@evilstar9527/tool-bridge 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +288 -0
- package/dist/sdk/admin.js +157 -0
- package/dist/sdk/chunks/client-BWz3o-l-.js +36 -0
- package/dist/sdk/chunks/errors-DJj3RaDk.js +54 -0
- package/dist/sdk/host.js +98 -0
- package/dist/sdk/index.js +6 -0
- package/dist/sdk/tb.js +0 -0
- package/dist/sdk/transport.js +14 -0
- package/dist/sdk/tunnel-agent.js +43 -0
- package/dist/sdk/worker.js +2940 -0
- package/dist/types/sdk/admin/index.d.ts +237 -0
- package/dist/types/sdk/client.d.ts +17 -0
- package/dist/types/sdk/host/index.d.ts +65 -0
- package/dist/types/sdk/index.d.ts +5 -0
- package/dist/types/sdk/transport.d.ts +8 -0
- package/dist/types/sdk/tunnel-agent/index.d.ts +29 -0
- package/dist/types/worker/index.d.ts +19 -0
- package/dist/types/worker/tb/adapters/builtin.d.ts +4 -0
- package/dist/types/worker/tb/adapters/directory.d.ts +6 -0
- package/dist/types/worker/tb/adapters/http.d.ts +2 -0
- package/dist/types/worker/tb/adapters/index.d.ts +2 -0
- package/dist/types/worker/tb/adapters/mcp.d.ts +2 -0
- package/dist/types/worker/tb/adapters/mount.d.ts +2 -0
- package/dist/types/worker/tb/adapters/remote.d.ts +2 -0
- package/dist/types/worker/tb/audit.d.ts +56 -0
- package/dist/types/worker/tb/crawl.d.ts +11 -0
- package/dist/types/worker/tb/device.d.ts +80 -0
- package/dist/types/worker/tb/dynamic-servers.d.ts +12 -0
- package/dist/types/worker/tb/entities.d.ts +74 -0
- package/dist/types/worker/tb/errors.d.ts +34 -0
- package/dist/types/worker/tb/help.d.ts +2 -0
- package/dist/types/worker/tb/host-api.d.ts +12 -0
- package/dist/types/worker/tb/materialize.d.ts +4 -0
- package/dist/types/worker/tb/mcp-client.d.ts +17 -0
- package/dist/types/worker/tb/provider-api.d.ts +11 -0
- package/dist/types/worker/tb/registry.d.ts +11 -0
- package/dist/types/worker/tb/remote-client.d.ts +3 -0
- package/dist/types/worker/tb/resolve.d.ts +8 -0
- package/dist/types/worker/tb/storage-r2.d.ts +2 -0
- package/dist/types/worker/tb/tenant.d.ts +28 -0
- package/dist/types/worker/tb/testing/fake-kv.d.ts +20 -0
- package/dist/types/worker/tb/types.d.ts +155 -0
- package/dist/types/worker/tb/util.d.ts +18 -0
- package/dist/types/worker/tb/virtualize.d.ts +7 -0
- package/docs/sdk.md +149 -0
- package/package.json +79 -0
|
@@ -0,0 +1,237 @@
|
|
|
1
|
+
import { Transport } from '../transport';
|
|
2
|
+
import type { Placement, Provider, Publication } from '../../worker/tb/entities';
|
|
3
|
+
import type { AuditEvent } from '../../worker/tb/audit';
|
|
4
|
+
import type { CommandPolicy, DeviceTool, EndpointRecord } from '../../worker/tb/device';
|
|
5
|
+
import type { HostRecord } from '../../worker/tb/host-api';
|
|
6
|
+
import type { CrawlNode, HelpPayload } from '../../worker/tb/types';
|
|
7
|
+
export interface AdminOptions {
|
|
8
|
+
transport: Transport;
|
|
9
|
+
credential: string;
|
|
10
|
+
}
|
|
11
|
+
export interface PlacementInput {
|
|
12
|
+
id?: string;
|
|
13
|
+
tenantId?: string;
|
|
14
|
+
path: string;
|
|
15
|
+
pubRef: {
|
|
16
|
+
providerId: string;
|
|
17
|
+
pubId: string;
|
|
18
|
+
version?: string;
|
|
19
|
+
};
|
|
20
|
+
enabled?: boolean;
|
|
21
|
+
}
|
|
22
|
+
export interface PlacementImpact {
|
|
23
|
+
dryRun: true;
|
|
24
|
+
action: 'create' | 'update' | 'move' | 'delete';
|
|
25
|
+
placement: Placement;
|
|
26
|
+
affected: {
|
|
27
|
+
tenantId: string;
|
|
28
|
+
paths: string[];
|
|
29
|
+
grants: Array<{
|
|
30
|
+
keyHash: string;
|
|
31
|
+
principal: string;
|
|
32
|
+
label?: string;
|
|
33
|
+
}>;
|
|
34
|
+
note?: string;
|
|
35
|
+
};
|
|
36
|
+
}
|
|
37
|
+
