npm - @agentforge-io/core - Versions diffs - 2.0.11 → 2.0.15 - Mend

@agentforge-io/core 2.0.11 → 2.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/services/agent.service.js +6 -2
package/dist/services/oauth2.service.d.ts +18 -0
package/dist/services/oauth2.service.js +33 -15
package/dist/types/agent.types.d.ts +22 -0
package/package.json +1 -1

package/dist/services/agent.service.js CHANGED Viewed

@@ -171,7 +171,9 @@ class AgentService {
         // resolved agent declares one (e.g. a public-chat agent reusing the
         // owner's Gmail authorization); otherwise they fall back to the
         // caller's userId, which is the historical personal-agent path.
-        const extraTools = await this.resolveExtraTools(agent.connectorOwnerUserId ?? params.userId);
+        const resolvedExtras = await this.resolveExtraTools(agent.connectorOwnerUserId ?? params.userId);
+        const filter = params.overrides?.extraToolsFilter;
+        const extraTools = filter && resolvedExtras ? filter(resolvedExtras) : resolvedExtras;
         const response = await this.runner.run(agent, messages, {
             userId: params.userId,
             conversationId: params.conversationId,
@@ -235,7 +237,9 @@ class AgentService {
         // Same precedence as sendMessage — agent.connectorOwnerUserId takes
         // priority so a public-chat agent always uses the owner's connector
         // toolbelt regardless of which visitor session is streaming.
-        const extraTools = await this.resolveExtraTools(agent.connectorOwnerUserId ?? params.userId);
+        const resolvedExtras = await this.resolveExtraTools(agent.connectorOwnerUserId ?? params.userId);
+        const filter = params.overrides?.extraToolsFilter;
+        const extraTools = filter && resolvedExtras ? filter(resolvedExtras) : resolvedExtras;
         for await (const chunk of this.runner.stream(agent, messages, {
             userId: params.userId,
             conversationId: params.conversationId,

package/dist/services/oauth2.service.d.ts CHANGED Viewed

@@ -36,6 +36,24 @@ export interface OAuth2ProviderConfig {
      * instead of letting an empty string poison the encrypted-token row.
      */
     tokenExtractor?: (json: unknown) => TokenSet;
+    /**
+     * Where to put the client credentials on the token exchange request.
+     *
+     *   - `'body'` (default) — appends `client_id` + `client_secret` to the
+     *     form-encoded body. Works for the majority of providers (Google,
+     *     HubSpot, ClickUp, Slack, GitHub).
+     *
+     *   - `'basic'` — sends them as `Authorization: Basic
+     *     base64(client_id:client_secret)` instead. Required by Notion
+     *     (their `/v1/oauth/token` rejects body credentials with
+     *     `invalid_client`), Spotify, and a handful of other providers
+     *     whose docs say "Basic Auth" explicitly.
+     *
+     * RFC 6749 §2.3.1 allows both forms but recommends Basic when both are
+     * supported. We default to body because it was the legacy behavior and
+     * every existing connector relies on it.
+     */
+    tokenAuth?: 'body' | 'basic';
 }
 export interface AuthorizeUrlResult {
     url: string;

