npm - @tangle-network/agent-integrations - Versions diffs - 0.34.0 → 0.35.0 - Mend

@tangle-network/agent-integrations 0.34.0 → 0.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +3 -0
package/dist/delegated-tools/index.d.ts +195 -0
package/dist/delegated-tools/index.js +207 -0
package/dist/delegated-tools/index.js.map +1 -0
package/package.json +6 -1

package/README.md CHANGED Viewed

@@ -165,6 +165,9 @@ OAuth credentials.
 | `runIntegrationHealthchecks` | Checks connection status, registry executability, scope shape, and optional live provider tests. |
 | `receiveIntegrationWebhook` | Verifies inbound webhooks, dedupes provider events, and dispatches normalized trigger events. |
 | `buildIntegrationBridgeEnvironment` | Encodes scoped sandbox capabilities for sandbox processes or executor-style CLIs. |
+| `mintDelegatedToolToken` / `verifyDelegatedToolToken` | Signed-claims bearer (workspace + tool allow-list + TTL) for an external agent that calls back into the product's tools mid-session. |
+| `issueDelegatedToolLease` | Standardized lease (token + allow-list + expiry + callback URL) the product hands to its external agent. |
+| `handleDelegatedToolCall` / `handleDelegatedToolRequest` | Transport-agnostic JSON-RPC 2.0 callback handler with fail-closed gates (token fresh, tool allow-listed, integration connected) via product-supplied seams. |
 | `createTangleIntegrationsClient` | Tiny generated-app/sandbox client for platform `/v1/integrations/invoke`. |
 | `inferIntegrationManifestFromTools` / `validateIntegrationManifest` | Deterministic manifest helpers for Builder and platform APIs. |
 | `renderConsentSummary` / `renderApprovalCopy` | User-facing consent and approval copy from manifests/actions. |

package/dist/delegated-tools/index.d.ts ADDED Viewed

@@ -0,0 +1,195 @@
+/**
+ * Short-lived, workspace-scoped bearer for the delegated-tool bridge.
+ *
+ * An external stateful agent — a voice caller, a long-running autonomous worker
+ * — is handed one of these tokens and calls BACK into the product's tools
+ * mid-session. The token names exactly which workspace and which tool names the
+ * external agent may reach, and it EXPIRES, so a leaked lease stops working once
+ * the session window closes. The product's connector credentials never leave the
+ * product; the external agent only ever holds this opaque token and reaches the
+ * product's callback endpoint (see {@link handleDelegatedToolCall}).
+ *
+ * This is a SIGNED-CLAIMS envelope, distinct from an identity capability token
+ * (`HMAC(secret, "user:<id>")`, verified against a known id). Here the verifier
+ * RECOVERS the claims (workspaceId, allowedTools, expiresAt) from the token
+ * itself, so the bridge endpoint needs no prior knowledge of the lease.
+ *
+ * Crypto: WebCrypto HMAC-SHA256, base64url, constant-time compare. Runs on
+ * Cloudflare Workers, Node, and the browser with no Node `crypto` dependency —
+ * matching the sibling capability-token primitive. Fail-closed: with no secret,
+ * mint returns `undefined` and verify returns `null`, so the bridge is simply
+ * absent rather than silently unauthenticated.
+ */
+interface DelegatedToolClaims {
+    workspaceId: string;
+    allowedTools: string[];
+    /** Epoch milliseconds at which the token stops verifying. */
+    expiresAt: number;
+}
+interface MintDelegatedToolTokenInput {
+    workspaceId: string;
+    allowedTools: string[];
+    ttlSeconds: number;
+    /** Shared HMAC secret. When absent, mint returns `undefined` (fail-closed). */
+    secret?: string;
+    /** Token prefix (namespaces the credential; lets verify reject foreign tokens
+     *  cheaply). Default `dtt_`. */
+    prefix?: string;
+    /** Override the clock (epoch ms) — for tests. Defaults to `Date.now()`. */
+    now?: number;
+}
+interface VerifyDelegatedToolTokenOptions {
+    secret?: string;
+    prefix?: string;
+    now?: number;
+}
+/**
+ * Mint a delegated-tool token carrying signed claims, or `undefined` when no
+ * secret is configured (fail-closed — the caller refuses to issue a lease rather
+ * than hand out an unauthenticated one).
+ */
+declare function mintDelegatedToolToken(input: MintDelegatedToolTokenInput): Promise<string | undefined>;
+/**
+ * Verify a delegated-tool token and recover its claims. Returns `null` (never
+ * throws) for an unconfigured secret, a wrong prefix, a malformed or forged
+ * token, or an expired one.
+ */
+declare function verifyDelegatedToolToken(token: string, opts: VerifyDelegatedToolTokenOptions): Promise<DelegatedToolClaims | null>;
+/**
+ * Transport-agnostic JSON-RPC 2.0 callback handler for the delegated-tool
+ * bridge — the endpoint an EXTERNAL stateful agent calls back into mid-session,
+ * authorized by the bearer minted via {@link mintDelegatedToolToken}.
+ *
+ * The product supplies three seams; the handler bakes in no domain assumptions
+ * (no voice/phony/calendar specifics):
+ *
+ *   - `verifyToken(bearer)` → claims | null — recover & validate the lease
+ *     (fresh, signed). Usually {@link verifyDelegatedToolToken} bound to a secret.
+ *   - `resolveTool(workspaceId, name)` → invocable | null — the product's tool
+ *     registry. `null` means "this workspace cannot reach that tool right now".
+ *   - `isIntegrationConnected(workspaceId, tool)` → boolean — the live
+ *     connectivity gate; a stale token naming a since-disconnected integration
+ *     resolves but fails this check.
+ *
+ * FAIL-CLOSED, in order, for `tools/call`: (1) bearer verifies, (2) tool is in
+ * the lease allow-list, (3) tool resolves for the workspace, (4) the backing
+ * integration is connected. Any miss returns a JSON-RPC error and the invocable
+ * is never touched.
+ *
+ * `tools/list` is advisory: it returns the intersection of the allow-list with
+ * what currently resolves + is connected, omitting (never erroring) the rest.
