npm - aai-gateway - Versions diffs - 0.3.4 → 0.3.5 - Mend

aai-gateway 0.3.4 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +118 -104
package/dist/cli.js +1 -1
package/dist/index.js +2 -2
package/dist/{server-BYtx5KIZ.js → server-DrBOLU_J.js} +686 -68
package/dist/server-DrBOLU_J.js.map +1 -0
package/package.json +1 -1
package/dist/server-BYtx5KIZ.js.map +0 -1

package/README.md CHANGED Viewed

@@ -21,7 +21,13 @@
 ---
-## 🚀 Core Innovation: Progressive Disclosure
+## Architecture
+![AAI Gateway Architecture](./images/architecture.png)
+---
+## 🚀 Core Innovations
 Traditional MCP servers return all tools on `tools/list`, causing:
@@ -32,7 +38,9 @@ Traditional MCP servers return all tools on `tools/list`, causing:
 → Reduced response accuracy
 ```
-**AAI Gateway's Solution**:
+### 1. Progressive Disclosure
+AAI Gateway's solution:
 ```
 tools/list returns only lightweight entries:
@@ -47,6 +55,18 @@ Agent calls web:discover or app:<id> on-demand to get detailed operation guides
 **Result**: **95% reduction** in context usage, faster and more accurate Agent responses.
+### 2. Unified Descriptor
+Every integration is normalized through the same `aai.json` descriptor model. At a high level, the descriptor defines:
+- App identity and metadata
+- Execution binding
+- Tool definitions
+- Parameter schemas
+- Authentication requirements
+For the full descriptor format, see the **[AAI Protocol `aai.json` spec](https://github.com/gybob/aai-protocol/blob/main/spec/aai-json.md)**.
 ---
 ## How It Works
@@ -76,7 +96,18 @@ Agent calls web:discover or app:<id> on-demand to get detailed operation guides
    → Executes and returns result
 ```
----
+### ACP Agent Workflow
+```
+1. AAI Gateway scans for installed ACP agents at startup
+   → Found agents appear as app:<agent-id> entries in tools/list
+2. User: "Use OpenCode to refactor this code"
+   → Agent finds matching app:dev.sst.opencode
+3. tools/call("app:dev.sst.opencode")
+   → Returns operation guide: session/new(), session/prompt(message)
+4. tools/call("aai:exec", {app: "dev.sst.opencode", tool: "session/prompt", args: {message: "refactor this code"}})
+   → Executes via ACP (stdio JSON-RPC) and returns result
+```
 ## 🔐 Security & Consent
@@ -103,17 +134,22 @@ AAI Gateway implements a **caller-aware consent mechanism** to protect user priv
 This ensures that each MCP client has explicit user authorization, preventing cross-client authorization leakage.
 > 💡 **Note**: Caller identity is informational and not a security boundary. The real security is enforced by the operating system (TCC on macOS, UAC on Windows, etc.).
 ---
 ## 📱 Supported Apps
 These apps have built-in descriptors and work out of the box:
-| App               | Auth Type      | Tools | Description                                         |
-| ----------------- | -------------- | ----- | --------------------------------------------------- |
-| **Notion**        | API Key        | 11    | Notes, docs, knowledge base, project management     |
-| **Yuque (语雀)**  | API Key        | 7     | Alibaba Cloud knowledge management platform         |
-| **Feishu / Lark** | App Credential | 11    | Enterprise collaboration (docs, wiki, IM, calendar) |
+| App               | Type      | Auth Type      | Tools | Description                                         |
+| ----------------- | --------- | -------------- | ----- | --------------------------------------------------- |
+| **Notion**        | Web       | API Key        | 11    | Notes, docs, knowledge base, project management     |
+| **Yuque (语雀)**  | Web       | API Key        | 7     | Alibaba Cloud knowledge management platform         |
+| **Feishu / Lark** | Web       | App Credential | 11    | Enterprise collaboration (docs, wiki, IM, calendar) |
+| **OpenCode**      | ACP Agent | None           | 4     | Open-source AI coding agent with terminal UI        |
+| **Claude Code**   | ACP Agent | None           | 4     | Anthropic's official AI coding agent                |
+| **Gemini CLI**    | ACP Agent | None           | 4     | Google's Gemini CLI coding agent                    |
 > 💡 Want to add your app? See [How to Integrate](#how-to-integrate) | [Upcoming Apps](#upcoming-apps)
 > ⚠️ **Note**: AAI Gateway is currently in active development. Bugs may exist. Contributions are welcome!
