@crewai-ts/core 0.1.13 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/dist/agent.d.ts +16 -18
  2. package/dist/auth.cjs +598 -0
  3. package/dist/auth.js +40 -0
  4. package/dist/{chunk-3PVW4JKT.js → chunk-C43UEMCX.js} +6712 -7268
  5. package/dist/chunk-CCOE6MLE.js +896 -0
  6. package/dist/chunk-HFQTF332.js +4455 -0
  7. package/dist/{chunk-BE4JYKSG.js → chunk-MM4ROIFG.js} +12 -1490
  8. package/dist/chunk-RH43TNKN.js +238 -0
  9. package/dist/chunk-S477WFUT.js +565 -0
  10. package/dist/chunk-SB7ADUQA.js +110 -0
  11. package/dist/chunk-T32G6KDW.js +40 -0
  12. package/dist/crew.d.ts +24 -26
  13. package/dist/events.cjs +7513 -0
  14. package/dist/events.js +406 -0
  15. package/dist/experimental-conversational.cjs +272 -0
  16. package/dist/experimental-conversational.js +26 -0
  17. package/dist/feature-hooks.cjs +149 -0
  18. package/dist/feature-hooks.d.ts +94 -0
  19. package/dist/feature-hooks.js +36 -0
  20. package/dist/index.cjs +33923 -64381
  21. package/dist/index.d.ts +2 -15
  22. package/dist/index.js +16720 -49562
  23. package/dist/input-provider.d.ts +3 -4
  24. package/dist/lite-agent.d.ts +4 -4
  25. package/dist/llm.cjs +7467 -0
  26. package/dist/llm.d.ts +0 -4
  27. package/dist/llm.js +225 -0
  28. package/dist/optional-yaml.d.ts +8 -0
  29. package/dist/project.d.ts +1 -1
  30. package/dist/schema-utils.cjs +968 -0
  31. package/dist/schema-utils.d.ts +1 -1
  32. package/dist/schema-utils.js +102 -0
  33. package/dist/state-provider-core.js +3 -2
  34. package/dist/task.d.ts +3 -4
  35. package/dist/tools.cjs +6872 -0
  36. package/dist/tools.d.ts +0 -60
  37. package/dist/tools.js +114 -0
  38. package/dist/types.cjs +68 -0
  39. package/dist/types.js +14 -0
  40. package/package.json +52 -111
  41. package/dist/a2a.d.ts +0 -1684
  42. package/dist/a2ui-schemas.d.ts +0 -3312
  43. package/dist/a2ui.d.ts +0 -379
  44. package/dist/flow-conversation.d.ts +0 -90
  45. package/dist/flow-definition.d.ts +0 -195
  46. package/dist/flow-persistence.d.ts +0 -107
  47. package/dist/flow-visualization.d.ts +0 -77
  48. package/dist/flow.d.ts +0 -927
  49. package/dist/knowledge.d.ts +0 -353
  50. package/dist/mcp-DS7UMYAM.js +0 -62
  51. package/dist/mcp.d.ts +0 -315
  52. package/dist/memory.d.ts +0 -915
  53. package/dist/openai-completion.d.ts +0 -327
  54. package/dist/provider-completions.d.ts +0 -596
  55. package/dist/rag.d.ts +0 -1074
package/dist/chunk-S477WFUT.js ADDED
@@ -0,0 +1,565 @@
1
+ // src/auth.ts
2
+ import { existsSync, mkdirSync, openSync, readFileSync, renameSync, rmSync, writeFileSync } from "fs";
3
+ import { mkdtempSync } from "fs";
4
+ import { tmpdir, homedir } from "os";
5
+ import { join } from "path";
6
+ import {
7
+ createCipheriv,
8
+ createDecipheriv,
9
+ createHash,
10
+ createPublicKey,
11
+ randomBytes,
12
+ timingSafeEqual,
13
+ verify
14
+ } from "crypto";
15
+ var ALGORITHMS = ["RS256"];
16
+ var AuthError = class extends Error {
17
+ constructor(message) {
18
+ super(message);
19
+ this.name = "AuthError";
20
+ }
21
+ };
22
+ var TokenManager = class {
23
+ filePath;
24
+ file_path;
25
+ storageDir;
26
+ storage_dir;
27
+ key;
28
+ constructor(filePathOrOptions = "tokens.enc") {
29
+ const options = typeof filePathOrOptions === "string" ? { filePath: filePathOrOptions } : filePathOrOptions;
30
+ this.filePath = options.filePath ?? options.file_path ?? "tokens.enc";
