@wickdninja/sweny-providers 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 SWEny
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,259 @@
+# @swenyai/providers
+
+Shared provider interfaces and implementations for [SWEny](https://sweny.ai) — pluggable integrations for the `@swenyai/engine` workflow runner.
+
+Providers map to the three workflow phases:
+
+- **Learn** — Observability providers query logs and metrics from your production systems
+- **Act** — Issue tracking, source control, incident management, and coding agent providers take action based on AI analysis
+- **Report** — Notification and messaging providers deliver results through your team's channels
+
+## Install
+
+```bash
+npm install @swenyai/providers
+```
+
+## Providers
+
+### Observability (7 providers)
+
+| Provider | Factory | Config |
+|----------|---------|--------|
+| Datadog | `datadog()` | `apiKey`, `appKey`, `site` |
+| Sentry | `sentry()` | `authToken`, `organization`, `project` |
+| CloudWatch | `cloudwatch()` | `region`, `logGroupPrefix` |
+| Splunk | `splunk()` | `baseUrl`, `token`, `index` |
+| Elasticsearch | `elastic()` | `baseUrl`, `apiKey` or `username`/`password`, `index` |
+| Grafana Loki | `loki()` | `baseUrl`, `apiKey`, `orgId` |
+| New Relic | `newrelic()` | `apiKey`, `accountId`, `region` |
+
+```typescript
+import { datadog, splunk, loki } from "@swenyai/providers/observability";
+```
+
+### Issue Tracking (3 providers)
+
+| Provider | Factory | Config |
+|----------|---------|--------|
+| Linear | `linear()` | `apiKey` |
+| GitHub Issues | `githubIssues()` | `token`, `owner`, `repo` |
+| Jira | `jira()` | `baseUrl`, `email`, `apiToken` |
+
+```typescript
+import { linear, githubIssues, jira } from "@swenyai/providers/issue-tracking";
+```
+
+### Source Control (2 providers)
+
+| Provider | Factory | Config |
+|----------|---------|--------|
+| GitHub | `github()` | `token`, `owner`, `repo` |
+| GitLab | `gitlab()` | `token`, `projectId`, `baseUrl` |
+
+```typescript
+import { github, gitlab } from "@swenyai/providers/source-control";
+```
+
+### Incident Management (2 providers)
+
+| Provider | Factory | Config |
+|----------|---------|--------|
+| PagerDuty | `pagerduty()` | `apiToken`, `routingKey` |
+| OpsGenie | `opsgenie()` | `apiKey`, `region` |
+
+```typescript
+import { pagerduty, opsgenie } from "@swenyai/providers/incident";
+```
+
+### Messaging (2 providers)
+
+| Provider | Factory | Config |
+|----------|---------|--------|
+| Slack | `slack()` | `token` |
+| Microsoft Teams | `teams()` | `tenantId`, `clientId`, `clientSecret` |
+
+```typescript
+import { slack, teams } from "@swenyai/providers/messaging";
+```
+
+### Notification (6 providers)
+
+| Provider | Factory | Config |
+|----------|---------|--------|
+| GitHub Summary | `githubSummary()` | — |
+| Slack Webhook | `slackWebhook()` | `webhookUrl` |
+| Teams Webhook | `teamsWebhook()` | `webhookUrl` |
+| Discord Webhook | `discordWebhook()` | `webhookUrl` |
+| Email (SendGrid) | `email()` | `apiKey`, `from`, `to` |
+| Generic Webhook | `webhook()` | `url`, `headers`, `method`, `signingSecret` |
+
+```typescript
+import { githubSummary, slackWebhook, teamsWebhook, discordWebhook, email, webhook } from "@swenyai/providers/notification";
+```
+
+### Storage (3 backends)
+
+| Provider | Factory | Config |
+|----------|---------|--------|
+| Filesystem | `fsStorage()` | `baseDir` |
+| AWS S3 | `s3Storage()` | `bucket`, `prefix`, `region` |
+| CSI / Kubernetes PVC | `csiStorage()` | `mountPath`, `volumeName`, `namespace` |
+
+```typescript
+import { fsStorage, s3Storage, csiStorage } from "@swenyai/providers/storage";
+```
+
+### Credential Vault (2 backends)
+
