eve 0.12.2 → 0.12.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/dist/src/cli/commands/agent-instructions.d.ts +15 -3
- package/dist/src/cli/commands/agent-instructions.js +3 -1
- package/dist/src/cli/commands/agent-prompt/build-and-verify.md +33 -0
- package/dist/src/cli/commands/agent-prompt/collect-intent.md +18 -0
- package/dist/src/cli/commands/agent-prompt/intro-handoff.md +4 -0
- package/dist/src/cli/commands/agent-prompt/intro-setup.md +5 -0
- package/dist/src/cli/commands/agent-prompt/scaffold.md +19 -0
- package/dist/src/cli/commands/agent-prompt/vercel-connect.md +3 -0
- package/dist/src/cli/commands/init-repl.d.ts +79 -0
- package/dist/src/cli/commands/init-repl.js +1 -0
- package/dist/src/cli/commands/init.d.ts +6 -0
- package/dist/src/cli/commands/init.js +1 -1
- package/dist/src/cli/dev/tui/line-editor.d.ts +2 -0
- package/dist/src/cli/dev/tui/line-editor.js +2 -2
- package/dist/src/cli/dev/tui/prompt-command-handler.js +1 -1
- package/dist/src/cli/dev/tui/setup-commands.d.ts +26 -7
- package/dist/src/cli/dev/tui/setup-commands.js +2 -2
- package/dist/src/cli/dev/tui/setup-flow.d.ts +5 -3
- package/dist/src/cli/dev/tui/setup-panel.d.ts +12 -7
- package/dist/src/cli/dev/tui/setup-panel.js +3 -3
- package/dist/src/cli/dev/tui/terminal-renderer.js +10 -10
- package/dist/src/cli/dev/tui/terminal-text.d.ts +11 -0
- package/dist/src/cli/dev/tui/terminal-text.js +1 -1
- package/dist/src/cli/run.d.ts +1 -0
- package/dist/src/cli/run.js +2 -2
- package/dist/src/cli/ui/live-row.js +1 -1
- package/dist/src/cli/ui/progress-pulse.d.ts +10 -0
- package/dist/src/cli/ui/progress-pulse.js +1 -0
- package/dist/src/discover/discover-agent.js +1 -1
- package/dist/src/evals/target.js +1 -1
- package/dist/src/execution/node-step.js +1 -1
- package/dist/src/execution/sandbox/bindings/just-bash-runtime.js +1 -1
- package/dist/src/execution/sandbox/bindings/vercel-sdk-types.d.ts +0 -1
- package/dist/src/execution/sandbox/bindings/vercel.js +1 -1
- package/dist/src/execution/sandbox/multiplexed-command.d.ts +22 -0
- package/dist/src/execution/sandbox/multiplexed-command.js +1 -0
- package/dist/src/execution/tool-auth.d.ts +13 -3
- package/dist/src/execution/tool-auth.js +1 -1
- package/dist/src/execution/workflow-steps.js +1 -1
- package/dist/src/harness/tool-loop.js +1 -1
- package/dist/src/internal/application/package.js +1 -1
- package/dist/src/internal/authored-module-loader.js +2 -2
- package/dist/src/internal/nitro/dev-runtime-artifacts.js +1 -1
- package/dist/src/public/channels/slack/connections.d.ts +16 -18
- package/dist/src/public/channels/slack/defaults.d.ts +1 -1
- package/dist/src/public/channels/slack/defaults.js +1 -1
- package/dist/src/public/channels/slack/slackChannel.d.ts +6 -7
- package/dist/src/public/definitions/tool.d.ts +64 -20
- package/dist/src/public/tools/index.d.ts +1 -1
- package/dist/src/runtime/connections/scoped-authorization.js +1 -1
- package/dist/src/runtime/connections/validate-authorization.js +1 -1
- package/dist/src/runtime/framework-tools/connection-search-dynamic.js +1 -1
- package/dist/src/setup/ai-gateway-api-key.d.ts +15 -0
- package/dist/src/setup/ai-gateway-api-key.js +1 -0
- package/dist/src/setup/boxes/apply-ai-gateway-credential.js +1 -1
