@theokit/sdk 1.6.2 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (351) hide show
  1. package/CHANGELOG.md +187 -0
  2. package/dist/a2a/agent-mailbox.d.cts +27 -0
  3. package/dist/a2a/agent-mailbox.d.ts +27 -0
  4. package/dist/a2a/index.cjs +16850 -0
  5. package/dist/a2a/index.cjs.map +1 -0
  6. package/dist/a2a/index.d.cts +9 -0
  7. package/dist/a2a/index.d.ts +9 -0
  8. package/dist/a2a/index.js +16844 -0
  9. package/dist/a2a/index.js.map +1 -0
  10. package/dist/a2a/message-bus.d.cts +27 -0
  11. package/dist/a2a/message-bus.d.ts +27 -0
  12. package/dist/a2a/subagent.d.cts +25 -0
  13. package/dist/a2a/subagent.d.ts +25 -0
  14. package/dist/a2a/types.d.cts +12 -0
  15. package/dist/a2a/types.d.ts +12 -0
  16. package/dist/agent.d.ts +1 -1
  17. package/dist/client/index.cjs +73 -0
  18. package/dist/client/index.cjs.map +1 -0
  19. package/dist/client/index.d.cts +7 -0
  20. package/dist/client/index.d.ts +7 -0
  21. package/dist/client/index.js +71 -0
  22. package/dist/client/index.js.map +1 -0
  23. package/dist/client/theokit-client.d.cts +18 -0
  24. package/dist/client/theokit-client.d.ts +18 -0
  25. package/dist/client/types.d.cts +19 -0
  26. package/dist/client/types.d.ts +19 -0
  27. package/dist/{run-DkCD5DeO.d.cts → cron-BnywDYLq.d.cts} +496 -910
  28. package/dist/{run-DkCD5DeO.d.ts → cron-CtZvJD9J.d.ts} +496 -910
  29. package/dist/cron.cjs +4285 -2893
  30. package/dist/cron.cjs.map +1 -1
  31. package/dist/cron.d.cts +2 -3
  32. package/dist/cron.d.ts +2 -71
  33. package/dist/cron.js +4289 -2897
  34. package/dist/cron.js.map +1 -1
  35. package/dist/{errors-CvAeEWgE.d.ts → errors-ChqOmFH1.d.cts} +52 -6
  36. package/dist/{errors-CK8brCJ1.d.cts → errors-DV9e0rcp.d.ts} +52 -6
  37. package/dist/errors.cjs +218 -3
  38. package/dist/errors.cjs.map +1 -1
  39. package/dist/errors.d.cts +2 -3
  40. package/dist/errors.d.ts +50 -4
  41. package/dist/errors.js +217 -4
  42. package/dist/errors.js.map +1 -1
  43. package/dist/eval.cjs +4285 -2893
  44. package/dist/eval.cjs.map +1 -1
  45. package/dist/eval.d.cts +35 -0
  46. package/dist/eval.js +4289 -2897
  47. package/dist/eval.js.map +1 -1
  48. package/dist/event-bus.d.ts +23 -0
  49. package/dist/index.cjs +5132 -4200
  50. package/dist/index.cjs.map +1 -1
  51. package/dist/index.d.cts +298 -278
  52. package/dist/index.d.ts +1898 -24
  53. package/dist/index.js +6441 -5509
  54. package/dist/index.js.map +1 -1
  55. package/dist/internal/agent-loop/loop-context-init.d.ts +2 -0
  56. package/dist/internal/agent-loop/tool-dispatch.d.ts +22 -1
  57. package/dist/internal/auth/api-key-validator.d.ts +46 -0
  58. package/dist/internal/llm/anthropic-shared.d.ts +8 -1
  59. package/dist/internal/llm/retry.d.ts +22 -0
  60. package/dist/internal/llm/types.d.ts +47 -1
  61. package/dist/internal/memory/active-memory-cache.d.ts +3 -3
  62. package/dist/internal/memory/active-memory-types.d.ts +8 -0
  63. package/dist/internal/memory/active-memory.d.ts +24 -20
  64. package/dist/internal/memory/adapters/azure-openai-embedding.d.ts +2 -0
  65. package/dist/internal/memory/adapters/cohere-embedding.d.ts +2 -0
  66. package/dist/internal/memory/adapters/gemini-embedding.d.ts +2 -0
  67. package/dist/internal/memory/adapters/jina-embedding.d.ts +2 -0
  68. package/dist/internal/memory/index-manager-contract.d.ts +26 -0
  69. package/dist/internal/memory/index-manager-dispatch.d.ts +1 -1
  70. package/dist/internal/memory/index-manager.d.ts +8 -26
  71. package/dist/internal/memory/{chunk-markdown.d.ts → storage/chunk-markdown.d.ts} +1 -1
  72. package/dist/internal/memory/{markdown-store.d.ts → storage/markdown-store.d.ts} +1 -1
  73. package/dist/internal/memory/{reader.d.ts → storage/reader.d.ts} +1 -1
  74. package/dist/internal/observability/context.d.cts +23 -0
  75. package/dist/internal/observability/context.d.ts +23 -0
  76. package/dist/internal/observability/index.cjs +38 -0
  77. package/dist/internal/observability/index.cjs.map +1 -0
  78. package/dist/internal/observability/index.d.cts +8 -0
  79. package/dist/internal/observability/index.d.ts +8 -0
  80. package/dist/internal/observability/index.js +33 -0
  81. package/dist/internal/observability/index.js.map +1 -0
  82. package/dist/internal/observability/tracer-loader.d.cts +20 -0
  83. package/dist/internal/persistence/conversation-storage-fs.d.cts +37 -0
  84. package/dist/internal/persistence/conversation-storage-memory.d.cts +24 -0
  85. package/dist/internal/persistence/credential-pool-store.d.cts +32 -0
  86. package/dist/internal/persistence/credential-pool-store.d.ts +32 -0
  87. package/dist/internal/persistence/cwd-mutex.d.cts +1 -0
  88. package/dist/internal/persistence/exclusive-create.d.cts +22 -0
  89. package/dist/internal/persistence/exclusive-create.d.ts +22 -0
  90. package/dist/internal/persistence/file-lock.d.cts +14 -0
  91. package/dist/internal/persistence/fts5-sanitize.d.cts +16 -0
  92. package/dist/internal/persistence/index.cjs +359 -0
  93. package/dist/internal/persistence/index.cjs.map +1 -0
  94. package/dist/internal/persistence/index.d.cts +20 -0
  95. package/dist/internal/persistence/index.d.ts +20 -0
  96. package/dist/internal/persistence/index.js +341 -0
  97. package/dist/internal/persistence/index.js.map +1 -0
  98. package/dist/internal/persistence/markdown-config-loader.d.cts +35 -0
  99. package/dist/internal/persistence/paths.d.cts +19 -0
  100. package/dist/internal/persistence/persistence-schema.d.cts +21 -0
  101. package/dist/internal/persistence/persistence-schema.d.ts +4 -0
  102. package/dist/internal/persistence/schema-version.d.cts +13 -0
  103. package/dist/internal/persistence/sqlite-cas.d.cts +25 -0
  104. package/dist/internal/persistence/sqlite-cas.d.ts +25 -0
  105. package/dist/internal/persistence/sqlite-wal.d.cts +10 -0
  106. package/dist/internal/plugins/context.d.cts +31 -0
  107. package/dist/internal/plugins/index.cjs +228 -0
  108. package/dist/internal/plugins/index.cjs.map +1 -0
  109. package/dist/internal/plugins/index.d.cts +8 -0
  110. package/dist/internal/plugins/index.d.ts +8 -0
  111. package/dist/internal/plugins/index.js +222 -0
  112. package/dist/internal/plugins/index.js.map +1 -0
  113. package/dist/internal/plugins/lifecycle.d.cts +14 -0
  114. package/dist/internal/plugins/lifecycle.d.ts +14 -0
  115. package/dist/internal/plugins/manager.d.cts +37 -0
  116. package/dist/internal/plugins/types.d.cts +102 -0
  117. package/dist/internal/providers/catalog-loader.d.ts +39 -0
  118. package/dist/internal/runtime/agent-session-store.d.ts +1 -1
  119. package/dist/internal/runtime/agent-session.d.ts +1 -0
  120. package/dist/internal/runtime/budget-tracker.d.ts +73 -0
  121. package/dist/internal/runtime/{context-manager.d.ts → context/context-manager.d.ts} +1 -1
  122. package/dist/internal/runtime/{fixture-events.d.ts → fixtures/fixture-events.d.ts} +1 -1
  123. package/dist/internal/runtime/{fixture-run-base.d.ts → fixtures/fixture-run-base.d.ts} +4 -4
  124. package/dist/internal/runtime/{fixture-scripts.d.ts → fixtures/fixture-scripts.d.ts} +1 -1
  125. package/dist/internal/runtime/local-agent-bootstrap.d.ts +2 -2
  126. package/dist/internal/runtime/local-agent-memory-provider.d.ts +57 -0
  127. package/dist/internal/runtime/memory-path-selector.d.ts +73 -0
  128. package/dist/internal/runtime/memory-provider.d.ts +165 -0
  129. package/dist/internal/runtime/{agent-registry.d.ts → registry/agent-registry-contract.d.ts} +15 -9
  130. package/dist/internal/runtime/registry/agent-registry.d.ts +7 -0
  131. package/dist/internal/runtime/{live-agent-registry.d.ts → registry/live-agent-registry.d.ts} +1 -1
  132. package/dist/internal/runtime/{run-registry.d.ts → registry/run-registry.d.ts} +1 -1
  133. package/dist/internal/runtime/session-types.d.ts +35 -0
  134. package/dist/internal/runtime/system-prompt/sources/skills-provider.d.ts +1 -0
  135. package/dist/internal/runtime/validate-response.d.ts +18 -0
  136. package/dist/internal/security/index.cjs +361 -0
  137. package/dist/internal/security/index.cjs.map +1 -0
  138. package/dist/internal/security/index.d.cts +11 -0
  139. package/dist/internal/security/index.js +350 -0
  140. package/dist/internal/security/index.js.map +1 -0
  141. package/dist/internal/security/path-guard.d.cts +59 -0
  142. package/dist/internal/security/path-guard.d.ts +3 -0
  143. package/dist/internal/security/redact.d.cts +21 -0
  144. package/dist/internal/security/secret-redactor.d.cts +1 -0
  145. package/dist/internal/security/secret-redactor.d.ts +1 -0
  146. package/dist/internal/security/test-reset.d.cts +10 -0
  147. package/dist/internal/security/test-reset.d.ts +10 -0
  148. package/dist/internal/telemetry/adapters/arize.d.ts +2 -0
  149. package/dist/internal/telemetry/adapters/braintrust.d.ts +2 -0
  150. package/dist/internal/telemetry/adapters/datadog.d.ts +2 -0
  151. package/dist/internal/telemetry/adapters/langsmith.d.ts +2 -0
  152. package/dist/internal/telemetry/span-names.d.ts +6 -0
  153. package/dist/internal/telemetry/tracer.d.ts +1 -0
  154. package/dist/internal/workflow/evented-executor.d.ts +42 -0
  155. package/dist/internal/workflow/scheduler.d.ts +23 -0
  156. package/dist/internal/zod/to-json-schema.d.ts +5 -15
  157. package/dist/job-queue.d.ts +28 -0
  158. package/dist/path-safety.cjs +67 -6
  159. package/dist/path-safety.cjs.map +1 -1
  160. package/dist/path-safety.d.cts +15 -0
  161. package/dist/path-safety.d.ts +1 -1
  162. package/dist/path-safety.js +67 -7
  163. package/dist/path-safety.js.map +1 -1
  164. package/dist/permission-engine.d.ts +21 -0
  165. package/dist/provider-catalog.json +702 -0
  166. package/dist/rag/index.cjs +136 -0
  167. package/dist/rag/index.cjs.map +1 -0
  168. package/dist/rag/index.d.cts +11 -0
  169. package/dist/rag/index.d.ts +11 -0
  170. package/dist/rag/index.js +129 -0
  171. package/dist/rag/index.js.map +1 -0
  172. package/dist/rag/reranker.d.cts +26 -0
  173. package/dist/rag/reranker.d.ts +26 -0
  174. package/dist/rag/retriever.d.cts +25 -0
  175. package/dist/rag/retriever.d.ts +25 -0
  176. package/dist/rag/text-splitter.d.cts +12 -0
  177. package/dist/rag/text-splitter.d.ts +12 -0
  178. package/dist/rag/types.d.cts +37 -0
  179. package/dist/rag/types.d.ts +37 -0
  180. package/dist/run-DrwUpFxZ.d.cts +823 -0
  181. package/dist/run-DrwUpFxZ.d.ts +823 -0
  182. package/dist/sandbox/index.cjs +133 -0
  183. package/dist/sandbox/index.cjs.map +1 -0
  184. package/dist/sandbox/index.d.cts +2 -0
  185. package/dist/sandbox/index.d.ts +2 -0
  186. package/dist/sandbox/index.js +128 -0
  187. package/dist/sandbox/index.js.map +1 -0
  188. package/dist/sandbox/local-sandbox.d.cts +17 -0
  189. package/dist/sandbox/local-sandbox.d.ts +17 -0
  190. package/dist/sandbox/types.d.cts +44 -0
  191. package/dist/sandbox/types.d.ts +44 -0
  192. package/dist/server/adapter/express.d.cts +9 -0
  193. package/dist/server/adapter/express.d.ts +9 -0
  194. package/dist/server/adapter/fastify.d.cts +9 -0
  195. package/dist/server/adapter/fastify.d.ts +9 -0
  196. package/dist/server/adapter/hono.d.cts +9 -0
  197. package/dist/server/adapter/hono.d.ts +9 -0
  198. package/dist/server/adapter/index.d.cts +8 -0
  199. package/dist/server/adapter/index.d.ts +8 -0
  200. package/dist/server/adapter/shared-handler.d.cts +9 -0
  201. package/dist/server/adapter/shared-handler.d.ts +9 -0
  202. package/dist/server/adapter/types.d.cts +33 -0
  203. package/dist/server/adapter/types.d.ts +33 -0
  204. package/dist/server/auth/errors.d.cts +53 -0
  205. package/dist/server/auth/errors.d.ts +53 -0
  206. package/dist/server/auth/index.cjs +38 -41
  207. package/dist/server/auth/index.cjs.map +1 -1
  208. package/dist/server/auth/index.d.cts +11 -172
  209. package/dist/server/auth/index.d.ts +11 -172
  210. package/dist/server/auth/index.js +39 -42
  211. package/dist/server/auth/index.js.map +1 -1
  212. package/dist/server/auth/oauth-transaction-store.d.cts +39 -0
  213. package/dist/server/auth/oauth-transaction-store.d.ts +39 -0
  214. package/dist/server/auth/orchestrator.d.cts +8 -0
  215. package/dist/server/auth/orchestrator.d.ts +8 -0
  216. package/dist/server/auth/types.d.cts +91 -0
  217. package/dist/server/auth/types.d.ts +91 -0
  218. package/dist/server/auth/validate-return-to.d.cts +17 -0
  219. package/dist/server/auth/validate-return-to.d.ts +17 -0
  220. package/dist/server/errors-envelope.cjs +409 -0
  221. package/dist/server/errors-envelope.cjs.map +1 -0
  222. package/dist/server/errors-envelope.d.cts +61 -0
  223. package/dist/server/errors-envelope.d.ts +61 -0
  224. package/dist/server/errors-envelope.js +405 -0
  225. package/dist/server/errors-envelope.js.map +1 -0
  226. package/dist/subscription/define-subscription.d.cts +63 -0
  227. package/dist/subscription/define-subscription.d.ts +63 -0
  228. package/dist/subscription/index.cjs +402 -0
  229. package/dist/subscription/index.cjs.map +1 -0
  230. package/dist/subscription/index.d.cts +18 -0
  231. package/dist/subscription/index.d.ts +18 -0
  232. package/dist/subscription/index.js +394 -0
  233. package/dist/subscription/index.js.map +1 -0
  234. package/dist/subscription/internal/adapter-types.d.cts +11 -0
