antpath 0.2.1 → 0.4.0

package/dist/_shared/submission.js

@@ -0,0 +1,681 @@
+import { authShapeHeaderName, PROXY_ALLOWED_METHODS, PROXY_RESPONSE_MODES } from "./proxy-protocol.js";
+const SECRETS_KEY = "secrets";
+/**
+ * Default caps for a proxy endpoint when the submission doesn't specify
+ * one. Conservative on purpose. Operators can override the platform-
+ * wide ceiling through env vars (see `references/environment-variables.md`).
+ */
+export const PROXY_ENDPOINT_DEFAULTS = {
+    allowHeaders: [],
+    responseMode: "headers_only",
+    maxRequestBytes: 64 * 1024,
+    maxResponseBytes: 1024 * 1024,
+    timeoutMs: 10_000,
+    perCallBudget: 60,
+    responseByteBudget: 1024 * 1024
+};
+const PROXY_ENDPOINT_NAME_PATTERN = /^[a-z][a-z0-9_-]{0,62}$/;
+const RESERVED_PROXY_ENDPOINT_NAMES = new Set(["proxy", "antpath", "internal", "admin"]);
+/**
+ * Headers the proxy never lets through, regardless of policy. Lowercase.
+ * Anything that could re-introduce credentials, cookies, or routing
+ * primitives. Kept in lockstep with the proxy route's reject list.
+ */
+const PROXY_DENY_HEADER_LIST = new Set([
+    "authorization",
+    "cookie",
+    "set-cookie",
+    "proxy-authorization",
+    "host",
+    "content-length",
+    "transfer-encoding",
+    "connection",
+    "upgrade",
+    "expect",
+    "x-forwarded-for",
+    "x-forwarded-host",
+    "x-forwarded-proto",
+    "x-real-ip"
+]);
+const deniedSecretFields = new Set([
+    "providerApiKey",
+    "anthropicApiKey",
+    "apiKey",
+    "accessToken",
+    "refreshToken",
+    "password",
+    "mcpCredentials",
+    "credentials"
+]);
+export function parseRunSubmissionRequest(input) {
+    const value = requireRecord(input, "submission");
+    // The `secrets` block at the top level is the single allowlisted carrier
+    // for credential material. Every other top-level field is recursively
+    // scanned for secret-bearing keys; the `secrets` block has its own strict
+    // schema (no unknown keys, no nested credential leakage).
+    for (const [key, fieldValue] of Object.entries(value)) {
+        if (key === SECRETS_KEY) {
+            continue;
+        }
+        if (deniedSecretFields.has(key)) {
+            throw new Error(`Secret-bearing field is not allowed in platform submission: ${key}`);
+        }
+        assertNoSecretBearingFields(fieldValue, [key]);
+    }
+    const variables = optionalJsonRecord(value.variables, "variables");
+    const cleanup = parseCleanupPolicy(value.cleanup);
+    const proxyEndpoints = parseProxyEndpoints(value.proxyEndpoints);
+    const secrets = parseInlineSecrets(value.secrets);
+    crossValidateProxyEndpointsAndAuth(proxyEndpoints, secrets.proxyEndpointAuth);
+    return {
+        workspaceId: requireString(value.workspaceId, "workspaceId"),
+        idempotencyKey: requireString(value.idempotencyKey, "idempotencyKey"),
+        template: parseTemplate(value.template),
+        ...(variables ? { variables } : {}),
+        ...(cleanup ? { cleanup } : {}),
+        ...(proxyEndpoints ? { proxyEndpoints } : {}),
+        secrets
+    };
+}
+function parseTemplate(input) {
+    const value = requireRecord(input, "template");
+    const system = optionalString(value.system, "template.system");
+    const metadata = optionalJsonRecord(value.metadata, "template.metadata");
+    const environment = parseTemplateEnvironment(value.environment);
+    return {
+        name: requireString(value.name, "template.name"),
+        model: requireString(value.model, "template.model"),
+        templateHash: requireString(value.templateHash, "template.templateHash"),
+        messages: requireStringArray(value.messages, "template.messages"),
+        ...(system ? { system } : {}),
+        ...(metadata ? { metadata } : {}),
+        ...(environment ? { environment } : {})
+    };
+}
+function parseTemplateEnvironment(input) {
+    if (input === undefined) {
+        return undefined;
+    }
+    const value = requireRecord(input, "template.environment");
+    const allowed = new Set(["networking", "packages"]);
+    for (const key of Object.keys(value)) {
+        if (!allowed.has(key)) {
+            throw new Error(`template.environment.${key} is not an allowed field; permitted: networking, packages`);
+        }
+    }
+    const networking = parseTemplateNetworking(value.networking);
+    const packages = parseTemplatePackages(value.packages);
+    if (!networking && !packages) {
+        return undefined;
+    }
