antpath 0.1.0

package/dist/template/types.d.ts

@@ -0,0 +1,67 @@
+export interface TemplateVariableDefinition {
+    type: "string";
+    default?: string | undefined;
+    description?: string | undefined;
+}
+export type CredentialRequirement = {
+    type: "static_bearer";
+    required: true;
+} | {
+    type: "oauth_access_token";
+    required: true;
+};
+export interface McpServerDefinition {
+    url: string;
+    auth?: CredentialRequirement;
+    tools?: {
+        allow?: string[] | undefined;
+        deny?: string[] | undefined;
+    };
+}
+export interface EnvironmentDefinition {
+    network?: "restricted" | "unrestricted" | {
+        type: "limited";
+        allowedHosts?: string[] | undefined;
+        allowMcpServers?: boolean | undefined;
+        allowPackageManagers?: boolean | undefined;
+    };
+    packages?: Partial<Record<"apt" | "cargo" | "gem" | "go" | "npm" | "pip", string[]>> | undefined;
+}
+export type SkillDefinition = {
+    type: "anthropic";
+    skillId: string;
+    version?: string | undefined;
+} | {
+    type: "custom";
+    skillId: string;
+    version?: string | undefined;
+} | {
+    type: "local";
+    name: string;
+    path: string;
+    mountPath?: string | undefined;
+} | {
+    type: "inline";
+    name: string;
+    content: string;
+    mountPath?: string | undefined;
+};
+export interface OutputDefinition {
+    recommendedPath?: string | undefined;
+    include?: string[] | undefined;
+}
+export interface TemplateDefinition<TVariables extends Record<string, TemplateVariableDefinition> = Record<string, TemplateVariableDefinition>> {
+    name: string;
+    model: string | {
+        id: string;
+        speed?: "standard" | "fast";
+    };
+    system?: string | undefined;
+    messages: string[];
+    variables?: TVariables | undefined;
+    mcpServers?: Record<string, McpServerDefinition> | undefined;
+    environment?: EnvironmentDefinition | undefined;
+    skills?: SkillDefinition[] | undefined;
+    outputs?: OutputDefinition | undefined;
+    metadata?: Record<string, string> | undefined;
+}

package/dist/template/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/template/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/template/types.ts"],"names":[],"mappings":""}