+| Provider | Factory | Config |
+|----------|---------|--------|
+| Environment Variables | `envVault()` | `prefix` |
+| AWS Secrets Manager | `awsSecretsManager()` | `region`, `prefix` |
+
+```typescript
+import { envVault, awsSecretsManager } from "@swenyai/providers/credential-vault";
+```
+
+### Auth (2 providers)
+
+| Provider | Factory |
+|----------|---------|
+| No Auth | `noAuth()` |
+| API Key Auth | `apiKeyAuth()` |
+
+```typescript
+import { noAuth, apiKeyAuth } from "@swenyai/providers/auth";
+```
+
+### Access (2 guards)
+
+| Provider | Factory |
+|----------|---------|
+| Allow All | `allowAllGuard()` |
+| Role-Based | `roleBasedGuard()` |
+
+```typescript
+import { allowAllGuard, roleBasedGuard } from "@swenyai/providers/access";
+```
+
+### Coding Agent
+
+| Provider | Factory |
+|----------|---------|
+| Claude Code | `claudeCode()` |
+
+```typescript
+import { claudeCode } from "@swenyai/providers/coding-agent";
+```
+
+### Agent Tool
+
+| Provider | Factory |
+|----------|---------|
+| Agent Tool | `agentTool()` |
+
+```typescript
+import { agentTool } from "@swenyai/providers/agent-tool";
+```
+
+## Usage
+
+Every provider follows the factory function pattern with Zod-validated config:
+
+```typescript
+import { datadog } from "@swenyai/providers/observability";
+import { jira } from "@swenyai/providers/issue-tracking";
+import { github } from "@swenyai/providers/source-control";
+import { pagerduty } from "@swenyai/providers/incident";
+
+const obs = datadog({
+  apiKey: process.env.DD_API_KEY!,
+  appKey: process.env.DD_APP_KEY!,
+  site: "datadoghq.com",
+});
+
+const issues = jira({
+  baseUrl: "https://your-org.atlassian.net",
+  email: process.env.JIRA_EMAIL!,
+  apiToken: process.env.JIRA_API_TOKEN!,
+});
+
+const sc = github({
+  token: process.env.GITHUB_TOKEN!,
+  owner: "your-org",
+  repo: "your-repo",
+});
+
+const incidents = pagerduty({
+  apiToken: process.env.PD_API_TOKEN!,
+  routingKey: process.env.PD_ROUTING_KEY!,
+});
+
+// All providers expose verifyAccess() for health checks
+await obs.verifyAccess();
+await issues.verifyAccess();
+await sc.verifyAccess();
+await incidents.verifyAccess();
+
+// Query observability logs
+const logs = await obs.queryLogs({
+  timeRange: "24h",
+  serviceFilter: "*",
+  severity: "error",
+});
+
+// Create an issue
+const issue = await issues.createIssue({
+  title: "Fix authentication timeout",
+  description: "Users are experiencing 504s on login",
+  projectId: "team-id",
+});
+```
+
+## Optional dependencies
+
+Heavy SDKs are optional peer dependencies. Only install what you use:
+
+```bash
+# For S3 storage
+npm install @aws-sdk/client-s3 @aws-sdk/s3-request-presigner
+
+# For CSI / Kubernetes PVC storage
+npm install @kubernetes/client-node
+
+# For CloudWatch observability
+npm install @aws-sdk/client-cloudwatch-logs
+
+# For AWS Secrets Manager credential vault
+npm install @aws-sdk/client-secrets-manager
+
+# For Slack messaging
+npm install @slack/web-api
+
+# For GitHub Actions notification
+npm install @actions/core
+
+# For Microsoft Teams messaging
+npm install @azure/identity @microsoft/microsoft-graph-client
+```
+
+## Implementing a custom provider
+
+Each provider category defines a TypeScript interface. Implement the interface and pass your instance wherever a provider is expected:
+
+```typescript
+import type { ObservabilityProvider } from "@swenyai/providers/observability";
+
+export function myCustomProvider(config: MyConfig): ObservabilityProvider {
+  return {
+    async verifyAccess() { /* ... */ },
+    async queryLogs(opts) { /* ... */ },
+    async aggregate(opts) { /* ... */ },
+  };
+}
+```
+
+## License
+
+[MIT](../../LICENSE)

