npm - @slashfi/agents-sdk - Versions diffs - 0.17.0 → 0.18.0 - Mend

@slashfi/agents-sdk 0.17.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/src/consumer.test.ts CHANGED Viewed

@@ -55,7 +55,7 @@ const echoAgent = defineAgent({
 describe("Registry Consumer E2E", () => {
   let server: AgentServer;
-  const PORT = 19890;
+  const PORT = 19892;
   beforeAll(async () => {
     const registry = createAgentRegistry();

package/src/index.ts CHANGED Viewed

@@ -83,6 +83,11 @@ export type {
   ToolSchema,
   ToolSelectionContext,
   IntegrationConfig,
+  ApiKeySecurityScheme,
+  HttpSecurityScheme,
+  NoneSecurityScheme,
+  OAuth2SecurityScheme,
+  SecurityScheme,
   IntegrationMethods,
   IntegrationMethodResult,
   IntegrationMethodContext,
@@ -277,3 +282,16 @@ export type {
   AgentListing,
   SecretResolver,
 } from "./registry-consumer.js";
+// Codegen (exported from separate entrypoint — see ./codegen.ts)
+// TODO: Re-enable once codegen.ts type errors are fixed
+// export { codegen, useAgent, listAgentTools } from "./codegen.js";
+// export type {
+//   CodegenOptions,
+//   CodegenResult,
+//   CodegenManifest,
+//   McpToolDefinition,
+//   McpServerInfo,
+//   McpTransport,
+//   ServerSource,
+// } from "./codegen.js";

package/src/types.ts CHANGED Viewed

@@ -164,6 +164,100 @@ export interface IntegrationConfig {
   connectSchema?: Record<string, unknown>;
 }
+// ============================================
+// Security Scheme
+// ============================================
+/**
+ * OAuth 2.0 Authorization Code flow configuration.
+ * Used by agents that wrap APIs requiring user-authorized access
+ * (e.g. Notion, Slack, GitHub, Linear, Google).
+ */
+export interface OAuth2SecurityScheme {
+  type: "oauth2";
+  flows: {
+    authorizationCode: {
+      /** URL to redirect users for authorization */
+      authorizationUrl: string;
+      /** URL to exchange authorization code for tokens */
+      tokenUrl: string;
+      /** URL for token refresh (defaults to tokenUrl) */
+      refreshUrl?: string;
+      /** Available scopes: key = scope name, value = description */
+      scopes?: Record<string, string>;
+      /** How client credentials are sent */
+      clientAuth?: "client_secret_post" | "client_secret_basic";
+    };
+  };
+}
+/**
+ * API key authentication.
+ * Used by agents that wrap APIs using a single key
+ * (e.g. OpenAI, Anthropic, Stripe, Datadog).
+ */
+export interface ApiKeySecurityScheme {
+  type: "apiKey";
+  /** Where the key is sent */
+  in: "header" | "query";
+  /** Header or query parameter name (e.g. "X-API-Key", "Authorization") */
+  name: string;
+  /** Optional prefix (e.g. "Bearer" for Authorization header) */
+  prefix?: string;
+}
+/**
+ * HTTP authentication (Bearer token, Basic auth).
+ */
+export interface HttpSecurityScheme {
+  type: "http";
+  scheme: "bearer" | "basic";
+}
+/**
+ * No authentication required.
+ */
+export interface NoneSecurityScheme {
+  type: "none";
+}
+/**
+ * Security scheme for an agent — describes what authentication the
+ * agent's target API requires from consumers.
+ *
+ * Borrowed from OpenAPI Security Scheme Object, simplified for agents.
+ * The system uses this to:
+ * - Know what credentials a tenant admin needs to provide (OAuth app creds)
+ * - Know what flow a user needs to complete (OAuth exchange)
+ * - Know how to send credentials when calling the API
+ *
+ * @example
+ * ```typescript
+ * // OAuth 2.0 (Notion, Slack, GitHub)
+ * security: {
+ *   type: 'oauth2',
+ *   flows: {
+ *     authorizationCode: {
+ *       authorizationUrl: 'https://api.notion.com/v1/oauth/authorize',
+ *       tokenUrl: 'https://api.notion.com/v1/oauth/token',
+ *       clientAuth: 'client_secret_basic',
+ *     }
+ *   }
+ * }
+ *
+ * // API Key (OpenAI, Stripe)
+ * security: { type: 'apiKey', in: 'header', name: 'Authorization', prefix: 'Bearer' }
+ *
+ * // No auth (public API)
+ * security: { type: 'none' }
+ * ```
+ */
+export type SecurityScheme =
+  | OAuth2SecurityScheme
+  | ApiKeySecurityScheme
+  | HttpSecurityScheme
+  | NoneSecurityScheme;
 // ============================================
 // Agent Configuration
 // ============================================
@@ -217,6 +311,15 @@ export interface AgentConfig {
    */
   integration?: IntegrationConfig;
+  /**
+   * Security scheme — describes what authentication the agent's
+   * target API requires. Used by the registry to communicate
+   * credential requirements to consumers.
+   *
+   * @see SecurityScheme
+   */
+  security?: SecurityScheme;
   /** Additional configuration */
   /** Agent refs (paths to other agents this agent can call) */
   refs?: Record<string, { description?: string }>;