package/dist/types.d.ts

@@ -0,0 +1,129 @@
+import type { ResolvedTemplate } from "./template/compiler.js";
+export type CleanupPolicy = "manual" | "after-output-download" | "on-success" | "always" | "credentials-only";
+export type CredentialInput = {
+    type: "static_bearer";
+    token: string;
+} | {
+    type: "oauth_access_token";
+    accessToken: string;
+    expiresAt?: string | undefined;
+};
+export interface RunOptions {
+    variables?: Record<string, string> | undefined;
+    credentials?: Record<string, CredentialInput> | undefined;
+    timeoutMs?: number | undefined;
+    cleanupPolicy?: CleanupPolicy | undefined;
+    signal?: AbortSignal | undefined;
+    logger?: Logger | undefined;
+}
+export type RunStatus = "initializing" | "creating_provider_resources" | "running" | "idle_waiting_to_send_next_message" | "downloading_outputs" | "succeeded" | "failed" | "terminating" | "terminated" | "cleanup_pending" | "cleaned_up";
+export interface UsageSummary {
+    inputTokens?: number | undefined;
+    outputTokens?: number | undefined;
+    cacheReadInputTokens?: number | undefined;
+    cacheCreationInputTokens?: number | undefined;
+    totalTokens?: number | undefined;
+    estimatedCostUsd?: number | undefined;
+}
+export interface OutputManifestFile {
+    providerFileId: string;
+    filename: string;
+    localPath: string;
+    sizeBytes?: number | undefined;
+}
+export interface OutputManifest {
+    files: OutputManifestFile[];
+    directory: string;
+}
+export interface DownloadOutputsOptions {
+    directory: string;
+    include?: RegExp | ((file: ProviderFile) => boolean);
+    maxFiles?: number;
+    maxTotalBytes?: number;
+}
+export interface DownloadOutputsResult {
+    manifest: OutputManifest;
+}
+export interface RunResult {
+    status: Exclude<RunStatus, "initializing" | "creating_provider_resources" | "running" | "idle_waiting_to_send_next_message" | "downloading_outputs" | "cleanup_pending">;
+    templateHash: string;
+    providerIds: ProviderResourceIds;
+    usage?: UsageSummary | undefined;
+    error?: string | undefined;
+    outputManifest?: OutputManifest | undefined;
+    cleanupState: CleanupState;
+    startedAt: string;
+    endedAt: string;
+}
+export type RunEvent = {
+    type: "sdk.status";
+    status: RunStatus;
+    at: string;
+} | {
+    type: "sdk.message_sent";
+    index: number;
+    at: string;
+} | {
+    type: "sdk.cleanup";
+    operation: string;
+    status: "success" | "failed" | "skipped";
+    at: string;
+    error?: string | undefined;
+} | {
+    type: "provider.event";
+    event: ProviderEvent;
+    at: string;
+};
+export interface RunHandle {
+    status(): RunStatus;
+    streamEvents(): AsyncIterable<RunEvent>;
+    wait(): Promise<RunResult>;
+    listFiles(): Promise<ProviderFile[]>;
+    downloadFile(fileId: string, destination: string): Promise<void>;
+    downloadOutputs(options: DownloadOutputsOptions | string): Promise<DownloadOutputsResult>;
+    cleanup(policy?: CleanupPolicy | undefined): Promise<CleanupResult>;
+    terminate(reason?: string | undefined): Promise<void>;
+    usage(): Promise<UsageSummary | undefined>;
+    result(): Promise<RunResult>;
+}
+export interface Logger {
+    debug?(message: string, fields?: Record<string, unknown> | undefined): void;
+    info?(message: string, fields?: Record<string, unknown> | undefined): void;
+    warn?(message: string, fields?: Record<string, unknown> | undefined): void;
+    error?(message: string, fields?: Record<string, unknown> | undefined): void;
+}
+export interface ProviderResourceIds {
+    environmentId?: string | undefined;
+    agentId?: string | undefined;
+    vaultId?: string | undefined;
+    credentialIds: string[];
+    sessionId?: string | undefined;
+    uploadedFileIds: string[];
+}
+export interface ProviderFile {
+    id: string;
+    filename: string;
+    sizeBytes?: number | undefined;
+    downloadable?: boolean | undefined;
+}
+export interface ProviderEvent {
+    type: string;
+    id?: string | undefined;
+    created_at?: string | undefined;
+    [key: string]: unknown;
+}
+export interface CleanupOperation {
+    operation: string;
+    id?: string | undefined;
+    status: "success" | "failed" | "skipped";
+    error?: string | undefined;
+}
+export interface CleanupResult {
+    operations: CleanupOperation[];
+    state: CleanupState;
+}
+export type CleanupState = "not_started" | "pending" | "partial" | "cleaned_up";
+export interface ProviderRunResources {
+    ids: ProviderResourceIds;
+    template: ResolvedTemplate;
+}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/utils/events.d.ts

