@agentfield/sdk 0.1.92-rc.8 → 0.1.92
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +78 -1
- package/dist/index.js +153 -3
- package/dist/index.js.map +1 -1
- package/package.json +3 -2
package/dist/index.d.ts
CHANGED
|
@@ -5,6 +5,7 @@ import { z } from 'zod';
|
|
|
5
5
|
import { AxiosInstance } from 'axios';
|
|
6
6
|
import { WriteStream } from 'node:tty';
|
|
7
7
|
import { ToolSet } from 'ai';
|
|
8
|
+
import { JWK } from 'jose';
|
|
8
9
|
|
|
9
10
|
type ZodSchema<T> = z.Schema<T, z.ZodTypeDef, any>;
|
|
10
11
|
interface AIRequestOptions {
|
|
@@ -273,6 +274,14 @@ interface ExecutionStatusUpdate {
|
|
|
273
274
|
progress?: number;
|
|
274
275
|
statusReason?: string;
|
|
275
276
|
}
|
|
277
|
+
interface RestartExecutionOptions {
|
|
278
|
+
scope?: 'workflow' | 'execution';
|
|
279
|
+
reuse?: 'succeeded-before' | 'all-succeeded' | 'none';
|
|
280
|
+
fork?: boolean;
|
|
281
|
+
reason?: string;
|
|
282
|
+
input?: Record<string, unknown>;
|
|
283
|
+
context?: Record<string, unknown>;
|
|
284
|
+
}
|
|
276
285
|
declare class AgentFieldClient {
|
|
277
286
|
private readonly http;
|
|
278
287
|
private readonly config;
|
|
@@ -294,7 +303,11 @@ declare class AgentFieldClient {
|
|
|
294
303
|
targetDid?: string;
|
|
295
304
|
agentNodeDid?: string;
|
|
296
305
|
agentNodeId?: string;
|
|
306
|
+
replaySourceRunId?: string;
|
|
307
|
+
replayBeforeExecutionId?: string;
|
|
308
|
+
replayMode?: string;
|
|
297
309
|
}): Promise<T>;
|
|
310
|
+
restartExecution(executionId: string, options?: RestartExecutionOptions): Promise<any>;
|
|
298
311
|
publishWorkflowEvent(event: {
|
|
299
312
|
executionId: string;
|
|
300
313
|
runId: string;
|
|
@@ -369,6 +382,9 @@ interface ExecutionMetadata {
|
|
|
369
382
|
callerDid?: string;
|
|
370
383
|
targetDid?: string;
|
|
371
384
|
agentNodeDid?: string;
|
|
385
|
+
replaySourceRunId?: string;
|
|
386
|
+
replayBeforeExecutionId?: string;
|
|
387
|
+
replayMode?: string;
|
|
372
388
|
}
|
|
373
389
|
declare class ExecutionContext {
|
|
374
390
|
readonly input: any;
|
|
@@ -1269,6 +1285,67 @@ declare class DidManager {
|
|
|
1269
1285
|
getIdentitySummary(): Record<string, any>;
|
|
1270
1286
|
}
|
|
1271
1287
|
|
|
1288
|
+
/**
|
|
1289
|
+
* DID-based payload encryption (JWE over X25519 keyAgreement keys).
|
|
1290
|
+
*
|
|
1291
|
+
* Encrypt a payload *to* an agent's DID so that only that agent — the holder of
|
|
1292
|
+
* the matching X25519 private key — can decrypt it. This underpins the
|
|
1293
|
+
* discuss/aggregator split: hax-sdk encrypts a scoped payload to the
|
|
1294
|
+
* aggregator's DID; the untrusted discuss agent forwards the ciphertext but
|
|
1295
|
+
* cannot read it; only the aggregator decrypts.
|
|
1296
|
+
*
|
|
1297
|
+
* Wire format is standard **JWE compact, `ECDH-ES` + `A256GCM`** over an X25519
|
|
1298
|
+
* key (RFC 7518 / RFC 8037), interoperable with the Python SDK's
|
|
1299
|
+
* `encrypt_for_did` / `decrypt` (which use `joserfc`). A ciphertext produced
|
|
1300
|
+
* here decrypts there and vice-versa.
|
|
1301
|
+
*
|
|
1302
|
+
* Key-ownership model: the agent owns its keypair. The X25519 private key lives
|
|
1303
|
+
* in the agent's environment; the public key is published in the agent's DID
|
|
1304
|
+
* document as a `keyAgreement` verification method of type
|
|
1305
|
+
* `X25519KeyAgreementKey2020`. The control plane never holds the private key.
