@witqq/agent-sdk 0.6.1 → 0.8.0

package/dist/{types-BvwNzZCj.d.ts → agent-DxY68NZL.d.cts}

@@ -1,34 +1,11 @@
 import { z } from 'zod';
-
-/** Pluggable store for persisting permission (scope) decisions across runs. */
-interface IPermissionStore {
-    /** Check if tool is already approved */
-    isApproved(toolName: string): Promise<boolean>;
-    /** Store an approval decision */
-    approve(toolName: string, scope: PermissionScope): Promise<void>;
-    /** Revoke approval for a tool */
-    revoke(toolName: string): Promise<void>;
-    /** Clear all approvals */
-    clear(): Promise<void>;
-    /** Dispose resources */
-    dispose(): Promise<void>;
-}
+import { E as ErrorCode } from './errors-C-so0M4t.cjs';
 
 /** JSON-serializable value used for tool arguments and results */
 type JSONValue = string | number | boolean | null | JSONValue[] | {
     [key: string]: JSONValue;
 };
-/** Message content — plain string or array of text/image parts */
-type MessageContent = string | Array<ContentPart>;
-/** Individual content part within a multi-part message */
-type ContentPart = {
-    type: "text";
-    text: string;
-} | {
-    type: "image";
-    data: string;
-    mimeType: string;
-};
+
 /** What the LLM sees — name, description, schema. Passed to all backends. */
 interface ToolDeclaration<TParams = unknown> {
     name: string;
@@ -42,9 +19,19 @@ interface ToolDeclaration<TParams = unknown> {
     };
 }
 /** Full tool with execute function. Required for API-based backends.
- *  CLI backends extract declaration; execute map held internally. */
+ *  CLI backends extract declaration; execute map held internally.
+ *  The optional second parameter receives request-scoped context
+ *  when invoked through ChatRuntime (session ID, user data, custom metadata). */
 interface ToolDefinition<TParams = unknown> extends ToolDeclaration<TParams> {
-    execute: (params: TParams) => Promise<JSONValue> | JSONValue;
+    execute: (params: TParams, context?: ToolContext) => Promise<unknown> | unknown;
+}
+/** Request-scoped context passed to tool execute functions via ChatRuntime.
+ *  Contains session identity and user-defined metadata from the current session. */
+interface ToolContext {
+    /** Active chat session ID */
+    sessionId: string;
+    /** Custom metadata from the session (e.g. user ID, tenant, permissions) */
+    custom?: Record<string, unknown>;
 }
 /** A tool call made by the LLM during execution */
 interface ToolCall {
@@ -59,6 +46,18 @@ interface ToolResult {
     result: JSONValue;
     isError?: boolean;
 }
+
+/** Message content — plain string or array of text/image parts */
+type MessageContent = string | Array<ContentPart>;
+/** Individual content part within a multi-part message */
+type ContentPart = {
+    type: "text";
+    text: string;
+} | {
+    type: "image";
+    data: string;
+    mimeType: string;
+};
 /** Conversation message — discriminated union on `role` */
 type Message = {
     role: "user";
@@ -75,12 +74,15 @@ type Message = {
     role: "system";
     content: string;
 };
+
 /** Scope for "remember this decision" */
 type PermissionScope = "once" | "session" | "project" | "always";
 /** What the permission callback receives */
 interface PermissionRequest {
     toolName: string;
     toolArgs: Record<string, unknown>;
+    /** Unique identifier for this specific tool call */
+    toolCallId?: string;
     /** SDK-suggested scope (from Claude CLI's suggestions) */
     suggestedScope?: PermissionScope;
     /** Original SDK permission request (for pass-through) */
@@ -118,12 +120,32 @@ interface SupervisorHooks {
     onPermission?: PermissionCallback;
     onAskUser?: (request: UserInputRequest, signal: AbortSignal) => Promise<UserInputResponse>;
 }
-/** Configuration for typed structured output from LLM */
-interface StructuredOutputConfig<T = unknown> {
-    schema: z.ZodType<T>;
+
+/** Model metadata returned by listModels() */
+interface ModelInfo {
+    id: string;
     name?: string;
-    description?: string;
+    provider?: string;
+    /** Model tier for UI categorization and cost hints */
+    tier?: "fast" | "standard" | "premium";
+    /** Context window size in tokens */
