@okrlinkhub/agent-bridge 0.1.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +96 -127
- package/dist/cli/init.d.ts +3 -0
- package/dist/cli/init.d.ts.map +1 -0
- package/dist/cli/init.js +100 -0
- package/dist/cli/init.js.map +1 -0
- package/dist/client/index.d.ts +50 -173
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +129 -263
- package/dist/client/index.js.map +1 -1
- package/dist/component/_generated/api.d.ts +4 -4
- package/dist/component/_generated/api.d.ts.map +1 -1
- package/dist/component/_generated/component.d.ts +66 -162
- package/dist/component/_generated/component.d.ts.map +1 -1
- package/dist/component/agentBridgeUtils.d.ts +8 -0
- package/dist/component/agentBridgeUtils.d.ts.map +1 -0
- package/dist/component/agentBridgeUtils.js +33 -0
- package/dist/component/agentBridgeUtils.js.map +1 -0
- package/dist/component/agents.d.ts +27 -0
- package/dist/component/agents.d.ts.map +1 -0
- package/dist/component/agents.js +94 -0
- package/dist/component/agents.js.map +1 -0
- package/dist/component/gateway.d.ts +30 -44
- package/dist/component/gateway.d.ts.map +1 -1
- package/dist/component/gateway.js +127 -132
- package/dist/component/gateway.js.map +1 -1
- package/dist/component/permissions.d.ts +30 -84
- package/dist/component/permissions.d.ts.map +1 -1
- package/dist/component/permissions.js +80 -203
- package/dist/component/permissions.js.map +1 -1
- package/dist/component/schema.d.ts +55 -153
- package/dist/component/schema.d.ts.map +1 -1
- package/dist/component/schema.js +30 -80
- package/dist/component/schema.js.map +1 -1
- package/dist/react/index.d.ts +2 -2
- package/dist/react/index.d.ts.map +1 -1
- package/dist/react/index.js +2 -3
- package/dist/react/index.js.map +1 -1
- package/package.json +7 -3
- package/src/cli/init.ts +116 -0
- package/src/client/index.ts +228 -389
- package/src/component/_generated/api.ts +4 -4
- package/src/component/_generated/component.ts +79 -195
- package/src/component/agentBridgeUtils.ts +52 -0
- package/src/component/agents.ts +106 -0
- package/src/component/gateway.ts +149 -163
- package/src/component/permissions.ts +89 -259
- package/src/component/schema.ts +31 -96
- package/src/react/index.ts +5 -6
- package/dist/component/provisioning.d.ts +0 -87
- package/dist/component/provisioning.d.ts.map +0 -1
- package/dist/component/provisioning.js +0 -343
- package/dist/component/provisioning.js.map +0 -1
- package/dist/component/registry.d.ts +0 -46
- package/dist/component/registry.d.ts.map +0 -1
- package/dist/component/registry.js +0 -121
- package/dist/component/registry.js.map +0 -1
- package/src/component/provisioning.ts +0 -402
- package/src/component/registry.ts +0 -152
|
@@ -1,151 +1,120 @@
|
|
|
1
1
|
import { v } from "convex/values";
|
|
2
2
|
import { mutation, query } from "./_generated/server.js";
|
|
3
|
-
|
|
4
|
-
async function hashToken(token) {
|
|
5
|
-
const encoder = new TextEncoder();
|
|
6
|
-
const data = encoder.encode(token);
|
|
7
|
-
const hash = await crypto.subtle.digest("SHA-256", data);
|
|
8
|
-
return Array.from(new Uint8Array(hash))
|
|
9
|
-
.map((b) => b.toString(16).padStart(2, "0"))
|
|
10
|
-
.join("");
|
|
11
|
-
}
|
|
12
|
-
// --- Pattern matching (same logic as permissions.ts) ---
|
|
13
|
-
function patternSpecificity(pattern) {
|
|
14
|
-
const wildcardIndex = pattern.indexOf("*");
|
|
15
|
-
if (wildcardIndex === -1)
|
|
16
|
-
return pattern.length;
|
|
17
|
-
return wildcardIndex;
|
|
18
|
-
}
|
|
19
|
-
function matchesPattern(functionName, pattern) {
|
|
20
|
-
if (pattern === "*")
|
|
21
|
-
return true;
|
|
22
|
-
const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&");
|
|
23
|
-
const regexStr = "^" + escaped.replace(/\*/g, ".*") + "$";
|
|
24
|
-
return new RegExp(regexStr).test(functionName);
|
|
25
|
-
}
|
|
26
|
-
// --- Authorize request result validator ---
|
|
3
|
+
import { findBestPermissionMatch, hashApiKey, } from "./agentBridgeUtils.js";
|
|
27
4
|
const authorizeResultValidator = v.union(v.object({
|
|
28
5
|
authorized: v.literal(true),
|
|
29
|
-
agentId: v.
