@m1a0rz/agent-identity 0.1.2

package/dist/src/commands/identity-commands.js

@@ -0,0 +1,572 @@
+/**
+ * Unified /identity command: login, status, logout, list-credentials, fetch, set.
+ * UserPool OIDC + credential hosting. Uses shared identity-actions for logic.
+ */
+import { runStatus, runLogin, runLogout, runListCredentials, runListTips, runConfig, runFetch, runSetBinding, runUnsetBinding, } from "../actions/identity-actions.js";
+import { deriveSessionKey, deriveDeliveryTargetFromContext, } from "../utils/derive-session-key.js";
+import { diagnoseRisk } from "../risk/diagnose-risk.js";
+import { getRiskPatterns } from "../risk/classify-risk.js";
+import * as toolApprovalStore from "../store/tool-approval-store.js";
+const HELP_TEXT = `**/identity** – UserPool login, TIP token, credentials, and risk approval
+
+Subcommands:
+• \`whoami\` – Identity brief: sub, login time, TIP expiry
+• \`status\` – Full status: session/TIP details (issued, expires, chain), credentials, bindings
+• \`login\` – Log in via OIDC (returns auth URL if not logged in)
+• \`logout\` – Clear session and TIP
+• \`list-credentials\` or \`list [page]\` – List providers and credentials (paginated; shows bound env)
+• \`list-tips\` – List all valid TIP tokens with delegation chain and bindings
+• \`config\` – Show identity plugin configuration (redacted)
+• \`fetch <provider> [--flow=oauth2-user|oauth2-m2m|apikey] [--redirectUrl=<url>] [--scopes=a,b]\` – Add credential
+• \`set <provider> <envVar>\` – Bind credential to env var for tool injection
+• \`unset <provider>\` – Remove credential env binding
+• \`risk <command>\` – Diagnose risk for a shell command (e.g. exec)
+• \`risk-patterns\` – List built-in dangerous commands and sensitive paths
+• \`approve <approval_id>\` – Approve a pending high-risk tool call
+• \`reject <approval_id>\` – Reject a pending high-risk tool call
+
+Fetch: flow auto-inferred from control-plane provider type; override with \`--flow=oauth2-user|oauth2-m2m|apikey\`.
+
+Examples:
+\`/identity\` – show this help
+\`/identity whoami\` – brief identity
+\`/identity status\` – full status with TIP details
+\`/identity login\`
+\`/identity fetch google\`
+\`/identity fetch openai --flow=apikey\`
+\`/identity list 2\` – load more (page 2)
+\`/identity risk "rm -rf /"\` – check if command would require approval
+\`/identity risk-patterns\` – list risky patterns
+\`/identity approve abc123\` – approve pending tool call
+\`/identity reject abc123\` – reject pending tool call
+\`/identity set google GOOGLE_ACCESS_TOKEN\`
+\`/identity unset google\``;
+function formatTtl(ms) {
+    const s = Math.floor(ms / 1000);
+    if (s >= 3600)
+        return `${Math.floor(s / 3600)}h${Math.floor((s % 3600) / 60)}m`;
+    if (s >= 60)
+        return `${Math.floor(s / 60)}m${s % 60}s`;
+    return `${s}s`;
+}
+/** Wrap URL as markdown link so Feishu and other platforms render it as clickable. */
+function asMarkdownLink(url, label) {
+    return `[${label}](${url})`;
+}
+function formatAgo(ms) {
+    const s = Math.floor(ms / 1000);
+    if (s >= 3600)
+        return `${Math.floor(s / 3600)}h${Math.floor((s % 3600) / 60)}m`;
+    if (s >= 60)
+        return `${Math.floor(s / 60)}m`;
+    return `${s}s`;
+}
+function formatTimestamp(ms) {
+    const d = new Date(ms);
+    return d.toISOString().replace("T", " ").slice(0, 19);
+}
+function parseSubcommand(args) {
+    const raw = (args ?? "").trim();
+    const space = raw.indexOf(" ");
+    if (space === -1)
+        return { sub: raw.toLowerCase(), rest: "" };
+    return {
+        sub: raw.slice(0, space).toLowerCase(),
+        rest: raw.slice(space + 1).trim(),
+    };
+}
+/** Parse list args: optional page. E.g. "list", "list 2", "list --page 2". */
+function parseListArgs(rest) {
+    const parts = rest.split(/\s+/).filter(Boolean);
+    const flags = {};
+    const positional = [];
