npm - @slashfi/agents-sdk - Versions diffs - 0.16.0 → 0.18.0 - Mend

@slashfi/agents-sdk 0.16.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (96) hide show

package/dist/agent-definitions/auth.d.ts.map +1 -1
package/dist/agent-definitions/auth.js +44 -11
package/dist/agent-definitions/auth.js.map +1 -1
package/dist/agent-definitions/integrations.d.ts.map +1 -1
package/dist/agent-definitions/integrations.js +106 -45
package/dist/agent-definitions/integrations.js.map +1 -1
package/dist/agent-definitions/remote-registry.d.ts.map +1 -1
package/dist/agent-definitions/remote-registry.js +174 -45
package/dist/agent-definitions/remote-registry.js.map +1 -1
package/dist/agent-definitions/secrets.d.ts.map +1 -1
package/dist/agent-definitions/secrets.js +1 -4
package/dist/agent-definitions/secrets.js.map +1 -1
package/dist/agent-definitions/users.d.ts.map +1 -1
package/dist/agent-definitions/users.js +14 -3
package/dist/agent-definitions/users.js.map +1 -1
package/dist/define-config.d.ts +125 -0
package/dist/define-config.d.ts.map +1 -0
package/dist/define-config.js +75 -0
package/dist/define-config.js.map +1 -0
package/dist/define.d.ts +11 -2
package/dist/define.d.ts.map +1 -1
package/dist/define.js +57 -26
package/dist/define.js.map +1 -1
package/dist/events.d.ts +133 -0
package/dist/events.d.ts.map +1 -0
package/dist/events.js +57 -0
package/dist/events.js.map +1 -0
package/dist/index.d.ts +16 -8
package/dist/index.d.ts.map +1 -1
package/dist/index.js +21 -3
package/dist/index.js.map +1 -1
package/dist/integration-interface.d.ts +3 -3
package/dist/integration-interface.d.ts.map +1 -1
package/dist/integration-interface.js +29 -21
package/dist/integration-interface.js.map +1 -1
package/dist/integrations-store.d.ts +2 -2
package/dist/integrations-store.d.ts.map +1 -1
package/dist/integrations-store.js +3 -3
package/dist/integrations-store.js.map +1 -1
package/dist/jwt.d.ts.map +1 -1
package/dist/jwt.js +7 -5
package/dist/jwt.js.map +1 -1
package/dist/key-manager.d.ts.map +1 -1
package/dist/key-manager.js +5 -3
package/dist/key-manager.js.map +1 -1
package/dist/oidc-signin.d.ts +32 -0
package/dist/oidc-signin.d.ts.map +1 -0
package/dist/oidc-signin.js +138 -0
package/dist/oidc-signin.js.map +1 -0
package/dist/registry-consumer.d.ts +104 -0
package/dist/registry-consumer.d.ts.map +1 -0
package/dist/registry-consumer.js +230 -0
package/dist/registry-consumer.js.map +1 -0
package/dist/registry.d.ts +5 -0
package/dist/registry.d.ts.map +1 -1
package/dist/registry.js +76 -4
package/dist/registry.js.map +1 -1
package/dist/secret-collection.d.ts.map +1 -1
package/dist/secret-collection.js.map +1 -1
package/dist/server.d.ts +3 -0
package/dist/server.d.ts.map +1 -1
package/dist/server.js +222 -27
package/dist/server.js.map +1 -1
package/dist/test-utils/mock-oidc-server.d.ts +36 -0
package/dist/test-utils/mock-oidc-server.d.ts.map +1 -0
package/dist/test-utils/mock-oidc-server.js +96 -0
package/dist/test-utils/mock-oidc-server.js.map +1 -0
package/dist/types.d.ts +106 -0
package/dist/types.d.ts.map +1 -1
package/package.json +6 -1
package/src/agent-definitions/auth.ts +106 -38
package/src/agent-definitions/integrations.ts +201 -73
package/src/agent-definitions/remote-registry.ts +262 -65
package/src/agent-definitions/secrets.ts +22 -8
package/src/agent-definitions/users.ts +16 -4
package/src/cli.ts +293 -0
package/src/codegen.test.ts +527 -0
package/src/codegen.ts +1348 -0
package/src/consumer.test.ts +536 -0
package/src/define-config.ts +205 -0
package/src/define.ts +134 -46
package/src/events.ts +237 -0
package/src/index.ts +107 -8
package/src/integration-interface.ts +52 -28
package/src/integrations-store.ts +9 -5
package/src/jwt.ts +48 -19
package/src/key-manager.test.ts +22 -13
package/src/key-manager.ts +8 -10
package/src/oidc-signin.ts +223 -0
package/src/registry-consumer.ts +413 -0
package/src/registry.ts +115 -9
package/src/secret-collection.ts +2 -1
package/src/server.test.ts +304 -238
package/src/server.ts +371 -69
package/src/test-utils/mock-oidc-server.ts +123 -0
package/src/types.ts +172 -18

