@graphorin/core 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +27 -0
- package/LICENSE +21 -0
- package/README.md +70 -0
- package/dist/channels/channels.d.ts +156 -0
- package/dist/channels/channels.d.ts.map +1 -0
- package/dist/channels/channels.js +90 -0
- package/dist/channels/channels.js.map +1 -0
- package/dist/channels/directive.d.ts +34 -0
- package/dist/channels/directive.d.ts.map +1 -0
- package/dist/channels/directive.js +29 -0
- package/dist/channels/directive.js.map +1 -0
- package/dist/channels/dispatch.d.ts +26 -0
- package/dist/channels/dispatch.d.ts.map +1 -0
- package/dist/channels/dispatch.js +32 -0
- package/dist/channels/dispatch.js.map +1 -0
- package/dist/channels/index.d.ts +5 -0
- package/dist/channels/index.js +6 -0
- package/dist/channels/pause.d.ts +84 -0
- package/dist/channels/pause.d.ts.map +1 -0
- package/dist/channels/pause.js +90 -0
- package/dist/channels/pause.js.map +1 -0
- package/dist/contracts/auth-token-store.d.ts +45 -0
- package/dist/contracts/auth-token-store.d.ts.map +1 -0
- package/dist/contracts/checkpoint-store.d.ts +90 -0
- package/dist/contracts/checkpoint-store.d.ts.map +1 -0
- package/dist/contracts/embedder.d.ts +45 -0
- package/dist/contracts/embedder.d.ts.map +1 -0
- package/dist/contracts/eval-scorer.d.ts +46 -0
- package/dist/contracts/eval-scorer.d.ts.map +1 -0
- package/dist/contracts/index.d.ts +22 -0
- package/dist/contracts/index.js +6 -0
- package/dist/contracts/local-provider-trust.d.ts +36 -0
- package/dist/contracts/local-provider-trust.d.ts.map +1 -0
- package/dist/contracts/logger.d.ts +53 -0
- package/dist/contracts/logger.d.ts.map +1 -0
- package/dist/contracts/logger.js +21 -0
- package/dist/contracts/logger.js.map +1 -0
- package/dist/contracts/memory-store.d.ts +106 -0
- package/dist/contracts/memory-store.d.ts.map +1 -0
- package/dist/contracts/oauth-server-store.d.ts +81 -0
- package/dist/contracts/oauth-server-store.d.ts.map +1 -0
- package/dist/contracts/preferred-model.d.ts +60 -0
- package/dist/contracts/preferred-model.d.ts.map +1 -0
- package/dist/contracts/preferred-model.js +15 -0
- package/dist/contracts/preferred-model.js.map +1 -0
- package/dist/contracts/provider.d.ts +272 -0
- package/dist/contracts/provider.d.ts.map +1 -0
- package/dist/contracts/reasoning-retention.d.ts +53 -0
- package/dist/contracts/reasoning-retention.d.ts.map +1 -0
- package/dist/contracts/redaction-validator.d.ts +59 -0
- package/dist/contracts/redaction-validator.d.ts.map +1 -0
- package/dist/contracts/sandbox.d.ts +73 -0
- package/dist/contracts/sandbox.d.ts.map +1 -0
- package/dist/contracts/secret-ref.d.ts +26 -0
- package/dist/contracts/secret-ref.d.ts.map +1 -0
- package/dist/contracts/secret-value.d.ts +112 -0
- package/dist/contracts/secret-value.d.ts.map +1 -0
- package/dist/contracts/secret-value.js +24 -0
- package/dist/contracts/secret-value.js.map +1 -0
- package/dist/contracts/secrets-store.d.ts +87 -0
- package/dist/contracts/secrets-store.d.ts.map +1 -0
- package/dist/contracts/session-store.d.ts +142 -0
- package/dist/contracts/session-store.d.ts.map +1 -0
- package/dist/contracts/token-counter.d.ts +28 -0
- package/dist/contracts/token-counter.d.ts.map +1 -0
- package/dist/contracts/tool.d.ts +264 -0
- package/dist/contracts/tool.d.ts.map +1 -0
- package/dist/contracts/tracer.d.ts +84 -0
- package/dist/contracts/tracer.d.ts.map +1 -0
- package/dist/contracts/tracer.js +34 -0
- package/dist/contracts/tracer.js.map +1 -0
- package/dist/contracts/trigger-store.d.ts +43 -0
- package/dist/contracts/trigger-store.d.ts.map +1 -0
- package/dist/index.d.ts +59 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +38 -0
- package/dist/index.js.map +1 -0
- package/dist/types/agent-event.d.ts +449 -0
- package/dist/types/agent-event.d.ts.map +1 -0
- package/dist/types/handoff.d.ts +112 -0
- package/dist/types/handoff.d.ts.map +1 -0
- package/dist/types/index.d.ts +13 -0
- package/dist/types/index.js +6 -0
- package/dist/types/memory.d.ts +354 -0
- package/dist/types/memory.d.ts.map +1 -0
- package/dist/types/message.d.ts +162 -0
- package/dist/types/message.d.ts.map +1 -0
