@okrlinkhub/agent-bridge 0.1.0 → 2.0.0

package/src/component/_generated/api.ts

@@ -8,10 +8,10 @@
  * @module
  */
 
+import type * as agentBridgeUtils from "../agentBridgeUtils.js";
+import type * as agents from "../agents.js";
 import type * as gateway from "../gateway.js";
 import type * as permissions from "../permissions.js";
-import type * as provisioning from "../provisioning.js";
-import type * as registry from "../registry.js";
 
 import type {
   ApiFromModules,
@@ -21,10 +21,10 @@ import type {
 import { anyApi, componentsGeneric } from "convex/server";
 
 const fullApi: ApiFromModules<{
+  agentBridgeUtils: typeof agentBridgeUtils;
+  agents: typeof agents;
   gateway: typeof gateway;
   permissions: typeof permissions;
-  provisioning: typeof provisioning;
-  registry: typeof registry;
 }> = anyApi as any;
 
 /**

package/src/component/_generated/component.ts

@@ -23,258 +23,142 @@ import type { FunctionReference } from "convex/server";
  */
 export type ComponentApi<Name extends string | undefined = string | undefined> =
   {
-    gateway: {
-      authorizeRequest: FunctionReference<
-        "mutation",
-        "internal",
-        { appName: string; functionName: string; instanceToken: string },
-        | {
-            agentId: string;
-            appName: string;
-            authorized: true;
-            functionHandle: string;
-            functionType: "query" | "mutation" | "action";
-          }
-        | {
-            agentId?: string;
-            authorized: false;
-            error: string;
-            matchedPattern?: string;
-            matchedPermission?: "allow" | "deny" | "rate_limited";
-            statusCode: number;
-          },
-        Name
-      >;
-      logAccess: FunctionReference<
-        "mutation",
-        "internal",
-        {
-          agentId: string;
-          appName: string;
-          durationMs?: number;
-          errorMessage?: string;
-          functionCalled: string;
-          permission: string;
-        },
-        null,
-        Name
-      >;
-      queryAccessLog: FunctionReference<
-        "query",
-        "internal",
-        { agentId?: string; appName?: string; limit?: number },
-        Array<{
-          agentId: string;
-          appName: string;
-          durationMs?: number;
-          errorMessage?: string;
-          functionCalled: string;
-          permission: string;
-          timestamp: number;
-        }>,
-        Name
-      >;
-    };
-    permissions: {
-      checkPermission: FunctionReference<
-        "query",
-        "internal",
-        { agentId: string; appName: string; functionName: string },
-        {
-          matchedPattern?: string;
-          permission: "allow" | "deny" | "rate_limited";
-          rateLimitConfig?: { requestsPerHour: number; tokenBudget: number };
-        },
-        Name
-      >;
-      clearPermissions: FunctionReference<
+    agents: {
+      createAgent: FunctionReference<
         "mutation",
         "internal",
-        { agentId: string; appName: string },
-        number,
+        { apiKey: string; enabled?: boolean; name: string; rateLimit?: number },
+        { agentId: string },
         Name
       >;
-      debugMatchPermission: FunctionReference<
-        "query",
-        "internal",
-        { agentId: string; appName: string; functionName: string },
-        {
-          bestMatch?: {
-            functionPattern: string;
-            permission: "allow" | "deny" | "rate_limited";
-            specificity: number;
-          };
-          functionName: string;
-          matches: Array<{
-            functionPattern: string;
-            permission: "allow" | "deny" | "rate_limited";
-            specificity: number;
-          }>;
-          permissions: Array<{
-            functionPattern: string;
-            permission: "allow" | "deny" | "rate_limited";
-            specificity: number;
-          }>;
-        },
-        Name
-      >;
-      listPermissions: FunctionReference<
+      listAgents: FunctionReference<
         "query",
         "internal",
-        { agentId: string; appName: string },
+        {},
         Array<{
+          _id: string;
           createdAt: number;
-          createdBy: string;
-          functionPattern: string;
-          permission: "allow" | "deny" | "rate_limited";
-          rateLimitConfig?: { requestsPerHour: number; tokenBudget: number };
+          enabled: boolean;
+          lastUsed?: number;
+          name: string;
+          rateLimit: number;
         }>,
         Name
       >;
-      removePermission: FunctionReference<
+      rotateApiKey: FunctionReference<
         "mutation",
         "internal",
-        { agentId: string; appName: string; functionPattern: string },
-        boolean,
+        { agentId: string; newApiKey: string },
+        null,
         Name
       >;
-      setPermission: FunctionReference<
+      updateAgent: FunctionReference<
         "mutation",
         "internal",
         {
           agentId: string;
-          appName: string;
-          createdBy: string;
-          functionPattern: string;
-          permission: "allow" | "deny" | "rate_limited";
-          rateLimitConfig?: { requestsPerHour: number; tokenBudget: number };
+          enabled?: boolean;
+          name?: string;
+          rateLimit?: number;
         },
-        string,
