@sekuire/sdk 0.1.21 → 0.1.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/beacon.d.ts +1 -1
- package/dist/index.d.ts +24 -4
- package/dist/index.esm.js +154 -97
- package/dist/index.js +154 -96
- package/dist/runtime-credentials.d.ts +21 -1
- package/package.json +1 -1
package/dist/beacon.d.ts
CHANGED
package/dist/index.d.ts
CHANGED
|
@@ -366,12 +366,30 @@ interface RuntimeCredentials {
|
|
|
366
366
|
refreshToken?: string;
|
|
367
367
|
expiresAt?: string;
|
|
368
368
|
}
|
|
369
|
+
interface BootstrapResponseData {
|
|
370
|
+
installation_id: string;
|
|
371
|
+
runtime_token: string;
|
|
372
|
+
refresh_token?: string;
|
|
373
|
+
expires_at: string;
|
|
374
|
+
}
|
|
375
|
+
interface BootstrapTarget {
|
|
376
|
+
installationId: string | null;
|
|
377
|
+
runtimeToken: string | null;
|
|
378
|
+
refreshToken: string | null;
|
|
379
|
+
credentialsStore?: RuntimeCredentialsStore | null;
|
|
380
|
+
}
|
|
381
|
+
declare function applyBootstrapResponse(target: BootstrapTarget, data: BootstrapResponseData): void;
|
|
369
382
|
declare class RuntimeCredentialsStore {
|
|
370
383
|
private installationId?;
|
|
371
384
|
private runtimeToken?;
|
|
372
385
|
private refreshToken?;
|
|
373
386
|
private expiresAt?;
|
|
374
|
-
|
|
387
|
+
private apiBaseUrl?;
|
|
388
|
+
private inflightRefresh;
|
|
389
|
+
constructor(initial?: RuntimeCredentials & {
|
|
390
|
+
apiBaseUrl?: string;
|
|
391
|
+
});
|
|
392
|
+
setApiBaseUrl(url: string): void;
|
|
375
393
|
update(partial: RuntimeCredentials): void;
|
|
376
394
|
setRuntimeToken(runtimeToken: string, expiresAt?: string): void;
|
|
377
395
|
setInstallationId(installationId: string): void;
|
|
@@ -383,6 +401,8 @@ declare class RuntimeCredentialsStore {
|
|
|
383
401
|
getAll(): RuntimeCredentials;
|
|
384
402
|
hasRecoveryCredentials(): boolean;
|
|
385
403
|
hasRuntimeToken(): boolean;
|
|
404
|
+
refreshRuntimeToken(caller?: string): Promise<void>;
|
|
405
|
+
private doRefresh;
|
|
386
406
|
}
|
|
387
407
|
|
|
388
408
|
/**
|
|
@@ -458,7 +478,7 @@ interface InstallationCredentials {
|
|
|
458
478
|
interface BootstrapResponse {
|
|
459
479
|
installation_id: string;
|
|
460
480
|
runtime_token: string;
|
|
461
|
-
refresh_token
|
|
481
|
+
refresh_token?: string;
|
|
462
482
|
expires_at: string;
|
|
463
483
|
heartbeat_interval: number;
|
|
464
484
|
}
|
|
@@ -3534,5 +3554,5 @@ declare class A2AServer {
|
|
|
3534
3554
|
private generateId;
|
|
3535
3555
|
}
|
|
3536
3556
|
|
|
3537
|
-
export { A2AClient, A2AError, A2AServer, A2ATaskDelegator, SekuireAgent as Agent, AgentIdentity, AnthropicProvider, BaseMemoryStorage, Beacon, CONVEX_FUNCTIONS_TEMPLATE, CONVEX_SCHEMA_TEMPLATE, CloudflareD1Storage, CloudflareKVStorage, ComplianceError, ComplianceMonitor, ContentPolicyError, ConvexStorage, CryptoError, DEFAULT_API_URL, DynamoDBStorage, FileAccessError, GoogleProvider, InMemoryStorage, NetworkComplianceError, NetworkError, OllamaProvider, OpenAIProvider, PolicyClient, PolicyEnforcer, PolicyGateway, PolicyViolationError, PostgresStorage, ProtocolError, RedisStorage, RuntimeCredentialsStore, SQLiteStorage, SekuireAgent$1 as SekuireAgent, SekuireAgentBuilder, SekuireClient, SekuireCrypto, SekuireError, SekuireLogger, SekuireRegistryClient, SekuireSDK, SekuireServer, SekuireSpanExporter, TaskWorker, Tool, ToolPatternParser, ToolRegistry, ToolUsageError, TursoStorage, UpstashStorage, builtInTools, calculateSekuireId, createAgent, createBeacon, createDefaultToolRegistry, createDelegationTool, createDelegator, createDiscoveryTool, createLLMProvider, createMemoryStorage, createRegistryClient, createSekuireClient, createSekuireExpressMiddleware, createSekuireFastifyPlugin, createWorker, detectDeploymentUrl, generateKeyPair, getAgent, getAgentConfig, getAgents, getTools$1 as getLegacyTools, getStorageInfo, getSystemPrompt, getTools, getTracer, hasStorage, initTelemetry, listStorageTypes, llm, loadConfig, loadSystemPrompt, loadTools, registerStorage, shutdownTelemetry, tool, tools };
|
|
3538
|
-
export type { A2AArtifact, A2AClientOptions, A2AMessage, A2AMessagePart, A2ARouteRequest, A2ARouteResponse, A2AServerOptions, A2ATask, A2ATaskState, A2ATaskStatus, ActivePolicy, ActivePolicyResponse, AgentCapabilities, AgentCard, AgentConfig, AgentId, AgentInvokeOptions, AgentOptions, AgentProvider, AgentResponse$1 as AgentResponse, AgentSkill, BeaconConfig, BeaconStatus, BootstrapResponse, BuiltInMemoryType, ChatChunk, ChatOptions, ChatResponse, CloudflareD1Config, CloudflareKVConfig, ComplianceConfig, ComplianceViolation, ConditionOperator, ToolDefinition$1 as ConfigToolDefinition, ConvexConfig, CreateOrgRequest, CreateWorkspaceRequest, CustomRule, DelegationRequest, DelegationResult, DelegatorConfig, DisputeRequest, DisputeResponse, DynamoDBConfig, EventLog, EventType, ExporterType, HandshakeAuth, HandshakeHello, HandshakeResult, HandshakeWelcome, HexString, IdentityConfig, InstallationCredentials, InviteRequest, InviteResponse, JsonRpcError, JsonRpcRequest, JsonRpcResponse, KeyPair, LLMConfig, Message as LLMMessage, LLMProvider, LLMProviderConfig, ToolCallFunction as LLMToolCall, ToolDefinition as LLMToolDefinition, LeaderboardEntry, LoggerConfig$1 as LoggerConfig, Manifest, MemoryConfig, MemoryFactoryConfig, MemoryMessage, MemoryStorage, MemoryType, Message$1 as Message, OrgResponse, OrgSummary, PerAgentLimits, PolicyDecision, PolicyViolation, PostgresConfig, ProjectMetadata, PublishAgentOptions, PublishRequest, PublishResponse, RateLimitsConfig$1 as RateLimitsConfig, RedisConfig, RegistryClientConfig, ReputationLog, ReputationResponse, RuleCondition, RuntimeCredentials, SQLiteConfig, SearchAgentsOptions, SekuireAgentConfig, SekuireClientConfig, SekuireConfig, SekuireExporterConfig, SekuireSDKConfig, Severity, SkillContext, SkillHandler, StreamingSkillContext, StreamingSkillHandler, StreamingUpdate, SubmitReputationRequest, TaskCompletion, TaskContext, TaskEvent, TaskHandler, TaskState, TaskUpdateEvent, TasksCancelParams, TasksGetParams, TasksSendParams, TasksSendSubscribeParams, TelemetryConfig, ToolCall, ToolDefinition$2 as ToolDefinition, ToolInput, ToolMetadata, ToolParameter, ToolsSchema, TrustHeaders, TrustHeadersRequest, TursoConfig, UpdateAgentOptions, UpstashConfig, UserContextResponse, VerificationIssue, VerificationRequest, VerificationResult, VerificationStatus, VerifyAgentRequest, WorkerConfig, WorkspaceResponse, WorkspaceSummary };