31
+ this.file_path = this.filePath;
32
+ this.storageDir = options.storageDir ?? options.storage_dir ?? getSecureStoragePath();
33
+ this.storage_dir = this.storageDir;
34
+ mkdirSync(this.storageDir, { recursive: true, mode: 448 });
35
+ this.key = this.getOrCreateKey();
36
+ }
37
+ saveTokens(accessToken, expiresAt) {
38
+ const data = {
39
+ access_token: accessToken,
40
+ expiration: new Date(expiresAt * 1e3).toISOString()
41
+ };
42
+ this.atomicWriteSecureFile(this.filePath, encryptJson(data, this.key));
43
+ }
44
+ save_tokens(accessToken, expiresAt) {
45
+ this.saveTokens(accessToken, expiresAt);
46
+ }
47
+ getToken() {
48
+ const encrypted = this.readSecureFile(this.filePath);
49
+ if (!encrypted) {
50
+ return null;
51
+ }
52
+ const data = decryptJson(encrypted, this.key);
53
+ const expiration = Date.parse(data.expiration);
54
+ if (!Number.isFinite(expiration) || expiration <= Date.now()) {
55
+ return null;
56
+ }
57
+ return data.access_token;
58
+ }
59
+ get_token() {
60
+ return this.getToken();
61
+ }
62
+ clearTokens() {
63
+ this.deleteSecureFile(this.filePath);
64
+ }
65
+ clear_tokens() {
66
+ this.clearTokens();
67
+ }
68
+ getOrCreateKey() {
69
+ const key = this.readSecureFile("secret.key");
70
+ if (key && key.length === 32) {
71
+ return key;
72
+ }
73
+ const newKey = randomBytes(32);
74
+ if (this.atomicCreateSecureFile("secret.key", newKey)) {
75
+ return newKey;
76
+ }
77
+ const retryKey = this.readSecureFile("secret.key");
78
+ if (retryKey && retryKey.length === 32) {
79
+ return retryKey;
80
+ }
81
+ throw new Error("Failed to create or read encryption key");
82
+ }
83
+ atomicCreateSecureFile(filename, content) {
84
+ const path = join(this.storageDir, filename);
85
+ try {
86
+ const fd = openSync(path, "wx", 384);
87
+ writeFileSync(fd, content);
88
+ return true;
89
+ } catch (error) {
90
+ if (error instanceof Error && "code" in error && error.code === "EEXIST") {
91
+ return false;
92
+ }
93
+ throw error;
94
+ }
95
+ }
96
+ atomicWriteSecureFile(filename, content) {
97
+ const tempPath = join(this.storageDir, `.${filename}.${randomBytes(8).toString("hex")}`);
98
+ const finalPath = join(this.storageDir, filename);
99
+ writeFileSync(tempPath, content, { mode: 384 });
100
+ renameSync(tempPath, finalPath);
101
+ }
102
+ readSecureFile(filename) {
103
+ const path = join(this.storageDir, filename);
104
+ return existsSync(path) ? readFileSync(path) : null;
105
+ }
106
+ deleteSecureFile(filename) {
107
+ rmSync(join(this.storageDir, filename), { force: true });
108
+ }
109
+ };
110
+ function getAuthToken(tokenManager = new TokenManager()) {
111
+ const accessToken = tokenManager.getToken();
112
+ if (!accessToken) {
113
+ throw new AuthError("No token found, make sure you are logged in");
114
+ }
115
+ return accessToken;
116
+ }
117
+ var get_auth_token = getAuthToken;
118
+ var Oauth2Settings = class _Oauth2Settings {
119
+ provider;
120
+ clientId;
121
+ client_id;
122
+ domain;
123
+ audience;
124
+ extra;
125
+ constructor(options) {
126
+ const clientId = options.clientId ?? options.client_id;
127
+ if (!clientId) {
128
+ throw new Error("Oauth2Settings requires clientId.");
129
+ }
130
+ this.provider = options.provider;
131
+ this.clientId = clientId;
132
+ this.client_id = clientId;
133
+ this.domain = options.domain;
134
