@apart-tech/intelligence-core 1.9.0 → 1.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +6 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -1
- package/dist/index.js.map +1 -1
- package/dist/lib/__tests__/crypto.test.js +95 -27
- package/dist/lib/__tests__/crypto.test.js.map +1 -1
- package/dist/lib/crypto.d.ts +19 -5
- package/dist/lib/crypto.d.ts.map +1 -1
- package/dist/lib/crypto.js +71 -14
- package/dist/lib/crypto.js.map +1 -1
- package/dist/lib/encryption-keys.d.ts +6 -0
- package/dist/lib/encryption-keys.d.ts.map +1 -0
- package/dist/lib/encryption-keys.js +40 -0
- package/dist/lib/encryption-keys.js.map +1 -0
- package/dist/services/agent-schedule-service.d.ts.map +1 -1
- package/dist/services/agent-schedule-service.js +4 -7
- package/dist/services/agent-schedule-service.js.map +1 -1
- package/dist/services/org-agent-config-service.d.ts.map +1 -1
- package/dist/services/org-agent-config-service.js +4 -7
- package/dist/services/org-agent-config-service.js.map +1 -1
- package/dist/services/org-agent-type-service.d.ts +37 -0
- package/dist/services/org-agent-type-service.d.ts.map +1 -0
- package/dist/services/org-agent-type-service.js +94 -0
- package/dist/services/org-agent-type-service.js.map +1 -0
- package/dist/services/org-embedding-config-service.d.ts.map +1 -1
- package/dist/services/org-embedding-config-service.js +4 -7
- package/dist/services/org-embedding-config-service.js.map +1 -1
- package/dist/services/org-mcp-server-service.d.ts +42 -0
- package/dist/services/org-mcp-server-service.d.ts.map +1 -0
- package/dist/services/org-mcp-server-service.js +129 -0
- package/dist/services/org-mcp-server-service.js.map +1 -0
- package/dist/services/org-pii-config-service.d.ts.map +1 -1
- package/dist/services/org-pii-config-service.js +4 -7
- package/dist/services/org-pii-config-service.js.map +1 -1
- package/dist/services/user-service.d.ts.map +1 -1
- package/dist/services/user-service.js +8 -11
- package/dist/services/user-service.js.map +1 -1
- package/package.json +1 -1
- package/prisma/schema.prisma +41 -0
package/dist/index.d.ts
CHANGED
|
@@ -3,7 +3,8 @@ export type { Database } from "./db/connection.js";
|
|
|
3
3
|
export { PrismaClient } from "@prisma/client";
|
|
4
4
|
export { createTenantClient, tenantWhere, SINGLE_TENANT_ORG_ID } from "./db/tenant.js";
|
|
5
5
|
export type { TenantContext } from "./db/tenant.js";
|
|
6
|
-
export { encryptAesGcm, decryptAesGcm, deriveKey } from "./lib/crypto.js";
|
|
6
|
+
export { encryptAesGcm, decryptAesGcm, deriveKey, deriveKeyV2 } from "./lib/crypto.js";
|
|
7
|
+
export { getAgentKeySecret, getPiiKeySecret, getEmbeddingKeySecret } from "./lib/encryption-keys.js";
|
|
7
8
|
export { verifyAuth0Jwt } from "./lib/jwt.js";
|
|
8
9
|
export type { Auth0Config, Auth0JwtPayload } from "./lib/jwt.js";
|
|
9
10
|
export * from "./types/index.js";
|
|
@@ -26,6 +27,10 @@ export type { OrgPiiConfig, OrgPiiConfigWithKey, PiiMode } from "./services/org-
|
|
|
26
27
|
export type { OrgEmbeddingConfig, OrgEmbeddingConfigWithKey } from "./services/org-embedding-config-service.js";
|
|
27
28
|
export { OrgAgentConfigService } from "./services/org-agent-config-service.js";
|
|
28
29
|
export type { OrgAgentConfig, OrgAgentConfigWithKeys } from "./services/org-agent-config-service.js";
|
|
30
|
+
export { OrgAgentTypeService } from "./services/org-agent-type-service.js";
|
|
31
|
+
export type { OrgAgentTypeRecord, CreateOrgAgentTypeInput, UpdateOrgAgentTypeInput } from "./services/org-agent-type-service.js";
|
|
32
|
+
export { OrgMcpServerService } from "./services/org-mcp-server-service.js";
|
|
33
|
+
export type { OrgMcpServerRecord, McpServerConfig, CreateOrgMcpServerInput, UpdateOrgMcpServerInput } from "./services/org-mcp-server-service.js";
|
|
29
34
|
export { AgentRunService } from "./services/agent-run-service.js";
|
|
30
35
|
export type { AgentRun } from "./services/agent-run-service.js";
|
|
31
36
|
export { AgentScheduleService } from "./services/agent-schedule-service.js";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AACjE,YAAY,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AACvF,YAAY,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAGpD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AACjE,YAAY,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AACvF,YAAY,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAGpD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAGrG,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAGjE,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAG/C,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,YAAY,EAAE,eAAe,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,iCAAiC,CAAC;AACnH,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,YAAY,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACvF,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAC5E,YAAY,EAAE,oBAAoB,EAAE,SAAS,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AACjH,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAC3E,YAAY,EAAE,YAAY,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,sCAAsC,CAAC;AACvG,YAAY,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AAChH,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAC/E,YAAY,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,wCAAwC,CAAC;AACrG,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAC3E,YAAY,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AACjI,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAC3E,YAAY,EAAE,kBAAkB,EAAE,eAAe,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAClJ,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,YAAY,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAC5E,YAAY,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,MAAM,sCAAsC,CAAC;AACpI,OAAO,EAAE,aAAa,EAAE,MAAM,mCAAmC,CAAC;AAClE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACrP,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,YAAY,EAAE,IAAI,EAAE,iBAAiB,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAC5G,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,YAAY,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,YAAY,EAAE,MAAM,EAAE,MAAM,8BAA8B,CAAC;AAG3D,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAChK,YAAY,EAAE,8BAA8B,EAAE,MAAM,sBAAsB,CAAC;AAC3E,OAAO,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACpE,YAAY,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACpG,YAAY,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,YAAY,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -3,7 +3,8 @@ export { getDb, getTenantDb, closeDb } from "./db/connection.js";
|
|
|
3
3
|
export { PrismaClient } from "@prisma/client";
|
|
4
4
|
export { createTenantClient, tenantWhere, SINGLE_TENANT_ORG_ID } from "./db/tenant.js";
|
|
5
5
|
// Crypto
|
|
6
|
-
export { encryptAesGcm, decryptAesGcm, deriveKey } from "./lib/crypto.js";
|
|
6
|
+
export { encryptAesGcm, decryptAesGcm, deriveKey, deriveKeyV2 } from "./lib/crypto.js";
|
|
7
|
+
export { getAgentKeySecret, getPiiKeySecret, getEmbeddingKeySecret } from "./lib/encryption-keys.js";
|
|
7
8
|
// JWT
|
|
8
9
|
export { verifyAuth0Jwt } from "./lib/jwt.js";
|
|
9
10
|
// Types
|
|
@@ -23,6 +24,8 @@ export { PiiDetectorService } from "./services/pii-detector-service.js";
|
|
|
23
24
|
export { PiiEncryptionService } from "./services/pii-encryption-service.js";
|
|
24
25
|
export { OrgPiiConfigService } from "./services/org-pii-config-service.js";
|
|
25
26
|
export { OrgAgentConfigService } from "./services/org-agent-config-service.js";
|
|
27
|
+
export { OrgAgentTypeService } from "./services/org-agent-type-service.js";
|
|
28
|
+
export { OrgMcpServerService } from "./services/org-mcp-server-service.js";
|
|
26
29
|
export { AgentRunService } from "./services/agent-run-service.js";
|
|
27
30
|
export { AgentScheduleService } from "./services/agent-schedule-service.js";
|
|
28
31
|
export { CLI_REFERENCE } from "./services/agent-cli-reference.js";
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,WAAW;AACX,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAEjE,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAGvF,SAAS;AACT,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,WAAW;AACX,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAEjE,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAGvF,SAAS;AACT,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAErG,MAAM;AACN,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAG9C,QAAQ;AACR,cAAc,kBAAkB,CAAC;AAEjC,SAAS;AACT,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,WAAW;AACX,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAEnE,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,4CAA4C,CAAC;AACvF,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AAExE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAE5E,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAG3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAE/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAE3E,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAE3E,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAElE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAE5E,OAAO,EAAE,aAAa,EAAE,MAAM,mCAAmC,CAAC;AAElE,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAEzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAErE,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAG7D,YAAY;AACZ,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAEhK,OAAO,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AAEpE,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEpG,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC"}
|
|
@@ -1,62 +1,130 @@
|
|
|
1
1
|
import { describe, it, expect } from "vitest";
|
|
2
|
-
import {
|
|
2
|
+
import { randomBytes } from "node:crypto";
|
|
3
|
+
import { encryptAesGcm, decryptAesGcm, deriveKey, deriveKeyV2 } from "../crypto.js";
|
|
3
4
|
describe("crypto", () => {
|
|
4
|
-
const
|
|
5
|
-
describe("deriveKey", () => {
|
|
5
|
+
const legacyKey = deriveKey("test-secret");
|
|
6
|
+
describe("deriveKey (legacy)", () => {
|
|
6
7
|
it("returns a 32-byte buffer", () => {
|
|
7
|
-
expect(
|
|
8
|
+
expect(legacyKey.length).toBe(32);
|
|
8
9
|
});
|
|
9
10
|
it("is deterministic", () => {
|
|
10
|
-
expect(deriveKey("test-secret")).toEqual(
|
|
11
|
+
expect(deriveKey("test-secret")).toEqual(legacyKey);
|
|
11
12
|
});
|
|
12
13
|
it("produces different keys for different secrets", () => {
|
|
13
|
-
expect(deriveKey("other-secret")).not.toEqual(
|
|
14
|
+
expect(deriveKey("other-secret")).not.toEqual(legacyKey);
|
|
14
15
|
});
|
|
15
16
|
});
|
|
16
|
-
describe("
|
|
17
|
+
describe("deriveKeyV2 (PBKDF2)", () => {
|
|
18
|
+
it("returns a 32-byte buffer", () => {
|
|
19
|
+
const salt = randomBytes(16);
|
|