+    contextWindow?: number;
+    /** Model capabilities (e.g. "vision", "tools", "structured") */
+    capabilities?: string[];
+}
+/** LLM model parameters */
+interface ModelParams {
+    temperature?: number;
+    maxTokens?: number;
+    topP?: number;
+    stopSequences?: string[];
+}
+/** Result of backend validation check */
+interface ValidationResult {
+    valid: boolean;
+    errors: string[];
 }
+
 /** Usage data from LLM execution — tokens consumed plus optional metadata */
 interface UsageData {
     promptTokens: number;
@@ -182,24 +204,78 @@ type AgentEvent = {
     type: "error";
     error: string;
     recoverable: boolean;
+    code?: ErrorCode;
 } | {
     type: "done";
     finalOutput: string | null;
     structuredOutput?: unknown;
+    streamed?: boolean;
 };
-/** Options passed to agent.run() / agent.stream() */
-interface RunOptions {
-    /** AbortSignal for cancellation */
+
+/** Pluggable store for persisting permission (scope) decisions across runs. */
+interface IPermissionStore {
+    /** Check if tool is already approved */
+    isApproved(toolName: string): Promise<boolean>;
+    /** Store an approval decision */
+    approve(toolName: string, scope: PermissionScope): Promise<void>;
+    /** Revoke approval for a tool */
+    revoke(toolName: string): Promise<void>;
+    /** Clear all approvals */
+    clear(): Promise<void>;
+    /** Dispose resources */
+    dispose(): Promise<void>;
+}
+
+/** Per-call overrides passed to run(), stream(), runStructured().
+ *  Allows overriding the model, tools, signal, and other parameters
+ *  on a per-request basis without modifying the agent configuration. */
+interface CallOptions {
+    /** Override the default model for this call */
+    model?: string;
+    /** Override/extend tools for this call */
+    tools?: ToolDefinition[];
+    /** Per-call abort signal */
     signal?: AbortSignal;
+    /** Override system message for this call */
+    systemMessage?: string;
+    /** Provider-specific options passed through to the underlying SDK */
+    providerOptions?: Record<string, unknown>;
+    /** Per-call timeout in milliseconds */
+    timeout?: number;
+    /** Per-call token limit */
+    maxTokens?: number;
+    /** Retry configuration for this call */
+    retry?: RetryConfig;
+}
+/** Configuration for automatic retries on transient errors */
+interface RetryConfig {
+    /** Maximum number of retries (default: 0 — no retry) */
+    maxRetries?: number;
+    /** Initial delay in ms before first retry (default: 1000) */
+    initialDelayMs?: number;
+    /** Backoff multiplier (default: 2) */
+    backoffMultiplier?: number;
+    /** Which error codes to retry (default: all recoverable codes) */
+    retryableErrors?: ErrorCode[];
+}
+/** Configuration for typed structured output from LLM */
+interface StructuredOutputConfig<T = unknown> {
+    schema: z.ZodType<T>;
+    name?: string;
+    description?: string;
+}
+/** Options passed to agent.run() / agent.stream().
+ *  Extends CallOptions with run-specific fields (context, activityTimeoutMs).
+ *  model is REQUIRED — every agent call must specify the model explicitly. */
+interface RunOptions extends CallOptions {
+    /** Model to use for this call (required — no implicit defaults) */
+    model: string;
     /** Arbitrary context passed to the agent run */
     context?: Record<string, unknown>;
-}
-/** LLM model parameters */
-interface ModelParams {
-    temperature?: number;
-    maxTokens?: number;
-    topP?: number;
-    stopSequences?: string[];
+    /** Inactivity timeout for streaming (ms). When set, the stream aborts if no
+     *  event (including heartbeats/progress) arrives within this period. Resets on
+     *  every received event. Default: no timeout. Only affects stream()/streamWithContext(). */
+    activityTimeoutMs?: number;
 }
 /** Timeout configuration for agent operations */
 interface TimeoutConfig {
@@ -224,12 +300,10 @@ interface ErrorHandlingConfig {
         phase: "tool" | "llm" | "permission" | "ask-user";
     }) => void;
 }
-/** Configuration for creating an agent */
+/** Identity-only agent configuration — defines the agent's behavior, NOT per-call defaults.
