agentic-qe 3.3.4 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/agents/v3/qe-queen-coordinator.md +332 -166
- package/.claude/helpers/statusline-v3.cjs +85 -42
- package/.claude/skills/qcsd-ideation-swarm/SKILL.md +7 -4
- package/README.md +71 -2
- package/package.json +1 -1
- package/scripts/cloud-db-config.json +10 -5
- package/scripts/merge-v3-to-root.sql +48 -0
- package/v3/CHANGELOG.md +156 -0
- package/v3/README.md +118 -1
- package/v3/assets/agents/v3/qe-queen-coordinator.md +332 -166
- package/v3/assets/skills/qcsd-ideation-swarm/SKILL.md +7 -4
- package/v3/dist/adapters/a2a/agent-cards/generator.d.ts +153 -0
- package/v3/dist/adapters/a2a/agent-cards/generator.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/agent-cards/generator.js +478 -0
- package/v3/dist/adapters/a2a/agent-cards/generator.js.map +1 -0
- package/v3/dist/adapters/a2a/agent-cards/schema.d.ts +274 -0
- package/v3/dist/adapters/a2a/agent-cards/schema.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/agent-cards/schema.js +135 -0
- package/v3/dist/adapters/a2a/agent-cards/schema.js.map +1 -0
- package/v3/dist/adapters/a2a/agent-cards/validator.d.ts +514 -0
- package/v3/dist/adapters/a2a/agent-cards/validator.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/agent-cards/validator.js +555 -0
- package/v3/dist/adapters/a2a/agent-cards/validator.js.map +1 -0
- package/v3/dist/adapters/a2a/auth/index.d.ts +23 -0
- package/v3/dist/adapters/a2a/auth/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/auth/index.js +85 -0
- package/v3/dist/adapters/a2a/auth/index.js.map +1 -0
- package/v3/dist/adapters/a2a/auth/jwt-utils.d.ts +215 -0
- package/v3/dist/adapters/a2a/auth/jwt-utils.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/auth/jwt-utils.js +314 -0
- package/v3/dist/adapters/a2a/auth/jwt-utils.js.map +1 -0
- package/v3/dist/adapters/a2a/auth/middleware.d.ts +173 -0
- package/v3/dist/adapters/a2a/auth/middleware.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/auth/middleware.js +300 -0
- package/v3/dist/adapters/a2a/auth/middleware.js.map +1 -0
- package/v3/dist/adapters/a2a/auth/oauth-provider.d.ts +308 -0
- package/v3/dist/adapters/a2a/auth/oauth-provider.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/auth/oauth-provider.js +573 -0
- package/v3/dist/adapters/a2a/auth/oauth-provider.js.map +1 -0
- package/v3/dist/adapters/a2a/auth/routes.d.ts +244 -0
- package/v3/dist/adapters/a2a/auth/routes.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/auth/routes.js +496 -0
- package/v3/dist/adapters/a2a/auth/routes.js.map +1 -0
- package/v3/dist/adapters/a2a/auth/scopes.d.ts +219 -0
- package/v3/dist/adapters/a2a/auth/scopes.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/auth/scopes.js +292 -0
- package/v3/dist/adapters/a2a/auth/scopes.js.map +1 -0
- package/v3/dist/adapters/a2a/auth/token-store.d.ts +278 -0
- package/v3/dist/adapters/a2a/auth/token-store.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/auth/token-store.js +453 -0
- package/v3/dist/adapters/a2a/auth/token-store.js.map +1 -0
- package/v3/dist/adapters/a2a/discovery/agent-health.d.ts +226 -0
- package/v3/dist/adapters/a2a/discovery/agent-health.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/discovery/agent-health.js +426 -0
- package/v3/dist/adapters/a2a/discovery/agent-health.js.map +1 -0
- package/v3/dist/adapters/a2a/discovery/discovery-service.d.ts +296 -0
- package/v3/dist/adapters/a2a/discovery/discovery-service.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/discovery/discovery-service.js +520 -0
- package/v3/dist/adapters/a2a/discovery/discovery-service.js.map +1 -0
- package/v3/dist/adapters/a2a/discovery/file-watcher.d.ts +166 -0
- package/v3/dist/adapters/a2a/discovery/file-watcher.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/discovery/file-watcher.js +385 -0
- package/v3/dist/adapters/a2a/discovery/file-watcher.js.map +1 -0
- package/v3/dist/adapters/a2a/discovery/hot-reload-service.d.ts +226 -0
- package/v3/dist/adapters/a2a/discovery/hot-reload-service.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/discovery/hot-reload-service.js +433 -0
- package/v3/dist/adapters/a2a/discovery/hot-reload-service.js.map +1 -0
- package/v3/dist/adapters/a2a/discovery/index.d.ts +18 -0
- package/v3/dist/adapters/a2a/discovery/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/discovery/index.js +54 -0
- package/v3/dist/adapters/a2a/discovery/index.js.map +1 -0
- package/v3/dist/adapters/a2a/discovery/metrics.d.ts +200 -0
- package/v3/dist/adapters/a2a/discovery/metrics.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/discovery/metrics.js +371 -0
- package/v3/dist/adapters/a2a/discovery/metrics.js.map +1 -0
- package/v3/dist/adapters/a2a/discovery/routes.d.ts +184 -0
- package/v3/dist/adapters/a2a/discovery/routes.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/discovery/routes.js +453 -0
- package/v3/dist/adapters/a2a/discovery/routes.js.map +1 -0
- package/v3/dist/adapters/a2a/index.d.ts +18 -0
- package/v3/dist/adapters/a2a/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/index.js +139 -0
- package/v3/dist/adapters/a2a/index.js.map +1 -0
- package/v3/dist/adapters/a2a/jsonrpc/envelope.d.ts +312 -0
- package/v3/dist/adapters/a2a/jsonrpc/envelope.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/jsonrpc/envelope.js +554 -0
- package/v3/dist/adapters/a2a/jsonrpc/envelope.js.map +1 -0
- package/v3/dist/adapters/a2a/jsonrpc/errors.d.ts +244 -0
- package/v3/dist/adapters/a2a/jsonrpc/errors.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/jsonrpc/errors.js +365 -0
- package/v3/dist/adapters/a2a/jsonrpc/errors.js.map +1 -0
- package/v3/dist/adapters/a2a/jsonrpc/index.d.ts +14 -0
- package/v3/dist/adapters/a2a/jsonrpc/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/jsonrpc/index.js +59 -0
- package/v3/dist/adapters/a2a/jsonrpc/index.js.map +1 -0
- package/v3/dist/adapters/a2a/jsonrpc/methods.d.ts +400 -0
- package/v3/dist/adapters/a2a/jsonrpc/methods.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/jsonrpc/methods.js +249 -0
- package/v3/dist/adapters/a2a/jsonrpc/methods.js.map +1 -0
- package/v3/dist/adapters/a2a/notifications/index.d.ts +60 -0
- package/v3/dist/adapters/a2a/notifications/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/notifications/index.js +99 -0
- package/v3/dist/adapters/a2a/notifications/index.js.map +1 -0
- package/v3/dist/adapters/a2a/notifications/retry-queue.d.ts +225 -0
- package/v3/dist/adapters/a2a/notifications/retry-queue.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/notifications/retry-queue.js +449 -0
- package/v3/dist/adapters/a2a/notifications/retry-queue.js.map +1 -0
- package/v3/dist/adapters/a2a/notifications/signature.d.ts +133 -0
- package/v3/dist/adapters/a2a/notifications/signature.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/notifications/signature.js +244 -0
- package/v3/dist/adapters/a2a/notifications/signature.js.map +1 -0
- package/v3/dist/adapters/a2a/notifications/subscription-store.d.ts +243 -0
- package/v3/dist/adapters/a2a/notifications/subscription-store.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/notifications/subscription-store.js +486 -0
- package/v3/dist/adapters/a2a/notifications/subscription-store.js.map +1 -0
- package/v3/dist/adapters/a2a/notifications/webhook-service.d.ts +257 -0
- package/v3/dist/adapters/a2a/notifications/webhook-service.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/notifications/webhook-service.js +542 -0
- package/v3/dist/adapters/a2a/notifications/webhook-service.js.map +1 -0
- package/v3/dist/adapters/a2a/tasks/index.d.ts +16 -0
- package/v3/dist/adapters/a2a/tasks/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/tasks/index.js +33 -0
- package/v3/dist/adapters/a2a/tasks/index.js.map +1 -0
- package/v3/dist/adapters/a2a/tasks/task-manager.d.ts +306 -0
- package/v3/dist/adapters/a2a/tasks/task-manager.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/tasks/task-manager.js +562 -0
- package/v3/dist/adapters/a2a/tasks/task-manager.js.map +1 -0
- package/v3/dist/adapters/a2a/tasks/task-router.d.ts +270 -0
- package/v3/dist/adapters/a2a/tasks/task-router.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/tasks/task-router.js +574 -0
- package/v3/dist/adapters/a2a/tasks/task-router.js.map +1 -0
- package/v3/dist/adapters/a2a/tasks/task-store.d.ts +251 -0
- package/v3/dist/adapters/a2a/tasks/task-store.d.ts.map +1 -0