package/src/agent-definitions/remote-registry.ts CHANGED Viewed

@@ -60,8 +60,16 @@ export function createRemoteRegistryAgent(
   // --- Connection storage (KV via SecretStore) ---
-  async function storeConnection(ownerId: string, conn: RegistryConnection): Promise<void> {
-    console.error("[remote-registry] storeConnection for owner:", ownerId, "conn:", conn.id);
+  async function storeConnection(
+    ownerId: string,
+    conn: RegistryConnection,
+  ): Promise<void> {
+    console.error(
+      "[remote-registry] storeConnection for owner:",
+      ownerId,
+      "conn:",
+      conn.id,
+    );
     const all = await loadAllConnections(ownerId);
     all[conn.id] = conn;
     const value = JSON.stringify(all);
@@ -72,29 +80,49 @@ export function createRemoteRegistryAgent(
     }
   }
-  async function loadAllConnections(ownerId: string): Promise<Record<string, RegistryConnection>> {
+  async function loadAllConnections(
+    ownerId: string,
+  ): Promise<Record<string, RegistryConnection>> {
     console.error("[remote-registry] loadAllConnections for owner:", ownerId);
     if (secretStore.resolveByEntity) {
       const scope = { tenantId: ownerId };
-      const secretIds = await secretStore.resolveByEntity(ENTITY_TYPE, ownerId, scope);
+      const secretIds = await secretStore.resolveByEntity(
+        ENTITY_TYPE,
+        ownerId,
+        scope,
+      );
       if (secretIds?.length) {
-        const raw = await secretStore.resolve(secretIds[secretIds.length - 1], ownerId);
+        const raw = await secretStore.resolve(
+          secretIds[secretIds.length - 1],
+          ownerId,
+        );
         if (raw) {
-          try { return JSON.parse(raw); } catch { return {}; }
+          try {
+            return JSON.parse(raw);
+          } catch {
+            return {};
+          }
         }
       }
     }
     return {};
   }
-  async function loadConnection(ownerId: string, registryId: string): Promise<RegistryConnection | null> {
+  async function loadConnection(
+    ownerId: string,
+    registryId: string,
+  ): Promise<RegistryConnection | null> {
     const all = await loadAllConnections(ownerId);
     return all[registryId] ?? null;
   }
   // --- MCP call helper ---
-  async function mcpCall(url: string, jwt: string, request: Record<string, unknown>): Promise<any> {
+  async function mcpCall(
+    url: string,
+    jwt: string,
+    request: Record<string, unknown>,
+  ): Promise<any> {
     const res = await globalThis.fetch(url, {
       method: "POST",
       headers: {
@@ -108,13 +136,18 @@ export function createRemoteRegistryAgent(
         params: { name: "call_agent", arguments: { request } },
       }),
     });
-    const rpc = await res.json() as any;
+    const rpc = (await res.json()) as any;
     const text = rpc.result?.content?.[0]?.text;
     if (!text) return rpc.result;
     const parsed = JSON.parse(text);
     // Unwrap the remote call_agent envelope: { success, result } → just result
     // The caller (proxyCall) will re-wrap with its own { success, result }
-    if (parsed && typeof parsed === "object" && "success" in parsed && "result" in parsed) {
+    if (
+      parsed &&
+      typeof parsed === "object" &&
+      "success" in parsed &&
+      "result" in parsed
+    ) {
       if (!parsed.success) {
         throw new Error(parsed.error ?? "Remote call failed");
       }
@@ -128,13 +161,24 @@ export function createRemoteRegistryAgent(
   async function proxyCall(
     ownerId: string,
     registryId: string,
-    request: { action: string; path: string; tool: string; params?: Record<string, unknown> },
+    request: {
+      action: string;
+      path: string;
+      tool: string;
+      params?: Record<string, unknown>;
+    },
   ): Promise<any> {
     const conn = await loadConnection(ownerId, registryId);
     if (!conn) {
-      throw new Error(`No connection '${registryId}'. Use setup_integration first.`);
+      throw new Error(
+        `No connection '${registryId}'. Use setup_integration first.`,
