npm - @tangle-network/agent-integrations - Versions diffs - 0.7.0 → 0.8.0 - Mend

@tangle-network/agent-integrations 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md +151 -161
package/dist/index.d.ts +184 -1
package/dist/index.js +591 -0
package/dist/index.js.map +1 -1
package/docs/integration-coverage-checklist.md +2 -1
package/docs/provider-decision-matrix.md +1 -3
package/examples/basic-hub.ts +47 -0
package/examples/declarative-rest.ts +27 -0
package/examples/first-party-adapter.ts +32 -0
package/package.json +2 -1
package/docs/execution-layer-launch-plan.md +0 -222

package/README.md CHANGED Viewed

@@ -1,173 +1,163 @@
-# Agent Integrations
-`@tangle-network/agent-integrations` is a vendor-neutral integration layer for
-apps, sandboxes, and agents that need user-authorized connections such as email,
-calendar, Slack, CRM, storage, webhooks, and workflow triggers.
-The package does not pick a single integration vendor. Nango, Pipedream,
-Zapier-style platforms, Activepieces, executor services, and first-party
-connectors should all sit behind the same provider interface.
-## Mental Model
+# @tangle-network/agent-integrations
+Vendor-neutral integration contracts for agent apps, sandboxes, and generated
+software that need user-authorized access to external systems.
+The package standardizes connector catalogs, user connections, scoped sandbox
+capabilities, action invocation, trigger events, provider adapters, and
+first-party connector adapters. Product code can route through Nango, Pipedream,
+Activepieces, a custom gateway, or first-party adapters without changing the
+agent-facing tool contract.
+## Contents
+- [What It Provides](#what-it-provides)
+- [Architecture](#architecture)
+- [Install](#install)
+- [Core Primitives](#core-primitives)
+- [Provider Strategy](#provider-strategy)
+- [Executable Coverage](#executable-coverage)
+- [Examples](#examples)
+- [Security Model](#security-model)
+- [Development](#development)
+## What It Provides
+- A normalized connector/action/trigger catalog.
+- User-owned connection records that reference secrets without storing raw
+  credentials in public shapes.
+- Short-lived capability tokens for sandbox-safe access to a subset of a user's
+  connection.
+- Policy checks for read/write/destructive actions.
+- Invocation-envelope validation before sandbox tool calls reach the hub.
+- A generic HTTP provider boundary for hosted integration gateways.
+- A first-party `ConnectorAdapter` boundary for direct provider execution.
+- A declarative REST adapter factory for promoting REST APIs from reviewed specs.
+- A broad coverage catalog for planning hundreds of integrations without
+  pretending every catalog item is executable.
+- A generated `IntegrationSpec` registry used for setup docs, admin UI steps,
+  normalized permissions, healthcheck plans, and tool descriptions.
+## Architecture
 ```txt
-Connector catalog -> User connection -> Scoped capability -> Action or trigger
+connector catalog
+  -> user connection
+  -> scoped capability
+  -> policy decision
+  -> provider/action invocation
+  -> audit-safe result or normalized trigger event
 ```
-- **Connectors** describe what can be connected: Gmail, Google Calendar, Slack,
-  HubSpot, webhooks, internal tools.
-- **Connections** are user/team-owned grants. They carry secret references, not
-  raw credentials.
-- **Capabilities** are short-lived, sandbox-safe tokens that authorize a subset
-  of actions on a connection.
-- **Actions** are read/write/destructive operations.
-- **Triggers** normalize inbound events from providers into one event shape.
-## Why This Exists
-Agent Builder and sandbox apps need to support prompts like:
-```txt
-At Gmail, build me an app that summarizes unread support emails and drafts replies.
-```
-The generated app should be able to request Gmail access, instantiate inside the
-user's sandbox, and let the agent read/write through a scoped integration
-capability. The sandbox should never receive reusable provider secrets.
-## Core Usage
-### Product Flow
+Main boundaries:
-For Agent Builder and sandbox apps, the intended flow is:
+- `IntegrationHub`: product-facing facade for catalogs, connections,
+  capabilities, and action invocation.
