@inkeep/agents-core 0.42.0 → 0.44.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/auth.d.ts +28 -26
- package/dist/auth/auth.js +21 -16
- package/dist/auth/authz/client.d.ts +8 -3
- package/dist/auth/authz/client.js +23 -17
- package/dist/auth/authz/config.d.ts +50 -29
- package/dist/auth/authz/config.js +42 -33
- package/dist/auth/authz/index.d.ts +3 -3
- package/dist/auth/authz/index.js +3 -3
- package/dist/auth/authz/permissions.d.ts +0 -4
- package/dist/auth/authz/permissions.js +9 -13
- package/dist/auth/authz/sync.d.ts +23 -2
- package/dist/auth/authz/sync.js +127 -53
- package/dist/auth/init.d.ts +1 -0
- package/dist/auth/init.js +115 -0
- package/dist/auth/permissions.d.ts +9 -9
- package/dist/client-exports.d.ts +3 -6
- package/dist/client-exports.js +4 -7
- package/dist/constants/execution-limits-shared/defaults.d.ts +1 -1
- package/dist/constants/execution-limits-shared/defaults.js +1 -1
- package/dist/constants/execution-limits-shared/index.d.ts +1 -1
- package/dist/constants/otel-attributes.d.ts +5 -0
- package/dist/constants/otel-attributes.js +8 -3
- package/dist/constants/signoz-queries.d.ts +1 -0
- package/dist/constants/signoz-queries.js +2 -1
- package/dist/context/TemplateEngine.d.ts +0 -6
- package/dist/context/TemplateEngine.js +4 -18
- package/dist/credential-stores/keychain-store.d.ts +20 -8
- package/dist/credential-stores/keychain-store.js +107 -43
- package/dist/data-access/index.d.ts +5 -4
- package/dist/data-access/index.js +5 -4
- package/dist/data-access/manage/agentFull.js +70 -25
- package/dist/data-access/manage/agents.d.ts +41 -41
- package/dist/data-access/manage/agents.js +29 -21
- package/dist/data-access/manage/artifactComponents.d.ts +12 -12
- package/dist/data-access/manage/artifactComponents.js +1 -1
- package/dist/data-access/manage/contextConfigs.d.ts +12 -12
- package/dist/data-access/manage/dataComponents.d.ts +6 -6
- package/dist/data-access/manage/dataComponents.js +1 -1
- package/dist/data-access/manage/functionTools.d.ts +44 -21
- package/dist/data-access/manage/functionTools.js +34 -22
- package/dist/data-access/manage/subAgentExternalAgentRelations.d.ts +24 -24
- package/dist/data-access/manage/subAgentRelations.d.ts +26 -26
- package/dist/data-access/manage/subAgentTeamAgentRelations.d.ts +18 -18
- package/dist/data-access/manage/subAgents.d.ts +15 -15
- package/dist/data-access/manage/tools.d.ts +39 -28
- package/dist/data-access/manage/tools.js +73 -31
- package/dist/data-access/manage/triggers.d.ts +27 -1
- package/dist/data-access/runtime/apiKeys.d.ts +20 -20
- package/dist/data-access/runtime/cascade-delete.d.ts +48 -1
- package/dist/data-access/runtime/cascade-delete.js +52 -2
- package/dist/data-access/runtime/conversations.d.ts +24 -24
- package/dist/data-access/runtime/github-work-app-installations.d.ts +261 -0
- package/dist/data-access/runtime/github-work-app-installations.js +457 -0
- package/dist/data-access/runtime/messages.d.ts +18 -18
- package/dist/data-access/runtime/organizations.d.ts +2 -2
- package/dist/data-access/runtime/organizations.js +4 -4
- package/dist/data-access/runtime/tasks.d.ts +6 -6
- package/dist/db/manage/manage-schema.d.ts +533 -402
- package/dist/db/manage/manage-schema.js +38 -27
- package/dist/db/runtime/runtime-schema.d.ts +1021 -177
- package/dist/db/runtime/runtime-schema.js +173 -5
- package/dist/db/utils.d.ts +6 -0
- package/dist/db/utils.js +42 -0
- package/dist/dolt/branch.js +1 -1
- package/dist/dolt/branches-api.js +1 -1
- package/dist/dolt/index.d.ts +2 -2
- package/dist/dolt/index.js +4 -4
- package/dist/dolt/migrate-all-branches.js +6 -1
- package/dist/dolt/migrate-dolt.js +4 -1
- package/dist/dolt/ref-helpers.js +1 -1
- package/dist/dolt/ref-middleware.js +1 -1
- package/dist/dolt/ref-scope.js +1 -1
- package/dist/dolt/schema-sync.d.ts +2 -1
- package/dist/dolt/schema-sync.js +10 -1
- package/dist/env.d.ts +6 -4
- package/dist/env.js +11 -10
- package/dist/index.d.ts +15 -16
- package/dist/index.js +23 -24
- package/dist/types/@napi-rs__keyring/index.d.ts +14 -0
- package/dist/types/entities.d.ts +9 -2
- package/dist/types/index.d.ts +3 -3
- package/dist/types/utility.d.ts +17 -3
- package/dist/types/utility.js +2 -1
- package/dist/utils/JsonTransformer.d.ts +1 -3
- package/dist/utils/JsonTransformer.js +14 -23
- package/dist/utils/index.d.ts +3 -3
- package/dist/utils/index.js +3 -3
- package/dist/utils/jmespath-utils.d.ts +152 -0
- package/dist/utils/jmespath-utils.js +213 -0
- package/dist/utils/mcp-client.d.ts +1 -1
- package/dist/utils/mcp-client.js +1 -1
- package/dist/utils/signature-validation.d.ts +2 -0
- package/dist/utils/signature-validation.js +3 -0
- package/dist/utils/third-party-mcp-servers/composio-client.d.ts +13 -1
- package/dist/utils/third-party-mcp-servers/composio-client.js +24 -6
- package/dist/utils/third-party-mcp-servers/index.d.ts +2 -2
- package/dist/utils/third-party-mcp-servers/index.js +2 -2
- package/dist/utils/trigger-auth.d.ts +31 -8
- package/dist/utils/trigger-auth.js +121 -13
- package/dist/validation/agentFull.js +1 -1
- package/dist/validation/drizzle-schema-helpers.d.ts +4 -23
- package/dist/validation/drizzle-schema-helpers.js +3 -30
- package/dist/validation/index.d.ts +3 -5
- package/dist/validation/index.js +5 -7
- package/dist/validation/render-validation.js +19 -0
- package/dist/validation/schemas.d.ts +3675 -1665
- package/dist/validation/schemas.js +409 -94
- package/dist/validation/stream-event-schemas.d.ts +96 -1
- package/dist/validation/stream-event-schemas.js +67 -2
- package/drizzle/manage/0003_tiny_captain_universe.sql +8 -0
- package/drizzle/manage/0004_curious_phil_sheldon.sql +2 -0
- package/drizzle/manage/0005_silent_shatterstar.sql +53 -0
- package/drizzle/manage/0006_fixed_umar.sql +1 -0
- package/drizzle/manage/meta/0003_snapshot.json +3134 -0
- package/drizzle/manage/meta/0004_snapshot.json +3141 -0
- package/drizzle/manage/meta/0005_snapshot.json +3141 -0
- package/drizzle/manage/meta/0006_snapshot.json +3148 -0
- package/drizzle/manage/meta/_journal.json +28 -0
- package/drizzle/runtime/0010_previous_black_knight.sql +84 -0