+      );
     }
-    const jwt = await signJwt({ tenantId: conn.remoteTenantId, action: "proxy", type: "agent-registry" });
+    const jwt = await signJwt({
+      tenantId: conn.remoteTenantId,
+      action: "proxy",
+      type: "agent-registry",
+    });
     // mcpCall already unwraps the remote call_agent envelope,
     // so this returns the remote tool's result directly.
     // registry.call() will wrap it in { success: true, result } for us.
@@ -170,7 +214,8 @@ export function createRemoteRegistryAgent(
   const addConnectionTool = defineTool({
     name: "add_connection",
-    description: "Directly store a connection to a remote registry (no OAuth exchange). Used for reverse registration.",
+    description:
+      "Directly store a connection to a remote registry (no OAuth exchange). Used for reverse registration.",
     visibility: "public" as const,
     inputSchema: {
       type: "object" as const,
@@ -178,7 +223,10 @@ export function createRemoteRegistryAgent(
         id: { type: "string", description: "Connection ID" },
         name: { type: "string", description: "Display name" },
         url: { type: "string", description: "Remote registry URL" },
-        remoteTenantId: { type: "string", description: "Tenant ID on the remote side" },
+        remoteTenantId: {
+          type: "string",
+          description: "Tenant ID on the remote side",
+        },
       },
       required: ["id", "url"],
     },
@@ -203,7 +251,7 @@ export function createRemoteRegistryAgent(
     execute: async (_input: any, _ctx: ToolContext) => {
       const all = await loadAllConnections("system");
       return {
-        connections: Object.values(all).map(c => ({
+        connections: Object.values(all).map((c) => ({
           id: c.id,
           name: c.name,
           url: c.url,
@@ -213,10 +261,15 @@ export function createRemoteRegistryAgent(
     },
   });
   // Extract setup/connect as standalone functions to avoid circular reference
-  const setupFn = async (params: Record<string, unknown>, _ctx: IntegrationMethodContext): Promise<IntegrationMethodResult> => {
-    console.log("[remote-registry] setupFn called with:", JSON.stringify(params));
+  const setupFn = async (
+    params: Record<string, unknown>,
+    _ctx: IntegrationMethodContext,
+  ): Promise<IntegrationMethodResult> => {
+    console.log(
+      "[remote-registry] setupFn called with:",
+      JSON.stringify(params),
+    );
     const url = params.url as string;
     const name = (params.name as string) ?? "registry";
     const oidcUserId = params.oidcUserId as string | undefined;
@@ -226,68 +279,143 @@ export function createRemoteRegistryAgent(
       // Phase 2: Complete setup after OIDC — store connection with resolved tenant
       if (oidcUserId) {
-        const jwt = await signJwt({ sub: oidcUserId, action: "setup", type: "agent-registry" });
-        const tokenRes = await globalThis.fetch(baseUrl + "/oauth/token", {
-          method: "POST", headers: { "Content-Type": "application/json" },
-          body: JSON.stringify({ grant_type: "jwt_exchange", assertion: jwt, scope: "setup", redirect_uri: params.redirect_uri ?? "" }),
+        const jwt = await signJwt({
+          sub: oidcUserId,
+          action: "setup",
+          type: "agent-registry",
+        });
+        const tokenRes = await globalThis.fetch(`${baseUrl}/oauth/token`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({
+            grant_type: "jwt_exchange",
+            assertion: jwt,
+            scope: "setup",
+            redirect_uri: params.redirect_uri ?? "",
+          }),
         });
-        const tokenData = await tokenRes.json() as any;
+        const tokenData = (await tokenRes.json()) as any;
         if (!tokenData.access_token && !tokenData.tenant_id) {
-          return { success: false, error: tokenData.error_description ?? tokenData.error ?? "Setup completion failed" };
+          return {
+            success: false,
+            error:
+              tokenData.error_description ??
