veryfront 0.1.635 → 0.1.637

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (88) hide show
  1. package/esm/cli/commands/serve/command.d.ts.map +1 -1
  2. package/esm/cli/commands/serve/command.js +2 -1
  3. package/esm/deno.js +1 -1
  4. package/esm/src/cache/distributed-cache-init.d.ts +11 -2
  5. package/esm/src/cache/distributed-cache-init.d.ts.map +1 -1
  6. package/esm/src/cache/distributed-cache-init.js +2 -14
  7. package/esm/src/channels/control-plane.d.ts +5 -5
  8. package/esm/src/embedding/chunk.js +4 -2
  9. package/esm/src/errors/error-registry/agent.d.ts +16 -0
  10. package/esm/src/errors/error-registry/agent.d.ts.map +1 -0
  11. package/esm/src/errors/error-registry/agent.js +52 -0
  12. package/esm/src/errors/error-registry/boundary.d.ts +16 -0
  13. package/esm/src/errors/error-registry/boundary.d.ts.map +1 -0
  14. package/esm/src/errors/error-registry/boundary.js +52 -0
  15. package/esm/src/errors/error-registry/build.d.ts +20 -0
  16. package/esm/src/errors/error-registry/build.d.ts.map +1 -0
  17. package/esm/src/errors/error-registry/build.js +68 -0
  18. package/esm/src/errors/error-registry/config.d.ts +22 -0
  19. package/esm/src/errors/error-registry/config.d.ts.map +1 -0
  20. package/esm/src/errors/error-registry/config.js +70 -0
  21. package/esm/src/errors/error-registry/deploy.d.ts +12 -0
  22. package/esm/src/errors/error-registry/deploy.d.ts.map +1 -0
  23. package/esm/src/errors/error-registry/deploy.js +36 -0
  24. package/esm/src/errors/error-registry/dev.d.ts +14 -0
  25. package/esm/src/errors/error-registry/dev.d.ts.map +1 -0
  26. package/esm/src/errors/error-registry/dev.js +44 -0
  27. package/esm/src/errors/error-registry/general.d.ts +29 -0
  28. package/esm/src/errors/error-registry/general.d.ts.map +1 -0
  29. package/esm/src/errors/error-registry/general.js +92 -0
  30. package/esm/src/errors/error-registry/module.d.ts +16 -0
  31. package/esm/src/errors/error-registry/module.d.ts.map +1 -0
  32. package/esm/src/errors/error-registry/module.js +52 -0
  33. package/esm/src/errors/error-registry/route.d.ts +16 -0
  34. package/esm/src/errors/error-registry/route.d.ts.map +1 -0
  35. package/esm/src/errors/error-registry/route.js +52 -0
  36. package/esm/src/errors/error-registry/runtime.d.ts +18 -0
  37. package/esm/src/errors/error-registry/runtime.d.ts.map +1 -0
  38. package/esm/src/errors/error-registry/runtime.js +60 -0
  39. package/esm/src/errors/error-registry/server.d.ts +39 -0
  40. package/esm/src/errors/error-registry/server.d.ts.map +1 -0
  41. package/esm/src/errors/error-registry/server.js +129 -0
  42. package/esm/src/errors/error-registry.d.ts +79 -157
  43. package/esm/src/errors/error-registry.d.ts.map +1 -1
  44. package/esm/src/errors/error-registry.js +37 -706
  45. package/esm/src/errors/logging.d.ts.map +1 -1
  46. package/esm/src/errors/logging.js +7 -3
  47. package/esm/src/integrations/schema.d.ts +4 -4
  48. package/esm/src/internal-agents/control-plane-auth.d.ts +1 -1
  49. package/esm/src/internal-agents/run-stream.d.ts.map +1 -1
  50. package/esm/src/internal-agents/run-stream.js +15 -1
  51. package/esm/src/oauth/index.d.ts +1 -0
  52. package/esm/src/oauth/index.d.ts.map +1 -1
  53. package/esm/src/oauth/token-store/index.d.ts +1 -0
  54. package/esm/src/oauth/token-store/index.d.ts.map +1 -1
  55. package/esm/src/oauth/token-store/memory.d.ts +26 -4
  56. package/esm/src/oauth/token-store/memory.d.ts.map +1 -1
