@vm0/cli 9.59.4 → 9.59.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +935 -900
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -45,7 +45,7 @@ if (DSN) {
|
|
|
45
45
|
Sentry.init({
|
|
46
46
|
dsn: DSN,
|
|
47
47
|
environment: process.env.SENTRY_ENVIRONMENT ?? "production",
|
|
48
|
-
release: "9.59.
|
|
48
|
+
release: "9.59.6",
|
|
49
49
|
sendDefaultPii: false,
|
|
50
50
|
tracesSampleRate: 0,
|
|
51
51
|
shutdownTimeout: 500,
|
|
@@ -64,7 +64,7 @@ if (DSN) {
|
|
|
64
64
|
}
|
|
65
65
|
});
|
|
66
66
|
Sentry.setContext("cli", {
|
|
67
|
-
version: "9.59.
|
|
67
|
+
version: "9.59.6",
|
|
68
68
|
command: process.argv.slice(2).join(" ")
|
|
69
69
|
});
|
|
70
70
|
Sentry.setContext("runtime", {
|
|
@@ -673,7 +673,7 @@ function getConfigPath() {
|
|
|
673
673
|
return join2(homedir2(), ".vm0", "config.json");
|
|
674
674
|
}
|
|
675
675
|
var infoCommand = new Command6().name("info").description("Display environment and debug information").action(async () => {
|
|
676
|
-
console.log(chalk4.bold(`VM0 CLI v${"9.59.
|
|
676
|
+
console.log(chalk4.bold(`VM0 CLI v${"9.59.6"}`));
|
|
677
677
|
console.log();
|
|
678
678
|
const config = await loadConfig();
|
|
679
679
|
const hasEnvToken = !!process.env.VM0_TOKEN;
|
|
@@ -780,200 +780,52 @@ var apiErrorSchema = z2.object({
|
|
|
780
780
|
});
|
|
781
781
|
|
|
782
782
|
// ../../packages/core/src/contracts/composes.ts
|
|
783
|
-
import { z as z4 } from "zod";
|
|
784
|
-
|
|
785
|
-
// ../../packages/core/src/contracts/runners.ts
|
|
786
783
|
import { z as z3 } from "zod";
|
|
787
784
|
var c = initContract();
|
|
788
|
-
var
|
|
789
|
-
|
|
790
|
-
|
|
791
|
-
/** Terminal rule - value is the action (ALLOW or DENY) */
|
|
792
|
-
final: z3.enum(["ALLOW", "DENY"]).optional(),
|
|
793
|
-
/** Action for domain/ip rules */
|
|
794
|
-
action: z3.enum(["ALLOW", "DENY"]).optional()
|
|
795
|
-
});
|
|
796
|
-
var experimentalFirewallSchema = z3.object({
|
|
797
|
-
enabled: z3.boolean(),
|
|
798
|
-
rules: z3.array(firewallRuleSchema).optional()
|
|
799
|
-
});
|
|
800
|
-
var runnerGroupSchema = z3.string().regex(
|
|
801
|
-
/^[a-z0-9-]+\/[a-z0-9-]+$/,
|
|
802
|
-
"Runner group must be in org/name format (e.g., acme/production)"
|
|
785
|
+
var composeVersionQuerySchema = z3.string().min(1, "Missing version query parameter").regex(
|
|
786
|
+
/^[a-f0-9]{8,64}$|^latest$/i,
|
|
787
|
+
"Version must be 8-64 hex characters or 'latest'"
|
|
803
788
|
);
|
|
804
|
-
var
|
|
805
|
-
|
|
806
|
-
|
|
807
|
-
|
|
808
|
-
|
|
809
|
-
|
|
810
|
-
|
|
811
|
-
|
|
812
|
-
|
|
813
|
-
|
|
814
|
-
|
|
815
|
-
|
|
816
|
-
|
|
817
|
-
|
|
818
|
-
|
|
819
|
-
|
|
820
|
-
200: z3.object({
|
|
821
|
-
job: jobSchema.nullable()
|
|
822
|
-
}),
|
|
823
|
-
400: apiErrorSchema,
|
|
824
|
-
401: apiErrorSchema,
|
|
825
|
-
500: apiErrorSchema
|
|
826
|
-
},
|
|
827
|
-
summary: "Poll for pending jobs (long-polling with 30s timeout)"
|
|
828
|
-
}
|
|
829
|
-
});
|
|
830
|
-
var servicePermissionSchema = z3.object({
|
|
789
|
+
var AGENT_NAME_REGEX = /^[a-zA-Z0-9][a-zA-Z0-9-]{1,62}[a-zA-Z0-9]$/;
|
|
790
|
+
var VALID_CAPABILITIES = [
|
|
791
|
+
"volume:read",
|
|
792
|
+
"volume:write",
|
|
793
|
+
"artifact:read",
|
|
794
|
+
"artifact:write",
|
|
795
|
+
"memory:read",
|
|
796
|
+
"memory:write",
|
|
797
|
+
"agent:read",
|
|
798
|
+
"agent:write",
|
|
799
|
+
"agent-run:read",
|
|
800
|
+
"agent-run:write",
|
|
801
|
+
"schedule:read",
|
|
802
|
+
"schedule:write"
|
|
803
|
+
];
|
|
804
|
+
var firewallPermissionSchema = z3.object({
|
|
831
805
|
name: z3.string(),
|
|
832
806
|
description: z3.string().optional(),
|
|
833
807
|
rules: z3.array(z3.string())
|
|
834
808
|
});
|
|
835
|
-
var
|
|
836
|
-
base: z3.string(),
|
|
837
|
-
auth: z3.object({
|
|
838
|
-
headers: z3.record(z3.string(), z3.string())
|
|
839
|
-
}),
|
|
840
|
-
permissions: z3.array(servicePermissionSchema).optional()
|
|
841
|
-
});
|
|
842
|
-
var serviceEntrySchema = z3.object({
|
|
843
|
-
name: z3.string(),
|
|
844
|
-
ref: z3.string(),
|
|
845
|
-
apis: z3.array(serviceApiEntrySchema)
|
|
846
|
-
});
|
|
847
|
-
var experimentalServicesSchema = z3.array(serviceEntrySchema);
|
|
848
|
-
var storageEntrySchema = z3.object({
|
|
849
|
-
mountPath: z3.string(),
|
|
850
|
-
archiveUrl: z3.string().nullable()
|
|
851
|
-
});
|
|
852
|
-
var artifactEntrySchema = z3.object({
|
|
853
|
-
mountPath: z3.string(),
|
|
854
|
-
archiveUrl: z3.string().nullable(),
|
|
855
|
-
vasStorageName: z3.string(),
|
|
856
|
-
vasVersionId: z3.string()
|
|
857
|
-
});
|
|
858
|
-
var storageManifestSchema = z3.object({
|
|
859
|
-
storages: z3.array(storageEntrySchema),
|
|
860
|
-
artifact: artifactEntrySchema.nullable(),
|
|
861
|
-
memory: artifactEntrySchema.nullable()
|
|
862
|
-
});
|
|
863
|
-
var resumeSessionSchema = z3.object({
|
|
864
|
-
sessionId: z3.string(),
|
|
865
|
-
sessionHistory: z3.string()
|
|
866
|
-
});
|
|
867
|
-
var storedExecutionContextSchema = z3.object({
|
|
868
|
-
workingDir: z3.string(),
|
|
869
|
-
storageManifest: storageManifestSchema.nullable(),
|
|
870
|
-
environment: z3.record(z3.string(), z3.string()).nullable(),
|
|
871
|
-
resumeSession: resumeSessionSchema.nullable(),
|
|
872
|
-
encryptedSecrets: z3.string().nullable(),
|
|
873
|
-
// AES-256-GCM encrypted Record<string, string> (secret name → value)
|
|
874
|
-
// Maps secret names to OAuth connector types for runtime token refresh (e.g. { "GMAIL_ACCESS_TOKEN": "gmail" })
|
|
875
|
-
secretConnectorMap: z3.record(z3.string(), z3.string()).nullable().optional(),
|
|
876
|
-
cliAgentType: z3.string(),
|
|
877
|
-
experimentalFirewall: experimentalFirewallSchema.optional(),
|
|
878
|
-
// Debug flag to force real Claude in mock environments (internal use only)
|
|
879
|
-
debugNoMockClaude: z3.boolean().optional(),
|
|
880
|
-
// Dispatch timestamp for E2E timing metrics
|
|
881
|
-
apiStartTime: z3.number().optional(),
|
|
882
|
-
// User's timezone preference (IANA format, e.g., "Asia/Shanghai")
|
|
883
|
-
userTimezone: z3.string().optional(),
|
|
884
|
-
// Agent metadata for VM0_AGENT_NAME and VM0_AGENT_ORG env vars
|
|
885
|
-
agentName: z3.string().optional(),
|
|
886
|
-
agentOrgSlug: z3.string().optional(),
|
|
887
|
-
// Memory storage name (for first-run when manifest.memory is null)
|
|
888
|
-
memoryName: z3.string().optional(),
|
|
889
|
-
// Experimental services for proxy-side token replacement
|
|
890
|
-
experimentalServices: experimentalServicesSchema.optional()
|
|
891
|
-
});
|
|
892
|
-
var executionContextSchema = z3.object({
|
|
893
|
-
runId: z3.string().uuid(),
|
|
894
|
-
prompt: z3.string(),
|
|
895
|
-
agentComposeVersionId: z3.string().nullable(),
|
|
896
|
-
vars: z3.record(z3.string(), z3.string()).nullable(),
|
|
897
|
-
checkpointId: z3.string().uuid().nullable(),
|
|
898
|
-
sandboxToken: z3.string(),
|
|
899
|
-
// New fields for E2B parity:
|
|
900
|
-
workingDir: z3.string(),
|
|
901
|
-
storageManifest: storageManifestSchema.nullable(),
|
|
902
|
-
environment: z3.record(z3.string(), z3.string()).nullable(),
|
|
903
|
-
resumeSession: resumeSessionSchema.nullable(),
|
|
904
|
-
secretValues: z3.array(z3.string()).nullable(),
|
|
905
|
-
// AES-256-GCM encrypted Record<string, string> — passed through to mitm-addon for auth resolution
|
|
906
|
-
encryptedSecrets: z3.string().nullable(),
|
|
907
|
-
// Maps secret names to OAuth connector types for runtime token refresh
|
|
908
|
-
secretConnectorMap: z3.record(z3.string(), z3.string()).nullable().optional(),
|
|
909
|
-
cliAgentType: z3.string(),
|
|
910
|
-
// Experimental firewall configuration
|
|
911
|
-
experimentalFirewall: experimentalFirewallSchema.optional(),
|
|
912
|
-
// Debug flag to force real Claude in mock environments (internal use only)
|
|
913
|
-
debugNoMockClaude: z3.boolean().optional(),
|
|
914
|
-
// Dispatch timestamp for E2E timing metrics
|
|
915
|
-
apiStartTime: z3.number().optional(),
|
|
916
|
-
// User's timezone preference (IANA format, e.g., "Asia/Shanghai")
|
|
917
|
-
userTimezone: z3.string().optional(),
|
|
918
|
-
// Agent metadata
|
|
919
|
-
agentName: z3.string().optional(),
|
|
920
|
-
agentOrgSlug: z3.string().optional(),
|
|
921
|
-
// Memory storage name (for first-run when manifest.memory is null)
|
|
922
|
-
memoryName: z3.string().optional(),
|
|
923
|
-
// Experimental services for proxy-side token replacement
|
|
924
|
-
experimentalServices: experimentalServicesSchema.optional()
|
|
925
|
-
});
|
|
926
|
-
var runnersJobClaimContract = c.router({
|
|
927
|
-
claim: {
|
|
928
|
-
method: "POST",
|
|
929
|
-
path: "/api/runners/jobs/:id/claim",
|
|
930
|
-
headers: authHeadersSchema,
|
|
931
|
-
pathParams: z3.object({
|
|
932
|
-
id: z3.string().uuid()
|
|
933
|
-
}),
|
|
934
|
-
body: z3.object({}),
|
|
935
|
-
responses: {
|
|
936
|
-
200: executionContextSchema,
|
|
937
|
-
400: apiErrorSchema,
|
|
938
|
-
401: apiErrorSchema,
|
|
939
|
-
403: apiErrorSchema,
|
|
940
|
-
// Job does not belong to user
|
|
941
|
-
404: apiErrorSchema,
|
|
942
|
-
409: apiErrorSchema,
|
|
943
|
-
// Already claimed
|
|
944
|
-
500: apiErrorSchema
|
|
945
|
-
},
|
|
946
|
-
summary: "Claim a pending job for execution"
|
|
947
|
-
}
|
|
948
|
-
});
|
|
949
|
-
|
|
950
|
-
// ../../packages/core/src/contracts/composes.ts
|
|
951
|
-
var c2 = initContract();
|
|
952
|
-
var composeVersionQuerySchema = z4.string().min(1, "Missing version query parameter").regex(
|
|
953
|
-
/^[a-f0-9]{8,64}$|^latest$/i,
|
|
954
|
-
"Version must be 8-64 hex characters or 'latest'"
|
|
955
|
-
);
|
|
956
|
-
var AGENT_NAME_REGEX = /^[a-zA-Z0-9][a-zA-Z0-9-]{1,62}[a-zA-Z0-9]$/;
|
|
957
|
-
var agentNameSchema = z4.string().min(3, "Agent name must be at least 3 characters").max(64, "Agent name must be 64 characters or less").regex(
|
|
809
|
+
var agentNameSchema = z3.string().min(3, "Agent name must be at least 3 characters").max(64, "Agent name must be 64 characters or less").regex(
|
|
958
810
|
AGENT_NAME_REGEX,
|
|
959
811
|
"Agent name must start and end with letter or number, and contain only letters, numbers, and hyphens"
|
|
960
812
|
);
|
|
961
|
-
var volumeConfigSchema =
|
|
962
|
-
name:
|
|
963
|
-
version:
|
|
813
|
+
var volumeConfigSchema = z3.object({
|
|
814
|
+
name: z3.string().min(1, "Volume name is required"),
|
|
815
|
+
version: z3.string().min(1, "Volume version is required"),
|
|
964
816
|
/** When true, skip mounting without error if volume doesn't exist */
|
|
965
|
-
optional:
|
|
817
|
+
optional: z3.boolean().optional()
|
|
966
818
|
});
|
|
967
|
-
var agentDefinitionSchema =
|
|
968
|
-
description:
|
|
969
|
-
framework:
|
|
970
|
-
volumes:
|
|
971
|
-
environment:
|
|
819
|
+
var agentDefinitionSchema = z3.object({
|
|
820
|
+
description: z3.string().optional(),
|
|
821
|
+
framework: z3.string().min(1, "Framework is required"),
|
|
822
|
+
volumes: z3.array(z3.string()).optional(),
|
|
823
|
+
environment: z3.record(z3.string(), z3.string()).optional(),
|
|
972
824
|
/**
|
|
973
825
|
* Path to instructions file (e.g., AGENTS.md).
|
|
974
826
|
* Auto-uploaded as volume and mounted at /home/user/.claude/CLAUDE.md
|
|
975
827
|
*/
|
|
976
|
-
instructions:
|
|
828
|
+
instructions: z3.string().min(1, "Instructions path cannot be empty").refine(
|
|
977
829
|
(val) => !val.includes("..") && !val.startsWith("/") && !val.startsWith("\\"),
|
|
978
830
|
"Instructions path must be a relative path without '..' segments"
|
|
979
831
|
).optional(),
|
|
@@ -981,101 +833,102 @@ var agentDefinitionSchema = z4.object({
|
|
|
981
833
|
* Array of GitHub tree URLs for agent skills.
|
|
982
834
|
* Each skill is auto-downloaded and mounted at /home/user/.claude/skills/{skillName}/
|
|
983
835
|
*/
|
|
984
|
-
skills:
|
|
836
|
+
skills: z3.array(z3.string()).optional(),
|
|
985
837
|
/**
|
|
986
838
|
* Route this agent to a self-hosted runner instead of E2B.
|
|
987
839
|
* When specified, runs will be queued for the specified runner group.
|
|
988
840
|
*/
|
|
989
|
-
experimental_runner:
|
|
990
|
-
group:
|
|
841
|
+
experimental_runner: z3.object({
|
|
842
|
+
group: z3.string().regex(
|
|
991
843
|
/^[a-z0-9-]+\/[a-z0-9-]+$/,
|
|
992
844
|
"Runner group must be in org/name format (e.g., acme/production)"
|
|
993
845
|
)
|
|
994
846
|
}).optional(),
|
|
995
847
|
/**
|
|
996
|
-
*
|
|
997
|
-
* Requires experimental_runner to be configured.
|
|
998
|
-
* When enabled, filters outbound traffic by domain/IP rules.
|
|
999
|
-
*/
|
|
1000
|
-
experimental_firewall: experimentalFirewallSchema.optional(),
|
|
1001
|
-
/**
|
|
1002
|
-
* External services for proxy-side token replacement.
|
|
848
|
+
* External firewall rules for proxy-side token replacement.
|
|
1003
849
|
* CLI input: map format { slack: { permissions: [...] | "all" } }
|
|
1004
|
-
* — expanded by CLI to full
|
|
850
|
+
* — expanded by CLI to full ExpandedFirewallConfig[] before API call.
|
|
1005
851
|
*/
|
|
1006
|
-
|
|
1007
|
-
|
|
1008
|
-
|
|
1009
|
-
permissions:
|
|
852
|
+
experimental_firewall: z3.record(
|
|
853
|
+
z3.string(),
|
|
854
|
+
z3.object({
|
|
855
|
+
permissions: z3.union([z3.literal("all"), z3.array(z3.string()).min(1)])
|
|
1010
856
|
})
|
|
1011
857
|
).optional(),
|
|
858
|
+
/**
|
|
859
|
+
* Capabilities that the agent is allowed to use.
|
|
860
|
+
* Validated against VALID_CAPABILITIES at compose time.
|
|
861
|
+
*/
|
|
862
|
+
experimental_capabilities: z3.array(z3.enum(VALID_CAPABILITIES)).refine((arr) => new Set(arr).size === arr.length, {
|
|
863
|
+
message: "Duplicate capabilities are not allowed"
|
|
864
|
+
}).optional(),
|
|
1012
865
|
/**
|
|
1013
866
|
* Agent metadata for display and personalization.
|
|
1014
867
|
* - displayName: Human-readable name shown in the UI (preserves original casing).
|
|
1015
868
|
* - sound: Communication tone (e.g., "professional", "friendly").
|
|
1016
869
|
*/
|
|
1017
|
-
metadata:
|
|
1018
|
-
displayName:
|
|
1019
|
-
description:
|
|
1020
|
-
sound:
|
|
870
|
+
metadata: z3.object({
|
|
871
|
+
displayName: z3.string().optional(),
|
|
872
|
+
description: z3.string().optional(),
|
|
873
|
+
sound: z3.string().optional()
|
|
1021
874
|
}).optional(),
|
|
1022
875
|
/**
|
|
1023
876
|
* @deprecated Server-resolved field. User input is ignored.
|
|
1024
877
|
* @internal
|
|
1025
878
|
*/
|
|
1026
|
-
image:
|
|
879
|
+
image: z3.string().optional(),
|
|
1027
880
|
/**
|
|
1028
881
|
* @deprecated Server-resolved field. User input is ignored.