+ */
+interface DelegatedToolDescriptor {
+    /** Wire name the external agent calls by. */
+    name: string;
+    description?: string;
+    /** JSON Schema for the tool arguments. Defaults to `{ type: 'object' }`. */
+    inputSchema?: unknown;
+}
+interface ResolvedDelegatedTool extends DelegatedToolDescriptor {
+    /**
+     * Invoke the tool with the JSON-RPC `arguments`. Returns the JSON-RPC `result`
+     * payload on success. Throw {@link DelegatedToolInvocationError} to surface a
+     * structured JSON-RPC error (code + data); any other throw becomes -32000.
+     */
+    invoke(args: Record<string, unknown>): Promise<unknown>;
+}
+/** Throw from `resolveTool().invoke` to control the JSON-RPC error envelope. */
+declare class DelegatedToolInvocationError extends Error {
+    readonly code: number;
+    readonly data?: unknown;
+    constructor(message: string, options?: {
+        code?: number;
+        data?: unknown;
+    });
+}
+interface DelegatedToolCallSeams {
+    /** Recover lease claims from a raw bearer string, or `null` to reject. */
+    verifyToken(bearer: string): Promise<DelegatedToolClaims | null> | DelegatedToolClaims | null;
+    /** The product's tool registry. `null` ⇒ not reachable for this workspace. */
+    resolveTool(workspaceId: string, name: string): Promise<ResolvedDelegatedTool | null> | ResolvedDelegatedTool | null;
+    /** Live connectivity gate for the integration backing `tool`. */
+    isIntegrationConnected(workspaceId: string, tool: ResolvedDelegatedTool): Promise<boolean> | boolean;
+    /**
+     * Optional advertised name/version for the JSON-RPC `initialize` handshake.
+     * Defaults to `{ name: 'delegated-tools', version: '1' }`.
+     */
+    serverInfo?: {
+        name: string;
+        version: string;
+    };
+}
+interface JsonRpcRequest {
+    jsonrpc?: unknown;
+    id?: unknown;
+    method?: unknown;
+    params?: unknown;
+}
+interface JsonRpcResponse {
+    jsonrpc: '2.0';
+    id: string | number | null;
+    result?: unknown;
+    error?: {
+        code: number;
+        message: string;
+        data?: unknown;
+    };
+}
+/**
+ * Handle one JSON-RPC call. Accepts a parsed body + the raw `authorization`
+ * header value. Returns the JSON-RPC response object (the transport wrapper —
+ * {@link handleDelegatedToolRequest} — turns it into an HTTP `Response`).
+ */
+declare function handleDelegatedToolCall(body: JsonRpcRequest, authorization: string | null | undefined, seams: DelegatedToolCallSeams): Promise<JsonRpcResponse>;
+/**
+ * HTTP transport wrapper around {@link handleDelegatedToolCall}: parses the
+ * request, enforces POST, maps the JSON-RPC response to a `Response`. Unauthorized
+ * is the only non-200 status (401) so an unauthenticated probe can't distinguish
+ * methods; every authenticated JSON-RPC error rides a 200 per the JSON-RPC contract.
+ */
+declare function handleDelegatedToolRequest(request: Request, seams: DelegatedToolCallSeams): Promise<Response>;
+/**
+ * Standardized lease payload the product hands to its external agent.
+ *
+ * The product resolves which tools a workspace may delegate right now, mints a
+ * scoped token over exactly those names ({@link mintDelegatedToolToken}), and
+ * packages the result as a lease. The external agent (or the broker that builds
+ * its session) reads `callbackUrl` + `token` to reach the product's
+ * {@link handleDelegatedToolRequest} endpoint mid-session.
+ *
+ * Standardizing the shape here means every caller's lease looks the same on the
+ * wire regardless of the external runtime (voice broker, autonomous worker).
+ */
+interface IssueDelegatedToolLeaseInput {
+    workspaceId: string;
+    allowedTools: string[];
+    ttlSeconds: number;
+    /** Shared HMAC secret for the token. Absent ⇒ lease cannot be issued. */
+    secret?: string;
+    /** Token prefix; forwarded to {@link mintDelegatedToolToken}. */
+    prefix?: string;
+    /** Endpoint the external agent calls back into. Echoed onto the lease. */
+    callbackUrl?: string;
+    /** Override the clock (epoch ms) — for tests. */
+    now?: number;
+}
+interface DelegatedToolLease {
+    token: string;
+    allowedTools: string[];
+    /** Epoch milliseconds at which the lease (and its token) expires. */
+    expiresAt: number;
+    callbackUrl?: string;
+}
+/**
+ * Issue a delegated-tool lease, or `null` when no secret is configured
+ * (fail-closed — the product refuses to hand out an unauthenticated lease).
+ * Pass an already-filtered `allowedTools`: this helper signs whatever it is
+ * given, so the product MUST intersect against what the workspace can delegate
+ * before calling.