- package/drizzle/runtime/meta/0010_snapshot.json +3066 -0
- package/drizzle/runtime/meta/_journal.json +7 -0
- package/package.json +12 -5
- package/spicedb/schema.zed +114 -0
- package/dist/validation/id-validation.d.ts +0 -24
- package/dist/validation/id-validation.js +0 -52
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { OrgRoles, SpiceDbProjectPermissions, SpiceDbResourceTypes } from "./config.js";
|
|
2
2
|
import { checkPermission, lookupResources } from "./client.js";
|
|
3
3
|
|
|
4
4
|
//#region src/auth/authz/permissions.ts
|
|
@@ -15,12 +15,11 @@ import { checkPermission, lookupResources } from "./client.js";
|
|
|
15
15
|
* - Otherwise: checks SpiceDB
|
|
16
16
|
*/
|
|
17
17
|
async function canViewProject(params) {
|
|
18
|
-
if (
|
|
19
|
-
if (params.orgRole === "owner" || params.orgRole === "admin") return true;
|
|
18
|
+
if (params.orgRole === OrgRoles.OWNER || params.orgRole === OrgRoles.ADMIN) return true;
|
|
20
19
|
return checkPermission({
|
|
21
20
|
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
22
21
|
resourceId: params.projectId,
|
|
23
|
-
permission:
|
|
22
|
+
permission: SpiceDbProjectPermissions.VIEW,
|
|
24
23
|
subjectType: SpiceDbResourceTypes.USER,
|
|
25
24
|
subjectId: params.userId
|
|
26
25
|
});
|
|
@@ -33,12 +32,11 @@ async function canViewProject(params) {
|
|
|
33
32
|
* - Otherwise: checks SpiceDB for use permission
|
|
34
33
|
*/
|
|
35
34
|
async function canUseProject(params) {
|
|
36
|
-
if (
|
|
37
|
-
if (params.orgRole === "owner" || params.orgRole === "admin") return true;
|
|
35
|
+
if (params.orgRole === OrgRoles.OWNER || params.orgRole === OrgRoles.ADMIN) return true;
|
|
38
36
|
return checkPermission({
|
|
39
37
|
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
40
38
|
resourceId: params.projectId,
|
|
41
|
-
permission:
|
|
39
|
+
permission: SpiceDbProjectPermissions.USE,
|
|
42
40
|
subjectType: SpiceDbResourceTypes.USER,
|
|
43
41
|
subjectId: params.userId
|
|
44
42
|
});
|
|
@@ -51,12 +49,11 @@ async function canUseProject(params) {
|
|
|
51
49
|
* - Otherwise: checks SpiceDB for edit permission
|
|
52
50
|
*/
|
|
53
51
|
async function canEditProject(params) {
|
|
54
|
-
if (
|
|
55
|
-
if (params.orgRole === "owner" || params.orgRole === "admin") return true;
|
|
52
|
+
if (params.orgRole === OrgRoles.OWNER || params.orgRole === OrgRoles.ADMIN) return true;
|
|
56
53
|
return checkPermission({
|
|
57
54
|
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
58
55
|
resourceId: params.projectId,
|
|
59
|
-
permission:
|
|
56
|
+
permission: SpiceDbProjectPermissions.EDIT,
|
|
60
57
|
subjectType: SpiceDbResourceTypes.USER,
|
|
61
58
|
subjectId: params.userId
|
|
62
59
|
});
|
|
@@ -69,11 +66,10 @@ async function canEditProject(params) {
|
|
|
69
66
|
* - Otherwise: uses SpiceDB LookupResources
|
|
70
67
|
*/
|
|
71
68
|
async function listAccessibleProjectIds(params) {
|
|
72
|
-
if (
|
|
73
|
-
if (params.orgRole === "owner" || params.orgRole === "admin") return "all";
|
|
69
|
+
if (params.orgRole === OrgRoles.OWNER || params.orgRole === OrgRoles.ADMIN) return "all";
|
|
74
70
|
return lookupResources({
|
|
75
71
|
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
76
|
-
permission:
|
|
72
|
+
permission: SpiceDbProjectPermissions.VIEW,
|
|
77
73
|
subjectType: SpiceDbResourceTypes.USER,
|
|
78
74
|
subjectId: params.userId
|
|
79
75
|
});
|
|
@@ -25,7 +25,7 @@ declare function changeOrgRole(params: {
|
|
|
25
25
|
}): Promise<void>;
|
|
26
26
|
/**
|
|
27
27
|
* Sync a new project to SpiceDB.
|
|
28
|
-
* Links project to org and grants creator project_admin role.
|
|
28
|
+
* Links project to org and grants creator project_admin role (if not already org admin/owner).
|
|
29
29
|
* Call when: project is created.
|
|
30
30
|
*/
|
|
31
31
|
declare function syncProjectToSpiceDb(params: {
|
|
@@ -81,5 +81,26 @@ declare function listProjectMembers(params: {
|
|
|
81
81
|
userId: string;
|
|
82
82
|
role: ProjectRole;
|
|
83
83
|
}>>;
|
|
84
|
+
/**
|
|
85
|
+
* List all project memberships for a specific user.
|
|
86
|
+
* Returns projects where the user has explicit project_admin, project_member, or project_viewer roles.
|
|
87
|
+
*/
|
|
88
|
+
declare function listUserProjectMembershipsInSpiceDb(params: {
|
|
89
|
+
tenantId: string;
|
|
90
|
+
userId: string;
|
|
91
|
+
}): Promise<Array<{
|
|
92
|
+
projectId: string;
|
|
93
|
+
role: ProjectRole;
|
|
94
|
+
}>>;
|
|
95
|
+
/**
|
|
96
|
+
* Revoke all project memberships for a user.
|
|
97
|
+
* Call when: user is promoted to org admin (they get inherited access, explicit project roles become redundant).
|
|
98
|
+
*
|
|
99
|
+
* Uses efficient bulk delete - deletes all project relationships for user without listing first.
|
|
100
|
+
*/
|
|
101
|
+
declare function revokeAllProjectMemberships(params: {
|
|
102
|
+
tenantId: string;
|
|
103
|
+
userId: string;
|
|
104
|
+
}): Promise<void>;
|
|
84
105
|
//#endregion
|
|
85
|
-
export { changeOrgRole, changeProjectRole, grantProjectAccess, listProjectMembers, removeProjectFromSpiceDb, revokeProjectAccess, syncOrgMemberToSpiceDb, syncProjectToSpiceDb };
|
|
106
|
+
export { changeOrgRole, changeProjectRole, grantProjectAccess, listProjectMembers, listUserProjectMembershipsInSpiceDb, removeProjectFromSpiceDb, revokeAllProjectMemberships, revokeProjectAccess, syncOrgMemberToSpiceDb, syncProjectToSpiceDb };
|
package/dist/auth/authz/sync.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { SpiceDbRelations, SpiceDbResourceTypes
|
|
2
|
-
import { deleteRelationship, getSpiceClient, readRelationships, writeRelationship } from "./client.js";
|
|
1
|
+
import { SpiceDbRelations, SpiceDbResourceTypes } from "./config.js";
|
|
2
|
+
import { RelationshipOperation, deleteRelationship, getSpiceClient, readRelationships, writeRelationship } from "./client.js";
|
|
3
3
|
|
|
4
4
|
//#region src/auth/authz/sync.ts
|
|
5
5
|
/**
|
|
@@ -7,15 +7,11 @@ import { deleteRelationship, getSpiceClient, readRelationships, writeRelationshi
|
|
|
7
7
|
*
|
|
8
8
|
* Functions for syncing data between better-auth and SpiceDB.