- package/dist/types/run.d.ts +155 -0
- package/dist/types/run.d.ts.map +1 -0
- package/dist/types/run.js +31 -0
- package/dist/types/run.js.map +1 -0
- package/dist/types/sensitivity.d.ts +35 -0
- package/dist/types/sensitivity.d.ts.map +1 -0
- package/dist/types/sensitivity.js +29 -0
- package/dist/types/sensitivity.js.map +1 -0
- package/dist/types/session-scope.d.ts +22 -0
- package/dist/types/session-scope.d.ts.map +1 -0
- package/dist/types/stop-condition.d.ts +62 -0
- package/dist/types/stop-condition.d.ts.map +1 -0
- package/dist/types/stop-condition.js +81 -0
- package/dist/types/stop-condition.js.map +1 -0
- package/dist/types/tool-call.d.ts +27 -0
- package/dist/types/tool-call.d.ts.map +1 -0
- package/dist/types/tool.d.ts +260 -0
- package/dist/types/tool.d.ts.map +1 -0
- package/dist/types/usage.d.ts +82 -0
- package/dist/types/usage.d.ts.map +1 -0
- package/dist/types/usage.js +17 -0
- package/dist/types/usage.js.map +1 -0
- package/dist/types/workflow-event.d.ts +108 -0
- package/dist/types/workflow-event.d.ts.map +1 -0
- package/dist/utils/assert-never.d.ts +26 -0
- package/dist/utils/assert-never.d.ts.map +1 -0
- package/dist/utils/assert-never.js +29 -0
- package/dist/utils/assert-never.js.map +1 -0
- package/dist/utils/async-context.d.ts +37 -0
- package/dist/utils/async-context.d.ts.map +1 -0
- package/dist/utils/async-context.js +33 -0
- package/dist/utils/async-context.js.map +1 -0
- package/dist/utils/hash.d.ts +30 -0
- package/dist/utils/hash.d.ts.map +1 -0
- package/dist/utils/hash.js +102 -0
- package/dist/utils/hash.js.map +1 -0
- package/dist/utils/index.d.ts +6 -0
- package/dist/utils/index.js +7 -0
- package/dist/utils/streams.d.ts +59 -0
- package/dist/utils/streams.d.ts.map +1 -0
- package/dist/utils/streams.js +169 -0
- package/dist/utils/streams.js.map +1 -0
- package/dist/utils/validation.d.ts +67 -0
- package/dist/utils/validation.d.ts.map +1 -0
- package/dist/utils/validation.js +36 -0
- package/dist/utils/validation.js.map +1 -0
- package/package.json +82 -0
|
@@ -0,0 +1,112 @@
|
|
|
1
|
+
//#region src/contracts/secret-value.d.ts
|
|
2
|
+
/**
|
|
3
|
+
* Cross-realm symbol used to brand `SecretValue` instances. Implementations
|
|
4
|
+
* (e.g. the wrapper class shipped from `@graphorin/security`) attach this
|
|
5
|
+
* symbol so that `isSecretValue(...)` works across realms (Worker threads,
|
|
6
|
+
* sandboxes, etc.).
|
|
7
|
+
*
|
|
8
|
+
* @stable
|
|
9
|
+
*/
|
|
10
|
+
declare const SECRET_VALUE_BRAND: unique symbol;
|
|
11
|
+
/**
|
|
12
|
+
* Well-known symbol used by `node:util.inspect()` to format the wrapper.
|
|
13
|
+
* Re-exported here so downstream packages can reference it without taking
|
|
14
|
+
* an unconditional dependency on `node:util`.
|
|
15
|
+
*
|
|
16
|
+
* Equivalent to `Symbol.for('nodejs.util.inspect.custom')`.
|
|
17
|
+
*
|
|
18
|
+
* @stable
|
|
19
|
+
*/
|
|
20
|
+
declare const NODEJS_INSPECT_CUSTOM: unique symbol;
|
|
21
|
+
/**
|
|
22
|
+
* Runtime-safe wrapper around an opaque secret (API key, token, password).
|
|
23
|
+
*
|
|
24
|
+
* The shape declared here is the **interface contract**: the concrete
|
|
25
|
+
* wrapper class lives in `@graphorin/security`. Downstream packages typing
|
|
26
|
+
* a parameter as `SecretValue` therefore avoid taking a security
|
|
27
|
+
* dependency.
|
|
28
|
+
*
|
|
29
|
+
* Note: `SecretValue` is **not** a TypeScript branded primitive — it is
|
|
30
|
+
* a full wrapper class with explicit leakage barriers
|
|
31
|
+
* (`Symbol.toPrimitive`, `toJSON`, `[nodejs.util.inspect.custom]`, …).
|
|
32
|
+
* Any conforming implementation must ensure that:
|
|
33
|
+
*
|
|
34
|
+
* - String coercion (`String(s)`, `` `${s}` ``, `s + ''`, …) yields a
|
|
35
|
+
* redacted placeholder, **not** the underlying value.
|
|
36
|
+
* - JSON serialization (`JSON.stringify({ apiKey: s })`) yields a
|
|
37
|
+
* redacted placeholder.
|
|
38
|
+
* - Inspector output (`util.inspect(s)`) yields
|
|
39
|
+
* `'SecretValue([REDACTED])'`.
|
|
40
|
+
* - The underlying value is only reachable through `.use(fn)`,
|
|
41
|
+
* `.useBuffer(fn)` or the audited `.reveal()` escape hatch.
