@slashfi/agents-sdk 0.2.2 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.d.ts.map +1 -1
- package/dist/auth.js +9 -16
- package/dist/auth.js.map +1 -1
- package/dist/index.d.ts +4 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -0
- package/dist/index.js.map +1 -1
- package/dist/jwt.d.ts +36 -0
- package/dist/jwt.d.ts.map +1 -0
- package/dist/jwt.js +71 -0
- package/dist/jwt.js.map +1 -0
- package/dist/secrets.d.ts +44 -0
- package/dist/secrets.d.ts.map +1 -0
- package/dist/secrets.js +106 -0
- package/dist/secrets.js.map +1 -0
- package/dist/server.d.ts +3 -0
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +44 -1
- package/dist/server.js.map +1 -1
- package/package.json +1 -1
- package/src/auth.ts +14 -19
- package/src/index.ts +8 -0
- package/src/jwt.ts +123 -0
- package/src/secrets.ts +154 -0
- package/src/server.ts +54 -0
package/dist/auth.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAGH,OAAO,KAAK,EAAE,eAAe,EAA+B,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAGH,OAAO,KAAK,EAAE,eAAe,EAA+B,MAAM,YAAY,CAAC;AAO/E,wBAAwB;AACxB,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,6DAA6D;IAC7D,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,4BAA4B;AAC5B,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,iDAAiD;AACjD,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;CACjB;AAMD;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,8DAA8D;IAC9D,YAAY,CACV,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EAAE,EAChB,cAAc,CAAC,EAAE,OAAO,GACvB,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAEvD,4EAA4E;IAC5E,cAAc,CACZ,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE9B,wBAAwB;IACxB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAExD,wBAAwB;IACxB,WAAW,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAErC,gCAAgC;IAChC,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEjD,wDAAwD;IACxD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,YAAY,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IAEzE,qBAAqB;IACrB,UAAU,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5C,sEAAsE;IACtE,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAE9D,+BAA+B;IAC/B,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACpD;AAqCD;;;GAGG;AACH,wBAAgB,qBAAqB,IAAI,SAAS,CAyEjD;AAMD,MAAM,WAAW,sBAAsB;IACrC,+CAA+C;IAC/C,OAAO,EAAE,MAAM,CAAC;IAEhB,yEAAyE;IACzE,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAE5B,kFAAkF;IAClF,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE9B,mDAAmD;IACnD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,4CAA4C;IAC5C,KAAK,CAAC,EAAE,SAAS,CAAC;CACnB;AAMD;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,sBAAsB,GAC9B,eAAe,GAAG;IACnB,WAAW,EAAE,SAAS,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB,CAuOA"}
|
package/dist/auth.js
CHANGED
|
@@ -24,6 +24,7 @@
|
|
|
24
24
|
* ```
|
|
25
25
|
*/
|
|
26
26
|
import { defineAgent, defineTool } from "./define.js";
|
|
27
|
+
import { signJwt } from "./jwt.js";
|
|
27
28
|
// ============================================
|
|
28
29
|
// In-Memory Auth Store
|
|
29
30
|
// ============================================
|
|
@@ -43,14 +44,6 @@ function generateSecret() {
|
|
|
43
44
|
}
|
|
44
45
|
return secret;
|
|
45
46
|
}
|
|
46
|
-
function generateToken() {
|
|
47
|
-
const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
|
48
|
-
let token = "at_";
|
|
49
|
-
for (let i = 0; i < 48; i++) {
|
|
50
|
-
token += chars[Math.floor(Math.random() * chars.length)];
|
|
51
|
-
}
|
|
52
|
-
return token;
|
|
53
|
-
}
|
|
54
47
|
/** Simple hash for storing secrets (not for production - use bcrypt/argon2) */
|
|
55
48
|
async function hashSecret(secret) {
|
|
56
49
|
const encoder = new TextEncoder();
|
|
@@ -167,16 +160,16 @@ export function createAuthAgent(options) {
|
|
|
167
160
|
if (!client) {
|
|
168
161
|
throw new Error("Invalid client credentials");
|
|
169
162
|
}
|
|
170
|
-
const
|
|
171
|
-
|
|
172
|
-
|
|
163
|
+
const now = Math.floor(Date.now() / 1000);
|
|
164
|
+
const jwt = await signJwt({
|
|
165
|
+
sub: client.clientId,
|
|
166
|
+
name: client.name,
|
|
173
167
|
scopes: client.scopes,
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
};
|
|
177
|
-
await store.storeToken(token);
|
|
168
|
+
iat: now,
|
|
169
|
+
exp: now + tokenTtl,
|
|
170
|
+
}, client.clientSecretHash);
|
|
178
171
|
return {
|
|
179
|
-
accessToken:
|
|
172
|
+
accessToken: jwt,
|
|
180
173
|
tokenType: "bearer",
|
|
181
174
|
expiresIn: tokenTtl,
|
|
182
175
|
scopes: client.scopes,
|
package/dist/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEtD,OAAO,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AA8EnC,+CAA+C;AAC/C,uBAAuB;AACvB,+CAA+C;AAE/C,SAAS,UAAU,CAAC,MAAc;IAChC,MAAM,KAAK,GAAG,sCAAsC,CAAC;IACrD,IAAI,EAAE,GAAG,MAAM,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,KAAK,GACT,gEAAgE,CAAC;IACnE,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAID,+EAA+E;AAC/E,KAAK,UAAU,UAAU,CAAC,MAAc;IACtC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IACzD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;SACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB;IACnC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC9C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;IAE5C,OAAO;QACL,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc;YAC7C,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,YAAY,GAAG,cAAc,EAAE,CAAC;YACtC,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC;YAElD,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;gBACpB,QAAQ;gBACR,gBAAgB,EAAE,UAAU;gBAC5B,IAAI;gBACJ,MAAM;gBACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,cAAc;aACf,CAAC,CAAC;YAEH,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;QACpC,CAAC;QAED,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE,YAAY;YACzC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC;YACzB,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC;YAC5C,OAAO,IAAI,KAAK,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;QAC1D,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,QAAQ;YACtB,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;QACvC,CAAC;QAED,KAAK,CAAC,WAAW;YACf,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACtC,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,QAAQ;YACzB,yCAAyC;YACzC,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;gBACvC,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAChC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,QAAQ;YACzB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC;YACzB,MAAM,YAAY,GAAG,cAAc,EAAE,CAAC;YACtC,MAAM,CAAC,gBAAgB,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC;YACzD,OAAO,EAAE,YAAY,EAAE,CAAC;QAC1B,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,KAAK;YACpB,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACjC,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,WAAW;YAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACtC,IAAI,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAC;YACxB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;gBACjC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;gBAC3B,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,WAAW;YAC3B,OAAO,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACpC,CAAC;KACF,CAAC;AACJ,CAAC;AAuBD,+CAA+C;AAC/C,oBAAoB;AACpB,+CAA+C;AAE/C;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,OAA+B;IAM/B,MAAM,EACJ,OAAO,EACP,iBAAiB,GAAG,KAAK,EACzB,kBAAkB,EAClB,QAAQ,GAAG,IAAI,EACf,KAAK,GAAG,qBAAqB,EAAE,GAChC,GAAG,OAAO,CAAC;IAEZ,uBAAuB;IAEvB,MAAM,SAAS,GAAG,UAAU,CAAC;QAC3B,IAAI,EAAE,OAAO;QACb,WAAW,EACT,mFAAmF;QACrF,UAAU,EAAE,QAAQ;QACpB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,oBAAoB,CAAC;oBAC5B,WAAW,EAAE,2CAA2C;iBACzD;gBACD,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE;gBACtD,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;aAC/D;YACD,QAAQ,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,cAAc,CAAC;SACpD;QACD,OAAO,EAAE,KAAK,EAAE,KAIf,EAAE,EAAE;YACH,IAAI,KAAK,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;gBAC7C,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,cAAc,CACvC,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,YAAY,CACnB,CAAC;YACF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAChD,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,MAAM,GAAG,GAAG,MAAM,OAAO,CACvB;gBACE,GAAG,EAAE,MAAM,CAAC,QAAQ;gBACpB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,GAAG,EAAE,GAAG;gBACR,GAAG,EAAE,GAAG,GAAG,QAAQ;aACpB,EACD,MAAM,CAAC,gBAAgB,CACxB,CAAC;YAEF,OAAO;gBACL,WAAW,EAAE,GAAG;gBAChB,SAAS,EAAE,QAAQ;gBACnB,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,UAAU,CAAC;QAC5B,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,+CAA+C;QAC5D,UAAU,EAAE,QAAQ;QACpB,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE;QAC/C,OAAO,EAAE,KAAK,EAAE,MAAe,EAAE,GAAgB,EAAE,EAAE;YACnD,OAAO;gBACL,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,MAAM,EAAG,GAA2C,CAAC,MAAM,IAAI,EAAE;gBACjE,MAAM,EAAE,GAAG,CAAC,QAAQ,KAAK,MAAM;aAChC,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,+BAA+B;IAE/B,MAAM,YAAY,GAAG,UAAU,CAAC;QAC9B,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,4CAA4C;QACzD,UAAU,EAAE,QAAQ;QACpB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;gBAC7D,MAAM,EAAE;oBACN,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,kBAAkB;iBAChC;aACF;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB;QACD,OAAO,EAAE,KAAK,EAAE,KAA0C,EAAE,EAAE;YAC5D,IAAI,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC;YAEhC,gDAAgD;YAChD,IAAI,kBAAkB,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxD,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,KAAK,CAAC,YAAY,CACzD,KAAK,CAAC,IAAI,EACV,MAAM,EACN,IAAI,CACL,CAAC;YAEF,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;QAC5C,CAAC;KACF,CAAC,CAAC;IAEH,wCAAwC;IAExC,MAAM,gBAAgB,GAAG,UAAU,CAAC;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,uDAAuD;QACpE,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAE;gBACpD,MAAM,EAAE;oBACN,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,iBAAiB;iBAC/B;aACF;YACD,QAAQ,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC;SAC7B;QACD,OAAO,EAAE,KAAK,EAAE,KAAyC,EAAE,EAAE;YAC3D,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,KAAK,CAAC,YAAY,CACzD,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,MAAM,CACb,CAAC;YACF,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;QAC1D,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,UAAU,CAAC;QACjC,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,0CAA0C;QACvD,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE;QAC/C,OAAO,EAAE,KAAK,IAAI,EAAE;YAClB,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,CAAC;YAC1C,OAAO;gBACL,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAC3B,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,MAAM,EAAE,CAAC,CAAC,MAAM;oBAChB,SAAS,EAAE,CAAC,CAAC,SAAS;oBACtB,cAAc,EAAE,CAAC,CAAC,cAAc,IAAI,KAAK;iBAC1C,CAAC,CAAC;aACJ,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,UAAU,CAAC;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,iDAAiD;QAC9D,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;aACjE;YACD,QAAQ,EAAE,CAAC,UAAU,CAAC;SACvB;QACD,OAAO,EAAE,KAAK,EAAE,KAA2B,EAAE,EAAE;YAC7C,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACzD,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,UAAU,CAAC;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,uCAAuC;QACpD,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;aACjE;YACD,QAAQ,EAAE,CAAC,UAAU,CAAC;SACvB;QACD,OAAO,EAAE,KAAK,EAAE,KAA2B,EAAE,EAAE;YAC7C,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACxD,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpE,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,CAAC;QACzE,CAAC;KACF,CAAC,CAAC;IAEH,yBAAyB;IAEzB,MAAM,KAAK,GAAG;QACZ,SAAS;QACT,UAAU;QACV,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5C,gBAAgB;QAChB,eAAe;QACf,gBAAgB;QAChB,gBAAgB;KACjB,CAAC;IAEF,MAAM,KAAK,GAAG,WAAW,CAAC;QACxB,IAAI,EAAE,OAAO;QACb,UAAU,EACR,gGAAgG;QAClG,MAAM,EAAE;YACN,IAAI,EAAE,MAAM;YACZ,UAAU,EAAE,QAAQ;YACpB,WAAW,EAAE,+BAA+B;YAC5C,gBAAgB,EAAE,CAAC,cAAc,EAAE,gBAAgB,EAAE,MAAM,CAAC;SAC7D;QACD,KAAK,EAAE,KAAsC;QAC7C,UAAU,EAAE,QAAQ;KACrB,CAAC,CAAC;IAEH,iDAAiD;IACjD,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;QAC1B,WAAW,EAAE,KAAK;QAClB,SAAS,EAAE,OAAO;QAClB,UAAU,EAAE,QAAQ;KACrB,CAAC,CAAC;AACL,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -58,4 +58,8 @@ export { createAuthAgent, createMemoryAuthStore } from "./auth.js";
