@executor-js/sdk 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (96) hide show
  1. package/README.md +125 -107
  2. package/dist/blob.d.ts +48 -0
  3. package/dist/blob.d.ts.map +1 -0
  4. package/dist/blob.test.d.ts +2 -0
  5. package/dist/blob.test.d.ts.map +1 -0
  6. package/dist/chunk-6LMMN2GP.js +4396 -0
  7. package/dist/chunk-6LMMN2GP.js.map +1 -0
  8. package/dist/config.d.ts +14 -0
  9. package/dist/config.d.ts.map +1 -0
  10. package/dist/connections.d.ts +107 -0
  11. package/dist/connections.d.ts.map +1 -0
  12. package/dist/connections.test.d.ts +2 -0
  13. package/dist/connections.test.d.ts.map +1 -0
  14. package/dist/core-schema.d.ts +372 -0
  15. package/dist/core-schema.d.ts.map +1 -0
  16. package/dist/core.js +273 -57
  17. package/dist/core.js.map +1 -1
  18. package/dist/elicitation.d.ts +18 -34
  19. package/dist/elicitation.d.ts.map +1 -1
  20. package/dist/error-handling.test.d.ts +2 -0
  21. package/dist/error-handling.test.d.ts.map +1 -0
  22. package/dist/errors.d.ts +95 -24
  23. package/dist/errors.d.ts.map +1 -1
  24. package/dist/executor.d.ts +107 -48
  25. package/dist/executor.d.ts.map +1 -1
  26. package/dist/executor.test.d.ts +2 -0
  27. package/dist/executor.test.d.ts.map +1 -0
  28. package/dist/ids.d.ts +6 -4
  29. package/dist/ids.d.ts.map +1 -1
  30. package/dist/index.d.ts +22 -16
  31. package/dist/index.d.ts.map +1 -1
  32. package/dist/index.js +80 -308
  33. package/dist/index.js.map +1 -1
  34. package/dist/oauth-discovery.d.ts +138 -0
  35. package/dist/oauth-discovery.d.ts.map +1 -0
  36. package/dist/oauth-discovery.test.d.ts +2 -0
  37. package/dist/oauth-discovery.test.d.ts.map +1 -0
  38. package/dist/oauth-helpers.d.ts +89 -0
  39. package/dist/oauth-helpers.d.ts.map +1 -0
  40. package/dist/oauth-helpers.test.d.ts +2 -0
  41. package/dist/oauth-helpers.test.d.ts.map +1 -0
  42. package/dist/oauth-popup-types.d.ts +14 -0
  43. package/dist/oauth-popup-types.d.ts.map +1 -0
  44. package/dist/oauth-service.d.ts +33 -0
  45. package/dist/oauth-service.d.ts.map +1 -0
  46. package/dist/oauth.d.ts +275 -0
  47. package/dist/oauth.d.ts.map +1 -0
  48. package/dist/plugin.d.ts +261 -27
  49. package/dist/plugin.d.ts.map +1 -1
  50. package/dist/policies.d.ts +56 -64
  51. package/dist/policies.d.ts.map +1 -1
  52. package/dist/policies.test.d.ts +2 -0
  53. package/dist/policies.test.d.ts.map +1 -0
  54. package/dist/promise-executor.d.ts +26 -128
  55. package/dist/promise-executor.d.ts.map +1 -1
  56. package/dist/promise.d.ts +12 -6
  57. package/dist/promise.d.ts.map +1 -1
  58. package/dist/promise.test.d.ts +2 -0
  59. package/dist/promise.test.d.ts.map +1 -0
  60. package/dist/schema-types.d.ts +6 -5
  61. package/dist/schema-types.d.ts.map +1 -1
  62. package/dist/scope.d.ts +5 -15
  63. package/dist/scope.d.ts.map +1 -1
  64. package/dist/scoped-adapter.d.ts +13 -0
  65. package/dist/scoped-adapter.d.ts.map +1 -0
  66. package/dist/scoped-adapter.test.d.ts +2 -0
  67. package/dist/scoped-adapter.test.d.ts.map +1 -0
  68. package/dist/secret-backed-value.d.ts +27 -0
  69. package/dist/secret-backed-value.d.ts.map +1 -0
  70. package/dist/secrets.d.ts +52 -106
  71. package/dist/secrets.d.ts.map +1 -1
  72. package/dist/testing.d.ts +5 -3
  73. package/dist/testing.d.ts.map +1 -1
  74. package/dist/types.d.ts +84 -0
  75. package/dist/types.d.ts.map +1 -0
  76. package/package.json +7 -4
  77. package/dist/chunk-D7CT3UMO.js +0 -1386
  78. package/dist/chunk-D7CT3UMO.js.map +0 -1
  79. package/dist/in-memory/policy-engine.d.ts +0 -10
  80. package/dist/in-memory/policy-engine.d.ts.map +0 -1
  81. package/dist/in-memory/secret-store.d.ts +0 -16
  82. package/dist/in-memory/secret-store.d.ts.map +0 -1
  83. package/dist/in-memory/tool-registry.d.ts +0 -35
  84. package/dist/in-memory/tool-registry.d.ts.map +0 -1
  85. package/dist/index.test.d.ts +0 -2
  86. package/dist/index.test.d.ts.map +0 -1
  87. package/dist/plugin-kv.d.ts +0 -48
  88. package/dist/plugin-kv.d.ts.map +0 -1
  89. package/dist/plugins/in-memory-tools.d.ts +0 -42
  90. package/dist/plugins/in-memory-tools.d.ts.map +0 -1
  91. package/dist/runtime-tools.d.ts +0 -41
  92. package/dist/runtime-tools.d.ts.map +0 -1
  93. package/dist/sources.d.ts +0 -130
  94. package/dist/sources.d.ts.map +0 -1
  95. package/dist/tools.d.ts +0 -219
  96. package/dist/tools.d.ts.map +0 -1
package/dist/plugin.d.ts CHANGED
@@ -1,35 +1,269 @@
1
1
  import type { Effect } from "effect";
2
- import type { ToolRegistry } from "./tools";
3
- import type { SecretStore } from "./secrets";
4
- import type { PolicyEngine } from "./policies";
5
- import type { SourceRegistry } from "./sources";
2
+ import type { DBAdapter, DBSchema, StorageFailure, TypedAdapter } from "@executor-js/storage-core";
3
+ import type { PluginBlobStore } from "./blob";
4
+ import type { ConnectionProvider, ConnectionRef, ConnectionRefreshError, CreateConnectionInput, UpdateConnectionTokensInput } from "./connections";
5
