eve 0.12.2 → 0.12.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (85) hide show
  1. package/CHANGELOG.md +14 -0
  2. package/dist/src/cli/commands/agent-instructions.d.ts +15 -3
  3. package/dist/src/cli/commands/agent-instructions.js +3 -1
  4. package/dist/src/cli/commands/agent-prompt/build-and-verify.md +33 -0
  5. package/dist/src/cli/commands/agent-prompt/collect-intent.md +18 -0
  6. package/dist/src/cli/commands/agent-prompt/intro-handoff.md +4 -0
  7. package/dist/src/cli/commands/agent-prompt/intro-setup.md +5 -0
  8. package/dist/src/cli/commands/agent-prompt/scaffold.md +19 -0
  9. package/dist/src/cli/commands/agent-prompt/vercel-connect.md +3 -0
  10. package/dist/src/cli/commands/init-repl.d.ts +79 -0
  11. package/dist/src/cli/commands/init-repl.js +1 -0
  12. package/dist/src/cli/commands/init.d.ts +6 -0
  13. package/dist/src/cli/commands/init.js +1 -1
  14. package/dist/src/cli/dev/tui/line-editor.d.ts +2 -0
  15. package/dist/src/cli/dev/tui/line-editor.js +2 -2
  16. package/dist/src/cli/dev/tui/prompt-command-handler.js +1 -1
  17. package/dist/src/cli/dev/tui/setup-commands.d.ts +26 -7
  18. package/dist/src/cli/dev/tui/setup-commands.js +2 -2
  19. package/dist/src/cli/dev/tui/setup-flow.d.ts +5 -3
  20. package/dist/src/cli/dev/tui/setup-panel.d.ts +12 -7
  21. package/dist/src/cli/dev/tui/setup-panel.js +3 -3
  22. package/dist/src/cli/dev/tui/terminal-renderer.js +10 -10
  23. package/dist/src/cli/dev/tui/terminal-text.d.ts +11 -0
  24. package/dist/src/cli/dev/tui/terminal-text.js +1 -1
  25. package/dist/src/cli/run.d.ts +1 -0
  26. package/dist/src/cli/run.js +2 -2
  27. package/dist/src/cli/ui/live-row.js +1 -1
  28. package/dist/src/cli/ui/progress-pulse.d.ts +10 -0
  29. package/dist/src/cli/ui/progress-pulse.js +1 -0
  30. package/dist/src/discover/discover-agent.js +1 -1
  31. package/dist/src/evals/target.js +1 -1
  32. package/dist/src/execution/node-step.js +1 -1
  33. package/dist/src/execution/sandbox/bindings/just-bash-runtime.js +1 -1
  34. package/dist/src/execution/sandbox/bindings/vercel-sdk-types.d.ts +0 -1
  35. package/dist/src/execution/sandbox/bindings/vercel.js +1 -1
  36. package/dist/src/execution/sandbox/multiplexed-command.d.ts +22 -0
  37. package/dist/src/execution/sandbox/multiplexed-command.js +1 -0
  38. package/dist/src/execution/tool-auth.d.ts +13 -3
  39. package/dist/src/execution/tool-auth.js +1 -1
  40. package/dist/src/execution/workflow-steps.js +1 -1
  41. package/dist/src/harness/tool-loop.js +1 -1
  42. package/dist/src/internal/application/package.js +1 -1
  43. package/dist/src/internal/authored-module-loader.js +2 -2
  44. package/dist/src/internal/nitro/dev-runtime-artifacts.js +1 -1
  45. package/dist/src/public/channels/slack/connections.d.ts +16 -18
  46. package/dist/src/public/channels/slack/defaults.d.ts +1 -1
  47. package/dist/src/public/channels/slack/defaults.js +1 -1
  48. package/dist/src/public/channels/slack/slackChannel.d.ts +6 -7
  49. package/dist/src/public/definitions/tool.d.ts +64 -20
  50. package/dist/src/public/tools/index.d.ts +1 -1
  51. package/dist/src/runtime/connections/scoped-authorization.js +1 -1
  52. package/dist/src/runtime/connections/validate-authorization.js +1 -1
  53. package/dist/src/runtime/framework-tools/connection-search-dynamic.js +1 -1
  54. package/dist/src/setup/ai-gateway-api-key.d.ts +15 -0
  55. package/dist/src/setup/ai-gateway-api-key.js +1 -0
  56. package/dist/src/setup/boxes/apply-ai-gateway-credential.js +1 -1
  57. package/dist/src/setup/boxes/detect-ai-gateway.js +2 -2