+- `IntegrationProvider`: vendor or gateway implementation boundary.
+- `ConnectorAdapter`: first-party connector boundary for direct API execution.
+- `IntegrationActionGuard`: optional cross-cutting hook for idempotency,
+  approval, audit logging, rate limits, and conflict handling.
-```txt
-generated app declares required tools
-  -> app searches the integration catalog by intent
-  -> user connects the missing accounts
-  -> runtime issues a short-lived capability to the sandbox
-  -> reads run immediately
-  -> writes pause for policy approval
-  -> every call returns an audit-safe result
-```
+## Install
-The SDK surface for that flow is:
-- `buildIntegrationToolCatalog` and `searchIntegrationTools` for discoverable
-  tool catalogs.
-- `buildIntegrationCoverageConnectors` for broad planning coverage across
-  100+ high-value integrations before each one has a first-party executor.
-- `toMcpTools` for MCP-compatible tool export.
-- `IntegrationHub.issueCapability` for scoped sandbox handoff.
-- `createDefaultIntegrationPolicyEngine` for allow / approval / deny decisions.
-- `buildIntegrationInvocationEnvelope` and
-  `validateIntegrationInvocationEnvelope` for sandbox-safe tool calls with
-  action/tool consistency, idempotency-key, metadata-shape, known-tool, and
-  input-size checks.
-- `createConnectorAdapterProvider` to run first-party adapters through the hub.
-- `declarativeRestConnector` to promote REST-shaped providers from compact,
-  reviewed specs instead of hand-writing one brittle adapter per API.
-```ts
-import {
-  InMemoryConnectionStore,
-  IntegrationHub,
-  buildIntegrationToolCatalog,
-  createMockIntegrationProvider,
-  searchIntegrationTools,
-} from '@tangle-network/agent-integrations'
-const provider = createMockIntegrationProvider()
-const hub = new IntegrationHub({
-  providers: [provider],
-  store: new InMemoryConnectionStore(),
-  capabilitySecret: 'dev-secret',
-})
-const catalog = buildIntegrationToolCatalog(await hub.listConnectors())
-const tools = searchIntegrationTools(catalog, 'search unread gmail', { maxRisk: 'read' })
-const connection = await hub.upsertConnection({
-  id: 'conn_1',
-  owner: { type: 'user', id: 'user_1' },
-  providerId: 'mock',
-  connectorId: 'gmail',
-  status: 'active',
-  grantedScopes: ['email.read'],
-  createdAt: new Date().toISOString(),
-  updatedAt: new Date().toISOString(),
-})
-const capability = await hub.issueCapability({
-  subject: { type: 'sandbox', id: 'sandbox_1' },
-  connectionId: connection.id,
-  scopes: ['email.read'],
-  allowedActions: ['messages.search'],
-  ttlMs: 60_000,
-})
-const result = await hub.invokeWithCapability(capability.token, {
-  action: 'messages.search',
-  input: { q: 'is:unread' },
-})
+```sh
+pnpm add @tangle-network/agent-integrations
 ```
-## Provider Boundary
-Providers implement OAuth, action execution, and optional triggers. Product code
-should depend on `IntegrationHub`, not on a vendor SDK.
-Provider adapters are expected to store raw credentials in their own secure
-vault or return secret references. Connection records should remain safe to log
-after sanitization.
