@economic/agents 1.1.0 → 1.2.0

package/dist/hono.d.mts

@@ -1,4 +1,4 @@
-import { MiddlewareHandler } from "hono";
+import { Context, MiddlewareHandler } from "hono";
 
 //#region src/hono/jwt-auth.d.ts
 interface JwtAuthConfig {
@@ -8,13 +8,20 @@ interface JwtAuthConfig {
   audience: string;
   /** Required OAuth scopes; token `scope` must include all (empty = no scope check). */
   requiredScopes?: readonly string[];
+  /**
+   * Custom token extraction function.
+   * If provided, replaces the default extraction entirely.
+   * Default checks Authorization header, then Sec-WebSocket-Protocol.
+   */
+  getToken?: (c: Context) => string | null | Promise<string | null>;
 }
 /**
  * Hono middleware: verify JWT via JWKS derived from the token `iss` claim,
  * after `iss` passes `allowedIssuers`.
  *
- * Reads the token from `Authorization: Bearer` only. Browser WebSocket clients
- * cannot set that header; use `routeAgentRequest` `onBeforeConnect` for those.
+ * By default, reads the token from `Authorization: Bearer` header first,
+ * then falls back to `Sec-WebSocket-Protocol: bearer, <token>` for WebSocket connections.
+ * Provide a custom `getToken` function to replace this behavior entirely.
  */
 declare function jwtAuth(config: JwtAuthConfig): MiddlewareHandler;
 //#endregion

package/dist/hono.mjs

@@ -5,7 +5,9 @@ function getJwksForIssuer(issuer) {
 	const normalized = issuer.replace(/\/$/, "");
 	let jwks = jwksByIssuer.get(normalized);
 	if (!jwks) {
-		jwks = createRemoteJWKSet(new URL(`${normalized}/.well-known/openid-configuration/jwks`));
+		const jwksUrl = new URL(`${normalized}/.well-known/openid-configuration/jwks`);
+		console.log("jwksUrl", jwksUrl);
+		jwks = createRemoteJWKSet(jwksUrl);
 		jwksByIssuer.set(normalized, jwks);
 	}
 	return jwks;
@@ -17,6 +19,17 @@ function bearerTokenFromAuthorizationHeader(authorization) {
 	if (!authorization) return null;
 	return authorization.match(/^Bearer\s+(.+)$/i)?.[1]?.trim() ?? null;
 }
+function tokenFromWebSocketProtocol(header) {
+	if (!header) return null;
+	const parts = header.split(",").map((p) => p.trim());
+	const idx = parts.indexOf("bearer");
+	return idx !== -1 && parts[idx + 1] ? parts[idx + 1] : null;
+}
+function defaultGetToken(c) {
+	const authToken = bearerTokenFromAuthorizationHeader(c.req.header("Authorization"));
+	if (authToken) return authToken;
+	return tokenFromWebSocketProtocol(c.req.header("Sec-WebSocket-Protocol"));
+}
 function hasRequiredScopes(tokenScope, required) {
 	if (required.length === 0) return true;
 	if (tokenScope === void 0) return false;
@@ -31,13 +44,15 @@ function authErrorResponse(status, message) {
 * Hono middleware: verify JWT via JWKS derived from the token `iss` claim,
 * after `iss` passes `allowedIssuers`.
 *
-* Reads the token from `Authorization: Bearer` only. Browser WebSocket clients
-* cannot set that header; use `routeAgentRequest` `onBeforeConnect` for those.
+* By default, reads the token from `Authorization: Bearer` header first,
+* then falls back to `Sec-WebSocket-Protocol: bearer, <token>` for WebSocket connections.
+* Provide a custom `getToken` function to replace this behavior entirely.
 */
 function jwtAuth(config) {
 	const requiredScopes = config.requiredScopes ?? [];
+	const getToken = config.getToken ?? defaultGetToken;
 	return async (c, next) => {
-		const token = bearerTokenFromAuthorizationHeader(c.req.header("Authorization"));
+		const token = await getToken(c);
 		if (!token) return authErrorResponse(401, "Unauthorized: Missing authentication token");
 		let unverifiedPayload;
 		try {

package/dist/index.d.mts

@@ -1,4 +1,4 @@
-import { Agent as Agent$1, Connection, ConnectionContext } from "agents";
+import { Agent as Agent$1, AgentOptions, Connection, ConnectionContext } from "agents";
 import { AIChatAgent, OnChatMessageOptions } from "@cloudflare/ai-chat";
 import { LanguageModel, StreamTextOnFinishCallback, ToolSet, UIMessage, generateText, streamText } from "ai";
 
@@ -244,4 +244,7 @@ declare abstract class ChatAgentHarness<Env extends Cloudflare.Env, RequestBody
   onChatMessage(onFinish: StreamTextOnFinishCallback<ToolSet>, options?: OnChatMessageOptions): Promise<Response>;
 }
 //#endregion
-export { Agent, type AgentToolContext, type BuildLLMParamsConfig, ChatAgent, ChatAgentHarness, type Skill, buildLLMParams };
+//#region src/server/route-agent-request.d.ts
+declare function routeAgentRequest<Env>(request: Request, env: Env, options?: AgentOptions<Env>): Promise<Response | null>;
+//#endregion
+export { Agent, type AgentToolContext, type BuildLLMParamsConfig, ChatAgent, ChatAgentHarness, type Skill, buildLLMParams, routeAgentRequest };

package/dist/index.mjs

@@ -1,4 +1,4 @@
-import { Agent as Agent$1, callable } from "agents";
+import { Agent as Agent$1, callable, routeAgentRequest as routeAgentRequest$1 } from "agents";
 import { AIChatAgent } from "@cloudflare/ai-chat";
 import { Output, convertToModelMessages, generateText, jsonSchema, stepCountIs, streamText, tool } from "ai";
 //#region src/server/features/skills/index.ts
@@ -880,4 +880,17 @@ var ChatAgentHarness = class extends ChatAgent {
 	}
 };
 //#endregion
-export { Agent, ChatAgent, ChatAgentHarness, buildLLMParams };
+//#region src/server/route-agent-request.ts
+async function routeAgentRequest(request, env, options) {
+	const response = await routeAgentRequest$1(request, env, options);
+	if (!response) return null;
+	const protocol = request.headers.get("sec-websocket-protocol");
+	if (response.status === 101 && protocol) {
+		const newResponse = new Response(null, response);
+		newResponse.headers.set("Sec-WebSocket-Protocol", protocol.split(",")[0].trim());
+		return newResponse;
+	}
+	return response;
+}
+//#endregion
+export { Agent, ChatAgent, ChatAgentHarness, buildLLMParams, routeAgentRequest };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@economic/agents",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "A starter for creating a TypeScript package.",
   "license": "MIT",
   "bin": {