npm - @trusty-squire/mcp - Versions diffs - 0.8.2 → 0.8.3-rc.1 - Mend

@trusty-squire/mcp 0.8.2 → 0.8.3-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

package/dist/api-client.d.ts +51 -0
package/dist/api-client.d.ts.map +1 -1
package/dist/api-client.js +25 -0
package/dist/api-client.js.map +1 -1
package/dist/bot/agent.d.ts +3 -0
package/dist/bot/agent.d.ts.map +1 -1
package/dist/bot/agent.js +479 -24
package/dist/bot/agent.js.map +1 -1
package/dist/bot/browser.d.ts +1 -0
package/dist/bot/browser.d.ts.map +1 -1
package/dist/bot/browser.js +63 -5
package/dist/bot/browser.js.map +1 -1
package/dist/bot/google-login.d.ts +1 -0
package/dist/bot/google-login.d.ts.map +1 -1
package/dist/bot/google-login.js +21 -1
package/dist/bot/google-login.js.map +1 -1
package/dist/bot/inbox-client.d.ts +3 -0
package/dist/bot/inbox-client.d.ts.map +1 -1
package/dist/bot/inbox-client.js +112 -0
package/dist/bot/inbox-client.js.map +1 -1
package/dist/bot/near-text-hint.d.ts +4 -0
package/dist/bot/near-text-hint.d.ts.map +1 -0
package/dist/bot/near-text-hint.js +72 -0
package/dist/bot/near-text-hint.js.map +1 -0
package/dist/bot/promote-to-skill.d.ts.map +1 -1
package/dist/bot/promote-to-skill.js +365 -49
package/dist/bot/promote-to-skill.js.map +1 -1
package/dist/bot/read-otp.d.ts +6 -0
package/dist/bot/read-otp.d.ts.map +1 -1
package/dist/bot/read-otp.js +22 -0
package/dist/bot/read-otp.js.map +1 -1
package/dist/bot/replay-skill.d.ts.map +1 -1
package/dist/bot/replay-skill.js +99 -109
package/dist/bot/replay-skill.js.map +1 -1
package/dist/install/agents.d.ts +1 -0
package/dist/install/agents.d.ts.map +1 -1
package/dist/install/agents.js +32 -0
package/dist/install/agents.js.map +1 -1
package/dist/install/cli.d.ts.map +1 -1
package/dist/install/cli.js +24 -2
package/dist/install/cli.js.map +1 -1
package/dist/server.d.ts.map +1 -1
package/dist/server.js +20 -1
package/dist/server.js.map +1 -1
package/dist/tools/always-load.d.ts +4 -0
package/dist/tools/always-load.d.ts.map +1 -0
package/dist/tools/always-load.js +6 -0
package/dist/tools/always-load.js.map +1 -0
package/dist/tools/delete-credential.d.ts +12 -0
package/dist/tools/delete-credential.d.ts.map +1 -0
package/dist/tools/delete-credential.js +23 -0
package/dist/tools/delete-credential.js.map +1 -0
package/dist/tools/index.d.ts +10 -1
package/dist/tools/index.d.ts.map +1 -1
package/dist/tools/index.js +17 -1
package/dist/tools/index.js.map +1 -1
package/dist/tools/poll-credential-access.d.ts +12 -0
package/dist/tools/poll-credential-access.d.ts.map +1 -0
package/dist/tools/poll-credential-access.js +29 -0
package/dist/tools/poll-credential-access.js.map +1 -0
package/dist/tools/request-credential.d.ts +69 -0
package/dist/tools/request-credential.d.ts.map +1 -0
package/dist/tools/request-credential.js +69 -0
package/dist/tools/request-credential.js.map +1 -0
package/dist/tools/rotate-credential.d.ts +15 -0
package/dist/tools/rotate-credential.d.ts.map +1 -0
package/dist/tools/rotate-credential.js +29 -0
package/dist/tools/rotate-credential.js.map +1 -0
package/dist/tools/store-credential.d.ts +21 -0
package/dist/tools/store-credential.d.ts.map +1 -0
package/dist/tools/store-credential.js +50 -0
package/dist/tools/store-credential.js.map +1 -0
package/dist/tools/use-credential.d.ts +40 -0
package/dist/tools/use-credential.d.ts.map +1 -0
package/dist/tools/use-credential.js +61 -0
package/dist/tools/use-credential.js.map +1 -0
package/package.json +1 -1

package/dist/tools/delete-credential.js ADDED Viewed

@@ -0,0 +1,23 @@
+import { z } from "zod";
+import { assertApi } from "./index.js";
+const inputSchema = z.object({
+    reference: z.string().min(1),
+});
+const DESCRIPTION = `Permanently delete a credential from the vault. Irreversible.`;
+export const deleteCredentialTool = {
+    name: "delete_credential",
+    description: DESCRIPTION,
+    inputSchema,
+    jsonInputSchema: {
+        type: "object",
+        required: ["reference"],
+        properties: { reference: { type: "string" } },
+    },
+    annotations: { destructiveHint: true },
+    async handler(args, api) {
+        assertApi(api);
+        const res = await api.deleteCredential(args.reference);
+        return { deleted_at: res.deleted_at };
+    },
+};
+//# sourceMappingURL=delete-credential.js.map