|
|
1029
882
|
* @internal
|
|
1030
883
|
*/
|
|
1031
|
-
working_dir:
|
|
884
|
+
working_dir: z3.string().optional()
|
|
1032
885
|
});
|
|
1033
|
-
var agentComposeContentSchema =
|
|
1034
|
-
version:
|
|
1035
|
-
agents:
|
|
1036
|
-
volumes:
|
|
886
|
+
var agentComposeContentSchema = z3.object({
|
|
887
|
+
version: z3.string().min(1, "Version is required"),
|
|
888
|
+
agents: z3.record(z3.string(), agentDefinitionSchema),
|
|
889
|
+
volumes: z3.record(z3.string(), volumeConfigSchema).optional()
|
|
1037
890
|
});
|
|
1038
|
-
var
|
|
1039
|
-
name:
|
|
1040
|
-
ref:
|
|
1041
|
-
description:
|
|
1042
|
-
apis:
|
|
1043
|
-
|
|
1044
|
-
base:
|
|
1045
|
-
auth:
|
|
1046
|
-
headers:
|
|
891
|
+
var expandedFirewallConfigSchema = z3.object({
|
|
892
|
+
name: z3.string(),
|
|
893
|
+
ref: z3.string(),
|
|
894
|
+
description: z3.string().optional(),
|
|
895
|
+
apis: z3.array(
|
|
896
|
+
z3.object({
|
|
897
|
+
base: z3.string(),
|
|
898
|
+
auth: z3.object({
|
|
899
|
+
headers: z3.record(z3.string(), z3.string())
|
|
1047
900
|
}),
|
|
1048
|
-
permissions:
|
|
901
|
+
permissions: z3.array(firewallPermissionSchema).optional()
|
|
1049
902
|
})
|
|
1050
903
|
),
|
|
1051
|
-
placeholders:
|
|
904
|
+
placeholders: z3.record(z3.string(), z3.string()).optional()
|
|
1052
905
|
});
|
|
1053
|
-
var agentComposeApiContentSchema =
|
|
1054
|
-
version:
|
|
1055
|
-
agents:
|
|
1056
|
-
|
|
906
|
+
var agentComposeApiContentSchema = z3.object({
|
|
907
|
+
version: z3.string().min(1, "Version is required"),
|
|
908
|
+
agents: z3.record(
|
|
909
|
+
z3.string(),
|
|
1057
910
|
agentDefinitionSchema.extend({
|
|
1058
|
-
|
|
911
|
+
experimental_firewall: z3.array(expandedFirewallConfigSchema).optional()
|
|
1059
912
|
})
|
|
1060
913
|
),
|
|
1061
|
-
volumes:
|
|
914
|
+
volumes: z3.record(z3.string(), volumeConfigSchema).optional()
|
|
1062
915
|
});
|
|
1063
|
-
var composeResponseSchema =
|
|
1064
|
-
id:
|
|
1065
|
-
name:
|
|
1066
|
-
headVersionId:
|
|
916
|
+
var composeResponseSchema = z3.object({
|
|
917
|
+
id: z3.string(),
|
|
918
|
+
name: z3.string(),
|
|
919
|
+
headVersionId: z3.string().nullable(),
|
|
1067
920
|
content: agentComposeApiContentSchema.nullable(),
|
|
1068
|
-
createdAt:
|
|
1069
|
-
updatedAt:
|
|
921
|
+
createdAt: z3.string(),
|
|
922
|
+
updatedAt: z3.string()
|
|
1070
923
|
});
|
|
1071
|
-
var createComposeResponseSchema =
|
|
1072
|
-
composeId:
|
|
1073
|
-
name:
|
|
1074
|
-
versionId:
|
|
1075
|
-
action:
|
|
1076
|
-
updatedAt:
|
|
924
|
+
var createComposeResponseSchema = z3.object({
|
|
925
|
+
composeId: z3.string(),
|
|
926
|
+
name: z3.string(),
|
|
927
|
+
versionId: z3.string(),
|
|
928
|
+
action: z3.enum(["created", "existing"]),
|
|
929
|
+
updatedAt: z3.string()
|
|
1077
930
|
});
|
|
1078
|
-
var composesMainContract =
|
|
931
|
+
var composesMainContract = c.router({
|
|
1079
932
|
/**
|
|
1080
933
|
* GET /api/agent/composes?name={name}&org={org}
|
|
1081
934
|
* Get agent compose by name with HEAD version content
|
|
@@ -1085,9 +938,9 @@ var composesMainContract = c2.router({
|
|
|
1085
938
|
method: "GET",
|
|
1086
939
|
path: "/api/agent/composes",
|
|
1087
940
|
headers: authHeadersSchema,
|
|
1088
|
-
query:
|
|
1089
|
-
name:
|
|
1090
|
-
org:
|
|
941
|
+
query: z3.object({
|
|
942
|
+
name: z3.string().min(1, "Missing name query parameter"),
|
|
943
|
+
org: z3.string().optional()
|
|
1091
944
|
}),
|
|
1092
945
|
responses: {
|
|
1093
946
|
200: composeResponseSchema,
|
|
@@ -1107,7 +960,7 @@ var composesMainContract = c2.router({
|
|
|
1107
960
|
method: "POST",
|
|
1108
961
|
path: "/api/agent/composes",
|
|
1109
962
|
headers: authHeadersSchema,
|
|
1110
|
-
body:
|
|
963
|
+
body: z3.object({
|
|
1111
964
|
content: agentComposeApiContentSchema
|
|
1112
965
|
}),
|
|
1113
966
|
responses: {
|
|
@@ -1119,7 +972,7 @@ var composesMainContract = c2.router({
|
|
|
1119
972
|
summary: "Create or update agent compose version"
|
|
1120
973
|
}
|
|
1121
974
|
});
|
|
1122
|
-
var composesByIdContract =
|
|
975
|
+
var composesByIdContract = c.router({
|
|
1123
976
|
/**
|
|
1124
977
|
* GET /api/agent/composes/:id
|
|
1125
978
|
* Get agent compose by ID with HEAD version content
|
|
@@ -1128,8 +981,8 @@ var composesByIdContract = c2.router({
|
|
|
1128
981
|
method: "GET",
|
|
1129
982
|
path: "/api/agent/composes/:id",
|
|
1130
983
|
headers: authHeadersSchema,
|
|
1131
|
-
pathParams:
|
|
1132
|
-
id:
|
|
984
|
+
pathParams: z3.object({
|
|
985
|
+
id: z3.string().min(1, "Compose ID is required")
|
|
1133
986
|
}),
|
|
1134
987
|
responses: {
|
|
1135
988
|
200: composeResponseSchema,
|
|
@@ -1147,12 +1000,12 @@ var composesByIdContract = c2.router({
|
|
|
1147
1000
|
method: "DELETE",
|
|
1148
1001
|
path: "/api/agent/composes/:id",
|
|
1149
1002
|
headers: authHeadersSchema,
|
|
1150
|
-
pathParams:
|
|
1151
|
-
id:
|
|
1003
|
+
pathParams: z3.object({
|
|
1004
|
+
id: z3.string().uuid("Compose ID is required")
|
|
1152
1005
|
}),
|
|
1153
|
-
body:
|
|
1006
|
+
body: c.noBody(),
|
|
1154
1007
|
responses: {
|
|
1155
|
-
204:
|
|
1008
|
+
204: c.noBody(),
|
|
1156
1009
|
401: apiErrorSchema,
|
|
1157
1010
|
404: apiErrorSchema,
|
|
1158
1011
|
409: apiErrorSchema
|
|
@@ -1160,7 +1013,7 @@ var composesByIdContract = c2.router({
|
|
|
1160
1013
|
summary: "Delete agent compose"
|
|
1161
1014
|
}
|
|
1162
1015
|
});
|
|
1163
|
-
var composesVersionsContract =
|
|
1016
|
+
var composesVersionsContract = c.router({
|
|
1164
1017
|
/**
|
|
1165
1018
|
* GET /api/agent/composes/versions?composeId={id}&version={hash|tag}
|
|
1166
1019
|
* Resolve a version specifier to a full version ID
|
|
@@ -1169,14 +1022,14 @@ var composesVersionsContract = c2.router({
|
|
|
1169
1022
|
method: "GET",
|
|
1170
1023
|
path: "/api/agent/composes/versions",
|
|
1171
1024
|
headers: authHeadersSchema,
|
|
1172
|
-
query:
|
|
1173
|
-
composeId:
|
|
1025
|
+
query: z3.object({
|
|
1026
|
+
composeId: z3.string().min(1, "Missing composeId query parameter"),
|
|
1174
1027
|
version: composeVersionQuerySchema
|
|
1175
1028
|
}),
|
|
1176
1029
|
responses: {
|
|
1177
|
-
200:
|
|
1178
|
-
versionId:
|
|
1179
|
-
tag:
|
|
1030
|
+
200: z3.object({
|
|
1031
|
+
versionId: z3.string(),
|
|
1032
|
+
tag: z3.string().optional()
|
|
1180
1033
|
}),
|
|
1181
1034
|
400: apiErrorSchema,
|
|
1182
1035
|
401: apiErrorSchema,
|
|
@@ -1185,16 +1038,16 @@ var composesVersionsContract = c2.router({
|
|
|
1185
1038
|
summary: "Resolve version specifier to full version ID"
|
|
1186
1039
|
}
|
|
1187
1040
|
});
|
|
1188
|
-
var composeListItemSchema =
|
|
1189
|
-
id:
|
|
1190
|
-
name:
|
|
1191
|
-
displayName:
|
|
1192
|
-
description:
|
|
1193
|
-
headVersionId:
|
|
1194
|
-
updatedAt:
|
|
1195
|
-
isOwner:
|
|
1041
|
+
var composeListItemSchema = z3.object({
|
|
1042
|
+
id: z3.string(),
|
|
1043
|
+
name: z3.string(),
|
|
1044
|
+
displayName: z3.string().nullable().optional(),
|
|
1045
|
+
description: z3.string().nullable().optional(),
|
|
1046
|
+
headVersionId: z3.string().nullable(),
|
|
1047
|
+
updatedAt: z3.string(),
|
|
1048
|
+
isOwner: z3.boolean()
|
|
1196
1049
|
});
|
|
1197
|
-
var composesListContract =
|
|
1050
|
+
var composesListContract = c.router({
|
|
1198
1051
|
/**
|
|
1199
1052
|
* GET /api/agent/composes/list?org={org}
|
|
1200
1053
|
* List all agent composes for an org
|
|
@@ -1204,12 +1057,12 @@ var composesListContract = c2.router({
|
|
|
1204
1057
|
method: "GET",
|
|
1205
1058
|
path: "/api/agent/composes/list",
|
|
1206
1059
|
headers: authHeadersSchema,
|
|
1207
|
-
query:
|
|
1208
|
-
org:
|
|
1060
|
+
query: z3.object({
|
|
1061
|
+
org: z3.string().optional()
|
|
1209
1062
|
}),
|
|
1210
1063
|
responses: {
|
|
1211
|
-
200:
|
|
1212
|
-
composes:
|
|
1064
|
+
200: z3.object({
|
|
1065
|
+
composes: z3.array(composeListItemSchema)
|
|
1213
1066
|
}),
|
|
1214
1067
|
400: apiErrorSchema,
|
|
1215
1068
|
401: apiErrorSchema
|
|
@@ -1219,8 +1072,8 @@ var composesListContract = c2.router({
|
|
|
1219
1072
|
});
|
|
1220
1073
|
|
|
1221
1074
|
// ../../packages/core/src/contracts/runs.ts
|
|
1222
|
-
import { z as
|
|
1223
|
-
var
|
|
1075
|
+
import { z as z4 } from "zod";
|
|
1076
|
+
var c2 = initContract();
|
|
1224
1077
|
var ALL_RUN_STATUSES = [
|
|
1225
1078
|
"queued",
|
|
1226
1079
|
"pending",
|
|
@@ -1230,94 +1083,94 @@ var ALL_RUN_STATUSES = [
|
|
|
1230
1083
|
"timeout",
|
|
1231
1084
|
"cancelled"
|
|
1232
1085
|
];
|
|
1233
|
-
var runStatusSchema =
|
|
1234
|
-
var unifiedRunRequestSchema =
|
|
1086
|
+
var runStatusSchema = z4.enum(ALL_RUN_STATUSES);
|
|
1087
|
+
var unifiedRunRequestSchema = z4.object({
|
|
1235
1088
|
// High-level shortcuts (mutually exclusive with each other)
|
|
1236
|
-
checkpointId:
|
|
1237
|
-
sessionId:
|
|
1089
|
+
checkpointId: z4.string().optional(),
|
|
1090
|
+
sessionId: z4.string().optional(),
|
|
1238
1091
|
// Base parameters (can be used directly or overridden after shortcut expansion)
|
|
1239
|
-
agentComposeId:
|
|
1240
|
-
agentComposeVersionId:
|
|
1241
|
-
conversationId:
|
|
1242
|
-
artifactName:
|
|
1243
|
-
artifactVersion:
|
|
1244
|
-
vars:
|
|
1245
|
-
secrets:
|
|
1246
|
-
volumeVersions:
|
|
1247
|
-
memoryName:
|
|
1092
|
+
agentComposeId: z4.string().optional(),
|
|
1093
|
+
agentComposeVersionId: z4.string().optional(),
|
|
1094
|
+
conversationId: z4.string().optional(),
|
|
1095
|
+
artifactName: z4.string().optional(),
|
|
1096
|
+
artifactVersion: z4.string().optional(),
|
|
1097
|
+
vars: z4.record(z4.string(), z4.string()).optional(),
|
|
1098
|
+
secrets: z4.record(z4.string(), z4.string()).optional(),
|
|
1099
|
+
volumeVersions: z4.record(z4.string(), z4.string()).optional(),
|
|
1100
|
+
memoryName: z4.string().optional(),
|
|
1248
1101
|
// Debug flag to force real Claude in mock environments (internal use only)
|
|
1249
|
-
debugNoMockClaude:
|
|
1102
|
+
debugNoMockClaude: z4.boolean().optional(),
|
|
1250
1103
|
// Model provider for automatic secret injection
|
|
1251
|
-
modelProvider:
|
|
1104
|
+
modelProvider: z4.string().optional(),
|
|
1252
1105
|
// Environment validation flag - when true, validates secrets/vars before running
|
|
1253
|
-
checkEnv:
|
|
1106
|
+
checkEnv: z4.boolean().optional(),
|
|
1254
1107
|
// Required
|
|
1255
|
-
prompt:
|
|
1108
|
+
prompt: z4.string().min(1, "Missing prompt")
|
|
1256
1109
|
});
|
|
1257
|
-
var createRunResponseSchema =
|
|
1258
|
-
runId:
|
|
1110
|
+
var createRunResponseSchema = z4.object({
|
|
1111
|
+
runId: z4.string(),
|
|
1259
1112
|
status: runStatusSchema,
|
|
1260
|
-
sandboxId:
|
|
1261
|
-
output:
|
|
1262
|
-
error:
|
|
1263
|
-
executionTimeMs:
|
|
1264
|
-
createdAt:
|
|
1113
|
+
sandboxId: z4.string().optional(),
|
|
1114
|
+
output: z4.string().optional(),
|
|
1115
|
+
error: z4.string().optional(),
|
|
1116
|
+
executionTimeMs: z4.number().optional(),
|
|
1117
|
+
createdAt: z4.string()
|
|
1265
1118
|
});
|
|
1266
|
-
var getRunResponseSchema =
|
|
1267
|
-
runId:
|
|
1268
|
-
agentComposeVersionId:
|
|
1119
|
+
var getRunResponseSchema = z4.object({
|
|
1120
|
+
runId: z4.string(),
|
|
1121
|
+
agentComposeVersionId: z4.string().nullable(),
|
|
1269
1122
|
status: runStatusSchema,
|
|
1270
|
-
prompt:
|
|
1271
|
-
vars:
|
|
1272
|
-
sandboxId:
|
|
1273
|
-
result:
|
|
1274
|
-
output:
|
|
1275
|
-
executionTimeMs:
|
|
1123
|
+
prompt: z4.string(),
|
|
1124
|
+
vars: z4.record(z4.string(), z4.string()).optional(),
|
|
1125
|
+
sandboxId: z4.string().optional(),
|
|
1126
|
+
result: z4.object({
|
|
1127
|
+
output: z4.string(),
|
|
1128
|
+
executionTimeMs: z4.number()
|
|
1276
1129
|
}).optional(),
|
|
1277
|
-
error:
|
|
1278
|
-
createdAt:
|
|
1279
|
-
startedAt:
|
|
1280
|
-
completedAt:
|
|
1130
|
+
error: z4.string().optional(),
|
|
1131
|
+
createdAt: z4.string(),
|
|
1132
|
+
startedAt: z4.string().optional(),
|
|
1133
|
+
completedAt: z4.string().optional()
|
|
1281
1134
|
});
|
|
1282
|
-
var runEventSchema =
|
|
1283
|
-
sequenceNumber:
|
|
1284
|
-
eventType:
|
|
1285
|
-
eventData:
|
|
1286
|
-
createdAt:
|
|
1135
|
+
var runEventSchema = z4.object({
|
|
1136
|
+
sequenceNumber: z4.number(),
|
|
1137
|
+
eventType: z4.string(),
|
|
1138
|
+
eventData: z4.unknown(),
|
|
1139
|
+
createdAt: z4.string()
|
|
1287
1140
|
});
|
|
1288
|
-
var runResultSchema =
|
|
1289
|
-
checkpointId:
|
|
1290
|
-
agentSessionId:
|
|
1291
|
-
conversationId:
|
|
1292
|
-
artifact:
|
|
1141
|
+
var runResultSchema = z4.object({
|
|
1142
|
+
checkpointId: z4.string(),
|
|
1143
|
+
agentSessionId: z4.string(),
|
|
1144
|
+
conversationId: z4.string(),
|
|
1145
|
+
artifact: z4.record(z4.string(), z4.string()).optional(),
|
|
1293
1146
|
// optional when run has no artifact
|
|
1294
|
-
volumes:
|
|
1295
|
-
memory:
|
|
1147
|
+
volumes: z4.record(z4.string(), z4.string()).optional(),
|
|
1148
|
+
memory: z4.record(z4.string(), z4.string()).optional()
|
|
1296
1149
|
});
|
|
1297
|
-
var runStateSchema =
|
|
1150
|
+
var runStateSchema = z4.object({
|
|
1298
1151
|
status: runStatusSchema,
|
|
1299
1152
|
result: runResultSchema.optional(),
|
|
1300
|
-
error:
|
|
1153
|
+
error: z4.string().optional()
|
|
1301
1154
|
});
|
|
1302
|
-
var eventsResponseSchema =
|
|
1303
|
-
events:
|
|
1304
|
-
hasMore:
|
|
1305
|
-
nextSequence:
|
|
1155
|
+
var eventsResponseSchema = z4.object({
|
|
1156
|
+
events: z4.array(runEventSchema),
|
|
1157
|
+
hasMore: z4.boolean(),
|
|
1158
|
+
nextSequence: z4.number(),
|
|
1306
1159
|
run: runStateSchema,
|
|
1307
|
-
framework:
|
|
1160
|
+
framework: z4.string()
|
|
1308
1161
|
});
|
|
1309
|
-
var runListItemSchema =
|
|
1310
|
-
id:
|
|
1311
|
-
agentName:
|
|
1162
|
+
var runListItemSchema = z4.object({
|
|
1163
|
+
id: z4.string(),
|
|
1164
|
+
agentName: z4.string(),
|
|
1312
1165
|
status: runStatusSchema,
|
|
1313
|
-
prompt:
|
|
1314
|
-
createdAt:
|
|
1315
|
-
startedAt:
|
|
1166
|
+
prompt: z4.string(),
|
|
1167
|
+
createdAt: z4.string(),
|
|
1168
|
+
startedAt: z4.string().nullable()
|
|
1316
1169
|
});
|
|
1317
|
-
var runsListResponseSchema =
|
|
1318
|
-
runs:
|
|
1170
|
+
var runsListResponseSchema = z4.object({
|
|
1171
|
+
runs: z4.array(runListItemSchema)
|
|
1319
1172
|
});
|
|
1320
|
-
var runsMainContract =
|
|
1173
|
+
var runsMainContract = c2.router({
|
|
1321
1174
|
/**
|
|
1322
1175
|
* GET /api/agent/runs
|
|
1323
1176
|
* List agent runs (pending and running by default)
|
|
@@ -1326,16 +1179,16 @@ var runsMainContract = c3.router({
|
|
|
1326
1179
|
method: "GET",
|
|
1327
1180
|
path: "/api/agent/runs",
|
|
1328
1181
|
headers: authHeadersSchema,
|
|
1329
|
-
query:
|
|
1330
|
-
status:
|
|
1182
|
+
query: z4.object({
|
|
1183
|
+
status: z4.string().optional(),
|
|
1331
1184
|