|
|
1306
|
+
*/
|
|
1307
|
+
|
|
1308
|
+
/** JOSE parameters. Must match the Python SDK exactly for interop. */
|
|
1309
|
+
declare const JWE_ALG: "ECDH-ES";
|
|
1310
|
+
declare const JWE_ENC: "A256GCM";
|
|
1311
|
+
/** W3C verification-method type published in the DID document for the X25519 key. */
|
|
1312
|
+
declare const KEY_AGREEMENT_TYPE: "X25519KeyAgreementKey2020";
|
|
1313
|
+
declare class PayloadEncryptionError extends Error {
|
|
1314
|
+
constructor(message: string);
|
|
1315
|
+
}
|
|
1316
|
+
/** Resolves a DID string to its document (or a control-plane resolve response). */
|
|
1317
|
+
type DidResolver = (did: string) => Promise<Record<string, unknown> | null>;
|
|
1318
|
+
type Payload = string | Uint8Array | Record<string, unknown>;
|
|
1319
|
+
/**
|
|
1320
|
+
* Generate a fresh X25519 keypair for an agent. Persist `privateJwk` into the
|
|
1321
|
+
* agent's environment and publish `publicJwk` as the DID `keyAgreement` key.
|
|
1322
|
+
*/
|
|
1323
|
+
declare function generateX25519KeyPair(): Promise<{
|
|
1324
|
+
privateJwk: JWK;
|
|
1325
|
+
publicJwk: JWK;
|
|
1326
|
+
}>;
|
|
1327
|
+
/**
|
|
1328
|
+
* Pull the X25519 `keyAgreement` public JWK out of a resolved DID document.
|
|
1329
|
+
* Handles a bare W3C document or a control-plane response wrapping it under
|
|
1330
|
+
* `did_document`, and a `keyAgreement` entry that is either inline (with
|
|
1331
|
+
* `publicKeyJwk`) or a string reference into `verificationMethod`.
|
|
1332
|
+
*/
|
|
1333
|
+
declare function extractKeyAgreementJwk(didDocument: Record<string, unknown>): JWK;
|
|
1334
|
+
/** Encrypt `payload` to an X25519 public JWK, returning a compact JWE string. */
|
|
1335
|
+
declare function encryptToJwk(publicJwk: JWK, payload: Payload): Promise<string>;
|
|
1336
|
+
/**
|
|
1337
|
+
* Resolve `did`, read its X25519 keyAgreement key, and encrypt `payload` to it.
|
|
1338
|
+
* Returns a compact JWE that only the DID's owner can decrypt.
|
|
1339
|
+
*/
|
|
1340
|
+
declare function encryptForDid(did: string, payload: Payload, resolver: DidResolver): Promise<string>;
|
|
1341
|
+
/**
|
|
1342
|
+
* Decrypt a compact JWE produced by {@link encryptForDid} or the Python SDK.
|
|
1343
|
+
* Returns the raw plaintext bytes.
|
|
1344
|
+
*/
|
|
1345
|
+
declare function decrypt(token: string, privateJwk: JWK): Promise<Uint8Array>;
|
|
1346
|
+
/** Convenience: decrypt and decode the plaintext as UTF-8 text. */
|
|
1347
|
+
declare function decryptToString(token: string, privateJwk: JWK): Promise<string>;
|
|
1348
|
+
|
|
1272
1349
|
declare class RateLimitError extends Error {
|
|
1273
1350
|
retryAfter?: number;
|
|
1274
1351
|
status?: number;
|
|
@@ -1990,4 +2067,4 @@ declare class SessionTransportError extends Error {
|
|
|
1990
2067
|
declare function normalizeSessionTransportValue(value: string): string;
|
|
1991
2068
|
declare function validateSessionTransport(provider: string, transport: string): SessionTransportCapability;
|
|
1992
2069
|
|
|
1993
|
-
