npm - @datacules/agent-identity-fastify - Versions diffs - 0.11.0 → 0.11.1 - Mend

@datacules/agent-identity-fastify 0.11.0 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,109 @@
+Datacules Agent Identity License — Version 1.0
+Copyright (c) 2026 Datacules LLC. All rights reserved.
+─────────────────────────────────────────────────────────────────────────────
+PREAMBLE
+─────────────────────────────────────────────────────────────────────────────
+This software — Agent Identity & Auth Patterns — is developed and owned by
+Datacules LLC. It is made available to the public as open-source software
+under the permissive terms below.
+Datacules LLC retains ownership and authorship of this software while
+granting broad, royalty-free rights for anyone to use, copy, modify, and
+distribute it — in commercial or non-commercial contexts — without requiring
+that derivative works also become open source.
+─────────────────────────────────────────────────────────────────────────────
+TERMS AND CONDITIONS
+─────────────────────────────────────────────────────────────────────────────
+1. PERMISSION TO USE
+   Permission is hereby granted, free of charge, to any person or
+   organization obtaining a copy of this software and associated
+   documentation files (the "Software"), to use, copy, modify, merge,
+   publish, distribute, sublicense, and/or sell copies of the Software,
+   and to permit persons to whom the Software is furnished to do so,
+   subject to the conditions below.
+2. ATTRIBUTION
+   a. Redistributions of source code must retain this copyright notice,
+      this list of conditions, and the disclaimer below.
+   b. Redistributions in binary form or as a product must reproduce this
+      copyright notice, this list of conditions, and the disclaimer in the
+      documentation and/or other materials provided with the distribution.
+   c. Neither the name "Datacules LLC" nor the names of its contributors
+      may be used to endorse or promote products derived from this Software
+      without prior written permission from Datacules LLC.
+3. COMMERCIAL USE
+   Use of this Software in commercial products, SaaS platforms, internal
+   enterprise tools, or any revenue-generating context is explicitly
+   permitted without royalty, fee, or additional licensing agreement,
+   provided that the conditions in Section 2 (Attribution) are met.
+4. NO COPYLEFT / NO VIRAL REQUIREMENT
+   This license does NOT require that derivative works, modifications,
+   or software that uses or embeds this Software be made open source.
+   You may incorporate this Software into proprietary or closed-source
+   products under your own license terms.
+5. MODIFICATIONS
+   Modified versions of the Software may be distributed under the same
+   terms as this license or under any other permissive open-source
+   license (e.g. MIT, Apache 2.0, BSD), provided that:
+   a. The original copyright notice of Datacules LLC is preserved.
+   b. Modifications are clearly documented and distinguished from the
+      original work.
+6. COMPATIBILITY
+   This license is compatible with other permissive open-source licenses
+   such as MIT, BSD 2-Clause, BSD 3-Clause, and Apache License 2.0. It
+   is also GPL-compatible — this Software may coexist with GPL-licensed
+   code, though this Software itself is not distributed under the GPL.
+─────────────────────────────────────────────────────────────────────────────
+DISCLAIMER
+─────────────────────────────────────────────────────────────────────────────
+THIS SOFTWARE IS PROVIDED BY DATACULES LLC AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
+AND NON-INFRINGEMENT ARE DISCLAIMED.
+IN NO EVENT SHALL DATACULES LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+─────────────────────────────────────────────────────────────────────────────
+SUMMARY (non-binding)
+─────────────────────────────────────────────────────────────────────────────
+  ✔  Use freely — commercial, proprietary, or open-source projects
+  ✔  Modify and distribute with or without changes
+  ✔  Sell products built on this Software
+  ✔  No royalties or fees
+  ✔  No requirement to open-source your own code
+  ✔  Attribution to Datacules LLC required in source and binary distributions
+  ✗  Do not use "Datacules LLC" to endorse derived products without permission
+─────────────────────────────────────────────────────────────────────────────
+CONTACT
+─────────────────────────────────────────────────────────────────────────────
+Datacules LLC
+For licensing enquiries: legal@datacules.com
+Product: https://github.com/hvrcharon1/agent-identity

package/dist/cjs/index.js ADDED Viewed

@@ -0,0 +1,49 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.agentIdentityPlugin = void 0;
+/**
+ * Fastify plugin for @datacules/agent-identity.
