@superblocksteam/shared 0.9562.5 → 0.9563.1

package/src/org-features/index.ts

@@ -0,0 +1,74 @@
+/**
+ * Organization version-based feature gating module.
+ */
+
+/**
+ * Organization version constants.
+ * - V1: Legacy organizations (version "1")
+ * - V2: New organizations (version "2")
+ *
+ * Note: The distinction between cloud-prem and hybrid-cloud deployments is
+ * determined by the SUPERBLOCKS_DEPLOYMENT_TYPE environment variable, not the org version.
+ */
+export const OrgVersion = {
+  V1: '1',
+  V2: '2'
+} as const;
+
+export type OrgVersionType = (typeof OrgVersion)[keyof typeof OrgVersion];
+
+/**
+ * Features that can be gated by organization version.
+ */
+export enum OrgFeature {
+  LegacyAuditLogs = 'LegacyAuditLogs',
+  LegacyObservability = 'LegacyObservability',
+  LegacySourceControl = 'LegacySourceControl',
+  LegacySuperblocksOcr = 'LegacySuperblocksOcr',
+  LegacySuperblocksEmail = 'LegacySuperblocksEmail',
+  LegacyGoogleSheets = 'LegacyGoogleSheets',
+  LegacyExecutionToken = 'LegacyExecutionToken',
+  LegacySecretsManagement = 'LegacySecretsManagement',
+  LegacyStreamingIntegrations = 'LegacyStreamingIntegrations',
+  InternalLegacyEndpoints = 'InternalLegacyEndpoints',
+  Workflows = 'Workflows',
+  ScheduledJobs = 'ScheduledJobs',
+  LegacyApps = 'LegacyApps',
+  ReactApps = 'ReactApps'
+}
+
+/**
+ * Determines if an organization has access to a specific feature based on its version.
+ *
+ * @param orgVersion - The organization's version ('1' or '2'), or undefined during migration
+ * @param feature - The feature to check access for
+ * @returns true if the organization has access to the feature
+ */
+export function orgHasFeature(orgVersion: OrgVersionType | undefined, feature: OrgFeature): boolean {
+  switch (feature) {
+    // V1-only features (legacy organizations)
+    case OrgFeature.LegacyAuditLogs:
+    case OrgFeature.LegacyObservability:
+    case OrgFeature.LegacySourceControl:
+    case OrgFeature.LegacySuperblocksOcr:
+    case OrgFeature.LegacySuperblocksEmail:
+    case OrgFeature.LegacyGoogleSheets:
+    case OrgFeature.LegacyExecutionToken:
+    case OrgFeature.LegacySecretsManagement:
+    case OrgFeature.LegacyStreamingIntegrations:
+    case OrgFeature.InternalLegacyEndpoints:
+    case OrgFeature.Workflows:
+    case OrgFeature.ScheduledJobs:
+    case OrgFeature.LegacyApps:
+      return orgVersion === OrgVersion.V1;
+
+    // React apps are always available in V2 orgs.
+    // V1 orgs can also access React apps, but that's controlled by feature flags
+    // checked separately - this function only handles org-version gating.
+    case OrgFeature.ReactApps:
+      return orgVersion === OrgVersion.V2;
+
+    default:
+      return false;
+  }
+}

package/src/plugins/templates/bigquery.ts

@@ -1,4 +1,4 @@
-import { EditorLanguage, FormComponentType, Plugin, PluginResponseType, PluginType } from '../../types/index.js';
+import { EditorLanguage, FormComponentType, InputDataType, Plugin, PluginResponseType, PluginType, FormItem } from '../../types/index.js';
 import {
   PARAMETERIZED_SQL_DESCRIPTION,
   SERVICE_ACCOUNT_GHOST_TEXT,
@@ -6,13 +6,124 @@ import {
   PUBLIC_INTEGRATIONS_LOGO_URL,
   DOCS_BASE_URL
 } from './constants.js';
+import { makeDropdownItem } from './shared/db.js';
 