+ this.audience = options.audience ?? null;
135
+ this.extra = { ...options.extra ?? {} };
136
+ }
137
+ static fromSettings(settings) {
138
+ return new _Oauth2Settings(settings);
139
+ }
140
+ static from_settings(settings) {
141
+ return _Oauth2Settings.fromSettings(settings);
142
+ }
143
+ };
144
+ var BaseProvider = class {
145
+ settings;
146
+ constructor(settings) {
147
+ this.settings = settings;
148
+ }
149
+ get_authorize_url() {
150
+ return this.getAuthorizeUrl();
151
+ }
152
+ get_token_url() {
153
+ return this.getTokenUrl();
154
+ }
155
+ get_jwks_url() {
156
+ return this.getJwksUrl();
157
+ }
158
+ get_issuer() {
159
+ return this.getIssuer();
160
+ }
161
+ get_audience() {
162
+ return this.getAudience();
163
+ }
164
+ get_client_id() {
165
+ return this.getClientId();
166
+ }
167
+ getRequiredFields() {
168
+ return [];
169
+ }
170
+ get_required_fields() {
171
+ return this.getRequiredFields();
172
+ }
173
+ getOauthScopes() {
174
+ return ["openid", "profile", "email"];
175
+ }
176
+ get_oauth_scopes() {
177
+ return this.getOauthScopes();
178
+ }
179
+ };
180
+ var Auth0Provider = class extends BaseProvider {
181
+ getAuthorizeUrl() {
182
+ return `https://${this.domain()}/oauth/device/code`;
183
+ }
184
+ getTokenUrl() {
185
+ return `https://${this.domain()}/oauth/token`;
186
+ }
187
+ getJwksUrl() {
188
+ return `https://${this.domain()}/.well-known/jwks.json`;
189
+ }
190
+ getIssuer() {
191
+ return `https://${this.domain()}/`;
192
+ }
193
+ getAudience() {
194
+ return required(this.settings.audience, "Audience");
195
+ }
196
+ getClientId() {
197
+ return this.settings.clientId;
198
+ }
199
+ domain() {
200
+ return required(this.settings.domain, "Domain");
201
+ }
202
+ };
203
+ var WorkosProvider = class extends BaseProvider {
204
+ getAuthorizeUrl() {
205
+ return `https://${this.domain()}/oauth2/device_authorization`;
206
+ }
207
+ getTokenUrl() {
208
+ return `https://${this.domain()}/oauth2/token`;
209
+ }
210
+ getJwksUrl() {
211
+ return `https://${this.domain()}/oauth2/jwks`;
212
+ }
213
+ getIssuer() {
214
+ return `https://${this.domain()}`;
215
+ }
216
+ getAudience() {
217
+ return this.settings.audience ?? "";
218
+ }
219
+ getClientId() {
220
+ return this.settings.clientId;
221
+ }
222
+ domain() {
223
+ return required(this.settings.domain, "Domain");
224
+ }
225
+ };
226
+ var EntraIdProvider = class extends BaseProvider {
227
+ getAuthorizeUrl() {
228
+ return `${this.baseUrl()}/oauth2/v2.0/devicecode`;
229
+ }
230
+ getTokenUrl() {
231
+ return `${this.baseUrl()}/oauth2/v2.0/token`;
232
+ }
233
+ getJwksUrl() {
234
+ return `${this.baseUrl()}/discovery/v2.0/keys`;
235
+ }
236
+ getIssuer() {
237
+ return `${this.baseUrl()}/v2.0`;
238
+ }
239
+ getAudience() {
240
+ return required(this.settings.audience, "Audience");
241
+ }
242
+ getClientId() {
243
+ return this.settings.clientId;
244
+ }
245
+ getOauthScopes() {
246
+ return [...super.getOauthScopes(), ...stringFromUnknown(this.settings.extra.scope).split(/\s+/).filter(Boolean)];
247
+ }
248
+ getRequiredFields() {
249
+ return ["scope"];
250
+ }
251
+ baseUrl() {
252
+ return `https://login.microsoftonline.com/${this.settings.domain}`;
253
+ }
254
+ };
255
+ var KeycloakProvider = class extends BaseProvider {
256
+ getAuthorizeUrl() {
257
+ return `${this.baseUrl()}/realms/${String(this.settings.extra.realm)}/protocol/openid-connect/auth/device`;