export { ACTIVE_STATUSES, AIClient, type AIConfig, type AIEmbeddingOptions, type AIRequestOptions, type AIStream, type AIToolRequestOptions, Agent, type AgentCapability, type AgentConfig, type AgentHandler, AgentRouter, type AgentRouterOptions, type AgentState, ApprovalClient, type ApprovalRequestResponse, type ApprovalStatusResponse, Audio, type AudioOutput, type AudioRequest, type AuditTrailExport, type AuditTrailFilters, type Awaitable, CANONICAL_STATUSES, type CompactCapability, type CompactDiscoveryResponse, DIDAuthenticator, type DIDIdentity, type DIDIdentityPackage, type DIDRegistrationRequest, type DIDRegistrationResponse, type DeploymentType, DidClient, DidInterface, DidManager, type DiscoveryFormat, type DiscoveryOptions, type DiscoveryPagination, type DiscoveryResponse, type DiscoveryResult, ExecutionContext, type ExecutionCredential, type ExecutionLogAttributes, type ExecutionLogBatchPayload, type ExecutionLogContext, type ExecutionLogEmitOptions, type ExecutionLogEntry, type ExecutionLogLevel, type ExecutionLogTransport, type ExecutionLogTransportPayload, type ExecutionLogWireEntry, ExecutionLogger, type ExecutionLoggerOptions, type ExecutionMetadata, ExecutionStatus, type ExecutionStatusValue, File, type FileOutput, type GenerateCredentialOptions, type GenerateCredentialParams, HEADER_CALLER_DID, HEADER_DID_NONCE, HEADER_DID_SIGNATURE, HEADER_DID_TIMESTAMP, type HarnessConfig, type HarnessOptions, type HarnessProvider, type HarnessResult, HarnessRunner, type HealthStatus, Image, type ImageOutput, type ImageRequest, type MediaProvider, MediaProviderError, type MediaResponse, MediaRouter, type MemoryChangeEvent, MemoryClient, MemoryClientBase, type MemoryConfig, MemoryEventClient, type MemoryEventHandler, type MemoryEventHistoryOptions, MemoryInterface, type MemoryRequestMetadata, type MemoryRequestOptions, type MemoryScope, type MemoryWatchHandler, type Metrics, type MultimodalContent, MultimodalResponse, OpenRouterMediaProvider, type OpenRouterMediaProviderOptions, RateLimitError, type RateLimiterOptions, type RawExecutionContext, type RawResult, RealtimeSession, type ReasonerCapability, ReasonerContext, type ReasonerDefinition, type ReasonerHandler, type ReasonerOptions, type RequestApprovalPayload, SUPPORTED_PROVIDERS, SUPPORTED_SESSION_TRANSPORTS, type ServerlessAdapter, type ServerlessEvent, type ServerlessResponse, type SessionDefinition, type SessionOptions, type SessionProvider, type SessionTransport, type SessionTransportCapability, SessionTransportError, type SessionTurn, type SkillCapability, SkillContext, type SkillDefinition, type SkillHandler, type SkillOptions, StatelessRateLimiter, TERMINAL_STATUSES, Text, type ToolCallConfig, type ToolCallRecord, type ToolCallTrace, type ToolsOption, type VectorSearchOptions, type VectorSearchResult, Video, type VideoFrameImage, type VideoInputReference, type VideoRequest, type WaitForApprovalOptions, type WorkflowCredential, type WorkflowMetadata, type WorkflowProgressOptions, WorkflowReporter, type ZodSchema, audioFromBase64, audioFromBuffer, audioFromFile, audioFromUrl, buildProvider, buildSessionDefinition, buildToolConfig, capabilitiesToTools, capabilityToMetadataTool, capabilityToTool, createExecutionLogger, createHarnessResult, createMetrics, createMultimodalResponse, createRawResult, executeToolCallLoop, fileFromBase64, fileFromBuffer, fileFromPath, fileFromUrl, getCurrentContext, getCurrentSkillContext, imageFromBase64, imageFromBuffer, imageFromFile, imageFromUrl, isActive, isExecutionLogBatchPayload, isTerminal, normalizeExecutionLogEntry, normalizeSessionTransportValue, normalizeStatus, serializeExecutionLogEntry, text, validateSessionTransport, videoFromBase64, videoFromBuffer, videoFromFile, videoFromUrl };
|
|
2070
|
+
