test+docs: eve sandbox credential-brokering coverage + ReactiveSearchIndex provisioning tests#8
Merged
Merged
Conversation
- eve sandbox: toBoxNetworkPolicy now THROWS on Eve per-domain rules
(transform / forwardURL) instead of silently reducing them to a bare
domain allow-list. Box's network policy can't inject headers, and
attachHeaders is creation-time only (no dynamic API), so a dropped
credential-brokering rule would send requests unauthenticated. Points
users to upstash({ attachHeaders }) for the static path. Exported +
tested.
- createRateLimit: `redis` is now optional, defaulting to Redis.fromEnv()
— it was the one feature breaking the "redis defaults everywhere"
promise. Fixed the ai-sdk/core README + docs (snippet no longer
references an undefined `redis`). Added a fromEnv-default test.
- sdk README tool-cache snippet: cache.wrap(...) (was tools.wrap, an
undefined variable).
- eve defineSearchTools JSDoc: replace the broken shared-module example
(importing ../redis.js / ../lib/book-search.js, which fails at eve's
turn step) with the self-contained per-file pattern the README uses.
Verify, against live Redis, how each raw op signals a missing index
(query→null, count→{count:-1}, aggregate→throws) vs an existing-but-empty
index, and that the wrapper provisions+retries exactly once on a missing
index but sends no create-index request when data is merely absent.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Follow-up test coverage and docs for the eve sandbox and the reactive search
index. The underlying code (the
toBoxNetworkPolicythrow,ReactiveSearchIndexitself, etc.) already landed on
main; this branch adds the tests that pin thebehavior down and the user-facing docs for the credential-brokering limitation.
Net diff vs
mainis three files — no production code changes.eve sandbox: credential brokering (docs + tests)
Box's network policy is a plain domain/CIDR allow-list, so Eve's per-domain
firewall rules (
transformheader injection /forwardURL) can't be honored andthe backend throws instead of silently sending the request unauthenticated.
packages/eve/README.md): moved the limitation into its own"Brokering credentials (injecting headers)" toggle with a ❌ incorrect example
(a
transformrule passed toonSession'suse({ networkPolicy }), whichthrows) and a ✅ correct one (Box's
attachHeadersat backend creation + a plainallow-list per session). The same toggle was added to the docs site
(
redis/sdks/agentkit/eve).packages/eve/src/sandbox.test.ts): live Upstash Box tests coveringwhat a user actually triggers — a per-session
transformrule throws on both theuse()path (useSessionFn) and the agent path (setNetworkPolicy), a plainallow-list works, and
upstash({ attachHeaders })creates a working session. Thetest docstring carries the full
defineSandboxcorrect/incorrect snippets.Follow-up test coverage and docs for the eve sandbox and the reactive search
index. The underlying code (the
toBoxNetworkPolicythrow,ReactiveSearchIndexitself, etc.) already landed on
main; this branch adds the tests that pin thebehavior down and the user-facing docs for the credential-brokering limitation.
Net diff vs
mainis three files — no production code changes.eve sandbox: credential brokering (docs + tests)
Box's network policy is a plain domain/CIDR allow-list, so Eve's per-domain
firewall rules (
transformheader injection /forwardURL) can't be honored andthe backend throws instead of silently sending the request unauthenticated.
packages/eve/README.md): moved the limitation into its own"Brokering credentials (injecting headers)" toggle with a ❌ incorrect example
(a
transformrule passed toonSession'suse({ networkPolicy }), whichthrows) and a ✅ correct one (Box's
attachHeadersat backend creation + a plainallow-list per session). The same toggle was added to the docs site
(
redis/sdks/agentkit/eve).packages/eve/src/sandbox.test.ts): live Upstash Box tests coveringwhat a user actually triggers — a per-session
transformrule throws on both theuse()path (useSessionFn) and the agent path (setNetworkPolicy), a plainallow-list works, and
upstash({ attachHeaders })creates a working session. Thetest docstring carries the full
defineSandboxcorrect/incorrect snippets.sdk: ReactiveSearchIndex provisioning tests
packages/sdk/src/reactive-index.test.ts— a suite (against real Upstash Redis,spying on the real ops, no mocked responses) that pins the reactive index's core
invariant:
query→null,count→{count:-1},aggregate→throws), and the wrapper provisions + retriesexactly once on that signal.
sentinels), so the wrapper does not re-provision.
create-index request is sent when the index already exists.
Testing
pnpm typecheck/lintclean.suite passes against live Upstash Redis.