@stigmer/sdk 0.0.72 → 0.0.74
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/authorization-config.d.ts +24 -0
- package/authorization-config.d.ts.map +1 -0
- package/authorization-config.js +32 -0
- package/authorization-config.js.map +1 -0
- package/gen/agent.d.ts.map +1 -1
- package/gen/agent.js +1 -0
- package/gen/agent.js.map +1 -1
- package/gen/authorization-config.d.ts +14 -0
- package/gen/authorization-config.d.ts.map +1 -0
- package/gen/authorization-config.js +28 -0
- package/gen/authorization-config.js.map +1 -0
- package/gen/client.d.ts +5 -1
- package/gen/client.d.ts.map +1 -1
- package/gen/client.js +4 -0
- package/gen/client.js.map +1 -1
- package/gen/iampolicy.d.ts +5 -1
- package/gen/iampolicy.d.ts.map +1 -1
- package/gen/iampolicy.js +32 -0
- package/gen/iampolicy.js.map +1 -1
- package/gen/identityaccount.d.ts +5 -1
- package/gen/identityaccount.d.ts.map +1 -1
- package/gen/identityaccount.js +32 -0
- package/gen/identityaccount.js.map +1 -1
- package/gen/identityprovider.d.ts +5 -0
- package/gen/identityprovider.d.ts.map +1 -1
- package/gen/identityprovider.js +18 -0
- package/gen/identityprovider.js.map +1 -1
- package/gen/invitation.d.ts +28 -0
- package/gen/invitation.d.ts.map +1 -0
- package/gen/invitation.js +87 -0
- package/gen/invitation.js.map +1 -0
- package/gen/mcpserver.d.ts +12 -4
- package/gen/mcpserver.d.ts.map +1 -1
- package/gen/mcpserver.js +17 -13
- package/gen/mcpserver.js.map +1 -1
- package/gen/resource-availability.d.ts +9 -0
- package/gen/resource-availability.d.ts.map +1 -0
- package/gen/resource-availability.js +18 -0
- package/gen/resource-availability.js.map +1 -0
- package/gen/skill.d.ts.map +1 -1
- package/gen/skill.js +1 -0
- package/gen/skill.js.map +1 -1
- package/gen/types.d.ts +1 -0
- package/gen/types.d.ts.map +1 -1
- package/iam-role.d.ts +33 -0
- package/iam-role.d.ts.map +1 -0
- package/iam-role.js +68 -0
- package/iam-role.js.map +1 -0
- package/index.d.ts +4 -0
- package/index.d.ts.map +1 -1
- package/index.js +5 -0
- package/index.js.map +1 -1
- package/package.json +2 -2
- package/resource-availability.d.ts +1 -1
- package/resource-availability.d.ts.map +1 -1
- package/resource-availability.js +1 -20
- package/resource-availability.js.map +1 -1
- package/src/authorization-config.ts +42 -0
- package/src/gen/agent.ts +1 -0
- package/src/gen/authorization-config.ts +29 -0
- package/src/gen/client.ts +6 -1
- package/src/gen/iampolicy.ts +25 -1
- package/src/gen/identityaccount.ts +25 -1
- package/src/gen/identityprovider.ts +17 -0
- package/src/gen/invitation.ts +91 -0
- package/src/gen/mcpserver.ts +30 -13
- package/src/gen/resource-availability.ts +19 -0
- package/src/gen/skill.ts +1 -0
- package/src/gen/types.ts +1 -0
- package/src/iam-role.ts +75 -0
- package/src/index.ts +18 -0
- package/src/resource-availability.ts +2 -21
- package/src/stigmer.ts +3 -0
- package/stigmer.d.ts +2 -0
- package/stigmer.d.ts.map +1 -1
- package/stigmer.js +2 -0
- package/stigmer.js.map +1 -1
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import type { ApiResourceKind } from "@stigmer/protos/ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb";
|
|
2
|
+
import { IamRole } from "@stigmer/protos/ai/stigmer/iam/v1/enum_pb";
|
|
3
|
+
import { GRANTABLE_ROLES } from "./gen/authorization-config";
|
|
4
|
+
|
|
5
|
+
const EMPTY_ROLES: readonly IamRole[] = Object.freeze([]);
|
|
6
|
+
|
|
7
|
+
/**
|
|
8
|
+
* Returns the roles that can be granted on the given resource kind
|
|
9
|
+
* via IAM policies.
|
|
10
|
+
*
|
|
11
|
+
* An empty array means no user-grantable roles exist — the resource is
|
|
12
|
+
* either owner-only, inherits authorization from a parent, is self-owned,
|
|
13
|
+
* or has no authorization.
|
|
14
|
+
*/
|
|
15
|
+
export function getGrantableRoles(
|
|
16
|
+
kind: ApiResourceKind,
|
|
17
|
+
): readonly IamRole[] {
|
|
18
|
+
return GRANTABLE_ROLES.get(kind) ?? EMPTY_ROLES;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
/**
|
|
22
|
+
* Whether the given resource kind has at least one user-grantable role.
|
|
23
|
+
*/
|
|
24
|
+
export function hasGrantableRoles(kind: ApiResourceKind): boolean {
|
|
25
|
+
const roles = GRANTABLE_ROLES.get(kind);
|
|
26
|
+
return roles !== undefined && roles.length > 0;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
/**
|
|
30
|
+
* Whether the given role can be granted on the given resource kind.
|
|
31
|
+
*
|
|
32
|
+
* Use this for client-side pre-validation before calling
|
|
33
|
+
* `iamPolicy.create()` — it mirrors the backend's
|
|
34
|
+
* `ValidateGrantableRole` step.
