deepline 0.1.93 → 0.1.95

package/dist/repo/sdk/src/play.ts

@@ -73,6 +73,10 @@
 import { DeeplineClient } from './client.js';
 import { DeeplineError } from './errors.js';
 import { createToolExecuteResult } from '../../shared_libs/play-runtime/tool-result.js';
+export {
+  readValue,
+  readList,
+} from '../../shared_libs/play-runtime/tool-result.js';
 import type {
   PlayDataset,
   PlayDatasetInput,
@@ -81,6 +85,7 @@ import type {
   ToolExecuteResult,
   ToolResultMetadataInput,
 } from '../../shared_libs/play-runtime/tool-result-types.js';
+import type { EmailStatusExtractorConfig } from '../../shared_libs/play-runtime/email-status.js';
 import type { PreviousCell } from '../../shared_libs/play-runtime/cell-staleness.js';
 import type {
   DeeplineClientOptions,
@@ -1549,6 +1554,50 @@ function stringArray(value: unknown): string[] {
   return Array.isArray(value) ? value.map(String) : [];
 }
 
+function emailStatusExtractorConfig(
+  value: unknown,
+): EmailStatusExtractorConfig | undefined {
+  if (!isRecord(value)) return undefined;
+  const readPaths = (key: string): string[] | undefined => {
+    const paths = stringArray(value[key])
+      .map((path) => path.trim())
+      .filter(Boolean);
+    return paths.length > 0 ? paths : undefined;
+  };
+  const provider =
+    typeof value.provider === 'string' && value.provider.trim()
+      ? value.provider.trim()
+      : null;
+  if (!provider) return undefined;
+  const config: EmailStatusExtractorConfig = { provider };
+  for (const key of [
+    'rawStatus',
+    'rawScore',
+    'valid',
+    'deliverability',
+    'catchAll',
+    'mxProvider',
+    'mxRecord',
+    'fraudScore',
+    'disposable',
+    'roleBased',
+    'freeEmail',
+    'abuse',
+    'spamtrap',
+    'suspect',
+  ] as const) {
+    const paths = readPaths(key);
+    if (paths) config[key] = paths;
+  }
+  if (isRecord(value.statusMap)) {
+    config.statusMap = value.statusMap as EmailStatusExtractorConfig['statusMap'];
+  }
+  if (Array.isArray(value.rules)) {
+    config.rules = value.rules as EmailStatusExtractorConfig['rules'];
+  }
+  return config;
+}
+
 function extractorDescriptorRecord(
   value: unknown,
 ): ToolResultMetadataInput['extractors'] {
@@ -1566,6 +1615,7 @@ function extractorDescriptorRecord(
       const enumValues = stringArray(descriptor.enum)
         .map((entry) => entry.trim())
         .filter(Boolean);
+      const emailStatus = emailStatusExtractorConfig(descriptor.emailStatus);
       return [
         [
           key,
@@ -1573,6 +1623,7 @@ function extractorDescriptorRecord(
             paths,
             ...(transforms.length > 0 ? { transforms } : {}),
             ...(enumValues.length > 0 ? { enum: enumValues } : {}),
+            ...(emailStatus ? { emailStatus } : {}),
           },
         ],
       ];

package/dist/repo/sdk/src/release.ts

@@ -50,10 +50,10 @@ export type SdkRelease = {
 };
 
 export const SDK_RELEASE = {
-  version: '0.1.93',
+  version: '0.1.95',
   apiContract: '2026-06-dataset-column-cell-stale-hard-cutover',
   supportPolicy: {
-    latest: '0.1.93',
+    latest: '0.1.95',
     minimumSupported: '0.1.53',
     deprecatedBelow: '0.1.53',
   },

package/dist/repo/shared_libs/play-runtime/email-status.ts

@@ -89,41 +89,15 @@ export type EmailStatusBuildInput = {
   values: Record<string, unknown>;
 };
 
