@executor-js/sdk 0.0.1-beta.6 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (96) hide show
  1. package/README.md +125 -107
  2. package/dist/blob.d.ts +48 -0
  3. package/dist/blob.d.ts.map +1 -0
  4. package/dist/blob.test.d.ts +2 -0
  5. package/dist/blob.test.d.ts.map +1 -0
  6. package/dist/chunk-6LMMN2GP.js +4396 -0
  7. package/dist/chunk-6LMMN2GP.js.map +1 -0
  8. package/dist/config.d.ts +14 -0
  9. package/dist/config.d.ts.map +1 -0
  10. package/dist/connections.d.ts +107 -0
  11. package/dist/connections.d.ts.map +1 -0
  12. package/dist/connections.test.d.ts +2 -0
  13. package/dist/connections.test.d.ts.map +1 -0
  14. package/dist/core-schema.d.ts +372 -0
  15. package/dist/core-schema.d.ts.map +1 -0
  16. package/dist/core.js +273 -57
  17. package/dist/core.js.map +1 -1
  18. package/dist/elicitation.d.ts +18 -34
  19. package/dist/elicitation.d.ts.map +1 -1
  20. package/dist/error-handling.test.d.ts +2 -0
  21. package/dist/error-handling.test.d.ts.map +1 -0
  22. package/dist/errors.d.ts +95 -24
  23. package/dist/errors.d.ts.map +1 -1
  24. package/dist/executor.d.ts +107 -48
  25. package/dist/executor.d.ts.map +1 -1
  26. package/dist/executor.test.d.ts +2 -0
  27. package/dist/executor.test.d.ts.map +1 -0
  28. package/dist/ids.d.ts +6 -4
  29. package/dist/ids.d.ts.map +1 -1
  30. package/dist/index.d.ts +22 -16
  31. package/dist/index.d.ts.map +1 -1
  32. package/dist/index.js +80 -308
  33. package/dist/index.js.map +1 -1
  34. package/dist/oauth-discovery.d.ts +138 -0
  35. package/dist/oauth-discovery.d.ts.map +1 -0
  36. package/dist/oauth-discovery.test.d.ts +2 -0
  37. package/dist/oauth-discovery.test.d.ts.map +1 -0
  38. package/dist/oauth-helpers.d.ts +89 -0
  39. package/dist/oauth-helpers.d.ts.map +1 -0
  40. package/dist/oauth-helpers.test.d.ts +2 -0
  41. package/dist/oauth-helpers.test.d.ts.map +1 -0
  42. package/dist/oauth-popup-types.d.ts +14 -0
  43. package/dist/oauth-popup-types.d.ts.map +1 -0
  44. package/dist/oauth-service.d.ts +33 -0
  45. package/dist/oauth-service.d.ts.map +1 -0
  46. package/dist/oauth.d.ts +275 -0
  47. package/dist/oauth.d.ts.map +1 -0
  48. package/dist/plugin.d.ts +261 -27
  49. package/dist/plugin.d.ts.map +1 -1
  50. package/dist/policies.d.ts +56 -64
  51. package/dist/policies.d.ts.map +1 -1
  52. package/dist/policies.test.d.ts +2 -0
  53. package/dist/policies.test.d.ts.map +1 -0
  54. package/dist/promise-executor.d.ts +26 -128
