@executor-js/sdk 1.5.15 → 1.5.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-EIHWBY6T.js → chunk-4XPVLX62.js} +36 -1
- package/dist/chunk-4XPVLX62.js.map +1 -0
- package/dist/{chunk-QEKKFEJL.js → chunk-5Q35SELN.js} +100 -33
- package/dist/chunk-5Q35SELN.js.map +1 -0
- package/dist/{chunk-SK3PCJHJ.js → chunk-EJKXSREX.js} +10 -1
- package/dist/chunk-EJKXSREX.js.map +1 -0
- package/dist/{chunk-6EED5LAL.js → chunk-PCSRC6WP.js} +1 -1
- package/dist/{chunk-6EED5LAL.js.map → chunk-PCSRC6WP.js.map} +1 -1
- package/dist/core-schema.d.ts +2 -0
- package/dist/core-schema.d.ts.map +1 -1
- package/dist/core-tools.d.ts.map +1 -1
- package/dist/core.js +4 -4
- package/dist/executor.d.ts.map +1 -1
- package/dist/host-internal.js +1 -1
- package/dist/index.js +3 -3
- package/dist/oauth-client.d.ts +5 -0
- package/dist/oauth-client.d.ts.map +1 -1
- package/dist/oauth-helpers.d.ts +1 -0
- package/dist/oauth-helpers.d.ts.map +1 -1
- package/dist/oauth-service.d.ts +4 -0
- package/dist/oauth-service.d.ts.map +1 -1
- package/dist/server-connection.d.ts +7 -0
- package/dist/server-connection.d.ts.map +1 -1
- package/dist/shared.js +2 -2
- package/dist/testing/oauth-test-server.d.ts +1 -0
- package/dist/testing/oauth-test-server.d.ts.map +1 -1
- package/dist/testing.js +13 -5
- package/dist/testing.js.map +1 -1
- package/package.json +1 -1
- package/dist/chunk-EIHWBY6T.js.map +0 -1
- package/dist/chunk-QEKKFEJL.js.map +0 -1
- package/dist/chunk-SK3PCJHJ.js.map +0 -1
|
@@ -54,6 +54,7 @@ var getExecutorServerAuthorizationHeader = (connection) => {
|
|
|
54
54
|
const auth = connection.auth;
|
|
55
55
|
if (!auth) return null;
|
|
56
56
|
if (auth.kind === "bearer") return `Bearer ${auth.token}`;
|
|
57
|
+
if (auth.kind === "oauth") return `Bearer ${auth.accessToken}`;
|
|
57
58
|
const encoded = encodeBasicCredentials(
|
|
58
59
|
`${auth.username ?? DEFAULT_EXECUTOR_SERVER_USERNAME}:${auth.password}`
|
|
59
60
|
);
|
|
@@ -68,6 +69,14 @@ var ExecutorServerAuthJson = Schema.Union([
|
|
|
68
69
|
Schema.Struct({
|
|
69
70
|
kind: Schema.Literal("bearer"),
|
|
70
71
|
token: Schema.String
|
|
72
|
+
}),
|
|
73
|
+
Schema.Struct({
|
|
74
|
+
kind: Schema.Literal("oauth"),
|
|
75
|
+
accessToken: Schema.String,
|
|
76
|
+
refreshToken: Schema.optional(Schema.String),
|
|
77
|
+
expiresAt: Schema.optional(Schema.Number),
|
|
78
|
+
tokenEndpoint: Schema.optional(Schema.String),
|
|
79
|
+
clientId: Schema.optional(Schema.String)
|
|
71
80
|
})
|
|
72
81
|
]);
|
|
73
82
|
var ExecutorServerConnectionJson = Schema.Struct({
|
|
@@ -159,4 +168,4 @@ export {
|
|
|
159
168
|
isOAuthPopupResult,
|
|
160
169
|
InternalError
|
|
161
170
|
};
|
|
162
|
-
//# sourceMappingURL=chunk-
|
|
171
|
+
//# sourceMappingURL=chunk-EJKXSREX.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/server-connection.ts","../src/oauth-popup-types.ts","../src/api-errors.ts"],"sourcesContent":["import { Option, Schema } from \"effect\";\n\nexport const DEFAULT_EXECUTOR_SERVER_ORIGIN = \"http://127.0.0.1:4000\";\nexport const DEFAULT_EXECUTOR_SERVER_USERNAME = \"executor\";\n\nexport type ExecutorServerConnectionKind = \"http\" | \"desktop-sidecar\";\nexport type ExecutorLocalServerKind = \"cli-daemon\" | \"desktop-sidecar\" | \"foreground\";\n\nexport type ExecutorServerAuth =\n | {\n readonly kind: \"basic\";\n readonly username?: string;\n readonly password: string;\n }\n | {\n readonly kind: \"bearer\";\n readonly token: string;\n }\n | {\n // OAuth 2.0 device-flow credential from `executor login` against a hosted\n // server. The access token is sent as a Bearer; `refreshToken` +\n // `expiresAt` (epoch seconds) + `tokenEndpoint` + `clientId` let the CLI\n // refresh it before expiry without a fresh browser login.\n readonly kind: \"oauth\";\n readonly accessToken: string;\n readonly refreshToken?: string;\n readonly expiresAt?: number;\n readonly tokenEndpoint?: string;\n readonly clientId?: string;\n };\n\nexport interface ExecutorServerConnection {\n readonly kind: ExecutorServerConnectionKind;\n readonly key: string;\n readonly origin: string;\n readonly apiBaseUrl: string;\n readonly displayName: string;\n readonly auth?: ExecutorServerAuth;\n}\n\nexport interface ExecutorServerConnectionInput {\n readonly kind?: ExecutorServerConnectionKind;\n readonly key?: string;\n readonly origin?: string;\n readonly apiBaseUrl?: string;\n readonly displayName?: string;\n readonly auth?: ExecutorServerAuth;\n}\n\nexport interface ExecutorLocalServerManifest {\n readonly version: 1;\n readonly kind: ExecutorLocalServerKind;\n readonly pid: number;\n readonly startedAt: string;\n readonly dataDir: string;\n readonly scopeDir: string | null;\n readonly connection: ExecutorServerConnection;\n readonly owner: {\n readonly client: \"cli\" | \"desktop\";\n readonly version: string | null;\n readonly executablePath: string | null;\n };\n}\n\nconst stripTrailingSlash = (value: string): string => value.replace(/\\/+$/, \"\");\n\nconst displayNameFromOrigin = (origin: string): string =>\n origin.replace(/^https?:\\/\\//, \"\").replace(/\\/+$/, \"\");\n\nexport const normalizeExecutorServerOrigin = (raw: string): string => {\n const trimmed = stripTrailingSlash(raw.trim());\n if (!trimmed) return DEFAULT_EXECUTOR_SERVER_ORIGIN;\n\n const parsed = new URL(/^https?:\\/\\//.test(trimmed) ? trimmed : `http://${trimmed}`);\n if (parsed.pathname === \"/api\") {\n parsed.pathname = \"/\";\n }\n parsed.search = \"\";\n parsed.hash = \"\";\n return stripTrailingSlash(parsed.toString());\n};\n\nexport const apiBaseUrlForServerOrigin = (origin: string): string => `${origin}/api`;\n\nexport const originFromApiBaseUrl = (raw: string): string => {\n const parsed = new URL(raw);\n if (parsed.pathname.endsWith(\"/api\")) {\n parsed.pathname = parsed.pathname.slice(0, -\"/api\".length) || \"/\";\n }\n parsed.search = \"\";\n parsed.hash = \"\";\n return normalizeExecutorServerOrigin(parsed.toString());\n};\n\nexport const normalizeExecutorServerConnection = (\n input: ExecutorServerConnectionInput = {},\n): ExecutorServerConnection => {\n const origin = normalizeExecutorServerOrigin(\n input.origin ??\n (input.apiBaseUrl ? originFromApiBaseUrl(input.apiBaseUrl) : DEFAULT_EXECUTOR_SERVER_ORIGIN),\n );\n const apiBaseUrl = stripTrailingSlash(input.apiBaseUrl ?? apiBaseUrlForServerOrigin(origin));\n const kind = input.kind ?? \"http\";\n\n return {\n kind,\n key: input.key ?? `${kind}:${origin}`,\n origin,\n apiBaseUrl,\n displayName: input.displayName ?? displayNameFromOrigin(origin),\n ...(input.auth ? { auth: input.auth } : {}),\n };\n};\n\nconst encodeBasicCredentials = (credentials: string): string | null => {\n if (typeof globalThis.btoa === \"function\") {\n return globalThis.btoa(credentials);\n }\n\n const buffer = (\n globalThis as {\n readonly Buffer?: {\n readonly from: (value: string) => { readonly toString: (encoding: \"base64\") => string };\n };\n }\n ).Buffer;\n if (buffer) {\n return buffer.from(credentials).toString(\"base64\");\n }\n\n return null;\n};\n\nexport const getExecutorServerAuthorizationHeader = (\n connection: ExecutorServerConnection,\n): string | null => {\n const auth = connection.auth;\n if (!auth) return null;\n if (auth.kind === \"bearer\") return `Bearer ${auth.token}`;\n if (auth.kind === \"oauth\") return `Bearer ${auth.accessToken}`;\n const encoded = encodeBasicCredentials(\n `${auth.username ?? DEFAULT_EXECUTOR_SERVER_USERNAME}:${auth.password}`,\n );\n return encoded ? `Basic ${encoded}` : null;\n};\n\nconst ExecutorServerAuthJson = Schema.Union([\n Schema.Struct({\n kind: Schema.Literal(\"basic\"),\n username: Schema.optional(Schema.String),\n password: Schema.String,\n }),\n Schema.Struct({\n kind: Schema.Literal(\"bearer\"),\n token: Schema.String,\n }),\n Schema.Struct({\n kind: Schema.Literal(\"oauth\"),\n accessToken: Schema.String,\n refreshToken: Schema.optional(Schema.String),\n expiresAt: Schema.optional(Schema.Number),\n tokenEndpoint: Schema.optional(Schema.String),\n clientId: Schema.optional(Schema.String),\n }),\n]);\n\nconst ExecutorServerConnectionJson = Schema.Struct({\n kind: Schema.optional(Schema.Literals([\"http\", \"desktop-sidecar\"])),\n key: Schema.optional(Schema.String),\n origin: Schema.String,\n apiBaseUrl: Schema.optional(Schema.String),\n displayName: Schema.optional(Schema.String),\n auth: Schema.optional(ExecutorServerAuthJson),\n});\n\nconst ExecutorLocalServerManifestJson = Schema.Struct({\n version: Schema.Literal(1),\n kind: Schema.Literals([\"cli-daemon\", \"desktop-sidecar\", \"foreground\"]),\n pid: Schema.Number,\n startedAt: Schema.String,\n dataDir: Schema.String,\n scopeDir: Schema.NullOr(Schema.String),\n connection: ExecutorServerConnectionJson,\n owner: Schema.Struct({\n client: Schema.Literals([\"cli\", \"desktop\"]),\n version: Schema.NullOr(Schema.String),\n executablePath: Schema.NullOr(Schema.String),\n }),\n});\n\nconst decodeUnknownJsonOption = Schema.decodeUnknownOption(Schema.UnknownFromJsonString);\nconst decodeExecutorLocalServerManifestJson = Schema.decodeUnknownOption(\n ExecutorLocalServerManifestJson,\n);\n\nconst canNormalizeServerOrigin = (origin: string): boolean => {\n const trimmed = stripTrailingSlash(origin.trim());\n if (!trimmed) return true;\n return URL.canParse(/^https?:\\/\\//.test(trimmed) ? trimmed : `http://${trimmed}`);\n};\n\nexport const parseExecutorLocalServerManifest = (\n raw: string,\n): ExecutorLocalServerManifest | null => {\n const json = decodeUnknownJsonOption(raw);\n if (Option.isNone(json)) return null;\n const decoded = decodeExecutorLocalServerManifestJson(json.value);\n if (Option.isNone(decoded)) return null;\n const parsed = decoded.value;\n if (\n !Number.isInteger(parsed.pid) ||\n parsed.pid <= 0 ||\n !canNormalizeServerOrigin(parsed.connection.origin)\n ) {\n return null;\n }\n\n const connection = normalizeExecutorServerConnection(parsed.connection);\n return {\n version: 1,\n kind: parsed.kind,\n pid: parsed.pid,\n startedAt: parsed.startedAt,\n dataDir: parsed.dataDir,\n scopeDir: parsed.scopeDir,\n connection,\n owner: {\n client: parsed.owner.client,\n version: parsed.owner.version,\n executablePath: parsed.owner.executablePath,\n },\n };\n};\n\nexport const serializeExecutorLocalServerManifest = (\n manifest: ExecutorLocalServerManifest,\n): string => `${JSON.stringify(manifest, null, 2)}\\n`;\n","// ---------------------------------------------------------------------------\n// OAuth popup result — the message shape exchanged between the popup window\n// (opened during authorization) and the opener (the onboarding UI). Both the\n// server-side HTML generator and the client-side popup opener agree on this\n// shape so that success / failure can be communicated reliably via both\n// `postMessage` and `BroadcastChannel`.\n// ---------------------------------------------------------------------------\n\n/** Message type literal used to identify our popup results. */\nexport const OAUTH_POPUP_MESSAGE_TYPE = \"executor:oauth-result\" as const;\n\nexport type OAuthPopupResult<TAuth> =\n | ({\n readonly type: typeof OAUTH_POPUP_MESSAGE_TYPE;\n readonly ok: true;\n readonly sessionId: string;\n } & TAuth)\n | {\n readonly type: typeof OAUTH_POPUP_MESSAGE_TYPE;\n readonly ok: false;\n readonly sessionId: string | null;\n /** Short user-facing summary. */\n readonly error: string;\n /** Full technical detail. Omitted when identical to `error`. */\n readonly errorDetails?: string;\n };\n\nexport const isOAuthPopupResult = <TAuth>(value: unknown): value is OAuthPopupResult<TAuth> =>\n typeof value === \"object\" &&\n value !== null &&\n (value as { type?: unknown }).type === OAUTH_POPUP_MESSAGE_TYPE;\n","// ---------------------------------------------------------------------------\n// Wire-level HTTP errors. Lives in the SDK so plugin `HttpApiGroup`\n// definitions (which sit on the SDK side of the dependency graph and\n// must stay publishable) can declare them without dragging in the\n// server-only `@executor-js/api` package. The HTTP edge in\n// `@executor-js/api` re-exports these and pairs them with the\n// translation/capture helpers used by handlers.\n// ---------------------------------------------------------------------------\n\nimport { Schema } from \"effect\";\n\n/** Public 500 surface. Opaque by schema — only `traceId` crosses the wire. */\nexport class InternalError extends Schema.TaggedErrorClass<InternalError>()(\n \"InternalError\",\n {\n /** Opaque correlation id for backend lookup (Sentry event id, log line, etc.). */\n traceId: Schema.String,\n },\n { httpApiStatus: 500 },\n) {}\n"],"mappings":";AAAA,SAAS,QAAQ,cAAc;AAExB,IAAM,iCAAiC;AACvC,IAAM,mCAAmC;AA6DhD,IAAM,qBAAqB,CAAC,UAA0B,MAAM,QAAQ,QAAQ,EAAE;AAE9E,IAAM,wBAAwB,CAAC,WAC7B,OAAO,QAAQ,gBAAgB,EAAE,EAAE,QAAQ,QAAQ,EAAE;AAEhD,IAAM,gCAAgC,CAAC,QAAwB;AACpE,QAAM,UAAU,mBAAmB,IAAI,KAAK,CAAC;AAC7C,MAAI,CAAC,QAAS,QAAO;AAErB,QAAM,SAAS,IAAI,IAAI,eAAe,KAAK,OAAO,IAAI,UAAU,UAAU,OAAO,EAAE;AACnF,MAAI,OAAO,aAAa,QAAQ;AAC9B,WAAO,WAAW;AAAA,EACpB;AACA,SAAO,SAAS;AAChB,SAAO,OAAO;AACd,SAAO,mBAAmB,OAAO,SAAS,CAAC;AAC7C;AAEO,IAAM,4BAA4B,CAAC,WAA2B,GAAG,MAAM;AAEvE,IAAM,uBAAuB,CAAC,QAAwB;AAC3D,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,MAAI,OAAO,SAAS,SAAS,MAAM,GAAG;AACpC,WAAO,WAAW,OAAO,SAAS,MAAM,GAAG,CAAC,OAAO,MAAM,KAAK;AAAA,EAChE;AACA,SAAO,SAAS;AAChB,SAAO,OAAO;AACd,SAAO,8BAA8B,OAAO,SAAS,CAAC;AACxD;AAEO,IAAM,oCAAoC,CAC/C,QAAuC,CAAC,MACX;AAC7B,QAAM,SAAS;AAAA,IACb,MAAM,WACH,MAAM,aAAa,qBAAqB,MAAM,UAAU,IAAI;AAAA,EACjE;AACA,QAAM,aAAa,mBAAmB,MAAM,cAAc,0BAA0B,MAAM,CAAC;AAC3F,QAAM,OAAO,MAAM,QAAQ;AAE3B,SAAO;AAAA,IACL;AAAA,IACA,KAAK,MAAM,OAAO,GAAG,IAAI,IAAI,MAAM;AAAA,IACnC;AAAA,IACA;AAAA,IACA,aAAa,MAAM,eAAe,sBAAsB,MAAM;AAAA,IAC9D,GAAI,MAAM,OAAO,EAAE,MAAM,MAAM,KAAK,IAAI,CAAC;AAAA,EAC3C;AACF;AAEA,IAAM,yBAAyB,CAAC,gBAAuC;AACrE,MAAI,OAAO,WAAW,SAAS,YAAY;AACzC,WAAO,WAAW,KAAK,WAAW;AAAA,EACpC;AAEA,QAAM,SACJ,WAKA;AACF,MAAI,QAAQ;AACV,WAAO,OAAO,KAAK,WAAW,EAAE,SAAS,QAAQ;AAAA,EACnD;AAEA,SAAO;AACT;AAEO,IAAM,uCAAuC,CAClD,eACkB;AAClB,QAAM,OAAO,WAAW;AACxB,MAAI,CAAC,KAAM,QAAO;AAClB,MAAI,KAAK,SAAS,SAAU,QAAO,UAAU,KAAK,KAAK;AACvD,MAAI,KAAK,SAAS,QAAS,QAAO,UAAU,KAAK,WAAW;AAC5D,QAAM,UAAU;AAAA,IACd,GAAG,KAAK,YAAY,gCAAgC,IAAI,KAAK,QAAQ;AAAA,EACvE;AACA,SAAO,UAAU,SAAS,OAAO,KAAK;AACxC;AAEA,IAAM,yBAAyB,OAAO,MAAM;AAAA,EAC1C,OAAO,OAAO;AAAA,IACZ,MAAM,OAAO,QAAQ,OAAO;AAAA,IAC5B,UAAU,OAAO,SAAS,OAAO,MAAM;AAAA,IACvC,UAAU,OAAO;AAAA,EACnB,CAAC;AAAA,EACD,OAAO,OAAO;AAAA,IACZ,MAAM,OAAO,QAAQ,QAAQ;AAAA,IAC7B,OAAO,OAAO;AAAA,EAChB,CAAC;AAAA,EACD,OAAO,OAAO;AAAA,IACZ,MAAM,OAAO,QAAQ,OAAO;AAAA,IAC5B,aAAa,OAAO;AAAA,IACpB,cAAc,OAAO,SAAS,OAAO,MAAM;AAAA,IAC3C,WAAW,OAAO,SAAS,OAAO,MAAM;AAAA,IACxC,eAAe,OAAO,SAAS,OAAO,MAAM;AAAA,IAC5C,UAAU,OAAO,SAAS,OAAO,MAAM;AAAA,EACzC,CAAC;AACH,CAAC;AAED,IAAM,+BAA+B,OAAO,OAAO;AAAA,EACjD,MAAM,OAAO,SAAS,OAAO,SAAS,CAAC,QAAQ,iBAAiB,CAAC,CAAC;AAAA,EAClE,KAAK,OAAO,SAAS,OAAO,MAAM;AAAA,EAClC,QAAQ,OAAO;AAAA,EACf,YAAY,OAAO,SAAS,OAAO,MAAM;AAAA,EACzC,aAAa,OAAO,SAAS,OAAO,MAAM;AAAA,EAC1C,MAAM,OAAO,SAAS,sBAAsB;AAC9C,CAAC;AAED,IAAM,kCAAkC,OAAO,OAAO;AAAA,EACpD,SAAS,OAAO,QAAQ,CAAC;AAAA,EACzB,MAAM,OAAO,SAAS,CAAC,cAAc,mBAAmB,YAAY,CAAC;AAAA,EACrE,KAAK,OAAO;AAAA,EACZ,WAAW,OAAO;AAAA,EAClB,SAAS,OAAO;AAAA,EAChB,UAAU,OAAO,OAAO,OAAO,MAAM;AAAA,EACrC,YAAY;AAAA,EACZ,OAAO,OAAO,OAAO;AAAA,IACnB,QAAQ,OAAO,SAAS,CAAC,OAAO,SAAS,CAAC;AAAA,IAC1C,SAAS,OAAO,OAAO,OAAO,MAAM;AAAA,IACpC,gBAAgB,OAAO,OAAO,OAAO,MAAM;AAAA,EAC7C,CAAC;AACH,CAAC;AAED,IAAM,0BAA0B,OAAO,oBAAoB,OAAO,qBAAqB;AACvF,IAAM,wCAAwC,OAAO;AAAA,EACnD;AACF;AAEA,IAAM,2BAA2B,CAAC,WAA4B;AAC5D,QAAM,UAAU,mBAAmB,OAAO,KAAK,CAAC;AAChD,MAAI,CAAC,QAAS,QAAO;AACrB,SAAO,IAAI,SAAS,eAAe,KAAK,OAAO,IAAI,UAAU,UAAU,OAAO,EAAE;AAClF;AAEO,IAAM,mCAAmC,CAC9C,QACuC;AACvC,QAAM,OAAO,wBAAwB,GAAG;AACxC,MAAI,OAAO,OAAO,IAAI,EAAG,QAAO;AAChC,QAAM,UAAU,sCAAsC,KAAK,KAAK;AAChE,MAAI,OAAO,OAAO,OAAO,EAAG,QAAO;AACnC,QAAM,SAAS,QAAQ;AACvB,MACE,CAAC,OAAO,UAAU,OAAO,GAAG,KAC5B,OAAO,OAAO,KACd,CAAC,yBAAyB,OAAO,WAAW,MAAM,GAClD;AACA,WAAO;AAAA,EACT;AAEA,QAAM,aAAa,kCAAkC,OAAO,UAAU;AACtE,SAAO;AAAA,IACL,SAAS;AAAA,IACT,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA,IACZ,WAAW,OAAO;AAAA,IAClB,SAAS,OAAO;AAAA,IAChB,UAAU,OAAO;AAAA,IACjB;AAAA,IACA,OAAO;AAAA,MACL,QAAQ,OAAO,MAAM;AAAA,MACrB,SAAS,OAAO,MAAM;AAAA,MACtB,gBAAgB,OAAO,MAAM;AAAA,IAC/B;AAAA,EACF;AACF;AAEO,IAAM,uCAAuC,CAClD,aACW,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC,CAAC;AAAA;;;ACnO1C,IAAM,2BAA2B;AAkBjC,IAAM,qBAAqB,CAAQ,UACxC,OAAO,UAAU,YACjB,UAAU,QACT,MAA6B,SAAS;;;ACrBzC,SAAS,UAAAA,eAAc;AAGhB,IAAM,gBAAN,cAA4BA,QAAO,iBAAgC;AAAA,EACxE;AAAA,EACA;AAAA;AAAA,IAEE,SAASA,QAAO;AAAA,EAClB;AAAA,EACA,EAAE,eAAe,IAAI;AACvB,EAAE;AAAC;","names":["Schema"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/policies.ts","../src/elicitation.ts","../src/errors.ts","../src/oauth-client.ts","../src/types.ts"],"sourcesContent":["// ---------------------------------------------------------------------------\n// Tool policies — pattern matcher + policy resolution. Pure functions; the\n// executor stitches them into `tools.list`, `execute`, and the public\n// `executor.policies` CRUD surface. Plugins consume the same surface.