@meshagent/meshagent 0.36.3 → 0.37.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/dist/browser/agent-client.d.ts +2 -10
  3. package/dist/browser/agent-client.js +2 -30
  4. package/dist/browser/agent.d.ts +22 -22
  5. package/dist/browser/agent.js +36 -16
  6. package/dist/browser/containers-client.d.ts +7 -19
  7. package/dist/browser/containers-client.js +27 -21
  8. package/dist/browser/data-types.d.ts +12 -0
  9. package/dist/browser/data-types.js +39 -1
  10. package/dist/browser/database-client.d.ts +134 -47
  11. package/dist/browser/database-client.js +359 -133
  12. package/dist/browser/index.d.ts +1 -0
  13. package/dist/browser/index.js +1 -0
  14. package/dist/browser/meshagent-client.js +12 -1
  15. package/dist/browser/participant-token.d.ts +189 -22
  16. package/dist/browser/participant-token.js +1001 -189
  17. package/dist/browser/room-client.d.ts +1 -1
  18. package/dist/browser/services-client.d.ts +1 -1
  19. package/dist/browser/version.d.ts +1 -0
  20. package/dist/browser/version.js +4 -0
  21. package/dist/esm/agent-client.d.ts +2 -10
  22. package/dist/esm/agent-client.js +1 -28
  23. package/dist/esm/agent.d.ts +22 -22
  24. package/dist/esm/agent.js +33 -14
  25. package/dist/esm/containers-client.d.ts +7 -19
  26. package/dist/esm/containers-client.js +27 -21
  27. package/dist/esm/data-types.d.ts +12 -0
  28. package/dist/esm/data-types.js +36 -0
  29. package/dist/esm/database-client.d.ts +134 -47
  30. package/dist/esm/database-client.js +352 -132
  31. package/dist/esm/index.d.ts +1 -0
  32. package/dist/esm/index.js +1 -0
  33. package/dist/esm/meshagent-client.js +12 -1
  34. package/dist/esm/participant-token.d.ts +189 -22
  35. package/dist/esm/participant-token.js +992 -188
  36. package/dist/esm/room-client.d.ts +1 -1
  37. package/dist/esm/services-client.d.ts +1 -1
  38. package/dist/esm/version.d.ts +1 -0
  39. package/dist/esm/version.js +1 -0
  40. package/dist/node/agent-client.d.ts +2 -10
  41. package/dist/node/agent-client.js +2 -30
  42. package/dist/node/agent.d.ts +22 -22
  43. package/dist/node/agent.js +36 -16
  44. package/dist/node/containers-client.d.ts +7 -19
  45. package/dist/node/containers-client.js +27 -21
  46. package/dist/node/data-types.d.ts +12 -0
  47. package/dist/node/data-types.js +39 -1
  48. package/dist/node/database-client.d.ts +134 -47
  49. package/dist/node/database-client.js +359 -133
  50. package/dist/node/index.d.ts +1 -0
  51. package/dist/node/index.js +1 -0
  52. package/dist/node/meshagent-client.js +12 -1
  53. package/dist/node/participant-token.d.ts +189 -22
  54. package/dist/node/participant-token.js +1001 -189
  55. package/dist/node/room-client.d.ts +1 -1
  56. package/dist/node/services-client.d.ts +1 -1
  57. package/dist/node/version.d.ts +1 -0
  58. package/dist/node/version.js +4 -0
  59. package/package.json +1 -1
package/dist/browser/participant-token.js CHANGED
@@ -1,22 +1,90 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.ParticipantToken = exports.ParticipantGrant = exports.ApiScope = exports.SecretsGrant = exports.AdminGrant = exports.DeveloperGrant = exports.ContainersGrant = exports.StorageGrant = exports.StoragePathGrant = exports.SyncGrant = exports.SyncPathGrant = exports.DatabaseGrant = exports.TableGrant = exports.MessagingGrant = exports.QueuesGrant = exports.LivekitGrant = exports.AgentsGrant = void 0;
3
+ exports.ParticipantToken = exports.ParticipantGrant = exports.ApiScope = exports.LLMGrant = exports.ServicesGrant = exports.TunnelsGrant = exports.SecretsGrant = exports.OAuthEndpoint = exports.AdminGrant = exports.DeveloperGrant = exports.ContainersGrant = exports.ContainerRegistryGrant = exports.StorageGrant = exports.StoragePathGrant = exports.SyncGrant = exports.SyncPathGrant = exports.MemoryGrant = exports.MemoryEntryGrant = exports.MemoryPermissions = exports.DatabaseGrant = exports.TableGrant = exports.MessagingGrant = exports.QueuesGrant = exports.LivekitGrant = exports.AgentsGrant = void 0;
4
4
  const jose_1 = require("jose");
5
5
  const api_keys_1 = require("./api_keys");
6
+ const version_1 = require("./version");
7
+ function matchesGrantPattern(patterns, value, allowIfUnset) {
8
+ if (!patterns) {
9
+ return allowIfUnset;
10
+ }
11
+ return patterns.some((pattern) => value === pattern
12
+ || (pattern.endsWith("*")
13
+ && value.startsWith(pattern.slice(0, -1))));
14
+ }
6
15
  function getEnvValue(name) {
7
16
  if (typeof process === "undefined") {
8
17
  return undefined;
9
18
  }
10
19
  return process.env?.[name];
11
20
  }
21
+ function normalizeNamespace(namespace) {
22
+ return namespace ?? [];
23
+ }
24
+ function namespacesEqual(left, right) {
25
+ const normalizedLeft = normalizeNamespace(left);
26
+ const normalizedRight = normalizeNamespace(right);
27
+ if (normalizedLeft.length !== normalizedRight.length) {
28
+ return false;
29
+ }
30
+ return normalizedLeft.every((value, index) => value === normalizedRight[index]);
31
+ }
32
+ function isRecord(value) {
33
+ return typeof value === "object" && value !== null;
34
+ }
35
+ function asStringList(value) {
36
+ return Array.isArray(value) && value.every((item) => typeof item === "string")
37
+ ? value
38
+ : undefined;
39
+ }
12
40
  class AgentsGrant {
13
- constructor({ registerAgent, registerPublicToolkit, registerPrivateToolkit, call, useAgents, useTools, } = {}) {
41
+ constructor({ registerAgent, registerPublicToolkit, registerPrivateToolkit, call, useAgents, useTools, allowedToolkits, } = {}) {
14
42
  this.registerAgent = registerAgent ?? true;
15
43
  this.registerPublicToolkit = registerPublicToolkit ?? true;
16
44
  this.registerPrivateToolkit = registerPrivateToolkit ?? true;
17
45
  this.call = call ?? true;
18
46
  this.useAgents = useAgents ?? true;
19
47
  this.useTools = useTools ?? true;
48
+ this.allowedToolkits = allowedToolkits;
49
+ }
50
+ toJSON() {
51
+ const json = {};
52
+ if (this.registerAgent !== true) {
53
+ json["register_agent"] = this.registerAgent;
54
+ }
55
+ if (this.registerPublicToolkit !== true) {
56
+ json["register_public_toolkit"] = this.registerPublicToolkit;
57
+ }
58
