@gnomondigital/nebulas-kit-core 0.3.1 → 0.4.0

package/README.md

@@ -19,10 +19,49 @@ npm install @gnomondigital/nebulas-kit-core
 | `AUTH0_CLIENT_ID` | For client_credentials, ROP | Auth0 client ID |
 | `AUTH0_CLIENT_SECRET` | For client_credentials, ROP | Auth0 client secret |
 | `AUTH0_A2A_AUDIENCE` | For Auth0 strategies | API audience |
+| `AUTH0_ROP_USERNAME` | For env ROP (`createA2AProxyHandlerFromEnvROP`) | Service user username (server secret) |
+| `AUTH0_ROP_PASSWORD` | For env ROP | Service user password (server secret) |
 | `NEBULAS_API_URL` | For Nebulas | Conversation API base URL |
 | `NEBULAS_API_KEY` | For Nebulas proxy | x-api-key fallback when no session token |
 | `NEBULAS_PROJECT_ID` | For Nebulas | Project ID |
 
+## A2A proxy auth modes (Next.js)
+
+| Mode | When to use | Exports |
+|------|-------------|---------|
+| **Auth0 session** | User signs in with `@auth0/nextjs-auth0`; access token for `AUTH0_A2A_AUDIENCE` comes from the session. | `createA2AProxyHandler`, `createGetHeadersForAuth0`, `handleA2AAuthNextJsPOST` (body ROP, optional) |
+| **Env ROP** | No browser Auth0; a fixed **service user** in env performs Resource Owner Password; token is cached per process. | `createA2AProxyHandlerFromEnvROP`, `createGetHeadersFromEnvROP`, `getCachedAccessTokenFromEnvROP` |
+
+Env ROP example:
+
+```ts
+// app/api/a2a/route.ts
+import { createA2AProxyHandlerFromEnvROP } from "@gnomondigital/nebulas-kit-core";
+
+export const POST = createA2AProxyHandlerFromEnvROP({
+  apiKey: process.env.A2A_API_KEY,
+});
+```
+
+```ts
+// app/api/a2a/config/route.ts
+import type { NextRequest } from "next/server";
+import {
+  handleA2AConfigNextJsGET,
+  createGetHeadersFromEnvROP,
+} from "@gnomondigital/nebulas-kit-core";
+
+const getHeaders = createGetHeadersFromEnvROP({
+  apiKey: process.env.A2A_API_KEY,
+});
+
+export async function GET(request: NextRequest) {
+  return handleA2AConfigNextJsGET(request, { getHeaders });
+}
+```
+
+See `apps/demo_rop` in the monorepo for a full app using env ROP.
+
 ## Usage
 
 ### Client: sendMessageStream

package/dist/a2a-client.d.ts

@@ -2,10 +2,9 @@
  * A2A JSON-RPC client for AI Chat.
  * Communicates with the A2A agent via proxy (configurable endpoint).
  */
+import type { SendMessageStreamOptions } from "./types.js";
 /**
  * Send a message and stream the response via SSE.
  */
-export declare function sendMessageStream(message: string, onDelta: (chunk: string) => void, signal?: AbortSignal, files?: File[], stream?: boolean, sessionId?: string, options?: {
-    endpoint?: string;
-}): Promise<string>;
+export declare function sendMessageStream(message: string, onDelta: (chunk: string) => void, signal?: AbortSignal, files?: File[], stream?: boolean, sessionId?: string, options?: SendMessageStreamOptions): Promise<string>;
 //# sourceMappingURL=a2a-client.d.ts.map