- package/v3/dist/adapters/a2a/tasks/task-store.js +468 -0
- package/v3/dist/adapters/a2a/tasks/task-store.js.map +1 -0
- package/v3/dist/adapters/a2ui/accessibility/aria-attributes.d.ts +294 -0
- package/v3/dist/adapters/a2ui/accessibility/aria-attributes.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/accessibility/aria-attributes.js +447 -0
- package/v3/dist/adapters/a2ui/accessibility/aria-attributes.js.map +1 -0
- package/v3/dist/adapters/a2ui/accessibility/index.d.ts +83 -0
- package/v3/dist/adapters/a2ui/accessibility/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/accessibility/index.js +155 -0
- package/v3/dist/adapters/a2ui/accessibility/index.js.map +1 -0
- package/v3/dist/adapters/a2ui/accessibility/keyboard-nav.d.ts +177 -0
- package/v3/dist/adapters/a2ui/accessibility/keyboard-nav.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/accessibility/keyboard-nav.js +638 -0
- package/v3/dist/adapters/a2ui/accessibility/keyboard-nav.js.map +1 -0
- package/v3/dist/adapters/a2ui/accessibility/wcag-validator.d.ts +186 -0
- package/v3/dist/adapters/a2ui/accessibility/wcag-validator.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/accessibility/wcag-validator.js +816 -0
- package/v3/dist/adapters/a2ui/accessibility/wcag-validator.js.map +1 -0
- package/v3/dist/adapters/a2ui/catalog/component-schemas.d.ts +227 -0
- package/v3/dist/adapters/a2ui/catalog/component-schemas.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/catalog/component-schemas.js +1090 -0
- package/v3/dist/adapters/a2ui/catalog/component-schemas.js.map +1 -0
- package/v3/dist/adapters/a2ui/catalog/index.d.ts +55 -0
- package/v3/dist/adapters/a2ui/catalog/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/catalog/index.js +100 -0
- package/v3/dist/adapters/a2ui/catalog/index.js.map +1 -0
- package/v3/dist/adapters/a2ui/catalog/qe-catalog.d.ts +456 -0
- package/v3/dist/adapters/a2ui/catalog/qe-catalog.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/catalog/qe-catalog.js +413 -0
- package/v3/dist/adapters/a2ui/catalog/qe-catalog.js.map +1 -0
- package/v3/dist/adapters/a2ui/catalog/standard-catalog.d.ts +581 -0
- package/v3/dist/adapters/a2ui/catalog/standard-catalog.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/catalog/standard-catalog.js +409 -0
- package/v3/dist/adapters/a2ui/catalog/standard-catalog.js.map +1 -0
- package/v3/dist/adapters/a2ui/data/bound-value.d.ts +252 -0
- package/v3/dist/adapters/a2ui/data/bound-value.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/data/bound-value.js +403 -0
- package/v3/dist/adapters/a2ui/data/bound-value.js.map +1 -0
- package/v3/dist/adapters/a2ui/data/index.d.ts +14 -0
- package/v3/dist/adapters/a2ui/data/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/data/index.js +41 -0
- package/v3/dist/adapters/a2ui/data/index.js.map +1 -0
- package/v3/dist/adapters/a2ui/data/json-pointer-resolver.d.ts +187 -0
- package/v3/dist/adapters/a2ui/data/json-pointer-resolver.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/data/json-pointer-resolver.js +425 -0
- package/v3/dist/adapters/a2ui/data/json-pointer-resolver.js.map +1 -0
- package/v3/dist/adapters/a2ui/data/reactive-store.d.ts +241 -0
- package/v3/dist/adapters/a2ui/data/reactive-store.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/data/reactive-store.js +461 -0
- package/v3/dist/adapters/a2ui/data/reactive-store.js.map +1 -0
- package/v3/dist/adapters/a2ui/index.d.ts +17 -0
- package/v3/dist/adapters/a2ui/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/index.js +119 -0
- package/v3/dist/adapters/a2ui/index.js.map +1 -0
- package/v3/dist/adapters/a2ui/integration/agui-sync.d.ts +259 -0
- package/v3/dist/adapters/a2ui/integration/agui-sync.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/integration/agui-sync.js +559 -0
- package/v3/dist/adapters/a2ui/integration/agui-sync.js.map +1 -0
- package/v3/dist/adapters/a2ui/integration/index.d.ts +11 -0
- package/v3/dist/adapters/a2ui/integration/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/integration/index.js +23 -0
- package/v3/dist/adapters/a2ui/integration/index.js.map +1 -0
- package/v3/dist/adapters/a2ui/integration/surface-state-bridge.d.ts +209 -0
- package/v3/dist/adapters/a2ui/integration/surface-state-bridge.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/integration/surface-state-bridge.js +545 -0
- package/v3/dist/adapters/a2ui/integration/surface-state-bridge.js.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/component-builder.d.ts +227 -0
- package/v3/dist/adapters/a2ui/renderer/component-builder.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/component-builder.js +488 -0
- package/v3/dist/adapters/a2ui/renderer/component-builder.js.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/index.d.ts +16 -0
- package/v3/dist/adapters/a2ui/renderer/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/index.js +50 -0
- package/v3/dist/adapters/a2ui/renderer/index.js.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/message-types.d.ts +299 -0
- package/v3/dist/adapters/a2ui/renderer/message-types.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/message-types.js +187 -0
- package/v3/dist/adapters/a2ui/renderer/message-types.js.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/surface-generator.d.ts +210 -0
- package/v3/dist/adapters/a2ui/renderer/surface-generator.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/surface-generator.js +586 -0
- package/v3/dist/adapters/a2ui/renderer/surface-generator.js.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/templates/accessibility-surface.d.ts +149 -0
- package/v3/dist/adapters/a2ui/renderer/templates/accessibility-surface.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/templates/accessibility-surface.js +414 -0
- package/v3/dist/adapters/a2ui/renderer/templates/accessibility-surface.js.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/templates/coverage-surface.d.ts +95 -0
- package/v3/dist/adapters/a2ui/renderer/templates/coverage-surface.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/templates/coverage-surface.js +231 -0
- package/v3/dist/adapters/a2ui/renderer/templates/coverage-surface.js.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/templates/index.d.ts +12 -0
- package/v3/dist/adapters/a2ui/renderer/templates/index.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/templates/index.js +16 -0
- package/v3/dist/adapters/a2ui/renderer/templates/index.js.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/templates/security-surface.d.ts +121 -0
- package/v3/dist/adapters/a2ui/renderer/templates/security-surface.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/templates/security-surface.js +367 -0
- package/v3/dist/adapters/a2ui/renderer/templates/security-surface.js.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/templates/test-results-surface.d.ts +104 -0
- package/v3/dist/adapters/a2ui/renderer/templates/test-results-surface.d.ts.map +1 -0
- package/v3/dist/adapters/a2ui/renderer/templates/test-results-surface.js +294 -0
- package/v3/dist/adapters/a2ui/renderer/templates/test-results-surface.js.map +1 -0
- package/v3/dist/adapters/ag-ui/backpressure-handler.d.ts +201 -0
- package/v3/dist/adapters/ag-ui/backpressure-handler.d.ts.map +1 -0
- package/v3/dist/adapters/ag-ui/backpressure-handler.js +399 -0
- package/v3/dist/adapters/ag-ui/backpressure-handler.js.map +1 -0
- package/v3/dist/adapters/ag-ui/event-adapter.d.ts +360 -0
- package/v3/dist/adapters/ag-ui/event-adapter.d.ts.map +1 -0
- package/v3/dist/adapters/ag-ui/event-adapter.js +1083 -0
- package/v3/dist/adapters/ag-ui/event-adapter.js.map +1 -0
- package/v3/dist/adapters/ag-ui/event-batcher.d.ts +242 -0
- package/v3/dist/adapters/ag-ui/event-batcher.d.ts.map +1 -0
- package/v3/dist/adapters/ag-ui/event-batcher.js +444 -0
- package/v3/dist/adapters/ag-ui/event-batcher.js.map +1 -0
- package/v3/dist/adapters/ag-ui/event-types.d.ts +450 -0
- package/v3/dist/adapters/ag-ui/event-types.d.ts.map +1 -0
- package/v3/dist/adapters/ag-ui/event-types.js +173 -0
- package/v3/dist/adapters/ag-ui/event-types.js.map +1 -0
- package/v3/dist/adapters/ag-ui/index.d.ts +17 -0
- package/v3/dist/adapters/ag-ui/index.d.ts.map +1 -0
- package/v3/dist/adapters/ag-ui/index.js +47 -0
- package/v3/dist/adapters/ag-ui/index.js.map +1 -0
- package/v3/dist/adapters/ag-ui/json-patch-utils.d.ts +136 -0
- package/v3/dist/adapters/ag-ui/json-patch-utils.d.ts.map +1 -0
