eve 0.14.0 → 0.15.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +23 -0
- package/dist/src/channel/compiled-channel.js +2 -1
- package/dist/src/cli/dev/tui/runner.js +1 -1
- package/dist/src/cli/dev/tui/setup-panel.d.ts +3 -4
- package/dist/src/cli/dev/tui/setup-panel.js +2 -2
- package/dist/src/cli/dev/tui/status-line.d.ts +6 -3
- package/dist/src/cli/dev/tui/status-line.js +1 -1
- package/dist/src/cli/dev/tui/terminal-renderer.js +1 -1
- package/dist/src/cli/dev/tui/vercel-status.d.ts +2 -2
- package/dist/src/cli/dev/tui/vercel-status.js +1 -1
- package/dist/src/cli/run.d.ts +2 -2
- package/dist/src/cli/run.js +2 -2
- package/dist/src/evals/assertions/collector.d.ts +19 -6
- package/dist/src/evals/assertions/collector.js +1 -1
- package/dist/src/evals/assertions/run.d.ts +24 -17
- package/dist/src/evals/assertions/run.js +2 -2
- package/dist/src/evals/assertions/scoped.d.ts +17 -0
- package/dist/src/evals/assertions/scoped.js +1 -0
- package/dist/src/evals/cli/eval.js +1 -1
- package/dist/src/evals/context.d.ts +1 -0
- package/dist/src/evals/context.js +1 -1
- package/dist/src/evals/control-flow.d.ts +9 -0
- package/dist/src/evals/control-flow.js +1 -0
- package/dist/src/evals/define-eval.d.ts +1 -1
- package/dist/src/evals/define-eval.js +1 -1
- package/dist/src/evals/expect/index.d.ts +5 -3
- package/dist/src/evals/expect/index.js +1 -1
- package/dist/src/evals/index.d.ts +2 -2
- package/dist/src/evals/match.d.ts +50 -13
- package/dist/src/evals/match.js +1 -1
- package/dist/src/evals/runner/artifacts.js +1 -1
- package/dist/src/evals/runner/derive-run-facts.js +1 -1
- package/dist/src/evals/runner/execute-eval.js +1 -1
- package/dist/src/evals/runner/execute-task.d.ts +1 -0
- package/dist/src/evals/runner/execute-task.js +1 -1
- package/dist/src/evals/runner/reporters/braintrust.js +1 -1
- package/dist/src/evals/runner/reporters/console.js +1 -1
- package/dist/src/evals/runner/reporters/junit.js +3 -2
- package/dist/src/evals/runner/run-evals.js +1 -1
- package/dist/src/evals/runner/verdict.d.ts +1 -0
- package/dist/src/evals/runner/verdict.js +1 -1
- package/dist/src/evals/session.d.ts +9 -5
- package/dist/src/evals/session.js +1 -1
- package/dist/src/evals/types.d.ts +69 -47
- package/dist/src/execution/workflow-callback-url.d.ts +8 -0
- package/dist/src/execution/workflow-callback-url.js +1 -1
- package/dist/src/execution/workflow-entry.js +1 -1
- package/dist/src/execution/workflow-steps.js +1 -1
- package/dist/src/harness/emission.d.ts +13 -27
- package/dist/src/harness/emission.js +1 -1
- package/dist/src/harness/step-hooks.d.ts +3 -3
- package/dist/src/harness/step-hooks.js +1 -1
- package/dist/src/harness/tool-loop.js +1 -1
- package/dist/src/internal/application/compiled-artifacts.js +1 -1
- package/dist/src/internal/application/package.d.ts +12 -0
- package/dist/src/internal/application/package.js +1 -1
- package/dist/src/internal/application/paths.d.ts +6 -0
- package/dist/src/internal/application/paths.js +1 -1
- package/dist/src/internal/nitro/host/configure-nitro-routes.js +2 -2
- package/dist/src/internal/nitro/host/dev-server-state.d.ts +20 -0
- package/dist/src/internal/nitro/host/dev-server-state.js +1 -0
- package/dist/src/internal/nitro/host/start-development-server.d.ts +12 -5
- package/dist/src/internal/nitro/host/start-development-server.js +2 -2
- package/dist/src/internal/nitro/host/types.d.ts +25 -3
- package/dist/src/internal/nitro/host.d.ts +2 -2
- package/dist/src/internal/nitro/host.js +1 -1
- package/dist/src/internal/workflow/configure-world.d.ts +6 -0
- package/dist/src/internal/workflow/configure-world.js +1 -1
- package/dist/src/internal/workflow/world-compatibility.d.ts +32 -0
- package/dist/src/internal/workflow/world-compatibility.js +1 -0
- package/dist/src/protocol/message.d.ts +7 -5
- package/dist/src/runtime/actions/types.d.ts +10 -11
- package/dist/src/setup/boxes/resolve-provisioning.js +1 -1
- package/dist/src/setup/scaffold/create/project.js +1 -1
