npm - @flutchai/flutch-sdk - Versions diffs - 0.2.9 → 0.2.11 - Mend

@flutchai/flutch-sdk 0.2.9 → 0.2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -53,6 +53,7 @@ var path2__namespace = /*#__PURE__*/_interopNamespace(path2);
 var os__namespace = /*#__PURE__*/_interopNamespace(os);
 var net__namespace = /*#__PURE__*/_interopNamespace(net);
 var mongoose__default = /*#__PURE__*/_interopDefault(mongoose);
+var crypto__namespace = /*#__PURE__*/_interopNamespace(crypto);
 var LangGraph__namespace = /*#__PURE__*/_interopNamespace(LangGraph);
 var axios2__default = /*#__PURE__*/_interopDefault(axios2);
@@ -1365,10 +1366,10 @@ exports.AbstractGraphBuilder = class AbstractGraphBuilder {
       return null;
     }
     try {
-      const fs2 = await import('fs/promises');
-      const path3 = await import('path');
-      const manifestFullPath = path3.resolve(this.manifestPath);
-      const manifestContent = await fs2.readFile(manifestFullPath, "utf-8");
+      const fs3 = await import('fs/promises');
+      const path4 = await import('path');
+      const manifestFullPath = path4.resolve(this.manifestPath);
+      const manifestContent = await fs3.readFile(manifestFullPath, "utf-8");
       const manifest = JSON.parse(manifestContent);
       this.manifest = manifest;
       return manifest;
@@ -1387,10 +1388,10 @@ exports.AbstractGraphBuilder = class AbstractGraphBuilder {
       return null;
     }
     try {
-      const fs2 = __require("fs");
-      const path3 = __require("path");
-      const manifestFullPath = path3.resolve(this.manifestPath);
-      const manifestContent = fs2.readFileSync(manifestFullPath, "utf-8");
+      const fs3 = __require("fs");
+      const path4 = __require("path");
+      const manifestFullPath = path4.resolve(this.manifestPath);
+      const manifestContent = fs3.readFileSync(manifestFullPath, "utf-8");
       const manifest = JSON.parse(manifestContent);
       this.manifest = manifest;
       return manifest;
@@ -1430,12 +1431,12 @@ exports.AbstractGraphBuilder = class AbstractGraphBuilder {
     let configSchema = null;
     if (versionConfig.configSchemaPath) {
       try {
-        const fs2 = await import('fs/promises');
+        const fs3 = await import('fs/promises');
         const schemaPath = path2__namespace.resolve(
           process.cwd(),
           versionConfig.configSchemaPath
         );
-        const schemaContent = await fs2.readFile(schemaPath, "utf-8");
+        const schemaContent = await fs3.readFile(schemaPath, "utf-8");
         const schemaData = JSON.parse(schemaContent);
         configSchema = schemaData.schema;
       } catch (error) {
@@ -2847,8 +2848,8 @@ exports.IdempotencyManager = __decorateClass([
 // src/callbacks/smart-callback.router.ts
 exports.SmartCallbackRouter = class SmartCallbackRouter {
-  constructor(registry, store, acl, auditor, metrics, rateLimiter, idempotencyManager, patchService) {
-    this.registry = registry;
+  constructor(registry2, store, acl, auditor, metrics, rateLimiter, idempotencyManager, patchService) {
+    this.registry = registry2;
     this.store = store;
     this.acl = acl;
     this.auditor = auditor;
@@ -3127,8 +3128,8 @@ var UniversalCallbackService = class {
 };
 // src/callbacks/example.callback.ts
-function registerFinanceExampleCallback(registry) {
-  registry.register(
+function registerFinanceExampleCallback(registry2) {
+  registry2.register(
     "example",
     async () => ({
       success: true,
@@ -3653,8 +3654,8 @@ exports.CallbackMetrics = class CallbackMetrics {
   activeCallbacks;
   pendingCallbacks;
   queueSize;
-  constructor(registry) {
-    this.registry = registry ?? new promClient.Registry();
+  constructor(registry2) {
+    this.registry = registry2 ?? new promClient.Registry();
     promClient.collectDefaultMetrics({ register: this.registry });
     this.callbacksTotal = new promClient.Counter({
       name: "graph_callbacks_total",
@@ -5657,7 +5658,7 @@ exports.UniversalGraphModule = class UniversalGraphModule {
       },
       {
         provide: exports.CallbackMetrics,
-        useFactory: (registry) => new exports.CallbackMetrics(registry),
