@pikku/core 0.12.2 → 0.12.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +18 -0
- package/dist/crypto-utils.d.ts +10 -0
- package/dist/crypto-utils.js +62 -0
- package/dist/function/function-runner.js +4 -4
- package/dist/function/functions.types.d.ts +26 -1
- package/dist/function/functions.types.js +16 -0
- package/dist/handle-error.d.ts +1 -1
- package/dist/handle-error.js +7 -3
- package/dist/index.d.ts +14 -2
- package/dist/index.js +1 -1
- package/dist/pikku-state.js +3 -1
- package/dist/schema.js +1 -1
- package/dist/services/in-memory-workflow-service.d.ts +8 -2
- package/dist/services/in-memory-workflow-service.js +28 -1
- package/dist/services/workflow-service.d.ts +8 -2
- package/dist/testing/index.d.ts +2 -0
- package/dist/testing/index.js +1 -0
- package/dist/testing/service-tests.d.ts +31 -0
- package/dist/testing/service-tests.js +598 -0
- package/dist/types/core.types.d.ts +9 -1
- package/dist/types/state.types.d.ts +4 -2
- package/dist/utils/hash.d.ts +2 -0
- package/dist/utils/hash.js +23 -0
- package/dist/wirings/ai-agent/agent-dynamic-workflow.d.ts +6 -0
- package/dist/wirings/ai-agent/agent-dynamic-workflow.js +348 -0
- package/dist/wirings/ai-agent/ai-agent-memory.d.ts +1 -1
- package/dist/wirings/ai-agent/ai-agent-memory.js +6 -5
- package/dist/wirings/ai-agent/ai-agent-prepare.d.ts +10 -7
- package/dist/wirings/ai-agent/ai-agent-prepare.js +127 -47
- package/dist/wirings/ai-agent/ai-agent-runner.d.ts +4 -0
- package/dist/wirings/ai-agent/ai-agent-runner.js +381 -27
- package/dist/wirings/ai-agent/ai-agent-stream.d.ts +7 -2
- package/dist/wirings/ai-agent/ai-agent-stream.js +109 -46
- package/dist/wirings/ai-agent/ai-agent.types.d.ts +22 -1
- package/dist/wirings/ai-agent/index.d.ts +1 -2
- package/dist/wirings/ai-agent/index.js +1 -2
- package/dist/wirings/channel/channel-handler.js +5 -1
- package/dist/wirings/channel/channel.types.d.ts +1 -7
- package/dist/wirings/channel/local/local-channel-handler.d.ts +1 -1
- package/dist/wirings/channel/local/local-channel-handler.js +5 -3
- package/dist/wirings/channel/local/local-channel-runner.js +14 -4
- package/dist/wirings/channel/serverless/serverless-channel-runner.js +4 -1
- package/dist/wirings/cli/cli-runner.js +10 -2
- package/dist/wirings/cli/cli.types.d.ts +1 -0
- package/dist/wirings/http/http-routes.js +0 -1
- package/dist/wirings/http/http-runner.d.ts +1 -1
- package/dist/wirings/http/http-runner.js +25 -3
- package/dist/wirings/http/http.types.d.ts +3 -11
- package/dist/wirings/http/index.d.ts +2 -1
- package/dist/wirings/http/index.js +1 -0
- package/dist/wirings/http/pikku-fetch-http-request.d.ts +1 -0
- package/dist/wirings/http/pikku-fetch-http-request.js +3 -0
- package/dist/wirings/http/pikku-fetch-http-response.d.ts +1 -0
- package/dist/wirings/http/pikku-fetch-http-response.js +4 -4
- package/dist/wirings/http/web-request.d.ts +12 -0
- package/dist/wirings/http/web-request.js +85 -0
- package/dist/wirings/mcp/mcp-endpoint-registry.js +1 -1
- package/dist/wirings/mcp/mcp-runner.js +13 -1
- package/dist/wirings/rpc/rpc-runner.d.ts +30 -6
- package/dist/wirings/rpc/rpc-runner.js +36 -14
- package/dist/wirings/rpc/rpc-types.d.ts +6 -1
- package/dist/wirings/rpc/wire-addon.d.ts +1 -0
- package/dist/wirings/rpc/wire-addon.js +1 -1
- package/dist/wirings/scheduler/scheduler-runner.js +1 -0
- package/dist/wirings/workflow/graph/graph-validation.d.ts +3 -0
- package/dist/wirings/workflow/graph/graph-validation.js +175 -0
- package/dist/wirings/workflow/graph/index.d.ts +1 -0
- package/dist/wirings/workflow/graph/index.js +1 -0
- package/dist/wirings/workflow/index.d.ts +1 -1
- package/dist/wirings/workflow/pikku-workflow-service.d.ts +8 -2
- package/dist/wirings/workflow/pikku-workflow-service.js +1 -2
- package/dist/wirings/workflow/workflow.types.d.ts +10 -1
- package/package.json +4 -2
- package/src/crypto-utils.test.ts +99 -1
- package/src/crypto-utils.ts +114 -0
- package/src/function/function-runner.ts +5 -5
- package/src/function/functions.types.ts +38 -1
- package/src/handle-error.test.ts +65 -2
- package/src/handle-error.ts +8 -4
- package/src/index.ts +14 -0
- package/src/pikku-state.ts +3 -1
- package/src/schema.ts +1 -1
- package/src/services/in-memory-workflow-service.ts +45 -2
- package/src/services/workflow-service.ts +12 -1
- package/src/testing/index.ts +2 -0
- package/src/testing/service-tests.ts +873 -0
