@slashfi/agents-sdk 0.3.0 → 0.5.0

package/dist/{auth.d.ts → agent-definitions/auth.d.ts}

@@ -23,10 +23,11 @@
  * await server.start();
  * ```
  */
-import type { AgentDefinition } from "./types.js";
+import type { AgentDefinition } from "../types.js";
 /** Registered client */
 export interface AuthClient {
     clientId: string;
+    tenantId?: string;
     clientSecretHash: string;
     name: string;
     scopes: string[];
@@ -53,9 +54,25 @@ export interface AuthIdentity {
  * Pluggable storage for auth state.
  * Implement this interface to use Postgres, Redis, SQLite, etc.
  */
+/**
+ * Tenant - organizational unit for multi-tenant isolation.
+ */
+export interface AuthTenant {
+    id: string;
+    name: string;
+    createdAt: number;
+}
 export interface AuthStore {
+    /** Create a tenant. */
+    createTenant(name: string): Promise<{
+        tenantId: string;
+    }>;
+    /** Get tenant by ID. */
+    getTenant(tenantId: string): Promise<AuthTenant | null>;
+    /** List tenants. */
+    listTenants(): Promise<AuthTenant[]>;
     /** Create a new client. Returns the raw (unhashed) secret. */
-    createClient(name: string, scopes: string[], selfRegistered?: boolean): Promise<{
+    createClient(name: string, scopes: string[], selfRegistered?: boolean, tenantId?: string): Promise<{
         clientId: string;
         clientSecret: string;
     }>;
@@ -77,6 +94,23 @@ export interface AuthStore {
     validateToken(tokenString: string): Promise<AuthToken | null>;
     /** Revoke a specific token. */
     revokeToken(tokenString: string): Promise<boolean>;
+    /** Register a user under a tenant. Returns a refresh token. */
+    registerUser?(tenantId: string, userId: string, clientId: string): Promise<{
+        refreshToken: string;
+    }>;
+    /** Validate a refresh token. Returns user info. */
+    validateRefreshToken?(refreshToken: string): Promise<{
+        tenantId: string;
+        userId: string;
+        clientId: string;
+    } | null>;
+    /** Rotate a refresh token. */
+    rotateRefreshToken?(oldToken: string): Promise<{
+        refreshToken: string;
+        tenantId: string;
+        userId: string;
+        clientId: string;
+    } | null>;
 }
 /**
  * Create an in-memory auth store.

package/dist/agent-definitions/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/agent-definitions/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAGH,OAAO,KAAK,EAAE,eAAe,EAA+B,MAAM,aAAa,CAAC;AAOhF,wBAAwB;AACxB,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,6DAA6D;IAC7D,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,4BAA4B;AAC5B,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,iDAAiD;AACjD,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;CACjB;AAMD;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,SAAS;IACxB,uBAAuB;IACvB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAE1D,wBAAwB;IACxB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAExD,oBAAoB;IACpB,WAAW,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAErC,8DAA8D;IAC9D,YAAY,CACV,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EAAE,EAChB,cAAc,CAAC,EAAE,OAAO,EACxB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAEvD,4EAA4E;IAC5E,cAAc,CACZ,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE9B,wBAAwB;IACxB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAExD,wBAAwB;IACxB,WAAW,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAErC,gCAAgC;IAChC,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEjD,wDAAwD;IACxD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,YAAY,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IAEzE,qBAAqB;IACrB,UAAU,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5C,sEAAsE;IACtE,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAE9D,+BAA+B;IAC/B,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEnD,+DAA+D;IAC/D,YAAY,CAAC,CACX,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAErC,mDAAmD;IACnD,oBAAoB,CAAC,CACnB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IAE1E,8BAA8B;IAC9B,kBAAkB,CAAC,CACjB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;CACjG;AAqCD;;;GAGG;AACH,wBAAgB,qBAAqB,IAAI,SAAS,CAyFjD;AAMD,MAAM,WAAW,sBAAsB;IACrC,+CAA+C;IAC/C,OAAO,EAAE,MAAM,CAAC;IAEhB,yEAAyE;IACzE,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAE5B,kFAAkF;IAClF,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE9B,mDAAmD;IACnD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,4CAA4C;IAC5C,KAAK,CAAC,EAAE,SAAS,CAAC;CACnB;AAMD;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,sBAAsB,GAC9B,eAAe,GAAG;IACnB,WAAW,EAAE,SAAS,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB,CAiRA"}

package/dist/{auth.js → agent-definitions/auth.js}

@@ -23,8 +23,8 @@
  * await server.start();
  * ```
  */
-import { defineAgent, defineTool } from "./define.js";
-import { signJwt } from "./jwt.js";
+import { defineAgent, defineTool } from "../define.js";
+import { signJwt } from "../jwt.js";
 // ============================================
 // In-Memory Auth Store
 // ============================================
@@ -58,15 +58,28 @@ async function hashSecret(secret) {
  * Suitable for development and testing. Use a persistent store for production.
  */
 export function createMemoryAuthStore() {
+    const tenants = new Map();
     const clients = new Map();
     const tokens = new Map();
     return {
-        async createClient(name, scopes, selfRegistered) {
+        async createTenant(name) {