package/dist/tools/delete-credential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"delete-credential.js","sourceRoot":"","sources":["../../src/tools/delete-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAa,MAAM,YAAY,CAAC;AAElD,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC7B,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG,+DAA+D,CAAC;AAEpF,MAAM,CAAC,MAAM,oBAAoB,GAAsC;IACrE,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,WAAW;IACxB,WAAW;IACX,eAAe,EAAE;QACf,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,CAAC,WAAW,CAAC;QACvB,UAAU,EAAE,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;KAC9C;IACD,WAAW,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE;IACtC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG;QACrB,SAAS,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACvD,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC;IACxC,CAAC;CACF,CAAC"}

package/dist/tools/index.d.ts CHANGED Viewed

@@ -4,16 +4,25 @@ import { getCredentialTool } from "./get-credential.js";
 import { listCredentialsTool } from "./list-credentials.js";
 import { provisionTool, checkProvisionStatusTool } from "./provision-any.js";
 import { listExtractFailuresTool, getExtractFailureTool } from "./extract-failures.js";
+import { storeCredentialTool } from "./store-credential.js";
+import { rotateCredentialTool } from "./rotate-credential.js";
+import { deleteCredentialTool } from "./delete-credential.js";
+import { requestCredentialTool } from "./request-credential.js";
+import { pollCredentialAccessTool } from "./poll-credential-access.js";
+import { useCredentialTool } from "./use-credential.js";
 export interface Tool<TArgs extends Record<string, unknown> = Record<string, unknown>> {
     name: string;
     description: string;
     inputSchema: ZodTypeAny;
     jsonInputSchema: Record<string, unknown>;
+    annotations?: Record<string, unknown>;
+    meta?: Record<string, unknown>;
     handler: (args: TArgs, api: ApiClient | null) => Promise<unknown>;
 }
+export { ALWAYS_LOAD_META } from "./always-load.js";
 export declare function assertApi(api: ApiClient | null): asserts api is ApiClient;
 export declare const TOOLS: Tool[];
 export declare function findTool(name: string): Tool | null;
 export { z };
-export { provisionTool, checkProvisionStatusTool, getCredentialTool, listCredentialsTool, listExtractFailuresTool, getExtractFailureTool, };
+export { provisionTool, checkProvisionStatusTool, getCredentialTool, listCredentialsTool, storeCredentialTool, rotateCredentialTool, deleteCredentialTool, requestCredentialTool, pollCredentialAccessTool, useCredentialTool, listExtractFailuresTool, getExtractFailureTool, };
 //# sourceMappingURL=index.d.ts.map

package/dist/tools/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,CAAC,EAAE,KAAK,UAAU,EAAE,MAAM,KAAK,CAAC;AACzC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;~~AAEvF~~,MAAM,WAAW,IAAI,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACnF,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,UAAU,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;~~IACzC~~,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,GAAG,IAAI,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CACnE;~~AAQD~~,wBAAgB,SAAS,CAAC,GAAG,EAAE,SAAS,GAAG,IAAI,GAAG,OAAO,CAAC,GAAG,IAAI,SAAS,CAMzE;AAQD,eAAO,MAAM,KAAK,EAAE,IAAI,~~EASb~~,CAAC;AAEZ,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAElD;AAGD,OAAO,EAAE,CAAC,EAAE,CAAC;AAIb,OAAO,EACL,aAAa,EACb,wBAAwB,EACxB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,EACvB,qBAAqB,GACtB,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,CAAC,EAAE,KAAK,UAAU,EAAE,MAAM,KAAK,CAAC;AACzC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AACvF,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,WAAW,IAAI,CAAC,KAAK,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACnF,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,UAAU,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAGzC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAItC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,OAAO,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,GAAG,IAAI,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CACnE;AAID,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAQpD,wBAAgB,SAAS,CAAC,GAAG,EAAE,SAAS,GAAG,IAAI,GAAG,OAAO,CAAC,GAAG,IAAI,SAAS,CAMzE;AAQD,eAAO,MAAM,KAAK,EAAE,IAAI,EAgBb,CAAC;AAEZ,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAElD;AAGD,OAAO,EAAE,CAAC,EAAE,CAAC;AAIb,OAAO,EACL,aAAa,EACb,wBAAwB,EACxB,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,EACpB,qBAAqB,EACrB,wBAAwB,EACxB,iBAAiB,EACjB,uBAAuB,EACvB,qBAAqB,GACtB,CAAC"}

