@tangle-network/agent-app 0.22.0 → 0.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -4,6 +4,188 @@ import { a as AppToolName, c as ToolHeaderNames } from '../auth-BlS9GWfL.js';
4
4
  import { b as AppToolContext } from '../types-2rOJo8Hc.js';
5
5
  import { Harness } from '../harness/index.js';
6
6
 
7
+ interface WorkspaceSandboxInstanceLike {
8
+ id: string;
9
+ name?: string;
10
+ status?: string;
11
+ connection?: {
12
+ runtimeUrl?: string;
13
+ sidecarUrl?: string;
14
+ authToken?: string;
15
+ sidecarToken?: string;
16
+ authTokenExpiresAt?: string;
17
+ } | null;
18
+ }
19
+ interface WorkspaceSandboxEnsureContext {
20
+ workspaceId: string;
21
+ userId: string;
22
+ }
23
+ interface WorkspaceSandboxManagerOptions<TClient, TBox extends WorkspaceSandboxInstanceLike, TEnsureOptions = void> {
24
+ getClient: (ctx: WorkspaceSandboxEnsureContext) => Promise<TClient> | TClient;
25
+ nameForWorkspace: (workspaceId: string, ctx: WorkspaceSandboxEnsureContext) => string;
26
+ listSandboxes: (client: TClient, ctx: WorkspaceSandboxEnsureContext) => Promise<TBox[]>;
27
+ createSandbox: (args: {
28
+ client: TClient;
29
+ ctx: WorkspaceSandboxEnsureContext;
30
+ name: string;
31
+ options: TEnsureOptions;
32
+ listError?: unknown;
33
+ }) => Promise<TBox>;
34
+ waitForRunning?: (box: TBox, ctx: WorkspaceSandboxEnsureContext) => Promise<void>;
35
+ prepareExisting?: (box: TBox, ctx: WorkspaceSandboxEnsureContext, options: TEnsureOptions) => Promise<TBox | void>;
36
+ prepareCreated?: (box: TBox, ctx: WorkspaceSandboxEnsureContext, options: TEnsureOptions) => Promise<TBox | void>;
37
+ onListError?: (error: unknown, ctx: WorkspaceSandboxEnsureContext) => void;
38
+ }
39
+ interface WorkspaceSandboxManager<TBox extends WorkspaceSandboxInstanceLike, TEnsureOptions = void> {
40
+ ensureWorkspaceSandbox: (workspaceId: string, userId: string, options?: TEnsureOptions) => Promise<TBox>;
41
+ }
42
+ declare function createWorkspaceSandboxManager<TClient, TBox extends WorkspaceSandboxInstanceLike, TEnsureOptions = void>(opts: WorkspaceSandboxManagerOptions<TClient, TBox, TEnsureOptions>): WorkspaceSandboxManager<TBox, TEnsureOptions>;
43
+ interface SandboxTerminalTokenOptions {
44
+ secret?: string;
45
+ prefix?: string;
46
+ expiresInMs?: number;
47
+ now?: () => number;
48
+ }
49
+ interface SandboxTerminalTokenSubject {
50
+ userId: string;
51
+ workspaceId: string;
52
+ sandboxId: string;
53
+ }
54
+ interface SandboxTerminalTokenResult {
55
+ token: string;
56
+ expiresAt: Date;
57
+ }
58
+ declare function createSandboxTerminalToken(subject: SandboxTerminalTokenSubject, opts: SandboxTerminalTokenOptions): Promise<SandboxTerminalTokenResult>;
59
+ declare function verifySandboxTerminalToken(token: string, expected: SandboxTerminalTokenSubject, opts: SandboxTerminalTokenOptions): Promise<boolean>;
60
+ interface AuthenticatedSandboxUser {
61
+ id: string;
62
+ }
63
+ interface WorkspaceSandboxConnectionHandlerOptions<TBox extends WorkspaceSandboxInstanceLike> {
64
+ requireUser: (request: Request) => Promise<AuthenticatedSandboxUser>;
65
+ requireWorkspaceAccess: (args: {
66
+ request: Request;
67
+ userId: string;
68
+ workspaceId: string;
69
+ }) => Promise<void>;
70
+ ensureWorkspaceSandbox: (workspaceId: string, userId: string) => Promise<TBox>;
71
+ tokenSecret: string | (() => string | undefined);
72
+ tokenExpiresInMs?: number;
73
+ tokenPrefix?: string;
74
+ proxyRuntimeUrl?: (args: {
75
+ request: Request;
76
+ workspaceId: string;
77
+ sandboxId: string;
78
+ box: TBox;
79
+ }) => string;
80
+ exposeDirectSidecar?: boolean;
81
+ }
82
+ interface WorkspaceSandboxConnectionArgs {
83
+ request: Request;
84
+ params: {
85
+ workspaceId?: string;
86
+ };
87
+ }
88
+ declare function createWorkspaceSandboxConnectionHandler<TBox extends WorkspaceSandboxInstanceLike>(opts: WorkspaceSandboxConnectionHandlerOptions<TBox>): ({ request, params }: WorkspaceSandboxConnectionArgs) => Promise<Response>;
