@agentstep/agent-sdk 0.5.27 → 0.5.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/middleware.js +8 -8
- package/dist/backends/claude/args.js +6 -6
- package/dist/backends/claude/index.js +11 -11
- package/dist/backends/codex/auth.js +6 -6
- package/dist/backends/codex/index.js +10 -10
- package/dist/backends/factory/auth.js +6 -6
- package/dist/backends/factory/index.js +12 -12
- package/dist/backends/gemini/auth.js +6 -6
- package/dist/backends/gemini/index.js +13 -13
- package/dist/backends/opencode/args.js +1 -1
- package/dist/backends/opencode/auth.js +6 -6
- package/dist/backends/opencode/index.js +14 -14
- package/dist/backends/pi/args.js +1 -1
- package/dist/backends/pi/auth.js +6 -6
- package/dist/backends/pi/index.js +11 -11
- package/dist/backends/registry.js +29 -29
- package/dist/{chunk-PZKWZKRP.js → chunk-2KF2TIEY.js} +5 -5
- package/dist/{chunk-GPGBT7JD.js → chunk-3B4JRSYA.js} +5 -5
- package/dist/{chunk-LJNLU5PQ.js → chunk-3NUTTKE5.js} +2 -2
- package/dist/{chunk-MZ6HBYGV.js → chunk-65XY7HRS.js} +7 -7
- package/dist/{chunk-US26CY2Y.js → chunk-6EIONZ7F.js} +2 -2
- package/dist/{chunk-OQ33WLYG.js → chunk-6RRK27I3.js} +3 -3
- package/dist/chunk-6SD6MC2B.js +29 -0
- package/dist/{chunk-ENFWZ2QM.js → chunk-6U6HEVSN.js} +7 -3
- package/dist/{chunk-J7XHNSPO.js → chunk-7JA6HCMK.js} +2 -2
- package/dist/{chunk-7HTCDMOB.js → chunk-7PFDF5PN.js} +7 -7
- package/dist/{chunk-UB7GS7XT.js → chunk-A3FQHVUG.js} +7 -7
- package/dist/{chunk-ZP5QO5BR.js → chunk-ABUNDZCE.js} +1 -1
- package/dist/{chunk-Q62QJXGO.js → chunk-AGIXZFHQ.js} +1 -1
- package/dist/{chunk-ELK5PVI3.js → chunk-AK6HMO7I.js} +8 -8
- package/dist/{chunk-BYUIOMPX.js → chunk-AKGWEACL.js} +23 -23
- package/dist/{chunk-NKOGWVP3.js → chunk-AUEKXYNE.js} +4 -4
- package/dist/{chunk-A6FHXGSI.js → chunk-B24Q4CUC.js} +5 -5
- package/dist/{chunk-SKVAM5H2.js → chunk-B3W3E5CS.js} +1 -1
- package/dist/{chunk-5AV732JY.js → chunk-BKMY6TSV.js} +2 -2
- package/dist/{chunk-H5UBRKRU.js → chunk-C3UXUDZS.js} +4 -4
- package/dist/{chunk-QQGXM2OQ.js → chunk-C7P2TYOG.js} +1 -1
- package/dist/{chunk-VOHHDBIX.js → chunk-CHNJK2KW.js} +2 -2
- package/dist/{chunk-A3MNXVCR.js → chunk-CJIGDJIJ.js} +3 -3
- package/dist/{chunk-BW6OSLW7.js → chunk-CWB2DQN5.js} +14 -6
- package/dist/{chunk-JC2XJBV2.js → chunk-CWVYFBZF.js} +4 -4
- package/dist/{chunk-4ENK7S24.js → chunk-CXYMVLYK.js} +4 -0
- package/dist/{chunk-LDUQ4FHX.js → chunk-DAOKOXGY.js} +17 -17
- package/dist/{chunk-R37QM2U4.js → chunk-DF34ESOO.js} +1 -1
- package/dist/{chunk-GKNBECPD.js → chunk-DZKBUOYU.js} +2 -2
- package/dist/{chunk-XPPOMXTN.js → chunk-EUMA5Q4U.js} +4 -4
- package/dist/{chunk-FC3UAHXM.js → chunk-FDLQ3IUB.js} +1 -1
- package/dist/{chunk-FDL2JHXO.js → chunk-GCT7A5KR.js} +2 -2
- package/dist/{chunk-Z5XQQN7H.js → chunk-HWWFRSAX.js} +4 -4
- package/dist/{chunk-KWG7NGYF.js → chunk-I2RVN7CP.js} +4 -4
- package/dist/{chunk-JCIAIJFF.js → chunk-IC2ETYU5.js} +3 -3
- package/dist/{chunk-3FLQ7KZP.js → chunk-IMJTHYN3.js} +1 -1
- package/dist/{chunk-ISGA4AOC.js → chunk-J6ESQUW6.js} +2 -2
- package/dist/{chunk-Y3V4COP7.js → chunk-J7F2OFWQ.js} +5 -5
- package/dist/chunk-J7VBHBXL.js +210 -0
- package/dist/{chunk-A4GJADRQ.js → chunk-JF777FWD.js} +2 -2
- package/dist/{chunk-IDQKHWWN.js → chunk-JFHYXFAL.js} +1 -1
- package/dist/{chunk-ZTHH374G.js → chunk-JMDV55BV.js} +2 -2
- package/dist/{chunk-WG3N6VUA.js → chunk-JN3DHH7Z.js} +11 -11
- package/dist/{chunk-MYRTMYTN.js → chunk-JNLVQGSH.js} +6 -6
- package/dist/{chunk-FQQ2R6FA.js → chunk-JNSJKHYX.js} +1 -1
- package/dist/{chunk-TJORQTH6.js → chunk-KGOOCFQY.js} +1 -1
- package/dist/chunk-KLGAE7V4.js +108 -0
- package/dist/{chunk-VEPT2NDJ.js → chunk-KSL2D4AD.js} +3 -3