package/dist/tools/index.js CHANGED Viewed

@@ -12,6 +12,15 @@ import { getCredentialTool } from "./get-credential.js";
 import { listCredentialsTool } from "./list-credentials.js";
 import { provisionTool, checkProvisionStatusTool } from "./provision-any.js";
 import { listExtractFailuresTool, getExtractFailureTool } from "./extract-failures.js";
+import { storeCredentialTool } from "./store-credential.js";
+import { rotateCredentialTool } from "./rotate-credential.js";
+import { deleteCredentialTool } from "./delete-credential.js";
+import { requestCredentialTool } from "./request-credential.js";
+import { pollCredentialAccessTool } from "./poll-credential-access.js";
+import { useCredentialTool } from "./use-credential.js";
+// Re-exported for convenience; defined in its own module to avoid a
+// circular import (tool files import it; index imports the tool files).
+export { ALWAYS_LOAD_META } from "./always-load.js";
 // All tools receive `api: ApiClient | null`. In the single-tier model
 // server.ts only invokes a handler after confirming a non-null api, but
 // the registry contract still types it as nullable so handlers like
@@ -34,6 +43,13 @@ export const TOOLS = [
     checkProvisionStatusTool,
     getCredentialTool,
     listCredentialsTool,
+    // Vault lifecycle + agent-mediated access (the credential surface).
+    storeCredentialTool,
+    rotateCredentialTool,
+    deleteCredentialTool,
+    requestCredentialTool,
+    pollCredentialAccessTool,
+    useCredentialTool,
     // Diagnostic tools: agent reads them after a failed extract so it
     // can write a targeted fix without the user fetching by curl.
     listExtractFailuresTool,
@@ -46,5 +62,5 @@ export function findTool(name) {
 export { z };
 // Per-tool re-exports so callers (tests, custom integrations) can
 // import a single tool without going through the TOOLS array.
-export { provisionTool, checkProvisionStatusTool, getCredentialTool, listCredentialsTool, listExtractFailuresTool, getExtractFailureTool, };
+export { provisionTool, checkProvisionStatusTool, getCredentialTool, listCredentialsTool, storeCredentialTool, rotateCredentialTool, deleteCredentialTool, requestCredentialTool, pollCredentialAccessTool, useCredentialTool, listExtractFailuresTool, getExtractFailureTool, };
 //# sourceMappingURL=index.js.map

package/dist/tools/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAAA,oEAAoE;AACpE,oEAAoE;AACpE,sEAAsE;AACtE,iCAAiC;AACjC,EAAE;AACF,sEAAsE;AACtE,8DAA8D;AAC9D,sEAAsE;AACtE,mCAAmC;AAEnC,OAAO,EAAE,CAAC,EAAmB,MAAM,KAAK,CAAC;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;~~AAUvF~~,sEAAsE;AACtE,wEAAwE;AACxE,oEAAoE;AACpE,oEAAoE;AACpE,6DAA6D;AAC7D,qDAAqD;AACrD,MAAM,UAAU,SAAS,CAAC,GAAqB;IAC7C,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;AACH,CAAC;AAED,0EAA0E;AAC1E,yEAAyE;AACzE,wEAAwE;AACxE,yEAAyE;AACzE,sEAAsE;AACtE,8DAA8D;AAC9D,MAAM,CAAC,MAAM,KAAK,GAAW;IAC3B,aAAa;IACb,wBAAwB;IACxB,iBAAiB;IACjB,mBAAmB;IACnB,kEAAkE;IAClE,8DAA8D;IAC9D,uBAAuB;IACvB,qBAAqB;CACZ,CAAC;AAEZ,MAAM,UAAU,QAAQ,CAAC,IAAY;IACnC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,IAAI,CAAC;AACpD,CAAC;AAED,2EAA2E;AAC3E,OAAO,EAAE,CAAC,EAAE,CAAC;AAEb,kEAAkE;AAClE,8DAA8D;AAC9D,OAAO,EACL,aAAa,EACb,wBAAwB,EACxB,iBAAiB,EACjB,mBAAmB,EACnB,uBAAuB,EACvB,qBAAqB,GACtB,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAAA,oEAAoE;AACpE,oEAAoE;AACpE,sEAAsE;AACtE,iCAAiC;AACjC,EAAE;AACF,sEAAsE;AACtE,8DAA8D;AAC9D,sEAAsE;AACtE,mCAAmC;AAEnC,OAAO,EAAE,CAAC,EAAmB,MAAM,KAAK,CAAC;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AACvF,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAiBxD,oEAAoE;AACpE,wEAAwE;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD,sEAAsE;AACtE,wEAAwE;AACxE,oEAAoE;AACpE,oEAAoE;AACpE,6DAA6D;AAC7D,qDAAqD;AACrD,MAAM,UAAU,SAAS,CAAC,GAAqB;IAC7C,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;AACH,CAAC;AAED,0EAA0E;AAC1E,yEAAyE;AACzE,wEAAwE;AACxE,yEAAyE;AACzE,sEAAsE;AACtE,8DAA8D;AAC9D,MAAM,CAAC,MAAM,KAAK,GAAW;IAC3B,aAAa;IACb,wBAAwB;IACxB,iBAAiB;IACjB,mBAAmB;IACnB,oEAAoE;IACpE,mBAAmB;IACnB,oBAAoB;IACpB,oBAAoB;IACpB,qBAAqB;IACrB,wBAAwB;IACxB,iBAAiB;IACjB,kEAAkE;IAClE,8DAA8D;IAC9D,uBAAuB;IACvB,qBAAqB;CACZ,CAAC;AAEZ,MAAM,UAAU,QAAQ,CAAC,IAAY;IACnC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,IAAI,CAAC;AACpD,CAAC;AAED,2EAA2E;AAC3E,OAAO,EAAE,CAAC,EAAE,CAAC;AAEb,kEAAkE;AAClE,8DAA8D;AAC9D,OAAO,EACL,aAAa,EACb,wBAAwB,EACxB,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,EACpB,qBAAqB,EACrB,wBAAwB,EACxB,iBAAiB,EACjB,uBAAuB,EACvB,qBAAqB,GACtB,CAAC"}

