@agent-vm/config-contracts 0.0.69 → 0.0.71

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.d.ts +81 -32
  2. package/dist/index.d.ts.map +1 -1
  3. package/dist/index.js +48 -16
  4. package/dist/index.js.map +1 -1
  5. package/package.json +1 -1
package/dist/index.d.ts CHANGED
@@ -26,15 +26,29 @@ declare const secretValueSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
26
26
  type SecretValue = z.infer<typeof secretValueSchema>;
27
27
  //#endregion
28
28
  //#region src/mcp-config.d.ts
29
+ declare const mcpSecretPolicySchema: z.ZodObject<{
30
+ hosts: z.ZodDefault<z.ZodArray<z.ZodString>>;
31
+ injection: z.ZodEnum<{
32
+ env: "env";
33
+ "http-mediation": "http-mediation";
34
+ }>;
35
+ }, z.core.$strict>;
29
36
  declare const mcpProviderSchema: z.ZodObject<{
30
37
  kind: z.ZodLiteral<"mcp">;
31
38
  namespace: z.ZodString;
32
39
  discovery: z.ZodDefault<z.ZodObject<{
33
40
  summary: z.ZodOptional<z.ZodString>;
34
41
  }, z.core.$strict>>;
42
+ secretPolicies: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
43
+ hosts: z.ZodDefault<z.ZodArray<z.ZodString>>;
44
+ injection: z.ZodEnum<{
45
+ env: "env";
46
+ "http-mediation": "http-mediation";
47
+ }>;
48
+ }, z.core.$strict>>>;
35
49
  transport: z.ZodDiscriminatedUnion<[z.ZodObject<{
36
50
  kind: z.ZodLiteral<"streamable-http">;
37
- url: z.ZodString;
51
+ url: z.ZodURL;
38
52
  headers: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodDiscriminatedUnion<[z.ZodObject<{
39
53
  source: z.ZodLiteral<"environment">;
40
54
  name: z.ZodString;
@@ -42,9 +56,10 @@ declare const mcpProviderSchema: z.ZodObject<{
42
56
  source: z.ZodLiteral<"1password">;
43
57
  ref: z.ZodString;
44
58
  }, z.core.$strict>], "source">>>;
59
+ requiredEgressHosts: z.ZodDefault<z.ZodArray<z.ZodString>>;
45
60
  }, z.core.$strict>, z.ZodObject<{
46
61
  kind: z.ZodLiteral<"sse">;
47
- url: z.ZodString;
62
+ url: z.ZodURL;
48
63
  headers: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodDiscriminatedUnion<[z.ZodObject<{
49
64
  source: z.ZodLiteral<"environment">;
50
65
  name: z.ZodString;
@@ -52,6 +67,7 @@ declare const mcpProviderSchema: z.ZodObject<{
52
67
  source: z.ZodLiteral<"1password">;
53
68
  ref: z.ZodString;
54
69
  }, z.core.$strict>], "source">>>;
70
+ requiredEgressHosts: z.ZodDefault<z.ZodArray<z.ZodString>>;
55
71
  }, z.core.$strict>, z.ZodObject<{
56
72
  kind: z.ZodLiteral<"stdio">;
57
73
  command: z.ZodString;
@@ -64,6 +80,11 @@ declare const mcpProviderSchema: z.ZodObject<{
64
80
  source: z.ZodLiteral<"1password">;
65
81
  ref: z.ZodString;
66
82
  }, z.core.$strict>], "source">>>;
83
+ networkAccess: z.ZodOptional<z.ZodEnum<{
84
+ declared: "declared";
85
+ none: "none";
86
+ }>>;
87
+ requiredEgressHosts: z.ZodDefault<z.ZodArray<z.ZodString>>;
67
88
  }, z.core.$strict>], "kind">;
68
89
  }, z.core.$strict>;
69
90
  declare const mcpConfigSchema: z.ZodObject<{
@@ -75,9 +96,16 @@ declare const mcpConfigSchema: z.ZodObject<{
75
96
  discovery: z.ZodDefault<z.ZodObject<{
76
97
  summary: z.ZodOptional<z.ZodString>;
77
98
  }, z.core.$strict>>;
99
+ secretPolicies: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
100
+ hosts: z.ZodDefault<z.ZodArray<z.ZodString>>;
101
+ injection: z.ZodEnum<{
102
+ env: "env";
103
+ "http-mediation": "http-mediation";
104
+ }>;
105
+ }, z.core.$strict>>>;
78
106
  transport: z.ZodDiscriminatedUnion<[z.ZodObject<{
79
107
  kind: z.ZodLiteral<"streamable-http">;
80
- url: z.ZodString;
108
+ url: z.ZodURL;
81
109
  headers: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodDiscriminatedUnion<[z.ZodObject<{
82
110
  source: z.ZodLiteral<"environment">;
83
111
  name: z.ZodString;
@@ -85,9 +113,10 @@ declare const mcpConfigSchema: z.ZodObject<{
85
113
  source: z.ZodLiteral<"1password">;
86
114
  ref: z.ZodString;
87
115
  }, z.core.$strict>], "source">>>;
116
+ requiredEgressHosts: z.ZodDefault<z.ZodArray<z.ZodString>>;
88
117
  }, z.core.$strict>, z.ZodObject<{
89
118
  kind: z.ZodLiteral<"sse">;
90
- url: z.ZodString;
119
+ url: z.ZodURL;
91
120
  headers: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodDiscriminatedUnion<[z.ZodObject<{
92
121
  source: z.ZodLiteral<"environment">;
93
122
  name: z.ZodString;
@@ -95,6 +124,7 @@ declare const mcpConfigSchema: z.ZodObject<{
95
124
  source: z.ZodLiteral<"1password">;
96
125
  ref: z.ZodString;
97
126
  }, z.core.$strict>], "source">>>;
127
+ requiredEgressHosts: z.ZodDefault<z.ZodArray<z.ZodString>>;
98
128
  }, z.core.$strict>, z.ZodObject<{
99
129
  kind: z.ZodLiteral<"stdio">;
100
130
  command: z.ZodString;
@@ -107,6 +137,11 @@ declare const mcpConfigSchema: z.ZodObject<{
107
137
  source: z.ZodLiteral<"1password">;
108
138
  ref: z.ZodString;
109
139
  }, z.core.$strict>], "source">>>;
140
+ networkAccess: z.ZodOptional<z.ZodEnum<{
141
+ declared: "declared";
142
+ none: "none";
143
+ }>>;
144
+ requiredEgressHosts: z.ZodDefault<z.ZodArray<z.ZodString>>;
110
145
  }, z.core.$strict>], "kind">;
111
146
  }, z.core.$strict>>>;
112
147
  }, z.core.$strict>;
@@ -225,22 +260,28 @@ declare const resolvedMcpPortalProfileSchema: z.ZodObject<{
225
260
  }, z.core.$strict>;
226
261
  }, z.core.$strict>;
227
262
  type ResolvedMcpPortalProfile = z.infer<typeof resolvedMcpPortalProfileSchema>;
228
- declare const mcpPortalServerSchema: z.ZodObject<{
229
- host: z.ZodDefault<z.ZodString>;
230
- port: z.ZodDefault<z.ZodNumber>;
231
- accessHeader: z.ZodObject<{
263
+ declare const mcpPortalExternalAuthSchema: z.ZodObject<{
264
+ masterKey: z.ZodDiscriminatedUnion<[z.ZodObject<{
265
+ source: z.ZodLiteral<"environment">;
232
266
  name: z.ZodString;
233
- secret: z.ZodDiscriminatedUnion<[z.ZodObject<{
234
- source: z.ZodLiteral<"environment">;
235
- name: z.ZodString;
236
- }, z.core.$strict>, z.ZodObject<{
237
- source: z.ZodLiteral<"1password">;
238
- ref: z.ZodString;
239
- }, z.core.$strict>], "source">;
240
- }, z.core.$strict>;
267
+ }, z.core.$strict>, z.ZodObject<{
268
+ source: z.ZodLiteral<"1password">;
269
+ ref: z.ZodString;
270
+ }, z.core.$strict>], "source">;
241
271
  }, z.core.$strict>;
242
- type McpPortalServerConfig = z.infer<typeof mcpPortalServerSchema>;
272
+ type McpPortalExternalAuthConfig = z.infer<typeof mcpPortalExternalAuthSchema>;
273
+ declare const mcpPortalProxySchema: z.ZodObject<{
274
+ server: z.ZodDefault<z.ZodObject<{
275
+ host: z.ZodDefault<z.ZodString>;
276
+ port: z.ZodDefault<z.ZodNumber>;
277
+ }, z.core.$strict>>;
278
+ auth: z.ZodDefault<z.ZodObject<{
279
+ headerName: z.ZodDefault<z.ZodString>;
280
+ }, z.core.$strict>>;
281
+ }, z.core.$strict>;
282
+ type McpPortalProxyConfig = z.infer<typeof mcpPortalProxySchema>;
243
283
  declare const mcpPortalAgentConfigSchema: z.ZodObject<{
284
+ credentialVersion: z.ZodDefault<z.ZodNumber>;
244
285
  profile: z.ZodString;
245
286
  hmacKey: z.ZodOptional<z.ZodDiscriminatedUnion<[z.ZodObject<{
246
287
  source: z.ZodLiteral<"environment">;
@@ -254,21 +295,26 @@ type McpPortalAgentConfig = z.infer<typeof mcpPortalAgentConfigSchema>;
254
295
  declare const mcpPortalConfigSchema: z.ZodObject<{
255
296
  $schema: z.ZodOptional<z.ZodString>;
256
297
  schemaVersion: z.ZodLiteral<1>;
257
- server: z.ZodObject<{
258
- host: z.ZodDefault<z.ZodString>;
259
- port: z.ZodDefault<z.ZodNumber>;
260
- accessHeader: z.ZodObject<{
298
+ externalAuth: z.ZodOptional<z.ZodObject<{
299
+ masterKey: z.ZodDiscriminatedUnion<[z.ZodObject<{
300
+ source: z.ZodLiteral<"environment">;
261
301
  name: z.ZodString;
262
- secret: z.ZodDiscriminatedUnion<[z.ZodObject<{
263
- source: z.ZodLiteral<"environment">;
264
- name: z.ZodString;
265
- }, z.core.$strict>, z.ZodObject<{
266
- source: z.ZodLiteral<"1password">;
267
- ref: z.ZodString;
268
- }, z.core.$strict>], "source">;
269
- }, z.core.$strict>;
270
- }, z.core.$strict>;
302
+ }, z.core.$strict>, z.ZodObject<{
303
+ source: z.ZodLiteral<"1password">;
304
+ ref: z.ZodString;
305
+ }, z.core.$strict>], "source">;
306
+ }, z.core.$strict>>;
307
+ mcpProxy: z.ZodOptional<z.ZodObject<{
308
+ server: z.ZodDefault<z.ZodObject<{
309
+ host: z.ZodDefault<z.ZodString>;
310
+ port: z.ZodDefault<z.ZodNumber>;
311
+ }, z.core.$strict>>;
312
+ auth: z.ZodDefault<z.ZodObject<{
313
+ headerName: z.ZodDefault<z.ZodString>;
314
+ }, z.core.$strict>>;
315
+ }, z.core.$strict>>;
271
316
  agents: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
317
+ credentialVersion: z.ZodDefault<z.ZodNumber>;
272
318
  profile: z.ZodString;
273
319
  hmacKey: z.ZodOptional<z.ZodDiscriminatedUnion<[z.ZodObject<{
274
320
  source: z.ZodLiteral<"environment">;
@@ -314,7 +360,10 @@ declare const mcpPortalConfigSchema: z.ZodObject<{
314
360
  }, z.core.$strict>>;
315
361
  }, z.core.$strict>>;
316
362
  }, z.core.$strict>;
317
- type McpPortalConfig = z.infer<typeof mcpPortalConfigSchema>;
363
+ type ParsedMcpPortalConfig = z.infer<typeof mcpPortalConfigSchema>;
364
+ type McpPortalConfig = Omit<ParsedMcpPortalConfig, 'agents'> & {
365
+ readonly agents: Readonly<Record<string, McpPortalAgentConfig>>;
366
+ };
318
367
  declare const openClawMcpPortalPluginConfigSchema: z.ZodObject<{
319
368
  configDir: z.ZodString;
320
369
  binPath: z.ZodOptional<z.ZodString>;
@@ -355,5 +404,5 @@ interface ConfigContractSchemaArtifacts {
355
404
  }
356
405
  declare function createConfigContractSchemaArtifacts(): ConfigContractSchemaArtifacts;