|
|
3557
|
+
export { A2AClient, A2AError, A2AServer, A2ATaskDelegator, SekuireAgent as Agent, AgentIdentity, AnthropicProvider, BaseMemoryStorage, Beacon, CONVEX_FUNCTIONS_TEMPLATE, CONVEX_SCHEMA_TEMPLATE, CloudflareD1Storage, CloudflareKVStorage, ComplianceError, ComplianceMonitor, ContentPolicyError, ConvexStorage, CryptoError, DEFAULT_API_URL, DynamoDBStorage, FileAccessError, GoogleProvider, InMemoryStorage, NetworkComplianceError, NetworkError, OllamaProvider, OpenAIProvider, PolicyClient, PolicyEnforcer, PolicyGateway, PolicyViolationError, PostgresStorage, ProtocolError, RedisStorage, RuntimeCredentialsStore, SQLiteStorage, SekuireAgent$1 as SekuireAgent, SekuireAgentBuilder, SekuireClient, SekuireCrypto, SekuireError, SekuireLogger, SekuireRegistryClient, SekuireSDK, SekuireServer, SekuireSpanExporter, TaskWorker, Tool, ToolPatternParser, ToolRegistry, ToolUsageError, TursoStorage, UpstashStorage, applyBootstrapResponse, builtInTools, calculateSekuireId, createAgent, createBeacon, createDefaultToolRegistry, createDelegationTool, createDelegator, createDiscoveryTool, createLLMProvider, createMemoryStorage, createRegistryClient, createSekuireClient, createSekuireExpressMiddleware, createSekuireFastifyPlugin, createWorker, detectDeploymentUrl, generateKeyPair, getAgent, getAgentConfig, getAgents, getTools$1 as getLegacyTools, getStorageInfo, getSystemPrompt, getTools, getTracer, hasStorage, initTelemetry, listStorageTypes, llm, loadConfig, loadSystemPrompt, loadTools, registerStorage, shutdownTelemetry, tool, tools };
|
|
3558
|
+
export type { A2AArtifact, A2AClientOptions, A2AMessage, A2AMessagePart, A2ARouteRequest, A2ARouteResponse, A2AServerOptions, A2ATask, A2ATaskState, A2ATaskStatus, ActivePolicy, ActivePolicyResponse, AgentCapabilities, AgentCard, AgentConfig, AgentId, AgentInvokeOptions, AgentOptions, AgentProvider, AgentResponse$1 as AgentResponse, AgentSkill, BeaconConfig, BeaconStatus, BootstrapResponse, BootstrapResponseData, BootstrapTarget, BuiltInMemoryType, ChatChunk, ChatOptions, ChatResponse, CloudflareD1Config, CloudflareKVConfig, ComplianceConfig, ComplianceViolation, ConditionOperator, ToolDefinition$1 as ConfigToolDefinition, ConvexConfig, CreateOrgRequest, CreateWorkspaceRequest, CustomRule, DelegationRequest, DelegationResult, DelegatorConfig, DisputeRequest, DisputeResponse, DynamoDBConfig, EventLog, EventType, ExporterType, HandshakeAuth, HandshakeHello, HandshakeResult, HandshakeWelcome, HexString, IdentityConfig, InstallationCredentials, InviteRequest, InviteResponse, JsonRpcError, JsonRpcRequest, JsonRpcResponse, KeyPair, LLMConfig, Message as LLMMessage, LLMProvider, LLMProviderConfig, ToolCallFunction as LLMToolCall, ToolDefinition as LLMToolDefinition, LeaderboardEntry, LoggerConfig$1 as LoggerConfig, Manifest, MemoryConfig, MemoryFactoryConfig, MemoryMessage, MemoryStorage, MemoryType, Message$1 as Message, OrgResponse, OrgSummary, PerAgentLimits, PolicyDecision, PolicyViolation, PostgresConfig, ProjectMetadata, PublishAgentOptions, PublishRequest, PublishResponse, RateLimitsConfig$1 as RateLimitsConfig, RedisConfig, RegistryClientConfig, ReputationLog, ReputationResponse, RuleCondition, RuntimeCredentials, SQLiteConfig, SearchAgentsOptions, SekuireAgentConfig, SekuireClientConfig, SekuireConfig, SekuireExporterConfig, SekuireSDKConfig, Severity, SkillContext, SkillHandler, StreamingSkillContext, StreamingSkillHandler, StreamingUpdate, SubmitReputationRequest, TaskCompletion, TaskContext, TaskEvent, TaskHandler, TaskState, TaskUpdateEvent, TasksCancelParams, TasksGetParams, TasksSendParams, TasksSendSubscribeParams, TelemetryConfig, ToolCall, ToolDefinition$2 as ToolDefinition, ToolInput, ToolMetadata, ToolParameter, ToolsSchema, TrustHeaders, TrustHeadersRequest, TursoConfig, UpdateAgentOptions, UpstashConfig, UserContextResponse, VerificationIssue, VerificationRequest, VerificationResult, VerificationStatus, VerifyAgentRequest, WorkerConfig, WorkspaceResponse, WorkspaceSummary };
|
package/dist/index.esm.js
CHANGED
|
@@ -812,6 +812,121 @@ function detectDeploymentUrl() {
|
|
|
812
812
|
return undefined;
|
|
813
813
|
}
|
|
814
814
|
|
|
815
|
+
function applyBootstrapResponse(target, data) {
|
|
816
|
+
target.installationId = data.installation_id;
|
|
817
|
+
target.runtimeToken = data.runtime_token;
|
|
818
|
+
if (data.refresh_token) {
|
|
819
|
+
target.refreshToken = data.refresh_token;
|
|
820
|
+
}
|
|
821
|
+
target.credentialsStore?.update({
|
|
822
|
+
installationId: data.installation_id,
|
|
823
|
+
runtimeToken: data.runtime_token,
|
|
824
|
+
refreshToken: data.refresh_token,
|
|
825
|
+
expiresAt: data.expires_at,
|
|
826
|
+
});
|
|
827
|
+
}
|
|
828
|
+
class RuntimeCredentialsStore {
|
|
829
|
+
constructor(initial) {
|
|
830
|
+
this.inflightRefresh = null;
|
|
831
|
+
if (initial) {
|
|
832
|
+
this.update(initial);
|
|
833
|
+
}
|
|
834
|
+
if (initial?.apiBaseUrl) {
|
|
835
|
+
this.apiBaseUrl = initial.apiBaseUrl;
|
|
836
|
+
}
|
|
837
|
+
}
|
|
838
|
+
setApiBaseUrl(url) {
|
|
839
|
+
this.apiBaseUrl = url;
|
|
840
|
+
}
|
|
841
|
+
update(partial) {
|
|
842
|
+
if (partial.installationId) {
|