|
|
42
|
+
*
|
|
43
|
+
* @stable
|
|
44
|
+
*/
|
|
45
|
+
interface SecretValue {
|
|
46
|
+
/** Number of bytes in the wrapped value. Safe to log. */
|
|
47
|
+
readonly length: number;
|
|
48
|
+
/**
|
|
49
|
+
* Run `fn` with the unwrapped string and return its result. Preferred
|
|
50
|
+
* over `.reveal()` because it scopes the unwrapped value to a single
|
|
51
|
+
* synchronous / asynchronous turn.
|
|
52
|
+
*/
|
|
53
|
+
use<T>(fn: (raw: string) => T | Promise<T>): Promise<T>;
|
|
54
|
+
/**
|
|
55
|
+
* Run `fn` with the unwrapped value as a `Buffer`. Useful for binary
|
|
56
|
+
* secrets (encryption keys, HMAC keys) where round-tripping through a
|
|
57
|
+
* V8 string would defeat the wrapper's hygiene.
|
|
58
|
+
*/
|
|
59
|
+
useBuffer<T>(fn: (buf: Buffer) => T | Promise<T>): Promise<T>;
|
|
60
|
+
/**
|
|
61
|
+
* One-shot reveal as a string. Audited by the implementation. Prefer
|
|
62
|
+
* `.use(fn)` whenever possible.
|
|
63
|
+
*/
|
|
64
|
+
reveal(): string;
|
|
65
|
+
/**
|
|
66
|
+
* Best-effort zeroization of the underlying buffer. Does not affect
|
|
67
|
+
* derived V8 strings already created via `.use(fn)` / `.reveal()`.
|
|
68
|
+
*/
|
|
69
|
+
dispose(): void;
|
|
70
|
+
/** Cross-realm brand. Implementations set this to `SECRET_VALUE_BRAND`. */
|
|
71
|
+
readonly [SECRET_VALUE_BRAND]: true;
|
|
72
|
+
/** Leakage barrier for ToPrimitive coercion. Returns the placeholder. */
|
|
73
|
+
[Symbol.toPrimitive](hint: string): string | number;
|
|
74
|
+
/** Leakage barrier for `JSON.stringify(...)`. Returns the placeholder. */
|
|
75
|
+
toJSON(): string;
|
|
76
|
+
/**
|
|
77
|
+
* Leakage barrier for `node:util.inspect(...)`. Returns the placeholder
|
|
78
|
+
* (`'SecretValue([REDACTED])'`) so that REPL / `console.log` /
|
|
79
|
+
* structured-logger output never reveals the underlying value.
|
|
80
|
+
*/
|
|
81
|
+
[NODEJS_INSPECT_CUSTOM](depth?: number, opts?: unknown, inspect?: unknown): string;
|
|
82
|
+
}
|
|
83
|
+
/**
|
|
84
|
+
* Static helpers expected on every concrete `SecretValue` constructor.
|
|
85
|
+
*
|
|
86
|
+
* @stable
|
|
87
|
+
*/
|
|
88
|
+
interface SecretValueStatic {
|
|
89
|
+
/** Cross-realm safe type guard. */
|
|
90
|
+
isSecretValue(value: unknown): value is SecretValue;
|
|
91
|
+
/** Constant-time equality. */
|
|
92
|
+
timingSafeEquals(a: SecretValue, b: SecretValue): boolean;
|
|
93
|
+
/** Construct from a plain string. */
|
|
94
|
+
fromString(raw: string, opts?: SecretValueOptions): SecretValue;
|
|
95
|
+
/** Construct from a Node.js `Buffer`. */
|
|
96
|
+
fromBuffer(buf: Buffer, opts?: SecretValueOptions): SecretValue;
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* Optional metadata attached to a freshly constructed `SecretValue`.
|
|
100
|
+
*
|
|
101
|
+
* @stable
|
|
102
|
+
*/
|
|
103
|
+
interface SecretValueOptions {
|
|
104
|
+
/** Free-form provenance string for the audit log. */
|
|
105
|
+
readonly source?: {
|
|
106
|
+
readonly resolver?: string;
|
|
107
|
+
readonly ref?: string;
|
|
108
|
+
};
|
|
109
|
+
}
|
|
110
|
+
//#endregion
|
|
111
|
+
export { NODEJS_INSPECT_CUSTOM, SECRET_VALUE_BRAND, SecretValue, SecretValueOptions, SecretValueStatic };
|
|
112
|
+
//# sourceMappingURL=secret-value.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret-value.d.ts","names":[],"sources":["../../src/contracts/secret-value.ts"],"sourcesContent":[],"mappings":";;AAQA;AAWA;AA0BA;;;;;AAS+C,cA9ClC,kBA8CkC,EAAA,OAAA,MAAA;;;;;;;;;AA2C/C;AAE0C,cAhF7B,qBAgF6B,EAAA,OAAA,MAAA;;;;;;;;;AAc1C;;;;;;;;;;;;;;;;UApEiB,WAAA;;;;;;;;8BASa,IAAI,QAAQ,KAAK,QAAQ;;;;;;yBAO9B,WAAW,IAAI,QAAQ,KAAK,QAAQ;;;;;;;;;;;;YAejD,kBAAA;;;;;;;;;;;;;;;;;UAqBK,iBAAA;;0CAEyB;;sBAEpB,gBAAgB;;iCAEL,qBAAqB;;kBAEpC,eAAe,qBAAqB;;;;;;;UAQrC,kBAAA"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
//#region src/contracts/secret-value.ts
|
|
2
|
+
/**
|
|
3
|
+
* Cross-realm symbol used to brand `SecretValue` instances. Implementations
|
|
4
|
+
* (e.g. the wrapper class shipped from `@graphorin/security`) attach this
|
|
5
|
+
* symbol so that `isSecretValue(...)` works across realms (Worker threads,
|
|
6
|
+
* sandboxes, etc.).
