@executor-js/sdk 1.5.6 → 1.5.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/blob.d.ts +4 -0
- package/dist/blob.d.ts.map +1 -1
- package/dist/{chunk-VAJYYP2A.js → chunk-ARH4MAGG.js} +2 -2
- package/dist/{chunk-777N6JVG.js → chunk-I3X6242Q.js} +1 -1
- package/dist/chunk-I3X6242Q.js.map +1 -0
- package/dist/{chunk-3RRMGXEN.js → chunk-UKOTOKXM.js} +1 -1
- package/dist/{chunk-3RRMGXEN.js.map → chunk-UKOTOKXM.js.map} +1 -1
- package/dist/{chunk-WN6EB76P.js → chunk-YPVKRUZV.js} +50 -16
- package/dist/chunk-YPVKRUZV.js.map +1 -0
- package/dist/core-schema.d.ts +7 -0
- package/dist/core-schema.d.ts.map +1 -1
- package/dist/core.js +175 -9
- package/dist/core.js.map +1 -1
- package/dist/executor-fuma-db.d.ts +8 -0
- package/dist/executor-fuma-db.d.ts.map +1 -1
- package/dist/executor.d.ts +8 -0
- package/dist/executor.d.ts.map +1 -1
- package/dist/host-internal.js +3 -3
- package/dist/http-auth/auth-method.d.ts +81 -0
- package/dist/http-auth/auth-method.d.ts.map +1 -0
- package/dist/http-auth/auth-method.test.d.ts +2 -0
- package/dist/http-auth/auth-method.test.d.ts.map +1 -0
- package/dist/http-auth/authoring.d.ts +52 -0
- package/dist/http-auth/authoring.d.ts.map +1 -0
- package/dist/http-auth/authoring.test.d.ts +2 -0
- package/dist/http-auth/authoring.test.d.ts.map +1 -0
- package/dist/http-auth/index.d.ts +5 -0
- package/dist/http-auth/index.d.ts.map +1 -0
- package/dist/http-auth/legacy.d.ts +42 -0
- package/dist/http-auth/legacy.d.ts.map +1 -0
- package/dist/http-auth/migrate.d.ts +30 -0
- package/dist/http-auth/migrate.d.ts.map +1 -0
- package/dist/http-auth/migrate.test.d.ts +2 -0
- package/dist/http-auth/migrate.test.d.ts.map +1 -0
- package/dist/http-auth.js +288 -0
- package/dist/http-auth.js.map +1 -0
- package/dist/index.d.ts +7 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -4
- package/dist/index.js.map +1 -1
- package/dist/integration.d.ts +8 -0
- package/dist/integration.d.ts.map +1 -1
- package/dist/oauth-client.d.ts +3 -2
- package/dist/oauth-client.d.ts.map +1 -1
- package/dist/plugin.d.ts +18 -5
- package/dist/plugin.d.ts.map +1 -1
- package/dist/promise.d.ts +1 -1
- package/dist/promise.d.ts.map +1 -1
- package/dist/shared.js +1 -1
- package/dist/sqlite-config-blob-migration.d.ts +23 -0
- package/dist/sqlite-config-blob-migration.d.ts.map +1 -0
- package/dist/sqlite-config-blob-migration.test.d.ts +2 -0
- package/dist/sqlite-config-blob-migration.test.d.ts.map +1 -0
- package/dist/sqlite-data-migrations.d.ts +50 -0
- package/dist/sqlite-data-migrations.d.ts.map +1 -0
- package/dist/sqlite-data-migrations.test.d.ts +2 -0
- package/dist/sqlite-data-migrations.test.d.ts.map +1 -0
- package/dist/sqlite-test-db-KBW52UM6.js +9 -0
- package/dist/testing.js +7 -7
- package/dist/tool-result.d.ts +15 -1
- package/dist/tool-result.d.ts.map +1 -1
- package/package.json +8 -2
- package/dist/chunk-777N6JVG.js.map +0 -1
- package/dist/chunk-WN6EB76P.js.map +0 -1
- package/dist/sqlite-test-db-AMRR6VZ6.js +0 -9
- /package/dist/{chunk-VAJYYP2A.js.map → chunk-ARH4MAGG.js.map} +0 -0
- /package/dist/{sqlite-test-db-AMRR6VZ6.js.map → sqlite-test-db-KBW52UM6.js.map} +0 -0
package/dist/core-schema.d.ts
CHANGED
|
@@ -285,6 +285,13 @@ export type ConnectionRow = FumaRow<CoreSchema["connection"]>;
|
|
|
285
285
|
export type OAuthClientRow = FumaRow<CoreSchema["oauth_client"]>;
|
|
286
286
|
export type OAuthSessionRow = FumaRow<CoreSchema["oauth_session"]>;
|
|
287
287
|
export type ToolRow = FumaRow<CoreSchema["tool"]>;
|
|
288
|
+
/** The tool-row projection the invoke/list hot paths load: everything except
|
|
289
|
+
* the heavy `input_schema`/`output_schema` JSON, which only `tools.schema`
|
|
290
|
+
* (describe) needs. Plugin `invokeTool` receives this shape — operation
|
|
291
|
+
* details ride in plugin storage or `annotations`, not the row schemas. */
|
|
292
|
+
export type ToolInvocationRow = Omit<ToolRow, "input_schema" | "output_schema">;
|
|
293
|
+
/** The columns backing {@link ToolInvocationRow}, for `select` projections. */
|
|
294
|
+
export declare const TOOL_INVOCATION_COLUMNS: readonly ["tenant", "owner", "subject", "integration", "connection", "plugin_id", "name", "description", "annotations", "created_at", "updated_at"];
|
|
288
295
|
export type DefinitionRow = FumaRow<CoreSchema["definition"]>;
|
|
289
296
|
export type ToolPolicyRow = FumaRow<CoreSchema["tool_policy"]>;
|
|
290
297
|
export type PluginStorageRow = FumaRow<CoreSchema["plugin_storage"]>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"core-schema.d.ts","sourceRoot":"","sources":["../src/core-schema.ts"],"names":[],"mappings":"AAGA,OAAO,EAAgB,KAAK,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAiB5D,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,0EAA2B,CAAC;AACnE,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,wFAAsC,CAAC;AACtF,eAAO,MAAM,SAAS,GAAI,MAAM,MAAM,gFAAiC,CAAC;AACxE,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,8FAA4C,CAAC;AAC3F,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,EAAE,cAAc,OAAO,iFAChB,CAAC;AAC/C,eAAO,MAAM,YAAY,GAAI,MAAM,MAAM,0EAA2B,CAAC;AACrE,eAAO,MAAM,oBAAoB,GAAI,MAAM,MAAM,wFAAsC,CAAC;AACxF,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,0EAAyB,CAAC;AACjE,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,0EAAoC,CAAC;AACpF,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,yEAA8B,CAAC;AAmFtE,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuKrB,CAAC;AAEH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAAa,CAAC;AACrC,MAAM,MAAM,UAAU,GAAG,OAAO,UAAU,CAAC;AAE3C,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;AAChE,MAAM,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;AAC9D,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;AACjE,MAAM,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;AACnE,MAAM,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AAClD,MAAM,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;AAC9D,MAAM,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;AAC/D,MAAM,MAAM,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC;AACrE,MAAM,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AAElD,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,kBAAkB,GAAG,OAAO,CAAC;AAExE,eAAO,MAAM,mBAAmB,mDAIgB,CAAC;AAEjD,eAAO,MAAM,kBAAkB,GAAI,OAAO,OAAO,KAAG,KAAK,IAAI,gBAC4B,CAAC"}
|
|
1
|
+
{"version":3,"file":"core-schema.d.ts","sourceRoot":"","sources":["../src/core-schema.ts"],"names":[],"mappings":"AAGA,OAAO,EAAgB,KAAK,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAiB5D,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,0EAA2B,CAAC;AACnE,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,wFAAsC,CAAC;AACtF,eAAO,MAAM,SAAS,GAAI,MAAM,MAAM,gFAAiC,CAAC;AACxE,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,8FAA4C,CAAC;AAC3F,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,EAAE,cAAc,OAAO,iFAChB,CAAC;AAC/C,eAAO,MAAM,YAAY,GAAI,MAAM,MAAM,0EAA2B,CAAC;AACrE,eAAO,MAAM,oBAAoB,GAAI,MAAM,MAAM,wFAAsC,CAAC;AACxF,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,0EAAyB,CAAC;AACjE,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,0EAAoC,CAAC;AACpF,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,yEAA8B,CAAC;AAmFtE,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuKrB,CAAC;AAEH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAAa,CAAC;AACrC,MAAM,MAAM,UAAU,GAAG,OAAO,UAAU,CAAC;AAE3C,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;AAChE,MAAM,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;AAC9D,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;AACjE,MAAM,MAAM,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;AACnE,MAAM,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AAClD;;;4EAG4E;AAC5E,MAAM,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,EAAE,cAAc,GAAG,eAAe,CAAC,CAAC;AAChF,+EAA+E;AAC/E,eAAO,MAAM,uBAAuB,qJAYW,CAAC;AAChD,MAAM,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;AAC9D,MAAM,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;AAC/D,MAAM,MAAM,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC;AACrE,MAAM,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AAElD,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,kBAAkB,GAAG,OAAO,CAAC;AAExE,eAAO,MAAM,mBAAmB,mDAIgB,CAAC;AAEjD,eAAO,MAAM,kBAAkB,GAAI,OAAO,OAAO,KAAG,KAAK,IAAI,gBAC4B,CAAC"}
|
package/dist/core.js
CHANGED
|
@@ -46,10 +46,11 @@ import {
|
|
|
46
46
|
parseToolAddress,
|
|
47
47
|
pluginBlobStore,
|
|
48
48
|
pluginStorageId,
|
|
49
|
+
sha256Hex,
|
|
49
50
|
textColumn,
|
|
50
51
|
tool,
|
|
51
52
|
toolAddress
|
|
52
|
-
} from "./chunk-
|
|
53
|
+
} from "./chunk-YPVKRUZV.js";
|
|
53
54
|
import {
|
|
54
55
|
ConnectionNotFoundError,
|
|
55
56
|
CredentialProviderNotRegisteredError,
|
|
@@ -78,7 +79,7 @@ import {
|
|
|
78
79
|
effectivePolicyFromSorted,
|
|
79
80
|
isValidPattern,
|
|
80
81
|
matchPattern
|
|
81
|
-
} from "./chunk-
|
|
82
|
+
} from "./chunk-UKOTOKXM.js";
|
|
82
83
|
import "./chunk-EIHWBY6T.js";
|
|
83
84
|
import {
|
|
84
85
|
AuthTemplateSlug,
|
|
@@ -102,7 +103,7 @@ import {
|
|
|
102
103
|
import "./chunk-7D4SUZUM.js";
|
|
103
104
|
|
|
104
105
|
// src/index.ts
|
|
105
|
-
import { Context, Effect, Layer, Schema as
|
|
106
|
+
import { Context, Effect as Effect3, Layer, Schema as Schema3, Data as Data2, Option as Option2 } from "effect";
|
|
106
107
|
import {
|
|
107
108
|
HttpApi,
|
|
108
109
|
HttpApiBuilder,
|
|
@@ -115,6 +116,31 @@ import {
|
|
|
115
116
|
import { fumadb } from "@executor-js/fumadb";
|
|
116
117
|
import { column, idColumn, schema, table } from "@executor-js/fumadb/schema";
|
|
117
118
|
|
|
119
|
+
// src/integration.ts
|
|
120
|
+
var shortId = () => Math.random().toString(36).slice(2, 8);
|
|
121
|
+
var freshCustomAuthSlug = (taken) => {
|
|
122
|
+
let candidate = `custom_${shortId()}`;
|
|
123
|
+
while (taken.has(candidate)) candidate = `custom_${shortId()}`;
|
|
124
|
+
return candidate;
|
|
125
|
+
};
|
|
126
|
+
var mergeAuthTemplates = (existing, incoming) => {
|
|
127
|
+
const result = existing.map((entry) => entry);
|
|
128
|
+
const taken = new Set(result.map((entry) => String(entry.slug)));
|
|
129
|
+
for (const entry of incoming) {
|
|
130
|
+
const rawSlug = entry.slug;
|
|
131
|
+
const requested = typeof rawSlug === "string" ? rawSlug.trim() : "";
|
|
132
|
+
const existingIndex = result.findIndex((current) => String(current.slug) === requested);
|
|
133
|
+
if (requested.length > 0 && existingIndex >= 0) {
|
|
134
|
+
result[existingIndex] = entry;
|
|
135
|
+
continue;
|
|
136
|
+
}
|
|
137
|
+
const slug = requested.length > 0 && !taken.has(requested) ? requested : freshCustomAuthSlug(taken);
|
|
138
|
+
taken.add(slug);
|
|
139
|
+
result.push({ ...entry, slug });
|
|
140
|
+
}
|
|
141
|
+
return result;
|
|
142
|
+
};
|
|
143
|
+
|
|
118
144
|
// src/tool-result.ts
|
|
119
145
|
import { Schema } from "effect";
|
|
120
146
|
var ToolErrorSchema = Schema.Struct({
|
|
@@ -124,17 +150,149 @@ var ToolErrorSchema = Schema.Struct({
|
|
|
124
150
|
details: Schema.optional(Schema.Unknown),
|
|
125
151
|
retryable: Schema.optional(Schema.Boolean)
|
|
126
152
|
});
|
|
153
|
+
var ToolHttpMetaSchema = Schema.Struct({
|
|
154
|
+
status: Schema.Number,
|
|
155
|
+
headers: Schema.Record(Schema.String, Schema.String)
|
|
156
|
+
});
|
|
127
157
|
var ToolResult = {
|
|
128
|
-
ok: (data) => ({
|
|
158
|
+
ok: (data, meta) => ({
|
|
159
|
+
ok: true,
|
|
160
|
+
data,
|
|
161
|
+
...meta?.http ? { http: meta.http } : {}
|
|
162
|
+
}),
|
|
129
163
|
fail: (error) => ({ ok: false, error })
