npm - @lobu/core - Versions diffs - 2.8.0 - Mend

@lobu/core 2.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (137) hide show

package/dist/__tests__/encryption.test.d.ts +2 -0
package/dist/__tests__/encryption.test.d.ts.map +1 -0
package/dist/__tests__/encryption.test.js +88 -0
package/dist/__tests__/encryption.test.js.map +1 -0
package/dist/__tests__/fixtures/factories.d.ts +30 -0
package/dist/__tests__/fixtures/factories.d.ts.map +1 -0
package/dist/__tests__/fixtures/factories.js +53 -0
package/dist/__tests__/fixtures/factories.js.map +1 -0
package/dist/__tests__/fixtures/index.d.ts +5 -0
package/dist/__tests__/fixtures/index.d.ts.map +1 -0
package/dist/__tests__/fixtures/index.js +14 -0
package/dist/__tests__/fixtures/index.js.map +1 -0
package/dist/__tests__/fixtures/mock-fetch.d.ts +13 -0
package/dist/__tests__/fixtures/mock-fetch.d.ts.map +1 -0
package/dist/__tests__/fixtures/mock-fetch.js +29 -0
package/dist/__tests__/fixtures/mock-fetch.js.map +1 -0
package/dist/__tests__/fixtures/mock-queue.d.ts +19 -0
package/dist/__tests__/fixtures/mock-queue.d.ts.map +1 -0
package/dist/__tests__/fixtures/mock-queue.js +45 -0
package/dist/__tests__/fixtures/mock-queue.js.map +1 -0
package/dist/__tests__/fixtures/mock-redis.d.ts +54 -0
package/dist/__tests__/fixtures/mock-redis.d.ts.map +1 -0
package/dist/__tests__/fixtures/mock-redis.js +267 -0
package/dist/__tests__/fixtures/mock-redis.js.map +1 -0
package/dist/__tests__/retry.test.d.ts +2 -0
package/dist/__tests__/retry.test.d.ts.map +1 -0
package/dist/__tests__/retry.test.js +114 -0
package/dist/__tests__/retry.test.js.map +1 -0
package/dist/__tests__/sanitize.test.d.ts +2 -0
package/dist/__tests__/sanitize.test.d.ts.map +1 -0
package/dist/__tests__/sanitize.test.js +129 -0
package/dist/__tests__/sanitize.test.js.map +1 -0
package/dist/agent-policy.d.ts +21 -0
package/dist/agent-policy.d.ts.map +1 -0
package/dist/agent-policy.js +181 -0
package/dist/agent-policy.js.map +1 -0
package/dist/agent-store.d.ts +140 -0
package/dist/agent-store.d.ts.map +1 -0
package/dist/agent-store.js +27 -0
package/dist/agent-store.js.map +1 -0
package/dist/api-types.d.ts +213 -0
package/dist/api-types.d.ts.map +1 -0
package/dist/api-types.js +7 -0
package/dist/api-types.js.map +1 -0
package/dist/command-registry.d.ts +41 -0
package/dist/command-registry.d.ts.map +1 -0
package/dist/command-registry.js +43 -0
package/dist/command-registry.js.map +1 -0
package/dist/constants.d.ts +54 -0
package/dist/constants.d.ts.map +1 -0
package/dist/constants.js +60 -0
package/dist/constants.js.map +1 -0
package/dist/errors.d.ts +97 -0
package/dist/errors.d.ts.map +1 -0
package/dist/errors.js +182 -0
package/dist/errors.js.map +1 -0
package/dist/index.d.ts +31 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +64 -0
package/dist/index.js.map +1 -0
package/dist/integration-types.d.ts +22 -0
package/dist/integration-types.d.ts.map +1 -0
package/dist/integration-types.js +9 -0
package/dist/integration-types.js.map +1 -0
package/dist/logger.d.ts +15 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +223 -0
package/dist/logger.js.map +1 -0
package/dist/modules.d.ts +96 -0
package/dist/modules.d.ts.map +1 -0
package/dist/modules.js +140 -0
package/dist/modules.js.map +1 -0
package/dist/otel.d.ts +107 -0
package/dist/otel.d.ts.map +1 -0
package/dist/otel.js +251 -0
package/dist/otel.js.map +1 -0
package/dist/plugin-types.d.ts +42 -0
package/dist/plugin-types.d.ts.map +1 -0
package/dist/plugin-types.js +8 -0
package/dist/plugin-types.js.map +1 -0
package/dist/provider-config-types.d.ts +53 -0
package/dist/provider-config-types.d.ts.map +1 -0
package/dist/provider-config-types.js +7 -0
package/dist/provider-config-types.js.map +1 -0
package/dist/redis/base-store.d.ts +73 -0
package/dist/redis/base-store.d.ts.map +1 -0
package/dist/redis/base-store.js +174 -0
package/dist/redis/base-store.js.map +1 -0
package/dist/sentry.d.ts +12 -0
package/dist/sentry.d.ts.map +1 -0
package/dist/sentry.js +82 -0
package/dist/sentry.js.map +1 -0
package/dist/trace.d.ts +25 -0
package/dist/trace.d.ts.map +1 -0
package/dist/trace.js +32 -0
package/dist/trace.js.map +1 -0
package/dist/types.d.ts +373 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +6 -0
package/dist/types.js.map +1 -0
package/dist/utils/encryption.d.ts +9 -0
package/dist/utils/encryption.d.ts.map +1 -0
package/dist/utils/encryption.js +107 -0
package/dist/utils/encryption.js.map +1 -0
package/dist/utils/env.d.ts +20 -0
package/dist/utils/env.d.ts.map +1 -0
package/dist/utils/env.js +50 -0
package/dist/utils/env.js.map +1 -0
package/dist/utils/json.d.ts +11 -0
package/dist/utils/json.d.ts.map +1 -0
package/dist/utils/json.js +38 -0
package/dist/utils/json.js.map +1 -0
package/dist/utils/lock.d.ts +34 -0
package/dist/utils/lock.d.ts.map +1 -0
package/dist/utils/lock.js +66 -0
package/dist/utils/lock.js.map +1 -0
package/dist/utils/mcp-tool-instructions.d.ts +6 -0
package/dist/utils/mcp-tool-instructions.d.ts.map +1 -0
package/dist/utils/mcp-tool-instructions.js +3 -0
package/dist/utils/mcp-tool-instructions.js.map +1 -0
package/dist/utils/retry.d.ts +40 -0
package/dist/utils/retry.d.ts.map +1 -0
package/dist/utils/retry.js +67 -0
package/dist/utils/retry.js.map +1 -0
package/dist/utils/sanitize.d.ts +55 -0
package/dist/utils/sanitize.d.ts.map +1 -0
package/dist/utils/sanitize.js +111 -0
package/dist/utils/sanitize.js.map +1 -0
package/dist/worker/auth.d.ts +34 -0
package/dist/worker/auth.d.ts.map +1 -0
package/dist/worker/auth.js +63 -0
package/dist/worker/auth.js.map +1 -0
package/dist/worker/transport.d.ts +86 -0
package/dist/worker/transport.d.ts.map +1 -0
package/dist/worker/transport.js +13 -0
package/dist/worker/transport.js.map +1 -0
package/package.json +40 -0