+ import type { DefinitionsInput, SourceInput, ToolAnnotations, ToolRow } from "./core-schema";
6
+ import type { SourceDetectionResult } from "./types";
7
+ import type { ElicitationDeclinedError, ElicitationHandler, ElicitationRequest, ElicitationResponse } from "./elicitation";
8
+ import type { ConnectionNotFoundError, ConnectionProviderNotRegisteredError, ConnectionReauthRequiredError, ConnectionRefreshNotSupportedError, SecretOwnedByConnectionError } from "./errors";
9
+ import type { OAuthService } from "./oauth";
6
10
  import type { Scope } from "./scope";
7
- export interface PluginContext {
8
- readonly scope: Scope;
9
- readonly tools: Context.Tag.Service<typeof ToolRegistry>;
10
- readonly sources: Context.Tag.Service<typeof SourceRegistry>;
11
- readonly secrets: Context.Tag.Service<typeof SecretStore>;
12
- readonly policies: Context.Tag.Service<typeof PolicyEngine>;
13
- }
14
- export interface ExecutorPlugin<TKey extends string = string, TExtension extends object = object> {
15
- /** Unique plugin key — becomes a property on the Executor type */
16
- readonly key: TKey;
11
+ import type { SecretProvider, SecretRef, SetSecretInput } from "./secrets";
12
+ export interface StorageDeps<TSchema extends DBSchema | undefined = undefined> {
17
13
  /**
18
- * Called when the executor starts. The plugin should register its tools
19
- * and return any cleanup logic + its public extension API.
14
+ * Precedence-ordered scope stack visible to this executor. Innermost
15
+ * first. Reads on scoped tables walk every scope; writes require the
16
+ * plugin to name a target scope explicitly (via `scope_id` on the
17
+ * adapter payload, via `options.scope` on the blob store).
20
18
  */
21
- readonly init: (ctx: PluginContext) => Effect.Effect<PluginHandle<TExtension>, Error>;
19
+ readonly scopes: readonly Scope[];
20
+ /**
21
+ * Plugin-facing typed adapter. Failures surface as raw `StorageFailure`
22
+ * (`StorageError` | `UniqueViolationError`). Plugins can
23
+ * `catchTag("UniqueViolationError", …)` to translate to their own
24
+ * user-facing errors. `StorageError` bubbles up; the HTTP edge (see
25
+ * `@executor-js/api` `withCapture`) is the one place that
26
+ * translates it to the opaque `InternalError({ traceId })`.
27
+ */
28
+ readonly adapter: TSchema extends DBSchema ? TypedAdapter<TSchema, StorageFailure> : DBAdapter;
29
+ readonly blobs: PluginBlobStore;
30
+ }
31
+ export declare const defineSchema: <const S extends DBSchema>(schema: S) => S;
32
+ export type Elicit = (request: ElicitationRequest) => Effect.Effect<ElicitationResponse, ElicitationDeclinedError>;
33
+ export interface PluginCtx<TStore = unknown> {
34
+ /**
35
+ * Precedence-ordered scope stack visible to this executor. Innermost
36
+ * first. Plugins that write scoped rows must pick an element of
37
+ * `scopes` as the `scope`/`scope_id` they stamp; reads through the
38
+ * adapter or `ctx.secrets` automatically fall through the stack.
39
+ */
40
+ readonly scopes: readonly Scope[];
41
+ readonly storage: TStore;
42
+ readonly core: {
43
+ readonly sources: {
44
+ readonly register: (input: SourceInput) => Effect.Effect<void, StorageFailure>;
45
+ readonly unregister: (sourceId: string) => Effect.Effect<void, StorageFailure>;
46
+ readonly update: (input: {
47
+ readonly id: string;
48
+ readonly scope: string;
49
+ readonly name?: string;
50
+ readonly url?: string | null;
51
+ }) => Effect.Effect<void, StorageFailure>;
52
+ };
53
+ /** Register shared JSON-schema `$defs` for a source. Tool
54
+ * input/output schemas registered via `sources.register` can carry
55
+ * `$ref: "#/$defs/X"` pointers; `executor.tools.schema(toolId)`
56
+ * attaches matching defs to the returned schema. Call inside the
57
+ * same `ctx.transaction` as `sources.register` for atomicity.
58
+ * Replaces any existing defs for the given sourceId. */
59
+ readonly definitions: {
60
+ readonly register: (input: DefinitionsInput) => Effect.Effect<void, StorageFailure>;
61
+ };
62
+ };
63
+ readonly secrets: {
64
+ readonly get: (id: string) => Effect.Effect<string | null, SecretOwnedByConnectionError | StorageFailure>;
65
+ /** List user-visible secrets. Connection-owned secrets (rows with
66
+ * `owned_by_connection_id` set) are filtered out so they don't
67
+ * clutter the UI — users see the Connection instead. */
68
+ readonly list: () => Effect.Effect<readonly {
69
+ readonly id: string;
70
+ readonly name: string;
71
+ readonly provider: string;
72
+ }[], StorageFailure>;
73
+ /** Write a secret value through a provider. Used by plugins that
74
+ * mint secrets on behalf of the user (OAuth2 token storage,
75
+ * interactive onboarding flows). Normally writes go through
76
+ * `executor.secrets.set` on the host surface, but OAuth2 refresh
77
+ * and one-shot token capture from plugin-owned flows need it here
78
+ * too. Same routing rules as the host-level setter. */
79
+ readonly set: (input: SetSecretInput) => Effect.Effect<SecretRef, StorageFailure>;
80
+ /** Delete a secret from its pinned provider and the core table.