|
|
|
58
58
|
export type { AuthClient, AuthIdentity, AuthStore, AuthToken, CreateAuthAgentOptions, } from "./auth.js";
|
|
59
59
|
export { buildAgents } from "./build.js";
|
|
60
60
|
export type { BuildAgentsOptions, BuildAgentsResult } from "./build.js";
|
|
61
|
+
export { createInMemorySecretStore, isSecretRef, processSecretParams } from "./secrets.js";
|
|
62
|
+
export type { SecretStore } from "./secrets.js";
|
|
63
|
+
export { signJwt, verifyJwt } from "./jwt.js";
|
|
64
|
+
export type { JwtPayload } from "./jwt.js";
|
|
61
65
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAGH,YAAY,EACV,WAAW,EACX,WAAW,EACX,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,oBAAoB,EACpB,6BAA6B,EAC7B,8BAA8B,EAC9B,sBAAsB,EACtB,2BAA2B,EAC3B,4BAA4B,EAC5B,sBAAsB,EACtB,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,WAAW,EACX,aAAa,EACb,UAAU,EACV,YAAY,EACZ,cAAc,EACd,WAAW,EACX,WAAW,EACX,WAAW,EACX,cAAc,EACd,UAAU,EACV,oBAAoB,EACpB,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAGzE,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGnE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AACnE,YAAY,EACV,UAAU,EACV,YAAY,EACZ,SAAS,EACT,SAAS,EACT,sBAAsB,GACvB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAGH,YAAY,EACV,WAAW,EACX,WAAW,EACX,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,oBAAoB,EACpB,6BAA6B,EAC7B,8BAA8B,EAC9B,sBAAsB,EACtB,2BAA2B,EAC3B,4BAA4B,EAC5B,sBAAsB,EACtB,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,WAAW,EACX,aAAa,EACb,UAAU,EACV,YAAY,EACZ,cAAc,EACd,WAAW,EACX,WAAW,EACX,WAAW,EACX,cAAc,EACd,UAAU,EACV,oBAAoB,EACpB,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAGzE,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGnE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AACnE,YAAY,EACV,UAAU,EACV,YAAY,EACZ,SAAS,EACT,SAAS,EACT,sBAAsB,GACvB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAGxE,OAAO,EAAE,yBAAyB,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAC3F,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAGhD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAC9C,YAAY,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -57,4 +57,8 @@ export { createAgentServer } from "./server.js";
|
|
|
57
57
|
export { createAuthAgent, createMemoryAuthStore } from "./auth.js";
|
|
58
58
|
// Build
|
|
59
59
|
export { buildAgents } from "./build.js";
|
|
60
|
+
// Secrets
|
|
61
|
+
export { createInMemorySecretStore, isSecretRef, processSecretParams } from "./secrets.js";
|
|
62
|
+
// JWT
|
|
63
|
+
export { signJwt, verifyJwt } from "./jwt.js";
|
|
60
64
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAsCH,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGtD,WAAW;AACX,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAGpD,SAAS;AACT,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,OAAO;AACP,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AASnE,QAAQ;AACR,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAsCH,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGtD,WAAW;AACX,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAGpD,SAAS;AACT,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,OAAO;AACP,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AASnE,QAAQ;AACR,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGzC,UAAU;AACV,OAAO,EAAE,yBAAyB,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAG3F,MAAM;AACN,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC"}
|
package/dist/jwt.d.ts
ADDED
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* JWT utilities for auth tokens.
|
|
3
|
+
*
|
|
4
|
+
* Minimal JWT implementation using Web Crypto API (HMAC-SHA256).
|
|
5
|
+
* No external dependencies.
|
|
6
|
+
*/
|
|
7
|
+
/** JWT payload for auth tokens */
|
|
8
|
+
export interface JwtPayload {
|
|
9
|
+
/** Subject - the client ID */
|
|
10
|
+
sub: string;
|
|
11
|
+
/** Client name */
|
|
12
|
+
name: string;
|
|
13
|
+
/** Scopes */
|
|
14
|
+
scopes: string[];
|
|
15
|
+
/** Issued at (unix seconds) */
|
|
16
|
+
iat: number;
|
|
17
|
+
/** Expires at (unix seconds) */
|
|
18
|
+
exp: number;
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Sign a JWT with HMAC-SHA256.
|
|
22
|
+
*
|
|
23
|
+
* @param payload - JWT payload (client_id, scopes, etc.)
|
|
24
|
+
* @param secret - Signing secret (the client's secret hash)
|
|
25
|
+
* @returns Signed JWT string
|
|
26
|
+
*/
|
|
27
|
+
export declare function signJwt(payload: JwtPayload, secret: string): Promise<string>;
|
|
28
|
+
/**
|
|
29
|
+
* Verify and decode a JWT.
|
|
30
|
+
*
|
|
31
|
+
* @param token - JWT string
|
|
32
|
+
* @param secret - Signing secret to verify against
|
|
33
|
+
* @returns Decoded payload, or null if invalid/expired
|
|
34
|
+
*/
|
|
35
|
+
export declare function verifyJwt(token: string, secret: string): Promise<JwtPayload | null>;
|
|
36
|
+
//# sourceMappingURL=jwt.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA6CH,kCAAkC;AAClC,MAAM,WAAW,UAAU;IACzB,8BAA8B;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,+BAA+B;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,gCAAgC;IAChC,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;GAMG;AACH,wBAAsB,OAAO,CAC3B,OAAO,EAAE,UAAU,EACnB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAWjB;AAED;;;;;;GAMG;AACH,wBAAsB,SAAS,CAC7B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAyB5B"}
|
package/dist/jwt.js
ADDED
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* JWT utilities for auth tokens.
|
|
3
|
+
*
|
|
4
|
+
* Minimal JWT implementation using Web Crypto API (HMAC-SHA256).
|
|
5
|
+
* No external dependencies.
|
|
6
|
+
*/
|
|
7
|
+
const encoder = new TextEncoder();
|
|
8
|
+
function base64UrlEncode(data) {
|
|
9
|
+
const str = btoa(String.fromCharCode(...data));
|
|
10
|
+
return str.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
11
|
+
}
|
|
12
|
+
function base64UrlDecode(str) {
|
|
13
|
+
const padded = str.replace(/-/g, "+").replace(/_/g, "/");
|
|
14
|
+
const binary = atob(padded);
|
|
15
|
+
return Uint8Array.from(binary, (c) => c.charCodeAt(0));
|
|
16
|
+
}
|
|
17
|
+
async function hmacSign(data, secret) {
|
|
18
|
+
const key = await crypto.subtle.importKey("raw", encoder.encode(secret), { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
|
|
19
|
+
const sig = await crypto.subtle.sign("HMAC", key, encoder.encode(data));
|
|
20
|
+
return new Uint8Array(sig);
|
|
21
|
+
}
|
|
22
|
+
async function hmacVerify(data, signature, secret) {
|
|
23
|
+
const key = await crypto.subtle.importKey("raw", encoder.encode(secret), { name: "HMAC", hash: "SHA-256" }, false, ["verify"]);
|
|
24
|
+
return crypto.subtle.verify("HMAC", key, signature.buffer, encoder.encode(data));
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Sign a JWT with HMAC-SHA256.
|
|
28
|
+
*
|
|
29
|
+
* @param payload - JWT payload (client_id, scopes, etc.)
|
|
30
|
+
* @param secret - Signing secret (the client's secret hash)
|
|
31
|
+
* @returns Signed JWT string
|
|
32
|
+
*/
|
|
33
|
+
export async function signJwt(payload, secret) {
|
|
34
|
+
const header = { alg: "HS256", typ: "JWT" };
|
|
35
|
+
const headerB64 = base64UrlEncode(encoder.encode(JSON.stringify(header)));
|
|
36
|
+
const payloadB64 = base64UrlEncode(encoder.encode(JSON.stringify(payload)));
|
|
37
|
+
const signingInput = `${headerB64}.${payloadB64}`;
|
|
38
|
+
const signature = await hmacSign(signingInput, secret);
|
|
39
|
+
const signatureB64 = base64UrlEncode(signature);
|
|
40
|
+
return `${signingInput}.${signatureB64}`;
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Verify and decode a JWT.
|
|
44
|
+
*
|
|
45
|
+
* @param token - JWT string
|
|
46
|
+
* @param secret - Signing secret to verify against
|
|
47
|
+
* @returns Decoded payload, or null if invalid/expired
|
|
48
|
+
*/
|
|
49
|
+
export async function verifyJwt(token, secret) {
|
|
50
|
+
const parts = token.split(".");
|
|
51
|
+
if (parts.length !== 3)
|
|
52
|
+
return null;
|
|
53
|
+
const [headerB64, payloadB64, signatureB64] = parts;
|
|
54
|
+
const signingInput = `${headerB64}.${payloadB64}`;
|
|
55
|
+
try {
|
|
56
|
+
const signature = base64UrlDecode(signatureB64);
|
|
57
|
+
const valid = await hmacVerify(signingInput, signature, secret);
|
|
58
|
+
if (!valid)
|
|
59
|
+
return null;
|
|
60
|
+
const payload = JSON.parse(new TextDecoder().decode(base64UrlDecode(payloadB64)));
|
|
61
|
+
// Check expiration
|
|
62
|
+
if (payload.exp && payload.exp < Date.now() / 1000) {
|
|
63
|
+
return null;
|
|
64
|
+
}
|
|
65
|
+
return payload;
|
|
66
|
+
}
|
|
67
|
+
catch {
|
|
68
|
+
return null;
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
//# sourceMappingURL=jwt.js.map
|
package/dist/jwt.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,SAAS,eAAe,CAAC,IAAgB;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IAC/C,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,KAAK,UAAU,QAAQ,CACrB,IAAY,EACZ,MAAc;IAEd,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACxE,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,IAAY,EACZ,SAAqB,EACrB,MAAc;IAEd,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;IACF,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,CAAC,MAAqB,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAClG,CAAC;AAgBD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,OAAmB,EACnB,MAAc;IAEd,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IAE5C,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAElD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAEhD,OAAO,GAAG,YAAY,IAAI,YAAY,EAAE,CAAC;AAC3C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,MAAc;IAEd,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEpC,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,KAAK,CAAC;IACpD,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAElD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;QAChD,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QAChE,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CACxC,CAAC;QAEhB,mBAAmB;QACnB,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Secrets - encrypted secret storage and resolution for tool params.
