experimental-ash 0.7.5 → 0.8.0

package/dist/src/internal/nitro/routes/info.js

@@ -0,0 +1,50 @@
+import { buildAgentInfoResponse } from "#internal/nitro/routes/agent-info/build-agent-info-response.js";
+import { loadAgentInfoData, resolveAgentInfoCompiledArtifactsSource, } from "#internal/nitro/routes/agent-info/load-agent-info-data.js";
+import { createUnauthorizedResponse, none, vercelOidc, } from "#public/channels/auth.js";
+/**
+ * Resolves the default auth strategy for the agent info endpoint.
+ *
+ * Mirrors {@link resolveFrameworkAshAuth} (session/stream routes): on
+ * Vercel deployments require a valid Vercel OIDC bearer (the always-on
+ * same-project bypass lets internal callers in automatically); off
+ * Vercel (`ash dev`) accept anonymous requests so local inspection
+ * tools and curl-based probes work without setup.
+ */
+function resolveAgentInfoAuth() {
+    if (process.env.VERCEL) {
+        return vercelOidc();
+    }
+    return none();
+}
+async function createAgentInfoPayload(input) {
+    const data = await loadAgentInfoData({
+        compiledArtifactsSource: resolveAgentInfoCompiledArtifactsSource({
+            appRoot: input.appRoot,
+        }),
+    });
+    return buildAgentInfoResponse(data);
+}
+/**
+ * Builds the package-owned JSON inspection response for the current
+ * agent (model id, instructions preview, skills, schedules, subagents,
+ * tools, sandbox, endpoint catalog).
+ *
+ * The route is gated by {@link resolveAgentInfoAuth} so the deployed URL
+ * does not expose agent metadata to anonymous callers. The same-project
+ * bypass on `vercelOidc()` keeps the route reachable to in-deployment
+ * callers (`apps/nextjs-ash`-style consumers) without any additional
+ * setup.
+ */
+export async function handleAgentInfoRequest(input, request) {
+    const auth = resolveAgentInfoAuth();
+    const result = await auth(request);
+    if (result === null) {
+        return createUnauthorizedResponse({ challenges: [{ scheme: "Bearer" }] });
+    }
+    return new Response(JSON.stringify(await createAgentInfoPayload(input)), {
+        headers: {
+            "cache-control": "no-store",
+            "content-type": "application/json; charset=utf-8",
+        },
+    });
+}

package/dist/src/protocol/routes.d.ts

@@ -8,9 +8,15 @@ export declare const ASH_ROUTE_PREFIX = "/ash/v1";
  */
 export declare const ASH_HEALTH_ROUTE_PATH = "/ash/v1/health";
 /**
- * Stable framework-owned route exposing home-page inspection JSON.
+ * Stable framework-owned route exposing the JSON inspection payload for
+ * the current agent (model id, instructions preview, skills, schedules,
+ * subagents, tools, sandbox, and the runtime's own endpoint catalog).
+ *
+ * Default auth on this route is `vercelOidc()` on Vercel deployments
+ * (with the same-project bypass for in-deployment callers) and `none()`
+ * off Vercel. See `routes/info.ts` for the handler.
  */
-export declare const ASH_HOME_ROUTE_PATH = "/ash/v1/home";
+export declare const ASH_INFO_ROUTE_PATH = "/ash/v1/info";
 /**
  * Stable framework-owned route for creating a new session.
  */
@@ -24,10 +30,6 @@ export declare const ASH_CONTINUE_SESSION_ROUTE_PATTERN = "/ash/v1/session/:sess
  * Stable framework-owned message stream route pattern.
  */
 export declare const ASH_MESSAGE_STREAM_ROUTE_PATTERN = "/ash/v1/session/:sessionId/stream";
-/**
- * Stable framework-owned route prefix for static home-page UI assets.
- */
-export declare const ASH_HOME_PAGE_UI_ROUTE_PREFIX = "/ash/v1/ui";
 /**
  * Stable framework-owned route pattern for receiving inbound IdP redirects
  * during in-turn interactive connection authorization.

