npm - @agentlang/agentmanager - Versions diffs - 0.0.3 - Mend

@agentlang/agentmanager 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (507) hide show

package/apps/integrations/src/modules/providers/base/api-key.provider.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import {
+  AuthCompleteParams,
+  AuthCompleteResult,
+  AuthInitiateParams,
+  AuthInitiateResult,
+  IntegrationProvider,
+  ProviderMetadata,
+  TokenSet,
+} from '../provider.types';
+export class ApiKeyProvider implements IntegrationProvider {
+  public constructor(public readonly metadata: ProviderMetadata) {}
+  public initiateAuth(params: AuthInitiateParams): Promise<AuthInitiateResult> {
+    return Promise.resolve({
+      authorizeUrl: '',
+      connectionId: params.connectionId,
+      state: params.state ?? '',
+    });
+  }
+  public completeAuth(params: AuthCompleteParams): Promise<AuthCompleteResult> {
+    const tokenSet: TokenSet = {
+      accessToken: params.code,
+      tokenType: 'api_key',
+    };
+    return Promise.resolve({
+      connectionId: params.connectionId,
+      tokenSet,
+    });
+  }
+  public refreshToken(): Promise<TokenSet> {
+    return Promise.reject(
+      new Error('API key providers do not support token refresh'),
+    );
+  }
+  public revokeToken(): Promise<void> {
+    return Promise.resolve();
+  }
+}

package/apps/integrations/src/modules/providers/base/basic-auth.provider.ts ADDED Viewed

@@ -0,0 +1,44 @@
+import {
+  AuthCompleteParams,
+  AuthCompleteResult,
+  AuthInitiateParams,
+  AuthInitiateResult,
+  IntegrationProvider,
+  ProviderMetadata,
+  TokenSet,
+} from '../provider.types';
+export class BasicAuthProvider implements IntegrationProvider {
+  public constructor(public readonly metadata: ProviderMetadata) {}
+  public initiateAuth(params: AuthInitiateParams): Promise<AuthInitiateResult> {
+    return Promise.resolve({
+      authorizeUrl: '',
+      connectionId: params.connectionId,
+      state: params.state ?? '',
+    });
+  }
+  public completeAuth(params: AuthCompleteParams): Promise<AuthCompleteResult> {
+    const encoded = Buffer.from(params.code).toString('base64');
+    const tokenSet: TokenSet = {
+      accessToken: encoded,
+      tokenType: 'basic',
+    };
+    return Promise.resolve({
+      connectionId: params.connectionId,
+      tokenSet,
+    });
+  }
+  public refreshToken(): Promise<TokenSet> {
+    return Promise.reject(
+      new Error('Basic auth providers do not support token refresh'),
+    );
+  }
+  public revokeToken(): Promise<void> {
+    return Promise.resolve();
+  }
+}

package/apps/integrations/src/modules/providers/base/oauth2.provider.ts ADDED Viewed

