@xpert-ai/plugin-sdk 3.11.2 → 3.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,16 @@
1
1
  # @xpert-ai/plugin-sdk
2
2
 
3
+ ## 3.12.0
4
+
5
+ ### Minor Changes
6
+
7
+ - d017897: plugin integration guard
8
+
9
+ ### Patch Changes
10
+
11
+ - Updated dependencies [d017897]
12
+ - @xpert-ai/contracts@3.12.0
13
+
3
14
  ## 3.11.2
4
15
 
5
16
  ### Patch Changes
package/index.cjs.js CHANGED
@@ -132,6 +132,11 @@ function __decorate(decorators, target, key, desc) {
132
132
  else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
133
133
  return c > 3 && r && Object.defineProperty(target, key, r), r;
134
134
  }
135
+ function __param(paramIndex, decorator) {
136
+ return function(target, key) {
137
+ decorator(target, key, paramIndex);
138
+ };
139
+ }
135
140
  function __metadata(metadataKey, metadataValue) {
136
141
  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(metadataKey, metadataValue);
137
142
  }
@@ -1123,6 +1128,13 @@ function getRequiredPermissionOperation(method, permissionType) {
1123
1128
  * System token for resolving user permission service from plugin context.
1124
1129
  */ const USER_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_USER_PERMISSION_SERVICE';
1125
1130
 
1131
+ /**
1132
+ * System token for resolving speech-to-text service from plugin context.
1133
+ */ const SPEECH_TO_TEXT_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_SPEECH_TO_TEXT_PERMISSION_SERVICE';
1134
+ /**
1135
+ * Internal system token used by core to expose the speech-to-text bridge.
1136
+ */ const SPEECH_TO_TEXT_SERVICE_TOKEN = 'XPERT_SPEECH_TO_TEXT_SERVICE';
1137
+
1126
1138
  async function createI18nInstance(pluginDir, language) {
1127
1139
  const instance = i18next.createInstance();
1128
1140
  const i18nDir = path.join(pluginDir, 'i18n');
@@ -1225,6 +1237,69 @@ class JsonSchemaValidator {
1225
1237
  }
1226
1238
  }
1227
1239
 
1240
+ const PLUGIN_WEBHOOK_AUTH_METADATA_KEY = 'xpert:plugin:webhook-auth';
1241
+ const PLUGIN_WEBHOOK_AUTH_SERVICE_TOKEN = 'XPERT_PLUGIN_WEBHOOK_AUTH_SERVICE';
1242
+ function PluginWebhookAuth(metadata = {}) {
1243
+ return common.SetMetadata(PLUGIN_WEBHOOK_AUTH_METADATA_KEY, _extends({
1244
+ integrationParam: 'id',
1245
+ secretQueryParam: 'secret'
1246
+ }, metadata));
1247
+ }
1248
+ exports.PluginWebhookAuthGuard = class PluginWebhookAuthGuard {
1249
+ async canActivate(context) {
1250
+ var _request_params, _request_query;
1251
+ const metadata = this.resolveMetadata(context);
1252
+ if (!metadata) {
1253
+ return true;
1254
+ }
1255
+ const request = context.switchToHttp().getRequest();
1256
+ const integrationParam = metadata.integrationParam || 'id';
1257
+ const secretQueryParam = metadata.secretQueryParam || 'secret';
1258
+ const integrationId = this.getString((_request_params = request.params) == null ? void 0 : _request_params[integrationParam]);
1259
+ const secret = this.getString((_request_query = request.query) == null ? void 0 : _request_query[secretQueryParam]);
1260
+ if (!integrationId || !secret) {
1261
+ throw new common.UnauthorizedException('Plugin webhook secret is required');
1262
+ }
1263
+ const authService = this.authService;
1264
+ if (!authService) {
1265
+ throw new common.UnauthorizedException('Plugin webhook auth service is not available');
1266
+ }
1267
+ const principalContext = await authService.validateWebhookSecret({
1268
+ integrationId,
1269
+ secret,
1270
+ provider: metadata.provider
1271
+ });
1272
+ if (!(principalContext == null ? void 0 : principalContext.user) || !principalContext.headers) {
1273
+ throw new common.UnauthorizedException('Plugin webhook secret is invalid');
1274
+ }
1275
+ request.user = principalContext.user;
1276
+ var _request_headers;
1277
+ request.headers = _extends({}, (_request_headers = request.headers) != null ? _request_headers : {}, principalContext.headers);
1278
+ return true;
1279
+ }
1280
+ resolveMetadata(context) {
1281
+ var _Reflect_getMetadata, _ref;
1282
+ return (_ref = (_Reflect_getMetadata = Reflect.getMetadata(PLUGIN_WEBHOOK_AUTH_METADATA_KEY, context.getHandler())) != null ? _Reflect_getMetadata : Reflect.getMetadata(PLUGIN_WEBHOOK_AUTH_METADATA_KEY, context.getClass())) != null ? _ref : null;
