langsmith 0.7.9 → 0.7.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +46 -15
- package/dist/_openapi_client/client.cjs +0 -88
- package/dist/_openapi_client/client.d.ts +0 -33
- package/dist/_openapi_client/client.js +0 -88
- package/dist/_openapi_client/internal/headers.d.ts +13 -0
- package/dist/_openapi_client/internal/types.d.ts +1 -28
- package/dist/_openapi_client/resources/datasets/datasets.d.ts +52 -4
- package/dist/_openapi_client/resources/datasets/runs.d.ts +1 -2
- package/dist/_openapi_client/resources/index.cjs +1 -23
- package/dist/_openapi_client/resources/index.d.ts +0 -11
- package/dist/_openapi_client/resources/index.js +0 -11
- package/dist/anonymizer/index.cjs +142 -0
- package/dist/anonymizer/index.d.ts +45 -0
- package/dist/anonymizer/index.js +140 -0
- package/dist/client.cjs +26 -1
- package/dist/client.d.ts +4 -1
- package/dist/client.js +25 -1
- package/dist/index.cjs +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +1 -1
- package/dist/sandbox/client.cjs +5 -8
- package/dist/sandbox/client.js +5 -8
- package/dist/sandbox/index.cjs +2 -1
- package/dist/sandbox/index.d.ts +2 -2
- package/dist/sandbox/index.js +1 -1
- package/dist/sandbox/mounts.cjs +157 -18
- package/dist/sandbox/mounts.d.ts +10 -2
- package/dist/sandbox/mounts.js +155 -18
- package/dist/sandbox/proxy_config.cjs +19 -44
- package/dist/sandbox/proxy_config.d.ts +2 -4
- package/dist/sandbox/proxy_config.js +19 -43
- package/dist/sandbox/types.d.ts +56 -15
- package/dist/utils/constants.cjs +4 -0
- package/dist/utils/constants.d.ts +1 -0
- package/dist/utils/constants.js +1 -0
- package/package.json +2 -2
- package/dist/_openapi_client/resources/annotation-queues/annotation-queues.cjs +0 -138
- package/dist/_openapi_client/resources/annotation-queues/annotation-queues.d.ts +0 -367
- package/dist/_openapi_client/resources/annotation-queues/annotation-queues.js +0 -101
- package/dist/_openapi_client/resources/annotation-queues/runs.cjs +0 -46
- package/dist/_openapi_client/resources/annotation-queues/runs.d.ts +0 -128
- package/dist/_openapi_client/resources/annotation-queues/runs.js +0 -42
- package/dist/_openapi_client/resources/commits.cjs +0 -44
- package/dist/_openapi_client/resources/commits.d.ts +0 -204
- package/dist/_openapi_client/resources/commits.js +0 -40
- package/dist/_openapi_client/resources/evaluators.cjs +0 -15
- package/dist/_openapi_client/resources/evaluators.d.ts +0 -125
- package/dist/_openapi_client/resources/evaluators.js +0 -11
- package/dist/_openapi_client/resources/examples/bulk.cjs +0 -24
- package/dist/_openapi_client/resources/examples/bulk.d.ts +0 -78
- package/dist/_openapi_client/resources/examples/bulk.js +0 -20
- package/dist/_openapi_client/resources/examples/examples.cjs +0 -124
- package/dist/_openapi_client/resources/examples/examples.d.ts +0 -182
- package/dist/_openapi_client/resources/examples/examples.js +0 -87
- package/dist/_openapi_client/resources/examples/validate.cjs +0 -21
- package/dist/_openapi_client/resources/examples/validate.d.ts +0 -38
- package/dist/_openapi_client/resources/examples/validate.js +0 -17
- package/dist/_openapi_client/resources/feedback/configs.cjs +0 -24
- package/dist/_openapi_client/resources/feedback/configs.d.ts +0 -18
- package/dist/_openapi_client/resources/feedback/configs.js +0 -20
- package/dist/_openapi_client/resources/feedback/feedback.cjs +0 -98
- package/dist/_openapi_client/resources/feedback/feedback.d.ts +0 -275
- package/dist/_openapi_client/resources/feedback/feedback.js +0 -61
- package/dist/_openapi_client/resources/feedback/tokens.cjs +0 -35
- package/dist/_openapi_client/resources/feedback/tokens.d.ts +0 -130
- package/dist/_openapi_client/resources/feedback/tokens.js +0 -31
- package/dist/_openapi_client/resources/public/datasets.cjs +0 -47
- package/dist/_openapi_client/resources/public/datasets.d.ts +0 -152
- package/dist/_openapi_client/resources/public/datasets.js +0 -43
- package/dist/_openapi_client/resources/public/public.cjs +0 -62
- package/dist/_openapi_client/resources/public/public.d.ts +0 -32
- package/dist/_openapi_client/resources/public/public.js +0 -25
- package/dist/_openapi_client/resources/repos/directories.cjs +0 -40
- package/dist/_openapi_client/resources/repos/directories.d.ts +0 -72
- package/dist/_openapi_client/resources/repos/directories.js +0 -36
- package/dist/_openapi_client/resources/repos/repos.cjs +0 -93
- package/dist/_openapi_client/resources/repos/repos.d.ts +0 -188
- package/dist/_openapi_client/resources/repos/repos.js +0 -56
- package/dist/_openapi_client/resources/runs/rules.cjs +0 -9
- package/dist/_openapi_client/resources/runs/rules.d.ts +0 -3
- package/dist/_openapi_client/resources/runs/rules.js +0 -5
- package/dist/_openapi_client/resources/runs/runs.cjs +0 -102
- package/dist/_openapi_client/resources/runs/runs.d.ts +0 -542