+    for (const p of parts) {
+        if (p.startsWith("--")) {
+            const eq = p.indexOf("=");
+            if (eq > 2)
+                flags[p.slice(2, eq)] = p.slice(eq + 1);
+        }
+        else if (/^\d+$/.test(p)) {
+            positional.push(parseInt(p, 10));
+        }
+    }
+    const page = flags.page ? parseInt(flags.page, 10) : positional[0];
+    return { page: Number.isFinite(page) && page >= 1 ? page : 1 };
+}
+/** Parse fetch args: provider and flags (--flow, --redirectUrl, --scopes). flow can be omitted to auto-infer from provider. */
+function parseFetchArgs(rest) {
+    const parts = rest.split(/\s+/).filter(Boolean);
+    const positional = [];
+    const flags = {};
+    for (const p of parts) {
+        if (p.startsWith("--")) {
+            const eq = p.indexOf("=");
+            if (eq > 2) {
+                flags[p.slice(2, eq)] = p.slice(eq + 1);
+            }
+        }
+        else {
+            positional.push(p);
+        }
+    }
+    const provider = positional[0]?.trim();
+    if (!provider) {
+        return {
+            error: "Usage: `/identity fetch <provider> [--flow=oauth2-user|oauth2-m2m|apikey] [--redirectUrl=<url>] [--scopes=a,b,c]`",
+        };
+    }
+    const flowRaw = flags.flow;
+    const flow = flowRaw === "oauth2-m2m"
+        ? "oauth2-m2m"
+        : flowRaw === "apikey"
+            ? "apikey"
+            : flowRaw === "oauth2-user"
+                ? "oauth2-user"
+                : undefined;
+    const redirectUrl = flags.redirectUrl?.trim() || undefined;
+    const scopes = flags.scopes
+        ? flags.scopes
+            .split(",")
+            .map((s) => s.trim())
+            .filter(Boolean)
+        : undefined;
+    return {
+        provider,
+        flow: flow ?? "oauth2-user",
+        flowExplicit: flowRaw != null,
+        redirectUrl: redirectUrl || undefined,
+        scopes,
+    };
+}
+function createIdentityHandler(deps) {
+    const { logger } = deps;
+    return async (ctx) => {
+        const { sub, rest } = parseSubcommand(ctx.args);
+        logger?.debug?.(`[identity] sub=${sub} rest=${rest.slice(0, 40)}...`);
+        const sessionKey = deriveSessionKey({
+            channel: ctx.channel,
+            senderId: ctx.senderId,
+            from: ctx.from,
+            to: ctx.to,
+            accountId: ctx.accountId,
+            config: ctx.config,
+        });
+        const needsSession = [
+            "login",
+            "logout",
+            "status",
+            "whoami",
+            "fetch",
+            "list-credentials",
+            "list",
+            "set",
+            "unset",
+            "approve",
+            "reject",
+        ].includes(sub);
+        if (needsSession && !sessionKey) {
+            return {
+                text: "⚠️ /identity requires session context (channel + sender). Use it from an active chat.",
+            };
+        }
+        switch (sub) {
+            case "help":
+            case "":
+                return { text: HELP_TEXT };
+            case "whoami":
+                return handleWhoami(ctx, deps, sessionKey);
+            case "login":
+                return handleLogin(ctx, deps, sessionKey);
+            case "status":
+                return handleStatus(ctx, deps, sessionKey);
+            case "logout":
+                return handleLogout(deps, sessionKey);
+            case "list-credentials":
+            case "list":
+                return handleListCredentials(deps, sessionKey, rest);
+            case "fetch":
+                return handleFetch(ctx, deps, sessionKey, rest);
+            case "set":
+                return handleSet(deps, sessionKey, rest);
+            case "unset":
+                return handleUnset(deps, sessionKey, rest);
+            case "list-tips":
+            case "tips":
+                return handleListTips(deps);