  55. package/dist/promise-executor.d.ts.map +1 -1
  56. package/dist/promise.d.ts +12 -6
  57. package/dist/promise.d.ts.map +1 -1
  58. package/dist/promise.test.d.ts +2 -0
  59. package/dist/promise.test.d.ts.map +1 -0
  60. package/dist/schema-types.d.ts +6 -5
  61. package/dist/schema-types.d.ts.map +1 -1
  62. package/dist/scope.d.ts +5 -15
  63. package/dist/scope.d.ts.map +1 -1
  64. package/dist/scoped-adapter.d.ts +13 -0
  65. package/dist/scoped-adapter.d.ts.map +1 -0
  66. package/dist/scoped-adapter.test.d.ts +2 -0
  67. package/dist/scoped-adapter.test.d.ts.map +1 -0
  68. package/dist/secret-backed-value.d.ts +27 -0
  69. package/dist/secret-backed-value.d.ts.map +1 -0
  70. package/dist/secrets.d.ts +52 -106
  71. package/dist/secrets.d.ts.map +1 -1
  72. package/dist/testing.d.ts +5 -3
  73. package/dist/testing.d.ts.map +1 -1
  74. package/dist/types.d.ts +84 -0
  75. package/dist/types.d.ts.map +1 -0
  76. package/package.json +7 -4
  77. package/dist/chunk-CJY7TT3J.js +0 -1384
  78. package/dist/chunk-CJY7TT3J.js.map +0 -1
  79. package/dist/in-memory/policy-engine.d.ts +0 -10
  80. package/dist/in-memory/policy-engine.d.ts.map +0 -1
  81. package/dist/in-memory/secret-store.d.ts +0 -16
  82. package/dist/in-memory/secret-store.d.ts.map +0 -1
  83. package/dist/in-memory/tool-registry.d.ts +0 -35
  84. package/dist/in-memory/tool-registry.d.ts.map +0 -1
  85. package/dist/index.test.d.ts +0 -2
  86. package/dist/index.test.d.ts.map +0 -1
  87. package/dist/plugin-kv.d.ts +0 -48
  88. package/dist/plugin-kv.d.ts.map +0 -1
  89. package/dist/plugins/in-memory-tools.d.ts +0 -42
  90. package/dist/plugins/in-memory-tools.d.ts.map +0 -1
  91. package/dist/runtime-tools.d.ts +0 -41
  92. package/dist/runtime-tools.d.ts.map +0 -1
  93. package/dist/sources.d.ts +0 -124
  94. package/dist/sources.d.ts.map +0 -1
  95. package/dist/tools.d.ts +0 -219
  96. package/dist/tools.d.ts.map +0 -1
@@ -0,0 +1,14 @@
1
+ import type { AnyPlugin } from "./plugin";
2
+ export type ExecutorDialect = "pg" | "sqlite" | "mysql";
3
+ export interface ExecutorCliConfig {
4
+ readonly dialect: ExecutorDialect;
5
+ readonly plugins: readonly AnyPlugin[];
6
+ }
7
+ /**
8
+ * Declare an executor config for the CLI to consume. The CLI imports
9
+ * this file via jiti and reads `plugins` + `dialect` to generate the
10
+ * drizzle schema. Plugin runtime credentials can be stubs — only
11
+ * `plugin.schema` is read.