|
|
9
9
|
*/
|
|
10
|
-
const RELATIONSHIP_OPERATION_CREATE = 1;
|
|
11
|
-
const RELATIONSHIP_OPERATION_TOUCH = 2;
|
|
12
|
-
const RELATIONSHIP_OPERATION_DELETE = 3;
|
|
13
10
|
/**
|
|
14
11
|
* Sync a user's org membership to SpiceDB.
|
|
15
12
|
* Call when: user joins org, role changes, user leaves org.
|
|
16
13
|
*/
|
|
17
14
|
async function syncOrgMemberToSpiceDb(params) {
|
|
18
|
-
if (!isAuthzEnabled(params.tenantId)) return;
|
|
19
15
|
if (params.action === "add") await writeRelationship({
|
|
20
16
|
resourceType: SpiceDbResourceTypes.ORGANIZATION,
|
|
21
17
|
resourceId: params.tenantId,
|
|
@@ -37,11 +33,10 @@ async function syncOrgMemberToSpiceDb(params) {
|
|
|
37
33
|
* Call when: user's org role is updated (e.g., member -> admin).
|
|
38
34
|
*/
|
|
39
35
|
async function changeOrgRole(params) {
|
|
40
|
-
if (!isAuthzEnabled(params.tenantId)) return;
|
|
41
36
|
if (params.oldRole === params.newRole) return;
|
|
42
37
|
await getSpiceClient().promises.writeRelationships({
|
|
43
38
|
updates: [{
|
|
44
|
-
operation:
|
|
39
|
+
operation: RelationshipOperation.DELETE,
|
|
45
40
|
relationship: {
|
|
46
41
|
resource: {
|
|
47
42
|
objectType: SpiceDbResourceTypes.ORGANIZATION,
|
|
@@ -58,7 +53,7 @@ async function changeOrgRole(params) {
|
|
|
58
53
|
optionalCaveat: void 0
|
|
59
54
|
}
|
|
60
55
|
}, {
|
|
61
|
-
operation:
|
|
56
|
+
operation: RelationshipOperation.TOUCH,
|
|
62
57
|
relationship: {
|
|
63
58
|
resource: {
|
|
64
59
|
objectType: SpiceDbResourceTypes.ORGANIZATION,
|
|
@@ -81,47 +76,55 @@ async function changeOrgRole(params) {
|
|
|
81
76
|
}
|
|
82
77
|
/**
|
|
83
78
|
* Sync a new project to SpiceDB.
|
|
84
|
-
* Links project to org and grants creator project_admin role.
|
|
79
|
+
* Links project to org and grants creator project_admin role (if not already org admin/owner).
|
|
85
80
|
* Call when: project is created.
|
|
86
81
|
*/
|
|
87
82
|
async function syncProjectToSpiceDb(params) {
|
|
88
|
-
|
|
89
|
-
await
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
}, {
|
|
108
|
-
operation: RELATIONSHIP_OPERATION_CREATE,
|
|
109
|
-
relationship: {
|
|
110
|
-
resource: {
|
|
111
|
-
objectType: SpiceDbResourceTypes.PROJECT,
|
|
112
|
-
objectId: params.projectId
|
|
83
|
+
const spice = getSpiceClient();
|
|
84
|
+
const isOrgAdminOrOwner = (await readRelationships({
|
|
85
|
+
resourceType: SpiceDbResourceTypes.ORGANIZATION,
|
|
86
|
+
resourceId: params.tenantId,
|
|
87
|
+
subjectType: SpiceDbResourceTypes.USER,
|
|
88
|
+
subjectId: params.creatorUserId
|
|
89
|
+
})).some((r) => r.relation === SpiceDbRelations.ADMIN || r.relation === SpiceDbRelations.OWNER);
|
|
90
|
+
const updates = [{
|
|
91
|
+
operation: RelationshipOperation.CREATE,
|
|
92
|
+
relationship: {
|
|
93
|
+
resource: {
|
|
94
|
+
objectType: SpiceDbResourceTypes.PROJECT,
|
|
95
|
+
objectId: params.projectId
|
|
96
|
+
},
|
|
97
|
+
relation: SpiceDbRelations.ORGANIZATION,
|
|
98
|
+
subject: {
|
|
99
|
+
object: {
|
|
100
|
+
objectType: SpiceDbResourceTypes.ORGANIZATION,
|
|
101
|
+
objectId: params.tenantId
|
|
113
102
|
},
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
103
|
+
optionalRelation: ""
|
|
104
|
+
},
|
|
105
|
+
optionalCaveat: void 0
|
|
106
|
+
}
|
|
107
|
+
}];
|
|
108
|
+
if (!isOrgAdminOrOwner) updates.push({
|
|
109
|
+
operation: RelationshipOperation.CREATE,
|
|
110
|
+
relationship: {
|
|
111
|
+
resource: {
|
|
112
|
+
objectType: SpiceDbResourceTypes.PROJECT,
|
|
113
|
+
objectId: params.projectId
|
|
114
|
+
},
|
|
115
|
+
relation: SpiceDbRelations.PROJECT_ADMIN,
|
|
116
|
+
subject: {
|
|
117
|
+
object: {
|
|
118
|
+
objectType: SpiceDbResourceTypes.USER,
|
|
119
|
+
objectId: params.creatorUserId
|
|
121
120
|
},
|
|
122
|
-
|
|
123
|
-
}
|
|
124
|
-
|
|
121
|
+
optionalRelation: ""
|
|
122
|
+
},
|
|
123
|
+
optionalCaveat: void 0
|
|
124
|
+
}
|
|
125
|
+
});
|
|
126
|
+
await spice.promises.writeRelationships({
|
|
127
|
+
updates,
|
|
125
128
|
optionalPreconditions: [],
|
|
126
129
|
optionalTransactionMetadata: void 0
|
|
127
130
|
});
|
|
@@ -130,7 +133,6 @@ async function syncProjectToSpiceDb(params) {
|
|
|
130
133
|
* Grant project access to a user.
|
|
131
134
|
*/
|
|
132
135
|
async function grantProjectAccess(params) {
|
|
133
|
-
if (!isAuthzEnabled(params.tenantId)) throw new Error("Authorization is not enabled");
|
|
134
136
|
await writeRelationship({
|
|
135
137
|
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
136
138
|
resourceId: params.projectId,
|
|
@@ -143,7 +145,6 @@ async function grantProjectAccess(params) {
|
|
|
143
145
|
* Revoke project access from a user.
|
|
144
146
|
*/
|
|
145
147
|
async function revokeProjectAccess(params) {
|
|
146
|
-
if (!isAuthzEnabled(params.tenantId)) throw new Error("Authorization is not enabled");
|
|
147
148
|
await deleteRelationship({
|
|
148
149
|
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
149
150
|
resourceId: params.projectId,
|
|
@@ -157,11 +158,10 @@ async function revokeProjectAccess(params) {
|
|
|
157
158
|
* Removes the old role and adds the new one atomically in a single transaction.