  235. package/dist/subscription/internal/adapter-types.d.ts +11 -0
  236. package/dist/subscription/internal/backpressure.d.cts +24 -0
  237. package/dist/subscription/internal/backpressure.d.ts +24 -0
  238. package/dist/subscription/internal/server-integration.d.cts +17 -0
  239. package/dist/subscription/internal/server-integration.d.ts +17 -0
  240. package/dist/subscription/internal/sse-encoder.d.cts +13 -0
  241. package/dist/subscription/internal/sse-encoder.d.ts +13 -0
  242. package/dist/subscription/internal/sse-parser.d.cts +15 -0
  243. package/dist/subscription/internal/sse-parser.d.ts +15 -0
  244. package/dist/subscription/internal/subscription-runtime.d.cts +9 -0
  245. package/dist/subscription/internal/subscription-runtime.d.ts +9 -0
  246. package/dist/subscription/internal/ws-adapter-node.d.cts +10 -0
  247. package/dist/subscription/internal/ws-adapter-node.d.ts +10 -0
  248. package/dist/subscription/theokit-subscribe.d.cts +41 -0
  249. package/dist/subscription/theokit-subscribe.d.ts +41 -0
  250. package/dist/subscription/types.d.cts +140 -0
  251. package/dist/subscription/types.d.ts +140 -0
  252. package/dist/task-store.cjs +30 -2
  253. package/dist/task-store.cjs.map +1 -1
  254. package/dist/task-store.d.cts +8 -0
  255. package/dist/task-store.js +31 -3
  256. package/dist/task-store.js.map +1 -1
  257. package/dist/types/agent-prims.d.ts +61 -0
  258. package/dist/types/agent.d.ts +48 -53
  259. package/dist/types/conversation.d.ts +20 -8
  260. package/dist/types/index.d.ts +0 -2
  261. package/dist/types/messages-base.d.ts +20 -0
  262. package/dist/types/messages.d.ts +1 -1
  263. package/dist/types/run.d.ts +1 -1
  264. package/dist/types/updates.d.ts +1 -1
  265. package/dist/voice/index.d.ts +7 -0
  266. package/dist/voice/openai-realtime.d.ts +21 -0
  267. package/dist/voice/types.d.ts +35 -0
  268. package/dist/workflow.cjs +179 -88
  269. package/dist/workflow.cjs.map +1 -1
  270. package/dist/workflow.d.cts +97 -0
  271. package/dist/workflow.js +180 -89
  272. package/dist/workflow.js.map +1 -1
  273. package/package.json +126 -25
  274. package/dist/budget.d.ts +0 -48
  275. package/dist/cache.d.ts +0 -74
  276. package/dist/cron-1yxL3K2S.d.cts +0 -221
  277. package/dist/cron-BYVdYzob.d.ts +0 -221
  278. package/dist/handoff.d.ts +0 -55
  279. package/dist/internal/budget/calendar-window.d.ts +0 -19
  280. package/dist/internal/budget/enforcement.d.ts +0 -32
  281. package/dist/internal/budget/ledger.d.ts +0 -25
  282. package/dist/internal/budget/normalize-usage.d.ts +0 -27
  283. package/dist/internal/budget/registry.d.ts +0 -16
  284. package/dist/internal/cache/cosine.d.ts +0 -14
  285. package/dist/internal/cache/embed-helper.d.ts +0 -15
  286. package/dist/internal/cache/key.d.ts +0 -15
  287. package/dist/internal/cache/lookup.d.ts +0 -28
  288. package/dist/internal/cache/store-handler.d.ts +0 -24
  289. package/dist/internal/cache/store-json.d.ts +0 -48
  290. package/dist/internal/cache/store.d.ts +0 -54
  291. package/dist/internal/cache/telemetry.d.ts +0 -20
  292. package/dist/internal/cache/ttl.d.ts +0 -11
  293. package/dist/internal/catalog/fixtures.d.ts +0 -16
  294. package/dist/internal/catalog/local-models.d.ts +0 -24
  295. package/dist/internal/handoff/dispatcher.d.ts +0 -29
  296. package/dist/internal/handoff/registry.d.ts +0 -23
  297. package/dist/internal/handoff/telemetry.d.ts +0 -18
  298. package/dist/internal/handoff/tool-injector.d.ts +0 -34
  299. package/dist/internal/memory/atomic-write.d.ts +0 -7
  300. package/dist/internal/memory/dreaming/diary.d.ts +0 -4
  301. package/dist/internal/memory/dreaming/phases.d.ts +0 -15
  302. package/dist/internal/memory/dreaming/run.d.ts +0 -10
  303. package/dist/internal/memory/migrate-sqlite-to-lance.d.ts +0 -15
  304. package/dist/memory-adapter-helpers.d.ts +0 -28
  305. package/dist/memory.d.ts +0 -123
  306. package/dist/migrate.d.ts +0 -33
  307. package/dist/security.d.ts +0 -67
  308. package/dist/task.d.ts +0 -87
  309. package/dist/theokit.d.ts +0 -84
  310. package/dist/tools/_path-scope.d.ts +0 -8
  311. package/dist/tools/_subprocess.d.ts +0 -28
  312. package/dist/tools/git-diff.d.ts +0 -22
  313. package/dist/tools/index.d.ts +0 -29
  314. package/dist/tools/list-dir.d.ts +0 -26
  315. package/dist/tools/read-file.d.ts +0 -31
  316. package/dist/tools/run-vitest.d.ts +0 -46
  317. package/dist/tools/search-text.d.ts +0 -32
  318. package/dist/tools.cjs +0 -690
  319. package/dist/tools.cjs.map +0 -1
  320. package/dist/tools.js +0 -683
  321. package/dist/tools.js.map +0 -1
  322. package/dist/trajectory-helpers.d.ts +0 -31
  323. package/dist/types/cache.d.ts +0 -76
  324. package/dist/types/handoff.d.ts +0 -135
  325. /package/dist/{internal/cron/run-job.d.ts → agent-helpers.d.ts} +0 -0
  326. /package/dist/internal/{cron/scheduler.d.ts → agent-loop/loop-llm-stream.d.ts} +0 -0
  327. /package/dist/internal/{cron/store.d.ts → agent-loop/tool-executors.d.ts} +0 -0
  328. /package/dist/internal/{cron/validate.d.ts → memory/index-manager-helpers.d.ts} +0 -0
  329. /package/dist/internal/memory/{session-loader.d.ts → storage/session-loader.d.ts} +0 -0
  330. /package/dist/internal/memory/{session-summary-writer.d.ts → storage/session-summary-writer.d.ts} +0 -0
  331. /package/dist/internal/memory/{transcript-store.d.ts → storage/transcript-store.d.ts} +0 -0
  332. /package/dist/internal/memory/{wiki-loader.d.ts → storage/wiki-loader.d.ts} +0 -0
  333. /package/dist/internal/{memory/cwd-mutex.d.ts → persistence/atomic-write.d.cts} +0 -0
  334. /package/dist/internal/runtime/{context-aggregator.d.ts → context/context-aggregator.d.ts} +0 -0
  335. /package/dist/internal/runtime/{context-discovery-runner.d.ts → context/context-discovery-runner.d.ts} +0 -0
  336. /package/dist/internal/runtime/{context-discovery.d.ts → context/context-discovery.d.ts} +0 -0
  337. /package/dist/internal/runtime/{context-frontmatter.d.ts → context/context-frontmatter.d.ts} +0 -0
  338. /package/dist/internal/runtime/{context-import-resolver.d.ts → context/context-import-resolver.d.ts} +0 -0
  339. /package/dist/internal/runtime/{context-loaders.d.ts → context/context-loaders.d.ts} +0 -0
  340. /package/dist/internal/runtime/{context-mdc-parser.d.ts → context/context-mdc-parser.d.ts} +0 -0
  341. /package/dist/internal/runtime/{fixture-responder.d.ts → fixtures/fixture-responder.d.ts} +0 -0
  342. /package/dist/internal/runtime/{fixture-types.d.ts → fixtures/fixture-types.d.ts} +0 -0
  343. /package/dist/internal/runtime/{plugins-manager.d.ts → local-agent-send.d.ts} +0 -0
  344. /package/dist/internal/runtime/{plugin-frontmatter.d.ts → plugins/plugin-frontmatter.d.ts} +0 -0
  345. /package/dist/internal/runtime/{system-prompt/providers/active-memory-provider.d.ts → plugins/plugins-manager.d.ts} +0 -0
  346. /package/dist/internal/runtime/{agent-factory-registry.d.ts → registry/agent-factory-registry.d.ts} +0 -0
  347. /package/dist/internal/runtime/{agent-registry-store.d.ts → registry/agent-registry-store.d.ts} +0 -0
  348. /package/dist/internal/runtime/system-prompt/{providers/base-provider.d.ts → sources/active-memory-provider.d.ts} +0 -0
  349. /package/dist/internal/runtime/system-prompt/{providers/context-provider.d.ts → sources/base-provider.d.ts} +0 -0
  350. /package/dist/internal/runtime/system-prompt/{providers/memory-provider.d.ts → sources/context-provider.d.ts} +0 -0
  351. /package/dist/internal/runtime/system-prompt/{providers/skills-provider.d.ts → sources/memory-provider.d.ts} +0 -0
package/dist/errors.d.ts CHANGED
@@ -6,7 +6,7 @@ import type { RunOperation } from "./types/run.js";
6
6
  *
7
7
  * @public
8
8
  */
9
- export type ErrorCode = "rate_limit" | "auth_failed" | "invalid_request" | "timeout" | "server_error" | "context_too_long" | "content_filtered" | "model_unavailable" | "network" | "unknown";
9
+ export type ErrorCode = "rate_limit" | "auth_failed" | "invalid_request" | "timeout" | "server_error" | "context_too_long" | "content_filtered" | "model_unavailable" | "network" | "quota_exceeded" | "unknown";
10
10
  /**
11
11
  * Codes used by {@link AgentRunError} (Production-Readiness #3, ADR D311).
12
12
  *
@@ -26,7 +26,28 @@ export type ErrorCode = "rate_limit" | "auth_failed" | "invalid_request" | "time
26
26
  *
27
27
  * @public
28
28
  */
29
- export type AgentRunErrorCode = ErrorCode | "quota_exceeded" | "tool_runtime_error" | "aborted" | "invalid_model" | "safety_blocked" | "provider_unreachable" | (string & {});
29
+ /**
30
+ * T1.1 — closed literal union for `AgentRunError.code`. The previous
31
+ * `(string & {})` escape hatch let arbitrary strings slip into the type
32
+ * surface and defeated exhaustive `switch (code)` discrimination. This is
33
+ * the canonical closed form. `AgentRunErrorCode` is re-aliased below for
34
+ * source-level back-compat.
35
+ *
36
+ * Adding a new code: append the literal here AND audit every `switch (err.code)`
37
+ * in callers. Type-checker enforces the audit via the `default: assertNever(code)`
38
+ * convention.
39
+ *
40
+ * @public
41
+ */
42
+ export type KnownAgentRunErrorCode = ErrorCode | "quota_exceeded" | "tool_runtime_error" | "aborted" | "invalid_model" | "safety_blocked" | "provider_unreachable";
43
+ /**
44
+ * Back-compat alias of {@link KnownAgentRunErrorCode}. Pre-T1.1 callers that
45
+ * imported `AgentRunErrorCode` keep working; new code SHOULD prefer
46
+ * `KnownAgentRunErrorCode` to make the closed-union intent explicit.
47
+ *
48
+ * @public
49
+ */
50
+ export type AgentRunErrorCode = KnownAgentRunErrorCode;
30
51
  /**
31
52
  * Structured context for errors that originated from a provider HTTP
32
53
  * call (ADR D65). Lets callers retry with the right backoff (`retryAfter`),
@@ -210,10 +231,22 @@ export declare class AgentRunError extends TheokitAgentError {
210
231
  */
211
232
  get retryAfterMs(): number | undefined;
212
233
  /**
213
- * D313: alias for `metadata.raw`. Provider response body for debugging.
214
- * Available but NEVER serialized into `.message` (anti-leak invariant).
234
+ * D313 + T1.5: alias for `metadata.raw`. Provider response body for
235
+ * debugging. T1.5 wraps the value in `redactSecrets` at the getter
236
+ * boundary so secret-shaped substrings (`sk-...`, Bearer JWTs, etc.) are
237
+ * stripped before reaching the caller. Available but NEVER serialized
238
+ * into `.message` (anti-leak invariant).
215
239
  */
216
240
  get providerError(): unknown;
241
+ /**
242
+ * T1.5 — sanitized JSON form. `metadata.raw` is OMITTED by default; opt
243
+ * in via `THEOKIT_DEBUG_RAW_ERRORS=1` to surface the (redacted) raw
244
+ * payload for diagnostics. Every other field stays accessible.
245
+ *
246
+ * The single env-var gate is read each call so operators can toggle at
247
+ * runtime without restarting the process.
248
+ */
249
+ toJSON(): Record<string, unknown>;
217
250
  }
218
251
  /**
219
252
  * Thrown when a {@link Run} or agent operation is not available on the current
@@ -347,6 +380,19 @@ export declare class BudgetExceededError extends TheokitAgentError {
347
380
  *
348
381
  * @public
349
382
  */
383
+ /**
384
+ * T1.6 — Thrown when a consumer calls `agent.send()` or any method
385
+ * on an agent that has already been `dispose()`d. Pre-T1.6 this was
386
+ * a generic `new Error("Agent has been disposed")` — consumers
387
+ * couldn't catch it without string-matching the message.
388
+ *
389
+ * @public
390
+ */
391
+ export declare class AgentDisposedError extends TheokitAgentError {
392
+ readonly name: string;
393
+ readonly agentId: string;
394
+ constructor(agentId: string);
395
+ }
350
396
  export declare class UnsupportedBudgetOperationError extends TheokitAgentError {
351
397
  readonly name: string;
352
398
  readonly operation: string;
package/dist/errors.js CHANGED
@@ -1,4 +1,153 @@
1
+ // src/internal/security/redact.ts
2
+ var REDACT_ENABLED = readEnvOnce();
3
+ function readEnvOnce() {
4
+ const raw = process.env.THEOKIT_REDACT_SECRETS;
5
+ if (raw === void 0) return true;
6
+ return ["1", "true", "yes", "on"].includes(raw.toLowerCase());
7
+ }
8
+ var warnedOptOut = false;
9
+ if (!REDACT_ENABLED && !warnedOptOut) {
10
+ process.stderr.write(
11
+ "[theokit-sdk] Secret redaction is DISABLED via THEOKIT_REDACT_SECRETS. Credentials may leak into errors, telemetry, logs, transcripts.\n"
12
+ );
13
+ warnedOptOut = true;
14
+ }
15
+ var BUILTIN_PATTERNS = [
16
+ // T5.4: 30+ vendor prefixes (was 12 pre-T5.4). Order matters — more
17
+ // specific prefixes precede generic ones (e.g., sk-ant-admin01 before
18
+ // sk-ant-, sk-proj- before sk-). PEM block deliberately first so its
19
+ // multi-line span runs before any per-line patterns can fire.
20
+ /-----BEGIN[ ]+(?:RSA |EC |DSA |OPENSSH |ENCRYPTED |)PRIVATE KEY-----[\s\S]+?-----END[ ]+(?:RSA |EC |DSA |OPENSSH |ENCRYPTED |)PRIVATE KEY-----/g,
21
+ // JWT — exact 3-segment base64url. Dotted; the body floor of 4 chars per
22
+ // segment matches the minimum legal payload while skipping `a.b.c` noise.
23
+ /eyJ[A-Za-z0-9_-]{4,}\.eyJ[A-Za-z0-9_-]{4,}\.[A-Za-z0-9_-]{4,}/g,
24
+ // Azure Storage SAS — match the sig= component (URL-encoded base64).