- package/dist/_openapi_client/resources/runs/runs.js +0 -65
- package/dist/_openapi_client/resources/sandboxes/boxes.cjs +0 -86
- package/dist/_openapi_client/resources/sandboxes/boxes.d.ts +0 -1121
- package/dist/_openapi_client/resources/sandboxes/boxes.js +0 -82
- package/dist/_openapi_client/resources/sandboxes/sandboxes.cjs +0 -63
- package/dist/_openapi_client/resources/sandboxes/sandboxes.d.ts +0 -13
- package/dist/_openapi_client/resources/sandboxes/sandboxes.js +0 -26
- package/dist/_openapi_client/resources/sandboxes/snapshots.cjs +0 -39
- package/dist/_openapi_client/resources/sandboxes/snapshots.d.ts +0 -130
- package/dist/_openapi_client/resources/sandboxes/snapshots.js +0 -35
- package/dist/_openapi_client/resources/settings.cjs +0 -15
- package/dist/_openapi_client/resources/settings.d.ts +0 -18
- package/dist/_openapi_client/resources/settings.js +0 -11
- package/dist/_openapi_client/resources/workspaces.cjs +0 -35
- package/dist/_openapi_client/resources/workspaces.d.ts +0 -84
- package/dist/_openapi_client/resources/workspaces.js +0 -31
package/dist/sandbox/index.cjs
CHANGED
|
@@ -29,7 +29,7 @@
|
|
|
29
29
|
* @packageDocumentation
|
|
30
30
|
*/
|
|
31
31
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
32
|
-
exports.LangSmithDataplaneNotConfiguredError = exports.LangSmithCommandTimeoutError = exports.LangSmithSandboxOperationError = exports.LangSmithSandboxNotReadyError = exports.LangSmithSandboxCreationError = exports.LangSmithResourceCreationError = exports.LangSmithQuotaExceededError = exports.LangSmithValidationError = exports.LangSmithResourceNameConflictError = exports.LangSmithResourceAlreadyExistsError = exports.LangSmithResourceInUseError = exports.LangSmithResourceTimeoutError = exports.LangSmithResourceNotFoundError = exports.LangSmithSandboxServerReloadError = exports.LangSmithSandboxConnectionError = exports.LangSmithSandboxAuthenticationError = exports.LangSmithSandboxAPIError = exports.LangSmithSandboxError = exports.s3Mount = exports.mountConfig = exports.gcsMount = exports.workspaceSecret = exports.proxyConfig = exports.opaqueSecret = exports.gcpAuth = exports.awsAuth = exports.CommandHandle = exports.Sandbox = exports.SandboxClient = void 0;
|
|
32
|
+
exports.LangSmithDataplaneNotConfiguredError = exports.LangSmithCommandTimeoutError = exports.LangSmithSandboxOperationError = exports.LangSmithSandboxNotReadyError = exports.LangSmithSandboxCreationError = exports.LangSmithResourceCreationError = exports.LangSmithQuotaExceededError = exports.LangSmithValidationError = exports.LangSmithResourceNameConflictError = exports.LangSmithResourceAlreadyExistsError = exports.LangSmithResourceInUseError = exports.LangSmithResourceTimeoutError = exports.LangSmithResourceNotFoundError = exports.LangSmithSandboxServerReloadError = exports.LangSmithSandboxConnectionError = exports.LangSmithSandboxAuthenticationError = exports.LangSmithSandboxAPIError = exports.LangSmithSandboxError = exports.s3Mount = exports.mountConfig = exports.gitMount = exports.gcsMount = exports.workspaceSecret = exports.proxyConfig = exports.opaqueSecret = exports.gcpAuth = exports.awsAuth = exports.CommandHandle = exports.Sandbox = exports.SandboxClient = void 0;
|
|
33
33
|
// Main classes
|
|
34
34
|
var client_js_1 = require("./client.cjs");
|
|
35
35
|
Object.defineProperty(exports, "SandboxClient", { enumerable: true, get: function () { return client_js_1.SandboxClient; } });
|
|
@@ -45,6 +45,7 @@ Object.defineProperty(exports, "proxyConfig", { enumerable: true, get: function
|
|
|
45
45
|
Object.defineProperty(exports, "workspaceSecret", { enumerable: true, get: function () { return proxy_config_js_1.workspaceSecret; } });
|
|
46
46
|
var mounts_js_1 = require("./mounts.cjs");
|
|
47
47
|
Object.defineProperty(exports, "gcsMount", { enumerable: true, get: function () { return mounts_js_1.gcsMount; } });
|
|
48
|
+
Object.defineProperty(exports, "gitMount", { enumerable: true, get: function () { return mounts_js_1.gitMount; } });
|
|
48
49
|
Object.defineProperty(exports, "mountConfig", { enumerable: true, get: function () { return mounts_js_1.mountConfig; } });
|
|
49
50
|
Object.defineProperty(exports, "s3Mount", { enumerable: true, get: function () { return mounts_js_1.s3Mount; } });
|
|
50
51
|
// Errors
|
package/dist/sandbox/index.d.ts
CHANGED
|
@@ -31,6 +31,6 @@ export { SandboxClient } from "./client.js";
|
|
|
31
31
|
export { Sandbox } from "./sandbox.js";
|
|
32
32
|
export { CommandHandle } from "./command_handle.js";
|
|
33
33
|
export { awsAuth, gcpAuth, opaqueSecret, proxyConfig, workspaceSecret, } from "./proxy_config.js";
|
|
34
|
-
export { gcsMount, mountConfig, s3Mount } from "./mounts.js";
|
|
35
|
-
