kavachos 0.0.6 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/README.md +170 -37
  2. package/dist/a2a/index.d.ts +2 -1
  3. package/dist/a2a/index.js +7 -2
  4. package/dist/a2a/index.js.map +1 -1
  5. package/dist/agent/index.d.ts +3 -2
  6. package/dist/agent/index.js +789 -4
  7. package/dist/agent/index.js.map +1 -1
  8. package/dist/audit/index.d.ts +2 -1
  9. package/dist/audit/index.js +635 -3
  10. package/dist/audit/index.js.map +1 -1
  11. package/dist/auth/index.d.ts +600 -3
  12. package/dist/auth/index.js +14668 -4
  13. package/dist/auth/index.js.map +1 -1
  14. package/dist/crypto/index.d.ts +55 -0
  15. package/dist/{chunk-QCRHJMDX.js → crypto/index.js} +2 -2
  16. package/dist/crypto/index.js.map +1 -0
  17. package/dist/index.d.ts +251 -58
  18. package/dist/index.js +16369 -233
  19. package/dist/index.js.map +1 -1
  20. package/dist/mcp/index.js +19 -2
  21. package/dist/mcp/index.js.map +1 -1
  22. package/dist/permission/index.d.ts +3 -2
  23. package/dist/permission/index.js +790 -4
  24. package/dist/permission/index.js.map +1 -1
  25. package/dist/redirect/index.d.ts +118 -0
  26. package/dist/redirect/index.js +292 -0
  27. package/dist/redirect/index.js.map +1 -0
  28. package/dist/{types-W8X0PXE7.d.ts → types-5Ua5KlPc.d.ts} +222 -124
  29. package/dist/vc/index.js +542 -3
  30. package/dist/vc/index.js.map +1 -1
  31. package/package.json +39 -22
  32. package/LICENSE +0 -21
  33. package/dist/chunk-FKVAXCNJ.js +0 -12516
  34. package/dist/chunk-FKVAXCNJ.js.map +0 -1
  35. package/dist/chunk-IKTOSJ4O.js +0 -214
  36. package/dist/chunk-IKTOSJ4O.js.map +0 -1
  37. package/dist/chunk-KDL6A76K.js +0 -569
  38. package/dist/chunk-KDL6A76K.js.map +0 -1
  39. package/dist/chunk-NSBPE2FW.js +0 -15
  40. package/dist/chunk-NSBPE2FW.js.map +0 -1
  41. package/dist/chunk-NSTER7KE.js +0 -538
  42. package/dist/chunk-NSTER7KE.js.map +0 -1
  43. package/dist/chunk-QCRHJMDX.js.map +0 -1
  44. package/dist/chunk-VHKZARMM.js +0 -251
  45. package/dist/chunk-VHKZARMM.js.map +0 -1
  46. package/dist/chunk-Y3OWAJHK.js +0 -101
  47. package/dist/chunk-Y3OWAJHK.js.map +0 -1
@@ -1,214 +0,0 @@
1
- import { agents, permissions } from './chunk-KDL6A76K.js';
2
- import { generateId, sha256, randomBytes, toBase64Url } from './chunk-QCRHJMDX.js';
3
- import { and, eq } from 'drizzle-orm';
4
-
5
- async function generateAgentToken() {
6
- const tokenBytes = randomBytes(32);
7
- const token = `kv_${toBase64Url(tokenBytes)}`;
8
- const hash = await sha256(token);
9
- const prefix = token.slice(0, 11);
10
- return { token, hash, prefix };
11
- }
12
- function parseTokenExpiry(expiry) {
13
- const now = Date.now();
14
- const match = expiry.match(/^(\d+)([smhd])$/);
15
- if (!match) {
16
- throw new Error(`Invalid token expiry format: ${expiry}. Use format like "24h", "7d", "30m".`);
17
- }
18
- const value = Number.parseInt(match[1], 10);
19
- const unit = match[2];
20
- const multipliers = {
21
- s: 1e3,
22
- m: 60 * 1e3,
23
- h: 60 * 60 * 1e3,
24
- d: 24 * 60 * 60 * 1e3
25
- };
26
- return new Date(now + value * (multipliers[unit] ?? 0));
27
- }
28
- function createAgentModule(config) {
29
- const { db, maxPerUser, tokenExpiry } = config;
30
- async function create(input) {
31
- const existing = await db.select().from(agents).where(and(eq(agents.ownerId, input.ownerId), eq(agents.status, "active")));
32
- if (existing.length >= maxPerUser) {
33
- throw new Error(
34
- `User ${input.ownerId} has reached the maximum of ${maxPerUser} active agents.`
