript
-import { webFetchTool, webSearchTool } from '@robota-sdk/agent-tools';
+import { InteractiveSession } from '@robota-sdk/agent-sdk';
+import { AnthropicProvider } from '@robota-sdk/agent-provider-anthropic';
+import { E2BSandboxClient } from '@robota-sdk/agent-tools';
+import type { IWorkspaceManifest } from '@robota-sdk/agent-tools';
+import { Sandbox } from 'e2b';
+
+const provider = new AnthropicProvider({ apiKey: process.env.ANTHROPIC_API_KEY });
+const sandbox = await Sandbox.create();
+const workspaceManifest: IWorkspaceManifest = {
+  entries: {
+    'task.md': { type: 'file', content: 'Review this repository.\n' },
+    repo: { type: 'gitRepo', url: 'https://github.com/example/project.git', ref: 'main' },
+    output: { type: 'dir' },
+  },
+};
+
+const session = new InteractiveSession({
+  cwd: process.cwd(),
+  provider,
+  sandboxClient: new E2BSandboxClient({ sandbox }),
+  workspaceManifest,
+  reversibleExecution: { mode: 'local-first' },
+});
 ```
 
+`E2BSandboxClient` is a structural adapter owned by `agent-tools`, and it does not make `e2b` a dependency of `agent-sdk`. Install and create the concrete provider SDK in the application layer, then pass the adapter into `InteractiveSession`. `workspaceManifest` also uses the `agent-tools` contract; SDK applies it once before constructing the underlying `Session`.
+
+When `sessionStore` and a snapshot-capable `sandboxClient` are both provided, `InteractiveSession.shutdown()` stores `sandboxSnapshotId` in the session record. A later non-fork `resumeSessionId` restore calls `sandboxClient.restore(snapshotId)` before saved messages are injected back into the `Session`. Forked sessions intentionally do not hydrate the previous sandbox reference because provider pause/resume references can be one-to-one.
+
 ## Subagent Sessions
 
 `createSubagentSession()` creates an isolated child session for delegating subtasks. The subagent receives pre-resolved config and context from the parent — it does not load config files or context from disk. Callers may provide a stable `sessionId` and `sessionLogger` so the child session writes a durable transcript.
@@ -288,7 +369,13 @@ Built-in agents: `general-purpose` (full tool access), `Explore` (read-only, Hai
 
 `createAgentTool()` wraps subagent creation into a tool the AI can invoke directly. The parent session's hooks, permissions, and context are forwarded to the child.
 
-Background subagent lifecycle events are persisted through `InteractiveSession` when a `SessionStore` is configured. Streaming chunks are written to append-only JSONL logs/transcripts rather than rewriting the main session JSON per token.
+Background subagent lifecycle events are persisted through `InteractiveSession` when an SDK session persistence facade is configured. Streaming chunks are written to append-only JSONL logs/transcripts rather than rewriting the main session JSON per token.
+
+## Replay-Grade Session Events
+
+`Session.run()` forwards core execution events through the session logger. Current events include provider request envelopes, provider-native raw request/response/stream payloads, provider-normalized responses, assistant message commits, tool batch starts, tool execution requests, and tool execution results.
+
+Provider-native payload events are emitted by concrete provider packages through `IChatOptions.onProviderNativeRawPayload`, then redacted and externalized by the session logger before they are written to disk. The SDK exposes session command APIs so command modules such as `/validate-session` can validate replay coverage without adding file-log logic to CLI/TUI hosts.
 
 ## Hook Executors (SDK-Specific)
 
@@ -372,7 +459,7 @@ Settings are merged from lowest to highest priority:
 }
 ```
 
-`currentProvider` selects the active entry from `providers`. Qwen Model Studio profiles use `type: "qwen"` with the documented DashScope OpenAI-compatible `baseURL`. Gemma-family local models should use a `type: "gemma"` profile so provider-specific stream projection is applied. The resolved SDK config normalizes the active profile into `provider.name`, `provider.model`, `provider.apiKey`, optional `provider.baseURL`, and optional `provider.timeout`. The legacy `provider` object remains supported when `currentProvider` is not configured.
+`currentProvider` selects the active entry from `providers`. Qwen Model Studio profiles use `type: "qwen"` with the documented DashScope OpenAI-compatible `baseURL`. DeepSeek API profiles use `type: "deepseek"` with the documented DeepSeek OpenAI-compatible `baseURL`. Gemma-family local models should use a `type: "gemma"` profile so provider-specific stream projection is applied. The resolved SDK config normalizes the active profile into `provider.name`, `provider.model`, `provider.apiKey`, optional `provider.baseURL`, and optional `provider.timeout`. The legacy `provider` object remains supported when `currentProvider` is not configured.
 
 ## Permission Modes