@slashfi/agents-sdk 0.90.1 → 0.90.4

package/src/adk.ts

@@ -74,19 +74,37 @@ function hasFlag(flag: string): boolean {
   return args.includes(flag);
 }
 
+function getCredentialArgs(startIndex: number, excludeFlags = new Set<string>()): Record<string, string> {
+  const credentials: Record<string, string> = {};
+  for (let i = startIndex; i < args.length; i++) {
+    const arg = args[i];
+    if (!arg?.startsWith("--")) continue;
+    const key = arg.slice(2);
+    if (excludeFlags.has(key)) {
+      i++;
+      continue;
+    }
+    const value = args[i + 1];
+    if (value === undefined || value.startsWith("--")) continue;
+    credentials[key] = value;
+    i++;
+  }
+  return credentials;
+}
+
 function wantsHelp(): boolean {
   return args.includes("--help") || args.includes("-h");
 }
 
 const HELP_SECTIONS: Record<string, string> = {
   registry: `Registry operations:
-  adk registry add <url> --name <name> [--auth-type bearer|api-key|none]
+  adk registry add <url> --name <name> [--auth-type bearer|basic|api-key|none]
   adk registry remove <name>
   adk registry list
   adk registry browse <name> [--query <q>]
   adk registry inspect <name>
   adk registry test [name]
-  adk registry auth <name> [--token <t>] [--api-key <k>] [--header <h>]`,
+  adk registry auth <name> [--token <t>] [--username <u> --password <p>] [--api-key <k>] [--header <h>]`,
   ref: `Ref operations:
   adk ref add <name>                     Install from default (public) registry
   adk ref add <name> --registry <reg>    Install from a specific registry
@@ -123,18 +141,22 @@ Usage:
   adk search <query> [options]        BM25 search over materialized refs/tools
   adk registry <op> [options]        Manage registry connections
   adk ref <op> [options]             Manage agent refs
+  adk list                           List configured refs
+  adk call <name> <tool> [params]    Call a ref tool
+  adk auth <name> [--<field> <val>]  Authenticate a ref
+  adk auth-status <name>             Show ref auth status
   adk config-path                    Print config directory path
   adk error [id]                     View recent errors or a specific error
   adk version | --version | -v       Print the installed adk SDK version
 
 Registry operations:
-  adk registry add <url> --name <name> [--auth-type bearer|api-key|none]
+  adk registry add <url> --name <name> [--auth-type bearer|basic|api-key|none]
   adk registry remove <name>
   adk registry list
   adk registry browse <name> [--query <q>]
   adk registry inspect <name>
   adk registry test [name]
-  adk registry auth <name> [--token <t>] [--api-key <k>] [--header <h>]
+  adk registry auth <name> [--token <t>] [--username <u> --password <p>] [--api-key <k>] [--header <h>]
 
 Ref operations:
   adk ref add <ref> [--name <name>] [--registry <name>] [--url <url>] [--scheme mcp|https|registry]
@@ -205,9 +227,9 @@ async function runRegistry() {
         console.error("Usage: adk registry add <url> --name <name>");
         process.exit(1);
       }
-      const authType = getArg("--auth-type") as "bearer" | "api-key" | "none" | undefined;
+      const authType = getArg("--auth-type") as "bearer" | "basic" | "api-key" | "none" | undefined;
       const auth = authType && authType !== "none"
-        ? { type: authType as "bearer" | "api-key" }
+        ? { type: authType as "bearer" | "basic" | "api-key" }
         : undefined;
       const displayName = name ?? new URL(url).hostname;
       const addResult = await adk.registry.add({
@@ -290,16 +312,20 @@ async function runRegistry() {
     }
     case "auth": {
       const name = args[2];
-      if (!name) { console.error("Usage: adk registry auth <name> [--token <t>] [--api-key <k>] [--header <h>]"); process.exit(1); }
+      if (!name) { console.error("Usage: adk registry auth <name> [--token <t>] [--username <u> --password <p>] [--api-key <k>] [--header <h>]"); process.exit(1); }
       const token = getArg("--token");
+      const username = getArg("--username");
+      const password = getArg("--password");
       const apiKey = getArg("--api-key");
       const header = getArg("--header");
 