  57. package/esm/src/oauth/token-store/memory.js +42 -5
  58. package/esm/src/observability/log-buffer.d.ts.map +1 -1
  59. package/esm/src/observability/log-buffer.js +7 -1
  60. package/esm/src/platform/adapters/redis/modules.d.ts.map +1 -1
  61. package/esm/src/platform/adapters/redis/modules.js +3 -10
  62. package/esm/src/security/sandbox/project-worker.d.ts.map +1 -1
  63. package/esm/src/security/sandbox/project-worker.js +0 -1
  64. package/esm/src/server/dev-server/server.d.ts.map +1 -1
  65. package/esm/src/server/dev-server/server.js +2 -1
  66. package/esm/src/server/distributed-cache-initializers.d.ts +13 -0
  67. package/esm/src/server/distributed-cache-initializers.d.ts.map +1 -0
  68. package/esm/src/server/distributed-cache-initializers.js +22 -0
  69. package/esm/src/server/handlers/request/agent-stream.handler.d.ts.map +1 -1
  70. package/esm/src/server/handlers/request/agent-stream.handler.js +56 -16
  71. package/esm/src/server/index.d.ts +1 -0
  72. package/esm/src/server/index.d.ts.map +1 -1
  73. package/esm/src/server/index.js +1 -0
  74. package/esm/src/server/production-server.d.ts.map +1 -1
  75. package/esm/src/server/production-server.js +2 -1
  76. package/esm/src/server/services/rsc/endpoints/rsc-bundles.generated.d.ts.map +1 -1
  77. package/esm/src/server/services/rsc/endpoints/rsc-bundles.generated.js +2 -2
  78. package/esm/src/utils/logger/logger.d.ts.map +1 -1
  79. package/esm/src/utils/logger/logger.js +15 -5
  80. package/esm/src/utils/logger/redact.d.ts +64 -0
  81. package/esm/src/utils/logger/redact.d.ts.map +1 -0
  82. package/esm/src/utils/logger/redact.js +235 -0
  83. package/esm/src/utils/redis-client.d.ts.map +1 -1
  84. package/esm/src/utils/redis-client.js +0 -3
  85. package/esm/src/utils/version-constant.d.ts +1 -1
  86. package/esm/src/utils/version-constant.js +1 -1
  87. package/esm/src/workflow/schemas/workflow.schema.d.ts +4 -4
  88. package/package.json +2 -1
@@ -0,0 +1,235 @@
1
+ /**
2
+ * Secret / credential redaction for structured log context.
3
+ *
4
+ * Defense-in-depth (#1989): the logger, the error-logging path, and the
5
+ * observability log buffer all accept arbitrary `context`/`data` objects from
6
+ * callers and serialize them to log sinks. There is no guarantee a caller
7
+ * never hands us a tokens object, an `Authorization` header bag, or a request
8
+ * body with a password field. This pass masks values whose *key* looks like a
9
+ * credential before serialization, so an accidental
10
+ * `logger.info("...", { authorization: token })` cannot leak the secret.
11
+ *
12
+ * Scope is intentionally key-based: we do not attempt to find secrets embedded
13
+ * in free-form message strings (too lossy). The deny-list errs toward
14
+ * over-redaction — masking a benign `tokenCount` is acceptable; leaking a real
15
+ * token is not. The traversal fails *closed*: on a cycle, depth overflow, or a
16
+ * throwing getter it returns {@link REDACTED} rather than risk emitting an
17
+ * unredacted object.
18
+ */
19
+ import { isRecord } from "./core.js";
20
+ /** Replacement value substituted for any sensitive field. */
21
+ export const REDACTED = "[REDACTED]";
22
+ /**
23
+ * Normalized substrings that mark a key as sensitive. Matching is done against
24
+ * a lowercased, non-alphanumeric-stripped form of the key, so `API-Key`,
25
+ * `api_key`, and `apiKey` all collapse to `apikey` and match.
