@elevasis/core 0.20.0 → 0.22.0

package/src/execution/engine/tools/integration/server/adapters/apify/apify-adapter.ts

@@ -1,34 +1,60 @@
 import type { BaseIntegrationAdapter } from '../../../base-integration-adapter'
 import { ToolingError } from '../../../../types'
-import type { ExecutionContext } from '../../../../../base/types'
-import { runActor } from './fetch/run-actor/index'
-import { getDatasetItems } from './fetch/get-dataset-items/index'
-import { startActor } from './fetch/start-actor/index'
-import type { StartActorParams } from '../../../../integration/types/apify'
-
-interface ApifyCredentials {
-  apiToken?: string
-  apiKey?: string
-  api_token?: string
-  token?: string
-}
-
-interface RunActorParams {
-  actorId: string
-  input?: Record<string, unknown>
-  timeoutSecs?: number
+import type { ExecutionContext } from '../../../../../base/types'
+import { runActor } from './fetch/run-actor/index'
+import { getDatasetItems } from './fetch/get-dataset-items/index'
+import { startActor } from './fetch/start-actor/index'
+import type { StartActorParams } from '../../../../integration/types/apify'
+import { createHttpError, withRetry, DEFAULT_RETRY_POLICY } from '../../../../../../../platform/resilience'
+
+interface ApifyCredentials {
+  apiToken?: string
+  apiKey?: string
+  api_token?: string
+  token?: string
+}
+
+export interface ApifyVerifyResult {
+  ok: true
+  provider: 'apify'
+  username?: string
+  plan?: string
+}
+
+type ApifyPlan =
+  | string
+  | {
+      id?: string
+      name?: string
+      description?: string
+    }
+
+interface ApifyUserResponse {
+  data?: {
+    username?: string
+    plan?: ApifyPlan
+    id?: string
+  }
+}
+
+interface RunActorParams {
+  actorId: string
+  input?: Record<string, unknown>
+  timeoutSecs?: number
   pollIntervalSecs?: number
   maxItems?: number
 }
 
 interface GetDatasetItemsParams {
   datasetId: string
-  maxItems?: number
-  offset?: number
-}
-
-/**
- * Apify integration adapter
+  maxItems?: number
+  offset?: number
+}
+
+const APIFY_API_BASE_URL = 'https://api.apify.com/v2'
+
+/**
+ * Apify integration adapter
  *
  * Provides access to Apify actor automation platform for web scraping
  * and browser automation tasks.
@@ -62,12 +88,14 @@ export class ApifyAdapter implements BaseIntegrationAdapter {
     // Normalize credentials to consistent field name
     const normalizedCreds = this.normalizeCredentials(credentials as unknown as ApifyCredentials)
 
-    // Route to method handler
-    switch (method) {
-      case 'runActor':
-        return runActor(normalizedCreds, params as RunActorParams, context)
-      case 'getDatasetItems':
-        return getDatasetItems(normalizedCreds, params as GetDatasetItemsParams, context)
+    // Route to method handler
+    switch (method) {
+      case 'verify':
+        return this.verify(normalizedCreds, context)
+      case 'runActor':
+        return runActor(normalizedCreds, params as RunActorParams, context)
+      case 'getDatasetItems':
+        return getDatasetItems(normalizedCreds, params as GetDatasetItemsParams, context)
       case 'startActor':
         return startActor(normalizedCreds, params as StartActorParams, context)
       default:
@@ -79,15 +107,47 @@ export class ApifyAdapter implements BaseIntegrationAdapter {
     }
   }
 