|
|
35
|
+
*/
|
|
36
|
+
export function isRoleGrantable(
|
|
37
|
+
kind: ApiResourceKind,
|
|
38
|
+
role: IamRole,
|
|
39
|
+
): boolean {
|
|
40
|
+
const roles = GRANTABLE_ROLES.get(kind);
|
|
41
|
+
return roles !== undefined && roles.includes(role);
|
|
42
|
+
}
|
package/src/gen/agent.ts
CHANGED
|
@@ -85,6 +85,7 @@ export class AgentClient {
|
|
|
85
85
|
query: params.query,
|
|
86
86
|
org: params.org,
|
|
87
87
|
excludePublic: params.excludePublic ?? false,
|
|
88
|
+
crossOrgPublic: params.crossOrgPublic ?? false,
|
|
88
89
|
page: params.page ? create(PageInfoSchema, params.page) : undefined,
|
|
89
90
|
}));
|
|
90
91
|
return {
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
// Code generated by stigmer-codegen from api_resource_kind.proto kind_meta. DO NOT EDIT.
|
|
2
|
+
|
|
3
|
+
import { ApiResourceKind } from "@stigmer/protos/ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb";
|
|
4
|
+
import { IamRole } from "@stigmer/protos/ai/stigmer/iam/v1/enum_pb";
|
|
5
|
+
|
|
6
|
+
/**
|
|
7
|
+
* Roles that can be granted on each resource kind via IAM policies.
|
|
8
|
+
*
|
|
9
|
+
* Source of truth: api_resource_kind.proto — each ApiResourceKind enum
|
|
10
|
+
* value carries an AuthorizationConfig with grantable_roles in its
|
|
11
|
+
* kind_meta options.
|
|
12
|
+
*
|
|
13
|
+
* Kinds not in this map have no user-grantable roles (system-managed,
|
|
14
|
+
* owner-only, inherited, or no authorization).
|
|
15
|
+
*/
|
|
16
|
+
export const GRANTABLE_ROLES: ReadonlyMap<ApiResourceKind, readonly IamRole[]> = new Map([
|
|
17
|
+
[ApiResourceKind.identity_provider, [IamRole.owner, IamRole.viewer]],
|
|
18
|
+
[ApiResourceKind.organization, [IamRole.owner, IamRole.admin, IamRole.member, IamRole.viewer]],
|
|
19
|
+
[ApiResourceKind.agent, [IamRole.owner, IamRole.viewer]],
|
|
20
|
+
[ApiResourceKind.session, [IamRole.owner, IamRole.viewer]],
|
|
21
|
+
[ApiResourceKind.skill, [IamRole.owner, IamRole.viewer]],
|
|
22
|
+
[ApiResourceKind.mcp_server, [IamRole.owner, IamRole.viewer]],
|
|
23
|
+
[ApiResourceKind.agent_instance, [IamRole.owner, IamRole.viewer]],
|
|
24
|
+
[ApiResourceKind.workflow, [IamRole.owner, IamRole.viewer]],
|
|
25
|
+
[ApiResourceKind.workflow_instance, [IamRole.owner, IamRole.viewer]],
|
|
26
|
+
[ApiResourceKind.workflow_execution, [IamRole.owner, IamRole.viewer]],
|
|
27
|
+
[ApiResourceKind.environment, [IamRole.owner, IamRole.viewer]],
|
|
28
|
+
[ApiResourceKind.project, [IamRole.owner, IamRole.viewer]],
|
|
29
|
+
]);
|
package/src/gen/client.ts
CHANGED
|
@@ -10,6 +10,7 @@ import { ExecutionContextClient } from "./executioncontext";
|
|
|
10
10
|
import { IamPolicyClient } from "./iampolicy";
|
|
11
11
|
import { IdentityAccountClient } from "./identityaccount";
|
|
12
12
|
import { IdentityProviderClient } from "./identityprovider";
|
|
13
|
+
import { InvitationClient } from "./invitation";
|
|
13
14
|
import { McpServerClient } from "./mcpserver";
|
|
14
15
|
import { OrganizationClient } from "./organization";
|
|
15
16
|
import { ProjectClient } from "./project";
|
|
@@ -30,6 +31,7 @@ export class GeneratedClient {
|
|
|
30
31
|
readonly iamPolicy: IamPolicyClient;
|
|
31
32
|
readonly identityAccount: IdentityAccountClient;
|
|
32
33
|
readonly identityProvider: IdentityProviderClient;
|
|
34
|
+
readonly invitation: InvitationClient;
|
|
33
35
|
readonly mcpServer: McpServerClient;
|
|
34
36
|
readonly organization: OrganizationClient;
|
|
35
37
|
readonly project: ProjectClient;
|
|
@@ -49,6 +51,7 @@ export class GeneratedClient {
|
|
|
49
51
|
this.iamPolicy = new IamPolicyClient(transport);
|
|
50
52
|
this.identityAccount = new IdentityAccountClient(transport);
|
|
51
53
|
this.identityProvider = new IdentityProviderClient(transport);
|
|
54
|
+
this.invitation = new InvitationClient(transport);
|
|
52
55
|
this.mcpServer = new McpServerClient(transport);
|
|
53
56
|
this.organization = new OrganizationClient(transport);
|
|
54
57
|
this.project = new ProjectClient(transport);
|
|
@@ -79,8 +82,10 @@ export { IdentityAccountClient } from "./identityaccount";
|
|
|
79
82
|
export { type IdentityAccountInput } from "./identityaccount";
|
|
80
83
|
export { IdentityProviderClient } from "./identityprovider";
|
|
81
84
|
export { type IdentityProviderInput } from "./identityprovider";
|
|
85
|
+
export { InvitationClient } from "./invitation";
|
|
86
|
+
export { type InvitationInput } from "./invitation";
|
|
82
87
|
export { McpServerClient } from "./mcpserver";
|
|
83
|
-
export { type McpServerInput, type StdioServerConfigInput, type HttpServerConfigInput, type ToolApprovalPolicyInput } from "./mcpserver";
|
|
88
|
+
export { type McpServerInput, type StdioServerConfigInput, type HttpServerConfigInput, type McpServerSourceInput, type ToolApprovalPolicyInput } from "./mcpserver";
|
|
84
89
|
export { OrganizationClient } from "./organization";