-      // Explicit credential mode — user supplied a token/key directly.
-      if (token || apiKey) {
+      // Explicit credential mode — user supplied a token/basic/key directly.
+      if (token || username || apiKey) {
         const credential = token
           ? { token }
-          : { apiKey: apiKey!, ...(header && { header }) };
+          : username
+            ? { username, ...(password !== undefined && { password }) }
+            : { apiKey: apiKey!, ...(header && { header }) };
         const updated = await adk.registry.auth(name, credential);
         if (!updated) {
           console.error(`Registry not found: ${name}`);
@@ -500,13 +526,19 @@ async function runRef() {
     }
     case "auth": {
       const name = args[2];
-      if (!name) { console.error("Usage: adk ref auth <name> [--api-key <key>]"); process.exit(1); }
+      if (!name) { console.error("Usage: adk ref auth <name> [--api-key <key>] [--<field> <value> ...]"); process.exit(1); }
       const apiKey = getArg("--api-key");
+      const credentials = getCredentialArgs(3, new Set(["api-key"]));
 
-      if (apiKey) {
-        const result = await adk.ref.auth(name, { apiKey });
+      if (apiKey || Object.keys(credentials).length > 0) {
+        const result = await adk.ref.auth(name, {
+          ...(apiKey && { apiKey }),
+          ...(Object.keys(credentials).length > 0 && { credentials }),
+        });
         if (result.complete) {
           console.log(`\x1b[32m\u2713\x1b[0m Auth complete for ${name} (${result.type})`);
+        } else if (result.fields?.length) {
+          console.log(JSON.stringify(result, null, 2));
         }
         break;
       }
@@ -662,6 +694,22 @@ switch (command) {
     }
     break;
   }
+  case "list":
+    args.splice(0, 1, "ref", "list");
+    await runRef();
+    break;
+  case "call":
+    args.splice(0, 1, "ref", "call");
+    await runRef();
+    break;
+  case "auth":
+    args.splice(0, 1, "ref", "auth");
+    await runRef();
+    break;
+  case "auth-status":
+    args.splice(0, 1, "ref", "auth-status");
+    await runRef();
+    break;
   case "registry":
     await runRegistry();
     break;

package/src/config-store.test.ts

@@ -583,6 +583,104 @@ describe("ADK ref.call() full auto-refresh flow", () => {
     expect(cache.refs.math.authFields).toEqual({});
   });
 
