@executor-js/sdk 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +125 -107
- package/dist/blob.d.ts +48 -0
- package/dist/blob.d.ts.map +1 -0
- package/dist/blob.test.d.ts +2 -0
- package/dist/blob.test.d.ts.map +1 -0
- package/dist/chunk-6LMMN2GP.js +4396 -0
- package/dist/chunk-6LMMN2GP.js.map +1 -0
- package/dist/config.d.ts +14 -0
- package/dist/config.d.ts.map +1 -0
- package/dist/connections.d.ts +107 -0
- package/dist/connections.d.ts.map +1 -0
- package/dist/connections.test.d.ts +2 -0
- package/dist/connections.test.d.ts.map +1 -0
- package/dist/core-schema.d.ts +372 -0
- package/dist/core-schema.d.ts.map +1 -0
- package/dist/core.js +273 -57
- package/dist/core.js.map +1 -1
- package/dist/elicitation.d.ts +18 -34
- package/dist/elicitation.d.ts.map +1 -1
- package/dist/error-handling.test.d.ts +2 -0
- package/dist/error-handling.test.d.ts.map +1 -0
- package/dist/errors.d.ts +95 -24
- package/dist/errors.d.ts.map +1 -1
- package/dist/executor.d.ts +107 -48
- package/dist/executor.d.ts.map +1 -1
- package/dist/executor.test.d.ts +2 -0
- package/dist/executor.test.d.ts.map +1 -0
- package/dist/ids.d.ts +6 -4
- package/dist/ids.d.ts.map +1 -1
- package/dist/index.d.ts +22 -16
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +80 -308
- package/dist/index.js.map +1 -1
- package/dist/oauth-discovery.d.ts +138 -0
- package/dist/oauth-discovery.d.ts.map +1 -0
- package/dist/oauth-discovery.test.d.ts +2 -0
- package/dist/oauth-discovery.test.d.ts.map +1 -0
- package/dist/oauth-helpers.d.ts +89 -0
- package/dist/oauth-helpers.d.ts.map +1 -0
- package/dist/oauth-helpers.test.d.ts +2 -0
- package/dist/oauth-helpers.test.d.ts.map +1 -0
- package/dist/oauth-popup-types.d.ts +14 -0
- package/dist/oauth-popup-types.d.ts.map +1 -0
- package/dist/oauth-service.d.ts +33 -0
- package/dist/oauth-service.d.ts.map +1 -0
- package/dist/oauth.d.ts +275 -0
- package/dist/oauth.d.ts.map +1 -0
- package/dist/plugin.d.ts +261 -27
- package/dist/plugin.d.ts.map +1 -1
- package/dist/policies.d.ts +56 -64
- package/dist/policies.d.ts.map +1 -1
- package/dist/policies.test.d.ts +2 -0
- package/dist/policies.test.d.ts.map +1 -0
- package/dist/promise-executor.d.ts +26 -128
- package/dist/promise-executor.d.ts.map +1 -1
- package/dist/promise.d.ts +12 -6
- package/dist/promise.d.ts.map +1 -1
- package/dist/promise.test.d.ts +2 -0
- package/dist/promise.test.d.ts.map +1 -0
- package/dist/schema-types.d.ts +6 -5
- package/dist/schema-types.d.ts.map +1 -1
- package/dist/scope.d.ts +5 -15
- package/dist/scope.d.ts.map +1 -1
- package/dist/scoped-adapter.d.ts +13 -0
- package/dist/scoped-adapter.d.ts.map +1 -0
- package/dist/scoped-adapter.test.d.ts +2 -0
- package/dist/scoped-adapter.test.d.ts.map +1 -0
- package/dist/secret-backed-value.d.ts +27 -0
- package/dist/secret-backed-value.d.ts.map +1 -0
- package/dist/secrets.d.ts +52 -106
- package/dist/secrets.d.ts.map +1 -1
- package/dist/testing.d.ts +5 -3
- package/dist/testing.d.ts.map +1 -1
- package/dist/types.d.ts +84 -0
- package/dist/types.d.ts.map +1 -0
- package/package.json +7 -4
- package/dist/chunk-D7CT3UMO.js +0 -1386
- package/dist/chunk-D7CT3UMO.js.map +0 -1
- package/dist/in-memory/policy-engine.d.ts +0 -10
- package/dist/in-memory/policy-engine.d.ts.map +0 -1
- package/dist/in-memory/secret-store.d.ts +0 -16
- package/dist/in-memory/secret-store.d.ts.map +0 -1
- package/dist/in-memory/tool-registry.d.ts +0 -35
- package/dist/in-memory/tool-registry.d.ts.map +0 -1
- package/dist/index.test.d.ts +0 -2
- package/dist/index.test.d.ts.map +0 -1
- package/dist/plugin-kv.d.ts +0 -48
- package/dist/plugin-kv.d.ts.map +0 -1
- package/dist/plugins/in-memory-tools.d.ts +0 -42
- package/dist/plugins/in-memory-tools.d.ts.map +0 -1
- package/dist/runtime-tools.d.ts +0 -41
- package/dist/runtime-tools.d.ts.map +0 -1
- package/dist/sources.d.ts +0 -130
- package/dist/sources.d.ts.map +0 -1
- package/dist/tools.d.ts +0 -219
- package/dist/tools.d.ts.map +0 -1
package/dist/plugin.d.ts
CHANGED
|
@@ -1,35 +1,269 @@
|
|
|
1
1
|
import type { Effect } from "effect";
|
|
2
|
-
import type {
|
|
3
|
-
import type {
|
|
4
|
-
import type {
|
|
5
|
-
import type {
|
|
2
|
+
import type { DBAdapter, DBSchema, StorageFailure, TypedAdapter } from "@executor-js/storage-core";
|
|
3
|
+
import type { PluginBlobStore } from "./blob";
|
|
4
|
+
import type { ConnectionProvider, ConnectionRef, ConnectionRefreshError, CreateConnectionInput, UpdateConnectionTokensInput } from "./connections";
|
|
5
|
+
import type { DefinitionsInput, SourceInput, ToolAnnotations, ToolRow } from "./core-schema";
|
|
6
|
+
import type { SourceDetectionResult } from "./types";
|
|
7
|
+
import type { ElicitationDeclinedError, ElicitationHandler, ElicitationRequest, ElicitationResponse } from "./elicitation";
|
|
8
|
+
import type { ConnectionNotFoundError, ConnectionProviderNotRegisteredError, ConnectionReauthRequiredError, ConnectionRefreshNotSupportedError, SecretOwnedByConnectionError } from "./errors";