package/dist/a2a-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"a2a-client.d.ts","sourceRoot":"","sources":["../src/a2a-client.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAYH;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,EAChC,MAAM,CAAC,EAAE,WAAW,EACpB,KAAK,CAAC,EAAE,IAAI,EAAE,EACd,MAAM,UAAO,EACb,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC7B,GACA,OAAO,CAAC,MAAM,CAAC,CA4HjB"}
+{"version":3,"file":"a2a-client.d.ts","sourceRoot":"","sources":["../src/a2a-client.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAY3D;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,EAChC,MAAM,CAAC,EAAE,WAAW,EACpB,KAAK,CAAC,EAAE,IAAI,EAAE,EACd,MAAM,UAAO,EACb,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,MAAM,CAAC,CAoIjB"}

package/dist/a2a-client.js

@@ -32,7 +32,15 @@ export async function sendMessageStream(message, onDelta, signal, files, stream
     }
     const method = stream ? "message/stream" : "message/send";
     const messageId = crypto.randomUUID();
-    const headers = { "Content-Type": "application/json" };
+    let extraHeaders = {};
+    if (options?.getHeaders) {
+        const h = options.getHeaders();
+        extraHeaders = h instanceof Promise ? await h : h;
+    }
+    const headers = {
+        ...extraHeaders,
+        "Content-Type": "application/json",
+    };
     const res = await fetch(endpoint, {
         method: "POST",
         headers,

package/dist/index.d.ts

@@ -11,6 +11,7 @@ export { getAuthStrategy, getAuthHeaders, type AuthStrategy, } from "./server/au
 export { exchangePasswordForToken, type ROPAuthRequest, type ROPAuthResponse, } from "./server/auth-handler.js";
 export { createConfigResponse, type ConfigResponse, type AgentCard, type AgentCardCapabilities, } from "./server/config-handler.js";
 export { createA2AExpressRouter, type A2AExpressRouterOptions, } from "./server/express.js";
-export { handleA2ANextJsPOST, handleA2AAuthNextJsPOST, handleA2AConfigNextJsGET, createGetHeadersForAuth0, createA2AProxyHandler, createNebulasProxyHandler, type HandleA2AConfigOptions, type Auth0ClientInterface, type CreateA2AProxyHandlerOptions, type CreateNebulasProxyHandlerOptions, } from "./server/nextjs.js";
+export { handleA2ANextJsPOST, handleA2AAuthNextJsPOST, handleA2AConfigNextJsGET, createGetHeadersForAuth0, createGetHeadersFromEnvROP, createA2AProxyHandler, createA2AProxyHandlerFromEnvROP, createNebulasProxyHandler, type HandleA2AConfigOptions, type Auth0ClientInterface, type CreateA2AProxyHandlerOptions, type CreateA2AProxyHandlerFromEnvROPOptions, type CreateGetHeadersFromEnvROPOptions, type CreateNebulasProxyHandlerOptions, } from "./server/nextjs.js";
+export { getCachedAccessTokenFromEnvROP } from "./server/env-rop-token.js";
 export { handleNebulasProxy, isRefreshTokenInvalid, type NebulasProxyRequest, type NebulasProxyResponse, type NebulasProxyHandlerOptions, } from "./server/nebulas-proxy-handler.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,GAC1B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,wBAAwB,GACzB,MAAM,0BAA0B,CAAC;AAElC,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAE5F,OAAO,EACL,cAAc,EACd,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,mBAAmB,GACzB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,eAAe,EACf,cAAc,EACd,KAAK,YAAY,GAClB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,wBAAwB,EACxB,KAAK,cAAc,EACnB,KAAK,eAAe,GACrB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,oBAAoB,EACpB,KAAK,cAAc,EACnB,KAAK,SAAS,EACd,KAAK,qBAAqB,GAC3B,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,wBAAwB,EACxB,wBAAwB,EACxB,qBAAqB,EACrB,yBAAyB,EACzB,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,EACzB,KAAK,4BAA4B,EACjC,KAAK,gCAAgC,GACtC,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,0BAA0B,GAChC,MAAM,mCAAmC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,GAC1B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,wBAAwB,GACzB,MAAM,0BAA0B,CAAC;AAElC,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAE5F,OAAO,EACL,cAAc,EACd,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,mBAAmB,GACzB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,eAAe,EACf,cAAc,EACd,KAAK,YAAY,GAClB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,wBAAwB,EACxB,KAAK,cAAc,EACnB,KAAK,eAAe,GACrB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,oBAAoB,EACpB,KAAK,cAAc,EACnB,KAAK,SAAS,EACd,KAAK,qBAAqB,GAC3B,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,wBAAwB,EACxB,wBAAwB,EACxB,0BAA0B,EAC1B,qBAAqB,EACrB,+BAA+B,EAC/B,yBAAyB,EACzB,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,EACzB,KAAK,4BAA4B,EACjC,KAAK,sCAAsC,EAC3C,KAAK,iCAAiC,EACtC,KAAK,gCAAgC,GACtC,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,8BAA8B,EAAE,MAAM,2BAA2B,CAAC;AAE3E,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,0BAA0B,GAChC,MAAM,mCAAmC,CAAC"}

