fix(ai-path): restore packaging + fail fast before payment when no tunnel binary (v2.8.0)#33
Merged
Merged
Conversation
…nnel binary (v2.8.0) Two regressions, one failure class, found by an AI-agent consumer (x402 pay-per-use VPN) on a machine with no tunnel binary: 1. Published 2.7.2 dropped ai-path entirely. Commit f6162f4 reverted package.json, removing "./ai-path" from exports, ai-path/ from files, and the sentinel-ai bin. With an exports map present, every npm consumer of `import 'blue-js-sdk/ai-path'` threw ERR_PACKAGE_PATH_NOT_EXPORTED. The 2.7.2 CI tarball gate only imported the package root, so the subpath drift slipped through. 2. A binary-less agent burned a real on-chain session. connect() step 1 detected the environment but never gated on it - wallet, balance, node selection, and the MsgStartSession TX all ran, then the tunnel step failed with V2RAY_NOT_FOUND, wasting the session payment and the fee granter's allowance. Changes: - package.json: restore "./ai-path" export, ai-path/ in files, sentinel-ai bin; bump to 2.8.0 - ai-path/connect.js: gate at step 1 - no V2Ray and no admin-usable WireGuard -> auto-download V2Ray (no admin needed); if still unusable, throw ENVIRONMENT_NOT_READY (nextAction run_setup) before any chain work; skipped for dryRun - ai-path/environment.js: setup() now actually installs - downloads V2Ray (SHA256-verified) via the root setup script when no usable binary exists, re-detects, reports installed: true; opt out with { autoInstall: false } - setup.js: export setupV2Ray/setupWireGuard/setup; main() only runs on direct execution (was running npm-install/MSI side effects on import) - ci.yml: tarball gate now imports every subpath export (ai-path/consumer/operator) from the packed install - docs in same diff: ai-path/README.md (setup() API, ENVIRONMENT_NOT_READY, lifecycle), ai-path/FAILURES.md (D8, D9), CHANGELOG.md (v2.8.0 entry) Verified: all edited files import cleanly; npm pack + tarball install with --ignore-scripts resolves blue-js-sdk/ai-path (46 exports), /consumer, /operator.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Consumer context (x402 pay-per-use VPN)
An AI agent following the x402 flow (pay USDC on Base → receive Sentinel subscription →
connect()viablue-js-sdk/ai-path) was rated end-to-end on a machine with no V2Ray and no WireGuard installed. Result: 88/100. The two deductions traced straight to the SDK:1. Published 2.7.2 is missing
ai-pathentirely (release blocker)npm view blue-js-sdk@2.7.2 exportshas no./ai-path;fileshas noai-path/;binhas nosentinel-ai. With anexportsmap present,import 'blue-js-sdk/ai-path'throwsERR_PACKAGE_PATH_NOT_EXPORTEDfor every npm consumer. Only apps pinned to 2.3.0 (like x402's fresh-test) still work.Regression source:
f6162f4("fix: silent truncation in rpcQueryNodes...", Apr 19) accidentally revertedpackage.json, undoing what87cc4dfadded. This is the identical failure class the v2.7.2 CHANGELOG entry documents forauth//operator/— except the CI tarball gate added there only imports the package root, so subpath drift slipped through.2. A binary-less agent burns a real on-chain session
connect()step 1 detects the environment but never gates on it. On the no-binary machine the trace was: wallet derived → balance OK → node selected → MsgStartSession TX broadcast and paid → tunnel step fails withV2RAY_NOT_FOUND. The session payment and the fee granter's allowance are gone. (FAILURES.md rule 5 — "check BEFORE paying" — was already enforced for WireGuard-without-admin, but not for the no-binary-at-all case.)Also: the exported
setup()was detect-only — the actual V2Ray download lives in the rootsetup.js, which was unsafe to import (ranmain()with npm-install/MSI side effects on import).Changes
"./ai-path"export,ai-path/infiles,sentinel-aibin; version 2.8.0.ENVIRONMENT_NOT_READY(existing code, nextActionrun_setup) before any chain work. Skipped indryRun. Human-error map entry added.setup()now actually installs: downloads V2Ray (SHA256-verified, to SDKbin/) via the root setup script when no usable binary exists, re-detects, returnsinstalled: true. Opt out with{ autoInstall: false }. Reuses existingENVIRONMENT_NOT_READY— no new error code, no JS↔C# parity work (ai-path is JS-only).setupV2Ray,setupWireGuard,setup();main()only runs when executed directly.blue-js-sdk/ai-path,/consumer,/operator) from the packed install, closing the gap that let this regression publish.ai-path/README.md(setup() API + auto-install,ENVIRONMENT_NOT_READYrow,--ignore-scriptsnote, lifecycle step 1),ai-path/FAILURES.md(D8: detection-without-gate, D9: subpath packaging),CHANGELOG.mdv2.8.0 entry.Verification
setup.jsno longer triggers side effects.npm pack→ install tarball in temp dir with--ignore-scripts→blue-js-sdk/ai-path(46 exports),/consumer(63),/operator(68) all resolve. Root: 401 exports.Why minor bump (2.8.0)
New behavior:
setup()andconnect()now download V2Ray at runtime when nothing usable is present. Restores the published surface 2.7.x silently dropped. After merge, publishing 2.8.0 unblocks every npm ai-path consumer.