npm - @slashfi/agents-sdk - Versions diffs - 0.16.0 → 0.18.0 - Mend

@slashfi/agents-sdk 0.16.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (96) hide show

package/dist/agent-definitions/auth.d.ts.map +1 -1
package/dist/agent-definitions/auth.js +44 -11
package/dist/agent-definitions/auth.js.map +1 -1
package/dist/agent-definitions/integrations.d.ts.map +1 -1
package/dist/agent-definitions/integrations.js +106 -45
package/dist/agent-definitions/integrations.js.map +1 -1
package/dist/agent-definitions/remote-registry.d.ts.map +1 -1
package/dist/agent-definitions/remote-registry.js +174 -45
package/dist/agent-definitions/remote-registry.js.map +1 -1
package/dist/agent-definitions/secrets.d.ts.map +1 -1
package/dist/agent-definitions/secrets.js +1 -4
package/dist/agent-definitions/secrets.js.map +1 -1
package/dist/agent-definitions/users.d.ts.map +1 -1
package/dist/agent-definitions/users.js +14 -3
package/dist/agent-definitions/users.js.map +1 -1
package/dist/define-config.d.ts +125 -0
package/dist/define-config.d.ts.map +1 -0
package/dist/define-config.js +75 -0
package/dist/define-config.js.map +1 -0
package/dist/define.d.ts +11 -2
package/dist/define.d.ts.map +1 -1
package/dist/define.js +57 -26
package/dist/define.js.map +1 -1
package/dist/events.d.ts +133 -0
package/dist/events.d.ts.map +1 -0
package/dist/events.js +57 -0
package/dist/events.js.map +1 -0
package/dist/index.d.ts +16 -8
package/dist/index.d.ts.map +1 -1
package/dist/index.js +21 -3
package/dist/index.js.map +1 -1
package/dist/integration-interface.d.ts +3 -3
package/dist/integration-interface.d.ts.map +1 -1
package/dist/integration-interface.js +29 -21
package/dist/integration-interface.js.map +1 -1
package/dist/integrations-store.d.ts +2 -2
package/dist/integrations-store.d.ts.map +1 -1
package/dist/integrations-store.js +3 -3
package/dist/integrations-store.js.map +1 -1
package/dist/jwt.d.ts.map +1 -1
package/dist/jwt.js +7 -5
package/dist/jwt.js.map +1 -1
package/dist/key-manager.d.ts.map +1 -1
package/dist/key-manager.js +5 -3
package/dist/key-manager.js.map +1 -1
package/dist/oidc-signin.d.ts +32 -0
package/dist/oidc-signin.d.ts.map +1 -0
package/dist/oidc-signin.js +138 -0
package/dist/oidc-signin.js.map +1 -0
package/dist/registry-consumer.d.ts +104 -0
package/dist/registry-consumer.d.ts.map +1 -0
package/dist/registry-consumer.js +230 -0
package/dist/registry-consumer.js.map +1 -0
package/dist/registry.d.ts +5 -0
package/dist/registry.d.ts.map +1 -1
package/dist/registry.js +76 -4
package/dist/registry.js.map +1 -1
package/dist/secret-collection.d.ts.map +1 -1
package/dist/secret-collection.js.map +1 -1
package/dist/server.d.ts +3 -0
package/dist/server.d.ts.map +1 -1
package/dist/server.js +222 -27
package/dist/server.js.map +1 -1
package/dist/test-utils/mock-oidc-server.d.ts +36 -0
package/dist/test-utils/mock-oidc-server.d.ts.map +1 -0
package/dist/test-utils/mock-oidc-server.js +96 -0
package/dist/test-utils/mock-oidc-server.js.map +1 -0
package/dist/types.d.ts +106 -0
package/dist/types.d.ts.map +1 -1
package/package.json +6 -1
package/src/agent-definitions/auth.ts +106 -38
package/src/agent-definitions/integrations.ts +201 -73
package/src/agent-definitions/remote-registry.ts +262 -65
package/src/agent-definitions/secrets.ts +22 -8
package/src/agent-definitions/users.ts +16 -4
package/src/cli.ts +293 -0
package/src/codegen.test.ts +527 -0
package/src/codegen.ts +1348 -0
package/src/consumer.test.ts +536 -0
package/src/define-config.ts +205 -0
package/src/define.ts +134 -46
package/src/events.ts +237 -0
package/src/index.ts +107 -8
package/src/integration-interface.ts +52 -28
package/src/integrations-store.ts +9 -5
package/src/jwt.ts +48 -19
package/src/key-manager.test.ts +22 -13
package/src/key-manager.ts +8 -10
package/src/oidc-signin.ts +223 -0
package/src/registry-consumer.ts +413 -0
package/src/registry.ts +115 -9
package/src/secret-collection.ts +2 -1
package/src/server.test.ts +304 -238
package/src/server.ts +371 -69
package/src/test-utils/mock-oidc-server.ts +123 -0
package/src/types.ts +172 -18

package/src/test-utils/mock-oidc-server.ts ADDED Viewed

@@ -0,0 +1,123 @@
+/**
+ * Mock OIDC Provider for testing.