export type { ExecutionResult, OutputChunk, WsMessage, WsRunOptions, ResourceStatus, Snapshot, SandboxData, SandboxClientConfig, RunOptions, CreateSandboxOptions, SandboxAccessControl, SandboxAwsAuthRule, SandboxGcpAuthRule, SandboxMountConfig, SandboxProxyConfig, SandboxProxyRule, SandboxProxySecret, SandboxMount, MountCacheConfig, GCSMountConfig, GCSMountSpec, S3MountConfig, S3MountSpec, CreateSnapshotOptions, CreateDockerfileSnapshotOptions, CaptureSnapshotOptions, ListSnapshotsOptions, WaitForSnapshotOptions, StartSandboxOptions, UpdateSandboxOptions, WaitForSandboxOptions, } from "./types.js";
|
|
34
|
+
export { gcsMount, gitMount, mountConfig, s3Mount } from "./mounts.js";
|
|
35
|
+
export type { ExecutionResult, OutputChunk, WsMessage, WsRunOptions, ResourceStatus, Snapshot, SandboxData, SandboxClientConfig, RunOptions, CreateSandboxOptions, SandboxAccessControl, SandboxAwsAuthRule, SandboxAwsMountAuthConfig, SandboxGcpAuthRule, SandboxGcpMountAuthConfig, SandboxMountAuth, SandboxMountAuthConfig, SandboxMountConfig, SandboxProxyConfig, SandboxProxyRule, SandboxProxySecret, SandboxMount, MountCacheConfig, GCSMountConfig, GCSMountSpec, GitMountConfig, GitMountRefSpec, GitMountSpec, S3MountConfig, S3MountSpec, CreateSnapshotOptions, CreateDockerfileSnapshotOptions, CaptureSnapshotOptions, ListSnapshotsOptions, WaitForSnapshotOptions, StartSandboxOptions, UpdateSandboxOptions, WaitForSandboxOptions, } from "./types.js";
|
|
36
36
|
export { LangSmithSandboxError, LangSmithSandboxAPIError, LangSmithSandboxAuthenticationError, LangSmithSandboxConnectionError, LangSmithSandboxServerReloadError, LangSmithResourceNotFoundError, LangSmithResourceTimeoutError, LangSmithResourceInUseError, LangSmithResourceAlreadyExistsError, LangSmithResourceNameConflictError, LangSmithValidationError, LangSmithQuotaExceededError, LangSmithResourceCreationError, LangSmithSandboxCreationError, LangSmithSandboxNotReadyError, LangSmithSandboxOperationError, LangSmithCommandTimeoutError, LangSmithDataplaneNotConfiguredError, } from "./errors.js";
|
package/dist/sandbox/index.js
CHANGED
|
@@ -32,7 +32,7 @@ export { SandboxClient } from "./client.js";
|
|
|
32
32
|
export { Sandbox } from "./sandbox.js";
|
|
33
33
|
export { CommandHandle } from "./command_handle.js";
|
|
34
34
|
export { awsAuth, gcpAuth, opaqueSecret, proxyConfig, workspaceSecret, } from "./proxy_config.js";
|
|
35
|
-
export { gcsMount, mountConfig, s3Mount } from "./mounts.js";
|
|
35
|
+
export { gcsMount, gitMount, mountConfig, s3Mount } from "./mounts.js";
|
|
36
36
|
// Errors
|
|
37
37
|
export {
|
|
38
38
|
// Base and connection errors
|
package/dist/sandbox/mounts.cjs
CHANGED
|
@@ -1,15 +1,74 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.s3Mount = s3Mount;
|
|
4
|
+
exports.gitMount = gitMount;
|
|
4
5
|
exports.gcsMount = gcsMount;
|
|
5
6
|
exports.mountConfig = mountConfig;
|
|
6
|
-
|
|
7
|
+
exports.validateMountConfigProxyConfig = validateMountConfigProxyConfig;
|
|
7
8
|
function requireNonEmptyString(value, field) {
|
|
8
9
|
if (typeof value !== "string" || value.trim() === "") {
|
|
9
10
|
throw new Error(`${field} must be a non-empty string`);
|
|
10
11
|
}
|
|
11
12
|
return value.trim();
|
|
12
13
|
}
|
|
14
|
+
function copyMountSecret(secret, field) {
|
|
15
|
+
if (secret === null || typeof secret !== "object" || Array.isArray(secret)) {
|
|
16
|
+
throw new Error(`${field} must be a sandbox secret`);
|
|
17
|
+
}
|
|
18
|
+
const candidate = secret;
|
|
19
|
+
if (candidate.type !== "workspace_secret" && candidate.type !== "opaque") {
|
|
20
|
+
throw new Error(`${field} must use workspace_secret or opaque`);
|
|
21
|
+
}
|
|
22
|
+
if (typeof candidate.value !== "string" || candidate.value.trim() === "") {
|
|
23
|
+
throw new Error(`${field}.value must be a non-empty string`);
|
|
24
|
+
}
|
|
25
|
+
return {
|
|
26
|
+
type: candidate.type,
|
|
27
|
+
value: candidate.value,
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
function requireGitRemoteUrl(remoteUrl) {
|
|
31
|
+
if (typeof remoteUrl !== "string" || remoteUrl === "") {
|
|
32
|
+
throw new Error("remoteUrl must be a non-empty string");
|
|
33
|
+
}
|
|
34
|
+
if (remoteUrl.trim() !== remoteUrl ||
|
|
35
|
+
/\s/u.test(remoteUrl) ||
|
|
36
|
+
remoteUrl.includes(String.fromCharCode(0))) {
|
|
37
|
+
throw new Error("remoteUrl must not contain whitespace or NUL bytes");
|
|
38
|
+
}
|
|
39
|
+
let parsed;
|
|
40
|
+
try {
|
|
41
|
+
parsed = new URL(remoteUrl);
|
|
42
|
+
}
|
|
43
|
+
catch {
|
|
44
|
+
throw new Error("remoteUrl must be an absolute HTTPS URL");
|
|
45
|
+
}
|
|
46
|
+
if (parsed.protocol !== "https:" || parsed.host === "") {
|
|
47
|
+
throw new Error("remoteUrl must be an absolute HTTPS URL");
|
|
48
|
+
}
|
|
49
|
+
if (parsed.username !== "" || parsed.password !== "") {
|
|
50
|
+
throw new Error("remoteUrl must not include embedded credentials");
|
|
51
|
+
}
|
|
52
|
+
if (parsed.pathname === "" || parsed.pathname === "/") {