  58. package/dist/src/setup/boxes/resolve-provisioning.js +1 -1
  59. package/dist/src/setup/flows/channels.js +1 -1
  60. package/dist/src/setup/flows/deploy.js +1 -1
  61. package/dist/src/setup/flows/install-vercel-cli.js +1 -1
  62. package/dist/src/setup/flows/link.d.ts +2 -1
  63. package/dist/src/setup/flows/link.js +1 -1
  64. package/dist/src/setup/flows/login.js +1 -1
  65. package/dist/src/setup/flows/model.d.ts +3 -2
  66. package/dist/src/setup/flows/model.js +1 -1
  67. package/dist/src/setup/flows/vercel.js +2 -2
  68. package/dist/src/setup/scaffold/create/add-to-project.js +1 -1
  69. package/dist/src/setup/scaffold/create/project.js +1 -1
  70. package/dist/src/setup/vercel-project.d.ts +2 -6
  71. package/dist/src/setup/vercel-project.js +1 -1
  72. package/dist/src/setup/with-spinner.d.ts +3 -0
  73. package/dist/src/setup/with-spinner.js +1 -0
  74. package/dist/src/shared/package-name.d.ts +4 -0
  75. package/dist/src/shared/package-name.js +1 -0
  76. package/docs/channels/slack.mdx +1 -1
  77. package/docs/connections.mdx +9 -6
  78. package/docs/getting-started.mdx +8 -3
  79. package/docs/guides/auth-and-route-protection.md +59 -10
  80. package/docs/guides/dev-tui.md +2 -2
  81. package/docs/reference/cli.md +2 -2
  82. package/docs/reference/typescript-api.md +9 -7
  83. package/package.json +1 -1
  84. package/dist/src/cli/commands/init-agent-handoff.md +0 -12
  85. package/dist/src/cli/commands/init-agent-instructions.md +0 -16
@@ -222,7 +222,7 @@ Route auth does not enforce session ownership. If multiple users or tenants can
222
222
 
223
223
  ## Tool and connection auth
224
224
 
225
- Tool and connection auth is how your agent reaches an external service that wants an interactive sign-in, like an OAuth MCP server. Both a connection and an individual tool can declare an `auth` strategy; eve drives the sign-in, caches the token per step, and re-runs the call once the caller authorizes.
225
+ Tool and connection auth is how your agent reaches an external service that wants an interactive sign-in, like an OAuth MCP server. Connections declare `auth` on the connection definition. Tools should resolve providers inline with `ctx.getToken(provider)` and call `ctx.requireAuth(provider)` only when a downstream service rejects a token; eve drives the sign-in, caches the token per step, and re-runs the call once the caller authorizes.
226
226
 
227
227
  ### On a connection
228
228
 
@@ -236,7 +236,7 @@ import { once } from "eve/tools/approval";
236
236
  export default defineMcpClientConnection({
237
237
  url: "https://mcp.linear.app/mcp",
238
238
  description: "Linear: project management, issue tracking, and team workflows.",
239
- auth: connect("oauth/linear"),
239
+ auth: connect("linear/myagent"),
240
240
  approval: once(),
241
241
  });
242
242
  ```
@@ -245,19 +245,20 @@ The first call that needs the connection kicks off an OAuth sign-in, surfaced as
245
245
 
246
246
  ### On a single tool
247
247
 
248
- When one tool calls a service behind OAuth, it can declare its own `auth` and skip the separate connection. `auth` takes the same shapes: `connect("...")` for Vercel Connect-backed OAuth, a custom interactive definition, or a plain `{ getToken }` for static credentials.
248
+ When one tool calls a service behind OAuth, keep the auth provider at the call site and skip the separate connection. Providers take the same shapes as connection `auth`: `connect("...")` for Vercel Connect-backed OAuth, a custom interactive definition, or a plain `{ getToken }` for static credentials.