258
+ }
259
+ getTokenUrl() {
260
+ return `${this.baseUrl()}/realms/${String(this.settings.extra.realm)}/protocol/openid-connect/token`;
261
+ }
262
+ getJwksUrl() {
263
+ return `${this.baseUrl()}/realms/${String(this.settings.extra.realm)}/protocol/openid-connect/certs`;
264
+ }
265
+ getIssuer() {
266
+ return `${this.baseUrl()}/realms/${String(this.settings.extra.realm)}`;
267
+ }
268
+ getAudience() {
269
+ return this.settings.audience ?? "no-audience-provided";
270
+ }
271
+ getClientId() {
272
+ return this.settings.clientId;
273
+ }
274
+ getRequiredFields() {
275
+ return ["realm"];
276
+ }
277
+ baseUrl() {
278
+ return `https://${this.settings.domain.replace(/^https?:\/\//, "")}`;
279
+ }
280
+ };
281
+ var OktaProvider = class extends BaseProvider {
282
+ getAuthorizeUrl() {
283
+ return `${this.baseUrl()}/v1/device/authorize`;
284
+ }
285
+ getTokenUrl() {
286
+ return `${this.baseUrl()}/v1/token`;
287
+ }
288
+ getJwksUrl() {
289
+ return `${this.baseUrl()}/v1/keys`;
290
+ }
291
+ getIssuer() {
292
+ return this.baseUrl().replace(/\/oauth2$/, "");
293
+ }
294
+ getAudience() {
295
+ return required(this.settings.audience, "Audience");
296
+ }
297
+ getClientId() {
298
+ return this.settings.clientId;
299
+ }
300
+ getRequiredFields() {
301
+ return ["authorization_server_name", "using_org_auth_server"];
302
+ }
303
+ baseUrl() {
304
+ return this.settings.extra.using_org_auth_server ? `https://${this.settings.domain}/oauth2` : `https://${this.settings.domain}/oauth2/${stringFromUnknown(this.settings.extra.authorization_server_name, "default")}`;
305
+ }
306
+ };
307
+ var providerRegistry = /* @__PURE__ */ new Map([
308
+ ["auth0", Auth0Provider],
309
+ ["workos", WorkosProvider],
310
+ ["entra_id", EntraIdProvider],
311
+ ["okta", OktaProvider],
312
+ ["keycloak", KeycloakProvider]
313
+ ]);
314
+ var ProviderFactory = {
315
+ register(provider, providerClass) {
316
+ providerRegistry.set(provider.toLowerCase(), providerClass);
317
+ },
318
+ fromSettings(settings) {
319
+ const providerClass = providerRegistry.get(settings.provider.toLowerCase());
320
+ if (!providerClass) {
321
+ throw new Error(`Unsupported OAuth2 provider: ${settings.provider}`);
322
+ }
323
+ return new providerClass(settings);
324
+ },
325
+ from_settings(settings) {
326
+ return ProviderFactory.fromSettings(settings);
327
+ }
328
+ };
329
+ var AuthenticationCommand = class {
330
+ tokenManager;
331
+ token_manager;
332
+ oauth2Provider;
333
+ oauth2_provider;
334
+ fetchImpl;
335
+ openBrowser;
336
+ maxAttempts;
337
+ constructor(options = {}) {
338
+ this.tokenManager = options.tokenManager ?? options.token_manager ?? new TokenManager();
339
+ this.token_manager = this.tokenManager;
340
+ this.oauth2Provider = options.oauth2Provider ?? options.oauth2_provider ?? ProviderFactory.fromSettings(defaultOauth2Settings());
341
+ this.oauth2_provider = this.oauth2Provider;
342
+ this.fetchImpl = options.fetch ?? fetch;
343
+ this.openBrowser = options.openBrowser ?? options.open_browser ?? (() => void 0);
344
+ this.maxAttempts = options.maxAttempts ?? options.max_attempts ?? 10;
345
+ }
346
+ async login() {
347
+ const deviceCodeData = await this.getDeviceCode();
348
+ this.displayAuthInstructions(deviceCodeData);
349
+ await this.pollForToken(deviceCodeData);
350