|
|
9
|
+
import type { OAuthService } from "./oauth";
|
|
6
10
|
import type { Scope } from "./scope";
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
readonly tools: Context.Tag.Service<typeof ToolRegistry>;
|
|
10
|
-
readonly sources: Context.Tag.Service<typeof SourceRegistry>;
|
|
11
|
-
readonly secrets: Context.Tag.Service<typeof SecretStore>;
|
|
12
|
-
readonly policies: Context.Tag.Service<typeof PolicyEngine>;
|
|
13
|
-
}
|
|
14
|
-
export interface ExecutorPlugin<TKey extends string = string, TExtension extends object = object> {
|
|
15
|
-
/** Unique plugin key — becomes a property on the Executor type */
|
|
16
|
-
readonly key: TKey;
|
|
11
|
+
import type { SecretProvider, SecretRef, SetSecretInput } from "./secrets";
|
|
12
|
+
export interface StorageDeps<TSchema extends DBSchema | undefined = undefined> {
|
|
17
13
|
/**
|
|
18
|
-
*
|
|
19
|
-
*
|
|
14
|
+
* Precedence-ordered scope stack visible to this executor. Innermost
|
|
15
|
+
* first. Reads on scoped tables walk every scope; writes require the
|
|
16
|
+
* plugin to name a target scope explicitly (via `scope_id` on the
|
|
17
|
+
* adapter payload, via `options.scope` on the blob store).
|
|
20
18
|
*/
|
|
21
|
-
readonly
|
|
19
|
+
readonly scopes: readonly Scope[];
|
|
20
|
+
/**
|
|
21
|
+
* Plugin-facing typed adapter. Failures surface as raw `StorageFailure`
|
|
22
|
+
* (`StorageError` | `UniqueViolationError`). Plugins can
|
|
23
|
+
* `catchTag("UniqueViolationError", …)` to translate to their own
|
|
24
|
+
* user-facing errors. `StorageError` bubbles up; the HTTP edge (see
|
|
25
|
+
* `@executor-js/api` `withCapture`) is the one place that
|
|
26
|
+
* translates it to the opaque `InternalError({ traceId })`.
|
|
27
|
+
*/
|
|
28
|
+
readonly adapter: TSchema extends DBSchema ? TypedAdapter<TSchema, StorageFailure> : DBAdapter;
|
|
29
|
+
readonly blobs: PluginBlobStore;
|
|
30
|
+
}
|
|
31
|
+
export declare const defineSchema: <const S extends DBSchema>(schema: S) => S;
|
|
32
|
+
export type Elicit = (request: ElicitationRequest) => Effect.Effect<ElicitationResponse, ElicitationDeclinedError>;
|
|
33
|
+
export interface PluginCtx<TStore = unknown> {
|
|
34
|
+
/**
|
|
35
|
+
* Precedence-ordered scope stack visible to this executor. Innermost
|
|
36
|
+
* first. Plugins that write scoped rows must pick an element of
|
|
37
|
+
* `scopes` as the `scope`/`scope_id` they stamp; reads through the
|
|
38
|
+
* adapter or `ctx.secrets` automatically fall through the stack.
|
|
39
|
+
*/
|
|
40
|
+
readonly scopes: readonly Scope[];
|
|
41
|
+
readonly storage: TStore;
|
|
42
|
+
readonly core: {
|
|
43
|
+
readonly sources: {
|
|
44
|
+
readonly register: (input: SourceInput) => Effect.Effect<void, StorageFailure>;
|
|
45
|
+
readonly unregister: (sourceId: string) => Effect.Effect<void, StorageFailure>;
|
|
46
|
+
readonly update: (input: {
|
|
47
|
+
readonly id: string;
|
|
48
|
+
readonly scope: string;
|
|
49
|
+
readonly name?: string;
|
|
50
|
+
readonly url?: string | null;
|
|
51
|
+
}) => Effect.Effect<void, StorageFailure>;
|
|
52
|
+
};
|
|
53
|
+
/** Register shared JSON-schema `$defs` for a source. Tool
|
|
54
|
+
* input/output schemas registered via `sources.register` can carry
|
|
55
|
+
* `$ref: "#/$defs/X"` pointers; `executor.tools.schema(toolId)`
|
|
56
|
+
* attaches matching defs to the returned schema. Call inside the
|
|
57
|
+
* same `ctx.transaction` as `sources.register` for atomicity.
|
|
58
|
+
* Replaces any existing defs for the given sourceId. */
|
|
59
|
+
readonly definitions: {
|
|
60
|
+
readonly register: (input: DefinitionsInput) => Effect.Effect<void, StorageFailure>;
|
|
61
|
+
};
|
|
62
|
+
};
|
|
63
|
+
readonly secrets: {
|
|
64
|
+
readonly get: (id: string) => Effect.Effect<string | null, SecretOwnedByConnectionError | StorageFailure>;
|
|
65
|
+
/** List user-visible secrets. Connection-owned secrets (rows with
|
|
66
|
+
* `owned_by_connection_id` set) are filtered out so they don't
|
|
67
|
+
* clutter the UI — users see the Connection instead. */
|
|
68
|
+
readonly list: () => Effect.Effect<readonly {
|
|
69
|
+
readonly id: string;
|
|
70
|
+
readonly name: string;
|
|
71
|
+
readonly provider: string;
|
|
72
|
+
}[], StorageFailure>;
|
|
73
|
+
/** Write a secret value through a provider. Used by plugins that
|
|
74
|
+
* mint secrets on behalf of the user (OAuth2 token storage,
|
|
75
|
+
* interactive onboarding flows). Normally writes go through
|
|
76
|
+
* `executor.secrets.set` on the host surface, but OAuth2 refresh
|
|
77
|
+
* and one-shot token capture from plugin-owned flows need it here
|
|
78
|
+
* too. Same routing rules as the host-level setter. */
|
|
79
|
+
readonly set: (input: SetSecretInput) => Effect.Effect<SecretRef, StorageFailure>;
|
|
80
|
+
/** Delete a secret from its pinned provider and the core table.