+              tokenData.error ??
+              "Setup completion failed",
+          };
         }
         const remoteTenantId = tokenData.tenant_id ?? name;
         const ownerId = "system";
-        await storeConnection(ownerId, { id: name, name, url: baseUrl, remoteTenantId, createdAt: Date.now() });
-        return { success: true, data: { registryId: name, url, remoteTenantId } };
+        await storeConnection(ownerId, {
+          id: name,
+          name,
+          url: baseUrl,
+          remoteTenantId,
+          createdAt: Date.now(),
+        });
+        return {
+          success: true,
+          data: { registryId: name, url, remoteTenantId },
+        };
       }
       // Phase 1: Discover JWKS, establish trust, then request OIDC
-      const configUrl = baseUrl + "/.well-known/configuration";
+      const configUrl = `${baseUrl}/.well-known/configuration`;
       console.log("[setupFn] fetching config:", configUrl);
       const configRes = await globalThis.fetch(configUrl);
       console.log("[setupFn] config status:", configRes.status);
-      if (!configRes.ok) return { success: false, error: "Failed to discover registry at " + configUrl };
-      const remoteConfig = await configRes.json() as any;
+      if (!configRes.ok)
+        return {
+          success: false,
+          error: `Failed to discover registry at ${configUrl}`,
+        };
+      const remoteConfig = (await configRes.json()) as any;
       if (remoteConfig.jwks_uri) {
         console.log("[setupFn] fetching JWKS:", remoteConfig.jwks_uri);
         const jwksRes = await globalThis.fetch(remoteConfig.jwks_uri);
         console.log("[setupFn] JWKS status:", jwksRes.status);
         if (!jwksRes.ok) return { success: false, error: "JWKS not reachable" };
       }
-      if (addTrustedIssuer) { console.log("[setupFn] adding trusted issuer:", baseUrl); await addTrustedIssuer(baseUrl); console.log("[setupFn] added trusted issuer"); }
+      if (addTrustedIssuer) {
+        console.log("[setupFn] adding trusted issuer:", baseUrl);
+        await addTrustedIssuer(baseUrl);
+        console.log("[setupFn] added trusted issuer");
+      }
       // Request identity — atlas will return authorize URL for Slack OIDC
       console.log("[setupFn] Phase 1: requesting identity via jwt_exchange");
-      const jwt = await signJwt({ action: "setup", type: "agent-registry", targetUrl: url });
-      console.log("[setupFn] POSTing to:", baseUrl + "/oauth/token");
-      const tokenRes = await globalThis.fetch(baseUrl + "/oauth/token", {
-        method: "POST", headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ grant_type: "jwt_exchange", assertion: jwt, scope: "setup", redirect_uri: params.redirect_uri ?? "" }),
+      const jwt = await signJwt({
+        action: "setup",
+        type: "agent-registry",
+        targetUrl: url,
+      });
+      console.log("[setupFn] POSTing to:", `${baseUrl}/oauth/token`);
+      const tokenRes = await globalThis.fetch(`${baseUrl}/oauth/token`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          grant_type: "jwt_exchange",
+          assertion: jwt,
+          scope: "setup",
+          redirect_uri: params.redirect_uri ?? "",
+        }),
       });
       console.log("[setupFn] token status:", tokenRes.status);
-      const tokenData = await tokenRes.json() as any;
-      console.log("[setupFn] tokenData:", JSON.stringify(tokenData).substring(0, 300));
+      const tokenData = (await tokenRes.json()) as any;
+      console.log(
+        "[setupFn] tokenData:",
+        JSON.stringify(tokenData).substring(0, 300),
+      );
       // If already set up (user linked), store connection directly
       if (tokenData.access_token) {
         const remoteTenantId = tokenData.tenant_id ?? name;
         const ownerId = "system";
-        await storeConnection(ownerId, { id: name, name, url: baseUrl, remoteTenantId, createdAt: Date.now() });
-        return { success: true, data: { registryId: name, url, remoteTenantId } };
+        await storeConnection(ownerId, {
+          id: name,
+          name,
+          url: baseUrl,
+          remoteTenantId,
+          createdAt: Date.now(),
+        });
+        return {
+          success: true,