@@ -0,0 +1,233 @@
+import { createHash, randomBytes } from 'node:crypto';
+import {
+  ResilientFetchOptions,
+  resilientFetch,
+} from '../../platform/resilient-fetch';
+import {
+  AuthCompleteParams,
+  AuthCompleteResult,
+  AuthInitiateParams,
+  AuthInitiateResult,
+  IntegrationProvider,
+  OAuth2Config,
+  ProviderMetadata,
+  TokenSet,
+} from '../provider.types';
+export class OAuth2Provider implements IntegrationProvider {
+  public constructor(
+    public readonly metadata: ProviderMetadata,
+    protected readonly fetchOptions?: ResilientFetchOptions,
+  ) {}
+  private get oauth2Config(): OAuth2Config {
+    if (!this.metadata.oauth2) {
+      throw new Error(
+        `Provider ${this.metadata.id} missing OAuth2 configuration`,
+      );
+    }
+    return this.metadata.oauth2;
+  }
+  public initiateAuth(params: AuthInitiateParams): Promise<AuthInitiateResult> {
+    const config = this.oauth2Config;
+    const state = params.state ?? randomBytes(32).toString('hex');
+    const scopes =
+      params.scopes ?? this.metadata.defaultScopes?.map((s) => s.name) ?? [];
+    const url = new URL(config.authorizeUrl);
+    url.searchParams.set('client_id', params.clientId);
+    url.searchParams.set('redirect_uri', params.redirectUri);
+    url.searchParams.set('response_type', 'code');
+    url.searchParams.set('state', state);
+    if (scopes.length > 0) {
+      url.searchParams.set('scope', scopes.join(' '));
+    }
+    let codeVerifier: string | undefined;
+    if (config.usePkce) {
+      codeVerifier = params.codeVerifier ?? randomBytes(32).toString('hex');
+      const codeChallenge = createHash('sha256')
+        .update(codeVerifier)
+        .digest('base64url');
+      url.searchParams.set('code_challenge', codeChallenge);
+      url.searchParams.set('code_challenge_method', 'S256');
+    }
+    if (config.extraAuthorizeParams) {
+      for (const [key, value] of Object.entries(config.extraAuthorizeParams)) {
+        url.searchParams.set(key, value);
+      }
+    }
+    return Promise.resolve({
+      authorizeUrl: url.toString(),
+      connectionId: params.connectionId,
+      state,
+      codeVerifier,
+    });
+  }
+  public async completeAuth(
+    params: AuthCompleteParams,
+  ): Promise<AuthCompleteResult> {
+    const config = this.oauth2Config;
+    const body = new URLSearchParams({
+      grant_type: 'authorization_code',
+      code: params.code,
+      redirect_uri: params.redirectUri,
+      client_id: params.clientId,
+      client_secret: params.clientSecret,
+    });
+    if (params.codeVerifier) {
+      body.set('code_verifier', params.codeVerifier);
+    }
+    const response = await resilientFetch(
+      config.tokenUrl,
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: body.toString(),
+      },
+      this.fetchOptions,
+    );
+    if (!response.ok) {
+      const errorBody = await response.text();
+      throw new Error(`Token exchange failed: ${response.status} ${errorBody}`);
+    }
+    const data = (await response.json()) as Record<string, unknown>;
+    const tokenSet = this.mapTokenResponse(data);
+    return {
+      connectionId: params.connectionId,
+      tokenSet,
+    };
+  }
+  public async refreshToken(
+    refreshToken: string,
+    clientId: string,
+    clientSecret: string,
+  ): Promise<TokenSet> {
+    const config = this.oauth2Config;
+    const body = new URLSearchParams({
+      grant_type: 'refresh_token',
+      refresh_token: refreshToken,
+      client_id: clientId,
+      client_secret: clientSecret,
+    });
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/x-www-form-urlencoded',
+    };
+    if (config.refreshMethod === 'header') {
+      const credentials = Buffer.from(`${clientId}:${clientSecret}`).toString(
+        'base64',
+      );
+      headers['Authorization'] = `Basic ${credentials}`;
+    }
+    const response = await resilientFetch(
+      config.tokenUrl,
+      {
+        method: 'POST',
+        headers,
+        body: body.toString(),
+      },
+      this.fetchOptions,
+    );
+    if (!response.ok) {
+      const errorBody = await response.text();
+      throw new Error(`Token refresh failed: ${response.status} ${errorBody}`);
+    }
+    const data = (await response.json()) as Record<string, unknown>;
+    const tokenSet = this.mapTokenResponse(data);
+    if (!tokenSet.refreshToken) {
+      tokenSet.refreshToken = refreshToken;
+    }
+    return tokenSet;
+  }
+  public async revokeToken(
+    token: string,
+    clientId: string,
+    clientSecret: string,
+  ): Promise<void> {
+    const config = this.oauth2Config;
+    if (!config.revokeUrl) {
+      return;
+    }
+    const body = new URLSearchParams({
+      token,
+      client_id: clientId,
+      client_secret: clientSecret,
+    });
+    const response = await resilientFetch(
+      config.revokeUrl,
+      {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: body.toString(),
+      },
+      this.fetchOptions,
+    );
+    if (!response.ok) {
+      throw new Error(
+        `Token revocation failed: ${response.status} ${await response.text()}`,
+      );
+    }
+  }
+  private mapTokenResponse(data: Record<string, unknown>): TokenSet {
+    const mapping = this.oauth2Config.tokenResponseMapping;
+    const getString = (
+      key: string,
+      fallbackKey: string,
+    ): string | undefined => {
+      const mappedKey = mapping?.[key] ?? fallbackKey;
+      const value = data[mappedKey];
+      return typeof value === 'string' ? value : undefined;
+    };
+    const accessToken = getString('accessToken', 'access_token');
+    if (!accessToken) {
+      throw new Error('Token response missing access_token');
+    }
+    const refreshToken = getString('refreshToken', 'refresh_token');
+    const idToken = getString('idToken', 'id_token');
+    const tokenType = getString('tokenType', 'token_type');
+    const scope = getString('scope', 'scope');
+    let expiresAt: number | undefined;
+    const expiresIn = data[mapping?.['expiresIn'] ?? 'expires_in'];
+    if (typeof expiresIn === 'number') {
+      expiresAt = Math.floor(Date.now() / 1000) + expiresIn;
+    }
+    return {
+      accessToken,
+      refreshToken,
+      idToken,
+      tokenType,
+      expiresAt,
+      scope,
+      raw: data,
+    };
+  }
+}

package/apps/integrations/src/modules/providers/base/oidc.provider.ts ADDED Viewed