26
+ *
27
+ * Deliberately omitted to avoid false positives that swamp real logs:
28
+ * - bare `"auth"` (would mask `author`); `authorization`/`authToken` are still
29
+ * covered via `authorization`/`token`.
30
+ * - short tokens like `"dsn"`/`"sas"` (would mask `feedsNamespace`, etc.).
31
+ */
32
+ const SENSITIVE_KEY_PATTERNS = [
33
+ "password",
34
+ "passwd",
35
+ "pwd",
36
+ "passphrase",
37
+ "secret",
38
+ "clientsecret",
39
+ "token",
40
+ "apikey",
41
+ "accesskey",
42
+ "privatekey",
43
+ "credential",
44
+ "authorization",
45
+ "cookie",
46
+ "bearer",
47
+ "jwt",
48
+ "connectionstring",
49
+ "signature",
50
+ "sessionid",
51
+ "sid",
52
+ "otp",
53
+ "mfa",
54
+ "pin",
55
+ "salt",
56
+ "xsrf",
57
+ "csrf",
58
+ ];
59
+ /** Stop traversing past this depth to keep the pass cheap and stack-safe. */
60
+ const MAX_DEPTH = 16;
61
+ /**
62
+ * Whether a context key names a credential and should have its value masked.
63
+ *
64
+ * Uses substring matching on a normalized key, so `clientSecret`,
65
+ * `x-api-key`, and `refresh_token` all match while benign words that merely
66
+ * *contain* a pattern as a separate token (e.g. `author`) do not — `author`
67
+ * normalizes to `author`, which contains none of the patterns.
68
+ */
69
+ export function isSensitiveKey(key) {
70
+ const normalized = key.toLowerCase().replace(/[^a-z0-9]/g, "");
71
+ return SENSITIVE_KEY_PATTERNS.some((pattern) => normalized.includes(pattern));
72
+ }
73
+ /**
74
+ * A non-null, non-array object. {@link isRecord} covers class instances too,
75
+ * whose enumerable fields `JSON.stringify` *would* serialize, so we must
76
+ * traverse them to catch secrets.
77
+ */
78
+ function isTraversableRecord(value) {
79
+ return isRecord(value);
80
+ }
81
+ function hasToJson(value) {
82
+ return typeof value.toJSON === "function";
83
+ }
84
+ function redactValue(value, depth, seen) {
85
+ if (Array.isArray(value)) {
86
+ if (depth >= MAX_DEPTH || seen.has(value))
87
+ return REDACTED;
88
+ seen.add(value);
89
+ try {
90
+ return value.map((item) => redactValue(item, depth + 1, seen));
91
+ }
92
+ finally {
93
+ seen.delete(value);
94
+ }
95
+ }
96
+ // Objects defining `toJSON` (Date, URL, custom serializers) are serialized
97
+ // by `JSON.stringify` via the *return value* of `toJSON`, not their own
98
+ // enumerable keys. A key-based pass over the object's own properties would
99
+ // therefore miss credentials smuggled through `toJSON`, e.g.
100
+ // `{ toJSON: () => ({ apiKey: "sk-..." }) }` (CODEX P2). When `toJSON`
101
+ // returns a non-scalar (an object/array that could carry credential keys),
102
+ // redact *that* — the thing actually emitted. When it returns a scalar
103
+ // (Date/URL → ISO string), the original object is left intact, preserving
104
+ // prior behavior and identity.
105
+ if (isRecord(value) && hasToJson(value)) {
106
+ if (depth >= MAX_DEPTH || seen.has(value))
107
+ return REDACTED;
108
+ seen.add(value);
109
+ try {
110
+ const serialized = value.toJSON();
111
+ if (isRecord(serialized) || Array.isArray(serialized)) {
112
+ return redactValue(serialized, depth + 1, seen);
113
+ }
114
+ // Scalar result (string/number/…): the object serializes safely as-is.
