polpo-ai 0.10.4 → 0.10.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +18 -0
- package/package.json +6 -6
package/README.md
CHANGED
|
@@ -215,6 +215,15 @@ Use `type: "tool"` for deterministic sandbox/tool actions without an LLM turn, a
|
|
|
215
215
|
|
|
216
216
|
Loop guards use Polpo's safe expression evaluator instead of JavaScript `eval` or `new Function`. Step outputs are available in the shared context bag by step id or `saveAs` path, e.g. `classify.route`, `review.approved`, or `timing.start`. `saveAs` writes context data; it does not create shell variables inside later `bash` commands. The OSS surface validates and round-trips the contract through core types, API schemas, SDK types, `polpo deploy`, and `polpo pull`.
|
|
217
217
|
|
|
218
|
+
Loops also have first-class governance fields:
|
|
219
|
+
|
|
220
|
+
- `permissions`: readable allow/deny/approval rules for resources such as `tool`, `step`, `model`, `human`, and `loop`. Use this for least-privilege runtime constraints beyond an agent's broad tool assignment.
|
|
221
|
+
- `policies`: expression-based gates for advanced compliance rules.
|
|
222
|
+
- `hooks`: deterministic tool actions at lifecycle points such as `loop:start`, `tool:before`, `tool:after`, and `loop:end`.
|
|
223
|
+
- `loop_trace`: durable runtime events including `permission.result`, `policy.result`, `approval.required`, tool calls, transitions, and step outcomes.
|
|
224
|
+
|
|
225
|
+
When a permission or policy requires approval, the runtime stores a checkpoint on the loop run. Approving the gate moves the run to `approval_approved`; `POST /loop-runs/:id/resume` continues from the saved context and remaining steps without replaying completed steps.
|
|
226
|
+
|
|
218
227
|
You can also keep loops as code and compile them to the same canonical contract:
|
|
219
228
|
|
|
220
229
|
```ts
|
|
@@ -226,6 +235,15 @@ export default defineProjectLoop({
|
|
|
226
235
|
kind: "graph",
|
|
227
236
|
name: "router-flow",
|
|
228
237
|
context: "shared",
|
|
238
|
+
permissions: [
|
|
239
|
+
{
|
|
240
|
+
id: "router-tool-allowlist",
|
|
241
|
+
resource: "tool",
|
|
242
|
+
action: "call",
|
|
243
|
+
effect: "allow",
|
|
244
|
+
match: { tool: ["read", "write"] }
|
|
245
|
+
}
|
|
246
|
+
],
|
|
229
247
|
start: "classify",
|
|
230
248
|
steps: {
|
|
231
249
|
classify: {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "polpo-ai",
|
|
3
|
-
"version": "0.10.
|
|
3
|
+
"version": "0.10.6",
|
|
4
4
|
"description": "The open backend for AI agents",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -66,10 +66,10 @@
|
|
|
66
66
|
"nanoid": "^5.1.2",
|
|
67
67
|
"yaml": "^2.7.0",
|
|
68
68
|
"zod": "^4.3.6",
|
|
69
|
-
"@polpo-ai/core": "0.10.
|
|
70
|
-
"@polpo-ai/
|
|
71
|
-
"@polpo-ai/
|
|
72
|
-
"@polpo-ai/vault-crypto": "0.10.
|
|
69
|
+
"@polpo-ai/core": "0.10.6",
|
|
70
|
+
"@polpo-ai/llm": "0.10.6",
|
|
71
|
+
"@polpo-ai/server": "0.10.6",
|
|
72
|
+
"@polpo-ai/vault-crypto": "0.10.6"
|
|
73
73
|
},
|
|
74
74
|
"optionalDependencies": {
|
|
75
75
|
"better-sqlite3": "^12.6.2",
|
|
@@ -77,7 +77,7 @@
|
|
|
77
77
|
"nodemailer": "^8.0.1",
|
|
78
78
|
"playwright-core": "^1.52.0",
|
|
79
79
|
"postgres": "^3.4.0",
|
|
80
|
-
"@polpo-ai/drizzle": "0.10.
|
|
80
|
+
"@polpo-ai/drizzle": "0.10.6"
|
|
81
81
|
},
|
|
82
82
|
"devDependencies": {
|
|
83
83
|
"@types/better-sqlite3": "^7.6.13",
|