25
+ /(?<=[?&]sig=)[A-Za-z0-9%+/]{20,}/g,
26
+ // Anthropic
27
+ /sk-ant-admin01-[A-Za-z0-9_-]{10,}/g,
28
+ // Anthropic admin keys (must precede sk-ant-)
29
+ /sk-ant-[A-Za-z0-9_-]{10,}/g,
30
+ // Anthropic regular
31
+ // OpenAI family + clones (sk- generic must come AFTER all sk-foo- variants)
32
+ /sk-proj-[A-Za-z0-9_-]{10,}/g,
33
+ // OpenAI project key (must precede sk- generic)
34
+ /sk-[A-Za-z0-9_-]{10,}/g,
35
+ // OpenAI / OpenRouter / DeepInfra / Together / DeepSeek
36
+ // Provider prefixes (alphabetized for maintainability)
37
+ /AIza[A-Za-z0-9_-]{35}/g,
38
+ // Google API key
39
+ /AKIA[A-Z0-9]{16}/g,
40
+ // AWS access key
41
+ /fw_[A-Za-z0-9]{20,}/g,
42
+ // Fireworks
43
+ /glpat-[A-Za-z0-9_-]{20}/g,
44
+ // GitLab PAT
45
+ /ghp_[A-Za-z0-9]{36}/g,
46
+ // GitHub PAT classic
47
+ /github_pat_[A-Za-z0-9_]{82}/g,
48
+ // GitHub PAT fine-grained
49
+ /gsk_[A-Za-z0-9]{20,}/g,
50
+ // Groq
51
+ /hf_[A-Za-z0-9]{20,}/g,
52
+ // HuggingFace
53
+ /\bpa-[A-Za-z0-9_-]{20,}/g,
54
+ // Voyage AI (word-boundary to skip CSS / kebab IDs)
55
+ /pcsk_[A-Za-z0-9_-]{20,}/g,
56
+ // Pinecone
57
+ /pplx-[A-Za-z0-9_-]{20,}/g,
58
+ // Perplexity
59
+ /r8_[A-Za-z0-9_-]{20,}/g,
60
+ // Replicate
61
+ /rk_live_[A-Za-z0-9]{20,}/g,
62
+ // Stripe restricted
63
+ /sk_live_[A-Za-z0-9]{20,}/g,
64
+ // Stripe secret
65
+ /sntrys_[A-Za-z0-9]{40,}/g,
66
+ // Sentry user auth
67
+ /xai-[A-Za-z0-9_-]{20,}/g,
68
+ // xAI (Grok)
69
+ /xox[bpasr]-[A-Za-z0-9-]{10,}/g,
70
+ //Slack tokens
71
+ // Additional unique-prefix tokens with low false-positive risk
72
+ /npm_[A-Za-z0-9]{36}/g,
73
+ // npm access token
74
+ /SG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}/g,
75
+ // SendGrid
76
+ /\bSK[A-Za-z0-9]{32}\b/g,
77
+ // Twilio API SID (word-boundary to skip CSS class noise)
78
+ /\bkey-[a-f0-9]{32}\b/g,
79
+ // Mailgun (hex-only narrows false positives)
80
+ /MT[A-Za-z0-9_-]{23}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27}/g,
81
+ // Discord bot
82
+ /\b(?:sdk|mob)-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}\b/g
83
+ // LaunchDarkly
84
+ ];
85
+ var BEARER_PATTERN = /\b(Bearer\s+)([A-Za-z0-9_\-.+/=]{8,})/g;
86
+ var PARAM_PATTERN = /(\b(?:access_token|api_key|api-key|client_secret|credential|credentials|id_token|jwt|password|private_key|refresh_token|secret|service_account|session_token|token|x-api-key)\b["']?\s*[:=]\s*["']?)([A-Za-z0-9_\-.+/]+)/gi;
87
+ var _extraPatterns = [];
88
+ function maskToken(token) {
89
+ if (token.length < 18) return "***";
90
+ return `${token.slice(0, 6)}...${token.slice(-4)}`;
91
+ }
92
+ function coerceToString(value) {
93
+ if (typeof value === "string") return value;
94
+ if (value === null || value === void 0) return null;
95
+ if (typeof value === "object") {
96
+ try {
97
+ const s = JSON.stringify(value);
98
+ return s === void 0 ? null : s;
99
+ } catch {
100
+ return "[unredactable: circular]";
101
+ }
102
+ }
103
+ return String(value);
104
+ }
105
+ function redactSecrets(text, opts) {
106
+ const coerced = coerceToString(text);
107
+ if (coerced === null) return "";
108
+ if (!REDACT_ENABLED) return coerced;
109
+ let s = coerced;
110
+ for (const re of BUILTIN_PATTERNS) {
111
+ s = s.replace(re, (m) => maskToken(m));
112
+ }
113
+ for (const re of _extraPatterns) {
114
+ s = s.replace(re, (m) => maskToken(m));
115
+ }
116
+ {
117
+ s = s.replace(BEARER_PATTERN, (_, prefix) => `${prefix}***`);
118
+ s = s.replace(PARAM_PATTERN, (whole, prefix, value) => {
119
+ if (value.includes("...")) return whole;
120
+ return `${prefix}***`;
121
+ });
122
+ }
123
+ return s;
124
+ }
125
+
1
126
  // src/errors.ts
127
+ var KNOWN_AGENT_RUN_ERROR_CODES = /* @__PURE__ */ new Set([
128
+ "rate_limit",
129
+ "auth_failed",
130
+ "invalid_request",
131
+ "timeout",
132
+ "server_error",
133
+ "context_too_long",
134
+ "content_filtered",
135
+ "model_unavailable",
136
+ "network",
137
+ "unknown",
138
+ "quota_exceeded",
139
+ "tool_runtime_error",
140
+ "aborted",
141
+ "invalid_model",
142
+ "safety_blocked",
143
+ "provider_unreachable"
144
+ ]);
145
+ function coerceToKnownAgentRunErrorCode(code) {
146
+ if (code !== void 0 && KNOWN_AGENT_RUN_ERROR_CODES.has(code)) {
147
+ return code;
148
+ }
149
+ return "unknown";
150
+ }
2
151
  var TheokitAgentError = class extends Error {
3
152
  name = "TheokitAgentError";
4
153
  isRetryable;
@@ -97,13 +246,66 @@ var AgentRunError = class extends TheokitAgentError {
97
246
  return this.metadata.retryAfter * 1e3;
98
247
  }
99
248
  /**
100
- * D313: alias for `metadata.raw`. Provider response body for debugging.
101
- * Available but NEVER serialized into `.message` (anti-leak invariant).
249
+ * D313 + T1.5: alias for `metadata.raw`. Provider response body for
250
+ * debugging. T1.5 wraps the value in `redactSecrets` at the getter
251
+ * boundary so secret-shaped substrings (`sk-...`, Bearer JWTs, etc.) are
252
+ * stripped before reaching the caller. Available but NEVER serialized
253
+ * into `.message` (anti-leak invariant).
102
254
  */
103
255
  get providerError() {
104
- return this.metadata?.raw;
256
+ const raw = this.metadata?.raw;
257
+ if (raw === void 0) return void 0;
258
+ if (typeof raw === "string") return redactSecrets(raw);
259
+ try {
260
+ return redactSecrets(JSON.stringify(raw));
261
+ } catch {
262
+ return redactSecrets(String(raw));
263
+ }
264
+ }
265
+ /**
266
+ * T1.5 — sanitized JSON form. `metadata.raw` is OMITTED by default; opt
267
+ * in via `THEOKIT_DEBUG_RAW_ERRORS=1` to surface the (redacted) raw
268
+ * payload for diagnostics. Every other field stays accessible.
269
+ *
270
+ * The single env-var gate is read each call so operators can toggle at
271
+ * runtime without restarting the process.
272
+ */
273
+ toJSON() {
274
+ const json = {
275
+ name: this.name,
276
+ message: this.message,
277
+ isRetryable: this.isRetryable
278
+ };
279
+ addOptionalFields(json, this);
280
+ const safeMeta = sanitizeMetadata(this.metadata);
281
+ if (safeMeta !== void 0) json.metadata = safeMeta;
282
+ return json;
105
283
  }
106
284
  };
285
+ function addOptionalFields(json, err) {
286
+ if (err.code !== void 0) json.code = err.code;
287
+ if (err.provider !== void 0) json.provider = err.provider;
288
+ if (err.requestId !== void 0) json.requestId = err.requestId;
289
+ if (err.conversationId !== void 0) json.conversationId = err.conversationId;
290
+ if (err.raw !== void 0) json.raw = redactSecrets(err.raw);
291
+ }
292
+ function sanitizeMetadata(meta) {
293
+ if (meta === void 0) return void 0;
294
+ const { raw, ...rest } = meta;
295
+ const debugRaw = process.env.THEOKIT_DEBUG_RAW_ERRORS === "1";
296
+ if (debugRaw && raw !== void 0) {
297
+ const redactedRaw = typeof raw === "string" ? redactSecrets(raw) : redactSecrets(safeStringify(raw));
298
+ return { ...rest, raw: redactedRaw };
299
+ }
300
+ return rest;
301
+ }
302
+ function safeStringify(value) {
303
+ try {
304
+ return JSON.stringify(value);
305
+ } catch {
306
+ return String(value);
307
+ }
308
+ }
107
309
  function defaultRetriableForCode(code) {
108
310
  switch (code) {
109
311
  case "rate_limit":
@@ -217,6 +419,17 @@ var BudgetExceededError = class extends TheokitAgentError {
217
419
  this.mode = args.mode;
218
420
  }
219
421
  };
422
+ var AgentDisposedError = class extends TheokitAgentError {
423
+ name = "AgentDisposedError";
424
+ agentId;
425
+ constructor(agentId) {
426
+ super(`Agent "${agentId}" has been disposed. Create a new agent or use Agent.resume().`, {
427
+ isRetryable: false,
428
+ code: "agent_disposed"
429
+ });
430
+ this.agentId = agentId;
431
+ }
432
+ };
220
433
  var UnsupportedBudgetOperationError = class extends TheokitAgentError {
221
434
  name = "UnsupportedBudgetOperationError";
222
435
  operation;
@@ -233,6 +446,6 @@ var UnsupportedBudgetOperationError = class extends TheokitAgentError {
233
446
  }
234
447
  };
235
448
 
236
- export { AgentRunError, AuthenticationError, BudgetExceededError, ConfigurationError, CredentialPoolExhaustedError, IntegrationNotConnectedError, InvalidTaskIdError, MemoryAdapterError, NetworkError, RateLimitError, TaskNotFoundError, TheokitAgentError, UnknownAgentError, UnsupportedBudgetOperationError, UnsupportedRunOperationError, UnsupportedTaskOperationError };
449
+ export { AgentDisposedError, AgentRunError, AuthenticationError, BudgetExceededError, ConfigurationError, CredentialPoolExhaustedError, IntegrationNotConnectedError, InvalidTaskIdError, MemoryAdapterError, NetworkError, RateLimitError, TaskNotFoundError, TheokitAgentError, UnknownAgentError, UnsupportedBudgetOperationError, UnsupportedRunOperationError, UnsupportedTaskOperationError, coerceToKnownAgentRunErrorCode };
237
450
  //# sourceMappingURL=errors.js.map
238
451
  //# sourceMappingURL=errors.js.map
package/dist/errors.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/errors.ts"],"names":[],"mappings":";AAmFO,IAAM,iBAAA,GAAN,cAAgC,KAAA,CAAM;AAAA,EACzB,IAAA,GAAe,mBAAA;AAAA,EACxB,WAAA;AAAA,EACA,IAAA;AAAA,EACA,cAAA;AAAA,EACA,QAAA;AAAA,EAET,WAAA,CACE,OAAA,EACA,OAAA,GAMI,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,QAAQ,KAAA,KAAU,MAAA,GAAY,EAAE,KAAA,EAAO,OAAA,CAAQ,KAAA,EAAM,GAAI,MAAS,CAAA;AACjF,IAAA,IAAA,CAAK,WAAA,GAAc,QAAQ,WAAA,IAAe,KAAA;AAC1C,IAAA,IAAI,OAAA,CAAQ,IAAA,KAAS,MAAA,EAAW,IAAA,CAAK,OAAO,OAAA,CAAQ,IAAA;AACpD,IAAA,IAAI,OAAA,CAAQ,cAAA,KAAmB,MAAA,EAAW,IAAA,CAAK,iBAAiB,OAAA,CAAQ,cAAA;AACxE,IAAA,IAAI,OAAA,CAAQ,QAAA,KAAa,MAAA,EAAW,IAAA,CAAK,WAAW,OAAA,CAAQ,QAAA;AAAA,EAC9D;AACF;AAOO,IAAM,mBAAA,GAAN,cAAkC,iBAAA,CAAkB;AAAA,EACvC,IAAA,GAAe,qBAAA;AAAA,EAEjC,WAAA,CACE,OAAA,EACA,OAAA,GAAwE,EAAC,EACzE;AACA,IAAA,KAAA,CAAM,SAAS,EAAE,GAAG,OAAA,EAAS,WAAA,EAAa,OAAO,CAAA;AAAA,EACnD;AACF;AAOO,IAAM,cAAA,GAAN,cAA6B,iBAAA,CAAkB;AAAA,EAClC,IAAA,GAAe,gBAAA;AAAA,EAEjC,WAAA,CACE,OAAA,EACA,OAAA,GAAwE,EAAC,EACzE;AACA,IAAA,KAAA,CAAM,SAAS,EAAE,GAAG,OAAA,EAAS,WAAA,EAAa,MAAM,CAAA;AAAA,EAClD;AACF;AAOO,IAAM,kBAAA,GAAN,cAAiC,iBAAA,CAAkB;AAAA,EACtC,IAAA,GAAe,oBAAA;AAAA,EAEjC,WAAA,CACE,OAAA,EACA,OAAA,GAAwE,EAAC,EACzE;AACA,IAAA,KAAA,CAAM,SAAS,EAAE,GAAG,OAAA,EAAS,WAAA,EAAa,OAAO,CAAA;AAAA,EACnD;AACF;AAQO,IAAM,4BAAA,GAAN,cAA2C,kBAAA,CAAmB;AAAA,EACjD,IAAA,GAAe,8BAAA;AAAA,EACxB,QAAA;AAAA,EACA,OAAA;AAAA,EAET,WAAA,CACE,SACA,OAAA,EAOA;AACA,IAAA,KAAA,CAAM,SAAS,OAAO,CAAA;AACtB,IAAA,IAAA,CAAK,WAAW,OAAA,CAAQ,QAAA;AACxB,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,OAAA;AAAA,EACzB;AACF;AAOO,IAAM,YAAA,GAAN,cAA2B,iBAAA,CAAkB;AAAA,EAChC,IAAA,GAAe,cAAA;AAAA,EAEjC,WAAA,CACE,OAAA,EACA,OAAA,GAAwE,EAAC,EACzE;AACA,IAAA,KAAA,CAAM,SAAS,EAAE,GAAG,OAAA,EAAS,WAAA,EAAa,MAAM,CAAA;AAAA,EAClD;AACF;AAOO,IAAM,iBAAA,GAAN,cAAgC,iBAAA,CAAkB;AAAA,EACrC,IAAA,GAAe,mBAAA;AAAA,EAEjC,WAAA,CACE,OAAA,EACA,OAAA,GAAwE,EAAC,EACzE;AACA,IAAA,KAAA,CAAM,SAAS,EAAE,GAAG,OAAA,EAAS,WAAA,EAAa,OAAO,CAAA;AAAA,EACnD;AACF;AAsBO,IAAM,aAAA,GAAN,cAA4B,iBAAA,CAAkB;AAAA,EACjC,IAAA,GAAe,eAAA;AAAA,EACxB,QAAA;AAAA,EACA,GAAA;AAAA;AAAA,EAEA,SAAA;AAAA;AAAA,EAEA,cAAA;AAAA,EAET,WAAA,CACE,SACA,OAAA,EAUA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,MAAM,OAAA,CAAQ,IAAA;AAAA,MACd,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,UAAU,OAAA,CAAQ,QAAA;AAAA;AAAA;AAAA;AAAA,MAIlB,WAAA,EAAa,OAAA,CAAQ,SAAA,IAAa,uBAAA,CAAwB,QAAQ,IAAI;AAAA,KACvE,CAAA;AACD,IAAA,IAAI,OAAA,CAAQ,QAAA,KAAa,MAAA,EAAW,IAAA,CAAK,WAAW,OAAA,CAAQ,QAAA;AAC5D,IAAA,IAAI,OAAA,CAAQ,GAAA,KAAQ,MAAA,EAAW,IAAA,CAAK,MAAM,OAAA,CAAQ,GAAA;AAClD,IAAA,IAAI,OAAA,CAAQ,SAAA,KAAc,MAAA,EAAW,IAAA,CAAK,YAAY,OAAA,CAAQ,SAAA;AAC9D,IAAA,IAAI,OAAA,CAAQ,cAAA,KAAmB,MAAA,EAAW,IAAA,CAAK,iBAAiB,OAAA,CAAQ,cAAA;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,SAAA,GAAqB;AACvB,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,IAAI,YAAA,GAAmC;AACrC,IAAA,IAAI,IAAA,CAAK,QAAA,EAAU,UAAA,KAAe,MAAA,EAAW,OAAO,MAAA;AACpD,IAAA,OAAO,IAAA,CAAK,SAAS,UAAA,GAAa,GAAA;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,aAAA,GAAyB;AAC3B,IAAA,OAAO,KAAK,QAAA,EAAU,GAAA;AAAA,EACxB;AACF;AASA,SAAS,wBAAwB,IAAA,EAAkC;AACjE,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,YAAA;AAAA,IACL,KAAK,SAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,SAAA;AAAA,IACL,KAAK,sBAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT;AACE,MAAA,OAAO,KAAA;AAAA;AAEb;AAYO,IAAM,4BAAA,GAAN,cAA2C,iBAAA,CAAkB;AAAA,EAChD,IAAA,GAAe,8BAAA;AAAA,EACxB,SAAA;AAAA,EAET,WAAA,CACE,OAAA,EACA,SAAA,EACA,OAAA,GAA8C,EAAC,EAC/C;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,GAAG,OAAA;AAAA,MACH,WAAA,EAAa,KAAA;AAAA,MACb,IAAA,EAAM,QAAQ,IAAA,IAAQ;AAAA,KACvB,CAAA;AACD,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