+            case "config":
+                return handleConfig(deps);
+            case "risk":
+                return handleRisk(deps, rest);
+            case "risk-patterns":
+                return handleRiskPatterns();
+            case "approve":
+                return handleApprove(deps, sessionKey, rest);
+            case "reject":
+                return handleReject(deps, sessionKey, rest);
+            default:
+                return {
+                    text: `Unknown subcommand: \`${sub}\`. Use \`/identity help\` for usage.`,
+                };
+        }
+    };
+}
+async function handleWhoami(ctx, deps, sessionKey) {
+    const result = await runStatus(deps, sessionKey, ctx.config);
+    if (!result.loggedIn) {
+        return { text: "⚠ Not logged in. Run \`/identity login\`." };
+    }
+    const lines = [
+        `✓ Logged in as \`${result.sub}\``,
+        result.sessionLoginAt != null ? `Login: ${formatTimestamp(result.sessionLoginAt)}` : "",
+        result.hasTip
+            ? result.tipExpiresAt != null
+                ? `TIP: valid · expires ${formatTtl(result.tipExpiresAt - Date.now())}`
+                : "TIP: valid"
+            : "TIP: not refreshed (run \`/identity login\`)",
+    ];
+    return { text: lines.filter(Boolean).join("\n") };
+}
+async function handleLogin(ctx, deps, sessionKey) {
+    const deliveryTarget = deriveDeliveryTargetFromContext(ctx);
+    const result = await runLogin(deps, sessionKey, {
+        config: ctx.config,
+        deliveryTarget,
+    });
+    if (result.kind === "already_logged_in") {
+        return { text: `✓ Already logged in as ${result.sub}. TIP refreshed.` };
+    }
+    if (result.kind === "auth_url") {
+        return {
+            text: `Open this URL to log in:\n\n${asMarkdownLink(result.authUrl, "Click to log in")}\n\nAfter authorization, you can close the page. A success message will be sent to this chat.`,
+        };
+    }
+    return { text: `⚠️ OIDC login failed: ${result.message}` };
+}
+async function handleStatus(ctx, deps, sessionKey) {
+    const result = await runStatus(deps, sessionKey, ctx.config);
+    const lines = [];
+    const now = Date.now();
+    if (result.loggedIn) {
+        lines.push(`✓ Logged in as \`${result.sub}\``);
+        lines.push("");
+        lines.push("**Session**");
+        if (result.sessionLoginAt != null) {
+            lines.push(`• Login: ${formatTimestamp(result.sessionLoginAt)}`);
+        }
+        if (result.sessionExpiresAt != null) {
+            const diff = result.sessionExpiresAt - now;
+            lines.push(diff > 0
+                ? `• Expires: ${formatTimestamp(result.sessionExpiresAt)} (in ${formatTtl(diff)})`
+                : `• Expired: ${formatTimestamp(result.sessionExpiresAt)}`);
+        }
+        lines.push("");
+        lines.push("**TIP Token**");
+        if (result.hasTip) {
+            if (result.tipIssuedAt != null) {
+                lines.push(`• Issued: ${formatTimestamp(result.tipIssuedAt)}`);
+            }
+            if (result.tipExpiresAt != null) {
+                const diff = result.tipExpiresAt - now;
+                lines.push(diff > 0
+                    ? `• Expires: ${formatTimestamp(result.tipExpiresAt)} (in ${formatTtl(diff)})`
+                    : `• Expired: ${formatTimestamp(result.tipExpiresAt)}`);
+            }
+            if (result.tipChain && result.tipChain.length > 0) {
+                lines.push(`• Chain: ${result.tipChain.join(" → ")}`);
+            }
+        }
+        else {
+            lines.push("• Status: ⚠ not refreshed (run \`/identity login\`)");
+        }
+    }
+    else {
+        lines.push("⚠ Not logged in. Run \`/identity login\`.");
+    }
+    const providers = Object.keys(result.credentials);
+    if (providers.length > 0) {
+        lines.push("");