|
|
53
|
+
throw new Error("remoteUrl must include a repository path");
|
|
54
|
+
}
|
|
55
|
+
if (parsed.search !== "" || parsed.hash !== "") {
|
|
56
|
+
throw new Error("remoteUrl must not include query or fragment");
|
|
57
|
+
}
|
|
58
|
+
return remoteUrl;
|
|
59
|
+
}
|
|
60
|
+
function copyGitRef(ref) {
|
|
61
|
+
if (ref === null || typeof ref !== "object" || Array.isArray(ref)) {
|
|
62
|
+
throw new Error("ref must be an object");
|
|
63
|
+
}
|
|
64
|
+
if (ref.type !== "branch" && ref.type !== "tag") {
|
|
65
|
+
throw new Error("ref.type must be branch or tag");
|
|
66
|
+
}
|
|
67
|
+
return {
|
|
68
|
+
type: ref.type,
|
|
69
|
+
name: requireNonEmptyString(ref.name, "ref.name"),
|
|
70
|
+
};
|
|
71
|
+
}
|
|
13
72
|
function s3Mount({ id, mountPath, bucket, region = "us-east-1", prefix, endpointUrl = "https://s3.amazonaws.com", pathStyle = false, readOnly, cache, }) {
|
|
14
73
|
const mount = {
|
|
15
74
|
id: requireNonEmptyString(id, "id"),
|
|
@@ -33,6 +92,26 @@ function s3Mount({ id, mountPath, bucket, region = "us-east-1", prefix, endpoint
|
|
|
33
92
|
}
|
|
34
93
|
return mount;
|
|
35
94
|
}
|
|
95
|
+
function gitMount({ id, mountPath, remoteUrl, ref, refreshIntervalSeconds, }) {
|
|
96
|
+
const mount = {
|
|
97
|
+
id: requireNonEmptyString(id, "id"),
|
|
98
|
+
type: "git",
|
|
99
|
+
mount_path: requireNonEmptyString(mountPath, "mountPath"),
|
|
100
|
+
git: {
|
|
101
|
+
remote_url: requireGitRemoteUrl(remoteUrl),
|
|
102
|
+
},
|
|
103
|
+
};
|
|
104
|
+
if (ref !== undefined) {
|
|
105
|
+
mount.git.ref = copyGitRef(ref);
|
|
106
|
+
}
|
|
107
|
+
if (refreshIntervalSeconds !== undefined) {
|
|
108
|
+
if (refreshIntervalSeconds < 1) {
|
|
109
|
+
throw new Error("refreshIntervalSeconds must be at least 1");
|
|
110
|
+
}
|
|
111
|
+
mount.git.refresh_interval_seconds = refreshIntervalSeconds;
|
|
112
|
+
}
|
|
113
|
+
return mount;
|
|
114
|
+
}
|
|
36
115
|
function gcsMount({ id, mountPath, bucket, prefix, readOnly, cache, }) {
|
|
37
116
|
const mount = {
|
|
38
117
|
id: requireNonEmptyString(id, "id"),
|
|
@@ -61,35 +140,80 @@ function normalizeMounts(mounts) {
|
|
|
61
140
|
if (mount === null || typeof mount !== "object" || Array.isArray(mount)) {
|
|
62
141
|
throw new Error("mounts must be a non-empty array of mount objects");
|
|
63
142
|
}
|
|
64
|
-
if (mount.type !== "s3" && mount.type !== "gcs") {
|
|
65
|
-
throw new Error("mountConfig only supports s3 and
|
|
143
|
+
if (mount.type !== "s3" && mount.type !== "gcs" && mount.type !== "git") {
|
|
144
|
+
throw new Error("mountConfig only supports s3, gcs, and git mounts");
|
|
66
145
|
}
|
|
146
|
+
rejectProviderCredentialsInMount(mount);
|
|
67
147
|
return mount;
|
|
68
148
|
});
|
|
69
149
|
}
|
|
70
|
-
|
|
150
|
+
const FORBIDDEN_MOUNT_CREDENTIAL_FIELDS = new Set([
|
|
151
|
+
"access_key_id",
|
|
152
|
+
"secret_access_key",
|
|
153
|
+
"session_token",
|
|
154
|
+
"service_account_json",
|
|
155
|
+
"access_token",
|
|
156
|
+
"refresh_token",
|
|
157
|
+
"credentials",
|
|
158
|
+
"credential",
|
|
159
|
+
]);
|
|
160
|
+
function rejectProviderCredentialsInMount(value) {
|
|
161
|
+
if (Array.isArray(value)) {
|
|
162
|
+
for (const child of value) {
|
|
163
|
+
rejectProviderCredentialsInMount(child);
|
|
164
|
+
}
|
|
165
|
+
return;
|
|
166
|
+
}
|
|
167
|
+
if (value !== null && typeof value === "object") {
|
|
168
|
+
for (const [key, child] of Object.entries(value)) {
|
|
169
|
+
if (FORBIDDEN_MOUNT_CREDENTIAL_FIELDS.has(key)) {
|
|
170
|
+
throw new Error("provider credentials must be supplied in mountConfig.auth, not individual mount specs");
|
|
171
|
+
}
|
|
172
|
+
rejectProviderCredentialsInMount(child);
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
function normalizeMountAuth(auth) {
|
|
71
177
|
if (!Array.isArray(auth)) {
|
|
72
|
-
throw new Error("auth must be an array of provider auth
|
|
178
|
+
throw new Error("auth must be an array of provider auth blocks");
|
|
73
179
|
}
|
|
74
180
|
const byProvider = {};
|
|
75
|
-
for (const
|
|
76
|
-
if (
|
|
77
|
-
throw new Error("auth must be an array of provider auth
|
|
181
|
+
for (const block of auth) {
|
|
182
|
+
if (block === null || typeof block !== "object" || Array.isArray(block)) {
|
|
183
|
+
throw new Error("auth must be an array of provider auth blocks");
|
|
78
184
|
}
|
|
79
|
-
const provider =
|
|
185
|
+
const provider = block.type;
|
|
80
186
|
if (provider !== "aws" && provider !== "gcp") {
|
|
81
|
-
throw new Error("mountConfig auth only supports aws and gcp
|
|
187
|
+
throw new Error("mountConfig auth only supports aws and gcp blocks");
|
|
82
188
|
}
|
|
83
189
|
if (byProvider[provider] !== undefined) {
|
|
84
190
|
throw new Error(`duplicate ${provider} auth rule in mountConfig`);
|
|
85
191
|
}
|
|
86
|
-
|
|
192
|
+
if (provider === "aws") {