+ */
+declare function issueDelegatedToolLease(input: IssueDelegatedToolLeaseInput): Promise<DelegatedToolLease | null>;
+export { type DelegatedToolCallSeams, type DelegatedToolClaims, type DelegatedToolDescriptor, DelegatedToolInvocationError, type DelegatedToolLease, type IssueDelegatedToolLeaseInput, type JsonRpcRequest, type JsonRpcResponse, type MintDelegatedToolTokenInput, type ResolvedDelegatedTool, type VerifyDelegatedToolTokenOptions, handleDelegatedToolCall, handleDelegatedToolRequest, issueDelegatedToolLease, mintDelegatedToolToken, verifyDelegatedToolToken };

package/dist/delegated-tools/index.js ADDED Viewed

@@ -0,0 +1,207 @@
+import "../chunk-PZ5AY32C.js";
+// src/delegated-tools/token.ts
+var DEFAULT_PREFIX = "dtt_";
+function base64urlEncode(input) {
+  const bytes = typeof input === "string" ? new TextEncoder().encode(input) : input;
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function base64urlDecodeToString(input) {
+  try {
+    const padded = input.replace(/-/g, "+").replace(/_/g, "/");
+    const binary = atob(padded);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+    return new TextDecoder().decode(bytes);
+  } catch {
+    return null;
+  }
+}
+async function sign(payload, secret) {
+  const enc = new TextEncoder();
+  const key = await crypto.subtle.importKey("raw", enc.encode(secret), { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+  const sig = await crypto.subtle.sign("HMAC", key, enc.encode(payload));
+  return base64urlEncode(new Uint8Array(sig));
+}
+function timingSafeEqual(a, b) {
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  return diff === 0;
+}
+async function mintDelegatedToolToken(input) {
+  const secret = input.secret?.trim();
+  if (!secret) return void 0;
+  const prefix = input.prefix ?? DEFAULT_PREFIX;
+  const now = input.now ?? Date.now();
+  const claims = {
+    workspaceId: input.workspaceId,
+    allowedTools: input.allowedTools,
+    expiresAt: now + input.ttlSeconds * 1e3
+  };
+  const payload = base64urlEncode(JSON.stringify(claims));
+  const signature = await sign(payload, secret);
+  return `${prefix}${payload}.${signature}`;
+}
+async function verifyDelegatedToolToken(token, opts) {
+  const secret = opts.secret?.trim();
+  const prefix = opts.prefix ?? DEFAULT_PREFIX;
+  if (!secret || !token.startsWith(prefix)) return null;
+  const body = token.slice(prefix.length);
+  const dot = body.indexOf(".");
+  if (dot <= 0) return null;
+  const payload = body.slice(0, dot);
+  const signature = body.slice(dot + 1);
+  if (!payload || !signature) return null;
+  const expected = await sign(payload, secret);
+  if (!timingSafeEqual(signature, expected)) return null;
+  const json = base64urlDecodeToString(payload);
+  if (json === null) return null;
+  let claims;
+  try {
+    claims = JSON.parse(json);
+  } catch {
+    return null;
+  }
+  if (!claims || typeof claims !== "object") return null;
+  const record = claims;
+  if (typeof record.workspaceId !== "string" || !record.workspaceId) return null;
+  if (typeof record.expiresAt !== "number" || !Number.isFinite(record.expiresAt)) return null;
+  if (!Array.isArray(record.allowedTools) || !record.allowedTools.every((tool) => typeof tool === "string")) return null;
+  const now = opts.now ?? Date.now();
+  if (record.expiresAt <= now) return null;
+  return {
+    workspaceId: record.workspaceId,
+    allowedTools: record.allowedTools,
+    expiresAt: record.expiresAt
+  };
+}
+// src/delegated-tools/handler.ts
+var DelegatedToolInvocationError = class extends Error {
+  code;
+  data;
+  constructor(message, options = {}) {
+    super(message);
+    this.name = "DelegatedToolInvocationError";
+    this.code = options.code ?? -32e3;
+    this.data = options.data;
+  }
+};
+var PROTOCOL_VERSION = "2024-11-05";
+function normalizeId(id) {
+  return typeof id === "string" || typeof id === "number" ? id : null;
+}
+function rpcResult(id, result) {
+  return { jsonrpc: "2.0", id: normalizeId(id), result };
+}
+function rpcError(id, code, message, data) {
+  return {
+    jsonrpc: "2.0",
+    id: normalizeId(id),
+    error: data === void 0 ? { code, message } : { code, message, data }
+  };
+}
+function extractBearer(authorization) {
+  return authorization?.match(/^Bearer\s+(.+)$/i)?.[1];
+}
+async function handleDelegatedToolCall(body, authorization, seams) {
+  const id = body.id ?? null;
+  const method = typeof body.method === "string" ? body.method : "";
+  const bearer = extractBearer(authorization);
+  const claims = bearer ? await seams.verifyToken(bearer) : null;
+  if (!claims) return rpcError(id, -32001, "Unauthorized");
+  if (method === "initialize") {
+    const info = seams.serverInfo ?? { name: "delegated-tools", version: "1" };
+    return rpcResult(id, {
+      protocolVersion: PROTOCOL_VERSION,
+      capabilities: { tools: {} },
+      serverInfo: info
+    });
+  }
+  if (method === "tools/list") {
+    const tools = [];
+    for (const name of claims.allowedTools) {
+      const tool = await seams.resolveTool(claims.workspaceId, name);