+ *
+ * Decorates each request with resolvedCredential before the route handler runs.
+ *
+ * Usage:
+ *   import Fastify from 'fastify';
+ *   import { agentIdentityPlugin } from '@datacules/agent-identity-fastify';
+ *
+ *   const app = Fastify();
+ *   await app.register(agentIdentityPlugin, { credentials, rules, logger });
+ *
+ *   app.post('/ai/complete', async (request, reply) => {
+ *     const cred = request.resolvedCredential; // typed
+ *   });
+ */
+const fastify_plugin_1 = __importDefault(require("fastify-plugin"));
+const agent_identity_1 = require("@datacules/agent-identity");
+const plugin = async (fastify, options) => {
+    const { credentials, rules, logger, contextKey = 'agentContext', passThrough = true, } = options;
+    const router = (0, agent_identity_1.createRouter)(credentials, rules, logger);
+    fastify.decorateRequest('resolvedCredential', null);
+    fastify.addHook('preHandler', async (request, reply) => {
+        const body = request.body;
+        const ctx = body?.[contextKey];
+        if (!ctx) {
+            if (!passThrough) {
+                return reply.status(400).send({ error: `Missing required field: ${contextKey}` });
+            }
+            return;
+        }
+        const resolved = router.resolve(ctx);
+        if (!resolved) {
+            return reply.status(403).send({ error: 'No credential resolved for this context' });
+        }
+        request.resolvedCredential = resolved;
+    });
+};
+exports.agentIdentityPlugin = (0, fastify_plugin_1.default)(plugin, {
+    name: '@datacules/agent-identity-fastify',
+    fastify: '>=4.0.0',
+});
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;AAAA;;;;;;;;;;;;;;;GAeG;AACH,oEAAgC;AAChC,8DAAyD;AAwBzD,MAAM,MAAM,GAAmD,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE;IACxF,MAAM,EACJ,WAAW,EACX,KAAK,EACL,MAAM,EACN,UAAU,GAAG,cAAc,EAC3B,WAAW,GAAG,IAAI,GACnB,GAAG,OAAO,CAAC;IAEZ,MAAM,MAAM,GAAG,IAAA,6BAAY,EAAC,WAAW,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAExD,OAAO,CAAC,eAAe,CAAC,oBAAoB,EAAE,IAAI,CAAC,CAAC;IAEpD,OAAO,CAAC,OAAO,CACb,YAAY,EACZ,KAAK,EAAE,OAAuB,EAAE,KAAmB,EAAE,EAAE;QACrD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAsC,CAAC;QAC5D,MAAM,GAAG,GAAG,IAAI,EAAE,CAAC,UAAU,CAAoC,CAAC;QAElE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,UAAU,EAAE,EAAE,CAAC,CAAC;YACpF,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;QACtF,CAAC;QAED,OAAO,CAAC,kBAAkB,GAAG,QAAQ,CAAC;IACxC,CAAC,CACF,CAAC;AACJ,CAAC,CAAC;AAEW,QAAA,mBAAmB,GAAG,IAAA,wBAAE,EAAC,MAAM,EAAE;IAC5C,IAAI,EAAE,mCAAmC;IACzC,OAAO,EAAE,SAAS;CACnB,CAAC,CAAC"}

package/dist/esm/index.js ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * Fastify plugin for @datacules/agent-identity.
+ *
+ * Decorates each request with resolvedCredential before the route handler runs.
