@llui/agent 0.0.53 → 0.0.55
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/cloudflare/worker.d.ts +1 -0
- package/dist/server/cloudflare/worker.d.ts.map +1 -1
- package/dist/server/cloudflare/worker.js +8 -3
- package/dist/server/cloudflare/worker.js.map +1 -1
- package/dist/server/token.d.ts +3 -2
- package/dist/server/token.d.ts.map +1 -1
- package/dist/server/token.js +4 -3
- package/dist/server/token.js.map +1 -1
- package/package.json +1 -1
|
@@ -44,5 +44,6 @@ export interface MinimalDurableObjectStub {
|
|
|
44
44
|
*/
|
|
45
45
|
export declare function routeToAgentDO(req: Request, namespace: MinimalDurableObjectNamespace, resolveTid: (token: string) => Promise<string | null>, opts?: {
|
|
46
46
|
rootName?: string;
|
|
47
|
+
mcpPath?: string;
|
|
47
48
|
}): Promise<Response>;
|
|
48
49
|
//# sourceMappingURL=worker.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"worker.d.ts","sourceRoot":"","sources":["../../../src/server/cloudflare/worker.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,WAAW,6BAA6B;IAC5C,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,sBAAsB,CAAA;IAChD,GAAG,CAAC,EAAE,EAAE,sBAAsB,GAAG,wBAAwB,CAAA;CAC1D;AACD,MAAM,WAAW,sBAAsB;IAErC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CACvB;AACD,MAAM,WAAW,wBAAwB;IACvC,KAAK,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;CACvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,OAAO,EACZ,SAAS,EAAE,6BAA6B,EACxC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,EACrD,IAAI,GAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAO,
|
|
1
|
+
{"version":3,"file":"worker.d.ts","sourceRoot":"","sources":["../../../src/server/cloudflare/worker.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,WAAW,6BAA6B;IAC5C,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,sBAAsB,CAAA;IAChD,GAAG,CAAC,EAAE,EAAE,sBAAsB,GAAG,wBAAwB,CAAA;CAC1D;AACD,MAAM,WAAW,sBAAsB;IAErC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CACvB;AACD,MAAM,WAAW,wBAAwB;IACvC,KAAK,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;CACvC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,OAAO,EACZ,SAAS,EAAE,6BAA6B,EACxC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,EACrD,IAAI,GAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAO,GACjD,OAAO,CAAC,QAAQ,CAAC,CAiCnB"}
|
|
@@ -28,16 +28,21 @@
|
|
|
28
28
|
*/
|
|
29
29
|
export async function routeToAgentDO(req, namespace, resolveTid, opts = {}) {
|
|
30
30
|
const rootName = opts.rootName ?? '__root';
|
|
31
|
+
const mcpPath = opts.mcpPath ?? '/agent/mcp';
|
|
31
32
|
const url = new URL(req.url);
|
|
32
33
|
const path = url.pathname;
|
|
33
34
|
// Non-LAP / non-WS management endpoints (mint, resume, sessions,
|
|
34
|
-
// revoke) — there's no per-tid routing
|
|
35
|
-
// the shared token store +
|
|
35
|
+
// revoke, mcp) — there's no per-tid routing and no bearer token
|
|
36
|
+
// required; use the root DO which owns the shared token store +
|
|
37
|
+
// identity resolver. MCP auth happens within the protocol via
|
|
38
|
+
// connect_session({token}), so the endpoint itself must be reachable
|
|
39
|
+
// without a pre-existing bearer.