12
+ */
13
+ export declare const defineExecutorConfig: <const T extends ExecutorCliConfig>(config: T) => T;
14
+ //# sourceMappingURL=config.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAE1C,MAAM,MAAM,eAAe,GAAG,IAAI,GAAG,QAAQ,GAAG,OAAO,CAAC;AAExD,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC,QAAQ,CAAC,OAAO,EAAE,SAAS,SAAS,EAAE,CAAC;CACxC;AAED;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB,GAAI,KAAK,CAAC,CAAC,SAAS,iBAAiB,EACpE,QAAQ,CAAC,KACR,CAAW,CAAC"}
@@ -0,0 +1,107 @@
1
+ import { Effect, Schema } from "effect";
2
+ import { ConnectionId, ScopeId } from "./ids";
3
+ /** Minimal JSON-object carrier for the plugin-owned `providerState`
4
+ * blob. The SDK never inspects its shape; plugins encode/decode their
5
+ * own structure. Never sensitive — that's what the secret rows are
6
+ * for. */
7
+ export declare const ConnectionProviderState: Schema.$Record<Schema.String, Schema.Unknown>;
8
+ export type ConnectionProviderState = typeof ConnectionProviderState.Type;
9
+ declare const ConnectionRef_base: Schema.Class<ConnectionRef, Schema.Struct<{
10
+ readonly id: Schema.brand<Schema.String, "ConnectionId">;
11
+ readonly scopeId: Schema.brand<Schema.String, "ScopeId">;
12
+ readonly provider: Schema.String;
13
+ readonly identityLabel: Schema.NullOr<Schema.String>;
14
+ readonly accessTokenSecretId: Schema.brand<Schema.String, "SecretId">;
15
+ readonly refreshTokenSecretId: Schema.NullOr<Schema.brand<Schema.String, "SecretId">>;
16
+ /** Epoch ms when the access token expires; null if not declared. */
17
+ readonly expiresAt: Schema.NullOr<Schema.Number>;
18
+ /** OAuth-style scope string as returned by the token endpoint. Named
19
+ * `oauthScope` to avoid collision with the executor scope id. */
20
+ readonly oauthScope: Schema.NullOr<Schema.String>;
21
+ readonly providerState: Schema.NullOr<Schema.$Record<Schema.String, Schema.Unknown>>;
22
+ readonly createdAt: Schema.Date;
23
+ readonly updatedAt: Schema.Date;
24
+ }>, {}>;
25
+ export declare class ConnectionRef extends ConnectionRef_base {
26
+ }
27
+ declare const TokenMaterial_base: Schema.Class<TokenMaterial, Schema.Struct<{
28
+ /** Target secret id. Plugins typically derive this from the source id
29
+ * + a stable suffix (e.g. `${sourceId}.access_token`). */
30
+ readonly secretId: Schema.brand<Schema.String, "SecretId">;
31
+ /** Display name stamped on the secret row. Only visible to code — the
32
+ * Connections UI hides connection-owned secrets. */
33
+ readonly name: Schema.String;
34
+ readonly value: Schema.String;
35
+ }>, {}>;
36
+ export declare class TokenMaterial extends TokenMaterial_base {
37
+ }
38
+ declare const CreateConnectionInput_base: Schema.Class<CreateConnectionInput, Schema.Struct<{
39
+ readonly id: Schema.brand<Schema.String, "ConnectionId">;
40
+ /** Executor scope id that will own this connection + its backing
41
+ * secrets. This is the sharing boundary: a user scope is personal,
42
+ * an org/workspace scope is shared with descendants. */
43
+ readonly scope: Schema.brand<Schema.String, "ScopeId">;
44
+ readonly provider: Schema.String;
45
+ readonly identityLabel: Schema.NullOr<Schema.String>;
46
+ readonly accessToken: typeof TokenMaterial;
47
+ readonly refreshToken: Schema.NullOr<typeof TokenMaterial>;
48
+ readonly expiresAt: Schema.NullOr<Schema.Number>;
49
+ /** OAuth-style scope string. Distinct from the executor scope above. */
50
+ readonly oauthScope: Schema.NullOr<Schema.String>;
51
+ readonly providerState: Schema.NullOr<Schema.$Record<Schema.String, Schema.Unknown>>;
52
+ }>, {}>;
53
+ export declare class CreateConnectionInput extends CreateConnectionInput_base {
54
+ }
55
+ declare const ConnectionRefreshError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
56
+ readonly _tag: "ConnectionRefreshError";
57
+ } & Readonly<A>;
58
+ export declare class ConnectionRefreshError extends ConnectionRefreshError_base<{
59
+ readonly connectionId: ConnectionId;
60
+ readonly message: string;
61
+ /**
62
+ * Set by providers when the refresh failed in a way that the stored
63
+ * refresh token cannot recover from (RFC 6749 §5.2 `invalid_grant`
64
+ * — the AS has revoked the grant, the user changed their password,
65
+ * the refresh token rotated out from under us, ...). The SDK
66
+ * translates this into a `ConnectionReauthRequiredError` so callers
67
+ * can prompt the user to sign in again instead of silently retrying.