+    return {
+        ...(networking ? { networking } : {}),
+        ...(packages ? { packages } : {})
+    };
+}
+function parseTemplateNetworking(input) {
+    if (input === undefined) {
+        return undefined;
+    }
+    const value = requireRecord(input, "template.environment.networking");
+    const allowed = new Set(["mode", "allowedHosts"]);
+    for (const key of Object.keys(value)) {
+        if (!allowed.has(key)) {
+            throw new Error(`template.environment.networking.${key} is not an allowed field; permitted: mode, allowedHosts`);
+        }
+    }
+    const mode = optionalEnum(value.mode, "template.environment.networking.mode", ["limited", "open"]);
+    if (!mode) {
+        throw new Error("template.environment.networking.mode is required when networking is provided");
+    }
+    const allowedHosts = parseAllowedHosts(value.allowedHosts);
+    return allowedHosts ? { mode, allowedHosts } : { mode };
+}
+function parseAllowedHosts(input) {
+    if (input === undefined) {
+        return undefined;
+    }
+    if (!Array.isArray(input)) {
+        throw new Error("template.environment.networking.allowedHosts must be an array of strings");
+    }
+    const seen = new Set();
+    return input.map((entry, index) => {
+        if (typeof entry !== "string" || entry.length === 0) {
+            throw new Error(`template.environment.networking.allowedHosts[${index}] must be a non-empty string`);
+        }
+        const lower = entry.toLowerCase();
+        if (seen.has(lower)) {
+            throw new Error(`template.environment.networking.allowedHosts duplicate entry: ${entry}`);
+        }
+        seen.add(lower);
+        return lower;
+    });
+}
+function parseTemplatePackages(input) {
+    if (input === undefined) {
+        return undefined;
+    }
+    if (!Array.isArray(input)) {
+        throw new Error("template.environment.packages must be an array");
+    }
+    return input.map((entry, index) => {
+        const value = requireRecord(entry, `template.environment.packages[${index}]`);
+        const allowed = new Set(["name", "version"]);
+        for (const key of Object.keys(value)) {
+            if (!allowed.has(key)) {
+                throw new Error(`template.environment.packages[${index}].${key} is not an allowed field; permitted: name, version`);
+            }
+        }
+        const name = requireString(value.name, `template.environment.packages[${index}].name`);
+        const version = optionalString(value.version, `template.environment.packages[${index}].version`);
+        return version ? { name, version } : { name };
+    });
+}
+function parseProxyEndpoints(input) {
+    if (input === undefined) {
+        return undefined;
+    }
+    if (!Array.isArray(input)) {
+        throw new Error("proxyEndpoints must be an array");
+    }
+    if (input.length === 0) {
+        return undefined;
+    }
+    const seen = new Set();
+    return input.map((entry, index) => {
+        const endpoint = parseProxyEndpoint(entry, `proxyEndpoints[${index}]`);
+        if (seen.has(endpoint.name)) {
+            throw new Error(`proxyEndpoints duplicate name: ${endpoint.name}`);
+        }
+        seen.add(endpoint.name);
+        return endpoint;
+    });
+}
+function parseProxyEndpoint(input, path) {
+    const value = requireRecord(input, path);
+    const allowed = new Set([
+        "name",
+        "baseUrl",
+        "authShape",
+        "allowMethods",
+        "allowPathPrefixes",
+        "allowHeaders",
+        "responseMode",
+        "maxRequestBytes",
+        "maxResponseBytes",
+        "timeoutMs",
+        "perCallBudget",
+        "responseByteBudget"
+    ]);
+    for (const key of Object.keys(value)) {
+        if (!allowed.has(key)) {
+            throw new Error(`${path}.${key} is not an allowed field`);
+        }
+    }
+    const name = requireString(value.name, `${path}.name`);
+    if (!PROXY_ENDPOINT_NAME_PATTERN.test(name)) {
+        throw new Error(`${path}.name must match ${PROXY_ENDPOINT_NAME_PATTERN} (lowercase letters, digits, '_' and '-'; <=63 chars)`);
+    }
+    if (RESERVED_PROXY_ENDPOINT_NAMES.has(name)) {
+        throw new Error(`${path}.name is reserved: ${name}`);
+    }
+    const baseUrl = parseProxyBaseUrl(value.baseUrl, `${path}.baseUrl`);
+    const authShape = parseProxyAuthShape(value.authShape, `${path}.authShape`);
+    const allowMethods = parseProxyMethods(value.allowMethods, `${path}.allowMethods`);
