@tangle-network/agent-app 0.13.0 → 0.15.0

package/dist/index.d.ts

@@ -1,10 +1,10 @@
-export { AppToolRuntimeExecutor, CapabilityTokenOptions, DispatchOptions, ExpiringCapabilityTokenOptions, HandleToolRequestOptions, RuntimeExecutorOptions, ToolInputError, createAppToolRuntimeExecutor, createCapabilityToken, createExpiringCapabilityToken, dispatchAppTool, handleAppToolRequest, outcomeStatus, verifyCapabilityToken, verifyExpiringCapabilityToken } from './tools/index.js';
-export { A as APP_TOOL_NAMES, a as AppToolMcpServer, b as AppToolName, c as AuthenticateOptions, B as BuildHttpMcpServerOptions, d as BuildMcpServerOptions, D as DEFAULT_APP_TOOL_PATHS, e as DEFAULT_HEADER_NAMES, O as OpenAIFunctionTool, T as ToolAuthResult, f as ToolHeaderNames, g as authenticateToolRequest, h as buildAppToolMcpServer, i as buildAppToolOpenAITools, j as buildHttpMcpServer, k as isAppToolName, r as readToolArgs } from './mcp-CIupfjxV.js';
+export { AppToolRuntimeExecutor, CapabilityTokenOptions, DispatchOptions, ExpiringCapabilityTokenOptions, HandleToolRequestOptions, ResolveToolCapabilitiesOptions, ResolvedToolCapabilities, RuntimeExecutorOptions, ToolCapability, ToolInputError, createAppToolRuntimeExecutor, createCapabilityToken, createExpiringCapabilityToken, dispatchAppTool, handleAppToolRequest, outcomeStatus, resolveToolCapabilities, restrictTaxonomy, verifyCapabilityToken, verifyExpiringCapabilityToken } from './tools/index.js';
+export { A as APP_TOOL_NAMES, a as AppToolMcpServer, b as AppToolName, c as AuthenticateOptions, B as BuildHttpMcpServerOptions, d as BuildMcpServerOptions, D as DEFAULT_APP_TOOL_PATHS, e as DEFAULT_HEADER_NAMES, O as OpenAIFunctionTool, T as ToolAuthResult, f as ToolHeaderNames, g as authenticateToolRequest, h as buildAppToolMcpServer, i as buildAppToolOpenAITools, j as buildHttpMcpServer, k as isAppToolName, r as readToolArgs } from './mcp-eZCmkgCF.js';
 export { C as CreateMcpToolHandlerOptions, M as MCP_PROTOCOL_VERSIONS, a as McpProtocolVersion, b as McpServerInfo, c as McpToolDefinition, d as createMcpToolHandler } from './mcp-rpc-DLw_r9PQ.js';
-export { A as AddCitationArgs, a as AddCitationResult, b as AppToolContext, c as AppToolHandlers, d as AppToolOutcome, e as AppToolProducedEvent, f as AppToolTaxonomy, R as RenderUiArgs, g as RenderUiResult, S as ScheduleFollowupArgs, h as ScheduleFollowupResult, i as SubmitProposalArgs, j as SubmitProposalResult } from './types-By4B3K37.js';
+export { A as AddCitationArgs, a as AddCitationResult, b as AppToolContext, c as AppToolHandlers, d as AppToolOutcome, e as AppToolProducedEvent, f as AppToolTaxonomy, R as RenderUiArgs, g as RenderUiResult, S as ScheduleFollowupArgs, h as ScheduleFollowupResult, i as SubmitProposalArgs, j as SubmitProposalResult } from './types-2rOJo8Hc.js';
 export { BuildDelegationOptions, DELEGATION_MCP_SERVER_KEY, DELEGATION_TOOLS, DelegationMcpServer, buildDelegationMcpServer, delegationMcpForConfig } from './delegation/index.js';
 export { BrokerToken, BrokerTokenMinter, BrokerTokenProvider, BrokerTokenProviderOptions, ConsentUrlInput, buildConsentUrl, createBrokerTokenProvider } from './tangle/index.js';
-export { AgentRuntime, AgentRuntimeModelConfig, AgentTurnOptions, AnySurfaceKind, AppToolLoopOptions, CreateAgentRuntimeOptions, LoopAssistantToolCall, LoopEvent, LoopMessage, LoopToolCall, OpenAICompatStreamTurnOptions, OpenAIStreamChunk, StreamAppToolLoopOptions, StreamLoopYield, SurfaceKindDefinition, SurfaceMcpServer, SurfaceMergeBase, SurfaceOverlay, SurfacePermissionValue, SurfaceRegistry, ToolLoopResult, ToolLoopStopReason, createAgentRuntime, createOpenAICompatStreamTurn, createSurfaceRegistry, defineSurfaceKind, mergeSurfaceOverlay, runAppToolLoop, streamAppToolLoop, toLoopEvents } from './runtime/index.js';
+export { AgentRuntime, AgentRuntimeModelConfig, AgentTurnOptions, AnySurfaceKind, CreateAgentRuntimeOptions, LoopEvent, OpenAICompatStreamTurnOptions, OpenAIStreamChunk, SurfaceKindDefinition, SurfaceMcpServer, SurfaceMergeBase, SurfaceOverlay, SurfacePermissionValue, SurfaceRegistry, createAgentRuntime, createOpenAICompatStreamTurn, createSurfaceRegistry, defineSurfaceKind, mergeSurfaceOverlay, toLoopEvents } from './runtime/index.js';
 export { createTokenRecallChecker, producedFromToolEvents } from './eval/index.js';
 export { KnowledgeRequirementSpec, KnowledgeSignal, KnowledgeStateAccessor, SatisfiedByRule, buildKnowledgeRequirements, deriveSignals } from './knowledge/index.js';
 export { CreateKnowledgeLoopDeps, KnowledgeCandidate, KnowledgeDecider, KnowledgeDeciderInput, KnowledgeDecision, KnowledgeGateVerdict, KnowledgeLoop, KnowledgeLoopDriver, createKnowledgeLoop, createReviewerDecider, reviewCandidate } from './knowledge-loop/index.js';
@@ -28,6 +28,7 @@ export { B as Bounds, E as EllipseElement, G as GroupElement, I as ImageElement,
 export { A as AddElementOperation, a as AddPageOperation, b as ApplyDataOperation, B as BindSlotOperation, C as CHANNEL_PRESETS, c as ChannelPreset, d as ChannelPresetId, e as ChannelScaleResult, D as DeleteElementOperation, f as DeletePageOperation, g as DuplicatePageOperation, E as EXPORT_PRESETS, h as ExportCropRect, i as ExportFormat, j as ExportPreset, G as GroupElementsOperation, R as ReorderElementOperation, k as ReorderPageOperation, S as SCENE_OPERATION_TYPES, l as SIZE_PRESETS, m as SceneAttrsPatch, n as SceneOperation, o as SceneOperationType, p as ScenePlan, q as SetAttrsOperation, r as SetDocumentTitleOperation, s as SetPageGuidesOperation, t as SetPagePropsOperation, u as SizePreset, U as UngroupElementOperation, v as bleedAwareExportBounds, w as bleedAwareExportRect, x as findPreset, y as matchPreset, z as requireChannelPreset, F as scaleForPreset, H as scalePageForChannelPreset } from './export-presets-Dl5Aa5xj.js';
 export { N as NewSceneDecision, S as SceneDecision, a as SceneDocumentRecord, b as SceneExportFormat, c as SceneExportRecord, d as SceneStore, e as SceneStoreScope } from './store-CUStmtdH.js';
 export { ApplySceneOptions, BuildDesignCanvasMcpServerEntryOptions, CANVAS_ELEMENT_KINDS, CANVAS_MCP_TOOLS, CANVAS_MCP_TOOL_NAMES, CreateDesignCanvasMcpHandlerOptions, DEFAULT_DESIGN_CANVAS_MCP_DESCRIPTION, DesignCanvasMcpServerInfo, DesignCanvasMcpToolEnv, InstantiateOptions, SceneApplyResult, SlotFillKind, TemplateSlot, applyBindingsToDocument, applySceneOperation, applySceneOperations, buildDesignCanvasMcpServerEntry, createDesignCanvasMcpHandler, findCanvasMcpTool, instantiateTemplate, listTemplateSlots, storeApplyScenePlan, validateBindings, validateSceneOperation, validateSceneOperations, validateSlotValue } from './design-canvas/index.js';
+export { RunToolLoopOptions as AppToolLoopOptions, ToolLoopAssistantToolCall as LoopAssistantToolCall, ToolLoopMessage as LoopMessage, ToolLoopCall as LoopToolCall, StreamToolLoopOptions as StreamAppToolLoopOptions, StreamToolLoopYield as StreamLoopYield, ToolLoopEvent, ToolLoopResult, ToolLoopStopReason, runToolLoop as runAppToolLoop, streamToolLoop as streamAppToolLoop } from '@tangle-network/agent-runtime';
 export { C as CatalogModel, M as ModelCatalog, R as RouterModel, _ as __resetCatalogCache, b as buildCatalog, f as fetchModelCatalog, n as normalizeModelId } from './model-catalog-BEAEVDaa.js';
 export { CompletionRequirement, CompletionVerdict, CorrectnessChecker, ProducedState, RuntimeEventLike, SatisfiedBy, TaskGold, createLlmCorrectnessChecker, extractProducedState, verifyCompletion, weightedComposite } from '@tangle-network/agent-eval';
 export { C as CreateTangleRouterModelConfigOptions, D as DEFAULT_TANGLE_BILLING_ENFORCEMENT_ENV_VAR, a as DEFAULT_TANGLE_ROUTER_BASE_URL, R as ResolveModelOptions, b as ResolveUserTangleExecutionKeyForUserOptions, c as ResolveUserTangleExecutionKeyOptions, d as ResolvedTangleExecutionKey, T as TangleBillingEnforcementOptions, e as TangleExecutionEnvironment, f as TangleExecutionKeyError, g as TangleExecutionKeyErrorCode, h as TangleExecutionKeyHttpError, i as TangleExecutionKeySource, j as TangleModelConfig, k as createTangleRouterModelConfig, l as isTangleBillingEnforcementDisabled, m as isTangleExecutionKeyError, r as resolveTangleExecutionEnvironment, n as resolveTangleModelConfig, o as resolveUserTangleExecutionKey, p as resolveUserTangleExecutionKeyForUser, t as tangleExecutionKeyHttpError } from './model-CKzniMMr.js';