+ if (this.registerPrivateToolkit !== true) {
59
+ json["register_private_toolkit"] = this.registerPrivateToolkit;
60
+ }
61
+ if (this.call !== true) {
62
+ json["call"] = this.call;
63
+ }
64
+ if (this.useAgents !== true) {
65
+ json["use_agents"] = this.useAgents;
66
+ }
67
+ if (this.useTools !== true) {
68
+ json["use_tools"] = this.useTools;
69
+ }
70
+ if (this.allowedToolkits !== undefined) {
71
+ json["allowed_toolkits"] = this.allowedToolkits;
72
+ }
73
+ return json;
74
+ }
75
+ static fromJSON(obj) {
76
+ if (!isRecord(obj)) {
77
+ return new AgentsGrant();
78
+ }
79
+ return new AgentsGrant({
80
+ registerAgent: obj.register_agent ?? obj.registerAgent,
81
+ registerPublicToolkit: obj.register_public_toolkit ?? obj.registerPublicToolkit,
82
+ registerPrivateToolkit: obj.register_private_toolkit ?? obj.registerPrivateToolkit,
83
+ call: obj.call,
84
+ useAgents: obj.use_agents ?? obj.useAgents,
85
+ useTools: obj.use_tools ?? obj.useTools,
86
+ allowedToolkits: asStringList(obj.allowed_toolkits ?? obj.allowedToolkits),
87
+ });
20
88
  }
21
89
  }
22
90
  exports.AgentsGrant = AgentsGrant;
@@ -27,94 +95,444 @@ class LivekitGrant {
27
95
  canJoinBreakoutRoom(name) {
28
96
  return !this.breakoutRooms || this.breakoutRooms.includes(name);
29
97
  }
98
+ toJSON() {
99
+ const json = {};
100
+ if (this.breakoutRooms !== undefined) {
101
+ json["breakout_rooms"] = this.breakoutRooms;
102
+ }
103
+ return json;
104
+ }
105
+ static fromJSON(obj) {
106
+ if (!isRecord(obj)) {
107
+ return new LivekitGrant();
108
+ }
109
+ return new LivekitGrant({
110
+ breakoutRooms: asStringList(obj.breakout_rooms ?? obj.breakoutRooms),
111
+ });
112
+ }
30
113
  }
31
114
  exports.LivekitGrant = LivekitGrant;
32
115
  class QueuesGrant {
33
- constructor({ send, receive, list } = {}) {
34
- this.list = true;
116
+ constructor({ send, receive, list, } = {}) {
35
117
  this.send = send;
36
118
  this.receive = receive;
37
119
  this.list = list ?? true;
38
120
  }
39
- canSend(q) {
40
- return !this.send || this.send.includes(q);
121
+ canSend(queue) {
122
+ return !this.send || this.send.includes(queue);
41
123
  }
42
- canReceive(q) {
43
- return !this.receive || this.receive.includes(q);
124
+ canReceive(queue) {
125
+ return !this.receive || this.receive.includes(queue);
126
+ }
127
+ toJSON() {
128
+ const json = {};
129
+ if (this.send !== undefined) {
130
+ json["send"] = this.send;
131
+ }
132
+ if (this.receive !== undefined) {
133
+ json["receive"] = this.receive;
134
+ }
135
+ if (this.list !== true) {
136
+ json["list"] = this.list;
137
+ }
138
+ return json;
139
+ }
140
+ static fromJSON(obj) {
141
+ if (!isRecord(obj)) {
142
+ return new QueuesGrant();
143
+ }
144
+ return new QueuesGrant({
145
+ send: asStringList(obj.send),
146
+ receive: asStringList(obj.receive),
147
+ list: obj.list,
148
+ });
44
149
  }
45
150
  }
46
151
  exports.QueuesGrant = QueuesGrant;
47
152
  class MessagingGrant {
48
- constructor({ broadcast, list, send } = {}) {
153
+ constructor({ broadcast, list, send, } = {}) {
49
154
  this.broadcast = broadcast ?? true;
50
155
  this.list = list ?? true;
51
156
  this.send = send ?? true;
52
157
  }
158
+ toJSON() {
159
+ const json = {};
160
+ if (this.broadcast !== true) {
161
+ json["broadcast"] = this.broadcast;
162
+ }
163
+ if (this.list !== true) {
164
+ json["list"] = this.list;
165
+ }
166
+ if (this.send !== true) {
167
+ json["send"] = this.send;
168
+ }
169
+ return json;
170
+ }
171
+ static fromJSON(obj) {
172
+ if (!isRecord(obj)) {
173
+ return new MessagingGrant();
174
+ }
175
+ return new MessagingGrant({
176
+ broadcast: obj.broadcast,
177
+ list: obj.list,
178
+ send: obj.send,
179
+ });
180
+ }
53
181
  }
54
182
  exports.MessagingGrant = MessagingGrant;
55
183
  class TableGrant {
56
- constructor({ name, write, read, alter }) {
57
- this.write = false;
58
- this.read = true;
59
- this.alter = false;
184
+ constructor({ name, namespace, write, read, alter, }) {
60
185
  this.name = name;
186
+ this.namespace = namespace;
61
187
  this.write = write ?? false;
62
188
  this.read = read ?? true;
63
189
  this.alter = alter ?? false;
64
190
  }
191
+ toJSON() {
192
+ const json = {
193
+ name: this.name,
194
+ };
195
+ if (this.namespace !== undefined) {
196
+ json["namespace"] = this.namespace;
197
+ }
198
+ if (this.write !== false) {
199
+ json["write"] = this.write;
200
+ }
201
+ if (this.read !== true) {
202
+ json["read"] = this.read;
203
+ }
204
+ if (this.alter !== false) {
205
+ json["alter"] = this.alter;
206
+ }
207
+ return json;
208
+ }
209
+ static fromJSON(obj) {
210
+ if (!isRecord(obj) || typeof obj.name !== "string") {
211
+ throw new Error("TableGrant requires a name");
212
+ }
213
+ return new TableGrant({
214
+ name: obj.name,
215
+ namespace: asStringList(obj.namespace),
216
+ write: obj.write,
217
+ read: obj.read,
218
+ alter: obj.alter,
219
+ });
220
+ }
65
221
  }
66
222
  exports.TableGrant = TableGrant;
67
223
  class DatabaseGrant {
68
- constructor({ tables, listTables } = {}) {
69
- this.listTables = true;
224
+ constructor({ tables, listTables, } = {}) {
70
225
  this.tables = tables;
71
226
  this.listTables = listTables ?? true;
72
227
  }
73
- _match(table) {
74
- if (!this.tables)
75
- return undefined;
76
- return this.tables.find(t => t.name === table);
228
+ matchingTables(table, namespace) {
229
+ if (this.tables === undefined) {
230
+ return [];
231
+ }
232
+ return this.tables.filter((tableGrant) => {
233
+ if (tableGrant.name !== table) {
234
+ return false;
235
+ }
236
+ if (tableGrant.namespace === undefined) {
237
+ return true;
238
+ }
239
+ return namespacesEqual(tableGrant.namespace, namespace);
240
+ });
77
241
  }
78
- canWrite(table) {
79
- const t = this._match(table);
80
- return t ? t.write : this.tables === undefined;
242
+ canWrite(table, namespace) {
243
+ if (this.tables === undefined) {
244
+ return true;
245
+ }
246
+ const matches = this.matchingTables(table, namespace);
247
+ if (matches.length === 0) {
248
+ return false;
249
+ }
250
+ return matches.some((tableGrant) => tableGrant.write);
81
251
  }
82
- canRead(table) {
83
