@valon-technologies/gestalt 0.0.1-alpha.28 → 0.0.1-alpha.30

package/README.md

@@ -118,13 +118,13 @@ Gestalt catalog.
 Source-mode runtime:
 
 ```sh
-gestalt-ts-runtime ROOT plugin:./provider.ts#app
+gestalt-ts-runtime ROOT app:./provider.ts#app
 ```
 
 Release build:
 
 ```sh
-gestalt-ts-build ROOT plugin:./provider.ts#app OUTPUT PROVIDER_NAME GOOS GOARCH
+gestalt-ts-build ROOT app:./provider.ts#app OUTPUT PROVIDER_NAME GOOS GOARCH
 ```
 
 The build entrypoint compiles a standalone executable with Bun and bundles the

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@valon-technologies/gestalt",
-  "version": "0.0.1-alpha.28",
+  "version": "0.0.1-alpha.30",
   "description": "TypeScript SDK for Gestalt executable providers",
   "type": "module",
   "repository": {

package/src/agent-access.ts

@@ -63,7 +63,7 @@ export interface AgentWorkspace {
 
 /** Shape accepted when creating an agent session through the agent facade. */
 export interface AgentCreateSession {
-  providerName: string;
+  providerName?: string | undefined;
   model?: string | undefined;
   clientRef?: string | undefined;
   metadata?: JsonObjectInput | undefined;
@@ -198,7 +198,7 @@ class AgentImpl implements Agent {
   ): Promise<AgentSession> {
     return agentSessionFromProto(
       await this.client.createSession({
-        providerName: request.providerName,
+        providerName: request.providerName ?? "",
         model: request.model ?? "",
         clientRef: request.clientRef ?? "",
         metadata: optionalStruct(request.metadata),

package/src/agent-conversions.ts

@@ -24,10 +24,8 @@ import {
 import {
   SubjectContextSchema,
   AgentToolRefSchema,
-  ExternalIdentityContextSchema,
   type SubjectContext as ProtoSubjectContext,
   type AgentToolRef as ProtoAgentToolRef,
-  type ExternalIdentityContext as ProtoExternalIdentityContext,
 } from "./internal/gen/v1/app_pb.ts";
 import {
   jsonFromValue,
@@ -48,7 +46,7 @@ import type {
   AgentTurnOutput,
   AgentTurnDisplay,
 } from "./agent.ts";
-import type { ExternalIdentity, Subject, SubjectInput } from "./api.ts";
+import type { Subject, SubjectInput } from "./api.ts";
 
 export function agentTurnDisplayFromProto(
   display?: ProtoAgentTurnDisplay | undefined,
@@ -306,7 +304,6 @@ export function agentToolRefFromProto(ref: ProtoAgentToolRef): AgentToolRef {
     description: ref.description,
     system: ref.system,
     runAs: agentRunAsSubjectFromProto(ref.runAs),
-    runAsExternalIdentity: externalIdentityFromProto(ref.runAsExternalIdentity),
   };
 }
 
@@ -320,7 +317,6 @@ export function agentToolRefToProto(ref: AgentToolRef): ProtoAgentToolRef {
     description: ref.description ?? "",
     system: ref.system ?? "",
     runAs: agentRunAsSubjectToProto(ref.runAs),
-    runAsExternalIdentity: externalIdentityToProto(ref.runAsExternalIdentity),
   });
 }
 
@@ -355,27 +351,3 @@ function agentRunAsSubjectToProto(
     email: subject.email ?? "",
   });
 }
-
-function externalIdentityFromProto(
-  identity?: ProtoExternalIdentityContext | undefined,
-): ExternalIdentity | undefined {
-  if (identity === undefined) {
-    return undefined;
-  }
-  return {
-    type: identity.type,
-    id: identity.id,
-  };
-}
-
-function externalIdentityToProto(
-  identity?: ExternalIdentity | undefined,
-): ProtoExternalIdentityContext | undefined {
-  if (identity === undefined) {
-    return undefined;
-  }
-  return create(ExternalIdentityContextSchema, {
-    type: identity.type,
-    id: identity.id,
-  });
-}

package/src/agent.ts

@@ -75,7 +75,6 @@ import {
 } from "./internal/gen/v1/app_pb.ts";
 import {
   errorMessage,
-  type ExternalIdentity,
   type MaybePromise,
   type Subject,
   type SubjectInput,
@@ -217,7 +216,6 @@ export interface AgentToolRef {
   description?: string | undefined;
   system?: string | undefined;
   runAs?: SubjectInput | undefined;
-  runAsExternalIdentity?: ExternalIdentity | undefined;
 }
 
 export interface ResolvedAgentTool {

package/src/api.ts

@@ -24,14 +24,6 @@ export interface SubjectInput {
   email?: string | undefined;
 }
 
-/**
- * Provider-owned external identity attached to an incoming provider request.
- */
-export interface ExternalIdentity {
-  type: string;
-  id: string;
-}
-
 /**
  * Describes the credential Gestalt used to authorize the current request.
  */
@@ -65,8 +57,6 @@ export interface Request {
   connectionParams: Record<string, string>;
   subject: Subject;
   agentSubject: Subject;
-  externalIdentity: ExternalIdentity;
-  agentExternalIdentity: ExternalIdentity;
   credential: Credential;
   access: Access;
   host: Host;
@@ -157,8 +147,6 @@ export function request(
   idempotencyKey = "",
   host: Partial<Host> = {},
   agentSubject: Partial<Subject> = {},
-  externalIdentity: Partial<ExternalIdentity> = {},
-  agentExternalIdentity: Partial<ExternalIdentity> = {},
   toolRefs: readonly AgentToolRef[] = [],
   toolRefsSet = false,
 ): Request {
@@ -183,14 +171,6 @@ export function request(
       authSource: agentSubject.authSource ?? "",
       email: agentSubject.email ?? "",
     },
-    externalIdentity: {
-      type: externalIdentity.type ?? "",
-      id: externalIdentity.id ?? "",
-    },
-    agentExternalIdentity: {
-      type: agentExternalIdentity.type ?? "",
-      id: agentExternalIdentity.id ?? "",
-    },
     credential: {
       mode: credential.mode ?? "",
       subjectId: credential.subjectId ?? "",
@@ -207,10 +187,6 @@ export function request(
     toolRefs: toolRefs.map((ref) => ({
       ...ref,
       runAs: ref.runAs === undefined ? undefined : { ...ref.runAs },
-      runAsExternalIdentity:
-        ref.runAsExternalIdentity === undefined
-          ? undefined
-          : { ...ref.runAsExternalIdentity },
     })),
     toolRefsSet,
     host: {

package/src/app.ts

@@ -39,8 +39,7 @@ const JSON_CONTENT_TYPE = "application/json";
 export type ConnectionMode =
   | "unspecified"
   | "none"
-  | "subject"
-  | "user";
+  | "subject";
 
 /**
  * Metadata for a single connection parameter exposed by a provider.
@@ -90,34 +89,6 @@ export type SessionCatalogHandler = (
   request: Request,
 ) => MaybePromise<SessionCatalog | null | undefined>;
 
-/**
- * Host-managed connection payload passed into a provider post-connect hook.
- */
-export interface ConnectedToken {
-  id: string;
-  subjectId: string;
-  integration: string;
-  connection: string;
-  instance: string;
-  accessToken: string;
-  refreshToken: string;
-  scopes: string;
-  expiresAt?: Date | undefined;
-  lastRefreshedAt?: Date | undefined;
-  refreshErrorCount: number;
-  metadataJson: string;
-  metadata: Record<string, string>;
-  createdAt?: Date | undefined;
-  updatedAt?: Date | undefined;
-}
-
-/**
- * Callback used to add derived metadata after a connection is established.
- */
-export type PostConnectHandler = (
-  token: ConnectedToken,
-) => MaybePromise<Record<string, string> | null | undefined>;
-
 /**
  * Runtime hooks required to implement an app provider.
  */
@@ -126,7 +97,6 @@ export interface AppDefinitionOptions extends ProviderBaseOptions {
   authTypes?: string[];
   connectionParams?: Record<string, ConnectionParamDefinition>;
   resolveHTTPSubject?: HTTPSubjectResolver;
-  postConnect?: PostConnectHandler;
   iconSvg?: string;
   operations: Array<OperationDefinition<any, any>>;
   sessionCatalog?: SessionCatalogHandler;
@@ -199,7 +169,6 @@ export class AppProvider extends ProviderBase {
 
   private readonly sessionCatalogHandler: SessionCatalogHandler | undefined;
   private readonly httpSubjectResolver: HTTPSubjectResolver | undefined;
-  private readonly postConnectHandler: PostConnectHandler | undefined;
   private readonly operations = new Map<string, OperationDefinition<any, any>>();
 
   constructor(options: AppDefinitionOptions) {
@@ -209,7 +178,6 @@ export class AppProvider extends ProviderBase {
     this.authTypes = [...(options.authTypes ?? [])];
     this.connectionParams = normalizeConnectionParams(options.connectionParams);
     this.httpSubjectResolver = options.resolveHTTPSubject;
-    this.postConnectHandler = options.postConnect;
     this.sessionCatalogHandler = options.sessionCatalog;
 
     for (const rawEntry of options.operations) {
@@ -240,22 +208,6 @@ export class AppProvider extends ProviderBase {
     return await this.sessionCatalogHandler?.(request);
   }
 