package/dist/index.js

@@ -245,9 +245,11 @@ import {
   createCapabilityToken,
   createExpiringCapabilityToken,
   handleAppToolRequest,
+  resolveToolCapabilities,
+  restrictTaxonomy,
   verifyCapabilityToken,
   verifyExpiringCapabilityToken
-} from "./chunk-ABGSFUJQ.js";
+} from "./chunk-MH6AVXQ7.js";
 import {
   DEFAULT_APP_TOOL_PATHS,
   DEFAULT_HEADER_NAMES,
@@ -278,10 +280,10 @@ import {
   fetchModelCatalog,
   mergeSurfaceOverlay,
   normalizeModelId,
-  runAppToolLoop,
-  streamAppToolLoop,
+  runToolLoop,
+  streamToolLoop,
   toLoopEvents
-} from "./chunk-ETX4O4BB.js";
+} from "./chunk-HD4NFA4U.js";
 import {
   DEFAULT_TANGLE_BILLING_ENFORCEMENT_ENV_VAR,
   DEFAULT_TANGLE_ROUTER_BASE_URL,
@@ -303,7 +305,7 @@ import {
   dispatchAppTool,
   isAppToolName,
   outcomeStatus
-} from "./chunk-QAQBR6KQ.js";
+} from "./chunk-JZZ6AWF4.js";
 import {
   createLlmCorrectnessChecker,
   createTokenRecallChecker,
@@ -311,7 +313,7 @@ import {
   producedFromToolEvents,
   verifyCompletion,
   weightedComposite
-} from "./chunk-4NXVI7PW.js";
+} from "./chunk-FA4XR66Y.js";
 import {
   buildKnowledgeRequirements,
   deriveSignals
@@ -535,13 +537,15 @@ export {
   resolveSessionHarness,
   resolveTangleExecutionEnvironment,
   resolveTangleModelConfig,
+  resolveToolCapabilities,
   resolveToolId,
   resolveToolName,
   resolveUserTangleExecutionKey,
   resolveUserTangleExecutionKeyForUser,
+  restrictTaxonomy,
   revealSpan,
   reviewCandidate,
-  runAppToolLoop,
+  runToolLoop as runAppToolLoop,
   safeParseAssetSpec,
   scaleForPreset,
   scalePageForChannelPreset,
@@ -552,7 +556,7 @@ export {
   stepAgentActivity,
   stepGateProposalId,
   storeApplyScenePlan,
-  streamAppToolLoop,
+  streamToolLoop as streamAppToolLoop,
   summarize,
   tangleExecutionKeyHttpError,
   timedEventsFromLines,

package/dist/{mcp-CIupfjxV.d.ts → mcp-eZCmkgCF.d.ts}

@@ -1,4 +1,4 @@
-import { f as AppToolTaxonomy, b as AppToolContext } from './types-By4B3K37.js';
+import { f as AppToolTaxonomy, b as AppToolContext } from './types-2rOJo8Hc.js';
 
 /** The four canonical app-tool names. Stable identifiers the model calls in
  *  both the sandbox (MCP server name) and runtime (function-tool name) paths. */

package/dist/preset-cloudflare/index.d.ts

@@ -1,6 +1,6 @@
 import { KeyProvisioner, KeyCrypto, WorkspaceKeyManager, WorkspaceKeyStore } from '../billing/index.js';
 import { KnowledgeStateAccessor } from '../knowledge/index.js';
-import { c as AppToolHandlers } from '../types-By4B3K37.js';
+import { c as AppToolHandlers } from '../types-2rOJo8Hc.js';
 import { KvLike } from '../web/index.js';
 import '@tangle-network/agent-eval';
 

package/dist/runtime/index.d.ts

@@ -1,7 +1,10 @@
+import * as _tangle_network_agent_runtime from '@tangle-network/agent-runtime';
+import { ToolLoopMessage, ToolLoopResult, StreamToolLoopYield, ToolLoopCall } from '@tangle-network/agent-runtime';
+export { RunToolLoopOptions as AppToolLoopOptions, ToolLoopAssistantToolCall as LoopAssistantToolCall, ToolLoopMessage as LoopMessage, ToolLoopCall as LoopToolCall, StreamToolLoopOptions as StreamAppToolLoopOptions, StreamToolLoopYield as StreamLoopYield, ToolLoopEvent, ToolLoopResult, ToolLoopStopReason, runToolLoop as runAppToolLoop, streamToolLoop as streamAppToolLoop } from '@tangle-network/agent-runtime';
 export { C as CatalogModel, M as ModelCatalog, R as RouterModel, _ as __resetCatalogCache, b as buildCatalog, f as fetchModelCatalog, n as normalizeModelId } from '../model-catalog-BEAEVDaa.js';
 export { C as CreateTangleRouterModelConfigOptions, D as DEFAULT_TANGLE_BILLING_ENFORCEMENT_ENV_VAR, a as DEFAULT_TANGLE_ROUTER_BASE_URL, R as ResolveModelOptions, b as ResolveUserTangleExecutionKeyForUserOptions, c as ResolveUserTangleExecutionKeyOptions, d as ResolvedTangleExecutionKey, T as TangleBillingEnforcementOptions, e as TangleExecutionEnvironment, f as TangleExecutionKeyError, g as TangleExecutionKeyErrorCode, h as TangleExecutionKeyHttpError, i as TangleExecutionKeySource, j as TangleModelConfig, k as createTangleRouterModelConfig, l as isTangleBillingEnforcementDisabled, m as isTangleExecutionKeyError, r as resolveTangleExecutionEnvironment, n as resolveTangleModelConfig, o as resolveUserTangleExecutionKey, p as resolveUserTangleExecutionKeyForUser, t as tangleExecutionKeyHttpError } from '../model-CKzniMMr.js';
-import { b as AppToolContext, e as AppToolProducedEvent, f as AppToolTaxonomy, c as AppToolHandlers, d as AppToolOutcome } from '../types-By4B3K37.js';
-import { a as AppToolMcpServer } from '../mcp-CIupfjxV.js';
+import { b as AppToolContext, e as AppToolProducedEvent, f as AppToolTaxonomy, c as AppToolHandlers, d as AppToolOutcome } from '../types-2rOJo8Hc.js';
+import { a as AppToolMcpServer } from '../mcp-eZCmkgCF.js';
 
