ai-agent 0.13.4

Idiomatic agent sdk inspired by the claude code source leak
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221

//! Thin HTTP wrappers for the CCR v2 code-session API.
//!
//! Translated from openclaudecode/src/bridge/codeSessionApi.ts
//!
//! Separate file from remoteBridgeCore.ts so the SDK /bridge subpath can
//! export createCodeSession + fetchRemoteCredentials without bundling the
//! heavy CLI tree (analytics, transport, etc.). Callers supply explicit
//! accessToken + baseUrl — no implicit auth or config reads.

use reqwest::header::{HeaderMap, HeaderName, HeaderValue, AUTHORIZATION, CONTENT_TYPE};
use serde::{Deserialize, Serialize};

const ANTHROPIC_VERSION: &str = "2023-06-01";

/// Build OAuth headers for API requests
fn oauth_headers(access_token: &str) -> HeaderMap {
    let mut headers = HeaderMap::new();
    if let Ok(val) = HeaderValue::from_str(&format!("Bearer {}", access_token)) {
        headers.insert(AUTHORIZATION, val);
    }
    headers.insert(CONTENT_TYPE, HeaderValue::from_static("application/json"));
    headers.insert(
        HeaderName::from_static("anthropic-version"),
        HeaderValue::from_static(ANTHROPIC_VERSION),
    );
    headers
}

/// Create a new code session via POST /v1/code/sessions
///
/// # Arguments
/// * `base_url` - The API base URL
/// * `access_token` - OAuth access token
/// * `title` - Session title
/// * `timeout_ms` - Request timeout in milliseconds
/// * `tags` - Optional tags for the session
///
/// Returns the session ID on success, or None if creation fails.
pub async fn create_code_session(
    base_url: &str,
    access_token: &str,
    title: &str,
    timeout_ms: u64,
    tags: Option<Vec<String>>,
) -> Option<String> {
    let url = format!("{}/v1/code/sessions", base_url);
    let headers = oauth_headers(access_token);

    // Build request body
    // bridge: {} is the positive signal for the oneof runner — omitting it
    // (or sending environment_id: "") now 400s. BridgeRunner is an empty
    // message today; it's a placeholder for future bridge-specific options.
    let mut body = serde_json::json!({
        "title": title,
        "bridge": {}
    });

    if let Some(tags) = tags {
        if !tags.is_empty() {
            body["tags"] = serde_json::json!(tags);
        }
    }

    let client = reqwest::Client::new();
    let response = client
        .post(&url)
        .headers(headers)
        .timeout(std::time::Duration::from_millis(timeout_ms))
        .json(&body)
        .send()
        .await
        .ok()?;

    let status = response.status();
    if status != reqwest::StatusCode::OK && status != reqwest::StatusCode::CREATED {
        let status_code = status.as_u16();
        let body = response.text().await.unwrap_or_default();
        let detail = extract_error_detail_from_text(&body);
        log_for_debugging(&format!(
            "[code-session] Session create failed {}{}",
            status_code,
            detail.map(|d| format!(": {}", d)).unwrap_or_default()
        ));
        return None;
    }

    let data: serde_json::Value = response.json().await.ok()?;

    // Validate response structure
    let session = data.get("session")?;
    let session_obj = session.as_object()?;
    let id = session_obj.get("id")?.as_str()?;
    if !id.starts_with("cse_") {
        let data_str: String = serde_json::to_string(&data)
            .ok()
            .map(|s| s.chars().take(200).collect())
            .unwrap_or_default();
        log_for_debugging(&format!(
            "[code-session] No session.id (cse_*) in response: {}",
            data_str
        ));
        return None;
    }

    Some(id.to_string())
}

/// Credentials from POST /bridge. JWT is opaque — do not decode.
/// Each /bridge call bumps worker_epoch server-side (it IS the register).
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct RemoteCredentials {
    #[serde(rename = "worker_jwt")]
    pub worker_jwt: String,
    #[serde(rename = "api_base_url")]
    pub api_base_url: String,
    #[serde(rename = "expires_in")]
    pub expires_in: u64,
    #[serde(rename = "worker_epoch")]
    pub worker_epoch: i64,
}

/// Fetch remote credentials for a session via POST /v1/code/sessions/{id}/bridge
///
/// # Arguments
/// * `session_id` - The session ID
/// * `base_url` - The API base URL
/// * `access_token` - OAuth access token
/// * `timeout_ms` - Request timeout in milliseconds
/// * `trusted_device_token` - Optional trusted device token
///
/// Returns the remote credentials on success, or None if fetch fails.
pub async fn fetch_remote_credentials(
    session_id: &str,
    base_url: &str,
    access_token: &str,
    timeout_ms: u64,
    trusted_device_token: Option<&str>,
) -> Option<RemoteCredentials> {
    let url = format!("{}/v1/code/sessions/{}/bridge", base_url, session_id);
    let mut headers = oauth_headers(access_token);

    if let Some(token) = trusted_device_token {
        if let Ok(val) = HeaderValue::from_str(token) {
            headers.insert(HeaderName::from_static("x-trusted-device-token"), val);
        }
    }

    let client = reqwest::Client::new();
    let response = client
        .post(&url)
        .headers(headers)
        .timeout(std::time::Duration::from_millis(timeout_ms))
        .json(&serde_json::json!({}))
        .send()
        .await
        .ok()?;

    let status = response.status();
    if status != reqwest::StatusCode::OK {
        let status_code = status.as_u16();
        let body = response.text().await.unwrap_or_default();
        let detail = extract_error_detail_from_text(&body);
        log_for_debugging(&format!(
            "[code-session] /bridge failed {}{}",
            status_code,
            detail.map(|d| format!(": {}", d)).unwrap_or_default()
        ));
        return None;
    }

    let data: serde_json::Value = response.json().await.ok()?;

    // Validate response structure
    let worker_jwt = data.get("worker_jwt")?.as_str()?.to_string();
    let expires_in = data.get("expires_in")?.as_u64()?;
    let api_base_url = data.get("api_base_url")?.as_str()?.to_string();

    // protojson serializes int64 as a string to avoid JS precision loss;
    // Go may also return a number depending on encoder settings.
    let raw_epoch = data.get("worker_epoch")?;
    let epoch = if let Some(s) = raw_epoch.as_str() {
        s.parse().ok()?
    } else {
        raw_epoch.as_i64()?
    };

    Some(RemoteCredentials {
        worker_jwt,
        api_base_url,
        expires_in,
        worker_epoch: epoch,
    })
}

/// Extract error detail from response body text
fn extract_error_detail_from_text(body: &str) -> Option<String> {
    let data: serde_json::Value = serde_json::from_str(body).ok()?;
    data.get("message")
        .and_then(|m| m.as_str())
        .map(|s| s.to_string())
}

/// Simple logging helper
#[allow(unused_variables)]
fn log_for_debugging(msg: &str) {
    eprintln!("{}", msg);
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_oauth_headers() {
        let headers = oauth_headers("test-token");
        // Just verify Authorization header exists with correct prefix
        assert!(headers.get("Authorization").is_some());
        // Just verify Content-Type header exists
        assert!(headers.get("Content-Type").is_some());
    }
}