-  /**
-   * Reports whether the provider exposes a connect-time metadata hook.
-   */
-  supportsPostConnect(): boolean {
-    return this.postConnectHandler !== undefined;
-  }
-
-  /**
-   * Computes additional connection metadata after a successful connect flow.
-   */
-  async postConnectMetadata(
-    token: ConnectedToken,
-  ): Promise<Record<string, string> | null | undefined> {
-    return await this.postConnectHandler?.(cloneConnectedToken(token));
-  }
-
   /**
    * Resolves the concrete Gestalt subject for a verified hosted HTTP request,
    * if the app opts into subject resolution.
@@ -423,10 +375,6 @@ export function isAppProvider(
       typeof (value as { supportsSessionCatalog?: unknown }).supportsSessionCatalog === "function" &&
       "catalogForRequest" in value &&
       typeof (value as { catalogForRequest?: unknown }).catalogForRequest === "function" &&
-      "supportsPostConnect" in value &&
-      typeof (value as { supportsPostConnect?: unknown }).supportsPostConnect === "function" &&
-      "postConnectMetadata" in value &&
-      typeof (value as { postConnectMetadata?: unknown }).postConnectMetadata === "function" &&
       "resolveHTTPSubject" in value &&
       typeof (value as { resolveHTTPSubject?: unknown }).resolveHTTPSubject === "function")
   );
@@ -458,21 +406,6 @@ function normalizeConnectionParams(
   return output;
 }
 
-function cloneConnectedToken(token: ConnectedToken): ConnectedToken {
-  return {
-    ...token,
-    metadata: {
-      ...(token.metadata ?? {}),
-    },
-    expiresAt: token.expiresAt ? new Date(token.expiresAt) : undefined,
-    lastRefreshedAt: token.lastRefreshedAt
-      ? new Date(token.lastRefreshedAt)
-      : undefined,
-    createdAt: token.createdAt ? new Date(token.createdAt) : undefined,
-    updatedAt: token.updatedAt ? new Date(token.updatedAt) : undefined,
-  };
-}
-
 function isResponse(value: unknown): value is Response<unknown> {
   if (typeof value !== "object" || value === null) {
     return false;
@@ -538,8 +471,6 @@ export function encodeConnectionMode(mode: ConnectionMode): number {
       return 1;
     case "subject":
       return 2;
-    case "user":
-      return 2;
     case "unspecified":
     default:
       return 0;

package/src/index.ts

@@ -103,7 +103,6 @@ export {
   type Host,
   type MaybePromise,
   type Credential,
-  type ExternalIdentity,
   type OperationResult,
   type Request,
   type Response,
@@ -229,7 +228,6 @@ export {
   type SecretsProviderOptions,
 } from "./secrets.ts";
 export {
-  type ConnectedToken,
   AppProvider,
   defineApp,
   isAppProvider,
@@ -238,7 +236,6 @@ export {
   type ConnectionParamDefinition,
   type OperationDefinition,
   type OperationOptions,
-  type PostConnectHandler,
   type AppDefinitionOptions,
   type SessionCatalog,
   type SessionCatalogHandler,

package/src/indexeddb.ts

@@ -927,23 +927,25 @@ class IndexedDBImpl implements IndexedDB {
     name: string,
     schema?: ObjectStoreSchema,
   ): Promise<ObjectStore> {
-    await this.client.createObjectStore({
-      name,
-      schema: {
-        indexes: (schema?.indexes ?? []).map((idx) => ({
-          name: idx.name,
-          keyPath: idx.keyPath,
-          unique: idx.unique ?? false,
-        })),
-        columns: (schema?.columns ?? []).map((col) => ({
-          name: col.name,
-          type: col.type ?? ColumnType.String,
-          primaryKey: col.primaryKey ?? false,
-          notNull: col.notNull ?? false,
-          unique: col.unique ?? false,
-        })),
-      },
-    });
+    await rpc(() =>
+      this.client.createObjectStore({
+        name,
+        schema: {
+          indexes: (schema?.indexes ?? []).map((idx) => ({
+            name: idx.name,
+            keyPath: idx.keyPath,
+            unique: idx.unique ?? false,
+          })),
+          columns: (schema?.columns ?? []).map((col) => ({
+            name: col.name,
+            type: col.type ?? ColumnType.String,
+            primaryKey: col.primaryKey ?? false,
+            notNull: col.notNull ?? false,
+            unique: col.unique ?? false,
+          })),
+        },
+      }),
+    );
     return this.objectStore(name);
   }
 
@@ -951,7 +953,7 @@ class IndexedDBImpl implements IndexedDB {
    * Deletes an object store.
    */
   async deleteObjectStore(name: string): Promise<void> {
-    await this.client.deleteObjectStore({ name });
+    await rpc(() => this.client.deleteObjectStore({ name }));
   }
 
   /**

package/src/internal/gen/v1/app_pb.ts

@@ -4,15 +4,15 @@
 
 import type { GenEnum, GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
 import { enumDesc, fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
-import type { EmptySchema, Timestamp, Value } from "@bufbuild/protobuf/wkt";
-import { file_google_protobuf_empty, file_google_protobuf_struct, file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+import type { EmptySchema, Value } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_empty, file_google_protobuf_struct } from "@bufbuild/protobuf/wkt";
 import type { JsonObject, Message } from "@bufbuild/protobuf";
 