// comma-separated: "pending,running"
|
|
1332
|
-
agent:
|
|
1185
|
+
agent: z4.string().optional(),
|
|
1333
1186
|
// agent name filter
|
|
1334
|
-
since:
|
|
1187
|
+
since: z4.string().optional(),
|
|
1335
1188
|
// ISO timestamp
|
|
1336
|
-
until:
|
|
1189
|
+
until: z4.string().optional(),
|
|
1337
1190
|
// ISO timestamp
|
|
1338
|
-
limit:
|
|
1191
|
+
limit: z4.coerce.number().min(1).max(100).default(50)
|
|
1339
1192
|
}),
|
|
1340
1193
|
responses: {
|
|
1341
1194
|
200: runsListResponseSchema,
|
|
@@ -1362,7 +1215,7 @@ var runsMainContract = c3.router({
|
|
|
1362
1215
|
summary: "Create and execute agent run"
|
|
1363
1216
|
}
|
|
1364
1217
|
});
|
|
1365
|
-
var runsByIdContract =
|
|
1218
|
+
var runsByIdContract = c2.router({
|
|
1366
1219
|
/**
|
|
1367
1220
|
* GET /api/agent/runs/:id
|
|
1368
1221
|
* Get agent run status and results
|
|
@@ -1371,8 +1224,8 @@ var runsByIdContract = c3.router({
|
|
|
1371
1224
|
method: "GET",
|
|
1372
1225
|
path: "/api/agent/runs/:id",
|
|
1373
1226
|
headers: authHeadersSchema,
|
|
1374
|
-
pathParams:
|
|
1375
|
-
id:
|
|
1227
|
+
pathParams: z4.object({
|
|
1228
|
+
id: z4.string().min(1, "Run ID is required")
|
|
1376
1229
|
}),
|
|
1377
1230
|
responses: {
|
|
1378
1231
|
200: getRunResponseSchema,
|
|
@@ -1383,12 +1236,12 @@ var runsByIdContract = c3.router({
|
|
|
1383
1236
|
summary: "Get agent run by ID"
|
|
1384
1237
|
}
|
|
1385
1238
|
});
|
|
1386
|
-
var cancelRunResponseSchema =
|
|
1387
|
-
id:
|
|
1388
|
-
status:
|
|
1389
|
-
message:
|
|
1239
|
+
var cancelRunResponseSchema = z4.object({
|
|
1240
|
+
id: z4.string(),
|
|
1241
|
+
status: z4.literal("cancelled"),
|
|
1242
|
+
message: z4.string()
|
|
1390
1243
|
});
|
|
1391
|
-
var runsCancelContract =
|
|
1244
|
+
var runsCancelContract = c2.router({
|
|
1392
1245
|
/**
|
|
1393
1246
|
* POST /api/agent/runs/:id/cancel
|
|
1394
1247
|
* Cancel a pending or running run
|
|
@@ -1397,10 +1250,10 @@ var runsCancelContract = c3.router({
|
|
|
1397
1250
|
method: "POST",
|
|
1398
1251
|
path: "/api/agent/runs/:id/cancel",
|
|
1399
1252
|
headers: authHeadersSchema,
|
|
1400
|
-
pathParams:
|
|
1401
|
-
id:
|
|
1253
|
+
pathParams: z4.object({
|
|
1254
|
+
id: z4.string().min(1, "Run ID is required")
|
|
1402
1255
|
}),
|
|
1403
|
-
body:
|
|
1256
|
+
body: z4.undefined(),
|
|
1404
1257
|
responses: {
|
|
1405
1258
|
200: cancelRunResponseSchema,
|
|
1406
1259
|
400: apiErrorSchema,
|
|
@@ -1410,7 +1263,7 @@ var runsCancelContract = c3.router({
|
|
|
1410
1263
|
summary: "Cancel a pending or running run"
|
|
1411
1264
|
}
|
|
1412
1265
|
});
|
|
1413
|
-
var runEventsContract =
|
|
1266
|
+
var runEventsContract = c2.router({
|
|
1414
1267
|
/**
|
|
1415
1268
|
* GET /api/agent/runs/:id/events
|
|
1416
1269
|
* Poll for agent run events with pagination
|
|
@@ -1419,12 +1272,12 @@ var runEventsContract = c3.router({
|
|
|
1419
1272
|
method: "GET",
|
|
1420
1273
|
path: "/api/agent/runs/:id/events",
|
|
1421
1274
|
headers: authHeadersSchema,
|
|
1422
|
-
pathParams:
|
|
1423
|
-
id:
|
|
1275
|
+
pathParams: z4.object({
|
|
1276
|
+
id: z4.string().min(1, "Run ID is required")
|
|
1424
1277
|
}),
|
|
1425
|
-
query:
|
|
1426
|
-
since:
|
|
1427
|
-
limit:
|
|
1278
|
+
query: z4.object({
|
|
1279
|
+
since: z4.coerce.number().default(-1),
|
|
1280
|
+
limit: z4.coerce.number().default(100)
|
|
1428
1281
|
}),
|
|
1429
1282
|
responses: {
|
|
1430
1283
|
200: eventsResponseSchema,
|
|
@@ -1434,50 +1287,50 @@ var runEventsContract = c3.router({
|
|
|
1434
1287
|
summary: "Get agent run events"
|
|
1435
1288
|
}
|
|
1436
1289
|
});
|
|
1437
|
-
var telemetryMetricSchema =
|
|
1438
|
-
ts:
|
|
1439
|
-
cpu:
|
|
1440
|
-
mem_used:
|
|
1441
|
-
mem_total:
|
|
1442
|
-
disk_used:
|
|
1443
|
-
disk_total:
|
|
1290
|
+
var telemetryMetricSchema = z4.object({
|
|
1291
|
+
ts: z4.string(),
|
|
1292
|
+
cpu: z4.number(),
|
|
1293
|
+
mem_used: z4.number(),
|
|
1294
|
+
mem_total: z4.number(),
|
|
1295
|
+
disk_used: z4.number(),
|
|
1296
|
+
disk_total: z4.number()
|
|
1444
1297
|
});
|
|
1445
|
-
var systemLogResponseSchema =
|
|
1446
|
-
systemLog:
|
|
1447
|
-
hasMore:
|
|
1298
|
+
var systemLogResponseSchema = z4.object({
|
|
1299
|
+
systemLog: z4.string(),
|
|
1300
|
+
hasMore: z4.boolean()
|
|
1448
1301
|
});
|
|
1449
|
-
var metricsResponseSchema =
|
|
1450
|
-
metrics:
|
|
1451
|
-
hasMore:
|
|
1302
|
+
var metricsResponseSchema = z4.object({
|
|
1303
|
+
metrics: z4.array(telemetryMetricSchema),
|
|
1304
|
+
hasMore: z4.boolean()
|
|
1452
1305
|
});
|
|
1453
|
-
var agentEventsResponseSchema =
|
|
1454
|
-
events:
|
|
1455
|
-
hasMore:
|
|
1456
|
-
framework:
|
|
1306
|
+
var agentEventsResponseSchema = z4.object({
|
|
1307
|
+
events: z4.array(runEventSchema),
|
|
1308
|
+
hasMore: z4.boolean(),
|
|
1309
|
+
framework: z4.string()
|
|
1457
1310
|
});
|
|
1458
|
-
var networkLogEntrySchema =
|
|
1459
|
-
timestamp:
|
|
1460
|
-
mode:
|
|
1461
|
-
action:
|
|
1462
|
-
host:
|
|
1463
|
-
port:
|
|
1464
|
-
rule_matched:
|
|
1465
|
-
method:
|
|
1466
|
-
url:
|
|
1467
|
-
status:
|
|
1468
|
-
latency_ms:
|
|
1469
|
-
request_size:
|
|
1470
|
-
response_size:
|
|
1311
|
+
var networkLogEntrySchema = z4.object({
|
|
1312
|
+
timestamp: z4.string(),
|
|
1313
|
+
mode: z4.literal("mitm").optional(),
|
|
1314
|
+
action: z4.enum(["ALLOW", "DENY"]).optional(),
|
|
1315
|
+
host: z4.string().optional(),
|
|
1316
|
+
port: z4.number().optional(),
|
|
1317
|
+
rule_matched: z4.string().nullable().optional(),
|
|
1318
|
+
method: z4.string().optional(),
|
|
1319
|
+
url: z4.string().optional(),
|
|
1320
|
+
status: z4.number().optional(),
|
|
1321
|
+
latency_ms: z4.number().optional(),
|
|
1322
|
+
request_size: z4.number().optional(),
|
|
1323
|
+
response_size: z4.number().optional()
|
|
1471
1324
|
});
|
|
1472
|
-
var networkLogsResponseSchema =
|
|
1473
|
-
networkLogs:
|
|
1474
|
-
hasMore:
|
|
1325
|
+
var networkLogsResponseSchema = z4.object({
|
|
1326
|
+
networkLogs: z4.array(networkLogEntrySchema),
|
|
1327
|
+
hasMore: z4.boolean()
|
|
1475
1328
|
});
|
|
1476
|
-
var telemetryResponseSchema =
|
|
1477
|
-
systemLog:
|
|
1478
|
-
metrics:
|
|
1329
|
+
var telemetryResponseSchema = z4.object({
|
|
1330
|
+
systemLog: z4.string(),
|
|
1331
|
+
metrics: z4.array(telemetryMetricSchema)
|
|
1479
1332
|
});
|
|
1480
|
-
var runTelemetryContract =
|
|
1333
|
+
var runTelemetryContract = c2.router({
|
|
1481
1334
|
/**
|
|
1482
1335
|
* GET /api/agent/runs/:id/telemetry
|
|
1483
1336
|
* Get aggregated telemetry data for a run (legacy combined format)
|
|
@@ -1486,8 +1339,8 @@ var runTelemetryContract = c3.router({
|
|
|
1486
1339
|
method: "GET",
|
|
1487
1340
|
path: "/api/agent/runs/:id/telemetry",
|
|
1488
1341
|
headers: authHeadersSchema,
|
|
1489
|
-
pathParams:
|
|
1490
|
-
id:
|
|
1342
|
+
pathParams: z4.object({
|
|
1343
|
+
id: z4.string().min(1, "Run ID is required")
|
|
1491
1344
|
}),
|
|
1492
1345
|
responses: {
|
|
1493
1346
|
200: telemetryResponseSchema,
|
|
@@ -1497,7 +1350,7 @@ var runTelemetryContract = c3.router({
|
|
|
1497
1350
|
summary: "Get run telemetry data"
|
|
1498
1351
|
}
|
|
1499
1352
|
});
|
|
1500
|
-
var runSystemLogContract =
|
|
1353
|
+
var runSystemLogContract = c2.router({
|
|
1501
1354
|
/**
|
|
1502
1355
|
* GET /api/agent/runs/:id/telemetry/system-log
|
|
1503
1356
|
* Get system log with pagination
|
|
@@ -1506,13 +1359,13 @@ var runSystemLogContract = c3.router({
|
|
|
1506
1359
|
method: "GET",
|
|
1507
1360
|
path: "/api/agent/runs/:id/telemetry/system-log",
|
|
1508
1361
|
headers: authHeadersSchema,
|
|
1509
|
-
pathParams:
|
|
1510
|
-
id:
|
|
1362
|
+
pathParams: z4.object({
|
|
1363
|
+
id: z4.string().min(1, "Run ID is required")
|
|
1511
1364
|
}),
|
|
1512
|
-
query:
|
|
1513
|
-
since:
|
|
1514
|
-
limit:
|
|
1515
|
-
order:
|
|
1365
|
+
query: z4.object({
|
|
1366
|
+
since: z4.coerce.number().optional(),
|
|
1367
|
+
limit: z4.coerce.number().min(1).max(100).default(5),
|
|
1368
|
+
order: z4.enum(["asc", "desc"]).default("desc")
|
|
1516
1369
|
}),
|
|
1517
1370
|
responses: {
|
|
1518
1371
|
200: systemLogResponseSchema,
|
|
@@ -1522,7 +1375,7 @@ var runSystemLogContract = c3.router({
|
|
|
1522
1375
|
summary: "Get system log with pagination"
|
|
1523
1376
|
}
|
|
1524
1377
|
});
|
|
1525
|
-
var runMetricsContract =
|
|
1378
|
+
var runMetricsContract = c2.router({
|
|
1526
1379
|
/**
|
|
1527
1380
|
* GET /api/agent/runs/:id/telemetry/metrics
|
|
1528
1381
|
* Get metrics with pagination
|
|
@@ -1531,13 +1384,13 @@ var runMetricsContract = c3.router({
|
|
|
1531
1384
|
method: "GET",
|
|
1532
1385
|
path: "/api/agent/runs/:id/telemetry/metrics",
|
|
1533
1386
|
headers: authHeadersSchema,
|
|
1534
|
-
pathParams:
|
|
1535
|
-
id:
|
|
1387
|
+
pathParams: z4.object({
|
|
1388
|
+
id: z4.string().min(1, "Run ID is required")
|
|
1536
1389
|
}),
|
|
1537
|
-
query:
|
|
1538
|
-
since:
|
|
1539
|
-
limit:
|
|
1540
|
-
order:
|
|
1390
|
+
query: z4.object({
|
|
1391
|
+
since: z4.coerce.number().optional(),
|
|
1392
|
+
limit: z4.coerce.number().min(1).max(100).default(5),
|
|
1393
|
+
order: z4.enum(["asc", "desc"]).default("desc")
|
|
1541
1394
|
}),
|
|
1542
1395
|
responses: {
|
|
1543
1396
|
200: metricsResponseSchema,
|
|
@@ -1547,7 +1400,7 @@ var runMetricsContract = c3.router({
|
|
|
1547
1400
|
summary: "Get metrics with pagination"
|
|
1548
1401
|
}
|
|
1549
1402
|
});
|
|
1550
|
-
var runAgentEventsContract =
|
|
1403
|
+
var runAgentEventsContract = c2.router({
|
|
1551
1404
|
/**
|
|
1552
1405
|
* GET /api/agent/runs/:id/telemetry/agent
|
|
1553
1406
|
* Get agent events with pagination (for vm0 logs default)
|
|
@@ -1556,13 +1409,13 @@ var runAgentEventsContract = c3.router({
|
|
|
1556
1409
|
method: "GET",
|
|
1557
1410
|
path: "/api/agent/runs/:id/telemetry/agent",
|
|
1558
1411
|
headers: authHeadersSchema,
|
|
1559
|
-
pathParams:
|
|
1560
|
-
id:
|
|
1412
|
+
pathParams: z4.object({
|
|
1413
|
+
id: z4.string().min(1, "Run ID is required")
|
|
1561
1414
|
}),
|
|
1562
|
-
query:
|
|
1563
|
-
since:
|
|
1564
|
-
limit:
|
|
1565
|
-
order:
|
|
1415
|
+
query: z4.object({
|
|
1416
|
+
since: z4.coerce.number().optional(),
|
|
1417
|
+
limit: z4.coerce.number().min(1).max(100).default(5),
|
|
1418
|
+
order: z4.enum(["asc", "desc"]).default("desc")
|
|
1566
1419
|
}),
|
|
1567
1420
|
responses: {
|
|
1568
1421
|
200: agentEventsResponseSchema,
|
|
@@ -1572,7 +1425,7 @@ var runAgentEventsContract = c3.router({
|
|
|
1572
1425
|
summary: "Get agent events with pagination"
|
|
1573
1426
|
}
|
|
1574
1427
|
});
|
|
1575
|
-
var runNetworkLogsContract =
|
|
1428
|
+
var runNetworkLogsContract = c2.router({
|
|
1576
1429
|
/**
|
|
1577
1430
|
* GET /api/agent/runs/:id/telemetry/network
|
|
1578
1431
|
* Get network logs with pagination (for vm0 logs --network)
|
|
@@ -1581,13 +1434,13 @@ var runNetworkLogsContract = c3.router({
|
|
|
1581
1434
|
method: "GET",
|
|
1582
1435
|
path: "/api/agent/runs/:id/telemetry/network",
|
|
1583
1436
|
headers: authHeadersSchema,
|
|
1584
|
-
pathParams:
|
|
1585
|
-
id:
|
|
1437
|
+
pathParams: z4.object({
|
|
1438
|
+
id: z4.string().min(1, "Run ID is required")
|
|
1586
1439
|
}),
|
|
1587
|
-
query:
|
|
1588
|
-
since:
|
|
1589
|
-
limit:
|
|
1590
|
-
order:
|
|
1440
|
+
query: z4.object({
|
|
1441
|
+
since: z4.coerce.number().optional(),
|
|
1442
|
+
limit: z4.coerce.number().min(1).max(100).default(5),
|
|
1443
|
+
order: z4.enum(["asc", "desc"]).default("desc")
|
|
1591
1444
|
}),
|
|
1592
1445
|
responses: {
|
|
1593
1446
|
200: networkLogsResponseSchema,
|
|
@@ -1597,18 +1450,18 @@ var runNetworkLogsContract = c3.router({
|
|
|
1597
1450
|
summary: "Get network logs with pagination"
|
|
1598
1451
|
}
|
|
1599
1452
|
});
|
|
1600
|
-
var searchResultSchema =
|
|
1601
|
-
runId:
|
|
1602
|
-
agentName:
|
|
1453
|
+
var searchResultSchema = z4.object({
|
|
1454
|
+
runId: z4.string(),
|
|
1455
|
+
agentName: z4.string(),
|
|
1603
1456
|
matchedEvent: runEventSchema,
|
|
1604
|
-
contextBefore:
|
|
1605
|
-
contextAfter:
|
|
1457
|
+
contextBefore: z4.array(runEventSchema),
|
|
1458
|
+
contextAfter: z4.array(runEventSchema)
|
|
1606
1459
|
});
|
|
1607
|
-
var logsSearchResponseSchema =
|
|
1608
|
-
results:
|
|
1609
|
-
hasMore:
|
|
1460
|
+
var logsSearchResponseSchema = z4.object({
|
|
1461
|
+
results: z4.array(searchResultSchema),
|
|
1462
|
+
hasMore: z4.boolean()
|
|
1610
1463
|
});
|
|
1611
|
-
var logsSearchContract =
|
|
1464
|
+
var logsSearchContract = c2.router({
|
|
1612
1465
|
/**
|
|
1613
1466
|
* GET /api/logs/search
|
|
1614
1467
|
* Search agent events across runs using keyword matching
|
|
@@ -1617,14 +1470,14 @@ var logsSearchContract = c3.router({
|
|
|
1617
1470
|
method: "GET",
|
|
1618
1471
|
path: "/api/logs/search",
|
|
1619
1472
|
headers: authHeadersSchema,
|
|
1620
|
-
query:
|
|
1621
|
-
keyword:
|
|
1622
|
-
agent:
|
|
1623
|
-
runId:
|
|
1624
|
-
since:
|
|
1625
|
-
limit:
|
|
1626
|
-
before:
|
|
1627
|
-
after:
|
|
1473
|
+
query: z4.object({
|
|
1474
|
+
keyword: z4.string().min(1),
|
|
1475
|
+
agent: z4.string().optional(),
|
|
1476
|
+
runId: z4.string().optional(),
|
|
1477
|
+
since: z4.coerce.number().optional(),
|
|
1478
|
+
limit: z4.coerce.number().min(1).max(50).default(20),
|
|
1479
|
+
before: z4.coerce.number().min(0).max(10).default(0),
|
|
1480
|
+
after: z4.coerce.number().min(0).max(10).default(0)
|
|
1628
1481
|
}),
|
|
1629
1482
|
responses: {
|
|
1630
1483
|
200: logsSearchResponseSchema,
|
|
@@ -1635,19 +1488,19 @@ var logsSearchContract = c3.router({
|
|
|
1635
1488
|
});
|
|
1636
1489
|
|
|
1637
1490
|
// ../../packages/core/src/contracts/storages.ts
|
|
1638
|
-
import { z as
|
|
1639
|
-
var
|
|
1640
|
-
var storageTypeSchema =
|
|
1641
|
-
var versionQuerySchema =
|
|
1642
|
-
var uploadStorageResponseSchema =
|
|
1643
|
-
name:
|
|
1644
|
-
versionId:
|
|
1645
|
-
size:
|
|
1646
|
-
fileCount:
|
|
1491
|
+
import { z as z5 } from "zod";
|
|
1492
|
+
var c3 = initContract();
|
|
1493
|
+
var storageTypeSchema = z5.enum(["volume", "artifact", "memory"]);
|
|
1494
|
+
var versionQuerySchema = z5.string().regex(/^[a-f0-9]{8,64}$/i, "Version must be 8-64 hex characters").optional();
|
|
1495
|
+
var uploadStorageResponseSchema = z5.object({
|
|
1496
|
+
name: z5.string(),
|
|
1497
|
+
versionId: z5.string(),
|
|
1498
|
+
size: z5.number(),
|
|
1499
|
+
fileCount: z5.number(),
|
|
1647
1500
|
type: storageTypeSchema,
|
|
1648
|
-
deduplicated:
|
|
1501
|
+
deduplicated: z5.boolean()
|
|
1649
1502
|
});
|
|
1650
|
-
var storagesContract =
|
|
1503
|
+
var storagesContract = c3.router({
|
|
1651
1504
|
/**
|
|
1652
1505
|
* POST /api/storages
|
|
1653
1506
|
* Upload a storage (tar.gz file)
|
|