- const t = this._match(table);
84
- return t ? t.read : this.tables === undefined;
252
+ canRead(table, namespace) {
253
+ if (this.tables === undefined) {
254
+ return true;
255
+ }
256
+ const matches = this.matchingTables(table, namespace);
257
+ if (matches.length === 0) {
258
+ return false;
259
+ }
260
+ return matches.some((tableGrant) => tableGrant.read);
85
261
  }
86
- canAlter(table) {
87
- const t = this._match(table);
88
- return t ? t.alter : this.tables === undefined;
262
+ canAlter(table, namespace) {
263
+ if (this.tables === undefined) {
264
+ return true;
265
+ }
266
+ const matches = this.matchingTables(table, namespace);
267
+ if (matches.length === 0) {
268
+ return false;
269
+ }
270
+ return matches.some((tableGrant) => tableGrant.alter);
271
+ }
272
+ canAccess(table, namespace) {
273
+ return (this.canRead(table, namespace)
274
+ || this.canWrite(table, namespace)
275
+ || this.canAlter(table, namespace));
276
+ }
277
+ toJSON() {
278
+ const json = {};
279
+ if (this.tables !== undefined) {
280
+ json["tables"] = this.tables.map((tableGrant) => tableGrant.toJSON());
281
+ }
282
+ if (this.listTables !== true) {
283
+ json["list_tables"] = this.listTables;
284
+ }
285
+ return json;
286
+ }
287
+ static fromJSON(obj) {
288
+ if (!isRecord(obj)) {
289
+ return new DatabaseGrant();
290
+ }
291
+ return new DatabaseGrant({
292
+ tables: Array.isArray(obj.tables)
293
+ ? obj.tables.map((tableGrant) => TableGrant.fromJSON(tableGrant))
294
+ : undefined,
295
+ listTables: obj.list_tables ?? obj.listTables,
296
+ });
89
297
  }
90
298
  }
91
299
  exports.DatabaseGrant = DatabaseGrant;
300
+ class MemoryPermissions {
301
+ constructor({ create, drop, inspect, query, upsert, ingest, recall, optimize, } = {}) {
302
+ this.create = create ?? true;
303
+ this.drop = drop ?? true;
304
+ this.inspect = inspect ?? true;
305
+ this.query = query ?? true;
306
+ this.upsert = upsert ?? true;
307
+ this.ingest = ingest ?? true;
308
+ this.recall = recall ?? true;
309
+ this.optimize = optimize ?? true;
310
+ }
311
+ toJSON() {
312
+ const json = {};
313
+ if (this.create !== true) {
314
+ json["create"] = this.create;
315
+ }
316
+ if (this.drop !== true) {
317
+ json["drop"] = this.drop;
318
+ }
319
+ if (this.inspect !== true) {
320
+ json["inspect"] = this.inspect;
321
+ }
322
+ if (this.query !== true) {
323
+ json["query"] = this.query;
324
+ }
325
+ if (this.upsert !== true) {
326
+ json["upsert"] = this.upsert;
327
+ }
328
+ if (this.ingest !== true) {
329
+ json["ingest"] = this.ingest;
330
+ }
331
+ if (this.recall !== true) {
332
+ json["recall"] = this.recall;
333
+ }
334
+ if (this.optimize !== true) {
335
+ json["optimize"] = this.optimize;
336
+ }
337
+ return json;
338
+ }
339
+ static fromJSON(obj) {
340
+ if (!isRecord(obj)) {
341
+ return new MemoryPermissions();
342
+ }
343
+ return new MemoryPermissions({
344
+ create: obj.create,
345
+ drop: obj.drop,
346
+ inspect: obj.inspect,
347
+ query: obj.query,
348
+ upsert: obj.upsert,
349
+ ingest: obj.ingest,
350
+ recall: obj.recall,
351
+ optimize: obj.optimize,
352
+ });
353
+ }
354
+ }
355
+ exports.MemoryPermissions = MemoryPermissions;
356
+ class MemoryEntryGrant {
357
+ constructor({ name, namespace, permissions, }) {
358
+ this.name = name;
359
+ this.namespace = namespace;
360
+ this.permissions = permissions ?? new MemoryPermissions();
361
+ }
362
+ toJSON() {
363
+ const json = {
364
+ name: this.name,
365
+ };
366
+ if (this.namespace !== undefined) {
367
+ json["namespace"] = this.namespace;
368
+ }
369
+ json["permissions"] = this.permissions.toJSON();
370
+ return json;
371
+ }
372
+ static fromJSON(obj) {
373
+ if (!isRecord(obj) || typeof obj.name !== "string") {
374
+ throw new Error("MemoryEntryGrant requires a name");
375
+ }
376
+ return new MemoryEntryGrant({
377
+ name: obj.name,
378
+ namespace: asStringList(obj.namespace),
379
+ permissions: MemoryPermissions.fromJSON(obj.permissions),
380
+ });
381
+ }
382
+ }
383
+ exports.MemoryEntryGrant = MemoryEntryGrant;
384
+ class MemoryGrant {
385
+ constructor({ list, memories, } = {}) {
386
+ this.list = list ?? true;
387
+ this.memories = memories;
388
+ }
389
+ matchingMemories(name, namespace) {
390
+ if (this.memories === undefined) {
391
+ return [];
392
+ }
393
+ return this.memories.filter((memoryGrant) => {
394
+ if (memoryGrant.name !== name) {
395
+ return false;
396
+ }
397
+ if (memoryGrant.namespace === undefined) {
398
+ return true;
399
+ }
400
+ return namespacesEqual(memoryGrant.namespace, namespace);
401
+ });
402
+ }
403
+ can(name, namespace, permission) {
404
+ if (this.memories === undefined) {
405
+ return true;
406
+ }
407
+ const matches = this.matchingMemories(name, namespace);
408
+ if (matches.length === 0) {
409
+ return false;
410
+ }
411
+ return matches.some((memoryGrant) => memoryGrant.permissions[permission]);
412
+ }
413
+ canCreate(name, namespace) {
414
+ return this.can(name, namespace, "create");
415
+ }
416
+ canDrop(name, namespace) {
417
+ return this.can(name, namespace, "drop");
418
+ }
419
+ canInspect(name, namespace) {
420
+ return this.can(name, namespace, "inspect");
421
+ }
422
+ canQuery(name, namespace) {
423
+ return this.can(name, namespace, "query");
424
+ }
425
+ canUpsert(name, namespace) {
426
+ return this.can(name, namespace, "upsert");
427
+ }
428
+ canIngest(name, namespace) {
429
+ return this.can(name, namespace, "ingest");
430
+ }
431
+ canRecall(name, namespace) {
432
+ return this.can(name, namespace, "recall");
433
+ }
434
+ canOptimize(name, namespace) {
435
+ return this.can(name, namespace, "optimize");
436
+ }
437
+ canAccessExisting(name, namespace) {
438
+ return (this.canDrop(name, namespace)
439
+ || this.canInspect(name, namespace)
440
+ || this.canQuery(name, namespace)
441
+ || this.canUpsert(name, namespace)
442
+ || this.canIngest(name, namespace)
443
+ || this.canRecall(name, namespace)
444
+ || this.canOptimize(name, namespace));
445
+ }
446
+ toJSON() {
447
+ const json = {};
448
+ if (this.list !== true) {
449
+ json["list"] = this.list;
450
+ }
451
+ if (this.memories !== undefined) {
452