-  validateCredentials(credentials: Record<string, unknown>): boolean {
-    const creds = credentials as unknown as ApifyCredentials
-    const token = creds.apiToken || creds.apiKey || creds.api_token || creds.token
-    return !!token && typeof token === 'string' && token.length > 0
-  }
-
-  /**
-   * Normalize credentials to use consistent field name
-   */
+  validateCredentials(credentials: Record<string, unknown>): boolean {
+    const creds = credentials as unknown as ApifyCredentials
+    const token = creds.apiToken || creds.apiKey || creds.api_token || creds.token
+    return typeof token === 'string' && token.trim().length > 0
+  }
+
+  async verify(credentials: ApifyCredentials, context?: ExecutionContext): Promise<ApifyVerifyResult> {
+    const normalizedCreds = this.normalizeCredentials(credentials)
+    const response = await withRetry(async () => {
+      const result = await fetch(`${APIFY_API_BASE_URL}/users/me`, {
+        method: 'GET',
+        headers: {
+          Authorization: `Bearer ${normalizedCreds.apiToken}`,
+          'Content-Type': 'application/json'
+        }
+      })
+
+      if (!result.ok) {
+        throw await createHttpError(result, {
+          integration: this.name,
+          method: 'verify',
+          organizationId: context?.organizationId
+        })
+      }
+
+      return result
+    }, DEFAULT_RETRY_POLICY)
+
+    const data = (await response.json()) as ApifyUserResponse
+
+    return {
+      ok: true,
+      provider: 'apify',
+      username: data.data?.username ?? data.data?.id,
+      plan: formatApifyPlan(data.data?.plan)
+    }
+  }
+
+  /**
+   * Normalize credentials to use consistent field name
+   */
   private normalizeCredentials(credentials: ApifyCredentials): { apiToken: string } {
     const token = credentials.apiToken || credentials.apiKey || credentials.api_token || credentials.token
     if (!token) {
@@ -95,6 +155,12 @@ export class ApifyAdapter implements BaseIntegrationAdapter {
         integration: this.name
       })
     }
-    return { apiToken: token }
-  }
-}
+    return { apiToken: token.trim() }
+  }
+}
+
+function formatApifyPlan(plan: ApifyPlan | undefined): string | undefined {
+  if (!plan) return undefined
+  if (typeof plan === 'string') return plan
+  return plan.id ?? plan.name ?? plan.description
+}

package/src/execution/engine/tools/integration/server/adapters/apollo/apollo-adapter.test.ts

@@ -0,0 +1,48 @@
+import { afterEach, describe, expect, it, vi } from 'vitest'
+import { ApolloAdapter } from './apollo-adapter'
+
+describe('ApolloAdapter', () => {
+  const adapter = new ApolloAdapter()
+  const originalFetch = globalThis.fetch
+
+  afterEach(() => {
+    vi.restoreAllMocks()
+    globalThis.fetch = originalFetch
+  })
+
+  it('accepts Apollo API keys stored in generic apiKey shape', () => {
+    expect(adapter.validateCredentials({ apiKey: 'apollo-key' })).toBe(true)
+  })
+
+  it('accepts Apollo API keys stored in legacy Apollo alias shapes', () => {
+    expect(adapter.validateCredentials({ apolloApiKey: 'apollo-key' })).toBe(true)
+    expect(adapter.validateCredentials({ APOLLO_API_KEY: 'apollo-key' })).toBe(true)
+    expect(adapter.validateCredentials({ key: 'apollo-key' })).toBe(true)
+  })
+
+  it('rejects blank tokens', () => {
+    expect(adapter.validateCredentials({ apiKey: '   ' })).toBe(false)
+  })
+
+  it('verifies credentials against the Apollo auth health endpoint', async () => {
+    const fetchMock = vi.fn().mockResolvedValue({
+      ok: true
+    })
+    globalThis.fetch = fetchMock as unknown as typeof fetch
+
+    await expect(adapter.verify({ apiKey: ' apollo-key ' })).resolves.toEqual({
+      ok: true,
+      provider: 'apollo',
+      authenticated: true
+    })
+
+    expect(fetchMock).toHaveBeenCalledWith('https://api.apollo.io/v1/auth/health', {
+      method: 'GET',
+      headers: {
+        accept: 'application/json',
+        'x-api-key': 'apollo-key',
+        authorization: 'Bearer apollo-key'
+      }
+    })
+  })
+})

package/src/execution/engine/tools/integration/server/adapters/apollo/apollo-adapter.ts