package/dist/index.js

@@ -11,5 +11,6 @@ export { exchangePasswordForToken, } from "./server/auth-handler.js";
 export { createConfigResponse, } from "./server/config-handler.js";
 export { createA2AExpressRouter, } from "./server/express.js";
 // Usage: import express from "express"; app.use("/api/a2a", createA2AExpressRouter(express));
-export { handleA2ANextJsPOST, handleA2AAuthNextJsPOST, handleA2AConfigNextJsGET, createGetHeadersForAuth0, createA2AProxyHandler, createNebulasProxyHandler, } from "./server/nextjs.js";
+export { handleA2ANextJsPOST, handleA2AAuthNextJsPOST, handleA2AConfigNextJsGET, createGetHeadersForAuth0, createGetHeadersFromEnvROP, createA2AProxyHandler, createA2AProxyHandlerFromEnvROP, createNebulasProxyHandler, } from "./server/nextjs.js";
+export { getCachedAccessTokenFromEnvROP } from "./server/env-rop-token.js";
 export { handleNebulasProxy, isRefreshTokenInvalid, } from "./server/nebulas-proxy-handler.js";

package/dist/server/auth-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-handler.d.ts","sourceRoot":"","sources":["../../src/server/auth-handler.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,eAAe,CAAC,CA8B1B"}
+{"version":3,"file":"auth-handler.d.ts","sourceRoot":"","sources":["../../src/server/auth-handler.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,eAAe,CAAC,CA+B1B"}

package/dist/server/auth-handler.js

@@ -13,17 +13,18 @@ export async function exchangePasswordForToken(username, password) {
     if (!domain || !clientId || !clientSecret) {
         throw new Error("AUTH0_DOMAIN, AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET required for ROP");
     }
+    const body = new URLSearchParams({
+        grant_type: "password",
+        username,
+        password,
+        client_id: clientId,
+        client_secret: clientSecret,
+        ...(audience && { audience }),
+    });
     const res = await fetch(`https://${domain}/oauth/token`, {
         method: "POST",
         headers: { "Content-Type": "application/x-www-form-urlencoded" },
-        body: new URLSearchParams({
-            grant_type: "password",
-            username,
-            password,
-            client_id: clientId,
-            client_secret: clientSecret,
-            ...(audience && { audience }),
-        }),
+        body: body.toString(),
     });
     if (!res.ok) {
         const body = await res.json().catch(() => ({}));

package/dist/server/config-handler.js

@@ -34,11 +34,11 @@ export async function createConfigResponse(options) {
         return {
             nebulasProjectId,
             agentCard: null,
-            streaming: true,
+            streaming: false,
         };
     }
     const agentCard = await fetchAgentCard(options?.headers);
-    const streaming = agentCard?.capabilities?.streaming ?? true;
+    const streaming = agentCard?.capabilities?.streaming ?? false;
     return {
         nebulasProjectId,
         agentCard: agentCard ?? null,