|
|
36
40
|
if (path === '/agent/mint' ||
|
|
37
41
|
path === '/agent/revoke' ||
|
|
38
42
|
path === '/agent/resume/list' ||
|
|
39
43
|
path === '/agent/resume/claim' ||
|
|
40
|
-
path === '/agent/sessions'
|
|
44
|
+
path === '/agent/sessions' ||
|
|
45
|
+
path.startsWith(mcpPath)) {
|
|
41
46
|
const stub = namespace.get(namespace.idFromName(rootName));
|
|
42
47
|
return stub.fetch(req);
|
|
43
48
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"worker.js","sourceRoot":"","sources":["../../../src/server/cloudflare/worker.ts"],"names":[],"mappings":"AAkBA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAY,EACZ,SAAwC,EACxC,UAAqD,EACrD,
|
|
1
|
+
{"version":3,"file":"worker.js","sourceRoot":"","sources":["../../../src/server/cloudflare/worker.ts"],"names":[],"mappings":"AAkBA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAY,EACZ,SAAwC,EACxC,UAAqD,EACrD,OAAgD,EAAE;IAElD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAA;IAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,YAAY,CAAA;IAC5C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAA;IAEzB,iEAAiE;IACjE,gEAAgE;IAChE,gEAAgE;IAChE,8DAA8D;IAC9D,qEAAqE;IACrE,iCAAiC;IACjC,IACE,IAAI,KAAK,aAAa;QACtB,IAAI,KAAK,eAAe;QACxB,IAAI,KAAK,oBAAoB;QAC7B,IAAI,KAAK,qBAAqB;QAC9B,IAAI,KAAK,iBAAiB;QAC1B,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EACxB,CAAC;QACD,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAA;QAC1D,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC;IAED,0DAA0D;IAC1D,MAAM,KAAK,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAA;IAC1C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAEhE,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAA;IACnC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAE9D,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAA;IACrD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;AACxB,CAAC;AAED,SAAS,uBAAuB,CAAC,GAAY;IAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;IAC7C,IAAI,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;IACpE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACvC,OAAO,CAAC,CAAA;AACV,CAAC","sourcesContent":["/**\n * Minimal DurableObjectNamespace surface we need — `idFromName` +\n * `get` returning a `Stub` with `fetch(req)`. Kept structural so we\n * don't depend on `@cloudflare/workers-types` (the user's project has\n * them; we shouldn't duplicate).\n */\nexport interface MinimalDurableObjectNamespace {\n idFromName(name: string): MinimalDurableObjectId\n get(id: MinimalDurableObjectId): MinimalDurableObjectStub\n}\nexport interface MinimalDurableObjectId {\n // Opaque, but DO ids are passed back into `namespace.get()`.\n readonly name?: string\n}\nexport interface MinimalDurableObjectStub {\n fetch(req: Request): Promise<Response>\n}\n\n/**\n * Route an incoming Worker `fetch` request to the Durable Object\n * that owns its `tid`.\n *\n * The token travels in three places depending on the route:\n * - LAP HTTP calls: `Authorization: Bearer <token>` header\n * - Mint / resume HTTP calls: no token (identity resolver runs\n * inside the DO via the LAP router; we route by origin or a\n * special `/agent/mint` path — see below)\n * - WebSocket upgrade: `?token=<token>` in the URL\n *\n * Requests that don't carry a tid (mint, resume-list, sessions) are\n * routed to a \"root\" DO named `__root`, which handles identity /\n * token store operations centrally. LAP and WS calls route to the\n * per-tid DO so the pairing state stays local.\n *\n * This is the recommended entry for Cloudflare Workers deployments;\n * users who need custom routing can write their own and call the\n * underlying primitives directly.\n *\n * As of 0.0.35 the token format is opaque (random, not signed), so we\n * can't recover `tid` from the token alone. The caller passes a\n * `resolveTid` callback — typically `(token) => stub.fetch(...)` to\n * the root DO's token-resolution endpoint — that turns a bearer into\n * its tid via the shared token store. Callers that don't shard by\n * tid can pass `() => Promise.resolve(rootName)` to route everything\n * through the root DO.