export interface ServerSummary {
|
|
38
|
+
id: string;
|
|
39
|
+
name: string;
|
|
40
|
+
endpoint: string;
|
|
41
|
+
description?: string;
|
|
42
|
+
allowedTools?: string[];
|
|
43
|
+
source?: 'static' | 'dynamic';
|
|
44
|
+
}
|
|
45
|
+
export interface AdhocServerInput {
|
|
46
|
+
name?: string;
|
|
47
|
+
endpoint: string;
|
|
48
|
+
headers?: Record<string, string>;
|
|
49
|
+
bearerToken?: string;
|
|
50
|
+
}
|
|
51
|
+
export interface McpTool {
|
|
52
|
+
name: string;
|
|
53
|
+
description?: string;
|
|
54
|
+
inputSchema?: unknown;
|
|
55
|
+
outputSchema?: unknown;
|
|
56
|
+
annotations?: unknown;
|
|
57
|
+
}
|
|
58
|
+
export interface EndpointInput {
|
|
59
|
+
id: string;
|
|
60
|
+
tenantId?: string;
|
|
61
|
+
providerId?: string;
|
|
62
|
+
kind?: EndpointRecord['kind'];
|
|
63
|
+
label?: string;
|
|
64
|
+
capabilities?: DeviceTool[];
|
|
65
|
+
status?: EndpointRecord['status'];
|
|
66
|
+
commandPolicyId?: string;
|
|
67
|
+
}
|
|
68
|
+
export type CommandPolicyInput = Partial<CommandPolicy> & {
|
|
69
|
+
id: string;
|
|
70
|
+
};
|
|
71
|
+
export declare function createToolBridgeAdmin(options: AdminOptions): {
|
|
72
|
+
auth: {
|
|
73
|
+
config: () => Promise<{
|
|
74
|
+
mode: "none" | "bearer" | "oauth";
|
|
75
|
+
oauthIssuer?: string;
|
|
76
|
+
oauthAudience?: string;
|
|
77
|
+
}>;
|
|
78
|
+
};
|
|
79
|
+
providers: {
|
|
80
|
+
list: () => Promise<Provider[]>;
|
|
81
|
+
get: (id: string) => Promise<Provider>;
|
|
82
|
+
create: (provider: Partial<Provider> & {
|
|
83
|
+
id: string;
|
|
84
|
+
}) => Promise<Provider>;
|
|
85
|
+
update: (id: string, patch: Partial<Provider>) => Promise<Provider>;
|
|
86
|
+
delete: (id: string) => Promise<{
|
|
87
|
+
ok: true;
|
|
88
|
+
}>;
|
|
89
|
+
createKey: (id: string, opts?: {
|
|
90
|
+
label?: string;
|
|
91
|
+
expiresAt?: string;
|
|
92
|
+
}) => Promise<{
|
|
93
|
+
key: string;
|
|
94
|
+
record: {
|
|
95
|
+
principal: "provider";
|
|
96
|
+
providerId: string;
|
|
97
|
+
};
|
|
98
|
+
}>;
|
|
99
|
+
};
|
|
100
|
+
publications: {
|
|
101
|
+
list: (providerId: string) => Promise<Publication[]>;
|
|
102
|
+
get: (providerId: string, pubId: string) => Promise<Publication>;
|
|
103
|
+
create: (providerId: string, pub: Partial<Publication> & {
|
|
104
|
+
pubId: string;
|
|
105
|
+
binding: Record<string, unknown>;
|
|
106
|
+
}) => Promise<Publication>;
|
|
107
|
+
update: (providerId: string, pubId: string, patch: Partial<Publication>) => Promise<Publication>;
|
|
108
|
+
delete: (providerId: string, pubId: string) => Promise<{
|
|
109
|
+
ok: true;
|
|
110
|
+
}>;
|
|
111
|
+
publish: (providerId: string, pubId: string) => Promise<Publication>;
|
|
112
|
+
};
|
|
113
|
+
placements: {
|
|
114
|
+
list: (tenantId?: string) => Promise<Placement[]>;
|
|
115
|
+
put: (placement: PlacementInput) => Promise<{
|
|
116
|
+
placement: Placement;
|
|
117
|
+
action: string;
|
|
118
|
+
}>;
|
|
119
|
+
dryRun: (placement: PlacementInput) => Promise<PlacementImpact>;
|
|
120
|
+
delete: (id: string, tenantId?: string, opts?: {
|
|
121
|
+
dryRun?: boolean;
|
|
122
|
+
}) => Promise<PlacementImpact | {
|
|
123
|
+
ok: true;
|
|
124
|
+
}>;
|
|
125
|
+
};
|
|
126
|
+
hosts: {
|
|
127
|
+
create: (host: {
|
|
128
|
+
id: string;
|
|
129
|
+
tenantId?: string;
|
|
130
|
+
displayName?: string;
|
|
131
|
+
confirmDelegated?: boolean;
|
|
132
|
+
}) => Promise<HostRecord>;
|
|
133
|
+
get: (id: string) => Promise<HostRecord>;
|
|
134
|
+
createKey: (id: string, opts?: {
|
|
135
|
+
label?: string;
|
|
136
|
+
expiresAt?: string;
|
|
137
|
+
}) => Promise<{
|
|
138
|
