@tangle-network/agent-integrations 0.2.0 → 0.2.1

package/dist/index.js

@@ -1,5 +1,5 @@
 // src/index.ts
-import { createHmac as createHmac5, randomUUID, timingSafeEqual as timingSafeEqual4 } from "crypto";
+import { createHmac as createHmac3, randomUUID, timingSafeEqual as timingSafeEqual2 } from "crypto";
 
 // src/connectors/types.ts
 var ResourceContention = class extends Error {
@@ -2525,43 +2525,6 @@ function signHeaders(creds, body, idempotencyKey) {
 }
 
 // src/connectors/adapters/stripe-webhook-receiver.ts
-import { createHmac as createHmac3, timingSafeEqual as timingSafeEqual2 } from "crypto";
-var SIGNATURE_TOLERANCE_SECONDS = 5 * 60;
-function parseStripeHeader(header) {
-  const t = { sigs: [] };
-  for (const part of header.split(",")) {
-    const idx = part.indexOf("=");
-    if (idx < 0) continue;
-    const key = part.slice(0, idx).trim();
-    const val = part.slice(idx + 1).trim();
-    if (key === "t") {
-      const n = Number(val);
-      if (Number.isFinite(n)) t.ts = n;
-    } else if (key === "v1") {
-      t.sigs.push(val);
-    }
-  }
-  if (t.ts === void 0 || t.sigs.length === 0) return null;
-  return { t: t.ts, sigs: t.sigs };
-}
-function verifyStripeSignature2(rawBody, header, secret, now) {
-  const parsed = parseStripeHeader(header);
-  if (!parsed) return false;
-  if (Math.abs(now - parsed.t) > SIGNATURE_TOLERANCE_SECONDS) return false;
-  const expected = createHmac3("sha256", secret).update(`${parsed.t}.${rawBody}`).digest("hex");
-  const expectedBuf = Buffer.from(expected, "utf8");
-  for (const sig of parsed.sigs) {
-    const sigBuf = Buffer.from(sig, "utf8");
-    if (sigBuf.length !== expectedBuf.length) continue;
-    if (timingSafeEqual2(sigBuf, expectedBuf)) return true;
-  }
-  return false;
-}
-function firstHeader2(h, name) {
-  const v = h[name] ?? h[name.toLowerCase()];
-  if (Array.isArray(v)) return v[0];
-  return typeof v === "string" ? v : void 0;
-}
 var stripeWebhookReceiverConnector = {
   manifest: {
     kind: "stripe",
@@ -2569,23 +2532,17 @@ var stripeWebhookReceiverConnector = {
     description: "Receive Stripe webhook events from your own Stripe account. Paste your endpoint signing secret (whsec_*) at connect time; we'll verify every push and feed events to your agent's runtime.",
     auth: { kind: "hmac" },
     category: "commerce",
-    // Inbound-only today; outbound read/mutation are scaffolded. Stripe
-    // events are advisory in this incarnation — the agent reacts to them
-    // but doesn't compete for writes against the same resource.
+    // Inbound-only. Stripe events are advisory in this incarnation — the
+    // agent reacts to them but doesn't compete for writes against the same
+    // resource.
     defaultConsistencyModel: "advisory",
     capabilities: []
   },
-  async executeRead(_inv) {
-    throw new Error("not_implemented: stripe outbound read is scaffolded \u2014 use stripe-customers connector when shipped");
-  },
-  async executeMutation(_inv) {
-    throw new Error("not_implemented: stripe outbound mutation is scaffolded \u2014 use stripe-customers connector when shipped");
-  },
   verifySignature({ rawBody, headers, source }) {
     if (source.credentials.kind !== "hmac") return { valid: false, reason: "missing_hmac_secret" };
-    const sig = firstHeader2(headers, "stripe-signature");
+    const sig = firstHeader(headers, "stripe-signature");
     if (!sig) return { valid: false, reason: "missing_stripe_signature_header" };
-    const ok = verifyStripeSignature2(rawBody, sig, source.credentials.secret, Math.floor(Date.now() / 1e3));
+    const ok = verifyStripeSignature(rawBody, sig, source.credentials.secret);
     return ok ? { valid: true } : { valid: false, reason: "invalid_signature" };
   },
   async handleInboundEvent({ rawBody }) {
@@ -2619,24 +2576,6 @@ var stripeWebhookReceiverConnector = {
 };
 
