@slashfi/agents-sdk 0.89.2 → 0.90.0

package/src/config-store.ts

@@ -47,7 +47,14 @@ import type {
   RegistryConfiguration,
   RegistryConsumer,
 } from "./registry-consumer.js";
-import type { CallAgentResponse, SecuritySchemeSummary } from "./types.js";
+import type {
+  CallAgentErrorResponse,
+  CallAgentExecuteToolResponse,
+  CallAgentListResourcesResponse,
+  CallAgentReadResourcesResponse,
+  CallAgentResponse,
+  SecuritySchemeSummary,
+} from "./types.js";
 
 const CONFIG_PATH = "consumer-config.json";
 const REGISTRY_CACHE_PATH = "registry-cache.json";
@@ -159,6 +166,40 @@ export interface RefAuthCompleteOptions {
  * force callers to choose a default that's wrong half the time;
  * `null` lets them branch explicitly.
  */
+function normalizeCredentialKey(key: string): string {
+  return key
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, "_")
+    .replace(/^_|_$/g, "");
+}
+
+function hasCredentialField(
+  config: Record<string, unknown>,
+  field: string,
+): boolean {
+  const wanted = normalizeCredentialKey(field);
+
+  // Top-level config keys cover legacy entries such as api_key/token and
+  // refs whose credentials are stored directly under the cached field name.
+  for (const key of Object.keys(config)) {
+    if (normalizeCredentialKey(key) === wanted) return true;
+  }
+
+  // API-key refs store header credentials under config.headers using the
+  // original HTTP header name (for example "x-api-key"), while authStatus
+  // caches the normalized field name ("x_api_key"). Treat header keys as
+  // case-insensitive and delimiter-insensitive so the local connected check
+  // matches authStatus/ref.call behavior.
+  const headers = config.headers;
+  if (headers && typeof headers === "object" && !Array.isArray(headers)) {
+    for (const key of Object.keys(headers as Record<string, unknown>)) {
+      if (normalizeCredentialKey(key) === wanted) return true;
+    }
+  }
+
+  return false;
+}
+
 export function isRefAuthComplete(
   entry: RefEntry,
   cacheEntry: RegistryCacheEntry | undefined,
@@ -175,8 +216,8 @@ export function isRefAuthComplete(
   for (const [field, info] of Object.entries(authFields)) {
     if (!info.required) continue;
     if (info.automated) continue;
-    if (field in config) continue;
-    if (resolvable && resolvable.has(field)) continue;
+    if (hasCredentialField(config, field)) continue;
+    if (resolvable?.has(field)) continue;
     return false;
   }
   return true;
@@ -367,6 +408,33 @@ export interface AuthStartResult {
   fields?: AuthChallengeField[];
 }
 
+export type AdkRefCallResult =
+  | CallAgentExecuteToolResponse
+  | CallAgentErrorResponse;
+export type AdkRefResourcesResult =
+  | CallAgentListResourcesResponse
+  | CallAgentErrorResponse;
+export type AdkRefReadResult =
+  | CallAgentReadResourcesResponse
+  | CallAgentErrorResponse;
+
+type AdkRefActionResult =
+  | AdkRefCallResult
+  | AdkRefResourcesResult
+  | AdkRefReadResult;
+
+function toAdkRefActionResult<T extends AdkRefActionResult>(
+  result: CallAgentResponse,
+  expectedKey: "result" | "resources",
+  code: string,
+  error: string,
+): T {
+  if (result.success === false) return result as T;
+  if (expectedKey in result) return result as T;
+
+  return { success: false, error, code } as T;
+}
+
 /**
  * Type slot for adk.ref.call() type safety.
  * Empty by default — populated by `adk sync` which generates `adk.d.ts`.
@@ -391,13 +459,13 @@ type AdkRefCallFn = keyof AdkAgentRegistry extends never
       name: string,
       tool: string,
       params?: Record<string, unknown>,
-    ) => Promise<CallAgentResponse>
+    ) => Promise<AdkRefCallResult>
   : // Registry populated — strict typed overload
     <A extends AgentPath, T extends ToolsOf<A>>(
       name: A,
       tool: T,
       params: ParamsOf<A, T>,
-    ) => Promise<CallAgentResponse>;
+    ) => Promise<AdkRefCallResult>;
 