|
|
30
|
-
appName: v.string(),
|
|
31
|
-
functionHandle: v.string(),
|
|
32
|
-
functionType: v.union(v.literal("query"), v.literal("mutation"), v.literal("action")),
|
|
6
|
+
agentId: v.id("agents"),
|
|
33
7
|
}), v.object({
|
|
34
8
|
authorized: v.literal(false),
|
|
35
9
|
error: v.string(),
|
|
36
10
|
statusCode: v.number(),
|
|
37
|
-
agentId: v.optional(v.
|
|
38
|
-
|
|
39
|
-
matchedPermission: v.optional(v.union(v.literal("allow"), v.literal("deny"), v.literal("rate_limited"))),
|
|
11
|
+
agentId: v.optional(v.id("agents")),
|
|
12
|
+
retryAfterSeconds: v.optional(v.number()),
|
|
40
13
|
}));
|
|
41
14
|
/**
|
|
42
15
|
* Authorize an agent request.
|
|
43
16
|
* This is a mutation (not a query) because it updates counters and last activity.
|
|
44
17
|
*
|
|
45
18
|
* Steps:
|
|
46
|
-
* 1. Validate
|
|
19
|
+
* 1. Validate API key
|
|
47
20
|
* 2. Check agent is active
|
|
48
21
|
* 3. Check function permissions
|
|
49
|
-
* 4.
|
|
50
|
-
* 5.
|
|
22
|
+
* 4. Check function global override
|
|
23
|
+
* 5. Check rate limits
|
|
51
24
|
*
|
|
52
|
-
* Returns the
|
|
25
|
+
* Returns the agent id if authorized, or an error.
|
|
53
26
|
*/
|
|
54
27
|
export const authorizeRequest = mutation({
|
|
55
28
|
args: {
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
29
|
+
apiKey: v.string(),
|
|
30
|
+
functionKey: v.string(),
|
|
31
|
+
estimatedCost: v.optional(v.number()),
|
|
59
32
|
},
|
|
60
33
|
returns: authorizeResultValidator,
|
|
61
34
|
handler: async (ctx, args) => {
|
|
62
|
-
|
|
63
|
-
const
|
|
64
|
-
|
|
65
|
-
.
|
|
66
|
-
.withIndex("by_instance_token_hash", (q) => q.eq("instanceTokenHash", tokenHash))
|
|
35
|
+
const apiKeyHash = await hashApiKey(args.apiKey);
|
|
36
|
+
const agent = await ctx.db
|
|
37
|
+
.query("agents")
|
|
38
|
+
.withIndex("by_apiKeyHash", (q) => q.eq("apiKeyHash", apiKeyHash))
|
|
67
39
|
.unique();
|
|
68
|
-
if (!
