@m1a0rz/agent-identity 0.3.1 → 0.3.2

package/README-cn.md

@@ -11,7 +11,9 @@ UserPool OIDC 登录、TIP (Trusted Identity Provider) 令牌（通过 Identity
 - **OIDC 登录**：`/identity login` 返回 IdP 授权 URL。用户打开 URL 后，IdP 重定向到 `/identity/oauth/callback`。
 - **TIP 令牌**：当会话中有已登录用户时，`before_agent_start` 钩子会获取 TIP 令牌。
 - **凭据 3LO**：`/identity fetch <provider>` 返回授权 URL。IdP 重定向到 Identity 提供的回调地址（控制台配置）。
-- **凭据绑定**：`/identity set <provider> <envVar>` 将存储的凭据绑定到环境变量。工具运行时在 `before_agent_start` 中注入到 `process.env`。
+- **凭据绑定**：`/identity set <provider> <envVar>` 将存储的凭据绑定到环境变量。凭据按工具调用粒度安全注入，并发多用户会话之间互相隔离。
+- **加密会话存储**：`sessions.json` 使用 AES-256-GCM 加密存储在磁盘上。旧版明文文件首次加载时自动迁移。
+- **内存 TIP 缓存**：TIP 令牌仅存储在内存中（不持久化到磁盘）。TIP 是短效令牌，可随时从用户 session token 重新获取。
 - **动态 UserPool**：通过 `userPoolName` + `clientName` 解析 OIDC 配置（无需手动配置 clientId）。
 - **凭证加载**：从环境变量、文件或 STS AssumeRole 加载 AK/SK（veadk 风格）。
 
@@ -251,16 +253,24 @@ TIP token 通过 `GetWorkloadAccessTokenForJWT` 获取。工作负载行为：
 
 ## 钩子
 
-- **before_agent_start** - 获取 TIP token；按 credential-env-bindings（按 session）将凭据注入到 `process.env`
-- **subagent_spawned** - 在子 agent 创建时将 TIP 传播到子会话
-- **before_tool_call** - 当 authz.toolCheck、authz.skillReadCheck 或 authz.requireRiskApproval 时可选 AuthZ。TIP + CheckPermission 工具/skill；高风险工具需审批。评估命令/路径风险（规则 + 可选 LLM via authz.enableLlmRiskCheck）。
+- **before_agent_start** - 仅为主 agent 获取 TIP token。
+- **subagent_spawned** - 在子 agent 创建时将 TIP 传播到子会话。
+- **before_tool_call** - 群组上下文注入、可选 AuthZ（TIP 检查、CheckPermission、风险审批）、工具调用级凭据注入。
+- **after_tool_call** - 清理工具调用级凭据注入状态。
 
 ## 数据存储
 
 插件数据位于 `~/.openclaw/plugins/identity/`：
 
-- `sessions.json` - sessionKey → userToken 映射（加载/保存时清理过期）
-- `tip-tokens.json` - sessionKey → TIP token 缓存（加载/保存时清理过期）
-- Credentials - 仅内存，按 session（api_key、oauth2）；gateway 重启后丢失；logout 时清除
-- `credential-env-bindings.json` - 按 session：`{ [sessionKey]: { [provider]: envVar } }`
-- OIDC state - 仅内存（临时，5 分钟 TTL）
+| 文件 | 描述 |
+|------|------|
+| `sessions.json` | 加密存储的 sessionKey → userToken 映射。加载/保存时清理过期条目。 |
+| `credential-env-bindings.json` | 按 session：`{ [sessionKey]: { [provider]: envVar } }` |
+
+**仅内存存储（不持久化到磁盘）：**
+
+| 数据 | 描述 |
+|------|------|
+| TIP 令牌 | sessionKey → TIP token 缓存。短效，按需从 session token 重新获取。 |
+| 凭据 | 按 session（api_key、oauth2）。gateway 重启后丢失；logout 时清除。 |
+| OIDC state | 临时数据，5 分钟 TTL。 |

package/README.md

@@ -9,11 +9,13 @@ Integrates with [Volcengine Agent Identity and Permission Management](https://ww
 ## Features
 
 - **OIDC Login**: `/identity login` returns IdP auth URL (no HTTP start endpoint). User opens URL, IdP redirects to `/identity/oauth/callback`.
-- **TIP Token**: `before_agent_start` hook fetches TIP token when session has a logged-in user
+- **TIP Token**: `before_agent_start` hook fetches TIP token when session has a logged-in user.
 - **Credential 3LO**: `/identity fetch <provider>` returns auth URL. IdP redirects to Identity-provided callback (control-plane config).
-- **Credential Binding**: `/identity set <provider> <envVar>` binds stored credential to env var. Credentials are injected into `process.env` in `before_agent_start` when tools run.
-- **Dynamic UserPool**: Resolve OIDC config by `userPoolName` + `clientName` (no manual clientId)
-- **Credentials**: Load AK/SK from env, file, or STS AssumeRole (veadk-style)
+- **Credential Binding**: `/identity set <provider> <envVar>` binds stored credential to env var. Credentials are securely injected per-tool-call, isolated between concurrent multi-user sessions.
+- **Encrypted Session Storage**: `sessions.json` is encrypted at rest (AES-256-GCM). Plaintext sessions from older versions are auto-migrated on first load.
+- **In-memory TIP Cache**: TIP tokens are stored only in memory (no disk persistence). They are short-lived and re-obtained from the user's session token on demand.
+- **Dynamic UserPool**: Resolve OIDC config by `userPoolName` + `clientName` (no manual clientId).
+- **Credentials**: Load AK/SK from env, file, or STS AssumeRole (veadk-style).
 