@@ -202,7 +238,7 @@ code --add-mcp '{"name":"aai-gateway","command":"npx","args":["aai-gateway"]}'
 ### How to Integrate
-There are two ways to integrate an app with AAI Gateway:
+There are two ways to integrate an app with AAI Gateway today:
 #### Method 1: Provide a Descriptor File
@@ -219,28 +255,14 @@ AAI Gateway will automatically discover and load the descriptor.
 #### Method 2: Contribute to Built-in Registry
-For web apps without a hosted descriptor, you can add a built-in descriptor to AAI Gateway:
-1. Create `src/discovery/descriptors/<app>.ts` following existing patterns
-2. Register in `src/discovery/web-registry.ts`
-3. Submit a pull request
-This is useful for:
+For apps without a hosted descriptor, you can add a built-in descriptor:
-- Apps without official API documentation
-- Custom auth configurations
-- Cold-start scenarios
+- **Web App**: Create `src/discovery/descriptors/<app>.ts`, register in `src/discovery/web-registry.ts`
+- **ACP Agent**: Create `src/discovery/descriptors/<agent>-agent.ts`, register in `src/discovery/agent-registry.ts`
-#### Descriptor Format
+Then submit a pull request.
-The descriptor follows the **[AAI Protocol specification](https://github.com/gybob/aai-protocol/blob/main/spec/aai-json.md)**. Key points:
-- All field names use **camelCase** (e.g., `schemaVersion`, `baseUrl`)
-- Supports **internationalized names** with language fallback
-- Auth types: `oauth2`, `apiKey`, `appCredential`, `cookie`
-- Tools defined with JSON Schema parameters
-For the complete spec, see **[aai.json Descriptor Spec](https://github.com/gybob/aai-protocol/blob/main/spec/aai-json.md)**.
+> **Note**: ACP agents are auto-discovered by checking if the CLI command exists on the system.
 #### Supported Auth Types
@@ -253,12 +275,13 @@ For the complete spec, see **[aai.json Descriptor Spec](https://github.com/gybob
 #### Platform Support
-| Platform    | Discovery              | IPC          | Consent   | Storage  |
-| ----------- | ---------------------- | ------------ | --------- | -------- |
-| **macOS**   | Supported              | Apple Events | osascript | Keychain |
-| **Linux**   | XDG paths              | DBus (gdbus)  | zenity/kdialog | libsecret |
-| **Windows** | Program Files          | COM (PowerShell) | PowerShell | CredMan  |
-| **Web**     | `.well-known/aai.json` | HTTP         | N/A       | Platform |
+| Platform    | Discovery              | IPC              | Consent        | Storage   |
+| ----------- | ---------------------- | ---------------- | -------------- | --------- |
+| **macOS**   | Supported              | Apple Events     | osascript      | Keychain  |
+| **Linux**   | XDG paths              | DBus (gdbus)     | zenity/kdialog | libsecret |
+| **Windows** | Program Files          | COM (PowerShell) | PowerShell     | CredMan   |
+| **Web**     | `.well-known/aai.json` | HTTP             | N/A            | Platform  |
+| **Stdio**   | Protocol only          | Planned          | N/A            | N/A       |
 > **Note**: Linux and Windows implementations are functional but may require additional testing and refinement. Contributions are welcome!
@@ -266,34 +289,39 @@ For the complete spec, see **[aai.json Descriptor Spec](https://github.com/gybob
 - **PowerShell 5.1+** (comes with Windows 10+)
 - **Execution Policy**: Must allow script execution
   ```powershell
   # Check current policy
   Get-ExecutionPolicy
   # Set to allow local scripts (recommended)
   Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
   ```
 - **Credential Manager**: Built-in Windows feature, no additional setup needed
 #### Linux Requirements
 - **DBus**: Usually pre-installed on modern Linux distributions
 - **Dialog Tools**: Install one of the following:
   ```bash
   # Ubuntu/Debian
   sudo apt install zenity  # or kdialog
   # Fedora
   sudo dnf install zenity  # or kdialog
   # Arch Linux
   sudo pacman -S zenity  # or kdialog
   ```
 - **libsecret**: For secure credential storage
   ```bash
   # Ubuntu/Debian
   sudo apt install libsecret-tools
   # Fedora
   sudo dnf install libsecret
   ```
@@ -306,95 +334,81 @@ The following apps are planned for future integration, organized by priority:
 #### 🚀 Priority P0 - High Activity + Simple Integration
-| App | Auth Type | API Base | Description |
-|-----|-----------|----------|-------------|
-| **GitHub** | OAuth2 / API Key | `api.github.com` | Code hosting, repositories, issues, PRs |
-| **Linear** | API Key | `api.linear.app` | Modern project management |