package/dist/tools/poll-credential-access.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { z } from "zod";
+import { type Tool } from "./index.js";
+declare const inputSchema: z.ZodObject<{
+    request_id: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    request_id: string;
+}, {
+    request_id: string;
+}>;
+export declare const pollCredentialAccessTool: Tool<z.infer<typeof inputSchema>>;
+export {};
+//# sourceMappingURL=poll-credential-access.d.ts.map

package/dist/tools/poll-credential-access.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"poll-credential-access.d.ts","sourceRoot":"","sources":["../../src/tools/poll-credential-access.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAa,KAAK,IAAI,EAAE,MAAM,YAAY,CAAC;AAGlD,QAAA,MAAM,WAAW;;;;;;EAEf,CAAC;AAIH,eAAO,MAAM,wBAAwB,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAoBtE,CAAC"}

package/dist/tools/poll-credential-access.js ADDED Viewed

@@ -0,0 +1,29 @@
+import { z } from "zod";
+import { assertApi } from "./index.js";
+import { ALWAYS_LOAD_META } from "./always-load.js";
+const inputSchema = z.object({
+    request_id: z.string().min(1),
+});
+const DESCRIPTION = `Long-poll the broker for a pending access-request's status.`;
+export const pollCredentialAccessTool = {
+    name: "poll_credential_access",
+    description: DESCRIPTION,
+    inputSchema,
+    jsonInputSchema: {
+        type: "object",
+        required: ["request_id"],
+        properties: { request_id: { type: "string" } },
+    },
+    annotations: { readOnlyHint: true },
+    meta: ALWAYS_LOAD_META,
+    async handler(args, api) {
+        assertApi(api);
+        const res = await api.pollCredentialAccess(args.request_id);
+        return {
+            status: res.status,
+            ...(res.value !== undefined ? { value: res.value } : {}),
+            ...(res.denied_reason !== undefined ? { denied_reason: res.denied_reason } : {}),
+        };
+    },
+};
+//# sourceMappingURL=poll-credential-access.js.map

package/dist/tools/poll-credential-access.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"poll-credential-access.js","sourceRoot":"","sources":["../../src/tools/poll-credential-access.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAa,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC9B,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG,6DAA6D,CAAC;AAElF,MAAM,CAAC,MAAM,wBAAwB,GAAsC;IACzE,IAAI,EAAE,wBAAwB;IAC9B,WAAW,EAAE,WAAW;IACxB,WAAW;IACX,eAAe,EAAE;QACf,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,CAAC,YAAY,CAAC;QACxB,UAAU,EAAE,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;KAC/C;IACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;IACnC,IAAI,EAAE,gBAAgB;IACtB,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG;QACrB,SAAS,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC5D,OAAO;YACL,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACxD,GAAG,CAAC,GAAG,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjF,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/tools/request-credential.d.ts ADDED Viewed