249
249
 
250
250
  ```ts title="agent/tools/list_okta_groups.ts"
251
251
  import { defineTool } from "eve/tools";
252
252
  import { connect } from "@vercel/connect/eve";
253
253
  import { z } from "zod";
254
254
 
255
+ const oktaAuth = connect("okta/myagent");
256
+
255
257
  export default defineTool({
256
258
  description: "List the caller's Okta groups.",
257
259
  inputSchema: z.object({}),
258
- auth: connect("okta"),
259
260
  async execute(_input, ctx) {
260
- const { token } = await ctx.getToken();
261
+ const { token } = await ctx.getToken(oktaAuth);
261
262
  const res = await fetch("https://api.okta-proxy.internal/groups", {
262
263
  headers: { authorization: `Bearer ${token}` },
263
264
  });
@@ -266,14 +267,62 @@ export default defineTool({
266
267
  });
267
268
  ```
268
269
 
269
- Declaring `auth` adds two accessors to the tool's `ctx`:
270
+ This same inline shape naturally handles tools that need more than one credential:
271
+
272
+ ```ts title="agent/tools/sync_ticket.ts"
273
+ import { connect } from "@vercel/connect/eve";
274
+ import { defineTool } from "eve/tools";
275
+ import { z } from "zod";
276
+
277
+ const githubAuth = connect("github/myagent");
278
+ const linearAuth = connect("linear/myagent");
279
+
280
+ export default defineTool({
281
+ description: "Sync GitHub context into Linear.",
282
+ inputSchema: z.object({ issueId: z.string() }),
283
+ async execute({ issueId }, ctx) {
284
+ const { token: githubToken } = await ctx.getToken(githubAuth);
285
+ const { token: linearToken } = await ctx.getToken(linearAuth);
286
+
287
+ const repo = await fetch("https://api.github.com/user/repos", {
288
+ headers: { authorization: `Bearer ${githubToken}` },
289
+ });
290
+ if (repo.status === 401) ctx.requireAuth(githubAuth);
291
+
292
+ return updateLinearIssue(issueId, linearToken, await repo.json());
293
+ },
294
+ });
295
+ ```
296
+
297
+ Configure provider-specific OAuth targeting on the provider itself. For Vercel Connect, pass `tokenParams` to `connect(...)` when you need explicit OAuth scopes, resource indicators, or rich authorization requests:
298
+
299
+ ```ts
300
+ const githubAuth = connect({
301
+ connector: "github/myagent",
302
+ tokenParams: {
303
+ authorizationDetails: [
304
+ {
305
+ type: "github_app_installation",
306
+ org: "acme",
307
+ repositories: ["agent-runtime"],
308
+ },
309
+ ],
310
+ },
311
+ });
312
+ ```
313
+
314
+ The tool's `ctx` exposes provider-scoped auth accessors:
315
+
316
+ - `ctx.getToken(provider, options?)` resolves an inline provider such as `connect("github/myagent")`. It uses the same cache, callback, and sign-in machinery as connection auth, scoped to that provider instead of the tool's legacy top-level `auth`.
317
+ - `ctx.requireAuth(provider, options?)` evicts the cached token for that inline provider and starts a fresh authorization challenge. Use it after a downstream `401` rejects a token returned by `ctx.getToken(provider)`.
318
+
319
+ Throw `ConnectionAuthorizationRequiredError` from an inline provider's `getToken` to trigger the consent flow for that provider. If a downstream request later rejects an already-resolved token, call `ctx.requireAuth(provider)` to evict and re-authorize it.
270
320
 
271
- - `ctx.getToken()` resolves the bearer for the declared strategy, checking the per-step token cache first. With an interactive strategy, a cache miss suspends the turn on a framework-owned callback URL, shows a "Sign in" affordance, and re-runs the tool once the OAuth callback completes.
272
- - `ctx.requireAuth()` throws `ConnectionAuthorizationRequiredError` to gate the tool on authorization before any token resolves. The runtime turns that into the same consent prompt.
321
+ Vercel Connect providers usually supply their own display name in the authorization challenge. Set `displayName` in the inline options only when you need to override what users see, for example `ctx.getToken(customAuth, { displayName: "Salesforce" })`. It is presentation-only.
273
322
 
274
- Throw `ConnectionAuthorizationRequiredError` anywhere in `execute` (directly, via `requireAuth()`, or implicitly from `getToken()`) and you trigger the consent flow, keyed by the tool's name. Calling either accessor on a tool that does not declare `auth` throws.
323
+ Inline providers derive a stable tool-qualified auth key from Vercel Connect metadata when available. If you pass multiple custom providers that do not carry provider metadata, give each one an explicit auth key, for example `ctx.getToken(auth, { authKey: "github" })`. This `authKey` controls Eve's cache and callback keys; it is not an OAuth scope.
