@the-ai-company/cbio-node-runtime 1.57.0 → 1.59.1

package/docs/zh/README.md

@@ -96,20 +96,17 @@ const sessionToken = createdAgent.sessionToken;
 ```ts
 const record = await client.ownerWriteSecret({
   alias: 'api-token',
-  plaintext: 'secret-value',
-  targetBindings: [{
-    kind: 'site',
-    targetId: 'my-api',
-    targetUrl: 'https://api.example.com/endpoint',
-    methods: ['POST']
-  }]
+  plaintext: 'secret-value'
 });
 
 await client.ownerGrantCapability({
   agentId,
-  secretAliases: ['api-token'],
-  scope: 'https://api.example.com/*',
-  methods: ['POST']
+  write: {
+    secretIds: [record.secretId.value],
+    scope: 'https://api.example.com/*',
+    methods: ['POST']
+  },
+  read: { mode: 'full' }
 });
 ```
 
@@ -126,24 +123,31 @@ const agent = createAgentClient({
 });
 
 const result = await agent.agentDispatch({ ... });
+const requests = await agent.agentListRequests();
+const request = await agent.agentGetRequest(result.requestId);
 ```
 
 Agent 进程不会直接使用原始私钥执行请求。即使 Agent 拥有身份材料，也应先换取 session token，再进行 dispatch。
 
+给 LLM 的直白规则：
+- `agentDispatch(...)` = 立刻尝试执行真实任务
+- `agentSubmitCapabilityRequest(...)` = 只申请权限，不会执行任务
+- `agentListRequests()` / `agentGetRequest(...)` = 在请求执行后查看异步结果
+
 ```ts
 const manifest = await agent.agentIntrospect();
 
 console.log(manifest.agent.agentId);
 console.log(manifest.agent.identityId);
 console.log(manifest.agent.nickname);
-console.log(manifest.capabilities); // 同一张能力状态表里同时包含 GRANTED 和 PENDING
+console.log(manifest.capabilities); // 同一组能力载体里包含 write/read 动作状态
 ```
 
-`agentListCapabilities()` 现在返回的也是同一张统一能力状态表，因此调度器或 Agent 重启后，不需要分别拼“已授权能力”和“待审批能力”。
+`agentListCapabilities()` 返回能力载体视图，`agentListRequests()` / `agentGetRequest()` 则负责暴露请求历史和按权限裁剪后的结果。
 
 ### 7. 人机协同（HITL）工作流
 
-系统采用统一的 **能力状态（capability state）** 模型。如果 Agent 尝试执行的动作不在白名单内，dispatch 会返回 `PENDING`，同时运行时会写入一条 `PENDING` 能力状态，等待 Owner 审批。
+如果 Agent 尝试执行的动作不在白名单内，dispatch 会返回 `PENDING`，同时运行时会写入一条能力载体记录，其 `write` 动作等待 Owner 审批。
 
 ```ts
 const result = await agent.agentDispatch({ ... });
@@ -152,14 +156,20 @@ if (result.status === 'PENDING') {
 }
 
 client.ownerOnCapabilityState((state) => {
-  if (state.status === 'PENDING') {
+  if (state.actions.write.status === 'PENDING') {
     console.log('收到新的待审批能力状态:', state.requestId);
   }
 });
 
-const pending = await client.ownerListCapabilityStates({ status: 'PENDING' });
+const pending = await client.ownerListCapabilityStates({ writeStatus: 'PENDING' });
 if (pending.length > 0) {
-  await client.ownerExecuteCapabilityStateAndGrant({
+  await client.ownerApproveCapabilityWrite({
+    requestId: pending[0].requestId
+  });
+  await client.ownerAllowAlways({
+    requestId: pending[0].requestId
+  });
+  await client.ownerApproveCapabilityRead({
     requestId: pending[0].requestId
   });
 }

package/examples/process-isolation.ts

@@ -120,7 +120,7 @@ async function main() {
     owner: { kind: "owner", id: ownerIdentity.identityId },
     alias: "api-token",
     plaintext: "SK-PROD-12345",
-    targetBindings: [{ kind: "site", targetId: "httpbin.org", targetUrl: "https://httpbin.org/post", methods: ["POST"] }],
+    source: { kind: "manual" },
     requestedAt: new Date().toISOString(),
   });
 
@@ -128,11 +128,13 @@ async function main() {
     vaultId: vault.vaultId,
     capabilityId: "cap-llm-1",
     agentId: agentIdentity.identityId,
-    secretIds: [secret.secretId.value],
-    secretAliases: ["api-token"],
     operation: "dispatch_http" as const,
-    scope: "https://httpbin.org/post",
-    methods: ["POST"],
+    write: {
+      secretIds: [secret.secretId.value],
+      scope: "https://httpbin.org/post",
+      methods: ["POST"],
+    },
+    read: { mode: "full" },
     issuedAt: new Date().toISOString(),
   };
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@the-ai-company/cbio-node-runtime",
-  "version": "1.57.0",
+  "version": "1.59.1",
   "publishConfig": {
     "access": "public"
   },

package/docs/api/interfaces/OwnerDefineSecretTargetsInput.md

@@ -1,23 +0,0 @@
-[**CBIO Node Runtime Agent API v1.57.0**](../README.md)
-
-***
-
-# Interface: OwnerDefineSecretTargetsInput
-
-## Properties
-
-### alias
-
-> **alias**: `string`
-
-***
-
-### requestedAt?
-
-> `optional` **requestedAt?**: `string`
-
-***
-
-### targetBindings
-
-> **targetBindings**: readonly [`OwnerSecretTargetBinding`](OwnerSecretTargetBinding.md)[]

package/docs/api/interfaces/OwnerSecretTargetBinding.md

@@ -1,35 +0,0 @@
-[**CBIO Node Runtime Agent API v1.57.0**](../README.md)
-
-***
-
-# Interface: OwnerSecretTargetBinding
-
-## Properties
-
-### kind
-
-> **kind**: `"owner"` \| `"site"`
-
-***
-
-### methods?
-
-> `optional` **methods?**: readonly `string`[]
-
-***
-
-### paths?
-
-> `optional` **paths?**: readonly `string`[]
-
-***
-
-### targetId
-
-> **targetId**: `string`
-
-***
-
-### targetUrl?
-
-> `optional` **targetUrl?**: `string`