+
key: string;
|
|
139
|
+
record: {
|
|
140
|
+
principal: "host";
|
|
141
|
+
hostId: string;
|
|
142
|
+
tenantId: string;
|
|
143
|
+
providerId: string;
|
|
144
|
+
};
|
|
145
|
+
}>;
|
|
146
|
+
};
|
|
147
|
+
endpoints: {
|
|
148
|
+
list: () => Promise<EndpointRecord[]>;
|
|
149
|
+
create: (endpoint: EndpointInput) => Promise<EndpointRecord>;
|
|
150
|
+
get: (id: string) => Promise<EndpointRecord>;
|
|
151
|
+
update: (id: string, patch: Partial<EndpointInput>) => Promise<EndpointRecord>;
|
|
152
|
+
revoke: (id: string) => Promise<EndpointRecord>;
|
|
153
|
+
};
|
|
154
|
+
commandPolicies: {
|
|
155
|
+
list: () => Promise<CommandPolicy[]>;
|
|
156
|
+
create: (policy: CommandPolicyInput) => Promise<CommandPolicy>;
|
|
157
|
+
get: (id: string) => Promise<CommandPolicy>;
|
|
158
|
+
update: (id: string, patch: Partial<CommandPolicyInput>) => Promise<CommandPolicy>;
|
|
159
|
+
delete: (id: string) => Promise<{
|
|
160
|
+
ok: true;
|
|
161
|
+
}>;
|
|
162
|
+
};
|
|
163
|
+
audit: {
|
|
164
|
+
events: (opts?: {
|
|
165
|
+
tenant?: string;
|
|
166
|
+
limit?: number;
|
|
167
|
+
}) => Promise<{
|
|
168
|
+
scope: string;
|
|
169
|
+
events: AuditEvent[];
|
|
170
|
+
}>;
|
|
171
|
+
};
|
|
172
|
+
servers: {
|
|
173
|
+
list: () => Promise<{
|
|
174
|
+
servers: ServerSummary[];
|
|
175
|
+
dynamicEnabled: boolean;
|
|
176
|
+
}>;
|
|
177
|
+
create: (server: {
|
|
178
|
+
name?: string;
|
|
179
|
+
endpoint: string;
|
|
180
|
+
description?: string;
|
|
181
|
+
}) => Promise<{
|
|
182
|
+
ok: true;
|
|
183
|
+
id: string;
|
|
184
|
+
}>;
|
|
185
|
+
delete: (id: string) => Promise<{
|
|
186
|
+
ok: true;
|
|
187
|
+
}>;
|
|
188
|
+
get: (id: string) => Promise<{
|
|
189
|
+
server: ServerSummary;
|
|
190
|
+
links: {
|
|
191
|
+
help: string;
|
|
192
|
+
skill: string;
|
|
193
|
+
};
|
|
194
|
+
}>;
|
|
195
|
+
tools: (id: string) => Promise<{
|
|
196
|
+
server: ServerSummary;
|
|
197
|
+
tools: McpTool[];
|
|
198
|
+
}>;
|
|
199
|
+
help: (id: string) => Promise<string>;
|
|
200
|
+
skill: (id: string) => Promise<string>;
|
|
201
|
+
call: (id: string, tool: string, args?: unknown) => Promise<{
|
|
202
|
+
server: ServerSummary;
|
|
203
|
+
tool: string;
|
|
204
|
+
result: unknown;
|
|
205
|
+
}>;
|
|
206
|
+
};
|
|
207
|
+
bridge: {
|
|
208
|
+
tools: (server: AdhocServerInput) => Promise<{
|
|
209
|
+
server: ServerSummary;
|
|
210
|
+
tools: McpTool[];
|
|
211
|
+
}>;
|
|
212
|
+
call: (server: AdhocServerInput, tool: string, args?: unknown) => Promise<{
|
|
213
|
+
server: ServerSummary;
|
|
214
|
+
tool: string;
|
|
215
|
+
result: unknown;
|
|
216
|
+
}>;
|
|
217
|
+
};
|
|
218
|
+
tree: {
|
|
219
|
+
get: () => Promise<CrawlNode>;
|
|
220
|
+
crawl: (opts?: {
|
|
221
|
+
start?: {
|
|
222
|
+
path?: string;
|
|
223
|
+
url?: string;
|
|
224
|
+
};
|
|
225
|
+
maxDepth?: number;
|
|
226
|
+
maxNodes?: number;
|
|
227
|
+
}) => Promise<CrawlNode>;
|
|
228
|
+
help: (path?: string) => Promise<HelpPayload>;
|
|
229
|
+
call: (path: string, body?: unknown) => Promise<{
|
|
230
|
+
resource: string;
|
|
231
|
+
result: unknown;
|
|
232
|
+
}>;
|
|
233
|
+
};
|
|
234
|
+
};
|
|
235
|
+
export type ToolBridgeAdmin = ReturnType<typeof createToolBridgeAdmin>;
|
|
236
|
+
export { https, serviceBinding } from '../transport';
|
|
237
|
+
export { TBApiError } from '../client';
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { Transport } from './transport';
|
|
2
|
+
export declare class TBApiError extends Error {
|
|
3
|
+
readonly code: string;
|
|
4
|
+
readonly status: number;
|
|
5
|
+
readonly details?: unknown;
|
|
6