+        lines.push("**Credentials:**");
+        for (const p of providers) {
+            const c = result.credentials[p];
+            const bind = result.bindings[p] ? ` → \`${result.bindings[p]}\`` : "";
+            if (c.type === "oauth2") {
+                const exp = c.expiresAt != null
+                    ? c.expiresAt < now
+                        ? `expired ${formatAgo(now - c.expiresAt)} ago`
+                        : `expires in ${formatTtl(c.expiresAt - now)}`
+                    : "";
+                const refresh = c.refreshToken ? ", has refresh" : "";
+                const scopes = c.scopes?.length ? ` [${c.scopes.join(", ")}]` : "";
+                lines.push(`• **${p}** (oauth2): ${c.status}${exp}${refresh}${scopes}${bind}`);
+            }
+            else if (c.type === "api_key") {
+                const src = c.valueFromEnv ? `from \`${c.valueFromEnv}\`` : c.value ? "stored" : "empty";
+                lines.push(`• **${p}** (api_key): key=\`${c.key}\`, ${src}${bind}`);
+            }
+            else {
+                lines.push(`• **${p}**: ?${bind}`);
+            }
+        }
+    }
+    return { text: lines.join("\n") || "No status." };
+}
+async function handleLogout(deps, sessionKey) {
+    await runLogout(deps, sessionKey);
+    return { text: "✓ Logged out." };
+}
+async function handleListCredentials(deps, sessionKey, rest) {
+    const { page } = parseListArgs(rest);
+    const result = await runListCredentials(deps, sessionKey, page);
+    const lines = [];
+    if (result.providers.length > 0) {
+        lines.push(`**Available (page ${result.page}):**`);
+        for (const p of result.providers) {
+            const bind = p.binding ? ` → \`${p.binding}\`` : "";
+            lines.push(`• **${p.name}** (${p.type}): ${p.status}${bind}`);
+        }
+    }
+    if (result.storedOnly.length > 0) {
+        if (lines.length)
+            lines.push("");
+        lines.push("**Your credentials:**");
+        for (const item of result.storedOnly) {
+            const bind = item.binding ? ` → \`${item.binding}\`` : "";
+            lines.push(`• **${item.name}**: ${item.status}${bind}`);
+        }
+    }
+    if (lines.length === 0) {
+        return {
+            text: "No providers. Configure credential providers in the control plane, or use `/identity fetch <provider>` to add.",
+        };
+    }
+    const footer = [];
+    footer.push("Use `/identity set <provider> <envVar>` to bind.");
+    if (result.hasMore) {
+        footer.push(`\`/identity list ${result.page + 1}\` to load more.`);
+    }
+    return {
+        text: `${lines.join("\n")}\n\n${footer.join(" ")}`,
+    };
+}
+async function handleFetch(ctx, deps, sessionKey, rest) {
+    const parsed = parseFetchArgs(rest);
+    if ("error" in parsed) {
+        return { text: parsed.error };
+    }
+    const { provider, flow, flowExplicit, redirectUrl, scopes } = parsed;
+    const deliveryTarget = deriveDeliveryTargetFromContext(ctx);
+    const result = await runFetch(deps, sessionKey, {
+        provider,
+        flow,
+        flowExplicit,
+        redirectUrl,
+        scopes,
+        deliveryTarget,
+        config: ctx.config,
+    });
+    if (result.kind === "success")
+        return { text: result.message };
+    if (result.kind === "auth_url") {
+        return {
+            text: `Open this URL to authorize \`${provider}\`:\n\n${asMarkdownLink(result.authUrl, "Click to authorize")}\n\nAfter authorization, a success message will be sent here.`,
+        };
+    }
+    return { text: `⚠️ ${result.message}` };
+}
+async function handleSet(deps, sessionKey, rest) {
+    const parts = rest.split(/\s+/).filter(Boolean);
+    if (parts.length < 2) {
+        return {
+            text: "Usage: `/identity set <provider> <envVar>`\nExample: `/identity set google GOOGLE_ACCESS_TOKEN`\n\n• If credential exists: binds it for injection as env var when tools run.\n• If not: imports from process.env[envVar] as api_key (gateway must have that env set).",