|
|
130
164
|
};
|
|
131
165
|
var ToolResultSchema = Schema.Union([
|
|
132
|
-
Schema.Struct({
|
|
166
|
+
Schema.Struct({
|
|
167
|
+
ok: Schema.Literal(true),
|
|
168
|
+
data: Schema.Unknown,
|
|
169
|
+
http: Schema.optional(ToolHttpMetaSchema)
|
|
170
|
+
}),
|
|
133
171
|
Schema.Struct({ ok: Schema.Literal(false), error: ToolErrorSchema })
|
|
134
172
|
]);
|
|
135
173
|
var isUnknownToolResult = Schema.is(ToolResultSchema);
|
|
136
174
|
var isToolResult = (value) => isUnknownToolResult(value);
|
|
137
175
|
|
|
176
|
+
// src/sqlite-data-migrations.ts
|
|
177
|
+
import { Data, Effect } from "effect";
|
|
178
|
+
var DataMigrationError = class extends Data.TaggedError("DataMigrationError") {
|
|
179
|
+
};
|
|
180
|
+
var DuplicateDataMigrationError = class extends Data.TaggedError("DuplicateDataMigrationError") {
|
|
181
|
+
};
|
|
182
|
+
var LEDGER_TABLE = "data_migration";
|
|
183
|
+
var execute = (client, stmt, migration) => Effect.tryPromise({
|
|
184
|
+
try: () => client.execute(stmt),
|
|
185
|
+
catch: (cause) => new DataMigrationError({ migration, cause })
|
|
186
|
+
});
|
|
187
|
+
var sqliteDataMigration = (name, run) => ({
|
|
188
|
+
name,
|
|
189
|
+
run: (client) => Effect.tryPromise({
|
|
190
|
+
try: () => run(client),
|
|
191
|
+
catch: (cause) => new DataMigrationError({ migration: name, cause })
|
|
192
|
+
}).pipe(Effect.asVoid)
|
|
193
|
+
});
|
|
194
|
+
var runSqliteDataMigrations = (client, migrations) => Effect.gen(function* () {
|
|
195
|
+
const names = /* @__PURE__ */ new Set();
|
|
196
|
+
for (const migration of migrations) {
|
|
197
|
+
if (names.has(migration.name)) {
|
|
198
|
+
return yield* new DuplicateDataMigrationError({ name: migration.name });
|
|
199
|
+
}
|
|
200
|
+
names.add(migration.name);
|
|
201
|
+
}
|
|
202
|
+
yield* execute(
|
|
203
|
+
client,
|
|
204
|
+
`CREATE TABLE IF NOT EXISTS ${LEDGER_TABLE} (name TEXT PRIMARY KEY, time_completed INTEGER NOT NULL)`,
|
|
205
|
+
null
|
|
206
|
+
);
|
|
207
|
+
const stamped = yield* execute(client, `SELECT name FROM ${LEDGER_TABLE}`, null);
|
|
208
|
+
const completed = new Set(
|
|
209
|
+
stamped.rows.map((row) => row.name).filter((name) => typeof name === "string")
|
|
210
|
+
);
|
|
211
|
+
const applied = [];
|
|
212
|
+
for (const migration of migrations) {
|
|
213
|
+
if (completed.has(migration.name)) continue;
|
|
214
|
+
yield* migration.run(client);
|
|
215
|
+
yield* execute(
|
|
216
|
+
client,
|
|
217
|
+
{
|
|
218
|
+
sql: `INSERT INTO ${LEDGER_TABLE} (name, time_completed) VALUES (?, ?)`,
|
|
219
|
+
args: [migration.name, Date.now()]
|
|
220
|
+
},
|
|
221
|
+
migration.name
|
|
222
|
+
);
|
|
223
|
+
applied.push(migration.name);
|
|
224
|
+
}
|
|
225
|
+
return applied;
|
|
226
|
+
});
|
|
227
|
+
|
|
228
|
+
// src/sqlite-config-blob-migration.ts
|
|
229
|
+
import { Effect as Effect2, Option, Schema as Schema2 } from "effect";
|
|
230
|
+
var decodeJsonOption = Schema2.decodeUnknownOption(Schema2.UnknownFromJsonString);
|
|
231
|
+
var isRecord = (value) => typeof value === "object" && value !== null && !Array.isArray(value);
|
|
232
|
+
var runSqliteConfigBlobMigration = (client, options) => Effect2.gen(function* () {
|
|
233
|
+
const execute2 = (stmt) => Effect2.tryPromise({
|
|
234
|
+
try: () => client.execute(stmt),
|
|
235
|
+
catch: (cause) => new DataMigrationError({ migration: options.migrationName, cause })
|
|
236
|
+
});
|
|
237
|
+
const exists = yield* execute2(
|
|
238
|
+
"SELECT name FROM sqlite_master WHERE type = 'table' AND name = 'integration'"
|
|
239
|
+
);
|
|
240
|
+
if (exists.rows.length === 0) return 0;
|
|
241
|
+
const result = yield* execute2({
|
|
242
|
+
sql: "SELECT row_id, tenant, config FROM integration WHERE plugin_id = ? AND config IS NOT NULL",
|
|
243
|
+
args: [options.pluginId]
|
|
244
|
+
});
|
|
245
|
+
const moves = [];
|
|
246
|
+
for (const row of result.rows) {
|
|
247
|
+
if (typeof row.row_id !== "string" || typeof row.tenant !== "string") continue;
|
|
248
|
+
if (typeof row.config !== "string") continue;
|
|
249
|
+
const decoded = decodeJsonOption(row.config);
|
|
250
|
+
if (Option.isNone(decoded) || !isRecord(decoded.value)) continue;
|
|
251
|
+
const inline = decoded.value[options.inlineField];
|
|
252
|
+
if (typeof inline !== "string") continue;
|
|
253
|
+
const hash = yield* sha256Hex(inline);
|
|
254
|
+
const namespace = `o:${row.tenant}/${options.pluginId}`;
|
|
255
|
+
const key = `${options.blobKeyPrefix}/${hash}`;
|
|
256
|
+
const { [options.inlineField]: _removed, ...rest } = decoded.value;
|
|
257
|
+
moves.push({
|
|
258
|
+
rowId: row.row_id,
|
|
259
|
+
namespace,
|
|
260
|
+
key,
|
|
261
|
+
blobId: JSON.stringify([namespace, key]),
|
|
262
|
+
inlineText: inline,
|
|
263
|
+
nextConfig: JSON.stringify({ ...rest, [options.hashField]: hash })
|
|
264
|
+
});
|
|
265
|
+
}
|
|
266
|
+
if (moves.length === 0) return 0;
|
|
267
|
+
const applyAll = Effect2.gen(function* () {
|
|
268
|
+
for (const move of moves) {
|
|
269
|
+
const existing = yield* execute2({
|
|
270
|
+
sql: "SELECT row_id FROM blob WHERE id = ?",
|
|
271
|
+
args: [move.blobId]
|
|
272
|
+
});
|
|
273
|
+
if (existing.rows.length === 0) {
|
|
274
|
+
yield* execute2({
|
|
275
|
+
sql: "INSERT INTO blob (namespace, key, value, row_id, id) VALUES (?, ?, ?, ?, ?)",
|
|
276
|
+
args: [move.namespace, move.key, move.inlineText, crypto.randomUUID(), move.blobId]
|
|
277
|
+
});
|
|
278
|
+
} else {
|
|
279
|
+
yield* execute2({
|
|
280
|
+
sql: "UPDATE blob SET value = ? WHERE id = ?",
|
|
281
|
+
args: [move.inlineText, move.blobId]
|
|
282
|
+
});
|
|
283
|
+
}
|
|
284
|
+
yield* execute2({
|
|
285
|
+
sql: "UPDATE integration SET config = ? WHERE row_id = ?",
|
|
286
|
+
args: [move.nextConfig, move.rowId]
|
|
287
|
+
});
|
|
288
|
+
}
|
|
289
|
+
yield* execute2("COMMIT");
|
|
290
|
+
});
|
|
291
|
+
yield* execute2("BEGIN");
|
|
292
|
+
yield* applyAll.pipe(Effect2.tapError(() => execute2("ROLLBACK").pipe(Effect2.ignore)));
|
|
293
|
+
return moves.length;
|
|
294
|
+
});
|
|
295
|
+
|
|
138
296
|
// src/auth-tool-failure.ts
|
|
139
297
|
var authRecovery = (input) => ({
|
|
140
298
|
createConnectionTool: "executor.coreTools.connections.createHandoff",
|
|
@@ -170,8 +328,10 @@ export {
|
|
|
170
328
|
CredentialResolutionError,
|
|
171
329
|
DEFAULT_EXECUTOR_SERVER_ORIGIN,
|
|
172
330
|
DEFAULT_EXECUTOR_SERVER_USERNAME,
|
|
173
|
-
Data,
|
|
174
|
-
|
|
331
|
+
Data2 as Data,
|
|
332
|
+
DataMigrationError,
|
|
333
|
+
DuplicateDataMigrationError,
|
|
334
|
+
Effect3 as Effect,
|
|
175
335
|
ElicitationAction,
|
|
176
336
|
ElicitationDeclinedError,
|
|
177
337
|
ElicitationId,
|
|
@@ -203,13 +363,13 @@ export {
|
|
|
203
363
|
OAuthStartError,
|
|
204
364
|
OAuthState,
|
|
205
365
|
ORG_SUBJECT,
|
|
206
|
-
Option,
|
|
366
|
+
Option2 as Option,
|
|
207
367
|
Owner,
|
|
208
368
|
PluginNotLoadedError,
|
|
209
369
|
PolicyId,
|
|
210
370
|
ProviderItemId,
|
|
211
371
|
ProviderKey,
|
|
212
|
-
|
|
372
|
+
Schema3 as Schema,
|
|
213
373
|
StorageError,
|
|
214
374
|
Subject,
|
|
215
375
|
TOOL_POLICY_ACTIONS,
|
|
@@ -243,6 +403,7 @@ export {
|
|
|
243
403
|
effectivePolicyFromSorted,
|
|
244
404
|
executorOwnerPolicyName,
|
|
245
405
|
executorUnscopedPolicyName,
|
|
406
|
+
freshCustomAuthSlug,
|
|
246
407
|
schema as fumaSchema,
|
|
247
408
|
fumadb,
|
|
248
409
|
getExecutorServerAuthorizationHeader,
|
|
@@ -258,6 +419,7 @@ export {
|
|
|
258
419
|
makeFumaBlobStore,
|
|
259
420
|
makeInMemoryBlobStore,
|
|
260
421
|
matchPattern,
|
|
422
|
+
mergeAuthTemplates,
|
|
261
423
|
normalizeExecutorServerConnection,
|
|
262
424
|
normalizeExecutorServerOrigin,
|
|
263
425
|
nullableBigintColumn,
|
|
@@ -268,6 +430,10 @@ export {
|
|
|
268
430
|
parseToolAddress,
|
|
269
431
|
pluginBlobStore,
|
|
270
432
|
pluginStorageId,
|
|
433
|
+
runSqliteConfigBlobMigration,
|
|
434
|
+
runSqliteDataMigrations,
|
|
435
|
+
sha256Hex,
|
|
436
|
+
sqliteDataMigration,
|
|
271
437
|
table,
|
|
272
438
|
textColumn,
|
|
273
439
|
tool,
|
package/dist/core.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts","../src/tool-result.ts","../src/auth-tool-failure.ts"],"sourcesContent":["// ---------------------------------------------------------------------------\n// @executor-js/sdk — public surface (v2)\n// ---------------------------------------------------------------------------\n\n// Re-export the Effect/Schema/HttpApi primitives plugin authors need so a\n// plugin can be written importing only from `@executor-js/sdk`.\nexport { Context, Effect, Layer, Schema, Data, Option } from \"effect\";\nexport {\n HttpApi,\n HttpApiBuilder,\n HttpApiClient,\n HttpApiEndpoint,\n HttpApiGroup,\n HttpApiMiddleware,\n HttpApiSchema,\n} from \"effect/unstable/httpapi\";\n\n// FumaDB integration.\nexport { fumadb } from \"@executor-js/fumadb\";\nexport type { FumaDB } from \"@executor-js/fumadb\";\nexport type { AbstractQuery, Condition, ConditionBuilder } from \"@executor-js/fumadb/query\";\nexport { column, idColumn, schema as fumaSchema, table } from \"@executor-js/fumadb/schema\";\nexport type { AnyColumn, AnySchema, AnyTable, Column, Schema as FumaSchema } from \"@executor-js/fumadb/schema\";\n\nexport type {\n FumaDb,\n FumaQuery,\n FumaRow,\n FumaTables,\n IFumaClient,\n StorageFailure,\n} from \"./fuma-runtime\";\nexport { StorageError, UniqueViolationError, isStorageFailure } from \"./fuma-runtime\";\n\n// IDs (branded) — the v2 set.\nexport {\n IntegrationSlug,\n AuthTemplateSlug,\n ConnectionName,\n OAuthClientSlug,\n OAuthState,\n ProviderKey,\n ProviderItemId,\n ConnectionAddress,\n ToolAddress,\n ToolName,\n ElicitationId,\n PolicyId,\n Tenant,\n Subject,\n Owner,\n} from \"./ids\";\nexport { connectionIdentifier, isConnectionIdentifier } from \"./connection-name-identifier\";\n\n// Errors (tagged) — the ExecuteError set + integration lifecycle.\nexport {\n ToolNotFoundError,\n ToolInvocationError,\n ToolBlockedError,\n NoHandlerError,\n PluginNotLoadedError,\n IntegrationNotFoundError,\n IntegrationAlreadyExistsError,\n IntegrationRemovalNotAllowedError,\n ConnectionNotFoundError,\n CredentialProviderNotRegisteredError,\n CredentialResolutionError,\n type ExecuteError,\n type ExecutorError,\n} from \"./errors\";\n\n// Integration / connection / tool domain contracts.\nexport type {\n AuthMethodDescriptor,\n AuthMethodOAuthDescriptor,\n AuthPlacementDescriptor,\n Integration,\n IntegrationConfig,\n IntegrationDisplayDescriptor,\n RegisterIntegrationInput,\n} from \"./integration\";\nexport type {\n Connection,\n ConnectionRef,\n ConnectionValueInput,\n CreateConnectionInput,\n} from \"./connection\";\nexport type { Tool, ToolDef, ToolListFilter, ToolAnnotations } from \"./tool\";\n\n// Credential providers.\nexport type { CredentialProvider, ProviderEntry } from \"./provider\";\n\n// Public projections / detection.\nexport { ToolSchemaView, IntegrationDetectionResult } from \"./types\";\n\n// Core schema.\nexport {\n bigintColumn,\n boolColumn,\n coreSchema,\n coreTables,\n dateColumn,\n isToolPolicyAction,\n jsonColumn,\n keyColumn,\n nullableBigintColumn,\n nullableJsonColumn,\n nullableKeyColumn,\n nullableTextColumn,\n textColumn,\n TOOL_POLICY_ACTIONS,\n type CoreSchema,\n type IntegrationRow,\n type ConnectionRow,\n type OAuthClientRow,\n type OAuthSessionRow,\n type ToolRow,\n type DefinitionRow,\n type ToolPolicyRow,\n type PluginStorageRow,\n type BlobRow,\n type ToolPolicyAction,\n} from \"./core-schema\";\n\n// Owner policy.