npm - @agenthifive/openclaw - Versions diffs - 0.1.0 - Mend

@agenthifive/openclaw 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

package/README.md +124 -0
package/dist/client.d.ts +27 -0
package/dist/client.d.ts.map +1 -0
package/dist/client.js +136 -0
package/dist/client.js.map +1 -0
package/dist/index.d.ts +16 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +23 -0
package/dist/index.js.map +1 -0
package/dist/jwt-utils.d.ts +29 -0
package/dist/jwt-utils.d.ts.map +1 -0
package/dist/jwt-utils.js +55 -0
package/dist/jwt-utils.js.map +1 -0
package/dist/patch-verify.d.ts +28 -0
package/dist/patch-verify.d.ts.map +1 -0
package/dist/patch-verify.js +72 -0
package/dist/patch-verify.js.map +1 -0
package/dist/pending-approvals.d.ts +55 -0
package/dist/pending-approvals.d.ts.map +1 -0
package/dist/pending-approvals.js +95 -0
package/dist/pending-approvals.js.map +1 -0
package/dist/prompt-reference.d.ts +51 -0
package/dist/prompt-reference.d.ts.map +1 -0
package/dist/prompt-reference.js +645 -0
package/dist/prompt-reference.js.map +1 -0
package/dist/register.d.ts +20 -0
package/dist/register.d.ts.map +1 -0
package/dist/register.js +551 -0
package/dist/register.js.map +1 -0
package/dist/runtime.d.ts +66 -0
package/dist/runtime.d.ts.map +1 -0
package/dist/runtime.js +87 -0
package/dist/runtime.js.map +1 -0
package/dist/session-context.d.ts +39 -0
package/dist/session-context.d.ts.map +1 -0
package/dist/session-context.js +58 -0
package/dist/session-context.js.map +1 -0
package/dist/setup-wizard.d.ts +28 -0
package/dist/setup-wizard.d.ts.map +1 -0
package/dist/setup-wizard.js +303 -0
package/dist/setup-wizard.js.map +1 -0
package/dist/tools.d.ts +27 -0
package/dist/tools.d.ts.map +1 -0
package/dist/tools.js +128 -0
package/dist/tools.js.map +1 -0
package/dist/types.d.ts +93 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +2 -0
package/dist/types.js.map +1 -0
package/dist/vault-action-proxy.d.ts +75 -0
package/dist/vault-action-proxy.d.ts.map +1 -0
package/dist/vault-action-proxy.js +152 -0
package/dist/vault-action-proxy.js.map +1 -0
package/dist/vault-provider.d.ts +52 -0
package/dist/vault-provider.d.ts.map +1 -0
package/dist/vault-provider.js +37 -0
package/dist/vault-provider.js.map +1 -0
package/dist/vault-token-manager.d.ts +42 -0
package/dist/vault-token-manager.d.ts.map +1 -0
package/dist/vault-token-manager.js +124 -0
package/dist/vault-token-manager.js.map +1 -0
package/openclaw.plugin.json +59 -0
package/package.json +58 -0
package/patches/README.md +85 -0
package/patches/model-auth.patch +44 -0

package/dist/runtime.d.ts ADDED Viewed

@@ -0,0 +1,66 @@
+/**
+ * Runtime exports for OpenClaw core patches.
+ *
+ * This module is imported dynamically by the model-auth.ts patch via:
+ *   const runtime = await import("@agenthifive/openclaw/runtime");
+ *
+ * It exposes the minimum surface needed for credential resolution without
+ * pulling in the full plugin. When the plugin is not installed, the dynamic
+ * import fails silently and the patch is a no-op.
+ *
+ * Separate entry point from index.ts so patches import only what they need.
+ */
+import type { CredentialProvider } from "./vault-provider.js";
+/**
+ * Query for credential resolution from the patch.
+ * Mirrors the fork's CredentialQuery shape used in model-auth.ts.
+ */
+export type RuntimeCredentialQuery = {
+    kind: "model_provider" | "channel" | "plugin_config";
+    provider: string;
+    profileId?: string;
+    fields?: string[];
+};
+/**
+ * Result returned to the patch from credential resolution.
+ */
+export type RuntimeCredentialResult = {
+    apiKey: string;
+    source?: string;
+    mode?: "api-key" | "oauth" | "token";
+};
+/**
+ * Called by register.ts after agent auth is initialized.
+ * Sets the vault bearer token getter for Tier 0 proxied providers.
+ */
+export declare function setVaultBearerToken(token: string | null): void;
+/**
+ * Called by register.ts to set the credential provider for Tier 0.5 resolution.
+ */
+export declare function setCredentialProvider(provider: CredentialProvider | null): void;
+/**
+ * Called by register.ts to set the list of providers that should use vault bearer tokens.
+ */
+export declare function setProxiedProviders(providers: string[]): void;
+/**
+ * Get the current vault bearer token for proxied provider auth.
+ * Returns null if the plugin is not initialized or no token is available.
+ */
+export declare function getVaultBearerToken(): string | null;
+/**
+ * Get the list of providers configured for vault token proxying.
+ */
+export declare function getProxiedProviders(): string[];
+/**
+ * Resolve credentials via the configured credential provider chain.
+ * Returns null if no provider is configured or no credentials are found.
+ *
+ * Adapts between the patch-facing types (RuntimeCredentialQuery/Result)
+ * and the internal CredentialProvider interface.
+ */
+export declare function resolveCredential(query: RuntimeCredentialQuery): Promise<RuntimeCredentialResult | null>;
+/**
+ * Check whether the runtime has been initialized (plugin is loaded and auth is ready).
+ */
+export declare function isInitialized(): boolean;
+//# sourceMappingURL=runtime.d.ts.map