|
|
81
|
+
* Rejects with `SecretOwnedByConnectionError` if the row is owned
|
|
82
|
+
* by a connection — callers must go through `connections.remove`
|
|
83
|
+
* to drop the whole sign-in. */
|
|
84
|
+
readonly remove: (id: string) => Effect.Effect<void, SecretOwnedByConnectionError | StorageFailure>;
|
|
85
|
+
};
|
|
86
|
+
/** Connections — product-level sign-in state. Owns backing secret
|
|
87
|
+
* rows via `secret.owned_by_connection_id`. Plugins call
|
|
88
|
+
* `connections.accessToken(id)` at invoke time to get a guaranteed-
|
|
89
|
+
* fresh token (the SDK handles refresh via the registered provider
|
|
90
|
+
* keyed by `connection.provider`). */
|
|
91
|
+
readonly connections: {
|
|
92
|
+
readonly get: (id: string) => Effect.Effect<ConnectionRef | null, StorageFailure>;
|
|
93
|
+
readonly list: () => Effect.Effect<readonly ConnectionRef[], StorageFailure>;
|
|
94
|
+
readonly create: (input: CreateConnectionInput) => Effect.Effect<ConnectionRef, ConnectionProviderNotRegisteredError | StorageFailure>;
|
|
95
|
+
readonly updateTokens: (input: UpdateConnectionTokensInput) => Effect.Effect<ConnectionRef, ConnectionNotFoundError | StorageFailure>;
|
|
96
|
+
readonly setIdentityLabel: (id: string, label: string | null) => Effect.Effect<void, ConnectionNotFoundError | StorageFailure>;
|
|
97
|
+
/** Get a guaranteed-fresh access token. Calls the provider's
|
|
98
|
+
* `refresh` handler if `expires_at` is in the past / within the
|
|
99
|
+
* refresh skew window. */
|
|
100
|
+
readonly accessToken: (id: string) => Effect.Effect<string, ConnectionNotFoundError | ConnectionProviderNotRegisteredError | ConnectionRefreshNotSupportedError | ConnectionReauthRequiredError | ConnectionRefreshError | StorageFailure>;
|
|
101
|
+
readonly remove: (id: string) => Effect.Effect<void, StorageFailure>;
|
|
102
|
+
};
|
|
103
|
+
/** Shared OAuth service. Plugins use this to probe/start/complete OAuth
|
|
104
|
+
* flows; invocation should still resolve tokens via `connections.accessToken`. */
|
|
105
|
+
readonly oauth: OAuthService;
|
|
106
|
+
/** Run `effect` inside a database transaction. Wraps the underlying
|
|
107
|
+
* adapter's transaction method. Use this in extension methods that
|
|
108
|
+
* need atomicity across plugin storage writes AND core source/tool
|
|
109
|
+
* registration. */
|
|
110
|
+
readonly transaction: <A, E>(effect: Effect.Effect<A, E>) => Effect.Effect<A, E | StorageFailure>;
|
|
111
|
+
}
|
|
112
|
+
export interface StaticToolHandlerInput<TStore = unknown> {
|
|
113
|
+
readonly ctx: PluginCtx<TStore>;
|
|
114
|
+
readonly args: unknown;
|
|
115
|
+
/** Suspend the fiber to request user input. The handler passed to
|
|
116
|
+
* `createExecutor({ onElicitation })` is called. */
|
|
117
|
+
readonly elicit: Elicit;
|
|
118
|
+
}
|
|
119
|
+
export interface StaticToolDecl<TStore = unknown> {
|
|
120
|
+
readonly name: string;
|
|
121
|
+
readonly description: string;
|
|
122
|
+
readonly inputSchema?: unknown;
|
|
123
|
+
readonly outputSchema?: unknown;
|
|
124
|
+
/** Default-policy annotations — `requiresApproval`, `approvalDescription`,
|
|
125
|
+
* `mayElicit`. Enforced by the executor before the handler runs.
|
|
126
|
+
* Inline because static tools have no plugin storage to resolve from;
|
|
127
|
+
* the plugin author literally writes this at definition time. */
|
|
128
|
+
readonly annotations?: ToolAnnotations;
|
|
129
|
+
readonly handler: (input: StaticToolHandlerInput<TStore>) => Effect.Effect<unknown, unknown>;
|
|
22
130
|
}
|
|
23
|
-
export interface
|
|
24
|
-
|
|
25
|
-
readonly
|
|
26
|
-
|
|
27
|
-
readonly
|
|
131
|
+
export interface StaticSourceDecl<TStore = unknown> {
|
|
132
|
+
readonly id: string;
|
|
133
|
+
readonly kind: string;
|
|
134
|
+
readonly name: string;
|
|
135
|
+
readonly url?: string;
|
|
136
|
+
/** Static sources default to `canRemove: false` — they represent
|
|
137
|
+
* plugin-provided control surfaces and shouldn't be user-removable.