81
+ * Rejects with `SecretOwnedByConnectionError` if the row is owned
82
+ * by a connection — callers must go through `connections.remove`
83
+ * to drop the whole sign-in. */
84
+ readonly remove: (id: string) => Effect.Effect<void, SecretOwnedByConnectionError | StorageFailure>;
85
+ };
86
+ /** Connections — product-level sign-in state. Owns backing secret
87
+ * rows via `secret.owned_by_connection_id`. Plugins call
88
+ * `connections.accessToken(id)` at invoke time to get a guaranteed-
89
+ * fresh token (the SDK handles refresh via the registered provider
90
+ * keyed by `connection.provider`). */
91
+ readonly connections: {
92
+ readonly get: (id: string) => Effect.Effect<ConnectionRef | null, StorageFailure>;
93
+ readonly list: () => Effect.Effect<readonly ConnectionRef[], StorageFailure>;
94
+ readonly create: (input: CreateConnectionInput) => Effect.Effect<ConnectionRef, ConnectionProviderNotRegisteredError | StorageFailure>;
95
+ readonly updateTokens: (input: UpdateConnectionTokensInput) => Effect.Effect<ConnectionRef, ConnectionNotFoundError | StorageFailure>;
96
+ readonly setIdentityLabel: (id: string, label: string | null) => Effect.Effect<void, ConnectionNotFoundError | StorageFailure>;
97
+ /** Get a guaranteed-fresh access token. Calls the provider's
98
+ * `refresh` handler if `expires_at` is in the past / within the
99
+ * refresh skew window. */
100
+ readonly accessToken: (id: string) => Effect.Effect<string, ConnectionNotFoundError | ConnectionProviderNotRegisteredError | ConnectionRefreshNotSupportedError | ConnectionReauthRequiredError | ConnectionRefreshError | StorageFailure>;
101
+ readonly remove: (id: string) => Effect.Effect<void, StorageFailure>;
102
+ };
103
+ /** Shared OAuth service. Plugins use this to probe/start/complete OAuth
104
+ * flows; invocation should still resolve tokens via `connections.accessToken`. */
105
+ readonly oauth: OAuthService;
106
+ /** Run `effect` inside a database transaction. Wraps the underlying
107
+ * adapter's transaction method. Use this in extension methods that
108
+ * need atomicity across plugin storage writes AND core source/tool
109
+ * registration. */
110
+ readonly transaction: <A, E>(effect: Effect.Effect<A, E>) => Effect.Effect<A, E | StorageFailure>;
111
+ }
112
+ export interface StaticToolHandlerInput<TStore = unknown> {
113
+ readonly ctx: PluginCtx<TStore>;
114
+ readonly args: unknown;
115
+ /** Suspend the fiber to request user input. The handler passed to
116
+ * `createExecutor({ onElicitation })` is called. */
117
+ readonly elicit: Elicit;
118
+ }
119
+ export interface StaticToolDecl<TStore = unknown> {
120
+ readonly name: string;
121
+ readonly description: string;
122
+ readonly inputSchema?: unknown;
123
+ readonly outputSchema?: unknown;
124
+ /** Default-policy annotations — `requiresApproval`, `approvalDescription`,
125
+ * `mayElicit`. Enforced by the executor before the handler runs.
126
+ * Inline because static tools have no plugin storage to resolve from;
127
+ * the plugin author literally writes this at definition time. */
128
+ readonly annotations?: ToolAnnotations;
129
+ readonly handler: (input: StaticToolHandlerInput<TStore>) => Effect.Effect<unknown, unknown>;
22
130
  }
23
- export interface PluginHandle<TExtension extends object = object> {
24
- /** Plugin's public API — exposed on the executor as `executor[plugin.key]` */
25
- readonly extension: TExtension;
26
- /** Called when the executor shuts down */
27
- readonly close?: () => Effect.Effect<void>;
131
+ export interface StaticSourceDecl<TStore = unknown> {
132
+ readonly id: string;
133
+ readonly kind: string;
134
+ readonly name: string;
135
+ readonly url?: string;
136
+ /** Static sources default to `canRemove: false` — they represent
137
+ * plugin-provided control surfaces and shouldn't be user-removable.
138
+ * Override only if you really want that. */
139
+ readonly canRemove?: boolean;
140
+ readonly canRefresh?: boolean;
141
+ readonly canEdit?: boolean;
142
+ readonly tools: readonly StaticToolDecl<TStore>[];
28
143
  }
29
- /** Maps a tuple of plugins to their extensions keyed by plugin key */
30
- export type PluginExtensions<TPlugins extends readonly ExecutorPlugin<string, object>[]> = {
31
- readonly [P in TPlugins[number] as P["key"]]: P extends ExecutorPlugin<string, infer TExt> ? TExt : never;
144
+ export interface InvokeToolInput<TStore = unknown> {
145
+ readonly ctx: PluginCtx<TStore>;
146
+ /** Already-loaded tool row. Plugin doesn't need to re-fetch or parse
147
+ * the tool id. Carries source_id, name, input/output schemas,
148
+ * annotations. */
149
+ readonly toolRow: ToolRow;
150
+ readonly args: unknown;
151
+ /** Elicitation handle for plugins that need mid-invocation user input
152
+ * (onepassword auth prompt, interactive MCP tools, etc.). */
153
+ readonly elicit: Elicit;
154
+ }
155
+ export interface SourceLifecycleInput<TStore = unknown> {
156
+ readonly ctx: PluginCtx<TStore>;
157
+ readonly sourceId: string;
158
+ /**
159
+ * Scope of the source row being removed/refreshed — resolved by the
160
+ * SDK's `sources.remove` / `sources.refresh` via innermost-wins lookup
161
+ * across the executor's scope stack. Plugins that own a side table
162
+ * keyed by (id, scope_id) must pin their own cleanup to this scope;
163
+ * relying on the scoped adapter's `scope_id IN (stack)` fall-through
164
+ * would widen the mutation across the whole stack and wipe a
165
+ * shadowed outer-scope row.