\n */\nexport async function routeToAgentDO(\n req: Request,\n namespace: MinimalDurableObjectNamespace,\n resolveTid: (token: string) => Promise<string | null>,\n opts: { rootName?: string; mcpPath?: string } = {},\n): Promise<Response> {\n const rootName = opts.rootName ?? '__root'\n const mcpPath = opts.mcpPath ?? '/agent/mcp'\n const url = new URL(req.url)\n const path = url.pathname\n\n // Non-LAP / non-WS management endpoints (mint, resume, sessions,\n // revoke, mcp) — there's no per-tid routing and no bearer token\n // required; use the root DO which owns the shared token store +\n // identity resolver. MCP auth happens within the protocol via\n // connect_session({token}), so the endpoint itself must be reachable\n // without a pre-existing bearer.\n if (\n path === '/agent/mint' ||\n path === '/agent/revoke' ||\n path === '/agent/resume/list' ||\n path === '/agent/resume/claim' ||\n path === '/agent/sessions' ||\n path.startsWith(mcpPath)\n ) {\n const stub = namespace.get(namespace.idFromName(rootName))\n return stub.fetch(req)\n }\n\n // Token-bearing routes (LAP + WS upgrade) — route by tid.\n const token = extractTokenFromRequest(req)\n if (!token) return new Response('Unauthorized', { status: 401 })\n\n const tid = await resolveTid(token)\n if (!tid) return new Response('Unauthorized', { status: 401 })\n\n const stub = namespace.get(namespace.idFromName(tid))\n return stub.fetch(req)\n}\n\nfunction extractTokenFromRequest(req: Request): string | null {\n const auth = req.headers.get('authorization')\n if (auth?.startsWith('Bearer ')) return auth.slice('Bearer '.length)\n const url = new URL(req.url)\n const q = url.searchParams.get('token')\n return q\n}\n"]}
|
package/dist/server/token.d.ts
CHANGED
|
@@ -15,8 +15,9 @@ export type VerifyResult = {
|
|
|
15
15
|
/**
|
|
16
16
|
* Mint an opaque random bearer token + the SHA-256 hash the server
|
|
17
17
|
* stores as a lookup key. Tokens are 32 bytes of CSPRNG entropy (256
|
|
18
|
-
* bits) base64url-encoded with the `
|
|
19
|
-
*
|
|
18
|
+
* bits) base64url-encoded with the `agt_` prefix — total ~48 chars.
|
|
19
|
+
* The prefix is intentionally generic so LLM clients don't mistake the
|
|
20
|
+
* token format for a hint about which MCP tool namespace to use.
|
|
20
21
|
*
|
|
21
22
|
* The token itself never persists; only the hash does. A leaked store
|
|
22
23
|
* therefore does not compromise live tokens, since the bearer secret
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../src/server/token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAKhD;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GACpB;IAAE,IAAI,EAAE,IAAI,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAC3B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,WAAW,GAAG,SAAS,GAAG,SAAS,CAAA;CAAE,CAAA;AAEpE
|
|
1
|
+
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../src/server/token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAKhD;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GACpB;IAAE,IAAI,EAAE,IAAI,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAC3B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,WAAW,GAAG,SAAS,GAAG,SAAS,CAAA;CAAE,CAAA;AAEpE;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,SAAS,IAAI,OAAO,CAAC;IAAE,KAAK,EAAE,UAAU,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAMnF;AAED;;;;;;GAMG;AACH,wBAAsB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAGvE"}
|
package/dist/server/token.js
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
|
-
const PREFIX = '
|
|
1
|
+
const PREFIX = 'agt_';
|
|
2
2
|
const TOKEN_BYTES = 32;
|
|
3
3
|
/**
|
|
4
4
|
* Mint an opaque random bearer token + the SHA-256 hash the server
|
|
5
5
|
* stores as a lookup key. Tokens are 32 bytes of CSPRNG entropy (256
|
|
6
|
-
* bits) base64url-encoded with the `
|
|
7
|
-
*
|
|
6
|
+
* bits) base64url-encoded with the `agt_` prefix — total ~48 chars.
|
|
7
|
+
* The prefix is intentionally generic so LLM clients don't mistake the
|
|
8
|
+
* token format for a hint about which MCP tool namespace to use.