|
|
40
|
+
if (!agent) {
|
|
69
41
|
return {
|
|
70
42
|
authorized: false,
|
|
71
|
-
error: "Invalid
|
|
43
|
+
error: "Invalid API key",
|
|
72
44
|
statusCode: 401,
|
|
73
45
|
};
|
|
74
46
|
}
|
|
75
|
-
if (
|
|
47
|
+
if (!agent.enabled) {
|
|
76
48
|
return {
|
|
77
49
|
authorized: false,
|
|
78
|
-
error: "
|
|
79
|
-
statusCode:
|
|
50
|
+
error: "Agent disabled",
|
|
51
|
+
statusCode: 403,
|
|
52
|
+
agentId: agent._id,
|
|
80
53
|
};
|
|
81
54
|
}
|
|
82
|
-
|
|
55
|
+
const permissions = await ctx.db
|
|
56
|
+
.query("agentPermissions")
|
|
57
|
+
.withIndex("by_agentId", (q) => q.eq("agentId", agent._id))
|
|
58
|
+
.collect();
|
|
59
|
+
const matchedRule = findBestPermissionMatch(args.functionKey, permissions);
|
|
60
|
+
if (!matchedRule || matchedRule.permission === "deny") {
|
|
83
61
|
return {
|
|
84
62
|
authorized: false,
|
|
85
|
-
error:
|
|
63
|
+
error: `Function ${args.functionKey} not allowed`,
|
|
86
64
|
statusCode: 403,
|
|
65
|
+
agentId: agent._id,
|
|
87
66
|
};
|
|
88
67
|
}
|
|
89
|
-
const
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
.query("registeredAgents")
|
|
93
|
-
.withIndex("by_agent_id", (q) => q.eq("agentId", agentId))
|
|
68
|
+
const functionOverride = await ctx.db
|
|
69
|
+
.query("agentFunctions")
|
|
70
|
+
.withIndex("by_key", (q) => q.eq("key", args.functionKey))
|
|
94
71
|
.unique();
|
|
95
|
-
if (
|
|
72
|
+
if (functionOverride && !functionOverride.enabled) {
|
|
96
73
|
return {
|
|
97
74
|
authorized: false,
|
|
98
|
-
error:
|
|
75
|
+
error: `Function ${args.functionKey} disabled`,
|
|
99
76
|
statusCode: 403,
|
|
100
|
-
agentId,
|
|
77
|
+
agentId: agent._id,
|
|
101
78
|
};
|
|
102
79
|
}
|
|
103
|
-
|
|
104
|
-
const
|
|
105
|
-
|
|
106
|
-
.
|
|
80
|
+
const effectiveHourlyLimit = resolveEffectiveHourlyLimit(agent.rateLimit, matchedRule.permission, matchedRule.rateLimitConfig?.requestsPerHour, functionOverride?.globalRateLimit);
|
|
81
|
+
const oneHourAgo = Date.now() - 60 * 60 * 1000;
|
|
82
|
+
const recentLogs = await ctx.db
|
|
83
|
+
.query("agentLogs")
|
|
84
|
+
.withIndex("by_agentId_and_timestamp", (q) => q.eq("agentId", agent._id))
|
|
107
85
|
.collect();
|
|
108
|
-
const
|
|
109
|
-
|
|
110
|
-
.sort((a, b) => patternSpecificity(b.functionPattern) -
|
|
111
|
-
patternSpecificity(a.functionPattern));
|
|
112
|
-
if (matches.length === 0 || matches[0].permission === "deny") {
|
|
113
|
-
const bestMatch = matches[0];
|
|
86
|
+
const recentCallCount = recentLogs.filter((log) => log.timestamp >= oneHourAgo).length;
|
|
87
|
+
if (recentCallCount >= effectiveHourlyLimit) {
|
|
114
88
|
return {
|
|
115
89
|
authorized: false,
|
|
116
|
-
error: "
|
|
117
|
-
statusCode:
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
matchedPermission: bestMatch?.permission,
|
|
90
|
+
error: "Rate limit exceeded",
|
|
91
|
+
statusCode: 429,
|
|
92
|
+
retryAfterSeconds: 3600,
|
|
93
|
+
agentId: agent._id,
|
|
121
94
|
};
|
|
122
95
|
}
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
.