\n//\n// v2: policies are owner-scoped (org | user) instead of scope-stacked. Each\n// owner contributes its first matching rule by local position; the final answer\n// is the most restrictive matched action across owners, so a user preference\n// cannot weaken an org guardrail (org = outer, user = inner).\n// ---------------------------------------------------------------------------\n\nimport { Match, Schema } from \"effect\";\n\nimport type { ToolPolicyAction, ToolPolicyRow } from \"./core-schema\";\nimport { Owner, PolicyId } from \"./ids\";\n\nexport interface ToolPolicy {\n readonly id: PolicyId;\n readonly owner: Owner;\n readonly pattern: string;\n readonly action: ToolPolicyAction;\n /** Fractional-indexing key. Lower lex order = higher precedence. */\n readonly position: string;\n readonly createdAt: Date;\n readonly updatedAt: Date;\n}\n\nexport interface CreateToolPolicyInput {\n readonly owner: Owner;\n readonly pattern: string;\n /** Optional explicit position. Defaults to a key above the current minimum\n * (top of the owner's list; highest precedence). */\n readonly action: ToolPolicyAction;\n readonly position?: string;\n}\n\nexport interface UpdateToolPolicyInput {\n readonly id: string;\n readonly owner: Owner;\n readonly pattern?: string;\n readonly action?: ToolPolicyAction;\n readonly position?: string;\n}\n\nexport interface RemoveToolPolicyInput {\n readonly id: string;\n readonly owner: Owner;\n}\n\n// ---------------------------------------------------------------------------\n// Match result.\n// ---------------------------------------------------------------------------\n\nexport interface PolicyMatch {\n readonly action: ToolPolicyAction;\n readonly pattern: string;\n readonly policyId: string;\n}\n\nexport type PolicySource = \"user\" | \"plugin-default\";\n\nexport interface EffectivePolicy {\n readonly action: ToolPolicyAction;\n readonly source: PolicySource;\n readonly pattern?: string;\n readonly policyId?: string;\n}\n\n// ---------------------------------------------------------------------------\n// Pattern matching. Grammar (matched against the full tool address\n// `<integration>.<owner>.<connection>.<tool>` or a shorter form the executor\n// passes in):\n// - universal: `*`\n// - exact: `vercel.dns.create`\n// - subtree (trailing `*`): `vercel.dns.*` — the literal prefix plus anything deeper\n// - plugin-wide: `vercel.*`\n// - mid-segment `*`: `vercel.*.*.dns.create` — each NON-trailing `*` matches\n// EXACTLY ONE segment (e.g. wildcard the owner/connection\n// segments to target a tool across every connection).\n// A `*` is always a complete segment: mid-pattern it consumes one segment,\n// trailing it is a subtree. Partial wildcards (`me*`) and a leading `*` (other\n// than the universal `*`) are rejected by `isValidPattern`.\n// ---------------------------------------------------------------------------\n\nexport const matchPattern = (pattern: string, toolId: string): boolean => {\n if (pattern === \"*\") return true;\n const patternSegments = pattern.split(\".\");\n const toolSegments = toolId.split(\".\");\n for (let i = 0; i < patternSegments.length; i++) {\n const seg = patternSegments[i]!;\n if (seg === \"*\") {\n // Trailing `*` is a subtree: the literal prefix already matched, so the\n // address matches at this position and anything deeper (or nothing).\n if (i === patternSegments.length - 1) return toolSegments.length >= i;\n // A non-trailing `*` consumes EXACTLY ONE segment; one must exist here.\n if (i >= toolSegments.length) return false;\n continue;\n }\n if (i >= toolSegments.length || toolSegments[i] !== seg) return false;\n }\n // Pattern exhausted with no trailing `*`: an exact match requires equal length.\n return patternSegments.length === toolSegments.length;\n};\n\nexport const isValidPattern = (pattern: string): boolean => {\n if (pattern.length === 0) return false;\n if (pattern === \"*\") return true;\n if (pattern.startsWith(\".\") || pattern.endsWith(\".\")) return false;\n if (pattern.includes(\"..\")) return false;\n if (pattern.startsWith(\"*\")) return false;\n const segments = pattern.split(\".\");\n for (let i = 0; i < segments.length; i++) {\n const seg = segments[i]!;\n if (seg.length === 0) return false;\n // A `*` segment must be the WHOLE segment — no partial wildcards (`me*`).\n // A `*` is valid mid-pattern (one segment) or trailing (subtree).\n if (seg.includes(\"*\") && seg !== \"*\") return false;\n }\n return true;\n};\n\n// ---------------------------------------------------------------------------\n// Resolution — each owner contributes its first matching rule by local\n// position; the most restrictive matched action across owners wins. Caller\n// passes an `ownerRank` so the resolver doesn't need to know which owner is\n// the outer guardrail.\n// ---------------------------------------------------------------------------\n\nexport const comparePolicyRow = (\n a: Pick<ToolPolicyRow, \"position\" | \"id\">,\n b: Pick<ToolPolicyRow, \"position\" | \"id\">,\n): number => {\n const pa = a.position;\n const pb = b.position;\n if (pa < pb) return -1;\n if (pa > pb) return 1;\n const ia = a.id;\n const ib = b.id;\n return ia < ib ? -1 : ia > ib ? 1 : 0;\n};\n\nconst actionRestrictionRank = (action: ToolPolicyAction): number =>\n Match.value(action).pipe(\n Match.when(\"block\", () => 3),\n Match.when(\"require_approval\", () => 2),\n Match.when(\"approve\", () => 1),\n Match.exhaustive,\n );\n\nconst moreRestrictive = <T extends { readonly action: ToolPolicyAction }>(\n current: T | undefined,\n candidate: T,\n): T => {\n if (!current) return candidate;\n const currentRank = actionRestrictionRank(current.action);\n const candidateRank = actionRestrictionRank(candidate.action);\n return candidateRank > currentRank ? candidate : current;\n};\n\nexport const resolveToolPolicy = (\n toolId: string,\n policies: readonly ToolPolicyRow[],\n ownerRank: (row: Pick<ToolPolicyRow, \"owner\">) => number,\n): PolicyMatch | undefined => {\n if (policies.length === 0) return undefined;\n const sorted = [...policies].sort((a, b) => {\n const sa = ownerRank(a);\n const sb = ownerRank(b);\n if (sa !== sb) return sa - sb;\n return comparePolicyRow(a, b);\n });\n const firstMatchByOwner = new Map<string, PolicyMatch>();\n for (const row of sorted) {\n if (firstMatchByOwner.has(row.owner)) continue;\n if (matchPattern(row.pattern, toolId)) {\n firstMatchByOwner.set(row.owner, {\n action: row.action as ToolPolicyAction,\n pattern: row.pattern,\n policyId: row.id,\n });\n }\n }\n let selected: PolicyMatch | undefined;\n for (const match of firstMatchByOwner.values()) {\n selected = moreRestrictive(selected, match);\n }\n return selected;\n};\n\n// ---------------------------------------------------------------------------\n// Layered resolution — user-authored rules + plugin default `requiresApproval`.\n// ---------------------------------------------------------------------------\n\nconst liftPlugin = (defaultRequiresApproval: boolean | undefined): EffectivePolicy =>\n defaultRequiresApproval\n ? { action: \"require_approval\", source: \"plugin-default\" }\n : { action: \"approve\", source: \"plugin-default\" };\n\nconst liftUser = (match: PolicyMatch): EffectivePolicy => ({\n action: match.action,\n source: \"user\",\n pattern: match.pattern,\n policyId: match.policyId,\n});\n\nexport const resolveEffectivePolicy = (\n toolId: string,\n policies: readonly ToolPolicyRow[],\n ownerRank: (row: Pick<ToolPolicyRow, \"owner\">) => number,\n defaultRequiresApproval?: boolean,\n): EffectivePolicy => {\n const match = resolveToolPolicy(toolId, policies, ownerRank);\n return match ? liftUser(match) : liftPlugin(defaultRequiresApproval);\n};\n\nexport const effectivePolicyFromSorted = (\n toolId: string,\n sortedPolicies: readonly (Pick<ToolPolicy, \"pattern\" | \"action\" | \"id\"> &\n Partial<Pick<ToolPolicy, \"owner\">>)[],\n defaultRequiresApproval?: boolean,\n): EffectivePolicy => {\n const firstMatchByOwner = new Map<string, EffectivePolicy>();\n for (const p of sortedPolicies) {\n const ownerKey = \"owner\" in p && p.owner ? String(p.owner) : \"__flat__\";\n if (firstMatchByOwner.has(ownerKey)) continue;\n if (matchPattern(p.pattern, toolId)) {\n firstMatchByOwner.set(ownerKey, {\n action: p.action,\n source: \"user\",\n pattern: p.pattern,\n policyId: p.id,\n });\n }\n }\n let selected: EffectivePolicy | undefined;\n for (const match of firstMatchByOwner.values()) {\n selected = moreRestrictive(selected, match);\n }\n return selected ?? liftPlugin(defaultRequiresApproval);\n};\n\n// ---------------------------------------------------------------------------\n// Row → public projection.\n// ---------------------------------------------------------------------------\n\nexport const rowToToolPolicy = (row: ToolPolicyRow): ToolPolicy => ({\n id: PolicyId.make(row.id),\n owner: row.owner as Owner,\n pattern: row.pattern,\n action: row.action as ToolPolicyAction,\n position: row.position,\n createdAt: row.created_at,\n updatedAt: row.updated_at,\n});\n\nexport const ToolPolicyActionSchema = Schema.Literals([\"approve\", \"require_approval\", \"block\"]);\n","import { Effect, Schema } from \"effect\";\n\nimport { ElicitationId, ToolAddress } from \"./ids\";\n\n/* A tool that needs user input mid-call suspends and the host's `onElicitation`\n * handler (executor-level, overridable per `execute`) answers. Tools that never\n * elicit never trigger it. Schema-tagged so requests/responses cross the wire. */\n\n/** Tool needs structured input from the user (render a form). */\nexport const FormElicitation = Schema.TaggedStruct(\"FormElicitation\", {\n message: Schema.String,\n /** JSON Schema describing the fields to collect. */\n requestedSchema: Schema.Record(Schema.String, Schema.Unknown),\n});\nexport type FormElicitation = typeof FormElicitation.Type;\n\n/** Tool needs the user to visit a URL (OAuth, approval page, etc.). */\nexport const UrlElicitation = Schema.TaggedStruct(\"UrlElicitation\", {\n message: Schema.String,\n url: Schema.String,\n /** Unique id so the host can correlate the callback. */\n elicitationId: ElicitationId,\n});\nexport type UrlElicitation = typeof UrlElicitation.Type;\n\nexport type ElicitationRequest = FormElicitation | UrlElicitation;\n\nexport const ElicitationAction = Schema.Literals([\"accept\", \"decline\", \"cancel\"]);\nexport type ElicitationAction = typeof ElicitationAction.Type;\n\nexport const ElicitationResponse = Schema.Struct({\n action: ElicitationAction,\n /** Present when `action` is \"accept\" — the data the user provided. */\n content: Schema.optional(Schema.Record(Schema.String, Schema.Unknown)),\n});\nexport type ElicitationResponse = typeof ElicitationResponse.Type;\n\n/** Handler input — the tool address being invoked, its args, and the request. */\nexport interface ElicitationContext {\n readonly address: ToolAddress;\n readonly args: unknown;\n readonly request: ElicitationRequest;\n}\n\n/** Host-provided handler the SDK calls when a tool suspends for input. */\nexport type ElicitationHandler = (ctx: ElicitationContext) => Effect.Effect<ElicitationResponse>;\n\n/** Executor-level elicitation policy: a handler, or `\"accept-all\"` to\n * auto-accept every request (tests / non-interactive hosts). */\nexport type OnElicitation = ElicitationHandler | \"accept-all\";\n\n/** Per-call options for `execute`. */\nexport interface InvokeOptions {\n /** Override the executor-level handler for this single call. */\n readonly onElicitation?: OnElicitation;\n}\n\n/** A tool was declined or cancelled during elicitation. */\nexport class ElicitationDeclinedError extends Schema.TaggedErrorClass<ElicitationDeclinedError>()(\n \"ElicitationDeclinedError\",\n {\n address: ToolAddress,\n action: Schema.Literals([\"decline\", \"cancel\"]),\n },\n) {\n // Derived message so telemetry (span status, logs) labels the failure\n // instead of rendering an Error with an empty message.\n override get message(): string {\n return `Tool approval ${this.action === \"cancel\" ? \"cancelled\" : \"declined\"}: ${this.address}`;\n }\n}\n","import { Schema } from \"effect\";\n\nimport { ElicitationDeclinedError } from \"./elicitation\";\nimport type { StorageFailure } from \"./fuma-runtime\";\nimport { ConnectionName, IntegrationSlug, Owner, ProviderKey, ToolAddress } from \"./ids\";\n\n/* The failure set the SDK surfaces. `execute`'s invoke failures are ported from\n * v1 but re-keyed by `address` (the full `tools.<integration>.<owner>.<connection>.<tool>`\n * handle) instead of an opaque tool id. Storage failures reuse fuma-runtime's\n * `StorageError`/`UniqueViolationError` (`StorageFailure`) — not redefined here. */\n\n// ---------------------------------------------------------------------------\n// Tool lifecycle\n// ---------------------------------------------------------------------------\n\n/* Tagged errors without an explicit `message` field define a `message` getter:\n * `Schema.TaggedErrorClass` instances are real Errors with `message: \"\"`, and\n * an empty message propagates everywhere errors are rendered — span\n * status.message in the tracer, Cause.pretty output, log lines — leaving the\n * failure unlabeled in telemetry. The getter is derived from the schema fields\n * (not an own property), so encoding/serialization is unaffected. */\n\nexport class ToolNotFoundError extends Schema.TaggedErrorClass<ToolNotFoundError>()(\n \"ToolNotFoundError\",\n {\n address: ToolAddress,\n suggestions: Schema.optional(Schema.Array(ToolAddress)),\n },\n) {\n override get message(): string {\n return `Tool not found: ${this.address}`;\n }\n}\n\nexport class ToolInvocationError extends Schema.TaggedErrorClass<ToolInvocationError>()(\n \"ToolInvocationError\",\n {\n address: ToolAddress,\n message: Schema.String,\n cause: Schema.optional(Schema.Unknown),\n },\n) {}\n\n/** Tool invocation was rejected because a workspace `tool_policy` rule with\n * `action: \"block\"` matched. `pattern` is the matched policy pattern. */\nexport class ToolBlockedError extends Schema.TaggedErrorClass<ToolBlockedError>()(\n \"ToolBlockedError\",\n {\n address: ToolAddress,\n pattern: Schema.String,\n },\n) {\n override get message(): string {\n return `Tool blocked by policy \"${this.pattern}\": ${this.address}`;\n }\n}\n\n/** Tool row exists but its owning plugin isn't loaded in this executor config. */\nexport class PluginNotLoadedError extends Schema.TaggedErrorClass<PluginNotLoadedError>()(\n \"PluginNotLoadedError\",\n {\n address: ToolAddress,\n pluginId: Schema.String,\n },\n) {\n override get message(): string {\n return `Plugin \"${this.pluginId}\" is not loaded for tool: ${this.address}`;\n }\n}\n\n/** Tool was found but its owning plugin has no `invokeTool` handler. */\nexport class NoHandlerError extends Schema.TaggedErrorClass<NoHandlerError>()(\"NoHandlerError\", {\n address: ToolAddress,\n pluginId: Schema.String,\n}) {\n override get message(): string {\n return `Plugin \"${this.pluginId}\" has no invokeTool handler for tool: ${this.address}`;\n }\n}\n\n// ---------------------------------------------------------------------------\n// Integration / connection lifecycle\n// ---------------------------------------------------------------------------\n\nexport class IntegrationNotFoundError extends Schema.TaggedErrorClass<IntegrationNotFoundError>()(\n \"IntegrationNotFoundError\",\n { slug: IntegrationSlug },\n) {\n override get message(): string {\n return `Integration not found: ${this.slug}`;\n }\n}\n\n/** An \"add integration\" operation targeted a slug (namespace) that is already\n * registered. The core `integrations.register` primitive upserts by design\n * (for idempotent boot re-registration); add-operation layers gate on this to\n * prevent silently clobbering an existing integration's tools, connections,\n * and policies. */\nexport class IntegrationAlreadyExistsError extends Schema.TaggedErrorClass<IntegrationAlreadyExistsError>()(\n \"IntegrationAlreadyExistsError\",\n { slug: IntegrationSlug },\n { httpApiStatus: 409 },\n) {\n override get message(): string {\n return `Integration already exists: ${this.slug}`;\n }\n}\n\n/** `integrations.remove` was called on an integration declared statically by a\n * plugin at startup (`canRemove: false`). */\nexport class IntegrationRemovalNotAllowedError extends Schema.TaggedErrorClass<IntegrationRemovalNotAllowedError>()(\n \"IntegrationRemovalNotAllowedError\",\n { slug: IntegrationSlug },\n) {\n override get message(): string {\n return `Integration cannot be removed (declared statically by a plugin): ${this.slug}`;\n }\n}\n\nexport class ConnectionNotFoundError extends Schema.TaggedErrorClass<ConnectionNotFoundError>()(\n \"ConnectionNotFoundError\",\n {\n owner: Owner,\n integration: IntegrationSlug,\n name: ConnectionName,\n },\n) {\n override get message(): string {\n return `Connection not found: ${this.integration}.