+        null,
         Name
       >;
     };
-    provisioning: {
-      configure: FunctionReference<
+    gateway: {
+      authorizeRequest: FunctionReference<
         "mutation",
         "internal",
-        {
-          appName: string;
-          defaultPermissions: Array<{
-            pattern: string;
-            permission: "allow" | "deny" | "rate_limited";
-            rateLimitConfig?: { requestsPerHour: number; tokenBudget: number };
-          }>;
-        },
-        null,
+        { apiKey: string; estimatedCost?: number; functionKey: string },
+        | { agentId: string; authorized: true }
+        | {
+            agentId?: string;
+            authorized: false;
+            error: string;
+            retryAfterSeconds?: number;
+            statusCode: number;
+          },
         Name
       >;
-      generateProvisioningToken: FunctionReference<
+      logAccess: FunctionReference<
         "mutation",
         "internal",
         {
-          createdBy: string;
-          department: string;
-          employeeEmail: string;
-          expiresInDays?: number;
-          maxApps?: number;
+          agentId: string;
+          args: any;
+          duration: number;
+          error?: string;
+          functionKey: string;
+          result?: any;
+          timestamp: number;
         },
-        { expiresAt: number; token: string },
+        null,
         Name
       >;
-      listAgents: FunctionReference<
+      queryAccessLog: FunctionReference<
         "query",
         "internal",
-        { activeOnly?: boolean },
+        { agentId?: string; functionKey?: string; limit?: number },
         Array<{
+          _id: string;
           agentId: string;
-          department: string;
-          employeeEmail: string;
-          firstRegisteredAt: number;
-          isActive: boolean;
-          lastSeenAt: number;
-          revokedAt?: number;
-          revokedBy?: string;
+          args: any;
+          duration: number;
+          error?: string;
+          functionKey: string;
+          result?: any;
+          timestamp: number;
         }>,
         Name
       >;
-      provisionAgent: FunctionReference<
-        "mutation",
-        "internal",
-        { appName: string; provisioningToken: string },
-        {
-          agentId: string;
-          appName: string;
-          expiresAt: number;
-          instanceToken: string;
-          message: string;
-        },
-        Name
-      >;
-      refreshInstanceToken: FunctionReference<
-        "mutation",
-        "internal",
-        { agentId: string; appName: string; currentTokenHash: string },
-        { expiresAt: number; instanceToken: string },
-        Name
-      >;
-      revokeAgent: FunctionReference<
-        "mutation",
-        "internal",
-        { agentId: string; revokedBy: string },
-        boolean,
-        Name
-      >;
-      revokeAppInstance: FunctionReference<
-        "mutation",
-        "internal",
-        { agentId: string; appName: string },
-        boolean,
-        Name
-      >;
     };
-    registry: {
-      getHandle: FunctionReference<
+    permissions: {
+      listAgentPermissions: FunctionReference<
         "query",
         "internal",
-        { appName: string; functionName: string },
-        null | {
-          description?: string;
-          functionHandle: string;
-          functionName: string;
-          functionType: "query" | "mutation" | "action";
-        },
+        { agentId: string },
+        Array<{
+          functionPattern: string;
+          permission: "allow" | "deny" | "rate_limited";
+          rateLimitConfig?: { requestsPerHour: number; tokenBudget?: number };
+          updatedAt: number;
+        }>,
         Name
       >;
-      listFunctions: FunctionReference<
+      listFunctionOverrides: FunctionReference<
         "query",
         "internal",
-        { appName: string },
-        Array<{
-          description?: string;
-          functionName: string;
-          functionType: "query" | "mutation" | "action";
-          registeredAt: number;
-        }>,
+        {},
+        Array<{ enabled: boolean; globalRateLimit?: number; key: string }>,
         Name
       >;
-      register: FunctionReference<
+      setAgentPermissions: FunctionReference<
         "mutation",
         "internal",
         {
-          appName: string;
-          description?: string;
-          functionHandle: string;
-          functionName: string;
-          functionType: "query" | "mutation" | "action";
+          agentId: string;
+          availableFunctionKeys: Array<string>;
+          rules: Array<{
+            pattern: string;
+            permission: "allow" | "deny" | "rate_limited";
+            rateLimitConfig?: { requestsPerHour: number; tokenBudget?: number };
+          }>;
         },
-        string,
+        number,
         Name
       >;
-      unregister: FunctionReference<
+      setFunctionOverrides: FunctionReference<
         "mutation",
         "internal",
-        { appName: string; functionName: string },
-        boolean,
+        {
+          availableFunctionKeys: Array<string>;
+          overrides: Array<{
+            enabled: boolean;
+            globalRateLimit?: number;
+            key: string;
+          }>;
+        },
+        number,
         Name
       >;
     };