 /**
  * OpenAI-compatible stream → `LoopEvent` adapter, for NON-sandbox copilots.
@@ -75,7 +78,7 @@ interface OpenAICompatStreamTurnOptions {
  *   const cfg = resolveTangleModelConfig()                 // or { baseUrl, apiKey, model }
  *   streamAppToolLoop({ streamTurn: createOpenAICompatStreamTurn({ ...cfg, tools }), executeToolCall, ... })
  */
-declare function createOpenAICompatStreamTurn(opts: OpenAICompatStreamTurnOptions): (messages: LoopMessage[]) => AsyncIterable<LoopEvent>;
+declare function createOpenAICompatStreamTurn(opts: OpenAICompatStreamTurnOptions): (messages: ToolLoopMessage[]) => AsyncIterable<LoopEvent>;
 
 /**
  * `createAgentRuntime` — the in-process agent core, assembled.
@@ -138,7 +141,7 @@ interface CreateAgentRuntimeOptions {
     extraTools?: unknown[];
     /** Execute a tool that is NOT one of the four app tools (e.g. an integration
      *  action). Only consulted for names {@link isOtherExecutableTool} accepts. */
-    executeOtherTool?: (call: LoopToolCall, ctx: AppToolContext) => Promise<AppToolOutcome>;
+    executeOtherTool?: (call: ToolLoopCall, ctx: AppToolContext) => Promise<AppToolOutcome>;
     /** Which non-app tool names are executable here. Required if {@link executeOtherTool} is set. */
     isOtherExecutableTool?: (toolName: string) => boolean;
 }
@@ -161,7 +164,7 @@ interface AgentRuntime {
     run(userMessage: string, turn: AgentTurnOptions): Promise<ToolLoopResult>;
     /** Stream the bounded tool loop: yields each raw model event and each executed
      *  tool result as it happens (for SSE re-emission + telemetry). */
-    stream(userMessage: string, turn: AgentTurnOptions): AsyncGenerator<StreamLoopYield<LoopEvent>, void, unknown>;
+    stream(userMessage: string, turn: AgentTurnOptions): AsyncGenerator<StreamToolLoopYield<LoopEvent>, void, unknown>;
 }
 /**
  * Create an in-process agent runtime for one agent. See the module doc for the
@@ -277,46 +280,17 @@ interface SurfaceMergeBase {
  */
 declare function mergeSurfaceOverlay<TBase extends SurfaceMergeBase>(base: TBase, overlay: SurfaceOverlay): TBase & SurfaceMergeBase;
 
-interface LoopToolCall {
-    toolCallId?: string;
-    toolName: string;
-    args: Record<string, unknown>;
-}
-/** One OpenAI-shaped tool-call entry on an assistant message. */
-interface LoopAssistantToolCall {
-    id: string;
-    type: 'function';
-    function: {
-        name: string;
-        arguments: string;
-    };
-}
 /**
- * A message in the running conversation the loop sends to `streamTurn`.
- *
- * The base `{ role, content }` covers `system` / `user` / plain `assistant`
- * turns. Two optional fields carry the OpenAI function-calling contract so the
- * model reads its own tool use back correctly instead of re-issuing it:
+ * Events the app's OpenAI-compat stream adapter ({@link toLoopEvents}) yields.
  *
- *   - an assistant turn that emitted tool calls carries `tool_calls`, and its
- *     `content` is `null` when the turn was tool-only;
- *   - each tool result is its own `{ role: 'tool', tool_call_id, content }`
- *     message keyed to the call that produced it.
- *
- * Widening is additive: a `streamTurn` that reads only `role` + `content` still
- * works; one that forwards the whole message to an OpenAI-compatible endpoint
- * now gets correct tool history. */
-interface LoopMessage {
-    role: string;
-    content: string | null;
-    tool_calls?: LoopAssistantToolCall[];
-    tool_call_id?: string;
-}
-/** Events a turn stream yields. `text` accumulates into the final answer;
- *  `tool_call` is collected for dispatch; `reasoning` and `usage` pass through
- *  for UIs that render thinking sections and per-message token/cost metrics.
- *  Extra event types pass through untouched (the caller re-emits them to its
- *  own UI stream). */
+ * This is the app's own `Raw` event type for the streaming loop — the canonical
+ * `streamToolLoop<Raw>` is generic over it. It widens the substrate's
+ * tool-loop event with `reasoning` (DeepSeek/router `reasoning_content` /
+ * `thinking` deltas, rendered as thinking sections) and `usage` (per-message
+ * token accounting) — neither belongs in the substrate's loop contract, so they
+ * stay here. The adapter maps each into the `streamTurn` seam; `text` and
+ * `tool_call` drive the loop, `reasoning` / `usage` pass through to the UI.
+ */
 type LoopEvent = {
     type: 'text';
     text: string;
@@ -325,7 +299,7 @@ type LoopEvent = {
     text: string;
 } | {
     type: 'tool_call';
-    call: LoopToolCall;
+    call: _tangle_network_agent_runtime.ToolLoopCall;
 } | {
     type: 'usage';
     usage: {
@@ -336,121 +310,5 @@ type LoopEvent = {
     type: 'other';
     event: unknown;
 };
-/** Why the loop stopped. `completed` = model finished naturally; `stuck-loop` =
- *  ≥3 consecutive identical tool calls (same tool + args); `backstop` = hit the
- *  runaway-backstop cap (200 by default); `deadline` = wall-clock deadlineMs
- *  exceeded; `budget` = maxCostUsd exhausted. Non-`completed` stops are infra /
- *  resource outcomes — eval scoring must distinguish them from capability failure. */
-type ToolLoopStopReason = 'completed' | 'stuck-loop' | 'backstop' | 'deadline' | 'budget';
-interface ToolLoopResult {
-    /** The model's final text across the loop. */
-    finalText: string;
-    /** Every tool call executed, with its outcome, in order. */
-    toolResults: Array<{
-        call: LoopToolCall;
-        label: string;
-        outcome: AppToolOutcome;
-    }>;
-    /** Number of model turns run (1 + tool-driven re-runs). */
-    turns: number;
-    /** Why the loop stopped. */
-    stopReason: ToolLoopStopReason;
-    /** @deprecated Use `stopReason !== 'completed'` instead. */
-    cappedOut: boolean;
-}
-interface AppToolLoopOptions {
-    systemPrompt: string;
-    userMessage: string;
-    priorMessages?: Array<{
-        role: string;
-        content: string;
-    }>;
-    /** Stream one model turn over the running message list. The app wraps its
-     *  backend here. Messages follow {@link LoopMessage}: a tool-calling assistant
-     *  turn carries `tool_calls`, and each tool result is a `role: 'tool'` message.
-     *  A backend that reads only `role` + `content` is unaffected. */
-    streamTurn: (messages: LoopMessage[]) => AsyncIterable<LoopEvent>;
-    /** Execute one tool call. The app routes to its integration executor / app-tool
-     *  executor and returns the outcome. */
-    executeToolCall: (call: LoopToolCall) => Promise<AppToolOutcome>;
-    /** Which emitted tool names are executable (others are ignored — e.g. a UI-only
-     *  tool the app renders but doesn't run here). */
-    isExecutableTool: (toolName: string) => boolean;
-    /** Runaway-backstop cap. Default 200 — set far above any legitimate workflow.
-     *  For per-workflow limits use `maxCostUsd` or `deadlineMs` instead. */
-    maxToolTurns?: number;
-    /** Wall-clock deadline in ms since epoch (Date.now()-based). When exceeded the
-     *  loop stops with stopReason `deadline`. */
-    deadlineMs?: number;
-    /** Maximum total cost in USD. Requires `costOf` to meter each tool call. */
-    maxCostUsd?: number;
-    /** Return the USD cost of one outcome. Required for `maxCostUsd` to work. */
-    costOf?: (call: LoopToolCall, outcome: AppToolOutcome) => number;
-    /** Render one tool outcome as the `content` of its `role: 'tool'` message.
-     *  Default is a compact `<label> → ok/failed: …`. */
-    renderResult?: (label: string, outcome: AppToolOutcome) => string;
-    /** Map a tool call to the label its result is keyed under (default: toolName). */
-    labelFor?: (call: LoopToolCall) => string;
-}
-/**
- * Run the bounded tool loop and return the final text + every executed tool
- * outcome. Yields nothing — it's an awaitable driver; callers that need to
- * re-emit events to a UI stream should do so inside `streamTurn`. (A streaming
- * variant can wrap this later; keeping the core awaitable makes it trivially
- * testable.)
- */
-declare function runAppToolLoop(opts: AppToolLoopOptions): Promise<ToolLoopResult>;
-type StreamLoopYield<Raw> = {
-    kind: 'event';
-    event: Raw;
-} | {
-    kind: 'tool_result';
-    toolName: string;
-    toolCallId?: string;
-    label: string;
-    outcome: AppToolOutcome;
-} | {
-    kind: 'capped';
-    pending: number;
-    stopReason: Exclude<ToolLoopStopReason, 'completed'>;
-};
-interface StreamAppToolLoopOptions<Raw> {
-    systemPrompt: string;
-    userMessage: string;
-    priorMessages?: Array<{
-        role: string;
-        content: string;
-    }>;
-    /** Stream one model turn (the app wraps its backend / runAgentTaskStream).
-     *  Messages follow {@link LoopMessage}: a tool-calling assistant turn carries
-     *  `tool_calls`, and each tool result is a `role: 'tool'` message. */
-    streamTurn: (messages: LoopMessage[]) => AsyncIterable<Raw>;
-    /** Text contribution of a raw event, '' if none — used to record the
-     *  assistant's turn so the next turn has its context. */
-    extractText: (event: Raw) => string;
-    /** The tool call a raw event represents, or null. */
-    extractToolCall: (event: Raw) => LoopToolCall | null;
-    /** Which tool names are executable here (others pass through, unexecuted). */
-    isExecutableTool: (toolName: string) => boolean;
-    /** Execute one call — the app routes to its integration / app-tool executor. */
-    executeToolCall: (call: LoopToolCall) => Promise<AppToolOutcome>;
-    /** Runaway-backstop cap. Default 200 — set far above any legitimate workflow. */
-    maxToolTurns?: number;
-    /** Wall-clock deadline in ms since epoch (Date.now()-based). */
-    deadlineMs?: number;
-    /** Maximum total cost in USD. Requires `costOf` to meter each tool call. */
-    maxCostUsd?: number;
-    /** Return the USD cost of one outcome. Required for `maxCostUsd` to work. */
-    costOf?: (call: LoopToolCall, outcome: AppToolOutcome) => number;
-    renderResult?: (label: string, outcome: AppToolOutcome) => string;
-    labelFor?: (call: LoopToolCall) => string;
-}
-/**
- * The streaming bounded tool loop. Yields `event` for each raw turn event and
- * `tool_result` for each executed tool; emits a single `capped` (with stopReason)
- * when it stops for any non-completed reason. The app drives telemetry + UI
- * emission off the yielded items.
- */
-declare function streamAppToolLoop<Raw>(opts: StreamAppToolLoopOptions<Raw>): AsyncGenerator<StreamLoopYield<Raw>, void, unknown>;
 