package/dist/services/oauth2.service.js CHANGED Viewed

@@ -40,44 +40,62 @@ class OAuth2Service {
             grant_type: 'authorization_code',
             code,
             redirect_uri: redirectUri,
-            client_id: cfg.clientId,
-            client_secret: cfg.clientSecret,
         });
+        // Body-auth providers carry credentials in the form payload; basic-auth
+        // providers (Notion, Spotify) carry them in the Authorization header
+        // and reject body credentials with `invalid_client`. See
+        // OAuth2ProviderConfig.tokenAuth for the per-provider toggle.
+        if ((cfg.tokenAuth ?? 'body') === 'body') {
+            body.set('client_id', cfg.clientId);
+            body.set('client_secret', cfg.clientSecret);
+        }
         if (pkceVerifier)
             body.set('code_verifier', pkceVerifier);
-        return this.postToken(cfg.tokenUrl, body, cfg.tokenExtractor);
+        return this.postToken(cfg, body);
     }
     async refresh(cfg, refreshToken) {
         const body = new URLSearchParams({
             grant_type: 'refresh_token',
             refresh_token: refreshToken,
-            client_id: cfg.clientId,
-            client_secret: cfg.clientSecret,
         });
-        return this.postToken(cfg.tokenUrl, body, cfg.tokenExtractor);
+        if ((cfg.tokenAuth ?? 'body') === 'body') {
+            body.set('client_id', cfg.clientId);
+            body.set('client_secret', cfg.clientSecret);
+        }
+        return this.postToken(cfg, body);
     }
-    async postToken(tokenUrl, body, extractor) {
-        const res = await this.fetchImpl(tokenUrl, {
+    async postToken(cfg, body) {
+        const headers = {
+            'content-type': 'application/x-www-form-urlencoded',
+            accept: 'application/json',
+        };
+        // Basic-auth providers need credentials in the Authorization header
+        // instead of the body. RFC 6749 §2.3.1 — both forms are spec-legal
+        // but providers vary on which they accept.
+        if (cfg.tokenAuth === 'basic') {
+            const credentials = Buffer.from(`${cfg.clientId}:${cfg.clientSecret}`).toString('base64');
+            headers.authorization = `Basic ${credentials}`;
+        }
+        const res = await this.fetchImpl(cfg.tokenUrl, {
             method: 'POST',
-            headers: {
-                'content-type': 'application/x-www-form-urlencoded',
-                accept: 'application/json',
-            },
+            headers,
             body: body.toString(),
         });
         if (!res.ok) {
             const text = await res.text().catch(() => '');
-            throw new Error(`OAuth2 token endpoint ${tokenUrl} returned ${res.status}: ${text}`);
+            throw new Error(`OAuth2 token endpoint ${cfg.tokenUrl} returned ${res.status}: ${text}`);
         }
         const json = (await res.json());
-        const tokens = extractor ? extractor(json) : defaultExtractor(json);
+        const tokens = cfg.tokenExtractor
+            ? cfg.tokenExtractor(json)
+            : defaultExtractor(json);
         // Guard against accidentally persisting an empty-string token — that
         // would crash the cipher with "Received undefined" downstream and the
         // operator would chase a confusing stack trace. Better to fail fast
         // here with a descriptive error so the connector author knows their
         // extractor (or the default) missed the token.
         if (!tokens.accessToken) {
-            throw new Error(`OAuth2 token endpoint ${tokenUrl} returned a response without an access token. ` +
+            throw new Error(`OAuth2 token endpoint ${cfg.tokenUrl} returned a response without an access token. ` +
                 'If the provider uses a non-standard envelope, supply `tokenExtractor` on the ConnectorDefinition.');
         }
         return tokens;

package/dist/types/agent.types.d.ts CHANGED Viewed

@@ -45,6 +45,28 @@ export interface AgentOverrides {
      * routed through a per-call map (the registry doesn't see them).
      */
     extraTools?: AgentToolDefinition[];
+    /**
+     * Optional post-resolution filter applied to the tools that
+     * `AgentService` derives from the connector registry (the
+     * `resolveExtraTools(userId)` output). The caller receives the full
+     * list and returns the subset that should actually be exposed to the
+     * model for this turn.
+     *
+     * Use cases:
+     *   - The prompt-designer assistant exposes ONLY read-only tools to
+     *     itself even though the operator's tenant has write tools
+     *     authorized (see PROMPT_DESIGNER_TOOL_USE_SDD §4.2).
+     *   - A throttling layer dropping tools that have hit a rate limit.
+     *
+     * If omitted, the resolved list passes through unchanged — the
+     * historical behavior.
+     *
+     * Note: this filter runs AFTER `resolveExtraTools` and BEFORE the
+     * shallow merge with `overrides.extraTools`. Tools explicitly
+     * provided via `extraTools` are NOT filtered; the caller is
+     * responsible for vetting those.
+     */
+    extraToolsFilter?: (tools: AgentToolDefinition[]) => AgentToolDefinition[];
 }
 export interface AgentResponse {
     messageId: string;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@agentforge-io/core",
-  "version": "2.0.11",
+  "version": "2.0.15",
   "description": "Framework-free AI runtime SDK. Owns: agent loop (Anthropic), conversations, tools, streaming, agent-job queue, SdkHooks. Identity, billing, infra (email/uploads/secrets) live in the host's modules — not here.",
   "license": "MIT",
   "main": "dist/index.js",