+    const allowPathPrefixes = parseProxyPathPrefixes(value.allowPathPrefixes, `${path}.allowPathPrefixes`);
+    const allowHeaders = parseProxyAllowedHeaders(value.allowHeaders, `${path}.allowHeaders`, authShape);
+    const responseMode = optionalEnum(value.responseMode, `${path}.responseMode`, PROXY_RESPONSE_MODES);
+    const maxRequestBytes = optionalPositiveInt(value.maxRequestBytes, `${path}.maxRequestBytes`);
+    const maxResponseBytes = optionalPositiveInt(value.maxResponseBytes, `${path}.maxResponseBytes`);
+    const timeoutMs = optionalPositiveInt(value.timeoutMs, `${path}.timeoutMs`);
+    const perCallBudget = optionalPositiveInt(value.perCallBudget, `${path}.perCallBudget`);
+    const responseByteBudget = optionalPositiveInt(value.responseByteBudget, `${path}.responseByteBudget`);
+    return {
+        name,
+        baseUrl,
+        authShape,
+        allowMethods,
+        allowPathPrefixes,
+        ...(allowHeaders ? { allowHeaders } : {}),
+        ...(responseMode ? { responseMode } : {}),
+        ...(maxRequestBytes !== undefined ? { maxRequestBytes } : {}),
+        ...(maxResponseBytes !== undefined ? { maxResponseBytes } : {}),
+        ...(timeoutMs !== undefined ? { timeoutMs } : {}),
+        ...(perCallBudget !== undefined ? { perCallBudget } : {}),
+        ...(responseByteBudget !== undefined ? { responseByteBudget } : {})
+    };
+}
+function parseProxyBaseUrl(input, field) {
+    const raw = requireString(input, field);
+    let parsed;
+    try {
+        parsed = new URL(raw);
+    }
+    catch {
+        throw new Error(`${field} must be a valid absolute URL`);
+    }
+    if (parsed.protocol !== "https:") {
+        throw new Error(`${field} must use https://`);
+    }
+    if (parsed.username || parsed.password) {
+        throw new Error(`${field} must not embed credentials`);
+    }
+    if (parsed.search || parsed.hash) {
+        throw new Error(`${field} must not include a query string or fragment`);
+    }
+    // Normalize: strip trailing slash so prefix matching is predictable.
+    const normalized = `${parsed.origin}${parsed.pathname.replace(/\/+$/, "")}`;
+    return normalized;
+}
+function parseProxyAuthShape(input, field) {
+    const value = requireRecord(input, field);
+    const type = requireString(value.type, `${field}.type`);
+    switch (type) {
+        case "bearer":
+            assertOnlyKeys(value, field, ["type"]);
+            return { type: "bearer" };
+        case "basic":
+            assertOnlyKeys(value, field, ["type"]);
+            return { type: "basic" };
+        case "header": {
+            assertOnlyKeys(value, field, ["type", "name"]);
+            const name = requireString(value.name, `${field}.name`);
+            assertHeaderName(name, `${field}.name`);
+            return { type: "header", name };
+        }
+        case "query": {
+            assertOnlyKeys(value, field, ["type", "name"]);
+            const name = requireString(value.name, `${field}.name`);
+            if (!/^[a-zA-Z0-9_\-.]{1,64}$/.test(name)) {
+                throw new Error(`${field}.name must be a URL-safe identifier (<=64 chars)`);
+            }
+            return { type: "query", name };
+        }
+        default:
+            throw new Error(`${field}.type must be one of: bearer, basic, header, query`);
+    }
+}
+function parseProxyMethods(input, field) {
+    if (!Array.isArray(input) || input.length === 0) {
+        throw new Error(`${field} must be a non-empty array of HTTP methods`);
+    }
+    const seen = new Set();
+    for (const entry of input) {
+        if (typeof entry !== "string") {
+            throw new Error(`${field} entries must be strings`);
+        }
+        const upper = entry.toUpperCase();
+        if (!PROXY_ALLOWED_METHODS.includes(upper)) {
+            throw new Error(`${field} contains unsupported method: ${entry}`);
+        }
+        seen.add(upper);
+    }
+    return Array.from(seen);
+}
+function parseProxyPathPrefixes(input, field) {
+    if (!Array.isArray(input) || input.length === 0) {
+        throw new Error(`${field} must be a non-empty array of path prefixes`);
+    }
+    const seen = new Set();
+    for (const entry of input) {
+        if (typeof entry !== "string" || !entry.startsWith("/")) {
+            throw new Error(`${field} entries must be non-empty strings starting with '/'`);
+        }
+        // Reject traversal / encoded traversal at config time so we never
+        // need to second-guess at request time.
