npm - @agentforge-io/core - Versions diffs - 2.0.10 → 2.0.14 - Mend

@agentforge-io/core 2.0.10 → 2.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/services/agent.service.js +17 -3
package/dist/services/oauth2.service.d.ts +17 -0
package/dist/services/oauth2.service.js +27 -10
package/dist/types/agent.types.d.ts +22 -0
package/package.json +1 -1

package/dist/services/agent.service.js CHANGED Viewed

@@ -96,17 +96,27 @@ class AgentService {
      * Returns the runtime `AgentDefinition` ready to feed the runner.
      */
     async resolveAgent(params) {
+        // Public-chat slug lookup MUST gate on isActive — a deactivated
+        // agent shouldn't be reachable from a customer-facing widget.
         if (params.agentSlug && params.tenantId && this.resolver) {
             const record = await this.resolver.findBySlug(params.tenantId, params.agentSlug);
             if (record && record.isActive)
                 return toAgentDefinition(record);
         }
+        // Direct-id lookup does NOT gate on isActive. The caller has the
+        // opaque uuid because they already created a conversation against
+        // that agent (admin UI, system Agent Assist seed, internal job…).
+        // Refusing to stream the next turn just because someone toggled
+        // the agent inactive between turns surfaces as the opaque
+        // "Agent <uuid> not found" the admin saw in prod — actively
+        // hostile to operators. Leave inactive-filtering to the layer
+        // that handed out the agentId in the first place.
         if (params.agentId) {
             if (this.resolver) {
                 const record = await this.resolver
                     .findById(params.agentId)
                     .catch(() => null);
-                if (record && record.isActive)
+                if (record)
                     return toAgentDefinition(record);
             }
             // Final fallback: hardcoded SDK array.
@@ -161,7 +171,9 @@ class AgentService {
         // resolved agent declares one (e.g. a public-chat agent reusing the
         // owner's Gmail authorization); otherwise they fall back to the
         // caller's userId, which is the historical personal-agent path.
-        const extraTools = await this.resolveExtraTools(agent.connectorOwnerUserId ?? params.userId);
+        const resolvedExtras = await this.resolveExtraTools(agent.connectorOwnerUserId ?? params.userId);
+        const filter = params.overrides?.extraToolsFilter;
+        const extraTools = filter && resolvedExtras ? filter(resolvedExtras) : resolvedExtras;
         const response = await this.runner.run(agent, messages, {
             userId: params.userId,
             conversationId: params.conversationId,
@@ -225,7 +237,9 @@ class AgentService {
         // Same precedence as sendMessage — agent.connectorOwnerUserId takes
         // priority so a public-chat agent always uses the owner's connector
         // toolbelt regardless of which visitor session is streaming.
-        const extraTools = await this.resolveExtraTools(agent.connectorOwnerUserId ?? params.userId);
+        const resolvedExtras = await this.resolveExtraTools(agent.connectorOwnerUserId ?? params.userId);
+        const filter = params.overrides?.extraToolsFilter;
+        const extraTools = filter && resolvedExtras ? filter(resolvedExtras) : resolvedExtras;
         for await (const chunk of this.runner.stream(agent, messages, {
             userId: params.userId,
             conversationId: params.conversationId,

package/dist/services/oauth2.service.d.ts CHANGED Viewed

@@ -19,6 +19,23 @@ export interface OAuth2ProviderConfig {
     /** PKCE: defaults to true for security, but providers that don't support
      *  it (rare in 2026) can opt out. */
     usePkce?: boolean;
+    /**
+     * Optional extractor for non-standard token response shapes. The default
+     * reads `access_token` / `refresh_token` / etc. directly off the JSON
+     * body — RFC 6749 compliant providers (Google, HubSpot, ClickUp) don't
+     * need this.
+     *
+     * Slack's `oauth.v2.access` is the notable exception: when the consent
+     * grants only user scopes, the user token lands at
+     * `json.authed_user.access_token`, not at the root. Connectors with
+     * non-standard envelopes provide this hook to map their response into
+     * the canonical `TokenSet` the registry persists.
+     *
+     * If the extractor returns `accessToken: ''` (or any falsy string), the
+     * service treats the exchange as failed and surfaces a clear error
+     * instead of letting an empty string poison the encrypted-token row.
+     */
+    tokenExtractor?: (json: unknown) => TokenSet;
 }
 export interface AuthorizeUrlResult {
     url: string;

