@slashfi/agents-sdk 0.89.1 → 0.89.3

package/src/config-store.ts

@@ -47,7 +47,14 @@ import type {
   RegistryConfiguration,
   RegistryConsumer,
 } from "./registry-consumer.js";
-import type { CallAgentResponse, SecuritySchemeSummary } from "./types.js";
+import type {
+  CallAgentErrorResponse,
+  CallAgentExecuteToolResponse,
+  CallAgentListResourcesResponse,
+  CallAgentReadResourcesResponse,
+  CallAgentResponse,
+  SecuritySchemeSummary,
+} from "./types.js";
 
 const CONFIG_PATH = "consumer-config.json";
 const REGISTRY_CACHE_PATH = "registry-cache.json";
@@ -367,6 +374,33 @@ export interface AuthStartResult {
   fields?: AuthChallengeField[];
 }
 
+export type AdkRefCallResult =
+  | CallAgentExecuteToolResponse
+  | CallAgentErrorResponse;
+export type AdkRefResourcesResult =
+  | CallAgentListResourcesResponse
+  | CallAgentErrorResponse;
+export type AdkRefReadResult =
+  | CallAgentReadResourcesResponse
+  | CallAgentErrorResponse;
+
+type AdkRefActionResult =
+  | AdkRefCallResult
+  | AdkRefResourcesResult
+  | AdkRefReadResult;
+
+function toAdkRefActionResult<T extends AdkRefActionResult>(
+  result: CallAgentResponse,
+  expectedKey: "result" | "resources",
+  code: string,
+  error: string,
+): T {
+  if (result.success === false) return result as T;
+  if (expectedKey in result) return result as T;
+
+  return { success: false, error, code } as T;
+}
+
 /**
  * Type slot for adk.ref.call() type safety.
  * Empty by default — populated by `adk sync` which generates `adk.d.ts`.
@@ -391,13 +425,13 @@ type AdkRefCallFn = keyof AdkAgentRegistry extends never
       name: string,
       tool: string,
       params?: Record<string, unknown>,
-    ) => Promise<CallAgentResponse>
+    ) => Promise<AdkRefCallResult>
   : // Registry populated — strict typed overload
     <A extends AgentPath, T extends ToolsOf<A>>(
       name: A,
       tool: T,
       params: ParamsOf<A, T>,
-    ) => Promise<CallAgentResponse>;
+    ) => Promise<AdkRefCallResult>;
 
 export interface AdkRefApi {
   add(entry: RefAddInput): Promise<{ security: SecuritySchemeSummary | null }>;
@@ -410,8 +444,8 @@ export interface AdkRefApi {
     options?: { full?: boolean },
   ): Promise<AgentInspection | null>;
   call: AdkRefCallFn;
-  resources(name: string): Promise<CallAgentResponse>;
-  read(name: string, uris: string[]): Promise<CallAgentResponse>;
+  resources(name: string): Promise<AdkRefResourcesResult>;
+  read(name: string, uris: string[]): Promise<AdkRefReadResult>;
   /** Check auth status — what's needed vs what's stored */
   authStatus(name: string): Promise<RefAuthStatus>;
   /**
@@ -2137,7 +2171,7 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       name: string,
       tool: string,
       params?: Record<string, unknown>,
-    ): Promise<CallAgentResponse> {
+    ): Promise<AdkRefCallResult> {
       const config = await readConfig();
       const entry = findRef(config.refs ?? [], name);
       if (!entry) throw new Error(`Ref "${name}" not found`);
@@ -2231,14 +2265,24 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       if (accessToken && isUnauthorized(result)) {
         const refreshed = await ref.refreshToken(name);
         if (refreshed) {
-          return doCall(refreshed.accessToken);
+          return toAdkRefActionResult<AdkRefCallResult>(
+            await doCall(refreshed.accessToken),
+            "result",
+            "unexpected_ref_call_response",
+            "Expected execute_tool response from ref.call",
+          );
         }
       }
 
-      return result;
+      return toAdkRefActionResult<AdkRefCallResult>(
+        result,
+        "result",
+        "unexpected_ref_call_response",
+        "Expected execute_tool response from ref.call",
+      );
     },
 