+        if (entry.includes("..") || entry.toLowerCase().includes("%2e%2e")) {
+            throw new Error(`${field} entry must not contain path traversal: ${entry}`);
+        }
+        seen.add(entry);
+    }
+    return Array.from(seen);
+}
+function parseProxyAllowedHeaders(input, field, authShape) {
+    if (input === undefined) {
+        return undefined;
+    }
+    if (!Array.isArray(input)) {
+        throw new Error(`${field} must be an array of header names`);
+    }
+    const seen = new Set();
+    const result = [];
+    for (const entry of input) {
+        if (typeof entry !== "string" || entry.length === 0) {
+            throw new Error(`${field} entries must be non-empty strings`);
+        }
+        const lower = entry.toLowerCase();
+        assertHeaderName(entry, field);
+        if (PROXY_DENY_HEADER_LIST.has(lower)) {
+            throw new Error(`${field} contains a forbidden header: ${entry}`);
+        }
+        const authHeader = authShapeHeaderName(authShape);
+        if (authHeader && lower === authHeader) {
+            throw new Error(`${field} must not contain the auth header for this endpoint (${authHeader}); the proxy injects it from secrets.proxyEndpointAuth`);
+        }
+        if (seen.has(lower)) {
+            continue;
+        }
+        seen.add(lower);
+        result.push(lower);
+    }
+    return result;
+}
+function assertHeaderName(value, field) {
+    // RFC 7230 token chars, conservative.
+    if (!/^[A-Za-z0-9!#$%&'*+\-.^_`|~]{1,64}$/.test(value)) {
+        throw new Error(`${field} must be a valid header token (<=64 chars): ${value}`);
+    }
+}
+function assertOnlyKeys(value, field, allowed) {
+    const permitted = new Set(allowed);
+    for (const key of Object.keys(value)) {
+        if (!permitted.has(key)) {
+            throw new Error(`${field}.${key} is not an allowed field; permitted: ${allowed.join(", ")}`);
+        }
+    }
+}
+function crossValidateProxyEndpointsAndAuth(endpoints, auth) {
+    const endpointsList = endpoints ?? [];
+    const authList = auth ?? [];
+    const endpointsByName = new Map(endpointsList.map((e) => [e.name, e]));
+    const authByName = new Map(authList.map((a) => [a.name, a]));
+    for (const endpoint of endpointsList) {
+        const authEntry = authByName.get(endpoint.name);
+        if (!authEntry) {
+            throw new Error(`proxyEndpoints[${endpoint.name}] has no matching secrets.proxyEndpointAuth entry`);
+        }
+        if (authEntry.value.type !== endpoint.authShape.type) {
+            throw new Error(`secrets.proxyEndpointAuth[${endpoint.name}].value.type must equal proxyEndpoints[${endpoint.name}].authShape.type (expected ${endpoint.authShape.type}, got ${authEntry.value.type})`);
+        }
+    }
+    for (const authEntry of authList) {
+        if (!endpointsByName.has(authEntry.name)) {
+            throw new Error(`secrets.proxyEndpointAuth[${authEntry.name}] has no matching proxyEndpoints entry`);
+        }
+    }
+}
+function parseCleanupPolicy(input) {
+    if (input === undefined) {
+        return undefined;
+    }
+    const value = requireRecord(input, "cleanup");
+    const session = optionalEnum(value.session, "cleanup.session", ["retain", "delete"]);
+    const claudeSession = optionalEnum(value.claudeSession, "cleanup.claudeSession", ["retain", "delete"]);
+    if (session !== undefined && claudeSession !== undefined && session !== claudeSession) {
+        throw new Error("cleanup.session and cleanup.claudeSession must agree; cleanup.claudeSession is deprecated");
+    }
+    const resolved = session ?? claudeSession;