115
+ return value;
116
+ }
117
+ catch {
118
+ // A throwing toJSON must never let the raw object (whose own keys we
119
+ // skipped) through: fail closed.
120
+ return REDACTED;
121
+ }
122
+ finally {
123
+ seen.delete(value);
124
+ }
125
+ }
126
+ if (isTraversableRecord(value)) {
127
+ if (depth >= MAX_DEPTH || seen.has(value))
128
+ return REDACTED;
129
+ seen.add(value);
130
+ try {
131
+ const out = {};
132
+ for (const [key, child] of Object.entries(value)) {
133
+ out[key] = isSensitiveKey(key) ? REDACTED : redactValue(child, depth + 1, seen);
134
+ }
135
+ return out;
136
+ }
137
+ catch {
138
+ // A throwing getter (or other access error) must never let an
139
+ // unredacted object through: fail closed.
140
+ return REDACTED;
141
+ }
142
+ finally {
143
+ seen.delete(value);
144
+ }
145
+ }
146
+ // Primitives and scalar-serializing objects (Date, URL, …) are returned
147
+ // untouched: they are not key/value bags we can safely rewrite.
148
+ return value;
149
+ }
150
+ /**
151
+ * Returns a redacted deep copy of `context`. Any property whose key is
152
+ * {@link isSensitiveKey} has its value replaced with {@link REDACTED}; nested
153
+ * plain objects, class instances, and arrays are traversed. The input is never
154
+ * mutated, and the pass fails closed (returns {@link REDACTED}) on cycles,
155
+ * depth overflow, or a throwing getter.
156
+ */
157
+ export function redactSensitive(context) {
158
+ return redactValue(context, 0, new Set());
159
+ }
160
+ /**
161
+ * Query-string parameter names that commonly carry credentials in URLs.
162
+ * Matched case-insensitively against the parameter name.
163
+ */
164
+ const SENSITIVE_URL_PARAMS = [
165
+ "access_token",
166
+ "accesstoken",
167
+ "refresh_token",
168
+ "api_key",
169
+ "apikey",
170
+ "code",
171
+ "token",
172
+ "secret",
173
+ "client_secret",
174
+ "password",
175
+ "passwd",
176
+ "pwd",
177
+ "state",
178
+ "sig",
179
+ "signature",
180
+ "auth",
181
+ ];
182
+ const URL_USERINFO_RE = /(\b[a-z][a-z0-9+.-]*:\/\/)([^/?#@\s]+)@/gi;
183
+ /**
184
+ * Strip credentials from URL-shaped strings so they can be safely emitted in
185
+ * free-form text (error messages, stacks, lifted `request_url` fields). Unlike
186
+ * {@link redactSensitive}, which is key-based, this scrubs secrets embedded in
187
+ * the *value* itself:
188
+ *
189
+ * - URL userinfo: `http://user:pass@host` → `http://user:[REDACTED]@host`
190
+ * - sensitive query params: `?access_token=abc` → `?access_token=[REDACTED]`
191
+ *
192
+ * It is intentionally tolerant: it operates on any string (a DSN, a Mongo URI,
193
+ * an axios error message containing a URL) via regex rather than requiring a
194
+ * parseable URL, so malformed or partial URLs in error text are still scrubbed.
195
+ * Non-URL strings pass through unchanged.
196
+ */
197
+ export function sanitizeUrlCredentials(input) {
198
+ if (typeof input !== "string" || input.length === 0)
199
+ return input;
200
+ // 1) userinfo: scheme://user:pass@ → mask the password (and any bare creds).
201
+ let out = input.replace(URL_USERINFO_RE, (_match, scheme, userinfo) => {
202
+ const colon = userinfo.indexOf(":");
203
+ if (colon === -1) {
204
+ // `scheme://token@host` — the whole userinfo is credential-like.
205
+ return `${scheme}${REDACTED}@`;
206
+ }
207
+ const user = userinfo.slice(0, colon);
208
+ return `${scheme}${user}:${REDACTED}@`;
209
+ });
210
+ // 2) sensitive query/fragment params: `key=value` → `key=[REDACTED]`.
