@stigmer/protos 0.0.76 → 0.0.78

package/ai/stigmer/agentic/mcpserver/v1/spec_pb.d.ts

@@ -1,6 +1,6 @@
 import type { GenFile, GenMessage } from "@bufbuild/protobuf/codegenv1";
 import type { EnvironmentSpec } from "../../environment/v1/spec_pb";
-import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import type { ApiResourceReference } from "../../../commons/apiresource/io_pb";
 import type { Message } from "@bufbuild/protobuf";
 /**
  * Describes the file ai/stigmer/agentic/mcpserver/v1/spec.proto.
@@ -88,14 +88,6 @@ export type McpServerSpec = Message<"ai.stigmer.agentic.mcpserver.v1.McpServerSp
      * @generated from field: ai.stigmer.agentic.environment.v1.EnvironmentSpec env_spec = 8;
      */
     envSpec?: EnvironmentSpec;
-    /**
-     * Source/provenance of this MCP server definition.
-     * Populated by automated sync workflows (e.g. MCP Registry sync).
-     * Empty for hand-authored definitions like the system mcp-server-stigmer.
-     *
-     * @generated from field: ai.stigmer.agentic.mcpserver.v1.McpServerSource source = 10;
-     */
-    source?: McpServerSource;
     /**
      * Manual tool approval overrides set by the MCP server owner.
      *
@@ -117,6 +109,35 @@ export type McpServerSpec = Message<"ai.stigmer.agentic.mcpserver.v1.McpServerSp
      * @generated from field: repeated ai.stigmer.agentic.mcpserver.v1.ToolApprovalPolicy pinned_tool_approvals = 11;
      */
     pinnedToolApprovals: ToolApprovalPolicy[];
+    /**
+     * URL of the upstream source repository for this MCP server.
+     * Shown in the marketplace so users can inspect the implementation
+     * for trust and transparency.
+     * Example: "https://github.com/modelcontextprotocol/servers"
+     *
+     * @generated from field: string repository_url = 12;
+     */
+    repositoryUrl: string;
+    /**
+     * GitHub star count at the time of curation.
+     * Used as a popularity signal in marketplace display.
+     * 0 if unknown or non-GitHub repository.
+     *
+     * @generated from field: int32 github_stars = 13;
+     */
+    githubStars: number;
+    /**
+     * OAuth authentication configuration for automated credential acquisition.
+     * When set, the MCP server's Connect page offers an OAuth flow instead of
+     * (or in addition to) manual credential entry.
+     *
+     * The acquired access token is stored in the user's personal environment
+     * as the env var named by auth.target_env_var. That env var must also be
+     * declared in env_spec.data so the execution pipeline knows about it.
+     *
+     * @generated from field: ai.stigmer.agentic.mcpserver.v1.McpServerAuth auth = 14;
+     */
+    auth?: McpServerAuth;
 };
 /**
  * Describes the message ai.stigmer.agentic.mcpserver.v1.McpServerSpec.
@@ -311,65 +332,80 @@ export type ToolApprovalPolicy = Message<"ai.stigmer.agentic.mcpserver.v1.ToolAp
  */
 export declare const ToolApprovalPolicySchema: GenMessage<ToolApprovalPolicy>;
 /**
- * McpServerSource tracks provenance for MCP server definitions that were
- * imported from an external registry or catalog via automated sync.
+ * McpServerAuth configures automated credential acquisition via OAuth.
+ *
+ * @internal
+ * Two authentication modes are determined by the presence of oauth_app_ref:
+ *
+ * - When oauth_app_ref is empty: the MCP server implements the MCP
+ *   Authorization specification (RFC 8414 discovery, RFC 7591 Dynamic Client
+ *   Registration, OAuth 2.1 with PKCE). Stigmer auto-discovers everything
+ *   from the server URL. No OAuthApp resource is needed — credentials are
+ *   obtained automatically via DCR.
+ *
+ * - When oauth_app_ref is set: the MCP server requires pre-registered OAuth
+ *   app credentials from a specific vendor (Slack, Salesforce, Figma, etc.).
+ *   The referenced OAuthApp holds the client_id, client_secret, and endpoint
+ *   URLs needed for the authorization code flow.
+ *
+ * In both cases, the acquired access token is stored in the user's personal
+ * environment as target_env_var. A refresh token (if issued by the vendor) is
+ * stored alongside as {target_env_var}_REFRESH_TOKEN by convention.
  *
- * This enables:
- * - Traceability: users can inspect the upstream source of any marketplace entry.
- * - Freshness tracking: the platform knows when a definition was last synced.
- * - Deprecation detection: if a server disappears from the source registry,
- *   the sync workflow can flag it as deprecated.
- * - Deduplication: source.registry_name is the natural key for upsert logic.
+ * Token lifecycle:
+ * - Pre-flight check before execution: if the access token is expired,
+ *   the backend uses the refresh token to obtain a new one automatically.
+ * - If the refresh token is also expired: execution fails with a clear
+ *   error, and the user re-authenticates from the MCP server Connect page.
  *
- * @generated from message ai.stigmer.agentic.mcpserver.v1.McpServerSource
+ * @generated from message ai.stigmer.agentic.mcpserver.v1.McpServerAuth
  */
-export type McpServerSource = Message<"ai.stigmer.agentic.mcpserver.v1.McpServerSource"> & {
+export type McpServerAuth = Message<"ai.stigmer.agentic.mcpserver.v1.McpServerAuth"> & {
     /**
-     * Registry or catalog this definition was sourced from.
-     * Example: "registry.modelcontextprotocol.io"
+     * Reference to an OAuthApp for vendor-specific OAuth.
      *
-     * @generated from field: string registry = 1;
-     */
-    registry: string;
-    /**
-     * Name/identifier in the source registry (exact, unmodified).
-     * This is the canonical key used for dedup and update matching.
-     * Example: "ai.exa/exa"
+     * When empty: the server supports the MCP Authorization spec (DCR + PKCE).
+     * Stigmer discovers the authorization server metadata, registers a client
+     * via DCR, and performs the authorization code flow with PKCE — all
+     * automatically at connect time.
      *
-     * @generated from field: string registry_name = 2;
-     */
-    registryName: string;
-    /**
-     * Version from the source registry at the time of last sync.
-     * Example: "3.1.3"
+     * When set: Stigmer uses the referenced OAuthApp's client credentials to
+     * perform the OAuth authorization code flow with the vendor on behalf of
+     * the user. The OAuthApp must belong to the same organization as the
+     * McpServer (or be accessible via cross-org reference).
      *
-     * @generated from field: string version = 3;
+     * @generated from field: ai.stigmer.commons.apiresource.ApiResourceReference oauth_app_ref = 1;
      */
-    version: string;
+    oauthAppRef?: ApiResourceReference;
     /**
-     * Repository URL for the MCP server source code.
-     * Lets users inspect the upstream implementation for trust and transparency.
-     * Example: "https://github.com/exa-labs/exa-mcp-server"
+     * The env var in env_spec.data where the acquired access token is stored.
+     * Must correspond to an entry in env_spec.data so the execution pipeline
+     * resolves it. The refresh token is stored as {target_env_var}_REFRESH_TOKEN
+     * by convention. Both are written to the user's personal environment.
      *
-     * @generated from field: string repository_url = 4;
+     * @generated from field: string target_env_var = 2;
      */
-    repositoryUrl: string;
+    targetEnvVar: string;
     /**
-     * Timestamp of last successful sync from the source.
+     * Informational hint about expected token lifetime for UI display.
+     * Helps users understand when re-authentication may be needed.
+     * Empty means unknown. Examples: "1h", "2h", "90d", "never".
      *
-     * @generated from field: google.protobuf.Timestamp last_synced_at = 5;
+     * @generated from field: string token_lifetime_hint = 3;
      */
-    lastSyncedAt?: Timestamp;
+    tokenLifetimeHint: string;
     /**
-     * GitHub star count at the time of last sync (0 if unknown or non-GitHub).
-     * Used for quality filtering during sync and popularity sorting in the UI.
+     * Optional scope hints for UI display before the OAuth flow starts.
+     * For DCR servers: shown to the user since actual scopes are discovered
+     * at connect time during authorization server metadata retrieval.
+     * For vendor OAuth: informational (scopes are defined on the OAuthApp).
      *
-     * @generated from field: int32 github_stars = 6;
+     * @generated from field: repeated string scope_hints = 4;
      */
-    githubStars: number;
+    scopeHints: string[];
 };
 /**
- * Describes the message ai.stigmer.agentic.mcpserver.v1.McpServerSource.
- * Use `create(McpServerSourceSchema)` to create a new message.
+ * Describes the message ai.stigmer.agentic.mcpserver.v1.McpServerAuth.
+ * Use `create(McpServerAuthSchema)` to create a new message.
  */
-export declare const McpServerSourceSchema: GenMessage<McpServerSource>;
+export declare const McpServerAuthSchema: GenMessage<McpServerAuth>;