|
|
158
159
|
*/
|
|
159
160
|
async function changeProjectRole(params) {
|
|
160
|
-
if (!isAuthzEnabled(params.tenantId)) throw new Error("Authorization is not enabled");
|
|
161
161
|
if (params.oldRole === params.newRole) return;
|
|
162
162
|
await getSpiceClient().promises.writeRelationships({
|
|
163
163
|
updates: [{
|
|
164
|
-
operation:
|
|
164
|
+
operation: RelationshipOperation.DELETE,
|
|
165
165
|
relationship: {
|
|
166
166
|
resource: {
|
|
167
167
|
objectType: SpiceDbResourceTypes.PROJECT,
|
|
@@ -178,7 +178,7 @@ async function changeProjectRole(params) {
|
|
|
178
178
|
optionalCaveat: void 0
|
|
179
179
|
}
|
|
180
180
|
}, {
|
|
181
|
-
operation:
|
|
181
|
+
operation: RelationshipOperation.TOUCH,
|
|
182
182
|
relationship: {
|
|
183
183
|
resource: {
|
|
184
184
|
objectType: SpiceDbResourceTypes.PROJECT,
|
|
@@ -204,7 +204,6 @@ async function changeProjectRole(params) {
|
|
|
204
204
|
* Call when: project is deleted.
|
|
205
205
|
*/
|
|
206
206
|
async function removeProjectFromSpiceDb(params) {
|
|
207
|
-
if (!isAuthzEnabled(params.tenantId)) return;
|
|
208
207
|
await getSpiceClient().promises.deleteRelationships({
|
|
209
208
|
relationshipFilter: {
|
|
210
209
|
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
@@ -223,7 +222,6 @@ async function removeProjectFromSpiceDb(params) {
|
|
|
223
222
|
* Returns users with project_admin, project_member, or project_viewer roles.
|
|
224
223
|
*/
|
|
225
224
|
async function listProjectMembers(params) {
|
|
226
|
-
if (!isAuthzEnabled(params.tenantId)) return [];
|
|
227
225
|
return (await readRelationships({
|
|
228
226
|
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
229
227
|
resourceId: params.projectId
|
|
@@ -232,6 +230,82 @@ async function listProjectMembers(params) {
|
|
|
232
230
|
role: rel.relation
|
|
233
231
|
}));
|
|
234
232
|
}
|
|
233
|
+
/**
|
|
234
|
+
* List all project memberships for a specific user.
|
|
235
|
+
* Returns projects where the user has explicit project_admin, project_member, or project_viewer roles.
|
|
236
|
+
*/
|
|
237
|
+
async function listUserProjectMembershipsInSpiceDb(params) {
|
|
238
|
+
return (await readRelationships({
|
|
239
|
+
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
240
|
+
subjectType: SpiceDbResourceTypes.USER,
|
|
241
|
+
subjectId: params.userId
|
|
242
|
+
})).filter((rel) => rel.relation === SpiceDbRelations.PROJECT_ADMIN || rel.relation === SpiceDbRelations.PROJECT_MEMBER || rel.relation === SpiceDbRelations.PROJECT_VIEWER).map((rel) => ({
|
|
243
|
+
projectId: rel.resourceId,
|
|
244
|
+
role: rel.relation
|
|
245
|
+
}));
|
|
246
|
+
}
|
|
247
|
+
/**
|
|
248
|
+
* Revoke all project memberships for a user.
|
|
249
|
+
* Call when: user is promoted to org admin (they get inherited access, explicit project roles become redundant).
|
|
250
|
+
*
|
|
251
|
+
* Uses efficient bulk delete - deletes all project relationships for user without listing first.
|
|
252
|
+
*/
|
|
253
|
+
async function revokeAllProjectMemberships(params) {
|
|
254
|
+
const spice = getSpiceClient();
|
|
255
|
+
await Promise.all([
|
|
256
|
+
spice.promises.deleteRelationships({
|
|
257
|
+
relationshipFilter: {
|
|
258
|
+
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
259
|
+
optionalResourceId: "",
|
|
260
|
+
optionalResourceIdPrefix: "",
|
|
261
|
+
optionalRelation: SpiceDbRelations.PROJECT_ADMIN,
|
|
262
|
+
optionalSubjectFilter: {
|
|
263
|
+
subjectType: SpiceDbResourceTypes.USER,
|
|
264
|
+
optionalSubjectId: params.userId,
|
|
265
|
+
optionalRelation: void 0
|
|
266
|
+
}
|
|
267
|
+
},
|
|
268
|
+
optionalPreconditions: [],
|
|
269
|
+
optionalLimit: 0,
|
|
270
|
+
optionalAllowPartialDeletions: false,
|
|
271
|
+
optionalTransactionMetadata: void 0
|
|
272
|
+
}),
|
|
273
|
+
spice.promises.deleteRelationships({
|
|
274
|
+
relationshipFilter: {
|
|
275
|
+
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
276
|
+
optionalResourceId: "",
|
|
277
|
+
optionalResourceIdPrefix: "",
|
|
278
|
+
optionalRelation: SpiceDbRelations.PROJECT_MEMBER,
|
|
279
|
+
optionalSubjectFilter: {
|
|
280
|
+
subjectType: SpiceDbResourceTypes.USER,
|
|
281
|
+
optionalSubjectId: params.userId,
|
|
282
|
+
optionalRelation: void 0
|
|
283
|
+
}
|
|
284
|
+
},
|
|
285
|
+
optionalPreconditions: [],
|
|
286
|
+
optionalLimit: 0,
|
|
287
|
+
optionalAllowPartialDeletions: false,
|
|
288
|
+
optionalTransactionMetadata: void 0
|
|
289
|
+
}),
|
|
290
|
+
spice.promises.deleteRelationships({
|
|
291
|
+
relationshipFilter: {
|
|
292
|
+
resourceType: SpiceDbResourceTypes.PROJECT,
|
|
293
|
+
optionalResourceId: "",
|
|
294
|
+
optionalResourceIdPrefix: "",
|
|
295
|
+
optionalRelation: SpiceDbRelations.PROJECT_VIEWER,
|
|
296
|
+
optionalSubjectFilter: {
|
|
297
|
+
subjectType: SpiceDbResourceTypes.USER,
|
|
298
|
+
optionalSubjectId: params.userId,
|
|
299
|
+
optionalRelation: void 0
|
|
300
|
+
}
|
|
301
|
+
},
|
|
302
|
+
optionalPreconditions: [],
|
|
303
|
+
optionalLimit: 0,
|
|
304
|
+
optionalAllowPartialDeletions: false,
|
|
305
|
+
optionalTransactionMetadata: void 0
|
|
306
|
+
})
|
|
307
|
+
]);
|
|
308
|
+
}
|
|
235
309
|
|
|
236
310
|
//#endregion
|
|
237
|
-
export { changeOrgRole, changeProjectRole, grantProjectAccess, listProjectMembers, removeProjectFromSpiceDb, revokeProjectAccess, syncOrgMemberToSpiceDb, syncProjectToSpiceDb };
|
|
311
|
+
export { changeOrgRole, changeProjectRole, grantProjectAccess, listProjectMembers, listUserProjectMembershipsInSpiceDb, removeProjectFromSpiceDb, revokeAllProjectMemberships, revokeProjectAccess, syncOrgMemberToSpiceDb, syncProjectToSpiceDb };
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export { };
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
import { OrgRoles } from "./authz/config.js";
|
|
2
|
+
import { loadEnvironmentFiles } from "../env.js";
|
|
3
|
+
import { syncOrgMemberToSpiceDb } from "./authz/sync.js";
|
|
4
|
+
import "./authz/index.js";
|
|
5
|
+
import { createAgentsRunDatabaseClient } from "../db/runtime/runtime-client.js";
|
|
6
|
+
import { addUserToOrganization, upsertOrganization } from "../data-access/runtime/organizations.js";
|
|
7
|
+
import { getUserByEmail } from "../data-access/runtime/users.js";
|
|
8
|
+
import { createAuth } from "./auth.js";
|
|
9
|
+
|
|
10
|
+
//#region src/auth/init.ts
|
|
11
|
+
/**
|
|
12
|
+
* Standalone initialization script for creating the default organization and admin user.