+            const id = `tenant_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`;
+            tenants.set(id, { id, name, createdAt: Date.now() });
+            return { tenantId: id };
+        },
+        async getTenant(tenantId) {
+            return tenants.get(tenantId) ?? null;
+        },
+        async listTenants() {
+            return Array.from(tenants.values());
+        },
+        async createClient(name, scopes, selfRegistered, tenantId) {
             const clientId = generateId("ag_");
             const clientSecret = generateSecret();
             const secretHash = await hashSecret(clientSecret);
             clients.set(clientId, {
                 clientId,
+                tenantId,
                 clientSecretHash: secretHash,
                 name,
                 scopes,
@@ -103,7 +116,7 @@ export function createMemoryAuthStore() {
                 return null;
             const clientSecret = generateSecret();
             client.clientSecretHash = await hashSecret(clientSecret);
-            return { clientSecret };
+            return { clientSecret: { $agent_type: "secret", value: clientSecret } };
         },
         async storeToken(token) {
             tokens.set(token.token, token);
@@ -135,6 +148,22 @@ export function createMemoryAuthStore() {
 export function createAuthAgent(options) {
     const { rootKey, allowRegistration = false, registrationScopes, tokenTtl = 3600, store = createMemoryAuthStore(), } = options;
     // --- Public Tools ---
+    const createTenantTool = defineTool({
+        name: "create_tenant",
+        description: "Create a new tenant (organizational unit). All clients and resources are scoped to a tenant.",
+        visibility: "public",
+        inputSchema: {
+            type: "object",
+            properties: {
+                name: { type: "string", description: "Tenant name" },
+            },
+            required: ["name"],
+        },
+        execute: async (input) => {
+            const result = await store.createTenant(input.name);
+            return { tenantId: result.tenantId, name: input.name };
+        },
+    });
     const tokenTool = defineTool({
         name: "token",
         description: "Exchange client credentials for an access token (OAuth2 client_credentials grant)",
@@ -153,8 +182,25 @@ export function createAuthAgent(options) {
             required: ["grantType", "clientId", "clientSecret"],
         },
         execute: async (input) => {
+            if (input.grantType === "refresh_token") {
+                if (!input.refreshToken)
+                    throw new Error("refreshToken is required for refresh_token grant");
+                if (!store.rotateRefreshToken)
+                    throw new Error("Refresh tokens not supported by this store");
+                const result = await store.rotateRefreshToken(input.refreshToken);
+                if (!result)
+                    throw new Error("Invalid or expired refresh token");
+                const now = Math.floor(Date.now() / 1000);
+                const jwt = await signJwt({ sub: result.clientId, name: result.userId, tenantId: result.tenantId, scopes: [], iat: now, exp: now + tokenTtl }, (await store.getClient(result.clientId))?.clientSecretHash ?? "");
+                return {
+                    accessToken: { $agent_type: "secret", value: jwt },
+                    refreshToken: { $agent_type: "secret", value: result.refreshToken },
+                    tokenType: "bearer",
+                    expiresIn: tokenTtl,
+                };
+            }
             if (input.grantType !== "client_credentials") {
-                throw new Error("Unsupported grant type. Use 'client_credentials'.");
+                throw new Error("Unsupported grant type. Use 'client_credentials' or 'refresh_token'.");
             }
             const client = await store.validateClient(input.clientId, input.clientSecret);
             if (!client) {
@@ -164,12 +210,13 @@ export function createAuthAgent(options) {
             const jwt = await signJwt({
                 sub: client.clientId,
                 name: client.name,
+                tenantId: client.tenantId,
                 scopes: client.scopes,
                 iat: now,
                 exp: now + tokenTtl,
             }, client.clientSecretHash);
             return {
-                accessToken: jwt,
+                accessToken: { $agent_type: "secret", value: jwt },
                 tokenType: "bearer",
                 expiresIn: tokenTtl,
                 scopes: client.scopes,
@@ -213,8 +260,8 @@ export function createAuthAgent(options) {
             if (registrationScopes && registrationScopes.length > 0) {
                 scopes = scopes.filter((s) => registrationScopes.includes(s));
             }
-            const { clientId, clientSecret } = await store.createClient(input.name, scopes, true);
-            return { clientId, clientSecret, scopes };
+            const { clientId, clientSecret } = await store.createClient(input.name, scopes, true, input.tenantId);
+            return { clientId, clientSecret: { $agent_type: "secret", value: clientSecret }, scopes };
         },
     });
     // --- Private Tools (root key only) ---
@@ -293,6 +340,7 @@ export function createAuthAgent(options) {
     });
     // --- Assemble tools ---
     const tools = [
+        createTenantTool,
         tokenTool,
         whoamiTool,
         ...(allowRegistration ? [registerTool] : []),

