@wildo-ai/external-connectors-models 1.0.1

package/dist/esm/core/oauth2.enums.js

@@ -0,0 +1,134 @@
+/**
+ * OAuth2 Enums - Shared OAuth2 type definitions
+ *
+ * These enums are extracted to avoid circular dependencies between
+ * security schemas and oauth2 protocol schemas.
+ *
+ * Based on:
+ * - RFC 6749: The OAuth 2.0 Authorization Framework
+ * - RFC 7636: Proof Key for Code Exchange (PKCE)
+ * - OpenID Connect Core 1.0
+ */
+/**
+ * OAuth2 Grant Types as defined in RFC 6749
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4
+ */
+export var OAuth2_GrantType;
+(function (OAuth2_GrantType) {
+    /** Authorization Code Grant (RFC 6749 §4.1) - For server-side apps with secure client secrets */
+    OAuth2_GrantType["AUTHORIZATION_CODE"] = "authorization_code";
+    /** Client Credentials Grant (RFC 6749 §4.4) - For machine-to-machine / S2S authentication */
+    OAuth2_GrantType["CLIENT_CREDENTIALS"] = "client_credentials";
+    /** Refresh Token Grant (RFC 6749 §6) - For obtaining new access tokens */
+    OAuth2_GrantType["REFRESH_TOKEN"] = "refresh_token";
+    /** Implicit Grant (RFC 6749 §4.2) - DEPRECATED, use PKCE instead */
+    OAuth2_GrantType["IMPLICIT"] = "implicit";
+    /** Resource Owner Password Credentials (RFC 6749 §4.3) - DEPRECATED */
+    OAuth2_GrantType["PASSWORD"] = "password";
+    /** Device Authorization Grant (RFC 8628) - For input-constrained devices */
+    OAuth2_GrantType["DEVICE_CODE"] = "urn:ietf:params:oauth:grant-type:device_code";
+    /** JWT Bearer Assertion (RFC 7523) - For service accounts */
+    OAuth2_GrantType["JWT_BEARER"] = "urn:ietf:params:oauth:grant-type:jwt-bearer";
+})(OAuth2_GrantType || (OAuth2_GrantType = {}));
+/**
+ * OAuth2 Response Types for Authorization Endpoint
+ */
+export var OAuth2_ResponseType;
+(function (OAuth2_ResponseType) {
+    OAuth2_ResponseType["CODE"] = "code";
+    OAuth2_ResponseType["TOKEN"] = "token";
+    OAuth2_ResponseType["ID_TOKEN"] = "id_token";
+    OAuth2_ResponseType["CODE_ID_TOKEN"] = "code id_token";
+    OAuth2_ResponseType["CODE_TOKEN"] = "code token";
+    OAuth2_ResponseType["ID_TOKEN_TOKEN"] = "id_token token";
+    OAuth2_ResponseType["CODE_ID_TOKEN_TOKEN"] = "code id_token token";
+})(OAuth2_ResponseType || (OAuth2_ResponseType = {}));
+/**
+ * PKCE Code Challenge Methods (RFC 7636)
+ */
+export var OAuth2_PKCE_Method;
+(function (OAuth2_PKCE_Method) {
+    OAuth2_PKCE_Method["PLAIN"] = "plain";
+    OAuth2_PKCE_Method["S256"] = "S256";
+})(OAuth2_PKCE_Method || (OAuth2_PKCE_Method = {}));
+/**
+ * Token Endpoint Authentication Methods
+ * How credentials are sent to the token endpoint
+ */
+export var OAuth2_TokenEndpoint_AuthMethod;
+(function (OAuth2_TokenEndpoint_AuthMethod) {
+    /** Credentials in Authorization header as Basic auth */
+    OAuth2_TokenEndpoint_AuthMethod["CLIENT_SECRET_BASIC"] = "client_secret_basic";
+    /** Credentials in request body */
+    OAuth2_TokenEndpoint_AuthMethod["CLIENT_SECRET_POST"] = "client_secret_post";
+    /** JWT assertion signed with client secret (HMAC) */
+    OAuth2_TokenEndpoint_AuthMethod["CLIENT_SECRET_JWT"] = "client_secret_jwt";
+    /** JWT assertion signed with private key (RSA/EC) */
+    OAuth2_TokenEndpoint_AuthMethod["PRIVATE_KEY_JWT"] = "private_key_jwt";
+    /** No authentication (public clients) */
+    OAuth2_TokenEndpoint_AuthMethod["NONE"] = "none";
+})(OAuth2_TokenEndpoint_AuthMethod || (OAuth2_TokenEndpoint_AuthMethod = {}));
+/**
+ * OpenID Connect Prompt Values
+ * Controls how the authorization server prompts the user
+ */
+export var OAuth2_Prompt;
+(function (OAuth2_Prompt) {
+    /** No prompt - silent auth only */
+    OAuth2_Prompt["NONE"] = "none";
+    /** Force login even if session exists */
+    OAuth2_Prompt["LOGIN"] = "login";
+    /** Require user consent even if previously granted */
+    OAuth2_Prompt["CONSENT"] = "consent";
+    /** Prompt for account selection */
+    OAuth2_Prompt["SELECT_ACCOUNT"] = "select_account";
+})(OAuth2_Prompt || (OAuth2_Prompt = {}));
+/**
+ * Access Type - whether to request refresh tokens
+ */
+export var OAuth2_AccessType;
+(function (OAuth2_AccessType) {
+    /** Only access token, no refresh capability */
+    OAuth2_AccessType["ONLINE"] = "online";
+    /** Request refresh token for offline access */
+    OAuth2_AccessType["OFFLINE"] = "offline";
+})(OAuth2_AccessType || (OAuth2_AccessType = {}));
+/**
+ * OAuth2 Provider Purpose - what the OAuth2 is used for
+ */
+export var OAuth2_Purpose;
+(function (OAuth2_Purpose) {
+    /** API access only - for making API calls to the provider */
+    OAuth2_Purpose["API_ACCESS"] = "api_access";
+    /** User SSO - for authenticating users into our application */
+    OAuth2_Purpose["USER_SSO"] = "user_sso";
+    /** Both API access and user SSO */
+    OAuth2_Purpose["HYBRID"] = "hybrid";
+})(OAuth2_Purpose || (OAuth2_Purpose = {}));
+/**
+ * OAuth2 Token Format - How to format the token for API calls
+ */
+export var OAuth2_TokenFormat;
+(function (OAuth2_TokenFormat) {
+    /** Authorization: Bearer <token> */
+    OAuth2_TokenFormat["BEARER"] = "bearer";
+    /** Authorization: token <token> */
+    OAuth2_TokenFormat["TOKEN"] = "token";
+    /** Authorization: OAuth <token> */
+    OAuth2_TokenFormat["OAUTH"] = "oauth";
+    /** Custom header specified separately */
+    OAuth2_TokenFormat["CUSTOM_HEADER"] = "custom_header";
+    /** Token in query parameter */
+    OAuth2_TokenFormat["QUERY_PARAM"] = "query_param";
+})(OAuth2_TokenFormat || (OAuth2_TokenFormat = {}));
+/**
+ * OAuth2 Token Location - Where to send the access token
+ */
+export var OAuth2_TokenLocation;
+(function (OAuth2_TokenLocation) {
+    /** In Authorization header */
+    OAuth2_TokenLocation["HEADER"] = "header";
+    /** As query parameter */
+    OAuth2_TokenLocation["QUERY"] = "query";
+})(OAuth2_TokenLocation || (OAuth2_TokenLocation = {}));
+//# sourceMappingURL=oauth2.enums.js.map