357
406
  //#endregion
358
- export { ConfigContractSchemaArtifacts, JsonArray, JsonObject, JsonPrimitive, JsonValue, McpConfig, McpPortalAgentConfig, McpPortalApprovalToolAnnotations, McpPortalApprovalToolCall, McpPortalConfig, McpPortalProfileDefinition, McpPortalServerConfig, McpProvider, NamespaceToolRef, OpenClawMcpPortalPluginConfig, PortalApprovalConfig, ResolvedMcpPortalProfile, ResolvedMcpProvider, SecretValue, assertJsonObject, createConfigContractSchemaArtifacts, isJsonObject, jsonObjectSchema, jsonValueSchema, loadJsonConfigFile, loadMcpConfig, loadMcpPortalConfig, mcpConfigSchema, mcpConfigToResolvedProviders, mcpPortalAgentConfigSchema, mcpPortalCallRequiresApproval, mcpPortalConfigSchema, mcpPortalConfigSchemaIds, mcpPortalConfigSchemaPaths, mcpPortalConfigSchemaVersions, mcpPortalProfileDefinitionSchema, mcpPortalServerSchema, mcpProviderSchema, namespaceToolRefSchema, openClawMcpPortalPluginConfigSchema, portalApprovalConfigSchema, resolveMcpPortalProfile, resolvedMcpPortalProfileSchema, secretValueSchema, secretValueToEnvironmentReference };
407
+ export { ConfigContractSchemaArtifacts, JsonArray, JsonObject, JsonPrimitive, JsonValue, McpConfig, McpPortalAgentConfig, McpPortalApprovalToolAnnotations, McpPortalApprovalToolCall, McpPortalConfig, McpPortalExternalAuthConfig, McpPortalProfileDefinition, McpPortalProxyConfig, McpProvider, NamespaceToolRef, OpenClawMcpPortalPluginConfig, PortalApprovalConfig, ResolvedMcpPortalProfile, ResolvedMcpProvider, SecretValue, assertJsonObject, createConfigContractSchemaArtifacts, isJsonObject, jsonObjectSchema, jsonValueSchema, loadJsonConfigFile, loadMcpConfig, loadMcpPortalConfig, mcpConfigSchema, mcpConfigToResolvedProviders, mcpPortalAgentConfigSchema, mcpPortalCallRequiresApproval, mcpPortalConfigSchema, mcpPortalConfigSchemaIds, mcpPortalConfigSchemaPaths, mcpPortalConfigSchemaVersions, mcpPortalExternalAuthSchema, mcpPortalProfileDefinitionSchema, mcpPortalProxySchema, mcpProviderSchema, mcpSecretPolicySchema, namespaceToolRefSchema, openClawMcpPortalPluginConfigSchema, portalApprovalConfigSchema, resolveMcpPortalProfile, resolvedMcpPortalProfileSchema, secretValueSchema, secretValueToEnvironmentReference };
359
408
  //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","names":[],"sources":["../src/json-config-file.ts","../src/json-value.ts","../src/secret-value.ts","../src/mcp-config.ts","../src/mcp-portal-config.ts","../src/mcp-portal-approval-policy.ts","../src/schema-artifacts.ts"],"mappings":";;;iBAsBsB,kBAAA,CAAmB,QAAA,WAAmB,OAAA;;;KCpBhD,aAAA;AAAA,KACA,SAAA,GAAY,SAAA;AAAA,KACZ,UAAA;EAAA,CAAgB,GAAA,WAAc,SAAA;AAAA;AAAA,KAC9B,SAAA,GAAY,SAAA,GAAY,UAAA,GAAa,aAAA;AAAA,cAEpC,eAAA,EAAiB,CAAA,CAAE,OAAA,CAAQ,SAAA;AAAA,cAW3B,gBAAA,EAAkB,CAAA,CAAE,OAAA,CAAQ,UAAA;AAAA,iBAEzB,YAAA,CAAa,KAAA,YAAiB,KAAA,IAAS,UAAA;AAAA,iBAIvC,gBAAA,CAAiB,KAAA,WAAgB,KAAA,WAAgB,UAAA;;;cCtBpD,iBAAA,EAAiB,CAAA,CAAA,qBAAA,EAAA,CAAA,CAAA,SAAA;;;;;;;KAelB,WAAA,GAAc,CAAA,CAAE,KAAA,QAAa,iBAAA;;;cCoB5B,iBAAA,EAAiB,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAajB,eAAA,EAAe,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAQhB,SAAA,GAAY,CAAA,CAAE,KAAA,QAAa,eAAA;AAAA,KAC3B,WAAA,GAAc,CAAA,CAAE,KAAA,QAAa,iBAAA;AAAA,KAE7B,mBAAA;EAAA,SAEA,OAAA,EAAS,QAAA,CAAS,MAAA,SAAe,WAAA;EAAA,SACjC,SAAA;EAAA,SACA,SAAA;EAAA,SACA,GAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,GAAA;EAAA,SACA,GAAA,EAAK,QAAA,CAAS,MAAA,SAAe,WAAA;EAAA,SAC7B,SAAA;EAAA,SACA,SAAA;AAAA;AAAA,iBAGU,aAAA,CAAc,UAAA,WAAqB,OAAA,CAAQ,SAAA;AAAA,iBAIjD,4BAAA,CAA6B,MAAA,EAAQ,SAAA,YAAqB,mBAAA;;;cC5E7D,sBAAA,EAAsB,CAAA,CAAA,SAAA;;;;KAOvB,gBAAA,GAAmB,CAAA,CAAE,KAAA,QAAa,sBAAA;AAAA,cAEjC,0BAAA,EAA0B,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;KAY3B,oBAAA,GAAuB,CAAA,CAAE,KAAA,QAAa,0BAAA;AAAA,cAErC,gCAAA,EAAgC,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA2BjC,0BAAA,GAA6B,CAAA,CAAE,KAAA,QAAa,gCAAA;AAAA,cAE3C,8BAAA,EAA8B,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAiB/B,wBAAA,GAA2B,CAAA,CAAE,KAAA,QAAa,8BAAA;AAAA,cASzC,qBAAA,EAAqB,CAAA,CAAA,SAAA;;;;;;;;;;;;;;KAQtB,qBAAA,GAAwB,CAAA,CAAE,KAAA,QAAa,qBAAA;AAAA,cAEtC,0BAAA,EAA0B,CAAA,CAAA,SAAA;;;;;;;;;;KAO3B,oBAAA,GAAuB,CAAA,CAAE,KAAA,QAAa,0BAAA;AAAA,cAErC,qBAAA,EAAqB,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAmBtB,eAAA,GAAkB,CAAA,CAAE,KAAA,QAAa,qBAAA;AAAA,cAEhC,mCAAA,EAAmC,CAAA,CAAA,SAAA;;;;KAOpC,6BAAA,GAAgC,CAAA,CAAE,KAAA,QAAa,mCAAA;AAAA,iBAgBrC,mBAAA,CAAoB,UAAA,WAAqB,OAAA,CAAQ,eAAA;AAAA,iBAyCvD,uBAAA,CACf,MAAA,EAAQ,eAAA,EACR,WAAA,WACE,wBAAA;AAAA,iBAIa,iCAAA,CAAkC,MAAA,EAAQ,WAAA;;;UChMzC,gCAAA;EAAA,SACP,eAAA;EAAA,SACA,YAAA;AAAA;AAAA,UAGO,yBAAA;EAAA,SACP,WAAA,GAAc,gCAAA;EAAA,SACd,SAAA;EAAA,SACA,QAAA;AAAA;AAAA,iBAyBM,6BAAA,CACf,OAAA,EAAS,wBAAA,EACT,IAAA,EAAM,yBAAA;;;cChCM,6BAAA;EAAA,SAGH,GAAA;EAAA,SAAA,SAAA;AAAA;AAAA,cAEG,wBAAA;EAAA,SAGH,GAAA;EAAA,SAAA,SAAA;AAAA;AAAA,cAEG,0BAAA;EAAA,SAGH,oBAAA;EAAA,SAAA,0BAAA;AAAA;AAAA,UAEO,6BAAA;EAAA,SACP,GAAA,EAAK,MAAA;EAAA,SACL,SAAA,EAAW,MAAA;AAAA;AAAA,iBAUL,mCAAA,CAAA,GAAuC,6BAAA"}
1
+ {"version":3,"file":"index.d.ts","names":[],"sources":["../src/json-config-file.ts","../src/json-value.ts","../src/secret-value.ts","../src/mcp-config.ts","../src/mcp-portal-config.ts","../src/mcp-portal-approval-policy.ts","../src/schema-artifacts.ts"],"mappings":";;;iBAsBsB,kBAAA,CAAmB,QAAA,WAAmB,OAAA;;;KCpBhD,aAAA;AAAA,KACA,SAAA,GAAY,SAAA;AAAA,KACZ,UAAA;EAAA,CAAgB,GAAA,WAAc,SAAA;AAAA;AAAA,KAC9B,SAAA,GAAY,SAAA,GAAY,UAAA,GAAa,aAAA;AAAA,cAEpC,eAAA,EAAiB,CAAA,CAAE,OAAA,CAAQ,SAAA;AAAA,cAW3B,gBAAA,EAAkB,CAAA,CAAE,OAAA,CAAQ,UAAA;AAAA,iBAEzB,YAAA,CAAa,KAAA,YAAiB,KAAA,IAAS,UAAA;AAAA,iBAIvC,gBAAA,CAAiB,KAAA,WAAgB,KAAA,WAAgB,UAAA;;;cCtBpD,iBAAA,EAAiB,CAAA,CAAA,qBAAA,EAAA,CAAA,CAAA,SAAA;;;;;;;KAelB,WAAA,GAAc,CAAA,CAAE,KAAA,QAAa,iBAAA;;;cCgC5B,qBAAA,EAAqB,CAAA,CAAA,SAAA;;;;;;;cAuBrB,iBAAA,EAAiB,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAcjB,eAAA,EAAe,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAQhB,SAAA,GAAY,CAAA,CAAE,KAAA,QAAa,eAAA;AAAA,KAC3B,WAAA,GAAc,CAAA,CAAE,KAAA,QAAa,iBAAA;AAAA,KAE7B,mBAAA;EAAA,SAEA,OAAA,EAAS,QAAA,CAAS,MAAA,SAAe,WAAA;EAAA,SACjC,SAAA;EAAA,SACA,SAAA;EAAA,SACA,GAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,GAAA;EAAA,SACA,GAAA,EAAK,QAAA,CAAS,MAAA,SAAe,WAAA;EAAA,SAC7B,SAAA;EAAA,SACA,SAAA;AAAA;AAAA,iBAGU,aAAA,CAAc,UAAA,WAAqB,OAAA,CAAQ,SAAA;AAAA,iBAIjD,4BAAA,CAA6B,MAAA,EAAQ,SAAA,YAAqB,mBAAA;;;cChH7D,sBAAA,EAAsB,CAAA,CAAA,SAAA;;;;KAOvB,gBAAA,GAAmB,CAAA,CAAE,KAAA,QAAa,sBAAA;AAAA,cAEjC,0BAAA,EAA0B,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;KAY3B,oBAAA,GAAuB,CAAA,CAAE,KAAA,QAAa,0BAAA;AAAA,cAErC,gCAAA,EAAgC,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA2BjC,0BAAA,GAA6B,CAAA,CAAE,KAAA,QAAa,gCAAA;AAAA,cAE3C,8BAAA,EAA8B,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAiB/B,wBAAA,GAA2B,CAAA,CAAE,KAAA,QAAa,8BAAA;AAAA,cAEzC,2BAAA,EAA2B,CAAA,CAAA,SAAA;;;;;;;;;KAM5B,2BAAA,GAA8B,CAAA,CAAE,KAAA,QAAa,2BAAA;AAAA,cAS5C,oBAAA,EAAoB,CAAA,CAAA,SAAA;;;;;;;;;KAwBrB,oBAAA,GAAuB,CAAA,CAAE,KAAA,QAAa,oBAAA;AAAA,cAErC,0BAAA,EAA0B,CAAA,CAAA,SAAA;;;;;;;;;;;KAQ3B,oBAAA,GAAuB,CAAA,CAAE,KAAA,QAAa,0BAAA;AAAA,cAErC,qBAAA,EAAqB,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAoB7B,qBAAA,GAAwB,CAAA,CAAE,KAAA,QAAa,qBAAA;AAAA,KAChC,eAAA,GAAkB,IAAA,CAAK,qBAAA;EAAA,SACzB,MAAA,EAAQ,QAAA,CAAS,MAAA,SAAe,oBAAA;AAAA;AAAA,cAG7B,mCAAA,EAAmC,CAAA,CAAA,SAAA;;;;KAOpC,6BAAA,GAAgC,CAAA,CAAE,KAAA,QAAa,mCAAA;AAAA,iBAgBrC,mBAAA,CAAoB,UAAA,WAAqB,OAAA,CAAQ,eAAA;AAAA,iBAyCvD,uBAAA,CACf,MAAA,EAAQ,eAAA,EACR,WAAA,WACE,wBAAA;AAAA,iBAIa,iCAAA,CAAkC,MAAA,EAAQ,WAAA;;;UC7NzC,gCAAA;EAAA,SACP,eAAA;EAAA,SACA,YAAA;AAAA;AAAA,UAGO,yBAAA;EAAA,SACP,WAAA,GAAc,gCAAA;EAAA,SACd,SAAA;EAAA,SACA,QAAA;AAAA;AAAA,iBAyBM,6BAAA,CACf,OAAA,EAAS,wBAAA,EACT,IAAA,EAAM,yBAAA;;;cChCM,6BAAA;EAAA,SAGH,GAAA;EAAA,SAAA,SAAA;AAAA;AAAA,cAEG,wBAAA;EAAA,SAGH,GAAA;EAAA,SAAA,SAAA;AAAA;AAAA,cAEG,0BAAA;EAAA,SAGH,oBAAA;EAAA,SAAA,0BAAA;AAAA;AAAA,UAEO,6BAAA;EAAA,SACP,GAAA,EAAK,MAAA;EAAA,SACL,SAAA,EAAW,MAAA;AAAA;AAAA,iBAUL,mCAAA,CAAA,GAAuC,6BAAA"}
package/dist/index.js CHANGED
@@ -49,32 +49,56 @@ const secretValueSchema = z.discriminatedUnion("source", [z.object({
49
49
  name: z.string().min(1)
50
50
  }).strict(), z.object({
51
51
  source: z.literal("1password"),
52
- ref: z.string().min(1)
52
+ ref: z.string().regex(/^op:\/\//u, "1Password refs must start with op://")
53
53
  }).strict()]);
54
54
  //#endregion
55
55
  //#region src/mcp-config.ts
56
56
  const mcpProviderDiscoverySchema = z.object({ summary: z.string().min(1).optional() }).strict();
57
+ const remoteTransportUrlSchema = z.url().refine((value) => {
58
+ const protocol = new URL(value).protocol;
59
+ return protocol === "http:" || protocol === "https:";
60
+ }, { message: "Remote MCP transport URLs must use http or https." });
57
61
  const streamableHttpTransportSchema = z.object({
58
62
  kind: z.literal("streamable-http"),
59
- url: z.string().url(),
60
- headers: z.record(z.string(), secretValueSchema).default({})
63
+ url: remoteTransportUrlSchema,
64
+ headers: z.record(z.string(), secretValueSchema).default({}),
65
+ requiredEgressHosts: z.array(z.string().min(1)).default([])
61
66
  }).strict();
62
67
  const sseTransportSchema = z.object({
63
68
  kind: z.literal("sse"),
64
- url: z.string().url(),
65
- headers: z.record(z.string(), secretValueSchema).default({})
69
+ url: remoteTransportUrlSchema,
70