package/dist/runtime.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAM9D;;;GAGG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,gBAAgB,GAAG,SAAS,GAAG,eAAe,CAAC;IACrD,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,SAAS,GAAG,OAAO,GAAG,OAAO,CAAC;CACtC,CAAC;AAcF;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAE9D;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,kBAAkB,GAAG,IAAI,GAAG,IAAI,CAE/E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI,CAE7D;AAMD;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,GAAG,IAAI,CAEnD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,EAAE,CAE9C;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,sBAAsB,GAC5B,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAiBzC;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,OAAO,CAEvC"}

package/dist/runtime.js ADDED Viewed

@@ -0,0 +1,87 @@
+/**
+ * Runtime exports for OpenClaw core patches.
+ *
+ * This module is imported dynamically by the model-auth.ts patch via:
+ *   const runtime = await import("@agenthifive/openclaw/runtime");
+ *
+ * It exposes the minimum surface needed for credential resolution without
+ * pulling in the full plugin. When the plugin is not installed, the dynamic
+ * import fails silently and the patch is a no-op.
+ *
+ * Separate entry point from index.ts so patches import only what they need.
+ */
+// ---------------------------------------------------------------------------
+// Module-scoped state — set by register.ts during plugin init
+// ---------------------------------------------------------------------------
+let _vaultBearerToken = null;
+let _credentialProvider = null;
+let _proxiedProviders = [];
+// ---------------------------------------------------------------------------
+// Setup (called by register.ts)
+// ---------------------------------------------------------------------------
+/**
+ * Called by register.ts after agent auth is initialized.
+ * Sets the vault bearer token getter for Tier 0 proxied providers.
+ */
+export function setVaultBearerToken(token) {
+    _vaultBearerToken = token;
+}
+/**
+ * Called by register.ts to set the credential provider for Tier 0.5 resolution.
+ */
+export function setCredentialProvider(provider) {
+    _credentialProvider = provider;
+}
+/**
+ * Called by register.ts to set the list of providers that should use vault bearer tokens.
+ */
+export function setProxiedProviders(providers) {
+    _proxiedProviders = providers;
+}
+// ---------------------------------------------------------------------------
+// Patch-facing API
+// ---------------------------------------------------------------------------
+/**
+ * Get the current vault bearer token for proxied provider auth.
+ * Returns null if the plugin is not initialized or no token is available.
+ */
+export function getVaultBearerToken() {
+    return _vaultBearerToken;
+}
+/**
+ * Get the list of providers configured for vault token proxying.
+ */
+export function getProxiedProviders() {
+    return _proxiedProviders;
+}
+/**
+ * Resolve credentials via the configured credential provider chain.
+ * Returns null if no provider is configured or no credentials are found.
+ *
+ * Adapts between the patch-facing types (RuntimeCredentialQuery/Result)
+ * and the internal CredentialProvider interface.
+ */
+export async function resolveCredential(query) {
+    if (!_credentialProvider)
+        return null;
+    const internalQuery = {
+        provider: query.provider,
+    };
+    if (query.fields)
+        internalQuery.scopes = query.fields;
+    const result = await _credentialProvider.resolve(internalQuery);
+    if (!result)
+        return null;
+    return {
+        apiKey: result.token,
+        source: `credential-provider:${_credentialProvider.id}`,
+        mode: "api-key",
+    };
+}
+/**
+ * Check whether the runtime has been initialized (plugin is loaded and auth is ready).
+ */
+export function isInitialized() {
+    return _vaultBearerToken !== null || _credentialProvider !== null;
+}
+//# sourceMappingURL=runtime.js.map

package/dist/runtime.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AA4BH,8EAA8E;AAC9E,8DAA8D;AAC9D,8EAA8E;AAE9E,IAAI,iBAAiB,GAAkB,IAAI,CAAC;AAC5C,IAAI,mBAAmB,GAA8B,IAAI,CAAC;AAC1D,IAAI,iBAAiB,GAAa,EAAE,CAAC;AAErC,8EAA8E;AAC9E,gCAAgC;AAChC,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAoB;IACtD,iBAAiB,GAAG,KAAK,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAmC;IACvE,mBAAmB,GAAG,QAAQ,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,SAAmB;IACrD,iBAAiB,GAAG,SAAS,CAAC;AAChC,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,KAA6B;IAE7B,IAAI,CAAC,mBAAmB;QAAE,OAAO,IAAI,CAAC;IAEtC,MAAM,aAAa,GAAkD;QACnE,QAAQ,EAAE,KAAK,CAAC,QAAQ;KACzB,CAAC;IACF,IAAI,KAAK,CAAC,MAAM;QAAE,aAAa,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAEtD,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAEhE,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,KAAK;QACpB,MAAM,EAAE,uBAAuB,mBAAmB,CAAC,EAAE,EAAE;QACvD,IAAI,EAAE,SAAS;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,iBAAiB,KAAK,IAAI,IAAI,mBAAmB,KAAK,IAAI,CAAC;AACpE,CAAC"}