package/dist/esm/core/oauth2.enums.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2.enums.js","sourceRoot":"","sources":["../../../src/core/oauth2.enums.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;;GAGG;AACH,MAAM,CAAN,IAAY,gBAqBX;AArBD,WAAY,gBAAgB;IAC1B,iGAAiG;IACjG,6DAAyC,CAAA;IAEzC,6FAA6F;IAC7F,6DAAyC,CAAA;IAEzC,0EAA0E;IAC1E,mDAA+B,CAAA;IAE/B,oEAAoE;IACpE,yCAAqB,CAAA;IAErB,uEAAuE;IACvE,yCAAqB,CAAA;IAErB,4EAA4E;IAC5E,gFAA4D,CAAA;IAE5D,6DAA6D;IAC7D,8EAA0D,CAAA;AAC5D,CAAC,EArBW,gBAAgB,KAAhB,gBAAgB,QAqB3B;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,mBAQX;AARD,WAAY,mBAAmB;IAC7B,oCAAa,CAAA;IACb,sCAAe,CAAA;IACf,4CAAqB,CAAA;IACrB,sDAA+B,CAAA;IAC/B,gDAAyB,CAAA;IACzB,wDAAiC,CAAA;IACjC,kEAA2C,CAAA;AAC7C,CAAC,EARW,mBAAmB,KAAnB,mBAAmB,QAQ9B;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,kBAGX;AAHD,WAAY,kBAAkB;IAC5B,qCAAe,CAAA;IACf,mCAAa,CAAA;AACf,CAAC,EAHW,kBAAkB,KAAlB,kBAAkB,QAG7B;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,+BAeX;AAfD,WAAY,+BAA+B;IACzC,wDAAwD;IACxD,8EAA2C,CAAA;IAE3C,kCAAkC;IAClC,4EAAyC,CAAA;IAEzC,qDAAqD;IACrD,0EAAuC,CAAA;IAEvC,qDAAqD;IACrD,sEAAmC,CAAA;IAEnC,yCAAyC;IACzC,gDAAa,CAAA;AACf,CAAC,EAfW,+BAA+B,KAA/B,+BAA+B,QAe1C;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,aAYX;AAZD,WAAY,aAAa;IACvB,mCAAmC;IACnC,8BAAa,CAAA;IAEb,yCAAyC;IACzC,gCAAe,CAAA;IAEf,sDAAsD;IACtD,oCAAmB,CAAA;IAEnB,mCAAmC;IACnC,kDAAiC,CAAA;AACnC,CAAC,EAZW,aAAa,KAAb,aAAa,QAYxB;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,iBAMX;AAND,WAAY,iBAAiB;IAC3B,+CAA+C;IAC/C,sCAAiB,CAAA;IAEjB,+CAA+C;IAC/C,wCAAmB,CAAA;AACrB,CAAC,EANW,iBAAiB,KAAjB,iBAAiB,QAM5B;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,cASX;AATD,WAAY,cAAc;IACxB,6DAA6D;IAC7D,2CAAyB,CAAA;IAEzB,+DAA+D;IAC/D,uCAAqB,CAAA;IAErB,mCAAmC;IACnC,mCAAiB,CAAA;AACnB,CAAC,EATW,cAAc,KAAd,cAAc,QASzB;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,kBAWX;AAXD,WAAY,kBAAkB;IAC5B,oCAAoC;IACpC,uCAAiB,CAAA;IACjB,mCAAmC;IACnC,qCAAe,CAAA;IACf,mCAAmC;IACnC,qCAAe,CAAA;IACf,yCAAyC;IACzC,qDAA+B,CAAA;IAC/B,+BAA+B;IAC/B,iDAA2B,CAAA;AAC7B,CAAC,EAXW,kBAAkB,KAAlB,kBAAkB,QAW7B;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,oBAKX;AALD,WAAY,oBAAoB;IAC9B,8BAA8B;IAC9B,yCAAiB,CAAA;IACjB,yBAAyB;IACzB,uCAAe,CAAA;AACjB,CAAC,EALW,oBAAoB,KAApB,oBAAoB,QAK/B"}