|
|
138
|
+
* Override only if you really want that. */
|
|
139
|
+
readonly canRemove?: boolean;
|
|
140
|
+
readonly canRefresh?: boolean;
|
|
141
|
+
readonly canEdit?: boolean;
|
|
142
|
+
readonly tools: readonly StaticToolDecl<TStore>[];
|
|
28
143
|
}
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
144
|
+
export interface InvokeToolInput<TStore = unknown> {
|
|
145
|
+
readonly ctx: PluginCtx<TStore>;
|
|
146
|
+
/** Already-loaded tool row. Plugin doesn't need to re-fetch or parse
|
|
147
|
+
* the tool id. Carries source_id, name, input/output schemas,
|
|
148
|
+
* annotations. */
|
|
149
|
+
readonly toolRow: ToolRow;
|
|
150
|
+
readonly args: unknown;
|
|
151
|
+
/** Elicitation handle for plugins that need mid-invocation user input
|
|
152
|
+
* (onepassword auth prompt, interactive MCP tools, etc.). */
|
|
153
|
+
readonly elicit: Elicit;
|
|
154
|
+
}
|
|
155
|
+
export interface SourceLifecycleInput<TStore = unknown> {
|
|
156
|
+
readonly ctx: PluginCtx<TStore>;
|
|
157
|
+
readonly sourceId: string;
|
|
158
|
+
/**
|
|
159
|
+
* Scope of the source row being removed/refreshed — resolved by the
|
|
160
|
+
* SDK's `sources.remove` / `sources.refresh` via innermost-wins lookup
|
|
161
|
+
* across the executor's scope stack. Plugins that own a side table
|
|
162
|
+
* keyed by (id, scope_id) must pin their own cleanup to this scope;
|
|
163
|
+
* relying on the scoped adapter's `scope_id IN (stack)` fall-through
|
|
164
|
+
* would widen the mutation across the whole stack and wipe a
|
|
165
|
+
* shadowed outer-scope row.
|
|
166
|
+
*/
|
|
167
|
+
readonly scope: string;
|
|
168
|
+
}
|
|
169
|
+
export interface PluginSpec<TId extends string = string, TExtension extends object = Record<string, never>, TStore = unknown, TSchema extends DBSchema | undefined = DBSchema | undefined> {
|
|
170
|
+
readonly id: TId;
|
|
171
|
+
/** Plugin-declared schema. Merged with coreSchema and other plugins'
|
|
172
|
+
* schemas at executor startup via `collectSchemas`. The type flows
|
|
173
|
+
* into the `storage` factory's `deps.adapter` as a `TypedAdapter<TSchema>`
|
|
174
|
+
* so plugins get narrowed model names + typed rows for free. */
|
|
175
|
+
readonly schema?: TSchema;
|
|
176
|
+
/** Build the plugin's typed store from backing. `deps.adapter` is
|
|
177
|
+
* already narrowed to this plugin's schema; `deps.blobs` is already
|
|
178
|
+
* scoped to the plugin id so key collisions across plugins are
|
|
179
|
+
* structurally impossible. */
|
|
180
|
+
readonly storage: (deps: StorageDeps<TSchema>) => TStore;
|
|
181
|
+
/** Build the plugin's extension API. The returned object becomes
|
|
182
|
+
* `executor[plugin.id]` and is also the `self` passed to
|
|
183
|
+
* `staticSources`. Field order matters: `extension` MUST appear
|
|
184
|
+
* before `staticSources` so TS infers TExtension from this
|
|
185
|
+
* factory's return BEFORE type-checking `self: NoInfer<TExtension>`. */
|
|
186
|
+
readonly extension?: (ctx: PluginCtx<TStore>) => TExtension;
|
|
187
|
+
/** Static sources contributed by this plugin with inline tool
|
|
188
|
+
* handlers. Lives entirely in memory — no DB writes at startup.
|
|
189
|
+
* Handlers close over `self` via the closure, so a control tool
|
|
190
|
+
* that delegates to the plugin's real API is a one-liner:
|
|
191
|
+
* `({ args }) => self.addSpec(args)`. */
|
|
192
|
+
readonly staticSources?: (self: NoInfer<TExtension>) => readonly StaticSourceDecl<TStore>[];
|
|
193
|
+
/** Invoke a dynamic tool. Called when the executor's static-handler
|
|
194
|
+
* map doesn't have the toolId. The plugin reads its own enrichment
|
|
195
|
+
* via `ctx.storage` and returns the result. Optional — plugins with
|
|
196
|
+
* only static tools can omit it. */
|
|
197
|
+
readonly invokeTool?: (input: InvokeToolInput<TStore>) => Effect.Effect<unknown, unknown>;
|
|
198
|
+
/** Bulk resolve annotations (requiresApproval, approvalDescription,
|
|
199
|
+
* mayElicit) for a set of tool rows under a single source. Called
|
|
200
|
+
* by the executor:
|
|
201
|
+
* - at invoke time with a single-element `toolRows` array, to
|
|
202
|
+
* enforce approval on the about-to-run tool
|
|
203
|
+
* - at list time with every dynamic tool row under each source,
|
|
204
|
+
* grouped by source_id, to populate `Tool.annotations` for UI
|
|
205
|
+
*
|
|
206
|
+
* The expected implementation for most plugins is: read plugin
|
|
207
|
+
* storage once for the given source/rows, derive annotations from
|
|
208
|
+
* the same data that was used to build the tool (HTTP method +
|
|
209
|
+
* path for openapi, introspection kind for graphql, etc.), return
|
|
210
|
+
* a map keyed by tool id.