 const BigQueryPluginVersions = {
   V1: '0.0.1',
   V2: '0.0.2',
   V6: '0.0.6',
   V7: '0.0.7',
-  V8: '0.0.8'
+  V8: '0.0.8',
+  V9: '0.0.9'
+};
+
+enum ConnectionType {
+  SERVICE_ACCOUNT_KEY = 'service-account-key',
+  WORKFORCE_IDENTITY_FEDERATION = 'oauth-token-exchange'
+}
+
+const CONNECTION_METHODS_AND_DISPLAY_NAMES = {
+  [ConnectionType.SERVICE_ACCOUNT_KEY]: 'Service Account Key',
+  [ConnectionType.WORKFORCE_IDENTITY_FEDERATION]: 'Workforce Identity Federation'
+};
+
+const BASE_SUBJECT_TOKEN_SOURCE = {
+  label: 'Subject token source',
+  name: 'authConfig.subjectTokenSource',
+  componentType: FormComponentType.DROPDOWN,
+  initialValue: 'SUBJECT_TOKEN_SOURCE_LOGIN_IDENTITY_PROVIDER',
+  rules: [{ required: true, message: 'Subject token source is required' }],
+  options: [
+    makeDropdownItem('SUBJECT_TOKEN_SOURCE_LOGIN_IDENTITY_PROVIDER', 'Login Identity Provider'),
+    makeDropdownItem('SUBJECT_TOKEN_SOURCE_STATIC_TOKEN', 'Static Token')
+  ]
+};
+
+const BASE_STATIC_TOKEN = {
+  label: 'Subject token',
+  name: 'authConfig.subjectTokenSourceStaticToken',
+  componentType: FormComponentType.INPUT_TEXT,
+  dataType: InputDataType.PASSWORD,
+  rules: [{ required: true, message: 'Static token is required when using static token source' }]
+};
+
+const BASE_WORKFORCE_POOL_ID = {
+  label: 'Workforce Pool ID',
+  name: 'authConfig.workforcePoolId',
+  componentType: FormComponentType.INPUT_TEXT,
+  placeholder: 'my-workforce-pool',
+  rules: [{ required: true, message: 'Workforce Pool ID is required' }],
+  tooltip: {
+    markdownText: 'The workforce identity pool ID (POOL_ID)'
+  }
+};
+
+const BASE_WORKFORCE_PROVIDER_ID = {
+  label: 'Workforce Provider ID',
+  name: 'authConfig.workforceProviderId',
+  componentType: FormComponentType.INPUT_TEXT,
+  placeholder: 'my-provider',
+  rules: [{ required: true, message: 'Workforce Provider ID is required' }],
+  tooltip: {
+    markdownText: 'The workforce identity pool provider ID (PROVIDER_ID)'
+  }
+};
+
+const BASE_PROJECT_ID = {
+  label: 'Project ID',
+  name: 'authConfig.projectId',
+  componentType: FormComponentType.INPUT_TEXT,
+  placeholder: 'my-gcp-project',
+  rules: [{ required: true, message: 'Project ID is required' }],
+  tooltip: {
+    markdownText: 'The GCP project ID where BigQuery queries will run'
+  }
+};
+
+const BASE_BILLING_PROJECT_NUMBER = {
+  label: 'Billing Project Number',
+  name: 'authConfig.billingProjectNumber',
+  componentType: FormComponentType.INPUT_TEXT,
+  placeholder: '123456789012',
+  rules: [{ required: false }],
+  tooltip: {
+    markdownText: 'Optional. The project number used for quota attribution during token exchange'
+  }
+};
+
+const HIDDEN_TOKEN_URL = {
+  label: 'Token URL',
+  name: 'authConfig.tokenUrl',
+  componentType: FormComponentType.INPUT_TEXT,
+  hidden: true,
+  initialValue: 'https://sts.googleapis.com/v1/token',
+  rules: [{ required: false }]
+};
+
+const HIDDEN_SCOPE = {
+  label: 'Scope',
+  name: 'authConfig.scope',
+  componentType: FormComponentType.INPUT_TEXT,
+  hidden: true,
+  initialValue: 'https://www.googleapis.com/auth/bigquery',
+  rules: [{ required: false }]
+};
+
+const HIDDEN_SUBJECT_TOKEN_TYPE = {
+  label: 'Subject token type',
+  name: 'authConfig.subjectTokenType',
+  componentType: FormComponentType.INPUT_TEXT,
+  hidden: true,
+  initialValue: 'urn:ietf:params:oauth:token-type:id_token',
+  rules: [{ required: false }]
+};
+
+const COMPUTED_AUDIENCE = {
+  label: 'Audience',
+  name: 'authConfig.audience',
+  componentType: FormComponentType.INPUT_TEXT,
+  hidden: true,
+  rules: [{ required: false }]
 };
 