- package/dist/src/setup/boxes/detect-ai-gateway.js +2 -2
- package/dist/src/setup/boxes/resolve-provisioning.js +1 -1
- package/dist/src/setup/flows/channels.js +1 -1
- package/dist/src/setup/flows/deploy.js +1 -1
- package/dist/src/setup/flows/install-vercel-cli.js +1 -1
- package/dist/src/setup/flows/link.d.ts +2 -1
- package/dist/src/setup/flows/link.js +1 -1
- package/dist/src/setup/flows/login.js +1 -1
- package/dist/src/setup/flows/model.d.ts +3 -2
- package/dist/src/setup/flows/model.js +1 -1
- package/dist/src/setup/flows/vercel.js +2 -2
- package/dist/src/setup/scaffold/create/add-to-project.js +1 -1
- package/dist/src/setup/scaffold/create/project.js +1 -1
- package/dist/src/setup/vercel-project.d.ts +2 -6
- package/dist/src/setup/vercel-project.js +1 -1
- package/dist/src/setup/with-spinner.d.ts +3 -0
- package/dist/src/setup/with-spinner.js +1 -0
- package/dist/src/shared/package-name.d.ts +4 -0
- package/dist/src/shared/package-name.js +1 -0
- package/docs/channels/slack.mdx +1 -1
- package/docs/connections.mdx +9 -6
- package/docs/getting-started.mdx +8 -3
- package/docs/guides/auth-and-route-protection.md +59 -10
- package/docs/guides/dev-tui.md +2 -2
- package/docs/reference/cli.md +2 -2
- package/docs/reference/typescript-api.md +9 -7
- package/package.json +1 -1
- package/dist/src/cli/commands/init-agent-handoff.md +0 -12
- package/dist/src/cli/commands/init-agent-instructions.md +0 -16
|
@@ -222,7 +222,7 @@ Route auth does not enforce session ownership. If multiple users or tenants can
|
|
|
222
222
|
|
|
223
223
|
## Tool and connection auth
|
|
224
224
|
|
|
225
|
-
Tool and connection auth is how your agent reaches an external service that wants an interactive sign-in, like an OAuth MCP server.
|
|
225
|
+
Tool and connection auth is how your agent reaches an external service that wants an interactive sign-in, like an OAuth MCP server. Connections declare `auth` on the connection definition. Tools should resolve providers inline with `ctx.getToken(provider)` and call `ctx.requireAuth(provider)` only when a downstream service rejects a token; eve drives the sign-in, caches the token per step, and re-runs the call once the caller authorizes.
|
|
226
226
|
|
|
227
227
|
### On a connection
|
|
228
228
|
|
|
@@ -236,7 +236,7 @@ import { once } from "eve/tools/approval";
|
|
|
236
236
|
export default defineMcpClientConnection({
|
|
237
237
|
url: "https://mcp.linear.app/mcp",
|
|
238
238
|
description: "Linear: project management, issue tracking, and team workflows.",
|
|
239
|
-
auth: connect("
|
|
239
|
+
auth: connect("linear/myagent"),
|
|
240
240
|
approval: once(),
|
|
241
241
|
});
|
|
242
242
|
```
|
|
@@ -245,19 +245,20 @@ The first call that needs the connection kicks off an OAuth sign-in, surfaced as
|
|
|
245
245
|
|
|
246
246
|
### On a single tool
|
|
247
247
|
|
|
248
|
-
When one tool calls a service behind OAuth,
|
|
248
|
+
When one tool calls a service behind OAuth, keep the auth provider at the call site and skip the separate connection. Providers take the same shapes as connection `auth`: `connect("...")` for Vercel Connect-backed OAuth, a custom interactive definition, or a plain `{ getToken }` for static credentials.