89
+ interface SandboxApiCredentials {
90
+ baseUrl: string;
91
+ apiKey: string;
92
+ }
93
+ interface SandboxRuntimeConnection {
94
+ runtimeUrl: string;
95
+ authToken?: string;
96
+ }
97
+ interface WorkspaceSandboxRuntimeProxyHandlerOptions {
98
+ requireUser: (request: Request) => Promise<AuthenticatedSandboxUser>;
99
+ requireWorkspaceAccess: (args: {
100
+ request: Request;
101
+ userId: string;
102
+ workspaceId: string;
103
+ sandboxId: string;
104
+ }) => Promise<void>;
105
+ getSandboxApiCredentials: (args: {
106
+ request: Request;
107
+ userId: string;
108
+ workspaceId: string;
109
+ sandboxId: string;
110
+ }) => Promise<SandboxApiCredentials>;
111
+ getSandboxRuntimeConnection?: (args: {
112
+ request: Request;
113
+ userId: string;
114
+ workspaceId: string;
115
+ sandboxId: string;
116
+ }) => Promise<SandboxRuntimeConnection | null | undefined>;
117
+ tokenSecret: string | (() => string | undefined);
118
+ tokenPrefix?: string;
119
+ fetch?: typeof fetch;
120
+ forwardHeaders?: string[];
121
+ }
122
+ interface WorkspaceSandboxRuntimeProxyArgs {
123
+ request: Request;
124
+ params: {
125
+ workspaceId?: string;
126
+ sandboxId?: string;
127
+ '*'?: string;
128
+ };
129
+ }
130
+ declare function createWorkspaceSandboxRuntimeProxyHandler(opts: WorkspaceSandboxRuntimeProxyHandlerOptions): ({ request, params }: WorkspaceSandboxRuntimeProxyArgs) => Promise<Response>;
131
+ interface SandboxTerminalWsMatch {
132
+ workspaceId: string;
133
+ sandboxId: string;
134
+ subPath: string;
135
+ }
136
+ /**
137
+ * Parse a same-origin terminal-WS pathname into its parts, or `null` when the
138
+ * path is not a sandbox terminal WebSocket. Matches the default `runtimeUrl`
139
+ * convention emitted by {@link createWorkspaceSandboxConnectionHandler}
140
+ * (`/api/workspaces/:workspaceId/sandbox/runtime/:sandboxId`) with a canonical
141
+ * `terminals/:id/ws` sub-path. `subPath` is left URL-encoded for re-use in the
142
+ * upstream URL; the ids are decoded for auth checks.
143
+ */
144
+ declare function matchSandboxTerminalWsPath(pathname: string): SandboxTerminalWsMatch | null;
145
+ /** True when `request` is a WebSocket upgrade for a sandbox terminal path. */
146
+ declare function isSandboxTerminalWsUpgrade(request: Request): boolean;
147
+ interface WorkspaceSandboxTerminalUpgradeHandlerOptions {
148
+ requireUser: (request: Request) => Promise<AuthenticatedSandboxUser>;
149
+ requireWorkspaceAccess: (args: {
150
+ request: Request;
151
+ userId: string;
152
+ workspaceId: string;
153
+ sandboxId: string;
154
+ }) => Promise<void>;
155
+ getSandboxApiCredentials: (args: {
156
+ request: Request;
157
+ userId: string;
158
+ workspaceId: string;
159
+ sandboxId: string;
160
+ }) => Promise<SandboxApiCredentials>;
161
+ getSandboxRuntimeConnection?: (args: {
162
+ request: Request;
163
+ userId: string;
164
+ workspaceId: string;
165
+ sandboxId: string;
166
+ }) => Promise<SandboxRuntimeConnection | null | undefined>;
167
+ tokenSecret: string | (() => string | undefined);
168
+ tokenPrefix?: string;
169
+ fetch?: typeof fetch;
170
+ }
171
+ /**
172
+ * Build a Worker-entry handler that proxies a sandbox terminal WebSocket
173
+ * upgrade to the sandbox API runtime proxy. Returns `null` when the request is
174
+ * not a terminal WS upgrade, so the caller can fall through to its normal
175
+ * request handler:
176
+ *
177
+ * ```ts
178
+ * const handled = await handleSandboxTerminalUpgrade(request)
179
+ * if (handled) return handled
180
+ * ```
181
+ */
182
+ declare function createWorkspaceSandboxTerminalUpgradeHandler(opts: WorkspaceSandboxTerminalUpgradeHandlerOptions): (request: Request) => Promise<Response | null>;
183