AACF;AAaO,IAAM,4BAAA,GAAN,cAA2C,iBAAA,CAAkB;AAAA,EAChD,IAAA,GAAe,8BAAA;AAAA,EACxB,QAAA;AAAA,EACA,WAAA;AAAA,EAET,WAAA,CACE,SACA,OAAA,EAOA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,GAAG,OAAA;AAAA,MACH,WAAA,EAAa,IAAA;AAAA,MACb,IAAA,EAAM,QAAQ,IAAA,IAAQ;AAAA,KACvB,CAAA;AACD,IAAA,IAAA,CAAK,WAAW,OAAA,CAAQ,QAAA;AACxB,IAAA,IAAA,CAAK,cAAc,OAAA,CAAQ,WAAA;AAAA,EAC7B;AACF;AAqBO,IAAM,kBAAA,GAAN,cAAiC,iBAAA,CAAkB;AAAA,EACtC,IAAA,GAAe,oBAAA;AAAA,EACxB,SAAA;AAAA,EAET,WAAA,CACE,SACA,OAAA,EAMA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,WAAA,EAAa,OAAA,CAAQ,IAAA,KAAS,cAAA,IAAkB,QAAQ,IAAA,KAAS,SAAA;AAAA,MACjE,MAAM,OAAA,CAAQ,IAAA;AAAA,MACd,GAAI,QAAQ,KAAA,KAAU,MAAA,GAAY,EAAE,KAAA,EAAO,OAAA,CAAQ,KAAA,EAAM,GAAI,EAAC;AAAA,MAC9D,GAAI,QAAQ,QAAA,KAAa,MAAA,GAAY,EAAE,QAAA,EAAU,OAAA,CAAQ,QAAA,EAAS,GAAI;AAAC,KACxE,CAAA;AACD,IAAA,IAAA,CAAK,YAAY,OAAA,CAAQ,SAAA;AAAA,EAC3B;AACF;AASO,IAAM,kBAAA,GAAN,cAAiC,iBAAA,CAAkB;AAAA,EACtC,IAAA,GAAe,oBAAA;AAAA,EACxB,MAAA;AAAA,EAET,WAAA,CAAY,OAAA,EAAiB,MAAA,EAAgB,OAAA,GAA+B,EAAC,EAAG;AAC9E,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,GAAG,OAAA;AAAA,MACH,WAAA,EAAa,KAAA;AAAA,MACb,IAAA,EAAM;AAAA,KACP,CAAA;AACD,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF;AAQO,IAAM,iBAAA,GAAN,cAAgC,iBAAA,CAAkB;AAAA,EACrC,IAAA,GAAe,mBAAA;AAAA,EACxB,MAAA;AAAA,EAET,WAAA,CAAY,MAAA,EAAgB,OAAA,GAA+B,EAAC,EAAG;AAC7D,IAAA,KAAA,CAAM,CAAA,gBAAA,EAAmB,MAAM,CAAA,CAAA,EAAI;AAAA,MACjC,GAAG,OAAA;AAAA,MACH,WAAA,EAAa,KAAA;AAAA,MACb,IAAA,EAAM;AAAA,KACP,CAAA;AACD,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF;AAQO,IAAM,6BAAA,GAAN,cAA4C,iBAAA,CAAkB;AAAA,EACjD,IAAA,GAAe,+BAAA;AAAA,EACxB,SAAA;AAAA,EAET,WAAA,CAAY,SAAA,EAAmB,OAAA,GAA+B,EAAC,EAAG;AAChE,IAAA,KAAA;AAAA,MACE,mBAAmB,SAAS,CAAA,4DAAA,CAAA;AAAA,MAC5B;AAAA,QACE,GAAG,OAAA;AAAA,QACH,WAAA,EAAa,KAAA;AAAA,QACb,IAAA,EAAM;AAAA;AACR,KACF;AACA,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AACF;AASO,IAAM,mBAAA,GAAN,cAAkC,iBAAA,CAAkB;AAAA,EACvC,IAAA,GAAe,qBAAA;AAAA,EACxB,UAAA;AAAA,EACA,MAAA;AAAA,EACA,QAAA;AAAA,EACA,QAAA;AAAA,EACA,IAAA;AAAA,EAET,YAAY,IAAA,EAOT;AACD,IAAA,KAAA;AAAA,MACE,WAAW,IAAA,CAAK,UAAU,CAAA,sBAAA,EAAyB,IAAA,CAAK,MAAM,CAAA,SAAA,EAAY,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,CAAC,CAAC,CAAA,UAAA,EAAa,KAAK,QAAA,CAAS,OAAA,CAAQ,CAAC,CAAC,CAAA,CAAA;AAAA,MACvI;AAAA,QACE,GAAI,KAAK,KAAA,KAAU,MAAA,GAAY,EAAE,KAAA,EAAO,IAAA,CAAK,KAAA,EAAM,GAAI,EAAC;AAAA,QACxD,WAAA,EAAa,KAAA;AAAA,QACb,IAAA,EAAM;AAAA;AACR,KACF;AACA,IAAA,IAAA,CAAK,aAAa,IAAA,CAAK,UAAA;AACvB,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACnB,IAAA,IAAA,CAAK,WAAW,IAAA,CAAK,QAAA;AACrB,IAAA,IAAA,CAAK,WAAW,IAAA,CAAK,QAAA;AACrB,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AAAA,EACnB;AACF;AAQO,IAAM,+BAAA,GAAN,cAA8C,iBAAA,CAAkB;AAAA,EACnD,IAAA,GAAe,iCAAA;AAAA,EACxB,SAAA;AAAA,EAET,WAAA,CAAY,SAAA,EAAmB,OAAA,GAA+B,EAAC,EAAG;AAChE,IAAA,KAAA;AAAA,MACE,qBAAqB,SAAS,CAAA,4DAAA,CAAA;AAAA,MAC9B;AAAA,QACE,GAAG,OAAA;AAAA,QACH,WAAA,EAAa,KAAA;AAAA,QACb,IAAA,EAAM;AAAA;AACR,KACF;AACA,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AACF","file":"errors.js","sourcesContent":["import type { RunOperation } from \"./types/run.js\";\n\n/**\n * Finite, machine-readable error codes for provider-originated errors\n * (ADR D66). Consumers can `switch (err.metadata?.code)` exhaustively\n * — adding a new variant is an explicit decision + test coverage.\n *\n * @public\n */\nexport type ErrorCode =\n | \"rate_limit\"\n | \"auth_failed\"\n | \"invalid_request\"\n | \"timeout\"\n | \"server_error\"\n | \"context_too_long\"\n | \"content_filtered\"\n | \"model_unavailable\"\n | \"network\"\n | \"unknown\";\n\n/**\n * Codes used by {@link AgentRunError} (Production-Readiness #3, ADR D311).\n *\n * Superset of {@link ErrorCode} extended with codes that do NOT originate\n * from a provider HTTP response:\n *\n * - `quota_exceeded` — billing limit hit (provider 402 or signalled error)\n * - `tool_runtime_error` — custom tool handler threw inside dispatch\n * - `aborted` — caller's `AbortSignal` fired (Phase 4)\n * - `invalid_model` — model id rejected by provider (400 \"model not found\")\n * - `safety_blocked` — provider safety filter blocked req or resp\n * - `provider_unreachable` — DNS/TCP/timeout/5xx at transport boundary\n *\n * The `& {}` tail keeps the literal-union ergonomics (autocomplete) while\n * accepting any string for forward compatibility with constructor calls\n * that pass arbitrary code values (legacy callers).\n *\n * @public\n */\nexport type AgentRunErrorCode =\n | ErrorCode\n | \"quota_exceeded\"\n | \"tool_runtime_error\"\n | \"aborted\"\n | \"invalid_model\"\n | \"safety_blocked\"\n | \"provider_unreachable\"\n | (string & {});\n\n/**\n * Structured context for errors that originated from a provider HTTP\n * call (ADR D65). Lets callers retry with the right backoff (`retryAfter`),\n * surface actionable diagnostics (`provider`, `endpoint`), and inspect the\n * raw response body when needed (`raw`, capped at ~2KB by the mapper).\n *\n * @public\n */\nexport interface ErrorMetadata {\n /** Provider canonical name (e.g., `\"anthropic\"`, `\"openai\"`, `\"openrouter\"`, `\"gemini\"`). */\n provider: string;\n /** HTTP endpoint that failed (e.g., `\"/v1/messages\"`, `\"/v1/chat/completions\"`). */\n endpoint: string;\n /** Machine-readable error code (finite enum). */\n code: ErrorCode;\n /** HTTP status code if applicable. */\n statusCode?: number;\n /** Seconds to wait before retry, per provider's `retry-after` header (numeric form only). */\n retryAfter?: number;\n /** Raw response body for debugging (truncated to ~2KB by the mapper). */\n raw?: unknown;\n}\n\n/**\n * Base class for all errors thrown by `@theokit/sdk`.\n *\n * Use `isRetryable` to drive retry/backoff logic. `code` and `protoErrorCode`\n * are populated for server-originated errors when available. `metadata`\n * (ADR D65) carries structured `{ provider, endpoint, code, ... }` when\n * the error originated from a provider HTTP call.\n *\n * @public\n */\nexport class TheokitAgentError extends Error {\n override readonly name: string = \"TheokitAgentError\";\n readonly isRetryable: boolean;\n readonly code?: string;\n readonly protoErrorCode?: string;\n readonly metadata?: ErrorMetadata;\n\n constructor(\n message: string,\n options: {\n isRetryable?: boolean;\n code?: string;\n protoErrorCode?: string;\n cause?: unknown;\n metadata?: ErrorMetadata;\n } = {},\n ) {\n super(message, options.cause !== undefined ? { cause: options.cause } : undefined);\n this.isRetryable = options.isRetryable ?? false;\n if (options.code !== undefined) this.code = options.code;\n if (options.protoErrorCode !== undefined) this.protoErrorCode = options.protoErrorCode;\n if (options.metadata !== undefined) this.metadata = options.metadata;\n }\n}\n\n/**\n * Invalid API key, not logged in, insufficient permissions.\n *\n * @public\n */\nexport class AuthenticationError extends TheokitAgentError {\n override readonly name: string = \"AuthenticationError\";\n\n constructor(\n message: string,\n options: { code?: string; cause?: unknown; metadata?: ErrorMetadata } = {},\n ) {\n super(message, { ...options, isRetryable: false });\n }\n}\n\n/**\n * Too many requests or usage limits exceeded.\n *\n * @public\n */\nexport class RateLimitError extends TheokitAgentError {\n override readonly name: string = \"RateLimitError\";\n\n constructor(\n message: string,\n options: { code?: string; cause?: unknown; metadata?: ErrorMetadata } = {},\n ) {\n super(message, { ...options, isRetryable: true });\n }\n}\n\n/**\n * Invalid model, bad request parameters, malformed options.\n *\n * @public\n */\nexport class ConfigurationError extends TheokitAgentError {\n override readonly name: string = \"ConfigurationError\";\n\n constructor(\n message: string,\n options: { code?: string; cause?: unknown; metadata?: ErrorMetadata } = {},\n ) {\n super(message, { ...options, isRetryable: false });\n }\n}\n\n/**\n * Thrown when creating a cloud agent for a repo whose SCM provider is not\n * connected. Use `helpUrl` to point the user at the right reconnect flow.\n *\n * @public\n */\nexport class IntegrationNotConnectedError extends ConfigurationError {\n override readonly name: string = \"IntegrationNotConnectedError\";\n readonly provider: string;\n readonly helpUrl: string;\n\n constructor(\n message: string,\n options: {\n provider: string;\n helpUrl: string;\n code?: string;\n cause?: unknown;\n metadata?: ErrorMetadata;\n },\n ) {\n super(message, options);\n this.provider = options.provider;\n this.helpUrl = options.helpUrl;\n }\n}\n\n/**\n * Service unavailable, timeout, transport-level failure.\n *\n * @public\n */\nexport class NetworkError extends TheokitAgentError {\n override readonly name: string = \"NetworkError\";\n\n constructor(\n message: string,\n options: { code?: string; cause?: unknown; metadata?: ErrorMetadata } = {},\n ) {\n super(message, { ...options, isRetryable: true });\n }\n}\n\n/**\n * Catch-all for unclassified server or runtime errors.\n *\n * @public\n */\nexport class UnknownAgentError extends TheokitAgentError {\n override readonly name: string = \"UnknownAgentError\";\n\n constructor(\n message: string,\n options: { code?: string; cause?: unknown; metadata?: ErrorMetadata } = {},\n ) {\n super(message, { ...options, isRetryable: false });\n }\n}\n\n/**\n * Thrown by `Agent.prompt` (and helpers that go through `run.wait()`) when\n * the option `{ throwOnError: true }` is set and the run terminates with\n * `status: 'error'`. Carries the structured `RunResult.error` fields so\n * callers can `catch` once and branch on `code` / `provider` instead of\n * unwrapping the run.\n *\n * Extends {@link TheokitAgentError} per ADR D65 — no new hierarchy.\n *\n * @example\n * try {\n * await Agent.prompt(msg, { apiKey, model, throwOnError: true });\n * } catch (err) {\n * if (err instanceof AgentRunError && err.code === 'auth_failed') {\n * // bad key\n * }\n * }\n *\n * @public\n */\nexport class AgentRunError extends TheokitAgentError {\n override readonly name: string = \"AgentRunError\";\n readonly provider?: string;\n readonly raw?: string;\n /** Provider's request id (`x-request-id` / `request-id` header). Useful for support tickets. */\n readonly requestId?: string;\n /** SDK conversation id this error was raised inside. */\n readonly conversationId?: string;\n\n constructor(\n message: string,\n options: {\n code: AgentRunErrorCode;\n provider?: string;\n raw?: string;\n requestId?: string;\n conversationId?: string;\n retriable?: boolean;\n cause?: unknown;\n metadata?: ErrorMetadata;\n },\n ) {\n super(message, {\n code: options.code,\n cause: options.cause,\n metadata: options.metadata,\n // D311: most AgentRunErrors are not retriable (auth, validation, abort).\n // Provider mappers (D314) override per-status — explicit `retriable` wins\n // over the implicit default when supplied.\n isRetryable: options.retriable ?? defaultRetriableForCode(options.code),\n });\n if (options.provider !== undefined) this.provider = options.provider;\n if (options.raw !== undefined) this.raw = options.raw;\n if (options.requestId !== undefined) this.requestId = options.requestId;\n if (options.conversationId !== undefined) this.conversationId = options.conversationId;\n }\n\n /**\n * Production-Readiness #3 (ADR D311): alias for `isRetryable` exposed as\n * `retriable` to match the handoff contract. Future v2 will deprecate\n * `isRetryable` in favor of this.\n */\n get retriable(): boolean {\n return this.isRetryable;\n }\n\n /**\n * D312: provider's `Retry-After` header in **milliseconds**. Mappers store\n * the header value (seconds) in `metadata.retryAfter`; this getter\n * multiplies by 1000 so the result composes with `Date.now()`/`setTimeout`.\n *\n * Returns `undefined` when no hint was provided. `0` is a legitimate value\n * — use `=== undefined` check rather than truthy check.\n */\n get retryAfterMs(): number | undefined {\n if (this.metadata?.retryAfter === undefined) return undefined;\n return this.metadata.retryAfter * 1000;\n }\n\n /**\n * D313: alias for `metadata.raw`. Provider response body for debugging.\n * Available but NEVER serialized into `.message` (anti-leak invariant).\n */\n get providerError(): unknown {\n return this.metadata?.raw;\n }\n}\n\n/**\n * D311 helper: choose a sensible default `isRetryable` value when the\n * caller did not supply `retriable` explicitly. Conservative defaults —\n * provider mappers override per-status when they know better.