@slashfi/agents-sdk 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent-definitions/secrets.d.ts +26 -3
- package/dist/agent-definitions/secrets.d.ts.map +1 -1
- package/dist/agent-definitions/secrets.js +26 -3
- package/dist/agent-definitions/secrets.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
- package/src/agent-definitions/secrets.ts +61 -6
- package/src/index.ts +1 -0
|
@@ -12,13 +12,36 @@ import type { AgentDefinition } from "../types.js";
|
|
|
12
12
|
* Pluggable secret storage backend.
|
|
13
13
|
* Stores encrypted values, resolves refs.
|
|
14
14
|
*/
|
|
15
|
+
/**
|
|
16
|
+
* Scope for multi-tenant secret isolation.
|
|
17
|
+
* When provided, secrets are partitioned by tenant/instance.
|
|
18
|
+
*/
|
|
19
|
+
export interface SecretScope {
|
|
20
|
+
tenantId: string;
|
|
21
|
+
instanceKey?: string;
|
|
22
|
+
}
|
|
15
23
|
export interface SecretStore {
|
|
16
24
|
/** Store a secret. Returns the secret ID (without prefix). */
|
|
17
|
-
store(value: string, ownerId: string): Promise<string>;
|
|
25
|
+
store(value: string, ownerId: string, scope?: SecretScope): Promise<string>;
|
|
18
26
|
/** Resolve a secret ID to its decrypted value. */
|
|
19
|
-
resolve(id: string, ownerId: string): Promise<string | null>;
|
|
27
|
+
resolve(id: string, ownerId: string, scope?: SecretScope): Promise<string | null>;
|
|
20
28
|
/** Delete a secret. */
|
|
21
|
-
delete(id: string, ownerId: string): Promise<boolean>;
|
|
29
|
+
delete(id: string, ownerId: string, scope?: SecretScope): Promise<boolean>;
|
|
30
|
+
/**
|
|
31
|
+
* Store multiple secrets in a single operation.
|
|
32
|
+
* Returns an array of secret IDs in the same order as the input values.
|
|
33
|
+
*/
|
|
34
|
+
storeBatch?(values: string[], ownerId: string, scope?: SecretScope): Promise<string[]>;
|
|
35
|
+
/**
|
|
36
|
+
* Associate a secret with an entity (e.g., a provider config, a connection).
|
|
37
|
+
* Enables lookup of secrets by entity rather than by ID.
|
|
38
|
+
*/
|
|
39
|
+
associate?(secretId: string, entityType: string, entityId: string, scope?: SecretScope): Promise<void>;
|
|
40
|
+
/**
|
|
41
|
+
* Resolve secrets associated with an entity.
|
|
42
|
+
* Returns all secret IDs linked to the given entity.
|
|
43
|
+
*/
|
|
44
|
+
resolveByEntity?(entityType: string, entityId: string, scope?: SecretScope): Promise<string[]>;
|
|
22
45
|
}
|
|
23
46
|
export declare function isSecretRef(value: unknown): value is string;
|
|
24
47
|
export declare function getSecretId(ref: string): string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/agent-definitions/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,KAAK,EAAE,eAAe,EAA+B,MAAM,aAAa,CAAC;AAMhF;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,8DAA8D;IAC9D,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/agent-definitions/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,KAAK,EAAE,eAAe,EAA+B,MAAM,aAAa,CAAC;AAMhF;;;GAGG;AACH;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,8DAA8D;IAC9D,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE5E,kDAAkD;IAClD,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAElF,uBAAuB;IACvB,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE3E;;;OAGG;IACH,UAAU,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAEvF;;;OAGG;IACH,SAAS,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvG;;;OAGG;IACH,eAAe,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CAChG;AAQD,wBAAgB,WAAW,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,MAAM,CAE3D;AAED,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAEhD;AAcD,wBAAgB,yBAAyB,CAAC,aAAa,EAAE,MAAM,GAAG,WAAW,CAkD5E;AAMD,MAAM,WAAW,mBAAmB;IAClC,2BAA2B;IAC3B,KAAK,EAAE,WAAW,CAAC;CACpB;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,mBAAmB,GAC3B,eAAe,CAoEjB;AAMD,UAAU,cAAc;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CAC7C;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,MAAM,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;CAAE,GAAG,SAAS,EACnE,WAAW,EAAE,WAAW,EACxB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;IACT,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC,CAAC,CA+CD"}