+    if (resolved === undefined) {
+        return undefined;
+    }
+    const policy = { session: resolved };
+    if (claudeSession !== undefined) {
+        return { ...policy, claudeSession: resolved };
+    }
+    return policy;
+}
+function parseInlineSecrets(input) {
+    const value = requireRecord(input, "secrets");
+    const allowedTopLevel = new Set(["anthropic", "mcpServers", "skills", "proxyEndpointAuth"]);
+    for (const key of Object.keys(value)) {
+        if (key.startsWith("__antpath_")) {
+            // Platform-internal namespace (e.g. __antpath_proxy_token). The BFF
+            // mutates the vaulted bundle to inject these; inbound submissions
+            // are never allowed to set them, to prevent a malicious caller
+            // from forging the bearer.
+            throw new Error(`secrets.${key} uses the platform-internal __antpath_ namespace and may not be set by callers`);
+        }
+        if (!allowedTopLevel.has(key)) {
+            throw new Error(`secrets.${key} is not an allowed field; permitted: anthropic, mcpServers, skills, proxyEndpointAuth`);
+        }
+    }
+    const anthropic = parseAnthropicSecret(value.anthropic);
+    const mcpServers = parseMcpServers(value.mcpServers);
+    const skills = parseSkills(value.skills);
+    const proxyEndpointAuth = parseProxyEndpointAuth(value.proxyEndpointAuth);
+    return {
+        anthropic,
+        ...(mcpServers ? { mcpServers } : {}),
+        ...(skills ? { skills } : {}),
+        ...(proxyEndpointAuth ? { proxyEndpointAuth } : {})
+    };
+}
+function parseAnthropicSecret(input) {
+    const value = requireRecord(input, "secrets.anthropic");
+    const allowed = new Set(["apiKey", "baseUrl"]);
+    for (const key of Object.keys(value)) {
+        if (!allowed.has(key)) {
+            throw new Error(`secrets.anthropic.${key} is not an allowed field; permitted: apiKey, baseUrl`);
+        }
+    }
+    const apiKey = requireString(value.apiKey, "secrets.anthropic.apiKey");
+    const baseUrl = optionalString(value.baseUrl, "secrets.anthropic.baseUrl");
+    return baseUrl ? { apiKey, baseUrl } : { apiKey };
+}
+function parseMcpServers(input) {
+    if (input === undefined) {
+        return undefined;
+    }
+    if (!Array.isArray(input)) {
+        throw new Error("secrets.mcpServers must be an array");
+    }
+    return input.map((entry, index) => parseMcpServer(entry, `secrets.mcpServers[${index}]`));
+}
+function parseMcpServer(input, path) {
+    const value = requireRecord(input, path);
+    const allowed = new Set(["name", "url", "headers"]);
+    for (const key of Object.keys(value)) {
+        if (!allowed.has(key)) {
+            throw new Error(`${path}.${key} is not an allowed field; permitted: name, url, headers`);
+        }
+    }
+    const name = requireString(value.name, `${path}.name`);
+    const url = requireString(value.url, `${path}.url`);
+    const headers = optionalStringRecord(value.headers, `${path}.headers`);
+    return headers ? { name, url, headers } : { name, url };
+}
+function parseSkills(input) {
+    if (input === undefined) {
+        return undefined;
+    }
+    if (!Array.isArray(input)) {
+        throw new Error("secrets.skills must be an array");
+    }
+    return input.map((entry, index) => parseSkill(entry, `secrets.skills[${index}]`));
+}
+function parseSkill(input, path) {
+    const value = requireRecord(input, path);
+    const allowed = new Set(["skillId", "version"]);
+    for (const key of Object.keys(value)) {
+        if (!allowed.has(key)) {