package/dist/session-context.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * Lightweight session context tracking for vault tools.
+ *
+ * The `before_agent_start` hook has access to the current session's key
+ * (via PluginHookAgentContext), but agent tools receive no session context.
+ * This module bridges the gap with a module-scoped variable.
+ *
+ * The hook sets the current session at the start of each agent turn;
+ * the vault_execute tool reads it when writing pending approvals.
+ *
+ * Safety: OpenClaw serialises agent turns per session lane, so within
+ * a single session the set → read ordering is guaranteed. Concurrent
+ * sessions on different lanes have a theoretical race window, but the
+ * impact is minimal (worst case: an approval notification routes to a
+ * slightly wrong session; the correct session still picks it up via the
+ * before_agent_start fallback hook on its next turn).
+ */
+export type SessionContext = {
+    sessionKey: string;
+    channel?: string;
+    peerId?: string;
+    peerKind?: string;
+};
+export declare function setCurrentSessionContext(ctx: SessionContext): void;
+export declare function getCurrentSessionContext(): SessionContext | undefined;
+/**
+ * Parse routing info from a session key.
+ *
+ * Session keys from buildAgentPeerSessionKey use these formats:
+ *   "agent:{agentId}:{channel}:{peerKind}:{peerId}"              (per-channel-peer / group)
+ *   "agent:{agentId}:{channel}:{accountId}:{peerKind}:{peerId}"  (per-account-channel-peer)
+ *   "agent:{agentId}:main"                                        (TUI/webchat dmScope=main)
+ */
+export declare function parseSessionKey(sessionKey: string): {
+    channel?: string;
+    peerKind?: string;
+    peerId?: string;
+};
+//# sourceMappingURL=session-context.d.ts.map

package/dist/session-context.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session-context.d.ts","sourceRoot":"","sources":["../src/session-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,MAAM,MAAM,cAAc,GAAG;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAIF,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,cAAc,GAAG,IAAI,CAElE;AAED,wBAAgB,wBAAwB,IAAI,cAAc,GAAG,SAAS,CAErE;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG;IACnD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAkBA"}

package/dist/session-context.js ADDED Viewed

@@ -0,0 +1,58 @@
+/**
+ * Lightweight session context tracking for vault tools.
+ *
+ * The `before_agent_start` hook has access to the current session's key
+ * (via PluginHookAgentContext), but agent tools receive no session context.
+ * This module bridges the gap with a module-scoped variable.
+ *
+ * The hook sets the current session at the start of each agent turn;
+ * the vault_execute tool reads it when writing pending approvals.
+ *
+ * Safety: OpenClaw serialises agent turns per session lane, so within
+ * a single session the set → read ordering is guaranteed. Concurrent
+ * sessions on different lanes have a theoretical race window, but the
+ * impact is minimal (worst case: an approval notification routes to a
+ * slightly wrong session; the correct session still picks it up via the
+ * before_agent_start fallback hook on its next turn).
+ */
+let _current;
+export function setCurrentSessionContext(ctx) {
+    _current = ctx;
+}
+export function getCurrentSessionContext() {
+    return _current;
+}
+/**
+ * Parse routing info from a session key.
+ *
+ * Session keys from buildAgentPeerSessionKey use these formats:
+ *   "agent:{agentId}:{channel}:{peerKind}:{peerId}"              (per-channel-peer / group)
+ *   "agent:{agentId}:{channel}:{accountId}:{peerKind}:{peerId}"  (per-account-channel-peer)
+ *   "agent:{agentId}:main"                                        (TUI/webchat dmScope=main)
+ */
+export function parseSessionKey(sessionKey) {
+    const parts = sessionKey.split(":");
+    if (parts.length < 5) {
+        return {};
+    }
+    if (parts.length === 5) {
+        const result = {};
+        if (parts[2])
+            result.channel = parts[2];
+        if (parts[3])
+            result.peerKind = parts[3];
+        if (parts[4])
+            result.peerId = parts[4];
+        return result;
+    }
+    const result = {};
+    if (parts[2])
+        result.channel = parts[2];
+    if (parts[4])
+        result.peerKind = parts[4];
+    const peerId = parts.slice(5).join(":");
+    if (peerId)
+        result.peerId = peerId;
+    return result;
+}
+//# sourceMappingURL=session-context.js.map

