@slashfi/agents-sdk 0.16.0 → 0.18.0

package/src/index.ts

@@ -83,6 +83,11 @@ export type {
   ToolSchema,
   ToolSelectionContext,
   IntegrationConfig,
+  ApiKeySecurityScheme,
+  HttpSecurityScheme,
+  NoneSecurityScheme,
+  OAuth2SecurityScheme,
+  SecurityScheme,
   IntegrationMethods,
   IntegrationMethodResult,
   IntegrationMethodContext,
@@ -92,15 +97,48 @@ export type {
 
 // Define functions
 export { defineAgent, defineTool } from "./define.js";
-export type { DefineAgentOptions, DefineToolOptions } from "./define.js";
+export type { DefineAgentOptions, DefineToolOptions, AgentWithHooks, ToolWithHooks } from "./define.js";
 
 // Registry
 export { createAgentRegistry } from "./registry.js";
-export type { AgentRegistry, AgentRegistryOptions, RegistryMiddleware } from "./registry.js";
+export type {
+  AgentRegistry,
+  AgentRegistryOptions,
+  RegistryMiddleware,
+} from "./registry.js";
+
+// Events
+export { createEventBus } from "./events.js";
+export type {
+  EventBus,
+  EventType,
+  EventCallback,
+  AgentEvent,
+  ToolCallEvent,
+  ToolResultEvent,
+  ToolErrorEvent,
+  StepEvent,
+  InvokeEvent,
+  EventMap,
+} from "./events.js";
 
 // Server
-export { createAgentServer, detectAuth, resolveAuth, canSeeAgent } from "./server.js";
-export type { AgentServer, AgentServerOptions, AuthConfig, OAuthIdentityProvider, ResolvedAuth, TrustedIssuer } from "./server.js";
+export {
+  createAgentServer,
+  detectAuth,
+  resolveAuth,
+  canSeeAgent,
+} from "./server.js";
+export type {
+  AgentServer,
+  AgentServerOptions,
+  AuthConfig,
+  OAuthIdentityProvider,
+  ResolvedAuth,
+  TrustedIssuer,
+} from "./server.js";
+export { createOIDCSignIn } from "./oidc-signin.js";
+export type { OIDCProviderConfig, OIDCSignInHandler } from "./oidc-signin.js";
 
 // Secret Collection
 export {
@@ -147,8 +185,23 @@ export type {
 export { encryptSecret, decryptSecret } from "./crypto.js";
 
 // JWT
-export { signJwt, verifyJwt, signJwtES256, verifyJwtLocal, verifyJwtFromIssuer, generateSigningKey, exportSigningKey, importSigningKey, buildJwks } from "./jwt.js";
-export type { JwtPayload, AgentJwtPayload, SigningKey, ExportedKeyPair } from "./jwt.js";
+export {
+  signJwt,
+  verifyJwt,
+  signJwtES256,
+  verifyJwtLocal,
+  verifyJwtFromIssuer,
+  generateSigningKey,
+  exportSigningKey,
+  importSigningKey,
+  buildJwks,
+} from "./jwt.js";
+export type {
+  JwtPayload,
+  AgentJwtPayload,
+  SigningKey,
+  ExportedKeyPair,
+} from "./jwt.js";
 
 // Postgres Secret Store
 
@@ -177,7 +230,6 @@ export type {
   TokenExchangeResult,
 } from "./agent-definitions/integrations.js";
 
-
 // Remote Registry
 export { createRemoteRegistryAgent } from "./agent-definitions/remote-registry.js";
 export type { RemoteRegistryAgentOptions } from "./agent-definitions/remote-registry.js";
@@ -195,4 +247,51 @@ export type {
 export * from "./integrations-store.js";
 export * from "./integration-interface.js";
 export type { ContextFactory } from "./registry.js";
-export { createKeyManager, type KeyManager, type KeyStore, type KeyManagerOptions, type StoredKey, type KeyStatus } from "./key-manager.js";
+export {
+  createKeyManager,
+  type KeyManager,
+  type KeyStore,
+  type KeyManagerOptions,
+  type StoredKey,
+  type KeyStatus,
+} from "./key-manager.js";
+
+// Config & Consumer
+export {
+  normalizeRef,
+  normalizeRegistry,
+  isSecretUrl,
+  isSecretUri,
+} from "./define-config.js";
+export type {
+  RegistryAuth,
+  RegistryEntry,
+  RefConfig,
+  RefEntry,
+  ConsumerConfig,
+  ResolvedRegistry,
+  ResolvedRef,
+  ResolvedConfig,
+} from "./define-config.js";
+
+export { createRegistryConsumer } from "./registry-consumer.js";
+export type {
+  RegistryConsumer,
+  RegistryConsumerOptions,
+  RegistryConfiguration,
+  AgentListing,
+  SecretResolver,
+} from "./registry-consumer.js";
+
+// Codegen (exported from separate entrypoint — see ./codegen.ts)
+// TODO: Re-enable once codegen.ts type errors are fixed
+// export { codegen, useAgent, listAgentTools } from "./codegen.js";
+// export type {
+//   CodegenOptions,
+//   CodegenResult,
+//   CodegenManifest,
+//   McpToolDefinition,
+//   McpServerInfo,
+//   McpTransport,
+//   ServerSource,
+// } from "./codegen.js";