- package/dist/{chunk-MNW6D7T4.js → chunk-M72ERPMT.js} +1 -1
- package/dist/{chunk-IC5ZTBAW.js → chunk-MUARVVXF.js} +3 -3
- package/dist/{chunk-G6XFFNCQ.js → chunk-N7XSXI5O.js} +18 -18
- package/dist/{chunk-NOW46DBT.js → chunk-NLJK7FEN.js} +3 -3
- package/dist/{chunk-BRULBMRN.js → chunk-NSUVDKNC.js} +3 -3
- package/dist/{chunk-IS6CQPAQ.js → chunk-OEFJPZYH.js} +3 -3
- package/dist/{chunk-P56WU3UT.js → chunk-PDWLVL34.js} +8 -5
- package/dist/{chunk-I2WVMCYN.js → chunk-PWLWDWRL.js} +1 -1
- package/dist/{chunk-JTGISCYV.js → chunk-QCGIYXN4.js} +1 -1
- package/dist/{chunk-6B66DQAS.js → chunk-QGPHATO3.js} +2 -2
- package/dist/{chunk-YS3W5AQA.js → chunk-REHIJQUD.js} +9 -9
- package/dist/{chunk-2K3UO6TC.js → chunk-RES4BCTF.js} +4 -4
- package/dist/{chunk-HDLPEXWS.js → chunk-S5CMAWEC.js} +20 -0
- package/dist/{chunk-KD5Y4XSU.js → chunk-S6HILC3F.js} +2 -2
- package/dist/{chunk-CBPO2P4I.js → chunk-SAI6LBXW.js} +2 -2
- package/dist/{chunk-EY7LWGRO.js → chunk-SDTRWSGF.js} +51 -14
- package/dist/{chunk-CG2VA2YP.js → chunk-SHUFUWAB.js} +61 -4
- package/dist/{chunk-YMKQJY5F.js → chunk-SIO4LO2M.js} +1 -1
- package/dist/{chunk-IITCQTBZ.js → chunk-T2PXAQND.js} +1 -1
- package/dist/{chunk-HPL2MQGY.js → chunk-T3TNJHED.js} +6 -6
- package/dist/{chunk-SBYBNAOU.js → chunk-TKFAWQD7.js} +2 -2
- package/dist/{chunk-D3LKWVPA.js → chunk-TTDMQ54U.js} +2 -2
- package/dist/{chunk-CPCGFE75.js → chunk-TTZGQIQS.js} +1 -1
- package/dist/{chunk-GNXIA5WC.js → chunk-TVV7AE3G.js} +2 -2
- package/dist/{chunk-2REGK4VO.js → chunk-U4SVWPLC.js} +11 -11
- package/dist/{chunk-5BA36MSQ.js → chunk-UMXXZ6OX.js} +1 -1
- package/dist/{chunk-HQQWAVL6.js → chunk-UNO3TSAT.js} +1 -1
- package/dist/{chunk-MGSVPAVF.js → chunk-USSUE7J2.js} +5 -5
- package/dist/{chunk-WHTGWLGJ.js → chunk-UTGP4X74.js} +1 -1
- package/dist/{chunk-XMZQW5G5.js → chunk-V5RHOS43.js} +8 -8
- package/dist/{chunk-Z2AVP3QL.js → chunk-VB6GGRIA.js} +16 -3
- package/dist/{chunk-RSXTLOY3.js → chunk-VY5XWTW7.js} +1 -1
- package/dist/{chunk-VVCRJ46V.js → chunk-WEUPM3IN.js} +4 -4
- package/dist/{chunk-RZHIYTI3.js → chunk-WK33IBKY.js} +10 -1
- package/dist/{chunk-I2GML5Z7.js → chunk-XOWRUT4X.js} +2 -2
- package/dist/{chunk-AZLZOG5N.js → chunk-XYNEAJDF.js} +1 -1
- package/dist/{chunk-K7Y3EAGL.js → chunk-Y5RNFM44.js} +2 -2
- package/dist/{chunk-GSDVHR43.js → chunk-YJCH35J4.js} +5 -3
- package/dist/{chunk-T77N7C3M.js → chunk-YKPRNV6J.js} +2 -2
- package/dist/chunk-YOZ6WDP3.js +103 -0
- package/dist/{chunk-7DPZMROX.js → chunk-YRFWPBGX.js} +2 -2
- package/dist/{chunk-F5SHFZUA.js → chunk-YTBVILAH.js} +1 -1
- package/dist/{chunk-IPTEXVQG.js → chunk-Z5IENUYV.js} +3 -3
- package/dist/{chunk-MQSTE4WH.js → chunk-ZBWKJ42J.js} +3 -3
- package/dist/{chunk-GBJ3OT4D.js → chunk-ZC7OR65K.js} +7 -5
- package/dist/{chunk-7U62OZSD.js → chunk-ZDDMPGN4.js} +2 -2
- package/dist/{chunk-5DFZE5OJ.js → chunk-ZPKQT6X2.js} +16 -6
- package/dist/{chunk-SX34YV6L.js → chunk-ZV5Y5JBE.js} +2 -2
- package/dist/config/index.js +5 -5
- package/dist/containers/client.js +6 -6
- package/dist/containers/exec.js +6 -6
- package/dist/containers/lifecycle.js +41 -41
- package/dist/containers/setup.js +9 -9
- package/dist/db/agents.js +6 -6
- package/dist/db/api_keys.js +5 -5
- package/dist/db/audit.js +3 -3
- package/dist/db/batch.js +10 -10
- package/dist/db/client.js +2 -2
- package/dist/db/credentials.js +5 -3
- package/dist/db/drizzle.js +4 -4
- package/dist/db/environments.js +6 -6
- package/dist/db/events.js +5 -5
- package/dist/db/files.js +5 -5
- package/dist/db/memory.js +5 -5
- package/dist/db/migrations.js +1 -1
- package/dist/db/proxy.js +5 -5
- package/dist/db/schema.js +1 -1
- package/dist/db/session-resources.js +5 -5
- package/dist/db/sessions.js +8 -8
- package/dist/db/skills.js +5 -5