\nexport {\n ORG_SUBJECT,\n executorOwnerPolicyName,\n executorUnscopedPolicyName,\n type ExecutorOwnerPolicyContext,\n} from \"./owner-policy\";\n\n// Tool policies.\nexport {\n matchPattern,\n isValidPattern,\n effectivePolicyFromSorted,\n ToolPolicyActionSchema,\n type ToolPolicy,\n type CreateToolPolicyInput,\n type UpdateToolPolicyInput,\n type RemoveToolPolicyInput,\n type PolicyMatch,\n type EffectivePolicy,\n type PolicySource,\n} from \"./policies\";\n\n// Elicitation.\nexport {\n FormElicitation,\n UrlElicitation,\n ElicitationAction,\n ElicitationResponse,\n ElicitationDeclinedError,\n type ElicitationRequest,\n type ElicitationHandler,\n type ElicitationContext,\n type OnElicitation,\n type InvokeOptions,\n} from \"./elicitation\";\n\n// Blob store — the plugin-facing CONTRACT only. The concrete makers\n// (`makeFumaBlobStore`/`makeInMemoryBlobStore`) are SDK-internal.\nexport {\n pluginBlobStore,\n makeInMemoryBlobStore,\n makeFumaBlobStore,\n type BlobStore,\n type PluginBlobStore,\n type OwnerPartitions,\n} from \"./blob\";\n\n// Plugin storage.\nexport {\n definePluginStorageCollection,\n pluginStorageId,\n type PluginStorageCollectionDefinition,\n type PluginStorageCollectionFacade,\n type PluginStorageCollectionIndexedField,\n type PluginStorageCollectionKeyInput,\n type PluginStorageCollectionListInput,\n type PluginStorageCollectionOrderBy,\n type PluginStorageCollectionPutInput,\n type PluginStorageCollectionQueryInput,\n type PluginStorageCollectionScopedKeyInput,\n type PluginStorageCollectionWhere,\n type PluginStorageConfig,\n type PluginStorageEntry,\n type PluginStorageFacade,\n type PluginStorageIndexField,\n type PluginStorageIndexSpec,\n type PluginStorageKeyInput,\n type PluginStorageListInput,\n type PluginStoragePutInput,\n type PluginStorageRuntimeCollectionDefinition,\n type PluginStorageRuntimeIndexSpec,\n type PluginStorageSchema,\n type PluginStorageSchemaType,\n type PluginStorageScopedKeyInput,\n type PluginStorageWhereFilter,\n type PluginStorageWhereValue,\n} from \"./plugin-storage\";\n\n// OAuth (v2 contracts).\nexport { OAUTH2_PROVIDER_KEY, OAUTH2_SESSION_TTL_MS } from \"./oauth\";\nexport {\n OAuthStartError,\n OAuthCompleteError,\n OAuthProbeError,\n OAuthRegisterDynamicError,\n OAuthSessionNotFoundError,\n type OAuthGrant,\n type OAuthAuthentication,\n type OAuthClient,\n type OAuthClientSummary,\n type CreateOAuthClientInput,\n type RegisterDynamicClientInput,\n type ConnectResult,\n type OAuthStartInput,\n type OAuthCompleteInput,\n type OAuthProbeInput,\n type OAuthProbeResult,\n type OAuthService,\n} from \"./oauth-client\";\n\n// NOTE: the OAuth 2.1 implementation helpers (`./oauth-helpers`,\n// `makeOAuthService` in `./oauth-service`, discovery in `./oauth-discovery`)\n// are SDK-internal — consumed only by `createExecutor`. The hosted HTTP client\n// builder is host-internal and reachable via `@executor-js/sdk/host-internal`.\n\nexport {\n DEFAULT_EXECUTOR_SERVER_ORIGIN,\n DEFAULT_EXECUTOR_SERVER_USERNAME,\n apiBaseUrlForServerOrigin,\n getExecutorServerAuthorizationHeader,\n normalizeExecutorServerConnection,\n normalizeExecutorServerOrigin,\n originFromApiBaseUrl,\n type ExecutorServerAuth,\n type ExecutorServerConnection,\n type ExecutorServerConnectionInput,\n type ExecutorServerConnectionKind,\n} from \"./server-connection\";\n\nexport {\n OAUTH_POPUP_MESSAGE_TYPE,\n type OAuthPopupResult,\n isOAuthPopupResult,\n} from \"./oauth-popup-types\";\n\n// Plugin definition.\nexport {\n type Plugin,\n type PluginSpec,\n type PluginCtx,\n type PluginExtensions,\n type ConfiguredPlugin,\n type AnyPlugin,\n type StorageDeps,\n type OwnerBinding,\n type IntegrationRecord,\n type StaticSourceDecl,\n type StaticToolDecl,\n type StaticToolSchema,\n type StaticToolExecuteContext,\n type StaticToolHandlerInput,\n type StaticToolInput,\n type ConfigureIntegrationHandlerInput,\n type InvokeToolInput,\n type ConnectionLifecycleInput,\n type IntegrationConfigureDecl,\n type IntegrationConfigureSchema,\n type IntegrationPreset,\n type IntegrationPresetCatalogEntry,\n type ResolveToolsInput,\n type ResolveToolsResult,\n type ToolInvocationCredential,\n type Elicit,\n definePlugin,\n tool,\n} from \"./plugin\";\n\n// Executor.\n//\n// `collectTables` is host/tooling-only (cli schema cmd, kernel worker,\n// local/cloud DB bring-up). Its definition stays here because `createExecutor`\n// uses it; the host surface (`@executor-js/api/server`) re-exports it.\nexport {\n type Executor,\n type ExecutorConfig,\n type ExecutorDb,\n type ExecutorDbFactory,\n type ExecutorDbInput,\n type ParsedToolAddress,\n createExecutor,\n collectTables,\n parseToolAddress,\n connectionAddress,\n toolAddress,\n} from \"./executor\";\n\n// CLI / runtime config.\nexport {\n defineExecutorConfig,\n type ExecutorCliConfig,\n type ExecutorPluginsFactory,\n} from \"./config\";\n\n// The one TS-preview generator plugins assert against.\nexport { buildToolTypeScriptPreview } from \"./schema-types\";\n\n// Wire-level HTTP error schemas usable by plugin HttpApiGroup definitions.\nexport { InternalError } from \"./api-errors\";\n\n// ToolResult — typed value-based discriminated union for tool outcomes.\nexport { ToolResult, isToolResult, type ToolError } from \"./tool-result\";\nexport {\n authToolFailure,\n type AuthToolFailureCode,\n type AuthToolFailureInput,\n} from \"./auth-tool-failure\";\n","// ---------------------------------------------------------------------------\n// ToolResult — typed value-based discriminated union returned by tool\n// handlers and `invokeTool`. Domain success and expected failure both\n// resolve through Effect's success channel; only true infra defects use\n// the Effect failure channel.\n// ---------------------------------------------------------------------------\n\nimport { Schema } from \"effect\";\n\nexport const ToolErrorSchema = Schema.Struct({\n code: Schema.String,\n message: Schema.String,\n status: Schema.optional(Schema.Number),\n details: Schema.optional(Schema.Unknown),\n retryable: Schema.optional(Schema.Boolean),\n});\n\nexport type ToolError = typeof ToolErrorSchema.Type;\n\nexport type ToolResult<T> =\n | { readonly ok: true; readonly data: T }\n | { readonly ok: false; readonly error: ToolError };\n\nexport const ToolResult = {\n ok: <T>(data: T): ToolResult<T> => ({ ok: true, data }),\n fail: <T = never>(error: ToolError): ToolResult<T> => ({ ok: false, error }),\n} as const;\n\nconst ToolResultSchema = Schema.Union([\n Schema.Struct({ ok: Schema.Literal(true), data: Schema.Unknown }),\n Schema.Struct({ ok: Schema.Literal(false), error: ToolErrorSchema }),\n]);\n\nconst isUnknownToolResult = Schema.is(ToolResultSchema);\n\nexport const isToolResult = (value: unknown): value is ToolResult<unknown> =>\n isUnknownToolResult(value);\n","import { ToolResult, type ToolError } from \"./tool-result\";\n\nexport type AuthToolFailureCode =\n | \"connection_value_missing\"\n | \"connection_rejected\"\n | \"oauth_connection_missing\"\n | \"oauth_refresh_failed\"\n | \"oauth_reauth_required\";\n\nexport type AuthToolFailureInput = {\n readonly code: AuthToolFailureCode;\n readonly message: string;\n readonly source?: {\n readonly id: string;\n readonly scope?: string;\n };\n readonly credential?: {\n readonly kind: \"secret\" | \"oauth\" | \"upstream\";\n readonly label?: string;\n readonly slotKey?: string;\n readonly secretId?: string;\n readonly connectionId?: string;\n };\n readonly status?: number;\n readonly upstream?: {\n readonly status?: number;\n readonly details?: unknown;\n };\n readonly recovery?: {\n readonly configureSourceTool?: string;\n };\n};\n\n// In v1.5 a connection IS the credential: there is no standalone secret to\n// \"bind\" to a source afterward. Manually-entered credentials are created via\n// the connection handoff (the user enters the value in the web UI, which\n// creates the bound connection in one step); OAuth credentials are minted by\n// the OAuth start flow. These strings are read by the agent resolving the\n// failure, so they must name tools that actually exist on the executor.\nconst authRecovery = (input?: AuthToolFailureInput[\"recovery\"]) => ({\n createConnectionTool: \"executor.coreTools.connections.createHandoff\",\n startOAuthTool: \"executor.coreTools.oauth.start\",\n listConnectionsTool: \"executor.coreTools.connections.list\",\n ...(input?.configureSourceTool ? { configureSourceTool: input.configureSourceTool } : {}),\n connectionInstructions:\n \"For API keys and tokens, call createConnectionTool for the integration to get a browser URL; the user enters the credential there, which creates the bound connection. Do not ask the user to paste secrets into chat. Then call listConnectionsTool to confirm the connection exists before retrying this tool.\",\n oauthInstructions:\n \"For OAuth credentials, call startOAuthTool and give the returned authorizationUrl to the user. The completed connection binds automatically, then retry the tool.\",\n});\n\nexport const authToolFailure = <T = never>(input: AuthToolFailureInput): ToolResult<T> => {\n const error: ToolError = {\n code: input.code,\n message: input.message,\n retryable: false,\n ...(input.status !== undefined ? { status: input.status } : {}),\n details: {\n category: \"authentication\",\n ...(input.source ? { source: input.source } : {}),\n ...(input.credential ? { credential: input.credential } : {}),\n ...(input.upstream ? { upstream: input.upstream } : {}),\n recovery: authRecovery(input.recovery),\n },\n };\n return ToolResult.fail(error);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,SAAS,SAAS,QAAQ,OAAO,UAAAA,SAAQ,MAAM,cAAc;AAC7D;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAGP,SAAS,cAAc;AAGvB,SAAS,QAAQ,UAAoB,QAAY,aAAa;;;ACd9D,SAAS,cAAc;AAEhB,IAAM,kBAAkB,OAAO,OAAO;AAAA,EAC3C,MAAM,OAAO;AAAA,EACb,SAAS,OAAO;AAAA,EAChB,QAAQ,OAAO,SAAS,OAAO,MAAM;AAAA,EACrC,SAAS,OAAO,SAAS,OAAO,OAAO;AAAA,EACvC,WAAW,OAAO,SAAS,OAAO,OAAO;AAC3C,CAAC;AAQM,IAAM,aAAa;AAAA,EACxB,IAAI,CAAI,UAA4B,EAAE,IAAI,MAAM,KAAK;AAAA,EACrD,MAAM,CAAY,WAAqC,EAAE,IAAI,OAAO,MAAM;AAC5E;AAEA,IAAM,mBAAmB,OAAO,MAAM;AAAA,EACpC,OAAO,OAAO,EAAE,IAAI,OAAO,QAAQ,IAAI,GAAG,MAAM,OAAO,QAAQ,CAAC;AAAA,EAChE,OAAO,OAAO,EAAE,IAAI,OAAO,QAAQ,KAAK,GAAG,OAAO,gBAAgB,CAAC;AACrE,CAAC;AAED,IAAM,sBAAsB,OAAO,GAAG,gBAAgB;AAE/C,IAAM,eAAe,CAAC,UAC3B,oBAAoB,KAAK;;;ACG3B,IAAM,eAAe,CAAC,WAA8C;AAAA,EAClE,sBAAsB;AAAA,EACtB,gBAAgB;AAAA,EAChB,qBAAqB;AAAA,EACrB,GAAI,OAAO,sBAAsB,EAAE,qBAAqB,MAAM,oBAAoB,IAAI,CAAC;AAAA,EACvF,wBACE;AAAA,EACF,mBACE;AACJ;AAEO,IAAM,kBAAkB,CAAY,UAA+C;AACxF,QAAM,QAAmB;AAAA,IACvB,MAAM,MAAM;AAAA,IACZ,SAAS,MAAM;AAAA,IACf,WAAW;AAAA,IACX,GAAI,MAAM,WAAW,SAAY,EAAE,QAAQ,MAAM,OAAO,IAAI,CAAC;AAAA,IAC7D,SAAS;AAAA,MACP,UAAU;AAAA,MACV,GAAI,MAAM,SAAS,EAAE,QAAQ,MAAM,OAAO,IAAI,CAAC;AAAA,MAC/C,GAAI,MAAM,aAAa,EAAE,YAAY,MAAM,WAAW,IAAI,CAAC;AAAA,MAC3D,GAAI,MAAM,WAAW,EAAE,UAAU,MAAM,SAAS,IAAI,CAAC;AAAA,MACrD,UAAU,aAAa,MAAM,QAAQ;AAAA,IACvC;AAAA,EACF;AACA,SAAO,WAAW,KAAK,KAAK;AAC9B;","names":["Schema"]}
|
|
1
|
+