+ json["memories"] = this.memories.map((memoryGrant) => memoryGrant.toJSON());
453
+ }
454
+ return json;
455
+ }
456
+ static fromJSON(obj) {
457
+ if (!isRecord(obj)) {
458
+ return new MemoryGrant();
459
+ }
460
+ return new MemoryGrant({
461
+ list: obj.list,
462
+ memories: Array.isArray(obj.memories)
463
+ ? obj.memories.map((memoryGrant) => MemoryEntryGrant.fromJSON(memoryGrant))
464
+ : undefined,
465
+ });
466
+ }
467
+ }
468
+ exports.MemoryGrant = MemoryGrant;
92
469
  class SyncPathGrant {
93
470
  constructor({ path, readOnly }) {
94
471
  this.path = path;
95
472
  this.readOnly = readOnly ?? false;
96
473
  }
474
+ toJSON() {
475
+ const json = {
476
+ path: this.path,
477
+ };
478
+ if (this.readOnly !== false) {
479
+ json["read_only"] = this.readOnly;
480
+ }
481
+ return json;
482
+ }
483
+ static fromJSON(obj) {
484
+ if (!isRecord(obj) || typeof obj.path !== "string") {
485
+ throw new Error("SyncPathGrant requires a path");
486
+ }
487
+ return new SyncPathGrant({
488
+ path: obj.path,
489
+ readOnly: obj.read_only ?? obj.readOnly,
490
+ });
491
+ }
97
492
  }
98
493
  exports.SyncPathGrant = SyncPathGrant;
99
494
  class SyncGrant {
100
495
  constructor({ paths } = {}) {
101
496
  this.paths = paths;
102
497
  }
103
- matches(p, path) {
104
- return p.path === path || (p.path.endsWith("*") && path.startsWith(p.path.slice(0, -1)));
498
+ matches(pathGrant, path) {
499
+ return pathGrant.path === path
500
+ || (pathGrant.path.endsWith("*")
501
+ && path.startsWith(pathGrant.path.slice(0, -1)));
105
502
  }
106
503
  canRead(path) {
107
- if (this.paths) {
108
- return this.paths.some(p => this.matches(p, path));
504
+ if (this.paths === undefined) {
505
+ return true;
109
506
  }
110
- return true;
507
+ return this.paths.some((pathGrant) => this.matches(pathGrant, path));
111
508
  }
112
509
  canWrite(path) {
113
- if (this.paths) {
114
- const p = this.paths.find(pp => this.matches(pp, path));
115
- return p ? !p.readOnly : false;
510
+ if (this.paths === undefined) {
511
+ return true;
116
512
  }
117
- return true;
513
+ for (const pathGrant of this.paths) {
514
+ if (this.matches(pathGrant, path)) {
515
+ return !pathGrant.readOnly;
516
+ }
517
+ }
518
+ return false;
519
+ }
520
+ toJSON() {
521
+ const json = {};
522
+ if (this.paths !== undefined) {
523
+ json["paths"] = this.paths.map((pathGrant) => pathGrant.toJSON());
524
+ }
525
+ return json;
526
+ }
527
+ static fromJSON(obj) {
528
+ if (!isRecord(obj)) {
529
+ return new SyncGrant();
530
+ }
531
+ return new SyncGrant({
532
+ paths: Array.isArray(obj.paths)
533
+ ? obj.paths.map((pathGrant) => SyncPathGrant.fromJSON(pathGrant))
534
+ : undefined,
535
+ });
118
536
  }
119
537
  }
120
538
  exports.SyncGrant = SyncGrant;
@@ -123,46 +541,190 @@ class StoragePathGrant {
123
541
  this.path = path;
124
542
  this.readOnly = readOnly ?? false;
125
543
  }
544
+ toJSON() {
545
+ const json = {
546
+ path: this.path,
547
+ };
548
+ if (this.readOnly !== false) {
549
+ json["read_only"] = this.readOnly;
550
+ }
551
+ return json;
552
+ }
553
+ static fromJSON(obj) {
554
+ if (!isRecord(obj) || typeof obj.path !== "string") {
555
+ throw new Error("StoragePathGrant requires a path");
556
+ }
557
+ return new StoragePathGrant({
558
+ path: obj.path,
559
+ readOnly: obj.read_only ?? obj.readOnly,
560
+ });
561
+ }
126
562
  }
127
563
  exports.StoragePathGrant = StoragePathGrant;
128
564
  class StorageGrant {
129
565
  constructor({ paths } = {}) {
130
566
  this.paths = paths;
131
567
  }
132
- matches(p, path) {
133
- return path.startsWith(p.path);
134
- }
135
568
  canRead(path) {
136
- if (!this.paths)
569
+ if (this.paths === undefined) {
137
570
  return true;
138
- return this.paths.some(p => this.matches(p, path));
571
+ }
572
+ return this.paths.some((pathGrant) => path.startsWith(pathGrant.path));
139
573
  }
140
574
  canWrite(path) {
141
- if (!this.paths)
575
+ if (this.paths === undefined) {
142
576
  return true;
143
- const p = this.paths.find(pp => this.matches(pp, path));
144
- return p ? !p.readOnly : false;
577
+ }
578
+ for (const pathGrant of this.paths) {
579
+ if (path.startsWith(pathGrant.path)) {
580
+ return !pathGrant.readOnly;
581
+ }
582
+ }
583
+ return false;
584
+ }
585
+ toJSON() {
586
+ const json = {};
587
+ if (this.paths !== undefined) {
588
+ json["paths"] = this.paths.map((pathGrant) => pathGrant.toJSON());
589
+ }
590
+ return json;
591
+ }
592
+ static fromJSON(obj) {
593
+ if (!isRecord(obj)) {
594
+ return new StorageGrant();
595
+ }
596
+ return new StorageGrant({
597
+ paths: Array.isArray(obj.paths)
598
+ ? obj.paths.map((pathGrant) => StoragePathGrant.fromJSON(pathGrant))
599
+ : undefined,
600
+ });
145
601
  }
146
602
  }
147
603
  exports.StorageGrant = StorageGrant;
604
+ class ContainerRegistryGrant {
605
+ constructor({ list, pull, run, write, } = {}) {
606
+ this.list = list;
607
+ this.pull = pull;
608
+ this.run = run;
609
+ this.write = write;
610
+ }
611
+ canList(repository) {
612
+ if (this.list !== undefined) {
613
+ return matchesGrantPattern(this.list, repository, false);
614
+ }
615
+ if (this.pull === undefined && this.run === undefined && this.write === undefined) {
616
+ return true;
617
+ }
618
+ return [this.pull, this.run, this.write]
619
+ .filter((patterns) => patterns !== undefined)
620
+ .some((patterns) => matchesGrantPattern(patterns, repository, false));
621
+ }
622
+ canPull(repository) {
623
+ return matchesGrantPattern(this.pull, repository, true);
624
+ }
625
+ canRun(repository) {
626
+ return matchesGrantPattern(this.run, repository, true);
627
+ }
628
+ canWrite(repository) {
629
+ return matchesGrantPattern(this.write, repository, true);
630
+ }
631
+ toJSON() {
632
+ const json = {};
633
+ if (this.list !== undefined) {
634
+ json["list"] = this.list;
635
+ }
636
+ if (this.pull !== undefined) {
637
+ json["pull"] = this.pull;
638
+ }
639
+ if (this.run !== undefined) {
640
+ json["run"] = this.run;
641
+ }
642
+ if (this.write !== undefined) {
643
+ json["write"] = this.write;
644
+ }
645
+ return json;
646
+ }
647
+ static fromJSON(obj) {
648
+ if (!isRecord(obj)) {