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
96
|
+
if (matchedRule.permission === "rate_limited" &&
|
|
97
|
+
matchedRule.rateLimitConfig?.tokenBudget !== undefined) {
|
|
98
|
+
const estimatedCost = args.estimatedCost ?? 0;
|
|
99
|
+
const tokenEstimate = recentLogs
|
|
100
|
+
.filter((log) => log.timestamp >= oneHourAgo)
|
|
101
|
+
.reduce((sum, log) => sum + estimateCostFromLog(log.args), 0);
|
|
102
|
+
if (tokenEstimate + estimatedCost > matchedRule.rateLimitConfig.tokenBudget) {
|
|
103
|
+
return {
|
|
104
|
+
authorized: false,
|
|
105
|
+
error: "Token budget exceeded",
|
|
106
|
+
statusCode: 429,
|
|
107
|
+
retryAfterSeconds: 3600,
|
|
108
|
+
agentId: agent._id,
|
|
109
|
+
};
|
|
110
|
+
}
|
|
137
111
|
}
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
lastActivityAt: Date.now(),
|
|
141
|
-
monthlyRequests: instance.monthlyRequests + 1,
|
|
112
|
+
await ctx.db.patch(agent._id, {
|
|
113
|
+
lastUsed: Date.now(),
|
|
142
114
|
});
|
|
143
115
|
return {
|
|
144
116
|
authorized: true,
|
|
145
|
-
agentId,
|
|
146
|
-
appName: args.appName,
|
|
147
|
-
functionHandle: fnEntry.functionHandle,
|
|
148
|
-
functionType: fnEntry.functionType,
|
|
117
|
+
agentId: agent._id,
|
|
149
118
|
};
|
|
150
119
|
},
|
|
151
120
|
});
|
|
@@ -155,23 +124,24 @@ export const authorizeRequest = mutation({
|
|
|
155
124
|
*/
|
|
156
125
|
export const logAccess = mutation({
|
|
157
126
|
args: {
|
|
158
|
-
agentId: v.
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
127
|
+
agentId: v.id("agents"),
|
|
128
|
+
functionKey: v.string(),
|
|
129
|
+
args: v.any(),
|
|
130
|
+
result: v.optional(v.any()),
|
|
131
|
+
error: v.optional(v.string()),
|
|
132
|
+
duration: v.number(),
|
|
133
|
+
timestamp: v.number(),
|
|
164
134
|
},
|
|
165
135
|
returns: v.null(),
|
|
166
136
|
handler: async (ctx, args) => {
|
|
167
|
-
await ctx.db.insert("
|
|
168
|
-
timestamp:
|
|
137
|
+
await ctx.db.insert("agentLogs", {
|
|
138
|
+
timestamp: args.timestamp,
|
|
169
139
|
agentId: args.agentId,
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
140
|
+
functionKey: args.functionKey,
|
|
141
|
+
args: args.args,
|
|
142
|
+
result: args.result,
|
|
143
|
+
error: args.error,
|
|
144
|
+
duration: args.duration,
|
|
175
145
|
});
|
|
176
146
|
return null;
|
|
177
147
|
},
|
|
@@ -181,51 +151,76 @@ export const logAccess = mutation({
|
|
|
181
151
|
*/
|
|
182
152
|
export const queryAccessLog = query({
|
|
183
153
|
args: {
|
|
184
|
-
agentId: v.optional(v.
|
|
185
|
-
|
|
154
|
+
agentId: v.optional(v.id("agents")),
|
|
155
|
+
functionKey: v.optional(v.string()),
|
|
186
156
|
limit: v.optional(v.number()),
|
|
187
157
|
},
|
|
188
158
|
returns: v.array(v.object({
|
|
159
|
+
_id: v.id("agentLogs"),
|
|
189
160
|
timestamp: v.number(),
|
|
190
|
-
agentId: v.