|
|
249
249
|
|
|
250
250
|
```ts title="agent/tools/list_okta_groups.ts"
|
|
251
251
|
import { defineTool } from "eve/tools";
|
|
252
252
|
import { connect } from "@vercel/connect/eve";
|
|
253
253
|
import { z } from "zod";
|
|
254
254
|
|
|
255
|
+
const oktaAuth = connect("okta/myagent");
|
|
256
|
+
|
|
255
257
|
export default defineTool({
|
|
256
258
|
description: "List the caller's Okta groups.",
|
|
257
259
|
inputSchema: z.object({}),
|
|
258
|
-
auth: connect("okta"),
|
|
259
260
|
async execute(_input, ctx) {
|
|
260
|
-
const { token } = await ctx.getToken();
|
|
261
|
+
const { token } = await ctx.getToken(oktaAuth);
|
|
261
262
|
const res = await fetch("https://api.okta-proxy.internal/groups", {
|
|
262
263
|
headers: { authorization: `Bearer ${token}` },
|
|
263
264
|
});
|
|
@@ -266,14 +267,62 @@ export default defineTool({
|
|
|
266
267
|
});
|
|
267
268
|
```
|
|
268
269
|
|
|
269
|
-
|
|
270
|
+
This same inline shape naturally handles tools that need more than one credential:
|
|
271
|
+
|
|
272
|
+
```ts title="agent/tools/sync_ticket.ts"
|
|
273
|
+
import { connect } from "@vercel/connect/eve";
|
|
274
|
+
import { defineTool } from "eve/tools";
|
|
275
|
+
import { z } from "zod";
|
|
276
|
+
|
|
277
|
+
const githubAuth = connect("github/myagent");
|
|
278
|
+
const linearAuth = connect("linear/myagent");
|
|
279
|
+
|
|
280
|
+
export default defineTool({
|
|
281
|
+
description: "Sync GitHub context into Linear.",
|
|
282
|
+
inputSchema: z.object({ issueId: z.string() }),
|
|
283
|
+
async execute({ issueId }, ctx) {
|
|
284
|
+
const { token: githubToken } = await ctx.getToken(githubAuth);
|
|
285
|
+
const { token: linearToken } = await ctx.getToken(linearAuth);
|
|
286
|
+
|
|
287
|
+
const repo = await fetch("https://api.github.com/user/repos", {
|
|
288
|
+
headers: { authorization: `Bearer ${githubToken}` },
|
|
289
|
+
});
|
|
290
|
+
if (repo.status === 401) ctx.requireAuth(githubAuth);
|
|
291
|
+
|
|
292
|
+
return updateLinearIssue(issueId, linearToken, await repo.json());
|
|
293
|
+
},
|
|
294
|
+
});
|
|
295
|
+
```
|
|
296
|
+
|
|
297
|
+
Configure provider-specific OAuth targeting on the provider itself. For Vercel Connect, pass `tokenParams` to `connect(...)` when you need explicit OAuth scopes, resource indicators, or rich authorization requests:
|
|
298
|
+
|
|
299
|
+
```ts
|
|
300
|
+
const githubAuth = connect({
|
|
301
|
+
connector: "github/myagent",
|
|
302
|
+
tokenParams: {
|
|
303
|
+
authorizationDetails: [
|
|
304
|
+
{
|
|
305
|
+
type: "github_app_installation",
|
|
306
|
+
org: "acme",
|
|
307
|
+
repositories: ["agent-runtime"],
|
|
308
|
+
},
|
|
309
|
+
],
|
|
310
|
+
},
|
|
311
|
+
});
|
|
312
|
+
```
|
|
313
|
+
|
|
314
|
+
The tool's `ctx` exposes provider-scoped auth accessors:
|
|
315
|
+
|
|
316
|
+
- `ctx.getToken(provider, options?)` resolves an inline provider such as `connect("github/myagent")`. It uses the same cache, callback, and sign-in machinery as connection auth, scoped to that provider instead of the tool's legacy top-level `auth`.
|
|
317
|
+
- `ctx.requireAuth(provider, options?)` evicts the cached token for that inline provider and starts a fresh authorization challenge. Use it after a downstream `401` rejects a token returned by `ctx.getToken(provider)`.
|
|
318
|
+
|
|
319
|
+
Throw `ConnectionAuthorizationRequiredError` from an inline provider's `getToken` to trigger the consent flow for that provider. If a downstream request later rejects an already-resolved token, call `ctx.requireAuth(provider)` to evict and re-authorize it.
|
|
270
320
|
|
|
271
|
-
|
|
272
|
-
- `ctx.requireAuth()` throws `ConnectionAuthorizationRequiredError` to gate the tool on authorization before any token resolves. The runtime turns that into the same consent prompt.
|
|
321
|
+
Vercel Connect providers usually supply their own display name in the authorization challenge. Set `displayName` in the inline options only when you need to override what users see, for example `ctx.getToken(customAuth, { displayName: "Salesforce" })`. It is presentation-only.
|
|
273
322
|
|
|
274
|
-
|
|
323
|
+
Inline providers derive a stable tool-qualified auth key from Vercel Connect metadata when available. If you pass multiple custom providers that do not carry provider metadata, give each one an explicit auth key, for example `ctx.getToken(auth, { authKey: "github" })`. This `authKey` controls Eve's cache and callback keys; it is not an OAuth scope.