-| **Stripe** | API Key | `api.stripe.com` | Payment processing |
-| **Slack** | OAuth2 / Bot Token | `slack.com/api` | Team messaging and channels |
-| **Jira** | OAuth2 / API Token | `api.atlassian.com` | Issue and project tracking |
-| **Gitee** | API Key | `gitee.com/api/v5` | Code hosting (China) |
+| App        | Auth Type          | API Base            | Description                             |
+| ---------- | ------------------ | ------------------- | --------------------------------------- |
+| **GitHub** | OAuth2 / API Key   | `api.github.com`    | Code hosting, repositories, issues, PRs |
+| **Linear** | API Key            | `api.linear.app`    | Modern project management               |
+| **Stripe** | API Key            | `api.stripe.com`    | Payment processing                      |
+| **Slack**  | OAuth2 / Bot Token | `slack.com/api`     | Team messaging and channels             |
+| **Jira**   | OAuth2 / API Token | `api.atlassian.com` | Issue and project tracking              |
+| **Gitee**  | API Key            | `gitee.com/api/v5`  | Code hosting (China)                    |
 #### 🔥 Priority P1 - High Activity
-| App | Auth Type | API Base | Description |
-|-----|-----------|----------|-------------|
-| **Google Drive** | OAuth2 | `www.googleapis.com/drive` | Cloud storage and files |
-| **Google Calendar** | OAuth2 | `www.googleapis.com/calendar` | Calendar and scheduling |
-| **Airtable** | API Key / OAuth2 | `api.airtable.com` | Database and spreadsheets |
-| **Trello** | API Key + Token | `api.trello.com/1` | Kanban boards |
-| **Asana** | API Key / OAuth2 | `app.asana.com/api/1.0` | Project management |
-| **Discord** | Bot Token / OAuth2 | `discord.com/api/v10` | Community messaging |
-| **GitLab** | API Key / OAuth2 | `gitlab.com/api/v4` | DevOps platform |
-| **DingTalk (钉钉)** | App Credential | `api.dingtalk.com/v1.0` | Enterprise messaging (China) |
-| **WeCom (企业微信)** | App Credential | `qyapi.weixin.qq.com/cgi-bin` | Enterprise WeChat (China) |
+| App                  | Auth Type          | API Base                      | Description                  |
+| -------------------- | ------------------ | ----------------------------- | ---------------------------- |
+| **Google Drive**     | OAuth2             | `www.googleapis.com/drive`    | Cloud storage and files      |
+| **Google Calendar**  | OAuth2             | `www.googleapis.com/calendar` | Calendar and scheduling      |
+| **Airtable**         | API Key / OAuth2   | `api.airtable.com`            | Database and spreadsheets    |
+| **Trello**           | API Key + Token    | `api.trello.com/1`            | Kanban boards                |
+| **Asana**            | API Key / OAuth2   | `app.asana.com/api/1.0`       | Project management           |
+| **Discord**          | Bot Token / OAuth2 | `discord.com/api/v10`         | Community messaging          |
+| **GitLab**           | API Key / OAuth2   | `gitlab.com/api/v4`           | DevOps platform              |
+| **DingTalk (钉钉)**  | App Credential     | `api.dingtalk.com/v1.0`       | Enterprise messaging (China) |
+| **WeCom (企业微信)** | App Credential     | `qyapi.weixin.qq.com/cgi-bin` | Enterprise WeChat (China)    |
 #### 📈 Priority P2 - Medium Activity
 **Project Management & Collaboration:**
-| App | Auth Type | Description |
-|-----|-----------|-------------|
-| Monday.com | API Key | Work management platform |
-| ClickUp | API Key | Productivity platform |
-| Basecamp | OAuth2 | Project collaboration |
-| Bitbucket | API Key / OAuth2 | Git repository hosting |
+| App        | Auth Type        | Description              |
+| ---------- | ---------------- | ------------------------ |
+| Monday.com | API Key          | Work management platform |
+| ClickUp    | API Key          | Productivity platform    |
+| Basecamp   | OAuth2           | Project collaboration    |
+| Bitbucket  | API Key / OAuth2 | Git repository hosting   |
 **Communication & Email:**
-| App | Auth Type | Description |
-|-----|-----------|-------------|
-| Gmail | OAuth2 | Email by Google |
-| Microsoft Outlook | OAuth2 | Email by Microsoft |
-| SendGrid | API Key | Email delivery service |
-| Mailgun | API Key | Email API service |
-| Twilio | API Key | SMS and voice API |
-| Tencent Meeting | OAuth2 / App Credential | Video conferencing (China) |
+| App               | Auth Type               | Description                |
