polpo-ai 0.10.3 → 0.10.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -1
- package/package.json +6 -6
package/README.md
CHANGED
|
@@ -215,6 +215,59 @@ Use `type: "tool"` for deterministic sandbox/tool actions without an LLM turn, a
|
|
|
215
215
|
|
|
216
216
|
Loop guards use Polpo's safe expression evaluator instead of JavaScript `eval` or `new Function`. Step outputs are available in the shared context bag by step id or `saveAs` path, e.g. `classify.route`, `review.approved`, or `timing.start`. `saveAs` writes context data; it does not create shell variables inside later `bash` commands. The OSS surface validates and round-trips the contract through core types, API schemas, SDK types, `polpo deploy`, and `polpo pull`.
|
|
217
217
|
|
|
218
|
+
Loops also have first-class governance fields:
|
|
219
|
+
|
|
220
|
+
- `permissions`: readable allow/deny/approval rules for resources such as `tool`, `step`, `model`, `human`, and `loop`. Use this for least-privilege runtime constraints beyond an agent's broad tool assignment.
|
|
221
|
+
- `policies`: expression-based gates for advanced compliance rules.
|
|
222
|
+
- `hooks`: deterministic tool actions at lifecycle points such as `loop:start`, `tool:before`, `tool:after`, and `loop:end`.
|
|
223
|
+
- `loop_trace`: durable runtime events including `permission.result`, `policy.result`, `approval.required`, tool calls, transitions, and step outcomes.
|
|
224
|
+
|
|
225
|
+
You can also keep loops as code and compile them to the same canonical contract:
|
|
226
|
+
|
|
227
|
+
```ts
|
|
228
|
+
// .polpo/loops/router-flow.ts
|
|
229
|
+
import { defineProjectLoop } from "@polpo-ai/core/loop-code";
|
|
230
|
+
|
|
231
|
+
export default defineProjectLoop({
|
|
232
|
+
version: "1",
|
|
233
|
+
kind: "graph",
|
|
234
|
+
name: "router-flow",
|
|
235
|
+
context: "shared",
|
|
236
|
+
permissions: [
|
|
237
|
+
{
|
|
238
|
+
id: "router-tool-allowlist",
|
|
239
|
+
resource: "tool",
|
|
240
|
+
action: "call",
|
|
241
|
+
effect: "allow",
|
|
242
|
+
match: { tool: ["read", "write"] }
|
|
243
|
+
}
|
|
244
|
+
],
|
|
245
|
+
start: "classify",
|
|
246
|
+
steps: {
|
|
247
|
+
classify: {
|
|
248
|
+
type: "agent",
|
|
249
|
+
systemPrompt: "Classify the incoming request.",
|
|
250
|
+
tools: ["read"],
|
|
251
|
+
next: "answer",
|
|
252
|
+
},
|
|
253
|
+
answer: {
|
|
254
|
+
type: "agent",
|
|
255
|
+
systemPrompt: "Answer using the selected route.",
|
|
256
|
+
tools: ["write"],
|
|
257
|
+
next: "end",
|
|
258
|
+
},
|
|
259
|
+
},
|
|
260
|
+
});
|
|
261
|
+
```
|
|
262
|
+
|
|
263
|
+
CLI support:
|
|
264
|
+
|
|
265
|
+
```bash
|
|
266
|
+
polpo loops validate
|
|
267
|
+
polpo loops compile .polpo/loops/router-flow.ts --out .polpo/loops/router-flow.json
|
|
268
|
+
polpo deploy
|
|
269
|
+
```
|
|
270
|
+
|
|
218
271
|
Agent-direct chat can target a loop explicitly:
|
|
219
272
|
|
|
220
273
|
```json
|
|
@@ -281,7 +334,9 @@ Project loops also support governance fields:
|
|
|
281
334
|
|
|
282
335
|
Lifecycle hooks are deterministic tool actions run by the host runtime at `loop:start`, `step:before`, `model:before`, `tool:before`, `tool:after`, `step:after`, `loop:transition`, and `loop:end`. Hook `when` guards are evaluated against the shared context plus lifecycle payload such as `step.name`, `step.type`, `tool.name`, `tool.input`, and `transition.from/to`. Hook outputs are saved into the context bag with `saveAs`; `onError: "continue"` turns a failed hook into trace-only telemetry, while the default is fail-closed.
|
|
283
336
|
|
|
284
|
-
Policies are evaluated before hook actions at the same lifecycle point. `deny` fails the loop
|
|
337
|
+
Policies are evaluated before hook actions at the same lifecycle point. `deny` fails the loop with `LoopPolicyDeniedError`, `approval` raises `LoopApprovalRequiredError`, and `allow` policies form an allow-list for that lifecycle point when at least one exists. If an allow-list is present and no allow rule matches, the loop is blocked.
|
|
338
|
+
|
|
339
|
+
When the host wires `LoopRunStore`, chat completions create durable loop runs, append every `loop_trace` event, and return `loop_run_id`. When the host also wires `ApprovalStore`, approval policies create a pending approval request and mark the loop run as `awaiting_approval` with `approvalRequestId`. The SDK exposes `getLoopRuns()` and `getLoopRun(id)` for audit/history surfaces. Streaming completions still emit each trace incrementally.
|
|
285
340
|
|
|
286
341
|
## SDK
|
|
287
342
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "polpo-ai",
|
|
3
|
-
"version": "0.10.
|
|
3
|
+
"version": "0.10.5",
|
|
4
4
|
"description": "The open backend for AI agents",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -66,10 +66,10 @@
|
|
|
66
66
|
"nanoid": "^5.1.2",
|
|
67
67
|
"yaml": "^2.7.0",
|
|
68
68
|
"zod": "^4.3.6",
|
|
69
|
-
"@polpo-ai/core": "0.10.
|
|
70
|
-
"@polpo-ai/
|
|
71
|
-
"@polpo-ai/
|
|
72
|
-
"@polpo-ai/
|
|
69
|
+
"@polpo-ai/core": "0.10.5",
|
|
70
|
+
"@polpo-ai/server": "0.10.5",
|
|
71
|
+
"@polpo-ai/vault-crypto": "0.10.5",
|
|
72
|
+
"@polpo-ai/llm": "0.10.5"
|
|
73
73
|
},
|
|
74
74
|
"optionalDependencies": {
|
|
75
75
|
"better-sqlite3": "^12.6.2",
|
|
@@ -77,7 +77,7 @@
|
|
|
77
77
|
"nodemailer": "^8.0.1",
|
|
78
78
|
"playwright-core": "^1.52.0",
|
|
79
79
|
"postgres": "^3.4.0",
|
|
80
|
-
"@polpo-ai/drizzle": "0.10.
|
|
80
|
+
"@polpo-ai/drizzle": "0.10.5"
|
|
81
81
|
},
|
|
82
82
|
"devDependencies": {
|
|
83
83
|
"@types/better-sqlite3": "^7.6.13",
|