+            throw new Error(`${path}.${key} is not an allowed field; permitted: skillId, version`);
+        }
+    }
+    const skillId = requireString(value.skillId, `${path}.skillId`);
+    const version = optionalString(value.version, `${path}.version`);
+    return version ? { skillId, version } : { skillId };
+}
+function parseProxyEndpointAuth(input) {
+    if (input === undefined) {
+        return undefined;
+    }
+    if (!Array.isArray(input)) {
+        throw new Error("secrets.proxyEndpointAuth must be an array");
+    }
+    if (input.length === 0) {
+        return undefined;
+    }
+    const seen = new Set();
+    return input.map((entry, index) => {
+        const auth = parseProxyEndpointAuthEntry(entry, `secrets.proxyEndpointAuth[${index}]`);
+        if (seen.has(auth.name)) {
+            throw new Error(`secrets.proxyEndpointAuth duplicate name: ${auth.name}`);
+        }
+        seen.add(auth.name);
+        return auth;
+    });
+}
+function parseProxyEndpointAuthEntry(input, path) {
+    const value = requireRecord(input, path);
+    const allowed = new Set(["name", "value"]);
+    for (const key of Object.keys(value)) {
+        if (!allowed.has(key)) {
+            throw new Error(`${path}.${key} is not an allowed field; permitted: name, value`);
+        }
+    }
+    const name = requireString(value.name, `${path}.name`);
+    if (!PROXY_ENDPOINT_NAME_PATTERN.test(name)) {
+        throw new Error(`${path}.name must match the same pattern as proxyEndpoints[].name (lowercase letters, digits, '_' and '-'; <=63 chars)`);
+    }
+    const valueField = parseProxyAuthValue(value.value, `${path}.value`);
+    return { name, value: valueField };
+}
+function parseProxyAuthValue(input, path) {
+    const value = requireRecord(input, path);
+    const type = requireString(value.type, `${path}.type`);
+    switch (type) {
+        case "bearer": {
+            assertOnlyKeys(value, path, ["type", "token"]);
+            const token = requireSecretValue(value.token, `${path}.token`);
+            return { type: "bearer", token };
+        }
+        case "basic": {
+            assertOnlyKeys(value, path, ["type", "username", "password"]);
+            // Usernames are not redactable in the strict sense (often public
+            // identifiers like an email), so we only enforce non-emptiness.
+            // The password is the secret-bearing half.
+            const username = requireString(value.username, `${path}.username`);
+            const password = requireSecretValue(value.password, `${path}.password`);
+            return { type: "basic", username, password };
+        }
+        case "header": {
+            assertOnlyKeys(value, path, ["type", "value"]);
+            const headerValue = requireSecretValue(value.value, `${path}.value`);
+            return { type: "header", value: headerValue };
+        }
+        case "query": {
+            assertOnlyKeys(value, path, ["type", "value"]);
+            const queryValue = requireSecretValue(value.value, `${path}.value`);
+            return { type: "query", value: queryValue };
+        }
+        default:
+            throw new Error(`${path}.type must be one of: bearer, basic, header, query`);
+    }
+}
+/**
+ * Minimum byte length for a value that MUST be redacted from upstream
+ * response bodies. The proxy's body redactor refuses to mask anything
+ * shorter than this (masking a 1-byte literal would corrupt the body),
+ * so accepting a 4-byte secret here would silently let it through the
+ * redactor. The threshold is mirrored exactly in
+ * `apps/dashboard/src/server/proxy/redact.ts` — keep them in sync.
