langsmith 0.7.10 → 0.7.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (97) hide show
  1. package/README.md +46 -15
  2. package/dist/_openapi_client/client.cjs +0 -88
  3. package/dist/_openapi_client/client.d.ts +0 -33
  4. package/dist/_openapi_client/client.js +0 -88
  5. package/dist/_openapi_client/resources/datasets/datasets.d.ts +52 -4
  6. package/dist/_openapi_client/resources/datasets/runs.d.ts +1 -2
  7. package/dist/_openapi_client/resources/index.cjs +1 -23
  8. package/dist/_openapi_client/resources/index.d.ts +0 -11
  9. package/dist/_openapi_client/resources/index.js +0 -11
  10. package/dist/anonymizer/index.cjs +142 -0
  11. package/dist/anonymizer/index.d.ts +45 -0
  12. package/dist/anonymizer/index.js +140 -0
  13. package/dist/client.cjs +26 -1
  14. package/dist/client.d.ts +4 -1
  15. package/dist/client.js +25 -1
  16. package/dist/index.cjs +1 -1
  17. package/dist/index.d.ts +1 -1
  18. package/dist/index.js +1 -1
  19. package/dist/sandbox/client.cjs +5 -8
  20. package/dist/sandbox/client.js +5 -8
  21. package/dist/sandbox/index.cjs +2 -1
  22. package/dist/sandbox/index.d.ts +2 -2
  23. package/dist/sandbox/index.js +1 -1
  24. package/dist/sandbox/mounts.cjs +157 -18
  25. package/dist/sandbox/mounts.d.ts +10 -2
  26. package/dist/sandbox/mounts.js +155 -18
  27. package/dist/sandbox/proxy_config.cjs +19 -44
  28. package/dist/sandbox/proxy_config.d.ts +2 -4
  29. package/dist/sandbox/proxy_config.js +19 -43
  30. package/dist/sandbox/types.d.ts +56 -15
  31. package/dist/utils/constants.cjs +4 -0
  32. package/dist/utils/constants.d.ts +1 -0
  33. package/dist/utils/constants.js +1 -0
  34. package/package.json +1 -1
  35. package/dist/_openapi_client/resources/annotation-queues/annotation-queues.cjs +0 -138
  36. package/dist/_openapi_client/resources/annotation-queues/annotation-queues.d.ts +0 -367
  37. package/dist/_openapi_client/resources/annotation-queues/annotation-queues.js +0 -101
  38. package/dist/_openapi_client/resources/annotation-queues/runs.cjs +0 -46
  39. package/dist/_openapi_client/resources/annotation-queues/runs.d.ts +0 -128
  40. package/dist/_openapi_client/resources/annotation-queues/runs.js +0 -42
  41. package/dist/_openapi_client/resources/commits.cjs +0 -44
  42. package/dist/_openapi_client/resources/commits.d.ts +0 -204
  43. package/dist/_openapi_client/resources/commits.js +0 -40
  44. package/dist/_openapi_client/resources/evaluators.cjs +0 -15
  45. package/dist/_openapi_client/resources/evaluators.d.ts +0 -125
  46. package/dist/_openapi_client/resources/evaluators.js +0 -11
  47. package/dist/_openapi_client/resources/examples/bulk.cjs +0 -24
  48. package/dist/_openapi_client/resources/examples/bulk.d.ts +0 -78
  49. package/dist/_openapi_client/resources/examples/bulk.js +0 -20
  50. package/dist/_openapi_client/resources/examples/examples.cjs +0 -124
  51. package/dist/_openapi_client/resources/examples/examples.d.ts +0 -182
  52. package/dist/_openapi_client/resources/examples/examples.js +0 -87
  53. package/dist/_openapi_client/resources/examples/validate.cjs +0 -21
  54. package/dist/_openapi_client/resources/examples/validate.d.ts +0 -38
  55. package/dist/_openapi_client/resources/examples/validate.js +0 -17
  56. package/dist/_openapi_client/resources/feedback/configs.cjs +0 -24
  57. package/dist/_openapi_client/resources/feedback/configs.d.ts +0 -18
  58. package/dist/_openapi_client/resources/feedback/configs.js +0 -20
  59. package/dist/_openapi_client/resources/feedback/feedback.cjs +0 -98
  60. package/dist/_openapi_client/resources/feedback/feedback.d.ts +0 -275
  61. package/dist/_openapi_client/resources/feedback/feedback.js +0 -61
  62. package/dist/_openapi_client/resources/feedback/tokens.cjs +0 -35
  63. package/dist/_openapi_client/resources/feedback/tokens.d.ts +0 -130
  64. package/dist/_openapi_client/resources/feedback/tokens.js +0 -31
  65. package/dist/_openapi_client/resources/public/datasets.cjs +0 -47
  66. package/dist/_openapi_client/resources/public/datasets.d.ts +0 -152
  67. package/dist/_openapi_client/resources/public/datasets.js +0 -43
  68. package/dist/_openapi_client/resources/public/public.cjs +0 -62
  69. package/dist/_openapi_client/resources/public/public.d.ts +0 -32
  70. package/dist/_openapi_client/resources/public/public.js +0 -25
  71. package/dist/_openapi_client/resources/repos/directories.cjs +0 -40
  72. package/dist/_openapi_client/resources/repos/directories.d.ts +0 -72
  73. package/dist/_openapi_client/resources/repos/directories.js +0 -36
  74. package/dist/_openapi_client/resources/repos/repos.cjs +0 -93
  75. package/dist/_openapi_client/resources/repos/repos.d.ts +0 -188
  76. package/dist/_openapi_client/resources/repos/repos.js +0 -56
  77. package/dist/_openapi_client/resources/runs/rules.cjs +0 -9
  78. package/dist/_openapi_client/resources/runs/rules.d.ts +0 -3
  79. package/dist/_openapi_client/resources/runs/rules.js +0 -5
  80. package/dist/_openapi_client/resources/runs/runs.cjs +0 -102
  81. package/dist/_openapi_client/resources/runs/runs.d.ts +0 -542
  82. package/dist/_openapi_client/resources/runs/runs.js +0 -65
  83. package/dist/_openapi_client/resources/sandboxes/boxes.cjs +0 -86
  84. package/dist/_openapi_client/resources/sandboxes/boxes.d.ts +0 -1121
  85. package/dist/_openapi_client/resources/sandboxes/boxes.js +0 -82
  86. package/dist/_openapi_client/resources/sandboxes/sandboxes.cjs +0 -63
  87. package/dist/_openapi_client/resources/sandboxes/sandboxes.d.ts +0 -13
  88. package/dist/_openapi_client/resources/sandboxes/sandboxes.js +0 -26
  89. package/dist/_openapi_client/resources/sandboxes/snapshots.cjs +0 -39
  90. package/dist/_openapi_client/resources/sandboxes/snapshots.d.ts +0 -130
  91. package/dist/_openapi_client/resources/sandboxes/snapshots.js +0 -35
  92. package/dist/_openapi_client/resources/settings.cjs +0 -15
  93. package/dist/_openapi_client/resources/settings.d.ts +0 -18
  94. package/dist/_openapi_client/resources/settings.js +0 -11
  95. package/dist/_openapi_client/resources/workspaces.cjs +0 -35
  96. package/dist/_openapi_client/resources/workspaces.d.ts +0 -84
  97. package/dist/_openapi_client/resources/workspaces.js +0 -31
@@ -1,6 +1,8 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.DEFAULT_SECRET_RULES = exports.SECRET_PLACEHOLDER = void 0;
3
4
  exports.createAnonymizer = createAnonymizer;
5
+ exports.createSecretAnonymizer = createSecretAnonymizer;
4
6
  function extractStringNodes(data, options) {
5
7
  const parsedOptions = { ...options, maxDepth: options.maxDepth ?? 10 };
6
8
  const queue = [[data, 0, "", null, ""]];
@@ -125,3 +127,143 @@ function createAnonymizer(replacer, options) {
125
127
  return mutateValue;
126
128
  };
127
129
  }
130
+ /**
131
+ * Replacement token written in place of detected secrets by
132
+ * {@link DEFAULT_SECRET_RULES} / {@link createSecretAnonymizer}.