 export interface AdkRefApi {
   add(entry: RefAddInput): Promise<{ security: SecuritySchemeSummary | null }>;
@@ -410,8 +478,8 @@ export interface AdkRefApi {
     options?: { full?: boolean },
   ): Promise<AgentInspection | null>;
   call: AdkRefCallFn;
-  resources(name: string): Promise<CallAgentResponse>;
-  read(name: string, uris: string[]): Promise<CallAgentResponse>;
+  resources(name: string): Promise<AdkRefResourcesResult>;
+  read(name: string, uris: string[]): Promise<AdkRefReadResult>;
   /** Check auth status — what's needed vs what's stored */
   authStatus(name: string): Promise<RefAuthStatus>;
   /**
@@ -1935,7 +2003,10 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
             scheme: entry.scheme,
             received: { sourceRegistry: entry.sourceRegistry },
             requiredShape: {
-              sourceRegistry: { url: "<registry URL>", agentPath: "<optional agent path>" },
+              sourceRegistry: {
+                url: "<registry URL>",
+                agentPath: "<optional agent path>",
+              },
             },
           },
         });
@@ -2137,7 +2208,7 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       name: string,
       tool: string,
       params?: Record<string, unknown>,
-    ): Promise<CallAgentResponse> {
+    ): Promise<AdkRefCallResult> {
       const config = await readConfig();
       const entry = findRef(config.refs ?? [], name);
       if (!entry) throw new Error(`Ref "${name}" not found`);
@@ -2181,7 +2252,11 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
                 code: "encryption_key_mismatch",
                 message: `ref.call(${name}): failed to decrypt header "${k}". The configured encryptionKey does not match the key used to encrypt this value.`,
                 hint: "Re-encrypt the ref's headers with the current encryptionKey, or restore the previous key. Decrypting an unrelated value would have leaked ciphertext as a header before this fix.",
-                details: { ref: name, header: k, cause: (err as Error)?.message },
+                details: {
+                  ref: name,
+                  header: k,
+                  cause: (err as Error)?.message,
+                },
               });
             }
           } else {
@@ -2231,14 +2306,24 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       if (accessToken && isUnauthorized(result)) {
         const refreshed = await ref.refreshToken(name);
         if (refreshed) {
-          return doCall(refreshed.accessToken);
+          return toAdkRefActionResult<AdkRefCallResult>(
+            await doCall(refreshed.accessToken),
+            "result",
+            "unexpected_ref_call_response",
+            "Expected execute_tool response from ref.call",
+          );
         }
       }
 
-      return result;
+      return toAdkRefActionResult<AdkRefCallResult>(
+        result,
+        "result",
+        "unexpected_ref_call_response",
+        "Expected execute_tool response from ref.call",
+      );
     },
 
-    async resources(name: string): Promise<CallAgentResponse> {
+    async resources(name: string): Promise<AdkRefResourcesResult> {
       const config = await readConfig();
       const entry = findRef(config.refs ?? [], name);
       if (!entry) throw new Error(`Ref "${name}" not found`);
@@ -2246,13 +2331,18 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       const consumer = await buildConsumerForRef(entry);
       const reg = resolveRegistryForRef(consumer, entry);
 
-      return consumer.callRegistry(reg, {
-        action: "list_resources",
-        path: entry.sourceRegistry?.agentPath ?? entry.ref,
-      });
+      return toAdkRefActionResult<AdkRefResourcesResult>(
+        await consumer.callRegistry(reg, {
+          action: "list_resources",
+          path: entry.sourceRegistry?.agentPath ?? entry.ref,
+        }),
+        "resources",
+        "unexpected_ref_resources_response",
+        "Expected list_resources response from ref.resources",
+      );
     },
 
-    async read(name: string, uris: string[]): Promise<CallAgentResponse> {
+    async read(name: string, uris: string[]): Promise<AdkRefReadResult> {
       const config = await readConfig();
       const entry = findRef(config.refs ?? [], name);
       if (!entry) throw new Error(`Ref "${name}" not found`);
@@ -2260,11 +2350,16 @@ export function createAdk(fs: FsStore, options: AdkOptions = {}): Adk {
       const consumer = await buildConsumerForRef(entry);
       const reg = resolveRegistryForRef(consumer, entry);
 
-      return consumer.callRegistry(reg, {
-        action: "read_resources",
-        path: entry.sourceRegistry?.agentPath ?? entry.ref,
-        uris,
-      });
+      return toAdkRefActionResult<AdkRefReadResult>(
+        await consumer.callRegistry(reg, {
+          action: "read_resources",
+          path: entry.sourceRegistry?.agentPath ?? entry.ref,
+          uris,
+        }),
+        "resources",
+        "unexpected_ref_read_response",
+        "Expected read_resources response from ref.read",
+      );
     },
 
     async authStatus(name: string): Promise<RefAuthStatus> {