package/dist/session-context.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session-context.js","sourceRoot":"","sources":["../src/session-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AASH,IAAI,QAAoC,CAAC;AAEzC,MAAM,UAAU,wBAAwB,CAAC,GAAmB;IAC1D,QAAQ,GAAG,GAAG,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,wBAAwB;IACtC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAAC,UAAkB;IAKhD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,MAAM,GAA6D,EAAE,CAAC;QAC5E,IAAI,KAAK,CAAC,CAAC,CAAC;YAAE,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACxC,IAAI,KAAK,CAAC,CAAC,CAAC;YAAE,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACzC,IAAI,KAAK,CAAC,CAAC,CAAC;YAAE,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvC,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,MAAM,MAAM,GAA6D,EAAE,CAAC;IAC5E,IAAI,KAAK,CAAC,CAAC,CAAC;QAAE,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACxC,IAAI,KAAK,CAAC,CAAC,CAAC;QAAE,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxC,IAAI,MAAM;QAAE,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;IACnC,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/setup-wizard.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * Setup wizard for AgentHiFive vault integration.
+ *
+ * Bootstraps agent auth, discovers capabilities, and outputs JSON config
+ * that the user pastes into their openclaw.json.
+ *
+ * Two modes:
+ * - Interactive: prompts via Node.js readline
+ * - Non-interactive: accepts --base-url and --bootstrap-secret flags
+ *
+ * Registered as `openclaw setup-vault` via api.registerCommand() in register.ts.
+ */
+export interface SetupOptions {
+    baseUrl?: string;
+    bootstrapSecret?: string;
+    nonInteractive?: boolean;
+}
+export declare function buildConfigOutput(params: {
+    baseUrl: string;
+    agentId: string;
+    privateKey: JsonWebKey;
+    connections: Record<string, string>;
+    connectedProviders: string[];
+    proxiedProviders: string[];
+}): object;
+export declare function runSetupWizard(opts?: SetupOptions): Promise<void>;
+export declare function parseSetupArgs(args: string[]): SetupOptions;
+//# sourceMappingURL=setup-wizard.d.ts.map

package/dist/setup-wizard.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"setup-wizard.d.ts","sourceRoot":"","sources":["../src/setup-wizard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AASH,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AA8HD,wBAAgB,iBAAiB,CAAC,MAAM,EAAE;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B,GAAG,MAAM,CA4BT;AAMD,wBAAsB,cAAc,CAAC,IAAI,GAAE,YAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CA2K3E;AAmCD,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,YAAY,CAsB3D"}