@@ -0,0 +1,87 @@
+import { ResilientFetchOptions } from '../../platform/resilient-fetch';
+import { OidcDiscoveryService } from '../../discovery/oidc-discovery.service';
+import {
+  AuthCompleteParams,
+  AuthCompleteResult,
+  AuthInitiateParams,
+  AuthInitiateResult,
+  ProviderMetadata,
+  TokenSet,
+} from '../provider.types';
+import { OAuth2Provider } from './oauth2.provider';
+export class OidcProvider extends OAuth2Provider {
+  private discoveryResolved = false;
+  public constructor(
+    metadata: ProviderMetadata,
+    private readonly discoveryService: OidcDiscoveryService,
+    fetchOptions?: ResilientFetchOptions,
+  ) {
+    super(metadata, fetchOptions);
+  }
+  private async ensureDiscovery(): Promise<void> {
+    if (this.discoveryResolved) {
+      return;
+    }
+    const issuerUrl = this.metadata.oidc?.issuerUrl;
+    if (!issuerUrl) {
+      throw new Error(`Provider ${this.metadata.id} missing OIDC issuer URL`);
+    }
+    let doc;
+    try {
+      doc = await this.discoveryService.discover(issuerUrl);
+    } catch (error) {
+      throw new Error(
+        `OIDC discovery failed for provider ${this.metadata.id}: ${String(error)}`,
+      );
+    }
+    if (!this.metadata.oauth2) {
+      (this.metadata as { oauth2: unknown }).oauth2 = {};
+    }
+    const oauth2 = this.metadata.oauth2!;
+    oauth2.authorizeUrl = oauth2.authorizeUrl || doc.authorization_endpoint;
+    oauth2.tokenUrl = oauth2.tokenUrl || doc.token_endpoint;
+    oauth2.revokeUrl = oauth2.revokeUrl || doc.revocation_endpoint;
+    oauth2.userinfoUrl = oauth2.userinfoUrl || doc.userinfo_endpoint;
+    this.discoveryResolved = true;
+  }
+  public override async initiateAuth(
+    params: AuthInitiateParams,
+  ): Promise<AuthInitiateResult> {
+    await this.ensureDiscovery();
+    return super.initiateAuth(params);
+  }
+  public override async completeAuth(
+    params: AuthCompleteParams,
+  ): Promise<AuthCompleteResult> {
+    await this.ensureDiscovery();
+    return super.completeAuth(params);
+  }
+  public override async refreshToken(
+    refreshToken: string,
+    clientId: string,
+    clientSecret: string,
+  ): Promise<TokenSet> {
+    await this.ensureDiscovery();
+    return super.refreshToken(refreshToken, clientId, clientSecret);
+  }
+  public override async revokeToken(
+    token: string,
+    clientId: string,
+    clientSecret: string,
+  ): Promise<void> {
+    await this.ensureDiscovery();
+    return super.revokeToken(token, clientId, clientSecret);
+  }
+}

package/apps/integrations/src/modules/providers/builtin/google-drive.provider.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { ResilientFetchOptions } from '../../platform/resilient-fetch';
+import { AuthStrategy, ProviderMetadata } from '../provider.types';
+import { OAuth2Provider } from '../base/oauth2.provider';
+export function createGoogleDriveProvider(
+  fetchOptions?: ResilientFetchOptions,
+): OAuth2Provider {
+  const metadata: ProviderMetadata = {
+    id: 'google-drive',
+    name: 'Google Drive',
+    description: 'Access files and folders in Google Drive',
+    category: 'storage',
+    authStrategy: AuthStrategy.OAuth2,
+    builtin: true,
+    oauth2: {
+      authorizeUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
+      tokenUrl: 'https://oauth2.googleapis.com/token',
+      revokeUrl: 'https://oauth2.googleapis.com/revoke',
+      userinfoUrl: 'https://openidconnect.googleapis.com/v1/userinfo',
+      usePkce: true,
+      extraAuthorizeParams: {
+        access_type: 'offline',
+        prompt: 'consent',
+      },
+    },
+    defaultScopes: [
+      {
+        name: 'https://www.googleapis.com/auth/drive.readonly',
+        description: 'Read-only access to Google Drive files',
+        required: true,
+      },
+      {
+        name: 'https://www.googleapis.com/auth/drive.metadata.readonly',
+        description: 'Read-only access to file metadata',
+      },
+    ],
+  };
+  return new OAuth2Provider(metadata, fetchOptions);
+}