- package/dist/src/shared/eve-server-health.d.ts +5 -0
- package/dist/src/shared/eve-server-health.js +1 -0
- package/dist/src/shared/network-address.d.ts +12 -0
- package/dist/src/shared/network-address.js +1 -1
- package/dist/src/shared/result.d.ts +12 -0
- package/dist/src/shared/result.js +1 -0
- package/docs/agent-config.md +13 -3
- package/docs/concepts/execution-model-and-durability.md +1 -1
- package/docs/concepts/sessions-runs-and-streaming.md +1 -1
- package/docs/connections/overview.mdx +40 -2
- package/docs/evals/assertions.mdx +97 -39
- package/docs/evals/cases.mdx +24 -15
- package/docs/evals/judge.mdx +2 -2
- package/docs/evals/overview.mdx +7 -5
- package/docs/evals/reporters.mdx +2 -2
- package/docs/evals/running.mdx +3 -1
- package/docs/evals/targets.mdx +2 -2
- package/docs/guides/auth-and-route-protection.md +48 -1
- package/docs/guides/client/streaming.mdx +1 -1
- package/docs/guides/deployment.md +3 -2
- package/docs/guides/dev-tui.md +1 -1
- package/docs/reference/cli.md +1 -1
- package/docs/tutorial/connect-a-warehouse.mdx +2 -0
- package/package.json +1 -1
|
@@ -224,6 +224,53 @@ Route auth does not enforce session ownership. If multiple users or tenants can
|
|
|
224
224
|
|
|
225
225
|
Tool and connection auth is how your agent reaches an external service that wants an interactive sign-in, like an OAuth MCP server. Connections declare `auth` on the connection definition. Tools should resolve providers inline with `ctx.getToken(provider)` and call `ctx.requireAuth(provider)` only when a downstream service rejects a token; eve drives the sign-in, caches the token per step, and re-runs the call once the caller authorizes.
|
|
226
226
|
|
|
227
|
+
The principal for user-scoped tool and connection auth comes from route auth. `connect("...")` from `@vercel/connect/eve` defaults to `principalType: "user"`, so the active session must have `ctx.session.auth.current.principalType === "user"` before the first token lookup can start OAuth. If the session is anonymous, local-dev-only, runtime-scoped, or service-scoped, eve fails fast with `reason: "principal_required"` because there is no end-user identity to bind the OAuth grant to.
|
|
228
|
+
|
|
229
|
+
Use app-scoped auth when the external service should act as the agent itself:
|
|
230
|
+
|
|
231
|
+
```ts
|
|
232
|
+
auth: connect({ connector: "linear/myagent", principalType: "app" });
|
|
233
|
+
```
|
|
234
|
+
|
|
235
|
+
Use user-scoped auth when the external service should act as the signed-in person:
|
|
236
|
+
|
|
237
|
+
```ts
|
|
238
|
+
auth: connect("linear/myagent");
|
|
239
|
+
```
|
|
240
|
+
|
|
241
|
+
For user-scoped auth in a browser app, the route-auth entry for the eve channel should verify your app session and return a user principal:
|
|
242
|
+
|
|
243
|
+
```ts title="agent/channels/eve.ts"
|
|
244
|
+
import { eveChannel } from "eve/channels/eve";
|
|
245
|
+
import { localDev, type AuthFn } from "eve/channels/auth";
|
|
246
|
+
import { getSession } from "@/lib/auth";
|
|
247
|
+
|
|
248
|
+
function appSession(): AuthFn<Request> {
|
|
249
|
+
return async (request) => {
|
|
250
|
+
const session = await getSession(request);
|
|
251
|
+
if (!session) return null;
|
|
252
|
+
|
|
253
|
+
return {
|
|
254
|
+
authenticator: "app",
|
|
255
|
+
principalId: session.userId,
|
|
256
|
+
principalType: "user",
|
|
257
|
+
attributes: {
|
|
258
|
+
email: session.email,
|
|
259
|
+
teamId: session.teamId,
|
|
260
|
+
},
|
|
261
|
+
};
|
|
262
|
+
};
|
|
263
|
+
}
|
|
264
|
+
|
|
265
|
+
export default eveChannel({
|
|
266
|
+
auth: [appSession(), localDev()],
|
|
267
|
+
});
|
|
268
|
+
```
|
|
269
|
+
|
|
270
|
+
Keep `principalId` stable for the same person, and include an `issuer` when the same app may accept users from multiple identity providers. The connection token cache keys user credentials by issuer and principal id so two providers cannot accidentally share a grant.