-export { type AgentRuntime, type AgentRuntimeModelConfig, type AgentTurnOptions, type AnySurfaceKind, type AppToolLoopOptions, type CreateAgentRuntimeOptions, type LoopAssistantToolCall, type LoopEvent, type LoopMessage, type LoopToolCall, type OpenAICompatStreamTurnOptions, type OpenAIStreamChunk, type StreamAppToolLoopOptions, type StreamLoopYield, type SurfaceKindDefinition, type SurfaceMcpServer, type SurfaceMergeBase, type SurfaceOverlay, type SurfacePermissionValue, type SurfaceRegistry, type ToolLoopResult, type ToolLoopStopReason, createAgentRuntime, createOpenAICompatStreamTurn, createSurfaceRegistry, defineSurfaceKind, mergeSurfaceOverlay, runAppToolLoop, streamAppToolLoop, toLoopEvents };
+export { type AgentRuntime, type AgentRuntimeModelConfig, type AgentTurnOptions, type AnySurfaceKind, type CreateAgentRuntimeOptions, type LoopEvent, type OpenAICompatStreamTurnOptions, type OpenAIStreamChunk, type SurfaceKindDefinition, type SurfaceMcpServer, type SurfaceMergeBase, type SurfaceOverlay, type SurfacePermissionValue, type SurfaceRegistry, createAgentRuntime, createOpenAICompatStreamTurn, createSurfaceRegistry, defineSurfaceKind, mergeSurfaceOverlay, toLoopEvents };

package/dist/runtime/index.js

@@ -8,10 +8,10 @@ import {
   fetchModelCatalog,
   mergeSurfaceOverlay,
   normalizeModelId,
-  runAppToolLoop,
-  streamAppToolLoop,
+  runToolLoop,
+  streamToolLoop,
   toLoopEvents
-} from "../chunk-ETX4O4BB.js";
+} from "../chunk-HD4NFA4U.js";
 import {
   DEFAULT_TANGLE_BILLING_ENFORCEMENT_ENV_VAR,
   DEFAULT_TANGLE_ROUTER_BASE_URL,
@@ -25,7 +25,7 @@ import {
   resolveUserTangleExecutionKeyForUser,
   tangleExecutionKeyHttpError
 } from "../chunk-EHPK7GKR.js";
-import "../chunk-QAQBR6KQ.js";
+import "../chunk-JZZ6AWF4.js";
 export {
   DEFAULT_TANGLE_BILLING_ENFORCEMENT_ENV_VAR,
   DEFAULT_TANGLE_ROUTER_BASE_URL,
@@ -46,8 +46,8 @@ export {
   resolveTangleModelConfig,
   resolveUserTangleExecutionKey,
   resolveUserTangleExecutionKeyForUser,
-  runAppToolLoop,
-  streamAppToolLoop,
+  runToolLoop as runAppToolLoop,
+  streamToolLoop as streamAppToolLoop,
   tangleExecutionKeyHttpError,
   toLoopEvents
 };

package/dist/sequences/index.d.ts

@@ -1,8 +1,8 @@
 import { j as SequenceMediaKind, o as SequenceTimeline, r as TimelineInterval, m as SequenceStore } from '../store-gckrNq-g.js';
 export { M as MIN_SEQUENCE_CLIP_FRAMES, N as NewSequenceClip, a as NewSequenceDecision, b as NewSequenceTrack, S as SequenceClip, c as SequenceClipMedia, d as SequenceClipPatch, e as SequenceDecision, f as SequenceExportFormat, g as SequenceExportRecord, h as SequenceExportStatus, i as SequenceFrameSnapshot, k as SequenceMeta, l as SequenceStatus, n as SequenceStoreScope, p as SequenceTrack, q as SequenceTrackKind, T as TimelineClipBounds, s as assertClipFitsSequence, t as chooseCaptionPlacement, u as clampClipDuration, v as clampClipStart, w as formatSeconds, x as formatTimecode, y as framesToSeconds, z as secondsToFrames, A as snapshotFrame, B as trackIntervals } from '../store-gckrNq-g.js';
 export { A as AddCaptionOperation, C as CaptionTargetResolution, a as CreateTrackOperation, D as DeleteClipOperation, E as ExtendSequenceOperation, M as MoveClipOperation, P as PlaceClipOperation, Q as QueueExportOperation, S as SEQUENCE_OPERATION_TYPES, b as SequenceApplyResult, c as SequenceOperation, d as SequenceOperationContext, e as SequenceOperationType, f as SequencePlan, g as SetClipDisabledOperation, h as SetClipTextOperation, i as SplitClipOperation, T as TrimClipOperation, j as applySequenceOperation, k as applySequenceOperations, l as assertSequenceMediaUrl, m as captionTrackNameForLanguage, n as lastClipEndFrame, p as parseSequenceOperations, r as resolveCaptionPlacement, o as resolveCaptionTarget, q as resolvePlaceClipTrack, v as validateAddCaption, s as validateCreateTrack, t as validateDeleteClip, u as validateExtendSequence, w as validateMoveClip, x as validatePlaceClip, y as validateQueueExport, z as validateSequenceOperation, B as validateSequenceOperations, F as validateSetClipDisabled, G as validateSetClipText, H as validateSplitClip, I as validateTrimClip } from '../apply-Cp8c3K9D.js';
-import { f as ToolHeaderNames, a as AppToolMcpServer } from '../mcp-CIupfjxV.js';
-import { b as AppToolContext } from '../types-By4B3K37.js';
+import { f as ToolHeaderNames, a as AppToolMcpServer } from '../mcp-eZCmkgCF.js';
+import { b as AppToolContext } from '../types-2rOJo8Hc.js';
 
