@xpert-ai/plugin-sdk 3.9.0-beta.2 → 3.9.0-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,13 @@
1
1
  # @xpert-ai/plugin-sdk
2
2
 
3
+ ## 3.9.0-beta.3
4
+
5
+ ### Patch Changes
6
+
7
+ - 4dcf5b5: add sso in plugin sdk
8
+ - Updated dependencies [4dcf5b5]
9
+ - @xpert-ai/contracts@3.9.0-beta.3
10
+
3
11
  ## 3.9.0-beta.2
4
12
 
5
13
  ### Patch Changes
package/index.cjs.js CHANGED
@@ -1090,6 +1090,18 @@ function getRequiredPermissionOperation(method, permissionType) {
1090
1090
  * Internal system token used by core to expose the handoff queue bridge.
1091
1091
  */ const HANDOFF_QUEUE_SERVICE_TOKEN = 'XPERT_HANDOFF_QUEUE_SERVICE';
1092
1092
 
1093
+ /**
1094
+ * System token for resolving account binding permission service from plugin context.
1095
+ */ const ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_ACCOUNT_BINDING_PERMISSION_SERVICE';
1096
+
1097
+ /**
1098
+ * System token for resolving bound identity login permission service from plugin context.
1099
+ */ const BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE';
1100
+
1101
+ /**
1102
+ * System token for resolving the pending SSO binding challenge service from plugin context.
1103
+ */ const SSO_BINDING_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_SSO_BINDING_PERMISSION_SERVICE';
1104
+
1093
1105
  /**
1094
1106
  * System token for resolving user permission service from plugin context.
1095
1107
  */ const USER_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_USER_PERMISSION_SERVICE';
@@ -2865,6 +2877,22 @@ exports.FileUploadTargetRegistry = __decorate([
2865
2877
  ])
2866
2878
  ], exports.FileUploadTargetRegistry);
2867
2879
 
2880
+ const SSO_PROVIDER = 'SSO_PROVIDER';
2881
+ const SSOProviderStrategyKey = (provider)=>common.applyDecorators(common.SetMetadata(SSO_PROVIDER, provider), common.SetMetadata(STRATEGY_META_KEY, SSO_PROVIDER));
2882
+
2883
+ exports.SSOProviderRegistry = class SSOProviderRegistry extends BaseStrategyRegistry {
2884
+ constructor(discoveryService, reflector){
2885
+ super(SSO_PROVIDER, discoveryService, reflector);
2886
+ }
2887
+ };
2888
+ exports.SSOProviderRegistry = __decorate([
2889
+ common.Injectable(),
2890
+ __metadata("design:paramtypes", [
2891
+ core.DiscoveryService,
2892
+ core.Reflector
2893
+ ])
2894
+ ], exports.SSOProviderRegistry);
2895
+
2868
2896
  const SANDBOX_SHELL_TIMEOUT_LIMITS_SEC = {
2869
2897
  min: 1,
2870
2898
  max: 3600
@@ -3892,6 +3920,7 @@ exports.ViewExtensionProviderRegistry = __decorate([
3892
3920
 
3893
3921
  const VIEW_EXTENSION_CACHE_SERVICE_TOKEN = 'XPERT_PLUGIN_VIEW_EXTENSION_CACHE_SERVICE';
3894
3922
 
3923
+ exports.ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN = ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN;
3895
3924
  exports.AGENT_CHAT_DISPATCH_MESSAGE_TYPE = AGENT_CHAT_DISPATCH_MESSAGE_TYPE;
3896
3925
  exports.AGENT_MIDDLEWARE_STRATEGY = AGENT_MIDDLEWARE_STRATEGY;
3897
3926