20
|
+
expect(deriveKeyV2("test-secret", salt).length).toBe(32);
|
|
21
|
+
});
|
|
22
|
+
it("is deterministic for same secret + salt", () => {
|
|
23
|
+
const salt = randomBytes(16);
|
|
24
|
+
expect(deriveKeyV2("test-secret", salt)).toEqual(deriveKeyV2("test-secret", salt));
|
|
25
|
+
});
|
|
26
|
+
it("produces different keys for different salts", () => {
|
|
27
|
+
const salt1 = randomBytes(16);
|
|
28
|
+
const salt2 = randomBytes(16);
|
|
29
|
+
expect(deriveKeyV2("test-secret", salt1)).not.toEqual(deriveKeyV2("test-secret", salt2));
|
|
30
|
+
});
|
|
31
|
+
it("produces different keys for different secrets", () => {
|
|
32
|
+
const salt = randomBytes(16);
|
|
33
|
+
expect(deriveKeyV2("secret-a", salt)).not.toEqual(deriveKeyV2("secret-b", salt));
|
|
34
|
+
});
|
|
35
|
+
});
|
|
36
|
+
describe("V1 format (Buffer key)", () => {
|
|
17
37
|
it("roundtrips plaintext correctly", () => {
|
|
18
38
|
const plaintext = "hello world";
|
|
19
|
-
const encrypted = encryptAesGcm(plaintext,
|
|
20
|
-
const decrypted = decryptAesGcm(encrypted,
|
|
39
|
+
const encrypted = encryptAesGcm(plaintext, legacyKey);
|
|
40
|
+
const decrypted = decryptAesGcm(encrypted, legacyKey);
|
|
21
41
|
expect(decrypted).toBe(plaintext);
|
|
22
42
|
});
|
|
23
|
-
it("produces iv:tag:ciphertext format", () => {
|
|
24
|
-
const encrypted = encryptAesGcm("test",
|
|
43
|
+
it("produces iv:tag:ciphertext format (3 parts)", () => {
|
|
44
|
+
const encrypted = encryptAesGcm("test", legacyKey);
|
|
25
45
|
const parts = encrypted.split(":");
|
|
26
46
|
expect(parts).toHaveLength(3);
|
|
27
|
-
// Each part should be valid base64
|
|
28
47
|
for (const part of parts) {
|
|
29
48
|
expect(() => Buffer.from(part, "base64")).not.toThrow();
|
|
30
49
|
}
|
|
31
50
|
});
|
|
32
51
|
it("produces different ciphertext each time (random IV)", () => {
|
|
33
|
-
const a = encryptAesGcm("same text",
|
|
34
|
-
const b = encryptAesGcm("same text",
|
|
52
|
+
const a = encryptAesGcm("same text", legacyKey);
|
|
53
|
+
const b = encryptAesGcm("same text", legacyKey);
|
|
35
54
|
expect(a).not.toBe(b);
|
|
36
|
-
|
|
37
|
-
expect(decryptAesGcm(
|
|
38
|
-
expect(decryptAesGcm(b, key)).toBe("same text");
|
|
55
|
+
expect(decryptAesGcm(a, legacyKey)).toBe("same text");
|
|
56
|
+
expect(decryptAesGcm(b, legacyKey)).toBe("same text");
|
|
39
57
|
});
|
|
40
58
|
it("fails with wrong key", () => {
|
|
41
|
-
const encrypted = encryptAesGcm("secret",
|
|
59
|
+
const encrypted = encryptAesGcm("secret", legacyKey);
|
|
42
60
|
const wrongKey = deriveKey("wrong-secret");
|
|
43
61
|
expect(() => decryptAesGcm(encrypted, wrongKey)).toThrow();
|
|
44
62
|
});
|
|
45
|
-
it("
|
|
46
|
-
const encrypted = encryptAesGcm("
|
|
63
|
+
it("handles empty string", () => {
|
|
64
|
+
const encrypted = encryptAesGcm("", legacyKey);
|
|
65
|
+
expect(decryptAesGcm(encrypted, legacyKey)).toBe("");
|
|
66
|
+
});
|
|
67
|
+
it("handles unicode", () => {
|
|
68
|
+
const plaintext = "Hello 🌍 — résumé";
|
|
69
|
+
const encrypted = encryptAesGcm(plaintext, legacyKey);
|
|
70
|
+
expect(decryptAesGcm(encrypted, plaintext === plaintext ? legacyKey : legacyKey)).toBe(plaintext);
|
|
71
|
+
});
|
|
72
|
+
});
|
|
73
|
+
describe("V2 format (string secret with PBKDF2)", () => {
|
|
74
|
+
const secret = "my-test-secret-for-v2";
|
|
75
|
+
it("roundtrips plaintext correctly", () => {
|
|
76
|
+
const encrypted = encryptAesGcm("hello world", secret);
|
|
77
|
+
const decrypted = decryptAesGcm(encrypted, secret);
|
|
78
|
+
expect(decrypted).toBe("hello world");
|
|
79
|
+
});
|
|
80
|
+
it("produces v2:salt:iv:tag:ciphertext format (5 parts)", () => {
|
|
81
|
+
const encrypted = encryptAesGcm("test", secret);
|
|
47
82
|
const parts = encrypted.split(":");
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
83
|
+
expect(parts).toHaveLength(5);
|
|
84
|
+
expect(parts[0]).toBe("v2");
|
|
85
|
+
for (const part of parts.slice(1)) {
|
|
86
|
+
expect(() => Buffer.from(part, "base64")).not.toThrow();
|
|
87
|
+
}
|
|
88
|
+
});
|
|
89
|
+
it("produces different ciphertext each time (random salt + IV)", () => {
|
|
90
|
+
const a = encryptAesGcm("same text", secret);
|
|
91
|
+
const b = encryptAesGcm("same text", secret);
|
|
92
|
+
expect(a).not.toBe(b);
|
|
93
|
+
expect(decryptAesGcm(a, secret)).toBe("same text");
|
|
94
|
+
expect(decryptAesGcm(b, secret)).toBe("same text");
|
|
95
|
+
});
|
|
96
|
+
it("fails with wrong secret", () => {
|
|
97
|
+
const encrypted = encryptAesGcm("secret", secret);
|
|
98
|
+
expect(() => decryptAesGcm(encrypted, "wrong-secret")).toThrow();
|
|
51
99
|
});
|
|
52
100
|
it("handles empty string", () => {
|
|
53
|
-
const encrypted = encryptAesGcm("",
|
|
54
|
-
expect(decryptAesGcm(encrypted,
|
|
101
|
+
const encrypted = encryptAesGcm("", secret);
|
|
102
|
+
expect(decryptAesGcm(encrypted, secret)).toBe("");
|
|
55
103
|
});
|
|
56
104
|
it("handles unicode", () => {
|
|
57
105
|
const plaintext = "Hello 🌍 — résumé";
|
|
58
|
-
const encrypted = encryptAesGcm(plaintext,
|
|
59
|
-
expect(decryptAesGcm(encrypted,
|
|
106
|
+
const encrypted = encryptAesGcm(plaintext, secret);
|
|
107
|
+
expect(decryptAesGcm(encrypted, secret)).toBe(plaintext);
|
|
108
|
+
});
|
|
109
|
+
});
|
|
110
|
+
describe("V1/V2 backwards compatibility", () => {
|
|
111
|
+
it("V1 ciphertext can be decrypted with string secret (legacy path)", () => {
|
|
112
|
+
// Encrypt with legacy Buffer key derived from "test-secret"
|
|
113
|
+
const encrypted = encryptAesGcm("legacy data", legacyKey);
|
|
114
|
+
expect(encrypted.split(":")).toHaveLength(3); // V1 format
|
|
115
|
+
// Decrypt with the same secret as a string — should use legacy SHA-256 derivation
|
|
116
|
+
const decrypted = decryptAesGcm(encrypted, "test-secret");
|
|
117
|
+
expect(decrypted).toBe("legacy data");
|
|
118
|
+
});
|
|
119
|
+
it("V2 ciphertext requires string secret, not Buffer", () => {
|
|
120
|
+
const encrypted = encryptAesGcm("v2 data", "my-secret");
|
|
121
|
+
expect(encrypted.startsWith("v2:")).toBe(true);
|
|
122
|
+
// Passing a Buffer to V2 ciphertext should throw
|
|
123
|
+
expect(() => decryptAesGcm(encrypted, legacyKey)).toThrow("V2 encrypted format requires a secret string");
|
|
124
|
+
});
|
|
125
|
+
it("rejects unknown format", () => {
|
|
126
|
+
expect(() => decryptAesGcm("a:b:c:d", "secret")).toThrow("Unknown encryption format");
|
|
127
|
+
expect(() => decryptAesGcm("a:b", "secret")).toThrow("Unknown encryption format");
|
|
60
128
|
});
|
|
61
129
|
});
|
|
62
130
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.test.js","sourceRoot":"","sources":["../../../src/lib/__tests__/crypto.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"crypto.test.js","sourceRoot":"","sources":["../../../src/lib/__tests__/crypto.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEpF,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;IACtB,MAAM,SAAS,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;IAE3C,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kBAAkB,EAAE,GAAG,EAAE;YAC1B,MAAM,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;YAC7B,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;YAC7B,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC;QACrF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;YAC9B,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;YAC9B,MAAM,CAAC,WAAW,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC;QAC3F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;YAC7B,MAAM,CAAC,WAAW,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,SAAS,GAAG,aAAa,CAAC;YAChC,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YACtD,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YACtD,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YAC1D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC7D,MAAM,CAAC,GAAG,aAAa,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;YAChD,MAAM,CAAC,GAAG,aAAa,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;YAChD,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACtD,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,SAAS,GAAG,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,SAAS,CAAC,cAAc,CAAC,CAAC;YAC3C,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,SAAS,GAAG,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC/C,MAAM,CAAC,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iBAAiB,EAAE,GAAG,EAAE;YACzB,MAAM,SAAS,GAAG,mBAAmB,CAAC;YACtC,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YACtD,MAAM,CAAC,aAAa,CAAC,SAAS,EAAE,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACpG,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uCAAuC,EAAE,GAAG,EAAE;QACrD,MAAM,MAAM,GAAG,uBAAuB,CAAC;QAEvC,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,SAAS,GAAG,aAAa,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YACvD,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACnD,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC7D,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAChD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5B,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClC,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YAC1D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;YACpE,MAAM,CAAC,GAAG,aAAa,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YAC7C,MAAM,CAAC,GAAG,aAAa,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YAC7C,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACnD,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,SAAS,GAAG,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAClD,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,SAAS,GAAG,aAAa,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;YAC5C,MAAM,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iBAAiB,EAAE,GAAG,EAAE;YACzB,MAAM,SAAS,GAAG,mBAAmB,CAAC;YACtC,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACnD,MAAM,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;QAC7C,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;YACzE,4DAA4D;YAC5D,MAAM,SAAS,GAAG,aAAa,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YAC1D,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY;YAE1D,kFAAkF;YAClF,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;YAC1D,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;YACxD,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE/C,iDAAiD;YACjD,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CACvD,8CAA8C,CAC/C,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;YACtF,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;QACpF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
package/dist/lib/crypto.d.ts
CHANGED
|
@@ -1,14 +1,28 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* Legacy key derivation using SHA-256.