 /**
  * Pure interchange-format builders over `SequenceTimeline` — SRT, WebVTT,

package/dist/tools/index.d.ts

@@ -1,7 +1,7 @@
-import { b as AppToolName, f as ToolHeaderNames } from '../mcp-CIupfjxV.js';
-export { A as APP_TOOL_NAMES, a as AppToolMcpServer, c as AuthenticateOptions, B as BuildHttpMcpServerOptions, d as BuildMcpServerOptions, D as DEFAULT_APP_TOOL_PATHS, e as DEFAULT_HEADER_NAMES, O as OpenAIFunctionTool, T as ToolAuthResult, g as authenticateToolRequest, h as buildAppToolMcpServer, i as buildAppToolOpenAITools, j as buildHttpMcpServer, k as isAppToolName, r as readToolArgs } from '../mcp-CIupfjxV.js';
-import { c as AppToolHandlers, f as AppToolTaxonomy, b as AppToolContext, e as AppToolProducedEvent, d as AppToolOutcome } from '../types-By4B3K37.js';
-export { A as AddCitationArgs, a as AddCitationResult, R as RenderUiArgs, g as RenderUiResult, S as ScheduleFollowupArgs, h as ScheduleFollowupResult, i as SubmitProposalArgs, j as SubmitProposalResult } from '../types-By4B3K37.js';
+import { b as AppToolName, f as ToolHeaderNames } from '../mcp-eZCmkgCF.js';
+export { A as APP_TOOL_NAMES, a as AppToolMcpServer, c as AuthenticateOptions, B as BuildHttpMcpServerOptions, d as BuildMcpServerOptions, D as DEFAULT_APP_TOOL_PATHS, e as DEFAULT_HEADER_NAMES, O as OpenAIFunctionTool, T as ToolAuthResult, g as authenticateToolRequest, h as buildAppToolMcpServer, i as buildAppToolOpenAITools, j as buildHttpMcpServer, k as isAppToolName, r as readToolArgs } from '../mcp-eZCmkgCF.js';
+import { f as AppToolTaxonomy, c as AppToolHandlers, b as AppToolContext, e as AppToolProducedEvent, d as AppToolOutcome } from '../types-2rOJo8Hc.js';
+export { A as AddCitationArgs, a as AddCitationResult, R as RenderUiArgs, g as RenderUiResult, S as ScheduleFollowupArgs, h as ScheduleFollowupResult, i as SubmitProposalArgs, j as SubmitProposalResult } from '../types-2rOJo8Hc.js';
 export { C as CreateMcpToolHandlerOptions, M as MCP_PROTOCOL_VERSIONS, a as McpProtocolVersion, b as McpServerInfo, c as McpToolDefinition, d as createMcpToolHandler } from '../mcp-rpc-DLw_r9PQ.js';
 
 /** A correctable bad-input error a tool handler throws; the HTTP layer maps it
@@ -66,6 +66,67 @@ declare function verifyExpiringCapabilityToken(subject: string, token: string, o
     now?: () => number;
 }): Promise<boolean>;
 
+/**
+ * Capability gating — compose an agent session's tool surface from a
+ * product-defined capability registry.
+ *
+ * Products that let users pick what an agent can do (a "Studio" agent with the
+ * full build toolset vs a clean "Assistant" with none) all need the same
+ * mechanics: a registry of named capabilities, each unlocking proposal types
+ * and/or named tool groups, resolved against the product's
+ * {@link AppToolTaxonomy} into the concrete tools to expose. The mechanics are
+ * generic and live here; the capability VOCABULARY (ids, labels, which
+ * proposal types, which tool groups) is the product's.
+ */
+
+/** One toggleable tool group in a product's capability registry. */
+interface ToolCapability {
+    id: string;
+    label: string;
+    description: string;
+    /** Proposal types this capability unlocks (intersected with the taxonomy,
+     *  so a capability can never widen the product's proposal surface). */
+    proposalTypes?: readonly string[];
+    /** Unlocks every taxonomy proposal type beyond the base set — the domain's
+     *  specialized long tail (risk_assessment, vuln_report, …). */
+    domainActions?: boolean;
+    /** Named product tool groups (e.g. 'sandbox', 'integrations') this
+     *  capability unlocks. The vocabulary is the product's; the resolver only
+     *  unions them. */
+    toolGroups?: readonly string[];
+}
+interface ResolveToolCapabilitiesOptions {
+    taxonomy: AppToolTaxonomy;
+    /** The product's full capability registry. */
+    capabilities: readonly ToolCapability[];
+    /** Enabled capability ids. `undefined` means full access (legacy callers
+     *  that don't send a capability set); an explicit `[]` means a pure chat
+     *  agent with no tools. Unknown ids are ignored. */
+    enabled: readonly string[] | undefined;
+    /** The shared base proposal types `domainActions` excludes. Defaults to
+     *  every type some capability names explicitly via `proposalTypes` — i.e.
+     *  "domain actions" are the taxonomy types no capability claims. */
+    baseProposalTypes?: readonly string[];
+}
+interface ResolvedToolCapabilities {
+    /** Proposal types to keep — feed to {@link restrictTaxonomy}. */
+    proposalTypes: string[];
+    /** Product tool groups to expose (deduped union across enabled caps). */
+    toolGroups: string[];
+}
+/**
+ * Resolve an enabled capability-id set against a taxonomy into the concrete
+ * tool surface. Fail-closed: only types present in the taxonomy survive, and
+ * an empty `enabled` set yields no tools at all.
+ */
+declare function resolveToolCapabilities(opts: ResolveToolCapabilitiesOptions): ResolvedToolCapabilities;
+/**
+ * Restrict a taxonomy to a subset of proposal types, intersecting the
+ * regulated subset too — the regulated label survives restriction, so a
+ * narrowed agent can never launder a regulated type into an unregulated one.
+ */
+declare function restrictTaxonomy(taxonomy: AppToolTaxonomy, allowed: readonly string[]): AppToolTaxonomy;
+
 interface DispatchOptions {
     handlers: AppToolHandlers;
     taxonomy: AppToolTaxonomy;
@@ -135,4 +196,4 @@ interface HandleToolRequestOptions extends DispatchOptions {
  */
 declare function handleAppToolRequest(request: Request, opts: HandleToolRequestOptions): Promise<Response>;
 
-export { AppToolContext, AppToolHandlers, AppToolName, AppToolOutcome, AppToolProducedEvent, type AppToolRuntimeExecutor, AppToolTaxonomy, type CapabilityTokenOptions, type DispatchOptions, type ExpiringCapabilityTokenOptions, type HandleToolRequestOptions, type RuntimeExecutorOptions, ToolHeaderNames, ToolInputError, createAppToolRuntimeExecutor, createCapabilityToken, createExpiringCapabilityToken, dispatchAppTool, handleAppToolRequest, outcomeStatus, verifyCapabilityToken, verifyExpiringCapabilityToken };
+export { AppToolContext, AppToolHandlers, AppToolName, AppToolOutcome, AppToolProducedEvent, type AppToolRuntimeExecutor, AppToolTaxonomy, type CapabilityTokenOptions, type DispatchOptions, type ExpiringCapabilityTokenOptions, type HandleToolRequestOptions, type ResolveToolCapabilitiesOptions, type ResolvedToolCapabilities, type RuntimeExecutorOptions, type ToolCapability, ToolHeaderNames, ToolInputError, createAppToolRuntimeExecutor, createCapabilityToken, createExpiringCapabilityToken, dispatchAppTool, handleAppToolRequest, outcomeStatus, resolveToolCapabilities, restrictTaxonomy, verifyCapabilityToken, verifyExpiringCapabilityToken };

package/dist/tools/index.js

@@ -2,9 +2,11 @@ import {
   createCapabilityToken,
   createExpiringCapabilityToken,
   handleAppToolRequest,
+  resolveToolCapabilities,
+  restrictTaxonomy,
   verifyCapabilityToken,
   verifyExpiringCapabilityToken
-} from "../chunk-ABGSFUJQ.js";
+} from "../chunk-MH6AVXQ7.js";
 import {
   DEFAULT_APP_TOOL_PATHS,
   DEFAULT_HEADER_NAMES,
@@ -23,7 +25,7 @@ import {
   dispatchAppTool,
   isAppToolName,
   outcomeStatus
-} from "../chunk-QAQBR6KQ.js";
+} from "../chunk-JZZ6AWF4.js";
 export {
   APP_TOOL_NAMES,
   DEFAULT_APP_TOOL_PATHS,
@@ -43,6 +45,8 @@ export {
   isAppToolName,
   outcomeStatus,
   readToolArgs,
+  resolveToolCapabilities,
+  restrictTaxonomy,
   verifyCapabilityToken,
   verifyExpiringCapabilityToken
 };