+ *
+ * Usage:
+ *   import Fastify from 'fastify';
+ *   import { agentIdentityPlugin } from '@datacules/agent-identity-fastify';
+ *
+ *   const app = Fastify();
+ *   await app.register(agentIdentityPlugin, { credentials, rules, logger });
+ *
+ *   app.post('/ai/complete', async (request, reply) => {
+ *     const cred = request.resolvedCredential; // typed
+ *   });
+ */
+import fp from 'fastify-plugin';
+import { createRouter } from '@datacules/agent-identity';
+const plugin = async (fastify, options) => {
+    const { credentials, rules, logger, contextKey = 'agentContext', passThrough = true, } = options;
+    const router = createRouter(credentials, rules, logger);
+    fastify.decorateRequest('resolvedCredential', null);
+    fastify.addHook('preHandler', async (request, reply) => {
+        const body = request.body;
+        const ctx = body?.[contextKey];
+        if (!ctx) {
+            if (!passThrough) {
+                return reply.status(400).send({ error: `Missing required field: ${contextKey}` });
+            }
+            return;
+        }
+        const resolved = router.resolve(ctx);
+        if (!resolved) {
+            return reply.status(403).send({ error: 'No credential resolved for this context' });
+        }
+        request.resolvedCredential = resolved;
+    });
+};
+export const agentIdentityPlugin = fp(plugin, {
+    name: '@datacules/agent-identity-fastify',
+    fastify: '>=4.0.0',
+});
+//# sourceMappingURL=index.js.map

package/dist/esm/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAChC,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAwBzD,MAAM,MAAM,GAAmD,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE;IACxF,MAAM,EACJ,WAAW,EACX,KAAK,EACL,MAAM,EACN,UAAU,GAAG,cAAc,EAC3B,WAAW,GAAG,IAAI,GACnB,GAAG,OAAO,CAAC;IAEZ,MAAM,MAAM,GAAG,YAAY,CAAC,WAAW,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAExD,OAAO,CAAC,eAAe,CAAC,oBAAoB,EAAE,IAAI,CAAC,CAAC;IAEpD,OAAO,CAAC,OAAO,CACb,YAAY,EACZ,KAAK,EAAE,OAAuB,EAAE,KAAmB,EAAE,EAAE;QACrD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAsC,CAAC;QAC5D,MAAM,GAAG,GAAG,IAAI,EAAE,CAAC,UAAU,CAAoC,CAAC;QAElE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,UAAU,EAAE,EAAE,CAAC,CAAC;YACpF,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;QACtF,CAAC;QAED,OAAO,CAAC,kBAAkB,GAAG,QAAQ,CAAC;IACxC,CAAC,CACF,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAG,EAAE,CAAC,MAAM,EAAE;IAC5C,IAAI,EAAE,mCAAmC;IACzC,OAAO,EAAE,SAAS;CACnB,CAAC,CAAC"}

package/dist/types/index.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { AuditLogger, Credential, ResolvedCredential, RoutingRule } from '@datacules/agent-identity';
+import type { FastifyPluginAsync } from 'fastify';
+declare module 'fastify' {
+    interface FastifyRequest {
+        resolvedCredential: ResolvedCredential | null;
+    }
+}
+export interface AgentIdentityPluginOptions {
+    credentials: Credential[];
+    rules: RoutingRule[];
+    logger?: AuditLogger;
+    contextKey?: string;
+    passThrough?: boolean;
+}
+export declare const agentIdentityPlugin: FastifyPluginAsync<AgentIdentityPluginOptions>;
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAkBA,OAAO,KAAK,EAEV,WAAW,EACX,UAAU,EACV,kBAAkB,EAClB,WAAW,EACZ,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,kBAAkB,EAAgC,MAAM,SAAS,CAAC;AAEhF,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,kBAAkB,EAAE,kBAAkB,GAAG,IAAI,CAAC;KAC/C;CACF;AAED,MAAM,WAAW,0BAA0B;IACzC,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAsCD,eAAO,MAAM,mBAAmB,gDAG9B,CAAC"}

package/package.json CHANGED Viewed

@@ -1,17 +1,44 @@
 {
   "name": "@datacules/agent-identity-fastify",
-  "version": "0.11.0",
+  "version": "0.11.1",
   "private": false,
   "description": "Fastify plugin for @datacules/agent-identity",
+  "author": "Datacules LLC",
+  "license": "SEE LICENSE IN LICENSE",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/hvrcharon1/agent-identity.git",