\n *\n * @internal\n */\nfunction defaultRetriableForCode(code: AgentRunErrorCode): boolean {\n switch (code) {\n case \"rate_limit\":\n case \"timeout\":\n case \"server_error\":\n case \"network\":\n case \"provider_unreachable\":\n return true;\n default:\n return false;\n }\n}\n\n/**\n * Thrown when a {@link Run} or agent operation is not available on the current\n * runtime. Check first with `run.supports(operation)`.\n *\n * Extends {@link TheokitAgentError} (so error-catching code that branches on\n * `instanceof TheokitAgentError` continues to work) but is never retryable —\n * an unsupported operation will not become supported on retry.\n *\n * @public\n */\nexport class UnsupportedRunOperationError extends TheokitAgentError {\n override readonly name: string = \"UnsupportedRunOperationError\";\n readonly operation: RunOperation;\n\n constructor(\n message: string,\n operation: RunOperation,\n options: { code?: string; cause?: unknown } = {},\n ) {\n super(message, {\n ...options,\n isRetryable: false,\n code: options.code ?? \"unsupported_run_operation\",\n });\n this.operation = operation;\n }\n}\n\n/**\n * Thrown when every credential in a per-provider pool is in cooldown\n * and no healthy key is available (ADR D133). The caller's\n * {@link import(\"./internal/llm/fallback-client.js\").FallbackLlmClient}\n * catches this and tries the next provider in the fallback chain.\n *\n * `metadata.nextRetryAt` (epoch ms) tells callers when the soonest\n * pool entry resumes — useful for manual retry scheduling.\n *\n * @public\n */\nexport class CredentialPoolExhaustedError extends TheokitAgentError {\n override readonly name: string = \"CredentialPoolExhaustedError\";\n readonly provider: string;\n readonly nextRetryAt: number | undefined;\n\n constructor(\n message: string,\n options: {\n provider: string;\n nextRetryAt?: number;\n code?: string;\n cause?: unknown;\n metadata?: ErrorMetadata;\n },\n ) {\n super(message, {\n ...options,\n isRetryable: true,\n code: options.code ?? \"credential_pool_exhausted\",\n });\n this.provider = options.provider;\n this.nextRetryAt = options.nextRetryAt;\n }\n}\n\n/**\n * Finite error codes specific to memory adapter operations (ADR D141).\n *\n * @public\n */\nexport type MemoryAdapterErrorCode =\n | \"auth_failed\"\n | \"rate_limited\"\n | \"not_found\"\n | \"network\"\n | \"invalid_input\"\n | \"unknown\";\n\n/**\n * Error raised by `@theokit-memory-*` adapters. Carries `adapterId`\n * so callers can branch on which provider failed (ADR D141).\n *\n * @public\n */\nexport class MemoryAdapterError extends TheokitAgentError {\n override readonly name: string = \"MemoryAdapterError\";\n readonly adapterId: string;\n\n constructor(\n message: string,\n options: {\n adapterId: string;\n code: MemoryAdapterErrorCode;\n cause?: unknown;\n metadata?: ErrorMetadata;\n },\n ) {\n super(message, {\n isRetryable: options.code === \"rate_limited\" || options.code === \"network\",\n code: options.code,\n ...(options.cause !== undefined ? { cause: options.cause } : {}),\n ...(options.metadata !== undefined ? { metadata: options.metadata } : {}),\n });\n this.adapterId = options.adapterId;\n }\n}\n\n/**\n * Thrown when a user-supplied task ID violates the grammar\n * `^[a-z0-9][a-z0-9_-]*$` (D368) OR starts with a reserved adapter\n * prefix (`wf-` / `b-` / `cron-`, EC-5).\n *\n * @public\n */\nexport class InvalidTaskIdError extends TheokitAgentError {\n override readonly name: string = \"InvalidTaskIdError\";\n readonly taskId: string;\n\n constructor(message: string, taskId: string, options: { cause?: unknown } = {}) {\n super(message, {\n ...options,\n isRetryable: false,\n code: \"invalid_task_id\",\n });\n this.taskId = taskId;\n }\n}\n\n/**\n * Thrown when `Task.subscribe(id)` is called for a task that has been\n * evicted, never submitted, or evicted after retention (D373).\n *\n * @public\n */\nexport class TaskNotFoundError extends TheokitAgentError {\n override readonly name: string = \"TaskNotFoundError\";\n readonly taskId: string;\n\n constructor(taskId: string, options: { cause?: unknown } = {}) {\n super(`Task not found: ${taskId}`, {\n ...options,\n isRetryable: false,\n code: \"task_not_found\",\n });\n this.taskId = taskId;\n }\n}\n\n/**\n * Thrown when `CloudAgent` is asked to wrap a task (D370). Cloud\n * task observability is deferred until Theo PaaS GA.\n *\n * @public\n */\nexport class UnsupportedTaskOperationError extends TheokitAgentError {\n override readonly name: string = \"UnsupportedTaskOperationError\";\n readonly operation: string;\n\n constructor(operation: string, options: { cause?: unknown } = {}) {\n super(\n `Task operation \"${operation}\" is not supported on CloudAgent (pre-release; see ADR D370)`,\n {\n ...options,\n isRetryable: false,\n code: \"task_op_unsupported\",\n },\n );\n this.operation = operation;\n }\n}\n\n/**\n * Thrown by `Budget` enforcement (ADR D386) when a `mode: \"block\"`\n * budget would be exceeded by the upcoming LLM call. Caller pega\n * tipado para retry-after-window-reset or surface to the user.\n *\n * @public\n */\nexport class BudgetExceededError extends TheokitAgentError {\n override readonly name: string = \"BudgetExceededError\";\n readonly budgetName: string;\n readonly window: import(\"./types/budget.js\").BudgetWindow;\n readonly spentUsd: number;\n readonly limitUsd: number;\n readonly mode: import(\"./types/budget.js\").BudgetMode;\n\n constructor(args: {\n budgetName: string;\n window: import(\"./types/budget.js\").BudgetWindow;\n spentUsd: number;\n limitUsd: number;\n mode: import(\"./types/budget.js\").BudgetMode;\n cause?: unknown;\n }) {\n super(\n `Budget \"${args.budgetName}\" exceeded for window ${args.window}: spent $${args.spentUsd.toFixed(4)} > limit $${args.limitUsd.toFixed(4)}`,\n {\n ...(args.cause !== undefined ? { cause: args.cause } : {}),\n isRetryable: false,\n code: \"budget_exceeded\",\n },\n );\n this.budgetName = args.budgetName;\n this.window = args.window;\n this.spentUsd = args.spentUsd;\n this.limitUsd = args.limitUsd;\n this.mode = args.mode;\n }\n}\n\n/**\n * Thrown when `CloudAgent.send({ budget })` is invoked (D388). Cloud\n * budget surface waits for Theo PaaS GA.\n *\n * @public\n */\nexport class UnsupportedBudgetOperationError extends TheokitAgentError {\n override readonly name: string = \"UnsupportedBudgetOperationError\";\n readonly operation: string;\n\n constructor(operation: string, options: { cause?: unknown } = {}) {\n super(\n `Budget operation \"${operation}\" is not supported on CloudAgent (pre-release; see ADR D388)`,\n {\n ...options,\n isRetryable: false,\n code: \"budget_op_unsupported\",\n },\n );\n this.operation = operation;\n }\n}\n"]}
1
+ {"version":3,"sources":["../src/internal/security/redact.ts","../src/errors.ts"],"names":[],"mappings":";AAsBA,IAAI,iBAA0B,WAAA,EAAY;AAE1C,SAAS,WAAA,GAAuB;AAC9B,EAAA,MAAM,GAAA,GAAM,QAAQ,GAAA,CAAI,sBAAA;AACxB,EAAA,IAAI,GAAA,KAAQ,QAAW,OAAO,IAAA;AAC9B,EAAA,OAAO,CAAC,KAAK,MAAA,EAAQ,KAAA,EAAO,IAAI,CAAA,CAAE,QAAA,CAAS,GAAA,CAAI,WAAA,EAAa,CAAA;AAC9D;AAGA,IAAI,YAAA,GAAe,KAAA;AACnB,IAAI,CAAC,cAAA,IAAkB,CAAC,YAAA,EAAc;AACpC,EAAA,OAAA,CAAQ,MAAA,CAAO,KAAA;AAAA,IACb;AAAA,GAEF;AACA,EAAA,YAAA,GAAe,IAAA;AACjB;AASA,IAAM,gBAAA,GAAsC;AAAA;AAAA;AAAA;AAAA;AAAA,EAK1C,iJAAA;AAAA;AAAA;AAAA,EAGA,gEAAA;AAAA;AAAA,EAEA,mCAAA;AAAA;AAAA,EAEA,oCAAA;AAAA;AAAA,EACA,4BAAA;AAAA;AAAA;AAAA,EAEA,6BAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA;AAAA,EAEA,wBAAA;AAAA;AAAA,EACA,mBAAA;AAAA;AAAA,EACA,sBAAA;AAAA;AAAA,EACA,0BAAA;AAAA;AAAA,EACA,sBAAA;AAAA;AAAA,EACA,8BAAA;AAAA;AAAA,EACA,uBAAA;AAAA;AAAA,EACA,sBAAA;AAAA;AAAA,EACA,0BAAA;AAAA;AAAA,EACA,0BAAA;AAAA;AAAA,EACA,0BAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,2BAAA;AAAA;AAAA,EACA,2BAAA;AAAA;AAAA,EACA,0BAAA;AAAA;AAAA,EACA,yBAAA;AAAA;AAAA,EACA,+BAAA;AAAA;AAAA;AAAA,EAEA,sBAAA;AAAA;AAAA,EACA,2CAAA;AAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EACA,uBAAA;AAAA;AAAA,EACA,2DAAA;AAAA;AAAA,EACA;AAAA;AACF,CAAA;AAKA,IAAM,cAAA,GAAiB,wCAAA;AAoBvB,IAAM,aAAA,GACJ,4NAAA;AAEF,IAAM,iBAA2B,EAAC;AA0B3B,SAAS,UAAU,KAAA,EAAuB;AAC/C,EAAA,IAAI,KAAA,CAAM,MAAA,GAAS,EAAA,EAAI,OAAO,KAAA;AAC9B,EAAA,OAAO,CAAA,EAAG,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,CAAC,CAAC,CAAA,GAAA,EAAM,KAAA,CAAM,KAAA,CAAM,EAAE,CAAC,CAAA,CAAA;AAClD;AAoBA,SAAS,eAAe,KAAA,EAA+B;AACrD,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA;AACtC,EAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,EAAW,OAAO,IAAA;AAClD,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,IAAI;AACF,MAAA,MAAM,CAAA,GAAI,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AAC9B,MAAA,OAAO,CAAA,KAAM,SAAY,IAAA,GAAO,CAAA;AAAA,IAClC,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,0BAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,OAAO,KAAK,CAAA;AACrB;AAEO,SAAS,aAAA,CAAc,MAAe,IAAA,EAAuC;AAClF,EAAA,MAAM,OAAA,GAAU,eAAe,IAAI,CAAA;AACnC,EAAA,IAAI,OAAA,KAAY,MAAM,OAAO,EAAA;AAC7B,EAAA,IAAI,CAAC,gBAAgB,OAAO,OAAA;AAE5B,EAAA,IAAI,CAAA,GAAI,OAAA;AACR,EAAA,KAAA,MAAW,MAAM,gBAAA,EAAkB;AACjC,IAAA,CAAA,GAAI,EAAE,OAAA,CAAQ,EAAA,EAAI,CAAC,CAAA,KAAM,SAAA,CAAU,CAAC,CAAC,CAAA;AAAA,EACvC;AACA,EAAA,KAAA,MAAW,MAAM,cAAA,EAAgB;AAC/B,IAAA,CAAA,GAAI,EAAE,OAAA,CAAQ,EAAA,EAAI,CAAC,CAAA,KAAM,SAAA,CAAU,CAAC,CAAC,CAAA;AAAA,EACvC;AACA,EAAqB;AAInB,IAAA,CAAA,GAAI,CAAA,CAAE,QAAQ,cAAA,EAAgB,CAAC,GAAG,MAAA,KAAmB,CAAA,EAAG,MAAM,CAAA,GAAA,CAAK,CAAA;AAInE,IAAA,CAAA,GAAI,EAAE,OAAA,CAAQ,aAAA,EAAe,CAAC,KAAA,EAAO,QAAgB,KAAA,KAAkB;AACrE,MAAA,IAAI,KAAA,CAAM,QAAA,CAAS,KAAK,CAAA,EAAG,OAAO,KAAA;AAClC,MAAA,OAAO,GAAG,MAAM,CAAA,GAAA,CAAA;AAAA,IAClB,CAAC,CAAA;AAAA,EACH;AACA,EAAA,OAAO,CAAA;AACT;;;ACpIA,IAAM,2BAAA,uBAAkC,GAAA,CAAY;AAAA,EAClD,YAAA;AAAA,EACA,aAAA;AAAA,EACA,iBAAA;AAAA,EACA,SAAA;AAAA,EACA,cAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,SAAA;AAAA,EACA,SAAA;AAAA,EACA,gBAAA;AAAA,EACA,oBAAA;AAAA,EACA,SAAA;AAAA,EACA,eAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF,CAAC,CAAA;AAUM,SAAS,+BAA+B,IAAA,EAAkD;AAC/F,EAAA,IAAI,IAAA,KAAS,MAAA,IAAa,2BAAA,CAA4B,GAAA,CAAI,IAAI,CAAA,EAAG;AAC/D,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA;AACT;AAmCO,IAAM,iBAAA,GAAN,cAAgC,KAAA,CAAM;AAAA,EACzB,IAAA,GAAe,mBAAA;AAAA,EACxB,WAAA;AAAA,EACA,IAAA;AAAA,EACA,cAAA;AAAA,EACA,QAAA;AAAA,EAET,WAAA,CACE,OAAA,EACA,OAAA,GAMI,EAAC,EACL;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,QAAQ,KAAA,KAAU,MAAA,GAAY,EAAE,KAAA,EAAO,OAAA,CAAQ,KAAA,EAAM,GAAI,MAAS,CAAA;AACjF,IAAA,IAAA,CAAK,WAAA,GAAc,QAAQ,WAAA,IAAe,KAAA;AAC1C,IAAA,IAAI,OAAA,CAAQ,IAAA,KAAS,MAAA,EAAW,IAAA,CAAK,OAAO,OAAA,CAAQ,IAAA;AACpD,IAAA,IAAI,OAAA,CAAQ,cAAA,KAAmB,MAAA,EAAW,IAAA,CAAK,iBAAiB,OAAA,CAAQ,cAAA;AACxE,IAAA,IAAI,OAAA,CAAQ,QAAA,KAAa,MAAA,EAAW,IAAA,CAAK,WAAW,OAAA,CAAQ,QAAA;AAAA,EAC9D;AACF;AAOO,IAAM,mBAAA,GAAN,cAAkC,iBAAA,CAAkB;AAAA,EACvC,IAAA,GAAe,qBAAA;AAAA,EAEjC,WAAA,CACE,OAAA,EACA,OAAA,GAAwE,EAAC,EACzE;AACA,IAAA,KAAA,CAAM,SAAS,EAAE,GAAG,OAAA,EAAS,WAAA,EAAa,OAAO,CAAA;AAAA,EACnD;AACF;AAOO,IAAM,cAAA,GAAN,cAA6B,iBAAA,CAAkB;AAAA,EAClC,IAAA,GAAe,gBAAA;AAAA,EAEjC,WAAA,CACE,OAAA,EACA,OAAA,GAAwE,EAAC,EACzE;AACA,IAAA,KAAA,CAAM,SAAS,EAAE,GAAG,OAAA,EAAS,WAAA,EAAa,MAAM,CAAA;AAAA,EAClD;AACF;AAOO,IAAM,kBAAA,GAAN,cAAiC,iBAAA,CAAkB;AAAA,EACtC,IAAA,GAAe,oBAAA;AAAA,EAEjC,WAAA,CACE,OAAA,EACA,OAAA,GAAwE,EAAC,EACzE;AACA,IAAA,KAAA,CAAM,SAAS,EAAE,GAAG,OAAA,EAAS,WAAA,EAAa,OAAO,CAAA;AAAA,EACnD;AACF;AAQO,IAAM,4BAAA,GAAN,cAA2C,kBAAA,CAAmB;AAAA,EACjD,IAAA,GAAe,8BAAA;AAAA,EACxB,QAAA;AAAA,EACA,OAAA;AAAA,EAET,WAAA,CACE,SACA,OAAA,EAOA;AACA,IAAA,KAAA,CAAM,SAAS,OAAO,CAAA;AACtB,IAAA,IAAA,CAAK,WAAW,OAAA,CAAQ,QAAA;AACxB,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,OAAA;AAAA,EACzB;AACF;AAOO,IAAM,YAAA,GAAN,cAA2B,iBAAA,CAAkB;AAAA,EAChC,IAAA,GAAe,cAAA;AAAA,EAEjC,WAAA,CACE,OAAA,EACA,OAAA,GAAwE,EAAC,EACzE;AACA,IAAA,KAAA,CAAM,SAAS,EAAE,GAAG,OAAA,EAAS,WAAA,EAAa,MAAM,CAAA;AAAA,EAClD;AACF;AAOO,IAAM,iBAAA,GAAN,cAAgC,iBAAA,CAAkB;AAAA,EACrC,IAAA,GAAe,mBAAA;AAAA,EAEjC,WAAA,CACE,OAAA,EACA,OAAA,GAAwE,EAAC,EACzE;AACA,IAAA,KAAA,CAAM,SAAS,EAAE,GAAG,OAAA,EAAS,WAAA,EAAa,OAAO,CAAA;AAAA,EACnD;AACF;AAsBO,IAAM,aAAA,GAAN,cAA4B,iBAAA,CAAkB;AAAA,EACjC,IAAA,GAAe,eAAA;AAAA,EACxB,QAAA;AAAA,EACA,GAAA;AAAA;AAAA,EAEA,SAAA;AAAA;AAAA,EAEA,cAAA;AAAA,EAET,WAAA,CACE,SACA,OAAA,EAUA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,MAAM,OAAA,CAAQ,IAAA;AAAA,MACd,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,UAAU,OAAA,CAAQ,QAAA;AAAA;AAAA;AAAA;AAAA,MAIlB,WAAA,EAAa,OAAA,CAAQ,SAAA,IAAa,uBAAA,CAAwB,QAAQ,IAAI;AAAA,KACvE,CAAA;AACD,IAAA,IAAI,OAAA,CAAQ,QAAA,KAAa,MAAA,EAAW,IAAA,CAAK,WAAW