antpath 0.3.1 → 0.4.1

package/dist/_shared/operations.js

@@ -5,6 +5,11 @@
  *
  * Every function takes an HttpClient (so callers control auth + fetch
  * injection) and returns parsed responses.
+ *
+ * Workspace identity is derived server-side from the API token on
+ * every request — callers do not pass `workspaceId`. See
+ * `references/development-principles.md` (Agent-first surface design,
+ * Concrete rule 3).
  */
 export async function submitRun(http, request) {
     return http.request("/api/runs", {
@@ -12,30 +17,86 @@ export async function submitRun(http, request) {
         body: JSON.stringify(request)
     });
 }
-export async function getRun(http, workspaceId, runId) {
-    const result = await http.request(`/api/runs/${encodeURIComponent(runId)}`, {}, { workspaceId });
+export async function getRun(http, runId) {
+    const result = await http.request(`/api/runs/${encodeURIComponent(runId)}`);
     return hasRun(result) ? result.run : result;
 }
-export async function listRunEvents(http, workspaceId, runId) {
-    const result = await http.request(`/api/runs/${encodeURIComponent(runId)}/events`, {}, { workspaceId });
+export async function listRunEvents(http, runId) {
+    const result = await http.request(`/api/runs/${encodeURIComponent(runId)}/events`);
     return result.events;
 }
-export async function listOutputs(http, workspaceId, runId) {
-    const result = await http.request(`/api/runs/${encodeURIComponent(runId)}/outputs`, {}, { workspaceId });
+export async function listOutputs(http, runId) {
+    const result = await http.request(`/api/runs/${encodeURIComponent(runId)}/outputs`);
     return result.outputs;
 }
-export async function createOutputLink(http, workspaceId, runId, outputId) {
-    return http.request(`/api/runs/${encodeURIComponent(runId)}/outputs/${encodeURIComponent(outputId)}/link`, { method: "POST" }, { workspaceId });
+export async function createOutputLink(http, runId, outputId) {
+    return http.request(`/api/runs/${encodeURIComponent(runId)}/outputs/${encodeURIComponent(outputId)}/link`, { method: "POST" });
 }
-export async function cancelRun(http, workspaceId, runId) {
-    await http.request(`/api/runs/${encodeURIComponent(runId)}/cancel`, { method: "POST" }, { workspaceId });
+export async function cancelRun(http, runId) {
+    await http.request(`/api/runs/${encodeURIComponent(runId)}/cancel`, { method: "POST" });
 }
-export async function deleteRun(http, workspaceId, runId) {
-    await http.request(`/api/runs/${encodeURIComponent(runId)}`, { method: "DELETE" }, { workspaceId });
+export async function deleteRun(http, runId) {
+    await http.request(`/api/runs/${encodeURIComponent(runId)}`, { method: "DELETE" });
 }
 export async function whoami(http) {
     return http.request("/api/whoami");
 }
+// ===========================================================================
+// Flat (Skill / McpServer / Blueprint) operations
+// ===========================================================================
+export async function submitRunFlat(http, request) {
+    return http.request("/api/runs", {
+        method: "POST",
+        body: JSON.stringify(request)
+    });
+}
+/**
+ * Upload a workspace skill bundle as a zip blob. The dashboard BFF runs
+ * the two-phase flow internally (insert pending row, stream bytes into
+ * Supabase Storage, validate manifest, transition to ready) and returns
+ * the finalized `Skill`. Use `Skill.fromPath` / `Skill.upload` in the
+ * SDK to build the body; this transport function only knows about
+ * bytes.
+ */
+export async function createSkillBundle(http, args) {
+    const form = new FormData();
+    form.append("name", args.name);
+    const blobBody = toBlob(args.body, args.contentType ?? "application/zip");
+    form.append("bundle", blobBody, args.filename ?? `${args.name}.zip`);
+    return http.request("/api/skills", {
+        method: "POST",
+        body: form
+    });
+}
+export async function listSkills(http) {
+    const result = await http.request("/api/skills");
+    if (Array.isArray(result)) {
+        return result;
+    }
+    return result.skills;
+}
+export async function getSkill(http, skillId) {
+    return http.request(`/api/skills/${encodeURIComponent(skillId)}`);
+}
+export async function deleteSkill(http, skillId) {
+    await http.request(`/api/skills/${encodeURIComponent(skillId)}`, {
+        method: "DELETE"
+    });
+}
+function toBlob(input, contentType) {
+    if (input instanceof Blob) {
+        return input;
+    }
+    if (input instanceof Uint8Array) {
+        // BlobPart accepts ArrayBufferView, but lib.dom's overload set
+        // narrows on the underlying buffer kind. Slice into a fresh
+        // ArrayBuffer so a SharedArrayBuffer-backed Uint8Array works.
+        const copy = new Uint8Array(input.byteLength);
+        copy.set(input);
+        return new Blob([copy.buffer], { type: contentType });
+    }
+    return new Blob([input], { type: contentType });
+}
 function hasRun(value) {
     return Boolean(value && typeof value === "object" && "run" in value);
 }