@@ -0,0 +1,69 @@
+import { z } from "zod";
+import { type Tool } from "./index.js";
+declare const inputSchema: z.ZodEffects<z.ZodEffects<z.ZodObject<{
+    reference: z.ZodOptional<z.ZodString>;
+    service: z.ZodOptional<z.ZodString>;
+    purpose: z.ZodString;
+    intent: z.ZodEnum<["value", "proxy"]>;
+    proxy_target_host: z.ZodOptional<z.ZodString>;
+    reason_proxy_not_possible: z.ZodOptional<z.ZodString>;
+    mode_requested: z.ZodOptional<z.ZodEnum<["once", "session", "persistent"]>>;
+    ttl_requested: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    purpose: string;
+    intent: "value" | "proxy";
+    service?: string | undefined;
+    reference?: string | undefined;
+    proxy_target_host?: string | undefined;
+    reason_proxy_not_possible?: string | undefined;
+    mode_requested?: "once" | "session" | "persistent" | undefined;
+    ttl_requested?: number | undefined;
+}, {
+    purpose: string;
+    intent: "value" | "proxy";
+    service?: string | undefined;
+    reference?: string | undefined;
+    proxy_target_host?: string | undefined;
+    reason_proxy_not_possible?: string | undefined;
+    mode_requested?: "once" | "session" | "persistent" | undefined;
+    ttl_requested?: number | undefined;
+}>, {
+    purpose: string;
+    intent: "value" | "proxy";
+    service?: string | undefined;
+    reference?: string | undefined;
+    proxy_target_host?: string | undefined;
+    reason_proxy_not_possible?: string | undefined;
+    mode_requested?: "once" | "session" | "persistent" | undefined;
+    ttl_requested?: number | undefined;
+}, {
+    purpose: string;
+    intent: "value" | "proxy";
+    service?: string | undefined;
+    reference?: string | undefined;
+    proxy_target_host?: string | undefined;
+    reason_proxy_not_possible?: string | undefined;
+    mode_requested?: "once" | "session" | "persistent" | undefined;
+    ttl_requested?: number | undefined;
+}>, {
+    purpose: string;
+    intent: "value" | "proxy";
+    service?: string | undefined;
+    reference?: string | undefined;
+    proxy_target_host?: string | undefined;
+    reason_proxy_not_possible?: string | undefined;
+    mode_requested?: "once" | "session" | "persistent" | undefined;
+    ttl_requested?: number | undefined;
+}, {
+    purpose: string;
+    intent: "value" | "proxy";
+    service?: string | undefined;
+    reference?: string | undefined;
+    proxy_target_host?: string | undefined;
+    reason_proxy_not_possible?: string | undefined;
+    mode_requested?: "once" | "session" | "persistent" | undefined;
+    ttl_requested?: number | undefined;
+}>;
+export declare const requestCredentialTool: Tool<z.infer<typeof inputSchema>>;
+export {};
+//# sourceMappingURL=request-credential.d.ts.map

package/dist/tools/request-credential.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"request-credential.d.ts","sourceRoot":"","sources":["../../src/tools/request-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAa,KAAK,IAAI,EAAE,MAAM,YAAY,CAAC;AAElD,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgBb,CAAC;AAWL,eAAO,MAAM,qBAAqB,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAwCnE,CAAC"}

package/dist/tools/request-credential.js ADDED Viewed

@@ -0,0 +1,69 @@
+import { z } from "zod";
+import { assertApi } from "./index.js";
+const inputSchema = z
+    .object({
+    reference: z.string().min(1).optional(),
+    service: z.string().min(1).optional(),
+    purpose: z.string().min(1).max(400),
+    intent: z.enum(["value", "proxy"]),
+    proxy_target_host: z.string().min(1).optional(),
+    reason_proxy_not_possible: z.string().min(1).optional(),
+    mode_requested: z.enum(["once", "session", "persistent"]).optional(),
+    ttl_requested: z.number().int().positive().optional(),
+})
+    .refine((b) => b.reference !== undefined || b.service !== undefined, {
+    message: "one of reference or service is required",
+})
+    .refine((b) => b.intent !== "value" || b.reason_proxy_not_possible !== undefined, {
+    message: "reason_proxy_not_possible is required when intent=value",
+});
+const DESCRIPTION = `Return the raw plaintext secret to this agent. The secret will be
+VISIBLE in the conversation context after this call. Use ONLY when the
+user explicitly needs the value (writing a .env file, pasting into a
+config UI) — for HTTP API calls always prefer use_credential, which
+keeps the secret server-side. Requires the user to approve in the
+Trusty Squire web UI; you must poll_credential_access for the result.
+Must include a \`reason_proxy_not_possible\` explaining why use_credential
+doesn't fit.`;
+export const requestCredentialTool = {
+    name: "request_credential",
+    description: DESCRIPTION,
+    inputSchema,
+    jsonInputSchema: {
+        type: "object",
+        required: ["purpose", "intent"],
+        properties: {
+            reference: { type: "string" },
+            service: { type: "string" },
+            purpose: { type: "string", maxLength: 400 },
+            intent: { type: "string", enum: ["value", "proxy"] },
+            proxy_target_host: { type: "string" },
+            reason_proxy_not_possible: { type: "string" },
+            mode_requested: { type: "string", enum: ["once", "session", "persistent"] },
+            ttl_requested: { type: "number" },
+        },
+    },
+    annotations: { destructiveHint: true },
+    async handler(args, api) {
+        assertApi(api);
+        const res = await api.requestCredentialAccess({
+            ...(args.reference !== undefined ? { reference: args.reference } : {}),
+            ...(args.service !== undefined ? { service: args.service } : {}),
+            purpose: args.purpose,
+            intent: args.intent,
+            ...(args.proxy_target_host !== undefined ? { proxy_target_host: args.proxy_target_host } : {}),
+            ...(args.reason_proxy_not_possible !== undefined
+                ? { reason_proxy_not_possible: args.reason_proxy_not_possible }
+                : {}),
+            ...(args.mode_requested !== undefined ? { mode_requested: args.mode_requested } : {}),
+            ...(args.ttl_requested !== undefined ? { ttl_requested: args.ttl_requested } : {}),
+        });
+        return {
+            request_id: res.request_id,
+            status: res.status,
+            expires_at: res.expires_at,
+            auto_approved: res.auto_approved,
+        };
+    },
+};
+//# sourceMappingURL=request-credential.js.map

