@slashfi/agents-sdk 0.4.0 → 0.5.0

package/src/index.ts

@@ -97,23 +97,28 @@ export { createAgentServer } from "./server.js";
 export type { AgentServer, AgentServerOptions } from "./server.js";
 
 // Auth
-export { createAuthAgent, createMemoryAuthStore } from "./auth.js";
+export { createAuthAgent, createMemoryAuthStore } from "./agent-definitions/auth.js";
 export type {
   AuthClient,
   AuthIdentity,
   AuthStore,
   AuthToken,
   CreateAuthAgentOptions,
-} from "./auth.js";
+} from "./agent-definitions/auth.js";
 
 // Build
 export { buildAgents } from "./build.js";
 export type { BuildAgentsOptions, BuildAgentsResult } from "./build.js";
 
 // Secrets
-export { createInMemorySecretStore, isSecretRef, processSecretParams } from "./secrets.js";
-export type { SecretStore } from "./secrets.js";
+export { createSecretsAgent, createInMemorySecretStore, isSecretRef, processSecretParams } from "./agent-definitions/secrets.js";
+export type { SecretStore, SecretsAgentOptions } from "./agent-definitions/secrets.js";
+
+// Crypto
+export { encryptSecret, decryptSecret } from "./crypto.js";
 
 // JWT
 export { signJwt, verifyJwt } from "./jwt.js";
 export type { JwtPayload } from "./jwt.js";
+
+// Postgres Secret Store

package/src/jwt.ts

@@ -54,6 +54,8 @@ export interface JwtPayload {
   sub: string;
   /** Client name */
   name: string;
+  /** Tenant ID */
+  tenantId?: string;
   /** Scopes */
   scopes: string[];
   /** Issued at (unix seconds) */

package/src/server.ts

@@ -25,11 +25,11 @@
  * - Recognizes the root key for admin access
  */
 
-import type { AuthStore } from "./auth.js";
+import type { AuthStore } from "./agent-definitions/auth.js";
 import type { AgentRegistry } from "./registry.js";
 import type { AgentDefinition, CallAgentRequest, Visibility } from "./types.js";
 import { verifyJwt } from "./jwt.js";
-import { type SecretStore, createInMemorySecretStore, processSecretParams } from "./secrets.js";
+import { type SecretStore, processSecretParams } from "./agent-definitions/secrets.js";
 
 // ============================================
 // Server Types
@@ -301,7 +301,7 @@ export function createAgentServer(
     cors = true,
     serverName = "agents-sdk",
     serverVersion = "1.0.0",
-    secretStore = createInMemorySecretStore(),
+    secretStore,
   } = options;
 
   let serverInstance: ReturnType<typeof Bun.serve> | null = null;

package/dist/auth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAGH,OAAO,KAAK,EAAE,eAAe,EAA+B,MAAM,YAAY,CAAC;AAO/E,wBAAwB;AACxB,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,6DAA6D;IAC7D,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,4BAA4B;AAC5B,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,iDAAiD;AACjD,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;CACjB;AAMD;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,8DAA8D;IAC9D,YAAY,CACV,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EAAE,EAChB,cAAc,CAAC,EAAE,OAAO,GACvB,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAEvD,4EAA4E;IAC5E,cAAc,CACZ,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE9B,wBAAwB;IACxB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAExD,wBAAwB;IACxB,WAAW,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAErC,gCAAgC;IAChC,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEjD,wDAAwD;IACxD,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,YAAY,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IAEzE,qBAAqB;IACrB,UAAU,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5C,sEAAsE;IACtE,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAE9D,+BAA+B;IAC/B,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACpD;AAqCD;;;GAGG;AACH,wBAAgB,qBAAqB,IAAI,SAAS,CAyEjD;AAMD,MAAM,WAAW,sBAAsB;IACrC,+CAA+C;IAC/C,OAAO,EAAE,MAAM,CAAC;IAEhB,yEAAyE;IACzE,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAE5B,kFAAkF;IAClF,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE9B,mDAAmD;IACnD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,4CAA4C;IAC5C,KAAK,CAAC,EAAE,SAAS,CAAC;CACnB;AAMD;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,sBAAsB,GAC9B,eAAe,GAAG;IACnB,WAAW,EAAE,SAAS,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB,CAuOA"}