|
843
|
+
this.installationId = partial.installationId;
|
|
844
|
+
}
|
|
845
|
+
if (partial.runtimeToken) {
|
|
846
|
+
this.runtimeToken = partial.runtimeToken;
|
|
847
|
+
}
|
|
848
|
+
if (partial.refreshToken) {
|
|
849
|
+
this.refreshToken = partial.refreshToken;
|
|
850
|
+
}
|
|
851
|
+
if (partial.expiresAt !== undefined) {
|
|
852
|
+
this.expiresAt = partial.expiresAt;
|
|
853
|
+
}
|
|
854
|
+
}
|
|
855
|
+
setRuntimeToken(runtimeToken, expiresAt) {
|
|
856
|
+
this.runtimeToken = runtimeToken;
|
|
857
|
+
if (expiresAt !== undefined) {
|
|
858
|
+
this.expiresAt = expiresAt;
|
|
859
|
+
}
|
|
860
|
+
}
|
|
861
|
+
setInstallationId(installationId) {
|
|
862
|
+
this.installationId = installationId;
|
|
863
|
+
}
|
|
864
|
+
setRefreshToken(refreshToken) {
|
|
865
|
+
this.refreshToken = refreshToken;
|
|
866
|
+
}
|
|
867
|
+
getInstallationId() {
|
|
868
|
+
return this.installationId;
|
|
869
|
+
}
|
|
870
|
+
getRuntimeToken() {
|
|
871
|
+
return this.runtimeToken;
|
|
872
|
+
}
|
|
873
|
+
getRefreshToken() {
|
|
874
|
+
return this.refreshToken;
|
|
875
|
+
}
|
|
876
|
+
getExpiresAt() {
|
|
877
|
+
return this.expiresAt;
|
|
878
|
+
}
|
|
879
|
+
getAll() {
|
|
880
|
+
return {
|
|
881
|
+
installationId: this.installationId,
|
|
882
|
+
runtimeToken: this.runtimeToken,
|
|
883
|
+
refreshToken: this.refreshToken,
|
|
884
|
+
expiresAt: this.expiresAt,
|
|
885
|
+
};
|
|
886
|
+
}
|
|
887
|
+
hasRecoveryCredentials() {
|
|
888
|
+
return !!(this.installationId && this.refreshToken);
|
|
889
|
+
}
|
|
890
|
+
hasRuntimeToken() {
|
|
891
|
+
return !!this.runtimeToken;
|
|
892
|
+
}
|
|
893
|
+
async refreshRuntimeToken(caller) {
|
|
894
|
+
if (this.inflightRefresh) {
|
|
895
|
+
return this.inflightRefresh;
|
|
896
|
+
}
|
|
897
|
+
this.inflightRefresh = this.doRefresh(caller).finally(() => {
|
|
898
|
+
this.inflightRefresh = null;
|
|
899
|
+
});
|
|
900
|
+
return this.inflightRefresh;
|
|
901
|
+
}
|
|
902
|
+
async doRefresh(caller) {
|
|
903
|
+
const installationId = this.installationId;
|
|
904
|
+
const refreshToken = this.refreshToken;
|
|
905
|
+
const apiBaseUrl = this.apiBaseUrl;
|
|
906
|
+
if (!installationId || !refreshToken) {
|
|
907
|
+
throw new Error("Cannot refresh token - missing installation ID or refresh token");
|
|
908
|
+
}
|
|
909
|
+
if (!apiBaseUrl) {
|
|
910
|
+
throw new Error("Cannot refresh token - missing API base URL");
|
|
911
|
+
}
|
|
912
|
+
const response = await fetch(`${apiBaseUrl}/api/v1/installations/${installationId}/refresh`, {
|
|
913
|
+
method: "POST",
|
|
914
|
+
headers: { "Content-Type": "application/json" },
|
|
915
|
+
body: JSON.stringify({ refresh_token: refreshToken }),
|
|
916
|
+
});
|
|
917
|
+
if (!response.ok) {
|
|
918
|
+
const body = await response.text();
|
|
919
|
+
throw new Error(`Token refresh failed: ${response.status} - ${body}`);
|
|
920
|
+
}
|
|
921
|
+
const data = await response.json();
|
|
922
|
+
this.runtimeToken = data.runtime_token;
|
|
923
|
+
if (data.expires_at !== undefined) {
|
|
924
|
+
this.expiresAt = data.expires_at;
|
|
925
|
+
}
|
|
926
|
+
console.log(`[${caller || "CredentialsStore"}] Runtime token refreshed successfully`);
|
|
927
|
+
}
|
|
928
|
+
}
|
|
929
|
+
|
|
815
930
|
/**
|
|
816
931
|
* Sekuire Beacon - Deployment Registration & Heartbeat
|
|
817
932
|
*
|
|
@@ -855,6 +970,7 @@ class Beacon {
|
|
|
855
970
|
this.credentialsStore = config.credentialsStore;
|
|
856
971
|
this.policyGateway = config.policyGateway;
|
|
857
972
|
if (this.credentialsStore) {
|
|
973
|
+
this.credentialsStore.setApiBaseUrl(this.config.apiBaseUrl);
|
|
858
974
|
this.credentialsStore.update({
|
|
859
975
|
installationId: resolvedInstallationId,
|
|
860
976
|
refreshToken: resolvedRefreshToken,
|
|
@@ -1042,6 +1158,16 @@ class Beacon {
|
|
|
1042
1158
|
}
|
|
1043
1159
|
// Refresh to get a new runtime token
|
|
1044
1160
|
try {
|
|
1161
|
+
if (this.credentialsStore) {
|
|
1162
|
+
this.credentialsStore.update({ installationId, refreshToken });
|
|
1163
|
+
await this.credentialsStore.refreshRuntimeToken("Beacon");
|
|
1164
|
+
this.installationId = installationId;
|
|
1165
|
+
this.runtimeToken = this.credentialsStore.getRuntimeToken() ?? null;
|
|
1166
|
+
this.refreshToken = refreshToken;
|
|
1167
|
+
this.expiresAt = this.credentialsStore.getExpiresAt() ?? null;
|
|
1168
|
+
console.log('[Beacon] Credentials recovered via refresh token');
|
|
1169
|
+
return true;
|
|
1170
|
+
}
|
|
1045
1171
|
const response = await fetch(`${this.config.apiBaseUrl}/api/v1/installations/${installationId}/refresh`, {
|
|
1046
1172
|
method: 'POST',
|
|
1047
1173
|
headers: {
|
|
@@ -1059,14 +1185,8 @@ class Beacon {
|
|
|
1059
1185
|
const data = await response.json();
|
|
1060
1186
|
this.installationId = installationId;
|
|
1061
1187
|
this.runtimeToken = data.runtime_token;
|
|
1062
|
-
this.refreshToken = refreshToken;
|
|
1188
|
+
this.refreshToken = refreshToken;
|
|
1063
1189
|
this.expiresAt = data.expires_at || null;
|
|
1064
|
-
this.credentialsStore?.update({
|
|
1065
|
-
installationId,
|
|
1066
|
-
runtimeToken: data.runtime_token,
|
|
1067
|
-
refreshToken,
|
|
1068
|
-
expiresAt: data.expires_at,
|
|
1069
|
-
});
|
|
1070
1190
|
console.log('[Beacon] Credentials recovered via refresh token');
|
|
1071
1191
|
return true;
|
|
1072
1192
|
}
|
|
@@ -1176,9 +1296,7 @@ class Beacon {
|
|
|
1176
1296
|
return false;
|
|
1177
1297
|
}
|
|
1178
1298
|
const data = await response.json();
|
|
1179
|
-
this
|
|
1180
|
-
this.runtimeToken = data.runtime_token;
|
|
1181
|
-
this.refreshToken = data.refresh_token;
|
|
1299
|
+
applyBootstrapResponse(this, data);
|
|
1182
1300
|
console.log(`[Beacon] Recovery bootstrap successful, installation ID: ${this.installationId}`);
|
|
1183