@@ -1664,7 +1517,7 @@ var storagesContract = c4.router({
|
|
|
1664
1517
|
path: "/api/storages",
|
|
1665
1518
|
headers: authHeadersSchema,
|
|
1666
1519
|
contentType: "multipart/form-data",
|
|
1667
|
-
body:
|
|
1520
|
+
body: c3.type(),
|
|
1668
1521
|
responses: {
|
|
1669
1522
|
200: uploadStorageResponseSchema,
|
|
1670
1523
|
400: apiErrorSchema,
|
|
@@ -1687,15 +1540,15 @@ var storagesContract = c4.router({
|
|
|
1687
1540
|
method: "GET",
|
|
1688
1541
|
path: "/api/storages",
|
|
1689
1542
|
headers: authHeadersSchema,
|
|
1690
|
-
query:
|
|
1691
|
-
name:
|
|
1543
|
+
query: z5.object({
|
|
1544
|
+
name: z5.string().min(1, "Storage name is required"),
|
|
1692
1545
|
version: versionQuerySchema
|
|
1693
1546
|
}),
|
|
1694
1547
|
responses: {
|
|
1695
1548
|
// Binary response - actual handling done at route level
|
|
1696
|
-
200:
|
|
1549
|
+
200: c3.otherResponse({
|
|
1697
1550
|
contentType: "application/gzip",
|
|
1698
|
-
body:
|
|
1551
|
+
body: c3.type()
|
|
1699
1552
|
}),
|
|
1700
1553
|
400: apiErrorSchema,
|
|
1701
1554
|
401: apiErrorSchema,
|
|
@@ -1706,41 +1559,41 @@ var storagesContract = c4.router({
|
|
|
1706
1559
|
}
|
|
1707
1560
|
});
|
|
1708
1561
|
var MAX_FILE_SIZE_BYTES = 104857600;
|
|
1709
|
-
var fileEntryWithHashSchema =
|
|
1710
|
-
path:
|
|
1711
|
-
hash:
|
|
1712
|
-
size:
|
|
1562
|
+
var fileEntryWithHashSchema = z5.object({
|
|
1563
|
+
path: z5.string().min(1, "File path is required"),
|
|
1564
|
+
hash: z5.string().length(64, "Hash must be SHA-256 (64 hex chars)"),
|
|
1565
|
+
size: z5.number().int().min(0, "Size must be non-negative").max(MAX_FILE_SIZE_BYTES, "File size exceeds 100MB limit")
|
|
1713
1566
|
});
|
|
1714
|
-
var storageChangesSchema =
|
|
1715
|
-
added:
|
|
1716
|
-
modified:
|
|
1717
|
-
deleted:
|
|
1567
|
+
var storageChangesSchema = z5.object({
|
|
1568
|
+
added: z5.array(z5.string()),
|
|
1569
|
+
modified: z5.array(z5.string()),
|
|
1570
|
+
deleted: z5.array(z5.string())
|
|
1718
1571
|
});
|
|
1719
|
-
var presignedUploadSchema =
|
|
1720
|
-
key:
|
|
1721
|
-
presignedUrl:
|
|
1572
|
+
var presignedUploadSchema = z5.object({
|
|
1573
|
+
key: z5.string(),
|
|
1574
|
+
presignedUrl: z5.string().url()
|
|
1722
1575
|
});
|
|
1723
|
-
var storagesPrepareContract =
|
|
1576
|
+
var storagesPrepareContract = c3.router({
|
|
1724
1577
|
prepare: {
|
|
1725
1578
|
method: "POST",
|
|
1726
1579
|
path: "/api/storages/prepare",
|
|
1727
1580
|
headers: authHeadersSchema,
|
|
1728
|
-
body:
|
|
1729
|
-
storageName:
|
|
1581
|
+
body: z5.object({
|
|
1582
|
+
storageName: z5.string().min(1, "Storage name is required"),
|
|
1730
1583
|
storageType: storageTypeSchema,
|
|
1731
|
-
files:
|
|
1732
|
-
force:
|
|
1733
|
-
runId:
|
|
1584
|
+
files: z5.array(fileEntryWithHashSchema),
|
|
1585
|
+
force: z5.boolean().optional(),
|
|
1586
|
+
runId: z5.string().optional(),
|
|
1734
1587
|
// For sandbox auth
|
|
1735
|
-
baseVersion:
|
|
1588
|
+
baseVersion: z5.string().optional(),
|
|
1736
1589
|
// For incremental uploads
|
|
1737
1590
|
changes: storageChangesSchema.optional()
|
|
1738
1591
|
}),
|
|
1739
1592
|
responses: {
|
|
1740
|
-
200:
|
|
1741
|
-
versionId:
|
|
1742
|
-
existing:
|
|
1743
|
-
uploads:
|
|
1593
|
+
200: z5.object({
|
|
1594
|
+
versionId: z5.string(),
|
|
1595
|
+
existing: z5.boolean(),
|
|
1596
|
+
uploads: z5.object({
|
|
1744
1597
|
archive: presignedUploadSchema,
|
|
1745
1598
|
manifest: presignedUploadSchema
|
|
1746
1599
|
}).optional()
|
|
@@ -1754,27 +1607,27 @@ var storagesPrepareContract = c4.router({
|
|
|
1754
1607
|
summary: "Prepare for direct S3 upload"
|
|
1755
1608
|
}
|
|
1756
1609
|
});
|
|
1757
|
-
var storagesCommitContract =
|
|
1610
|
+
var storagesCommitContract = c3.router({
|
|
1758
1611
|
commit: {
|
|
1759
1612
|
method: "POST",
|
|
1760
1613
|
path: "/api/storages/commit",
|
|
1761
1614
|
headers: authHeadersSchema,
|
|
1762
|
-
body:
|
|
1763
|
-
storageName:
|
|
1615
|
+
body: z5.object({
|
|
1616
|
+
storageName: z5.string().min(1, "Storage name is required"),
|
|
1764
1617
|
storageType: storageTypeSchema,
|
|
1765
|
-
versionId:
|
|
1766
|
-
files:
|
|
1767
|
-
runId:
|
|
1768
|
-
message:
|
|
1618
|
+
versionId: z5.string().min(1, "Version ID is required"),
|
|
1619
|
+
files: z5.array(fileEntryWithHashSchema),
|
|
1620
|
+
runId: z5.string().optional(),
|
|
1621
|
+
message: z5.string().optional()
|
|
1769
1622
|
}),
|
|
1770
1623
|
responses: {
|
|
1771
|
-
200:
|
|
1772
|
-
success:
|
|
1773
|
-
versionId:
|
|
1774
|
-
storageName:
|
|
1775
|
-
size:
|
|
1776
|
-
fileCount:
|
|
1777
|
-
deduplicated:
|
|
1624
|
+
200: z5.object({
|
|
1625
|
+
success: z5.literal(true),
|
|
1626
|
+
versionId: z5.string(),
|
|
1627
|
+
storageName: z5.string(),
|
|
1628
|
+
size: z5.number(),
|
|
1629
|
+
fileCount: z5.number(),
|
|
1630
|
+
deduplicated: z5.boolean().optional()
|
|
1778
1631
|
}),
|
|
1779
1632
|
400: apiErrorSchema,
|
|
1780
1633
|
401: apiErrorSchema,
|
|
@@ -1787,31 +1640,31 @@ var storagesCommitContract = c4.router({
|
|
|
1787
1640
|
summary: "Commit uploaded storage"
|
|
1788
1641
|
}
|
|
1789
1642
|
});
|
|
1790
|
-
var storagesDownloadContract =
|
|
1643
|
+
var storagesDownloadContract = c3.router({
|
|
1791
1644
|
download: {
|
|
1792
1645
|
method: "GET",
|
|
1793
1646
|
path: "/api/storages/download",
|
|
1794
1647
|
headers: authHeadersSchema,
|
|
1795
|
-
query:
|
|
1796
|
-
name:
|
|
1648
|
+
query: z5.object({
|
|
1649
|
+
name: z5.string().min(1, "Storage name is required"),
|
|
1797
1650
|
type: storageTypeSchema,
|
|
1798
1651
|
version: versionQuerySchema
|
|
1799
1652
|
}),
|
|
1800
1653
|
responses: {
|
|
1801
1654
|
// Normal response with presigned URL
|
|
1802
|
-
200:
|
|
1803
|
-
|
|
1804
|
-
url:
|
|
1805
|
-
versionId:
|
|
1806
|
-
fileCount:
|
|
1807
|
-
size:
|
|
1655
|
+
200: z5.union([
|
|
1656
|
+
z5.object({
|
|
1657
|
+
url: z5.string().url(),
|
|
1658
|
+
versionId: z5.string(),
|
|
1659
|
+
fileCount: z5.number(),
|
|
1660
|
+
size: z5.number()
|
|
1808
1661
|
}),
|
|
1809
1662
|
// Empty artifact response
|
|
1810
|
-
|
|
1811
|
-
empty:
|
|
1812
|
-
versionId:
|
|
1813
|
-
fileCount:
|
|
1814
|
-
size:
|
|
1663
|
+
z5.object({
|
|
1664
|
+
empty: z5.literal(true),
|
|
1665
|
+
versionId: z5.string(),
|
|
1666
|
+
fileCount: z5.literal(0),
|
|
1667
|
+
size: z5.literal(0)
|
|
1815
1668
|
})
|
|
1816
1669
|
]),
|
|
1817
1670
|
400: apiErrorSchema,
|
|
@@ -1822,21 +1675,21 @@ var storagesDownloadContract = c4.router({
|
|
|
1822
1675
|
summary: "Get presigned download URL"
|
|
1823
1676
|
}
|
|
1824
1677
|
});
|
|
1825
|
-
var storagesListContract =
|
|
1678
|
+
var storagesListContract = c3.router({
|
|
1826
1679
|
list: {
|
|
1827
1680
|
method: "GET",
|
|
1828
1681
|
path: "/api/storages/list",
|
|
1829
1682
|
headers: authHeadersSchema,
|
|
1830
|
-
query:
|
|
1683
|
+
query: z5.object({
|
|
1831
1684
|
type: storageTypeSchema
|
|
1832
1685
|
}),
|
|
1833
1686
|
responses: {
|
|
1834
|
-
200:
|
|
1835
|
-
|
|
1836
|
-
name:
|
|
1837
|
-
size:
|
|
1838
|
-
fileCount:
|
|
1839
|
-
updatedAt:
|
|
1687
|
+
200: z5.array(
|
|
1688
|
+
z5.object({
|
|
1689
|
+
name: z5.string(),
|
|
1690
|
+
size: z5.number(),
|
|
1691
|
+
fileCount: z5.number(),
|
|
1692
|
+
updatedAt: z5.string()
|
|
1840
1693
|
})
|
|
1841
1694
|
),
|
|
1842
1695
|
401: apiErrorSchema,
|
|
@@ -1847,24 +1700,24 @@ var storagesListContract = c4.router({
|
|
|
1847
1700
|
});
|
|
1848
1701
|
|
|
1849
1702
|
// ../../packages/core/src/contracts/webhooks.ts
|
|
1850
|
-
import { z as
|
|
1851
|
-
var
|
|
1852
|
-
var agentEventSchema =
|
|
1853
|
-
type:
|
|
1854
|
-
sequenceNumber:
|
|
1703
|
+
import { z as z6 } from "zod";
|
|
1704
|
+
var c4 = initContract();
|
|
1705
|
+
var agentEventSchema = z6.object({
|
|
1706
|
+
type: z6.string(),
|
|
1707
|
+
sequenceNumber: z6.number().int().nonnegative()
|
|
1855
1708
|
}).passthrough();
|
|
1856
|
-
var artifactSnapshotSchema =
|
|
1857
|
-
artifactName:
|
|
1858
|
-
artifactVersion:
|
|
1709
|
+
var artifactSnapshotSchema = z6.object({
|
|
1710
|
+
artifactName: z6.string(),
|
|
1711
|
+
artifactVersion: z6.string()
|
|
1859
1712
|
});
|
|
1860
|
-
var memorySnapshotSchema =
|
|
1861
|
-
memoryName:
|
|
1862
|
-
memoryVersion:
|
|
1713
|
+
var memorySnapshotSchema = z6.object({
|
|
1714
|
+
memoryName: z6.string(),
|
|
1715
|
+
memoryVersion: z6.string()
|
|
1863
1716
|
});
|
|
1864
|
-
var volumeVersionsSnapshotSchema =
|
|
1865
|
-
versions:
|
|
1717
|
+
var volumeVersionsSnapshotSchema = z6.object({
|
|
1718
|
+
versions: z6.record(z6.string(), z6.string())
|
|
1866
1719
|
});
|
|
1867
|
-
var webhookEventsContract =
|
|
1720
|
+
var webhookEventsContract = c4.router({
|
|
1868
1721
|
/**
|
|
1869
1722
|
* POST /api/webhooks/agent/events
|
|
1870
1723
|
* Receive agent events from sandbox
|
|
@@ -1873,15 +1726,15 @@ var webhookEventsContract = c5.router({
|
|
|
1873
1726
|
method: "POST",
|
|
1874
1727
|
path: "/api/webhooks/agent/events",
|
|
1875
1728
|
headers: authHeadersSchema,
|
|
1876
|
-
body:
|
|
1877
|
-
runId:
|
|
1878
|
-
events:
|
|
1729
|
+
body: z6.object({
|
|
1730
|
+
runId: z6.string().min(1, "runId is required"),
|
|
1731
|
+
events: z6.array(agentEventSchema).min(1, "events array cannot be empty")
|
|
1879
1732
|
}),
|
|
1880
1733
|
responses: {
|
|
1881
|
-
200:
|
|
1882
|
-
received:
|
|
1883
|
-
firstSequence:
|
|
1884
|
-
lastSequence:
|
|
1734
|
+
200: z6.object({
|
|
1735
|
+
received: z6.number(),
|
|
1736
|
+
firstSequence: z6.number(),
|
|
1737
|
+
lastSequence: z6.number()
|
|
1885
1738
|
}),
|
|
1886
1739
|
400: apiErrorSchema,
|
|
1887
1740
|
401: apiErrorSchema,
|
|
@@ -1891,7 +1744,7 @@ var webhookEventsContract = c5.router({
|
|
|
1891
1744
|
summary: "Receive agent events from sandbox"
|
|
1892
1745
|
}
|
|
1893
1746
|
});
|
|
1894
|
-
var webhookCompleteContract =
|
|
1747
|
+
var webhookCompleteContract = c4.router({
|
|
1895
1748
|
/**
|
|
1896
1749
|
* POST /api/webhooks/agent/complete
|
|
1897
1750
|
* Handle agent run completion (success or failure)
|
|
@@ -1900,15 +1753,15 @@ var webhookCompleteContract = c5.router({
|
|
|
1900
1753
|
method: "POST",
|
|
1901
1754
|
path: "/api/webhooks/agent/complete",
|
|
1902
1755
|
headers: authHeadersSchema,
|
|
1903
|
-
body:
|
|
1904
|
-
runId:
|
|
1905
|
-
exitCode:
|
|
1906
|
-
error:
|
|
1756
|
+
body: z6.object({
|
|
1757
|
+
runId: z6.string().min(1, "runId is required"),
|
|
1758
|
+
exitCode: z6.number(),
|
|
1759
|
+
error: z6.string().optional()
|
|
1907
1760
|
}),
|
|
1908
1761
|
responses: {
|
|
1909
|
-
200:
|
|
1910
|
-
success:
|
|
1911
|
-
status:
|
|
1762
|
+
200: z6.object({
|
|
1763
|
+
success: z6.boolean(),
|
|
1764
|
+
status: z6.enum(["completed", "failed"])
|
|
1912
1765
|
}),
|
|
1913
1766
|
400: apiErrorSchema,
|
|
1914
1767
|
401: apiErrorSchema,
|
|
@@ -1918,7 +1771,7 @@ var webhookCompleteContract = c5.router({
|
|
|
1918
1771
|
summary: "Handle agent run completion"
|
|
1919
1772
|
}
|
|
1920
1773
|
});
|
|
1921
|
-
var webhookCheckpointsContract =
|
|
1774
|
+
var webhookCheckpointsContract = c4.router({
|
|
1922
1775
|
/**
|
|
1923
1776
|
* POST /api/webhooks/agent/checkpoints
|
|
1924
1777
|
* Create checkpoint for completed agent run
|
|
@@ -1927,23 +1780,23 @@ var webhookCheckpointsContract = c5.router({
|
|
|
1927
1780
|
method: "POST",
|
|
1928
1781
|
path: "/api/webhooks/agent/checkpoints",
|
|
1929
1782
|
headers: authHeadersSchema,
|
|
1930
|
-
body:
|
|
1931
|
-
runId:
|
|
1932
|
-
cliAgentType:
|
|
1933
|
-
cliAgentSessionId:
|
|
1934
|
-
cliAgentSessionHistory:
|
|
1783
|
+
body: z6.object({
|
|
1784
|
+
runId: z6.string().min(1, "runId is required"),
|
|
1785
|
+
cliAgentType: z6.string().min(1, "cliAgentType is required"),
|
|
1786
|
+
cliAgentSessionId: z6.string().min(1, "cliAgentSessionId is required"),
|
|
1787
|
+
cliAgentSessionHistory: z6.string().min(1, "cliAgentSessionHistory is required"),
|
|
1935
1788
|
artifactSnapshot: artifactSnapshotSchema.optional(),
|
|
1936
1789
|
memorySnapshot: memorySnapshotSchema.optional(),
|
|
1937
1790
|
volumeVersionsSnapshot: volumeVersionsSnapshotSchema.optional()
|
|
1938
1791
|
}),
|
|
1939
1792
|
responses: {
|
|
1940
|
-
200:
|
|
1941
|
-
checkpointId:
|
|
1942
|
-
agentSessionId:
|
|
1943
|
-
conversationId:
|
|
1793
|
+
200: z6.object({
|
|
1794
|
+
checkpointId: z6.string(),
|
|
1795
|
+
agentSessionId: z6.string(),
|
|
1796
|
+
conversationId: z6.string(),
|
|
1944
1797
|
artifact: artifactSnapshotSchema.optional(),
|
|
1945
1798
|
memory: memorySnapshotSchema.optional(),
|
|
1946
|
-
volumes:
|
|
1799
|
+
volumes: z6.record(z6.string(), z6.string()).optional()
|
|
1947
1800
|
}),
|
|
1948
1801
|
400: apiErrorSchema,
|
|
1949
1802
|
401: apiErrorSchema,
|
|
@@ -1953,7 +1806,7 @@ var webhookCheckpointsContract = c5.router({
|
|
|
1953
1806
|
summary: "Create checkpoint for agent run"
|
|
1954
1807
|
}
|
|
1955
1808
|
});
|
|
1956
|
-
var webhookHeartbeatContract =
|
|
1809
|
+
var webhookHeartbeatContract = c4.router({
|
|
1957
1810
|
/**
|
|
1958
1811
|
* POST /api/webhooks/agent/heartbeat
|
|
1959
1812
|
* Receive heartbeat signals from sandbox
|
|
@@ -1962,12 +1815,12 @@ var webhookHeartbeatContract = c5.router({
|
|
|
1962
1815
|
method: "POST",
|
|
1963
1816
|
path: "/api/webhooks/agent/heartbeat",
|
|
1964
1817
|
headers: authHeadersSchema,
|
|
1965
|
-
body:
|
|
1966
|
-
runId:
|
|
1818
|
+
body: z6.object({
|
|
1819
|
+
runId: z6.string().min(1, "runId is required")
|
|
1967
1820
|
}),
|
|
1968
1821
|
responses: {
|
|
1969
|
-
200:
|
|
1970
|
-
ok:
|
|
1822
|
+
200: z6.object({
|
|
1823
|
+
ok: z6.boolean()
|
|
1971
1824
|
}),
|
|
1972
1825
|
400: apiErrorSchema,
|
|
1973
1826
|
401: apiErrorSchema,
|
|
@@ -1977,7 +1830,7 @@ var webhookHeartbeatContract = c5.router({
|
|
|
1977
1830
|
summary: "Receive heartbeat from sandbox"
|
|
1978
1831
|
}
|
|
1979
1832
|
});
|
|
1980
|
-
var webhookStoragesContract =
|
|
1833
|
+
var webhookStoragesContract = c4.router({
|
|
1981
1834
|
/**
|
|
1982
1835
|
* POST /api/webhooks/agent/storages
|
|
1983
1836
|
* Create a new version of a storage from sandbox
|
|
@@ -1993,13 +1846,13 @@ var webhookStoragesContract = c5.router({
|
|
|
1993
1846
|
path: "/api/webhooks/agent/storages",
|
|
1994
1847
|
headers: authHeadersSchema,
|
|
1995
1848
|
contentType: "multipart/form-data",
|
|
1996
|
-
body:
|
|
1849
|
+
body: c4.type(),
|
|
1997
1850
|
responses: {
|
|
1998
|
-
200:
|
|
1999
|
-
versionId:
|
|
2000
|
-
storageName:
|
|
2001
|
-
size:
|
|
2002
|
-
fileCount:
|
|
1851
|
+
200: z6.object({
|
|
1852
|
+
versionId: z6.string(),
|
|
1853
|
+
storageName: z6.string(),
|
|
1854
|
+
size: z6.number(),
|
|
1855
|
+
fileCount: z6.number()
|
|
2003
1856
|
}),
|
|
2004
1857
|