+        useFactory: (registry2) => new exports.CallbackMetrics(registry2),
         inject: ["PROMETHEUS_REGISTRY"]
       },
       {
@@ -5685,8 +5686,8 @@ exports.UniversalGraphModule = class UniversalGraphModule {
       },
       {
         provide: exports.SmartCallbackRouter,
-        useFactory: (registry, store, acl, auditor, metrics, rateLimiter, idempotencyManager, patchService) => new exports.SmartCallbackRouter(
-          registry,
+        useFactory: (registry2, store, acl, auditor, metrics, rateLimiter, idempotencyManager, patchService) => new exports.SmartCallbackRouter(
+          registry2,
           store,
           acl,
           auditor,
@@ -5718,8 +5719,8 @@ exports.UniversalGraphModule = class UniversalGraphModule {
       },
       {
         provide: "CALLBACK_EXAMPLE_REGISTRATION",
-        useFactory: (registry) => {
-          registerFinanceExampleCallback(registry);
+        useFactory: (registry2) => {
+          registerFinanceExampleCallback(registry2);
         },
         inject: [CallbackRegistry]
       },
@@ -5782,8 +5783,8 @@ exports.UniversalGraphModule = class UniversalGraphModule {
       },
       {
         provide: "GRAPH_BUILDERS",
-        useFactory: (registry) => {
-          return registry.getBuilders();
+        useFactory: (registry2) => {
+          return registry2.getBuilders();
         },
         inject: [exports.BuilderRegistryService]
       },
@@ -7325,6 +7326,250 @@ exports.StaticDiscovery = class StaticDiscovery {
 exports.StaticDiscovery = __decorateClass([
   common.Injectable()
 ], exports.StaticDiscovery);
+var ALGORITHM = "aes-256-cbc";
+var IV_LENGTH = 16;
+function encryptTokens(tokens, key) {
+  const iv = crypto__namespace.randomBytes(IV_LENGTH);
+  const cipher = crypto__namespace.createCipheriv(ALGORITHM, Buffer.from(key), iv);
+  const json = JSON.stringify(tokens);
+  let encrypted = cipher.update(json, "utf8", "hex");
+  encrypted += cipher.final("hex");
+  return iv.toString("hex") + ":" + encrypted;
+}
+function decryptTokens(encrypted, key) {
+  const separatorIndex = encrypted.indexOf(":");
+  if (separatorIndex === -1) {
+    throw new Error("Invalid encrypted token format");
+  }
+  const ivHex = encrypted.substring(0, separatorIndex);
+  const encryptedData = encrypted.substring(separatorIndex + 1);
+  const iv = Buffer.from(ivHex, "hex");
+  const decipher = crypto__namespace.createDecipheriv(ALGORITHM, Buffer.from(key), iv);
+  let decrypted = decipher.update(encryptedData, "hex", "utf8");
+  decrypted += decipher.final("utf8");
+  return JSON.parse(decrypted);
+}
+// src/oauth/oauth-token.manager.ts
+var EXPIRY_BUFFER_MS = 6e4;
+var OAuthTokenManager = class {
+  store;
+  encryptionKey;
+  cache = /* @__PURE__ */ new Map();
+  constructor(options) {
+    if (!options.encryptionKey || options.encryptionKey.length < 32) {
+      throw new Error(
+        "OAUTH_ENCRYPTION_KEY must be at least 32 characters for AES-256-CBC"
+      );
+    }
+    this.store = options.store;
+    this.encryptionKey = options.encryptionKey;
+  }
+  /**
+   * Get a fresh access token for the given provider.
+   * Returns from cache → store → refresh flow (in that order).
+   */
+  async getAccessToken(config) {
+    const cached = this.cache.get(config.provider);
+    if (cached && cached.expiresAt > Date.now() + EXPIRY_BUFFER_MS) {
+      return cached.token;
+    }
+    const encrypted = await this.store.get(config.provider);
+    if (!encrypted) {
+      throw new Error(
+        `No OAuth tokens found for "${config.provider}". Complete the OAuth consent flow first and call saveTokens().`
+      );
+    }
+    const tokens = decryptTokens(encrypted, this.encryptionKey);
+    if (tokens.expiresAt > Date.now() + EXPIRY_BUFFER_MS) {
+      this.setCache(config.provider, tokens.accessToken, tokens.expiresAt);
+      return tokens.accessToken;
+    }
+    const refreshed = await this.refreshAccessToken(
+      config,
+      tokens.refreshToken
+    );
+    await this.persistTokens(config.provider, refreshed);
+    return refreshed.accessToken;
+  }
+  /**
+   * Store tokens after the initial OAuth consent flow.