+ headers: z.record(z.string(), secretValueSchema).default({}),
71
+ requiredEgressHosts: z.array(z.string().min(1)).default([])
66
72
  }).strict();
67
73
  const stdioTransportSchema = z.object({
68
74
  kind: z.literal("stdio"),
69
75
  command: z.string().min(1),
70
76
  args: z.array(z.string()).default([]),
71
77
  cwd: z.string().min(1).optional(),
72
- env: z.record(z.string(), secretValueSchema).default({})
78
+ env: z.record(z.string(), secretValueSchema).default({}),
79
+ networkAccess: z.enum(["declared", "none"]).optional(),
80
+ requiredEgressHosts: z.array(z.string().min(1)).default([])
73
81
  }).strict();
82
+ const mcpSecretPolicySchema = z.object({
83
+ hosts: z.array(z.string()).default([]),
84
+ injection: z.enum(["env", "http-mediation"])
85
+ }).strict().superRefine((policy, context) => {
86
+ if (policy.injection === "http-mediation" && policy.hosts.length === 0) context.addIssue({
87
+ code: z.ZodIssueCode.custom,
88
+ message: "http-mediation secret policies must declare at least one host.",
89
+ path: ["hosts"]
90
+ });
91
+ if (policy.injection === "env" && policy.hosts.length > 0) context.addIssue({
92
+ code: z.ZodIssueCode.custom,
93
+ message: "env secret policies must not declare hosts.",
94
+ path: ["hosts"]
95
+ });
96
+ });
74
97
  const mcpProviderSchema = z.object({
75
98
  kind: z.literal("mcp"),
76
99
  namespace: z.string().min(1),
77
100
  discovery: mcpProviderDiscoverySchema.default({}),
101
+ secretPolicies: z.record(z.string().min(1), mcpSecretPolicySchema).default({}),
78
102
  transport: z.discriminatedUnion("kind", [
79
103
  streamableHttpTransportSchema,
80
104
  sseTransportSchema,
@@ -163,23 +187,31 @@ const resolvedMcpPortalProfileSchema = z.object({
163
187
  cache: z.object({ catalogTtlMs: z.number().int().positive() }).strict(),
164
188
  approval: portalApprovalConfigSchema
165
189
  }).strict();
166
- const mcpPortalAccessHeaderSchema = z.object({
167
- name: z.string().min(1),
168
- secret: secretValueSchema
169
- }).strict();
170
- const mcpPortalServerSchema = z.object({
171
- host: z.string().min(1).default("127.0.0.1"),
172
- port: z.number().int().min(1).max(65535).default(18790),
173
- accessHeader: mcpPortalAccessHeaderSchema
190
+ const mcpPortalExternalAuthSchema = z.object({ masterKey: secretValueSchema }).strict();
191
+ function isLoopbackProxyHost(host) {
192
+ const normalizedHost = host.toLowerCase();
193
+ return normalizedHost === "localhost" || normalizedHost === "127.0.0.1" || normalizedHost === "::1";
194
+ }
195
+ const mcpPortalProxySchema = z.object({
196
+ server: z.object({
197
+ host: z.string().min(1).refine(isLoopbackProxyHost, { message: "mcpProxy.server.host must be loopback-only for HTTP bearer auth." }).default("127.0.0.1"),
198
+ port: z.number().int().min(1).max(65535).default(18791)
199
+ }).strict().default({
200
+ host: "127.0.0.1",
201
+ port: 18791
202
+ }),
203
+ auth: z.object({ headerName: z.string().min(1).default("authorization") }).strict().default({ headerName: "authorization" })
174
204
  }).strict();
175
205
  const mcpPortalAgentConfigSchema = z.object({
206
+ credentialVersion: z.number().int().positive().default(1),
176
207
  profile: z.string().min(1),
177
208
  hmacKey: secretValueSchema.optional()
178
209
  }).strict();
179
210
  const mcpPortalConfigSchema = z.object({
180
211
  $schema: z.string().min(1).optional(),
181
212
  schemaVersion: z.literal(1),
182
- server: mcpPortalServerSchema,
213
+ externalAuth: mcpPortalExternalAuthSchema.optional(),
214
+ mcpProxy: mcpPortalProxySchema.optional(),
183
215
  agents: z.record(z.string().min(1), mcpPortalAgentConfigSchema).default({}),
184
216
  profiles: z.record(z.string().min(1), mcpPortalProfileDefinitionSchema)
185
217
  }).strict().superRefine((config, context) => {
@@ -259,6 +291,6 @@ function createConfigContractSchemaArtifacts() {
259
291
  };
260
292
  }
261
293
  //#endregion
262
- export { assertJsonObject, createConfigContractSchemaArtifacts, isJsonObject, jsonObjectSchema, jsonValueSchema, loadJsonConfigFile, loadMcpConfig, loadMcpPortalConfig, mcpConfigSchema, mcpConfigToResolvedProviders, mcpPortalAgentConfigSchema, mcpPortalCallRequiresApproval, mcpPortalConfigSchema, mcpPortalConfigSchemaIds, mcpPortalConfigSchemaPaths, mcpPortalConfigSchemaVersions, mcpPortalProfileDefinitionSchema, mcpPortalServerSchema, mcpProviderSchema, namespaceToolRefSchema, openClawMcpPortalPluginConfigSchema, portalApprovalConfigSchema, resolveMcpPortalProfile, resolvedMcpPortalProfileSchema, secretValueSchema, secretValueToEnvironmentReference };
294
+ export { assertJsonObject, createConfigContractSchemaArtifacts, isJsonObject, jsonObjectSchema, jsonValueSchema, loadJsonConfigFile, loadMcpConfig, loadMcpPortalConfig, mcpConfigSchema, mcpConfigToResolvedProviders, mcpPortalAgentConfigSchema, mcpPortalCallRequiresApproval, mcpPortalConfigSchema, mcpPortalConfigSchemaIds, mcpPortalConfigSchemaPaths, mcpPortalConfigSchemaVersions, mcpPortalExternalAuthSchema, mcpPortalProfileDefinitionSchema, mcpPortalProxySchema, mcpProviderSchema, mcpSecretPolicySchema, namespaceToolRefSchema, openClawMcpPortalPluginConfigSchema, portalApprovalConfigSchema, resolveMcpPortalProfile, resolvedMcpPortalProfileSchema, secretValueSchema, secretValueToEnvironmentReference };
263
295
 
264
296
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":[],"sources":["../src/json-config-file.ts","../src/json-value.ts","../src/secret-value.ts","../src/mcp-config.ts","../src/mcp-portal-approval-policy.ts","../src/mcp-portal-config.ts","../src/schema-artifacts.ts"],"sourcesContent":["import { readFile } from 'node:fs/promises';\n\nimport { parse, type ParseError, type ParseOptions, printParseErrorCode } from 'jsonc-parser';\n\nconst parseJsoncToUnknown: (text: string, errors: ParseError[], options: ParseOptions) => unknown =\n\tparse;\n\nfunction formatLineColumn(text: string, offset: number): string {\n\tconst prefix = text.slice(0, offset);\n\tconst line = prefix.split('\\n').length;\n\tconst lastLineBreakIndex = prefix.lastIndexOf('\\n');\n\tconst column = offset - lastLineBreakIndex;\n\treturn `line ${line}, column ${column}`;\n}\n\nfunction formatParseError(filePath: string, text: string, error: ParseError): string {\n\treturn [\n\t\t`Invalid JSONC in ${filePath}: ${formatLineColumn(text, error.offset)}:`,\n\t\tprintParseErrorCode(error.error),\n\t].join(' ');\n}\n\nexport async function loadJsonConfigFile(filePath: string): Promise<unknown> {\n\tconst rawConfig = await readFile(filePath, 'utf8');\n\tconst parseErrors: ParseError[] = [];\n\tconst parsedConfig = parseJsoncToUnknown(rawConfig, parseErrors, {\n\t\tallowTrailingComma: true,\n\t\tdisallowComments: false,\n\t});\n\n\tif (parseErrors.length > 0) {\n\t\tconst firstParseError = parseErrors[0];\n\t\tif (firstParseError !== undefined) {\n\t\t\tthrow new Error(formatParseError(filePath, rawConfig, firstParseError));\n\t\t}\n\t}\n\n\treturn parsedConfig;\n}\n","import { z } from 'zod';\n\nexport type JsonPrimitive = boolean | null | number | string;\nexport type JsonArray = JsonValue[];\nexport type JsonObject = { [key: string]: JsonValue };\nexport type JsonValue = JsonArray | JsonObject | JsonPrimitive;\n\nexport const jsonValueSchema: z.ZodType<JsonValue> = z.lazy(() =>\n\tz.union([\n\t\tz.string(),\n\t\tz.number().finite(),\n\t\tz.boolean(),\n\t\tz.null(),\n\t\tz.array(jsonValueSchema),\n\t\tjsonObjectSchema,\n\t]),\n);\n\nexport const jsonObjectSchema: z.ZodType<JsonObject> = z.record(z.string(), jsonValueSchema);\n\nexport function isJsonObject(value: unknown): value is JsonObject {\n\treturn typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nexport function assertJsonObject(value: unknown, label: string): JsonObject {\n\tif (!isJsonObject(value)) {\n\t\tthrow new Error(`${label} must be a JSON object.`);\n\t}\n\n\treturn jsonObjectSchema.parse(value);\n}\n","import { z } from 'zod';\n\nexport const secretValueSchema = z.discriminatedUnion('source', [\n\tz\n\t\t.object({\n\t\t\tsource: z.literal('environment'),\n\t\t\tname: z.string().min(1),\n\t\t})\n\t\t.strict(),\n\tz\n\t\t.object({\n\t\t\tsource: z.literal('1password'),\n\t\t\tref: z.string().min(1),\n\t\t})\n\t\t.strict(),\n]);\n\nexport type SecretValue = z.infer<typeof secretValueSchema>;\n","import { z } from 'zod';\n\nimport { loadJsonConfigFile } from './json-config-file.js';\nimport { secretValueSchema, type SecretValue } from './secret-value.js';\n\nconst mcpProviderDiscoverySchema = z\n\t.object({\n\t\tsummary: z.string().min(1).optional(),\n\t})\n\t.strict();\n\nconst streamableHttpTransportSchema = z\n\t.object({\n\t\tkind: z.literal('streamable-http'),\n\t\turl: z.string().url(),\n\t\theaders: z.record(z.string(), secretValueSchema).default({}),\n\t})\n\t.strict();\n\nconst sseTransportSchema = z\n\t.object({\n\t\tkind: z.literal('sse'),\n\t\turl: z.string().url(),\n\t\theaders: z.record(z.string(), secretValueSchema).default({}),\n\t})\n\t.strict();\n\nconst stdioTransportSchema = z\n\t.object({\n\t\tkind: z.literal('stdio'),\n\t\tcommand: z.string().min(1),\n\t\targs: z.array(z.string()).default([]),\n\t\tcwd: z.string().min(1).optional(),\n\t\tenv: z.record(z.string(), secretValueSchema).default({}),\n\t})\n\t.strict();\n\nexport const mcpProviderSchema = z\n\t.object({\n\t\tkind: z.literal('mcp'),\n\t\tnamespace: z.string().min(1),\n\t\tdiscovery: mcpProviderDiscoverySchema.default({}),\n\t\ttransport: z.discriminatedUnion('kind', [\n\t\t\tstreamableHttpTransportSchema,\n\t\t\tsseTransportSchema,\n\t\t\tstdioTransportSchema,\n\t\t]),\n\t})\n\t.strict();\n\nexport const mcpConfigSchema = z\n\t.object({\n\t\t$schema: z.string().min(1).optional(),\n\t\tschemaVersion: z.literal(1),\n\t\tproviders: z.record(z.string().min(1), mcpProviderSchema).default({}),\n\t})\n\t.strict();\n\nexport type McpConfig = z.infer<typeof mcpConfigSchema>;\nexport type McpProvider = z.infer<typeof mcpProviderSchema>;\n\nexport type ResolvedMcpProvider =\n\t| {\n\t\t\treadonly headers: Readonly<Record<string, SecretValue>>;\n\t\t\treadonly namespace: string;\n\t\t\treadonly transport: 'streamable-http' | 'sse';\n\t\t\treadonly url: string;\n\t }\n\t| {\n\t\t\treadonly args: readonly string[];\n\t\t\treadonly command: string;\n\t\t\treadonly cwd?: string;\n\t\t\treadonly env: Readonly<Record<string, SecretValue>>;\n\t\t\treadonly namespace: string;\n\t\t\treadonly transport: 'stdio';\n\t };\n\nexport async function loadMcpConfig(configPath: string): Promise<McpConfig> {\n\treturn mcpConfigSchema.parse(await loadJsonConfigFile(configPath));\n}\n\nexport function mcpConfigToResolvedProviders(config: McpConfig): readonly ResolvedMcpProvider[] {\n\treturn Object.values(config.providers).map((provider) => {\n\t\tconst transport = provider.transport;\n\t\tif (transport.kind === 'stdio') {\n\t\t\tconst resolvedProvider: {\n\t\t\t\targs: readonly string[];\n\t\t\t\tcommand: string;\n\t\t\t\tcwd?: string;\n\t\t\t\tenv: Readonly<Record<string, SecretValue>>;\n\t\t\t\tnamespace: string;\n\t\t\t\ttransport: 'stdio';\n\t\t\t} = {\n\t\t\t\targs: transport.args,\n\t\t\t\tcommand: transport.command,\n\t\t\t\tenv: transport.env,\n\t\t\t\tnamespace: provider.namespace,\n\t\t\t\ttransport: transport.kind,\n\t\t\t};\n\t\t\tif (transport.cwd !== undefined) {\n\t\t\t\tresolvedProvider.cwd = transport.cwd;\n\t\t\t}\n\t\t\treturn resolvedProvider;\n\t\t}\n\n\t\treturn {\n\t\t\theaders: transport.headers,\n\t\t\tnamespace: provider.namespace,\n\t\t\ttransport: transport.kind,\n\t\t\turl: transport.url,\n\t\t};\n\t});\n}\n","import type { NamespaceToolRef, ResolvedMcpPortalProfile } from './mcp-portal-config.js';\n\nexport interface McpPortalApprovalToolAnnotations {\n\treadonly destructiveHint?: boolean | undefined;\n\treadonly readOnlyHint?: boolean | undefined;\n}\n\nexport interface McpPortalApprovalToolCall {\n\treadonly annotations?: McpPortalApprovalToolAnnotations;\n\treadonly namespace: string;\n\treadonly toolName: string;\n}\n\nfunction selectorMatches(\n\tselectors: readonly NamespaceToolRef[],\n\tnamespace: string,\n\ttoolName: string,\n): boolean {\n\treturn selectors.some(\n\t\t(selector) => selector.namespace === namespace && selector.toolName === toolName,\n\t);\n}\n\nfunction hasTrustedReadOnlyAnnotation(\n\tprofile: ResolvedMcpPortalProfile,\n\tcall: McpPortalApprovalToolCall,\n): boolean {\n\treturn (\n\t\tprofile.approval.annotationPolicy === 'destructive-requires-approval' &&\n\t\tprofile.approval.trustedAnnotationNamespaces.includes(call.namespace) &&\n\t\tcall.annotations?.readOnlyHint === true &&\n\t\tcall.annotations.destructiveHint !== true\n\t);\n}\n\nexport function mcpPortalCallRequiresApproval(\n\tprofile: ResolvedMcpPortalProfile,\n\tcall: McpPortalApprovalToolCall,\n): boolean {\n\tif (selectorMatches(profile.approval.allowWithoutApprovalTools, call.namespace, call.toolName)) {\n\t\treturn false;\n\t}\n\tif (profile.approval.annotationPolicy === 'always-require-approval') {\n\t\treturn true;\n\t}\n\tif (\n\t\tselectorMatches(profile.approval.alwaysAskTools, call.namespace, call.toolName) ||\n\t\tselectorMatches(profile.approval.writeTools, call.namespace, call.toolName)\n\t) {\n\t\treturn true;\n\t}\n\treturn !hasTrustedReadOnlyAnnotation(profile, call);\n}\n","import { z } from 'zod';\n\nimport { loadJsonConfigFile } from './json-config-file.js';\nimport { secretValueSchema, type SecretValue } from './secret-value.js';\n\nexport const namespaceToolRefSchema = z\n\t.object({\n\t\tnamespace: z.string().min(1),\n\t\ttoolName: z.string().min(1),\n\t})\n\t.strict();\n\nexport type NamespaceToolRef = z.infer<typeof namespaceToolRefSchema>;\n\nexport const portalApprovalConfigSchema = z\n\t.object({\n\t\tallowWithoutApprovalTools: z.array(namespaceToolRefSchema).default([]),\n\t\talwaysAskTools: z.array(namespaceToolRefSchema).default([]),\n\t\tannotationPolicy: z\n\t\t\t.enum(['destructive-requires-approval', 'always-require-approval'])\n\t\t\t.default('destructive-requires-approval'),\n\t\ttrustedAnnotationNamespaces: z.array(z.string().min(1)).default([]),\n\t\twriteTools: z.array(namespaceToolRefSchema).default([]),\n\t})\n\t.strict();\n\nexport type PortalApprovalConfig = z.infer<typeof portalApprovalConfigSchema>;\n\nexport const mcpPortalProfileDefinitionSchema = z\n\t.object({\n\t\textends: z.string().min(1).optional(),\n\t\tenabledNamespaces: z.array(z.string().min(1)).optional(),\n\t\tenabledToolsByNamespace: z.record(z.string().min(1), z.array(z.string().min(1))).optional(),\n\t\thiddenToolsByNamespace: z.record(z.string().min(1), z.array(z.string().min(1))).optional(),\n\t\tlogging: z\n\t\t\t.object({ enabled: z.boolean().default(false) })\n\t\t\t.strict()\n\t\t\t.optional(),\n\t\tpromptContext: z\n\t\t\t.object({\n\t\t\t\tenabled: z.boolean().default(true),\n\t\t\t\tmaxNamespaces: z.number().int().positive().default(12),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.optional(),\n\t\tcache: z\n\t\t\t.object({\n\t\t\t\tcatalogTtlMs: z.number().int().positive().default(60_000),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.optional(),\n\t\tapproval: portalApprovalConfigSchema.optional(),\n\t})\n\t.strict();\n\nexport type McpPortalProfileDefinition = z.infer<typeof mcpPortalProfileDefinitionSchema>;\n\nexport const resolvedMcpPortalProfileSchema = z\n\t.object({\n\t\tenabledNamespaces: z.array(z.string().min(1)),\n\t\tenabledToolsByNamespace: z.record(z.string().min(1), z.array(z.string().min(1))),\n\t\thiddenToolsByNamespace: z.record(z.string().min(1), z.array(z.string().min(1))),\n\t\tlogging: z.object({ enabled: z.boolean() }).strict(),\n\t\tpromptContext: z\n\t\t\t.object({\n\t\t\t\tenabled: z.boolean(),\n\t\t\t\tmaxNamespaces: z.number().int().positive(),\n\t\t\t})\n\t\t\t.strict(),\n\t\tcache: z.object({ catalogTtlMs: z.number().int().positive() }).strict(),\n\t\tapproval: portalApprovalConfigSchema,\n\t})\n\t.strict();\n\nexport type ResolvedMcpPortalProfile = z.infer<typeof resolvedMcpPortalProfileSchema>;\n\nconst mcpPortalAccessHeaderSchema = z\n\t.object({\n\t\tname: z.string().min(1),\n\t\tsecret: secretValueSchema,\n\t})\n\t.strict();\n\nexport const mcpPortalServerSchema = z\n\t.object({\n\t\thost: z.string().min(1).default('127.0.0.1'),\n\t\tport: z.number().int().min(1).max(65_535).default(18_790),\n\t\taccessHeader: mcpPortalAccessHeaderSchema,\n\t})\n\t.strict();\n\nexport type McpPortalServerConfig = z.infer<typeof mcpPortalServerSchema>;\n\nexport const mcpPortalAgentConfigSchema = z\n\t.object({\n\t\tprofile: z.string().min(1),\n\t\thmacKey: secretValueSchema.optional(),\n\t})\n\t.strict();\n\nexport type McpPortalAgentConfig = z.infer<typeof mcpPortalAgentConfigSchema>;\n\nexport const mcpPortalConfigSchema = z\n\t.object({\n\t\t$schema: z.string().min(1).optional(),\n\t\tschemaVersion: z.literal(1),\n\t\tserver: mcpPortalServerSchema,\n\t\tagents: z.record(z.string().min(1), mcpPortalAgentConfigSchema).default({}),\n\t\tprofiles: z.record(z.string().min(1), mcpPortalProfileDefinitionSchema),\n\t})\n\t.strict()\n\t.superRefine((config, context) => {\n\t\tif (Object.keys(config.profiles).length === 0) {\n\t\t\tcontext.addIssue({\n\t\t\t\tcode: z.ZodIssueCode.custom,\n\t\t\t\tmessage: 'mcp-portal.config.jsonc must define at least one profile.',\n\t\t\t\tpath: ['profiles'],\n\t\t\t});\n\t\t}\n\t});\n\nexport type McpPortalConfig = z.infer<typeof mcpPortalConfigSchema>;\n\nexport const openClawMcpPortalPluginConfigSchema = z\n\t.object({\n\t\tconfigDir: z.string().min(1),\n\t\tbinPath: z.string().min(1).optional(),\n\t})\n\t.strict();\n\nexport type OpenClawMcpPortalPluginConfig = z.infer<typeof openClawMcpPortalPluginConfigSchema>;\n\nconst defaultProfile: ResolvedMcpPortalProfile = {\n\tapproval: portalApprovalConfigSchema.parse({}),\n\tcache: { catalogTtlMs: 60_000 },\n\tenabledNamespaces: [],\n\tenabledToolsByNamespace: {},\n\thiddenToolsByNamespace: {},\n\tlogging: { enabled: false },\n\tpromptContext: { enabled: true, maxNamespaces: 12 },\n};\n\ninterface ResolveProfileState {\n\treadonly stack: readonly string[];\n}\n\nexport async function loadMcpPortalConfig(configPath: string): Promise<McpPortalConfig> {\n\treturn mcpPortalConfigSchema.parse(await loadJsonConfigFile(configPath));\n}\n\nfunction mergeProfile(\n\tbase: ResolvedMcpPortalProfile,\n\toverride: McpPortalProfileDefinition,\n): ResolvedMcpPortalProfile {\n\treturn resolvedMcpPortalProfileSchema.parse({\n\t\tapproval: override.approval ?? base.approval,\n\t\tcache: override.cache ?? base.cache,\n\t\tenabledNamespaces: override.enabledNamespaces ?? base.enabledNamespaces,\n\t\tenabledToolsByNamespace: override.enabledToolsByNamespace ?? base.enabledToolsByNamespace,\n\t\thiddenToolsByNamespace: override.hiddenToolsByNamespace ?? base.hiddenToolsByNamespace,\n\t\tlogging: override.logging ?? base.logging,\n\t\tpromptContext: override.promptContext ?? base.promptContext,\n\t});\n}\n\nfunction resolveMcpPortalProfileWithState(\n\tconfig: McpPortalConfig,\n\tprofileName: string,\n\tstate: ResolveProfileState,\n): ResolvedMcpPortalProfile {\n\tconst profile = config.profiles[profileName];\n\tif (profile === undefined) {\n\t\tthrow new Error(`unknown MCP profile '${profileName}'`);\n\t}\n\tif (state.stack.includes(profileName)) {\n\t\tthrow new Error(`MCP profile inheritance cycle: ${[...state.stack, profileName].join(' -> ')}`);\n\t}\n\n\tconst parentProfile =\n\t\tprofile.extends === undefined\n\t\t\t? defaultProfile\n\t\t\t: resolveMcpPortalProfileWithState(config, profile.extends, {\n\t\t\t\t\tstack: [...state.stack, profileName],\n\t\t\t\t});\n\treturn mergeProfile(parentProfile, profile);\n}\n\nexport function resolveMcpPortalProfile(\n\tconfig: McpPortalConfig,\n\tprofileName: string,\n): ResolvedMcpPortalProfile {\n\treturn resolveMcpPortalProfileWithState(config, profileName, { stack: [] });\n}\n\nexport function secretValueToEnvironmentReference(secret: SecretValue): string {\n\tif (secret.source === 'environment') {\n\t\treturn `\\${${secret.name}}`;\n\t}\n\treturn secret.ref;\n}\n","import * as zod from 'zod';\n\nimport { mcpConfigSchema } from './mcp-config.js';\nimport { mcpPortalConfigSchema } from './mcp-portal-config.js';\n\nexport const mcpPortalConfigSchemaVersions = {\n\tmcp: 1,\n\tmcpPortal: 1,\n} as const;\n\nexport const mcpPortalConfigSchemaIds = {\n\tmcp: 'agent-vm:mcp:1',\n\tmcpPortal: 'agent-vm:mcp-portal:1',\n} as const;\n\nexport const mcpPortalConfigSchemaPaths = {\n\tmcpFromGatewayConfig: '../../schemas/mcp.schema.json',\n\tmcpPortalFromGatewayConfig: '../../schemas/mcp-portal.schema.json',\n} as const;\n\nexport interface ConfigContractSchemaArtifacts {\n\treadonly mcp: Record<string, unknown>;\n\treadonly mcpPortal: Record<string, unknown>;\n}\n\nfunction withSchemaId(schema: Record<string, unknown>, schemaId: string): Record<string, unknown> {\n\treturn {\n\t\t$id: schemaId,\n\t\t...schema,\n\t};\n}\n\nexport function createConfigContractSchemaArtifacts(): ConfigContractSchemaArtifacts {\n\treturn {\n\t\tmcp: withSchemaId(\n\t\t\tzod.toJSONSchema(mcpConfigSchema, { target: 'draft-07' }),\n\t\t\tmcpPortalConfigSchemaIds.mcp,\n\t\t),\n\t\tmcpPortal: withSchemaId(\n\t\t\tzod.toJSONSchema(mcpPortalConfigSchema, { target: 'draft-07' }),\n\t\t\tmcpPortalConfigSchemaIds.mcpPortal,\n\t\t),\n\t};\n}\n"],"mappings":";;;;;AAIA,MAAM,sBACL;AAED,SAAS,iBAAiB,MAAc,QAAwB;CAC/D,MAAM,SAAS,KAAK,MAAM,GAAG,OAAO;CAIpC,OAAO,QAHM,OAAO,MAAM,KAAK,CAAC,OAGZ,WADL,SADY,OAAO,YAAY,KACJ;;AAI3C,SAAS,iBAAiB,UAAkB,MAAc,OAA2B;CACpF,OAAO,CACN,oBAAoB,SAAS,IAAI,iBAAiB,MAAM,MAAM,OAAO,CAAC,IACtE,oBAAoB,MAAM,MAAM,CAChC,CAAC,KAAK,IAAI;;AAGZ,eAAsB,mBAAmB,UAAoC;CAC5E,MAAM,YAAY,MAAM,SAAS,UAAU,OAAO;CAClD,MAAM,cAA4B,EAAE;CACpC,MAAM,eAAe,oBAAoB,WAAW,aAAa;EAChE,oBAAoB;EACpB,kBAAkB;EAClB,CAAC;CAEF,IAAI,YAAY,SAAS,GAAG;EAC3B,MAAM,kBAAkB,YAAY;EACpC,IAAI,oBAAoB,KAAA,GACvB,MAAM,IAAI,MAAM,iBAAiB,UAAU,WAAW,gBAAgB,CAAC;;CAIzE,OAAO;;;;AC9BR,MAAa,kBAAwC,EAAE,WACtD,EAAE,MAAM;CACP,EAAE,QAAQ;CACV,EAAE,QAAQ,CAAC,QAAQ;CACnB,EAAE,SAAS;CACX,EAAE,MAAM;CACR,EAAE,MAAM,gBAAgB;CACxB;CACA,CAAC,CACF;AAED,MAAa,mBAA0C,EAAE,OAAO,EAAE,QAAQ,EAAE,gBAAgB;AAE5F,SAAgB,aAAa,OAAqC;CACjE,OAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,MAAM;;AAG5E,SAAgB,iBAAiB,OAAgB,OAA2B;CAC3E,IAAI,CAAC,aAAa,MAAM,EACvB,MAAM,IAAI,MAAM,GAAG,MAAM,yBAAyB;CAGnD,OAAO,iBAAiB,MAAM,MAAM;;;;AC3BrC,MAAa,oBAAoB,EAAE,mBAAmB,UAAU,CAC/D,EACE,OAAO;CACP,QAAQ,EAAE,QAAQ,cAAc;CAChC,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE;CACvB,CAAC,CACD,QAAQ,EACV,EACE,OAAO;CACP,QAAQ,EAAE,QAAQ,YAAY;CAC9B,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE;CACtB,CAAC,CACD,QAAQ,CACV,CAAC;;;ACVF,MAAM,6BAA6B,EACjC,OAAO,EACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU,EACrC,CAAC,CACD,QAAQ;AAEV,MAAM,gCAAgC,EACpC,OAAO;CACP,MAAM,EAAE,QAAQ,kBAAkB;CAClC,KAAK,EAAE,QAAQ,CAAC,KAAK;CACrB,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CAC5D,CAAC,CACD,QAAQ;AAEV,MAAM,qBAAqB,EACzB,OAAO;CACP,MAAM,EAAE,QAAQ,MAAM;CACtB,KAAK,EAAE,QAAQ,CAAC,KAAK;CACrB,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CAC5D,CAAC,CACD,QAAQ;AAEV,MAAM,uBAAuB,EAC3B,OAAO;CACP,MAAM,EAAE,QAAQ,QAAQ;CACxB,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC1B,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;CACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACjC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CACxD,CAAC,CACD,QAAQ;AAEV,MAAa,oBAAoB,EAC/B,OAAO;CACP,MAAM,EAAE,QAAQ,MAAM;CACtB,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,WAAW,2BAA2B,QAAQ,EAAE,CAAC;CACjD,WAAW,EAAE,mBAAmB,QAAQ;EACvC;EACA;EACA;EACA,CAAC;CACF,CAAC,CACD,QAAQ;AAEV,MAAa,kBAAkB,EAC7B,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,eAAe,EAAE,QAAQ,EAAE;CAC3B,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CACrE,CAAC,CACD,QAAQ;AAqBV,eAAsB,cAAc,YAAwC;CAC3E,OAAO,gBAAgB,MAAM,MAAM,mBAAmB,WAAW,CAAC;;AAGnE,SAAgB,6BAA6B,QAAmD;CAC/F,OAAO,OAAO,OAAO,OAAO,UAAU,CAAC,KAAK,aAAa;EACxD,MAAM,YAAY,SAAS;EAC3B,IAAI,UAAU,SAAS,SAAS;GAC/B,MAAM,mBAOF;IACH,MAAM,UAAU;IAChB,SAAS,UAAU;IACnB,KAAK,UAAU;IACf,WAAW,SAAS;IACpB,WAAW,UAAU;IACrB;GACD,IAAI,UAAU,QAAQ,KAAA,GACrB,iBAAiB,MAAM,UAAU;GAElC,OAAO;;EAGR,OAAO;GACN,SAAS,UAAU;GACnB,WAAW,SAAS;GACpB,WAAW,UAAU;GACrB,KAAK,UAAU;GACf;GACA;;;;AClGH,SAAS,gBACR,WACA,WACA,UACU;CACV,OAAO,UAAU,MACf,aAAa,SAAS,cAAc,aAAa,SAAS,aAAa,SACxE;;AAGF,SAAS,6BACR,SACA,MACU;CACV,OACC,QAAQ,SAAS,qBAAqB,mCACtC,QAAQ,SAAS,4BAA4B,SAAS,KAAK,UAAU,IACrE,KAAK,aAAa,iBAAiB,QACnC,KAAK,YAAY,oBAAoB;;AAIvC,SAAgB,8BACf,SACA,MACU;CACV,IAAI,gBAAgB,QAAQ,SAAS,2BAA2B,KAAK,WAAW,KAAK,SAAS,EAC7F,OAAO;CAER,IAAI,QAAQ,SAAS,qBAAqB,2BACzC,OAAO;CAER,IACC,gBAAgB,QAAQ,SAAS,gBAAgB,KAAK,WAAW,KAAK,SAAS,IAC/E,gBAAgB,QAAQ,SAAS,YAAY,KAAK,WAAW,KAAK,SAAS,EAE3E,OAAO;CAER,OAAO,CAAC,6BAA6B,SAAS,KAAK;;;;AC9CpD,MAAa,yBAAyB,EACpC,OAAO;CACP,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC3B,CAAC,CACD,QAAQ;AAIV,MAAa,6BAA6B,EACxC,OAAO;CACP,2BAA2B,EAAE,MAAM,uBAAuB,CAAC,QAAQ,EAAE,CAAC;CACtE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC,QAAQ,EAAE,CAAC;CAC3D,kBAAkB,EAChB,KAAK,CAAC,iCAAiC,0BAA0B,CAAC,CAClE,QAAQ,gCAAgC;CAC1C,6BAA6B,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CACnE,YAAY,EAAE,MAAM,uBAAuB,CAAC,QAAQ,EAAE,CAAC;CACvD,CAAC,CACD,QAAQ;AAIV,MAAa,mCAAmC,EAC9C,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,mBAAmB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,UAAU;CACxD,yBAAyB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,UAAU;CAC3F,wBAAwB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,UAAU;CAC1F,SAAS,EACP,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC,QAAQ,MAAM,EAAE,CAAC,CAC/C,QAAQ,CACR,UAAU;CACZ,eAAe,EACb,OAAO;EACP,SAAS,EAAE,SAAS,CAAC,QAAQ,KAAK;EAClC,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,GAAG;EACtD,CAAC,CACD,QAAQ,CACR,UAAU;CACZ,OAAO,EACL,OAAO,EACP,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,IAAO,EACzD,CAAC,CACD,QAAQ,CACR,UAAU;CACZ,UAAU,2BAA2B,UAAU;CAC/C,CAAC,CACD,QAAQ;AAIV,MAAa,iCAAiC,EAC5C,OAAO;CACP,mBAAmB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;CAC7C,yBAAyB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;CAChF,wBAAwB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;CAC/E,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,QAAQ;CACpD,eAAe,EACb,OAAO;EACP,SAAS,EAAE,SAAS;EACpB,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU;EAC1C,CAAC,CACD,QAAQ;CACV,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ;CACvE,UAAU;CACV,CAAC,CACD,QAAQ;AAIV,MAAM,8BAA8B,EAClC,OAAO;CACP,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE;CACvB,QAAQ;CACR,CAAC,CACD,QAAQ;AAEV,MAAa,wBAAwB,EACnC,OAAO;CACP,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,QAAQ,YAAY;CAC5C,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,MAAO,CAAC,QAAQ,MAAO;CACzD,cAAc;CACd,CAAC,CACD,QAAQ;AAIV,MAAa,6BAA6B,EACxC,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC1B,SAAS,kBAAkB,UAAU;CACrC,CAAC,CACD,QAAQ;AAIV,MAAa,wBAAwB,EACnC,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,eAAe,EAAE,QAAQ,EAAE;CAC3B,QAAQ;CACR,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,2BAA2B,CAAC,QAAQ,EAAE,CAAC;CAC3E,UAAU,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,iCAAiC;CACvE,CAAC,CACD,QAAQ,CACR,aAAa,QAAQ,YAAY;CACjC,IAAI,OAAO,KAAK,OAAO,SAAS,CAAC,WAAW,GAC3C,QAAQ,SAAS;EAChB,MAAM,EAAE,aAAa;EACrB,SAAS;EACT,MAAM,CAAC,WAAW;EAClB,CAAC;EAEF;AAIH,MAAa,sCAAsC,EACjD,OAAO;CACP,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,CAAC,CACD,QAAQ;AAIV,MAAM,iBAA2C;CAChD,UAAU,2BAA2B,MAAM,EAAE,CAAC;CAC9C,OAAO,EAAE,cAAc,KAAQ;CAC/B,mBAAmB,EAAE;CACrB,yBAAyB,EAAE;CAC3B,wBAAwB,EAAE;CAC1B,SAAS,EAAE,SAAS,OAAO;CAC3B,eAAe;EAAE,SAAS;EAAM,eAAe;EAAI;CACnD;AAMD,eAAsB,oBAAoB,YAA8C;CACvF,OAAO,sBAAsB,MAAM,MAAM,mBAAmB,WAAW,CAAC;;AAGzE,SAAS,aACR,MACA,UAC2B;CAC3B,OAAO,+BAA+B,MAAM;EAC3C,UAAU,SAAS,YAAY,KAAK;EACpC,OAAO,SAAS,SAAS,KAAK;EAC9B,mBAAmB,SAAS,qBAAqB,KAAK;EACtD,yBAAyB,SAAS,2BAA2B,KAAK;EAClE,wBAAwB,SAAS,0BAA0B,KAAK;EAChE,SAAS,SAAS,WAAW,KAAK;EAClC,eAAe,SAAS,iBAAiB,KAAK;EAC9C,CAAC;;AAGH,SAAS,iCACR,QACA,aACA,OAC2B;CAC3B,MAAM,UAAU,OAAO,SAAS;CAChC,IAAI,YAAY,KAAA,GACf,MAAM,IAAI,MAAM,wBAAwB,YAAY,GAAG;CAExD,IAAI,MAAM,MAAM,SAAS,YAAY,EACpC,MAAM,IAAI,MAAM,kCAAkC,CAAC,GAAG,MAAM,OAAO,YAAY,CAAC,KAAK,OAAO,GAAG;CAShG,OAAO,aALN,QAAQ,YAAY,KAAA,IACjB,iBACA,iCAAiC,QAAQ,QAAQ,SAAS,EAC1D,OAAO,CAAC,GAAG,MAAM,OAAO,YAAY,EACpC,CAAC,EAC8B,QAAQ;;AAG5C,SAAgB,wBACf,QACA,aAC2B;CAC3B,OAAO,iCAAiC,QAAQ,aAAa,EAAE,OAAO,EAAE,EAAE,CAAC;;AAG5E,SAAgB,kCAAkC,QAA6B;CAC9E,IAAI,OAAO,WAAW,eACrB,OAAO,MAAM,OAAO,KAAK;CAE1B,OAAO,OAAO;;;;ACjMf,MAAa,gCAAgC;CAC5C,KAAK;CACL,WAAW;CACX;AAED,MAAa,2BAA2B;CACvC,KAAK;CACL,WAAW;CACX;AAED,MAAa,6BAA6B;CACzC,sBAAsB;CACtB,4BAA4B;CAC5B;AAOD,SAAS,aAAa,QAAiC,UAA2C;CACjG,OAAO;EACN,KAAK;EACL,GAAG;EACH;;AAGF,SAAgB,sCAAqE;CACpF,OAAO;EACN,KAAK,aACJ,IAAI,aAAa,iBAAiB,EAAE,QAAQ,YAAY,CAAC,EACzD,yBAAyB,IACzB;EACD,WAAW,aACV,IAAI,aAAa,uBAAuB,EAAE,QAAQ,YAAY,CAAC,EAC/D,yBAAyB,UACzB;EACD"}