+| ----------------- | ----------------------- | -------------------------- |
+| Gmail             | OAuth2                  | Email by Google            |
+| Microsoft Outlook | OAuth2                  | Email by Microsoft         |
+| SendGrid          | API Key                 | Email delivery service     |
+| Mailgun           | API Key                 | Email API service          |
+| Twilio            | API Key                 | SMS and voice API          |
+| Tencent Meeting   | OAuth2 / App Credential | Video conferencing (China) |
 **Data & Storage:**
-| App | Auth Type | Description |
-|-----|-----------|-------------|
-| Supabase | API Key | Backend-as-a-Service |
-| PlanetScale | API Key | Serverless MySQL |
-| Neon | API Key | Serverless PostgreSQL |
-| Aliyun Drive | OAuth2 | Cloud storage (China) |
-| Baidu Netdisk | OAuth2 | Cloud storage (China) |
+| App           | Auth Type | Description           |
+| ------------- | --------- | --------------------- |
+| Supabase      | API Key   | Backend-as-a-Service  |
+| PlanetScale   | API Key   | Serverless MySQL      |
+| Neon          | API Key   | Serverless PostgreSQL |
+| Aliyun Drive  | OAuth2    | Cloud storage (China) |
+| Baidu Netdisk | OAuth2    | Cloud storage (China) |
 **Payments & Commerce:**
-| App | Auth Type | Description |
-|-----|-----------|-------------|
-| PayPal | OAuth2 | Payment platform |
-| Square | API Key | Payment processing |
-| Shopify | API Key | E-commerce platform |
+| App        | Auth Type      | Description              |
+| ---------- | -------------- | ------------------------ |
+| PayPal     | OAuth2         | Payment platform         |
+| Square     | API Key        | Payment processing       |
+| Shopify    | API Key        | E-commerce platform      |
 | WeChat Pay | App Credential | Payment platform (China) |
 #### 🔍 Priority P3 - Search & AI
-| App | Auth Type | API Base | Description |
-|-----|-----------|----------|-------------|
-| Brave Search | API Key | `api.search.brave.com/res/v1` | Privacy-focused search |
-| Perplexity | API Key | `api.perplexity.ai` | AI search engine |
-| Exa | API Key | `api.exa.ai` | AI-powered search |
-| Tavily | API Key | `api.tavily.com` | Search API for AI |
-#### ❌ Not Suitable for AAI Gateway
-The following MCP server types are **NOT suitable** for AAI Gateway as they require local implementation:
-| Type | Examples | Reason |
-|------|----------|--------|
-| Local Filesystem | Filesystem, Memory | Requires local file access |
-| Version Control | Git | Requires local git commands |
-| Browser Automation | Playwright, Puppeteer | Requires browser instance |
-| Code Execution | E2B, Riza | Requires sandbox environment |
-| Database Drivers | PostgreSQL, MySQL, SQLite | Requires database drivers |
-| System Commands | Shell, Terminal | Requires local command execution |
----
+| App          | Auth Type | API Base                      | Description            |
+| ------------ | --------- | ----------------------------- | ---------------------- |
+| Brave Search | API Key   | `api.search.brave.com/res/v1` | Privacy-focused search |
+| Perplexity   | API Key   | `api.perplexity.ai`           | AI search engine       |
+| Exa          | API Key   | `api.exa.ai`                  | AI-powered search      |
+| Tavily       | API Key   | `api.tavily.com`              | Search API for AI      |
 Want to see your app prioritized? [Open an issue](https://github.com/gybob/aai-gateway/issues).
 ## Links
 - **[AAI Protocol Spec](https://github.com/gybob/aai-protocol)** - Protocol specification

package/dist/cli.js CHANGED Viewed

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { b as createDesktopDiscovery, d as createGatewayServer, l as logger } from "./server-BYtx5KIZ.js";
+import { b as createDesktopDiscovery, d as createGatewayServer, l as logger } from "./server-DrBOLU_J.js";
 import { readFileSync } from "fs";
 import { fileURLToPath } from "url";
 import { dirname, join } from "path";

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { A, a, C, T, c, b, d, e, f, g, h, i, l, p, s } from "./server-BYtx5KIZ.js";
+import { A, a, C, T, c, b, d, e, f, g, h, i, l, p, s } from "./server-DrBOLU_J.js";
 export {
   A as AaiError,
   a as AaiGatewayServer,
@@ -7,7 +7,7 @@ export {
   c as createConsentDialog,
   b as createDesktopDiscovery,
   d as createGatewayServer,
-  e as createIpcExecutor,
+  e as createNativeExecutor,
   f as createSecureStorage,
   g as executeWebTool,
   h as fetchWebDescriptor,