+ declare function buildSandboxRuntimeProxyHeaders(source: Headers, sandboxApiKey: string, forwardHeaders?: string[]): Headers;
184
+ declare function encodeSandboxRuntimePath(runtimePath: string): string | null;
185
+ declare function bearerToken(value: string | null): string | null;
186
+ declare function bearerSubprotocolToken(value: string | null): string | null;
187
+ declare function terminalTokenFromRequest(headers: Headers): string | null;
188
+
7
189
  type Outcome<T> = {
8
190
  succeeded: true;
9
191
  value: T;
@@ -194,4 +376,4 @@ declare function classifySeveredStream(event: unknown): SandboxStepTransition |
194
376
  declare function isTerminalPromptEvent(event: unknown): boolean;
195
377
  declare function detectInteractiveQuestion(event: unknown): string | null;
196
378
 
197
- export { type AppToolDescriptor, type BuildAppToolMcpServersOptions, DEFAULT_SANDBOX_RESOURCES, type EnsureWorkspaceSandboxOptions, type LivenessProbeConfig, type MemberSyncSeam, type Outcome, type ProfileComposeOptions, type ProviderResolutionConfig, type ResolvedModel, type SandboxBuildContext, type SandboxClientCredentials, type SandboxPermissionLevel, type SandboxResourceConfig, type SandboxRestoreSpec, type SandboxRuntimeConfig, type SandboxScope, type SandboxStepTransition, type ScopedTokenResult, type SecretStore, type StreamSandboxPromptOptions, type TerminalProxyIdentity, attachReasoningEffort, buildAppToolMcpServers, classifySeveredStream, deleteSecret, detectInteractiveQuestion, driveSandboxTurn, ensureWorkspaceSandbox, flattenHistory, getClient, isTerminalPromptEvent, mergeExtraMcp, mintSandboxScopedToken, mintTerminalProxyToken, readSecret, resetClientCache, resolveModel, runSandboxPrompt, secretStoreFromClient, storeSecret, streamSandboxPrompt, syncSandboxMemberAdd, syncSandboxMemberRemove, syncSandboxMemberRole, verifyTerminalProxyToken };
379
+ export { type AppToolDescriptor, type AuthenticatedSandboxUser, type BuildAppToolMcpServersOptions, DEFAULT_SANDBOX_RESOURCES, type EnsureWorkspaceSandboxOptions, type LivenessProbeConfig, type MemberSyncSeam, type Outcome, type ProfileComposeOptions, type ProviderResolutionConfig, type ResolvedModel, type SandboxApiCredentials, type SandboxBuildContext, type SandboxClientCredentials, type SandboxPermissionLevel, type SandboxResourceConfig, type SandboxRestoreSpec, type SandboxRuntimeConfig, type SandboxRuntimeConnection, type SandboxScope, type SandboxStepTransition, type SandboxTerminalTokenOptions, type SandboxTerminalTokenResult, type SandboxTerminalTokenSubject, type SandboxTerminalWsMatch, type ScopedTokenResult, type SecretStore, type StreamSandboxPromptOptions, type TerminalProxyIdentity, type WorkspaceSandboxConnectionArgs, type WorkspaceSandboxConnectionHandlerOptions, type WorkspaceSandboxEnsureContext, type WorkspaceSandboxInstanceLike, type WorkspaceSandboxManager, type WorkspaceSandboxManagerOptions, type WorkspaceSandboxRuntimeProxyArgs, type WorkspaceSandboxRuntimeProxyHandlerOptions, type WorkspaceSandboxTerminalUpgradeHandlerOptions, attachReasoningEffort, bearerSubprotocolToken, bearerToken, buildAppToolMcpServers, buildSandboxRuntimeProxyHeaders, classifySeveredStream, createSandboxTerminalToken, createWorkspaceSandboxConnectionHandler, createWorkspaceSandboxManager, createWorkspaceSandboxRuntimeProxyHandler, createWorkspaceSandboxTerminalUpgradeHandler, deleteSecret, detectInteractiveQuestion, driveSandboxTurn, encodeSandboxRuntimePath, ensureWorkspaceSandbox, flattenHistory, getClient, isSandboxTerminalWsUpgrade, isTerminalPromptEvent, matchSandboxTerminalWsPath, mergeExtraMcp, mintSandboxScopedToken, mintTerminalProxyToken, readSecret, resetClientCache, resolveModel, runSandboxPrompt, secretStoreFromClient, storeSecret, streamSandboxPrompt, syncSandboxMemberAdd, syncSandboxMemberRemove, syncSandboxMemberRole, terminalTokenFromRequest, verifySandboxTerminalToken, verifyTerminalProxyToken };