@m1a0rz/agent-identity 0.4.5 → 0.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAgBA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAmF7D,MAAM,CAAC,OAAO,UAAU,QAAQ,CAAC,GAAG,EAAE,iBAAiB,QA+etD"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAgBA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAkF7D,MAAM,CAAC,OAAO,UAAU,QAAQ,CAAC,GAAG,EAAE,iBAAiB,QA8etD"}
package/dist/index.js CHANGED
@@ -467,8 +467,8 @@ export default function register(api) {
467
467
  // On any failure, set pluginState.degraded so hooks skip all interception.
468
468
  const authzEnabled = !!(authz?.agentCheck || authz?.toolCheck || authz?.requireRiskApproval);
469
469
  runPluginPreflight({
470
+ pluginConfig,
470
471
  identityClient,
471
- identityService,
472
472
  hasIdentity,
473
473
  credentialConfig: identityCfg
474
474
  ? {
@@ -485,7 +485,6 @@ export default function register(api) {
485
485
  : explicitOidcEnabled
486
486
  ? { mode: "explicit", discoveryUrl: userpool?.discoveryUrl }
487
487
  : undefined,
488
- workloadPoolName: identityCfg?.workloadPoolName,
489
488
  authzEnabled,
490
489
  namespaceName: authz?.namespaceName ?? "default",
491
490
  logger: api.logger,
@@ -1 +1 @@
1
- {"version":3,"file":"identity-actions.d.ts","sourceRoot":"","sources":["../../../src/actions/identity-actions.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAEV,uBAAuB,EAExB,MAAM,gCAAgC,CAAC;AACxC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAgB/E,OAAO,EAKL,KAAK,eAAe,EACrB,MAAM,8BAA8B,CAAC;AAWtC,MAAM,MAAM,oBAAoB,GAAG;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,gFAAgF;IAChF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,6DAA6D;IAC7D,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,eAAe,CAAC;IACjC,aAAa,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACnD,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC9D,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,uBAAuB,CAAC;IACzC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,qBAAqB,CAAC;IAC/B,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,qBAAqB,CAAC,EAAE,CACtB,kBAAkB,EAAE,wBAAwB,GAAG,MAAM,EACrD,IAAI,EAAE,MAAM,KACT,OAAO,CAAC,IAAI,CAAC,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,aAAa,GAAG,YAAY,GAAG,QAAQ,GAAG,MAAM,CAAC;AAmHzE,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,EAAE,OAAO,CAAC;IAClB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;IAChB,2CAA2C;IAC3C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wDAAwD;IACxD,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,4BAA4B;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uBAAuB;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC7C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC,CAAC;AAEF,wBAAsB,SAAS,CAC7B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE,cAAc,GACtB,OAAO,CAAC,YAAY,CAAC,CA4BvB;AAED,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,mBAAmB,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAC1C;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACrC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,cAAc,CAAC;IAAC,cAAc,CAAC,EAAE,wBAAwB,GAAG,IAAI,CAAA;CAAE,GACtF,OAAO,CAAC,WAAW,CAAC,CAyDtB;AAED,MAAM,MAAM,YAAY,GAAG;IAAE,EAAE,EAAE,OAAO,CAAA;CAAE,CAAC;AAE3C,wBAAsB,SAAS,CAC7B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,YAAY,CAAC,CASvB;AAID,MAAM,MAAM,WAAW,GAAG;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,WAAW,EAAE,CAAC;IACzB,UAAU,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACtE,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,IAAI,GAAE,MAAU,EAChB,MAAM,CAAC,EAAE,qBAAqB,GAC7B,OAAO,CAAC,qBAAqB,CAAC,CA6DhC;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,EAAE,eAAe,EAAE,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,GACzB,OAAO,CAAC,yBAAyB,CAAC,CA2CpC;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,KAAK,CAAC;QACV,UAAU,EAAE,MAAM,CAAC;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC,CAAC;IACH,oDAAoD;IACpD,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CAC3D,CAAC;AAEF,wBAAsB,WAAW,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC,CAsBpF;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAAC;AAEF,wBAAsB,SAAS,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,YAAY,CAAC,CA6ChF;AAED,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACpC;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACtD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IACN,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,SAAS,CAAC;IAChB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,cAAc,CAAC,EAAE,wBAAwB,GAAG,IAAI,CAAC;IACjD,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,kFAAkF;IAClF,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC7B,GACA,OAAO,CAAC,WAAW,CAAC,CAqKtB;AAED,MAAM,MAAM,gBAAgB,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEjF,wBAAsB,aAAa,CACjC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAC3C,OAAO,CAAC,gBAAgB,CAAC,CAkC3B;AAED,MAAM,MAAM,kBAAkB,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEnF,wBAAsB,eAAe,CACnC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,GAC3B,OAAO,CAAC,kBAAkB,CAAC,CAW7B;AAED,MAAM,MAAM,8BAA8B,GACtC;IACA,IAAI,EAAE,SAAS,CAAC;IAChB,WAAW,EAAE;QACX,WAAW,EAAE,MAAM,CAAC;QACpB,eAAe,EAAE,MAAM,CAAC;QACxB,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;CACH,GACC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IACN,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,OAAO,qBAAqB,EAAE,cAAc,CAAC;CACvD,GACA,OAAO,CAAC,8BAA8B,CAAC,CAsDzC;AAED,MAAM,MAAM,iBAAiB,GACzB;IACA,IAAI,EAAE,SAAS,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB,GACC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE,cAAc,GACtB,OAAO,CAAC,iBAAiB,CAAC,CAgB5B;AAED,MAAM,MAAM,qBAAqB,GAC7B;IACA,IAAI,EAAE,SAAS,CAAC;IAChB,4CAA4C;IAC5C,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GACC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAoBhC"}
1
+ {"version":3,"file":"identity-actions.d.ts","sourceRoot":"","sources":["../../../src/actions/identity-actions.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAEV,uBAAuB,EAExB,MAAM,gCAAgC,CAAC;AACxC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAgB/E,OAAO,EAKL,KAAK,eAAe,EACrB,MAAM,8BAA8B,CAAC;AAWtC,MAAM,MAAM,oBAAoB,GAAG;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,gFAAgF;IAChF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,6DAA6D;IAC7D,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,eAAe,CAAC;IACjC,aAAa,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACnD,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC9D,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,uBAAuB,CAAC;IACzC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,qBAAqB,CAAC;IAC/B,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,qBAAqB,CAAC,EAAE,CACtB,kBAAkB,EAAE,wBAAwB,GAAG,MAAM,EACrD,IAAI,EAAE,MAAM,KACT,OAAO,CAAC,IAAI,CAAC,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,aAAa,GAAG,YAAY,GAAG,QAAQ,GAAG,MAAM,CAAC;AAmHzE,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,EAAE,OAAO,CAAC;IAClB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;IAChB,2CAA2C;IAC3C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wDAAwD;IACxD,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,4BAA4B;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uBAAuB;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IAC7C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC,CAAC;AAEF,wBAAsB,SAAS,CAC7B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE,cAAc,GACtB,OAAO,CAAC,YAAY,CAAC,CA4BvB;AAED,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,mBAAmB,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAC1C;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACrC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,cAAc,CAAC;IAAC,cAAc,CAAC,EAAE,wBAAwB,GAAG,IAAI,CAAA;CAAE,GACtF,OAAO,CAAC,WAAW,CAAC,CAyDtB;AAED,MAAM,MAAM,YAAY,GAAG;IAAE,EAAE,EAAE,OAAO,CAAA;CAAE,CAAC;AAE3C,wBAAsB,SAAS,CAC7B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,YAAY,CAAC,CASvB;AAID,MAAM,MAAM,WAAW,GAAG;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,WAAW,EAAE,CAAC;IACzB,UAAU,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACtE,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,IAAI,GAAE,MAAU,EAChB,MAAM,CAAC,EAAE,qBAAqB,GAC7B,OAAO,CAAC,qBAAqB,CAAC,CA6DhC;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,EAAE,eAAe,EAAE,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,GACzB,OAAO,CAAC,yBAAyB,CAAC,CA2CpC;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,KAAK,CAAC;QACV,UAAU,EAAE,MAAM,CAAC;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC,CAAC;IACH,oDAAoD;IACpD,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CAC3D,CAAC;AAEF,wBAAsB,WAAW,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC,CAsBpF;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAAC;AAEF,wBAAsB,SAAS,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,YAAY,CAAC,CA6ChF;AAED,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACpC;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACtD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IACN,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,SAAS,CAAC;IAChB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,cAAc,CAAC,EAAE,wBAAwB,GAAG,IAAI,CAAC;IACjD,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,kFAAkF;IAClF,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC7B,GACA,OAAO,CAAC,WAAW,CAAC,CAqKtB;AAED,MAAM,MAAM,gBAAgB,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEjF,wBAAsB,aAAa,CACjC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAC3C,OAAO,CAAC,gBAAgB,CAAC,CAkC3B;AAED,MAAM,MAAM,kBAAkB,GAAG;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEnF,wBAAsB,eAAe,CACnC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,GAC3B,OAAO,CAAC,kBAAkB,CAAC,CAW7B;AAED,MAAM,MAAM,8BAA8B,GACtC;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,WAAW,EAAE;QACX,WAAW,EAAE,MAAM,CAAC;QACpB,eAAe,EAAE,MAAM,CAAC;QACxB,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;CACH,GACD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;IACN,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,OAAO,qBAAqB,EAAE,cAAc,CAAC;CACvD,GACA,OAAO,CAAC,8BAA8B,CAAC,CAsDzC;AAED,MAAM,MAAM,iBAAiB,GACzB;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB,GACD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC;;GAEG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,EAClB,MAAM,CAAC,EAAE,cAAc,GACtB,OAAO,CAAC,iBAAiB,CAAC,CAgB5B;AAED,MAAM,MAAM,qBAAqB,GAC7B;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,4CAA4C;IAC5C,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GACD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEvC;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,mBAAmB,EACzB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAoBhC"}
@@ -162,7 +162,7 @@ export async function runLogin(deps, sessionKey, options) {
162
162
  codeChallenge,
163
163
  codeChallengeMethod: "S256",
164
164
  nonce,
165
- redirectRelayUri: deps.pluginConfig?.userpool?.useRelayCallback ? oidcConfig.callbackUrl : undefined,
165
+ redirectRelayUri: oidcConfig.callbackUrl,
166
166
  identityProvider,
167
167
  });
168
168
  logInfo(logger, `login returning IdP URL for sessionKey=${sessionKey.slice(0, 24)}...`);
@@ -3,7 +3,8 @@
3
3
  *
4
4
  * 1. Group sender context injection (_enhancedContext).