- package/src/types/core.types.ts +9 -1
- package/src/types/state.types.ts +4 -2
- package/src/utils/hash.test.ts +68 -0
- package/src/utils/hash.ts +26 -0
- package/src/wirings/ai-agent/agent-dynamic-workflow.ts +469 -0
- package/src/wirings/ai-agent/ai-agent-memory.ts +7 -6
- package/src/wirings/ai-agent/ai-agent-prepare.ts +175 -61
- package/src/wirings/ai-agent/ai-agent-runner.test.ts +3 -1
- package/src/wirings/ai-agent/ai-agent-runner.ts +553 -31
- package/src/wirings/ai-agent/ai-agent-stream.test.ts +209 -2
- package/src/wirings/ai-agent/ai-agent-stream.ts +182 -89
- package/src/wirings/ai-agent/ai-agent.types.ts +23 -1
- package/src/wirings/ai-agent/index.ts +1 -5
- package/src/wirings/channel/channel-handler.ts +11 -2
- package/src/wirings/channel/channel.types.ts +1 -7
- package/src/wirings/channel/local/local-channel-handler.ts +5 -3
- package/src/wirings/channel/local/local-channel-runner.ts +17 -7
- package/src/wirings/channel/serverless/serverless-channel-runner.ts +4 -1
- package/src/wirings/cli/cli-runner.ts +12 -2
- package/src/wirings/cli/cli.types.ts +1 -0
- package/src/wirings/http/http-routes.ts +0 -1
- package/src/wirings/http/http-runner.ts +35 -10
- package/src/wirings/http/http.types.ts +3 -12
- package/src/wirings/http/index.ts +3 -0
- package/src/wirings/http/pikku-fetch-http-request.ts +4 -0
- package/src/wirings/http/pikku-fetch-http-response.ts +4 -4
- package/src/wirings/http/web-request.test.ts +236 -0
- package/src/wirings/http/web-request.ts +104 -0
- package/src/wirings/mcp/mcp-endpoint-registry.ts +1 -1
- package/src/wirings/mcp/mcp-runner.ts +30 -12
- package/src/wirings/rpc/rpc-runner.ts +45 -24
- package/src/wirings/rpc/rpc-types.ts +6 -1
- package/src/wirings/rpc/wire-addon.ts +2 -1
- package/src/wirings/scheduler/scheduler-runner.ts +1 -0
- package/src/wirings/workflow/graph/graph-validation.test.ts +170 -0
- package/src/wirings/workflow/graph/graph-validation.ts +237 -0
- package/src/wirings/workflow/graph/index.ts +5 -0
- package/src/wirings/workflow/index.ts +1 -0
- package/src/wirings/workflow/pikku-workflow-service.ts +14 -3
- package/src/wirings/workflow/workflow.types.ts +9 -1
- package/tsconfig.tsbuildinfo +1 -1
- package/dist/wirings/ai-agent/ai-agent-assistant-ui.d.ts +0 -5
- package/dist/wirings/ai-agent/ai-agent-assistant-ui.js +0 -168
- package/src/wirings/ai-agent/ai-agent-assistant-ui.test.ts +0 -363
- package/src/wirings/ai-agent/ai-agent-assistant-ui.ts +0 -238
|
@@ -0,0 +1,175 @@
|
|
|
1
|
+
import { pikkuState } from '../../../pikku-state.js';
|
|
2
|
+
import { resolveNamespace } from '../../rpc/rpc-runner.js';
|
|
3
|
+
function normalizeTargets(value) {
|
|
4
|
+
if (!value)
|
|
5
|
+
return [];
|
|
6
|
+
if (typeof value === 'string')
|
|
7
|
+
return [value];
|
|
8
|
+
if (Array.isArray(value))
|
|
9
|
+
return value.filter((v) => typeof v === 'string');
|
|
10
|
+
if (typeof value === 'object') {
|
|
11
|
+
const targets = [];
|
|
12
|
+
for (const v of Object.values(value)) {
|
|
13
|
+
targets.push(...normalizeTargets(v));
|
|
14
|
+
}
|
|
15
|
+
return targets;
|
|
16
|
+
}
|
|
17
|
+
return [];
|
|
18
|
+
}
|
|
19
|
+
function collectRefs(value, refs) {
|
|
20
|
+
if (typeof value === 'object' &&
|
|
21
|
+
value !== null &&
|
|
22
|
+
'$ref' in value &&
|
|
23
|
+
typeof value.$ref === 'string') {
|
|
24
|
+
refs.add(value.$ref);
|
|
25
|
+
return;
|
|
26
|
+
}
|
|
27
|
+
if (Array.isArray(value)) {
|
|
28
|
+
for (const item of value)
|
|
29
|
+
collectRefs(item, refs);
|
|
30
|
+
return;
|
|
31
|
+
}
|
|
32
|
+
if (typeof value === 'object' && value !== null) {
|
|
33
|
+
for (const v of Object.values(value))
|
|
34
|
+
collectRefs(v, refs);
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
function resolveToolMeta(toolName) {
|
|
38
|
+
const resolved = toolName.includes(':') ? resolveNamespace(toolName) : null;
|
|
39
|
+
if (resolved) {
|
|
40
|
+
const fnMeta = pikkuState(resolved.package, 'function', 'meta')[resolved.function];
|
|
41
|
+
const schemas = pikkuState(resolved.package, 'misc', 'schemas');
|
|
42
|
+
return fnMeta ? { fnMeta, schemas } : null;
|
|
43
|
+
}
|
|
44
|
+
const rpcMeta = pikkuState(null, 'rpc', 'meta');
|
|
45
|
+
const pikkuFuncId = rpcMeta[toolName];
|
|
46
|
+
if (!pikkuFuncId)
|
|
47
|
+
return null;
|
|
48
|
+
const fnMeta = pikkuState(null, 'function', 'meta')[pikkuFuncId];
|
|
49
|
+