|
|
271
|
+
|
|
272
|
+
Built-in platform channels that identify a human sender, such as Slack, Discord, Teams, Telegram, Twilio, Linear, and GitHub, attach a user principal for that sender by default. A Slack mention, DM, or button click can therefore authorize a user-scoped connection for the Slack user who sent it without adding a separate browser-session auth function.
|
|
273
|
+
|
|
227
274
|
### On a connection
|
|
228
275
|
|
|
229
276
|
Attach `connect()` from `@vercel/connect/eve` to the connection:
|
|
@@ -241,7 +288,7 @@ export default defineMcpClientConnection({
|
|
|
241
288
|
});
|
|
242
289
|
```
|
|
243
290
|
|
|
244
|
-
The first call that needs
|
|
291
|
+
The first call that needs a user-scoped connection kicks off an OAuth sign-in, surfaced as an authorization challenge (a URL the caller visits). [Vercel Connect](https://vercel.com/docs/connect) brokers the flow and holds the credentials, which are resolved and cached per workflow step, never serialized into history, and never shown to the model. For non-interactive connections, pass a static token or `connect({ connector, principalType: "app" })` in place of user-scoped `connect()`. [Connections](../connections) covers both shapes.
|
|
245
292
|
|
|
246
293
|
### On a single tool
|
|
247
294
|
|
|
@@ -66,7 +66,7 @@ The most common UI events are:
|
|
|
66
66
|
| `message.received` | Confirm the user message landed. |
|
|
67
67
|
| `reasoning.appended` | Render reasoning deltas when the model provides them. |
|
|
68
68
|
| `message.appended` | Render assistant text deltas. |
|
|
69
|
-
| `actions.requested` | Show tool calls
|
|
69
|
+
| `actions.requested` | Show tool calls as the model requests them, before execution. |
|
|
70
70
|
| `action.result` | Show tool call results. |
|
|
71
71
|
| `input.requested` | Pause the UI for approval or a question answer. |
|
|
72
72
|
| `result.completed` | Read structured output from an [output schema](./output-schema). |
|
|
@@ -140,7 +140,8 @@ Eve writes the standard Nitro output under `.output/` instead of Vercel Build Ou
|
|
|
140
140
|
|
|
141
141
|
Self-deployed agents should make the Vercel-specific choices explicit:
|
|
142
142
|
|
|
143
|
-
- Let the Workflow SDK use its default local world, which stores workflow state under `.workflow-data`, configure your host so that directory is on persistent storage, or select another world with `experimental.workflow.world` in the root `agent.ts`.
|
|
143
|
+
- Let the Workflow SDK use its default local world, which stores workflow state under `.workflow-data`, configure your host so that directory is on persistent storage, or select another world with `experimental.workflow.world` in the root `agent.ts`. When you select a custom world, install a world package built against the same `@workflow/*` line as your eve release (currently the `5.0.0-beta` line). The npm `latest` tag may lag, so pin the version explicitly, for example `pnpm add @workflow/world-postgres@5.0.0-beta.x`. A mismatched world (such as a `4.x` package against a `5.x` core) fails with a `ZodError: invalid_union` during run replay.
|
|
144
|
+
- If you put a reverse proxy or ingress in front of eve, forward **both** `/eve/` and `/.well-known/workflow/`. The workflow world delivers run callbacks to `/.well-known/workflow/v1/flow`; a proxy restricted to `/eve/` lets sessions start but silently stalls runs forever, because the callbacks never reach eve.
|
|
144
145
|
- Install the AI SDK package for your provider, then use a direct provider model object and `OPENAI_API_KEY` / `ANTHROPIC_API_KEY` when you want no Gateway dependency.
|
|
145
146
|
- Use `AI_GATEWAY_API_KEY` if you still want Gateway routing from a non-Vercel host.
|
|
146
147
|
- Replace `vercelOidc()` with auth that your host can verify.
|
|
@@ -148,7 +149,7 @@ Self-deployed agents should make the Vercel-specific choices explicit:
|
|
|
148
149
|
- If the agent defines schedules, the default `eve build && eve start` path starts Nitro's schedule runner, and Vercel wires schedules to Vercel Cron automatically. If you adapt the output to a custom HTTP-only host or preset, make sure it also runs Nitro scheduled tasks, or trigger the same work from your own scheduler.
|
|
149
150
|
- Treat Vercel Cron, Vercel Sandbox prewarm, Vercel Deployment Protection bypass, and the Agent Runs dashboard as Vercel-only conveniences.
|
|
150
151
|
|
|
151
|
-
The HTTP contract is unchanged: health, session creation, streaming, channels, tools, and subagents use the same routes. Any client that can reach and authenticate to those routes can talk to the agent.