+ }
351
+ async getDeviceCode() {
352
+ const response = await this.fetchImpl(this.oauth2Provider.getAuthorizeUrl(), {
353
+ method: "POST",
354
+ body: formBody({
355
+ client_id: this.oauth2Provider.getClientId(),
356
+ scope: this.oauth2Provider.getOauthScopes().join(" "),
357
+ audience: this.oauth2Provider.getAudience()
358
+ })
359
+ });
360
+ if (!response.ok) {
361
+ throw new Error(`Failed to get device code: ${String(response.status)}`);
362
+ }
363
+ return await response.json();
364
+ }
365
+ displayAuthInstructions(deviceCodeData) {
366
+ const verificationUri = deviceCodeData.verification_uri_complete ?? deviceCodeData.verification_uri ?? "";
367
+ if (verificationUri) {
368
+ this.openBrowser(verificationUri);
369
+ }
370
+ }
371
+ async pollForToken(deviceCodeData) {
372
+ const tokenPayload = {
373
+ grant_type: "urn:ietf:params:oauth:grant-type:device_code",
374
+ device_code: deviceCodeData.device_code,
375
+ client_id: this.oauth2Provider.getClientId()
376
+ };
377
+ for (let attempt = 0; attempt < this.maxAttempts; attempt += 1) {
378
+ const response = await this.fetchImpl(this.oauth2Provider.getTokenUrl(), {
379
+ method: "POST",
380
+ body: formBody(tokenPayload)
381
+ });
382
+ const tokenData = await response.json();
383
+ if (response.ok && tokenData.access_token) {
384
+ await this.validateAndSaveToken(tokenData.access_token);
385
+ return;
386
+ }
387
+ if (tokenData.error !== "authorization_pending" && tokenData.error !== "slow_down") {
388
+ throw new Error(tokenData.error_description ?? tokenData.error ?? "OAuth2 token polling failed");
389
+ }
390
+ await sleep((deviceCodeData.interval ?? 1) * 1e3);
391
+ }
392
+ throw new Error("Timeout: Failed to get the token. Please try again.");
393
+ }
394
+ async validateAndSaveToken(jwtToken) {
395
+ const decoded = await validateJwtToken({
396
+ jwtToken,
397
+ jwksUrl: this.oauth2Provider.getJwksUrl(),
398
+ issuer: this.oauth2Provider.getIssuer(),
399
+ audience: this.oauth2Provider.getAudience(),
400
+ fetch: this.fetchImpl
401
+ });
402
+ const expiresAt = Number(decoded.exp ?? 0);
403
+ this.tokenManager.saveTokens(jwtToken, expiresAt);
404
+ }
405
+ };
406
+ async function validateJwtToken(options) {
407
+ const jwtToken = options.jwtToken ?? options.jwt_token;
408
+ const jwksUrl = options.jwksUrl ?? options.jwks_url;
409
+ if (!jwtToken) {
410
+ throw new Error("jwtToken is required.");
411
+ }
412
+ if (!jwksUrl) {
413
+ throw new Error("jwksUrl is required.");
414
+ }
415
+ const [encodedHeader, encodedPayload, encodedSignature] = jwtToken.split(".");
416
+ if (!encodedHeader || !encodedPayload || !encodedSignature) {
417
+ throw new Error("Invalid token: expected a JWS compact token.");
418
+ }
419
+ const header = parseJwtPart(encodedHeader);
420
+ const payload = parseJwtPart(encodedPayload);
421
+ if (header.alg !== "RS256") {
422
+ throw new Error(`Invalid token algorithm: ${String(header.alg)}`);
423
+ }
424
+ const jwksResponse = await (options.fetch ?? fetch)(jwksUrl);
425
+ if (!jwksResponse.ok) {
426
+ throw new Error(`JWKS or key processing error: ${String(jwksResponse.status)}`);
427
+ }
428
+ const jwks = await jwksResponse.json();
429
+ const key = jwks.keys?.find((candidate) => candidate.kid === header.kid) ?? jwks.keys?.[0];
430
+ if (!key) {
431
+ throw new Error("JWKS or key processing error: no matching key found");