+      if (!tool) continue;
+      if (!await seams.isIntegrationConnected(claims.workspaceId, tool)) continue;
+      tools.push({
+        name: tool.name,
+        description: tool.description,
+        inputSchema: tool.inputSchema ?? { type: "object" }
+      });
+    }
+    return rpcResult(id, { tools });
+  }
+  if (method === "tools/call") {
+    const params = body.params ?? {};
+    const name = typeof params.name === "string" ? params.name : "";
+    const args = params.arguments && typeof params.arguments === "object" && !Array.isArray(params.arguments) ? params.arguments : {};
+    if (!name) return rpcError(id, -32602, "Missing tool name");
+    if (!claims.allowedTools.includes(name)) {
+      return rpcError(id, -32602, `Tool not delegated to this session: ${name}`);
+    }
+    const tool = await seams.resolveTool(claims.workspaceId, name);
+    if (!tool) return rpcError(id, -32602, `Tool not available for workspace: ${name}`);
+    if (!await seams.isIntegrationConnected(claims.workspaceId, tool)) {
+      return rpcError(id, -32602, `Integration not connected for tool: ${name}`);
+    }
+    try {
+      const result = await tool.invoke(args);
+      return rpcResult(id, result);
+    } catch (err) {
+      if (err instanceof DelegatedToolInvocationError) {
+        return rpcError(id, err.code, err.message, err.data);
+      }
+      return rpcError(id, -32e3, err instanceof Error ? err.message : "Tool invocation failed");
+    }
+  }
+  return rpcError(id, -32601, `Method not found: ${method || "(none)"}`);
+}
+async function handleDelegatedToolRequest(request, seams) {
+  if (request.method !== "POST") {
+    return Response.json({ error: "Method not allowed" }, { status: 405 });
+  }
+  let body;
+  try {
+    body = await request.json();
+  } catch {
+    return Response.json(rpcError(null, -32700, "Parse error"));
+  }
+  const response = await handleDelegatedToolCall(body, request.headers.get("authorization"), seams);
+  if (response.error?.code === -32001) {
+    return Response.json(response, { status: 401 });
+  }
+  return Response.json(response);
+}
+// src/delegated-tools/lease.ts
+async function issueDelegatedToolLease(input) {
+  const now = input.now ?? Date.now();
+  const token = await mintDelegatedToolToken({
+    workspaceId: input.workspaceId,
+    allowedTools: input.allowedTools,
+    ttlSeconds: input.ttlSeconds,
+    secret: input.secret,
+    prefix: input.prefix,
+    now
+  });
+  if (!token) return null;
+  return {
+    token,
+    allowedTools: input.allowedTools,
+    expiresAt: now + input.ttlSeconds * 1e3,
+    callbackUrl: input.callbackUrl
+  };
+}
+export {
+  DelegatedToolInvocationError,
+  handleDelegatedToolCall,
+  handleDelegatedToolRequest,
+  issueDelegatedToolLease,
+  mintDelegatedToolToken,
+  verifyDelegatedToolToken
+};
+//# sourceMappingURL=index.js.map

package/dist/delegated-tools/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/delegated-tools/token.ts","../../src/delegated-tools/handler.ts","../../src/delegated-tools/lease.ts"],"sourcesContent":["/**\n * Short-lived, workspace-scoped bearer for the delegated-tool bridge.\n *\n * An external stateful agent — a voice caller, a long-running autonomous worker\n * — is handed one of these tokens and calls BACK into the product's tools\n * mid-session. The token names exactly which workspace and which tool names the\n * external agent may reach, and it EXPIRES, so a leaked lease stops working once\n * the session window closes. The product's connector credentials never leave the\n * product; the external agent only ever holds this opaque token and reaches the\n * product's callback endpoint (see {@link handleDelegatedToolCall}).\n *\n * This is a SIGNED-CLAIMS envelope, distinct from an identity capability token\n * (`HMAC(secret, \"user:<id>\")`, verified against a known id). Here the verifier\n * RECOVERS the claims (workspaceId, allowedTools, expiresAt) from the token\n * itself, so the bridge endpoint needs no prior knowledge of the lease.\n *\n * Crypto: WebCrypto HMAC-SHA256, base64url, constant-time compare. Runs on\n * Cloudflare Workers, Node, and the browser with no Node `crypto` dependency —\n * matching the sibling capability-token primitive. Fail-closed: with no secret,\n * mint returns `undefined` and verify returns `null`, so the bridge is simply\n * absent rather than silently unauthenticated.\n */\n\nconst DEFAULT_PREFIX = 'dtt_'\n\nexport interface DelegatedToolClaims {\n workspaceId: string\n allowedTools: string[]\n /** Epoch milliseconds at which the token stops verifying. */\n expiresAt: number\n}\n\nexport interface MintDelegatedToolTokenInput {\n workspaceId: string\n allowedTools: string[]\n ttlSeconds: number\n /** Shared HMAC secret. When absent, mint returns `undefined` (fail-closed). */\n secret?: string\n /** Token prefix (namespaces the credential; lets verify reject foreign tokens\n * cheaply). Default `dtt_`. */\n prefix?: string\n /** Override the clock (epoch ms) — for tests. Defaults to `Date.now()`. */\n now?: number\n}\n\nexport interface VerifyDelegatedToolTokenOptions {\n secret?: string\n prefix?: string\n now?: number\n}\n\nfunction base64urlEncode(input: string | Uint8Array): string {\n const bytes = typeof input === 'string' ? new TextEncoder().encode(input) : input\n let binary = ''\n for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]!)