@@ -0,0 +1,99 @@
+import type { BaseIntegrationAdapter } from '../../../base-integration-adapter'
+import { ToolingError } from '../../../../types'
+import type { ExecutionContext } from '../../../../../base/types'
+import { createHttpError, withRetry, DEFAULT_RETRY_POLICY } from '../../../../../../../platform/resilience'
+
+export interface ApolloCredentials {
+  apiKey?: string
+  apolloApiKey?: string
+  APOLLO_API_KEY?: string
+  key?: string
+  token?: string
+}
+
+export interface ApolloVerifyResult {
+  ok: true
+  provider: 'apollo'
+  authenticated: boolean
+}
+
+const APOLLO_AUTH_HEALTH_URL = 'https://api.apollo.io/v1/auth/health'
+
+export class ApolloAdapter implements BaseIntegrationAdapter {
+  readonly name = 'apollo'
+
+  async call(
+    method: string,
+    params: unknown,
+    credentials: Record<string, unknown>,
+    context?: ExecutionContext
+  ): Promise<unknown> {
+    if (!this.validateCredentials(credentials)) {
+      throw new ToolingError('credentials_invalid', 'Invalid Apollo credentials', {
+        integration: this.name,
+        organizationId: context?.organizationId
+      })
+    }
+
+    switch (method) {
+      case 'verify':
+        return this.verify(credentials as unknown as ApolloCredentials, context)
+      default:
+        throw new ToolingError('method_not_found', `Unknown Apollo method: ${method}`, {
+          integration: this.name,
+          method,
+          organizationId: context?.organizationId
+        })
+    }
+  }
+
+  validateCredentials(credentials: Record<string, unknown>): boolean {
+    const token = this.getToken(credentials as unknown as ApolloCredentials)
+    return typeof token === 'string' && token.trim().length > 0
+  }
+
+  async verify(credentials: ApolloCredentials, context?: ExecutionContext): Promise<ApolloVerifyResult> {
+    const token = this.normalizeCredentials(credentials).apiKey
+    await withRetry(async () => {
+      const response = await fetch(APOLLO_AUTH_HEALTH_URL, {
+        method: 'GET',
+        headers: {
+          accept: 'application/json',
+          'x-api-key': token,
+          authorization: `Bearer ${token}`
+        }
+      })
+
+      if (!response.ok) {
+        throw await createHttpError(response, {
+          integration: this.name,
+          method: 'verify',
+          organizationId: context?.organizationId
+        })
+      }
+
+      return response
+    }, DEFAULT_RETRY_POLICY)
+
+    return {
+      ok: true,
+      provider: 'apollo',
+      authenticated: true
+    }
+  }
+
+  private normalizeCredentials(credentials: ApolloCredentials): { apiKey: string } {
+    const token = this.getToken(credentials)
+    if (!token) {
+      throw new ToolingError('credentials_invalid', 'Missing Apollo API key', {
+        integration: this.name
+      })
+    }
+
+    return { apiKey: token.trim() }
+  }
+
+  private getToken(credentials: ApolloCredentials): string | undefined {
+    return credentials.apiKey ?? credentials.apolloApiKey ?? credentials.APOLLO_API_KEY ?? credentials.key ?? credentials.token
+  }
+}

package/src/execution/engine/tools/integration/server/adapters/apollo/index.ts

@@ -0,0 +1 @@
+export { ApolloAdapter, type ApolloCredentials, type ApolloVerifyResult } from './apollo-adapter'

package/src/execution/engine/tools/integration/server/adapters/clickup/clickup-adapter.test.ts

@@ -0,0 +1,18 @@
+import { describe, expect, it } from 'vitest'
+import { ClickUpAdapter } from './clickup-adapter'
+
+describe('ClickUpAdapter', () => {
+  const adapter = new ClickUpAdapter()
+
+  it('accepts ClickUp personal tokens stored in provider-specific apiToken shape', () => {
+    expect(adapter.validateCredentials({ apiToken: 'pk_test_123' })).toBe(true)
+  })
+
+  it('accepts ClickUp personal tokens stored in generic api-key shape', () => {
+    expect(adapter.validateCredentials({ apiKey: 'pk_test_123' })).toBe(true)
+  })
+
+  it('rejects non-ClickUp API keys', () => {
+    expect(adapter.validateCredentials({ apiKey: 'sk_test_123' })).toBe(false)
+  })
+})

package/src/execution/engine/tools/integration/server/adapters/clickup/clickup-adapter.ts