1283
+ }
1284
+ getString(value) {
1285
+ if (typeof value !== 'string') {
1286
+ return '';
1287
+ }
1288
+ return value.trim();
1289
+ }
1290
+ constructor(authService){
1291
+ this.authService = authService;
1292
+ }
1293
+ };
1294
+ exports.PluginWebhookAuthGuard = __decorate([
1295
+ common.Injectable(),
1296
+ __param(0, common.Optional()),
1297
+ __param(0, common.Inject(PLUGIN_WEBHOOK_AUTH_SERVICE_TOKEN)),
1298
+ __metadata("design:paramtypes", [
1299
+ Object
1300
+ ])
1301
+ ], exports.PluginWebhookAuthGuard);
1302
+
1228
1303
  const DATASOURCE_STRATEGY = 'DATASOURCE_STRATEGY';
1229
1304
  const DataSourceStrategy = (provider)=>common.applyDecorators(common.SetMetadata(DATASOURCE_STRATEGY, provider), common.SetMetadata(STRATEGY_META_KEY, DATASOURCE_STRATEGY));
1230
1305
 
@@ -4516,12 +4591,15 @@ exports.PERMISSION_OPERATION_METADATA_KEY = PERMISSION_OPERATION_METADATA_KEY;
4516
4591
  exports.PLUGIN_CONFIG_RESOLVER_TOKEN = PLUGIN_CONFIG_RESOLVER_TOKEN;
4517
4592
  exports.PLUGIN_METADATA = PLUGIN_METADATA;
4518
4593
  exports.PLUGIN_METADATA_KEY = PLUGIN_METADATA_KEY;
4594
+ exports.PLUGIN_WEBHOOK_AUTH_METADATA_KEY = PLUGIN_WEBHOOK_AUTH_METADATA_KEY;
4595
+ exports.PLUGIN_WEBHOOK_AUTH_SERVICE_TOKEN = PLUGIN_WEBHOOK_AUTH_SERVICE_TOKEN;
4519
4596
  exports.PROVIDE_AI_MODEL_LLM = PROVIDE_AI_MODEL_LLM;
4520
4597
  exports.PROVIDE_AI_MODEL_MODERATION = PROVIDE_AI_MODEL_MODERATION;
4521
4598
  exports.PROVIDE_AI_MODEL_RERANK = PROVIDE_AI_MODEL_RERANK;
4522
4599
  exports.PROVIDE_AI_MODEL_SPEECH2TEXT = PROVIDE_AI_MODEL_SPEECH2TEXT;
4523
4600
  exports.PROVIDE_AI_MODEL_TEXT_EMBEDDING = PROVIDE_AI_MODEL_TEXT_EMBEDDING;
4524
4601
  exports.PROVIDE_AI_MODEL_TTS = PROVIDE_AI_MODEL_TTS;
4602
+ exports.PluginWebhookAuth = PluginWebhookAuth;
4525
4603
  exports.RETRIEVER_STRATEGY = RETRIEVER_STRATEGY;
4526
4604
  exports.RequestContext = RequestContext;
4527
4605
  exports.RequirePermissionOperation = RequirePermissionOperation;
@@ -4530,6 +4608,8 @@ exports.RetrieverStrategy = RetrieverStrategy;
4530
4608
  exports.SANDBOX_PROVIDER = SANDBOX_PROVIDER;
4531
4609
  exports.SANDBOX_SHELL_TIMEOUT_LIMITS_SEC = SANDBOX_SHELL_TIMEOUT_LIMITS_SEC;
4532
4610
  exports.SKILL_SOURCE_PROVIDER = SKILL_SOURCE_PROVIDER;
4611
+ exports.SPEECH_TO_TEXT_PERMISSION_SERVICE_TOKEN = SPEECH_TO_TEXT_PERMISSION_SERVICE_TOKEN;
4612
+ exports.SPEECH_TO_TEXT_SERVICE_TOKEN = SPEECH_TO_TEXT_SERVICE_TOKEN;
4533
4613
  exports.SSOProviderStrategyKey = SSOProviderStrategyKey;
4534
4614
  exports.SSO_BINDING_PERMISSION_SERVICE_TOKEN = SSO_BINDING_PERMISSION_SERVICE_TOKEN;
4535
4615
  exports.SSO_PROVIDER = SSO_PROVIDER;
package/index.esm.js CHANGED
@@ -1,4 +1,4 @@
1
- import { Module, Logger, applyDecorators, SetMetadata, HttpException, HttpStatus, BadRequestException, Injectable, Inject, NotFoundException, ForbiddenException } from '@nestjs/common';
1
+ import { Module, Logger, applyDecorators, SetMetadata, HttpException, HttpStatus, BadRequestException, Injectable, Inject, Optional, UnauthorizedException, NotFoundException, ForbiddenException } from '@nestjs/common';
2
2
  import { MODULE_METADATA } from '@nestjs/common/constants';
3
3
  import { pick } from 'lodash-es';
4
4
  import { DiscoveryService, Reflector } from '@nestjs/core';
@@ -111,6 +111,11 @@ function __decorate(decorators, target, key, desc) {
111
111
  else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
112
112
  return c > 3 && r && Object.defineProperty(target, key, r), r;
113
113
  }
114
+ function __param(paramIndex, decorator) {
115
+ return function(target, key) {
116
+ decorator(target, key, paramIndex);
117
+ };
118
+ }
114
119
  function __metadata(metadataKey, metadataValue) {
115
120
  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(metadataKey, metadataValue);
116
121
  }
@@ -1102,6 +1107,13 @@ function getRequiredPermissionOperation(method, permissionType) {
1102
1107
  * System token for resolving user permission service from plugin context.