\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\n}\n\nfunction base64urlDecodeToString(input: string): string | null {\n try {\n const padded = input.replace(/-/g, '+').replace(/_/g, '/')\n const binary = atob(padded)\n const bytes = new Uint8Array(binary.length)\n for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i)\n return new TextDecoder().decode(bytes)\n } catch {\n return null\n }\n}\n\nasync function sign(payload: string, secret: string): Promise<string> {\n const enc = new TextEncoder()\n const key = await crypto.subtle.importKey('raw', enc.encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['sign'])\n const sig = await crypto.subtle.sign('HMAC', key, enc.encode(payload))\n return base64urlEncode(new Uint8Array(sig))\n}\n\n/** Length-independent-leak-free compare for two same-charset strings. */\nfunction timingSafeEqual(a: string, b: string): boolean {\n if (a.length !== b.length) return false\n let diff = 0\n for (let i = 0; i < a.length; i++) diff |= a.charCodeAt(i) ^ b.charCodeAt(i)\n return diff === 0\n}\n\n/**\n * Mint a delegated-tool token carrying signed claims, or `undefined` when no\n * secret is configured (fail-closed — the caller refuses to issue a lease rather\n * than hand out an unauthenticated one).\n */\nexport async function mintDelegatedToolToken(input: MintDelegatedToolTokenInput): Promise<string | undefined> {\n const secret = input.secret?.trim()\n if (!secret) return undefined\n const prefix = input.prefix ?? DEFAULT_PREFIX\n const now = input.now ?? Date.now()\n const claims: DelegatedToolClaims = {\n workspaceId: input.workspaceId,\n allowedTools: input.allowedTools,\n expiresAt: now + input.ttlSeconds * 1000,\n }\n const payload = base64urlEncode(JSON.stringify(claims))\n const signature = await sign(payload, secret)\n return `${prefix}${payload}.${signature}`\n}\n\n/**\n * Verify a delegated-tool token and recover its claims. Returns `null` (never\n * throws) for an unconfigured secret, a wrong prefix, a malformed or forged\n * token, or an expired one.\n */\nexport async function verifyDelegatedToolToken(\n token: string,\n opts: VerifyDelegatedToolTokenOptions,\n): Promise<DelegatedToolClaims | null> {\n const secret = opts.secret?.trim()\n const prefix = opts.prefix ?? DEFAULT_PREFIX\n if (!secret || !token.startsWith(prefix)) return null\n const body = token.slice(prefix.length)\n const dot = body.indexOf('.')\n if (dot <= 0) return null\n const payload = body.slice(0, dot)\n const signature = body.slice(dot + 1)\n if (!payload || !signature) return null\n\n const expected = await sign(payload, secret)\n if (!timingSafeEqual(signature, expected)) return null\n\n const json = base64urlDecodeToString(payload)\n if (json === null) return null\n\n let claims: unknown\n try {\n claims = JSON.parse(json)\n } catch {\n return null\n }\n if (!claims || typeof claims !== 'object') return null\n const record = claims as Record<string, unknown>\n if (typeof record.workspaceId !== 'string' || !record.workspaceId) return null\n if (typeof record.expiresAt !== 'number' || !Number.isFinite(record.expiresAt)) return null\n if (!Array.isArray(record.allowedTools) || !record.allowedTools.every((tool) => typeof tool === 'string')) return null\n\n const now = opts.now ?? Date.now()\n if (record.expiresAt <= now) return null\n\n return {\n workspaceId: record.workspaceId,\n allowedTools: record.allowedTools as string[],\n expiresAt: record.expiresAt,\n }\n}\n","/**\n * Transport-agnostic JSON-RPC 2.0 callback handler for the delegated-tool\n * bridge — the endpoint an EXTERNAL stateful agent calls back into mid-session,\n * authorized by the bearer minted via {@link mintDelegatedToolToken}.\n *\n * The product supplies three seams; the handler bakes in no domain assumptions\n * (no voice/phony/calendar specifics):\n *\n * - `verifyToken(bearer)` → claims | null — recover & validate the lease\n * (fresh, signed). Usually {@link verifyDelegatedToolToken} bound to a secret.\n * - `resolveTool(workspaceId, name)` → invocable | null — the product's tool\n * registry. `null` means \"this workspace cannot reach that tool right now\".\n * - `isIntegrationConnected(workspaceId, tool)` → boolean — the live\n * connectivity gate; a stale token naming a since-disconnected integration\n * resolves but fails this check.\n *\n * FAIL-CLOSED, in order, for `tools/call`: (1) bearer verifies, (2) tool is in\n * the lease allow-list, (3) tool resolves for the workspace, (4) the backing\n * integration is connected. Any miss returns a JSON-RPC error and the invocable\n * is never touched.\n *\n * `tools/list` is advisory: it returns the intersection of the allow-list with\n * what currently resolves + is connected, omitting (never erroring) the rest.