,OAAA,CAAQ,QAAA;AAC5D,IAAA,IAAI,OAAA,CAAQ,GAAA,KAAQ,MAAA,EAAW,IAAA,CAAK,MAAM,OAAA,CAAQ,GAAA;AAClD,IAAA,IAAI,OAAA,CAAQ,SAAA,KAAc,MAAA,EAAW,IAAA,CAAK,YAAY,OAAA,CAAQ,SAAA;AAC9D,IAAA,IAAI,OAAA,CAAQ,cAAA,KAAmB,MAAA,EAAW,IAAA,CAAK,iBAAiB,OAAA,CAAQ,cAAA;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,SAAA,GAAqB;AACvB,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,IAAI,YAAA,GAAmC;AACrC,IAAA,IAAI,IAAA,CAAK,QAAA,EAAU,UAAA,KAAe,MAAA,EAAW,OAAO,MAAA;AACpD,IAAA,OAAO,IAAA,CAAK,SAAS,UAAA,GAAa,GAAA;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,IAAI,aAAA,GAAyB;AAC3B,IAAA,MAAM,GAAA,GAAM,KAAK,QAAA,EAAU,GAAA;AAC3B,IAAA,IAAI,GAAA,KAAQ,QAAW,OAAO,MAAA;AAC9B,IAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,EAAU,OAAO,cAAc,GAAG,CAAA;AAErD,IAAA,IAAI;AACF,MAAA,OAAO,aAAA,CAAc,IAAA,CAAK,SAAA,CAAU,GAAG,CAAC,CAAA;AAAA,IAC1C,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,aAAA,CAAc,MAAA,CAAO,GAAG,CAAC,CAAA;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAA,GAAkC;AAChC,IAAA,MAAM,IAAA,GAAgC;AAAA,MACpC,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,aAAa,IAAA,CAAK;AAAA,KACpB;AACA,IAAA,iBAAA,CAAkB,MAAM,IAAI,CAAA;AAC5B,IAAA,MAAM,QAAA,GAAW,gBAAA,CAAiB,IAAA,CAAK,QAAQ,CAAA;AAC/C,IAAA,IAAI,QAAA,KAAa,MAAA,EAAW,IAAA,CAAK,QAAA,GAAW,QAAA;AAC5C,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAEA,SAAS,iBAAA,CAAkB,MAA+B,GAAA,EAA0B;AAClF,EAAA,IAAI,GAAA,CAAI,IAAA,KAAS,MAAA,EAAW,IAAA,CAAK,OAAO,GAAA,CAAI,IAAA;AAC5C,EAAA,IAAI,GAAA,CAAI,QAAA,KAAa,MAAA,EAAW,IAAA,CAAK,WAAW,GAAA,CAAI,QAAA;AACpD,EAAA,IAAI,GAAA,CAAI,SAAA,KAAc,MAAA,EAAW,IAAA,CAAK,YAAY,GAAA,CAAI,SAAA;AACtD,EAAA,IAAI,GAAA,CAAI,cAAA,KAAmB,MAAA,EAAW,IAAA,CAAK,iBAAiB,GAAA,CAAI,cAAA;AAChE,EAAA,IAAI,IAAI,GAAA,KAAQ,MAAA,OAAgB,GAAA,GAAM,aAAA,CAAc,IAAI,GAAG,CAAA;AAC7D;AAEA,SAAS,iBAAiB,IAAA,EAA4D;AACpF,EAAA,IAAI,IAAA,KAAS,QAAW,OAAO,MAAA;AAC/B,EAAA,MAAM,EAAE,GAAA,EAAK,GAAG,IAAA,EAAK,GAAI,IAAA;AACzB,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,GAAA,CAAI,wBAAA,KAA6B,GAAA;AAC1D,EAAA,IAAI,QAAA,IAAY,QAAQ,MAAA,EAAW;AACjC,IAAA,MAAM,WAAA,GACJ,OAAO,GAAA,KAAQ,QAAA,GAAW,aAAA,CAAc,GAAG,CAAA,GAAI,aAAA,CAAc,aAAA,CAAc,GAAG,CAAC,CAAA;AACjF,IAAA,OAAO,EAAE,GAAG,IAAA,EAAM,GAAA,EAAK,WAAA,EAAY;AAAA,EACrC;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,cAAc,KAAA,EAAwB;AAC7C,EAAA,IAAI;AACF,IAAA,OAAO,IAAA,CAAK,UAAU,KAAK,CAAA;AAAA,EAC7B,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,OAAO,KAAK,CAAA;AAAA,EACrB;AACF;AASA,SAAS,wBAAwB,IAAA,EAAkC;AACjE,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,YAAA;AAAA,IACL,KAAK,SAAA;AAAA,IACL,KAAK,cAAA;AAAA,IACL,KAAK,SAAA;AAAA,IACL,KAAK,sBAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT;AACE,MAAA,OAAO,KAAA;AAAA;AAEb;AAYO,IAAM,4BAAA,GAAN,cAA2C,iBAAA,CAAkB;AAAA,EAChD,IAAA,GAAe,8BAAA;AAAA,EACxB,SAAA;AAAA,EAET,WAAA,CACE,OAAA,EACA,SAAA,EACA,OAAA,GAA8C,EAAC,EAC/C;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,GAAG,OAAA;AAAA,MACH,WAAA,EAAa,KAAA;AAAA,MACb,IAAA,EAAM,QAAQ,IAAA,IAAQ;AAAA,KACvB,CAAA;AACD,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AACF;AAaO,IAAM,4BAAA,GAAN,cAA2C,iBAAA,CAAkB;AAAA,EAChD,IAAA,GAAe,8BAAA;AAAA,EACxB,QAAA;AAAA,EACA,WAAA;AAAA,EAET,WAAA,CACE,SACA,OAAA,EAOA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,GAAG,OAAA;AAAA,MACH,WAAA,EAAa,IAAA;AAAA,MACb,IAAA,EAAM,QAAQ,IAAA,IAAQ;AAAA,KACvB,CAAA;AACD,IAAA,IAAA,CAAK,WAAW,OAAA,CAAQ,QAAA;AACxB,IAAA,IAAA,CAAK,cAAc,OAAA,CAAQ,WAAA;AAAA,EAC7B;AACF;AAqBO,IAAM,kBAAA,GAAN,cAAiC,iBAAA,CAAkB;AAAA,EACtC,IAAA,GAAe,oBAAA;AAAA,EACxB,SAAA;AAAA,EAET,WAAA,CACE,SACA,OAAA,EAMA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,WAAA,EAAa,OAAA,CAAQ,IAAA,KAAS,cAAA,IAAkB,QAAQ,IAAA,KAAS,SAAA;AAAA,MACjE,MAAM,OAAA,CAAQ,IAAA;AAAA,MACd,GAAI,QAAQ,KAAA,KAAU,MAAA,GAAY,EAAE,KAAA,EAAO,OAAA,CAAQ,KAAA,EAAM,GAAI,EAAC;AAAA,MAC9D,GAAI,QAAQ,QAAA,KAAa,MAAA,GAAY,EAAE,QAAA,EAAU,OAAA,CAAQ,QAAA,EAAS,GAAI;AAAC,KACxE,CAAA;AACD,IAAA,IAAA,CAAK,YAAY,OAAA,CAAQ,SAAA;AAAA,EAC3B;AACF;AASO,IAAM,kBAAA,GAAN,cAAiC,iBAAA,CAAkB;AAAA,EACtC,IAAA,GAAe,oBAAA;AAAA,EACxB,MAAA;AAAA,EAET,WAAA,CAAY,OAAA,EAAiB,MAAA,EAAgB,OAAA,GAA+B,EAAC,EAAG;AAC9E,IAAA,KAAA,CAAM,OAAA,EAAS;AAAA,MACb,GAAG,OAAA;AAAA,MACH,WAAA,EAAa,KAAA;AAAA,MACb,IAAA,EAAM;AAAA,KACP,CAAA;AACD,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF;AAQO,IAAM,iBAAA,GAAN,cAAgC,iBAAA,CAAkB;AAAA,EACrC,IAAA,GAAe,mBAAA;AAAA,EACxB,MAAA;AAAA,EAET,WAAA,CAAY,MAAA,EAAgB,OAAA,GAA+B,EAAC,EAAG;AAC7D,IAAA,KAAA,CAAM,CAAA,gBAAA,EAAmB,MAAM,CAAA,CAAA,EAAI;AAAA,MACjC,GAAG,OAAA;AAAA,MACH,WAAA,EAAa,KAAA;AAAA,MACb,IAAA,EAAM;AAAA,KACP,CAAA;AACD,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF;AAQO,IAAM,6BAAA,GAAN,cAA4C,iBAAA,CAAkB;AAAA,EACjD,IAAA,GAAe,+BAAA;AAAA,EACxB,SAAA;AAAA,EAET,WAAA,CAAY,SAAA,EAAmB,OAAA,GAA+B,EAAC,EAAG;AAChE,IAAA,KAAA;AAAA,MACE,mBAAmB,SAAS,CAAA,4DAAA,CAAA;AAAA,MAC5B;AAAA,QACE,GAAG,OAAA;AAAA,QACH,WAAA,EAAa,KAAA;AAAA,QACb,IAAA,EAAM;AAAA;AACR,KACF;AACA,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AACF;AASO,IAAM,mBAAA,GAAN,cAAkC,iBAAA,CAAkB;AAAA,EACvC,IAAA,GAAe,qBAAA;AAAA,EACxB,UAAA;AAAA,EACA,MAAA;AAAA,EACA,QAAA;AAAA,EACA,QAAA;AAAA,EACA,IAAA;AAAA,EAET,YAAY,IAAA,EAOT;AACD,IAAA,KAAA;AAAA,MACE,WAAW,IAAA,CAAK,UAAU,CAAA,sBAAA,EAAyB,IAAA,CAAK,MAAM,CAAA,SAAA,EAAY,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,CAAC,CAAC,CAAA,UAAA,EAAa,KAAK,QAAA,CAAS,OAAA,CAAQ,CAAC,CAAC,CAAA,CAAA;AAAA,MACvI;AAAA,QACE,GAAI,KAAK,KAAA,KAAU,MAAA,GAAY,EAAE,KAAA,EAAO,IAAA,CAAK,KAAA,EAAM,GAAI,EAAC;AAAA,QACxD,WAAA,EAAa,KAAA;AAAA,QACb,IAAA,EAAM;AAAA;AACR,KACF;AACA,IAAA,IAAA,CAAK,aAAa,IAAA,CAAK,UAAA;AACvB,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACnB,IAAA,IAAA,CAAK,WAAW,IAAA,CAAK,QAAA;AACrB,IAAA,IAAA,CAAK,WAAW,IAAA,CAAK,QAAA;AACrB,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AAAA,EACnB;AACF;AAgBO,IAAM,kBAAA,GAAN,cAAiC,iBAAA,CAAkB;AAAA,EACtC,IAAA,GAAe,oBAAA;AAAA,EACxB,OAAA;AAAA,EAET,YAAY,OAAA,EAAiB;AAC3B,IAAA,KAAA,CAAM,CAAA,OAAA,EAAU,OAAO,CAAA,8DAAA,CAAA,EAAkE;AAAA,MACvF,WAAA,EAAa,KAAA;AAAA,MACb,IAAA,EAAM;AAAA,KACP,CAAA;AACD,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF;AAEO,IAAM,+BAAA,GAAN,cAA8C,iBAAA,CAAkB;AAAA,EACnD,IAAA,GAAe,iCAAA;AAAA,EACxB,SAAA;AAAA,EAET,WAAA,CAAY,SAAA,EAAmB,OAAA,GAA+B,EAAC,EAAG;AAChE,IAAA,KAAA;AAAA,MACE,qBAAqB,SAAS,CAAA,4DAAA,CAAA;AAAA,MAC9B;AAAA,QACE,GAAG,OAAA;AAAA,QACH,WAAA,EAAa,KAAA;AAAA,QACb,IAAA,EAAM;AAAA;AACR,KACF;AACA,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AACF","file":"errors.js","sourcesContent":["/**\n * Canonical secret redaction module (ADRs D68-D73).\n *\n * Single source of truth for credential pattern masking across the SDK.\n * Wired at output boundaries: `ErrorMetadata.raw` (mappers/shared.ts),\n * telemetry span attributes (telemetry/tracer.ts), transcript JSONL\n * appends (agent-session-store.ts), migration logger output\n * (memory/migrate-sqlite-to-lance.ts).\n *\n * - D68: central module, single source of truth (replaces 2 duplicates)\n * - D69: env snapshot at module init (prompt-injection defense)\n * - D70: ON by default, warn on opt-out\n * - D71: two-bucket masking — short fully masked, long preserves prefix+suffix\n * - D72: `codeFile` opt-out for legitimate prefix-shaped content\n * - D73: redact at OUTPUT boundaries, not at storage\n *\n * @internal\n */\n\n// D69: env snapshot captured at module load. Subsequent mutations of\n// process.env.THEOKIT_REDACT_SECRETS are ignored — defends against\n// prompt injection that tries to disable redaction mid-run.\nlet REDACT_ENABLED: boolean = readEnvOnce();\n\nfunction readEnvOnce(): boolean {\n const raw = process.env.THEOKIT_REDACT_SECRETS;\n if (raw === undefined) return true; // D70: default ON\n return [\"1\", \"true\", \"yes\", \"on\"].includes(raw.toLowerCase());\n}\n\n// D70: warn once on opt-out so the user knows they're vulnerable.\nlet warnedOptOut = false;\nif (!REDACT_ENABLED && !warnedOptOut) {\n process.stderr.write(\n \"[theokit-sdk] Secret redaction is DISABLED via THEOKIT_REDACT_SECRETS. \" +\n \"Credentials may leak into errors, telemetry, logs, transcripts.\\n\",\n );\n warnedOptOut = true;\n}\n\n/**\n * Built-in credential patterns. Order matters — more specific prefixes\n * must come before generic ones (e.g., `sk-ant-` before `sk-`). Quantifiers\n * are all bounded `{n,m}` or applied to char classes — linear time, no ReDoS.\n *\n * @internal\n */\nconst BUILTIN_PATTERNS: readonly RegExp[] = [\n // T5.4: 30+ vendor prefixes (was 12 pre-T5.4). Order matters — more\n // specific prefixes precede generic ones (e.g., sk-ant-admin01 before\n // sk-ant-, sk-proj- before sk-). PEM block deliberately first so its\n // multi-line span runs before any per-line patterns can fire.\n /-----BEGIN[ ]+(?:RSA |EC |DSA |OPENSSH |ENCRYPTED |)PRIVATE KEY-----[\\s\\S]+?-----END[ ]+(?:RSA |EC |DSA |OPENSSH |ENCRYPTED |)PRIVATE KEY-----/g,\n // JWT — exact 3-segment base64url. Dotted; the body floor of 4 chars per\n // segment matches the minimum legal payload while skipping `a.b.c` noise.\n /eyJ[A-Za-z0-9_-]{4,}\\.eyJ[A-Za-z0-9_-]{4,}\\.[A-Za-z0-9_-]{4,}/g,\n // Azure Storage SAS — match the sig= component (URL-encoded base64).\n /(?<=[?&]sig=)[A-Za-z0-9%+/]{20,}/g,\n // Anthropic\n /sk-ant-admin01-[A-Za-z0-9_-]{10,}/g, // Anthropic admin keys (must precede sk-ant-)\n /sk-ant-[A-Za-z0-9_-]{10,}/g, // Anthropic regular\n // OpenAI family + clones (sk- generic must come AFTER all sk-foo- variants)\n /sk-proj-[A-Za-z0-9_-]{10,}/g, // OpenAI project key (must precede sk- generic)\n /sk-[A-Za-z0-9_-]{10,}/g, // OpenAI / OpenRouter / DeepInfra / Together / DeepSeek\n // Provider prefixes (alphabetized for maintainability)\n /AIza[A-Za-z0-9_-]{35}/g, // Google API key\n /AKIA[A-Z0-9]{16}/g, // AWS access key\n /fw_[A-Za-z0-9]{20,}/g, // Fireworks\n /glpat-[A-Za-z0-9_-]{20}/g, // GitLab PAT\n /ghp_[A-Za-z0-9]{36}/g, // GitHub PAT classic\n /github_pat_[A-Za-z0-9_]{82}/g, // GitHub PAT fine-grained\n /gsk_[A-Za-z0-9]{20,}/g, // Groq\n /hf_[A-Za-z0-9]{20,}/g, // HuggingFace\n /\\bpa-[A-Za-z0-9_-]{20,}/g, // Voyage AI (word-boundary to skip CSS / kebab IDs)\n /pcsk_[A-Za-z0-9_-]{20,}/g, // Pinecone\n /pplx-[A-Za-z0-9_-]{20,}/g, // Perplexity\n /r8_[A-Za-z0-9_-]{20,}/g, // Replicate\n /rk_live_[A-Za-z0-9]{20,}/g, // Stripe restricted\n /sk_live_[A-Za-z0-9]{20,}/g, // Stripe secret\n /sntrys_[A-Za-z0-9]{40,}/g, // Sentry user auth\n /xai-[A-Za-z0-9_-]{20,}/g, // xAI (Grok)\n /xox[bpasr]-[A-Za-z0-9-]{10,}/g, //Slack tokens\n // Additional unique-prefix tokens with low false-positive risk\n /npm_[A-Za-z0-9]{36}/g, // npm access token\n /SG\\.[A-Za-z0-9_-]{22}\\.[A-Za-z0-9_-]{43}/g, // SendGrid\n /\\bSK[A-Za-z0-9]{32}\\b/g, // Twilio API SID (word-boundary to skip CSS class noise)\n /\\bkey-[a-f0-9]{32}\\b/g, // Mailgun (hex-only narrows false positives)\n /MT[A-Za-z0-9_-]{23}\\.[A-Za-z0-9_-]{6}\\.[A-Za-z0-9_-]{27}/g, // Discord bot\n /\\b(?:sdk|mob)-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}\\b/g, // LaunchDarkly\n];\n\n// `Bearer <token>` matched as its own first-class pattern so PARAM_PATTERN\n// doesn't have to handle the unusual `Authorization: Bearer xxx` shape\n// (no `:` or `=` between \"Bearer\" and the value — bare whitespace).\nconst BEARER_PATTERN = /\\b(Bearer\\s+)([A-Za-z0-9_\\-.+/=]{8,})/g;\n\n// Parametric: matches `key=value` and `key: value` (with optional quote\n// between the key and the separator, to handle JSON: `\"api_key\": \"...\"`)\n// in URLs, query strings, JSON-like bodies, HTTP headers. Captures the\n// prefix so we keep it visible while masking the value.\n//\n// `authorization` deliberately excluded — BEARER_PATTERN handles the\n// common `Authorization: Bearer xxx` shape. Including it here causes\n// double-masking (\"Authorization: *** ***\") after Bearer fires.\n// T5.4: keyword set expanded from 6 → 16 to cover the OAuth / JWT / generic\n// credential vocabulary surfaced by DR6 finding #4. `authorization`,\n// `auth`, `bearer` stay excluded — BEARER_PATTERN handles the\n// `Authorization: Bearer xxx` shape and including these here would\n// re-catch the post-BUILTIN-masked form (D71 prefix-preservation\n// contract) and double-mask to `***`.\n//\n// Value class includes `.` so JWT / `.env` / dotted base64url values\n// match; the callback skips already-masked values (containing the\n// `...` D71 separator) to preserve the BUILTIN prefix-mask result.\nconst PARAM_PATTERN =\n /(\\b(?:access_token|api_key|api-key|client_secret|credential|credentials|id_token|jwt|password|private_key|refresh_token|secret|service_account|session_token|token|x-api-key)\\b[\"']?\\s*[:=]\\s*[\"']?)([A-Za-z0-9_\\-.