package/dist/esm/core/operations.external-connectors-models.schemas.d.ts

@@ -0,0 +1,46 @@
+import { z } from "zod";
+/** ──────────────────────────────────────────────────────────────
+ * Internal Schemas (concrete, for method access)
+ * ────────────────────────────────────────────────────────────── */
+export declare const ExternalProvider_OperationContextSchema: z.ZodObject<{
+    callTimestamp: z.ZodISODateTime;
+    callDuration: z.ZodOptional<z.ZodNumber>;
+    errorReason: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type ExternalProvider_OperationContext = z.infer<typeof ExternalProvider_OperationContextSchema>;
+export type ExternalProvider_OperationDefinition_Base = {
+    /**
+     * Unique operation identifier
+     * Format: {provider}-{domain}-{action} e.g., "stripe-customers-create"
+     */
+    operationKey: string;
+    /** Provider reference (e.g., "google", "slack", "stripe") */
+    providerRef: string;
+    /**
+     * Domains this operation belongs to (can span multiple domains)
+     * e.g., ["customers"] or ["sheets", "drive"] for cross-domain operations
+     * Empty/undefined for providers without explicit domains
+     */
+    domains?: string[];
+    /**
+     * Capabilities/features this operation uses
+     * e.g., ["storage", "file-upload"] for a file creation operation
+     */
+    features?: string[];
+    /** Human-readable name */
+    displayName?: string;
+    /** Operation description */
+    description?: string;
+    /** Input schema (Zod) */
+    inputSchema: z.ZodSchema<any>;
+    /** Output schema (Zod) */
+    outputSchema: z.ZodSchema<any>;
+    /** Operation-specific metadata */
+    metadata?: Record<string, any>;
+    /**
+     * OAuth2 scopes required specifically for this operation
+     * System unions all required scopes from selected operations at auth time
+     */
+    requiredScopes?: string[];
+};
+//# sourceMappingURL=operations.external-connectors-models.schemas.d.ts.map

package/dist/esm/core/operations.external-connectors-models.schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"operations.external-connectors-models.schemas.d.ts","sourceRoot":"","sources":["../../../src/core/operations.external-connectors-models.schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;oEAEoE;AAEpE,eAAO,MAAM,uCAAuC;;;;iBAIlD,CAAC;AACH,MAAM,MAAM,iCAAiC,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uCAAuC,CAAC,CAAC;AAExG,MAAM,MAAM,yCAAyC,GAAG;IACtD;;;OAGG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB,6DAA6D;IAC7D,WAAW,EAAE,MAAM,CAAC;IAEpB;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IAEpB,0BAA0B;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,4BAA4B;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,yBAAyB;IACzB,WAAW,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE9B,0BAA0B;IAC1B,YAAY,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE/B,kCAAkC;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE/B;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B,CAAA"}

package/dist/esm/core/operations.external-connectors-models.schemas.js

@@ -0,0 +1,10 @@
+import { z } from "zod";
+/** ──────────────────────────────────────────────────────────────
+ * Internal Schemas (concrete, for method access)
+ * ────────────────────────────────────────────────────────────── */
+export const ExternalProvider_OperationContextSchema = z.object({
+    callTimestamp: z.iso.datetime(),
+    callDuration: z.number().optional(),
+    errorReason: z.string().optional(),
+});
+//# sourceMappingURL=operations.external-connectors-models.schemas.js.map

package/dist/esm/core/operations.external-connectors-models.schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"operations.external-connectors-models.schemas.js","sourceRoot":"","sources":["../../../src/core/operations.external-connectors-models.schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;oEAEoE;AAEpE,MAAM,CAAC,MAAM,uCAAuC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9D,aAAa,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE;IAC/B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAC"}