1103
1108
  */ const USER_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_USER_PERMISSION_SERVICE';
1104
1109
 
1110
+ /**
1111
+ * System token for resolving speech-to-text service from plugin context.
1112
+ */ const SPEECH_TO_TEXT_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_SPEECH_TO_TEXT_PERMISSION_SERVICE';
1113
+ /**
1114
+ * Internal system token used by core to expose the speech-to-text bridge.
1115
+ */ const SPEECH_TO_TEXT_SERVICE_TOKEN = 'XPERT_SPEECH_TO_TEXT_SERVICE';
1116
+
1105
1117
  async function createI18nInstance(pluginDir, language) {
1106
1118
  const instance = createInstance();
1107
1119
  const i18nDir = path__default.join(pluginDir, 'i18n');
@@ -1204,6 +1216,69 @@ class JsonSchemaValidator {
1204
1216
  }
1205
1217
  }
1206
1218
 
1219
+ const PLUGIN_WEBHOOK_AUTH_METADATA_KEY = 'xpert:plugin:webhook-auth';
1220
+ const PLUGIN_WEBHOOK_AUTH_SERVICE_TOKEN = 'XPERT_PLUGIN_WEBHOOK_AUTH_SERVICE';
1221
+ function PluginWebhookAuth(metadata = {}) {
1222
+ return SetMetadata(PLUGIN_WEBHOOK_AUTH_METADATA_KEY, _extends({
1223
+ integrationParam: 'id',
1224
+ secretQueryParam: 'secret'
1225
+ }, metadata));
1226
+ }
1227
+ let PluginWebhookAuthGuard = class PluginWebhookAuthGuard {
1228
+ async canActivate(context) {
1229
+ var _request_params, _request_query;
1230
+ const metadata = this.resolveMetadata(context);
1231
+ if (!metadata) {
1232
+ return true;
1233
+ }
1234
+ const request = context.switchToHttp().getRequest();
1235
+ const integrationParam = metadata.integrationParam || 'id';
1236
+ const secretQueryParam = metadata.secretQueryParam || 'secret';
1237
+ const integrationId = this.getString((_request_params = request.params) == null ? void 0 : _request_params[integrationParam]);
1238
+ const secret = this.getString((_request_query = request.query) == null ? void 0 : _request_query[secretQueryParam]);
1239
+ if (!integrationId || !secret) {
1240
+ throw new UnauthorizedException('Plugin webhook secret is required');
1241
+ }
1242
+ const authService = this.authService;
1243
+ if (!authService) {
1244
+ throw new UnauthorizedException('Plugin webhook auth service is not available');
1245
+ }
1246
+ const principalContext = await authService.validateWebhookSecret({
1247
+ integrationId,
1248
+ secret,
1249
+ provider: metadata.provider
1250
+ });
1251
+ if (!(principalContext == null ? void 0 : principalContext.user) || !principalContext.headers) {
1252
+ throw new UnauthorizedException('Plugin webhook secret is invalid');
1253
+ }
1254
+ request.user = principalContext.user;
1255
+ var _request_headers;
1256
+ request.headers = _extends({}, (_request_headers = request.headers) != null ? _request_headers : {}, principalContext.headers);
1257
+ return true;
1258
+ }
1259
+ resolveMetadata(context) {
1260
+ var _Reflect_getMetadata, _ref;
1261
+ return (_ref = (_Reflect_getMetadata = Reflect.getMetadata(PLUGIN_WEBHOOK_AUTH_METADATA_KEY, context.getHandler())) != null ? _Reflect_getMetadata : Reflect.getMetadata(PLUGIN_WEBHOOK_AUTH_METADATA_KEY, context.getClass())) != null ? _ref : null;
1262
+ }
1263
+ getString(value) {
1264
+ if (typeof value !== 'string') {
1265
+ return '';
1266
+ }
1267
+ return value.trim();
1268
+ }
1269
+ constructor(authService){
1270
+ this.authService = authService;
1271
+ }
1272
+ };
1273
+ PluginWebhookAuthGuard = __decorate([
1274
+ Injectable(),
1275
+ __param(0, Optional()),