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
161
|
+
agentId: v.id("agents"),
|
|
162
|
+
functionKey: v.string(),
|
|
163
|
+
args: v.any(),
|
|
164
|
+
result: v.optional(v.any()),
|
|
165
|
+
error: v.optional(v.string()),
|
|
166
|
+
duration: v.number(),
|
|
196
167
|
})),
|
|
197
168
|
handler: async (ctx, args) => {
|
|
198
169
|
const limit = args.limit ?? 50;
|
|
199
|
-
|
|
170
|
+
const agentId = args.agentId;
|
|
171
|
+
if (agentId !== undefined) {
|
|
200
172
|
const logs = await ctx.db
|
|
201
|
-
.query("
|
|
202
|
-
.withIndex("
|
|
173
|
+
.query("agentLogs")
|
|
174
|
+
.withIndex("by_agentId_and_timestamp", (q) => q.eq("agentId", agentId))
|
|
203
175
|
.order("desc")
|
|
204
176
|
.take(limit);
|
|
205
177
|
return logs.map((l) => ({
|
|
178
|
+
_id: l._id,
|
|
206
179
|
timestamp: l.timestamp,
|
|
207
180
|
agentId: l.agentId,
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
181
|
+
functionKey: l.functionKey,
|
|
182
|
+
args: l.args,
|
|
183
|
+
result: l.result,
|
|
184
|
+
error: l.error,
|
|
185
|
+
duration: l.duration,
|
|
213
186
|
}));
|
|
214
187
|
}
|
|
215
|
-
// No filter: get recent logs
|
|
216
188
|
const logs = await ctx.db
|
|
217
|
-
.query("
|
|
189
|
+
.query("agentLogs")
|
|
218
190
|
.order("desc")
|
|
219
191
|
.take(limit);
|
|
220
|
-
|
|
192
|
+
const filteredLogs = args.functionKey !== undefined
|
|
193
|
+
? logs.filter((log) => log.functionKey === args.functionKey)
|
|
194
|
+
: logs;
|
|
195
|
+
return filteredLogs.map((l) => ({
|
|
196
|
+
_id: l._id,
|
|
221
197
|
timestamp: l.timestamp,
|
|
222
198
|
agentId: l.agentId,
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
199
|
+
functionKey: l.functionKey,
|
|
200
|
+
args: l.args,
|
|
201
|
+
result: l.result,
|
|
202
|
+
error: l.error,
|
|
203
|
+
duration: l.duration,
|
|
228
204
|
}));
|
|
229
205
|
},
|
|
230
206
|
});
|
|
207
|
+
function resolveEffectiveHourlyLimit(baseAgentLimit, permissionType, permissionLimit, globalLimit) {
|
|
208
|
+
let effective = baseAgentLimit;
|
|
209
|
+
if (permissionType === "rate_limited" && permissionLimit !== undefined) {
|
|
210
|
+
effective = Math.min(effective, permissionLimit);
|
|
211
|
+
}
|
|
212
|
+
if (globalLimit !== undefined) {
|
|
213
|
+
effective = Math.min(effective, globalLimit);
|
|
214
|
+
}
|
|
215
|
+
return effective;
|
|
216
|
+
}
|
|
217
|
+
function estimateCostFromLog(args) {
|
|
218
|
+
if (!args || typeof args !== "object") {
|
|
219
|
+
return 0;
|
|
220
|
+
}
|
|
221
|
+
if ("estimatedCost" in args && typeof args.estimatedCost === "number") {
|
|
222
|
+
return args.estimatedCost;
|
|
223
|
+
}
|
|
224
|
+
return 0;
|
|
225
|
+
}
|
|
231
226
|
//# sourceMappingURL=gateway.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway.js","sourceRoot":"","sources":["../../src/component/gateway.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"gateway.js","sourceRoot":"","sources":["../../src/component/gateway.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,eAAe,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EACL,uBAAuB,EACvB,UAAU,GAEX,MAAM,uBAAuB,CAAC;AAE/B,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CACtC,CAAC,CAAC,MAAM,CAAC;IACP,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC;CACxB,CAAC,EACF,CAAC,CAAC,MAAM,CAAC;IACP,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAC5B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;IACtB,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC;IACnC,iBAAiB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;CAC1C,CAAC,CACH,