@matimo/core 0.1.0-alpha.8 → 0.1.0

package/README.md

@@ -11,7 +11,7 @@ Install the unified package (includes core exports):
 npm install matimo
 pnpm add matimo
 # or install scoped core package directly
-npm insatll @matimo/core
+npm install @matimo/core
 pnpm add @matimo/core
 ```
 
@@ -20,10 +20,15 @@ pnpm add @matimo/core
 `@matimo/core` contains:
 
 - `MatimoInstance` — initialization, discovery, registry, and execution API
-- Executors (command, http, function)
+- **Executors** — Command (shell), HTTP (REST with object/array embedding), Function (JS/TS)
+- **Policy Engine** — content validation, risk classification, RBAC, integrity tracking
+- **Meta-Tools** — 9 built-in tools for tool lifecycle management (create, validate, approve, reload, list, skill)
+- **Approval System** — human-in-the-loop approval with interactive, auto-approve, and MCP patterns
+- **MCP Server** — Model Context Protocol server with HTTP and stdio transports
 - Decorator utilities (`@tool`, `setGlobalMatimoInstance`)
 - Zod-based schema validation for YAML tool definitions
-- Error types (`MatimoError`) and structured error codes
+- **Structured error handling** — `MatimoError` with error chaining via optional `cause` field
+- OAuth2 authentication support (provider integrations in separate packages)
 
 This package is intended to be imported by applications, CLIs, and provider packages.
 
@@ -42,6 +47,31 @@ console.log('Loaded', matimo.listTools().length, 'tools');
 await matimo.execute('calculator', { operation: 'add', a: 1, b: 2 });
 ```
 
+## 🛠 Included Core Tools
+
+`@matimo/core` includes 15 built-in tools:
+
+### Utility Tools
+- **`execute`** — Run shell commands with output capture, timeout, and working directory control
+- **`read`** — Read files with line range support and encoding detection
+- **`edit`** — Edit/replace content in files with backup
+- **`search`** — Search files with grep patterns and context
+- **`web`** — Fetch and parse web content
+- **`calculator`** — Basic arithmetic operations
+
+### Meta-Tools (Tool Lifecycle Management)
+- **`matimo_validate_tool`** — Validate YAML against schema + policy rules, returns risk level
+- **`matimo_create_tool`** — Write a new tool to disk with safety enforcement (forces draft + requires_approval)
+- **`matimo_approve_tool`** — Promote a draft tool with HMAC-signed approval manifest
+- **`matimo_reload_tools`** — Hot-reload all tools into the live registry without restart
+- **`matimo_list_user_tools`** — List tools in a directory with risk classification and status
+- **`matimo_create_skill`** — Create SKILL.md files with validated YAML frontmatter
+- **`matimo_list_skills`** — List skills in a directory with name, description, and path
+- **`matimo_get_skill`** — Read a skill's full content by name for agent context
+- **`matimo_validate_skill`** — Validate a skill against the Agent Skills specification
+
+All core tools use **function-based execution** (not shell commands) for better performance and reliability.
+
 ## 🧩 Usage Patterns
 
 - Factory pattern: `MatimoInstance.init()` + `matimo.execute()`
@@ -50,15 +80,307 @@ await matimo.execute('calculator', { operation: 'add', a: 1, b: 2 });
 
 See the full SDK docs: [docs/api-reference/SDK.md](../../docs/api-reference/SDK.md)
 
-## 🔐 Authentication
+## ⚙️ Executors
+
+`@matimo/core` provides three execution engines:
+
+### FunctionExecutor (Recommended for Core Tools)
+Executes TypeScript/JavaScript functions with type-safe parameters:
+- ✅ **Direct execution** — No subprocess overhead
+- ✅ **Better performance** — Direct async function calls
+- ✅ **Type safety** — Proper TypeScript integration
+- ✅ **Error handling** — Native exception handling
+
+**Core tools** (`execute`, `read`, `edit`, `search`, `web`, `calculator`) all use function-based execution:
+```yaml
+# Tool YAML:
+execution:
+  type: function
+  code: './execute.ts'  # Relative path to implementation
+
+# File: execute.ts
+export default async function execute(params: {
+  command: string
+  args?: string[]
+  cwd?: string
+  timeout?: number
+}): Promise<{ success: boolean; stdout: string; stderr: string; exitCode: number }> {