+   * Call this once after the user completes the OAuth redirect.
+   */
+  async saveTokens(provider, tokens) {
+    await this.persistTokens(provider, tokens);
+  }
+  /**
+   * Remove all tokens for a provider.
+   */
+  async revokeTokens(provider) {
+    await this.store.delete(provider);
+    this.cache.delete(provider);
+  }
+  /**
+   * Check if tokens exist for a provider (without decrypting).
+   */
+  async hasTokens(provider) {
+    const encrypted = await this.store.get(provider);
+    return encrypted !== null;
+  }
+  async refreshAccessToken(config, refreshToken) {
+    try {
+      const response = await axios2__default.default.post(
+        config.tokenUrl,
+        new URLSearchParams({
+          grant_type: "refresh_token",
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          refresh_token: refreshToken
+        }).toString(),
+        {
+          headers: { "Content-Type": "application/x-www-form-urlencoded" },
+          timeout: 1e4
+        }
+      );
+      const data = response.data;
+      return {
+        accessToken: data.access_token,
+        // Some providers rotate refresh tokens; keep the old one if not rotated
+        refreshToken: data.refresh_token || refreshToken,
+        expiresAt: Date.now() + (data.expires_in || 3600) * 1e3
+      };
+    } catch (error) {
+      const status = error?.response?.status;
+      const body = error?.response?.data;
+      throw new Error(
+        `OAuth refresh failed for "${config.provider}": ${status || "network error"} ${JSON.stringify(body) || error.message}`
+      );
+    }
+  }
+  async persistTokens(provider, tokens) {
+    const encrypted = encryptTokens(tokens, this.encryptionKey);
+    await this.store.save(provider, encrypted);
+    this.setCache(provider, tokens.accessToken, tokens.expiresAt);
+  }
+  setCache(provider, token, expiresAt) {
+    this.cache.set(provider, { token, expiresAt });
+  }
+};
+// src/oauth/oauth-provider.registry.ts
+var registry = {};
+function loadOAuthProviders(providers) {
+  registry = { ...providers };
+}
+function getOAuthProvider(provider) {
+  const def = registry[provider];
+  if (!def) {
+    throw new Error(`Unknown OAuth provider: ${provider}`);
+  }
+  return def;
+}
+function getOAuthProviderNames() {
+  return Object.keys(registry);
+}
+function resolveOAuthProviderConfig(provider) {
+  const def = getOAuthProvider(provider);
+  const clientId = process.env[def.clientIdEnvVar];
+  const clientSecret = process.env[def.clientSecretEnvVar];
+  if (!clientId) {
+    throw new Error(`Missing env var: ${def.clientIdEnvVar}`);
+  }
+  if (!clientSecret) {
+    throw new Error(`Missing env var: ${def.clientSecretEnvVar}`);
+  }
+  return {
+    provider: def.name,
+    tokenUrl: def.tokenUrl,
+    clientId,
+    clientSecret
+  };
+}
+function buildOAuthAuthorizationUrl(provider, params) {
+  const def = getOAuthProvider(provider);
+  const clientId = process.env[def.clientIdEnvVar];
+  if (!clientId) {
+    throw new Error(`Missing env var: ${def.clientIdEnvVar}`);
+  }
+  const query = new URLSearchParams({
+    client_id: clientId,
+    redirect_uri: params.redirectUri,
+    response_type: "code",
+    state: params.state
+  });
+  if (def.scopes.length > 0) {
+    query.set("scope", def.scopes.join(" "));
+  }
+  return `${def.authorizationUrl}?${query.toString()}`;
+}
+var FileTokenStore = class {
+  constructor(filePath) {
+    this.filePath = filePath;
+  }
+  async get(provider) {
+    const data = this.readFile();
+    return data[provider] ?? null;
+  }
+  async save(provider, encrypted) {
+    const data = this.readFile();
+    data[provider] = encrypted;
+    this.writeFile(data);
+  }
+  async delete(provider) {
+    const data = this.readFile();
+    delete data[provider];
+    this.writeFile(data);
+  }
+  readFile() {
+    try {
+      if (fs__namespace.existsSync(this.filePath)) {
+        const content = fs__namespace.readFileSync(this.filePath, "utf8");
+        return JSON.parse(content);
+      }
+    } catch {
+    }