-For a hosted integration gateway, use the generic HTTP adapter:
-```ts
-import { createHttpIntegrationProvider } from '@tangle-network/agent-integrations'
-const provider = createHttpIntegrationProvider({
-  id: 'gateway',
-  kind: 'pipedream',
-  baseUrl: 'https://integrations.example',
-  bearer: process.env.INTEGRATION_GATEWAY_TOKEN,
-  connectors: [/* normalized connector catalog */],
-})
+## Core Primitives
+| Primitive | Purpose |
+|---|---|
+| `IntegrationConnector` | Normalized catalog entry for a provider connection. |
+| `IntegrationConnection` | User/team/agent-owned grant with scopes and secret references. |
+| `IntegrationHub` | Facade for provider catalogs, connection storage, capabilities, and invocation. |
+| `IntegrationCapability` | Short-lived authorization for a specific subject, connection, scope set, and action set. |
+| `buildIntegrationToolCatalog` | Converts connector actions into agent/tool definitions. |
+| `searchIntegrationTools` | Intent search over normalized integration tools. |
+| `buildIntegrationCoverageConnectors` | Planning catalog for 100+ high-value integrations. |
+| `buildIntegrationInvocationEnvelope` | Sandbox-safe action envelope. |
+| `validateIntegrationInvocationEnvelope` | Runtime validation for tool/action consistency and input limits. |
+| `createHttpIntegrationProvider` | Adapter for hosted integration gateways. |
+| `createConnectorAdapterProvider` | Runs first-party `ConnectorAdapter`s through the same provider contract. |
+| `declarativeRestConnector` | Builds REST-backed first-party adapters from compact specs. |
+| `listIntegrationSpecs` | Generates setup/execution specs from the coverage catalog and family defaults. |
+| `renderRunbookMarkdown` / `renderConsoleSteps` | Render operator docs or admin UI steps from the same spec source. |
+| `validateCredentialSet` / `buildHealthcheckPlan` | Validate setup input and describe the correct healthcheck path. |
+## Provider Strategy
+The package deliberately avoids vendor lock-in.
+- Use a hosted gateway when it compresses long-tail OAuth/API coverage.
+- Promote high-volume, sensitive, or strategically important integrations to
+  first-party adapters.
+- Keep product and sandbox code on `IntegrationHub` contracts so provider changes
+  do not alter generated apps or agent tool calls.
+- Treat catalog coverage and executable coverage as different states.
+See [Provider Decision Matrix](./docs/provider-decision-matrix.md).
+## Executable Coverage
+Current first-party adapters:
+- Google Calendar
+- Microsoft Calendar
+- Google Sheets
+- Slack
+- Slack Events
+- HubSpot
+- Notion database
+- Stripe payments pack
+- Stripe webhook receiver
+- Twilio SMS
+- Generic webhook
+- GitHub
+- GitLab
+- Airtable
+- Asana
+- Salesforce
+Broad planning coverage is generated from
+`buildIntegrationCoverageConnectors()` and tracked in
+[Integration Coverage Checklist](./docs/integration-coverage-checklist.md).
+## Examples
+Runnable examples live in [`examples/`](./examples):
+- [`examples/basic-hub.ts`](./examples/basic-hub.ts) - catalog search,
+  connection storage, capability issue, and action invocation.
+- [`examples/first-party-adapter.ts`](./examples/first-party-adapter.ts) -
+  first-party adapter provider wiring.
+- [`examples/declarative-rest.ts`](./examples/declarative-rest.ts) - compact
+  REST connector spec.
+The README stays short; examples are separate so they can be copied and expanded
+without obscuring the package contract.
+## Security Model
+- Capability tokens expire.
+- Capability tokens do not contain provider credentials.
+- Connection records carry secret references, not raw secrets.
+- Write and destructive actions can require approval.
+- Invocation envelopes validate action/tool consistency, idempotency keys,
+  metadata shape, known tools, and input size.
+- Action invocation checks ownership, connection status, scopes, allowed actions,
+  and expiration.
+- `IntegrationActionGuard` can enforce idempotency, approval, audit logging,
+  conflict handling, and rate limits across all providers.
+## Development
+```sh
+pnpm install
+pnpm typecheck
+pnpm test
+pnpm build
 ```
-The HTTP adapter keeps product code stable while the backing provider can be
-Nango, Pipedream, Activepieces, a Zapier-style service, or an internal gateway.