+
+  test("ref http basic auth-status/auth/call/cache uses token with username/password parts", async () => {
+    let receivedAccessToken: string | undefined;
+    const basicTool = defineTool({
+      name: "get_profile",
+      description: "Requires HTTP Basic token",
+      inputSchema: { type: "object" as const, properties: {} },
+      execute: async (input: any) => {
+        receivedAccessToken = input?.accessToken;
+        return { ok: input?.accessToken === Buffer.from("ashby-key:", "utf8").toString("base64") };
+      },
+    });
+    const basicAgent = defineAgent({
+      path: "basic-api",
+      entrypoint: "Basic API agent",
+      tools: [basicTool],
+      visibility: "public",
+      config: {
+        security: { type: "http", scheme: "basic" },
+      },
+    });
+
+    const registry = createAgentRegistry();
+    registry.register(basicAgent);
+    const port = 19961;
+    const server = createAgentServer(registry, { port });
+    await server.start();
+    try {
+      const fs = createMemoryFs();
+      const adk = createAdk(fs, {
+        encryptionKey: "test-key-32-chars-long-enough!!",
+      });
+
+      await adk.registry.add({ name: "basic-reg", url: `http://localhost:${port}` });
+      await adk.ref.add({
+        ref: "basic-api",
+        name: "basic-api",
+        sourceRegistry: {
+          url: `http://localhost:${port}`,
+          agentPath: "basic-api",
+        },
+      });
+
+      const statusBefore = await adk.ref.authStatus("basic-api");
+      expect(statusBefore.complete).toBe(false);
+      expect(statusBefore.fields.token).toEqual({
+        required: true,
+        automated: false,
+        present: false,
+        resolvable: false,
+        format: "basic",
+        parts: [
+          { name: "username", label: "Username", secret: false },
+          { name: "password", label: "Password", secret: true, optional: true },
+        ],
+      });
+
+      let cacheRaw = await fs.readFile("registry-cache.json");
+      expect(cacheRaw).not.toBeNull();
+      let cache = JSON.parse(cacheRaw!) as { refs: Record<string, { authFields?: Record<string, unknown> }> };
+      expect(cache.refs["basic-api"].authFields).toEqual({
+        token: {
+          required: true,
+          automated: false,
+          format: "basic",
+          parts: [
+            { name: "username", label: "Username", secret: false },
+            { name: "password", label: "Password", secret: true, optional: true },
+          ],
+        },
+      });
+
+      const authResult = await adk.ref.auth("basic-api", {
+        credentials: { username: "ashby-key", password: "" },
+      });
+      expect(authResult.complete).toBe(true);
+
+      const configAfterAuth = await adk.readConfig();
+      const refEntry = configAfterAuth.refs?.find((r) => r.name === "basic-api");
+      expect(refEntry?.config?.token).toMatch(/^secret:/);
+
+      const statusAfter = await adk.ref.authStatus("basic-api");
+      expect(statusAfter.complete).toBe(true);
+      expect(statusAfter.fields.token.present).toBe(true);
+
+      cacheRaw = await fs.readFile("registry-cache.json");
+      cache = JSON.parse(cacheRaw!) as { refs: Record<string, { authFields?: Record<string, unknown> }> };
+      const { isRefAuthComplete } = await import("./config-store");
+      expect(isRefAuthComplete(refEntry!, cache.refs["basic-api"] as any)).toBe(true);
+
+      const callResult = await adk.ref.call("basic-api", "get_profile");
+      expect((callResult as any)?.result?.ok).toBe(true);
+      expect(receivedAccessToken).toBe(Buffer.from("ashby-key:", "utf8").toString("base64"));
+    } finally {
+      await server.stop();
+    }
+  });
+
   test("ref.authStatus maps form security to required access_token authFields", async () => {
     // Form security (e.g. databases) asks the user for structured
     // connection fields, but the ADK call path stores the encoded form
@@ -744,6 +842,258 @@ describe("ADK ref.call() full auto-refresh flow", () => {
     expect(status.fields?.access_token?.automated).toBe(false);
     expect(status.fields?.access_token?.present).toBe(false);
   });
+
+  test("ref.authStatus honors registry-declared authFields over oauth2 heuristics", async () => {
+    const platformRegPort = 19924;
+    const platformTool = defineTool({
+      name: "get_data",
+      description: "Platform minted bearer",
+      inputSchema: { type: "object" as const, properties: {} },
+      execute: async () => ({ ok: true }),
+    });
+    const platformAgent = defineAgent({
+      path: "platform-api",
+      entrypoint: "Platform bearer agent",
+      tools: [platformTool],
+      visibility: "public",
+      config: {
+        security: {
+          type: "oauth2",
+          flows: {
+            authorizationCode: {
+              authorizationUrl: "http://localhost/authorize",
+              tokenUrl: "http://localhost/token",
+            },
+          },
+          authFields: {
+            access_token: { required: true, automated: true },
+          },
+        },
+      },
+    });
+    const platformRegistry = createAgentRegistry();
+    platformRegistry.register(platformAgent);
+    const platformServer = createAgentServer(platformRegistry, {
+      port: platformRegPort,
+    });
+    await platformServer.start();
+
+    try {
+      const fs = createMemoryFs();
+      const adk = createAdk(fs, {
+        resolveCredentials: async ({ field }) =>
+          field === "access_token" ? "minted" : null,
+      });
+
+      await adk.registry.add({
+        name: "platform-reg",
+        url: `http://localhost:${platformRegPort}`,
+      });
+      await adk.ref.add({
+        ref: "platform-api",
+        name: "platform-api",
+        sourceRegistry: {
+          url: `http://localhost:${platformRegPort}`,
+          agentPath: "platform-api",
+        },
+        config: {},
+      });
+
+      const status = await adk.ref.authStatus("platform-api");