5
5
  * 2. Session + AuthZ gate (mandatory session check, optional CheckPermission / risk).
6
- * 3. Per-tool-call credential injection (params + process.env snapshot).
6
+ * 3. Per-tool-call env injection (params + process.env snapshot): bound credentials and VE_TIP_TOKEN
7
+ * (current workload TIP JWT when available).
7
8
  *
8
9
  * @see https://github.com/volcengine/veadk-python/blob/main/veadk/tools/builtin_tools/agent_authorization.py
9
10
  */
@@ -11,12 +12,15 @@ import type { IdentityClientInterface } from "../services/identity-client.js";
11
12
  import type { IdentityService } from "../services/identity-service.js";
12
13
  import type { OIDCConfigForRefresh } from "../services/session-refresh.js";
13
14
  import type { PluginConfig } from "../types.js";
15
+ /** Injected into process.env / _credentialContext when a valid TIP exists for the session. */
16
+ export declare const VE_TIP_TOKEN_ENV = "VE_TIP_TOKEN";
14
17
  export type BeforeToolCallDeps = {
15
18
  storeDir: string;
16
19
  identityClient?: IdentityClientInterface;
17
20
  namespaceName?: string;
18
21
  logger: {
19
22
  debug?: (msg: string) => void;
23
+ info?: (msg: string) => void;
20
24
  warn?: (msg: string) => void;
21
25
  };
22
26
  sendToSession?: (targetOrSessionKey: string, text: string) => Promise<void>;
@@ -1 +1 @@
1
- {"version":3,"file":"before-tool-call.d.ts","sourceRoot":"","sources":["../../../src/hooks/before-tool-call.ts"],"names":[],"mappings":"AAgBA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAoBhD,MAAM,MAAM,kBAAkB,GAAG;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,uBAAuB,CAAC;IACzC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE;QAAE,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;IACxE,aAAa,CAAC,EAAE,CAAC,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5E,KAAK,CAAC,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;IAC9B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC9D,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,UAAU,GAAG;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAuCF,iBAAe,kBAAkB,CAC/B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CASjC;AAkCD,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,kBAAkB,IAuBhE,OAAO;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,EACjG,KAAK;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,KAC/D,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAyH9B;AAwJD,2BAA2B;AAC3B,eAAO,MAAM,SAAS;;CAAyB,CAAC"}
1
+ {"version":3,"file":"before-tool-call.d.ts","sourceRoot":"","sources":["../../../src/hooks/before-tool-call.ts"],"names":[],"mappings":"AAgBA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAkBhD,8FAA8F;AAC9F,eAAO,MAAM,gBAAgB,iBAAiB,CAAC;AAI/C,MAAM,MAAM,kBAAkB,GAAG;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,uBAAuB,CAAC;IACzC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE;QAAE,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;IACtG,aAAa,CAAC,EAAE,CAAC,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5E,KAAK,CAAC,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;IAC9B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,uBAAuB,CAAC,EAAE,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC9D,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,UAAU,GAAG;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAuCF,iBAAe,kBAAkB,CAC/B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CASjC;AAkCD,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,kBAAkB,IAuBhE,OAAO;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,EACjG,KAAK;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,KAC/D,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAwJ9B;AAwJD,2BAA2B;AAC3B,eAAO,MAAM,SAAS;;CAAyB,CAAC"}
@@ -27,8 +27,10 @@ import { getOrRefreshTIPToken } from "../services/tip-with-refresh.js";
27
27
  import { supportsSyncApproval } from "../utils/approval-channel.js";
28
28
  import { extractDelegationChainFromJwt } from "../utils/auth.js";
29
29
  import { isSubagentSessionKey, needsSenderIsolation } from "../utils/derive-session-key.js";
30
- import { LOG_PREFIX, logDebug, logWarn } from "../utils/logger.js";
30
+ import { LOG_PREFIX, logDebug, logInfo, logWarn } from "../utils/logger.js";
31
31
  import { getSender, resolveEffectiveSessionKeyForRun } from "../store/sender-session-store.js";
32
+ /** Injected into process.env / _credentialContext when a valid TIP exists for the session. */
33
+ export const VE_TIP_TOKEN_ENV = "VE_TIP_TOKEN";
32
34
  // ─── Exempt tools (bypass session + authz entirely) ──────────────────
33
35
  const IDENTITY_EXEMPT_TOOLS = new Set([
34
36
  "identity_login",
@@ -127,13 +129,24 @@ export function createBeforeToolCallHandler(deps) {
127
129
  event.toolCallId) {
128
130
  const normalizedPath = skillPathStore.normalizePathForLookup(String(pathStr ?? ""), workspaceDir);
129
131
  const spec = skillContractStore.getContractSpec(normalizedPath);
130
- if (spec && spec.bindings.length > 0) {
132
+ const skillNameForPath = skillPathStore.getSkillNameForPath(sessionKey, String(pathStr ?? ""));
133
+ if (!spec) {
134
+ logDebug(logger, `before_tool_call contract: no cached spec for normalizedPath=${normalizedPath} toolCallId=${event.toolCallId} ` +
135
+ `skillName_from_map=${skillNameForPath ?? "none"} (llm_input cache miss or path mismatch)`);
136
+ }
137
+ else if (spec.bindings.length === 0) {
138
+ logDebug(logger, `before_tool_call contract: spec for skill=${spec.skillName} has zero bindings toolCallId=${event.toolCallId}`);
139
+ }
140
+ else {
131
141
  const rendered = renderContractSection(spec.bindings);
132
142
  skillContractStore.setPending(event.toolCallId, rendered);
133
- logDebug(logger, `before_tool_call: pending contract for read toolCallId=${event.toolCallId}`);
143
+ logInfo(logger, `before_tool_call contract: pending inject skill=${spec.skillName} bindings=${spec.bindings.length} ` +
144
+ `chars=${rendered.length} toolCallId=${event.toolCallId} path=${normalizedPath}`);
134
145
  }
135
146
  }
136
147
  const exempt = isSessionExempt(toolName, params, sessionKey);
148
+ /** Reused in Phase 3 for VE_TIP_TOKEN to avoid a second getOrRefresh when the session gate already fetched TIP. */
149
+ let tipFromSessionGate = null;
137
150
  // Degraded mode: preflight detected a config problem; skip session gate + authz.
138
151
  // Credential injection (Phase 3) still runs so bound credentials remain usable.
139
152
  if (pluginState.degraded) {
@@ -142,6 +155,7 @@ export function createBeforeToolCallHandler(deps) {
142
155
  }
143
156
  else if (!exempt) {
144
157
  const tip = await getOrRefreshTIPToken(storeDir, effectiveKey, tipRefreshOptions ? { ...tipRefreshOptions, ctxAgentId: ctx.agentId } : undefined);
158
+ tipFromSessionGate = tip;
145
159
  if (!tip) {
146
160
  logDebug(logger, `session: no TIP for tool=${toolName} key=${effectiveKey}`);
147
161
  return {
@@ -175,23 +189,26 @@ export function createBeforeToolCallHandler(deps) {
175
189
  return authzBlock;
176
190
  }
177
191
  }
178
- // Phase 3: credential injection (non-subagent only)
179
- if (isSubagentSessionKey(sessionKey))
180
- return;
181
- let credentialValues;
182
- try {
183
- const creds = await resolveCredentials(storeDir, effectiveKey);
184
- if (Object.keys(creds).length > 0) {
185
- credentialValues = creds;
192
+ // Phase 3: credential env + VE_TIP_TOKEN (workload JWT when available)
193
+ const injectionTip = tipFromSessionGate ??
194
+ (await getOrRefreshTIPToken(storeDir, effectiveKey, tipRefreshOptions ? { ...tipRefreshOptions, ctxAgentId: ctx.agentId } : undefined));
195
+ const credentialValues = {};
196
+ if (!isSubagentSessionKey(sessionKey)) {
197
+ try {
198
+ const creds = await resolveCredentials(storeDir, effectiveKey);
199
+ Object.assign(credentialValues, creds);
200
+ }
201
+ catch (err) {
202
+ logWarn(logger, `credential resolve failed for key=${effectiveKey}: ${String(err)}`);
186
203
  }
187
204
  }
188
- catch (err) {
189
- logWarn(logger, `credential resolve failed for key=${effectiveKey}: ${String(err)}`);
205
+ if (injectionTip) {
206
+ credentialValues[VE_TIP_TOKEN_ENV] = injectionTip.token;
190
207
  }
191
- if (!credentialValues)
208
+ if (Object.keys(credentialValues).length === 0)
192
209
  return;
193
210
  const envKeys = Object.keys(credentialValues);
194
- logDebug(logger, `injecting ${envKeys.length} credential(s) [${envKeys.join(", ")}] ` +
211
+ logDebug(logger, `injecting env keys [${envKeys.map((k) => (k === VE_TIP_TOKEN_ENV ? `${k}=<tip>` : k)).join(", ")}] ` +
195
212
  `for tool=${toolName} run=${event.runId ?? "?"} key=${effectiveKey}`);
196
213
  await applyEnvSnapshot(credentialValues, event.runId, event.toolCallId);
197
214
  return { params: { _credentialContext: { ...credentialValues } } };
@@ -3,6 +3,8 @@ export type LlmInputHandlerDeps = {
3
3
  enabled: boolean;
4
4
  logger?: {
5
5
  debug?: (msg: string) => void;
6
+ info?: (msg: string) => void;
7
+ warn?: (msg: string) => void;
6
8
  };
7
9
  };
8
10
  export declare function createLlmInputHandler(deps: LlmInputHandlerDeps): (event: {
@@ -1 +1 @@
1
- {"version":3,"file":"llm-input.d.ts","sourceRoot":"","sources":["../../../src/hooks/llm-input.ts"],"names":[],"mappings":"AAkCA,MAAM,MAAM,mBAAmB,GAAG;IAChC,0DAA0D;IAC1D,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CAC5C,CAAC;AAEF,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,mBAAmB,IAI3D,OAAO;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,EAChD,KAAK;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,KACtE,IAAI,CA8CR"}
1
+ {"version":3,"file":"llm-input.d.ts","sourceRoot":"","sources":["../../../src/hooks/llm-input.ts"],"names":[],"mappings":"AAkCA,MAAM,MAAM,mBAAmB,GAAG;IAChC,0DAA0D;IAC1D,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CACxG,CAAC;AAEF,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,mBAAmB,IAI3D,OAAO;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,EAChD,KAAK;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,KACtE,IAAI,CA6FR"}
@@ -27,7 +27,7 @@ import * as skillPathStore from "../store/skill-path-store.js";
27
27
  import * as skillContractStore from "../store/skill-contract-store.js";
28
28
  import { freezeRun, resolveEffectiveSessionKey } from "../store/sender-session-store.js";
29
29
  import { needsSenderIsolation } from "../utils/derive-session-key.js";
30
- import { logDebug } from "../utils/logger.js";
30
+ import { logDebug, logInfo, logWarn } from "../utils/logger.js";
31
31
  import { parseIdentityBindingsFromSkillContent } from "../services/skill-contract-metadata.js";
32
32
  export function createLlmInputHandler(deps) {
33
33
  const { enabled, logger } = deps;
@@ -41,12 +41,35 @@ export function createLlmInputHandler(deps) {
41
41
  logDebug(logger, `frozen run=${event.runId} → ${effectiveKey}`);
42
42
  }
43
43
  }
44
- const pathToName = parseAvailableSkills(event.systemPrompt);
45
- if (pathToName.size === 0)
44
+ if (!event.systemPrompt || typeof event.systemPrompt !== "string") {
45
+ logDebug(logger, "llm_input: no systemPrompt; cannot parse available_skills");
46
46
  return;
47
+ }
48
+ const sp = event.systemPrompt;
49
+ const hasAvailableSkillsTag = /<available_skills/i.test(sp);
50
+ const skillXmlBlockCount = [...sp.matchAll(/<skill>[\s\S]*?<\/skill>/gi)].length;
51
+ const pathToName = parseAvailableSkills(sp);
52
+ logDebug(logger, `llm_input skill map: session=${ctx.sessionKey?.slice(0, 48) ?? "?"} ` +
53
+ `available_skills_tag=${hasAvailableSkillsTag} skill_xml_blocks=${skillXmlBlockCount} ` +
54
+ `path_pairs=${pathToName.size} skillReadCheck_store=${enabled}`);
55
+ if (pathToName.size === 0) {
56
+ if (skillXmlBlockCount > 0) {
57
+ logWarn(logger, `llm_input: found ${skillXmlBlockCount} <skill> block(s) but 0 name/location pairs — check <name> and <location> tags`);
58
+ }
59
+ else if (hasAvailableSkillsTag) {
60
+ logWarn(logger, "llm_input: <available_skills> present but no <skill>...</skill> blocks matched");
61
+ }
62
+ else {
63
+ logDebug(logger, "llm_input: no available_skills / skill entries in system prompt");
64
+ }
65
+ return;
66
+ }
47
67
  if (enabled) {
48
68
  skillPathStore.setSkillPathsForSession(ctx.sessionKey, pathToName, ctx.workspaceDir, ctx.sessionId);
49
- logDebug(logger, `llm_input parsed ${pathToName.size} skill paths for session`);
69
+ logDebug(logger, `llm_input stored ${pathToName.size} skill path(s) for authz.skillReadCheck`);
70
+ }
71
+ else {
72
+ logInfo(logger, `llm_input: ${pathToName.size} skill path(s) parsed but not stored (authz.skillReadCheck=false)`);
50
73
  }
51
74
  // Contract pre-parse: always run, independent of skillReadCheck
52
75
  for (const [rawPath, skillName] of pathToName) {
@@ -63,11 +86,14 @@ export function createLlmInputHandler(deps) {
63
86
  skillPath: normalizedPath,
64
87
  bindings,
65
88
  });
66
- logDebug(logger, `llm_input cached contract for skill=${skillName} bindings=${bindings.length}`);
89
+ logInfo(logger, `llm_input contract cache: skill=${skillName} path=${normalizedPath} identity_bindings=${bindings.length}`);
90
+ }
91
+ else {
92
+ logInfo(logger, `llm_input contract skip: skill=${skillName} path=${skillMdPath} — no openclaw.identity bindings in frontmatter`);
67
93
  }
68
94
  }
69
- catch {
70
- // File not found or read error: skip
95
+ catch (err) {
96
+ logWarn(logger, `llm_input contract skip: skill=${skillName} skillMd=${skillMdPath} error=${err instanceof Error ? err.message : String(err)}`);
71
97
  }
72
98
  }
73
99
  };
@@ -1,6 +1,7 @@
1
1
  export type ToolResultPersistDeps = {
2
2
  logger?: {
3
3
  debug?: (msg: string) => void;
4
+ info?: (msg: string) => void;
4
5
  warn?: (msg: string) => void;
5
6
  };
6
7
  };
@@ -1 +1 @@
1
- {"version":3,"file":"tool-result-persist.d.ts","sourceRoot":"","sources":["../../../src/hooks/tool-result-persist.ts"],"names":[],"mappings":"AAyBA,MAAM,MAAM,qBAAqB,GAAG;IAClC,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CAC1E,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IAAE,OAAO,CAAC,EAAE,GAAG,CAAA;CAAE,CAAC;AAExD,wBAAgB,8BAA8B,CAAC,IAAI,EAAE,qBAAqB,IAItE,OAAO;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,GAAG,CAAC;IAAC,WAAW,CAAC,EAAE,OAAO,CAAA;CAAE,EACtF,KAAK;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,KACnE,uBAAuB,GAAG,IAAI,CA6BlC"}