649
+ return new ContainerRegistryGrant();
650
+ }
651
+ return new ContainerRegistryGrant({
652
+ list: asStringList(obj.list),
653
+ pull: asStringList(obj.pull),
654
+ run: asStringList(obj.run),
655
+ write: asStringList(obj.write),
656
+ });
657
+ }
658
+ }
659
+ exports.ContainerRegistryGrant = ContainerRegistryGrant;
148
660
  class ContainersGrant {
149
- constructor({ logs, pull, run, useContainers } = {}) {
661
+ constructor({ logs, pull, run, registry, useContainers, } = {}) {
150
662
  this.logs = logs ?? true;
151
663
  this.pull = pull;
152
664
  this.run = run;
665
+ this.registry = registry;
153
666
  this.useContainers = useContainers ?? true;
154
667
  }
155
- match(list, tag) {
156
- if (!list) {
668
+ canPull(tag) {
669
+ return matchesGrantPattern(this.pull, tag, true);
670
+ }
671
+ canRun(tag) {
672
+ return matchesGrantPattern(this.run, tag, true);
673
+ }
674
+ canRegistryList(repository) {
675
+ if (this.registry === undefined) {
157
676
  return true;
158
677
  }
159
- return list.some(t => tag === t || tag.startsWith(t.endsWith("*") ? t.slice(0, -1) : t));
678
+ return this.registry.canList(repository);
160
679
  }
161
- canPull(tag) {
162
- return this.match(this.pull, tag);
680
+ canRegistryPull(repository) {
681
+ if (this.registry === undefined) {
682
+ return true;
683
+ }
684
+ return this.registry.canPull(repository);
163
685
  }
164
- canRun(tag) {
165
- return this.match(this.run, tag);
686
+ canRegistryRun(repository) {
687
+ if (this.registry === undefined) {
688
+ return true;
689
+ }
690
+ return this.registry.canRun(repository);
691
+ }
692
+ canRegistryWrite(repository) {
693
+ if (this.registry === undefined) {
694
+ return true;
695
+ }
696
+ return this.registry.canWrite(repository);
697
+ }
698
+ toJSON() {
699
+ const json = {};
700
+ if (this.logs !== true) {
701
+ json["logs"] = this.logs;
702
+ }
703
+ if (this.pull !== undefined) {
704
+ json["pull"] = this.pull;
705
+ }
706
+ if (this.run !== undefined) {
707
+ json["run"] = this.run;
708
+ }
709
+ if (this.registry !== undefined) {
710
+ json["registry"] = this.registry.toJSON();
711
+ }
712
+ if (this.useContainers !== true) {
713
+ json["use_containers"] = this.useContainers;
714
+ }
715
+ return json;
716
+ }
717
+ static fromJSON(obj) {
718
+ if (!isRecord(obj)) {
719
+ return new ContainersGrant();
720
+ }
721
+ return new ContainersGrant({
722
+ logs: obj.logs,
723
+ pull: asStringList(obj.pull),
724
+ run: asStringList(obj.run),
725
+ registry: obj.registry ? ContainerRegistryGrant.fromJSON(obj.registry) : undefined,
726
+ useContainers: obj.use_containers ?? obj.useContainers,
727
+ });
166
728
  }
167
729
  }
168
730
  exports.ContainersGrant = ContainersGrant;
@@ -170,71 +732,336 @@ class DeveloperGrant {
170
732
  constructor({ logs } = {}) {
171
733
  this.logs = logs ?? true;
172
734
  }
735
+ toJSON() {
736
+ const json = {};
737
+ if (this.logs !== true) {
738
+ json["logs"] = this.logs;
739
+ }
740
+ return json;
741
+ }
742
+ static fromJSON(obj) {
743
+ if (!isRecord(obj)) {
744
+ return new DeveloperGrant();
745
+ }
746
+ return new DeveloperGrant({
747
+ logs: obj.logs,
748
+ });
749
+ }
173
750
  }
174
751
  exports.DeveloperGrant = DeveloperGrant;
175
752
  class AdminGrant {
753
+ constructor({ config } = {}) {
754
+ this.config = config ?? true;
755
+ }
756
+ toJSON() {
757
+ const json = {};
758
+ if (this.config !== true) {
759
+ json["config"] = this.config;
760
+ }
761
+ return json;
762
+ }
763
+ static fromJSON(obj) {
764
+ if (!isRecord(obj)) {
765
+ return new AdminGrant();
766
+ }
767
+ return new AdminGrant({
768
+ config: obj.config,
769
+ });
770
+ }
176
771
  }
177
772
  exports.AdminGrant = AdminGrant;
773
+ class OAuthEndpoint {
774
+ constructor({ endpoint, clientId }) {
775
+ this.endpoint = endpoint;
776
+ this.clientId = clientId;
777
+ }
778
+ toJSON() {
779
+ return {
780
+ endpoint: this.endpoint,
781
+ client_id: this.clientId,
782
+ };
783
+ }
784
+ static fromJSON(obj) {
785
+ if (!isRecord(obj) || typeof obj.endpoint !== "string") {
786
+ throw new Error("OAuthEndpoint requires an endpoint");
787
+ }
788
+ const clientId = obj.client_id ?? obj.clientId;
789
+ if (typeof clientId !== "string") {
790
+ throw new Error("OAuthEndpoint requires a client_id");
791
+ }
792
+ return new OAuthEndpoint({
793
+ endpoint: obj.endpoint,
794
+ clientId,
795
+ });
796
+ }
797
+ }
798
+ exports.OAuthEndpoint = OAuthEndpoint;
178
799
  class SecretsGrant {
179
- canRequestOauthToken(authorizationEndpoint) {
180
- if (!this.requestOauthToken) {
800
+ constructor({ requestOauthToken } = {}) {
801
+ this.requestOauthToken = requestOauthToken;
802
+ }
803
+ canRequestOauthToken({ connector, oauth, } = {}) {
804
+ void connector;
805
+ if (this.requestOauthToken === undefined) {
181
806
  return true;
182
807
  }
183
- return this.requestOauthToken.some(t => t === authorizationEndpoint || ((t.endsWith("*") && authorizationEndpoint.startsWith(t.slice(0, -1)))));
808
+ const authorizationEndpoint = typeof oauth?.authorization_endpoint === "string"
809
+ ? oauth.authorization_endpoint.trim()
810
+ : "";
811
+ const clientId = typeof oauth?.client_id === "string"
812
+ ? oauth.client_id.trim()
813
+ : "";
814
+ if (authorizationEndpoint === "" || clientId === "") {
815
+ return false;
816
+ }
817
+ return this.requestOauthToken.some((endpointGrant) => ((endpointGrant.endpoint === authorizationEndpoint
818
+ || (endpointGrant.endpoint.endsWith("*")
819
+ && authorizationEndpoint.startsWith(endpointGrant.endpoint.slice(0, -1))))
820
+ && endpointGrant.clientId === clientId));
821
+ }
822
+ toJSON() {
823
+ const json = {};
824
+ if (this.requestOauthToken !== undefined) {
825
+ json["request_oauth_token"] = this.requestOauthToken.map((endpointGrant) => endpointGrant.toJSON());
826
+ }
827
+ return json;
828
+ }
829
+ static fromJSON(obj) {
830
+ if (!isRecord(obj)) {
831
+ return new SecretsGrant();
832
+ }
833
+ const requestOauthToken = obj.request_oauth_token ?? obj.requestOauthToken;
834
+ return new SecretsGrant({
835
+ requestOauthToken: Array.isArray(requestOauthToken)
836