  exports.AIModelProviderNotFoundException = AIModelProviderNotFoundException;
@@ -3901,6 +3930,7 @@ exports.ANALYTICS_PERMISSION_SERVICE_TOKEN = ANALYTICS_PERMISSION_SERVICE_TOKEN;
3901
3930
  exports.AdapterDataSourceStrategy = AdapterDataSourceStrategy;
3902
3931
  exports.AgentMiddlewareStrategy = AgentMiddlewareStrategy;
3903
3932
  exports.AiModelNotFoundException = AiModelNotFoundException;
3933
+ exports.BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN = BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN;
3904
3934
  exports.BaseHTTPQueryRunner = BaseHTTPQueryRunner;
3905
3935
  exports.BaseQueryRunner = BaseQueryRunner;
3906
3936
  exports.BaseSQLQueryRunner = BaseSQLQueryRunner;
@@ -3974,6 +4004,9 @@ exports.RetrieverStrategy = RetrieverStrategy;
3974
4004
  exports.SANDBOX_PROVIDER = SANDBOX_PROVIDER;
3975
4005
  exports.SANDBOX_SHELL_TIMEOUT_LIMITS_SEC = SANDBOX_SHELL_TIMEOUT_LIMITS_SEC;
3976
4006
  exports.SKILL_SOURCE_PROVIDER = SKILL_SOURCE_PROVIDER;
4007
+ exports.SSOProviderStrategyKey = SSOProviderStrategyKey;
4008
+ exports.SSO_BINDING_PERMISSION_SERVICE_TOKEN = SSO_BINDING_PERMISSION_SERVICE_TOKEN;
4009
+ exports.SSO_PROVIDER = SSO_PROVIDER;
3977
4010
  exports.STRATEGY_META_KEY = STRATEGY_META_KEY;
3978
4011
  exports.SandboxProviderStrategy = SandboxProviderStrategy;
3979
4012
  exports.SkillSourceProviderStrategy = SkillSourceProviderStrategy;
package/index.esm.js CHANGED
@@ -1069,6 +1069,18 @@ function getRequiredPermissionOperation(method, permissionType) {
1069
1069
  * Internal system token used by core to expose the handoff queue bridge.
1070
1070
  */ const HANDOFF_QUEUE_SERVICE_TOKEN = 'XPERT_HANDOFF_QUEUE_SERVICE';
1071
1071
 
1072
+ /**
1073
+ * System token for resolving account binding permission service from plugin context.
1074
+ */ const ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_ACCOUNT_BINDING_PERMISSION_SERVICE';
1075
+
1076
+ /**
1077
+ * System token for resolving bound identity login permission service from plugin context.
1078
+ */ const BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE';
1079
+
1080
+ /**
1081
+ * System token for resolving the pending SSO binding challenge service from plugin context.
1082
+ */ const SSO_BINDING_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_SSO_BINDING_PERMISSION_SERVICE';
1083
+
1072
1084
  /**
1073
1085
  * System token for resolving user permission service from plugin context.
1074
1086
  */ const USER_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_USER_PERMISSION_SERVICE';
@@ -2844,6 +2856,22 @@ FileUploadTargetRegistry = __decorate([
2844
2856
  ])
2845
2857
  ], FileUploadTargetRegistry);
2846
2858
 
2859
+ const SSO_PROVIDER = 'SSO_PROVIDER';
2860
+ const SSOProviderStrategyKey = (provider)=>applyDecorators(SetMetadata(SSO_PROVIDER, provider), SetMetadata(STRATEGY_META_KEY, SSO_PROVIDER));
2861
+
2862
+ let SSOProviderRegistry = class SSOProviderRegistry extends BaseStrategyRegistry {