|
+
readonly retryable: boolean;
|
|
7
|
+
constructor(code: string, status: number, message: string, details?: unknown);
|
|
8
|
+
}
|
|
9
|
+
export interface RequestOptions {
|
|
10
|
+
method?: string;
|
|
11
|
+
body?: unknown;
|
|
12
|
+
headers?: Record<string, string>;
|
|
13
|
+
accept?: string;
|
|
14
|
+
}
|
|
15
|
+
export declare function requestJson<T>(transport: Transport, credential: string | undefined, path: string, options?: RequestOptions): Promise<T>;
|
|
16
|
+
export declare function rawRequest(transport: Transport, credential: string | undefined, path: string, options?: RequestOptions): Promise<Response>;
|
|
17
|
+
export declare function errorFrom(response: Response): Promise<TBApiError>;
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import { Transport } from '../transport';
|
|
2
|
+
import type { BuiltinHandler, BuiltinHandlerRegistry, HelpPayload, ToolEffect } from '../../worker/tb/types';
|
|
3
|
+
import type { Placement } from '../../worker/tb/entities';
|
|
4
|
+
export interface HostOptions {
|
|
5
|
+
transport: Transport;
|
|
6
|
+
credential?: string;
|
|
7
|
+
hostId?: string;
|
|
8
|
+
}
|
|
9
|
+
export interface CallContext {
|
|
10
|
+
as?: string;
|
|
11
|
+
traceId?: string;
|
|
12
|
+
reason?: string;
|
|
13
|
+
}
|
|
14
|
+
export interface HostMount {
|
|
15
|
+
path: string;
|
|
16
|
+
binding: Record<string, unknown>;
|
|
17
|
+
version?: string;
|
|
18
|
+
shaping?: Record<string, unknown>;
|
|
19
|
+
semantics?: Record<string, unknown>;
|
|
20
|
+
}
|
|
21
|
+
export interface MountSyncResult {
|
|
22
|
+
ok: true;
|
|
23
|
+
applied: number;
|
|
24
|
+
removed: number;
|
|
25
|
+
placements: Placement[];
|
|
26
|
+
}
|
|
27
|
+
export interface WattError {
|
|
28
|
+
code: 'invalid_argument' | 'unauthenticated' | 'permission_denied' | 'not_found' | 'confirmation_required' | 'unavailable' | 'internal';
|
|
29
|
+
message: string;
|
|
30
|
+
retryable: boolean;
|
|
31
|
+
cause?: {
|
|
32
|
+
code: string;
|
|
33
|
+
status: number;
|
|
34
|
+
details?: unknown;
|
|
35
|
+
};
|
|
36
|
+
}
|
|
37
|
+
export declare function createToolBridgeHost(options: HostOptions): {
|
|
38
|
+
builtins: {
|
|
39
|
+
register(name: string, handler: BuiltinHandler): void;
|
|
40
|
+
registry(): BuiltinHandlerRegistry;
|
|
41
|
+
};
|
|
42
|
+
mounts: {
|
|
43
|
+
sync(mounts: HostMount[], opts?: {
|
|
44
|
+
prune?: boolean;
|
|
45
|
+
}): Promise<MountSyncResult>;
|
|
46
|
+
};
|
|
47
|
+
tree: {
|
|
48
|
+
help(path: string, ctx?: CallContext & {
|
|
49
|
+
accept?: "json" | "text";
|
|
50
|
+
}): Promise<HelpPayload | string>;
|
|
51
|
+
call(path: string, body: unknown, ctx?: CallContext): Promise<{
|
|
52
|
+
resource: string;
|
|
53
|
+
result: unknown;
|
|
54
|
+
}>;
|
|
55
|
+
};
|
|
56
|
+
adapters: {
|
|
57
|
+
wattError(): (error: unknown) => WattError;
|
|
58
|
+
effectMap(map: Partial<Record<ToolEffect, string>>): (payload: HelpPayload) => HelpPayload;
|
|
59
|
+
};
|
|
60
|
+
};
|
|
61
|
+
export type ToolBridgeHost = ReturnType<typeof createToolBridgeHost>;
|
|
62
|
+
export { https, serviceBinding } from '../transport';
|
|
63
|
+
export type { Transport } from '../transport';
|
|
64
|
+
export { TBApiError } from '../client';
|
|
65
|
+
export declare function s2sKey(key: string): string;
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export { createToolBridgeAdmin, type ToolBridgeAdmin } from './admin';
|
|
2
|
+
export { createToolBridgeHost, s2sKey, type ToolBridgeHost } from './host';
|
|
3
|
+
export { createTunnelAgent, type TunnelAgent } from './tunnel-agent';
|
|
4
|
+