|
|
3
|
+
*
|
|
4
|
+
* Secrets are stored encrypted and referenced via `secret:<id>` strings.
|
|
5
|
+
* The SDK automatically:
|
|
6
|
+
* - Resolves `secret:xxx` refs in tool params before execution
|
|
7
|
+
* - Stores raw values in `secret: true` schema fields and replaces with refs
|
|
8
|
+
* - Redacts secrets from tool results in LLM context
|
|
9
|
+
*/
|
|
10
|
+
export interface SecretStore {
|
|
11
|
+
/** Store a secret value. Returns the secret ref (e.g., "secret:abc123"). */
|
|
12
|
+
store(value: string, ownerId: string): Promise<string>;
|
|
13
|
+
/** Resolve a secret ref to its value. Returns null if not found or unauthorized. */
|
|
14
|
+
resolve(ref: string, ownerId: string): Promise<string | null>;
|
|
15
|
+
/** Delete a secret. */
|
|
16
|
+
delete(ref: string, ownerId: string): Promise<boolean>;
|
|
17
|
+
}
|
|
18
|
+
export declare function isSecretRef(value: unknown): value is string;
|
|
19
|
+
export declare function getSecretId(ref: string): string;
|
|
20
|
+
export declare function makeSecretRef(id: string): string;
|
|
21
|
+
export declare function createInMemorySecretStore(): SecretStore;
|
|
22
|
+
interface SchemaProperty {
|
|
23
|
+
type?: string;
|
|
24
|
+
secret?: boolean;
|
|
25
|
+
properties?: Record<string, SchemaProperty>;
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Walk tool params, resolve `secret:xxx` refs and store raw secret values.
|
|
29
|
+
*
|
|
30
|
+
* - If a param value is `secret:xxx`, resolve it from the store.
|
|
31
|
+
* - If a param has `secret: true` in schema and value is a raw string,
|
|
32
|
+
* store it and replace with a ref (for logging/context).
|
|
33
|
+
*
|
|
34
|
+
* Returns: { resolved: params with real values for tool execution,
|
|
35
|
+
* redacted: params with refs for logging }
|
|
36
|
+
*/
|
|
37
|
+
export declare function processSecretParams(params: Record<string, unknown>, schema: {
|
|
38
|
+
properties?: Record<string, SchemaProperty>;
|
|
39
|
+
} | undefined, secretStore: SecretStore, ownerId: string): Promise<{
|
|
40
|
+
resolved: Record<string, unknown>;
|
|
41
|
+
redacted: Record<string, unknown>;
|
|
42
|
+
}>;
|
|
43
|
+
export {};
|
|
44
|
+
//# sourceMappingURL=secrets.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../src/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAOH,MAAM,WAAW,WAAW;IAC1B,4EAA4E;IAC5E,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvD,oFAAoF;IACpF,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAE9D,uBAAuB;IACvB,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACxD;AAQD,wBAAgB,WAAW,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,MAAM,CAE3D;AAED,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAEhD;AAaD,wBAAgB,yBAAyB,IAAI,WAAW,CAyBvD;AAMD,UAAU,cAAc;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CAC7C;AAED;;;;;;;;;GASG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,MAAM,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;CAAE,GAAG,SAAS,EACnE,WAAW,EAAE,WAAW,EACxB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,CAAC,CA8CnF"}
|
package/dist/secrets.js
ADDED
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Secrets - encrypted secret storage and resolution for tool params.
|
|
3
|
+
*
|
|
4
|
+
* Secrets are stored encrypted and referenced via `secret:<id>` strings.
|
|
5
|
+
* The SDK automatically:
|
|
6
|
+
* - Resolves `secret:xxx` refs in tool params before execution
|
|
7
|
+
* - Stores raw values in `secret: true` schema fields and replaces with refs
|
|
8
|
+
* - Redacts secrets from tool results in LLM context
|
|
9
|
+
*/
|
|
10
|
+
// ============================================
|
|
11
|
+
// Secret Ref Helpers
|
|
12
|
+
// ============================================
|
|
13
|
+
const SECRET_PREFIX = "secret:";
|
|
14
|
+
export function isSecretRef(value) {
|
|
15
|
+
return typeof value === "string" && value.startsWith(SECRET_PREFIX);
|
|
16
|
+
}
|
|
17
|
+
export function getSecretId(ref) {
|
|
18
|
+
return ref.slice(SECRET_PREFIX.length);
|
|
19
|
+
}
|
|
20
|
+
export function makeSecretRef(id) {
|
|
21
|
+
return `${SECRET_PREFIX}${id}`;
|
|
22
|
+
}
|
|
23
|
+
function randomSecretId() {
|
|
24
|
+
const chars = "abcdefghijklmnopqrstuvwxyz0123456789";
|
|
25
|
+
let id = "";
|
|
26
|
+
for (let i = 0; i < 24; i++)
|
|
27
|
+
id += chars[Math.floor(Math.random() * chars.length)];
|
|
28
|
+
return id;
|
|
29
|
+
}
|
|
30
|
+
// ============================================
|
|
31
|
+
// In-Memory SecretStore (default)
|
|
32
|
+
// ============================================
|
|
33
|
+
export function createInMemorySecretStore() {
|
|
34
|
+
const secrets = new Map();
|
|
35
|
+
return {
|
|
36
|
+
async store(value, ownerId) {
|
|
37
|
+
const id = randomSecretId();
|
|
38
|
+
secrets.set(id, { value, ownerId });
|
|
39
|
+
return makeSecretRef(id);
|
|
40
|
+
},
|
|
41
|
+
async resolve(ref, ownerId) {
|
|
42
|
+
const id = getSecretId(ref);
|
|
43
|
+
const entry = secrets.get(id);
|
|
44
|
+
if (!entry || entry.ownerId !== ownerId)
|
|
45
|
+
return null;
|
|
46
|
+
return entry.value;
|
|
47
|
+
},
|
|
48
|
+
async delete(ref, ownerId) {
|
|
49
|
+
const id = getSecretId(ref);
|
|
50
|
+
const entry = secrets.get(id);
|
|
51
|
+
if (!entry || entry.ownerId !== ownerId)
|
|
52
|
+
return false;
|
|
53
|
+
secrets.delete(id);
|
|
54
|
+
return true;
|
|
55
|
+
},
|
|
56
|
+
};
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Walk tool params, resolve `secret:xxx` refs and store raw secret values.
|
|
60
|
+
*
|
|
61
|
+
* - If a param value is `secret:xxx`, resolve it from the store.
|
|
62
|
+
* - If a param has `secret: true` in schema and value is a raw string,
|
|
63
|
+
* store it and replace with a ref (for logging/context).
|
|
64
|
+
*
|
|
65
|
+
* Returns: { resolved: params with real values for tool execution,
|
|
66
|
+
* redacted: params with refs for logging }
|
|
67
|
+
*/
|
|
68
|
+
export async function processSecretParams(params, schema, secretStore, ownerId) {
|
|
69
|
+
const resolved = { ...params };
|
|
70
|
+
const redacted = { ...params };
|
|
71
|
+
if (!schema?.properties)
|
|
72
|
+
return { resolved, redacted };
|
|
73
|
+
for (const [key, schemaProp] of Object.entries(schema.properties)) {
|
|
74
|
+
const value = params[key];
|
|
75
|
+
if (value === undefined || value === null)
|
|
76
|
+
continue;
|
|
77
|
+
// Recurse into nested objects
|
|
78
|
+
if (schemaProp.type === "object" && typeof value === "object" && !Array.isArray(value)) {
|
|
79
|
+
const nested = await processSecretParams(value, schemaProp, secretStore, ownerId);
|
|
80
|
+
resolved[key] = nested.resolved;
|
|
81
|
+
redacted[key] = nested.redacted;
|
|
82
|
+
continue;
|
|
83
|
+
}
|
|
84
|
+
if (typeof value !== "string")
|
|
85
|
+
continue;
|
|
86
|
+
// Case 1: Value is already a secret ref - resolve it
|
|
87
|
+
if (isSecretRef(value)) {
|
|
88
|
+
const realValue = await secretStore.resolve(value, ownerId);
|
|
89
|
+
if (realValue === null) {
|
|
90
|
+
throw new Error(`Secret not found or unauthorized: ${value}`);
|
|
91
|
+
}
|
|
92
|
+
resolved[key] = realValue;
|
|
93
|
+
redacted[key] = value; // keep the ref in redacted version
|
|
94
|
+
continue;
|
|
95
|
+
}
|
|
96
|
+
// Case 2: Schema says this field is secret + value is raw - store it
|
|
97
|
+
if (schemaProp.secret && value.length > 0) {
|
|
98
|
+
const ref = await secretStore.store(value, ownerId);
|
|
99
|
+
resolved[key] = value; // tool gets the real value
|
|
100
|
+
redacted[key] = ref; // logs/context get the ref
|
|
101
|
+
continue;
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
return { resolved, redacted };
|
|
105
|
+
}
|
|
106
|
+
//# sourceMappingURL=secrets.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../src/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAkBH,+CAA+C;AAC/C,qBAAqB;AACrB,+CAA+C;AAE/C,MAAM,aAAa,GAAG,SAAS,CAAC;AAEhC,MAAM,UAAU,WAAW,CAAC,KAAc;IACxC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,OAAO,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,EAAU;IACtC,OAAO,GAAG,aAAa,GAAG,EAAE,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,KAAK,GAAG,sCAAsC,CAAC;IACrD,IAAI,EAAE,GAAG,EAAE,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;QAAE,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACnF,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,+CAA+C;AAC/C,kCAAkC;AAClC,+CAA+C;AAE/C,MAAM,UAAU,yBAAyB;IACvC,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8C,CAAC;IAEtE,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO;YACxB,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YACpC,OAAO,aAAa,CAAC,EAAE,CAAC,CAAC;QAC3B,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO;YACxB,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YACrD,OAAO,KAAK,CAAC,KAAK,CAAC;QACrB,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO;YACvB,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;gBAAE,OAAO,KAAK,CAAC;YACtD,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC;AAYD;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAA+B,EAC/B,MAAmE,EACnE,WAAwB,EACxB,OAAe;IAEf,MAAM,QAAQ,GAA4B,EAAE,GAAG,MAAM,EAAE,CAAC;IACxD,MAAM,QAAQ,GAA4B,EAAE,GAAG,MAAM,EAAE,CAAC;IAExD,IAAI,CAAC,MAAM,EAAE,UAAU;QAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;IAEvD,KAAK,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QAClE,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI;YAAE,SAAS;QAEpD,8BAA8B;QAC9B,IAAI,UAAU,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACvF,MAAM,MAAM,GAAG,MAAM,mBAAmB,CACtC,KAAgC,EAChC,UAAU,EACV,WAAW,EACX,OAAO,CACR,CAAC;YACF,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC;YAChC,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC;YAChC,SAAS;QACX,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,SAAS;QAExC,qDAAqD;QACrD,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAC5D,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,qCAAqC,KAAK,EAAE,CAAC,CAAC;YAChE,CAAC;YACD,QAAQ,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;YAC1B,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,mCAAmC;YAC1D,SAAS;QACX,CAAC;QAED,qEAAqE;QACrE,IAAI,UAAU,CAAC,MAAM,IAAK,KAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YACpD,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,2BAA2B;YAClD,QAAQ,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAG,2BAA2B;YAClD,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AAChC,CAAC"}
|
package/dist/server.d.ts
CHANGED
|
@@ -25,6 +25,7 @@
|
|
|
25
25
|
* - Recognizes the root key for admin access
|
|
26
26
|
*/
|
|
27
27
|
import type { AgentRegistry } from "./registry.js";
|
|
28
|
+
import { type SecretStore } from "./secrets.js";
|
|
28
29
|
export interface AgentServerOptions {
|
|
29
30
|
/** Port to listen on (default: 3000) */
|
|
30
31
|
port?: number;
|
|
@@ -38,6 +39,8 @@ export interface AgentServerOptions {
|
|
|
38
39
|
serverName?: string;
|
|
39
40
|
/** Server version reported in MCP initialize (default: '1.0.0') */
|
|
40
41
|
serverVersion?: string;
|
|
42
|
+
/** Secret store for handling secret: refs in tool params */
|
|
43
|
+
secretStore?: SecretStore;
|
|
41
44
|
}
|
|
42
45
|
export interface AgentServer {
|
|
43
46
|
/** Start the server */
|
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD,OAAO,EAAE,KAAK,WAAW,EAAkD,MAAM,cAAc,CAAC;AAMhG,MAAM,WAAW,kBAAkB;IACjC,wCAAwC;IACxC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,iDAAiD;IACjD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,4CAA4C;IAC5C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,qEAAqE;IACrE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mEAAmE;IACnE,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,4DAA4D;IAC5D,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED,MAAM,WAAW,WAAW;IAC1B,uBAAuB;IACvB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,sBAAsB;IACtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACtB,iDAAiD;IACjD,KAAK,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvC,sDAAsD;IACtD,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;CACpB;AAoOD,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,aAAa,EACvB,OAAO,GAAE,kBAAuB,GAC/B,WAAW,CAiVb"}
|
package/dist/server.js
CHANGED
|
@@ -24,6 +24,8 @@
|
|
|
24
24
|
* - Populates caller context from headers (X-Atlas-Actor-Id, etc.)