const schemas = pikkuState(null, 'misc', 'schemas');
|
|
50
|
+
return fnMeta ? { fnMeta, schemas } : null;
|
|
51
|
+
}
|
|
52
|
+
export function computeEntryNodeIds(nodes) {
|
|
53
|
+
const referenced = new Set();
|
|
54
|
+
for (const node of Object.values(nodes)) {
|
|
55
|
+
if (node.next) {
|
|
56
|
+
for (const target of normalizeTargets(node.next)) {
|
|
57
|
+
referenced.add(target);
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
if (node.onError) {
|
|
61
|
+
for (const target of normalizeTargets(node.onError)) {
|
|
62
|
+
referenced.add(target);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
return Object.keys(nodes).filter((id) => !referenced.has(id));
|
|
67
|
+
}
|
|
68
|
+
export function validateWorkflowWiring(nodes, toolNames) {
|
|
69
|
+
const errors = [];
|
|
70
|
+
const nodeIds = new Set(Object.keys(nodes));
|
|
71
|
+
const toolSet = new Set(toolNames);
|
|
72
|
+
for (const [nodeId, node] of Object.entries(nodes)) {
|
|
73
|
+
if (!node.rpcName) {
|
|
74
|
+
errors.push(`Node '${nodeId}' is missing 'rpcName'`);
|
|
75
|
+
continue;
|
|
76
|
+
}
|
|
77
|
+
if (!toolSet.has(node.rpcName)) {
|
|
78
|
+
errors.push(`Node '${nodeId}' references unknown tool '${node.rpcName}'. Available tools: ${toolNames.join(', ')}`);
|
|
79
|
+
continue;
|
|
80
|
+
}
|
|
81
|
+
const nextTargets = normalizeTargets(node.next);
|
|
82
|
+
for (const target of nextTargets) {
|
|
83
|
+
if (!nodeIds.has(target)) {
|
|
84
|
+
errors.push(`Node '${nodeId}' routes to unknown node '${target}' in 'next'`);
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
const errorTargets = normalizeTargets(node.onError);
|
|
88
|
+
for (const target of errorTargets) {
|
|
89
|
+
if (!nodeIds.has(target)) {
|
|
90
|
+
errors.push(`Node '${nodeId}' routes to unknown node '${target}' in 'onError'`);
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
if (!node.input)
|
|
94
|
+
continue;
|
|
95
|
+
const refs = new Set();
|
|
96
|
+
collectRefs(node.input, refs);
|
|
97
|
+
for (const ref of refs) {
|
|
98
|
+
if (ref === 'trigger' || ref === '$item') {
|
|
99
|
+
const targetMeta = resolveToolMeta(node.rpcName);
|
|
100
|
+
if (targetMeta?.fnMeta?.inputSchemaName) {
|
|
101
|
+
const targetSchema = targetMeta.schemas.get(targetMeta.fnMeta.inputSchemaName);
|
|
102
|
+
if (targetSchema?.properties) {
|
|
103
|
+
for (const [field, fieldValue] of Object.entries(node.input)) {
|
|
104
|
+
if (typeof fieldValue === 'object' &&
|
|
105
|
+
fieldValue !== null &&
|
|
106
|
+
fieldValue.$ref === ref &&
|
|
107
|
+
!fieldValue.path) {
|
|
108
|
+
const targetType = targetSchema.properties[field]?.type;
|
|
109
|
+
if (targetType && targetType !== 'object') {
|
|
110
|
+
errors.push(`Node '${nodeId}' input field '${field}' expects type '${targetType}', but references the whole ${ref} object without a path. Use { $ref: "${ref}", path: "${field}" } to extract the field.`);
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
continue;
|
|
117
|
+
}
|
|
118
|
+
if (!nodeIds.has(ref)) {
|
|
119
|
+
errors.push(`Node '${nodeId}' references unknown node '${ref}' in input`);
|
|
120
|
+
continue;
|
|
121
|
+
}
|
|
122
|
+
const sourceNode = nodes[ref];
|
|
123
|
+
if (!sourceNode?.rpcName)
|
|
124
|
+
continue;
|
|
125
|
+
const sourceMeta = resolveToolMeta(sourceNode.rpcName);
|
|
126
|
+
if (!sourceMeta?.fnMeta?.outputSchemaName)
|
|
127
|
+
continue;
|
|
128
|
+
const sourceSchema = sourceMeta.schemas.get(sourceMeta.fnMeta.outputSchemaName);
|
|
129
|
+
if (!sourceSchema?.properties)
|
|
130
|
+
continue;
|
|
131
|
+
for (const [field, fieldValue] of Object.entries(node.input)) {
|
|
132
|
+
if (typeof fieldValue === 'object' &&
|
|
133
|
+
fieldValue !== null &&
|
|
134
|
+
fieldValue.$ref === ref &&
|
|
135
|
+
fieldValue.path) {
|
|
136
|
+
const pathRoot = fieldValue.path.split('.')[0];
|
|
137
|
+
if (sourceSchema.properties &&
|
|
138
|
+
!(pathRoot in sourceSchema.properties)) {
|
|
139
|
+
errors.push(`Node '${nodeId}' input field '${field}' references path '${fieldValue.path}' but node '${ref}' (${sourceNode.rpcName}) output has no property '${pathRoot}'`);
|
|
140
|
+
continue;
|
|
141
|
+
}
|
|
142
|
+
const targetMeta = resolveToolMeta(node.rpcName);
|
|
143
|
+
if (!targetMeta?.fnMeta?.inputSchemaName)
|
|
144
|
+
continue;
|
|
145
|
+
const targetSchema = targetMeta.schemas.get(targetMeta.fnMeta.inputSchemaName);
|
|
146
|
+