package/dist/src/protocol/routes.js

@@ -8,9 +8,15 @@ export const ASH_ROUTE_PREFIX = "/ash/v1";
  */
 export const ASH_HEALTH_ROUTE_PATH = `${ASH_ROUTE_PREFIX}/health`;
 /**
- * Stable framework-owned route exposing home-page inspection JSON.
+ * Stable framework-owned route exposing the JSON inspection payload for
+ * the current agent (model id, instructions preview, skills, schedules,
+ * subagents, tools, sandbox, and the runtime's own endpoint catalog).
+ *
+ * Default auth on this route is `vercelOidc()` on Vercel deployments
+ * (with the same-project bypass for in-deployment callers) and `none()`
+ * off Vercel. See `routes/info.ts` for the handler.
  */
-export const ASH_HOME_ROUTE_PATH = `${ASH_ROUTE_PREFIX}/home`;
+export const ASH_INFO_ROUTE_PATH = `${ASH_ROUTE_PREFIX}/info`;
 /**
  * Stable framework-owned route for creating a new session.
  */
@@ -24,10 +30,6 @@ export const ASH_CONTINUE_SESSION_ROUTE_PATTERN = `${ASH_ROUTE_PREFIX}/session/:
  * Stable framework-owned message stream route pattern.
  */
 export const ASH_MESSAGE_STREAM_ROUTE_PATTERN = `${ASH_ROUTE_PREFIX}/session/:sessionId/stream`;
-/**
- * Stable framework-owned route prefix for static home-page UI assets.
- */
-export const ASH_HOME_PAGE_UI_ROUTE_PREFIX = `${ASH_ROUTE_PREFIX}/ui`;
 /**
  * Stable framework-owned route pattern for receiving inbound IdP redirects
  * during in-turn interactive connection authorization.

package/dist/src/public/channels/ash.js

@@ -29,12 +29,7 @@ export function ashChannel(input) {
                 if (policyRejection !== null)
                     return policyRejection;
                 const token = `ash:${crypto.randomUUID()}`;
-                const messageText = typeof body.message === "string"
-                    ? body.message
-                    : body.message
-                        ? JSON.stringify(body.message)
-                        : "";
-                const session = await send(messageText, {
+                const session = await send(body.message, {
                     auth: sessionAuth,
                     continuationToken: token,
                 });

package/dist/src/public/channels/index.d.ts

@@ -1 +1 @@
-export { defineChannel, POST, GET, PUT, DELETE, type AttachmentResolver, type Channel, type ChannelConfig, type ChannelEvents, type Session, type SessionHandle, type RouteDefinition, type RouteHandlerArgs, type SendFn, type SendOptions, type SendPayload, type GetSessionFn, } from "#public/definitions/defineChannel.js";
+export { defineChannel, POST, GET, PUT, DELETE, type Channel, type ChannelConfig, type ChannelEvents, type Session, type SessionHandle, type RouteDefinition, type RouteHandlerArgs, type SendFn, type SendOptions, type SendPayload, type GetSessionFn, } from "#public/definitions/defineChannel.js";

package/dist/src/public/channels/slack/attachments.d.ts

@@ -1,21 +1,16 @@
 import type { FilePart, UserContent } from "ai";
 import type { SlackBotToken } from "#compiled/@chat-adapter/slack/index.js";
 import type { Message } from "#compiled/chat/index.js";
-import type { AttachmentResolver } from "#channel/adapter.js";
+import type { FetchFileResult } from "#channel/adapter.js";
 import type { UploadPolicy } from "#public/channels/upload-policy.js";
-/**
- * Payload an `ash-attachment:` ref carries for Slack file uploads.
- * The Slack resolver reads `params.url` and fetches it with the bot
- * token.
- */
-export interface SlackAttachmentParams {
-    readonly url: string;
-}
 /**
  * Emits one {@link FilePart} per supported attachment in the inbound
- * message, with `data` set to an `ash-attachment:` ref URL. Audio,
- * video, url-less, and policy-violating attachments are dropped so a
- * single bad upload never blocks the text portion of the mention.
+ * message, with `data` set to a `URL` object pointing at the Slack
+ * file. Audio, video, URL-less, and policy-violating attachments are
+ * dropped so a single bad upload never blocks the text portion.
+ *
+ * The `URL` object in `data` is resolved by the channel's `fetchFile`
+ * function at staging time inside the workflow step.
  */
 export declare function collectSlackFileParts(message: Pick<Message, "attachments">, policy: UploadPolicy): FilePart[];
 /**
@@ -25,11 +20,12 @@ export declare function collectSlackFileParts(message: Pick<Message, "attachment
  */
 export declare function buildSlackTurnMessage(text: string, fileParts: readonly FilePart[]): string | UserContent;
 /**
- * Slack-channel {@link AttachmentResolver}: fetches the upstream
- * Slack file URL with the bot token and returns the bytes plus any
- * advertised media-type. Staging writes bytes to the sandbox and
- * rewrites the file part as an `ash-sandbox:` ref.
+ * Creates a `fetchFile` function for the Slack channel.
+ *
+ * Returns `null` for URLs that don't belong to Slack so they pass
+ * through to the model provider unchanged. Fetches Slack file URLs
+ * with the bot token.
  */
-export declare function createSlackAttachmentResolver(input: {
+export declare function createSlackFetchFile(input: {
     readonly botToken?: SlackBotToken;
-}): AttachmentResolver<SlackAttachmentParams>;
+}): (url: string) => Promise<FetchFileResult | null>;