1276
+ __param(0, Inject(PLUGIN_WEBHOOK_AUTH_SERVICE_TOKEN)),
1277
+ __metadata("design:paramtypes", [
1278
+ Object
1279
+ ])
1280
+ ], PluginWebhookAuthGuard);
1281
+
1207
1282
  const DATASOURCE_STRATEGY = 'DATASOURCE_STRATEGY';
1208
1283
  const DataSourceStrategy = (provider)=>applyDecorators(SetMetadata(DATASOURCE_STRATEGY, provider), SetMetadata(STRATEGY_META_KEY, DATASOURCE_STRATEGY));
1209
1284
 
@@ -4420,4 +4495,4 @@ function escapeHtmlAttribute(value) {
4420
4495
 
4421
4496
  const VIEW_EXTENSION_CACHE_SERVICE_TOKEN = 'XPERT_PLUGIN_VIEW_EXTENSION_CACHE_SERVICE';
4422
4497
 
4423
- export { ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN, AGENT_CHAT_DISPATCH_MESSAGE_TYPE, AGENT_MIDDLEWARE_STRATEGY, AIModelProviderNotFoundException, AIModelProviderRegistry, AIModelProviderStrategy, AI_MODEL_PROVIDER, ANALYTICS_PERMISSION_SERVICE_TOKEN, AdapterDataSourceStrategy, AgentMiddlewareRegistry, AgentMiddlewareStrategy, AiModelNotFoundException, AssistantTaskRuntimeCapability, BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN, BaseHTTPQueryRunner, BaseQueryRunner, BaseSQLQueryRunner, BaseSandbox, BaseStrategyRegistry, BaseTool, BaseToolset, BuiltinToolset, CHAT_CHANNEL, CHAT_CHANNEL_TEXT_LIMITS, CancelConversationCommand, ChatChannel, ChatChannelRegistry, ChatOAICompatReasoningModel, CommonParameterRules, CreateModelClientCommand, CredentialsValidateFailedError, DATASOURCE_STRATEGY, DBCreateTableMode, DBProtocolEnum, DBSyntaxEnum, DBTableAction, DBTableDataAction, DEFAULT_EXECUTION_CONFIG, DEFAULT_SANDBOX_EXECUTION_MAX_OUTPUT_BYTES, DEFAULT_SANDBOX_FILE_OPERATION_EXECUTION_OPTIONS, DEFAULT_SANDBOX_FILE_OPERATION_TIMEOUT_MS, DEFAULT_SANDBOX_FILE_OPERATION_TIMEOUT_SEC, DEFAULT_SANDBOX_FILE_SEARCH_EXECUTION_OPTIONS, DEFAULT_SANDBOX_FILE_SEARCH_TIMEOUT_MS, DEFAULT_SANDBOX_FILE_SEARCH_TIMEOUT_SEC, DEFAULT_SANDBOX_SHELL_EXECUTION_OPTIONS, DEFAULT_SANDBOX_SHELL_TIMEOUT_MS, DEFAULT_SANDBOX_SHELL_TIMEOUT_SEC, DOCUMENT_SOURCE_STRATEGY, DOCUMENT_TRANSFORMER_STRATEGY, DataSourceStrategy, DataSourceStrategyRegistry, DefaultAgentMiddlewareRuntimeCapabilityRegistry, DocumentSourceRegistry, DocumentSourceStrategy, DocumentTransformerRegistry, DocumentTransformerStrategy, FILE_STORAGE_PROVIDER, FILE_UPLOAD_TARGET_STRATEGY, FileRuntimeCapability, FileStorageProvider, FileStorageProviderRegistry, FileUploadTargetRegistry, FileUploadTargetStrategy, GLOBAL_ORGANIZATION_SCOPE, HANDOFF_PERMISSION_SERVICE_TOKEN, HANDOFF_PROCESSOR_STRATEGY, HANDOFF_QUEUE_SERVICE_TOKEN, HandoffProcessorRegistry, HandoffProcessorStrategy, IMAGE_UNDERSTANDING_STRATEGY, INTEGRATION_PERMISSION_SERVICE_TOKEN, INTEGRATION_STRATEGY, ImageUnderstandingRegistry, ImageUnderstandingStrategy, IntegrationStrategyKey, IntegrationStrategyRegistry, JUMP_TO_TARGETS, JsonSchemaValidator, KNOWLEDGE_STRATEGY, KnowledgeStrategyKey, KnowledgeStrategyRegistry, KnowledgebaseDocumentsRuntimeCapability, KnowledgebaseRuntimeCapability, LLMUsage, LargeLanguageModel, ModelProvider, ORGANIZATION_METADATA_KEY, OpenAICompatibleReranker, PERMISSION_OPERATION_METADATA_KEY, PLUGIN_CONFIG_RESOLVER_TOKEN, PLUGIN_METADATA, PLUGIN_METADATA_KEY, PROVIDE_AI_MODEL_LLM, PROVIDE_AI_MODEL_MODERATION, PROVIDE_AI_MODEL_RERANK, PROVIDE_AI_MODEL_SPEECH2TEXT, PROVIDE_AI_MODEL_TEXT_EMBEDDING, PROVIDE_AI_MODEL_TTS, RETRIEVER_STRATEGY, RequestContext, RequestContextMiddleware, RequirePermissionOperation, RerankModel, RetrieverRegistry, RetrieverStrategy, SANDBOX_PROVIDER, SANDBOX_SHELL_TIMEOUT_LIMITS_SEC, SKILL_SOURCE_PROVIDER, SSOProviderRegistry, SSOProviderStrategyKey, SSO_BINDING_PERMISSION_SERVICE_TOKEN, SSO_PROVIDER, STRATEGY_META_KEY, SandboxProviderRegistry, SandboxProviderStrategy, SkillSourceProviderRegistry, SkillSourceProviderStrategy, Speech2TextChatModel, SpeechToTextModel, StrategyBus, TEXT_SPLITTER_STRATEGY, TOOLSET_STRATEGY, TextEmbeddingModelManager, TextSplitterRegistry, TextSplitterStrategy, TextToSpeechModel, ToolsetRegistry, ToolsetStrategy, USER_PERMISSION_SERVICE_TOKEN, VECTOR_STORE_STRATEGY, VIEW_EXTENSION_CACHE_SERVICE_TOKEN, VIEW_EXTENSION_PROVIDER, VectorStoreRegistry, VectorStoreStrategy, ViewExtensionProvider, ViewExtensionProviderRegistry, WORKFLOW_NODE_STRATEGY, WORKFLOW_TRIGGER_STRATEGY, WorkflowNodeRegistry, WorkflowNodeStrategy, WorkflowTriggerRegistry, WorkflowTriggerStrategy, WrapWorkflowNodeExecutionCommand, XPERT_RUNTIME_CAPABILITIES_TOKEN, XpFileSystem, XpertServerPlugin, als, appendSandboxMessage, buildSandboxTimeoutMessage, calcTokenUsage, chunkText, countTokensSafe, createI18nInstance, createPluginLogger, createRuntimeCapability, defineAgentMessageType, defineChannelMessageType, downloadRemoteFile, formatSandboxTimeout, getErrorMessage, getModelContextSize, getPermissionOperationMetadata, getPositionList, getPositionMap, getRequestContext, getRequiredPermissionOperation, isRemoteFile, isSandboxBackend, isSandboxManagedServiceAdapter, isSandboxServiceProxyAdapter, isSandboxTerminalAdapter, isStructuredMessageType, loadYamlFile, mergeCredentials, mergeParentChildChunks, normalizeContextSize, renderRemoteReactIframeHtml, resolveSandboxBackend, resolveSandboxExecutionOptions, resolveSandboxManagedServiceAdapter, resolveSandboxServiceProxyAdapter, resolveSandboxTerminalAdapter, runWithRequestContext, secondsToMilliseconds, sumTokenUsage };
4498
+ export { ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN, AGENT_CHAT_DISPATCH_MESSAGE_TYPE, AGENT_MIDDLEWARE_STRATEGY, AIModelProviderNotFoundException, AIModelProviderRegistry, AIModelProviderStrategy, AI_MODEL_PROVIDER, ANALYTICS_PERMISSION_SERVICE_TOKEN, AdapterDataSourceStrategy, AgentMiddlewareRegistry, AgentMiddlewareStrategy, AiModelNotFoundException, AssistantTaskRuntimeCapability, BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN, BaseHTTPQueryRunner, BaseQueryRunner, BaseSQLQueryRunner, BaseSandbox, BaseStrategyRegistry, BaseTool, BaseToolset, BuiltinToolset, CHAT_CHANNEL, CHAT_CHANNEL_TEXT_LIMITS, CancelConversationCommand, ChatChannel, ChatChannelRegistry, ChatOAICompatReasoningModel, CommonParameterRules, CreateModelClientCommand, CredentialsValidateFailedError, DATASOURCE_STRATEGY, DBCreateTableMode, DBProtocolEnum, DBSyntaxEnum, DBTableAction, DBTableDataAction, DEFAULT_EXECUTION_CONFIG, DEFAULT_SANDBOX_EXECUTION_MAX_OUTPUT_BYTES, DEFAULT_SANDBOX_FILE_OPERATION_EXECUTION_OPTIONS, DEFAULT_SANDBOX_FILE_OPERATION_TIMEOUT_MS, DEFAULT_SANDBOX_FILE_OPERATION_TIMEOUT_SEC, DEFAULT_SANDBOX_FILE_SEARCH_EXECUTION_OPTIONS, DEFAULT_SANDBOX_FILE_SEARCH_TIMEOUT_MS, DEFAULT_SANDBOX_FILE_SEARCH_TIMEOUT_SEC, DEFAULT_SANDBOX_SHELL_EXECUTION_OPTIONS, DEFAULT_SANDBOX_SHELL_TIMEOUT_MS, DEFAULT_SANDBOX_SHELL_TIMEOUT_SEC, DOCUMENT_SOURCE_STRATEGY, DOCUMENT_TRANSFORMER_STRATEGY, DataSourceStrategy, DataSourceStrategyRegistry, DefaultAgentMiddlewareRuntimeCapabilityRegistry, DocumentSourceRegistry, DocumentSourceStrategy, DocumentTransformerRegistry, DocumentTransformerStrategy, FILE_STORAGE_PROVIDER, FILE_UPLOAD_TARGET_STRATEGY, FileRuntimeCapability, FileStorageProvider, FileStorageProviderRegistry, FileUploadTargetRegistry, FileUploadTargetStrategy, GLOBAL_ORGANIZATION_SCOPE, HANDOFF_PERMISSION_SERVICE_TOKEN, HANDOFF_PROCESSOR_STRATEGY, HANDOFF_QUEUE_SERVICE_TOKEN, HandoffProcessorRegistry, HandoffProcessorStrategy, IMAGE_UNDERSTANDING_STRATEGY, INTEGRATION_PERMISSION_SERVICE_TOKEN, INTEGRATION_STRATEGY, ImageUnderstandingRegistry, ImageUnderstandingStrategy, IntegrationStrategyKey, IntegrationStrategyRegistry, JUMP_TO_TARGETS, JsonSchemaValidator, KNOWLEDGE_STRATEGY, KnowledgeStrategyKey, KnowledgeStrategyRegistry, KnowledgebaseDocumentsRuntimeCapability, KnowledgebaseRuntimeCapability, LLMUsage, LargeLanguageModel, ModelProvider, ORGANIZATION_METADATA_KEY, OpenAICompatibleReranker, PERMISSION_OPERATION_METADATA_KEY, PLUGIN_CONFIG_RESOLVER_TOKEN, PLUGIN_METADATA, PLUGIN_METADATA_KEY, PLUGIN_WEBHOOK_AUTH_METADATA_KEY, PLUGIN_WEBHOOK_AUTH_SERVICE_TOKEN, PROVIDE_AI_MODEL_LLM, PROVIDE_AI_MODEL_MODERATION, PROVIDE_AI_MODEL_RERANK, PROVIDE_AI_MODEL_SPEECH2TEXT, PROVIDE_AI_MODEL_TEXT_EMBEDDING, PROVIDE_AI_MODEL_TTS, PluginWebhookAuth, PluginWebhookAuthGuard, RETRIEVER_STRATEGY, RequestContext, RequestContextMiddleware, RequirePermissionOperation, RerankModel, RetrieverRegistry, RetrieverStrategy, SANDBOX_PROVIDER, SANDBOX_SHELL_TIMEOUT_LIMITS_SEC, SKILL_SOURCE_PROVIDER, SPEECH_TO_TEXT_PERMISSION_SERVICE_TOKEN, SPEECH_TO_TEXT_SERVICE_TOKEN, SSOProviderRegistry, SSOProviderStrategyKey, SSO_BINDING_PERMISSION_SERVICE_TOKEN, SSO_PROVIDER, STRATEGY_META_KEY, SandboxProviderRegistry, SandboxProviderStrategy, SkillSourceProviderRegistry, SkillSourceProviderStrategy, Speech2TextChatModel, SpeechToTextModel, StrategyBus, TEXT_SPLITTER_STRATEGY, TOOLSET_STRATEGY, TextEmbeddingModelManager, TextSplitterRegistry, TextSplitterStrategy, TextToSpeechModel, ToolsetRegistry, ToolsetStrategy, USER_PERMISSION_SERVICE_TOKEN, VECTOR_STORE_STRATEGY, VIEW_EXTENSION_CACHE_SERVICE_TOKEN, VIEW_EXTENSION_PROVIDER, VectorStoreRegistry, VectorStoreStrategy, ViewExtensionProvider, ViewExtensionProviderRegistry, WORKFLOW_NODE_STRATEGY, WORKFLOW_TRIGGER_STRATEGY, WorkflowNodeRegistry, WorkflowNodeStrategy, WorkflowTriggerRegistry, WorkflowTriggerStrategy, WrapWorkflowNodeExecutionCommand, XPERT_RUNTIME_CAPABILITIES_TOKEN, XpFileSystem, XpertServerPlugin, als, appendSandboxMessage, buildSandboxTimeoutMessage, calcTokenUsage, chunkText, countTokensSafe, createI18nInstance, createPluginLogger, createRuntimeCapability, defineAgentMessageType, defineChannelMessageType, downloadRemoteFile, formatSandboxTimeout, getErrorMessage, getModelContextSize, getPermissionOperationMetadata, getPositionList, getPositionMap, getRequestContext, getRequiredPermissionOperation, isRemoteFile, isSandboxBackend, isSandboxManagedServiceAdapter, isSandboxServiceProxyAdapter, isSandboxTerminalAdapter, isStructuredMessageType, loadYamlFile, mergeCredentials, mergeParentChildChunks, normalizeContextSize, renderRemoteReactIframeHtml, resolveSandboxBackend, resolveSandboxExecutionOptions, resolveSandboxManagedServiceAdapter, resolveSandboxServiceProxyAdapter, resolveSandboxTerminalAdapter, runWithRequestContext, secondsToMilliseconds, sumTokenUsage };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@xpert-ai/plugin-sdk",