-For first-party REST APIs, use the declarative adapter factory:
-```ts
-import { createConnectorAdapterProvider, githubConnector } from '@tangle-network/agent-integrations'
-const provider = createConnectorAdapterProvider({
-  adapters: [githubConnector],
-  resolveDataSource: async (connection) => loadSourceAndCredentials(connection),
-})
-```
+## License
-Current first-party adapters include Google Calendar, Microsoft Calendar,
-Google Sheets, Slack, HubSpot, Notion database, Stripe, Twilio, webhooks,
-GitHub, GitLab, Airtable, Asana, and Salesforce.
-See [Provider Decision Matrix](./docs/provider-decision-matrix.md) for the
-build-vs-buy policy. The short version: use a vendor gateway only to compress
-time-to-coverage, but keep all product and sandbox code on this package's
-contracts so high-volume or strategic connectors can be moved first-party
-without changing agent code.
-## Security Defaults
-- Capabilities expire.
-- Capability tokens contain no provider credential.
-- Secret refs are redacted from public telemetry.
-- Write/destructive actions can be policy-gated.
-- Sandbox invocation envelopes are validated before conversion to hub requests.
-- Action invocation checks connection ownership, status, scopes, allowed
-  actions, and expiration.
-- Optional `IntegrationActionGuard` wraps every action invocation for
-  idempotency, audit logging, conflict detection, rate limits, and
-  approval gates.
+MIT

package/dist/index.d.ts CHANGED Viewed

@@ -1205,6 +1205,189 @@ declare function buildIntegrationCoverageConnectors(options?: {
 }): IntegrationConnector[];
 declare function integrationCoverageChecklistMarkdown(): string;
+type IntegrationAuthMode = 'oauth2' | 'api_key' | 'hmac' | 'none' | 'custom';
+type IntegrationSpecStatus = 'catalog' | 'executable' | 'deprecated';
+type IntegrationFamilyId = 'google' | 'microsoft-graph' | 'atlassian' | 'salesforce' | 'hubspot' | 'slack' | 'notion' | 'standard-oauth2' | 'api-key' | 'hmac' | 'none';
+type NormalizedPermission = `${string}.read` | `${string}.write` | `${string}.delete` | `${string}.admin`;
+interface IntegrationSpec {
+    kind: string;
+    title: string;
+    category: IntegrationConnectorCategory;
+    status: IntegrationSpecStatus;
+    family: IntegrationFamilyId;
+    auth: IntegrationAuthSpec;
+    permissions: PermissionDescriptor[];
+    actions: IntegrationConnectorAction[];
+    triggers?: IntegrationConnectorTrigger[];
+    setup: IntegrationSetupSpec;
+    lifecycle?: IntegrationLifecycleSpec;
+    plannerHints?: IntegrationPlannerHints;
+    metadata?: Record<string, unknown>;
+}
+type IntegrationAuthSpec = OAuth2AuthSpec | ApiKeyAuthSpec | HmacAuthSpec | NoneAuthSpec | CustomAuthSpec;
+interface OAuth2AuthSpec {
+    mode: 'oauth2';
+    authorizationUrl: string;
+    tokenUrl: string;
+    clientIdEnv?: string;
+    clientSecretEnv?: string;
+    scopes: ScopeDescriptor[];
+    extraAuthParams?: Record<string, string>;
+    redirectUriTemplate: string;
+    pkce?: 'required' | 'supported' | 'unsupported';
+}
+interface ApiKeyAuthSpec {
+    mode: 'api_key';
+    credential: CredentialFieldSpec;
+    placement?: 'bearer' | 'header' | 'query' | 'basic';
+}
+interface HmacAuthSpec {
+    mode: 'hmac';
+    credential: CredentialFieldSpec;
+    signatureHeader?: string;
+}
+interface NoneAuthSpec {
+    mode: 'none';
+}
+interface CustomAuthSpec {
+    mode: 'custom';
+    description: string;
+}
+interface ScopeDescriptor {
+    normalized: NormalizedPermission;
+    providerScope: string;
+    title: string;
+    reason: string;