package/dist/auth.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEtD,OAAO,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AA8EnC,+CAA+C;AAC/C,uBAAuB;AACvB,+CAA+C;AAE/C,SAAS,UAAU,CAAC,MAAc;IAChC,MAAM,KAAK,GAAG,sCAAsC,CAAC;IACrD,IAAI,EAAE,GAAG,MAAM,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,KAAK,GACT,gEAAgE,CAAC;IACnE,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAID,+EAA+E;AAC/E,KAAK,UAAU,UAAU,CAAC,MAAc;IACtC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IACzD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;SACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB;IACnC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC9C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;IAE5C,OAAO;QACL,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc;YAC7C,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,YAAY,GAAG,cAAc,EAAE,CAAC;YACtC,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC;YAElD,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;gBACpB,QAAQ;gBACR,gBAAgB,EAAE,UAAU;gBAC5B,IAAI;gBACJ,MAAM;gBACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,cAAc;aACf,CAAC,CAAC;YAEH,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;QACpC,CAAC;QAED,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE,YAAY;YACzC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC;YACzB,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC;YAC5C,OAAO,IAAI,KAAK,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;QAC1D,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,QAAQ;YACtB,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;QACvC,CAAC;QAED,KAAK,CAAC,WAAW;YACf,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACtC,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,QAAQ;YACzB,yCAAyC;YACzC,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;gBACvC,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAChC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,QAAQ;YACzB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC;YACzB,MAAM,YAAY,GAAG,cAAc,EAAE,CAAC;YACtC,MAAM,CAAC,gBAAgB,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC;YACzD,OAAO,EAAE,YAAY,EAAE,CAAC;QAC1B,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,KAAK;YACpB,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACjC,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,WAAW;YAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACtC,IAAI,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAC;YACxB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;gBACjC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;gBAC3B,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,WAAW;YAC3B,OAAO,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACpC,CAAC;KACF,CAAC;AACJ,CAAC;AAuBD,+CAA+C;AAC/C,oBAAoB;AACpB,+CAA+C;AAE/C;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,OAA+B;IAM/B,MAAM,EACJ,OAAO,EACP,iBAAiB,GAAG,KAAK,EACzB,kBAAkB,EAClB,QAAQ,GAAG,IAAI,EACf,KAAK,GAAG,qBAAqB,EAAE,GAChC,GAAG,OAAO,CAAC;IAEZ,uBAAuB;IAEvB,MAAM,SAAS,GAAG,UAAU,CAAC;QAC3B,IAAI,EAAE,OAAO;QACb,WAAW,EACT,mFAAmF;QACrF,UAAU,EAAE,QAAQ;QACpB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,oBAAoB,CAAC;oBAC5B,WAAW,EAAE,2CAA2C;iBACzD;gBACD,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE;gBACtD,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;aAC/D;YACD,QAAQ,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,cAAc,CAAC;SACpD;QACD,OAAO,EAAE,KAAK,EAAE,KAIf,EAAE,EAAE;YACH,IAAI,KAAK,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;gBAC7C,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,cAAc,CACvC,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,YAAY,CACnB,CAAC;YACF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAChD,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,MAAM,GAAG,GAAG,MAAM,OAAO,CACvB;gBACE,GAAG,EAAE,MAAM,CAAC,QAAQ;gBACpB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,GAAG,EAAE,GAAG;gBACR,GAAG,EAAE,GAAG,GAAG,QAAQ;aACpB,EACD,MAAM,CAAC,gBAAgB,CACxB,CAAC;YAEF,OAAO;gBACL,WAAW,EAAE,GAAG;gBAChB,SAAS,EAAE,QAAQ;gBACnB,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,UAAU,CAAC;QAC5B,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,+CAA+C;QAC5D,UAAU,EAAE,QAAQ;QACpB,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE;QAC/C,OAAO,EAAE,KAAK,EAAE,MAAe,EAAE,GAAgB,EAAE,EAAE;YACnD,OAAO;gBACL,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,MAAM,EAAG,GAA2C,CAAC,MAAM,IAAI,EAAE;gBACjE,MAAM,EAAE,GAAG,CAAC,QAAQ,KAAK,MAAM;aAChC,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,+BAA+B;IAE/B,MAAM,YAAY,GAAG,UAAU,CAAC;QAC9B,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,4CAA4C;QACzD,UAAU,EAAE,QAAQ;QACpB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;gBAC7D,MAAM,EAAE;oBACN,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,kBAAkB;iBAChC;aACF;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB;QACD,OAAO,EAAE,KAAK,EAAE,KAA0C,EAAE,EAAE;YAC5D,IAAI,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC;YAEhC,gDAAgD;YAChD,IAAI,kBAAkB,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxD,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,KAAK,CAAC,YAAY,CACzD,KAAK,CAAC,IAAI,EACV,MAAM,EACN,IAAI,CACL,CAAC;YAEF,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;QAC5C,CAAC;KACF,CAAC,CAAC;IAEH,wCAAwC;IAExC,MAAM,gBAAgB,GAAG,UAAU,CAAC;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,uDAAuD;QACpE,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,aAAa,EAAE;gBACpD,MAAM,EAAE;oBACN,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,iBAAiB;iBAC/B;aACF;YACD,QAAQ,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC;SAC7B;QACD,OAAO,EAAE,KAAK,EAAE,KAAyC,EAAE,EAAE;YAC3D,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,KAAK,CAAC,YAAY,CACzD,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,MAAM,CACb,CAAC;YACF,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;QAC1D,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,UAAU,CAAC;QACjC,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,0CAA0C;QACvD,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE;QAC/C,OAAO,EAAE,KAAK,IAAI,EAAE;YAClB,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,CAAC;YAC1C,OAAO;gBACL,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAC3B,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,MAAM,EAAE,CAAC,CAAC,MAAM;oBAChB,SAAS,EAAE,CAAC,CAAC,SAAS;oBACtB,cAAc,EAAE,CAAC,CAAC,cAAc,IAAI,KAAK;iBAC1C,CAAC,CAAC;aACJ,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,UAAU,CAAC;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,iDAAiD;QAC9D,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;aACjE;YACD,QAAQ,EAAE,CAAC,UAAU,CAAC;SACvB;QACD,OAAO,EAAE,KAAK,EAAE,KAA2B,EAAE,EAAE;YAC7C,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACzD,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,UAAU,CAAC;QAClC,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,uCAAuC;QACpD,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE;aACjE;YACD,QAAQ,EAAE,CAAC,UAAU,CAAC;SACvB;QACD,OAAO,EAAE,KAAK,EAAE,KAA2B,EAAE,EAAE;YAC7C,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACxD,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpE,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,CAAC;QACzE,CAAC;KACF,CAAC,CAAC;IAEH,yBAAyB;IAEzB,MAAM,KAAK,GAAG;QACZ,SAAS;QACT,UAAU;QACV,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5C,gBAAgB;QAChB,eAAe;QACf,gBAAgB;QAChB,gBAAgB;KACjB,CAAC;IAEF,MAAM,KAAK,GAAG,WAAW,CAAC;QACxB,IAAI,EAAE,OAAO;QACb,UAAU,EACR,gGAAgG;QAClG,MAAM,EAAE;YACN,IAAI,EAAE,MAAM;YACZ,UAAU,EAAE,QAAQ;YACpB,WAAW,EAAE,+BAA+B;YAC5C,gBAAgB,EAAE,CAAC,cAAc,EAAE,gBAAgB,EAAE,MAAM,CAAC;SAC7D;QACD,KAAK,EAAE,KAAsC;QAC7C,UAAU,EAAE,QAAQ;KACrB,CAAC,CAAC;IAEH,iDAAiD;IACjD,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE;QAC1B,WAAW,EAAE,KAAK;QAClB,SAAS,EAAE,OAAO;QAClB,UAAU,EAAE,QAAQ;KACrB,CAAC,CAAC;AACL,CAAC"}