1301
|
return true;
|
|
1184
1302
|
}
|
|
@@ -1215,16 +1333,8 @@ class Beacon {
|
|
|
1215
1333
|
throw new Error(`Bootstrap failed: ${response.status} ${response.statusText} - ${body}`);
|
|
1216
1334
|
}
|
|
1217
1335
|
const data = await response.json();
|
|
1218
|
-
this
|
|
1219
|
-
this.runtimeToken = data.runtime_token;
|
|
1220
|
-
this.refreshToken = data.refresh_token;
|
|
1336
|
+
applyBootstrapResponse(this, data);
|
|
1221
1337
|
this.expiresAt = data.expires_at || null;
|
|
1222
|
-
this.credentialsStore?.update({
|
|
1223
|
-
installationId: data.installation_id,
|
|
1224
|
-
runtimeToken: data.runtime_token,
|
|
1225
|
-
refreshToken: data.refresh_token,
|
|
1226
|
-
expiresAt: data.expires_at,
|
|
1227
|
-
});
|
|
1228
1338
|
}
|
|
1229
1339
|
/**
|
|
1230
1340
|
* Send heartbeat (lease renewal) to Sekuire
|
|
@@ -1292,6 +1402,11 @@ class Beacon {
|
|
|
1292
1402
|
* Refresh the runtime token using the refresh token
|
|
1293
1403
|
*/
|
|
1294
1404
|
async refreshRuntimeToken() {
|
|
1405
|
+
if (this.credentialsStore) {
|
|
1406
|
+
await this.credentialsStore.refreshRuntimeToken("Beacon");
|
|
1407
|
+
this.runtimeToken = this.credentialsStore.getRuntimeToken() ?? null;
|
|
1408
|
+
return;
|
|
1409
|
+
}
|
|
1295
1410
|
const installationId = this.getInstallationId();
|
|
1296
1411
|
const refreshToken = this.getRefreshToken();
|
|
1297
1412
|
if (!installationId || !refreshToken) {
|
|
@@ -1312,7 +1427,6 @@ class Beacon {
|
|
|
1312
1427
|
}
|
|
1313
1428
|
const data = await response.json();
|
|
1314
1429
|
this.runtimeToken = data.runtime_token;
|
|
1315
|
-
this.credentialsStore?.setRuntimeToken(data.runtime_token, data.expires_at);
|
|
1316
1430
|
console.log('[Beacon] Runtime token refreshed successfully');
|
|
1317
1431
|
}
|
|
1318
1432
|
/**
|
|
@@ -2146,66 +2260,6 @@ class PolicyGateway {
|
|
|
2146
2260
|
}
|
|
2147
2261
|
}
|
|
2148
2262
|
|
|
2149
|
-
class RuntimeCredentialsStore {
|
|
2150
|
-
constructor(initial) {
|
|
2151
|
-
if (initial) {
|
|
2152
|
-
this.update(initial);
|
|
2153
|
-
}
|
|
2154
|
-
}
|
|
2155
|
-
update(partial) {
|
|
2156
|
-
if (partial.installationId) {
|
|
2157
|
-
this.installationId = partial.installationId;
|
|
2158
|
-
}
|
|
2159
|
-
if (partial.runtimeToken) {
|
|
2160
|
-
this.runtimeToken = partial.runtimeToken;
|
|
2161
|
-
}
|
|
2162
|
-
if (partial.refreshToken) {
|
|
2163
|
-
this.refreshToken = partial.refreshToken;
|
|
2164
|
-
}
|
|
2165
|
-
if (partial.expiresAt !== undefined) {
|
|
2166
|
-
this.expiresAt = partial.expiresAt;
|
|
2167
|
-
}
|
|
2168
|
-
}
|
|
2169
|
-
setRuntimeToken(runtimeToken, expiresAt) {
|
|
2170
|
-
this.runtimeToken = runtimeToken;
|
|
2171
|
-
if (expiresAt !== undefined) {
|
|
2172
|
-
this.expiresAt = expiresAt;
|
|
2173
|
-
}
|
|
2174
|
-
}
|
|
2175
|
-
setInstallationId(installationId) {
|
|
2176
|
-
this.installationId = installationId;
|
|
2177
|
-
}
|
|
2178
|
-
setRefreshToken(refreshToken) {
|
|
2179
|
-
this.refreshToken = refreshToken;
|
|
2180
|
-
}
|
|
2181
|
-
getInstallationId() {
|
|
2182
|
-
return this.installationId;
|
|
2183
|
-
}
|
|
2184
|
-
getRuntimeToken() {
|
|
2185
|
-
return this.runtimeToken;
|
|
2186
|
-
}
|
|
2187
|
-
getRefreshToken() {
|
|
2188
|
-
return this.refreshToken;
|
|
2189
|
-
}
|
|
2190
|
-
getExpiresAt() {
|
|
2191
|
-
return this.expiresAt;
|
|
2192
|
-
}
|
|
2193
|
-
getAll() {
|
|
2194
|
-
return {
|
|
2195
|
-
installationId: this.installationId,
|
|
2196
|
-
runtimeToken: this.runtimeToken,
|
|
2197
|
-
refreshToken: this.refreshToken,
|
|
2198
|
-
expiresAt: this.expiresAt,
|
|
2199
|
-
};
|
|
2200
|
-
}
|
|
2201
|
-
hasRecoveryCredentials() {
|
|
2202
|
-
return !!(this.installationId && this.refreshToken);
|
|
2203
|
-
}
|
|
2204
|
-
hasRuntimeToken() {
|
|
2205
|
-
return !!this.runtimeToken;
|
|
2206
|
-
}
|
|
2207
|
-
}
|
|
2208
|
-
|
|
2209
2263
|
function getDefaultExportFromCjs (x) {
|
|
2210
2264
|
return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
|
|
2211
2265
|
}
|
|
@@ -2758,6 +2812,7 @@ class TaskWorker {
|
|
|
2758
2812
|
this.installationId = resolvedInstallationId || null;
|
|
2759
2813
|
this.refreshToken = resolvedRefreshToken || null;
|
|
2760
2814
|
if (this.credentialsStore) {
|
|
2815
|
+
this.credentialsStore.setApiBaseUrl(this.config.apiBaseUrl);
|
|
2761
2816
|
this.credentialsStore.update({
|
|
2762
2817
|
installationId: resolvedInstallationId,
|
|
2763
2818
|
refreshToken: resolvedRefreshToken,
|
|
@@ -2830,6 +2885,17 @@ class TaskWorker {
|
|
|
2830
2885
|
return false;
|
|
2831
2886
|
}
|
|
2832
2887
|
try {
|
|
2888
|
+
if (this.credentialsStore) {
|
|
2889
|
+
this.credentialsStore.update({ installationId, refreshToken });
|
|
2890
|
+
await this.credentialsStore.refreshRuntimeToken("Worker");
|
|
2891
|
+
this.installationId = installationId;
|
|
2892
|
+
this.runtimeToken = this.credentialsStore.getRuntimeToken() ?? null;
|
|
2893
|
+
this.refreshToken = refreshToken;
|
|
2894
|
+
const expiresAt = this.credentialsStore.getExpiresAt();
|
|
2895
|
+
this.expiresAt = expiresAt ? new Date(expiresAt).getTime() : null;
|
|
2896
|
+
console.log(`[Worker] Credentials recovered for installation: ${installationId}`);
|
|
2897
|
+
return true;
|
|
2898
|
+
}
|
|
2833
2899
|
const response = await fetch(`${this.config.apiBaseUrl}/api/v1/installations/${installationId}/refresh`, {
|
|
2834
2900
|
method: "POST",
|
|
2835
2901
|
headers: {
|
|
@@ -2849,12 +2915,6 @@ class TaskWorker {
|
|
|
2849
2915
|
this.runtimeToken = data.runtime_token;
|
|
2850
2916
|
this.refreshToken = refreshToken;
|
|
2851
2917
|
this.expiresAt = data.expires_at ? new Date(data.expires_at).getTime() : null;
|
|
2852
|
-
this.credentialsStore?.update({
|
|
2853
|
-
installationId,
|
|
2854
|
-
runtimeToken: data.runtime_token,