package/dist/esm/core/protocols.external-connectors-models.schemas.d.ts

@@ -0,0 +1,84 @@
+import { z } from "zod";
+import { A2A_AgentProfile, A2A_Configuration } from "../protocols/a2a.external-connectors-models.schemas.js";
+import { CLIRuntime_Configuration, CLIRuntime_Profile } from "../protocols/cli-runtime.external-connectors-models.schemas.js";
+import { EmailProvider_Configuration, EmailProvider_Profile } from "../protocols/email.external-connectors-models.schemas.js";
+import { FrontendProvider_Configuration, FrontendProvider_Profile } from "../protocols/frontend.external-connectors-models.schemas.js";
+import { GitProvider_Configuration, GitProvider_Profile } from "../protocols/git.external-connectors-models.schemas.js";
+import { GrpcProvider_Configuration, GrpcProvider_Profile } from "../protocols/grpc.external-connectors-models.schemas.js";
+import { HookInitiatorProvider_Configuration, HookInitiatorProvider_Profile } from "../protocols/hooks.external-connectors-models.schemas.js";
+import { LLMProvider_Configuration, LLMProvider_Profile } from "../protocols/llm.external-connectors-models.schemas.js";
+import { MCPProvider_Configuration, MCPProvider_Profile } from "../protocols/mcp.external-connectors-models.schemas.js";
+import { ExternalProvider_OAuth2_Config, OAuth2Provider_Profile } from "../protocols/oauth2.external-connectors-models.schemas.js";
+import { REST_API_Provider_Configuration, REST_API_Provider_Profile } from "../protocols/rest-api.external-connectors-models.schemas.js";
+import { SAMLProvider_Configuration, SAMLProvider_Profile } from "../protocols/saml.external-connectors-models.schemas.js";
+import type { SMSProvider_Configuration, SMSProvider_Profile } from "../protocols/sms.external-connectors-models.schemas.js";
+import { ExternalProvider_ExchangeProtocol_Configuration_Base, ExternalProvider_ExchangeProtocol_Kind, ExternalProvider_ExchangeProtocol_Profile_Base, ExternalProvider_IO_Direction, ExternalProvider_IO_InteractionPattern } from "./commons.external-connectors-models.schemas.js";
+import { ExternalProvider_OperationDefinition_Base } from "./operations.external-connectors-models.schemas.js";
+export type ExternalProvider_ExchangeProtocol_Base = {
+    kind: ExternalProvider_ExchangeProtocol_Kind;
+    providerRef: string;
+    direction: ExternalProvider_IO_Direction;
+    interactionPattern: ExternalProvider_IO_InteractionPattern;
+    profile: ExternalProvider_ExchangeProtocol_Profile_Base;
+    defaultConfiguration: ExternalProvider_ExchangeProtocol_Configuration_Base;
+    statusSchema: z.ZodSchema<any>;
+    operations: Record<string, ExternalProvider_OperationDefinition_Base>;
+};
+export type ExternalProvider_ExchangeProtocol = (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.REST_API;
+    profile: REST_API_Provider_Profile;
+    defaultConfiguration: REST_API_Provider_Configuration;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.WEBHOOK_ORIGINATOR;
+    profile: HookInitiatorProvider_Profile;
+    defaultConfiguration: HookInitiatorProvider_Configuration;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.LLM_PROVIDER;
+    profile: LLMProvider_Profile;
+    defaultConfiguration: LLMProvider_Configuration;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.CLI_RUNTIME;
+    profile: CLIRuntime_Profile;
+    defaultConfiguration: CLIRuntime_Configuration;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.MCP_CONNECTOR;
+    profile: MCPProvider_Profile;
+    defaultConfiguration: MCPProvider_Configuration;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.A2A_CONNECTOR;
+    profile: A2A_AgentProfile;
+    defaultConfiguration: A2A_Configuration;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.EMAIL_PROVIDER;
+    profile: EmailProvider_Profile;
+    defaultConfiguration: EmailProvider_Configuration;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.GIT_PROVIDER;
+    profile: GitProvider_Profile;
+    defaultConfiguration: GitProvider_Configuration;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.GRPC;
+    profile: GrpcProvider_Profile;
+    defaultConfiguration: GrpcProvider_Configuration;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.SSO_OAUTH2;
+    profile: OAuth2Provider_Profile;
+    defaultConfiguration: ExternalProvider_OAuth2_Config;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.SSO_SAML;
+    profile: SAMLProvider_Profile;
+    defaultConfiguration: SAMLProvider_Configuration;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.FRONTEND_INTEGRATION;
+    profile: FrontendProvider_Profile;
+    defaultConfiguration: FrontendProvider_Configuration;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.BILLING_PROVIDER;
+    profile: ExternalProvider_ExchangeProtocol_Profile_Base;
+    defaultConfiguration: ExternalProvider_ExchangeProtocol_Configuration_Base;
+}) | (ExternalProvider_ExchangeProtocol_Base & {
+    kind: ExternalProvider_ExchangeProtocol_Kind.SMS_PROVIDER;
+    profile: SMSProvider_Profile;
+    defaultConfiguration: SMSProvider_Configuration;
+});
+//# sourceMappingURL=protocols.external-connectors-models.schemas.d.ts.map

package/dist/esm/core/protocols.external-connectors-models.schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocols.external-connectors-models.schemas.d.ts","sourceRoot":"","sources":["../../../src/core/protocols.external-connectors-models.schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAA6B,MAAM,2EAA2E,CAAC;AAC3J,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAA2B,MAAM,mFAAmF,CAAC;AAC1K,OAAO,EAAE,2BAA2B,EAAE,qBAAqB,EAA8B,MAAM,6EAA6E,CAAC;AAC7K,OAAO,EAAE,8BAA8B,EAAE,wBAAwB,EAAiC,MAAM,gFAAgF,CAAC;AACzL,OAAO,EAAE,yBAAyB,EAAE,mBAAmB,EAA4B,MAAM,2EAA2E,CAAC;AACrK,OAAO,EAAE,0BAA0B,EAAE,oBAAoB,EAA6B,MAAM,4EAA4E,CAAC;AACzK,OAAO,EAAE,mCAAmC,EAAE,6BAA6B,EAAsC,MAAM,6EAA6E,CAAC;AACrM,OAAO,EAAE,yBAAyB,EAAE,mBAAmB,EAA4B,MAAM,2EAA2E,CAAC;AACrK,OAAO,EAAE,yBAAyB,EAAE,mBAAmB,EAA4B,MAAM,2EAA2E,CAAC;AACrK,OAAO,EAAE,8BAA8B,EAAE,sBAAsB,EAA+B,MAAM,8EAA8E,CAAC;AACnL,OAAO,EAAE,+BAA+B,EAAE,yBAAyB,EAAiC,MAAM,gFAAgF,CAAC;AAC3L,OAAO,EAAE,0BAA0B,EAAE,oBAAoB,EAA6B,MAAM,4EAA4E,CAAC;AACzK,OAAO,KAAK,EAAE,yBAAyB,EAAE,mBAAmB,EAAE,MAAM,2EAA2E,CAAC;AAChJ,OAAO,EAAE,oDAAoD,EAAE,sCAAsC,EAAE,8CAA8C,EAAE,6BAA6B,EAAE,sCAAsC,EAAE,MAAM,8CAA8C,CAAC;AACnR,OAAO,EAAE,yCAAyC,EAAE,MAAM,iDAAiD,CAAC;AAG5G,MAAM,MAAM,sCAAsC,GAAG;IACnD,IAAI,EAAE,sCAAsC,CAAC;IAC7C,WAAW,EAAG,MAAM,CAAC;IACrB,SAAS,EAAE,6BAA6B,CAAC;IACzC,kBAAkB,EAAE,sCAAsC,CAAC;IAC3D,OAAO,EAAG,8CAA8C,CAAC;IACzD,oBAAoB,EAAG,oDAAoD,CAAC;IAC5E,YAAY,EAAG,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAChC,UAAU,EAAG,MAAM,CAAC,MAAM,EAAE,yCAAyC,CAAC,CAAC;CACxE,CAAC;AAEF,MAAM,MAAM,iCAAiC,GAC3C,CAAC,sCAAsC,GAAG;IACxC,IAAI,EAAE,sCAAsC,CAAC,QAAQ,CAAC;IACtD,OAAO,EAAG,yBAAyB,CAAC;IACpC,oBAAoB,EAAG,+BAA+B,CAAC;CACxD,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,kBAAkB,CAAC;IAChE,OAAO,EAAG,6BAA6B,CAAC;IACxC,oBAAoB,EAAG,mCAAmC,CAAC;CAC5D,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,YAAY,CAAC;IAC1D,OAAO,EAAG,mBAAmB,CAAC;IAC9B,oBAAoB,EAAG,yBAAyB,CAAC;CAClD,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,WAAW,CAAC;IACzD,OAAO,EAAG,kBAAkB,CAAC;IAC7B,oBAAoB,EAAG,wBAAwB,CAAC;CACjD,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,aAAa,CAAC;IAC3D,OAAO,EAAG,mBAAmB,CAAC;IAC9B,oBAAoB,EAAG,yBAAyB,CAAC;CAClD,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,aAAa,CAAC;IAC3D,OAAO,EAAG,gBAAgB,CAAC;IAC3B,oBAAoB,EAAG,iBAAiB,CAAC;CAC1C,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,cAAc,CAAC;IAC5D,OAAO,EAAG,qBAAqB,CAAC;IAChC,oBAAoB,EAAG,2BAA2B,CAAC;CACpD,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,YAAY,CAAC;IAC1D,OAAO,EAAG,mBAAmB,CAAC;IAC9B,oBAAoB,EAAG,yBAAyB,CAAC;CAClD,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,IAAI,CAAC;IAClD,OAAO,EAAG,oBAAoB,CAAC;IAC/B,oBAAoB,EAAG,0BAA0B,CAAC;CACnD,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,UAAU,CAAC;IACxD,OAAO,EAAG,sBAAsB,CAAC;IACjC,oBAAoB,EAAG,8BAA8B,CAAC;CACvD,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,QAAQ,CAAC;IACtD,OAAO,EAAG,oBAAoB,CAAC;IAC/B,oBAAoB,EAAG,0BAA0B,CAAC;CACnD,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,oBAAoB,CAAC;IAClE,OAAO,EAAG,wBAAwB,CAAC;IACnC,oBAAoB,EAAG,8BAA8B,CAAC;CACvD,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,gBAAgB,CAAC;IAC9D,OAAO,EAAG,8CAA8C,CAAC;IACzD,oBAAoB,EAAG,oDAAoD,CAAC;CAC7E,CAAC,GAEA,CAAC,sCAAsC,GAAG;IAC1C,IAAI,EAAE,sCAAsC,CAAC,YAAY,CAAC;IAC1D,OAAO,EAAG,mBAAmB,CAAC;IAC9B,oBAAoB,EAAG,yBAAyB,CAAC;CAClD,CAAC,CACH"}