package/ai/stigmer/agentic/mcpserver/v1/spec_pb.js

@@ -3,12 +3,12 @@
 /* eslint-disable */
 import { fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv1";
 import { file_ai_stigmer_agentic_environment_v1_spec } from "../../environment/v1/spec_pb";
+import { file_ai_stigmer_commons_apiresource_io } from "../../../commons/apiresource/io_pb";
 import { file_buf_validate_validate } from "../../../../../buf/validate/validate_pb";
-import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
 /**
  * Describes the file ai/stigmer/agentic/mcpserver/v1/spec.proto.
  */
-export const file_ai_stigmer_agentic_mcpserver_v1_spec = /*@__PURE__*/ fileDesc("CiphaS9zdGlnbWVyL2FnZW50aWMvbWNwc2VydmVyL3YxL3NwZWMucHJvdG8SH2FpLnN0aWdtZXIuYWdlbnRpYy5tY3BzZXJ2ZXIudjEi3QMKDU1jcFNlcnZlclNwZWMSEwoLZGVzY3JpcHRpb24YASABKAkSEAoIaWNvbl91cmwYAiABKAkSDAoEdGFncxgDIAMoCRJDCgVzdGRpbxgEIAEoCzIyLmFpLnN0aWdtZXIuYWdlbnRpYy5tY3BzZXJ2ZXIudjEuU3RkaW9TZXJ2ZXJDb25maWdIABJBCgRodHRwGAUgASgLMjEuYWkuc3RpZ21lci5hZ2VudGljLm1jcHNlcnZlci52MS5IdHRwU2VydmVyQ29uZmlnSAASHQoVZGVmYXVsdF9lbmFibGVkX3Rvb2xzGAcgAygJEkQKCGVudl9zcGVjGAggASgLMjIuYWkuc3RpZ21lci5hZ2VudGljLmVudmlyb25tZW50LnYxLkVudmlyb25tZW50U3BlYxJACgZzb3VyY2UYCiABKAsyMC5haS5zdGlnbWVyLmFnZW50aWMubWNwc2VydmVyLnYxLk1jcFNlcnZlclNvdXJjZRJSChVwaW5uZWRfdG9vbF9hcHByb3ZhbHMYCyADKAsyMy5haS5zdGlnbWVyLmFnZW50aWMubWNwc2VydmVyLnYxLlRvb2xBcHByb3ZhbFBvbGljeUIUCgtzZXJ2ZXJfdHlwZRIFukgCCAEiTwoRU3RkaW9TZXJ2ZXJDb25maWcSFwoHY29tbWFuZBgBIAEoCUIGukgDyAEBEgwKBGFyZ3MYAiADKAkSEwoLd29ya2luZ19kaXIYAyABKAki4AIKEEh0dHBTZXJ2ZXJDb25maWcSGAoDdXJsGAEgASgJQgu6SAjIAQFyA4gBARJPCgdoZWFkZXJzGAIgAygLMj4uYWkuc3RpZ21lci5hZ2VudGljLm1jcHNlcnZlci52MS5IdHRwU2VydmVyQ29uZmlnLkhlYWRlcnNFbnRyeRJYCgxxdWVyeV9wYXJhbXMYAyADKAsyQi5haS5zdGlnbWVyLmFnZW50aWMubWNwc2VydmVyLnYxLkh0dHBTZXJ2ZXJDb25maWcuUXVlcnlQYXJhbXNFbnRyeRIjCg90aW1lb3V0X3NlY29uZHMYBCABKAVCCrpIBxoFGKwCKAAaLgoMSGVhZGVyc0VudHJ5EgsKA2tleRgBIAEoCRINCgV2YWx1ZRgCIAEoCToCOAEaMgoQUXVlcnlQYXJhbXNFbnRyeRILCgNrZXkYASABKAkSDQoFdmFsdWUYAiABKAk6AjgBIkEKElRvb2xBcHByb3ZhbFBvbGljeRIaCgl0b29sX25hbWUYASABKAlCB7pIBHICEAESDwoHbWVzc2FnZRgCIAEoCSKtAQoPTWNwU2VydmVyU291cmNlEhAKCHJlZ2lzdHJ5GAEgASgJEhUKDXJlZ2lzdHJ5X25hbWUYAiABKAkSDwoHdmVyc2lvbhgDIAEoCRIWCg5yZXBvc2l0b3J5X3VybBgEIAEoCRIyCg5sYXN0X3N5bmNlZF9hdBgFIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXASFAoMZ2l0aHViX3N0YXJzGAYgASgFYgZwcm90bzM", [file_ai_stigmer_agentic_environment_v1_spec, file_buf_validate_validate, file_google_protobuf_timestamp]);
+export const file_ai_stigmer_agentic_mcpserver_v1_spec = /*@__PURE__*/ fileDesc("CiphaS9zdGlnbWVyL2FnZW50aWMvbWNwc2VydmVyL3YxL3NwZWMucHJvdG8SH2FpLnN0aWdtZXIuYWdlbnRpYy5tY3BzZXJ2ZXIudjEihwQKDU1jcFNlcnZlclNwZWMSEwoLZGVzY3JpcHRpb24YASABKAkSEAoIaWNvbl91cmwYAiABKAkSDAoEdGFncxgDIAMoCRJDCgVzdGRpbxgEIAEoCzIyLmFpLnN0aWdtZXIuYWdlbnRpYy5tY3BzZXJ2ZXIudjEuU3RkaW9TZXJ2ZXJDb25maWdIABJBCgRodHRwGAUgASgLMjEuYWkuc3RpZ21lci5hZ2VudGljLm1jcHNlcnZlci52MS5IdHRwU2VydmVyQ29uZmlnSAASHQoVZGVmYXVsdF9lbmFibGVkX3Rvb2xzGAcgAygJEkQKCGVudl9zcGVjGAggASgLMjIuYWkuc3RpZ21lci5hZ2VudGljLmVudmlyb25tZW50LnYxLkVudmlyb25tZW50U3BlYxJSChVwaW5uZWRfdG9vbF9hcHByb3ZhbHMYCyADKAsyMy5haS5zdGlnbWVyLmFnZW50aWMubWNwc2VydmVyLnYxLlRvb2xBcHByb3ZhbFBvbGljeRIWCg5yZXBvc2l0b3J5X3VybBgMIAEoCRIUCgxnaXRodWJfc3RhcnMYDSABKAUSPAoEYXV0aBgOIAEoCzIuLmFpLnN0aWdtZXIuYWdlbnRpYy5tY3BzZXJ2ZXIudjEuTWNwU2VydmVyQXV0aEIUCgtzZXJ2ZXJfdHlwZRIFukgCCAEiTwoRU3RkaW9TZXJ2ZXJDb25maWcSFwoHY29tbWFuZBgBIAEoCUIGukgDyAEBEgwKBGFyZ3MYAiADKAkSEwoLd29ya2luZ19kaXIYAyABKAki4AIKEEh0dHBTZXJ2ZXJDb25maWcSGAoDdXJsGAEgASgJQgu6SAjIAQFyA4gBARJPCgdoZWFkZXJzGAIgAygLMj4uYWkuc3RpZ21lci5hZ2VudGljLm1jcHNlcnZlci52MS5IdHRwU2VydmVyQ29uZmlnLkhlYWRlcnNFbnRyeRJYCgxxdWVyeV9wYXJhbXMYAyADKAsyQi5haS5zdGlnbWVyLmFnZW50aWMubWNwc2VydmVyLnYxLkh0dHBTZXJ2ZXJDb25maWcuUXVlcnlQYXJhbXNFbnRyeRIjCg90aW1lb3V0X3NlY29uZHMYBCABKAVCCrpIBxoFGKwCKAAaLgoMSGVhZGVyc0VudHJ5EgsKA2tleRgBIAEoCRINCgV2YWx1ZRgCIAEoCToCOAEaMgoQUXVlcnlQYXJhbXNFbnRyeRILCgNrZXkYASABKAkSDQoFdmFsdWUYAiABKAk6AjgBIkEKElRvb2xBcHByb3ZhbFBvbGljeRIaCgl0b29sX25hbWUYASABKAlCB7pIBHICEAESDwoHbWVzc2FnZRgCIAEoCSKvAQoNTWNwU2VydmVyQXV0aBJLCg1vYXV0aF9hcHBfcmVmGAEgASgLMjQuYWkuc3RpZ21lci5jb21tb25zLmFwaXJlc291cmNlLkFwaVJlc291cmNlUmVmZXJlbmNlEh8KDnRhcmdldF9lbnZfdmFyGAIgASgJQge6SARyAhABEhsKE3Rva2VuX2xpZmV0aW1lX2hpbnQYAyABKAkSEwoLc2NvcGVfaGludHMYBCADKAliBnByb3RvMw", [file_ai_stigmer_agentic_environment_v1_spec, file_ai_stigmer_commons_apiresource_io, file_buf_validate_validate]);
 /**
  * Describes the message ai.stigmer.agentic.mcpserver.v1.McpServerSpec.
  * Use `create(McpServerSpecSchema)` to create a new message.
@@ -30,8 +30,8 @@ export const HttpServerConfigSchema = /*@__PURE__*/ messageDesc(file_ai_stigmer_
  */
 export const ToolApprovalPolicySchema = /*@__PURE__*/ messageDesc(file_ai_stigmer_agentic_mcpserver_v1_spec, 3);
 /**
- * Describes the message ai.stigmer.agentic.mcpserver.v1.McpServerSource.
- * Use `create(McpServerSourceSchema)` to create a new message.
+ * Describes the message ai.stigmer.agentic.mcpserver.v1.McpServerAuth.
+ * Use `create(McpServerAuthSchema)` to create a new message.
  */
-export const McpServerSourceSchema = /*@__PURE__*/ messageDesc(file_ai_stigmer_agentic_mcpserver_v1_spec, 4);
+export const McpServerAuthSchema = /*@__PURE__*/ messageDesc(file_ai_stigmer_agentic_mcpserver_v1_spec, 4);
 //# sourceMappingURL=spec_pb.js.map