package/dist/src/public/channels/slack/attachments.js

@@ -1,13 +1,14 @@
-import { AshAttachmentError } from "#internal/attachments/errors.js";
-import { encodeAttachmentRef } from "#internal/attachments/refs.js";
 import { createLogger } from "#internal/logging.js";
 import { evaluateFilePart, formatUploadPolicyViolation } from "#public/channels/upload-policy.js";
 const log = createLogger("slack.attachments");
 /**
  * Emits one {@link FilePart} per supported attachment in the inbound
- * message, with `data` set to an `ash-attachment:` ref URL. Audio,
- * video, url-less, and policy-violating attachments are dropped so a
- * single bad upload never blocks the text portion of the mention.
+ * message, with `data` set to a `URL` object pointing at the Slack
+ * file. Audio, video, URL-less, and policy-violating attachments are
+ * dropped so a single bad upload never blocks the text portion.
+ *
+ * The `URL` object in `data` is resolved by the channel's `fetchFile`
+ * function at staging time inside the workflow step.
  */
 export function collectSlackFileParts(message, policy) {
     const parts = [];
@@ -31,7 +32,7 @@ function toSlackFilePart(attachment, index) {
         return null;
     }
     if (!attachment.url) {
-        log.warn("dropped attachment — no url available for ref construction", {
+        log.warn("dropped attachment — no url available", {
             name: attachment.name,
         });
         return null;
@@ -40,10 +41,7 @@ function toSlackFilePart(attachment, index) {
         type: "file",
         mediaType: attachment.mimeType ?? "application/octet-stream",
         filename: attachment.name ?? `attachment-${index}`,
-        data: encodeAttachmentRef({
-            params: { url: attachment.url },
-            size: attachment.size,
-        }),
+        data: new URL(attachment.url),
     };
 }
 /**
@@ -62,39 +60,35 @@ export function buildSlackTurnMessage(text, fileParts) {
     const textPart = { type: "text", text };
     return [textPart, ...fileParts];
 }
-/** Materializes a {@link SlackBotToken} to a string at fetch time
- *  so callers can rotate (function-shaped credentials) or read lazily. */
 async function resolveSlackBotToken(token) {
     const source = token ?? process.env.SLACK_BOT_TOKEN;
     if (!source) {
-        throw new Error("SLACK_BOT_TOKEN is required to resolve Slack attachment refs.");
+        throw new Error("SLACK_BOT_TOKEN is required to fetch Slack files.");
     }
     return typeof source === "function" ? await source() : source;
 }
 /**
- * Slack-channel {@link AttachmentResolver}: fetches the upstream
- * Slack file URL with the bot token and returns the bytes plus any
- * advertised media-type. Staging writes bytes to the sandbox and
- * rewrites the file part as an `ash-sandbox:` ref.
+ * Creates a `fetchFile` function for the Slack channel.
+ *
+ * Returns `null` for URLs that don't belong to Slack so they pass
+ * through to the model provider unchanged. Fetches Slack file URLs
+ * with the bot token.
  */
-export function createSlackAttachmentResolver(input) {
-    return {
-        async resolve(ref) {
-            const token = await resolveSlackBotToken(input.botToken);
-            const response = await fetch(ref.params.url, {
-                headers: { authorization: `Bearer ${token}` },
-            });
-            if (!response.ok) {
-                throw new AshAttachmentError({
-                    adapterKind: "slack",
-                    kind: "fetch-failed",
-                    message: `Slack attachment fetch returned HTTP ${response.status} for ${ref.params.url}.`,
-                });
-            }
-            return {
-                bytes: Buffer.from(await response.arrayBuffer()),
-                mediaType: response.headers.get("content-type") ?? undefined,
-            };
-        },
+export function createSlackFetchFile(input) {
+    return async (url) => {
+        if (!url.startsWith("https://files.slack.com/")) {
+            return null;
+        }
+        const token = await resolveSlackBotToken(input.botToken);
+        const response = await fetch(url, {
+            headers: { authorization: `Bearer ${token}` },
+        });
+        if (!response.ok) {
+            throw new Error(`Slack file fetch returned HTTP ${response.status} for ${url}.`);
+        }
+        return {
+            bytes: Buffer.from(await response.arrayBuffer()),
+            mediaType: response.headers.get("content-type") ?? undefined,
+        };
     };
 }