|
|
7
|
+
*
|
|
8
|
+
* @stable
|
|
9
|
+
*/
|
|
10
|
+
const SECRET_VALUE_BRAND = Symbol.for("graphorin.SecretValue");
|
|
11
|
+
/**
|
|
12
|
+
* Well-known symbol used by `node:util.inspect()` to format the wrapper.
|
|
13
|
+
* Re-exported here so downstream packages can reference it without taking
|
|
14
|
+
* an unconditional dependency on `node:util`.
|
|
15
|
+
*
|
|
16
|
+
* Equivalent to `Symbol.for('nodejs.util.inspect.custom')`.
|
|
17
|
+
*
|
|
18
|
+
* @stable
|
|
19
|
+
*/
|
|
20
|
+
const NODEJS_INSPECT_CUSTOM = Symbol.for("nodejs.util.inspect.custom");
|
|
21
|
+
|
|
22
|
+
//#endregion
|
|
23
|
+
export { NODEJS_INSPECT_CUSTOM, SECRET_VALUE_BRAND };
|
|
24
|
+
//# sourceMappingURL=secret-value.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret-value.js","names":["SECRET_VALUE_BRAND: unique symbol","NODEJS_INSPECT_CUSTOM: unique symbol"],"sources":["../../src/contracts/secret-value.ts"],"sourcesContent":["/**\n * Cross-realm symbol used to brand `SecretValue` instances. Implementations\n * (e.g. the wrapper class shipped from `@graphorin/security`) attach this\n * symbol so that `isSecretValue(...)` works across realms (Worker threads,\n * sandboxes, etc.).\n *\n * @stable\n */\nexport const SECRET_VALUE_BRAND: unique symbol = Symbol.for('graphorin.SecretValue');\n\n/**\n * Well-known symbol used by `node:util.inspect()` to format the wrapper.\n * Re-exported here so downstream packages can reference it without taking\n * an unconditional dependency on `node:util`.\n *\n * Equivalent to `Symbol.for('nodejs.util.inspect.custom')`.\n *\n * @stable\n */\nexport const NODEJS_INSPECT_CUSTOM: unique symbol = Symbol.for('nodejs.util.inspect.custom');\n\n/**\n * Runtime-safe wrapper around an opaque secret (API key, token, password).\n *\n * The shape declared here is the **interface contract**: the concrete\n * wrapper class lives in `@graphorin/security`. Downstream packages typing\n * a parameter as `SecretValue` therefore avoid taking a security\n * dependency.\n *\n * Note: `SecretValue` is **not** a TypeScript branded primitive — it is\n * a full wrapper class with explicit leakage barriers\n * (`Symbol.toPrimitive`, `toJSON`, `[nodejs.util.inspect.custom]`, …).\n * Any conforming implementation must ensure that:\n *\n * - String coercion (`String(s)`, `` `${s}` ``, `s + ''`, …) yields a\n * redacted placeholder, **not** the underlying value.\n * - JSON serialization (`JSON.stringify({ apiKey: s })`) yields a\n * redacted placeholder.\n * - Inspector output (`util.inspect(s)`) yields\n * `'SecretValue([REDACTED])'`.\n * - The underlying value is only reachable through `.use(fn)`,\n * `.useBuffer(fn)` or the audited `.reveal()` escape hatch.\n *\n * @stable\n */\nexport interface SecretValue {\n /** Number of bytes in the wrapped value. Safe to log. */\n readonly length: number;\n\n /**\n * Run `fn` with the unwrapped string and return its result. Preferred\n * over `.reveal()` because it scopes the unwrapped value to a single\n * synchronous / asynchronous turn.\n */\n use<T>(fn: (raw: string) => T | Promise<T>): Promise<T>;\n\n /**\n * Run `fn` with the unwrapped value as a `Buffer`. Useful for binary\n * secrets (encryption keys, HMAC keys) where round-tripping through a\n * V8 string would defeat the wrapper's hygiene.\n */\n useBuffer<T>(fn: (buf: Buffer) => T | Promise<T>): Promise<T>;\n\n /**\n * One-shot reveal as a string. Audited by the implementation. Prefer\n * `.use(fn)` whenever possible.\n */\n reveal(): string;\n\n /**\n * Best-effort zeroization of the underlying buffer. Does not affect\n * derived V8 strings already created via `.use(fn)` / `.reveal()`.\n */\n dispose(): void;\n\n /** Cross-realm brand. Implementations set this to `SECRET_VALUE_BRAND`. */\n readonly [SECRET_VALUE_BRAND]: true;\n\n /** Leakage barrier for ToPrimitive coercion. Returns the placeholder. */\n [Symbol.toPrimitive](hint: string): string | number;\n\n /** Leakage barrier for `JSON.stringify(...)`. Returns the placeholder. */\n toJSON(): string;\n\n /**\n * Leakage barrier for `node:util.inspect(...)`. Returns the placeholder\n * (`'SecretValue([REDACTED])'`) so that REPL / `console.log` /\n * structured-logger output never reveals the underlying value.