package/ai/stigmer/agentic/mcpserver/v1/spec_pb.js.map

@@ -1 +1 @@
-{"version":3,"file":"spec_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/agentic/mcpserver/v1/spec_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,2HAA2H;AAC3H,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAErE,OAAO,EAAE,2CAA2C,EAAE,MAAM,8BAA8B,CAAC;AAC3F,OAAO,EAAE,0BAA0B,EAAE,MAAM,yCAAyC,CAAC;AAErF,OAAO,EAAE,8BAA8B,EAAE,MAAM,wBAAwB,CAAC;AAGxE;;GAEG;AACH,MAAM,CAAC,MAAM,yCAAyC,GAAY,aAAa,CAC7E,QAAQ,CAAC,6nDAA6nD,EAAE,CAAC,2CAA2C,EAAE,0BAA0B,EAAE,8BAA8B,CAAC,CAAC,CAAC;AAuHrvD;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAA8B,aAAa,CACzE,WAAW,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC;AA+D5D;;;GAGG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAkC,aAAa,CACjF,WAAW,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC;AAqE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAiC,aAAa,CAC/E,WAAW,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC;AAmD5D;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAmC,aAAa,CACnF,WAAW,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC;AAkE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAgC,aAAa,CAC7E,WAAW,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC"}
+{"version":3,"file":"spec_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/agentic/mcpserver/v1/spec_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,2HAA2H;AAC3H,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAErE,OAAO,EAAE,2CAA2C,EAAE,MAAM,8BAA8B,CAAC;AAE3F,OAAO,EAAE,sCAAsC,EAAE,MAAM,oCAAoC,CAAC;AAC5F,OAAO,EAAE,0BAA0B,EAAE,MAAM,yCAAyC,CAAC;AAGrF;;GAEG;AACH,MAAM,CAAC,MAAM,yCAAyC,GAAY,aAAa,CAC7E,QAAQ,CAAC,wrDAAwrD,EAAE,CAAC,2CAA2C,EAAE,sCAAsC,EAAE,0BAA0B,CAAC,CAAC,CAAC;AA8IxzD;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAA8B,aAAa,CACzE,WAAW,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC;AA+D5D;;;GAGG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAkC,aAAa,CACjF,WAAW,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC;AAqE5D;;;GAGG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAiC,aAAa,CAC/E,WAAW,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC;AAmD5D;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAmC,aAAa,CACnF,WAAW,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC;AA+E5D;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAA8B,aAAa,CACzE,WAAW,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAC"}

package/ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb.d.ts

@@ -194,6 +194,12 @@ export declare enum ApiResourceKind {
      * @generated from enum value: identity_provider = 21;
      */
     identity_provider = 21,
+    /**
+     * Registered OAuth application with an external vendor for outbound authentication.
+     *
+     * @generated from enum value: oauth_app = 22;
+     */
+    oauth_app = 22,
     /**
      * Top-level tenant that owns and manages resources.
      *