export { https, serviceBinding, type FetcherLike, type Transport } from './transport';
|
|
5
|
+
export { TBApiError } from './client';
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export interface Transport {
|
|
2
|
+
fetch(path: string, init?: RequestInit): Promise<Response>;
|
|
3
|
+
}
|
|
4
|
+
export interface FetcherLike {
|
|
5
|
+
fetch(input: Request | string, init?: RequestInit): Promise<Response>;
|
|
6
|
+
}
|
|
7
|
+
export declare function https(baseUrl: string, fetchImpl?: FetcherLike['fetch']): Transport;
|
|
8
|
+
export declare function serviceBinding(binding: FetcherLike): Transport;
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { Transport } from '../transport';
|
|
2
|
+
import type { DeviceTool, TunnelDispatchRequest } from '../../worker/tb/device';
|
|
3
|
+
export interface TunnelAgentOptions {
|
|
4
|
+
transport: Transport;
|
|
5
|
+
endpointId: string;
|
|
6
|
+
credential?: string;
|
|
7
|
+
dispatch: (request: TunnelDispatchRequest) => Promise<unknown> | unknown;
|
|
8
|
+
}
|
|
9
|
+
export interface ConnectResult {
|
|
10
|
+
ok: true;
|
|
11
|
+
endpointId: string;
|
|
12
|
+
sessionId: string;
|
|
13
|
+
capabilities: DeviceTool[];
|
|
14
|
+
}
|
|
15
|
+
export declare function createTunnelAgent(options: TunnelAgentOptions): {
|
|
16
|
+
connect(): Promise<ConnectResult>;
|
|
17
|
+
heartbeat(): Promise<{
|
|
18
|
+
ok: true;
|
|
19
|
+
endpointId: string;
|
|
20
|
+
}>;
|
|
21
|
+
reportCapabilities(capabilities: DeviceTool[]): Promise<{
|
|
22
|
+
ok: true;
|
|
23
|
+
endpointId: string;
|
|
24
|
+
capabilities: DeviceTool[];
|
|
25
|
+
}>;
|
|
26
|
+
dispatch(request: TunnelDispatchRequest): Promise<unknown>;
|
|
27
|
+
cancel(_requestId: string): Promise<void>;
|
|
28
|
+
};
|
|
29
|
+
export type TunnelAgent = ReturnType<typeof createTunnelAgent>;
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { TunnelBroker } from './tb/device';
|
|
2
|
+
import type { BuiltinHandlerRegistry } from './tb/types';
|
|
3
|
+
type AppEnv = Env & {
|
|
4
|
+
AUTH_BEARER_TOKEN?: string;
|
|
5
|
+
OAUTH_ISSUER?: string;
|
|
6
|
+
OAUTH_JWKS_URI?: string;
|
|
7
|
+
ALLOW_INSECURE_MCP_HTTP?: string;
|
|
8
|
+
};
|
|
9
|
+
export interface BridgeOptions {
|
|
10
|
+
builtinHandlers?: BuiltinHandlerRegistry;
|
|
11
|
+
tunnelBroker?: TunnelBroker;
|
|
12
|
+
}
|
|
13
|
+
export declare function createBridge(options?: BridgeOptions): {
|
|
14
|
+
fetch(request: Request<unknown, IncomingRequestCfProperties<unknown>>, env: AppEnv, executionCtx?: ExecutionContext): Promise<Response>;
|
|
15
|
+
};
|
|
16
|
+
declare const _default: {
|
|
17
|
+
fetch(request: Request<unknown, IncomingRequestCfProperties<unknown>>, env: AppEnv, executionCtx?: ExecutionContext): Promise<Response>;
|
|
18
|
+
};
|
|
19
|
+
export default _default;
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import { AdapterContext, DirectoryNode, HelpPayload } from '../types';
|
|
2
|
+
export declare const directoryAdapter: {
|
|
3
|
+
kind: "directory";
|
|
4
|
+
describe(node: DirectoryNode, ctx: AdapterContext, sub: string[]): Promise<HelpPayload>;
|
|
5
|
+
call(node: DirectoryNode): Promise<unknown>;
|
|
6
|
+
};
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
import { AppEnv, DirectoryNode } from './types';
|
|
2
|
+
export interface AuditActor {
|
|
3
|
+
principal: string;
|
|
4
|
+
subject?: string;
|
|
5
|
+
onBehalfOf?: string;
|
|
6
|
+
}
|
|
7
|
+
export interface AuditEvent {
|
|
8
|
+
ts: string;
|
|
9
|
+
traceId: string;
|
|
10
|
+
action: 'describe' | 'call';
|
|
11
|
+
actor: AuditActor;
|
|
12
|
+
tenantId?: string;