\n */\n [NODEJS_INSPECT_CUSTOM](depth?: number, opts?: unknown, inspect?: unknown): string;\n}\n\n/**\n * Static helpers expected on every concrete `SecretValue` constructor.\n *\n * @stable\n */\nexport interface SecretValueStatic {\n /** Cross-realm safe type guard. */\n isSecretValue(value: unknown): value is SecretValue;\n /** Constant-time equality. */\n timingSafeEquals(a: SecretValue, b: SecretValue): boolean;\n /** Construct from a plain string. */\n fromString(raw: string, opts?: SecretValueOptions): SecretValue;\n /** Construct from a Node.js `Buffer`. */\n fromBuffer(buf: Buffer, opts?: SecretValueOptions): SecretValue;\n}\n\n/**\n * Optional metadata attached to a freshly constructed `SecretValue`.\n *\n * @stable\n */\nexport interface SecretValueOptions {\n /** Free-form provenance string for the audit log. */\n readonly source?: { readonly resolver?: string; readonly ref?: string };\n}\n"],"mappings":";;;;;;;;;AAQA,MAAaA,qBAAoC,OAAO,IAAI,wBAAwB;;;;;;;;;;AAWpF,MAAaC,wBAAuC,OAAO,IAAI,6BAA6B"}
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
import { SessionScope } from "../types/session-scope.js";
|
|
2
|
+
import { SecretRef } from "./secret-ref.js";
|
|
3
|
+
import { SecretValue } from "./secret-value.js";
|
|
4
|
+
|
|
5
|
+
//#region src/contracts/secrets-store.d.ts
|
|
6
|
+
|
|
7
|
+
/**
|
|
8
|
+
* Pluggable secret resolver — turns a parsed `SecretRef` into a live
|
|
9
|
+
* `SecretValue`. Concrete resolvers live in `@graphorin/security` (env,
|
|
10
|
+
* keyring, file, encrypted-file, literal, ref, vault) and in optional
|
|
11
|
+
* adapter packages (`@graphorin/secret-1password`, …).
|
|
12
|
+
*
|
|
13
|
+
* @stable
|
|
14
|
+
*/
|
|
15
|
+
interface SecretResolver {
|
|
16
|
+
/** Lowercased URI scheme handled by this resolver (`'env'`, `'op'`, …). */
|
|
17
|
+
readonly scheme: string;
|
|
18
|
+
resolve(ref: SecretRef, ctx?: SecretResolverContext): Promise<SecretValue>;
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Optional context handed to a resolver. Carries the originating tool /
|
|
22
|
+
* agent identifiers so the audit log can attribute the resolution.
|
|
23
|
+
*
|
|
24
|
+
* @stable
|
|
25
|
+
*/
|
|
26
|
+
interface SecretResolverContext {
|
|
27
|
+
readonly toolName?: string;
|
|
28
|
+
readonly agentId?: string;
|
|
29
|
+
readonly runId?: string;
|
|
30
|
+
readonly signal?: AbortSignal;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Pluggable secret-managing storage. Concrete implementations live in
|
|
34
|
+
* `@graphorin/security` (`KeyringSecretsStore`, `EncryptedFileSecretsStore`,
|
|
35
|
+
* `EnvSecretsStore`, `MemorySecretsStore`).
|
|
36
|
+
*
|
|
37
|
+
* The interface is intentionally narrow: every method either returns a
|
|
38
|
+
* `SecretValue` or a piece of metadata that is safe to log. The raw
|
|
39
|
+
* value is never returned as a `string` from this surface.
|
|
40
|
+
*
|
|
41
|
+
* @stable
|
|
42
|
+
*/
|
|
43
|
+
interface SecretsStore {
|
|
44
|
+
/** Returns the secret if it exists, `null` otherwise. */
|
|
45
|
+
get(key: string, scope?: SessionScope): Promise<SecretValue | null>;
|
|
46
|
+
/**
|
|
47
|
+
* Returns the secret or throws. Implementations enforce the per-tool
|
|
48
|
+
* `secretsAllowed` ACL: if the current tool context disallows `key`,
|
|
49
|
+
* throw `SecretAccessDeniedError`.
|
|
50
|
+
*/
|
|
51
|
+
require(key: string, scope?: SessionScope): Promise<SecretValue>;
|
|
52
|
+
/**
|
|
53
|
+
* Persist a secret. Implementations auto-wrap a plain string into a
|
|
54
|
+
* `SecretValue` so callers don't have to.
|
|
55
|
+
*/
|
|
56
|
+
set(key: string, value: string | SecretValue, opts?: SecretsSetOptions): Promise<void>;
|
|
57
|
+
delete(key: string, scope?: SessionScope): Promise<void>;
|
|
58
|
+
/** Returns metadata about every key — never the values themselves. */
|
|
59
|
+
list(scope?: SessionScope): Promise<ReadonlyArray<SecretMetadata>>;
|
|
60
|
+
}
|
|
61
|
+
/**
|
|
62
|
+
* Optional knobs for `SecretsStore.set(...)`.
|
|
63
|
+
*
|
|
64
|
+
* @stable
|
|
65
|
+
*/
|
|
66
|
+
interface SecretsSetOptions {
|
|
67
|
+
readonly scope?: SessionScope;
|
|
68
|
+
readonly expiresAt?: string;
|
|
69
|
+
readonly tags?: ReadonlyArray<string>;
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Public metadata about a stored secret. Safe to log — never carries the
|
|
73
|
+
* value itself.