package/ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb.js

@@ -8,7 +8,7 @@ import { file_google_protobuf_descriptor } from "@bufbuild/protobuf/wkt";
 /**
  * Describes the file ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind.proto.
  */
-export const file_ai_stigmer_commons_apiresource_apiresourcekind_api_resource_kind = /*@__PURE__*/ fileDesc("CkZhaS9zdGlnbWVyL2NvbW1vbnMvYXBpcmVzb3VyY2UvYXBpcmVzb3VyY2VraW5kL2FwaV9yZXNvdXJjZV9raW5kLnByb3RvEi5haS5zdGlnbWVyLmNvbW1vbnMuYXBpcmVzb3VyY2UuYXBpcmVzb3VyY2VraW5kIswDChNBcGlSZXNvdXJjZUtpbmRNZXRhEk8KBWdyb3VwGAEgASgOMkAuYWkuc3RpZ21lci5jb21tb25zLmFwaXJlc291cmNlLmFwaXJlc291cmNla2luZC5BcGlSZXNvdXJjZUdyb3VwElMKB3ZlcnNpb24YAiABKA4yQi5haS5zdGlnbWVyLmNvbW1vbnMuYXBpcmVzb3VyY2UuYXBpcmVzb3VyY2VraW5kLkFwaVJlc291cmNlVmVyc2lvbhIMCgRuYW1lGAMgASgJEhQKDGRpc3BsYXlfbmFtZRgEIAEoCRIRCglpZF9wcmVmaXgYBSABKAkSFAoMaXNfdmVyc2lvbmVkGAYgASgIEhoKEm5vdF9zZWFyY2hfaW5kZXhlZBgHIAEoCBJKCgR0aWVyGAggASgOMjwuYWkuc3RpZ21lci5jb21tb25zLmFwaXJlc291cmNlLmFwaXJlc291cmNla2luZC5SZXNvdXJjZVRpZXISWgoNYXV0aG9yaXphdGlvbhgJIAEoCzJDLmFpLnN0aWdtZXIuY29tbW9ucy5hcGlyZXNvdXJjZS5hcGlyZXNvdXJjZWtpbmQuQXV0aG9yaXphdGlvbkNvbmZpZypCChJBcGlSZXNvdXJjZVZlcnNpb24SJAogYXBpX3Jlc291cmNlX3ZlcnNpb25fdW5zcGVjaWZpZWQQABIGCgJ2MRABKk4KDFJlc291cmNlVGllchIdChlyZXNvdXJjZV90aWVyX3Vuc3BlY2lmaWVkEAASDwoLb3Blbl9zb3VyY2UQARIOCgpjbG91ZF9vbmx5EAIqQQoPUGxhdGZvcm1JZFZhbHVlEiEKHXBsYXRmb3JtX2lkX3ZhbHVlX3Vuc3BlY2lmaWVkEAASCwoHc3RpZ21lchABKqsMCg9BcGlSZXNvdXJjZUtpbmQSHQoZYXBpX3Jlc291cmNlX2tpbmRfdW5rbm93bhAAElsKFGFwaV9yZXNvdXJjZV92ZXJzaW9uEAEaQar/Kz0IARABGhJBcGlSZXNvdXJjZVZlcnNpb24iFEFQSSBSZXNvdXJjZSBWZXJzaW9uKgN2ZXI4AUACSgQIBRAEEj8KCmlhbV9wb2xpY3kQChovqv8rKwgCEAEaCUlhbVBvbGljeSIKSUFNIFBvbGljeSoEaWFtcDgBQAJKBAgCEAESTgoQaWRlbnRpdHlfYWNjb3VudBALGjiq/ys0CAIQARoPSWRlbnRpdHlBY2NvdW50IhBJZGVudGl0eSBBY2NvdW50KgNpZGFAAkoECAQQAxI1CgdhcGlfa2V5EAwaKKr/KyQIAhABGgZBcGlLZXkiB0FQSSBLZXkqA2tleTgBQAJKBAgEEAESPwoKaW52aXRhdGlvbhAUGi+q/ysrCAIQARoKSW52aXRhdGlvbiIKSW52aXRhdGlvbioDaW52OAFAAkoECAIQARJXChFpZGVudGl0eV9wcm92aWRlchAVGkCq/ys8CAIQARoQSWRlbnRpdHlQcm92aWRlciIRSWRlbnRpdHkgUHJvdmlkZXIqA2lkcDgBQAJKCAgCEAE6AgEEEkkKDG9yZ2FuaXphdGlvbhAeGjeq/yszCAMQARoMT3JnYW5pemF0aW9uIgxPcmdhbml6YXRpb24qA29yZ0ABSgoIBBABOgQBAgMEEjkKCHBsYXRmb3JtEB8aK6r/KycIAxABGghQbGF0Zm9ybSIIUGxhdGZvcm0qA3BsdDgBQAJKBAgFEAQSNgoFYWdlbnQQKBorqv8rJwgBEAEaBUFnZW50IgVBZ2VudCoDYWd0QAFKDAgCEAEqAggBOgIBBBJrCg9hZ2VudF9leGVjdXRpb24QKRpWqv8rUggBEAEaDkFnZW50RXhlY3V0aW9uIg9BZ2VudCBFeGVjdXRpb24qA2FleEABSiQIAxACGh4KB3Nlc3Npb24SB3Nlc3Npb24aCnNlc3Npb25faWQSOAoHc2Vzc2lvbhAqGiuq/ysnCAEQARoHU2Vzc2lvbiIHU2Vzc2lvbioDc2VzQAFKCAgCEAE6AgEEEjgKBXNraWxsECsaLar/KykIARABGgVTa2lsbCIFU2tpbGwqA3NrbDABQAFKDAgCEAEqAggBOgIBBBJECgptY3Bfc2VydmVyECwaNKr/KzAIARABGglNY3BTZXJ2ZXIiCk1DUCBTZXJ2ZXIqA21jcEABSgwIAhABKgIIAToCAQQSagoOYWdlbnRfaW5zdGFuY2UQLRpWqv8rUggBEAEaDUFnZW50SW5zdGFuY2UiDkFnZW50IEluc3RhbmNlKgNhaW5AAUomCAIQASIYCgVhZ2VudBIFYWdlbnQaCGFnZW50X2lkKgIIAToCAQQSPwoId29ya2Zsb3cQMhoxqv8rLQgBEAEaCFdvcmtmbG93IghXb3JrZmxvdyoDd2ZsQAFKDAgCEAEqAggBOgIBBBJ4ChF3b3JrZmxvd19pbnN0YW5jZRAzGmGq/ytdCAEQARoQV29ya2Zsb3dJbnN0YW5jZSIRV29ya2Zsb3cgSW5zdGFuY2UqA3dpbkABSisIAhABIiEKCHdvcmtmbG93Egh3b3JrZmxvdxoLd29ya2Zsb3dfaWQ6AgEEElgKEndvcmtmbG93X2V4ZWN1dGlvbhA0GkCq/ys8CAEQARoRV29ya2Zsb3dFeGVjdXRpb24iEldvcmtmbG93IEV4ZWN1dGlvbioDd2V4QAFKCAgCEAE6AgEEEkYKC2Vudmlyb25tZW50EDUaNar/KzEIARABGgtFbnZpcm9ubWVudCILRW52aXJvbm1lbnQqA2VudkABSgoIAhABMAE6AgEEElIKEWV4ZWN1dGlvbl9jb250ZXh0EDYaO6r/KzcIARABGhBFeGVjdXRpb25Db250ZXh0IhFFeGVjdXRpb24gQ29udGV4dCoEZWN0eEABSgQIBBABEjgKB3Byb2plY3QQPBorqv8rJwgDEAEaB1Byb2plY3QiB1Byb2plY3QqA3ByakABSggIAhABOgIBBDqFAQoJa2luZF9tZXRhEiEuZ29vZ2xlLnByb3RvYnVmLkVudW1WYWx1ZU9wdGlvbnMY9b8FIAEoCzJDLmFpLnN0aWdtZXIuY29tbW9ucy5hcGlyZXNvdXJjZS5hcGlyZXNvdXJjZWtpbmQuQXBpUmVzb3VyY2VLaW5kTWV0YVIIa2luZE1ldGFCG0IZQXBpUmVzb3VyY2VLaW5kT3V0ZXJDbGFzc2IGcHJvdG8z", [file_ai_stigmer_commons_apiresource_apiresourcekind_api_resource_group, file_ai_stigmer_commons_apiresource_apiresourcekind_authorization_config, file_google_protobuf_descriptor]);