1
+ {"version":3,"file":"tool-result-persist.d.ts","sourceRoot":"","sources":["../../../src/hooks/tool-result-persist.ts"],"names":[],"mappings":"AAyBA,MAAM,MAAM,qBAAqB,GAAG;IAClC,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CACxG,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IAAE,OAAO,CAAC,EAAE,GAAG,CAAA;CAAE,CAAC;AAExD,wBAAgB,8BAA8B,CAAC,IAAI,EAAE,qBAAqB,IAItE,OAAO;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,GAAG,CAAC;IAAC,WAAW,CAAC,EAAE,OAAO,CAAA;CAAE,EACtF,KAAK;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,KACnE,uBAAuB,GAAG,IAAI,CAsClC"}
@@ -19,7 +19,7 @@
19
19
  */
20
20
  import * as skillContractStore from "../store/skill-contract-store.js";
21
21
  import { patchToolResultContent } from "../services/skill-contract-renderer.js";
22
- import { logDebug, logWarn } from "../utils/logger.js";
22
+ import { logDebug, logInfo, logWarn } from "../utils/logger.js";
23
23
  export function createToolResultPersistHandler(deps) {
24
24
  const { logger } = deps;
25
25
  return (event, ctx) => {
@@ -35,11 +35,14 @@ export function createToolResultPersistHandler(deps) {
35
35
  }
36
36
  const contractText = skillContractStore.consumePending(event.toolCallId);
37
37
  if (!contractText) {
38
+ logDebug(logger, `tool_result_persist: read toolCallId=${event.toolCallId} no pending contract ` +
39
+ `(before_tool_call did not queue or already consumed)`);
38
40
  return;
39
41
  }
40
42
  try {
41
43
  const modified = patchToolResultContent(event.message, contractText);
42
- logDebug(logger, `tool_result_persist: injected contract for read session=${ctx.sessionKey?.slice(0, 24)}...`);
44
+ logInfo(logger, `tool_result_persist: injected identity contract into read result toolCallId=${event.toolCallId} ` +
45
+ `contract_chars=${contractText.length} session=${ctx.sessionKey?.slice(0, 32) ?? "?"}`);
43
46
  return { message: modified };
44
47
  }
45
48
  catch (err) {
@@ -4,23 +4,35 @@
4
4
  * Runs once at plugin startup (non-blocking — register() fires-and-forgets).
5
5
  * Any failure sets pluginState.degraded = true so hooks skip all interception.
6
6
  *
7
- * Checks (all run concurrently, each with a 5 s timeout):
7
+ * If `pluginConfig` contains any string with an unrendered `${VAR}` placeholder, preflight fails
8
+ * immediately (no credential or network checks).
9
+ *
10
+ * Otherwise all checks start concurrently; the first check to finish with a failure ends preflight (single
11
+ * failure reported). If multiple checks fail, whichever completes first wins. When all succeed, every check
12
+ * must have completed. Each check uses a 5 s timeout.
8
13
  * 1. credentials — AK/SK resolvable from config/env/file/metadata
9
14
  * 2. userpool — UserPool + Client reachable (dynamic: listUserPools; explicit: OIDC discovery)
10
- * 3. workloadPool GetWorkloadAccessTokenForJWT returns a pool-level error (not just missing token)
11
- * 4. namespace — CheckPermission with dummy principal; only namespace-not-found is fatal
15
+ * 3. namespace CheckPermission with dummy principal; only namespace-not-found is fatal
12
16
  */
13
- import { type IdentityClientInterface } from "../services/identity-client.js";
14
- import type { IdentityService } from "../services/identity-service.js";
17
+ import type { IdentityClientInterface } from "../services/identity-client.js";
18
+ import type { PluginConfig } from "../types.js";
15
19
  import type { PreflightFailure } from "./plugin-state.js";
16
20
  export type PreflightResult = {
17
21
  ok: boolean;
18
22
  failures: PreflightFailure[];
19
23
  };
24
+ /**
25
+ * Returns the first `${...}` substring and its config path, or null if none.
26
+ */
27
+ export declare function findFirstUnrenderedPlaceholderInPluginConfig(cfg: PluginConfig): {
28
+ path: string;
29
+ match: string;
30
+ } | null;
20
31
  export type PreflightDeps = {
32
+ /** Full plugin config; scanned for unrendered `${VAR}` before any network checks. */
33
+ pluginConfig?: PluginConfig;
21
34
  /** Resolved identity client (real or stub). */
22
35
  identityClient: IdentityClientInterface;
23
- identityService: IdentityService;
24
36
  /** Whether identity (AK/SK/endpoint) is configured at all. */
25
37
  hasIdentity: boolean;
26
38
  /** Raw credential config for the credentials check. */
@@ -40,8 +52,6 @@ export type PreflightDeps = {
40
52
  /** explicit mode */
41
53
  discoveryUrl?: string;
42
54
  };
43
- /** workloadPool name to validate (from identity.workloadPoolName). */
44
- workloadPoolName?: string;
45
55
  /** Whether authz is enabled (agentCheck or toolCheck). */
46
56
  authzEnabled?: boolean;
47
57
  /** Namespace name for the namespace check. */
@@ -1 +1 @@
1
- {"version":3,"file":"plugin-preflight.d.ts","sourceRoot":"","sources":["../../../src/preflight/plugin-preflight.ts"],"names":[],"mappings":"AAgBA;;;;;;;;;;;GAWG;AAEH,OAAO,EAA2B,KAAK,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AACvG,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAGvE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAI1D,MAAM,MAAM,eAAe,GAAG;IAC5B,EAAE,EAAE,OAAO,CAAC;IACZ,QAAQ,EAAE,gBAAgB,EAAE,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,+CAA+C;IAC/C,cAAc,EAAE,uBAAuB,CAAC;IACxC,eAAe,EAAE,eAAe,CAAC;IACjC,8DAA8D;IAC9D,WAAW,EAAE,OAAO,CAAC;IACrB,uDAAuD;IACvD,gBAAgB,CAAC,EAAE;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,sBAAsB,CAAC,EAAE,MAAM,CAAC;QAChC,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,0CAA0C;IAC1C,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,SAAS,GAAG,UAAU,CAAC;QAC7B,mBAAmB;QACnB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,oBAAoB;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,sEAAsE;IACtE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,0DAA0D;IAC1D,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,8CAA8C;IAC9C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CACzE,CAAC;AAgNF,wBAAsB,kBAAkB,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,eAAe,CAAC,CA6BtF"}
1
+ {"version":3,"file":"plugin-preflight.d.ts","sourceRoot":"","sources":["../../../src/preflight/plugin-preflight.ts"],"names":[],"mappings":"AAgBA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AAG9E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,KAAK,EAAsB,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAO9E,MAAM,MAAM,eAAe,GAAG;IAC5B,EAAE,EAAE,OAAO,CAAC;IACZ,QAAQ,EAAE,gBAAgB,EAAE,CAAC;CAC9B,CAAC;AAEF;;GAEG;AACH,wBAAgB,4CAA4C,CAC1D,GAAG,EAAE,YAAY,GAChB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CA0BxC;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,qFAAqF;IACrF,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,+CAA+C;IAC/C,cAAc,EAAE,uBAAuB,CAAC;IACxC,8DAA8D;IAC9D,WAAW,EAAE,OAAO,CAAC;IACrB,uDAAuD;IACvD,gBAAgB,CAAC,EAAE;QACjB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,sBAAsB,CAAC,EAAE,MAAM,CAAC;QAChC,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,0CAA0C;IAC1C,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,SAAS,GAAG,UAAU,CAAC;QAC7B,mBAAmB;QACnB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,oBAAoB;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,0DAA0D;IAC1D,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,8CAA8C;IAC9C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;KAAE,CAAC;CACzE,CAAC;AA4JF,wBAAsB,kBAAkB,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,eAAe,CAAC,CAkEtF"}
@@ -13,22 +13,45 @@
13
13
  * See the License for the specific language governing permissions and
14
14
  * limitations under the License.