 ## HTTP Endpoints
 
@@ -251,16 +253,24 @@ Follow-up messages (login success, credential fetch done) are not delivered when
 
 ## Hooks
 
-- **before_agent_start** - Fetch TIP token; inject credentials into `process.env` per credential-env-bindings (per-session)
-- **subagent_spawned** - Propagate TIP to child session on subagent spawn
-- **before_tool_call** - Optional AuthZ when authz.toolCheck, authz.skillReadCheck, or authz.requireRiskApproval. TIP + CheckPermission for tools/skills; risk approval for high-risk tools. Evaluates user-provided commands/paths (rules + optional LLM via authz.enableLlmRiskCheck).
+- **before_agent_start** - Fetch TIP token for main agent only.
+- **subagent_spawned** - Propagate TIP to child session on subagent spawn.
+- **before_tool_call** - Group context injection, optional AuthZ (TIP check, CheckPermission, risk approval), and per-tool-call credential injection.
+- **after_tool_call** - Clean up per-tool-call credential injection state.
 
 ## Data Storage
 
 Plugin data at `~/.openclaw/plugins/identity/`:
 
-- `sessions.json` - sessionKey → userToken mapping (expired pruned on load/save)
-- `tip-tokens.json` - sessionKey → TIP token cache (expired pruned on load/save)
-- Credentials - in-memory only, per-session (api_key, oauth2); lost on gateway restart; cleared on logout
-- `credential-env-bindings.json` - per-session: `{ [sessionKey]: { [provider]: envVar } }`
-- OIDC state - in-memory only (ephemeral, 5 min TTL)
+| File | Description |
+|------|-------------|
+| `sessions.json` | Encrypted sessionKey → userToken mapping. Expired entries pruned on load/save. |
+| `credential-env-bindings.json` | Per-session: `{ [sessionKey]: { [provider]: envVar } }` |
+
+**In-memory only (not persisted to disk):**
+
+| Data | Description |
+|------|-------------|
+| TIP tokens | sessionKey → TIP token cache. Short-lived, re-obtained from session token on demand. |
+| Credentials | Per-session (api_key, oauth2). Lost on gateway restart; cleared on logout. |
+| OIDC state | Ephemeral, 5 min TTL. |

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAgBA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAmE7D,MAAM,CAAC,OAAO,UAAU,QAAQ,CAAC,GAAG,EAAE,iBAAiB,QA0YtD"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAgBA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAqE7D,MAAM,CAAC,OAAO,UAAU,QAAQ,CAAC,GAAG,EAAE,iBAAiB,QA0YtD"}