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,QAAQ,CAAC;IACvC,IAAI,EAAE;QACJ,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;QACvB,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACtC;IACD,OAAO,EAAE,wBAAwB;IACjC,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC3B,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,EAAE;aACvB,KAAK,CAAC,QAAQ,CAAC;aACf,SAAS,CAAC,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;aACjE,MAAM,EAAE,CAAC;QACZ,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,UAAU,EAAE,KAAc;gBAC1B,KAAK,EAAE,iBAAiB;gBACxB,UAAU,EAAE,GAAG;aAChB,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO;gBACL,UAAU,EAAE,KAAc;gBAC1B,KAAK,EAAE,gBAAgB;gBACvB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,KAAK,CAAC,GAAG;aACnB,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,EAAE;aAC7B,KAAK,CAAC,kBAAkB,CAAC;aACzB,SAAS,CAAC,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;aAC1D,OAAO,EAAE,CAAC;QACb,MAAM,WAAW,GAAG,uBAAuB,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QAC3E,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,UAAU,KAAK,MAAM,EAAE,CAAC;YACtD,OAAO;gBACL,UAAU,EAAE,KAAc;gBAC1B,KAAK,EAAE,YAAY,IAAI,CAAC,WAAW,cAAc;gBACjD,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,KAAK,CAAC,GAAG;aACnB,CAAC;QACJ,CAAC;QAED,MAAM,gBAAgB,GAAG,MAAM,GAAG,CAAC,EAAE;aAClC,KAAK,CAAC,gBAAgB,CAAC;aACvB,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;aACzD,MAAM,EAAE,CAAC;QACZ,IAAI,gBAAgB,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC;YAClD,OAAO;gBACL,UAAU,EAAE,KAAc;gBAC1B,KAAK,EAAE,YAAY,IAAI,CAAC,WAAW,WAAW;gBAC9C,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,KAAK,CAAC,GAAG;aACnB,CAAC;QACJ,CAAC;QAED,MAAM,oBAAoB,GAAG,2BAA2B,CACtD,KAAK,CAAC,SAAS,EACf,WAAW,CAAC,UAAU,EACtB,WAAW,CAAC,eAAe,EAAE,eAAe,EAC5C,gBAAgB,EAAE,eAAe,CAClC,CAAC;QACF,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC/C,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,EAAE;aAC5B,KAAK,CAAC,WAAW,CAAC;aAClB,SAAS,CAAC,0BAA0B,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;aACxE,OAAO,EAAE,CAAC;QACb,MAAM,eAAe,GAAG,UAAU,CAAC,MAAM,CACvC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,SAAS,IAAI,UAAU,CACrC,CAAC,MAAM,CAAC;QACT,IAAI,eAAe,IAAI,oBAAoB,EAAE,CAAC;YAC5C,OAAO;gBACL,UAAU,EAAE,KAAc;gBAC1B,KAAK,EAAE,qBAAqB;gBAC5B,UAAU,EAAE,GAAG;gBACf,iBAAiB,EAAE,IAAI;gBACvB,OAAO,EAAE,KAAK,CAAC,GAAG;aACnB,CAAC;QACJ,CAAC;QAED,IACE,WAAW,CAAC,UAAU,KAAK,cAAc;YACzC,WAAW,CAAC,eAAe,EAAE,WAAW,KAAK,SAAS,EACtD,CAAC;YACD,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,IAAI,CAAC,CAAC;YAC9C,MAAM,aAAa,GAAG,UAAU;iBAC7B,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,SAAS,IAAI,UAAU,CAAC;iBAC5C,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAChE,IAAI,aAAa,GAAG,aAAa,GAAG,WAAW,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC;gBAC5E,OAAO;oBACL,UAAU,EAAE,KAAc;oBAC1B,KAAK,EAAE,uBAAuB;oBAC9B,UAAU,EAAE,GAAG;oBACf,iBAAiB,EAAE,IAAI;oBACvB,OAAO,EAAE,KAAK,CAAC,GAAG;iBACnB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE;YAC5B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;SACrB,CAAC,CAAC;QAEH,OAAO;YACL,UAAU,EAAE,IAAa;YACzB,OAAO,EAAE,KAAK,CAAC,GAAG;SACnB,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,QAAQ,CAAC;IAChC,IAAI,EAAE;QACJ,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC;QACvB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;QACvB,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE;QACb,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QAC3B,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;KACtB;IACD,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE;IACjB,