|
|
85
90
|
export { type OrganizationInput } from "./organization";
|
|
86
91
|
export { ProjectClient } from "./project";
|
package/src/gen/iampolicy.ts
CHANGED
|
@@ -7,7 +7,7 @@ import { createClient, type Client, type Transport } from "@connectrpc/connect";
|
|
|
7
7
|
import { ApiResourceMetadataSchema } from "@stigmer/protos/ai/stigmer/commons/apiresource/metadata_pb";
|
|
8
8
|
import { IamPolicySchema, type IamPolicy } from "@stigmer/protos/ai/stigmer/iam/iampolicy/v1/api_pb";
|
|
9
9
|
import { IamPolicyCommandController } from "@stigmer/protos/ai/stigmer/iam/iampolicy/v1/command_pb";
|
|
10
|
-
import { IamPolicyIdSchema, CheckAuthorizationInputSchema, CheckAuthorizationResultSchema, ListAuthorizedResourceIdsInputSchema, AuthorizedResourceIdsListSchema, ListAuthorizedPrincipalIdsInputSchema, AuthorizedPrincipalIdsListSchema, type CheckAuthorizationInput, type CheckAuthorizationResult, type ListAuthorizedResourceIdsInput, type AuthorizedResourceIdsList, type ListAuthorizedPrincipalIdsInput, type AuthorizedPrincipalIdsList } from "@stigmer/protos/ai/stigmer/iam/iampolicy/v1/io_pb";
|
|
10
|
+
import { IamPolicyIdSchema, RevokeOrgAccessInputSchema, CheckAuthorizationInputSchema, CheckAuthorizationResultSchema, ListAuthorizedResourceIdsInputSchema, AuthorizedResourceIdsListSchema, ListAuthorizedPrincipalIdsInputSchema, AuthorizedPrincipalIdsListSchema, ListResourceAccessInputSchema, ResourceAccessByPrincipalListSchema, PrincipalResourceInputSchema, PrincipalResourceRolesSchema, GetPrincipalsCountInputSchema, PrincipalsCountSchema, type RevokeOrgAccessInput, type CheckAuthorizationInput, type CheckAuthorizationResult, type ListAuthorizedResourceIdsInput, type AuthorizedResourceIdsList, type ListAuthorizedPrincipalIdsInput, type AuthorizedPrincipalIdsList, type ListResourceAccessInput, type ResourceAccessByPrincipalList, type PrincipalResourceInput, type PrincipalResourceRoles, type GetPrincipalsCountInput, type PrincipalsCount } from "@stigmer/protos/ai/stigmer/iam/iampolicy/v1/io_pb";
|
|
11
11
|
import { IamPolicyQueryController } from "@stigmer/protos/ai/stigmer/iam/iampolicy/v1/query_pb";
|
|
12
12
|
import { ApiResourceRefSchema, IamPolicySpecSchema, type IamPolicySpec, type ApiResourceRef } from "@stigmer/protos/ai/stigmer/iam/iampolicy/v1/spec_pb";
|
|
13
13
|
|
|
@@ -45,6 +45,12 @@ export class IamPolicyClient {
|
|
|
45
45
|
} catch (e) { throw wrapError(e); }
|
|
46
46
|
}
|
|
47
47
|
|
|
48
|
+
async revokeOrgAccess(input: RevokeOrgAccessInput): Promise<void> {
|
|
49
|
+
try {
|
|
50
|
+
await this.command.revokeOrgAccess(input);
|
|
51
|
+
} catch (e) { throw wrapError(e); }
|
|
52
|
+
}
|
|
53
|
+
|
|
48
54
|
async get(id: string): Promise<IamPolicy> {
|
|
49
55
|
try {
|
|
50
56
|
return await this.query.get(create(IamPolicyIdSchema, { value: id }));
|
|
@@ -68,6 +74,24 @@ export class IamPolicyClient {
|
|
|
68
74
|
return await this.query.listAuthorizedPrincipalIds(input);
|
|
69
75
|
} catch (e) { throw wrapError(e); }
|
|
70
76
|
}
|
|
77
|
+
|
|
78
|
+
async listResourceAccessByPrincipal(input: ListResourceAccessInput): Promise<ResourceAccessByPrincipalList> {
|
|
79
|
+
try {
|
|
80
|
+
return await this.query.listResourceAccessByPrincipal(input);
|
|
81
|
+
} catch (e) { throw wrapError(e); }
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
async getPrincipalResourceRoles(input: PrincipalResourceInput): Promise<PrincipalResourceRoles> {
|
|
85
|
+
try {
|
|
86
|
+
return await this.query.getPrincipalResourceRoles(input);
|
|
87
|
+
} catch (e) { throw wrapError(e); }
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
async getPrincipalsCount(input: GetPrincipalsCountInput): Promise<PrincipalsCount> {
|
|
91
|
+
try {
|
|
92
|
+
return await this.query.getPrincipalsCount(input);
|
|
93
|
+
} catch (e) { throw wrapError(e); }
|
|
94
|
+
}
|
|
71
95
|
}
|
|
72
96
|
|
|
73
97
|
/** Input for creating/updating a IamPolicy. */
|
|
@@ -12,7 +12,7 @@ import { type ApiResourceAuditActor } from "@stigmer/protos/ai/stigmer/commons/a
|
|
|
12
12
|
import { IdentityAccountSchema, type IdentityAccount } from "@stigmer/protos/ai/stigmer/iam/identityaccount/v1/api_pb";
|
|
13
13
|
import { IdentityAccountCommandController } from "@stigmer/protos/ai/stigmer/iam/identityaccount/v1/command_pb";
|
|
14
14
|
import { IdentityAccountProvisioningMode } from "@stigmer/protos/ai/stigmer/iam/identityaccount/v1/enum_pb";
|
|
15
|
-
import { IdentityAccountIdSchema, IdentityAccountEmailSchema, IdpIdSchema, type IdentityAccountEmail } from "@stigmer/protos/ai/stigmer/iam/identityaccount/v1/io_pb";
|
|
15
|
+
import { IdentityAccountIdSchema, CreateFederatedAccountInputSchema, UpdateFederatedAccountInputSchema, DeprovisionFederatedAccountInputSchema, IdentityAccountEmailSchema, IdpIdSchema, ExternalSubLookupSchema, type CreateFederatedAccountInput, type UpdateFederatedAccountInput, type DeprovisionFederatedAccountInput, type IdentityAccountEmail, type ExternalSubLookup } from "@stigmer/protos/ai/stigmer/iam/identityaccount/v1/io_pb";