|
|
152
|
+
The HTTP contract is unchanged: health, session creation, streaming, channels, tools, and subagents use the same routes under `/eve/`, and the workflow dispatch route lives under `/.well-known/workflow/`. A reverse proxy must preserve both prefixes. Any client that can reach and authenticate to those routes can talk to the agent.
|
|
152
153
|
|
|
153
154
|
## 9. Verify the deployment
|
|
154
155
|
|
package/docs/guides/dev-tui.md
CHANGED
|
@@ -24,7 +24,7 @@ The conversation streams straight into your terminal's normal scrollback, so you
|
|
|
24
24
|
|
|
25
25
|
Each turn renders without boxes. A colored gutter glyph marks who is speaking, tool calls collapse to a one-line summary (`✓ get_weather city="SF" → 73°F`), and a subagent's work is indented beneath its `◆` header. When input is ready, the prompt stays bare until you type. A green circle-dot pulses while the agent is waiting to answer and disappears when reasoning or answer content begins.
|
|
26
26
|
|
|
27
|
-
A persistent line beneath the prompt or status shows the model, the session's token flow (`↑ 394.4K ↓ 4.3K`), the linked Vercel project, and a yellow `/deploy pending` marker once a channel added this session still needs `/deploy`. The Vercel segment stays hidden until the directory is linked. Remote sessions lead with a padded `↗ project (environment)` badge, or the host when Vercel cannot resolve the deployment. The badge is gray while checking or unavailable, yellow while authentication is required or failed, and blue when connected. Remote status lines omit AI Gateway endpoint state.
|
|
27
|
+
A persistent line beneath the prompt or status shows the model, the session's token flow (`↑ 394.4K ↓ 4.3K`), the linked Vercel project, and a yellow `/deploy pending` marker once a channel added this session still needs `/deploy`. The Vercel segment stays hidden until the directory is linked. Local sessions lead with a gray `:port` badge. Remote sessions lead with a padded `↗ project (environment)` badge, or the host when Vercel cannot resolve the deployment. The badge is gray while checking or unavailable, yellow while authentication is required or failed, and blue when connected. Other status segments use `·` separators. Remote status lines omit AI Gateway endpoint state.
|
|
28
28
|
|
|
29
29
|
Errors render compactly with docs links highlighted. A code bug escaping your agent's own code shows its stack trace dim beneath the error headline. Dev-server rebuilds condense into one status row that updates in place (`tui/setup-panel.ts changed · rebuilding…`, then `· rebuilt`); only the latest rebuild shows, and paths shrink to their last two components.
|
|
30
30
|
|
package/docs/reference/cli.md
CHANGED
|
@@ -109,7 +109,7 @@ Pass a bare URL as the only argument and the UI connects to that server instead
|
|
|
109
109
|
| `--context-size <tokens>` | number | none | Model context window size, shown as a usage percentage |
|
|
110
110
|
| `--logs <mode>` | enum | `stderr` | Server/agent logs to show: `all` \| `stderr` \| `sandbox` \| `none` |
|
|
111
111
|
|
|
112
|
-
Local dev
|
|
112
|
+
Local dev records the last ready URL per resolved app root in `.eve/dev-server-state.v1.json`. A second interactive `eve dev` reconnects only when that URL is loopback and healthy; each terminal UI creates a fresh client session while sharing the server process. A stale or malformed record is replaced when eve starts a new server. Passing `--host`, `--port`, or a `PORT` environment value skips reconnection and reports a healthy recorded server instead.
|
|
113
113
|
|
|
114
114
|
Local dev keeps immutable runtime source snapshots under `.eve/dev-runtime/snapshots/` so in-flight sessions hold a consistent code revision while new prompts pick up rebuilds. On startup, `eve dev` prunes stale runtime snapshots and old local sandbox templates in the background. For manual cleanup, stop `eve dev` and delete `.eve/dev-runtime/snapshots/` or `.eve/sandbox-cache/local/templates/`.
|
|
115
115
|
|
|
@@ -26,6 +26,8 @@ export default defineMcpClientConnection({
|
|
|
26
26
|
|
|
27
27
|
`"warehouse"` is the UID you chose when registering the Connect client. By default this OAuth is user-scoped. Each end-user authorizes in their own browser, and eve resolves that user's token before every tool call.
|
|
28
28
|
|
|
29
|
+
Before testing the warehouse from a web app, make sure the eve channel route auth maps your signed-in app user to `principalType: "user"`. A Connect-backed connection can only start per-user OAuth when the active session already has an authenticated user principal. If route auth still only accepts `localDev()`, a runtime token, or a placeholder guard, the first warehouse tool call fails with `reason: "principal_required"` instead of showing the sign-in challenge.
|
|
30
|
+
|
|
29
31
|
Once Connect is enabled on your account, wire it up:
|
|
30
32
|
|
|
31
33
|
1. Install the package: `npm install @vercel/connect`.
|