+ *  For creating an agent with model/tools defaults, use FullAgentConfig. */
 interface AgentConfig {
-    model?: string;
-    modelParams?: ModelParams;
     systemPrompt: string;
-    tools: ToolDefinition[];
     supervisor?: SupervisorHooks;
     maxTurns?: number;
     timeout?: TimeoutConfig;
@@ -239,8 +313,14 @@ interface AgentConfig {
     /** How to apply systemPrompt: "append" adds to backend default, "replace" overrides it.
      *  Default: "append". Currently used by the Copilot backend. */
     systemMessageMode?: "append" | "replace";
-    /** Filter for backend built-in tools (e.g. ["web_search", "web_fetch"] for Copilot).
-     *  When set, only listed built-in tools are available. Backend-specific. */
+    /**
+     * Filter for backend built-in tools (e.g. `["web_search", "web_fetch"]` for Copilot).
+     * When set, only listed built-in tools are available. Backend-specific.
+     *
+     * **Security note**: This is a trust boundary — it controls which backend-native tools
+     * the AI agent can invoke. By default, backends expose ALL their built-in tools.
+     * Set this to restrict access (e.g. prevent file system access in a web-facing agent).
+     */
     availableTools?: string[];
     /** Callback invoked with usage data after run completion or during streaming.
      *  Fire-and-forget: errors are logged but not propagated. */
@@ -254,11 +334,24 @@ interface AgentConfig {
      *  "persistent": reuses the same CLI session across calls, preserving conversation
      *  history natively in the CLI backend. Session is destroyed on agent dispose(). */
     sessionMode?: "per-call" | "persistent";
+}
+/** Per-call defaults that can be provided at agent creation time.
+ *  Each field can also be overridden on individual calls via RunOptions. */
+interface CallDefaults {
+    /** Default model (overridable per-call via RunOptions.model) */
+    model?: string;
+    /** Default model parameters */
+    modelParams?: ModelParams;
+    /** Default tools (overridable per-call via RunOptions.tools) */
+    tools?: ToolDefinition[];
     /** Provider-specific options passed through to the underlying SDK.
      *  For Vercel AI: passed as providerOptions to generateText/streamText.
      *  Example: { google: { thinkingConfig: { thinkingBudget: 1024 } } } */
     providerOptions?: Record<string, Record<string, unknown>>;
 }
+/** Full agent configuration: identity + per-call defaults.
+ *  This is what createAgent() accepts. Backward-compatible with the old AgentConfig shape. */
+type FullAgentConfig = AgentConfig & CallDefaults;
 /** Result of an agent run, generic over structured output type T */
 interface AgentResult<T = void> {
     output: string | null;
@@ -280,15 +373,15 @@ interface IAgent {
      *  or before the first call. Can be stored externally for session resume. */
     readonly sessionId: string | undefined;
     /** Run a single prompt and return the result. Wraps prompt in a user message. */
-    run(prompt: MessageContent, options?: RunOptions): Promise<AgentResult>;
+    run(prompt: MessageContent, options: RunOptions): Promise<AgentResult>;
     /** Run with full conversation history. Messages are passed directly to the backend. */
-    runWithContext(messages: Message[], options?: RunOptions): Promise<AgentResult>;
+    runWithContext(messages: Message[], options: RunOptions): Promise<AgentResult>;
     /** Run with structured output validated against a Zod schema. */
-    runStructured<T>(prompt: MessageContent, schema: StructuredOutputConfig<T>, options?: RunOptions): Promise<AgentResult<T>>;
+    runStructured<T>(prompt: MessageContent, schema: StructuredOutputConfig<T>, options: RunOptions): Promise<AgentResult<T>>;
     /** Stream events for a single prompt. Wraps prompt in a user message. */
-    stream(prompt: MessageContent, options?: RunOptions): AsyncIterable<AgentEvent>;
+    stream(prompt: MessageContent, options: RunOptions): AsyncIterable<AgentEvent>;
     /** Stream events with full conversation history. Messages are passed directly to the backend. */
-    streamWithContext(messages: Message[], options?: RunOptions): AsyncIterable<AgentEvent>;
+    streamWithContext(messages: Message[], options: RunOptions): AsyncIterable<AgentEvent>;
     /** Abort the current operation. No-op if not running. */
     abort(): void;