|
|
@@ -34,26 +34,49 @@ function randomSecretId() {
|
|
|
34
34
|
// ============================================
|
|
35
35
|
export function createInMemorySecretStore(encryptionKey) {
|
|
36
36
|
const secrets = new Map();
|
|
37
|
+
const associations = new Map(); // "entityType:entityId" -> secretIds
|
|
37
38
|
return {
|
|
38
|
-
async store(value, ownerId) {
|
|
39
|
+
async store(value, ownerId, _scope) {
|
|
39
40
|
const id = randomSecretId();
|
|
40
41
|
const encrypted = await encryptSecret(value, encryptionKey);
|
|
41
42
|
secrets.set(id, { encrypted, ownerId });
|
|
42
43
|
return id;
|
|
43
44
|
},
|
|
44
|
-
async resolve(id, ownerId) {
|
|
45
|
+
async resolve(id, ownerId, _scope) {
|
|
45
46
|
const entry = secrets.get(id);
|
|
46
47
|
if (!entry || entry.ownerId !== ownerId)
|
|
47
48
|
return null;
|
|
48
49
|
return decryptSecret(entry.encrypted, encryptionKey);
|
|
49
50
|
},
|
|
50
|
-
async delete(id, ownerId) {
|
|
51
|
+
async delete(id, ownerId, _scope) {
|
|
51
52
|
const entry = secrets.get(id);
|
|
52
53
|
if (!entry || entry.ownerId !== ownerId)
|
|
53
54
|
return false;
|
|
54
55
|
secrets.delete(id);
|
|
55
56
|
return true;
|
|
56
57
|
},
|
|
58
|
+
async storeBatch(values, ownerId, _scope) {
|
|
59
|
+
const ids = [];
|
|
60
|
+
for (const value of values) {
|
|
61
|
+
const id = randomSecretId();
|
|
62
|
+
const encrypted = await encryptSecret(value, encryptionKey);
|
|
63
|
+
secrets.set(id, { encrypted, ownerId });
|
|
64
|
+
ids.push(id);
|
|
65
|
+
}
|
|
66
|
+
return ids;
|
|
67
|
+
},
|
|
68
|
+
async associate(secretId, entityType, entityId, _scope) {
|
|
69
|
+
const key = `${entityType}:${entityId}`;
|
|
70
|
+
const existing = associations.get(key) ?? [];
|
|
71
|
+
if (!existing.includes(secretId)) {
|
|
72
|
+
existing.push(secretId);
|
|
73
|
+
associations.set(key, existing);
|
|
74
|
+
}
|
|
75
|
+
},
|
|
76
|
+
async resolveByEntity(entityType, entityId, _scope) {
|
|
77
|
+
const key = `${entityType}:${entityId}`;
|
|
78
|
+
return associations.get(key) ?? [];
|
|
79
|
+
},
|
|
57
80
|
};
|
|
58
81
|
}
|
|
59
82
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/agent-definitions/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/agent-definitions/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAiDvD,+CAA+C;AAC/C,qBAAqB;AACrB,+CAA+C;AAE/C,MAAM,aAAa,GAAG,SAAS,CAAC;AAEhC,MAAM,UAAU,WAAW,CAAC,KAAc;IACxC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,OAAO,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,EAAU;IACtC,OAAO,GAAG,aAAa,GAAG,EAAE,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,KAAK,GAAG,sCAAsC,CAAC;IACrD,IAAI,EAAE,GAAG,EAAE,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;QACzB,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,+CAA+C;AAC/C,kCAAkC;AAClC,+CAA+C;AAE/C,MAAM,UAAU,yBAAyB,CAAC,aAAqB;IAC7D,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkD,CAAC;IAC1E,MAAM,YAAY,GAAG,IAAI,GAAG,EAAoB,CAAC,CAAC,qCAAqC;IAEvF,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,MAAO;YACjC,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