package/dist/src/public/channels/slack/index.d.ts

@@ -1,5 +1,4 @@
 export { slack, type SlackOptions } from "#public/channels/slack/slack.js";
 export { slackChannel, type SlackApiHandle, type SlackApiResponse, type SlackChannelConfig, type SlackChannelEvents, type SlackChannelCredentials, type SlackChannelState, type SlackContext, type SlackInteractionAction, type SlackReceiveArgs, } from "#public/channels/slack/slackChannel.js";
-export type { SlackAttachmentParams } from "#public/channels/slack/attachments.js";
 export { Actions, Button, Card, CardText, Divider, Fields, Image, LinkButton, Modal, RadioSelect, Section, Select, SelectOption, Table, TextInput, } from "#compiled/chat/index.js";
 export type { AdapterPostableMessage, Attachment, Author, CardElement, FileUpload, Message, PostableMessage, SentMessage, Thread, } from "#compiled/chat/index.js";

package/dist/src/public/channels/slack/slackChannel.js

@@ -1,5 +1,5 @@
 import { createLogger } from "#internal/logging.js";
-import { buildSlackTurnMessage, collectSlackFileParts, createSlackAttachmentResolver, } from "#public/channels/slack/attachments.js";
+import { buildSlackTurnMessage, collectSlackFileParts, createSlackFetchFile, } from "#public/channels/slack/attachments.js";
 import { deriveHitlResponse, isHitlAction, renderInputRequestBlocks, } from "#public/channels/slack/hitl.js";
 import { mergeUploadPolicy } from "#public/channels/upload-policy.js";
 import { defineChannel, POST, } from "#public/definitions/defineChannel.js";
@@ -109,7 +109,7 @@ function defaultInputRequestedHandler() {
 }
 export function slackChannel(config = {}) {
     const uploadPolicy = mergeUploadPolicy(config.uploadPolicy);
-    const slackAttachments = createSlackAttachmentResolver({
+    const slackFetchFile = createSlackFetchFile({
         botToken: config.credentials?.botToken,
     });
     let activeSend = null;
@@ -183,7 +183,7 @@ export function slackChannel(config = {}) {
     const inputHandler = config.events?.["input.requested"] ?? defaultInputRequestedHandler();
     return defineChannel({
         state: { serializedThread: null, teamId: null },
-        attachments: slackAttachments,
+        fetchFile: slackFetchFile,
         context(state) {
             return rebuildSlackContext(state, config.credentials?.botToken);
         },