+    risk: IntegrationActionRisk;
+    dataClass: IntegrationDataClass;
+}
+interface PermissionDescriptor {
+    normalized: NormalizedPermission;
+    providerScopes: string[];
+    title: string;
+    risk: IntegrationActionRisk;
+    dataClass: IntegrationDataClass;
+    reason: string;
+}
+interface CredentialFieldSpec {
+    label: string;
+    description: string;
+    env?: string;
+    example?: string;
+    regex?: string;
+    secret: boolean;
+}
+interface ConsoleStep {
+    id: string;
+    title: string;
+    detail: string;
+    copyValue?: string;
+}
+interface Quirk {
+    id: string;
+    severity: 'info' | 'warning' | 'critical';
+    message: string;
+}
+interface PostSetupCheck {
+    id: string;
+    title: string;
+    detail: string;
+}
+interface HealthcheckSpec {
+    id: string;
+    level: 'client_config' | 'connection' | 'webhook' | 'static';
+    method?: 'GET' | 'POST';
+    url?: string;
+    expectedStatus?: number[];
+    description: string;
+}
+interface IntegrationSetupSpec {
+    consoleUrl?: string;
+    consoleSteps: ConsoleStep[];
+    credentialFields: CredentialFieldSpec[];
+    redirectUriTemplate?: string;
+    knownQuirks?: Quirk[];
+    postSetup?: PostSetupCheck[];
+    healthcheck?: HealthcheckSpec;
+}
+interface IntegrationLifecycleSpec {
+    supportsRefresh: boolean;
+    supportsRevoke: boolean;
+    supportsIncrementalAuth: boolean;
+    recommendedHealthcheckIntervalHours?: number;
+    freshnessSloMinutes?: number;
+}
+interface IntegrationPlannerHints {
+    useFor: string[];
+    avoidFor?: string[];
+    dataFreshness: 'realtime' | 'near_realtime' | 'eventual' | 'manual';
+    writeRisk: 'low' | 'medium' | 'high';
+}
+interface IntegrationFamilySpec {
+    id: IntegrationFamilyId;
+    title: string;
+    authMode: IntegrationAuthMode;
+    consoleUrl?: string;
+    authorizationUrl?: string;
+    tokenUrl?: string;
+    redirectUriTemplate?: string;
+    credentialFields: CredentialFieldSpec[];
+    consoleSteps: ConsoleStep[];
+    knownQuirks?: Quirk[];
+    lifecycle: IntegrationLifecycleSpec;
+}
+interface IntegrationSpecValidationIssue {
+    path: string;
+    message: string;
+}
+interface IntegrationSpecValidationResult {
+    ok: boolean;
+    issues: IntegrationSpecValidationIssue[];
+}
+interface RenderSpecOptions {
+    host: string;
+    callbackPath?: string;
+}
+interface RenderedConsoleStep extends ConsoleStep {
+    detail: string;
+    copyValue?: string;
+}
+interface CredentialValidationInput {
+    field: CredentialFieldSpec;
+    value: string;
+}
+interface CredentialValidationResult {
+    ok: boolean;
+    field: string;
+    message?: string;
+}
+interface HealthcheckPlan {
+    kind: string;
+    healthcheck: HealthcheckSpec;
+    requires: Array<'client_id' | 'client_secret' | 'api_key' | 'hmac_secret' | 'connection_credentials'>;
+    message: string;
+}
+declare function specAuthToConnectorAuth(auth: IntegrationAuthSpec): IntegrationConnector['auth'];
+declare const INTEGRATION_FAMILIES: Record<IntegrationFamilyId, IntegrationFamilySpec>;
+declare function getIntegrationFamily(id: IntegrationFamilyId): IntegrationFamilySpec;
+declare function listIntegrationSpecs(): IntegrationSpec[];
+declare function getIntegrationSpec(kind: string): IntegrationSpec | undefined;
+declare function listExecutableIntegrationSpecs(): IntegrationSpec[];
+declare function integrationSpecToConnector(spec: IntegrationSpec, providerId?: string): IntegrationConnector;
+declare function renderConsoleSteps(spec: IntegrationSpec, options: RenderSpecOptions): RenderedConsoleStep[];