package/src/integration-interface.ts

@@ -5,16 +5,16 @@
  * They are all internal visibility and only callable by @integrations.
  */
 
-import { defineTool } from './define.js';
-import type { IntegrationsStore } from './integrations-store.js';
-import type { ToolDefinition, ToolContext } from './types.js';
+import { defineTool } from "./define.js";
+import type { IntegrationsStore } from "./integrations-store.js";
+import type { ToolContext, ToolDefinition } from "./types.js";
 
 export interface IntegrationDefinition {
   id: string;
   agentPath: string;
   name: string;
   description: string;
-  type: 'oauth' | 'credentials' | 'config';
+  type: "oauth" | "credentials" | "config";
   configSchema?: Record<string, unknown>;
 }
 
@@ -22,23 +22,36 @@ export interface IntegrationInterfaceConfig {
   agentPath: string;
   store: IntegrationsStore;
   discover: () => Promise<IntegrationDefinition[]>;
-  setup: (config: Record<string, unknown>, ctx: ToolContext) => Promise<{ success: boolean; integrationId?: string; oauthUrl?: string; error?: string }>;
-  connect?: (integrationId: string, ctx: ToolContext) => Promise<{ success: boolean; error?: string }>;
+  setup: (
+    config: Record<string, unknown>,
+    ctx: ToolContext,
+  ) => Promise<{
+    success: boolean;
+    integrationId?: string;
+    oauthUrl?: string;
+    error?: string;
+  }>;
+  connect?: (
+    integrationId: string,
+    ctx: ToolContext,
+  ) => Promise<{ success: boolean; error?: string }>;
 }
 
 /**
  * Create the standard _integration tools for an agent.
  * Returns an array of ToolDefinitions to include in the agent's tools.
  */
-export function createIntegrationTools(config: IntegrationInterfaceConfig): ToolDefinition<ToolContext>[] {
+export function createIntegrationTools(
+  config: IntegrationInterfaceConfig,
+): ToolDefinition<ToolContext>[] {
   const { agentPath, store, discover, setup, connect } = config;
 
   const discoverTool = defineTool({
-    name: 'discover_integrations',
+    name: "discover_integrations",
     description: `Discover available integrations for ${agentPath}.`,
-    visibility: 'internal' as const,
+    visibility: "internal" as const,
     inputSchema: {
-      type: 'object' as const,
+      type: "object" as const,
       properties: {},
     },
     execute: async () => {
@@ -48,17 +61,20 @@ export function createIntegrationTools(config: IntegrationInterfaceConfig): Tool
   });
 
   const setupTool = defineTool({
-    name: 'setup_integration',
+    name: "setup_integration",
     description: `Set up a new integration for ${agentPath}.`,
-    visibility: 'internal' as const,
+    visibility: "internal" as const,
     inputSchema: {
-      type: 'object' as const,
+      type: "object" as const,
       properties: {
-        config: { type: 'object', description: 'Integration configuration' },
+        config: { type: "object", description: "Integration configuration" },
       },
-      required: ['config'],
+      required: ["config"],
     },
-    execute: async (input: { config: Record<string, unknown> }, ctx: ToolContext) => {
+    execute: async (
+      input: { config: Record<string, unknown> },
+      ctx: ToolContext,
+    ) => {
       const result = await setup(input.config, ctx);
       if (result.success && !result.oauthUrl) {
         // Direct setup (no OAuth needed) — create integration row
@@ -74,23 +90,26 @@ export function createIntegrationTools(config: IntegrationInterfaceConfig): Tool
   });
 