${this.owner}.${this.name}`;\n }\n}\n\n/** A connection create request was rejected before anything was written: the\n * input is structurally invalid (no credential inputs for a credentialed\n * template, mixed pasted/external origins, …) or targets owner `user` in a\n * context that has no user subject. The message says which — it is safe to\n * show to the caller. */\nexport class InvalidConnectionInputError extends Schema.TaggedErrorClass<InvalidConnectionInputError>()(\n \"InvalidConnectionInputError\",\n { message: Schema.String },\n) {}\n\n/** A connection references a credential provider key that isn't registered on\n * the executor. */\nexport class CredentialProviderNotRegisteredError extends Schema.TaggedErrorClass<CredentialProviderNotRegisteredError>()(\n \"CredentialProviderNotRegisteredError\",\n { provider: ProviderKey },\n) {\n override get message(): string {\n return `Credential provider not registered: ${this.provider}`;\n }\n}\n\n/** A connection's value could not be resolved — the provider returned nothing,\n * or an OAuth token refresh failed and the user must re-auth. */\nexport class CredentialResolutionError extends Schema.TaggedErrorClass<CredentialResolutionError>()(\n \"CredentialResolutionError\",\n {\n owner: Owner,\n integration: IntegrationSlug,\n name: ConnectionName,\n message: Schema.String,\n /** True when the stored grant is permanently invalid and the user must\n * sign in again (RFC 6749 §5.2 invalid_grant and friends). */\n reauthRequired: Schema.optional(Schema.Boolean),\n },\n) {}\n\n// ---------------------------------------------------------------------------\n// Union — the failure channel of `execute`.\n// ---------------------------------------------------------------------------\n\nexport type ExecuteError =\n | ToolNotFoundError\n | ToolInvocationError\n | ToolBlockedError\n | PluginNotLoadedError\n | NoHandlerError\n | ConnectionNotFoundError\n | CredentialProviderNotRegisteredError\n | CredentialResolutionError\n | ElicitationDeclinedError\n | StorageFailure;\n\n/** Convenience union spanning every typed error the SDK raises. */\nexport type ExecutorError =\n | ExecuteError\n | IntegrationNotFoundError\n | IntegrationRemovalNotAllowedError;\n","import type { Effect } from \"effect\";\nimport { Schema } from \"effect\";\n\nimport type { Connection } from \"./connection\";\nimport type { StorageFailure } from \"./fuma-runtime\";\nimport {\n type AuthTemplateSlug,\n type ConnectionName,\n type IntegrationSlug,\n OAuthClientSlug,\n OAuthState,\n type Owner,\n} from \"./ids\";\n\n/* The v2 OAuth surface contracts. OAuth is a credential mechanism, not an\n * integration type. A client is a registered app; running its flow mints a\n * Connection. The client is self-contained (carries its own endpoints) and\n * integration-independent, so the same app can back connections on whatever\n * integrations share that provider.\n *\n * The OAuth 2.1 *implementation* (PKCE, DCR, token exchange + refresh) lives in\n * `oauth-helpers` / `oauth-discovery` / `oauth-service`; these are the public\n * input/output shapes the executor's `oauth.*` namespace speaks. */\n\nexport type OAuthGrant = \"authorization_code\" | \"client_credentials\";\n\n/** Provider OAuth config an integration declares as one of its auth templates —\n * what to request. (The flow itself runs off the self-contained OAuthClient.)\n * Keyed `kind: \"oauth2\"` like every auth method across the plugins. */\nexport interface OAuthAuthentication {\n readonly slug: AuthTemplateSlug;\n readonly kind: \"oauth2\";\n readonly authorizationUrl: string;\n readonly tokenUrl: string;\n readonly scopes: readonly string[];\n}\n\n/** A registered OAuth app — pure app identity: clientId/secret + its endpoints.\n * Owner-scoped: a shared org app or a user's own BYO app. The app does NOT carry\n * scopes — what to request is the INTEGRATION's concern (`OAuthAuthentication.\n * scopes`, surfaced via the declared auth method), so the same app can back any\n * integration without pinning a scope set. */\nexport interface OAuthClient {\n readonly owner: Owner;\n readonly slug: OAuthClientSlug;\n readonly authorizationUrl: string;\n readonly tokenUrl: string;\n readonly grant: OAuthGrant;\n readonly clientId: string;\n /** The literal client secret. Stored out-of-band in the credential provider\n * (vault item id), never inline. Empty string for public / PKCE clients. */\n readonly clientSecret: string;\n /** RFC 8707 Resource Indicator (MCP). Carried so the refresh request can keep\n * the re-minted token bound to the same resource. Null/omitted otherwise. */\n readonly resource?: string | null;\n}\n\nexport type OAuthClientOrigin =\n | { readonly kind: \"manual\" }\n | {\n readonly kind: \"dynamic_client_registration\";\n readonly integration?: IntegrationSlug | null;\n };\n\nexport type CreateOAuthClientInput = OAuthClient & {\n readonly origin?: OAuthClientOrigin;\n};\n\n/** Metadata-only projection of a registered client for listing in the UI.\n * Deliberately omits `clientSecret` — the secret is never returned over the\n * read surface. `clientId` is included (it is not a secret; it is sent in the\n * authorize URL the user's browser visits). */\nexport interface OAuthClientSummary {\n readonly owner: Owner;\n readonly slug: OAuthClientSlug;\n readonly grant: OAuthGrant;\n readonly authorizationUrl: string;\n readonly tokenUrl: string;\n readonly resource?: string | null;\n readonly clientId: string;\n readonly origin: OAuthClientOrigin;\n}\n\n/** Flow-aware result of `oauth.start` — the status says what's next. */\nexport type ConnectResult =\n | { readonly status: \"connected\"; readonly connection: Connection }\n | {\n readonly status: \"redirect\";\n readonly authorizationUrl: string;\n readonly state: OAuthState;\n };\n\n/** Start a flow through a client to mint a connection for one integration.\n * `template` is the integration's oauth template the minted token is applied\n * through. */\nexport interface OAuthStartInput {\n readonly client: OAuthClientSlug;\n /** The owner that owns `client`. Supplied explicitly (the picker knows it), so\n * a Personal connection can be minted through a shared Workspace app without\n * any owner-derivation rule. A Workspace connection must use a Workspace app. */\n readonly clientOwner: Owner;\n /** The owner the minted CONNECTION is saved under (may differ from `clientOwner`). */\n readonly owner: Owner;\n readonly name: ConnectionName;\n readonly integration: IntegrationSlug;\n readonly template: AuthTemplateSlug;\n readonly identityLabel?: string | null;\n /** Browser-facing callback URL for this flow. Defaults to the executor's configured redirectUri. */\n readonly redirectUri?: string | null;\n}\n\nexport interface OAuthCompleteInput {\n readonly state: OAuthState;\n readonly code: string;\n}\n\n/** Probe a base/issuer URL for OAuth 2.1 authorization-server metadata so the\n * onboarding UI can pre-fill a client's endpoints. */\nexport interface OAuthProbeInput {\n readonly url: string;\n}\n\nexport interface OAuthProbeResult {\n readonly authorizationUrl: string;\n readonly tokenUrl: string;\n /** RFC 8707 resource indicator discovered from protected-resource metadata.\n * Persist this on DCR clients so authorize/token/refresh requests stay bound\n * to the protected resource. */\n readonly resource?: string | null;\n readonly scopesSupported?: readonly string[];\n /** Whether the server advertises dynamic client registration (RFC 7591). */\n readonly registrationEndpoint?: string | null;\n /** RFC 8414 `token_endpoint_auth_methods_supported`. Surfaced so DCR can pick\n * a public (\"none\") client when the server allows it. */\n readonly tokenEndpointAuthMethodsSupported?: readonly string[];\n}\n\n/** Mint an OAuth client via RFC 7591 Dynamic Client Registration and persist it.\n * The user pastes NO client id/secret — the authorization server mints a\n * (public, PKCE) client which is stored as an owner-scoped `oauth_client`. */\nexport interface RegisterDynamicClientInput {\n readonly owner: Owner;\n readonly slug: OAuthClientSlug;\n /** RFC 7591 registration endpoint advertised by the authorization server. */\n readonly registrationEndpoint: string;\n readonly authorizationUrl: string;\n readonly tokenUrl: string;\n /** RFC 8707 Resource Indicator (MCP). Persisted on the minted client when known. */\n readonly resource?: string | null;\n readonly scopes: readonly string[];\n /** Auth methods the server advertises. When it allows `none` a public\n * (PKCE-only, no secret) client is registered; otherwise `client_secret_post`. */\n readonly tokenEndpointAuthMethodsSupported?: readonly string[];\n /** Human label for the registered app (RFC 7591 `client_name`). */\n readonly clientName?: string;\n /** Browser-facing callback URL to register. Defaults to the executor's configured redirectUri. */\n readonly redirectUri?: string | null;\n /** Integration that requested this dynamic client, when known. */\n readonly originIntegration?: IntegrationSlug | null;\n}\n\nexport class OAuthStartError extends Schema.TaggedErrorClass<OAuthStartError>()(\"OAuthStartError\", {\n message: Schema.String,\n}) {}\n\nexport class OAuthCompleteError extends Schema.TaggedErrorClass<OAuthCompleteError>()(\n \"OAuthCompleteError\",\n {\n message: Schema.String,\n /** True when the auth-code exchange failed in a way the user must restart. */\n restartRequired: Schema.optional(Schema.Boolean),\n },\n) {}\n\nexport class OAuthProbeError extends Schema.TaggedErrorClass<OAuthProbeError>()(\"OAuthProbeError\", {\n message: Schema.String,\n}) {}\n\nexport class OAuthRegisterDynamicError extends Schema.TaggedErrorClass<OAuthRegisterDynamicError>()(\n \"OAuthRegisterDynamicError\",\n { message: Schema.String },\n) {}\n\nexport class OAuthSessionNotFoundError extends Schema.TaggedErrorClass<OAuthSessionNotFoundError>()(\n \"OAuthSessionNotFoundError\",\n { state: OAuthState },\n) {}\n\n/** The OAuth surface the executor's `oauth.*` namespace and `ctx.oauth` expose.\n * Implemented by `makeOAuthService` (oauth-service.ts), wired by the executor\n * with the deps it needs to mint connections. */\nexport interface OAuthService {\n readonly createClient: (\n input: CreateOAuthClientInput,\n ) => Effect.Effect<OAuthClientSlug, StorageFailure>;\n /** Mint a client via RFC 7591 Dynamic Client Registration (no pre-shared\n * client id/secret) and persist it as an owner-scoped `oauth_client`. */\n readonly registerDynamicClient: (\n input: RegisterDynamicClientInput,\n ) => Effect.Effect<OAuthClientSlug, OAuthRegisterDynamicError | StorageFailure>;\n /** All registered clients visible to the caller (their org's shared clients +\n * their own user clients), as metadata-only summaries — never the secret. */\n readonly listClients: () => Effect.Effect<readonly OAuthClientSummary[], StorageFailure>;\n /** Permanently remove a registered OAuth app, keyed by (owner, slug). The\n * owner policy on `oauth_client` prevents removing another subject's user app.\n * Idempotent: removing an already-gone app succeeds. Connections that\n * referenced the slug keep their stored value and fail at the next token\n * refresh, prompting a reconnect — this op never cascades into connections. */\n readonly removeClient: (\n owner: Owner,\n slug: OAuthClientSlug,\n ) => Effect.Effect<void, StorageFailure>;\n readonly start: (\n input: OAuthStartInput,\n ) => Effect.Effect<ConnectResult, OAuthStartError | StorageFailure>;\n readonly complete: (\n input: OAuthCompleteInput,\n ) => Effect.Effect<Connection, OAuthCompleteError | OAuthSessionNotFoundError | StorageFailure>;\n readonly cancel: (state: OAuthState) => Effect.Effect<void, StorageFailure>;\n readonly probe: (\n input: OAuthProbeInput,\n ) => Effect.Effect<OAuthProbeResult, OAuthProbeError | StorageFailure>;\n}\n","// ---------------------------------------------------------------------------\n// Public projections beyond the core domain types. The integration / connection\n// / tool views live in their own domain files (`integration.ts`, `connection.ts`,\n// `tool.ts`); this file holds the schema-side views and the onboarding URL\n// autodetect result.\n// ---------------------------------------------------------------------------\n\nimport { Schema } from \"effect\";\n\nimport { ToolAddress } from \"./ids\";\n\n// ---------------------------------------------------------------------------\n// ToolSchemaView — the full schema-side view of a tool, returned by\n// `executor.tools.schema(address)`. Includes JSON schema roots plus shared\n// definitions for schema exploration, and optionally TypeScript preview strings.\n// ---------------------------------------------------------------------------\n\nexport const ToolSchemaView = Schema.Struct({\n address: ToolAddress,\n name: Schema.optional(Schema.String),\n description: Schema.optional(Schema.String),\n inputSchema: Schema.optional(Schema.Unknown),\n outputSchema: Schema.optional(Schema.Unknown),\n schemaDefinitions: Schema.optional(Schema.Record(Schema.String, Schema.Unknown)),\n inputTypeScript: Schema.optional(Schema.String),\n outputTypeScript: Schema.optional(Schema.String),\n typeScriptDefinitions: Schema.optional(Schema.Record(Schema.String, Schema.String)),\n});\nexport type ToolSchemaView = typeof ToolSchemaView.Type;\n\n// ---------------------------------------------------------------------------\n// Integration detection — optional capability on `PluginSpec.detect`. When a\n// user pastes a URL in the onboarding UI, `executor.integrations.detect(url)`\n// asks every plugin \"is this yours?\" and returns the best-confidence match so\n// the UI can auto-fill the onboarding form for the right plugin.\n// ---------------------------------------------------------------------------\n\nexport const IntegrationDetectionResult = Schema.Struct({\n /** Plugin id that recognized the URL (e.g. \"openapi\", \"graphql\"). */\n kind: Schema.String,\n /** Confidence tier — UI uses this to pick a winner when multiple plugins\n * claim a URL. */\n confidence: Schema.Literals([\"high\", \"medium\", \"low\"]),\n /** The (possibly normalized) endpoint the plugin will use. */\n endpoint: Schema.String,\n /** Human-readable name suggestion, typically derived from spec title or URL. */\n name: Schema.String,\n /** Slug suggestion — the plugin's recommendation for the integration slug. */\n slug: Schema.String,\n});\nexport type IntegrationDetectionResult = typeof