export { ACTIVE_STATUSES, AIClient, type AIConfig, type AIEmbeddingOptions, type AIRequestOptions, type AIStream, type AIToolRequestOptions, Agent, type AgentCapability, type AgentConfig, type AgentHandler, AgentRouter, type AgentRouterOptions, type AgentState, ApprovalClient, type ApprovalRequestResponse, type ApprovalStatusResponse, Audio, type AudioOutput, type AudioRequest, type AuditTrailExport, type AuditTrailFilters, type Awaitable, CANONICAL_STATUSES, type CompactCapability, type CompactDiscoveryResponse, DIDAuthenticator, type DIDIdentity, type DIDIdentityPackage, type DIDRegistrationRequest, type DIDRegistrationResponse, type DeploymentType, DidClient, DidInterface, DidManager, type DidResolver, type DiscoveryFormat, type DiscoveryOptions, type DiscoveryPagination, type DiscoveryResponse, type DiscoveryResult, ExecutionContext, type ExecutionCredential, type ExecutionLogAttributes, type ExecutionLogBatchPayload, type ExecutionLogContext, type ExecutionLogEmitOptions, type ExecutionLogEntry, type ExecutionLogLevel, type ExecutionLogTransport, type ExecutionLogTransportPayload, type ExecutionLogWireEntry, ExecutionLogger, type ExecutionLoggerOptions, type ExecutionMetadata, ExecutionStatus, type ExecutionStatusValue, File, type FileOutput, type GenerateCredentialOptions, type GenerateCredentialParams, HEADER_CALLER_DID, HEADER_DID_NONCE, HEADER_DID_SIGNATURE, HEADER_DID_TIMESTAMP, type HarnessConfig, type HarnessOptions, type HarnessProvider, type HarnessResult, HarnessRunner, type HealthStatus, Image, type ImageOutput, type ImageRequest, JWE_ALG, JWE_ENC, KEY_AGREEMENT_TYPE, type MediaProvider, MediaProviderError, type MediaResponse, MediaRouter, type MemoryChangeEvent, MemoryClient, MemoryClientBase, type MemoryConfig, MemoryEventClient, type MemoryEventHandler, type MemoryEventHistoryOptions, MemoryInterface, type MemoryRequestMetadata, type MemoryRequestOptions, type MemoryScope, type MemoryWatchHandler, type Metrics, type MultimodalContent, MultimodalResponse, OpenRouterMediaProvider, type OpenRouterMediaProviderOptions, type Payload, PayloadEncryptionError, RateLimitError, type RateLimiterOptions, type RawExecutionContext, type RawResult, RealtimeSession, type ReasonerCapability, ReasonerContext, type ReasonerDefinition, type ReasonerHandler, type ReasonerOptions, type RequestApprovalPayload, SUPPORTED_PROVIDERS, SUPPORTED_SESSION_TRANSPORTS, type ServerlessAdapter, type ServerlessEvent, type ServerlessResponse, type SessionDefinition, type SessionOptions, type SessionProvider, type SessionTransport, type SessionTransportCapability, SessionTransportError, type SessionTurn, type SkillCapability, SkillContext, type SkillDefinition, type SkillHandler, type SkillOptions, StatelessRateLimiter, TERMINAL_STATUSES, Text, type ToolCallConfig, type ToolCallRecord, type ToolCallTrace, type ToolsOption, type VectorSearchOptions, type VectorSearchResult, Video, type VideoFrameImage, type VideoInputReference, type VideoRequest, type WaitForApprovalOptions, type WorkflowCredential, type WorkflowMetadata, type WorkflowProgressOptions, WorkflowReporter, type ZodSchema, audioFromBase64, audioFromBuffer, audioFromFile, audioFromUrl, buildProvider, buildSessionDefinition, buildToolConfig, capabilitiesToTools, capabilityToMetadataTool, capabilityToTool, createExecutionLogger, createHarnessResult, createMetrics, createMultimodalResponse, createRawResult, decrypt, decryptToString, encryptForDid, encryptToJwk, executeToolCallLoop, extractKeyAgreementJwk, fileFromBase64, fileFromBuffer, fileFromPath, fileFromUrl, generateX25519KeyPair, getCurrentContext, getCurrentSkillContext, imageFromBase64, imageFromBuffer, imageFromFile, imageFromUrl, isActive, isExecutionLogBatchPayload, isTerminal, normalizeExecutionLogEntry, normalizeSessionTransportValue, normalizeStatus, serializeExecutionLogEntry, text, validateSessionTransport, videoFromBase64, videoFromBuffer, videoFromFile, videoFromUrl };