package/dist/agent-definitions/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/agent-definitions/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAEvD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAoHpC,+CAA+C;AAC/C,uBAAuB;AACvB,+CAA+C;AAE/C,SAAS,UAAU,CAAC,MAAc;IAChC,MAAM,KAAK,GAAG,sCAAsC,CAAC;IACrD,IAAI,EAAE,GAAG,MAAM,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,KAAK,GACT,gEAAgE,CAAC;IACnE,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAID,+EAA+E;AAC/E,KAAK,UAAU,UAAU,CAAC,MAAc;IACtC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IACzD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;SACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB;IACnC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC9C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC9C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;IAE5C,OAAO;QACL,KAAK,CAAC,YAAY,CAAC,IAAI;YACrB,MAAM,EAAE,GAAG,UAAU,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACzF,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACrD,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QAC1B,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,QAAQ;YACtB,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;QACvC,CAAC;QAED,KAAK,CAAC,WAAW;YACf,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACtC,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ;YACvD,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,YAAY,GAAG,cAAc,EAAE,CAAC;YACtC,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC;YAElD,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;gBACpB,QAAQ;gBACR,QAAQ;gBACR,gBAAgB,EAAE,UAAU;gBAC5B,IAAI;gBACJ,MAAM;gBACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,cAAc;aACf,CAAC,CAAC;YAEH,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;QACpC,CAAC;QAED,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE,YAAY;YACzC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC;YACzB,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC;YAC5C,OAAO,IAAI,KAAK,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;QAC1D,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,QAAQ;YACtB,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;QACvC,CAAC;QAED,KAAK,CAAC,WAAW;YACf,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACtC,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,QAAQ;YACzB,yCAAyC;YACzC,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;gBACvC,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAChC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,QAAQ;YACzB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC;YACzB,MAAM,YAAY,GAAG,cAAc,EAAE,CAAC;YACtC,MAAM,CAAC,gBAAgB,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC;YACzD,OAAO,EAAE,YAAY,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,EAAS,CAAC;QACjF,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,KAAK;YACpB,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACjC,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,WAAW;YAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACtC,IAAI,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAC;YACxB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;gBACjC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;gBAC3B,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,WAAW;YAC3B,OAAO,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACpC,CAAC;KACF,CAAC;AACJ,CAAC;AAuBD,+CAA+C;AAC/C,oBAAoB;AACpB,+CAA+C;AAE/C;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,OAA+B;IAM/B,MAAM,EACJ,OAAO,EACP,iBAAiB,GAAG,KAAK,EACzB,kBAAkB,EAClB,QAAQ,GAAG,IAAI,EACf,KAAK,GAAG,qBAAqB,EAAE,GAChC,GAAG,OAAO,CAAC;IAEZ,uBAAuB;IAGvB,MAAM,gBAAgB,GAAG,UAAU,CAAC;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,8FAA8F;QAC3G,UAAU,EAAE,QAAiB;QAC7B,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAiB,EAAE,WAAW,EAAE,aAAa,EAAE;aAC9D;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB;QACD,OAAO,EAAE,KAAK,EAAE,KAAuB,EAAE,EAAE;YACzC,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;QACzD,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,UAAU,CAAC;QAC3B,IAAI,EAAE,OAAO;QACb,WAAW,EACT,mFAAmF;QACrF,UAAU,EAAE,QAAQ;QACpB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,oBAAoB,CAAC;oBAC5B,WAAW,EAAE,2CAA2C;iBACzD;gBACD,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE;gBACtD,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;aAC/D;YACD,QAAQ,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,cAAc,CAAC;SACpD;QACD,OAAO,EAAE,KAAK,EAAE,KAMf,EAAE,EAAE;YACH,IAAI,KAAK,CAAC,SAAS,KAAK,eAAe,EAAE,CAAC;gBACxC,IAAI,CAAC,KAAK,CAAC,YAAY;oBAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;gBAC7F,IAAI,CAAC,KAAK,CAAC,kBAAkB;oBAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;gBAC7F,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,kBAAkB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;gBAClE,IAAI,CAAC,MAAM;oBAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;gBACjE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;gBAC1C,MAAM,GAAG,GAAG,MAAM,OAAO,CACvB,EAAE,GAAG,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,QAAQ,EAAE,EACnH,CAAC,MAAM,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,gBAAgB,IAAI,EAAE,CACjE,CAAC;gBACF,OAAO;oBACL,WAAW,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;oBAClD,YAAY,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,YAAY,EAAE;oBACnE,SAAS,EAAE,QAAQ;oBACnB,SAAS,EAAE,QAAQ;iBACb,CAAC;YACX,CAAC;YAED,IAAI,KAAK,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;gBAC7C,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;YAC1F,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,cAAc,CACvC,KAAK,CAAC,QAAS,EACf,KAAK,CAAC,YAAa,CACpB,CAAC;YACF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAChD,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,MAAM,GAAG,GAAG,MAAM,OAAO,CACvB;gBACE,GAAG,EAAE,MAAM,CAAC,QAAQ;gBACpB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,GAAG,EAAE,GAAG;gBACR,GAAG,EAAE,GAAG,GAAG,QAAQ;aACpB,EACD,MAAM,CAAC,gBAAgB,CACxB,CAAC;YAEF,OAAO;gBACL,WAAW,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;gBAClD,SAAS,EAAE,QAAQ;gBACnB,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAGH,MAAM,UAAU,GAAG,UAAU,CAAC;QAC5B,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,+CAA+C;QAC5D,UAAU,EAAE,QAAQ;QACpB,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE;QAC/C,OAAO,EAAE,KAAK,EAAE,MAAe,EAAE,GAAgB,EAAE,EAAE;YACnD,OAAO;gBACL,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,MAAM,EAAG,GAA2C,CAAC,MAAM,IAAI,EAAE;gBACjE,MAAM,EAAE,GAAG,CAAC,QAAQ,KAAK,MAAM;aAChC,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,+BAA+B;IAE/B,MAAM,YAAY,GAAG,UAAU,CAAC;QAC9B,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,4CAA4C;QACzD,UAAU,EAAE,QAAQ;QACpB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;gBAC7D,MAAM,EAAE;oBACN,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,kBAAkB;iBAChC;aACF;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB;QACD,OAAO,EAAE,KAAK,EAAE,KAA4D,EAAE,EAAE;YAC9E,IAAI,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC;YAEhC,gDAAgD;YAChD,IAAI,kBAAkB,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxD,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,KAAK,CAAC,YAAY,CACzD,KAAK,CAAC,IAAI,EACV,MAAM,EACN,IAAI,EACJ,KAAK,CAAC,QAAQ,CACf,CAAC;YAEF,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,MAAM,EAAS,CAAC;QACnG,CAAC;KACF,CAAC,CAAC;IAEH,wCAAwC;IAExC,MAAM,gBAAgB,GAAG,UAAU,CAAC;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,uDAAuD;QACpE,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAE;gBACpD,MAAM,EAAE;oBACN,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,iBAAiB;iBAC/B;aACF;YACD,QAAQ,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC;SAC7B;QACD,OAAO,EAAE,KAAK,EAAE,KAAyC,EAAE,EAAE;YAC3D,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,KAAK,CAAC,YAAY,CACzD,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,MAAM,CACb,CAAC;YACF,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;QAC1D,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,UAAU,CAAC;QACjC,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,0CAA0C;QACvD,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE;QAC/C,OAAO,EAAE,KAAK,IAAI,EAAE;YAClB,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,CAAC;YAC1C,OAAO;gBACL,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAC3B,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,MAAM,EAAE,CAAC,CAAC,MAAM;oBAChB,SAAS,EAAE,CAAC,CAAC,SAAS;oBACtB,cAAc,EAAE,CAAC,CAAC,cAAc,IAAI,KAAK;iBAC1C,CAAC,CAAC;aACJ,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,UAAU,CAAC;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,iDAAiD;QAC9D,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;aACjE;YACD,QAAQ,EAAE,CAAC,UAAU,CAAC;SACvB;QACD,OAAO,EAAE,KAAK,EAAE,KAA2B,EAAE,EAAE;YAC7C,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACzD,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,UAAU,CAAC;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,uCAAuC;QACpD,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;aACjE;YACD,QAAQ,EAAE,CAAC,UAAU,CAAC;SACvB;QACD,OAAO,EAAE,KAAK,EAAE,KAA2B,EAAE,EAAE;YAC7C,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACxD,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpE,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,CAAC;QACzE,CAAC;KACF,CAAC,CAAC;IAEH,yBAAyB;IAEzB,MAAM,KAAK,GAAG;QACZ,gBAAgB;QAChB,SAAS;QACT,UAAU;QACV,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5C,gBAAgB;QAChB,eAAe;QACf,gBAAgB;QAChB,gBAAgB;KACjB,CAAC;IAEF,MAAM,KAAK,GAAG,WAAW,CAAC;QACxB,IAAI,EAAE,OAAO;QACb,UAAU,EACR,gGAAgG;QAClG,MAAM,EAAE;YACN,IAAI,EAAE,MAAM;YACZ,UAAU,EAAE,QAAQ;YACpB,WAAW,EAAE,+BAA+B;YAC5C,gBAAgB,EAAE,CAAC,cAAc,EAAE,gBAAgB,EAAE,MAAM,CAAC;SAC7D;QACD,KAAK,EAAE,KAAsC;QAC7C,UAAU,EAAE,QAAQ;KACrB,CAAC,CAAC;IAEH,iDAAiD;IACjD,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;QAC1B,WAAW,EAAE,KAAK;QAClB,SAAS,EAAE,OAAO;QAClB,UAAU,EAAE,QAAQ;KACrB,CAAC,CAAC;AACL,CAAC"}