package/dist/esm/core/protocols.external-connectors-models.schemas.js

@@ -0,0 +1 @@
+//# sourceMappingURL=protocols.external-connectors-models.schemas.js.map

package/dist/esm/core/protocols.external-connectors-models.schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocols.external-connectors-models.schemas.js","sourceRoot":"","sources":["../../../src/core/protocols.external-connectors-models.schemas.ts"],"names":[],"mappings":""}

package/dist/esm/core/providers.external-connectors-models.schemas.d.ts

@@ -0,0 +1,80 @@
+import { z } from "zod";
+import { ExternalProvider_ExchangeProtocol } from "./protocols.external-connectors-models.schemas.js";
+import { ExternalProvider_Capability } from "../features/core.external-connectors-models.schemas.js";
+import { ProviderCapabilityTransformers } from "../features/email.external-connectors-models.schemas.js";
+/** ──────────────────────────────────────────────────────────────
+ * Domain Schema
+ * A domain is a logical grouping of related API operations within a provider
+ * e.g., Stripe has domains: customers, payments, subscriptions, invoices
+ * e.g., Google has domains: sheets, drive, calendar, gmail
+ * ────────────────────────────────────────────────────────────── */
+export declare const ExternalProvider_DomainSchema: z.ZodObject<{
+    ref: z.ZodString;
+    displayName: z.ZodString;
+    description: z.ZodOptional<z.ZodString>;
+    baseUrl: z.ZodOptional<z.ZodURL>;
+    version: z.ZodOptional<z.ZodString>;
+    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, z.core.$strip>;
+/** ──────────────────────────────────────────────────────────────
+ * Provider Definition Schema
+ * Represents an external service provider (e.g., Google, Microsoft, Slack)
+ * ────────────────────────────────────────────────────────────── */
+export declare const ExternalProvider_DefinitionBaseSchema: z.ZodObject<{
+    ref: z.ZodString;
+    displayName: z.ZodString;
+    description: z.ZodOptional<z.ZodString>;
+    baseUrl: z.ZodOptional<z.ZodURL>;
+    domains: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        ref: z.ZodString;
+        displayName: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        baseUrl: z.ZodOptional<z.ZodURL>;
+        version: z.ZodOptional<z.ZodString>;
+        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, z.core.$strip>>>;
+    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, z.core.$strip>;
+/** ──────────────────────────────────────────────────────────────
+ * Inferred Types (from schemas - no interface duplication)
+ * ────────────────────────────────────────────────────────────── */
+export type ExternalProvider_Domain = z.infer<typeof ExternalProvider_DomainSchema>;
+export type ExternalProvider_DefinitionBase = z.infer<typeof ExternalProvider_DefinitionBaseSchema>;
+/**
+ * Complete provider definition including protocols, capabilities, and transformers.
+ *
+ * Capabilities and their transformers are defined at the PROVIDER level, not protocol level.
+ * Each capability (EMAIL_TRANSACTIONAL, EMAIL_MARKETING, etc.) is fully independent.
+ */
+export type ExternalProvider_Definition = ExternalProvider_DefinitionBase & {
+    /** Exchange protocols this provider supports (EMAIL_PROVIDER, LLM_PROVIDER, etc.) */
+    protocols: ExternalProvider_ExchangeProtocol[];
+    /**
+     * Standard capabilities this provider implements.
+     * Each capability is fully independent even if related (e.g., EMAIL_TRANSACTIONAL vs EMAIL_MARKETING).
+     */
+    capabilities?: ExternalProvider_Capability[];
+    /**
+     * Capability transformers for ETL operations.
+     * Each capability has its own transformer with fully segregated logic.
+     * Used by the backend to interact with providers in a standardized way.
+     */
+    capabilityTransformers?: ProviderCapabilityTransformers;
+    /**
+     * NPM packages required at runtime by this provider's transformers.
+     *
+     * Provider SDK packages (e.g., 'stripe', 'resend') are optional dependencies
+     * of the external-connectors package. The consuming app (apps-custom) must
+     * explicitly add the required packages to its own dependencies.
+     *
+     * The engine uses this list to:
+     * - Check SDK availability at startup before attempting to use the provider
+     * - Provide actionable error messages when a required package is missing
+     * - Filter available providers in admin UIs and configuration surfaces
+     *
+     * @example ['stripe'] for Stripe billing provider
+     * @example ['resend'] for Resend email provider
+     */
+    requiredPackages?: string[];
+};
+//# sourceMappingURL=providers.external-connectors-models.schemas.d.ts.map