\n */\n\nimport type { DelegatedToolClaims } from './token.js'\n\nexport interface DelegatedToolDescriptor {\n /** Wire name the external agent calls by. */\n name: string\n description?: string\n /** JSON Schema for the tool arguments. Defaults to `{ type: 'object' }`. */\n inputSchema?: unknown\n}\n\nexport interface ResolvedDelegatedTool extends DelegatedToolDescriptor {\n /**\n * Invoke the tool with the JSON-RPC `arguments`. Returns the JSON-RPC `result`\n * payload on success. Throw {@link DelegatedToolInvocationError} to surface a\n * structured JSON-RPC error (code + data); any other throw becomes -32000.\n */\n invoke(args: Record<string, unknown>): Promise<unknown>\n}\n\n/** Throw from `resolveTool().invoke` to control the JSON-RPC error envelope. */\nexport class DelegatedToolInvocationError extends Error {\n readonly code: number\n readonly data?: unknown\n constructor(message: string, options: { code?: number; data?: unknown } = {}) {\n super(message)\n this.name = 'DelegatedToolInvocationError'\n this.code = options.code ?? -32000\n this.data = options.data\n }\n}\n\nexport interface DelegatedToolCallSeams {\n /** Recover lease claims from a raw bearer string, or `null` to reject. */\n verifyToken(bearer: string): Promise<DelegatedToolClaims | null> | DelegatedToolClaims | null\n /** The product's tool registry. `null` ⇒ not reachable for this workspace. */\n resolveTool(\n workspaceId: string,\n name: string,\n ): Promise<ResolvedDelegatedTool | null> | ResolvedDelegatedTool | null\n /** Live connectivity gate for the integration backing `tool`. */\n isIntegrationConnected(\n workspaceId: string,\n tool: ResolvedDelegatedTool,\n ): Promise<boolean> | boolean\n /**\n * Optional advertised name/version for the JSON-RPC `initialize` handshake.\n * Defaults to `{ name: 'delegated-tools', version: '1' }`.\n */\n serverInfo?: { name: string; version: string }\n}\n\nexport interface JsonRpcRequest {\n jsonrpc?: unknown\n id?: unknown\n method?: unknown\n params?: unknown\n}\n\nexport interface JsonRpcResponse {\n jsonrpc: '2.0'\n id: string | number | null\n result?: unknown\n error?: { code: number; message: string; data?: unknown }\n}\n\nconst PROTOCOL_VERSION = '2024-11-05'\n\nfunction normalizeId(id: unknown): string | number | null {\n return typeof id === 'string' || typeof id === 'number' ? id : null\n}\n\nfunction rpcResult(id: unknown, result: unknown): JsonRpcResponse {\n return { jsonrpc: '2.0', id: normalizeId(id), result }\n}\n\nfunction rpcError(id: unknown, code: number, message: string, data?: unknown): JsonRpcResponse {\n return {\n jsonrpc: '2.0',\n id: normalizeId(id),\n error: data === undefined ? { code, message } : { code, message, data },\n }\n}\n\nfunction extractBearer(authorization: string | null | undefined): string | undefined {\n return authorization?.match(/^Bearer\\s+(.+)$/i)?.[1]\n}\n\n/**\n * Handle one JSON-RPC call. Accepts a parsed body + the raw `authorization`\n * header value. Returns the JSON-RPC response object (the transport wrapper —\n * {@link handleDelegatedToolRequest} — turns it into an HTTP `Response`).\n */\nexport async function handleDelegatedToolCall(\n body: JsonRpcRequest,\n authorization: string | null | undefined,\n seams: DelegatedToolCallSeams,\n): Promise<JsonRpcResponse> {\n const id = body.id ?? null\n const method = typeof body.method === 'string' ? body.method : ''\n\n const bearer = extractBearer(authorization)\n const claims = bearer ? await seams.verifyToken(bearer) : null\n if (!claims) return rpcError(id, -32001, 'Unauthorized')\n\n if (method === 'initialize') {\n const info = seams.serverInfo ?? { name: 'delegated-tools', version: '1' }\n return rpcResult(id, {\n protocolVersion: PROTOCOL_VERSION,\n capabilities: { tools: {} },\n serverInfo: info,\n })\n }\n\n if (method === 'tools/list') {\n const tools: DelegatedToolDescriptor[] = []\n for (const name of claims.allowedTools) {\n const tool = await seams.resolveTool(claims.workspaceId, name)\n if (!tool) continue\n if (!(await seams.isIntegrationConnected(claims.workspaceId, tool))) continue\n tools.push({\n name: tool.name,\n description: tool.description,\n inputSchema: tool.inputSchema ?? { type: 'object' },\n })\n }\n return rpcResult(id, { tools })\n }\n\n if (method === 'tools/call') {\n const params = (body.params ?? {}) as { name?: unknown; arguments?: unknown }\n const name = typeof params.name === 'string' ? params.name : ''\n const args =\n params.arguments && typeof params.arguments === 'object' && !Array.isArray(params.arguments)\n ? (params.arguments as Record<string, unknown>)\n : {}\n\n if (!name) return rpcError(id, -32602, 'Missing tool name')\n if (!claims.allowedTools.includes(name)) {\n return rpcError(id, -32602, `Tool not delegated to this session: ${name}`)\n }\n const tool = await seams.resolveTool(claims.workspaceId, name)\n if (!tool) return rpcError(id, -32602, `Tool not available for workspace: ${name}`)\n if (!