+          data: { registryId: name, url, remoteTenantId },
+        };
       }
       // Need OIDC — return authorize URL to caller
       if (tokenData.error === "identity_required") {
-        return { success: false, error: "identity_required", data: { authorizeUrl: tokenData.authorize_url, registryId: name, url } };
+        return {
+          success: false,
+          error: "identity_required",
+          data: {
+            authorizeUrl: tokenData.authorize_url,
+            registryId: name,
+            url,
+          },
+        };
       }
-      return { success: false, error: tokenData.error_description ?? tokenData.error ?? "Unexpected response from token endpoint" };
+      return {
+        success: false,
+        error:
+          tokenData.error_description ??
+          tokenData.error ??
+          "Unexpected response from token endpoint",
+      };
     } catch (err) {
-      return { success: false, error: err instanceof Error ? err.message : String(err) };
+      return {
+        success: false,
+        error: err instanceof Error ? err.message : String(err),
+      };
     }
   };
-  const connectFn = async (params: Record<string, unknown>, ctx: IntegrationMethodContext): Promise<IntegrationMethodResult> => {
+  const connectFn = async (
+    params: Record<string, unknown>,
+    ctx: IntegrationMethodContext,
+  ): Promise<IntegrationMethodResult> => {
     const registryId = params.registryId as string;
     const redirectUri = (params.redirectUri as string) ?? "";
     const oidcUserId = params.oidcUserId as string | undefined;
@@ -295,20 +423,58 @@ export function createRemoteRegistryAgent(
     try {
       const ownerId = "system"; // tenant-scoped
       const conn = await loadConnection(ownerId, registryId);
-      if (!conn) return { success: false, error: "No connection '" + registryId + "'" };
+      if (!conn)
+        return { success: false, error: `No connection '${registryId}'` };
       // Use OIDC-issued identity if available, never send "anonymous" as sub
-      const sub = oidcUserId ?? (ctx.callerId !== "anonymous" ? ctx.callerId : undefined);
-      const jwt = await signJwt({ ...(sub ? { sub } : {}), tenantId: conn.remoteTenantId, action: "connect", type: "agent-registry" });
-      const tokenRes = await globalThis.fetch(conn.url + "/oauth/token", {
-        method: "POST", headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ grant_type: "jwt_exchange", assertion: jwt, redirect_uri: redirectUri }),
+      const sub =
+        oidcUserId ?? (ctx.callerId !== "anonymous" ? ctx.callerId : undefined);
+      const jwt = await signJwt({
+        ...(sub ? { sub } : {}),
+        tenantId: conn.remoteTenantId,
+        action: "connect",
+        type: "agent-registry",
+      });
+      const tokenRes = await globalThis.fetch(`${conn.url}/oauth/token`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          grant_type: "jwt_exchange",
+          assertion: jwt,
+          redirect_uri: redirectUri,
+        }),
       });
-      const tokenData = await tokenRes.json() as any;
-      if (tokenData.access_token) return { success: true, data: { registryId, accessToken: tokenData.access_token, userId: tokenData.user_id, tenantId: tokenData.tenant_id } };
-      if (tokenData.error === "identity_required") return { success: false, error: "identity_required", data: { authorizeUrl: tokenData.authorize_url, tenantId: tokenData.tenant_id } };
-      return { success: false, error: tokenData.error_description ?? tokenData.error ?? "Token exchange failed" };
+      const tokenData = (await tokenRes.json()) as any;
+      if (tokenData.access_token)
+        return {
+          success: true,
+          data: {
+            registryId,
+            accessToken: tokenData.access_token,
+            userId: tokenData.user_id,
+            tenantId: tokenData.tenant_id,
+          },
+        };
+      if (tokenData.error === "identity_required")
+        return {
+          success: false,
+          error: "identity_required",
+          data: {
+            authorizeUrl: tokenData.authorize_url,
+            tenantId: tokenData.tenant_id,
+          },
+        };
+      return {
+        success: false,
+        error:
+          tokenData.error_description ??