IntegrationDetectionResult.Type;\n"],"mappings":";;;;;;;;;;;;AAWA,SAAS,OAAO,cAAc;AAyEvB,IAAM,eAAe,CAAC,SAAiB,WAA4B;AACxE,MAAI,YAAY,IAAK,QAAO;AAC5B,QAAM,kBAAkB,QAAQ,MAAM,GAAG;AACzC,QAAM,eAAe,OAAO,MAAM,GAAG;AACrC,WAAS,IAAI,GAAG,IAAI,gBAAgB,QAAQ,KAAK;AAC/C,UAAM,MAAM,gBAAgB,CAAC;AAC7B,QAAI,QAAQ,KAAK;AAGf,UAAI,MAAM,gBAAgB,SAAS,EAAG,QAAO,aAAa,UAAU;AAEpE,UAAI,KAAK,aAAa,OAAQ,QAAO;AACrC;AAAA,IACF;AACA,QAAI,KAAK,aAAa,UAAU,aAAa,CAAC,MAAM,IAAK,QAAO;AAAA,EAClE;AAEA,SAAO,gBAAgB,WAAW,aAAa;AACjD;AAEO,IAAM,iBAAiB,CAAC,YAA6B;AAC1D,MAAI,QAAQ,WAAW,EAAG,QAAO;AACjC,MAAI,YAAY,IAAK,QAAO;AAC5B,MAAI,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,EAAG,QAAO;AAC7D,MAAI,QAAQ,SAAS,IAAI,EAAG,QAAO;AACnC,MAAI,QAAQ,WAAW,GAAG,EAAG,QAAO;AACpC,QAAM,WAAW,QAAQ,MAAM,GAAG;AAClC,WAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;AACxC,UAAM,MAAM,SAAS,CAAC;AACtB,QAAI,IAAI,WAAW,EAAG,QAAO;AAG7B,QAAI,IAAI,SAAS,GAAG,KAAK,QAAQ,IAAK,QAAO;AAAA,EAC/C;AACA,SAAO;AACT;AASO,IAAM,mBAAmB,CAC9B,GACA,MACW;AACX,QAAM,KAAK,EAAE;AACb,QAAM,KAAK,EAAE;AACb,MAAI,KAAK,GAAI,QAAO;AACpB,MAAI,KAAK,GAAI,QAAO;AACpB,QAAM,KAAK,EAAE;AACb,QAAM,KAAK,EAAE;AACb,SAAO,KAAK,KAAK,KAAK,KAAK,KAAK,IAAI;AACtC;AAEA,IAAM,wBAAwB,CAAC,WAC7B,MAAM,MAAM,MAAM,EAAE;AAAA,EAClB,MAAM,KAAK,SAAS,MAAM,CAAC;AAAA,EAC3B,MAAM,KAAK,oBAAoB,MAAM,CAAC;AAAA,EACtC,MAAM,KAAK,WAAW,MAAM,CAAC;AAAA,EAC7B,MAAM;AACR;AAEF,IAAM,kBAAkB,CACtB,SACA,cACM;AACN,MAAI,CAAC,QAAS,QAAO;AACrB,QAAM,cAAc,sBAAsB,QAAQ,MAAM;AACxD,QAAM,gBAAgB,sBAAsB,UAAU,MAAM;AAC5D,SAAO,gBAAgB,cAAc,YAAY;AACnD;AAEO,IAAM,oBAAoB,CAC/B,QACA,UACA,cAC4B;AAC5B,MAAI,SAAS,WAAW,EAAG,QAAO;AAClC,QAAM,SAAS,CAAC,GAAG,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM;AAC1C,UAAM,KAAK,UAAU,CAAC;AACtB,UAAM,KAAK,UAAU,CAAC;AACtB,QAAI,OAAO,GAAI,QAAO,KAAK;AAC3B,WAAO,iBAAiB,GAAG,CAAC;AAAA,EAC9B,CAAC;AACD,QAAM,oBAAoB,oBAAI,IAAyB;AACvD,aAAW,OAAO,QAAQ;AACxB,QAAI,kBAAkB,IAAI,IAAI,KAAK,EAAG;AACtC,QAAI,aAAa,IAAI,SAAS,MAAM,GAAG;AACrC,wBAAkB,IAAI,IAAI,OAAO;AAAA,QAC/B,QAAQ,IAAI;AAAA,QACZ,SAAS,IAAI;AAAA,QACb,UAAU,IAAI;AAAA,MAChB,CAAC;AAAA,IACH;AAAA,EACF;AACA,MAAI;AACJ,aAAW,SAAS,kBAAkB,OAAO,GAAG;AAC9C,eAAW,gBAAgB,UAAU,KAAK;AAAA,EAC5C;AACA,SAAO;AACT;AAMA,IAAM,aAAa,CAAC,4BAClB,0BACI,EAAE,QAAQ,oBAAoB,QAAQ,iBAAiB,IACvD,EAAE,QAAQ,WAAW,QAAQ,iBAAiB;AAEpD,IAAM,WAAW,CAAC,WAAyC;AAAA,EACzD,QAAQ,MAAM;AAAA,EACd,QAAQ;AAAA,EACR,SAAS,MAAM;AAAA,EACf,UAAU,MAAM;AAClB;AAEO,IAAM,yBAAyB,CACpC,QACA,UACA,WACA,4BACoB;AACpB,QAAM,QAAQ,kBAAkB,QAAQ,UAAU,SAAS;AAC3D,SAAO,QAAQ,SAAS,KAAK,IAAI,WAAW,uBAAuB;AACrE;AAEO,IAAM,4BAA4B,CACvC,QACA,gBAEA,4BACoB;AACpB,QAAM,oBAAoB,oBAAI,IAA6B;AAC3D,aAAW,KAAK,gBAAgB;AAC9B,UAAM,WAAW,WAAW,KAAK,EAAE,QAAQ,OAAO,EAAE,KAAK,IAAI;AAC7D,QAAI,kBAAkB,IAAI,QAAQ,EAAG;AACrC,QAAI,aAAa,EAAE,SAAS,MAAM,GAAG;AACnC,wBAAkB,IAAI,UAAU;AAAA,QAC9B,QAAQ,EAAE;AAAA,QACV,QAAQ;AAAA,QACR,SAAS,EAAE;AAAA,QACX,UAAU,EAAE;AAAA,MACd,CAAC;AAAA,IACH;AAAA,EACF;AACA,MAAI;AACJ,aAAW,SAAS,kBAAkB,OAAO,GAAG;AAC9C,eAAW,gBAAgB,UAAU,KAAK;AAAA,EAC5C;AACA,SAAO,YAAY,WAAW,uBAAuB;AACvD;AAMO,IAAM,kBAAkB,CAAC,SAAoC;AAAA,EAClE,IAAI,SAAS,KAAK,IAAI,EAAE;AAAA,EACxB,OAAO,IAAI;AAAA,EACX,SAAS,IAAI;AAAA,EACb,QAAQ,IAAI;AAAA,EACZ,UAAU,IAAI;AAAA,EACd,WAAW,IAAI;AAAA,EACf,WAAW,IAAI;AACjB;AAEO,IAAM,yBAAyB,OAAO,SAAS,CAAC,WAAW,oBAAoB,OAAO,CAAC;;;AC/P9F,SAAiB,UAAAA,eAAc;AASxB,IAAM,kBAAkBC,QAAO,aAAa,mBAAmB;AAAA,EACpE,SAASA,QAAO;AAAA;AAAA,EAEhB,iBAAiBA,QAAO,OAAOA,QAAO,QAAQA,QAAO,OAAO;AAC9D,CAAC;AAIM,IAAM,iBAAiBA,QAAO,aAAa,kBAAkB;AAAA,EAClE,SAASA,QAAO;AAAA,EAChB,KAAKA,QAAO;AAAA;AAAA,EAEZ,eAAe;AACjB,CAAC;AAKM,IAAM,oBAAoBA,QAAO,SAAS,CAAC,UAAU,WAAW,QAAQ,CAAC;AAGzE,IAAM,sBAAsBA,QAAO,OAAO;AAAA,EAC/C,QAAQ;AAAA;AAAA,EAER,SAASA,QAAO,SAASA,QAAO,OAAOA,QAAO,QAAQA,QAAO,OAAO,CAAC;AACvE,CAAC;AAwBM,IAAM,2BAAN,cAAuCA,QAAO,iBAA2C;AAAA,EAC9F;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,QAAQA,QAAO,SAAS,CAAC,WAAW,QAAQ,CAAC;AAAA,EAC/C;AACF,EAAE;AAAA;AAAA;AAAA,EAGA,IAAa,UAAkB;AAC7B,WAAO,iBAAiB,KAAK,WAAW,WAAW,cAAc,UAAU,KAAK,KAAK,OAAO;AAAA,EAC9F;AACF;;;ACtEA,SAAS,UAAAC,eAAc;AAsBhB,IAAM,oBAAN,cAAgCC,QAAO,iBAAoC;AAAA,EAChF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,aAAaA,QAAO,SAASA,QAAO,MAAM,WAAW,CAAC;AAAA,EACxD;AACF,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,mBAAmB,KAAK,OAAO;AAAA,EACxC;AACF;AAEO,IAAM,sBAAN,cAAkCA,QAAO,iBAAsC;AAAA,EACpF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,SAASA,QAAO;AAAA,IAChB,OAAOA,QAAO,SAASA,QAAO,OAAO;AAAA,EACvC;AACF,EAAE;AAAC;AAII,IAAM,mBAAN,cAA+BA,QAAO,iBAAmC;AAAA,EAC9E;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,SAASA,QAAO;AAAA,EAClB;AACF,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,2BAA2B,KAAK,OAAO,MAAM,KAAK,OAAO;AAAA,EAClE;AACF;AAGO,IAAM,uBAAN,cAAmCA,QAAO,iBAAuC;AAAA,EACtF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAUA,QAAO;AAAA,EACnB;AACF,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,WAAW,KAAK,QAAQ,6BAA6B,KAAK,OAAO;AAAA,EAC1E;AACF;AAGO,IAAM,iBAAN,cAA6BA,QAAO,iBAAiC,EAAE,kBAAkB;AAAA,EAC9F,SAAS;AAAA,EACT,UAAUA,QAAO;AACnB,CAAC,EAAE;AAAA,EACD,IAAa,UAAkB;AAC7B,WAAO,WAAW,KAAK,QAAQ,yCAAyC,KAAK,OAAO;AAAA,EACtF;AACF;AAMO,IAAM,2BAAN,cAAuCA,QAAO,iBAA2C;AAAA,EAC9F;AAAA,EACA,EAAE,MAAM,gBAAgB;AAC1B,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,0BAA0B,KAAK,IAAI;AAAA,EAC5C;AACF;AAOO,IAAM,gCAAN,cAA4CA,QAAO,iBAAgD;AAAA,EACxG;AAAA,EACA,EAAE,MAAM,gBAAgB;AAAA,EACxB,EAAE,eAAe,IAAI;AACvB,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,+BAA+B,KAAK,IAAI;AAAA,EACjD;AACF;AAIO,IAAM,oCAAN,cAAgDA,QAAO,iBAAoD;AAAA,EAChH;AAAA,EACA,EAAE,MAAM,gBAAgB;AAC1B,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,oEAAoE,KAAK,IAAI;AAAA,EACtF;AACF;AAEO,IAAM,0BAAN,cAAsCA,QAAO,iBAA0C;AAAA,EAC5F;AAAA,EACA;AAAA,IACE,OAAO;AAAA,IACP,aAAa;AAAA,IACb,MAAM;AAAA,EACR;AACF,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,yBAAyB,KAAK,WAAW,IAAI,KAAK,KAAK,IAAI,KAAK,IAAI;AAAA,EAC7E;AACF;AAOO,IAAM,8BAAN,cAA0CA,QAAO,iBAA8C;AAAA,EACpG;AAAA,EACA,EAAE,SAASA,QAAO,OAAO;AAC3B,EAAE;AAAC;AAII,IAAM,uCAAN,cAAmDA,QAAO,iBAAuD;AAAA,EACtH;AAAA,EACA,EAAE,UAAU,YAAY;AAC1B,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,uCAAuC,KAAK,QAAQ;AAAA,EAC7D;AACF;AAIO,IAAM,4BAAN,cAAwCA,QAAO,iBAA4C;AAAA,EAChG;AAAA,EACA;AAAA,IACE,OAAO;AAAA,IACP,aAAa;AAAA,IACb,MAAM;AAAA,IACN,SAASA,QAAO;AAAA;AAAA;AAAA,IAGhB,gBAAgBA,QAAO,SAASA,QAAO,OAAO;AAAA,EAChD;AACF,EAAE;AAAC;;;ACrKH,SAAS,UAAAC,eAAc;AAgKhB,IAAM,kBAAN,cAA8BC,QAAO,iBAAkC,EAAE,mBAAmB;AAAA,EACjG,SAASA,QAAO;AAClB,CAAC,EAAE;AAAC;AAEG,IAAM,qBAAN,cAAiCA,QAAO,iBAAqC;AAAA,EAClF;AAAA,EACA;AAAA,IACE,SAASA,QAAO;AAAA;AAAA,IAEhB,iBAAiBA,QAAO,SAASA,QAAO,OAAO;AAAA,EACjD;AACF,EAAE;AAAC;AAEI,IAAM,kBAAN,cAA8BA,QAAO,iBAAkC,EAAE,mBAAmB;AAAA,EACjG,SAASA,QAAO;AAClB,CAAC,EAAE;AAAC;AAEG,IAAM,4BAAN,cAAwCA,QAAO,iBAA4C;AAAA,EAChG;AAAA,EACA,EAAE,SAASA,QAAO,OAAO;AAC3B,EAAE;AAAC;AAEI,IAAM,4BAAN,cAAwCA,QAAO,iBAA4C;AAAA,EAChG;AAAA,EACA,EAAE,OAAO,WAAW;AACtB,EAAE;AAAC;;;ACnLH,SAAS,UAAAC,eAAc;AAUhB,IAAM,iBAAiBC,QAAO,OAAO;AAAA,EAC1C,SAAS;AAAA,EACT,MAAMA,QAAO,SAASA,QAAO,MAAM;AAAA,EACnC,aAAaA,QAAO,SAASA,QAAO,MAAM;AAAA,EAC1C,aAAaA,QAAO,SAASA,QAAO,OAAO;AAAA,EAC3C,cAAcA,QAAO,SAASA,QAAO,OAAO;AAAA,EAC5C,mBAAmBA,QAAO,SAASA,QAAO,OAAOA,QAAO,QAAQA,QAAO,OAAO,CAAC;AAAA,EAC/E,iBAAiBA,QAAO,SAASA,QAAO,MAAM;AAAA,EAC9C,kBAAkBA,QAAO,SAASA,QAAO,MAAM;AAAA,EAC/C,uBAAuBA,QAAO,SAASA,QAAO,OAAOA,QAAO,QAAQA,QAAO,MAAM,CAAC;AACpF,CAAC;AAUM,IAAM,6BAA6BA,QAAO,OAAO;AAAA;AAAA,EAEtD,MAAMA,QAAO;AAAA;AAAA;AAAA,EAGb,YAAYA,QAAO,SAAS,CAAC,QAAQ,UAAU,KAAK,CAAC;AAAA;AAAA,EAErD,UAAUA,QAAO;AAAA;AAAA,EAEjB,MAAMA,QAAO;AAAA;AAAA,EAEb,MAAMA,QAAO;AACf,CAAC;","names":["Schema","Schema","Schema","Schema","Schema","Schema","Schema","Schema"]}
|
|
1
|
+
{"version":3,"sources":["../src/policies.ts","../src/elicitation.ts","../src/errors.ts","../src/oauth-client.ts","../src/types.ts"],"sourcesContent":["// ---------------------------------------------------------------------------\n// Tool policies — pattern matcher + policy resolution. Pure functions; the\n// executor stitches them into `tools.list`, `execute`, and the public\n// `executor.policies` CRUD surface. Plugins consume the same surface.\n//\n// v2: policies are owner-scoped (org | user) instead of scope-stacked. Each\n// owner contributes its first matching rule by local position; the final answer\n// is the most restrictive matched action across owners, so a user preference\n// cannot weaken an org guardrail (org = outer, user = inner).\n// ---------------------------------------------------------------------------\n\nimport { Match, Schema } from \"effect\";\n\nimport type { ToolPolicyAction, ToolPolicyRow } from \"./core-schema\";\nimport { Owner, PolicyId } from \"./ids\";\n\nexport interface ToolPolicy {\n readonly id: PolicyId;\n readonly owner: Owner;\n readonly pattern: string;\n readonly action: ToolPolicyAction;\n /** Fractional-indexing key. Lower lex order = higher precedence. */\n readonly position: string;\n readonly createdAt: Date;\n readonly updatedAt: Date;\n}\n\nexport interface CreateToolPolicyInput {\n readonly owner: Owner;\n readonly pattern: string;\n /** Optional explicit position. Defaults to a key above the current minimum\n * (top of the owner's list; highest precedence). */\n readonly action: ToolPolicyAction;\n readonly position?: string;\n}\n\nexport interface UpdateToolPolicyInput {\n readonly id: string;\n readonly owner: Owner;\n readonly pattern?: string;\n readonly action?: ToolPolicyAction;\n readonly position?: string;\n}\n\nexport interface RemoveToolPolicyInput {\n readonly id: string;\n readonly owner: Owner;\n}\n\n// ---------------------------------------------------------------------------\n// Match result.\n// ---------------------------------------------------------------------------\n\nexport interface PolicyMatch {\n readonly action: ToolPolicyAction;\n readonly pattern: string;\n readonly policyId: string;\n}\n\nexport type PolicySource = \"user\" | \"plugin-default\";\n\nexport interface EffectivePolicy {\n readonly action: ToolPolicyAction;\n readonly source: PolicySource;\n readonly pattern?: string;\n readonly policyId?: string;\n}\n\n// ---------------------------------------------------------------------------\n// Pattern matching. Grammar (matched against the full tool address\n// `<integration>.<owner>.<connection>.<tool>` or a shorter form the executor\n// passes in):\n// - universal: `*`\n// - exact: `vercel.dns.create`\n// - subtree (trailing `*`): `vercel.dns.*` — the literal prefix plus anything deeper\n// - plugin-wide: `vercel.*`\n// - mid-segment `*`: `vercel.*.*.dns.create` — each NON-trailing `*` matches\n// EXACTLY ONE segment (e.g. wildcard the owner/connection\n// segments to target a tool across every connection).\n// A `*` is always a complete segment: mid-pattern it consumes one segment,\n// trailing it is a subtree. Partial wildcards (`me*`) and a leading `*` (other\n// than the universal `*`) are rejected by `isValidPattern`.\n// ---------------------------------------------------------------------------\n\nexport const matchPattern = (pattern: string, toolId: string): boolean => {\n if (pattern === \"*\") return true;\n const patternSegments = pattern.split(\".\");\n const toolSegments = toolId.split(\".\");\n for (let i = 0; i < patternSegments.length; i++) {\n const seg = patternSegments[i]!;\n if (seg === \"*\") {\n // Trailing `*` is a subtree: the literal prefix already matched, so the\n // address matches at this position and anything deeper (or nothing).\n if (i === patternSegments.length - 1) return toolSegments.length >= i;\n // A non-trailing `*` consumes EXACTLY ONE segment; one must exist here.\n if (i >= toolSegments.length) return false;\n continue;\n }\n if (i >= toolSegments.length || toolSegments[i] !== seg) return false;\n }\n // Pattern exhausted with no trailing `*`: an exact match requires equal length.\n return patternSegments.length === toolSegments.length;\n};\n\nexport const isValidPattern = (pattern: string): boolean => {\n if (pattern.length === 0) return false;\n if (pattern === \"*\") return true;\n if (pattern.startsWith(\".\") || pattern.endsWith(\".\")) return false;\n if (pattern.includes(\"..\")) return false;\n if (pattern.startsWith(\"*\")) return false;\n const segments = pattern.split(\".\");\n for (let i = 0; i < segments.length; i++) {\n const seg = segments[i]!;\n if (seg.length === 0) return false;\n // A `*` segment must be the WHOLE segment — no partial wildcards (`me*`).\n // A `*` is valid mid-pattern (one segment) or trailing (subtree).\n if (seg.includes(\"*\") && seg !== \"*\") return false;\n }\n return true;\n};\n\n// ---------------------------------------------------------------------------\n// Resolution — each owner contributes its first matching rule by local\n// position; the most restrictive matched action across owners wins. Caller\n// passes an `ownerRank` so the resolver doesn't need to know which owner is\n// the outer guardrail.\n// ---------------------------------------------------------------------------\n\nexport const comparePolicyRow = (\n a: Pick<ToolPolicyRow, \"position\" | \"id\">,\n b: Pick<ToolPolicyRow, \"position\" | \"id\">,\n): number => {\n const pa = a.position;\n const pb = b.position;\n if (pa < pb) return -1;\n if (pa > pb) return 1;\n const ia = a.id;\n const ib = b.id;\n return ia < ib ? -1 : ia > ib ? 1 : 0;\n};\n\nconst actionRestrictionRank = (action: ToolPolicyAction): number =>\n Match.value(action).pipe(\n Match.when(\"block\", () => 3),\n Match.when(\"require_approval\", () => 2),\n Match.when(\"approve\", () => 1),\n Match.exhaustive,\n );\n\nconst moreRestrictive = <T extends { readonly action: ToolPolicyAction }>(\n current: T | undefined,\n candidate: T,\n): T => {\n if (!current) return candidate;\n const currentRank = actionRestrictionRank(current.action);\n const candidateRank = actionRestrictionRank(candidate.action);\n return candidateRank > currentRank ? candidate : current;\n};\n\nexport const resolveToolPolicy = (\n toolId: string,\n policies: readonly ToolPolicyRow[],\n ownerRank: (row: Pick<ToolPolicyRow, \"owner\">) => number,\n): PolicyMatch | undefined => {\n if (policies.length === 0) return undefined;\n const sorted = [...policies].sort((a, b) => {\n const sa = ownerRank(a);\n const sb = ownerRank(b);\n if (sa !== sb) return sa - sb;\n return comparePolicyRow(a, b);\n });\n const firstMatchByOwner = new Map<string, PolicyMatch>();\n for (const row of sorted) {\n if (firstMatchByOwner.has(row.owner)) continue;\n if (matchPattern(row.pattern, toolId)) {\n firstMatchByOwner.set(row.owner, {\n action: row.action as ToolPolicyAction,\n pattern: row.pattern,\n policyId: row.id,\n });\n }\n }\n let selected: PolicyMatch | undefined;\n for (const match of firstMatchByOwner.values()) {\n selected = moreRestrictive(selected, match);\n }\n return selected;\n};\n\n// ---------------------------------------------------------------------------\n// Layered resolution — user-authored rules + plugin default `requiresApproval`.\n// ---------------------------------------------------------------------------\n\nconst liftPlugin = (defaultRequiresApproval: boolean | undefined): EffectivePolicy =>\n defaultRequiresApproval\n ? { action: \"require_approval\", source: \"plugin-default\" }\n : { action: \"approve\", source: \"plugin-default\" };\n\nconst liftUser = (match: PolicyMatch): EffectivePolicy => ({\n action: match.action,\n source: \"user\",\n pattern: match.pattern,\n policyId: match.policyId,\n});\n\nexport const resolveEffectivePolicy = (\n toolId: string,\n policies: readonly ToolPolicyRow[],\n ownerRank: (row: Pick<ToolPolicyRow, \"owner\">) => number,\n defaultRequiresApproval?: boolean,\n): EffectivePolicy => {\n const match = resolveToolPolicy(toolId, policies, ownerRank);\n return match ? liftUser(match) : liftPlugin(defaultRequiresApproval);\n};\n\nexport const effectivePolicyFromSorted = (\n toolId: string,\n sortedPolicies: readonly (Pick<ToolPolicy, \"pattern\" | \"action\" | \"id\"> &\n Partial<Pick<ToolPolicy, \"owner\">>)[],\n defaultRequiresApproval?: boolean,\n): EffectivePolicy => {\n const firstMatchByOwner = new Map<string, EffectivePolicy>();\n for (const p of sortedPolicies) {\n const ownerKey = \"owner\" in p && p.owner ? String(p.owner) : \"__flat__\";\n if (firstMatchByOwner.has(ownerKey)) continue;\n if (matchPattern(p.pattern, toolId)) {\n firstMatchByOwner.set(ownerKey, {\n action: p.action,\n source: \"user\",\n pattern: p.pattern,\n policyId: p.id,\n });\n }\n }\n let selected: EffectivePolicy | undefined;\n for (const match of firstMatchByOwner.values()) {\n selected = moreRestrictive(selected, match);\n }\n return selected ?? liftPlugin(defaultRequiresApproval);\n};\n\n// ---------------------------------------------------------------------------\n// Row → public projection.\n// ---------------------------------------------------------------------------\n\nexport const rowToToolPolicy = (row: ToolPolicyRow): ToolPolicy => ({\n id: PolicyId.make(row.id),\n owner: row.owner as Owner,\n pattern: row.pattern,\n action: row.action as ToolPolicyAction,\n position: row.position,\n createdAt: row.created_at,\n updatedAt: row.updated_at,\n});\n\nexport const ToolPolicyActionSchema = Schema.Literals([\"approve\", \"require_approval\", \"block\"]);\n","import { Effect, Schema } from \"effect\";\n\nimport { ElicitationId, ToolAddress } from \"./ids\";\n\n/* A tool that needs user input mid-call suspends and the host's `onElicitation`\n * handler (executor-level, overridable per `execute`) answers. Tools that never\n * elicit never trigger it. Schema-tagged so requests/responses cross the wire. */\n\n/** Tool needs structured input from the user (render a form). */\nexport const FormElicitation = Schema.TaggedStruct(\"FormElicitation\", {\n message: Schema.String,\n /** JSON Schema describing the fields to collect. */\n requestedSchema: Schema.Record(Schema.String, Schema.Unknown),\n});\nexport type FormElicitation = typeof FormElicitation.Type;\n\n/** Tool needs the user to visit a URL (OAuth, approval page, etc.). */\nexport const UrlElicitation = Schema.TaggedStruct(\"UrlElicitation\", {\n message: Schema.String,\n url: Schema.String,\n /** Unique id so the host can correlate the callback. */\n elicitationId: ElicitationId,\n});\nexport type UrlElicitation = typeof UrlElicitation.Type;\n\nexport type ElicitationRequest = FormElicitation | UrlElicitation;\n\nexport const ElicitationAction = Schema.Literals([\"accept\", \"decline\", \"cancel\"]);\nexport type ElicitationAction = typeof ElicitationAction.Type;\n\nexport const ElicitationResponse = Schema.Struct({\n action: ElicitationAction,\n /** Present when `action` is \"accept\" — the data the user provided. */\n content: Schema.optional(Schema.Record(Schema.String, Schema.Unknown)),\n});\nexport type ElicitationResponse = typeof ElicitationResponse.Type;\n\n/** Handler input — the tool address being invoked, its args, and the request. */\nexport interface ElicitationContext {\n readonly address: ToolAddress;\n readonly args: unknown;\n readonly request: ElicitationRequest;\n}\n\n/** Host-provided handler the SDK calls when a tool suspends for input. */\nexport type ElicitationHandler = (ctx: ElicitationContext) => Effect.Effect<ElicitationResponse>;\n\n/** Executor-level elicitation policy: a handler, or `\"accept-all\"` to\n * auto-accept every request (tests / non-interactive hosts). */\nexport type OnElicitation = ElicitationHandler | \"accept-all\";\n\n/** Per-call options for `execute`. */\nexport interface InvokeOptions {\n /** Override the executor-level handler for this single call. */\n readonly onElicitation?: OnElicitation;\n}\n\n/** A tool was declined or cancelled during elicitation. */\nexport class ElicitationDeclinedError extends Schema.TaggedErrorClass<ElicitationDeclinedError>()(\n \"ElicitationDeclinedError\",\n {\n address: ToolAddress,\n action: Schema.Literals([\"decline\", \"cancel\"]),\n },\n) {\n // Derived message so telemetry (span status, logs) labels the failure\n // instead of rendering an Error with an empty message.