package/dist/index.js

@@ -22,6 +22,7 @@ import { createSubagentEndedCleanupHandler } from "./src/hooks/subagent-ended-cl
 import { setSender, clearSender } from "./src/store/group-sender-store.js";
 import { deriveSessionKey, isGroupOrChannelSessionKey, } from "./src/utils/derive-session-key.js";
 import { createBeforeToolCallHandler } from "./src/hooks/before-tool-call.js";
+import { createAfterToolCallHandler } from "./src/hooks/after-tool-call.js";
 import * as skillPathStore from "./src/store/skill-path-store.js";
 import { createOIDCCallbackHandler, createOIDCCallbackHandlerLazy, } from "./src/routes/oidc-login.js";
 import { IdentityClient, resolveOIDCConfig, } from "./src/services/identity-client.js";
@@ -43,6 +44,7 @@ import { createIdentityUnsetBindingTool } from "./src/tools/identity-unset-bindi
 import { createIdentityWhoamiTool } from "./src/tools/identity-whoami.js";
 import { parseSessionKeyToDeliveryTarget, } from "./src/utils/derive-session-key.js";
 import { logInfo, logWarn } from "./src/utils/logger.js";
+import { initEncryptionKey } from "./src/store/encryption.js";
 const PLUGIN_STORE_DIR = "~/.openclaw/plugins/identity";
 /**
  * Whether Identity should be enabled.
@@ -64,6 +66,7 @@ function hasAnyIdentityConfig(identity) {
 export default function register(api) {
     const pluginConfig = (api.pluginConfig ?? {});
     const storeDir = api.resolvePath(PLUGIN_STORE_DIR);
+    initEncryptionKey(storeDir);
     const identityCfg = pluginConfig.identity;
     const hasIdentity = hasAnyIdentityConfig(identityCfg);
     const userpool = pluginConfig.userpool;
@@ -366,10 +369,7 @@ export default function register(api) {
             logger: api.logger,
         }));
     }
-    const toolCheck = authz?.toolCheck ?? false;
     const skillReadCheck = authz?.skillReadCheck ?? false;
-    const requireRiskApproval = authz?.requireRiskApproval ?? false;
-    const hasAuthz = toolCheck || skillReadCheck || requireRiskApproval;
     api.on("llm_input", createLlmInputHandler({
         enabled: skillReadCheck,
         logger: api.logger,
@@ -380,18 +380,19 @@ export default function register(api) {
                 skillPathStore.clearSessionById(ctx.sessionId);
         });
     }
-    if (hasAuthz) {
-        api.on("before_tool_call", createBeforeToolCallHandler({
-            storeDir,
-            identityClient: hasIdentity ? identityClient : undefined,
-            namespaceName: authz?.namespaceName ?? "default",
-            logger: api.logger,
-            sendToSession,
-            authz,
-            approvalTtlMs,
-            identityService: hasIdentity ? identityService : undefined,
-            getOidcConfigForRefresh: getOidcConfigForRefresh ?? undefined,
-            configWorkloadName: identityCfg?.workloadName,
-        }));
-    }
+    // before_tool_call: authz, credential injection, group sender context
+    api.on("before_tool_call", createBeforeToolCallHandler({
+        storeDir,
+        identityClient: hasIdentity ? identityClient : undefined,
+        namespaceName: authz?.namespaceName ?? "default",
+        logger: api.logger,
+        sendToSession,
+        authz,
+        approvalTtlMs,
+        identityService: hasIdentity ? identityService : undefined,
+        getOidcConfigForRefresh: getOidcConfigForRefresh ?? undefined,
+        configWorkloadName: identityCfg?.workloadName,
+    }));
+    // Companion after_tool_call: restore env snapshot set by credential injection
+    api.on("after_tool_call", createAfterToolCallHandler({ logger: api.logger }));
 }

package/dist/src/actions/identity-actions.d.ts

@@ -86,7 +86,11 @@ export type ListCredentialsResult = {
     hasMore: boolean;
     totalCount?: number;
 };
-export declare function runListCredentials(deps: IdentityActionsDeps, sessionKey: string, page?: number): Promise<ListCredentialsResult>;
+export type ListCredentialsFilter = {
+    name?: string;
+    flow?: string;
+};
+export declare function runListCredentials(deps: IdentityActionsDeps, sessionKey: string, page?: number, filter?: ListCredentialsFilter): Promise<ListCredentialsResult>;
 export type ListTipsResult = {
     tips: Array<{
         sessionKey: string;
@@ -124,6 +128,8 @@ export declare function runFetch(deps: IdentityActionsDeps, sessionKey: string,
     scopes?: string[];
     deliveryTarget?: SessionKeyDeliveryTarget | null;
     config?: OpenClawConfig;
+    /** "tool" = agent tool call, "command" = slash command. Defaults to "command". */
+    source?: "tool" | "command";
 }): Promise<FetchResult>;
 export type SetBindingResult = {
     ok: boolean;