     /** Gracefully interrupt the current operation. Resolves when the backend acknowledges. */
@@ -296,57 +389,17 @@ interface IAgent {
     /** Get current agent lifecycle state. */
     getState(): AgentState;
     /** Get frozen agent configuration. */
-    getConfig(): Readonly<AgentConfig>;
+    getConfig(): Readonly<FullAgentConfig>;
     /** Release resources. After dispose(), agent must not be used. */
     dispose(): void;
 }
-/** Model metadata returned by listModels() */
-interface ModelInfo {
-    id: string;
-    name?: string;
-    provider?: string;
-}
-/** Result of backend validation check */
-interface ValidationResult {
-    valid: boolean;
-    errors: string[];
-}
 /** Backend service interface — creates agents, lists models, validates config */
 interface IAgentService {
     readonly name: string;
-    createAgent(config: AgentConfig): IAgent;
+    createAgent(config: FullAgentConfig): IAgent;
     listModels(): Promise<ModelInfo[]>;
     validate(): Promise<ValidationResult>;
     dispose(): Promise<void>;
 }
-/** Options for Copilot CLI backend */
-interface CopilotBackendOptions {
-    cliPath?: string;
-    workingDirectory?: string;
-    githubToken?: string;
-    useLoggedInUser?: boolean;
-    /** Extra CLI arguments passed to the Copilot subprocess (e.g. ["--allow-all"]) */
-    cliArgs?: string[];
-    /** Timeout in milliseconds for sendAndWait() calls. When undefined, uses copilot-sdk default (60s). */
-    timeout?: number;
-    /** Custom environment variables merged into the subprocess env */
-    env?: Record<string, string | undefined>;
-}
-/** Options for Claude CLI backend */
-interface ClaudeBackendOptions {
-    cliPath?: string;
-    workingDirectory?: string;
-    maxTurns?: number;
-    /** OAuth token for Claude authentication (set as CLAUDE_CODE_OAUTH_TOKEN env var) */
-    oauthToken?: string;
-    /** Custom environment variables merged into the subprocess env */
-    env?: Record<string, string | undefined>;
-}
-/** Options for Vercel AI SDK backend */
-interface VercelAIBackendOptions {
-    apiKey: string;
-    provider?: string;
-    baseUrl?: string;
-}
 
-export type { CopilotBackendOptions as C, IAgentService as I, VercelAIBackendOptions as V, ClaudeBackendOptions as a };
+export type { AgentEvent as A, FullAgentConfig as F, IAgentService as I, ModelInfo as M, RunOptions as R, ToolDefinition as T, UsageData as U, ValidationResult as V, MessageContent as a, AgentResult as b, IAgent as c, Message as d, ToolResult as e };

package/dist/auth/index.cjs

@@ -2,10 +2,33 @@
 
 var crypto = require('crypto');
 
-// src/auth/types.ts
-var AuthError = class extends Error {
+// src/errors.ts
+var AgentSDKError = class extends Error {
+  /** @internal Marker for cross-bundle identity checks */
+  _agentSDKError = true;
+  /** Machine-readable error code. Prefer values from the ErrorCode enum. */
+  code;
+  /** Whether this error is safe to retry */
+  retryable;
+  /** HTTP status code hint for error classification */
+  httpStatus;
   constructor(message, options) {
     super(message, options);
+    this.name = "AgentSDKError";
+    this.code = options?.code;
+    this.retryable = options?.retryable ?? false;
+    this.httpStatus = options?.httpStatus;
+  }
+  /** Check if an error is an AgentSDKError (works across bundled copies) */
+  static is(error) {
+    return error instanceof Error && "_agentSDKError" in error && error._agentSDKError === true;
+  }
+};
+
+// src/auth/types.ts
+var AuthError = class extends AgentSDKError {
+  constructor(message, options) {
+    super(message, { ...options, code: "AUTH_EXPIRED" /* AUTH_EXPIRED */ });
     this.name = "AuthError";
   }
 };
@@ -118,6 +141,12 @@ var CopilotAuth = class {
           tokenType: data.token_type ?? "bearer",
           obtainedAt: Date.now()
         };
+        if (data.refresh_token) {
+          token.refreshToken = data.refresh_token;
+        }
+        if (data.expires_in) {
+          token.expiresIn = data.expires_in;
+        }
         try {
           const login = await this.fetchUserLogin(data.access_token, signal);
           if (login) token.login = login;
@@ -155,6 +184,62 @@ var CopilotAuth = class {
     const user = await response.json();
     return user.login;
   }
+  /**
+   * Refresh an expired Copilot token using a refresh token.