68
+ */
69
+ readonly reauthRequired?: boolean;
70
+ readonly cause?: unknown;
71
+ }> {
72
+ }
73
+ export interface ConnectionRefreshInput {
74
+ readonly connectionId: ConnectionId;
75
+ readonly scopeId: ScopeId;
76
+ readonly identityLabel: string | null;
77
+ /** Resolved refresh token value, or null if the connection has none. */
78
+ readonly refreshToken: string | null;
79
+ /** Plugin-owned blob persisted at create / previous refresh. */
80
+ readonly providerState: ConnectionProviderState | null;
81
+ /** OAuth scope string from the last token issuance. */
82
+ readonly oauthScope: string | null;
83
+ }
84
+ export interface ConnectionRefreshResult {
85
+ readonly accessToken: string;
86
+ readonly refreshToken?: string | null;
87
+ readonly expiresAt?: number | null;
88
+ readonly oauthScope?: string | null;
89
+ readonly providerState?: ConnectionProviderState | null;
90
+ }
91
+ export interface ConnectionProvider {
92
+ readonly key: string;
93
+ readonly refresh?: (input: ConnectionRefreshInput) => Effect.Effect<ConnectionRefreshResult, ConnectionRefreshError>;
94
+ }
95
+ declare const UpdateConnectionTokensInput_base: Schema.Class<UpdateConnectionTokensInput, Schema.Struct<{
96
+ readonly id: Schema.brand<Schema.String, "ConnectionId">;
97
+ readonly accessToken: Schema.String;
98
+ readonly refreshToken: Schema.optional<Schema.NullOr<Schema.String>>;
99
+ readonly expiresAt: Schema.optional<Schema.NullOr<Schema.Number>>;
100
+ readonly oauthScope: Schema.optional<Schema.NullOr<Schema.String>>;
101
+ readonly providerState: Schema.optional<Schema.NullOr<Schema.$Record<Schema.String, Schema.Unknown>>>;
102
+ readonly identityLabel: Schema.optional<Schema.NullOr<Schema.String>>;
103
+ }>, {}>;
104
+ export declare class UpdateConnectionTokensInput extends UpdateConnectionTokensInput_base {
105
+ }
106
+ export {};
107
+ //# sourceMappingURL=connections.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"connections.d.ts","sourceRoot":"","sources":["../src/connections.ts"],"names":[],"mappings":"AAAA,OAAO,EAAQ,MAAM,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EAAE,YAAY,EAAE,OAAO,EAAY,MAAM,OAAO,CAAC;AAWxD;;;WAGW;AACX,eAAO,MAAM,uBAAuB,+CAA+C,CAAC;AACpF,MAAM,MAAM,uBAAuB,GAAG,OAAO,uBAAuB,CAAC,IAAI,CAAC;;;;;;;;IAexE,oEAAoE;;IAEpE;sEACkE;;;;;;AAVpE,qBAAa,aAAc,SAAQ,kBAejC;CAAG;;IAeH;+DAC2D;;IAE3D;yDACqD;;;;AALvD,qBAAa,aAAc,SAAQ,kBAQjC;CAAG;;;IAMH;;6DAEyD;;;;;;;IAOzD,wEAAwE;;;;AAb1E,qBAAa,qBAAsB,SAAQ,0BAgBzC;CAAG;;;;AAQL,qBAAa,sBAAuB,SAAQ,4BAE1C;IACA,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB;;;;;;;OAOG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;IAClC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;CAAG;AASL,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,wEAAwE;IACxE,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,gEAAgE;IAChE,QAAQ,CAAC,aAAa,EAAE,uBAAuB,GAAG,IAAI,CAAC;IACvD,uDAAuD;IACvD,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CACpC;AAaD,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,aAAa,CAAC,EAAE,uBAAuB,GAAG,IAAI,CAAC;CACzD;AAcD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,CAAC,EAAE,CACjB,KAAK,EAAE,sBAAsB,KAC1B,MAAM,CAAC,MAAM,CAAC,uBAAuB,EAAE,sBAAsB,CAAC,CAAC;CACrE;;;;;;;;;;AASD,qBAAa,2BAA4B,SAAQ,gCAU/C;CAAG"}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=connections.test.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"connections.test.d.ts","sourceRoot":"","sources":["../src/connections.test.ts"],"names":[],"mappings":""}