{"version":3,"sources":["../src/index.ts","../src/integration.ts","../src/tool-result.ts","../src/sqlite-data-migrations.ts","../src/sqlite-config-blob-migration.ts","../src/auth-tool-failure.ts"],"sourcesContent":["// ---------------------------------------------------------------------------\n// @executor-js/sdk — public surface (v2)\n// ---------------------------------------------------------------------------\n\n// Re-export the Effect/Schema/HttpApi primitives plugin authors need so a\n// plugin can be written importing only from `@executor-js/sdk`.\nexport { Context, Effect, Layer, Schema, Data, Option } from \"effect\";\nexport {\n HttpApi,\n HttpApiBuilder,\n HttpApiClient,\n HttpApiEndpoint,\n HttpApiGroup,\n HttpApiMiddleware,\n HttpApiSchema,\n} from \"effect/unstable/httpapi\";\n\n// FumaDB integration.\nexport { fumadb } from \"@executor-js/fumadb\";\nexport type { FumaDB } from \"@executor-js/fumadb\";\nexport type { AbstractQuery, Condition, ConditionBuilder } from \"@executor-js/fumadb/query\";\nexport { column, idColumn, schema as fumaSchema, table } from \"@executor-js/fumadb/schema\";\nexport type {\n AnyColumn,\n AnySchema,\n AnyTable,\n Column,\n Schema as FumaSchema,\n} from \"@executor-js/fumadb/schema\";\n\nexport type {\n FumaDb,\n FumaQuery,\n FumaRow,\n FumaTables,\n IFumaClient,\n StorageFailure,\n} from \"./fuma-runtime\";\nexport { StorageError, UniqueViolationError, isStorageFailure } from \"./fuma-runtime\";\n\n// IDs (branded) — the v2 set.\nexport {\n IntegrationSlug,\n AuthTemplateSlug,\n ConnectionName,\n OAuthClientSlug,\n OAuthState,\n ProviderKey,\n ProviderItemId,\n ConnectionAddress,\n ToolAddress,\n ToolName,\n ElicitationId,\n PolicyId,\n Tenant,\n Subject,\n Owner,\n} from \"./ids\";\nexport { connectionIdentifier, isConnectionIdentifier } from \"./connection-name-identifier\";\n\n// Errors (tagged) — the ExecuteError set + integration lifecycle.\nexport {\n ToolNotFoundError,\n ToolInvocationError,\n ToolBlockedError,\n NoHandlerError,\n PluginNotLoadedError,\n IntegrationNotFoundError,\n IntegrationAlreadyExistsError,\n IntegrationRemovalNotAllowedError,\n ConnectionNotFoundError,\n CredentialProviderNotRegisteredError,\n CredentialResolutionError,\n type ExecuteError,\n type ExecutorError,\n} from \"./errors\";\n\n// Integration / connection / tool domain contracts.\nexport type {\n AuthMethodDescriptor,\n AuthMethodOAuthDescriptor,\n AuthPlacementDescriptor,\n Integration,\n IntegrationConfig,\n IntegrationDisplayDescriptor,\n RegisterIntegrationInput,\n} from \"./integration\";\nexport { freshCustomAuthSlug, mergeAuthTemplates } from \"./integration\";\nexport type {\n Connection,\n ConnectionRef,\n ConnectionValueInput,\n CreateConnectionInput,\n} from \"./connection\";\nexport type { Tool, ToolDef, ToolListFilter, ToolAnnotations } from \"./tool\";\n\n// Credential providers.\nexport type { CredentialProvider, ProviderEntry } from \"./provider\";\n\n// Public projections / detection.\nexport { ToolSchemaView, IntegrationDetectionResult } from \"./types\";\n\n// Core schema.\nexport {\n bigintColumn,\n boolColumn,\n coreSchema,\n coreTables,\n dateColumn,\n isToolPolicyAction,\n jsonColumn,\n keyColumn,\n nullableBigintColumn,\n nullableJsonColumn,\n nullableKeyColumn,\n nullableTextColumn,\n textColumn,\n TOOL_POLICY_ACTIONS,\n type CoreSchema,\n type IntegrationRow,\n type ConnectionRow,\n type OAuthClientRow,\n type OAuthSessionRow,\n type ToolRow,\n type ToolInvocationRow,\n type DefinitionRow,\n type ToolPolicyRow,\n type PluginStorageRow,\n type BlobRow,\n type ToolPolicyAction,\n} from \"./core-schema\";\n\n// Owner policy.\nexport {\n ORG_SUBJECT,\n executorOwnerPolicyName,\n executorUnscopedPolicyName,\n type ExecutorOwnerPolicyContext,\n} from \"./owner-policy\";\n\n// Tool policies.\nexport {\n matchPattern,\n isValidPattern,\n effectivePolicyFromSorted,\n ToolPolicyActionSchema,\n type ToolPolicy,\n type CreateToolPolicyInput,\n type UpdateToolPolicyInput,\n type RemoveToolPolicyInput,\n type PolicyMatch,\n type EffectivePolicy,\n type PolicySource,\n} from \"./policies\";\n\n// Elicitation.\nexport {\n FormElicitation,\n UrlElicitation,\n ElicitationAction,\n ElicitationResponse,\n ElicitationDeclinedError,\n type ElicitationRequest,\n type ElicitationHandler,\n type ElicitationContext,\n type OnElicitation,\n type InvokeOptions,\n} from \"./elicitation\";\n\n// Blob store — the plugin-facing contract (`BlobStore`/`PluginBlobStore`)\n// plus the platform-neutral backends (`makeFumaBlobStore` default,\n// `makeInMemoryBlobStore` for tests). Platform-specific backends live with\n// their host (R2: `@executor-js/cloudflare/blob-store`).\nexport {\n pluginBlobStore,\n makeInMemoryBlobStore,\n makeFumaBlobStore,\n sha256Hex,\n type BlobStore,\n type PluginBlobStore,\n type OwnerPartitions,\n} from \"./blob\";\n\n// Plugin storage.\nexport {\n definePluginStorageCollection,\n pluginStorageId,\n type PluginStorageCollectionDefinition,\n type PluginStorageCollectionFacade,\n type PluginStorageCollectionIndexedField,\n type PluginStorageCollectionKeyInput,\n type PluginStorageCollectionListInput,\n type PluginStorageCollectionOrderBy,\n type PluginStorageCollectionPutInput,\n type PluginStorageCollectionQueryInput,\n type PluginStorageCollectionScopedKeyInput,\n type PluginStorageCollectionWhere,\n type PluginStorageConfig,\n type PluginStorageEntry,\n type PluginStorageFacade,\n type PluginStorageIndexField,\n type PluginStorageIndexSpec,\n type PluginStorageKeyInput,\n type PluginStorageListInput,\n type PluginStoragePutInput,\n type PluginStorageRuntimeCollectionDefinition,\n type PluginStorageRuntimeIndexSpec,\n type PluginStorageSchema,\n type PluginStorageSchemaType,\n type PluginStorageScopedKeyInput,\n type PluginStorageWhereFilter,\n type PluginStorageWhereValue,\n} from \"./plugin-storage\";\n\n// OAuth (v2 contracts).\nexport { OAUTH2_PROVIDER_KEY, OAUTH2_SESSION_TTL_MS } from \"./oauth\";\nexport {\n OAuthStartError,\n OAuthCompleteError,\n OAuthProbeError,\n OAuthRegisterDynamicError,\n OAuthSessionNotFoundError,\n type OAuthGrant,\n type OAuthAuthentication,\n type OAuthClient,\n type OAuthClientSummary,\n type CreateOAuthClientInput,\n type RegisterDynamicClientInput,\n type ConnectResult,\n type OAuthStartInput,\n type OAuthCompleteInput,\n type OAuthProbeInput,\n type OAuthProbeResult,\n type OAuthService,\n} from \"./oauth-client\";\n\n// NOTE: the OAuth 2.1 implementation helpers (`./oauth-helpers`,\n// `makeOAuthService` in `./oauth-service`, discovery in `./oauth-discovery`)\n// are SDK-internal — consumed only by `createExecutor`. The hosted HTTP client\n// builder is host-internal and reachable via `@executor-js/sdk/host-internal`.\n\nexport {\n DEFAULT_EXECUTOR_SERVER_ORIGIN,\n DEFAULT_EXECUTOR_SERVER_USERNAME,\n apiBaseUrlForServerOrigin,\n getExecutorServerAuthorizationHeader,\n normalizeExecutorServerConnection,\n normalizeExecutorServerOrigin,\n originFromApiBaseUrl,\n type ExecutorServerAuth,\n type ExecutorServerConnection,\n type ExecutorServerConnectionInput,\n type ExecutorServerConnectionKind,\n} from \"./server-connection\";\n\nexport {\n OAUTH_POPUP_MESSAGE_TYPE,\n type OAuthPopupResult,\n isOAuthPopupResult,\n} from \"./oauth-popup-types\";\n\n// Plugin definition.\nexport {\n type Plugin,\n type PluginSpec,\n type PluginCtx,\n type PluginExtensions,\n type ConfiguredPlugin,\n type AnyPlugin,\n type StorageDeps,\n type OwnerBinding,\n type IntegrationRecord,\n type StaticSourceDecl,\n type StaticToolDecl,\n type StaticToolSchema,\n type StaticToolExecuteContext,\n type StaticToolHandlerInput,\n type StaticToolInput,\n type ConfigureIntegrationHandlerInput,\n type InvokeToolInput,\n type ConnectionLifecycleInput,\n type IntegrationConfigureDecl,\n type IntegrationConfigureSchema,\n type IntegrationPreset,\n type IntegrationPresetCatalogEntry,\n type ResolveToolsInput,\n type ResolveToolsResult,\n type ToolInvocationCredential,\n type Elicit,\n definePlugin,\n tool,\n} from \"./plugin\";\n\n// Executor.\n//\n// `collectTables` is host/tooling-only (cli schema cmd, kernel worker,\n// local/cloud DB bring-up). Its definition stays here because `createExecutor`\n// uses it; the host surface (`@executor-js/api/server`) re-exports it.\nexport {\n type Executor,\n type ExecutorConfig,\n type ExecutorDb,\n type ExecutorDbFactory,\n type ExecutorDbInput,\n type ParsedToolAddress,\n createExecutor,\n collectTables,\n parseToolAddress,\n connectionAddress,\n toolAddress,\n} from \"./executor\";\n\n// CLI / runtime config.\nexport {\n defineExecutorConfig,\n type ExecutorCliConfig,\n type ExecutorPluginsFactory,\n} from \"./config\";\n\n// The one TS-preview generator plugins assert against.\nexport { buildToolTypeScriptPreview } from \"./schema-types\";\n\n// Wire-level HTTP error schemas usable by plugin HttpApiGroup definitions.\nexport { InternalError } from \"./api-errors\";\n\n// ToolResult — typed value-based discriminated union for tool outcomes.\nexport { ToolResult, isToolResult, type ToolError, type ToolHttpMeta } from \"./tool-result\";\n\n// Stamped boot-time data-migration ledger for the libSQL-backed apps.\nexport {\n DataMigrationError,\n DuplicateDataMigrationError,\n runSqliteDataMigrations,\n sqliteDataMigration,\n type SqliteDataMigration,\n type SqliteDataMigrationClient,\n} from \"./sqlite-data-migrations\";\n// Shared inline-config-field → blob-table migration body; the protocol\n// plugins bind their field names and export the ledger entries.\nexport {\n runSqliteConfigBlobMigration,\n type SqliteConfigBlobMigrationOptions,\n} from \"./sqlite-config-blob-migration\";\nexport {\n authToolFailure,\n type AuthToolFailureCode,\n type AuthToolFailureInput,\n} from \"./auth-tool-failure\";\n","import type { IntegrationSlug } from \"./ids\";\n\n/* Core knows only an integration's catalog identity — slug + description + which\n * plugin (`kind`) owns it. The type-specific shape (openapi auth templates + spec,\n * an mcp url, …) lives in the plugin and is stored as an opaque `config` blob core\n * never parses. An integration is one API surface; multi-API providers (Google)\n * are bundled into a single integration by their plugin, so one credential covers\n * the whole provider. */\n\n// ---------------------------------------------------------------------------\n// Declared auth methods — a plugin-agnostic projection of an integration's\n// stored `config` into the catalog response. Each plugin derives these from its\n// own opaque config (`describeAuthMethods`); core never parses config itself.\n// The client renders these as the integration's selectable auth methods, so the\n// catalog is authoritative even when the integration has zero connections.\n//\n// This is a DERIVED projection — there is no DB column. A plugin that declares\n// no projector contributes `[]`, and the client falls through to its existing\n// connection-inference behavior (no regression).\n// ---------------------------------------------------------------------------\n\nexport interface IntegrationDisplayDescriptor {\n /** Non-secret URL suitable for display metadata such as favicons. */\n readonly url?: string;\n}\n\n/** Where a credential value is carried on the outbound request. Mirrors the\n * client's `Placement`. */\nexport interface AuthPlacementDescriptor {\n readonly carrier: \"header\" | \"query\";\n readonly name: string;\n /** Literal prepended to the value (e.g. `\"Bearer \"`). Empty when bare. */\n readonly prefix: string;\n /** The input variable this placement renders from. `token` for single-input\n * methods; a distinct name per input for multi-input ones (e.g. Datadog).