+export const file_ai_stigmer_commons_apiresource_apiresourcekind_api_resource_kind = /*@__PURE__*/ fileDesc("CkZhaS9zdGlnbWVyL2NvbW1vbnMvYXBpcmVzb3VyY2UvYXBpcmVzb3VyY2VraW5kL2FwaV9yZXNvdXJjZV9raW5kLnByb3RvEi5haS5zdGlnbWVyLmNvbW1vbnMuYXBpcmVzb3VyY2UuYXBpcmVzb3VyY2VraW5kIswDChNBcGlSZXNvdXJjZUtpbmRNZXRhEk8KBWdyb3VwGAEgASgOMkAuYWkuc3RpZ21lci5jb21tb25zLmFwaXJlc291cmNlLmFwaXJlc291cmNla2luZC5BcGlSZXNvdXJjZUdyb3VwElMKB3ZlcnNpb24YAiABKA4yQi5haS5zdGlnbWVyLmNvbW1vbnMuYXBpcmVzb3VyY2UuYXBpcmVzb3VyY2VraW5kLkFwaVJlc291cmNlVmVyc2lvbhIMCgRuYW1lGAMgASgJEhQKDGRpc3BsYXlfbmFtZRgEIAEoCRIRCglpZF9wcmVmaXgYBSABKAkSFAoMaXNfdmVyc2lvbmVkGAYgASgIEhoKEm5vdF9zZWFyY2hfaW5kZXhlZBgHIAEoCBJKCgR0aWVyGAggASgOMjwuYWkuc3RpZ21lci5jb21tb25zLmFwaXJlc291cmNlLmFwaXJlc291cmNla2luZC5SZXNvdXJjZVRpZXISWgoNYXV0aG9yaXphdGlvbhgJIAEoCzJDLmFpLnN0aWdtZXIuY29tbW9ucy5hcGlyZXNvdXJjZS5hcGlyZXNvdXJjZWtpbmQuQXV0aG9yaXphdGlvbkNvbmZpZypCChJBcGlSZXNvdXJjZVZlcnNpb24SJAogYXBpX3Jlc291cmNlX3ZlcnNpb25fdW5zcGVjaWZpZWQQABIGCgJ2MRABKk4KDFJlc291cmNlVGllchIdChlyZXNvdXJjZV90aWVyX3Vuc3BlY2lmaWVkEAASDwoLb3Blbl9zb3VyY2UQARIOCgpjbG91ZF9vbmx5EAIqQQoPUGxhdGZvcm1JZFZhbHVlEiEKHXBsYXRmb3JtX2lkX3ZhbHVlX3Vuc3BlY2lmaWVkEAASCwoHc3RpZ21lchABKu0MCg9BcGlSZXNvdXJjZUtpbmQSHQoZYXBpX3Jlc291cmNlX2tpbmRfdW5rbm93bhAAElsKFGFwaV9yZXNvdXJjZV92ZXJzaW9uEAEaQar/Kz0IARABGhJBcGlSZXNvdXJjZVZlcnNpb24iFEFQSSBSZXNvdXJjZSBWZXJzaW9uKgN2ZXI4AUACSgQIBRAEEj8KCmlhbV9wb2xpY3kQChovqv8rKwgCEAEaCUlhbVBvbGljeSIKSUFNIFBvbGljeSoEaWFtcDgBQAJKBAgCEAESTgoQaWRlbnRpdHlfYWNjb3VudBALGjiq/ys0CAIQARoPSWRlbnRpdHlBY2NvdW50IhBJZGVudGl0eSBBY2NvdW50KgNpZGFAAkoECAQQAxI1CgdhcGlfa2V5EAwaKKr/KyQIAhABGgZBcGlLZXkiB0FQSSBLZXkqA2tleTgBQAJKBAgEEAESPwoKaW52aXRhdGlvbhAUGi+q/ysrCAIQARoKSW52aXRhdGlvbiIKSW52aXRhdGlvbioDaW52OAFAAkoECAIQARJXChFpZGVudGl0eV9wcm92aWRlchAVGkCq/ys8CAIQARoQSWRlbnRpdHlQcm92aWRlciIRSWRlbnRpdHkgUHJvdmlkZXIqA2lkcDgBQAJKCAgCEAE6AgEEEkAKCW9hdXRoX2FwcBAWGjGq/ystCAIQARoIT0F1dGhBcHAiCU9BdXRoIEFwcCoEb2FwcDgBQAJKCAgCEAE6AgEEEkkKDG9yZ2FuaXphdGlvbhAeGjeq/yszCAMQARoMT3JnYW5pemF0aW9uIgxPcmdhbml6YXRpb24qA29yZ0ABSgoIBBABOgQBAgMEEjkKCHBsYXRmb3JtEB8aK6r/KycIAxABGghQbGF0Zm9ybSIIUGxhdGZvcm0qA3BsdDgBQAJKBAgFEAQSNgoFYWdlbnQQKBorqv8rJwgBEAEaBUFnZW50IgVBZ2VudCoDYWd0QAFKDAgCEAEqAggBOgIBBBJrCg9hZ2VudF9leGVjdXRpb24QKRpWqv8rUggBEAEaDkFnZW50RXhlY3V0aW9uIg9BZ2VudCBFeGVjdXRpb24qA2FleEABSiQIAxACGh4KB3Nlc3Npb24SB3Nlc3Npb24aCnNlc3Npb25faWQSOAoHc2Vzc2lvbhAqGiuq/ysnCAEQARoHU2Vzc2lvbiIHU2Vzc2lvbioDc2VzQAFKCAgCEAE6AgEEEjgKBXNraWxsECsaLar/KykIARABGgVTa2lsbCIFU2tpbGwqA3NrbDABQAFKDAgCEAEqAggBOgIBBBJECgptY3Bfc2VydmVyECwaNKr/KzAIARABGglNY3BTZXJ2ZXIiCk1DUCBTZXJ2ZXIqA21jcEABSgwIAhABKgIIAToCAQQSagoOYWdlbnRfaW5zdGFuY2UQLRpWqv8rUggBEAEaDUFnZW50SW5zdGFuY2UiDkFnZW50IEluc3RhbmNlKgNhaW5AAUomCAIQASIYCgVhZ2VudBIFYWdlbnQaCGFnZW50X2lkKgIIAToCAQQSPwoId29ya2Zsb3cQMhoxqv8rLQgBEAEaCFdvcmtmbG93IghXb3JrZmxvdyoDd2ZsQAFKDAgCEAEqAggBOgIBBBJ4ChF3b3JrZmxvd19pbnN0YW5jZRAzGmGq/ytdCAEQARoQV29ya2Zsb3dJbnN0YW5jZSIRV29ya2Zsb3cgSW5zdGFuY2UqA3dpbkABSisIAhABIiEKCHdvcmtmbG93Egh3b3JrZmxvdxoLd29ya2Zsb3dfaWQ6AgEEElgKEndvcmtmbG93X2V4ZWN1dGlvbhA0GkCq/ys8CAEQARoRV29ya2Zsb3dFeGVjdXRpb24iEldvcmtmbG93IEV4ZWN1dGlvbioDd2V4QAFKCAgCEAE6AgEEEkYKC2Vudmlyb25tZW50EDUaNar/KzEIARABGgtFbnZpcm9ubWVudCILRW52aXJvbm1lbnQqA2VudkABSgoIAhABMAE6AgEEElIKEWV4ZWN1dGlvbl9jb250ZXh0EDYaO6r/KzcIARABGhBFeGVjdXRpb25Db250ZXh0IhFFeGVjdXRpb24gQ29udGV4dCoEZWN0eEABSgQIBBABEjgKB3Byb2plY3QQPBorqv8rJwgDEAEaB1Byb2plY3QiB1Byb2plY3QqA3ByakABSggIAhABOgIBBDqFAQoJa2luZF9tZXRhEiEuZ29vZ2xlLnByb3RvYnVmLkVudW1WYWx1ZU9wdGlvbnMY9b8FIAEoCzJDLmFpLnN0aWdtZXIuY29tbW9ucy5hcGlyZXNvdXJjZS5hcGlyZXNvdXJjZWtpbmQuQXBpUmVzb3VyY2VLaW5kTWV0YVIIa2luZE1ldGFCG0IZQXBpUmVzb3VyY2VLaW5kT3V0ZXJDbGFzc2IGcHJvdG8z", [file_ai_stigmer_commons_apiresource_apiresourcekind_api_resource_group, file_ai_stigmer_commons_apiresource_apiresourcekind_authorization_config, file_google_protobuf_descriptor]);
 /**
  * Describes the message ai.stigmer.commons.apiresource.apiresourcekind.ApiResourceKindMeta.
  * Use `create(ApiResourceKindMetaSchema)` to create a new message.
@@ -139,6 +139,12 @@ export var ApiResourceKind;
      * @generated from enum value: identity_provider = 21;
      */
     ApiResourceKind[ApiResourceKind["identity_provider"] = 21] = "identity_provider";
+    /**
+     * Registered OAuth application with an external vendor for outbound authentication.
+     *
+     * @generated from enum value: oauth_app = 22;
+     */
+    ApiResourceKind[ApiResourceKind["oauth_app"] = 22] = "oauth_app";
     /**
      * Top-level tenant that owns and manages resources.
      *