|
|
16
16
|
import { IdentityAccountQueryController } from "@stigmer/protos/ai/stigmer/iam/identityaccount/v1/query_pb";
|
|
17
17
|
import { IdentityAccountSpecSchema } from "@stigmer/protos/ai/stigmer/iam/identityaccount/v1/spec_pb";
|
|
18
18
|
|
|
@@ -44,6 +44,24 @@ export class IdentityAccountClient {
|
|
|
44
44
|
} catch (e) { throw wrapError(e); }
|
|
45
45
|
}
|
|
46
46
|
|
|
47
|
+
async createFederatedAccount(input: CreateFederatedAccountInput): Promise<IdentityAccount> {
|
|
48
|
+
try {
|
|
49
|
+
return await this.command.createFederatedAccount(input);
|
|
50
|
+
} catch (e) { throw wrapError(e); }
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
async updateFederatedAccount(input: UpdateFederatedAccountInput): Promise<IdentityAccount> {
|
|
54
|
+
try {
|
|
55
|
+
return await this.command.updateFederatedAccount(input);
|
|
56
|
+
} catch (e) { throw wrapError(e); }
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
async deprovisionFederatedAccount(input: DeprovisionFederatedAccountInput): Promise<IdentityAccount> {
|
|
60
|
+
try {
|
|
61
|
+
return await this.command.deprovisionFederatedAccount(input);
|
|
62
|
+
} catch (e) { throw wrapError(e); }
|
|
63
|
+
}
|
|
64
|
+
|
|
47
65
|
async simulateSignupWebhook(input: IdentityAccountEmail): Promise<void> {
|
|
48
66
|
try {
|
|
49
67
|
await this.command.simulateSignupWebhook(input);
|
|
@@ -74,6 +92,12 @@ export class IdentityAccountClient {
|
|
|
74
92
|
} catch (e) { throw wrapError(e); }
|
|
75
93
|
}
|
|
76
94
|
|
|
95
|
+
async getByExternalSub(input: ExternalSubLookup): Promise<IdentityAccount> {
|
|
96
|
+
try {
|
|
97
|
+
return await this.query.getByExternalSub(input);
|
|
98
|
+
} catch (e) { throw wrapError(e); }
|
|
99
|
+
}
|
|
100
|
+
|
|
77
101
|
async getActorInfo(id: string): Promise<ApiResourceAuditActor> {
|
|
78
102
|
try {
|
|
79
103
|
return await this.query.getActorInfo(create(IdentityAccountIdSchema, { value: id }));
|
|
@@ -10,6 +10,7 @@ import { ApiResourceIdSchema, ApiResourceReferenceSchema, ApiResourceDeleteInput
|
|
|
10
10
|
import { ApiResourceMetadataSchema } from "@stigmer/protos/ai/stigmer/commons/apiresource/metadata_pb";
|
|
11
11
|
import { IdentityProviderSchema, type IdentityProvider } from "@stigmer/protos/ai/stigmer/iam/identityprovider/v1/api_pb";
|
|
12
12
|
import { IdentityProviderCommandController } from "@stigmer/protos/ai/stigmer/iam/identityprovider/v1/command_pb";
|
|
13
|
+
import { ListIdentityProvidersByOrgInputSchema, IdentityProvidersSchema, OrganizationSsoLookupSchema, SsoProviderInfoSchema, type ListIdentityProvidersByOrgInput, type IdentityProviders, type OrganizationSsoLookup, type SsoProviderInfo } from "@stigmer/protos/ai/stigmer/iam/identityprovider/v1/io_pb";
|
|
13
14
|
import { IdentityProviderQueryController } from "@stigmer/protos/ai/stigmer/iam/identityprovider/v1/query_pb";
|
|
14
15
|
import { IdentityProviderSpecSchema } from "@stigmer/protos/ai/stigmer/iam/identityprovider/v1/spec_pb";
|
|
15
16
|
|
|
@@ -62,6 +63,18 @@ export class IdentityProviderClient {
|
|
|
62
63
|
return await this.query.getByReference(create(ApiResourceReferenceSchema, { ...ref, kind: ApiResourceKind.identity_provider }));
|
|
63
64
|
} catch (e) { throw wrapError(e); }
|
|
64
65
|
}
|
|
66
|
+
|
|
67
|
+
async listByOrg(input: ListIdentityProvidersByOrgInput): Promise<IdentityProviders> {
|
|
68
|
+
try {
|
|
69
|
+
return await this.query.listByOrg(input);
|
|
70
|
+
} catch (e) { throw wrapError(e); }
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
async getSsoProvider(input: OrganizationSsoLookup): Promise<SsoProviderInfo> {
|
|
74
|
+
try {
|
|
75
|
+
return await this.query.getSsoProvider(input);
|
|
76
|
+
} catch (e) { throw wrapError(e); }
|
|
77
|
+
}
|
|
65
78
|
}
|
|
66
79
|
|
|
67
80
|
/** Input for creating/updating a IdentityProvider. */
|
|
@@ -76,6 +89,8 @@ export interface IdentityProviderInput {
|
|
|
76
89
|
expectedAudience?: string;
|
|
77
90
|
rateLimitBudget?: number;
|
|
78
91
|
userinfoEndpoint?: string;
|
|
92
|
+
isSsoProvider?: boolean;
|
|
93
|
+
oidcClientId?: string;
|
|
79
94
|
}
|
|
80
95
|
|
|
81
96
|
function buildIdentityProviderProto(input: IdentityProviderInput): IdentityProvider {
|
|
@@ -95,6 +110,8 @@ function buildIdentityProviderProto(input: IdentityProviderInput): IdentityProvi
|
|
|
95
110
|
expectedAudience: input.expectedAudience,
|
|
96
111
|
rateLimitBudget: input.rateLimitBudget,
|
|
97
112
|
userinfoEndpoint: input.userinfoEndpoint,
|
|
113
|
+
isSsoProvider: input.isSsoProvider,
|
|
114
|
+
oidcClientId: input.oidcClientId,
|
|
98
115
|
})),
|
|
99
116
|
}) as IdentityProvider;
|
|
100
117
|
}
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
// Code generated by stigmer-codegen. DO NOT EDIT.