- package/dist/db/sync.js +5 -5
- package/dist/db/tenants.js +3 -3
- package/dist/db/threads.js +7 -7
- package/dist/db/traces.js +5 -5
- package/dist/db/upstream_keys.js +3 -3
- package/dist/db/user-profiles.js +17 -0
- package/dist/db/vaults.js +6 -6
- package/dist/db/work.js +5 -5
- package/dist/dreaming/review.js +11 -11
- package/dist/handlers/agents.js +58 -57
- package/dist/handlers/api_keys.js +59 -58
- package/dist/handlers/audit.js +59 -58
- package/dist/handlers/batch.js +59 -58
- package/dist/handlers/credentials.js +61 -58
- package/dist/handlers/enrollment.js +103 -0
- package/dist/handlers/environments.js +59 -58
- package/dist/handlers/events.js +62 -61
- package/dist/handlers/files.js +59 -58
- package/dist/handlers/index.js +145 -126
- package/dist/handlers/license.js +58 -57
- package/dist/handlers/memory.js +60 -59
- package/dist/handlers/metrics.js +58 -57
- package/dist/handlers/models.js +59 -58
- package/dist/handlers/openapi.js +3 -3
- package/dist/handlers/providers.js +58 -57
- package/dist/handlers/resources.js +58 -57
- package/dist/handlers/sessions.js +62 -61
- package/dist/handlers/settings.js +58 -57
- package/dist/handlers/skills-write.js +59 -58
- package/dist/handlers/skills.js +59 -58
- package/dist/handlers/stream.js +58 -57
- package/dist/handlers/tenants.js +59 -58
- package/dist/handlers/threads.js +59 -58
- package/dist/handlers/traces.js +59 -58
- package/dist/handlers/upstream_keys.js +61 -60
- package/dist/handlers/user-profiles.js +107 -0
- package/dist/handlers/vaults.js +58 -57
- package/dist/handlers/whoami.js +58 -57
- package/dist/handlers/work.js +59 -58
- package/dist/http.js +57 -56
- package/dist/index.js +68 -67
- package/dist/init.js +54 -53
- package/dist/lib/model-registry.js +6 -6
- package/dist/lib/skills-cache.js +6 -6
- package/dist/observability/otlp.js +12 -12
- package/dist/observability/redactor.js +8 -8
- package/dist/openapi/schemas.js +1 -1
- package/dist/openapi/spec.js +2 -2
- package/dist/providers/fly.js +5 -5
- package/dist/providers/modal.js +5 -5
- package/dist/providers/registry.js +6 -6
- package/dist/providers/resolve-secrets.js +7 -7
- package/dist/providers/sprites.js +7 -7
- package/dist/providers/upstream-keys.js +12 -12
- package/dist/providers/vercel.js +6 -6
- package/dist/proxy/forward.js +6 -6
- package/dist/queue/index.js +6 -6
- package/dist/sessions/bus.js +10 -10
- package/dist/sessions/driver.js +47 -46
- package/dist/sessions/grader.js +5 -5
- package/dist/sessions/secrets.js +9 -8
- package/dist/sessions/sweeper.js +42 -42
- package/dist/sessions/threads.js +55 -47
- package/dist/shutdown.js +43 -43
- package/dist/sync/anthropic.js +10 -10
- package/dist/sync/container-file-sync.js +6 -6
- package/dist/sync/file-sync.js +17 -17
- package/dist/workers/runner.js +49 -48
- package/package.json +1 -1
- package/dist/chunk-6KWJASEO.js +0 -21
- package/dist/{dist-EY25RQ2S.js → dist-3ZD3ELTH.js} +3 -3
|
@@ -1,19 +1,20 @@
|
|
|
1
1
|
import {
|
|
2
2
|
loadVaultForCaller
|
|
3
|
-
} from "./chunk-
|
|
3
|
+
} from "./chunk-CWVYFBZF.js";
|
|
4
4
|
import {
|
|
5
5
|
jsonOk,
|
|
6
6
|
paginatedOk,
|
|
7
7
|
routeWrap
|
|
8
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-XOWRUT4X.js";
|
|
9
9
|
import {
|
|
10
10
|
archiveCredential,
|
|
11
11
|
createCredential,
|
|
12
12
|
deleteCredential,
|
|
13
13
|
getCredential,
|
|
14
|
+
getRefreshConfig,
|
|
14
15
|
listCredentials,
|
|
15
16
|
updateCredential
|
|
16
|
-
} from "./chunk-
|
|
17
|
+
} from "./chunk-WK33IBKY.js";
|
|
17
18
|
import {
|
|
18
19
|
badRequest,
|
|
19
20
|
conflict,
|
|
@@ -207,6 +208,61 @@ function handleDeleteCredential(request, vaultId, credentialId) {