133
+ */
134
+ exports.SECRET_PLACEHOLDER = "[SECRET_DETECTED]";
135
+ /**
136
+ * A curated, high-precision rule set for detecting common credentials in
137
+ * traced data (prompts, tool inputs/outputs, file contents, shell commands).
138
+ *
139
+ * Designed to favor *low false positives* over exhaustive coverage:
140
+ * - Provider rules are anchored to well-known key prefixes.
141
+ * - Structural rules only fire when a sensitive *name* (api_key, token,
142
+ * password, …) is paired with an assignment/separator, so ordinary code,
143
+ * UUIDs, and hashes are left intact.
144
+ *
145
+ * This is NOT a port of gitleaks/secretlint; pattern shapes are drawn from
146
+ * those projects (and provider docs) as a reference only. Every rule sets an
147
+ * explicit `replace` because {@link createAnonymizer}'s default is
148
+ * `[redacted]`, whereas the shared token here is {@link SECRET_PLACEHOLDER}.
149
+ *
150
+ * Patterns are written to port 1:1 to the Python SDK preset (no lookbehind).
151
+ */
152
+ exports.DEFAULT_SECRET_RULES = [
153
+ // ── Provider API keys (prefix-anchored) ─────────────────────────────────
154
+ // Anthropic
155
+ { pattern: /sk-ant-[A-Za-z0-9_-]{20,}/g, replace: exports.SECRET_PLACEHOLDER },
156
+ // OpenAI: project / service-account / admin keys, then legacy `sk-...`
157
+ {
158
+ pattern: /sk-(?:proj|svcacct|admin)-[A-Za-z0-9_-]{20,}/g,
159
+ replace: exports.SECRET_PLACEHOLDER,
160
+ },
161
+ { pattern: /sk-[A-Za-z0-9]{32,}/g, replace: exports.SECRET_PLACEHOLDER },
162
+ // LangSmith (keys are multi-segment: lsv2_pt_<key>_<tail> — match the
163
+ // full underscore-delimited tail so none of it leaks past the placeholder)
164
+ {
165
+ pattern: /lsv2_(?:pt|sk)_[A-Za-z0-9]{32,}(?:_[A-Za-z0-9]+)*/g,
166
+ replace: exports.SECRET_PLACEHOLDER,
167
+ },
168
+ { pattern: /ls__[A-Za-z0-9]{16,}/g, replace: exports.SECRET_PLACEHOLDER },
169
+ // GitHub personal access / app tokens
170
+ { pattern: /gh[pousr]_[A-Za-z0-9]{36,}/g, replace: exports.SECRET_PLACEHOLDER },
171
+ { pattern: /github_pat_[A-Za-z0-9_]{82}/g, replace: exports.SECRET_PLACEHOLDER },
172
+ // GitLab personal access token
173
+ { pattern: /glpat-[A-Za-z0-9_-]{20,}/g, replace: exports.SECRET_PLACEHOLDER },
174
+ // AWS access key id (covers AKIA/ASIA/ABIA/ACCA/A3T* prefixes)
175
+ {
176
+ pattern: /\b(?:AKIA|ASIA|ABIA|ACCA|A3T[A-Z0-9])[0-9A-Z]{16}\b/g,
177
+ replace: exports.SECRET_PLACEHOLDER,
178
+ },
179
+ // Google API key + OAuth access token
180
+ { pattern: /AIza[0-9A-Za-z_-]{35}/g, replace: exports.SECRET_PLACEHOLDER },
181
+ { pattern: /ya29\.[0-9A-Za-z_-]+/g, replace: exports.SECRET_PLACEHOLDER },
182
+ // Slack tokens (bot/user + app-level) + incoming webhooks
183
+ { pattern: /xox[baprs]-[A-Za-z0-9-]{10,}/g, replace: exports.SECRET_PLACEHOLDER },
184
+ { pattern: /xapp-\d-[A-Za-z0-9-]{10,}/g, replace: exports.SECRET_PLACEHOLDER },
185
+ {
186
+ pattern: /https:\/\/hooks\.slack\.com\/services\/[A-Za-z0-9/]+/g,
187
+ replace: exports.SECRET_PLACEHOLDER,
188
+ },
189
+ // Stripe
190
+ {
191
+ pattern: /\b(?:sk|rk)_(?:live|test)_[A-Za-z0-9]{20,}\b/g,
192
+ replace: exports.SECRET_PLACEHOLDER,
193
+ },
194
+ // npm
195
+ { pattern: /npm_[A-Za-z0-9]{36}/g, replace: exports.SECRET_PLACEHOLDER },
196
+ // PyPI upload token
197
+ {
198
+ pattern: /pypi-AgEIcHlwaS[A-Za-z0-9_-]{50,}/g,
199
+ replace: exports.SECRET_PLACEHOLDER,
200
+ },
201
+ // SendGrid
202
+ {
203
+ pattern: /SG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}/g,
204
+ replace: exports.SECRET_PLACEHOLDER,
205
+ },
206
+ // ── Structured tokens ────────────────────────────────────────────────────
207
+ // JWT (header.payload.signature)
208
+ {
209
+ pattern: /eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g,
210
+ replace: exports.SECRET_PLACEHOLDER,
211
+ },
212
+ // PEM private key blocks (RSA/EC/OPENSSH/DSA/plain + PGP "...KEY BLOCK")
213
+ {
214
+ pattern: /-----BEGIN (?:[A-Z0-9 ]+ )?PRIVATE KEY(?: BLOCK)?-----[\s\S]+?-----END (?:[A-Z0-9 ]+ )?PRIVATE KEY(?: BLOCK)?-----/g,
215
+ replace: exports.SECRET_PLACEHOLDER,
216
+ },
217
+ // ── Structural / contextual (sensitive NAME + assignment) ─────────────────
218
+ // KEY=value or "key": "value" where the name looks sensitive. Keep the name
219
+ // and separator ($1), redact the value. Notes:
220
+ // - (?![A-Za-z0-9]) after the keyword requires a component boundary, so
221
+ // `token` matches `api_token`/`mytoken` but NOT `tokenizer`/`tokens`.