2863
+ constructor(discoveryService, reflector){
2864
+ super(SSO_PROVIDER, discoveryService, reflector);
2865
+ }
2866
+ };
2867
+ SSOProviderRegistry = __decorate([
2868
+ Injectable(),
2869
+ __metadata("design:paramtypes", [
2870
+ DiscoveryService,
2871
+ Reflector
2872
+ ])
2873
+ ], SSOProviderRegistry);
2874
+
2847
2875
  const SANDBOX_SHELL_TIMEOUT_LIMITS_SEC = {
2848
2876
  min: 1,
2849
2877
  max: 3600
@@ -3871,4 +3899,4 @@ ViewExtensionProviderRegistry = __decorate([
3871
3899
 
3872
3900
  const VIEW_EXTENSION_CACHE_SERVICE_TOKEN = 'XPERT_PLUGIN_VIEW_EXTENSION_CACHE_SERVICE';
3873
3901
 
3874
- export { AGENT_CHAT_DISPATCH_MESSAGE_TYPE, AGENT_MIDDLEWARE_STRATEGY, AIModelProviderNotFoundException, AIModelProviderRegistry, AIModelProviderStrategy, AI_MODEL_PROVIDER, ANALYTICS_PERMISSION_SERVICE_TOKEN, AdapterDataSourceStrategy, AgentMiddlewareRegistry, AgentMiddlewareStrategy, AiModelNotFoundException, BaseHTTPQueryRunner, BaseQueryRunner, BaseSQLQueryRunner, BaseSandbox, BaseStrategyRegistry, BaseTool, BaseToolset, BuiltinToolset, CHAT_CHANNEL, CHAT_CHANNEL_TEXT_LIMITS, CancelConversationCommand, ChatChannel, ChatChannelRegistry, ChatOAICompatReasoningModel, CommonParameterRules, CreateModelClientCommand, CredentialsValidateFailedError, DATASOURCE_STRATEGY, DBCreateTableMode, DBProtocolEnum, DBSyntaxEnum, DBTableAction, DBTableDataAction, DEFAULT_EXECUTION_CONFIG, DEFAULT_SANDBOX_EXECUTION_MAX_OUTPUT_BYTES, DEFAULT_SANDBOX_FILE_OPERATION_EXECUTION_OPTIONS, DEFAULT_SANDBOX_FILE_OPERATION_TIMEOUT_MS, DEFAULT_SANDBOX_FILE_OPERATION_TIMEOUT_SEC, DEFAULT_SANDBOX_FILE_SEARCH_EXECUTION_OPTIONS, DEFAULT_SANDBOX_FILE_SEARCH_TIMEOUT_MS, DEFAULT_SANDBOX_FILE_SEARCH_TIMEOUT_SEC, DEFAULT_SANDBOX_SHELL_EXECUTION_OPTIONS, DEFAULT_SANDBOX_SHELL_TIMEOUT_MS, DEFAULT_SANDBOX_SHELL_TIMEOUT_SEC, DOCUMENT_SOURCE_STRATEGY, DOCUMENT_TRANSFORMER_STRATEGY, DataSourceStrategy, DataSourceStrategyRegistry, DocumentSourceRegistry, DocumentSourceStrategy, DocumentTransformerRegistry, DocumentTransformerStrategy, FILE_STORAGE_PROVIDER, FILE_UPLOAD_TARGET_STRATEGY, FileStorageProvider, FileStorageProviderRegistry, FileUploadTargetRegistry, FileUploadTargetStrategy, GLOBAL_ORGANIZATION_SCOPE, HANDOFF_PERMISSION_SERVICE_TOKEN, HANDOFF_PROCESSOR_STRATEGY, HANDOFF_QUEUE_SERVICE_TOKEN, HandoffProcessorRegistry, HandoffProcessorStrategy, IMAGE_UNDERSTANDING_STRATEGY, INTEGRATION_PERMISSION_SERVICE_TOKEN, INTEGRATION_STRATEGY, ImageUnderstandingRegistry, ImageUnderstandingStrategy, IntegrationStrategyKey, IntegrationStrategyRegistry, JUMP_TO_TARGETS, JsonSchemaValidator, KNOWLEDGE_STRATEGY, KnowledgeStrategyKey, KnowledgeStrategyRegistry, LLMUsage, LargeLanguageModel, ModelProvider, ORGANIZATION_METADATA_KEY, OpenAICompatibleReranker, PERMISSION_OPERATION_METADATA_KEY, PLUGIN_CONFIG_RESOLVER_TOKEN, PLUGIN_METADATA, PLUGIN_METADATA_KEY, PROVIDE_AI_MODEL_LLM, PROVIDE_AI_MODEL_MODERATION, PROVIDE_AI_MODEL_RERANK, PROVIDE_AI_MODEL_SPEECH2TEXT, PROVIDE_AI_MODEL_TEXT_EMBEDDING, PROVIDE_AI_MODEL_TTS, RETRIEVER_STRATEGY, RequestContext, RequestContextMiddleware, RequirePermissionOperation, RerankModel, RetrieverRegistry, RetrieverStrategy, SANDBOX_PROVIDER, SANDBOX_SHELL_TIMEOUT_LIMITS_SEC, SKILL_SOURCE_PROVIDER, STRATEGY_META_KEY, SandboxProviderRegistry, SandboxProviderStrategy, SkillSourceProviderRegistry, SkillSourceProviderStrategy, Speech2TextChatModel, SpeechToTextModel, StrategyBus, TEXT_SPLITTER_STRATEGY, TOOLSET_STRATEGY, TextEmbeddingModelManager, TextSplitterRegistry, TextSplitterStrategy, TextToSpeechModel, ToolsetRegistry, ToolsetStrategy, USER_PERMISSION_SERVICE_TOKEN, VECTOR_STORE_STRATEGY, VIEW_EXTENSION_CACHE_SERVICE_TOKEN, VIEW_EXTENSION_PROVIDER, VectorStoreRegistry, VectorStoreStrategy, ViewExtensionProvider, ViewExtensionProviderRegistry, WORKFLOW_NODE_STRATEGY, WORKFLOW_TRIGGER_STRATEGY, WorkflowNodeRegistry, WorkflowNodeStrategy, WorkflowTriggerRegistry, WorkflowTriggerStrategy, WrapWorkflowNodeExecutionCommand, XpFileSystem, XpertServerPlugin, als, appendSandboxMessage, buildSandboxTimeoutMessage, calcTokenUsage, chunkText, countTokensSafe, createI18nInstance, createPluginLogger, defineAgentMessageType, defineChannelMessageType, downloadRemoteFile, formatSandboxTimeout, getErrorMessage, getModelContextSize, getPermissionOperationMetadata, getPositionList, getPositionMap, getRequestContext, getRequiredPermissionOperation, isRemoteFile, isSandboxBackend, isStructuredMessageType, loadYamlFile, mergeCredentials, mergeParentChildChunks, normalizeContextSize, resolveSandboxBackend, resolveSandboxExecutionOptions, runWithRequestContext, secondsToMilliseconds, sumTokenUsage };
3902
+ export { ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN, AGENT_CHAT_DISPATCH_MESSAGE_TYPE, AGENT_MIDDLEWARE_STRATEGY, AIModelProviderNotFoundException, AIModelProviderRegistry, AIModelProviderStrategy, AI_MODEL_PROVIDER, ANALYTICS_PERMISSION_SERVICE_TOKEN, AdapterDataSourceStrategy, AgentMiddlewareRegistry, AgentMiddlewareStrategy, AiModelNotFoundException, BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN, BaseHTTPQueryRunner, BaseQueryRunner, BaseSQLQueryRunner, BaseSandbox, BaseStrategyRegistry, BaseTool, BaseToolset, BuiltinToolset, CHAT_CHANNEL, CHAT_CHANNEL_TEXT_LIMITS, CancelConversationCommand, ChatChannel, ChatChannelRegistry, ChatOAICompatReasoningModel, CommonParameterRules, CreateModelClientCommand, CredentialsValidateFailedError, DATASOURCE_STRATEGY, DBCreateTableMode, DBProtocolEnum, DBSyntaxEnum, DBTableAction, DBTableDataAction, DEFAULT_EXECUTION_CONFIG, DEFAULT_SANDBOX_EXECUTION_MAX_OUTPUT_BYTES, DEFAULT_SANDBOX_FILE_OPERATION_EXECUTION_OPTIONS, DEFAULT_SANDBOX_FILE_OPERATION_TIMEOUT_MS, DEFAULT_SANDBOX_FILE_OPERATION_TIMEOUT_SEC, DEFAULT_SANDBOX_FILE_SEARCH_EXECUTION_OPTIONS, DEFAULT_SANDBOX_FILE_SEARCH_TIMEOUT_MS, DEFAULT_SANDBOX_FILE_SEARCH_TIMEOUT_SEC, DEFAULT_SANDBOX_SHELL_EXECUTION_OPTIONS, DEFAULT_SANDBOX_SHELL_TIMEOUT_MS, DEFAULT_SANDBOX_SHELL_TIMEOUT_SEC, DOCUMENT_SOURCE_STRATEGY, DOCUMENT_TRANSFORMER_STRATEGY, DataSourceStrategy, DataSourceStrategyRegistry, DocumentSourceRegistry, DocumentSourceStrategy, DocumentTransformerRegistry, DocumentTransformerStrategy, FILE_STORAGE_PROVIDER, FILE_UPLOAD_TARGET_STRATEGY, FileStorageProvider, FileStorageProviderRegistry, FileUploadTargetRegistry, FileUploadTargetStrategy, GLOBAL_ORGANIZATION_SCOPE, HANDOFF_PERMISSION_SERVICE_TOKEN, HANDOFF_PROCESSOR_STRATEGY, HANDOFF_QUEUE_SERVICE_TOKEN, HandoffProcessorRegistry, HandoffProcessorStrategy, IMAGE_UNDERSTANDING_STRATEGY, INTEGRATION_PERMISSION_SERVICE_TOKEN, INTEGRATION_STRATEGY, ImageUnderstandingRegistry, ImageUnderstandingStrategy, IntegrationStrategyKey, IntegrationStrategyRegistry, JUMP_TO_TARGETS, JsonSchemaValidator, KNOWLEDGE_STRATEGY, KnowledgeStrategyKey, KnowledgeStrategyRegistry, LLMUsage, LargeLanguageModel, ModelProvider, ORGANIZATION_METADATA_KEY, OpenAICompatibleReranker, PERMISSION_OPERATION_METADATA_KEY, PLUGIN_CONFIG_RESOLVER_TOKEN, PLUGIN_METADATA, PLUGIN_METADATA_KEY, PROVIDE_AI_MODEL_LLM, PROVIDE_AI_MODEL_MODERATION, PROVIDE_AI_MODEL_RERANK, PROVIDE_AI_MODEL_SPEECH2TEXT, PROVIDE_AI_MODEL_TEXT_EMBEDDING, PROVIDE_AI_MODEL_TTS, RETRIEVER_STRATEGY, RequestContext, RequestContextMiddleware, RequirePermissionOperation, RerankModel, RetrieverRegistry, RetrieverStrategy, SANDBOX_PROVIDER, SANDBOX_SHELL_TIMEOUT_LIMITS_SEC, SKILL_SOURCE_PROVIDER, SSOProviderRegistry, SSOProviderStrategyKey, SSO_BINDING_PERMISSION_SERVICE_TOKEN, SSO_PROVIDER, STRATEGY_META_KEY, SandboxProviderRegistry, SandboxProviderStrategy, SkillSourceProviderRegistry, SkillSourceProviderStrategy, Speech2TextChatModel, SpeechToTextModel, StrategyBus, TEXT_SPLITTER_STRATEGY, TOOLSET_STRATEGY, TextEmbeddingModelManager, TextSplitterRegistry, TextSplitterStrategy, TextToSpeechModel, ToolsetRegistry, ToolsetStrategy, USER_PERMISSION_SERVICE_TOKEN, VECTOR_STORE_STRATEGY, VIEW_EXTENSION_CACHE_SERVICE_TOKEN, VIEW_EXTENSION_PROVIDER, VectorStoreRegistry, VectorStoreStrategy, ViewExtensionProvider, ViewExtensionProviderRegistry, WORKFLOW_NODE_STRATEGY, WORKFLOW_TRIGGER_STRATEGY, WorkflowNodeRegistry, WorkflowNodeStrategy, WorkflowTriggerRegistry, WorkflowTriggerStrategy, WrapWorkflowNodeExecutionCommand, XpFileSystem, XpertServerPlugin, als, appendSandboxMessage, buildSandboxTimeoutMessage, calcTokenUsage, chunkText, countTokensSafe, createI18nInstance, createPluginLogger, defineAgentMessageType, defineChannelMessageType, downloadRemoteFile, formatSandboxTimeout, getErrorMessage, getModelContextSize, getPermissionOperationMetadata, getPositionList, getPositionMap, getRequestContext, getRequiredPermissionOperation, isRemoteFile, isSandboxBackend, isStructuredMessageType, loadYamlFile, mergeCredentials, mergeParentChildChunks, normalizeContextSize, resolveSandboxBackend, resolveSandboxExecutionOptions, runWithRequestContext, secondsToMilliseconds, sumTokenUsage };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@xpert-ai/plugin-sdk",