1
+ {"version":3,"file":"index.js","names":[],"sources":["../src/json-config-file.ts","../src/json-value.ts","../src/secret-value.ts","../src/mcp-config.ts","../src/mcp-portal-approval-policy.ts","../src/mcp-portal-config.ts","../src/schema-artifacts.ts"],"sourcesContent":["import { readFile } from 'node:fs/promises';\n\nimport { parse, type ParseError, type ParseOptions, printParseErrorCode } from 'jsonc-parser';\n\nconst parseJsoncToUnknown: (text: string, errors: ParseError[], options: ParseOptions) => unknown =\n\tparse;\n\nfunction formatLineColumn(text: string, offset: number): string {\n\tconst prefix = text.slice(0, offset);\n\tconst line = prefix.split('\\n').length;\n\tconst lastLineBreakIndex = prefix.lastIndexOf('\\n');\n\tconst column = offset - lastLineBreakIndex;\n\treturn `line ${line}, column ${column}`;\n}\n\nfunction formatParseError(filePath: string, text: string, error: ParseError): string {\n\treturn [\n\t\t`Invalid JSONC in ${filePath}: ${formatLineColumn(text, error.offset)}:`,\n\t\tprintParseErrorCode(error.error),\n\t].join(' ');\n}\n\nexport async function loadJsonConfigFile(filePath: string): Promise<unknown> {\n\tconst rawConfig = await readFile(filePath, 'utf8');\n\tconst parseErrors: ParseError[] = [];\n\tconst parsedConfig = parseJsoncToUnknown(rawConfig, parseErrors, {\n\t\tallowTrailingComma: true,\n\t\tdisallowComments: false,\n\t});\n\n\tif (parseErrors.length > 0) {\n\t\tconst firstParseError = parseErrors[0];\n\t\tif (firstParseError !== undefined) {\n\t\t\tthrow new Error(formatParseError(filePath, rawConfig, firstParseError));\n\t\t}\n\t}\n\n\treturn parsedConfig;\n}\n","import { z } from 'zod';\n\nexport type JsonPrimitive = boolean | null | number | string;\nexport type JsonArray = JsonValue[];\nexport type JsonObject = { [key: string]: JsonValue };\nexport type JsonValue = JsonArray | JsonObject | JsonPrimitive;\n\nexport const jsonValueSchema: z.ZodType<JsonValue> = z.lazy(() =>\n\tz.union([\n\t\tz.string(),\n\t\tz.number().finite(),\n\t\tz.boolean(),\n\t\tz.null(),\n\t\tz.array(jsonValueSchema),\n\t\tjsonObjectSchema,\n\t]),\n);\n\nexport const jsonObjectSchema: z.ZodType<JsonObject> = z.record(z.string(), jsonValueSchema);\n\nexport function isJsonObject(value: unknown): value is JsonObject {\n\treturn typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nexport function assertJsonObject(value: unknown, label: string): JsonObject {\n\tif (!isJsonObject(value)) {\n\t\tthrow new Error(`${label} must be a JSON object.`);\n\t}\n\n\treturn jsonObjectSchema.parse(value);\n}\n","import { z } from 'zod';\n\nexport const secretValueSchema = z.discriminatedUnion('source', [\n\tz\n\t\t.object({\n\t\t\tsource: z.literal('environment'),\n\t\t\tname: z.string().min(1),\n\t\t})\n\t\t.strict(),\n\tz\n\t\t.object({\n\t\t\tsource: z.literal('1password'),\n\t\t\tref: z.string().regex(/^op:\\/\\//u, '1Password refs must start with op://'),\n\t\t})\n\t\t.strict(),\n]);\n\nexport type SecretValue = z.infer<typeof secretValueSchema>;\n","import { z } from 'zod';\n\nimport { loadJsonConfigFile } from './json-config-file.js';\nimport { secretValueSchema, type SecretValue } from './secret-value.js';\n\nconst mcpProviderDiscoverySchema = z\n\t.object({\n\t\tsummary: z.string().min(1).optional(),\n\t})\n\t.strict();\n\nconst remoteTransportUrlSchema = z.url().refine(\n\t(value) => {\n\t\tconst protocol = new URL(value).protocol;\n\t\treturn protocol === 'http:' || protocol === 'https:';\n\t},\n\t{ message: 'Remote MCP transport URLs must use http or https.' },\n);\n\nconst streamableHttpTransportSchema = z\n\t.object({\n\t\tkind: z.literal('streamable-http'),\n\t\turl: remoteTransportUrlSchema,\n\t\theaders: z.record(z.string(), secretValueSchema).default({}),\n\t\trequiredEgressHosts: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nconst sseTransportSchema = z\n\t.object({\n\t\tkind: z.literal('sse'),\n\t\turl: remoteTransportUrlSchema,\n\t\theaders: z.record(z.string(), secretValueSchema).default({}),\n\t\trequiredEgressHosts: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nconst stdioTransportSchema = z\n\t.object({\n\t\tkind: z.literal('stdio'),\n\t\tcommand: z.string().min(1),\n\t\targs: z.array(z.string()).default([]),\n\t\tcwd: z.string().min(1).optional(),\n\t\tenv: z.record(z.string(), secretValueSchema).default({}),\n\t\tnetworkAccess: z.enum(['declared', 'none']).optional(),\n\t\trequiredEgressHosts: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nexport const mcpSecretPolicySchema = z\n\t.object({\n\t\thosts: z.array(z.string()).default([]),\n\t\tinjection: z.enum(['env', 'http-mediation']),\n\t})\n\t.strict()\n\t.superRefine((policy, context) => {\n\t\tif (policy.injection === 'http-mediation' && policy.hosts.length === 0) {\n\t\t\tcontext.addIssue({\n\t\t\t\tcode: z.ZodIssueCode.custom,\n\t\t\t\tmessage: 'http-mediation secret policies must declare at least one host.',\n\t\t\t\tpath: ['hosts'],\n\t\t\t});\n\t\t}\n\t\tif (policy.injection === 'env' && policy.hosts.length > 0) {\n\t\t\tcontext.addIssue({\n\t\t\t\tcode: z.ZodIssueCode.custom,\n\t\t\t\tmessage: 'env secret policies must not declare hosts.',\n\t\t\t\tpath: ['hosts'],\n\t\t\t});\n\t\t}\n\t});\n\nexport const mcpProviderSchema = z\n\t.object({\n\t\tkind: z.literal('mcp'),\n\t\tnamespace: z.string().min(1),\n\t\tdiscovery: mcpProviderDiscoverySchema.default({}),\n\t\tsecretPolicies: z.record(z.string().min(1), mcpSecretPolicySchema).default({}),\n\t\ttransport: z.discriminatedUnion('kind', [\n\t\t\tstreamableHttpTransportSchema,\n\t\t\tsseTransportSchema,\n\t\t\tstdioTransportSchema,\n\t\t]),\n\t})\n\t.strict();\n\nexport const mcpConfigSchema = z\n\t.object({\n\t\t$schema: z.string().min(1).optional(),\n\t\tschemaVersion: z.literal(1),\n\t\tproviders: z.record(z.string().min(1), mcpProviderSchema).default({}),\n\t})\n\t.strict();\n\nexport type McpConfig = z.infer<typeof mcpConfigSchema>;\nexport type McpProvider = z.infer<typeof mcpProviderSchema>;\n\nexport type ResolvedMcpProvider =\n\t| {\n\t\t\treadonly headers: Readonly<Record<string, SecretValue>>;\n\t\t\treadonly namespace: string;\n\t\t\treadonly transport: 'streamable-http' | 'sse';\n\t\t\treadonly url: string;\n\t }\n\t| {\n\t\t\treadonly args: readonly string[];\n\t\t\treadonly command: string;\n\t\t\treadonly cwd?: string;\n\t\t\treadonly env: Readonly<Record<string, SecretValue>>;\n\t\t\treadonly namespace: string;\n\t\t\treadonly transport: 'stdio';\n\t };\n\nexport async function loadMcpConfig(configPath: string): Promise<McpConfig> {\n\treturn mcpConfigSchema.parse(await loadJsonConfigFile(configPath));\n}\n\nexport function mcpConfigToResolvedProviders(config: McpConfig): readonly ResolvedMcpProvider[] {\n\treturn Object.values(config.providers).map((provider) => {\n\t\tconst transport = provider.transport;\n\t\tif (transport.kind === 'stdio') {\n\t\t\tconst resolvedProvider: {\n\t\t\t\targs: readonly string[];\n\t\t\t\tcommand: string;\n\t\t\t\tcwd?: string;\n\t\t\t\tenv: Readonly<Record<string, SecretValue>>;\n\t\t\t\tnamespace: string;\n\t\t\t\ttransport: 'stdio';\n\t\t\t} = {\n\t\t\t\targs: transport.args,\n\t\t\t\tcommand: transport.command,\n\t\t\t\tenv: transport.env,\n\t\t\t\tnamespace: provider.namespace,\n\t\t\t\ttransport: transport.kind,\n\t\t\t};\n\t\t\tif (transport.cwd !== undefined) {\n\t\t\t\tresolvedProvider.cwd = transport.cwd;\n\t\t\t}\n\t\t\treturn resolvedProvider;\n\t\t}\n\n\t\treturn {\n\t\t\theaders: transport.headers,\n\t\t\tnamespace: provider.namespace,\n\t\t\ttransport: transport.kind,\n\t\t\turl: transport.url,\n\t\t};\n\t});\n}\n","import type { NamespaceToolRef, ResolvedMcpPortalProfile } from './mcp-portal-config.js';\n\nexport interface McpPortalApprovalToolAnnotations {\n\treadonly destructiveHint?: boolean | undefined;\n\treadonly readOnlyHint?: boolean | undefined;\n}\n\nexport interface McpPortalApprovalToolCall {\n\treadonly annotations?: McpPortalApprovalToolAnnotations;\n\treadonly namespace: string;\n\treadonly toolName: string;\n}\n\nfunction selectorMatches(\n\tselectors: readonly NamespaceToolRef[],\n\tnamespace: string,\n\ttoolName: string,\n): boolean {\n\treturn selectors.some(\n\t\t(selector) => selector.namespace === namespace && selector.toolName === toolName,\n\t);\n}\n\nfunction hasTrustedReadOnlyAnnotation(\n\tprofile: ResolvedMcpPortalProfile,\n\tcall: McpPortalApprovalToolCall,\n): boolean {\n\treturn (\n\t\tprofile.approval.annotationPolicy === 'destructive-requires-approval' &&\n\t\tprofile.approval.trustedAnnotationNamespaces.includes(call.namespace) &&\n\t\tcall.annotations?.readOnlyHint === true &&\n\t\tcall.annotations.destructiveHint !