package/dist/agent-definitions/secrets.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Secrets - encrypted secret storage and resolution for tool params.
+ *
+ * Provides:
+ * - SecretStore interface for pluggable storage backends
+ * - createSecretsAgent: built-in @secrets agent with store/resolve tools
+ * - processSecretParams: auto-resolve secret:xxx refs in tool params
+ * - AES-256-GCM encryption via crypto.ts
+ */
+import type { AgentDefinition } from "../types.js";
+/**
+ * Pluggable secret storage backend.
+ * Stores encrypted values, resolves refs.
+ */
+export interface SecretStore {
+    /** Store a secret. Returns the secret ID (without prefix). */
+    store(value: string, ownerId: string): Promise<string>;
+    /** Resolve a secret ID to its decrypted value. */
+    resolve(id: string, ownerId: string): Promise<string | null>;
+    /** Delete a secret. */
+    delete(id: string, ownerId: string): Promise<boolean>;
+}
+export declare function isSecretRef(value: unknown): value is string;
+export declare function getSecretId(ref: string): string;
+export declare function makeSecretRef(id: string): string;
+export declare function createInMemorySecretStore(encryptionKey: string): SecretStore;
+export interface SecretsAgentOptions {
+    /** Secret store backend */
+    store: SecretStore;
+}
+/**
+ * Create the built-in @secrets agent.
+ * Provides tools for storing and resolving secrets via MCP.
+ */
+export declare function createSecretsAgent(options: SecretsAgentOptions): AgentDefinition;
+interface SchemaProperty {
+    type?: string;
+    secret?: boolean;
+    properties?: Record<string, SchemaProperty>;
+}
+/**
+ * Process tool params: resolve secret:xxx refs and store raw secret values.
+ */
+export declare function processSecretParams(params: Record<string, unknown>, schema: {
+    properties?: Record<string, SchemaProperty>;
+} | undefined, secretStore: SecretStore, ownerId: string): Promise<{
+    resolved: Record<string, unknown>;
+    redacted: Record<string, unknown>;
+}>;
+export {};
+//# sourceMappingURL=secrets.d.ts.map