package/dist/_shared/runtime-types.d.ts

@@ -73,6 +73,36 @@ export interface WhoAmI {
     readonly scopes?: readonly string[];
     readonly [key: string]: unknown;
 }
+/**
+ * Workspace skill bundle as the dashboard BFF returns it. Mirrors a row
+ * of `skill_bundles` joined with its computed manifest. `state` is the
+ * upload lifecycle (`pending` -> `ready`); only `ready` rows are
+ * referenceable from a run. `deletedAt` is the soft-delete tombstone
+ * (`null` for live bundles).
+ *
+ * See `references/repo-architecture.md` (Skill custody) and
+ * supabase/migrations/20260512000000_skill_bundles.sql for the
+ * authoritative shape.
+ */
+export interface Skill {
+    readonly id: string;
+    readonly workspaceId?: string;
+    readonly name: string;
+    readonly state: "pending" | "ready";
+    readonly hash?: string | null;
+    readonly sizeBytes?: number | null;
+    readonly fileCount?: number | null;
+    readonly manifest?: ReadonlyArray<{
+        readonly path: string;
+        readonly size: number;
+        readonly mode: number;
+    }>;
+    readonly createdAt?: string;
+    readonly updatedAt?: string;
+    readonly finalizedAt?: string | null;
+    readonly deletedAt?: string | null;
+    readonly [key: string]: unknown;
+}
 /**
  * Full submission as the SDK and CLI assemble it before posting. The
  * `template` is the SDK-level ResolvedTemplate (or a JSON-encoded one);

package/dist/_shared/stable.d.ts

@@ -1,2 +1,16 @@
+/**
+ * Canonical hosted antpath URL. Used as the default `baseUrl` for the
+ * SDK `AntpathClient` and the host-side CLI `--dashboard-url` flag.
+ *
+ * A single canonical default is not a "footnote mode" — it is the
+ * canonical product. Self-hosted deployments override via the
+ * explicit `baseUrl` / `--dashboard-url` parameter. The value lives in
+ * source (no env-var override) so the agent reading the SDK call site
+ * can see exactly where the call goes.
+ *
+ * See `references/development-principles.md` (Agent-first surface
+ * design, Concrete rule 3).
+ */
+export declare const ANTPATH_DEFAULT_BASE_URL = "https://antpath.ai";
 export declare function stableStringify(value: unknown): string;
 export declare function sha256(value: unknown): string;

package/dist/_shared/stable.js

@@ -1,4 +1,18 @@
 import { createHash } from "node:crypto";
+/**
+ * Canonical hosted antpath URL. Used as the default `baseUrl` for the
+ * SDK `AntpathClient` and the host-side CLI `--dashboard-url` flag.
+ *
+ * A single canonical default is not a "footnote mode" — it is the
+ * canonical product. Self-hosted deployments override via the
+ * explicit `baseUrl` / `--dashboard-url` parameter. The value lives in
+ * source (no env-var override) so the agent reading the SDK call site
+ * can see exactly where the call goes.
+ *
+ * See `references/development-principles.md` (Agent-first surface
+ * design, Concrete rule 3).
+ */
+export const ANTPATH_DEFAULT_BASE_URL = "https://antpath.ai";
 export function stableStringify(value) {
     return JSON.stringify(sortValue(value));
 }