|
|
211
|
+
*
|
|
212
|
+
* Omit if the plugin has no annotations to contribute — executor
|
|
213
|
+
* treats tools from that plugin as auto-approved with no
|
|
214
|
+
* elicitation. */
|
|
215
|
+
readonly resolveAnnotations?: (input: {
|
|
216
|
+
readonly ctx: PluginCtx<TStore>;
|
|
217
|
+
readonly sourceId: string;
|
|
218
|
+
readonly toolRows: readonly ToolRow[];
|
|
219
|
+
}) => Effect.Effect<Record<string, ToolAnnotations>, unknown>;
|
|
220
|
+
/** Called when `executor.sources.remove(id)` targets a source owned
|
|
221
|
+
* by this plugin. Plugin-side cleanup only; the executor deletes
|
|
222
|
+
* the core source/tool rows after this callback returns, inside
|
|
223
|
+
* the same transaction. */
|
|
224
|
+
readonly removeSource?: (input: SourceLifecycleInput<TStore>) => Effect.Effect<void, unknown>;
|
|
225
|
+
readonly refreshSource?: (input: SourceLifecycleInput<TStore>) => Effect.Effect<void, unknown>;
|
|
226
|
+
/** URL autodetection hook. When the user pastes a URL in the
|
|
227
|
+
* onboarding UI, `executor.sources.detect(url)` fans out to every
|
|
228
|
+
* plugin's `detect`. Return a `SourceDetectionResult` if you
|
|
229
|
+
* recognize the URL, `null` otherwise. Implementations should be
|
|
230
|
+
* defensive — swallow fetch errors and return null rather than
|
|
231
|
+
* throwing. First high-confidence match wins. */
|
|
232
|
+
readonly detect?: (input: {
|
|
233
|
+
readonly ctx: PluginCtx<TStore>;
|
|
234
|
+
readonly url: string;
|
|
235
|
+
}) => Effect.Effect<SourceDetectionResult | null, unknown>;
|
|
236
|
+
/** Secret providers contributed by this plugin. Either a static
|
|
237
|
+
* array, a function of ctx (for providers that need per-instance
|
|
238
|
+
* state like the keychain's scope-derived service name), or a
|
|
239
|
+
* function returning an Effect so plugins can probe for backend
|
|
240
|
+
* availability at startup and register conditionally. Called once
|
|
241
|
+
* at executor startup after `storage` and `extension` have been
|
|
242
|
+
* built. */
|
|
243
|
+
readonly secretProviders?: readonly SecretProvider[] | ((ctx: PluginCtx<TStore>) => readonly SecretProvider[]) | ((ctx: PluginCtx<TStore>) => Effect.Effect<readonly SecretProvider[]>);
|
|
244
|
+
/** Connection providers contributed by this plugin. Same registration
|
|
245
|
+
* shape as `secretProviders`. Each provider's `key` is what
|
|
246
|
+
* `connection.provider` references in the core table; the `refresh`
|
|
247
|
+
* handler is the SDK's single entry point for token lifecycle —
|
|
248
|
+
* plugins don't run their own refresh loops anymore. */
|
|
249
|
+
readonly connectionProviders?: readonly ConnectionProvider[] | ((ctx: PluginCtx<TStore>) => readonly ConnectionProvider[]) | ((ctx: PluginCtx<TStore>) => Effect.Effect<readonly ConnectionProvider[]>);
|
|
250
|
+
readonly close?: () => Effect.Effect<void, unknown>;
|
|
251
|
+
}
|
|
252
|
+
export interface Plugin<TId extends string = string, TExtension extends object = Record<string, never>, TStore = unknown, TSchema extends DBSchema | undefined = DBSchema | undefined> extends PluginSpec<TId, TExtension, TStore, TSchema> {
|
|
253
|
+
}
|
|
254
|
+
export type ConfiguredPlugin<TId extends string, TExtension extends object, TStore, TOptions extends object, TSchema extends DBSchema | undefined> = (options?: TOptions & {
|
|
255
|
+
readonly storage?: (deps: StorageDeps<TSchema>) => TStore;
|
|
256
|
+
}) => Plugin<TId, TExtension, TStore, TSchema>;
|
|
257
|
+
export declare function definePlugin<TId extends string, TExtension extends object, TStore, TSchema extends DBSchema | undefined = undefined, TOptions extends object = {}>(authorFactory: (options?: TOptions) => PluginSpec<TId, TExtension, TStore, TSchema>): ConfiguredPlugin<TId, TExtension, TStore, TOptions, TSchema>;
|
|
258
|
+
export type AnyPlugin = Plugin<string, any, any, any>;
|
|
259
|
+
export type PluginExtensions<TPlugins extends readonly AnyPlugin[]> = {
|
|
260
|
+
readonly [P in TPlugins[number] as P["id"]]: P extends Plugin<string, infer TExt, any, any> ? TExt : never;
|
|
32
261
|
};
|
|
33
|
-
|
|
34
|
-
export
|
|
262
|
+
/** Lightweight projection of a secret entry as returned by `ctx.secrets.list`. */
|
|
263
|
+
export interface SecretListEntry {
|
|
264
|
+
readonly id: string;
|
|
265
|
+
readonly name: string;
|
|
266
|
+
readonly provider: string;
|
|
267
|
+
}
|
|
268
|
+
export type { ElicitationHandler };
|
|
35
269
|
//# sourceMappingURL=plugin.d.ts.map
|