|
|
193
|
+
const aws = block.aws;
|
|
194
|
+
if (aws === undefined) {
|
|
195
|
+
throw new Error("aws mount auth must include an aws block");
|
|
196
|
+
}
|
|
197
|
+
byProvider.aws = {
|
|
198
|
+
access_key_id: copyMountSecret(aws.access_key_id, "accessKeyId"),
|
|
199
|
+
secret_access_key: copyMountSecret(aws.secret_access_key, "secretAccessKey"),
|
|
200
|
+
};
|
|
201
|
+
}
|
|
202
|
+
else {
|
|
203
|
+
const gcp = block.gcp;
|
|
204
|
+
if (gcp === undefined) {
|
|
205
|
+
throw new Error("gcp mount auth must include a gcp block");
|
|
206
|
+
}
|
|
207
|
+
byProvider.gcp = {
|
|
208
|
+
service_account_json: copyMountSecret(gcp.service_account_json, "serviceAccountJson"),
|
|
209
|
+
};
|
|
210
|
+
}
|
|
87
211
|
}
|
|
88
212
|
return byProvider;
|
|
89
213
|
}
|
|
90
|
-
function mountConfig({ auth, mounts, }) {
|
|
214
|
+
function mountConfig({ auth = [], mounts, }) {
|
|
91
215
|
const normalizedMounts = normalizeMounts(mounts);
|
|
92
|
-
const authByProvider =
|
|
216
|
+
const authByProvider = normalizeMountAuth(auth);
|
|
93
217
|
const mountProviders = new Set(normalizedMounts.map((mount) => mount.type));
|
|
94
218
|
if (mountProviders.has("s3") && authByProvider.aws === undefined) {
|
|
95
219
|
throw new Error("s3 mounts require aws auth in mountConfig");
|
|
@@ -104,11 +228,26 @@ function mountConfig({ auth, mounts, }) {
|
|
|
104
228
|
throw new Error("gcp auth requires at least one gcs mount in mountConfig");
|
|
105
229
|
}
|
|
106
230
|
return {
|
|
231
|
+
auth: authByProvider,
|
|
107
232
|
mounts: normalizedMounts,
|
|
108
|
-
proxyConfig: (0, proxy_config_js_1.proxyConfig)({
|
|
109
|
-
rules: ["aws", "gcp"]
|
|
110
|
-
.map((provider) => authByProvider[provider])
|
|
111
|
-
.filter((rule) => rule !== undefined),
|
|
112
|
-
}),
|
|
113
233
|
};
|
|
114
234
|
}
|
|
235
|
+
function validateMountConfigProxyConfig(mountConfig, proxyConfig) {
|
|
236
|
+
if (proxyConfig === undefined) {
|
|
237
|
+
return;
|
|
238
|
+
}
|
|
239
|
+
const rules = proxyConfig.rules ?? [];
|
|
240
|
+
if (!Array.isArray(rules)) {
|
|
241
|
+
throw new Error("proxyConfig rules must be an array");
|
|
242
|
+
}
|
|
243
|
+
for (const rule of rules) {
|
|
244
|
+
if (rule === null || typeof rule !== "object" || Array.isArray(rule)) {
|
|
245
|
+
continue;
|
|
246
|
+
}
|
|
247
|
+
const ruleType = rule.type;
|
|
248
|
+
if ((ruleType === "aws" || ruleType === "gcp") &&
|
|
249
|
+
mountConfig.auth[ruleType] !== undefined) {
|
|
250
|
+
throw new Error(`${ruleType} auth cannot be provided in both mountConfig and proxyConfig`);
|
|
251
|
+
}
|
|
252
|
+
}
|
|
253
|
+
}
|
package/dist/sandbox/mounts.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { GCSMountSpec, MountCacheConfig, S3MountSpec, SandboxMount, SandboxMountConfig,
|
|
1
|
+
import type { GCSMountSpec, GitMountRefSpec, GitMountSpec, MountCacheConfig, S3MountSpec, SandboxMount, SandboxMountAuth, SandboxMountConfig, SandboxProxyConfig } from "./types.js";
|
|
2
2
|
export declare function s3Mount({ id, mountPath, bucket, region, prefix, endpointUrl, pathStyle, readOnly, cache, }: {
|
|
3
3
|
id: string;
|
|
4
4
|
mountPath: string;
|
|
@@ -10,6 +10,13 @@ export declare function s3Mount({ id, mountPath, bucket, region, prefix, endpoin
|
|
|
10
10
|
readOnly?: boolean;
|
|
11
11
|
cache?: MountCacheConfig;
|
|
12
12
|
}): S3MountSpec;
|
|
13
|
+
export declare function gitMount({ id, mountPath, remoteUrl, ref, refreshIntervalSeconds, }: {
|
|
14
|
+
id: string;
|
|
15
|
+
mountPath: string;
|
|
16
|
+
remoteUrl: string;
|
|
17
|
+
ref?: GitMountRefSpec;
|
|
18
|
+
refreshIntervalSeconds?: number;
|
|
19
|
+
}): GitMountSpec;
|
|
13
20
|
export declare function gcsMount({ id, mountPath, bucket, prefix, readOnly, cache, }: {
|
|
14
21
|
id: string;
|
|
15
22
|
mountPath: string;
|
|
@@ -19,6 +26,7 @@ export declare function gcsMount({ id, mountPath, bucket, prefix, readOnly, cach
|
|
|
19
26
|
cache?: MountCacheConfig;
|
|
20
27
|
}): GCSMountSpec;
|
|
21
28
|
export declare function mountConfig({ auth, mounts, }: {
|
|
22
|
-
auth
|
|
29
|
+
auth?: SandboxMountAuth[];
|
|
23
30
|
mounts: SandboxMount[];
|
|
24
31
|
}): SandboxMountConfig;
|
|
32
|
+
export declare function validateMountConfigProxyConfig(mountConfig: SandboxMountConfig, proxyConfig: SandboxProxyConfig | undefined): void;
|
package/dist/sandbox/mounts.js
CHANGED
|
@@ -1,10 +1,67 @@
|
|
|
1
|
-
import { proxyConfig } from "./proxy_config.js";
|
|
2
1
|
function requireNonEmptyString(value, field) {
|
|
3
2
|
if (typeof value !== "string" || value.trim() === "") {
|
|
4
3
|
throw new Error(`${field} must be a non-empty string`);
|
|
5
4
|
}
|
|
6
5
|
return value.trim();
|
|
7
6
|
}
|
|
7
|
+
function copyMountSecret(secret, field) {
|
|
8
|
+
if (secret === null || typeof secret !== "object" || Array.isArray(secret)) {
|
|
9