432
+ }
433
+ const publicKey = createPublicKey({ key, format: "jwk" });
434
+ const valid = verify(
435
+ "RSA-SHA256",
436
+ Buffer.from(`${encodedHeader}.${encodedPayload}`),
437
+ publicKey,
438
+ base64urlDecode(encodedSignature)
439
+ );
440
+ if (!valid) {
441
+ throw new Error("Invalid token: signature verification failed");
442
+ }
443
+ validateJwtClaims(payload, options.issuer, options.audience, options.leewaySeconds ?? options.leeway_seconds ?? 10);
444
+ return payload;
445
+ }
446
+ var validate_jwt_token = validateJwtToken;
447
+ function defaultOauth2Settings() {
448
+ return new Oauth2Settings({
449
+ provider: process.env.CREWAI_OAUTH2_PROVIDER ?? "workos",
450
+ clientId: process.env.CREWAI_OAUTH2_CLIENT_ID ?? "crewai-cli",
451
+ domain: process.env.CREWAI_OAUTH2_DOMAIN ?? "login.crewai.com",
452
+ audience: process.env.CREWAI_OAUTH2_AUDIENCE ?? null
453
+ });
454
+ }
455
+ function getSecureStoragePath() {
456
+ if (process.env.CREWAI_TS_CREDENTIALS_DIR) {
457
+ return process.env.CREWAI_TS_CREDENTIALS_DIR;
458
+ }
459
+ if (process.platform === "win32" && process.env.LOCALAPPDATA) {
460
+ return join(process.env.LOCALAPPDATA, "crewai", "credentials");
461
+ }
462
+ if (process.platform === "darwin") {
463
+ return join(homedir(), "Library", "Application Support", "crewai", "credentials");
464
+ }
465
+ return join(homedir(), ".local", "share", "crewai", "credentials");
466
+ }
467
+ function createTemporaryTokenStorage() {
468
+ return mkdtempSync(join(tmpdir(), "crewai-ts-token-"));
469
+ }
470
+ function encryptJson(value, key) {
471
+ const iv = randomBytes(12);
472
+ const cipher = createCipheriv("aes-256-gcm", key, iv);
473
+ const ciphertext = Buffer.concat([cipher.update(JSON.stringify(value), "utf8"), cipher.final()]);
474
+ const tag = cipher.getAuthTag();
475
+ return Buffer.concat([Buffer.from("v1:"), iv, tag, ciphertext]);
476
+ }
477
+ function decryptJson(encrypted, key) {
478
+ const prefix = encrypted.subarray(0, 3).toString();
479
+ if (prefix !== "v1:") {
480
+ throw new Error("Unsupported token file format.");
481
+ }
482
+ const iv = encrypted.subarray(3, 15);
483
+ const tag = encrypted.subarray(15, 31);
484
+ const ciphertext = encrypted.subarray(31);
485
+ const decipher = createDecipheriv("aes-256-gcm", key, iv);
486
+ decipher.setAuthTag(tag);
487
+ return JSON.parse(Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf8"));
488
+ }
489
+ function formBody(data) {
490
+ const params = new URLSearchParams();
491
+ for (const [key, value] of Object.entries(data)) {
492
+ params.set(key, value);
493
+ }
494
+ return params;
495
+ }
496
+ function sleep(ms) {
497
+ return new Promise((resolve) => {
498
+ setTimeout(resolve, ms);
499
+ });
500
+ }
501
+ function parseJwtPart(part) {
502
+ return JSON.parse(base64urlDecode(part).toString("utf8"));
503
+ }
504
+ function base64urlDecode(value) {
505
+ return Buffer.from(value.replaceAll("-", "+").replaceAll("_", "/"), "base64");
506
+ }
507
+ function validateJwtClaims(payload, issuer, audience, leewaySeconds) {
508
+ const now = Math.floor(Date.now() / 1e3);
509
+ for (const claim of ["exp", "iat", "iss", "aud", "sub"]) {
510
+ if (!(claim in payload)) {
511
+ throw new Error(`Token is missing required claims: ${claim}`);
512
+ }
513
+ }
514
+ if (Number(payload.exp) + leewaySeconds <= now) {
515