package/dist/{types-By4B3K37.d.ts → types-2rOJo8Hc.d.ts}

@@ -110,14 +110,17 @@ type AppToolProducedEvent = {
     proposalId: string;
     title: string;
     status: 'pending' | 'executed';
+    content?: string;
 } | {
     type: 'artifact';
     path: string;
     content: string;
 };
-/** Outcome of one tool dispatch — structurally compatible with the integration
- *  tool-outcome union the agent-runtime chat loop already folds into a
- *  tool_result. */
+/** Outcome of one tool dispatch — structurally identical to the agent-runtime
+ *  tool-loop's `ToolCallOutcome`, so a dispatched outcome folds straight into
+ *  the loop's `role: 'tool'` result message. Defined here (not imported) to keep
+ *  the `tools/` module substrate-free: it depends only on Web `Request`/
+ *  `Response`, never on the agent runtime. */
 type AppToolOutcome = {
     ok: true;
     result: unknown;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tangle-network/agent-app",
-  "version": "0.13.0",
+  "version": "0.15.0",
   "packageManager": "pnpm@10.33.4",
   "description": "Application-shell framework for Tangle agent products: a bounded tool loop, the structured agent\u2192app tool side channel, integration-hub client, per-workspace billing, and crypto \u2014 composed over the Tangle agent substrate through typed seams.",
   "keywords": [
@@ -192,8 +192,9 @@
     "typecheck": "tsc --noEmit"
   },
   "devDependencies": {
-    "@tangle-network/agent-eval": "^0.82.0",
+    "@tangle-network/agent-eval": "^0.83.0",
     "@tangle-network/agent-integrations": "^0.32.0",
+    "@tangle-network/agent-runtime": "^0.52.0",
     "@tangle-network/agent-knowledge": "^1.5.2",
     "@testing-library/dom": "^10.4.1",
     "@testing-library/react": "^16.3.2",
@@ -214,10 +215,10 @@
   },
   "peerDependencies": {
     "@huggingface/transformers": ">=3",
-    "@tangle-network/agent-eval": ">=0.82.0",
+    "@tangle-network/agent-eval": ">=0.83.0",
     "@tangle-network/agent-integrations": ">=0.32.0",
     "@tangle-network/agent-knowledge": ">=1.5.0",
-    "@tangle-network/agent-runtime": ">=0.21.0",
+    "@tangle-network/agent-runtime": ">=0.52.0",
     "drizzle-orm": ">=0.36",
     "react": ">=18",
     "konva": ">=9",

package/dist/chunk-4NXVI7PW.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/eval/index.ts"],"sourcesContent":["/**\n * Eval — the app-shell BRIDGE to `@tangle-network/agent-eval`, not a reimpl.\n *\n * The completion/scoring ENGINE lives in agent-eval (a peer dependency):\n * `verifyCompletion`, `extractProducedState`, `weightedComposite`,\n * `createLlmCorrectnessChecker`, and the `CompletionRequirement` / `TaskGold` /\n * `ProducedState` types — all re-exported here so a consumer has one import\n * root. This module adds only what agent-eval doesn't have and what is\n * app-shell-specific:\n *\n *   1. {@link producedFromToolEvents} — the bridge: turn the structured app-tool\n *      side channel's `AppToolProducedEvent`s (from a tool runtime executor's\n *      `onProduced`) into the `RuntimeEventLike`s agent-eval's\n *      `extractProducedState` consumes. This is the one piece that knows about\n *      the app-tool channel, so it belongs here, not in the engine.\n *   2. {@link createTokenRecallChecker} — a deterministic, no-LLM\n *      `CorrectnessChecker` (agent-eval ships only the LLM one). For apps/tests\n *      that gate completion without a judge call.\n *\n * Full campaigns (persona simulation, traces, scorecards, held-out gates) are\n * agent-eval's `runEvalCampaign` / `AgentDriver` / `BenchmarkRunner` — use them\n * directly; this module composes with them.\n */\nimport type { RuntimeEventLike, CompletionRequirement } from '@tangle-network/agent-eval'\nimport type { AppToolProducedEvent } from '../tools/types'\n\n// Re-export the engine so consumers import completion + scoring from one place.\nexport { verifyCompletion, extractProducedState, weightedComposite, createLlmCorrectnessChecker } from '@tangle-network/agent-eval'\nexport type {\n  CompletionRequirement,\n  TaskGold,\n  ProducedState,\n  SatisfiedBy,\n  CompletionVerdict,\n  CorrectnessChecker,\n  RuntimeEventLike,\n} from '@tangle-network/agent-eval'\n\n/**\n * Bridge the app-tool side channel's produced events into the runtime-event\n * shape agent-eval's `extractProducedState` reads. Pipe it:\n *   `verifyCompletion(taskGold, extractProducedState(producedFromToolEvents(events)), checker)`\n */\nexport function producedFromToolEvents(events: readonly AppToolProducedEvent[]): RuntimeEventLike[] {\n  return events.map((e) =>\n    e.type === 'proposal_created'\n      ? { type: 'proposal_created', proposalId: e.proposalId, title: e.title, status: e.status }\n      : { type: 'artifact', artifactId: `vault:${e.path}`, name: e.path, uri: `vault://${e.path}`, mimeType: 'text/markdown', content: e.content },\n  )\n}\n\nconst STOPWORDS = new Set(['the', 'a', 'an', 'and', 'or', 'for', 'to', 'of', 'in', 'on', 'with', 'review', 'update', 'new', 'proposed'])\n\n/**\n * A deterministic `CorrectnessChecker` (agent-eval exports only\n * `createLlmCorrectnessChecker`). A produced item fulfils a requirement when\n * its content is substantive and recalls ≥ `minRecall` of the requirement\n * title's significant tokens. No network — the default gate for apps/tests\n * without an LLM judge. Pass to `verifyCompletion` as the checker.\n */\nexport function createTokenRecallChecker(opts: { minRecall?: number; minContentLength?: number } = {}): (\n  requirement: CompletionRequirement,\n  content: string,\n) => Promise<{ correct: boolean; reason: string }> {\n  const minRecall = opts.minRecall ?? 0.5\n  const minLen = opts.minContentLength ?? 120\n  return async (requirement, content) => {\n    const body = content.trim()\n    if (body.length < minLen) return { correct: false, reason: `content too thin (${body.length} chars) to be the deliverable` }\n    const tokens = requirement.title.toLowerCase().split(/[^a-z0-9]+/).filter((t) => t.length > 2 && !STOPWORDS.has(t))\n    if (tokens.length === 0) return { correct: true, reason: 'requirement title has no significant tokens — structural match accepted' }\n    const lower = body.toLowerCase()\n    const hits = tokens.filter((t) => lower.includes(t)).length\n    const recall = hits / tokens.length\n    return recall >= minRecall\n      ? { correct: true, reason: `content recalls ${hits}/${tokens.length} requirement tokens` }\n      : { correct: false, reason: `content recalls only ${hits}/${tokens.length} requirement tokens` }\n  }\n}\n"],"mappings":";AA2BA,SAAS,kBAAkB,sBAAsB,mBAAmB,mCAAmC;AAgBhG,SAAS,uBAAuB,QAA6D;AAClG,SAAO,OAAO;AAAA,IAAI,CAAC,MACjB,EAAE,SAAS,qBACP,EAAE,MAAM,oBAAoB,YAAY,EAAE,YAAY,OAAO,EAAE,OAAO,QAAQ,EAAE,OAAO,IACvF,EAAE,MAAM,YAAY,YAAY,SAAS,EAAE,IAAI,IAAI,MAAM,EAAE,MAAM,KAAK,WAAW,EAAE,IAAI,IAAI,UAAU,iBAAiB,SAAS,EAAE,QAAQ;AAAA,EAC/I;AACF;AAEA,IAAM,YAAY,oBAAI,IAAI,CAAC,OAAO,KAAK,MAAM,OAAO,MAAM,OAAO,MAAM,MAAM,MAAM,MAAM,QAAQ,UAAU,UAAU,OAAO,UAAU,CAAC;AAShI,SAAS,yBAAyB,OAA0D,CAAC,GAGjD;AACjD,QAAM,YAAY,KAAK,aAAa;AACpC,QAAM,SAAS,KAAK,oBAAoB;AACxC,SAAO,OAAO,aAAa,YAAY;AACrC,UAAM,OAAO,QAAQ,KAAK;AAC1B,QAAI,KAAK,SAAS,OAAQ,QAAO,EAAE,SAAS,OAAO,QAAQ,qBAAqB,KAAK,MAAM,gCAAgC;AAC3H,UAAM,SAAS,YAAY,MAAM,YAAY,EAAE,MAAM,YAAY,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,KAAK,CAAC,UAAU,IAAI,CAAC,CAAC;AAClH,QAAI,OAAO,WAAW,EAAG,QAAO,EAAE,SAAS,MAAM,QAAQ,+EAA0E;AACnI,UAAM,QAAQ,KAAK,YAAY;AAC/B,UAAM,OAAO,OAAO,OAAO,CAAC,MAAM,MAAM,SAAS,CAAC,CAAC,EAAE;AACrD,UAAM,SAAS,OAAO,OAAO;AAC7B,WAAO,UAAU,YACb,EAAE,SAAS,MAAM,QAAQ,mBAAmB,IAAI,IAAI,OAAO,MAAM,sBAAsB,IACvF,EAAE,SAAS,OAAO,QAAQ,wBAAwB,IAAI,IAAI,OAAO,MAAM,sBAAsB;AAAA,EACnG;AACF;","names":[]}