package/dist/secrets.d.ts

@@ -1,44 +0,0 @@
-/**
- * Secrets - encrypted secret storage and resolution for tool params.
- *
- * Secrets are stored encrypted and referenced via `secret:<id>` strings.
- * The SDK automatically:
- * - Resolves `secret:xxx` refs in tool params before execution
- * - Stores raw values in `secret: true` schema fields and replaces with refs
- * - Redacts secrets from tool results in LLM context
- */
-export interface SecretStore {
-    /** Store a secret value. Returns the secret ref (e.g., "secret:abc123"). */
-    store(value: string, ownerId: string): Promise<string>;
-    /** Resolve a secret ref to its value. Returns null if not found or unauthorized. */
-    resolve(ref: string, ownerId: string): Promise<string | null>;
-    /** Delete a secret. */
-    delete(ref: string, ownerId: string): Promise<boolean>;
-}
-export declare function isSecretRef(value: unknown): value is string;
-export declare function getSecretId(ref: string): string;
-export declare function makeSecretRef(id: string): string;
-export declare function createInMemorySecretStore(): SecretStore;
-interface SchemaProperty {
-    type?: string;
-    secret?: boolean;
-    properties?: Record<string, SchemaProperty>;
-}
-/**
- * Walk tool params, resolve `secret:xxx` refs and store raw secret values.
- *
- * - If a param value is `secret:xxx`, resolve it from the store.
- * - If a param has `secret: true` in schema and value is a raw string,
- *   store it and replace with a ref (for logging/context).
- *
- * Returns: { resolved: params with real values for tool execution,
- *            redacted: params with refs for logging }
- */
-export declare function processSecretParams(params: Record<string, unknown>, schema: {
-    properties?: Record<string, SchemaProperty>;
-} | undefined, secretStore: SecretStore, ownerId: string): Promise<{
-    resolved: Record<string, unknown>;
-    redacted: Record<string, unknown>;
-}>;
-export {};
-//# sourceMappingURL=secrets.d.ts.map

package/dist/secrets.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../src/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAOH,MAAM,WAAW,WAAW;IAC1B,4EAA4E;IAC5E,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvD,oFAAoF;IACpF,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAE9D,uBAAuB;IACvB,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACxD;AAQD,wBAAgB,WAAW,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,MAAM,CAE3D;AAED,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAEhD;AAaD,wBAAgB,yBAAyB,IAAI,WAAW,CAyBvD;AAMD,UAAU,cAAc;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CAC7C;AAED;;;;;;;;;GASG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,MAAM,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;CAAE,GAAG,SAAS,EACnE,WAAW,EAAE,WAAW,EACxB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,CAAC,CA8CnF"}

package/dist/secrets.js

@@ -1,106 +0,0 @@
-/**
- * Secrets - encrypted secret storage and resolution for tool params.
- *
- * Secrets are stored encrypted and referenced via `secret:<id>` strings.
- * The SDK automatically:
- * - Resolves `secret:xxx` refs in tool params before execution
- * - Stores raw values in `secret: true` schema fields and replaces with refs
- * - Redacts secrets from tool results in LLM context
- */
-// ============================================
-// Secret Ref Helpers
-// ============================================
-const SECRET_PREFIX = "secret:";
-export function isSecretRef(value) {
-    return typeof value === "string" && value.startsWith(SECRET_PREFIX);
-}
-export function getSecretId(ref) {
-    return ref.slice(SECRET_PREFIX.length);
-}
-export function makeSecretRef(id) {
-    return `${SECRET_PREFIX}${id}`;
-}
-function randomSecretId() {
-    const chars = "abcdefghijklmnopqrstuvwxyz0123456789";
-    let id = "";
-    for (let i = 0; i < 24; i++)
-        id += chars[Math.floor(Math.random() * chars.length)];
-    return id;
-}
-// ============================================
-// In-Memory SecretStore (default)
-// ============================================
-export function createInMemorySecretStore() {
-    const secrets = new Map();
-    return {
-        async store(value, ownerId) {
-            const id = randomSecretId();
-            secrets.set(id, { value, ownerId });
-            return makeSecretRef(id);
-        },
-        async resolve(ref, ownerId) {
-            const id = getSecretId(ref);
-            const entry = secrets.get(id);
-            if (!entry || entry.ownerId !== ownerId)
-                return null;
-            return entry.value;
-        },
-        async delete(ref, ownerId) {
-            const id = getSecretId(ref);
-            const entry = secrets.get(id);
-            if (!entry || entry.ownerId !== ownerId)
-                return false;
-            secrets.delete(id);
-            return true;
-        },
-    };
-}
-/**
- * Walk tool params, resolve `secret:xxx` refs and store raw secret values.
- *
- * - If a param value is `secret:xxx`, resolve it from the store.
- * - If a param has `secret: true` in schema and value is a raw string,
- *   store it and replace with a ref (for logging/context).
- *
- * Returns: { resolved: params with real values for tool execution,
- *            redacted: params with refs for logging }
- */
-export async function processSecretParams(params, schema, secretStore, ownerId) {
-    const resolved = { ...params };
-    const redacted = { ...params };
-    if (!schema?.properties)
-        return { resolved, redacted };
-    for (const [key, schemaProp] of Object.entries(schema.properties)) {
-        const value = params[key];
-        if (value === undefined || value === null)
-            continue;
-        // Recurse into nested objects
-        if (schemaProp.type === "object" && typeof value === "object" && !Array.isArray(value)) {
-            const nested = await processSecretParams(value, schemaProp, secretStore, ownerId);
-            resolved[key] = nested.resolved;
-            redacted[key] = nested.redacted;
-            continue;
-        }
-        if (typeof value !== "string")
-            continue;
-        // Case 1: Value is already a secret ref - resolve it
-        if (isSecretRef(value)) {
-            const realValue = await secretStore.resolve(value, ownerId);
-            if (realValue === null) {
-                throw new Error(`Secret not found or unauthorized: ${value}`);
-            }
-            resolved[key] = realValue;
-            redacted[key] = value; // keep the ref in redacted version
-            continue;
-        }
-        // Case 2: Schema says this field is secret + value is raw - store it
-        if (schemaProp.secret && value.length > 0) {
-            const ref = await secretStore.store(value, ownerId);
-            resolved[key] = value; // tool gets the real value
-            redacted[key] = ref; // logs/context get the ref
-            continue;
-        }
-    }
-    return { resolved, redacted };
-}
-//# sourceMappingURL=secrets.js.map