|
|
2
|
+
|
|
3
|
+
import { wrapError } from "./errors";
|
|
4
|
+
import { stripUndefined } from "./proto-utils";
|
|
5
|
+
import { create } from "@bufbuild/protobuf";
|
|
6
|
+
import { createClient, type Client, type Transport } from "@connectrpc/connect";
|
|
7
|
+
import { ApiResourceMetadataSchema } from "@stigmer/protos/ai/stigmer/commons/apiresource/metadata_pb";
|
|
8
|
+
import { InvitationSchema, type Invitation } from "@stigmer/protos/ai/stigmer/iam/invitation/v1/api_pb";
|
|
9
|
+
import { InvitationCommandController } from "@stigmer/protos/ai/stigmer/iam/invitation/v1/command_pb";
|
|
10
|
+
import { InvitationIdSchema, RedeemInvitationInputSchema, ListInvitationsByOrgInputSchema, InvitationsSchema, InvitationTokenInputSchema, InvitationPreviewSchema, type RedeemInvitationInput, type ListInvitationsByOrgInput, type Invitations, type InvitationTokenInput, type InvitationPreview } from "@stigmer/protos/ai/stigmer/iam/invitation/v1/io_pb";
|
|
11
|
+
import { InvitationQueryController } from "@stigmer/protos/ai/stigmer/iam/invitation/v1/query_pb";
|
|
12
|
+
import { InvitationSpecSchema } from "@stigmer/protos/ai/stigmer/iam/invitation/v1/spec_pb";
|
|
13
|
+
import { IamRole } from "@stigmer/protos/ai/stigmer/iam/v1/enum_pb";
|
|
14
|
+
|
|
15
|
+
/** Provides operations on invitation resources. */
|
|
16
|
+
export class InvitationClient {
|
|
17
|
+
private readonly command: Client<typeof InvitationCommandController>;
|
|
18
|
+
private readonly query: Client<typeof InvitationQueryController>;
|
|
19
|
+
|
|
20
|
+
constructor(transport: Transport) {
|
|
21
|
+
this.command = createClient(InvitationCommandController, transport);
|
|
22
|
+
this.query = createClient(InvitationQueryController, transport);
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
async create(input: InvitationInput): Promise<Invitation> {
|
|
26
|
+
try {
|
|
27
|
+
return await this.command.create(buildInvitationProto(input));
|
|
28
|
+
} catch (e) { throw wrapError(e); }
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
async revoke(id: string): Promise<Invitation> {
|
|
32
|
+
try {
|
|
33
|
+
return await this.command.revoke(create(InvitationIdSchema, { value: id }));
|
|
34
|
+
} catch (e) { throw wrapError(e); }
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
async redeem(input: RedeemInvitationInput): Promise<Invitation> {
|
|
38
|
+
try {
|
|
39
|
+
return await this.command.redeem(input);
|
|
40
|
+
} catch (e) { throw wrapError(e); }
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
async get(id: string): Promise<Invitation> {
|
|
44
|
+
try {
|
|
45
|
+
return await this.query.get(create(InvitationIdSchema, { value: id }));
|
|
46
|
+
} catch (e) { throw wrapError(e); }
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
async listByOrg(input: ListInvitationsByOrgInput): Promise<Invitations> {
|
|
50
|
+
try {
|
|
51
|
+
return await this.query.listByOrg(input);
|
|
52
|
+
} catch (e) { throw wrapError(e); }
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
async getByToken(input: InvitationTokenInput): Promise<InvitationPreview> {
|
|
56
|
+
try {
|
|
57
|
+
return await this.query.getByToken(input);
|
|
58
|
+
} catch (e) { throw wrapError(e); }
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
/** Input for creating/updating a Invitation. */
|
|
63
|
+
export interface InvitationInput {
|
|
64
|
+
name: string;
|
|
65
|
+
slug?: string;
|
|
66
|
+
org: string;
|
|
67
|
+
labels?: Record<string, string>;
|
|
68
|
+
role: IamRole;
|
|
69
|
+
maxRedemptions?: number;
|
|
70
|
+
expiresAt: Date | string;
|
|
71
|
+
label?: string;
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
function buildInvitationProto(input: InvitationInput): Invitation {
|
|
75
|
+
return Object.assign(create(InvitationSchema), {
|
|
76
|
+
apiVersion: "iam.stigmer.ai/v1",
|
|
77
|
+
kind: "Invitation",
|
|
78
|
+
metadata: Object.assign(create(ApiResourceMetadataSchema), {
|
|
79
|
+
name: input.name,
|
|
80
|
+
org: input.org,
|
|
81
|
+
...(input.slug && { slug: input.slug }),
|
|
82
|
+
...(input.labels && { labels: input.labels }),
|
|
83
|
+
}),
|
|
84
|
+
spec: Object.assign(create(InvitationSpecSchema), stripUndefined({
|
|
85
|
+
role: input.role,
|
|
86
|
+
maxRedemptions: input.maxRedemptions,
|
|
87
|
+
expiresAt: input.expiresAt,
|
|
88
|
+
label: input.label,
|
|
89
|
+
})),
|
|
90
|
+
}) as Invitation;
|
|
91
|
+
}
|
package/src/gen/mcpserver.ts
CHANGED
|
@@ -8,9 +8,9 @@ import { createClient, type Client, type Transport } from "@connectrpc/connect";
|
|
|
8
8
|
import { EnvironmentSpecSchema, EnvironmentValueSchema } from "@stigmer/protos/ai/stigmer/agentic/environment/v1/spec_pb";
|
|
9
9
|
import { McpServerSchema, type McpServer } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/api_pb";
|
|
10
10
|