35
- );
36
- }
37
- const id = generateId();
38
- const { token, hash, prefix } = await generateAgentToken();
39
- const now = /* @__PURE__ */ new Date();
40
- const expires = input.expiresAt ?? parseTokenExpiry(tokenExpiry);
41
- await db.insert(agents).values({
42
- id,
43
- ownerId: input.ownerId,
44
- tenantId: input.tenantId ?? null,
45
- name: input.name,
46
- type: input.type,
47
- status: "active",
48
- tokenHash: hash,
49
- tokenPrefix: prefix,
50
- expiresAt: expires,
51
- metadata: input.metadata ?? {},
52
- createdAt: now,
53
- updatedAt: now
54
- });
55
- if (input.permissions.length > 0) {
56
- await db.insert(permissions).values(
57
- input.permissions.map((p) => ({
58
- id: generateId(),
59
- agentId: id,
60
- resource: p.resource,
61
- actions: p.actions,
62
- constraints: p.constraints ?? null,
63
- createdAt: now
64
- }))
65
- );
66
- }
67
- return {
68
- id,
69
- ownerId: input.ownerId,
70
- tenantId: input.tenantId,
71
- name: input.name,
72
- type: input.type,
73
- token,
74
- permissions: input.permissions,
75
- status: "active",
76
- expiresAt: expires,
77
- createdAt: now,
78
- updatedAt: now
79
- };
80
- }
81
- async function get(agentId) {
82
- const rows = await db.select().from(agents).where(eq(agents.id, agentId)).limit(1);
83
- const agent = rows[0];
84
- if (!agent) return null;
85
- const perms = await db.select().from(permissions).where(eq(permissions.agentId, agentId));
86
- return {
87
- id: agent.id,
88
- ownerId: agent.ownerId,
89
- tenantId: agent.tenantId ?? void 0,
90
- name: agent.name,
91
- type: agent.type,
92
- token: "",
93
- // never return token after creation
94
- permissions: perms.map(toPermission),
95
- status: agent.status,
96
- expiresAt: agent.expiresAt,
97
- createdAt: agent.createdAt,
98
- updatedAt: agent.updatedAt
99
- };
100
- }
101
- async function list(filter) {
102
- let query = db.select().from(agents).$dynamic();
103
- const conditions = [];
104
- if (filter?.userId) conditions.push(eq(agents.ownerId, filter.userId));
105
- if (filter?.tenantId) conditions.push(eq(agents.tenantId, filter.tenantId));
106
- if (filter?.status) conditions.push(eq(agents.status, filter.status));
107
- if (filter?.type) conditions.push(eq(agents.type, filter.type));
108
- if (conditions.length > 0) {
109
- query = query.where(and(...conditions));
110
- }
111
- const rows = await query;
112
- const agentIds = rows.map((r) => r.id);
113
- const permsByAgent = /* @__PURE__ */ new Map();
114
- for (const id of agentIds) {
115
- const perms = await db.select().from(permissions).where(eq(permissions.agentId, id));
116
- permsByAgent.set(id, perms.map(toPermission));
117
- }
118
- return rows.map((agent) => ({
119
- id: agent.id,
120
- ownerId: agent.ownerId,
121
- tenantId: agent.tenantId ?? void 0,
122
- name: agent.name,
123
- type: agent.type,
124
- token: "",
125
- permissions: permsByAgent.get(agent.id) ?? [],
126
- status: agent.status,
127
- expiresAt: agent.expiresAt,
128
- createdAt: agent.createdAt,
129
- updatedAt: agent.updatedAt
130
- }));
131
- }
132
- async function update(agentId, input) {
133
- const existing = await get(agentId);
134
- if (!existing) throw new Error(`Agent ${agentId} not found.`);
135
- const now = /* @__PURE__ */ new Date();
136
- await db.update(agents).set({
137
- name: input.name ?? existing.name,
138
- expiresAt: input.expiresAt ?? existing.expiresAt,
139
- metadata: input.metadata,
140
- updatedAt: now
141
- }).where(eq(agents.id, agentId));
142