package/dist/secrets.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../src/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAkBH,+CAA+C;AAC/C,qBAAqB;AACrB,+CAA+C;AAE/C,MAAM,aAAa,GAAG,SAAS,CAAC;AAEhC,MAAM,UAAU,WAAW,CAAC,KAAc;IACxC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,OAAO,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,EAAU;IACtC,OAAO,GAAG,aAAa,GAAG,EAAE,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,KAAK,GAAG,sCAAsC,CAAC;IACrD,IAAI,EAAE,GAAG,EAAE,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;QAAE,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACnF,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,+CAA+C;AAC/C,kCAAkC;AAClC,+CAA+C;AAE/C,MAAM,UAAU,yBAAyB;IACvC,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8C,CAAC;IAEtE,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO;YACxB,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YACpC,OAAO,aAAa,CAAC,EAAE,CAAC,CAAC;QAC3B,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO;YACxB,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YACrD,OAAO,KAAK,CAAC,KAAK,CAAC;QACrB,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO;YACvB,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;gBAAE,OAAO,KAAK,CAAC;YACtD,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC;AAYD;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAA+B,EAC/B,MAAmE,EACnE,WAAwB,EACxB,OAAe;IAEf,MAAM,QAAQ,GAA4B,EAAE,GAAG,MAAM,EAAE,CAAC;IACxD,MAAM,QAAQ,GAA4B,EAAE,GAAG,MAAM,EAAE,CAAC;IAExD,IAAI,CAAC,MAAM,EAAE,UAAU;QAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;IAEvD,KAAK,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QAClE,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI;YAAE,SAAS;QAEpD,8BAA8B;QAC9B,IAAI,UAAU,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACvF,MAAM,MAAM,GAAG,MAAM,mBAAmB,CACtC,KAAgC,EAChC,UAAU,EACV,WAAW,EACX,OAAO,CACR,CAAC;YACF,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC;YAChC,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC;YAChC,SAAS;QACX,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,SAAS;QAExC,qDAAqD;QACrD,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAC5D,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,qCAAqC,KAAK,EAAE,CAAC,CAAC;YAChE,CAAC;YACD,QAAQ,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;YAC1B,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,mCAAmC;YAC1D,SAAS;QACX,CAAC;QAED,qEAAqE;QACrE,IAAI,UAAU,CAAC,MAAM,IAAK,KAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YACpD,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,2BAA2B;YAClD,QAAQ,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAG,2BAA2B;YAClD,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AAChC,CAAC"}