|
|
2855
|
-
refreshToken,
|
|
2856
|
-
expiresAt: data.expires_at,
|
|
2857
|
-
});
|
|
2858
2918
|
console.log(`[Worker] Credentials recovered for installation: ${installationId}`);
|
|
2859
2919
|
return true;
|
|
2860
2920
|
}
|
|
@@ -3097,18 +3157,10 @@ class TaskWorker {
|
|
|
3097
3157
|
throw new Error(`Bootstrap failed: ${response.status} - ${errorText}`);
|
|
3098
3158
|
}
|
|
3099
3159
|
const data = await response.json();
|
|
3100
|
-
this
|
|
3101
|
-
this.runtimeToken = data.runtime_token;
|
|
3102
|
-
this.refreshToken = data.refresh_token;
|
|
3160
|
+
applyBootstrapResponse(this, data);
|
|
3103
3161
|
this.expiresAt = data.expires_at
|
|
3104
3162
|
? new Date(data.expires_at).getTime()
|
|
3105
3163
|
: null;
|
|
3106
|
-
this.credentialsStore?.update({
|
|
3107
|
-
installationId: data.installation_id,
|
|
3108
|
-
runtimeToken: data.runtime_token,
|
|
3109
|
-
refreshToken: data.refresh_token,
|
|
3110
|
-
expiresAt: data.expires_at,
|
|
3111
|
-
});
|
|
3112
3164
|
console.log(`[Worker] Bootstrapped installation: ${this.installationId}`);
|
|
3113
3165
|
}
|
|
3114
3166
|
catch (e) {
|
|
@@ -3181,6 +3233,11 @@ class TaskWorker {
|
|
|
3181
3233
|
* Refresh the runtime token using the refresh token
|
|
3182
3234
|
*/
|
|
3183
3235
|
async refreshRuntimeToken() {
|
|
3236
|
+
if (this.credentialsStore) {
|
|
3237
|
+
await this.credentialsStore.refreshRuntimeToken("Worker");
|
|
3238
|
+
this.runtimeToken = this.credentialsStore.getRuntimeToken() ?? null;
|
|
3239
|
+
return;
|
|
3240
|
+
}
|
|
3184
3241
|
const installationId = this.getInstallationId();
|
|
3185
3242
|
const refreshToken = this.getRefreshToken();
|
|
3186
3243
|
if (!installationId || !refreshToken) {
|
|
@@ -3201,7 +3258,6 @@ class TaskWorker {
|
|
|
3201
3258
|
}
|
|
3202
3259
|
const data = await response.json();
|
|
3203
3260
|
this.runtimeToken = data.runtime_token;
|
|
3204
|
-
this.credentialsStore?.setRuntimeToken(data.runtime_token, data.expires_at);
|
|
3205
3261
|
console.log("[Worker] Runtime token refreshed successfully");
|
|
3206
3262
|
}
|
|
3207
3263
|
getInstallationId() {
|
|
@@ -3267,6 +3323,7 @@ class SekuireSDK {
|
|
|
3267
3323
|
installationId: this.config.installationId,
|
|
3268
3324
|
refreshToken: this.config.refreshToken,
|
|
3269
3325
|
runtimeToken: this.config.runtimeToken,
|
|
3326
|
+
apiBaseUrl: this.config.apiUrl,
|
|
3270
3327
|
});
|
|
3271
3328
|
this.identity = new AgentIdentity(this.config.agentName, this.config.agentId, this.config.privateKey);
|
|
3272
3329
|
const loggerConfig = {
|
|
@@ -18350,4 +18407,4 @@ class A2AServer {
|
|
|
18350
18407
|
}
|
|
18351
18408
|
}
|
|
18352
18409
|
|
|
18353
|
-
export { A2AClient, A2AError, A2AServer, A2ATaskDelegator, SekuireAgent as Agent, AgentIdentity, AnthropicProvider, BaseMemoryStorage, Beacon, CONVEX_FUNCTIONS_TEMPLATE, CONVEX_SCHEMA_TEMPLATE, CloudflareD1Storage, CloudflareKVStorage, ComplianceError, ComplianceMonitor, ContentPolicyError, ConvexStorage, CryptoError, DEFAULT_API_URL, DynamoDBStorage, FileAccessError, GoogleProvider, InMemoryStorage, NetworkComplianceError, NetworkError, OllamaProvider, OpenAIProvider, PolicyClient, PolicyEnforcer, PolicyGateway, PolicyViolationError, PostgresStorage, ProtocolError, RedisStorage, RuntimeCredentialsStore, SQLiteStorage, SekuireAgent$1 as SekuireAgent, SekuireAgentBuilder, SekuireClient, SekuireCrypto, SekuireError, SekuireLogger, SekuireRegistryClient, SekuireSDK, SekuireServer, SekuireSpanExporter, TaskWorker, ToolPatternParser, ToolRegistry, ToolUsageError, TursoStorage, UpstashStorage, builtInTools, calculateSekuireId, createAgent, createBeacon, createDefaultToolRegistry, createDelegationTool, createDelegator, createDiscoveryTool, createLLMProvider, createMemoryStorage, createRegistryClient, createSekuireClient, createSekuireExpressMiddleware, createSekuireFastifyPlugin, createWorker, detectDeploymentUrl, generateKeyPair, getAgent, getAgentConfig, getAgents, getTools$1 as getLegacyTools, getStorageInfo, getSystemPrompt, getTools, getTracer, hasStorage, initTelemetry, listStorageTypes, llm, loadConfig, loadSystemPrompt, loadTools, registerStorage, shutdownTelemetry, tool, tools };
|
|
18410
|
+
export { A2AClient, A2AError, A2AServer, A2ATaskDelegator, SekuireAgent as Agent, AgentIdentity, AnthropicProvider, BaseMemoryStorage, Beacon, CONVEX_FUNCTIONS_TEMPLATE, CONVEX_SCHEMA_TEMPLATE, CloudflareD1Storage, CloudflareKVStorage, ComplianceError, ComplianceMonitor, ContentPolicyError, ConvexStorage, CryptoError, DEFAULT_API_URL, DynamoDBStorage, FileAccessError, GoogleProvider, InMemoryStorage, NetworkComplianceError, NetworkError, OllamaProvider, OpenAIProvider, PolicyClient, PolicyEnforcer, PolicyGateway, PolicyViolationError, PostgresStorage, ProtocolError, RedisStorage, RuntimeCredentialsStore, SQLiteStorage, SekuireAgent$1 as SekuireAgent, SekuireAgentBuilder, SekuireClient, SekuireCrypto, SekuireError, SekuireLogger, SekuireRegistryClient, SekuireSDK, SekuireServer, SekuireSpanExporter, TaskWorker, ToolPatternParser, ToolRegistry, ToolUsageError, TursoStorage, UpstashStorage, applyBootstrapResponse, builtInTools, calculateSekuireId, createAgent, createBeacon, createDefaultToolRegistry, createDelegationTool, createDelegator, createDiscoveryTool, createLLMProvider, createMemoryStorage, createRegistryClient, createSekuireClient, createSekuireExpressMiddleware, createSekuireFastifyPlugin, createWorker, detectDeploymentUrl, generateKeyPair, getAgent, getAgentConfig, getAgents, getTools$1 as getLegacyTools, getStorageInfo, getSystemPrompt, getTools, getTracer, hasStorage, initTelemetry, listStorageTypes, llm, loadConfig, loadSystemPrompt, loadTools, registerStorage, shutdownTelemetry, tool, tools };
|
package/dist/index.js
CHANGED
|