package/dist/agent-definitions/secrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/agent-definitions/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,KAAK,EAAE,eAAe,EAA+B,MAAM,aAAa,CAAC;AAMhF;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,8DAA8D;IAC9D,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACvD,kDAAkD;IAClD,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC7D,uBAAuB;IACvB,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACvD;AAQD,wBAAgB,WAAW,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,MAAM,CAE3D;AAED,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAEhD;AAaD,wBAAgB,yBAAyB,CAAC,aAAa,EAAE,MAAM,GAAG,WAAW,CAwB5E;AAMD,MAAM,WAAW,mBAAmB;IAClC,2BAA2B;IAC3B,KAAK,EAAE,WAAW,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,mBAAmB,GAC3B,eAAe,CAiFjB;AAMD,UAAU,cAAc;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CAC7C;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,MAAM,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;CAAE,GAAG,SAAS,EACnE,WAAW,EAAE,WAAW,EACxB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,CAAC,CA4CnF"}

package/dist/agent-definitions/secrets.js

@@ -0,0 +1,182 @@
+/**
+ * Secrets - encrypted secret storage and resolution for tool params.
+ *
+ * Provides:
+ * - SecretStore interface for pluggable storage backends
+ * - createSecretsAgent: built-in @secrets agent with store/resolve tools
+ * - processSecretParams: auto-resolve secret:xxx refs in tool params
+ * - AES-256-GCM encryption via crypto.ts
+ */
+import { encryptSecret, decryptSecret } from "../crypto.js";
+import { defineAgent, defineTool } from "../define.js";
+// ============================================
+// Secret Ref Helpers
+// ============================================
+const SECRET_PREFIX = "secret:";
+export function isSecretRef(value) {
+    return typeof value === "string" && value.startsWith(SECRET_PREFIX);
+}
+export function getSecretId(ref) {
+    return ref.slice(SECRET_PREFIX.length);
+}
+export function makeSecretRef(id) {
+    return `${SECRET_PREFIX}${id}`;
+}
+function randomSecretId() {
+    const chars = "abcdefghijklmnopqrstuvwxyz0123456789";
+    let id = "";
+    for (let i = 0; i < 24; i++)
+        id += chars[Math.floor(Math.random() * chars.length)];
+    return id;
+}
+// ============================================
+// In-Memory SecretStore (default)
+// ============================================
+export function createInMemorySecretStore(encryptionKey) {
+    const secrets = new Map();
+    return {
+        async store(value, ownerId) {
+            const id = randomSecretId();
+            const encrypted = await encryptSecret(value, encryptionKey);
+            secrets.set(id, { encrypted, ownerId });
+            return id;
+        },
+        async resolve(id, ownerId) {
+            const entry = secrets.get(id);
+            if (!entry || entry.ownerId !== ownerId)
+                return null;
+            return decryptSecret(entry.encrypted, encryptionKey);
+        },
+        async delete(id, ownerId) {
+            const entry = secrets.get(id);
+            if (!entry || entry.ownerId !== ownerId)
+                return false;
+            secrets.delete(id);
+            return true;
+        },
+    };
+}
+/**
+ * Create the built-in @secrets agent.
+ * Provides tools for storing and resolving secrets via MCP.
+ */
+export function createSecretsAgent(options) {
+    const { store } = options;
+    const storeSecretTool = defineTool({
+        name: "store",
+        description: "Store secret values. Returns secret:<id> refs for each value.",
+        visibility: "internal",
+        inputSchema: {
+            type: "object",
+            properties: {
+                secrets: {
+                    type: "object",
+                    description: "Key-value pairs to store as secrets",
+                    additionalProperties: { type: "string" },
+                },
+            },
+            required: ["secrets"],
+        },
+        execute: async (input, ctx) => {
+            const ownerId = ctx.callerId ?? "anonymous";
+            const refs = {};
+            for (const [key, value] of Object.entries(input.secrets)) {
+                if (typeof value === "string" && value.length > 0) {
+                    const id = await store.store(value, ownerId);
+                    refs[key] = makeSecretRef(id);
+                }
+            }
+            return { refs };
+        },
+    });
+    const resolveSecretTool = defineTool({
+        name: "resolve",
+        description: "Resolve a secret ref to its value. Only accessible to the owner.",
+        visibility: "internal",
+        inputSchema: {
+            type: "object",
+            properties: {
+                ref: { type: "string", description: "Secret ref (secret:xxx)" },
+            },
+            required: ["ref"],
+        },
+        execute: async (input, ctx) => {
+            const ownerId = ctx.callerId ?? "anonymous";
+            const id = getSecretId(input.ref);
+            const value = await store.resolve(id, ownerId);
+            if (!value)
+                throw new Error("Secret not found or unauthorized");
+            // Return wrapped so actor can handle it
+            return { value: { $agent_type: "secret", value } };
+        },
+    });
+    const revokeSecretTool = defineTool({
+        name: "revoke",
+        description: "Delete a stored secret.",
+        visibility: "internal",
+        inputSchema: {
+            type: "object",
+            properties: {
+                ref: { type: "string", description: "Secret ref to revoke" },
+            },
+            required: ["ref"],
+        },
+        execute: async (input, ctx) => {
+            const ownerId = ctx.callerId ?? "anonymous";
+            const id = getSecretId(input.ref);
+            const deleted = await store.delete(id, ownerId);
+            return { deleted };
+        },
+    });
+    return defineAgent({
+        path: "@secrets",
+        entrypoint: "Secret storage agent. Stores, resolves, and manages encrypted secrets.",
+        config: {
+            name: "Secrets",
+            description: "Encrypted secret storage and management",
+            visibility: "internal",
+        },
+        tools: [storeSecretTool, resolveSecretTool, revokeSecretTool],
+    });
+}
+/**
+ * Process tool params: resolve secret:xxx refs and store raw secret values.
+ */
+export async function processSecretParams(params, schema, secretStore, ownerId) {
+    const resolved = { ...params };
+    const redacted = { ...params };
+    if (!schema?.properties)
+        return { resolved, redacted };
+    for (const [key, schemaProp] of Object.entries(schema.properties)) {
+        const value = params[key];
+        if (value === undefined || value === null)
+            continue;
+        if (schemaProp.type === "object" && typeof value === "object" && !Array.isArray(value)) {
+            const nested = await processSecretParams(value, schemaProp, secretStore, ownerId);
+            resolved[key] = nested.resolved;
+            redacted[key] = nested.redacted;
+            continue;
+        }
+        if (typeof value !== "string")
+            continue;
+        // Resolve secret refs
+        if (isSecretRef(value)) {
+            const id = getSecretId(value);
+            const realValue = await secretStore.resolve(id, ownerId);
+            if (realValue === null)
+                throw new Error(`Secret not found: ${value}`);
+            resolved[key] = realValue;
+            redacted[key] = value;
+            continue;
+        }
+        // Auto-store raw values in secret: true fields
+        if (schemaProp.secret && value.length > 0) {
+            const id = await secretStore.store(value, ownerId);
+            resolved[key] = value;
+            redacted[key] = makeSecretRef(id);
+            continue;
+        }
+    }
+    return { resolved, redacted };
+}
+//# sourceMappingURL=secrets.js.map