@@ -0,0 +1,372 @@
1
+ import type { InferDBFieldsOutput } from "@executor-js/storage-core";
2
+ export declare const coreSchema: {
3
+ readonly source: {
4
+ readonly fields: {
5
+ readonly id: {
6
+ readonly type: "string";
7
+ readonly required: true;
8
+ };
9
+ readonly scope_id: {
10
+ readonly type: "string";
11
+ readonly required: true;
12
+ readonly index: true;
13
+ };
14
+ readonly plugin_id: {
15
+ readonly type: "string";
16
+ readonly required: true;
17
+ readonly index: true;
18
+ };
19
+ readonly kind: {
20
+ readonly type: "string";
21
+ readonly required: true;
22
+ };
23
+ readonly name: {
24
+ readonly type: "string";
25
+ readonly required: true;
26
+ };
27
+ readonly url: {
28
+ readonly type: "string";
29
+ readonly required: false;
30
+ };
31
+ readonly can_remove: {
32
+ readonly type: "boolean";
33
+ readonly required: true;
34
+ readonly defaultValue: true;
35
+ };
36
+ readonly can_refresh: {
37
+ readonly type: "boolean";
38
+ readonly required: true;
39
+ readonly defaultValue: false;
40
+ };
41
+ readonly can_edit: {
42
+ readonly type: "boolean";
43
+ readonly required: true;
44
+ readonly defaultValue: false;
45
+ };
46
+ readonly created_at: {
47
+ readonly type: "date";
48
+ readonly required: true;
49
+ };
50
+ readonly updated_at: {
51
+ readonly type: "date";
52
+ readonly required: true;
53
+ };
54
+ };
55
+ };
56
+ readonly tool: {
57
+ readonly fields: {
58
+ readonly id: {
59
+ readonly type: "string";
60
+ readonly required: true;
61
+ };
62
+ readonly scope_id: {
63
+ readonly type: "string";
64
+ readonly required: true;
65
+ readonly index: true;
66
+ };
67
+ readonly source_id: {
68
+ readonly type: "string";
69
+ readonly required: true;
70
+ readonly index: true;
71
+ };
72
+ readonly plugin_id: {
73
+ readonly type: "string";
74
+ readonly required: true;
75
+ readonly index: true;
76
+ };
77
+ readonly name: {
78
+ readonly type: "string";
79
+ readonly required: true;
80
+ };
81
+ readonly description: {
82
+ readonly type: "string";
83
+ readonly required: true;
84
+ };
85
+ readonly input_schema: {
86
+ readonly type: "json";
87
+ readonly required: false;
88
+ };
89
+ readonly output_schema: {
90
+ readonly type: "json";
91
+ readonly required: false;
92
+ };
93
+ readonly created_at: {
94
+ readonly type: "date";
95
+ readonly required: true;
96
+ };
97
+ readonly updated_at: {
98
+ readonly type: "date";
99
+ readonly required: true;
100
+ };
101
+ };
102
+ };
103
+ readonly definition: {
104
+ readonly fields: {
105
+ readonly id: {
106
+ readonly type: "string";
107
+ readonly required: true;
108
+ };
109
+ readonly scope_id: {
110
+ readonly type: "string";
111
+ readonly required: true;
112
+ readonly index: true;
113
+ };
114
+ readonly source_id: {
115
+ readonly type: "string";
116
+ readonly required: true;
117
+ readonly index: true;
118
+ };
119
+ readonly plugin_id: {
120
+ readonly type: "string";
121
+ readonly required: true;
122
+ readonly index: true;
123
+ };
124
+ readonly name: {
125
+ readonly type: "string";
126
+ readonly required: true;
127
+ };
128
+ readonly schema: {
129
+ readonly type: "json";
130
+ readonly required: true;
131
+ };
132
+ readonly created_at: {
133
+ readonly type: "date";
134
+ readonly required: true;
135
+ };
136
+ };
137
+ };
138
+ readonly secret: {
139