== true\n\t);\n}\n\nexport function mcpPortalCallRequiresApproval(\n\tprofile: ResolvedMcpPortalProfile,\n\tcall: McpPortalApprovalToolCall,\n): boolean {\n\tif (selectorMatches(profile.approval.allowWithoutApprovalTools, call.namespace, call.toolName)) {\n\t\treturn false;\n\t}\n\tif (profile.approval.annotationPolicy === 'always-require-approval') {\n\t\treturn true;\n\t}\n\tif (\n\t\tselectorMatches(profile.approval.alwaysAskTools, call.namespace, call.toolName) ||\n\t\tselectorMatches(profile.approval.writeTools, call.namespace, call.toolName)\n\t) {\n\t\treturn true;\n\t}\n\treturn !hasTrustedReadOnlyAnnotation(profile, call);\n}\n","import { z } from 'zod';\n\nimport { loadJsonConfigFile } from './json-config-file.js';\nimport { secretValueSchema, type SecretValue } from './secret-value.js';\n\nexport const namespaceToolRefSchema = z\n\t.object({\n\t\tnamespace: z.string().min(1),\n\t\ttoolName: z.string().min(1),\n\t})\n\t.strict();\n\nexport type NamespaceToolRef = z.infer<typeof namespaceToolRefSchema>;\n\nexport const portalApprovalConfigSchema = z\n\t.object({\n\t\tallowWithoutApprovalTools: z.array(namespaceToolRefSchema).default([]),\n\t\talwaysAskTools: z.array(namespaceToolRefSchema).default([]),\n\t\tannotationPolicy: z\n\t\t\t.enum(['destructive-requires-approval', 'always-require-approval'])\n\t\t\t.default('destructive-requires-approval'),\n\t\ttrustedAnnotationNamespaces: z.array(z.string().min(1)).default([]),\n\t\twriteTools: z.array(namespaceToolRefSchema).default([]),\n\t})\n\t.strict();\n\nexport type PortalApprovalConfig = z.infer<typeof portalApprovalConfigSchema>;\n\nexport const mcpPortalProfileDefinitionSchema = z\n\t.object({\n\t\textends: z.string().min(1).optional(),\n\t\tenabledNamespaces: z.array(z.string().min(1)).optional(),\n\t\tenabledToolsByNamespace: z.record(z.string().min(1), z.array(z.string().min(1))).optional(),\n\t\thiddenToolsByNamespace: z.record(z.string().min(1), z.array(z.string().min(1))).optional(),\n\t\tlogging: z\n\t\t\t.object({ enabled: z.boolean().default(false) })\n\t\t\t.strict()\n\t\t\t.optional(),\n\t\tpromptContext: z\n\t\t\t.object({\n\t\t\t\tenabled: z.boolean().default(true),\n\t\t\t\tmaxNamespaces: z.number().int().positive().default(12),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.optional(),\n\t\tcache: z\n\t\t\t.object({\n\t\t\t\tcatalogTtlMs: z.number().int().positive().default(60_000),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.optional(),\n\t\tapproval: portalApprovalConfigSchema.optional(),\n\t})\n\t.strict();\n\nexport type McpPortalProfileDefinition = z.infer<typeof mcpPortalProfileDefinitionSchema>;\n\nexport const resolvedMcpPortalProfileSchema = z\n\t.object({\n\t\tenabledNamespaces: z.array(z.string().min(1)),\n\t\tenabledToolsByNamespace: z.record(z.string().min(1), z.array(z.string().min(1))),\n\t\thiddenToolsByNamespace: z.record(z.string().min(1), z.array(z.string().min(1))),\n\t\tlogging: z.object({ enabled: z.boolean() }).strict(),\n\t\tpromptContext: z\n\t\t\t.object({\n\t\t\t\tenabled: z.boolean(),\n\t\t\t\tmaxNamespaces: z.number().int().positive(),\n\t\t\t})\n\t\t\t.strict(),\n\t\tcache: z.object({ catalogTtlMs: z.number().int().positive() }).strict(),\n\t\tapproval: portalApprovalConfigSchema,\n\t})\n\t.strict();\n\nexport type ResolvedMcpPortalProfile = z.infer<typeof resolvedMcpPortalProfileSchema>;\n\nexport const mcpPortalExternalAuthSchema = z\n\t.object({\n\t\tmasterKey: secretValueSchema,\n\t})\n\t.strict();\n\nexport type McpPortalExternalAuthConfig = z.infer<typeof mcpPortalExternalAuthSchema>;\n\nfunction isLoopbackProxyHost(host: string): boolean {\n\tconst normalizedHost = host.toLowerCase();\n\treturn (\n\t\tnormalizedHost === 'localhost' || normalizedHost === '127.0.0.1' || normalizedHost === '::1'\n\t);\n}\n\nexport const mcpPortalProxySchema = z\n\t.object({\n\t\tserver: z\n\t\t\t.object({\n\t\t\t\thost: z\n\t\t\t\t\t.string()\n\t\t\t\t\t.min(1)\n\t\t\t\t\t.refine(isLoopbackProxyHost, {\n\t\t\t\t\t\tmessage: 'mcpProxy.server.host must be loopback-only for HTTP bearer auth.',\n\t\t\t\t\t})\n\t\t\t\t\t.default('127.0.0.1'),\n\t\t\t\tport: z.number().int().min(1).max(65_535).default(18_791),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.default({ host: '127.0.0.1', port: 18_791 }),\n\t\tauth: z\n\t\t\t.object({\n\t\t\t\theaderName: z.string().min(1).default('authorization'),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.default({ headerName: 'authorization' }),\n\t})\n\t.strict();\n\nexport type McpPortalProxyConfig = z.infer<typeof mcpPortalProxySchema>;\n\nexport const mcpPortalAgentConfigSchema = z\n\t.object({\n\t\tcredentialVersion: z.number().int().positive().default(1),\n\t\tprofile: z.string().min(1),\n\t\thmacKey: secretValueSchema.optional(),\n\t})\n\t.strict();\n\nexport type McpPortalAgentConfig = z.infer<typeof mcpPortalAgentConfigSchema>;\n\nexport const mcpPortalConfigSchema = z\n\t.object({\n\t\t$schema: z.string().min(1).optional(),\n\t\tschemaVersion: z.literal(1),\n\t\texternalAuth: mcpPortalExternalAuthSchema.optional(),\n\t\tmcpProxy: mcpPortalProxySchema.optional(),\n\t\tagents: z.record(z.string().min(1), mcpPortalAgentConfigSchema).default({}),\n\t\tprofiles: z.record(z.string().min(1), mcpPortalProfileDefinitionSchema),\n\t})\n\t.strict()\n\t.superRefine((config, context) => {\n\t\tif (Object.keys(config.profiles).length === 0) {\n\t\t\tcontext.addIssue({\n\t\t\t\tcode: z.ZodIssueCode.custom,\n\t\t\t\tmessage: 'mcp-portal.config.jsonc must define at least one profile.',\n\t\t\t\tpath: ['profiles'],\n\t\t\t});\n\t\t}\n\t});\n\ntype ParsedMcpPortalConfig = z.infer<typeof mcpPortalConfigSchema>;\nexport type McpPortalConfig = Omit<ParsedMcpPortalConfig, 'agents'> & {\n\treadonly agents: Readonly<Record<string, McpPortalAgentConfig>>;\n};\n\nexport const openClawMcpPortalPluginConfigSchema = z\n\t.object({\n\t\tconfigDir: z.string().min(1),\n\t\tbinPath: z.string().min(1).optional(),\n\t})\n\t.strict();\n\nexport type OpenClawMcpPortalPluginConfig = z.infer<typeof openClawMcpPortalPluginConfigSchema>;\n\nconst defaultProfile: ResolvedMcpPortalProfile = {\n\tapproval: portalApprovalConfigSchema.parse({}),\n\tcache: { catalogTtlMs: 60_000 },\n\tenabledNamespaces: [],\n\tenabledToolsByNamespace: {},\n\thiddenToolsByNamespace: {},\n\tlogging: { enabled: false },\n\tpromptContext: { enabled: true, maxNamespaces: 12 },\n};\n\ninterface ResolveProfileState {\n\treadonly stack: readonly string[];\n}\n\nexport async function loadMcpPortalConfig(configPath: string): Promise<McpPortalConfig> {\n\treturn mcpPortalConfigSchema.parse(await loadJsonConfigFile(configPath));\n}\n\nfunction mergeProfile(\n\tbase: ResolvedMcpPortalProfile,\n\toverride: McpPortalProfileDefinition,\n): ResolvedMcpPortalProfile {\n\treturn resolvedMcpPortalProfileSchema.parse({\n\t\tapproval: override.approval ?? base.approval,\n\t\tcache: override.cache ?? base.cache,\n\t\tenabledNamespaces: override.enabledNamespaces ?? base.enabledNamespaces,\n\t\tenabledToolsByNamespace: override.enabledToolsByNamespace ?? base.enabledToolsByNamespace,\n\t\thiddenToolsByNamespace: override.hiddenToolsByNamespace ?? base.hiddenToolsByNamespace,\n\t\tlogging: override.logging ?? base.logging,\n\t\tpromptContext: override.promptContext ?? base.promptContext,\n\t});\n}\n\nfunction resolveMcpPortalProfileWithState(\n\tconfig: McpPortalConfig,\n\tprofileName: string,\n\tstate: ResolveProfileState,\n): ResolvedMcpPortalProfile {\n\tconst profile = config.profiles[profileName];\n\tif (profile === undefined) {\n\t\tthrow new Error(`unknown MCP profile '${profileName}'`);\n\t}\n\tif (state.stack.includes(profileName)) {\n\t\tthrow new Error(`MCP profile inheritance cycle: ${[...state.stack, profileName].join(' -> ')}`);\n\t}\n\n\tconst parentProfile =\n\t\tprofile.extends === undefined\n\t\t\t? defaultProfile\n\t\t\t: resolveMcpPortalProfileWithState(config, profile.extends, {\n\t\t\t\t\tstack: [...state.stack, profileName],\n\t\t\t\t});\n\treturn mergeProfile(parentProfile, profile);\n}\n\nexport function resolveMcpPortalProfile(\n\tconfig: McpPortalConfig,\n\tprofileName: string,\n): ResolvedMcpPortalProfile {\n\treturn resolveMcpPortalProfileWithState(config, profileName, { stack: [] });\n}\n\nexport function secretValueToEnvironmentReference(secret: SecretValue): string {\n\tif (secret.source === 'environment') {\n\t\treturn `\\${${secret.name}}`;\n\t}\n\treturn secret.ref;\n}\n","import * as zod from 'zod';\n\nimport { mcpConfigSchema } from './mcp-config.js';\nimport { mcpPortalConfigSchema } from './mcp-portal-config.js';\n\nexport const mcpPortalConfigSchemaVersions = {\n\tmcp: 1,\n\tmcpPortal: 1,\n} as const;\n\nexport const mcpPortalConfigSchemaIds = {\n\tmcp: 'agent-vm:mcp:1',\n\tmcpPortal: 'agent-vm:mcp-portal:1',\n} as const;\n\nexport const mcpPortalConfigSchemaPaths = {\n\tmcpFromGatewayConfig: '../../schemas/mcp.schema.json',\n\tmcpPortalFromGatewayConfig: '../../schemas/mcp-portal.schema.json',\n} as const;\n\nexport interface ConfigContractSchemaArtifacts {\n\treadonly mcp: Record<string, unknown>;\n\treadonly mcpPortal: Record<string, unknown>;\n}\n\nfunction withSchemaId(schema: Record<string, unknown>, schemaId: string): Record<string, unknown> {\n\treturn {\n\t\t$id: schemaId,\n\t\t...schema,\n\t};\n}\n\nexport function