+ throw new Error("Token has expired.");
516
+ }
517
+ if (Number(payload.nbf ?? 0) - leewaySeconds > now) {
518
+ throw new Error("Invalid token: not before claim is in the future");
519
+ }
520
+ if (Number(payload.iat) - leewaySeconds > now) {
521
+ throw new Error("Invalid token: issued at claim is in the future");
522
+ }
523
+ if (payload.iss !== issuer) {
524
+ throw new Error(`Invalid token issuer. Got: '${String(payload.iss)}'. Expected: '${issuer}'`);
525
+ }
526
+ const audiences = Array.isArray(payload.aud) ? payload.aud.map(String) : [String(payload.aud)];
527
+ if (!audiences.includes(audience)) {
528
+ throw new Error(`Invalid token audience. Got: '${audiences.join(",")}'. Expected: '${audience}'`);
529
+ }
530
+ }
531
+ function required(value, name) {
532
+ if (!value) {
533
+ throw new Error(`${name} is required. Please set it in the configuration.`);
534
+ }
535
+ return value;
536
+ }
537
+ function stringFromUnknown(value, fallback = "") {
538
+ return typeof value === "string" ? value : fallback;
539
+ }
540
+ function constantTimeEquals(left, right) {
541
+ const leftHash = createHash("sha256").update(left).digest();
542
+ const rightHash = createHash("sha256").update(right).digest();
543
+ return timingSafeEqual(leftHash, rightHash);
544
+ }
545
+
546
+ export {
547
+ ALGORITHMS,
548
+ AuthError,
549
+ TokenManager,
550
+ getAuthToken,
551
+ get_auth_token,
552
+ Oauth2Settings,
553
+ BaseProvider,
554
+ Auth0Provider,
555
+ WorkosProvider,
556
+ EntraIdProvider,
557
+ KeycloakProvider,
558
+ OktaProvider,
559
+ ProviderFactory,
560
+ AuthenticationCommand,
561
+ validateJwtToken,
562
+ validate_jwt_token,
563
+ createTemporaryTokenStorage,
564
+ constantTimeEquals
565
+ };
package/dist/chunk-SB7ADUQA.js ADDED
@@ -0,0 +1,110 @@
1
+ // src/feature-hooks.ts
2
+ var a2aServerMethodsInjector = null;
3
+ var a2aAgentWrapper = null;
4
+ var liteAgentA2AKickoffHandler = null;
5
+ var ragFeatureHooks = {};
6
+ function registerA2AServerMethodsInjector(injector) {
7
+ a2aServerMethodsInjector = injector;
8
+ }
9
+ function applyA2AServerMethodsInjector(agent) {
10
+ return a2aServerMethodsInjector?.(agent) ?? agent;
11
+ }
12
+ function registerA2AAgentWrapper(wrapper) {
13
+ a2aAgentWrapper = wrapper;
14
+ }
15
+ function applyA2AAgentWrapper(agent) {
16
+ return a2aAgentWrapper?.(agent) ?? agent;
17
+ }
18
+ function registerLiteAgentA2AKickoffHandler(handler) {
19
+ liteAgentA2AKickoffHandler = handler;
20
+ }
21
+ function getLiteAgentA2AKickoffHandler() {
22
+ return liteAgentA2AKickoffHandler;
23
+ }
24
+ function registerRagFeatureHooks(hooks) {
25
+ ragFeatureHooks = hooks ?? {};
26
+ }
27
+ function createRegisteredMemory(options) {
28
+ return ragFeatureHooks.createMemory?.(options) ?? null;
29
+ }
30
+ function createRegisteredKnowledge(options) {
31
+ return ragFeatureHooks.createKnowledge?.(options) ?? null;
32
+ }
33
+ function createRegisteredMemoryTools(memory) {
34
+ return ragFeatureHooks.createMemoryTools?.(memory) ?? [];
35
+ }
36
+ async function extractRegisteredPDFText(content, filename) {
37
+ const text = await ragFeatureHooks.extractPDFText?.(content, filename);
38
+ return typeof text === "string" ? text : null;
39
+ }
40
+ function isRegisteredMemory(value) {
41
+ if (ragFeatureHooks.isMemory?.(value)) {
42
+ return true;
43
+ }
44