package/dist/sentry.js ADDED Viewed

@@ -0,0 +1,82 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initSentry = initSentry;
+exports.getSentry = getSentry;
+const logger_1 = require("./logger");
+// Lazy logger initialization to avoid circular dependency
+let _logger = null;
+function getLogger() {
+    if (!_logger) {
+        _logger = (0, logger_1.createLogger)("sentry");
+    }
+    return _logger;
+}
+let sentryInstance = null;
+/**
+ * Initialize Sentry with configuration from environment variables
+ * Falls back to hardcoded DSN if SENTRY_DSN is not provided
+ * Uses dynamic import to avoid module resolution issues in dev mode
+ */
+async function initSentry() {
+    try {
+        const Sentry = await Promise.resolve().then(() => __importStar(require("@sentry/node")));
+        sentryInstance = Sentry;
+        const sentryDsn = process.env.SENTRY_DSN ||
+            "https://c5910e58d1a134d64ff93a95a9c535bb@o4507291398897664.ingest.us.sentry.io/4511097466781696";
+        Sentry.init({
+            dsn: sentryDsn,
+            sendDefaultPii: true,
+            profileSessionSampleRate: 1.0,
+            tracesSampleRate: 1.0, // Capture 100% of traces for better visibility
+            integrations: [
+                Sentry.consoleLoggingIntegration({ levels: ["log", "warn", "error"] }),
+                Sentry.redisIntegration(),
+            ],
+        });
+        getLogger().debug("Sentry monitoring initialized");
+    }
+    catch (error) {
+        getLogger().warn("⚠️ Sentry initialization failed (continuing without monitoring):", error);
+    }
+}
+/**
+ * Get the initialized Sentry instance
+ * @returns Sentry instance or null if not initialized
+ */
+function getSentry() {
+    return sentryInstance;
+}
+//# sourceMappingURL=sentry.js.map