- package/v3/dist/adapters/ag-ui/json-patch-utils.js +574 -0
- package/v3/dist/adapters/ag-ui/json-patch-utils.js.map +1 -0
- package/v3/dist/adapters/ag-ui/json-patch.d.ts +241 -0
- package/v3/dist/adapters/ag-ui/json-patch.d.ts.map +1 -0
- package/v3/dist/adapters/ag-ui/json-patch.js +726 -0
- package/v3/dist/adapters/ag-ui/json-patch.js.map +1 -0
- package/v3/dist/adapters/ag-ui/state-delta-cache.d.ts +218 -0
- package/v3/dist/adapters/ag-ui/state-delta-cache.d.ts.map +1 -0
- package/v3/dist/adapters/ag-ui/state-delta-cache.js +422 -0
- package/v3/dist/adapters/ag-ui/state-delta-cache.js.map +1 -0
- package/v3/dist/adapters/ag-ui/state-manager.d.ts +249 -0
- package/v3/dist/adapters/ag-ui/state-manager.d.ts.map +1 -0
- package/v3/dist/adapters/ag-ui/state-manager.js +511 -0
- package/v3/dist/adapters/ag-ui/state-manager.js.map +1 -0
- package/v3/dist/adapters/ag-ui/stream-controller.d.ts +195 -0
- package/v3/dist/adapters/ag-ui/stream-controller.d.ts.map +1 -0
- package/v3/dist/adapters/ag-ui/stream-controller.js +481 -0
- package/v3/dist/adapters/ag-ui/stream-controller.js.map +1 -0
- package/v3/dist/adapters/index.d.ts +4 -0
- package/v3/dist/adapters/index.d.ts.map +1 -1
- package/v3/dist/adapters/index.js +89 -0
- package/v3/dist/adapters/index.js.map +1 -1
- package/v3/dist/cli/bundle.js +1507 -425
- package/v3/dist/coordination/consensus/providers/claude-provider.js +1 -1
- package/v3/dist/coordination/consensus/providers/gemini-provider.js +1 -1
- package/v3/dist/coordination/consensus/providers/openai-provider.js +1 -1
- package/v3/dist/init/init-wizard.d.ts.map +1 -1
- package/v3/dist/init/init-wizard.js +19 -4
- package/v3/dist/init/init-wizard.js.map +1 -1
- package/v3/dist/init/migration/config-migrator.d.ts.map +1 -1
- package/v3/dist/init/migration/config-migrator.js +15 -1
- package/v3/dist/init/migration/config-migrator.js.map +1 -1
- package/v3/dist/init/phases/05-learning.js +1 -1
- package/v3/dist/init/phases/05-learning.js.map +1 -1
- package/v3/dist/init/self-configurator.d.ts +7 -0
- package/v3/dist/init/self-configurator.d.ts.map +1 -1
- package/v3/dist/init/self-configurator.js +23 -27
- package/v3/dist/init/self-configurator.js.map +1 -1
- package/v3/dist/integrations/ruvector/interfaces.js +1 -1
- package/v3/dist/integrations/ruvector/interfaces.js.map +1 -1
- package/v3/dist/kernel/index.d.ts +1 -1
- package/v3/dist/kernel/index.d.ts.map +1 -1
- package/v3/dist/kernel/index.js +3 -1
- package/v3/dist/kernel/index.js.map +1 -1
- package/v3/dist/kernel/plugin-loader.d.ts.map +1 -1
- package/v3/dist/kernel/plugin-loader.js +6 -1
- package/v3/dist/kernel/plugin-loader.js.map +1 -1
- package/v3/dist/kernel/unified-memory.d.ts +123 -0
- package/v3/dist/kernel/unified-memory.d.ts.map +1 -1
- package/v3/dist/kernel/unified-memory.js +258 -2
- package/v3/dist/kernel/unified-memory.js.map +1 -1
- package/v3/dist/learning/qe-unified-memory.js +1 -1
- package/v3/dist/learning/qe-unified-memory.js.map +1 -1
- package/v3/dist/learning/real-qe-reasoning-bank.js +2 -2
- package/v3/dist/learning/real-qe-reasoning-bank.js.map +1 -1
- package/v3/dist/learning/sqlite-persistence.d.ts +1 -1
- package/v3/dist/learning/sqlite-persistence.js +1 -1
- package/v3/dist/learning/sqlite-persistence.js.map +1 -1
- package/v3/dist/learning/v2-to-v3-migration.d.ts +2 -2
- package/v3/dist/learning/v2-to-v3-migration.d.ts.map +1 -1
- package/v3/dist/learning/v2-to-v3-migration.js +2 -2
- package/v3/dist/learning/v2-to-v3-migration.js.map +1 -1
- package/v3/dist/mcp/bundle.js +63075 -53304
- package/v3/dist/mcp/entry.d.ts +5 -0
- package/v3/dist/mcp/entry.d.ts.map +1 -1
- package/v3/dist/mcp/entry.js +36 -0
- package/v3/dist/mcp/entry.js.map +1 -1
- package/v3/dist/mcp/http-server.d.ts +95 -0
- package/v3/dist/mcp/http-server.d.ts.map +1 -0
- package/v3/dist/mcp/http-server.js +833 -0
- package/v3/dist/mcp/http-server.js.map +1 -0
- package/v3/dist/mcp/protocol-server.d.ts +6 -0
- package/v3/dist/mcp/protocol-server.d.ts.map +1 -1
- package/v3/dist/mcp/protocol-server.js +40 -0
- package/v3/dist/mcp/protocol-server.js.map +1 -1
- package/v3/dist/mcp/transport/index.d.ts +25 -3
- package/v3/dist/mcp/transport/index.d.ts.map +1 -1
- package/v3/dist/mcp/transport/index.js +22 -4
- package/v3/dist/mcp/transport/index.js.map +1 -1
- package/v3/dist/mcp/transport/sse/connection-manager.d.ts +84 -0
- package/v3/dist/mcp/transport/sse/connection-manager.d.ts.map +1 -0
- package/v3/dist/mcp/transport/sse/connection-manager.js +271 -0
- package/v3/dist/mcp/transport/sse/connection-manager.js.map +1 -0
- package/v3/dist/mcp/transport/sse/index.d.ts +10 -0
- package/v3/dist/mcp/transport/sse/index.d.ts.map +1 -0
- package/v3/dist/mcp/transport/sse/index.js +15 -0
- package/v3/dist/mcp/transport/sse/index.js.map +1 -0
- package/v3/dist/mcp/transport/sse/sse-transport.d.ts +56 -0
- package/v3/dist/mcp/transport/sse/sse-transport.d.ts.map +1 -0
- package/v3/dist/mcp/transport/sse/sse-transport.js +381 -0
- package/v3/dist/mcp/transport/sse/sse-transport.js.map +1 -0
- package/v3/dist/mcp/transport/sse/types.d.ts +237 -0
- package/v3/dist/mcp/transport/sse/types.d.ts.map +1 -0
- package/v3/dist/mcp/transport/sse/types.js +37 -0
- package/v3/dist/mcp/transport/sse/types.js.map +1 -0
- package/v3/dist/mcp/transport/websocket/connection-manager.d.ts +143 -0
- package/v3/dist/mcp/transport/websocket/connection-manager.d.ts.map +1 -0
- package/v3/dist/mcp/transport/websocket/connection-manager.js +522 -0
- package/v3/dist/mcp/transport/websocket/connection-manager.js.map +1 -0
- package/v3/dist/mcp/transport/websocket/index.d.ts +10 -0
- package/v3/dist/mcp/transport/websocket/index.d.ts.map +1 -0
- package/v3/dist/mcp/transport/websocket/index.js +19 -0
- package/v3/dist/mcp/transport/websocket/index.js.map +1 -0
- package/v3/dist/mcp/transport/websocket/types.d.ts +354 -0
- package/v3/dist/mcp/transport/websocket/types.d.ts.map +1 -0
- package/v3/dist/mcp/transport/websocket/types.js +49 -0
- package/v3/dist/mcp/transport/websocket/types.js.map +1 -0
- package/v3/dist/mcp/transport/websocket/websocket-transport.d.ts +77 -0
- package/v3/dist/mcp/transport/websocket/websocket-transport.d.ts.map +1 -0
- package/v3/dist/mcp/transport/websocket/websocket-transport.js +622 -0
- package/v3/dist/mcp/transport/websocket/websocket-transport.js.map +1 -0
- package/v3/dist/memory/crdt/convergence-tracker.d.ts +59 -0
- package/v3/dist/memory/crdt/convergence-tracker.d.ts.map +1 -0
- package/v3/dist/memory/crdt/convergence-tracker.js +325 -0
- package/v3/dist/memory/crdt/convergence-tracker.js.map +1 -0
- package/v3/dist/memory/crdt/crdt-store.d.ts +55 -0
- package/v3/dist/memory/crdt/crdt-store.d.ts.map +1 -0
- package/v3/dist/memory/crdt/crdt-store.js +582 -0
- package/v3/dist/memory/crdt/crdt-store.js.map +1 -0
- package/v3/dist/memory/crdt/g-counter.d.ts +47 -0
- package/v3/dist/memory/crdt/g-counter.d.ts.map +1 -0
- package/v3/dist/memory/crdt/g-counter.js +134 -0
- package/v3/dist/memory/crdt/g-counter.js.map +1 -0
- package/v3/dist/memory/crdt/index.d.ts +52 -0
- package/v3/dist/memory/crdt/index.d.ts.map +1 -0
- package/v3/dist/memory/crdt/index.js +66 -0
- package/v3/dist/memory/crdt/index.js.map +1 -0
- package/v3/dist/memory/crdt/lww-register.d.ts +40 -0
- package/v3/dist/memory/crdt/lww-register.d.ts.map +1 -0
- package/v3/dist/memory/crdt/lww-register.js +133 -0
- package/v3/dist/memory/crdt/lww-register.js.map +1 -0
- package/v3/dist/memory/crdt/or-set.d.ts +62 -0
- package/v3/dist/memory/crdt/or-set.d.ts.map +1 -0
- package/v3/dist/memory/crdt/or-set.js +336 -0
- package/v3/dist/memory/crdt/or-set.js.map +1 -0
- package/v3/dist/memory/crdt/pn-counter.d.ts +53 -0
- package/v3/dist/memory/crdt/pn-counter.d.ts.map +1 -0
- package/v3/dist/memory/crdt/pn-counter.js +147 -0
- package/v3/dist/memory/crdt/pn-counter.js.map +1 -0
- package/v3/dist/memory/crdt/types.d.ts +397 -0
- package/v3/dist/memory/crdt/types.d.ts.map +1 -0
- package/v3/dist/memory/crdt/types.js +12 -0
- package/v3/dist/memory/crdt/types.js.map +1 -0
- package/v3/dist/memory/index.d.ts +5 -2
- package/v3/dist/memory/index.d.ts.map +1 -1
- package/v3/dist/memory/index.js +5 -2
- package/v3/dist/memory/index.js.map +1 -1
- package/v3/dist/performance/benchmarks.d.ts +215 -0
- package/v3/dist/performance/benchmarks.d.ts.map +1 -0
- package/v3/dist/performance/benchmarks.js +516 -0
- package/v3/dist/performance/benchmarks.js.map +1 -0
- package/v3/dist/performance/ci-gates.d.ts +149 -0