+ return isMemoryLike(value) && !isRegisteredMemoryScope(value);
45
+ }
46
+ function isRegisteredMemoryScope(value) {
47
+ if (ragFeatureHooks.isMemoryScope?.(value)) {
48
+ return true;
49
+ }
50
+ return isMemoryLike(value) && (readString(value, "memoryKind") === "scope" || readString(value, "memory_kind") === "scope" || typeof value.bind === "function");
51
+ }
52
+ function isRegisteredKnowledge(value) {
53
+ if (ragFeatureHooks.isKnowledge?.(value)) {
54
+ return true;
55
+ }
56
+ return Boolean(value) && typeof value === "object" && typeof value.query === "function";
57
+ }
58
+ function bindRegisteredMemoryView(value, backing) {
59
+ if (ragFeatureHooks.bindMemoryView) {
60
+ ragFeatureHooks.bindMemoryView(value, backing);
61
+ return;
62
+ }
63
+ if (!value || typeof value !== "object" || value === backing) {
64
+ return;
65
+ }
66
+ const bind = value.bind;
67
+ if (typeof bind === "function") {
68
+ bind.call(value, backing);
69
+ }
70
+ }
71
+ function extractKnowledgeContext(results) {
72
+ const content = results.map((result) => {
73
+ if (!result || typeof result !== "object" || Array.isArray(result)) {
74
+ return "";
75
+ }
76
+ const content2 = result.content;
77
+ return typeof content2 === "string" ? content2.trim() : "";
78
+ }).filter(Boolean).join("\n");
79
+ return content ? `Additional Information:
80
+ ${content}` : "";
81
+ }
82
+ function isMemoryLike(value) {
83
+ return Boolean(value) && typeof value === "object" && typeof value.recall === "function";
84
+ }
85
+ function readString(value, key) {
86
+ if (!value || typeof value !== "object") {
87
+ return null;
88
+ }
89
+ const candidate = value[key];
90
+ return typeof candidate === "string" ? candidate : null;
91
+ }
92
+
93
+ export {
94
+ registerA2AServerMethodsInjector,
95
+ applyA2AServerMethodsInjector,
96
+ registerA2AAgentWrapper,
97
+ applyA2AAgentWrapper,
98
+ registerLiteAgentA2AKickoffHandler,
99
+ getLiteAgentA2AKickoffHandler,
100
+ registerRagFeatureHooks,
101
+ createRegisteredMemory,
102
+ createRegisteredKnowledge,
103
+ createRegisteredMemoryTools,
104
+ extractRegisteredPDFText,
105
+ isRegisteredMemory,
106
+ isRegisteredMemoryScope,
107
+ isRegisteredKnowledge,
108
+ bindRegisteredMemoryView,
109
+ extractKnowledgeContext
110
+ };
package/dist/chunk-T32G6KDW.js ADDED
@@ -0,0 +1,40 @@
1
+ // src/types.ts
2
+ var LLMMessage = class LLMMessage2 {
3
+ role;
4
+ content;
5
+ files;
6
+ cache_breakpoint;
7
+ constructor(options) {
8
+ this.role = options.role;
9
+ this.content = options.content;
10
+ if (options.files !== void 0) {
11
+ this.files = options.files;
12
+ }
13
+ if (options.cache_breakpoint !== void 0) {
14
+ this.cache_breakpoint = options.cache_breakpoint;
15
+ }
16
+ }
17
+ };
18
+ var Tool = Object;
19
+ function create_literals_from_strings(values) {
20
+ return values;
21
+ }
22
+ var Process = /* @__PURE__ */ ((Process2) => {
23
+ Process2["sequential"] = "sequential";
24
+ Process2["hierarchical"] = "hierarchical";
25
+ return Process2;
26
+ })(Process || {});
27
+ var OutputFormat = /* @__PURE__ */ ((OutputFormat2) => {
28
+ OutputFormat2["RAW"] = "raw";
29
+ OutputFormat2["JSON"] = "json";
30
+ OutputFormat2["PYDANTIC"] = "pydantic";
31
+ return OutputFormat2;
32
+ })(OutputFormat || {});
33
+
34
+ export {
35
+ LLMMessage,
36
+ Tool,
37
+ create_literals_from_strings,
38
+ Process,
39
+ OutputFormat
40
+ };