15
15
  */
16
- /**
17
- * Plugin preflight checks.
18
- *
19
- * Runs once at plugin startup (non-blocking — register() fires-and-forgets).
20
- * Any failure sets pluginState.degraded = true so hooks skip all interception.
21
- *
22
- * Checks (all run concurrently, each with a 5 s timeout):
23
- * 1. credentials — AK/SK resolvable from config/env/file/metadata
24
- * 2. userpool — UserPool + Client reachable (dynamic: listUserPools; explicit: OIDC discovery)
25
- * 3. workloadPool — GetWorkloadAccessTokenForJWT returns a pool-level error (not just missing token)
26
- * 4. namespace — CheckPermission with dummy principal; only namespace-not-found is fatal
27
- */
28
- import { isWorkloadNotFoundError } from "../services/identity-client.js";
29
16
  import { loadIdentityCredentials } from "../services/identity-credentials.js";
30
17
  import { fetchOIDCDiscovery } from "../services/oidc-client.js";
31
- const PREFLIGHT_TIMEOUT_MS = 30_000;
18
+ /** Matches `${NAME}` style placeholders that were not substituted by env rendering. */
19
+ const UNRENDERED_ENV_PLACEHOLDER = /\$\{[^}]+\}/;
20
+ const PREFLIGHT_TIMEOUT_MS = 5_000;
21
+ /**
22
+ * Returns the first `${...}` substring and its config path, or null if none.
23
+ */
24
+ export function findFirstUnrenderedPlaceholderInPluginConfig(cfg) {
25
+ function walk(node, path) {
26
+ if (node === null || node === undefined)
27
+ return null;
28
+ if (typeof node === "string") {
29
+ const m = node.match(UNRENDERED_ENV_PLACEHOLDER);
30
+ if (m?.[0])
31
+ return { path: path || "(root)", match: m[0] };
32
+ return null;
33
+ }
34
+ if (Array.isArray(node)) {
35
+ for (let i = 0; i < node.length; i++) {
36
+ const p = path ? `${path}[${i}]` : `[${i}]`;
37
+ const hit = walk(node[i], p);
38
+ if (hit)
39
+ return hit;
40
+ }
41
+ return null;
42
+ }
43
+ if (typeof node === "object") {
44
+ for (const [k, v] of Object.entries(node)) {
45
+ const next = path ? `${path}.${k}` : k;
46
+ const hit = walk(v, next);
47
+ if (hit)
48
+ return hit;
49
+ }
50
+ }
51
+ return null;
52
+ }
53
+ return walk(cfg, "");
54
+ }
32
55
  /** Wrap a promise with a timeout; resolves to Error on timeout. */
33
56
  function withTimeout(promise, ms) {
34
57
  return Promise.race([
@@ -42,13 +65,10 @@ function errMsg(err) {
42
65
  return err.message;
43
66
  return String(err);
44
67
  }
45
- /** True when the error message indicates a resource-not-found at the pool/namespace level. */
46
- function isPoolOrNamespaceNotFound(msg) {
68
+ /** True when the error message indicates permission namespace not found. */
69
+ function isPermissionNamespaceNotFound(msg) {
47
70
  const lower = msg.toLowerCase();
48
- return (lower.includes("workloadpoolnotfound") ||
49
- lower.includes("workloadpool not found") ||
50
- lower.includes("workload_pool_not_found") ||
51
- lower.includes("namespacenotfound") ||
71
+ return (lower.includes("namespacenotfound") ||
52
72
  lower.includes("namespace not found") ||
53
73
  lower.includes("policynamespacenotexist") ||
54
74
  lower.includes("namespace_not_found"));
@@ -135,55 +155,6 @@ async function checkUserpool(deps) {
135
155
  return { check: "userpool", reason: `UserPool check failed: ${msg}` };
136
156
  }
137
157
  }
138
- async function checkWorkloadPool(deps) {
139
- if (!deps.hasIdentity)
140
- return null;
141
- // Only check if workloadPoolName is explicitly configured (non-default)
142
- const poolName = deps.workloadPoolName;
143
- if (!poolName || poolName === "default")
144
- return null;
145
- // There is no dedicated GetWorkloadPool API; probe by calling
146
- // GetWorkloadAccessTokenForJWT with a dummy token and catching pool-level errors.
147
- try {
148
- const result = await withTimeout(deps.identityService.getWorkloadAccessToken({
149
- userToken: "__preflight_probe__",
150
- workloadName: "__preflight__",
151
- }), PREFLIGHT_TIMEOUT_MS);
152
- if (result instanceof Error) {
153
- const msg = result.message;
154
- if (isPoolOrNamespaceNotFound(msg)) {
155
- return {
156
- check: "workloadPool",
157
- reason: `WorkloadPool '${poolName}' not found: ${msg}`,
158
- };
159
- }
160
- else if (isWorkloadNotFoundError(result)) {
161
- return {
162
- check: "workloadPool",
163
- reason: `WorkloadPool '${poolName}' not found: ${msg}`,
164
- };
165
- }
166
- // Timeout or other transient error — not fatal for preflight
167
- return null;
168
- }
169
- return null;
170
- }
171
- catch (err) {
172
- const msg = errMsg(err);
173
- if (isPoolOrNamespaceNotFound(msg)) {
174
- return {
175
- check: "workloadPool",
176
- reason: `WorkloadPool '${poolName}' not found: ${msg}`,
177
- };
178
- }
179
- return {
180
- check: "workloadPool",
181
- reason: `WorkloadPool '${poolName}' not found: ${msg}`,
182
- };
183
- // Any other error (invalid token, etc.) is expected for a dummy probe — not fatal
184
- return null;
185
- }
186
- }
187
158
  async function checkNamespace(deps) {
188
159
  if (!deps.authzEnabled || !deps.namespaceName)
189
160
  return null;
@@ -198,7 +169,7 @@ async function checkNamespace(deps) {
198
169
  }), PREFLIGHT_TIMEOUT_MS);
199
170
  if (result instanceof Error) {
200
171
  const msg = result.message;
201
- if (isPoolOrNamespaceNotFound(msg)) {
172
+ if (isPermissionNamespaceNotFound(msg)) {
202
173
  return {
203
174
  check: "namespace",
204
175
  reason: `Permission namespace '${ns}' not found: ${msg}`,
@@ -210,7 +181,7 @@ async function checkNamespace(deps) {
210
181
  }
211
182
  catch (err) {
212
183
  const msg = errMsg(err);
213
- if (isPoolOrNamespaceNotFound(msg)) {
184
+ if (isPermissionNamespaceNotFound(msg)) {
214
185
  return {
215
186
  check: "namespace",
216
187
  reason: `Permission namespace '${ns}' not found: ${msg}`,
@@ -223,27 +194,60 @@ async function checkNamespace(deps) {
223
194
  // ─── Main entry ───────────────────────────────────────────────────────────────
224
195
  export async function runPluginPreflight(deps) {
225
196
  const logger = deps.logger;
226
- const results = await Promise.allSettled([
227
- checkCredentials(deps),
228
- checkUserpool(deps),
229
- checkWorkloadPool(deps),
230
- checkNamespace(deps),
231
- ]);
232
- const failures = [];
233
- for (const r of results) {
234
- if (r.status === "fulfilled" && r.value !== null) {
235
- failures.push(r.value);
236
- }
237
- else if (r.status === "rejected") {
238
- // Unexpected: each check catches its own errors
239
- failures.push({ check: "credentials", reason: `Unexpected preflight error: ${errMsg(r.reason)}` });
240
- }
241
- }
242
- if (failures.length > 0) {
197
+ const warnFailed = (failures) => {
243
198
  logger?.warn?.(`[identity] preflight failed (${failures.length} issue(s)): ${failures.map((f) => `${f.check}: ${f.reason}`).join(" | ")}`);
199
+ };
200
+ if (deps.pluginConfig) {
201
+ const hit = findFirstUnrenderedPlaceholderInPluginConfig(deps.pluginConfig);
202
+ if (hit) {
203
+ const failures = [
204
+ {
205
+ check: "unrenderedEnv",
206
+ reason: `Configuration contains an unrendered environment variable placeholder ${hit.match} at ${hit.path}`,
207
+ },
208
+ ];
209
+ warnFailed(failures);
210
+ return { ok: false, failures };
211
+ }
244
212
  }
245
- else {
246
- logger?.info?.("[identity] preflight passed");
247
- }
248
- return { ok: failures.length === 0, failures };
213
+ const steps = [
214
+ { name: "credentials", run: () => checkCredentials(deps) },
215
+ { name: "userpool", run: () => checkUserpool(deps) },
216
+ { name: "namespace", run: () => checkNamespace(deps) },
217
+ ];
218
+ return new Promise((resolve) => {
219
+ let pending = steps.length;
220
+ let settled = false;
221
+ const finishOk = () => {
222
+ if (settled)
223
+ return;
224
+ settled = true;
225
+ logger?.info?.("[identity] preflight passed");
226
+ resolve({ ok: true, failures: [] });
227
+ };
228
+ const finishFail = (failures) => {
229
+ if (settled)
230
+ return;
231
+ settled = true;
232
+ warnFailed(failures);
233
+ resolve({ ok: false, failures });
234
+ };
235
+ for (const { name, run } of steps) {
236
+ run()
237
+ .then((failure) => {
238
+ if (settled)
239
+ return;
240
+ if (failure !== null) {
241
+ finishFail([failure]);
242
+ return;
243
+ }
244
+ pending -= 1;
245
+ if (pending === 0)
246
+ finishOk();
247
+ })
248
+ .catch((err) => {
249
+ finishFail([{ check: name, reason: `Unexpected preflight error: ${errMsg(err)}` }]);
250
+ });
251
+ }
252
+ });
249
253
  }
@@ -3,7 +3,7 @@
3
3
  * Written once by the preflight check; read by hooks to decide whether to
4
4
  * skip interception (degraded mode).
