@mantyx/sdk 0.10.0 → 0.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/CHANGELOG.md +2 -2
  2. package/README.md +37 -31
  3. package/dist/a2a-server.d.cts +1 -1
  4. package/dist/a2a-server.d.ts +1 -1
  5. package/dist/{client-DHwh8MPj.d.cts → client-CZUVldDx.d.cts} +45 -84
  6. package/dist/{client-DHwh8MPj.d.ts → client-CZUVldDx.d.ts} +45 -84
  7. package/dist/index.cjs +8 -70
  8. package/dist/index.cjs.map +1 -1
  9. package/dist/index.d.cts +2 -2
  10. package/dist/index.d.ts +2 -2
  11. package/dist/index.js +8 -68
  12. package/dist/index.js.map +1 -1
  13. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -48,7 +48,6 @@ __export(index_exports, {
48
48
  defineLocalA2A: () => defineLocalA2A,
49
49
  defineLocalMcp: () => defineLocalMcp,
50
50
  defineLocalTool: () => defineLocalTool,
51
- generatePkceVerifier: () => generatePkceVerifier,
52
51
  isLocalA2ATool: () => isLocalA2ATool,
53
52
  isLocalMcpServer: () => isLocalMcpServer,
54
53
  isLocalTool: () => isLocalTool,
@@ -57,7 +56,6 @@ __export(index_exports, {
57
56
  mantyxPluginTool: () => mantyxPluginTool,
58
57
  mantyxTool: () => mantyxTool,
59
58
  parseRunOutput: () => parseRunOutput,
60
- pkceChallenge: () => pkceChallenge,
61
59
  readSseStream: () => readSseStream,
62
60
  toToolParametersWire: () => toToolParametersWire,
63
61
  zodToJsonSchema: () => zodToJsonSchema
@@ -1423,8 +1421,6 @@ function parseRequiredScopes(bodyRequired, wwwAuthenticate) {
1423
1421
  }
1424
1422
 
1425
1423
  // src/oauth.ts
1426
- var import_node_buffer = require("buffer");
1427
- var import_node_crypto = require("crypto");
1428
1424
  var DEFAULT_OAUTH_BASE_URL = "https://app.mantyx.io";
1429
1425
  var DEFAULT_REFRESH_SKEW_MS = 6e4;
1430
1426
  var MantyxOAuthError = class extends MantyxError {
@@ -1463,26 +1459,11 @@ var MantyxOAuthClient = class {
1463
1459
  this.fetchImpl = f;
1464
1460
  this.timeoutMs = opts.timeoutMs ?? 3e4;
1465
1461
  }
1466
- /**
1467
- * Swap an authorization-code + PKCE verifier for the initial
1468
- * `{access_token, refresh_token}` pair. Call this exactly once per
1469
- * sign-in after the browser/native redirect lands back on your
1470
- * `redirectUri` with a `code` parameter. Persist the returned
1471
- * `refreshToken` against the user record — it is long-lived and
1472
- * non-rotating per `docs/oauth.md` §"Token lifetimes & lifecycle".
1473
- */
1474
- async exchangeAuthorizationCode(opts) {
1475
- return this.token({
1476
- grant_type: "authorization_code",
1477
- code: opts.code,
1478
- redirect_uri: opts.redirectUri,
1479
- code_verifier: opts.codeVerifier
1480
- });
1481
- }
1482
1462
  /**
1483
1463
  * Mint a fresh access token from a stored refresh token. The
1484
- * returned `refreshToken` is identical to the input — the field is
1485
- * surfaced for symmetry with {@link exchangeAuthorizationCode} only.
1464
+ * returned `refreshToken` is identical to the input — refresh
1465
+ * tokens are persistent and non-rotating, so the field is
1466
+ * surfaced only for symmetry with the response shape.
1486
1467
  *
1487
1468
  * On `400 invalid_grant` the refresh token has been revoked (or its
1488
1469
  * grant / app was deleted); the SDK surfaces a
@@ -1500,21 +1481,6 @@ var MantyxOAuthClient = class {
1500
1481
  if (scope !== void 0) body.scope = scope;
1501
1482
  return this.token(body);
1502
1483
  }
1503
- /**
1504
- * Request a workspace-scoped access token without a user via the
1505
- * `client_credentials` grant. Available only on private OAuth apps
1506
- * that were registered with `allowsClientCredentials: true`. No
1507
- * refresh token is issued; re-call this method whenever a new
1508
- * access token is needed.