package/dist/access/allow-all.d.ts

@@ -0,0 +1,3 @@
+import type { AccessGuard } from "./types.js";
+export declare function allowAllGuard(): AccessGuard;
+//# sourceMappingURL=allow-all.d.ts.map

package/dist/access/allow-all.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"allow-all.d.ts","sourceRoot":"","sources":["../../src/access/allow-all.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAqB9C,wBAAgB,aAAa,IAAI,WAAW,CAE3C"}

package/dist/access/allow-all.js

@@ -0,0 +1,19 @@
+import { AccessLevel } from "./types.js";
+class AllowAllGuard {
+    resolveAccessLevel(_user) {
+        return AccessLevel.READ_WRITE;
+    }
+    assertNotForbidden(_user) {
+        // all users are allowed
+    }
+    assertCanQuery(_user) {
+        // all users can query
+    }
+    assertCanMutate(_user) {
+        // all users can mutate
+    }
+}
+export function allowAllGuard() {
+    return new AllowAllGuard();
+}
+//# sourceMappingURL=allow-all.js.map

package/dist/access/allow-all.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"allow-all.js","sourceRoot":"","sources":["../../src/access/allow-all.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC,MAAM,aAAa;IACjB,kBAAkB,CAAC,KAAmB;QACpC,OAAO,WAAW,CAAC,UAAU,CAAC;IAChC,CAAC;IAED,kBAAkB,CAAC,KAAmB;QACpC,wBAAwB;IAC1B,CAAC;IAED,cAAc,CAAC,KAAmB;QAChC,sBAAsB;IACxB,CAAC;IAED,eAAe,CAAC,KAAmB;QACjC,uBAAuB;IACzB,CAAC;CACF;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,IAAI,aAAa,EAAE,CAAC;AAC7B,CAAC"}

package/dist/access/index.d.ts

@@ -0,0 +1,5 @@
+export type { AccessGuard } from "./types.js";
+export { AccessLevel, AccessDeniedError } from "./types.js";
+export { allowAllGuard } from "./allow-all.js";
+export { roleBasedGuard, type RoleMapping } from "./role-based.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/access/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/access/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,KAAK,WAAW,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/access/index.js

@@ -0,0 +1,4 @@
+export { AccessLevel, AccessDeniedError } from "./types.js";
+export { allowAllGuard } from "./allow-all.js";
+export { roleBasedGuard } from "./role-based.js";
+//# sourceMappingURL=index.js.map

package/dist/access/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/access/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAoB,MAAM,iBAAiB,CAAC"}

package/dist/access/role-based.d.ts

@@ -0,0 +1,8 @@
+import type { AccessGuard } from "./types.js";
+export interface RoleMapping {
+    admin?: string[];
+    readWrite?: string[];
+    readOnly?: string[];
+}
+export declare function roleBasedGuard(mapping: RoleMapping): AccessGuard;
+//# sourceMappingURL=role-based.d.ts.map

package/dist/access/role-based.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"role-based.d.ts","sourceRoot":"","sources":["../../src/access/role-based.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAG9C,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAiDD,wBAAgB,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,WAAW,CAEhE"}