package/ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb.js.map

@@ -1 +1 @@
-{"version":3,"file":"api_resource_kind_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,sKAAsK;AACtK,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAExF,OAAO,EAAE,sEAAsE,EAAE,MAAM,yBAAyB,CAAC;AAEjH,OAAO,EAAE,wEAAwE,EAAE,MAAM,2BAA2B,CAAC;AAErH,OAAO,EAAE,+BAA+B,EAAE,MAAM,wBAAwB,CAAC;AAGzE;;GAEG;AACH,MAAM,CAAC,MAAM,qEAAqE,GAAY,aAAa,CACzG,QAAQ,CAAC,80GAA80G,EAAE,CAAC,sEAAsE,EAAE,wEAAwE,EAAE,+BAA+B,CAAC,CAAC,CAAC;AAwEhhH;;;GAGG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAoC,aAAa,CACrF,WAAW,CAAC,qEAAqE,EAAE,CAAC,CAAC,CAAC;AAExF;;;;GAIG;AACH,MAAM,CAAN,IAAY,kBAcX;AAdD,WAAY,kBAAkB;IAC5B;;;;OAIG;IACH,mHAAoC,CAAA;IAEpC;;;;OAIG;IACH,uDAAM,CAAA;AACR,CAAC,EAdW,kBAAkB,KAAlB,kBAAkB,QAc7B;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAgC,aAAa,CAChF,QAAQ,CAAC,qEAAqE,EAAE,CAAC,CAAC,CAAC;AAErF;;;;GAIG;AACH,MAAM,CAAN,IAAY,YAmBX;AAnBD,WAAY,YAAY;IACtB;;OAEG;IACH,yFAA6B,CAAA;IAE7B;;;;OAIG;IACH,6DAAe,CAAA;IAEf;;;;OAIG;IACH,2DAAc,CAAA;AAChB,CAAC,EAnBW,YAAY,KAAZ,YAAY,QAmBvB;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAA0B,aAAa,CACpE,QAAQ,CAAC,qEAAqE,EAAE,CAAC,CAAC,CAAC;AAErF;;;;;GAKG;AACH,MAAM,CAAN,IAAY,eAaX;AAbD,WAAY,eAAe;IACzB;;OAEG;IACH,uGAAiC,CAAA;IAEjC;;;;;OAKG;IACH,2DAAW,CAAA;AACb,CAAC,EAbW,eAAe,KAAf,eAAe,QAa1B;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAA6B,aAAa,CAC1E,QAAQ,CAAC,qEAAqE,EAAE,CAAC,CAAC,CAAC;AAErF;;;;GAIG;AACH,MAAM,CAAN,IAAY,eAmJX;AAnJD,WAAY,eAAe;IACzB;;;;OAIG;IACH,+FAA6B,CAAA;IAE7B;;;;OAIG;IACH,qFAAwB,CAAA;IAExB;;;;OAIG;IACH,kEAAe,CAAA;IAEf;;;;OAIG;IACH,8EAAqB,CAAA;IAErB;;;;OAIG;IACH,4DAAY,CAAA;IAEZ;;;;OAIG;IACH,kEAAe,CAAA;IAEf;;;;OAIG;IACH,gFAAsB,CAAA;IAEtB;;;;OAIG;IACH,sEAAiB,CAAA;IAEjB;;;;OAIG;IACH,8DAAa,CAAA;IAEb;;;;OAIG;IACH,wDAAU,CAAA;IAEV;;;;OAIG;IACH,4EAAoB,CAAA;IAEpB;;;;OAIG;IACH,4DAAY,CAAA;IAEZ;;;;OAIG;IACH,wDAAU,CAAA;IAEV;;;;OAIG;IACH,kEAAe,CAAA;IAEf;;;;OAIG;IACH,0EAAmB,CAAA;IAEnB;;;;OAIG;IACH,8DAAa,CAAA;IAEb;;;;OAIG;IACH,gFAAsB,CAAA;IAEtB;;;;OAIG;IACH,kFAAuB,CAAA;IAEvB;;;;OAIG;IACH,oEAAgB,CAAA;IAEhB;;;;OAIG;IACH,gFAAsB,CAAA;IAEtB;;;;OAIG;IACH,4DAAY,CAAA;AACd,CAAC,EAnJW,eAAe,KAAf,eAAe,QAmJ1B;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAA6B,aAAa,CAC1E,QAAQ,CAAC,qEAAqE,EAAE,CAAC,CAAC,CAAC;AAErF;;GAEG;AACH,MAAM,CAAC,MAAM,SAAS,GAAwD,aAAa,CACzF,OAAO,CAAC,qEAAqE,EAAE,CAAC,CAAC,CAAC"}
+{"version":3,"file":"api_resource_kind_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,sKAAsK;AACtK,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAExF,OAAO,EAAE,sEAAsE,EAAE,MAAM,yBAAyB,CAAC;AAEjH,OAAO,EAAE,wEAAwE,EAAE,MAAM,2BAA2B,CAAC;AAErH,OAAO,EAAE,+BAA+B,EAAE,MAAM,wBAAwB,CAAC;AAGzE;;GAEG;AACH,MAAM,CAAC,MAAM,qEAAqE,GAAY,aAAa,CACzG,QAAQ,CAAC,s6GAAs6G,EAAE,CAAC,sEAAsE,EAAE,wEAAwE,EAAE,+BAA+B,CAAC,CAAC,CAAC;AAwExmH;;;GAGG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAoC,aAAa,CACrF,WAAW,CAAC,qEAAqE,EAAE,CAAC,CAAC,CAAC;AAExF;;;;GAIG;AACH,MAAM,CAAN,IAAY,kBAcX;AAdD,WAAY,kBAAkB;IAC5B;;;;OAIG;IACH,mHAAoC,CAAA;IAEpC;;;;OAIG;IACH,uDAAM,CAAA;AACR,CAAC,EAdW,kBAAkB,KAAlB,kBAAkB,QAc7B;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAgC,aAAa,CAChF,QAAQ,CAAC,qEAAqE,EAAE,CAAC,CAAC,CAAC;AAErF;;;;GAIG;AACH,MAAM,CAAN,IAAY,YAmBX;AAnBD,WAAY,YAAY;IACtB;;OAEG;IACH,yFAA6B,CAAA;IAE7B;;;;OAIG;IACH,6DAAe,CAAA;IAEf;;;;OAIG;IACH,2DAAc,CAAA;AAChB,CAAC,EAnBW,YAAY,KAAZ,YAAY,QAmBvB;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAA0B,aAAa,CACpE,QAAQ,CAAC,qEAAqE,EAAE,CAAC,CAAC,CAAC;AAErF;;;;;GAKG;AACH,MAAM,CAAN,IAAY,eAaX;AAbD,WAAY,eAAe;IACzB;;OAEG;IACH,uGAAiC,CAAA;IAEjC;;;;;OAKG;IACH,2DAAW,CAAA;AACb,CAAC,EAbW,eAAe,KAAf,eAAe,QAa1B;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAA6B,aAAa,CAC1E,QAAQ,CAAC,qEAAqE,EAAE,CAAC,CAAC,CAAC;AAErF;;;;GAIG;AACH,MAAM,CAAN,IAAY,eA0JX;AA1JD,WAAY,eAAe;IACzB;;;;OAIG;IACH,+FAA6B,CAAA;IAE7B;;;;OAIG;IACH,qFAAwB,CAAA;IAExB;;;;OAIG;IACH,kEAAe,CAAA;IAEf;;;;OAIG;IACH,8EAAqB,CAAA;IAErB;;;;OAIG;IACH,4DAAY,CAAA;IAEZ;;;;OAIG;IACH,kEAAe,CAAA;IAEf;;;;OAIG;IACH,gFAAsB,CAAA;IAEtB;;;;OAIG;IACH,gEAAc,CAAA;IAEd;;;;OAIG;IACH,sEAAiB,CAAA;IAEjB;;;;OAIG;IACH,8DAAa,CAAA;IAEb;;;;OAIG;IACH,wDAAU,CAAA;IAEV;;;;OAIG;IACH,4EAAoB,CAAA;IAEpB;;;;OAIG;IACH,4DAAY,CAAA;IAEZ;;;;OAIG;IACH,wDAAU,CAAA;IAEV;;;;OAIG;IACH,kEAAe,CAAA;IAEf;;;;OAIG;IACH,0EAAmB,CAAA;IAEnB;;;;OAIG;IACH,8DAAa,CAAA;IAEb;;;;OAIG;IACH,gFAAsB,CAAA;IAEtB;;;;OAIG;IACH,kFAAuB,CAAA;IAEvB;;;;OAIG;IACH,oEAAgB,CAAA;IAEhB;;;;OAIG;IACH,gFAAsB,CAAA;IAEtB;;;;OAIG;IACH,4DAAY,CAAA;AACd,CAAC,EA1JW,eAAe,KAAf,eAAe,QA0J1B;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAA6B,aAAa,CAC1E,QAAQ,CAAC,qEAAqE,EAAE,CAAC,CAAC,CAAC;AAErF;;GAEG;AACH,MAAM,CAAC,MAAM,SAAS,GAAwD,aAAa,CACzF,OAAO,CAAC,qEAAqE,EAAE,CAAC,CAAC,CAAC"}