400: apiErrorSchema,
|
|
2005
1858
|
401: apiErrorSchema,
|
|
@@ -2009,7 +1862,7 @@ var webhookStoragesContract = c5.router({
|
|
|
2009
1862
|
summary: "Upload storage version from sandbox"
|
|
2010
1863
|
}
|
|
2011
1864
|
});
|
|
2012
|
-
var webhookStoragesIncrementalContract =
|
|
1865
|
+
var webhookStoragesIncrementalContract = c4.router({
|
|
2013
1866
|
/**
|
|
2014
1867
|
* POST /api/webhooks/agent/storages/incremental
|
|
2015
1868
|
* Create a new version using incremental upload
|
|
@@ -2027,19 +1880,19 @@ var webhookStoragesIncrementalContract = c5.router({
|
|
|
2027
1880
|
path: "/api/webhooks/agent/storages/incremental",
|
|
2028
1881
|
headers: authHeadersSchema,
|
|
2029
1882
|
contentType: "multipart/form-data",
|
|
2030
|
-
body:
|
|
1883
|
+
body: c4.type(),
|
|
2031
1884
|
responses: {
|
|
2032
|
-
200:
|
|
2033
|
-
versionId:
|
|
2034
|
-
storageName:
|
|
2035
|
-
size:
|
|
2036
|
-
fileCount:
|
|
2037
|
-
incrementalStats:
|
|
2038
|
-
addedFiles:
|
|
2039
|
-
modifiedFiles:
|
|
2040
|
-
deletedFiles:
|
|
2041
|
-
unchangedFiles:
|
|
2042
|
-
bytesUploaded:
|
|
1885
|
+
200: z6.object({
|
|
1886
|
+
versionId: z6.string(),
|
|
1887
|
+
storageName: z6.string(),
|
|
1888
|
+
size: z6.number(),
|
|
1889
|
+
fileCount: z6.number(),
|
|
1890
|
+
incrementalStats: z6.object({
|
|
1891
|
+
addedFiles: z6.number(),
|
|
1892
|
+
modifiedFiles: z6.number(),
|
|
1893
|
+
deletedFiles: z6.number(),
|
|
1894
|
+
unchangedFiles: z6.number(),
|
|
1895
|
+
bytesUploaded: z6.number()
|
|
2043
1896
|
}).optional()
|
|
2044
1897
|
}),
|
|
2045
1898
|
400: apiErrorSchema,
|
|
@@ -2050,36 +1903,36 @@ var webhookStoragesIncrementalContract = c5.router({
|
|
|
2050
1903
|
summary: "Upload storage version incrementally from sandbox"
|
|
2051
1904
|
}
|
|
2052
1905
|
});
|
|
2053
|
-
var metricDataSchema =
|
|
2054
|
-
ts:
|
|
2055
|
-
cpu:
|
|
2056
|
-
mem_used:
|
|
2057
|
-
mem_total:
|
|
2058
|
-
disk_used:
|
|
2059
|
-
disk_total:
|
|
1906
|
+
var metricDataSchema = z6.object({
|
|
1907
|
+
ts: z6.string(),
|
|
1908
|
+
cpu: z6.number(),
|
|
1909
|
+
mem_used: z6.number(),
|
|
1910
|
+
mem_total: z6.number(),
|
|
1911
|
+
disk_used: z6.number(),
|
|
1912
|
+
disk_total: z6.number()
|
|
2060
1913
|
});
|
|
2061
|
-
var sandboxOperationSchema =
|
|
2062
|
-
ts:
|
|
2063
|
-
action_type:
|
|
2064
|
-
duration_ms:
|
|
2065
|
-
success:
|
|
2066
|
-
error:
|
|
1914
|
+
var sandboxOperationSchema = z6.object({
|
|
1915
|
+
ts: z6.string(),
|
|
1916
|
+
action_type: z6.string(),
|
|
1917
|
+
duration_ms: z6.number(),
|
|
1918
|
+
success: z6.boolean(),
|
|
1919
|
+
error: z6.string().optional()
|
|
2067
1920
|
});
|
|
2068
|
-
var networkLogSchema =
|
|
2069
|
-
timestamp:
|
|
2070
|
-
mode:
|
|
2071
|
-
action:
|
|
2072
|
-
host:
|
|
2073
|
-
port:
|
|
2074
|
-
rule_matched:
|
|
2075
|
-
method:
|
|
2076
|
-
url:
|
|
2077
|
-
status:
|
|
2078
|
-
latency_ms:
|
|
2079
|
-
request_size:
|
|
2080
|
-
response_size:
|
|
1921
|
+
var networkLogSchema = z6.object({
|
|
1922
|
+
timestamp: z6.string(),
|
|
1923
|
+
mode: z6.literal("mitm").optional(),
|
|
1924
|
+
action: z6.enum(["ALLOW", "DENY"]).optional(),
|
|
1925
|
+
host: z6.string().optional(),
|
|
1926
|
+
port: z6.number().optional(),
|
|
1927
|
+
rule_matched: z6.string().nullable().optional(),
|
|
1928
|
+
method: z6.string().optional(),
|
|
1929
|
+
url: z6.string().optional(),
|
|
1930
|
+
status: z6.number().optional(),
|
|
1931
|
+
latency_ms: z6.number().optional(),
|
|
1932
|
+
request_size: z6.number().optional(),
|
|
1933
|
+
response_size: z6.number().optional()
|
|
2081
1934
|
});
|
|
2082
|
-
var webhookTelemetryContract =
|
|
1935
|
+
var webhookTelemetryContract = c4.router({
|
|
2083
1936
|
/**
|
|
2084
1937
|
* POST /api/webhooks/agent/telemetry
|
|
2085
1938
|
* Receive telemetry data (system log, metrics, network logs, and sandbox operations) from sandbox
|
|
@@ -2088,17 +1941,17 @@ var webhookTelemetryContract = c5.router({
|
|
|
2088
1941
|
method: "POST",
|
|
2089
1942
|
path: "/api/webhooks/agent/telemetry",
|
|
2090
1943
|
headers: authHeadersSchema,
|
|
2091
|
-
body:
|
|
2092
|
-
runId:
|
|
2093
|
-
systemLog:
|
|
2094
|
-
metrics:
|
|
2095
|
-
networkLogs:
|
|
2096
|
-
sandboxOperations:
|
|
1944
|
+
body: z6.object({
|
|
1945
|
+
runId: z6.string().min(1, "runId is required"),
|
|
1946
|
+
systemLog: z6.string().optional(),
|
|
1947
|
+
metrics: z6.array(metricDataSchema).optional(),
|
|
1948
|
+
networkLogs: z6.array(networkLogSchema).optional(),
|
|
1949
|
+
sandboxOperations: z6.array(sandboxOperationSchema).optional()
|
|
2097
1950
|
}),
|
|
2098
1951
|
responses: {
|
|
2099
|
-
200:
|
|
2100
|
-
success:
|
|
2101
|
-
id:
|
|
1952
|
+
200: z6.object({
|
|
1953
|
+
success: z6.boolean(),
|
|
1954
|
+
id: z6.string()
|
|
2102
1955
|
}),
|
|
2103
1956
|
400: apiErrorSchema,
|
|
2104
1957
|
401: apiErrorSchema,
|
|
@@ -2108,26 +1961,26 @@ var webhookTelemetryContract = c5.router({
|
|
|
2108
1961
|
summary: "Receive telemetry data from sandbox"
|
|
2109
1962
|
}
|
|
2110
1963
|
});
|
|
2111
|
-
var webhookStoragesPrepareContract =
|
|
1964
|
+
var webhookStoragesPrepareContract = c4.router({
|
|
2112
1965
|
prepare: {
|
|
2113
1966
|
method: "POST",
|
|
2114
1967
|
path: "/api/webhooks/agent/storages/prepare",
|
|
2115
1968
|
headers: authHeadersSchema,
|
|
2116
|
-
body:
|
|
2117
|
-
runId:
|
|
1969
|
+
body: z6.object({
|
|
1970
|
+
runId: z6.string().min(1, "runId is required"),
|
|
2118
1971
|
// Required for webhook auth
|
|
2119
|
-
storageName:
|
|
1972
|
+
storageName: z6.string().min(1, "Storage name is required"),
|
|
2120
1973
|
storageType: storageTypeSchema,
|
|
2121
|
-
files:
|
|
2122
|
-
force:
|
|
2123
|
-
baseVersion:
|
|
1974
|
+
files: z6.array(fileEntryWithHashSchema),
|
|
1975
|
+
force: z6.boolean().optional(),
|
|
1976
|
+
baseVersion: z6.string().optional(),
|
|
2124
1977
|
changes: storageChangesSchema.optional()
|
|
2125
1978
|
}),
|
|
2126
1979
|
responses: {
|
|
2127
|
-
200:
|
|
2128
|
-
versionId:
|
|
2129
|
-
existing:
|
|
2130
|
-
uploads:
|
|
1980
|
+
200: z6.object({
|
|
1981
|
+
versionId: z6.string(),
|
|
1982
|
+
existing: z6.boolean(),
|
|
1983
|
+
uploads: z6.object({
|
|
2131
1984
|
archive: presignedUploadSchema,
|
|
2132
1985
|
manifest: presignedUploadSchema
|
|
2133
1986
|
}).optional()
|
|
@@ -2141,28 +1994,28 @@ var webhookStoragesPrepareContract = c5.router({
|
|
|
2141
1994
|
summary: "Prepare for direct S3 upload from sandbox"
|
|
2142
1995
|
}
|
|
2143
1996
|
});
|
|
2144
|
-
var webhookStoragesCommitContract =
|
|
1997
|
+
var webhookStoragesCommitContract = c4.router({
|
|
2145
1998
|
commit: {
|
|
2146
1999
|
method: "POST",
|
|
2147
2000
|
path: "/api/webhooks/agent/storages/commit",
|
|
2148
2001
|
headers: authHeadersSchema,
|
|
2149
|
-
body:
|
|
2150
|
-
runId:
|
|
2002
|
+
body: z6.object({
|
|
2003
|
+
runId: z6.string().min(1, "runId is required"),
|
|
2151
2004
|
// Required for webhook auth
|
|
2152
|
-
storageName:
|
|
2005
|
+
storageName: z6.string().min(1, "Storage name is required"),
|
|
2153
2006
|
storageType: storageTypeSchema,
|
|
2154
|
-
versionId:
|
|
2155
|
-
files:
|
|
2156
|
-
message:
|
|
2007
|
+
versionId: z6.string().min(1, "Version ID is required"),
|
|
2008
|
+
files: z6.array(fileEntryWithHashSchema),
|
|
2009
|
+
message: z6.string().optional()
|
|
2157
2010
|
}),
|
|
2158
2011
|
responses: {
|
|
2159
|
-
200:
|
|
2160
|
-
success:
|
|
2161
|
-
versionId:
|
|
2162
|
-
storageName:
|
|
2163
|
-
size:
|
|
2164
|
-
fileCount:
|
|
2165
|
-
deduplicated:
|
|
2012
|
+
200: z6.object({
|
|
2013
|
+
success: z6.literal(true),
|
|
2014
|
+
versionId: z6.string(),
|
|
2015
|
+
storageName: z6.string(),
|
|
2016
|
+
size: z6.number(),
|
|
2017
|
+
fileCount: z6.number(),
|
|
2018
|
+
deduplicated: z6.boolean().optional()
|
|
2166
2019
|
}),
|
|
2167
2020
|
400: apiErrorSchema,
|
|
2168
2021
|
401: apiErrorSchema,
|
|
@@ -2177,13 +2030,13 @@ var webhookStoragesCommitContract = c5.router({
|
|
|
2177
2030
|
});
|
|
2178
2031
|
|
|
2179
2032
|
// ../../packages/core/src/contracts/cli-auth.ts
|
|
2180
|
-
import { z as
|
|
2181
|
-
var
|
|
2182
|
-
var oauthErrorSchema =
|
|
2183
|
-
error:
|
|
2184
|
-
error_description:
|
|
2033
|
+
import { z as z7 } from "zod";
|
|
2034
|
+
var c5 = initContract();
|
|
2035
|
+
var oauthErrorSchema = z7.object({
|
|
2036
|
+
error: z7.string(),
|
|
2037
|
+
error_description: z7.string()
|
|
2185
2038
|
});
|
|
2186
|
-
var cliAuthDeviceContract =
|
|
2039
|
+
var cliAuthDeviceContract = c5.router({
|
|
2187
2040
|
/**
|
|
2188
2041
|
* POST /api/cli/auth/device
|
|
2189
2042
|
* Initiate device authorization flow
|
|
@@ -2191,21 +2044,21 @@ var cliAuthDeviceContract = c6.router({
|
|
|
2191
2044
|
create: {
|
|
2192
2045
|
method: "POST",
|
|
2193
2046
|
path: "/api/cli/auth/device",
|
|
2194
|
-
body:
|
|
2047
|
+
body: z7.object({}).optional(),
|
|
2195
2048
|
responses: {
|
|
2196
|
-
200:
|
|
2197
|
-
device_code:
|
|
2198
|
-
user_code:
|
|
2199
|
-
verification_path:
|
|
2200
|
-
expires_in:
|
|
2201
|
-
interval:
|
|
2049
|
+
200: z7.object({
|
|
2050
|
+
device_code: z7.string(),
|
|
2051
|
+
user_code: z7.string(),
|
|
2052
|
+
verification_path: z7.string(),
|
|
2053
|
+
expires_in: z7.number(),
|
|
2054
|
+
interval: z7.number()
|
|
2202
2055
|
}),
|
|
2203
2056
|
500: oauthErrorSchema
|
|
2204
2057
|
},
|
|
2205
2058
|
summary: "Initiate device authorization flow"
|
|
2206
2059
|
}
|
|
2207
2060
|
});
|
|
2208
|
-
var cliAuthTokenContract =
|
|
2061
|
+
var cliAuthTokenContract = c5.router({
|
|
2209
2062
|
/**
|
|
2210
2063
|
* POST /api/cli/auth/token
|
|
2211
2064
|
* Exchange device code for access token
|
|
@@ -2213,16 +2066,16 @@ var cliAuthTokenContract = c6.router({
|
|
|
2213
2066
|
exchange: {
|
|
2214
2067
|
method: "POST",
|
|
2215
2068
|
path: "/api/cli/auth/token",
|
|
2216
|
-
body:
|
|
2217
|
-
device_code:
|
|
2069
|
+
body: z7.object({
|
|
2070
|
+
device_code: z7.string().min(1, "device_code is required")
|
|
2218
2071
|
}),
|
|
2219
2072
|
responses: {
|
|
2220
2073
|
// Success - token issued
|
|
2221
|
-
200:
|
|
2222
|
-
access_token:
|
|
2223
|
-
token_type:
|
|
2224
|
-
expires_in:
|
|
2225
|
-
org_slug:
|
|
2074
|
+
200: z7.object({
|
|
2075
|
+
access_token: z7.string(),
|
|
2076
|
+
token_type: z7.literal("Bearer"),
|
|
2077
|
+
expires_in: z7.number(),
|
|
2078
|
+
org_slug: z7.string().optional()
|
|
2226
2079
|
}),
|
|
2227
2080
|
// Authorization pending
|
|
2228
2081
|
202: oauthErrorSchema,
|
|
@@ -2235,9 +2088,9 @@ var cliAuthTokenContract = c6.router({
|
|
|
2235
2088
|
});
|
|
2236
2089
|
|
|
2237
2090
|
// ../../packages/core/src/contracts/auth.ts
|
|
2238
|
-
import { z as
|
|
2239
|
-
var
|
|
2240
|
-
var authContract =
|
|
2091
|
+
import { z as z8 } from "zod";
|
|
2092
|
+
var c6 = initContract();
|
|
2093
|
+
var authContract = c6.router({
|
|
2241
2094
|
/**
|
|
2242
2095
|
* GET /api/auth/me
|
|
2243
2096
|
* Get current user information
|
|
@@ -2247,9 +2100,9 @@ var authContract = c7.router({
|
|
|
2247
2100
|
path: "/api/auth/me",
|
|
2248
2101
|
headers: authHeadersSchema,
|
|
2249
2102
|
responses: {
|
|
2250
|
-
200:
|
|
2251
|
-
userId:
|
|
2252
|
-
email:
|
|
2103
|
+
200: z8.object({
|
|
2104
|
+
userId: z8.string(),
|
|
2105
|
+
email: z8.string()
|
|
2253
2106
|
}),
|
|
2254
2107
|
401: apiErrorSchema,
|
|
2255
2108
|
404: apiErrorSchema,
|
|
@@ -2260,23 +2113,23 @@ var authContract = c7.router({
|
|
|
2260
2113
|
});
|
|
2261
2114
|
|
|
2262
2115
|
// ../../packages/core/src/contracts/cron.ts
|
|
2263
|
-
import { z as
|
|
2264
|
-
var
|
|
2265
|
-
var cleanupResultSchema =
|
|
2266
|
-
runId:
|
|
2267
|
-
sandboxId:
|
|
2268
|
-
status:
|
|
2269
|
-
error:
|
|
2270
|
-
reason:
|
|
2116
|
+
import { z as z9 } from "zod";
|
|
2117
|
+
var c7 = initContract();
|
|
2118
|
+
var cleanupResultSchema = z9.object({
|
|
2119
|
+
runId: z9.string(),
|
|
2120
|
+
sandboxId: z9.string().nullable(),
|
|
2121
|
+
status: z9.enum(["cleaned", "error"]),
|
|
2122
|
+
error: z9.string().optional(),
|
|
2123
|
+
reason: z9.string().optional()
|
|
2271
2124
|
});
|
|
2272
|
-
var cleanupResponseSchema =
|
|
2273
|
-
cleaned:
|
|
2274
|
-
errors:
|
|
2275
|
-
results:
|
|
2276
|
-
composeJobsCleaned:
|
|
2277
|
-
composeJobErrors:
|
|
2125
|
+
var cleanupResponseSchema = z9.object({
|
|
2126
|
+
cleaned: z9.number(),
|
|
2127
|
+
errors: z9.number(),
|
|
2128
|
+
results: z9.array(cleanupResultSchema),
|
|
2129
|
+
composeJobsCleaned: z9.number(),
|
|
2130
|
+
composeJobErrors: z9.number()
|
|
2278
2131
|
});
|
|
2279
|
-
var cronCleanupSandboxesContract =
|
|
2132
|
+
var cronCleanupSandboxesContract = c7.router({
|
|
2280
2133
|
/**
|
|
2281
2134
|
* GET /api/cron/cleanup-sandboxes
|
|
2282
2135
|
* Cron job to cleanup sandboxes that have stopped sending heartbeats
|
|
@@ -2295,23 +2148,23 @@ var cronCleanupSandboxesContract = c8.router({
|
|
|
2295
2148
|
});
|
|
2296
2149
|
|
|
2297
2150
|
// ../../packages/core/src/contracts/orgs.ts
|
|
2298
|
-
import { z as
|
|
2299
|
-
var
|
|
2300
|
-
var orgTierSchema =
|
|
2301
|
-
var orgSlugSchema =
|
|
2151
|
+
import { z as z10 } from "zod";
|
|
2152
|
+
var c8 = initContract();
|
|
2153
|
+
var orgTierSchema = z10.enum(["free", "pro", "max"]);
|
|
2154
|
+
var orgSlugSchema = z10.string().min(3, "Org slug must be at least 3 characters").max(64, "Org slug must be at most 64 characters").regex(
|
|
2302
2155
|
/^[a-z0-9][a-z0-9-]*[a-z0-9]$|^[a-z0-9]{1,2}$/,
|
|
2303
2156
|
"Org slug must contain only lowercase letters, numbers, and hyphens, and must start and end with an alphanumeric character"
|
|
2304
2157
|
).transform((s) => s.toLowerCase());
|
|
2305
|
-
var orgResponseSchema =
|
|
2306
|
-
id:
|
|
2307
|
-
slug:
|
|
2308
|
-
tier:
|
|
2158
|
+
var orgResponseSchema = z10.object({
|
|
2159
|
+
id: z10.string(),
|
|
2160
|
+
slug: z10.string(),
|
|
2161
|
+
tier: z10.string().optional()
|
|
2309
2162
|
});
|
|
2310
|
-
var updateOrgRequestSchema =
|
|
2163
|
+
var updateOrgRequestSchema = z10.object({
|
|
2311
2164
|
slug: orgSlugSchema,
|
|
2312
|
-
force:
|
|
2165
|
+
force: z10.boolean().optional().default(false)
|
|
2313
2166
|
});
|
|
2314
|
-
var orgContract =
|
|
2167
|
+
var orgContract = c8.router({
|
|
2315
2168
|
/**
|
|
2316
2169
|
* GET /api/org
|
|
2317
2170
|
* Get current user's default org
|
|
@@ -2349,7 +2202,7 @@ var orgContract = c9.router({
|
|
|
2349
2202
|
summary: "Update org slug"
|
|
2350
2203
|
}
|
|
2351
2204
|
});
|
|
2352
|
-
var orgDefaultAgentContract =
|
|
2205
|
+
var orgDefaultAgentContract = c8.router({
|
|
2353
2206
|
/**
|
|
2354
2207
|
* PUT /api/orgs/default-agent?org={slug}
|
|
2355
2208
|
* Set or unset the default agent for an org.