|
|
3
|
+
* @deprecated Only used for decrypting existing v1 data. New code should pass
|
|
4
|
+
* a secret string directly to encryptAesGcm/decryptAesGcm.
|
|
3
5
|
*/
|
|
4
6
|
export declare function deriveKey(secret: string): Buffer;
|
|
7
|
+
/**
|
|
8
|
+
* Derive a 32-byte AES key using PBKDF2 (100k iterations, SHA-512).
|
|
9
|
+
*/
|
|
10
|
+
export declare function deriveKeyV2(secret: string, salt: Buffer): Buffer;
|
|
5
11
|
/**
|
|
6
12
|
* Encrypt plaintext using AES-256-GCM.
|
|
7
|
-
*
|
|
13
|
+
*
|
|
14
|
+
* - When `keyOrSecret` is a Buffer: uses the key directly (v1 format: iv:tag:ciphertext).
|
|
15
|
+
* Used by PII encryption which already has a proper random key.
|
|
16
|
+
* - When `keyOrSecret` is a string: uses PBKDF2 key derivation with random salt
|
|
17
|
+
* (v2 format: v2:salt:iv:tag:ciphertext).
|
|
8
18
|
*/
|
|
9
|
-
export declare function encryptAesGcm(plaintext: string,
|
|
19
|
+
export declare function encryptAesGcm(plaintext: string, keyOrSecret: Buffer | string): string;
|
|
10
20
|
/**
|
|
11
|
-
* Decrypt an AES-256-GCM encoded string
|
|
21
|
+
* Decrypt an AES-256-GCM encoded string.
|
|
22
|
+
*
|
|
23
|
+
* Auto-detects format:
|
|
24
|
+
* - v2:salt:iv:tag:ciphertext → PBKDF2 key derivation (requires string secret)
|
|
25
|
+
* - iv:tag:ciphertext → legacy format (accepts Buffer key or string secret via SHA-256)
|
|
12
26
|
*/
|
|
13
|
-
export declare function decryptAesGcm(encoded: string,
|
|
27
|
+
export declare function decryptAesGcm(encoded: string, keyOrSecret: Buffer | string): string;
|
|
14
28
|
//# sourceMappingURL=crypto.d.ts.map
|
package/dist/lib/crypto.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/lib/crypto.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/lib/crypto.ts"],"names":[],"mappings":"AASA;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAEhE;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAwBrF;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CA+BnF"}
|
package/dist/lib/crypto.js
CHANGED
|
@@ -1,33 +1,90 @@
|
|
|
1
|
-
import { createCipheriv, createDecipheriv, randomBytes, createHash } from "node:crypto";
|
|
1
|
+
import { createCipheriv, createDecipheriv, randomBytes, createHash, pbkdf2Sync } from "node:crypto";
|
|
2
2
|
const ALGORITHM = "aes-256-gcm";
|
|
3
3
|
const IV_LENGTH = 16;
|
|
4
|
+
const SALT_LENGTH = 16;
|
|
5
|
+
const PBKDF2_ITERATIONS = 100_000;
|
|
6
|
+
const PBKDF2_DIGEST = "sha512";
|
|
7
|
+
const V2_PREFIX = "v2";
|
|
4
8
|
/**
|
|
5
|
-
*
|
|
9
|
+
* Legacy key derivation using SHA-256.
|
|
10
|
+
* @deprecated Only used for decrypting existing v1 data. New code should pass
|
|
11
|
+
* a secret string directly to encryptAesGcm/decryptAesGcm.
|
|
6
12
|
*/
|
|
7
13
|
export function deriveKey(secret) {
|
|
8
14
|
return createHash("sha256").update(secret).digest();
|
|
9
15
|
}
|
|
16
|
+
/**
|
|
17
|
+
* Derive a 32-byte AES key using PBKDF2 (100k iterations, SHA-512).
|
|
18
|
+
*/
|
|
19
|
+
export function deriveKeyV2(secret, salt) {
|
|
20
|
+
return pbkdf2Sync(secret, salt, PBKDF2_ITERATIONS, 32, PBKDF2_DIGEST);
|
|
21
|
+
}
|
|
10
22
|
/**
|
|
11
23
|
* Encrypt plaintext using AES-256-GCM.
|
|
12
|
-
*
|
|
24
|
+
*
|
|
25
|
+
* - When `keyOrSecret` is a Buffer: uses the key directly (v1 format: iv:tag:ciphertext).
|
|
26
|
+
* Used by PII encryption which already has a proper random key.
|
|
27
|
+
* - When `keyOrSecret` is a string: uses PBKDF2 key derivation with random salt
|
|
28
|
+
* (v2 format: v2:salt:iv:tag:ciphertext).
|
|
13
29
|
*/
|
|
14
|
-
export function encryptAesGcm(plaintext,
|
|
30
|
+
export function encryptAesGcm(plaintext, keyOrSecret) {
|
|
31
|
+
if (typeof keyOrSecret === "string") {
|
|
32
|
+
// V2: PBKDF2 with per-encryption salt
|
|
33
|
+
const salt = randomBytes(SALT_LENGTH);
|
|
34
|
+
const key = deriveKeyV2(keyOrSecret, salt);
|
|
35
|
+
const iv = randomBytes(IV_LENGTH);
|
|
36
|
+
const cipher = createCipheriv(ALGORITHM, key, iv);
|
|
37
|
+
const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
|
|
38
|
+
const tag = cipher.getAuthTag();
|
|
39
|
+
return [
|
|
40
|
+
V2_PREFIX,
|
|
41
|
+
salt.toString("base64"),
|
|
42
|
+
iv.toString("base64"),
|
|
43
|
+
tag.toString("base64"),
|
|
44
|
+
encrypted.toString("base64"),
|
|
45
|
+
].join(":");
|
|
46
|
+
}
|
|
47
|
+
// V1: use Buffer key directly (PII encryption path)
|
|
15
48
|
const iv = randomBytes(IV_LENGTH);
|
|
16
|
-
const cipher = createCipheriv(ALGORITHM,
|
|
49
|
+
const cipher = createCipheriv(ALGORITHM, keyOrSecret, iv);
|
|
17
50
|
const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
|
|
18
51
|
const tag = cipher.getAuthTag();
|
|
19
52
|
return `${iv.toString("base64")}:${tag.toString("base64")}:${encrypted.toString("base64")}`;
|
|
20
53
|
}
|
|
21
54
|
/**
|
|
22
|
-
* Decrypt an AES-256-GCM encoded string
|
|
55
|
+
* Decrypt an AES-256-GCM encoded string.
|
|
56
|
+
*
|
|
57
|
+
* Auto-detects format:
|
|
58
|
+
* - v2:salt:iv:tag:ciphertext → PBKDF2 key derivation (requires string secret)
|
|
59
|
+
* - iv:tag:ciphertext → legacy format (accepts Buffer key or string secret via SHA-256)
|
|
23
60
|
*/
|
|
24
|
-
export function decryptAesGcm(encoded,
|
|
25
|
-
const
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
61
|
+
export function decryptAesGcm(encoded, keyOrSecret) {
|
|
62
|
+
const parts = encoded.split(":");
|
|
63
|
+
if (parts[0] === V2_PREFIX && parts.length === 5) {
|
|
64
|
+
// V2 format: v2:salt:iv:tag:ciphertext
|
|
65
|
+
if (typeof keyOrSecret !== "string") {
|
|
66
|
+
throw new Error("V2 encrypted format requires a secret string for decryption, not a Buffer key");
|
|
67
|
+
}
|
|
68
|
+
const salt = Buffer.from(parts[1], "base64");
|
|
69
|
+
const iv = Buffer.from(parts[2], "base64");
|
|
70
|
+
const tag = Buffer.from(parts[3], "base64");
|
|
71
|
+
const ciphertext = Buffer.from(parts[4], "base64");
|
|
72
|
+
const key = deriveKeyV2(keyOrSecret, salt);
|
|
73
|
+
const decipher = createDecipheriv(ALGORITHM, key, iv);
|
|
74
|
+
decipher.setAuthTag(tag);
|
|
75
|
+
return Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf8");
|
|
76
|
+
}
|
|
77
|
+
// V1 (legacy) format: iv:tag:ciphertext
|
|
78
|
+
if (parts.length === 3) {
|
|
79
|
+
const iv = Buffer.from(parts[0], "base64");
|
|
80
|
+
const tag = Buffer.from(parts[1], "base64");
|
|
81
|
+
const ciphertext = Buffer.from(parts[2], "base64");
|
|
82
|
+
// Accept either a pre-derived Buffer key or a string secret (legacy SHA-256)
|
|
83
|
+
const key = typeof keyOrSecret === "string" ? deriveKey(keyOrSecret) : keyOrSecret;
|
|
84
|
+
const decipher = createDecipheriv(ALGORITHM, key, iv);
|
|
85
|
+
decipher.setAuthTag(tag);
|
|
86
|
+
return Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf8");
|
|
87
|
+
}
|
|
88
|
+
throw new Error("Unknown encryption format");
|
|
32
89
|
}
|
|
33
90
|
//# sourceMappingURL=crypto.js.map
|
package/dist/lib/crypto.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/lib/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/lib/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEpG,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,WAAW,GAAG,EAAE,CAAC;AACvB,MAAM,iBAAiB,GAAG,OAAO,CAAC;AAClC,MAAM,aAAa,GAAG,QAAQ,CAAC;AAC/B,MAAM,SAAS,GAAG,IAAI,CAAC;AAEvB;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,MAAc;IACtC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,MAAc,EAAE,IAAY;IACtD,OAAO,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,iBAAiB,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC;AACxE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAAC,SAAiB,EAAE,WAA4B;IAC3E,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;QACpC,sCAAsC;QACtC,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,WAAW,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAC3C,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACpF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAChC,OAAO;YACL,SAAS;YACT,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACvB,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACrB,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACtB,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;SAC7B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACd,CAAC;IAED,oDAAoD;IACpD,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;IAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACpF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;AAC9F,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,WAA4B;IACzE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEjC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,uCAAuC;QACvC,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,+EAA+E,CAAC,CAAC;QACnG,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC7C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC5C,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,WAAW,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAC3C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QACtD,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACzF,CAAC;IAED,wCAAwC;IACxC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC5C,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QACnD,6EAA6E;QAC7E,MAAM,GAAG,GAAG,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;QACnF,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QACtD,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;AAC/C,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export declare function getAgentKeySecret(): string;
|
|
2
|
+
export declare function getPiiKeySecret(): string;
|
|
3
|
+
export declare function getEmbeddingKeySecret(): string;
|
|
4
|
+
/** Reset cached secrets — for testing only. */
|
|
5
|
+
export declare function _resetKeyCache(): void;
|
|
6
|
+
//# sourceMappingURL=encryption-keys.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"encryption-keys.d.ts","sourceRoot":"","sources":["../../src/lib/encryption-keys.ts"],"names":[],"mappings":"AAsBA,wBAAgB,iBAAiB,IAAI,MAAM,CAK1C;AAED,wBAAgB,eAAe,IAAI,MAAM,CAKxC;AAED,wBAAgB,qBAAqB,IAAI,MAAM,CAK9C;AAED,+CAA+C;AAC/C,wBAAgB,cAAc,IAAI,IAAI,CAIrC"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