5
5
  */
6
- export type PreflightCheckName = "credentials" | "userpool" | "workloadPool" | "namespace";
6
+ export type PreflightCheckName = "unrenderedEnv" | "credentials" | "userpool" | "namespace";
7
7
  export type PreflightFailure = {
8
8
  check: PreflightCheckName;
9
9
  reason: string;
@@ -1 +1 @@
1
- {"version":3,"file":"plugin-state.d.ts","sourceRoot":"","sources":["../../../src/preflight/plugin-state.ts"],"names":[],"mappings":"AAgBA;;;;GAIG;AAEH,MAAM,MAAM,kBAAkB,GAAG,aAAa,GAAG,UAAU,GAAG,cAAc,GAAG,WAAW,CAAC;AAE3F,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,kBAAkB,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,yEAAyE;IACzE,QAAQ,EAAE,OAAO,CAAC;IAClB,iEAAiE;IACjE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;CAC9B,CAAC;AAEF,eAAO,MAAM,WAAW,EAAE,WAGzB,CAAC"}
1
+ {"version":3,"file":"plugin-state.d.ts","sourceRoot":"","sources":["../../../src/preflight/plugin-state.ts"],"names":[],"mappings":"AAgBA;;;;GAIG;AAEH,MAAM,MAAM,kBAAkB,GAC1B,eAAe,GACf,aAAa,GACb,UAAU,GACV,WAAW,CAAC;AAEhB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,kBAAkB,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,yEAAyE;IACzE,QAAQ,EAAE,OAAO,CAAC;IAClB,iEAAiE;IACjE,QAAQ,EAAE,gBAAgB,EAAE,CAAC;CAC9B,CAAC;AAEF,eAAO,MAAM,WAAW,EAAE,WAGzB,CAAC"}
@@ -22,7 +22,6 @@ export type GetWorkloadAccessTokenForJWTResult = {
22
22
  workloadAccessToken: string;
23
23
  expiresAt: string;
24
24
  };
25
- export declare function isWorkloadNotFoundError(err: unknown): boolean;
26
25
  export type IdentityClientConfig = {
27
26
  /**
28
27
  * Identity API base URL. Highest priority.
@@ -1 +1 @@
1
- {"version":3,"file":"identity-client.d.ts","sourceRoot":"","sources":["../../../src/services/identity-client.ts"],"names":[],"mappings":"AAgBA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAQrE,YAAY,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAEpE,MAAM,MAAM,kCAAkC,GAAG;IAC/C,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,kCAAkC,GAAG;IAC/C,mBAAmB,EAAE,MAAM,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAG7D;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,uEAAuE;IACvE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,yEAAyE;IACzE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,2HAA2H;IAC3H,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,qGAAqG;IACrG,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,2EAA2E;IAC3E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mFAAmF;IACnF,iBAAiB,CAAC,EAAE,MAAM,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACvD,6CAA6C;IAC7C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yGAAyG;IACzG,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,CAAC,EAAE,iBAAiB,GAAG,KAAK,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,uCAAuC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,uCAAuC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,GAAG,QAAQ,CAAC;IAC3B,IAAI,CAAC,EAAE,iBAAiB,GAAG,KAAK,CAAC;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,6BAA6B,GAAG;IAC1C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAC9F,CAAC;AAEF,MAAM,MAAM,6BAA6B,GAAG;IAC1C,mBAAmB,CAAC,EAAE,sBAAsB,EAAE,CAAC;IAC/C,IAAI,CAAC,EAAE,sBAAsB,EAAE,CAAC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,yEAAyE;AACzE,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1F,SAAS,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACnC,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,YAAY,CAAC,EAAE,wBAAwB,CAAC;IACxC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,4BAA4B,CAAC;CACvC,CAAC;AAEF,MAAM,MAAM,iCAAiC,GAAG;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0EAA0E;IAC1E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8EAA8E;IAC9E,MAAM,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAC9C,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,iCAAiC,GAAG;IAC9C,uBAAuB,EAAE,sBAAsB,EAAE,CAAC;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,WAAW,EAAE,iBAAiB,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IACrC,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,+DAA+D;IAC/D,eAAe,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAClD,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,wCAAwC;AACxC,MAAM,MAAM,QAAQ,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtD,iDAAiD;AACjD,MAAM,MAAM,aAAa,GAAG;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEhE,oDAAoD;AACpD,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,EAAE,CAAC;CAClD,CAAC;AAEF,0DAA0D;AAC1D,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,4BAA4B,CAAC,EAAE,OAAO,CAAC;IACvC,8BAA8B,CAAC,EAAE,OAAO,CAAC;IACzC,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,4BAA4B,CAAC,EAAE,OAAO,CAAC;IACvC,yBAAyB,CAAC,EAAE,OAAO,CAAC;IACpC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,wDAAwD;AACxD,MAAM,MAAM,YAAY,GAAG;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB,CAAC;AAEF,2CAA2C;AAC3C,MAAM,MAAM,aAAa,GAAG;IAAE,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzD,qDAAqD;AACrD,MAAM,MAAM,kBAAkB,GAAG;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF,4EAA4E;AAC5E,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,gDAAgD;AAChD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,oDAAoD;AACpD,MAAM,MAAM,sBAAsB,GAAG;IACnC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAAE,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC;AAExD,MAAM,MAAM,2BAA2B,GAAG;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,cAAc,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACrD,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,2BAA2B,GAAG;IACxC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,wBAAwB,EAAE,CAAC;CAClC,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,gBAAgB,EAAE,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,8BAA8B,CAAC,EAAE,OAAO,CAAC;IACzC,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC;IAClB,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,4BAA4B,CAAC,EAAE,OAAO,CAAC;IACvC,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,4BAA4B,CAAC,EAAE,OAAO,CAAC;IACvC,yBAAyB,CAAC,EAAE,OAAO,CAAC;IACpC,KAAK,CAAC,EAAE,aAAa,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,sBAAsB,EAAE,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,sDAAsD;IACtD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wFAAwF;IACxF,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AA+EF,MAAM,WAAW,uBAAuB;IACtC,4BAA4B,CAC1B,MAAM,EAAE,kCAAkC,GACzC,OAAO,CAAC,kCAAkC,CAAC,CAAC;IAC/C,sBAAsB,CACpB,MAAM,EAAE,4BAA4B,GACnC,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACzC,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC5E,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACrF,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACrF,eAAe,CAAC,MAAM,EAAE,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAC/E,uBAAuB,CACrB,MAAM,EAAE,6BAA6B,GACpC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAC1C,2BAA2B,CACzB,MAAM,EAAE,iCAAiC,GACxC,OAAO,CAAC,iCAAiC,CAAC,CAAC;IAC9C,kBAAkB,CAAC,MAAM,EAAE,wBAAwB,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAAC;IACxF,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACnE,qBAAqB,CACnB,MAAM,EAAE,2BAA2B,GAClC,OAAO,CAAC,2BAA2B,CAAC,CAAC;IACxC,aAAa,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACzE,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACzE,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACrF,mBAAmB,CAAC,MAAM,EAAE,yBAAyB,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAAC;IAC3F,oBAAoB,CAAC,MAAM,EAAE,0BAA0B,