package/dist/setup-wizard.js ADDED Viewed

@@ -0,0 +1,303 @@
+/**
+ * Setup wizard for AgentHiFive vault integration.
+ *
+ * Bootstraps agent auth, discovers capabilities, and outputs JSON config
+ * that the user pastes into their openclaw.json.
+ *
+ * Two modes:
+ * - Interactive: prompts via Node.js readline
+ * - Non-interactive: accepts --base-url and --bootstrap-secret flags
+ *
+ * Registered as `openclaw setup-vault` via api.registerCommand() in register.ts.
+ */
+import { generateKeyPair, exportJWK } from "jose";
+import { VaultTokenManager } from "./vault-token-manager.js";
+// ---------------------------------------------------------------------------
+// Readline helpers
+// ---------------------------------------------------------------------------
+async function prompt(question, defaultValue) {
+    const { createInterface } = await import("node:readline");
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    const suffix = defaultValue ? ` [${defaultValue}]` : "";
+    return new Promise((resolve) => {
+        rl.question(`${question}${suffix}: `, (answer) => {
+            rl.close();
+            resolve(answer.trim() || defaultValue || "");
+        });
+    });
+}
+async function confirm(question, defaultYes = true) {
+    const hint = defaultYes ? "[Y/n]" : "[y/N]";
+    const answer = await prompt(`${question} ${hint}`);
+    if (!answer)
+        return defaultYes;
+    return answer.toLowerCase().startsWith("y");
+}
+// ---------------------------------------------------------------------------
+// Vault API helpers
+// ---------------------------------------------------------------------------
+async function bootstrapAgent(baseUrl, bootstrapSecret) {
+    const { publicKey, privateKey } = await generateKeyPair("ES256");
+    const publicJWK = await exportJWK(publicKey);
+    const privateJWK = await exportJWK(privateKey);
+    const response = await fetch(`${baseUrl}/v1/agents/bootstrap`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            bootstrapSecret: bootstrapSecret.trim(),
+            publicKey: publicJWK,
+        }),
+        signal: AbortSignal.timeout(10_000),
+    });
+    if (!response.ok) {
+        const body = await response.text().catch(() => "");
+        throw new Error(`Bootstrap failed (${response.status}): ${body || "check that the secret is valid and not expired"}`);
+    }
+    const result = (await response.json());
+    return { ...result, privateKey: privateJWK };
+}
+async function fetchCapabilities(baseUrl, token) {
+    const response = await fetch(`${baseUrl}/v1/capabilities/me`, {
+        method: "GET",
+        headers: { Authorization: `Bearer ${token}` },
+        signal: AbortSignal.timeout(5_000),
+    });
+    if (!response.ok) {
+        throw new Error(`Capabilities fetch failed (${response.status})`);
+    }
+    const body = (await response.json());
+    return body.activeConnections ?? [];
+}
+// ---------------------------------------------------------------------------
+// Service mapping
+// ---------------------------------------------------------------------------
+const SUPPORTED_SERVICES = {
+    telegram: "telegram",
+    slack: "slack",
+    "microsoft-teams": "msteams",
+    "anthropic-messages": "anthropic",
+    openai: "openai",
+    gemini: "gemini",
+};
+function integrationLabel(conn) {
+    if (conn.category === "llm")
+        return "LLM proxy";
+    if (conn.credentialType === "bot_token")
+        return "brokered API proxy";
+    if (conn.credentialType === "oauth")
+        return "brokered API proxy";
+    return "auth managed";
+}
+// ---------------------------------------------------------------------------
+// Config output builder
+// ---------------------------------------------------------------------------
+export function buildConfigOutput(params) {
+    return {
+        plugins: {
+            enabled: true,
+            allow: ["agenthifive"],
+            load: {
+                paths: ["@agenthifive/openclaw"],
+            },
+            entries: {
+                agenthifive: {
+                    enabled: true,
+                    hooks: { allowPromptInjection: true },
+                    config: {
+                        baseUrl: params.baseUrl,
+                        auth: {
+                            mode: "agent",
+                            agentId: params.agentId,
+                            privateKey: Buffer.from(JSON.stringify(params.privateKey)).toString("base64"),
+                        },
+                        connectedProviders: params.connectedProviders,
+                        proxiedProviders: params.proxiedProviders,
+                    },
+                },
+            },
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// Main wizard
+// ---------------------------------------------------------------------------
+export async function runSetupWizard(opts = {}) {
+    const log = (msg) => process.stdout.write(`${msg}\n`);
+    log("");
+    log("  AgentHiFive Vault Setup");
+    log("  " + "=".repeat(40));
+    log("");
+    // Step 1: Base URL
+    let baseUrl = opts.baseUrl;
+    if (!baseUrl) {
+        if (opts.nonInteractive) {
+            throw new Error("--base-url is required in non-interactive mode");
+        }
+        baseUrl = await prompt("AgentHiFive base URL", "https://app.agenthifive.com");
+    }
+    baseUrl = baseUrl.replace(/\/+$/, "");
+    // Step 2: Bootstrap secret
+    let bootstrapSecret = opts.bootstrapSecret;
+    if (!bootstrapSecret) {
+        if (opts.nonInteractive) {
+            throw new Error("--bootstrap-secret is required in non-interactive mode");
+        }
+        log("");
+        log("  Generate a bootstrap secret from the AgentHiFive dashboard:");
+        log("    Dashboard -> Agents -> [your agent] -> Bootstrap Secret");