|
|
74
|
+
*
|
|
75
|
+
* @stable
|
|
76
|
+
*/
|
|
77
|
+
interface SecretMetadata {
|
|
78
|
+
readonly key: string;
|
|
79
|
+
readonly createdAt: string;
|
|
80
|
+
readonly updatedAt?: string;
|
|
81
|
+
readonly expiresAt?: string;
|
|
82
|
+
readonly tags?: ReadonlyArray<string>;
|
|
83
|
+
readonly source?: string;
|
|
84
|
+
}
|
|
85
|
+
//#endregion
|
|
86
|
+
export { SecretMetadata, SecretResolver, SecretResolverContext, SecretsSetOptions, SecretsStore };
|
|
87
|
+
//# sourceMappingURL=secrets-store.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secrets-store.d.ts","names":[],"sources":["../../src/contracts/secrets-store.ts"],"sourcesContent":[],"mappings":";;;;;;;;AAYA;;;;;;AAYiB,UAZA,cAAA,CAYqB;EAkBrB;EAEU,SAAA,MAAA,EAAA,MAAA;EAAuB,OAAA,CAAA,GAAA,EA7BnC,SA6BmC,EAAA,GAAA,CAAA,EA7BlB,qBA6BkB,CAAA,EA7BM,OA6BN,CA7Bc,WA6Bd,CAAA;;;;;;;;AAepB,UAnCb,qBAAA,CAmCa;EAAe,SAAA,QAAA,CAAA,EAAA,MAAA;EAG9B,SAAA,OAAA,CAAA,EAAA,MAAA;EAAqC,SAAA,KAAA,CAAA,EAAA,MAAA;EAAd,SAAA,MAAA,CAAA,EAlClB,WAkCkB;;;AAQtC;AAYA;;;;;;;;;UAxCiB,YAAA;;2BAEU,eAAe,QAAQ;;;;;;+BAOnB,eAAe,QAAQ;;;;;mCAMnB,oBAAoB,oBAAoB;8BAE7C,eAAe;;eAG9B,eAAe,QAAQ,cAAc;;;;;;;UAQnC,iBAAA;mBACE;;kBAED;;;;;;;;UASD,cAAA;;;;;kBAKC"}
|
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
import { SessionScope } from "../types/session-scope.js";
|
|
2
|
+
import { HandoffRecord } from "../types/handoff.js";
|
|
3
|
+
|
|
4
|
+
//#region src/contracts/session-store.d.ts
|
|
5
|
+
|
|
6
|
+
/**
|
|
7
|
+
* Lightweight session metadata persisted by the sessions package. The
|
|
8
|
+
* actual `session_messages` rows are owned by `MemoryStore` (single source
|
|
9
|
+
* of truth — the sessions package delegates message CRUD to memory).
|
|
10
|
+
*
|
|
11
|
+
* @stable
|
|
12
|
+
*/
|
|
13
|
+
interface SessionMetadata {
|
|
14
|
+
readonly id: string;
|
|
15
|
+
readonly userId: string;
|
|
16
|
+
readonly agentId: string;
|
|
17
|
+
readonly title?: string;
|
|
18
|
+
readonly createdAt: string;
|
|
19
|
+
readonly updatedAt?: string;
|
|
20
|
+
readonly closedAt?: string;
|
|
21
|
+
readonly tags?: ReadonlyArray<string>;
|
|
22
|
+
}
|
|
23
|
+
/**
|
|
24
|
+
* Agent registry entry. Captures stable metadata about every agent that
|
|
25
|
+
* ever produced a message — so JSONL exports / replays can resolve a
|
|
26
|
+
* `Message.agentId` to a human-readable name even after the agent was
|
|
27
|
+
* renamed or retired.
|
|
28
|
+
*
|
|
29
|
+
* @stable
|
|
30
|
+
*/
|
|
31
|
+
interface AgentRegistryEntry {
|
|
32
|
+
readonly id: string;
|
|
33
|
+
readonly displayName: string;
|
|
34
|
+
readonly registeredAt: string;
|
|
35
|
+
readonly retiredAt?: string;
|
|
36
|
+
readonly tags?: ReadonlyArray<string>;
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Workflow ↔ session mapping row. Lets the server enumerate the
|
|
40
|
+
* workflows attached to a session for resume / replay flows.
|
|
41
|
+
*
|
|
42
|
+
* @stable
|
|
43
|
+
*/
|
|
44
|
+
interface SessionWorkflowRun {
|
|
45
|
+
readonly sessionId: string;
|
|
46
|
+
readonly workflowId: string;
|
|
47
|
+
readonly threadId: string;
|
|
48
|
+
readonly attachedAt: string;
|
|
49
|
+
readonly status: 'running' | 'suspended' | 'completed' | 'failed';
|
|
50
|
+
}
|
|
51
|
+
/**
|
|
52
|
+
* Session lifecycle audit event. The `@graphorin/sessions` package
|
|
53
|
+
* appends one row per noteworthy lifecycle step (`created`, `closed`,
|
|
54
|
+
* `forked`, `replayed`, `cassette-recorded`, `cassette-replayed`,
|
|
55
|
+
* `commentary-sanitized`, …) plus per-session-handoff. Adapters can
|
|
56
|
+
* surface the rows verbatim from disk.