package/src/component/agentBridgeUtils.ts

@@ -0,0 +1,52 @@
+import type { Doc } from "./_generated/dataModel.js";
+
+export type PermissionType = "allow" | "deny" | "rate_limited";
+
+export async function hashApiKey(apiKey: string): Promise<string> {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(apiKey);
+  const hash = await crypto.subtle.digest("SHA-256", data);
+  return Array.from(new Uint8Array(hash))
+    .map((byte) => byte.toString(16).padStart(2, "0"))
+    .join("");
+}
+
+export function matchesPattern(functionKey: string, pattern: string): boolean {
+  if (pattern === "*") {
+    return true;
+  }
+
+  const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&");
+  const regexPattern = "^" + escaped.replace(/\*/g, ".*") + "$";
+  return new RegExp(regexPattern).test(functionKey);
+}
+
+export function patternSpecificity(pattern: string): number {
+  const wildcardIndex = pattern.indexOf("*");
+  if (wildcardIndex === -1) {
+    return pattern.length;
+  }
+  return wildcardIndex;
+}
+
+export function findBestPermissionMatch(
+  functionKey: string,
+  permissions: Array<Doc<"agentPermissions">>,
+): Doc<"agentPermissions"> | null {
+  const matches = permissions
+    .filter((permission) => matchesPattern(functionKey, permission.functionPattern))
+    .sort(
+      (a, b) =>
+        patternSpecificity(b.functionPattern) - patternSpecificity(a.functionPattern),
+    );
+  return matches[0] ?? null;
+}
+
+export function patternMatchesAvailableFunctions(
+  pattern: string,
+  availableFunctionKeys: string[],
+): boolean {
+  return availableFunctionKeys.some((functionKey) =>
+    matchesPattern(functionKey, pattern),
+  );
+}

package/src/component/agents.ts

@@ -0,0 +1,106 @@
+import { v } from "convex/values";
+import { mutation, query } from "./_generated/server.js";
+import { hashApiKey } from "./agentBridgeUtils.js";
+
+export const createAgent = mutation({
+  args: {
+    name: v.string(),
+    apiKey: v.string(),
+    enabled: v.optional(v.boolean()),
+    rateLimit: v.optional(v.number()),
+  },
+  returns: v.object({
+    agentId: v.id("agents"),
+  }),
+  handler: async (ctx, args) => {
+    const apiKeyHash = await hashApiKey(args.apiKey);
+    const existing = await ctx.db
+      .query("agents")
+      .withIndex("by_apiKeyHash", (q) => q.eq("apiKeyHash", apiKeyHash))
+      .unique();
+
+    if (existing) {
+      throw new Error("An agent with this API key already exists");
+    }
+
+    const agentId = await ctx.db.insert("agents", {
+      name: args.name,
+      apiKeyHash,
+      enabled: args.enabled ?? true,
+      rateLimit: args.rateLimit ?? 1000,
+      createdAt: Date.now(),
+    });
+
+    return { agentId };
+  },
+});
+
+export const rotateApiKey = mutation({
+  args: {
+    agentId: v.id("agents"),
+    newApiKey: v.string(),
+  },
+  returns: v.null(),
+  handler: async (ctx, args) => {
+    const agent = await ctx.db.get(args.agentId);
+    if (!agent) {
+      throw new Error("Agent not found");
+    }
+
+    const newApiKeyHash = await hashApiKey(args.newApiKey);
+    await ctx.db.patch(args.agentId, {
+      apiKeyHash: newApiKeyHash,
+    });
+
+    return null;
+  },
+});
+
+export const updateAgent = mutation({
+  args: {
+    agentId: v.id("agents"),
+    name: v.optional(v.string()),
+    enabled: v.optional(v.boolean()),
+    rateLimit: v.optional(v.number()),
+  },
+  returns: v.null(),
+  handler: async (ctx, args) => {
+    const agent = await ctx.db.get(args.agentId);
+    if (!agent) {
+      throw new Error("Agent not found");
+    }
+
+    await ctx.db.patch(args.agentId, {
+      name: args.name ?? agent.name,
+      enabled: args.enabled ?? agent.enabled,
+      rateLimit: args.rateLimit ?? agent.rateLimit,
+    });
+
+    return null;
+  },
+});
+
+export const listAgents = query({
+  args: {},
+  returns: v.array(
+    v.object({
+      _id: v.id("agents"),
+      name: v.string(),
+      enabled: v.boolean(),
+      rateLimit: v.number(),
+      lastUsed: v.optional(v.number()),
+      createdAt: v.number(),
+    }),
+  ),
+  handler: async (ctx) => {
+    const agents = await ctx.db.query("agents").collect();
+    return agents.map((agent) => ({
+      _id: agent._id,
+      name: agent.name,
+      enabled: agent.enabled,
+      rateLimit: agent.rateLimit,
+      lastUsed: agent.lastUsed,
+      createdAt: agent.createdAt,
+    }));
+  },
+});