+    return {};
+  }
+  writeFile(data) {
+    const dir = path2__namespace.dirname(this.filePath);
+    if (!fs__namespace.existsSync(dir)) {
+      fs__namespace.mkdirSync(dir, { recursive: true });
+    }
+    fs__namespace.writeFileSync(this.filePath, JSON.stringify(data, null, 2), "utf8");
+  }
+};
+// src/oauth/stores/mongo-token.store.ts
+var DEFAULT_COLLECTION = "oauth_tokens";
+var MongoTokenStore = class {
+  constructor(db, collectionName) {
+    this.db = db;
+    this.collectionName = collectionName ?? DEFAULT_COLLECTION;
+  }
+  collectionName;
+  initialized = false;
+  async get(provider) {
+    await this.ensureIndex();
+    const doc = await this.db.collection(this.collectionName).findOne({ provider });
+    return doc?.encrypted ?? null;
+  }
+  async save(provider, encrypted) {
+    await this.ensureIndex();
+    await this.db.collection(this.collectionName).updateOne(
+      { provider },
+      { $set: { provider, encrypted, updatedAt: /* @__PURE__ */ new Date() } },
+      { upsert: true }
+    );
+  }
+  async delete(provider) {
+    await this.db.collection(this.collectionName).deleteOne({ provider });
+  }
+  async ensureIndex() {
+    if (this.initialized) return;
+    await this.db.collection(this.collectionName).createIndex({ provider: 1 }, { unique: true });
+    this.initialized = true;
+  }
+};
 exports.AttachmentType = AttachmentType;
 exports.BaseGraphServiceController = exports.GraphController;
@@ -7337,6 +7582,7 @@ exports.ChatFeature = ChatFeature;
 exports.DEFAULT_ATTACHMENT_THRESHOLD = DEFAULT_ATTACHMENT_THRESHOLD;
 exports.DEFAULT_TRACER_OPTIONS = DEFAULT_TRACER_OPTIONS;
 exports.Endpoint = Endpoint;
+exports.FileTokenStore = FileTokenStore;
 exports.GraphEngineType = GraphEngineType;
 exports.GraphManifestSchema = GraphManifestSchema;
 exports.GraphManifestValidator = GraphManifestValidator;
@@ -7347,6 +7593,8 @@ exports.McpToolFilter = McpToolFilter;
 exports.ModelInitializer = ModelInitializer;
 exports.ModelProvider = ModelProvider;
 exports.ModelType = ModelType;
+exports.MongoTokenStore = MongoTokenStore;
+exports.OAuthTokenManager = OAuthTokenManager;
 exports.RetrieverSearchType = RetrieverSearchType;
 exports.StreamChannel = StreamChannel;
 exports.UIEndpoint = UIEndpoint;
@@ -7357,12 +7605,15 @@ exports.WithEndpoints = WithEndpoints;
 exports.WithUIEndpoints = WithUIEndpoints;
 exports._internals = _internals;
 exports.bootstrap = bootstrap;
+exports.buildOAuthAuthorizationUrl = buildOAuthAuthorizationUrl;
 exports.clearAttachmentDataStore = clearAttachmentDataStore;
 exports.createEndpointDescriptors = createEndpointDescriptors;
 exports.createGraphAttachment = createGraphAttachment;
 exports.createMongoClientAdapter = createMongoClientAdapter;
 exports.createStaticMessage = createStaticMessage;
+exports.decryptTokens = decryptTokens;
 exports.dispatchAttachments = dispatchAttachments;
+exports.encryptTokens = encryptTokens;
 exports.executeToolWithAttachments = executeToolWithAttachments;
 exports.findCallbackMethod = findCallbackMethod;
 exports.findEndpointMethod = findEndpointMethod;
@@ -7370,12 +7621,16 @@ exports.generateAttachmentSummary = generateAttachmentSummary;
 exports.getAttachmentData = getAttachmentData;
 exports.getCallbackMetadata = getCallbackMetadata;
 exports.getEndpointMetadata = getEndpointMetadata;
+exports.getOAuthProvider = getOAuthProvider;
+exports.getOAuthProviderNames = getOAuthProviderNames;
 exports.getUIEndpointClassMetadata = getUIEndpointClassMetadata;
 exports.getUIEndpointMethodsMetadata = getUIEndpointMethodsMetadata;
 exports.hasCallbacks = hasCallbacks;
 exports.hasUIEndpoints = hasUIEndpoints;
+exports.loadOAuthProviders = loadOAuthProviders;
 exports.registerFinanceExampleCallback = registerFinanceExampleCallback;
 exports.registerUIEndpointsFromClass = registerUIEndpointsFromClass;
+exports.resolveOAuthProviderConfig = resolveOAuthProviderConfig;
 exports.sanitizeTraceData = sanitizeTraceData;
 exports.storeAttachmentData = storeAttachmentData;
 exports.traceApiCall = traceApiCall;