222
+ // - the value may start with an auth scheme word (Bearer/Token/Basic) so a
223
+ // `X-Api-Key: Bearer <tok>` shape redacts the credential, not just "Bearer".
224
+ // - value excludes & and ; so query-string params past the secret survive.
225
+ // - requires a 6+ char value so short non-secret values are not touched.
226
+ {
227
+ pattern: /\b([A-Za-z0-9_.-]*(?:API[_-]?KEY|SECRET|TOKEN|PASSWORD|PASSWD|PRIVATE[_-]?KEY|ACCESS[_-]?KEY|AUTH[_-]?TOKEN|CLIENT[_-]?SECRET)(?![A-Za-z0-9])(?:[_.-][A-Za-z0-9]+)*["']?\s*[:=]\s*["']?)(?:(?:bearer|token|basic)\s+)?[^\s"'&;]{6,}/gi,
228
+ replace: `$1${exports.SECRET_PLACEHOLDER}`,
229
+ },
230
+ // Authorization / API-key headers. Keep the header name + separator ($1$2)
231
+ // and an optional scheme ($3); redact the credential.
232
+ {
233
+ pattern: /\b(authorization|x-api-key|x-auth-token)(["']?\s*[:=]\s*["']?)(bearer\s+|token\s+|basic\s+)?[A-Za-z0-9._~+/-]{8,}=*/gi,
234
+ replace: `$1$2$3${exports.SECRET_PLACEHOLDER}`,
235
+ },
236
+ // Bare "Bearer <token>" (any case; the scheme word is preserved via $1).
237
+ {
238
+ pattern: /\b(Bearer\s+)[A-Za-z0-9._~+/-]{10,}=*/gi,
239
+ replace: `$1${exports.SECRET_PLACEHOLDER}`,
240
+ },
241
+ // Credentials embedded in URLs: proto://user:PASS@host -> redact PASS only.
242
+ // Username is optional so proto://:PASS@host (empty user) is still covered.
243
+ {
244
+ pattern: /\b([a-z][a-z0-9+.-]*:\/\/[^:@/\s]*:)[^@/\s]+(@)/gi,
245
+ replace: `$1${exports.SECRET_PLACEHOLDER}$2`,
246
+ },
247
+ ];
248
+ /**
249
+ * Build an anonymizer pre-loaded with {@link DEFAULT_SECRET_RULES} suitable for
250
+ * passing to `new Client({ anonymizer })`. It redacts detected secrets from run
251
+ * inputs, outputs, and metadata client-side, before they are uploaded.
252
+ *
253
+ * @param options.extraRules - Additional rules appended after the defaults.
254
+ * @param options.maxDepth - Max recursion depth (default 24; higher than
255
+ * `createAnonymizer`'s default of 10 because traced payloads nest deeply,
256
+ * e.g. `messages[].content[].args`).
257
+ *
258
+ * @example
259
+ * ```ts
260
+ * import { Client } from "langsmith";
261
+ * import { createSecretAnonymizer } from "langsmith/anonymizer";
262
+ *
263
+ * const client = new Client({ anonymizer: createSecretAnonymizer() });
264
+ * ```
265
+ */
266
+ function createSecretAnonymizer(options) {
267
+ const rules = [...exports.DEFAULT_SECRET_RULES, ...(options?.extraRules ?? [])];
268
+ return createAnonymizer(rules, { maxDepth: options?.maxDepth ?? 24 });
269
+ }
@@ -14,3 +14,48 @@ export type ReplacerType = ((value: string, path?: string) => string) | StringNo
14
14
  export declare function createAnonymizer(replacer: ReplacerType, options?: {
15
15
  maxDepth?: number;
16
16
  }): <T>(data: T) => T;
17
+ /**
18
+ * Replacement token written in place of detected secrets by
19
+ * {@link DEFAULT_SECRET_RULES} / {@link createSecretAnonymizer}.
20
+ */
21
+ export declare const SECRET_PLACEHOLDER = "[SECRET_DETECTED]";
22
+ /**
23
+ * A curated, high-precision rule set for detecting common credentials in
24
+ * traced data (prompts, tool inputs/outputs, file contents, shell commands).
25
+ *
26
+ * Designed to favor *low false positives* over exhaustive coverage:
27
+ * - Provider rules are anchored to well-known key prefixes.
28
+ * - Structural rules only fire when a sensitive *name* (api_key, token,
29
+ * password, …) is paired with an assignment/separator, so ordinary code,
30
+ * UUIDs, and hashes are left intact.
31
+ *
32
+ * This is NOT a port of gitleaks/secretlint; pattern shapes are drawn from
33
+ * those projects (and provider docs) as a reference only. Every rule sets an
34
+ * explicit `replace` because {@link createAnonymizer}'s default is
35
+ * `[redacted]`, whereas the shared token here is {@link SECRET_PLACEHOLDER}.
36
+ *
37
+ * Patterns are written to port 1:1 to the Python SDK preset (no lookbehind).
38
+ */
39
+ export declare const DEFAULT_SECRET_RULES: StringNodeRule[];
40
+ /**
41
+ * Build an anonymizer pre-loaded with {@link DEFAULT_SECRET_RULES} suitable for
42
+ * passing to `new Client({ anonymizer })`. It redacts detected secrets from run
43
+ * inputs, outputs, and metadata client-side, before they are uploaded.
44
+ *
45
+ * @param options.extraRules - Additional rules appended after the defaults.
46
+ * @param options.maxDepth - Max recursion depth (default 24; higher than
47
+ * `createAnonymizer`'s default of 10 because traced payloads nest deeply,
48
+ * e.g. `messages[].content[].args`).
49
+ *
50
+ * @example
51
+ * ```ts
52
+ * import { Client } from "langsmith";
53
+ * import { createSecretAnonymizer } from "langsmith/anonymizer";
54
+ *
55
+ * const client = new Client({ anonymizer: createSecretAnonymizer() });
56
+ * ```
57
+ */
58
+ export declare function createSecretAnonymizer(options?: {
59
+ extraRules?: StringNodeRule[];
60
+ maxDepth?: number;
61
+ }): <T>(data: T) => T;
@@ -122,3 +122,143 @@ export function createAnonymizer(replacer, options) {
122
122
  return mutateValue;
123
123
  };
124
124
  }
125
+ /**
126
+ * Replacement token written in place of detected secrets by
127
+ * {@link DEFAULT_SECRET_RULES} / {@link createSecretAnonymizer}.