@@ -0,0 +1,194 @@
+import type { BaseIntegrationAdapter } from '../../../base-integration-adapter'
+import { ToolingError } from '../../../../types'
+import type { ExecutionContext } from '../../../../../base/types'
+import { createHttpError, withRetry, DEFAULT_RETRY_POLICY } from '../../../../../../../platform/resilience'
+
+export interface ClickUpCredentials {
+  apiToken?: string
+  apiKey?: string
+  api_token?: string
+  token?: string
+}
+
+export interface ClickUpVerifyResult {
+  ok: true
+  provider: 'clickup'
+  teamCount: number
+  teams: Array<{
+    id: string
+    name: string
+  }>
+}
+
+export interface ClickUpCreateTaskParams {
+  listId: string
+  name: string
+  markdownContent: string
+}
+
+export interface ClickUpCreateTaskResult {
+  id: string
+  url?: string
+  name: string
+}
+
+interface ClickUpTeamResponse {
+  teams?: Array<{
+    id?: string | number
+    name?: string
+  }>
+}
+
+interface ClickUpTaskResponse {
+  id?: string
+  url?: string
+  name?: string
+}
+
+const CLICKUP_API_BASE_URL = 'https://api.clickup.com/api/v2'
+
+export class ClickUpAdapter implements BaseIntegrationAdapter {
+  readonly name = 'clickup'
+
+  async call(
+    method: string,
+    params: unknown,
+    credentials: Record<string, unknown>,
+    context?: ExecutionContext
+  ): Promise<unknown> {
+    if (!this.validateCredentials(credentials)) {
+      throw new ToolingError('credentials_invalid', 'Invalid ClickUp credentials', {
+        integration: this.name,
+        organizationId: context?.organizationId
+      })
+    }
+
+    const creds = this.normalizeCredentials(credentials as unknown as ClickUpCredentials)
+
+    switch (method) {
+      case 'verify':
+        return this.verify(creds, context)
+      case 'createTask':
+        return this.createTask(creds, params as ClickUpCreateTaskParams, context)
+      default:
+        throw new ToolingError('method_not_found', `Unknown ClickUp method: ${method}`, {
+          integration: this.name,
+          method,
+          organizationId: context?.organizationId
+        })
+    }
+  }
+
+  validateCredentials(credentials: Record<string, unknown>): boolean {
+    const creds = credentials as unknown as ClickUpCredentials
+    const token = creds.apiToken || creds.apiKey || creds.api_token || creds.token
+    return typeof token === 'string' && token.trim().startsWith('pk_')
+  }
+
+  async verify(credentials: ClickUpCredentials, context?: ExecutionContext): Promise<ClickUpVerifyResult> {
+    const response = await this.request('/team', this.normalizeCredentials(credentials), { method: 'GET' }, 'verify', context)
+    const data = (await response.json()) as ClickUpTeamResponse
+    const teams = (data.teams ?? []).map((team) => ({
+      id: String(team.id ?? ''),
+      name: team.name ?? ''
+    }))
+
+    return {
+      ok: true,
+      provider: 'clickup',
+      teamCount: teams.length,
+      teams: teams.filter((team) => team.id || team.name)
+    }
+  }
+
+  async createTask(
+    credentials: { apiToken: string },
+    params: ClickUpCreateTaskParams,
+    context?: ExecutionContext
+  ): Promise<ClickUpCreateTaskResult> {
+    if (!params.listId || !params.name || !params.markdownContent) {
+      throw new ToolingError('validation_error', 'listId, name, and markdownContent are required', {
+        integration: this.name,
+        method: 'createTask',
+        organizationId: context?.organizationId
+      })
+    }
+
+    const response = await this.request(
+      `/list/${encodeURIComponent(params.listId)}/task`,
+      this.normalizeCredentials(credentials),
+      {
+        method: 'POST',
+        body: JSON.stringify({
+          name: params.name,
+          markdown_content: params.markdownContent
+        })
+      },
+      'createTask',
+      context
+    )
+    const data = (await response.json()) as ClickUpTaskResponse
+
+    if (!data.id) {
+      throw new ToolingError('api_error', 'ClickUp create task response did not include a task ID', {
+        integration: this.name,
+        method: 'createTask',
+        organizationId: context?.organizationId
+      })
+    }
+
+    return {
+      id: data.id,
+      url: data.url,
+      name: data.name ?? params.name
+    }
+  }
+
+  private async request(
+    path: string,
+    credentials: { apiToken: string },
+    init: RequestInit,
+    method: string,
+    context?: ExecutionContext
+  ): Promise<Response> {
+    if (!this.validateCredentials(credentials as unknown as Record<string, unknown>)) {
+      throw new ToolingError('credentials_invalid', 'ClickUp personal API token must start with pk_', {
+        integration: this.name,
+        method,
+        organizationId: context?.organizationId
+      })
+    }
+
+    return await withRetry(async () => {
+      const response = await fetch(`${CLICKUP_API_BASE_URL}${path}`, {
+        ...init,
+        headers: {
+          Authorization: credentials.apiToken,
+          'Content-Type': 'application/json',
+          ...init.headers
+        }
+      })
+
+      if (!response.ok) {
+        throw await createHttpError(response, {
+          integration: this.name,
+          method,
+          organizationId: context?.organizationId
+        })
+      }
+
+      return response
+    }, DEFAULT_RETRY_POLICY)
+  }
+
+  private normalizeCredentials(credentials: ClickUpCredentials): { apiToken: string } {
+    const token = credentials.apiToken || credentials.apiKey || credentials.api_token || credentials.token
+    if (!token || !token.trim().startsWith('pk_')) {
+      throw new ToolingError('credentials_invalid', 'ClickUp personal API token must start with pk_', {
+        integration: this.name
+      })
+    }
+
+    return { apiToken: token.trim() }
+  }
+}