+        log("  The secret expires in 1 hour.");
+        log("");
+        bootstrapSecret = await prompt("Bootstrap secret (ah5b_...)");
+    }
+    if (!bootstrapSecret.startsWith("ah5b_")) {
+        throw new Error("Bootstrap secrets must start with ah5b_");
+    }
+    // Step 3: Bootstrap — generate key pair + register
+    log("");
+    log("  Bootstrapping agent...");
+    const { agentId, name, status, privateKey } = await bootstrapAgent(baseUrl, bootstrapSecret);
+    log(`  Agent "${name}" bootstrapped (${agentId.slice(0, 8)}..., status: ${status})`);
+    // Step 4: Verify token exchange
+    log("  Verifying token exchange...");
+    const tokenManager = new VaultTokenManager({
+        baseUrl,
+        agentId,
+        privateKey,
+        tokenAudience: baseUrl,
+    });
+    try {
+        await tokenManager.init();
+        log("  Token exchange successful");
+    }
+    catch (err) {
+        log(`  WARNING: Token exchange failed: ${err instanceof Error ? err.message : String(err)}`);
+        log("  Config will still be generated — you may need to fix auth settings.");
+        tokenManager.stop();
+        outputMinimalConfig(log, baseUrl, agentId, privateKey);
+        return;
+    }
+    // Step 5: Fetch capabilities
+    log("  Fetching capabilities...");
+    let vaultConnections = [];
+    try {
+        vaultConnections = await fetchCapabilities(baseUrl, tokenManager.getToken());
+    }
+    catch (err) {
+        log(`  WARNING: Could not fetch capabilities: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    tokenManager.stop();
+    // Step 6: Show connection status
+    const connections = {};
+    const connectedProviders = [];
+    const proxiedProviders = [];
+    const seenServices = new Set();
+    log("");
+    log("  Connected Services:");
+    log("  " + "-".repeat(50));
+    for (const conn of vaultConnections) {
+        const openclawName = SUPPORTED_SERVICES[conn.service] ?? conn.service;
+        connections[openclawName] = conn.connectionId ?? "vault-managed";
+        if (seenServices.has(conn.service))
+            continue;
+        seenServices.add(conn.service);
+        const displayLabel = conn.displayName || openclawName;
+        log(`  + ${displayLabel.padEnd(20)} - connected (${integrationLabel(conn)})`);
+        connectedProviders.push(openclawName);
+        if (conn.category === "llm") {
+            proxiedProviders.push(openclawName);
+        }
+    }
+    // Show missing services
+    for (const [serviceId, openclawName] of Object.entries(SUPPORTED_SERVICES)) {
+        if (!seenServices.has(serviceId)) {
+            log(`  - ${openclawName.padEnd(20)} - not connected`);
+        }
+    }
+    if (vaultConnections.length === 0) {
+        log("  No connections found. Add connections in the AgentHiFive dashboard.");
+    }
+    // Step 7: Ask about credential proxying patch
+    let showPatchInstructions = false;
+    if (proxiedProviders.length > 0 && !opts.nonInteractive) {
+        log("");
+        showPatchInstructions = await confirm("  Enable LLM credential proxying? (requires a one-time patch)");
+    }
+    // Step 8: Output config
+    const configBlock = buildConfigOutput({
+        baseUrl,
+        agentId,
+        privateKey,
+        connections,
+        connectedProviders,
+        proxiedProviders,
+    });
+    log("");
+    log("  " + "=".repeat(50));
+    log("  Add this to your ~/.openclaw/openclaw.json:");
+    log("  " + "=".repeat(50));
+    log("");
+    log(JSON.stringify(configBlock, null, 2));
+    log("");
+    if (showPatchInstructions) {
+        log("  " + "-".repeat(50));
+        log("  To enable LLM credential proxying, apply the patch:");
+        log("  " + "-".repeat(50));
+        log("");
+        log("  pnpm patch openclaw");
+        log("  cd <temp-directory>");
+        log("  patch -p1 < node_modules/@agenthifive/openclaw/patches/model-auth.patch");
+        log("  pnpm patch-commit <temp-directory>");
+        log("");
+    }
+    log("  Setup complete!");
+    log("");
+}
+// ---------------------------------------------------------------------------
+// Fallback: minimal config when token exchange fails
+// ---------------------------------------------------------------------------
+function outputMinimalConfig(log, baseUrl, agentId, privateKey) {
+    const configBlock = buildConfigOutput({
+        baseUrl,
+        agentId,
+        privateKey,
+        connections: {},
+        connectedProviders: [],
+        proxiedProviders: [],
+    });
+    log("");
+    log("  " + "=".repeat(50));
+    log("  Add this to your ~/.openclaw/openclaw.json:");
+    log("  (capabilities could not be fetched - update manually)");
+    log("  " + "=".repeat(50));
+    log("");
+    log(JSON.stringify(configBlock, null, 2));
+    log("");
+}
+// ---------------------------------------------------------------------------
+// CLI argument parser (for non-interactive mode)
+// ---------------------------------------------------------------------------
+export function parseSetupArgs(args) {
+    const opts = {};
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        if (arg === "--base-url" && args[i + 1]) {
+            const val = args[++i];
+            if (val)
+                opts.baseUrl = val;
+        }
+        else if (arg === "--bootstrap-secret" && args[i + 1]) {
+            const val = args[++i];
+            if (val)
+                opts.bootstrapSecret = val;
+        }
+        else if (arg === "--non-interactive") {
+            opts.nonInteractive = true;
+        }
+    }
+    // Auto-enable non-interactive if both required args are provided
+    if (opts.baseUrl && opts.bootstrapSecret) {
+        opts.nonInteractive = true;
+    }
+    return opts;
+}
+//# sourceMappingURL=setup-wizard.js.map