package/ai/stigmer/iam/oauthapp/v1/api_pb.d.ts

@@ -0,0 +1,82 @@
+import type { GenFile, GenMessage } from "@bufbuild/protobuf/codegenv1";
+import type { ApiResourceMetadata } from "../../../commons/apiresource/metadata_pb";
+import type { ApiResourceAuditStatus } from "../../../commons/apiresource/status_pb";
+import type { OAuthAppSpec } from "./spec_pb";
+import type { Message } from "@bufbuild/protobuf";
+/**
+ * Describes the file ai/stigmer/iam/oauthapp/v1/api.proto.
+ */
+export declare const file_ai_stigmer_iam_oauthapp_v1_api: GenFile;
+/**
+ * OAuthApp represents a registered OAuth application with an external vendor.
+ *
+ * An OAuthApp is owned by an organization and holds the client credentials
+ * needed for vendor-specific OAuth flows. It enables Stigmer to authenticate
+ * with external services (Slack, Salesforce, Figma, etc.) on behalf of users.
+ *
+ * OAuthApp is the outbound counterpart to IdentityProvider (inbound auth).
+ * While IdentityProvider configures how external platforms authenticate
+ * *into* Stigmer, OAuthApp configures how Stigmer authenticates *outward*
+ * to external services.
+ *
+ * Referenced by McpServer resources via McpServerVendorOAuth to enable
+ * automated credential acquisition for MCP servers that require
+ * vendor-specific OAuth.
+ *
+ * Example YAML:
+ *   apiVersion: iam.stigmer.ai/v1
+ *   kind: OAuthApp
+ *   metadata:
+ *     name: Slack OAuth
+ *     slug: slack-oauth
+ *     org: acme
+ *   spec:
+ *     provider: "Slack"
+ *     client_id: "1234567890.abcdef"
+ *     client_secret: "xoxs-..."
+ *     authorization_url: "https://slack.com/oauth/v2/authorize"
+ *     token_url: "https://slack.com/api/oauth.v2.access"
+ *     scopes: ["channels:read", "chat:write"]
+ *
+ * @generated from message ai.stigmer.iam.oauthapp.v1.OAuthApp
+ */
+export type OAuthApp = Message<"ai.stigmer.iam.oauthapp.v1.OAuthApp"> & {
+    /**
+     * API version for this resource type.
+     * Must be exactly "iam.stigmer.ai/v1".
+     *
+     * @generated from field: string api_version = 1;
+     */
+    apiVersion: string;
+    /**
+     * Resource kind identifier.
+     * Must be exactly "OAuthApp".
+     *
+     * @generated from field: string kind = 2;
+     */
+    kind: string;
+    /**
+     * Standard resource metadata including name, id, org, visibility, labels, and tags.
+     * The org field identifies which organization owns this OAuth app registration.
+     *
+     * @generated from field: ai.stigmer.commons.apiresource.ApiResourceMetadata metadata = 3;
+     */
+    metadata?: ApiResourceMetadata;
+    /**
+     * User-provided OAuth app configuration (desired state).
+     *
+     * @generated from field: ai.stigmer.iam.oauthapp.v1.OAuthAppSpec spec = 4;
+     */
+    spec?: OAuthAppSpec;
+    /**
+     * System-managed state including audit trail.
+     *
+     * @generated from field: ai.stigmer.commons.apiresource.ApiResourceAuditStatus status = 5;
+     */
+    status?: ApiResourceAuditStatus;
+};
+/**
+ * Describes the message ai.stigmer.iam.oauthapp.v1.OAuthApp.
+ * Use `create(OAuthAppSchema)` to create a new message.
+ */
+export declare const OAuthAppSchema: GenMessage<OAuthApp>;

package/ai/stigmer/iam/oauthapp/v1/api_pb.js

@@ -0,0 +1,18 @@
+// @generated by protoc-gen-es v2.2.2 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/oauthapp/v1/api.proto (package ai.stigmer.iam.oauthapp.v1, syntax proto3)
+/* eslint-disable */
+import { fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv1";
+import { file_ai_stigmer_commons_apiresource_metadata } from "../../../commons/apiresource/metadata_pb";
+import { file_ai_stigmer_commons_apiresource_status } from "../../../commons/apiresource/status_pb";
+import { file_ai_stigmer_iam_oauthapp_v1_spec } from "./spec_pb";
+import { file_buf_validate_validate } from "../../../../../buf/validate/validate_pb";
+/**
+ * Describes the file ai/stigmer/iam/oauthapp/v1/api.proto.
+ */
+export const file_ai_stigmer_iam_oauthapp_v1_api = /*@__PURE__*/ fileDesc("CiRhaS9zdGlnbWVyL2lhbS9vYXV0aGFwcC92MS9hcGkucHJvdG8SGmFpLnN0aWdtZXIuaWFtLm9hdXRoYXBwLnYxIqcCCghPQXV0aEFwcBItCgthcGlfdmVyc2lvbhgBIAEoCUIYukgVchMKEWlhbS5zdGlnbWVyLmFpL3YxEh0KBGtpbmQYAiABKAlCD7pIDHIKCghPQXV0aEFwcBJNCghtZXRhZGF0YRgDIAEoCzIzLmFpLnN0aWdtZXIuY29tbW9ucy5hcGlyZXNvdXJjZS5BcGlSZXNvdXJjZU1ldGFkYXRhQga6SAPIAQESNgoEc3BlYxgEIAEoCzIoLmFpLnN0aWdtZXIuaWFtLm9hdXRoYXBwLnYxLk9BdXRoQXBwU3BlYxJGCgZzdGF0dXMYBSABKAsyNi5haS5zdGlnbWVyLmNvbW1vbnMuYXBpcmVzb3VyY2UuQXBpUmVzb3VyY2VBdWRpdFN0YXR1c2IGcHJvdG8z", [file_ai_stigmer_commons_apiresource_metadata, file_ai_stigmer_commons_apiresource_status, file_ai_stigmer_iam_oauthapp_v1_spec, file_buf_validate_validate]);
+/**
+ * Describes the message ai.stigmer.iam.oauthapp.v1.OAuthApp.
+ * Use `create(OAuthAppSchema)` to create a new message.
+ */
+export const OAuthAppSchema = /*@__PURE__*/ messageDesc(file_ai_stigmer_iam_oauthapp_v1_api, 0);
+//# sourceMappingURL=api_pb.js.map