package/src/execution/engine/tools/integration/server/adapters/clickup/index.ts

@@ -0,0 +1,7 @@
+export { ClickUpAdapter } from './clickup-adapter'
+export type {
+  ClickUpCredentials,
+  ClickUpVerifyResult,
+  ClickUpCreateTaskParams,
+  ClickUpCreateTaskResult
+} from './clickup-adapter'

package/src/execution/engine/workflow/types.ts

@@ -7,16 +7,23 @@ import type { z } from 'zod'
 
 import type { ExecutionContext } from '../base/types'
 import type { ResourceDefinition } from '../../../platform/registry/types'
+import type { WorkflowResourceEntry } from '../../../organization-model/domains/resources'
 import type { ResourceMetricsConfig } from '../../../operations/observability/types'
 import type { ExecutionInterface } from '../interface/types'
 
 // Workflow configuration
 export interface WorkflowConfig extends ResourceDefinition {
   type: 'workflow'
+  /** OM descriptor backing canonical identity and governance metadata. */
+  resource?: WorkflowResourceEntry
   /** Lead-gen capability key for registry derivation (e.g. 'lead-gen.company.apollo-import') */
   capabilityKey?: string
 }
 
+export type DescriptorBackedWorkflowConfig = Omit<WorkflowConfig, 'resourceId' | 'type' | 'resource'> & {
+  resource: WorkflowResourceEntry
+}
+
 // Workflow step definition
 export interface WorkflowStepDefinition {
   id: string

package/src/integrations/credentials/api-schemas.ts

@@ -18,11 +18,13 @@ import { UuidSchema, CredentialNameSchema } from '../../platform/utils/validatio
  * - 'oauth': All OAuth providers (notion, google-sheets) store this type
  * - 'api-key': Generic single-field API key credentials
  * - 'webhook-secret': Webhook signing secrets for signature validation
+ * - 'api-key-secret': API key and secret pair credentials
+ * - 'clickup': ClickUp personal-token credentials with provider-specific schema/verification
  *
  * Note: Provider-specific identifiers (notion, google-sheets) are CREDENTIAL_SCHEMAS
  * keys used for UI lookup, NOT stored type values. OAuth credentials store type='oauth'.
  */
-export const CredentialTypeSchema = z.enum(['oauth', 'api-key', 'webhook-secret', 'api-key-secret'])
+export const CredentialTypeSchema = z.enum(['oauth', 'api-key', 'webhook-secret', 'api-key-secret', 'clickup'])
 
 /**
  * Credential value validation
@@ -114,6 +116,21 @@ export const DeleteCredentialParamsSchema = z.object({
   credentialId: UuidSchema
 })
 
+/**
+ * POST /api/credentials/:credentialId/verify - Verify credential with provider smoke check
+ */
+export const VerifyCredentialParamsSchema = z.object({
+  credentialId: UuidSchema
+})
+
+export const VerifyCredentialResponseSchema = z.object({
+  ok: z.boolean(),
+  provider: z.string(),
+  checkedAt: z.string().datetime(),
+  message: z.string().optional(),
+  details: z.record(z.string(), z.unknown()).optional()
+})
+
 /**
  * Export all schemas for use in routes
  */
@@ -123,5 +140,7 @@ export const CredentialSchemas = {
   ListResponse: ListCredentialsResponseSchema,
   UpdateParams: UpdateCredentialParamsSchema,
   UpdateRequest: UpdateCredentialRequestSchema,
-  DeleteParams: DeleteCredentialParamsSchema
+  DeleteParams: DeleteCredentialParamsSchema,
+  VerifyParams: VerifyCredentialParamsSchema,
+  VerifyResponse: VerifyCredentialResponseSchema
 }