package/dist/esm/core/providers.external-connectors-models.schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"providers.external-connectors-models.schemas.d.ts","sourceRoot":"","sources":["../../../src/core/providers.external-connectors-models.schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,iCAAiC,EAAE,MAAM,gDAAgD,CAAC;AACnG,OAAO,EAAE,2BAA2B,EAAE,MAAM,2EAA2E,CAAC;AACxH,OAAO,EAAE,8BAA8B,EAAE,MAAM,4EAA4E,CAAC;AAE5H;;;;;oEAKoE;AAEpE,eAAO,MAAM,6BAA6B;;;;;;;iBAyBxC,CAAC;AAEH;;;oEAGoE;AAEpE,eAAO,MAAM,qCAAqC;;;;;;;;;;;;;;iBA0BhD,CAAC;AAEH;;oEAEoE;AAEpE,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AACpF,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qCAAqC,CAAC,CAAC;AAEpG;;;;;GAKG;AACH,MAAM,MAAM,2BAA2B,GAAG,+BAA+B,GAAG;IAC1E,qFAAqF;IACrF,SAAS,EAAE,iCAAiC,EAAE,CAAC;IAE/C;;;OAGG;IACH,YAAY,CAAC,EAAE,2BAA2B,EAAE,CAAC;IAE7C;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,8BAA8B,CAAC;IAExD;;;;;;;;;;;;;;OAcG;IACH,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B,CAAC"}

package/dist/esm/core/providers.external-connectors-models.schemas.js

@@ -0,0 +1,55 @@
+import { z } from "zod";
+/** ──────────────────────────────────────────────────────────────
+ * Domain Schema
+ * A domain is a logical grouping of related API operations within a provider
+ * e.g., Stripe has domains: customers, payments, subscriptions, invoices
+ * e.g., Google has domains: sheets, drive, calendar, gmail
+ * ────────────────────────────────────────────────────────────── */
+export const ExternalProvider_DomainSchema = z.object({
+    /** Unique identifier within the provider (e.g., "customers", "sheets") */
+    ref: z.string().min(1),
+    /** Human-readable name (e.g., "Customers", "Google Sheets") */
+    displayName: z.string().min(1),
+    /** Domain description */
+    description: z.string().optional(),
+    /**
+     * Base URL override for this domain
+     * If not specified, uses provider's baseUrl
+     * e.g., "https://sheets.googleapis.com/v4" overrides "https://www.googleapis.com"
+     */
+    baseUrl: z.url().optional(),
+    /**
+     * API version for this domain (e.g., "v4", "2025-03-31")
+     * If not specified, uses protocol-level version
+     */
+    version: z.string().optional(),
+    /** Domain-specific metadata */
+    metadata: z.record(z.string(), z.unknown()).optional(),
+});
+/** ──────────────────────────────────────────────────────────────
+ * Provider Definition Schema
+ * Represents an external service provider (e.g., Google, Microsoft, Slack)
+ * ────────────────────────────────────────────────────────────── */
+export const ExternalProvider_DefinitionBaseSchema = z.object({
+    /** Unique identifier (e.g., "google", "microsoft", "slack") */
+    ref: z.string().min(1),
+    /** Human-readable name (e.g., "Google", "Microsoft", "Slack") */
+    displayName: z.string().min(1),
+    /** Provider description */
+    description: z.string().optional(),
+    /**
+     * Default base URL for the provider
+     * Can be overridden at domain level
+     */
+    baseUrl: z.url().optional(),
+    /**
+     * Domains/API groupings within this provider
+     * Empty array for providers without explicit domains
+     * e.g., Stripe has: [{ ref: "customers" }, { ref: "payments" }, { ref: "subscriptions" }]
+     * e.g., Google has: [{ ref: "sheets" }, { ref: "drive" }, { ref: "calendar" }]
+     */
+    domains: z.array(ExternalProvider_DomainSchema).default([]),
+    /** Provider-specific metadata */
+    metadata: z.record(z.string(), z.unknown()).optional(),
+});
+//# sourceMappingURL=providers.external-connectors-models.schemas.js.map