import { McpServerCommandController } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/command_pb";
|
|
11
|
-
import {
|
|
11
|
+
import { ConnectInputSchema, type ConnectInput } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/io_pb";
|
|
12
12
|
import { McpServerQueryController } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/query_pb";
|
|
13
|
-
import { McpServerSpecSchema, StdioServerConfigSchema, HttpServerConfigSchema, ToolApprovalPolicySchema } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/spec_pb";
|
|
13
|
+
import { McpServerSpecSchema, StdioServerConfigSchema, HttpServerConfigSchema, McpServerSourceSchema, ToolApprovalPolicySchema } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/spec_pb";
|
|
14
14
|
import { ApiResourceKind } from "@stigmer/protos/ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb";
|
|
15
15
|
import { ApiResourceIdSchema, ApiResourceReferenceSchema, ApiResourceDeleteInputSchema, type UpdateVisibilityInput } from "@stigmer/protos/ai/stigmer/commons/apiresource/io_pb";
|
|
16
16
|
import { ApiResourceMetadataSchema } from "@stigmer/protos/ai/stigmer/commons/apiresource/metadata_pb";
|
|
@@ -64,15 +64,9 @@ export class McpServerClient {
|
|
|
64
64
|
} catch (e) { throw wrapError(e); }
|
|
65
65
|
}
|
|
66
66
|
|
|
67
|
-
async
|
|
67
|
+
async connect(input: ConnectInput): Promise<McpServer> {
|
|
68
68
|
try {
|
|
69
|
-
return await this.command.
|
|
70
|
-
} catch (e) { throw wrapError(e); }
|
|
71
|
-
}
|
|
72
|
-
|
|
73
|
-
async discoverCapabilities(input: DiscoverCapabilitiesInput): Promise<McpServer> {
|
|
74
|
-
try {
|
|
75
|
-
return await this.command.discoverCapabilities(input);
|
|
69
|
+
return await this.command.connect(input);
|
|
76
70
|
} catch (e) { throw wrapError(e); }
|
|
77
71
|
}
|
|
78
72
|
|
|
@@ -95,6 +89,7 @@ export class McpServerClient {
|
|
|
95
89
|
query: params.query,
|
|
96
90
|
org: params.org,
|
|
97
91
|
excludePublic: params.excludePublic ?? false,
|
|
92
|
+
crossOrgPublic: params.crossOrgPublic ?? false,
|
|
98
93
|
page: params.page ? create(PageInfoSchema, params.page) : undefined,
|
|
99
94
|
}));
|
|
100
95
|
return {
|
|
@@ -118,7 +113,8 @@ export interface McpServerInput {
|
|
|
118
113
|
http?: HttpServerConfigInput;
|
|
119
114
|
defaultEnabledTools?: string[];
|
|
120
115
|
envSpec?: EnvSpecInput;
|
|
121
|
-
|
|
116
|
+
source?: McpServerSourceInput;
|
|
117
|
+
pinnedToolApprovals?: ToolApprovalPolicyInput[];
|
|
122
118
|
}
|
|
123
119
|
|
|
124
120
|
/** SDK input type for StdioServerConfig. */
|
|
@@ -136,6 +132,15 @@ export interface HttpServerConfigInput {
|
|
|
136
132
|
timeoutSeconds?: number;
|
|
137
133
|
}
|
|
138
134
|
|
|
135
|
+
/** SDK input type for McpServerSource. */
|
|
136
|
+
export interface McpServerSourceInput {
|
|
137
|
+
registry?: string;
|
|
138
|
+
registryName?: string;
|
|
139
|
+
version?: string;
|
|
140
|
+
repositoryUrl?: string;
|
|
141
|
+
lastSyncedAt?: Date | string;
|
|
142
|
+
}
|
|
143
|
+
|
|
139
144
|
/** SDK input type for ToolApprovalPolicy. */
|
|
140
145
|
export interface ToolApprovalPolicyInput {
|
|
141
146
|
toolName?: string;
|
|
@@ -159,6 +164,16 @@ function buildHttpServerConfigProto(input: HttpServerConfigInput) {
|
|
|
159
164
|
}));
|
|
160
165
|
}
|
|
161
166
|
|
|
167
|
+
function buildMcpServerSourceProto(input: McpServerSourceInput) {
|
|
168
|
+
return Object.assign(create(McpServerSourceSchema), stripUndefined({
|
|
169
|
+
registry: input.registry,
|
|
170
|
+
registryName: input.registryName,
|
|
171
|
+
version: input.version,
|
|
172
|
+
repositoryUrl: input.repositoryUrl,
|
|
173
|
+
lastSyncedAt: input.lastSyncedAt,
|
|
174
|
+
}));
|
|
175
|
+
}
|
|
176
|
+
|
|
162
177
|
function buildToolApprovalPolicyProto(input: ToolApprovalPolicyInput) {
|
|
163
178
|
return Object.assign(create(ToolApprovalPolicySchema), stripUndefined({
|
|
164
179
|
toolName: input.toolName,
|
|
@@ -175,13 +190,15 @@ function buildMcpServerProto(input: McpServerInput): McpServer {
|
|
|
175
190
|
}
|
|
176
191
|
envSpec = es;
|
|
177
192
|
}
|
|
178
|
-
const
|
|
193
|
+
const source = input.source ? buildMcpServerSourceProto(input.source) : undefined;
|
|
194
|
+
const pinnedToolApprovals = input.pinnedToolApprovals?.map(buildToolApprovalPolicyProto);
|
|
179
195
|
const spec = Object.assign(create(McpServerSpecSchema), stripUndefined({
|
|
180
196
|
description: input.description,
|
|
181
197
|
iconUrl: input.iconUrl,
|
|
182
198
|
defaultEnabledTools: input.defaultEnabledTools,
|
|
183
199
|
envSpec,
|
|
184
|
-
|
|
200
|
+
source,
|
|
201
|
+
pinnedToolApprovals,
|
|
185
202
|
}));
|
|
186
203
|
if (input.stdio) {
|
|
187
204
|
spec.serverType = { case: "stdio", value: buildStdioServerConfigProto(input.stdio) };
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
// Code generated by stigmer-codegen from api_resource_kind.proto kind_meta. DO NOT EDIT.