package/dist/setup-wizard.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"setup-wizard.js","sourceRoot":"","sources":["../src/setup-wizard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAwB7D,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,KAAK,UAAU,MAAM,CAAC,QAAgB,EAAE,YAAqB;IAC3D,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;IAC1D,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAE7E,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACxD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,EAAE,CAAC,QAAQ,CAAC,GAAG,QAAQ,GAAG,MAAM,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE;YAC/C,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,YAAY,IAAI,EAAE,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,QAAgB,EAAE,UAAU,GAAG,IAAI;IACxD,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;IAC5C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,GAAG,QAAQ,IAAI,IAAI,EAAE,CAAC,CAAC;IACnD,IAAI,CAAC,MAAM;QAAE,OAAO,UAAU,CAAC;IAC/B,OAAO,MAAM,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AAC9C,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,KAAK,UAAU,cAAc,CAC3B,OAAe,EACf,eAAuB;IAOvB,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,CAAC;IAC7C,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,CAAC;IAE/C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,sBAAsB,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,eAAe,EAAE,eAAe,CAAC,IAAI,EAAE;YACvC,SAAS,EAAE,SAAS;SACrB,CAAC;QACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;KACpC,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACnD,MAAM,IAAI,KAAK,CACb,qBAAqB,QAAQ,CAAC,MAAM,MAAM,IAAI,IAAI,gDAAgD,EAAE,CACrG,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIpC,CAAC;IAEF,OAAO,EAAE,GAAG,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;AAC/C,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,OAAe,EACf,KAAa;IAEb,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,qBAAqB,EAAE;QAC5D,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE;QAC7C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;KACnC,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAElC,CAAC;IAEF,OAAO,IAAI,CAAC,iBAAiB,IAAI,EAAE,CAAC;AACtC,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,MAAM,kBAAkB,GAA2B;IACjD,QAAQ,EAAE,UAAU;IACpB,KAAK,EAAE,OAAO;IACd,iBAAiB,EAAE,SAAS;IAC5B,oBAAoB,EAAE,WAAW;IACjC,MAAM,EAAE,QAAQ;IAChB,MAAM,EAAE,QAAQ;CACjB,CAAC;AAEF,SAAS,gBAAgB,CAAC,IAAqB;IAC7C,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK;QAAE,OAAO,WAAW,CAAC;IAChD,IAAI,IAAI,CAAC,cAAc,KAAK,WAAW;QAAE,OAAO,oBAAoB,CAAC;IACrE,IAAI,IAAI,CAAC,cAAc,KAAK,OAAO;QAAE,OAAO,oBAAoB,CAAC;IACjE,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E,MAAM,UAAU,iBAAiB,CAAC,MAOjC;IACC,OAAO;QACL,OAAO,EAAE;YACP,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,CAAC,aAAa,CAAC;YACtB,IAAI,EAAE;gBACJ,KAAK,EAAE,CAAC,uBAAuB,CAAC;aACjC;YACD,OAAO,EAAE;gBACP,WAAW,EAAE;oBACX,OAAO,EAAE,IAAI;oBACb,KAAK,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE;oBACrC,MAAM,EAAE;wBACN,OAAO,EAAE,MAAM,CAAC,OAAO;wBACvB,IAAI,EAAE;4BACJ,IAAI,EAAE,OAAO;4BACb,OAAO,EAAE,MAAM,CAAC,OAAO;4BACvB,UAAU,EAAE,MAAM,CAAC,IAAI,CACrB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAClC,CAAC,QAAQ,CAAC,QAAQ,CAAC;yBACrB;wBACD,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;wBAC7C,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;qBAC1C;iBACF;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,OAAqB,EAAE;IAC1D,MAAM,GAAG,GAAG,CAAC,GAAW,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;IAE9D,GAAG,CAAC,EAAE,CAAC,CAAC;IACR,GAAG,CAAC,2BAA2B,CAAC,CAAC;IACjC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,GAAG,CAAC,EAAE,CAAC,CAAC;IAER,mBAAmB;IACnB,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAC3B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QACD,OAAO,GAAG,MAAM,MAAM,CACpB,sBAAsB,EACtB,6BAA6B,CAC9B,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAEtC,2BAA2B;IAC3B,IAAI,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC;IAC3C,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,CAAC;QACD,GAAG,CAAC,EAAE,CAAC,CAAC;QACR,GAAG,CAAC,+DAA+D,CAAC,CAAC;QACrE,GAAG,CAAC,6DAA6D,CAAC,CAAC;QACnE,GAAG,CAAC,iCAAiC,CAAC,CAAC;QACvC,GAAG,CAAC,EAAE,CAAC,CAAC;QACR,eAAe,GAAG,MAAM,MAAM,CAAC,6BAA6B,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IAED,mDAAmD;IACnD,GAAG,CAAC,EAAE,CAAC,CAAC;IACR,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAChC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,cAAc,CAChE,OAAO,EACP,eAAe,CAChB,CAAC;IACF,GAAG,CACD,YAAY,IAAI,mBAAmB,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,gBAAgB,MAAM,GAAG,CAChF,CAAC;IAEF,gCAAgC;IAChC,GAAG,CAAC,+BAA+B,CAAC,CAAC;IACrC,MAAM,YAAY,GAAG,IAAI,iBAAiB,CAAC;QACzC,OAAO;QACP,OAAO;QACP,UAAU;QACV,aAAa,EAAE,OAAO;KACvB,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;QAC1B,GAAG,CAAC,6BAA6B,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CACD,qCAAqC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACxF,CAAC;QACF,GAAG,CAAC,uEAAuE,CAAC,CAAC;QAC7E,YAAY,CAAC,IAAI,EAAE,CAAC;QACpB,mBAAmB,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;QACvD,OAAO;IACT,CAAC;IAED,6BAA6B;IAC7B,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAClC,IAAI,gBAAgB,GAAsB,EAAE,CAAC;IAC7C,IAAI,CAAC;QACH,gBAAgB,GAAG,MAAM,iBAAiB,CACxC,OAAO,EACP,YAAY,CAAC,QAAQ,EAAE,CACxB,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CACD,4CAA4C,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC/F,CAAC;IACJ,CAAC;IACD,YAAY,CAAC,IAAI,EAAE,CAAC;IAEpB,iCAAiC;IACjC,MAAM,WAAW,GAA2B,EAAE,CAAC;IAC/C,MAAM,kBAAkB,GAAa,EAAE,CAAC;IACxC,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IAEvC,GAAG,CAAC,EAAE,CAAC,CAAC;IACR,GAAG,CAAC,uBAAuB,CAAC,CAAC;IAC7B,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE3B,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC;QACtE,WAAW,