@@ -0,0 +1,6 @@
+export declare class AsyncEventBus<T> {
+    #private;
+    emit(event: T): void;
+    close(): void;
+    stream(): AsyncIterable<T>;
+}

package/dist/utils/events.js

@@ -0,0 +1,41 @@
+export class AsyncEventBus {
+    #history = [];
+    #waiters = [];
+    #closed = false;
+    emit(event) {
+        if (this.#closed) {
+            return;
+        }
+        this.#history.push(event);
+        const waiter = this.#waiters.shift();
+        if (waiter) {
+            waiter({ value: event, done: false });
+        }
+    }
+    close() {
+        this.#closed = true;
+        for (const waiter of this.#waiters.splice(0)) {
+            waiter({ value: undefined, done: true });
+        }
+    }
+    stream() {
+        const self = this;
+        return {
+            async *[Symbol.asyncIterator]() {
+                let index = 0;
+                while (index < self.#history.length) {
+                    yield self.#history[index++];
+                }
+                while (!self.#closed) {
+                    const next = await new Promise((resolve) => self.#waiters.push(resolve));
+                    if (next.done) {
+                        return;
+                    }
+                    index++;
+                    yield next.value;
+                }
+            }
+        };
+    }
+}
+//# sourceMappingURL=events.js.map

package/dist/utils/events.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.js","sourceRoot":"","sources":["../../src/utils/events.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,aAAa;IACf,QAAQ,GAAQ,EAAE,CAAC;IACnB,QAAQ,GAA8C,EAAE,CAAC;IAClE,OAAO,GAAG,KAAK,CAAC;IAEhB,IAAI,CAAC,KAAQ;QACX,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACrC,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,KAAK;QACH,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7C,MAAM,CAAC,EAAE,KAAK,EAAE,SAAc,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,MAAM;QACJ,MAAM,IAAI,GAAG,IAAI,CAAC;QAClB,OAAO;YACL,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC;gBAC3B,IAAI,KAAK,GAAG,CAAC,CAAC;gBACd,OAAO,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACpC,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAM,CAAC;gBACpC,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;oBACrB,MAAM,IAAI,GAAG,MAAM,IAAI,OAAO,CAAoB,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;oBAC5F,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;wBACd,OAAO;oBACT,CAAC;oBACD,KAAK,EAAE,CAAC;oBACR,MAAM,IAAI,CAAC,KAAK,CAAC;gBACnB,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF"}

package/dist/utils/paths.d.ts

@@ -0,0 +1,3 @@
+export declare function sanitizeFilename(filename: string): string;
+export declare function safeDestination(directory: string, filename: string): string;
+export declare function writeFileSafe(directory: string, filename: string, content: Uint8Array): Promise<string>;

package/dist/utils/paths.js

@@ -0,0 +1,21 @@
+import { mkdir, writeFile } from "node:fs/promises";
+import { basename, join, resolve } from "node:path";
+export function sanitizeFilename(filename) {
+    const base = basename(filename).replace(/[\u0000-\u001f<>:"/\\|?*]+/g, "_").trim();
+    return base.length === 0 || base === "." || base === ".." ? "download" : base;
+}
+export function safeDestination(directory, filename) {
+    const root = resolve(directory);
+    const destination = resolve(join(root, sanitizeFilename(filename)));
+    if (!destination.startsWith(root)) {
+        throw new Error(`Unsafe output path for ${filename}`);
+    }
+    return destination;
+}
+export async function writeFileSafe(directory, filename, content) {
+    await mkdir(directory, { recursive: true });
+    const destination = safeDestination(directory, filename);
+    await writeFile(destination, content);
+    return destination;
+}
+//# sourceMappingURL=paths.js.map

package/dist/utils/paths.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.js","sourceRoot":"","sources":["../../src/utils/paths.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpD,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACnF,OAAO,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;AAChF,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,SAAiB,EAAE,QAAgB;IACjE,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACpE,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,EAAE,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,SAAiB,EAAE,QAAgB,EAAE,OAAmB;IAC1F,MAAM,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAG,eAAe,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACzD,MAAM,SAAS,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACtC,OAAO,WAAW,CAAC;AACrB,CAAC"}

package/dist/utils/secrets.d.ts

@@ -0,0 +1,10 @@
+export declare class SecretString {
+    #private;
+    constructor(value: string, label?: string);
+    unwrap(): string;
+    toString(): string;
+    toJSON(): string;
+}
+export declare function redactSecrets<T>(value: T): T;
+export declare function redactString(input: string): string;
+export declare function containsSecretLikeValue(input: string): boolean;