3
- "version": "3.9.0-beta.2",
3
+ "version": "3.9.0-beta.3",
4
4
  "license": "AGPL-3.0",
5
5
  "repository": {
6
6
  "type": "git",
package/src/index.d.ts CHANGED
@@ -15,5 +15,6 @@ export * from './lib/agent/index';
15
15
  export * from './lib/channel/index';
16
16
  export * from './lib/file/index';
17
17
  export * from './lib/strategy';
18
+ export * from './lib/sso/index';
18
19
  export * from './lib/sandbox/index';
19
20
  export * from './lib/view-extension/index';
@@ -0,0 +1,36 @@
1
+ import type { IUser } from '@xpert-ai/contracts';
2
+ import type { BasePermission } from './general';
3
+ export type AccountBindingPermissionOperation = 'read' | 'write' | 'delete';
4
+ /**
5
+ * Account Binding Permission
6
+ * Example: { type: 'account_binding', operations: ['write'], providers: ['feishu'] }
7
+ */
8
+ export interface AccountBindingPermission extends BasePermission {
9
+ type: 'account_binding';
10
+ operations?: AccountBindingPermissionOperation[];
11
+ providers?: string[];
12
+ scope?: string[];
13
+ }
14
+ /**
15
+ * System token for resolving account binding permission service from plugin context.
16
+ */
17
+ export declare const ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN = "XPERT_PLUGIN_ACCOUNT_BINDING_PERMISSION_SERVICE";
18
+ export interface BindCurrentUserInput {
19
+ provider: string;
20
+ subjectId: string;
21
+ profile?: Record<string, any>;
22
+ }
23
+ export interface ResolveBoundUserInput {
24
+ provider: string;
25
+ subjectId: string;
26
+ tenantId?: string;
27
+ }
28
+ export interface BoundIdentityRef {
29
+ provider: string;
30
+ subjectId: string;
31
+ }
32
+ export interface AccountBindingPermissionService {
33
+ bindCurrentUser(input: BindCurrentUserInput): Promise<BoundIdentityRef>;
34
+ resolveBoundUser<TUser = IUser>(input: ResolveBoundUserInput): Promise<TUser | null>;
35
+ unbindCurrentUser(provider: string): Promise<void>;
36
+ }
@@ -0,0 +1,8 @@
1
+ /**
2
+ * Shared auth token payload returned by host-controlled login flows.
3
+ */
4
+ export interface IssuedAuthTokens {
5
+ jwt: string;
6
+ refreshToken: string;
7
+ userId: string;
8
+ }
@@ -0,0 +1,25 @@
1
+ import type { IssuedAuthTokens } from './auth-login';
2
+ import type { BasePermission } from './general';
3
+ export type BoundIdentityLoginPermissionOperation = 'create';
4
+ /**
5
+ * Bound identity login permission
6
+ * Example: { type: 'bound_identity_login', operations: ['create'], providers: ['lark'] }
7
+ */
8
+ export interface BoundIdentityLoginPermission extends BasePermission {
9
+ type: 'bound_identity_login';
10
+ operations?: BoundIdentityLoginPermissionOperation[];
11
+ providers?: string[];
12
+ }
13
+ /**
14
+ * System token for resolving bound identity login permission service from plugin context.