package/dist/server/env-rop-token.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Cached Auth0 Resource Owner Password token using credentials from environment.
+ * Single service user (AUTH0_ROP_USERNAME / AUTH0_ROP_PASSWORD); shared across requests per process.
+ */
+/**
+ * Returns a valid access token, refreshing from Auth0 when near expiry.
+ * Concurrent callers share a single in-flight refresh.
+ */
+export declare function getCachedAccessTokenFromEnvROP(): Promise<string>;
+//# sourceMappingURL=env-rop-token.d.ts.map

package/dist/server/env-rop-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env-rop-token.d.ts","sourceRoot":"","sources":["../../src/server/env-rop-token.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA8BH;;;GAGG;AACH,wBAAsB,8BAA8B,IAAI,OAAO,CAAC,MAAM,CAAC,CAiBtE"}

package/dist/server/env-rop-token.js

@@ -0,0 +1,37 @@
+/**
+ * Cached Auth0 Resource Owner Password token using credentials from environment.
+ * Single service user (AUTH0_ROP_USERNAME / AUTH0_ROP_PASSWORD); shared across requests per process.
+ */
+import { exchangePasswordForToken } from "./auth-handler.js";
+const EXPIRY_SKEW_MS = 60000;
+let cache = null;
+let refreshPromise = null;
+async function fetchAndCacheToken() {
+    const username = process.env.AUTH0_ROP_USERNAME;
+    const password = process.env.AUTH0_ROP_PASSWORD;
+    if (!username || !password) {
+        throw new Error("AUTH0_ROP_USERNAME and AUTH0_ROP_PASSWORD are required for env ROP token");
+    }
+    const data = await exchangePasswordForToken(username, password);
+    const expiresInSec = data.expires_in ?? 3600;
+    const expiresAtMs = Date.now() + expiresInSec * 1000;
+    cache = { token: data.access_token, expiresAtMs };
+    return data.access_token;
+}
+/**
+ * Returns a valid access token, refreshing from Auth0 when near expiry.
+ * Concurrent callers share a single in-flight refresh.
+ */
+export async function getCachedAccessTokenFromEnvROP() {
+    if (refreshPromise) {
+        return refreshPromise;
+    }
+    if (cache &&
+        Date.now() < cache.expiresAtMs - EXPIRY_SKEW_MS) {
+        return cache.token;
+    }
+    refreshPromise = fetchAndCacheToken().finally(() => {
+        refreshPromise = null;
+    });
+    return refreshPromise;
+}

package/dist/server/nextjs.d.ts

@@ -72,6 +72,24 @@ export interface CreateA2AProxyHandlerOptions {
  *   export const POST = handler;
  */
 export declare function createA2AProxyHandler(options: CreateA2AProxyHandlerOptions): (request: NextRequest) => Promise<Response>;
+export interface CreateGetHeadersFromEnvROPOptions {
+    apiKey?: string;
+}
+/**
+ * Builds Authorization from a cached env-based ROP token (AUTH0_ROP_USERNAME / AUTH0_ROP_PASSWORD).
+ * Optional request parameter reserved for future use (e.g. per-request context).
+ */
+export declare function createGetHeadersFromEnvROP(options?: CreateGetHeadersFromEnvROPOptions): (request?: NextRequest) => Promise<Record<string, string>>;
+export interface CreateA2AProxyHandlerFromEnvROPOptions {
+    apiKey?: string;
+}
+/**
+ * Next.js POST handler for the A2A proxy using env ROP (service user), not Auth0 session.
+ *
+ * Use in app/api/a2a/route.ts:
+ *   export const POST = createA2AProxyHandlerFromEnvROP({ apiKey: process.env.A2A_API_KEY });
+ */
+export declare function createA2AProxyHandlerFromEnvROP(options?: CreateA2AProxyHandlerFromEnvROPOptions): (request: NextRequest) => Promise<Response>;
 /**
  * Options for the Nebulas API proxy handler.
  */