package/dist/access/role-based.js

@@ -0,0 +1,42 @@
+import { AccessLevel, AccessDeniedError } from "./types.js";
+class RoleBasedGuard {
+    mapping;
+    constructor(mapping) {
+        this.mapping = mapping;
+    }
+    resolveAccessLevel(user) {
+        const userRoles = new Set(user.roles);
+        if (this.mapping.admin?.some((r) => userRoles.has(r))) {
+            return AccessLevel.ADMIN;
+        }
+        if (this.mapping.readWrite?.some((r) => userRoles.has(r))) {
+            return AccessLevel.READ_WRITE;
+        }
+        if (this.mapping.readOnly?.some((r) => userRoles.has(r))) {
+            return AccessLevel.READ_ONLY;
+        }
+        return AccessLevel.FORBIDDEN;
+    }
+    assertNotForbidden(user) {
+        const level = this.resolveAccessLevel(user);
+        if (level === AccessLevel.FORBIDDEN) {
+            throw new AccessDeniedError(`User "${user.userId}" does not have any permitted role`);
+        }
+    }
+    assertCanQuery(user) {
+        const level = this.resolveAccessLevel(user);
+        if (level === AccessLevel.FORBIDDEN) {
+            throw new AccessDeniedError(`User "${user.userId}" does not have read access`);
+        }
+    }
+    assertCanMutate(user) {
+        const level = this.resolveAccessLevel(user);
+        if (level === AccessLevel.FORBIDDEN || level === AccessLevel.READ_ONLY) {
+            throw new AccessDeniedError(`User "${user.userId}" does not have write access`);
+        }
+    }
+}
+export function roleBasedGuard(mapping) {
+    return new RoleBasedGuard(mapping);
+}
+//# sourceMappingURL=role-based.js.map

package/dist/access/role-based.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"role-based.js","sourceRoot":"","sources":["../../src/access/role-based.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAQ5D,MAAM,cAAc;IACD,OAAO,CAAc;IAEtC,YAAY,OAAoB;QAC9B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,kBAAkB,CAAC,IAAkB;QACnC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEtC,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACtD,OAAO,WAAW,CAAC,KAAK,CAAC;QAC3B,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1D,OAAO,WAAW,CAAC,UAAU,CAAC;QAChC,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzD,OAAO,WAAW,CAAC,SAAS,CAAC;QAC/B,CAAC;QAED,OAAO,WAAW,CAAC,SAAS,CAAC;IAC/B,CAAC;IAED,kBAAkB,CAAC,IAAkB;QACnC,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,KAAK,KAAK,WAAW,CAAC,SAAS,EAAE,CAAC;YACpC,MAAM,IAAI,iBAAiB,CAAC,SAAS,IAAI,CAAC,MAAM,oCAAoC,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;IAED,cAAc,CAAC,IAAkB;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,KAAK,KAAK,WAAW,CAAC,SAAS,EAAE,CAAC;YACpC,MAAM,IAAI,iBAAiB,CAAC,SAAS,IAAI,CAAC,MAAM,6BAA6B,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAED,eAAe,CAAC,IAAkB;QAChC,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,KAAK,KAAK,WAAW,CAAC,SAAS,IAAI,KAAK,KAAK,WAAW,CAAC,SAAS,EAAE,CAAC;YACvE,MAAM,IAAI,iBAAiB,CAAC,SAAS,IAAI,CAAC,MAAM,8BAA8B,CAAC,CAAC;QAClF,CAAC;IACH,CAAC;CACF;AAED,MAAM,UAAU,cAAc,CAAC,OAAoB;IACjD,OAAO,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC"}