+ ? requestOauthToken.map((endpointGrant) => OAuthEndpoint.fromJSON(endpointGrant))
837
+ : undefined,
838
+ });
184
839
  }
185
840
  }
186
841
  exports.SecretsGrant = SecretsGrant;
842
+ class TunnelsGrant {
843
+ constructor({ ports } = {}) {
844
+ this.ports = ports;
845
+ }
846
+ toJSON() {
847
+ const json = {};
848
+ if (this.ports !== undefined) {
849
+ json["ports"] = this.ports;
850
+ }
851
+ return json;
852
+ }
853
+ static fromJSON(obj) {
854
+ if (!isRecord(obj)) {
855
+ return new TunnelsGrant();
856
+ }
857
+ return new TunnelsGrant({
858
+ ports: asStringList(obj.ports),
859
+ });
860
+ }
861
+ }
862
+ exports.TunnelsGrant = TunnelsGrant;
863
+ class ServicesGrant {
864
+ constructor({ list } = {}) {
865
+ this.list = list ?? true;
866
+ }
867
+ toJSON() {
868
+ const json = {};
869
+ if (this.list !== true) {
870
+ json["list"] = this.list;
871
+ }
872
+ return json;
873
+ }
874
+ static fromJSON(obj) {
875
+ if (!isRecord(obj)) {
876
+ return new ServicesGrant();
877
+ }
878
+ return new ServicesGrant({
879
+ list: obj.list,
880
+ });
881
+ }
882
+ }
883
+ exports.ServicesGrant = ServicesGrant;
884
+ class LLMGrant {
885
+ constructor({ models } = {}) {
886
+ this.models = models;
887
+ }
888
+ canUseProvider(provider) {
889
+ const normalizedProvider = provider.trim();
890
+ if (normalizedProvider === "") {
891
+ return false;
892
+ }
893
+ if (!this.models) {
894
+ return true;
895
+ }
896
+ const prefix = `${normalizedProvider}/`;
897
+ return this.models.some((pattern) => pattern.trim().startsWith(prefix));
898
+ }
899
+ canUseModel(provider, model) {
900
+ const normalizedProvider = provider.trim();
901
+ const normalizedModel = model.trim();
902
+ if (normalizedProvider === "" || normalizedModel === "") {
903
+ return false;
904
+ }
905
+ return matchesGrantPattern(this.models, `${normalizedProvider}/${normalizedModel}`, true);
906
+ }
907
+ toJSON() {
908
+ const json = {};
909
+ if (this.models !== undefined) {
910
+ json["models"] = this.models;
911
+ }
912
+ return json;
913
+ }
914
+ static fromJSON(obj) {
915
+ if (!isRecord(obj)) {
916
+ return new LLMGrant();
917
+ }
918
+ return new LLMGrant({
919
+ models: asStringList(obj.models),
920
+ });
921
+ }
922
+ }
923
+ exports.LLMGrant = LLMGrant;
187
924
  class ApiScope {
188
- constructor({ livekit, queues, messaging, database, sync, storage, containers, developer, agents, admin, secrets, } = {}) {
925
+ constructor({ livekit, queues, messaging, database, memory, sync, storage, containers, developer, agents, llm, admin, secrets, tunnels, services, } = {}) {
189
926
  this.livekit = livekit;
190
927
  this.queues = queues;
191
928
  this.messaging = messaging;
192
929
  this.database = database;
930
+ this.memory = memory;
193
931
  this.sync = sync;
194
932
  this.storage = storage;
195
933
  this.containers = containers;
196
934
  this.developer = developer;
197
935
  this.agents = agents;
936
+ this.llm = llm;
198
937
  this.admin = admin;
199
938
  this.secrets = secrets;
939
+ this.tunnels = tunnels;
940
+ this.services = services;
200
941
  }
201
- static agentDefault() {
202
- const s = new ApiScope();
203
- s.livekit = new LivekitGrant();
204
- s.queues = new QueuesGrant();
205
- s.messaging = new MessagingGrant();
206
- s.database = new DatabaseGrant();
207
- s.sync = new SyncGrant();
208
- s.storage = new StorageGrant();
209
- s.containers = new ContainersGrant();
210
- s.developer = new DeveloperGrant();
211
- s.agents = new AgentsGrant();
212
- return s;
942
+ static agentDefault({ tunnels = false } = {}) {
943
+ return new ApiScope({
944
+ livekit: new LivekitGrant(),
945
+ queues: new QueuesGrant(),
946
+ messaging: new MessagingGrant(),
947
+ database: new DatabaseGrant(),
948
+ memory: new MemoryGrant(),
949
+ sync: new SyncGrant(),
950
+ storage: new StorageGrant(),
951
+ containers: new ContainersGrant(),
952
+ developer: new DeveloperGrant(),
953
+ agents: new AgentsGrant(),
954
+ llm: new LLMGrant(),
955
+ secrets: new SecretsGrant(),
956
+ services: new ServicesGrant(),
957
+ tunnels: tunnels ? new TunnelsGrant() : undefined,
958
+ });
213
959
  }
214
960
  static userDefault() {
215
- const s = new ApiScope();
216
- s.livekit = new LivekitGrant();
217
- s.queues = new QueuesGrant();
218
- s.messaging = new MessagingGrant();
219
- s.database = new DatabaseGrant();
220
- s.sync = new SyncGrant();
221
- s.storage = new StorageGrant();
222
- s.containers = new ContainersGrant();
223
- s.developer = new DeveloperGrant();
224
- s.agents = new AgentsGrant();
225
- s.secrets = new SecretsGrant();
226
- return s;
961
+ return new ApiScope({
962
+ livekit: new LivekitGrant(),
963
+ queues: new QueuesGrant(),
964
+ messaging: new MessagingGrant(),
965
+ database: new DatabaseGrant(),
966
+ memory: new MemoryGrant(),
967
+ sync: new SyncGrant(),
968
+ storage: new StorageGrant(),
969
+ containers: new ContainersGrant(),
970
+ developer: new DeveloperGrant(),
971
+ agents: new AgentsGrant(),
972
+ secrets: new SecretsGrant(),
973
+ services: new ServicesGrant(),
974
+ });
227
975
  }
228
976
  static full() {
229
- const s = ApiScope.agentDefault();
230
- s.admin = new AdminGrant();
231
- return s;
977
+ return new ApiScope({
978
+ livekit: new LivekitGrant(),
979
+ queues: new QueuesGrant(),
980
+ messaging: new MessagingGrant(),
981
+ database: new DatabaseGrant(),
982
+ memory: new MemoryGrant(),
983
+ sync: new SyncGrant(),
984
+ storage: new StorageGrant(),
985
+ containers: new ContainersGrant(),
986
+ developer: new DeveloperGrant(),
987
+ agents: new AgentsGrant(),
988
+ llm: new LLMGrant(),
989
+ admin: new AdminGrant(),
990
+ secrets: new SecretsGrant(),
991
+ tunnels: new TunnelsGrant(),
992
+ services: new ServicesGrant(),
993
+ });
232
994
  }
233
995
  toJSON() {
234
- return { ...this };
996
+ const json = {};
997
+ if (this.livekit !== undefined) {
998
+ json["livekit"] = this.livekit.toJSON();
999
+ }
1000
+ if (this.queues !== undefined) {
1001
+ json["queues"] = this.queues.toJSON();
1002
+ }
1003
+ if (this.messaging !== undefined) {
1004
+ json["messaging"] = this.messaging.toJSON();
1005
+ }
1006
+ if (this.database !== undefined) {