3
- "version": "3.11.2",
3
+ "version": "3.12.0",
4
4
  "license": "AGPL-3.0",
5
5
  "repository": {
6
6
  "type": "git",
@@ -7,3 +7,4 @@ export * from './utils';
7
7
  export * from './context/index';
8
8
  export * from './types';
9
9
  export * from './strategy-bus';
10
+ export * from './webhook';
@@ -1,4 +1,5 @@
1
1
  import type { IIntegration, IPagination } from '@xpert-ai/contracts';
2
+ import type { PluginWebhookCredentialResult } from '../webhook';
2
3
  /**
3
4
  * Base Permission type
4
5
  */
@@ -69,4 +70,14 @@ export declare const INTEGRATION_PERMISSION_SERVICE_TOKEN = "XPERT_PLUGIN_INTEGR
69
70
  export interface IntegrationPermissionService {
70
71
  read<TIntegration = IIntegration>(id: string, options?: Record<string, any>): Promise<TIntegration | null>;
71
72
  findAll<TIntegration = IIntegration>(options?: Record<string, any>): Promise<IPagination<TIntegration>>;
73
+ ensureWebhookCredential?(id: string, options?: {
74
+ provider?: string | null;
75
+ rotateIfRevoked?: boolean;
76
+ }): Promise<PluginWebhookCredentialResult | null>;
77
+ rotateWebhookCredential?(id: string, options?: {
78
+ provider?: string | null;
79
+ }): Promise<PluginWebhookCredentialResult | null>;
80
+ revokeWebhookCredential?(id: string, options?: {
81
+ provider?: string | null;
82
+ }): Promise<boolean>;
72
83
  }
@@ -14,17 +14,19 @@ export * from './auth-login';
14
14
  export * from './bound-identity-login';
15
15
  export * from './sso-binding';
16
16
  export * from './user';
17
+ export * from './speech-to-text';
17
18
  import type { FileSystemPermission, IntegrationPermission, KnowledgePermission, LLMPermission, VectorStorePermission } from './general';
18
19
  import type { AnalyticsPermission } from './analytics';
19
20
  import type { AccountBindingPermission } from './account-binding';
20
21
  import type { BoundIdentityLoginPermission } from './bound-identity-login';
21
22
  import type { HandoffPermission } from './handoff';
23
+ import type { SpeechToTextPermission } from './speech-to-text';
22
24
  import type { SsoBindingPermission } from './sso-binding';
23
25
  import type { UserPermission } from './user';
24
26
  /**
25
27
  * Union type for all permissions
26
28
  */
27
- export type Permission = LLMPermission | VectorStorePermission | KnowledgePermission | FileSystemPermission | IntegrationPermission | AnalyticsPermission | AccountBindingPermission | BoundIdentityLoginPermission | SsoBindingPermission | UserPermission | HandoffPermission;
29
+ export type Permission = LLMPermission | VectorStorePermission | KnowledgePermission | FileSystemPermission | IntegrationPermission | AnalyticsPermission | AccountBindingPermission | BoundIdentityLoginPermission | SsoBindingPermission | UserPermission | HandoffPermission | SpeechToTextPermission;
28
30
  /**
29
31
  * Permissions array type
30
32
  */
@@ -0,0 +1,41 @@
1
+ export type SpeechToTextPermissionOperation = 'transcribe';
2
+ /**
3
+ * Speech-to-text Permission
4
+ * Example: { type: 'speech_to_text', operations: ['transcribe'] }
5
+ */
6
+ export interface SpeechToTextPermission {
7
+ type: 'speech_to_text';
8
+ operations?: SpeechToTextPermissionOperation[];
9
+ scope?: string[];
10
+ description?: string;
11
+ }
12
+ /**
13
+ * System token for resolving speech-to-text service from plugin context.