package/dist/esm/core/providers.external-connectors-models.schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"providers.external-connectors-models.schemas.js","sourceRoot":"","sources":["../../../src/core/providers.external-connectors-models.schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAKxB;;;;;oEAKoE;AAEpE,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC;IACpD,0EAA0E;IAC1E,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAEtB,+DAA+D;IAC/D,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAE9B,yBAAyB;IACzB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAElC;;;;OAIG;IACH,OAAO,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAE3B;;;OAGG;IACH,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE9B,+BAA+B;IAC/B,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACvD,CAAC,CAAC;AAEH;;;oEAGoE;AAEpE,MAAM,CAAC,MAAM,qCAAqC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5D,+DAA+D;IAC/D,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAEtB,iEAAiE;IACjE,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAE9B,2BAA2B;IAC3B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAElC;;;OAGG;IACH,OAAO,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAE3B;;;;;OAKG;IACH,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAE3D,iCAAiC;IACjC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACvD,CAAC,CAAC"}

package/dist/esm/core/security.external-connectors-models.schemas.d.ts

@@ -0,0 +1,187 @@
+/**
+ * Security and Authentication Schemas for External Connectors
+ *
+ * This module defines authentication profiles that can be used across protocols.
+ * It integrates with OAuth2 to avoid duplication between API auth and OAuth2 config.
+ *
+ * Architecture:
+ * - ExternalProvider_Auth_Kind: The type of authentication
+ * - ExternalProvider_AuthProfile: How to authenticate with an API
+ * - OAuth2-linked profiles: Reference OAuth2 config instead of duplicating
+ *
+ * @see https://swagger.io/docs/specification/v3_0/authentication/
+ */
+import { z } from "zod";
+import { OAuth2_GrantType, OAuth2_TokenEndpoint_AuthMethod, OAuth2_PKCE_Method, OAuth2_Prompt, OAuth2_AccessType } from './oauth2.enums.js';
+/**
+ * Authentication types supported by external providers
+ * Follows OpenAPI 3.0 Security Schemes with extensions
+ */
+export declare enum ExternalProvider_Auth_Kind {
+    /** No authentication required */
+    NONE = "none",
+    /** API Key in header, query, or cookie */
+    API_KEY = "api_key",
+    /** Bearer token (OAuth2 access token or JWT) */
+    BEARER = "bearer",
+    /** HTTP Basic authentication */
+    BASIC = "basic",
+    /** OAuth2 authentication - links to OAuth2 provider definition */
+    OAUTH2 = "oauth2",
+    /** HMAC signature-based authentication */
+    HMAC_SIGNATURE = "hmac_signature",
+    /** OpenID Connect (OAuth2 + identity layer) */
+    OPENID_CONNECT = "openid_connect",
+    /** Mutual TLS (client certificates) */
+    MUTUAL_TLS = "mutual_tls",
+    /** Frontend-specific secret (not exposed to user) */
+    FRONTEND_SECRET = "frontend_secret"
+}
+export declare enum ExternalProvider_Auth_ApiKey_Location {
+    HEADER = "header",
+    QUERY = "query",
+    COOKIE = "cookie"
+}
+export declare enum ExternalProvider_Auth_HMAC_Signature_Algorithm {
+    SHA256 = "sha256",
+    SHA512 = "sha512"
+}
+export declare enum ExternalProvider_Auth_Bearer_Format {
+    JWT = "jwt",
+    API_KEY = "api_key",
+    OAUTH2_ACCESS_TOKEN = "oauth2_access_token"
+}
+/**
+ * Auth Configuration - references a secret
+ * This is the runtime configuration that specifies which secret to use
+ */
+export declare const ExternalProvider_Auth_ConfigurationSchema: z.ZodObject<{
+    authKind: z.ZodEnum<typeof ExternalProvider_Auth_Kind>;
+    profileRefs: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    isDefault: z.ZodOptional<z.ZodBoolean>;
+    secretRef: z.ZodString;
+}, z.core.$strip>;
+export declare const ExternalProvider_RateLimitConfigurationSchema: z.ZodObject<{
+    maxConcurrent: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    minTime: z.ZodOptional<z.ZodNumber>;
+    reservoir: z.ZodOptional<z.ZodNumber>;
+    reservoirRefreshInterval: z.ZodOptional<z.ZodNumber>;
+    reservoirRefreshAmount: z.ZodOptional<z.ZodNumber>;
+    priority: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+}, z.core.$strip>;
+export declare const ExternalProvider_AuthProfile_BaseSchema: z.ZodObject<{
+    kind: z.ZodEnum<typeof ExternalProvider_Auth_Kind>;
+    ref: z.ZodOptional<z.ZodString>;
+    isDefault: z.ZodDefault<z.ZodBoolean>;
+    location: z.ZodDefault<z.ZodEnum<typeof ExternalProvider_Auth_ApiKey_Location>>;
+    locationField: z.ZodDefault<z.ZodString>;
+}, z.core.$strip>;
+export type ExternalProvider_Auth_Configuration = z.infer<typeof ExternalProvider_Auth_ConfigurationSchema>;
+export type ExternalProvider_RateLimitConfiguration = z.infer<typeof ExternalProvider_RateLimitConfigurationSchema>;
+export type ExternalProvider_AuthProfile_Base = z.infer<typeof ExternalProvider_AuthProfile_BaseSchema>;
+/**
+ * Complete Auth Profile Schema - discriminated union by kind