 /**
  * Describes the file v1/app.proto.
  */
 export const file_v1_app: GenFile = /*@__PURE__*/
-  fileDesc("Cgx2MS9hcHAucHJvdG8SE2dlc3RhbHQucHJvdmlkZXIudjEifgoQQ2F0YWxvZ1BhcmFtZXRlchIMCgRuYW1lGAEgASgJEgwKBHR5cGUYAiABKAkSEwoLZGVzY3JpcHRpb24YAyABKAkSEAoIcmVxdWlyZWQYBCABKAgSJwoHZGVmYXVsdBgFIAEoCzIWLmdvb2dsZS5wcm90b2J1Zi5WYWx1ZSLeAQoUT3BlcmF0aW9uQW5ub3RhdGlvbnMSGwoOcmVhZF9vbmx5X2hpbnQYASABKAhIAIgBARIcCg9pZGVtcG90ZW50X2hpbnQYAiABKAhIAYgBARIdChBkZXN0cnVjdGl2ZV9oaW50GAMgASgISAKIAQESHAoPb3Blbl93b3JsZF9oaW50GAQgASgISAOIAQFCEQoPX3JlYWRfb25seV9oaW50QhIKEF9pZGVtcG90ZW50X2hpbnRCEwoRX2Rlc3RydWN0aXZlX2hpbnRCEgoQX29wZW5fd29ybGRfaGludCKAAwoQQ2F0YWxvZ09wZXJhdGlvbhIKCgJpZBgBIAEoCRIOCgZtZXRob2QYAiABKAkSDQoFdGl0bGUYAyABKAkSEwoLZGVzY3JpcHRpb24YBCABKAkSFAoMaW5wdXRfc2NoZW1hGAUgASgJEhUKDW91dHB1dF9zY2hlbWEYBiABKAkSPgoLYW5ub3RhdGlvbnMYByABKAsyKS5nZXN0YWx0LnByb3ZpZGVyLnYxLk9wZXJhdGlvbkFubm90YXRpb25zEjkKCnBhcmFtZXRlcnMYCCADKAsyJS5nZXN0YWx0LnByb3ZpZGVyLnYxLkNhdGFsb2dQYXJhbWV0ZXISFwoPcmVxdWlyZWRfc2NvcGVzGAkgAygJEgwKBHRhZ3MYCiADKAkSEQoJcmVhZF9vbmx5GAsgASgIEhQKB3Zpc2libGUYDCABKAhIAIgBARIRCgl0cmFuc3BvcnQYDSABKAkSFQoNYWxsb3dlZF9yb2xlcxgOIAMoCUIKCghfdmlzaWJsZSKPAQoHQ2F0YWxvZxIMCgRuYW1lGAEgASgJEhQKDGRpc3BsYXlfbmFtZRgCIAEoCRITCgtkZXNjcmlwdGlvbhgDIAEoCRIQCghpY29uX3N2ZxgEIAEoCRI5CgpvcGVyYXRpb25zGAUgAygLMiUuZ2VzdGFsdC5wcm92aWRlci52MS5DYXRhbG9nT3BlcmF0aW9uIm8KEkNvbm5lY3Rpb25QYXJhbURlZhIQCghyZXF1aXJlZBgBIAEoCBITCgtkZXNjcmlwdGlvbhgCIAEoCRIVCg1kZWZhdWx0X3ZhbHVlGAMgASgJEgwKBGZyb20YBCABKAkSDQoFZmllbGQYBSABKAkiigQKEFByb3ZpZGVyTWV0YWRhdGESDAoEbmFtZRgBIAEoCRIUCgxkaXNwbGF5X25hbWUYAiABKAkSEwoLZGVzY3JpcHRpb24YAyABKAkSPAoPY29ubmVjdGlvbl9tb2RlGAQgASgOMiMuZ2VzdGFsdC5wcm92aWRlci52MS5Db25uZWN0aW9uTW9kZRISCgphdXRoX3R5cGVzGAUgAygJElYKEWNvbm5lY3Rpb25fcGFyYW1zGAYgAygLMjsuZ2VzdGFsdC5wcm92aWRlci52MS5Qcm92aWRlck1ldGFkYXRhLkNvbm5lY3Rpb25QYXJhbXNFbnRyeRI0Cg5zdGF0aWNfY2F0YWxvZxgHIAEoCzIcLmdlc3RhbHQucHJvdmlkZXIudjEuQ2F0YWxvZxIgChhzdXBwb3J0c19zZXNzaW9uX2NhdGFsb2cYCCABKAgSHQoVc3VwcG9ydHNfcG9zdF9jb25uZWN0GAkgASgIEhwKFG1pbl9wcm90b2NvbF92ZXJzaW9uGAsgASgFEhwKFG1heF9wcm90b2NvbF92ZXJzaW9uGAwgASgFGmAKFUNvbm5lY3Rpb25QYXJhbXNFbnRyeRILCgNrZXkYASABKAkSNgoFdmFsdWUYAiABKAsyJy5nZXN0YWx0LnByb3ZpZGVyLnYxLkNvbm5lY3Rpb25QYXJhbURlZjoCOAEixAEKD09wZXJhdGlvblJlc3VsdBIOCgZzdGF0dXMYASABKAUSDAoEYm9keRgCIAEoCRJCCgdoZWFkZXJzGAMgAygLMjEuZ2VzdGFsdC5wcm92aWRlci52MS5PcGVyYXRpb25SZXN1bHQuSGVhZGVyc0VudHJ5Gk8KDEhlYWRlcnNFbnRyeRILCgNrZXkYASABKAkSLgoFdmFsdWUYAiABKAsyHy5nZXN0YWx0LnByb3ZpZGVyLnYxLlN0cmluZ0xpc3Q6AjgBIl8KEkFwcEludm9jYXRpb25HcmFudBILCgNhcHAYASABKAkSEgoKb3BlcmF0aW9ucxgCIAMoCRIQCghzdXJmYWNlcxgDIAMoCRIWCg5hbGxfb3BlcmF0aW9ucxgEIAEoCCKPAQoeRXhjaGFuZ2VJbnZvY2F0aW9uVG9rZW5SZXF1ZXN0Eh8KF3BhcmVudF9pbnZvY2F0aW9uX3Rva2VuGAEgASgJEjcKBmdyYW50cxgCIAMoCzInLmdlc3RhbHQucHJvdmlkZXIudjEuQXBwSW52b2NhdGlvbkdyYW50EhMKC3R0bF9zZWNvbmRzGAMgASgDIjsKH0V4Y2hhbmdlSW52b2NhdGlvblRva2VuUmVzcG9uc2USGAoQaW52b2NhdGlvbl90b2tlbhgBIAEoCSKOAgoQQXBwSW52b2tlUmVxdWVzdBILCgNhcHAYAiABKAkSEQoJb3BlcmF0aW9uGAMgASgJEicKBnBhcmFtcxgEIAEoCzIXLmdvb2dsZS5wcm90b2J1Zi5TdHJ1Y3QSEgoKY29ubmVjdGlvbhgFIAEoCRIQCghpbnN0YW5jZRgGIAEoCRIYChBpbnZvY2F0aW9uX3Rva2VuGAcgASgJEhcKD2lkZW1wb3RlbmN5X2tleRgIIAEoCRIXCg9jcmVkZW50aWFsX21vZGUYCSABKAkSKQoId29ya2Zsb3cYCiABKAsyFy5nb29nbGUucHJvdG9idWYuU3RydWN0SgQIARACUg5yZXF1ZXN0X2hhbmRsZSK9AQoXQXBwSW52b2tlR3JhcGhRTFJlcXVlc3QSCwoDYXBwGAEgASgJEhAKCGRvY3VtZW50GAIgASgJEioKCXZhcmlhYmxlcxgDIAEoCzIXLmdvb2dsZS5wcm90b2J1Zi5TdHJ1Y3QSEgoKY29ubmVjdGlvbhgEIAEoCRIQCghpbnN0YW5jZRgFIAEoCRIYChBpbnZvY2F0aW9uX3Rva2VuGAYgASgJEhcKD2lkZW1wb3RlbmN5X2tleRgHIAEoCSKqAwoVUG9zdENvbm5lY3RDcmVkZW50aWFsEgoKAmlkGAEgASgJEhIKCnN1YmplY3RfaWQYAiABKAkSEwoLaW50ZWdyYXRpb24YAyABKAkSEAoIaW5zdGFuY2UYBCABKAkSFAoMYWNjZXNzX3Rva2VuGAUgASgJEhUKDXJlZnJlc2hfdG9rZW4YBiABKAkSDgoGc2NvcGVzGAcgASgJEi4KCmV4cGlyZXNfYXQYCCABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wEjUKEWxhc3RfcmVmcmVzaGVkX2F0GAkgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcBIbChNyZWZyZXNoX2Vycm9yX2NvdW50GAogASgFEhUKDW1ldGFkYXRhX2pzb24YCyABKAkSLgoKY3JlYXRlZF9hdBgMIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXASLgoKdXBkYXRlZF9hdBgNIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXASEgoKY29ubmVjdGlvbhgOIAEoCSKDAQoOU3ViamVjdENvbnRleHQSCgoCaWQYASABKAkSDAoEa2luZBgCIAEoCRIUCgxkaXNwbGF5X25hbWUYAyABKAkSEwoLYXV0aF9zb3VyY2UYBCABKAkSDQoFZW1haWwYBSABKAkSHQoVY3JlZGVudGlhbF9zdWJqZWN0X2lkGAYgASgJIjMKF0V4dGVybmFsSWRlbnRpdHlDb250ZXh0EgwKBHR5cGUYASABKAkSCgoCaWQYAiABKAkipAIKDEFnZW50VG9vbFJlZhILCgNhcHAYASABKAkSEQoJb3BlcmF0aW9uGAIgASgJEhIKCmNvbm5lY3Rpb24YAyABKAkSEAoIaW5zdGFuY2UYBCABKAkSDQoFdGl0bGUYBSABKAkSEwoLZGVzY3JpcHRpb24YBiABKAkSDgoGc3lzdGVtGAggASgJEjMKBnJ1bl9hcxgJIAEoCzIjLmdlc3RhbHQucHJvdmlkZXIudjEuU3ViamVjdENvbnRleHQSTgoYcnVuX2FzX2V4dGVybmFsX2lkZW50aXR5GAogASgLMiwuZ2VzdGFsdC5wcm92aWRlci52MS5FeHRlcm5hbElkZW50aXR5Q29udGV4dEoECAcQCFIPY3JlZGVudGlhbF9tb2RlIhwKClN0cmluZ0xpc3QSDgoGdmFsdWVzGAEgAygJIlsKEUNyZWRlbnRpYWxDb250ZXh0EgwKBG1vZGUYASABKAkSEgoKc3ViamVjdF9pZBgCIAEoCRISCgpjb25uZWN0aW9uGAMgASgJEhAKCGluc3RhbmNlGAQgASgJIi0KDUFjY2Vzc0NvbnRleHQSDgoGcG9saWN5GAEgASgJEgwKBHJvbGUYAiABKAkiJgoLSG9zdENvbnRleHQSFwoPcHVibGljX2Jhc2VfdXJsGAEgASgJIrIECg5SZXF1ZXN0Q29udGV4dBI0CgdzdWJqZWN0GAEgASgLMiMuZ2VzdGFsdC5wcm92aWRlci52MS5TdWJqZWN0Q29udGV4dBI6CgpjcmVkZW50aWFsGAIgASgLMiYuZ2VzdGFsdC5wcm92aWRlci52MS5DcmVkZW50aWFsQ29udGV4dBIyCgZhY2Nlc3MYAyABKAsyIi5nZXN0YWx0LnByb3ZpZGVyLnYxLkFjY2Vzc0NvbnRleHQSKQoId29ya2Zsb3cYBCABKAsyFy5nb29nbGUucHJvdG9idWYuU3RydWN0Ei4KBGhvc3QYBSABKAsyIC5nZXN0YWx0LnByb3ZpZGVyLnYxLkhvc3RDb250ZXh0EjoKDWFnZW50X3N1YmplY3QYBiABKAsyIy5nZXN0YWx0LnByb3ZpZGVyLnYxLlN1YmplY3RDb250ZXh0Ek0KF2FnZW50X2V4dGVybmFsX2lkZW50aXR5GAcgASgLMiwuZ2VzdGFsdC5wcm92aWRlci52MS5FeHRlcm5hbElkZW50aXR5Q29udGV4dBJHChFleHRlcm5hbF9pZGVudGl0eRgIIAEoCzIsLmdlc3RhbHQucHJvdmlkZXIudjEuRXh0ZXJuYWxJZGVudGl0eUNvbnRleHQSNAoJdG9vbF9yZWZzGAkgAygLMiEuZ2VzdGFsdC5wcm92aWRlci52MS5BZ2VudFRvb2xSZWYSFQoNdG9vbF9yZWZzX3NldBgKIAEoCCL+BAoSSFRUUFN1YmplY3RSZXF1ZXN0Eg8KB2JpbmRpbmcYASABKAkSDgoGbWV0aG9kGAIgASgJEgwKBHBhdGgYAyABKAkSFAoMY29udGVudF90eXBlGAQgASgJEkUKB2hlYWRlcnMYBSADKAsyNC5nZXN0YWx0LnByb3ZpZGVyLnYxLkhUVFBTdWJqZWN0UmVxdWVzdC5IZWFkZXJzRW50cnkSQQoFcXVlcnkYBiADKAsyMi5nZXN0YWx0LnByb3ZpZGVyLnYxLkhUVFBTdWJqZWN0UmVxdWVzdC5RdWVyeUVudHJ5EicKBnBhcmFtcxgHIAEoCzIXLmdvb2dsZS5wcm90b2J1Zi5TdHJ1Y3QSEAoIcmF3X2JvZHkYCCABKAwSFwoPc2VjdXJpdHlfc2NoZW1lGAkgASgJEhgKEHZlcmlmaWVkX3N1YmplY3QYCiABKAkSVAoPdmVyaWZpZWRfY2xhaW1zGAsgAygLMjsuZ2VzdGFsdC5wcm92aWRlci52MS5IVFRQU3ViamVjdFJlcXVlc3QuVmVyaWZpZWRDbGFpbXNFbnRyeRpPCgxIZWFkZXJzRW50cnkSCwoDa2V5GAEgASgJEi4KBXZhbHVlGAIgASgLMh8uZ2VzdGFsdC5wcm92aWRlci52MS5TdHJpbmdMaXN0OgI4ARpNCgpRdWVyeUVudHJ5EgsKA2tleRgBIAEoCRIuCgV2YWx1ZRgCIAEoCzIfLmdlc3RhbHQucHJvdmlkZXIudjEuU3RyaW5nTGlzdDoCOAEaNQoTVmVyaWZpZWRDbGFpbXNFbnRyeRILCgNrZXkYASABKAkSDQoFdmFsdWUYAiABKAk6AjgBIosBChlSZXNvbHZlSFRUUFN1YmplY3RSZXF1ZXN0EjgKB3JlcXVlc3QYASABKAsyJy5nZXN0YWx0LnByb3ZpZGVyLnYxLkhUVFBTdWJqZWN0UmVxdWVzdBI0Cgdjb250ZXh0GAIgASgLMiMuZ2VzdGFsdC5wcm92aWRlci52MS5SZXF1ZXN0Q29udGV4dCKBAQoaUmVzb2x2ZUhUVFBTdWJqZWN0UmVzcG9uc2USNAoHc3ViamVjdBgBIAEoCzIjLmdlc3RhbHQucHJvdmlkZXIudjEuU3ViamVjdENvbnRleHQSFQoNcmVqZWN0X3N0YXR1cxgCIAEoBRIWCg5yZWplY3RfbWVzc2FnZRgDIAEoCSKAAwoORXhlY3V0ZVJlcXVlc3QSEQoJb3BlcmF0aW9uGAEgASgJEicKBnBhcmFtcxgCIAEoCzIXLmdvb2dsZS5wcm90b2J1Zi5TdHJ1Y3QSDQoFdG9rZW4YAyABKAkSVAoRY29ubmVjdGlvbl9wYXJhbXMYBCADKAsyOS5nZXN0YWx0LnByb3ZpZGVyLnYxLkV4ZWN1dGVSZXF1ZXN0LkNvbm5lY3Rpb25QYXJhbXNFbnRyeRIVCg1pbnZvY2F0aW9uX2lkGAUgASgJEjQKB2NvbnRleHQYBiABKAsyIy5nZXN0YWx0LnByb3ZpZGVyLnYxLlJlcXVlc3RDb250ZXh0EhgKEGludm9jYXRpb25fdG9rZW4YCCABKAkSFwoPaWRlbXBvdGVuY3lfa2V5GAkgASgJGjcKFUNvbm5lY3Rpb25QYXJhbXNFbnRyeRILCgNrZXkYASABKAkSDQoFdmFsdWUYAiABKAk6AjgBSgQIBxAIUg5yZXF1ZXN0X2hhbmRsZSKPAgoYR2V0U2Vzc2lvbkNhdGFsb2dSZXF1ZXN0Eg0KBXRva2VuGAEgASgJEl4KEWNvbm5lY3Rpb25fcGFyYW1zGAIgAygLMkMuZ2VzdGFsdC5wcm92aWRlci52MS5HZXRTZXNzaW9uQ2F0YWxvZ1JlcXVlc3QuQ29ubmVjdGlvblBhcmFtc0VudHJ5EhUKDWludm9jYXRpb25faWQYAyABKAkSNAoHY29udGV4dBgEIAEoCzIjLmdlc3RhbHQucHJvdmlkZXIudjEuUmVxdWVzdENvbnRleHQaNwoVQ29ubmVjdGlvblBhcmFtc0VudHJ5EgsKA2tleRgBIAEoCRINCgV2YWx1ZRgCIAEoCToCOAEiSgoZR2V0U2Vzc2lvbkNhdGFsb2dSZXNwb25zZRItCgdjYXRhbG9nGAEgASgLMhwuZ2VzdGFsdC5wcm92aWRlci52MS5DYXRhbG9nIk8KElBvc3RDb25uZWN0UmVxdWVzdBI5CgV0b2tlbhgBIAEoCzIqLmdlc3RhbHQucHJvdmlkZXIudjEuUG9zdENvbm5lY3RDcmVkZW50aWFsIpABChNQb3N0Q29ubmVjdFJlc3BvbnNlEkgKCG1ldGFkYXRhGAEgAygLMjYuZ2VzdGFsdC5wcm92aWRlci52MS5Qb3N0Q29ubmVjdFJlc3BvbnNlLk1ldGFkYXRhRW50cnkaLwoNTWV0YWRhdGFFbnRyeRILCgNrZXkYASABKAkSDQoFdmFsdWUYAiABKAk6AjgBImcKFFN0YXJ0UHJvdmlkZXJSZXF1ZXN0EgwKBG5hbWUYASABKAkSJwoGY29uZmlnGAIgASgLMhcuZ29vZ2xlLnByb3RvYnVmLlN0cnVjdBIYChBwcm90b2NvbF92ZXJzaW9uGAQgASgFIjEKFVN0YXJ0UHJvdmlkZXJSZXNwb25zZRIYChBwcm90b2NvbF92ZXJzaW9uGAEgASgFKsMBCg5Db25uZWN0aW9uTW9kZRIfChtDT05ORUNUSU9OX01PREVfVU5TUEVDSUZJRUQQABIYChRDT05ORUNUSU9OX01PREVfTk9ORRABEhgKFENPTk5FQ1RJT05fTU9ERV9VU0VSEAIiBAgDEAMiBAgEEAQiBAgFEAUqGENPTk5FQ1RJT05fTU9ERV9JREVOVElUWSoWQ09OTkVDVElPTl9NT0RFX0VJVEhFUioYQ09OTkVDVElPTl9NT0RFX1BMQVRGT1JNMuYECgtBcHBQcm92aWRlchJMCgtHZXRNZXRhZGF0YRIWLmdvb2dsZS5wcm90b2J1Zi5FbXB0eRolLmdlc3RhbHQucHJvdmlkZXIudjEuUHJvdmlkZXJNZXRhZGF0YRJmCg1TdGFydFByb3ZpZGVyEikuZ2VzdGFsdC5wcm92aWRlci52MS5TdGFydFByb3ZpZGVyUmVxdWVzdBoqLmdlc3RhbHQucHJvdmlkZXIudjEuU3RhcnRQcm92aWRlclJlc3BvbnNlElQKB0V4ZWN1dGUSIy5nZXN0YWx0LnByb3ZpZGVyLnYxLkV4ZWN1dGVSZXF1ZXN0GiQuZ2VzdGFsdC5wcm92aWRlci52MS5PcGVyYXRpb25SZXN1bHQSdQoSUmVzb2x2ZUhUVFBTdWJqZWN0Ei4uZ2VzdGFsdC5wcm92aWRlci52MS5SZXNvbHZlSFRUUFN1YmplY3RSZXF1ZXN0Gi8uZ2VzdGFsdC5wcm92aWRlci52MS5SZXNvbHZlSFRUUFN1YmplY3RSZXNwb25zZRJyChFHZXRTZXNzaW9uQ2F0YWxvZxItLmdlc3RhbHQucHJvdmlkZXIudjEuR2V0U2Vzc2lvbkNhdGFsb2dSZXF1ZXN0Gi4uZ2VzdGFsdC5wcm92aWRlci52MS5HZXRTZXNzaW9uQ2F0YWxvZ1Jlc3BvbnNlEmAKC1Bvc3RDb25uZWN0EicuZ2VzdGFsdC5wcm92aWRlci52MS5Qb3N0Q29ubmVjdFJlcXVlc3QaKC5nZXN0YWx0LnByb3ZpZGVyLnYxLlBvc3RDb25uZWN0UmVzcG9uc2UyyAIKA0FwcBKEAQoXRXhjaGFuZ2VJbnZvY2F0aW9uVG9rZW4SMy5nZXN0YWx0LnByb3ZpZGVyLnYxLkV4Y2hhbmdlSW52b2NhdGlvblRva2VuUmVxdWVzdBo0Lmdlc3RhbHQucHJvdmlkZXIudjEuRXhjaGFuZ2VJbnZvY2F0aW9uVG9rZW5SZXNwb25zZRJVCgZJbnZva2USJS5nZXN0YWx0LnByb3ZpZGVyLnYxLkFwcEludm9rZVJlcXVlc3QaJC5nZXN0YWx0LnByb3ZpZGVyLnYxLk9wZXJhdGlvblJlc3VsdBJjCg1JbnZva2VHcmFwaFFMEiwuZ2VzdGFsdC5wcm92aWRlci52MS5BcHBJbnZva2VHcmFwaFFMUmVxdWVzdBokLmdlc3RhbHQucHJvdmlkZXIudjEuT3BlcmF0aW9uUmVzdWx0YgZwcm90bzM", [file_google_protobuf_empty, file_google_protobuf_struct, file_google_protobuf_timestamp]);
+  fileDesc("Cgx2MS9hcHAucHJvdG8SE2dlc3RhbHQucHJvdmlkZXIudjEifgoQQ2F0YWxvZ1BhcmFtZXRlchIMCgRuYW1lGAEgASgJEgwKBHR5cGUYAiABKAkSEwoLZGVzY3JpcHRpb24YAyABKAkSEAoIcmVxdWlyZWQYBCABKAgSJwoHZGVmYXVsdBgFIAEoCzIWLmdvb2dsZS5wcm90b2J1Zi5WYWx1ZSLeAQoUT3BlcmF0aW9uQW5ub3RhdGlvbnMSGwoOcmVhZF9vbmx5X2hpbnQYASABKAhIAIgBARIcCg9pZGVtcG90ZW50X2hpbnQYAiABKAhIAYgBARIdChBkZXN0cnVjdGl2ZV9oaW50GAMgASgISAKIAQESHAoPb3Blbl93b3JsZF9oaW50GAQgASgISAOIAQFCEQoPX3JlYWRfb25seV9oaW50QhIKEF9pZGVtcG90ZW50X2hpbnRCEwoRX2Rlc3RydWN0aXZlX2hpbnRCEgoQX29wZW5fd29ybGRfaGludCKAAwoQQ2F0YWxvZ09wZXJhdGlvbhIKCgJpZBgBIAEoCRIOCgZtZXRob2QYAiABKAkSDQoFdGl0bGUYAyABKAkSEwoLZGVzY3JpcHRpb24YBCABKAkSFAoMaW5wdXRfc2NoZW1hGAUgASgJEhUKDW91dHB1dF9zY2hlbWEYBiABKAkSPgoLYW5ub3RhdGlvbnMYByABKAsyKS5nZXN0YWx0LnByb3ZpZGVyLnYxLk9wZXJhdGlvbkFubm90YXRpb25zEjkKCnBhcmFtZXRlcnMYCCADKAsyJS5nZXN0YWx0LnByb3ZpZGVyLnYxLkNhdGFsb2dQYXJhbWV0ZXISFwoPcmVxdWlyZWRfc2NvcGVzGAkgAygJEgwKBHRhZ3MYCiADKAkSEQoJcmVhZF9vbmx5GAsgASgIEhQKB3Zpc2libGUYDCABKAhIAIgBARIRCgl0cmFuc3BvcnQYDSABKAkSFQoNYWxsb3dlZF9yb2xlcxgOIAMoCUIKCghfdmlzaWJsZSKPAQoHQ2F0YWxvZxIMCgRuYW1lGAEgASgJEhQKDGRpc3BsYXlfbmFtZRgCIAEoCRITCgtkZXNjcmlwdGlvbhgDIAEoCRIQCghpY29uX3N2ZxgEIAEoCRI5CgpvcGVyYXRpb25zGAUgAygLMiUuZ2VzdGFsdC5wcm92aWRlci52MS5DYXRhbG9nT3BlcmF0aW9uIm8KEkNvbm5lY3Rpb25QYXJhbURlZhIQCghyZXF1aXJlZBgBIAEoCBITCgtkZXNjcmlwdGlvbhgCIAEoCRIVCg1kZWZhdWx0X3ZhbHVlGAMgASgJEgwKBGZyb20YBCABKAkSDQoFZmllbGQYBSABKAkiiAQKEFByb3ZpZGVyTWV0YWRhdGESDAoEbmFtZRgBIAEoCRIUCgxkaXNwbGF5X25hbWUYAiABKAkSEwoLZGVzY3JpcHRpb24YAyABKAkSPAoPY29ubmVjdGlvbl9tb2RlGAQgASgOMiMuZ2VzdGFsdC5wcm92aWRlci52MS5Db25uZWN0aW9uTW9kZRISCgphdXRoX3R5cGVzGAUgAygJElYKEWNvbm5lY3Rpb25fcGFyYW1zGAYgAygLMjsuZ2VzdGFsdC5wcm92aWRlci52MS5Qcm92aWRlck1ldGFkYXRhLkNvbm5lY3Rpb25QYXJhbXNFbnRyeRI0Cg5zdGF0aWNfY2F0YWxvZxgHIAEoCzIcLmdlc3RhbHQucHJvdmlkZXIudjEuQ2F0YWxvZxIgChhzdXBwb3J0c19zZXNzaW9uX2NhdGFsb2cYCCABKAgSHAoUbWluX3Byb3RvY29sX3ZlcnNpb24YCyABKAUSHAoUbWF4X3Byb3RvY29sX3ZlcnNpb24YDCABKAUaYAoVQ29ubmVjdGlvblBhcmFtc0VudHJ5EgsKA2tleRgBIAEoCRI2CgV2YWx1ZRgCIAEoCzInLmdlc3RhbHQucHJvdmlkZXIudjEuQ29ubmVjdGlvblBhcmFtRGVmOgI4AUoECAkQClIVc3VwcG9ydHNfcG9zdF9jb25uZWN0IsQBCg9PcGVyYXRpb25SZXN1bHQSDgoGc3RhdHVzGAEgASgFEgwKBGJvZHkYAiABKAkSQgoHaGVhZGVycxgDIAMoCzIxLmdlc3RhbHQucHJvdmlkZXIudjEuT3BlcmF0aW9uUmVzdWx0LkhlYWRlcnNFbnRyeRpPCgxIZWFkZXJzRW50