+      expect(status.fields?.access_token?.automated).toBe(true);
+      expect(status.fields?.access_token?.resolvable).toBe(true);
+      expect(status.complete).toBe(true);
+
+      const cacheRaw = await fs.readFile("registry-cache.json");
+      const cache = JSON.parse(cacheRaw!) as {
+        refs: Record<string, { authFields?: Record<string, unknown> }>;
+      };
+      expect(cache.refs["platform-api"].authFields).toEqual({
+        access_token: { required: true, automated: true },
+      });
+    } finally {
+      await platformServer.stop();
+    }
+  });
+});
+
+describe("ADK ref.call() resolveCredentials fallback", () => {
+  let registryServer: AgentServer;
+  const REG_PORT = 19922;
+  let receivedToken: string | undefined;
+
+  beforeAll(async () => {
+    const apiTool = defineTool({
+      name: "get_data",
+      description: "Echo accessToken",
+      inputSchema: { type: "object" as const, properties: {} },
+      execute: async (input: any) => {
+        receivedToken = input?.accessToken;
+        if (!receivedToken) {
+          return {
+            content: [{ type: "text", text: '{"error":"401 Unauthorized"}' }],
+            _httpStatus: 401,
+          };
+        }
+        return { ok: true, token: receivedToken };
+      },
+    });
+
+    const agent = defineAgent({
+      path: "resolved-api",
+      entrypoint: "Resolved creds agent",
+      tools: [apiTool],
+      visibility: "public",
+      config: {
+        security: {
+          type: "oauth2",
+          flows: {
+            authorizationCode: {
+              authorizationUrl: "http://localhost/authorize",
+              tokenUrl: "http://localhost/token",
+            },
+          },
+        },
+      },
+    });
+
+    const registry = createAgentRegistry();
+    registry.register(agent);
+    registryServer = createAgentServer(registry, { port: REG_PORT });
+    await registryServer.start();
+  });
+
+  afterAll(async () => {
+    await registryServer.stop();
+  });
+
+  test("uses resolveCredentials when access_token is not stored", async () => {
+    receivedToken = undefined;
+    const fs = createMemoryFs();
+    const adk = createAdk(fs, {
+      resolveCredentials: async ({ field }) => {
+        if (field === "access_token") return "minted-call-token";
+        return null;
+      },
+    });
+
+    await adk.registry.add({
+      name: "resolved-reg",
+      url: `http://localhost:${REG_PORT}`,
+    });
+    await adk.ref.add({
+      ref: "resolved-api",
+      sourceRegistry: {
+        url: `http://localhost:${REG_PORT}`,
+        agentPath: "resolved-api",
+      },
+      config: {},
+    });
+
+    const result = await adk.ref.call("resolved-api", "get_data");
+    expect(receivedToken).toBe("minted-call-token");
+    expect((result as any)?.result?.ok).toBe(true);
+  });
+
+  test("stored access_token still wins over resolveCredentials", async () => {
+    receivedToken = undefined;
+    const fs = createMemoryFs();
+    const adk = createAdk(fs, {
+      resolveCredentials: async () => "should-not-be-used",
+    });
+
+    await adk.registry.add({
+      name: "resolved-reg",
+      url: `http://localhost:${REG_PORT}`,
+    });
+    await adk.ref.add({
+      ref: "resolved-api",
+      name: "resolved-api-stored",
+      sourceRegistry: {
+        url: `http://localhost:${REG_PORT}`,
+        agentPath: "resolved-api",
+      },
+      config: { access_token: "stored-token" },
+    });
+
+    await adk.ref.call("resolved-api-stored", "get_data");
+    expect(receivedToken).toBe("stored-token");
+  });
+
+  test("uses resolveCredentials for cached apiKey header fields", async () => {
+    let receivedHeaders: Record<string, string> | undefined;
+    const headerRegPort = 19923;
+    const headerServer = createAgentServer(
+      (() => {
+        const apiTool = defineTool({
+          name: "get_data",
+          description: "Echo _headers",
+          inputSchema: { type: "object" as const, properties: {} },
+          execute: async (input: any) => {
+            receivedHeaders = input?._headers;
+            return { ok: true, headers: receivedHeaders };
+          },
+        });
+        const agent = defineAgent({
+          path: "header-api",
+          entrypoint: "Header creds agent",
+          tools: [apiTool],
+          visibility: "public",
+        });
+        const registry = createAgentRegistry();
+        registry.register(agent);
+        return registry;
+      })(),
+      { port: headerRegPort },
+    );
+    await headerServer.start();
+
+    try {
+      receivedHeaders = undefined;
+      const fs = createMemoryFs();
+      const adk = createAdk(fs, {
+        resolveCredentials: async ({ field }) => {
+          if (field === "x_api_key") return "resolved-header-key";
+          return null;
+        },
+      });
+
+      await adk.registry.add({
+        name: "header-reg",
+        url: `http://localhost:${headerRegPort}`,
+      });
+      await adk.ref.add({
+        ref: "header-api",
+        name: "header-api",
+        sourceRegistry: {
+          url: `http://localhost:${headerRegPort}`,
+          agentPath: "header-api",
+        },
+        config: {},
+      });
+
+      await fs.writeFile(
+        "registry-cache.json",
+        JSON.stringify({
+          refs: {
+            "header-api": {
+              ref: "header-api",
+              fetchedAt: new Date().toISOString(),
+              authFields: {
+                x_api_key: { required: true, automated: false },
+              },
+            },
+          },
+        }),
+      );
+
+      const result = await adk.ref.call("header-api", "get_data");
+      expect(receivedHeaders?.["X-API-KEY"]).toBe("resolved-header-key");
+      expect((result as any)?.result?.ok).toBe(true);
+    } finally {
+      await headerServer.stop();
+    }
+  });
 });
 
 describe("ADK ref.call() auto-refresh on direct MCP 401", () => {