|
package/dist/index.js
CHANGED
|
@@ -23,6 +23,7 @@ import https from 'https';
|
|
|
23
23
|
import WebSocket from 'ws';
|
|
24
24
|
import { Buffer as Buffer$1 } from 'buffer';
|
|
25
25
|
import { zodToJsonSchema } from 'zod-to-json-schema';
|
|
26
|
+
import { generateKeyPair, exportJWK, importJWK, CompactEncrypt, compactDecrypt } from 'jose';
|
|
26
27
|
import { readFile } from 'fs/promises';
|
|
27
28
|
|
|
28
29
|
var __defProp = Object.defineProperty;
|
|
@@ -2329,6 +2330,9 @@ var AgentFieldClient = class {
|
|
|
2329
2330
|
if (metadata?.targetDid) headers["X-Target-DID"] = metadata.targetDid;
|
|
2330
2331
|
if (metadata?.agentNodeDid) headers["X-Agent-Node-DID"] = metadata.agentNodeDid;
|
|
2331
2332
|
if (metadata?.agentNodeId) headers["X-Agent-Node-ID"] = metadata.agentNodeId;
|
|
2333
|
+
if (metadata?.replaySourceRunId) headers["X-AgentField-Replay-Source-Run-ID"] = metadata.replaySourceRunId;
|
|
2334
|
+
if (metadata?.replayBeforeExecutionId) headers["X-AgentField-Replay-Before-Execution-ID"] = metadata.replayBeforeExecutionId;
|
|
2335
|
+
if (metadata?.replayMode) headers["X-AgentField-Replay-Mode"] = metadata.replayMode;
|
|
2332
2336
|
const bodyStr = JSON.stringify({ input });
|
|
2333
2337
|
const authHeaders = this.didAuthenticator.signRequest(Buffer.from(bodyStr));
|
|
2334
2338
|
try {
|
|
@@ -2355,6 +2359,44 @@ var AgentFieldClient = class {
|
|
|
2355
2359
|
throw err;
|
|
2356
2360
|
}
|
|
2357
2361
|
}
|
|
2362
|
+
async restartExecution(executionId, options = {}) {
|
|
2363
|
+
if (!executionId) {
|
|
2364
|
+
throw new Error("executionId is required");
|
|
2365
|
+
}
|
|
2366
|
+
const body = {
|
|
2367
|
+
scope: options.scope ?? "workflow",
|
|
2368
|
+
reuse: options.reuse ?? "succeeded-before",
|
|
2369
|
+
fork: options.fork,
|
|
2370
|
+
reason: options.reason,
|
|
2371
|
+
input: options.input,
|
|
2372
|
+
context: options.context
|
|
2373
|
+
};
|
|
2374
|
+
const bodyStr = JSON.stringify(body);
|
|
2375
|
+
const authHeaders = this.didAuthenticator.signRequest(Buffer.from(bodyStr));
|
|
2376
|
+
try {
|
|
2377
|
+
const res = await this.http.post(
|
|
2378
|
+
`/api/v1/executions/${encodeURIComponent(executionId)}/restart`,
|
|
2379
|
+
bodyStr,
|
|
2380
|
+
{ headers: this.mergeHeaders({ "Content-Type": "application/json", ...authHeaders }) }
|
|
2381
|
+
);
|
|
2382
|
+
return res.data;
|
|
2383
|
+
} catch (err) {
|
|
2384
|
+
const respData = err?.response?.data;
|
|
2385
|
+
if (respData) {
|
|
2386
|
+
const status = err.response.status;
|
|
2387
|
+
const msg = respData.message || respData.error || JSON.stringify(respData);
|
|
2388
|
+
const enriched = Object.assign(
|
|
2389
|
+
new Error(`restart execution ${executionId} failed (${status}): ${msg}`),
|
|
2390
|
+
{
|
|
2391
|
+
status,
|
|
2392
|
+
responseData: respData
|
|
2393
|
+
}
|
|
2394
|
+
);
|
|
2395
|
+
throw enriched;
|
|
2396
|
+
}
|
|
2397
|
+
throw err;
|
|
2398
|
+
}
|
|
2399
|
+
}
|
|
2358
2400
|
async publishWorkflowEvent(event) {
|
|
2359
2401
|
const payload = {
|
|
2360
2402
|
execution_id: event.executionId,
|
|
@@ -2551,6 +2593,9 @@ var AgentFieldClient = class {
|
|
|
2551
2593
|
if (metadata.targetDid) headers["x-target-did"] = metadata.targetDid;