package/dist/sentry.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sentry.js","sourceRoot":"","sources":["../src/sentry.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA,gCA2BC;AAMD,8BAEC;AArDD,qCAAqD;AAErD,0DAA0D;AAC1D,IAAI,OAAO,GAAkB,IAAI,CAAC;AAClC,SAAS,SAAS;IAChB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,IAAA,qBAAY,EAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,IAAI,cAAc,GAAyC,IAAI,CAAC;AAEhE;;;;GAIG;AACI,KAAK,UAAU,UAAU;IAC9B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,wDAAa,cAAc,GAAC,CAAC;QAC5C,cAAc,GAAG,MAAM,CAAC;QAExB,MAAM,SAAS,GACb,OAAO,CAAC,GAAG,CAAC,UAAU;YACtB,iGAAiG,CAAC;QAEpG,MAAM,CAAC,IAAI,CAAC;YACV,GAAG,EAAE,SAAS;YACd,cAAc,EAAE,IAAI;YACpB,wBAAwB,EAAE,GAAG;YAC7B,gBAAgB,EAAE,GAAG,EAAE,+CAA+C;YACtE,YAAY,EAAE;gBACZ,MAAM,CAAC,yBAAyB,CAAC,EAAE,MAAM,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;gBACtE,MAAM,CAAC,gBAAgB,EAAE;aAC1B;SACF,CAAC,CAAC;QAEH,SAAS,EAAE,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,SAAS,EAAE,CAAC,IAAI,CACd,kEAAkE,EAClE,KAAK,CACN,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,SAAS;IACvB,OAAO,cAAc,CAAC;AACxB,CAAC"}

package/dist/trace.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Trace ID utilities for end-to-end message lifecycle observability.
+ * Trace IDs propagate through the entire pipeline:
+ * [WhatsApp Message] -> [Queue] -> [Worker Creation] -> [PVC Setup] -> [Agent Runtime] -> [Response]
+ *
+ * When OpenTelemetry is initialized, spans are sent to Tempo for waterfall visualization.
+ * Use createSpan/createChildSpan from ./otel.ts for actual span creation.
+ */
+/**
+ * Generate a trace ID from a message ID.
+ * Format: tr-{messageId prefix}-{timestamp base36}-{random}
+ * Example: tr-abc12345-lx4k-a3b2
+ */
+export declare function generateTraceId(messageId: string): string;
+/**
+ * Extract trace ID from various payload formats.
+ * Checks both top-level and nested platformMetadata.
+ */
+export declare function extractTraceId(payload: {
+    traceId?: string;
+    platformMetadata?: {
+        traceId?: string;
+    };
+}): string | undefined;
+//# sourceMappingURL=trace.d.ts.map

package/dist/trace.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"trace.d.ts","sourceRoot":"","sources":["../src/trace.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAMzD;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACzC,GAAG,MAAM,GAAG,SAAS,CAErB"}