|
|
8
9
|
*
|
|
9
10
|
* The token itself never persists; only the hash does. A leaked store
|
|
10
11
|
* therefore does not compromise live tokens, since the bearer secret
|
package/dist/server/token.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../src/server/token.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,GAAG,
|
|
1
|
+
{"version":3,"file":"token.js","sourceRoot":"","sources":["../../src/server/token.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,GAAG,MAAM,CAAA;AACrB,MAAM,WAAW,GAAG,EAAE,CAAA;AAYtB;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,CAAA;IACzC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;IAC7B,MAAM,KAAK,GAAG,CAAC,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,CAAe,CAAA;IACzD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAA;IACxC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,KAAa;IAC7C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAA;IAC1C,OAAO,SAAS,CAAC,KAAK,CAAC,CAAA;AACzB,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,CAAS;IAChC,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;IACzC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;IACxD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,IAAI,GAAG,CAAC,CAAC,CAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAC9C,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAS,WAAW,CAAC,KAAiB;IACpC,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAA;IAChF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;AAC7E,CAAC","sourcesContent":["import type { AgentToken } from '../protocol.js'\n\nconst PREFIX = 'agt_'\nconst TOKEN_BYTES = 32\n\n/**\n * Result of looking up a presented token. The `expired` reason is\n * returned by the verify path when the token's record exists but its\n * hard-expiry has passed; `unknown` covers both \"no record\" and\n * \"wrong hash\" so a probe-by-hash leak surface is uniform.\n */\nexport type VerifyResult =\n | { kind: 'ok'; tid: string }\n | { kind: 'invalid'; reason: 'malformed' | 'unknown' | 'expired' }\n\n/**\n * Mint an opaque random bearer token + the SHA-256 hash the server\n * stores as a lookup key. Tokens are 32 bytes of CSPRNG entropy (256\n * bits) base64url-encoded with the `agt_` prefix — total ~48 chars.\n * The prefix is intentionally generic so LLM clients don't mistake the\n * token format for a hint about which MCP tool namespace to use.\n *\n * The token itself never persists; only the hash does. A leaked store\n * therefore does not compromise live tokens, since the bearer secret\n * isn't recoverable from the hash. This matches the standard \"session\n * cookie / API key\" pattern.\n *\n * The opaque form is the only token format the server understands as\n * of 0.0.35. The previous HMAC-signed JWT format is gone; clients\n * carrying old tokens will fail with `unknown` on first call and need\n * to remint. See CHANGELOG.\n */\nexport async function mintToken(): Promise<{ token: AgentToken; tokenHash: string }> {\n const bytes = new Uint8Array(TOKEN_BYTES)\n crypto.getRandomValues(bytes)\n const token = (PREFIX + toBase64Url(bytes)) as AgentToken\n const tokenHash = await sha256Hex(token)\n return { token, tokenHash }\n}\n\n/**\n * Compute the SHA-256 hash of a presented bearer token. Returns `null`\n * when the prefix is missing — the verify path uses that to fail-fast\n * on garbage-shaped Authorization headers without a crypto round-trip.\n * Hash is hex-encoded for portability across stores (Postgres `text`,\n * KV string, etc.).\n */\nexport async function tokenHashOf(token: string): Promise<string | null> {\n if (!token.startsWith(PREFIX)) return null\n return sha256Hex(token)\n}\n\nasync function sha256Hex(s: string): Promise<string> {\n const bytes = new TextEncoder().encode(s)\n const buf = await crypto.subtle.digest('SHA-256', bytes)\n const arr = new Uint8Array(buf)\n let out = ''\n for (let i = 0; i < arr.length; i++) {\n out += arr[i]!.toString(16).padStart(2, '0')\n }\n return out\n}\n\nfunction toBase64Url(bytes: Uint8Array): string {\n let bin = ''\n for (let i = 0; i < bytes.byteLength; i++) bin += String.fromCharCode(bytes[i]!)\n return btoa(bin).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n}\n"]}
|