if (!targetSchema?.properties?.[field])
|
|
147
|
+
continue;
|
|
148
|
+
const sourceType = sourceSchema.properties[pathRoot]?.type;
|
|
149
|
+
const targetType = targetSchema.properties[field].type;
|
|
150
|
+
if (sourceType && targetType && sourceType !== targetType) {
|
|
151
|
+
errors.push(`Node '${nodeId}' input field '${field}' expects type '${targetType}', but node '${ref}' output field '${pathRoot}' is type '${sourceType}'`);
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
return errors;
|
|
158
|
+
}
|
|
159
|
+
export function generateMermaidDiagram(workflowName, nodes, entryNodeIds) {
|
|
160
|
+
const lines = ['graph TD'];
|
|
161
|
+
for (const [nodeId, node] of Object.entries(nodes)) {
|
|
162
|
+
const label = node.rpcName || nodeId;
|
|
163
|
+
const isEntry = entryNodeIds.includes(nodeId);
|
|
164
|
+
lines.push(` ${nodeId}${isEntry ? '([' : '['}${label}${isEntry ? '])' : ']'}`);
|
|
165
|
+
const nextTargets = normalizeTargets(node.next);
|
|
166
|
+
for (const target of nextTargets) {
|
|
167
|
+
lines.push(` ${nodeId} --> ${target}`);
|
|
168
|
+
}
|
|
169
|
+
const errorTargets = normalizeTargets(node.onError);
|
|
170
|
+
for (const target of errorTargets) {
|
|
171
|
+
lines.push(` ${nodeId} -.->|error| ${target}`);
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
return lines.join('\n');
|
|
175
|
+
}
|
|
@@ -2,3 +2,4 @@ export { continueGraph, executeGraphStep, onGraphNodeComplete, runFromMeta, runW
|
|
|
2
2
|
export { template } from './template.js';
|
|
3
3
|
export type { TemplateString } from './template.js';
|
|
4
4
|
export { pikkuWorkflowGraph, type PikkuWorkflowGraphConfig, type PikkuWorkflowGraphResult, } from './wire-workflow-graph.js';
|
|
5
|
+
export { validateWorkflowWiring, computeEntryNodeIds, generateMermaidDiagram, } from './graph-validation.js';
|
|
@@ -1,3 +1,4 @@
|
|
|
1
1
|
export { continueGraph, executeGraphStep, onGraphNodeComplete, runFromMeta, runWorkflowGraph, } from './graph-runner.js';
|
|
2
2
|
export { template } from './template.js';
|
|
3
3
|
export { pikkuWorkflowGraph, } from './wire-workflow-graph.js';
|
|
4
|
+
export { validateWorkflowWiring, computeEntryNodeIds, generateMermaidDiagram, } from './graph-validation.js';
|
|
@@ -6,5 +6,5 @@ export { addWorkflow } from './dsl/workflow-runner.js';
|
|
|
6
6
|
export { template, type TemplateString } from './graph/template.js';
|
|
7
7
|
export { pikkuWorkflowGraph, type PikkuWorkflowGraphConfig, type PikkuWorkflowGraphResult, } from './graph/wire-workflow-graph.js';
|
|
8
8
|
export { workflow, workflowStart, workflowStatus, graphStart, } from './workflow-helpers.js';
|
|
9
|
-
export type { WorkflowService, WorkflowServiceConfig, WorkflowRunWire, WorkflowStatus, StepStatus, WorkflowRun, StepState, WorkflowRunService, CoreWorkflow, PikkuWorkflow, ContextVariable, WorkflowContext, WorkflowsMeta, WorkflowRuntimeMeta, WorkflowsRuntimeMeta, WorkflowStepInput, WorkflowOrchestratorInput, WorkflowSleeperInput, } from './workflow.types.js';
|
|
9
|
+
export type { WorkflowService, WorkflowServiceConfig, WorkflowRunWire, WorkflowStatus, WorkflowVersionStatus, StepStatus, WorkflowRun, StepState, WorkflowRunService, CoreWorkflow, PikkuWorkflow, ContextVariable, WorkflowContext, WorkflowsMeta, WorkflowRuntimeMeta, WorkflowsRuntimeMeta, WorkflowStepInput, WorkflowOrchestratorInput, WorkflowSleeperInput, } from './workflow.types.js';
|
|
10
10
|
export type { WorkflowStepOptions, WorkflowWireDoRPC, WorkflowWireDoInline, WorkflowWireSleep, WorkflowWireSuspend, InputSource, OutputBinding, RpcStepMeta, SimpleCondition, Condition, BranchCase, BranchStepMeta, ParallelGroupStepMeta, FanoutStepMeta, ReturnStepMeta, InlineStepMeta, SleepStepMeta, CancelStepMeta, SetStepMeta, SwitchCaseMeta, SwitchStepMeta, FilterStepMeta, ArrayPredicateStepMeta, WorkflowStepMeta, WorkflowStepWire, PikkuWorkflowWire, } from './workflow.types.js';
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { SerializedError } from '../../types/core.types.js';
|
|
2
|
-
import type { StepState, WorkflowRun, WorkflowRunWire, WorkflowStatus, WorkflowStepOptions } from './workflow.types.js';
|
|
2
|
+
import type { StepState, WorkflowRun, WorkflowRunWire, WorkflowStatus, WorkflowVersionStatus, WorkflowStepOptions } from './workflow.types.js';
|
|
3
3
|
import type { WorkflowService } from '../../services/workflow-service.js';
|
|
4
4
|