   const connectTool = defineTool({
-    name: 'connect_integration',
+    name: "connect_integration",
     description: `Test or authorize a ${agentPath} integration connection.`,
-    visibility: 'internal' as const,
+    visibility: "internal" as const,
     inputSchema: {
-      type: 'object' as const,
+      type: "object" as const,
       properties: {
-        integration_id: { type: 'string', description: 'Integration ID to connect' },
+        integration_id: {
+          type: "string",
+          description: "Integration ID to connect",
+        },
       },
-      required: ['integration_id'],
+      required: ["integration_id"],
     },
     execute: async (input: { integration_id: string }, ctx: ToolContext) => {
       if (connect) {
         const result = await connect(input.integration_id, ctx);
         if (result.success) {
-          await store.update(input.integration_id, { status: 'active' });
+          await store.update(input.integration_id, { status: "active" });
         } else {
-          await store.update(input.integration_id, { status: 'error' });
+          await store.update(input.integration_id, { status: "error" });
         }
         return result;
       }
@@ -99,13 +118,13 @@ export function createIntegrationTools(config: IntegrationInterfaceConfig): Tool
   });
 
   const listTool = defineTool({
-    name: 'list_integrations',
+    name: "list_integrations",
     description: `List installed integrations for ${agentPath}.`,
-    visibility: 'internal' as const,
+    visibility: "internal" as const,
     inputSchema: {
-      type: 'object' as const,
+      type: "object" as const,
       properties: {
-        tenant_id: { type: 'string', description: 'Filter by tenant' },
+        tenant_id: { type: "string", description: "Filter by tenant" },
       },
     },
     execute: async (input: { tenant_id?: string }) => {
@@ -114,5 +133,10 @@ export function createIntegrationTools(config: IntegrationInterfaceConfig): Tool
     },
   });
 
-  return [discoverTool, setupTool, connectTool, listTool] as ToolDefinition<ToolContext>[];
+  return [
+    discoverTool,
+    setupTool,
+    connectTool,
+    listTool,
+  ] as ToolDefinition<ToolContext>[];
 }

package/src/integrations-store.ts

@@ -9,7 +9,7 @@ export interface Integration {
   id: string;
   agentPath: string;
   tenantId?: string;
-  status: 'active' | 'disabled' | 'error';
+  status: "active" | "disabled" | "error";
   config: Record<string, unknown>;
   installedBy?: string;
   installedAt: number;
@@ -28,7 +28,10 @@ export interface IntegrationsStore {
   get(id: string): Promise<Integration | null>;
   list(tenantId?: string): Promise<Integration[]>;
   listByAgent(agentPath: string, tenantId?: string): Promise<Integration[]>;
-  update(id: string, updates: Partial<Pick<Integration, 'status' | 'config' | 'updatedAt'>>): Promise<Integration | null>;
+  update(
+    id: string,
+    updates: Partial<Pick<Integration, "status" | "config" | "updatedAt">>,
+  ): Promise<Integration | null>;
   delete(id: string): Promise<boolean>;
 }
 
@@ -44,7 +47,7 @@ export function createInMemoryIntegrationsStore(): IntegrationsStore {
         id,
         agentPath: input.agentPath,
         tenantId: input.tenantId,
-        status: 'active',
+        status: "active",
         config: input.config,
         installedBy: input.installedBy,
         installedAt: now,
@@ -60,12 +63,13 @@ export function createInMemoryIntegrationsStore(): IntegrationsStore {
 
     async list(tenantId?) {
       const all = Array.from(integrations.values());
-      return tenantId ? all.filter(i => i.tenantId === tenantId) : all;
+      return tenantId ? all.filter((i) => i.tenantId === tenantId) : all;
     },
 
     async listByAgent(agentPath, tenantId?) {
       return Array.from(integrations.values()).filter(
-        i => i.agentPath === agentPath && (!tenantId || i.tenantId === tenantId)
+        (i) =>
+          i.agentPath === agentPath && (!tenantId || i.tenantId === tenantId),
       );
     },
 

package/src/jwt.ts

@@ -9,15 +9,14 @@
  */
 
 import {
+  type JWK,
+  type JWTPayload,
   SignJWT,
-  jwtVerify,
-  generateKeyPair,
+  createRemoteJWKSet,
   exportJWK,
+  generateKeyPair,
   importJWK,
-  createRemoteJWKSet,
-  type JWTPayload,
-
-  type JWK,
+  jwtVerify,
 } from "jose";
 
