@slashfi/agents-sdk 0.11.1 → 0.12.0

package/src/agent-definitions/auth.ts

@@ -81,7 +81,7 @@ export interface AuthTenant {
 
 export interface AuthStore {
   /** Create a tenant. */
-  createTenant(name: string): Promise<{ tenantId: string }>;
+  createTenant(name: string, externalRef?: { issuer: string; tenantId: string }): Promise<{ tenantId: string }>;
 
   /** Get tenant by ID. */
   getTenant(tenantId: string): Promise<AuthTenant | null>;
@@ -220,7 +220,7 @@ export function createMemoryAuthStore(): AuthStore {
   const trustedIssuers = new Set<string>();
 
   return {
-    async createTenant(name) {
+    async createTenant(name, _externalRef) {
       const id = `tenant_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`;
       tenants.set(id, { id, name, createdAt: Date.now() });
       return { tenantId: id };
@@ -368,6 +368,7 @@ export interface CreateAuthAgentOptions {
 
   /** Custom auth store. Default: in-memory */
   store?: AuthStore;
+
 }
 
 // ============================================
@@ -406,12 +407,22 @@ export function createAuthAgent(
       type: "object" as const,
       properties: {
         name: { type: "string" as const, description: "Tenant name" },
+        externalRef: {
+          type: "object" as const,
+          description: "Link to a tenant on a remote system (for cross-registry trust)",
+          properties: {
+            issuer: { type: "string" as const, description: "Issuer URL of the remote system" },
+            tenantId: { type: "string" as const, description: "Tenant ID on the remote system" },
+          },
+          required: ["issuer", "tenantId"],
+        },
       },
       required: ["name"],
     },
-    execute: async (input: { name: string }) => {
-      const result = await store.createTenant(input.name);
-      return { tenantId: result.tenantId, name: input.name };
+    execute: async (input: { name: string; externalRef?: { issuer: string; tenantId: string } }) => {
+      const result = await store.createTenant(input.name, input.externalRef);
+      return { tenantId: result.tenantId, name: input.name, externalRef: input.externalRef };
+    
     },
   });
 
@@ -757,6 +768,46 @@ export function createAuthAgent(
     },
   });
 
+
+  const exchangeTokenTool = defineTool({
+    name: "exchange_token",
+    description:
+      "Exchange a foreign JWT for a local identity. Verifies the JWT via JWKS, " +
+      "resolves the tenant and user to local IDs. If the user is not yet linked, " +
+      "returns needsAuth=true with a connect URL for OAuth identity linking.",
+    visibility: "public" as const,
+    inputSchema: {
+      type: "object" as const,
+      properties: {
+        token: {
+          type: "string" as const,
+          description: "JWT signed by a trusted issuer",
+        },
+        connectBaseUrl: {
+          type: "string" as const,
+          description: "Base URL for the OAuth connect flow (returned in needsAuth response)",
+        },
+      },
+      required: ["token"],
+    },
+    execute: async (
+      _input: { token: string; connectBaseUrl?: string },
+    ) => {
+      // This tool is a stub — the actual implementation needs:
+      // 1. JWT verification (via verifyJwtFromIssuer)
+      // 2. Tenant resolution (via tenant_identity table)
+      // 3. User resolution (via user_identity table)
+      // These depend on the store having identity lookup methods.
+      //
+      // For now, return the structure so the flow can be wired.
+      // The atlas-environments CockroachDB implementation overrides this.
+      return {
+        error: "exchange_token requires a store with identity resolution support",
+        hint: "Override this tool in your environment implementation",
+      };
+    },
+  });
+
   const tools = [
     createTenantTool,
     tokenTool,
@@ -769,6 +820,7 @@ export function createAuthAgent(
     rotateKeysTool,
     trustIssuerTool,
     apiKeyTool,
+    exchangeTokenTool,
   ];
 
   const agent = defineAgent({

package/src/agent-definitions/integrations.ts

@@ -489,21 +489,13 @@ export interface IntegrationsAgentOptions {
   store: IntegrationStore;
 
   /**
-   * Callback to list all registered agents.
-   * Used by list_integrations to discover agents with integrationMethods.
-   * Typically wired to registry.list().
-   */
-  getAgents?: () => AgentDefinition[];
 
   /** Registry instance for calling other agents' internal tools */
   registry?: {
+    list?(): AgentDefinition[];
     call(request: any): Promise<any>;
   };
 
-  /** Integrations store for tracking installed integrations */
-  integrationsStore?: {
-    create(input: { agentPath: string; config: Record<string, unknown>; installedBy?: string; tenantId?: string }): Promise<any>;
-  };
 
   /** Secret store for storing/resolving client credentials and tokens */
   secretStore: {
@@ -535,7 +527,7 @@ const SYSTEM_OWNER = "__integrations__";
 export function createIntegrationsAgent(
   options: IntegrationsAgentOptions,
 ): AgentDefinition {
-  const { store, callbackBaseUrl, secretStore, getAgents, integrationsStore } = options;
+  const { store, callbackBaseUrl, secretStore } = options;
 