import { PikkuError } from '../../errors/error-handler.js';
|
|
5
5
|
/**
|
|
@@ -197,11 +197,17 @@ export declare abstract class PikkuWorkflowService implements WorkflowService {
|
|
|
197
197
|
* @returns The state object with all variables
|
|
198
198
|
*/
|
|
199
199
|
abstract getRunState(runId: string): Promise<Record<string, unknown>>;
|
|
200
|
-
abstract upsertWorkflowVersion(name: string, graphHash: string, graph: any, source: string): Promise<void>;
|
|
200
|
+
abstract upsertWorkflowVersion(name: string, graphHash: string, graph: any, source: string, status?: WorkflowVersionStatus): Promise<void>;
|
|
201
|
+
abstract updateWorkflowVersionStatus(name: string, graphHash: string, status: WorkflowVersionStatus): Promise<void>;
|
|
201
202
|
abstract getWorkflowVersion(name: string, graphHash: string): Promise<{
|
|
202
203
|
graph: any;
|
|
203
204
|
source: string;
|
|
204
205
|
} | null>;
|
|
206
|
+
abstract getAIGeneratedWorkflows(agentName?: string): Promise<Array<{
|
|
207
|
+
workflowName: string;
|
|
208
|
+
graphHash: string;
|
|
209
|
+
graph: any;
|
|
210
|
+
}>>;
|
|
205
211
|
/**
|
|
206
212
|
* Resume a paused workflow by triggering the orchestrator
|
|
207
213
|
* @param runId - Run ID
|
|
@@ -162,8 +162,7 @@ export class PikkuWorkflowService {
|
|
|
162
162
|
if (!workflowMeta) {
|
|
163
163
|
throw new WorkflowNotFoundError(name);
|
|
164
164
|
}
|
|
165
|
-
|
|
166
|
-
if (workflowMeta.source === 'graph') {
|
|
165
|
+
if (workflowMeta.source === 'graph' || workflowMeta.source === 'ai-agent') {
|
|
167
166
|
const shouldInline = options?.inline || !getSingletonServices()?.queueService;
|
|
168
167
|
return runWorkflowGraph(this, name, input, rpcService, shouldInline, options?.startNode, wire);
|
|
169
168
|
}
|
|
@@ -19,6 +19,10 @@ export interface WorkflowServiceConfig {
|
|
|
19
19
|
* Workflow run status
|
|
20
20
|
*/
|
|
21
21
|
export type WorkflowStatus = 'running' | 'suspended' | 'completed' | 'failed' | 'cancelled';
|
|
22
|
+
/**
|
|
23
|
+
* Workflow version status (for AI-generated workflows)
|
|
24
|
+
*/
|
|
25
|
+
export type WorkflowVersionStatus = 'draft' | 'active' | 'declined';
|
|
22
26
|
/**
|
|
23
27
|
* Workflow step status
|
|
24
28
|
*/
|
|
@@ -102,6 +106,11 @@ export interface WorkflowRunService {
|
|
|
102
106
|
graph: any;
|
|
103
107
|
source: string;
|
|
104
108
|
} | null>;
|
|
109
|
+
getAIGeneratedWorkflows(agentName?: string): Promise<Array<{
|
|
110
|
+
workflowName: string;
|
|
111
|
+
graphHash: string;
|
|
112
|
+
graph: any;
|
|
113
|
+
}>>;
|
|
105
114
|
deleteRun(id: string): Promise<boolean>;
|
|
106
115
|
}
|
|
107
116
|
/**
|
|
@@ -167,7 +176,7 @@ export interface WorkflowRuntimeMeta {
|
|
|
167
176
|
/** Pikku function name (for execution) */
|
|
168
177
|
pikkuFuncId: string;
|
|
169
178
|
/** Source type: 'dsl' (serializable), 'complex' (has inline steps), 'graph' */
|
|
170
|
-
source: 'dsl' | 'complex' | 'graph';
|
|
179
|
+
source: 'dsl' | 'complex' | 'graph' | 'ai-agent';
|
|
171
180
|
/** Optional description */
|
|
172
181
|
description?: string;
|
|
173
182
|
/** Tags for organization */
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pikku/core",
|
|
3
|
-
"version": "0.12.
|
|
3
|
+
"version": "0.12.3",
|
|
4
4
|
"author": "yasser.fadl@gmail.com",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"module": "dist/index.js",
|
|
@@ -41,8 +41,10 @@
|
|
|
41
41
|
"./services": "./dist/services/index.js",
|
|
42
42
|
"./services/local-content": "./dist/services/local-content.js",
|
|
43
43
|
"./services/gopass-secrets": "./dist/services/gopass-secrets.js",
|
|
44
|
+
"./crypto-utils": "./dist/crypto-utils.js",
|
|
44
45
|
"./internal": "./dist/internal.js",
|
|
45
|
-
"./schema": "./dist/schema.js"
|
|
46
|
+
"./schema": "./dist/schema.js",
|
|
47
|
+
"./testing": "./dist/testing/index.js"
|
|
46
48
|
},
|
|
47
49
|
"dependencies": {
|
|
48
50
|
"@standard-schema/spec": "^1.1.0",
|
package/src/crypto-utils.test.ts
CHANGED
|
@@ -1,6 +1,15 @@
|
|
|
1
1
|
import { describe, test } from 'node:test'
|
|
2
2
|
import assert from 'node:assert'
|
|
3
|
-
import {
|
|
3
|
+
import {
|
|
4
|
+
encryptJSON,
|
|
5
|
+
decryptJSON,
|
|
6
|
+
generateDEK,
|
|
7
|
+
wrapDEK,
|
|
8
|
+
unwrapDEK,
|
|
9
|
+
envelopeEncrypt,
|
|
10
|
+
envelopeDecrypt,
|
|
11
|
+
envelopeRewrap,
|
|
12
|
+
} from './crypto-utils.js'
|
|
4
13
|
|
|
5
14
|