+    "directory": "packages/integrations/fastify"
+  },
+  "keywords": [
+    "agent-identity",
+    "fastify",
+    "plugin",
+    "credential-routing",
+    "ai-agents",
+    "datacules"
+  ],
   "main": "./dist/cjs/index.js",
   "module": "./dist/esm/index.js",
   "types": "./dist/types/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/esm/index.js",
+      "require": "./dist/cjs/index.js",
+      "types": "./dist/types/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "LICENSE",
+    "README.md"
+  ],
   "scripts": {
-    "build": "tsc -p tsconfig.build.json",
+    "build": "tsc -p tsconfig.build.json && tsc -p tsconfig.cjs.json",
     "type-check": "tsc --noEmit"
   },
   "peerDependencies": {
-    "@datacules/agent-identity": "^0.6.0",
+    "@datacules/agent-identity": "^0.11.1",
     "fastify": ">=4.0.0",
     "fastify-plugin": ">=4.0.0"
   },

package/src/fastify.test.ts DELETED Viewed

@@ -1,342 +0,0 @@
-/**
- * fastify.test.ts
- *
- * Vitest test suite for agentIdentityPlugin from
- * @datacules/agent-identity-fastify.
- *
- * Fastify uses `import type` for FastifyPluginAsync, FastifyRequest,
- * FastifyReply — type imports are erased at runtime.
- *
- * The preHandler hook under test is extracted by calling the plugin with
- * a minimal mock Fastify instance that captures decorateRequest and
- * addHook calls. This avoids requiring the fastify or fastify-plugin
- * runtime packages.
- *
- * 12 test cases:
- *   passThrough behavior (4): absent context passThrough true/false, 400 naming
- *   credential resolution (5): attach, resolvedFor, 403 on no match, 403 expired
- *   custom contextKey (2): reads correct field, 400 names custom key
- *   plugin registration (1): fastify-plugin wrapping verified
- */
-import { describe, it, expect, vi } from 'vitest';
-import { agentIdentityPlugin } from './index';
-import type { Credential, RoutingRule } from '@datacules/agent-identity';
-// ─── Fixtures ─────────────────────────────────────────────────────────────────
-const FIXED_CREDENTIAL: Credential = {
-  id: 'cred-openai-fixed',
-  kind: 'fixed',
-  name: 'OpenAI Prod Key',
-  scope: 'read write',
-  status: 'active',
-  provider: 'openai',
-  ref: 'openai-prod-key',
-};
-const USER_DELEGATED_CREDENTIAL: Credential = {
-  id: 'cred-anthropic-user',
-  kind: 'user-delegated',
-  name: 'Anthropic User Token',
-  scope: 'read',
-  status: 'active',
-  provider: 'anthropic',
-  ref: 'anthropic-user-token',
-};
-const EXPIRED_CREDENTIAL: Credential = {
-  id: 'cred-expired',
-  kind: 'fixed',
-  name: 'Expired Key',
-  scope: 'read write',
-  status: 'active',
-  provider: 'openai',
-  ref: 'expired-key',
-  expiresAt: new Date(Date.now() - 1_000).toISOString(),
-};
-const RULES: RoutingRule[] = [
-  {
-    id: 'rule-openai-shared',
-    credentialRef: 'openai-prod-key',
-    priority: 10,
-    matchProvider: 'openai',
-    matchResourceKind: 'shared',
-  },
-  {
-    id: 'rule-anthropic-personal',
-    credentialRef: 'anthropic-user-token',
-    priority: 20,
-    matchProvider: 'anthropic',
-    matchResourceKind: 'personal',
-  },
-];
-const EXPIRED_RULES: RoutingRule[] = [
-  {
-    id: 'rule-expired',
-    credentialRef: 'expired-key',
-    priority: 5,
-    matchProvider: 'openai',
-    matchResourceKind: 'shared',
-  },
-];
-const BASE_CONTEXT = {
-  userId: 'user-123',
-  resourceId: 'res-abc',
-  resourceKind: 'shared' as const,
-  provider: 'openai' as const,
-  model: 'gpt-4',
-  action: 'complete',
-  traceId: 'trace-001',
-  requestedAt: new Date().toISOString(),
-};
-// ─── Mock Fastify instance helpers ────────────────────────────────────────────
-/**
- * Builds a minimal mock Fastify instance and calls the plugin's inner
- * function (the one wrapped by fastify-plugin) to capture the addHook
- * preHandler call. Returns the captured preHandler function so tests
- * can invoke it directly without running a real Fastify server.