+ *
+ * A minimal OpenID Connect provider that runs locally.
+ * Supports the authorization code flow with no user interaction.
+ *
+ * Usage:
+ *   const server = await startMockOIDC({ port: 0 });
+ *   // server.url = 'http://localhost:XXXXX'
+ *   // server.issuer = server.url
+ *   // Configure your app to use server.url as the OIDC provider
+ *   await server.stop();
+ */
+const TEST_USER = {
+  sub: "test-user-001",
+  email: "test@example.com",
+  name: "Test User",
+  picture: "https://example.com/avatar.png",
+  "https://slack.com/team_id": "T_TEST",
+  "https://slack.com/team_name": "Test Workspace",
+};
+const TEST_CLIENT_ID = "test-client-id";
+const TEST_CLIENT_SECRET = "test-client-secret";
+const VALID_CODE = "test-auth-code-12345";
+const ACCESS_TOKEN = `test-access-token-${Date.now()}`;
+export interface MockOIDCServer {
+  url: string;
+  port: number;
+  issuer: string;
+  clientId: string;
+  clientSecret: string;
+  testUser: typeof TEST_USER;
+  accessToken: string;
+  stop: () => Promise<void>;
+}
+export async function startMockOIDC(
+  opts: { port?: number } = {},
+): Promise<MockOIDCServer> {
+  const server: ReturnType<typeof Bun.serve> = Bun.serve({
+    port: opts.port ?? 0,
+    fetch(req): Response | Promise<Response> {
+      const url = new URL(req.url);
+      // Discovery
+      if (url.pathname === "/.well-known/openid-configuration") {
+        const base: string = `http://localhost:${server.port}`;
+        return Response.json({
+          issuer: base,
+          authorization_endpoint: `${base}/authorize`,
+          token_endpoint: `${base}/token`,
+          userinfo_endpoint: `${base}/userinfo`,
+          jwks_uri: `${base}/jwks`,
+          response_types_supported: ["code"],
+          subject_types_supported: ["public"],
+          id_token_signing_alg_values_supported: ["RS256"],
+          scopes_supported: ["openid", "email", "profile"],
+        });
+      }
+      // Authorize - immediately redirect back with code
+      if (url.pathname === "/authorize") {
+        const redirectUri = url.searchParams.get("redirect_uri")!;
+        const state = url.searchParams.get("state") ?? "";
+        const sep = redirectUri.includes("?") ? "&" : "?";
+        return Response.redirect(
+          `${redirectUri}${sep}code=${VALID_CODE}&state=${state}`,
+          302,
+        );
+      }
+      // Token exchange
+      if (url.pathname === "/token" && req.method === "POST") {
+        return Response.json({
+          access_token: ACCESS_TOKEN,
+          token_type: "bearer",
+          expires_in: 3600,
+          scope: "openid email profile",
+          id_token: "fake.id.token",
+        });
+      }
+      // UserInfo
+      if (url.pathname === "/userinfo") {
+        const auth = req.headers.get("authorization");
+        if (auth !== `Bearer ${ACCESS_TOKEN}`) {
+          return new Response("Unauthorized", { status: 401 });
+        }
+        return Response.json({ ok: true, ...TEST_USER });
+      }
+      // Also support Slack-style openid.connect.userInfo
+      if (url.pathname === "/api/openid.connect.userInfo") {
+        return Response.json({ ok: true, ...TEST_USER });
+      }
+      // JWKS (empty - we don't validate JWTs in tests)
+      if (url.pathname === "/jwks") {
+        return Response.json({ keys: [] });
+      }
+      return new Response("Not found", { status: 404 });
+    },
+  });
+  const base = `http://localhost:${server.port}`;
+  return {
+    url: base,
+    port: server.port as number,
+    issuer: base,
+    clientId: TEST_CLIENT_ID,
+    clientSecret: TEST_CLIENT_SECRET,
+    testUser: TEST_USER,
+    accessToken: ACCESS_TOKEN,
+    stop: async () => {
+      server.stop();
+    },
+  };
+}

package/src/types.ts CHANGED Viewed

@@ -4,6 +4,15 @@
  * Defines the fundamental types for agent definitions, tools, and contexts.