|
|
2552
2594
|
if (metadata.agentNodeDid) headers["x-agent-node-did"] = metadata.agentNodeDid;
|
|
2553
2595
|
if (metadata.agentNodeId) headers["x-agent-node-id"] = metadata.agentNodeId;
|
|
2596
|
+
if (metadata.replaySourceRunId) headers["x-agentfield-replay-source-run-id"] = metadata.replaySourceRunId;
|
|
2597
|
+
if (metadata.replayBeforeExecutionId) headers["x-agentfield-replay-before-execution-id"] = metadata.replayBeforeExecutionId;
|
|
2598
|
+
if (metadata.replayMode) headers["x-agentfield-replay-mode"] = metadata.replayMode;
|
|
2554
2599
|
return headers;
|
|
2555
2600
|
}
|
|
2556
2601
|
setDIDCredentials(did, privateKeyJwk) {
|
|
@@ -4343,7 +4388,10 @@ var Agent = class {
|
|
|
4343
4388
|
callerDid: parentMetadata?.callerDid,
|
|
4344
4389
|
targetDid: parentMetadata?.targetDid,
|
|
4345
4390
|
agentNodeDid: parentMetadata?.agentNodeDid,
|
|
4346
|
-
agentNodeId: this.config.nodeId
|
|
4391
|
+
agentNodeId: this.config.nodeId,
|
|
4392
|
+
replaySourceRunId: parentMetadata?.replaySourceRunId,
|
|
4393
|
+
replayBeforeExecutionId: parentMetadata?.replayBeforeExecutionId,
|
|
4394
|
+
replayMode: parentMetadata?.replayMode
|
|
4347
4395
|
});
|
|
4348
4396
|
this.executionLogger.system("agent.call.completed", "Remote agent call completed", {
|
|
4349
4397
|
target,
|
|
@@ -4609,7 +4657,10 @@ var Agent = class {
|
|
|
4609
4657
|
reasonerId: overrides?.reasonerId ?? normalized["x-reasoner-id"],
|
|
4610
4658
|
callerDid: overrides?.callerDid ?? normalized["x-caller-did"],
|
|
4611
4659
|
targetDid: overrides?.targetDid ?? normalized["x-target-did"],
|
|
4612
|
-
agentNodeDid: overrides?.agentNodeDid ?? normalized["x-agent-node-did"] ?? normalized["x-agent-did"]
|
|
4660
|
+
agentNodeDid: overrides?.agentNodeDid ?? normalized["x-agent-node-did"] ?? normalized["x-agent-did"],
|
|
4661
|
+
replaySourceRunId: overrides?.replaySourceRunId ?? normalized["x-agentfield-replay-source-run-id"],
|
|
4662
|
+
replayBeforeExecutionId: overrides?.replayBeforeExecutionId ?? normalized["x-agentfield-replay-before-execution-id"],
|
|
4663
|
+
replayMode: overrides?.replayMode ?? normalized["x-agentfield-replay-mode"]
|
|
4613
4664
|
};
|
|
4614
4665
|
}
|
|
4615
4666
|
handleHttpRequest(req, res) {
|
|
@@ -5197,6 +5248,105 @@ var AgentRouter = class {
|
|
|
5197
5248
|
function sanitize(value) {
|
|
5198
5249
|
return value.replace(/[^0-9a-zA-Z]+/g, "_").replace(/_+/g, "_").replace(/^_+|_+$/g, "");
|
|
5199
5250
|
}
|
|
5251
|
+
var JWE_ALG = "ECDH-ES";
|
|
5252
|
+
var JWE_ENC = "A256GCM";
|
|
5253
|
+
var KEY_AGREEMENT_TYPE = "X25519KeyAgreementKey2020";
|
|
5254
|
+
var PayloadEncryptionError = class extends Error {
|
|
5255
|
+
constructor(message) {
|
|
5256
|
+
super(message);
|
|
5257
|
+
this.name = "PayloadEncryptionError";
|
|
5258
|
+
}
|
|
5259
|
+
};
|
|
5260
|
+
var encoder = new TextEncoder();
|
|
5261
|
+
function payloadToBytes(payload) {
|
|
5262
|
+
if (payload instanceof Uint8Array) return payload;
|
|
5263
|
+
if (typeof payload === "string") return encoder.encode(payload);
|
|
5264
|
+
return encoder.encode(JSON.stringify(payload));
|
|
5265
|
+
}
|
|
5266
|
+
async function generateX25519KeyPair() {
|
|
5267
|
+
const { privateKey, publicKey } = await generateKeyPair("ECDH-ES", {
|
|
5268
|
+
crv: "X25519",
|
|
5269
|
+
extractable: true
|
|
5270
|
+
});
|
|
5271
|
+
const privateJwk = await exportJWK(privateKey);
|
|
5272
|
+
const publicJwk = await exportJWK(publicKey);
|
|
5273
|
+