|
|
25
25
|
* - Recognizes the root key for admin access
|
|
26
26
|
*/
|
|
27
|
+
import { verifyJwt } from "./jwt.js";
|
|
28
|
+
import { createInMemorySecretStore, processSecretParams } from "./secrets.js";
|
|
27
29
|
// ============================================
|
|
28
30
|
// Helpers
|
|
29
31
|
// ============================================
|
|
@@ -81,6 +83,37 @@ async function resolveAuth(req, authConfig) {
|
|
|
81
83
|
if (credential === authConfig.rootKey) {
|
|
82
84
|
return { callerId: "root", callerType: "system", scopes: ["*"], isRoot: true };
|
|
83
85
|
}
|
|
86
|
+
// Try JWT verification first (stateless)
|
|
87
|
+
// JWT is signed with the client's secret hash
|
|
88
|
+
// Decode payload to get client_id, look up client, verify signature
|
|
89
|
+
const parts = credential.split(".");
|
|
90
|
+
if (parts.length === 3) {
|
|
91
|
+
// Looks like a JWT - decode payload to get client_id
|
|
92
|
+
try {
|
|
93
|
+
const payloadB64 = parts[1];
|
|
94
|
+
const padded = payloadB64.replace(/-/g, "+").replace(/_/g, "/");
|
|
95
|
+
const payload = JSON.parse(atob(padded));
|
|
96
|
+
if (payload.sub) {
|
|
97
|
+
// Look up client to get the signing secret (secret hash)
|
|
98
|
+
const client = await authConfig.store.getClient(payload.sub);
|
|
99
|
+
if (client) {
|
|
100
|
+
const verified = await verifyJwt(credential, client.clientSecretHash);
|
|
101
|
+
if (verified) {
|
|
102
|
+
return {
|
|
103
|
+
callerId: verified.name || client.name,
|
|
104
|
+
callerType: "agent",
|
|
105
|
+
scopes: verified.scopes,
|
|
106
|
+
isRoot: false,
|
|
107
|
+
};
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
catch {
|
|
113
|
+
// Not a valid JWT, fall through to legacy token validation
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
// Legacy: opaque token validation (backwards compat)
|
|
84
117
|
const token = await authConfig.store.validateToken(credential);
|
|
85
118
|
if (!token)
|
|
86
119
|
return null;
|
|
@@ -156,7 +189,7 @@ function getToolDefinitions() {
|
|
|
156
189
|
// Create Server
|
|
157
190
|
// ============================================
|
|
158
191
|
export function createAgentServer(registry, options = {}) {
|
|
159
|
-
const { port = 3000, hostname = "localhost", basePath = "", cors = true, serverName = "agents-sdk", serverVersion = "1.0.0", } = options;
|
|
192
|
+
const { port = 3000, hostname = "localhost", basePath = "", cors = true, serverName = "agents-sdk", serverVersion = "1.0.0", secretStore = createInMemorySecretStore(), } = options;
|
|
160
193
|
let serverInstance = null;
|
|
161
194
|
let serverUrl = null;
|
|
162
195
|
const authConfig = detectAuth(registry);
|
|
@@ -214,6 +247,16 @@ export function createAgentServer(registry, options = {}) {
|
|
|
214
247
|
if (auth?.isRoot) {
|
|
215
248
|
req.callerType = "system";
|
|
216
249
|
}
|
|
250
|
+
// Process secret params: resolve refs, store raw secrets
|
|
251
|
+
if (req.params && secretStore) {
|
|
252
|
+
const ownerId = auth?.callerId ?? "anonymous";
|
|
253
|
+
// Find the tool schema to check for secret: true fields
|
|
254
|
+
const agent = registry.get(req.path);
|
|
255
|
+
const tool = agent?.tools.find((t) => t.name === req.tool);
|
|
256
|
+
const schema = tool?.inputSchema;
|
|
257
|
+
const { resolved } = await processSecretParams(req.params, schema, secretStore, ownerId);
|
|
258
|
+
req.params = resolved;
|
|
259
|
+
}
|
|
217
260
|
const result = await registry.call(req);
|
|
218
261
|
return mcpResult(result);
|
|
219
262
|
}
|
package/dist/server.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAuEH,+CAA+C;AAC/C,UAAU;AACV,+CAA+C;AAE/C,SAAS,YAAY,CAAC,IAAa,EAAE,MAAM,GAAG,GAAG;IAC/C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW;IAClB,OAAO;QACL,6BAA6B,EAAE,GAAG;QAClC,8BAA8B,EAAE,oBAAoB;QACpD,8BAA8B,EAC5B,qFAAqF;KACxF,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,EAAW,EAAE,MAAe;IAClD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,YAAY,CACnB,EAAW,EACX,IAAY,EACZ,OAAe,EACf,IAAc;IAEd,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,KAAK,SAAS,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;AAC/F,CAAC;AAED,8CAA8C;AAC9C,SAAS,SAAS,CAAC,KAAc,EAAE,OAAO,GAAG,KAAK;IAChD,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;aACzE;SACF;QACD,GAAG,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,+CAA+C;AAC/C,iBAAiB;AACjB,+CAA+C;AAE/C,SAAS,UAAU,CAAC,QAAuB;IACzC,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAMzB,CAAC;IAEd,IAAI,CAAC,SAAS,EAAE,WAAW,IAAI,CAAC,SAAS,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAEjE,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,WAAW;QAC5B,OAAO,EAAE,SAAS,CAAC,SAAS;QAC5B,QAAQ,EAAE,SAAS,CAAC,UAAU,IAAI,IAAI;KACvC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,GAAY,EACZ,UAAsB;IAEtB,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAE7B,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACtD,IAAI,MAAM,EAAE,WAAW,EAAE,KAAK,QAAQ,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAEnE,IAAI,UAAU,KAAK,UAAU,CAAC,OAAO,EAAE,CAAC;QACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACjF,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IAC/D,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAChE,OAAO;QACL,QAAQ,EAAE,MAAM,EAAE,IAAI,IAAI,KAAK,CAAC,QAAQ;QACxC,UAAU,EAAE,OAAO;QACnB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,MAAM,EAAE,KAAK;KACd,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,KAAsB,EAAE,IAAyB;IACpE,MAAM,UAAU,GAAG,CAAE,KAAa,CAAC,UAAU,IAAI,KAAK,CAAC,MAAM,EAAE,UAAU,IAAI,UAAU,CAAe,CAAC;IACvG,IAAI,IAAI,EAAE,MAAM;QAAE,OAAO,IAAI,CAAC;IAC9B,IAAI,UAAU,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACzC,IAAI,UAAU,KAAK,UAAU,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IACnD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+CAA+C;AAC/C,uBAAuB;AACvB,+CAA+C;AAE/C,SAAS,kBAAkB;IACzB,OAAO;QACL;YACE,IAAI,EAAE,YAAY;YAClB,WAAW,EACT,6EAA6E;YAC/E,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,OAAO,EAAE;wBACP,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,kBAAkB;wBAC/B,UAAU,EAAE;4BACV,MAAM,EAAE;gCACN,IAAI,EAAE,QAAQ;gCACd,IAAI,EAAE,CAAC,cAAc,EAAE,gBAAgB,EAAE,MAAM,CAAC;gCAChD,WAAW,EAAE,mBAAmB;6BACjC;4BACD,IAAI,EAAE;gCACJ,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,+BAA+B;6BAC7C;4BACD,IAAI,EAAE;gCACJ,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,sCAAsC;6BACpD;4BACD,MAAM,EAAE;gCACN,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,yBAAyB;gCACtC,oBAAoB,EAAE,IAAI;6BAC3B;yBACF;wBACD,QAAQ,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC;qBAC7B;iBACF;gBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;aACtB;SACF;QACD;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,uDAAuD;YACpE,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE,EAAE;aACf;SACF;KACF,CAAC;AACJ,CAAC;AAED,+CAA+C;AAC/C,gBAAgB;AAChB,+CAA+C;AAE/C,MAAM,UAAU,iBAAiB,CAC/B,QAAuB,EACvB,UAA8B,EAAE;IAEhC,MAAM,EACJ,IAAI,GAAG,IAAI,EACX,QAAQ,GAAG,WAAW,EACtB,QAAQ,GAAG,EAAE,EACb,IAAI,GAAG,IAAI,EACX,UAAU,GAAG,YAAY,EACzB,aAAa,GAAG,OAAO,GACxB,GAAG,OAAO,CAAC;IAEZ,IAAI,cAAc,GAAwC,IAAI,CAAC;IAC/D,IAAI,SAAS,GAAkB,IAAI,CAAC;IAEpC,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAExC,6CAA6C;IAC7C,uBAAuB;IACvB,6CAA6C;IAE7C,KAAK,UAAU,aAAa,CAC1B,OAAuB,EACvB,IAAyB;QAEzB,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;YACvB,yBAAyB;YACzB,KAAK,YAAY;gBACf,OAAO,cAAc,CAAC,OAAO,CAAC,EAAE,EAAE;oBAChC,eAAe,EAAE,YAAY;oBAC7B,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;oBAC3B,UAAU,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,EAAE;iBACzD,CAAC,CAAC;YAEL,KAAK,2BAA2B;gBAC9B,OAAO,cAAc,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;YAExC,iBAAiB;YACjB,KAAK,YAAY;gBACf,OAAO,cAAc,CAAC,OAAO,CAAC,EAAE,EAAE;oBAChC,KAAK,EAAE,kBAAkB,EAAE;iBAC5B,CAAC,CAAC;YAEL,mBAAmB;YACnB,KAAK,YAAY,CAAC,CAAC,CAAC;gBAClB,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAGtD,CAAC;gBAEF,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,IAAI,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;oBAC5D,OAAO,cAAc,CAAC,OAAO,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;gBAC5C,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACjB,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;oBAC1C,OAAO,cAAc,CACnB,OAAO,CAAC,EAAE,EACV,SAAS,CACP,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAC5D,IAAI,CACL,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED;gBACE,OAAO,YAAY,CACjB,OAAO,CAAC,EAAE,EACV,CAAC,KAAK,EACN,qBAAqB,OAAO,CAAC,MAAM,EAAE,CACtC,CAAC;QACN,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,2BAA2B;IAC3B,6CAA6C;IAE7C,KAAK,UAAU,cAAc,CAC3B,QAAgB,EAChB,IAA6B,EAC7B,IAAyB;QAEzB,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,YAAY,CAAC,CAAC,CAAC;gBAClB,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAqB,CAAC;gBAEvD,sBAAsB;gBACtB,IAAI,IAAI,EAAE,CAAC;oBACT,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