+ */
+const MIN_PROXY_SECRET_BYTES = 8;
+function requireSecretValue(input, field) {
+    const value = requireString(input, field);
+    const byteLen = Buffer.byteLength(value, "utf8");
+    if (byteLen < MIN_PROXY_SECRET_BYTES) {
+        throw new Error(`${field} must be at least ${MIN_PROXY_SECRET_BYTES} bytes; shorter values cannot be reliably redacted from upstream responses`);
+    }
+    return value;
+}
+function assertNoSecretBearingFields(input, path) {
+    if (Array.isArray(input)) {
+        input.forEach((item, index) => assertNoSecretBearingFields(item, [...path, String(index)]));
+        return;
+    }
+    if (!isRecord(input)) {
+        return;
+    }
+    for (const [key, value] of Object.entries(input)) {
+        if (deniedSecretFields.has(key)) {
+            throw new Error(`Secret-bearing field is not allowed in platform submission: ${[...path, key].join(".")}`);
+        }
+        assertNoSecretBearingFields(value, [...path, key]);
+    }
+}
+function requireRecord(input, field) {
+    if (!isRecord(input)) {
+        throw new Error(`${field} must be an object`);
+    }
+    return input;
+}
+function isRecord(input) {
+    return typeof input === "object" && input !== null && !Array.isArray(input);
+}
+function requireString(input, field) {
+    if (typeof input !== "string" || input.length === 0) {
+        throw new Error(`${field} must be a non-empty string`);
+    }
+    return input;
+}
+function optionalString(input, field) {
+    if (input === undefined) {
+        return undefined;
+    }
+    return requireString(input, field);
+}
+function optionalEnum(input, field, allowed) {
+    if (input === undefined) {
+        return undefined;
+    }
+    if (typeof input !== "string" || !allowed.includes(input)) {
+        throw new Error(`${field} must be one of: ${allowed.join(", ")}`);
+    }
+    return input;
+}
+function requireStringArray(input, field) {
+    if (!Array.isArray(input) || input.length === 0 || input.some((item) => typeof item !== "string" || item.length === 0)) {
+        throw new Error(`${field} must be a non-empty string array`);
+    }
+    return input;
+}
+function optionalStringRecord(input, field) {
+    if (input === undefined) {
+        return undefined;
+    }
+    const value = requireRecord(input, field);
+    for (const [key, entry] of Object.entries(value)) {
+        if (typeof entry !== "string" || entry.length === 0) {
+            throw new Error(`${field}.${key} must be a non-empty string`);
+        }
+    }
+    return value;
+}
+function optionalJsonRecord(input, field) {
+    if (input === undefined) {
+        return undefined;
+    }
+    const value = requireRecord(input, field);
+    for (const [key, entry] of Object.entries(value)) {
+        if (!isJsonValue(entry)) {
+            throw new Error(`${field}.${key} must be JSON-serializable`);
+        }
+    }
+    return value;
+}
+function optionalPositiveInt(input, field) {
+    if (input === undefined) {
+        return undefined;
+    }
+    if (typeof input !== "number" || !Number.isSafeInteger(input) || input <= 0) {
+        throw new Error(`${field} must be a positive safe integer`);
+    }
+    return input;
+}
+function isJsonValue(input) {
+    if (typeof input === "number") {
+        return Number.isFinite(input);
+    }
+    if (input === null || typeof input === "string" || typeof input === "boolean") {
+        return true;
+    }
+    if (Array.isArray(input)) {
+        return input.every(isJsonValue);
+    }
+    if (isRecord(input)) {
+        return Object.values(input).every(isJsonValue);
+    }
+    return false;
+}
+//# sourceMappingURL=submission.js.map

package/dist/{template → _shared/template}/compiler.js

@@ -1,6 +1,6 @@
-import { TemplateValidationError } from "../errors.js";
-import { containsSecretLikeValue } from "../utils/secrets.js";
-import { sha256, stableStringify } from "../utils/stable.js";
+import { TemplateValidationError } from "../sdk-errors.js";
+import { containsSecretLikeValue } from "../sdk-secrets.js";
+import { sha256, stableStringify } from "../stable.js";
 const ESCAPED_OPEN = "\u0000ANTPATH_ESCAPED_OPEN\u0000";
 const VARIABLE_PATTERN = /{{\s*([A-Za-z_][A-Za-z0-9_]*)\s*}}/g;
 export function compileTemplate(template, variables = {}) {

package/dist/{template/index.d.ts → _shared/template/helpers.d.ts}

@@ -1,6 +1,4 @@
 import type { CredentialRequirement, TemplateDefinition, TemplateVariableDefinition } from "./types.js";
-export type { TemplateDefinition, TemplateVariableDefinition, EnvironmentDefinition } from "./types.js";
-export { compileTemplate, type ResolvedTemplate } from "./compiler.js";
 export declare function defineTemplate<TVariables extends Record<string, TemplateVariableDefinition> = Record<string, never>>(definition: TemplateDefinition<TVariables>): TemplateDefinition<TVariables>;
 export declare function string(options?: {
     default?: string;