1509
- */
1510
- async clientCredentials(opts = {}) {
1511
- const body = {
1512
- grant_type: "client_credentials"
1513
- };
1514
- const scope = normalizeScope(opts.scope);
1515
- if (scope !== void 0) body.scope = scope;
1516
- return this.token(body);
1517
- }
1518
1484
  /**
1519
1485
  * Revoke an access or refresh token (RFC 7009). The server always
1520
1486
  * returns 200, even for unknown tokens. Revoking a **refresh**
@@ -1536,6 +1502,10 @@ var MantyxOAuthClient = class {
1536
1502
  * source caches the access token in-memory and refreshes
1537
1503
  * proactively when the cached value is within `refreshSkewMs` of
1538
1504
  * `expiresAt`, or eagerly when `MantyxClient` reports a 401.
1505
+ *
1506
+ * Pass `initialToken` if the calling app already has a non-expired
1507
+ * access token in hand (e.g. straight out of the sign-in flow) to
1508
+ * avoid an extra round-trip on the first request.
1539
1509
  */
1540
1510
  refreshTokenSource(opts) {
1541
1511
  if (!opts.refreshToken) {
@@ -1548,20 +1518,6 @@ var MantyxOAuthClient = class {
1548
1518
  return this.refresh({ refreshToken, scope: opts.scope });
1549
1519
  });
1550
1520
  }
1551
- /**
1552
- * Build a long-lived {@link TokenSource} backed by the
1553
- * `client_credentials` grant. On every refresh the source re-mints
1554
- * a workspace-scoped access token by calling the token endpoint
1555
- * with `grant_type=client_credentials`. Available only on private
1556
- * apps with `allowsClientCredentials: true`.
1557
- */
1558
- clientCredentialsTokenSource(opts = {}) {
1559
- const skew = opts.refreshSkewMs ?? DEFAULT_REFRESH_SKEW_MS;
1560
- const cache = { token: void 0, inflight: null };
1561
- return makeTokenSource(cache, skew, async () => {
1562
- return this.clientCredentials({ scope: opts.scope });
1563
- });
1564
- }
1565
1521
  // -------------------------------------------------------------- internals
1566
1522
  /**
1567
1523
  * POST `application/x-www-form-urlencoded` to `/api/oauth/token` and
@@ -1641,22 +1597,6 @@ var MantyxOAuthClient = class {
1641
1597
  return res;
1642
1598
  }
1643
1599
  };
1644
- function generatePkceVerifier(length = 64) {
1645
- if (length < 43 || length > 128) {
1646
- throw new MantyxError("PKCE code_verifier length must be in [43, 128]");
1647
- }
1648
- const ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
1649
- const bytes = (0, import_node_crypto.randomBytes)(length);
1650
- let out = "";
1651
- for (let i = 0; i < length; i++) {
1652
- out += ALPHABET[bytes[i] % ALPHABET.length];
1653
- }
1654
- return out;
1655
- }
1656
- function pkceChallenge(verifier) {
1657
- const hash = (0, import_node_crypto.createHash)("sha256").update(verifier, "utf8").digest();
1658
- return import_node_buffer.Buffer.from(hash).toString("base64").replace(/=+$/, "").replace(/\+/g, "-").replace(/\//g, "_");
1659
- }
1660
1600
  function makeTokenSource(cache, skewMs, mint) {
1661
1601
  return async (reason = "initial") => {
1662
1602
  if (reason !== "unauthorized" && cache.token && !isExpiring(cache.token, skewMs)) {
@@ -1700,7 +1640,7 @@ function normalizeScope(scope) {
1700
1640
  }
1701
1641
 
1702
1642
  // src/version.ts
1703
- var SDK_VERSION = "0.10.0";
1643
+ var SDK_VERSION = "0.10.1";
1704
1644
  // Annotate the CommonJS export names for ESM import in node:
1705
1645
  0 && (module.exports = {
1706
1646
  AgentSession,
@@ -1721,7 +1661,6 @@ var SDK_VERSION = "0.10.0";
1721
1661
  defineLocalA2A,
1722
1662
  defineLocalMcp,
1723
1663
  defineLocalTool,
1724
- generatePkceVerifier,
1725
1664
  isLocalA2ATool,
1726
1665
  isLocalMcpServer,
1727
1666
  isLocalTool,
@@ -1730,7 +1669,6 @@ var SDK_VERSION = "0.10.0";
1730
1669
  mantyxPluginTool,
1731
1670
  mantyxTool,
1732
1671
  parseRunOutput,
1733
- pkceChallenge,
1734
1672
  readSseStream,
1735
1673
  toToolParametersWire,
1736
1674
  zodToJsonSchema