+ readonly fields: {
140
+ readonly id: {
141
+ readonly type: "string";
142
+ readonly required: true;
143
+ };
144
+ readonly scope_id: {
145
+ readonly type: "string";
146
+ readonly required: true;
147
+ readonly index: true;
148
+ };
149
+ readonly name: {
150
+ readonly type: "string";
151
+ readonly required: true;
152
+ };
153
+ readonly provider: {
154
+ readonly type: "string";
155
+ readonly required: true;
156
+ readonly index: true;
157
+ };
158
+ readonly owned_by_connection_id: {
159
+ readonly type: "string";
160
+ readonly required: false;
161
+ readonly index: true;
162
+ };
163
+ readonly created_at: {
164
+ readonly type: "date";
165
+ readonly required: true;
166
+ };
167
+ };
168
+ };
169
+ readonly connection: {
170
+ readonly fields: {
171
+ readonly id: {
172
+ readonly type: "string";
173
+ readonly required: true;
174
+ };
175
+ readonly scope_id: {
176
+ readonly type: "string";
177
+ readonly required: true;
178
+ readonly index: true;
179
+ };
180
+ /** Routing key into `plugin.connectionProviders`. Typical shape
181
+ * is `${pluginId}:${kind}` (e.g. `openapi:oauth2`, `mcp:oauth2`,
182
+ * `google-discovery:google`). Mirrors `secret.provider`. */
183
+ readonly provider: {
184
+ readonly type: "string";
185
+ readonly required: true;
186
+ readonly index: true;
187
+ };
188
+ /** Display label shown in the Connections UI. Usually the account
189
+ * email / handle / org name the user signed in as. */
190
+ readonly identity_label: {
191
+ readonly type: "string";
192
+ readonly required: false;
193
+ };
194
+ /** Stable id of the access-token secret. Always present. */
195
+ readonly access_token_secret_id: {
196
+ readonly type: "string";
197
+ readonly required: true;
198
+ };
199
+ /** Stable id of the refresh-token secret. Null for flows that
200
+ * don't mint a refresh token (client_credentials, etc.). */
201
+ readonly refresh_token_secret_id: {
202
+ readonly type: "string";
203
+ readonly required: false;
204
+ };
205
+ /** Epoch ms when the access token expires. Null if the provider
206
+ * didn't declare an expiry. Used as the refresh trigger. Stored as
207
+ * `bigint` because `Date.now()` overflows int32. */
208
+ readonly expires_at: {
209
+ readonly type: "number";
210
+ readonly required: false;
211
+ readonly bigint: true;
212
+ };
213
+ /** Scope string as returned by the token endpoint. */
214
+ readonly scope: {
215
+ readonly type: "string";
216
+ readonly required: false;
217
+ };
218
+ /** Opaque plugin-owned JSON — token endpoint URL, scopes list,
219
+ * discovery hints, etc. Never sensitive. */
220
+ readonly provider_state: {
221
+ readonly type: "json";
222
+ readonly required: false;
223
+ };
224
+ readonly created_at: {
225
+ readonly type: "date";
226
+ readonly required: true;
227
+ };
228
+ readonly updated_at: {
229
+ readonly type: "date";
230
+ readonly required: true;
231
+ };
232
+ };
233
+ };
234
+ readonly oauth2_session: {
235
+ readonly fields: {
236
+ readonly id: {
237
+ readonly type: "string";
238
+ readonly required: true;
239
+ };
240
+ readonly scope_id: {
241
+ readonly type: "string";
242
+ readonly required: true;
243
+ readonly index: true;
244
+ };
245
+ readonly plugin_id: {
246
+ readonly type: "string";
247
+ readonly required: true;
248
+ readonly index: true;
249
+ };
250
+ readonly strategy: {
251
+ readonly type: "string";
252
+ readonly required: true;