const MIN_SECRET_LENGTH = 16;
|
|
2
|
+
let _agentSecret;
|
|
3
|
+
let _piiSecret;
|
|
4
|
+
let _embeddingSecret;
|
|
5
|
+
function requireEnv(name) {
|
|
6
|
+
const value = process.env[name];
|
|
7
|
+
if (!value) {
|
|
8
|
+
throw new Error(`Missing required environment variable: ${name}. ` +
|
|
9
|
+
`Encryption keys must be set explicitly — no defaults are used.`);
|
|
10
|
+
}
|
|
11
|
+
if (value.length < MIN_SECRET_LENGTH) {
|
|
12
|
+
throw new Error(`${name} must be at least ${MIN_SECRET_LENGTH} characters long.`);
|
|
13
|
+
}
|
|
14
|
+
return value;
|
|
15
|
+
}
|
|
16
|
+
export function getAgentKeySecret() {
|
|
17
|
+
if (!_agentSecret) {
|
|
18
|
+
_agentSecret = requireEnv("AGENT_KEY_SECRET");
|
|
19
|
+
}
|
|
20
|
+
return _agentSecret;
|
|
21
|
+
}
|
|
22
|
+
export function getPiiKeySecret() {
|
|
23
|
+
if (!_piiSecret) {
|
|
24
|
+
_piiSecret = requireEnv("PII_KEY_SECRET");
|
|
25
|
+
}
|
|
26
|
+
return _piiSecret;
|
|
27
|
+
}
|
|
28
|
+
export function getEmbeddingKeySecret() {
|
|
29
|
+
if (!_embeddingSecret) {
|
|
30
|
+
_embeddingSecret = requireEnv("EMBEDDING_KEY_SECRET");
|
|
31
|
+
}
|
|
32
|
+
return _embeddingSecret;
|
|
33
|
+
}
|
|
34
|
+
/** Reset cached secrets — for testing only. */
|
|
35
|
+
export function _resetKeyCache() {
|
|
36
|
+
_agentSecret = undefined;
|
|
37
|
+
_piiSecret = undefined;
|
|
38
|
+
_embeddingSecret = undefined;
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=encryption-keys.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"encryption-keys.js","sourceRoot":"","sources":["../../src/lib/encryption-keys.ts"],"names":[],"mappings":"AAAA,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAE7B,IAAI,YAAgC,CAAC;AACrC,IAAI,UAA8B,CAAC;AACnC,IAAI,gBAAoC,CAAC;AAEzC,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,0CAA0C,IAAI,IAAI;YAClD,gEAAgE,CACjE,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,GAAG,iBAAiB,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,qBAAqB,iBAAiB,mBAAmB,CACjE,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,UAAU,CAAC,kBAAkB,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,UAAU,GAAG,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,gBAAgB,GAAG,UAAU,CAAC,sBAAsB,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,+CAA+C;AAC/C,MAAM,UAAU,cAAc;IAC5B,YAAY,GAAG,SAAS,CAAC;IACzB,UAAU,GAAG,SAAS,CAAC;IACvB,gBAAgB,GAAG,SAAS,CAAC;AAC/B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-schedule-service.d.ts","sourceRoot":"","sources":["../../src/services/agent-schedule-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"agent-schedule-service.d.ts","sourceRoot":"","sources":["../../src/services/agent-schedule-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAiBnD,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;IAC7B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,qBAAa,oBAAoB;IACnB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,MAAM,CACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,wBAAwB,EAC/B,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,mBAAmB,CAAC;IAoBzB,MAAM,CACV,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,wBAAwB,GAC9B,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAsBhC,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW5D,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAQhF,IAAI,CACR,cAAc,EAAE,MAAM,EACtB,IAAI,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,OAAO,CAAA;KAAE,GAC3B,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAW3B,UAAU,CACd,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAYhC,aAAa,CACjB,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC;IAOV,aAAa,CACjB,EAAE,EAAE,MAAM,EACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC;IAUV,kBAAkB,CAAC,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IASpF,OAAO,CAAC,QAAQ;CAoBjB"}
|
|
@@ -1,14 +1,11 @@
|
|
|
1
1
|
import { createHash } from "node:crypto";
|
|
2
|
-
import { encryptAesGcm, decryptAesGcm
|
|
3
|
-
|
|
4
|
-
const secret = process.env.AGENT_KEY_SECRET ?? "apart-default-agent-key-secret-change-me";
|
|
5
|
-
return deriveKey(secret);
|
|
6
|
-
}
|
|
2
|
+
import { encryptAesGcm, decryptAesGcm } from "../lib/crypto.js";
|
|
3
|
+
import { getAgentKeySecret } from "../lib/encryption-keys.js";
|
|
7
4
|
function encrypt(plaintext) {
|
|
8
|
-
return encryptAesGcm(plaintext,
|
|
5
|
+
return encryptAesGcm(plaintext, getAgentKeySecret());
|
|
9
6
|
}
|
|
10
7
|
function decrypt(encoded) {
|
|
11
|
-
return decryptAesGcm(encoded,
|
|
8
|
+
return decryptAesGcm(encoded, getAgentKeySecret());
|
|
12
9
|
}
|
|
13
10
|
function hashApiKey(rawKey) {
|
|
14
11
|
return createHash("sha256").update(rawKey).digest("hex");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-schedule-service.js","sourceRoot":"","sources":["../../src/services/agent-schedule-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"agent-schedule-service.js","sourceRoot":"","sources":["../../src/services/agent-schedule-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,SAAS,OAAO,CAAC,SAAiB;IAChC,OAAO,aAAa,CAAC,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,OAAO,CAAC,OAAe;IAC9B,OAAO,aAAa,CAAC,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC3D,CAAC;AA2CD,MAAM,OAAO,oBAAoB;IACX;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,MAAM,CACV,cAAsB,EACtB,KAA+B,EAC/B,SAAiB,EACjB,SAAiB;QAEjB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;YAClD,IAAI,EAAE;gBACJ,cAAc;gBACd,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,EAAE;gBACpC,cAAc,EAAE,KAAK,CAAC,cAAc;gBACpC,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,KAAK;gBACjC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,YAAY;gBAC1C,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,QAAQ;gBAC9B,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;gBAClC,eAAe,EAAE,OAAO,CAAC,SAAS,CAAC;gBACnC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;gBACjC,SAAS;aACV;SACF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CACV,EAAU,EACV,cAAsB,EACtB,KAA+B;QAE/B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;gBAClD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;gBAC7B,IAAI,EAAE;oBACJ,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACzD,GAAG,CAAC,KAAK,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC9E,GAAG,CAAC,KAAK,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACvF,GAAG,CAAC,KAAK,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACrE,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxE,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC/D,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5D,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxE,SAAS,EAAE,IAAI,IAAI,EAAE;iBACtB;aACF,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU,EAAE,cAAsB;QAC7C,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;gBACjC,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;aAC9B,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EAAU,EAAE,cAAsB;QAC9C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,SAAS,CAAC;YACrD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;SAC9B,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC3B,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,IAAI,CACR,cAAsB,EACtB,IAA4B;QAE5B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC;YACrD,KAAK,EAAE;gBACL,cAAc;gBACd,GAAG,CAAC,IAAI,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAClE;YACD,OAAO,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE;SAC/B,CAAC,CAAC;QACH,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,UAAU,CACd,EAAU,EACV,cAAsB,EACtB,OAAgB;QAEhB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;gBAClD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;gBAC7B,IAAI,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;aACzC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,EAAU,EACV,cAAsB,EACtB,UAAkB;QAElB,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;YACjC,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;YAC7B,IAAI,EAAE,EAAE,UAAU,EAAE;SACrB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,EAAU,EACV,cAAsB,EACtB,KAAa;QAEb,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;YACjC,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;YAC7B,IAAI,EAAE;gBACJ,eAAe,EAAE,IAAI,IAAI,EAAE;gBAC3B,SAAS,EAAE,KAAK;aACjB;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU,EAAE,cAAsB;QACzD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,SAAS,CAAC;YACrD,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE;YAC7B,MAAM,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE;SAClC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC3B,OAAO,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IAC3C,CAAC;IAEO,QAAQ,CAAC,QAAa;QAC5B,OAAO;YACL,EAAE,EAAE,QAAQ,CAAC,EAAE;YACf,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,cAAc,EAAE,QAAQ,CAAC,cAAc;YACvC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,eAAe,EAAE,QAAQ,CAAC,eAAe;YACzC,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS;SAC9B,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-agent-config-service.d.ts","sourceRoot":"","sources":["../../src/services/org-agent-config-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"org-agent-config-service.d.ts","sourceRoot":"","sources":["../../src/services/org-agent-config-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAYnD,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,qBAAqB;IACpB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,GAAG,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAe3D,WAAW,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IA2B3E,GAAG,CACP,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE;QACL,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,cAAc,CAAC;IAkCpB,MAAM,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAQvD"}
|
|
@@ -1,13 +1,10 @@
|
|
|
1
|
-
import { encryptAesGcm, decryptAesGcm
|
|
2
|
-
|
|
3
|
-
const secret = process.env.AGENT_KEY_SECRET ?? "apart-default-agent-key-secret-change-me";
|
|
4
|
-
return deriveKey(secret);
|
|
5
|
-
}
|
|
1
|
+
import { encryptAesGcm, decryptAesGcm } from "../lib/crypto.js";
|
|
2
|
+
import { getAgentKeySecret } from "../lib/encryption-keys.js";
|
|
6
3
|
function encrypt(plaintext) {
|
|
7
|
-