package/dist/src/public/definitions/defineChannel.d.ts

@@ -1,4 +1,4 @@
-import type { AttachmentResolver } from "#channel/adapter.js";
+import type { FetchFileResult } from "#channel/adapter.js";
 import { CHANNEL_SENTINEL } from "#channel/compiled-channel.js";
 import type { SessionAuthContext } from "#channel/types.js";
 import type { HandleMessageStreamEvent } from "#protocol/message.js";
@@ -7,7 +7,6 @@ import type { Session, SessionHandle } from "#channel/session.js";
 export type { Session, SessionHandle } from "#channel/session.js";
 export { POST, GET, PUT, DELETE } from "#channel/routes.js";
 export type { RouteDefinition, RouteHandlerArgs, SendFn, SendOptions, SendPayload, GetSessionFn, } from "#channel/routes.js";
-export type { AttachmentResolver } from "#channel/adapter.js";
 type EventData<T extends HandleMessageStreamEvent["type"]> = Extract<HandleMessageStreamEvent, {
     type: T;
 }> extends {
@@ -43,12 +42,15 @@ export interface ChannelConfig<TState = undefined, TCtx = void> {
     }): Promise<Session>;
     readonly events?: ChannelEvents<TCtx>;
     /**
-     * Resolver for `ash-attachment:` URLs this channel mints during
-     * inbound message handling. The framework's staging layer dispatches
-     * to `resolve(ref, ctx)` before each model call so the bytes can be
-     * written to the sandbox and rewritten as `ash-sandbox:` refs.
+     * Fetches bytes for a URL encountered in `FilePart.data`.
+     *
+     * Called by the staging pipeline when it encounters a `URL` object
+     * on a `FilePart` (e.g. a Slack file URL placed there by the route
+     * handler). Return `null` to let the URL pass through to the model
+     * provider unchanged. Return bytes or {@link FetchFileResult} to
+     * stage the file to the sandbox.
      */
-    readonly attachments?: AttachmentResolver;
+    readonly fetchFile?: (url: string) => Promise<Buffer | FetchFileResult | null>;
 }
 export interface Channel<TState = undefined> {
     readonly __kind: typeof CHANNEL_SENTINEL;

package/dist/src/public/definitions/defineChannel.js

@@ -1,5 +1,6 @@
 import { CHANNEL_SENTINEL } from "#channel/compiled-channel.js";
 import { defaultDeliverResult } from "#channel/adapter.js";
+import { HTTP_ADAPTER_KIND } from "#channel/http.js";
 export { POST, GET, PUT, DELETE } from "#channel/routes.js";
 export function defineChannel(config) {
     const adapter = buildAdapter(config);
@@ -14,7 +15,7 @@ export function defineChannel(config) {
 function buildAdapter(config) {
     const hasState = config.state != null;
     const hasContext = config.context != null;
-    const hasAttachments = config.attachments !== undefined;
+    const hasFetchFile = config.fetchFile !== undefined;
     const hasBehavior = hasState || hasContext;
     const eventHandlers = {};
     let hasEventHandlers = false;
@@ -42,20 +43,13 @@ function buildAdapter(config) {
             };
         }
     }
-    // When the channel carries no behavior at all, return a bare
-    // pass-through adapter with framework kind "http". This avoids the
-    // registry conflict when the adapter would otherwise reserve a
-    // framework kind with no behavior to register against it.
-    if (!hasBehavior && !hasEventHandlers && !hasAttachments) {
-        return { kind: "http" };
+    if (!hasBehavior && !hasEventHandlers && !hasFetchFile) {
+        return { kind: HTTP_ADAPTER_KIND };
     }
-    // Channels with any authored behavior use a dedicated adapter kind so
-    // the registry can rehydrate it across step boundaries without
-    // conflicting with framework-reserved kinds.
     return {
         kind: "defineChannel",
         state: hasState ? { ...config.state } : {},
-        attachments: config.attachments,
+        fetchFile: config.fetchFile,
         createAdapterContext(base) {
             const state = base.state;
             const channelCtx = hasContext ? config.context(state) : {};

package/dist/src/public/definitions/sandbox.d.ts

@@ -2,9 +2,9 @@ import type { Optional } from "#shared/optional.js";
 import type { SandboxSession } from "#shared/sandbox-session.js";
 import type { SandboxDefinition as SharedSandboxDefinition } from "#shared/sandbox-definition.js";
 export type { SandboxCommandOptions, SandboxCommandResult, SandboxReadFileOptions, SandboxSession, } from "#shared/sandbox-session.js";
-export type { SandboxNetworkPolicy, SandboxBootstrapUseOptions, SandboxSessionUseOptions, SandboxBootstrapUseFn, SandboxSessionUseFn, SandboxBootstrapContext, SandboxSessionContext, } from "#shared/sandbox-definition.js";
-export type SandboxDefinition<S extends SandboxSession = SandboxSession> = Optional<SharedSandboxDefinition<S>, "backend">;
+export type { SandboxBootstrapUseOptions, SandboxBootstrapUseFn, SandboxSessionUseFn, SandboxBootstrapContext, SandboxSessionContext, } from "#shared/sandbox-definition.js";
+export type SandboxDefinition<S extends SandboxSession = SandboxSession, O = Record<string, never>> = Optional<SharedSandboxDefinition<S, O>, "backend">;
 /**
  * Defines a sandbox configuration.
  */
-export declare function defineSandbox<S extends SandboxSession = SandboxSession>(definition: SandboxDefinition<S>): SandboxDefinition<S>;
+export declare function defineSandbox<S extends SandboxSession = SandboxSession, O = Record<string, never>>(definition: SandboxDefinition<S, O>): SandboxDefinition<S, O>;