128
+ */
129
+ export const SECRET_PLACEHOLDER = "[SECRET_DETECTED]";
130
+ /**
131
+ * A curated, high-precision rule set for detecting common credentials in
132
+ * traced data (prompts, tool inputs/outputs, file contents, shell commands).
133
+ *
134
+ * Designed to favor *low false positives* over exhaustive coverage:
135
+ * - Provider rules are anchored to well-known key prefixes.
136
+ * - Structural rules only fire when a sensitive *name* (api_key, token,
137
+ * password, …) is paired with an assignment/separator, so ordinary code,
138
+ * UUIDs, and hashes are left intact.
139
+ *
140
+ * This is NOT a port of gitleaks/secretlint; pattern shapes are drawn from
141
+ * those projects (and provider docs) as a reference only. Every rule sets an
142
+ * explicit `replace` because {@link createAnonymizer}'s default is
143
+ * `[redacted]`, whereas the shared token here is {@link SECRET_PLACEHOLDER}.
144
+ *
145
+ * Patterns are written to port 1:1 to the Python SDK preset (no lookbehind).
146
+ */
147
+ export const DEFAULT_SECRET_RULES = [
148
+ // ── Provider API keys (prefix-anchored) ─────────────────────────────────
149
+ // Anthropic
150
+ { pattern: /sk-ant-[A-Za-z0-9_-]{20,}/g, replace: SECRET_PLACEHOLDER },
151
+ // OpenAI: project / service-account / admin keys, then legacy `sk-...`
152
+ {
153
+ pattern: /sk-(?:proj|svcacct|admin)-[A-Za-z0-9_-]{20,}/g,
154
+ replace: SECRET_PLACEHOLDER,
155
+ },
156
+ { pattern: /sk-[A-Za-z0-9]{32,}/g, replace: SECRET_PLACEHOLDER },
157
+ // LangSmith (keys are multi-segment: lsv2_pt_<key>_<tail> — match the
158
+ // full underscore-delimited tail so none of it leaks past the placeholder)
159
+ {
160
+ pattern: /lsv2_(?:pt|sk)_[A-Za-z0-9]{32,}(?:_[A-Za-z0-9]+)*/g,
161
+ replace: SECRET_PLACEHOLDER,
162
+ },
163
+ { pattern: /ls__[A-Za-z0-9]{16,}/g, replace: SECRET_PLACEHOLDER },
164
+ // GitHub personal access / app tokens
165
+ { pattern: /gh[pousr]_[A-Za-z0-9]{36,}/g, replace: SECRET_PLACEHOLDER },
166
+ { pattern: /github_pat_[A-Za-z0-9_]{82}/g, replace: SECRET_PLACEHOLDER },
167
+ // GitLab personal access token
168
+ { pattern: /glpat-[A-Za-z0-9_-]{20,}/g, replace: SECRET_PLACEHOLDER },
169
+ // AWS access key id (covers AKIA/ASIA/ABIA/ACCA/A3T* prefixes)
170
+ {
171
+ pattern: /\b(?:AKIA|ASIA|ABIA|ACCA|A3T[A-Z0-9])[0-9A-Z]{16}\b/g,
172
+ replace: SECRET_PLACEHOLDER,
173
+ },
174
+ // Google API key + OAuth access token
175
+ { pattern: /AIza[0-9A-Za-z_-]{35}/g, replace: SECRET_PLACEHOLDER },
176
+ { pattern: /ya29\.[0-9A-Za-z_-]+/g, replace: SECRET_PLACEHOLDER },
177
+ // Slack tokens (bot/user + app-level) + incoming webhooks
178
+ { pattern: /xox[baprs]-[A-Za-z0-9-]{10,}/g, replace: SECRET_PLACEHOLDER },
179
+ { pattern: /xapp-\d-[A-Za-z0-9-]{10,}/g, replace: SECRET_PLACEHOLDER },
180
+ {
181
+ pattern: /https:\/\/hooks\.slack\.com\/services\/[A-Za-z0-9/]+/g,
182
+ replace: SECRET_PLACEHOLDER,
183
+ },
184
+ // Stripe
185
+ {
186
+ pattern: /\b(?:sk|rk)_(?:live|test)_[A-Za-z0-9]{20,}\b/g,
187
+ replace: SECRET_PLACEHOLDER,
188
+ },
189
+ // npm
190
+ { pattern: /npm_[A-Za-z0-9]{36}/g, replace: SECRET_PLACEHOLDER },
191
+ // PyPI upload token
192
+ {
193
+ pattern: /pypi-AgEIcHlwaS[A-Za-z0-9_-]{50,}/g,
194
+ replace: SECRET_PLACEHOLDER,
195
+ },
196
+ // SendGrid
197
+ {
198
+ pattern: /SG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}/g,
199
+ replace: SECRET_PLACEHOLDER,
200
+ },
201
+ // ── Structured tokens ────────────────────────────────────────────────────
202
+ // JWT (header.payload.signature)
203
+ {
204
+ pattern: /eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g,
205
+ replace: SECRET_PLACEHOLDER,
206
+ },
207
+ // PEM private key blocks (RSA/EC/OPENSSH/DSA/plain + PGP "...KEY BLOCK")
208
+ {
209
+ pattern: /-----BEGIN (?:[A-Z0-9 ]+ )?PRIVATE KEY(?: BLOCK)?-----[\s\S]+?-----END (?:[A-Z0-9 ]+ )?PRIVATE KEY(?: BLOCK)?-----/g,
210
+ replace: SECRET_PLACEHOLDER,
211
+ },
212
+ // ── Structural / contextual (sensitive NAME + assignment) ─────────────────
213
+ // KEY=value or "key": "value" where the name looks sensitive. Keep the name
214
+ // and separator ($1), redact the value. Notes:
215
+ // - (?![A-Za-z0-9]) after the keyword requires a component boundary, so
216
+ // `token` matches `api_token`/`mytoken` but NOT `tokenizer`/`tokens`.
217
+ // - the value may start with an auth scheme word (Bearer/Token/Basic) so a
218
+ // `X-Api-Key: Bearer <tok>` shape redacts the credential, not just "Bearer".
219
+ // - value excludes & and ; so query-string params past the secret survive.
220
+ // - requires a 6+ char value so short non-secret values are not touched.
221
+ {
222
+ pattern: /\b([A-Za-z0-9_.-]*(?:API[_-]?KEY|SECRET|TOKEN|PASSWORD|PASSWD|PRIVATE[_-]?KEY|ACCESS[_-]?KEY|AUTH[_-]?TOKEN|CLIENT[_-]?SECRET)(?![A-Za-z0-9])(?:[_.-][A-Za-z0-9]+)*["']?\s*[:=]\s*["']?)(?:(?:bearer|token|basic)\s+)?[^\s"'&;]{6,}/gi,
223
+ replace: `$1${SECRET_PLACEHOLDER}`,
224
+ },
225
+ // Authorization / API-key headers. Keep the header name + separator ($1$2)
226
+ // and an optional scheme ($3); redact the credential.