   // ---- setup_integration ----
   const setupTool = defineTool({
@@ -681,15 +673,20 @@ export function createIntegrationsAgent(
 
       await store.upsertProvider(config);
 
-      // Also track in integrations table
-      if (integrationsStore) {
+      // Delegate to agent's setup_integration tool via registry.call()
+      if (config.agentPath && options.registry) {
         try {
-          await integrationsStore.create({
-            agentPath: config.agentPath ?? `@${config.id}`,
-            config: { providerId: config.id, ...input },
-            installedBy: _ctx.callerId,
+          const setupResult = await options.registry.call({
+            action: 'execute_tool',
+            path: config.agentPath,
+            tool: 'setup_integration',
+            params: input.config ?? input,
+            callerType: 'system',
           });
-        } catch {}
+          result.setupResult = (setupResult as any)?.result ?? setupResult;
+        } catch (err) {
+          result.setupError = err instanceof Error ? err.message : String(err);
+        }
       }
 
       result.provider = config;
@@ -736,8 +733,8 @@ export function createIntegrationsAgent(
       }> = [];
 
       // 1. Agent-backed integrations
-      if (getAgents) {
-        for (const agent of getAgents()) {
+      if (options.registry) {
+        for (const agent of (options.registry.list?.() ?? [])) {
           if (agent.config?.integration) {
             const ic = agent.config.integration;
             catalog.push({
@@ -831,11 +828,12 @@ export function createIntegrationsAgent(
         });
       }
 
-      // 2. Agent-backed integrations (agents with config.integration + integrationMethods)
-      if (getAgents) {
-        const agents = getAgents();
+      // 2. Agent-backed integrations (agents with config.integration + list_integrations tool)
+      if (options.registry) {
+        const agents = options.registry.list?.() ?? [];
         for (const agent of agents) {
-          if (agent.integrationMethods?.list && agent.config?.integration) {
+          const hasListTool = agent.tools?.some((t: any) => t.name === 'list_integrations');
+          if (hasListTool && agent.config?.integration) {
             const meta = {
               provider: agent.config.integration.provider,
               agentPath: agent.path,
@@ -845,7 +843,8 @@ export function createIntegrationsAgent(
               description: agent.config.integration.description,
             };
             try {
-              const result = await agent.integrationMethods.list({}, { ...ctx, provider: agent.config.integration.provider });
+              const callResult = options.registry ? await options.registry.call({ action: 'execute_tool', path: agent.path!, tool: 'list_integrations', params: {}, callerType: 'system' }) : null;
+              const result = (callResult as any)?.result ?? callResult ?? { success: false };
               if (result.success && result.data) {
                 // Flatten: if data has an array field, each item becomes an integration
                 const items = Array.isArray(result.data)
@@ -929,6 +928,19 @@ export function createIntegrationsAgent(
     ) => {
       const config = await store.getProvider(input.provider);
       if (!config) return { error: `Provider '${input.provider}' not found` };
+
+      // Delegate to agent's connect_integration tool via registry.call()
+      if (config.agentPath && options.registry) {
+        const connectResult = await options.registry.call({
+          action: 'execute_tool',
+          path: config.agentPath,
+          tool: 'connect_integration',
+          params: { ...input, registryId: config.id },
+          callerType: 'system',
+        });
+        return (connectResult as any)?.result ?? connectResult;
+      }
+
       if (!config.auth)
         return { error: `Provider '${input.provider}' has no OAuth config` };
       if (!callbackBaseUrl)
@@ -1158,6 +1170,19 @@ export function createIntegrationsAgent(
     ) => {
       const config = await store.getProvider(input.provider);
       if (!config) return { error: `Provider '${input.provider}' not found` };
+
+      // Delegate to agent's connect_integration tool via registry.call()
+      if (config.agentPath && options.registry) {
+        const connectResult = await options.registry.call({
+          action: 'execute_tool',
+          path: config.agentPath,
+          tool: 'connect_integration',
+          params: { ...input, registryId: config.id },
+          callerType: 'system',
+        });
+        return (connectResult as any)?.result ?? connectResult;
+      }
+
       if (!config.auth)
         return { error: `Provider '${input.provider}' has no OAuth config` };
       if (!callbackBaseUrl) return { error: "No callbackBaseUrl configured" };
@@ -1347,7 +1372,7 @@ export function createIntegrationsAgent(
     visibility: "public" as const,
     inputSchema: { type: "object" as const, properties: {} },
     execute: async () => {
-      const agents = getAgents?.() ?? [];
+      const agents = options.registry?.list?.() ?? [];
       const results: any[] = [];
       if (options.registry) {
         for (const agent of agents) {
@@ -1385,7 +1410,7 @@ export function createIntegrationsAgent(
       },
     },
     execute: async (input: { agent_path?: string }) => {
-      const agents = getAgents?.() ?? [];
+      const agents = options.registry?.list?.() ?? [];
       const results: any[] = [];
       if (options.registry) {
         const targetAgents = input.agent_path