npm - @tangle-network/agent-integrations - Versions diffs - 0.8.0 → 0.9.0 - Mend

@tangle-network/agent-integrations 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -4296,6 +4296,95 @@ function getIntegrationFamily(id) {
   return INTEGRATION_FAMILIES[id];
 }
+// src/specs/overrides.ts
+var INTEGRATION_OVERRIDES = {
+  // ── Stripe pack ────────────────────────────────────────────────────
+  // Stripe issues two key types: secret keys (sk_*) and restricted keys
+  // (rk_*). For voice-agent workloads, restricted keys are the right call
+  // — least-privilege scoped to the specific resources the agent can
+  // touch. The hint nudges operators toward that path.
+  "stripe-pack": {
+    consoleUrl: "https://dashboard.stripe.com/apikeys",
+    credentialFields: [
+      {
+        label: "Stripe secret key",
+        description: "Restricted key recommended. Dashboard \u2192 Developers \u2192 API keys \u2192 Create restricted key. Grant write access on Customers, Invoices, and Checkout Sessions.",
+        example: "sk_live_\u2026 or rk_live_\u2026 (use sk_test_\u2026 / rk_test_\u2026 for staging)",
+        regex: "^(sk|rk)_(live|test)_[A-Za-z0-9]+$",
+        secret: true
+      }
+    ],
+    consoleSteps: [
+      {
+        id: "open-keys",
+        title: "Open Stripe API keys",
+        detail: "Visit https://dashboard.stripe.com/apikeys",
+        copyValue: "https://dashboard.stripe.com/apikeys"
+      },
+      {
+        id: "create-restricted",
+        title: "Create a restricted key",
+        detail: 'Click "Create restricted key". Name it something descriptive (e.g. "ph0ny voice agent \u2014 prod"). Grant WRITE on Customers, Invoices, and Checkout Sessions. Leave everything else NONE.'
+      },
+      {
+        id: "paste",
+        title: "Paste the key",
+        detail: "Copy the key Stripe shows once (rk_live_\u2026 or sk_live_\u2026). Paste it into ph0ny. The key is sealed before persistence."
+      }
+    ]
+  },
+  // ── Twilio SMS ─────────────────────────────────────────────────────
+  // Twilio's REST API uses Basic auth with two parts: Account SID
+  // (public-ish, AC…) + Auth Token (secret). The default api-key family
+  // only exposes one field, which doesn't fit. Providing both fields
+  // explicitly lets the consumer's UI render two inputs.
+  "twilio-sms": {
+    consoleUrl: "https://console.twilio.com/",
+    credentialFields: [
+      {
+        label: "Account SID",
+        description: "Your Twilio Account SID. Console \u2192 Account \u2192 API keys & tokens.",
+        example: "AC\u2026 (34 hex chars)",
+        regex: "^AC[a-f0-9]{32}$",
+        secret: false
+      },
+      {
+        label: "Auth Token",
+        description: "Your Twilio Auth Token (or Standard API Key secret). Use a non-primary auth token in production so rotating it won't break other Twilio integrations.",
+        secret: true
+      }
+    ],
+    consoleSteps: [
+      {
+        id: "open",
+        title: "Open Twilio console",
+        detail: "Visit https://console.twilio.com/",
+        copyValue: "https://console.twilio.com/"
+      },
+      {
+        id: "find",
+        title: "Find your Account SID + Auth Token",
+        detail: "Account info is on the dashboard home. For better security, create a Standard API Key (Account \u2192 API keys & tokens \u2192 Create API Key) and use the SID + Secret pair instead of the primary auth token."
+      },
+      {
+        id: "paste",
+        title: "Paste both values",
+        detail: "Account SID is non-secret; Auth Token is sealed before persistence."
+      }
+    ],
+    knownQuirks: [
+      {
+        id: "subaccount-tokens",
+        severity: "info",
+        message: "If you use Twilio subaccounts, paste the SID/Token of the subaccount that owns the phone numbers your agent calls \u2014 not the master account."
+      }
+    ]
+  }
+};
+function getIntegrationOverride(kind) {
+  return INTEGRATION_OVERRIDES[kind];
+}
 // src/specs/registry.ts
 var EXECUTABLE_KINDS = /* @__PURE__ */ new Set([
   "google-calendar",
@@ -4364,6 +4453,8 @@ function specFromCoverage(coverage, connector) {
   const permissions = permissionsFor(coverage, connector.actions);
   const auth = authFor(coverage, family, permissions);
   const status = statusFor(kind);
+  const override = getIntegrationOverride(kind) ?? getIntegrationOverride(coverage.id);
+  const knownQuirks = override?.knownQuirks ? [...familySpec.knownQuirks ?? [], ...override.knownQuirks] : familySpec.knownQuirks;
   return {
     kind,
     title: connector.title,
@@ -4375,12 +4466,13 @@ function specFromCoverage(coverage, connector) {
     actions: connector.actions,
     triggers: connector.triggers,
     setup: {
-      consoleUrl: familySpec.consoleUrl,
-      consoleSteps: familySpec.consoleSteps,
-      credentialFields: credentialFieldsFor(auth),
+      consoleUrl: override?.consoleUrl ?? familySpec.consoleUrl,
+      consoleSteps: override?.consoleSteps ?? familySpec.consoleSteps,
+      credentialFields: override?.credentialFields ?? credentialFieldsFor(auth),
       redirectUriTemplate: auth.mode === "oauth2" ? auth.redirectUriTemplate : familySpec.redirectUriTemplate,
-      knownQuirks: familySpec.knownQuirks,
-      healthcheck: healthcheckFor(kind, status, auth)
+      knownQuirks,
+      postSetup: override?.postSetup,
+      healthcheck: override?.healthcheck ?? healthcheckFor(kind, status, auth)
     },
     lifecycle: familySpec.lifecycle,
     plannerHints: plannerHintsFor(coverage, connector.actions),