@newhomestar/sdk 0.5.1 → 0.6.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/credentials.d.ts +99 -0
- package/dist/credentials.js +754 -0
- package/dist/index.d.ts +113 -2
- package/dist/index.js +288 -17
- package/dist/integration.d.ts +398 -0
- package/dist/integration.js +416 -0
- package/dist/integrationSpec.d.ts +204 -0
- package/dist/integrationSpec.js +186 -0
- package/dist/workerSchema.d.ts +45 -2
- package/dist/workerSchema.js +28 -0
- package/package.json +2 -1
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
import { type SupabaseClient } from "@supabase/supabase-js";
|
|
2
|
+
import https from "node:https";
|
|
3
|
+
export type AuthMode = "standard" | "client_credentials" | "mtls";
|
|
4
|
+
export interface ResolvedCredentials {
|
|
5
|
+
/** Bearer access token for API calls */
|
|
6
|
+
accessToken: string;
|
|
7
|
+
/** When the token expires */
|
|
8
|
+
expiresAt: Date;
|
|
9
|
+
/** The app_integrations.id UUID */
|
|
10
|
+
integrationId: string;
|
|
11
|
+
/** Auth mode used */
|
|
12
|
+
authMode: AuthMode;
|
|
13
|
+
/** mTLS agent (if auth_mode = 'mtls') — use for ALL API requests to that provider */
|
|
14
|
+
httpsAgent?: https.Agent;
|
|
15
|
+
}
|
|
16
|
+
export interface IntegrationConfig {
|
|
17
|
+
id: string;
|
|
18
|
+
slug: string;
|
|
19
|
+
name: string;
|
|
20
|
+
auth_mode: AuthMode;
|
|
21
|
+
client_id: string | null;
|
|
22
|
+
client_secret_vault_id: string | null;
|
|
23
|
+
token_endpoint: string | null;
|
|
24
|
+
mtls_cert_vault_id: string | null;
|
|
25
|
+
mtls_key_vault_id: string | null;
|
|
26
|
+
is_active: boolean;
|
|
27
|
+
}
|
|
28
|
+
export declare class IntegrationNotFoundError extends Error {
|
|
29
|
+
constructor(slug: string);
|
|
30
|
+
}
|
|
31
|
+
export declare class IntegrationDisabledError extends Error {
|
|
32
|
+
constructor(slug: string);
|
|
33
|
+
}
|
|
34
|
+
export declare class CredentialsNotConfiguredError extends Error {
|
|
35
|
+
constructor(slug: string, detail: string);
|
|
36
|
+
}
|
|
37
|
+
export declare class ConnectionNotFoundError extends Error {
|
|
38
|
+
constructor(slug: string, userId: string);
|
|
39
|
+
}
|
|
40
|
+
export declare class TokenExchangeError extends Error {
|
|
41
|
+
constructor(slug: string, detail: string);
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Creates / returns the singleton Platform DB client.
|
|
45
|
+
* Reads from PLATFORM_SUPABASE_URL + PLATFORM_SUPABASE_SERVICE_ROLE_KEY.
|
|
46
|
+
*/
|
|
47
|
+
export declare function createPlatformClient(): SupabaseClient;
|
|
48
|
+
/**
|
|
49
|
+
* Resolves an access token for an integration, handling all auth modes.
|
|
50
|
+
*
|
|
51
|
+
* Flow:
|
|
52
|
+
* 1. Look up integration config from app_integrations (by slug)
|
|
53
|
+
* 2. Check auth_mode → route to server or user flow
|
|
54
|
+
* 3. Check in-memory cache → DB (user_app_connections) → exchange if needed
|
|
55
|
+
* 4. Cache the result and return
|
|
56
|
+
*
|
|
57
|
+
* @param platformDB - Platform Supabase client (project-starfleet-auth)
|
|
58
|
+
* @param slug - Integration slug (e.g., 'adp', 'salesforce')
|
|
59
|
+
* @param userId - User ID for standard OAuth; optional for server flows
|
|
60
|
+
*/
|
|
61
|
+
export declare function resolveCredentials(platformDB: SupabaseClient, slug: string, userId?: string): Promise<ResolvedCredentials>;
|
|
62
|
+
/**
|
|
63
|
+
* Generic mTLS-aware fetch for integration API calls.
|
|
64
|
+
* If the resolved credentials include an httpsAgent (mTLS), uses node:https.
|
|
65
|
+
* Otherwise, uses global fetch().
|
|
66
|
+
*
|
|
67
|
+
* Works with ANY integration — not ADP-specific.
|
|
68
|
+
*/
|
|
69
|
+
export declare function integrationFetch(url: string, credentials: ResolvedCredentials, options?: {
|
|
70
|
+
method?: string;
|
|
71
|
+
headers?: Record<string, string>;
|
|
72
|
+
body?: string;
|
|
73
|
+
}): Promise<Response>;
|
|
74
|
+
/**
|
|
75
|
+
* Emit a PGMQ event to the platform database.
|
|
76
|
+
* Used for cross-service communication (e.g., sync complete, webhook received).
|
|
77
|
+
*/
|
|
78
|
+
export declare function emitPlatformEvent(platformDB: SupabaseClient, topic: string, integrationSlug: string, payload: Record<string, unknown>): Promise<void>;
|
|
79
|
+
/**
|
|
80
|
+
* Resolve credentials for an integration using the HTTP callback strategy.
|
|
81
|
+
*
|
|
82
|
+
* This is the main entry point for Strategy B. It:
|
|
83
|
+
* 1. Checks the in-memory cache
|
|
84
|
+
* 2. Fetches decrypted credentials from the auth server via HTTP
|
|
85
|
+
* 3. Performs the OAuth token exchange (client_credentials or mTLS)
|
|
86
|
+
* 4. Caches the resulting access token in memory
|
|
87
|
+
*
|
|
88
|
+
* @param authBaseUrl - Auth server base URL
|
|
89
|
+
* @param slug - Integration slug
|
|
90
|
+
* @param bearerToken - JWT to authenticate with the auth server
|
|
91
|
+
* @param userId - Optional user ID (for cache key differentiation)
|
|
92
|
+
*/
|
|
93
|
+
export declare function resolveCredentialsViaHttp(authBaseUrl: string, slug: string, bearerToken: string, userId?: string): Promise<ResolvedCredentials>;
|
|
94
|
+
/**
|
|
95
|
+
* Detect which credential resolution strategy to use.
|
|
96
|
+
* Returns 'db' if PLATFORM_SUPABASE_* are available, 'http' if AUTH_ISSUER_BASE_URL
|
|
97
|
+
* is set, or 'none' if neither is configured.
|
|
98
|
+
*/
|
|
99
|
+
export declare function detectCredentialStrategy(): "db" | "http" | "none";
|