@@ -836,6 +836,121 @@ function detectDeploymentUrl() {
|
|
|
836
836
|
return undefined;
|
|
837
837
|
}
|
|
838
838
|
|
|
839
|
+
function applyBootstrapResponse(target, data) {
|
|
840
|
+
target.installationId = data.installation_id;
|
|
841
|
+
target.runtimeToken = data.runtime_token;
|
|
842
|
+
if (data.refresh_token) {
|
|
843
|
+
target.refreshToken = data.refresh_token;
|
|
844
|
+
}
|
|
845
|
+
target.credentialsStore?.update({
|
|
846
|
+
installationId: data.installation_id,
|
|
847
|
+
runtimeToken: data.runtime_token,
|
|
848
|
+
refreshToken: data.refresh_token,
|
|
849
|
+
expiresAt: data.expires_at,
|
|
850
|
+
});
|
|
851
|
+
}
|
|
852
|
+
class RuntimeCredentialsStore {
|
|
853
|
+
constructor(initial) {
|
|
854
|
+
this.inflightRefresh = null;
|
|
855
|
+
if (initial) {
|
|
856
|
+
this.update(initial);
|
|
857
|
+
}
|
|
858
|
+
if (initial?.apiBaseUrl) {
|
|
859
|
+
this.apiBaseUrl = initial.apiBaseUrl;
|
|
860
|
+
}
|
|
861
|
+
}
|
|
862
|
+
setApiBaseUrl(url) {
|
|
863
|
+
this.apiBaseUrl = url;
|
|
864
|
+
}
|
|
865
|
+
update(partial) {
|
|
866
|
+
if (partial.installationId) {
|
|
867
|
+
this.installationId = partial.installationId;
|
|
868
|
+
}
|
|
869
|
+
if (partial.runtimeToken) {
|
|
870
|
+
this.runtimeToken = partial.runtimeToken;
|
|
871
|
+
}
|
|
872
|
+
if (partial.refreshToken) {
|
|
873
|
+
this.refreshToken = partial.refreshToken;
|
|
874
|
+
}
|
|
875
|
+
if (partial.expiresAt !== undefined) {
|
|
876
|
+
this.expiresAt = partial.expiresAt;
|
|
877
|
+
}
|
|
878
|
+
}
|
|
879
|
+
setRuntimeToken(runtimeToken, expiresAt) {
|
|
880
|
+
this.runtimeToken = runtimeToken;
|
|
881
|
+
if (expiresAt !== undefined) {
|
|
882
|
+
this.expiresAt = expiresAt;
|
|
883
|
+
}
|
|
884
|
+
}
|
|
885
|
+
setInstallationId(installationId) {
|
|
886
|
+
this.installationId = installationId;
|
|
887
|
+
}
|
|
888
|
+
setRefreshToken(refreshToken) {
|
|
889
|
+
this.refreshToken = refreshToken;
|
|
890
|
+
}
|
|
891
|
+
getInstallationId() {
|
|
892
|
+
return this.installationId;
|
|
893
|
+
}
|
|
894
|
+
getRuntimeToken() {
|
|
895
|
+
return this.runtimeToken;
|
|
896
|
+
}
|
|
897
|
+
getRefreshToken() {
|
|
898
|
+
return this.refreshToken;
|
|
899
|
+
}
|
|
900
|
+
getExpiresAt() {
|
|
901
|
+
return this.expiresAt;
|
|
902
|
+
}
|
|
903
|
+
getAll() {
|
|
904
|
+
return {
|
|
905
|
+
installationId: this.installationId,
|
|
906
|
+
runtimeToken: this.runtimeToken,
|
|
907
|
+
refreshToken: this.refreshToken,
|
|
908
|
+
expiresAt: this.expiresAt,
|
|
909
|
+
};
|
|
910
|
+
}
|
|
911
|
+
hasRecoveryCredentials() {
|
|
912
|
+
return !!(this.installationId && this.refreshToken);
|
|
913
|
+
}
|
|
914
|
+
hasRuntimeToken() {
|
|
915
|
+
return !!this.runtimeToken;
|
|
916
|
+
}
|
|
917
|
+
async refreshRuntimeToken(caller) {
|
|
918
|
+
if (this.inflightRefresh) {
|
|
919
|
+
return this.inflightRefresh;
|
|
920
|
+
}
|
|
921
|
+
this.inflightRefresh = this.doRefresh(caller).finally(() => {
|
|
922
|
+
this.inflightRefresh = null;
|
|
923
|
+
});
|
|
924
|
+
return this.inflightRefresh;
|
|
925
|
+
}
|
|
926
|
+
async doRefresh(caller) {
|
|
927
|
+
const installationId = this.installationId;
|
|
928
|
+
const refreshToken = this.refreshToken;
|
|
929
|
+
const apiBaseUrl = this.apiBaseUrl;
|
|
930
|
+
if (!installationId || !refreshToken) {
|
|
931
|
+
throw new Error("Cannot refresh token - missing installation ID or refresh token");
|
|
932
|
+
}
|
|
933
|
+
if (!apiBaseUrl) {
|
|
934
|
+
throw new Error("Cannot refresh token - missing API base URL");
|
|
935
|
+
}
|
|
936
|
+
const response = await fetch(`${apiBaseUrl}/api/v1/installations/${installationId}/refresh`, {
|
|
937
|
+
method: "POST",
|
|
938
|
+
headers: { "Content-Type": "application/json" },
|
|
939
|
+
body: JSON.stringify({ refresh_token: refreshToken }),
|
|
940
|
+
});
|
|
941
|
+
if (!response.ok) {
|
|
942
|
+
const body = await response.text();
|
|
943
|
+
throw new Error(`Token refresh failed: ${response.status} - ${body}`);
|
|
944
|
+
}
|
|
945
|
+
const data = await response.json();
|
|
946
|
+
this.runtimeToken = data.runtime_token;
|
|
947
|
+
if (data.expires_at !== undefined) {
|
|
948
|
+
this.expiresAt = data.expires_at;
|
|
949
|
+
}
|
|
950
|
+
console.log(`[${caller || "CredentialsStore"}] Runtime token refreshed successfully`);
|
|
951
|
+
}
|
|
952
|
+
}
|
|
953
|
+
|
|
839
954
|
/**
|
|
840
955
|
* Sekuire Beacon - Deployment Registration & Heartbeat
|
|
841
956
|
*
|
|
@@ -879,6 +994,7 @@ class Beacon {
|
|
|
879
994
|
this.credentialsStore = config.credentialsStore;
|
|
880
995
|
this.policyGateway = config.policyGateway;
|
|
881
996
|
if (this.credentialsStore) {
|
|
997
|
+
this.credentialsStore.setApiBaseUrl(this.config.apiBaseUrl);
|
|
882
998
|
this.credentialsStore.update({
|
|
883
999
|
installationId: resolvedInstallationId,
|
|
884
1000
|
refreshToken: resolvedRefreshToken,
|
|
@@ -1066,6 +1182,16 @@ class Beacon {
|
|
|
1066
1182
|
}
|
|
1067
1183
|
// Refresh to get a new runtime token
|
|
1068
1184
|
try {
|
|
1185
|
+
if (this.credentialsStore) {
|
|
1186
|
+
this.credentialsStore.update({ installationId, refreshToken });
|
|
1187
|
+
await this.credentialsStore.refreshRuntimeToken("Beacon");
|
|
1188
|
+
this.installationId = installationId;
|
|
1189
|
+
this.runtimeToken = this.credentialsStore.getRuntimeToken() ?? null;
|
|
1190
|
+
this.refreshToken = refreshToken;
|
|
1191
|
+
this.expiresAt = this.credentialsStore.getExpiresAt() ?? null;
|
|
1192
|
+
console.log('[Beacon] Credentials recovered via refresh token');
|
|
1193
|
+
return true;
|
|
1194
|
+
}
|
|
1069
1195
|
const response = await fetch(`${this.config.apiBaseUrl}/api/v1/installations/${installationId}/refresh`, {
|
|
1070
1196
|
method: 'POST',
|
|
1071
1197
|
headers: {
|
|