+/]+)/gi;\n\nconst _extraPatterns: RegExp[] = [];\n\n/**\n * Add a user-defined redaction pattern. Additive — never removes builtins.\n * Throws if the regex lacks the `/g` flag (without `/g`, `.replace` only\n * substitutes the first match and the rest leaks).\n *\n * @internal — exposed publicly via `Security.addPattern` in `src/security.ts`.\n */\nexport function addPattern(re: RegExp): void {\n if (!re.global) {\n throw new Error(\"Security.addPattern: regex must have /g flag for replace-all semantics\");\n }\n _extraPatterns.push(re);\n}\n\n/**\n * Two-bucket masking (D71):\n * - tokens shorter than 18 chars → fully masked as `***`\n * - tokens >= 18 chars → keep first 6 + `...` + last 4\n *\n * Rationale: long tokens are unique per-account; prefix+suffix preserves\n * debuggability without revealing the secret middle.\n *\n * @internal\n */\nexport function maskToken(token: string): string {\n if (token.length < 18) return \"***\";\n return `${token.slice(0, 6)}...${token.slice(-4)}`;\n}\n\n/**\n * Redact known credential patterns from `text`. Default behavior masks\n * builtins + extras + parametric `key=value` sinks.\n *\n * With `{ codeFile: true }` (D72), skips PARAM_PATTERN to avoid mangling\n * `.env.example`, schema JSON, or test fixtures that legitimately contain\n * prefix-like strings.\n *\n * Returns the redacted string. Coerces non-strings via JSON.stringify;\n * EC-7 fix (edge-case review): wraps in try/catch so circular references\n * never propagate — returns sentinel `\"[unredactable: circular]\"`.\n *\n * @internal\n */\n// Coerce arbitrary input to a string for redaction. Returns `null`\n// sentinel when the value is null/undefined/non-stringifiable, so the\n// caller can short-circuit with `\"\"`. EC-7 fix: circular refs go through\n// the try/catch and produce the sentinel marker, never throwing.\nfunction coerceToString(value: unknown): string | null {\n if (typeof value === \"string\") return value;\n if (value === null || value === undefined) return null;\n if (typeof value === \"object\") {\n try {\n const s = JSON.stringify(value);\n return s === undefined ? null : s;\n } catch {\n return \"[unredactable: circular]\";\n }\n }\n return String(value);\n}\n\nexport function redactSecrets(text: unknown, opts?: { codeFile?: boolean }): string {\n const coerced = coerceToString(text);\n if (coerced === null) return \"\";\n if (!REDACT_ENABLED) return coerced;\n\n let s = coerced;\n for (const re of BUILTIN_PATTERNS) {\n s = s.replace(re, (m) => maskToken(m));\n }\n for (const re of _extraPatterns) {\n s = s.replace(re, (m) => maskToken(m));\n }\n if (!opts?.codeFile) {\n // Bearer first (preserves \"Bearer \" prefix, masks the token after).\n // Must run before PARAM_PATTERN so the bare-whitespace shape doesn't\n // get mis-handled as a value.\n s = s.replace(BEARER_PATTERN, (_, prefix: string) => `${prefix}***`);\n // T5.4: skip if value already contains the D71 bucket-mask separator\n // (`...`) — BUILTIN ran first and produced a prefix-preserved mask;\n // re-masking would lose the prefix and degrade debuggability.\n s = s.replace(PARAM_PATTERN, (whole, prefix: string, value: string) => {\n if (value.includes(\"...\")) return whole;\n return `${prefix}***`;\n });\n }\n return s;\n}\n\n/**\n * Test-only helper exported for `_test-reset.ts`. NOT included in the\n * `index.ts` barrel — vitest setup imports the dedicated module via\n * explicit path to discourage production callers.\n *\n * @internal\n */\nexport function _resetForTests(opts: { enabled?: boolean; clearExtras?: boolean }): void {\n if (opts.enabled !== undefined) REDACT_ENABLED = opts.enabled;\n if (opts.clearExtras === true) _extraPatterns.length = 0;\n}\n\n/**\n * T5.4 — Test-only count of BUILTIN_PATTERNS. Exposed so the count-floor\n * assertion can run without re-deriving the array shape in test land.\n * NOT included in the public barrel.\n *\n * @internal\n */\nexport function __TESTING__BUILTIN_PATTERN_COUNT(): number {\n return BUILTIN_PATTERNS.length;\n}\n","import { redactSecrets } from \"./internal/security/redact.js\";\nimport type { RunOperation } from \"./types/run.js\";\n\n/**\n * Finite, machine-readable error codes for provider-originated errors\n * (ADR D66). Consumers can `switch (err.metadata?.code)` exhaustively\n * — adding a new variant is an explicit decision + test coverage.\n *\n * @public\n */\nexport type ErrorCode =\n | \"rate_limit\"\n | \"auth_failed\"\n | \"invalid_request\"\n | \"timeout\"\n | \"server_error\"\n | \"context_too_long\"\n | \"content_filtered\"\n | \"model_unavailable\"\n | \"network\"\n | \"quota_exceeded\"\n | \"unknown\";\n\n/**\n * Codes used by {@link AgentRunError} (Production-Readiness #3, ADR D311).\n *\n * Superset of {@link ErrorCode} extended with codes that do NOT originate\n * from a provider HTTP response:\n *\n * - `quota_exceeded` — billing limit hit (provider 402 or signalled error)\n * - `tool_runtime_error` — custom tool handler threw inside dispatch\n * - `aborted` — caller's `AbortSignal` fired (Phase 4)\n * - `invalid_model` — model id rejected by provider (400 \"model not found\")\n * - `safety_blocked` — provider safety filter blocked req or resp\n * - `provider_unreachable` — DNS/TCP/timeout/5xx at transport boundary\n *\n * The `& {}` tail keeps the literal-union ergonomics (autocomplete) while\n * accepting any string for forward compatibility with constructor calls\n * that pass arbitrary code values (legacy callers).\n *\n * @public\n */\n/**\n * T1.1 — closed literal union for `AgentRunError.code`. The previous\n * `(string & {})` escape hatch let arbitrary strings slip into the type\n * surface and defeated exhaustive `switch (code)` discrimination. This is\n * the canonical closed form. `AgentRunErrorCode` is re-aliased below for\n * source-level back-compat.\n *\n * Adding a new code: append the literal here AND audit every `switch (err.code)`\n * in callers. Type-checker enforces the audit via the `default: assertNever(code)`\n * convention.\n *\n * @public\n */\nexport type KnownAgentRunErrorCode =\n | ErrorCode\n | \"quota_exceeded\"\n | \"tool_runtime_error\"\n | \"aborted\"\n | \"invalid_model\"\n | \"safety_blocked\"\n | \"provider_unreachable\";\n\n/**\n * Back-compat alias of {@link KnownAgentRunErrorCode}. Pre-T1.1 callers that\n * imported `AgentRunErrorCode` keep working; new code SHOULD prefer\n * `KnownAgentRunErrorCode` to make the closed-union intent explicit.\n *\n * @public\n */\nexport type AgentRunErrorCode = KnownAgentRunErrorCode;\n\n/** Snapshot of every known code at runtime — used by the boundary coercer. */\nconst KNOWN_AGENT_RUN_ERROR_CODES = new Set<string>([\n \"rate_limit\",\n \"auth_failed\",\n \"invalid_request\",\n \"timeout\",\n \"server_error\",\n \"context_too_long\",\n \"content_filtered\",\n \"model_unavailable\",\n \"network\",\n \"unknown\",\n \"quota_exceeded\",\n \"tool_runtime_error\",\n \"aborted\",\n \"invalid_model\",\n \"safety_blocked\",\n \"provider_unreachable\",\n]);\n\n/**\n * T1.1 boundary helper — coerce an arbitrary string (typically arriving from\n * a downstream `RunErrorDetail.code` or a deserialized cloud response) into a\n * `KnownAgentRunErrorCode`. Unknown strings collapse to `\"unknown\"` so the\n * closed type contract holds without forcing every caller to switch.\n *\n * @internal\n */\nexport function coerceToKnownAgentRunErrorCode(code: string | undefined): KnownAgentRunErrorCode {\n if (code !== undefined && KNOWN_AGENT_RUN_ERROR_CODES.has(code)) {\n return code as KnownAgentRunErrorCode;\n }\n return \"unknown\";\n}\n\n/**\n * Structured context for errors that originated from a provider HTTP\n * call (ADR D65). Lets callers retry with the right backoff (`retryAfter`),\n * surface actionable diagnostics (`provider`, `endpoint`), and inspect the\n * raw response body when needed (`raw`, capped at ~2KB by the mapper).\n *\n * @public\n */\nexport interface ErrorMetadata {\n /** Provider canonical name (e.g., `\"anthropic\"`, `\"openai\"`, `\"openrouter\"`, `\"gemini\"`). */\n provider: string;\n /** HTTP endpoint that failed (e.g., `\"/v1/messages\"`, `\"/v1/chat/completions\"`). */\n endpoint: string;\n /** Machine-readable error code (finite enum). */\n code: ErrorCode;\n /** HTTP status code if applicable. */\n statusCode?: number;\n /** Seconds to wait before retry, per provider's `retry-after` header (numeric form only). */\n retryAfter?: number;\n /** Raw response body for debugging (truncated to ~2KB by the mapper). */\n raw?: unknown;\n}\n\n/**\n * Base class for all errors thrown by `@theokit/sdk`.\n *\n * Use `isRetryable` to drive retry/backoff logic. `code` and `protoErrorCode`\n * are populated for server-originated errors when available. `metadata`\n * (ADR D65) carries structured `{ provider, endpoint, code, ... }` when\n * the error originated from a provider HTTP call.\n *\n * @public\n */\nexport class TheokitAgentError extends Error {\n override readonly name: string = \"TheokitAgentError\";\n readonly isRetryable: boolean;\n readonly code?: string;\n readonly protoErrorCode?: string;\n readonly metadata?: ErrorMetadata;\n\n constructor(\n message: string,\n options: {\n isRetryable?: boolean;\n code?: string;\n protoErrorCode?: string;\n cause?: unknown;\n metadata?: ErrorMetadata;\n } = {},\n ) {\n super(message, options.cause !== undefined ? { cause: options.cause } : undefined);\n this.isRetryable = options.isRetryable ?? false;\n if (options.code !== undefined) this.code = options.code;\n if (options.protoErrorCode !== undefined) this.protoErrorCode = options.protoErrorCode;\n if (options.metadata !== undefined) this.metadata = options.metadata;\n }\n}\n\n/**\n * Invalid API key, not logged in, insufficient permissions.\n *\n * @public\n */\nexport class AuthenticationError extends TheokitAgentError {\n override readonly name: string = \"AuthenticationError\";\n\n constructor(\n message: string,\n options: { code?: string; cause?: unknown; metadata?: ErrorMetadata } = {},\n ) {\n super(message, { ...options, isRetryable: false });\n }\n}\n\n/**\n * Too many requests or usage limits exceeded.\n *\n * @public\n */\nexport class RateLimitError extends TheokitAgentError {\n override readonly name: string = \"RateLimitError\";\n\n constructor(\n message: string,\n options: { code?: string; cause?: unknown; metadata?: ErrorMetadata } = {},\n ) {\n super(message, { ...options, isRetryable: true });\n }\n}\n\n/**\n * Invalid model, bad request parameters, malformed options.\n *\n * @public\n */\nexport class ConfigurationError extends TheokitAgentError {\n override readonly name: string = \"ConfigurationError\";\n\n constructor(\n message: string,\n options: { code?: string; cause?: unknown; metadata?: ErrorMetadata } = {},\n ) {\n super(message, { ...options, isRetryable: false });\n }\n}\n\n/**\n * Thrown when creating a cloud agent for a repo whose SCM provider is not\n * connected. Use `helpUrl` to point the user at the right reconnect flow.\n *\n * @public\n */\nexport class IntegrationNotConnectedError extends ConfigurationError {\n override readonly name: string = \"IntegrationNotConnectedError\";\n readonly provider: string;\n readonly helpUrl: string;\n\n constructor(\n message: string,\n options: {\n provider: string;\n helpUrl: string;\n code?: string;\n cause?: unknown;\n metadata?: ErrorMetadata;\n },\n ) {\n super(message, options);\n this.provider = options.provider;\n this.helpUrl = options.helpUrl;\n }\n}\n\n/**\n * Service unavailable, timeout, transport-level failure.\n *\n * @public\n */\nexport class NetworkError extends TheokitAgentError {\n override readonly name: string = \"NetworkError\";\n\n constructor(\n message: string,\n options: { code?: string; cause?: unknown; metadata?: ErrorMetadata } = {},\n ) {\n super(message, { ...options, isRetryable: true });\n }\n}\n\n/**\n * Catch-all for unclassified server or runtime errors.\n *\n * @public\n */\nexport class UnknownAgentError extends TheokitAgentError {\n override readonly name: string = \"UnknownAgentError\";\n\n constructor(\n message: string,\n options: { code?: string; cause?: unknown; metadata?: ErrorMetadata } = {},\n ) {\n super(message, { ...options, isRetryable: false });\n }\n}\n\n/**\n * Thrown by `Agent.prompt` (and helpers that go through `run.wait()`) when\n * the option `{ throwOnError: true }` is set and the run terminates with\n * `status: 'error'`. Carries the structured `RunResult.error` fields so\n * callers can `catch` once and branch on `code` / `provider` instead of\n * unwrapping the run.