package/dist/trace.js ADDED Viewed

@@ -0,0 +1,32 @@
+"use strict";
+/**
+ * Trace ID utilities for end-to-end message lifecycle observability.
+ * Trace IDs propagate through the entire pipeline:
+ * [WhatsApp Message] -> [Queue] -> [Worker Creation] -> [PVC Setup] -> [Agent Runtime] -> [Response]
+ *
+ * When OpenTelemetry is initialized, spans are sent to Tempo for waterfall visualization.
+ * Use createSpan/createChildSpan from ./otel.ts for actual span creation.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateTraceId = generateTraceId;
+exports.extractTraceId = extractTraceId;
+/**
+ * Generate a trace ID from a message ID.
+ * Format: tr-{messageId prefix}-{timestamp base36}-{random}
+ * Example: tr-abc12345-lx4k-a3b2
+ */
+function generateTraceId(messageId) {
+    const timestamp = Date.now().toString(36);
+    const random = Math.random().toString(36).substring(2, 6);
+    // Take first 8 chars of messageId, sanitize for safe logging
+    const shortMessageId = messageId.replace(/[^a-zA-Z0-9]/g, "").substring(0, 8);
+    return `tr-${shortMessageId}-${timestamp}-${random}`;
+}
+/**
+ * Extract trace ID from various payload formats.
+ * Checks both top-level and nested platformMetadata.
+ */
+function extractTraceId(payload) {
+    return payload?.traceId || payload?.platformMetadata?.traceId;
+}
+//# sourceMappingURL=trace.js.map

package/dist/trace.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"trace.js","sourceRoot":"","sources":["../src/trace.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAOH,0CAMC;AAMD,wCAKC;AAtBD;;;;GAIG;AACH,SAAgB,eAAe,CAAC,SAAiB;IAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1D,6DAA6D;IAC7D,MAAM,cAAc,GAAG,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9E,OAAO,MAAM,cAAc,IAAI,SAAS,IAAI,MAAM,EAAE,CAAC;AACvD,CAAC;AAED;;;GAGG;AACH,SAAgB,cAAc,CAAC,OAG9B;IACC,OAAO,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,gBAAgB,EAAE,OAAO,CAAC;AAChE,CAAC"}