- *
- * fastify-plugin sets [Symbol.for('skip-override')] = true and exposes
- * the original plugin via .default or the function itself — we access
- * the unwrapped function by checking for [Symbol.for('fastify.display-name')]
- * or falling back to calling the exported plugin directly.
- */
-async function extractPreHandler(
-  options: Parameters<typeof agentIdentityPlugin>[1]
-): Promise<(request: Record<string, unknown>, reply: ReturnType<typeof makeReply>) => Promise<void>> {
-  let capturedHook: ((req: unknown, reply: unknown) => Promise<void>) | null = null;
-  const mockFastify = {
-    decorateRequest: vi.fn(),
-    addHook: vi.fn((_hookName: string, fn: (req: unknown, reply: unknown) => Promise<void>) => {
-      capturedHook = fn;
-    }),
-  };
-  // agentIdentityPlugin is the fp()-wrapped plugin. fp() sets skip-override
-  // and the wrapped function is stored on .default or exposed through the
-  // Symbol-keyed property. We can call it directly — fp() returns a function
-  // that accepts (fastify, options) just like the inner plugin, but also
-  // skips Fastify's encapsulation. When called as a plain function it still
-  // invokes the inner plugin body.
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  await (agentIdentityPlugin as any)(mockFastify, options);
-  if (!capturedHook) {
-    throw new Error('addHook(preHandler) was not called by agentIdentityPlugin');
-  }
-  return capturedHook as (req: Record<string, unknown>, reply: ReturnType<typeof makeReply>) => Promise<void>;
-}
-function makeRequest(body?: Record<string, unknown>) {
-  return { body, resolvedCredential: null } as Record<string, unknown>;
-}
-function makeReply() {
-  const send = vi.fn();
-  const status = vi.fn(() => ({ send }));
-  return { status, send };
-}
-// ─── Tests ────────────────────────────────────────────────────────────────────
-describe('agentIdentityPlugin', () => {
-  // ─── Plugin registration ───────────────────────────────────────────────────
-  describe('plugin registration', () => {
-    it('is a fastify-plugin (has skip-override symbol set by fp())', () => {
-      // fastify-plugin sets this symbol to true so Fastify does not create
-      // a child scope — verifies fp() wrapping is in place
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      expect((agentIdentityPlugin as any)[Symbol.for('skip-override')]).toBe(true);
-    });
-  });
-  // ─── passThrough behavior ──────────────────────────────────────────────────
-  describe('passThrough behavior', () => {
-    it('does not call reply when agentContext is absent and passThrough=true (default)', async () => {
-      const hook = await extractPreHandler({
-        credentials: [FIXED_CREDENTIAL],
-        rules: RULES,
-      });
-      const req = makeRequest({ otherField: 'value' });
-      const reply = makeReply();
-      await hook(req, reply);
-      expect(reply.status).not.toHaveBeenCalled();
-    });
-    it('does not call reply when req.body is undefined and passThrough=true', async () => {
-      const hook = await extractPreHandler({
-        credentials: [FIXED_CREDENTIAL],
-        rules: RULES,
-      });
-      const req = makeRequest(undefined);
-      const reply = makeReply();
-      await hook(req, reply);
-      expect(reply.status).not.toHaveBeenCalled();
-    });
-    it('sends 400 when agentContext is absent and passThrough=false', async () => {
-      const hook = await extractPreHandler({
-        credentials: [FIXED_CREDENTIAL],
-        rules: RULES,
-        passThrough: false,