+ * Each kind has specific configuration fields
+ */
+export declare const ExternalProvider_AuthProfile_Schema: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    ref: z.ZodOptional<z.ZodString>;
+    isDefault: z.ZodDefault<z.ZodBoolean>;
+    location: z.ZodDefault<z.ZodEnum<typeof ExternalProvider_Auth_ApiKey_Location>>;
+    kind: z.ZodLiteral<ExternalProvider_Auth_Kind.API_KEY>;
+    locationField: z.ZodDefault<z.ZodString>;
+    prefix: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    ref: z.ZodOptional<z.ZodString>;
+    isDefault: z.ZodDefault<z.ZodBoolean>;
+    location: z.ZodDefault<z.ZodEnum<typeof ExternalProvider_Auth_ApiKey_Location>>;
+    kind: z.ZodLiteral<ExternalProvider_Auth_Kind.HMAC_SIGNATURE>;
+    locationField: z.ZodDefault<z.ZodString>;
+    algorithm: z.ZodDefault<z.ZodEnum<typeof ExternalProvider_Auth_HMAC_Signature_Algorithm>>;
+    signaturePayload: z.ZodOptional<z.ZodEnum<{
+        custom: "custom";
+        body: "body";
+        timestamp: "timestamp";
+    }>>;
+    timestampHeader: z.ZodOptional<z.ZodString>;
+    nonceHeader: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    ref: z.ZodOptional<z.ZodString>;
+    isDefault: z.ZodDefault<z.ZodBoolean>;
+    kind: z.ZodLiteral<ExternalProvider_Auth_Kind.BEARER>;
+    location: z.ZodDefault<z.ZodEnum<typeof ExternalProvider_Auth_ApiKey_Location>>;
+    locationField: z.ZodDefault<z.ZodString>;
+    prefix: z.ZodDefault<z.ZodString>;
+    format: z.ZodDefault<z.ZodEnum<typeof ExternalProvider_Auth_Bearer_Format>>;
+}, z.core.$strip>, z.ZodObject<{
+    ref: z.ZodOptional<z.ZodString>;
+    isDefault: z.ZodDefault<z.ZodBoolean>;
+    location: z.ZodDefault<z.ZodEnum<typeof ExternalProvider_Auth_ApiKey_Location>>;
+    locationField: z.ZodDefault<z.ZodString>;
+    kind: z.ZodLiteral<ExternalProvider_Auth_Kind.OPENID_CONNECT>;
+    discoveryUrl: z.ZodOptional<z.ZodURL>;
+    issuer: z.ZodOptional<z.ZodString>;
+    audience: z.ZodOptional<z.ZodString>;
+    validationMode: z.ZodOptional<z.ZodEnum<{
+        jwks: "jwks";
+        introspection: "introspection";
+        local: "local";
+    }>>;
+}, z.core.$strip>, z.ZodObject<{
+    ref: z.ZodOptional<z.ZodString>;
+    isDefault: z.ZodDefault<z.ZodBoolean>;
+    location: z.ZodDefault<z.ZodEnum<typeof ExternalProvider_Auth_ApiKey_Location>>;
+    locationField: z.ZodDefault<z.ZodString>;
+    kind: z.ZodLiteral<ExternalProvider_Auth_Kind.OAUTH2>;
+    oauth2ProviderRef: z.ZodOptional<z.ZodString>;
+    authUrl: z.ZodOptional<z.ZodURL>;
+    tokenUrl: z.ZodOptional<z.ZodURL>;
+    refreshUrl: z.ZodOptional<z.ZodURL>;
+    scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    grantType: z.ZodOptional<z.ZodEnum<typeof OAuth2_GrantType>>;
+    tokenEndpointAuthMethod: z.ZodOptional<z.ZodEnum<typeof OAuth2_TokenEndpoint_AuthMethod>>;
+    pkce: z.ZodOptional<z.ZodBoolean>;
+    pkceMethod: z.ZodOptional<z.ZodEnum<typeof OAuth2_PKCE_Method>>;
+    prompt: z.ZodOptional<z.ZodEnum<typeof OAuth2_Prompt>>;
+    accessType: z.ZodOptional<z.ZodEnum<typeof OAuth2_AccessType>>;
+    extraAuthParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    extraTokenParams: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    tokenFormat: z.ZodDefault<z.ZodEnum<{
+        token: "token";
+        bearer: "bearer";
+        oauth: "oauth";
+        custom: "custom";
+    }>>;
+    customTokenPrefix: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    ref: z.ZodOptional<z.ZodString>;
+    isDefault: z.ZodDefault<z.ZodBoolean>;
+    location: z.ZodDefault<z.ZodEnum<typeof ExternalProvider_Auth_ApiKey_Location>>;
+    locationField: z.ZodDefault<z.ZodString>;
+    kind: z.ZodLiteral<ExternalProvider_Auth_Kind.BASIC>;
+    usernameRef: z.ZodOptional<z.ZodString>;
+    passwordRef: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    ref: z.ZodOptional<z.ZodString>;
+    isDefault: z.ZodDefault<z.ZodBoolean>;
+    location: z.ZodDefault<z.ZodEnum<typeof ExternalProvider_Auth_ApiKey_Location>>;
+    locationField: z.ZodDefault<z.ZodString>;
+    kind: z.ZodLiteral<ExternalProvider_Auth_Kind.NONE>;
+}, z.core.$strip>, z.ZodObject<{
+    ref: z.ZodOptional<z.ZodString>;
+    isDefault: z.ZodDefault<z.ZodBoolean>;
+    location: z.ZodDefault<z.ZodEnum<typeof ExternalProvider_Auth_ApiKey_Location>>;
+    locationField: z.ZodDefault<z.ZodString>;
+    kind: z.ZodLiteral<ExternalProvider_Auth_Kind.FRONTEND_SECRET>;
+    frontendOnly: z.ZodDefault<z.ZodBoolean>;
+}, z.core.$strip>, z.ZodObject<{
+    ref: z.ZodOptional<z.ZodString>;
+    isDefault: z.ZodDefault<z.ZodBoolean>;
+    location: z.ZodDefault<z.ZodEnum<typeof ExternalProvider_Auth_ApiKey_Location>>;
+    locationField: z.ZodDefault<z.ZodString>;
+    kind: z.ZodLiteral<ExternalProvider_Auth_Kind.MUTUAL_TLS>;
+    certificateRef: z.ZodOptional<z.ZodString>;
+    privateKeyRef: z.ZodOptional<z.ZodString>;
+    caRef: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>], "kind">;
+export type ExternalProvider_AuthProfile = z.infer<typeof ExternalProvider_AuthProfile_Schema>;
+//# sourceMappingURL=security.external-connectors-models.schemas.d.ts.map