  */
+import type { EventCallback, EventType } from "./events.js";
+/** Internal listener entry stored on agents/tools */
+export interface ListenerEntry {
+  eventType: EventType;
+  callback: EventCallback<EventType>;
+  toolScope?: string;
+}
 // ============================================
 // JSON Schema
 // ============================================
@@ -28,7 +37,6 @@ export type JsonSchema = {
   [key: string]: unknown;
 };
 // ============================================
 // Integration Config
 // ============================================
@@ -67,19 +75,32 @@ export interface IntegrationMethodContext extends ToolContext {
  */
 export interface IntegrationMethods {
   /** Configure/initialize the integration (e.g., add a DB connection, set API key) */
-  setup(params: Record<string, unknown>, ctx: IntegrationMethodContext): Promise<IntegrationMethodResult>;
+  setup(
+    params: Record<string, unknown>,
+    ctx: IntegrationMethodContext,
+  ): Promise<IntegrationMethodResult>;
   /** List configured instances (e.g., list DB connections, list repos) */
-  list(params: Record<string, unknown>, ctx: IntegrationMethodContext): Promise<IntegrationMethodResult>;
+  list(
+    params: Record<string, unknown>,
+    ctx: IntegrationMethodContext,
+  ): Promise<IntegrationMethodResult>;
   /** Establish connection or authenticate (e.g., test DB connectivity, OAuth flow) */
-  connect(params: Record<string, unknown>, ctx: IntegrationMethodContext): Promise<IntegrationMethodResult>;
+  connect(
+    params: Record<string, unknown>,
+    ctx: IntegrationMethodContext,
+  ): Promise<IntegrationMethodResult>;
   /** Get details of a specific instance */
-  get(params: Record<string, unknown>, ctx: IntegrationMethodContext): Promise<IntegrationMethodResult>;
+  get(
+    params: Record<string, unknown>,
+    ctx: IntegrationMethodContext,
+  ): Promise<IntegrationMethodResult>;
   /** Modify an existing configuration */
-  update(params: Record<string, unknown>, ctx: IntegrationMethodContext): Promise<IntegrationMethodResult>;
+  update(
+    params: Record<string, unknown>,
+    ctx: IntegrationMethodContext,
+  ): Promise<IntegrationMethodResult>;
 }
 /** Hooks for agents that implement the integrations interface. */
 export interface IntegrationHooks {
   /** Provider metadata */
@@ -90,17 +111,35 @@ export interface IntegrationHooks {
   description?: string;
   /** Set up this integration (discover, configure, establish trust) */
-  setup?(params: Record<string, unknown>, ctx: ToolContext): Promise<IntegrationMethodResult>;
+  setup?(
+    params: Record<string, unknown>,
+    ctx: ToolContext,
+  ): Promise<IntegrationMethodResult>;
   /** Connect a user to this integration (OAuth, identity linking) */
-  connect?(params: Record<string, unknown>, ctx: ToolContext): Promise<IntegrationMethodResult>;
+  connect?(
+    params: Record<string, unknown>,
+    ctx: ToolContext,
+  ): Promise<IntegrationMethodResult>;
   /** Discover available instances of this integration */
-  discover?(params: Record<string, unknown>, ctx: ToolContext): Promise<IntegrationMethodResult>;
+  discover?(
+    params: Record<string, unknown>,
+    ctx: ToolContext,
+  ): Promise<IntegrationMethodResult>;
   /** List connected instances */
-  list?(params: Record<string, unknown>, ctx: ToolContext): Promise<IntegrationMethodResult>;
+  list?(
+    params: Record<string, unknown>,
+    ctx: ToolContext,
+  ): Promise<IntegrationMethodResult>;
   /** Get details of a specific instance */
-  get?(params: Record<string, unknown>, ctx: ToolContext): Promise<IntegrationMethodResult>;
+  get?(
+    params: Record<string, unknown>,
+    ctx: ToolContext,
+  ): Promise<IntegrationMethodResult>;
   /** Update an existing instance config */
-  update?(params: Record<string, unknown>, ctx: ToolContext): Promise<IntegrationMethodResult>;
+  update?(
+    params: Record<string, unknown>,
+    ctx: ToolContext,
+  ): Promise<IntegrationMethodResult>;
 }
 export interface IntegrationConfig {
   /** Provider identifier (e.g., "databases", "slack", "github") */
@@ -125,6 +164,100 @@ export interface IntegrationConfig {
   connectSchema?: Record<string, unknown>;
 }
+// ============================================
+// Security Scheme
+// ============================================
+/**
+ * OAuth 2.0 Authorization Code flow configuration.
+ * Used by agents that wrap APIs requiring user-authorized access
+ * (e.g. Notion, Slack, GitHub, Linear, Google).