275
324
 
276
- By default the sign-in affordance title-cases the tool's path-derived name, so a tool file named `sfdc_lookup.ts` renders "Sign in with Sfdc_lookup". Set `displayName` on the `auth` definition to control what users see instead, for example `auth: { ...connect("sfdc"), displayName: "Salesforce" }`. It is presentation-only. The tool's name still keys the authorization scope, token cache, and callback URL, and a definition-level `displayName` wins over one the strategy stamps on the challenge.
325
+ Older tools may still declare a top-level `auth` field and call `ctx.getToken()` or `ctx.requireAuth()` without arguments. That compatibility path is deprecated; prefer inline providers for new tools.
277
326
 
278
327
  ## What to read next
279
328
 
@@ -22,7 +22,7 @@ If agent discovery reported problems, an error and warning count renders between
22
22
 
23
23
  The conversation streams straight into your terminal's normal scrollback, so you keep native scrolling, copy and paste, and a transcript that persists after you exit. The scrollback holds your prompts, the agent's replies, reasoning, tool calls, nested subagents, connection-authorization prompts, and any captured `stdout`, `stderr`, or sandbox lifecycle lines.
24
24
 
25
- Each turn renders without boxes. A colored gutter glyph marks who is speaking, tool calls collapse to a one-line summary (`✓ get_weather city="SF" → 73°F`), and a subagent's work is indented beneath its `◆` header. When input is ready, the prompt stays bare until you type. While a turn or setup action owns the terminal, only its live status shows.
25
+ Each turn renders without boxes. A colored gutter glyph marks who is speaking, tool calls collapse to a one-line summary (`✓ get_weather city="SF" → 73°F`), and a subagent's work is indented beneath its `◆` header. When input is ready, the prompt stays bare until you type. A green circle-dot pulses while the agent is waiting to answer and disappears when reasoning or answer content begins.
26
26
 
27
27
  A persistent line beneath the prompt or status shows the model, the session's token flow (`↑ 394.4K ↓ 4.3K`), the linked Vercel project and team (`▲ my-agent (acme)`), and a yellow `/deploy pending` marker once a channel added this session still needs `/deploy`. The Vercel segment stays hidden until the directory is linked.
28
28
 
@@ -30,7 +30,7 @@ Errors render compactly with docs links highlighted. A code bug escaping your ag
30
30
 
31
31
  ## Slash commands
32
32
 
33
- Each command echoes as an invocation line, asks through a bordered panel that takes the input area's place (one question at a time, separate from the chat transcript), and finishes with a one-line `⎿` result. Loading states stay on the ephemeral status line instead of piling into the transcript. Setup menus render the selected option with a filled arrow and an inverse label padded by one space on each side. The label is blue normally and yellow for warning rows.
33
+ Each command echoes as an invocation line, asks through a bordered panel that takes the input area's place (one question at a time, separate from the chat transcript), and finishes with a one-line `⎿` result. Loading states stay on the ephemeral status line instead of piling into the transcript; model and channel setup use the same green square pulse as the build phase. Setup menus render the selected option with a filled arrow and an inverse label padded by one space on each side. Text prompts use a blinking block cursor over the character at the caret. The selected label is blue normally and yellow for warning rows.
34
34
 
35
35
  | Command | Does |
36
36
  | ----------- | --------------------------------------------------------------------------------------------------------------------------------- |
@@ -33,9 +33,9 @@ The optional `target` decides the mode:
33
33
 
34
34
  - A name (`eve init my-agent`) scaffolds a fresh project in a new `my-agent/` directory.
35
35
  - An existing directory, including `.` for the current one (`eve init .`), adds an agent to that project. The project needs a `package.json`, the `agent/` files must not exist yet, and the missing `eve`, `ai`, and `zod` dependencies are added without touching anything else.
36
- - Omitting the target scaffolds or updates the current directory, the same as `eve init .`.
36
+ - Omitting the target scaffolds or updates the current directory, the same as `eve init .`. The exception is a coding agent (Claude Code, Cursor, and the like): running `eve init` with no target prints a setup guide instead of scaffolding, since a bare invocation means the agent has not chosen what to build yet.