- if (input.permissions) {
143
- await db.delete(permissions).where(eq(permissions.agentId, agentId));
144
- if (input.permissions.length > 0) {
145
- await db.insert(permissions).values(
146
- input.permissions.map((p) => ({
147
- id: generateId(),
148
- agentId,
149
- resource: p.resource,
150
- actions: p.actions,
151
- constraints: p.constraints ?? null,
152
- createdAt: now
153
- }))
154
- );
155
- }
156
- }
157
- const updated = await get(agentId);
158
- if (!updated) throw new Error(`Agent ${agentId} disappeared after update.`);
159
- return updated;
160
- }
161
- async function revoke(agentId) {
162
- const existing = await get(agentId);
163
- if (!existing) throw new Error(`Agent ${agentId} not found.`);
164
- await db.update(agents).set({ status: "revoked", updatedAt: /* @__PURE__ */ new Date() }).where(eq(agents.id, agentId));
165
- }
166
- async function rotate(agentId) {
167
- const existing = await get(agentId);
168
- if (!existing) throw new Error(`Agent ${agentId} not found.`);
169
- if (existing.status !== "active")
170
- throw new Error(`Cannot rotate token for ${existing.status} agent.`);
171
- const { token, hash, prefix } = await generateAgentToken();
172
- const now = /* @__PURE__ */ new Date();
173
- await db.update(agents).set({ tokenHash: hash, tokenPrefix: prefix, updatedAt: now }).where(eq(agents.id, agentId));
174
- return { ...existing, token, updatedAt: now };
175
- }
176
- async function validateToken(token) {
177
- const hash = await sha256(token);
178
- const rows = await db.select().from(agents).where(eq(agents.tokenHash, hash)).limit(1);
179
- const agent = rows[0];
180
- if (!agent) return null;
181
- if (agent.status !== "active") return null;
182
- if (agent.expiresAt && agent.expiresAt < /* @__PURE__ */ new Date()) {
183
- await db.update(agents).set({ status: "expired", updatedAt: /* @__PURE__ */ new Date() }).where(eq(agents.id, agent.id));
184
- return null;
185
- }
186
- await db.update(agents).set({ lastActiveAt: /* @__PURE__ */ new Date() }).where(eq(agents.id, agent.id));
187
- const perms = await db.select().from(permissions).where(eq(permissions.agentId, agent.id));
188
- return {
189
- id: agent.id,
190
- ownerId: agent.ownerId,
191
- tenantId: agent.tenantId ?? void 0,
192
- name: agent.name,
193
- type: agent.type,
194
- token: "",
195
- permissions: perms.map(toPermission),
196
- status: "active",
197
- expiresAt: agent.expiresAt,
198
- createdAt: agent.createdAt,
199
- updatedAt: agent.updatedAt
200
- };
201
- }
202
- return { create, get, list, update, revoke, rotate, validateToken };
203
- }
204
- function toPermission(row) {
205
- return {
206
- resource: row.resource,
207
- actions: row.actions,
208
- constraints: row.constraints ?? void 0
209
- };
210
- }
211
-
212
- export { createAgentModule };
213
- //# sourceMappingURL=chunk-IKTOSJ4O.js.map
214
- //# sourceMappingURL=chunk-IKTOSJ4O.js.map
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/agent/agent.ts"],"names":[],"mappings":";;;;AA0BA,eAAe,kBAAA,GAA+E;AAC7F,EAAA,MAAM,UAAA,GAAa,YAAY,EAAE,CAAA;AACjC,EAAA,MAAM,KAAA,GAAQ,CAAA,GAAA,EAAM,WAAA,CAAY,UAAU,CAAC,CAAA,CAAA;AAC3C,EAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,KAAK,CAAA;AAC/B,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAChC,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,MAAA,EAAO;AAC9B;AAEA,SAAS,iBAAiB,MAAA,EAAsB;AAC/C,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,iBAAiB,CAAA;AAC5C,EAAA,IAAI,CAAC,KAAA,EAAO;AACX,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