return { privateJwk, publicJwk };
|
|
5274
|
+
}
|
|
5275
|
+
function extractKeyAgreementJwk(didDocument) {
|
|
5276
|
+
if (typeof didDocument !== "object" || didDocument === null) {
|
|
5277
|
+
throw new PayloadEncryptionError("DID document must be an object");
|
|
5278
|
+
}
|
|
5279
|
+
const doc = didDocument["did_document"] ?? didDocument;
|
|
5280
|
+
const flat = doc["key_agreement"];
|
|
5281
|
+
if (flat && typeof flat === "object" && flat.crv === "X25519") {
|
|
5282
|
+
return flat;
|
|
5283
|
+
}
|
|
5284
|
+
const keyAgreement = doc["keyAgreement"];
|
|
5285
|
+
if (!keyAgreement || Array.isArray(keyAgreement) && keyAgreement.length === 0) {
|
|
5286
|
+
throw new PayloadEncryptionError(
|
|
5287
|
+
"DID document has no keyAgreement key; the agent has not published an X25519 encryption key"
|
|
5288
|
+
);
|
|
5289
|
+
}
|
|
5290
|
+
const verificationMethods = /* @__PURE__ */ new Map();
|
|
5291
|
+
for (const vm2 of doc["verificationMethod"] ?? []) {
|
|
5292
|
+
if (vm2 && typeof vm2 === "object" && typeof vm2["id"] === "string") {
|
|
5293
|
+
verificationMethods.set(vm2["id"], vm2);
|
|
5294
|
+
}
|
|
5295
|
+
}
|
|
5296
|
+
const entry = Array.isArray(keyAgreement) ? keyAgreement[0] : keyAgreement;
|
|
5297
|
+
let vm;
|
|
5298
|
+
if (typeof entry === "string") {
|
|
5299
|
+
vm = verificationMethods.get(entry);
|
|
5300
|
+
if (!vm) {
|
|
5301
|
+
throw new PayloadEncryptionError(
|
|
5302
|
+
`keyAgreement references unknown verification method ${entry}`
|
|
5303
|
+
);
|
|
5304
|
+
}
|
|
5305
|
+
} else if (entry && typeof entry === "object") {
|
|
5306
|
+
vm = entry;
|
|
5307
|
+
} else {
|
|
5308
|
+
throw new PayloadEncryptionError("unsupported keyAgreement entry shape");
|
|
5309
|
+
}
|
|
5310
|
+
const jwk = vm["publicKeyJwk"];
|
|
5311
|
+
if (!jwk || jwk.crv !== "X25519") {
|
|
5312
|
+
throw new PayloadEncryptionError(
|
|
5313
|
+
"keyAgreement verification method does not carry an X25519 publicKeyJwk"
|
|
5314
|
+
);
|
|
5315
|
+
}
|
|
5316
|
+
return jwk;
|
|
5317
|
+
}
|
|
5318
|
+
async function encryptToJwk(publicJwk, payload) {
|
|
5319
|
+
if (!publicJwk || publicJwk.crv !== "X25519") {
|
|
5320
|
+
throw new PayloadEncryptionError("publicJwk must be an X25519 OKP JWK");
|
|
5321
|
+
}
|
|
5322
|
+
try {
|
|
5323
|
+
const key = await importJWK(publicJwk, JWE_ALG);
|
|
5324
|
+
return await new CompactEncrypt(payloadToBytes(payload)).setProtectedHeader({ alg: JWE_ALG, enc: JWE_ENC }).encrypt(key);
|
|
5325
|
+
} catch (err) {
|
|
5326
|
+
if (err instanceof PayloadEncryptionError) throw err;
|
|
5327
|
+
throw new PayloadEncryptionError(`encryption failed: ${err.message}`);
|
|
5328
|
+
}
|
|
5329
|
+
}
|
|
5330
|
+
async function encryptForDid(did, payload, resolver) {
|
|
5331
|
+
const document = await resolver(did);
|
|
5332
|
+
if (!document) {
|
|
5333
|
+
throw new PayloadEncryptionError(`could not resolve DID ${did}`);
|
|
5334
|
+
}
|
|
5335
|
+
const publicJwk = extractKeyAgreementJwk(document);
|
|
5336
|
+
return encryptToJwk(publicJwk, payload);
|
|
5337
|
+
}
|
|
5338
|
+
async function decrypt(token, privateJwk) {
|
|
5339
|
+
try {
|
|
5340
|
+
const key = await importJWK(privateJwk, JWE_ALG);
|
|
5341
|
+
const { plaintext } = await compactDecrypt(token, key);
|
|
5342
|
+
return Uint8Array.from(plaintext);
|
|
5343
|
+
} catch (err) {
|
|
5344
|
+
throw new PayloadEncryptionError(`decryption failed: ${err.message}`);
|
|
5345
|
+
}
|
|
5346
|
+
}
|
|
5347
|
+