package/dist/utils/secrets.js

@@ -0,0 +1,59 @@
+const SECRET_PATTERNS = [
+    /sk-ant-[A-Za-z0-9_\-]{16,}/g,
+    /sk-[A-Za-z0-9_\-]{20,}/g,
+    /xox[pbar]-[A-Za-z0-9\-]{10,}/g,
+    /(?:bearer|token|api[_-]?key|access[_-]?token|refresh[_-]?token|client[_-]?secret)["'\s:=]+[A-Za-z0-9_\-./+=]{12,}/gi
+];
+const REDACTED = "[REDACTED]";
+export class SecretString {
+    #value;
+    constructor(value, label = "secret") {
+        if (!value) {
+            throw new Error(`${label} is required`);
+        }
+        this.#value = value;
+    }
+    unwrap() {
+        return this.#value;
+    }
+    toString() {
+        return REDACTED;
+    }
+    toJSON() {
+        return REDACTED;
+    }
+}
+export function redactSecrets(value) {
+    if (typeof value === "string") {
+        return redactString(value);
+    }
+    if (Array.isArray(value)) {
+        return value.map((item) => redactSecrets(item));
+    }
+    if (value && typeof value === "object") {
+        const out = {};
+        for (const [key, item] of Object.entries(value)) {
+            if (isSecretKey(key)) {
+                out[key] = REDACTED;
+            }
+            else {
+                out[key] = redactSecrets(item);
+            }
+        }
+        return out;
+    }
+    return value;
+}
+export function redactString(input) {
+    return SECRET_PATTERNS.reduce((current, pattern) => current.replace(pattern, REDACTED), input);
+}
+export function containsSecretLikeValue(input) {
+    return SECRET_PATTERNS.some((pattern) => {
+        pattern.lastIndex = 0;
+        return pattern.test(input);
+    });
+}
+function isSecretKey(key) {
+    return /(?:api[_-]?key|authorization|token|secret|password|credential)/i.test(key);
+}
+//# sourceMappingURL=secrets.js.map

package/dist/utils/secrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/utils/secrets.ts"],"names":[],"mappings":"AAAA,MAAM,eAAe,GAAG;IACtB,6BAA6B;IAC7B,yBAAyB;IACzB,+BAA+B;IAC/B,qHAAqH;CACtH,CAAC;AAEF,MAAM,QAAQ,GAAG,YAAY,CAAC;AAE9B,MAAM,OAAO,YAAY;IACd,MAAM,CAAS;IAExB,YAAY,KAAa,EAAE,KAAK,GAAG,QAAQ;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,cAAc,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,QAAQ;QACN,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM;QACJ,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AAED,MAAM,UAAU,aAAa,CAAI,KAAQ;IACvC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,YAAY,CAAC,KAAK,CAAM,CAAC;IAClC,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAM,CAAC;IACvD,CAAC;IACD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAChD,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QACD,OAAO,GAAQ,CAAC;IAClB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,KAAK,CAAC,CAAC;AACjG,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,KAAa;IACnD,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QACtC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,iEAAiE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACrF,CAAC"}

package/dist/utils/stable.d.ts

@@ -0,0 +1,2 @@
+export declare function stableStringify(value: unknown): string;
+export declare function sha256(value: unknown): string;

package/dist/utils/stable.js

@@ -0,0 +1,20 @@
+import { createHash } from "node:crypto";
+export function stableStringify(value) {
+    return JSON.stringify(sortValue(value));
+}
+export function sha256(value) {
+    return createHash("sha256").update(typeof value === "string" ? value : stableStringify(value)).digest("hex");
+}
+function sortValue(value) {
+    if (Array.isArray(value)) {
+        return value.map(sortValue);
+    }
+    if (value && typeof value === "object") {
+        return Object.fromEntries(Object.entries(value)
+            .filter(([, item]) => item !== undefined)
+            .sort(([a], [b]) => a.localeCompare(b))
+            .map(([key, item]) => [key, sortValue(item)]));
+    }
+    return value;
+}
+//# sourceMappingURL=stable.js.map