+ */
+export interface OAuth2SecurityScheme {
+  type: "oauth2";
+  flows: {
+    authorizationCode: {
+      /** URL to redirect users for authorization */
+      authorizationUrl: string;
+      /** URL to exchange authorization code for tokens */
+      tokenUrl: string;
+      /** URL for token refresh (defaults to tokenUrl) */
+      refreshUrl?: string;
+      /** Available scopes: key = scope name, value = description */
+      scopes?: Record<string, string>;
+      /** How client credentials are sent */
+      clientAuth?: "client_secret_post" | "client_secret_basic";
+    };
+  };
+}
+/**
+ * API key authentication.
+ * Used by agents that wrap APIs using a single key
+ * (e.g. OpenAI, Anthropic, Stripe, Datadog).
+ */
+export interface ApiKeySecurityScheme {
+  type: "apiKey";
+  /** Where the key is sent */
+  in: "header" | "query";
+  /** Header or query parameter name (e.g. "X-API-Key", "Authorization") */
+  name: string;
+  /** Optional prefix (e.g. "Bearer" for Authorization header) */
+  prefix?: string;
+}
+/**
+ * HTTP authentication (Bearer token, Basic auth).
+ */
+export interface HttpSecurityScheme {
+  type: "http";
+  scheme: "bearer" | "basic";
+}
+/**
+ * No authentication required.
+ */
+export interface NoneSecurityScheme {
+  type: "none";
+}
+/**
+ * Security scheme for an agent — describes what authentication the
+ * agent's target API requires from consumers.
+ *
+ * Borrowed from OpenAPI Security Scheme Object, simplified for agents.
+ * The system uses this to:
+ * - Know what credentials a tenant admin needs to provide (OAuth app creds)
+ * - Know what flow a user needs to complete (OAuth exchange)
+ * - Know how to send credentials when calling the API
+ *
+ * @example
+ * ```typescript
+ * // OAuth 2.0 (Notion, Slack, GitHub)
+ * security: {
+ *   type: 'oauth2',
+ *   flows: {
+ *     authorizationCode: {
+ *       authorizationUrl: 'https://api.notion.com/v1/oauth/authorize',
+ *       tokenUrl: 'https://api.notion.com/v1/oauth/token',
+ *       clientAuth: 'client_secret_basic',
+ *     }
+ *   }
+ * }
+ *
+ * // API Key (OpenAI, Stripe)
+ * security: { type: 'apiKey', in: 'header', name: 'Authorization', prefix: 'Bearer' }
+ *
+ * // No auth (public API)
+ * security: { type: 'none' }
+ * ```
+ */
+export type SecurityScheme =
+  | OAuth2SecurityScheme
+  | ApiKeySecurityScheme
+  | HttpSecurityScheme
+  | NoneSecurityScheme;
 // ============================================
 // Agent Configuration
 // ============================================
@@ -163,11 +296,11 @@ export interface AgentConfig {
   modelParams?: {
     maxTokens?: number;
     temperature?: number;
-  /** Agent refs (paths to other agents this agent can call) */
-  refs?: Record<string, { description?: string }>;
+    /** Agent refs (paths to other agents this agent can call) */
+    refs?: Record<string, { description?: string }>;
-  /** Tools to expose publicly (by name) */
-  public?: { tools?: string[] };
+    /** Tools to expose publicly (by name) */
+    public?: { tools?: string[] };
     [key: string]: unknown;
   };
@@ -178,6 +311,15 @@ export interface AgentConfig {
    */
   integration?: IntegrationConfig;
+  /**
+   * Security scheme — describes what authentication the agent's
+   * target API requires. Used by the registry to communicate
+   * credential requirements to consumers.
+   *
+   * @see SecurityScheme
+   */
+  security?: SecurityScheme;
   /** Additional configuration */
   /** Agent refs (paths to other agents this agent can call) */
   refs?: Record<string, { description?: string }>;
@@ -487,6 +629,12 @@ export interface ToolDefinition<
    * When set, rendered directly into the agent's system prompt.
    */
   doc?: string;
+  /**
+   * Internal: event listeners registered via tool.on().
+   * Collected by the registry on registration.
+   */
+  _listeners?: ListenerEntry[];
 }
 /**
@@ -542,6 +690,12 @@ export interface AgentDefinition<TContext extends ToolContext = ToolContext> {
    * Called once to load runtime hooks exported from the agent's entrypoint module.
    */
   loadListeners?: () => Promise<unknown>;
+  /**
+   * Internal: event listeners registered via agent.on().
+   * Collected by the registry on registration.
+   */
+  _listeners?: ListenerEntry[];
 }
 // ============================================