cnkSCwoDa2V5GAEgASgJEi4KBXZhbHVlGAIgASgLMh8uZ2VzdGFsdC5wcm92aWRlci52MS5TdHJpbmdMaXN0OgI4ASJfChJBcHBJbnZvY2F0aW9uR3JhbnQSCwoDYXBwGAEgASgJEhIKCm9wZXJhdGlvbnMYAiADKAkSEAoIc3VyZmFjZXMYAyADKAkSFgoOYWxsX29wZXJhdGlvbnMYBCABKAgijwEKHkV4Y2hhbmdlSW52b2NhdGlvblRva2VuUmVxdWVzdBIfChdwYXJlbnRfaW52b2NhdGlvbl90b2tlbhgBIAEoCRI3CgZncmFudHMYAiADKAsyJy5nZXN0YWx0LnByb3ZpZGVyLnYxLkFwcEludm9jYXRpb25HcmFudBITCgt0dGxfc2Vjb25kcxgDIAEoAyI7Ch9FeGNoYW5nZUludm9jYXRpb25Ub2tlblJlc3BvbnNlEhgKEGludm9jYXRpb25fdG9rZW4YASABKAkijgIKEEFwcEludm9rZVJlcXVlc3QSCwoDYXBwGAIgASgJEhEKCW9wZXJhdGlvbhgDIAEoCRInCgZwYXJhbXMYBCABKAsyFy5nb29nbGUucHJvdG9idWYuU3RydWN0EhIKCmNvbm5lY3Rpb24YBSABKAkSEAoIaW5zdGFuY2UYBiABKAkSGAoQaW52b2NhdGlvbl90b2tlbhgHIAEoCRIXCg9pZGVtcG90ZW5jeV9rZXkYCCABKAkSFwoPY3JlZGVudGlhbF9tb2RlGAkgASgJEikKCHdvcmtmbG93GAogASgLMhcuZ29vZ2xlLnByb3RvYnVmLlN0cnVjdEoECAEQAlIOcmVxdWVzdF9oYW5kbGUivQEKF0FwcEludm9rZUdyYXBoUUxSZXF1ZXN0EgsKA2FwcBgBIAEoCRIQCghkb2N1bWVudBgCIAEoCRIqCgl2YXJpYWJsZXMYAyABKAsyFy5nb29nbGUucHJvdG9idWYuU3RydWN0EhIKCmNvbm5lY3Rpb24YBCABKAkSEAoIaW5zdGFuY2UYBSABKAkSGAoQaW52b2NhdGlvbl90b2tlbhgGIAEoCRIXCg9pZGVtcG90ZW5jeV9rZXkYByABKAkigwEKDlN1YmplY3RDb250ZXh0EgoKAmlkGAEgASgJEgwKBGtpbmQYAiABKAkSFAoMZGlzcGxheV9uYW1lGAMgASgJEhMKC2F1dGhfc291cmNlGAQgASgJEg0KBWVtYWlsGAUgASgJEh0KFWNyZWRlbnRpYWxfc3ViamVjdF9pZBgGIAEoCSLJAQoMQWdlbnRUb29sUmVmEgsKA2FwcBgBIAEoCRIRCglvcGVyYXRpb24YAiABKAkSEgoKY29ubmVjdGlvbhgDIAEoCRIQCghpbnN0YW5jZRgEIAEoCRINCgV0aXRsZRgFIAEoCRITCgtkZXNjcmlwdGlvbhgGIAEoCRIOCgZzeXN0ZW0YCCABKAkSMwoGcnVuX2FzGAkgASgLMiMuZ2VzdGFsdC5wcm92aWRlci52MS5TdWJqZWN0Q29udGV4dEoECAcQCEoECAoQCyIcCgpTdHJpbmdMaXN0Eg4KBnZhbHVlcxgBIAMoCSJbChFDcmVkZW50aWFsQ29udGV4dBIMCgRtb2RlGAEgASgJEhIKCnN1YmplY3RfaWQYAiABKAkSEgoKY29ubmVjdGlvbhgDIAEoCRIQCghpbnN0YW5jZRgEIAEoCSItCg1BY2Nlc3NDb250ZXh0Eg4KBnBvbGljeRgBIAEoCRIMCgRyb2xlGAIgASgJIiYKC0hvc3RDb250ZXh0EhcKD3B1YmxpY19iYXNlX3VybBgBIAEoCSKmAwoOUmVxdWVzdENvbnRleHQSNAoHc3ViamVjdBgBIAEoCzIjLmdlc3RhbHQucHJvdmlkZXIudjEuU3ViamVjdENvbnRleHQSOgoKY3JlZGVudGlhbBgCIAEoCzImLmdlc3RhbHQucHJvdmlkZXIudjEuQ3JlZGVudGlhbENvbnRleHQSMgoGYWNjZXNzGAMgASgLMiIuZ2VzdGFsdC5wcm92aWRlci52MS5BY2Nlc3NDb250ZXh0EikKCHdvcmtmbG93GAQgASgLMhcuZ29vZ2xlLnByb3RvYnVmLlN0cnVjdBIuCgRob3N0GAUgASgLMiAuZ2VzdGFsdC5wcm92aWRlci52MS5Ib3N0Q29udGV4dBI6Cg1hZ2VudF9zdWJqZWN0GAYgASgLMiMuZ2VzdGFsdC5wcm92aWRlci52MS5TdWJqZWN0Q29udGV4dBI0Cgl0b29sX3JlZnMYCSADKAsyIS5nZXN0YWx0LnByb3ZpZGVyLnYxLkFnZW50VG9vbFJlZhIVCg10b29sX3JlZnNfc2V0GAogASgISgQIBxAISgQICBAJIv4EChJIVFRQU3ViamVjdFJlcXVlc3QSDwoHYmluZGluZxgBIAEoCRIOCgZtZXRob2QYAiABKAkSDAoEcGF0aBgDIAEoCRIUCgxjb250ZW50X3R5cGUYBCABKAkSRQoHaGVhZGVycxgFIAMoCzI0Lmdlc3RhbHQucHJvdmlkZXIudjEuSFRUUFN1YmplY3RSZXF1ZXN0LkhlYWRlcnNFbnRyeRJBCgVxdWVyeRgGIAMoCzIyLmdlc3RhbHQucHJvdmlkZXIudjEuSFRUUFN1YmplY3RSZXF1ZXN0LlF1ZXJ5RW50cnkSJwoGcGFyYW1zGAcgASgLMhcuZ29vZ2xlLnByb3RvYnVmLlN0cnVjdBIQCghyYXdfYm9keRgIIAEoDBIXCg9zZWN1cml0eV9zY2hlbWUYCSABKAkSGAoQdmVyaWZpZWRfc3ViamVjdBgKIAEoCRJUCg92ZXJpZmllZF9jbGFpbXMYCyADKAsyOy5nZXN0YWx0LnByb3ZpZGVyLnYxLkhUVFBTdWJqZWN0UmVxdWVzdC5WZXJpZmllZENsYWltc0VudHJ5Gk8KDEhlYWRlcnNFbnRyeRILCgNrZXkYASABKAkSLgoFdmFsdWUYAiABKAsyHy5nZXN0YWx0LnByb3ZpZGVyLnYxLlN0cmluZ0xpc3Q6AjgBGk0KClF1ZXJ5RW50cnkSCwoDa2V5GAEgASgJEi4KBXZhbHVlGAIgASgLMh8uZ2VzdGFsdC5wcm92aWRlci52MS5TdHJpbmdMaXN0OgI4ARo1ChNWZXJpZmllZENsYWltc0VudHJ5EgsKA2tleRgBIAEoCRINCgV2YWx1ZRgCIAEoCToCOAEiiwEKGVJlc29sdmVIVFRQU3ViamVjdFJlcXVlc3QSOAoHcmVxdWVzdBgBIAEoCzInLmdlc3RhbHQucHJvdmlkZXIudjEuSFRUUFN1YmplY3RSZXF1ZXN0EjQKB2NvbnRleHQYAiABKAsyIy5nZXN0YWx0LnByb3ZpZGVyLnYxLlJlcXVlc3RDb250ZXh0IoEBChpSZXNvbHZlSFRUUFN1YmplY3RSZXNwb25zZRI0CgdzdWJqZWN0GAEgASgLMiMuZ2VzdGFsdC5wcm92aWRlci52MS5TdWJqZWN0Q29udGV4dBIVCg1yZWplY3Rfc3RhdHVzGAIgASgFEhYKDnJlamVjdF9tZXNzYWdlGAMgASgJIoADCg5FeGVjdXRlUmVxdWVzdBIRCglvcGVyYXRpb24YASABKAkSJwoGcGFyYW1zGAIgASgLMhcuZ29vZ2xlLnByb3RvYnVmLlN0cnVjdBINCgV0b2tlbhgDIAEoCRJUChFjb25uZWN0aW9uX3BhcmFtcxgEIAMoCzI5Lmdlc3RhbHQucHJvdmlkZXIudjEuRXhlY3V0ZVJlcXVlc3QuQ29ubmVjdGlvblBhcmFtc0VudHJ5EhUKDWludm9jYXRpb25faWQYBSABKAkSNAoHY29udGV4dBgGIAEoCzIjLmdlc3RhbHQucHJvdmlkZXIudjEuUmVxdWVzdENvbnRleHQSGAoQaW52b2NhdGlvbl90b2tlbhgIIAEoCRIXCg9pZGVtcG90ZW5jeV9rZXkYCSABKAkaNwoVQ29ubmVjdGlvblBhcmFtc0VudHJ5EgsKA2tleRgBIAEoCRINCgV2YWx1ZRgCIAEoCToCOAFKBAgHEAhSDnJlcXVlc3RfaGFuZGxlIo8CChhHZXRTZXNzaW9uQ2F0YWxvZ1JlcXVlc3QSDQoFdG9rZW4YASABKAkSXgoRY29ubmVjdGlvbl9wYXJhbXMYAiADKAsyQy5nZXN0YWx0LnByb3ZpZGVyLnYxLkdldFNlc3Npb25DYXRhbG9nUmVxdWVzdC5Db25uZWN0aW9uUGFyYW1zRW50cnkSFQoNaW52b2NhdGlvbl9pZBgDIAEoCRI0Cgdjb250ZXh0GAQgASgLMiMuZ2VzdGFsdC5wcm92aWRlci52MS5SZXF1ZXN0Q29udGV4dBo3ChVDb25uZWN0aW9uUGFyYW1zRW50cnkSCwoDa2V5GAEgASgJEg0KBXZhbHVlGAIgASgJOgI4ASJKChlHZXRTZXNzaW9uQ2F0YWxvZ1Jlc3BvbnNlEi0KB2NhdGFsb2cYASABKAsyHC5nZXN0YWx0LnByb3ZpZGVyLnYxLkNhdGFsb2ciZwoUU3RhcnRQcm92aWRlclJlcXVlc3QSDAoEbmFtZRgBIAEoCRInCgZjb25maWcYAiABKAsyFy5nb29nbGUucHJvdG9idWYuU3RydWN0EhgKEHByb3RvY29sX3ZlcnNpb24YBCABKAUiMQoVU3RhcnRQcm92aWRlclJlc3BvbnNlEhgKEHByb3RvY29sX3ZlcnNpb24YASABKAUqegoOQ29ubmVjdGlvbk1vZGUSHwobQ09OTkVDVElPTl9NT0RFX1VOU1BFQ0lGSUVEEAASGAoUQ09OTkVDVElPTl9NT0RFX05PTkUQARIbChdDT05ORUNUSU9OX01PREVfU1VCSkVDVBACIgQIAxADIgQIBBAEIgQIBRAFMoQECgtBcHBQcm92aWRlchJMCgtHZXRNZXRhZGF0YRIWLmdvb2dsZS5wcm90b2J1Zi5FbXB0eRolLmdlc3RhbHQucHJvdmlkZXIudjEuUHJvdmlkZXJNZXRhZGF0YRJmCg1TdGFydFByb3ZpZGVyEikuZ2VzdGFsdC5wcm92aWRlci52MS5TdGFydFByb3ZpZGVyUmVxdWVzdBoqLmdlc3RhbHQucHJvdmlkZXIudjEuU3RhcnRQcm92aWRlclJlc3BvbnNlElQKB0V4ZWN1dGUSIy5nZXN0YWx0LnByb3ZpZGVyLnYxLkV4ZWN1dGVSZXF1ZXN0GiQuZ2VzdGFsdC5wcm92aWRlci52MS5PcGVyYXRpb25SZXN1bHQSdQoSUmVzb2x2ZUhUVFBTdWJqZWN0Ei4uZ2VzdGFsdC5wcm92aWRlci52MS5SZXNvbHZlSFRUUFN1YmplY3RSZXF1ZXN0Gi8uZ2VzdGFsdC5wcm92aWRlci52MS5SZXNvbHZlSFRUUFN1YmplY3RSZXNwb25zZRJyChFHZXRTZXNzaW9uQ2F0YWxvZxItLmdlc3RhbHQucHJvdmlkZXIudjEuR2V0U2Vzc2lvbkNhdGFsb2dSZXF1ZXN0Gi4uZ2VzdGFsdC5wcm92aWRlci52MS5HZXRTZXNzaW9uQ2F0YWxvZ1Jlc3BvbnNlMsgCCgNBcHAShAEKF0V4Y2hhbmdlSW52b2NhdGlvblRva2VuEjMuZ2VzdGFsdC5wcm92aWRlci52MS5FeGNoYW5nZUludm9jYXRpb25Ub2tlblJlcXVlc3QaNC5nZXN0YWx0LnByb3ZpZGVyLnYxLkV4Y2hhbmdlSW52b2NhdGlvblRva2VuUmVzcG9uc2USVQoGSW52b2tlEiUuZ2VzdGFsdC5wcm92aWRlci52MS5BcHBJbnZva2VSZXF1ZXN0GiQuZ2VzdGFsdC5wcm92aWRlci52MS5PcGVyYXRpb25SZXN1bHQSYwoNSW52b2tlR3JhcGhRTBIsLmdlc3RhbHQucHJvdmlkZXIudjEuQXBwSW52b2tlR3JhcGhRTFJlcXVlc3QaJC5nZXN0YWx0LnByb3ZpZGVyLnYxLk9wZXJhdGlvblJlc3VsdGIGcHJvdG8z", [file_google_protobuf_empty, file_google_protobuf_struct]);
 