\n override get message(): string {\n return `Tool approval ${this.action === \"cancel\" ? \"cancelled\" : \"declined\"}: ${this.address}`;\n }\n}\n","import { Schema } from \"effect\";\n\nimport { ElicitationDeclinedError } from \"./elicitation\";\nimport type { StorageFailure } from \"./fuma-runtime\";\nimport { ConnectionName, IntegrationSlug, Owner, ProviderKey, ToolAddress } from \"./ids\";\n\n/* The failure set the SDK surfaces. `execute`'s invoke failures are ported from\n * v1 but re-keyed by `address` (the full `tools.<integration>.<owner>.<connection>.<tool>`\n * handle) instead of an opaque tool id. Storage failures reuse fuma-runtime's\n * `StorageError`/`UniqueViolationError` (`StorageFailure`) — not redefined here. */\n\n// ---------------------------------------------------------------------------\n// Tool lifecycle\n// ---------------------------------------------------------------------------\n\n/* Tagged errors without an explicit `message` field define a `message` getter:\n * `Schema.TaggedErrorClass` instances are real Errors with `message: \"\"`, and\n * an empty message propagates everywhere errors are rendered — span\n * status.message in the tracer, Cause.pretty output, log lines — leaving the\n * failure unlabeled in telemetry. The getter is derived from the schema fields\n * (not an own property), so encoding/serialization is unaffected. */\n\nexport class ToolNotFoundError extends Schema.TaggedErrorClass<ToolNotFoundError>()(\n \"ToolNotFoundError\",\n {\n address: ToolAddress,\n suggestions: Schema.optional(Schema.Array(ToolAddress)),\n },\n) {\n override get message(): string {\n return `Tool not found: ${this.address}`;\n }\n}\n\nexport class ToolInvocationError extends Schema.TaggedErrorClass<ToolInvocationError>()(\n \"ToolInvocationError\",\n {\n address: ToolAddress,\n message: Schema.String,\n cause: Schema.optional(Schema.Unknown),\n },\n) {}\n\n/** Tool invocation was rejected because a workspace `tool_policy` rule with\n * `action: \"block\"` matched. `pattern` is the matched policy pattern. */\nexport class ToolBlockedError extends Schema.TaggedErrorClass<ToolBlockedError>()(\n \"ToolBlockedError\",\n {\n address: ToolAddress,\n pattern: Schema.String,\n },\n) {\n override get message(): string {\n return `Tool blocked by policy \"${this.pattern}\": ${this.address}`;\n }\n}\n\n/** Tool row exists but its owning plugin isn't loaded in this executor config. */\nexport class PluginNotLoadedError extends Schema.TaggedErrorClass<PluginNotLoadedError>()(\n \"PluginNotLoadedError\",\n {\n address: ToolAddress,\n pluginId: Schema.String,\n },\n) {\n override get message(): string {\n return `Plugin \"${this.pluginId}\" is not loaded for tool: ${this.address}`;\n }\n}\n\n/** Tool was found but its owning plugin has no `invokeTool` handler. */\nexport class NoHandlerError extends Schema.TaggedErrorClass<NoHandlerError>()(\"NoHandlerError\", {\n address: ToolAddress,\n pluginId: Schema.String,\n}) {\n override get message(): string {\n return `Plugin \"${this.pluginId}\" has no invokeTool handler for tool: ${this.address}`;\n }\n}\n\n// ---------------------------------------------------------------------------\n// Integration / connection lifecycle\n// ---------------------------------------------------------------------------\n\nexport class IntegrationNotFoundError extends Schema.TaggedErrorClass<IntegrationNotFoundError>()(\n \"IntegrationNotFoundError\",\n { slug: IntegrationSlug },\n) {\n override get message(): string {\n return `Integration not found: ${this.slug}`;\n }\n}\n\n/** An \"add integration\" operation targeted a slug (namespace) that is already\n * registered. The core `integrations.register` primitive upserts by design\n * (for idempotent boot re-registration); add-operation layers gate on this to\n * prevent silently clobbering an existing integration's tools, connections,\n * and policies. */\nexport class IntegrationAlreadyExistsError extends Schema.TaggedErrorClass<IntegrationAlreadyExistsError>()(\n \"IntegrationAlreadyExistsError\",\n { slug: IntegrationSlug },\n { httpApiStatus: 409 },\n) {\n override get message(): string {\n return `Integration already exists: ${this.slug}`;\n }\n}\n\n/** `integrations.remove` was called on an integration declared statically by a\n * plugin at startup (`canRemove: false`). */\nexport class IntegrationRemovalNotAllowedError extends Schema.TaggedErrorClass<IntegrationRemovalNotAllowedError>()(\n \"IntegrationRemovalNotAllowedError\",\n { slug: IntegrationSlug },\n) {\n override get message(): string {\n return `Integration cannot be removed (declared statically by a plugin): ${this.slug}`;\n }\n}\n\nexport class ConnectionNotFoundError extends Schema.TaggedErrorClass<ConnectionNotFoundError>()(\n \"ConnectionNotFoundError\",\n {\n owner: Owner,\n integration: IntegrationSlug,\n name: ConnectionName,\n },\n) {\n override get message(): string {\n return `Connection not found: ${this.integration}.${this.owner}.${this.name}`;\n }\n}\n\n/** A connection create request was rejected before anything was written: the\n * input is structurally invalid (no credential inputs for a credentialed\n * template, mixed pasted/external origins, …) or targets owner `user` in a\n * context that has no user subject. The message says which — it is safe to\n * show to the caller. */\nexport class InvalidConnectionInputError extends Schema.TaggedErrorClass<InvalidConnectionInputError>()(\n \"InvalidConnectionInputError\",\n { message: Schema.String },\n) {}\n\n/** A connection references a credential provider key that isn't registered on\n * the executor. */\nexport class CredentialProviderNotRegisteredError extends Schema.TaggedErrorClass<CredentialProviderNotRegisteredError>()(\n \"CredentialProviderNotRegisteredError\",\n { provider: ProviderKey },\n) {\n override get message(): string {\n return `Credential provider not registered: ${this.provider}`;\n }\n}\n\n/** A connection's value could not be resolved — the provider returned nothing,\n * or an OAuth token refresh failed and the user must re-auth. */\nexport class CredentialResolutionError extends Schema.TaggedErrorClass<CredentialResolutionError>()(\n \"CredentialResolutionError\",\n {\n owner: Owner,\n integration: IntegrationSlug,\n name: ConnectionName,\n message: Schema.String,\n /** True when the stored grant is permanently invalid and the user must\n * sign in again (RFC 6749 §5.2 invalid_grant and friends). */\n reauthRequired: Schema.optional(Schema.Boolean),\n },\n) {}\n\n// ---------------------------------------------------------------------------\n// Union — the failure channel of `execute`.\n// ---------------------------------------------------------------------------\n\nexport type ExecuteError =\n | ToolNotFoundError\n | ToolInvocationError\n | ToolBlockedError\n | PluginNotLoadedError\n | NoHandlerError\n | ConnectionNotFoundError\n | CredentialProviderNotRegisteredError\n | CredentialResolutionError\n | ElicitationDeclinedError\n | StorageFailure;\n\n/** Convenience union spanning every typed error the SDK raises. */\nexport type ExecutorError =\n | ExecuteError\n | IntegrationNotFoundError\n | IntegrationRemovalNotAllowedError;\n","import type { Effect } from \"effect\";\nimport { Schema } from \"effect\";\n\nimport type { Connection } from \"./connection\";\nimport type { StorageFailure } from \"./fuma-runtime\";\nimport {\n type AuthTemplateSlug,\n type ConnectionName,\n type IntegrationSlug,\n OAuthClientSlug,\n OAuthState,\n type Owner,\n} from \"./ids\";\n\n/* The v2 OAuth surface contracts. OAuth is a credential mechanism, not an\n * integration type. A client is a registered app; running its flow mints a\n * Connection. The client is self-contained (carries its own endpoints) and\n * integration-independent, so the same app can back connections on whatever\n * integrations share that provider.\n *\n * The OAuth 2.1 *implementation* (PKCE, DCR, token exchange + refresh) lives in\n * `oauth-helpers` / `oauth-discovery` / `oauth-service`; these are the public\n * input/output shapes the executor's `oauth.*` namespace speaks. */\n\nexport type OAuthGrant = \"authorization_code\" | \"client_credentials\";\n\n/** Provider OAuth config an integration declares as one of its auth templates —\n * what to request. (The flow itself runs off the self-contained OAuthClient.)\n * Keyed `kind: \"oauth2\"` like every auth method across the plugins. */\nexport interface OAuthAuthentication {\n readonly slug: AuthTemplateSlug;\n readonly kind: \"oauth2\";\n readonly authorizationUrl: string;\n readonly tokenUrl: string;\n readonly scopes: readonly string[];\n}\n\n/** A registered OAuth app — pure app identity: clientId/secret + its endpoints.\n * Owner-scoped: a shared org app or a user's own BYO app. The app does NOT carry\n * scopes — what to request is the INTEGRATION's concern (`OAuthAuthentication.\n * scopes`, surfaced via the declared auth method), so the same app can back any\n * integration without pinning a scope set. */\nexport interface OAuthClient {\n readonly owner: Owner;\n readonly slug: OAuthClientSlug;\n readonly authorizationUrl: string;\n readonly tokenUrl: string;\n readonly grant: OAuthGrant;\n readonly clientId: string;\n /** The literal client secret. Stored out-of-band in the credential provider\n * (vault item id), never inline. Empty string for public / PKCE clients. */\n readonly clientSecret: string;\n /** RFC 8707 Resource Indicator (MCP). Carried so the refresh request can keep\n * the re-minted token bound to the same resource. Null/omitted otherwise. */\n readonly resource?: string | null;\n}\n\nexport type OAuthClientOrigin =\n | { readonly kind: \"manual\" }\n | {\n readonly kind: \"dynamic_client_registration\";\n readonly integration?: IntegrationSlug | null;\n };\n\nexport type CreateOAuthClientInput = OAuthClient & {\n readonly origin?: OAuthClientOrigin;\n};\n\n/** Metadata-only projection of a registered client for listing in the UI.\n * Deliberately omits `clientSecret` — the secret is never returned over the\n * read surface. `clientId` is included (it is not a secret; it is sent in the\n * authorize URL the user's browser visits). */\nexport interface OAuthClientSummary {\n readonly owner: Owner;\n readonly slug: OAuthClientSlug;\n readonly grant: OAuthGrant;\n readonly authorizationUrl: string;\n readonly tokenUrl: string;\n readonly resource?: string | null;\n readonly clientId: string;\n readonly origin: OAuthClientOrigin;\n}\n\n/** Flow-aware result of `oauth.start` — the status says what's next. */\nexport type ConnectResult =\n | { readonly status: \"connected\"; readonly connection: Connection }\n | {\n readonly status: \"redirect\";\n readonly authorizationUrl: string;\n readonly state: OAuthState;\n };\n\n/** Start a flow through a client to mint a connection for one integration.\n * `template` is the integration's oauth template the minted token is applied\n * through. */\nexport interface OAuthStartInput {\n readonly client: OAuthClientSlug;\n /** The owner that owns `client`. Supplied explicitly (the picker knows it), so\n * a Personal connection can be minted through a shared Workspace app without\n * any owner-derivation rule. A Workspace connection must use a Workspace app. */\n readonly clientOwner: Owner;\n /** The owner the minted CONNECTION is saved under (may differ from `clientOwner`). */\n readonly owner: Owner;\n readonly name: ConnectionName;\n readonly integration: IntegrationSlug;\n readonly template: AuthTemplateSlug;\n readonly identityLabel?: string | null;\n /** Browser-facing callback URL for this flow. Defaults to the executor's configured redirectUri. */\n readonly redirectUri?: string | null;\n}\n\nexport interface OAuthCompleteInput {\n readonly state: OAuthState;\n readonly code: string;\n /** Non-standard regional host the authorization server returns on the\n * callback (Datadog's `domain`/`site` params) so the code is redeemed at the\n * org's actual region rather than the statically advertised one. Used only\n * when it is a sibling subdomain of the client's configured token host. */\n readonly callbackDomain?: string | null;\n}\n\n/** Probe a base/issuer URL for OAuth 2.1 authorization-server metadata so the\n * onboarding UI can pre-fill a client's endpoints. */\nexport interface OAuthProbeInput {\n readonly url: string;\n}\n\nexport interface OAuthProbeResult {\n readonly authorizationUrl: string;\n readonly tokenUrl: string;\n /** RFC 8707 resource indicator discovered from protected-resource metadata.\n * Persist this on DCR clients so authorize/token/refresh requests stay bound\n * to the protected resource. */\n readonly resource?: string | null;\n readonly scopesSupported?: readonly string[];\n /** Whether the server advertises dynamic client registration (RFC 7591). */\n readonly registrationEndpoint?: string | null;\n /** RFC 8414 `token_endpoint_auth_methods_supported`. Surfaced so DCR can pick\n * a public (\"none\") client when the server allows it. */\n readonly tokenEndpointAuthMethodsSupported?: readonly string[];\n}\n\n/** Mint an OAuth client via RFC 7591 Dynamic Client Registration and persist it.\n * The user pastes NO client id/secret — the authorization server mints a\n * (public, PKCE) client which is stored as an owner-scoped `oauth_client`. */\nexport interface RegisterDynamicClientInput {\n readonly owner: Owner;\n readonly slug: OAuthClientSlug;\n /** RFC 7591 registration endpoint advertised by the authorization server. */\n readonly registrationEndpoint: string;\n readonly authorizationUrl: string;\n readonly tokenUrl: string;\n /** RFC 8707 Resource Indicator (MCP). Persisted on the minted client when known. */\n readonly resource?: string | null;\n readonly scopes: readonly string[];\n /** Auth methods the server advertises. When it allows `none` a public\n * (PKCE-only, no secret) client is registered; otherwise `client_secret_post`. */\n readonly tokenEndpointAuthMethodsSupported?: readonly string[];\n /** Human label for the registered app (RFC 7591 `client_name`). */\n readonly clientName?: string;\n /** Browser-facing callback URL to register. Defaults to the executor's configured redirectUri. */\n readonly redirectUri?: string | null;\n /** Integration that requested this dynamic client, when known. */\n readonly originIntegration?: IntegrationSlug | null;\n}\n\nexport class OAuthStartError extends Schema.TaggedErrorClass<OAuthStartError>()(\"OAuthStartError\", {\n message: Schema.String,\n}) {}\n\nexport class OAuthCompleteError extends Schema.TaggedErrorClass<OAuthCompleteError>()(\n \"OAuthCompleteError\",\n {\n message: Schema.String,\n /** True when the auth-code exchange failed in a way the user must restart. */\n restartRequired: Schema.optional(Schema.Boolean),\n },\n) {}\n\nexport class OAuthProbeError extends Schema.TaggedErrorClass<OAuthProbeError>()(\"OAuthProbeError\", {\n message: Schema.String,\n}) {}\n\nexport class OAuthRegisterDynamicError extends Schema.TaggedErrorClass<OAuthRegisterDynamicError>()(\n \"OAuthRegisterDynamicError\",\n { message: Schema.String },\n) {}\n\nexport class OAuthSessionNotFoundError extends Schema.TaggedErrorClass<OAuthSessionNotFoundError>()(\n \"OAuthSessionNotFoundError\",\n { state: OAuthState },\n) {}\n\n/** The OAuth surface the executor's `oauth.*` namespace and `ctx.oauth` expose.\n * Implemented by `makeOAuthService` (oauth-service.ts), wired by the executor\n * with the deps it needs to mint connections. */\nexport interface OAuthService {\n readonly createClient: (\n input: CreateOAuthClientInput,\n ) => Effect.Effect<OAuthClientSlug, StorageFailure>;\n /** Mint a client via RFC 7591 Dynamic Client Registration (no pre-shared\n * client id/secret) and persist it as an owner-scoped `oauth_client`. */\n readonly registerDynamicClient: (\n input: RegisterDynamicClientInput,\n ) => Effect.Effect<OAuthClientSlug, OAuthRegisterDynamicError | StorageFailure>;\n /** All registered clients visible to the caller (their org's shared clients +\n * their own user clients), as metadata-only summaries — never the secret. */\n readonly listClients: () => Effect.Effect<readonly OAuthClientSummary[], StorageFailure>;\n /** Permanently remove a registered OAuth app, keyed by (owner, slug). The\n * owner policy on `oauth_client` prevents removing another subject's user app.