1007
+ json["database"] = this.database.toJSON();
1008
+ }
1009
+ if (this.memory !== undefined) {
1010
+ json["memory"] = this.memory.toJSON();
1011
+ }
1012
+ if (this.sync !== undefined) {
1013
+ json["sync"] = this.sync.toJSON();
1014
+ }
1015
+ if (this.storage !== undefined) {
1016
+ json["storage"] = this.storage.toJSON();
1017
+ }
1018
+ if (this.containers !== undefined) {
1019
+ json["containers"] = this.containers.toJSON();
1020
+ }
1021
+ if (this.developer !== undefined) {
1022
+ json["developer"] = this.developer.toJSON();
1023
+ }
1024
+ if (this.agents !== undefined) {
1025
+ json["agents"] = this.agents.toJSON();
1026
+ }
1027
+ if (this.llm !== undefined) {
1028
+ json["llm"] = this.llm.toJSON();
1029
+ }
1030
+ if (this.admin !== undefined) {
1031
+ json["admin"] = this.admin.toJSON();
1032
+ }
1033
+ if (this.secrets !== undefined) {
1034
+ json["secrets"] = this.secrets.toJSON();
1035
+ }
1036
+ if (this.tunnels !== undefined) {
1037
+ json["tunnels"] = this.tunnels.toJSON();
1038
+ }
1039
+ if (this.services !== undefined) {
1040
+ json["services"] = this.services.toJSON();
1041
+ }
1042
+ return json;
235
1043
  }
236
1044
  static fromJSON(obj) {
237
- return Object.assign(new ApiScope(), obj);
1045
+ if (!isRecord(obj)) {
1046
+ return new ApiScope();
1047
+ }
1048
+ return new ApiScope({
1049
+ livekit: obj.livekit ? LivekitGrant.fromJSON(obj.livekit) : undefined,
1050
+ queues: obj.queues ? QueuesGrant.fromJSON(obj.queues) : undefined,
1051
+ messaging: obj.messaging ? MessagingGrant.fromJSON(obj.messaging) : undefined,
1052
+ database: obj.database ? DatabaseGrant.fromJSON(obj.database) : undefined,
1053
+ memory: obj.memory ? MemoryGrant.fromJSON(obj.memory) : undefined,
1054
+ sync: obj.sync ? SyncGrant.fromJSON(obj.sync) : undefined,
1055
+ storage: obj.storage ? StorageGrant.fromJSON(obj.storage) : undefined,
1056
+ containers: obj.containers ? ContainersGrant.fromJSON(obj.containers) : undefined,
1057
+ developer: obj.developer ? DeveloperGrant.fromJSON(obj.developer) : undefined,
1058
+ agents: obj.agents ? AgentsGrant.fromJSON(obj.agents) : undefined,
1059
+ llm: obj.llm ? LLMGrant.fromJSON(obj.llm) : undefined,
1060
+ admin: obj.admin ? AdminGrant.fromJSON(obj.admin) : undefined,
1061
+ secrets: obj.secrets ? SecretsGrant.fromJSON(obj.secrets) : undefined,
1062
+ tunnels: obj.tunnels ? TunnelsGrant.fromJSON(obj.tunnels) : undefined,
1063
+ services: obj.services ? ServicesGrant.fromJSON(obj.services) : undefined,
1064
+ });
238
1065
  }
239
1066
  }
240
1067
  exports.ApiScope = ApiScope;
@@ -269,12 +1096,14 @@ class ParticipantGrant {
269
1096
  }
270
1097
  exports.ParticipantGrant = ParticipantGrant;
271
1098
  function compareSemver(a, b) {
272
- const pa = a.split(".").map(n => parseInt(n, 10));
273
- const pb = b.split(".").map(n => parseInt(n, 10));
274
- for (let i = 0; i < Math.max(pa.length, pb.length); i++) {
275
- const x = pa[i] || 0, y = pb[i] || 0;
276
- if (x !== y)
277
- return x - y;
1099
+ const pa = a.split(".").map((value) => parseInt(value, 10));
1100
+ const pb = b.split(".").map((value) => parseInt(value, 10));
1101
+ for (let index = 0; index < Math.max(pa.length, pb.length); index += 1) {
1102
+ const left = pa[index] || 0;
1103
+ const right = pb[index] || 0;
1104
+ if (left !== right) {
1105
+ return left - right;
1106
+ }
278
1107
  }
279
1108
  return 0;
280
1109
  }
@@ -283,14 +1112,14 @@ class ParticipantToken {
283
1112
  this.name = name;
284
1113
  this.projectId = projectId;
285
1114
  this.apiKeyId = apiKeyId;
286
- this.version = version;
1115
+ this.version = version ?? version_1.__version__;
287
1116
  this.extra = extra ?? {};
288
1117
  this.grants = grants ?? [];
289
1118
  }
290
1119
  get role() {
291
- for (const g of this.grants) {
292
- if (g.name === "role" && g.scope !== "user") {
293
- return String(g.scope);
1120
+ for (const grant of this.grants) {
1121
+ if (grant.name === "role" && grant.scope !== "user") {
1122
+ return String(grant.scope);
294
1123
  }
295
1124
  }
296
1125
  return "user";
@@ -312,8 +1141,10 @@ class ParticipantToken {
312
1141
  return true;
313
1142
  }
314
1143
  addTunnelGrant(ports) {
315
- const portsStr = ports.join(",");
316
- this.grants.push(new ParticipantGrant({ name: "tunnel_ports", scope: portsStr }));
1144
+ this.grants.push(new ParticipantGrant({
1145
+ name: "tunnel_ports",
1146
+ scope: ports.join(","),
1147
+ }));
317
1148
  }
318
1149
  addRoleGrant(role) {
319
1150
  this.grants.push(new ParticipantGrant({ name: "role", scope: role }));
@@ -322,132 +1153,113 @@ class ParticipantToken {
322
1153
  this.grants.push(new ParticipantGrant({ name: "room", scope: roomName }));
323
1154
  }
324
1155
  addApiGrant(grant) {
1156
+ for (const existingGrant of this.grants) {
1157
+ if (existingGrant.name === "api") {
1158
+ throw new Error("can only have a single api grant");
1159
+ }
1160
+ }
325
1161
  this.grants.push(new ParticipantGrant({ name: "api", scope: grant }));
326
1162
  }
327
1163
  grantScope(name) {
328
- return this.grants.find(g => g.name === name)?.scope;
1164
+ return this.grants.find((grant) => grant.name === name)?.scope;
329
1165
  }
330
1166
  getApiGrant() {
331
- const api = this.grantScope("api");
332
- if (api && typeof api !== "string") {
333
- return api;
334
- }
335
- if (this.version && compareSemver(this.version, "0.6.0") < 0 && !api) {
336
- return new ApiScope({
337
- livekit: new LivekitGrant(),
338
- queues: new QueuesGrant(),
339
- messaging: new MessagingGrant(),
340
- database: new DatabaseGrant(),
341
- sync: new SyncGrant(),
342
- storage: new StorageGrant(),
343
- agents: new AgentsGrant(),
344
- developer: new DeveloperGrant(),
345
- });
1167
+ const apiGrant = this.grantScope("api");
1168
+ if (apiGrant && typeof apiGrant !== "string") {
1169
+ return apiGrant;
346
1170
  }
347
- return api;
1171
+ return undefined;
348
1172
  }
349
1173
  toJson() {
350
- const base = {
1174
+ const json = {
1175
+ ...(this.extra ?? {}),
351
1176
  name: this.name,
352
- grants: this.grants.map(g => g.toJson()),
1177
+ grants: this.grants.map((grant) => grant.toJson()),