+  // Implementation here
+}
+```
+
+### HttpExecutor
+Makes HTTP requests with automatic parameter embedding and response validation:
+```yaml
+# Tool YAML:
+execution:
+  type: http
+  method: POST
+  url: https://api.example.com/data
+  headers:
+    Authorization: 'Bearer {AUTH_TOKEN}'
+  body:
+    text: '{text}'
+    metadata: '{metadata}'  # Objects/arrays automatically JSON-encoded
+```
+
+**Key features:**
+- ✅ **Parameter embedding** — Objects and arrays automatically JSON-encoded in request body
+- ✅ **Response validation** — Validates output against `output_schema` using Zod
+- ✅ **Error normalization** — Converts Axios/HTTP errors to structured `MatimoError`
+- ✅ **Structured error details** — Original error preserved via `error.cause` field
+
+### CommandExecutor (Legacy Shell Execution)
+Spawns shell processes for external commands:
+```typescript
+// Tool YAML:
+execution:
+  type: command
+  command: node
+  args: ["script.js", "{param1}"]
+
+// Spawns: node script.js value1
+```
+
+**Use when:**
+- Executing external shell commands or legacy scripts
+- Running tools from other packages that expect shell execution
+- Most core Matimo tools now use function-based execution instead
+
+## 🚨 Error Handling
+
+All executors throw `MatimoError` (never generic `Error`) with structured context:
+
+```typescript
+import { MatimoError, ErrorCode } from '@matimo/core';
+
+try {
+  await matimo.execute('my-tool', params);
+} catch (error) {
+  if (error instanceof MatimoError) {
+    console.error(`Error: ${error.message}`);
+    console.error(`Code: ${error.code}`);
+    console.error(`Details:`, error.details);
+    
+    // Access original exception (if available)
+    if (error.cause) {
+      console.error(`Original error:`, error.cause);
+    }
+  }
+}
+```
 
-Tools declare authentication in their YAML definitions. `@matimo/core` supports:
+**Error codes:**
+- `INVALID_SCHEMA` — Tool definition or parameters invalid
+- `EXECUTION_FAILED` — Tool execution failed (network, timeout, etc.)
+- `AUTH_FAILED` — Authentication/authorization error
+- `TOOL_NOT_FOUND` — Tool not found in registry
+
+**Error chaining:**
+The optional `cause` field preserves the original error for debugging:
+```typescript
+throw new MatimoError('HTTP request failed', ErrorCode.EXECUTION_FAILED, {
+  toolName: 'slack_send',
+  statusCode: 500,
+  details: { originalError: axiosError }
+});
+// Access via: error.cause or error.details.originalError
+```
+
+## 🔐 Authentication & Security
+
+Tools declare authentication requirements in YAML. `@matimo/core` supports:
+
+- **API keys** (header/query injection)
+- **Bearer/basic tokens** (automatic injection)
+- **OAuth2** (provider configurations via OAuth2Handler)
+
+Credentials are loaded from environment variables by convention:
+```bash
+export SLACK_BOT_TOKEN=xoxb-...
+export GMAIL_ACCESS_TOKEN=ya29-...
+export NOTION_API_KEY=ntn_...
+```
+
+**Security notes:**
+- ✅ Secrets never logged (error messages exclude credential values)
+- ✅ OAuth tokens refreshed automatically when expired
+- ✅ HTTP Executor validates all authentication before making requests
+- ✅ Missing credentials throw `MatimoError(AUTH_FAILED)` with helpful guidance
+
+## 🛡 Policy Engine
+
+The policy engine provides defense-in-depth security for AI agent tool usage. Policy is defined at deploy time and `Object.freeze()`'d at runtime — agents cannot modify it.
+
+```typescript
+import { MatimoInstance } from 'matimo';
+import type { PolicyConfig } from 'matimo';
+
+const policyConfig: PolicyConfig = {
+  allowedDomains: ['api.github.com', 'api.slack.com'],
+  allowedHttpMethods: ['GET', 'POST'],
+  allowCommandTools: false,
+  allowFunctionTools: false,
+  protectedNamespaces: ['matimo_'],
+};
+
+const matimo = await MatimoInstance.init({
+  toolPaths: ['./tools', './agent-tools'],
+  untrustedPaths: ['./agent-tools'],
+  policyConfig,
+});
+```
 
-- API keys (header/query)
-- Bearer/basic tokens
-- OAuth2 (provider integrations handled in provider packages)
+### Content Validator (9 Rules)
 
-Tokens are injected from environment variables by convention (for example `SLACK_BOT_TOKEN`, `GMAIL_ACCESS_TOKEN`).