package/dist/src/actions/identity-actions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"identity-actions.d.ts","sourceRoot":"","sources":["../../../src/actions/identity-actions.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAE1D,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAc/E,OAAO,EAKL,KAAK,eAAe,EACrB,MAAM,8BAA8B,CAAC;AAUtC,MAAM,MAAM,oBAAoB,GAAG;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,eAAe,CAAC;IACjC,aAAa,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACnD,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC9D,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,uBAAuB,CAAC;IACzC,MAAM,CAAC,EAAE,qBAAqB,CAAC;IAC/B,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,qBAAqB,CAAC,EAAE,CACtB,kBAAkB,EAAE,wBAAwB,GAAG,MAAM,EACrD,IAAI,EAAE,MAAM,KACT,OAAO,CAAC,IAAI,CAAC,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,aAAa,GAAG,YAAY,GAAG,QAAQ,CAAC;AA+EhE,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,EAAE,OAAO,CAAC;IAClB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;IAChB,2CAA2C;IAC3C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wDAAwD;IACxD,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,4BAA4B;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uBAAuB;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC7C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC,CAAC;AAEF,wBAAsB,SAAS,CAC7B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE,cAAc,GACtB,OAAO,CAAC,YAAY,CAAC,CAsCvB;AAED,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,mBAAmB,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAC1C;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACrC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,cAAc,CAAC;IAAC,cAAc,CAAC,EAAE,wBAAwB,GAAG,IAAI,CAAA;CAAE,GACtF,OAAO,CAAC,WAAW,CAAC,CAqDtB;AAED,MAAM,MAAM,YAAY,GAAG;IAAE,EAAE,EAAE,OAAO,CAAA;CAAE,CAAC;AAE3C,wBAAsB,SAAS,CAC7B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,YAAY,CAAC,CAWvB;AAID,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClG,UAAU,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACtE,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,IAAI,GAAE,MAAU,GACf,OAAO,CAAC,qBAAqB,CAAC,CA2EhC;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,KAAK,CAAC;QACV,UAAU,EAAE,MAAM,CAAC;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC,CAAC;IACH,oDAAoD;IACpD,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CAC3D,CAAC;AAEF,wBAAsB,WAAW,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC,CAsBpF;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAAC;AAEF,wBAAsB,SAAS,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,YAAY,CAAC,CA2ChF;AAED,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACpC;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACtD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IACN,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,SAAS,CAAC;IAChB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,cAAc,CAAC,EAAE,wBAAwB,GAAG,IAAI,CAAC;IACjD,MAAM,CAAC,EAAE,cAAc,CAAC;CACzB,GACA,OAAO,CAAC,WAAW,CAAC,CAsHtB;AAED,MAAM,MAAM,gBAAgB,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEjF,wBAAsB,aAAa,CACjC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAC3C,OAAO,CAAC,gBAAgB,CAAC,CAkC3B;AAED,MAAM,MAAM,kBAAkB,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEnF,wBAAsB,eAAe,CACnC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,GAC3B,OAAO,CAAC,kBAAkB,CAAC,CAW7B"}
+{"version":3,"file":"identity-actions.d.ts","sourceRoot":"","sources":["../../../src/actions/identity-actions.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAE1D,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAc/E,OAAO,EAKL,KAAK,eAAe,EACrB,MAAM,8BAA8B,CAAC;AAUtC,MAAM,MAAM,oBAAoB,GAAG;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,eAAe,CAAC;IACjC,aAAa,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACnD,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC9D,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,uBAAuB,CAAC;IACzC,MAAM,CAAC,EAAE,qBAAqB,CAAC;IAC/B,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,qBAAqB,CAAC,EAAE,CACtB,kBAAkB,EAAE,wBAAwB,GAAG,MAAM,EACrD,IAAI,EAAE,MAAM,KACT,OAAO,CAAC,IAAI,CAAC,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,aAAa,GAAG,YAAY,GAAG,QAAQ,CAAC;AAgFhE,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,EAAE,OAAO,CAAC;IAClB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;IAChB,2CAA2C;IAC3C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wDAAwD;IACxD,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,4BAA4B;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uBAAuB;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC7C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC,CAAC;AAEF,wBAAsB,SAAS,CAC7B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE,cAAc,GACtB,OAAO,CAAC,YAAY,CAAC,CAsCvB;AAED,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,mBAAmB,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAC1C;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACrC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,cAAc,CAAC;IAAC,cAAc,CAAC,EAAE,wBAAwB,GAAG,IAAI,CAAA;CAAE,GACtF,OAAO,CAAC,WAAW,CAAC,CAqDtB;AAED,MAAM,MAAM,YAAY,GAAG;IAAE,EAAE,EAAE,OAAO,CAAA;CAAE,CAAC;AAE3C,wBAAsB,SAAS,CAC7B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,YAAY,CAAC,CASvB;AAID,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClG,UAAU,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACtE,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,IAAI,GAAE,MAAU,EAChB,MAAM,CAAC,EAAE,qBAAqB,GAC7B,OAAO,CAAC,qBAAqB,CAAC,CAqFhC;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,KAAK,CAAC;QACV,UAAU,EAAE,MAAM,CAAC;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC,CAAC;IACH,oDAAoD;IACpD,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CAC3D,CAAC;AAEF,wBAAsB,WAAW,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC,CAsBpF;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAAC;AAEF,wBAAsB,SAAS,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,YAAY,CAAC,CA2ChF;AAED,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACpC;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACtD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IACN,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,SAAS,CAAC;IAChB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,cAAc,CAAC,EAAE,wBAAwB,GAAG,IAAI,CAAC;IACjD,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,kFAAkF;IAClF,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC7B,GACA,OAAO,CAAC,WAAW,CAAC,CA4JtB;AAED,MAAM,MAAM,gBAAgB,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEjF,wBAAsB,aAAa,CACjC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAC3C,OAAO,CAAC,gBAAgB,CAAC,CAkC3B;AAED,MAAM,MAAM,kBAAkB,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEnF,wBAAsB,eAAe,CACnC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,GAC3B,OAAO,CAAC,kBAAkB,CAAC,CAW7B"}