353
1178
  };
354
- if (this.projectId) {
355
- base["sub"] = this.projectId;
1179
+ if (this.projectId !== undefined) {
1180
+ json["sub"] = this.projectId;
356
1181
  }
357
- if (this.apiKeyId) {
358
- base["kid"] = this.apiKeyId;
1182
+ if (this.apiKeyId !== undefined) {
1183
+ json["kid"] = this.apiKeyId;
359
1184
  }
360
- if (this.version) {
361
- base["version"] = this.version;
1185
+ if (this.version !== undefined) {
1186
+ json["version"] = this.version;
362
1187
  }
363
- return base;
1188
+ return json;
364
1189
  }
365
- async toJwt({ token, expiration, apiKey } = {}) {
366
- let apiGrant = null;
367
- for (const g of this.grants) {
368
- if (g.name === "api") {
369
- apiGrant = g;
370
- break;
371
- }
1190
+ async toJwt({ token, expiration, apiKey, } = {}) {
1191
+ const apiGrant = this.grants.find((grant) => grant.name === "api");
1192
+ if (!apiGrant && compareSemver(this.version, "0.3.5") > 0) {
1193
+ console.warn("there is no ApiScope in the participant token, this participant will not be able to make calls to the the room API. Use addApiGrant to add an ApiScope to this token.");
372
1194
  }
373
- if (!apiGrant && this.version && compareSemver(this.version, "0.5.3") >= 0) {
374
- console.error("ParticipantToken.toJwt: No API grant found, but version is >= 0.5.3. " +
375
- "This may cause issues with older clients that expect an API grant.");
376
- }
377
- let resolvedSecret = token;
378
- let resolvedKid = this.apiKeyId;
379
- let resolvedSub = this.projectId;
380
- const apiKeyValue = apiKey ?? getEnvValue("MESHAGENT_API_KEY");
381
- if (apiKeyValue) {
382
- const parsed = (0, api_keys_1.parseApiKey)(apiKeyValue);
383
- resolvedSecret ?? (resolvedSecret = parsed.secret);
384
- resolvedKid = parsed.id;
385
- resolvedSub = parsed.projectId;
386
- }
387
- let usingDefaultSecret = false;
388
- if (!resolvedSecret) {
389
- const envSecret = getEnvValue("MESHAGENT_SECRET");
390
- if (!envSecret) {
391
- throw new Error("ParticipantToken.toJwt: No secret provided. Pass `token`, `apiKey`, or set MESHAGENT_SECRET / MESHAGENT_API_KEY.");
392
- }
393
- resolvedSecret = envSecret;
394
- usingDefaultSecret = true;
395
- }
396
- const secretKey = new TextEncoder().encode(resolvedSecret);
397
1195
  const payload = this.toJson();
398
- if (resolvedSub) {
399
- payload["sub"] = resolvedSub;
400
- }
401
- else {
402
- delete payload["sub"];
1196
+ const resolvedApiKey = apiKey ?? getEnvValue("MESHAGENT_API_KEY");
1197
+ let resolvedSecret = token;
1198
+ if (resolvedApiKey !== undefined) {
1199
+ const parsed = (0, api_keys_1.parseApiKey)(resolvedApiKey);
1200
+ resolvedSecret = parsed.secret;
1201
+ payload["kid"] = parsed.id;
1202
+ payload["sub"] = parsed.projectId;
403
1203
  }
404
- if (usingDefaultSecret) {
1204
+ else if (resolvedSecret === undefined) {
405
1205
  delete payload["kid"];
406
1206
  }
407
- else if (resolvedKid) {
408
- payload["kid"] = resolvedKid;
1207
+ if (resolvedSecret === undefined) {
1208
+ resolvedSecret = getEnvValue("MESHAGENT_SECRET");
409
1209
  }
410
- else {
411
- delete payload["kid"];
1210
+ if (resolvedSecret === undefined) {
1211
+ throw new Error("ParticipantToken.toJwt: No secret provided. Pass `token`, `apiKey`, or set MESHAGENT_SECRET / MESHAGENT_API_KEY.");
412
1212
  }
413
- if (expiration) {
1213
+ if (expiration !== undefined) {
414
1214
  payload.exp = Math.floor(expiration.getTime() / 1000);
415
1215
  }
416
- const jwt = new jose_1.SignJWT(payload)
417
- .setProtectedHeader({ alg: "HS256", typ: "JWT" });
418
- const jwtToken = await jwt.sign(secretKey);
419
- return jwtToken;
1216
+ const secretKey = new TextEncoder().encode(resolvedSecret);
1217
+ return await new jose_1.SignJWT(payload)
1218
+ .setProtectedHeader({ alg: "HS256", typ: "JWT" })
1219
+ .sign(secretKey);
420
1220
  }
421
1221
  static fromJson(json) {
422
- const { name, sub, grants, kid, version, ...rest } = json;
423
- const extra = { ...rest };
424
- const v = version ? version : "0.5.3";
1222
+ const data = { ...json };
1223
+ if (typeof data.name !== "string") {
1224
+ throw new Error(`Participant token does not have a name ${JSON.stringify(json)}`);
1225
+ }
1226
+ const name = data.name;
1227
+ delete data.name;
1228
+ const grantsRaw = Array.isArray(data.grants) ? data.grants : [];
1229
+ delete data.grants;
1230
+ const projectId = typeof data.sub === "string" ? data.sub : undefined;
1231
+ delete data.sub;
1232
+ const apiKeyId = typeof data.kid === "string" ? data.kid : undefined;
1233
+ delete data.kid;
1234
+ const version = typeof data.version === "string" ? data.version : version_1.__version__;
1235
+ delete data.version;
425
1236
  return new ParticipantToken({
426
- name: name,
427
- projectId: sub,
428
- apiKeyId: kid,
429
- version: v,
430
- grants: grants?.map((g) => ParticipantGrant.fromJson(g)),
431
- extra,
1237
+ name,
1238
+ projectId,
1239
+ apiKeyId,
1240
+ grants: grantsRaw.map((grant) => ParticipantGrant.fromJson(grant)),
1241
+ extra: data,
1242
+ version,
432
1243
  });
433
1244
  }
434
1245
  static async fromJwt(jwtStr, options = {}) {
435
- const { token, verify = true } = options ?? {};
1246
+ const { token, verify = true } = options;
436
1247
  if (verify) {
437
- const secretKey = new TextEncoder().encode(token);
1248
+ const verificationToken = token ?? getEnvValue("MESHAGENT_SECRET");
1249
+ if (verificationToken === undefined) {
1250
+ throw new Error("Failed to verify JWT: no token provided");
1251
+ }
1252
+ const secretKey = new TextEncoder().encode(verificationToken);
438
1253
  const { payload } = await (0, jose_1.jwtVerify)(jwtStr, secretKey, {
439
1254
  algorithms: ["HS256"],
440
1255
  });
441
1256
  return ParticipantToken.fromJson(payload);
442
1257
  }
443
- else {
444
- try {
445
- const payload = (0, jose_1.decodeJwt)(jwtStr);
446
- return ParticipantToken.fromJson(payload);
447
- }
448
- catch (err) {
449
- throw new Error("Failed to decode JWT");
450
- }
1258
+ try {
1259
+ return ParticipantToken.fromJson((0, jose_1.decodeJwt)(jwtStr));
1260
+ }
1261
+ catch {
1262
+ throw new Error("Failed to decode JWT");
451
1263
  }
452
1264
  }
453
1265
  }