describe('encryptJSON / decryptJSON', () => {
|
|
6
15
|
const secret = 'test-secret-key-for-encryption'
|
|
@@ -114,3 +123,92 @@ describe('encryptJSON / decryptJSON', () => {
|
|
|
114
123
|
assert.deepStrictEqual(decrypted, original)
|
|
115
124
|
})
|
|
116
125
|
})
|
|
126
|
+
|
|
127
|
+
describe('envelope encryption', () => {
|
|
128
|
+
const kek = 'my-key-encryption-key'
|
|
129
|
+
|
|
130
|
+
test('generateDEK produces unique keys', async () => {
|
|
131
|
+
const dek1 = await generateDEK()
|
|
132
|
+
const dek2 = await generateDEK()
|
|
133
|
+
assert.notStrictEqual(dek1, dek2)
|
|
134
|
+
assert.ok(dek1.length > 0)
|
|
135
|
+
})
|
|
136
|
+
|
|
137
|
+
test('wrapDEK / unwrapDEK round-trip', async () => {
|
|
138
|
+
const dek = await generateDEK()
|
|
139
|
+
const wrapped = await wrapDEK(kek, dek)
|
|
140
|
+
const unwrapped = await unwrapDEK(kek, wrapped)
|
|
141
|
+
assert.strictEqual(unwrapped, dek)
|
|
142
|
+
})
|
|
143
|
+
|
|
144
|
+
test('unwrapDEK fails with wrong KEK', async () => {
|
|
145
|
+
const dek = await generateDEK()
|
|
146
|
+
const wrapped = await wrapDEK(kek, dek)
|
|
147
|
+
await assert.rejects(
|
|
148
|
+
() => unwrapDEK('wrong-kek', wrapped),
|
|
149
|
+
(err: any) => err instanceof Error
|
|
150
|
+
)
|
|
151
|
+
})
|
|
152
|
+
|
|
153
|
+
test('envelopeEncrypt / envelopeDecrypt round-trip', async () => {
|
|
154
|
+
const original = {
|
|
155
|
+
apiKey: 'sk-secret-123',
|
|
156
|
+
endpoint: 'https://api.example.com',
|
|
157
|
+
}
|
|
158
|
+
const { ciphertext, wrappedDEK } = await envelopeEncrypt(kek, original)
|
|
159
|
+
const decrypted = await envelopeDecrypt(kek, ciphertext, wrappedDEK)
|
|
160
|
+
assert.deepStrictEqual(decrypted, original)
|
|
161
|
+
})
|
|
162
|
+
|
|
163
|
+
test('envelopeEncrypt produces unique ciphertexts and DEKs per call', async () => {
|
|
164
|
+
const value = { same: 'data' }
|
|
165
|
+
const r1 = await envelopeEncrypt(kek, value)
|
|
166
|
+
const r2 = await envelopeEncrypt(kek, value)
|
|
167
|
+
assert.notStrictEqual(r1.ciphertext, r2.ciphertext)
|
|
168
|
+
assert.notStrictEqual(r1.wrappedDEK, r2.wrappedDEK)
|
|
169
|
+
})
|
|
170
|
+
|
|
171
|
+
test('envelopeDecrypt fails with wrong KEK', async () => {
|
|
172
|
+
const { ciphertext, wrappedDEK } = await envelopeEncrypt(kek, 'secret')
|
|
173
|
+
await assert.rejects(
|
|
174
|
+
() => envelopeDecrypt('wrong-kek', ciphertext, wrappedDEK),
|
|
175
|
+
(err: any) => err instanceof Error
|
|
176
|
+
)
|
|
177
|
+
})
|
|
178
|
+
|
|
179
|
+
test('envelopeRewrap allows decryption with new KEK', async () => {
|
|
180
|
+
const newKEK = 'my-new-kek'
|
|
181
|
+
const original = { token: 'abc-123' }
|
|
182
|
+
const { ciphertext, wrappedDEK } = await envelopeEncrypt(kek, original)
|
|
183
|
+
|
|
184
|
+
const rewrapped = await envelopeRewrap(kek, newKEK, wrappedDEK)
|
|
185
|
+
|
|
186
|
+
await assert.rejects(
|
|
187
|
+
() => envelopeDecrypt(kek, ciphertext, rewrapped),
|
|
188
|
+
(err: any) => err instanceof Error
|
|
189
|
+
)
|
|
190
|
+
|
|
191
|
+
const decrypted = await envelopeDecrypt(newKEK, ciphertext, rewrapped)
|
|
192
|
+
assert.deepStrictEqual(decrypted, original)
|
|
193
|
+
})
|
|
194
|
+
|
|
195
|
+
test('envelopeRewrap does not change the ciphertext', async () => {
|
|
196
|
+
const original = { data: 'important' }
|
|
197
|
+
const { ciphertext, wrappedDEK } = await envelopeEncrypt(kek, original)
|
|
198
|
+
const rewrapped = await envelopeRewrap(kek, 'new-kek', wrappedDEK)
|
|
199
|
+
|
|
200
|
+
assert.notStrictEqual(rewrapped, wrappedDEK)
|
|
201
|
+
|
|
202
|
+
const decrypted = await envelopeDecrypt('new-kek', ciphertext, rewrapped)
|
|
203
|
+
assert.deepStrictEqual(decrypted, original)
|
|
204
|
+
})
|
|
205
|
+
|
|
206
|
+
test('envelope handles string secrets', async () => {
|
|
207
|
+
const { ciphertext, wrappedDEK } = await envelopeEncrypt(
|
|
208
|
+
kek,
|
|
209
|
+
'plain-string-secret'
|
|
210
|
+
)
|
|
211
|
+
const decrypted = await envelopeDecrypt<string>(kek, ciphertext, wrappedDEK)
|
|
212
|
+
assert.strictEqual(decrypted, 'plain-string-secret')
|
|
213
|
+
})
|
|
214
|
+
})
|
package/src/crypto-utils.ts
CHANGED
|
@@ -97,3 +97,117 @@ export const decryptJSON = async <T>(
|
|
|
97
97
|
)
|
|
98
98
|
return JSON.parse(decoder.decode(new Uint8Array(decrypted))) as T
|
|
99
99
|
}
|
|
100
|
+
|
|
101
|
+
/**
|
|
102
|
+
* Envelope encryption utilities.