package/dist/src/public/sandbox/backends/vercel.d.ts

@@ -1,5 +1,5 @@
 import type { SandboxBackend } from "#public/definitions/sandbox-backend.js";
-import type { VercelSandbox } from "#public/sandbox/vercel-sandbox.js";
+import type { VercelSandbox, VercelSandboxSessionUseOptions } from "#public/sandbox/vercel-sandbox.js";
 /**
  * Constructs the built-in Vercel sandbox backend.
  *
@@ -8,4 +8,4 @@ import type { VercelSandbox } from "#public/sandbox/vercel-sandbox.js";
  * timeout) lives in `onSession`'s `create()` call or
  * `VercelSandbox.update()`.
  */
-export declare function vercelBackend(): SandboxBackend<VercelSandbox>;
+export declare function vercelBackend(): SandboxBackend<VercelSandbox, VercelSandboxSessionUseOptions>;

package/dist/src/public/sandbox/index.d.ts

@@ -3,10 +3,10 @@
  * `agent/sandbox/sandbox.ts` when paired with a `workspace/` folder).
  */
 export { getSandbox } from "#context/accessors.js";
-export { defineSandbox, type SandboxBootstrapContext, type SandboxBootstrapUseFn, type SandboxBootstrapUseOptions, type SandboxCommandOptions, type SandboxCommandResult, type SandboxDefinition, type SandboxNetworkPolicy, type SandboxReadFileOptions, type SandboxSession, type SandboxSessionContext, type SandboxSessionUseFn, type SandboxSessionUseOptions, } from "#public/definitions/sandbox.js";
+export { defineSandbox, type SandboxBootstrapContext, type SandboxBootstrapUseFn, type SandboxBootstrapUseOptions, type SandboxCommandOptions, type SandboxCommandResult, type SandboxDefinition, type SandboxReadFileOptions, type SandboxSession, type SandboxSessionContext, type SandboxSessionUseFn, } from "#public/definitions/sandbox.js";
 export type { SandboxBackend, SandboxBackendCreateInput, SandboxBackendHandle, SandboxBackendPrewarmInput, SandboxBackendRuntimeContext, SandboxBackendSessionState, SandboxSeedFile, } from "#public/definitions/sandbox-backend.js";
 export { SandboxTemplateNotProvisionedError } from "#public/definitions/sandbox-backend.js";
 export { defaultBackend } from "#public/sandbox/backends/default.js";
 export { localBackend } from "#public/sandbox/backends/local.js";
 export { vercelBackend } from "#public/sandbox/backends/vercel.js";
-export type { VercelSandbox } from "#public/sandbox/vercel-sandbox.js";
+export type { VercelSandbox, VercelSandboxSessionUseOptions, } from "#public/sandbox/vercel-sandbox.js";

package/dist/src/public/sandbox/vercel-sandbox.d.ts

@@ -1,4 +1,12 @@
-import type { SandboxNetworkPolicy, SandboxSession } from "#public/definitions/sandbox.js";
+import type { SandboxUpdateParams } from "#compiled/@vercel/sandbox/index.js";
+import type { SandboxSession } from "#public/definitions/sandbox.js";
+/**
+ * Options accepted by the Vercel backend's `onSession({ use })` hook
+ * and `VercelSandbox.update()`. Aliases the Vercel SDK's
+ * `SandboxUpdateParams` so the full live-session configuration surface
+ * is available to authors.
+ */
+export type VercelSandboxSessionUseOptions = SandboxUpdateParams;
 /**
  * Ash-owned session type returned by the Vercel backend's
  * `onSession({ use })` hook. Extends the narrow
@@ -9,16 +17,9 @@ export interface VercelSandbox extends SandboxSession {
     readonly name: string;
     readonly persistent: boolean;
     readonly status: string;
-    readonly networkPolicy: SandboxNetworkPolicy | undefined;
+    readonly networkPolicy: SandboxUpdateParams["networkPolicy"];
     readonly tags: Record<string, string> | undefined;
-    update(params: {
-        networkPolicy?: SandboxNetworkPolicy;
-        resources?: {
-            vcpus?: number;
-        };
-        timeout?: number;
-        tags?: Record<string, string>;
-    }): Promise<void>;
+    update(params: VercelSandboxSessionUseOptions): Promise<void>;
     stop(opts?: {
         blocking?: boolean;
     }): Promise<void>;