package/dist/access/types.d.ts

@@ -0,0 +1,41 @@
+import type { UserIdentity } from "../auth/types.js";
+/** Permission levels ordered from least to most privileged. */
+export declare enum AccessLevel {
+    /** User is not allowed any access. */
+    FORBIDDEN = "forbidden",
+    /** User may only read / query data. */
+    READ_ONLY = "read_only",
+    /** User may read and write / mutate data. */
+    READ_WRITE = "read_write",
+    /** User has full administrative access. */
+    ADMIN = "admin"
+}
+/** Guard that resolves and enforces access levels for authenticated users. */
+export interface AccessGuard {
+    /**
+     * Determine the access level for a user.
+     * @param user - The authenticated user identity.
+     * @returns The resolved access level.
+     */
+    resolveAccessLevel(user: UserIdentity): AccessLevel;
+    /**
+     * Assert that the user is not forbidden. Throws AccessDeniedError if forbidden.
+     * @param user - The authenticated user identity.
+     */
+    assertNotForbidden(user: UserIdentity): void;
+    /**
+     * Assert that the user has at least read-only access. Throws AccessDeniedError otherwise.
+     * @param user - The authenticated user identity.
+     */
+    assertCanQuery(user: UserIdentity): void;
+    /**
+     * Assert that the user has read-write or admin access. Throws AccessDeniedError otherwise.
+     * @param user - The authenticated user identity.
+     */
+    assertCanMutate(user: UserIdentity): void;
+}
+/** Error thrown when a user's access level is insufficient for an operation. */
+export declare class AccessDeniedError extends Error {
+    constructor(message: string);
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/access/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/access/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,+DAA+D;AAC/D,oBAAY,WAAW;IACrB,sCAAsC;IACtC,SAAS,cAAc;IACvB,uCAAuC;IACvC,SAAS,cAAc;IACvB,6CAA6C;IAC7C,UAAU,eAAe;IACzB,2CAA2C;IAC3C,KAAK,UAAU;CAChB;AAED,8EAA8E;AAC9E,MAAM,WAAW,WAAW;IAC1B;;;;OAIG;IACH,kBAAkB,CAAC,IAAI,EAAE,YAAY,GAAG,WAAW,CAAC;IAEpD;;;OAGG;IACH,kBAAkB,CAAC,IAAI,EAAE,YAAY,GAAG,IAAI,CAAC;IAE7C;;;OAGG;IACH,cAAc,CAAC,IAAI,EAAE,YAAY,GAAG,IAAI,CAAC;IAEzC;;;OAGG;IACH,eAAe,CAAC,IAAI,EAAE,YAAY,GAAG,IAAI,CAAC;CAC3C;AAED,gFAAgF;AAChF,qBAAa,iBAAkB,SAAQ,KAAK;gBAC9B,OAAO,EAAE,MAAM;CAI5B"}

package/dist/access/types.js

@@ -0,0 +1,20 @@
+/** Permission levels ordered from least to most privileged. */
+export var AccessLevel;
+(function (AccessLevel) {
+    /** User is not allowed any access. */
+    AccessLevel["FORBIDDEN"] = "forbidden";
+    /** User may only read / query data. */
+    AccessLevel["READ_ONLY"] = "read_only";
+    /** User may read and write / mutate data. */
+    AccessLevel["READ_WRITE"] = "read_write";
+    /** User has full administrative access. */
+    AccessLevel["ADMIN"] = "admin";
+})(AccessLevel || (AccessLevel = {}));
+/** Error thrown when a user's access level is insufficient for an operation. */
+export class AccessDeniedError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "AccessDeniedError";
+    }
+}
+//# sourceMappingURL=types.js.map

package/dist/access/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/access/types.ts"],"names":[],"mappings":"AAEA,+DAA+D;AAC/D,MAAM,CAAN,IAAY,WASX;AATD,WAAY,WAAW;IACrB,sCAAsC;IACtC,sCAAuB,CAAA;IACvB,uCAAuC;IACvC,sCAAuB,CAAA;IACvB,6CAA6C;IAC7C,wCAAyB,CAAA;IACzB,2CAA2C;IAC3C,8BAAe,CAAA;AACjB,CAAC,EATW,WAAW,KAAX,WAAW,QAStB;AA8BD,gFAAgF;AAChF,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAC1C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF"}