return encryptAesGcm(plaintext,
|
|
4
|
+
return encryptAesGcm(plaintext, getAgentKeySecret());
|
|
8
5
|
}
|
|
9
6
|
function decrypt(encoded) {
|
|
10
|
-
return decryptAesGcm(encoded,
|
|
7
|
+
return decryptAesGcm(encoded, getAgentKeySecret());
|
|
11
8
|
}
|
|
12
9
|
export class OrgAgentConfigService {
|
|
13
10
|
db;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-agent-config-service.js","sourceRoot":"","sources":["../../src/services/org-agent-config-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"org-agent-config-service.js","sourceRoot":"","sources":["../../src/services/org-agent-config-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,SAAS,OAAO,CAAC,SAAiB;IAChC,OAAO,aAAa,CAAC,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,OAAO,CAAC,OAAe;IAC9B,OAAO,aAAa,CAAC,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACrD,CAAC;AAgBD,MAAM,OAAO,qBAAqB;IACZ;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,GAAG,CAAC,cAAsB;QAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC;YACrD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;YAC3C,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,cAAsB;QACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC;YACrD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,oDAAoD;QACpD,MAAM,SAAS,GAAG,MAAM,CAAC,kBAAkB;YACzC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC;YACpC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;QAE5B,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,oGAAoG,CAAC,CAAC;QACxH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;YAC3C,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC;YACnD,SAAS;YACT,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,GAAG,CACP,cAAsB,EACtB,KAOC;QAED,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACpD,MAAM,YAAY,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACvE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC;YACjD,KAAK,EAAE,EAAE,cAAc,EAAE;YACzB,MAAM,EAAE;gBACN,cAAc;gBACd,qBAAqB,EAAE,eAAe;gBACtC,kBAAkB,EAAE,YAAY;gBAChC,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,QAAQ;gBAC9B,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,EAAE;gBAC1C,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,IAAI,EAAE;gBAChD,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;aACpC;YACD,MAAM,EAAE;gBACN,qBAAqB,EAAE,eAAe;gBACtC,kBAAkB,EAAE,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;gBACzE,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,SAAS;gBAC/B,cAAc,EAAE,KAAK,CAAC,cAAc,IAAI,SAAS;gBACjD,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,IAAI,SAAS;gBACvD,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;aACpC;SACF,CAAC,CAAC;QACH,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;YAC3C,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAAsB;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import type { PrismaClient } from "@prisma/client";
|
|
2
|
+
export interface OrgAgentTypeRecord {
|
|
3
|
+
slug: string;
|
|
4
|
+
label: string;
|
|
5
|
+
description: string;
|
|
6
|
+
prompt: string;
|
|
7
|
+
defaultTimeoutMinutes: number;
|
|
8
|
+
isBuiltinOverride: boolean;
|
|
9
|
+
createdBy: string;
|
|
10
|
+
createdAt: Date;
|
|
11
|
+
updatedAt: Date;
|
|
12
|
+
}
|
|
13
|
+
export interface CreateOrgAgentTypeInput {
|
|
14
|
+
slug: string;
|
|
15
|
+
label: string;
|
|
16
|
+
description?: string;
|
|
17
|
+
prompt: string;
|
|
18
|
+
defaultTimeoutMinutes?: number;
|
|
19
|
+
isBuiltinOverride?: boolean;
|
|
20
|
+
createdBy: string;
|
|
21
|
+
}
|
|
22
|
+
export interface UpdateOrgAgentTypeInput {
|
|
23
|
+
label?: string;
|
|
24
|
+
description?: string;
|
|
25
|
+
prompt?: string;
|
|
26
|
+
defaultTimeoutMinutes?: number;
|
|
27
|
+
}
|
|
28
|
+
export declare class OrgAgentTypeService {
|
|
29
|
+
private db;
|
|
30
|
+
constructor(db: PrismaClient);
|
|
31
|
+
list(organizationId: string): Promise<OrgAgentTypeRecord[]>;
|
|
32
|
+
getBySlug(organizationId: string, slug: string): Promise<OrgAgentTypeRecord | null>;
|
|
33
|
+
create(organizationId: string, input: CreateOrgAgentTypeInput, builtinSlugs: string[]): Promise<OrgAgentTypeRecord>;
|
|
34
|
+
update(organizationId: string, slug: string, input: UpdateOrgAgentTypeInput): Promise<OrgAgentTypeRecord>;
|
|
35
|
+
delete(organizationId: string, slug: string): Promise<boolean>;
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=org-agent-type-service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"org-agent-type-service.d.ts","sourceRoot":"","sources":["../../src/services/org-agent-type-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnD,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,qBAAqB,EAAE,MAAM,CAAC;IAC9B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC;AAkBD,qBAAa,mBAAmB;IAClB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,IAAI,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAQ3D,SAAS,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAOnF,MAAM,CACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,uBAAuB,EAC9B,YAAY,EAAE,MAAM,EAAE,GACrB,OAAO,CAAC,kBAAkB,CAAC;IAoCxB,MAAM,CACV,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC;IAcxB,MAAM,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAUrE"}
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
const SLUG_REGEX = /^[a-z][a-z0-9-]*$/;
|
|
2
|
+
function toRecord(row) {
|
|
3
|
+
return {
|
|
4
|
+
slug: row.slug,
|
|
5
|
+
label: row.label,
|
|
6
|
+
description: row.description,
|
|
7
|
+
prompt: row.prompt,
|
|
8
|
+
defaultTimeoutMinutes: row.defaultTimeoutMinutes,
|
|
9
|
+
isBuiltinOverride: row.isBuiltinOverride,
|
|
10
|
+
createdBy: row.createdBy,
|
|
11
|
+
createdAt: row.createdAt,
|
|
12
|
+
updatedAt: row.updatedAt,
|
|
13
|
+
};
|
|
14
|
+
}
|
|
15
|
+
export class OrgAgentTypeService {
|
|
16
|
+
db;
|
|
17
|
+
constructor(db) {
|
|
18
|
+
this.db = db;
|
|
19
|
+
}
|
|
20
|
+
async list(organizationId) {
|
|
21
|
+
const rows = await this.db.orgAgentType.findMany({
|
|
22
|
+
where: { organizationId },
|
|
23
|
+
orderBy: { slug: "asc" },
|
|
24
|
+
});
|
|
25
|
+
return rows.map(toRecord);
|
|
26
|
+
}
|
|
27
|
+
async getBySlug(organizationId, slug) {
|
|
28
|
+
const row = await this.db.orgAgentType.findUnique({
|
|
29
|
+
where: { organizationId_slug: { organizationId, slug } },
|
|
30
|
+
});
|
|
31
|
+
return row ? toRecord(row) : null;
|
|
32
|
+
}
|
|
33
|
+
async create(organizationId, input, builtinSlugs) {
|
|
34
|
+
if (!SLUG_REGEX.test(input.slug) || input.slug.length < 2 || input.slug.length > 50) {
|
|
35
|
+
throw new Error("Slug must be 2-50 lowercase alphanumeric characters or hyphens, starting with a letter");
|
|
36
|
+
}
|
|
37
|
+
const isOverride = input.isBuiltinOverride ?? false;
|
|
38
|
+
if (isOverride && !builtinSlugs.includes(input.slug)) {
|
|
39
|
+
throw new Error(`Cannot override '${input.slug}': not a built-in agent type`);
|
|
40
|
+
}
|
|
41
|
+
if (!isOverride && builtinSlugs.includes(input.slug)) {
|
|
42
|
+
throw new Error(`Slug '${input.slug}' conflicts with a built-in agent type. Use isBuiltinOverride to override it.`);
|
|
43
|
+
}
|
|
44
|
+
const row = await this.db.orgAgentType.upsert({
|
|
45
|
+
where: { organizationId_slug: { organizationId, slug: input.slug } },
|
|
46
|
+
create: {
|
|
47
|
+
organizationId,
|
|
48
|
+
slug: input.slug,
|
|
49
|
+
label: input.label,
|
|
50
|
+
description: input.description ?? "",
|
|
51
|
+
prompt: input.prompt,
|
|
52
|
+
defaultTimeoutMinutes: input.defaultTimeoutMinutes ?? 15,
|
|
53
|
+
isBuiltinOverride: isOverride,
|
|
54
|
+
createdBy: input.createdBy,
|
|
55
|
+
},
|
|
56
|
+
update: {
|
|
57
|
+
label: input.label,
|
|
58
|
+
description: input.description ?? "",
|
|
59
|
+
prompt: input.prompt,
|
|
60
|
+
defaultTimeoutMinutes: input.defaultTimeoutMinutes ?? 15,
|
|
61
|
+
updatedAt: new Date(),
|
|
62
|
+
},
|
|
63
|
+
});
|
|
64
|
+
return toRecord(row);
|
|
65
|
+
}
|
|
66
|
+
async update(organizationId, slug, input) {
|
|
67
|
+
const data = { updatedAt: new Date() };
|
|
68
|
+
if (input.label !== undefined)
|
|
69
|
+
data.label = input.label;
|
|
70
|
+
if (input.description !== undefined)
|
|
71
|
+
data.description = input.description;
|
|
72
|
+
if (input.prompt !== undefined)
|
|
73
|
+
data.prompt = input.prompt;
|
|
74
|
+
if (input.defaultTimeoutMinutes !== undefined)
|
|
75
|
+
data.defaultTimeoutMinutes = input.defaultTimeoutMinutes;
|
|
76
|
+
const row = await this.db.orgAgentType.update({
|
|
77
|
+
where: { organizationId_slug: { organizationId, slug } },
|
|
78
|
+
data,
|
|
79
|
+
});
|
|
80
|
+
return toRecord(row);
|
|
81
|
+
}
|
|
82
|
+
async delete(organizationId, slug) {
|
|
83
|
+
try {
|
|
84
|
+
await this.db.orgAgentType.delete({
|
|
85
|
+
where: { organizationId_slug: { organizationId, slug } },
|
|
86
|
+
});
|
|
87
|
+
return true;
|
|
88
|
+
}
|
|
89
|
+
catch {
|
|
90
|
+
return false;
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