 export const BigQueryPlugin: Plugin = {
@@ -40,17 +151,143 @@ export const BigQueryPlugin: Plugin = {
             placeholder: 'BigQuery Production',
             rules: [{ required: true, message: 'Display name is required' }]
           },
+          {
+            label: 'Auth Type Field',
+            name: 'authTypeField',
+            hidden: true,
+            componentType: FormComponentType.INPUT_TEXT,
+            startVersion: BigQueryPluginVersions.V9,
+            initialValue: 'connectionType',
+            rules: [{ required: false }]
+          },
+          {
+            label: 'Authentication method',
+            name: 'connectionType',
+            startVersion: BigQueryPluginVersions.V9,
+            componentType: FormComponentType.DROPDOWN,
+            initialValue: ConnectionType.SERVICE_ACCOUNT_KEY,
+            rules: [{ required: true }],
+            options: Object.entries(CONNECTION_METHODS_AND_DISPLAY_NAMES).map(([value, displayName]) =>
+              makeDropdownItem(value, displayName)
+            )
+          } as FormItem,
           {
             label: 'Service account key',
             name: 'authentication.custom.googleServiceAccount.value',
             startVersion: BigQueryPluginVersions.V1,
+            endVersion: BigQueryPluginVersions.V8,
             // INPUT_AREA is broken (cannot be udpated after unfocus). Using
             // code editor for now.
             componentType: FormComponentType.CODE_EDITOR,
             language: EditorLanguage.JSON,
             placeholder: SERVICE_ACCOUNT_GHOST_TEXT,
             rules: [{ required: true, message: 'Service account key is required' }]
-          }
+          } as FormItem,
+          {
+            label: 'Service account key',
+            name: 'authentication.custom.googleServiceAccount.value',
+            startVersion: BigQueryPluginVersions.V9,
+            componentType: FormComponentType.CODE_EDITOR,
+            language: EditorLanguage.JSON,
+            placeholder: SERVICE_ACCOUNT_GHOST_TEXT,
+            rules: [{ required: true, message: 'Service account key is required' }],
+            display: {
+              show: {
+                connectionType: [ConnectionType.SERVICE_ACCOUNT_KEY]
+              }
+            }
+          } as FormItem,
+          {
+            ...BASE_SUBJECT_TOKEN_SOURCE,
+            startVersion: BigQueryPluginVersions.V9,
+            display: {
+              show: {
+                connectionType: [ConnectionType.WORKFORCE_IDENTITY_FEDERATION]
+              }
+            }
+          } as FormItem,
+          {
+            ...BASE_STATIC_TOKEN,
+            startVersion: BigQueryPluginVersions.V9,
+            display: {
+              show: {
+                connectionType: [ConnectionType.WORKFORCE_IDENTITY_FEDERATION],
+                'authConfig.subjectTokenSource': ['SUBJECT_TOKEN_SOURCE_STATIC_TOKEN']
+              }
+            }
+          } as FormItem,
+          {
+            ...BASE_WORKFORCE_POOL_ID,
+            startVersion: BigQueryPluginVersions.V9,
+            display: {
+              show: {
+                connectionType: [ConnectionType.WORKFORCE_IDENTITY_FEDERATION]
+              }
+            }
+          } as FormItem,
+          {
+            ...BASE_WORKFORCE_PROVIDER_ID,
+            startVersion: BigQueryPluginVersions.V9,
+            display: {
+              show: {
+                connectionType: [ConnectionType.WORKFORCE_IDENTITY_FEDERATION]
+              }
+            }
+          } as FormItem,
+          {
+            ...BASE_PROJECT_ID,
+            startVersion: BigQueryPluginVersions.V9,
+            display: {
+              show: {
+                connectionType: [ConnectionType.WORKFORCE_IDENTITY_FEDERATION]
+              }
+            }
+          } as FormItem,
+          {
+            ...BASE_BILLING_PROJECT_NUMBER,
+            startVersion: BigQueryPluginVersions.V9,
+            display: {
+              show: {
+                connectionType: [ConnectionType.WORKFORCE_IDENTITY_FEDERATION]
+              }
+            }
+          } as FormItem,
+          {
+            ...HIDDEN_TOKEN_URL,
+            startVersion: BigQueryPluginVersions.V9,
+            display: {
+              show: {
+                connectionType: [ConnectionType.WORKFORCE_IDENTITY_FEDERATION]
+              }
+            }
+          } as FormItem,
+          {
+            ...HIDDEN_SCOPE,
+            startVersion: BigQueryPluginVersions.V9,
+            display: {
+              show: {
+                connectionType: [ConnectionType.WORKFORCE_IDENTITY_FEDERATION]
+              }
+            }
+          } as FormItem,
+          {
+            ...HIDDEN_SUBJECT_TOKEN_TYPE,
+            startVersion: BigQueryPluginVersions.V9,
+            display: {
+              show: {
+                connectionType: [ConnectionType.WORKFORCE_IDENTITY_FEDERATION]
+              }
+            }
+          } as FormItem,
+          {
+            ...COMPUTED_AUDIENCE,
+            startVersion: BigQueryPluginVersions.V9,
+            display: {
+              show: {
+                connectionType: [ConnectionType.WORKFORCE_IDENTITY_FEDERATION]
+              }
+            }
+          } as FormItem
         ]
       }
     ]