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,373 @@
+/**
+ * Represents a provider installed for a specific agent.
+ * Stored in AgentSettings.installedProviders as an ordered array (index 0 = primary).
+ */
+export interface InstalledProvider {
+    providerId: string;
+    installedAt: number;
+    config?: {
+        baseUrl?: string;
+        [key: string]: unknown;
+    };
+}
+/**
+ * CLI backend configuration for pi-agent integration.
+ * Providers can ship CLI tools that pi-agent invokes as backends.
+ */
+export interface CliBackendConfig {
+    name: string;
+    command: string;
+    args?: string[];
+    env?: Record<string, string>;
+    modelArg?: string;
+    sessionArg?: string;
+}
+/**
+ * Unified authentication profile for any model provider.
+ * Stored in AgentSettings.authProfiles as an ordered array (index 0 = primary).
+ */
+export interface AuthProfile {
+    id: string;
+    provider: string;
+    model: string;
+    credential: string;
+    label: string;
+    authType: "oauth" | "device-code" | "api-key";
+    metadata?: {
+        email?: string;
+        expiresAt?: number;
+        refreshToken?: string;
+        accountId?: string;
+    };
+    createdAt: number;
+}
+export interface SessionContext {
+    platform: string;
+    channelId: string;
+    userId: string;
+    messageId: string;
+    conversationId?: string;
+    teamId?: string;
+    userDisplayName?: string;
+    workingDirectory?: string;
+    customInstructions?: string;
+    conversationHistory?: ConversationMessage[];
+}
+export interface ConversationMessage {
+    role: "system" | "user" | "assistant";
+    content: string;
+    timestamp: number;
+}
+/**
+ * Per-skill thinking budget level.
+ * Controls how much reasoning the model applies when executing a skill.
+ */
+export type ThinkingLevel = "off" | "low" | "medium" | "high";
+/**
+ * MCP server declared by a skill manifest.
+ */
+export interface SkillMcpServer {
+    id: string;
+    name?: string;
+    url?: string;
+    type?: "sse" | "stdio";
+    command?: string;
+    args?: string[];
+    oauth?: {
+        authUrl: string;
+        tokenUrl: string;
+        clientId: string;
+        clientSecret?: string;
+        scopes?: string[];
+        grantType?: string;
+        responseType?: string;
+    };
+    resource?: string;
+    inputs?: Array<{
+        id: string;
+        label?: string;
+        type?: string;
+    }>;
+    headers?: Record<string, string>;
+}
+/**
+ * Individual skill configuration.
+ * Skills are SKILL.md files from GitHub repos that provide instructions to Claude.
+ */
+export interface SkillConfig {
+    /** Skill repository in owner/repo format (e.g., "anthropics/skills/pdf") */
+    repo: string;
+    /** Skill name derived from SKILL.md frontmatter or folder name */
+    name: string;
+    /** Optional description from SKILL.md frontmatter */
+    description?: string;
+    /** Short always-inlined instruction block for critical rules */
+    instructions?: string;
+    /** Whether this skill is currently enabled */
+    enabled: boolean;
+    /** True for system-defined skills (from system-skills.json). Cannot be removed by users. */
+    system?: boolean;
+    /** Cached SKILL.md content (fetched from GitHub) */
+    content?: string;
+    /** When the content was last fetched (timestamp ms) */
+    contentFetchedAt?: number;
+    /** MCP servers declared by the skill */
+    mcpServers?: SkillMcpServer[];
+    /** System packages declared by the skill (nix) */
+    nixPackages?: string[];
+    /** Network domains the skill needs access to (legacy flat list) */
+    permissions?: string[];
+    /** Network access policy declared by the skill */
+    networkConfig?: {
+        allowedDomains?: string[];
+        deniedDomains?: string[];
+    };
+    /** Tool permission policy declared by the skill */
+    toolPermissions?: {
+        allow?: string[];
+        deny?: string[];
+    };
+    /** AI providers the skill requires */
+    providers?: string[];
+    /** Preferred model for this skill (e.g., "anthropic/claude-opus-4") */
+    modelPreference?: string;
+    /** Thinking level budget for this skill */
+    thinkingLevel?: ThinkingLevel;
+}
+/**
+ * Skills configuration for agent settings.
+ * Contains list of configured skills that can be enabled/disabled.
+ */
+export interface SkillsConfig {
+    /** List of configured skills */
+    skills: SkillConfig[];
+}
+/**
+ * Platform-agnostic history message format.
+ * Used to pass conversation history to workers.
+ */
+export interface HistoryMessage {
+    role: "user" | "assistant";
+    content: string;
+    timestamp: number;
+    /** Display name of the message sender */
+    userName?: string;
+    /** Platform-specific message ID for deduplication */
+    messageId?: string;
+}
+/**
+ * Network configuration for worker sandbox isolation.