package/dist/agent-definitions/secrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/agent-definitions/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAoBvD,+CAA+C;AAC/C,qBAAqB;AACrB,+CAA+C;AAE/C,MAAM,aAAa,GAAG,SAAS,CAAC;AAEhC,MAAM,UAAU,WAAW,CAAC,KAAc;IACxC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,OAAO,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,EAAU;IACtC,OAAO,GAAG,aAAa,GAAG,EAAE,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,KAAK,GAAG,sCAAsC,CAAC;IACrD,IAAI,EAAE,GAAG,EAAE,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;QAAE,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACnF,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,+CAA+C;AAC/C,kCAAkC;AAClC,+CAA+C;AAE/C,MAAM,UAAU,yBAAyB,CAAC,aAAqB;IAC7D,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkD,CAAC;IAE1E,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO;YACxB,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YACxC,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO;YACvB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YACrD,OAAO,aAAa,CAAC,KAAK,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,OAAO;YACtB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;gBAAE,OAAO,KAAK,CAAC;YACtD,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC;AAWD;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAA4B;IAE5B,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAE1B,MAAM,eAAe,GAAG,UAAU,CAAC;QACjC,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,+DAA+D;QAC5E,UAAU,EAAE,UAAmB;QAC/B,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,IAAI,EAAE,QAAiB;oBACvB,WAAW,EAAE,qCAAqC;oBAClD,oBAAoB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBACzC;aACF;YACD,QAAQ,EAAE,CAAC,SAAS,CAAC;SACtB;QACD,OAAO,EAAE,KAAK,EAAE,KAA0C,EAAE,GAAgB,EAAE,EAAE;YAC9E,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,IAAI,WAAW,CAAC;YAC5C,MAAM,IAAI,GAA2B,EAAE,CAAC;YACxC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClD,MAAM,EAAE,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;oBAC7C,IAAI,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;YACD,OAAO,EAAE,IAAI,EAAE,CAAC;QAClB,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,iBAAiB,GAAG,UAAU,CAAC;QACnC,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,kEAAkE;QAC/E,UAAU,EAAE,UAAmB;QAC/B,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAiB,EAAE,WAAW,EAAE,yBAAyB,EAAE;aACzE;YACD,QAAQ,EAAE,CAAC,KAAK,CAAC;SAClB;QACD,OAAO,EAAE,KAAK,EAAE,KAAsB,EAAE,GAAgB,EAAE,EAAE;YAC1D,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,IAAI,WAAW,CAAC;YAC5C,MAAM,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClC,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAC/C,IAAI,CAAC,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;YAChE,wCAAwC;YACxC,OAAO,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,CAAC;QACrD,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,UAAU,CAAC;QAClC,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,yBAAyB;QACtC,UAAU,EAAE,UAAmB;QAC/B,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAiB,EAAE,WAAW,EAAE,sBAAsB,EAAE;aACtE;YACD,QAAQ,EAAE,CAAC,KAAK,CAAC;SAClB;QACD,OAAO,EAAE,KAAK,EAAE,KAAsB,EAAE,GAAgB,EAAE,EAAE;YAC1D,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,IAAI,WAAW,CAAC;YAC5C,MAAM,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClC,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAChD,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,CAAC;KACF,CAAC,CAAC;IAEH,OAAO,WAAW,CAAC;QACjB,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,wEAAwE;QACpF,MAAM,EAAE;YACN,IAAI,EAAE,SAAS;YACf,WAAW,EAAE,yCAAyC;YACtD,UAAU,EAAE,UAAU;SACvB;QACD,KAAK,EAAE,CAAC,eAAe,EAAE,iBAAiB,EAAE,gBAAgB,CAAkC;KAC/F,CAAC,CAAC;AACL,CAAC;AAYD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAA+B,EAC/B,MAAmE,EACnE,WAAwB,EACxB,OAAe;IAEf,MAAM,QAAQ,GAA4B,EAAE,GAAG,MAAM,EAAE,CAAC;IACxD,MAAM,QAAQ,GAA4B,EAAE,GAAG,MAAM,EAAE,CAAC;IAExD,IAAI,CAAC,MAAM,EAAE,UAAU;QAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;IAEvD,KAAK,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QAClE,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI;YAAE,SAAS;QAEpD,IAAI,UAAU,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACvF,MAAM,MAAM,GAAG,MAAM,mBAAmB,CACtC,KAAgC,EAChC,UAAU,EACV,WAAW,EACX,OAAO,CACR,CAAC;YACF,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC;YAChC,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC;YAChC,SAAS;QACX,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,SAAS;QAExC,sBAAsB;QACtB,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;YAC9B,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YACzD,IAAI,SAAS,KAAK,IAAI;gBAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,KAAK,EAAE,CAAC,CAAC;YACtE,QAAQ,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;YAC1B,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACtB,SAAS;QACX,CAAC;QAED,+CAA+C;QAC/C,IAAI,UAAU,CAAC,MAAM,IAAK,KAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtD,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YACnD,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACtB,QAAQ,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;YAClC,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AAChC,CAAC"}