package/src/plugins/templates/databricks.ts

@@ -433,6 +433,16 @@ export const DatabricksPlugin: Plugin = {
       {
         name: 'main',
         items: [
+          {
+            // Hidden operation field to prevent wrapStringInterpolation from adding backticks
+            label: 'Operation',
+            name: 'operation',
+            hidden: true,
+            startVersion: DatabricksPluginVersions.V1,
+            componentType: FormComponentType.DROPDOWN,
+            initialValue: 'SQL_OPERATION_RUN_SQL',
+            options: [makeDropdownItem('SQL_OPERATION_RUN_SQL', 'Run SQL')]
+          },
           {
             label: 'Parameters (:PARAM_1, :PARAM_2, ...)',
             name: 'runSql.parameters',

package/src/plugins/templates/salesforce.ts

@@ -2,17 +2,32 @@ import {
   EditorLanguage,
   ExtendedIntegrationPluginId,
   FormComponentType,
+  FormItem,
+  InputDataType,
+  IntegrationAuthType,
   Plugin,
   PluginResponseType,
   PluginType
 } from '../../types/index.js';
+import {
+  BASE_CLIENT_ID,
+  BASE_CLIENT_SECRET,
+  BASE_SCOPE,
+  BASE_SUBJECT_TOKEN_SOURCE,
+  BASE_SUBJECT_TOKEN_STATIC_TOKEN,
+  BASE_SUBJECT_TOKEN_TYPE,
+  BASE_TOKEN_URL
+} from './shared/index.js';
 import { PUBLIC_INTEGRATIONS_LOGO_URL, DOCS_BASE_URL } from './constants.js';
 import { authSections } from './shared/index.js';
 
-const SalesforcePluginVersions = {
-  V1: '0.0.1'
+export const SalesforcePluginVersions = {
+  V1: '0.0.1',
+  V2: '0.0.2'
 };
 