253
+ };
254
+ readonly connection_id: {
255
+ readonly type: "string";
256
+ readonly required: true;
257
+ readonly index: true;
258
+ };
259
+ readonly token_scope: {
260
+ readonly type: "string";
261
+ readonly required: true;
262
+ };
263
+ readonly redirect_url: {
264
+ readonly type: "string";
265
+ readonly required: true;
266
+ };
267
+ readonly payload: {
268
+ readonly type: "json";
269
+ readonly required: true;
270
+ };
271
+ readonly expires_at: {
272
+ readonly type: "number";
273
+ readonly required: true;
274
+ readonly bigint: true;
275
+ };
276
+ readonly created_at: {
277
+ readonly type: "date";
278
+ readonly required: true;
279
+ };
280
+ };
281
+ };
282
+ readonly tool_policy: {
283
+ readonly fields: {
284
+ readonly id: {
285
+ readonly type: "string";
286
+ readonly required: true;
287
+ };
288
+ readonly scope_id: {
289
+ readonly type: "string";
290
+ readonly required: true;
291
+ readonly index: true;
292
+ };
293
+ readonly pattern: {
294
+ readonly type: "string";
295
+ readonly required: true;
296
+ };
297
+ /** "approve" | "require_approval" | "block". */
298
+ readonly action: {
299
+ readonly type: "string";
300
+ readonly required: true;
301
+ };
302
+ /** Fractional-indexing key (Jira lexorank style). Lower lex order =
303
+ * higher precedence. New rules default to a key generated above
304
+ * the current minimum. Strings instead of numbers so we can
305
+ * always lengthen the key to insert between two adjacent rows
306
+ * without precision loss; see `fractional-indexing` in
307
+ * `policies.ts`. */
308
+ readonly position: {
309
+ readonly type: "string";
310
+ readonly required: true;
311
+ readonly index: true;
312
+ };
313
+ readonly created_at: {
314
+ readonly type: "date";
315
+ readonly required: true;
316
+ };
317
+ readonly updated_at: {
318
+ readonly type: "date";
319
+ readonly required: true;
320
+ };
321
+ };
322
+ };
323
+ };
324
+ export type CoreSchema = typeof coreSchema;
325
+ export type SourceRow = InferDBFieldsOutput<CoreSchema["source"]["fields"]> & Record<string, unknown>;
326
+ export type ToolRow = InferDBFieldsOutput<CoreSchema["tool"]["fields"]> & Record<string, unknown>;
327
+ export type DefinitionRow = InferDBFieldsOutput<CoreSchema["definition"]["fields"]> & Record<string, unknown>;
328
+ export type SecretRow = InferDBFieldsOutput<CoreSchema["secret"]["fields"]> & Record<string, unknown>;
329
+ export type ConnectionRow = InferDBFieldsOutput<CoreSchema["connection"]["fields"]> & Record<string, unknown>;
330
+ export type ToolPolicyRow = InferDBFieldsOutput<CoreSchema["tool_policy"]["fields"]> & Record<string, unknown>;
331
+ export type ToolPolicyAction = "approve" | "require_approval" | "block";
332
+ export declare const TOOL_POLICY_ACTIONS: readonly ["approve", "require_approval", "block"];
333
+ export declare const isToolPolicyAction: (value: unknown) => value is ToolPolicyAction;
334
+ export interface ToolAnnotations {
335
+ /** If true, the executor will call the invoke-time elicitation handler
336
+ * before running the tool and abort if the user declines. */
337
+ readonly requiresApproval?: boolean;
338
+ /** Free-text message shown in the approval prompt. Falls back to the
339
+ * tool's id / description if unset. */
340
+ readonly approvalDescription?: string;
341
+ /** Hint for UI — tool may suspend to ask the user for input mid-invocation.