 /**
  * CatalogParameter describes one input parameter surfaced in the generated
@@ -299,11 +299,6 @@ export type ProviderMetadata = Message<"gestalt.provider.v1.ProviderMetadata"> &
    */
   supportsSessionCatalog: boolean;
 
-  /**
-   * @generated from field: bool supports_post_connect = 9;
-   */
-  supportsPostConnect: boolean;
-
   /**
    * @generated from field: int32 min_protocol_version = 11;
    */
@@ -544,93 +539,6 @@ export type AppInvokeGraphQLRequest = Message<"gestalt.provider.v1.AppInvokeGrap
 export const AppInvokeGraphQLRequestSchema: GenMessage<AppInvokeGraphQLRequest> = /*@__PURE__*/
   messageDesc(file_v1_app, 11);
 
-/**
- * PostConnectCredential is the host-managed credential payload passed into
- * post-connect hooks. Field numbers intentionally match the legacy
- * post-connect credential payload so older compiled providers can still decode
- * the request during rolling upgrades.
- *
- * @generated from message gestalt.provider.v1.PostConnectCredential
- */
-export type PostConnectCredential = Message<"gestalt.provider.v1.PostConnectCredential"> & {
-  /**
-   * @generated from field: string id = 1;
-   */
-  id: string;
-
-  /**
-   * @generated from field: string subject_id = 2;
-   */
-  subjectId: string;
-
-  /**
-   * @generated from field: string integration = 3;
-   */
-  integration: string;
-
-  /**
-   * @generated from field: string instance = 4;
-   */
-  instance: string;
-
-  /**
-   * @generated from field: string access_token = 5;
-   */
-  accessToken: string;
-
-  /**
-   * @generated from field: string refresh_token = 6;
-   */
-  refreshToken: string;
-
-  /**
-   * @generated from field: string scopes = 7;
-   */
-  scopes: string;
-
-  /**
-   * @generated from field: google.protobuf.Timestamp expires_at = 8;
-   */
-  expiresAt?: Timestamp | undefined;
-
-  /**
-   * @generated from field: google.protobuf.Timestamp last_refreshed_at = 9;
-   */
-  lastRefreshedAt?: Timestamp | undefined;
-
-  /**
-   * @generated from field: int32 refresh_error_count = 10;
-   */
-  refreshErrorCount: number;
-
-  /**
-   * @generated from field: string metadata_json = 11;
-   */
-  metadataJson: string;
-
-  /**
-   * @generated from field: google.protobuf.Timestamp created_at = 12;
-   */
-  createdAt?: Timestamp | undefined;
-
-  /**
-   * @generated from field: google.protobuf.Timestamp updated_at = 13;
-   */
-  updatedAt?: Timestamp | undefined;
-
-  /**
-   * @generated from field: string connection = 14;
-   */
-  connection: string;
-};
-
-/**
- * Describes the message gestalt.provider.v1.PostConnectCredential.
- * Use `create(PostConnectCredentialSchema)` to create a new message.
- */
-export const PostConnectCredentialSchema: GenMessage<PostConnectCredential> = /*@__PURE__*/
-  messageDesc(file_v1_app, 12);
-
 /**
  * SubjectContext identifies the caller that initiated an operation.
  *
@@ -673,32 +581,7 @@ export type SubjectContext = Message<"gestalt.provider.v1.SubjectContext"> & {
  * Use `create(SubjectContextSchema)` to create a new message.
  */
 export const SubjectContextSchema: GenMessage<SubjectContext> = /*@__PURE__*/
-  messageDesc(file_v1_app, 13);
-
-/**
- * ExternalIdentityContext identifies the caller in a provider-owned external
- * identity namespace, as discovered from that caller's stored connection.
- *
- * @generated from message gestalt.provider.v1.ExternalIdentityContext
- */
-export type ExternalIdentityContext = Message<"gestalt.provider.v1.ExternalIdentityContext"> & {
-  /**
-   * @generated from field: string type = 1;
-   */
-  type: string;
-
-  /**
-   * @generated from field: string id = 2;
-   */
-  id: string;
-};
-
-/**
- * Describes the message gestalt.provider.v1.ExternalIdentityContext.
- * Use `create(ExternalIdentityContextSchema)` to create a new message.
- */
-export const ExternalIdentityContextSchema: GenMessage<ExternalIdentityContext> = /*@__PURE__*/
-  messageDesc(file_v1_app, 14);
+  messageDesc(file_v1_app, 12);
 