package/src/secrets.ts

@@ -1,154 +0,0 @@
-/**
- * Secrets - encrypted secret storage and resolution for tool params.
- *
- * Secrets are stored encrypted and referenced via `secret:<id>` strings.
- * The SDK automatically:
- * - Resolves `secret:xxx` refs in tool params before execution
- * - Stores raw values in `secret: true` schema fields and replaces with refs
- * - Redacts secrets from tool results in LLM context
- */
-
-
-// ============================================
-// SecretStore Interface
-// ============================================
-
-export interface SecretStore {
-  /** Store a secret value. Returns the secret ref (e.g., "secret:abc123"). */
-  store(value: string, ownerId: string): Promise<string>;
-
-  /** Resolve a secret ref to its value. Returns null if not found or unauthorized. */
-  resolve(ref: string, ownerId: string): Promise<string | null>;
-
-  /** Delete a secret. */
-  delete(ref: string, ownerId: string): Promise<boolean>;
-}
-
-// ============================================
-// Secret Ref Helpers
-// ============================================
-
-const SECRET_PREFIX = "secret:";
-
-export function isSecretRef(value: unknown): value is string {
-  return typeof value === "string" && value.startsWith(SECRET_PREFIX);
-}
-
-export function getSecretId(ref: string): string {
-  return ref.slice(SECRET_PREFIX.length);
-}
-
-export function makeSecretRef(id: string): string {
-  return `${SECRET_PREFIX}${id}`;
-}
-
-function randomSecretId(): string {
-  const chars = "abcdefghijklmnopqrstuvwxyz0123456789";
-  let id = "";
-  for (let i = 0; i < 24; i++) id += chars[Math.floor(Math.random() * chars.length)];
-  return id;
-}
-
-// ============================================
-// In-Memory SecretStore (default)
-// ============================================
-
-export function createInMemorySecretStore(): SecretStore {
-  const secrets = new Map<string, { value: string; ownerId: string }>();
-
-  return {
-    async store(value, ownerId) {
-      const id = randomSecretId();
-      secrets.set(id, { value, ownerId });
-      return makeSecretRef(id);
-    },
-
-    async resolve(ref, ownerId) {
-      const id = getSecretId(ref);
-      const entry = secrets.get(id);
-      if (!entry || entry.ownerId !== ownerId) return null;
-      return entry.value;
-    },
-
-    async delete(ref, ownerId) {
-      const id = getSecretId(ref);
-      const entry = secrets.get(id);
-      if (!entry || entry.ownerId !== ownerId) return false;
-      secrets.delete(id);
-      return true;
-    },
-  };
-}
-
-// ============================================
-// Param Resolution
-// ============================================
-
-interface SchemaProperty {
-  type?: string;
-  secret?: boolean;
-  properties?: Record<string, SchemaProperty>;
-}
-
-/**
- * Walk tool params, resolve `secret:xxx` refs and store raw secret values.
- *
- * - If a param value is `secret:xxx`, resolve it from the store.
- * - If a param has `secret: true` in schema and value is a raw string,
- *   store it and replace with a ref (for logging/context).
- *
- * Returns: { resolved: params with real values for tool execution,
- *            redacted: params with refs for logging }
- */
-export async function processSecretParams(
-  params: Record<string, unknown>,
-  schema: { properties?: Record<string, SchemaProperty> } | undefined,
-  secretStore: SecretStore,
-  ownerId: string,
-): Promise<{ resolved: Record<string, unknown>; redacted: Record<string, unknown> }> {
-  const resolved: Record<string, unknown> = { ...params };
-  const redacted: Record<string, unknown> = { ...params };
-
-  if (!schema?.properties) return { resolved, redacted };
-
-  for (const [key, schemaProp] of Object.entries(schema.properties)) {
-    const value = params[key];
-    if (value === undefined || value === null) continue;
-
-    // Recurse into nested objects
-    if (schemaProp.type === "object" && typeof value === "object" && !Array.isArray(value)) {
-      const nested = await processSecretParams(
-        value as Record<string, unknown>,
-        schemaProp,
-        secretStore,
-        ownerId,
-      );
-      resolved[key] = nested.resolved;
-      redacted[key] = nested.redacted;
-      continue;
-    }
-
-    if (typeof value !== "string") continue;
-
-    // Case 1: Value is already a secret ref - resolve it
-    if (isSecretRef(value)) {
-      const realValue = await secretStore.resolve(value, ownerId);
-      if (realValue === null) {
-        throw new Error(`Secret not found or unauthorized: ${value}`);
-      }
-      resolved[key] = realValue;
-      redacted[key] = value; // keep the ref in redacted version
-      continue;
-    }
-
-    // Case 2: Schema says this field is secret + value is raw - store it
-    if (schemaProp.secret && (value as string).length > 0) {
-      const ref = await secretStore.store(value, ownerId);
-      resolved[key] = value; // tool gets the real value
-      redacted[key] = ref;   // logs/context get the ref
-      continue;
-    }
-  }
-
-  return { resolved, redacted };
-}