(await seams.isIntegrationConnected(claims.workspaceId, tool))) {\n return rpcError(id, -32602, `Integration not connected for tool: ${name}`)\n }\n\n try {\n const result = await tool.invoke(args)\n return rpcResult(id, result)\n } catch (err) {\n if (err instanceof DelegatedToolInvocationError) {\n return rpcError(id, err.code, err.message, err.data)\n }\n return rpcError(id, -32000, err instanceof Error ? err.message : 'Tool invocation failed')\n }\n }\n\n return rpcError(id, -32601, `Method not found: ${method || '(none)'}`)\n}\n\n/**\n * HTTP transport wrapper around {@link handleDelegatedToolCall}: parses the\n * request, enforces POST, maps the JSON-RPC response to a `Response`. Unauthorized\n * is the only non-200 status (401) so an unauthenticated probe can't distinguish\n * methods; every authenticated JSON-RPC error rides a 200 per the JSON-RPC contract.\n */\nexport async function handleDelegatedToolRequest(\n request: Request,\n seams: DelegatedToolCallSeams,\n): Promise<Response> {\n if (request.method !== 'POST') {\n return Response.json({ error: 'Method not allowed' }, { status: 405 })\n }\n\n let body: JsonRpcRequest\n try {\n body = (await request.json()) as JsonRpcRequest\n } catch {\n return Response.json(rpcError(null, -32700, 'Parse error'))\n }\n\n const response = await handleDelegatedToolCall(body, request.headers.get('authorization'), seams)\n if (response.error?.code === -32001) {\n return Response.json(response, { status: 401 })\n }\n return Response.json(response)\n}\n","/**\n * Standardized lease payload the product hands to its external agent.\n *\n * The product resolves which tools a workspace may delegate right now, mints a\n * scoped token over exactly those names ({@link mintDelegatedToolToken}), and\n * packages the result as a lease. The external agent (or the broker that builds\n * its session) reads `callbackUrl` + `token` to reach the product's\n * {@link handleDelegatedToolRequest} endpoint mid-session.\n *\n * Standardizing the shape here means every caller's lease looks the same on the\n * wire regardless of the external runtime (voice broker, autonomous worker).\n */\n\nimport { mintDelegatedToolToken } from './token.js'\n\nexport interface IssueDelegatedToolLeaseInput {\n workspaceId: string\n allowedTools: string[]\n ttlSeconds: number\n /** Shared HMAC secret for the token. Absent ⇒ lease cannot be issued. */\n secret?: string\n /** Token prefix; forwarded to {@link mintDelegatedToolToken}. */\n prefix?: string\n /** Endpoint the external agent calls back into. Echoed onto the lease. */\n callbackUrl?: string\n /** Override the clock (epoch ms) — for tests. */\n now?: number\n}\n\nexport interface DelegatedToolLease {\n token: string\n allowedTools: string[]\n /** Epoch milliseconds at which the lease (and its token) expires. */\n expiresAt: number\n callbackUrl?: string\n}\n\n/**\n * Issue a delegated-tool lease, or `null` when no secret is configured\n * (fail-closed — the product refuses to hand out an unauthenticated lease).\n * Pass an already-filtered `allowedTools`: this helper signs whatever it is\n * given, so the product MUST intersect against what the workspace can delegate\n * before calling.\n */\nexport async function issueDelegatedToolLease(\n input: IssueDelegatedToolLeaseInput,\n): Promise<DelegatedToolLease | null> {\n const now = input.now ?? Date.now()\n const token = await mintDelegatedToolToken({\n workspaceId: input.workspaceId,\n allowedTools: input.allowedTools,\n ttlSeconds: input.ttlSeconds,\n secret: input.secret,\n prefix: input.prefix,\n now,\n })\n if (!token) return null\n return {\n token,\n allowedTools: input.allowedTools,\n expiresAt: now + input.ttlSeconds * 1000,\n callbackUrl: input.callbackUrl,\n }\n}\n"],"mappings":";;;AAuBA,IAAM,iBAAiB;AA4BvB,SAAS,gBAAgB,OAAoC;AAC3D,QAAM,QAAQ,OAAO,UAAU,WAAW,IAAI,YAAY,EAAE,OAAO,KAAK,IAAI;AAC5E,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,IAAK,WAAU,OAAO,aAAa,MAAM,CAAC,CAAE;AAC9E,SAAO,KAAK,MAAM,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAC/E;AAEA,SAAS,wBAAwB,OAA8B;AAC7D,MAAI;AACF,UAAM,SAAS,MAAM,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACzD,UAAM,SAAS,KAAK,MAAM;AAC1B,UAAM,QAAQ,IAAI,WAAW,OAAO,MAAM;AAC1C,aAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,IAAK,OAAM,CAAC,IAAI,OAAO,WAAW,CAAC;AACtE,WAAO,IAAI,YAAY,EAAE,OAAO,KAAK;AAAA,EACvC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAe,KAAK,SAAiB,QAAiC;AACpE,QAAM,MAAM,IAAI,YAAY;AAC5B,QAAM,MAAM,MAAM,OAAO,OAAO,UAAU,OAAO,IAAI,OAAO,MAAM,GAAG,EAAE,MAAM,QAAQ,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;AACvH,QAAM,MAAM,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK,IAAI,OAAO,OAAO,CAAC;AACrE,SAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC;AAC5C;AAGA,SAAS,gBAAgB,GAAW,GAAoB;AACtD,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,MAAI,OAAO;AACX,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,SAAQ,EAAE,WAAW,CAAC,IAAI,EAAE,WAAW,CAAC;AAC3E,SAAO,SAAS;AAClB;AAOA,eAAsB,uBAAuB,OAAiE;AAC5G,QAAM,SAAS,MAAM,QAAQ,KAAK;AAClC,MAAI,CAAC,OAAQ,QAAO;AACpB,QAAM,SAAS,MAAM,UAAU;AAC/B,QAAM,MAAM,MAAM,OAAO,KAAK,IAAI;AAClC,QAAM,SAA8B;AAAA,IAClC,aAAa,MAAM;AAAA,IACnB,cAAc,MAAM;AAAA,IACpB,WAAW,MAAM,MAAM,aAAa;AAAA,EACtC;AACA,QAAM,UAAU,gBAAgB,KAAK,UAAU,MAAM,CAAC;AACtD,QAAM,YAAY,MAAM,KAAK,SAAS,MAAM;AAC5C,SAAO,GAAG,MAAM,GAAG,OAAO,IAAI,SAAS;AACzC;AAOA,eAAsB,yBACpB,OACA,MACqC;AACrC,QAAM,SAAS,KAAK,QAAQ,KAAK;AACjC,QAAM,SAAS,KAAK,UAAU;AAC9B,MAAI,CAAC,UAAU,CAAC,MAAM,WAAW,MAAM,EAAG,QAAO;AACjD,QAAM,OAAO,MAAM,MAAM,OAAO,MAAM;AACtC,QAAM,MAAM,KAAK,QAAQ,GAAG;AAC5B,MAAI,OAAO,EAAG,QAAO;AACrB,QAAM,UAAU,KAAK,MAAM,GAAG,GAAG;AACjC,QAAM,YAAY,KAAK,MAAM,MAAM,CAAC;AACpC,MAAI,CAAC,WAAW,CAAC,UAAW,QAAO;AAEnC,QAAM,WAAW,MAAM,KAAK,SAAS,MAAM;AAC3C,MAAI,CAAC,gBAAgB,WAAW,QAAQ,EAAG,QAAO;AAElD,QAAM,OAAO,wBAAwB,OAAO;AAC5C,MAAI,SAAS,KAAM,QAAO;AAE1B,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,IAAI;AAAA,EAC1B,QAAQ;AACN,WAAO;AAAA,EACT;AACA,MAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO;AAClD,QAAM,SAAS;AACf,MAAI,OAAO,OAAO,gBAAgB,YAAY,CAAC,OAAO,YAAa,QAAO;AAC1E,MAAI,OAAO,OAAO,cAAc,YAAY,CAAC,OAAO,SAAS,OAAO,SAAS,EAAG,QAAO;AACvF,MAAI,CAAC,MAAM,QAAQ,OAAO,YAAY,KAAK,CAAC,OAAO,aAAa,MAAM,CAAC,SAAS,OAAO,SAAS,QAAQ,EAAG,QAAO;AAElH,QAAM,MAAM,KAAK,OAAO,KAAK,IAAI;AACjC,MAAI,OAAO,aAAa,IAAK,QAAO;AAEpC,SAAO;AAAA,IACL,aAAa,OAAO;AAAA,IACpB,cAAc,OAAO;AAAA,IACrB,WAAW,OAAO;AAAA,EACpB;AACF;;;ACzGO,IAAM,+BAAN,cAA2C,MAAM;AAAA,EAC7C;AAAA,EACA;AAAA,EACT,YAAY,SAAiB,UAA6C,CAAC,GAAG;AAC5E,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,OAAO,QAAQ,QAAQ;AAC5B,SAAK,OAAO,QAAQ;AAAA,EACtB;AACF;AAoCA,IAAM,mBAAmB;AAEzB,SAAS,YAAY,IAAqC;AACxD,SAAO,OAAO,OAAO,YAAY,OAAO,OAAO,WAAW,KAAK;AACjE;AAEA,SAAS,UAAU,IAAa,QAAkC;AAChE,SAAO,EAAE,SAAS,OAAO,IAAI,YAAY,EAAE,GAAG,OAAO;AACvD;AAEA,SAAS,SAAS,IAAa,MAAc,SAAiB,MAAiC;AAC7F,SAAO;AAAA,IACL,SAAS;AAAA,IACT,IAAI,YAAY,EAAE;AAAA,IAClB,OAAO,SAAS,SAAY,EAAE,MAAM,QAAQ,IAAI,EAAE,MAAM,SAAS,KAAK;AAAA,EACxE;AACF;AAEA,SAAS,cAAc,eAA8D;AACnF,SAAO,eAAe,MAAM,kBAAkB,IAAI,CAAC;AACrD;AAOA,eAAsB,wBACpB,MACA,eACA,OAC0B;AAC1B,QAAM,KAAK,KAAK,MAAM;AACtB,QAAM,SAAS,OAAO,KAAK,WAAW,WAAW,KAAK,SAAS;AAE/D,QAAM,SAAS,cAAc,aAAa;AAC1C,QAAM,SAAS,SAAS,MAAM,MAAM,YAAY,MAAM,IAAI;AAC1D,MAAI,CAAC,OAAQ,QAAO,SAAS,IAAI,QAAQ,cAAc;AAEvD,MAAI,WAAW,cAAc;AAC3B,UAAM,OAAO,MAAM,cAAc,EAAE,MAAM,mBAAmB,SAAS,IAAI;AACzE,WAAO,UAAU,IAAI;AAAA,MACnB,iBAAiB;AAAA,MACjB,cAAc,EAAE,OAAO,CAAC,EAAE;AAAA,MAC1B,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAEA,MAAI,WAAW,cAAc;AAC3B,UAAM,QAAmC,CAAC;AAC1C,eAAW,QAAQ,OAAO,cAAc;AACtC,YAAM,OAAO,MAAM,MAAM,YAAY,OAAO,aAAa,IAAI;AAC7D,UAAI,CAAC,KAAM;AACX,UAAI,CAAE,MAAM,MAAM,uBAAuB,OAAO,aAAa,IAAI,EAAI;AACrE,YAAM,KAAK;AAAA,QACT,MAAM,KAAK;AAAA,QACX,aAAa,KAAK;AAAA,QAClB,aAAa,KAAK,eAAe,EAAE,MAAM,SAAS;AAAA,MACpD,CAAC;AAAA,IACH;AACA,WAAO,UAAU,IAAI,EAAE,MAAM,CAAC;AAAA,EAChC;AAEA,MAAI,WAAW,cAAc;AAC3B,UAAM,SAAU,KAAK,UAAU,CAAC;AAChC,UAAM,OAAO,OAAO,OAAO,SAAS,WAAW,OAAO,OAAO;AAC7D,UAAM,OACJ,OAAO,aAAa,OAAO,OAAO,cAAc,YAAY,CAAC,MAAM,QAAQ,OAAO,SAAS,IACtF,OAAO,YACR,CAAC;AAEP,QAAI,CAAC,KAAM,QAAO,SAAS,IAAI,QAAQ,mBAAmB;AAC1D,QAAI,CAAC,OAAO,aAAa,SAAS,IAAI,GAAG;AACvC,aAAO,SAAS,IAAI,QAAQ,uCAAuC,IAAI,EAAE;AAAA,IAC3E;AACA,UAAM,OAAO,MAAM,MAAM,YAAY,OAAO,aAAa,IAAI;AAC7D,QAAI,CAAC,KAAM,QAAO,SAAS,IAAI,QAAQ,qCAAqC,IAAI,EAAE;AAClF,QAAI,CAAE,MAAM,MAAM,uBAAuB,OAAO,aAAa,IAAI,GAAI;AACnE,aAAO,SAAS,IAAI,QAAQ,uCAAuC,IAAI,EAAE;AAAA,IAC3E;AAEA,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,OAAO,IAAI;AACrC,aAAO,UAAU,IAAI,MAAM;AAAA,IAC7B,SAAS,KAAK;AACZ,UAAI,eAAe,8BAA8B;AAC/C,eAAO,SAAS,IAAI,IAAI,MAAM,IAAI,SAAS,IAAI,IAAI;AAAA,MACrD;AACA,aAAO,SAAS,IAAI,OAAQ,eAAe,QAAQ,IAAI,UAAU,wBAAwB;AAAA,IAC3F;AAAA,EACF;AAEA,SAAO,SAAS,IAAI,QAAQ,qBAAqB,UAAU,QAAQ,EAAE;AACvE;AAQA,eAAsB,2BACpB,SACA,OACmB;AACnB,MAAI,QAAQ,WAAW,QAAQ;AAC7B,WAAO,SAAS,KAAK,EAAE,OAAO,qBAAqB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACvE;AAEA,MAAI;AACJ,MAAI;AACF,WAAQ,MAAM,QAAQ,KAAK;AAAA,EAC7B,QAAQ;AACN,WAAO,SAAS,KAAK,SAAS,MAAM,QAAQ,aAAa,CAAC;AAAA,EAC5D;AAEA,QAAM,WAAW,MAAM,wBAAwB,MAAM,QAAQ,QAAQ,IAAI,eAAe,GAAG,KAAK;AAChG,MAAI,SAAS,OAAO,SAAS,QAAQ;AACnC,WAAO,SAAS,KAAK,UAAU,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChD;AACA,SAAO,SAAS,KAAK,QAAQ;AAC/B;;;ACvKA,eAAsB,wBACpB,OACoC;AACpC,QAAM,MAAM,MAAM,OAAO,KAAK,IAAI;AAClC,QAAM,QAAQ,MAAM,uBAAuB;AAAA,IACzC,aAAa,MAAM;AAAA,IACnB,cAAc,MAAM;AAAA,IACpB,YAAY,MAAM;AAAA,IAClB,QAAQ,MAAM;AAAA,IACd,QAAQ,MAAM;AAAA,IACd;AAAA,EACF,CAAC;AACD,MAAI,CAAC,MAAO,QAAO;AACnB,SAAO;AAAA,IACL;AAAA,IACA,cAAc,MAAM;AAAA,IACpB,WAAW,MAAM,MAAM,aAAa;AAAA,IACpC,aAAa,MAAM;AAAA,EACrB;AACF;","names":[]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tangle-network/agent-integrations",
-  "version": "0.34.0",
+  "version": "0.35.0",
   "description": "Vendor-neutral integration contracts and runtime helpers for sandbox and agent apps.",
   "homepage": "https://github.com/tangle-network/agent-integrations#readme",
   "repository": {
@@ -54,6 +54,11 @@
       "import": "./dist/webhooks/index.js",
       "default": "./dist/webhooks/index.js"
     },
+    "./delegated-tools": {
+      "types": "./dist/delegated-tools/index.d.ts",
+      "import": "./dist/delegated-tools/index.js",
+      "default": "./dist/delegated-tools/index.js"
+    },
     "./registry": {
       "types": "./dist/registry.d.ts",
       "import": "./dist/registry.js",