;oBAC7B,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;oBACjC,IAAI,CAAC,GAAG,CAAC,QAAQ;wBAAE,GAAG,CAAC,QAAQ,GAAG,EAAE,CAAC;oBACrC,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;oBAClC,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBACpC,CAAC;gBACD,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC;oBACjB,GAAG,CAAC,UAAU,GAAG,QAAQ,CAAC;gBAC5B,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACxC,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC;YAC3B,CAAC;YAED,KAAK,aAAa,CAAC,CAAC,CAAC;gBACnB,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;gBAEnE,OAAO,SAAS,CAAC;oBACf,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;wBAC9B,IAAI,EAAE,KAAK,CAAC,IAAI;wBAChB,IAAI,EAAE,KAAK,CAAC,MAAM,EAAE,IAAI;wBACxB,WAAW,EAAE,KAAK,CAAC,MAAM,EAAE,WAAW;wBACtC,gBAAgB,EAAE,KAAK,CAAC,MAAM,EAAE,gBAAgB;wBAChD,KAAK,EAAE,KAAK,CAAC,KAAK;6BACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;4BACZ,MAAM,EAAE,GAAG,CAAC,CAAC,UAAU,IAAI,UAAU,CAAC;4BACtC,IAAI,IAAI,EAAE,MAAM;gCAAE,OAAO,IAAI,CAAC;4BAC9B,IAAI,EAAE,KAAK,QAAQ;gCAAE,OAAO,IAAI,CAAC;4BACjC,IAAI,EAAE,KAAK,UAAU,IAAI,IAAI;gCAAE,OAAO,IAAI,CAAC;4BAC3C,OAAO,KAAK,CAAC;wBACf,CAAC,CAAC;6BACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;qBACtB,CAAC,CAAC;iBACJ,CAAC,CAAC;YACL,CAAC;YAED;gBACE,MAAM,IAAI,KAAK,CAAC,iBAAiB,QAAQ,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,mCAAmC;IACnC,6CAA6C;IAE7C,KAAK,UAAU,gBAAgB,CAAC,GAAY;QAC1C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QAC1D,IAAI,SAAiB,CAAC;QACtB,IAAI,QAAgB,CAAC;QACrB,IAAI,YAAoB,CAAC;QAEzB,IAAI,WAAW,CAAC,QAAQ,CAAC,mCAAmC,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC;YACzC,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YAC3C,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACzC,YAAY,GAAG,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2B,CAAC;YAC1D,SAAS,GAAG,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;YAClC,QAAQ,GAAG,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC;YAChC,YAAY,GAAG,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;QAC1C,CAAC;QAED,IAAI,SAAS,KAAK,oBAAoB,EAAE,CAAC;YACvC,OAAO,YAAY,CACjB,EAAE,KAAK,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,sCAAsC,EAAE,EAC9F,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;YAC/B,OAAO,YAAY,CACjB,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,oCAAoC,EAAE,EACrF,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAC7E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,YAAY,CACjB,EAAE,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,EAC5E,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3F,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC;YAChC,KAAK,EAAE,WAAW;YAClB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,GAAG;YACb,SAAS,EAAE,GAAG,GAAG,UAAU,CAAC,QAAQ,GAAG,IAAI;SAC5C,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC;YAClB,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,UAAU,CAAC,QAAQ;YAC/B,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,uBAAuB;IACvB,8CAA8C;IAE9C,KAAK,UAAU,KAAK,CAAC,GAAY;QAC/B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC;QAEvD,iBAAiB;QACjB,IAAI,IAAI,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACrC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,QAAkB,EAAY,EAAE;YAC/C,IAAI,CAAC,IAAI;gBAAE,OAAO,QAAQ,CAAC;YAC3B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBACzD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC1B,CAAC;YACD,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;gBACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,OAAO;aACR,CAAC,CAAC;QACL,CAAC,CAAC;QAEF,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,MAAM,WAAW,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEpE,IAAI,CAAC;YACH,oCAAoC;YACpC,IAAI,CAAC,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC/D,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAmB,CAAC;gBAClD,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBACjD,OAAO,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;YACzC,CAAC;YAED,wBAAwB;YACxB,IAAI,IAAI,KAAK,cAAc,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBACrD,OAAO,OAAO,CAAC,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9C,CAAC;YAED,eAAe;YACf,IAAI,IAAI,KAAK,SAAS,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC/C,OAAO,OAAO,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;YACjD,CAAC;YAED,wDAAwD;YACxD,IAAI,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC7C,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;gBACnE,OAAO,OAAO,CACZ,YAAY,CAAC;oBACX,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;wBAC9B,IAAI,EAAE,KAAK,CAAC,IAAI;wBAChB,IAAI,EAAE,KAAK,CAAC,MAAM,EAAE,IAAI;wBACxB,WAAW,EAAE,KAAK,CAAC,MAAM,EAAE,WAAW;wBACtC,gBAAgB,EAAE,KAAK,CAAC,MAAM,EAAE,gBAAgB;wBAChD,KAAK,EAAE,KAAK,CAAC,KAAK;6BACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;4BACZ,MAAM,EAAE,GAAG,CAAC,CAAC,UAAU,IAAI,UAAU,CAAC;4BACtC,IAAI,IAAI,EAAE,MAAM;gCAAE,OAAO,IAAI,CAAC;4BAC9B,IAAI,EAAE,KAAK,QAAQ;gCAAE,OAAO,IAAI,CAAC;4BACjC,IAAI,EAAE,KAAK,UAAU,IAAI,IAAI;gCAAE,OAAO,IAAI,CAAC;4BAC3C,OAAO,KAAK,CAAC;wBACf,CAAC,CAAC;6BACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;qBACtB,CAAC,CAAC;iBACJ,CAAC,CACH,CAAC;YACJ,CAAC;YAED,OAAO,OAAO,CAAC,YAAY,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,cAAc,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;QACxI,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;YAC9C,OAAO,OAAO,CACZ,YAAY,CACV,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,gBAAgB,EAAE,EAAE,EAChF,GAAG,CACJ,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,mBAAmB;IACnB,6CAA6C;IAE7C,MAAM,MAAM,GAAgB;QAC1B,KAAK,CAAC,KAAK;YACT,IAAI,cAAc;gBAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAEjE,cAAc,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;YACtD,SAAS,GAAG,UAAU,QAAQ,IAAI,IAAI,GAAG,QAAQ,EAAE,CAAC;YAEpD,OAAO,CAAC,GAAG,CAAC,2BAA2B,SAAS,EAAE,CAAC,CAAC;YACpD,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;YACpD,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;YAC7C,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACjC,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;QACtD,CAAC;QAED,KAAK,CAAC,IAAI;YACR,IAAI,cAAc,EAAE,CAAC;gBACnB,cAAc,CAAC,IAAI,EAAE,CAAC;gBACtB,cAAc,GAAG,IAAI,CAAC;gBACtB,SAAS,GAAG,IAAI,CAAC;YACnB,CAAC;QACH,CAAC;QAED,KAAK;QAEL,IAAI,GAAG;YACL,OAAO,SAAS,CAAC;QACnB,CAAC;KACF,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAKH,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,EAAoB,yBAAyB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAsEhG,+CAA+C;AAC/C,UAAU;AACV,+CAA+C;AAE/C,SAAS,YAAY,CAAC,IAAa,EAAE,MAAM,GAAG,GAAG;IAC/C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KAChD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW;IAClB,OAAO;QACL,6BAA6B,EAAE,GAAG;QAClC,8BAA8B,EAAE,oBAAoB;QACpD,8BAA8B,EAC5B,qFAAqF;KACxF,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,EAAW,EAAE,MAAe;IAClD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,YAAY,CACnB,EAAW,EACX,IAAY,EACZ,OAAe,EACf,IAAc;IAEd,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,KAAK,SAAS,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;AAC/F,CAAC;AAED,8CAA8C;AAC9C,SAAS,SAAS,CAAC,KAAc,EAAE,OAAO,GAAG,KAAK;IAChD,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;aACzE;SACF;QACD,GAAG,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,+CAA+C;AAC/C,iBAAiB;AACjB,+CAA+C;AAE/C,SAAS,UAAU,CAAC,QAAuB;IACzC,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAMzB,CAAC;IAEd,IAAI,CAAC,SAAS,EAAE,WAAW,IAAI,CAAC,SAAS,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAEjE,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,WAAW;QAC5B,OAAO,EAAE,SAAS,CAAC,SAAS;QAC5B,QAAQ,EAAE,SAAS,CAAC,UAAU,IAAI,IAAI;KACvC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,GAAY,EACZ,UAAsB;IAEtB,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAE7B,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACtD,IAAI,MAAM,EAAE,WAAW,EAAE,KAAK,QAAQ,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAEnE,IAAI,UAAU,KAAK,UAAU,CAAC,OAAO,EAAE,CAAC;QACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACjF,CAAC;IAED,yCAAyC;IACzC,8CAA8C;IAC9C,oEAAoE;IACpE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,qDAAqD;QACrD,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAChE,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAqE,CAAC;YAE7G,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,yDAAyD;gBACzD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC7D,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAC;oBACtE,IAAI,QAAQ,EAAE,CAAC;wBACb,OAAO;4BACL,QAAQ,EAAE,QAAQ,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI;4BACtC,UAAU,EAAE,OAAO;4BACnB,MAAM,EAAE,QAAQ,CAAC,MAAM;4BACvB,MAAM,EAAE,KAAK;yBACd,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;QAC7D,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IAC/D,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAChE,OAAO;QACL,QAAQ,EAAE,MAAM,EAAE,IAAI,IAAI,KAAK,CAAC,QAAQ;QACxC,UAAU,EAAE,OAAO;QACnB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,MAAM,EAAE,KAAK;KACd,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,KAAsB,EAAE,IAAyB;IACpE,MAAM,UAAU,GAAG,CAAE,KAAa,CAAC,UAAU,IAAI,KAAK,CAAC,MAAM,EAAE,UAAU,IAAI,UAAU,CAAe,CAAC;IACvG,IAAI,IAAI,EAAE,MAAM;QAAE,OAAO,IAAI,CAAC;IAC9B,IAAI,UAAU,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACzC,IAAI,UAAU,KAAK,UAAU,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IACnD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+CAA+C;AAC/C,uBAAuB;AACvB,+CAA+C;AAE/C,SAAS,kBAAkB;IACzB,OAAO;QACL;YACE,IAAI,EAAE,YAAY;YAClB,WAAW,EACT,6EAA6E;YAC/E,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,OAAO,EAAE;wBACP,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,kBAAkB;wBAC/B,UAAU,EAAE;4BACV,MAAM,EAAE;gCACN,IAAI,EAAE,QAAQ;gCACd,IAAI,EAAE,CAAC,cAAc,EAAE,gBAAgB,EAAE,MAAM,CAAC;gCAChD,WAAW,EAAE,mBAAmB;6BACjC;4BACD,IAAI,EAAE;gCACJ,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,+BAA+B;6BAC7C;4BACD,IAAI,EAAE;gCACJ,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,sCAAsC;6BACpD;4BACD,MAAM,EAAE;gCACN,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,yBAAyB;gCACtC,oBAAoB,EAAE,IAAI;6BAC3B;yBACF;wBACD,QAAQ,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC;qBAC7B;iBACF;gBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;aACtB;SACF;QACD;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,uDAAuD;YACpE,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE,EAAE;aACf;SACF;KACF,CAAC;AACJ,CAAC;AAED,+CAA+C;AAC/C,gBAAgB;AAChB,+CAA+C;AAE/C,MAAM,UAAU,iBAAiB,CAC/B,QAAuB,EACvB,UAA8B,EAAE;IAEhC,MAAM,EACJ,IAAI,GAAG,IAAI,EACX,QAAQ,GAAG,WAAW,EACtB,QAAQ,GAAG,EAAE,EACb,IAAI,GAAG,IAAI,EACX,UAAU,GAAG,YAAY,EACzB,aAAa,GAAG,OAAO,EACvB,WAAW,GAAG,yBAAyB,EAAE,GAC1C,GAAG,OAAO,CAAC;IAEZ,IAAI,cAAc,GAAwC,IAAI,CAAC;IAC/D,IAAI,SAAS,GAAkB,IAAI,CAAC;IAEpC,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAExC,6CAA6C;IAC7C,uBAAuB;IACvB,6CAA6C;IAE7C,KAAK,UAAU,aAAa,CAC1B,OAAuB,EACvB,IAAyB;QAEzB,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;YACvB,yBAAyB;YACzB,KAAK,YAAY;gBACf,OAAO,cAAc,CAAC,OAAO,CAAC,EAAE,EAAE;oBAChC,eAAe,EAAE,YAAY;oBAC7B,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;oBAC3B,UAAU,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,EAAE;iBACzD,CAAC,CAAC;YAEL,KAAK,2BAA2B;gBAC9B,OAAO,cAAc,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;YAExC,iBAAiB;YACjB,KAAK,YAAY;gBACf,OAAO,cAAc,CAAC,OAAO,CAAC,EAAE,EAAE;oBAChC,KAAK,EAAE,kBAAkB,EAAE;iBAC5B,CAAC,CAAC;YAEL,mBAAmB;YACnB,KAAK,YAAY,CAAC,CAAC,CAAC;gBAClB,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAGtD,CAAC;gBAEF,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,IAAI,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;oBAC5D,OAAO,cAAc,CAAC,OAAO,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;gBAC5C,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACjB,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;oBAC1C,OAAO,cAAc,CACnB,OAAO,CAAC,EAAE,EACV,SAAS,CACP,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAC5D,IAAI,CACL,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED;gBACE,OAAO,YAAY,CACjB,OAAO,CAAC,EAAE,EACV,CAAC,KAAK,EACN,qBAAqB,OAAO,CAAC,MAAM,EAAE,CACtC,CAAC;QACN,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,2BAA2B;IAC3B,6CAA6C;IAE7C,KAAK,UAAU,cAAc,CAC3B,QAAgB,EAChB,IAA6B,EAC7B,IAAyB;QAEzB,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,YAAY,CAAC,CAAC,CAAC;gBAClB,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAqB,CAAC;gBAEvD,sBAAsB;gBACtB,IAAI,IAAI,EAAE,CAAC;oBACT,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;oBAC7B,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;oBACjC,IAAI,CAAC,GAAG,CAAC,QAAQ;wBAAE,GAAG,CAAC,QAAQ,GAAG,EAAE,CAAC;oBACrC,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;oBAClC,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBACpC,CAAC;gBACD,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC;oBACjB,GAAG,CAAC,UAAU,GAAG,QAAQ,CAAC;gBAC5B,CAAC;gBAED,yDAAyD;gBACzD,IAAK,GAAW,CAAC,MAAM,IAAI,WAAW,EAAE,CAAC;oBACvC,MAAM,OAAO,GAAG,IAAI,EAAE,QAAQ,IAAI,WAAW,CAAC;oBAC9C,wDAAwD;oBACxD,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBACrC,MAAM,IAAI,GAAG,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAM,GAAW,CAAC,IAAI,CAAC,CAAC;oBACpE,MAAM,MAAM,GAAG,IAAI,EAAE,WAAkB,CAAC;oBACxC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,mBAAmB,CAC3C,GAAW,CAAC,MAAiC,EAC9C,MAAM,EACN,WAAW,EACX,OAAO,CACR,CAAC;oBACD,GAAW,CAAC,MAAM,GAAG,QAAQ,CAAC;gBACjC,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACxC,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC;YAC3B,CAAC;YAED,KAAK,aAAa,CAAC,CAAC,CAAC;gBACnB,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;gBAEnE,OAAO,SAAS,CAAC;oBACf,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;wBAC9B,IAAI,EAAE,KAAK,CAAC,IAAI;wBAChB,IAAI,EAAE,KAAK,CAAC,MAAM,EAAE,IAAI;wBACxB,WAAW,EAAE,KAAK,CAAC,MAAM,EAAE,WAAW;wBACtC,gBAAgB,EAAE,KAAK,CAAC,MAAM,EAAE,gBAAgB;wBAChD,KAAK,EAAE,KAAK,CAAC,KAAK;6BACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;4BACZ,MAAM,EAAE,GAAG,CAAC,CAAC,UAAU,IAAI,UAAU,CAAC;4BACtC,IAAI,IAAI,EAAE,MAAM;gCAAE,OAAO,IAAI,CAAC;4BAC9B,IAAI,EAAE,KAAK,QAAQ;gCAAE,OAAO,IAAI,CAAC;4BACjC,IAAI,EAAE,KAAK,UAAU,IAAI,IAAI;gCAAE,OAAO,IAAI,CAAC;4BAC3C,OAAO,KAAK,CAAC;wBACf,CAAC,CAAC;6BACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;qBACtB,CAAC,CAAC;iBACJ,CAAC,CAAC;YACL,CAAC;YAED;gBACE,MAAM,IAAI,KAAK,CAAC,iBAAiB,QAAQ,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,mCAAmC;IACnC,6CAA6C;IAE7C,KAAK,UAAU,gBAAgB,CAAC,GAAY;QAC1C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,YAAY,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QAC1D,IAAI,SAAiB,CAAC;QACtB,IAAI,QAAgB,CAAC;QACrB,IAAI,YAAoB,CAAC;QAEzB,IAAI,WAAW,CAAC,QAAQ,CAAC,mCAAmC,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC;YACzC,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YAC3C,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACzC,YAAY,GAAG,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2B,CAAC;YAC1D,SAAS,GAAG,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;YAClC,QAAQ,GAAG,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC;YAChC,YAAY,GAAG,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;QAC1C,CAAC;QAED,IAAI,SAAS,KAAK,oBAAoB,EAAE,CAAC;YACvC,OAAO,YAAY,CACjB,EAAE,KAAK,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,sCAAsC,EAAE,EAC9F,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;YAC/B,OAAO,YAAY,CACjB,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,oCAAoC,EAAE,EACrF,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAC7E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,YAAY,CACjB,EAAE,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,EAC5E,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3F,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC;YAChC,KAAK,EAAE,WAAW;YAClB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,GAAG;YACb,SAAS,EAAE,GAAG,GAAG,UAAU,CAAC,QAAQ,GAAG,IAAI;SAC5C,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC;YAClB,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,UAAU,CAAC,QAAQ;YAC/B,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,uBAAuB;IACvB,8CAA8C;IAE9C,KAAK,UAAU,KAAK,CAAC,GAAY;QAC/B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC;QAEvD,iBAAiB;QACjB,IAAI,IAAI,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACrC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,QAAkB,EAAY,EAAE;YAC/C,IAAI,CAAC,IAAI;gBAAE,OAAO,QAAQ,CAAC;YAC3B,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBACzD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC1B,CAAC;YACD,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;gBACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,OAAO;aACR,CAAC,CAAC;QACL,CAAC,CAAC;QAEF,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,MAAM,WAAW,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEpE,IAAI,CAAC;YACH,oCAAoC;YACpC,IAAI,CAAC,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC/D,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAmB,CAAC;gBAClD,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBACjD,OAAO,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;YACzC,CAAC;YAED,wBAAwB;YACxB,IAAI,IAAI,KAAK,cAAc,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBACrD,OAAO,OAAO,CAAC,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9C,CAAC;YAED,eAAe;YACf,IAAI,IAAI,KAAK,SAAS,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC/C,OAAO,OAAO,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;YACjD,CAAC;YAED,wDAAwD;YACxD,IAAI,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC7C,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;gBACnE,OAAO,OAAO,CACZ,YAAY,CAAC;oBACX,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;wBAC9B,IAAI,EAAE,KAAK,CAAC,IAAI