|
|
13
|
+
* This script is designed to run during setup/migration, NOT at server startup.
|
|
14
|
+
*
|
|
15
|
+
* Uses upsertOrganization to create org with TENANT_ID as the actual organization ID,
|
|
16
|
+
* and Better Auth's API for user creation.
|
|
17
|
+
*
|
|
18
|
+
* Usage: pnpm db:auth:init
|
|
19
|
+
*
|
|
20
|
+
* Required environment variables:
|
|
21
|
+
* - INKEEP_AGENTS_RUN_DATABASE_URL: PostgreSQL connection string
|
|
22
|
+
* - TENANT_ID: Organization/tenant ID (defaults to 'default') - this becomes the org ID
|
|
23
|
+
* - INKEEP_AGENTS_MANAGE_UI_USERNAME: Admin email address
|
|
24
|
+
* - INKEEP_AGENTS_MANAGE_UI_PASSWORD: Admin password (min 8 chars)
|
|
25
|
+
* - BETTER_AUTH_SECRET: Secret for Better Auth
|
|
26
|
+
*
|
|
27
|
+
* Optional environment variables:
|
|
28
|
+
* - INKEEP_AGENTS_API_URL: API URL for Better Auth (defaults to http://localhost:3002)
|
|
29
|
+
*/
|
|
30
|
+
loadEnvironmentFiles();
|
|
31
|
+
const TENANT_ID = process.env.TENANT_ID || "default";
|
|
32
|
+
async function init() {
|
|
33
|
+
console.log("🚀 Initializing database with default organization and user...\n");
|
|
34
|
+
const dbClient = createAgentsRunDatabaseClient();
|
|
35
|
+
const username = process.env.INKEEP_AGENTS_MANAGE_UI_USERNAME;
|
|
36
|
+
const password = process.env.INKEEP_AGENTS_MANAGE_UI_PASSWORD;
|
|
37
|
+
const authSecret = process.env.BETTER_AUTH_SECRET;
|
|
38
|
+
if (!username || !password) {
|
|
39
|
+
console.error("❌ INKEEP_AGENTS_MANAGE_UI_USERNAME and INKEEP_AGENTS_MANAGE_UI_PASSWORD are required");
|
|
40
|
+
console.error(" These credentials are used to create the initial admin user.");
|
|
41
|
+
process.exit(1);
|
|
42
|
+
}
|
|
43
|
+
if (!authSecret) {
|
|
44
|
+
console.error("❌ BETTER_AUTH_SECRET is required");
|
|
45
|
+
console.error(" This secret is used to sign authentication tokens.");
|
|
46
|
+
process.exit(1);
|
|
47
|
+
}
|
|
48
|
+
const auth = createAuth({
|
|
49
|
+
baseURL: process.env.INKEEP_AGENTS_API_URL || "http://localhost:3002",
|
|
50
|
+
secret: authSecret,
|
|
51
|
+
dbClient
|
|
52
|
+
});
|
|
53
|
+
console.log(`📦 Checking/creating organization: ${TENANT_ID}`);
|
|
54
|
+
const { created: orgCreated } = await upsertOrganization(dbClient)({
|
|
55
|
+
organizationId: TENANT_ID,
|
|
56
|
+
name: TENANT_ID,
|
|
57
|
+
slug: TENANT_ID,
|
|
58
|
+
logo: null,
|
|
59
|
+
metadata: null
|
|
60
|
+
});
|
|
61
|
+
if (orgCreated) console.log(` ✅ Organization created with ID: ${TENANT_ID}`);
|
|
62
|
+
else console.log(` ℹ️ Organization already exists: ${TENANT_ID}`);
|
|
63
|
+
console.log(`\n👤 Creating admin user: ${username}`);
|
|
64
|
+
let user = await getUserByEmail(dbClient)(username);
|
|
65
|
+
if (user) console.log(` ℹ️ User already exists: ${username}`);
|
|
66
|
+
else {
|
|
67
|
+
console.log(" Creating user with Better Auth...");
|
|
68
|
+
if (!(await auth.api.signUpEmail({ body: {
|
|
69
|
+
email: username,
|
|
70
|
+
password,
|
|
71
|
+
name: username.split("@")[0]
|
|
72
|
+
} })).user) {
|
|
73
|
+
console.error(" ❌ Failed to create user: signUpEmail returned no user");
|
|
74
|
+
process.exit(1);
|
|
75
|
+
}
|
|
76
|
+
user = await getUserByEmail(dbClient)(username);
|
|
77
|
+
if (!user) {
|
|
78
|
+
console.error(" ❌ User was created but could not be retrieved from database");
|
|
79
|
+
process.exit(1);
|
|
80
|
+
}
|
|
81
|
+
console.log(` ✅ User created: ${user.email}`);
|
|
82
|
+
}
|
|
83
|
+
console.log(`\n🔗 Adding user to organization...`);
|
|
84
|
+
await addUserToOrganization(dbClient)({
|
|
85
|
+
userId: user.id,
|
|
86
|
+
organizationId: TENANT_ID,
|
|
87
|
+
role: OrgRoles.ADMIN
|
|
88
|
+
});
|
|
89
|
+
console.log(` ✅ User ${user.email} added as ${OrgRoles.ADMIN}`);
|
|
90
|
+
try {
|
|
91
|
+
await syncOrgMemberToSpiceDb({
|
|
92
|
+
tenantId: TENANT_ID,
|
|
93
|
+
userId: user.id,
|
|
94
|
+
role: OrgRoles.ADMIN,
|
|
95
|
+
action: "add"
|
|
96
|
+
});
|
|
97
|
+
console.log(" ✅ Synced to SpiceDB");
|
|
98
|
+
} catch {
|
|
99
|
+
console.log(" ℹ️ SpiceDB sync failed");
|
|
100
|
+
}
|
|
101
|
+
console.log("\n================================================");
|
|
102
|
+
console.log("✅ Initialization complete!");
|
|
103
|
+
console.log("================================================");
|
|
104
|
+
console.log(`\nOrganization: ${TENANT_ID}`);
|
|
105
|
+
console.log(`Admin user: ${username} (owner)`);
|
|
106
|
+
console.log("\nYou can now log in with these credentials.\n");
|
|
107
|
+
process.exit(0);
|
|
108
|
+
}
|
|
109
|
+
init().catch((error) => {
|
|
110
|
+
console.error("\n❌ Initialization failed:", error);
|
|
111
|
+
process.exit(1);
|
|
112
|
+
});
|
|
113
|
+
|
|
114
|
+
//#endregion
|
|
115
|
+
export { };
|
|
@@ -5,25 +5,25 @@ import { organizationClient } from "better-auth/client/plugins";
|
|
|
5
5
|
//#region src/auth/permissions.d.ts
|
|
6
6
|
declare const ac: AccessControl;
|
|
7
7
|
declare const memberRole: {
|
|
8
|
-
authorize<K_1 extends "organization" | "
|
|
9
|
-
actions: better_auth_plugins69.Subset<"organization" | "
|
|
8
|
+
authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
|
|
9
|
+
actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
|
|
10
10
|
connector: "OR" | "AND";
|
|
11
11
|
} | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
|
|
12
|
-
statements: better_auth_plugins69.Subset<"organization" | "
|
|
12
|
+
statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
|
|
13
13
|
};
|
|
14
14
|
declare const adminRole: {
|
|
15
|
-
authorize<K_1 extends "organization" | "
|
|
16
|
-
actions: better_auth_plugins69.Subset<"organization" | "
|
|
15
|
+
authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
|
|
16
|
+
actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
|
|
17
17
|
connector: "OR" | "AND";
|
|
18
18
|
} | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
|
|
19
|
-
statements: better_auth_plugins69.Subset<"organization" | "
|
|
19
|
+
statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
|
|
20
20
|
};
|
|
21
21
|
declare const ownerRole: {
|
|
22
|
-
authorize<K_1 extends "organization" | "
|
|
23
|
-
actions: better_auth_plugins69.Subset<"organization" | "
|
|
22
|
+
authorize<K_1 extends "organization" | "member" | "invitation" | "ac" | "project" | "team">(request: K_1 extends infer T extends K ? { [key in T]?: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key] | {
|
|
23
|
+
actions: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>[key];
|
|
24
24
|
connector: "OR" | "AND";
|
|
25
25
|
} | undefined } : never, connector?: "OR" | "AND"): better_auth_plugins69.AuthorizeResponse;
|
|
26
|
-
statements: better_auth_plugins69.Subset<"organization" | "
|
|
26
|
+
statements: better_auth_plugins69.Subset<"organization" | "member" | "invitation" | "ac" | "project" | "team", better_auth_plugins69.Statements>;
|
|
27
27
|
};
|
|
28
28
|
//#endregion
|
|
29
29
|
export { ac, adminRole, memberRole, organizationClient, ownerRole };
|
package/dist/client-exports.d.ts
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { OrgRole, OrgRoles, ProjectRole, ProjectRoles } from "./auth/authz/config.js";
|
|
1
2
|
import { BreakdownComponentDef, CONTEXT_BREAKDOWN_TOTAL_SPAN_ATTRIBUTE, ContextBreakdown, V1_BREAKDOWN_SCHEMA, calculateBreakdownTotal, createEmptyBreakdown, parseContextBreakdownFromSpan } from "./constants/context-breakdown.js";
|
|
2
3
|
import { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AI_OPERATIONS, AI_TOOL_TYPES, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, SPAN_KEYS, SPAN_NAMES, TRANSFER_FROM_SUB_AGENT_ID, TRANSFER_TO_SUB_AGENT_ID, UNKNOWN_VALUE } from "./constants/otel-attributes.js";
|
|
3
4
|
import { AGGREGATE_OPERATORS, DATA_SOURCES, DATA_TYPES, FIELD_TYPES, OPERATORS, ORDER_DIRECTIONS, PANEL_TYPES, QUERY_DEFAULTS, QUERY_EXPRESSIONS, QUERY_FIELD_CONFIGS, QUERY_TYPES, REDUCE_OPERATIONS } from "./constants/signoz-queries.js";
|
|
@@ -7,7 +8,7 @@ import { DEFAULT_NANGO_STORE_ID } from "./credential-stores/default-constants.js
|
|
|
7
8
|
import { detectAuthenticationRequired } from "./utils/auth-detection.js";
|
|
8
9
|
import { validatePropsAsJsonSchema } from "./validation/props-validation.js";
|
|
9
10
|
import "./index.js";
|
|
10
|
-
import { AgentStopWhen, AgentStopWhenSchema, ApiKeyApiUpdateSchema, FullAgentAgentInsertSchema, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, ModelSettings, ModelSettingsSchema, StopWhen, StopWhenSchema, SubAgentStopWhen, SubAgentStopWhenSchema, TriggerApiInsertSchema, TriggerApiSelectSchema, TriggerApiUpdateSchema, TriggerInvocationApiSelectSchema, TriggerInvocationListResponse, TriggerInvocationResponse, TriggerInvocationStatusEnum, TriggerListResponse, TriggerResponse } from "./validation/schemas.js";
|
|
11
|
+
import { AgentStopWhen, AgentStopWhenSchema, ApiKeyApiUpdateSchema, FullAgentAgentInsertSchema, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, ModelSettings, ModelSettingsSchema, ResourceIdSchema, SignatureSource, SignatureVerificationConfig, SignatureVerificationConfigSchema, SignedComponent, StopWhen, StopWhenSchema, SubAgentStopWhen, SubAgentStopWhenSchema, TriggerApiInsertSchema, TriggerApiSelectSchema, TriggerApiUpdateSchema, TriggerInvocationApiSelectSchema, TriggerInvocationListResponse, TriggerInvocationResponse, TriggerInvocationStatusEnum, TriggerListResponse, TriggerResponse, TriggerWithWebhookUrlListResponse, TriggerWithWebhookUrlResponse, TriggerWithWebhookUrlSchema } from "./validation/schemas.js";
|
|
11
12
|
import { z } from "@hono/zod-openapi";
|
|
12
13
|
|
|
13
14
|
//#region src/client-exports.d.ts
|
|
@@ -306,12 +307,8 @@ type InternalAgentDefinition = z.infer<typeof FullAgentAgentInsertSchema>;
|
|
|
306
307
|
type ExternalAgentDefinition = z.infer<typeof ExternalAgentApiInsertSchema>;
|
|
307
308
|
type TenantParams = z.infer<typeof TenantParamsSchema>;
|
|
308
309
|
type ErrorResponse = z.infer<typeof ErrorResponseSchema>;
|
|
309
|
-
declare const MIN_ID_LENGTH = 1;
|
|
310
|
-
declare const MAX_ID_LENGTH = 255;
|
|
311
|
-
declare const URL_SAFE_ID_PATTERN: RegExp;
|
|
312
|
-
declare const resourceIdSchema: z.ZodString;
|
|
313
310
|
declare function generateIdFromName(name: string): string;
|
|
314
311
|
type ToolInsert = ToolApiInsert;
|
|
315
312
|
type AgentAgentInsert = AgentAgentApiInsert;
|
|
316
313
|
//#endregion
|
|
317
|
-
export { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AGGREGATE_OPERATORS, AI_OPERATIONS, AI_TOOL_TYPES, AgentAgentApiInsert, AgentAgentApiInsertSchema, AgentAgentInsert, AgentApiInsert, AgentApiInsertSchema, type AgentStopWhen, AgentStopWhenSchema, ApiKeyApiCreationResponse, ApiKeyApiCreationResponseSchema, ApiKeyApiSelect, ApiKeyApiSelectSchema, ApiKeyApiUpdateResponse, ArtifactComponentApiInsert, ArtifactComponentApiInsertSchema, BreakdownComponentDef, CONTEXT_BREAKDOWN_TOTAL_SPAN_ATTRIBUTE, ContextBreakdown, ContextConfigApiInsert, ContextConfigApiInsertSchema, CredentialReferenceApiInsert, CredentialReferenceApiInsertSchema, CredentialStoreType, DATA_SOURCES, DATA_TYPES, DEFAULT_NANGO_STORE_ID, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, DataComponentApiInsert, DataComponentApiInsertSchema, ErrorResponse, ErrorResponseSchema, ExternalAgentApiInsert, ExternalAgentApiInsertSchema, ExternalAgentDefinition, FIELD_TYPES, FullAgentDefinition, FullAgentDefinitionSchema, FunctionApiInsert, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, IdParamsSchema, InternalAgentDefinition, ListResponseSchema,
|
|
314
|
+
export { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AGGREGATE_OPERATORS, AI_OPERATIONS, AI_TOOL_TYPES, AgentAgentApiInsert, AgentAgentApiInsertSchema, AgentAgentInsert, AgentApiInsert, AgentApiInsertSchema, type AgentStopWhen, AgentStopWhenSchema, ApiKeyApiCreationResponse, ApiKeyApiCreationResponseSchema, ApiKeyApiSelect, ApiKeyApiSelectSchema, ApiKeyApiUpdateResponse, ArtifactComponentApiInsert, ArtifactComponentApiInsertSchema, BreakdownComponentDef, CONTEXT_BREAKDOWN_TOTAL_SPAN_ATTRIBUTE, ContextBreakdown, ContextConfigApiInsert, ContextConfigApiInsertSchema, CredentialReferenceApiInsert, CredentialReferenceApiInsertSchema, CredentialStoreType, DATA_SOURCES, DATA_TYPES, DEFAULT_NANGO_STORE_ID, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, DataComponentApiInsert, DataComponentApiInsertSchema, ErrorResponse, ErrorResponseSchema, ExternalAgentApiInsert, ExternalAgentApiInsertSchema, ExternalAgentDefinition, FIELD_TYPES, FullAgentDefinition, FullAgentDefinitionSchema, FunctionApiInsert, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, IdParamsSchema, InternalAgentDefinition, ListResponseSchema, MCPTransportType, type ModelSettings, ModelSettingsSchema, OPERATORS, ORDER_DIRECTIONS, type OrgRole, OrgRoles, PANEL_TYPES, PaginationSchema, type ProjectRole, ProjectRoles, QUERY_DEFAULTS, QUERY_EXPRESSIONS, QUERY_FIELD_CONFIGS, QUERY_TYPES, REDUCE_OPERATIONS, ResourceIdSchema, SPAN_KEYS, SPAN_NAMES, type SignatureSource, type SignatureVerificationConfig, SignatureVerificationConfigSchema, type SignedComponent, SingleResponseSchema, type StopWhen, StopWhenSchema, type SubAgentStopWhen, SubAgentStopWhenSchema, TRANSFER_FROM_SUB_AGENT_ID, TRANSFER_TO_SUB_AGENT_ID, TenantParams, TenantParamsSchema, TenantProjectIdParamsSchema, TenantProjectParamsSchema, ToolApiInsert, ToolApiInsertSchema, ToolInsert, TriggerApiInsert, TriggerApiInsertSchema, TriggerApiSelect, TriggerApiSelectSchema, TriggerApiUpdate, TriggerApiUpdateSchema, TriggerInvocationApiSelect, TriggerInvocationApiSelectSchema, TriggerInvocationListResponse, TriggerInvocationResponse, TriggerInvocationStatusEnum, TriggerListResponse, TriggerResponse, TriggerWithWebhookUrlListResponse, TriggerWithWebhookUrlResponse, TriggerWithWebhookUrlSchema, UNKNOWN_VALUE, V1_BREAKDOWN_SCHEMA, calculateBreakdownTotal, createEmptyBreakdown, detectAuthenticationRequired, generateIdFromName, parseContextBreakdownFromSpan, validatePropsAsJsonSchema };
|
package/dist/client-exports.js
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
import { schemaValidationDefaults } from "./constants/schema-validation/defaults.js";
|
|
2
2
|
import { CredentialStoreType, MCPTransportType } from "./types/utility.js";
|
|
3
|
-
import { AgentStopWhenSchema, ArtifactComponentApiInsertSchema as ArtifactComponentApiInsertSchema$1, FullAgentAgentInsertSchema, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, ModelSettingsSchema, StopWhenSchema, SubAgentStopWhenSchema, TriggerApiInsertSchema, TriggerApiSelectSchema, TriggerApiUpdateSchema, TriggerInvocationApiSelectSchema, TriggerInvocationListResponse, TriggerInvocationResponse, TriggerInvocationStatusEnum, TriggerListResponse, TriggerResponse } from "./validation/schemas.js";
|
|
4
|
-
import { DEFAULT_NANGO_STORE_ID } from "./credential-stores/default-constants.js";
|
|
5
3
|
import { validatePropsAsJsonSchema } from "./validation/props-validation.js";
|
|
4
|
+
import { AgentStopWhenSchema, ArtifactComponentApiInsertSchema as ArtifactComponentApiInsertSchema$1, FullAgentAgentInsertSchema, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, MAX_ID_LENGTH, ModelSettingsSchema, ResourceIdSchema, SignatureVerificationConfigSchema, StopWhenSchema, SubAgentStopWhenSchema, TriggerApiInsertSchema, TriggerApiSelectSchema, TriggerApiUpdateSchema, TriggerInvocationApiSelectSchema, TriggerInvocationListResponse, TriggerInvocationResponse, TriggerInvocationStatusEnum, TriggerListResponse, TriggerResponse, TriggerWithWebhookUrlListResponse, TriggerWithWebhookUrlResponse, TriggerWithWebhookUrlSchema } from "./validation/schemas.js";
|
|
5
|
+
import { DEFAULT_NANGO_STORE_ID } from "./credential-stores/default-constants.js";
|
|
6
|
+
import { OrgRoles, ProjectRoles } from "./auth/authz/config.js";
|
|
6
7
|
import { CONTEXT_BREAKDOWN_TOTAL_SPAN_ATTRIBUTE, V1_BREAKDOWN_SCHEMA, calculateBreakdownTotal, createEmptyBreakdown, parseContextBreakdownFromSpan } from "./constants/context-breakdown.js";
|
|
7
8
|
import { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AI_OPERATIONS, AI_TOOL_TYPES, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, SPAN_KEYS, SPAN_NAMES, TRANSFER_FROM_SUB_AGENT_ID, TRANSFER_TO_SUB_AGENT_ID, UNKNOWN_VALUE } from "./constants/otel-attributes.js";