|
|
2
|
+
|
|
3
|
+
import { ApiResourceKind } from "@stigmer/protos/ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb";
|
|
4
|
+
|
|
5
|
+
/**
|
|
6
|
+
* Resource kinds whose proto kind_meta.tier is cloud_only.
|
|
7
|
+
*
|
|
8
|
+
* Source of truth: api_resource_kind.proto — each ApiResourceKind enum
|
|
9
|
+
* value carries a ResourceTier in its kind_meta options.
|
|
10
|
+
*/
|
|
11
|
+
export const CLOUD_ONLY_KINDS: ReadonlySet<ApiResourceKind> = new Set([
|
|
12
|
+
ApiResourceKind.api_resource_version,
|
|
13
|
+
ApiResourceKind.iam_policy,
|
|
14
|
+
ApiResourceKind.identity_account,
|
|
15
|
+
ApiResourceKind.api_key,
|
|
16
|
+
ApiResourceKind.invitation,
|
|
17
|
+
ApiResourceKind.identity_provider,
|
|
18
|
+
ApiResourceKind.platform,
|
|
19
|
+
]);
|
package/src/gen/skill.ts
CHANGED
|
@@ -78,6 +78,7 @@ export class SkillClient {
|
|
|
78
78
|
query: params.query,
|
|
79
79
|
org: params.org,
|
|
80
80
|
excludePublic: params.excludePublic ?? false,
|
|
81
|
+
crossOrgPublic: params.crossOrgPublic ?? false,
|
|
81
82
|
page: params.page ? create(PageInfoSchema, params.page) : undefined,
|
|
82
83
|
}));
|
|
83
84
|
return {
|
package/src/gen/types.ts
CHANGED
package/src/iam-role.ts
ADDED
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
import { IamRole } from "@stigmer/protos/ai/stigmer/iam/v1/enum_pb";
|
|
2
|
+
|
|
3
|
+
const ROLE_STRINGS: Record<IamRole, string> = {
|
|
4
|
+
[IamRole.iam_role_unspecified]: "unspecified",
|
|
5
|
+
[IamRole.owner]: "owner",
|
|
6
|
+
[IamRole.admin]: "admin",
|
|
7
|
+
[IamRole.member]: "member",
|
|
8
|
+
[IamRole.viewer]: "viewer",
|
|
9
|
+
};
|
|
10
|
+
|
|
11
|
+
const STRING_TO_ROLE: Record<string, IamRole> = {
|
|
12
|
+
owner: IamRole.owner,
|
|
13
|
+
admin: IamRole.admin,
|
|
14
|
+
member: IamRole.member,
|
|
15
|
+
viewer: IamRole.viewer,
|
|
16
|
+
};
|
|
17
|
+
|
|
18
|
+
const ROLE_DISPLAY_NAMES: Record<IamRole, string> = {
|
|
19
|
+
[IamRole.iam_role_unspecified]: "Unspecified",
|
|
20
|
+
[IamRole.owner]: "Owner",
|
|
21
|
+
[IamRole.admin]: "Admin",
|
|
22
|
+
[IamRole.member]: "Member",
|
|
23
|
+
[IamRole.viewer]: "Viewer",
|
|
24
|
+
};
|
|
25
|
+
|
|
26
|
+
const ROLE_DESCRIPTIONS: Record<IamRole, string> = {
|
|
27
|
+
[IamRole.iam_role_unspecified]: "",
|
|
28
|
+
[IamRole.owner]: "Full access including delete and access management",
|
|
29
|
+
[IamRole.admin]: "Edit access and member management",
|
|
30
|
+
[IamRole.member]: "Standard access to organization resources",
|
|
31
|
+
[IamRole.viewer]: "Read-only access",
|
|
32
|
+
};
|
|
33
|
+
|
|
34
|
+
/**
|
|
35
|
+
* Converts an IamRole enum value to its FGA relation string.
|
|
36
|
+
*
|
|
37
|
+
* This is the string used in `IamPolicySpec.relation` when creating
|
|
38
|
+
* or deleting IAM policies.
|
|
39
|
+
*
|
|
40
|
+
* @example iamRoleToString(IamRole.admin) // "admin"
|
|
41
|
+
*/
|
|
42
|
+
export function iamRoleToString(role: IamRole): string {
|
|
43
|
+
return ROLE_STRINGS[role] ?? "unspecified";
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
/**
|
|
47
|
+
* Parses an FGA relation string to an IamRole enum value.
|
|
48
|
+
*
|
|
49
|
+
* Returns `undefined` for unrecognized strings.
|
|
50
|
+
*
|
|
51
|
+
* @example iamRoleFromString("admin") // IamRole.admin
|
|
52
|
+
*/
|
|
53
|
+
export function iamRoleFromString(s: string): IamRole | undefined {
|
|
54
|
+
return STRING_TO_ROLE[s];
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
/**
|
|
58
|
+
* Human-readable display name for an IamRole.
|
|
59
|
+
*
|
|
60
|
+
* @example iamRoleDisplayName(IamRole.admin) // "Admin"
|
|
61
|
+
*/
|
|
62
|
+
export function iamRoleDisplayName(role: IamRole): string {
|
|
63
|
+
return ROLE_DISPLAY_NAMES[role] ?? "Unknown";
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
/**
|
|
67
|
+
* Short description of what the role grants.