211
+ // Match `?key=`, `&key=`, `;key=` separators and stop at the next delimiter.
212
+ out = out.replace(/([?&;])([a-z0-9_.\-]+)=([^&#;\s]*)/gi, (match, sep, key, _val) => {
213
+ const normalized = key.toLowerCase().replace(/[^a-z0-9]/g, "");
214
+ const sensitive = SENSITIVE_URL_PARAMS.some((p) => normalized === p.replace(/[^a-z0-9]/g, ""));
215
+ return sensitive ? `${sep}${key}=${REDACTED}` : match;
216
+ });
217
+ return out;
218
+ }
219
+ /**
220
+ * Apply {@link sanitizeUrlCredentials} to the `message` and `stack` of a
221
+ * serialized-error-shaped object, returning a new object. Used by the logger's
222
+ * JSON and text paths so errors carrying DSNs, Mongo URIs, or
223
+ * `?access_token=`-bearing URLs do not leak credentials (the serialized error
224
+ * bypasses the key-based redactor). Returns the input unchanged when falsy.
225
+ */
226
+ export function sanitizeSerializedError(error) {
227
+ if (!error)
228
+ return error;
229
+ const out = { ...error };
230
+ if (typeof out.message === "string")
231
+ out.message = sanitizeUrlCredentials(out.message);
232
+ if (typeof out.stack === "string")
233
+ out.stack = sanitizeUrlCredentials(out.stack);
234
+ return out;
235
+ }
@@ -1 +1 @@
1
- {"version":3,"file":"redis-client.d.ts","sourceRoot":"","sources":["../../../src/src/utils/redis-client.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,WAAW;IAC1B,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,EAAE,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACnF,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CACF,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GAC3C,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACtD,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,GAAG,IAAI,CAAC;IACjE,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAUD,wBAAsB,cAAc,CAAC,OAAO,GAAE,kBAAuB,GAAG,OAAO,CAAC,WAAW,CAAC,CA4B3F;AAgED,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C"}
1
+ {"version":3,"file":"redis-client.d.ts","sourceRoot":"","sources":["../../../src/src/utils/redis-client.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,WAAW;IAC1B,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,EAAE,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACnF,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CACF,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GAC3C,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACtD,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,GAAG,IAAI,CAAC;IACjE,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAsBD,wBAAsB,cAAc,CAAC,OAAO,GAAE,kBAAuB,GAAG,OAAO,CAAC,WAAW,CAAC,CA4B3F;AA6DD,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C"}
@@ -38,12 +38,10 @@ export async function getRedisClient(options = {}) {
38
38
  }
39
39
  }
40
40
  async function createClient(options) {
41
- // deno-lint-ignore no-explicit-any
42
41
  let createClientFn;
43
42
  try {
44
43
  const redisClientModule = "npm:@redis/client@1.5.8";
45
44
  const mod = await import(redisClientModule);
46
- // deno-lint-ignore no-explicit-any
47
45
  createClientFn = mod.createClient;
48
46
  }
49
47
  catch (error) {
@@ -57,7 +55,6 @@ async function createClient(options) {
57
55
  if (!useTls && getEnv("NODE_ENV") === "production") {
58
56
  logger.warn("Redis connection without TLS in production. Set REDIS_URL to rediss:// or pass tls: true.");
59
57
  }
60
- // deno-lint-ignore no-explicit-any
61
58
  const clientOpts = { url };
62
59
  if (useTls) {
63
60
  clientOpts.socket = { tls: true };
@@ -1,3 +1,3 @@
1
1
  /** Shared version value. */
2
- export declare const VERSION = "0.1.635";
2
+ export declare const VERSION = "0.1.637";
3
3
  //# sourceMappingURL=version-constant.d.ts.map
@@ -1,4 +1,4 @@
1
1
  // Keep in sync with deno.json version.
2
2
  // scripts/release.ts updates this constant during releases.