@@ -1083,14 +1209,8 @@ class Beacon {
|
|
|
1083
1209
|
const data = await response.json();
|
|
1084
1210
|
this.installationId = installationId;
|
|
1085
1211
|
this.runtimeToken = data.runtime_token;
|
|
1086
|
-
this.refreshToken = refreshToken;
|
|
1212
|
+
this.refreshToken = refreshToken;
|
|
1087
1213
|
this.expiresAt = data.expires_at || null;
|
|
1088
|
-
this.credentialsStore?.update({
|
|
1089
|
-
installationId,
|
|
1090
|
-
runtimeToken: data.runtime_token,
|
|
1091
|
-
refreshToken,
|
|
1092
|
-
expiresAt: data.expires_at,
|
|
1093
|
-
});
|
|
1094
1214
|
console.log('[Beacon] Credentials recovered via refresh token');
|
|
1095
1215
|
return true;
|
|
1096
1216
|
}
|
|
@@ -1200,9 +1320,7 @@ class Beacon {
|
|
|
1200
1320
|
return false;
|
|
1201
1321
|
}
|
|
1202
1322
|
const data = await response.json();
|
|
1203
|
-
this
|
|
1204
|
-
this.runtimeToken = data.runtime_token;
|
|
1205
|
-
this.refreshToken = data.refresh_token;
|
|
1323
|
+
applyBootstrapResponse(this, data);
|
|
1206
1324
|
console.log(`[Beacon] Recovery bootstrap successful, installation ID: ${this.installationId}`);
|
|
1207
1325
|
return true;
|
|
1208
1326
|
}
|
|
@@ -1239,16 +1357,8 @@ class Beacon {
|
|
|
1239
1357
|
throw new Error(`Bootstrap failed: ${response.status} ${response.statusText} - ${body}`);
|
|
1240
1358
|
}
|
|
1241
1359
|
const data = await response.json();
|
|
1242
|
-
this
|
|
1243
|
-
this.runtimeToken = data.runtime_token;
|
|
1244
|
-
this.refreshToken = data.refresh_token;
|
|
1360
|
+
applyBootstrapResponse(this, data);
|
|
1245
1361
|
this.expiresAt = data.expires_at || null;
|
|
1246
|
-
this.credentialsStore?.update({
|
|
1247
|
-
installationId: data.installation_id,
|
|
1248
|
-
runtimeToken: data.runtime_token,
|
|
1249
|
-
refreshToken: data.refresh_token,
|
|
1250
|
-
expiresAt: data.expires_at,
|
|
1251
|
-
});
|
|
1252
1362
|
}
|
|
1253
1363
|
/**
|
|
1254
1364
|
* Send heartbeat (lease renewal) to Sekuire
|
|
@@ -1316,6 +1426,11 @@ class Beacon {
|
|
|
1316
1426
|
* Refresh the runtime token using the refresh token
|
|
1317
1427
|
*/
|
|
1318
1428
|
async refreshRuntimeToken() {
|
|
1429
|
+
if (this.credentialsStore) {
|
|
1430
|
+
await this.credentialsStore.refreshRuntimeToken("Beacon");
|
|
1431
|
+
this.runtimeToken = this.credentialsStore.getRuntimeToken() ?? null;
|
|
1432
|
+
return;
|
|
1433
|
+
}
|
|
1319
1434
|
const installationId = this.getInstallationId();
|
|
1320
1435
|
const refreshToken = this.getRefreshToken();
|
|
1321
1436
|
if (!installationId || !refreshToken) {
|
|
@@ -1336,7 +1451,6 @@ class Beacon {
|
|
|
1336
1451
|
}
|
|
1337
1452
|
const data = await response.json();
|
|
1338
1453
|
this.runtimeToken = data.runtime_token;
|
|
1339
|
-
this.credentialsStore?.setRuntimeToken(data.runtime_token, data.expires_at);
|
|
1340
1454
|
console.log('[Beacon] Runtime token refreshed successfully');
|
|
1341
1455
|
}
|
|
1342
1456
|
/**
|
|
@@ -2170,66 +2284,6 @@ class PolicyGateway {
|
|
|
2170
2284
|
}
|
|
2171
2285
|
}
|
|
2172
2286
|
|
|
2173
|
-
class RuntimeCredentialsStore {
|
|
2174
|
-
constructor(initial) {
|
|
2175
|
-
if (initial) {
|
|
2176
|
-
this.update(initial);
|
|
2177
|
-
}
|
|
2178
|
-
}
|
|
2179
|
-
update(partial) {
|
|
2180
|
-
if (partial.installationId) {
|
|
2181
|
-
this.installationId = partial.installationId;
|
|
2182
|
-
}
|
|
2183
|
-
if (partial.runtimeToken) {
|
|
2184
|
-
this.runtimeToken = partial.runtimeToken;
|
|
2185
|
-
}
|
|
2186
|
-
if (partial.refreshToken) {
|
|
2187
|
-
this.refreshToken = partial.refreshToken;
|
|
2188
|
-
}
|
|
2189
|
-
if (partial.expiresAt !== undefined) {
|
|
2190
|
-
this.expiresAt = partial.expiresAt;
|
|
2191
|
-
}
|
|
2192
|
-
}
|
|
2193
|
-
setRuntimeToken(runtimeToken, expiresAt) {
|
|
2194
|
-
this.runtimeToken = runtimeToken;
|
|
2195
|
-
if (expiresAt !== undefined) {
|
|
2196
|
-
this.expiresAt = expiresAt;
|
|
2197
|
-
}
|
|
2198
|
-
}
|
|
2199
|
-
setInstallationId(installationId) {
|
|
2200
|
-
this.installationId = installationId;
|
|
2201
|
-
}
|
|
2202
|
-
setRefreshToken(refreshToken) {
|
|
2203
|
-
this.refreshToken = refreshToken;
|
|
2204
|
-
}
|
|
2205
|
-
getInstallationId() {
|
|
2206
|
-
return this.installationId;
|
|
2207
|
-
}
|
|
2208
|
-
getRuntimeToken() {
|
|
2209
|
-
return this.runtimeToken;
|
|
2210
|
-
}
|
|
2211
|
-
getRefreshToken() {
|
|
2212
|
-
return this.refreshToken;
|
|
2213
|
-
}
|
|
2214
|
-
getExpiresAt() {
|
|
2215
|
-
return this.expiresAt;
|
|
2216
|
-
}
|
|
2217
|
-
getAll() {
|
|
2218
|
-
return {
|
|
2219
|
-
installationId: this.installationId,
|
|
2220
|
-
runtimeToken: this.runtimeToken,
|
|
2221
|
-
refreshToken: this.refreshToken,
|
|
2222
|
-
expiresAt: this.expiresAt,
|
|
2223
|
-
};
|
|
2224
|
-
}
|
|
2225
|
-
hasRecoveryCredentials() {
|
|
2226
|
-
return !!(this.installationId && this.refreshToken);
|
|
2227
|
-
}
|
|
2228
|
-
hasRuntimeToken() {
|
|
2229
|
-
return !!this.runtimeToken;
|
|
2230
|
-
}
|
|
2231
|
-
}
|
|
2232
|
-
|
|
2233
2287
|
function getDefaultExportFromCjs (x) {
|
|
2234
2288
|
return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
|
|
2235
2289
|
}
|
|
@@ -2782,6 +2836,7 @@ class TaskWorker {
|
|
|
2782
2836
|
this.installationId = resolvedInstallationId || null;
|
|
2783
2837
|
this.refreshToken = resolvedRefreshToken || null;
|
|
2784
2838
|
if (this.credentialsStore) {
|
|
2839
|
+
this.credentialsStore.setApiBaseUrl(this.config.apiBaseUrl);
|
|
2785
2840
|
this.credentialsStore.update({
|
|
2786
2841
|
installationId: resolvedInstallationId,
|
|
2787
2842
|
refreshToken: resolvedRefreshToken,
|
|
@@ -2854,6 +2909,17 @@ class TaskWorker {
|
|
|
2854
2909
|
return false;
|
|
2855
2910
|
}
|
|
2856
2911
|
try {
|
|
2912
|
+
if (this.credentialsStore) {
|
|
2913
|
+
this.credentialsStore.update({ installationId, refreshToken });