package/apps/integrations/src/modules/providers/dto/provider.dto.ts ADDED Viewed

@@ -0,0 +1,53 @@
+import { createZodDto } from 'nestjs-zod';
+import { z } from 'zod';
+const AuthStrategySchema = z.enum(['oauth2', 'oidc', 'api_key', 'basic_auth']);
+const ScopeDefinitionSchema = z.object({
+  name: z.string().min(1),
+  description: z.string().optional(),
+  required: z.boolean().optional(),
+});
+const OAuth2ConfigSchema = z.object({
+  authorizeUrl: z.string().url(),
+  tokenUrl: z.string().url(),
+  revokeUrl: z.string().url().optional(),
+  userinfoUrl: z.string().url().optional(),
+  extraAuthorizeParams: z.record(z.string(), z.string()).optional(),
+  tokenResponseMapping: z.record(z.string(), z.string()).optional(),
+  refreshMethod: z.enum(['body', 'header']).optional(),
+  usePkce: z.boolean().optional(),
+});
+const OidcDiscoveryConfigSchema = z.object({
+  issuerUrl: z.string().url(),
+});
+export const CreateProviderSchema = z.object({
+  id: z.string().min(1),
+  name: z.string().min(1),
+  description: z.string().optional(),
+  icon: z.string().optional(),
+  category: z.string().optional(),
+  authStrategy: AuthStrategySchema,
+  oauth2: OAuth2ConfigSchema.optional(),
+  oidc: OidcDiscoveryConfigSchema.optional(),
+  defaultScopes: z.array(ScopeDefinitionSchema).optional(),
+});
+export const UpdateProviderSchema = CreateProviderSchema.omit({
+  id: true,
+}).partial();
+export const DiscoverProviderSchema = z.object({
+  issuerUrl: z.string().url(),
+});
+export class CreateProviderDto extends createZodDto(CreateProviderSchema) {}
+export class UpdateProviderDto extends createZodDto(UpdateProviderSchema) {}
+export class DiscoverProviderDto extends createZodDto(DiscoverProviderSchema) {}
+export type CreateProviderInput = z.infer<typeof CreateProviderSchema>;
+export type UpdateProviderInput = z.infer<typeof UpdateProviderSchema>;
+export type DiscoverProviderInput = z.infer<typeof DiscoverProviderSchema>;

package/apps/integrations/src/modules/providers/provider.factory.ts ADDED Viewed

@@ -0,0 +1,68 @@
+import { Injectable } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { ResilientFetchOptions } from '../platform/resilient-fetch';
+import { OidcDiscoveryService } from '../discovery/oidc-discovery.service';
+import { ApiKeyProvider } from './base/api-key.provider';
+import { BasicAuthProvider } from './base/basic-auth.provider';
+import { OAuth2Provider } from './base/oauth2.provider';
+import { OidcProvider } from './base/oidc.provider';
+import {
+  AuthStrategy,
+  IntegrationProvider,
+  ProviderDefinitionData,
+  ProviderMetadata,
+} from './provider.types';
+import { AppConfiguration } from '../../config/configuration';
+@Injectable()
+export class ProviderFactory {
+  private readonly fetchOptions: ResilientFetchOptions;
+  public constructor(
+    private readonly discoveryService: OidcDiscoveryService,
+    private readonly configService: ConfigService<AppConfiguration>,
+  ) {
+    this.fetchOptions = {
+      timeoutMs: this.configService.get<number>('httpTimeoutMs', {
+        infer: true,
+      }),
+      maxRetries: this.configService.get<number>('httpMaxRetries', {
+        infer: true,
+      }),
+    };
+  }
+  public create(definition: ProviderDefinitionData): IntegrationProvider {
+    const metadata: ProviderMetadata = {
+      id: definition.id,
+      name: definition.name,
+      description: definition.description,
+      icon: definition.icon,
+      category: definition.category,
+      authStrategy: definition.authStrategy,
+      oauth2: definition.oauth2,
+      oidc: definition.oidc,
+      defaultScopes: definition.defaultScopes,
+      builtin: false,
+    };
+    switch (definition.authStrategy) {
+      case AuthStrategy.OAuth2:
+        return new OAuth2Provider(metadata, this.fetchOptions);
+      case AuthStrategy.OIDC:
+        return new OidcProvider(
+          metadata,
+          this.discoveryService,
+          this.fetchOptions,
+        );
+      case AuthStrategy.ApiKey:
+        return new ApiKeyProvider(metadata);
+      case AuthStrategy.BasicAuth:
+        return new BasicAuthProvider(metadata);
+      default:
+        throw new Error(
+          `Unsupported auth strategy: ${String(definition.authStrategy)}`,
+        );
+    }
+  }
+}