package/dist/agent-tool/factory.d.ts

@@ -0,0 +1,4 @@
+import type { ZodRawShape } from "zod";
+import type { AgentTool, ToolResult } from "./types.js";
+export declare function agentTool<T extends ZodRawShape>(name: string, description: string, schema: T, execute: (args: Record<string, unknown>) => Promise<ToolResult>): AgentTool<T>;
+//# sourceMappingURL=factory.d.ts.map

package/dist/agent-tool/factory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../src/agent-tool/factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,KAAK,CAAC;AACvC,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExD,wBAAgB,SAAS,CAAC,CAAC,SAAS,WAAW,EAC7C,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,CAAC,EACT,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,UAAU,CAAC,GAC9D,SAAS,CAAC,CAAC,CAAC,CAEd"}

package/dist/agent-tool/factory.js

@@ -0,0 +1,4 @@
+export function agentTool(name, description, schema, execute) {
+    return { name, description, schema, execute };
+}
+//# sourceMappingURL=factory.js.map

package/dist/agent-tool/factory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"factory.js","sourceRoot":"","sources":["../../src/agent-tool/factory.ts"],"names":[],"mappings":"AAGA,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,WAAmB,EACnB,MAAS,EACT,OAA+D;IAE/D,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;AAChD,CAAC"}

package/dist/agent-tool/index.d.ts

@@ -0,0 +1,3 @@
+export type { AgentTool, ToolResult } from "./types.js";
+export { agentTool } from "./factory.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/agent-tool/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/agent-tool/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC"}

package/dist/agent-tool/index.js

@@ -0,0 +1,2 @@
+export { agentTool } from "./factory.js";
+//# sourceMappingURL=index.js.map

package/dist/agent-tool/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/agent-tool/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC"}

package/dist/agent-tool/types.d.ts

@@ -0,0 +1,15 @@
+import type { ZodRawShape } from "zod";
+export interface ToolResult {
+    content: {
+        type: "text";
+        text: string;
+    }[];
+    isError?: boolean;
+}
+export interface AgentTool<T extends ZodRawShape = ZodRawShape> {
+    name: string;
+    description: string;
+    schema: T;
+    execute(args: Record<string, unknown>): Promise<ToolResult>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/agent-tool/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/agent-tool/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,KAAK,CAAC;AAEvC,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAC1C,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,SAAS,CAAC,CAAC,SAAS,WAAW,GAAG,WAAW;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,CAAC,CAAC;IACV,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;CAC7D"}

package/dist/agent-tool/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/agent-tool/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/agent-tool/types.ts"],"names":[],"mappings":""}

package/dist/auth/api-key.d.ts

@@ -0,0 +1,6 @@
+import type { AuthProvider, UserIdentity } from "./types.js";
+export interface ApiKeyAuthOpts {
+    validate: (apiKey: string) => Promise<UserIdentity | null>;
+}
+export declare function apiKeyAuth(opts: ApiKeyAuthOpts): AuthProvider;
+//# sourceMappingURL=api-key.d.ts.map

package/dist/auth/api-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.d.ts","sourceRoot":"","sources":["../../src/auth/api-key.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAc,YAAY,EAAE,MAAM,YAAY,CAAC;AAEzE,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;CAC5D;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,cAAc,GAAG,YAAY,CA0C7D"}

package/dist/auth/api-key.js

@@ -0,0 +1,36 @@
+export function apiKeyAuth(opts) {
+    const sessions = new Map();
+    return {
+        displayName: "API Key",
+        loginFields: [
+            {
+                key: "apiKey",
+                label: "API Key",
+                type: "password",
+                placeholder: "Enter your API key",
+            },
+        ],
+        async authenticate(userId) {
+            return sessions.get(userId) ?? null;
+        },
+        async login(_userId, credentials) {
+            const apiKey = credentials["apiKey"];
+            if (!apiKey) {
+                throw new Error("API key is required");
+            }
+            const identity = await opts.validate(apiKey);
+            if (!identity) {
+                throw new Error("Invalid API key");
+            }
+            sessions.set(identity.userId, identity);
+            return identity;
+        },
+        async hasValidSession(userId) {
+            return sessions.has(userId);
+        },
+        async clearSession(userId) {
+            sessions.delete(userId);
+        },
+    };
+}
+//# sourceMappingURL=api-key.js.map