|
|
8
9
|
import { AGGREGATE_OPERATORS, DATA_SOURCES, DATA_TYPES, FIELD_TYPES, OPERATORS, ORDER_DIRECTIONS, PANEL_TYPES, QUERY_DEFAULTS, QUERY_EXPRESSIONS, QUERY_FIELD_CONFIGS, QUERY_TYPES, REDUCE_OPERATIONS } from "./constants/signoz-queries.js";
|
|
@@ -159,13 +160,9 @@ const FullAgentDefinitionSchema = AgentAgentApiInsertSchema.extend({
|
|
|
159
160
|
})).optional()
|
|
160
161
|
}).optional()
|
|
161
162
|
});
|
|
162
|
-
const MIN_ID_LENGTH = 1;
|
|
163
|
-
const MAX_ID_LENGTH = 255;
|
|
164
|
-
const URL_SAFE_ID_PATTERN = /^[a-zA-Z0-9\-_.]+$/;
|
|
165
|
-
const resourceIdSchema = z.string().min(MIN_ID_LENGTH).max(MAX_ID_LENGTH).regex(URL_SAFE_ID_PATTERN, { message: "ID must contain only letters, numbers, hyphens, underscores, and dots" });
|
|
166
163
|
function generateIdFromName(name) {
|
|
167
164
|
return name.toLowerCase().replace(/[^a-zA-Z0-9]/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "").slice(0, MAX_ID_LENGTH);
|
|
168
165
|
}
|
|
169
166
|
|
|
170
167
|
//#endregion
|
|
171
|
-
export { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AGGREGATE_OPERATORS, AI_OPERATIONS, AI_TOOL_TYPES, AgentAgentApiInsertSchema, AgentApiInsertSchema, AgentStopWhenSchema, ApiKeyApiCreationResponseSchema, ApiKeyApiSelectSchema, ArtifactComponentApiInsertSchema, CONTEXT_BREAKDOWN_TOTAL_SPAN_ATTRIBUTE, ContextConfigApiInsertSchema, CredentialReferenceApiInsertSchema, CredentialStoreType, DATA_SOURCES, DATA_TYPES, DEFAULT_NANGO_STORE_ID, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, DataComponentApiInsertSchema, ErrorResponseSchema, ExternalAgentApiInsertSchema, FIELD_TYPES, FullAgentDefinitionSchema, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, IdParamsSchema, ListResponseSchema,
|
|
168
|
+
export { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AGGREGATE_OPERATORS, AI_OPERATIONS, AI_TOOL_TYPES, AgentAgentApiInsertSchema, AgentApiInsertSchema, AgentStopWhenSchema, ApiKeyApiCreationResponseSchema, ApiKeyApiSelectSchema, ArtifactComponentApiInsertSchema, CONTEXT_BREAKDOWN_TOTAL_SPAN_ATTRIBUTE, ContextConfigApiInsertSchema, CredentialReferenceApiInsertSchema, CredentialStoreType, DATA_SOURCES, DATA_TYPES, DEFAULT_NANGO_STORE_ID, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, DataComponentApiInsertSchema, ErrorResponseSchema, ExternalAgentApiInsertSchema, FIELD_TYPES, FullAgentDefinitionSchema, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, IdParamsSchema, ListResponseSchema, MCPTransportType, ModelSettingsSchema, OPERATORS, ORDER_DIRECTIONS, OrgRoles, PANEL_TYPES, PaginationSchema, ProjectRoles, QUERY_DEFAULTS, QUERY_EXPRESSIONS, QUERY_FIELD_CONFIGS, QUERY_TYPES, REDUCE_OPERATIONS, ResourceIdSchema, SPAN_KEYS, SPAN_NAMES, SignatureVerificationConfigSchema, SingleResponseSchema, StopWhenSchema, SubAgentStopWhenSchema, TRANSFER_FROM_SUB_AGENT_ID, TRANSFER_TO_SUB_AGENT_ID, TenantParamsSchema, TenantProjectIdParamsSchema, TenantProjectParamsSchema, ToolApiInsertSchema, TriggerApiInsertSchema, TriggerApiSelectSchema, TriggerApiUpdateSchema, TriggerInvocationApiSelectSchema, TriggerInvocationListResponse, TriggerInvocationResponse, TriggerInvocationStatusEnum, TriggerListResponse, TriggerResponse, TriggerWithWebhookUrlListResponse, TriggerWithWebhookUrlResponse, TriggerWithWebhookUrlSchema, UNKNOWN_VALUE, V1_BREAKDOWN_SCHEMA, calculateBreakdownTotal, createEmptyBreakdown, detectAuthenticationRequired, generateIdFromName, parseContextBreakdownFromSpan, validatePropsAsJsonSchema };
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* These define limits and defaults for runtime execution, not schema validation.
|
|
5
5
|
*/
|
|
6
6
|
declare const executionLimitsSharedDefaults: {
|
|
7
|
-
readonly MCP_TOOL_CONNECTION_TIMEOUT_MS:
|
|
7
|
+
readonly MCP_TOOL_CONNECTION_TIMEOUT_MS: 10000;
|
|
8
8
|
readonly MCP_TOOL_MAX_RETRIES: 3;
|
|
9
9
|
readonly MCP_TOOL_MAX_RECONNECTION_DELAY_MS: 30000;
|
|
10
10
|
readonly MCP_TOOL_INITIAL_RECONNECTION_DELAY_MS: 1000;
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* These define limits and defaults for runtime execution, not schema validation.
|
|
5
5
|
*/
|
|
6
6
|
const executionLimitsSharedDefaults = {
|
|
7
|
-
MCP_TOOL_CONNECTION_TIMEOUT_MS:
|
|
7
|
+
MCP_TOOL_CONNECTION_TIMEOUT_MS: 1e4,
|
|
8
8
|
MCP_TOOL_MAX_RETRIES: 3,
|
|
9
9
|
MCP_TOOL_MAX_RECONNECTION_DELAY_MS: 3e4,
|
|
10
10
|
MCP_TOOL_INITIAL_RECONNECTION_DELAY_MS: 1e3,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { executionLimitsSharedDefaults } from "./defaults.js";
|
|
2
2
|
|
|
3
3
|
//#region src/constants/execution-limits-shared/index.d.ts
|
|
4
|
-
declare const MCP_TOOL_CONNECTION_TIMEOUT_MS:
|
|
4
|
+
declare const MCP_TOOL_CONNECTION_TIMEOUT_MS: 10000, MCP_TOOL_MAX_RETRIES: 3, MCP_TOOL_MAX_RECONNECTION_DELAY_MS: 30000, MCP_TOOL_INITIAL_RECONNECTION_DELAY_MS: 1000, MCP_TOOL_RECONNECTION_DELAY_GROWTH_FACTOR: 1.5, CONVERSATION_HISTORY_DEFAULT_LIMIT: 50, CONVERSATION_HISTORY_MAX_OUTPUT_TOKENS_DEFAULT: 8000;
|
|
5
5
|
//#endregion
|
|
6
6
|
export { CONVERSATION_HISTORY_DEFAULT_LIMIT, CONVERSATION_HISTORY_MAX_OUTPUT_TOKENS_DEFAULT, MCP_TOOL_CONNECTION_TIMEOUT_MS, MCP_TOOL_INITIAL_RECONNECTION_DELAY_MS, MCP_TOOL_MAX_RECONNECTION_DELAY_MS, MCP_TOOL_MAX_RETRIES, MCP_TOOL_RECONNECTION_DELAY_GROWTH_FACTOR, executionLimitsSharedDefaults };
|