package/dist/src/runtime/channels/registry.js

@@ -1,4 +1,6 @@
 import { getAdapterKind } from "#channel/adapter.js";
+import { HTTP_ADAPTER } from "#channel/http.js";
+import { SCHEDULE_ADAPTER } from "#channel/schedule.js";
 import { SUBAGENT_ADAPTER } from "#execution/subagent-adapter.js";
 import { RuntimeRegistryError } from "#internal/runtime-registry.js";
 /**
@@ -6,7 +8,11 @@ import { RuntimeRegistryError } from "#internal/runtime-registry.js";
  *
  * Framework kinds cannot be shadowed with route-authored behavior.
  */
-const FRAMEWORK_ADAPTERS = [{ kind: "http" }, SUBAGENT_ADAPTER];
+const FRAMEWORK_ADAPTERS = [
+    HTTP_ADAPTER,
+    SUBAGENT_ADAPTER,
+    SCHEDULE_ADAPTER,
+];
 /**
  * Non-event-handler fields on a {@link ChannelAdapter}. Any other
  * key on the adapter object corresponds to a stream event handler
@@ -20,7 +26,7 @@ const ADAPTER_NON_EVENT_FIELDS = new Set([
     "deliver",
     "contextProviders",
     "createAdapterContext",
-    "attachments",
+    "fetchFile",
 ]);
 /**
  * Builds the runtime-owned adapter registry from framework adapters plus any
@@ -109,7 +115,7 @@ function carriesAdapterBehavior(adapter) {
     if (adapter.deliver !== undefined) {
         return true;
     }
-    if (adapter.attachments !== undefined) {
+    if (adapter.fetchFile !== undefined) {
         return true;
     }
     if (adapter.createAdapterContext !== undefined) {

package/dist/src/runtime/resolve-channel.js

@@ -1,3 +1,4 @@
+import { HTTP_ADAPTER_KIND } from "#channel/http.js";
 import { normalizeChannelDefinition } from "#internal/authored-definition/channel.js";
 import { toErrorMessage } from "#shared/errors.js";
 import { createResolvedModuleSourceRef, loadResolvedModuleExport, ResolveAgentError, } from "#runtime/resolve-helpers.js";
@@ -30,7 +31,7 @@ export async function resolveChannelDefinition(definition, moduleMap, nodeId) {
         });
         const matchedRoute = channelDefinition.routes.find((r) => r.method.toUpperCase() === definition.method.toUpperCase() && r.path === definition.urlPath);
         const adapter = channelDefinition.adapter;
-        if (adapter && adapter.kind !== "http") {
+        if (adapter && adapter.kind !== HTTP_ADAPTER_KIND) {
             adapter.kind = `channel:${definition.name}`;
         }
         return {

package/dist/src/shared/sandbox-backend.d.ts

@@ -7,9 +7,9 @@ import type { SandboxSession } from "#shared/sandbox-session.js";
  * runtime orchestrator can persist reconnect metadata and release
  * resources.
  */
-export interface SandboxBackendHandle<S extends SandboxSession = SandboxSession> {
+export interface SandboxBackendHandle<S extends SandboxSession = SandboxSession, O = Record<string, never>> {
     readonly session: SandboxSession;
-    readonly useSessionFn: SandboxSessionUseFn<S>;
+    readonly useSessionFn: SandboxSessionUseFn<S, O>;
     captureState(): Promise<SandboxBackendSessionState>;
     dispose(): Promise<void>;
 }
@@ -97,7 +97,7 @@ export interface SandboxBackendPrewarmInput {
  * Each backend owns the full template-then-session lifecycle internally;
  * callers only need a single `create` call.
  */
-export interface SandboxBackend<S extends SandboxSession = SandboxSession> {
+export interface SandboxBackend<S extends SandboxSession = SandboxSession, O = Record<string, never>> {
     /**
      * Stable identifier for this backend implementation.
      *
@@ -113,7 +113,7 @@ export interface SandboxBackend<S extends SandboxSession = SandboxSession> {
      * {@link SandboxTemplateNotProvisionedError} when the requested
      * template is missing.
      */
-    create(input: SandboxBackendCreateInput): Promise<SandboxBackendHandle<S>>;
+    create(input: SandboxBackendCreateInput): Promise<SandboxBackendHandle<S, O>>;
     /**
      * Build-time prewarm hook. Ash invokes this for every authored
      * sandbox in the compiled graph before serving traffic so the backend