async function decryptToString(token, privateJwk) {
|
|
5348
|
+
return new TextDecoder().decode(await decrypt(token, privateJwk));
|
|
5349
|
+
}
|
|
5200
5350
|
var IMAGE_MIME_TYPES = {
|
|
5201
5351
|
".jpg": "image/jpeg",
|
|
5202
5352
|
".jpeg": "image/jpeg",
|
|
@@ -6618,6 +6768,6 @@ function sleep2(ms) {
|
|
|
6618
6768
|
return new Promise((resolve2) => setTimeout(resolve2, ms));
|
|
6619
6769
|
}
|
|
6620
6770
|
|
|
6621
|
-
export { ACTIVE_STATUSES, AIClient, Agent, AgentRouter, ApprovalClient, Audio, CANONICAL_STATUSES, DIDAuthenticator, DidClient, DidInterface, DidManager, ExecutionContext, ExecutionLogger, ExecutionStatus, File, HEADER_CALLER_DID, HEADER_DID_NONCE, HEADER_DID_SIGNATURE, HEADER_DID_TIMESTAMP, HarnessRunner, Image, MediaProviderError, MediaRouter, MemoryClient, MemoryClientBase, MemoryEventClient, MemoryInterface, MultimodalResponse, OpenRouterMediaProvider, RateLimitError, RealtimeSession, ReasonerContext, SUPPORTED_PROVIDERS, SUPPORTED_SESSION_TRANSPORTS, SessionTransportError, SkillContext, StatelessRateLimiter, TERMINAL_STATUSES, Text, Video, WorkflowReporter, audioFromBase64, audioFromBuffer, audioFromFile, audioFromUrl, buildProvider, buildSessionDefinition, buildToolConfig, capabilitiesToTools, capabilityToMetadataTool, capabilityToTool, createExecutionLogger, createHarnessResult, createMetrics, createMultimodalResponse, createRawResult, executeToolCallLoop, fileFromBase64, fileFromBuffer, fileFromPath, fileFromUrl, getCurrentContext, getCurrentSkillContext, imageFromBase64, imageFromBuffer, imageFromFile, imageFromUrl, isActive, isExecutionLogBatchPayload, isTerminal, normalizeExecutionLogEntry, normalizeSessionTransportValue, normalizeStatus, serializeExecutionLogEntry, text, validateSessionTransport, videoFromBase64, videoFromBuffer, videoFromFile, videoFromUrl };
|
|
6771
|
+
export { ACTIVE_STATUSES, AIClient, Agent, AgentRouter, ApprovalClient, Audio, CANONICAL_STATUSES, DIDAuthenticator, DidClient, DidInterface, DidManager, ExecutionContext, ExecutionLogger, ExecutionStatus, File, HEADER_CALLER_DID, HEADER_DID_NONCE, HEADER_DID_SIGNATURE, HEADER_DID_TIMESTAMP, HarnessRunner, Image, JWE_ALG, JWE_ENC, KEY_AGREEMENT_TYPE, MediaProviderError, MediaRouter, MemoryClient, MemoryClientBase, MemoryEventClient, MemoryInterface, MultimodalResponse, OpenRouterMediaProvider, PayloadEncryptionError, RateLimitError, RealtimeSession, ReasonerContext, SUPPORTED_PROVIDERS, SUPPORTED_SESSION_TRANSPORTS, SessionTransportError, SkillContext, StatelessRateLimiter, TERMINAL_STATUSES, Text, Video, WorkflowReporter, audioFromBase64, audioFromBuffer, audioFromFile, audioFromUrl, buildProvider, buildSessionDefinition, buildToolConfig, capabilitiesToTools, capabilityToMetadataTool, capabilityToTool, createExecutionLogger, createHarnessResult, createMetrics, createMultimodalResponse, createRawResult, decrypt, decryptToString, encryptForDid, encryptToJwk, executeToolCallLoop, extractKeyAgreementJwk, fileFromBase64, fileFromBuffer, fileFromPath, fileFromUrl, generateX25519KeyPair, getCurrentContext, getCurrentSkillContext, imageFromBase64, imageFromBuffer, imageFromFile, imageFromUrl, isActive, isExecutionLogBatchPayload, isTerminal, normalizeExecutionLogEntry, normalizeSessionTransportValue, normalizeStatus, serializeExecutionLogEntry, text, validateSessionTransport, videoFromBase64, videoFromBuffer, videoFromFile, videoFromUrl };
|
|
6622
6772
|
//# sourceMappingURL=index.js.map
|
|
6623
6773
|
//# sourceMappingURL=index.js.map
|