|
|
13
|
+
path: string;
|
|
14
|
+
tool?: string;
|
|
15
|
+
provider?: string;
|
|
16
|
+
effect?: string;
|
|
17
|
+
scope?: string;
|
|
18
|
+
decision: 'allow' | 'deny' | 'not_found';
|
|
19
|
+
result: 'ok' | 'error';
|
|
20
|
+
status: number;
|
|
21
|
+
errorCode?: string;
|
|
22
|
+
latencyMs: number;
|
|
23
|
+
reason?: string;
|
|
24
|
+
input?: {
|
|
25
|
+
bytes: number;
|
|
26
|
+
keys?: string[];
|
|
27
|
+
};
|
|
28
|
+
usage?: {
|
|
29
|
+
requests?: number;
|
|
30
|
+
inputBytes?: number;
|
|
31
|
+
outputBytes?: number;
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
export declare function auditEnabled(env: AppEnv): boolean;
|
|
35
|
+
export declare function traceIdOf(request: Request): string;
|
|
36
|
+
export declare function inputSummary(input: unknown): {
|
|
37
|
+
bytes: number;
|
|
38
|
+
keys?: string[];
|
|
39
|
+
} | undefined;
|
|
40
|
+
export declare function auditScope(tenantId: string | undefined): string;
|
|
41
|
+
export interface AuditCallContext {
|
|
42
|
+
tool?: string;
|
|
43
|
+
provider?: string;
|
|
44
|
+
effect?: string;
|
|
45
|
+
scope?: string;
|
|
46
|
+
}
|
|
47
|
+
export declare function auditContextFor(root: DirectoryNode, segments: string[]): AuditCallContext;
|
|
48
|
+
export declare function errorCodeOf(response: Response): Promise<string | undefined>;
|
|
49
|
+
export declare function writeAuditEvent(env: AppEnv, event: AuditEvent): Promise<void>;
|
|
50
|
+
export declare function emitAuditEvent(env: AppEnv, ctx: ExecutionContext | undefined, event: AuditEvent): Promise<void>;
|
|
51
|
+
export interface AuditQueryPrincipal {
|
|
52
|
+
isAdmin: boolean;
|
|
53
|
+
tenantId?: string;
|
|
54
|
+
principal?: string;
|
|
55
|
+
}
|
|
56
|
+
export declare function routeAuditApi(request: Request, env: AppEnv, principal: AuditQueryPrincipal): Promise<Response | undefined>;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { AppEnv, AuthMode, CrawlNode, DirectoryNode } from './types';
|
|
2
|
+
export interface CrawlOptions {
|
|
3
|
+
maxDepth: number;
|
|
4
|
+
maxNodes: number;
|
|
5
|
+
}
|
|
6
|
+
export declare const DEFAULT_CRAWL_OPTIONS: CrawlOptions;
|
|
7
|
+
export declare function clampCrawlOptions(opts: Partial<CrawlOptions> | undefined): CrawlOptions;
|
|
8
|
+
export declare function crawlTree(env: AppEnv, root: DirectoryNode, start: {
|
|
9
|
+
path?: string;
|
|
10
|
+
url?: string;
|
|
11
|
+
}, authMode: AuthMode, opts?: CrawlOptions): Promise<CrawlNode>;
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
import { AuditCallContext } from './audit';
|
|
2
|
+
import { AppEnv } from './types';
|
|
3
|
+
export type EndpointKind = 'sandbox' | 'k8s-pod' | 'pc' | 'browser-host' | 'mobile' | 'generic';
|
|
4
|
+
export type DeviceTool = 'exec.run' | 'fs.read' | 'logs.tail';
|
|
5
|
+
export interface EndpointRecord {
|
|
6
|
+
id: string;
|
|
7
|
+
tenantId?: string;
|
|
8
|
+
providerId?: string;
|
|
9
|
+
kind: EndpointKind;
|
|
10
|
+
label?: string;
|
|
11
|
+
capabilities: DeviceTool[];
|
|
12
|
+
activeCapabilities?: DeviceTool[];
|
|
13
|
+
status: 'offline' | 'online' | 'revoked';
|
|
14
|
+
commandPolicyId?: string;
|
|
15
|
+
sessionId?: string;
|
|
16
|
+
lastSeenAt?: string;
|
|
17
|
+
createdAt: string;
|
|
18
|
+
updatedAt: string;
|
|
19
|
+
}
|
|
20
|
+
export interface CommandPolicy {
|
|
21
|
+
id: string;
|
|
22
|
+
defaultMode: 'deny' | 'allow';
|
|
23
|
+
allowCommands?: string[];
|
|
24
|
+
denyCommands?: string[];
|
|
25
|
+
denyPatterns?: string[];
|
|
26
|
+
allowShell?: boolean;
|
|
27
|
+
allowedCwdPrefixes?: string[];
|
|
28
|
+