166
+ */
167
+ readonly scope: string;
168
+ }
169
+ export interface PluginSpec<TId extends string = string, TExtension extends object = Record<string, never>, TStore = unknown, TSchema extends DBSchema | undefined = DBSchema | undefined> {
170
+ readonly id: TId;
171
+ /** Plugin-declared schema. Merged with coreSchema and other plugins'
172
+ * schemas at executor startup via `collectSchemas`. The type flows
173
+ * into the `storage` factory's `deps.adapter` as a `TypedAdapter<TSchema>`
174
+ * so plugins get narrowed model names + typed rows for free. */
175
+ readonly schema?: TSchema;
176
+ /** Build the plugin's typed store from backing. `deps.adapter` is
177
+ * already narrowed to this plugin's schema; `deps.blobs` is already
178
+ * scoped to the plugin id so key collisions across plugins are
179
+ * structurally impossible. */
180
+ readonly storage: (deps: StorageDeps<TSchema>) => TStore;
181
+ /** Build the plugin's extension API. The returned object becomes
182
+ * `executor[plugin.id]` and is also the `self` passed to
183
+ * `staticSources`. Field order matters: `extension` MUST appear
184
+ * before `staticSources` so TS infers TExtension from this
185
+ * factory's return BEFORE type-checking `self: NoInfer<TExtension>`. */
186
+ readonly extension?: (ctx: PluginCtx<TStore>) => TExtension;
187
+ /** Static sources contributed by this plugin with inline tool
188
+ * handlers. Lives entirely in memory — no DB writes at startup.
189
+ * Handlers close over `self` via the closure, so a control tool
190
+ * that delegates to the plugin's real API is a one-liner:
191
+ * `({ args }) => self.addSpec(args)`. */
192
+ readonly staticSources?: (self: NoInfer<TExtension>) => readonly StaticSourceDecl<TStore>[];
193
+ /** Invoke a dynamic tool. Called when the executor's static-handler
194
+ * map doesn't have the toolId. The plugin reads its own enrichment
195
+ * via `ctx.storage` and returns the result. Optional — plugins with
196
+ * only static tools can omit it. */
197
+ readonly invokeTool?: (input: InvokeToolInput<TStore>) => Effect.Effect<unknown, unknown>;
198
+ /** Bulk resolve annotations (requiresApproval, approvalDescription,
199
+ * mayElicit) for a set of tool rows under a single source. Called
200
+ * by the executor:
201
+ * - at invoke time with a single-element `toolRows` array, to
202
+ * enforce approval on the about-to-run tool
203
+ * - at list time with every dynamic tool row under each source,
204
+ * grouped by source_id, to populate `Tool.annotations` for UI
205
+ *
206
+ * The expected implementation for most plugins is: read plugin
207
+ * storage once for the given source/rows, derive annotations from
208
+ * the same data that was used to build the tool (HTTP method +
209
+ * path for openapi, introspection kind for graphql, etc.), return
210
+ * a map keyed by tool id.
211
+ *
212
+ * Omit if the plugin has no annotations to contribute — executor
213
+ * treats tools from that plugin as auto-approved with no
214
+ * elicitation. */
215
+ readonly resolveAnnotations?: (input: {
216
+ readonly ctx: PluginCtx<TStore>;
217
+ readonly sourceId: string;
218
+ readonly toolRows: readonly ToolRow[];
219
+ }) => Effect.Effect<Record<string, ToolAnnotations>, unknown>;
220
+ /** Called when `executor.sources.remove(id)` targets a source owned
221
+ * by this plugin. Plugin-side cleanup only; the executor deletes
222
+ * the core source/tool rows after this callback returns, inside
223
+ * the same transaction. */
224
+ readonly removeSource?: (input: SourceLifecycleInput<TStore>) => Effect.Effect<void, unknown>;
225
+ readonly refreshSource?: (input: SourceLifecycleInput<TStore>) => Effect.Effect<void, unknown>;
226
+ /** URL autodetection hook. When the user pastes a URL in the
227
+ * onboarding UI, `executor.sources.detect(url)` fans out to every
228
+ * plugin's `detect`. Return a `SourceDetectionResult` if you
229
+ * recognize the URL, `null` otherwise. Implementations should be
230
+ * defensive — swallow fetch errors and return null rather than
231
+ * throwing. First high-confidence match wins. */
232
+ readonly detect?: (input: {
233
+ readonly ctx: PluginCtx<TStore>;
234
+ readonly url: string;
235
+ }) => Effect.Effect<SourceDetectionResult | null, unknown>;
236
+ /** Secret providers contributed by this plugin. Either a static
237
+ * array, a function of ctx (for providers that need per-instance
238
+ * state like the keychain's scope-derived service name), or a
239
+ * function returning an Effect so plugins can probe for backend
240
+ * availability at startup and register conditionally. Called once
241
+ * at executor startup after `storage` and `extension` have been
242
+ * built. */
243
+ readonly secretProviders?: readonly SecretProvider[] | ((ctx: PluginCtx<TStore>) => readonly SecretProvider[]) | ((ctx: PluginCtx<TStore>) => Effect.Effect<readonly SecretProvider[]>);
244
+ /** Connection providers contributed by this plugin. Same registration
245
+ * shape as `secretProviders`. Each provider's `key` is what
246
+ * `connection.provider` references in the core table; the `refresh`
247
+ * handler is the SDK's single entry point for token lifecycle —