\n * Idempotent: removing an already-gone app succeeds. Connections that\n * referenced the slug keep their stored value and fail at the next token\n * refresh, prompting a reconnect — this op never cascades into connections. */\n readonly removeClient: (\n owner: Owner,\n slug: OAuthClientSlug,\n ) => Effect.Effect<void, StorageFailure>;\n readonly start: (\n input: OAuthStartInput,\n ) => Effect.Effect<ConnectResult, OAuthStartError | StorageFailure>;\n readonly complete: (\n input: OAuthCompleteInput,\n ) => Effect.Effect<Connection, OAuthCompleteError | OAuthSessionNotFoundError | StorageFailure>;\n readonly cancel: (state: OAuthState) => Effect.Effect<void, StorageFailure>;\n readonly probe: (\n input: OAuthProbeInput,\n ) => Effect.Effect<OAuthProbeResult, OAuthProbeError | StorageFailure>;\n}\n","// ---------------------------------------------------------------------------\n// Public projections beyond the core domain types. The integration / connection\n// / tool views live in their own domain files (`integration.ts`, `connection.ts`,\n// `tool.ts`); this file holds the schema-side views and the onboarding URL\n// autodetect result.\n// ---------------------------------------------------------------------------\n\nimport { Schema } from \"effect\";\n\nimport { ToolAddress } from \"./ids\";\n\n// ---------------------------------------------------------------------------\n// ToolSchemaView — the full schema-side view of a tool, returned by\n// `executor.tools.schema(address)`. Includes JSON schema roots plus shared\n// definitions for schema exploration, and optionally TypeScript preview strings.\n// ---------------------------------------------------------------------------\n\nexport const ToolSchemaView = Schema.Struct({\n address: ToolAddress,\n name: Schema.optional(Schema.String),\n description: Schema.optional(Schema.String),\n inputSchema: Schema.optional(Schema.Unknown),\n outputSchema: Schema.optional(Schema.Unknown),\n schemaDefinitions: Schema.optional(Schema.Record(Schema.String, Schema.Unknown)),\n inputTypeScript: Schema.optional(Schema.String),\n outputTypeScript: Schema.optional(Schema.String),\n typeScriptDefinitions: Schema.optional(Schema.Record(Schema.String, Schema.String)),\n});\nexport type ToolSchemaView = typeof ToolSchemaView.Type;\n\n// ---------------------------------------------------------------------------\n// Integration detection — optional capability on `PluginSpec.detect`. When a\n// user pastes a URL in the onboarding UI, `executor.integrations.detect(url)`\n// asks every plugin \"is this yours?\" and returns the best-confidence match so\n// the UI can auto-fill the onboarding form for the right plugin.\n// ---------------------------------------------------------------------------\n\nexport const IntegrationDetectionResult = Schema.Struct({\n /** Plugin id that recognized the URL (e.g. \"openapi\", \"graphql\"). */\n kind: Schema.String,\n /** Confidence tier — UI uses this to pick a winner when multiple plugins\n * claim a URL. */\n confidence: Schema.Literals([\"high\", \"medium\", \"low\"]),\n /** The (possibly normalized) endpoint the plugin will use. */\n endpoint: Schema.String,\n /** Human-readable name suggestion, typically derived from spec title or URL. */\n name: Schema.String,\n /** Slug suggestion — the plugin's recommendation for the integration slug. */\n slug: Schema.String,\n});\nexport type IntegrationDetectionResult = typeof IntegrationDetectionResult.Type;\n"],"mappings":";;;;;;;;;;;;AAWA,SAAS,OAAO,cAAc;AAyEvB,IAAM,eAAe,CAAC,SAAiB,WAA4B;AACxE,MAAI,YAAY,IAAK,QAAO;AAC5B,QAAM,kBAAkB,QAAQ,MAAM,GAAG;AACzC,QAAM,eAAe,OAAO,MAAM,GAAG;AACrC,WAAS,IAAI,GAAG,IAAI,gBAAgB,QAAQ,KAAK;AAC/C,UAAM,MAAM,gBAAgB,CAAC;AAC7B,QAAI,QAAQ,KAAK;AAGf,UAAI,MAAM,gBAAgB,SAAS,EAAG,QAAO,aAAa,UAAU;AAEpE,UAAI,KAAK,aAAa,OAAQ,QAAO;AACrC;AAAA,IACF;AACA,QAAI,KAAK,aAAa,UAAU,aAAa,CAAC,MAAM,IAAK,QAAO;AAAA,EAClE;AAEA,SAAO,gBAAgB,WAAW,aAAa;AACjD;AAEO,IAAM,iBAAiB,CAAC,YAA6B;AAC1D,MAAI,QAAQ,WAAW,EAAG,QAAO;AACjC,MAAI,YAAY,IAAK,QAAO;AAC5B,MAAI,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,EAAG,QAAO;AAC7D,MAAI,QAAQ,SAAS,IAAI,EAAG,QAAO;AACnC,MAAI,QAAQ,WAAW,GAAG,EAAG,QAAO;AACpC,QAAM,WAAW,QAAQ,MAAM,GAAG;AAClC,WAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;AACxC,UAAM,MAAM,SAAS,CAAC;AACtB,QAAI,IAAI,WAAW,EAAG,QAAO;AAG7B,QAAI,IAAI,SAAS,GAAG,KAAK,QAAQ,IAAK,QAAO;AAAA,EAC/C;AACA,SAAO;AACT;AASO,IAAM,mBAAmB,CAC9B,GACA,MACW;AACX,QAAM,KAAK,EAAE;AACb,QAAM,KAAK,EAAE;AACb,MAAI,KAAK,GAAI,QAAO;AACpB,MAAI,KAAK,GAAI,QAAO;AACpB,QAAM,KAAK,EAAE;AACb,QAAM,KAAK,EAAE;AACb,SAAO,KAAK,KAAK,KAAK,KAAK,KAAK,IAAI;AACtC;AAEA,IAAM,wBAAwB,CAAC,WAC7B,MAAM,MAAM,MAAM,EAAE;AAAA,EAClB,MAAM,KAAK,SAAS,MAAM,CAAC;AAAA,EAC3B,MAAM,KAAK,oBAAoB,MAAM,CAAC;AAAA,EACtC,MAAM,KAAK,WAAW,MAAM,CAAC;AAAA,EAC7B,MAAM;AACR;AAEF,IAAM,kBAAkB,CACtB,SACA,cACM;AACN,MAAI,CAAC,QAAS,QAAO;AACrB,QAAM,cAAc,sBAAsB,QAAQ,MAAM;AACxD,QAAM,gBAAgB,sBAAsB,UAAU,MAAM;AAC5D,SAAO,gBAAgB,cAAc,YAAY;AACnD;AAEO,IAAM,oBAAoB,CAC/B,QACA,UACA,cAC4B;AAC5B,MAAI,SAAS,WAAW,EAAG,QAAO;AAClC,QAAM,SAAS,CAAC,GAAG,QAAQ,EAAE,KAAK,CAAC,GAAG,MAAM;AAC1C,UAAM,KAAK,UAAU,CAAC;AACtB,UAAM,KAAK,UAAU,CAAC;AACtB,QAAI,OAAO,GAAI,QAAO,KAAK;AAC3B,WAAO,iBAAiB,GAAG,CAAC;AAAA,EAC9B,CAAC;AACD,QAAM,oBAAoB,oBAAI,IAAyB;AACvD,aAAW,OAAO,QAAQ;AACxB,QAAI,kBAAkB,IAAI,IAAI,KAAK,EAAG;AACtC,QAAI,aAAa,IAAI,SAAS,MAAM,GAAG;AACrC,wBAAkB,IAAI,IAAI,OAAO;AAAA,QAC/B,QAAQ,IAAI;AAAA,QACZ,SAAS,IAAI;AAAA,QACb,UAAU,IAAI;AAAA,MAChB,CAAC;AAAA,IACH;AAAA,EACF;AACA,MAAI;AACJ,aAAW,SAAS,kBAAkB,OAAO,GAAG;AAC9C,eAAW,gBAAgB,UAAU,KAAK;AAAA,EAC5C;AACA,SAAO;AACT;AAMA,IAAM,aAAa,CAAC,4BAClB,0BACI,EAAE,QAAQ,oBAAoB,QAAQ,iBAAiB,IACvD,EAAE,QAAQ,WAAW,QAAQ,iBAAiB;AAEpD,IAAM,WAAW,CAAC,WAAyC;AAAA,EACzD,QAAQ,MAAM;AAAA,EACd,QAAQ;AAAA,EACR,SAAS,MAAM;AAAA,EACf,UAAU,MAAM;AAClB;AAEO,IAAM,yBAAyB,CACpC,QACA,UACA,WACA,4BACoB;AACpB,QAAM,QAAQ,kBAAkB,QAAQ,UAAU,SAAS;AAC3D,SAAO,QAAQ,SAAS,KAAK,IAAI,WAAW,uBAAuB;AACrE;AAEO,IAAM,4BAA4B,CACvC,QACA,gBAEA,4BACoB;AACpB,QAAM,oBAAoB,oBAAI,IAA6B;AAC3D,aAAW,KAAK,gBAAgB;AAC9B,UAAM,WAAW,WAAW,KAAK,EAAE,QAAQ,OAAO,EAAE,KAAK,IAAI;AAC7D,QAAI,kBAAkB,IAAI,QAAQ,EAAG;AACrC,QAAI,aAAa,EAAE,SAAS,MAAM,GAAG;AACnC,wBAAkB,IAAI,UAAU;AAAA,QAC9B,QAAQ,EAAE;AAAA,QACV,QAAQ;AAAA,QACR,SAAS,EAAE;AAAA,QACX,UAAU,EAAE;AAAA,MACd,CAAC;AAAA,IACH;AAAA,EACF;AACA,MAAI;AACJ,aAAW,SAAS,kBAAkB,OAAO,GAAG;AAC9C,eAAW,gBAAgB,UAAU,KAAK;AAAA,EAC5C;AACA,SAAO,YAAY,WAAW,uBAAuB;AACvD;AAMO,IAAM,kBAAkB,CAAC,SAAoC;AAAA,EAClE,IAAI,SAAS,KAAK,IAAI,EAAE;AAAA,EACxB,OAAO,IAAI;AAAA,EACX,SAAS,IAAI;AAAA,EACb,QAAQ,IAAI;AAAA,EACZ,UAAU,IAAI;AAAA,EACd,WAAW,IAAI;AAAA,EACf,WAAW,IAAI;AACjB;AAEO,IAAM,yBAAyB,OAAO,SAAS,CAAC,WAAW,oBAAoB,OAAO,CAAC;;;AC/P9F,SAAiB,UAAAA,eAAc;AASxB,IAAM,kBAAkBC,QAAO,aAAa,mBAAmB;AAAA,EACpE,SAASA,QAAO;AAAA;AAAA,EAEhB,iBAAiBA,QAAO,OAAOA,QAAO,QAAQA,QAAO,OAAO;AAC9D,CAAC;AAIM,IAAM,iBAAiBA,QAAO,aAAa,kBAAkB;AAAA,EAClE,SAASA,QAAO;AAAA,EAChB,KAAKA,QAAO;AAAA;AAAA,EAEZ,eAAe;AACjB,CAAC;AAKM,IAAM,oBAAoBA,QAAO,SAAS,CAAC,UAAU,WAAW,QAAQ,CAAC;AAGzE,IAAM,sBAAsBA,QAAO,OAAO;AAAA,EAC/C,QAAQ;AAAA;AAAA,EAER,SAASA,QAAO,SAASA,QAAO,OAAOA,QAAO,QAAQA,QAAO,OAAO,CAAC;AACvE,CAAC;AAwBM,IAAM,2BAAN,cAAuCA,QAAO,iBAA2C;AAAA,EAC9F;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,QAAQA,QAAO,SAAS,CAAC,WAAW,QAAQ,CAAC;AAAA,EAC/C;AACF,EAAE;AAAA;AAAA;AAAA,EAGA,IAAa,UAAkB;AAC7B,WAAO,iBAAiB,KAAK,WAAW,WAAW,cAAc,UAAU,KAAK,KAAK,OAAO;AAAA,EAC9F;AACF;;;ACtEA,SAAS,UAAAC,eAAc;AAsBhB,IAAM,oBAAN,cAAgCC,QAAO,iBAAoC;AAAA,EAChF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,aAAaA,QAAO,SAASA,QAAO,MAAM,WAAW,CAAC;AAAA,EACxD;AACF,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,mBAAmB,KAAK,OAAO;AAAA,EACxC;AACF;AAEO,IAAM,sBAAN,cAAkCA,QAAO,iBAAsC;AAAA,EACpF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,SAASA,QAAO;AAAA,IAChB,OAAOA,QAAO,SAASA,QAAO,OAAO;AAAA,EACvC;AACF,EAAE;AAAC;AAII,IAAM,mBAAN,cAA+BA,QAAO,iBAAmC;AAAA,EAC9E;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,SAASA,QAAO;AAAA,EAClB;AACF,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,2BAA2B,KAAK,OAAO,MAAM,KAAK,OAAO;AAAA,EAClE;AACF;AAGO,IAAM,uBAAN,cAAmCA,QAAO,iBAAuC;AAAA,EACtF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAUA,QAAO;AAAA,EACnB;AACF,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,WAAW,KAAK,QAAQ,6BAA6B,KAAK,OAAO;AAAA,EAC1E;AACF;AAGO,IAAM,iBAAN,cAA6BA,QAAO,iBAAiC,EAAE,kBAAkB;AAAA,EAC9F,SAAS;AAAA,EACT,UAAUA,QAAO;AACnB,CAAC,EAAE;AAAA,EACD,IAAa,UAAkB;AAC7B,WAAO,WAAW,KAAK,QAAQ,yCAAyC,KAAK,OAAO;AAAA,EACtF;AACF;AAMO,IAAM,2BAAN,cAAuCA,QAAO,iBAA2C;AAAA,EAC9F;AAAA,EACA,EAAE,MAAM,gBAAgB;AAC1B,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,0BAA0B,KAAK,IAAI;AAAA,EAC5C;AACF;AAOO,IAAM,gCAAN,cAA4CA,QAAO,iBAAgD;AAAA,EACxG;AAAA,EACA,EAAE,MAAM,gBAAgB;AAAA,EACxB,EAAE,eAAe,IAAI;AACvB,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,+BAA+B,KAAK,IAAI;AAAA,EACjD;AACF;AAIO,IAAM,oCAAN,cAAgDA,QAAO,iBAAoD;AAAA,EAChH;AAAA,EACA,EAAE,MAAM,gBAAgB;AAC1B,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,oEAAoE,KAAK,IAAI;AAAA,EACtF;AACF;AAEO,IAAM,0BAAN,cAAsCA,QAAO,iBAA0C;AAAA,EAC5F;AAAA,EACA;AAAA,IACE,OAAO;AAAA,IACP,aAAa;AAAA,IACb,MAAM;AAAA,EACR;AACF,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,yBAAyB,KAAK,WAAW,IAAI,KAAK,KAAK,IAAI,KAAK,IAAI;AAAA,EAC7E;AACF;AAOO,IAAM,8BAAN,cAA0CA,QAAO,iBAA8C;AAAA,EACpG;AAAA,EACA,EAAE,SAASA,QAAO,OAAO;AAC3B,EAAE;AAAC;AAII,IAAM,uCAAN,cAAmDA,QAAO,iBAAuD;AAAA,EACtH;AAAA,EACA,EAAE,UAAU,YAAY;AAC1B,EAAE;AAAA,EACA,IAAa,UAAkB;AAC7B,WAAO,uCAAuC,KAAK,QAAQ;AAAA,EAC7D;AACF;AAIO,IAAM,4BAAN,cAAwCA,QAAO,iBAA4C;AAAA,EAChG;AAAA,EACA;AAAA,IACE,OAAO;AAAA,IACP,aAAa;AAAA,IACb,MAAM;AAAA,IACN,SAASA,QAAO;AAAA;AAAA;AAAA,IAGhB,gBAAgBA,QAAO,SAASA,QAAO,OAAO;AAAA,EAChD;AACF,EAAE;AAAC;;;ACrKH,SAAS,UAAAC,eAAc;AAqKhB,IAAM,kBAAN,cAA8BC,QAAO,iBAAkC,EAAE,mBAAmB;AAAA,EACjG,SAASA,QAAO;AAClB,CAAC,EAAE;AAAC;AAEG,IAAM,qBAAN,cAAiCA,QAAO,iBAAqC;AAAA,EAClF;AAAA,EACA;AAAA,IACE,SAASA,QAAO;AAAA;AAAA,IAEhB,iBAAiBA,QAAO,SAASA,QAAO,OAAO;AAAA,EACjD;AACF,EAAE;AAAC;AAEI,IAAM,kBAAN,cAA8BA,QAAO,iBAAkC,EAAE,mBAAmB;AAAA,EACjG,SAASA,QAAO;AAClB,CAAC,EAAE;AAAC;AAEG,IAAM,4BAAN,cAAwCA,QAAO,iBAA4C;AAAA,EAChG;AAAA,EACA,EAAE,SAASA,QAAO,OAAO;AAC3B,EAAE;AAAC;AAEI,IAAM,4BAAN,cAAwCA,QAAO,iBAA4C;AAAA,EAChG;AAAA,EACA,EAAE,OAAO,WAAW;AACtB,EAAE;AAAC;;;ACxLH,SAAS,UAAAC,eAAc;AAUhB,IAAM,iBAAiBC,QAAO,OAAO;AAAA,EAC1C,SAAS;AAAA,EACT,MAAMA,QAAO,SAASA,QAAO,MAAM;AAAA,EACnC,aAAaA,QAAO,SAASA,QAAO,MAAM;AAAA,EAC1C,aAAaA,QAAO,SAASA,QAAO,OAAO;AAAA,EAC3C,cAAcA,QAAO,SAASA,QAAO,OAAO;AAAA,EAC5C,mBAAmBA,QAAO,SAASA,QAAO,OAAOA,QAAO,QAAQA,QAAO,OAAO,CAAC;AAAA,EAC/E,iBAAiBA,QAAO,SAASA,QAAO,MAAM;AAAA,EAC9C,kBAAkBA,QAAO,SAASA,QAAO,MAAM;AAAA,EAC/C,uBAAuBA,QAAO,SAASA,QAAO,OAAOA,QAAO,QAAQA,QAAO,MAAM,CAAC;AACpF,CAAC;AAUM,IAAM,6BAA6BA,QAAO,OAAO;AAAA;AAAA,EAEtD,MAAMA,QAAO;AAAA;AAAA;AAAA,EAGb,YAAYA,QAAO,SAAS,CAAC,QAAQ,UAAU,KAAK,CAAC;AAAA;AAAA,EAErD,UAAUA,QAAO;AAAA;AAAA,EAEjB,MAAMA,QAAO;AAAA;AAAA,EAEb,MAAMA,QAAO;AACf,CAAC;","names":["Schema","Schema","Schema","Schema","Schema","Schema","Schema","Schema"]}
|
package/dist/core-schema.d.ts
CHANGED
|
@@ -39,6 +39,7 @@ export declare const coreTables: {
|
|
|
39
39
|
readonly refresh_item_id: import("@executor-js/fumadb/schema").Column<"string", string | null, string | null>;
|
|
40
40
|
readonly expires_at: import("@executor-js/fumadb/schema").Column<"bigint", bigint | null, bigint | null>;
|
|
41
41
|
readonly oauth_scope: import("@executor-js/fumadb/schema").Column<"string", string | null, string | null>;
|
|
42
|
+
readonly oauth_token_url: import("@executor-js/fumadb/schema").Column<"string", string | null, string | null>;
|
|
42
43
|
readonly provider_state: import("@executor-js/fumadb/schema").Column<"json", unknown, unknown>;
|
|
43
44
|
readonly created_at: import("@executor-js/fumadb/schema").Column<"timestamp", Date, Date>;
|
|
44
45
|
readonly updated_at: import("@executor-js/fumadb/schema").Column<"timestamp", Date, Date>;
|
|
@@ -178,6 +179,7 @@ export declare const coreSchema: {
|
|
|
178
179
|
readonly refresh_item_id: import("@executor-js/fumadb/schema").Column<"string", string | null, string | null>;
|
|
179
180
|
readonly expires_at: import("@executor-js/fumadb/schema").Column<"bigint", bigint | null, bigint | null>;
|
|
180
181
|
readonly oauth_scope: import("@executor-js/fumadb/schema").Column<"string", string | null, string | null>;
|
|
182
|
+
readonly oauth_token_url: import("@executor-js/fumadb/schema").Column<"string", string | null, string | null>;
|
|
181
183
|
readonly provider_state: import("@executor-js/fumadb/schema").Column<"json", unknown, unknown>;
|
|
182
184
|
readonly created_at: import("@executor-js/fumadb/schema").Column<"timestamp", Date, Date>;
|
|
183
185
|
readonly updated_at: import("@executor-js/fumadb/schema").Column<"timestamp", Date, Date>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"core-schema.d.ts","sourceRoot":"","sources":["../src/core-schema.ts"],"names":[],"mappings":"AAGA,OAAO,EAAgB,KAAK,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAiB5D,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,0EAA2B,CAAC;AACnE,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,wFAAsC,CAAC;AACtF,eAAO,MAAM,SAAS,GAAI,MAAM,MAAM,gFAAiC,CAAC;AACxE,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,8FAA4C,CAAC;AAC3F,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,EAAE,cAAc,OAAO,iFAChB,CAAC;AAC/C,eAAO,MAAM,YAAY,GAAI,MAAM,MAAM,0EAA2B,CAAC;AACrE,eAAO,MAAM,oBAAoB,GAAI,MAAM,MAAM,wFAAsC,CAAC;AACxF,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,0EAAyB,CAAC;AACjE,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,0EAAoC,CAAC;AACpF,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,yEAA8B,CAAC;AAmFtE,eAAO,MAAM,UAAU
|
|
1
|
+
{"version":3,"file":"core-schema.d.ts","sourceRoot":"","sources":["../src/core-schema.ts"],"names":[],"mappings":"AAGA,OAAO,EAAgB,KAAK,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAiB5D,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,0EAA2B,CAAC;AACnE,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,wFAAsC,CAAC;AACtF,eAAO,MAAM,SAAS,GAAI,MAAM,MAAM,gFAAiC,CAAC;AACxE,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,8FAA4C,CAAC;AAC3F,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,EAAE,cAAc,OAAO,iFAChB,CAAC;AAC/C,eAAO,MAAM,YAAY,GAAI,MAAM,MAAM,0EAA2B,CAAC;AACrE,eAAO,MAAM,oBAAoB,GAAI,MAAM,MAAM,wFAAsC,CAAC;AACxF,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,0EAAyB,CAAC;AACjE,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,0EAAoC,CAAC;AACpF,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,yEAA8B,CAAC;AAmFtE,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiMrB,CAAC;AAEH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAAa,CAAC;AACrC,MAAM,MAAM,UAAU,GAAG,OAAO,UAAU,CAAC;AAE3C,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;AAChE,MAAM,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;AAC9D,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;AACjE,MAAM,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;AACnE,MAAM,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AAClD;;;4EAG4E;AAC5E,MAAM,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,EAAE,cAAc,GAAG,eAAe,CAAC,CAAC;AAChF,+EAA+E;AAC/E,eAAO,MAAM,uBAAuB,qJAYW,CAAC;AAChD,MAAM,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;AAC9D,MAAM,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;AAC/D,MAAM,MAAM,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC;AACrE,MAAM,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AAElD,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,kBAAkB,GAAG,OAAO,CAAC;AAExE,eAAO,MAAM,mBAAmB,mDAIgB,CAAC;AAEjD,eAAO,MAAM,kBAAkB,GAAI,OAAO,OAAO,KAAG,KAAK,IAAI,gBAC4B,CAAC"}
|
package/dist/core-tools.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"core-tools.d.ts","sourceRoot":"","sources":["../src/core-tools.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"core-tools.d.ts","sourceRoot":"","sources":["../src/core-tools.ts"],"names":[],"mappings":"AA2aA,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,CAAC;CACrC;AAED,eAAO,MAAM,eAAe,uMAkWzB,CAAC"}
|
package/dist/core.js
CHANGED
|
@@ -12,7 +12,7 @@ import {
|
|
|
12
12
|
normalizeExecutorServerConnection,
|
|
13
13
|
normalizeExecutorServerOrigin,
|
|
14
14
|
originFromApiBaseUrl
|
|
15
|
-
} from "./chunk-
|
|
15
|
+
} from "./chunk-EJKXSREX.js";
|
|
16
16
|
import {
|
|
17
17
|
OAUTH2_PROVIDER_KEY,
|
|
18
18
|
OAUTH2_SESSION_TTL_MS,
|
|
@@ -56,7 +56,7 @@ import {
|
|
|
56
56
|
textColumn,
|
|
57
57
|
tool,
|
|
58
58
|
toolAddress
|
|
59
|
-
} from "./chunk-
|
|
59
|
+
} from "./chunk-5Q35SELN.js";
|
|
60
60
|
import {
|
|
61
61
|
ConnectionNotFoundError,
|
|
62
62
|