|
|
|
207
208
|
return jsonOk({ id: credentialId, type: "vault_credential_deleted" });
|
|
208
209
|
});
|
|
209
210
|
}
|
|
211
|
+
function handleMcpOauthValidate(request, vaultId, credentialId) {
|
|
212
|
+
return routeWrap(request, async ({ auth }) => {
|
|
213
|
+
loadVaultForCaller(auth, vaultId);
|
|
214
|
+
const cred = getCredential(credentialId);
|
|
215
|
+
if (!cred || cred.vault_id !== vaultId) throw notFound(`credential not found: ${credentialId}`);
|
|
216
|
+
if (cred.auth.type !== "mcp_oauth") {
|
|
217
|
+
throw badRequest("credential is not mcp_oauth type");
|
|
218
|
+
}
|
|
219
|
+
const config = getRefreshConfig(credentialId);
|
|
220
|
+
if (!config) throw badRequest("credential has no refresh configuration");
|
|
221
|
+
const body = new URLSearchParams({
|
|
222
|
+
grant_type: "refresh_token",
|
|
223
|
+
client_id: config.client_id,
|
|
224
|
+
refresh_token: config.refresh_token,
|
|
225
|
+
...config.scope ? { scope: config.scope } : {}
|
|
226
|
+
});
|
|
227
|
+
const headers = {
|
|
228
|
+
"Content-Type": "application/x-www-form-urlencoded"
|
|
229
|
+
};
|
|
230
|
+
if (config.token_endpoint_auth?.type === "client_secret_basic") {
|
|
231
|
+
headers.Authorization = `Basic ${btoa(`${config.client_id}:${config.token_endpoint_auth.client_secret}`)}`;
|
|
232
|
+
} else if (config.token_endpoint_auth?.client_secret) {
|
|
233
|
+
body.set("client_secret", config.token_endpoint_auth.client_secret);
|
|
234
|
+
}
|
|
235
|
+
try {
|
|
236
|
+
const res = await fetch(config.token_endpoint, {
|
|
237
|
+
method: "POST",
|
|
238
|
+
headers,
|
|
239
|
+
body: body.toString(),
|
|
240
|
+
signal: AbortSignal.timeout(15e3)
|
|
241
|
+
});
|
|
242
|
+
if (res.ok) {
|
|
243
|
+
return jsonOk({
|
|
244
|
+
type: "mcp_oauth_validation_result",
|
|
245
|
+
credential_id: credentialId,
|
|
246
|
+
valid: true
|
|
247
|
+
});
|
|
248
|
+
}
|
|
249
|
+
const errText = await res.text().catch(() => "");
|
|
250
|
+
return jsonOk({
|
|
251
|
+
type: "mcp_oauth_validation_result",
|
|
252
|
+
credential_id: credentialId,
|
|
253
|
+
valid: false,
|
|
254
|
+
error: `token endpoint returned ${res.status}: ${errText.slice(0, 200)}`
|
|
255
|
+
});
|
|
256
|
+
} catch (err) {
|
|
257
|
+
return jsonOk({
|
|
258
|
+
type: "mcp_oauth_validation_result",
|
|
259
|
+
credential_id: credentialId,
|
|
260
|
+
valid: false,
|
|
261
|
+
error: err instanceof Error ? err.message : "token endpoint unreachable"
|
|
262
|
+
});
|
|
263
|
+
}
|
|
264
|
+
});
|
|
265
|
+
}
|
|
210
266
|
|
|
211
267
|
export {
|
|
212
268
|
handleCreateCredential,
|
|
@@ -214,5 +270,6 @@ export {
|
|
|
214
270
|
handleGetCredential,
|
|
215
271
|
handleUpdateCredential,
|
|
216
272
|
handleArchiveCredential,
|
|
217
|
-
handleDeleteCredential
|
|
273
|
+
handleDeleteCredential,
|
|
274
|
+
handleMcpOauthValidate
|
|
218
275
|
};
|
|
@@ -6,29 +6,29 @@ import {
|
|
|
6
6
|
reconcileDockerOrphanSandboxes,
|
|
7
7
|
reconcileOrphanSandboxes,
|
|
8
8
|
releaseSession
|
|
9
|
-
} from "./chunk-
|
|
9
|
+
} from "./chunk-U4SVWPLC.js";
|
|
10
10
|
import {
|
|
11
11
|
appendEvent,
|
|
12
12
|
dropEmitter
|
|
13
|
-
} from "./chunk-
|
|
13
|
+
} from "./chunk-RES4BCTF.js";
|
|
14
14
|
import {
|
|
15
15
|
archiveSession,
|
|
16
16
|
getSessionRow,
|
|
17
17
|
listIdleSessions,
|
|
18
18
|
updateSessionStatus
|
|
19
|
-
} from "./chunk-
|
|
19
|
+
} from "./chunk-ZC7OR65K.js";
|
|
20
20
|
import {
|
|
21
21
|
tryResolveProvider
|
|
22
|
-
} from "./chunk-
|
|
22
|
+
} from "./chunk-C7P2TYOG.js";
|
|
23
23
|
import {
|
|
24
24
|
getEnvironment
|
|
25
|
-
} from "./chunk-
|
|
25
|
+
} from "./chunk-NSUVDKNC.js";
|
|
26
26
|
import {
|
|
27
27
|
expireWarm
|