37
37
 
38
- Either mode installs dependencies, initializes Git, and runs `eve dev` through the detected project package manager. Fresh projects inherit a parent workspace manager when one is present; otherwise they use the manager that launched `eve init`.
38
+ Both scaffold modes install dependencies. A fresh project initializes Git; an existing project keeps its repository and scripts. On an interactive human terminal, when a supported coding-agent CLI (`claude`, `codex`, `cursor-agent`, `droid`, `gemini`, `opencode`, or `pi`) is on `PATH`, `eve init` offers the available REPLs and `eve dev` (the default). Each REPL receives a project-specific prompt that guides the user through building the agent. It also explains that bare `eve dev` starts HMR and the agent's terminal REPL, while `eve dev --no-ui` is the controllable verification path. Without any of those executables, human invocations run `eve dev` through the detected project package manager. Fresh projects inherit a parent workspace manager when one is present; otherwise they use the manager that launched `eve init`. Coding-agent invocations print the same project-specific handoff, and the agent can run that command with `--no-ui` for headless verification.
39
39
 
40
40
  | Flag | Type | Default | Description |
41
41
  | ---------------------- | ---- | ------- | -------------------------------------------------------------------------------------------------------------------------------------- |
@@ -56,13 +56,15 @@ A few non-`define*` helpers round out the set: `disableTool` and `ExperimentalWo
56
56
 
57
57
  `ctx` is passed to your tool `execute`, hook handlers, and channel event handlers. It is live only while authored code is running, so reaching for it at module top level throws. See [Session context](../guides/session-context) for the full model.
58
58
 
59
- | Member | Use |
60
- | -------------------------- | ----------------------------------------------------------------------------- |
61
- | `ctx.session` | Current session, turn, auth, and optional parent lineage (read-only) |
62
- | `ctx.getSandbox()` | Live sandbox handle for the current agent |
63
- | `ctx.getSkill(identifier)` | Handle for a named skill visible to the current agent |
64
- | `ctx.getToken()` | Resolve the bearer token for a tool's declared `auth` (throws without `auth`) |
65
- | `ctx.requireAuth()` | Force the tool's authorization flow before proceeding |
59
+ | Member | Use |
60
+ | --------------------------- | ---------------------------------------------------------------------------- |
61
+ | `ctx.session` | Current session, turn, auth, and optional parent lineage (read-only) |
62
+ | `ctx.getSandbox()` | Live sandbox handle for the current agent |
63
+ | `ctx.getSkill(identifier)` | Handle for a named skill visible to the current agent |
64
+ | `ctx.getToken(provider)` | Resolve a bearer token for an inline auth provider such as `connect("...")` |
65
+ | `ctx.requireAuth(provider)` | Evict and re-authorize an inline provider, commonly after a downstream `401` |
66
+ | `ctx.getToken()` | Deprecated compatibility path for a tool's legacy top-level `auth` |
67
+ | `ctx.requireAuth()` | Deprecated compatibility path for a tool's legacy top-level `auth` |
66
68
 
67
69
  ## Imports at a glance
68
70
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "eve",
3
- "version": "0.12.2",
3
+ "version": "0.12.3",
4
4
  "private": false,
5
5
  "description": "Filesystem-first framework for durable backend AI agents that run anywhere.",
6
6
  "keywords": [
@@ -1,12 +0,0 @@
1
- Before editing the scaffold, read the relevant guide in
2
- `{{projectPath}}/node_modules/eve/docs/`.
3
-
4
- Then open `{{projectPath}}/agent/instructions.md` and replace the placeholder
5
- with what the user said the agent should do (the purpose you collected). This
6
- is the agent's always-on system prompt.
7
-
8
- Do not start `eve dev` because it is interactive. Give the user this command to
9
- run when they are ready:
10
-
11
- cd {{projectPath}}
12
- {{devCommand}}
@@ -1,16 +0,0 @@
1
- # Set up an eve agent
2
-
3
- Ask the user these questions one at a time. Use the coding harness's prompt
4
- tools when available. Do not guess.
5
-
6
- 1. What should the agent do?
7
- 2. Create a new project or add the agent to an existing directory?
8
- For a new project, propose a name and ask the user to confirm it. For an
9
- existing project, ask for the directory.
10
- 3. For a new project, include Web Chat?
11
-
12
- Then run:
13
-
14
- {{initCommand}} <target>
15
-
16
- Add `--channel-web-nextjs` if the user wants Web Chat.