YACxC,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,MAAO;YAChC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YACrD,OAAO,aAAa,CAAC,KAAK,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,OAAO,EAAE,MAAO;YAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;gBAAE,OAAO,KAAK,CAAC;YACtD,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,EAAE,MAAO;YACvC,MAAM,GAAG,GAAa,EAAE,CAAC;YACzB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;gBAC5B,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;gBAC5D,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;gBACxC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAO;YACrD,MAAM,GAAG,GAAG,GAAG,UAAU,IAAI,QAAQ,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YAC7C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACxB,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QAED,KAAK,CAAC,eAAe,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAO;YACjD,MAAM,GAAG,GAAG,GAAG,UAAU,IAAI,QAAQ,EAAE,CAAC;YACxC,OAAO,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACrC,CAAC;KACF,CAAC;AACJ,CAAC;AAWD;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAA4B;IAE5B,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAE1B,MAAM,eAAe,GAAG,UAAU,CAAC;QACjC,IAAI,EAAE,OAAO;QACb,WAAW,EACT,+DAA+D;QACjE,UAAU,EAAE,UAAmB;QAC/B,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,IAAI,EAAE,QAAiB;oBACvB,WAAW,EAAE,qCAAqC;oBAClD,oBAAoB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBACzC;aACF;YACD,QAAQ,EAAE,CAAC,SAAS,CAAC;SACtB;QACD,OAAO,EAAE,KAAK,EACZ,KAA0C,EAC1C,GAAgB,EAChB,EAAE;YACF,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,IAAI,WAAW,CAAC;YAC5C,MAAM,IAAI,GAA2B,EAAE,CAAC;YACxC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClD,MAAM,EAAE,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;oBAC7C,IAAI,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC;YACD,OAAO,EAAE,IAAI,EAAE,CAAC;QAClB,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG,UAAU,CAAC;QAClC,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,yBAAyB;QACtC,UAAU,EAAE,UAAmB;QAC/B,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAiB,EAAE,WAAW,EAAE,sBAAsB,EAAE;aACtE;YACD,QAAQ,EAAE,CAAC,KAAK,CAAC;SAClB;QACD,OAAO,EAAE,KAAK,EAAE,KAAsB,EAAE,GAAgB,EAAE,EAAE;YAC1D,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,IAAI,WAAW,CAAC;YAC5C,MAAM,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClC,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAChD,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,CAAC;KACF,CAAC,CAAC;IAEH,OAAO,WAAW,CAAC;QACjB,IAAI,EAAE,UAAU;QAChB,UAAU,EACR,wEAAwE;QAC1E,MAAM,EAAE;YACN,IAAI,EAAE,SAAS;YACf,WAAW,EAAE,yCAAyC;YACtD,UAAU,EAAE,UAAU;SACvB;QACD,KAAK,EAAE;YACL,eAAe;YACf,gBAAgB;SACgB;KACnC,CAAC,CAAC;AACL,CAAC;AAYD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAA+B,EAC/B,MAAmE,EACnE,WAAwB,EACxB,OAAe;IAKf,MAAM,QAAQ,GAA4B,EAAE,GAAG,MAAM,EAAE,CAAC;IACxD,MAAM,QAAQ,GAA4B,EAAE,GAAG,MAAM,EAAE,CAAC;IAExD,IAAI,CAAC,MAAM,EAAE,UAAU;QAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;IAEvD,KAAK,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QAClE,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI;YAAE,SAAS;QAEpD,IACE,UAAU,CAAC,IAAI,KAAK,QAAQ;YAC5B,OAAO,KAAK,KAAK,QAAQ;YACzB,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EACrB,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,mBAAmB,CACtC,KAAgC,EAChC,UAAU,EACV,WAAW,EACX,OAAO,CACR,CAAC;YACF,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC;YAChC,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC;YAChC,SAAS;QACX,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,SAAS;QAExC,sBAAsB;QACtB,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;YAC9B,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YACzD,IAAI,SAAS,KAAK,IAAI;gBAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,KAAK,EAAE,CAAC,CAAC;YACtE,QAAQ,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;YAC1B,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACtB,SAAS;QACX,CAAC;QAED,+CAA+C;QAC/C,IAAI,UAAU,CAAC,MAAM,IAAK,KAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtD,MAAM,EAAE,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YACnD,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACtB,QAAQ,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AAChC,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -59,7 +59,7 @@ export type { AuthClient, AuthIdentity, AuthStore, AuthToken, CreateAuthAgentOpt
|
|
|
59
59
|
export { buildAgents } from "./build.js";
|
|
60
60
|
export type { BuildAgentsOptions, BuildAgentsResult } from "./build.js";
|
|
61
61
|
export { createSecretsAgent, createInMemorySecretStore, isSecretRef, processSecretParams, } from "./agent-definitions/secrets.js";
|
|
62
|
-
export type { SecretStore, SecretsAgentOptions, } from "./agent-definitions/secrets.js";
|
|
62
|
+
export type { SecretScope, SecretStore, SecretsAgentOptions, } from "./agent-definitions/secrets.js";
|
|
63
63
|
export { encryptSecret, decryptSecret } from "./crypto.js";
|
|
64
64
|
export { signJwt, verifyJwt } from "./jwt.js";
|
|
65
65
|
export type { JwtPayload } from "./jwt.js";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAGH,YAAY,EACV,WAAW,EACX,WAAW,EACX,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,oBAAoB,EACpB,6BAA6B,EAC7B,8BAA8B,EAC9B,sBAAsB,EACtB,2BAA2B,EAC3B,4BAA4B,EAC5B,sBAAsB,EACtB,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,WAAW,EACX,aAAa,EACb,UAAU,EACV,YAAY,EACZ,cAAc,EACd,WAAW,EACX,WAAW,EACX,WAAW,EACX,cAAc,EACd,UAAU,EACV,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,EAClB,uBAAuB,EACvB,wBAAwB,EACxB,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAGzE,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGnE,OAAO,EACL,eAAe,EACf,qBAAqB,GACtB,MAAM,6BAA6B,CAAC;AACrC,YAAY,EACV,UAAU,EACV,YAAY,EACZ,SAAS,EACT,SAAS,EACT,sBAAsB,GACvB,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAGxE,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,WAAW,EACX,mBAAmB,GACpB,MAAM,gCAAgC,CAAC;AACxC,YAAY,EACV,WAAW,EACX,mBAAmB,GACpB,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG3D,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAC9C,YAAY,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAK3C,OAAO,EACL,uBAAuB,EACvB,8BAA8B,EAC9B,oBAAoB,EACpB,kBAAkB,EAClB,yBAAyB,EACzB,2BAA2B,GAC5B,MAAM,qCAAqC,CAAC;AAC7C,YAAY,EACV,gBAAgB,EAChB,wBAAwB,EACxB,cAAc,EACd,sBAAsB,EACtB,oBAAoB,EACpB,wBAAwB,EACxB,oBAAoB,EACpB,aAAa,EACb,gBAAgB,EAChB,sBAAsB,EACtB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,qCAAqC,CAAC;AAG7C,OAAO,EACL,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EACV,IAAI,EACJ,YAAY,EACZ,SAAS,EACT,iBAAiB,GAClB,MAAM,8BAA8B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAGH,YAAY,EACV,WAAW,EACX,WAAW,EACX,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,oBAAoB,EACpB,6BAA6B,EAC7B,8BAA8B,EAC9B,sBAAsB,EACtB,2BAA2B,EAC3B,4BAA4B,EAC5B,sBAAsB,EACtB,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,WAAW,EACX,aAAa,EACb,UAAU,EACV,YAAY,EACZ,cAAc,EACd,WAAW,EACX,WAAW,EACX,WAAW,EACX,cAAc,EACd,UAAU,EACV,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,EAClB,uBAAuB,EACvB,wBAAwB,EACxB,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAGzE,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGnE,OAAO,EACL,eAAe,EACf,qBAAqB,GACtB,MAAM,6BAA6B,CAAC;AACrC,YAAY,EACV,UAAU,EACV,YAAY,EACZ,SAAS,EACT,SAAS,EACT,sBAAsB,GACvB,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAGxE,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,WAAW,EACX,mBAAmB,GACpB,MAAM,gCAAgC,CAAC;AACxC,YAAY,EACV,WAAW,EACX,WAAW,EACX,mBAAmB,GACpB,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAG3D,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAC9C,YAAY,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAK3C,OAAO,EACL,uBAAuB,EACvB,8BAA8B,EAC9B,oBAAoB,EACpB,kBAAkB,EAClB,yBAAyB,EACzB,2BAA2B,GAC5B,MAAM,qCAAqC,CAAC;AAC7C,YAAY,EACV,gBAAgB,EAChB,wBAAwB,EACxB,cAAc,EACd,sBAAsB,EACtB,oBAAoB,EACpB,wBAAwB,EACxB,oBAAoB,EACpB,aAAa,EACb,gBAAgB,EAChB,sBAAsB,EACtB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,qCAAqC,CAAC;AAG7C,OAAO,EACL,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EACV,IAAI,EACJ,YAAY,EACZ,SAAS,EACT,iBAAiB,GAClB,MAAM,8BAA8B,CAAC"}
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AA0CH,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGtD,WAAW;AACX,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAGpD,SAAS;AACT,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,OAAO;AACP,OAAO,EACL,eAAe,EACf,qBAAqB,GACtB,MAAM,6BAA6B,CAAC;AASrC,QAAQ;AACR,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGzC,UAAU;AACV,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,WAAW,EACX,mBAAmB,GACpB,MAAM,gCAAgC,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AA0CH,mBAAmB;AACnB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGtD,WAAW;AACX,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAGpD,SAAS;AACT,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,OAAO;AACP,OAAO,EACL,eAAe,EACf,qBAAqB,GACtB,MAAM,6BAA6B,CAAC;AASrC,QAAQ;AACR,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGzC,UAAU;AACV,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,WAAW,EACX,mBAAmB,GACpB,MAAM,gCAAgC,CAAC;AAOxC,SAAS;AACT,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE3D,MAAM;AACN,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAG9C,wBAAwB;AAExB,eAAe;AACf,OAAO,EACL,uBAAuB,EACvB,8BAA8B,EAC9B,oBAAoB,EACpB,kBAAkB,EAClB,yBAAyB,EACzB,2BAA2B,GAC5B,MAAM,qCAAqC,CAAC;AAkB7C,QAAQ;AACR,OAAO,EACL,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,8BAA8B,CAAC"}
|
package/package.json
CHANGED
|
@@ -20,13 +20,42 @@ import type { AgentDefinition, ToolContext, ToolDefinition } from "../types.js";
|
|
|
20
20
|
* Pluggable secret storage backend.
|
|
21
21
|
* Stores encrypted values, resolves refs.
|
|
22
22
|
*/
|
|
23
|
+
/**
|
|
24
|
+
* Scope for multi-tenant secret isolation.
|
|
25
|
+
* When provided, secrets are partitioned by tenant/instance.
|
|
26
|
+
*/
|
|
27
|
+
export interface SecretScope {
|
|
28
|
+
tenantId: string;
|
|
29
|
+
instanceKey?: string;
|
|
30
|
+
}
|
|
31
|
+
|
|
23
32
|
export interface SecretStore {
|
|
24
33
|
/** Store a secret. Returns the secret ID (without prefix). */
|
|
25
|
-
store(value: string, ownerId: string): Promise<string>;
|
|
34
|
+
store(value: string, ownerId: string, scope?: SecretScope): Promise<string>;
|
|
35
|
+
|
|
26
36
|
/** Resolve a secret ID to its decrypted value. */
|
|
27
|
-
resolve(id: string, ownerId: string): Promise<string | null>;
|
|
37
|
+
resolve(id: string, ownerId: string, scope?: SecretScope): Promise<string | null>;
|
|
38
|
+
|
|
28
39
|
/** Delete a secret. */
|
|
29
|
-
delete(id: string, ownerId: string): Promise<boolean>;
|
|
40
|
+
delete(id: string, ownerId: string, scope?: SecretScope): Promise<boolean>;
|
|
41
|
+
|
|
42
|
+
/**
|
|
43
|
+
* Store multiple secrets in a single operation.