+ * Controls which domains the worker can access via HTTP proxy.
+ *
+ * Filtering rules:
+ * - deniedDomains are checked first (take precedence)
+ * - allowedDomains are checked second
+ * - If neither matches, request is denied
+ *
+ * Domain pattern format:
+ * - "example.com" - exact match
+ * - ".example.com" or "*.example.com" - matches subdomains
+ */
+export interface NetworkConfig {
+    /** Domains the worker is allowed to access. Empty array = no network access. */
+    allowedDomains?: string[];
+    /** Domains explicitly blocked (takes precedence over allowedDomains). */
+    deniedDomains?: string[];
+}
+/**
+ * Nix environment configuration for agent workspace.
+ * Allows agents to run with specific Nix packages or flakes.
+ *
+ * Resolution priority:
+ * 1. API-provided flakeUrl (highest)
+ * 2. API-provided packages
+ * 3. flake.nix in git repo
+ * 4. shell.nix in git repo
+ * 5. .nix-packages file in git repo
+ */
+export interface NixConfig {
+    /** Nix flake URL (e.g., "github:user/repo#devShell") */
+    flakeUrl?: string;
+    /** Nixpkgs packages to install (e.g., ["python311", "ffmpeg"]) */
+    packages?: string[];
+}
+/**
+ * Tool permission configuration for agent settings.
+ * Follows Claude Code's permission patterns for consistency.
+ *
+ * Pattern formats (Claude Code compatible):
+ * - "Read" - exact tool match
+ * - "Bash(git:*)" - Bash with command filter (only git commands)
+ * - "Bash(npm:*)" - Bash with npm commands only
+ * - "mcp__servername__*" - all tools from an MCP server
+ * - "*" - wildcard (all tools)
+ *
+ * Filtering rules:
+ * - deniedTools are checked first (take precedence)
+ * - allowedTools are checked second
+ * - If strictMode=true, only allowedTools are permitted
+ * - If strictMode=false, defaults + allowedTools are permitted
+ */
+export interface ToolsConfig {
+    /**
+     * Tools to auto-allow (in addition to defaults unless strictMode=true).
+     * Supports patterns like "Bash(git:*)" or "mcp__github__*".
+     */
+    allowedTools?: string[];
+    /**
+     * Tools to always deny (takes precedence over allowedTools).
+     * Use to block specific tools even if they're in defaults.
+     */
+    deniedTools?: string[];
+    /**
+     * If true, ONLY allowedTools are permitted (ignores defaults).
+     * If false (default), allowedTools are ADDED to default permissions.
+     */
+    strictMode?: boolean;
+}
+/**
+ * MCP server configuration for per-agent MCP servers.
+ * Supports both HTTP/SSE and stdio MCP servers.
+ */
+export interface McpServerConfig {
+    /** For HTTP/SSE MCPs: upstream URL */
+    url?: string;
+    /** Server type: "sse" for HTTP MCPs, "stdio" for command-based */
+    type?: "sse" | "stdio";
+    /** For stdio MCPs: command to execute */
+    command?: string;
+    /** For stdio MCPs: command arguments */
+    args?: string[];
+    /** For stdio MCPs: environment variables */
+    env?: Record<string, string>;
+    /** Additional headers for HTTP MCPs */
+    headers?: Record<string, string>;
+    /** Optional description for the MCP */
+    description?: string;
+}
+/**
+ * Per-agent MCP configuration.
+ * These MCPs are ADDED to global MCPs (not replacing).
+ */
+export interface AgentMcpConfig {
+    /** Additional MCP servers for this agent */
+    mcpServers: Record<string, McpServerConfig>;
+}
+export interface MemoryFlushOptions {
+    enabled?: boolean;
+    softThresholdTokens?: number;
+    systemPrompt?: string;
+    prompt?: string;
+}
+export interface AgentCompactionOptions {
+    memoryFlush?: MemoryFlushOptions;
+}
+/**
+ * Platform-agnostic execution hints passed through gateway → worker.
+ * Flexible types (string | string[]) and index signature allow forward
+ * compatibility for different agent implementations.
+ */
+export interface AgentOptions {
+    runtime?: string;
+    model?: string;
+    maxTokens?: number;
+    temperature?: number;
+    allowedTools?: string | string[];
+    disallowedTools?: string | string[];
+    timeoutMinutes?: number | string;
+    compaction?: AgentCompactionOptions;
+    networkConfig?: Record<string, unknown>;
+    envVars?: Record<string, string>;
+    [key: string]: unknown;
+}
+/**
+ * Platform-agnostic log level type
+ * Maps to common logging levels used across different platforms
+ */
+export type LogLevel = "debug" | "info" | "warn" | "error";
+/**
+ * Context information passed to instruction providers
+ */
+export interface InstructionContext {
+    userId: string;
+    agentId: string;
+    sessionKey: string;
+    workingDirectory: string;
+    availableProjects?: string[];
+    userPrompt?: string;
+}
+/**
+ * Interface for components that contribute custom instructions
+ */
+export interface InstructionProvider {
+    /** Unique identifier for this provider */
+    name: string;