maxTimeoutMs?: number;
|
|
29
|
+
maxOutputBytes?: number;
|
|
30
|
+
requireConfirmFor?: string[];
|
|
31
|
+
envAllowlist?: string[];
|
|
32
|
+
createdAt: string;
|
|
33
|
+
updatedAt: string;
|
|
34
|
+
}
|
|
35
|
+
export interface DevicePrincipal {
|
|
36
|
+
isAdmin: boolean;
|
|
37
|
+
tenantId?: string;
|
|
38
|
+
principal?: string;
|
|
39
|
+
subject?: string;
|
|
40
|
+
}
|
|
41
|
+
export interface TunnelDispatchRequest {
|
|
42
|
+
endpointId: string;
|
|
43
|
+
sessionId: string;
|
|
44
|
+
tool: DeviceTool;
|
|
45
|
+
traceId: string;
|
|
46
|
+
input: Record<string, unknown>;
|
|
47
|
+
deadlineMs: number;
|
|
48
|
+
maxOutputBytes: number;
|
|
49
|
+
}
|
|
50
|
+
export interface TunnelBroker {
|
|
51
|
+
connect?(endpoint: EndpointRecord): Promise<{
|
|
52
|
+
sessionId?: string;
|
|
53
|
+
} | void>;
|
|
54
|
+
heartbeat?(endpoint: EndpointRecord): Promise<void>;
|
|
55
|
+
dispatch(endpoint: EndpointRecord, request: TunnelDispatchRequest): Promise<unknown>;
|
|
56
|
+
cancel?(endpoint: EndpointRecord, requestId: string): Promise<void>;
|
|
57
|
+
}
|
|
58
|
+
export interface DeviceRouteResult {
|
|
59
|
+
response: Response;
|
|
60
|
+
audit: AuditCallContext;
|
|
61
|
+
tenantId?: string;
|
|
62
|
+
}
|
|
63
|
+
export declare function endpointsEnabled(env: AppEnv): boolean;
|
|
64
|
+
export declare function getEndpoint(env: AppEnv, id: string): Promise<EndpointRecord | null>;
|
|
65
|
+
export declare function putEndpoint(env: AppEnv, endpoint: EndpointRecord): Promise<void>;
|
|
66
|
+
export declare function listEndpoints(env: AppEnv): Promise<EndpointRecord[]>;
|
|
67
|
+
export declare function getCommandPolicy(env: AppEnv, id: string): Promise<CommandPolicy | null>;
|
|
68
|
+
export declare function putCommandPolicy(env: AppEnv, policy: CommandPolicy): Promise<void>;
|
|
69
|
+
export declare function routeEndpointApi(request: Request, env: AppEnv, principal: DevicePrincipal): Promise<Response | undefined>;
|
|
70
|
+
export declare function routeTunnelApi(request: Request, env: AppEnv, broker?: TunnelBroker): Promise<Response | undefined>;
|
|
71
|
+
export declare function routeDeviceHtbp(args: {
|
|
72
|
+
env: AppEnv;
|
|
73
|
+
principal: DevicePrincipal;
|
|
74
|
+
segments: string[];
|
|
75
|
+
isHelp: boolean;
|
|
76
|
+
accept: string;
|
|
77
|
+
input?: unknown;
|
|
78
|
+
traceId: string;
|
|
79
|
+
broker?: TunnelBroker;
|
|
80
|
+
}): Promise<DeviceRouteResult>;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { AppEnv } from './types';
|
|
2
|
+
export declare const COMPAT_PROVIDER_ID = "dynamic";
|
|
3
|
+
export interface DynamicServer {
|
|
4
|
+
id: string;
|
|
5
|
+
name: string;
|
|
6
|
+
endpoint: string;
|
|
7
|
+
description?: string;
|
|
8
|
+
}
|
|
9
|
+
export declare function dynamicServersEnabled(env: AppEnv): boolean;
|
|
10
|
+
export declare function listDynamicServers(env: AppEnv): Promise<DynamicServer[]>;
|
|
11
|
+
export declare function putDynamicServer(env: AppEnv, server: DynamicServer): Promise<void>;
|
|
12
|
+
export declare function deleteDynamicServer(env: AppEnv, id: string): Promise<void>;
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
import { AppEnv, DirectoryNode, ToolEffect, TreeNode } from './types';
|
|
2
|
+
export type TrustTier = 'builtin' | 'first-party' | 'verified' | 'community' | 'federated';
|
|
3
|
+
export type ProviderStatus = 'active' | 'suspended' | 'retired';
|
|
4
|
+
export type PublicationStatus = 'draft' | 'published' | 'deprecated' | 'retired';
|
|
5
|
+
export interface Provider {
|
|
6
|
+
id: string;
|
|
7
|
+
displayName: string;