-      });
-      const req = makeRequest({});
-      const reply = makeReply();
-      await hook(req, reply);
-      expect(reply.status).toHaveBeenCalledWith(400);
-    });
-    it('400 error message names the missing contextKey', async () => {
-      const hook = await extractPreHandler({
-        credentials: [FIXED_CREDENTIAL],
-        rules: RULES,
-        passThrough: false,
-      });
-      const req = makeRequest({});
-      const reply = makeReply();
-      await hook(req, reply);
-      expect(reply.send).toHaveBeenCalledWith(
-        expect.objectContaining({ error: expect.stringContaining('agentContext') })
-      );
-    });
-  });
-  // ─── Credential resolution ─────────────────────────────────────────────────
-  describe('credential resolution', () => {
-    it('attaches resolvedCredential to request on successful resolution', async () => {
-      const hook = await extractPreHandler({
-        credentials: [FIXED_CREDENTIAL],
-        rules: RULES,
-      });
-      const req = makeRequest({ agentContext: BASE_CONTEXT });
-      const reply = makeReply();
-      await hook(req, reply);
-      expect((req as Record<string, unknown>).resolvedCredential).toBeDefined();
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      expect(((req as any).resolvedCredential as any)?.credentialId).toBe('cred-openai-fixed');
-    });
-    it('sets resolvedFor to "service" for fixed credentials', async () => {
-      const hook = await extractPreHandler({
-        credentials: [FIXED_CREDENTIAL],
-        rules: RULES,
-      });
-      const req = makeRequest({ agentContext: BASE_CONTEXT });
-      const reply = makeReply();
-      await hook(req, reply);
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const resolved = (req as any).resolvedCredential as any;
-      expect(resolved?.kind).toBe('fixed');
-      expect(resolved?.resolvedFor).toBe('service');
-    });
-    it('sets resolvedFor to ctx.userId for user-delegated credentials', async () => {
-      const hook = await extractPreHandler({
-        credentials: [FIXED_CREDENTIAL, USER_DELEGATED_CREDENTIAL],
-        rules: RULES,
-      });
-      const anthropicCtx = {
-        ...BASE_CONTEXT,
-        provider: 'anthropic' as const,
-        resourceKind: 'personal' as const,
-      };
-      const req = makeRequest({ agentContext: anthropicCtx });
-      const reply = makeReply();
-      await hook(req, reply);
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      const resolved = (req as any).resolvedCredential as any;
-      expect(resolved?.kind).toBe('user-delegated');
-      expect(resolved?.resolvedFor).toBe('user-123');
-    });
-    it('sends 403 when no routing rule matches the context', async () => {
-      const hook = await extractPreHandler({
-        credentials: [FIXED_CREDENTIAL],
-        rules: RULES,
-      });
-      // gemini matches no configured rule
-      const ctx = { ...BASE_CONTEXT, provider: 'gemini' as const };
-      const req = makeRequest({ agentContext: ctx });
-      const reply = makeReply();
-      await hook(req, reply);
-      expect(reply.status).toHaveBeenCalledWith(403);
-    });
-    it('sends 403 when the matched credential is expired', async () => {
-      const hook = await extractPreHandler({
-        credentials: [EXPIRED_CREDENTIAL],
-        rules: EXPIRED_RULES,
-      });
-      const req = makeRequest({ agentContext: BASE_CONTEXT });
-      const reply = makeReply();
-      await hook(req, reply);
-      expect(reply.status).toHaveBeenCalledWith(403);