package/dist/tools/request-credential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"request-credential.js","sourceRoot":"","sources":["../../src/tools/request-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAa,MAAM,YAAY,CAAC;AAElD,MAAM,WAAW,GAAG,CAAC;KAClB,MAAM,CAAC;IACN,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACrC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IACnC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClC,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC/C,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvD,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC,QAAQ,EAAE;IACpE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC;KACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,IAAI,CAAC,CAAC,OAAO,KAAK,SAAS,EAAE;IACnE,OAAO,EAAE,yCAAyC;CACnD,CAAC;KACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,IAAI,CAAC,CAAC,yBAAyB,KAAK,SAAS,EAAE;IAChF,OAAO,EAAE,yDAAyD;CACnE,CAAC,CAAC;AAEL,MAAM,WAAW,GAAG;;;;;;;aAOP,CAAC;AAEd,MAAM,CAAC,MAAM,qBAAqB,GAAsC;IACtE,IAAI,EAAE,oBAAoB;IAC1B,WAAW,EAAE,WAAW;IACxB,WAAW;IACX,eAAe,EAAE;QACf,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC;QAC/B,UAAU,EAAE;YACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC7B,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC3B,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE;YAC3C,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE;YACpD,iBAAiB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACrC,yBAAyB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC7C,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,YAAY,CAAC,EAAE;YAC3E,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;SAClC;KACF;IACD,WAAW,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE;IACtC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG;QACrB,SAAS,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC;YAC5C,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,GAAG,CAAC,IAAI,CAAC,iBAAiB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9F,GAAG,CAAC,IAAI,CAAC,yBAAyB,KAAK,SAAS;gBAC9C,CAAC,CAAC,EAAE,yBAAyB,EAAE,IAAI,CAAC,yBAAyB,EAAE;gBAC/D,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,IAAI,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrF,GAAG,CAAC,IAAI,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACnF,CAAC,CAAC;QACH,OAAO;YACL,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,aAAa,EAAE,GAAG,CAAC,aAAa;SACjC,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/tools/rotate-credential.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import { z } from "zod";
+import { type Tool } from "./index.js";
+declare const inputSchema: z.ZodObject<{
+    reference: z.ZodString;
+    new_value: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    reference: string;
+    new_value: string;
+}, {
+    reference: string;
+    new_value: string;
+}>;
+export declare const rotateCredentialTool: Tool<z.infer<typeof inputSchema>>;
+export {};
+//# sourceMappingURL=rotate-credential.d.ts.map

package/dist/tools/rotate-credential.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"rotate-credential.d.ts","sourceRoot":"","sources":["../../src/tools/rotate-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAa,KAAK,IAAI,EAAE,MAAM,YAAY,CAAC;AAElD,QAAA,MAAM,WAAW;;;;;;;;;EAGf,CAAC;AAMH,eAAO,MAAM,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAkBlE,CAAC"}

package/dist/tools/rotate-credential.js ADDED Viewed

@@ -0,0 +1,29 @@
+import { z } from "zod";
+import { assertApi } from "./index.js";
+const inputSchema = z.object({
+    reference: z.string().min(1),
+    new_value: z.string().min(1).max(8192),
+});
+const DESCRIPTION = `Rotate a vaulted secret's value. Cascade: revokes all persistent grants
+bound to this credential — every previously-approved agent will need
+fresh user approval.`;
+export const rotateCredentialTool = {
+    name: "rotate_credential",
+    description: DESCRIPTION,
+    inputSchema,
+    jsonInputSchema: {
+        type: "object",
+        required: ["reference", "new_value"],
+        properties: {
+            reference: { type: "string" },
+            new_value: { type: "string" },
+        },
+    },
+    annotations: { destructiveHint: true },
+    async handler(args, api) {
+        assertApi(api);
+        const res = await api.rotateCredential(args.reference, args.new_value);
+        return { rotated_at: res.rotated_at, revoked_grant_count: res.revoked_grant_count };
+    },
+};
+//# sourceMappingURL=rotate-credential.js.map

package/dist/tools/rotate-credential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"rotate-credential.js","sourceRoot":"","sources":["../../src/tools/rotate-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAa,MAAM,YAAY,CAAC;AAElD,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;CACvC,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG;;qBAEC,CAAC;AAEtB,MAAM,CAAC,MAAM,oBAAoB,GAAsC;IACrE,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,WAAW;IACxB,WAAW;IACX,eAAe,EAAE;QACf,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;QACpC,UAAU,EAAE;YACV,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC7B,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;SAC9B;KACF;IACD,WAAW,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE;IACtC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG;QACrB,SAAS,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QACvE,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,mBAAmB,EAAE,GAAG,CAAC,mBAAmB,EAAE,CAAC;IACtF,CAAC;CACF,CAAC"}