248
+ * plugins don't run their own refresh loops anymore. */
249
+ readonly connectionProviders?: readonly ConnectionProvider[] | ((ctx: PluginCtx<TStore>) => readonly ConnectionProvider[]) | ((ctx: PluginCtx<TStore>) => Effect.Effect<readonly ConnectionProvider[]>);
250
+ readonly close?: () => Effect.Effect<void, unknown>;
251
+ }
252
+ export interface Plugin<TId extends string = string, TExtension extends object = Record<string, never>, TStore = unknown, TSchema extends DBSchema | undefined = DBSchema | undefined> extends PluginSpec<TId, TExtension, TStore, TSchema> {
253
+ }
254
+ export type ConfiguredPlugin<TId extends string, TExtension extends object, TStore, TOptions extends object, TSchema extends DBSchema | undefined> = (options?: TOptions & {
255
+ readonly storage?: (deps: StorageDeps<TSchema>) => TStore;
256
+ }) => Plugin<TId, TExtension, TStore, TSchema>;
257
+ export declare function definePlugin<TId extends string, TExtension extends object, TStore, TSchema extends DBSchema | undefined = undefined, TOptions extends object = {}>(authorFactory: (options?: TOptions) => PluginSpec<TId, TExtension, TStore, TSchema>): ConfiguredPlugin<TId, TExtension, TStore, TOptions, TSchema>;
258
+ export type AnyPlugin = Plugin<string, any, any, any>;
259
+ export type PluginExtensions<TPlugins extends readonly AnyPlugin[]> = {
260
+ readonly [P in TPlugins[number] as P["id"]]: P extends Plugin<string, infer TExt, any, any> ? TExt : never;
32
261
  };
33
- import type { Context } from "effect";
34
- export declare const definePlugin: <const TKey extends string, TExtension extends object>(plugin: ExecutorPlugin<TKey, TExtension>) => ExecutorPlugin<TKey, TExtension>;
262
+ /** Lightweight projection of a secret entry as returned by `ctx.secrets.list`. */
263
+ export interface SecretListEntry {
264
+ readonly id: string;
265
+ readonly name: string;
266
+ readonly provider: string;
267
+ }
268
+ export type { ElicitationHandler };
35
269
  //# sourceMappingURL=plugin.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAErC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAMrC,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,YAAY,CAAC,CAAC;IACzD,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,cAAc,CAAC,CAAC;IAC7D,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,WAAW,CAAC,CAAC;IAC1D,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,YAAY,CAAC,CAAC;CAC7D;AAMD,MAAM,WAAW,cAAc,CAAC,IAAI,SAAS,MAAM,GAAG,MAAM,EAAE,UAAU,SAAS,MAAM,GAAG,MAAM;IAC9F,kEAAkE;IAClE,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC;IAEnB;;;OAGG;IACH,QAAQ,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,aAAa,KAAK,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,CAAC;CACvF;AAED,MAAM,WAAW,YAAY,CAAC,UAAU,SAAS,MAAM,GAAG,MAAM;IAC9D,8EAA8E;IAC9E,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;IAC/B,0CAA0C;IAC1C,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;CAC5C;AAMD,sEAAsE;AACtE,MAAM,MAAM,gBAAgB,CAAC,QAAQ,SAAS,SAAS,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,IAAI;IACzF,QAAQ,EAAE,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,cAAc,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,GACtF,IAAI,GACJ,KAAK;CACV,CAAC;AAGF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AAMtC,eAAO,MAAM,YAAY,GAAI,KAAK,CAAC,IAAI,SAAS,MAAM,EAAE,UAAU,SAAS,MAAM,EAC/E,QAAQ,cAAc,CAAC,IAAI,EAAE,UAAU,CAAC,KACvC,cAAc,CAAC,IAAI,EAAE,UAAU,CAAW,CAAC"}
1
+ {"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,KAAK,EACV,SAAS,EACT,QAAQ,EACR,cAAc,EACd,YAAY,EACb,MAAM,2BAA2B,CAAC;AAEnC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,KAAK,EACV,kBAAkB,EAClB,aAAa,EACb,sBAAsB,EACtB,qBAAqB,EACrB,2BAA2B,EAC5B,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EACV,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,OAAO,EACR,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,KAAK,EACV,wBAAwB,EACxB,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACpB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EACV,uBAAuB,EACvB,oCAAoC,EACpC,6BAA6B,EAC7B,kCAAkC,EAClC,4BAA4B,EAC7B,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAc3E,MAAM,WAAW,WAAW,CAAC,OAAO,SAAS,QAAQ,GAAG,SAAS,GAAG,SAAS;IAC3E;;;;;OAKG;IACH,QAAQ,CAAC,MAAM,EAAE,SAAS,KAAK,EAAE,CAAC;IAClC;;;;;;;OAOG;IACH,QAAQ,CAAC,OAAO,EAAE,OAAO,SAAS,QAAQ,GACtC,YAAY,CAAC,OAAO,EAAE,cAAc,CAAC,GACrC,SAAS,CAAC;IACd,QAAQ,CAAC,KAAK,EAAE,eAAe,CAAC;CACjC;AASD,eAAO,MAAM,YAAY,GAAI,KAAK,CAAC,CAAC,SAAS,QAAQ,EAAE,QAAQ,CAAC,KAAG,CAAW,CAAC;AAS/E,MAAM,MAAM,MAAM,GAAG,CACnB,OAAO,EAAE,kBAAkB,KACxB,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,wBAAwB,CAAC,CAAC;AAQlE,MAAM,WAAW,SAAS,CAAC,MAAM,GAAG,OAAO;IACzC;;;;;OAKG;IACH,QAAQ,CAAC,MAAM,EAAE,SAAS,KAAK,EAAE,CAAC;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IAEzB,QAAQ,CAAC,IAAI,EAAE;QACb,QAAQ,CAAC,OAAO,EAAE;YAChB,QAAQ,CAAC,QAAQ,EAAE,CACjB,KAAK,EAAE,WAAW,KACf,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;YACzC,QAAQ,CAAC,UAAU,EAAE,CACnB,QAAQ,EAAE,MAAM,KACb,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;YACzC,QAAQ,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE;gBACvB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;gBACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