package/dist/server/nextjs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"nextjs.d.ts","sourceRoot":"","sources":["../../src/server/nextjs.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAkB,KAAK,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAiB9E;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,mBAAmB,qBA6B9B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAAC,OAAO,EAAE,WAAW,qBAyBjE;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;;OAGG;IACH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CACxE;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,sBAAsB,qBAcjC;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC;QAAE,IAAI,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IAC7D,cAAc,CACZ,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,OAAO,EACZ,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,GACzB,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC/B;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE;IAChD,KAAK,EAAE,oBAAoB,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,CACF,OAAO,EAAE,WAAW,EACpB,YAAY,CAAC,EAAE,YAAY,KACxB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAoDnC;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,oBAAoB,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,4BAA4B,IAO3C,SAAS,WAAW,uBAuDnD;AAED;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAC/C,KAAK,EAAE,oBAAoB,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,gCAAgC,IAE/E,SAAS,WAAW,EACpB,KAAK;IAAE,MAAM,EAAE,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAA;CAAE,oCAkH/C"}
+{"version":3,"file":"nextjs.d.ts","sourceRoot":"","sources":["../../src/server/nextjs.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAkB,KAAK,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAkB9E;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,mBAAmB,qBA6B9B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAAC,OAAO,EAAE,WAAW,qBAyBjE;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;;OAGG;IACH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CACxE;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,sBAAsB,qBAqBjC;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC;QAAE,IAAI,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IAC7D,cAAc,CACZ,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,OAAO,EACZ,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,GACzB,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC/B;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE;IAChD,KAAK,EAAE,oBAAoB,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,CACF,OAAO,EAAE,WAAW,EACpB,YAAY,CAAC,EAAE,YAAY,KACxB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAoDnC;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,oBAAoB,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,4BAA4B,IAO3C,SAAS,WAAW,uBAuDnD;AAED,MAAM,WAAW,iCAAiC;IAChD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,OAAO,CAAC,EAAE,iCAAiC,GAC1C,CAAC,OAAO,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAsB5D;AAED,MAAM,WAAW,sCAAsC;IACrD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;GAKG;AACH,wBAAgB,+BAA+B,CAC7C,OAAO,CAAC,EAAE,sCAAsC,IAIlB,SAAS,WAAW,uBAiDnD;AAED;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAC/C,KAAK,EAAE,oBAAoB,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,gCAAgC,IAE/E,SAAS,WAAW,EACpB,KAAK;IAAE,MAAM,EAAE,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAA;CAAE,oCAkH/C"}