|
|
8
|
+
contact?: string;
|
|
9
|
+
trustTier: TrustTier;
|
|
10
|
+
status: ProviderStatus;
|
|
11
|
+
createdAt: string;
|
|
12
|
+
updatedAt: string;
|
|
13
|
+
}
|
|
14
|
+
export interface ToolSemantics {
|
|
15
|
+
effect?: ToolEffect;
|
|
16
|
+
scope?: string;
|
|
17
|
+
confirm?: boolean;
|
|
18
|
+
}
|
|
19
|
+
export interface Publication {
|
|
20
|
+
providerId: string;
|
|
21
|
+
pubId: string;
|
|
22
|
+
version: string;
|
|
23
|
+
binding: Record<string, unknown>;
|
|
24
|
+
shaping?: {
|
|
25
|
+
namespace?: string;
|
|
26
|
+
toolOverrides?: Record<string, unknown>;
|
|
27
|
+
};
|
|
28
|
+
semantics?: Record<string, ToolSemantics>;
|
|
29
|
+
status: PublicationStatus;
|
|
30
|
+
createdAt: string;
|
|
31
|
+
updatedAt: string;
|
|
32
|
+
}
|
|
33
|
+
export interface Placement {
|
|
34
|
+
id: string;
|
|
35
|
+
tenantId: string | null;
|
|
36
|
+
path: string;
|
|
37
|
+
pubRef: {
|
|
38
|
+
providerId: string;
|
|
39
|
+
pubId: string;
|
|
40
|
+
version?: string;
|
|
41
|
+
};
|
|
42
|
+
enabled: boolean;
|
|
43
|
+
createdAt: string;
|
|
44
|
+
updatedAt: string;
|
|
45
|
+
}
|
|
46
|
+
export declare function placementScope(tenantId: string | null): string;
|
|
47
|
+
export declare function entitiesEnabled(env: AppEnv): boolean;
|
|
48
|
+
export declare function assertEntityId(value: string | undefined, label: string): string;
|
|
49
|
+
export declare function getProvider(env: AppEnv, id: string): Promise<Provider | null>;
|
|
50
|
+
export declare function putProvider(env: AppEnv, provider: Provider): Promise<void>;
|
|
51
|
+
export declare function deleteProvider(env: AppEnv, id: string): Promise<void>;
|
|
52
|
+
export declare function listProviders(env: AppEnv): Promise<Provider[]>;
|
|
53
|
+
export declare function normalizeProviderInput(value: unknown, existing?: Provider): Provider;
|
|
54
|
+
export declare function getPublication(env: AppEnv, providerId: string, pubId: string): Promise<Publication | null>;
|
|
55
|
+
export declare function putPublication(env: AppEnv, pub: Publication): Promise<void>;
|
|
56
|
+
export declare function deletePublication(env: AppEnv, providerId: string, pubId: string): Promise<void>;
|
|
57
|
+
export declare function listPublications(env: AppEnv, providerId: string): Promise<Publication[]>;
|
|
58
|
+
export declare function normalizePublicationInput(value: unknown, providerId: string, existing?: Publication): Publication;
|
|
59
|
+
export declare function getPlacement(env: AppEnv, tenantId: string | null, id: string): Promise<Placement | null>;
|
|
60
|
+
export declare function putPlacement(env: AppEnv, placement: Placement): Promise<void>;
|
|
61
|
+
export declare function deletePlacement(env: AppEnv, tenantId: string | null, id: string): Promise<void>;
|
|
62
|
+
export declare function listPlacements(env: AppEnv, tenantId: string | null): Promise<Placement[]>;
|
|
63
|
+
export declare function parsePlacementPath(path: string | undefined): string[];
|
|
64
|
+
export declare function newPlacementId(): string;
|
|
65
|
+
export declare function compilePlacementNode(pub: Publication, nodeId: string): TreeNode;
|
|
66
|
+
export interface MaterializeResult {
|
|
67
|
+
applied: number;
|
|
68
|
+
skipped: Array<{
|
|
69
|
+
placementId: string;
|
|
70
|
+
reason: string;
|
|
71
|
+
}>;
|
|
72
|
+
}
|
|
73
|
+
export declare function materializePlacements(env: AppEnv, root: DirectoryNode, tenantId: string | null): Promise<MaterializeResult>;
|
|
74
|
+
export declare function requirePlacement(env: AppEnv, tenantId: string | null, id: string): Promise<Placement>;
|