package/dist/chunk-ABGSFUJQ.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/tools/capability.ts","../src/tools/http.ts"],"sourcesContent":["/**\n * Per-user capability token — the sandbox→app auth primitive behind the\n * `verifyToken` seam in {@link authenticateToolRequest}.\n *\n * An app-agent runs inside the sandbox and reaches the host app back over HTTP\n * (the app tools, the integration-invoke bridge). The route must act AS the\n * connecting user without trusting any model-supplied identity, so the turn\n * mints a short HMAC token bound to the user id and bakes it into the per-turn\n * MCP server header; the route verifies it to recover the user.\n *\n * `HMAC-SHA256(secret, \"user:<userId>\")`, base64url, with an app-chosen prefix.\n * The token encodes no scopes — the hub's policy engine authorizes per action.\n * Fail-closed: with no secret, no token is minted (the caller MUST omit the MCP\n * server rather than fake an authorized call). WebCrypto only — runs on\n * Workers, Node, and the browser with no Node `crypto` dependency.\n */\n\nexport interface CapabilityTokenOptions {\n  /** Shared HMAC secret. When absent, mint returns undefined / verify returns false. */\n  secret?: string\n  /** Token prefix (namespaces the credential; lets verify reject foreign tokens\n   *  cheaply). Default `cap_`. */\n  prefix?: string\n}\n\n/** Mint a capability token for `userId`, or `undefined` when no secret is\n *  configured (fail-closed — the caller omits the MCP server rather than fake it). */\nexport async function createCapabilityToken(userId: string, opts: CapabilityTokenOptions): Promise<string | undefined> {\n  const secret = opts.secret?.trim()\n  if (!secret) return undefined\n  const prefix = opts.prefix ?? 'cap_'\n  return `${prefix}${await sign(userId, secret)}`\n}\n\n/** Verify a capability token against `userId`. Returns false (never throws) for\n *  an unconfigured secret, a wrong prefix, a malformed token, or a mismatch. */\nexport async function verifyCapabilityToken(userId: string, token: string, opts: CapabilityTokenOptions): Promise<boolean> {\n  const secret = opts.secret?.trim()\n  const prefix = opts.prefix ?? 'cap_'\n  if (!secret || !token.startsWith(prefix)) return false\n  const expected = `${prefix}${await sign(userId, secret)}`\n  return timingSafeEqual(token, expected)\n}\n\nexport interface ExpiringCapabilityTokenOptions extends CapabilityTokenOptions {\n  /** Token lifetime. Expired tokens verify false regardless of signature. */\n  expiresInMs: number\n  /** Clock injection for tests; defaults to Date.now. */\n  now?: () => number\n}\n\n/**\n * Mint an EXPIRING capability token: `<prefix><base64url(payload)>.<sig>` where\n * the payload carries `{ sub, exp, n }` (subject, epoch-ms expiry, random\n * nonce) and the signature is HMAC-SHA256 over the encoded payload. Use this\n * for user-initiated scoped channels (e.g. a per-sequence MCP endpoint) where\n * a captured token must not stay valid past its window; the bare\n * {@link createCapabilityToken} remains for turn-scoped tool bridges whose\n * mint+verify happen inside one request cycle. Fail-closed like the bare\n * variant: no secret → no token.\n */\nexport async function createExpiringCapabilityToken(subject: string, opts: ExpiringCapabilityTokenOptions): Promise<string | undefined> {\n  const secret = opts.secret?.trim()\n  if (!secret) return undefined\n  if (!Number.isFinite(opts.expiresInMs) || opts.expiresInMs <= 0) throw new Error('expiresInMs must be a positive number')\n  const prefix = opts.prefix ?? 'cap_'\n  const now = opts.now ?? Date.now\n  const payload = base64urlText(JSON.stringify({ sub: subject, exp: now() + opts.expiresInMs, n: crypto.randomUUID() }))\n  return `${prefix}${payload}.${await signText(payload, secret)}`\n}\n\n/** Verify an expiring token against `subject`: prefix, payload integrity,\n *  subject match, and expiry all checked; returns false (never throws) on any\n *  failure including a malformed payload. */\nexport async function verifyExpiringCapabilityToken(subject: string, token: string, opts: CapabilityTokenOptions & { now?: () => number }): Promise<boolean> {\n  const secret = opts.secret?.trim()\n  const prefix = opts.prefix ?? 'cap_'\n  if (!secret || !token.startsWith(prefix)) return false\n  const body = token.slice(prefix.length)\n  const dot = body.lastIndexOf('.')\n  if (dot <= 0 || dot === body.length - 1) return false\n  const payload = body.slice(0, dot)\n  const sig = body.slice(dot + 1)\n  if (!timingSafeEqual(sig, await signText(payload, secret))) return false\n  let parsed: { sub?: unknown; exp?: unknown }\n  try {\n    parsed = JSON.parse(textFromBase64url(payload)) as { sub?: unknown; exp?: unknown }\n  } catch {\n    return false\n  }\n  if (parsed.sub !== subject) return false\n  if (typeof parsed.exp !== 'number') return false\n  const now = opts.now ?? Date.now\n  return parsed.exp > now()\n}\n\nasync function sign(userId: string, secret: string): Promise<string> {\n  return signText(`user:${userId}`, secret)\n}\n\nasync function signText(message: string, secret: string): Promise<string> {\n  const enc = new TextEncoder()\n  const key = await crypto.subtle.importKey('raw', enc.encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['sign'])\n  const sig = await crypto.subtle.sign('HMAC', key, enc.encode(message))\n  return base64url(new Uint8Array(sig))\n}\n\nfunction base64urlText(text: string): string {\n  return base64url(new TextEncoder().encode(text))\n}\n\nfunction textFromBase64url(value: string): string {\n  const b64 = value.replace(/-/g, '+').replace(/_/g, '/')\n  const bin = atob(b64)\n  const bytes = new Uint8Array(bin.length)\n  for (let i = 0; i < bin.length; i++) bytes[i] = bin.charCodeAt(i)\n  return new TextDecoder().decode(bytes)\n}\n\nfunction base64url(bytes: Uint8Array): string {\n  let s = ''\n  for (let i = 0; i < bytes.length; i++) s += String.fromCharCode(bytes[i]!)