342
+ * Not enforced by the executor; purely a UI signal. */
343
+ readonly mayElicit?: boolean;
344
+ }
345
+ export interface SourceInputTool {
346
+ readonly name: string;
347
+ readonly description: string;
348
+ readonly inputSchema?: unknown;
349
+ readonly outputSchema?: unknown;
350
+ }
351
+ export interface SourceInput {
352
+ readonly id: string;
353
+ /** Scope id this source belongs to. Must be one of the executor's
354
+ * configured scopes. Callers (plugins) pick the target scope
355
+ * explicitly — typically the scope the source was authored against. */
356
+ readonly scope: string;
357
+ readonly kind: string;
358
+ readonly name: string;
359
+ readonly url?: string;
360
+ readonly canRemove?: boolean;
361
+ readonly canRefresh?: boolean;
362
+ readonly canEdit?: boolean;
363
+ readonly tools: readonly SourceInputTool[];
364
+ }
365
+ export interface DefinitionsInput {
366
+ readonly sourceId: string;
367
+ /** Scope id these definitions belong to — should match the scope of
368
+ * the source they're registered under. */
369
+ readonly scope: string;
370
+ readonly definitions: Record<string, unknown>;
371
+ }
372
+ //# sourceMappingURL=core-schema.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"core-schema.d.ts","sourceRoot":"","sources":["../src/core-schema.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAEV,mBAAmB,EACpB,MAAM,2BAA2B,CAAC;AAEnC,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YA6GjB;;yEAE6D;;;;;;YAE7D;mEACuD;;;;;YAEvD,4DAA4D;;;;;YAE5D;yEAC6D;;;;;YAE7D;;iEAEqD;;;;;;YAErD,sDAAsD;;;;;YAEtD;yDAC6C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAyC7C,gDAAgD;;;;;YAEhD;;;;;iCAKqB;;;;;;;;;;;;;;;;CAME,CAAC;AAE9B,MAAM,MAAM,UAAU,GAAG,OAAO,UAAU,CAAC;AAO3C,MAAM,MAAM,SAAS,GAAG,mBAAmB,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,GACzE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAE1B,MAAM,MAAM,OAAO,GAAG,mBAAmB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,GACrE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAE1B,MAAM,MAAM,aAAa,GAAG,mBAAmB,CAC7C,UAAU,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,CACnC,GACC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAE1B,MAAM,MAAM,SAAS,GAAG,mBAAmB,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,GACzE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAE1B,MAAM,MAAM,aAAa,GAAG,mBAAmB,CAC7C,UAAU,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,CACnC,GACC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAE1B,MAAM,MAAM,aAAa,GAAG,mBAAmB,CAC7C,UAAU,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,CACpC,GACC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAc1B,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,kBAAkB,GAAG,OAAO,CAAC;AAExE,eAAO,MAAM,mBAAmB,mDAIgB,CAAC;AAEjD,eAAO,MAAM,kBAAkB,GAAI,OAAO,OAAO,KAAG,KAAK,IAAI,gBAED,CAAC;AAkB7D,MAAM,WAAW,eAAe;IAC9B;kEAC8D;IAC9D,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IACpC;4CACwC;IACxC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IACtC;4DACwD;IACxD,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;CAC9B;AAUD,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;CACjC;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB;;4EAEwE;IACxE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IAC7B,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,SAAS,eAAe,EAAE,CAAC;CAC5C;AASD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;+CAC2C;IAC3C,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/C"}