createConfigContractSchemaArtifacts(): ConfigContractSchemaArtifacts {\n\treturn {\n\t\tmcp: withSchemaId(\n\t\t\tzod.toJSONSchema(mcpConfigSchema, { target: 'draft-07' }),\n\t\t\tmcpPortalConfigSchemaIds.mcp,\n\t\t),\n\t\tmcpPortal: withSchemaId(\n\t\t\tzod.toJSONSchema(mcpPortalConfigSchema, { target: 'draft-07' }),\n\t\t\tmcpPortalConfigSchemaIds.mcpPortal,\n\t\t),\n\t};\n}\n"],"mappings":";;;;;AAIA,MAAM,sBACL;AAED,SAAS,iBAAiB,MAAc,QAAwB;CAC/D,MAAM,SAAS,KAAK,MAAM,GAAG,OAAO;CAIpC,OAAO,QAHM,OAAO,MAAM,KAAK,CAAC,OAGZ,WADL,SADY,OAAO,YAAY,KACJ;;AAI3C,SAAS,iBAAiB,UAAkB,MAAc,OAA2B;CACpF,OAAO,CACN,oBAAoB,SAAS,IAAI,iBAAiB,MAAM,MAAM,OAAO,CAAC,IACtE,oBAAoB,MAAM,MAAM,CAChC,CAAC,KAAK,IAAI;;AAGZ,eAAsB,mBAAmB,UAAoC;CAC5E,MAAM,YAAY,MAAM,SAAS,UAAU,OAAO;CAClD,MAAM,cAA4B,EAAE;CACpC,MAAM,eAAe,oBAAoB,WAAW,aAAa;EAChE,oBAAoB;EACpB,kBAAkB;EAClB,CAAC;CAEF,IAAI,YAAY,SAAS,GAAG;EAC3B,MAAM,kBAAkB,YAAY;EACpC,IAAI,oBAAoB,KAAA,GACvB,MAAM,IAAI,MAAM,iBAAiB,UAAU,WAAW,gBAAgB,CAAC;;CAIzE,OAAO;;;;AC9BR,MAAa,kBAAwC,EAAE,WACtD,EAAE,MAAM;CACP,EAAE,QAAQ;CACV,EAAE,QAAQ,CAAC,QAAQ;CACnB,EAAE,SAAS;CACX,EAAE,MAAM;CACR,EAAE,MAAM,gBAAgB;CACxB;CACA,CAAC,CACF;AAED,MAAa,mBAA0C,EAAE,OAAO,EAAE,QAAQ,EAAE,gBAAgB;AAE5F,SAAgB,aAAa,OAAqC;CACjE,OAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,MAAM;;AAG5E,SAAgB,iBAAiB,OAAgB,OAA2B;CAC3E,IAAI,CAAC,aAAa,MAAM,EACvB,MAAM,IAAI,MAAM,GAAG,MAAM,yBAAyB;CAGnD,OAAO,iBAAiB,MAAM,MAAM;;;;AC3BrC,MAAa,oBAAoB,EAAE,mBAAmB,UAAU,CAC/D,EACE,OAAO;CACP,QAAQ,EAAE,QAAQ,cAAc;CAChC,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE;CACvB,CAAC,CACD,QAAQ,EACV,EACE,OAAO;CACP,QAAQ,EAAE,QAAQ,YAAY;CAC9B,KAAK,EAAE,QAAQ,CAAC,MAAM,aAAa,uCAAuC;CAC1E,CAAC,CACD,QAAQ,CACV,CAAC;;;ACVF,MAAM,6BAA6B,EACjC,OAAO,EACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU,EACrC,CAAC,CACD,QAAQ;AAEV,MAAM,2BAA2B,EAAE,KAAK,CAAC,QACvC,UAAU;CACV,MAAM,WAAW,IAAI,IAAI,MAAM,CAAC;CAChC,OAAO,aAAa,WAAW,aAAa;GAE7C,EAAE,SAAS,qDAAqD,CAChE;AAED,MAAM,gCAAgC,EACpC,OAAO;CACP,MAAM,EAAE,QAAQ,kBAAkB;CAClC,KAAK;CACL,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CAC5D,qBAAqB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC3D,CAAC,CACD,QAAQ;AAEV,MAAM,qBAAqB,EACzB,OAAO;CACP,MAAM,EAAE,QAAQ,MAAM;CACtB,KAAK;CACL,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CAC5D,qBAAqB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC3D,CAAC,CACD,QAAQ;AAEV,MAAM,uBAAuB,EAC3B,OAAO;CACP,MAAM,EAAE,QAAQ,QAAQ;CACxB,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC1B,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;CACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACjC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CACxD,eAAe,EAAE,KAAK,CAAC,YAAY,OAAO,CAAC,CAAC,UAAU;CACtD,qBAAqB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC3D,CAAC,CACD,QAAQ;AAEV,MAAa,wBAAwB,EACnC,OAAO;CACP,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;CACtC,WAAW,EAAE,KAAK,CAAC,OAAO,iBAAiB,CAAC;CAC5C,CAAC,CACD,QAAQ,CACR,aAAa,QAAQ,YAAY;CACjC,IAAI,OAAO,cAAc,oBAAoB,OAAO,MAAM,WAAW,GACpE,QAAQ,SAAS;EAChB,MAAM,EAAE,aAAa;EACrB,SAAS;EACT,MAAM,CAAC,QAAQ;EACf,CAAC;CAEH,IAAI,OAAO,cAAc,SAAS,OAAO,MAAM,SAAS,GACvD,QAAQ,SAAS;EAChB,MAAM,EAAE,aAAa;EACrB,SAAS;EACT,MAAM,CAAC,QAAQ;EACf,CAAC;EAEF;AAEH,MAAa,oBAAoB,EAC/B,OAAO;CACP,MAAM,EAAE,QAAQ,MAAM;CACtB,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,WAAW,2BAA2B,QAAQ,EAAE,CAAC;CACjD,gBAAgB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,sBAAsB,CAAC,QAAQ,EAAE,CAAC;CAC9E,WAAW,EAAE,mBAAmB,QAAQ;EACvC;EACA;EACA;EACA,CAAC;CACF,CAAC,CACD,QAAQ;AAEV,MAAa,kBAAkB,EAC7B,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,eAAe,EAAE,QAAQ,EAAE;CAC3B,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CACrE,CAAC,CACD,QAAQ;AAqBV,eAAsB,cAAc,YAAwC;CAC3E,OAAO,gBAAgB,MAAM,MAAM,mBAAmB,WAAW,CAAC;;AAGnE,SAAgB,6BAA6B,QAAmD;CAC/F,OAAO,OAAO,OAAO,OAAO,UAAU,CAAC,KAAK,aAAa;EACxD,MAAM,YAAY,SAAS;EAC3B,IAAI,UAAU,SAAS,SAAS;GAC/B,MAAM,mBAOF;IACH,MAAM,UAAU;IAChB,SAAS,UAAU;IACnB,KAAK,UAAU;IACf,WAAW,SAAS;IACpB,WAAW,UAAU;IACrB;GACD,IAAI,UAAU,QAAQ,KAAA,GACrB,iBAAiB,MAAM,UAAU;GAElC,OAAO;;EAGR,OAAO;GACN,SAAS,UAAU;GACnB,WAAW,SAAS;GACpB,WAAW,UAAU;GACrB,KAAK,UAAU;GACf;GACA;;;;ACtIH,SAAS,gBACR,WACA,WACA,UACU;CACV,OAAO,UAAU,MACf,aAAa,SAAS,cAAc,aAAa,SAAS,aAAa,SACxE;;AAGF,SAAS,6BACR,SACA,MACU;CACV,OACC,QAAQ,SAAS,qBAAqB,mCACtC,QAAQ,SAAS,4BAA4B,SAAS,KAAK,UAAU,IACrE,KAAK,aAAa,iBAAiB,QACnC,KAAK,YAAY,oBAAoB;;AAIvC,SAAgB,8BACf,SACA,MACU;CACV,IAAI,gBAAgB,QAAQ,SAAS,2BAA2B,KAAK,WAAW,KAAK,SAAS,EAC7F,OAAO;CAER,IAAI,QAAQ,SAAS,qBAAqB,2BACzC,OAAO;CAER,IACC,gBAAgB,QAAQ,SAAS,gBAAgB,KAAK,WAAW,KAAK,SAAS,IAC/E,gBAAgB,QAAQ,SAAS,YAAY,KAAK,WAAW,KAAK,SAAS,EAE3E,OAAO;CAER,OAAO,CAAC,6BAA6B,SAAS,KAAK;;;;AC9CpD,MAAa,yBAAyB,EACpC,OAAO;CACP,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC3B,CAAC,CACD,QAAQ;AAIV,MAAa,6BAA6B,EACxC,OAAO;CACP,2BAA2B,EAAE,MAAM,uBAAuB,CAAC,QAAQ,EAAE,CAAC;CACtE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC,QAAQ,EAAE,CAAC;CAC3D,kBAAkB,EAChB,KAAK,CAAC,iCAAiC,0BAA0B,CAAC,CAClE,QAAQ,gCAAgC;CAC1C,6BAA6B,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CACnE,YAAY,EAAE,MAAM,uBAAuB,CAAC,QAAQ,EAAE,CAAC;CACvD,CAAC,CACD,QAAQ;AAIV,MAAa,mCAAmC,EAC9C,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,mBAAmB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,UAAU;CACxD,yBAAyB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,UAAU;CAC3F,wBAAwB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,UAAU;CAC1F,SAAS,EACP,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC,QAAQ,MAAM,EAAE,CAAC,CAC/C,QAAQ,CACR,UAAU;CACZ,eAAe,EACb,OAAO;EACP,SAAS,EAAE,SAAS,CAAC,QAAQ,KAAK;EAClC,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,GAAG;EACtD,CAAC,CACD,QAAQ,CACR,UAAU;CACZ,OAAO,EACL,OAAO,EACP,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,IAAO,EACzD,CAAC,CACD,QAAQ,CACR,UAAU;CACZ,UAAU,2BAA2B,UAAU;CAC/C,CAAC,CACD,QAAQ;AAIV,MAAa,iCAAiC,EAC5C,OAAO;CACP,mBAAmB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;CAC7C,yBAAyB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;CAChF,wBAAwB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;CAC/E,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,QAAQ;CACpD,eAAe,EACb,OAAO;EACP,SAAS,EAAE,SAAS;EACpB,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU;EAC1C,CAAC,CACD,QAAQ;CACV,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ;CACvE,UAAU;CACV,CAAC,CACD,QAAQ;AAIV,MAAa,8BAA8B,EACzC,OAAO,EACP,WAAW,mBACX,CAAC,CACD,QAAQ;AAIV,SAAS,oBAAoB,MAAuB;CACnD,MAAM,iBAAiB,KAAK,aAAa;CACzC,OACC,mBAAmB,eAAe,mBAAmB,eAAe,mBAAmB;;AAIzF,MAAa,uBAAuB,EAClC,OAAO;CACP,QAAQ,EACN,OAAO;EACP,MAAM,EACJ,QAAQ,CACR,IAAI,EAAE,CACN,OAAO,qBAAqB,EAC5B,SAAS,oEACT,CAAC,CACD,QAAQ,YAAY;EACtB,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,MAAO,CAAC,QAAQ,MAAO;EACzD,CAAC,CACD,QAAQ,CACR,QAAQ;EAAE,MAAM;EAAa,MAAM;EAAQ,CAAC;CAC9C,MAAM,EACJ,OAAO,EACP,YAAY,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,QAAQ,gBAAgB,EACtD,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,YAAY,iBAAiB,CAAC;CAC1C,CAAC,CACD,QAAQ;AAIV,MAAa,6BAA6B,EACxC,OAAO;CACP,mBAAmB,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,EAAE;CACzD,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC1B,SAAS,kBAAkB,UAAU;CACrC,CAAC,CACD,QAAQ;AAIV,MAAa,wBAAwB,EACnC,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,eAAe,EAAE,QAAQ,EAAE;CAC3B,cAAc,4BAA4B,UAAU;CACpD,UAAU,qBAAqB,UAAU;CACzC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,2BAA2B,CAAC,QAAQ,EAAE,CAAC;CAC3E,UAAU,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,iCAAiC;CACvE,CAAC,CACD,QAAQ,CACR,aAAa,QAAQ,YAAY;CACjC,IAAI,OAAO,KAAK,OAAO,SAAS,CAAC,WAAW,GAC3C,QAAQ,SAAS;EAChB,MAAM,EAAE,aAAa;EACrB,SAAS;EACT,MAAM,CAAC,WAAW;EAClB,CAAC;EAEF;AAOH,MAAa,sCAAsC,EACjD,OAAO;CACP,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,CAAC,CACD,QAAQ;AAIV,MAAM,iBAA2C;CAChD,UAAU,2BAA2B,MAAM,EAAE,CAAC;CAC9C,OAAO,EAAE,cAAc,KAAQ;CAC/B,mBAAmB,EAAE;CACrB,yBAAyB,EAAE;CAC3B,wBAAwB,EAAE;CAC1B,SAAS,EAAE,SAAS,OAAO;CAC3B,eAAe;EAAE,SAAS;EAAM,eAAe;EAAI;CACnD;AAMD,eAAsB,oBAAoB,YAA8C;CACvF,OAAO,sBAAsB,MAAM,MAAM,mBAAmB,WAAW,CAAC;;AAGzE,SAAS,aACR,MACA,UAC2B;CAC3B,OAAO,+BAA+B,MAAM;EAC3C,UAAU,SAAS,YAAY,KAAK;EACpC,OAAO,SAAS,SAAS,KAAK;EAC9B,mBAAmB,SAAS,qBAAqB,KAAK;EACtD,yBAAyB,SAAS,2BAA2B,KAAK;EAClE,wBAAwB,SAAS,0BAA0B,KAAK;EAChE,SAAS,SAAS,WAAW,KAAK;EAClC,eAAe,SAAS,iBAAiB,KAAK;EAC9C,CAAC;;AAGH,SAAS,iCACR,QACA,aACA,OAC2B;CAC3B,MAAM,UAAU,OAAO,SAAS;CAChC,IAAI,YAAY,KAAA,GACf,MAAM,IAAI,MAAM,wBAAwB,YAAY,GAAG;CAExD,IAAI,MAAM,MAAM,SAAS,YAAY,EACpC,MAAM,IAAI,MAAM,kCAAkC,CAAC,GAAG,MAAM,OAAO,YAAY,CAAC,KAAK,OAAO,GAAG;CAShG,OAAO,aALN,QAAQ,YAAY,KAAA,IACjB,iBACA,iCAAiC,QAAQ,QAAQ,SAAS,EAC1D,OAAO,CAAC,GAAG,MAAM,OAAO,YAAY,EACpC,CAAC,EAC8B,QAAQ;;AAG5C,SAAgB,wBACf,QACA,aAC2B;CAC3B,OAAO,iCAAiC,QAAQ,aAAa,EAAE,OAAO,EAAE,EAAE,CAAC;;AAG5E,SAAgB,kCAAkC,QAA6B;CAC9E,IAAI,OAAO,WAAW,eACrB,OAAO,MAAM,OAAO,KAAK;CAE1B,OAAO,OAAO;;;;AC9Nf,MAAa,gCAAgC;CAC5C,KAAK;CACL,WAAW;CACX;AAED,MAAa,2BAA2B;CACvC,KAAK;CACL,WAAW;CACX;AAED,MAAa,6BAA6B;CACzC,sBAAsB;CACtB,4BAA4B;CAC5B;AAOD,SAAS,aAAa,QAAiC,UAA2C;CACjG,OAAO;EACN,KAAK;EACL,GAAG;EACH;;AAGF,SAAgB,sCAAqE;CACpF,OAAO;EACN,KAAK,aACJ,IAAI,aAAa,iBAAiB,EAAE,QAAQ,YAAY,CAAC,EACzD,yBAAyB,IACzB;EACD,WAAW,aACV,IAAI,aAAa,uBAAuB,EAAE,QAAQ,YAAY,CAAC,EAC/D,yBAAyB,UACzB;EACD"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agent-vm/config-contracts",
3
- "version": "0.0.69",
3
+ "version": "0.0.71",
4
4
  "description": "Shared agent-vm JSONC config schemas and TypeScript contracts.",
5
5
  "homepage": "https://github.com/ShravanSunder/agent-vm#readme",
6
6
  "bugs": {