+const CONNECTION_TYPE_FIELD = 'connection.auth.method.case';
+
 const ACTION_DROPDOWN: { label: string; value: string; children: { label: string; value: string }[] }[] = [
   {
     label: 'Query with SOQL',
@@ -80,12 +95,198 @@ export const SalesforcePlugin: Plugin = {
             startVersion: SalesforcePluginVersions.V1,
             componentType: FormComponentType.INPUT_TEXT,
             initialValue: '{{oauth.token}}',
-            hidden: true
-          }
+            hidden: true,
+            display: {
+              show: {
+                [CONNECTION_TYPE_FIELD]: ['clientCredentialsFlow']
+              }
+            }
+          },
+          {
+            name: 'connection.auth.method.case',
+            label: 'Authentication',
+            startVersion: SalesforcePluginVersions.V2,
+            componentType: FormComponentType.DROPDOWN,
+            initialValue: 'clientCredentialsFlow',
+            options: [
+              {
+                displayName: 'OAuth 2.0 Client Credentials Grant',
+                value: 'clientCredentialsFlow',
+                key: 'clientCredentialsFlow'
+              },
+              {
+                displayName: 'OAuth 2.0 Token Exchange',
+                value: IntegrationAuthType.OAUTH2_TOKEN_EXCHANGE_PROTO,
+                key: IntegrationAuthType.OAUTH2_TOKEN_EXCHANGE_PROTO
+              }
+            ]
+          },
+          // CLIENT CREDENTIALS FLOW
+          {
+            label: 'Token URL',
+            name: 'connection.auth.method.value.tokenUrl',
+            startVersion: SalesforcePluginVersions.V2,
+            componentType: FormComponentType.DYNAMIC_INPUT_TEXT,
+            rules: [{ required: true, message: 'Token URL is required' }],
+            tooltip: {
+              markdownText: `The endpoint for authorization server. This is used to get the access token.`
+            },
+            singleLine: true,
+            display: {
+              show: {
+                'connection.auth.method.case': ['clientCredentialsFlow']
+              }
+            },
+            placeholder: 'https://login.salesforce.com/services/oauth2/token'
+          },
+          {
+            label: 'Consumer key',
+            name: 'connection.auth.method.value.clientId',
+            startVersion: SalesforcePluginVersions.V2,
+            componentType: FormComponentType.DYNAMIC_INPUT_TEXT,
+            placeholder: `my consumer key`,
+            rules: [{ required: true, message: 'Consumer Key is required' }],
+            tooltip: {
+              markdownText: `A public identifier used to identify this Salesforce consumer
+    to the authorization/token servers.`
+            },
+            singleLine: true,
+            display: {
+              show: {
+                'connection.auth.method.case': ['clientCredentialsFlow']
+              }
+            }
+          },
+          {
+            label: 'Consumer secret',
+            name: 'connection.auth.method.value.clientSecret',
+            startVersion: SalesforcePluginVersions.V2,
+            componentType: FormComponentType.INPUT_TEXT,
+            rules: [{ required: true, message: 'Consumer secret is required' }],
+            placeholder: `my consumer secret`,
+            dataType: InputDataType.PASSWORD,
+            tooltip: {
+              markdownText: `A secret shared between the Salesforce consumer and the
+    authorizing/token servers to verify the Consumer Key.`
+            },
+            singleLine: false,
+            display: {
+              show: {
+                'connection.auth.method.case': ['clientCredentialsFlow']
+              }
+            }
+          },
+          // OAUTH2 TOKEN EXCHANGE
+          // This is a field that will always be hidden to users.
+          // It exists to tell the agent WHERE to look on the datasource configuration for the authType.
+          // For more info, see addTokenIfNeeded.go in the orchestrator.
+          {
+            label: '',
+            name: 'authTypeField',
+            hidden: true,
+            initialValue: 'authTypeOnBehalfOfToken',