\n  return btoa(s).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n}\n\n/** Length-independent-leak-free compare for two same-charset strings. */\nfunction timingSafeEqual(a: string, b: string): boolean {\n  if (a.length !== b.length) return false\n  let diff = 0\n  for (let i = 0; i < a.length; i++) diff |= a.charCodeAt(i) ^ b.charCodeAt(i)\n  return diff === 0\n}\n","import { authenticateToolRequest, type ToolHeaderNames } from './auth'\nimport { dispatchAppTool, outcomeStatus, type DispatchOptions } from './dispatch'\nimport type { AppToolName } from './openai'\n\nexport interface HandleToolRequestOptions extends DispatchOptions {\n  /** Which app tool this route serves. */\n  tool: AppToolName\n  /** Verify the bearer capability token belongs to the header user. */\n  verifyToken: (userId: string, bearer: string) => Promise<boolean>\n  headerNames?: ToolHeaderNames\n  /** Optional success-message builder for a friendlier tool result. */\n  message?: (result: unknown) => string\n}\n\n/**\n * Handle one app-tool HTTP request end to end — the sandbox MCP path. The\n * agent's per-turn HTTP MCP server POSTs here; this authenticates (header user\n * + capability token), reads the args (MCP-alias tolerant), dispatches to the\n * product handler, and returns a JSON Response. A product's route file becomes\n * a one-liner: `export const action = ({ request }) => handleAppToolRequest(request, cfg)`.\n */\nexport async function handleAppToolRequest(request: Request, opts: HandleToolRequestOptions): Promise<Response> {\n  if (request.method !== 'POST') return Response.json({ error: 'Method not allowed' }, { status: 405 })\n\n  const auth = await authenticateToolRequest(request, { verifyToken: opts.verifyToken, headerNames: opts.headerNames })\n  if (!auth.ok) return auth.response\n\n  let body: { args?: Record<string, unknown>; arguments?: Record<string, unknown> } & Record<string, unknown>\n  try {\n    body = (await request.json()) as typeof body\n  } catch {\n    return Response.json({ error: 'Invalid JSON' }, { status: 400 })\n  }\n  const args = (body.args ?? body.arguments ?? body) as Record<string, unknown>\n\n  const outcome = await dispatchAppTool(opts.tool, args, auth.ctx, opts)\n  if (!outcome.ok) {\n    return Response.json({ error: outcome.code, message: outcome.message }, { status: outcomeStatus(outcome) })\n  }\n  const payload = outcome.result as Record<string, unknown>\n  return Response.json({ ok: true, ...payload, ...(opts.message ? { message: opts.message(outcome.result) } : {}) })\n}\n"],"mappings":";;;;;;;;;AA2BA,eAAsB,sBAAsB,QAAgB,MAA2D;AACrH,QAAM,SAAS,KAAK,QAAQ,KAAK;AACjC,MAAI,CAAC,OAAQ,QAAO;AACpB,QAAM,SAAS,KAAK,UAAU;AAC9B,SAAO,GAAG,MAAM,GAAG,MAAM,KAAK,QAAQ,MAAM,CAAC;AAC/C;AAIA,eAAsB,sBAAsB,QAAgB,OAAe,MAAgD;AACzH,QAAM,SAAS,KAAK,QAAQ,KAAK;AACjC,QAAM,SAAS,KAAK,UAAU;AAC9B,MAAI,CAAC,UAAU,CAAC,MAAM,WAAW,MAAM,EAAG,QAAO;AACjD,QAAM,WAAW,GAAG,MAAM,GAAG,MAAM,KAAK,QAAQ,MAAM,CAAC;AACvD,SAAO,gBAAgB,OAAO,QAAQ;AACxC;AAmBA,eAAsB,8BAA8B,SAAiB,MAAmE;AACtI,QAAM,SAAS,KAAK,QAAQ,KAAK;AACjC,MAAI,CAAC,OAAQ,QAAO;AACpB,MAAI,CAAC,OAAO,SAAS,KAAK,WAAW,KAAK,KAAK,eAAe,EAAG,OAAM,IAAI,MAAM,uCAAuC;AACxH,QAAM,SAAS,KAAK,UAAU;AAC9B,QAAM,MAAM,KAAK,OAAO,KAAK;AAC7B,QAAM,UAAU,cAAc,KAAK,UAAU,EAAE,KAAK,SAAS,KAAK,IAAI,IAAI,KAAK,aAAa,GAAG,OAAO,WAAW,EAAE,CAAC,CAAC;AACrH,SAAO,GAAG,MAAM,GAAG,OAAO,IAAI,MAAM,SAAS,SAAS,MAAM,CAAC;AAC/D;AAKA,eAAsB,8BAA8B,SAAiB,OAAe,MAAyE;AAC3J,QAAM,SAAS,KAAK,QAAQ,KAAK;AACjC,QAAM,SAAS,KAAK,UAAU;AAC9B,MAAI,CAAC,UAAU,CAAC,MAAM,WAAW,MAAM,EAAG,QAAO;AACjD,QAAM,OAAO,MAAM,MAAM,OAAO,MAAM;AACtC,QAAM,MAAM,KAAK,YAAY,GAAG;AAChC,MAAI,OAAO,KAAK,QAAQ,KAAK,SAAS,EAAG,QAAO;AAChD,QAAM,UAAU,KAAK,MAAM,GAAG,GAAG;AACjC,QAAM,MAAM,KAAK,MAAM,MAAM,CAAC;AAC9B,MAAI,CAAC,gBAAgB,KAAK,MAAM,SAAS,SAAS,MAAM,CAAC,EAAG,QAAO;AACnE,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,kBAAkB,OAAO,CAAC;AAAA,EAChD,QAAQ;AACN,WAAO;AAAA,EACT;AACA,MAAI,OAAO,QAAQ,QAAS,QAAO;AACnC,MAAI,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC3C,QAAM,MAAM,KAAK,OAAO,KAAK;AAC7B,SAAO,OAAO,MAAM,IAAI;AAC1B;AAEA,eAAe,KAAK,QAAgB,QAAiC;AACnE,SAAO,SAAS,QAAQ,MAAM,IAAI,MAAM;AAC1C;AAEA,eAAe,SAAS,SAAiB,QAAiC;AACxE,QAAM,MAAM,IAAI,YAAY;AAC5B,QAAM,MAAM,MAAM,OAAO,OAAO,UAAU,OAAO,IAAI,OAAO,MAAM,GAAG,EAAE,MAAM,QAAQ,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;AACvH,QAAM,MAAM,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK,IAAI,OAAO,OAAO,CAAC;AACrE,SAAO,UAAU,IAAI,WAAW,GAAG,CAAC;AACtC;AAEA,SAAS,cAAc,MAAsB;AAC3C,SAAO,UAAU,IAAI,YAAY,EAAE,OAAO,IAAI,CAAC;AACjD;AAEA,SAAS,kBAAkB,OAAuB;AAChD,QAAM,MAAM,MAAM,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACtD,QAAM,MAAM,KAAK,GAAG;AACpB,QAAM,QAAQ,IAAI,WAAW,IAAI,MAAM;AACvC,WAAS,IAAI,GAAG,IAAI,IAAI,QAAQ,IAAK,OAAM,CAAC,IAAI,IAAI,WAAW,CAAC;AAChE,SAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AACvC;AAEA,SAAS,UAAU,OAA2B;AAC5C,MAAI,IAAI;AACR,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,IAAK,MAAK,OAAO,aAAa,MAAM,CAAC,CAAE;AACzE,SAAO,KAAK,CAAC,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAC1E;AAGA,SAAS,gBAAgB,GAAW,GAAoB;AACtD,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,MAAI,OAAO;AACX,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,SAAQ,EAAE,WAAW,CAAC,IAAI,EAAE,WAAW,CAAC;AAC3E,SAAO,SAAS;AAClB;;;AC9GA,eAAsB,qBAAqB,SAAkB,MAAmD;AAC9G,MAAI,QAAQ,WAAW,OAAQ,QAAO,SAAS,KAAK,EAAE,OAAO,qBAAqB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAEpG,QAAM,OAAO,MAAM,wBAAwB,SAAS,EAAE,aAAa,KAAK,aAAa,aAAa,KAAK,YAAY,CAAC;AACpH,MAAI,CAAC,KAAK,GAAI,QAAO,KAAK;AAE1B,MAAI;AACJ,MAAI;AACF,WAAQ,MAAM,QAAQ,KAAK;AAAA,EAC7B,QAAQ;AACN,WAAO,SAAS,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACjE;AACA,QAAM,OAAQ,KAAK,QAAQ,KAAK,aAAa;AAE7C,QAAM,UAAU,MAAM,gBAAgB,KAAK,MAAM,MAAM,KAAK,KAAK,IAAI;AACrE,MAAI,CAAC,QAAQ,IAAI;AACf,WAAO,SAAS,KAAK,EAAE,OAAO,QAAQ,MAAM,SAAS,QAAQ,QAAQ,GAAG,EAAE,QAAQ,cAAc,OAAO,EAAE,CAAC;AAAA,EAC5G;AACA,QAAM,UAAU,QAAQ;AACxB,SAAO,SAAS,KAAK,EAAE,IAAI,MAAM,GAAG,SAAS,GAAI,KAAK,UAAU,EAAE,SAAS,KAAK,QAAQ,QAAQ,MAAM,EAAE,IAAI,CAAC,EAAG,CAAC;AACnH;","names":[]}