 // ============================================
@@ -80,7 +79,9 @@ export interface ExportedKeyPair {
  * Generate a new ES256 signing key pair.
  */
 export async function generateSigningKey(kid?: string): Promise<SigningKey> {
-  const { privateKey, publicKey } = await generateKeyPair("ES256", { extractable: true });
+  const { privateKey, publicKey } = await generateKeyPair("ES256", {
+    extractable: true,
+  });
   return {
     kid: kid ?? `key-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
     privateKey,
@@ -94,7 +95,9 @@ export async function generateSigningKey(kid?: string): Promise<SigningKey> {
 /**
  * Export a signing key to JWK format (for storage).
  */
-export async function exportSigningKey(key: SigningKey): Promise<ExportedKeyPair> {
+export async function exportSigningKey(
+  key: SigningKey,
+): Promise<ExportedKeyPair> {
   const privateKeyJwk = await exportJWK(key.privateKey);
   const publicKeyJwk = await exportJWK(key.publicKey);
   return {
@@ -110,9 +113,17 @@ export async function exportSigningKey(key: SigningKey): Promise<ExportedKeyPair
 /**
  * Import a signing key from stored JWK format.
  */
-export async function importSigningKey(exported: ExportedKeyPair): Promise<SigningKey> {
-  const privateKey = await importJWK(exported.privateKeyJwk, exported.alg) as CryptoKey;
-  const publicKey = await importJWK(exported.publicKeyJwk, exported.alg) as CryptoKey;
+export async function importSigningKey(
+  exported: ExportedKeyPair,
+): Promise<SigningKey> {
+  const privateKey = (await importJWK(
+    exported.privateKeyJwk,
+    exported.alg,
+  )) as CryptoKey;
+  const publicKey = (await importJWK(
+    exported.publicKeyJwk,
+    exported.alg,
+  )) as CryptoKey;
   return {
     kid: exported.kid,
     privateKey,
@@ -148,7 +159,10 @@ export async function buildJwks(keys: SigningKey[]): Promise<{ keys: JWK[] }> {
  * Sign a JWT with ES256 using the server's private key.
  */
 export async function signJwtES256(
-  payload: Omit<AgentJwtPayload, "iat" | "exp"> & { iat?: number; exp?: number },
+  payload: Omit<AgentJwtPayload, "iat" | "exp"> & {
+    iat?: number;
+    exp?: number;
+  },
   privateKey: CryptoKey,
   kid: string,
   issuer?: string,
@@ -202,7 +216,7 @@ export async function verifyJwtFromIssuer(
   issuerUrl: string,
 ): Promise<AgentJwtPayload | null> {
   try {
-    const jwksUrl = issuerUrl.replace(/\/$/, "") + "/.well-known/jwks.json";
+    const jwksUrl = `${issuerUrl.replace(/\/$/, "")}/.well-known/jwks.json`;
     let jwks = jwksCache.get(jwksUrl);
     if (!jwks) {
       jwks = createRemoteJWKSet(new URL(jwksUrl));
@@ -234,19 +248,34 @@ function base64UrlDecode(str: string): Uint8Array {
 
 async function hmacSign(data: string, secret: string): Promise<Uint8Array> {
   const key = await crypto.subtle.importKey(
-    "raw", encoder.encode(secret),
-    { name: "HMAC", hash: "SHA-256" }, false, ["sign"],
+    "raw",
+    encoder.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"],
   );
   const sig = await crypto.subtle.sign("HMAC", key, encoder.encode(data));
   return new Uint8Array(sig);
 }
 
-async function hmacVerify(data: string, signature: Uint8Array, secret: string): Promise<boolean> {
+async function hmacVerify(
+  data: string,
+  signature: Uint8Array,
+  secret: string,
+): Promise<boolean> {
   const key = await crypto.subtle.importKey(
-    "raw", encoder.encode(secret),
-    { name: "HMAC", hash: "SHA-256" }, false, ["verify"],
+    "raw",
+    encoder.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["verify"],
+  );
+  return crypto.subtle.verify(
+    "HMAC",
+    key,
+    signature.buffer as ArrayBuffer,
+    encoder.encode(data),
   );
-  return crypto.subtle.verify("HMAC", key, signature.buffer as ArrayBuffer, encoder.encode(data));
 }
 