+            componentType: FormComponentType.INPUT_TEXT,
+            rules: [{ required: false }],
+            startVersion: SalesforcePluginVersions.V2,
+            // This is a newer convention in the agent that allows us to specify the field to look at
+            // when determining authType. We only include this for OAUTH2_TOKEN_EXCHANGE so the
+            // existing clientCredentialsFlow works as-is.
+            // See: https://github.com/superblocksteam/orchestrator/blob/main/internal/auth/add_token_if_needed.go
+            display: {
+              show: {
+                [CONNECTION_TYPE_FIELD]: [IntegrationAuthType.OAUTH2_TOKEN_EXCHANGE_PROTO]
+              }
+            }
+          },
+          // Another field to send a value to the orchestrator. We need this because our current
+          // templates make it difficult/impossible to change the value of a field programmatically.
+          // Ideally the value for authType would be dependent upon which connection type the user
+          // has selected.
+          {
+            label: '',
+            name: 'authTypeOnBehalfOfToken',
+            hidden: true,
+            initialValue: 'oauth-token-exchange',
+            componentType: FormComponentType.INPUT_TEXT,
+            startVersion: SalesforcePluginVersions.V2,
+            display: {
+              show: {
+                [CONNECTION_TYPE_FIELD]: [IntegrationAuthType.OAUTH2_TOKEN_EXCHANGE_PROTO]
+              }
+            }
+          },
+          {
+            ...BASE_SUBJECT_TOKEN_SOURCE,
+            startVersion: SalesforcePluginVersions.V2,
+            display: {
+              show: {
+                [CONNECTION_TYPE_FIELD]: [IntegrationAuthType.OAUTH2_TOKEN_EXCHANGE_PROTO]
+              }
+            }
+          } as FormItem,
+          {
+            ...BASE_SUBJECT_TOKEN_STATIC_TOKEN,
+            startVersion: SalesforcePluginVersions.V2,
+            display: {
+              show: {
+                [CONNECTION_TYPE_FIELD]: [IntegrationAuthType.OAUTH2_TOKEN_EXCHANGE_PROTO],
+                'authConfig.subjectTokenSource': ['SUBJECT_TOKEN_SOURCE_STATIC_TOKEN']
+              }
+            }
+          } as FormItem,
+          {
+            ...BASE_SUBJECT_TOKEN_TYPE,
+            startVersion: SalesforcePluginVersions.V2,
+            placeholder: 'urn:ietf:params:oauth:token-type:access_token',
+            display: {
+              show: {
+                [CONNECTION_TYPE_FIELD]: [IntegrationAuthType.OAUTH2_TOKEN_EXCHANGE_PROTO]
+              }
+            }
+          } as FormItem,
+          {
+            ...BASE_TOKEN_URL,
+            startVersion: SalesforcePluginVersions.V2,
+            display: {
+              show: {
+                [CONNECTION_TYPE_FIELD]: [IntegrationAuthType.OAUTH2_TOKEN_EXCHANGE_PROTO]
+              }
+            }
+          } as FormItem,
+          {
+            ...BASE_CLIENT_ID,
+            startVersion: SalesforcePluginVersions.V2,
+            rules: [{ required: false }],
+            display: {
+              show: {
+                [CONNECTION_TYPE_FIELD]: [IntegrationAuthType.OAUTH2_TOKEN_EXCHANGE_PROTO]
+              }
+            }
+          } as FormItem,
+          {
+            ...BASE_CLIENT_SECRET,
+            startVersion: SalesforcePluginVersions.V2,
+            rules: [{ required: false }],
+            display: {
+              show: {
+                [CONNECTION_TYPE_FIELD]: [IntegrationAuthType.OAUTH2_TOKEN_EXCHANGE_PROTO]
+              }
+            }
+          } as FormItem,
+          {
+            ...BASE_SCOPE,
+            startVersion: SalesforcePluginVersions.V2,
+            display: {
+              show: {
+                [CONNECTION_TYPE_FIELD]: [IntegrationAuthType.OAUTH2_TOKEN_EXCHANGE_PROTO]
+              }
+            }
+          } as FormItem
         ]
       },
       ...authSections({
         startVersion: SalesforcePluginVersions.V1,
+        endVersion: SalesforcePluginVersions.V1,
         pluginId: ExtendedIntegrationPluginId.SALESFORCE,
         pluginName: 'Salesforce',
         defaultMethod: 'clientCredentialsFlow',