|
+
throw new Error(`${field} must be a sandbox secret`);
|
|
10
|
+
}
|
|
11
|
+
const candidate = secret;
|
|
12
|
+
if (candidate.type !== "workspace_secret" && candidate.type !== "opaque") {
|
|
13
|
+
throw new Error(`${field} must use workspace_secret or opaque`);
|
|
14
|
+
}
|
|
15
|
+
if (typeof candidate.value !== "string" || candidate.value.trim() === "") {
|
|
16
|
+
throw new Error(`${field}.value must be a non-empty string`);
|
|
17
|
+
}
|
|
18
|
+
return {
|
|
19
|
+
type: candidate.type,
|
|
20
|
+
value: candidate.value,
|
|
21
|
+
};
|
|
22
|
+
}
|
|
23
|
+
function requireGitRemoteUrl(remoteUrl) {
|
|
24
|
+
if (typeof remoteUrl !== "string" || remoteUrl === "") {
|
|
25
|
+
throw new Error("remoteUrl must be a non-empty string");
|
|
26
|
+
}
|
|
27
|
+
if (remoteUrl.trim() !== remoteUrl ||
|
|
28
|
+
/\s/u.test(remoteUrl) ||
|
|
29
|
+
remoteUrl.includes(String.fromCharCode(0))) {
|
|
30
|
+
throw new Error("remoteUrl must not contain whitespace or NUL bytes");
|
|
31
|
+
}
|
|
32
|
+
let parsed;
|
|
33
|
+
try {
|
|
34
|
+
parsed = new URL(remoteUrl);
|
|
35
|
+
}
|
|
36
|
+
catch {
|
|
37
|
+
throw new Error("remoteUrl must be an absolute HTTPS URL");
|
|
38
|
+
}
|
|
39
|
+
if (parsed.protocol !== "https:" || parsed.host === "") {
|
|
40
|
+
throw new Error("remoteUrl must be an absolute HTTPS URL");
|
|
41
|
+
}
|
|
42
|
+
if (parsed.username !== "" || parsed.password !== "") {
|
|
43
|
+
throw new Error("remoteUrl must not include embedded credentials");
|
|
44
|
+
}
|
|
45
|
+
if (parsed.pathname === "" || parsed.pathname === "/") {
|
|
46
|
+
throw new Error("remoteUrl must include a repository path");
|
|
47
|
+
}
|
|
48
|
+
if (parsed.search !== "" || parsed.hash !== "") {
|
|
49
|
+
throw new Error("remoteUrl must not include query or fragment");
|
|
50
|
+
}
|
|
51
|
+
return remoteUrl;
|
|
52
|
+
}
|
|
53
|
+
function copyGitRef(ref) {
|
|
54
|
+
if (ref === null || typeof ref !== "object" || Array.isArray(ref)) {
|
|
55
|
+
throw new Error("ref must be an object");
|
|
56
|
+
}
|
|
57
|
+
if (ref.type !== "branch" && ref.type !== "tag") {
|
|
58
|
+
throw new Error("ref.type must be branch or tag");
|
|
59
|
+
}
|
|
60
|
+
return {
|
|
61
|
+
type: ref.type,
|
|
62
|
+
name: requireNonEmptyString(ref.name, "ref.name"),
|
|
63
|
+
};
|
|
64
|
+
}
|
|
8
65
|
export function s3Mount({ id, mountPath, bucket, region = "us-east-1", prefix, endpointUrl = "https://s3.amazonaws.com", pathStyle = false, readOnly, cache, }) {
|
|
9
66
|
const mount = {
|
|
10
67
|
id: requireNonEmptyString(id, "id"),
|
|
@@ -28,6 +85,26 @@ export function s3Mount({ id, mountPath, bucket, region = "us-east-1", prefix, e
|
|
|
28
85
|
}
|
|
29
86
|
return mount;
|
|
30
87
|
}
|
|
88
|
+
export function gitMount({ id, mountPath, remoteUrl, ref, refreshIntervalSeconds, }) {
|
|
89
|
+
const mount = {
|
|
90
|
+
id: requireNonEmptyString(id, "id"),
|
|
91
|
+
type: "git",
|
|
92
|
+
mount_path: requireNonEmptyString(mountPath, "mountPath"),
|
|
93
|
+
git: {
|
|
94
|
+
remote_url: requireGitRemoteUrl(remoteUrl),
|
|
95
|
+
},
|
|
96
|
+
};
|
|
97
|
+
if (ref !== undefined) {
|
|
98
|
+
mount.git.ref = copyGitRef(ref);
|
|
99
|
+
}
|
|
100
|
+
if (refreshIntervalSeconds !== undefined) {
|
|
101
|
+
if (refreshIntervalSeconds < 1) {
|
|
102
|
+
throw new Error("refreshIntervalSeconds must be at least 1");
|
|
103
|
+
}
|
|
104
|
+
mount.git.refresh_interval_seconds = refreshIntervalSeconds;
|
|
105
|
+
}
|
|
106
|
+
return mount;
|
|
107
|
+
}
|
|
31
108
|
export function gcsMount({ id, mountPath, bucket, prefix, readOnly, cache, }) {
|
|
32
109
|
const mount = {
|
|
33
110
|
id: requireNonEmptyString(id, "id"),
|
|
@@ -56,35 +133,80 @@ function normalizeMounts(mounts) {
|
|
|
56
133
|
if (mount === null || typeof mount !== "object" || Array.isArray(mount)) {
|
|
57
134
|
throw new Error("mounts must be a non-empty array of mount objects");
|
|
58
135
|
}
|
|
59
|
-
if (mount.type !== "s3" && mount.type !== "gcs") {
|
|
60
|
-
throw new Error("mountConfig only supports s3 and
|
|
136
|
+
if (mount.type !== "s3" && mount.type !== "gcs" && mount.type !== "git") {
|
|
137
|
+
throw new Error("mountConfig only supports s3, gcs, and git mounts");
|
|
61
138
|
}
|
|
139
|
+
rejectProviderCredentialsInMount(mount);
|
|
62
140
|
return mount;
|
|
63
141
|
});
|
|
64
142
|
}
|
|
65
|
-
|
|
143
|
+
const FORBIDDEN_MOUNT_CREDENTIAL_FIELDS = new Set([
|
|
144
|
+
"access_key_id",
|
|
145
|
+
"secret_access_key",
|
|
146
|
+
"session_token",
|
|
147
|
+
"service_account_json",
|
|
148
|
+
"access_token",
|
|
149
|
+
"refresh_token",
|
|
150
|
+
"credentials",
|
|
151
|
+
"credential",
|
|
152
|
+
]);
|
|
153
|
+
function rejectProviderCredentialsInMount(value) {
|
|
154
|
+
if (Array.isArray(value)) {
|
|
155
|
+
for (const child of value) {
|
|
156
|
+
