@tangle-network/agent-integrations 0.14.0 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +15 -0
  2. package/dist/index.d.ts +552 -248
  3. package/dist/index.js +938 -164
  4. package/dist/index.js.map +1 -1
  5. package/docs/architecture.md +7 -0
  6. package/docs/production-completion-checklist.md +63 -0
  7. package/package.json +1 -1
package/docs/architecture.md CHANGED
@@ -16,6 +16,10 @@
16
16
  - connection store interface
17
17
  - sandbox-safe capability token minting and verification
18
18
  - invocation policy enforcement
19
+ - approval persistence contracts and resume helpers
20
+ - audit, idempotency, healthcheck, and webhook-ingestion primitives
21
+ - credential resolver interfaces over product-owned vaults
22
+ - sandbox/CLI bridge payloads for scoped capabilities
19
23
  - event normalization
20
24
  - redaction helpers
21
25
 
@@ -44,3 +48,6 @@ Product apps own:
44
48
  - Agents can invoke only actions allowed by that capability.
45
49
  - Triggers can wake or enqueue sandbox workflows without exposing credentials.
46
50
  - Audit logs can show what happened without leaking secrets.
51
+ - Writes can pause for approval, resume by approval id, and replay safely by
52
+ idempotency key.
53
+ - Products can healthcheck connections and ingest webhooks with dedupe.
package/docs/production-completion-checklist.md ADDED
@@ -0,0 +1,63 @@
1
+ # Production Completion Checklist
2
+
3
+ This is the library-owned done bar for `agent-integrations`. Product repos still
4
+ own UI, DB adapters, vault deployment, enabled-connector policy, and live
5
+ provider credentials.
6
+
7
+ ## Complete In This Package
8
+
9
+ - [x] Normalized connector, action, trigger, connection, and capability types.
10
+ - [x] Vendor-neutral `IntegrationHub` facade for provider catalogs, auth,
11
+ connections, scoped capability issue/verify, and action invocation.
12
+ - [x] First-party connector adapter boundary and declarative REST adapter path.
13
+ - [x] Generated setup specs and runbook/admin-UI renderers.
14
+ - [x] Canonical registry that dedupes setup specs, first-party adapters,
15
+ gateway catalogs, and long-tail catalog metadata.
16
+ - [x] Catalog-only safety: long-tail metadata is discoverable but not callable
17
+ unless promoted to an executable support tier.
18
+ - [x] App/agent `IntegrationManifest` resolution against user connections.
19
+ - [x] Persistent grants from user-owned connections to apps, agents, sandboxes,
20
+ and generated software.
21
+ - [x] Sandbox bundles with short-lived capability tokens and tool definitions.
22
+ - [x] Bridge payload/env helpers for sandbox processes and executor-style CLIs.
23
+ - [x] Sandbox invocation host that validates envelopes before hub invocation and
24
+ normalizes success, failure, and approval-required results.
25
+ - [x] Policy engine for allow/deny/approval decisions.
26
+ - [x] Approval store and approval-backed policy resume path.
27
+ - [x] Idempotency guard with replay, same-key drift detection, dry-run mutation
28
+ handling, optional rate-limit hook, and audit records.
29
+ - [x] Audit event store/sink and redaction helpers.
30
+ - [x] Healthcheck primitives for connection status, executable tier, scope
31
+ shape, and optional live provider tests.
32
+ - [x] Credential resolver and secret-store interface for resolving secret refs,
33
+ refreshing expired OAuth credentials, and revoking connections.
34
+ - [x] Workflow runtime for trigger subscription install and normalized event
35
+ dispatch.
36
+ - [x] Webhook ingestion runtime for signature checks, provider-event dedupe, and
37
+ workflow dispatch.
38
+ - [x] Focused tests for hub, registry, runtime grants, workflow triggers,
39
+ sandbox invocation, approval resume, idempotency, credentials,
40
+ healthchecks, bridge payloads, and webhook dedupe.
41
+
42
+ ## Product Integration Checklist
43
+
44
+ - [ ] Persist `IntegrationConnection`, `IntegrationGrant`, approval, audit,
45
+ healthcheck, workflow, and event stores in the product database.
46
+ - [ ] Back `IntegrationSecretStore` with the production vault/KMS.
47
+ - [ ] Add OAuth/API-key setup UI from `IntegrationSpec` renderers.
48
+ - [ ] Add connect, approve, revoke, rotate, healthcheck, and audit-log screens.
49
+ - [ ] Feed generated app requirements into `IntegrationManifest`.
50
+ - [ ] Inject `buildIntegrationBridgeEnvironment()` into sandbox launches.
51
+ - [ ] Route sandbox tool calls through `dispatchIntegrationInvocation()`.
52
+ - [ ] Run live OAuth and browser E2E tests for each shipped product.
53
+
54
+ ## Executor.sh And Sandbox CLIs
55
+
56
+ Executor-style CLIs are an execution layer, not the integration source of truth.
57
+ They can consume this package cleanly by receiving the bridge env payload inside
58
+ the sandbox and calling back to the product integration hub with capability
59
+ tokens. The CLI never needs OAuth refresh tokens or provider API keys.
60
+
61
+ Use executor-style tooling when it improves sandbox process orchestration,
62
+ command execution, or workflow hosting. Do not make it the credential broker or
63
+ canonical connector registry unless a product explicitly chooses that provider.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@tangle-network/agent-integrations",
3
- "version": "0.14.0",
3
+ "version": "0.15.0",
4
4
  "description": "Vendor-neutral integration contracts and runtime helpers for sandbox and agent apps.",
5
5
  "homepage": "https://github.com/tangle-network/agent-integrations#readme",
6
6
  "repository": {