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;CAC5F;AAED;;;GAGG;AACH,qBAAa,cAAe,YAAW,uBAAuB;IAGhD,OAAO,CAAC,QAAQ,CAAC,MAAM;IAFnC,OAAO,CAAC,oBAAoB,CAAgC;gBAE/B,MAAM,EAAE,oBAAoB;IAEzD,OAAO,CAAC,mBAAmB;YAUb,oBAAoB;YAMpB,kBAAkB;IAqB1B,4BAA4B,CAChC,MAAM,EAAE,kCAAkC,GACzC,OAAO,CAAC,kCAAkC,CAAC;YA0ChC,sBAAsB;IAuBpC;;;OAGG;YACW,UAAU;IA+DlB,sBAAsB,CAC1B,MAAM,EAAE,4BAA4B,GACnC,OAAO,CAAC,4BAA4B,CAAC;IAyBlC,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAiB3E,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAmBpF,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAsBpF,eAAe,CAAC,MAAM,EAAE,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAkB9E,uBAAuB,CAC3B,MAAM,EAAE,6BAA6B,GACpC,OAAO,CAAC,6BAA6B,CAAC;IA8BnC,2BAA2B,CAC/B,MAAM,EAAE,iCAAiC,GACxC,OAAO,CAAC,iCAAiC,CAAC;IAiDvC,kBAAkB,CAAC,MAAM,EAAE,wBAAwB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAiCvF,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IASlE,qBAAqB,CACzB,MAAM,EAAE,2BAA2B,GAClC,OAAO,CAAC,2BAA2B,CAAC;IAmCjC,aAAa,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAkDxE,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAyBxE,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAYpF,mBAAmB,CAAC,MAAM,EAAE,yBAAyB,GAAG,OAAO,CAAC,yBAAyB,CAAC;IAoC1F,oBAAoB,CAAC,MAAM,EAAE,0BAA0B,GAAG,OAAO,CAAC,uBAAuB,CAAC;CAmBjG;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,uBAAuB,EAC/B,MAAM,EAAE,uBAAuB,GAC9B,OAAO,CAAC,kBAAkB,CAAC,CAgH7B"}
1
+ {"version":3,"file":"identity-client.d.ts","sourceRoot":"","sources":["../../../src/services/identity-client.ts"],"names":[],"mappings":"AAgBA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAQrE,YAAY,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAEpE,MAAM,MAAM,kCAAkC,GAAG;IAC/C,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,kCAAkC,GAAG;IAC/C,mBAAmB,EAAE,MAAM,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAOF,MAAM,MAAM,oBAAoB,GAAG;IACjC;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,uEAAuE;IACvE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,yEAAyE;IACzE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,2HAA2H;IAC3H,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,qGAAqG;IACrG,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,2EAA2E;IAC3E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mFAAmF;IACnF,iBAAiB,CAAC,EAAE,MAAM,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACvD,6CAA6C;IAC7C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yGAAyG;IACzG,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,CAAC,EAAE,iBAAiB,GAAG,KAAK,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,uCAAuC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,uCAAuC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,GAAG,QAAQ,CAAC;IAC3B,IAAI,CAAC,EAAE,iBAAiB,GAAG,KAAK,CAAC;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,6BAA6B,GAAG;IAC1C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAC9F,CAAC;AAEF,MAAM,MAAM,6BAA6B,GAAG;IAC1C,mBAAmB,CAAC,EAAE,sBAAsB,EAAE,CAAC;IAC/C,IAAI,CAAC,EAAE,sBAAsB,EAAE,CAAC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,yEAAyE;AACzE,MAAM,MAAM,wBAAwB,GAAG;IACrC,QAAQ,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1F,SAAS,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACnC,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,YAAY,CAAC,EAAE,wBAAwB,CAAC;IACxC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,4BAA4B,CAAC;CACvC,CAAC;AAEF,MAAM,MAAM,iCAAiC,GAAG;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0EAA0E;IAC1E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8EAA8E;IAC9E,MAAM,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAC9C,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,iCAAiC,GAAG;IAC9C,uBAAuB,EAAE,sBAAsB,EAAE,CAAC;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,WAAW,EAAE,iBAAiB,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IACrC,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,+DAA+D;IAC/D,eAAe,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAClD,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,wCAAwC;AACxC,MAAM,MAAM,QAAQ,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtD,iDAAiD;AACjD,MAAM,MAAM,aAAa,GAAG;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEhE,oDAAoD;AACpD,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,EAAE,CAAC;CAClD,CAAC;AAEF,0DAA0D;AAC1D,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,4BAA4B,CAAC,EAAE,OAAO,CAAC;IACvC,8BAA8B,CAAC,EAAE,OAAO,CAAC;IACzC,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,4BAA4B,CAAC,EAAE,OAAO,CAAC;IACvC,yBAAyB,CAAC,EAAE,OAAO,CAAC;IACpC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,wDAAwD;AACxD,MAAM,MAAM,YAAY,GAAG;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB,CAAC;AAEF,2CAA2C;AAC3C,MAAM,MAAM,aAAa,GAAG;IAAE,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzD,qDAAqD;AACrD,MAAM,MAAM,kBAAkB,GAAG;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF,4EAA4E;AAC5E,MAAM,MAAM,uBAAuB,GAAG;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,gDAAgD;AAChD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,oDAAoD;AACpD,MAAM,MAAM,sBAAsB,GAAG;IACnC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAAE,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC;AAExD,MAAM,MAAM,2BAA2B,GAAG;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,cAAc,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACrD,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,2BAA2B,GAAG;IACxC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,wBAAwB,EAAE,CAAC;CAClC,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,gBAAgB,EAAE,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,8BAA8B,CAAC,EAAE,OAAO,CAAC;IACzC,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,wBAAwB,CAAC,EAAE,MAAM,EAAE,CAAC;IACpC,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC;IAClB,6BAA6B,CAAC,EAAE,OAAO,CAAC;IACxC,4BAA4B,CAAC,EAAE,OAAO,CAAC;IACvC,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,4BAA4B,CAAC,EAAE,OAAO,CAAC;IACvC,yBAAyB,CAAC,EAAE,OAAO,CAAC;IACpC,KAAK,CAAC,EAAE,aAAa,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,sBAAsB,EAAE,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,sDAAsD;IACtD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wFAAwF;IACxF,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AA+EF,MAAM,WAAW,uBAAuB;IACtC,4BAA4B,CAC1B,MAAM,EAAE,kCAAkC,GACzC,OAAO,CAAC,kCAAkC,CAAC,CAAC;IAC/C,sBAAsB,CACpB,MAAM,EAAE,4BAA4B,GACnC,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACzC,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC5E,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACrF,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACrF,eAAe,CAAC,MAAM,EAAE,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAC/E,uBAAuB,CACrB,MAAM,EAAE,6BAA6B,GACpC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAC1C,2BAA2B,CACzB,MAAM,EAAE,iCAAiC,GACxC,OAAO,CAAC,iCAAiC,CAAC,CAAC;IAC9C,kBAAkB,CAAC,MAAM,EAAE,wBAAwB,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAAC;IACxF,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACnE,qBAAqB,CACnB,MAAM,EAAE,2BAA2B,GAClC,OAAO,CAAC,2BAA2B,CAAC,CAAC;IACxC,aAAa,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACzE,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACzE,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IACrF,mBAAmB,CAAC,MAAM,EAAE,yBAAyB,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAAC;IAC3F,oBAAoB,CAAC,MAAM,EAAE,0BAA0B,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