|
|
@@ -2360,15 +2213,15 @@ var orgDefaultAgentContract = c9.router({
|
|
|
2360
2213
|
method: "PUT",
|
|
2361
2214
|
path: "/api/orgs/default-agent",
|
|
2362
2215
|
headers: authHeadersSchema,
|
|
2363
|
-
query:
|
|
2364
|
-
org:
|
|
2216
|
+
query: z10.object({
|
|
2217
|
+
org: z10.string().optional()
|
|
2365
2218
|
}),
|
|
2366
|
-
body:
|
|
2367
|
-
agentComposeId:
|
|
2219
|
+
body: z10.object({
|
|
2220
|
+
agentComposeId: z10.string().uuid().nullable()
|
|
2368
2221
|
}),
|
|
2369
2222
|
responses: {
|
|
2370
|
-
200:
|
|
2371
|
-
agentComposeId:
|
|
2223
|
+
200: z10.object({
|
|
2224
|
+
agentComposeId: z10.string().uuid().nullable()
|
|
2372
2225
|
}),
|
|
2373
2226
|
400: apiErrorSchema,
|
|
2374
2227
|
401: apiErrorSchema,
|
|
@@ -2380,30 +2233,30 @@ var orgDefaultAgentContract = c9.router({
|
|
|
2380
2233
|
});
|
|
2381
2234
|
|
|
2382
2235
|
// ../../packages/core/src/contracts/secrets.ts
|
|
2383
|
-
import { z as
|
|
2384
|
-
var
|
|
2385
|
-
var secretNameSchema =
|
|
2236
|
+
import { z as z11 } from "zod";
|
|
2237
|
+
var c9 = initContract();
|
|
2238
|
+
var secretNameSchema = z11.string().min(1, "Secret name is required").max(255, "Secret name must be at most 255 characters").regex(
|
|
2386
2239
|
/^[A-Z][A-Z0-9_]*$/,
|
|
2387
2240
|
"Secret name must contain only uppercase letters, numbers, and underscores, and must start with a letter (e.g., MY_API_KEY)"
|
|
2388
2241
|
);
|
|
2389
|
-
var secretTypeSchema =
|
|
2390
|
-
var secretResponseSchema =
|
|
2391
|
-
id:
|
|
2392
|
-
name:
|
|
2393
|
-
description:
|
|
2242
|
+
var secretTypeSchema = z11.enum(["user", "model-provider", "connector"]);
|
|
2243
|
+
var secretResponseSchema = z11.object({
|
|
2244
|
+
id: z11.string().uuid(),
|
|
2245
|
+
name: z11.string(),
|
|
2246
|
+
description: z11.string().nullable(),
|
|
2394
2247
|
type: secretTypeSchema,
|
|
2395
|
-
createdAt:
|
|
2396
|
-
updatedAt:
|
|
2248
|
+
createdAt: z11.string(),
|
|
2249
|
+
updatedAt: z11.string()
|
|
2397
2250
|
});
|
|
2398
|
-
var secretListResponseSchema =
|
|
2399
|
-
secrets:
|
|
2251
|
+
var secretListResponseSchema = z11.object({
|
|
2252
|
+
secrets: z11.array(secretResponseSchema)
|
|
2400
2253
|
});
|
|
2401
|
-
var setSecretRequestSchema =
|
|
2254
|
+
var setSecretRequestSchema = z11.object({
|
|
2402
2255
|
name: secretNameSchema,
|
|
2403
|
-
value:
|
|
2404
|
-
description:
|
|
2256
|
+
value: z11.string().min(1, "Secret value is required"),
|
|
2257
|
+
description: z11.string().max(1e3).optional()
|
|
2405
2258
|
});
|
|
2406
|
-
var secretsMainContract =
|
|
2259
|
+
var secretsMainContract = c9.router({
|
|
2407
2260
|
/**
|
|
2408
2261
|
* GET /api/secrets
|
|
2409
2262
|
* List all secrets for the current user's org (metadata only)
|
|
@@ -2438,7 +2291,7 @@ var secretsMainContract = c10.router({
|
|
|
2438
2291
|
summary: "Create or update a secret"
|
|
2439
2292
|
}
|
|
2440
2293
|
});
|
|
2441
|
-
var secretsByNameContract =
|
|
2294
|
+
var secretsByNameContract = c9.router({
|
|
2442
2295
|
/**
|
|
2443
2296
|
* GET /api/secrets/:name
|
|
2444
2297
|
* Get a secret by name (metadata only)
|
|
@@ -2447,7 +2300,7 @@ var secretsByNameContract = c10.router({
|
|
|
2447
2300
|
method: "GET",
|
|
2448
2301
|
path: "/api/secrets/:name",
|
|
2449
2302
|
headers: authHeadersSchema,
|
|
2450
|
-
pathParams:
|
|
2303
|
+
pathParams: z11.object({
|
|
2451
2304
|
name: secretNameSchema
|
|
2452
2305
|
}),
|
|
2453
2306
|
responses: {
|
|
@@ -2466,11 +2319,11 @@ var secretsByNameContract = c10.router({
|
|
|
2466
2319
|
method: "DELETE",
|
|
2467
2320
|
path: "/api/secrets/:name",
|
|
2468
2321
|
headers: authHeadersSchema,
|
|
2469
|
-
pathParams:
|
|
2322
|
+
pathParams: z11.object({
|
|
2470
2323
|
name: secretNameSchema
|
|
2471
2324
|
}),
|
|
2472
2325
|
responses: {
|
|
2473
|
-
204:
|
|
2326
|
+
204: c9.noBody(),
|
|
2474
2327
|
401: apiErrorSchema,
|
|
2475
2328
|
404: apiErrorSchema,
|
|
2476
2329
|
500: apiErrorSchema
|
|
@@ -2480,29 +2333,29 @@ var secretsByNameContract = c10.router({
|
|
|
2480
2333
|
});
|
|
2481
2334
|
|
|
2482
2335
|
// ../../packages/core/src/contracts/variables.ts
|
|
2483
|
-
import { z as
|
|
2484
|
-
var
|
|
2485
|
-
var variableNameSchema =
|
|
2336
|
+
import { z as z12 } from "zod";
|
|
2337
|
+
var c10 = initContract();
|
|
2338
|
+
var variableNameSchema = z12.string().min(1, "Variable name is required").max(255, "Variable name must be at most 255 characters").regex(
|
|
2486
2339
|
/^[A-Z][A-Z0-9_]*$/,
|
|
2487
2340
|
"Variable name must contain only uppercase letters, numbers, and underscores, and must start with a letter (e.g., MY_VAR)"
|
|
2488
2341
|
);
|
|
2489
|
-
var variableResponseSchema =
|
|
2490
|
-
id:
|
|
2491
|
-
name:
|
|
2492
|
-
value:
|
|
2493
|
-
description:
|
|
2494
|
-
createdAt:
|
|
2495
|
-
updatedAt:
|
|
2342
|
+
var variableResponseSchema = z12.object({
|
|
2343
|
+
id: z12.string().uuid(),
|
|
2344
|
+
name: z12.string(),
|
|
2345
|
+
value: z12.string(),
|
|
2346
|
+
description: z12.string().nullable(),
|
|
2347
|
+
createdAt: z12.string(),
|
|
2348
|
+
updatedAt: z12.string()
|
|
2496
2349
|
});
|
|
2497
|
-
var variableListResponseSchema =
|
|
2498
|
-
variables:
|
|
2350
|
+
var variableListResponseSchema = z12.object({
|
|
2351
|
+
variables: z12.array(variableResponseSchema)
|
|
2499
2352
|
});
|
|
2500
|
-
var setVariableRequestSchema =
|
|
2353
|
+
var setVariableRequestSchema = z12.object({
|
|
2501
2354
|
name: variableNameSchema,
|
|
2502
|
-
value:
|
|
2503
|
-
description:
|
|
2355
|
+
value: z12.string().min(1, "Variable value is required"),
|
|
2356
|
+
description: z12.string().max(1e3).optional()
|
|
2504
2357
|
});
|
|
2505
|
-
var variablesMainContract =
|
|
2358
|
+
var variablesMainContract = c10.router({
|
|
2506
2359
|
/**
|
|
2507
2360
|
* GET /api/variables
|
|
2508
2361
|
* List all variables for the current user's org (includes values)
|
|
@@ -2537,7 +2390,7 @@ var variablesMainContract = c11.router({
|
|
|
2537
2390
|
summary: "Create or update a variable"
|
|
2538
2391
|
}
|
|
2539
2392
|
});
|
|
2540
|
-
var variablesByNameContract =
|
|
2393
|
+
var variablesByNameContract = c10.router({
|
|
2541
2394
|
/**
|
|
2542
2395
|
* GET /api/variables/:name
|
|
2543
2396
|
* Get a variable by name (includes value)
|
|
@@ -2546,7 +2399,7 @@ var variablesByNameContract = c11.router({
|
|
|
2546
2399
|
method: "GET",
|
|
2547
2400
|
path: "/api/variables/:name",
|
|
2548
2401
|
headers: authHeadersSchema,
|
|
2549
|
-
pathParams:
|
|
2402
|
+
pathParams: z12.object({
|
|
2550
2403
|
name: variableNameSchema
|
|
2551
2404
|
}),
|
|
2552
2405
|
responses: {
|
|
@@ -2565,11 +2418,11 @@ var variablesByNameContract = c11.router({
|
|
|
2565
2418
|
method: "DELETE",
|
|
2566
2419
|
path: "/api/variables/:name",
|
|
2567
2420
|
headers: authHeadersSchema,
|
|
2568
|
-
pathParams:
|
|
2421
|
+
pathParams: z12.object({
|
|
2569
2422
|
name: variableNameSchema
|
|
2570
2423
|
}),
|
|
2571
2424
|
responses: {
|
|
2572
|
-
204:
|
|
2425
|
+
204: c10.noBody(),
|
|
2573
2426
|
401: apiErrorSchema,
|
|
2574
2427
|
404: apiErrorSchema,
|
|
2575
2428
|
500: apiErrorSchema
|
|
@@ -2579,8 +2432,8 @@ var variablesByNameContract = c11.router({
|
|
|
2579
2432
|
});
|
|
2580
2433
|
|
|
2581
2434
|
// ../../packages/core/src/contracts/model-providers.ts
|
|
2582
|
-
import { z as
|
|
2583
|
-
var
|
|
2435
|
+
import { z as z13 } from "zod";
|
|
2436
|
+
var c11 = initContract();
|
|
2584
2437
|
var MODEL_PROVIDER_TYPES = {
|
|
2585
2438
|
"claude-code-oauth-token": {
|
|
2586
2439
|
framework: "claude-code",
|
|
@@ -2801,7 +2654,7 @@ var MODEL_PROVIDER_TYPES = {
|
|
|
2801
2654
|
customModelPlaceholder: "anthropic.claude-sonnet-4-20250514-v1:0"
|
|
2802
2655
|
}
|
|
2803
2656
|
};
|
|
2804
|
-
var modelProviderTypeSchema =
|
|
2657
|
+
var modelProviderTypeSchema = z13.enum([
|
|
2805
2658
|
"claude-code-oauth-token",
|
|
2806
2659
|
"anthropic-api-key",
|
|
2807
2660
|
"openrouter-api-key",
|
|
@@ -2812,7 +2665,7 @@ var modelProviderTypeSchema = z14.enum([
|
|
|
2812
2665
|
"azure-foundry",
|
|
2813
2666
|
"aws-bedrock"
|
|
2814
2667
|
]);
|
|
2815
|
-
var modelProviderFrameworkSchema =
|
|
2668
|
+
var modelProviderFrameworkSchema = z13.enum(["claude-code", "codex"]);
|
|
2816
2669
|
function hasAuthMethods(type2) {
|
|
2817
2670
|
const config = MODEL_PROVIDER_TYPES[type2];
|
|
2818
2671
|
return "authMethods" in config;
|
|
@@ -2853,43 +2706,43 @@ function getCustomModelPlaceholder(type2) {
|
|
|
2853
2706
|
const config = MODEL_PROVIDER_TYPES[type2];
|
|
2854
2707
|
return "customModelPlaceholder" in config ? config.customModelPlaceholder : void 0;
|
|
2855
2708
|
}
|
|
2856
|
-
var modelProviderResponseSchema =
|
|
2857
|
-
id:
|
|
2709
|
+
var modelProviderResponseSchema = z13.object({
|
|
2710
|
+
id: z13.string().uuid(),
|
|
2858
2711
|
type: modelProviderTypeSchema,
|
|
2859
2712
|
framework: modelProviderFrameworkSchema,
|
|
2860
|
-
secretName:
|
|
2713
|
+
secretName: z13.string().nullable(),
|
|
2861
2714
|
// Legacy single-secret (deprecated for multi-auth)
|
|
2862
|
-
authMethod:
|
|
2715
|
+
authMethod: z13.string().nullable(),
|
|
2863
2716
|
// For multi-auth providers
|
|
2864
|
-
secretNames:
|
|
2717
|
+
secretNames: z13.array(z13.string()).nullable(),
|
|
2865
2718
|
// For multi-auth providers
|
|
2866
|
-
isDefault:
|
|
2867
|
-
selectedModel:
|
|
2868
|
-
createdAt:
|
|
2869
|
-
updatedAt:
|
|
2719
|
+
isDefault: z13.boolean(),
|
|
2720
|
+
selectedModel: z13.string().nullable(),
|
|
2721
|
+
createdAt: z13.string(),
|
|
2722
|
+
updatedAt: z13.string()
|
|
2870
2723
|
});
|
|
2871
|
-
var modelProviderListResponseSchema =
|
|
2872
|
-
modelProviders:
|
|
2724
|
+
var modelProviderListResponseSchema = z13.object({
|
|
2725
|
+
modelProviders: z13.array(modelProviderResponseSchema)
|
|
2873
2726
|
});
|
|
2874
|
-
var upsertModelProviderRequestSchema =
|
|
2727
|
+
var upsertModelProviderRequestSchema = z13.object({
|
|
2875
2728
|
type: modelProviderTypeSchema,
|
|
2876
|
-
secret:
|
|
2729
|
+
secret: z13.string().min(1).optional(),
|
|
2877
2730
|
// Legacy single secret
|
|
2878
|
-
authMethod:
|
|
2731
|
+
authMethod: z13.string().optional(),
|
|
2879
2732
|
// For multi-auth providers
|
|
2880
|
-
secrets:
|
|
2733
|
+
secrets: z13.record(z13.string(), z13.string()).optional(),
|
|
2881
2734
|
// For multi-auth providers
|
|
2882
|
-
selectedModel:
|
|
2735
|
+
selectedModel: z13.string().optional()
|
|
2883
2736
|
});
|
|
2884
|
-
var upsertModelProviderResponseSchema =
|
|
2737
|
+
var upsertModelProviderResponseSchema = z13.object({
|
|
2885
2738
|
provider: modelProviderResponseSchema,
|
|
2886
|
-
created:
|
|
2739
|
+
created: z13.boolean()
|
|
2887
2740
|
});
|
|
2888
|
-
var checkSecretResponseSchema =
|
|
2889
|
-
exists:
|
|
2890
|
-
secretName:
|
|
2741
|
+
var checkSecretResponseSchema = z13.object({
|
|
2742
|
+
exists: z13.boolean(),
|
|
2743
|
+
secretName: z13.string()
|
|
2891
2744
|
});
|
|
2892
|
-
var modelProvidersMainContract =
|
|
2745
|
+
var modelProvidersMainContract = c11.router({
|
|
2893
2746
|
list: {
|
|
2894
2747
|
method: "GET",
|
|
2895
2748
|
path: "/api/model-providers",
|
|
@@ -2917,12 +2770,12 @@ var modelProvidersMainContract = c12.router({
|
|
|
2917
2770
|
summary: "Create or update a model provider"
|
|
2918
2771
|
}
|
|
2919
2772
|
});
|
|
2920
|
-
var modelProvidersCheckContract =
|
|
2773
|
+
var modelProvidersCheckContract = c11.router({
|
|
2921
2774
|
check: {
|
|
2922
2775
|
method: "GET",
|
|
2923
2776
|
path: "/api/model-providers/check/:type",
|
|
2924
2777
|
headers: authHeadersSchema,
|
|
2925
|
-
pathParams:
|
|
2778
|
+
pathParams: z13.object({
|
|
2926
2779
|
type: modelProviderTypeSchema
|
|
2927
2780
|
}),
|
|
2928
2781
|
responses: {
|
|
@@ -2933,16 +2786,16 @@ var modelProvidersCheckContract = c12.router({
|
|
|
2933
2786
|
summary: "Check if secret exists for a model provider type"
|
|
2934
2787
|
}
|
|
2935
2788
|
});
|
|
2936
|
-
var modelProvidersByTypeContract =
|
|
2789
|
+
var modelProvidersByTypeContract = c11.router({
|
|
2937
2790
|
delete: {
|
|
2938
2791
|
method: "DELETE",
|
|
2939
2792
|
path: "/api/model-providers/:type",
|
|
2940
2793
|
headers: authHeadersSchema,
|
|
2941
|
-
pathParams:
|
|
2794
|
+
pathParams: z13.object({
|
|
2942
2795
|
type: modelProviderTypeSchema
|
|
2943
2796
|
}),
|
|
2944
2797
|
responses: {
|
|
2945
|
-
204:
|
|
2798
|
+
204: c11.noBody(),
|
|
2946
2799
|
401: apiErrorSchema,
|
|
2947
2800
|
404: apiErrorSchema,
|
|
2948
2801
|
500: apiErrorSchema
|
|
@@ -2950,15 +2803,15 @@ var modelProvidersByTypeContract = c12.router({
|
|
|
2950
2803
|
summary: "Delete a model provider"
|
|
2951
2804
|
}
|
|
2952
2805
|
});
|
|
2953
|
-
var modelProvidersConvertContract =
|
|
2806
|
+
var modelProvidersConvertContract = c11.router({
|
|
2954
2807
|
convert: {
|
|
2955
2808
|
method: "POST",
|
|
2956
2809
|
path: "/api/model-providers/:type/convert",
|
|
2957
2810
|
headers: authHeadersSchema,
|
|
2958
|
-
pathParams:
|
|
2811
|
+
pathParams: z13.object({
|
|
2959
2812
|
type: modelProviderTypeSchema
|
|
2960
2813
|
}),
|
|
2961
|
-
body:
|
|
2814
|
+
body: z13.undefined(),
|
|
2962
2815
|
responses: {
|
|
2963
2816
|
200: modelProviderResponseSchema,
|
|
2964
2817
|
400: apiErrorSchema,
|
|
@@ -2969,15 +2822,15 @@ var modelProvidersConvertContract = c12.router({
|
|
|
2969
2822
|
summary: "Convert existing user secret to model provider"
|
|
2970
2823
|
}
|
|
2971
2824
|
});
|
|
2972
|
-
var modelProvidersSetDefaultContract =
|
|
2825
|
+
var modelProvidersSetDefaultContract = c11.router({
|
|
2973
2826
|
setDefault: {
|
|
2974
2827
|
method: "POST",
|
|
2975
2828
|
path: "/api/model-providers/:type/set-default",
|
|
2976
2829
|
headers: authHeadersSchema,
|
|
2977
|
-
pathParams:
|
|
2830
|
+
pathParams: z13.object({
|
|
2978
2831
|
type: modelProviderTypeSchema
|
|
2979
2832
|
}),
|
|
2980
|
-
body:
|
|
2833
|
+
body: z13.undefined(),
|
|
2981
2834
|
responses: {
|
|
2982
2835
|
200: modelProviderResponseSchema,
|
|
2983
2836
|
401: apiErrorSchema,
|
|
@@ -2987,15 +2840,15 @@ var modelProvidersSetDefaultContract = c12.router({
|
|
|
2987
2840
|
summary: "Set a model provider as default for its framework"
|
|
2988
2841
|
}
|
|
2989
2842
|
});
|
|
2990
|
-
var updateModelRequestSchema =
|
|
2991
|
-
selectedModel:
|
|
2843
|
+
var updateModelRequestSchema = z13.object({
|
|
2844
|
+
selectedModel: z13.string().optional()
|
|
2992
2845
|
});
|
|
2993
|
-
var modelProvidersUpdateModelContract =
|
|
2846
|
+
var modelProvidersUpdateModelContract = c11.router({
|
|
2994
2847
|
updateModel: {
|
|
2995
2848
|
method: "PATCH",
|
|
2996
2849
|
path: "/api/model-providers/:type/model",
|
|
2997
2850
|
headers: authHeadersSchema,
|
|
2998
|
-
pathParams:
|
|
2851
|
+
pathParams: z13.object({
|
|
2999
2852
|
type: modelProviderTypeSchema
|
|
3000
2853
|
}),
|
|
3001
2854
|
body: updateModelRequestSchema,
|
|
@@ -3010,53 +2863,53 @@ var modelProvidersUpdateModelContract = c12.router({
|
|
|
3010
2863
|
});
|
|
3011
2864
|
|
|
3012
2865
|
// ../../packages/core/src/contracts/sessions.ts
|
|
3013
|
-
import { z as
|
|
3014
|
-
var
|
|
3015
|
-
var storedChatMessageSchema =
|
|
3016
|
-
role:
|
|
3017
|
-
content:
|
|
3018
|
-
runId:
|
|
3019
|
-
createdAt:
|
|
2866
|
+
import { z as z14 } from "zod";
|
|
2867
|
+
var c12 = initContract();
|
|
2868
|
+
var storedChatMessageSchema = z14.object({
|
|
2869
|
+
role: z14.enum(["user", "assistant"]),
|
|
2870
|
+
content: z14.string(),
|
|
2871
|
+
runId: z14.string().optional(),
|
|
2872
|
+
createdAt: z14.string()
|
|
3020
2873
|
});
|
|
3021
|
-
var sessionResponseSchema =
|
|
3022
|
-
id:
|
|
3023
|
-
agentComposeId:
|
|
3024
|
-
conversationId:
|
|
3025
|
-
artifactName:
|
|
3026
|
-
secretNames:
|
|
3027
|
-
chatMessages:
|
|
3028
|
-
createdAt:
|
|
3029
|
-
updatedAt:
|
|
2874
|
+
var sessionResponseSchema = z14.object({
|
|
2875
|
+
id: z14.string(),
|
|
2876
|
+
agentComposeId: z14.string(),
|
|
2877
|
+
conversationId: z14.string().nullable(),
|
|
2878
|
+
artifactName: z14.string().nullable(),