|
|
44
|
+
* Returns an array of secret IDs in the same order as the input values.
|
|
45
|
+
*/
|
|
46
|
+
storeBatch?(values: string[], ownerId: string, scope?: SecretScope): Promise<string[]>;
|
|
47
|
+
|
|
48
|
+
/**
|
|
49
|
+
* Associate a secret with an entity (e.g., a provider config, a connection).
|
|
50
|
+
* Enables lookup of secrets by entity rather than by ID.
|
|
51
|
+
*/
|
|
52
|
+
associate?(secretId: string, entityType: string, entityId: string, scope?: SecretScope): Promise<void>;
|
|
53
|
+
|
|
54
|
+
/**
|
|
55
|
+
* Resolve secrets associated with an entity.
|
|
56
|
+
* Returns all secret IDs linked to the given entity.
|
|
57
|
+
*/
|
|
58
|
+
resolveByEntity?(entityType: string, entityId: string, scope?: SecretScope): Promise<string[]>;
|
|
30
59
|
}
|
|
31
60
|
|
|
32
61
|
// ============================================
|
|
@@ -61,27 +90,53 @@ function randomSecretId(): string {
|
|
|
61
90
|
|
|
62
91
|
export function createInMemorySecretStore(encryptionKey: string): SecretStore {
|
|
63
92
|
const secrets = new Map<string, { encrypted: string; ownerId: string }>();
|
|
93
|
+
const associations = new Map<string, string[]>(); // "entityType:entityId" -> secretIds
|
|
64
94
|
|
|
65
95
|
return {
|
|
66
|
-
async store(value, ownerId) {
|
|
96
|
+
async store(value, ownerId, _scope?) {
|
|
67
97
|
const id = randomSecretId();
|
|
68
98
|
const encrypted = await encryptSecret(value, encryptionKey);
|
|
69
99
|
secrets.set(id, { encrypted, ownerId });
|
|
70
100
|
return id;
|
|
71
101
|
},
|
|
72
102
|
|
|
73
|
-
async resolve(id, ownerId) {
|
|
103
|
+
async resolve(id, ownerId, _scope?) {
|
|
74
104
|
const entry = secrets.get(id);
|
|
75
105
|
if (!entry || entry.ownerId !== ownerId) return null;
|
|
76
106
|
return decryptSecret(entry.encrypted, encryptionKey);
|
|
77
107
|
},
|
|
78
108
|
|
|
79
|
-
async delete(id, ownerId) {
|
|
109
|
+
async delete(id, ownerId, _scope?) {
|
|
80
110
|
const entry = secrets.get(id);
|
|
81
111
|
if (!entry || entry.ownerId !== ownerId) return false;
|
|
82
112
|
secrets.delete(id);
|
|
83
113
|
return true;
|
|
84
114
|
},
|
|
115
|
+
|
|
116
|
+
async storeBatch(values, ownerId, _scope?) {
|
|
117
|
+
const ids: string[] = [];
|
|
118
|
+
for (const value of values) {
|
|
119
|
+
const id = randomSecretId();
|
|
120
|
+
const encrypted = await encryptSecret(value, encryptionKey);
|
|
121
|
+
secrets.set(id, { encrypted, ownerId });
|
|
122
|
+
ids.push(id);
|
|
123
|
+
}
|
|
124
|
+
return ids;
|
|
125
|
+
},
|
|
126
|
+
|
|
127
|
+
async associate(secretId, entityType, entityId, _scope?) {
|
|
128
|
+
const key = `${entityType}:${entityId}`;
|
|
129
|
+
const existing = associations.get(key) ?? [];
|
|
130
|
+
if (!existing.includes(secretId)) {
|
|
131
|
+
existing.push(secretId);
|
|
132
|
+
associations.set(key, existing);
|
|
133
|
+
}
|
|
134
|
+
},
|
|
135
|
+
|
|
136
|
+
async resolveByEntity(entityType, entityId, _scope?) {
|
|
137
|
+
const key = `${entityType}:${entityId}`;
|
|
138
|
+
return associations.get(key) ?? [];
|
|
139
|
+
},
|
|
85
140
|
};
|
|
86
141
|
}
|
|
87
142
|
|