+          tokenData.error ??
+          "Token exchange failed",
+      };
     } catch (err) {
-      return { success: false, error: err instanceof Error ? err.message : String(err) };
+      return {
+        success: false,
+        error: err instanceof Error ? err.message : String(err),
+      };
     }
   };
@@ -320,7 +486,8 @@ export function createRemoteRegistryAgent(
       "and proxy_call to make authenticated calls.",
     config: {
       name: "Remote Registry",
-      description: "Connect to remote agent registries via JWKS trust + jwt_exchange",
+      description:
+        "Connect to remote agent registries via JWKS trust + jwt_exchange",
       supportedActions: ["execute_tool", "describe_tools", "load"],
     },
     visibility: "public",
@@ -329,32 +496,62 @@ export function createRemoteRegistryAgent(
       displayName: "Agent Registry",
       icon: "server",
       category: "infrastructure",
-      description: "Connect to a remote agent registry via JWKS trust exchange.",
+      description:
+        "Connect to a remote agent registry via JWKS trust exchange.",
       setup: (params, ctx) => setupFn(params, ctx as any),
       connect: (params, ctx) => connectFn(params, ctx as any),
       async discover(params) {
         const url = (params.url as string) ?? "";
         try {
-          const res = await globalThis.fetch(url.replace(/\/$/, "") + "/.well-known/configuration");
-          if (!res.ok) return { success: false, error: "No configuration endpoint at " + url };
-          const config = await res.json() as any;
-          return { success: true, data: { url, issuer: config.issuer, grantTypes: config.supported_grant_types, jwksUri: config.jwks_uri } };
-        } catch (err) { return { success: false, error: err instanceof Error ? err.message : String(err) }; }
+          const res = await globalThis.fetch(
+            `${url.replace(/\/$/, "")}/.well-known/configuration`,
+          );
+          if (!res.ok)
+            return {
+              success: false,
+              error: `No configuration endpoint at ${url}`,
+            };
+          const config = (await res.json()) as any;
+          return {
+            success: true,
+            data: {
+              url,
+              issuer: config.issuer,
+              grantTypes: config.supported_grant_types,
+              jwksUri: config.jwks_uri,
+            },
+          };
+        } catch (err) {
+          return {
+            success: false,
+            error: err instanceof Error ? err.message : String(err),
+          };
+        }
       },
       async list() {
         const all = await loadAllConnections("system");
-        return { success: true, data: { connections: Object.values(all).map(c => ({ id: c.id, name: c.name, url: c.url, remoteTenantId: c.remoteTenantId })) } };
+        return {
+          success: true,
+          data: {
+            connections: Object.values(all).map((c) => ({
+              id: c.id,
+              name: c.name,
+              url: c.url,
+              remoteTenantId: c.remoteTenantId,
+            })),
+          },
+        };
       },
       async get(params) {
         const id = (params.registryId as string) ?? "";
         const conn = await loadConnection("system", id);
-        if (!conn) return { success: false, error: "No connection '" + id + "'" };
+        if (!conn) return { success: false, error: `No connection '${id}'` };
         return { success: true, data: conn };
       },
       async update(params) {
         const id = (params.registryId as string) ?? "";
         const conn = await loadConnection("system", id);
-        if (!conn) return { success: false, error: "No connection '" + id + "'" };