 /**
  * @generated from message gestalt.provider.v1.AgentToolRef
@@ -743,11 +626,6 @@ export type AgentToolRef = Message<"gestalt.provider.v1.AgentToolRef"> & {
    * @generated from field: gestalt.provider.v1.SubjectContext run_as = 9;
    */
   runAs?: SubjectContext | undefined;
-
-  /**
-   * @generated from field: gestalt.provider.v1.ExternalIdentityContext run_as_external_identity = 10;
-   */
-  runAsExternalIdentity?: ExternalIdentityContext | undefined;
 };
 
 /**
@@ -755,7 +633,7 @@ export type AgentToolRef = Message<"gestalt.provider.v1.AgentToolRef"> & {
  * Use `create(AgentToolRefSchema)` to create a new message.
  */
 export const AgentToolRefSchema: GenMessage<AgentToolRef> = /*@__PURE__*/
-  messageDesc(file_v1_app, 15);
+  messageDesc(file_v1_app, 13);
 
 /**
  * StringList is a helper map value for repeated HTTP header and query values.
@@ -774,7 +652,7 @@ export type StringList = Message<"gestalt.provider.v1.StringList"> & {
  * Use `create(StringListSchema)` to create a new message.
  */
 export const StringListSchema: GenMessage<StringList> = /*@__PURE__*/
-  messageDesc(file_v1_app, 16);
+  messageDesc(file_v1_app, 14);
 
 /**
  * CredentialContext describes the resolved credential used for an operation.
@@ -808,7 +686,7 @@ export type CredentialContext = Message<"gestalt.provider.v1.CredentialContext">
  * Use `create(CredentialContextSchema)` to create a new message.
  */
 export const CredentialContextSchema: GenMessage<CredentialContext> = /*@__PURE__*/
-  messageDesc(file_v1_app, 17);
+  messageDesc(file_v1_app, 15);
 
 /**
  * AccessContext describes the host-side access decision for an operation.
@@ -832,7 +710,7 @@ export type AccessContext = Message<"gestalt.provider.v1.AccessContext"> & {
  * Use `create(AccessContextSchema)` to create a new message.
  */
 export const AccessContextSchema: GenMessage<AccessContext> = /*@__PURE__*/
-  messageDesc(file_v1_app, 18);
+  messageDesc(file_v1_app, 16);
 
 /**
  * HostContext describes stable public host metadata available to provider code.
@@ -851,7 +729,7 @@ export type HostContext = Message<"gestalt.provider.v1.HostContext"> & {
  * Use `create(HostContextSchema)` to create a new message.
  */
 export const HostContextSchema: GenMessage<HostContext> = /*@__PURE__*/
-  messageDesc(file_v1_app, 19);
+  messageDesc(file_v1_app, 17);
 
 /**
  * RequestContext bundles the caller, credential, access, and host metadata for
@@ -892,20 +770,6 @@ export type RequestContext = Message<"gestalt.provider.v1.RequestContext"> & {
    */
   agentSubject?: SubjectContext | undefined;
 
-  /**
-   * The original agent caller's provider-owned external identity, when known.
-   *
-   * @generated from field: gestalt.provider.v1.ExternalIdentityContext agent_external_identity = 7;
-   */
-  agentExternalIdentity?: ExternalIdentityContext | undefined;
-
-  /**
-   * Provider-owned external identity the invocation is authorized to assume.
-   *
-   * @generated from field: gestalt.provider.v1.ExternalIdentityContext external_identity = 8;
-   */
-  externalIdentity?: ExternalIdentityContext | undefined;
-
   /**
    * Agent tool refs granted to the operation request, when the request is
    * executing as an agent tool.
@@ -928,7 +792,7 @@ export type RequestContext = Message<"gestalt.provider.v1.RequestContext"> & {
  * Use `create(RequestContextSchema)` to create a new message.
  */
 export const RequestContextSchema: GenMessage<RequestContext> = /*@__PURE__*/
-  messageDesc(file_v1_app, 20);
+  messageDesc(file_v1_app, 18);
 
 /**
  * HTTPSubjectRequest carries one verified hosted HTTP request into an optional
@@ -998,7 +862,7 @@ export type HTTPSubjectRequest = Message<"gestalt.provider.v1.HTTPSubjectRequest
  * Use `create(HTTPSubjectRequestSchema)` to create a new message.
  */
 export const HTTPSubjectRequestSchema: GenMessage<HTTPSubjectRequest> = /*@__PURE__*/
-  messageDesc(file_v1_app, 21);
+  messageDesc(file_v1_app, 19);
 
 /**
  * ResolveHTTPSubjectRequest asks a provider to map a verified hosted HTTP
@@ -1024,7 +888,7 @@ export type ResolveHTTPSubjectRequest = Message<"gestalt.provider.v1.ResolveHTTP
  * Use `create(ResolveHTTPSubjectRequestSchema)` to create a new message.
  */
 export const ResolveHTTPSubjectRequestSchema: GenMessage<ResolveHTTPSubjectRequest> = /*@__PURE__*/
-  messageDesc(file_v1_app, 22);
+  messageDesc(file_v1_app, 20);
 
 /**
  * ResolveHTTPSubjectResponse returns the concrete Gestalt subject a hosted HTTP
@@ -1056,7 +920,7 @@ export type ResolveHTTPSubjectResponse = Message<"gestalt.provider.v1.ResolveHTT
  * Use `create(ResolveHTTPSubjectResponseSchema)` to create a new message.
  */
 export const ResolveHTTPSubjectResponseSchema: GenMessage<ResolveHTTPSubjectResponse> = /*@__PURE__*/
-  messageDesc(file_v1_app, 23);
+  messageDesc(file_v1_app, 21);
 
 /**
  * ExecuteRequest invokes one executable operation.
@@ -1110,7 +974,7 @@ export type ExecuteRequest = Message<"gestalt.provider.v1.ExecuteRequest"> & {
  * Use `create(ExecuteRequestSchema)` to create a new message.
  */
 export const ExecuteRequestSchema: GenMessage<ExecuteRequest> = /*@__PURE__*/
-  messageDesc(file_v1_app, 24);
+  messageDesc(file_v1_app, 22);
 
 /**
  * GetSessionCatalogRequest asks a provider for request-scoped catalog
@@ -1145,7 +1009,7 @@ export type GetSessionCatalogRequest = Message<"gestalt.provider.v1.GetSessionCa
  * Use `create(GetSessionCatalogRequestSchema)` to create a new message.
  */
 export const GetSessionCatalogRequestSchema: GenMessage<GetSessionCatalogRequest> = /*@__PURE__*/
-  messageDesc(file_v1_app, 25);
+  messageDesc(file_v1_app, 23);
 