|
|
103
|
+
*
|
|
104
|
+
* Each secret gets its own random DEK (data encryption key).
|
|
105
|
+
* The DEK is wrapped (encrypted) by a KEK (key encryption key) — typically an env var.
|
|
106
|
+
* The actual secret is encrypted with the DEK.
|
|
107
|
+
*
|
|
108
|
+
* KEK rotation only re-wraps the DEK, never touches the ciphertext.
|
|
109
|
+
*/
|
|
110
|
+
|
|
111
|
+
const importRawKey = async (rawBytes: Uint8Array): Promise<CryptoKey> => {
|
|
112
|
+
const subtle = getSubtle()
|
|
113
|
+
return subtle.importKey(
|
|
114
|
+
'raw',
|
|
115
|
+
rawBytes.buffer as ArrayBuffer,
|
|
116
|
+
{ name: 'AES-GCM' },
|
|
117
|
+
true,
|
|
118
|
+
['encrypt', 'decrypt']
|
|
119
|
+
)
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
export const generateDEK = async (): Promise<string> => {
|
|
123
|
+
const raw = globalThis.crypto.getRandomValues(new Uint8Array(32))
|
|
124
|
+
return toBase64Url(raw)
|
|
125
|
+
}
|
|
126
|
+
|
|
127
|
+
export const wrapDEK = async (
|
|
128
|
+
kek: string,
|
|
129
|
+
plaintextDEK: string
|
|
130
|
+
): Promise<string> => {
|
|
131
|
+
return encryptJSON(kek, plaintextDEK)
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
export const unwrapDEK = async (
|
|
135
|
+
kek: string,
|
|
136
|
+
wrappedDEK: string
|
|
137
|
+
): Promise<string> => {
|
|
138
|
+
return decryptJSON<string>(kek, wrappedDEK)
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
const encryptWithDEK = async (
|
|
142
|
+
dekBase64: string,
|
|
143
|
+
value: unknown
|
|
144
|
+
): Promise<string> => {
|
|
145
|
+
const crypto = globalThis.crypto
|
|
146
|
+
const subtle = getSubtle()
|
|
147
|
+
const iv = crypto.getRandomValues(new Uint8Array(12))
|
|
148
|
+
const key = await importRawKey(fromBase64Url(dekBase64))
|
|
149
|
+
const plaintext = encoder.encode(JSON.stringify(value))
|
|
150
|
+
const encrypted = await subtle.encrypt(
|
|
151
|
+
{ name: 'AES-GCM', iv },
|
|
152
|
+
key,
|
|
153
|
+
plaintext
|
|
154
|
+
)
|
|
155
|
+
const cipherBytes = new Uint8Array(encrypted)
|
|
156
|
+
const out = new Uint8Array(iv.length + cipherBytes.length)
|
|
157
|
+
out.set(iv, 0)
|
|
158
|
+
out.set(cipherBytes, iv.length)
|
|
159
|
+
return toBase64Url(out)
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
const decryptWithDEK = async <T>(
|
|
163
|
+
dekBase64: string,
|
|
164
|
+
token: string
|
|
165
|
+
): Promise<T> => {
|
|
166
|
+
const subtle = getSubtle()
|
|
167
|
+
const data = fromBase64Url(token)
|
|
168
|
+
if (data.length < 13) {
|
|
169
|
+
throw new Error('Invalid encrypted payload')
|
|
170
|
+
}
|
|
171
|
+
const iv = data.slice(0, 12)
|
|
172
|
+
const ciphertext = data.slice(12)
|
|
173
|
+
const key = await importRawKey(fromBase64Url(dekBase64))
|
|
174
|
+
const decrypted = await subtle.decrypt(
|
|
175
|
+
{ name: 'AES-GCM', iv },
|
|
176
|
+
key,
|
|
177
|
+
ciphertext
|
|
178
|
+
)
|
|
179
|
+
return JSON.parse(decoder.decode(new Uint8Array(decrypted))) as T
|
|
180
|
+
}
|
|
181
|
+
|
|
182
|
+
export interface EnvelopeEncryptResult {
|
|
183
|
+
ciphertext: string
|
|
184
|
+
wrappedDEK: string
|
|
185
|
+
}
|
|
186
|
+
|
|
187
|
+
export const envelopeEncrypt = async (
|
|
188
|
+
kek: string,
|
|
189
|
+
value: unknown
|
|
190
|
+
): Promise<EnvelopeEncryptResult> => {
|
|
191
|
+
const dek = await generateDEK()
|
|
192
|
+
const ciphertext = await encryptWithDEK(dek, value)
|
|
193
|
+
const wrappedDEK = await wrapDEK(kek, dek)
|
|
194
|
+
return { ciphertext, wrappedDEK }
|
|
195
|
+
}
|
|
196
|
+
|
|
197
|
+
export const envelopeDecrypt = async <T>(
|
|
198
|
+
kek: string,
|
|
199
|
+
ciphertext: string,
|
|
200
|
+
wrappedDEK: string
|
|
201
|
+
): Promise<T> => {
|
|
202
|
+
const dek = await unwrapDEK(kek, wrappedDEK)
|
|
203
|
+
return decryptWithDEK<T>(dek, ciphertext)
|
|
204
|
+
}
|
|
205
|
+
|
|
206
|
+
export const envelopeRewrap = async (
|
|
207
|
+
oldKEK: string,
|
|
208
|
+
newKEK: string,
|
|
209
|
+
wrappedDEK: string
|
|
210
|
+
): Promise<string> => {
|
|
211
|
+
const dek = await unwrapDEK(oldKEK, wrappedDEK)
|
|
212
|
+
return wrapDEK(newKEK, dek)
|
|
213
|
+
}
|
|
@@ -95,7 +95,7 @@ export const getAllFunctionNames = (): string[] => {
|
|
|
95
95
|
const mainFunctionsMeta = pikkuState(null, 'function', 'meta')