package/ai/stigmer/iam/oauthapp/v1/api_pb.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/iam/oauthapp/v1/api_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,gHAAgH;AAChH,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAErE,OAAO,EAAE,4CAA4C,EAAE,MAAM,0CAA0C,CAAC;AAExG,OAAO,EAAE,0CAA0C,EAAE,MAAM,wCAAwC,CAAC;AAEpG,OAAO,EAAE,oCAAoC,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,EAAE,0BAA0B,EAAE,MAAM,yCAAyC,CAAC;AAGrF;;GAEG;AACH,MAAM,CAAC,MAAM,mCAAmC,GAAY,aAAa,CACvE,QAAQ,CAAC,kfAAkf,EAAE,CAAC,4CAA4C,EAAE,0CAA0C,EAAE,oCAAoC,EAAE,0BAA0B,CAAC,CAAC,CAAC;AA2E7pB;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAyB,aAAa,CAC/D,WAAW,CAAC,mCAAmC,EAAE,CAAC,CAAC,CAAC"}

package/ai/stigmer/iam/oauthapp/v1/command_connect.d.ts

@@ -0,0 +1,82 @@
+/**
+ * OAuthAppCommandController provides write operations for OAuth app resources.
+ *
+ * @internal
+ * OAuthApps hold vendor client credentials (client_secret) and are always
+ * org-private. There is no updateVisibility RPC — public visibility is
+ * intentionally unsupported to prevent credential leakage.
+ *
+ * @generated from service ai.stigmer.iam.oauthapp.v1.OAuthAppCommandController
+ */
+export declare const OAuthAppCommandController: {
+    readonly typeName: "ai.stigmer.iam.oauthapp.v1.OAuthAppCommandController";
+    readonly methods: {
+        /**
+         * Create or update an OAuth app.
+         *
+         * If the resource does not exist, creates a new OAuth app.
+         * If the resource exists, updates the existing OAuth app.
+         *
+         * @internal
+         * The authorization and state-operation are determined depending on whether the
+         * OAuth app is going to be created or updated, which is determined as
+         * part of the request execution.
+         *
+         * @generated from rpc ai.stigmer.iam.oauthapp.v1.OAuthAppCommandController.apply
+         */
+        readonly apply: {
+            readonly name: "apply";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+        /**
+         * Create an OAuth app.
+         *
+         * The creator's organization owns the OAuth app. The creator is granted
+         * the owner role automatically.
+         *
+         * @internal
+         * Authorization: Requires can_create_oauth_app permission in the organization.
+         *
+         * @generated from rpc ai.stigmer.iam.oauthapp.v1.OAuthAppCommandController.create
+         */
+        readonly create: {
+            readonly name: "create";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+        /**
+         * Update an existing OAuth app.
+         *
+         * @internal
+         * Authorization: Requires can_edit permission on the oauth_app resource.
+         *
+         * @generated from rpc ai.stigmer.iam.oauthapp.v1.OAuthAppCommandController.update
+         */
+        readonly update: {
+            readonly name: "update";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+        /**
+         * Delete an OAuth app.
+         *
+         * Deletion should be blocked if any McpServer resources reference this
+         * OAuth app via McpServerVendorOAuth.oauth_app_ref.
+         *
+         * @internal
+         * Authorization: Requires can_delete permission on the oauth_app resource.
+         *
+         * @generated from rpc ai.stigmer.iam.oauthapp.v1.OAuthAppCommandController.delete
+         */
+        readonly delete: {
+            readonly name: "delete";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+    };
+};

package/ai/stigmer/iam/oauthapp/v1/command_connect.js

@@ -0,0 +1,88 @@
+// @generated by protoc-gen-connect-es v1.6.1 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/oauthapp/v1/command.proto (package ai.stigmer.iam.oauthapp.v1, syntax proto3)
+/* eslint-disable */
+// @ts-nocheck
+import { MethodKind } from "@bufbuild/protobuf";
+/**
+ * OAuthAppCommandController provides write operations for OAuth app resources.
+ *
+ * @internal
+ * OAuthApps hold vendor client credentials (client_secret) and are always
+ * org-private. There is no updateVisibility RPC — public visibility is
+ * intentionally unsupported to prevent credential leakage.
+ *
+ * @generated from service ai.stigmer.iam.oauthapp.v1.OAuthAppCommandController
+ */
+export const OAuthAppCommandController = {
+    typeName: "ai.stigmer.iam.oauthapp.v1.OAuthAppCommandController",
+    methods: {
+        /**
+         * Create or update an OAuth app.
+         *
+         * If the resource does not exist, creates a new OAuth app.
+         * If the resource exists, updates the existing OAuth app.
+         *
+         * @internal
+         * The authorization and state-operation are determined depending on whether the
+         * OAuth app is going to be created or updated, which is determined as
+         * part of the request execution.
+         *
+         * @generated from rpc ai.stigmer.iam.oauthapp.v1.OAuthAppCommandController.apply
+         */
+        apply: {
+            name: "apply",
+            I: OAuthApp,
+            O: OAuthApp,
+            kind: MethodKind.Unary,
+        },
+        /**
+         * Create an OAuth app.
+         *
+         * The creator's organization owns the OAuth app. The creator is granted
+         * the owner role automatically.
+         *
+         * @internal
+         * Authorization: Requires can_create_oauth_app permission in the organization.
+         *
+         * @generated from rpc ai.stigmer.iam.oauthapp.v1.OAuthAppCommandController.create
+         */
+        create: {
+            name: "create",
+            I: OAuthApp,
+            O: OAuthApp,
+            kind: MethodKind.Unary,
+        },
+        /**
+         * Update an existing OAuth app.
+         *
+         * @internal
+         * Authorization: Requires can_edit permission on the oauth_app resource.
+         *
+         * @generated from rpc ai.stigmer.iam.oauthapp.v1.OAuthAppCommandController.update
+         */
+        update: {
+            name: "update",
+            I: OAuthApp,
+            O: OAuthApp,
+            kind: MethodKind.Unary,
+        },
+        /**
+         * Delete an OAuth app.
+         *
+         * Deletion should be blocked if any McpServer resources reference this
+         * OAuth app via McpServerVendorOAuth.oauth_app_ref.
+         *
+         * @internal
+         * Authorization: Requires can_delete permission on the oauth_app resource.
+         *
+         * @generated from rpc ai.stigmer.iam.oauthapp.v1.OAuthAppCommandController.delete
+         */
+        delete: {
+            name: "delete",
+            I: ApiResourceDeleteInput,
+            O: OAuthApp,
+            kind: MethodKind.Unary,
+        },
+    }
+};
+//# sourceMappingURL=command_connect.js.map

package/ai/stigmer/iam/oauthapp/v1/command_connect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command_connect.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/iam/oauthapp/v1/command_connect.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,oHAAoH;AACpH,oBAAoB;AACpB,cAAc;AAGd,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGhD;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,QAAQ,EAAE,sDAAsD;IAChE,OAAO,EAAE;QACP;;;;;;;;;;;;WAYG;QACH,KAAK,EAAE;YACL,IAAI,EAAE,OAAO;YACb,CAAC,EAAE,QAAQ;YACX,CAAC,EAAE,QAAQ;YACX,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;QACD;;;;;;;;;;WAUG;QACH,MAAM,EAAE;YACN,IAAI,EAAE,QAAQ;YACd,CAAC,EAAE,QAAQ;YACX,CAAC,EAAE,QAAQ;YACX,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;QACD;;;;;;;WAOG;QACH,MAAM,EAAE;YACN,IAAI,EAAE,QAAQ;YACd,CAAC,EAAE,QAAQ;YACX,CAAC,EAAE,QAAQ;YACX,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;QACD;;;;;;;;;;WAUG;QACH,MAAM,EAAE;YACN,IAAI,EAAE,QAAQ;YACd,CAAC,EAAE,sBAAsB;YACzB,CAAC,EAAE,QAAQ;YACX,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;KACF;CACO,CAAC"}