;gBACvB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;aAC9B,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;SAC3C,CAAC;QACF;;;;;iEAKyD;QACzD,QAAQ,CAAC,WAAW,EAAE;YACpB,QAAQ,CAAC,QAAQ,EAAE,CACjB,KAAK,EAAE,gBAAgB,KACpB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;SAC1C,CAAC;KACH,CAAC;IAEF,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,GAAG,EAAE,CACZ,EAAE,EAAE,MAAM,KACP,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,EAAE,4BAA4B,GAAG,cAAc,CAAC,CAAC;QACjF;;iEAEyD;QACzD,QAAQ,CAAC,IAAI,EAAE,MAAM,MAAM,CAAC,MAAM,CAChC,SAAS;YAAE,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;YAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;YAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;SAAE,EAAE,EACpF,cAAc,CACf,CAAC;QACF;;;;;gEAKwD;QACxD,QAAQ,CAAC,GAAG,EAAE,CACZ,KAAK,EAAE,cAAc,KAClB,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAC9C;;;yCAGiC;QACjC,QAAQ,CAAC,MAAM,EAAE,CACf,EAAE,EAAE,MAAM,KACP,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,4BAA4B,GAAG,cAAc,CAAC,CAAC;KACzE,CAAC;IAEF;;;;2CAIuC;IACvC,QAAQ,CAAC,WAAW,EAAE;QACpB,QAAQ,CAAC,GAAG,EAAE,CACZ,EAAE,EAAE,MAAM,KACP,MAAM,CAAC,MAAM,CAAC,aAAa,GAAG,IAAI,EAAE,cAAc,CAAC,CAAC;QACzD,QAAQ,CAAC,IAAI,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,aAAa,EAAE,EAAE,cAAc,CAAC,CAAC;QAC7E,QAAQ,CAAC,MAAM,EAAE,CACf,KAAK,EAAE,qBAAqB,KACzB,MAAM,CAAC,MAAM,CAChB,aAAa,EACb,oCAAoC,GAAG,cAAc,CACtD,CAAC;QACF,QAAQ,CAAC,YAAY,EAAE,CACrB,KAAK,EAAE,2BAA2B,KAC/B,MAAM,CAAC,MAAM,CAChB,aAAa,EACb,uBAAuB,GAAG,cAAc,CACzC,CAAC;QACF,QAAQ,CAAC,gBAAgB,EAAE,CACzB,EAAE,EAAE,MAAM,EACV,KAAK,EAAE,MAAM,GAAG,IAAI,KACjB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,uBAAuB,GAAG,cAAc,CAAC,CAAC;QACnE;;mCAE2B;QAC3B,QAAQ,CAAC,WAAW,EAAE,CACpB,EAAE,EAAE,MAAM,KACP,MAAM,CAAC,MAAM,CAChB,MAAM,EACJ,uBAAuB,GACvB,oCAAoC,GACpC,kCAAkC,GAClC,6BAA6B,GAC7B,sBAAsB,GACtB,cAAc,CACjB,CAAC;QACF,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;KACtE,CAAC;IAEF;uFACmF;IACnF,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAE7B;;;wBAGoB;IACpB,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC,EACzB,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,KACxB,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,CAAC;CAC3C;AAcD,MAAM,WAAW,sBAAsB,CAAC,MAAM,GAAG,OAAO;IACtD,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB;yDACqD;IACrD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAc,CAAC,MAAM,GAAG,OAAO;IAC9C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;IAChC;;;sEAGkE;IAClE,QAAQ,CAAC,WAAW,CAAC,EAAE,eAAe,CAAC;IACvC,QAAQ,CAAC,OAAO,EAAE,CAChB,KAAK,EAAE,sBAAsB,CAAC,MAAM,CAAC,KAClC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,gBAAgB,CAAC,MAAM,GAAG,OAAO;IAChD,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB;;iDAE6C;IAC7C,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IAC7B,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,SAAS,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;CACnD;AAMD,MAAM,WAAW,eAAe,CAAC,MAAM,GAAG,OAAO;IAC/C,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC;;uBAEmB;IACnB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB;kEAC8D;IAC9D,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,oBAAoB,CAAC,MAAM,GAAG,OAAO;IACpD,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;;;;;;;;OAQG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAMD,MAAM,WAAW,UAAU,CACzB,GAAG,SAAS,MAAM,GAAG,MAAM,EAC3B,UAAU,SAAS,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EACjD,MAAM,GAAG,OAAO,EAChB,OAAO,SAAS,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS;IAE3D,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC;IACjB;;;qEAGiE;IACjE,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B;;;mCAG+B;IAC/B,QAAQ,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,MAAM,CAAC;IAEzD;;;;6EAIyE;IACzE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK,UAAU,CAAC;IAE5D;;;;8CAI0C;IAC1C,QAAQ,CAAC,aAAa,CAAC,EAAE,CACvB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,KACtB,SAAS,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;IAEzC;;;yCAGqC;IACrC,QAAQ,CAAC,UAAU,CAAC,EAAE,CACpB,KAAK,EAAE,eAAe,CAAC,MAAM,CAAC,KAC3B,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAErC;;;;;;;;;;;;;;;;uBAgBmB;IACnB,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC,KAAK,EAAE;QACpC,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;QAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC;KACvC,KAAK,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE,OAAO,CAAC,CAAC;IAE9D;;;gCAG4B;IAC5B,QAAQ,CAAC,YAAY,CAAC,EAAE,CACtB,KAAK,EAAE,oBAAoB,CAAC,MAAM,CAAC,KAChC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAElC,QAAQ,CAAC,aAAa,CAAC,EAAE,CACvB,KAAK,EAAE,oBAAoB,CAAC,MAAM,CAAC,KAChC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAElC;;;;;sDAKkD;IAClD,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE;QACxB,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;QAChC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;KACtB,KAAK,MAAM,CAAC,MAAM,CAAC,qBAAqB,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAE3D;;;;;;iBAMa;IACb,QAAQ,CAAC,eAAe,CAAC,EACrB,SAAS,cAAc,EAAE,GACzB,CAAC,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK,SAAS,cAAc,EAAE,CAAC,GACvD,CAAC,CACC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