|
|
275
324
|
|
|
276
|
-
|
|
325
|
+
Older tools may still declare a top-level `auth` field and call `ctx.getToken()` or `ctx.requireAuth()` without arguments. That compatibility path is deprecated; prefer inline providers for new tools.
|
|
277
326
|
|
|
278
327
|
## What to read next
|
|
279
328
|
|
package/docs/guides/dev-tui.md
CHANGED
|
@@ -22,7 +22,7 @@ If agent discovery reported problems, an error and warning count renders between
|
|
|
22
22
|
|
|
23
23
|
The conversation streams straight into your terminal's normal scrollback, so you keep native scrolling, copy and paste, and a transcript that persists after you exit. The scrollback holds your prompts, the agent's replies, reasoning, tool calls, nested subagents, connection-authorization prompts, and any captured `stdout`, `stderr`, or sandbox lifecycle lines.
|
|
24
24
|
|
|
25
|
-
Each turn renders without boxes. A colored gutter glyph marks who is speaking, tool calls collapse to a one-line summary (`✓ get_weather city="SF" → 73°F`), and a subagent's work is indented beneath its `◆` header. When input is ready, the prompt stays bare until you type.
|
|
25
|
+
Each turn renders without boxes. A colored gutter glyph marks who is speaking, tool calls collapse to a one-line summary (`✓ get_weather city="SF" → 73°F`), and a subagent's work is indented beneath its `◆` header. When input is ready, the prompt stays bare until you type. A green circle-dot pulses while the agent is waiting to answer and disappears when reasoning or answer content begins.
|
|
26
26
|
|
|
27
27
|
A persistent line beneath the prompt or status shows the model, the session's token flow (`↑ 394.4K ↓ 4.3K`), the linked Vercel project and team (`▲ my-agent (acme)`), and a yellow `/deploy pending` marker once a channel added this session still needs `/deploy`. The Vercel segment stays hidden until the directory is linked.
|
|
28
28
|
|
|
@@ -30,7 +30,7 @@ Errors render compactly with docs links highlighted. A code bug escaping your ag
|
|
|
30
30
|
|
|
31
31
|
## Slash commands
|
|
32
32
|
|
|
33
|
-
Each command echoes as an invocation line, asks through a bordered panel that takes the input area's place (one question at a time, separate from the chat transcript), and finishes with a one-line `⎿` result. Loading states stay on the ephemeral status line instead of piling into the transcript. Setup menus render the selected option with a filled arrow and an inverse label padded by one space on each side. The label is blue normally and yellow for warning rows.
|
|
33
|
+
Each command echoes as an invocation line, asks through a bordered panel that takes the input area's place (one question at a time, separate from the chat transcript), and finishes with a one-line `⎿` result. Loading states stay on the ephemeral status line instead of piling into the transcript; model and channel setup use the same green square pulse as the build phase. Setup menus render the selected option with a filled arrow and an inverse label padded by one space on each side. Text prompts use a blinking block cursor over the character at the caret. The selected label is blue normally and yellow for warning rows.
|
|
34
34
|
|
|
35
35
|
| Command | Does |
|
|
36
36
|
| ----------- | --------------------------------------------------------------------------------------------------------------------------------- |
|
package/docs/reference/cli.md
CHANGED
|
@@ -33,9 +33,9 @@ The optional `target` decides the mode:
|
|
|
33
33
|
|
|
34
34
|
- A name (`eve init my-agent`) scaffolds a fresh project in a new `my-agent/` directory.
|
|
35
35
|
- An existing directory, including `.` for the current one (`eve init .`), adds an agent to that project. The project needs a `package.json`, the `agent/` files must not exist yet, and the missing `eve`, `ai`, and `zod` dependencies are added without touching anything else.
|
|
36
|
-
- Omitting the target scaffolds or updates the current directory, the same as `eve init .`.
|
|
36
|
+
- Omitting the target scaffolds or updates the current directory, the same as `eve init .`. The exception is a coding agent (Claude Code, Cursor, and the like): running `eve init` with no target prints a setup guide instead of scaffolding, since a bare invocation means the agent has not chosen what to build yet.