package/dist/utils/stable.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stable.js","sourceRoot":"","sources":["../../src/utils/stable.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,UAAU,eAAe,CAAC,KAAc;IAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,KAAc;IACnC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC/G,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9B,CAAC;IACD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;aAClB,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,KAAK,SAAS,CAAC;aACxC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;aACtC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAChD,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/docs/cleanup.md

@@ -0,0 +1,15 @@
+---
+title: Cleanup
+---
+
+# Cleanup
+
+Cleanup is manual by default:
+
+```ts
+await handle.cleanup();
+```
+
+This preserves provider-side files/events for inspection and avoids deleting outputs before users download them.
+
+If the SDK process exits before cleanup, provider resources may remain in the user's provider workspace. The result includes provider IDs so a future cleanup helper can recover orphaned resources when the caller recreates a Client with the same key.

package/docs/credentials.md

@@ -0,0 +1,23 @@
+---
+title: Credentials
+---
+
+# Credentials
+
+antpath does not store provider keys or MCP credential values.
+
+The caller creates `AntpathClient` with a provider key. MCP credentials are passed at run time and validated against Template requirements.
+
+MVP credential types:
+
+- `static_bearer`;
+- `oauth_access_token`.
+
+Unsupported in MVP:
+
+- arbitrary headers;
+- OAuth refresh;
+- persisted antpath vault;
+- antpath MCP proxy.
+
+For Claude Managed Agents, the SDK creates per-run provider vault credentials and tracks provider IDs for cleanup.

package/docs/mcp.md

@@ -0,0 +1,18 @@
+---
+title: MCP
+---
+
+# MCP
+
+MVP MCP support is provider-native remote HTTPS MCP only.
+
+Rules:
+
+- MCP servers are declared in Templates.
+- Runtime HITL is disabled.
+- Tool policy must be configured before session start.
+- Enabled MCP tools use `always_allow` provider permissions.
+- `always_ask` is not used by antpath MVP.
+- Only provider-native bearer/OAuth auth is supported.
+
+Use allowlists for sensitive servers whenever possible.

package/docs/outputs.md

@@ -0,0 +1,16 @@
+---
+title: Outputs
+---
+
+# Outputs
+
+`downloadOutputs()` downloads all session-scoped provider files by default.
+
+`/antpath/outputs` is a recommended convention, not a provider default. Templates may instruct agents to write important artifacts there, but MVP output download still uses session-scoped files.
+
+Safety rules:
+
+- filenames are sanitized;
+- downloads stay within the requested local directory;
+- max file count and max total bytes are enforced;
+- manifests contain provider file IDs, local paths, names, and sizes only.

package/docs/quickstart.md

@@ -0,0 +1,13 @@
+---
+title: antpath quickstart
+---
+
+# Quickstart
+
+1. Put `ANTHROPIC_API_KEY` in `.env.local`.
+2. Define a secret-free Template in TypeScript.
+3. Create `AntpathClient`.
+4. Run the Template.
+5. Wait, download files, then call `cleanup()`.
+
+See `README.md` for a minimal example.

package/docs/release.md

@@ -0,0 +1,22 @@
+---
+title: Release
+---
+
+# Release
+
+CI runs on pull requests and pushes to `main`.
+
+Publishing runs when a GitHub release is published, or when the publish workflow is manually dispatched.
+
+Repository setup required:
+
+1. Create or reserve the `antpath` package on npm.
+2. Add a Trusted Publisher for this GitHub repository.
+3. Set **Organization or user** to `weilueluo`.
+4. Set **Repository** to `antpath`.
+5. Set **Workflow filename** to `publish.yml`.
+6. Leave **Environment name** empty unless the workflow uses a matching GitHub Actions environment.
+7. Update `package.json` version before publishing a release.
+8. Publish a GitHub release for that version.
+
+The publish workflow uses GitHub OIDC through `id-token: write`; it does not require an npm token secret. It runs type-checks, tests, build, then `npm publish --provenance`.

package/docs/skills.md

@@ -0,0 +1,16 @@
+---
+title: Skills
+---
+
+# Skills
+
+MVP skill inputs:
+
+- provider-managed Anthropic skills;
+- existing custom provider skill IDs;
+- local files/directories uploaded as session resources;
+- inline skill content uploaded as session resources.
+
+Local directories are packaged as zip files and mounted under `/antpath/skills/` unless overridden.
+
+Inline skills are uploaded as markdown files and mounted under `/antpath/skills/` unless overridden.

package/docs/templates.md

@@ -0,0 +1,24 @@
+---
+title: Templates
+---
+
+# Templates
+
+Templates are code-defined, immutable, secret-free run configurations.
+
+Allowed Template content:
+
+- model;
+- system prompt;
+- queued user messages;
+- typed variables;
+- MCP server declarations;
+- MCP tool allow/deny policy;
+- environment package and network configuration;
+- inline/local/provider skills;
+- output conventions;
+- non-secret metadata.
+
+Variables use `{{name}}` and are resolved before provider calls. Use `\{{name}}` for a literal placeholder.
+
+Secrets must not appear in Templates. Pass credentials through `run({ credentials })`.

package/docs/testing.md

@@ -0,0 +1,27 @@
+---
+title: Testing
+---
+
+# Testing
+
+antpath uses test-first development.
+
+Commands:
+
+```text
+npm run test:unit
+npm run test:integration:components
+npm run test:integration:api
+npm run test:e2e:live
+```
+
+Live tests require `.env.local` and `RUN_LIVE_ANTPATH_TESTS=1`.
+
+Recorded API fixtures are created with:
+
+```text
+npm run fixtures:record:anthropic
+npm run fixtures:sanitize
+```
+
+Raw fixtures and secret-shaped fixture files are ignored.

package/examples/mcp-static-bearer.ts

@@ -0,0 +1,30 @@
+import { AntpathClient, defineTemplate, requiredStaticBearer } from "antpath";
+
+const client = new AntpathClient({
+  anthropicApiKey: process.env.ANTHROPIC_API_KEY
+});
+
+const template = defineTemplate({
+  name: "mcp-static-bearer",
+  model: "claude-haiku-4-5",
+  messages: ["List the relevant records and summarize them."],
+  mcpServers: {
+    example: {
+      url: "https://mcp.example.com/mcp",
+      auth: requiredStaticBearer(),
+      tools: { allow: ["search", "fetch"] }
+    }
+  }
+});
+
+const handle = await client.run(template, {
+  credentials: {
+    example: {
+      type: "static_bearer",
+      token: process.env.EXAMPLE_MCP_TOKEN ?? ""
+    }
+  }
+});
+
+await handle.wait();
+await handle.cleanup();

package/examples/quickstart.ts

@@ -0,0 +1,23 @@
+import { AntpathClient, defineTemplate, string } from "antpath";
+
+const client = new AntpathClient({
+  anthropicApiKey: process.env.ANTHROPIC_API_KEY
+});
+
+const template = defineTemplate({
+  name: "quickstart",
+  model: "claude-haiku-4-5",
+  system: "You are a concise automation agent.",
+  messages: ["Write a short answer about {{topic}}."],
+  variables: {
+    topic: string()
+  }
+});
+
+const handle = await client.run(template, {
+  variables: { topic: "test-first SDK design" }
+});
+
+const result = await handle.wait();
+console.log(result.status);
+await handle.cleanup();