227
+ {
228
+ pattern: /\b(authorization|x-api-key|x-auth-token)(["']?\s*[:=]\s*["']?)(bearer\s+|token\s+|basic\s+)?[A-Za-z0-9._~+/-]{8,}=*/gi,
229
+ replace: `$1$2$3${SECRET_PLACEHOLDER}`,
230
+ },
231
+ // Bare "Bearer <token>" (any case; the scheme word is preserved via $1).
232
+ {
233
+ pattern: /\b(Bearer\s+)[A-Za-z0-9._~+/-]{10,}=*/gi,
234
+ replace: `$1${SECRET_PLACEHOLDER}`,
235
+ },
236
+ // Credentials embedded in URLs: proto://user:PASS@host -> redact PASS only.
237
+ // Username is optional so proto://:PASS@host (empty user) is still covered.
238
+ {
239
+ pattern: /\b([a-z][a-z0-9+.-]*:\/\/[^:@/\s]*:)[^@/\s]+(@)/gi,
240
+ replace: `$1${SECRET_PLACEHOLDER}$2`,
241
+ },
242
+ ];
243
+ /**
244
+ * Build an anonymizer pre-loaded with {@link DEFAULT_SECRET_RULES} suitable for
245
+ * passing to `new Client({ anonymizer })`. It redacts detected secrets from run
246
+ * inputs, outputs, and metadata client-side, before they are uploaded.
247
+ *
248
+ * @param options.extraRules - Additional rules appended after the defaults.
249
+ * @param options.maxDepth - Max recursion depth (default 24; higher than
250
+ * `createAnonymizer`'s default of 10 because traced payloads nest deeply,
251
+ * e.g. `messages[].content[].args`).
252
+ *
253
+ * @example
254
+ * ```ts
255
+ * import { Client } from "langsmith";
256
+ * import { createSecretAnonymizer } from "langsmith/anonymizer";
257
+ *
258
+ * const client = new Client({ anonymizer: createSecretAnonymizer() });
259
+ * ```
260
+ */
261
+ export function createSecretAnonymizer(options) {
262
+ const rules = [...DEFAULT_SECRET_RULES, ...(options?.extraRules ?? [])];
263
+ return createAnonymizer(rules, { maxDepth: options?.maxDepth ?? 24 });
264
+ }
package/dist/client.cjs CHANGED
@@ -35,6 +35,7 @@ var __importStar = (this && this.__importStar) || (function () {
35
35
  Object.defineProperty(exports, "__esModule", { value: true });
36
36
  exports.Client = exports.AutoBatchQueue = exports.DEFAULT_MAX_SIZE_BYTES = exports.DEFAULT_UNCOMPRESSED_BATCH_SIZE_LIMIT_BYTES = void 0;
37
37
  exports.mergeRuntimeEnvIntoRun = mergeRuntimeEnvIntoRun;
38
+ exports._checkBackendVersion = _checkBackendVersion;
38
39
  const uuid = __importStar(require("./utils/uuid/src/index.cjs"));
39
40
  const translator_js_1 = require("./experimental/otel/translator.cjs");
40
41
  const otel_js_1 = require("./singletons/otel.cjs");
@@ -45,6 +46,7 @@ const index_js_1 = require("./index.cjs");
45
46
  const index_js_2 = require("./_openapi_client/index.cjs");
46
47
  const _uuid_js_1 = require("./utils/_uuid.cjs");
47
48
  const warn_js_1 = require("./utils/warn.cjs");
49
+ const constants_js_1 = require("./utils/constants.cjs");
48
50
  const prompts_js_1 = require("./utils/prompts.cjs");
49
51
  const error_js_1 = require("./utils/error.cjs");
50
52
  const index_js_3 = require("./utils/prompt_cache/index.cjs");
@@ -159,6 +161,25 @@ function _formatFeedbackScore(score) {
159
161
  }
160
162
  return score;
161
163
  }
164
+ function _checkBackendVersion(version, minVersion = constants_js_1._MIN_BACKEND_VERSION) {
165
+ const parse = (v) => v.split(".").map((s) => parseInt(s, 10));
166
+ const [maj, min, pat] = parse(version);
167
+ const [rMaj, rMin, rPat] = parse(minVersion);
168
+ if (isNaN(maj) ||
169
+ isNaN(min) ||
170
+ isNaN(pat) ||
171
+ isNaN(rMaj) ||
172
+ isNaN(rMin) ||
173
+ isNaN(rPat)) {
174
+ console.warn(`[LANGSMITH]: Could not parse backend version ${JSON.stringify(version)} for compatibility check.`);
175
+ return;
176
+ }
177
+ if (maj < rMaj ||
178
+ (maj === rMaj && min < rMin) ||
179
+ (maj === rMaj && min === rMin && pat < rPat)) {
180
+ console.warn(`[LANGSMITH]: Backend version ${JSON.stringify(version)} is older than the minimum version required by this SDK (${JSON.stringify(minVersion)}). Some features may not work as expected.`);
181
+ }
182
+ }
162
183
  exports.DEFAULT_UNCOMPRESSED_BATCH_SIZE_LIMIT_BYTES = 24 * 1024 * 1024;
163
184
  /** Default maximum memory (1GB) for queue size limits. */
164
185
  exports.DEFAULT_MAX_SIZE_BYTES = 1024 * 1024 * 1024; // 1GB
@@ -1408,6 +1429,9 @@ class Client {
1408
1429
  if (this._serverInfo === undefined) {
1409
1430
  try {
1410
1431
  this._serverInfo = await this._getServerInfo();
1432
+ if (this._serverInfo?.version) {
1433
+ _checkBackendVersion(this._serverInfo.version);
1434
+ }
1411
1435
  }
1412
1436
  catch (e) {
1413
1437
  console.warn(`[LANGSMITH]: Failed to fetch info on supported operations. Falling back to batch operations and default limits. Info: ${e.status ?? "Unspecified status code"} ${e.message}`);
@@ -3502,7 +3526,7 @@ class Client {
3502
3526
  return res;
3503
3527
  });
3504
3528
  }
3505
- async createFeedback(runId, key, { score, value, correction, comment, sourceInfo, feedbackSourceType = "api", sourceRunId, feedbackId, feedbackConfig, projectId, comparativeExperimentId, sessionId, startTime, }) {
3529
+ async createFeedback(runId, key, { score, value, correction, comment, sourceInfo, feedbackSourceType = "api", sourceRunId, feedbackId, feedbackConfig, projectId, comparativeExperimentId, sessionId, startTime, extendTraceRetention, }) {
3506
3530
  if (!runId && !projectId) {
3507
3531
  throw new Error("One of runId or projectId must be provided");
3508
3532
  }
@@ -3535,6 +3559,7 @@ class Client {
3535
3559
  feedbackConfig,
3536
3560
  session_id: sessionId ?? projectId,
3537
3561
  start_time: startTime,
3562
+ extend_trace_retention: extendTraceRetention,
3538
3563
  };
3539
3564
  const body = JSON.stringify(feedback);
3540
3565
  const url = `${this.apiUrl}/feedback`;
package/dist/client.d.ts CHANGED
@@ -382,6 +382,7 @@ export interface ListThreadsItem extends Thread {
382
382
  runs: Run[];
383
383
  }
384