\n *\n * Extends {@link TheokitAgentError} per ADR D65 — no new hierarchy.\n *\n * @example\n * try {\n * await Agent.prompt(msg, { apiKey, model, throwOnError: true });\n * } catch (err) {\n * if (err instanceof AgentRunError && err.code === 'auth_failed') {\n * // bad key\n * }\n * }\n *\n * @public\n */\nexport class AgentRunError extends TheokitAgentError {\n override readonly name: string = \"AgentRunError\";\n readonly provider?: string;\n readonly raw?: string;\n /** Provider's request id (`x-request-id` / `request-id` header). Useful for support tickets. */\n readonly requestId?: string;\n /** SDK conversation id this error was raised inside. */\n readonly conversationId?: string;\n\n constructor(\n message: string,\n options: {\n code: AgentRunErrorCode;\n provider?: string;\n raw?: string;\n requestId?: string;\n conversationId?: string;\n retriable?: boolean;\n cause?: unknown;\n metadata?: ErrorMetadata;\n },\n ) {\n super(message, {\n code: options.code,\n cause: options.cause,\n metadata: options.metadata,\n // D311: most AgentRunErrors are not retriable (auth, validation, abort).\n // Provider mappers (D314) override per-status — explicit `retriable` wins\n // over the implicit default when supplied.\n isRetryable: options.retriable ?? defaultRetriableForCode(options.code),\n });\n if (options.provider !== undefined) this.provider = options.provider;\n if (options.raw !== undefined) this.raw = options.raw;\n if (options.requestId !== undefined) this.requestId = options.requestId;\n if (options.conversationId !== undefined) this.conversationId = options.conversationId;\n }\n\n /**\n * Production-Readiness #3 (ADR D311): alias for `isRetryable` exposed as\n * `retriable` to match the handoff contract. Future v2 will deprecate\n * `isRetryable` in favor of this.\n */\n get retriable(): boolean {\n return this.isRetryable;\n }\n\n /**\n * D312: provider's `Retry-After` header in **milliseconds**. Mappers store\n * the header value (seconds) in `metadata.retryAfter`; this getter\n * multiplies by 1000 so the result composes with `Date.now()`/`setTimeout`.\n *\n * Returns `undefined` when no hint was provided. `0` is a legitimate value\n * — use `=== undefined` check rather than truthy check.\n */\n get retryAfterMs(): number | undefined {\n if (this.metadata?.retryAfter === undefined) return undefined;\n return this.metadata.retryAfter * 1000;\n }\n\n /**\n * D313 + T1.5: alias for `metadata.raw`. Provider response body for\n * debugging. T1.5 wraps the value in `redactSecrets` at the getter\n * boundary so secret-shaped substrings (`sk-...`, Bearer JWTs, etc.) are\n * stripped before reaching the caller. Available but NEVER serialized\n * into `.message` (anti-leak invariant).\n */\n get providerError(): unknown {\n const raw = this.metadata?.raw;\n if (raw === undefined) return undefined;\n if (typeof raw === \"string\") return redactSecrets(raw);\n // Non-string raw (object/buffer) — stringify then redact.\n try {\n return redactSecrets(JSON.stringify(raw));\n } catch {\n return redactSecrets(String(raw));\n }\n }\n\n /**\n * T1.5 — sanitized JSON form. `metadata.raw` is OMITTED by default; opt\n * in via `THEOKIT_DEBUG_RAW_ERRORS=1` to surface the (redacted) raw\n * payload for diagnostics. Every other field stays accessible.\n *\n * The single env-var gate is read each call so operators can toggle at\n * runtime without restarting the process.\n */\n toJSON(): Record<string, unknown> {\n const json: Record<string, unknown> = {\n name: this.name,\n message: this.message,\n isRetryable: this.isRetryable,\n };\n addOptionalFields(json, this);\n const safeMeta = sanitizeMetadata(this.metadata);\n if (safeMeta !== undefined) json.metadata = safeMeta;\n return json;\n }\n}\n\nfunction addOptionalFields(json: Record<string, unknown>, err: AgentRunError): void {\n if (err.code !== undefined) json.code = err.code;\n if (err.provider !== undefined) json.provider = err.provider;\n if (err.requestId !== undefined) json.requestId = err.requestId;\n if (err.conversationId !== undefined) json.conversationId = err.conversationId;\n if (err.raw !== undefined) json.raw = redactSecrets(err.raw);\n}\n\nfunction sanitizeMetadata(meta: ErrorMetadata | undefined): ErrorMetadata | undefined {\n if (meta === undefined) return undefined;\n const { raw, ...rest } = meta;\n const debugRaw = process.env.THEOKIT_DEBUG_RAW_ERRORS === \"1\";\n if (debugRaw && raw !== undefined) {\n const redactedRaw =\n typeof raw === \"string\" ? redactSecrets(raw) : redactSecrets(safeStringify(raw));\n return { ...rest, raw: redactedRaw } as ErrorMetadata;\n }\n return rest as ErrorMetadata;\n}\n\nfunction safeStringify(value: unknown): string {\n try {\n return JSON.stringify(value);\n } catch {\n return String(value);\n }\n}\n\n/**\n * D311 helper: choose a sensible default `isRetryable` value when the\n * caller did not supply `retriable` explicitly. Conservative defaults —\n * provider mappers override per-status when they know better.\n *\n * @internal\n */\nfunction defaultRetriableForCode(code: AgentRunErrorCode): boolean {\n switch (code) {\n case \"rate_limit\":\n case \"timeout\":\n case \"server_error\":\n case \"network\":\n case \"provider_unreachable\":\n return true;\n default:\n return false;\n }\n}\n\n/**\n * Thrown when a {@link Run} or agent operation is not available on the current\n * runtime. Check first with `run.supports(operation)`.\n *\n * Extends {@link TheokitAgentError} (so error-catching code that branches on\n * `instanceof TheokitAgentError` continues to work) but is never retryable —\n * an unsupported operation will not become supported on retry.\n *\n * @public\n */\nexport class UnsupportedRunOperationError extends TheokitAgentError {\n override readonly name: string = \"UnsupportedRunOperationError\";\n readonly operation: RunOperation;\n\n constructor(\n message: string,\n operation: RunOperation,\n options: { code?: string; cause?: unknown } = {},\n ) {\n super(message, {\n ...options,\n isRetryable: false,\n code: options.code ?? \"unsupported_run_operation\",\n });\n this.operation = operation;\n }\n}\n\n/**\n * Thrown when every credential in a per-provider pool is in cooldown\n * and no healthy key is available (ADR D133). The caller's\n * {@link import(\"./internal/llm/fallback-client.js\").FallbackLlmClient}\n * catches this and tries the next provider in the fallback chain.\n *\n * `metadata.nextRetryAt` (epoch ms) tells callers when the soonest\n * pool entry resumes — useful for manual retry scheduling.\n *\n * @public\n */\nexport class CredentialPoolExhaustedError extends TheokitAgentError {\n override readonly name: string = \"CredentialPoolExhaustedError\";\n readonly provider: string;\n readonly nextRetryAt: number | undefined;\n\n constructor(\n message: string,\n options: {\n provider: string;\n nextRetryAt?: number;\n code?: string;\n cause?: unknown;\n metadata?: ErrorMetadata;\n },\n ) {\n super(message, {\n ...options,\n isRetryable: true,\n code: options.code ?? \"credential_pool_exhausted\",\n });\n this.provider = options.provider;\n this.nextRetryAt = options.nextRetryAt;\n }\n}\n\n/**\n * Finite error codes specific to memory adapter operations (ADR D141).\n *\n * @public\n */\nexport type MemoryAdapterErrorCode =\n | \"auth_failed\"\n | \"rate_limited\"\n | \"not_found\"\n | \"network\"\n | \"invalid_input\"\n | \"unknown\";\n\n/**\n * Error raised by `@theokit-memory-*` adapters. Carries `adapterId`\n * so callers can branch on which provider failed (ADR D141).\n *\n * @public\n */\nexport class MemoryAdapterError extends TheokitAgentError {\n override readonly name: string = \"MemoryAdapterError\";\n readonly adapterId: string;\n\n constructor(\n message: string,\n options: {\n adapterId: string;\n code: MemoryAdapterErrorCode;\n cause?: unknown;\n metadata?: ErrorMetadata;\n },\n ) {\n super(message, {\n isRetryable: options.code === \"rate_limited\" || options.code === \"network\",\n code: options.code,\n ...(options.cause !== undefined ? { cause: options.cause } : {}),\n ...(options.metadata !== undefined ? { metadata: options.metadata } : {}),\n });\n this.adapterId = options.adapterId;\n }\n}\n\n/**\n * Thrown when a user-supplied task ID violates the grammar\n * `^[a-z0-9][a-z0-9_-]*$` (D368) OR starts with a reserved adapter\n * prefix (`wf-` / `b-` / `cron-`, EC-5).\n *\n * @public\n */\nexport class InvalidTaskIdError extends TheokitAgentError {\n override readonly name: string = \"InvalidTaskIdError\";\n readonly taskId: string;\n\n constructor(message: string, taskId: string, options: { cause?: unknown } = {}) {\n super(message, {\n ...options,\n isRetryable: false,\n code: \"invalid_task_id\",\n });\n this.taskId = taskId;\n }\n}\n\n/**\n * Thrown when `Task.subscribe(id)` is called for a task that has been\n * evicted, never submitted, or evicted after retention (D373).\n *\n * @public\n */\nexport class TaskNotFoundError extends TheokitAgentError {\n override readonly name: string = \"TaskNotFoundError\";\n readonly taskId: string;\n\n constructor(taskId: string, options: { cause?: unknown } = {}) {\n super(`Task not found: ${taskId}`, {\n ...options,\n isRetryable: false,\n code: \"task_not_found\",\n });\n this.taskId = taskId;\n }\n}\n\n/**\n * Thrown when `CloudAgent` is asked to wrap a task (D370). Cloud\n * task observability is deferred until Theo PaaS GA.\n *\n * @public\n */\nexport class UnsupportedTaskOperationError extends TheokitAgentError {\n override readonly name: string = \"UnsupportedTaskOperationError\";\n readonly operation: string;\n\n constructor(operation: string, options: { cause?: unknown } = {}) {\n super(\n `Task operation \"${operation}\" is not supported on CloudAgent (pre-release; see ADR D370)`,\n {\n ...options,\n isRetryable: false,\n code: \"task_op_unsupported\",\n },\n );\n this.operation = operation;\n }\n}\n\n/**\n * Thrown by `Budget` enforcement (ADR D386) when a `mode: \"block\"`\n * budget would be exceeded by the upcoming LLM call. Caller pega\n * tipado para retry-after-window-reset or surface to the user.\n *\n * @public\n */\nexport class BudgetExceededError extends TheokitAgentError {\n override readonly name: string = \"BudgetExceededError\";\n readonly budgetName: string;\n readonly window: import(\"./types/budget.js\").BudgetWindow;\n readonly spentUsd: number;\n readonly limitUsd: number;\n readonly mode: import(\"./types/budget.js\").BudgetMode;\n\n constructor(args: {\n budgetName: string;\n window: import(\"./types/budget.js\").BudgetWindow;\n spentUsd: number;\n limitUsd: number;\n mode: import(\"./types/budget.js\").BudgetMode;\n cause?: unknown;\n }) {\n super(\n `Budget \"${args.budgetName}\" exceeded for window ${args.window}: spent $${args.spentUsd.toFixed(4)} > limit $${args.limitUsd.toFixed(4)}`,\n {\n ...(args.cause !== undefined ? { cause: args.cause } : {}),\n isRetryable: false,\n code: \"budget_exceeded\",\n },\n );\n this.budgetName = args.budgetName;\n this.window = args.window;\n this.spentUsd = args.spentUsd;\n this.limitUsd = args.limitUsd;\n this.mode = args.mode;\n }\n}\n\n/**\n * Thrown when `CloudAgent.send({ budget })` is invoked (D388). Cloud\n * budget surface waits for Theo PaaS GA.\n *\n * @public\n */\n/**\n * T1.6 — Thrown when a consumer calls `agent.send()` or any method\n * on an agent that has already been `dispose()`d. Pre-T1.6 this was\n * a generic `new Error(\"Agent has been disposed\")` — consumers\n * couldn't catch it without string-matching the message.\n *\n * @public\n */\nexport class AgentDisposedError extends TheokitAgentError {\n override readonly name: string = \"AgentDisposedError\";\n readonly agentId: string;\n\n constructor(agentId: string) {\n super(`Agent \"${agentId}\" has been disposed. Create a new agent or use Agent.resume().`, {\n isRetryable: false,\n code: \"agent_disposed\",\n });\n this.agentId = agentId;\n }\n}\n\nexport class UnsupportedBudgetOperationError extends TheokitAgentError {\n override readonly name: string = \"UnsupportedBudgetOperationError\";\n readonly operation: string;\n\n constructor(operation: string, options: { cause?: unknown } = {}) {\n super(\n `Budget operation \"${operation}\" is not supported on CloudAgent (pre-release; see ADR D388)`,\n {\n ...options,\n isRetryable: false,\n code: \"budget_op_unsupported\",\n },\n );\n this.operation = operation;\n }\n}\n"]}