|
|
96
96
|
functions.push(...Object.keys(mainFunctionsMeta))
|
|
97
97
|
|
|
98
|
-
const addons = pikkuState(null, '
|
|
98
|
+
const addons = pikkuState(null, 'addons', 'packages')
|
|
99
99
|
for (const [namespace, config] of addons) {
|
|
100
100
|
const packageFunctionsMeta = pikkuState(config.package, 'function', 'meta')
|
|
101
101
|
for (const funcName of Object.keys(packageFunctionsMeta)) {
|
|
@@ -280,6 +280,10 @@ export const runPikkuFunc = async <In = any, Out = any>(
|
|
|
280
280
|
// Validate and coerce data if schema is defined
|
|
281
281
|
const inputSchemaName = funcMeta.inputSchemaName
|
|
282
282
|
if (inputSchemaName) {
|
|
283
|
+
// Coerce (top level) data types before validation (e.g. string→array, string→date)
|
|
284
|
+
if (coerceDataFromSchema) {
|
|
285
|
+
coerceTopLevelDataFromSchema(inputSchemaName, actualData, packageName)
|
|
286
|
+
}
|
|
283
287
|
// Validate request data against the defined schema, if any
|
|
284
288
|
await validateSchema(
|
|
285
289
|
resolvedSingletonServices.logger,
|
|
@@ -288,10 +292,6 @@ export const runPikkuFunc = async <In = any, Out = any>(
|
|
|
288
292
|
actualData,
|
|
289
293
|
packageName
|
|
290
294
|
)
|
|
291
|
-
// Coerce (top level) query string parameters or date objects if specified by the schema
|
|
292
|
-
if (coerceDataFromSchema) {
|
|
293
|
-
coerceTopLevelDataFromSchema(inputSchemaName, actualData, packageName)
|
|
294
|
-
}
|
|
295
295
|
}
|
|
296
296
|
|
|
297
297
|
if (
|
|
@@ -7,6 +7,7 @@ import type {
|
|
|
7
7
|
PickRequired,
|
|
8
8
|
} from '../types/core.types.js'
|
|
9
9
|
import type { StandardSchemaV1 } from '@standard-schema/spec'
|
|
10
|
+
import type { PikkuError } from '../errors/error-handler.js'
|
|
10
11
|
import type { CoreNodeConfig } from '../wirings/node/node.types.js'
|
|
11
12
|
|
|
12
13
|
/**
|
|
@@ -194,6 +195,40 @@ export const pikkuPermissionFactory = <In = any>(
|
|
|
194
195
|
return factory
|
|
195
196
|
}
|
|
196
197
|
|
|
198
|
+
/**
|
|
199
|
+
* A function that generates a human-readable description of a pending approval action.
|
|
200
|
+
* Used by AI agents to show meaningful approval prompts instead of raw tool arguments.
|
|
201
|
+
*
|
|
202
|
+
* @template In - The input type (same as the function it describes).
|
|
203
|
+
* @template Services - The services type, defaults to `CoreSingletonServices`.
|
|
204
|
+
*/
|
|
205
|
+
export type CorePikkuApprovalDescription<
|
|
206
|
+
In = any,
|
|
207
|
+
Services extends CoreSingletonServices = CoreSingletonServices,
|
|
208
|
+
> = (services: Services, data: In) => Promise<string>
|
|
209
|
+
|
|
210
|
+
/**
|
|
211
|
+
* Factory function for creating approval description functions with tree-shaking support.
|
|
212
|
+
*
|
|
213
|
+
* @example
|
|
214
|
+
* ```typescript
|
|
215
|
+
* export const deleteTodoApproval = pikkuApprovalDescription(
|
|
216
|
+
* async ({ todoStore }, { id }) => {
|
|
217
|
+
* const todo = await todoStore.get(id)
|
|
218
|
+
* return `Delete todo: "${todo.title}"`
|
|
219
|
+
* }
|
|
220
|
+
* )
|
|
221
|
+
* ```
|
|
222
|
+
*/
|
|
223
|
+
export const pikkuApprovalDescription = <
|
|
224
|
+
In = any,
|
|
225
|
+
Services extends CoreSingletonServices = CoreSingletonServices,
|
|
226
|
+
>(
|
|
227
|
+
fn: CorePikkuApprovalDescription<In, Services>
|
|
228
|
+
): CorePikkuApprovalDescription<In, Services> => {
|
|
229
|
+
return fn
|
|
230
|
+
}
|
|
231
|
+
|
|
197
232
|
export type CorePikkuAuth<
|
|
198
233
|
Services extends CoreSingletonServices = CoreServices,
|
|
199
234
|
Session extends CoreUserSession = CoreUserSession,
|
|
@@ -256,7 +291,8 @@ export type CorePikkuFunctionConfig<
|
|
|
256
291
|
remote?: boolean
|
|
257
292
|
mcp?: boolean
|
|
258
293
|
readonly?: boolean
|
|
259
|
-
|
|
294
|
+
approvalRequired?: boolean
|
|
295
|
+
approvalDescription?: any
|
|
260
296
|
func: PikkuFunction
|
|
261
297
|
auth?: boolean
|
|
262
298
|
permissions?: CorePermissionGroup<PikkuPermission>
|
|
@@ -264,4 +300,5 @@ export type CorePikkuFunctionConfig<
|
|
|
264
300
|
input?: InputSchema
|
|
265
301
|
output?: OutputSchema
|
|
266
302
|
node?: CoreNodeConfig
|
|
303
|
+
errors?: Array<typeof PikkuError>
|
|
267
304
|
}
|