package/apps/integrations/src/modules/providers/provider.registry.ts ADDED Viewed

@@ -0,0 +1,123 @@
+import {
+  Inject,
+  Injectable,
+  Logger,
+  NotFoundException,
+  OnModuleInit,
+} from '@nestjs/common';
+import { MetadataStoreService } from '../platform/metadata-store.service';
+import { ProviderFactory } from './provider.factory';
+import {
+  BUILTIN_PROVIDERS,
+  IntegrationProvider,
+  ProviderDefinitionData,
+} from './provider.types';
+@Injectable()
+export class ProviderRegistry implements OnModuleInit {
+  private readonly logger = new Logger(ProviderRegistry.name);
+  private readonly providers = new Map<string, IntegrationProvider>();
+  public constructor(
+    @Inject(BUILTIN_PROVIDERS)
+    private readonly builtinProviders: IntegrationProvider[],
+    private readonly metadataStore: MetadataStoreService,
+    private readonly factory: ProviderFactory,
+  ) {}
+  public async onModuleInit() {
+    for (const provider of this.builtinProviders) {
+      this.providers.set(provider.metadata.id, provider);
+      this.logger.log(`Registered builtin provider: ${provider.metadata.id}`);
+    }
+    await this.refreshDbProviders();
+  }
+  public get(id: string): IntegrationProvider {
+    const provider = this.providers.get(id);
+    if (!provider) {
+      throw new NotFoundException(`Provider "${id}" not found`);
+    }
+    return provider;
+  }
+  public getAll(): IntegrationProvider[] {
+    return Array.from(this.providers.values());
+  }
+  public async createDefinition(
+    definition: ProviderDefinitionData,
+  ): Promise<ProviderDefinitionData> {
+    const now = new Date().toISOString();
+    const record: ProviderDefinitionData = {
+      ...definition,
+      createdAt: now,
+      updatedAt: now,
+    };
+    await this.metadataStore.upsert('ProviderDefinition', record);
+    await this.refreshDbProviders();
+    return record;
+  }
+  public async updateDefinition(
+    id: string,
+    updates: Partial<ProviderDefinitionData>,
+  ): Promise<ProviderDefinitionData> {
+    const existing = await this.metadataStore.getById('ProviderDefinition', id);
+    if (!existing) {
+      throw new NotFoundException(`Provider definition "${id}" not found`);
+    }
+    const updated: ProviderDefinitionData = {
+      ...(existing as unknown as ProviderDefinitionData),
+      ...updates,
+      id,
+      updatedAt: new Date().toISOString(),
+    };
+    await this.metadataStore.upsert('ProviderDefinition', updated);
+    await this.refreshDbProviders();
+    return updated;
+  }
+  public async removeDefinition(id: string): Promise<boolean> {
+    const removed = await this.metadataStore.remove('ProviderDefinition', id);
+    if (removed) {
+      const builtin = this.builtinProviders.find((p) => p.metadata.id === id);
+      if (!builtin) {
+        this.providers.delete(id);
+      }
+    }
+    return removed;
+  }
+  public async getDefinition(
+    id: string,
+  ): Promise<ProviderDefinitionData | null> {
+    const record = await this.metadataStore.getById('ProviderDefinition', id);
+    return record as unknown as ProviderDefinitionData | null;
+  }
+  public async refreshDbProviders(): Promise<void> {
+    const records = await this.metadataStore.list('ProviderDefinition');
+    const builtinIds = new Set(this.builtinProviders.map((p) => p.metadata.id));
+    for (const record of records) {
+      const definition = record as unknown as ProviderDefinitionData;
+      if (builtinIds.has(definition.id)) {
+        continue;
+      }
+      try {
+        const provider = this.factory.create(definition);
+        this.providers.set(definition.id, provider);
+      } catch (error) {
+        this.logger.warn(
+          `Failed to create provider from definition ${definition.id}: ${error}`,
+        );
+      }
+    }
+  }
+}