3
3
  /** Shared version value. */
4
- export const VERSION = "0.1.635";
4
+ export const VERSION = "0.1.637";
@@ -82,7 +82,7 @@ export declare const getCheckpointSchema: () => import("../../internal-agents/sc
82
82
  /**
83
83
  * Approval status schema
84
84
  */
85
- export declare const getApprovalStatusSchema: () => import("../../internal-agents/schema.js").Schema<"expired" | "rejected" | "pending" | "approved">;
85
+ export declare const getApprovalStatusSchema: () => import("../../internal-agents/schema.js").Schema<"rejected" | "expired" | "pending" | "approved">;
86
86
  /**
87
87
  * Pending approval schema
88
88
  */
@@ -94,7 +94,7 @@ export declare const getPendingApprovalSchema: () => import("../../internal-agen
94
94
  approvers: import("../../internal-agents/schema.js").Schema<string[] | undefined>;
95
95
  requestedAt: import("../../internal-agents/schema.js").Schema<Date>;
96
96
  expiresAt: import("../../internal-agents/schema.js").Schema<Date | undefined>;
97
- status: import("../../internal-agents/schema.js").Schema<"expired" | "rejected" | "pending" | "approved">;
97
+ status: import("../../internal-agents/schema.js").Schema<"rejected" | "expired" | "pending" | "approved">;
98
98
  decidedBy: import("../../internal-agents/schema.js").Schema<string | undefined>;
99
99
  decidedAt: import("../../internal-agents/schema.js").Schema<Date | undefined>;
100
100
  comment: import("../../internal-agents/schema.js").Schema<string | undefined>;
@@ -192,7 +192,7 @@ export declare const CheckpointSchema: import("../../internal-agents/schema.js")
192
192
  completedAt: import("../../internal-agents/schema.js").Schema<Date | undefined>;
193
193
  }>>>;
194
194
  }>>;
195
- export declare const ApprovalStatusSchema: import("../../internal-agents/schema.js").Schema<"expired" | "rejected" | "pending" | "approved">;
195
+ export declare const ApprovalStatusSchema: import("../../internal-agents/schema.js").Schema<"rejected" | "expired" | "pending" | "approved">;
196
196
  export declare const PendingApprovalSchema: import("../../internal-agents/schema.js").Schema<import("../../extensions/schema/schema-validator.js").InferShape<{
197
197
  id: import("../../internal-agents/schema.js").Schema<string>;
198
198
  nodeId: import("../../internal-agents/schema.js").Schema<string>;
@@ -201,7 +201,7 @@ export declare const PendingApprovalSchema: import("../../internal-agents/schema
201
201
  approvers: import("../../internal-agents/schema.js").Schema<string[] | undefined>;
202
202
  requestedAt: import("../../internal-agents/schema.js").Schema<Date>;
203
203
  expiresAt: import("../../internal-agents/schema.js").Schema<Date | undefined>;
204
- status: import("../../internal-agents/schema.js").Schema<"expired" | "rejected" | "pending" | "approved">;
204
+ status: import("../../internal-agents/schema.js").Schema<"rejected" | "expired" | "pending" | "approved">;
205
205
  decidedBy: import("../../internal-agents/schema.js").Schema<string | undefined>;
206
206
  decidedAt: import("../../internal-agents/schema.js").Schema<Date | undefined>;
207
207
  comment: import("../../internal-agents/schema.js").Schema<string | undefined>;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "veryfront",
3
- "version": "0.1.635",
3
+ "version": "0.1.637",
4
4
  "description": "The simplest way to build AI-powered apps",
5
5
  "keywords": [
6
6
  "react",
@@ -358,6 +358,7 @@
358
358
  "mdast-util-to-string": "4.0.0",
359
359
  "react": "19.2.4",
360
360
  "react-dom": "19.2.4",
361
+ "redis": "5.11.0",
361
362
  "rehype-highlight": "7.0.2",
362
363
  "rehype-raw": "7.0.0",
363
364
  "rehype-sanitize": "6.0.0",