+| Rule | Severity | What It Checks |
+|------|----------|----------------|
+| `no-function-execution` | critical | Blocks arbitrary code execution |
+| `no-command-execution` | critical | Blocks shell injection |
+| `no-ssrf` | critical | Blocks internal IPs/metadata endpoints |
+| `unauthorized-credential` | high | Blocks unapproved credentials |
+| `reserved-namespace` | high | Blocks hijacking of `matimo_` prefix |
+| `forced-approval` | medium | Enforces `requires_approval: true` |
+| `blocked-http-method` | high | Blocks disallowed HTTP methods |
+| `blocked-domain` | high | Blocks disallowed domains |
+| `forced-draft-status` | medium | Enforces `status: draft` on new tools |
+
+### Risk Classification
+
+| Risk Level | Criteria |
+|-----------|----------|
+| **critical** | `execution.type: function` |
+| **high** | `execution.type: command`, HTTP `DELETE`, `requires_approval: true` |
+| **medium** | HTTP `POST`, `PUT`, `PATCH` |
+| **low** | HTTP `GET`, `HEAD`, `OPTIONS` |
+
+See the full guide: [docs/tool-development/POLICY_AND_LIFECYCLE.md](../../docs/tool-development/POLICY_AND_LIFECYCLE.md)
+
+## 🔄 Tool Lifecycle (Create → Approve → Reload → Use)
+
+Agents can create tools at runtime with full policy enforcement:
+
+```typescript
+// 1. Create — writes YAML to disk (forces draft + requires_approval)
+await matimo.execute('matimo_create_tool', {
+  name: 'city_lookup',
+  target_dir: './agent-tools',
+  yaml_content: `
+name: city_lookup
+version: '1.0.0'
+description: Look up user information including city and address details
+parameters:
+  id: { type: string, required: true }
+execution:
+  type: http
+  method: GET
+  url: 'https://jsonplaceholder.typicode.com/users/{id}'
+`,
+});
+
+// 2. Approve — re-validates, signs HMAC, updates status to approved
+await matimo.execute('matimo_approve_tool', {
+  name: 'city_lookup',
+  tool_dir: './agent-tools',
+});
+
+// 3. Reload — clears registry, re-reads YAML, re-validates untrusted tools
+await matimo.execute('matimo_reload_tools', {});
+
+// 4. Use — tool is now in the live registry
+const result = await matimo.execute('city_lookup', { id: '1' });
+```
+
+This lifecycle works identically across SDK, LangChain, and MCP interfaces.
+
+See the full reference: [docs/tool-development/META_TOOLS.md](../../docs/tool-development/META_TOOLS.md)
+
+## ✅ Approval System
+
+Tools with `requires_approval: true` require human confirmation before execution:
+
+```typescript
+import { getGlobalApprovalHandler } from 'matimo';
+
+// Interactive terminal approval
+getGlobalApprovalHandler().setApprovalCallback(async (request) => {
+  console.log(`Tool: ${request.toolName}`);
+  console.log(`Params: ${JSON.stringify(request.params)}`);
+  // return true to approve, false to reject
+  return await promptUser('Approve? (y/n)');
+});
+
+// Auto-approve (CI/CD only)
+process.env.MATIMO_AUTO_APPROVE = 'true';
+
+// Pre-approved patterns
+process.env.MATIMO_APPROVED_PATTERNS = 'calculator,weather_*';
+```
+
+**MCP approval:** MCP clients pass `_matimo_approved: true` in arguments for tools that require approval.
+
+See: [docs/APPROVAL-SYSTEM.md](../../docs/APPROVAL-SYSTEM.md)
+
+## 🌐 MCP Server
+
+Serve Matimo tools via the Model Context Protocol:
+
+```typescript
+import { MCPServer } from 'matimo';
+
+const server = new MCPServer({
+  transport: 'http',
+  port: 3000,
+  toolPaths: ['./tools'],
+  policyConfig: { allowCommandTools: false },
+  mcpToken: process.env.MCP_TOKEN,
+});
+
+await server.start();
+// Tools available at POST http://localhost:3000/mcp
+```
+
+**Supports:**
+- HTTP and stdio transports
+- Bearer token authentication
+- Tool lifecycle via meta-tools (create, approve, reload)
+- Automatic `notifications/tools/list_changed` on reload
+
+See: [docs/MCP.md](../../docs/MCP.md)
+
+## ✅ Validation & Output Schema
+
+All tool execution includes automatic validation:
+
+**Input Validation:**
+- Tool YAML definitions validated against Zod schema on load
+- Parameters validated against tool's declared `parameters` schema
+- Invalid parameters throw `MatimoError(INVALID_SCHEMA)`
+
+**Output Validation:**
+- HTTP executor validates response against tool's `output_schema`
+- Function executor validates return value against `output_schema` (for HTTP tools)
+- Invalid responses/returns throw `MatimoError(EXECUTION_FAILED)`
+- Zod provides detailed validation error messages
+
+**Example (core `execute` tool):**
+```yaml
+# Definition: packages/core/tools/execute/definition.yaml
+execution:
+  type: function
+  code: './execute.ts'
+
+output_schema:
+  type: object
+  properties:
+    success: { type: boolean }
+    exitCode: { type: number }
+    stdout: { type: string }
+    stderr: { type: string }
+  required: [success, exitCode, stdout, stderr]
+```
+
+Invalid parameters or responses trigger validation errors with structured details.
 
 ## 🧪 Testing & Development
 
@@ -74,12 +396,17 @@ To build:
 pnpm --filter "@matimo/core" build
 ```
 
-## 📚 Contributing
-
-See the project CONTRIBUTING guide and `docs/tool-development/ADDING_TOOLS.md` for adding provider packages and tools.