384
  export declare function mergeRuntimeEnvIntoRun<T extends RunCreate | RunUpdate>(run: T, cachedEnvVars?: Record<string, string>, omitTracedRuntimeInfo?: boolean): T;
385
+ export declare function _checkBackendVersion(version: string, minVersion?: string): void;
385
386
  export declare const DEFAULT_UNCOMPRESSED_BATCH_SIZE_LIMIT_BYTES: number;
386
387
  /** Default maximum memory (1GB) for queue size limits. */
387
388
  export declare const DEFAULT_MAX_SIZE_BYTES: number;
@@ -915,7 +916,7 @@ export declare class Client implements LangSmithTracingClientInterface {
915
916
  exampleIds: string[];
916
917
  remove?: boolean;
917
918
  }): Promise<void>;
918
- createFeedback(runId: string | null, key: string, { score, value, correction, comment, sourceInfo, feedbackSourceType, sourceRunId, feedbackId, feedbackConfig, projectId, comparativeExperimentId, sessionId, startTime, }: {
919
+ createFeedback(runId: string | null, key: string, { score, value, correction, comment, sourceInfo, feedbackSourceType, sourceRunId, feedbackId, feedbackConfig, projectId, comparativeExperimentId, sessionId, startTime, extendTraceRetention, }: {
919
920
  score?: ScoreType;
920
921
  value?: ValueType;
921
922
  correction?: object;
@@ -932,6 +933,8 @@ export declare class Client implements LangSmithTracingClientInterface {
932
933
  sessionId?: string;
933
934
  /** The start time of the run this feedback is for. Accepts ISO string or epoch ms. */
934
935
  startTime?: number | string;
936
+ /** If false, create feedback without extending the trace's retention tier. */
937
+ extendTraceRetention?: boolean;
935
938
  }): Promise<Feedback>;
936
939
  updateFeedback(feedbackId: string, { score, value, correction, comment, }: {
937
940
  score?: number | boolean | null;
package/dist/client.js CHANGED
@@ -8,6 +8,7 @@ import { __version__ } from "./index.js";
8
8
  import { Langsmith as OpenAPILangsmith } from "./_openapi_client/index.js";
9
9
  import { assertUuid } from "./utils/_uuid.js";
10
10
  import { warnOnce } from "./utils/warn.js";
11
+ import { _MIN_BACKEND_VERSION } from "./utils/constants.js";
11
12
  import { parseHubIdentifier } from "./utils/prompts.js";
12
13
  import { raiseForStatus, isLangSmithNotFoundError, isLangSmithConflictError, } from "./utils/error.js";
13
14
  import { promptCacheSingleton, } from "./utils/prompt_cache/index.js";
@@ -122,6 +123,25 @@ function _formatFeedbackScore(score) {
122
123
  }
123
124
  return score;
124
125
  }
126
+ export function _checkBackendVersion(version, minVersion = _MIN_BACKEND_VERSION) {
127
+ const parse = (v) => v.split(".").map((s) => parseInt(s, 10));
128
+ const [maj, min, pat] = parse(version);
129
+ const [rMaj, rMin, rPat] = parse(minVersion);
130
+ if (isNaN(maj) ||
131
+ isNaN(min) ||
132
+ isNaN(pat) ||
133
+ isNaN(rMaj) ||
134
+ isNaN(rMin) ||
135
+ isNaN(rPat)) {
136
+ console.warn(`[LANGSMITH]: Could not parse backend version ${JSON.stringify(version)} for compatibility check.`);
137
+ return;
138
+ }
139
+ if (maj < rMaj ||
140
+ (maj === rMaj && min < rMin) ||
141
+ (maj === rMaj && min === rMin && pat < rPat)) {
142
+ console.warn(`[LANGSMITH]: Backend version ${JSON.stringify(version)} is older than the minimum version required by this SDK (${JSON.stringify(minVersion)}). Some features may not work as expected.`);
143
+ }
144
+ }
125
145
  export const DEFAULT_UNCOMPRESSED_BATCH_SIZE_LIMIT_BYTES = 24 * 1024 * 1024;
126
146
  /** Default maximum memory (1GB) for queue size limits. */
127
147
  export const DEFAULT_MAX_SIZE_BYTES = 1024 * 1024 * 1024; // 1GB
@@ -1370,6 +1390,9 @@ export class Client {
1370
1390
  if (this._serverInfo === undefined) {
1371
1391
  try {
1372
1392
  this._serverInfo = await this._getServerInfo();
1393
+ if (this._serverInfo?.version) {
1394
+ _checkBackendVersion(this._serverInfo.version);
1395
+ }
1373
1396
  }
1374
1397
  catch (e) {
1375
1398
  console.warn(`[LANGSMITH]: Failed to fetch info on supported operations. Falling back to batch operations and default limits. Info: ${e.status ?? "Unspecified status code"} ${e.message}`);
@@ -3464,7 +3487,7 @@ export class Client {
3464
3487
  return res;
3465
3488
  });
3466
3489
  }
3467
- async createFeedback(runId, key, { score, value, correction, comment, sourceInfo, feedbackSourceType = "api", sourceRunId, feedbackId, feedbackConfig, projectId, comparativeExperimentId, sessionId, startTime, }) {
3490
+ async createFeedback(runId, key, { score, value, correction, comment, sourceInfo, feedbackSourceType = "api", sourceRunId, feedbackId, feedbackConfig, projectId, comparativeExperimentId, sessionId, startTime, extendTraceRetention, }) {
3468
3491
  if (!runId && !projectId) {
3469
3492
  throw new Error("One of runId or projectId must be provided");
3470
3493
  }
@@ -3497,6 +3520,7 @@ export class Client {
3497
3520
  feedbackConfig,
3498
3521
  session_id: sessionId ?? projectId,
3499
3522
  start_time: startTime,
3523
+ extend_trace_retention: extendTraceRetention,
3500
3524
  };
3501
3525
  const body = JSON.stringify(feedback);
3502
3526
  const url = `${this.apiUrl}/feedback`;
package/dist/index.cjs CHANGED
@@ -20,6 +20,6 @@ Object.defineProperty(exports, "PromptCache", { enumerable: true, get: function
20
20
  Object.defineProperty(exports, "configureGlobalPromptCache", { enumerable: true, get: function () { return index_js_1.configureGlobalPromptCache; } });
21
21
  Object.defineProperty(exports, "promptCacheSingleton", { enumerable: true, get: function () { return index_js_1.promptCacheSingleton; } });
22
22
  // Update using pnpm bump-version
23
- exports.__version__ = "0.7.10";
23
+ exports.__version__ = "0.7.11";
24
24
  // Metadata key to hide a traced run from LangSmith's Messages View.