\n * Absent → treated as `token`. */\n readonly variable?: string;\n /** Set when the placement renders this exact value instead of a credential\n * (a static header/param the method carries). Such placements reference no\n * input variable. */\n readonly literal?: string;\n}\n\n/** OAuth specifics for an `oauth` auth method. For probe-at-connect providers\n * (MCP) only `discoveryUrl` + `supportsDynamicRegistration` are known up front;\n * the authorize/token endpoints are discovered live at connect time. For\n * providers that store endpoints (OpenAPI) the resolved URLs are carried. */\nexport interface AuthMethodOAuthDescriptor {\n /** For probe-at-connect providers (MCP): the endpoint to discover metadata\n * from (RFC 9728 PRM → RFC 8414 AS metadata). */\n readonly discoveryUrl?: string;\n readonly authorizationUrl?: string;\n readonly tokenUrl?: string;\n readonly scopes?: readonly string[];\n readonly registrationEndpoint?: string;\n /** True when the integration is known to support RFC 7591 dynamic client\n * registration (drives the transparent auto-register connect flow). */\n readonly supportsDynamicRegistration?: boolean;\n}\n\n/** A single declared auth method on an integration's catalog response. */\nexport interface AuthMethodDescriptor {\n /** Stable id within the integration (e.g. the auth template slug). */\n readonly id: string;\n readonly label: string;\n readonly kind: \"oauth\" | \"apikey\" | \"header\" | \"none\";\n /** The auth-template slug a connection binds against. */\n readonly template: string;\n readonly placements?: readonly AuthPlacementDescriptor[];\n readonly oauth?: AuthMethodOAuthDescriptor;\n}\n\n/** Public projection of an integration — what `integrations.list/get` return.\n * Carries no credentials and no plugin-internal config. */\nexport interface Integration {\n readonly slug: IntegrationSlug;\n readonly description: string;\n /** The plugin that owns this integration kind (e.g. \"openapi\", \"mcp\"). */\n readonly kind: string;\n /** Whether the user can remove this integration from the catalog. `false`\n * for static / built-in integrations declared by a plugin at startup. */\n readonly canRemove: boolean;\n /** Whether the owning plugin supports re-resolving a connection's tools\n * (`connections.refresh`). */\n readonly canRefresh: boolean;\n /** Declared auth methods derived from the owning plugin's stored config (a\n * derived projection, not a DB column). Always present, possibly empty. */\n readonly authMethods: readonly AuthMethodDescriptor[];\n /** Non-secret display URL derived by the owning plugin from opaque config.\n * Used for catalog favicons; never includes credentials or plugin config. */\n readonly displayUrl?: string;\n}\n\n/** Plugin-owned, opaque-to-core configuration stored on the integration row. The\n * owning plugin writes it at register time and reads it back at execute time to\n * render auth / produce tools. Core treats it as an opaque JSON blob. */\nexport type IntegrationConfig = unknown;\n\n// ---------------------------------------------------------------------------\n// Auth-template merge — shared by every plugin whose config carries a slugged\n// `authenticationTemplate` array (openapi, graphql, mcp). The custom-method\n// flow merge-appends: an incoming entry with a matching slug replaces the\n// existing entry in place; entries lacking a slug (or colliding with another\n// entry added in the same call) get a fresh `custom_<id>` slug.\n// ---------------------------------------------------------------------------\n\nconst shortId = (): string => Math.random().toString(36).slice(2, 8);\n\nexport const freshCustomAuthSlug = (taken: ReadonlySet<string>): string => {\n let candidate = `custom_${shortId()}`;\n while (taken.has(candidate)) candidate = `custom_${shortId()}`;\n return candidate;\n};\n\nexport const mergeAuthTemplates = <T extends { readonly slug: string }>(\n existing: readonly T[],\n incoming: readonly T[],\n): readonly T[] => {\n const result: T[] = existing.map((entry: T) => entry);\n const taken = new Set<string>(result.map((entry: T) => String(entry.slug)));\n for (const entry of incoming) {\n // `slug` may be branded-required in the plugin's schema, but JSON callers\n // can submit it empty/blank — read defensively and backfill so every\n // stored template has a stable slug.\n const rawSlug = (entry as { readonly slug?: unknown }).slug;\n const requested = typeof rawSlug === \"string\" ? rawSlug.trim() : \"\";\n const existingIndex = result.findIndex((current: T) => String(current.slug) === requested);\n if (requested.length > 0 && existingIndex >= 0) {\n result[existingIndex] = entry;\n continue;\n }\n const slug =\n requested.length > 0 && !taken.has(requested) ? requested : freshCustomAuthSlug(taken);\n taken.add(slug);\n result.push({ ...entry, slug } as T);\n }\n return result;\n};\n\n/** What a plugin's extension method passes to `ctx.core.integrations.register`.\n * The v2 analog of v1's `SourceInput`, minus the per-source tool list (tools are\n * produced per-connection now). */\nexport interface RegisterIntegrationInput {\n readonly slug: IntegrationSlug;\n readonly description: string;\n /** Opaque plugin config (auth templates, spec ref, mcp url, …). */\n readonly config: IntegrationConfig;\n readonly canRemove?: boolean;\n readonly canRefresh?: boolean;\n}\n","// ---------------------------------------------------------------------------\n// ToolResult — typed value-based discriminated union returned by tool\n// handlers and `invokeTool`. Domain success and expected failure both\n// resolve through Effect's success channel; only true infra defects use\n// the Effect failure channel.\n// ---------------------------------------------------------------------------\n\nimport { Schema } from \"effect\";\n\nexport const ToolErrorSchema = Schema.Struct({\n code: Schema.String,\n message: Schema.String,\n status: Schema.optional(Schema.Number),\n details: Schema.optional(Schema.Unknown),\n retryable: Schema.optional(Schema.Boolean),\n});\n\nexport type ToolError = typeof ToolErrorSchema.Type;\n\nexport const ToolHttpMetaSchema = Schema.Struct({\n status: Schema.Number,\n headers: Schema.Record(Schema.String, Schema.String),\n});\n\n/**\n * Transport metadata for HTTP-backed tools (OpenAPI). Kept beside `data`\n * rather than wrapped around it: `data` stays the upstream payload, while\n * cross-cutting transport facts (pagination Link headers, rate-limit\n * headers) remain reachable for callers that need them.\n */\nexport type ToolHttpMeta = typeof ToolHttpMetaSchema.Type;\n\nexport type ToolResult<T> =\n | { readonly ok: true; readonly data: T; readonly http?: ToolHttpMeta }\n | { readonly ok: false; readonly error: ToolError };\n\nexport const ToolResult = {\n ok: <T>(data: T, meta?: { readonly http?: ToolHttpMeta }): ToolResult<T> => ({\n ok: true,\n data,\n ...(meta?.http ? { http: meta.http } : {}),\n }),\n fail: <T = never>(error: ToolError): ToolResult<T> => ({ ok: false, error }),\n} as const;\n\nconst ToolResultSchema = Schema.Union([\n Schema.Struct({\n ok: Schema.Literal(true),\n data: Schema.Unknown,\n http: Schema.optional(ToolHttpMetaSchema),\n }),\n Schema.Struct({ ok: Schema.Literal(false), error: ToolErrorSchema }),\n]);\n\nconst isUnknownToolResult = Schema.is(ToolResultSchema);\n\nexport const isToolResult = (value: unknown): value is ToolResult<unknown> =>\n isUnknownToolResult(value);\n","// ---------------------------------------------------------------------------\n// Stamped data-migration ledger for the libSQL-backed apps (local boot,\n// selfhost boot). Cloud runs schema + data migrations through its drizzle\n// chain out-of-band; the local apps have no operator, so their migrations\n// run at boot — and before this ledger existed, each one re-scanned its\n// tables on every startup to decide \"did I already run?\" by data shape.\n// That accumulates (N migrations = N full-table scans per boot, forever)\n// and makes idempotence a per-migration proof obligation.\n//\n// This is the rail instead: a `data_migration` table (name → completion\n// time), an ordered registry the app composes, and a runner that executes\n// each pending migration once and stamps it. Stamped names are skipped\n// without touching the data.\n//\n// Write migrations idempotently anyway (defense in depth — the support\n// remedy for a half-applied state is deleting the stamp row and\n// rebooting). One deliberate semantics change from the scan-every-boot\n// era: after a migration is stamped, rows written later by an OLDER binary\n// (downgrade, then re-upgrade) are NOT re-healed. That matches the cloud\n// chain's semantics; the stamp row, not the data shape, is the source of\n// truth.\n// ---------------------------------------------------------------------------\n\nimport { Data, Effect } from \"effect\";\n\n/** Structural client interface so this module stays dependency-free;\n * `@libsql/client` satisfies it. */\nexport interface SqliteDataMigrationClient {\n execute(\n stmt: string | { readonly sql: string; readonly args: readonly unknown[] },\n ): Promise<{ readonly rows: readonly Record<string, unknown>[] }>;\n}\n\nexport class DataMigrationError extends Data.TaggedError(\"DataMigrationError\")<{\n /** The migration that failed, or null when the ledger itself did. */\n readonly migration: string | null;\n readonly cause: unknown;\n}> {}\n\nexport class DuplicateDataMigrationError extends Data.TaggedError(\"DuplicateDataMigrationError\")<{\n readonly name: string;\n}> {}\n\nexport interface SqliteDataMigration {\n /** Stable unique id, date-prefixed so the registry reads in order\n * (e.g. \"2026-06-05-auth-config-placements\"). Renaming an applied\n * migration re-runs it — never rename. */\n readonly name: string;\n readonly run: (client: SqliteDataMigrationClient) => Effect.Effect<void, DataMigrationError>;\n}\n\nconst LEDGER_TABLE = \"data_migration\";\n\nconst execute = (\n client: SqliteDataMigrationClient,\n stmt: string | { readonly sql: string; readonly args: readonly unknown[] },\n migration: string | null,\n) =>\n Effect.tryPromise({\n try: () => client.execute(stmt),\n catch: (cause) => new DataMigrationError({ migration, cause }),\n });\n\n/** Wrap a promise-shaped migration body as a registry entry. */\nexport const sqliteDataMigration = (\n name: string,\n run: (client: SqliteDataMigrationClient) => Promise<unknown>,\n): SqliteDataMigration => ({\n name,\n run: (client) =>\n Effect.tryPromise({\n try: () => run(client),\n catch: (cause) => new DataMigrationError({ migration: name, cause }),\n }).pipe(Effect.asVoid),\n});\n\n/**\n * Run every registry entry whose name has no stamp row, in registry order,\n * stamping each on success. Returns the applied names.\n *\n * Atomicity is the migration's own job (the existing migrations run their\n * rewrites inside BEGIN…COMMIT), so the runner does not wrap them — SQLite\n * has no nested transactions. The stamp is written after the migration\n * succeeds; a crash between the two re-runs the (idempotent) migration on\n * the next boot, which is a no-op. A failed migration leaves no stamp and\n * fails the boot.