rejectProviderCredentialsInMount(child);
|
|
157
|
+
}
|
|
158
|
+
return;
|
|
159
|
+
}
|
|
160
|
+
if (value !== null && typeof value === "object") {
|
|
161
|
+
for (const [key, child] of Object.entries(value)) {
|
|
162
|
+
if (FORBIDDEN_MOUNT_CREDENTIAL_FIELDS.has(key)) {
|
|
163
|
+
throw new Error("provider credentials must be supplied in mountConfig.auth, not individual mount specs");
|
|
164
|
+
}
|
|
165
|
+
rejectProviderCredentialsInMount(child);
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
function normalizeMountAuth(auth) {
|
|
66
170
|
if (!Array.isArray(auth)) {
|
|
67
|
-
throw new Error("auth must be an array of provider auth
|
|
171
|
+
throw new Error("auth must be an array of provider auth blocks");
|
|
68
172
|
}
|
|
69
173
|
const byProvider = {};
|
|
70
|
-
for (const
|
|
71
|
-
if (
|
|
72
|
-
throw new Error("auth must be an array of provider auth
|
|
174
|
+
for (const block of auth) {
|
|
175
|
+
if (block === null || typeof block !== "object" || Array.isArray(block)) {
|
|
176
|
+
throw new Error("auth must be an array of provider auth blocks");
|
|
73
177
|
}
|
|
74
|
-
const provider =
|
|
178
|
+
const provider = block.type;
|
|
75
179
|
if (provider !== "aws" && provider !== "gcp") {
|
|
76
|
-
throw new Error("mountConfig auth only supports aws and gcp
|
|
180
|
+
throw new Error("mountConfig auth only supports aws and gcp blocks");
|
|
77
181
|
}
|
|
78
182
|
if (byProvider[provider] !== undefined) {
|
|
79
183
|
throw new Error(`duplicate ${provider} auth rule in mountConfig`);
|
|
80
184
|
}
|
|
81
|
-
|
|
185
|
+
if (provider === "aws") {
|
|
186
|
+
const aws = block.aws;
|
|
187
|
+
if (aws === undefined) {
|
|
188
|
+
throw new Error("aws mount auth must include an aws block");
|
|
189
|
+
}
|
|
190
|
+
byProvider.aws = {
|
|
191
|
+
access_key_id: copyMountSecret(aws.access_key_id, "accessKeyId"),
|
|
192
|
+
secret_access_key: copyMountSecret(aws.secret_access_key, "secretAccessKey"),
|
|
193
|
+
};
|
|
194
|
+
}
|
|
195
|
+
else {
|
|
196
|
+
const gcp = block.gcp;
|
|
197
|
+
if (gcp === undefined) {
|
|
198
|
+
throw new Error("gcp mount auth must include a gcp block");
|
|
199
|
+
}
|
|
200
|
+
byProvider.gcp = {
|
|
201
|
+
service_account_json: copyMountSecret(gcp.service_account_json, "serviceAccountJson"),
|
|
202
|
+
};
|
|
203
|
+
}
|
|
82
204
|
}
|
|
83
205
|
return byProvider;
|
|
84
206
|
}
|
|
85
|
-
export function mountConfig({ auth, mounts, }) {
|
|
207
|
+
export function mountConfig({ auth = [], mounts, }) {
|
|
86
208
|
const normalizedMounts = normalizeMounts(mounts);
|
|
87
|
-
const authByProvider =
|
|
209
|
+
const authByProvider = normalizeMountAuth(auth);
|
|
88
210
|
const mountProviders = new Set(normalizedMounts.map((mount) => mount.type));
|
|
89
211
|
if (mountProviders.has("s3") && authByProvider.aws === undefined) {
|
|
90
212
|
throw new Error("s3 mounts require aws auth in mountConfig");
|
|
@@ -99,11 +221,26 @@ export function mountConfig({ auth, mounts, }) {
|
|
|
99
221
|
throw new Error("gcp auth requires at least one gcs mount in mountConfig");
|
|
100
222
|
}
|
|
101
223
|
return {
|
|
224
|
+
auth: authByProvider,
|
|
102
225
|
mounts: normalizedMounts,
|
|
103
|
-
proxyConfig: proxyConfig({
|
|
104
|
-
rules: ["aws", "gcp"]
|
|
105
|
-
.map((provider) => authByProvider[provider])
|
|
106
|
-
.filter((rule) => rule !== undefined),
|
|
107
|
-
}),
|
|
108
226
|
};
|
|
109
227
|
}
|
|
228
|
+
export function validateMountConfigProxyConfig(mountConfig, proxyConfig) {
|
|
229
|
+
if (proxyConfig === undefined) {
|
|
230
|
+
return;
|
|
231
|
+
}
|
|
232
|
+
const rules = proxyConfig.rules ?? [];
|
|
233
|
+
if (!Array.isArray(rules)) {
|
|
234
|
+
throw new Error("proxyConfig rules must be an array");
|
|
235
|
+
}
|
|
236
|
+
for (const rule of rules) {
|
|
237
|
+
if (rule === null || typeof rule !== "object" || Array.isArray(rule)) {
|
|
238
|
+
continue;
|
|
239
|
+
}
|
|
240
|
+
const ruleType = rule.type;
|
|
241
|
+
if ((ruleType === "aws" || ruleType === "gcp") &&
|
|
242
|
+
mountConfig.auth[ruleType] !== undefined) {
|
|
243
|
+
throw new Error(`${ruleType} auth cannot be provided in both mountConfig and proxyConfig`);
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
}
|
|
@@ -3,14 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.workspaceSecret = workspaceSecret;
|
|
4
4
|
exports.opaqueSecret = opaqueSecret;
|
|
5
5
|
exports.proxyConfig = proxyConfig;
|
|
6
|
-
exports.mergeProxyConfigs = mergeProxyConfigs;
|
|
7
6
|
exports.awsAuth = awsAuth;
|
|
8
7
|
exports.gcpAuth = gcpAuth;
|
|
9
|
-
const DEFAULT_GCP_AUTH_MATCH_HOSTS = [
|
|
10
|
-
"storage.googleapis.com",
|
|
11
|
-
"www.googleapis.com",
|
|
12
|
-
];
|
|
13
|
-
const PROVIDER_RULE_TYPES = new Set(["aws", "gcp"]);
|
|
14
8
|
function requireNonEmptyString(value, field) {
|
|
15
9
|