25
25
  exports.LS_MESSAGE_VIEW_EXCLUDE = "ls_message_view_exclude";
package/dist/index.d.ts CHANGED
@@ -6,5 +6,5 @@ export { getDefaultProjectName } from "./utils/project.js";
6
6
  export { uuid7, uuid7FromTime } from "./uuid.js";
7
7
  export { isTracingEnabled } from "./utils/guard.js";
8
8
  export { Cache, PromptCache, type CacheConfig, type CacheMetrics, configureGlobalPromptCache, promptCacheSingleton, } from "./utils/prompt_cache/index.js";
9
- export declare const __version__ = "0.7.10";
9
+ export declare const __version__ = "0.7.11";
10
10
  export declare const LS_MESSAGE_VIEW_EXCLUDE: "ls_message_view_exclude";
package/dist/index.js CHANGED
@@ -6,6 +6,6 @@ export { uuid7, uuid7FromTime } from "./uuid.js";
6
6
  export { isTracingEnabled } from "./utils/guard.js";
7
7
  export { Cache, PromptCache, configureGlobalPromptCache, promptCacheSingleton, } from "./utils/prompt_cache/index.js";
8
8
  // Update using pnpm bump-version
9
- export const __version__ = "0.7.10";
9
+ export const __version__ = "0.7.11";
10
10
  // Metadata key to hide a traced run from LangSmith's Messages View.
11
11
  export const LS_MESSAGE_VIEW_EXCLUDE = "ls_message_view_exclude";
@@ -10,7 +10,7 @@ const async_caller_js_1 = require("../utils/async_caller.cjs");
10
10
  const sandbox_js_1 = require("./sandbox.cjs");
11
11
  const errors_js_1 = require("./errors.cjs");
12
12
  const helpers_js_1 = require("./helpers.cjs");
13
- const proxy_config_js_1 = require("./proxy_config.cjs");
13
+ const mounts_js_1 = require("./mounts.cjs");
14
14
  const index_js_1 = require("../utils/uuid/src/index.cjs");
15
15
  /**
16
16
  * Sleep that can be interrupted by an AbortSignal.
@@ -372,9 +372,6 @@ class SandboxClient {
372
372
  if (snapshotId && snapshotName) {
373
373
  throw new errors_js_1.LangSmithValidationError("At most one of snapshotId or options.snapshotName may be set", "snapshotId");
374
374
  }
375
- if ("mounts" in resolvedOptions) {
376
- throw new errors_js_1.LangSmithValidationError("mounts is not a public createSandbox option; use mountConfig", "mounts");
377
- }
378
375
  (0, helpers_js_1.validateTtl)(idleTtlSeconds, "idleTtlSeconds");
379
376
  (0, helpers_js_1.validateTtl)(deleteAfterStopSeconds, "deleteAfterStopSeconds");
380
377
  const url = `${this._baseUrl}/boxes`;
@@ -408,12 +405,12 @@ class SandboxClient {
408
405
  if (fsCapacityBytes !== undefined) {
409
406
  payload.fs_capacity_bytes = fsCapacityBytes;
410
407
  }
411
- const effectiveProxyConfig = (0, proxy_config_js_1.mergeProxyConfigs)(mountConfig?.proxyConfig, proxyConfig);
412
408
  if (mountConfig !== undefined) {
413
- payload.mounts = mountConfig.mounts;
409
+ (0, mounts_js_1.validateMountConfigProxyConfig)(mountConfig, proxyConfig);
410
+ payload.mount_config = mountConfig;
414
411
  }
415
- if (effectiveProxyConfig !== undefined) {
416
- payload.proxy_config = effectiveProxyConfig;
412
+ if (proxyConfig !== undefined) {
413
+ payload.proxy_config = proxyConfig;
417
414
  }
418
415
  const httpTimeout = waitForReady ? (timeout + 30) * 1000 : 30 * 1000;
419
416
  const response = await this._fetch(url, {
@@ -7,7 +7,7 @@ import { AsyncCaller } from "../utils/async_caller.js";
7
7
  import { Sandbox } from "./sandbox.js";
8
8
  import { LangSmithResourceCreationError, LangSmithResourceNameConflictError, LangSmithResourceNotFoundError, LangSmithResourceTimeoutError, LangSmithSandboxAPIError, LangSmithValidationError, } from "./errors.js";
9
9
  import { handleClientHttpError, handleSandboxCreationError, validateTtl, } from "./helpers.js";
10
- import { mergeProxyConfigs } from "./proxy_config.js";
10
+ import { validateMountConfigProxyConfig } from "./mounts.js";
11
11
  import { v4 as uuidv4 } from "../utils/uuid/src/index.js";
12
12
  /**
13
13
  * Sleep that can be interrupted by an AbortSignal.