+    /** Priority for ordering (lower = earlier in output) */
+    priority: number;
+    /**
+     * Generate instruction text for this provider
+     * @param context - Context information for instruction generation
+     * @returns Instruction text or empty string if none
+     */
+    getInstructions(context: InstructionContext): Promise<string> | string;
+}
+/**
+ * Shared payload contract for worker → platform thread responses.
+ * Ensures gateway consumers and workers stay type-aligned.
+ */
+export interface ThreadResponsePayload {
+    messageId: string;
+    channelId: string;
+    conversationId: string;
+    userId: string;
+    teamId: string;
+    platform?: string;
+    content?: string;
+    delta?: string;
+    isFullReplacement?: boolean;
+    processedMessageIds?: string[];
+    error?: string;
+    errorCode?: string;
+    timestamp: number;
+    originalMessageId?: string;
+    moduleData?: Record<string, unknown>;
+    botResponseId?: string;
+    ephemeral?: boolean;
+    platformMetadata?: Record<string, unknown>;
+    statusUpdate?: {
+        elapsedSeconds: number;
+        state: string;
+    };
+    execId?: string;
+    execStream?: "stdout" | "stderr";
+    execExitCode?: number;
+}
+/**
+ * Suggested prompt for user
+ */
+export interface SuggestedPrompt {
+    title: string;
+    message: string;
+}
+/**
+ * Skill registry entry (global or per-agent).
+ */
+export interface RegistryEntry {
+    id: string;
+    type: string;
+    apiUrl: string;
+}
+/**
+ * Non-blocking suggestions - agent continues immediately
+ * Used for optional next steps
+ */
+export interface UserSuggestion {
+    id: string;
+    userId: string;
+    conversationId: string;
+    channelId: string;
+    teamId?: string;
+    blocking: false;
+    prompts: SuggestedPrompt[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE;QACP,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAMD;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,GAAG,aAAa,GAAG,SAAS,CAAC;IAC9C,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAE7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAGlB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,WAAW,CAAC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAUD;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,KAAK,CAAC,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,4EAA4E;IAC5E,IAAI,EAAE,MAAM,CAAC;IACb,kEAAkE;IAClE,IAAI,EAAE,MAAM,CAAC;IACb,qDAAqD;IACrD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,8CAA8C;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,4FAA4F;IAC5F,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,oDAAoD;IACpD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,wCAAwC;IACxC,UAAU,CAAC,EAAE,cAAc,EAAE,CAAC;IAC9B,kDAAkD;IAClD,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,kDAAkD;IAClD,aAAa,CAAC,EAAE;QAAE,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IACxE,mDAAmD;IACnD,eAAe,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IACxD,sCAAsC;IACtC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,uEAAuE;IACvE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,2CAA2C;IAC3C,aAAa,CAAC,EAAE,aAAa,CAAC;CAC/B;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,MAAM,EAAE,WAAW,EAAE,CAAC;CACvB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,GAAG,WAAW,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,aAAa;IAC5B,gFAAgF;IAChF,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,yEAAyE;IACzE,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,SAAS;IACxB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAMD;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IAEvB;;;OAGG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,sCAAsC;IACtC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,kEAAkE;IAClE,IAAI,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC;IACvB,yCAAyC;IACzC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,4CAA4C;IAC5C,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,4CAA4C;IAC5C,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;CAC7C;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,sBAAsB;IACrC,WAAW,CAAC,EAAE,kBAAkB,CAAC;CAClC;AAED;;;;GAIG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACpC,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACjC,UAAU,CAAC,EAAE,sBAAsB,CAAC;IAEpC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAM3D;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IAEb,wDAAwD;IACxD,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,eAAe,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;CACxE;AAMD;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,YAAY,CAAC,EAAE;QACb,cAAc,EAAE,MAAM,CAAC;QACvB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IAGF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAMD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,QAAQ,EAAE,KAAK,CAAC;IAEhB,OAAO,EAAE,eAAe,EAAE,CAAC;CAC5B"}