package/dist/_shared/submission.d.ts

@@ -1,4 +1,5 @@
 import { type ProxyAuthShape, type ProxyMethod, type ProxyResponseMode } from "./proxy-protocol.js";
+import type { McpServerRef, SkillRef } from "./blueprint.js";
 export type JsonPrimitive = string | number | boolean | null;
 export type JsonValue = JsonPrimitive | JsonValue[] | {
     readonly [key: string]: JsonValue;
@@ -125,6 +126,21 @@ export interface PlatformRunSubmissionRequest {
      */
     readonly proxyEndpoints?: readonly PlatformProxyEndpoint[];
 }
+/**
+ * Wire shape posted by the SDK and CLI. `workspaceId` is **omitted by
+ * design** — token-authenticated clients never name the workspace
+ * because it is derived from their API token on the server. The BFF
+ * route resolves the workspace from the token and injects it before
+ * calling `parseRunSubmissionRequest`. The dashboard UI (Auth.js user
+ * principal, multi-workspace) is the only caller that supplies
+ * `workspaceId` itself.
+ *
+ * See `references/development-principles.md` (Agent-first surface
+ * design, Concrete rule 3).
+ */
+export type PlatformRunSubmissionInput = Omit<PlatformRunSubmissionRequest, "workspaceId"> & {
+    readonly workspaceId?: string;
+};
 /**
  * Default caps for a proxy endpoint when the submission doesn't specify
  * one. Conservative on purpose. Operators can override the platform-
@@ -140,3 +156,42 @@ export declare const PROXY_ENDPOINT_DEFAULTS: {
     readonly responseByteBudget: number;
 };
 export declare function parseRunSubmissionRequest(input: unknown): PlatformRunSubmissionRequest;
+/**
+ * Wire-level submission posted to /api/runs in the flat surface. The
+ * `prompt` is always an array internally so the worker, the audit log,
+ * and the BFF idempotency hash all see one shape. `mcpServers` carries
+ * only the non-secret half; bearer headers travel in
+ * `secrets.mcpServers` keyed by `name`.
+ *
+ * `skills` is a list of `SkillRef`s — workspace refs point at
+ * `skill_bundles.id` (validated by the BFF before acceptance and pinned
+ * into `run_skill_snapshots`), provider refs pass through unchanged.
+ */
+export interface PlatformFlatSubmission {
+    readonly model: string;
+    readonly system?: string;
+    readonly prompt: readonly string[];
+    readonly skills: readonly SkillRef[];
+    readonly mcpServers: readonly McpServerRef[];
+    readonly environment?: PlatformTemplateEnvironment;
+    readonly metadata?: Record<string, JsonValue>;
+}
+export interface PlatformFlatRunSubmissionRequest {
+    readonly workspaceId: string;
+    readonly idempotencyKey: string;
+    readonly submission: PlatformFlatSubmission;
+    readonly cleanup?: PlatformCleanupPolicy;
+    readonly secrets: PlatformInlineSecrets;
+    readonly proxyEndpoints?: readonly PlatformProxyEndpoint[];
+}
+/**
+ * Same `workspaceId is optional` rule as the template-path
+ * `PlatformRunSubmissionInput`: token-authenticated clients leave it
+ * out, the BFF route injects it from the token before invoking the
+ * parser. Dashboard UI callers (Auth.js user principal) pass it
+ * explicitly.
+ */
+export type PlatformFlatRunSubmissionInput = Omit<PlatformFlatRunSubmissionRequest, "workspaceId"> & {
+    readonly workspaceId?: string;
+};
+export declare function parseFlatRunSubmissionRequest(input: unknown): PlatformFlatRunSubmissionRequest;