+        };
+    }
+    const provider = parts[0];
+    const envVar = parts[1];
+    const result = await runSetBinding(deps, sessionKey, { provider, envVar });
+    if (result.ok)
+        return { text: result.message ?? "✓ Bound." };
+    return { text: `⚠️ ${result.error}` };
+}
+async function handleConfig(deps) {
+    const result = await runConfig(deps);
+    if (Object.keys(result).length === 0) {
+        return { text: "No identity plugin config loaded." };
+    }
+    const lines = ["**Identity plugin config:**"];
+    const id = result.identity;
+    if (id && Object.keys(id).length > 0) {
+        lines.push("");
+        lines.push("**identity:**");
+        for (const [k, v] of Object.entries(id)) {
+            if (v != null)
+                lines.push(`• ${k}: \`${v}\``);
+        }
+    }
+    else {
+        lines.push("");
+        lines.push("**identity:** not configured");
+    }
+    const up = result.userpool;
+    if (up && Object.keys(up).length > 0) {
+        lines.push("");
+        lines.push("**userpool:**");
+        for (const [k, v] of Object.entries(up)) {
+            if (v != null)
+                lines.push(`• ${k}: \`${v}\``);
+        }
+    }
+    else {
+        lines.push("");
+        lines.push("**userpool:** not configured");
+    }
+    const authz = result.authz;
+    if (authz && Object.keys(authz).length > 0) {
+        lines.push("");
+        lines.push("**authz:**");
+        for (const [k, v] of Object.entries(authz)) {
+            if (v != null)
+                lines.push(`• ${k}: ${v}`);
+        }
+    }
+    return { text: lines.join("\n") };
+}
+async function handleRisk(deps, rest) {
+    const command = rest.trim();
+    if (!command) {
+        return {
+            text: "Usage: `/identity risk <command>`\nExample: `/identity risk \"rm -rf /\"`\n\nDiagnoses risk for a shell command (as if run via exec). Use tools for tool-level checks.",
+        };
+    }
+    const llmConfig = deps.pluginConfig?.authz?.enableLlmRiskCheck && deps.pluginConfig?.authz?.llmRiskCheck
+        ? deps.pluginConfig.authz.llmRiskCheck
+        : undefined;
+    const result = await diagnoseRisk("exec", { command }, llmConfig, deps.logger);
+    const riskEmoji = result.risk === "high" ? "🔴" : result.risk === "medium" ? "🟡" : "🟢";
+    const lines = [
+        `**Risk diagnosis** (${result.source}): ${riskEmoji} **${result.risk}**`,
+        `Command: \`${command.slice(0, 120)}${command.length > 120 ? "…" : ""}\``,
+    ];
+    if (result.reason)
+        lines.push(`Reason: ${result.reason}`);
+    return { text: lines.join("\n") };
+}
+async function handleApprove(deps, sessionKey, rest) {
+    const approvalId = rest.trim();
+    if (!approvalId) {
+        return {
+            text: "Usage: `/identity approve <approval_id>`\nExample: `/identity approve abc123`\n\nUse the approval_id from the pending tool message. Must run from the same chat that triggered the approval request.",
+        };
+    }
+    const approvalTtlMs = (deps.pluginConfig?.authz?.approvalTtlSeconds ?? 300) * 1000;
+    const ok = toolApprovalStore.approve(approvalId, approvalTtlMs, sessionKey);
+    if (ok)
+        return { text: "✓ Tool call approved. You can retry the action now." };
+    return {
+        text: "⚠ Approval not found or expired. Run from the same chat that requested approval, or the request may have timed out.",
+    };
+}
+async function handleReject(deps, sessionKey, rest) {
+    const approvalId = rest.trim();
+    if (!approvalId) {
+        return {
+            text: "Usage: `/identity reject <approval_id>`\nExample: `/identity reject abc123`\n\nMust run from the same chat that triggered the approval request.",
+        };
+    }