+        if (!conn) return { success: false, error: `No connection '${id}'` };
         if (params.name) conn.name = params.name as string;
         if (params.url) conn.url = params.url as string;
         await storeConnection("system", conn);

package/src/agent-definitions/secrets.ts CHANGED Viewed

@@ -34,7 +34,11 @@ export interface SecretStore {
   store(value: string, ownerId: string, scope?: SecretScope): Promise<string>;
   /** Resolve a secret ID to its decrypted value. */
-  resolve(id: string, ownerId: string, scope?: SecretScope): Promise<string | null>;
+  resolve(
+    id: string,
+    ownerId: string,
+    scope?: SecretScope,
+  ): Promise<string | null>;
   /** Delete a secret. */
   delete(id: string, ownerId: string, scope?: SecretScope): Promise<boolean>;
@@ -43,19 +47,32 @@ export interface SecretStore {
    * Store multiple secrets in a single operation.
    * Returns an array of secret IDs in the same order as the input values.
    */
-  storeBatch?(values: string[], ownerId: string, scope?: SecretScope): Promise<string[]>;
+  storeBatch?(
+    values: string[],
+    ownerId: string,
+    scope?: SecretScope,
+  ): Promise<string[]>;
   /**
    * Associate a secret with an entity (e.g., a provider config, a connection).
    * Enables lookup of secrets by entity rather than by ID.
    */
-  associate?(secretId: string, entityType: string, entityId: string, scope?: SecretScope): Promise<void>;
+  associate?(
+    secretId: string,
+    entityType: string,
+    entityId: string,
+    scope?: SecretScope,
+  ): Promise<void>;
   /**
    * Resolve secrets associated with an entity.
    * Returns all secret IDs linked to the given entity.
    */
-  resolveByEntity?(entityType: string, entityId: string, scope?: SecretScope): Promise<string[]>;
+  resolveByEntity?(
+    entityType: string,
+    entityId: string,
+    scope?: SecretScope,
+  ): Promise<string[]>;
 }
 // ============================================
@@ -218,10 +235,7 @@ export function createSecretsAgent(
       description: "Encrypted secret storage and management",
       visibility: "internal",
     },
-    tools: [
-      storeSecretTool,
-      revokeSecretTool,
-    ] as ToolDefinition<ToolContext>[],
+    tools: [storeSecretTool, revokeSecretTool] as ToolDefinition<ToolContext>[],
   });
 }

package/src/agent-definitions/users.ts CHANGED Viewed

@@ -252,10 +252,17 @@ export function createUsersAgent(options: UsersAgentOptions): AgentDefinition {
         metadata: { type: "object", description: "Additional metadata" },
         externalRef: {
           type: "object",
-          description: "Link to a user on a remote system. Creates identity automatically.",
+          description:
+            "Link to a user on a remote system. Creates identity automatically.",
           properties: {
-            issuer: { type: "string", description: "Issuer URL of the remote system" },
-            userId: { type: "string", description: "User ID on the remote system" },
+            issuer: {
+              type: "string",
+              description: "Issuer URL of the remote system",
+            },
+            userId: {
+              type: "string",
+              description: "User ID on the remote system",
+            },
           },
         },
       },
@@ -270,7 +277,12 @@ export function createUsersAgent(options: UsersAgentOptions): AgentDefinition {
         );
         if (existing) {
           const user = await store.getUser(existing.userId);
-          return { success: true, user, identity: existing, alreadyLinked: true };
+          return {
+            success: true,
+            user,
+            identity: existing,
+            alreadyLinked: true,
+          };
         }
       }