;CAC5F;AAED;;;GAGG;AACH,qBAAa,cAAe,YAAW,uBAAuB;IAGhD,OAAO,CAAC,QAAQ,CAAC,MAAM;IAFnC,OAAO,CAAC,oBAAoB,CAAgC;gBAE/B,MAAM,EAAE,oBAAoB;IAEzD,OAAO,CAAC,mBAAmB;YAUb,oBAAoB;YAMpB,kBAAkB;IAqB1B,4BAA4B,CAChC,MAAM,EAAE,kCAAkC,GACzC,OAAO,CAAC,kCAAkC,CAAC;YA0ChC,sBAAsB;IAuBpC;;;OAGG;YACW,UAAU;IA+DlB,sBAAsB,CAC1B,MAAM,EAAE,4BAA4B,GACnC,OAAO,CAAC,4BAA4B,CAAC;IAyBlC,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAiB3E,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAmBpF,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAsBpF,eAAe,CAAC,MAAM,EAAE,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAkB9E,uBAAuB,CAC3B,MAAM,EAAE,6BAA6B,GACpC,OAAO,CAAC,6BAA6B,CAAC;IA8BnC,2BAA2B,CAC/B,MAAM,EAAE,iCAAiC,GACxC,OAAO,CAAC,iCAAiC,CAAC;IAiDvC,kBAAkB,CAAC,MAAM,EAAE,wBAAwB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAiCvF,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IASlE,qBAAqB,CACzB,MAAM,EAAE,2BAA2B,GAClC,OAAO,CAAC,2BAA2B,CAAC;IAmCjC,aAAa,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAkDxE,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAyBxE,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAYpF,mBAAmB,CAAC,MAAM,EAAE,yBAAyB,GAAG,OAAO,CAAC,yBAAyB,CAAC;IAoC1F,oBAAoB,CAAC,MAAM,EAAE,0BAA0B,GAAG,OAAO,CAAC,uBAAuB,CAAC;CAmBjG;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,uBAAuB,EAC/B,MAAM,EAAE,uBAAuB,GAC9B,OAAO,CAAC,kBAAkB,CAAC,CAgH7B"}
@@ -17,7 +17,7 @@ import { loadIdentityCredentials } from "./identity-credentials.js";
17
17
  import { canonicalQueryString, signRequest } from "../utils/sts-signer.js";
18
18
  import { resolveIdentityApiEndpoint, signingRegionFromIdentityEndpoint, } from "../utils/resolve-identity-endpoint.js";
19
19
  export { loadIdentityCredentials } from "./identity-credentials.js";
20
- export function isWorkloadNotFoundError(err) {
20
+ function isWorkloadNotFoundError(err) {
21
21
  const msg = err instanceof Error ? err.message : String(err);
22
22
  return /404|NotFound/i.test(msg);
23
23
  }
@@ -1 +1 @@
1
- {"version":3,"file":"skill-contract-renderer.d.ts","sourceRoot":"","sources":["../../../src/services/skill-contract-renderer.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAMtE,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAwF3E;AAID,KAAK,YAAY,GAAG;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB,CAAC;AAEF,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,YAAY,EACrB,YAAY,EAAE,MAAM,GACnB,YAAY,CAgCd"}
1
+ {"version":3,"file":"skill-contract-renderer.d.ts","sourceRoot":"","sources":["../../../src/services/skill-contract-renderer.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAMtE,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAyG3E;AAID,KAAK,YAAY,GAAG;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB,CAAC;AAEF,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,YAAY,EACrB,YAAY,EAAE,MAAM,GACnB,YAAY,CAgCd"}
@@ -40,10 +40,10 @@ export function renderContractSection(bindings) {
40
40
  oauthLines.push(`- Call \`identity_fetch(provider="${b.provider}", flow="${flow}", returnValue=true)\`.`, ` Map access token to env: \`${b.env}\`.`, b.required ? ` Required: if fetch fails, do not continue.` : "");
41
41
  }
42
42
  else if (b.type === "tip") {
43
- tipLines.push(`- Call \`identity_get_tip_token()\`.`, ` Map result field \`tipToken\` to env: \`${b.env}\`.`, b.required ? ` Required: if the call fails, do not continue with private API calls.` : "");
43
+ tipLines.push(`- Call \`identity_get_tip_token()\`.`, ` Map result field \`tipToken\` to env: \`${b.env}\`.`, ` Use \`issuedAt\` and \`expiresAt\` (Unix ms) from the same response; do not reuse a value past \`expiresAt\`.`, b.required ? ` Required: if the call fails, do not continue with private API calls.` : "");
44
44
  }
45
45
  else if (b.type === "user") {
46
- userSessionLines.push(`- Call \`identity_get_session_token()\`.`, ` Map result field \`sessionIdToken\` (OIDC id_token) to env: \`${b.env}\`.`, b.required ? ` Required: if the call fails, do not continue.` : "");
46
+ userSessionLines.push(`- Call \`identity_get_session_token()\`.`, ` Map result field \`sessionIdToken\` (OIDC id_token) to env: \`${b.env}\`.`, ` Id tokens expire; if the call fails or downstream APIs return 401, ensure the user session is valid (e.g. \`/identity login\`) then call again.`, b.required ? ` Required: if the call fails, do not continue.` : "");
47
47
  }
48
48
  }
49
49
  const sections = [];
@@ -57,10 +57,18 @@ export function renderContractSection(bindings) {
57
57
  sections.push("**OAuth**\n" + oauthLines.filter(Boolean).join("\n"));
58
58
  }
59
59
  if (tipLines.length) {
60
- sections.push("**TIP (workload token)**\n" + tipLines.filter(Boolean).join("\n"));
60
+ sections.push("**TIP (workload token)**\n" +
61
+ tipLines.filter(Boolean).join("\n") +
62
+ "\n\n" +
63
+ "**TIP lifecycle:** The workload JWT is short-lived. Prefer calling `identity_get_tip_token()` immediately before private API calls when " +
64
+ "expiry is unknown or near. If a downstream API returns 401, 403, or invalid/expired token errors, call `identity_get_tip_token()` again, " +
65
+ "update env, and retry the request once before treating it as a hard failure.");
61
66
  }
62
67
  if (userSessionLines.length) {
63
- sections.push("**User session (OIDC id_token)**\n" + userSessionLines.filter(Boolean).join("\n"));
68
+ sections.push("**User session (OIDC id_token)**\n" +
69
+ userSessionLines.filter(Boolean).join("\n") +
70
+ "\n\n" +
71
+ "**Session token lifecycle:** OIDC id_tokens expire. After login issues are resolved, call `identity_get_session_token()` again before retrying private APIs.");
64
72
  }
65
73
  const executionFlow = sections.length
66
74
  ? sections.join("\n\n")
@@ -74,6 +82,7 @@ export function renderContractSection(bindings) {
74
82
  - Never ask users to provide credentials manually.
75
83
  - Never print credential values (AccessKeyId, SecretAccessKey, SessionToken, tokens) in chat output.
76
84
  - Never put secrets directly into command strings.
85
+ - JWTs (TIP workload token, OIDC id_token) are short-lived: use tool-returned expiry fields and refresh via the same identity tools instead of assuming a token lasts for the whole task.
77
86
 
78
87
  ### Execution Flow
79
88
  ${executionFlow}
@@ -81,6 +90,8 @@ ${executionFlow}
81
90
  ### Failure Handling
82
91
  - If a required credential fetch fails, do not continue with private API calls.
83
92
  - If the execution tool does not support secure env injection, stop and report unsupported secure runtime.
93
+ - After **TIP** (\`identity_get_tip_token\`) was used: on downstream 401/403 or token errors, obtain a fresh \`tipToken\` and retry the API once before surfacing a user-visible error.
94
+ - After **user session** (\`identity_get_session_token\`) was used: on 401 from downstream, verify login state (\`/identity login\` / \`/identity status\`) then retry the session token call.
84
95
  `;
85
96
  }
86
97
  export function patchToolResultContent(message, contractText) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@m1a0rz/agent-identity",
3
- "version": "0.4.5",
3
+ "version": "0.4.6",
4
4
  "description": "Agent Identity: UserPool (用户池) login, TIP token (工作负载令牌), credential hosting (凭据托管 OAuth2/API key), optional tool/skill permission control (CheckPermission) and risk approval. Integrates with Volcengine 智能体身份和权限管理平台.",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",