- package/v3/dist/performance/ci-gates.d.ts.map +1 -0
- package/v3/dist/performance/ci-gates.js +425 -0
- package/v3/dist/performance/ci-gates.js.map +1 -0
- package/v3/dist/performance/index.d.ts +18 -0
- package/v3/dist/performance/index.d.ts.map +1 -0
- package/v3/dist/performance/index.js +26 -0
- package/v3/dist/performance/index.js.map +1 -0
- package/v3/dist/performance/optimizer.d.ts +323 -0
- package/v3/dist/performance/optimizer.d.ts.map +1 -0
- package/v3/dist/performance/optimizer.js +592 -0
- package/v3/dist/performance/optimizer.js.map +1 -0
- package/v3/dist/performance/profiler.d.ts +195 -0
- package/v3/dist/performance/profiler.d.ts.map +1 -0
- package/v3/dist/performance/profiler.js +369 -0
- package/v3/dist/performance/profiler.js.map +1 -0
- package/v3/dist/performance/run-gates.d.ts +23 -0
- package/v3/dist/performance/run-gates.d.ts.map +1 -0
- package/v3/dist/performance/run-gates.js +122 -0
- package/v3/dist/performance/run-gates.js.map +1 -0
- package/v3/dist/sync/claude-flow-bridge.d.ts +1 -1
- package/v3/dist/sync/claude-flow-bridge.js +1 -1
- package/v3/dist/sync/interfaces.d.ts +6 -0
- package/v3/dist/sync/interfaces.d.ts.map +1 -1
- package/v3/dist/sync/interfaces.js +34 -47
- package/v3/dist/sync/interfaces.js.map +1 -1
- package/v3/dist/sync/readers/sqlite-reader.d.ts +1 -1
- package/v3/dist/sync/readers/sqlite-reader.js +1 -1
- package/v3/dist/testing/index.d.ts +6 -0
- package/v3/dist/testing/index.d.ts.map +1 -0
- package/v3/dist/testing/index.js +7 -0
- package/v3/dist/testing/index.js.map +1 -0
- package/v3/dist/testing/load/agent-load-tester.d.ts +221 -0
- package/v3/dist/testing/load/agent-load-tester.d.ts.map +1 -0
- package/v3/dist/testing/load/agent-load-tester.js +566 -0
- package/v3/dist/testing/load/agent-load-tester.js.map +1 -0
- package/v3/dist/testing/load/bottleneck-analyzer.d.ts +150 -0
- package/v3/dist/testing/load/bottleneck-analyzer.d.ts.map +1 -0
- package/v3/dist/testing/load/bottleneck-analyzer.js +442 -0
- package/v3/dist/testing/load/bottleneck-analyzer.js.map +1 -0
- package/v3/dist/testing/load/index.d.ts +17 -0
- package/v3/dist/testing/load/index.d.ts.map +1 -0
- package/v3/dist/testing/load/index.js +23 -0
- package/v3/dist/testing/load/index.js.map +1 -0
- package/v3/dist/testing/load/metrics-collector.d.ts +275 -0
- package/v3/dist/testing/load/metrics-collector.d.ts.map +1 -0
- package/v3/dist/testing/load/metrics-collector.js +475 -0
- package/v3/dist/testing/load/metrics-collector.js.map +1 -0
- package/v3/package.json +5 -1
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* A2A OAuth 2.0 Authentication Module
|
|
3
|
+
*
|
|
4
|
+
* Provides OAuth 2.0 authentication infrastructure for the A2A protocol:
|
|
5
|
+
* - OAuth 2.0 Provider (authorization code + client credentials flows)
|
|
6
|
+
* - Token Store (in-memory token storage with TTL)
|
|
7
|
+
* - JWT Utilities (signing, verification, decoding)
|
|
8
|
+
* - Scope Definitions (A2A core + QE domain scopes)
|
|
9
|
+
* - JWT validation middleware
|
|
10
|
+
* - OAuth 2.0 token endpoints
|
|
11
|
+
* - OpenID Connect discovery
|
|
12
|
+
*
|
|
13
|
+
* @module adapters/a2a/auth
|
|
14
|
+
* @see https://a2a-protocol.org/latest/specification/
|
|
15
|
+
* @see https://datatracker.ietf.org/doc/html/rfc6749
|
|
16
|
+
*/
|
|
17
|
+
// ============================================================================
|
|
18
|
+
// Scopes
|
|
19
|
+
// ============================================================================
|
|
20
|
+
export {
|
|
21
|
+
// Core Scopes
|
|
22
|
+
A2A_CORE_SCOPES,
|
|
23
|
+
// Domain Scopes
|
|
24
|
+
A2A_DOMAIN_SCOPES,
|
|
25
|
+
// Combined Scopes
|
|
26
|
+
A2A_SCOPES,
|
|
27
|
+
// Scope Utilities
|
|
28
|
+
getScopeDescription, isValidScope, scopeHierarchy, expandScopes, validateScopes, getMissingScopes, normalizeScopes, parseScopeString, formatScopeString,
|
|
29
|
+
// Scope Categories
|
|
30
|
+
getScopesByCategory, getQEDomainScopes, getCoreScopes,
|
|
31
|
+
// Default Scopes
|
|
32
|
+
DEFAULT_CLIENT_SCOPES, ADMIN_SCOPES, } from './scopes.js';
|
|
33
|
+
// ============================================================================
|
|
34
|
+
// JWT Utilities
|
|
35
|
+
// ============================================================================
|
|
36
|
+
export {
|
|
37
|
+
// Error Types
|
|
38
|
+
JWTError,
|
|
39
|
+
// Signing Functions
|
|
40
|
+
signJWT, signAccessToken, signRefreshToken,
|
|
41
|
+
// Verification Functions
|
|
42
|
+
verifyJWT,
|
|
43
|
+
// Decoding Functions
|
|
44
|
+
decodeJWT,
|
|
45
|
+
// Utility Functions
|
|
46
|
+
isTokenExpired, getTokenTTL, extractScopes as extractScopesFromToken, hasScope as tokenHasScope, generateTokenId, getCurrentTimestamp, } from './jwt-utils.js';
|
|
47
|
+
// ============================================================================
|
|
48
|
+
// Token Store
|
|
49
|
+
// ============================================================================
|
|
50
|
+
export {
|
|
51
|
+
// Token Store Class
|
|
52
|
+
TokenStore, createTokenStore, DEFAULT_TOKEN_STORE_CONFIG, } from './token-store.js';
|
|
53
|
+
// ============================================================================
|
|
54
|
+
// OAuth 2.0 Provider
|
|
55
|
+
// ============================================================================
|
|
56
|
+
export {
|
|
57
|
+
// Provider Class
|
|
58
|
+
OAuth2Provider as OAuth2ProviderImpl, createOAuth2Provider, createTestOAuth2Provider, DEFAULT_OAUTH2_CONFIG,
|
|
59
|
+
// Error Types
|
|
60
|
+
OAuth2ProviderError, } from './oauth-provider.js';
|
|
61
|
+
// ============================================================================
|
|
62
|
+
// Middleware
|
|
63
|
+
// ============================================================================
|
|
64
|
+
export {
|
|
65
|
+
// Error Factory
|
|
66
|
+
createOAuthError,
|
|
67
|
+
// Token Extraction
|
|
68
|
+
extractBearerToken, parseScopes,
|
|
69
|
+
// JWT Middleware
|
|
70
|
+
createJWTMiddleware, jwtAuthMiddleware,
|
|
71
|
+
// Scope Validation
|
|
72
|
+
requireScopes, hasScope, hasAnyScope, hasAllScopes,
|
|
73
|
+
// Utility Middleware
|
|
74
|
+
optionalAuth, mockAuthMiddleware, } from './middleware.js';
|
|
75
|
+
// ============================================================================
|
|
76
|
+
// Routes
|
|
77
|
+
// ============================================================================
|
|
78
|
+
export {
|
|
79
|
+
// Configuration
|
|
80
|
+
DEFAULT_OAUTH_ROUTES_CONFIG,
|
|
81
|
+
// Route Factory
|
|
82
|
+
getOAuthRouteDefinitions, createOAuthRoutes,
|
|
83
|
+
// Utilities
|
|
84
|
+
validateRedirectUri, generateCodeChallenge, verifyCodeChallenge, } from './routes.js';
|
|
85
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/adapters/a2a/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,+EAA+E;AAC/E,SAAS;AACT,+EAA+E;AAE/E,OAAO;AACL,cAAc;AACd,eAAe;AAGf,gBAAgB;AAChB,iBAAiB;AAGjB,kBAAkB;AAClB,UAAU;AAGV,kBAAkB;AAClB,mBAAmB,EACnB,YAAY,EACZ,cAAc,EACd,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB;AAEjB,mBAAmB;AACnB,mBAAmB,EACnB,iBAAiB,EACjB,aAAa;AAEb,iBAAiB;AACjB,qBAAqB,EACrB,YAAY,GACb,MAAM,aAAa,CAAC;AAErB,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,OAAO;AAOL,cAAc;AACd,QAAQ;AAGR,oBAAoB;AACpB,OAAO,EACP,eAAe,EACf,gBAAgB;AAEhB,yBAAyB;AACzB,SAAS;AAET,qBAAqB;AACrB,SAAS;AAET,oBAAoB;AACpB,cAAc,EACd,WAAW,EACX,aAAa,IAAI,sBAAsB,EACvC,QAAQ,IAAI,aAAa,EACzB,eAAe,EACf,mBAAmB,GACpB,MAAM,gBAAgB,CAAC;AAExB,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E,OAAO;AACL,oBAAoB;AACpB,UAAU,EACV,gBAAgB,EAIhB,0BAA0B,GAW3B,MAAM,kBAAkB,CAAC;AAE1B,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E,OAAO;AACL,iBAAiB;AACjB,cAAc,IAAI,kBAAkB,EACpC,oBAAoB,EACpB,wBAAwB,EAIxB,qBAAqB;AASrB,cAAc;AACd,mBAAmB,GAMpB,MAAM,qBAAqB,CAAC;AAE7B,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E,OAAO;AAUL,gBAAgB;AAChB,gBAAgB;AAEhB,mBAAmB;AACnB,kBAAkB,EAClB,WAAW;AAEX,iBAAiB;AACjB,mBAAmB,EACnB,iBAAiB;AAEjB,mBAAmB;AACnB,aAAa,EACb,QAAQ,EACR,WAAW,EACX,YAAY;AAEZ,qBAAqB;AACrB,YAAY,EACZ,kBAAkB,GACnB,MAAM,iBAAiB,CAAC;AAEzB,+EAA+E;AAC/E,SAAS;AACT,+EAA+E;AAE/E,OAAO;AAYL,gBAAgB;AAChB,2BAA2B;AAE3B,gBAAgB;AAChB,wBAAwB,EACxB,iBAAiB;AAEjB,YAAY;AACZ,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,aAAa,CAAC"}
|
|
@@ -0,0 +1,215 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* A2A JWT Utilities
|
|
3
|
+
*
|
|
4
|
+
* Provides JWT signing, verification, and decoding using the 'jose' library.