+    const ok = toolApprovalStore.reject(approvalId, sessionKey);
+    if (ok)
+        return { text: "✓ Tool call rejected." };
+    return { text: "⚠ Approval not found or already expired. Run from the same chat that requested approval." };
+}
+async function handleRiskPatterns() {
+    const { commandPatterns, sensitivePaths } = getRiskPatterns();
+    const lines = [
+        "**Built-in risk patterns** (exec/process):",
+        "",
+        ...commandPatterns.map((p) => `• \`${p.example}\` – ${p.reason}`),
+        "",
+        "**Sensitive paths** (write/edit/apply_patch):",
+        "",
+        ...sensitivePaths.map((p) => `• \`${p}\``),
+        "",
+        "Commands or writes matching these require approval when authz is enabled.",
+    ];
+    return { text: lines.join("\n") };
+}
+async function handleUnset(deps, sessionKey, rest) {
+    const provider = rest.split(/\s+/)[0]?.trim();
+    if (!provider) {
+        return {
+            text: "Usage: `/identity unset <provider>`\nExample: `/identity unset google`",
+        };
+    }
+    const result = await runUnsetBinding(deps, sessionKey, { provider });
+    if (result.ok)
+        return { text: result.message ?? "✓ Unset." };
+    return { text: result.error ?? "No binding found." };
+}
+function formatBindings(bindings) {
+    if (Object.keys(bindings).length === 0)
+        return "None.";
+    return Object.entries(bindings)
+        .map(([p, v]) => `• ${p} → \`${v}\``)
+        .join("\n");
+}
+async function handleListTips(deps) {
+    const result = await runListTips(deps);
+    const { bindingsBySession } = result;
+    if (result.tips.length === 0) {
+        return {
+            text: "No valid TIP tokens. Run `/identity login` to acquire one.",
+        };
+    }
+    const lines = ["**Valid TIP tokens:**"];
+    for (const v of result.tips) {
+        const shortKey = v.sessionKey.length > 40 ? v.sessionKey.slice(0, 36) + "…" : v.sessionKey;
+        const chainStr = v.chain.length > 0 ? ` (${v.chain.join(" → ")})` : "";
+        const expiresIn = v.ttlSec >= 3600
+            ? `${Math.floor(v.ttlSec / 3600)}h${Math.floor((v.ttlSec % 3600) / 60)}m`
+            : `${v.ttlSec}s`;
+        lines.push(`• \`${shortKey}\` | sub: \`${v.sub}\`${chainStr} | expires in ${expiresIn}`);
+    }
+    lines.push("");
+    lines.push("**Env bindings (per session):**");
+    const allSessionKeys = new Set([
+        ...result.tips.map((t) => t.sessionKey),
+        ...Object.keys(bindingsBySession),
+    ]);
+    if (allSessionKeys.size === 0) {
+        lines.push("None.");
+    }
+    else {
+        for (const sk of [...allSessionKeys].sort()) {
+            const b = bindingsBySession[sk] ?? {};
+            if (Object.keys(b).length === 0)
+                continue;
+            const shortKey = sk.length > 40 ? sk.slice(0, 36) + "…" : sk;
+            lines.push(`\`${shortKey}\`:`);
+            lines.push(formatBindings(b));
+        }
+    }
+    return { text: lines.join("\n") };
+}
+export function createIdentityCommand(deps) {
+    const handler = createIdentityHandler(deps);
+    return {
+        name: "identity",
+        description: "UserPool login, TIP token, credentials (list/fetch/set), risk check",
+        acceptsArgs: true,
+        requireAuth: true,
+        handler,
+    };
+}
+/** Alias command /id same as /identity */
+export function createIdCommand(deps) {
+    const handler = createIdentityHandler(deps);
+    return {
+        name: "id",
+        description: "Alias for /identity (login, status, credentials, risk check)",
+        acceptsArgs: true,
+        requireAuth: true,
+        handler,
+    };
+}

package/dist/src/hooks/after-tool-call.d.ts

@@ -0,0 +1,22 @@
+/**
+ * after_tool_call hook: propagate TIP token to child session on sessions_spawn.
+ * When parent spawns a sub-agent, inherit TIP with extended chain-of-custody.