+declare function renderRunbookMarkdown(spec: IntegrationSpec, options: RenderSpecOptions): string;
+declare function renderAgentToolDescription(spec: IntegrationSpec): string;
+declare function buildHealthcheckPlan(spec: IntegrationSpec): HealthcheckPlan;
+declare function consoleStepsToText(steps: ConsoleStep[]): string;
+declare function validateIntegrationSpec(spec: IntegrationSpec): IntegrationSpecValidationResult;
+declare function assertValidIntegrationSpec(spec: IntegrationSpec): void;
+declare function validateCredentialFormat(field: CredentialFieldSpec, value: string): CredentialValidationResult;
+declare function validateCredentialSet(spec: IntegrationSpec, values: Record<string, string>): CredentialValidationResult[];
 type IntegrationProviderKind = 'first_party' | 'nango' | 'pipedream' | 'zapier' | 'activepieces' | 'executor' | 'custom';
 type IntegrationConnectorCategory = 'email' | 'calendar' | 'chat' | 'crm' | 'storage' | 'docs' | 'database' | 'webhook' | 'workflow' | 'internal' | 'other';
 type IntegrationActionRisk = 'read' | 'write' | 'destructive';
@@ -1501,4 +1684,4 @@ declare function createHttpIntegrationProvider(options: HttpIntegrationProviderO
 declare function signCapability(capability: IntegrationCapability, secret: string): string;
 declare function verifyCapabilityToken(token: string, secret: string): IntegrationCapability;
-export { type AuthSpec, type CASStrategy, type Capability, type CapabilityClass, type CapabilityMutation, type CapabilityMutationResult, type CapabilityParameterSchema, type CapabilityRead, type CapabilityReadResult, type CompleteAuthRequest, type ConnectorAdapter, type ConnectorAdapterProviderOptions, type ConnectorCredentials, type ConnectorInvocation, type ConnectorManifest, type ConnectorManifestValidationIssue, type ConnectorManifestValidationResult, type ConsistencyModel, CredentialsExpired, DEFAULT_SIGNATURE_TOLERANCE_SECONDS, type DataSourceMetadata, type EventHandlerResult, type ExchangeCodeInput, type GenericHmacVerifyOptions, type GoogleCalendarOptions, type GoogleSheetsOptions, type GraphqlOperationSpec, type HttpIntegrationProviderOptions, type HubSpotOptions, type ImportCatalogOptions, InMemoryConnectionStore, InMemoryOAuthFlowStore, type InboundEvent, type IntegrationActionGuard, type IntegrationActionPack, type IntegrationActionRequest, type IntegrationActionResult, type IntegrationActionRisk, type IntegrationActor, type IntegrationApprovalRequest, type IntegrationApprovalResolution, type IntegrationCapability, type IntegrationConnection, type IntegrationConnectionStore, type IntegrationConnector, type IntegrationConnectorAction, type IntegrationConnectorCategory, type IntegrationConnectorTrigger, type IntegrationCoveragePriority, type IntegrationCoverageSpec, type IntegrationDataClass, IntegrationError, type IntegrationGuardContext, IntegrationHub, type IntegrationHubOptions, type IntegrationInvocationEnvelope, type IntegrationInvocationEnvelopeValidationOptions, type IntegrationPolicyDecision, type IntegrationPolicyEffect, type IntegrationPolicyEngine, type IntegrationPolicyRule, type IntegrationProvider, type IntegrationProviderKind, type IntegrationToolDefinition, type IntegrationToolSearchFilters, type IntegrationToolSearchResult, type IntegrationTriggerEvent, type IntegrationTriggerSubscription, type InvokeWithCapabilityRequest, type IssueCapabilityRequest, type IssuedIntegrationCapability, type McpCatalog, type McpCatalogTool, type McpToolDefinition, type MicrosoftCalendarOptions, type NormalizedIntegrationResult, type NotionDatabaseOptions, type