|
|
5
|
+
* Implements standard JWT claims with A2A-specific extensions.
|
|
6
|
+
*
|
|
7
|
+
* @module adapters/a2a/auth/jwt-utils
|
|
8
|
+
*/
|
|
9
|
+
import * as jose from 'jose';
|
|
10
|
+
/**
|
|
11
|
+
* Standard JWT payload with A2A extensions
|
|
12
|
+
*/
|
|
13
|
+
export interface JWTPayload {
|
|
14
|
+
/** Issuer - who issued the token */
|
|
15
|
+
readonly iss?: string;
|
|
16
|
+
/** Subject - the client/user ID */
|
|
17
|
+
readonly sub?: string;
|
|
18
|
+
/** Audience - intended recipient */
|
|
19
|
+
readonly aud?: string | string[];
|
|
20
|
+
/** Expiration time (Unix timestamp) */
|
|
21
|
+
readonly exp?: number;
|
|
22
|
+
/** Not before time (Unix timestamp) */
|
|
23
|
+
readonly nbf?: number;
|
|
24
|
+
/** Issued at time (Unix timestamp) */
|
|
25
|
+
readonly iat?: number;
|
|
26
|
+
/** JWT ID - unique identifier for the token */
|
|
27
|
+
readonly jti?: string;
|
|
28
|
+
/** OAuth 2.0 scopes (space-separated) */
|
|
29
|
+
readonly scope?: string;
|
|
30
|
+
/** Client ID for machine-to-machine auth */
|
|
31
|
+
readonly client_id?: string;
|
|
32
|
+
/** Token type (access, refresh) */
|
|
33
|
+
readonly token_type?: 'access' | 'refresh';
|
|
34
|
+
/** Additional custom claims */
|
|
35
|
+
readonly [key: string]: unknown;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Options for signing a JWT
|
|
39
|
+
*/
|
|
40
|
+
export interface SignOptions {
|
|
41
|
+
/** Algorithm to use (default: HS256) */
|
|
42
|
+
readonly algorithm?: 'HS256' | 'HS384' | 'HS512' | 'RS256' | 'RS384' | 'RS512' | 'ES256' | 'ES384' | 'ES512';
|
|
43
|
+
/** Token expiration in seconds (default: 3600) */
|
|
44
|
+
readonly expiresIn?: number;
|
|
45
|
+
/** Not before offset in seconds (default: 0) */
|
|
46
|
+
readonly notBefore?: number;
|
|
47
|
+
/** Issuer claim */
|
|
48
|
+
readonly issuer?: string;
|
|
49
|
+
/** Audience claim */
|
|
50
|
+
readonly audience?: string | string[];
|
|
51
|
+
/** JWT ID (auto-generated if not provided) */
|
|
52
|
+
readonly jti?: string;
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Options for verifying a JWT
|
|
56
|
+
*/
|
|
57
|
+
export interface VerifyOptions {
|
|
58
|
+
/** Expected issuer */
|
|
59
|
+
readonly issuer?: string;
|
|
60
|
+
/** Expected audience */
|
|
61
|
+
readonly audience?: string | string[];
|
|
62
|
+
/** Clock tolerance in seconds (default: 0) */
|
|
63
|
+
readonly clockTolerance?: number;
|
|
64
|
+
/** Current time override for testing */
|
|
65
|
+
readonly currentTime?: Date;
|
|
66
|
+
/** Required claims */
|
|
67
|
+
readonly requiredClaims?: string[];
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Result of JWT decoding (without verification)
|
|
71
|
+
*/
|
|
72
|
+
export interface DecodedJWT {
|
|
73
|
+
/** JWT header */
|
|
74
|
+
readonly header: jose.JWTHeaderParameters;
|
|
75
|
+
/** JWT payload */
|
|
76
|
+
readonly payload: JWTPayload;
|
|
77
|
+
/** Original token signature */
|
|
78
|
+
readonly signature: string;
|
|
79
|
+
}
|
|
80
|
+
/**
|
|
81
|
+
* JWT-related error
|
|
82
|
+
*/
|
|
83
|
+
export declare class JWTError extends Error {
|
|
84
|
+
readonly code: JWTErrorCode;
|
|
85
|
+
constructor(code: JWTErrorCode, message: string);
|
|
86
|
+
}
|
|
87
|
+
/**
|
|
88
|
+
* JWT error codes
|
|
89
|
+
*/
|
|
90
|
+
export type JWTErrorCode = 'TOKEN_EXPIRED' | 'TOKEN_NOT_VALID_YET' | 'INVALID_SIGNATURE' | 'INVALID_TOKEN' | 'MISSING_CLAIM' | 'INVALID_ISSUER' | 'INVALID_AUDIENCE' | 'ALGORITHM_MISMATCH';
|
|
91
|
+
/**
|
|
92
|
+
* Sign a JWT with the given payload and secret
|
|
93
|
+
*
|
|
94
|
+
* @param payload - The JWT payload
|
|
95
|
+
* @param secret - The signing secret (for HMAC) or private key (for RSA/EC)
|
|
96
|
+
* @param options - Signing options
|
|
97
|
+
* @returns The signed JWT string
|
|
98
|
+
*
|
|
99
|
+
* @example
|
|
100
|
+
* ```typescript
|
|
101
|
+
* const token = await signJWT(
|
|
102
|
+
* { sub: 'client-123', scope: 'agent:read task:create' },
|
|
103
|
+
* 'my-secret-key',
|
|
104
|
+
* { expiresIn: 3600, issuer: 'a2a-platform' }
|
|
105
|
+
* );
|
|
106
|
+
* ```
|
|
107
|
+
*/
|
|
108
|
+
export declare function signJWT(payload: JWTPayload, secret: string | Uint8Array, options?: SignOptions): Promise<string>;
|
|
109
|
+
/**
|
|
110
|
+
* Sign a JWT for an access token
|
|
111
|
+
*
|
|
112
|
+
* @param clientId - The client ID
|
|
113
|
+
* @param scopes - Array of granted scopes
|
|
114
|
+
* @param secret - The signing secret
|
|
115
|
+
* @param options - Additional signing options
|
|
116
|
+
* @returns The signed access token
|
|
117
|
+
*/
|
|
118
|
+
export declare function signAccessToken(clientId: string, scopes: string[], secret: string | Uint8Array, options?: SignOptions): Promise<string>;
|
|
119
|
+
/**
|
|
120
|
+
* Sign a JWT for a refresh token
|
|
121
|
+
*
|
|
122
|
+
* @param clientId - The client ID
|
|
123
|
+
* @param scopes - Array of granted scopes
|
|
124
|
+
* @param secret - The signing secret
|
|
125
|
+
* @param options - Additional signing options
|
|
126
|
+
* @returns The signed refresh token
|
|
127
|
+
*/
|
|
128
|
+
export declare function signRefreshToken(clientId: string, scopes: string[], secret: string | Uint8Array, options?: SignOptions): Promise<string>;
|
|
129
|
+
/**
|
|
130
|
+
* Verify a JWT and return the payload
|
|
131
|
+
*
|
|
132
|
+
* @param token - The JWT string to verify
|
|
133
|
+
* @param secret - The secret or public key for verification
|
|
134
|
+
* @param options - Verification options
|
|
135
|
+
* @returns The verified JWT payload
|
|
136
|
+
* @throws {JWTError} If verification fails
|
|
137
|
+
*
|
|
138
|
+
* @example
|
|
139
|
+
* ```typescript
|
|
140
|
+
* try {
|
|
141
|
+
* const payload = await verifyJWT(token, 'my-secret-key', {
|
|
142
|
+
* issuer: 'a2a-platform',
|
|
143
|
+
* audience: 'my-agent',
|
|
144
|
+
* });
|
|
145
|
+
* console.log('Client:', payload.sub);
|
|
146
|
+
* console.log('Scopes:', payload.scope);
|
|
147
|
+
* } catch (error) {
|
|
148
|
+
* if (error instanceof JWTError) {
|
|
149
|
+
* console.error('JWT Error:', error.code, error.message);
|
|
150
|
+
* }
|
|
151
|
+
* }
|
|
152
|
+
* ```
|
|
153
|
+
*/
|
|
154
|
+
export declare function verifyJWT(token: string, secret: string | Uint8Array, options?: VerifyOptions): Promise<JWTPayload>;
|
|
155
|
+
/**
|
|
156
|
+
* Decode a JWT without verifying the signature
|
|
157
|
+
*
|
|
158
|
+
* WARNING: This does NOT verify the token! Use only for extracting
|
|
159
|
+
* information when verification is not required (e.g., reading claims
|
|
160
|
+
* before deciding which key to use for verification).