+## 📚 Documentation
 
-- Contributing: https://github.com/tallclub/matimo/blob/main/CONTRIBUTING.md
-- Add tools: ../../docs/tool-development/ADDING_TOOLS.md
+- [Quick Start](../../docs/getting-started/QUICK_START.md)
+- [API Reference](../../docs/api-reference/SDK.md)
+- [Policy & Lifecycle Guide](../../docs/tool-development/POLICY_AND_LIFECYCLE.md)
+- [Meta-Tools Reference](../../docs/tool-development/META_TOOLS.md)
+- [Approval System](../../docs/APPROVAL-SYSTEM.md)
+- [MCP Server](../../docs/MCP.md)
+- [Tool Specification](../../docs/tool-development/TOOL_SPECIFICATION.md)
+- [Adding Tools](../../docs/tool-development/ADDING_TOOLS.md)
+- [Contributing](https://github.com/tallclub/matimo/blob/main/CONTRIBUTING.md)
 
 ---
 

package/dist/approval/approval-handler.d.ts

@@ -42,7 +42,11 @@ export declare class ApprovalHandler {
     /**
      * Set approval callback for interactive/custom approval
      */
-    setApprovalCallback(callback: ApprovalCallback): void;
+    setApprovalCallback(callback: ApprovalCallback | null): void;
+    /**
+     * Get the current approval callback (for save/restore patterns)
+     */
+    getApprovalCallback(): ApprovalCallback | null;
     /**
      * Check if a tool requires approval based on YAML definition or supplied content.
      * @param requiresApproval In Yaml - From tool definition `requires_approval` field

package/dist/approval/approval-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"approval-handler.d.ts","sourceRoot":"","sources":["../../src/approval/approval-handler.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AAED;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,eAAe,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAE9E;;;;;;;;;GASG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,WAAW,CAAkB;IACrC,OAAO,CAAC,gBAAgB,CAA0B;IAClD,OAAO,CAAC,gBAAgB,CAAiC;IACzD,OAAO,CAAC,mBAAmB,CAAgB;;IAsB3C;;;;;;OAMG;IACH,OAAO,CAAC,uBAAuB;IAqD/B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAyB1B;;OAEG;IACH,mBAAmB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,IAAI;IAIrD;;;;;;;;OAQG;IACH,gBAAgB,CAAC,sBAAsB,EAAE,OAAO,GAAG,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO;IAexF;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAgBxC;;;OAGG;IACG,eAAe,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IA2B9D;;OAEG;IACH,OAAO,CAAC,cAAc;CAavB;AAKD;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,eAAe,CAK1D"}
+{"version":3,"file":"approval-handler.d.ts","sourceRoot":"","sources":["../../src/approval/approval-handler.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AAED;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,eAAe,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAE9E;;;;;;;;;GASG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,WAAW,CAAkB;IACrC,OAAO,CAAC,gBAAgB,CAA0B;IAClD,OAAO,CAAC,gBAAgB,CAAiC;IACzD,OAAO,CAAC,mBAAmB,CAAgB;;IAsB3C;;;;;;OAMG;IACH,OAAO,CAAC,uBAAuB;IAqD/B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAyB1B;;OAEG;IACH,mBAAmB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,IAAI,GAAG,IAAI;IAI5D;;OAEG;IACH,mBAAmB,IAAI,gBAAgB,GAAG,IAAI;IAI9C;;;;;;;;OAQG;IACH,gBAAgB,CAAC,sBAAsB,EAAE,OAAO,GAAG,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO;IAexF;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAgBxC;;;OAGG;IACG,eAAe,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IA2B9D;;OAEG;IACH,OAAO,CAAC,cAAc;CAavB;AAKD;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,eAAe,CAK1D"}

package/dist/approval/approval-handler.js

@@ -122,6 +122,12 @@ export class ApprovalHandler {
     setApprovalCallback(callback) {
         this.approvalCallback = callback;
     }
+    /**
+     * Get the current approval callback (for save/restore patterns)
+     */
+    getApprovalCallback() {
+        return this.approvalCallback;
+    }
     /**
      * Check if a tool requires approval based on YAML definition or supplied content.