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,YAAY,IAAI,eAAe,CAAC;QAEjE,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,SAAS;QAC7C,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE/B,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,IAAI,YAAY,CAAC;QACtD,GAAG,CACD,OAAO,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC,iBAAiB,gBAAgB,CAAC,IAAI,CAAC,GAAG,CACzE,CAAC;QAEF,kBAAkB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACtC,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;YAC5B,gBAAgB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,KAAK,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAC3E,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACjC,GAAG,CACD,OAAO,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC,kBAAkB,CACjD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,uEAAuE,CAAC,CAAC;IAC/E,CAAC;IAED,8CAA8C;IAC9C,IAAI,qBAAqB,GAAG,KAAK,CAAC;IAClC,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QACxD,GAAG,CAAC,EAAE,CAAC,CAAC;QACR,qBAAqB,GAAG,MAAM,OAAO,CACnC,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,wBAAwB;IACxB,MAAM,WAAW,GAAG,iBAAiB,CAAC;QACpC,OAAO;QACP,OAAO;QACP,UAAU;QACV,WAAW;QACX,kBAAkB;QAClB,gBAAgB;KACjB,CAAC,CAAC;IAEH,GAAG,CAAC,EAAE,CAAC,CAAC;IACR,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,GAAG,CAAC,+CAA+C,CAAC,CAAC;IACrD,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,GAAG,CAAC,EAAE,CAAC,CAAC;IACR,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1C,GAAG,CAAC,EAAE,CAAC,CAAC;IAER,IAAI,qBAAqB,EAAE,CAAC;QAC1B,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3B,GAAG,CAAC,uDAAuD,CAAC,CAAC;QAC7D,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3B,GAAG,CAAC,EAAE,CAAC,CAAC;QACR,GAAG,CAAC,uBAAuB,CAAC,CAAC;QAC7B,GAAG,CAAC,uBAAuB,CAAC,CAAC;QAC7B,GAAG,CACD,2EAA2E,CAC5E,CAAC;QACF,GAAG,CAAC,sCAAsC,CAAC,CAAC;QAC5C,GAAG,CAAC,EAAE,CAAC,CAAC;IACV,CAAC;IAED,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACzB,GAAG,CAAC,EAAE,CAAC,CAAC;AACV,CAAC;AAED,8EAA8E;AAC9E,qDAAqD;AACrD,8EAA8E;AAE9E,SAAS,mBAAmB,CAC1B,GAA0B,EAC1B,OAAe,EACf,OAAe,EACf,UAAsB;IAEtB,MAAM,WAAW,GAAG,iBAAiB,CAAC;QACpC,OAAO;QACP,OAAO;QACP,UAAU;QACV,WAAW,EAAE,EAAE;QACf,kBAAkB,EAAE,EAAE;QACtB,gBAAgB,EAAE,EAAE;KACrB,CAAC,CAAC;IAEH,GAAG,CAAC,EAAE,CAAC,CAAC;IACR,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,GAAG,CAAC,+CAA+C,CAAC,CAAC;IACrD,GAAG,CAAC,yDAAyD,CAAC,CAAC;IAC/D,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,GAAG,CAAC,EAAE,CAAC,CAAC;IACR,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1C,GAAG,CAAC,EAAE,CAAC,CAAC;AACV,CAAC;AAED,8EAA8E;AAC9E,iDAAiD;AACjD,8EAA8E;AAE9E,MAAM,UAAU,cAAc,CAAC,IAAc;IAC3C,MAAM,IAAI,GAAiB,EAAE,CAAC;IAE9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,KAAK,YAAY,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACxC,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YACtB,IAAI,GAAG;gBAAE,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC;QAC9B,CAAC;aAAM,IAAI,GAAG,KAAK,oBAAoB,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACvD,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YACtB,IAAI,GAAG;gBAAE,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC;QACtC,CAAC;aAAM,IAAI,GAAG,KAAK,mBAAmB,EAAE,CAAC;YACvC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,iEAAiE;IACjE,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QACzC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/tools.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import type { ExecuteInput, ExecuteOutput, ExecuteApprovalOutput, ApprovalRequestInput, ApprovalRequestOutput, ApprovalCommitInput, ApprovalCommitOutput, ConnectionsListOutput, ConnectionRevokeInput, ConnectionRevokeOutput } from "./types.js";
+import { VaultClient } from "./client.js";
+/**
+ * Executes an operation via the Vault's Model B brokered proxy.
+ * Returns the execution result or approval requirement.
+ */
+export declare function execute(client: VaultClient, input: ExecuteInput): Promise<ExecuteOutput | ExecuteApprovalOutput>;
+/**
+ * Creates a step-up approval request.
+ * The user must approve before the action is executed.
+ */
+export declare function approvalRequest(client: VaultClient, input: ApprovalRequestInput): Promise<ApprovalRequestOutput>;
+/**
+ * Polls approval status until approved/denied/expired or timeout.
+ * On approval, the caller should re-submit the original request
+ * with the approvalId to execute it.
+ */
+export declare function approvalCommit(client: VaultClient, input: ApprovalCommitInput, pollTimeoutMs?: number, pollIntervalMs?: number): Promise<ApprovalCommitOutput>;
+/**
+ * Lists all connections for the current workspace.
+ */
+export declare function connectionsList(client: VaultClient): Promise<ConnectionsListOutput>;
+/**
+ * Revokes a connection immediately.
+ */
+export declare function connectionRevoke(client: VaultClient, input: ConnectionRevokeInput): Promise<ConnectionRevokeOutput>;
+//# sourceMappingURL=tools.d.ts.map

package/dist/tools.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,YAAY,EACZ,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,sBAAsB,EAEvB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,WAAW,EAAiB,MAAM,aAAa,CAAC;AAKzD;;;GAGG;AACH,wBAAsB,OAAO,CAC3B,MAAM,EAAE,WAAW,EACnB,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,aAAa,GAAG,qBAAqB,CAAC,CAyChD;AAED;;;GAGG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,WAAW,EACnB,KAAK,EAAE,oBAAoB,GAC1B,OAAO,CAAC,qBAAqB,CAAC,CA2BhC;AAED;;;;GAIG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,WAAW,EACnB,KAAK,EAAE,mBAAmB,EAC1B,aAAa,GAAE,MAAgC,EAC/C,cAAc,GAAE,MAAiC,GAChD,OAAO,CAAC,oBAAoB,CAAC,CAoD/B;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,WAAW,GAClB,OAAO,CAAC,qBAAqB,CAAC,CAOhC;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,WAAW,EACnB,KAAK,EAAE,qBAAqB,GAC3B,OAAO,CAAC,sBAAsB,CAAC,CAejC"}