|
|
2914
|
+
await this.credentialsStore.refreshRuntimeToken("Worker");
|
|
2915
|
+
this.installationId = installationId;
|
|
2916
|
+
this.runtimeToken = this.credentialsStore.getRuntimeToken() ?? null;
|
|
2917
|
+
this.refreshToken = refreshToken;
|
|
2918
|
+
const expiresAt = this.credentialsStore.getExpiresAt();
|
|
2919
|
+
this.expiresAt = expiresAt ? new Date(expiresAt).getTime() : null;
|
|
2920
|
+
console.log(`[Worker] Credentials recovered for installation: ${installationId}`);
|
|
2921
|
+
return true;
|
|
2922
|
+
}
|
|
2857
2923
|
const response = await fetch(`${this.config.apiBaseUrl}/api/v1/installations/${installationId}/refresh`, {
|
|
2858
2924
|
method: "POST",
|
|
2859
2925
|
headers: {
|
|
@@ -2873,12 +2939,6 @@ class TaskWorker {
|
|
|
2873
2939
|
this.runtimeToken = data.runtime_token;
|
|
2874
2940
|
this.refreshToken = refreshToken;
|
|
2875
2941
|
this.expiresAt = data.expires_at ? new Date(data.expires_at).getTime() : null;
|
|
2876
|
-
this.credentialsStore?.update({
|
|
2877
|
-
installationId,
|
|
2878
|
-
runtimeToken: data.runtime_token,
|
|
2879
|
-
refreshToken,
|
|
2880
|
-
expiresAt: data.expires_at,
|
|
2881
|
-
});
|
|
2882
2942
|
console.log(`[Worker] Credentials recovered for installation: ${installationId}`);
|
|
2883
2943
|
return true;
|
|
2884
2944
|
}
|
|
@@ -3121,18 +3181,10 @@ class TaskWorker {
|
|
|
3121
3181
|
throw new Error(`Bootstrap failed: ${response.status} - ${errorText}`);
|
|
3122
3182
|
}
|
|
3123
3183
|
const data = await response.json();
|
|
3124
|
-
this
|
|
3125
|
-
this.runtimeToken = data.runtime_token;
|
|
3126
|
-
this.refreshToken = data.refresh_token;
|
|
3184
|
+
applyBootstrapResponse(this, data);
|
|
3127
3185
|
this.expiresAt = data.expires_at
|
|
3128
3186
|
? new Date(data.expires_at).getTime()
|
|
3129
3187
|
: null;
|
|
3130
|
-
this.credentialsStore?.update({
|
|
3131
|
-
installationId: data.installation_id,
|
|
3132
|
-
runtimeToken: data.runtime_token,
|
|
3133
|
-
refreshToken: data.refresh_token,
|
|
3134
|
-
expiresAt: data.expires_at,
|
|
3135
|
-
});
|
|
3136
3188
|
console.log(`[Worker] Bootstrapped installation: ${this.installationId}`);
|
|
3137
3189
|
}
|
|
3138
3190
|
catch (e) {
|
|
@@ -3205,6 +3257,11 @@ class TaskWorker {
|
|
|
3205
3257
|
* Refresh the runtime token using the refresh token
|
|
3206
3258
|
*/
|
|
3207
3259
|
async refreshRuntimeToken() {
|
|
3260
|
+
if (this.credentialsStore) {
|
|
3261
|
+
await this.credentialsStore.refreshRuntimeToken("Worker");
|
|
3262
|
+
this.runtimeToken = this.credentialsStore.getRuntimeToken() ?? null;
|
|
3263
|
+
return;
|
|
3264
|
+
}
|
|
3208
3265
|
const installationId = this.getInstallationId();
|
|
3209
3266
|
const refreshToken = this.getRefreshToken();
|
|
3210
3267
|
if (!installationId || !refreshToken) {
|
|
@@ -3225,7 +3282,6 @@ class TaskWorker {
|
|
|
3225
3282
|
}
|
|
3226
3283
|
const data = await response.json();
|
|
3227
3284
|
this.runtimeToken = data.runtime_token;
|
|
3228
|
-
this.credentialsStore?.setRuntimeToken(data.runtime_token, data.expires_at);
|
|
3229
3285
|
console.log("[Worker] Runtime token refreshed successfully");
|
|
3230
3286
|
}
|
|
3231
3287
|
getInstallationId() {
|
|
@@ -3291,6 +3347,7 @@ class SekuireSDK {
|
|
|
3291
3347
|
installationId: this.config.installationId,
|
|
3292
3348
|
refreshToken: this.config.refreshToken,
|
|
3293
3349
|
runtimeToken: this.config.runtimeToken,
|
|
3350
|
+
apiBaseUrl: this.config.apiUrl,
|
|
3294
3351
|
});
|
|
3295
3352
|
this.identity = new AgentIdentity(this.config.agentName, this.config.agentId, this.config.privateKey);
|
|
3296
3353
|
const loggerConfig = {
|
|
@@ -18426,6 +18483,7 @@ exports.ToolRegistry = ToolRegistry;
|
|
|
18426
18483
|
exports.ToolUsageError = ToolUsageError;
|
|
18427
18484
|
exports.TursoStorage = TursoStorage;
|
|
18428
18485
|
exports.UpstashStorage = UpstashStorage;
|
|
18486
|
+
exports.applyBootstrapResponse = applyBootstrapResponse;
|
|
18429
18487
|
exports.builtInTools = builtInTools;
|
|
18430
18488
|
exports.calculateSekuireId = calculateSekuireId;
|
|
18431
18489
|
exports.createAgent = createAgent;
|
|
@@ -4,12 +4,30 @@ export interface RuntimeCredentials {
|
|
|
4
4
|
refreshToken?: string;
|
|
5
5
|
expiresAt?: string;
|
|
6
6
|
}
|
|
7
|
+
export interface BootstrapResponseData {
|
|
8
|
+
installation_id: string;
|
|
9
|
+
runtime_token: string;
|
|
10
|
+
refresh_token?: string;
|
|
11
|
+
expires_at: string;
|
|
12
|
+
}
|
|
13
|
+
export interface BootstrapTarget {
|
|
14
|
+
installationId: string | null;
|
|
15
|
+
runtimeToken: string | null;
|
|
16
|
+
refreshToken: string | null;
|
|
17
|
+
credentialsStore?: RuntimeCredentialsStore | null;
|
|
18
|
+
}
|
|
19
|
+
export declare function applyBootstrapResponse(target: BootstrapTarget, data: BootstrapResponseData): void;
|
|
7
20
|
export declare class RuntimeCredentialsStore {
|
|
8
21
|
private installationId?;
|
|
9
22
|
private runtimeToken?;
|
|
10
23
|
private refreshToken?;
|
|
11
24
|
private expiresAt?;
|
|
12
|
-
|
|
25
|
+
private apiBaseUrl?;
|
|
26
|
+
private inflightRefresh;
|
|
27
|
+
constructor(initial?: RuntimeCredentials & {
|
|
28
|
+
apiBaseUrl?: string;
|
|
29
|
+
});
|
|
30
|
+
setApiBaseUrl(url: string): void;
|
|
13
31
|
update(partial: RuntimeCredentials): void;
|
|
14
32
|
setRuntimeToken(runtimeToken: string, expiresAt?: string): void;
|
|
15
33
|
setInstallationId(installationId: string): void;
|
|
@@ -21,4 +39,6 @@ export declare class RuntimeCredentialsStore {
|
|
|
21
39
|
getAll(): RuntimeCredentials;
|
|
22
40
|
hasRecoveryCredentials(): boolean;
|
|
23
41
|
hasRuntimeToken(): boolean;
|
|
42
|
+
refreshRuntimeToken(caller?: string): Promise<void>;
|
|
43
|
+
private doRefresh;
|
|
24
44
|
}
|