package/dist/src/actions/identity-actions.js

@@ -20,7 +20,7 @@ import { loadCredentialEnvBindings, loadAllCredentialEnvBindings, setCredentialE
 import { loadCredentials, setCredential, getCredential, deleteCredentialsForSession, } from "../store/credential-store.js";
 import { getSession, deleteSession } from "../store/session-store.js";
 import { createState } from "../store/oidc-state-store.js";
-import { loadTIPTokens, saveTIPTokens } from "../store/tip-store.js";
+import { getAllTIPTokens, deleteTIPToken } from "../store/tip-store.js";
 import { extractDelegationChainFromJwt } from "../utils/auth.js";
 import { resolveAgentId, } from "../utils/derive-session-key.js";
 function inferFlowFromProvider(info) {
@@ -32,6 +32,7 @@ function inferFlowFromProvider(info) {
 }
 const OAUTH_POLL_INTERVAL_MS = 2500;
 const OAUTH_POLL_TIMEOUT_MS = 10 * 60 * 1000;
+const OAUTH_QUICK_RETRY_MS = 1000;
 function sleep(ms) {
     return new Promise((r) => setTimeout(r, ms));
 }
@@ -156,30 +157,40 @@ export async function runLogout(deps, sessionKey) {
     const { storeDir, logger } = deps;
     logDebug(logger, `logout sessionKey=${sessionKey.slice(0, 24)}...`);
     await deleteSession(storeDir, sessionKey);
-    const tokens = await loadTIPTokens(storeDir);
-    delete tokens[sessionKey];
-    await saveTIPTokens(storeDir, tokens);
+    deleteTIPToken(sessionKey);
     deleteCredentialsForSession(storeDir, sessionKey);
     return { ok: true };
 }
 const LIST_PAGE_SIZE = 10;
-export async function runListCredentials(deps, sessionKey, page = 1) {
-    const { storeDir, identityClient, logger } = deps;
+export async function runListCredentials(deps, sessionKey, page = 1, filter) {
+    const { storeDir, identityClient, identityService, logger } = deps;
     const creds = await loadCredentials(storeDir, sessionKey);
     const bindings = await loadCredentialEnvBindings(storeDir, sessionKey);
     let providers = [];
     let totalCount = 0;
     if (identityClient) {
-        try {
-            const result = await identityClient.listCredentialProviders({
-                PageNumber: page,
-                PageSize: LIST_PAGE_SIZE,
-            });
-            providers = result.CredentialProviders ?? result.Data ?? [];
-            totalCount = result.TotalCount ?? 0;
+        const session = await getSession(storeDir, sessionKey);
+        if (!session || !identityService.parseUserToken(session.userToken).valid) {
+            logWarn(logger, `list-credentials: no valid session for key=${sessionKey.slice(0, 24)}...`);
         }
-        catch (e) {
-            logWarn(logger, `list-credentials API error: ${String(e)}`);
+        else {
+            try {
+                const apiFilter = {};
+                if (filter?.name)
+                    apiFilter.Name = filter.name;
+                if (filter?.flow)
+                    apiFilter.Flow = filter.flow;
+                const result = await identityClient.listCredentialProviders({
+                    PageNumber: page,
+                    PageSize: LIST_PAGE_SIZE,
+                    ...(Object.keys(apiFilter).length > 0 ? { Filter: apiFilter } : {}),
+                });
+                providers = result.CredentialProviders ?? result.Data ?? [];
+                totalCount = result.TotalCount ?? 0;
+            }
+            catch (e) {
+                logWarn(logger, `list-credentials API error: ${String(e)}`);
+            }
         }
     }
     const providerNames = new Set(providers.map((p) => p.Name));
@@ -232,7 +243,7 @@ export async function runListCredentials(deps, sessionKey, page = 1) {
 }
 export async function runListTips(deps) {
     const { storeDir } = deps;
-    const tokens = await loadTIPTokens(storeDir);
+    const tokens = getAllTIPTokens();
     const bindingsBySession = await loadAllCredentialEnvBindings(storeDir);
     const now = Date.now();
     const tips = [];
@@ -292,27 +303,10 @@ export async function runConfig(deps) {
 }
 export async function runFetch(deps, sessionKey, params) {
     const { identityClient, storeDir, sendCredentialMessage, logger } = deps;
-    const { provider, flow, flowExplicit, redirectUrl, scopes, deliveryTarget, config } = params;
+    const { provider, flow, flowExplicit, redirectUrl, scopes, deliveryTarget, config, source = "command" } = params;
     if (!identityClient) {
         return { kind: "error", message: "Identity service not configured. Cannot add credentials." };
     }
-    let effectiveFlow = flow;
-    if (!flowExplicit) {
-        try {
-            const listResult = await identityClient.listCredentialProviders({
-                PageNumber: 1,
-                PageSize: 20,
-                Filter: { Name: provider },
-            });
-            const list = listResult.CredentialProviders ?? listResult.Data ?? [];
-            const info = list.find((p) => p.Name === provider);
-            if (info)
-                effectiveFlow = inferFlowFromProvider(info);
-        }
-        catch {
-            // keep default
-        }
-    }
     const ctxAgentId = resolveAgentId({ sessionKey, config: config });
     const tipRefreshOptions = deps.getOidcConfigForRefresh
         ? {
@@ -330,6 +324,23 @@ export async function runFetch(deps, sessionKey, params) {
             message: "Login first with `/identity login` to establish identity before adding credentials.",
         };
     }
+    let effectiveFlow = flow;
+    if (!flowExplicit) {
+        try {
+            const listResult = await identityClient.listCredentialProviders({
+                PageNumber: 1,
+                PageSize: 20,
+                Filter: { Name: provider },
+            });
+            const list = listResult.CredentialProviders ?? listResult.Data ?? [];
+            const info = list.find((p) => p.Name === provider);
+            if (info)
+                effectiveFlow = inferFlowFromProvider(info);
+        }
+        catch {
+            // keep default
+        }
+    }
     try {
         if (effectiveFlow === "apikey") {
             const result = await identityClient.getResourceApiKey({
@@ -361,6 +372,43 @@ export async function runFetch(deps, sessionKey, params) {
             return { kind: "success", message: `✓ Credential for \`${provider}\` added (direct token).` };
         }
         if (oauthResult.authorizationUrl) {
+            // Quick retry: the server may have a cached token that wasn't ready on
+            // the first call (e.g. user previously authorized). A short pause then
+            // re-check avoids unnecessary polling / returning authUrl to the user.
+            await sleep(OAUTH_QUICK_RETRY_MS);
+            try {
+                const retry = await identityClient.getResourceOauth2Token({
+                    providerName: provider,
+                    identityToken: tip.token,
+                    flow: oauth2Flow,
+                    redirectUrl,
+                    scopes: scopes?.length ? scopes : undefined,
+                });
+                if (retry.accessToken) {
+                    await setCredential(storeDir, sessionKey, provider, {
+                        type: "oauth2",
+                        status: "authenticated",
+                        accessToken: retry.accessToken,
+                        expiresAt: Date.now() + 3600 * 1000,
+                    });
+                    return { kind: "success", message: `✓ Credential for \`${provider}\` added (cached token).` };
+                }
+            }
+            catch {
+                // quick retry failed — proceed with authUrl flow
+            }
+            if (source === "tool") {
+                // Agent tool context: return authUrl for the agent to display.
+                // No background polling — the agent should re-call identity_fetch
+                // after the user completes authorization in the browser.
+                logInfo(logger, `fetch returning auth URL for provider=${provider} (tool, no poll)`);
+                return {
+                    kind: "auth_url",
+                    authUrl: oauthResult.authorizationUrl,
+                    message: `Open this URL to authorize \`${provider}\`. After you complete authorization in the browser, tell me and I will fetch the credential.`,
+                };
+            }
+            // Slash command context: start background polling and notify via channel message.
             logInfo(logger, `fetch returning auth URL for provider=${provider}, starting poll`);
             const target = deliveryTarget ?? sessionKey;
             pollOAuthAndNotify({