//# sourceMappingURL=org-agent-type-service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"org-agent-type-service.js","sourceRoot":"","sources":["../../src/services/org-agent-type-service.ts"],"names":[],"mappings":"AA+BA,MAAM,UAAU,GAAG,mBAAmB,CAAC;AAEvC,SAAS,QAAQ,CAAC,GAAQ;IACxB,OAAO;QACL,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,qBAAqB,EAAE,GAAG,CAAC,qBAAqB;QAChD,iBAAiB,EAAE,GAAG,CAAC,iBAAiB;QACxC,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,mBAAmB;IACV;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,IAAI,CAAC,cAAsB;QAC/B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;YAC/C,KAAK,EAAE,EAAE,cAAc,EAAE;YACzB,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;SACzB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,cAAsB,EAAE,IAAY;QAClD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC;YAChD,KAAK,EAAE,EAAE,mBAAmB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,EAAE;SACzD,CAAC,CAAC;QACH,OAAO,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,MAAM,CACV,cAAsB,EACtB,KAA8B,EAC9B,YAAsB;QAEtB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACpF,MAAM,IAAI,KAAK,CAAC,wFAAwF,CAAC,CAAC;QAC5G,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,CAAC,iBAAiB,IAAI,KAAK,CAAC;QACpD,IAAI,UAAU,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,oBAAoB,KAAK,CAAC,IAAI,8BAA8B,CAAC,CAAC;QAChF,CAAC;QACD,IAAI,CAAC,UAAU,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,SAAS,KAAK,CAAC,IAAI,+EAA+E,CAAC,CAAC;QACtH,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC5C,KAAK,EAAE,EAAE,mBAAmB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE;YACpE,MAAM,EAAE;gBACN,cAAc;gBACd,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,EAAE;gBACpC,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,qBAAqB,EAAE,KAAK,CAAC,qBAAqB,IAAI,EAAE;gBACxD,iBAAiB,EAAE,UAAU;gBAC7B,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B;YACD,MAAM,EAAE;gBACN,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,EAAE;gBACpC,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,qBAAqB,EAAE,KAAK,CAAC,qBAAqB,IAAI,EAAE;gBACxD,SAAS,EAAE,IAAI,IAAI,EAAE;aACtB;SACF,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,MAAM,CACV,cAAsB,EACtB,IAAY,EACZ,KAA8B;QAE9B,MAAM,IAAI,GAAwB,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;QAC5D,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS;YAAE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;QACxD,IAAI,KAAK,CAAC,WAAW,KAAK,SAAS;YAAE,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC;QAC1E,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QAC3D,IAAI,KAAK,CAAC,qBAAqB,KAAK,SAAS;YAAE,IAAI,CAAC,qBAAqB,GAAG,KAAK,CAAC,qBAAqB,CAAC;QAExG,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC5C,KAAK,EAAE,EAAE,mBAAmB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,EAAE;YACxD,IAAI;SACL,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAAsB,EAAE,IAAY;QAC/C,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;gBAChC,KAAK,EAAE,EAAE,mBAAmB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,EAAE;aACzD,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-embedding-config-service.d.ts","sourceRoot":"","sources":["../../src/services/org-embedding-config-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"org-embedding-config-service.d.ts","sourceRoot":"","sources":["../../src/services/org-embedding-config-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAYnD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,yBAA0B,SAAQ,kBAAkB;IACnE,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,yBAAyB;IACxB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,GAAG,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAc/D,UAAU,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,GAAG,IAAI,CAAC;IAe7E,GAAG,CACP,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GACjG,OAAO,CAAC,kBAAkB,CAAC;IA8BxB,MAAM,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAQvD"}
|
|
@@ -1,13 +1,10 @@
|
|
|
1
|
-
import { encryptAesGcm, decryptAesGcm
|
|
2
|
-
|
|
3
|
-
const secret = process.env.EMBEDDING_KEY_SECRET ?? "apart-default-embedding-key-secret-change-me";
|
|
4
|
-
return deriveKey(secret);
|
|
5
|
-
}
|
|
1
|
+
import { encryptAesGcm, decryptAesGcm } from "../lib/crypto.js";
|
|
2
|
+
import { getEmbeddingKeySecret } from "../lib/encryption-keys.js";
|
|
6
3
|
function encrypt(plaintext) {
|
|
7
|
-
return encryptAesGcm(plaintext,
|
|
4
|
+
return encryptAesGcm(plaintext, getEmbeddingKeySecret());
|
|
8
5
|
}
|
|
9
6
|
function decrypt(encoded) {
|
|
10
|
-
return decryptAesGcm(encoded,
|
|
7
|
+
return decryptAesGcm(encoded, getEmbeddingKeySecret());
|
|
11
8
|
}
|
|
12
9
|
export class OrgEmbeddingConfigService {
|
|
13
10
|
db;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-embedding-config-service.js","sourceRoot":"","sources":["../../src/services/org-embedding-config-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"org-embedding-config-service.js","sourceRoot":"","sources":["../../src/services/org-embedding-config-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAElE,SAAS,OAAO,CAAC,SAAiB;IAChC,OAAO,aAAa,CAAC,SAAS,EAAE,qBAAqB,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,OAAO,CAAC,OAAe;IAC9B,OAAO,aAAa,CAAC,OAAO,EAAE,qBAAqB,EAAE,CAAC,CAAC;AACzD,CAAC;AAcD,MAAM,OAAO,yBAAyB;IAChB;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,GAAG,CAAC,cAAsB;QAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,kBAAkB,CAAC,UAAU,CAAC;YACzD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,cAAsB;QACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,kBAAkB,CAAC,UAAU,CAAC;YACzD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC;YACvC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,GAAG,CACP,cAAsB,EACtB,KAAkG;QAElG,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC;YACrD,KAAK,EAAE,EAAE,cAAc,EAAE;YACzB,MAAM,EAAE;gBACN,cAAc;gBACd,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,eAAe,EAAE,SAAS;gBAC1B,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;aACpC;YACD,MAAM,EAAE;gBACN,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,eAAe,EAAE,SAAS;gBAC1B,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;aACpC;SACF,CAAC,CAAC;QACH,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAAsB;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;YACvE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import type { PrismaClient } from "@prisma/client";
|
|
2
|
+
export interface OrgMcpServerRecord {
|
|
3
|
+
name: string;
|
|
4
|
+
command: string;
|
|
5
|
+
args: string[];
|
|
6
|
+
envKeys: string[];
|
|
7
|
+
agentTypes: string[];
|
|
8
|
+
createdBy: string;
|
|
9
|
+
createdAt: Date;
|
|
10
|
+
updatedAt: Date;
|
|
11
|
+
}
|
|
12
|
+
export interface McpServerConfig {
|
|
13
|
+
name: string;
|
|
14
|
+
command: string;
|
|
15
|
+
args: string[];
|
|
16
|
+
env: Record<string, string>;
|
|
17
|
+
}
|
|
18
|
+
export interface CreateOrgMcpServerInput {
|
|
19
|
+
name: string;
|
|
20
|
+
command?: string;
|
|
21
|
+
args: string[];
|
|
22
|
+
env?: Record<string, string>;
|
|
23
|
+
agentTypes?: string[];
|
|
24
|
+
createdBy: string;
|
|
25
|
+
}
|
|
26
|
+
export interface UpdateOrgMcpServerInput {
|
|
27
|
+
command?: string;
|
|
28
|
+
args?: string[];
|
|
29
|
+
env?: Record<string, string>;
|
|
30
|
+
agentTypes?: string[];
|
|
31
|
+
}
|
|
32
|
+
export declare class OrgMcpServerService {
|
|
33
|
+
private db;
|
|
34
|
+
constructor(db: PrismaClient);
|
|
35
|
+
list(organizationId: string): Promise<OrgMcpServerRecord[]>;
|
|
36
|
+
getByName(organizationId: string, name: string): Promise<OrgMcpServerRecord | null>;
|
|
37
|
+
create(organizationId: string, input: CreateOrgMcpServerInput): Promise<OrgMcpServerRecord>;
|
|
38
|
+
update(organizationId: string, name: string, input: UpdateOrgMcpServerInput): Promise<OrgMcpServerRecord>;
|
|
39
|
+
delete(organizationId: string, name: string): Promise<boolean>;
|
|
40
|
+
getForExecution(organizationId: string, agentType: string): Promise<McpServerConfig[]>;
|
|
41
|
+
}
|
|
42
|
+
//# sourceMappingURL=org-mcp-server-service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"org-mcp-server-service.d.ts","sourceRoot":"","sources":["../../src/services/org-mcp-server-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAYnD,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC7B;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AA2BD,qBAAa,mBAAmB;IAClB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,IAAI,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IAQ3D,SAAS,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAOnF,MAAM,CACV,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC;IAuBxB,MAAM,CACV,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC;IAkBxB,MAAM,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW9D,eAAe,CAAC,cAAc,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;CA8B7F"}
|
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
import { encryptAesGcm, decryptAesGcm } from "../lib/crypto.js";
|
|
2
|
+
import { getAgentKeySecret } from "../lib/encryption-keys.js";
|
|
3
|
+
function encrypt(plaintext) {
|
|
4
|
+
return encryptAesGcm(plaintext, getAgentKeySecret());
|
|
5
|
+
}
|
|
6
|
+
function decrypt(encoded) {
|
|
7
|
+
return decryptAesGcm(encoded, getAgentKeySecret());
|
|
8
|
+
}
|
|
9
|
+
const NAME_REGEX = /^[a-z][a-z0-9-]*$/;
|
|
10
|
+
function toRecord(row) {
|
|
11
|
+
const envKeys = [];
|
|
12
|
+
if (row.envEncrypted) {
|
|
13
|
+
try {
|
|
14
|
+
const decrypted = JSON.parse(decrypt(row.envEncrypted));
|
|
15
|
+
envKeys.push(...Object.keys(decrypted));
|
|
16
|
+
}
|
|
17
|
+
catch {
|
|
18
|
+
// If decryption fails, return empty keys
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
return {
|
|
22
|
+
name: row.name,
|
|
23
|
+
command: row.command,
|
|
24
|
+
args: row.args,
|
|
25
|
+
envKeys,
|
|
26
|
+
agentTypes: row.agentTypes,
|
|
27
|
+
createdBy: row.createdBy,
|
|
28
|
+
createdAt: row.createdAt,
|
|
29
|
+
updatedAt: row.updatedAt,
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
export class OrgMcpServerService {
|
|
33
|
+
db;
|
|
34
|
+
constructor(db) {
|
|
35
|
+
this.db = db;
|
|
36
|
+
}
|
|
37
|
+
async list(organizationId) {
|
|
38
|
+
const rows = await this.db.orgMcpServer.findMany({
|
|
39
|
+
where: { organizationId },
|
|
40
|
+
orderBy: { name: "asc" },
|
|
41
|
+
});
|
|
42
|
+
return rows.map(toRecord);
|
|
43
|
+
}
|
|
44
|
+
async getByName(organizationId, name) {
|
|
45
|
+
const row = await this.db.orgMcpServer.findUnique({
|
|
46
|
+
where: { organizationId_name: { organizationId, name } },
|
|
47
|
+
});
|
|
48
|
+
return row ? toRecord(row) : null;
|
|
49
|
+
}
|
|
50
|
+
async create(organizationId, input) {
|
|
51
|
+
if (!NAME_REGEX.test(input.name) || input.name.length > 100) {
|
|
52
|
+
throw new Error("Name must be lowercase alphanumeric + hyphens, starting with a letter, max 100 chars");
|
|
53
|
+
}
|
|
54
|
+
const envEncrypted = input.env && Object.keys(input.env).length > 0
|
|
55
|
+
? encrypt(JSON.stringify(input.env))
|
|
56
|
+
: null;
|
|
57
|
+
const row = await this.db.orgMcpServer.create({
|
|
58
|
+
data: {
|
|
59
|
+
organizationId,
|
|
60
|
+
name: input.name,
|
|
61
|
+
command: input.command ?? "npx",
|
|
62
|
+
args: input.args,
|
|
63
|
+
envEncrypted,
|
|
64
|
+
agentTypes: input.agentTypes ?? [],
|
|
65
|
+
createdBy: input.createdBy,
|
|
66
|
+
},
|
|
67
|
+
});
|
|
68
|
+
return toRecord(row);
|
|
69
|
+
}
|
|
70
|
+