OAuthFlowStore, type OAuthTokens, type OpenApiDocument, type OpenApiOperation, type ParsedStripeSignatureHeader, type PendingOAuthFlow, type RateLimitSpec, type RefreshInput, type ResolvedDataSource, ResourceContention, type RestConnectorSpec, type RestCredentialPlacement, type RestOperationSpec, type RestRequestSpec, type SecretRef, type SlackOptions, type SlackVerifyOptions, type StartAuthRequest, type StartAuthResult, type StartOAuthInput, type StartOAuthOutput, StaticIntegrationPolicyEngine, type StaticIntegrationPolicyOptions, type StripeVerifyOptions, type TwilioVerifyOptions, _resetPendingFlowsForTests, airtableConnector, asanaConnector, assertValidConnectorManifest, buildApprovalRequest, buildIntegrationCoverageConnectors, buildIntegrationInvocationEnvelope, buildIntegrationToolCatalog, consumePendingFlow, createConnectorAdapterProvider, createDefaultIntegrationPolicyEngine, createHttpIntegrationProvider, createMockIntegrationProvider, declarativeRestConnector, exchangeAuthorizationCode, firstHeader, githubConnector, gitlabConnector, googleCalendar, googleSheets, hubspot, importGraphqlConnector, importMcpConnector, importOpenApiConnector, integrationCoverageChecklistMarkdown, integrationToolName, invocationRequestFromEnvelope, listIntegrationCoverageSpecs, manifestToConnector, microsoftCalendar, normalizeIntegrationResult, notionDatabase, parseIntegrationToolName, parseStripeSignatureHeader, redactApprovalRequest, redactCapability, redactInvocationEnvelope, refreshAccessToken, salesforceConnector, sanitizeConnection, searchIntegrationTools, signCapability, slack, slackEventsConnector, startOAuthFlow, stripePackConnector, stripeWebhookReceiverConnector, toMcpTools, twilioSmsConnector, validateConnectorManifest, validateIntegrationInvocationEnvelope, verifyCapabilityToken, verifyHmacSignature, verifySlackSignature, verifyStripeSignature, verifyTwilioSignature, webhookConnector };
+export { type ApiKeyAuthSpec, type AuthSpec, type CASStrategy, type Capability, type CapabilityClass, type CapabilityMutation, type CapabilityMutationResult, type CapabilityParameterSchema, type CapabilityRead, type CapabilityReadResult, type CompleteAuthRequest, type ConnectorAdapter, type ConnectorAdapterProviderOptions, type ConnectorCredentials, type ConnectorInvocation, type ConnectorManifest, type ConnectorManifestValidationIssue, type ConnectorManifestValidationResult, type ConsistencyModel, type ConsoleStep, type CredentialFieldSpec, type CredentialValidationInput, type CredentialValidationResult, CredentialsExpired, type CustomAuthSpec, DEFAULT_SIGNATURE_TOLERANCE_SECONDS, type DataSourceMetadata, type EventHandlerResult, type ExchangeCodeInput, type GenericHmacVerifyOptions, type GoogleCalendarOptions, type GoogleSheetsOptions, type GraphqlOperationSpec, type HealthcheckPlan, type HealthcheckSpec, type HmacAuthSpec, type HttpIntegrationProviderOptions, type HubSpotOptions, INTEGRATION_FAMILIES, type ImportCatalogOptions, InMemoryConnectionStore, InMemoryOAuthFlowStore, type InboundEvent, type IntegrationActionGuard, type IntegrationActionPack, type IntegrationActionRequest, type IntegrationActionResult, type IntegrationActionRisk, type IntegrationActor, type IntegrationApprovalRequest, type IntegrationApprovalResolution, type IntegrationAuthMode, type IntegrationAuthSpec, type IntegrationCapability, type IntegrationConnection, type IntegrationConnectionStore, type IntegrationConnector, type IntegrationConnectorAction, type IntegrationConnectorCategory, type IntegrationConnectorTrigger, type IntegrationCoveragePriority, type