package/dist/auth/api-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.js","sourceRoot":"","sources":["../../src/auth/api-key.ts"],"names":[],"mappings":"AAMA,MAAM,UAAU,UAAU,CAAC,IAAoB;IAC7C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAwB,CAAC;IAEjD,OAAO;QACL,WAAW,EAAE,SAAS;QAEtB,WAAW,EAAE;YACX;gBACE,GAAG,EAAE,QAAQ;gBACb,KAAK,EAAE,SAAS;gBAChB,IAAI,EAAE,UAAgC;gBACtC,WAAW,EAAE,oBAAoB;aAClC;SACF;QAED,KAAK,CAAC,YAAY,CAAC,MAAc;YAC/B,OAAO,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC;QACtC,CAAC;QAED,KAAK,CAAC,KAAK,CAAC,OAAe,EAAE,WAAmC;YAC9D,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACzC,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;YACrC,CAAC;YAED,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACxC,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,KAAK,CAAC,eAAe,CAAC,MAAc;YAClC,OAAO,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,MAAc;YAC/B,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC1B,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/auth/index.d.ts

@@ -0,0 +1,4 @@
+export type { AuthProvider, UserIdentity, LoginField } from "./types.js";
+export { noAuth } from "./no-auth.js";
+export { apiKeyAuth, type ApiKeyAuthOpts } from "./api-key.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAEzE,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,KAAK,cAAc,EAAE,MAAM,cAAc,CAAC"}

package/dist/auth/index.js

@@ -0,0 +1,3 @@
+export { noAuth } from "./no-auth.js";
+export { apiKeyAuth } from "./api-key.js";
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,UAAU,EAAuB,MAAM,cAAc,CAAC"}

package/dist/auth/no-auth.d.ts

@@ -0,0 +1,3 @@
+import type { AuthProvider } from "./types.js";
+export declare function noAuth(): AuthProvider;
+//# sourceMappingURL=no-auth.d.ts.map

package/dist/auth/no-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-auth.d.ts","sourceRoot":"","sources":["../../src/auth/no-auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAgB,MAAM,YAAY,CAAC;AAS7D,wBAAgB,MAAM,IAAI,YAAY,CAgBrC"}

package/dist/auth/no-auth.js

@@ -0,0 +1,21 @@
+const LOCAL_USER = {
+    userId: "local",
+    displayName: "Local User",
+    roles: ["admin"],
+    metadata: {},
+};
+export function noAuth() {
+    return {
+        displayName: "No Auth",
+        async authenticate(_userId) {
+            return LOCAL_USER;
+        },
+        async hasValidSession(_userId) {
+            return true;
+        },
+        async clearSession(_userId) {
+            // nothing to clear
+        },
+    };
+}
+//# sourceMappingURL=no-auth.js.map

package/dist/auth/no-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-auth.js","sourceRoot":"","sources":["../../src/auth/no-auth.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,GAAiB;IAC/B,MAAM,EAAE,OAAO;IACf,WAAW,EAAE,YAAY;IACzB,KAAK,EAAE,CAAC,OAAO,CAAC;IAChB,QAAQ,EAAE,EAAE;CACb,CAAC;AAEF,MAAM,UAAU,MAAM;IACpB,OAAO;QACL,WAAW,EAAE,SAAS;QAEtB,KAAK,CAAC,YAAY,CAAC,OAAe;YAChC,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,KAAK,CAAC,eAAe,CAAC,OAAe;YACnC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,OAAe;YAChC,mBAAmB;QACrB,CAAC;KACF,CAAC;AACJ,CAAC"}