package/dist/tools/store-credential.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { z } from "zod";
+import { type Tool } from "./index.js";
+declare const inputSchema: z.ZodObject<{
+    service: z.ZodString;
+    value: z.ZodString;
+    env_var_suggestion: z.ZodOptional<z.ZodString>;
+    type: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    value: string;
+    service: string;
+    type?: string | undefined;
+    env_var_suggestion?: string | undefined;
+}, {
+    value: string;
+    service: string;
+    type?: string | undefined;
+    env_var_suggestion?: string | undefined;
+}>;
+export declare const storeCredentialTool: Tool<z.infer<typeof inputSchema>>;
+export {};
+//# sourceMappingURL=store-credential.d.ts.map

package/dist/tools/store-credential.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"store-credential.d.ts","sourceRoot":"","sources":["../../src/tools/store-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAa,KAAK,IAAI,EAAE,MAAM,YAAY,CAAC;AAGlD,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;EAKf,CAAC;AASH,eAAO,MAAM,mBAAmB,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAiCjE,CAAC"}

package/dist/tools/store-credential.js ADDED Viewed

@@ -0,0 +1,50 @@
+import { z } from "zod";
+import { assertApi } from "./index.js";
+import { ALWAYS_LOAD_META } from "./always-load.js";
+const inputSchema = z.object({
+    service: z.string().min(1).max(120),
+    value: z.string().min(1).max(8192),
+    env_var_suggestion: z.string().min(1).max(120).optional(),
+    type: z.string().min(1).max(60).optional(),
+});
+const DESCRIPTION = `Save a secret (API key, token, password, OAuth refresh token, database
+connection string) that the user just shared into the encrypted vault.
+CALL THIS AUTOMATICALLY whenever the user pastes a secret-shaped value
+(sk-, ghp_, AKIA, eyJ; password/token patterns) into the conversation —
+don't ask permission first. Returns a credential reference and the
+service's allowed_hosts list.`;
+export const storeCredentialTool = {
+    name: "store_credential",
+    description: DESCRIPTION,
+    inputSchema,
+    jsonInputSchema: {
+        type: "object",
+        required: ["service", "value"],
+        properties: {
+            service: { type: "string" },
+            value: { type: "string" },
+            env_var_suggestion: { type: "string" },
+            type: { type: "string" },
+        },
+    },
+    annotations: { idempotentHint: true },
+    meta: ALWAYS_LOAD_META,
+    async handler(args, api) {
+        assertApi(api);
+        const res = await api.storeCredential({
+            service: args.service,
+            value: args.value,
+            ...(args.env_var_suggestion !== undefined
+                ? { env_var_suggestion: args.env_var_suggestion }
+                : {}),
+            ...(args.type !== undefined ? { type: args.type } : {}),
+        });
+        return {
+            reference: res.reference,
+            type: res.type,
+            stored_at: res.created_at ?? null,
+            allowed_hosts: res.allowed_hosts ?? [],
+        };
+    },
+};
+//# sourceMappingURL=store-credential.js.map

package/dist/tools/store-credential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"store-credential.js","sourceRoot":"","sources":["../../src/tools/store-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAa,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IACnC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;IAClC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG;;;;;8BAKU,CAAC;AAE/B,MAAM,CAAC,MAAM,mBAAmB,GAAsC;IACpE,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,WAAW;IACxB,WAAW;IACX,eAAe,EAAE;QACf,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;QAC9B,UAAU,EAAE;YACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC3B,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACzB,kBAAkB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACtC,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;SACzB;KACF;IACD,WAAW,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE;IACrC,IAAI,EAAE,gBAAgB;IACtB,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG;QACrB,SAAS,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,eAAe,CAAC;YACpC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,GAAG,CAAC,IAAI,CAAC,kBAAkB,KAAK,SAAS;gBACvC,CAAC,CAAC,EAAE,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,EAAE;gBACjD,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxD,CAAC,CAAC;QACH,OAAO;YACL,SAAS,EAAE,GAAG,CAAC,SAAS;YACxB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,SAAS,EAAE,GAAG,CAAC,UAAU,IAAI,IAAI;YACjC,aAAa,EAAE,GAAG,CAAC,aAAa,IAAI,EAAE;SACvC,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/tools/use-credential.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { z } from "zod";
+import { type Tool } from "./index.js";
+declare const inputSchema: z.ZodObject<{
+    request_id: z.ZodString;
+    http: z.ZodObject<{
+        method: z.ZodString;
+        url: z.ZodString;
+        headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+        body: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        method: string;
+        url: string;
+        body?: string | undefined;
+        headers?: Record<string, string> | undefined;
+    }, {
+        method: string;
+        url: string;
+        body?: string | undefined;
+        headers?: Record<string, string> | undefined;
+    }>;
+}, "strip", z.ZodTypeAny, {
+    request_id: string;
+    http: {
+        method: string;
+        url: string;
+        body?: string | undefined;
+        headers?: Record<string, string> | undefined;
+    };
+}, {
+    request_id: string;
+    http: {
+        method: string;
+        url: string;
+        body?: string | undefined;
+        headers?: Record<string, string> | undefined;
+    };
+}>;
+export declare const useCredentialTool: Tool<z.infer<typeof inputSchema>>;
+export {};
+//# sourceMappingURL=use-credential.d.ts.map