|
28
28
|
} from "./chunk-G7KUVNDY.js";
|
|
29
29
|
import {
|
|
30
30
|
getConfig
|
|
31
|
-
} from "./chunk-
|
|
31
|
+
} from "./chunk-6EIONZ7F.js";
|
|
32
32
|
import {
|
|
33
33
|
init_clock,
|
|
34
34
|
nowMs
|
|
@@ -8,14 +8,14 @@ import {
|
|
|
8
8
|
import {
|
|
9
9
|
jsonOk,
|
|
10
10
|
routeWrap
|
|
11
|
-
} from "./chunk-
|
|
11
|
+
} from "./chunk-XOWRUT4X.js";
|
|
12
12
|
import {
|
|
13
13
|
snapshotApiMetrics
|
|
14
14
|
} from "./chunk-D2XITRN6.js";
|
|
15
15
|
import {
|
|
16
16
|
getDb,
|
|
17
17
|
init_client
|
|
18
|
-
} from "./chunk-
|
|
18
|
+
} from "./chunk-AGIXZFHQ.js";
|
|
19
19
|
import {
|
|
20
20
|
badRequest
|
|
21
21
|
} from "./chunk-EZYKRG4W.js";
|
|
@@ -10,10 +10,10 @@ import {
|
|
|
10
10
|
import {
|
|
11
11
|
getDrizzle,
|
|
12
12
|
init_drizzle
|
|
13
|
-
} from "./chunk-
|
|
13
|
+
} from "./chunk-ZDDMPGN4.js";
|
|
14
14
|
import {
|
|
15
15
|
schema_exports
|
|
16
|
-
} from "./chunk-
|
|
16
|
+
} from "./chunk-CXYMVLYK.js";
|
|
17
17
|
|
|
18
18
|
// src/db/skills.ts
|
|
19
19
|
init_drizzle();
|
|
@@ -10,10 +10,10 @@ import {
|
|
|
10
10
|
import {
|
|
11
11
|
getDrizzle,
|
|
12
12
|
init_drizzle
|
|
13
|
-
} from "./chunk-
|
|
13
|
+
} from "./chunk-ZDDMPGN4.js";
|
|
14
14
|
import {
|
|
15
15
|
schema_exports
|
|
16
|
-
} from "./chunk-
|
|
16
|
+
} from "./chunk-CXYMVLYK.js";
|
|
17
17
|
|
|
18
18
|
// src/db/memory.ts
|
|
19
19
|
init_drizzle();
|
|
@@ -1,21 +1,21 @@
|
|
|
1
|
-
import {
|
|
2
|
-
resolveVaultSecrets
|
|
3
|
-
} from "./chunk-FQQ2R6FA.js";
|
|
4
1
|
import {
|
|
5
2
|
dockerProvider
|
|
6
3
|
} from "./chunk-4XXQAVKE.js";
|
|
4
|
+
import {
|
|
5
|
+
resolveVaultSecrets
|
|
6
|
+
} from "./chunk-JNSJKHYX.js";
|
|
7
7
|
import {
|
|
8
8
|
appendEvent
|
|
9
|
-
} from "./chunk-
|
|
9
|
+
} from "./chunk-RES4BCTF.js";
|
|
10
10
|
import {
|
|
11
11
|
getSession,
|
|
12
12
|
getSessionRow,
|
|
13
13
|
setSessionSandbox
|
|
14
|
-
} from "./chunk-
|
|
14
|
+
} from "./chunk-ZC7OR65K.js";
|
|
15
15
|
import {
|
|
16
16
|
deleteSprite,
|
|
17
17
|
listSprites
|
|
18
|
-
} from "./chunk-
|
|
18
|
+
} from "./chunk-XYNEAJDF.js";
|
|
19
19
|
import {
|
|
20
20
|
allSessionSandboxes,
|
|
21
21
|
countInEnv,
|
|
@@ -25,12 +25,12 @@ import {
|
|
|
25
25
|
import {
|
|
26
26
|
resolveProvider,
|
|
27
27
|
tryResolveProvider
|
|
28
|
-
} from "./chunk-
|
|
28
|
+
} from "./chunk-C7P2TYOG.js";
|
|
29
29
|
import {
|
|
30
30
|
getEnvironment,
|
|
31
31
|
getEnvironmentRow,
|
|
32
32
|
listEnvironments
|
|
33
|
-
} from "./chunk-
|
|
33
|
+
} from "./chunk-NSUVDKNC.js";
|
|
34
34
|
import {
|
|
35
35
|
addWarm,
|
|
36
36
|
claimWarm,
|
|
@@ -41,13 +41,13 @@ import {
|
|
|
41
41
|
} from "./chunk-G7KUVNDY.js";
|
|
42
42
|
import {
|
|
43
43
|
getAgent
|
|
44
|
-
} from "./chunk-
|
|
44
|
+
} from "./chunk-6U6HEVSN.js";
|
|
45
45
|
import {
|
|
46
46
|
resolveBackend
|
|
47
|
-
} from "./chunk-
|
|
47
|
+
} from "./chunk-V5RHOS43.js";
|
|
48
48
|
import {
|
|
49
49
|
getConfig
|
|
50
|
-
} from "./chunk-
|
|
50
|
+
} from "./chunk-6EIONZ7F.js";
|
|
51
51
|
import {
|
|
52
52
|
init_clock,
|
|
53
53
|
nowMs
|
|
@@ -6,7 +6,7 @@ import {
|
|
|
6
6
|
} from "./chunk-23UKWXJH.js";
|
|
7
7
|
import {
|
|
8
8
|
recordAudit
|
|
9
|
-
} from "./chunk-
|
|
9
|
+
} from "./chunk-FDLQ3IUB.js";
|
|
10
10
|
import {
|
|
11
11
|
COMMUNITY_LIMITS,
|
|
12
12
|
hasFeature,
|
|
@@ -15,7 +15,7 @@ import {
|
|
|
15
15
|
import {
|
|
16
16
|
jsonOk,
|
|
17
17
|
routeWrap
|
|
18
|
-
} from "./chunk-
|
|
18
|
+
} from "./chunk-XOWRUT4X.js";
|
|
19
19
|
import {
|
|
20
20
|
createApiKey,
|
|
21
21
|
getApiKeyById,
|
|
@@ -23,14 +23,14 @@ import {
|
|
|
23
23
|
listApiKeys,
|
|
24
24
|
revokeApiKey,
|
|
25
25