|
|
2879
|
+
secretNames: z14.array(z14.string()).nullable(),
|
|
2880
|
+
chatMessages: z14.array(storedChatMessageSchema).optional(),
|
|
2881
|
+
createdAt: z14.string(),
|
|
2882
|
+
updatedAt: z14.string()
|
|
3030
2883
|
});
|
|
3031
|
-
var sessionListItemSchema =
|
|
3032
|
-
id:
|
|
3033
|
-
createdAt:
|
|
3034
|
-
updatedAt:
|
|
3035
|
-
messageCount:
|
|
3036
|
-
preview:
|
|
2884
|
+
var sessionListItemSchema = z14.object({
|
|
2885
|
+
id: z14.string(),
|
|
2886
|
+
createdAt: z14.string(),
|
|
2887
|
+
updatedAt: z14.string(),
|
|
2888
|
+
messageCount: z14.number(),
|
|
2889
|
+
preview: z14.string().nullable()
|
|
3037
2890
|
});
|
|
3038
|
-
var agentComposeSnapshotSchema =
|
|
3039
|
-
agentComposeVersionId:
|
|
3040
|
-
vars:
|
|
3041
|
-
secretNames:
|
|
2891
|
+
var agentComposeSnapshotSchema = z14.object({
|
|
2892
|
+
agentComposeVersionId: z14.string(),
|
|
2893
|
+
vars: z14.record(z14.string(), z14.string()).optional(),
|
|
2894
|
+
secretNames: z14.array(z14.string()).optional()
|
|
3042
2895
|
});
|
|
3043
|
-
var artifactSnapshotSchema2 =
|
|
3044
|
-
artifactName:
|
|
3045
|
-
artifactVersion:
|
|
2896
|
+
var artifactSnapshotSchema2 = z14.object({
|
|
2897
|
+
artifactName: z14.string(),
|
|
2898
|
+
artifactVersion: z14.string()
|
|
3046
2899
|
});
|
|
3047
|
-
var volumeVersionsSnapshotSchema2 =
|
|
3048
|
-
versions:
|
|
2900
|
+
var volumeVersionsSnapshotSchema2 = z14.object({
|
|
2901
|
+
versions: z14.record(z14.string(), z14.string())
|
|
3049
2902
|
});
|
|
3050
|
-
var checkpointResponseSchema =
|
|
3051
|
-
id:
|
|
3052
|
-
runId:
|
|
3053
|
-
conversationId:
|
|
2903
|
+
var checkpointResponseSchema = z14.object({
|
|
2904
|
+
id: z14.string(),
|
|
2905
|
+
runId: z14.string(),
|
|
2906
|
+
conversationId: z14.string(),
|
|
3054
2907
|
agentComposeSnapshot: agentComposeSnapshotSchema,
|
|
3055
2908
|
artifactSnapshot: artifactSnapshotSchema2.nullable(),
|
|
3056
2909
|
volumeVersionsSnapshot: volumeVersionsSnapshotSchema2.nullable(),
|
|
3057
|
-
createdAt:
|
|
2910
|
+
createdAt: z14.string()
|
|
3058
2911
|
});
|
|
3059
|
-
var sessionsContract =
|
|
2912
|
+
var sessionsContract = c12.router({
|
|
3060
2913
|
/**
|
|
3061
2914
|
* GET /api/agent/sessions?agentComposeId=X
|
|
3062
2915
|
* List chat sessions for an agent
|
|
@@ -3065,17 +2918,17 @@ var sessionsContract = c13.router({
|
|
|
3065
2918
|
method: "GET",
|
|
3066
2919
|
path: "/api/agent/sessions",
|
|
3067
2920
|
headers: authHeadersSchema,
|
|
3068
|
-
query:
|
|
3069
|
-
agentComposeId:
|
|
2921
|
+
query: z14.object({
|
|
2922
|
+
agentComposeId: z14.string().min(1, "agentComposeId is required")
|
|
3070
2923
|
}),
|
|
3071
2924
|
responses: {
|
|
3072
|
-
200:
|
|
2925
|
+
200: z14.object({ sessions: z14.array(sessionListItemSchema) }),
|
|
3073
2926
|
401: apiErrorSchema
|
|
3074
2927
|
},
|
|
3075
2928
|
summary: "List chat sessions for an agent"
|
|
3076
2929
|
}
|
|
3077
2930
|
});
|
|
3078
|
-
var sessionsByIdContract =
|
|
2931
|
+
var sessionsByIdContract = c12.router({
|
|
3079
2932
|
/**
|
|
3080
2933
|
* GET /api/agent/sessions/:id
|
|
3081
2934
|
* Get session by ID
|
|
@@ -3084,8 +2937,8 @@ var sessionsByIdContract = c13.router({
|
|
|
3084
2937
|
method: "GET",
|
|
3085
2938
|
path: "/api/agent/sessions/:id",
|
|
3086
2939
|
headers: authHeadersSchema,
|
|
3087
|
-
pathParams:
|
|
3088
|
-
id:
|
|
2940
|
+
pathParams: z14.object({
|
|
2941
|
+
id: z14.string().min(1, "Session ID is required")
|
|
3089
2942
|
}),
|
|
3090
2943
|
responses: {
|
|
3091
2944
|
200: sessionResponseSchema,
|
|
@@ -3096,7 +2949,7 @@ var sessionsByIdContract = c13.router({
|
|
|
3096
2949
|
summary: "Get session by ID"
|
|
3097
2950
|
}
|
|
3098
2951
|
});
|
|
3099
|
-
var sessionMessagesContract =
|
|
2952
|
+
var sessionMessagesContract = c12.router({
|
|
3100
2953
|
/**
|
|
3101
2954
|
* POST /api/agent/sessions/:id/messages
|
|
3102
2955
|
* Append chat messages to a session
|
|
@@ -3105,20 +2958,20 @@ var sessionMessagesContract = c13.router({
|
|
|
3105
2958
|
method: "POST",
|
|
3106
2959
|
path: "/api/agent/sessions/:id/messages",
|
|
3107
2960
|
headers: authHeadersSchema,
|
|
3108
|
-
pathParams:
|
|
3109
|
-
id:
|
|
2961
|
+
pathParams: z14.object({
|
|
2962
|
+
id: z14.string().min(1, "Session ID is required")
|
|
3110
2963
|
}),
|
|
3111
|
-
body:
|
|
3112
|
-
messages:
|
|
3113
|
-
|
|
3114
|
-
role:
|
|
3115
|
-
content:
|
|
3116
|
-
runId:
|
|
2964
|
+
body: z14.object({
|
|
2965
|
+
messages: z14.array(
|
|
2966
|
+
z14.object({
|
|
2967
|
+
role: z14.enum(["user", "assistant"]),
|
|
2968
|
+
content: z14.string(),
|
|
2969
|
+
runId: z14.string().optional()
|
|
3117
2970
|
})
|
|
3118
2971
|
)
|
|
3119
2972
|
}),
|
|
3120
2973
|
responses: {
|
|
3121
|
-
200:
|
|
2974
|
+
200: z14.object({ success: z14.literal(true) }),
|
|
3122
2975
|
401: apiErrorSchema,
|
|
3123
2976
|
403: apiErrorSchema,
|
|
3124
2977
|
404: apiErrorSchema
|
|
@@ -3126,7 +2979,7 @@ var sessionMessagesContract = c13.router({
|
|
|
3126
2979
|
summary: "Append chat messages to a session"
|
|
3127
2980
|
}
|
|
3128
2981
|
});
|
|
3129
|
-
var checkpointsByIdContract =
|
|
2982
|
+
var checkpointsByIdContract = c12.router({
|
|
3130
2983
|
/**
|
|
3131
2984
|
* GET /api/agent/checkpoints/:id
|
|
3132
2985
|
* Get checkpoint by ID
|
|
@@ -3135,8 +2988,8 @@ var checkpointsByIdContract = c13.router({
|
|
|
3135
2988
|
method: "GET",
|
|
3136
2989
|
path: "/api/agent/checkpoints/:id",
|
|
3137
2990
|
headers: authHeadersSchema,
|
|
3138
|
-
pathParams:
|
|
3139
|
-
id:
|
|
2991
|
+
pathParams: z14.object({
|
|
2992
|
+
id: z14.string().min(1, "Checkpoint ID is required")
|
|
3140
2993
|
}),
|
|
3141
2994
|
responses: {
|
|
3142
2995
|
200: checkpointResponseSchema,
|
|
@@ -3148,6 +3001,155 @@ var checkpointsByIdContract = c13.router({
|
|
|
3148
3001
|
}
|
|
3149
3002
|
});
|
|
3150
3003
|
|
|
3004
|
+
// ../../packages/core/src/contracts/runners.ts
|
|
3005
|
+
import { z as z15 } from "zod";
|
|
3006
|
+
var c13 = initContract();
|
|
3007
|
+
var runnerGroupSchema = z15.string().regex(
|
|
3008
|
+
/^[a-z0-9-]+\/[a-z0-9-]+$/,
|
|
3009
|
+
"Runner group must be in org/name format (e.g., acme/production)"
|
|
3010
|
+
);
|
|
3011
|
+
var jobSchema = z15.object({
|
|
3012
|
+
runId: z15.string().uuid(),
|
|
3013
|
+
prompt: z15.string(),
|
|
3014
|
+
agentComposeVersionId: z15.string().nullable(),
|
|
3015
|
+
vars: z15.record(z15.string(), z15.string()).nullable(),
|
|
3016
|
+
checkpointId: z15.string().uuid().nullable()
|
|
3017
|
+
});
|
|
3018
|
+
var runnersPollContract = c13.router({
|
|
3019
|
+
poll: {
|
|
3020
|
+
method: "POST",
|
|
3021
|
+
path: "/api/runners/poll",
|
|
3022
|
+
headers: authHeadersSchema,
|
|
3023
|
+
body: z15.object({
|
|
3024
|
+
group: runnerGroupSchema
|
|
3025
|
+
}),
|
|
3026
|
+
responses: {
|
|
3027
|
+
200: z15.object({
|
|
3028
|
+
job: jobSchema.nullable()
|
|
3029
|
+
}),
|
|
3030
|
+
400: apiErrorSchema,
|
|
3031
|
+
401: apiErrorSchema,
|
|
3032
|
+
500: apiErrorSchema
|
|
3033
|
+
},
|
|
3034
|
+
summary: "Poll for pending jobs (long-polling with 30s timeout)"
|
|
3035
|
+
}
|
|
3036
|
+
});
|
|
3037
|
+
var firewallApiSchema = z15.object({
|
|
3038
|
+
base: z15.string(),
|
|
3039
|
+
auth: z15.object({
|
|
3040
|
+
headers: z15.record(z15.string(), z15.string())
|
|
3041
|
+
}),
|
|
3042
|
+
permissions: z15.array(firewallPermissionSchema).optional()
|
|
3043
|
+
});
|
|
3044
|
+
var firewallSchema = z15.object({
|
|
3045
|
+
name: z15.string(),
|
|
3046
|
+
ref: z15.string(),
|
|
3047
|
+
apis: z15.array(firewallApiSchema)
|
|
3048
|
+
});
|
|
3049
|
+
var experimentalFirewallSchema = z15.array(firewallSchema);
|
|
3050
|
+
var storageEntrySchema = z15.object({
|
|
3051
|
+
mountPath: z15.string(),
|
|
3052
|
+
archiveUrl: z15.string().nullable()
|
|
3053
|
+
});
|
|
3054
|
+
var artifactEntrySchema = z15.object({
|
|
3055
|
+
mountPath: z15.string(),
|
|
3056
|
+
archiveUrl: z15.string().nullable(),
|
|
3057
|
+
vasStorageName: z15.string(),
|
|
3058
|
+
vasVersionId: z15.string()
|
|
3059
|
+
});
|
|
3060
|
+
var storageManifestSchema = z15.object({
|
|
3061
|
+
storages: z15.array(storageEntrySchema),
|
|
3062
|
+
artifact: artifactEntrySchema.nullable(),
|
|
3063
|
+
memory: artifactEntrySchema.nullable()
|
|
3064
|
+
});
|
|
3065
|
+
var resumeSessionSchema = z15.object({
|
|
3066
|
+
sessionId: z15.string(),
|
|
3067
|
+
sessionHistory: z15.string()
|
|
3068
|
+
});
|
|
3069
|
+
var storedExecutionContextSchema = z15.object({
|
|
3070
|
+
workingDir: z15.string(),
|
|
3071
|
+
storageManifest: storageManifestSchema.nullable(),
|
|
3072
|
+
environment: z15.record(z15.string(), z15.string()).nullable(),
|
|
3073
|
+
resumeSession: resumeSessionSchema.nullable(),
|
|
3074
|
+
encryptedSecrets: z15.string().nullable(),
|
|
3075
|
+
// AES-256-GCM encrypted Record<string, string> (secret name → value)
|
|
3076
|
+
// Maps secret names to OAuth connector types for runtime token refresh (e.g. { "GMAIL_ACCESS_TOKEN": "gmail" })
|
|
3077
|
+
secretConnectorMap: z15.record(z15.string(), z15.string()).nullable().optional(),
|
|
3078
|
+
cliAgentType: z15.string(),
|
|
3079
|
+
// Debug flag to force real Claude in mock environments (internal use only)
|
|
3080
|
+
debugNoMockClaude: z15.boolean().optional(),
|
|
3081
|
+
// Dispatch timestamp for E2E timing metrics
|
|
3082
|
+
apiStartTime: z15.number().optional(),
|
|
3083
|
+
// User's timezone preference (IANA format, e.g., "Asia/Shanghai")
|
|
3084
|
+
userTimezone: z15.string().optional(),
|
|
3085
|
+
// Agent metadata for VM0_AGENT_NAME and VM0_AGENT_ORG env vars
|
|
3086
|
+
agentName: z15.string().optional(),
|
|
3087
|
+
agentOrgSlug: z15.string().optional(),
|
|
3088
|
+
// Memory storage name (for first-run when manifest.memory is null)
|
|
3089
|
+
memoryName: z15.string().optional(),
|
|
3090
|
+
// Experimental firewall for proxy-side token replacement
|
|
3091
|
+
experimentalFirewall: experimentalFirewallSchema.optional(),
|
|
3092
|
+
// Experimental capabilities for agent permission enforcement
|
|
3093
|
+
experimentalCapabilities: z15.array(z15.enum(VALID_CAPABILITIES)).optional()
|
|
3094
|
+
});
|
|
3095
|
+
var executionContextSchema = z15.object({
|
|
3096
|
+
runId: z15.string().uuid(),
|
|
3097
|
+
prompt: z15.string(),
|
|
3098
|
+
agentComposeVersionId: z15.string().nullable(),
|
|
3099
|
+
vars: z15.record(z15.string(), z15.string()).nullable(),
|
|
3100
|
+
checkpointId: z15.string().uuid().nullable(),
|
|
3101
|
+
sandboxToken: z15.string(),
|
|
3102
|
+
// New fields for E2B parity:
|
|
3103
|
+
workingDir: z15.string(),
|
|
3104
|
+
storageManifest: storageManifestSchema.nullable(),
|
|
3105
|
+
environment: z15.record(z15.string(), z15.string()).nullable(),
|
|
3106
|
+
resumeSession: resumeSessionSchema.nullable(),
|
|
3107
|
+
secretValues: z15.array(z15.string()).nullable(),
|
|
3108
|
+
// AES-256-GCM encrypted Record<string, string> — passed through to mitm-addon for auth resolution
|
|
3109
|
+
encryptedSecrets: z15.string().nullable(),
|
|
3110
|
+
// Maps secret names to OAuth connector types for runtime token refresh
|
|
3111
|
+
secretConnectorMap: z15.record(z15.string(), z15.string()).nullable().optional(),
|
|
3112
|
+
cliAgentType: z15.string(),
|
|
3113
|
+
// Debug flag to force real Claude in mock environments (internal use only)
|
|
3114
|
+
debugNoMockClaude: z15.boolean().optional(),
|
|
3115
|
+
// Dispatch timestamp for E2E timing metrics
|
|
3116
|
+
apiStartTime: z15.number().optional(),
|
|
3117
|
+
// User's timezone preference (IANA format, e.g., "Asia/Shanghai")
|
|
3118
|
+
userTimezone: z15.string().optional(),
|
|
3119
|
+
// Agent metadata
|
|
3120
|
+
agentName: z15.string().optional(),
|
|
3121
|
+
agentOrgSlug: z15.string().optional(),
|
|
3122
|
+
// Memory storage name (for first-run when manifest.memory is null)
|
|
3123
|
+
memoryName: z15.string().optional(),
|
|
3124
|
+
// Experimental firewall for proxy-side token replacement
|
|
3125
|
+
experimentalFirewall: experimentalFirewallSchema.optional(),
|
|
3126
|
+
// Experimental capabilities for agent permission enforcement
|
|
3127
|
+
experimentalCapabilities: z15.array(z15.enum(VALID_CAPABILITIES)).optional()
|
|
3128
|
+
});
|
|
3129
|
+
var runnersJobClaimContract = c13.router({
|
|
3130
|
+
claim: {
|
|
3131
|
+
method: "POST",
|
|
3132
|
+
path: "/api/runners/jobs/:id/claim",
|
|
3133
|
+
headers: authHeadersSchema,
|
|
3134
|
+
pathParams: z15.object({
|
|
3135
|
+
id: z15.string().uuid()
|
|
3136
|
+
}),
|
|
3137
|
+
body: z15.object({}),
|
|
3138
|
+
responses: {
|
|
3139
|
+
200: executionContextSchema,
|
|
3140
|
+
400: apiErrorSchema,
|
|
3141
|
+
401: apiErrorSchema,
|
|
3142
|
+
403: apiErrorSchema,
|
|
3143
|
+
// Job does not belong to user
|
|
3144
|
+
404: apiErrorSchema,
|
|
3145
|
+
409: apiErrorSchema,
|
|
3146
|
+
// Already claimed
|
|
3147
|
+
500: apiErrorSchema
|
|
3148
|
+
},
|
|
3149
|
+
summary: "Claim a pending job for execution"
|
|
3150
|
+
}
|
|
3151
|
+
});
|
|
3152
|
+
|
|
3151
3153
|
// ../../packages/core/src/contracts/schedules.ts
|
|
3152
3154
|
import { z as z16 } from "zod";
|
|
3153
3155
|
var c14 = initContract();
|
|
@@ -6449,7 +6451,7 @@ var computerConnectorContract = c18.router({
|
|
|
6449
6451
|
}
|
|
6450
6452
|
});
|
|
6451
6453
|
|
|
6452
|
-
// ../../packages/core/src/contracts/
|
|
6454
|
+
// ../../packages/core/src/contracts/firewall.ts
|
|
6453
6455
|
function bearerAuth(secretName) {
|
|
6454
6456
|
return { headers: { Authorization: `Bearer \${{ secrets.${secretName} }}` } };
|
|
6455
6457
|
}
|
|
@@ -6460,7 +6462,7 @@ var FULL_ACCESS_PERMISSION = {
|
|
|
6460
6462
|
function api(base, auth) {
|
|
6461
6463
|
return { base, auth, permissions: [FULL_ACCESS_PERMISSION] };
|
|
6462
6464
|
}
|
|
6463
|
-
var
|
|
6465
|
+
var FIREWALL_CONFIGS = {
|
|
6464
6466
|
ahrefs: {
|
|
6465
6467
|
apis: [api("https://api.ahrefs.com", bearerAuth("AHREFS_TOKEN"))]
|
|
6466
6468
|
},
|
|
@@ -7027,13 +7029,13 @@ var SERVICE_CONFIGS = {
|
|
|
7027
7029
|
]
|
|
7028
7030
|
}
|
|
7029
7031
|
};
|
|
7030
|
-
function
|
|
7031
|
-
const config =
|
|
7032
|
+
function getFirewallConfig(type2) {
|
|
7033
|
+
const config = FIREWALL_CONFIGS[type2];
|
|
7032
7034
|
if (!config) return void 0;
|
|
7033
7035
|
return { ...config, name: type2 };
|
|
7034
7036
|
}
|
|
7035
7037
|
|
|
7036
|
-
// ../../packages/core/src/contracts/
|
|
7038
|
+
// ../../packages/core/src/contracts/firewall-expander.ts
|
|
7037
7039
|
var VALID_RULE_METHODS = /* @__PURE__ */ new Set([
|
|
7038
7040
|
"GET",
|
|
7039
7041
|
"POST",
|
|
@@ -7048,23 +7050,23 @@ function validateRule(rule, permName, serviceName) {
|
|
|
7048
7050
|
const parts = rule.split(" ", 2);
|
|
7049
7051
|
if (parts.length !== 2 || !parts[1]) {
|
|
7050
7052
|
throw new Error(
|
|
7051
|
-
`Invalid rule "${rule}" in permission "${permName}" of
|
|
7053
|
+
`Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": must be "METHOD /path"`
|
|
7052
7054
|
);
|
|
7053
7055
|
}
|
|
7054
7056
|
const [method, path18] = parts;
|
|
7055
7057
|
if (!VALID_RULE_METHODS.has(method)) {
|
|
7056
7058
|
throw new Error(
|
|
7057
|
-
`Invalid rule "${rule}" in permission "${permName}" of
|
|
7059
|
+
`Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": unknown method "${method}" (must be uppercase)`
|
|
7058
7060
|
);
|
|
7059
7061
|
}
|
|
7060
7062
|
if (!path18.startsWith("/")) {
|
|
7061
7063
|
throw new Error(
|
|
7062
|
-
`Invalid rule "${rule}" in permission "${permName}" of
|
|
7064
|
+
`Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": path must start with "/"`
|
|
7063
7065
|
);
|
|
7064
7066
|
}
|
|
7065
7067
|
if (path18.includes("?") || path18.includes("#")) {
|
|
7066
7068
|
throw new Error(
|
|
7067
|
-
`Invalid rule "${rule}" in permission "${permName}" of
|
|
7069
|
+
`Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": path must not contain query string or fragment`
|
|
7068
7070
|
);
|
|
7069
7071
|
}
|
|
7070
7072
|
const segments = path18.split("/").filter(Boolean);
|
|