package/dist/src/commands/identity-commands.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"identity-commands.d.ts","sourceRoot":"","sources":["../../../src/commands/identity-commands.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAUL,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,SAAS,EACf,MAAM,gCAAgC,CAAC;AAYxC,YAAY,EAAE,oBAAoB,EAAE,SAAS,EAAE,CAAC;AAEhD,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG,mBAAmB,CAAC;AAooBvD,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,oBAAoB;;;;;mBAjf3C,oBAAoB,KAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;EA0fpE;AAED,0CAA0C;AAC1C,wBAAgB,eAAe,CAAC,IAAI,EAAE,oBAAoB;;;;;mBA7frC,oBAAoB,KAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;EAsgBpE"}
+{"version":3,"file":"identity-commands.d.ts","sourceRoot":"","sources":["../../../src/commands/identity-commands.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAUL,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,SAAS,EACf,MAAM,gCAAgC,CAAC;AAYxC,YAAY,EAAE,oBAAoB,EAAE,SAAS,EAAE,CAAC;AAEhD,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG,mBAAmB,CAAC;AAyoBvD,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,oBAAoB;;;;;mBAlf3C,oBAAoB,KAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;EA2fpE;AAED,0CAA0C;AAC1C,wBAAgB,eAAe,CAAC,IAAI,EAAE,oBAAoB;;;;;mBA9frC,oBAAoB,KAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;EAugBpE"}

package/dist/src/commands/identity-commands.js

@@ -88,7 +88,7 @@ function parseSubcommand(args) {
         rest: raw.slice(space + 1).trim(),
     };
 }
-/** Parse list args: optional page. E.g. "list", "list 2", "list --page 2". */
+/** Parse list args: optional page and filters. E.g. "list", "list 2", "list --name=github --flow=M2M". */
 function parseListArgs(rest) {
     const parts = rest.split(/\s+/).filter(Boolean);
     const flags = {};
@@ -104,7 +104,11 @@ function parseListArgs(rest) {
         }
     }
     const page = flags.page ? parseInt(flags.page, 10) : positional[0];
-    return { page: Number.isFinite(page) && page >= 1 ? page : 1 };
+    return {
+        page: Number.isFinite(page) && page >= 1 ? page : 1,
+        name: flags.name || undefined,
+        flow: flags.flow || undefined,
+    };
 }
 /** Parse fetch args: provider and flags (--flow, --redirectUrl, --scopes). flow can be omitted to auto-infer from provider. */
 function parseFetchArgs(rest) {
@@ -331,8 +335,9 @@ async function handleLogout(deps, sessionKey) {
     return { text: "✓ Logged out." };
 }
 async function handleListCredentials(deps, sessionKey, rest) {
-    const { page } = parseListArgs(rest);
-    const result = await runListCredentials(deps, sessionKey, page);
+    const { page, name, flow } = parseListArgs(rest);
+    const filter = name || flow ? { name, flow } : undefined;
+    const result = await runListCredentials(deps, sessionKey, page, filter);
     const lines = [];
     if (result.providers.length > 0) {
         lines.push(`**Available (page ${result.page}):**`);