|
|
57
|
+
*
|
|
58
|
+
* The `metadata` field is intentionally an open record — storage
|
|
59
|
+
* adapters serialize it as JSON. Callers should keep it small and
|
|
60
|
+
* never include secret values.
|
|
61
|
+
*
|
|
62
|
+
* @stable
|
|
63
|
+
*/
|
|
64
|
+
interface SessionAuditEntry {
|
|
65
|
+
readonly id: string;
|
|
66
|
+
readonly sessionId: string;
|
|
67
|
+
readonly action: string;
|
|
68
|
+
readonly at: string;
|
|
69
|
+
readonly actor?: {
|
|
70
|
+
readonly kind: string;
|
|
71
|
+
readonly id: string;
|
|
72
|
+
readonly label?: string;
|
|
73
|
+
};
|
|
74
|
+
readonly metadata?: Readonly<Record<string, unknown>>;
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Pluggable session-metadata storage. Implementations live in the
|
|
78
|
+
* storage adapter packages.
|
|
79
|
+
*
|
|
80
|
+
* @stable
|
|
81
|
+
*/
|
|
82
|
+
interface SessionStore {
|
|
83
|
+
createSession(metadata: SessionMetadata): Promise<void>;
|
|
84
|
+
getSession(sessionId: string): Promise<SessionMetadata | null>;
|
|
85
|
+
listSessions(scope: Pick<SessionScope, 'userId' | 'agentId'>): Promise<ReadonlyArray<SessionMetadata>>;
|
|
86
|
+
updateSession(sessionId: string, patch: Partial<SessionMetadata>): Promise<void>;
|
|
87
|
+
closeSession(sessionId: string, closedAt: string): Promise<void>;
|
|
88
|
+
registerAgent(entry: AgentRegistryEntry): Promise<void>;
|
|
89
|
+
retireAgent(agentId: string, retiredAt: string): Promise<void>;
|
|
90
|
+
resolveAgent(agentId: string): Promise<AgentRegistryEntry | null>;
|
|
91
|
+
appendHandoff(sessionId: string, record: HandoffRecord): Promise<void>;
|
|
92
|
+
listHandoffs(sessionId: string): Promise<ReadonlyArray<HandoffRecord>>;
|
|
93
|
+
attachWorkflowRun(run: SessionWorkflowRun): Promise<void>;
|
|
94
|
+
listWorkflowRuns(sessionId: string): Promise<ReadonlyArray<SessionWorkflowRun>>;
|
|
95
|
+
}
|
|
96
|
+
/**
|
|
97
|
+
* Optional extension surface for storage adapters that expose the
|
|
98
|
+
* additional capabilities `@graphorin/sessions` consumes.
|
|
99
|
+
* Adapters that opt out leave the property undefined; the sessions
|
|
100
|
+
* facade degrades gracefully (delete becomes retire; audit rows are
|
|
101
|
+
* dropped on the floor with a one-time WARN).
|
|
102
|
+
*
|
|
103
|
+
* Implementations: `SqliteSessionStore` (`@graphorin/store-sqlite`).
|
|
104
|
+
*
|
|
105
|
+
* @stable
|
|
106
|
+
*/
|
|
107
|
+
interface SessionStoreExt extends SessionStore {
|
|
108
|
+
/** Hard-delete an agent. Used by `AgentRegistry.delete(...)`. */
|
|
109
|
+
deleteAgent(agentId: string): Promise<void>;
|
|
110
|
+
/** List all known agents (including retired ones). */
|
|
111
|
+
listAgents(): Promise<ReadonlyArray<AgentRegistryEntry>>;
|
|
112
|
+
/** Update the status of a workflow attachment. */
|
|
113
|
+
updateWorkflowRunStatus(sessionId: string, workflowId: string, threadId: string, status: SessionWorkflowRun['status']): Promise<void>;
|
|
114
|
+
/** Append a session-lifecycle audit row. */
|
|
115
|
+
appendAuditEntry(entry: SessionAuditEntry): Promise<void>;
|
|
116
|
+
/** List recent audit rows for a session, newest-first. */
|
|
117
|
+
listAuditEntries(sessionId: string, opts?: {
|
|
118
|
+
readonly limit?: number;
|
|
119
|
+
}): Promise<ReadonlyArray<SessionAuditEntry>>;
|
|
120
|
+
/** Delete audit rows older than the supplied epoch ms. */
|
|
121
|
+
pruneAuditEntries(beforeEpochMs: number): Promise<number>;
|
|
122
|
+
/**
|
|
123
|
+
* Hard-delete a session and cascade its session-owned rows — handoffs,
|
|
124
|
+
* workflow-run attachments, and audit entries (RP-6). Message rows live in
|
|
125
|
+
* the `SessionMemoryStore` and are purged separately. A no-op for an unknown
|
|
126
|
+
* id.
|
|
127
|
+
*/
|
|
128
|
+
deleteSession(sessionId: string): Promise<void>;
|
|
129
|
+
/**
|
|
130
|
+
* Retention sweep (RP-6): hard-delete (cascade) every session matching the
|
|
131
|
+
* policy. `beforeEpochMs` limits to sessions created before that instant;
|
|
132
|
+
* `closedOnly` limits to closed sessions. With neither, deletes all sessions.