 // src/connectors/adapters/slack-events.ts
-import { createHmac as createHmac4, timingSafeEqual as timingSafeEqual3 } from "crypto";
-var SIGNATURE_TOLERANCE_SECONDS2 = 5 * 60;
-function firstHeader3(h, name) {
-  const v = h[name] ?? h[name.toLowerCase()];
-  if (Array.isArray(v)) return v[0];
-  return typeof v === "string" ? v : void 0;
-}
-function verifySlackSignature2(rawBody, signatureHeader, timestampHeader, secret, now) {
-  if (!signatureHeader.startsWith("v0=")) return false;
-  const ts = Number(timestampHeader);
-  if (!Number.isFinite(ts)) return false;
-  if (Math.abs(now - ts) > SIGNATURE_TOLERANCE_SECONDS2) return false;
-  const expected = "v0=" + createHmac4("sha256", secret).update(`v0:${ts}:${rawBody}`).digest("hex");
-  const expectedBuf = Buffer.from(expected, "utf8");
-  const sigBuf = Buffer.from(signatureHeader, "utf8");
-  if (sigBuf.length !== expectedBuf.length) return false;
-  return timingSafeEqual3(sigBuf, expectedBuf);
-}
 var slackEventsConnector = {
   manifest: {
     // NOTE: `slack` is owned by the OAuth bot connector in slack.ts (post_message,
@@ -2649,23 +2588,17 @@ var slackEventsConnector = {
     description: "Receive workspace events (messages, reactions, app mentions, \u2026) from Slack's Events API. Outbound bot messaging will land in a follow-up.",
     auth: { kind: "hmac" },
     category: "comms",
-    // Inbound-only today; outbound read/mutation scaffolded. Events are
-    // advisory in this incarnation — agents observe and react, no CAS.
+    // Inbound-only. Events are advisory in this incarnation — agents observe
+    // and react, no CAS.
     defaultConsistencyModel: "advisory",
     capabilities: []
   },
-  async executeRead(_inv) {
-    throw new Error("not_implemented: slack outbound read is scaffolded");
-  },
-  async executeMutation(_inv) {
-    throw new Error("not_implemented: slack outbound mutation is scaffolded");
-  },
   verifySignature({ rawBody, headers, source }) {
     if (source.credentials.kind !== "hmac") return { valid: false, reason: "missing_hmac_secret" };
-    const sig = firstHeader3(headers, "x-slack-signature");
-    const ts = firstHeader3(headers, "x-slack-request-timestamp");
+    const sig = firstHeader(headers, "x-slack-signature");
+    const ts = firstHeader(headers, "x-slack-request-timestamp");
     if (!sig || !ts) return { valid: false, reason: "missing_slack_headers" };
-    const ok = verifySlackSignature2(rawBody, sig, ts, source.credentials.secret, Math.floor(Date.now() / 1e3));
+    const ok = verifySlackSignature(rawBody, sig, ts, source.credentials.secret);
     return ok ? { valid: true } : { valid: false, reason: "invalid_signature" };
   },
   async handleInboundEvent({ rawBody }) {
@@ -2994,12 +2927,12 @@ function assertScopes(connection, requiredScopes) {
   if (missing.length > 0) throw new IntegrationError(`Missing integration scopes: ${missing.join(", ")}`, "scope_denied");
 }
 function hmac(payload, secret) {
-  return createHmac5("sha256", secret).update(payload).digest("base64url");
+  return createHmac3("sha256", secret).update(payload).digest("base64url");
 }
 function constantTimeEqual(a, b) {
   const left = Buffer.from(a);
   const right = Buffer.from(b);
-  return left.length === right.length && timingSafeEqual4(left, right);
+  return left.length === right.length && timingSafeEqual2(left, right);
 }
 function base64UrlEncode(value) {
   return Buffer.from(value, "utf8").toString("base64url");