package/dist/src/hooks/after-tool-call.d.ts

@@ -0,0 +1,12 @@
+import { type PluginLogger } from "../utils/logger.js";
+export type AfterToolCallDeps = {
+    logger?: PluginLogger;
+};
+export declare function createAfterToolCallHandler(deps: AfterToolCallDeps): (event: {
+    toolName: string;
+    runId?: string;
+    toolCallId?: string;
+}, _ctx: {
+    sessionKey?: string;
+}) => void;
+//# sourceMappingURL=after-tool-call.d.ts.map

package/dist/src/hooks/after-tool-call.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"after-tool-call.d.ts","sourceRoot":"","sources":["../../../src/hooks/after-tool-call.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAY,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEjE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,CAAC,EAAE,YAAY,CAAC;CACvB,CAAC;AAEF,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,iBAAiB,IAI9D,OAAO;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,EAChE,MAAM;IAAE,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,KAC5B,IAAI,CASR"}

package/dist/src/hooks/after-tool-call.js

@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2026 Beijing Volcano Engine Technology Co., Ltd. and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * after_tool_call hook: restore process.env snapshot and release per-key locks
+ * set by before_tool_call credential injection.
+ */
+import { hasSnapshot, restoreEnvSnapshot } from "../store/credential-env-snapshot.js";
+import { logDebug } from "../utils/logger.js";
+export function createAfterToolCallHandler(deps) {
+    const { logger } = deps;
+    return (event, _ctx) => {
+        if (!hasSnapshot(event.runId, event.toolCallId))
+            return;
+        logDebug(logger, `restoring env snapshot for tool=${event.toolName} ` +
+            `run=${event.runId ?? "?"} toolCallId=${event.toolCallId ?? "?"}`);
+        restoreEnvSnapshot(event.runId, event.toolCallId);
+    };
+}

package/dist/src/hooks/before-agent-start.d.ts

@@ -1,8 +1,7 @@
 /**
  * before_agent_start hook: fetch TIP token for main agent only.
- * 1. Inject credentials into process.env per credential-env-bindings
- * 2. Subagent: skip (TIP comes from sessions_send propagation)
- * 3. Main: getOrRefreshTIPToken (fetches TIP, refreshes userToken if expired)
+ * Credential env injection is handled per-tool-call in before_tool_call
+ * to avoid process.env race conditions between concurrent runs.
  */
 import type { IdentityService } from "../services/identity-service.js";
 import type { OIDCConfigForRefresh } from "../services/session-refresh.js";
@@ -13,6 +12,7 @@ export type BeforeAgentStartDeps = {
     getOidcConfigForRefresh?: () => Promise<OIDCConfigForRefresh>;
     logger: {
         info?: (msg: string) => void;
+        debug?: (msg: string) => void;
         warn?: (msg: string) => void;
     };
 };

package/dist/src/hooks/before-agent-start.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"before-agent-start.d.ts","sourceRoot":"","sources":["../../../src/hooks/before-agent-start.ts"],"names":[],"mappings":"AAgBA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAQ3E,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,eAAe,CAAC;IACjC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC9D,MAAM,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CACxE,CAAC;AAEF,wBAAgB,6BAA6B,CAAC,IAAI,EAAE,oBAAoB,IAapE,QAAQ;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAA;CAAE,EAChD,KAAK;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,KAC7C,OAAO,CAAC;IAAE,cAAc,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CA8B/C"}
+{"version":3,"file":"before-agent-start.d.ts","sourceRoot":"","sources":["../../../src/hooks/before-agent-start.ts"],"names":[],"mappings":"AAgBA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAM3E,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,eAAe,CAAC;IACjC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC9D,MAAM,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CACvG,CAAC;AAEF,wBAAgB,6BAA6B,CAAC,IAAI,EAAE,oBAAoB,IAWpE,QAAQ;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAA;CAAE,EAChD,KAAK;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,KAC7C,OAAO,CAAC;IAAE,cAAc,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAuB/C"}