package/dist/plugin.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EACV,SAAS,EACT,QAAQ,EACR,cAAc,EACd,YAAY,EACb,MAAM,2BAA2B,CAAC;AAEnC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,KAAK,EACV,kBAAkB,EAClB,aAAa,EACb,sBAAsB,EACtB,qBAAqB,EACrB,2BAA2B,EAC5B,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EACV,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,OAAO,EACR,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,KAAK,EACV,wBAAwB,EACxB,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACpB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EACV,uBAAuB,EACvB,oCAAoC,EACpC,6BAA6B,EAC7B,kCAAkC,EAClC,4BAA4B,EAC7B,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAc3E,MAAM,WAAW,WAAW,CAAC,OAAO,SAAS,QAAQ,GAAG,SAAS,GAAG,SAAS;IAC3E;;;;;OAKG;IACH,QAAQ,CAAC,MAAM,EAAE,SAAS,KAAK,EAAE,CAAC;IAClC;;;;;;;OAOG;IACH,QAAQ,CAAC,OAAO,EAAE,OAAO,SAAS,QAAQ,GACtC,YAAY,CAAC,OAAO,EAAE,cAAc,CAAC,GACrC,SAAS,CAAC;IACd,QAAQ,CAAC,KAAK,EAAE,eAAe,CAAC;CACjC;AASD,eAAO,MAAM,YAAY,GAAI,KAAK,CAAC,CAAC,SAAS,QAAQ,EAAE,QAAQ,CAAC,KAAG,CAAW,CAAC;AAS/E,MAAM,MAAM,MAAM,GAAG,CACnB,OAAO,EAAE,kBAAkB,KACxB,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,wBAAwB,CAAC,CAAC;AAQlE,MAAM,WAAW,SAAS,CAAC,MAAM,GAAG,OAAO;IACzC;;;;;OAKG;IACH,QAAQ,CAAC,MAAM,EAAE,SAAS,KAAK,EAAE,CAAC;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IAEzB,QAAQ,CAAC,IAAI,EAAE;QACb,QAAQ,CAAC,OAAO,EAAE;YAChB,QAAQ,CAAC,QAAQ,EAAE,CACjB,KAAK,EAAE,WAAW,KACf,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;YACzC,QAAQ,CAAC,UAAU,EAAE,CACnB,QAAQ,EAAE,MAAM,KACb,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;YACzC,QAAQ,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE;gBACvB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;gBACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;gBACvB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;aAC9B,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;SAC3C,CAAC;QACF;;;;;iEAKyD;QACzD,QAAQ,CAAC,WAAW,EAAE;YACpB,QAAQ,CAAC,QAAQ,EAAE,CACjB,KAAK,EAAE,gBAAgB,KACpB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;SAC1C,CAAC;KACH,CAAC;IAEF,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,GAAG,EAAE,CACZ,EAAE,EAAE,MAAM,KACP,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,EAAE,4BAA4B,GAAG,cAAc,CAAC,CAAC;QACjF;;iEAEyD;QACzD,QAAQ,CAAC,IAAI,EAAE,MAAM,MAAM,CAAC,MAAM,CAChC,SAAS;YAAE,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;YAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;YAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;SAAE,EAAE,EACpF,cAAc,CACf,CAAC;QACF;;;;;gEAKwD;QACxD,QAAQ,CAAC,GAAG,EAAE,CACZ,KAAK,EAAE,cAAc,KAClB,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAC9C;;;yCAGiC;QACjC,QAAQ,CAAC,MAAM,EAAE,CACf,EAAE,EAAE,MAAM,KACP,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,4BAA4B,GAAG,cAAc,CAAC,CAAC;KACzE,CAAC;IAEF;;;;2CAIuC;IACvC,QAAQ,CAAC,WAAW,EAAE;QACpB,QAAQ,CAAC,GAAG,EAAE,CACZ,EAAE,EAAE,MAAM,KACP,MAAM,CAAC,MAAM,CAAC,aAAa,GAAG,IAAI,EAAE,cAAc,CAAC,CAAC;QACzD,QAAQ,CAAC,IAAI,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,aAAa,EAAE,EAAE,cAAc,CAAC,CAAC;QAC7E,QAAQ,CAAC,MAAM,EAAE,CACf,KAAK,EAAE,qBAAqB,KACzB,MAAM,CAAC,MAAM,CAChB,aAAa,EACb,oCAAoC,GAAG,cAAc,CACtD,CAAC;QACF,QAAQ,CAAC,YAAY,EAAE,CACrB,KAAK,EAAE,2BAA2B,KAC/B,MAAM,CAAC,MAAM,CAChB,aAAa,EACb,uBAAuB,GAAG,cAAc,CACzC,CAAC;QACF,QAAQ,CAAC,gBAAgB,EAAE,CACzB,EAAE,EAAE,MAAM,EACV,KAAK,EAAE,MAAM,GAAG,IAAI,KACjB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,uBAAuB,GAAG,cAAc,CAAC,CAAC;QACnE;;mCAE2B;QAC3B,QAAQ,CAAC,WAAW,EAAE,CACpB,EAAE,EAAE,MAAM,KACP,MAAM,CAAC,MAAM,CAChB,MAAM,EACJ,uBAAuB,GACvB,oCAAoC,GACpC,kCAAkC,GAClC,6BAA6B,GAC7B,sBAAsB,GACtB,cAAc,CACjB,CAAC;QACF,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;KACtE,CAAC;IAEF;uFACmF;IACnF,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAE7B;;;wBAGoB;IACpB,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC,EACzB,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,KACxB,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,CAAC;CAC3C;AAcD,MAAM,WAAW,sBAAsB,CAAC,MAAM,GAAG,OAAO;IACtD,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB;yDACqD;IACrD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAc,CAAC,MAAM,GAAG,OAAO;IAC9C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;IAChC;;;sEAGkE;IAClE,QAAQ,CAAC,WAAW,CAAC,EAAE,eAAe,CAAC;IACvC,QAAQ,CAAC,OAAO,EAAE,CAChB,KAAK,EAAE,sBAAsB,CAAC,MAAM,CAAC,KAClC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,gBAAgB,CAAC,MAAM,GAAG,OAAO;IAChD,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB;;iDAE6C;IAC7C,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IAC7B,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,SAAS,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;CACnD;AAMD,MAAM,WAAW,eAAe,CAAC,MAAM,GAAG,OAAO;IAC/C,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC;;uBAEmB;IACnB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB;kEAC8D;IAC9D,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,oBAAoB,CAAC,MAAM,GAAG,OAAO;IACpD,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;;;;;;;;OAQG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAMD,MAAM,WAAW,UAAU,CACzB,GAAG,SAAS,MAAM,GAAG,MAAM,EAC3B,UAAU,SAAS,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EACjD,MAAM,GAAG,OAAO,EAChB,OAAO,SAAS,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS;IAE3D,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC;IACjB;;;qEAGiE;IACjE,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