package/src/plugins/templates/shared/auth.ts

@@ -98,6 +98,7 @@ const AUTH_METHODS_TO_TYPES = {
 
 export const authSections = ({
   startVersion,
+  endVersion,
   pluginId,
   pluginName,
   defaultMethod,
@@ -109,6 +110,7 @@ export const authSections = ({
   prependItems = []
 }: {
   startVersion: string;
+  endVersion?: string;
   pluginId: ExtendedIntegrationPluginId;
   pluginName: string;
   enabledMethods: AuthMethods;
@@ -1393,6 +1395,22 @@ export const authSections = ({
     ]
   });
 
+  // Apply endVersion to all items so callers can cap the version range of the entire auth section.
+  if (endVersion) {
+    for (const section of formSections) {
+      for (const item of section.items) {
+        if ('startVersion' in item) {
+          (item as FormItem).endVersion = (item as FormItem).endVersion ?? endVersion;
+        }
+        if ('rowItems' in item) {
+          for (const rowItem of (item as { rowItems: FormItem[] }).rowItems) {
+            rowItem.endVersion = rowItem.endVersion ?? endVersion;
+          }
+        }
+      }
+    }
+  }
+
   return formSections;
 };
 
@@ -1582,7 +1600,7 @@ export const BASE_SUBJECT_TOKEN_SOURCE = {
   singleLine: false
 };
 
-const BASE_SUBJECT_TOKEN_TYPE = {
+export const BASE_SUBJECT_TOKEN_TYPE = {
   label: 'Subject token type',
   name: 'authConfig.subjectTokenType',
   componentType: FormComponentType.INPUT_TEXT,

package/src/socket/protocol.ts

@@ -2,7 +2,7 @@
 
 import { DirectoryEntry, PutManyRequestPayload, PutManyResponsePayload } from '../dbfs/types.js';
 import { ApiToSign, ApiToVerify, AppToSign, AppToVerify, ApplicationSignatureTreeSigned, Signature } from '../signing/constants.js';
-import { AiChatMessageDto, AiChatMessagePayload, AiWorkflowEvent } from '../types/index.js';
+import { AiChatMessageDto, AiChatMessagePayload, AiWorkflowEvent, FactListQuery, ListFactsResponse } from '../types/index.js';
 import {
   ApplicationConfiguration,
   ApplicationPageClonePayload,
@@ -135,6 +135,9 @@ export interface ServerMethods {
         };
       };
     };
+    fact: {
+      list: ServerMethodSchema<FactListQuery, ListFactsResponse>;
+    };
   };
   v2: {
     application: {

package/src/socket/tracedSocket.ts

@@ -58,6 +58,21 @@ function setHttpStatusFromError(span: Span, error: Error): void {
   span.setStatus({ code: SpanStatusCode.ERROR, message: error.message });
 }
 
+/**
+ * @deprecated Use `TracedSocket` from `@superblocksteam/telemetry` instead.
+ * This class will be removed in a future version.
+ *
+ * Migration:
+ * ```typescript
+ * // Before
+ * import { TracedSocket } from '@superblocksteam/shared';
+ *
+ * // After
+ * import { TracedSocket, getTelemetryInstance } from '@superblocksteam/telemetry';
+ * const { policyEvaluator } = getTelemetryInstance();
+ * new TracedSocket(ws, handlers, middlewares, { requestHeaders, policyEvaluator }, options);
+ * ```
+ */
 export class TracedSocket<ImplementedMethods, CallableMethods, RequestContext extends RequestContextBase> extends ISocket<
   ImplementedMethods,
   CallableMethods,