package/dist/types.js ADDED Viewed

@@ -0,0 +1,6 @@
+"use strict";
+// ============================================================================
+// Provider Catalog Types
+// ============================================================================
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E"}

package/dist/utils/encryption.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Encrypt a string using AES-256-GCM
+ */
+export declare function encrypt(text: string): string;
+/**
+ * Decrypt a string encrypted with AES-256-GCM
+ */
+export declare function decrypt(text: string): string;
+//# sourceMappingURL=encryption.d.ts.map

package/dist/utils/encryption.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/utils/encryption.ts"],"names":[],"mappings":"AA6CA;;GAEG;AACH,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAU5C;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAc5C"}

package/dist/utils/encryption.js ADDED Viewed

@@ -0,0 +1,107 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encrypt = encrypt;
+exports.decrypt = decrypt;
+const crypto = __importStar(require("node:crypto"));
+const logger_1 = require("../logger");
+const IV_LENGTH = 12; // 96-bit nonce for AES-GCM
+const logger = (0, logger_1.createLogger)("encryption");
+/**
+ * Get encryption key from environment with validation
+ *
+ * IMPORTANT: The ENCRYPTION_KEY must be exactly 32 bytes (256 bits) for AES-256.
+ * Generate a secure key using: `openssl rand -base64 32` or `openssl rand -hex 32`
+ */
+function getEncryptionKey() {
+    const key = process.env.ENCRYPTION_KEY || "";
+    if (!key) {
+        throw new Error("ENCRYPTION_KEY environment variable is required for secure operation");
+    }
+    // Try to decode as base64 first (most common format)
+    let keyBuffer;
+    try {
+        keyBuffer = Buffer.from(key, "base64");
+        if (keyBuffer.length === 32) {
+            return keyBuffer;
+        }
+    }
+    catch (err) {
+        logger.debug("ENCRYPTION_KEY is not valid base64, trying hex format", err);
+    }
+    // Try as hex (must be exactly 64 hex characters for 32 bytes)
+    if (/^[0-9a-fA-F]{64}$/.test(key)) {
+        keyBuffer = Buffer.from(key, "hex");
+        if (keyBuffer.length === 32) {
+            return keyBuffer;
+        }
+    }
+    throw new Error("ENCRYPTION_KEY must be a base64 or hex encoded 32-byte key. " +
+        "Generate a valid key with: openssl rand -base64 32");
+}
+/**
+ * Encrypt a string using AES-256-GCM
+ */
+function encrypt(text) {
+    const encryptionKey = getEncryptionKey();
+    const iv = crypto.randomBytes(IV_LENGTH);
+    const cipher = crypto.createCipheriv("aes-256-gcm", encryptionKey, iv);
+    const encrypted = Buffer.concat([
+        cipher.update(text, "utf8"),
+        cipher.final(),
+    ]);
+    const tag = cipher.getAuthTag();
+    return `${iv.toString("hex")}:${tag.toString("hex")}:${encrypted.toString("hex")}`;
+}
+/**
+ * Decrypt a string encrypted with AES-256-GCM
+ */
+function decrypt(text) {
+    const encryptionKey = getEncryptionKey();
+    const parts = text.split(":");
+    if (parts.length !== 3)
+        throw new Error("Invalid encrypted format");
+    const iv = Buffer.from(parts[0], "hex");
+    const tag = Buffer.from(parts[1], "hex");
+    const encryptedText = Buffer.from(parts[2], "hex");
+    const decipher = crypto.createDecipheriv("aes-256-gcm", encryptionKey, iv);
+    decipher.setAuthTag(tag);
+    const decrypted = Buffer.concat([
+        decipher.update(encryptedText),
+        decipher.final(),
+    ]);
+    return decrypted.toString("utf8");
+}
+//# sourceMappingURL=encryption.js.map

package/dist/utils/encryption.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../src/utils/encryption.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgDA,0BAUC;AAKD,0BAcC;AA7ED,oDAAsC;AACtC,sCAAyC;AAEzC,MAAM,SAAS,GAAG,EAAE,CAAC,CAAC,2BAA2B;AACjD,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,YAAY,CAAC,CAAC;AAE1C;;;;;GAKG;AACH,SAAS,gBAAgB;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC;IAC7C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CACb,sEAAsE,CACvE,CAAC;IACJ,CAAC;IAED,qDAAqD;IACrD,IAAI,SAAiB,CAAC;IACtB,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACvC,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC5B,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,uDAAuD,EAAE,GAAG,CAAC,CAAC;IAC7E,CAAC;IAED,8DAA8D;IAC9D,IAAI,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAClC,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACpC,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC5B,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CACb,8DAA8D;QAC5D,oDAAoD,CACvD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,OAAO,CAAC,IAAY;IAClC,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;IACzC,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;IACvE,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC;QAC3B,MAAM,CAAC,KAAK,EAAE;KACf,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACrF,CAAC;AAED;;GAEG;AACH,SAAgB,OAAO,CAAC,IAAY;IAClC,MAAM,aAAa,GAAG,gBAAgB,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IACpE,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,KAAK,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,KAAK,CAAC,CAAC;IAC1C,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,KAAK,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;IAC3E,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9B,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC;QAC9B,QAAQ,CAAC,KAAK,EAAE;KACjB,CAAC,CAAC;IACH,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC"}