B;;;mCAG+B;IAC/B,QAAQ,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,MAAM,CAAC;IAEzD;;;;6EAIyE;IACzE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK,UAAU,CAAC;IAE5D;;;;8CAI0C;IAC1C,QAAQ,CAAC,aAAa,CAAC,EAAE,CACvB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,KACtB,SAAS,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;IAEzC;;;yCAGqC;IACrC,QAAQ,CAAC,UAAU,CAAC,EAAE,CACpB,KAAK,EAAE,eAAe,CAAC,MAAM,CAAC,KAC3B,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAErC;;;;;;;;;;;;;;;;uBAgBmB;IACnB,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC,KAAK,EAAE;QACpC,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;QAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC;KACvC,KAAK,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE,OAAO,CAAC,CAAC;IAE9D;;;gCAG4B;IAC5B,QAAQ,CAAC,YAAY,CAAC,EAAE,CACtB,KAAK,EAAE,oBAAoB,CAAC,MAAM,CAAC,KAChC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAElC,QAAQ,CAAC,aAAa,CAAC,EAAE,CACvB,KAAK,EAAE,oBAAoB,CAAC,MAAM,CAAC,KAChC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAElC;;;;;sDAKkD;IAClD,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE;QACxB,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;QAChC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;KACtB,KAAK,MAAM,CAAC,MAAM,CAAC,qBAAqB,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAE3D;;;;;;iBAMa;IACb,QAAQ,CAAC,eAAe,CAAC,EACrB,SAAS,cAAc,EAAE,GACzB,CAAC,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK,SAAS,cAAc,EAAE,CAAC,GACvD,CAAC,CACC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,KACnB,MAAM,CAAC,MAAM,CAAC,SAAS,cAAc,EAAE,CAAC,CAAC,CAAC;IAEnD;;;;6DAIyD;IACzD,QAAQ,CAAC,mBAAmB,CAAC,EACzB,SAAS,kBAAkB,EAAE,GAC7B,CAAC,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK,SAAS,kBAAkB,EAAE,CAAC,GAC3D,CAAC,CACC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,KACnB,MAAM,CAAC,MAAM,CAAC,SAAS,kBAAkB,EAAE,CAAC,CAAC,CAAC;IAEvD,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;CACrD;AAED,MAAM,WAAW,MAAM,CACrB,GAAG,SAAS,MAAM,GAAG,MAAM,EAC3B,UAAU,SAAS,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EACjD,MAAM,GAAG,OAAO,EAChB,OAAO,SAAS,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,CAC3D,SAAQ,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC;CAAG;AAQzD,MAAM,MAAM,gBAAgB,CAC1B,GAAG,SAAS,MAAM,EAClB,UAAU,SAAS,MAAM,EACzB,MAAM,EACN,QAAQ,SAAS,MAAM,EACvB,OAAO,SAAS,QAAQ,GAAG,SAAS,IAClC,CACF,OAAO,CAAC,EAAE,QAAQ,GAAG;IACnB,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,MAAM,CAAC;CAC3D,KACE,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AAG9C,wBAAgB,YAAY,CAC1B,GAAG,SAAS,MAAM,EAClB,UAAU,SAAS,MAAM,EACzB,MAAM,EACN,OAAO,SAAS,QAAQ,GAAG,SAAS,GAAG,SAAS,EAChD,QAAQ,SAAS,MAAM,GAAG,EAAE,EAE5B,aAAa,EAAE,CACb,OAAO,CAAC,EAAE,QAAQ,KACf,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,GAChD,gBAAgB,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAoB9D;AAOD,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AAEtD,MAAM,MAAM,gBAAgB,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,IAAI;IACpE,QAAQ,EAAE,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,MAAM,CAC3D,MAAM,EACN,MAAM,IAAI,EAEV,GAAG,EAEH,GAAG,CACJ,GACG,IAAI,GACJ,KAAK;CACV,CAAC;AAEF,kFAAkF;AAClF,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAGD,YAAY,EAAE,kBAAkB,EAAE,CAAC"}
|
package/dist/policies.d.ts
CHANGED
|
@@ -1,70 +1,62 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Schema } from "effect";
|
|
2
|
+
import type { ToolPolicyAction, ToolPolicyRow } from "./core-schema";
|
|
2
3
|
import { PolicyId, ScopeId } from "./ids";
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
toolPattern: Schema.optional<typeof Schema.String>;
|
|
13
|
-
sourceId: Schema.optional<typeof Schema.String>;
|
|
14
|
-
}>;
|
|
15
|
-
priority: typeof Schema.Number;
|
|
16
|
-
createdAt: typeof Schema.DateFromNumber;
|
|
17
|
-
}, Schema.Struct.Encoded<{
|
|
18
|
-
id: Schema.brand<typeof Schema.String, "PolicyId">;
|
|
19
|
-
scopeId: Schema.brand<typeof Schema.String, "ScopeId">;
|
|
20
|
-
name: typeof Schema.String;
|
|
21
|
-
action: Schema.Literal<["allow", "deny", "require_approval"]>;
|
|
22
|
-
match: Schema.Struct<{
|
|
23
|
-
toolPattern: Schema.optional<typeof Schema.String>;
|
|
24
|
-
sourceId: Schema.optional<typeof Schema.String>;
|
|
25
|
-
}>;
|
|
26
|
-
priority: typeof Schema.Number;
|
|
27
|
-
createdAt: typeof Schema.DateFromNumber;
|
|
28
|
-
}>, never, {
|
|
29
|
-
readonly action: "allow" | "deny" | "require_approval";
|
|
30
|
-
} & {
|
|
31
|
-
readonly id: string & import("effect/Brand").Brand<"PolicyId">;
|
|
32
|
-
} & {
|
|
33
|
-
readonly scopeId: string & import("effect/Brand").Brand<"ScopeId">;
|
|
34
|
-
} & {
|
|
35
|
-
readonly name: string;
|
|
36
|
-
} & {
|
|
4
|
+
export interface ToolPolicy {
|
|
5
|
+
readonly id: PolicyId;
|
|
6
|
+
readonly scopeId: ScopeId;
|
|
7
|
+
readonly pattern: string;
|
|
8
|
+
readonly action: ToolPolicyAction;
|
|
9
|
+
/** Fractional-indexing key. Lower lex order = higher precedence.