|
|
37
37
|
|
|
38
|
-
|
|
38
|
+
Both scaffold modes install dependencies. A fresh project initializes Git; an existing project keeps its repository and scripts. On an interactive human terminal, when a supported coding-agent CLI (`claude`, `codex`, `cursor-agent`, `droid`, `gemini`, `opencode`, or `pi`) is on `PATH`, `eve init` offers the available REPLs and `eve dev` (the default). Each REPL receives a project-specific prompt that guides the user through building the agent. It also explains that bare `eve dev` starts HMR and the agent's terminal REPL, while `eve dev --no-ui` is the controllable verification path. Without any of those executables, human invocations run `eve dev` through the detected project package manager. Fresh projects inherit a parent workspace manager when one is present; otherwise they use the manager that launched `eve init`. Coding-agent invocations print the same project-specific handoff, and the agent can run that command with `--no-ui` for headless verification.
|
|
39
39
|
|
|
40
40
|
| Flag | Type | Default | Description |
|
|
41
41
|
| ---------------------- | ---- | ------- | -------------------------------------------------------------------------------------------------------------------------------------- |
|
|
@@ -56,13 +56,15 @@ A few non-`define*` helpers round out the set: `disableTool` and `ExperimentalWo
|
|
|
56
56
|
|
|
57
57
|
`ctx` is passed to your tool `execute`, hook handlers, and channel event handlers. It is live only while authored code is running, so reaching for it at module top level throws. See [Session context](../guides/session-context) for the full model.
|
|
58
58
|
|
|
59
|
-
| Member
|
|
60
|
-
|
|
|
61
|
-
| `ctx.session`
|
|
62
|
-
| `ctx.getSandbox()`
|
|
63
|
-
| `ctx.getSkill(identifier)`
|
|
64
|
-
| `ctx.getToken()`
|
|
65
|
-
| `ctx.requireAuth()`
|
|
59
|
+
| Member | Use |
|
|
60
|
+
| --------------------------- | ---------------------------------------------------------------------------- |
|
|
61
|
+
| `ctx.session` | Current session, turn, auth, and optional parent lineage (read-only) |
|
|
62
|
+
| `ctx.getSandbox()` | Live sandbox handle for the current agent |
|
|
63
|
+
| `ctx.getSkill(identifier)` | Handle for a named skill visible to the current agent |
|
|
64
|
+
| `ctx.getToken(provider)` | Resolve a bearer token for an inline auth provider such as `connect("...")` |
|
|
65
|
+
| `ctx.requireAuth(provider)` | Evict and re-authorize an inline provider, commonly after a downstream `401` |
|
|
66
|
+
| `ctx.getToken()` | Deprecated compatibility path for a tool's legacy top-level `auth` |
|
|
67
|
+
| `ctx.requireAuth()` | Deprecated compatibility path for a tool's legacy top-level `auth` |
|
|
66
68
|
|
|
67
69
|
## Imports at a glance
|
|
68
70
|
|
package/package.json
CHANGED
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
Before editing the scaffold, read the relevant guide in
|
|
2
|
-
`{{projectPath}}/node_modules/eve/docs/`.
|
|
3
|
-
|
|
4
|
-
Then open `{{projectPath}}/agent/instructions.md` and replace the placeholder
|
|
5
|
-
with what the user said the agent should do (the purpose you collected). This
|
|
6
|
-
is the agent's always-on system prompt.
|
|
7
|
-
|
|
8
|
-
Do not start `eve dev` because it is interactive. Give the user this command to
|
|
9
|
-
run when they are ready:
|
|
10
|
-
|
|
11
|
-
cd {{projectPath}}
|
|
12
|
-
{{devCommand}}
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
# Set up an eve agent
|
|
2
|
-
|
|
3
|
-
Ask the user these questions one at a time. Use the coding harness's prompt
|
|
4
|
-
tools when available. Do not guess.
|
|
5
|
-
|
|
6
|
-
1. What should the agent do?
|
|
7
|
-
2. Create a new project or add the agent to an existing directory?
|
|
8
|
-
For a new project, propose a name and ask the user to confirm it. For an
|
|
9
|
-
existing project, ask for the directory.
|
|
10
|
-
3. For a new project, include Web Chat?
|
|
11
|
-
|
|
12
|
-
Then run:
|
|
13
|
-
|
|
14
|
-
{{initCommand}} <target>
|
|
15
|
-
|
|
16
|
-
Add `--channel-web-nextjs` if the user wants Web Chat.
|