+   * Only works for GitHub App tokens that include a refresh_token.
+   *
+   * @param refreshToken - The refresh token from the original auth flow
+   * @param signal - Optional abort signal
+   * @returns Fresh CopilotAuthToken with new access and refresh tokens
+   * @throws {TokenExchangeError} If the refresh request fails
+   *
+   * @example
+   * ```ts
+   * const auth = new CopilotAuth();
+   * const newToken = await auth.refreshToken(oldToken.refreshToken!);
+   * ```
+   */
+  async refreshToken(refreshToken, signal) {
+    const response = await this.fetchFn(ACCESS_TOKEN_URL, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        Accept: "application/json"
+      },
+      body: new URLSearchParams({
+        client_id: CLIENT_ID,
+        grant_type: "refresh_token",
+        refresh_token: refreshToken
+      }),
+      signal
+    });
+    if (!response.ok) {
+      throw new TokenExchangeError(
+        `Token refresh failed: ${response.status} ${response.statusText}`
+      );
+    }
+    const data = await response.json();
+    if (data.error) {
+      throw new TokenExchangeError(
+        data.error_description ?? `Token refresh error: ${data.error}`
+      );
+    }
+    if (!data.access_token) {
+      throw new TokenExchangeError("Token refresh response missing access_token");
+    }
+    const token = {
+      accessToken: data.access_token,
+      tokenType: data.token_type ?? "bearer",
+      obtainedAt: Date.now()
+    };
+    if (data.refresh_token) {
+      token.refreshToken = data.refresh_token;
+    }
+    if (data.expires_in) {
+      token.expiresIn = data.expires_in;
+    }
+    return token;
+  }
   delay(ms, signal) {
     return new Promise((resolve, reject) => {
       const timer = setTimeout(resolve, ms);
@@ -349,11 +434,184 @@ function hexEncode(bytes) {
   return Buffer.from(bytes).toString("hex");
 }
 
+// src/auth/refresh-manager.ts
+var TokenRefreshManager = class {
+  currentToken;
+  refreshFn;
+  threshold;
+  maxRetries;
+  retryDelayMs;
+  minDelayMs;
+  timerId = null;
+  running = false;
+  disposed = false;
+  listeners = {
+    refreshed: /* @__PURE__ */ new Set(),
+    error: /* @__PURE__ */ new Set(),
+    expired: /* @__PURE__ */ new Set(),
+    disposed: /* @__PURE__ */ new Set()
+  };
+  constructor(options) {
+    this.currentToken = { ...options.token };
+    this.refreshFn = options.refresh;
+    this.threshold = options.refreshThreshold ?? 0.8;
+    this.maxRetries = options.maxRetries ?? 3;
+    this.retryDelayMs = options.retryDelayMs ?? 1e3;
+    this.minDelayMs = options.minDelayMs ?? 1e3;
+  }
+  /** Register an event listener */
+  on(event, listener) {
+    this.listeners[event].add(listener);
+    return this;
+  }
+  /** Remove an event listener */
+  off(event, listener) {
+    this.listeners[event].delete(listener);
+    return this;
+  }
+  /** Current token managed by this instance */
+  get token() {
+    return { ...this.currentToken };
+  }
+  /** Whether the manager is currently running */
+  get isRunning() {
+    return this.running;
+  }
+  /** Whether the manager has been disposed */
+  get isDisposed() {
+    return this.disposed;
+  }
+  /**
+   * Start automatic refresh scheduling.
+   * If the token is already expired, emits "expired" immediately.
+   * If the token has no expiresIn, does nothing (long-lived token).