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC3B,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE;YAC/B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,CAAC;IAClC,IAAI,EAAE;QACJ,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC;QACnC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACnC,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KAC9B;IACD,OAAO,EAAE,CAAC,CAAC,KAAK,CACd,CAAC,CAAC,MAAM,CAAC;QACP,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC;QACtB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC;QACvB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;QACvB,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE;QACb,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QAC3B,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;KACrB,CAAC,CACH;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QAE/B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAC7B,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,EAAE;iBACtB,KAAK,CAAC,WAAW,CAAC;iBAClB,SAAS,CAAC,0BAA0B,EAAE,CAAC,CAAC,EAAE,EAAE,CAC3C,CAAC,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,CACzB;iBACA,KAAK,CAAC,MAAM,CAAC;iBACb,IAAI,CAAC,KAAK,CAAC,CAAC;YAEf,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACtB,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAC,CAAC,CAAC;QACN,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,EAAE;aACtB,KAAK,CAAC,WAAW,CAAC;aAClB,KAAK,CAAC,MAAM,CAAC;aACb,IAAI,CAAC,KAAK,CAAC,CAAC;QACf,MAAM,YAAY,GAChB,IAAI,CAAC,WAAW,KAAK,SAAS;YAC5B,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW,CAAC;YAC5D,CAAC,CAAC,IAAI,CAAC;QAEX,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC9B,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,QAAQ,EAAE,CAAC,CAAC,QAAQ;SACrB,CAAC,CAAC,CAAC;IACN,CAAC;CACF,CAAC,CAAC;AAEH,SAAS,2BAA2B,CAClC,cAAsB,EACtB,cAA8B,EAC9B,eAAwB,EACxB,WAAoB;IAEpB,IAAI,SAAS,GAAG,cAAc,CAAC;IAC/B,IAAI,cAAc,KAAK,cAAc,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACvE,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IACnD,CAAC;IACD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAa;IACxC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,CAAC,CAAC;IACX,CAAC;IACD,IAAI,eAAe,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC"}
|
|
@@ -1,93 +1,39 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
}, Promise<import("convex/values").GenericId<"functionPermissions">>>;
|
|
16
|
-
/**
|
|
17
|
-
* Remove a specific permission.
|
|
18
|
-
*/
|
|
19
|
-
export declare const removePermission: import("convex/server").RegisteredMutation<"public", {
|
|
20
|
-
appName: string;
|
|
21
|
-
agentId: string;
|
|
22
|
-
functionPattern: string;
|
|
23
|
-
}, Promise<boolean>>;
|
|
24
|
-
/**
|
|
25
|
-
* Check permission for a specific function call.
|
|
26
|
-
* Applies pattern matching with specificity ordering (most specific pattern wins).
|
|
27
|
-
* Default: deny if no matching pattern is found.
|
|
28
|
-
*/
|
|
29
|
-
export declare const checkPermission: import("convex/server").RegisteredQuery<"public", {
|
|
30
|
-
appName: string;
|
|
31
|
-
functionName: string;
|
|
32
|
-
agentId: string;
|
|
33
|
-
}, Promise<{
|
|
34
|
-
permission: "deny";
|
|
35
|
-
rateLimitConfig?: undefined;
|
|
36
|
-
matchedPattern?: undefined;
|
|
37
|
-
} | {
|
|
38
|
-
permission: "allow" | "deny" | "rate_limited";
|
|
39
|
-
rateLimitConfig: {
|
|
40
|
-
requestsPerHour: number;
|
|
41
|
-
tokenBudget: number;
|
|
42
|
-
} | undefined;
|
|
43
|
-
matchedPattern: string;
|
|
44
|
-
}>>;
|
|
45
|
-
/**
|
|
46
|
-
* List all permissions for an agent on a specific app.