      * @param requiresApproval In Yaml - From tool definition `requires_approval` field

package/dist/approval/approval-handler.js.map

@@ -1 +1 @@
-{"version":3,"file":"approval-handler.js","sourceRoot":"","sources":["../../src/approval/approval-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAiBhE;;;;;;;;;GASG;AACH,MAAM,OAAO,eAAe;IAM1B;QALQ,gBAAW,GAAY,KAAK,CAAC;QAC7B,qBAAgB,GAAgB,IAAI,GAAG,EAAE,CAAC;QAC1C,qBAAgB,GAA4B,IAAI,CAAC;QACjD,wBAAmB,GAAa,EAAE,CAAC;QAGzC,oDAAoD;QACpD,IAAI,CAAC,uBAAuB,EAAE,CAAC;QAE/B,kCAAkC;QAClC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,MAAM,CAAC;QAE9D,+CAA+C;QAC/C,0CAA0C;QAC1C,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,EAAE,CAAC;QAC/D,IAAI,WAAW,EAAE,CAAC;YAChB,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBACzC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;gBAC/B,IAAI,OAAO,EAAE,CAAC;oBACZ,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,uBAAuB;QAC7B,IAAI,CAAC;YACH,mDAAmD;YACnD,MAAM,aAAa,GAAG;gBACpB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,yCAAyC,CAAC,EAAE,iBAAiB;gBACtF,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,qDAAqD,CAAC,EAAE,YAAY;gBAC7F,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,2BAA2B,CAAC,EAAE,oBAAoB;aAC5E,CAAC;YAEF,IAAI,aAAa,GAAkB,IAAI,CAAC;YAExC,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;gBACrC,IAAI,CAAC;oBACH,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC5B,aAAa,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;wBAClD,MAAM;oBACR,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,wBAAwB;gBAC1B,CAAC;YACH,CAAC;YAED,yDAAyD;YACzD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC1B,OAAO;YACT,CAAC;YAED,yCAAyC;YACzC,qDAAqD;YACrD,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACxC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,oDAAoD;gBACpD,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAClE,uDAAuD;oBACvD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;oBACpD,IAAI,OAAO,EAAE,CAAC;wBACZ,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACzC,CAAC;gBACH,CAAC;YACH,CAAC;YAED,gDAAgD;YAChD,IAAI,IAAI,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1C,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uDAAuD;YACvD,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACK,kBAAkB;QACxB,IAAI,CAAC,mBAAmB,GAAG;YACzB,QAAQ;YACR,QAAQ;YACR,MAAM;YACN,OAAO;YACP,UAAU;YACV,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,SAAS;YACT,OAAO;YACP,OAAO;YACP,QAAQ;YACR,MAAM;YACN,OAAO;YACP,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,UAAU;YACV,SAAS;YACT,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,QAA0B;QAC5C,IAAI,CAAC,gBAAgB,GAAG,QAAQ,CAAC;IACnC,CAAC;IAED;;;;;;;;OAQG;IACH,gBAAgB,CAAC,sBAA2C,EAAE,OAAgB;QAC5E,4CAA4C;QAC5C,IAAI,sBAAsB,KAAK,IAAI,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,6EAA6E;QAC7E,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAC7E,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,QAAgB;QAC5B,0BAA0B;QAC1B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,yBAAyB;QACzB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC5C,IAAI,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;gBAC3C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe,CAAC,OAAwB;QAC5C,kCAAkC;QAClC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,MAAM,IAAI,WAAW,CACnB,4CAA4C,OAAO,CAAC,QAAQ,EAAE,EAC9D,SAAS,CAAC,gBAAgB,EAC1B;gBACE,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,IAAI,EAAE,uFAAuF;aAC9F,CACF,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,WAAW,CACnB,2CAA2C,OAAO,CAAC,QAAQ,EAAE,EAC7D,SAAS,CAAC,gBAAgB,EAC1B;gBACE,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,OAAO,EAAE,uCAAuC;aACjD,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,QAAgB,EAAE,OAAe;QACtD,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,iCAAiC;QACjC,6DAA6D;QAC7D,iDAAiD;QACjD,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QACtE,MAAM,YAAY,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,YAAY,GAAG,EAAE,GAAG,CAAC,CAAC;QACnD,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;CACF;AAED,kBAAkB;AAClB,IAAI,qBAAqB,GAA2B,IAAI,CAAC;AAEzD;;GAEG;AACH,MAAM,UAAU,wBAAwB;IACtC,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,qBAAqB,GAAG,IAAI,eAAe,EAAE,CAAC;IAChD,CAAC;IACD,OAAO,qBAAqB,CAAC;AAC/B,CAAC"}
+{"version":3,"file":"approval-handler.js","sourceRoot":"","sources":["../../src/approval/approval-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAiBhE;;;;;;;;;GASG;AACH,MAAM,OAAO,eAAe;IAM1B;QALQ,gBAAW,GAAY,KAAK,CAAC;QAC7B,qBAAgB,GAAgB,IAAI,GAAG,EAAE,CAAC;QAC1C,qBAAgB,GAA4B,IAAI,CAAC;QACjD,wBAAmB,GAAa,EAAE,CAAC;QAGzC,oDAAoD;QACpD,IAAI,CAAC,uBAAuB,EAAE,CAAC;QAE/B,kCAAkC;QAClC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,MAAM,CAAC;QAE9D,+CAA+C;QAC/C,0CAA0C;QAC1C,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,EAAE,CAAC;QAC/D,IAAI,WAAW,EAAE,CAAC;YAChB,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBACzC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;gBAC/B,IAAI,OAAO,EAAE,CAAC;oBACZ,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,uBAAuB;QAC7B,IAAI,CAAC;YACH,mDAAmD;YACnD,MAAM,aAAa,GAAG;gBACpB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,yCAAyC,CAAC,EAAE,iBAAiB;gBACtF,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,qDAAqD,CAAC,EAAE,YAAY;gBAC7F,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,2BAA2B,CAAC,EAAE,oBAAoB;aAC5E,CAAC;YAEF,IAAI,aAAa,GAAkB,IAAI,CAAC;YAExC,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;gBACrC,IAAI,CAAC;oBACH,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC5B,aAAa,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;wBAClD,MAAM;oBACR,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,wBAAwB;gBAC1B,CAAC;YACH,CAAC;YAED,yDAAyD;YACzD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC1B,OAAO;YACT,CAAC;YAED,yCAAyC;YACzC,qDAAqD;YACrD,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACxC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,oDAAoD;gBACpD,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAClE,uDAAuD;oBACvD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;oBACpD,IAAI,OAAO,EAAE,CAAC;wBACZ,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACzC,CAAC;gBACH,CAAC;YACH,CAAC;YAED,gDAAgD;YAChD,IAAI,IAAI,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1C,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uDAAuD;YACvD,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACK,kBAAkB;QACxB,IAAI,CAAC,mBAAmB,GAAG;YACzB,QAAQ;YACR,QAAQ;YACR,MAAM;YACN,OAAO;YACP,UAAU;YACV,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,SAAS;YACT,OAAO;YACP,OAAO;YACP,QAAQ;YACR,MAAM;YACN,OAAO;YACP,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,UAAU;YACV,SAAS;YACT,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,QAAiC;QACnD,IAAI,CAAC,gBAAgB,GAAG,QAAQ,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED;;;;;;;;OAQG;IACH,gBAAgB,CAAC,sBAA2C,EAAE,OAAgB;QAC5E,4CAA4C;QAC5C,IAAI,sBAAsB,KAAK,IAAI,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,6EAA6E;QAC7E,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAC7E,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,QAAgB;QAC5B,0BAA0B;QAC1B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,yBAAyB;QACzB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC5C,IAAI,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;gBAC3C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe,CAAC,OAAwB;QAC5C,kCAAkC;QAClC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,MAAM,IAAI,WAAW,CACnB,4CAA4C,OAAO,CAAC,QAAQ,EAAE,EAC9D,SAAS,CAAC,gBAAgB,EAC1B;gBACE,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,IAAI,EAAE,uFAAuF;aAC9F,CACF,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,WAAW,CACnB,2CAA2C,OAAO,CAAC,QAAQ,EAAE,EAC7D,SAAS,CAAC,gBAAgB,EAC1B;gBACE,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,OAAO,EAAE,uCAAuC;aACjD,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,QAAgB,EAAE,OAAe;QACtD,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,iCAAiC;QACjC,6DAA6D;QAC7D,iDAAiD;QACjD,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;QACtE,MAAM,YAAY,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC3D,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,YAAY,GAAG,EAAE,GAAG,CAAC,CAAC;QACnD,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;CACF;AAED,kBAAkB;AAClB,IAAI,qBAAqB,GAA2B,IAAI,CAAC;AAEzD;;GAEG;AACH,MAAM,UAAU,wBAAwB;IACtC,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,qBAAqB,GAAG,IAAI,eAAe,EAAE,CAAC;IAChD,CAAC;IACD,OAAO,qBAAqB,CAAC;AAC/B,CAAC"}

package/dist/core/schema.d.ts

@@ -20,11 +20,12 @@ export declare const ParameterSchema: z.ZodObject<{
 export type Parameter = z.infer<typeof ParameterSchema>;
 export declare const AuthConfigSchema: z.ZodObject<{
     type: z.ZodOptional<z.ZodEnum<{
+        custom: "custom";
+        none: "none";
         api_key: "api_key";
-        oauth2: "oauth2";
         basic: "basic";
         bearer: "bearer";
-        custom: "custom";
+        oauth2: "oauth2";
     }>>;
     location: z.ZodOptional<z.ZodEnum<{
         body: "body";
@@ -34,6 +35,8 @@ export declare const AuthConfigSchema: z.ZodObject<{
     name: z.ZodOptional<z.ZodString>;
     provider: z.ZodOptional<z.ZodString>;
     required: z.ZodOptional<z.ZodBoolean>;
+    username_env: z.ZodOptional<z.ZodString>;
+    password_env: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>;
 export type AuthConfig = z.infer<typeof AuthConfigSchema>;
 export declare const ExecutionConfigSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
@@ -70,8 +73,14 @@ export declare const ExecutionConfigSchema: z.ZodDiscriminatedUnion<[z.ZodObject
 }, z.core.$strip>], "type">;
 export type ExecutionConfig = z.infer<typeof ExecutionConfigSchema>;
 export declare const OutputSchemaSchema: z.ZodObject<{
-    type: z.ZodOptional<z.ZodString>;
-    properties: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    type: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+        string: "string";
+        number: "number";
+        boolean: "boolean";
+        object: "object";
+        array: "array";
+    }>, z.ZodString]>>;