15
+ */
16
+ export declare const BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN = "XPERT_PLUGIN_BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE";
17
+ export interface BoundIdentityLoginInput {
18
+ provider: string;
19
+ subjectId: string;
20
+ tenantId: string;
21
+ organizationId?: string | null;
22
+ }
23
+ export interface BoundIdentityLoginPermissionService {
24
+ loginWithBoundIdentity(input: BoundIdentityLoginInput): Promise<IssuedAuthTokens | null>;
25
+ }
@@ -9,15 +9,22 @@ export * from './general';
9
9
  export * from './analytics';
10
10
  export * from './operation';
11
11
  export * from './handoff';
12
+ export * from './account-binding';
13
+ export * from './auth-login';
14
+ export * from './bound-identity-login';
15
+ export * from './sso-binding';
12
16
  export * from './user';
13
17
  import type { FileSystemPermission, IntegrationPermission, KnowledgePermission, LLMPermission, VectorStorePermission } from './general';
14
18
  import type { AnalyticsPermission } from './analytics';
19
+ import type { AccountBindingPermission } from './account-binding';
20
+ import type { BoundIdentityLoginPermission } from './bound-identity-login';
15
21
  import type { HandoffPermission } from './handoff';
22
+ import type { SsoBindingPermission } from './sso-binding';
16
23
  import type { UserPermission } from './user';
17
24
  /**
18
25
  * Union type for all permissions
19
26
  */
20
- export type Permission = LLMPermission | VectorStorePermission | KnowledgePermission | FileSystemPermission | IntegrationPermission | AnalyticsPermission | UserPermission | HandoffPermission;
27
+ export type Permission = LLMPermission | VectorStorePermission | KnowledgePermission | FileSystemPermission | IntegrationPermission | AnalyticsPermission | AccountBindingPermission | BoundIdentityLoginPermission | SsoBindingPermission | UserPermission | HandoffPermission;
21
28
  /**
22
29
  * Permissions array type
23
30
  */
@@ -0,0 +1,33 @@
1
+ import type { BasePermission } from './general';
2
+ export type SsoBindingPermissionOperation = 'create';
3
+ /**
4
+ * SSO Binding Permission
5
+ * Example: { type: 'sso_binding', operations: ['create'], providers: ['lark'] }
6
+ */
7
+ export interface SsoBindingPermission extends BasePermission {
8
+ type: 'sso_binding';
9
+ operations?: SsoBindingPermissionOperation[];
10
+ providers?: string[];
11
+ }
12
+ /**
13
+ * System token for resolving the pending SSO binding challenge service from plugin context.
14
+ */
15
+ export declare const SSO_BINDING_PERMISSION_SERVICE_TOKEN = "XPERT_PLUGIN_SSO_BINDING_PERMISSION_SERVICE";
16
+ export type PendingSsoBindingFlow = 'anonymous_bind' | 'current_user_confirm';
17
+ export interface CreatePendingBindingInput {
18
+ provider: string;
19
+ subjectId: string;
20
+ tenantId: string;
21
+ organizationId?: string | null;
22
+ displayName?: string | null;
23
+ avatarUrl?: string | null;
24
+ profile?: Record<string, any> | null;
25
+ returnTo?: string | null;
26
+ flow?: PendingSsoBindingFlow;
27
+ }
28
+ export interface CreatedPendingBindingRef {
29
+ ticket: string;
30
+ }
31
+ export interface SsoBindingPermissionService {
32
+ createPendingBinding(input: CreatePendingBindingInput): Promise<CreatedPendingBindingRef>;
33
+ }
@@ -0,0 +1,3 @@
1
+ export * from './strategy.decorator';
2
+ export * from './strategy.interface';
3
+ export * from './strategy.registry';
@@ -0,0 +1,2 @@
1
+ export declare const SSO_PROVIDER = "SSO_PROVIDER";
2
+ export declare const SSOProviderStrategyKey: (provider: string) => <TFunction extends Function, Y>(target: TFunction | object, propertyKey?: string | symbol, descriptor?: TypedPropertyDescriptor<Y>) => void;
@@ -0,0 +1,15 @@
1
+ export interface ISSOProviderDescriptor {
2
+ provider: string;
3
+ displayName: string;
4
+ icon: string;
5
+ order: number;
6
+ startUrl: string;
7
+ }
8
+ export interface ISSOProviderContext {
9
+ tenantId: string;
10
+ organizationId?: string | null;
11
+ requestBaseUrl: string;
12
+ }
13
+ export interface ISSOProviderStrategy {
14
+ describe(context: ISSOProviderContext): ISSOProviderDescriptor | null | Promise<ISSOProviderDescriptor | null>;
15
+ }
@@ -0,0 +1,6 @@
1
+ import { DiscoveryService, Reflector } from '@nestjs/core';
2
+ import { BaseStrategyRegistry } from '../strategy';
3
+ import { ISSOProviderStrategy } from './strategy.interface';
4
+ export declare class SSOProviderRegistry extends BaseStrategyRegistry<ISSOProviderStrategy> {
5
+ constructor(discoveryService: DiscoveryService, reflector: Reflector);
6
+ }