 /**
  * GetSessionCatalogResponse returns request-scoped catalog extensions.
@@ -1164,46 +1028,7 @@ export type GetSessionCatalogResponse = Message<"gestalt.provider.v1.GetSessionC
  * Use `create(GetSessionCatalogResponseSchema)` to create a new message.
  */
 export const GetSessionCatalogResponseSchema: GenMessage<GetSessionCatalogResponse> = /*@__PURE__*/
-  messageDesc(file_v1_app, 26);
-
-/**
- * PostConnectRequest notifies a provider that a connection has completed.
- *
- * @generated from message gestalt.provider.v1.PostConnectRequest
- */
-export type PostConnectRequest = Message<"gestalt.provider.v1.PostConnectRequest"> & {
-  /**
-   * @generated from field: gestalt.provider.v1.PostConnectCredential token = 1;
-   */
-  token?: PostConnectCredential | undefined;
-};
-
-/**
- * Describes the message gestalt.provider.v1.PostConnectRequest.
- * Use `create(PostConnectRequestSchema)` to create a new message.
- */
-export const PostConnectRequestSchema: GenMessage<PostConnectRequest> = /*@__PURE__*/
-  messageDesc(file_v1_app, 27);
-
-/**
- * PostConnectResponse returns provider-defined metadata captured after
- * connection.
- *
- * @generated from message gestalt.provider.v1.PostConnectResponse
- */
-export type PostConnectResponse = Message<"gestalt.provider.v1.PostConnectResponse"> & {
-  /**
-   * @generated from field: map<string, string> metadata = 1;
-   */
-  metadata: { [key: string]: string };
-};
-
-/**
- * Describes the message gestalt.provider.v1.PostConnectResponse.
- * Use `create(PostConnectResponseSchema)` to create a new message.
- */
-export const PostConnectResponseSchema: GenMessage<PostConnectResponse> = /*@__PURE__*/
-  messageDesc(file_v1_app, 28);
+  messageDesc(file_v1_app, 24);
 
 /**
  * StartProviderRequest configures an integration provider for one runtime
@@ -1233,7 +1058,7 @@ export type StartProviderRequest = Message<"gestalt.provider.v1.StartProviderReq
  * Use `create(StartProviderRequestSchema)` to create a new message.
  */
 export const StartProviderRequestSchema: GenMessage<StartProviderRequest> = /*@__PURE__*/
-  messageDesc(file_v1_app, 29);
+  messageDesc(file_v1_app, 25);
 
 /**
  * StartProviderResponse confirms the protocol version the provider is serving.
@@ -1252,7 +1077,7 @@ export type StartProviderResponse = Message<"gestalt.provider.v1.StartProviderRe
  * Use `create(StartProviderResponseSchema)` to create a new message.
  */
 export const StartProviderResponseSchema: GenMessage<StartProviderResponse> = /*@__PURE__*/
-  messageDesc(file_v1_app, 30);
+  messageDesc(file_v1_app, 26);
 
 /**
  * ConnectionMode describes which credential sources a provider accepts.
@@ -1271,9 +1096,9 @@ export enum ConnectionMode {
   NONE = 1,
 
   /**
-   * @generated from enum value: CONNECTION_MODE_USER = 2;
+   * @generated from enum value: CONNECTION_MODE_SUBJECT = 2;
    */
-  USER = 2,
+  SUBJECT = 2,
 }
 
 /**
@@ -1328,14 +1153,6 @@ export const AppProvider: GenService<{
     input: typeof GetSessionCatalogRequestSchema;
     output: typeof GetSessionCatalogResponseSchema;
   },
-  /**
-   * @generated from rpc gestalt.provider.v1.AppProvider.PostConnect
-   */
-  postConnect: {
-    methodKind: "unary";
-    input: typeof PostConnectRequestSchema;
-    output: typeof PostConnectResponseSchema;
-  },
 }> = /*@__PURE__*/
   serviceDesc(file_v1_app, 0);
 

package/src/provider-kind.ts

@@ -21,7 +21,7 @@ const PROVIDER_KIND_DEFINITIONS = {
     label: "authentication provider",
   },
   authorization: {
-    tokens: ["authorization", "authz"],
+    tokens: ["authorization"],
     formatToken: "authorization",
     defaultExportNames: ["authorization", "provider"],
     label: "authorization provider",

package/src/runtime.ts

@@ -47,12 +47,10 @@ import {
   ConnectionMode as ProviderConnectionMode,
   GetSessionCatalogResponseSchema,
   OperationAnnotationsSchema as ProtoOperationAnnotationsSchema,
-  PostConnectResponseSchema,
   ResolveHTTPSubjectResponseSchema,
   OperationResultSchema,
   ProviderMetadataSchema,
   type HTTPSubjectRequest as ProtoHTTPSubjectRequest,
-  type PostConnectCredential as ProtoPostConnectCredential,
   type RequestContext as ProtoRequestContext,
   type ResolveHTTPSubjectRequest as ProtoResolveHTTPSubjectRequest,
   AppProvider as AppProviderService,
@@ -108,7 +106,6 @@ import {
   type HTTPSubjectResolutionContext,
 } from "./http-subject.ts";
 import {
-  type ConnectedToken,
   AppProvider,
   encodeConnectionMode,
   encodeConnectionParam,
@@ -561,7 +558,6 @@ export function createProviderService(
           ),
           staticCatalog: catalogToProto(provider.staticCatalog()),
           supportsSessionCatalog: provider.supportsSessionCatalog(),
-          supportsPostConnect: provider.supportsPostConnect(),
           minProtocolVersion: CURRENT_PROTOCOL_VERSION,
           maxProtocolVersion: CURRENT_PROTOCOL_VERSION,
         });
@@ -656,30 +652,6 @@ export function createProviderService(
         catalog: catalogToProto(catalog),
       });
     },
-    async postConnect(request) {
-      if (!provider.supportsPostConnect()) {
-        throw new ConnectError(
-          "provider does not support post connect",
-          Code.Unimplemented,
-        );
-      }
-      let metadata: Record<string, string> | null | undefined;
-      try {
-        metadata = await provider.postConnectMetadata(
-          providerConnectedToken(request.token),
-        );
-      } catch (error) {
-        throw new ConnectError(
-          `post connect: ${errorMessage(error)}`,
-          Code.Unknown,
-        );
-      }
-      return create(PostConnectResponseSchema, {
-        metadata: {
-          ...(metadata ?? {}),
-        },
-      });
-    },
   };
 }
 
@@ -853,8 +825,6 @@ function providerRequest(
 ): Request {
   const subject = requestContext?.subject;
   const agentSubject = requestContext?.agentSubject;
-  const externalIdentity = requestContext?.externalIdentity;
-  const agentExternalIdentity = requestContext?.agentExternalIdentity;
   const credential = requestContext?.credential;
   const access = requestContext?.access;
   const host = requestContext?.host;
@@ -879,14 +849,6 @@ function providerRequest(
       authSource: agentSubject?.authSource ?? "",
       email: agentSubject?.email ?? "",
     },
-    externalIdentity: {
-      type: externalIdentity?.type ?? "",
-      id: externalIdentity?.id ?? "",
-    },
-    agentExternalIdentity: {
-      type: agentExternalIdentity?.type ?? "",
-      id: agentExternalIdentity?.id ?? "",
-    },
     credential: {
       mode: credential?.mode ?? "",
       subjectId: credential?.subjectId ?? "",
@@ -949,29 +911,6 @@ function providerHTTPSubjectResolutionContext(
   };
 }
 
-function providerConnectedToken(
-  token?: ProtoPostConnectCredential,
-): ConnectedToken {
-  const metadataJson = token?.metadataJson ?? "";
-  return {
-    id: token?.id ?? "",
-    subjectId: token?.subjectId ?? "",
-    integration: token?.integration ?? "",
-    connection: token?.connection ?? "",
-    instance: token?.instance ?? "",
-    accessToken: token?.accessToken ?? "",
-    refreshToken: token?.refreshToken ?? "",
-    scopes: token?.scopes ?? "",
-    expiresAt: timestampToDate(token?.expiresAt),
-    lastRefreshedAt: timestampToDate(token?.lastRefreshedAt),
-    refreshErrorCount: token?.refreshErrorCount ?? 0,
-    metadataJson,
-    metadata: stringRecordFromJSON(metadataJson),
-    createdAt: timestampToDate(token?.createdAt),
-    updatedAt: timestampToDate(token?.updatedAt),
-  };
-}
-
 function operationResultToProto(result: OperationResult) {
   return create(OperationResultSchema, {
     status: result.status,
@@ -1107,45 +1046,6 @@ function normalizeBigInt(value: number | bigint): bigint {
   return BigInt(Math.max(0, Math.trunc(value)));
 }
 
-function timestampToDate(
-  value: { seconds: bigint; nanos: number } | undefined,
-): Date | undefined {
-  if (!value) {
-    return undefined;
-  }
-  const seconds = Number(value.seconds ?? 0n);
-  const nanos = Number(value.nanos ?? 0);
-  if (!Number.isFinite(seconds) || !Number.isFinite(nanos)) {
-    return undefined;
-  }
-  const millis = (seconds * 1000) + Math.trunc(nanos / 1_000_000);
-  if (!Number.isFinite(millis)) {
-    return undefined;
-  }
-  return new Date(millis);
-}
-
-function stringRecordFromJSON(value: string): Record<string, string> {
-  if (!value.trim()) {
-    return {};
-  }
-  try {
-    const parsed = JSON.parse(value) as unknown;
-    if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
-      return {};
-    }
-    const output: Record<string, string> = {};
-    for (const [key, entry] of Object.entries(parsed)) {
-      if (typeof entry === "string") {
-        output[key] = entry;
-      }
-    }
-    return output;
-  } catch {
-    return {};
-  }
-}
-
 function cloneUint8Array(value: Uint8Array | undefined): Uint8Array {
   if (!value) {
     return new Uint8Array();