|
updateApiKeyPermissions
|
|
26
|
-
} from "./chunk-
|
|
26
|
+
} from "./chunk-3NUTTKE5.js";
|
|
27
27
|
import {
|
|
28
28
|
listSessionsByApiKey
|
|
29
|
-
} from "./chunk-
|
|
29
|
+
} from "./chunk-ZC7OR65K.js";
|
|
30
30
|
import {
|
|
31
31
|
getDb,
|
|
32
32
|
init_client
|
|
33
|
-
} from "./chunk-
|
|
33
|
+
} from "./chunk-AGIXZFHQ.js";
|
|
34
34
|
import {
|
|
35
35
|
badRequest,
|
|
36
36
|
forbidden,
|
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
import {
|
|
2
2
|
piBackend
|
|
3
|
-
} from "./chunk-
|
|
3
|
+
} from "./chunk-J7F2OFWQ.js";
|
|
4
|
+
import {
|
|
5
|
+
geminiBackend
|
|
6
|
+
} from "./chunk-A3FQHVUG.js";
|
|
4
7
|
import {
|
|
5
8
|
opencodeBackend
|
|
6
|
-
} from "./chunk-
|
|
9
|
+
} from "./chunk-REHIJQUD.js";
|
|
7
10
|
import {
|
|
8
11
|
factoryBackend
|
|
9
|
-
} from "./chunk-
|
|
10
|
-
import {
|
|
11
|
-
geminiBackend
|
|
12
|
-
} from "./chunk-UB7GS7XT.js";
|
|
12
|
+
} from "./chunk-65XY7HRS.js";
|
|
13
13
|
import {
|
|
14
14
|
codexBackend
|
|
15
|
-
} from "./chunk-
|
|
15
|
+
} from "./chunk-WEUPM3IN.js";
|
|
16
16
|
import {
|
|
17
17
|
claudeBackend
|
|
18
|
-
} from "./chunk-
|
|
18
|
+
} from "./chunk-JN3DHH7Z.js";
|
|
19
19
|
|
|
20
20
|
// src/backends/registry.ts
|
|
21
21
|
var BACKENDS = {
|
|
@@ -1,18 +1,31 @@
|
|
|
1
|
+
import {
|
|
2
|
+
getUserProfile
|
|
3
|
+
} from "./chunk-YOZ6WDP3.js";
|
|
1
4
|
import {
|
|
2
5
|
listCredentialsWithTokens
|
|
3
|
-
} from "./chunk-
|
|
6
|
+
} from "./chunk-WK33IBKY.js";
|
|
4
7
|
import {
|
|
5
8
|
listEntries
|
|
6
|
-
} from "./chunk-
|
|
9
|
+
} from "./chunk-MUARVVXF.js";
|
|
7
10
|
|
|
8
11
|
// src/sessions/secrets.ts
|
|
9
|
-
function loadSessionSecrets(vaultIds) {
|
|
12
|
+
function loadSessionSecrets(vaultIds, userProfileId) {
|
|
13
|
+
let credentialAllowlist = null;
|
|
14
|
+
if (userProfileId) {
|
|
15
|
+
const profile = getUserProfile(userProfileId);
|
|
16
|
+
if (profile && profile.trust_grants.length > 0) {
|
|
17
|
+
credentialAllowlist = new Set(
|
|
18
|
+
profile.trust_grants.map((g) => `${g.vault_id}:${g.credential_id}`)
|
|
19
|
+
);
|
|
20
|
+
}
|
|
21
|
+
}
|
|
10
22
|
const secrets = [];
|
|
11
23
|
for (const vid of vaultIds) {
|
|
12
24
|
for (const entry of listEntries(vid)) {
|
|
13
25
|
secrets.push({ key: entry.key, value: entry.value });
|
|
14
26
|
}
|
|
15
27
|
for (const cred of listCredentialsWithTokens(vid)) {
|
|
28
|
+
if (credentialAllowlist && !credentialAllowlist.has(`${vid}:${cred.id}`)) continue;
|
|
16
29
|
if (cred.auth.mcp_server_url) {
|
|
17
30
|
const serverName = deriveServerName(cred.auth.mcp_server_url);
|
|
18
31
|
if (serverName) {
|
|
@@ -4,16 +4,16 @@ import {
|
|
|
4
4
|
import {
|
|
5
5
|
buildCodexAuthEnv,
|
|
6
6
|
validateCodexRuntime
|
|
7
|
-
} from "./chunk-
|
|
7
|
+
} from "./chunk-SIO4LO2M.js";
|
|
8
8
|
import {
|
|
9
9
|
prepareCodexOnSandbox
|
|
10
10
|
} from "./chunk-NMZMRH3E.js";
|
|
11
|
-
import {
|
|
12
|
-
createCodexTranslator
|
|
13
|
-
} from "./chunk-CULYZ3VA.js";
|
|
14
11
|
import {
|
|
15
12
|
CODEX_WRAPPER_PATH
|
|
16
13
|
} from "./chunk-XJYR5HE3.js";
|
|
14
|
+
import {
|
|
15
|
+
createCodexTranslator
|
|
16
|
+
} from "./chunk-CULYZ3VA.js";
|
|
17
17
|
import {
|
|
18
18
|
wrapPromptWithSystem
|
|
19
19
|
} from "./chunk-YE2RMJY7.js";
|
|
@@ -14,7 +14,7 @@ import {
|
|
|
14
14
|
import {
|
|
15
15
|
getDb,
|
|
16
16
|
init_client
|
|
17
|
-
} from "./chunk-
|
|
17
|
+
} from "./chunk-AGIXZFHQ.js";
|
|
18
18
|
|
|
19
19
|
// src/db/credentials.ts
|
|
20
20
|
init_client();
|
|
@@ -130,6 +130,14 @@ function archiveCredential(vaultId, credentialId) {
|
|
|
130
130
|