-    async resources(name: string): Promise<CallAgentResponse> {
+    async resources(name: string): Promise<AdkRefResourcesResult> {
       const config = await readConfig();
       const entry = findRef(config.refs ?? [], name);
       if (!entry) throw new Error(`Ref "${name}" not found`);
@@ -2246,13 +2290,18 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       const consumer = await buildConsumerForRef(entry);
       const reg = resolveRegistryForRef(consumer, entry);
 
-      return consumer.callRegistry(reg, {
-        action: "list_resources",
-        path: entry.sourceRegistry?.agentPath ?? entry.ref,
-      });
+      return toAdkRefActionResult<AdkRefResourcesResult>(
+        await consumer.callRegistry(reg, {
+          action: "list_resources",
+          path: entry.sourceRegistry?.agentPath ?? entry.ref,
+        }),
+        "resources",
+        "unexpected_ref_resources_response",
+        "Expected list_resources response from ref.resources",
+      );
     },
 
-    async read(name: string, uris: string[]): Promise<CallAgentResponse> {
+    async read(name: string, uris: string[]): Promise<AdkRefReadResult> {
       const config = await readConfig();
       const entry = findRef(config.refs ?? [], name);
       if (!entry) throw new Error(`Ref "${name}" not found`);
@@ -2260,11 +2309,16 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       const consumer = await buildConsumerForRef(entry);
       const reg = resolveRegistryForRef(consumer, entry);
 
-      return consumer.callRegistry(reg, {
-        action: "read_resources",
-        path: entry.sourceRegistry?.agentPath ?? entry.ref,
-        uris,
-      });
+      return toAdkRefActionResult<AdkRefReadResult>(
+        await consumer.callRegistry(reg, {
+          action: "read_resources",
+          path: entry.sourceRegistry?.agentPath ?? entry.ref,
+          uris,
+        }),
+        "resources",
+        "unexpected_ref_read_response",
+        "Expected read_resources response from ref.read",
+      );
     },
 
     async authStatus(name: string): Promise<RefAuthStatus> {
@@ -2442,6 +2496,21 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
           present: configKeys.includes("token"),
           resolvable: await canResolve("token"),
         };
+      } else if (security.type === "form") {
+        // Form-based refs collect structured user input at connect time
+        // (for example database host/user/password), then store the encoded
+        // form payload in the canonical credential slot that `ref.call`
+        // already reads and forwards to registry executors as
+        // `params.accessToken`. Cache that derived credential requirement
+        // instead of the individual form fields so host-side connected checks
+        // answer the same question as the call path: "does this ref carry
+        // the opaque credential blob needed to invoke it?"
+        fields.access_token = {
+          required: true,
+          automated: false,
+          present: configKeys.includes("access_token"),
+          resolvable: await canResolve("access_token"),
+        };
       }
 
       const complete = Object.values(fields).every(

package/src/index.ts

@@ -85,6 +85,7 @@ export type {
   ToolSelectionContext,
   IntegrationConfig,
   ApiKeySecurityScheme,
+  FormSecurityScheme,
   HttpSecurityScheme,
   NoneSecurityScheme,
   OAuth2SecurityScheme,

package/src/types.ts

@@ -243,6 +243,17 @@ export interface HttpSecurityScheme {
   scheme: "bearer" | "basic";
 }
 
+/**
+ * Form-based authentication. Consumers collect arbitrary structured fields
+ * (for example database connection settings), then store the encoded form
+ * payload in the ref's `access_token` credential slot. At call time ADK
+ * forwards that value as `params.accessToken` to the registry executor.
+ */
+export interface FormSecurityScheme {
+  type: "form";
+  [key: string]: unknown;
+}
+
 /**
  * No authentication required.
  */
@@ -285,6 +296,7 @@ export type SecurityScheme =
   | OAuth2SecurityScheme
   | ApiKeySecurityScheme
   | HttpSecurityScheme
+  | FormSecurityScheme
   | NoneSecurityScheme;
 
 /**