async update(organizationId, name, input) {
|
|
71
|
+
const data = { updatedAt: new Date() };
|
|
72
|
+
if (input.command !== undefined)
|
|
73
|
+
data.command = input.command;
|
|
74
|
+
if (input.args !== undefined)
|
|
75
|
+
data.args = input.args;
|
|
76
|
+
if (input.env !== undefined) {
|
|
77
|
+
data.envEncrypted = Object.keys(input.env).length > 0
|
|
78
|
+
? encrypt(JSON.stringify(input.env))
|
|
79
|
+
: null;
|
|
80
|
+
}
|
|
81
|
+
if (input.agentTypes !== undefined)
|
|
82
|
+
data.agentTypes = input.agentTypes;
|
|
83
|
+
const row = await this.db.orgMcpServer.update({
|
|
84
|
+
where: { organizationId_name: { organizationId, name } },
|
|
85
|
+
data,
|
|
86
|
+
});
|
|
87
|
+
return toRecord(row);
|
|
88
|
+
}
|
|
89
|
+
async delete(organizationId, name) {
|
|
90
|
+
try {
|
|
91
|
+
await this.db.orgMcpServer.delete({
|
|
92
|
+
where: { organizationId_name: { organizationId, name } },
|
|
93
|
+
});
|
|
94
|
+
return true;
|
|
95
|
+
}
|
|
96
|
+
catch {
|
|
97
|
+
return false;
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
async getForExecution(organizationId, agentType) {
|
|
101
|
+
const rows = await this.db.orgMcpServer.findMany({
|
|
102
|
+
where: { organizationId },
|
|
103
|
+
});
|
|
104
|
+
const results = [];
|
|
105
|
+
for (const row of rows) {
|
|
106
|
+
const types = row.agentTypes;
|
|
107
|
+
if (types.length > 0 && !types.includes(agentType))
|
|
108
|
+
continue;
|
|
109
|
+
let env = {};
|
|
110
|
+
if (row.envEncrypted) {
|
|
111
|
+
try {
|
|
112
|
+
env = JSON.parse(decrypt(row.envEncrypted));
|
|
113
|
+
}
|
|
114
|
+
catch {
|
|
115
|
+
// Skip servers with corrupted env data
|
|
116
|
+
continue;
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
results.push({
|
|
120
|
+
name: row.name,
|
|
121
|
+
command: row.command,
|
|
122
|
+
args: row.args,
|
|
123
|
+
env,
|
|
124
|
+
});
|
|
125
|
+
}
|
|
126
|
+
return results;
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
//# sourceMappingURL=org-mcp-server-service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"org-mcp-server-service.js","sourceRoot":"","sources":["../../src/services/org-mcp-server-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,SAAS,OAAO,CAAC,SAAiB;IAChC,OAAO,aAAa,CAAC,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,OAAO,CAAC,OAAe;IAC9B,OAAO,aAAa,CAAC,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;AACrD,CAAC;AAoCD,MAAM,UAAU,GAAG,mBAAmB,CAAC;AAEvC,SAAS,QAAQ,CAAC,GAAQ;IACxB,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;YACxD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,IAAI,EAAE,GAAG,CAAC,IAAgB;QAC1B,OAAO;QACP,UAAU,EAAE,GAAG,CAAC,UAAsB;QACtC,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;KACzB,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,mBAAmB;IACV;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,IAAI,CAAC,cAAsB;QAC/B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;YAC/C,KAAK,EAAE,EAAE,cAAc,EAAE;YACzB,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE;SACzB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,cAAsB,EAAE,IAAY;QAClD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC;YAChD,KAAK,EAAE,EAAE,mBAAmB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,EAAE;SACzD,CAAC,CAAC;QACH,OAAO,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,MAAM,CACV,cAAsB,EACtB,KAA8B;QAE9B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CAAC,sFAAsF,CAAC,CAAC;QAC1G,CAAC;QAED,MAAM,YAAY,GAAG,KAAK,CAAC,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC;YACjE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC,CAAC,IAAI,CAAC;QAET,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC5C,IAAI,EAAE;gBACJ,cAAc;gBACd,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,KAAK;gBAC/B,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,YAAY;gBACZ,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,EAAE;gBAClC,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B;SACF,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,MAAM,CACV,cAAsB,EACtB,IAAY,EACZ,KAA8B;QAE9B,MAAM,IAAI,GAAwB,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;QAC5D,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS;YAAE,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC9D,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS;YAAE,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QACrD,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YAC5B,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC;gBACnD,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACpC,CAAC,CAAC,IAAI,CAAC;QACX,CAAC;QACD,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS;YAAE,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;QAEvE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC5C,KAAK,EAAE,EAAE,mBAAmB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,EAAE;YACxD,IAAI;SACL,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAAsB,EAAE,IAAY;QAC/C,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;gBAChC,KAAK,EAAE,EAAE,mBAAmB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,EAAE;aACzD,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,cAAsB,EAAE,SAAiB;QAC7D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;YAC/C,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QAEH,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,GAAG,CAAC,UAAsB,CAAC;YACzC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAAE,SAAS;YAE7D,IAAI,GAAG,GAA2B,EAAE,CAAC;YACrC,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;gBACrB,IAAI,CAAC;oBACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC9C,CAAC;gBAAC,MAAM,CAAC;oBACP,uCAAuC;oBACvC,SAAS;gBACX,CAAC;YACH,CAAC;YAED,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAgB;gBAC1B,GAAG;aACJ,CAAC,CAAC;QACL,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-pii-config-service.d.ts","sourceRoot":"","sources":["../../src/services/org-pii-config-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"org-pii-config-service.d.ts","sourceRoot":"","sources":["../../src/services/org-pii-config-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAYnD,MAAM,MAAM,OAAO,GAAG,SAAS,GAAG,aAAa,GAAG,UAAU,CAAC;AAE7D,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,OAAO,CAAC;IACd,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAoB,SAAQ,YAAY;IACvD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,mBAAmB;IAClB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,GAAG,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAczD,UAAU,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAevE,GAAG,CACP,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE;QACL,IAAI,EAAE,OAAO,CAAC;QACd,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;QAC3B,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,YAAY,CAAC;IAsClB,MAAM,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAStD;;OAEG;IACH,WAAW,IAAI,MAAM;CAGtB"}
|
|
@@ -1,14 +1,11 @@
|
|
|
1
1
|
import { randomBytes } from "node:crypto";
|
|
2
|
-
import { encryptAesGcm, decryptAesGcm
|
|
3
|
-
|
|
4
|
-
const secret = process.env.PII_KEY_SECRET ?? "apart-default-pii-key-secret-change-me";
|
|
5
|
-
return deriveKey(secret);
|
|
6
|
-
}
|
|
2
|
+
import { encryptAesGcm, decryptAesGcm } from "../lib/crypto.js";
|
|
3
|
+
import { getPiiKeySecret } from "../lib/encryption-keys.js";
|
|
7
4
|
function encryptPiiKey(plaintext) {
|
|
8
|
-
return encryptAesGcm(plaintext,
|
|
5
|
+
return encryptAesGcm(plaintext, getPiiKeySecret());
|
|
9
6
|
}
|
|
10
7
|
function decryptPiiKey(encoded) {
|
|
11
|
-
return decryptAesGcm(encoded,
|
|
8
|
+
return decryptAesGcm(encoded, getPiiKeySecret());
|
|
12
9
|
}
|
|
13
10
|
export class OrgPiiConfigService {
|
|
14
11
|
db;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"org-pii-config-service.js","sourceRoot":"","sources":["../../src/services/org-pii-config-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"org-pii-config-service.js","sourceRoot":"","sources":["../../src/services/org-pii-config-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAE5D,SAAS,aAAa,CAAC,SAAiB;IACtC,OAAO,aAAa,CAAC,SAAS,EAAE,eAAe,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,aAAa,CAAC,OAAe;IACpC,OAAO,aAAa,CAAC,OAAO,EAAE,eAAe,EAAE,CAAC,CAAC;AACnD,CAAC;AAgBD,MAAM,OAAO,mBAAmB;IACV;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,GAAG,CAAC,cAAsB;QAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC;YACnD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAe;YAC5B,eAAe,EAAE,MAAM,CAAC,eAA2B;YACnD,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,cAAsB;QACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC;YACnD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAe;YAC5B,eAAe,EAAE,MAAM,CAAC,eAA2B;YACnD,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC;YACjE,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,GAAG,CACP,cAAsB,EACtB,KAKC;QAED,0DAA0D;QAC1D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC;YACrD,KAAK,EAAE,EAAE,cAAc,EAAE;SAC1B,CAAC,CAAC;QAEH,MAAM,eAAe,GAAG,QAAQ;YAC9B,CAAC,CAAC,QAAQ,CAAC,eAAe;YAC1B,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC/C,KAAK,EAAE,EAAE,cAAc,EAAE;YACzB,MAAM,EAAE;gBACN,cAAc;gBACd,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,eAAe;gBACf,eAAe,EAAE,CAAC,KAAK,CAAC,eAAe,IAAI,EAAE,CAA8D;gBAC3G,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,KAAK;gBACvC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;aACpC;YACD,MAAM,EAAE;gBACN,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,eAAe,EAAE,CAAC,KAAK,CAAC,eAAe,IAAI,QAAQ,EAAE,eAAe,IAAI,EAAE,CAA8D;gBACxI,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,QAAQ,EAAE,WAAW,IAAI,KAAK;gBAChE,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;aACpC;SACF,CAAC,CAAC;QAEH,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAe;YAC5B,eAAe,EAAE,MAAM,CAAC,eAA2B;YACnD,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,cAAsB;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;YACjE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC;IACzB,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-service.d.ts","sourceRoot":"","sources":["../../src/services/user-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"user-service.d.ts","sourceRoot":"","sources":["../../src/services/user-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAInF,YAAY,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAE3C,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG;IAAE,YAAY,EAAE,YAAY,CAAA;CAAE,CAAC;AAE5E,qBAAa,WAAW;IACV,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,YAAY;IAE9B,sBAAsB,CAC1B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC;IAsBV,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAIzC,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAIrD,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAO5D,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQjE,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAStD,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOhD,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQvE,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAS5D,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAStD,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAQrE,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAU7D,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAMxD;AAID,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;CAChD"}