|
|
47
|
-
*/
|
|
48
|
-
export declare const listPermissions: import("convex/server").RegisteredQuery<"public", {
|
|
49
|
-
appName: string;
|
|
50
|
-
agentId: string;
|
|
1
|
+
export declare const setAgentPermissions: import("convex/server").RegisteredMutation<"public", {
|
|
2
|
+
agentId: import("convex/values").GenericId<"agents">;
|
|
3
|
+
availableFunctionKeys: string[];
|
|
4
|
+
rules: {
|
|
5
|
+
rateLimitConfig?: {
|
|
6
|
+
tokenBudget?: number | undefined;
|
|
7
|
+
requestsPerHour: number;
|
|
8
|
+
} | undefined;
|
|
9
|
+
permission: "allow" | "deny" | "rate_limited";
|
|
10
|
+
pattern: string;
|
|
11
|
+
}[];
|
|
12
|
+
}, Promise<number>>;
|
|
13
|
+
export declare const listAgentPermissions: import("convex/server").RegisteredQuery<"public", {
|
|
14
|
+
agentId: import("convex/values").GenericId<"agents">;
|
|
51
15
|
}, Promise<{
|
|
52
16
|
functionPattern: string;
|
|
53
17
|
permission: "allow" | "deny" | "rate_limited";
|
|
54
18
|
rateLimitConfig: {
|
|
19
|
+
tokenBudget?: number | undefined;
|
|
55
20
|
requestsPerHour: number;
|
|
56
|
-
tokenBudget: number;
|
|
57
21
|
} | undefined;
|
|
58
|
-
|
|
59
|
-
createdBy: string;
|
|
22
|
+
updatedAt: number;
|
|
60
23
|
}[]>>;
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
}, Promise<number>>;
|
|
68
|
-
/**
|
|
69
|
-
* Debug helper: show permission matching for a specific function call.
|
|
70
|
-
*/
|
|
71
|
-
export declare const debugMatchPermission: import("convex/server").RegisteredQuery<"public", {
|
|
72
|
-
appName: string;
|
|
73
|
-
functionName: string;
|
|
74
|
-
agentId: string;
|
|
75
|
-
}, Promise<{
|
|
76
|
-
functionName: string;
|
|
77
|
-
permissions: {
|
|
78
|
-
functionPattern: string;
|
|
79
|
-
permission: "allow" | "deny" | "rate_limited";
|
|
80
|
-
specificity: number;
|
|
24
|
+
export declare const setFunctionOverrides: import("convex/server").RegisteredMutation<"public", {
|
|
25
|
+
availableFunctionKeys: string[];
|
|
26
|
+
overrides: {
|
|
27
|
+
globalRateLimit?: number | undefined;
|
|
28
|
+
enabled: boolean;
|
|
29
|
+
key: string;
|
|
81
30
|
}[];
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
specificity: number;
|
|
91
|
-
};
|
|
92
|
-
}>>;
|
|
31
|
+
}, Promise<number>>;
|
|
32
|
+
export declare const listFunctionOverrides: import("convex/server").RegisteredQuery<"public", {}, Promise<{
|
|
33
|
+
_id: import("convex/values").GenericId<"agentFunctions">;
|
|
34
|
+
_creationTime: number;
|
|
35
|
+
globalRateLimit?: number | undefined;
|
|
36
|
+
enabled: boolean;
|
|
37
|
+
key: string;
|
|
38
|
+
}[]>>;
|
|
93
39
|
//# sourceMappingURL=permissions.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../src/component/permissions.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../src/component/permissions.ts"],"names":[],"mappings":"AAmBA,eAAO,MAAM,mBAAmB;;;;;;;;;;;mBAyC9B,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;KAkC/B,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;mBAsC/B,CAAC;AAEH,eAAO,MAAM,qBAAqB;;;;;;KAYhC,CAAC"}
|