package/dist/server/nextjs.js

@@ -6,6 +6,7 @@ import { NextResponse } from "next/server";
 import { handleA2AProxy } from "./proxy-handler.js";
 import { handleNebulasProxy, isRefreshTokenInvalid, } from "./nebulas-proxy-handler.js";
 import { exchangePasswordForToken } from "./auth-handler.js";
+import { getCachedAccessTokenFromEnvROP } from "./env-rop-token.js";
 import { createConfigResponse } from "./config-handler.js";
 function headersFromRequest(req) {
     const headers = {};
@@ -76,7 +77,15 @@ export async function handleA2AConfigNextJsGET(request, options) {
     const includeAgentCard = request.nextUrl.searchParams.get("includeAgentCard") !== "false";
     let headers;
     if (options?.getHeaders && includeAgentCard) {
-        headers = await options.getHeaders(request);
+        try {
+            headers = await options.getHeaders(request);
+        }
+        catch (e) {
+            if (e instanceof NextResponse) {
+                return e;
+            }
+            throw e;
+        }
     }
     const config = await createConfigResponse({ includeAgentCard, headers });
     return new Response(JSON.stringify(config), {
@@ -199,6 +208,82 @@ export function createA2AProxyHandler(options) {
         return new Response(null, { status: result.status, headers: responseHeaders });
     };
 }
+/**
+ * Builds Authorization from a cached env-based ROP token (AUTH0_ROP_USERNAME / AUTH0_ROP_PASSWORD).
+ * Optional request parameter reserved for future use (e.g. per-request context).
+ */
+export function createGetHeadersFromEnvROP(options) {
+    return async (_request) => {
+        const headers = {};
+        if (options?.apiKey) {
+            headers["x-api-key"] = options.apiKey;
+        }
+        try {
+            const token = await getCachedAccessTokenFromEnvROP();
+            headers["Authorization"] = `Bearer ${token}`;
+        }
+        catch (err) {
+            console.error("[Env ROP] Failed to get access token:", err);
+            throw new NextResponse(JSON.stringify({
+                error: "Unauthorized",
+                hint: "Check AUTH0_ROP_USERNAME, AUTH0_ROP_PASSWORD, AUTH0_DOMAIN, client credentials, and Auth0 ROP configuration.",
+            }), { status: 401, headers: { "Content-Type": "application/json" } });
+        }
+        return headers;
+    };
+}
+/**
+ * Next.js POST handler for the A2A proxy using env ROP (service user), not Auth0 session.
+ *
+ * Use in app/api/a2a/route.ts:
+ *   export const POST = createA2AProxyHandlerFromEnvROP({ apiKey: process.env.A2A_API_KEY });
+ */
+export function createA2AProxyHandlerFromEnvROP(options) {
+    const getHeaders = createGetHeadersFromEnvROP(options);
+    return async function handler(request) {
+        let authHeaders;
+        try {
+            authHeaders = await getHeaders(request);
+        }
+        catch (err) {
+            if (err instanceof NextResponse) {
+                return err;
+            }
+            throw err;
+        }
+        let body;
+        try {
+            const text = await request.text();
+            body = text.length > 0 ? text : undefined;
+        }
+        catch {
+            return NextResponse.json({ error: "Invalid request body" }, { status: 400 });
+        }
+        const proxyReq = {
+            method: request.method,
+            headers: headersFromRequest(request),
+            body,
+        };
+        const result = await handleA2AProxy(proxyReq, { headers: authHeaders });
+        const responseHeaders = new Headers();
+        for (const [k, v] of Object.entries(result.headers)) {
+            responseHeaders.set(k, v);
+        }
+        if (typeof result.body === "string") {
+            return new Response(result.body, {
+                status: result.status,
+                headers: responseHeaders,
+            });
+        }
+        if (result.body instanceof ReadableStream) {
+            return new Response(result.body, {
+                status: result.status,
+                headers: responseHeaders,
+            });
+        }
+        return new Response(null, { status: result.status, headers: responseHeaders });
+    };
+}
 /**
  * Creates a Next.js App Router handler for the Nebulas API proxy (catch-all [...path]).
  * Proxies requests to NEBULAS_API_URL with Auth0 session token or API key.

package/dist/types.d.ts

@@ -14,14 +14,13 @@ export interface ChatMessagePayload {
     role: "user" | "assistant";
     content: string;
 }
+/** Options for {@link import("./a2a-client.js").sendMessageStream}. */
 export interface SendMessageStreamOptions {
-    endpoint: string;
-    message: string;
-    onDelta: (chunk: string) => void;
-    signal?: AbortSignal;
-    files?: File[];
-    stream?: boolean;
-    sessionId?: string;
-    getHeaders?: () => Promise<Record<string, string>>;
+    endpoint?: string;
+    /**
+     * Extra headers merged before Content-Type (e.g. Authorization Bearer for ROP).
+     * Sync or async; Content-Type is always set to application/json after merge.
+     */
+    getHeaders?: () => Record<string, string> | Promise<Record<string, string>>;
 }
 //# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,GAAG,WAAW,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IACjC,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CACpD"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,GAAG,WAAW,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,uEAAuE;AACvE,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CAC7E"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gnomondigital/nebulas-kit-core",
-  "version": "0.3.1",
+  "version": "0.4.0",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",