-const DEFAULT_STATUS_MAP: Record<string, EmailStatusMapEntry> = {
-  verified: { status: 'valid', verdict: 'send', verified: true },
-  valid: { status: 'valid', verdict: 'send', verified: true },
-  deliverable: { status: 'valid', verdict: 'send', verified: true },
-  true: { status: 'valid', verdict: 'send', verified: true },
-  invalid: { status: 'invalid', verdict: 'drop', verified: false },
-  undeliverable: { status: 'invalid', verdict: 'drop', verified: false },
-  false: { status: 'invalid', verdict: 'drop', verified: false },
-  'catch-all': {
-    status: 'catch_all',
-    verdict: 'verify_next',
-    verified: false,
-  },
-  catch_all: {
-    status: 'catch_all',
-    verdict: 'verify_next',
-    verified: false,
-  },
-  valid_catch_all: {
-    status: 'valid_catch_all',
-    verdict: 'send_with_caution',
-    verified: true,
-  },
-  accept_all: {
-    status: 'catch_all',
-    verdict: 'verify_next',
-    verified: false,
-  },
-  unknown: { status: 'unknown', verdict: 'hold', verified: false },
-  unavailable: { status: 'unknown', verdict: 'hold', verified: false },
-  do_not_mail: { status: 'do_not_mail', verdict: 'drop', verified: false },
-  spamtrap: { status: 'spamtrap', verdict: 'drop', verified: false },
-  abuse: { status: 'abuse', verdict: 'drop', verified: false },
-  disposable: { status: 'disposable', verdict: 'drop', verified: false },
-};
+// There is intentionally NO shared default status map. Each provider must
+// declare its own `statusMap` / `rules` for the raw status strings it emits
+// (see the provider registries under src/lib/integrations/**). A coarse global
+// map silently coerced provider-specific strings ("deliverable", "accept_all",
+// etc.) into canonical verdicts and let validators depend on guesses instead of
+// documented behavior. With it gone, an unmapped raw status falls through to
+// the typed signal inference below (and ultimately to `unknown`/`hold`) rather
+// than being normalized by a global lookup — loud and provider-declared over
+// silent and implicit.
 
 function normalizeKey(value: unknown): string | null {
   if (value == null) return null;
@@ -186,7 +160,7 @@ function entryForStatus(
   map: Record<string, EmailStatusMapEntry> | undefined,
 ): EmailStatusMapEntry | null {
   if (!key) return null;
-  return map?.[key] ?? DEFAULT_STATUS_MAP[key] ?? null;
+  return map?.[key] ?? null;
 }
 
 function read(values: Record<string, unknown>, name: string): unknown {

package/dist/repo/shared_libs/play-runtime/extractor-targets.ts

@@ -1,4 +1,4 @@
-import type { EmailStatus, EmailStatusValue } from './email-status';
+import type { EmailStatus } from './email-status';
 
 export const JOB_CHANGE_STATUS_VALUES = [
   'moved',
@@ -65,7 +65,7 @@ export const DEEPLINE_EXTRACTOR_TARGETS = Object.keys(
   DEEPLINE_EXTRACTOR_TARGET_DEFINITIONS,
 ) as DeeplineExtractorTarget[];
 
-export type DeeplineEmailStatusGetterValue = EmailStatus | EmailStatusValue;
+export type DeeplineEmailStatusGetterValue = EmailStatus;
 
 export type DeeplineGetterValueMap = {
   id: string;
@@ -91,7 +91,7 @@ export type DeeplineGetterValueMap = {
   status: string;
   job_change: JobChangeGetterValue;
   job_change_status: JobChangeStatus;
-  email_status: DeeplineEmailStatusGetterValue;
+  email_status: EmailStatus;
   phone_status: PhoneStatus;
 };
 