db.prepare(`UPDATE vault_credentials SET archived_at = ?, updated_at = ? WHERE id = ?`).run(now, now, credentialId);
|
|
131
131
|
return getCredential(credentialId);
|
|
132
132
|
}
|
|
133
|
+
function getRefreshConfig(id) {
|
|
134
|
+
const db = getDb();
|
|
135
|
+
const row = db.prepare(
|
|
136
|
+
`SELECT refresh_config_encrypted, auth_type FROM vault_credentials WHERE id = ?`
|
|
137
|
+
).get(id);
|
|
138
|
+
if (!row || row.auth_type !== "mcp_oauth" || !row.refresh_config_encrypted) return null;
|
|
139
|
+
return JSON.parse(decryptValue(row.refresh_config_encrypted));
|
|
140
|
+
}
|
|
133
141
|
function deleteCredential(id) {
|
|
134
142
|
const db = getDb();
|
|
135
143
|
const res = db.prepare(`DELETE FROM vault_credentials WHERE id = ?`).run(id);
|
|
@@ -144,5 +152,6 @@ export {
|
|
|
144
152
|
listCredentialsWithTokens,
|
|
145
153
|
updateCredential,
|
|
146
154
|
archiveCredential,
|
|
155
|
+
getRefreshConfig,
|
|
147
156
|
deleteCredential
|
|
148
157
|
};
|
|
@@ -4,13 +4,13 @@ import {
|
|
|
4
4
|
} from "./chunk-D2XITRN6.js";
|
|
5
5
|
import {
|
|
6
6
|
authenticateAndIntercept
|
|
7
|
-
} from "./chunk-
|
|
7
|
+
} from "./chunk-CWB2DQN5.js";
|
|
8
8
|
import {
|
|
9
9
|
checkAndBump
|
|
10
10
|
} from "./chunk-HVUWXUUI.js";
|
|
11
11
|
import {
|
|
12
12
|
ensureInitialized
|
|
13
|
-
} from "./chunk-
|
|
13
|
+
} from "./chunk-N7XSXI5O.js";
|
|
14
14
|
import {
|
|
15
15
|
captureException
|
|
16
16
|
} from "./chunk-3MQ2FWXS.js";
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import {
|
|
2
2
|
jsonOk,
|
|
3
3
|
routeWrap
|
|
4
|
-
} from "./chunk-
|
|
4
|
+
} from "./chunk-XOWRUT4X.js";
|
|
5
5
|
import {
|
|
6
6
|
readSetting,
|
|
7
7
|
writeSetting
|
|
8
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-6EIONZ7F.js";
|
|
9
9
|
import {
|
|
10
10
|
badRequest
|
|
11
11
|
} from "./chunk-EZYKRG4W.js";
|
|
@@ -6,12 +6,13 @@ import {
|
|
|
6
6
|
} from "./chunk-FX2AEKOV.js";
|
|
7
7
|
import {
|
|
8
8
|
getConfig
|
|
9
|
-
} from "./chunk-
|
|
9
|
+
} from "./chunk-6EIONZ7F.js";
|
|
10
10
|
|
|
11
11
|
// src/backends/claude/args.ts
|
|
12
12
|
function buildClaudeArgs(input) {
|
|
13
13
|
const cfg = getConfig();
|
|
14
|
-
const
|
|
14
|
+
const policy = input.agent.permission_policy;
|
|
15
|
+
const permissionMode = input.confirmationMode ? "default" : policy ? "default" : "bypassPermissions";
|
|
15
16
|
const argv = [
|
|
16
17
|
"-p",
|
|
17
18
|
"--output-format",
|
|
@@ -42,7 +43,8 @@ Your custom tools are: ${toolList}. Call them by these exact names \u2014 do not
|
|
|
42
43
|
const mcpToolNames = Array.from(tools.customToolNames).map(
|
|
43
44
|
(name) => `mcp__tool-bridge__${name}`
|
|
44
45
|
);
|
|
45
|
-
const
|
|
46
|
+
const policyAllowed = policy?.always_allow ?? [];
|
|
47
|
+
const allAllowed = [...tools.allowedTools, ...mcpToolNames, ...policyAllowed];
|
|
46
48
|
if (allAllowed.length) {
|
|
47
49
|
argv.push("--allowed-tools", allAllowed.join(","));
|
|
48
50
|
}
|
|
@@ -10,10 +10,10 @@ import {
|
|
|
10
10
|
import {
|
|
11
11
|
getDrizzle,
|
|
12
12
|
init_drizzle
|
|
13
|
-
} from "./chunk-
|
|
13
|
+
} from "./chunk-ZDDMPGN4.js";
|
|
14
14
|
import {
|
|
15
15
|
schema_exports
|
|
16
|
-
} from "./chunk-
|
|
16
|
+
} from "./chunk-CXYMVLYK.js";
|
|
17
17
|
|
|
18
18
|
// src/db/files.ts
|
|
19
19
|
init_drizzle();
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
import {
|
|
2
|
+
init_ids,
|
|
3
|
+
newId
|
|
4
|
+
} from "./chunk-F4WUVOLE.js";
|
|
5
|
+
import {
|
|
6
|
+
init_clock,
|
|
7
|
+
nowMs,
|
|
8
|
+
toIso
|
|
9
|
+
} from "./chunk-HFDLUBWN.js";
|
|
10
|
+
import {
|
|
11
|
+
getDb,
|
|
12
|
+
init_client
|
|
13
|
+
} from "./chunk-AGIXZFHQ.js";
|
|
14
|
+
|
|
15
|
+
// src/db/user-profiles.ts
|
|
16
|