package/dist/src/shared/sandbox-definition.d.ts

@@ -1,47 +1,17 @@
 import type { SandboxSession } from "#shared/sandbox-session.js";
 import type { SandboxBackend } from "#shared/sandbox-backend.js";
-/**
- * A transform applied to network requests matching a domain rule.
- */
-export interface SandboxNetworkTransformer {
-    readonly headers?: Record<string, string>;
-}
-/**
- * A rule applied to requests matching a domain in the network policy.
- */
-export interface SandboxNetworkPolicyRule {
-    readonly transform?: SandboxNetworkTransformer[];
-}
-/**
- * Network policy to define network restrictions for the sandbox.
- *
- * - `"allow-all"`: Full internet access (default). All traffic is allowed.
- * - `"deny-all"`: No internet access. All traffic is denied.
- * - Object: Custom access with explicit allow/deny lists.
- */
-export type SandboxNetworkPolicy = "allow-all" | "deny-all" | {
-    readonly allow?: string[] | Readonly<Record<string, SandboxNetworkPolicyRule[]>>;
-};
 export interface SandboxBootstrapUseOptions {
     readonly runtime?: string;
     readonly ports?: number[];
     readonly env?: Record<string, string>;
 }
-export interface SandboxSessionUseOptions {
-    readonly networkPolicy?: SandboxNetworkPolicy;
-    readonly resources?: {
-        vcpus?: number;
-    };
-    readonly timeout?: number;
-    readonly tags?: Record<string, string>;
-}
 export type SandboxBootstrapUseFn = (options?: SandboxBootstrapUseOptions) => Promise<SandboxSession>;
-export type SandboxSessionUseFn<S extends SandboxSession = SandboxSession> = (options?: SandboxSessionUseOptions) => Promise<S>;
+export type SandboxSessionUseFn<S extends SandboxSession = SandboxSession, O = Record<string, never>> = (options?: O) => Promise<S>;
 export interface SandboxBootstrapContext {
     readonly use: SandboxBootstrapUseFn;
 }
-export interface SandboxSessionContext<S extends SandboxSession = SandboxSession> {
-    readonly use: SandboxSessionUseFn<S>;
+export interface SandboxSessionContext<S extends SandboxSession = SandboxSession, O = Record<string, never>> {
+    readonly use: SandboxSessionUseFn<S, O>;
 }
 /**
  * Public sandbox definition authored in `agent/sandbox.ts` (shorthand)
@@ -56,7 +26,7 @@ export interface SandboxSessionContext<S extends SandboxSession = SandboxSession
  * `subagents/<name>/sandbox.ts` (or the folder form) and do not inherit
  * their parent's sandbox (skill seeds differ per agent).
  */
-export interface SandboxDefinition<S extends SandboxSession = SandboxSession> {
+export interface SandboxDefinition<S extends SandboxSession = SandboxSession, O = Record<string, never>> {
     /**
      * Backend that runs this sandbox.
      *
@@ -66,7 +36,7 @@ export interface SandboxDefinition<S extends SandboxSession = SandboxSession> {
      * everywhere else. Set `backend` explicitly to pin the sandbox to a
      * specific backend regardless of environment.
      */
-    backend: SandboxBackend<S>;
+    backend: SandboxBackend<S, O>;
     bootstrap?(input: SandboxBootstrapContext): Promise<void> | void;
-    onSession?(input: SandboxSessionContext<S>): Promise<void> | void;
+    onSession?(input: SandboxSessionContext<S, O>): Promise<void> | void;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "experimental-ash",
-  "version": "0.7.5",
+  "version": "0.8.0",
   "bin": {
     "ash": "./bin/ash.js",
     "experimental-ash": "./bin/ash.js"