package/dist/repo/shared_libs/play-runtime/tool-result.ts

@@ -1029,6 +1029,50 @@ export function isToolExecuteResult(
   );
 }
 
+function resultRootOf(result: ToolExecuteResult): unknown {
+  return { toolResponse: result.toolOutput };
+}
+
+/**
+ * Read a single value out of a tool result — by declared getter name, then by
+ * selector paths, then by key. Used by SDK play helpers (`extractValue`).
+ */
+export function readValue(
+  result: ToolExecuteResult,
+  selector: readonly string[] | string,
+): unknown {
+  if (typeof selector === 'string') {
+    const declared = result.extractedValues[selector]?.get();
+    if (declared != null) return declared;
+  }
+  const root = resultRootOf(result);
+  const paths = Array.isArray(selector) ? selector : [selector];
+  const byPath = findFirstTargetByPath(root, paths);
+  if (byPath) return byPath.value;
+  if (typeof selector === 'string') {
+    const byKey = findFirstTargetByKey(root, selector);
+    if (byKey) return byKey.value;
+  }
+  return null;
+}
+
+/**
+ * Read array rows out of a tool result — by selector paths, else the first
+ * declared list accessor. Companion to {@link readValue} for `extractList`.
+ */
+export function readList(
+  result: ToolExecuteResult,
+  selector?: readonly string[] | string,
+): Record<string, unknown>[] {
+  if (selector) {
+    const paths = Array.isArray(selector) ? selector : [selector];
+    const found = findFirstTargetByPath(resultRootOf(result), paths)?.value;
+    const rows = normalizeRows(found);
+    if (rows) return rows;
+  }
+  return Object.values(result.extractedLists)[0]?.get() ?? [];
+}
+
 function metadataInputFromToolExecuteResult(
   value: ToolExecuteResult,
 ): ToolResultMetadataInput {

package/dist/repo/shared_libs/plays/secret-guardrails.ts

@@ -5,8 +5,7 @@ const PRIVATE_KEY_PATTERN =
 const BEARER_LITERAL_PATTERN = /\bBearer\s+[A-Za-z0-9._~+/=-]{16,}/i;
 const ASSIGNMENT_SECRET_LITERAL_PATTERN =
   /\b(?:api[_-]?key|token|secret|password)\b\s*[:=]\s*['"][^'"]{12,}['"]/i;
-const HIGH_ENTROPY_LITERAL_PATTERN =
-  /['"]([A-Za-z0-9+/=_-]{32,})['"]/g;
+const HIGH_ENTROPY_LITERAL_PATTERN = /['"]([A-Za-z0-9+/=_-]{32,})['"]/g;
 
 function shannonEntropy(value: string): number {
   const counts = new Map<string, number>();
@@ -17,26 +16,38 @@ function shannonEntropy(value: string): number {
   }, 0);
 }
 
-export function validatePlaySourceHasNoInlineSecrets(input: {
-  sourceCode: string;
-  filePath: string;
-}): void {
+/**
+ * Returns the inline-secret findings in a string (empty if none). The throwing
+ * validator below and the workflows→plays migration validator both call this so
+ * the heuristics stay a single source of truth (no drift between "publish
+ * rejects it" and "transform skips it loudly").
+ */
+export function collectInlineSecretFindings(sourceCode: string): string[] {
   const findings: string[] = [];
-  for (const match of input.sourceCode.matchAll(SECRET_ENV_PATTERN)) {
+  for (const match of sourceCode.matchAll(SECRET_ENV_PATTERN)) {
     findings.push(`process.env.${match[1]}`);
   }
-  if (PRIVATE_KEY_PATTERN.test(input.sourceCode)) findings.push('private key block');
-  if (BEARER_LITERAL_PATTERN.test(input.sourceCode)) findings.push('bearer token literal');
-  if (ASSIGNMENT_SECRET_LITERAL_PATTERN.test(input.sourceCode)) {
+  if (PRIVATE_KEY_PATTERN.test(sourceCode)) findings.push('private key block');
+  if (BEARER_LITERAL_PATTERN.test(sourceCode))
+    findings.push('bearer token literal');
+  if (ASSIGNMENT_SECRET_LITERAL_PATTERN.test(sourceCode)) {
     findings.push('secret-looking assignment literal');
   }
-  for (const match of input.sourceCode.matchAll(HIGH_ENTROPY_LITERAL_PATTERN)) {
+  for (const match of sourceCode.matchAll(HIGH_ENTROPY_LITERAL_PATTERN)) {
     const literal = match[1] ?? '';
     if (literal.length >= 40 && shannonEntropy(literal) >= 4.2) {
       findings.push('high-entropy string literal');
       break;
     }
   }
+  return [...new Set(findings)];
+}
+
+export function validatePlaySourceHasNoInlineSecrets(input: {
+  sourceCode: string;
+  filePath: string;
+}): void {
+  const findings = collectInlineSecretFindings(input.sourceCode);
   if (!findings.length) return;
   throw new Error(
     [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "deepline",
-  "version": "0.1.93",
+  "version": "0.1.95",
   "description": "Deepline SDK + CLI — B2B data enrichment powered by durable cloud execution",
   "license": "MIT",
   "repository": {