+    properties: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>>>;
     required: z.ZodOptional<z.ZodArray<z.ZodString>>;
     description: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>;
@@ -79,8 +88,9 @@ export type OutputSchema = z.infer<typeof OutputSchemaSchema>;
 export declare const ErrorHandlingSchema: z.ZodObject<{
     retry: z.ZodOptional<z.ZodNumber>;
     backoff_type: z.ZodOptional<z.ZodEnum<{
-        exponential: "exponential";
+        fixed: "fixed";
         linear: "linear";
+        exponential: "exponential";
     }>>;
     initial_delay_ms: z.ZodOptional<z.ZodNumber>;
     max_delay_ms: z.ZodOptional<z.ZodNumber>;
@@ -145,11 +155,12 @@ export declare const ToolDefinitionSchema: z.ZodObject<{
     }, z.core.$strip>], "type">;
     authentication: z.ZodOptional<z.ZodObject<{
         type: z.ZodOptional<z.ZodEnum<{
+            custom: "custom";
+            none: "none";
             api_key: "api_key";
-            oauth2: "oauth2";
             basic: "basic";
             bearer: "bearer";
-            custom: "custom";
+            oauth2: "oauth2";
         }>>;
         location: z.ZodOptional<z.ZodEnum<{
             body: "body";
@@ -159,18 +170,27 @@ export declare const ToolDefinitionSchema: z.ZodObject<{
         name: z.ZodOptional<z.ZodString>;
         provider: z.ZodOptional<z.ZodString>;
         required: z.ZodOptional<z.ZodBoolean>;
+        username_env: z.ZodOptional<z.ZodString>;
+        password_env: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>;
     output_schema: z.ZodOptional<z.ZodObject<{
-        type: z.ZodOptional<z.ZodString>;
-        properties: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+        type: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+            string: "string";
+            number: "number";
+            boolean: "boolean";
+            object: "object";
+            array: "array";
+        }>, z.ZodString]>>;
+        properties: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>>>;
         required: z.ZodOptional<z.ZodArray<z.ZodString>>;
         description: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>;
     error_handling: z.ZodOptional<z.ZodObject<{
         retry: z.ZodOptional<z.ZodNumber>;
         backoff_type: z.ZodOptional<z.ZodEnum<{
-            exponential: "exponential";
+            fixed: "fixed";
             linear: "linear";
+            exponential: "exponential";
         }>>;
         initial_delay_ms: z.ZodOptional<z.ZodNumber>;
         max_delay_ms: z.ZodOptional<z.ZodNumber>;
@@ -182,6 +202,12 @@ export declare const ToolDefinitionSchema: z.ZodObject<{
         quota_per_hour: z.ZodOptional<z.ZodNumber>;
     }, z.core.$strip>>;
     requires_approval: z.ZodOptional<z.ZodBoolean>;
+    risk: z.ZodOptional<z.ZodEnum<{
+        low: "low";
+        medium: "medium";
+        high: "high";
+        critical: "critical";
+    }>>;
     examples: z.ZodOptional<z.ZodArray<z.ZodObject<{
         name: z.ZodString;
         params: z.ZodRecord<z.ZodString, z.ZodUnknown>;
@@ -190,6 +216,11 @@ export declare const ToolDefinitionSchema: z.ZodObject<{
     deprecated: z.ZodOptional<z.ZodBoolean>;
     tags: z.ZodOptional<z.ZodArray<z.ZodString>>;
     deprecation_message: z.ZodOptional<z.ZodString>;
+    status: z.ZodOptional<z.ZodEnum<{
+        deprecated: "deprecated";
+        draft: "draft";
+        approved: "approved";
+    }>>;
 }, z.core.$strip>;
 export type ToolDefinition = z.infer<typeof ToolDefinitionSchema> & {
     /**

package/dist/core/schema.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/core/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB;;;GAGG;AAGH,eAAO,MAAM,eAAe;;;;;;;;;;;;;iBAO1B,CAAC;AAEH,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAGxD,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;iBAM3B,CAAC;AAEH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAG1D,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAiChC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAGpE,eAAO,MAAM,kBAAkB;;;;;iBAK7B,CAAC;AAEH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAG9D,eAAO,MAAM,mBAAmB;;;;;;;;iBAK9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAGhE,eAAO,MAAM,kBAAkB;;;;;iBAK7B,CAAC;AAEH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAG9D,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAwB/B,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,GAAG;IAClE;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAKF,eAAO,MAAM,qBAAqB;;;;iBAIhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAGpE,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;iBAanC,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE1E;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,OAAO,GAAG,cAAc,CAkBpE;AAED;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,OAAO,GAAG,kBAAkB,CAsBhF"}