|
|
161
|
+
*
|
|
162
|
+
* @param token - The JWT string to decode
|
|
163
|
+
* @returns The decoded JWT with header, payload, and signature
|
|
164
|
+
* @throws {JWTError} If the token format is invalid
|
|
165
|
+
*
|
|
166
|
+
* @example
|
|
167
|
+
* ```typescript
|
|
168
|
+
* const decoded = decodeJWT(token);
|
|
169
|
+
* console.log('Algorithm:', decoded.header.alg);
|
|
170
|
+
* console.log('Subject:', decoded.payload.sub);
|
|
171
|
+
* ```
|
|
172
|
+
*/
|
|
173
|
+
export declare function decodeJWT(token: string): DecodedJWT;
|
|
174
|
+
/**
|
|
175
|
+
* Check if a JWT is expired (without verification)
|
|
176
|
+
*
|
|
177
|
+
* @param token - The JWT string or decoded payload
|
|
178
|
+
* @returns True if the token is expired
|
|
179
|
+
*/
|
|
180
|
+
export declare function isTokenExpired(token: string | JWTPayload): boolean;
|
|
181
|
+
/**
|
|
182
|
+
* Get the time until token expiration
|
|
183
|
+
*
|
|
184
|
+
* @param token - The JWT string or decoded payload
|
|
185
|
+
* @returns Seconds until expiration (negative if expired)
|
|
186
|
+
*/
|
|
187
|
+
export declare function getTokenTTL(token: string | JWTPayload): number;
|
|
188
|
+
/**
|
|
189
|
+
* Extract scopes from a JWT
|
|
190
|
+
*
|
|
191
|
+
* @param token - The JWT string or decoded payload
|
|
192
|
+
* @returns Array of scope strings
|
|
193
|
+
*/
|
|
194
|
+
export declare function extractScopes(token: string | JWTPayload): string[];
|
|
195
|
+
/**
|
|
196
|
+
* Check if a token has a specific scope
|
|
197
|
+
*
|
|
198
|
+
* @param token - The JWT string or decoded payload
|
|
199
|
+
* @param scope - The scope to check for
|
|
200
|
+
* @returns True if the token has the scope
|
|
201
|
+
*/
|
|
202
|
+
export declare function hasScope(token: string | JWTPayload, scope: string): boolean;
|
|
203
|
+
/**
|
|
204
|
+
* Generate a unique token ID
|
|
205
|
+
*
|
|
206
|
+
* @returns A unique token ID (UUID v4)
|
|
207
|
+
*/
|
|
208
|
+
export declare function generateTokenId(): string;
|
|
209
|
+
/**
|
|
210
|
+
* Get current Unix timestamp in seconds
|
|
211
|
+
*
|
|
212
|
+
* @returns Current time as Unix timestamp
|
|
213
|
+
*/
|
|
214
|
+
export declare function getCurrentTimestamp(): number;
|
|
215
|
+
//# sourceMappingURL=jwt-utils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt-utils.d.ts","sourceRoot":"","sources":["../../../../src/adapters/a2a/auth/jwt-utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAM7B;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,oCAAoC;IACpC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAEtB,mCAAmC;IACnC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAEtB,oCAAoC;IACpC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAEjC,uCAAuC;IACvC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAEtB,uCAAuC;IACvC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAEtB,sCAAsC;IACtC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAEtB,+CAA+C;IAC/C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAEtB,yCAAyC;IACzC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAExB,4CAA4C;IAC5C,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAE5B,mCAAmC;IACnC,QAAQ,CAAC,UAAU,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAC;IAE3C,+BAA+B;IAC/B,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,wCAAwC;IACxC,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,CAAC;IAE7G,kDAAkD;IAClD,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAE5B,gDAAgD;IAChD,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAE5B,mBAAmB;IACnB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEzB,qBAAqB;IACrB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAEtC,8CAA8C;IAC9C,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,sBAAsB;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEzB,wBAAwB;IACxB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAEtC,8CAA8C;IAC9C,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IAEjC,wCAAwC;IACxC,QAAQ,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC;IAE5B,sBAAsB;IACtB,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,iBAAiB;IACjB,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,mBAAmB,CAAC;IAE1C,kBAAkB;IAClB,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAE7B,+BAA+B;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAMD;;GAEG;AACH,qBAAa,QAAS,SAAQ,KAAK;IACjC,SAAgB,IAAI,EAAE,YAAY,CAAC;gBAEvB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM;CAShD;AAED;;GAEG;AACH,MAAM,MAAM,YAAY,GACpB,eAAe,GACf,qBAAqB,GACrB,mBAAmB,GACnB,eAAe,GACf,eAAe,GACf,gBAAgB,GAChB,kBAAkB,GAClB,oBAAoB,CAAC;AAMzB;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,OAAO,CAC3B,OAAO,EAAE,UAAU,EACnB,MAAM,EAAE,MAAM,GAAG,UAAU,EAC3B,OAAO,GAAE,WAAgB,GACxB,OAAO,CAAC,MAAM,CAAC,CAyCjB;AAED;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,MAAM,EAAE,MAAM,GAAG,UAAU,EAC3B,OAAO,GAAE,WAAgB,GACxB,OAAO,CAAC,MAAM,CAAC,CASjB;AAED;;;;;;;;GAQG;AACH,wBAAsB,gBAAgB,CACpC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,EAChB,MAAM,EAAE,MAAM,GAAG,UAAU,EAC3B,OAAO,GAAE,WAAgB,GACxB,OAAO,CAAC,MAAM,CAAC,CAejB;AAMD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAsB,SAAS,CAC7B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GAAG,UAAU,EAC3B,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,UAAU,CAAC,CAyDrB;AAMD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CA4BnD;AAMD;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CASlE;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAS9D;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,EAAE,CAQlE;AAED;;;;;;GAMG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAG3E;AAED;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,MAAM,CAExC;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,CAE5C"}
|
|
@@ -0,0 +1,314 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* A2A JWT Utilities
|
|
3
|
+
*
|
|
4
|
+
* Provides JWT signing, verification, and decoding using the 'jose' library.
|
|
5
|
+
* Implements standard JWT claims with A2A-specific extensions.