if (typeof value !== "string" || value.trim() === "") {
|
|
16
10
|
throw new Error(`${field} must be a non-empty string`);
|
|
@@ -34,9 +28,20 @@ function requireProxyRules(rules) {
|
|
|
34
28
|
if (rule === null || typeof rule !== "object" || Array.isArray(rule)) {
|
|
35
29
|
throw new Error("rules must be an array of proxy rule objects");
|
|
36
30
|
}
|
|
31
|
+
validateProxyProviderRule(rule);
|
|
37
32
|
return rule;
|
|
38
33
|
});
|
|
39
34
|
}
|
|
35
|
+
function validateProxyProviderRule(rule) {
|
|
36
|
+
if (rule.type !== "gcp") {
|
|
37
|
+
return;
|
|
38
|
+
}
|
|
39
|
+
const gcp = rule.gcp;
|
|
40
|
+
if (gcp === undefined || gcp.scopes === undefined) {
|
|
41
|
+
throw new Error("gcp proxy auth rules require scopes");
|
|
42
|
+
}
|
|
43
|
+
requireNonEmptyStringArray(gcp.scopes, "scopes");
|
|
44
|
+
}
|
|
40
45
|
/** Reference a LangSmith workspace secret in a sandbox proxy configuration. */
|
|
41
46
|
function workspaceSecret(name) {
|
|
42
47
|
const normalized = requireNonEmptyString(name, "name");
|
|
@@ -73,38 +78,6 @@ function proxyConfig({ rules, noProxy, accessControl, } = {}) {
|
|
|
73
78
|
}
|
|
74
79
|
return config;
|
|
75
80
|
}
|
|
76
|
-
function providerRuleTypes(config) {
|
|
77
|
-
const providers = new Set();
|
|
78
|
-
for (const rule of config.rules ?? []) {
|
|
79
|
-
if (rule === null || typeof rule !== "object" || Array.isArray(rule)) {
|
|
80
|
-
continue;
|
|
81
|
-
}
|
|
82
|
-
const ruleType = rule.type;
|
|
83
|
-
if (typeof ruleType === "string" && PROVIDER_RULE_TYPES.has(ruleType)) {
|
|
84
|
-
providers.add(ruleType);
|
|
85
|
-
}
|
|
86
|
-
}
|
|
87
|
-
return providers;
|
|
88
|
-
}
|
|
89
|
-
function mergeProxyConfigs(generatedConfig, explicitConfig) {
|
|
90
|
-
if (generatedConfig === undefined) {
|
|
91
|
-
return explicitConfig;
|
|
92
|
-
}
|
|
93
|
-
if (explicitConfig === undefined) {
|
|
94
|
-
return generatedConfig;
|
|
95
|
-
}
|
|
96
|
-
const generatedProviders = providerRuleTypes(generatedConfig);
|
|
97
|
-
for (const provider of providerRuleTypes(explicitConfig)) {
|
|
98
|
-
if (generatedProviders.has(provider)) {
|
|
99
|
-
throw new Error(`${provider} auth cannot be provided in both mountConfig and proxyConfig`);
|
|
100
|
-
}
|
|
101
|
-
}
|
|
102
|
-
return {
|
|
103
|
-
...generatedConfig,
|
|
104
|
-
...explicitConfig,
|
|
105
|
-
rules: [...(generatedConfig.rules ?? []), ...(explicitConfig.rules ?? [])],
|
|
106
|
-
};
|
|
107
|
-
}
|
|
108
81
|
/** Build a sandbox proxy rule that signs AWS HTTPS requests with SigV4. */
|
|
109
82
|
function awsAuth({ accessKeyId, secretAccessKey, name = "aws", enabled = true, }) {
|
|
110
83
|
return {
|
|
@@ -118,15 +91,17 @@ function awsAuth({ accessKeyId, secretAccessKey, name = "aws", enabled = true, }
|
|
|
118
91
|
};
|
|
119
92
|
}
|
|
120
93
|
/** Build a sandbox proxy rule that injects GCP OAuth bearer auth. */
|
|
121
|
-
function gcpAuth({ serviceAccountJson, scopes,
|
|
94
|
+
function gcpAuth({ serviceAccountJson, scopes, name = "gcp", enabled = true, }) {
|
|
95
|
+
const gcp = {
|
|
96
|
+
service_account_json: serviceAccountJson,
|
|
97
|
+
};
|
|
98
|
+
if (scopes !== undefined) {
|
|
99
|
+
gcp.scopes = requireNonEmptyStringArray(scopes, "scopes");
|
|
100
|
+
}
|
|
122
101
|
return {
|
|
123
102
|
name: requireNonEmptyString(name, "name"),
|
|
124
103
|
type: "gcp",
|
|
125
104
|
enabled,
|
|
126
|
-
|
|
127
|
-
gcp: {
|
|
128
|
-
service_account_json: serviceAccountJson,
|
|
129
|
-
scopes: requireNonEmptyStringArray(scopes, "scopes"),
|
|
130
|
-
},
|
|
105
|
+
gcp,
|
|
131
106
|
};
|
|
132
107
|
}
|
|
@@ -9,7 +9,6 @@ export declare function proxyConfig({ rules, noProxy, accessControl, }?: {
|
|
|
9
9
|
noProxy?: string[];
|
|
10
10
|
accessControl?: SandboxAccessControl;
|
|
11
11
|
}): SandboxProxyConfig;
|
|
12
|
-
export declare function mergeProxyConfigs(generatedConfig: SandboxProxyConfig | undefined, explicitConfig: SandboxProxyConfig | undefined): SandboxProxyConfig | undefined;
|
|
13
12
|
/** Build a sandbox proxy rule that signs AWS HTTPS requests with SigV4. */
|
|
14
13
|
export declare function awsAuth({ accessKeyId, secretAccessKey, name, enabled, }: {
|
|
15
14
|
accessKeyId: SandboxProxySecret;
|
|
@@ -18,10 +17,9 @@ export declare function awsAuth({ accessKeyId, secretAccessKey, name, enabled, }
|
|
|
18
17
|
enabled?: boolean;
|
|
19
18
|
}): SandboxAwsAuthRule;
|
|
20
19
|
/** Build a sandbox proxy rule that injects GCP OAuth bearer auth. */
|
|
21
|
-
export declare function gcpAuth({ serviceAccountJson, scopes,
|
|
20
|
+
export declare function gcpAuth({ serviceAccountJson, scopes, name, enabled, }: {
|
|
22
21
|
serviceAccountJson: SandboxProxySecret;
|
|
23
|
-
scopes
|
|
24
|
-
matchHosts?: string[];
|
|
22
|
+
scopes?: string[];
|
|
25
23
|
name?: string;
|
|
26
24
|
enabled?: boolean;
|
|
27
25
|
}): SandboxGcpAuthRule;
|