|
|
133
|
+
* Returns the number of sessions deleted.
|
|
134
|
+
*/
|
|
135
|
+
pruneSessions(opts: {
|
|
136
|
+
readonly beforeEpochMs?: number;
|
|
137
|
+
readonly closedOnly?: boolean;
|
|
138
|
+
}): Promise<number>;
|
|
139
|
+
}
|
|
140
|
+
//#endregion
|
|
141
|
+
export { AgentRegistryEntry, SessionAuditEntry, SessionMetadata, SessionStore, SessionStoreExt, SessionWorkflowRun };
|
|
142
|
+
//# sourceMappingURL=session-store.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session-store.d.ts","names":[],"sources":["../../src/contracts/session-store.ts"],"sourcesContent":[],"mappings":";;;;;;;AAUA;AAmBA;AAcA;AAqBA;AAmBA;AAC0B,UA1ET,eAAA,CA0ES;EAAkB,SAAA,EAAA,EAAA,MAAA;EACH,SAAA,MAAA,EAAA,MAAA;EAAR,SAAA,OAAA,EAAA,MAAA;EAEjB,SAAA,KAAA,CAAA,EAAA,MAAA;EAAL,SAAA,SAAA,EAAA,MAAA;EACgB,SAAA,SAAA,CAAA,EAAA,MAAA;EAAd,SAAA,QAAA,CAAA,EAAA,MAAA;EAAR,SAAA,IAAA,CAAA,EAtEa,aAsEb,CAAA,MAAA,CAAA;;;;;;;;;;AAQsC,UAnE1B,kBAAA,CAmE0B;EAAgB,SAAA,EAAA,EAAA,MAAA;EACF,SAAA,WAAA,EAAA,MAAA;EAAd,SAAA,YAAA,EAAA,MAAA;EAAR,SAAA,SAAA,CAAA,EAAA,MAAA;EAEV,SAAA,IAAA,CAAA,EAjEP,aAiEO,CAAA,MAAA,CAAA;;;;;;AAezB;;AAIsC,UA3ErB,kBAAA,CA2EqB;EAAd,SAAA,SAAA,EAAA,MAAA;EAAR,SAAA,UAAA,EAAA,MAAA;EAMJ,SAAA,QAAA,EAAA,MAAA;EACP,SAAA,UAAA,EAAA,MAAA;EAEqB,SAAA,MAAA,EAAA,SAAA,GAAA,WAAA,GAAA,WAAA,GAAA,QAAA;;;;;;;;;;;;;;;UA/DT,iBAAA;;;;;;;;;;sBAUK,SAAS;;;;;;;;UASd,YAAA;0BACS,kBAAkB;iCACX,QAAQ;sBAE9B,KAAK,sCACX,QAAQ,cAAc;0CACe,QAAQ,mBAAmB;qDAChB;uBAE9B,qBAAqB;mDACO;iCAClB,QAAQ;2CAEE,gBAAgB;mCACxB,QAAQ,cAAc;yBAEhC,qBAAqB;uCACP,QAAQ,cAAc;;;;;;;;;;;;;UAc5C,eAAA,SAAwB;;gCAET;;gBAEhB,QAAQ,cAAc;;2FAM1B,+BACP;;0BAEqB,oBAAoB;;;;MAKzC,QAAQ,cAAc;;4CAEiB;;;;;;;oCAOR;;;;;;;;;;MAU9B"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import { Message } from "../types/message.js";
|
|
2
|
+
|
|
3
|
+
//#region src/contracts/token-counter.d.ts
|
|
4
|
+
|
|
5
|
+
/**
|
|
6
|
+
* Pluggable token counter. Implementations live in `@graphorin/provider`
|
|
7
|
+
* (default `JsTiktokenCounter` for OpenAI/compatible, plus per-vendor
|
|
8
|
+
* native counters) and are interchangeable behind this interface.
|
|
9
|
+
*
|
|
10
|
+
* Counters carry a `version` field so that consumers (e.g. the
|
|
11
|
+
* `session_messages.tokenizer_version` cache column) can invalidate stale
|
|
12
|
+
* cached counts when the underlying tokenizer is upgraded.
|
|
13
|
+
*
|
|
14
|
+
* @stable
|
|
15
|
+
*/
|
|
16
|
+
interface TokenCounter {
|
|
17
|
+
/** Human-readable identifier (`'js-tiktoken@cl100k_base'`, …). */
|
|
18
|
+
readonly id: string;
|
|
19
|
+
/** Tokenizer version string used for cache invalidation. */
|
|
20
|
+
readonly version: string;
|
|
21
|
+
/** Count tokens in a list of `Message`s (system/user/assistant/tool). */
|
|
22
|
+
count(messages: ReadonlyArray<Message>): Promise<number>;
|
|
23
|
+
/** Count tokens in a raw text string. */
|
|
24
|
+
countText(text: string): Promise<number>;
|
|
25
|
+
}
|
|
26
|
+
//#endregion
|
|
27
|
+
export { TokenCounter };
|
|
28
|
+
//# sourceMappingURL=token-counter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-counter.d.ts","names":[],"sources":["../../src/contracts/token-counter.ts"],"sourcesContent":[],"mappings":";;;;;;AAaA;;;;;;;;;UAAiB,YAAA;;;;;;kBAMC,cAAc,WAAW;;2BAEhB"}
|