@@ -369,9 +369,6 @@ export class SandboxClient {
369
369
  if (snapshotId && snapshotName) {
370
370
  throw new LangSmithValidationError("At most one of snapshotId or options.snapshotName may be set", "snapshotId");
371
371
  }
372
- if ("mounts" in resolvedOptions) {
373
- throw new LangSmithValidationError("mounts is not a public createSandbox option; use mountConfig", "mounts");
374
- }
375
372
  validateTtl(idleTtlSeconds, "idleTtlSeconds");
376
373
  validateTtl(deleteAfterStopSeconds, "deleteAfterStopSeconds");
377
374
  const url = `${this._baseUrl}/boxes`;
@@ -405,12 +402,12 @@ export class SandboxClient {
405
402
  if (fsCapacityBytes !== undefined) {
406
403
  payload.fs_capacity_bytes = fsCapacityBytes;
407
404
  }
408
- const effectiveProxyConfig = mergeProxyConfigs(mountConfig?.proxyConfig, proxyConfig);
409
405
  if (mountConfig !== undefined) {
410
- payload.mounts = mountConfig.mounts;
406
+ validateMountConfigProxyConfig(mountConfig, proxyConfig);
407
+ payload.mount_config = mountConfig;
411
408
  }
412
- if (effectiveProxyConfig !== undefined) {
413
- payload.proxy_config = effectiveProxyConfig;
409
+ if (proxyConfig !== undefined) {
410
+ payload.proxy_config = proxyConfig;
414
411
  }
415
412
  const httpTimeout = waitForReady ? (timeout + 30) * 1000 : 30 * 1000;
416
413
  const response = await this._fetch(url, {
@@ -29,7 +29,7 @@
29
29
  * @packageDocumentation
30
30
  */
31
31
  Object.defineProperty(exports, "__esModule", { value: true });
32
- exports.LangSmithDataplaneNotConfiguredError = exports.LangSmithCommandTimeoutError = exports.LangSmithSandboxOperationError = exports.LangSmithSandboxNotReadyError = exports.LangSmithSandboxCreationError = exports.LangSmithResourceCreationError = exports.LangSmithQuotaExceededError = exports.LangSmithValidationError = exports.LangSmithResourceNameConflictError = exports.LangSmithResourceAlreadyExistsError = exports.LangSmithResourceInUseError = exports.LangSmithResourceTimeoutError = exports.LangSmithResourceNotFoundError = exports.LangSmithSandboxServerReloadError = exports.LangSmithSandboxConnectionError = exports.LangSmithSandboxAuthenticationError = exports.LangSmithSandboxAPIError = exports.LangSmithSandboxError = exports.s3Mount = exports.mountConfig = exports.gcsMount = exports.workspaceSecret = exports.proxyConfig = exports.opaqueSecret = exports.gcpAuth = exports.awsAuth = exports.CommandHandle = exports.Sandbox = exports.SandboxClient = void 0;
32
+ exports.LangSmithDataplaneNotConfiguredError = exports.LangSmithCommandTimeoutError = exports.LangSmithSandboxOperationError = exports.LangSmithSandboxNotReadyError = exports.LangSmithSandboxCreationError = exports.LangSmithResourceCreationError = exports.LangSmithQuotaExceededError = exports.LangSmithValidationError = exports.LangSmithResourceNameConflictError = exports.LangSmithResourceAlreadyExistsError = exports.LangSmithResourceInUseError = exports.LangSmithResourceTimeoutError = exports.LangSmithResourceNotFoundError = exports.LangSmithSandboxServerReloadError = exports.LangSmithSandboxConnectionError = exports.LangSmithSandboxAuthenticationError = exports.LangSmithSandboxAPIError = exports.LangSmithSandboxError = exports.s3Mount = exports.mountConfig = exports.gitMount = exports.gcsMount = exports.workspaceSecret = exports.proxyConfig = exports.opaqueSecret = exports.gcpAuth = exports.awsAuth = exports.CommandHandle = exports.Sandbox = exports.SandboxClient = void 0;
33
33
  // Main classes
34
34
  var client_js_1 = require("./client.cjs");
35
35
  Object.defineProperty(exports, "SandboxClient", { enumerable: true, get: function () { return client_js_1.SandboxClient; } });
@@ -45,6 +45,7 @@ Object.defineProperty(exports, "proxyConfig", { enumerable: true, get: function
45
45
  Object.defineProperty(exports, "workspaceSecret", { enumerable: true, get: function () { return proxy_config_js_1.workspaceSecret; } });
46
46
  var mounts_js_1 = require("./mounts.cjs");
47
47
  Object.defineProperty(exports, "gcsMount", { enumerable: true, get: function () { return mounts_js_1.gcsMount; } });
48
+ Object.defineProperty(exports, "gitMount", { enumerable: true, get: function () { return mounts_js_1.gitMount; } });
48
49
  Object.defineProperty(exports, "mountConfig", { enumerable: true, get: function () { return mounts_js_1.mountConfig; } });
49
50
  Object.defineProperty(exports, "s3Mount", { enumerable: true, get: function () { return mounts_js_1.s3Mount; } });
50
51
  // Errors
@@ -31,6 +31,6 @@ export { SandboxClient } from "./client.js";
31
31
  export { Sandbox } from "./sandbox.js";
32
32
  export { CommandHandle } from "./command_handle.js";
33
33
  export { awsAuth, gcpAuth, opaqueSecret, proxyConfig, workspaceSecret, } from "./proxy_config.js";
34
- export { gcsMount, mountConfig, s3Mount } from "./mounts.js";
35
- export type { ExecutionResult, OutputChunk, WsMessage, WsRunOptions, ResourceStatus, Snapshot, SandboxData, SandboxClientConfig, RunOptions, CreateSandboxOptions, SandboxAccessControl, SandboxAwsAuthRule, SandboxGcpAuthRule, SandboxMountConfig, SandboxProxyConfig, SandboxProxyRule, SandboxProxySecret, SandboxMount, MountCacheConfig, GCSMountConfig, GCSMountSpec, S3MountConfig, S3MountSpec, CreateSnapshotOptions, CreateDockerfileSnapshotOptions, CaptureSnapshotOptions, ListSnapshotsOptions, WaitForSnapshotOptions, StartSandboxOptions, UpdateSandboxOptions, WaitForSandboxOptions, } from "./types.js";
34
+ export { gcsMount, gitMount, mountConfig, s3Mount } from "./mounts.js";
35
+ export type { ExecutionResult, OutputChunk, WsMessage, WsRunOptions, ResourceStatus, Snapshot, SandboxData, SandboxClientConfig, RunOptions, CreateSandboxOptions, SandboxAccessControl, SandboxAwsAuthRule, SandboxAwsMountAuthConfig, SandboxGcpAuthRule, SandboxGcpMountAuthConfig, SandboxMountAuth, SandboxMountAuthConfig, SandboxMountConfig, SandboxProxyConfig, SandboxProxyRule, SandboxProxySecret, SandboxMount, MountCacheConfig, GCSMountConfig, GCSMountSpec, GitMountConfig, GitMountRefSpec, GitMountSpec, S3MountConfig, S3MountSpec, CreateSnapshotOptions, CreateDockerfileSnapshotOptions, CaptureSnapshotOptions, ListSnapshotsOptions, WaitForSnapshotOptions, StartSandboxOptions, UpdateSandboxOptions, WaitForSandboxOptions, } from "./types.js";
36
36
  export { LangSmithSandboxError, LangSmithSandboxAPIError, LangSmithSandboxAuthenticationError, LangSmithSandboxConnectionError, LangSmithSandboxServerReloadError, LangSmithResourceNotFoundError, LangSmithResourceTimeoutError, LangSmithResourceInUseError, LangSmithResourceAlreadyExistsError, LangSmithResourceNameConflictError, LangSmithValidationError, LangSmithQuotaExceededError, LangSmithResourceCreationError, LangSmithSandboxCreationError, LangSmithSandboxNotReadyError, LangSmithSandboxOperationError, LangSmithCommandTimeoutError, LangSmithDataplaneNotConfiguredError, } from "./errors.js";
@@ -32,7 +32,7 @@ export { SandboxClient } from "./client.js";
32
32
  export { Sandbox } from "./sandbox.js";
33
33
  export { CommandHandle } from "./command_handle.js";
34
34
  export { awsAuth, gcpAuth, opaqueSecret, proxyConfig, workspaceSecret, } from "./proxy_config.js";
35
- export { gcsMount, mountConfig, s3Mount } from "./mounts.js";
35
+ export { gcsMount, gitMount, mountConfig, s3Mount } from "./mounts.js";
36
36
  // Errors
37
37
  export {
38
38
  // Base and connection errors