14
+ */
15
+ export declare const SPEECH_TO_TEXT_PERMISSION_SERVICE_TOKEN = "XPERT_PLUGIN_SPEECH_TO_TEXT_PERMISSION_SERVICE";
16
+ /**
17
+ * Internal system token used by core to expose the speech-to-text bridge.
18
+ */
19
+ export declare const SPEECH_TO_TEXT_SERVICE_TOKEN = "XPERT_SPEECH_TO_TEXT_SERVICE";
20
+ export interface SpeechToTextTranscribeFileInput {
21
+ data: Uint8Array;
22
+ originalName: string;
23
+ mimeType?: string;
24
+ size?: number;
25
+ }
26
+ export interface SpeechToTextTranscribeInput {
27
+ xpertId: string;
28
+ isDraft?: boolean;
29
+ tenantId?: string | null;
30
+ organizationId?: string | null;
31
+ file: SpeechToTextTranscribeFileInput;
32
+ }
33
+ export interface SpeechToTextTranscribeResult {
34
+ text: string;
35
+ }
36
+ /**
37
+ * Speech-to-text service exposed to plugins under permission control.
38
+ */
39
+ export interface SpeechToTextPermissionService {
40
+ transcribe(input: SpeechToTextTranscribeInput): Promise<SpeechToTextTranscribeResult>;
41
+ }
@@ -0,0 +1,41 @@
1
+ import type { IApiPrincipal } from '@xpert-ai/contracts';
2
+ import { CanActivate, ExecutionContext } from '@nestjs/common';
3
+ export declare const PLUGIN_WEBHOOK_AUTH_METADATA_KEY = "xpert:plugin:webhook-auth";
4
+ export declare const PLUGIN_WEBHOOK_AUTH_SERVICE_TOKEN = "XPERT_PLUGIN_WEBHOOK_AUTH_SERVICE";
5
+ export type PluginWebhookAuthMetadata = {
6
+ provider?: string;
7
+ integrationParam?: string;
8
+ secretQueryParam?: string;
9
+ };
10
+ export type PluginWebhookCredentialRecord = {
11
+ id: string;
12
+ tokenHash: string;
13
+ tokenPrefix?: string;
14
+ createdAt: string;
15
+ rotatedAt?: string | null;
16
+ revokedAt?: string | null;
17
+ };
18
+ export type PluginWebhookCredentialResult = {
19
+ token: string;
20
+ credential: PluginWebhookCredentialRecord;
21
+ };
22
+ export type PluginWebhookAuthRequest = {
23
+ integrationId: string;
24
+ secret: string;
25
+ provider?: string | null;
26
+ };
27
+ export type PluginWebhookAuthResult = {
28
+ user: IApiPrincipal;
29
+ headers: Record<string, string>;
30
+ };
31
+ export interface PluginWebhookAuthService {
32
+ validateWebhookSecret(input: PluginWebhookAuthRequest): Promise<PluginWebhookAuthResult | null>;
33
+ }
34
+ export declare function PluginWebhookAuth(metadata?: PluginWebhookAuthMetadata): import("@nestjs/common").CustomDecorator<string>;
35
+ export declare class PluginWebhookAuthGuard implements CanActivate {
36
+ private readonly authService?;
37
+ constructor(authService?: PluginWebhookAuthService | null);
38
+ canActivate(context: ExecutionContext): Promise<boolean>;
39
+ private resolveMetadata;
40
+ private getString;
41
+ }