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/core/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB;;;GAGG;AAGH,eAAO,MAAM,eAAe;;;;;;;;;;;;;iBAO1B,CAAC;AAEH,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAGxD,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;iBAkB3B,CAAC;AAEH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAG1D,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAiChC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAwBpE,eAAO,MAAM,kBAAkB;;;;;;;;;;;iBAU7B,CAAC;AAEH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAG9D,eAAO,MAAM,mBAAmB;;;;;;;;;iBAK9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAGhE,eAAO,MAAM,kBAAkB;;;;;iBAK7B,CAAC;AAEH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAG9D,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBA0B/B,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,GAAG;IAClE;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAKF,eAAO,MAAM,qBAAqB;;;;iBAIhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAGpE,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;iBAanC,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE1E;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,OAAO,GAAG,cAAc,CAkBpE;AAED;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,OAAO,GAAG,kBAAkB,CAsBhF"}

package/dist/core/schema.js

@@ -15,11 +15,23 @@ export const ParameterSchema = z.object({
 });
 // Authentication configuration
 export const AuthConfigSchema = z.object({
-    type: z.enum(['api_key', 'basic', 'bearer', 'oauth2', 'custom']).optional(),
+    type: z.enum(['none', 'api_key', 'basic', 'bearer', 'oauth2', 'custom']).optional(),
     location: z.enum(['header', 'query', 'body']).optional(),
     name: z.string().optional(),
     provider: z.string().optional(),
     required: z.boolean().optional(),
+    /**
+     * For type: basic — name of the environment variable holding the HTTP Basic Auth username.
+     * HttpExecutor will read this env var and the password_env var, base64-encode them as
+     * "username:password", and inject `Authorization: Basic <encoded>` automatically.
+     * This eliminates the need for developers to pre-compute a base64 credential string.
+     */
+    username_env: z.string().optional(),
+    /**
+     * For type: basic — name of the environment variable holding the HTTP Basic Auth password.
+     * Used together with username_env to build the Authorization header automatically.
+     */
+    password_env: z.string().optional(),
 });
 // Execution configuration (command, HTTP, or function)
 export const ExecutionConfigSchema = z.discriminatedUnion('type', [
@@ -55,16 +67,38 @@ export const ExecutionConfigSchema = z.discriminatedUnion('type', [
     }),
 ]);
 // Output schema for validation
+// Aligned with TypeScript interface: type should be one of the known types (or unknown string for extensibility)
+// Recursive property schema — validates that each property value in output_schema.properties
+// is a valid schema object (not a raw primitive).
+const OutputPropertySchema = z.lazy(() => z.object({
+    type: z
+        .union([
+        z.enum(['string', 'number', 'integer', 'boolean', 'array', 'object', 'null']),
+        z.string(),
+        z.array(z.string()), // Allow nullable arrays: [string, "null"]
+    ])
+        .optional(),
+    description: z.string().optional(),
+    properties: z.record(z.string(), OutputPropertySchema).optional(),
+    items: OutputPropertySchema.optional(),
+    required: z.array(z.string()).optional(),
+    enum: z.array(z.unknown()).optional(),
+}));
 export const OutputSchemaSchema = z.object({
-    type: z.string().optional(),
-    properties: z.record(z.string(), z.unknown()).optional(),
+    type: z
+        .union([
+        z.enum(['string', 'number', 'boolean', 'array', 'object']),
+        z.string(), // Allow other custom types for extensibility
+    ])
+        .optional(),
+    properties: z.record(z.string(), OutputPropertySchema).optional(),
     required: z.array(z.string()).optional(),
     description: z.string().optional(),
 });
 // Error handling configuration
 export const ErrorHandlingSchema = z.object({
     retry: z.number().optional(),
-    backoff_type: z.enum(['linear', 'exponential']).optional(),
+    backoff_type: z.enum(['linear', 'exponential', 'fixed']).optional(),
     initial_delay_ms: z.number().optional(),
     max_delay_ms: z.number().optional(),
 });
@@ -87,6 +121,7 @@ export const ToolDefinitionSchema = z.object({
     error_handling: ErrorHandlingSchema.optional(),
     rate_limiting: RateLimitingSchema.optional(),
     requires_approval: z.boolean().optional(),
+    risk: z.enum(['low', 'medium', 'high', 'critical']).optional(),
     examples: z
         .array(z.object({
         name: z.string(),
@@ -97,6 +132,7 @@ export const ToolDefinitionSchema = z.object({
     deprecated: z.boolean().optional(),
     tags: z.array(z.string()).optional(),
     deprecation_message: z.string().optional(),
+    status: z.enum(['draft', 'approved', 'deprecated']).optional(),
     // _definitionPath: z.string().optional(), // Internal use for tracking source file path
 });
 // export type ToolDefinition = z.infer<typeof ToolDefinitionSchema>;