;wBAChB,IAAI,EAAE,KAAK,CAAC,MAAM,EAAE,IAAI;wBACxB,WAAW,EAAE,KAAK,CAAC,MAAM,EAAE,WAAW;wBACtC,gBAAgB,EAAE,KAAK,CAAC,MAAM,EAAE,gBAAgB;wBAChD,KAAK,EAAE,KAAK,CAAC,KAAK;6BACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;4BACZ,MAAM,EAAE,GAAG,CAAC,CAAC,UAAU,IAAI,UAAU,CAAC;4BACtC,IAAI,IAAI,EAAE,MAAM;gCAAE,OAAO,IAAI,CAAC;4BAC9B,IAAI,EAAE,KAAK,QAAQ;gCAAE,OAAO,IAAI,CAAC;4BACjC,IAAI,EAAE,KAAK,UAAU,IAAI,IAAI;gCAAE,OAAO,IAAI,CAAC;4BAC3C,OAAO,KAAK,CAAC;wBACf,CAAC,CAAC;6BACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;qBACtB,CAAC,CAAC;iBACJ,CAAC,CACH,CAAC;YACJ,CAAC;YAED,OAAO,OAAO,CAAC,YAAY,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,cAAc,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;QACxI,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;YAC9C,OAAO,OAAO,CACZ,YAAY,CACV,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,gBAAgB,EAAE,EAAE,EAChF,GAAG,CACJ,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,mBAAmB;IACnB,6CAA6C;IAE7C,MAAM,MAAM,GAAgB;QAC1B,KAAK,CAAC,KAAK;YACT,IAAI,cAAc;gBAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAEjE,cAAc,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;YACtD,SAAS,GAAG,UAAU,QAAQ,IAAI,IAAI,GAAG,QAAQ,EAAE,CAAC;YAEpD,OAAO,CAAC,GAAG,CAAC,2BAA2B,SAAS,EAAE,CAAC,CAAC;YACpD,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;YACpD,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;YAC7C,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACjC,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;QACtD,CAAC;QAED,KAAK,CAAC,IAAI;YACR,IAAI,cAAc,EAAE,CAAC;gBACnB,cAAc,CAAC,IAAI,EAAE,CAAC;gBACtB,cAAc,GAAG,IAAI,CAAC;gBACtB,SAAS,GAAG,IAAI,CAAC;YACnB,CAAC;QACH,CAAC;QAED,KAAK;QAEL,IAAI,GAAG;YACL,OAAO,SAAS,CAAC;QACnB,CAAC;KACF,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
package/package.json
CHANGED
package/src/auth.ts
CHANGED
|
@@ -26,6 +26,7 @@
|
|
|
26
26
|
|
|
27
27
|
import { defineAgent, defineTool } from "./define.js";
|
|
28
28
|
import type { AgentDefinition, ToolContext, ToolDefinition } from "./types.js";
|
|
29
|
+
import { signJwt } from "./jwt.js";
|
|
29
30
|
|
|
30
31
|
// ============================================
|
|
31
32
|
// Auth Types
|
|
@@ -126,15 +127,7 @@ function generateSecret(): string {
|
|
|
126
127
|
return secret;
|
|
127
128
|
}
|
|
128
129
|
|
|
129
|
-
|
|
130
|
-
const chars =
|
|
131
|
-
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
|
132
|
-
let token = "at_";
|
|
133
|
-
for (let i = 0; i < 48; i++) {
|
|
134
|
-
token += chars[Math.floor(Math.random() * chars.length)];
|
|
135
|
-
}
|
|
136
|
-
return token;
|
|
137
|
-
}
|
|
130
|
+
|
|
138
131
|
|
|
139
132
|
/** Simple hash for storing secrets (not for production - use bcrypt/argon2) */
|
|
140
133
|
async function hashSecret(secret: string): Promise<string> {
|
|
@@ -308,18 +301,20 @@ export function createAuthAgent(
|
|
|
308
301
|
throw new Error("Invalid client credentials");
|
|
309
302
|
}
|
|
310
303
|
|
|
311
|
-
const
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
304
|
+
const now = Math.floor(Date.now() / 1000);
|
|
305
|
+
const jwt = await signJwt(
|
|
306
|
+
{
|
|
307
|
+
sub: client.clientId,
|
|
308
|
+
name: client.name,
|
|
309
|
+
scopes: client.scopes,
|
|
310
|
+
iat: now,
|
|
311
|
+
exp: now + tokenTtl,
|
|
312
|
+
},
|
|
313
|
+
client.clientSecretHash,
|
|
314
|
+
);
|
|
320
315
|
|
|
321
316
|
return {
|
|
322
|
-
accessToken:
|
|
317
|
+
accessToken: jwt,
|
|
323
318
|
tokenType: "bearer",
|
|
324
319
|
expiresIn: tokenTtl,
|
|
325
320
|
scopes: client.scopes,
|
package/src/index.ts
CHANGED
|
@@ -109,3 +109,11 @@ export type {
|
|
|
109
109
|
// Build
|
|
110
110
|
export { buildAgents } from "./build.js";
|
|
111
111
|
export type { BuildAgentsOptions, BuildAgentsResult } from "./build.js";
|
|
112
|
+
|
|
113
|
+
// Secrets
|
|
114
|
+
export { createInMemorySecretStore, isSecretRef, processSecretParams } from "./secrets.js";
|
|
115
|
+
export type { SecretStore } from "./secrets.js";
|
|
116
|
+
|
|
117
|
+
// JWT
|
|
118
|
+
export { signJwt, verifyJwt } from "./jwt.js";
|
|
119
|
+
export type { JwtPayload } from "./jwt.js";
|
package/src/jwt.ts
ADDED
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* JWT utilities for auth tokens.
|
|
3
|
+
*
|
|
4
|
+
* Minimal JWT implementation using Web Crypto API (HMAC-SHA256).
|
|
5
|
+
* No external dependencies.
|
|
6
|
+
*/
|
|
7
|
+
|
|
8
|
+
const encoder = new TextEncoder();
|
|
9
|
+
|
|
10
|
+
function base64UrlEncode(data: Uint8Array): string {
|
|
11
|
+
const str = btoa(String.fromCharCode(...data));
|
|
12
|
+
return str.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
function base64UrlDecode(str: string): Uint8Array {
|
|
16
|
+
const padded = str.replace(/-/g, "+").replace(/_/g, "/");
|
|
17
|
+
const binary = atob(padded);
|
|
18
|
+
return Uint8Array.from(binary, (c) => c.charCodeAt(0));
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
async function hmacSign(
|
|
22
|
+
data: string,
|
|
23
|
+
secret: string,
|
|
24
|
+
): Promise<Uint8Array> {
|
|
25
|
+
const key = await crypto.subtle.importKey(
|
|
26
|
+
"raw",
|
|
27
|
+
encoder.encode(secret),
|
|
28
|
+
{ name: "HMAC", hash: "SHA-256" },
|
|
29
|
+
false,
|
|
30
|
+
["sign"],
|
|
31
|
+
);
|
|
32
|
+
const sig = await crypto.subtle.sign("HMAC", key, encoder.encode(data));
|
|
33
|
+
return new Uint8Array(sig);
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
async function hmacVerify(
|
|
37
|
+
data: string,
|
|
38
|
+
signature: Uint8Array,
|
|
39
|
+
secret: string,
|
|
40
|
+
): Promise<boolean> {
|
|
41
|
+
const key = await crypto.subtle.importKey(
|
|
42
|
+
"raw",
|
|
43
|
+
encoder.encode(secret),
|
|
44
|
+
{ name: "HMAC", hash: "SHA-256" },
|
|
45
|
+
false,
|
|
46
|
+
["verify"],
|
|
47
|
+
);
|
|
48
|
+
return crypto.subtle.verify("HMAC", key, signature.buffer as ArrayBuffer, encoder.encode(data));
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
/** JWT payload for auth tokens */
|
|
52
|
+
export interface JwtPayload {
|
|
53
|
+
/** Subject - the client ID */
|
|
54
|
+
sub: string;
|
|
55
|
+
/** Client name */
|
|
56
|
+
name: string;
|
|
57
|
+
/** Scopes */
|
|
58
|
+
scopes: string[];
|
|
59
|
+
/** Issued at (unix seconds) */
|
|
60
|
+
iat: number;
|
|
61
|
+
/** Expires at (unix seconds) */
|
|
62
|
+
exp: number;
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
/**
|
|
66
|
+
* Sign a JWT with HMAC-SHA256.
|
|
67
|
+
*
|
|
68
|
+
* @param payload - JWT payload (client_id, scopes, etc.)
|
|
69
|
+
* @param secret - Signing secret (the client's secret hash)
|
|
70
|
+
* @returns Signed JWT string
|
|
71
|
+
*/
|
|
72
|
+
export async function signJwt(
|
|
73
|
+
payload: JwtPayload,
|
|
74
|
+
secret: string,
|
|
75
|
+
): Promise<string> {
|
|
76
|
+
const header = { alg: "HS256", typ: "JWT" };
|
|
77
|
+
|
|
78
|
+
const headerB64 = base64UrlEncode(encoder.encode(JSON.stringify(header)));
|
|
79
|
+
const payloadB64 = base64UrlEncode(encoder.encode(JSON.stringify(payload)));
|
|
80
|
+
const signingInput = `${headerB64}.${payloadB64}`;
|
|
81
|
+
|
|
82
|
+
const signature = await hmacSign(signingInput, secret);
|
|
83
|
+
const signatureB64 = base64UrlEncode(signature);
|
|
84
|
+
|
|
85
|
+
return `${signingInput}.${signatureB64}`;
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
/**
|
|
89
|
+
* Verify and decode a JWT.
|
|
90
|
+
*
|
|
91
|
+
* @param token - JWT string
|
|
92
|
+
* @param secret - Signing secret to verify against
|
|
93
|
+
* @returns Decoded payload, or null if invalid/expired
|
|
94
|
+
*/
|
|
95
|
+
export async function verifyJwt(
|
|
96
|
+
token: string,
|
|
97
|
+
secret: string,
|
|
98
|
+
): Promise<JwtPayload | null> {
|
|
99
|
+
const parts = token.split(".");
|
|
100
|
+
if (parts.length !== 3) return null;
|
|
101
|
+
|
|
102
|
+
const [headerB64, payloadB64, signatureB64] = parts;
|
|
103
|
+
const signingInput = `${headerB64}.${payloadB64}`;
|
|
104
|
+
|
|
105
|
+
try {
|
|
106
|
+
const signature = base64UrlDecode(signatureB64);
|
|
107
|
+
const valid = await hmacVerify(signingInput, signature, secret);
|
|
108
|
+
if (!valid) return null;
|
|
109
|
+
|
|
110
|
+
const payload = JSON.parse(
|
|
111
|
+
new TextDecoder().decode(base64UrlDecode(payloadB64)),
|
|
112
|
+
) as JwtPayload;
|
|
113
|
+
|
|
114
|
+
// Check expiration
|
|
115
|
+
if (payload.exp && payload.exp < Date.now() / 1000) {
|
|
116
|
+
return null;
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
return payload;
|
|
120
|
+
} catch {
|
|
121
|
+
return null;
|
|
122
|
+
}
|
|
123
|
+
}
|
package/src/secrets.ts
ADDED
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Secrets - encrypted secret storage and resolution for tool params.
|
|
3
|
+
*
|
|
4
|
+
* Secrets are stored encrypted and referenced via `secret:<id>` strings.