package/dist/crypto.d.ts

@@ -0,0 +1,14 @@
+/**
+ * AES-256-GCM encryption utilities for the agents SDK.
+ * Uses Web Crypto API - no external dependencies.
+ */
+/**
+ * Encrypt a string with AES-256-GCM.
+ * Returns a base64-encoded string containing IV + ciphertext.
+ */
+export declare function encryptSecret(plaintext: string, encryptionKey: string): Promise<string>;
+/**
+ * Decrypt a string encrypted with encryptSecret.
+ */
+export declare function decryptSecret(encrypted: string, encryptionKey: string): Promise<string>;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA2BH;;;GAGG;AACH,wBAAsB,aAAa,CACjC,SAAS,EAAE,MAAM,EACjB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,CAAC,CAYjB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,SAAS,EAAE,MAAM,EACjB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,CAAC,CAWjB"}

package/dist/crypto.js

@@ -0,0 +1,40 @@
+/**
+ * AES-256-GCM encryption utilities for the agents SDK.
+ * Uses Web Crypto API - no external dependencies.
+ */
+const encoder = new TextEncoder();
+const decoder = new TextDecoder();
+async function deriveKey(secret) {
+    const keyMaterial = await crypto.subtle.importKey("raw", encoder.encode(secret), "PBKDF2", false, ["deriveKey"]);
+    return crypto.subtle.deriveKey({
+        name: "PBKDF2",
+        salt: encoder.encode("agents-sdk-secrets-v1"),
+        iterations: 100000,
+        hash: "SHA-256",
+    }, keyMaterial, { name: "AES-GCM", length: 256 }, false, ["encrypt", "decrypt"]);
+}
+/**
+ * Encrypt a string with AES-256-GCM.
+ * Returns a base64-encoded string containing IV + ciphertext.
+ */
+export async function encryptSecret(plaintext, encryptionKey) {
+    const key = await deriveKey(encryptionKey);
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const ciphertext = await crypto.subtle.encrypt({ name: "AES-GCM", iv }, key, encoder.encode(plaintext));
+    const combined = new Uint8Array(iv.length + new Uint8Array(ciphertext).length);
+    combined.set(iv);
+    combined.set(new Uint8Array(ciphertext), iv.length);
+    return btoa(String.fromCharCode(...combined));
+}
+/**
+ * Decrypt a string encrypted with encryptSecret.
+ */
+export async function decryptSecret(encrypted, encryptionKey) {
+    const key = await deriveKey(encryptionKey);
+    const combined = Uint8Array.from(atob(encrypted), (c) => c.charCodeAt(0));
+    const iv = combined.slice(0, 12);
+    const ciphertext = combined.slice(12);
+    const plaintext = await crypto.subtle.decrypt({ name: "AES-GCM", iv }, key, ciphertext);
+    return decoder.decode(plaintext);
+}
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAClC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,KAAK,UAAU,SAAS,CAAC,MAAc;IACrC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/C,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EACtB,QAAQ,EACR,KAAK,EACL,CAAC,WAAW,CAAC,CACd,CAAC;IACF,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B;QACE,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,uBAAuB,CAAC;QAC7C,UAAU,EAAE,MAAM;QAClB,IAAI,EAAE,SAAS;KAChB,EACD,WAAW,EACX,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,KAAK,EACL,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,SAAiB,EACjB,aAAqB;IAErB,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC5C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EACvB,GAAG,EACH,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAC1B,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,MAAM,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC;IAC/E,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACjB,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;IACpD,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,SAAiB,EACjB,aAAqB;IAErB,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1E,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjC,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EACvB,GAAG,EACH,UAAU,CACX,CAAC;IACF,OAAO,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AACnC,CAAC"}

