@theokit/sdk-tools 0.5.0 → 0.7.0

package/CHANGELOG.md

@@ -1,5 +1,23 @@
 # Changelog
 
+## 0.7.0
+
+### Minor Changes
+
+- 5bd2f9c: @theokit/sdk: `shouldCompact`/`ShouldCompactInput` gains an optional `maxOutput` output-reserve term (`estimated >= contextWindow - buffer - (maxOutput ?? 0)`), defaulting to today's behavior. `AgentOptions.plugins` now also accepts an array of code `Plugin` objects (matching the runtime + docs), not only `{ enabled }`. @theokit/sdk-tools: `renderToolList` gains an optional `{ mode: "full" | "summary" | "names" }` — `"full"` (default) is the existing `<tools>` XML; `"summary"` renders `- name: <first sentence>`; `"names"` renders `- name`.
+
+## 0.6.0
+
+### Minor Changes
+
+- 6d65983: `createWebFetchTool` gains a redirect policy + injection seam.
+
+  - **`maxRedirects?: number`** — caps redirect hops (each SSRF-screened). Default 5 (unchanged). Set `0` to BLOCK ALL redirects (strict no-redirect policy for untrusted, model-chosen URLs).
+  - **Distinct `redirect_blocked` error** — a refused redirect now returns `{ ok:false, error:'redirect_blocked' }`, split from `ssrf_blocked` (a blocked private/reserved host). New exported `RedirectBlockedError`; `screenedFetch` throws it on redirect-limit exhaustion (was `SsrfBlockedError("too many redirects")` — a minor, more-precise error refinement).
+  - **Injectable `fetchImpl?` / `lookup?`** — drive the tool's redirect + SSRF paths deterministically in tests with no real network/DNS (the seam `screenedFetch` already had, now on the tool surface).
+
+  Additive + backward-compatible: absent options ⇒ today's behavior; `ssrf_blocked`/`invalid_url`/`timeout`/`too_large` codes + return shape unchanged. Lets a consumer (theocode) replace an app-side SSRF/redirect wrapper with `createWebFetchTool({ maxRedirects: 0 })`.
+
 ## 0.5.0
 
 ### Minor Changes

package/dist/index.cjs

@@ -721,6 +721,15 @@ var SsrfBlockedError = class extends sdk.ConfigurationError {
     );
   }
 };
+var RedirectBlockedError = class extends sdk.ConfigurationError {
+  name = "RedirectBlockedError";
+  constructor(url, detail) {
+    super(
+      `Blocked redirect for "${url}"${detail ? ` (${detail})` : ""}: redirect-hop limit exceeded (redirect policy).`,
+      { code: "redirect_blocked" }
+    );
+  }
+};
 function v4ToInt(ip) {
   const parts = ip.split(".");
   return (Number(parts[0]) << 24 | Number(parts[1]) << 16 | Number(parts[2]) << 8 | Number(parts[3])) >>> 0;
@@ -844,7 +853,7 @@ async function screenedFetch(url, options = {}) {
     if (next === void 0) return res;
     current = next;
   }
-  throw new SsrfBlockedError(url, "too many redirects");
+  throw new RedirectBlockedError(url, "too many redirects");
 }
 var DEFAULT_BUDGET = 8e3;
 var DEFAULT_MAX_DEPTH = 4;
@@ -972,7 +981,18 @@ function withDescription(tool, description) {
 function esc(s) {
   return String(s).replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;");
 }
-function renderToolList(tools) {
+function firstSentence(d) {
+  const m = d.trim().match(/\.\s+(?=[A-Z(]|$)/);
+  return m?.index == null ? d.trim() : d.trim().slice(0, m.index + 1);
+}
+function renderToolList(tools, options) {
+  const mode = options?.mode ?? "full";
+  if (mode === "summary") {
+    return tools.map((t) => `- ${t.name}: ${firstSentence(t.description)}`).join("\n");
+  }
+  if (mode === "names") {
+    return tools.map((t) => `- ${t.name}`).join("\n");
+  }
   if (tools.length === 0) return "<tools></tools>";
   const lines = ["<tools>"];
   for (const t of tools) {
@@ -1769,6 +1789,9 @@ var MAX_BODY_BYTES = 1 * 1024 * 1024;
 function createWebFetchTool(opts) {
   const defaultTimeoutMs = opts?.defaultTimeoutMs ?? DEFAULT_TIMEOUT_MS4;
   const allowPrivateHosts = opts?.allowPrivateHosts ?? false;
+  const maxRedirects = opts?.maxRedirects;
+  const fetchImpl = opts?.fetchImpl;
+  const lookup = opts?.lookup;
   return sdk.defineTool({
     name: "web_fetch",
     description: "Fetch the contents of a URL via HTTP/HTTPS. Use only for URLs the user provided or that you are confident help with the task; never invent or guess URLs. Rejects non-http(s) URLs and is SSRF-guarded by default (private/loopback/link-local/cloud-metadata hosts are refused with an ssrf_blocked error). The response body is capped at 1 MB. Returns { ok, content, status_code, content_type } or { ok: false, error }.",
@@ -1798,7 +1821,10 @@ function createWebFetchTool(opts) {
       try {
         const response = await screenedFetch(url, {
           signal: controller.signal,
-          allowPrivateHosts
+          allowPrivateHosts,
+          ...maxRedirects !== void 0 ? { maxRedirects } : {},
+          ...fetchImpl ? { fetchImpl } : {},
+          ...lookup ? { lookup } : {}
         });
         clearTimeout(timer);
         const contentLength = response.headers.get("content-length");
@@ -1831,6 +1857,9 @@ function createWebFetchTool(opts) {
         });
       } catch (err) {
         clearTimeout(timer);
+        if (err instanceof RedirectBlockedError) {
+          return JSON.stringify({ ok: false, error: "redirect_blocked", url, reason: err.message });
+        }
         if (err instanceof SsrfBlockedError) {
           return JSON.stringify({ ok: false, error: "ssrf_blocked", url, reason: err.message });
         }
@@ -1963,6 +1992,7 @@ async function isBinaryFile(absolutePath) {
 
 exports.CatastrophicCommandError = CatastrophicCommandError;
 exports.DEFAULT_TOOL_GUIDANCE = DEFAULT_TOOL_GUIDANCE;
+exports.RedirectBlockedError = RedirectBlockedError;
 exports.SsrfBlockedError = SsrfBlockedError;
 exports.buildEnvContext = buildEnvContext;
 exports.buildRepoMap = buildRepoMap;