@@ -7076,18 +7078,18 @@ function validateRule(rule, permName, serviceName) {
|
|
|
7076
7078
|
const baseName = name.endsWith("+") ? name.slice(0, -1) : name;
|
|
7077
7079
|
if (!baseName) {
|
|
7078
7080
|
throw new Error(
|
|
7079
|
-
`Invalid rule "${rule}" in permission "${permName}" of
|
|
7081
|
+
`Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": empty parameter name`
|
|
7080
7082
|
);
|
|
7081
7083
|
}
|
|
7082
7084
|
if (paramNames.has(baseName)) {
|
|
7083
7085
|
throw new Error(
|
|
7084
|
-
`Invalid rule "${rule}" in permission "${permName}" of
|
|
7086
|
+
`Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": duplicate parameter name "{${baseName}}"`
|
|
7085
7087
|
);
|
|
7086
7088
|
}
|
|
7087
7089
|
paramNames.add(baseName);
|
|
7088
7090
|
if (name.endsWith("+") && i !== segments.length - 1) {
|
|
7089
7091
|
throw new Error(
|
|
7090
|
-
`Invalid rule "${rule}" in permission "${permName}" of
|
|
7092
|
+
`Invalid rule "${rule}" in permission "${permName}" of firewall "${serviceName}": {${name}} must be the last segment`
|
|
7091
7093
|
);
|
|
7092
7094
|
}
|
|
7093
7095
|
}
|
|
@@ -7099,31 +7101,31 @@ function validateBaseUrl(base, serviceName) {
|
|
|
7099
7101
|
url = new URL(base);
|
|
7100
7102
|
} catch {
|
|
7101
7103
|
throw new Error(
|
|
7102
|
-
`Invalid base URL "${base}" in
|
|
7104
|
+
`Invalid base URL "${base}" in firewall "${serviceName}": not a valid URL`
|
|
7103
7105
|
);
|
|
7104
7106
|
}
|
|
7105
7107
|
if (url.search) {
|
|
7106
7108
|
throw new Error(
|
|
7107
|
-
`Invalid base URL "${base}" in
|
|
7109
|
+
`Invalid base URL "${base}" in firewall "${serviceName}": must not contain query string`
|
|
7108
7110
|
);
|
|
7109
7111
|
}
|
|
7110
7112
|
if (url.hash) {
|
|
7111
7113
|
throw new Error(
|
|
7112
|
-
`Invalid base URL "${base}" in
|
|
7114
|
+
`Invalid base URL "${base}" in firewall "${serviceName}": must not contain fragment`
|
|
7113
7115
|
);
|
|
7114
7116
|
}
|
|
7115
7117
|
}
|
|
7116
|
-
function
|
|
7118
|
+
function resolveFirewallConfig(ref) {
|
|
7117
7119
|
const parsed = connectorTypeSchema.safeParse(ref);
|
|
7118
7120
|
if (!parsed.success) {
|
|
7119
7121
|
throw new Error(
|
|
7120
|
-
`Cannot resolve
|
|
7122
|
+
`Cannot resolve firewall ref "${ref}": no built-in firewall config with this name`
|
|
7121
7123
|
);
|
|
7122
7124
|
}
|
|
7123
|
-
const serviceConfig =
|
|
7125
|
+
const serviceConfig = getFirewallConfig(parsed.data);
|
|
7124
7126
|
if (!serviceConfig) {
|
|
7125
7127
|
throw new Error(
|
|
7126
|
-
`
|
|
7128
|
+
`Firewall ref "${ref}" resolved to "${parsed.data}" but it does not support proxy-side token replacement`
|
|
7127
7129
|
);
|
|
7128
7130
|
}
|
|
7129
7131
|
return serviceConfig;
|
|
@@ -7131,7 +7133,7 @@ function resolveServiceConfig(ref) {
|
|
|
7131
7133
|
function collectAndValidatePermissions(ref, serviceConfig) {
|
|
7132
7134
|
if (serviceConfig.apis.length === 0) {
|
|
7133
7135
|
throw new Error(
|
|
7134
|
-
`
|
|
7136
|
+
`Firewall "${serviceConfig.name}" (ref "${ref}") has no api entries`
|
|
7135
7137
|
);
|
|
7136
7138
|
}
|
|
7137
7139
|
const available = /* @__PURE__ */ new Set();
|
|
@@ -7139,29 +7141,29 @@ function collectAndValidatePermissions(ref, serviceConfig) {
|
|
|
7139
7141
|
validateBaseUrl(api2.base, serviceConfig.name);
|
|
7140
7142
|
if (!api2.permissions || api2.permissions.length === 0) {
|
|
7141
7143
|
throw new Error(
|
|
7142
|
-
`API entry "${api2.base}" in
|
|
7144
|
+
`API entry "${api2.base}" in firewall "${serviceConfig.name}" (ref "${ref}") has no permissions`
|
|
7143
7145
|
);
|
|
7144
7146
|
}
|
|
7145
7147
|
const seen = /* @__PURE__ */ new Set();
|
|
7146
7148
|
for (const perm of api2.permissions) {
|
|
7147
7149
|
if (!perm.name) {
|
|
7148
7150
|
throw new Error(
|
|
7149
|
-
`
|
|
7151
|
+
`Firewall "${serviceConfig.name}" (ref "${ref}") has a permission with empty name`
|
|
7150
7152
|
);
|
|
7151
7153
|
}
|
|
7152
7154
|
if (perm.name === "all") {
|
|
7153
7155
|
throw new Error(
|
|
7154
|
-
`
|
|
7156
|
+
`Firewall "${serviceConfig.name}" (ref "${ref}") has a permission named "all", which is a reserved keyword`
|
|
7155
7157
|
);
|
|
7156
7158
|
}
|
|
7157
7159
|
if (seen.has(perm.name)) {
|
|
7158
7160
|
throw new Error(
|
|
7159
|
-
`Duplicate permission name "${perm.name}" in API entry "${api2.base}" of
|
|
7161
|
+
`Duplicate permission name "${perm.name}" in API entry "${api2.base}" of firewall "${serviceConfig.name}" (ref "${ref}")`
|
|
7160
7162
|
);
|
|
7161
7163
|
}
|
|
7162
7164
|
if (perm.rules.length === 0) {
|
|
7163
7165
|
throw new Error(
|
|
7164
|
-
`Permission "${perm.name}" in
|
|
7166
|
+
`Permission "${perm.name}" in firewall "${serviceConfig.name}" (ref "${ref}") has no rules`
|
|
7165
7167
|
);
|
|
7166
7168
|
}
|
|
7167
7169
|
for (const rule of perm.rules) {
|
|
@@ -7173,16 +7175,16 @@ function collectAndValidatePermissions(ref, serviceConfig) {
|
|
|
7173
7175
|
}
|
|
7174
7176
|
return available;
|
|
7175
7177
|
}
|
|
7176
|
-
function
|
|
7178
|
+
function expandFirewallConfigs(config) {
|
|
7177
7179
|
const compose = config;
|
|
7178
7180
|
if (!compose?.agents) return;
|
|
7179
7181
|
for (const agent of Object.values(compose.agents)) {
|
|
7180
|
-
const
|
|
7181
|
-
if (!
|
|
7182
|
-
if (Array.isArray(
|
|
7182
|
+
const configs = agent.experimental_firewall;
|
|
7183
|
+
if (!configs) continue;
|
|
7184
|
+
if (Array.isArray(configs)) continue;
|
|
7183
7185
|
const expanded = [];
|
|
7184
|
-
for (const [ref, selection] of Object.entries(
|
|
7185
|
-
const serviceConfig =
|
|
7186
|
+
for (const [ref, selection] of Object.entries(configs)) {
|
|
7187
|
+
const serviceConfig = resolveFirewallConfig(ref);
|
|
7186
7188
|
const availablePermissions = collectAndValidatePermissions(
|
|
7187
7189
|
ref,
|
|
7188
7190
|
serviceConfig
|
|
@@ -7192,7 +7194,7 @@ function expandServiceConfigs(config) {
|
|
|
7192
7194
|
if (!availablePermissions.has(name)) {
|
|
7193
7195
|
const available = [...availablePermissions].join(", ");
|
|
7194
7196
|
throw new Error(
|
|
7195
|
-
`Permission "${name}" does not exist in
|
|
7197
|
+
`Permission "${name}" does not exist in firewall "${serviceConfig.name}" (ref "${ref}"). Available: ${available}`
|
|
7196
7198
|
);
|
|
7197
7199
|
}
|
|
7198
7200
|
}
|
|
@@ -7214,7 +7216,7 @@ function expandServiceConfigs(config) {
|
|
|
7214
7216
|
entry.placeholders = serviceConfig.placeholders;
|
|
7215
7217
|
expanded.push(entry);
|
|
7216
7218
|
}
|
|
7217
|
-
agent.
|
|
7219
|
+
agent.experimental_firewall = expanded;
|
|
7218
7220
|
}
|
|
7219
7221
|
}
|
|
7220
7222
|
|
|
@@ -7810,7 +7812,8 @@ var FEATURE_SWITCHES = {
|
|
|
7810
7812
|
},
|
|
7811
7813
|
["zero" /* Zero */]: {
|
|
7812
7814
|
maintainer: "ethan@vm0.ai",
|
|
7813
|
-
enabled: false
|
|
7815
|
+
enabled: false,
|
|
7816
|
+
enabledUserHashes: STAFF_USER_HASHES
|
|
7814
7817
|
}
|
|
7815
7818
|
};
|
|
7816
7819
|
async function isFeatureEnabled(key, userId) {
|
|
@@ -8901,24 +8904,42 @@ import * as path2 from "path";
|
|
|
8901
8904
|
import * as fs from "fs/promises";
|
|
8902
8905
|
import * as path from "path";
|
|
8903
8906
|
import * as os2 from "os";
|
|
8904
|
-
import {
|
|
8907
|
+
import { execFile } from "child_process";
|
|
8905
8908
|
import { promisify } from "util";
|
|
8906
|
-
var
|
|
8909
|
+
var execFileAsync = promisify(execFile);
|
|
8910
|
+
function sanitizeGitArg(value, label) {
|
|
8911
|
+
if (!/^[a-zA-Z0-9._/\-@]+$/.test(value)) {
|
|
8912
|
+
throw new Error(
|
|
8913
|
+
`Invalid ${label}: contains disallowed characters. Only alphanumeric, dash, underscore, dot, slash, and @ are permitted.`
|
|
8914
|
+
);
|
|
8915
|
+
}
|
|
8916
|
+
if (value.startsWith("-")) {
|
|
8917
|
+
throw new Error(`Invalid ${label}: must not start with a dash`);
|
|
8918
|
+
}
|
|
8919
|
+
return value;
|
|
8920
|
+
}
|
|
8907
8921
|
async function downloadGitHubSkill(parsed, destDir) {
|
|
8908
|
-
const
|
|
8922
|
+
const owner = sanitizeGitArg(parsed.owner, "repository owner");
|
|
8923
|
+
const repo = sanitizeGitArg(parsed.repo, "repository name");
|
|
8924
|
+
const branch = sanitizeGitArg(parsed.branch, "branch name");
|
|
8925
|
+
const repoUrl = `https://github.com/${owner}/${repo}.git`;
|
|
8909
8926
|
const skillDir = path.join(destDir, parsed.skillName);
|
|
8910
8927
|
const tempDir = await fs.mkdtemp(path.join(os2.tmpdir(), "vm0-skill-"));
|
|
8911
8928
|
try {
|
|
8912
|
-
await
|
|
8913
|
-
await
|
|
8914
|
-
|
|
8929
|
+
await execFileAsync("git", ["init"], { cwd: tempDir });
|
|
8930
|
+
await execFileAsync("git", ["remote", "add", "origin", repoUrl], {
|
|
8931
|
+
cwd: tempDir
|
|
8932
|
+
});
|
|
8933
|
+
await execFileAsync("git", ["config", "core.sparseCheckout", "true"], {
|
|
8934
|
+
cwd: tempDir
|
|
8935
|
+
});
|
|
8915
8936
|
const sparsePattern = parsed.path || "/*";
|
|
8916
8937
|
const sparseFile = path.join(tempDir, ".git", "info", "sparse-checkout");
|
|
8917
8938
|
await fs.writeFile(sparseFile, sparsePattern + "\n");
|
|
8918
|
-
await
|
|
8939
|
+
await execFileAsync("git", ["fetch", "--depth", "1", "origin", branch], {
|
|
8919
8940
|
cwd: tempDir
|
|
8920
8941
|
});
|
|
8921
|
-
await
|
|
8942
|
+
await execFileAsync("git", ["checkout", branch], { cwd: tempDir });
|
|
8922
8943
|
await fs.mkdir(path.dirname(skillDir), { recursive: true });
|
|
8923
8944
|
if (parsed.path) {
|
|
8924
8945
|
const fetchedPath = path.join(tempDir, parsed.path);
|
|
@@ -8937,11 +8958,16 @@ async function downloadGitHubSkill(parsed, destDir) {
|
|
|
8937
8958
|
}
|
|
8938
8959
|
}
|
|
8939
8960
|
async function getDefaultBranch(owner, repo) {
|
|
8940
|
-
const
|
|
8961
|
+
const safeOwner = sanitizeGitArg(owner, "repository owner");
|
|
8962
|
+
const safeRepo = sanitizeGitArg(repo, "repository name");
|
|
8963
|
+
const repoUrl = `https://github.com/${safeOwner}/${safeRepo}.git`;
|
|
8941
8964
|
try {
|
|
8942
|
-
const { stdout } = await
|
|
8943
|
-
|
|
8944
|
-
|
|
8965
|
+
const { stdout } = await execFileAsync("git", [
|
|
8966
|
+
"ls-remote",
|
|
8967
|
+
"--symref",
|
|
8968
|
+
repoUrl,
|
|
8969
|
+
"HEAD"
|
|
8970
|
+
]);
|
|
8945
8971
|
const match = stdout.match(/ref: refs\/heads\/([^\s]+)/);
|
|
8946
8972
|
if (!match) {
|
|
8947
8973
|
throw new Error(
|
|
@@ -8969,25 +8995,34 @@ async function downloadGitHubDirectory(url) {
|
|
|
8969
8995
|
`Invalid GitHub URL: ${url}. Expected format: https://github.com/{owner}/{repo}[/tree/{branch}[/path]]`
|
|
8970
8996
|
);
|
|
8971
8997
|
}
|
|
8972
|
-
const
|
|
8998
|
+
const safeOwner = sanitizeGitArg(parsed.owner, "repository owner");
|
|
8999
|
+
const safeRepo = sanitizeGitArg(parsed.repo, "repository name");
|
|
9000
|
+
const repoUrl = `https://github.com/${safeOwner}/${safeRepo}.git`;
|
|
8973
9001
|
const tempDir = await fs.mkdtemp(path.join(os2.tmpdir(), "vm0-github-"));
|
|
8974
9002
|
try {
|
|
8975
9003
|
try {
|
|
8976
|
-
await
|
|
9004
|
+
await execFileAsync("git", ["--version"]);
|
|
8977
9005
|
} catch {
|
|
8978
9006
|
throw new Error(
|
|
8979
9007
|
"git command not found. Please install git to use GitHub URLs."
|
|
8980
9008
|
);
|
|
8981
9009
|
}
|
|
8982
|
-
const branch =
|
|
8983
|
-
|
|
8984
|
-
|
|
8985
|
-
|
|
9010
|
+
const branch = sanitizeGitArg(
|
|
9011
|
+
parsed.branch ?? await getDefaultBranch(safeOwner, safeRepo),
|
|
9012
|
+
"branch name"
|
|
9013
|
+
);
|
|
9014
|
+
await execFileAsync("git", ["init"], { cwd: tempDir });
|
|
9015
|
+
await execFileAsync("git", ["remote", "add", "origin", repoUrl], {
|
|
9016
|
+
cwd: tempDir
|
|
9017
|
+
});
|
|
9018
|
+
await execFileAsync("git", ["config", "core.sparseCheckout", "true"], {
|
|
9019
|
+
cwd: tempDir
|
|
9020
|
+
});
|
|
8986
9021
|
const sparsePattern = parsed.path ?? "/*";
|
|
8987
9022
|
const sparseFile = path.join(tempDir, ".git", "info", "sparse-checkout");
|
|
8988
9023
|
await fs.writeFile(sparseFile, sparsePattern + "\n");
|
|
8989
9024
|
try {
|
|
8990
|
-
await
|
|
9025
|
+
await execFileAsync("git", ["fetch", "--depth", "1", "origin", branch], {
|
|
8991
9026
|
cwd: tempDir
|
|
8992
9027
|
});
|
|
8993
9028
|
} catch (error) {
|
|
@@ -9000,7 +9035,7 @@ async function downloadGitHubDirectory(url) {
|
|
|
9000
9035
|
}
|
|
9001
9036
|
throw error;
|
|
9002
9037
|
}
|
|
9003
|
-
await
|
|
9038
|
+
await execFileAsync("git", ["checkout", branch], { cwd: tempDir });
|
|
9004
9039
|
const downloadedDir = parsed.path ? path.join(tempDir, parsed.path) : tempDir;
|
|
9005
9040
|
return {
|
|
9006
9041
|
dir: downloadedDir,
|
|
@@ -9773,7 +9808,7 @@ async function finalizeCompose(config, agent, variables, options) {
|
|
|
9773
9808
|
process.exit(0);
|
|
9774
9809
|
}
|
|
9775
9810
|
mergeSkillVariables(agent, variables);
|
|
9776
|
-
|
|
9811
|
+
expandFirewallConfigs(config);
|
|
9777
9812
|
if (!options.json) {
|
|
9778
9813
|
console.log("Uploading compose...");
|
|
9779
9814
|
}
|
|
@@ -9913,7 +9948,7 @@ var composeCommand = new Command7().name("compose").description("Create or updat
|
|
|
9913
9948
|
options.autoUpdate = false;
|
|
9914
9949
|
}
|
|
9915
9950
|
if (options.autoUpdate !== false) {
|
|
9916
|
-
await startSilentUpgrade("9.59.
|
|
9951
|
+
await startSilentUpgrade("9.59.6");
|
|
9917
9952
|
}
|
|
9918
9953
|
try {
|
|
9919
9954
|
let result;
|
|
@@ -11087,7 +11122,7 @@ var mainRunCommand = new Command8().name("run").description("Run an agent").argu
|
|
|
11087
11122
|
withErrorHandler(
|
|
11088
11123
|
async (identifier, prompt, options) => {
|
|
11089
11124
|
if (options.autoUpdate !== false) {
|
|
11090
|
-
await startSilentUpgrade("9.59.
|
|
11125
|
+
await startSilentUpgrade("9.59.6");
|
|
11091
11126
|
}
|
|
11092
11127
|
const { org, name, version } = parseIdentifier(identifier);
|
|
11093
11128
|
if (org && !options.experimentalSharedAgent) {
|
|
@@ -12774,7 +12809,7 @@ var cookAction = new Command34().name("cook").description("Quick start: prepare,
|
|
|
12774
12809
|
withErrorHandler(
|
|
12775
12810
|
async (prompt, options) => {
|
|
12776
12811
|
if (options.autoUpdate !== false) {
|
|
12777
|
-
const shouldExit = await checkAndUpgrade("9.59.
|
|
12812
|
+
const shouldExit = await checkAndUpgrade("9.59.6", prompt);
|
|
12778
12813
|
if (shouldExit) {
|
|
12779
12814
|
process.exit(0);
|
|
12780
12815
|
}
|
|
@@ -18125,13 +18160,13 @@ var upgradeCommand = new Command90().name("upgrade").description("Upgrade vm0 CL
|
|
|
18125
18160
|
if (latestVersion === null) {
|
|
18126
18161
|
throw new Error("Could not check for updates. Please try again later.");
|
|
18127
18162
|
}
|
|
18128
|
-
if (latestVersion === "9.59.
|
|
18129
|
-
console.log(chalk84.green(`\u2713 Already up to date (${"9.59.
|
|
18163
|
+
if (latestVersion === "9.59.6") {
|
|
18164
|
+
console.log(chalk84.green(`\u2713 Already up to date (${"9.59.6"})`));
|
|
18130
18165
|
return;
|
|
18131
18166
|
}
|
|
18132
18167
|
console.log(
|
|
18133
18168
|
chalk84.yellow(
|
|
18134
|
-
`Current version: ${"9.59.
|
|
18169
|
+
`Current version: ${"9.59.6"} -> Latest version: ${latestVersion}`
|
|
18135
18170
|
)
|
|
18136
18171
|
);
|
|
18137
18172
|
console.log();
|
|
@@ -18158,7 +18193,7 @@ var upgradeCommand = new Command90().name("upgrade").description("Upgrade vm0 CL
|
|
|
18158
18193
|
const success = await performUpgrade(packageManager);
|
|
18159
18194
|
if (success) {
|
|
18160
18195
|
console.log(
|
|
18161
|
-
chalk84.green(`\u2713 Upgraded from ${"9.59.
|
|
18196
|
+
chalk84.green(`\u2713 Upgraded from ${"9.59.6"} to ${latestVersion}`)
|
|
18162
18197
|
);
|
|
18163
18198
|
return;
|
|
18164
18199
|
}
|
|
@@ -18172,7 +18207,7 @@ var upgradeCommand = new Command90().name("upgrade").description("Upgrade vm0 CL
|
|
|
18172
18207
|
|
|
18173
18208
|
// src/index.ts
|
|
18174
18209
|
var program = new Command91();
|
|
18175
|
-
program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.59.
|
|
18210
|
+
program.name("vm0").description("VM0 CLI - Build and run agents with natural language").version("9.59.6");
|
|
18176
18211
|
program.addCommand(authCommand);
|
|
18177
18212
|
program.addCommand(infoCommand);
|
|
18178
18213
|
program.addCommand(composeCommand);
|