package/dist/_shared/submission.js

@@ -1,4 +1,5 @@
 import { authShapeHeaderName, PROXY_ALLOWED_METHODS, PROXY_RESPONSE_MODES } from "./proxy-protocol.js";
+import { parseMcpServerRef, parseSkillRef } from "./blueprint.js";
 const SECRETS_KEY = "secrets";
 /**
  * Default caps for a proxy endpoint when the submission doesn't specify
@@ -459,7 +460,15 @@ function parseMcpServers(input) {
     if (!Array.isArray(input)) {
         throw new Error("secrets.mcpServers must be an array");
     }
-    return input.map((entry, index) => parseMcpServer(entry, `secrets.mcpServers[${index}]`));
+    const seen = new Set();
+    return input.map((entry, index) => {
+        const parsed = parseMcpServer(entry, `secrets.mcpServers[${index}]`);
+        if (seen.has(parsed.name)) {
+            throw new Error(`secrets.mcpServers duplicate name: ${parsed.name}`);
+        }
+        seen.add(parsed.name);
+        return parsed;
+    });
 }
 function parseMcpServer(input, path) {
     const value = requireRecord(input, path);
@@ -678,4 +687,129 @@ function isJsonValue(input) {
     }
     return false;
 }
+export function parseFlatRunSubmissionRequest(input) {
+    const value = requireRecord(input, "submission");
+    // Defence in depth: scan every non-secrets field for credential-named
+    // keys, exactly like `parseRunSubmissionRequest`. The `secrets` key is
+    // the only allow-listed home for credential material.
+    for (const [key, fieldValue] of Object.entries(value)) {
+        if (key === SECRETS_KEY) {
+            continue;
+        }
+        if (deniedSecretFields.has(key)) {
+            throw new Error(`Secret-bearing field is not allowed in platform submission: ${key}`);
+        }
+        assertNoSecretBearingFields(fieldValue, [key]);
+    }
+    const cleanup = parseCleanupPolicy(value.cleanup);
+    const proxyEndpoints = parseProxyEndpoints(value.proxyEndpoints);
+    const secrets = parseInlineSecrets(value.secrets);
+    crossValidateProxyEndpointsAndAuth(proxyEndpoints, secrets.proxyEndpointAuth);
+    const submission = parseFlatSubmission(value.submission);
+    // mcpServers names must agree across the submission half and the
+    // secrets half — every secrets.mcpServers[i].name MUST resolve to a
+    // submission.mcpServers entry (no orphan secrets) AND the URL must
+    // match exactly. The reverse is allowed (an MCP server with no auth
+    // headers is a valid public-MCP mode).
+    if (secrets.mcpServers !== undefined) {
+        const declared = new Map(submission.mcpServers.map((m) => [m.name, m.url]));
+        for (const secret of secrets.mcpServers) {
+            const declaredUrl = declared.get(secret.name);
+            if (declaredUrl === undefined) {
+                throw new Error(`secrets.mcpServers[name=${secret.name}] has no matching submission.mcpServers entry`);
+            }
+            if (declaredUrl !== secret.url) {
+                throw new Error(`secrets.mcpServers[name=${secret.name}].url must equal submission.mcpServers[name=${secret.name}].url ` +
+                    `(got submission=${declaredUrl}, secrets=${secret.url})`);
+            }
+        }
+    }
+    return {
+        workspaceId: requireString(value.workspaceId, "workspaceId"),
+        idempotencyKey: requireString(value.idempotencyKey, "idempotencyKey"),
+        submission,
+        ...(cleanup ? { cleanup } : {}),
+        ...(proxyEndpoints ? { proxyEndpoints } : {}),
+        secrets
+    };
+}
+function parseFlatSubmission(input) {
+    const value = requireRecord(input, "submission.submission");
+    const allowed = new Set([
+        "model",
+        "system",
+        "prompt",
+        "skills",
+        "mcpServers",
+        "environment",
+        "metadata"
+    ]);
+    for (const key of Object.keys(value)) {
+        if (!allowed.has(key)) {
+            throw new Error(`submission.${key} is not an allowed field; permitted: ${[...allowed].join(", ")}`);
+        }
+    }
+    const model = requireString(value.model, "submission.model");
+    const system = optionalString(value.system, "submission.system");
+    const prompt = parseFlatPrompt(value.prompt);
+    const skills = parseFlatSkills(value.skills);
+    const mcpServers = parseFlatMcpServers(value.mcpServers);
+    const environment = parseTemplateEnvironment(value.environment);
+    const metadata = optionalJsonRecord(value.metadata, "submission.metadata");
+    return {
+        model,
+        ...(system ? { system } : {}),
+        prompt,
+        skills,
+        mcpServers,
+        ...(environment ? { environment } : {}),
+        ...(metadata ? { metadata } : {})
+    };
+}
+function parseFlatPrompt(input) {
+    if (typeof input === "string") {
+        if (input.length === 0) {
+            throw new Error("submission.prompt must be non-empty");
+        }
+        return [input];
+    }
+    if (!Array.isArray(input)) {
+        throw new Error("submission.prompt must be a string or an array of strings");
+    }
+    if (input.length === 0) {
+        throw new Error("submission.prompt array must be non-empty");
+    }
+    return input.map((item, index) => {
+        if (typeof item !== "string" || item.length === 0) {
+            throw new Error(`submission.prompt[${index}] must be a non-empty string`);
+        }
+        return item;
+    });
+}
+function parseFlatSkills(input) {
+    if (input === undefined) {
+        return [];
+    }
+    if (!Array.isArray(input)) {
+        throw new Error("submission.skills must be an array of SkillRef objects");
+    }
+    return input.map((item, index) => parseSkillRef(item, `submission.skills[${index}]`));
+}
+function parseFlatMcpServers(input) {
+    if (input === undefined) {
+        return [];
+    }
+    if (!Array.isArray(input)) {
+        throw new Error("submission.mcpServers must be an array of {name, url} objects");
+    }
+    const seen = new Set();
+    return input.map((item, index) => {
+        const ref = parseMcpServerRef(item, `submission.mcpServers[${index}]`);
+        if (seen.has(ref.name)) {
+            throw new Error(`submission.mcpServers duplicate name: ${ref.name}`);
+        }
+        seen.add(ref.name);
+        return ref;
+    });
+}
 //# sourceMappingURL=submission.js.map