package/dist/src/hooks/before-agent-start.js

@@ -14,15 +14,11 @@
  * limitations under the License.
  */
 import { getOrRefreshTIPToken } from "../services/tip-with-refresh.js";
-import { logWarn } from "../utils/logger.js";
-import { loadCredentialEnvBindings } from "../store/credential-env-bindings.js";
-import { getCredential, resolveCredentialValue } from "../store/credential-store.js";
+import { logDebug, logWarn } from "../utils/logger.js";
 import { isSubagentSessionKey } from "../utils/derive-session-key.js";
 import { resolveEffectiveSessionKey } from "../store/group-sender-store.js";
 export function createBeforeAgentStartHandler(deps) {
     const { storeDir, identityService, configWorkloadName, getOidcConfigForRefresh, logger } = deps;
-    // Always pass identityService so we can try fetch with session.userToken when TIP is missing/expired.
-    // getOidcConfigForRefresh is only needed for refresh when userToken itself has expired.
     const tipRefreshOptions = {
         identityService,
         getOidcConfigForRefresh,
@@ -36,27 +32,17 @@ export function createBeforeAgentStartHandler(deps) {
         if (isSubagentSessionKey(sessionKey))
             return;
         const effectiveKey = resolveEffectiveSessionKey(sessionKey);
-        try {
-            const bindings = await loadCredentialEnvBindings(storeDir, effectiveKey);
-            for (const [provider, envVar] of Object.entries(bindings)) {
-                const cred = await getCredential(storeDir, effectiveKey, provider);
-                const value = cred ? resolveCredentialValue(cred) : undefined;
-                if (value)
-                    process.env[envVar] = value;
-                else
-                    delete process.env[envVar];
-            }
-        }
-        catch {
-            /* best-effort */
-        }
+        logDebug(logger, `before_agent_start: fetching TIP for key=${effectiveKey}`);
         try {
             const tip = await getOrRefreshTIPToken(storeDir, effectiveKey, {
                 ...tipRefreshOptions,
                 ctxAgentId: ctx.agentId,
             });
-            if (!tip)
+            if (!tip) {
+                logDebug(logger, `before_agent_start: no TIP available for key=${effectiveKey}`);
                 return;
+            }
+            logDebug(logger, `before_agent_start: TIP ready for key=${effectiveKey} sub=${tip.sub}`);
         }
         catch (err) {
             logWarn(logger, `failed to get TIP for ${effectiveKey}: ${String(err)}`);

package/dist/src/hooks/before-tool-call.d.ts

@@ -1,8 +1,9 @@
 /**
- * before_tool_call hook: optional AuthZ check.
- * When enabled, blocks tool calls for sessions without valid TIP or denied by policy.
- * Integrates with CheckPermission when identityClient is provided (veadk-style).
- * Supports low-risk bypass and high-risk pending approval (Channel: poll, Webchat/TUI: retry).
+ * before_tool_call hook — three sequential phases:
+ *
+ * 1. Group sender context injection (_enhancedContext).
+ * 2. Session + AuthZ gate (mandatory session check, optional CheckPermission / risk).
+ * 3. Per-tool-call credential injection (params + process.env snapshot).
  *
  * @see https://github.com/volcengine/veadk-python/blob/main/veadk/tools/builtin_tools/agent_authorization.py
  */
@@ -12,34 +13,38 @@ import type { OIDCConfigForRefresh } from "../services/session-refresh.js";
 import type { PluginConfig } from "../types.js";
 export type BeforeToolCallDeps = {
     storeDir: string;
-    /** When set, call CheckPermission with principal/originalCallers from TIP token, resource=toolName. */
     identityClient?: IdentityClientInterface;
-    /** Namespace for CheckPermission. From authz.namespaceName, default "default". */
     namespaceName?: string;
     logger: {
         debug?: (msg: string) => void;
         warn?: (msg: string) => void;
     };
-    /** Send message to session (Channel only). For sync approval flow. */
     sendToSession?: (targetOrSessionKey: string, text: string) => Promise<void>;
-    /** Authz config. */
     authz?: PluginConfig["authz"];
-    approvalTtlMs: number;
-    /** When set, attempt TIP refresh when expired (uses session refresh_token). */
+    approvalTtlMs?: number;
     identityService?: IdentityService;
     getOidcConfigForRefresh?: () => Promise<OIDCConfigForRefresh>;
     configWorkloadName?: string;
 };
+type HookResult = {
+    params?: Record<string, unknown>;
+    block?: boolean;
+    blockReason?: string;
+};
+declare function resolveCredentials(storeDir: string, effectiveKey: string): Promise<Record<string, string>>;
 export declare function createBeforeToolCallHandler(deps: BeforeToolCallDeps): (event: {
     toolName: string;
     runId?: string;
+    toolCallId?: string;
     params: Record<string, unknown>;
 }, ctx: {
     agentId?: string;
     sessionKey?: string;
     toolName: string;
-}) => Promise<{
-    block?: boolean;
-    blockReason?: string;
-} | void>;
+}) => Promise<HookResult | void>;
+/** Exposed for testing. */
+export declare const __testing: {
+    resolveCredentials: typeof resolveCredentials;
+};
+export {};
 //# sourceMappingURL=before-tool-call.d.ts.map