,KACnB,MAAM,CAAC,MAAM,CAAC,SAAS,cAAc,EAAE,CAAC,CAAC,CAAC;IAEnD;;;;6DAIyD;IACzD,QAAQ,CAAC,mBAAmB,CAAC,EACzB,SAAS,kBAAkB,EAAE,GAC7B,CAAC,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK,SAAS,kBAAkB,EAAE,CAAC,GAC3D,CAAC,CACC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,KACnB,MAAM,CAAC,MAAM,CAAC,SAAS,kBAAkB,EAAE,CAAC,CAAC,CAAC;IAEvD,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;CACrD;AAED,MAAM,WAAW,MAAM,CACrB,GAAG,SAAS,MAAM,GAAG,MAAM,EAC3B,UAAU,SAAS,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EACjD,MAAM,GAAG,OAAO,EAChB,OAAO,SAAS,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,CAC3D,SAAQ,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC;CAAG;AAQzD,MAAM,MAAM,gBAAgB,CAC1B,GAAG,SAAS,MAAM,EAClB,UAAU,SAAS,MAAM,EACzB,MAAM,EACN,QAAQ,SAAS,MAAM,EACvB,OAAO,SAAS,QAAQ,GAAG,SAAS,IAClC,CACF,OAAO,CAAC,EAAE,QAAQ,GAAG;IACnB,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,MAAM,CAAC;CAC3D,KACE,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AAG9C,wBAAgB,YAAY,CAC1B,GAAG,SAAS,MAAM,EAClB,UAAU,SAAS,MAAM,EACzB,MAAM,EACN,OAAO,SAAS,QAAQ,GAAG,SAAS,GAAG,SAAS,EAChD,QAAQ,SAAS,MAAM,GAAG,EAAE,EAE5B,aAAa,EAAE,CACb,OAAO,CAAC,EAAE,QAAQ,KACf,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,GAChD,gBAAgB,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAoB9D;AAOD,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AAEtD,MAAM,MAAM,gBAAgB,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,IAAI;IACpE,QAAQ,EAAE,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,MAAM,CAC3D,MAAM,EACN,MAAM,IAAI,EAEV,GAAG,EAEH,GAAG,CACJ,GACG,IAAI,GACJ,KAAK;CACV,CAAC;AAEF,kFAAkF;AAClF,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAGD,YAAY,EAAE,kBAAkB,EAAE,CAAC"}
@@ -1,70 +1,62 @@
1
- import { Context, Effect, Schema } from "effect";
1
+ import { Schema } from "effect";
2
+ import type { ToolPolicyAction, ToolPolicyRow } from "./core-schema";
2
3
  import { PolicyId, ScopeId } from "./ids";
3
- import { PolicyDeniedError } from "./errors";
4
- export declare const PolicyAction: Schema.Literal<["allow", "deny", "require_approval"]>;
5
- export type PolicyAction = typeof PolicyAction.Type;
6
- declare const Policy_base: Schema.Class<Policy, {
7
- id: Schema.brand<typeof Schema.String, "PolicyId">;
8
- scopeId: Schema.brand<typeof Schema.String, "ScopeId">;
9
- name: typeof Schema.String;
10
- action: Schema.Literal<["allow", "deny", "require_approval"]>;
11
- match: Schema.Struct<{
12
- toolPattern: Schema.optional<typeof Schema.String>;
13
- sourceId: Schema.optional<typeof Schema.String>;
14
- }>;
15
- priority: typeof Schema.Number;
16
- createdAt: typeof Schema.DateFromNumber;
17
- }, Schema.Struct.Encoded<{
18
- id: Schema.brand<typeof Schema.String, "PolicyId">;
19
- scopeId: Schema.brand<typeof Schema.String, "ScopeId">;
20
- name: typeof Schema.String;
21
- action: Schema.Literal<["allow", "deny", "require_approval"]>;
22
- match: Schema.Struct<{
23
- toolPattern: Schema.optional<typeof Schema.String>;
24
- sourceId: Schema.optional<typeof Schema.String>;
25
- }>;
26
- priority: typeof Schema.Number;
27
- createdAt: typeof Schema.DateFromNumber;
28
- }>, never, {
29
- readonly action: "allow" | "deny" | "require_approval";
30
- } & {
31
- readonly id: string & import("effect/Brand").Brand<"PolicyId">;
32
- } & {
33
- readonly scopeId: string & import("effect/Brand").Brand<"ScopeId">;
34
- } & {
35
- readonly name: string;
36
- } & {
4
+ export interface ToolPolicy {
5
+ readonly id: PolicyId;
6
+ readonly scopeId: ScopeId;
7
+ readonly pattern: string;
8
+ readonly action: ToolPolicyAction;
9
+ /** Fractional-indexing key. Lower lex order = higher precedence.
10
+ * Use `generateKeyBetween(a, b)` from the `fractional-indexing`
11
+ * package to produce a key that sits between two existing rows. */
12
+ readonly position: string;
37
13
  readonly createdAt: Date;
38
- } & {
39
- readonly priority: number;
40
- } & {
41
- readonly match: {
42
- readonly sourceId?: string | undefined;
43
- readonly toolPattern?: string | undefined;
44
- };
45
- }, {}, {}>;
46
- export declare class Policy extends Policy_base {
14
+ readonly updatedAt: Date;
47
15
  }
48
- declare const PolicyCheckInput_base: Schema.Class<PolicyCheckInput, {
49
- scopeId: Schema.brand<typeof Schema.String, "ScopeId">;
50
- toolId: Schema.brand<typeof Schema.String, "ToolId">;
51
- }, Schema.Struct.Encoded<{
52
- scopeId: Schema.brand<typeof Schema.String, "ScopeId">;
53
- toolId: Schema.brand<typeof Schema.String, "ToolId">;
54
- }>, never, {
55
- readonly toolId: string & import("effect/Brand").Brand<"ToolId">;
56
- } & {
57
- readonly scopeId: string & import("effect/Brand").Brand<"ScopeId">;
58
- }, {}, {}>;
59
- export declare class PolicyCheckInput extends PolicyCheckInput_base {
16
+ export interface CreateToolPolicyInput {
17
+ readonly scope: string;
18
+ readonly pattern: string;
19
+ readonly action: ToolPolicyAction;
20
+ /** Optional explicit position. Defaults to a key above the current
21
+ * minimum (top of the scope's list; highest precedence). */
22
+ readonly position?: string;
60
23
  }
61
- declare const PolicyEngine_base: Context.TagClass<PolicyEngine, "@executor-js/sdk/PolicyEngine", {