\n */\nexport const runSqliteDataMigrations = (\n client: SqliteDataMigrationClient,\n migrations: readonly SqliteDataMigration[],\n): Effect.Effect<readonly string[], DataMigrationError | DuplicateDataMigrationError> =>\n Effect.gen(function* () {\n const names = new Set<string>();\n for (const migration of migrations) {\n if (names.has(migration.name)) {\n return yield* new DuplicateDataMigrationError({ name: migration.name });\n }\n names.add(migration.name);\n }\n\n yield* execute(\n client,\n `CREATE TABLE IF NOT EXISTS ${LEDGER_TABLE} (name TEXT PRIMARY KEY, time_completed INTEGER NOT NULL)`,\n null,\n );\n const stamped = yield* execute(client, `SELECT name FROM ${LEDGER_TABLE}`, null);\n const completed = new Set(\n stamped.rows.map((row) => row.name).filter((name) => typeof name === \"string\"),\n );\n\n const applied: string[] = [];\n for (const migration of migrations) {\n if (completed.has(migration.name)) continue;\n yield* migration.run(client);\n yield* execute(\n client,\n {\n sql: `INSERT INTO ${LEDGER_TABLE} (name, time_completed) VALUES (?, ?)`,\n args: [migration.name, Date.now()],\n },\n migration.name,\n );\n applied.push(migration.name);\n }\n return applied;\n });\n","// ---------------------------------------------------------------------------\n// Data migration: move an oversized inline `integration.config` field into\n// the blob table. The shape both protocol plugins need is identical — only\n// the field names differ — so the body lives here and each plugin exports a\n// ledger entry that binds its constants (openapi: spec → specHash under\n// `spec/<hash>`; graphql: introspectionJson → introspectionHash under\n// `introspection/<hash>`).\n//\n// Blob rows are written with the EXACT naming `makeFumaBlobStore` +\n// `pluginBlobStore` read back at runtime: namespace `o:<tenant>/<pluginId>`\n// (the org partition — integration configs are catalog-level), key\n// `<prefix>/<sha256>`, id `JSON.stringify([namespace, key])`. That makes it\n// correct ONLY for hosts whose runtime blob backend is the FumaDB store\n// (local, selfhost) — a host that reads blobs elsewhere (the D1 host reads\n// R2) must not register it, or the rewritten pointers would dangle.\n//\n// Idempotent: pointer-shaped configs (no inline field) plan zero updates,\n// and blob writes are content-addressed upserts.\n// ---------------------------------------------------------------------------\n\nimport { Effect, Option, Schema } from \"effect\";\n\nimport { sha256Hex } from \"./blob\";\nimport { DataMigrationError, type SqliteDataMigrationClient } from \"./sqlite-data-migrations\";\n\nexport interface SqliteConfigBlobMigrationOptions {\n /** The ledger entry name, for error attribution. */\n readonly migrationName: string;\n /** Rows whose `plugin_id` equals this are candidates. */\n readonly pluginId: string;\n /** The config field holding the inline text to move (e.g. `spec`). */\n readonly inlineField: string;\n /** The config field that will carry the content hash (e.g. `specHash`). */\n readonly hashField: string;\n /** Blob key prefix; the key is `<prefix>/<sha256>` (e.g. `spec`). */\n readonly blobKeyPrefix: string;\n}\n\nconst decodeJsonOption = Schema.decodeUnknownOption(Schema.UnknownFromJsonString);\n\nconst isRecord = (value: unknown): value is Record<string, unknown> =>\n typeof value === \"object\" && value !== null && !Array.isArray(value);\n\n/**\n * Move every inline `options.inlineField` in this plugin's integration\n * configs into the blob table and rewrite the config to carry\n * `options.hashField`. Returns the number of rows rewritten. The\n * `integration` table may not exist yet on a fresh database — that counts\n * as nothing to migrate.\n */\nexport const runSqliteConfigBlobMigration = (\n client: SqliteDataMigrationClient,\n options: SqliteConfigBlobMigrationOptions,\n): Effect.Effect<number, DataMigrationError> =>\n Effect.gen(function* () {\n const execute = (stmt: string | { readonly sql: string; readonly args: readonly unknown[] }) =>\n Effect.tryPromise({\n try: () => client.execute(stmt),\n catch: (cause) => new DataMigrationError({ migration: options.migrationName, cause }),\n });\n\n const exists = yield* execute(\n \"SELECT name FROM sqlite_master WHERE type = 'table' AND name = 'integration'\",\n );\n if (exists.rows.length === 0) return 0;\n\n const result = yield* execute({\n sql: \"SELECT row_id, tenant, config FROM integration WHERE plugin_id = ? AND config IS NOT NULL\",\n args: [options.pluginId],\n });\n\n interface PlannedMove {\n readonly rowId: string;\n readonly namespace: string;\n readonly key: string;\n readonly blobId: string;\n readonly inlineText: string;\n readonly nextConfig: string;\n }\n const moves: PlannedMove[] = [];\n for (const row of result.rows) {\n if (typeof row.row_id !== \"string\" || typeof row.tenant !== \"string\") continue;\n if (typeof row.config !== \"string\") continue;\n const decoded = decodeJsonOption(row.config);\n if (Option.isNone(decoded) || !isRecord(decoded.value)) continue;\n const inline = decoded.value[options.inlineField];\n if (typeof inline !== \"string\") continue;\n\n const hash = yield* sha256Hex(inline);\n const namespace = `o:${row.tenant}/${options.pluginId}`;\n const key = `${options.blobKeyPrefix}/${hash}`;\n const { [options.inlineField]: _removed, ...rest } = decoded.value;\n moves.push({\n rowId: row.row_id,\n namespace,\n key,\n blobId: JSON.stringify([namespace, key]),\n inlineText: inline,\n nextConfig: JSON.stringify({ ...rest, [options.hashField]: hash }),\n });\n }\n if (moves.length === 0) return 0;\n\n const applyAll = Effect.gen(function* () {\n for (const move of moves) {\n const existing = yield* execute({\n sql: \"SELECT row_id FROM blob WHERE id = ?\",\n args: [move.blobId],\n });\n if (existing.rows.length === 0) {\n yield* execute({\n sql: \"INSERT INTO blob (namespace, key, value, row_id, id) VALUES (?, ?, ?, ?, ?)\",\n args: [move.namespace, move.key, move.inlineText, crypto.randomUUID(), move.blobId],\n });\n } else {\n yield* execute({\n sql: \"UPDATE blob SET value = ? WHERE id = ?\",\n args: [move.inlineText, move.blobId],\n });\n }\n yield* execute({\n sql: \"UPDATE integration SET config = ? WHERE row_id = ?\",\n args: [move.nextConfig, move.rowId],\n });\n }\n yield* execute(\"COMMIT\");\n });\n\n yield* execute(\"BEGIN\");\n yield* applyAll.pipe(Effect.tapError(() => execute(\"ROLLBACK\").pipe(Effect.ignore)));\n return moves.length;\n });\n","import { ToolResult, type ToolError } from \"./tool-result\";\n\nexport type AuthToolFailureCode =\n | \"connection_value_missing\"\n | \"connection_rejected\"\n | \"oauth_connection_missing\"\n | \"oauth_refresh_failed\"\n | \"oauth_reauth_required\";\n\nexport type AuthToolFailureInput = {\n readonly code: AuthToolFailureCode;\n readonly message: string;\n readonly source?: {\n readonly id: string;\n readonly scope?: string;\n };\n readonly credential?: {\n readonly kind: \"secret\" | \"oauth\" | \"upstream\";\n readonly label?: string;\n readonly slotKey?: string;\n readonly secretId?: string;\n readonly connectionId?: string;\n };\n readonly status?: number;\n readonly upstream?: {\n readonly status?: number;\n readonly details?: unknown;\n };\n readonly recovery?: {\n readonly configureSourceTool?: string;\n };\n};\n\n// In v1.5 a connection IS the credential: there is no standalone secret to\n// \"bind\" to a source afterward. Manually-entered credentials are created via\n// the connection handoff (the user enters the value in the web UI, which\n// creates the bound connection in one step); OAuth credentials are minted by\n// the OAuth start flow. These strings are read by the agent resolving the\n// failure, so they must name tools that actually exist on the executor.\nconst authRecovery = (input?: AuthToolFailureInput[\"recovery\"]) => ({\n createConnectionTool: \"executor.coreTools.connections.createHandoff\",\n startOAuthTool: \"executor.coreTools.oauth.start\",\n listConnectionsTool: \"executor.coreTools.connections.list\",\n ...(input?.configureSourceTool ? { configureSourceTool: input.configureSourceTool } : {}),\n connectionInstructions:\n \"For API keys and tokens, call createConnectionTool for the integration to get a browser URL; the user enters the credential there, which creates the bound connection. Do not ask the user to paste secrets into chat. Then call listConnectionsTool to confirm the connection exists before retrying this tool.\",\n oauthInstructions:\n \"For OAuth credentials, call startOAuthTool and give the returned authorizationUrl to the user. The completed connection binds automatically, then retry the tool.\",\n});\n\nexport const authToolFailure = <T = never>(input: AuthToolFailureInput): ToolResult<T> => {\n const error: ToolError = {\n code: input.code,\n message: input.message,\n retryable: false,\n ...(input.status !== undefined ? { status: input.status } : {}),\n details: {\n category: \"authentication\",\n ...(input.source ? { source: input.source } : {}),\n ...(input.credential ? { credential: input.credential } : {}),\n ...(input.upstream ? { upstream: input.upstream } : {}),\n recovery: authRecovery(input.recovery),\n },\n };\n return ToolResult.fail(error);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,SAAS,SAAS,UAAAA,SAAQ,OAAO,UAAAC,SAAQ,QAAAC,OAAM,UAAAC,eAAc;AAC7D;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAGP,SAAS,cAAc;AAGvB,SAAS,QAAQ,UAAoB,QAAY,aAAa;;;ACqF9D,IAAM,UAAU,MAAc,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,CAAC;AAE5D,IAAM,sBAAsB,CAAC,UAAuC;AACzE,MAAI,YAAY,UAAU,QAAQ,CAAC;AACnC,SAAO,MAAM,IAAI,SAAS,EAAG,aAAY,UAAU,QAAQ,CAAC;AAC5D,SAAO;AACT;AAEO,IAAM,qBAAqB,CAChC,UACA,aACiB;AACjB,QAAM,SAAc,SAAS,IAAI,CAAC,UAAa,KAAK;AACpD,QAAM,QAAQ,IAAI,IAAY,OAAO,IAAI,CAAC,UAAa,OAAO,MAAM,IAAI,CAAC,CAAC;AAC1E,aAAW,SAAS,UAAU;AAI5B,UAAM,UAAW,MAAsC;AACvD,UAAM,YAAY,OAAO,YAAY,WAAW,QAAQ,KAAK,IAAI;AACjE,UAAM,gBAAgB,OAAO,UAAU,CAAC,YAAe,OAAO,QAAQ,IAAI,MAAM,SAAS;AACzF,QAAI,UAAU,SAAS,KAAK,iBAAiB,GAAG;AAC9C,aAAO,aAAa,IAAI;AACxB;AAAA,IACF;AACA,UAAM,OACJ,UAAU,SAAS,KAAK,CAAC,MAAM,IAAI,SAAS,IAAI,YAAY,oBAAoB,KAAK;AACvF,UAAM,IAAI,IAAI;AACd,WAAO,KAAK,EAAE,GAAG,OAAO,KAAK,CAAM;AAAA,EACrC;AACA,SAAO;AACT;;;AClIA,SAAS,cAAc;AAEhB,IAAM,kBAAkB,OAAO,OAAO;AAAA,EAC3C,MAAM,OAAO;AAAA,EACb,SAAS,OAAO;AAAA,EAChB,QAAQ,OAAO,SAAS,OAAO,MAAM;AAAA,EACrC,SAAS,OAAO,SAAS,OAAO,OAAO;AAAA,EACvC,WAAW,OAAO,SAAS,OAAO,OAAO;AAC3C,CAAC;AAIM,IAAM,qBAAqB,OAAO,OAAO;AAAA,EAC9C,QAAQ,OAAO;AAAA,EACf,SAAS,OAAO,OAAO,OAAO,QAAQ,OAAO,MAAM;AACrD,CAAC;AAcM,IAAM,aAAa;AAAA,EACxB,IAAI,CAAI,MAAS,UAA4D;AAAA,IAC3E,IAAI;AAAA,IACJ;AAAA,IACA,GAAI,MAAM,OAAO,EAAE,MAAM,KAAK,KAAK,IAAI,CAAC;AAAA,EAC1C;AAAA,EACA,MAAM,CAAY,WAAqC,EAAE,IAAI,OAAO,MAAM;AAC5E;AAEA,IAAM,mBAAmB,OAAO,MAAM;AAAA,EACpC,OAAO,OAAO;AAAA,IACZ,IAAI,OAAO,QAAQ,IAAI;AAAA,IACvB,MAAM,OAAO;AAAA,IACb,MAAM,OAAO,SAAS,kBAAkB;AAAA,EAC1C,CAAC;AAAA,EACD,OAAO,OAAO,EAAE,IAAI,OAAO,QAAQ,KAAK,GAAG,OAAO,gBAAgB,CAAC;AACrE,CAAC;AAED,IAAM,sBAAsB,OAAO,GAAG,gBAAgB;AAE/C,IAAM,eAAe,CAAC,UAC3B,oBAAoB,KAAK;;;AClC3B,SAAS,MAAM,cAAc;AAUtB,IAAM,qBAAN,cAAiC,KAAK,YAAY,oBAAoB,EAI1E;AAAC;AAEG,IAAM,8BAAN,cAA0C,KAAK,YAAY,6BAA6B,EAE5F;AAAC;AAUJ,IAAM,eAAe;AAErB,IAAM,UAAU,CACd,QACA,MACA,cAEA,OAAO,WAAW;AAAA,EAChB,KAAK,MAAM,OAAO,QAAQ,IAAI;AAAA,EAC9B,OAAO,CAAC,UAAU,IAAI,mBAAmB,EAAE,WAAW,MAAM,CAAC;AAC/D,CAAC;AAGI,IAAM,sBAAsB,CACjC,MACA,SACyB;AAAA,EACzB;AAAA,EACA,KAAK,CAAC,WACJ,OAAO,WAAW;AAAA,IAChB,KAAK,MAAM,IAAI,MAAM;AAAA,IACrB,OAAO,CAAC,UAAU,IAAI,mBAAmB,EAAE,WAAW,MAAM,MAAM,CAAC;AAAA,EACrE,CAAC,EAAE,KAAK,OAAO,MAAM;AACzB;AAaO,IAAM,0BAA0B,CACrC,QACA,eAEA,OAAO,IAAI,aAAa;AACtB,QAAM,QAAQ,oBAAI,IAAY;AAC9B,aAAW,aAAa,YAAY;AAClC,QAAI,MAAM,IAAI,UAAU,IAAI,GAAG;AAC7B,aAAO,OAAO,IAAI,4BAA4B,EAAE,MAAM,UAAU,KAAK,CAAC;AAAA,IACxE;AACA,UAAM,IAAI,UAAU,IAAI;AAAA,EAC1B;AAEA,SAAO;AAAA,IACL;AAAA,IACA,8BAA8B,YAAY;AAAA,IAC1C;AAAA,EACF;AACA,QAAM,UAAU,OAAO,QAAQ,QAAQ,oBAAoB,YAAY,IAAI,IAAI;AAC/E,QAAM,YAAY,IAAI;AAAA,IACpB,QAAQ,KAAK,IAAI,CAAC,QAAQ,IAAI,IAAI,EAAE,OAAO,CAAC,SAAS,OAAO,SAAS,QAAQ;AAAA,EAC/E;AAEA,QAAM,UAAoB,CAAC;AAC3B,aAAW,aAAa,YAAY;AAClC,QAAI,UAAU,IAAI,UAAU,IAAI,EAAG;AACnC,WAAO,UAAU,IAAI,MAAM;AAC3B,WAAO;AAAA,MACL;AAAA,MACA;AAAA,QACE,KAAK,eAAe,YAAY;AAAA,QAChC,MAAM,CAAC,UAAU,MAAM,KAAK,IAAI,CAAC;AAAA,MACnC;AAAA,MACA,UAAU;AAAA,IACZ;AACA,YAAQ,KAAK,UAAU,IAAI;AAAA,EAC7B;AACA,SAAO;AACT,CAAC;;;ACzGH,SAAS,UAAAC,SAAQ,QAAQ,UAAAC,eAAc;AAkBvC,IAAM,mBAAmBC,QAAO,oBAAoBA,QAAO,qBAAqB;AAEhF,IAAM,WAAW,CAAC,UAChB,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAS9D,IAAM,+BAA+B,CAC1C,QACA,YAEAC,QAAO,IAAI,aAAa;AACtB,QAAMC,WAAU,CAAC,SACfD,QAAO,WAAW;AAAA,IAChB,KAAK,MAAM,OAAO,QAAQ,IAAI;AAAA,IAC9B,OAAO,CAAC,UAAU,IAAI,mBAAmB,EAAE,WAAW,QAAQ,eAAe,MAAM,CAAC;AAAA,EACtF,CAAC;AAEH,QAAM,SAAS,OAAOC;AAAA,IACpB;AAAA,EACF;AACA,MAAI,OAAO,KAAK,WAAW,EAAG,QAAO;AAErC,QAAM,SAAS,OAAOA,SAAQ;AAAA,IAC5B,KAAK;AAAA,IACL,MAAM,CAAC,QAAQ,QAAQ;AAAA,EACzB,CAAC;AAUD,QAAM,QAAuB,CAAC;AAC9B,aAAW,OAAO,OAAO,MAAM;AAC7B,QAAI,OAAO,IAAI,WAAW,YAAY,OAAO,IAAI,WAAW,SAAU;AACtE,QAAI,OAAO,IAAI,WAAW,SAAU;AACpC,UAAM,UAAU,iBAAiB,IAAI,MAAM;AAC3C,QAAI,OAAO,OAAO,OAAO,KAAK,CAAC,SAAS,QAAQ,KAAK,EAAG;AACxD,UAAM,SAAS,QAAQ,MAAM,QAAQ,WAAW;AAChD,QAAI,OAAO,WAAW,SAAU;AAEhC,UAAM,OAAO,OAAO,UAAU,MAAM;AACpC,UAAM,YAAY,KAAK,IAAI,MAAM,IAAI,QAAQ,QAAQ;AACrD,UAAM,MAAM,GAAG,QAAQ,aAAa,IAAI,IAAI;AAC5C,UAAM,EAAE,CAAC,QAAQ,WAAW,GAAG,UAAU,GAAG,KAAK,IAAI,QAAQ;AAC7D,UAAM,KAAK;AAAA,MACT,OAAO,IAAI;AAAA,MACX;AAAA,MACA;AAAA,MACA,QAAQ,KAAK,UAAU,CAAC,WAAW,GAAG,CAAC;AAAA,MACvC,YAAY;AAAA,MACZ,YAAY,KAAK,UAAU,EAAE,GAAG,MAAM,CAAC,QAAQ,SAAS,GAAG,KAAK,CAAC;AAAA,IACnE,CAAC;AAAA,EACH;AACA,MAAI,MAAM,WAAW,EAAG,QAAO;AAE/B,QAAM,WAAWD,QAAO,IAAI,aAAa;AACvC,eAAW,QAAQ,OAAO;AACxB,YAAM,WAAW,OAAOC,SAAQ;AAAA,QAC9B,KAAK;AAAA,QACL,MAAM,CAAC,KAAK,MAAM;AAAA,MACpB,CAAC;AACD,UAAI,SAAS,KAAK,WAAW,GAAG;AAC9B,eAAOA,SAAQ;AAAA,UACb,KAAK;AAAA,UACL,MAAM,CAAC,KAAK,WAAW,KAAK,KAAK,KAAK,YAAY,OAAO,WAAW,GAAG,KAAK,MAAM;AAAA,QACpF,CAAC;AAAA,MACH,OAAO;AACL,eAAOA,SAAQ;AAAA,UACb,KAAK;AAAA,UACL,MAAM,CAAC,KAAK,YAAY,KAAK,MAAM;AAAA,QACrC,CAAC;AAAA,MACH;AACA,aAAOA,SAAQ;AAAA,QACb,KAAK;AAAA,QACL,MAAM,CAAC,KAAK,YAAY,KAAK,KAAK;AAAA,MACpC,CAAC;AAAA,IACH;AACA,WAAOA,SAAQ,QAAQ;AAAA,EACzB,CAAC;AAED,SAAOA,SAAQ,OAAO;AACtB,SAAO,SAAS,KAAKD,QAAO,SAAS,MAAMC,SAAQ,UAAU,EAAE,KAAKD,QAAO,MAAM,CAAC,CAAC;AACnF,SAAO,MAAM;AACf,CAAC;;;AC5FH,IAAM,eAAe,CAAC,WAA8C;AAAA,EAClE,sBAAsB;AAAA,EACtB,gBAAgB;AAAA,EAChB,qBAAqB;AAAA,EACrB,GAAI,OAAO,sBAAsB,EAAE,qBAAqB,MAAM,oBAAoB,IAAI,CAAC;AAAA,EACvF,wBACE;AAAA,EACF,mBACE;AACJ;AAEO,IAAM,kBAAkB,CAAY,UAA+C;AACxF,QAAM,QAAmB;AAAA,IACvB,MAAM,MAAM;AAAA,IACZ,SAAS,MAAM;AAAA,IACf,WAAW;AAAA,IACX,GAAI,MAAM,WAAW,SAAY,EAAE,QAAQ,MAAM,OAAO,IAAI,CAAC;AAAA,IAC7D,SAAS;AAAA,MACP,UAAU;AAAA,MACV,GAAI,MAAM,SAAS,EAAE,QAAQ,MAAM,OAAO,IAAI,CAAC;AAAA,MAC/C,GAAI,MAAM,aAAa,EAAE,YAAY,MAAM,WAAW,IAAI,CAAC;AAAA,MAC3D,GAAI,MAAM,WAAW,EAAE,UAAU,MAAM,SAAS,IAAI,CAAC;AAAA,MACrD,UAAU,aAAa,MAAM,QAAQ;AAAA,IACvC;AAAA,EACF;AACA,SAAO,WAAW,KAAK,KAAK;AAC9B;","names":["Effect","Schema","Data","Option","Effect","Schema","Schema","Effect","execute"]}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { type FumaDB } from "@executor-js/fumadb";
|
|
2
2
|
import { type DrizzleRuntimeProvider } from "@executor-js/fumadb/adapters/drizzle";
|
|
3
3
|
import { schema as fumaSchema, type RelationsMap } from "@executor-js/fumadb/schema";
|
|
4
|
+
import type { BlobStore } from "./blob";
|
|
4
5
|
import type { FumaDb, FumaTables } from "./fuma-runtime";
|
|
5
6
|
export type ExecutorDbProvider = DrizzleRuntimeProvider;
|
|
6
7
|
export type ExecutorFumaSchema<TTables extends FumaTables> = ReturnType<typeof fumaSchema<string, TTables, RelationsMap<TTables>>>;
|
|
@@ -41,5 +42,12 @@ export interface CreateExecutorFumaDbOptions<TTables extends FumaTables = FumaTa
|
|
|
41
42
|
export declare const createExecutorFumaDb: <const TTables extends FumaTables>(drizzleDb: unknown, options: CreateExecutorFumaDbOptions<TTables>) => ExecutorFumaDb<TTables>;
|
|
42
43
|
export interface ExecutorDbHandle<TTables extends FumaTables = FumaTables> extends ExecutorFumaDb<TTables> {
|
|
43
44
|
readonly close: () => Promise<void>;
|
|
45
|
+
/**
|
|
46
|
+
* Optional blob backend assembled alongside the driver (an R2 bucket on the
|
|
47
|
+
* Cloudflare hosts). `makeScopedExecutor` threads it into
|
|
48
|
+
* `createExecutor({ blobs })`; absent, the executor defaults to the FumaDB
|
|
49
|
+
* `blob` table over `db`.
|
|
50
|
+
*/
|
|
51
|
+
readonly blobs?: BlobStore;
|
|
44
52
|
}
|
|
45
53
|
//# sourceMappingURL=executor-fuma-db.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"executor-fuma-db.d.ts","sourceRoot":"","sources":["../src/executor-fuma-db.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAU,KAAK,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,KAAK,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAEnF,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,KAAK,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAErF,OAAO,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAKzD,MAAM,MAAM,kBAAkB,GAAG,sBAAsB,CAAC;AAExD,MAAM,MAAM,kBAAkB,CAAC,OAAO,SAAS,UAAU,IAAI,UAAU,CACrE,OAAO,UAAU,CAAC,MAAM,EAAE,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC,CAC1D,CAAC;AAEF,MAAM,WAAW,cAAc,CAAC,OAAO,SAAS,UAAU,GAAG,UAAU;IACrE,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;IACjD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;CACtD;AAED,MAAM,WAAW,2BAA2B,CAAC,OAAO,SAAS,UAAU,GAAG,UAAU;IAClF,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,kBAAkB,CAAC;IACtC;;;;;;OAMG;IACH,QAAQ,CAAC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAC3C;;;;OAIG;IACH,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;CACtC;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,oBAAoB,GAAI,KAAK,CAAC,OAAO,SAAS,UAAU,EACnE,WAAW,OAAO,EAClB,SAAS,2BAA2B,CAAC,OAAO,CAAC,KAC5C,cAAc,CAAC,OAAO,CAsBxB,CAAC;AAOF,MAAM,WAAW,gBAAgB,CAC/B,OAAO,SAAS,UAAU,GAAG,UAAU,CACvC,SAAQ,cAAc,CAAC,OAAO,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"executor-fuma-db.d.ts","sourceRoot":"","sources":["../src/executor-fuma-db.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAU,KAAK,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,KAAK,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAEnF,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,KAAK,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAErF,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACxC,OAAO,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAKzD,MAAM,MAAM,kBAAkB,GAAG,sBAAsB,CAAC;AAExD,MAAM,MAAM,kBAAkB,CAAC,OAAO,SAAS,UAAU,IAAI,UAAU,CACrE,OAAO,UAAU,CAAC,MAAM,EAAE,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC,CAC1D,CAAC;AAEF,MAAM,WAAW,cAAc,CAAC,OAAO,SAAS,UAAU,GAAG,UAAU;IACrE,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;IACjD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;CACtD;AAED,MAAM,WAAW,2BAA2B,CAAC,OAAO,SAAS,UAAU,GAAG,UAAU;IAClF,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,kBAAkB,CAAC;IACtC;;;;;;OAMG;IACH,QAAQ,CAAC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAC3C;;;;OAIG;IACH,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;CACtC;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,oBAAoB,GAAI,KAAK,CAAC,OAAO,SAAS,UAAU,EACnE,WAAW,OAAO,EAClB,SAAS,2BAA2B,CAAC,OAAO,CAAC,KAC5C,cAAc,CAAC,OAAO,CAsBxB,CAAC;AAOF,MAAM,WAAW,gBAAgB,CAC/B,OAAO,SAAS,UAAU,GAAG,UAAU,CACvC,SAAQ,cAAc,CAAC,OAAO,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACpC;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;CAC5B"}
|
package/dist/executor.d.ts
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { Effect, Layer } from "effect";
|
|
2
2
|
import { type HttpClient } from "effect/unstable/http";
|
|
3
3
|
import { type FumaDb, type FumaTables, type StorageFailure } from "./fuma-runtime";
|
|
4
|
+
import { type BlobStore } from "./blob";
|
|
4
5
|
import type { Connection, ConnectionRef, CreateConnectionInput } from "./connection";
|
|
5
6
|
import { type OnElicitation, type InvokeOptions } from "./elicitation";
|
|
6
7
|
export type { OnElicitation, InvokeOptions } from "./elicitation";
|
|
@@ -89,6 +90,13 @@ export interface ExecutorConfig<TPlugins extends readonly AnyPlugin[] = readonly
|
|
|
89
90
|
/** The acting member, or omit for a pure-org executor (no `owner:"user"`). */
|
|
90
91
|
readonly subject?: Subject;
|
|
91
92
|
readonly db?: ExecutorDbInput | ExecutorDbFactory;
|
|
93
|
+
/**
|
|
94
|
+
* Backend for the plugin blob seam (`StorageDeps.blobs`). Defaults to the
|
|
95
|
+
* FumaDB `blob` table over `db`. Hosts with an object store hand one in
|
|
96
|
+
* (e.g. the R2 store in `@executor-js/cloudflare/blob-store`) so multi-MB
|
|
97
|
+
* values stay out of the relational tier.
|
|
98
|
+
*/
|
|
99
|
+
readonly blobs?: BlobStore;
|
|
92
100
|
readonly plugins?: TPlugins;
|
|
93
101
|
/** Config-level credential providers, merged with every
|
|
94
102
|
* `plugin.credentialProviders`. Config providers register first, so the
|
package/dist/executor.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,KAAK,EAA6B,MAAM,QAAQ,CAAC;AAClE,OAAO,EAAmB,KAAK,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAQxE,OAAO,EAIL,KAAK,MAAM,EAEX,KAAK,UAAU,EACf,KAAK,cAAc,EACpB,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,KAAK,EAA6B,MAAM,QAAQ,CAAC;AAClE,OAAO,EAAmB,KAAK,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAQxE,OAAO,EAIL,KAAK,MAAM,EAEX,KAAK,UAAU,EACf,KAAK,cAAc,EACpB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAsC,KAAK,SAAS,EAAwB,MAAM,QAAQ,CAAC;AAElG,OAAO,KAAK,EACV,UAAU,EAEV,aAAa,EACb,qBAAqB,EAEtB,MAAM,cAAc,CAAC;AAatB,OAAO,EAML,KAAK,aAAa,EAClB,KAAK,aAAa,EACnB,MAAM,eAAe,CAAC;AAEvB,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAClE,OAAO,EACL,uBAAuB,EACvB,oCAAoC,EAEpC,wBAAwB,EACxB,2BAA2B,EAC3B,iCAAiC,EAMjC,KAAK,YAAY,EAClB,MAAM,UAAU,CAAC;AAClB,OAAO,EAEL,iBAAiB,EACjB,cAAc,EACd,eAAe,EAGf,KAAK,EAGL,WAAW,EACX,OAAO,EACP,MAAM,EACN,WAAW,EACX,QAAQ,EACT,MAAM,OAAO,CAAC;AACf,OAAO,KAAK,EAEV,WAAW,EAGZ,MAAM,eAAe,CAAC;AAEvB,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAKL,KAAK,qBAAqB,EAC1B,KAAK,eAAe,EACpB,KAAK,qBAAqB,EAC1B,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC3B,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AACpE,OAAO,KAAK,EACV,SAAS,EAOT,gBAAgB,EAMjB,MAAM,UAAU,CAAC;AAgBlB,OAAO,EAAE,cAAc,EAAE,KAAK,0BAA0B,EAAE,MAAM,SAAS,CAAC;AAC1E,OAAO,EAAE,KAAK,IAAI,EAAsC,KAAK,cAAc,EAAE,MAAM,QAAQ,CAAC;AAG5F,OAAO,EAIL,KAAK,sBAAsB,EAC5B,MAAM,iBAAiB,CAAC;AAyBzB,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC;IACtC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,UAAU,EAAE,cAAc,CAAC;IACpC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;CACzB;AAID;;;;;;;;;8EAS8E;AAC9E,eAAO,MAAM,gBAAgB,GAAI,SAAS,MAAM,KAAG,iBAAiB,GAAG,IAyBtE,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAC5B,OAAO,KAAK,EACZ,aAAa,eAAe,EAC5B,YAAY,cAAc,KACzB,iBACgF,CAAC;AAEpF,eAAO,MAAM,WAAW,GACtB,OAAO,KAAK,EACZ,aAAa,eAAe,EAC5B,YAAY,cAAc,EAC1B,MAAM,QAAQ,KACb,WACkF,CAAC;AAkBtF,MAAM,MAAM,QAAQ,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,GAAG,SAAS,EAAE,IAAI;IAC1E,QAAQ,CAAC,YAAY,EAAE;QACrB,QAAQ,CAAC,IAAI,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,WAAW,EAAE,EAAE,cAAc,CAAC,CAAC;QAC3E,QAAQ,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,eAAe,KAAK,MAAM,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,EAAE,cAAc,CAAC,CAAC;QAC3F,QAAQ,CAAC,MAAM,EAAE,CACf,IAAI,EAAE,eAAe,EACrB,KAAK,EAAE;YAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;SAAE,KACrC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,wBAAwB,GAAG,cAAc,CAAC,CAAC;QACpE,QAAQ,CAAC,MAAM,EAAE,CACf,IAAI,EAAE,eAAe,KAClB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,iCAAiC,GAAG,cAAc,CAAC,CAAC;QAC7E,QAAQ,CAAC,MAAM,EAAE,CACf,GAAG,EAAE,MAAM,KACR,MAAM,CAAC,MAAM,CAAC,SAAS,0BAA0B,EAAE,EAAE,cAAc,CAAC,CAAC;KAC3E,CAAC;IAEF,QAAQ,CAAC,WAAW,EAAE;QACpB,QAAQ,CAAC,MAAM,EAAE,CACf,KAAK,EAAE,qBAAqB,KACzB,MAAM,CAAC,MAAM,CAChB,UAAU,EACR,wBAAwB,GACxB,oCAAoC,GACpC,2BAA2B,GAC3B,cAAc,CACjB,CAAC;QACF,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE;YACvB,QAAQ,CAAC,WAAW,CAAC,EAAE,eAAe,CAAC;YACvC,QAAQ,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC;SACxB,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,UAAU,EAAE,EAAE,cAAc,CAAC,CAAC;QAC3D,QAAQ,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,aAAa,KAAK,MAAM,CAAC,MAAM,CAAC,UAAU,GAAG,IAAI,EAAE,cAAc,CAAC,CAAC;QACvF,QAAQ,CAAC,MAAM,EAAE,CACf,GAAG,EAAE,aAAa,KACf,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,uBAAuB,GAAG,cAAc,CAAC,CAAC;QACnE,QAAQ,CAAC,OAAO,EAAE,CAChB,GAAG,EAAE,aAAa,KACf,MAAM,CAAC,MAAM,CAChB,SAAS,IAAI,EAAE,EACf,uBAAuB,GAAG,wBAAwB,GAAG,cAAc,CACpE,CAAC;KACH,CAAC;IAEF;uDACmD;IACnD,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAE7B,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,cAAc,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,EAAE,cAAc,CAAC,CAAC;QAC3F,QAAQ,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,MAAM,CAAC,MAAM,CAAC,cAAc,GAAG,IAAI,EAAE,cAAc,CAAC,CAAC;KACjG,CAAC;IAEF,QAAQ,CAAC,SAAS,EAAE;QAClB,QAAQ,CAAC,IAAI,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,WAAW,EAAE,CAAC,CAAC;QAC3D,QAAQ,CAAC,KAAK,EAAE,CAAC,GAAG,EAAE,WAAW,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,aAAa,EAAE,EAAE,cAAc,CAAC,CAAC;KAC/F,CAAC;IAEF,QAAQ,CAAC,QAAQ,EAAE;QACjB,QAAQ,CAAC,IAAI,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,UAAU,EAAE,EAAE,cAAc,CAAC,CAAC;QAC1E,QAAQ,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,qBAAqB,KAAK,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC7F,QAAQ,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,qBAAqB,KAAK,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC7F,QAAQ,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,qBAAqB,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;QACvF,QAAQ,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;KAC5F,CAAC;IAEF,QAAQ,CAAC,OAAO,EAAE,CAChB,OAAO,EAAE,WAAW,EACpB,IAAI,EAAE,OAAO,EACb,OAAO,CAAC,EAAE,aAAa,KACpB,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAE1C,QAAQ,CAAC,KAAK,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;CAC3D,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;AAE/B,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CACnF;AAED,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;AAEvD,MAAM,MAAM,iBAAiB,GAAG,CAAC,MAAM,EAAE;IACvC,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC;CAC7B,KAAK,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;AAEvE,MAAM,WAAW,cAAc,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,GAAG,SAAS,EAAE;IACjF;gBACY;IACZ,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,8EAA8E;IAC9E,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,EAAE,CAAC,EAAE,eAAe,GAAG,iBAAiB,CAAC;IAClD;;;;;OAKG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC;IAC3B,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC;IAC5B;;6EAEyE;IACzE,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,kBAAkB,EAAE,CAAC;IACnD;;;OAGG;IACH,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IAC9D;;;;;;OAMG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,sBAAsB,CAAC,EAAE,sBAAsB,CAAC;IACzD;;;OAGG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE;QACnB,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;QAC7B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,CAAC;KACrC,CAAC;CACH;AAQD,eAAO,MAAM,aAAa,QAAO,UAGhC,CAAC;AA0xBF,eAAO,MAAM,cAAc,GAAI,KAAK,CAAC,QAAQ,SAAS,SAAS,SAAS,EAAE,GAAG,SAAS,EAAE,EACtF,QAAQ,cAAc,CAAC,QAAQ,CAAC,KAC/B,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,cAAc,CAo6D/C,CAAC"}
|
package/dist/host-internal.js
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
|
+
import {
|
|
2
|
+
createExecutorFumaDb
|
|
3
|
+
} from "./chunk-I3X6242Q.js";
|
|
1
4
|
import {
|
|
2
5
|
OAUTH2_DEFAULT_TIMEOUT_MS,
|
|
3
6
|
assertSupportedOAuthEndpointUrl
|
|
4
7
|
} from "./chunk-EIHWBY6T.js";
|
|
5
|
-
import {
|
|
6
|
-
createExecutorFumaDb
|
|
7
|
-
} from "./chunk-777N6JVG.js";
|
|
8
8
|
import "./chunk-7D4SUZUM.js";
|
|
9
9
|
|
|
10
10
|
// src/hosted-http-client.ts
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import { Schema } from "effect";
|
|
2
|
+
import type { AuthMethodDescriptor } from "../integration";
|
|
3
|
+
/** The canonical input variable of single-credential methods. A placement
|
|
4
|
+
* with no `variable` renders from it, and core resolves a connection created
|
|
5
|
+
* with a bare `{ value }` into `{ token: value }`. */
|
|
6
|
+
export declare const TOKEN_VARIABLE = "token";
|
|
7
|
+
export declare const AuthCarrier: Schema.Literals<readonly ["header", "query"]>;
|
|
8
|
+
export type AuthCarrier = typeof AuthCarrier.Type;
|
|
9
|
+
/** One spot on the outbound request a method writes to.
|
|
10
|
+
*
|
|
11
|
+
* Credential placement: renders `prefix + values[variable ?? "token"]`.
|
|
12
|
+
* Two placements naming the same variable share one credential input; a
|
|
13
|
+
* placement naming its own variable gets its own input (e.g. Datadog's two
|
|
14
|
+
* keys).
|
|
15
|
+
*
|
|
16
|
+
* Literal placement (`literal` set): renders the literal verbatim and
|
|
17
|
+
* references no credential — static values a method carries alongside its
|
|
18
|
+
* credential (e.g. a fixed version header). */
|
|
19
|
+
export declare const AuthPlacement: Schema.Struct<{
|
|
20
|
+
readonly carrier: Schema.Literals<readonly ["header", "query"]>;
|
|
21
|
+
/** Header name (e.g. `Authorization`) or query-param name (e.g. `token`). */
|
|
22
|
+
readonly name: Schema.String;
|
|
23
|
+
/** Literal prepended to the credential value, e.g. `Bearer `. */
|
|
24
|
+
readonly prefix: Schema.optional<Schema.String>;
|
|
25
|
+
/** The credential input this placement renders from. Absent ⇒ `token`. */
|
|
26
|
+
readonly variable: Schema.optional<Schema.String>;
|
|
27
|
+
/** Render this exact value instead of a credential. */
|
|
28
|
+
readonly literal: Schema.optional<Schema.String>;
|
|
29
|
+
}>;
|
|
30
|
+
export type AuthPlacement = typeof AuthPlacement.Type;
|
|
31
|
+
export declare const ApiKeyAuthMethod: Schema.Struct<{
|
|
32
|
+
readonly slug: Schema.String;
|
|
33
|
+
readonly kind: Schema.Literal<"apikey">;
|
|
34
|
+
/** Display label; derived from the first placement when absent. */
|
|
35
|
+
readonly label: Schema.optional<Schema.String>;
|
|
36
|
+
readonly placements: Schema.$Array<Schema.Struct<{
|
|
37
|
+
readonly carrier: Schema.Literals<readonly ["header", "query"]>;
|
|
38
|
+
/** Header name (e.g. `Authorization`) or query-param name (e.g. `token`). */
|
|
39
|
+
readonly name: Schema.String;
|
|
40
|
+
/** Literal prepended to the credential value, e.g. `Bearer `. */
|
|
41
|
+
readonly prefix: Schema.optional<Schema.String>;
|
|
42
|
+
/** The credential input this placement renders from. Absent ⇒ `token`. */
|
|
43
|
+
readonly variable: Schema.optional<Schema.String>;
|
|
44
|
+
/** Render this exact value instead of a credential. */
|
|
45
|
+
readonly literal: Schema.optional<Schema.String>;
|
|
46
|
+
}>>;
|
|
47
|
+
}>;
|
|
48
|
+
export type ApiKeyAuthMethod = typeof ApiKeyAuthMethod.Type;
|
|
49
|
+
/** An open integration — connections carry no credential. */
|
|
50
|
+
export declare const NoneAuthMethod: Schema.Struct<{
|
|
51
|
+
readonly slug: Schema.String;
|
|
52
|
+
readonly kind: Schema.Literal<"none">;
|
|
53
|
+
}>;
|
|
54
|
+
export type NoneAuthMethod = typeof NoneAuthMethod.Type;
|
|
55
|
+
export interface RenderedAuthPlacements {
|
|
56
|
+
readonly headers: Record<string, string>;
|
|
57
|
+
readonly queryParams: Record<string, string>;
|
|
58
|
+
}
|
|
59
|
+
/** Render a method's placements with a connection's resolved values. Total:
|
|
60
|
+
* a credential placement whose variable resolved to nothing is skipped —
|
|
61
|
+
* callers own their missing-value policy (fail the invocation, dial
|
|
62
|
+
* unauthenticated, …) and should gate on `requiredPlacementVariables`. */
|
|
63
|
+
export declare const renderAuthPlacements: (placements: readonly AuthPlacement[], values: Record<string, string | null>) => RenderedAuthPlacements;
|
|
64
|
+
/** The distinct credential inputs a method's placements reference — what a
|
|
65
|
+
* connection must supply. Literal placements reference none. */
|
|
66
|
+
export declare const requiredPlacementVariables: (placements: readonly AuthPlacement[]) => readonly string[];
|
|
67
|
+
/** The conventional rendering of an OAuth access token, as a placement — for
|
|
68
|
+
* plugins whose oauth method applies the token as a plain (possibly
|
|
69
|
+
* customized) header. The token is always the `token` input. */
|
|
70
|
+
export declare const oauthBearerPlacement: (header?: string, prefix?: string) => AuthPlacement;
|
|
71
|
+
/** Assign each method a stable slug: a caller-provided one wins, otherwise
|
|
72
|
+
* `defaultSlugFor(method)`, suffixed `_2`, `_3`, … on collision. */
|
|
73
|
+
export declare const normalizeAuthMethodSlugs: <T extends {
|
|
74
|
+
readonly slug?: string | undefined;
|
|
75
|
+
}>(methods: readonly T[], defaultSlugFor: (method: T) => string) => readonly (T & {
|
|
76
|
+
readonly slug: string;
|
|
77
|
+
})[];
|
|
78
|
+
export declare const apiKeyMethodLabel: (method: ApiKeyAuthMethod) => string;
|
|
79
|
+
export declare const describeApiKeyAuthMethod: (method: ApiKeyAuthMethod) => AuthMethodDescriptor;
|
|
80
|
+
export declare const describeNoneAuthMethod: (slug: string) => AuthMethodDescriptor;
|
|
81
|
+
//# sourceMappingURL=auth-method.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-method.d.ts","sourceRoot":"","sources":["../../src/http-auth/auth-method.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChC,OAAO,KAAK,EAAE,oBAAoB,EAA2B,MAAM,gBAAgB,CAAC;AAuBpF;;uDAEuD;AACvD,eAAO,MAAM,cAAc,UAAU,CAAC;AAEtC,eAAO,MAAM,WAAW,+CAAuC,CAAC;AAChE,MAAM,MAAM,WAAW,GAAG,OAAO,WAAW,CAAC,IAAI,CAAC;AAElD;;;;;;;;;gDASgD;AAChD,eAAO,MAAM,aAAa;;IAExB,6EAA6E;;IAE7E,iEAAiE;;IAEjE,0EAA0E;;IAE1E,uDAAuD;;EAEvD,CAAC;AACH,MAAM,MAAM,aAAa,GAAG,OAAO,aAAa,CAAC,IAAI,CAAC;AAEtD,eAAO,MAAM,gBAAgB;;;IAG3B,mEAAmE;;;;QAdnE,6EAA6E;;QAE7E,iEAAiE;;QAEjE,0EAA0E;;QAE1E,uDAAuD;;;EAWvD,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,OAAO,gBAAgB,CAAC,IAAI,CAAC;AAE5D,6DAA6D;AAC7D,eAAO,MAAM,cAAc;;;EAGzB,CAAC;AACH,MAAM,MAAM,cAAc,GAAG,OAAO,cAAc,CAAC,IAAI,CAAC;AAMxD,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9C;AAYD;;;2EAG2E;AAC3E,eAAO,MAAM,oBAAoB,GAC/B,YAAY,SAAS,aAAa,EAAE,EACpC,QAAQ,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,KACpC,sBAUF,CAAC;AAEF;iEACiE;AACjE,eAAO,MAAM,0BAA0B,GACrC,YAAY,SAAS,aAAa,EAAE,KACnC,SAAS,MAAM,EAOjB,CAAC;AAEF;;iEAEiE;AACjE,eAAO,MAAM,oBAAoB,GAAI,SAAS,MAAM,EAAE,SAAS,MAAM,KAAG,aAItE,CAAC;AAOH;qEACqE;AACrE,eAAO,MAAM,wBAAwB,GAAI,CAAC,SAAS;IAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAAE,EACvF,SAAS,SAAS,CAAC,EAAE,EACrB,gBAAgB,CAAC,MAAM,EAAE,CAAC,KAAK,MAAM,KACpC,SAAS,CAAC,CAAC,GAAG;IAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,EAS1C,CAAC;AAQF,eAAO,MAAM,iBAAiB,GAAI,QAAQ,gBAAgB,KAAG,MAM5D,CAAC;AAUF,eAAO,MAAM,wBAAwB,GAAI,QAAQ,gBAAgB,KAAG,oBAMlE,CAAC;AAEH,eAAO,MAAM,sBAAsB,GAAI,MAAM,MAAM,KAAG,oBAKpD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-method.test.d.ts","sourceRoot":"","sources":["../../src/http-auth/auth-method.test.ts"],"names":[],"mappings":""}
|