|
|
6
|
+
*
|
|
7
|
+
* @module adapters/a2a/auth/jwt-utils
|
|
8
|
+
*/
|
|
9
|
+
import * as jose from 'jose';
|
|
10
|
+
// ============================================================================
|
|
11
|
+
// JWT Error Types
|
|
12
|
+
// ============================================================================
|
|
13
|
+
/**
|
|
14
|
+
* JWT-related error
|
|
15
|
+
*/
|
|
16
|
+
export class JWTError extends Error {
|
|
17
|
+
code;
|
|
18
|
+
constructor(code, message) {
|
|
19
|
+
super(message);
|
|
20
|
+
this.name = 'JWTError';
|
|
21
|
+
this.code = code;
|
|
22
|
+
if (Error.captureStackTrace) {
|
|
23
|
+
Error.captureStackTrace(this, JWTError);
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
// ============================================================================
|
|
28
|
+
// JWT Signing
|
|
29
|
+
// ============================================================================
|
|
30
|
+
/**
|
|
31
|
+
* Sign a JWT with the given payload and secret
|
|
32
|
+
*
|
|
33
|
+
* @param payload - The JWT payload
|
|
34
|
+
* @param secret - The signing secret (for HMAC) or private key (for RSA/EC)
|
|
35
|
+
* @param options - Signing options
|
|
36
|
+
* @returns The signed JWT string
|
|
37
|
+
*
|
|
38
|
+
* @example
|
|
39
|
+
* ```typescript
|
|
40
|
+
* const token = await signJWT(
|
|
41
|
+
* { sub: 'client-123', scope: 'agent:read task:create' },
|
|
42
|
+
* 'my-secret-key',
|
|
43
|
+
* { expiresIn: 3600, issuer: 'a2a-platform' }
|
|
44
|
+
* );
|
|
45
|
+
* ```
|
|
46
|
+
*/
|
|
47
|
+
export async function signJWT(payload, secret, options = {}) {
|
|
48
|
+
const { algorithm = 'HS256', expiresIn = 3600, notBefore = 0, issuer, audience, jti, } = options;
|
|
49
|
+
// Convert string secret to Uint8Array for jose
|
|
50
|
+
const secretKey = typeof secret === 'string'
|
|
51
|
+
? new TextEncoder().encode(secret)
|
|
52
|
+
: secret;
|
|
53
|
+
// Build the JWT
|
|
54
|
+
let jwt = new jose.SignJWT(payload)
|
|
55
|
+
.setProtectedHeader({ alg: algorithm })
|
|
56
|
+
.setIssuedAt()
|
|
57
|
+
.setExpirationTime(`${expiresIn}s`);
|
|
58
|
+
if (notBefore > 0) {
|
|
59
|
+
jwt = jwt.setNotBefore(`${notBefore}s`);
|
|
60
|
+
}
|
|
61
|
+
if (issuer) {
|
|
62
|
+
jwt = jwt.setIssuer(issuer);
|
|
63
|
+
}
|
|
64
|
+
if (audience) {
|
|
65
|
+
jwt = jwt.setAudience(audience);
|
|
66
|
+
}
|
|
67
|
+
if (jti) {
|
|
68
|
+
jwt = jwt.setJti(jti);
|
|
69
|
+
}
|
|
70
|
+
else {
|
|
71
|
+
// Generate a unique JTI using crypto.randomUUID
|
|
72
|
+
jwt = jwt.setJti(crypto.randomUUID());
|
|
73
|
+
}
|
|
74
|
+
return jwt.sign(secretKey);
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Sign a JWT for an access token
|
|
78
|
+
*
|
|
79
|
+
* @param clientId - The client ID
|
|
80
|
+
* @param scopes - Array of granted scopes
|
|
81
|
+
* @param secret - The signing secret
|
|
82
|
+
* @param options - Additional signing options
|
|
83
|
+
* @returns The signed access token
|
|
84
|
+
*/
|
|
85
|
+
export async function signAccessToken(clientId, scopes, secret, options = {}) {
|
|
86
|
+
const payload = {
|
|
87
|
+
sub: clientId,
|
|
88
|
+
client_id: clientId,
|
|
89
|
+
scope: scopes.join(' '),
|
|
90
|
+
token_type: 'access',
|
|
91
|
+
};
|
|
92
|
+
return signJWT(payload, secret, options);
|
|
93
|
+
}
|
|
94
|
+
/**
|
|
95
|
+
* Sign a JWT for a refresh token
|
|
96
|
+
*
|
|
97
|
+
* @param clientId - The client ID
|
|
98
|
+
* @param scopes - Array of granted scopes
|
|
99
|
+
* @param secret - The signing secret
|
|
100
|
+
* @param options - Additional signing options
|
|
101
|
+
* @returns The signed refresh token
|
|
102
|
+
*/
|
|
103
|
+
export async function signRefreshToken(clientId, scopes, secret, options = {}) {
|
|
104
|
+
const payload = {
|
|
105
|
+
sub: clientId,
|
|
106
|
+
client_id: clientId,
|
|
107
|
+
scope: scopes.join(' '),
|
|
108
|
+
token_type: 'refresh',
|
|
109
|
+
};
|
|
110
|
+
// Refresh tokens typically have longer expiration
|
|
111
|
+
const refreshOptions = {
|
|
112
|
+
expiresIn: 86400 * 30, // 30 days default
|
|
113
|
+
...options,
|
|
114
|
+
};
|
|
115
|
+
return signJWT(payload, secret, refreshOptions);
|
|
116
|
+
}
|
|
117
|
+
// ============================================================================
|
|
118
|
+
// JWT Verification
|
|
119
|
+
// ============================================================================
|
|
120
|
+
/**
|
|
121
|
+
* Verify a JWT and return the payload
|
|
122
|
+
*
|
|
123
|
+
* @param token - The JWT string to verify
|
|
124
|
+
* @param secret - The secret or public key for verification
|
|
125
|
+
* @param options - Verification options
|
|
126
|
+
* @returns The verified JWT payload
|
|
127
|
+
* @throws {JWTError} If verification fails
|
|
128
|
+
*
|
|
129
|
+
* @example
|
|
130
|
+
* ```typescript
|
|
131
|
+
* try {
|
|
132
|
+
* const payload = await verifyJWT(token, 'my-secret-key', {
|
|
133
|
+
* issuer: 'a2a-platform',
|
|
134
|
+
* audience: 'my-agent',
|
|
135
|
+
* });
|
|
136
|
+
* console.log('Client:', payload.sub);
|
|
137
|
+
* console.log('Scopes:', payload.scope);
|
|
138
|
+
* } catch (error) {
|
|
139
|
+
* if (error instanceof JWTError) {
|
|
140
|
+
* console.error('JWT Error:', error.code, error.message);
|
|
141
|
+
* }
|
|
142
|
+
* }
|
|
143
|
+
* ```
|
|
144
|
+
*/
|
|
145
|
+
export async function verifyJWT(token, secret, options = {}) {
|
|
146
|
+
const secretKey = typeof secret === 'string'
|
|
147
|
+
? new TextEncoder().encode(secret)
|
|
148
|
+
: secret;
|
|
149
|
+
try {
|
|
150
|
+
const verifyOptions = {};
|
|
151
|
+
if (options.issuer) {
|
|
152
|
+
verifyOptions.issuer = options.issuer;
|
|
153
|
+
}
|
|
154
|
+
if (options.audience) {
|
|
155
|
+
verifyOptions.audience = options.audience;
|
|
156
|
+
}
|
|
157
|
+
if (options.clockTolerance !== undefined) {
|
|
158
|
+
verifyOptions.clockTolerance = options.clockTolerance;
|
|
159
|
+
}
|
|
160
|
+
if (options.currentTime) {
|
|
161
|
+
verifyOptions.currentDate = options.currentTime;
|
|
162
|
+
}
|
|
163
|
+
if (options.requiredClaims) {
|
|
164
|
+
verifyOptions.requiredClaims = options.requiredClaims;
|
|
165
|
+
}
|
|
166
|
+
const { payload } = await jose.jwtVerify(token, secretKey, verifyOptions);
|
|
167
|
+
return payload;
|
|
168
|
+
}
|
|
169
|
+
catch (error) {
|
|
170
|
+
if (error instanceof jose.errors.JWTExpired) {
|
|
171
|
+
throw new JWTError('TOKEN_EXPIRED', 'Token has expired');
|
|
172
|
+
}
|
|
173
|
+
if (error instanceof jose.errors.JWTClaimValidationFailed) {
|
|
174
|
+
if (error.message.includes('not yet valid')) {
|
|
175
|
+
throw new JWTError('TOKEN_NOT_VALID_YET', 'Token is not yet valid');
|
|
176
|
+
}
|
|
177
|
+
if (error.message.includes('issuer')) {
|
|
178
|
+
throw new JWTError('INVALID_ISSUER', 'Token issuer is invalid');
|
|
179
|
+
}
|
|
180
|
+
if (error.message.includes('audience')) {
|
|
181
|
+
throw new JWTError('INVALID_AUDIENCE', 'Token audience is invalid');
|
|
182
|
+
}
|
|
183
|
+
if (error.message.includes('required')) {
|
|
184
|
+
throw new JWTError('MISSING_CLAIM', error.message);
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
if (error instanceof jose.errors.JWSSignatureVerificationFailed) {
|
|
188
|
+
throw new JWTError('INVALID_SIGNATURE', 'Token signature is invalid');
|
|
189
|
+
}
|
|
190
|
+
if (error instanceof jose.errors.JOSEAlgNotAllowed) {
|
|
191
|
+
throw new JWTError('ALGORITHM_MISMATCH', 'Token algorithm is not allowed');
|
|
192
|
+
}
|
|
193
|
+
throw new JWTError('INVALID_TOKEN', 'Token is invalid');
|
|
194
|
+
}
|
|
195
|
+
}
|
|
196
|
+
// ============================================================================
|
|
197
|
+
// JWT Decoding (Without Verification)
|
|
198
|
+
// ============================================================================
|
|
199
|
+
/**
|
|
200
|
+
* Decode a JWT without verifying the signature
|
|
201
|
+
*
|
|
202
|
+
* WARNING: This does NOT verify the token! Use only for extracting
|
|
203
|
+
* information when verification is not required (e.g., reading claims
|
|
204
|
+
* before deciding which key to use for verification).