+ */
+export type AfterToolCallDeps = {
+    storeDir: string;
+    logger: {
+        info?: (msg: string) => void;
+    };
+};
+export declare function createAfterToolCallHandler(deps: AfterToolCallDeps): (event: {
+    toolName: string;
+    params: Record<string, unknown>;
+    result?: unknown;
+    error?: string;
+    durationMs?: number;
+}, ctx: {
+    agentId?: string;
+    sessionKey?: string;
+    toolName: string;
+}) => Promise<void>;
+//# sourceMappingURL=after-tool-call.d.ts.map

package/dist/src/hooks/after-tool-call.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"after-tool-call.d.ts","sourceRoot":"","sources":["../../../src/hooks/after-tool-call.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CAC1C,CAAC;AAEF,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,iBAAiB,IAI9D,OAAO;IACL,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,EACD,KAAK;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,KAC/D,OAAO,CAAC,IAAI,CAAC,CA4BjB"}

package/dist/src/hooks/after-tool-call.js

@@ -0,0 +1,35 @@
+/**
+ * after_tool_call hook: propagate TIP token to child session on sessions_spawn.
+ * When parent spawns a sub-agent, inherit TIP with extended chain-of-custody.
+ */
+import { getTIPToken, setTIPToken } from "../store/tip-store.js";
+export function createAfterToolCallHandler(deps) {
+    const { storeDir, logger } = deps;
+    return async (event, ctx) => {
+        if (event.toolName !== "sessions_spawn")
+            return;
+        const result = event.result;
+        const childSessionKey = result?.childSessionKey;
+        if (!childSessionKey || typeof childSessionKey !== "string")
+            return;
+        const parentSessionKey = ctx.sessionKey;
+        if (!parentSessionKey)
+            return;
+        try {
+            const parentTIP = await getTIPToken(storeDir, parentSessionKey);
+            if (!parentTIP)
+                return;
+            const childTIP = {
+                ...parentTIP,
+                chain: [...(parentTIP.chain ?? []), ctx.agentId ?? "unknown"],
+                parentSessionKey,
+                issuedAt: Date.now(),
+            };
+            await setTIPToken(storeDir, childSessionKey, childTIP);
+            logger.info?.(`agent-identity: TIP propagated to child ${childSessionKey.slice(0, 32)}...`);
+        }
+        catch (err) {
+            logger.info?.(`agent-identity: failed to propagate TIP to child: ${String(err)}`);
+        }
+    };
+}

package/dist/src/hooks/before-agent-start.d.ts

@@ -0,0 +1,30 @@
+/**
+ * before_agent_start hook: fetch TIP token and inject credentials into process.env.
+ * 1. Inject credentials into process.env per credential-env-bindings (per-session)
+ * 2. Look up userToken from session store by sessionKey
+ * 3. Call CIS GetWorkloadAccessTokenForJWT
+ * 4. On "token has expired", refresh userToken via refresh_token grant and retry
+ * 5. Store TIP token in tip-store for use by before_tool_call (AuthZ) and downstream
+ */
+import type { IdentityService } from "../services/identity-service.js";
+import type { OIDCConfigForRefresh } from "../services/session-refresh.js";
+export type BeforeAgentStartDeps = {
+    storeDir: string;
+    identityService: IdentityService;
+    /** When set, used to refresh userToken on expiry before retrying TIP fetch. */
+    getOidcConfigForRefresh?: () => Promise<OIDCConfigForRefresh>;
+    logger: {
+        info?: (msg: string) => void;
+        warn?: (msg: string) => void;
+    };
+};
+export declare function createBeforeAgentStartHandler(deps: BeforeAgentStartDeps): (_event: {
+    prompt: string;
+    messages?: unknown[];
+}, ctx: {
+    agentId?: string;
+    sessionKey?: string;
+}) => Promise<{
+    prependContext?: string;
+} | void>;
+//# sourceMappingURL=before-agent-start.d.ts.map

package/dist/src/hooks/before-agent-start.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-agent-start.d.ts","sourceRoot":"","sources":["../../../src/hooks/before-agent-start.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAQ3E,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,eAAe,CAAC;IACjC,+EAA+E;IAC/E,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC9D,MAAM,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CACxE,CAAC;AAOF,wBAAgB,6BAA6B,CAAC,IAAI,EAAE,oBAAoB,IAIpE,QAAQ;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAA;CAAE,EAChD,KAAK;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,KAC7C,OAAO,CAAC;IAAE,cAAc,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAgF/C"}