package/dist/index.d.ts

@@ -54,8 +54,13 @@ export { createAgentRegistry } from "./registry.js";
 export type { AgentRegistry, AgentRegistryOptions } from "./registry.js";
 export { createAgentServer } from "./server.js";
 export type { AgentServer, AgentServerOptions } from "./server.js";
-export { createAuthAgent, createMemoryAuthStore } from "./auth.js";
-export type { AuthClient, AuthIdentity, AuthStore, AuthToken, CreateAuthAgentOptions, } from "./auth.js";
+export { createAuthAgent, createMemoryAuthStore } from "./agent-definitions/auth.js";
+export type { AuthClient, AuthIdentity, AuthStore, AuthToken, CreateAuthAgentOptions, } from "./agent-definitions/auth.js";
 export { buildAgents } from "./build.js";
 export type { BuildAgentsOptions, BuildAgentsResult } from "./build.js";
+export { createSecretsAgent, createInMemorySecretStore, isSecretRef, processSecretParams } from "./agent-definitions/secrets.js";
+export type { SecretStore, SecretsAgentOptions } from "./agent-definitions/secrets.js";
+export { encryptSecret, decryptSecret } from "./crypto.js";
+export { signJwt, verifyJwt } from "./jwt.js";
+export type { JwtPayload } from "./jwt.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAGH,YAAY,EACV,WAAW,EACX,WAAW,EACX,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,oBAAoB,EACpB,6BAA6B,EAC7B,8BAA8B,EAC9B,sBAAsB,EACtB,2BAA2B,EAC3B,4BAA4B,EAC5B,sBAAsB,EACtB,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,WAAW,EACX,aAAa,EACb,UAAU,EACV,YAAY,EACZ,cAAc,EACd,WAAW,EACX,WAAW,EACX,WAAW,EACX,cAAc,EACd,UAAU,EACV,oBAAoB,EACpB,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAGzE,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGnE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AACnE,YAAY,EACV,UAAU,EACV,YAAY,EACZ,SAAS,EACT,SAAS,EACT,sBAAsB,GACvB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAGH,YAAY,EACV,WAAW,EACX,WAAW,EACX,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,oBAAoB,EACpB,6BAA6B,EAC7B,8BAA8B,EAC9B,sBAAsB,EACtB,2BAA2B,EAC3B,4BAA4B,EAC5B,sBAAsB,EACtB,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,WAAW,EACX,aAAa,EACb,UAAU,EACV,YAAY,EACZ,cAAc,EACd,WAAW,EACX,WAAW,EACX,WAAW,EACX,cAAc,EACd,UAAU,EACV,oBAAoB,EACpB,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAGzE,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGnE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACrF,YAAY,EACV,UAAU,EACV,YAAY,EACZ,SAAS,EACT,SAAS,EACT,sBAAsB,GACvB,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAGxE,OAAO,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AACjI,YAAY,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAGvF,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG3D,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAC9C,YAAY,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC"}

package/dist/index.js

@@ -54,7 +54,14 @@ export { createAgentRegistry } from "./registry.js";
 // Server
 export { createAgentServer } from "./server.js";
 // Auth
-export { createAuthAgent, createMemoryAuthStore } from "./auth.js";
+export { createAuthAgent, createMemoryAuthStore } from "./agent-definitions/auth.js";
 // Build
 export { buildAgents } from "./build.js";
+// Secrets
+export { createSecretsAgent, createInMemorySecretStore, isSecretRef, processSecretParams } from "./agent-definitions/secrets.js";
+// Crypto
+export { encryptSecret, decryptSecret } from "./crypto.js";
+// JWT
+export { signJwt, verifyJwt } from "./jwt.js";
+// Postgres Secret Store
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAsCH,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGtD,WAAW;AACX,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAGpD,SAAS;AACT,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,OAAO;AACP,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AASnE,QAAQ;AACR,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAsCH,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGtD,WAAW;AACX,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAGpD,SAAS;AACT,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,OAAO;AACP,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AASrF,QAAQ;AACR,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGzC,UAAU;AACV,OAAO,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAGjI,SAAS;AACT,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE3D,MAAM;AACN,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAG9C,wBAAwB"}

package/dist/jwt.d.ts

@@ -10,6 +10,8 @@ export interface JwtPayload {
     sub: string;
     /** Client name */
     name: string;
+    /** Tenant ID */
+    tenantId?: string;
     /** Scopes */
     scopes: string[];
     /** Issued at (unix seconds) */

package/dist/jwt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA6CH,kCAAkC;AAClC,MAAM,WAAW,UAAU;IACzB,8BAA8B;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,+BAA+B;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,gCAAgC;IAChC,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;GAMG;AACH,wBAAsB,OAAO,CAC3B,OAAO,EAAE,UAAU,EACnB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAWjB;AAED;;;;;;GAMG;AACH,wBAAsB,SAAS,CAC7B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAyB5B"}
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA6CH,kCAAkC;AAClC,MAAM,WAAW,UAAU;IACzB,8BAA8B;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,+BAA+B;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,gCAAgC;IAChC,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;GAMG;AACH,wBAAsB,OAAO,CAC3B,OAAO,EAAE,UAAU,EACnB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAWjB;AAED;;;;;;GAMG;AACH,wBAAsB,SAAS,CAC7B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAyB5B"}

package/dist/jwt.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,SAAS,eAAe,CAAC,IAAgB;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IAC/C,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,KAAK,UAAU,QAAQ,CACrB,IAAY,EACZ,MAAc;IAEd,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACxE,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,IAAY,EACZ,SAAqB,EACrB,MAAc;IAEd,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;IACF,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,CAAC,MAAqB,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAClG,CAAC;AAgBD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,OAAmB,EACnB,MAAc;IAEd,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IAE5C,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAElD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAEhD,OAAO,GAAG,YAAY,IAAI,YAAY,EAAE,CAAC;AAC3C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,MAAc;IAEd,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEpC,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,KAAK,CAAC;IACpD,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAElD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;QAChD,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QAChE,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CACxC,CAAC;QAEhB,mBAAmB;QACnB,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,SAAS,eAAe,CAAC,IAAgB;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IAC/C,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,KAAK,UAAU,QAAQ,CACrB,IAAY,EACZ,MAAc;IAEd,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACxE,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,IAAY,EACZ,SAAqB,EACrB,MAAc;IAEd,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;IACF,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,CAAC,MAAqB,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAClG,CAAC;AAkBD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,OAAmB,EACnB,MAAc;IAEd,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IAE5C,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAElD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAEhD,OAAO,GAAG,YAAY,IAAI,YAAY,EAAE,CAAC;AAC3C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,MAAc;IAEd,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEpC,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,KAAK,CAAC;IACpD,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAElD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;QAChD,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QAChE,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CACxC,CAAC;QAEhB,mBAAmB;QACnB,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}