|
|
205
|
+
*
|
|
206
|
+
* @param token - The JWT string to decode
|
|
207
|
+
* @returns The decoded JWT with header, payload, and signature
|
|
208
|
+
* @throws {JWTError} If the token format is invalid
|
|
209
|
+
*
|
|
210
|
+
* @example
|
|
211
|
+
* ```typescript
|
|
212
|
+
* const decoded = decodeJWT(token);
|
|
213
|
+
* console.log('Algorithm:', decoded.header.alg);
|
|
214
|
+
* console.log('Subject:', decoded.payload.sub);
|
|
215
|
+
* ```
|
|
216
|
+
*/
|
|
217
|
+
export function decodeJWT(token) {
|
|
218
|
+
try {
|
|
219
|
+
const parts = token.split('.');
|
|
220
|
+
if (parts.length !== 3) {
|
|
221
|
+
throw new JWTError('INVALID_TOKEN', 'Token must have three parts');
|
|
222
|
+
}
|
|
223
|
+
const [headerB64, payloadB64, signature] = parts;
|
|
224
|
+
// Decode header
|
|
225
|
+
const headerJson = new TextDecoder().decode(jose.base64url.decode(headerB64));
|
|
226
|
+
const header = JSON.parse(headerJson);
|
|
227
|
+
// Decode payload
|
|
228
|
+
const payloadJson = new TextDecoder().decode(jose.base64url.decode(payloadB64));
|
|
229
|
+
const payload = JSON.parse(payloadJson);
|
|
230
|
+
return {
|
|
231
|
+
header,
|
|
232
|
+
payload,
|
|
233
|
+
signature,
|
|
234
|
+
};
|
|
235
|
+
}
|
|
236
|
+
catch (error) {
|
|
237
|
+
if (error instanceof JWTError) {
|
|
238
|
+
throw error;
|
|
239
|
+
}
|
|
240
|
+
throw new JWTError('INVALID_TOKEN', 'Failed to decode token');
|
|
241
|
+
}
|
|
242
|
+
}
|
|
243
|
+
// ============================================================================
|
|
244
|
+
// Utility Functions
|
|
245
|
+
// ============================================================================
|
|
246
|
+
/**
|
|
247
|
+
* Check if a JWT is expired (without verification)
|
|
248
|
+
*
|
|
249
|
+
* @param token - The JWT string or decoded payload
|
|
250
|
+
* @returns True if the token is expired
|
|
251
|
+
*/
|
|
252
|
+
export function isTokenExpired(token) {
|
|
253
|
+
const payload = typeof token === 'string' ? decodeJWT(token).payload : token;
|
|
254
|
+
if (!payload.exp) {
|
|
255
|
+
return false; // No expiration claim means not expired
|
|
256
|
+
}
|
|
257
|
+
const now = Math.floor(Date.now() / 1000);
|
|
258
|
+
return payload.exp < now;
|
|
259
|
+
}
|
|
260
|
+
/**
|
|
261
|
+
* Get the time until token expiration
|
|
262
|
+
*
|
|
263
|
+
* @param token - The JWT string or decoded payload
|
|
264
|
+
* @returns Seconds until expiration (negative if expired)
|
|
265
|
+
*/
|
|
266
|
+
export function getTokenTTL(token) {
|
|
267
|
+
const payload = typeof token === 'string' ? decodeJWT(token).payload : token;
|
|
268
|
+
if (!payload.exp) {
|
|
269
|
+
return Infinity;
|
|
270
|
+
}
|
|
271
|
+
const now = Math.floor(Date.now() / 1000);
|
|
272
|
+
return payload.exp - now;
|
|
273
|
+
}
|
|
274
|
+
/**
|
|
275
|
+
* Extract scopes from a JWT
|
|
276
|
+
*
|
|
277
|
+
* @param token - The JWT string or decoded payload
|
|
278
|
+
* @returns Array of scope strings
|
|
279
|
+
*/
|
|
280
|
+
export function extractScopes(token) {
|
|
281
|
+
const payload = typeof token === 'string' ? decodeJWT(token).payload : token;
|
|
282
|
+
if (!payload.scope) {
|
|
283
|
+
return [];
|
|
284
|
+
}
|
|
285
|
+
return payload.scope.trim().split(/\s+/).filter(Boolean);
|
|
286
|
+
}
|
|
287
|
+
/**
|
|
288
|
+
* Check if a token has a specific scope
|
|
289
|
+
*
|
|
290
|
+
* @param token - The JWT string or decoded payload
|
|
291
|
+
* @param scope - The scope to check for
|
|
292
|
+
* @returns True if the token has the scope
|
|
293
|
+
*/
|
|
294
|
+
export function hasScope(token, scope) {
|
|
295
|
+
const scopes = extractScopes(token);
|
|
296
|
+
return scopes.includes(scope);
|
|
297
|
+
}
|
|
298
|
+
/**
|
|
299
|
+
* Generate a unique token ID
|
|
300
|
+
*
|
|
301
|
+
* @returns A unique token ID (UUID v4)
|
|
302
|
+
*/
|
|
303
|
+
export function generateTokenId() {
|
|
304
|
+
return crypto.randomUUID();
|
|
305
|
+
}
|
|
306
|
+
/**
|
|
307
|
+
* Get current Unix timestamp in seconds
|
|
308
|
+
*
|
|
309
|
+
* @returns Current time as Unix timestamp
|
|
310
|
+
*/
|
|
311
|
+
export function getCurrentTimestamp() {
|
|
312
|
+
return Math.floor(Date.now() / 1000);
|
|
313
|
+
}
|
|
314
|
+
//# sourceMappingURL=jwt-utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt-utils.js","sourceRoot":"","sources":["../../../../src/adapters/a2a/auth/jwt-utils.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAqG7B,+EAA+E;AAC/E,kBAAkB;AAClB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,OAAO,QAAS,SAAQ,KAAK;IACjB,IAAI,CAAe;IAEnC,YAAY,IAAkB,EAAE,OAAe;QAC7C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;QACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QAEjB,IAAI,KAAK,CAAC,iBAAiB,EAAE,CAAC;YAC5B,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;CACF;AAeD,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,OAAmB,EACnB,MAA2B,EAC3B,UAAuB,EAAE;IAEzB,MAAM,EACJ,SAAS,GAAG,OAAO,EACnB,SAAS,GAAG,IAAI,EAChB,SAAS,GAAG,CAAC,EACb,MAAM,EACN,QAAQ,EACR,GAAG,GACJ,GAAG,OAAO,CAAC;IAEZ,+CAA+C;IAC/C,MAAM,SAAS,GAAG,OAAO,MAAM,KAAK,QAAQ;QAC1C,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;QAClC,CAAC,CAAC,MAAM,CAAC;IAEX,gBAAgB;IAChB,IAAI,GAAG,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,OAA0B,CAAC;SACnD,kBAAkB,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;SACtC,WAAW,EAAE;SACb,iBAAiB,CAAC,GAAG,SAAS,GAAG,CAAC,CAAC;IAEtC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,SAAS,GAAG,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,GAAG,GAAG,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,GAAG,GAAG,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,GAAG,EAAE,CAAC;QACR,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;SAAM,CAAC;QACN,gDAAgD;QAChD,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,MAAgB,EAChB,MAA2B,EAC3B,UAAuB,EAAE;IAEzB,MAAM,OAAO,GAAe;QAC1B,GAAG,EAAE,QAAQ;QACb,SAAS,EAAE,QAAQ;QACnB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QACvB,UAAU,EAAE,QAAQ;KACrB,CAAC;IAEF,OAAO,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,QAAgB,EAChB,MAAgB,EAChB,MAA2B,EAC3B,UAAuB,EAAE;IAEzB,MAAM,OAAO,GAAe;QAC1B,GAAG,EAAE,QAAQ;QACb,SAAS,EAAE,QAAQ;QACnB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QACvB,UAAU,EAAE,SAAS;KACtB,CAAC;IAEF,kDAAkD;IAClD,MAAM,cAAc,GAAgB;QAClC,SAAS,EAAE,KAAK,GAAG,EAAE,EAAE,kBAAkB;QACzC,GAAG,OAAO;KACX,CAAC;IAEF,OAAO,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;AAClD,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,MAA2B,EAC3B,UAAyB,EAAE;IAE3B,MAAM,SAAS,GAAG,OAAO,MAAM,KAAK,QAAQ;QAC1C,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;QAClC,CAAC,CAAC,MAAM,CAAC;IAEX,IAAI,CAAC;QACH,MAAM,aAAa,GAA0B,EAAE,CAAC;QAEhD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,aAAa,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QACxC,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,aAAa,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAC5C,CAAC;QAED,IAAI,OAAO,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;YACzC,aAAa,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;QACxD,CAAC;QAED,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,aAAa,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QAClD,CAAC;QAED,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC3B,aAAa,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;QACxD,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;QAC1E,OAAO,OAAqB,CAAC;IAC/B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YAC5C,MAAM,IAAI,QAAQ,CAAC,eAAe,EAAE,mBAAmB,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,KAAK,YAAY,IAAI,CAAC,MAAM,CAAC,wBAAwB,EAAE,CAAC;YAC1D,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;gBAC5C,MAAM,IAAI,QAAQ,CAAC,qBAAqB,EAAE,wBAAwB,CAAC,CAAC;YACtE,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACrC,MAAM,IAAI,QAAQ,CAAC,gBAAgB,EAAE,yBAAyB,CAAC,CAAC;YAClE,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBACvC,MAAM,IAAI,QAAQ,CAAC,kBAAkB,EAAE,2BAA2B,CAAC,CAAC;YACtE,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBACvC,MAAM,IAAI,QAAQ,CAAC,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QACD,IAAI,KAAK,YAAY,IAAI,CAAC,MAAM,CAAC,8BAA8B,EAAE,CAAC;YAChE,MAAM,IAAI,QAAQ,CAAC,mBAAmB,EAAE,4BAA4B,CAAC,CAAC;QACxE,CAAC;QACD,IAAI,KAAK,YAAY,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACnD,MAAM,IAAI,QAAQ,CAAC,oBAAoB,EAAE,gCAAgC,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,IAAI,QAAQ,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,sCAAsC;AACtC,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,QAAQ,CAAC,eAAe,EAAE,6BAA6B,CAAC,CAAC;QACrE,CAAC;QAED,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;QAEjD,gBAAgB;QAChB,MAAM,UAAU,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAC9E,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAA6B,CAAC;QAElE,iBAAiB;QACjB,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAChF,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAe,CAAC;QAEtD,OAAO;YACL,MAAM;YACN,OAAO;YACP,SAAS;SACV,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,QAAQ,EAAE,CAAC;YAC9B,MAAM,KAAK,CAAC;QACd,CAAC;QACD,MAAM,IAAI,QAAQ,CAAC,eAAe,EAAE,wBAAwB,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,KAA0B;IACvD,MAAM,OAAO,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;IAE7E,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC,CAAC,wCAAwC;IACxD,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,OAAO,OAAO,CAAC,GAAG,GAAG,GAAG,CAAC;AAC3B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,KAA0B;IACpD,MAAM,OAAO,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;IAE7E,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,OAAO,OAAO,CAAC,GAAG,GAAG,GAAG,CAAC;AAC3B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,KAA0B;IACtD,MAAM,OAAO,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;IAE7E,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,QAAQ,CAAC,KAA0B,EAAE,KAAa;IAChE,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe;IAC7B,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;AAC7B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;AACvC,CAAC"}
|