|
|
10
|
+
* Use `generateKeyBetween(a, b)` from the `fractional-indexing`
|
|
11
|
+
* package to produce a key that sits between two existing rows. */
|
|
12
|
+
readonly position: string;
|
|
37
13
|
readonly createdAt: Date;
|
|
38
|
-
|
|
39
|
-
readonly priority: number;
|
|
40
|
-
} & {
|
|
41
|
-
readonly match: {
|
|
42
|
-
readonly sourceId?: string | undefined;
|
|
43
|
-
readonly toolPattern?: string | undefined;
|
|
44
|
-
};
|
|
45
|
-
}, {}, {}>;
|
|
46
|
-
export declare class Policy extends Policy_base {
|
|
14
|
+
readonly updatedAt: Date;
|
|
47
15
|
}
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
readonly toolId: string & import("effect/Brand").Brand<"ToolId">;
|
|
56
|
-
} & {
|
|
57
|
-
readonly scopeId: string & import("effect/Brand").Brand<"ScopeId">;
|
|
58
|
-
}, {}, {}>;
|
|
59
|
-
export declare class PolicyCheckInput extends PolicyCheckInput_base {
|
|
16
|
+
export interface CreateToolPolicyInput {
|
|
17
|
+
readonly scope: string;
|
|
18
|
+
readonly pattern: string;
|
|
19
|
+
readonly action: ToolPolicyAction;
|
|
20
|
+
/** Optional explicit position. Defaults to a key above the current
|
|
21
|
+
* minimum (top of the scope's list; highest precedence). */
|
|
22
|
+
readonly position?: string;
|
|
60
23
|
}
|
|
61
|
-
|
|
62
|
-
readonly
|
|
63
|
-
readonly
|
|
64
|
-
readonly
|
|
65
|
-
readonly
|
|
66
|
-
}>;
|
|
67
|
-
export declare class PolicyEngine extends PolicyEngine_base {
|
|
24
|
+
export interface UpdateToolPolicyInput {
|
|
25
|
+
readonly id: string;
|
|
26
|
+
readonly pattern?: string;
|
|
27
|
+
readonly action?: ToolPolicyAction;
|
|
28
|
+
readonly position?: string;
|
|
68
29
|
}
|
|
69
|
-
export {
|
|
30
|
+
export interface PolicyMatch {
|
|
31
|
+
readonly action: ToolPolicyAction;
|
|
32
|
+
readonly pattern: string;
|
|
33
|
+
readonly policyId: string;
|
|
34
|
+
}
|
|
35
|
+
export type PolicySource = "user" | "plugin-default";
|
|
36
|
+
export interface EffectivePolicy {
|
|
37
|
+
readonly action: ToolPolicyAction;
|
|
38
|
+
readonly source: PolicySource;
|
|
39
|
+
/** Matched pattern; populated only when `source === "user"`. */
|
|
40
|
+
readonly pattern?: string;
|
|
41
|
+
/** Policy row id; populated only when `source === "user"`. */
|
|
42
|
+
readonly policyId?: string;
|
|
43
|
+
}
|
|
44
|
+
export declare const matchPattern: (pattern: string, toolId: string) => boolean;
|
|
45
|
+
export declare const isValidPattern: (pattern: string) => boolean;
|
|
46
|
+
export declare const comparePolicyRow: (a: {
|
|
47
|
+
position: unknown;
|
|
48
|
+
id: unknown;
|
|
49
|
+
}, b: {
|
|
50
|
+
position: unknown;
|
|
51
|
+
id: unknown;
|
|
52
|
+
}) => number;
|
|
53
|
+
export declare const resolveToolPolicy: (toolId: string, policies: readonly ToolPolicyRow[], scopeRank: (row: {
|
|
54
|
+
scope_id: unknown;
|
|
55
|
+
}) => number) => PolicyMatch | undefined;
|
|
56
|
+
export declare const resolveEffectivePolicy: (toolId: string, policies: readonly ToolPolicyRow[], scopeRank: (row: {
|
|
57
|
+
scope_id: unknown;
|
|
58
|
+
}) => number, defaultRequiresApproval?: boolean) => EffectivePolicy;
|
|
59
|
+
export declare const effectivePolicyFromSorted: (toolId: string, sortedPolicies: readonly Pick<ToolPolicy, "pattern" | "action" | "id">[], defaultRequiresApproval?: boolean) => EffectivePolicy;
|
|
60
|
+
export declare const rowToToolPolicy: (row: ToolPolicyRow) => ToolPolicy;
|
|
61
|
+
export declare const ToolPolicyActionSchema: Schema.Literals<readonly ["approve", "require_approval", "block"]>;
|
|
70
62
|
//# sourceMappingURL=policies.d.ts.map
|
package/dist/policies.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policies.d.ts","sourceRoot":"","sources":["../src/policies.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"policies.d.ts","sourceRoot":"","sources":["../src/policies.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,OAAO,KAAK,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAQ1C,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC;;wEAEoE;IACpE,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC;iEAC6D;IAC7D,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,CAAC,EAAE,gBAAgB,CAAC;IACnC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC5B;AAQD,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAaD,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,gBAAgB,CAAC;AAErD,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,gEAAgE;IAChE,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,8DAA8D;IAC9D,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC5B;AAYD,eAAO,MAAM,YAAY,GAAI,SAAS,MAAM,EAAE,QAAQ,MAAM,KAAG,OAS9D,CAAC;AAOF,eAAO,MAAM,cAAc,GAAI,SAAS,MAAM,KAAG,OAehD,CAAC;AAcF,eAAO,MAAM,gBAAgB,GAC3B,GAAG;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,EAAE,EAAE,OAAO,CAAA;CAAE,EACrC,GAAG;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,EAAE,EAAE,OAAO,CAAA;CAAE,KACpC,MAQF,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAC5B,QAAQ,MAAM,EACd,UAAU,SAAS,aAAa,EAAE,EAClC,WAAW,CAAC,GAAG,EAAE;IAAE,QAAQ,EAAE,OAAO,CAAA;CAAE,KAAK,MAAM,KAChD,WAAW,GAAG,SAkBhB,CAAC;AA8BF,eAAO,MAAM,sBAAsB,GACjC,QAAQ,MAAM,EACd,UAAU,SAAS,aAAa,EAAE,EAClC,WAAW,CAAC,GAAG,EAAE;IAAE,QAAQ,EAAE,OAAO,CAAA;CAAE,KAAK,MAAM,EACjD,0BAA0B,OAAO,KAChC,eAGF,CAAC;AAEF,eAAO,MAAM,yBAAyB,GACpC,QAAQ,MAAM,EACd,gBAAgB,SAAS,IAAI,CAAC,UAAU,EAAE,SAAS,GAAG,QAAQ,GAAG,IAAI,CAAC,EAAE,EACxE,0BAA0B,OAAO,KAChC,eAYF,CAAC;AAMF,eAAO,MAAM,eAAe,GAAI,KAAK,aAAa,KAAG,UAQnD,CAAC;AAOH,eAAO,MAAM,sBAAsB,oEAIjC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policies.test.d.ts","sourceRoot":"","sources":["../src/policies.test.ts"],"names":[],"mappings":""}
|