package/dist/services/oauth2.service.js CHANGED Viewed

@@ -45,7 +45,7 @@ class OAuth2Service {
         });
         if (pkceVerifier)
             body.set('code_verifier', pkceVerifier);
-        return this.postToken(cfg.tokenUrl, body);
+        return this.postToken(cfg.tokenUrl, body, cfg.tokenExtractor);
     }
     async refresh(cfg, refreshToken) {
         const body = new URLSearchParams({
@@ -54,9 +54,9 @@ class OAuth2Service {
             client_id: cfg.clientId,
             client_secret: cfg.clientSecret,
         });
-        return this.postToken(cfg.tokenUrl, body);
+        return this.postToken(cfg.tokenUrl, body, cfg.tokenExtractor);
     }
-    async postToken(tokenUrl, body) {
+    async postToken(tokenUrl, body, extractor) {
         const res = await this.fetchImpl(tokenUrl, {
             method: 'POST',
             headers: {
@@ -70,13 +70,30 @@ class OAuth2Service {
             throw new Error(`OAuth2 token endpoint ${tokenUrl} returned ${res.status}: ${text}`);
         }
         const json = (await res.json());
-        return {
-            accessToken: json.access_token,
-            refreshToken: json.refresh_token,
-            expiresIn: json.expires_in,
-            scope: json.scope,
-            tokenType: json.token_type,
-        };
+        const tokens = extractor ? extractor(json) : defaultExtractor(json);
+        // Guard against accidentally persisting an empty-string token — that
+        // would crash the cipher with "Received undefined" downstream and the
+        // operator would chase a confusing stack trace. Better to fail fast
+        // here with a descriptive error so the connector author knows their
+        // extractor (or the default) missed the token.
+        if (!tokens.accessToken) {
+            throw new Error(`OAuth2 token endpoint ${tokenUrl} returned a response without an access token. ` +
+                'If the provider uses a non-standard envelope, supply `tokenExtractor` on the ConnectorDefinition.');
+        }
+        return tokens;
     }
 }
 exports.OAuth2Service = OAuth2Service;
+/** RFC 6749 standard shape — used when the connector doesn't supply a
+ *  custom extractor. Mirrors the original behavior before the
+ *  `tokenExtractor` hook was added. */
+function defaultExtractor(json) {
+    const j = json;
+    return {
+        accessToken: j.access_token ?? '',
+        refreshToken: j.refresh_token,
+        expiresIn: j.expires_in,
+        scope: j.scope,
+        tokenType: j.token_type,
+    };
+}

package/dist/types/agent.types.d.ts CHANGED Viewed

@@ -45,6 +45,28 @@ export interface AgentOverrides {
      * routed through a per-call map (the registry doesn't see them).
      */
     extraTools?: AgentToolDefinition[];
+    /**
+     * Optional post-resolution filter applied to the tools that
+     * `AgentService` derives from the connector registry (the
+     * `resolveExtraTools(userId)` output). The caller receives the full
+     * list and returns the subset that should actually be exposed to the
+     * model for this turn.
+     *
+     * Use cases:
+     *   - The prompt-designer assistant exposes ONLY read-only tools to
+     *     itself even though the operator's tenant has write tools
+     *     authorized (see PROMPT_DESIGNER_TOOL_USE_SDD §4.2).
+     *   - A throttling layer dropping tools that have hit a rate limit.
+     *
+     * If omitted, the resolved list passes through unchanged — the
+     * historical behavior.
+     *
+     * Note: this filter runs AFTER `resolveExtraTools` and BEFORE the
+     * shallow merge with `overrides.extraTools`. Tools explicitly
+     * provided via `extraTools` are NOT filtered; the caller is
+     * responsible for vetting those.
+     */
+    extraToolsFilter?: (tools: AgentToolDefinition[]) => AgentToolDefinition[];
 }
 export interface AgentResponse {
     messageId: string;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@agentforge-io/core",
-  "version": "2.0.10",
+  "version": "2.0.14",
   "description": "Framework-free AI runtime SDK. Owns: agent loop (Anthropic), conversations, tools, streaming, agent-job queue, SdkHooks. Identity, billing, infra (email/uploads/secrets) live in the host's modules — not here.",
   "license": "MIT",
   "main": "dist/index.js",