+
init_client();
|
|
17
|
+
init_ids();
|
|
18
|
+
init_clock();
|
|
19
|
+
function hydrate(row) {
|
|
20
|
+
return {
|
|
21
|
+
type: "user_profile",
|
|
22
|
+
id: row.id,
|
|
23
|
+
external_id: row.external_id,
|
|
24
|
+
display_name: row.display_name,
|
|
25
|
+
trust_grants: JSON.parse(row.trust_grants_json),
|
|
26
|
+
tenant_id: row.tenant_id,
|
|
27
|
+
created_at: toIso(row.created_at),
|
|
28
|
+
updated_at: toIso(row.updated_at)
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
function createUserProfile(input) {
|
|
32
|
+
const db = getDb();
|
|
33
|
+
const id = newId("uprof");
|
|
34
|
+
const now = nowMs();
|
|
35
|
+
db.prepare(
|
|
36
|
+
`INSERT INTO user_profiles (id, external_id, display_name, trust_grants_json, tenant_id, created_at, updated_at)
|
|
37
|
+
VALUES (?, ?, ?, ?, ?, ?, ?)`
|
|
38
|
+
).run(
|
|
39
|
+
id,
|
|
40
|
+
input.external_id ?? null,
|
|
41
|
+
input.display_name ?? null,
|
|
42
|
+
JSON.stringify(input.trust_grants ?? []),
|
|
43
|
+
input.tenant_id ?? null,
|
|
44
|
+
now,
|
|
45
|
+
now
|
|
46
|
+
);
|
|
47
|
+
return getUserProfile(id);
|
|
48
|
+
}
|
|
49
|
+
function getUserProfile(id) {
|
|
50
|
+
const db = getDb();
|
|
51
|
+
const row = db.prepare(`SELECT * FROM user_profiles WHERE id = ?`).get(id);
|
|
52
|
+
return row ? hydrate(row) : null;
|
|
53
|
+
}
|
|
54
|
+
function listUserProfiles(opts) {
|
|
55
|
+
const db = getDb();
|
|
56
|
+
const limit = Math.min(opts.limit ?? 50, 100);
|
|
57
|
+
const parts = [];
|
|
58
|
+
const args = [];
|
|
59
|
+
if (opts.tenant_id) {
|
|
60
|
+
parts.push("tenant_id = ?");
|
|
61
|
+
args.push(opts.tenant_id);
|
|
62
|
+
}
|
|
63
|
+
if (opts.after_id) {
|
|
64
|
+
parts.push("id > ?");
|
|
65
|
+
args.push(opts.after_id);
|
|
66
|
+
}
|
|
67
|
+
const where = parts.length > 0 ? `WHERE ${parts.join(" AND ")}` : "";
|
|
68
|
+
const rows = db.prepare(
|
|
69
|
+
`SELECT * FROM user_profiles ${where} ORDER BY id ASC LIMIT ?`
|
|
70
|
+
).all(...args, limit + 1);
|
|
71
|
+
const hasMore = rows.length > limit;
|
|
72
|
+
if (hasMore) rows.pop();
|
|
73
|
+
return { data: rows.map(hydrate), has_more: hasMore };
|
|
74
|
+
}
|
|
75
|
+
function updateUserProfile(id, input) {
|
|
76
|
+
const db = getDb();
|
|
77
|
+
const existing = db.prepare(`SELECT * FROM user_profiles WHERE id = ?`).get(id);
|
|
78
|
+
if (!existing) return null;
|
|
79
|
+
const now = nowMs();
|
|
80
|
+
const parts = ["updated_at = ?"];
|
|
81
|
+
const args = [now];
|
|
82
|
+
if (input.external_id !== void 0) {
|
|
83
|
+
parts.push("external_id = ?");
|
|
84
|
+
args.push(input.external_id);
|
|
85
|
+
}
|
|
86
|
+
if (input.display_name !== void 0) {
|
|
87
|
+
parts.push("display_name = ?");
|
|
88
|
+
args.push(input.display_name);
|
|
89
|
+
}
|
|
90
|
+
if (input.trust_grants !== void 0) {
|
|
91
|
+
parts.push("trust_grants_json = ?");
|
|
92
|
+
args.push(JSON.stringify(input.trust_grants));
|
|
93
|
+
}
|
|
94
|
+
db.prepare(`UPDATE user_profiles SET ${parts.join(", ")} WHERE id = ?`).run(...args, id);
|
|
95
|
+
return getUserProfile(id);
|
|
96
|
+
}
|
|
97
|
+
|
|
98
|
+
export {
|
|
99
|
+
createUserProfile,
|
|
100
|
+
getUserProfile,
|
|
101
|
+
listUserProfiles,
|
|
102
|
+
updateUserProfile
|
|
103
|
+
};
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import {
|
|
2
2
|
resolveContainerProvider,
|
|
3
3
|
resolveProvider
|
|
4
|
-
} from "./chunk-
|
|
4
|
+
} from "./chunk-C7P2TYOG.js";
|
|
5
5
|
import {
|
|
6
6
|
getEnvironmentRow,
|
|
7
7
|
updateEnvironmentState
|
|
8
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-NSUVDKNC.js";
|
|
9
9
|
import {
|
|
10
10
|
installClaudeWrapper
|
|
11
11
|
} from "./chunk-J6T3W6RY.js";
|