|
|
5
|
+
* The SDK automatically:
|
|
6
|
+
* - Resolves `secret:xxx` refs in tool params before execution
|
|
7
|
+
* - Stores raw values in `secret: true` schema fields and replaces with refs
|
|
8
|
+
* - Redacts secrets from tool results in LLM context
|
|
9
|
+
*/
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
// ============================================
|
|
13
|
+
// SecretStore Interface
|
|
14
|
+
// ============================================
|
|
15
|
+
|
|
16
|
+
export interface SecretStore {
|
|
17
|
+
/** Store a secret value. Returns the secret ref (e.g., "secret:abc123"). */
|
|
18
|
+
store(value: string, ownerId: string): Promise<string>;
|
|
19
|
+
|
|
20
|
+
/** Resolve a secret ref to its value. Returns null if not found or unauthorized. */
|
|
21
|
+
resolve(ref: string, ownerId: string): Promise<string | null>;
|
|
22
|
+
|
|
23
|
+
/** Delete a secret. */
|
|
24
|
+
delete(ref: string, ownerId: string): Promise<boolean>;
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
// ============================================
|
|
28
|
+
// Secret Ref Helpers
|
|
29
|
+
// ============================================
|
|
30
|
+
|
|
31
|
+
const SECRET_PREFIX = "secret:";
|
|
32
|
+
|
|
33
|
+
export function isSecretRef(value: unknown): value is string {
|
|
34
|
+
return typeof value === "string" && value.startsWith(SECRET_PREFIX);
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
export function getSecretId(ref: string): string {
|
|
38
|
+
return ref.slice(SECRET_PREFIX.length);
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
export function makeSecretRef(id: string): string {
|
|
42
|
+
return `${SECRET_PREFIX}${id}`;
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
function randomSecretId(): string {
|
|
46
|
+
const chars = "abcdefghijklmnopqrstuvwxyz0123456789";
|
|
47
|
+
let id = "";
|
|
48
|
+
for (let i = 0; i < 24; i++) id += chars[Math.floor(Math.random() * chars.length)];
|
|
49
|
+
return id;
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
// ============================================
|
|
53
|
+
// In-Memory SecretStore (default)
|
|
54
|
+
// ============================================
|
|
55
|
+
|
|
56
|
+
export function createInMemorySecretStore(): SecretStore {
|
|
57
|
+
const secrets = new Map<string, { value: string; ownerId: string }>();
|
|
58
|
+
|
|
59
|
+
return {
|
|
60
|
+
async store(value, ownerId) {
|
|
61
|
+
const id = randomSecretId();
|
|
62
|
+
secrets.set(id, { value, ownerId });
|
|
63
|
+
return makeSecretRef(id);
|
|
64
|
+
},
|
|
65
|
+
|
|
66
|
+
async resolve(ref, ownerId) {
|
|
67
|
+
const id = getSecretId(ref);
|
|
68
|
+
const entry = secrets.get(id);
|
|
69
|
+
if (!entry || entry.ownerId !== ownerId) return null;
|
|
70
|
+
return entry.value;
|
|
71
|
+
},
|
|
72
|
+
|
|
73
|
+
async delete(ref, ownerId) {
|
|
74
|
+
const id = getSecretId(ref);
|
|
75
|
+
const entry = secrets.get(id);
|
|
76
|
+
if (!entry || entry.ownerId !== ownerId) return false;
|
|
77
|
+
secrets.delete(id);
|
|
78
|
+
return true;
|
|
79
|
+
},
|
|
80
|
+
};
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
// ============================================
|
|
84
|
+
// Param Resolution
|
|
85
|
+
// ============================================
|
|
86
|
+
|
|
87
|
+
interface SchemaProperty {
|
|
88
|
+
type?: string;
|
|
89
|
+
secret?: boolean;
|
|
90
|
+
properties?: Record<string, SchemaProperty>;
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
/**
|
|
94
|
+
* Walk tool params, resolve `secret:xxx` refs and store raw secret values.
|
|
95
|
+
*
|
|
96
|
+
* - If a param value is `secret:xxx`, resolve it from the store.
|
|
97
|
+
* - If a param has `secret: true` in schema and value is a raw string,
|
|
98
|
+
* store it and replace with a ref (for logging/context).
|
|
99
|
+
*
|
|
100
|
+
* Returns: { resolved: params with real values for tool execution,
|
|
101
|
+
* redacted: params with refs for logging }
|
|
102
|
+
*/
|
|
103
|
+
export async function processSecretParams(
|
|
104
|
+
params: Record<string, unknown>,
|
|
105
|
+
schema: { properties?: Record<string, SchemaProperty> } | undefined,
|
|
106
|
+
secretStore: SecretStore,
|
|
107
|
+
ownerId: string,
|
|
108
|
+
): Promise<{ resolved: Record<string, unknown>; redacted: Record<string, unknown> }> {
|
|
109
|
+
const resolved: Record<string, unknown> = { ...params };
|
|
110
|
+
const redacted: Record<string, unknown> = { ...params };
|
|
111
|
+
|
|
112
|
+
if (!schema?.properties) return { resolved, redacted };
|
|
113
|
+
|
|
114
|
+
for (const [key, schemaProp] of Object.entries(schema.properties)) {
|
|
115
|
+
const value = params[key];
|
|
116
|
+
if (value === undefined || value === null) continue;
|
|
117
|
+
|
|
118
|
+
// Recurse into nested objects
|
|
119
|
+
if (schemaProp.type === "object" && typeof value === "object" && !Array.isArray(value)) {
|
|
120
|
+
const nested = await processSecretParams(
|
|
121
|
+
value as Record<string, unknown>,
|
|
122
|
+
schemaProp,
|
|
123
|
+
secretStore,
|
|
124
|
+
ownerId,
|
|
125
|
+
);
|
|
126
|
+
resolved[key] = nested.resolved;
|
|
127
|
+
redacted[key] = nested.redacted;
|
|
128
|
+
continue;
|
|
129
|
+
}
|
|
130
|
+
|
|
131
|
+
if (typeof value !== "string") continue;
|
|
132
|
+
|
|
133
|
+
// Case 1: Value is already a secret ref - resolve it
|
|
134
|
+
if (isSecretRef(value)) {
|
|
135
|
+
const realValue = await secretStore.resolve(value, ownerId);
|
|
136
|
+
if (realValue === null) {
|
|
137
|
+
throw new Error(`Secret not found or unauthorized: ${value}`);
|
|
138
|
+
}
|
|
139
|
+
resolved[key] = realValue;
|
|
140
|
+
redacted[key] = value; // keep the ref in redacted version
|
|
141
|
+
continue;
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
// Case 2: Schema says this field is secret + value is raw - store it
|
|
145
|
+
if (schemaProp.secret && (value as string).length > 0) {
|
|
146
|
+
const ref = await secretStore.store(value, ownerId);
|
|
147
|
+
resolved[key] = value; // tool gets the real value
|
|
148
|
+
redacted[key] = ref; // logs/context get the ref
|
|
149
|
+
continue;
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
return { resolved, redacted };
|
|
154
|
+
}
|
package/src/server.ts
CHANGED
|
@@ -28,6 +28,8 @@
|
|
|
28
28
|
import type { AuthStore } from "./auth.js";
|
|
29
29
|
import type { AgentRegistry } from "./registry.js";
|
|
30
30
|
import type { AgentDefinition, CallAgentRequest, Visibility } from "./types.js";
|
|
31
|
+
import { verifyJwt } from "./jwt.js";
|
|
32
|
+
import { type SecretStore, createInMemorySecretStore, processSecretParams } from "./secrets.js";
|
|
31
33
|
|
|
32
34
|
// ============================================
|
|
33
35
|
// Server Types
|
|
@@ -46,6 +48,9 @@ export interface AgentServerOptions {
|
|
|
46
48
|
serverName?: string;
|
|
47
49
|
/** Server version reported in MCP initialize (default: '1.0.0') */
|
|
48
50
|
serverVersion?: string;
|
|
51
|
+
|
|
52
|
+
/** Secret store for handling secret: refs in tool params */
|
|
53
|
+
secretStore?: SecretStore;
|
|
49
54
|
}
|
|
50
55
|
|
|
51
56
|
export interface AgentServer {
|
|
@@ -176,6 +181,38 @@ async function resolveAuth(
|
|
|
176
181
|
return { callerId: "root", callerType: "system", scopes: ["*"], isRoot: true };
|
|
177
182
|
}
|
|
178
183
|
|
|
184
|
+
// Try JWT verification first (stateless)
|
|
185
|
+
// JWT is signed with the client's secret hash
|
|
186
|
+
// Decode payload to get client_id, look up client, verify signature
|
|
187
|
+
const parts = credential.split(".");
|
|
188
|
+
if (parts.length === 3) {
|
|
189
|
+
// Looks like a JWT - decode payload to get client_id
|
|
190
|
+
try {
|
|
191
|
+
const payloadB64 = parts[1];
|
|
192
|
+
const padded = payloadB64.replace(/-/g, "+").replace(/_/g, "/");
|
|
193
|
+
const payload = JSON.parse(atob(padded)) as { sub?: string; name?: string; scopes?: string[]; exp?: number };
|
|
194
|
+
|
|
195
|
+
if (payload.sub) {
|
|
196
|
+
// Look up client to get the signing secret (secret hash)
|
|
197
|
+
const client = await authConfig.store.getClient(payload.sub);
|
|
198
|
+
if (client) {
|
|
199
|
+
const verified = await verifyJwt(credential, client.clientSecretHash);
|
|
200
|
+
if (verified) {
|
|
201
|
+
return {
|
|
202
|
+
callerId: verified.name || client.name,
|
|
203
|
+
callerType: "agent",
|
|
204
|
+
scopes: verified.scopes,
|
|
205
|
+
isRoot: false,
|
|
206
|
+
};
|
|
207
|
+
}
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
} catch {
|
|
211
|
+
// Not a valid JWT, fall through to legacy token validation
|
|
212
|
+
}
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
// Legacy: opaque token validation (backwards compat)
|
|
179
216
|
const token = await authConfig.store.validateToken(credential);
|
|
180
217
|
if (!token) return null;
|
|
181
218
|
|
|
@@ -264,6 +301,7 @@ export function createAgentServer(
|
|
|
264
301
|
cors = true,
|
|
265
302
|
serverName = "agents-sdk",
|
|
266
303
|
serverVersion = "1.0.0",
|
|
304
|
+
secretStore = createInMemorySecretStore(),
|
|
267
305
|
} = options;
|
|
268
306
|
|
|
269
307
|
let serverInstance: ReturnType<typeof Bun.serve> | null = null;
|
|
@@ -353,6 +391,22 @@ export function createAgentServer(
|
|
|
353
391
|
req.callerType = "system";
|
|
354
392
|
}
|
|
355
393
|
|
|
394
|
+
// Process secret params: resolve refs, store raw secrets
|
|
395
|
+
if ((req as any).params && secretStore) {
|
|
396
|
+
const ownerId = auth?.callerId ?? "anonymous";
|
|
397
|
+
// Find the tool schema to check for secret: true fields
|
|
398
|
+
const agent = registry.get(req.path);
|
|
399
|
+
const tool = agent?.tools.find((t) => t.name === (req as any).tool);
|
|
400
|
+
const schema = tool?.inputSchema as any;
|
|
401
|
+
const { resolved } = await processSecretParams(
|
|
402
|
+
(req as any).params as Record<string, unknown>,
|
|
403
|
+
schema,
|
|
404
|
+
secretStore,
|
|
405
|
+
ownerId,
|
|
406
|
+
);
|
|
407
|
+
(req as any).params = resolved;
|
|
408
|
+
}
|
|
409
|
+
|
|
356
410
|
const result = await registry.call(req);
|
|
357
411
|
return mcpResult(result);
|
|
358
412
|
}
|