IntegrationCoverageSpec, type IntegrationDataClass, IntegrationError, type IntegrationFamilyId, type IntegrationFamilySpec, type IntegrationGuardContext, IntegrationHub, type IntegrationHubOptions, type IntegrationInvocationEnvelope, type IntegrationInvocationEnvelopeValidationOptions, type IntegrationLifecycleSpec, type IntegrationPlannerHints, type IntegrationPolicyDecision, type IntegrationPolicyEffect, type IntegrationPolicyEngine, type IntegrationPolicyRule, type IntegrationProvider, type IntegrationProviderKind, type IntegrationSetupSpec, type IntegrationSpec, type IntegrationSpecStatus, type IntegrationSpecValidationIssue, type IntegrationSpecValidationResult, type IntegrationToolDefinition, type IntegrationToolSearchFilters, type IntegrationToolSearchResult, type IntegrationTriggerEvent, type IntegrationTriggerSubscription, type InvokeWithCapabilityRequest, type IssueCapabilityRequest, type IssuedIntegrationCapability, type McpCatalog, type McpCatalogTool, type McpToolDefinition, type MicrosoftCalendarOptions, type NoneAuthSpec, type NormalizedIntegrationResult, type NormalizedPermission, type NotionDatabaseOptions, type OAuth2AuthSpec, type OAuthFlowStore, type OAuthTokens, type OpenApiDocument, type OpenApiOperation, type ParsedStripeSignatureHeader, type PendingOAuthFlow, type PermissionDescriptor, type PostSetupCheck, type Quirk, type RateLimitSpec, type RefreshInput, type RenderSpecOptions, type RenderedConsoleStep, type ResolvedDataSource, ResourceContention, type RestConnectorSpec, type RestCredentialPlacement, type RestOperationSpec, type RestRequestSpec, type ScopeDescriptor, type SecretRef, type SlackOptions, type SlackVerifyOptions, type StartAuthRequest, type StartAuthResult, type StartOAuthInput, type StartOAuthOutput, StaticIntegrationPolicyEngine, type StaticIntegrationPolicyOptions, type StripeVerifyOptions, type TwilioVerifyOptions, _resetPendingFlowsForTests, airtableConnector, asanaConnector, assertValidConnectorManifest, assertValidIntegrationSpec, buildApprovalRequest, buildHealthcheckPlan, buildIntegrationCoverageConnectors, buildIntegrationInvocationEnvelope, buildIntegrationToolCatalog, consoleStepsToText, consumePendingFlow, createConnectorAdapterProvider, createDefaultIntegrationPolicyEngine, createHttpIntegrationProvider, createMockIntegrationProvider, declarativeRestConnector, exchangeAuthorizationCode, firstHeader, getIntegrationFamily, getIntegrationSpec, githubConnector, gitlabConnector, googleCalendar, googleSheets, hubspot, importGraphqlConnector, importMcpConnector, importOpenApiConnector, integrationCoverageChecklistMarkdown, integrationSpecToConnector, integrationToolName, invocationRequestFromEnvelope, listExecutableIntegrationSpecs, listIntegrationCoverageSpecs, listIntegrationSpecs, manifestToConnector, microsoftCalendar, normalizeIntegrationResult, notionDatabase, parseIntegrationToolName, parseStripeSignatureHeader, redactApprovalRequest, redactCapability, redactInvocationEnvelope, refreshAccessToken, renderAgentToolDescription, renderConsoleSteps, renderRunbookMarkdown, salesforceConnector, sanitizeConnection, searchIntegrationTools, signCapability, slack, slackEventsConnector, specAuthToConnectorAuth, startOAuthFlow, stripePackConnector, stripeWebhookReceiverConnector, toMcpTools, twilioSmsConnector, validateConnectorManifest, validateCredentialFormat, validateCredentialSet, validateIntegrationInvocationEnvelope, validateIntegrationSpec, verifyCapabilityToken, verifyHmacSignature, verifySlackSignature, verifyStripeSignature, verifyTwilioSignature, webhookConnector };