|
|
@@ -1,8 +1,5 @@
|
|
|
1
|
-
import { encryptAesGcm, decryptAesGcm
|
|
2
|
-
|
|
3
|
-
const secret = process.env.AGENT_KEY_SECRET ?? "apart-default-agent-key-secret-change-me";
|
|
4
|
-
return deriveKey(secret);
|
|
5
|
-
}
|
|
1
|
+
import { encryptAesGcm, decryptAesGcm } from "../lib/crypto.js";
|
|
2
|
+
import { getAgentKeySecret } from "../lib/encryption-keys.js";
|
|
6
3
|
export class UserService {
|
|
7
4
|
db;
|
|
8
5
|
constructor(db) {
|
|
@@ -41,7 +38,7 @@ export class UserService {
|
|
|
41
38
|
});
|
|
42
39
|
}
|
|
43
40
|
async setClaudeToken(userId, plainToken) {
|
|
44
|
-
const encrypted = encryptAesGcm(plainToken,
|
|
41
|
+
const encrypted = encryptAesGcm(plainToken, getAgentKeySecret());
|
|
45
42
|
await this.db.user.update({
|
|
46
43
|
where: { id: userId },
|
|
47
44
|
data: { claudeOauthTokenEncrypted: encrypted, updatedAt: new Date() },
|
|
@@ -54,7 +51,7 @@ export class UserService {
|
|
|
54
51
|
});
|
|
55
52
|
if (!user?.claudeOauthTokenEncrypted)
|
|
56
53
|
return null;
|
|
57
|
-
return decryptAesGcm(user.claudeOauthTokenEncrypted,
|
|
54
|
+
return decryptAesGcm(user.claudeOauthTokenEncrypted, getAgentKeySecret());
|
|
58
55
|
}
|
|
59
56
|
async deleteClaudeToken(userId) {
|
|
60
57
|
await this.db.user.update({
|
|
@@ -63,7 +60,7 @@ export class UserService {
|
|
|
63
60
|
});
|
|
64
61
|
}
|
|
65
62
|
async setApartRefreshToken(userId, plainToken) {
|
|
66
|
-
const encrypted = encryptAesGcm(plainToken,
|
|
63
|
+
const encrypted = encryptAesGcm(plainToken, getAgentKeySecret());
|
|
67
64
|
await this.db.user.update({
|
|
68
65
|
where: { id: userId },
|
|
69
66
|
data: { apartRefreshTokenEncrypted: encrypted, updatedAt: new Date() },
|
|
@@ -76,7 +73,7 @@ export class UserService {
|
|
|
76
73
|
});
|
|
77
74
|
if (!user?.apartRefreshTokenEncrypted)
|
|
78
75
|
return null;
|
|
79
|
-
return decryptAesGcm(user.apartRefreshTokenEncrypted,
|
|
76
|
+
return decryptAesGcm(user.apartRefreshTokenEncrypted, getAgentKeySecret());
|
|
80
77
|
}
|
|
81
78
|
async deleteApartRefreshToken(userId) {
|
|
82
79
|
await this.db.user.update({
|
|
@@ -86,7 +83,7 @@ export class UserService {
|
|
|
86
83
|
}
|
|
87
84
|
// ── Agent secrets (encrypted JSON blob) ──────────────────────────────────
|
|
88
85
|
async setAgentSecrets(userId, secrets) {
|
|
89
|
-
const encrypted = encryptAesGcm(JSON.stringify(secrets),
|
|
86
|
+
const encrypted = encryptAesGcm(JSON.stringify(secrets), getAgentKeySecret());
|
|
90
87
|
await this.db.user.update({
|
|
91
88
|
where: { id: userId },
|
|
92
89
|
data: { agentSecretsEncrypted: encrypted, updatedAt: new Date() },
|
|
@@ -99,7 +96,7 @@ export class UserService {
|
|
|
99
96
|
});
|
|
100
97
|
if (!user?.agentSecretsEncrypted)
|
|
101
98
|
return null;
|
|
102
|
-
const json = decryptAesGcm(user.agentSecretsEncrypted,
|
|
99
|
+
const json = decryptAesGcm(user.agentSecretsEncrypted, getAgentKeySecret());
|
|
103
100
|
return JSON.parse(json);
|
|
104
101
|
}
|
|
105
102
|
async deleteAgentSecrets(userId) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-service.js","sourceRoot":"","sources":["../../src/services/user-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"user-service.js","sourceRoot":"","sources":["../../src/services/user-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAM9D,MAAM,OAAO,WAAW;IACF;IAApB,YAAoB,EAAgB;QAAhB,OAAE,GAAF,EAAE,CAAc;IAAG,CAAC;IAExC,KAAK,CAAC,sBAAsB,CAC1B,QAAgB,EAChB,KAAa,EACb,IAAa;QAEb,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;QACxE,IAAI,QAAQ,EAAE,CAAC;YACb,+BAA+B;YAC/B,IAAI,QAAQ,CAAC,KAAK,KAAK,KAAK,IAAI,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;gBACjE,OAAO,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;oBACzB,KAAK,EAAE,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE;oBAC1B,IAAI,EAAE;wBACJ,KAAK;wBACL,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBACzB,SAAS,EAAE,IAAI,IAAI,EAAE;qBACtB;iBACF,CAAC,CAAC;YACL,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,OAAO,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACzB,IAAI,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EAAU;QACtB,OAAO,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YACjC,KAAK,EAAE,EAAE,MAAM,EAAE;YACjB,OAAO,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,UAAkB;QACrD,MAAM,SAAS,GAAG,aAAa,CAAC,UAAU,EAAE,iBAAiB,EAAE,CAAC,CAAC;QACjE,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,yBAAyB,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SACtE,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;YACzC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE,yBAAyB,EAAE,IAAI,EAAE;SAC5C,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,yBAAyB;YAAE,OAAO,IAAI,CAAC;QAClD,OAAO,aAAa,CAAC,IAAI,CAAC,yBAAyB,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,MAAc;QACpC,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,yBAAyB,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SACjE,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,MAAc,EAAE,UAAkB;QAC3D,MAAM,SAAS,GAAG,aAAa,CAAC,UAAU,EAAE,iBAAiB,EAAE,CAAC,CAAC;QACjE,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,0BAA0B,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SACvE,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,MAAc;QACvC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;YACzC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE,0BAA0B,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,0BAA0B;YAAE,OAAO,IAAI,CAAC;QACnD,OAAO,aAAa,CAAC,IAAI,CAAC,0BAA0B,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,MAAc;QAC1C,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,0BAA0B,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SAClE,CAAC,CAAC;IACL,CAAC;IAED,4EAA4E;IAE5E,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,OAAqB;QACzD,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC9E,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,qBAAqB,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SAClE,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;YACzC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE;SACxC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,qBAAqB;YAAE,OAAO,IAAI,CAAC;QAC9C,MAAM,IAAI,GAAG,aAAa,CAAC,IAAI,CAAC,qBAAqB,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC5E,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,MAAc;QACrC,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;SAC7D,CAAC,CAAC;IACL,CAAC;CACF"}
|
package/package.json
CHANGED
package/prisma/schema.prisma
CHANGED
|
@@ -27,6 +27,8 @@ model Organization {
|
|
|
27
27
|
agentSchedules AgentSchedule[]
|
|
28
28
|
memberships Membership[]
|
|
29
29
|
invites Invite[]
|
|
30
|
+
orgAgentTypes OrgAgentType[]
|
|
31
|
+
orgMcpServers OrgMcpServer[]
|
|
30
32
|
|
|
31
33
|
@@map("organizations")
|
|
32
34
|
}
|
|
@@ -237,6 +239,45 @@ model OrgAgentConfig {
|
|
|
237
239
|
@@map("org_agent_config")
|
|
238
240
|
}
|
|
239
241
|
|
|
242
|
+
model OrgAgentType {
|
|
243
|
+
id String @id @default(uuid()) @db.Uuid
|
|
244
|
+
organizationId String @map("organization_id") @db.Uuid
|
|
245
|
+
slug String @db.VarChar(50)
|
|
246
|
+
label String @db.VarChar(200)
|
|
247
|
+
description String @default("") @db.Text
|
|
248
|
+
prompt String @db.Text
|
|
249
|
+
defaultTimeoutMinutes Int @default(15) @map("default_timeout_minutes")
|
|
250
|
+
isBuiltinOverride Boolean @default(false) @map("is_builtin_override")
|
|
251
|
+
createdBy String @map("created_by") @db.VarChar(255)
|
|
252
|
+
createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz
|
|
253
|
+
updatedAt DateTime @default(now()) @map("updated_at") @db.Timestamptz
|
|
254
|
+
|
|
255
|
+
organization Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
|
|
256
|
+
|
|
257
|
+
@@unique([organizationId, slug], map: "uq_org_agent_type_org_slug")
|
|
258
|
+
@@index([organizationId], map: "idx_org_agent_types_organization")
|
|
259
|
+
@@map("org_agent_types")
|
|
260
|
+
}
|
|
261
|
+
|
|
262
|
+
model OrgMcpServer {
|
|
263
|
+
id String @id @default(uuid()) @db.Uuid
|
|
264
|
+
organizationId String @map("organization_id") @db.Uuid
|
|
265
|
+
name String @db.VarChar(100)
|
|
266
|
+
command String @default("npx") @db.VarChar(500)
|
|
267
|
+
args Json @default("[]")
|
|
268
|
+
envEncrypted String? @map("env_encrypted") @db.Text
|
|
269
|
+
agentTypes Json @default("[]") @map("agent_types")
|
|
270
|
+
createdBy String @map("created_by") @db.VarChar(255)
|
|
271
|
+
createdAt DateTime @default(now()) @map("created_at") @db.Timestamptz
|
|
272
|
+
updatedAt DateTime @default(now()) @map("updated_at") @db.Timestamptz
|
|
273
|
+
|
|
274
|
+
organization Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
|
|
275
|
+
|
|
276
|
+
@@unique([organizationId, name], map: "uq_org_mcp_server_org_name")
|
|
277
|
+
@@index([organizationId], map: "idx_org_mcp_servers_organization")
|
|
278
|
+
@@map("org_mcp_servers")
|
|
279
|
+
}
|
|
280
|
+
|
|
240
281
|
model AgentRun {
|
|
241
282
|
id String @id @default(uuid()) @db.Uuid
|
|
242
283
|
organizationId String @map("organization_id") @db.Uuid
|