CredentialProviderNotRegisteredError,
|
|
@@ -85,8 +85,8 @@ import {
|
|
|
85
85
|
effectivePolicyFromSorted,
|
|
86
86
|
isValidPattern,
|
|
87
87
|
matchPattern
|
|
88
|
-
} from "./chunk-
|
|
89
|
-
import "./chunk-
|
|
88
|
+
} from "./chunk-PCSRC6WP.js";
|
|
89
|
+
import "./chunk-4XPVLX62.js";
|
|
90
90
|
import {
|
|
91
91
|
AuthTemplateSlug,
|
|
92
92
|
ConnectionAddress,
|
package/dist/executor.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAe,KAAK,EAA6B,MAAM,QAAQ,CAAC;AAC/E,OAAO,EAAmB,KAAK,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAQxE,OAAO,EAIL,KAAK,MAAM,EAEX,KAAK,UAAU,EACf,KAAK,cAAc,EACpB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAsC,KAAK,SAAS,EAAwB,MAAM,QAAQ,CAAC;AAElG,OAAO,KAAK,EACV,UAAU,EAEV,aAAa,EACb,qBAAqB,EAErB,qBAAqB,EACtB,MAAM,cAAc,CAAC;AAatB,OAAO,EAML,KAAK,aAAa,EAClB,KAAK,aAAa,EACnB,MAAM,eAAe,CAAC;AAEvB,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAClE,OAAO,EACL,uBAAuB,EACvB,oCAAoC,EAEpC,wBAAwB,EACxB,2BAA2B,EAC3B,iCAAiC,EAMjC,KAAK,YAAY,EAClB,MAAM,UAAU,CAAC;AAClB,OAAO,EAEL,iBAAiB,EACjB,cAAc,EACd,eAAe,EAGf,KAAK,EAGL,WAAW,EACX,OAAO,EACP,MAAM,EACN,WAAW,EACX,QAAQ,EACT,MAAM,OAAO,CAAC;AACf,OAAO,KAAK,EAEV,WAAW,EAGZ,MAAM,eAAe,CAAC;AAEvB,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAKL,KAAK,qBAAqB,EAC1B,KAAK,eAAe,EACpB,KAAK,qBAAqB,EAC1B,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC3B,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AACpE,OAAO,KAAK,EACV,SAAS,EAOT,gBAAgB,EAMjB,MAAM,UAAU,CAAC;AAgBlB,OAAO,EAAE,cAAc,EAAE,KAAK,0BAA0B,EAAE,MAAM,SAAS,CAAC;AAC1E,OAAO,EAAE,KAAK,IAAI,EAAsC,KAAK,cAAc,EAAE,MAAM,QAAQ,CAAC;AAG5F,OAAO,EAIL,KAAK,sBAAsB,EAC5B,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAe,KAAK,EAA6B,MAAM,QAAQ,CAAC;AAC/E,OAAO,EAAmB,KAAK,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAQxE,OAAO,EAIL,KAAK,MAAM,EAEX,KAAK,UAAU,EACf,KAAK,cAAc,EACpB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAsC,KAAK,SAAS,EAAwB,MAAM,QAAQ,CAAC;AAElG,OAAO,KAAK,EACV,UAAU,EAEV,aAAa,EACb,qBAAqB,EAErB,qBAAqB,EACtB,MAAM,cAAc,CAAC;AAatB,OAAO,EAML,KAAK,aAAa,EAClB,KAAK,aAAa,EACnB,MAAM,eAAe,CAAC;AAEvB,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAClE,OAAO,EACL,uBAAuB,EACvB,oCAAoC,EAEpC,wBAAwB,EACxB,2BAA2B,EAC3B,iCAAiC,EAMjC,KAAK,YAAY,EAClB,MAAM,UAAU,CAAC;AAClB,OAAO,EAEL,iBAAiB,EACjB,cAAc,EACd,eAAe,EAGf,KAAK,EAGL,WAAW,EACX,OAAO,EACP,MAAM,EACN,WAAW,EACX,QAAQ,EACT,MAAM,OAAO,CAAC;AACf,OAAO,KAAK,EAEV,WAAW,EAGZ,MAAM,eAAe,CAAC;AAEvB,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAKL,KAAK,qBAAqB,EAC1B,KAAK,eAAe,EACpB,KAAK,qBAAqB,EAC1B,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC3B,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AACpE,OAAO,KAAK,EACV,SAAS,EAOT,gBAAgB,EAMjB,MAAM,UAAU,CAAC;AAgBlB,OAAO,EAAE,cAAc,EAAE,KAAK,0BAA0B,EAAE,MAAM,SAAS,CAAC;AAC1E,OAAO,EAAE,KAAK,IAAI,EAAsC,KAAK,cAAc,EAAE,MAAM,QAAQ,CAAC;AAG5F,OAAO,EAIL,KAAK,sBAAsB,EAC5B,MAAM,iBAAiB,CAAC;AA2BzB,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC;IACtC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,UAAU,EAAE,cAAc,CAAC;IACpC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;CACzB;AAID;;;;;;;;;8EAS8E;AAC9E,eAAO,MAAM,gBAAgB,GAAI,SAAS,MAAM,KAAG,iBAAiB,GAAG,IAyBtE,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAC5B,OAAO,KAAK,EACZ,aAAa,eAAe,EAC5B,YAAY,cAAc,KACzB,iBACgF,CAAC;AAEpF,eAAO,MAAM,WAAW,GACtB,OAAO,KAAK,EACZ,aAAa,eAAe,EAC5B,YAAY,cAAc,EAC1B,MAAM,QAAQ,KACb,WACkF,CAAC;AAkBtF,MAAM,MAAM,QAAQ,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,GAAG,SAAS,EAAE,IAAI;IAC1E,QAAQ,CAAC,YAAY,EAAE;QACrB,QAAQ,CAAC,IAAI,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,WAAW,EAAE,EAAE,cAAc,CAAC,CAAC;QAC3E,QAAQ,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,eAAe,KAAK,MAAM,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,EAAE,cAAc,CAAC,CAAC;QAC3F,QAAQ,CAAC,MAAM,EAAE,CACf,IAAI,EAAE,eAAe,EACrB,KAAK,EAAE;YAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;YAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;SAAE,KAC7D,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,wBAAwB,GAAG,cAAc,CAAC,CAAC;QACpE,QAAQ,CAAC,MAAM,EAAE,CACf,IAAI,EAAE,eAAe,KAClB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,iCAAiC,GAAG,cAAc,CAAC,CAAC;QAC7E,QAAQ,CAAC,MAAM,EAAE,CACf,GAAG,EAAE,MAAM,KACR,MAAM,CAAC,MAAM,CAAC,SAAS,0BAA0B,EAAE,EAAE,cAAc,CAAC,CAAC;KAC3E,CAAC;IAEF,QAAQ,CAAC,WAAW,EAAE;QACpB,QAAQ,CAAC,MAAM,EAAE,CACf,KAAK,EAAE,qBAAqB,KACzB,MAAM,CAAC,MAAM,CAChB,UAAU,EACR,wBAAwB,GACxB,oCAAoC,GACpC,2BAA2B,GAC3B,cAAc,CACjB,CAAC;QACF,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE;YACvB,QAAQ,CAAC,WAAW,CAAC,EAAE,eAAe,CAAC;YACvC,QAAQ,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC;SACxB,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,UAAU,EAAE,EAAE,cAAc,CAAC,CAAC;QAC3D,QAAQ,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,aAAa,KAAK,MAAM,CAAC,MAAM,CAAC,UAAU,GAAG,IAAI,EAAE,cAAc,CAAC,CAAC;QACvF;4DACoD;QACpD,QAAQ,CAAC,MAAM,EAAE,CACf,GAAG,EAAE,aAAa,EAClB,KAAK,EAAE,qBAAqB,KACzB,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,uBAAuB,GAAG,cAAc,CAAC,CAAC;QACzE,QAAQ,CAAC,MAAM,EAAE,CACf,GAAG,EAAE,aAAa,KACf,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,uBAAuB,GAAG,cAAc,CAAC,CAAC;QACnE,QAAQ,CAAC,OAAO,EAAE,CAChB,GAAG,EAAE,aAAa,KACf,MAAM,CAAC,MAAM,CAChB,SAAS,IAAI,EAAE,EACf,uBAAuB,GAAG,wBAAwB,GAAG,cAAc,CACpE,CAAC;KACH,CAAC;IAEF;uDACmD;IACnD,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAE7B,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,cAAc,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,EAAE,cAAc,CAAC,CAAC;QAC3F,QAAQ,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,MAAM,CAAC,MAAM,CAAC,cAAc,GAAG,IAAI,EAAE,cAAc,CAAC,CAAC;KACjG,CAAC;IAEF,QAAQ,CAAC,SAAS,EAAE;QAClB,QAAQ,CAAC,IAAI,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,WAAW,EAAE,CAAC,CAAC;QAC3D,QAAQ,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,WAAW,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,aAAa,EAAE,EAAE,cAAc,CAAC,CAAC;KAC/F,CAAC;IAEF,QAAQ,CAAC,QAAQ,EAAE;QACjB,QAAQ,CAAC,IAAI,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,UAAU,EAAE,EAAE,cAAc,CAAC,CAAC;QAC1E,QAAQ,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,qBAAqB,KAAK,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC7F,QAAQ,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,qBAAqB,KAAK,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC7F,QAAQ,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,qBAAqB,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;QACvF,QAAQ,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;KAC5F,CAAC;IAEF,QAAQ,CAAC,OAAO,EAAE,CAChB,OAAO,EAAE,WAAW,EACpB,IAAI,EAAE,OAAO,EACb,OAAO,CAAC,EAAE,aAAa,KACpB,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAE1C,QAAQ,CAAC,KAAK,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;CAC3D,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;AAE/B,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CACnF;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;AAEvD,MAAM,MAAM,iBAAiB,GAAG,CAAC,MAAM,EAAE;IACvC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;CAC7B,KAAK,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;AAEvE,MAAM,WAAW,cAAc,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,GAAG,SAAS,EAAE;IACjF;gBACY;IACZ,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,8EAA8E;IAC9E,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,EAAE,CAAC,EAAE,eAAe,GAAG,iBAAiB,CAAC;IAClD;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;IAC3B,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC;IAC5B;;6EAEyE;IACzE,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,kBAAkB,EAAE,CAAC;IACnD;;;OAGG;IACH,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IAC9D;;;;;;OAMG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,sBAAsB,CAAC,EAAE,sBAAsB,CAAC;IACzD;;;OAGG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE;QACnB,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,CAAC;KACrC,CAAC;CACH;AAQD,eAAO,MAAM,aAAa,QAAO,UAGhC,CAAC;AAyyBF,eAAO,MAAM,cAAc,GAAI,KAAK,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,GAAG,SAAS,EAAE,EACtF,QAAQ,cAAc,CAAC,QAAQ,CAAC,KAC/B,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,cAAc,CAgjE/C,CAAC"}
|
package/dist/host-internal.js
CHANGED
package/dist/index.js
CHANGED
|
@@ -4,7 +4,7 @@ import {
|
|
|
4
4
|
import {
|
|
5
5
|
collectTables,
|
|
6
6
|
createExecutor
|
|
7
|
-
} from "./chunk-
|
|
7
|
+
} from "./chunk-5Q35SELN.js";
|
|
8
8
|
import {
|
|
9
9
|
ConnectionNotFoundError,
|
|
10
10
|
CredentialProviderNotRegisteredError,
|
|
@@ -22,8 +22,8 @@ import {
|
|
|
22
22
|
ToolNotFoundError,
|
|
23
23
|
ToolSchemaView,
|
|
24
24
|
UrlElicitation
|
|
25
|
-
} from "./chunk-
|
|
26
|
-
import "./chunk-
|
|
25
|
+
} from "./chunk-PCSRC6WP.js";
|
|
26
|
+
import "./chunk-4XPVLX62.js";
|
|
27
27
|
import {
|
|
28
28
|
AuthTemplateSlug,
|
|
29
29
|
ConnectionName,
|
package/dist/oauth-client.d.ts
CHANGED
|
@@ -86,6 +86,11 @@ export interface OAuthStartInput {
|
|
|
86
86
|
export interface OAuthCompleteInput {
|
|
87
87
|
readonly state: OAuthState;
|
|
88
88
|
readonly code: string;
|
|
89
|
+
/** Non-standard regional host the authorization server returns on the
|
|
90
|
+
* callback (Datadog's `domain`/`site` params) so the code is redeemed at the
|
|
91
|
+
* org's actual region rather than the statically advertised one. Used only
|
|
92
|
+
* when it is a sibling subdomain of the client's configured token host. */
|
|
93
|
+
readonly callbackDomain?: string | null;
|
|
89
94
|
}
|
|
90
95
|
/** Probe a base/issuer URL for OAuth 2.1 authorization-server metadata so the
|
|
91
96
|
* onboarding UI can pre-fill a client's endpoints. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-client.d.ts","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,eAAe,EACf,UAAU,EACV,KAAK,KAAK,EACX,MAAM,OAAO,CAAC;AAYf,MAAM,MAAM,UAAU,GAAG,oBAAoB,GAAG,oBAAoB,CAAC;AAErE;;wEAEwE;AACxE,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;CACpC;AAED;;;;+CAI+C;AAC/C,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC;IAC/B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;iFAC6E;IAC7E,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B;kFAC8E;IAC9E,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACnC;AAED,MAAM,MAAM,iBAAiB,GACzB;IAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAA;CAAE,GAC3B;IACE,QAAQ,CAAC,IAAI,EAAE,6BAA6B,CAAC;IAC7C,QAAQ,CAAC,WAAW,CAAC,EAAE,eAAe,GAAG,IAAI,CAAC;CAC/C,CAAC;AAEN,MAAM,MAAM,sBAAsB,GAAG,WAAW,GAAG;IACjD,QAAQ,CAAC,MAAM,CAAC,EAAE,iBAAiB,CAAC;CACrC,CAAC;AAEF;;;gDAGgD;AAChD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;IAC3B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,iBAAiB,CAAC;CACpC;AAED,wEAAwE;AACxE,MAAM,MAAM,aAAa,GACrB;IAAE,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAAC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAA;CAAE,GACjE;IACE,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;IAC5B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;CAC5B,CAAC;AAEN;;eAEe;AACf,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC;IACjC;;sFAEkF;IAClF,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC;IAC5B,sFAAsF;IACtF,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,cAAc,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IACpC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC,oGAAoG;IACpG,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACtC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"oauth-client.d.ts","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAEhC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,eAAe,EACf,UAAU,EACV,KAAK,KAAK,EACX,MAAM,OAAO,CAAC;AAYf,MAAM,MAAM,UAAU,GAAG,oBAAoB,GAAG,oBAAoB,CAAC;AAErE;;wEAEwE;AACxE,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;CACpC;AAED;;;;+CAI+C;AAC/C,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC;IAC/B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;iFAC6E;IAC7E,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B;kFAC8E;IAC9E,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACnC;AAED,MAAM,MAAM,iBAAiB,GACzB;IAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAA;CAAE,GAC3B;IACE,QAAQ,CAAC,IAAI,EAAE,6BAA6B,CAAC;IAC7C,QAAQ,CAAC,WAAW,CAAC,EAAE,eAAe,GAAG,IAAI,CAAC;CAC/C,CAAC;AAEN,MAAM,MAAM,sBAAsB,GAAG,WAAW,GAAG;IACjD,QAAQ,CAAC,MAAM,CAAC,EAAE,iBAAiB,CAAC;CACrC,CAAC;AAEF;;;gDAGgD;AAChD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;IAC3B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,iBAAiB,CAAC;CACpC;AAED,wEAAwE;AACxE,MAAM,MAAM,aAAa,GACrB;IAAE,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAAC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAA;CAAE,GACjE;IACE,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;IAC5B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;CAC5B,CAAC;AAEN;;eAEe;AACf,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC;IACjC;;sFAEkF;IAClF,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC;IAC5B,sFAAsF;IACtF,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,cAAc,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IACpC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC,oGAAoG;IACpG,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACtC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;;gFAG4E;IAC5E,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzC;AAED;uDACuD;AACvD,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;;qCAEiC;IACjC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,QAAQ,CAAC,eAAe,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC7C,4EAA4E;IAC5E,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9C;8DAC0D;IAC1D,QAAQ,CAAC,iCAAiC,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAChE;AAED;;+EAE+E;AAC/E,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC;IAC/B,6EAA6E;IAC7E,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,oFAAoF;IACpF,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC;uFACmF;IACnF,QAAQ,CAAC,iCAAiC,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC/D,mEAAmE;IACnE,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,kGAAkG;IAClG,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,kEAAkE;IAClE,QAAQ,CAAC,iBAAiB,CAAC,EAAE,eAAe,GAAG,IAAI,CAAC;CACrD;;;;AAED,qBAAa,eAAgB,SAAQ,oBAEnC;CAAG;;;IAMD,8EAA8E;;;AAJlF,qBAAa,kBAAmB,SAAQ,uBAOvC;CAAG;;;;AAEJ,qBAAa,eAAgB,SAAQ,oBAEnC;CAAG;;;;AAEL,qBAAa,yBAA0B,SAAQ,8BAG9C;CAAG;;;;AAEJ,qBAAa,yBAA0B,SAAQ,8BAG9C;CAAG;AAEJ;;kDAEkD;AAClD,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,YAAY,EAAE,CACrB,KAAK,EAAE,sBAAsB,KAC1B,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;IACpD;8EAC0E;IAC1E,QAAQ,CAAC,qBAAqB,EAAE,CAC9B,KAAK,EAAE,0BAA0B,KAC9B,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,yBAAyB,GAAG,cAAc,CAAC,CAAC;IAChF;kFAC8E;IAC9E,QAAQ,CAAC,WAAW,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,kBAAkB,EAAE,EAAE,cAAc,CAAC,CAAC;IACzF;;;;oFAIgF;IAChF,QAAQ,CAAC,YAAY,EAAE,CACrB,KAAK,EAAE,KAAK,EACZ,IAAI,EAAE,eAAe,KAClB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACzC,QAAQ,CAAC,KAAK,EAAE,CACd,KAAK,EAAE,eAAe,KACnB,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE,eAAe,GAAG,cAAc,CAAC,CAAC;IACpE,QAAQ,CAAC,QAAQ,EAAE,CACjB,KAAK,EAAE,kBAAkB,KACtB,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,kBAAkB,GAAG,yBAAyB,GAAG,cAAc,CAAC,CAAC;IAChG,QAAQ,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IAC5E,QAAQ,CAAC,KAAK,EAAE,CACd,KAAK,EAAE,eAAe,KACnB,MAAM,CAAC,MAAM,CAAC,gBAAgB,EAAE,eAAe,GAAG,cAAc,CAAC,CAAC;CACxE"}
|
package/dist/oauth-helpers.d.ts
CHANGED
|
@@ -67,6 +67,7 @@ export declare const buildAuthorizationUrl: (input: BuildAuthorizationUrlInput)
|
|
|
67
67
|
* consent app, Google folds those unrelated scopes into the new consent flow and
|
|
68
68
|
* can fail inside accounts.google.com before returning to our callback. */
|
|
69
69
|
export declare const providerAuthorizeExtras: (authorizationUrl: string) => Readonly<Record<string, string>>;
|
|
70
|
+
export declare const rebindTokenEndpointHostToCallbackDomain: (configuredTokenUrl: string, callbackDomain: string | null | undefined) => string;
|
|
70
71
|
export type ClientAuthMethod = "body" | "basic";
|
|
71
72
|
/**
|
|
72
73
|
* The token-endpoint client-auth transport used when a caller doesn't specify