+   */
+  start() {
+    if (this.disposed) return;
+    if (this.running) return;
+    this.running = true;
+    this.schedule();
+  }
+  /** Stop automatic refresh (can be restarted with start()) */
+  stop() {
+    this.running = false;
+    this.clearTimer();
+  }
+  /**
+   * Update the managed token (e.g. after manual refresh).
+   * Reschedules automatic refresh if running.
+   */
+  updateToken(token) {
+    if (this.disposed) return;
+    this.currentToken = { ...token };
+    if (this.running) {
+      this.clearTimer();
+      this.schedule();
+    }
+  }
+  /** Stop and clean up all resources */
+  dispose() {
+    if (this.disposed) return;
+    this.stop();
+    this.disposed = true;
+    this.emit("disposed");
+    for (const set of Object.values(this.listeners)) {
+      set.clear();
+    }
+  }
+  // ─── Private ──────────────────────────────────────────────────
+  schedule() {
+    if (!this.running || this.disposed) return;
+    const delayMs = this.computeRefreshDelay();
+    if (delayMs === null) {
+      return;
+    }
+    if (delayMs <= 0) {
+      this.timerId = setTimeout(() => {
+        this.timerId = null;
+        if (!this.running || this.disposed) return;
+        void this.performRefresh();
+      }, 0);
+      return;
+    }
+    this.timerId = setTimeout(() => {
+      this.timerId = null;
+      if (!this.running || this.disposed) return;
+      void this.performRefresh();
+    }, Math.max(delayMs, this.minDelayMs));
+  }
+  async performRefresh(attempt = 1) {
+    if (!this.running || this.disposed) return;
+    try {
+      const newToken = await this.refreshFn(this.currentToken);
+      if (!this.running || this.disposed) return;
+      this.currentToken = { ...newToken };
+      this.emit("refreshed", newToken);
+      this.schedule();
+    } catch (err) {
+      if (!this.running || this.disposed) return;
+      const error = err instanceof Error ? err : new Error(String(err));
+      this.emit("error", error, attempt);
+      if (attempt < this.maxRetries) {
+        const delay = this.retryDelayMs * Math.pow(2, attempt - 1);
+        this.timerId = setTimeout(() => {
+          this.timerId = null;
+          if (!this.running || this.disposed) return;
+          void this.performRefresh(attempt + 1);
+        }, delay);
+      } else {
+        if (this.isTokenExpired()) {
+          this.running = false;
+          this.emit("expired");
+        } else {
+          const expiresIn = this.currentToken.expiresIn;
+          if (expiresIn == null) return;
+          const expiresAt = this.currentToken.obtainedAt + expiresIn * 1e3;
+          const waitMs = Math.max(expiresAt - Date.now(), this.minDelayMs);
+          this.timerId = setTimeout(() => {
+            this.timerId = null;
+            if (!this.running || this.disposed) return;
+            void this.performRefresh();
+          }, waitMs);
+        }
+      }
+    }
+  }
+  computeRefreshDelay() {
+    if (this.currentToken.expiresIn == null) return null;
+    const lifetimeMs = this.currentToken.expiresIn * 1e3;
+    const refreshAtMs = this.currentToken.obtainedAt + lifetimeMs * this.threshold;
+    const now = Date.now();
+    const delay = refreshAtMs - now;
+    return delay;
+  }
+  isTokenExpired() {
+    if (this.currentToken.expiresIn == null) return false;
+    const expiresAt = this.currentToken.obtainedAt + this.currentToken.expiresIn * 1e3;
+    return Date.now() >= expiresAt;
+  }
+  clearTimer() {
+    if (this.timerId !== null) {
+      clearTimeout(this.timerId);
+      this.timerId = null;
+    }
+  }
+  emit(event, ...args) {
+    for (const listener of this.listeners[event]) {
+      try {
+        listener(...args);
+      } catch {
+      }
+    }
+  }
+};
+
 exports.AccessDeniedError = AccessDeniedError;
 exports.AuthError = AuthError;
 exports.ClaudeAuth = ClaudeAuth;
 exports.CopilotAuth = CopilotAuth;
 exports.DeviceCodeExpiredError = DeviceCodeExpiredError;
 exports.TokenExchangeError = TokenExchangeError;
+exports.TokenRefreshManager = TokenRefreshManager;
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map