 /** @deprecated Use AgentJwtPayload instead */

package/src/key-manager.test.ts

@@ -1,6 +1,11 @@
-import { describe, test, expect, afterEach } from "bun:test";
-import { createKeyManager, type KeyStore, type StoredKey, type KeyManager } from "./key-manager";
-import { jwtVerify, createLocalJWKSet } from "jose";
+import { afterEach, describe, expect, test } from "bun:test";
+import { createLocalJWKSet, jwtVerify } from "jose";
+import {
+  type KeyManager,
+  type KeyStore,
+  type StoredKey,
+  createKeyManager,
+} from "./key-manager";
 
 // In-memory KeyStore for testing (no DB needed)
 function createMemoryKeyStore(): KeyStore & { keys: StoredKey[] } {
@@ -76,9 +81,7 @@ describe("KeyManager", () => {
     const parts = token.split(".");
     expect(parts).toHaveLength(3);
 
-    const payload = JSON.parse(
-      Buffer.from(parts[1], "base64url").toString()
-    );
+    const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
     expect(payload.sub).toBe("test-service");
     expect(payload.iss).toBe("http://test:3000");
     expect(payload.exp - payload.iat).toBe(300); // default 5 min TTL
@@ -110,7 +113,7 @@ describe("KeyManager", () => {
 
     const token = await km.signJwt({ sub: "short-lived" });
     const payload = JSON.parse(
-      Buffer.from(token.split(".")[1], "base64url").toString()
+      Buffer.from(token.split(".")[1], "base64url").toString(),
     );
     expect(payload.exp - payload.iat).toBe(60);
   });
@@ -126,9 +129,11 @@ describe("KeyManager", () => {
       checkIntervalMs: 60_000,
     });
 
-    const initialKid = km.getJwks().keys.find(
-      (k) => store.keys.find((sk) => sk.kid === k.kid)?.status === "active"
-    )?.kid;
+    const initialKid = km
+      .getJwks()
+      .keys.find(
+        (k) => store.keys.find((sk) => sk.kid === k.kid)?.status === "active",
+      )?.kid;
 
     // Force rotation
     await km.rotate();
@@ -227,7 +232,7 @@ describe("KeyManager", () => {
     expect(failed).toBe(true);
   });
 
-    // ---- Transaction tests ----
+  // ---- Transaction tests ----
 
   test("transaction: rotate is atomic (rollback on failure)", async () => {
     const store = createMemoryKeyStore();
@@ -241,10 +246,14 @@ describe("KeyManager", () => {
 
     // Monkey-patch insertKey to fail mid-transaction
     const origInsert = store.insertKey;
-    store.insertKey = async () => { throw new Error("simulated failure"); };
+    store.insertKey = async () => {
+      throw new Error("simulated failure");
+    };
 
     // Rotation should fail, but state should be rolled back
-    try { await km.rotate(); } catch {}
+    try {
+      await km.rotate();
+    } catch {}
 
     // Original key should still be active (not deprecated)
     const active = store.keys.filter((k) => k.status === "active");

package/src/key-manager.ts

@@ -13,13 +13,7 @@
  * - Signs JWTs with the active key
  */
 
-import {
-  generateKeyPair,
-  exportJWK,
-  importJWK,
-  SignJWT,
-  type JWK,
-} from "jose";
+import { type JWK, SignJWT, exportJWK, generateKeyPair, importJWK } from "jose";
 
 // ── Types ──
 
@@ -103,7 +97,9 @@ function generateKid(): string {
 }
 
 async function generateNewKey(keyLifetimeMs: number): Promise<StoredKey> {
-  const { privateKey, publicKey } = await generateKeyPair(ALG, { extractable: true });
+  const { privateKey, publicKey } = await generateKeyPair(ALG, {
+    extractable: true,
+  });
   const kid = generateKid();
 
   const publicJwk = await exportJWK(publicKey);
@@ -127,13 +123,15 @@ async function generateNewKey(keyLifetimeMs: number): Promise<StoredKey> {
 }
 
 async function toCachedKey(stored: StoredKey): Promise<CachedKey> {
-  const privateKey = await importJWK(stored.privateJwk, ALG) as CryptoKey;
+  const privateKey = (await importJWK(stored.privateJwk, ALG)) as CryptoKey;
   return { ...stored, privateKey };
 }
 
 // ── Key Manager ──
 
-export async function createKeyManager(opts: KeyManagerOptions): Promise<KeyManager> {
+export async function createKeyManager(
+  opts: KeyManagerOptions,
+): Promise<KeyManager> {
   const {
     store,
     issuer,