package/dist/tools/use-credential.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"use-credential.d.ts","sourceRoot":"","sources":["../../src/tools/use-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAa,KAAK,IAAI,EAAE,MAAM,YAAY,CAAC;AAQlD,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQf,CAAC;AAUH,eAAO,MAAM,iBAAiB,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAmC/D,CAAC"}

package/dist/tools/use-credential.js ADDED Viewed

@@ -0,0 +1,61 @@
+import { z } from "zod";
+import { assertApi } from "./index.js";
+import { ALWAYS_LOAD_META } from "./always-load.js";
+// use_credential can target a freshly-minted request (request_id) OR
+// ask the broker to mint one inline from a service/reference. v1
+// requires an already-created request_id: the agent calls
+// request_credential(intent="proxy") first (auto-approved for trusted
+// sessions), then use_credential with the returned request_id.
+const inputSchema = z.object({
+    request_id: z.string().min(1),
+    http: z.object({
+        method: z.string().min(1).max(10),
+        url: z.string().min(1).max(2048),
+        headers: z.record(z.string()).optional(),
+        body: z.string().max(64 * 1024).optional(),
+    }),
+});
+const DESCRIPTION = `Execute an authenticated HTTP request against an external API using a
+vaulted credential. The secret value never crosses to this agent — the
+server injects it server-side via \${SECRET} or \${SECRET_JSON} placeholders
+in your headers/body. Pass \`service\` or \`reference\` plus the standard
+HTTP fields (method, url, headers, body). PREFER THIS over
+request_credential whenever the user wants an API call; only fall back
+if you need the raw secret to write into a local file.`;
+export const useCredentialTool = {
+    name: "use_credential",
+    description: DESCRIPTION,
+    inputSchema,
+    jsonInputSchema: {
+        type: "object",
+        required: ["request_id", "http"],
+        properties: {
+            request_id: { type: "string" },
+            http: {
+                type: "object",
+                required: ["method", "url"],
+                properties: {
+                    method: { type: "string" },
+                    url: { type: "string" },
+                    headers: { type: "object", additionalProperties: { type: "string" } },
+                    body: { type: "string" },
+                },
+            },
+        },
+    },
+    annotations: { destructiveHint: true },
+    meta: ALWAYS_LOAD_META,
+    async handler(args, api) {
+        assertApi(api);
+        // Rebuild without undefined-valued optionals (exactOptionalPropertyTypes).
+        const http = {
+            method: args.http.method,
+            url: args.http.url,
+            ...(args.http.headers !== undefined ? { headers: args.http.headers } : {}),
+            ...(args.http.body !== undefined ? { body: args.http.body } : {}),
+        };
+        const res = await api.useCredentialProxy(args.request_id, http);
+        return { response: res.response };
+    },
+};
+//# sourceMappingURL=use-credential.js.map

package/dist/tools/use-credential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"use-credential.js","sourceRoot":"","sources":["../../src/tools/use-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAa,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD,qEAAqE;AACrE,iEAAiE;AACjE,0DAA0D;AAC1D,sEAAsE;AACtE,+DAA+D;AAC/D,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACb,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;QACjC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;QAChC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACxC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,QAAQ,EAAE;KAC3C,CAAC;CACH,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG;;;;;;uDAMmC,CAAC;AAExD,MAAM,CAAC,MAAM,iBAAiB,GAAsC;IAClE,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE,WAAW;IACxB,WAAW;IACX,eAAe,EAAE;QACf,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,CAAC,YAAY,EAAE,MAAM,CAAC;QAChC,UAAU,EAAE;YACV,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAC9B,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC;gBAC3B,UAAU,EAAE;oBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC1B,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACvB,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;oBACrE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBACzB;aACF;SACF;KACF;IACD,WAAW,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE;IACtC,IAAI,EAAE,gBAAgB;IACtB,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG;QACrB,SAAS,CAAC,GAAG,CAAC,CAAC;QACf,2EAA2E;QAC3E,MAAM,IAAI,GAAG;YACX,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;YACxB,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG;YAClB,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAClE,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAChE,OAAO,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC;IACpC,CAAC;CACF,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@trusty-squire/mcp",
-  "version": "0.8.2",
+  "version": "0.8.3-rc.1",
   "mcpName": "io.github.Trusty-Squire/mcp",
   "type": "module",
   "description": "Local MCP server vibe coding agents install. Thin relay to the Trusty Squire API, with the bundled universal signup bot.",