62
- readonly list: (scopeId: ScopeId) => Effect.Effect<readonly Policy[]>;
63
- readonly check: (input: PolicyCheckInput) => Effect.Effect<void, PolicyDeniedError>;
64
- readonly add: (policy: Omit<Policy, "id" | "createdAt">) => Effect.Effect<Policy>;
65
- readonly remove: (policyId: PolicyId) => Effect.Effect<boolean>;
66
- }>;
67
- export declare class PolicyEngine extends PolicyEngine_base {
24
+ export interface UpdateToolPolicyInput {
25
+ readonly id: string;
26
+ readonly pattern?: string;
27
+ readonly action?: ToolPolicyAction;
28
+ readonly position?: string;
68
29
  }
69
- export {};
30
+ export interface PolicyMatch {
31
+ readonly action: ToolPolicyAction;
32
+ readonly pattern: string;
33
+ readonly policyId: string;
34
+ }
35
+ export type PolicySource = "user" | "plugin-default";
36
+ export interface EffectivePolicy {
37
+ readonly action: ToolPolicyAction;
38
+ readonly source: PolicySource;
39
+ /** Matched pattern; populated only when `source === "user"`. */
40
+ readonly pattern?: string;
41
+ /** Policy row id; populated only when `source === "user"`. */
42
+ readonly policyId?: string;
43
+ }
44
+ export declare const matchPattern: (pattern: string, toolId: string) => boolean;
45
+ export declare const isValidPattern: (pattern: string) => boolean;
46
+ export declare const comparePolicyRow: (a: {
47
+ position: unknown;
48
+ id: unknown;
49
+ }, b: {
50
+ position: unknown;
51
+ id: unknown;
52
+ }) => number;
53
+ export declare const resolveToolPolicy: (toolId: string, policies: readonly ToolPolicyRow[], scopeRank: (row: {
54
+ scope_id: unknown;
55
+ }) => number) => PolicyMatch | undefined;
56
+ export declare const resolveEffectivePolicy: (toolId: string, policies: readonly ToolPolicyRow[], scopeRank: (row: {
57
+ scope_id: unknown;
58
+ }) => number, defaultRequiresApproval?: boolean) => EffectivePolicy;
59
+ export declare const effectivePolicyFromSorted: (toolId: string, sortedPolicies: readonly Pick<ToolPolicy, "pattern" | "action" | "id">[], defaultRequiresApproval?: boolean) => EffectivePolicy;
60
+ export declare const rowToToolPolicy: (row: ToolPolicyRow) => ToolPolicy;
61
+ export declare const ToolPolicyActionSchema: Schema.Literals<readonly ["approve", "require_approval", "block"]>;
70
62
  //# sourceMappingURL=policies.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"policies.d.ts","sourceRoot":"","sources":["../src/policies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEjD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAU,MAAM,OAAO,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAE7C,eAAO,MAAM,YAAY,uDAAsD,CAAC;AAChF,MAAM,MAAM,YAAY,GAAG,OAAO,YAAY,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEpD,qBAAa,MAAO,SAAQ,WAW1B;CAAG;;;;;;;;;;;;AAEL,qBAAa,gBAAiB,SAAQ,qBAGpC;CAAG;;mBAKc,CAAC,OAAO,EAAE,OAAO,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,MAAM,EAAE,CAAC;oBACrD,CAAC,KAAK,EAAE,gBAAgB,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,iBAAiB,CAAC;kBACrE,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,GAAG,WAAW,CAAC,KAAK,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;qBAChE,CAAC,QAAQ,EAAE,QAAQ,KAAK,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;;AANnE,qBAAa,YAAa,SAAQ,iBAQ/B;CAAG"}
1
+ {"version":3,"file":"policies.d.ts","sourceRoot":"","sources":["../src/policies.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,OAAO,KAAK,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAQ1C,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC;;wEAEoE;IACpE,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC;iEAC6D;IAC7D,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,CAAC,EAAE,gBAAgB,CAAC;IACnC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC5B;AAQD,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAaD,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,gBAAgB,CAAC;AAErD,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,gEAAgE;IAChE,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,8DAA8D;IAC9D,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC5B;AAYD,eAAO,MAAM,YAAY,GAAI,SAAS,MAAM,EAAE,QAAQ,MAAM,KAAG,OAS9D,CAAC;AAOF,eAAO,MAAM,cAAc,GAAI,SAAS,MAAM,KAAG,OAehD,CAAC;AAcF,eAAO,MAAM,gBAAgB,GAC3B,GAAG;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,EAAE,EAAE,OAAO,CAAA;CAAE,EACrC,GAAG;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,EAAE,EAAE,OAAO,CAAA;CAAE,KACpC,MAQF,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAC5B,QAAQ,MAAM,EACd,UAAU,SAAS,aAAa,EAAE,EAClC,WAAW,CAAC,GAAG,EAAE;IAAE,QAAQ,EAAE,OAAO,CAAA;CAAE,KAAK,MAAM,KAChD,WAAW,GAAG,SAkBhB,CAAC;AA8BF,eAAO,MAAM,sBAAsB,GACjC,QAAQ,MAAM,EACd,UAAU,SAAS,aAAa,EAAE,EAClC,WAAW,CAAC,GAAG,EAAE;IAAE,QAAQ,EAAE,OAAO,CAAA;CAAE,KAAK,MAAM,EACjD,0BAA0B,OAAO,KAChC,eAGF,CAAC;AAEF,eAAO,MAAM,yBAAyB,GACpC,QAAQ,MAAM,EACd,gBAAgB,SAAS,IAAI,CAAC,UAAU,EAAE,SAAS,GAAG,QAAQ,GAAG,IAAI,CAAC,EAAE,EACxE,0BAA0B,OAAO,KAChC,eAYF,CAAC;AAMF,eAAO,MAAM,eAAe,GAAI,KAAK,aAAa,KAAG,UAQnD,CAAC;AAOH,eAAO,MAAM,sBAAsB,oEAIjC,CAAC"}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=policies.test.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"policies.test.d.ts","sourceRoot":"","sources":["../src/policies.test.ts"],"names":[],"mappings":""}