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-helpers.d.ts","sourceRoot":"","sources":["../src/oauth-helpers.ts"],"names":[],"mappings":"AAkBA,OAAO,EAAQ,MAAM,EAAa,MAAM,QAAQ,CAAC;;;;AAOjD,qBAAa,WAAY,SAAQ,iBAAgC;IAC/D,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;CAAG;AAML,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAMF,iFAAiF;AACjF,eAAO,MAAM,sBAAsB,QAAS,CAAC;AAE7C,sCAAsC;AACtC,eAAO,MAAM,yBAAyB,QAAS,CAAC;AAEhD,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;CAC9B;AAgBD,eAAO,MAAM,2BAA2B,GACtC,OAAO,MAAM,EACb,SAAQ,sBAA2B,KAClC,OAQF,CAAC;AAEF,eAAO,MAAM,+BAA+B,GAC1C,OAAO,MAAM,EACb,cAA4B,EAC5B,SAAQ,sBAA2B,KAClC,MAIF,CAAC;AAMF,eAAO,MAAM,sBAAsB,QAAO,MAA4C,CAAC;AAEvF,eAAO,MAAM,uBAAuB,GAAI,UAAU,MAAM,KAAG,OAAO,CAAC,MAAM,CAC7B,CAAC;AAE7C;wCACwC;AACxC,eAAO,MAAM,gBAAgB,QAAO,MAAqC,CAAC;AAM1E,MAAM,MAAM,0BAA0B,GAAG;IACvC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,8EAA8E;IAC9E,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,+EAA+E;IAC/E,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC;;2DAEuD;IACvD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,sEAAsE;IACtE,QAAQ,CAAC,WAAW,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACxD,QAAQ,CAAC,iBAAiB,CAAC,EAAE,sBAAsB,CAAC;CACrD,CAAC;AAEF;yDACyD;AACzD,eAAO,MAAM,qBAAqB,GAAI,OAAO,0BAA0B,KAAG,MA8BzE,CAAC;AAEF;;;;;;;;;4EAS4E;AAC5E,eAAO,MAAM,uBAAuB,GAClC,kBAAkB,MAAM,KACvB,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAWjC,CAAC;AA6GF,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,OAAO,CAAC;AAEhD;;;;;;;;GAQG;AACH,eAAO,MAAM,0BAA0B,EAAE,gBAAyB,CAAC;AAiHnE,MAAM,MAAM,8BAA8B,GAAG;IAC3C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IACvC,QAAQ,CAAC,gCAAgC,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC9D;;mBAEe;IACf,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,sBAAsB,CAAC;CACrD,CAAC;AAEF,eAAO,MAAM,yBAAyB,GACpC,OAAO,8BAA8B,KACpC,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,WAAW,CAoCC,CAAC;AAMnD,MAAM,MAAM,8BAA8B,GAAG;IAC3C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IACvC;0EACsE;IACtE,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,sBAAsB,CAAC;CACrD,CAAC;AAEF,eAAO,MAAM,yBAAyB,GACpC,OAAO,8BAA8B,KACpC,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,WAAW,CA2BC,CAAC;AAMnD,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IACvC,QAAQ,CAAC,gCAAgC,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC9D;;6BAEyB;IACzB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,sBAAsB,CAAC;CACrD,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAC7B,OAAO,uBAAuB,KAC7B,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,WAAW,CAuCC,CAAC;AAMnD,eAAO,MAAM,kBAAkB,GAAI,OAAO;IACxC,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,KAAG,OAKH,CAAC"}
|
|
1
|
+
{"version":3,"file":"oauth-helpers.d.ts","sourceRoot":"","sources":["../src/oauth-helpers.ts"],"names":[],"mappings":"AAkBA,OAAO,EAAQ,MAAM,EAAa,MAAM,QAAQ,CAAC;;;;AAOjD,qBAAa,WAAY,SAAQ,iBAAgC;IAC/D,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;CAAG;AAML,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAMF,iFAAiF;AACjF,eAAO,MAAM,sBAAsB,QAAS,CAAC;AAE7C,sCAAsC;AACtC,eAAO,MAAM,yBAAyB,QAAS,CAAC;AAEhD,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;CAC9B;AAgBD,eAAO,MAAM,2BAA2B,GACtC,OAAO,MAAM,EACb,SAAQ,sBAA2B,KAClC,OAQF,CAAC;AAEF,eAAO,MAAM,+BAA+B,GAC1C,OAAO,MAAM,EACb,cAA4B,EAC5B,SAAQ,sBAA2B,KAClC,MAIF,CAAC;AAMF,eAAO,MAAM,sBAAsB,QAAO,MAA4C,CAAC;AAEvF,eAAO,MAAM,uBAAuB,GAAI,UAAU,MAAM,KAAG,OAAO,CAAC,MAAM,CAC7B,CAAC;AAE7C;wCACwC;AACxC,eAAO,MAAM,gBAAgB,QAAO,MAAqC,CAAC;AAM1E,MAAM,MAAM,0BAA0B,GAAG;IACvC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,8EAA8E;IAC9E,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,+EAA+E;IAC/E,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC;;2DAEuD;IACvD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,sEAAsE;IACtE,QAAQ,CAAC,WAAW,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACxD,QAAQ,CAAC,iBAAiB,CAAC,EAAE,sBAAsB,CAAC;CACrD,CAAC;AAEF;yDACyD;AACzD,eAAO,MAAM,qBAAqB,GAAI,OAAO,0BAA0B,KAAG,MA8BzE,CAAC;AAEF;;;;;;;;;4EAS4E;AAC5E,eAAO,MAAM,uBAAuB,GAClC,kBAAkB,MAAM,KACvB,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAWjC,CAAC;AAkDF,eAAO,MAAM,uCAAuC,GAClD,oBAAoB,MAAM,EAC1B,gBAAgB,MAAM,GAAG,IAAI,GAAG,SAAS,KACxC,MAiBF,CAAC;AA6GF,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,OAAO,CAAC;AAEhD;;;;;;;;GAQG;AACH,eAAO,MAAM,0BAA0B,EAAE,gBAAyB,CAAC;AAiHnE,MAAM,MAAM,8BAA8B,GAAG;IAC3C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IACvC,QAAQ,CAAC,gCAAgC,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC9D;;mBAEe;IACf,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,sBAAsB,CAAC;CACrD,CAAC;AAEF,eAAO,MAAM,yBAAyB,GACpC,OAAO,8BAA8B,KACpC,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,WAAW,CAoCC,CAAC;AAMnD,MAAM,MAAM,8BAA8B,GAAG;IAC3C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IACvC;0EACsE;IACtE,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,sBAAsB,CAAC;CACrD,CAAC;AAEF,eAAO,MAAM,yBAAyB,GACpC,OAAO,8BAA8B,KACpC,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,WAAW,CA2BC,CAAC;AAMnD,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IACvC,QAAQ,CAAC,gCAAgC,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC9D;;6BAEyB;IACzB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,sBAAsB,CAAC;CACrD,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAC7B,OAAO,uBAAuB,KAC7B,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,WAAW,CAuCC,CAAC;AAMnD,eAAO,MAAM,kBAAkB,GAAI,OAAO;IACxC,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,KAAG,OAKH,CAAC"}
|
package/dist/oauth-service.d.ts
CHANGED
|
@@ -26,6 +26,10 @@ export interface MintOAuthConnectionInput {
|
|
|
26
26
|
readonly refreshItemId: string | null;
|
|
27
27
|
readonly expiresAt: number | null;
|
|
28
28
|
readonly oauthScope: string | null;
|
|
29
|
+
/** Per-connection override for the token endpoint, persisted only when the
|
|
30
|
+
* code was redeemed at a region other than the client's configured token
|
|
31
|
+
* host (Datadog multi-site). Null means refresh uses the client's token URL. */
|
|
32
|
+
readonly oauthTokenUrl?: string | null;
|
|
29
33
|
}
|
|
30
34
|
/** Everything the OAuth service needs from the executor: fuma access for the
|
|
31
35
|
* owned `oauth_client` / `oauth_session` tables, the default credential
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-service.d.ts","sourceRoot":"","sources":["../src/oauth-service.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,MAAM,EAAE,KAAK,EAAkB,MAAM,QAAQ,CAAC;AACvD,OAAO,EAAmB,KAAK,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAExE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,eAAe,EAEf,KAAK,EAEN,MAAM,OAAO,CAAC;AACf,OAAO,EAcL,KAAK,YAAY,EAGlB,MAAM,gBAAgB,CAAC;AACxB,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAMrD,OAAO,
|
|
1
|
+
{"version":3,"file":"oauth-service.d.ts","sourceRoot":"","sources":["../src/oauth-service.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,MAAM,EAAE,KAAK,EAAkB,MAAM,QAAQ,CAAC;AACvD,OAAO,EAAmB,KAAK,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAExE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,eAAe,EAEf,KAAK,EAEN,MAAM,OAAO,CAAC;AACf,OAAO,EAcL,KAAK,YAAY,EAGlB,MAAM,gBAAgB,CAAC;AACxB,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAMrD,OAAO,EAWL,KAAK,sBAAsB,EAC5B,MAAM,iBAAiB,CAAC;AAGzB;;;4DAG4D;AAC5D,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,cAAc,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IACpC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC,0EAA0E;IAC1E,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC;IACtC,oFAAoF;IACpF,QAAQ,CAAC,gBAAgB,EAAE,KAAK,CAAC;IACjC,QAAQ,CAAC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC;;qFAEiF;IACjF,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACxC;AAED;;;kFAGkF;AAClF,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK;QACpC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;QACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,QAAQ,CAAC,uBAAuB,EAAE,MAAM,kBAAkB,GAAG,IAAI,CAAC;IAClE,gFAAgF;IAChF,QAAQ,CAAC,mBAAmB,EAAE,CAC5B,KAAK,EAAE,wBAAwB,KAC5B,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IAC/C;;;;;;;;;;;;;OAaG;IACH,QAAQ,CAAC,0BAA0B,EAAE,CACnC,WAAW,EAAE,eAAe,EAC5B,QAAQ,EAAE,gBAAgB,KACvB,MAAM,CAAC,MAAM,CAAC,SAAS,MAAM,EAAE,EAAE,cAAc,CAAC,CAAC;IACtD,QAAQ,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IAC9D,QAAQ,CAAC,iBAAiB,CAAC,EAAE,sBAAsB,CAAC;IACpD;;;;;;;;;;;;OAYG;IACH,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CACrC;AAgMD,eAAO,MAAM,gBAAgB,GAAI,MAAM,gBAAgB,KAAG,YA8qBzD,CAAC"}
|
|
@@ -9,6 +9,13 @@ export type ExecutorServerAuth = {
|
|
|
9
9
|
} | {
|
|
10
10
|
readonly kind: "bearer";
|
|
11
11
|
readonly token: string;
|
|
12
|
+
} | {
|
|
13
|
+
readonly kind: "oauth";
|
|
14
|
+
readonly accessToken: string;
|
|
15
|
+
readonly refreshToken?: string;
|
|
16
|
+
readonly expiresAt?: number;
|
|
17
|
+
readonly tokenEndpoint?: string;
|
|
18
|
+
readonly clientId?: string;
|
|
12
19
|
};
|
|
13
20
|
export interface ExecutorServerConnection {
|
|
14
21
|
readonly kind: ExecutorServerConnectionKind;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server-connection.d.ts","sourceRoot":"","sources":["../src/server-connection.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,8BAA8B,0BAA0B,CAAC;AACtE,eAAO,MAAM,gCAAgC,aAAa,CAAC;AAE3D,MAAM,MAAM,4BAA4B,GAAG,MAAM,GAAG,iBAAiB,CAAC;AACtE,MAAM,MAAM,uBAAuB,GAAG,YAAY,GAAG,iBAAiB,GAAG,YAAY,CAAC;AAEtF,MAAM,MAAM,kBAAkB,GAC1B;IACE,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B,GACD;IACE,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB,CAAC;AAEN,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,IAAI,EAAE,4BAA4B,CAAC;IAC5C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,IAAI,CAAC,EAAE,kBAAkB,CAAC;CACpC;AAED,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,CAAC,IAAI,CAAC,EAAE,4BAA4B,CAAC;IAC7C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,IAAI,CAAC,EAAE,kBAAkB,CAAC;CACpC;AAED,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,uBAAuB,CAAC;IACvC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,QAAQ,CAAC,UAAU,EAAE,wBAAwB,CAAC;IAC9C,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,MAAM,EAAE,KAAK,GAAG,SAAS,CAAC;QACnC,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;QAChC,QAAQ,CAAC,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;KACxC,CAAC;CACH;AAOD,eAAO,MAAM,6BAA6B,GAAI,KAAK,MAAM,KAAG,MAW3D,CAAC;AAEF,eAAO,MAAM,yBAAyB,GAAI,QAAQ,MAAM,KAAG,MAAyB,CAAC;AAErF,eAAO,MAAM,oBAAoB,GAAI,KAAK,MAAM,KAAG,MAQlD,CAAC;AAEF,eAAO,MAAM,iCAAiC,GAC5C,QAAO,6BAAkC,KACxC,wBAgBF,CAAC;AAqBF,eAAO,MAAM,oCAAoC,GAC/C,YAAY,wBAAwB,KACnC,MAAM,GAAG,
|
|
1
|
+
{"version":3,"file":"server-connection.d.ts","sourceRoot":"","sources":["../src/server-connection.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,8BAA8B,0BAA0B,CAAC;AACtE,eAAO,MAAM,gCAAgC,aAAa,CAAC;AAE3D,MAAM,MAAM,4BAA4B,GAAG,MAAM,GAAG,iBAAiB,CAAC;AACtE,MAAM,MAAM,uBAAuB,GAAG,YAAY,GAAG,iBAAiB,GAAG,YAAY,CAAC;AAEtF,MAAM,MAAM,kBAAkB,GAC1B;IACE,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B,GACD;IACE,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB,GACD;IAKE,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEN,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,IAAI,EAAE,4BAA4B,CAAC;IAC5C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,IAAI,CAAC,EAAE,kBAAkB,CAAC;CACpC;AAED,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,CAAC,IAAI,CAAC,EAAE,4BAA4B,CAAC;IAC7C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,IAAI,CAAC,EAAE,kBAAkB,CAAC;CACpC;AAED,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,uBAAuB,CAAC;IACvC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,QAAQ,CAAC,UAAU,EAAE,wBAAwB,CAAC;IAC9C,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,MAAM,EAAE,KAAK,GAAG,SAAS,CAAC;QACnC,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;QAChC,QAAQ,CAAC,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;KACxC,CAAC;CACH;AAOD,eAAO,MAAM,6BAA6B,GAAI,KAAK,MAAM,KAAG,MAW3D,CAAC;AAEF,eAAO,MAAM,yBAAyB,GAAI,QAAQ,MAAM,KAAG,MAAyB,CAAC;AAErF,eAAO,MAAM,oBAAoB,GAAI,KAAK,MAAM,KAAG,MAQlD,CAAC;AAEF,eAAO,MAAM,iCAAiC,GAC5C,QAAO,6BAAkC,KACxC,wBAgBF,CAAC;AAqBF,eAAO,MAAM,oCAAoC,GAC/C,YAAY,wBAAwB,KACnC,MAAM,GAAG,IASX,CAAC;AAyDF,eAAO,MAAM,gCAAgC,GAC3C,KAAK,MAAM,KACV,2BAA2B,GAAG,IA6BhC,CAAC;AAEF,eAAO,MAAM,oCAAoC,GAC/C,UAAU,2BAA2B,KACpC,MAAkD,CAAC"}
|
package/dist/shared.js
CHANGED
|
@@ -11,7 +11,7 @@ import {
|
|
|
11
11
|
originFromApiBaseUrl,
|
|
12
12
|
parseExecutorLocalServerManifest,
|
|
13
13
|
serializeExecutorLocalServerManifest
|
|
14
|
-
} from "./chunk-
|
|
14
|
+
} from "./chunk-EJKXSREX.js";
|
|
15
15
|
import {
|
|
16
16
|
ConnectionNotFoundError,
|
|
17
17
|
CredentialProviderNotRegisteredError,
|
|
@@ -42,7 +42,7 @@ import {
|
|
|
42
42
|
effectivePolicyFromSorted,
|
|
43
43
|
isValidPattern,
|
|
44
44
|
matchPattern
|
|
45
|
-
} from "./chunk-
|
|
45
|
+
} from "./chunk-PCSRC6WP.js";
|
|
46
46
|
import {
|
|
47
47
|
AuthTemplateSlug,
|
|
48
48
|
ConnectionAddress,
|
|
@@ -42,6 +42,7 @@ export interface OAuthTestServerOptions {
|
|
|
42
42
|
readonly defaultClientSecret?: string;
|
|
43
43
|
readonly clients?: Readonly<Record<string, string | null>>;
|
|
44
44
|
readonly scopes?: readonly string[];
|
|
45
|
+
readonly omitTokenResponseScopes?: readonly string[];
|
|
45
46
|
readonly supportRefresh?: boolean;
|
|
46
47
|
}
|
|
47
48
|
export interface OAuthTestServerShape {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-test-server.d.ts","sourceRoot":"","sources":["../../src/testing/oauth-test-server.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAQ,MAAM,EAAE,KAAK,EAAkC,KAAK,EAAE,MAAM,QAAQ,CAAC;;;;AAY7F,qBAAa,2BAA4B,SAAQ,iCAAgD;IAC/F,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;CAC3B,CAAC;CAAG;;;;AAEL,qBAAa,wBAAyB,SAAQ,8BAA6C;IACzF,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;CAAG;AAEL,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACnD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CAClD;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAClD,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC;IAC3D,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;CACnC;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,qBAAqB,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,4BAA4B,EAAE,MAAM,CAAC;IAC9C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,6BAA6B,EAAE,CAAC,KAAK,EAAE;QAC9C,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;QAClC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;KAC5B,KAAK,MAAM,CAAC,MAAM,CAAC,4BAA4B,EAAE,wBAAwB,CAAC,CAAC;IAC5E,QAAQ,CAAC,kCAAkC,EAAE,CAAC,KAAK,CAAC,EAAE;QACpD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;QAC/B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAC9B,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;QACpC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;KAC5B,KAAK,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE,wBAAwB,CAAC,CAAC;IAC7D,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,sBAAsB,EAAE,CAAC,CAAC;IACpE,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC5C,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,MAAM,EAAE,CAAC,CAAC;IAC9D,QAAQ,CAAC,kBAAkB,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACvE,QAAQ,CAAC,0BAA0B,EAAE,CACnC,aAAa,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,KACrC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;CAC7B;AAiTD,eAAO,MAAM,oBAAoB,GAC/B,UAAS,sBAA2B,KACnC,MAAM,CAAC,MAAM,CAAC,oBAAoB,EAAE,2BAA2B,EAAE,KAAK,CAAC,KAAK,
|
|
1
|
+
{"version":3,"file":"oauth-test-server.d.ts","sourceRoot":"","sources":["../../src/testing/oauth-test-server.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAQ,MAAM,EAAE,KAAK,EAAkC,KAAK,EAAE,MAAM,QAAQ,CAAC;;;;AAY7F,qBAAa,2BAA4B,SAAQ,iCAAgD;IAC/F,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;CAC3B,CAAC;CAAG;;;;AAEL,qBAAa,wBAAyB,SAAQ,8BAA6C;IACzF,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;CAAG;AAEL,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACnD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CAClD;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAClD,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC;IAC3D,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACpC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACrD,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;CACnC;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,qBAAqB,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,4BAA4B,EAAE,MAAM,CAAC;IAC9C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,6BAA6B,EAAE,CAAC,KAAK,EAAE;QAC9C,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;QAClC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;KAC5B,KAAK,MAAM,CAAC,MAAM,CAAC,4BAA4B,EAAE,wBAAwB,CAAC,CAAC;IAC5E,QAAQ,CAAC,kCAAkC,EAAE,CAAC,KAAK,CAAC,EAAE;QACpD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;QAC/B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAC9B,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;QACpC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;KAC5B,KAAK,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE,wBAAwB,CAAC,CAAC;IAC7D,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,sBAAsB,EAAE,CAAC,CAAC;IACpE,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC5C,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,MAAM,EAAE,CAAC,CAAC;IAC9D,QAAQ,CAAC,kBAAkB,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACvE,QAAQ,CAAC,0BAA0B,EAAE,CACnC,aAAa,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,KACrC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;CAC7B;AAiTD,eAAO,MAAM,oBAAoB,GAC/B,UAAS,sBAA2B,KACnC,MAAM,CAAC,MAAM,CAAC,oBAAoB,EAAE,2BAA2B,EAAE,KAAK,CAAC,KAAK,CAyV3E,CAAC;;AAEL,qBAAa,eAAgB,SAAQ,oBAEpC;IACC,MAAM,CAAC,QAAQ,CAAC,KAAK,GAAI,UAAU,sBAAsB,sEACM;CAChE"}
|