|
|
68
|
+
*
|
|
69
|
+
* Suitable for tooltips and helper text in role selectors.
|
|
70
|
+
*
|
|
71
|
+
* @example iamRoleDescription(IamRole.viewer) // "Read-only access"
|
|
72
|
+
*/
|
|
73
|
+
export function iamRoleDescription(role: IamRole): string {
|
|
74
|
+
return ROLE_DESCRIPTIONS[role] ?? "";
|
|
75
|
+
}
|
package/src/index.ts
CHANGED
|
@@ -30,6 +30,20 @@ export {
|
|
|
30
30
|
isResourceAvailable,
|
|
31
31
|
} from "./resource-availability";
|
|
32
32
|
|
|
33
|
+
// Authorization config and IAM role utilities
|
|
34
|
+
export {
|
|
35
|
+
getGrantableRoles,
|
|
36
|
+
hasGrantableRoles,
|
|
37
|
+
isRoleGrantable,
|
|
38
|
+
} from "./authorization-config";
|
|
39
|
+
export {
|
|
40
|
+
iamRoleToString,
|
|
41
|
+
iamRoleFromString,
|
|
42
|
+
iamRoleDisplayName,
|
|
43
|
+
iamRoleDescription,
|
|
44
|
+
} from "./iam-role";
|
|
45
|
+
export { IamRole } from "@stigmer/protos/ai/stigmer/iam/v1/enum_pb";
|
|
46
|
+
|
|
33
47
|
// Search client
|
|
34
48
|
export {
|
|
35
49
|
SearchClient,
|
|
@@ -96,6 +110,10 @@ export {
|
|
|
96
110
|
IdentityAccountClient,
|
|
97
111
|
type IdentityAccountInput,
|
|
98
112
|
} from "./gen/identityaccount";
|
|
113
|
+
export {
|
|
114
|
+
InvitationClient,
|
|
115
|
+
type InvitationInput,
|
|
116
|
+
} from "./gen/invitation";
|
|
99
117
|
export {
|
|
100
118
|
IdentityProviderClient,
|
|
101
119
|
type IdentityProviderInput,
|
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
import { ApiResourceKind } from "@stigmer/protos/ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb";
|
|
1
|
+
import type { ApiResourceKind } from "@stigmer/protos/ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb";
|
|
2
|
+
import { CLOUD_ONLY_KINDS } from "./gen/resource-availability";
|
|
2
3
|
|
|
3
4
|
/**
|
|
4
5
|
* Deployment mode of the Stigmer backend the client is connected to.
|
|
@@ -10,26 +11,6 @@ import { ApiResourceKind } from "@stigmer/protos/ai/stigmer/commons/apiresource/
|
|
|
10
11
|
*/
|
|
11
12
|
export type DeploymentMode = "local" | "cloud";
|
|
12
13
|
|
|
13
|
-
/**
|
|
14
|
-
* Resource kinds whose proto `kind_meta.tier` is `cloud_only`.
|
|
15
|
-
*
|
|
16
|
-
* Source of truth: `api_resource_kind.proto` — each `ApiResourceKind` enum
|
|
17
|
-
* value carries a `ResourceTier` in its `kind_meta` options. This set
|
|
18
|
-
* mirrors those values statically so the SDK avoids runtime proto
|
|
19
|
-
* descriptor reflection.
|
|
20
|
-
*
|
|
21
|
-
* When a new resource kind is added with `tier: cloud_only` in the proto,
|
|
22
|
-
* add it here as well.
|
|
23
|
-
*/
|
|
24
|
-
const CLOUD_ONLY_KINDS: ReadonlySet<ApiResourceKind> = new Set([
|
|
25
|
-
ApiResourceKind.api_resource_version,
|
|
26
|
-
ApiResourceKind.iam_policy,
|
|
27
|
-
ApiResourceKind.identity_account,
|
|
28
|
-
ApiResourceKind.api_key,
|
|
29
|
-
ApiResourceKind.identity_provider,
|
|
30
|
-
ApiResourceKind.platform,
|
|
31
|
-
]);
|
|
32
|
-
|
|
33
14
|
/**
|
|
34
15
|
* Check whether a resource kind is available in the given deployment mode.
|
|
35
16
|
*
|
package/src/stigmer.ts
CHANGED
|
@@ -16,6 +16,7 @@ import type { ExecutionContextClient } from "./gen/executioncontext";
|
|
|
16
16
|
import type { IamPolicyClient } from "./gen/iampolicy";
|
|
17
17
|
import type { IdentityAccountClient } from "./gen/identityaccount";
|
|
18
18
|
import type { IdentityProviderClient } from "./gen/identityprovider";
|
|
19
|
+
import type { InvitationClient } from "./gen/invitation";
|
|
19
20
|
import type { McpServerClient } from "./gen/mcpserver";
|
|
20
21
|
import type { OrganizationClient } from "./gen/organization";
|
|
21
22
|
import type { ProjectClient } from "./gen/project";
|
|
@@ -60,6 +61,7 @@ export class Stigmer {
|
|
|
60
61
|
readonly iamPolicy: IamPolicyClient;
|
|
61
62
|
readonly identityAccount: IdentityAccountClient;
|
|
62
63
|
readonly identityProvider: IdentityProviderClient;
|
|
64
|
+
readonly invitation: InvitationClient;
|
|
63
65
|
readonly mcpServer: McpServerClient;
|
|
64
66
|
readonly organization: OrganizationClient;
|
|
65
67
|
readonly project: ProjectClient;
|
|
@@ -93,6 +95,7 @@ export class Stigmer {
|
|
|
93
95
|
this.iamPolicy = client.iamPolicy;
|
|
94
96
|
this.identityAccount = client.identityAccount;
|
|
95
97
|
this.identityProvider = client.identityProvider;
|
|
98
|
+
this.invitation = client.invitation;
|
|
96
99
|
this.mcpServer = client.mcpServer;
|
|
97
100
|
this.organization = client.organization;
|
|
98
101
|
this.project = client.project;
|