-    });
-  });
-  // ─── Custom contextKey ─────────────────────────────────────────────────────
-  describe('custom contextKey', () => {
-    it('reads the agent context from the custom contextKey field', async () => {
-      const hook = await extractPreHandler({
-        credentials: [FIXED_CREDENTIAL],
-        rules: RULES,
-        contextKey: 'identity',
-      });
-      const req = makeRequest({ identity: BASE_CONTEXT });
-      const reply = makeReply();
-      await hook(req, reply);
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      expect((req as any).resolvedCredential).toBeDefined();
-    });
-    it('400 error message names the custom contextKey when passThrough=false', async () => {
-      const hook = await extractPreHandler({
-        credentials: [FIXED_CREDENTIAL],
-        rules: RULES,
-        contextKey: 'identity',
-        passThrough: false,
-      });
-      const req = makeRequest({});
-      const reply = makeReply();
-      await hook(req, reply);
-      expect(reply.status).toHaveBeenCalledWith(400);
-      expect(reply.send).toHaveBeenCalledWith(
-        expect.objectContaining({ error: expect.stringContaining('identity') })
-      );
-    });
-  });
-});

package/src/index.ts DELETED Viewed

@@ -1,81 +0,0 @@
-/**
- * Fastify plugin for @datacules/agent-identity.
- *
- * Decorates each request with resolvedCredential before the route handler runs.
- *
- * Usage:
- *   import Fastify from 'fastify';
- *   import { agentIdentityPlugin } from '@datacules/agent-identity-fastify';
- *
- *   const app = Fastify();
- *   await app.register(agentIdentityPlugin, { credentials, rules, logger });
- *
- *   app.post('/ai/complete', async (request, reply) => {
- *     const cred = request.resolvedCredential; // typed
- *   });
- */
-import fp from 'fastify-plugin';
-import { createRouter } from '@datacules/agent-identity';
-import type {
-  AgentRequestContext,
-  AuditLogger,
-  Credential,
-  ResolvedCredential,
-  RoutingRule,
-} from '@datacules/agent-identity';
-import type { FastifyPluginAsync, FastifyRequest, FastifyReply } from 'fastify';
-declare module 'fastify' {
-  interface FastifyRequest {
-    resolvedCredential: ResolvedCredential | null;
-  }
-}
-export interface AgentIdentityPluginOptions {
-  credentials: Credential[];
-  rules: RoutingRule[];
-  logger?: AuditLogger;
-  contextKey?: string;
-  passThrough?: boolean;
-}
-const plugin: FastifyPluginAsync<AgentIdentityPluginOptions> = async (fastify, options) => {
-  const {
-    credentials,
-    rules,
-    logger,
-    contextKey = 'agentContext',
-    passThrough = true,
-  } = options;
-  const router = createRouter(credentials, rules, logger);
-  fastify.decorateRequest('resolvedCredential', null);
-  fastify.addHook(
-    'preHandler',
-    async (request: FastifyRequest, reply: FastifyReply) => {
-      const body = request.body as Record<string, unknown> | null;
-      const ctx = body?.[contextKey] as AgentRequestContext | undefined;
-      if (!ctx) {
-        if (!passThrough) {
-          return reply.status(400).send({ error: `Missing required field: ${contextKey}` });
-        }
-        return;
-      }
-      const resolved = router.resolve(ctx);
-      if (!resolved) {
-        return reply.status(403).send({ error: 'No credential resolved for this context' });
-      }
-      request.resolvedCredential = resolved;
-    }
-  );
-};
-export const agentIdentityPlugin = fp(plugin, {
-  name: '@datacules/agent-identity-fastify',
-  fastify: '>=4.0.0',
-});