,MAAM,CAAA,qCAAA,CAAuC,CAAA;AAAA,EAC9F;AACA,EAAA,MAAM,QAAQ,MAAA,CAAO,QAAA,CAAS,KAAA,CAAM,CAAC,GAAa,EAAE,CAAA;AACpD,EAAA,MAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AACpB,EAAA,MAAM,WAAA,GAAsC;AAAA,IAC3C,CAAA,EAAG,GAAA;AAAA,IACH,GAAG,EAAA,GAAK,GAAA;AAAA,IACR,CAAA,EAAG,KAAK,EAAA,GAAK,GAAA;AAAA,IACb,CAAA,EAAG,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;AAAA,GACnB;AACA,EAAA,OAAO,IAAI,IAAA,CAAK,GAAA,GAAM,SAAS,WAAA,CAAY,IAAc,KAAK,CAAA,CAAE,CAAA;AACjE;AAMO,SAAS,kBAAkB,MAAA,EAA2B;AAC5D,EAAA,MAAM,EAAE,EAAA,EAAI,UAAA,EAAY,WAAA,EAAY,GAAI,MAAA;AAExC,EAAA,eAAe,OAAO,KAAA,EAAqE;AAE1F,IAAA,MAAM,QAAA,GAAW,MAAM,EAAA,CACrB,MAAA,GACA,IAAA,CAAK,MAAM,EACX,KAAA,CAAM,GAAA,CAAI,GAAG,MAAA,CAAO,OAAA,EAAS,MAAM,OAAO,CAAA,EAAG,GAAG,MAAA,CAAO,MAAA,EAAQ,QAAQ,CAAC,CAAC,CAAA;AAE3E,IAAA,IAAI,QAAA,CAAS,UAAU,UAAA,EAAY;AAClC,MAAA,MAAM,IAAI,KAAA;AAAA,QACT,CAAA,KAAA,EAAQ,KAAA,CAAM,OAAO,CAAA,4BAAA,EAA+B,UAAU,CAAA,eAAA;AAAA,OAC/D;AAAA,IACD;AAEA,IAAA,MAAM,KAAK,UAAA,EAAW;AACtB,IAAA,MAAM,EAAE,KAAA,EAAO,IAAA,EAAM,MAAA,EAAO,GAAI,MAAM,kBAAA,EAAmB;AACzD,IAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,SAAA,IAAa,gBAAA,CAAiB,WAAW,CAAA;AAG/D,IAAA,MAAM,EAAA,CAAG,MAAA,CAAO,MAAM,CAAA,CAAE,MAAA,CAAO;AAAA,MAC9B,EAAA;AAAA,MACA,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,QAAA,EAAU,MAAM,QAAA,IAAY,IAAA;AAAA,MAC5B,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,MAAA,EAAQ,QAAA;AAAA,MACR,SAAA,EAAW,IAAA;AAAA,MACX,WAAA,EAAa,MAAA;AAAA,MACb,SAAA,EAAW,OAAA;AAAA,MACX,QAAA,EAAU,KAAA,CAAM,QAAA,IAAY,EAAC;AAAA,MAC7B,SAAA,EAAW,GAAA;AAAA,MACX,SAAA,EAAW;AAAA,KACX,CAAA;AAGD,IAAA,IAAI,KAAA,CAAM,WAAA,CAAY,MAAA,GAAS,CAAA,EAAG;AACjC,MAAA,MAAM,EAAA,CAAG,MAAA,CAAO,WAAW,CAAA,CAAE,MAAA;AAAA,QAC5B,KAAA,CAAM,WAAA,CAAY,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,UAC7B,IAAI,UAAA,EAAW;AAAA,UACf,OAAA,EAAS,EAAA;AAAA,UACT,UAAU,CAAA,CAAE,QAAA;AAAA,UACZ,SAAS,CAAA,CAAE,OAAA;AAAA,UACX,WAAA,EAAa,EAAE,WAAA,IAAe,IAAA;AAAA,UAC9B,SAAA,EAAW;AAAA,SACZ,CAAE;AAAA,OACH;AAAA,IACD;AAEA,IAAA,OAAO;AAAA,MACN,EAAA;AAAA,MACA,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,UAAU,KAAA,CAAM,QAAA;AAAA,MAChB,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,KAAA;AAAA,MACA,aAAa,KAAA,CAAM,WAAA;AAAA,MACnB,MAAA,EAAQ,QAAA;AAAA,MACR,SAAA,EAAW,OAAA;AAAA,MACX,SAAA,EAAW,GAAA;AAAA,MACX,SAAA,EAAW;AAAA,KACZ;AAAA,EACD;AAEA,EAAA,eAAe,IAAI,OAAA,EAAgD;AAClE,IAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,MAAM,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,OAAO,EAAA,EAAI,OAAO,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AACjF,IAAA,MAAM,KAAA,GAAQ,KAAK,CAAC,CAAA;AACpB,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAEnB,IAAA,MAAM,KAAA,GAAQ,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,WAAW,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,WAAA,CAAY,OAAA,EAAS,OAAO,CAAC,CAAA;AAExF,IAAA,OAAO;AAAA,MACN,IAAI,KAAA,CAAM,EAAA;AAAA,MACV,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,QAAA,EAAU,MAAM,QAAA,IAAY,MAAA;AAAA,MAC5B,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,KAAA,EAAO,EAAA;AAAA;AAAA,MACP,WAAA,EAAa,KAAA,CAAM,GAAA,CAAI,YAAY,CAAA;AAAA,MACnC,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,WAAW,KAAA,CAAM;AAAA,KAClB;AAAA,EACD;AAEA,EAAA,eAAe,KAAK,MAAA,EAAgD;AACnE,IAAA,IAAI,QAAQ,EAAA,CAAG,MAAA,GAAS,IAAA,CAAK,MAAM,EAAE,QAAA,EAAS;AAE9C,IAAA,MAAM,aAAa,EAAC;AACpB,IAAA,IAAI,MAAA,EAAQ,QAAQ,UAAA,CAAW,IAAA,CAAK,GAAG,MAAA,CAAO,OAAA,EAAS,MAAA,CAAO,MAAM,CAAC,CAAA;AACrE,IAAA,IAAI,MAAA,EAAQ,UAAU,UAAA,CAAW,IAAA,CAAK,GAAG,MAAA,CAAO,QAAA,EAAU,MAAA,CAAO,QAAQ,CAAC,CAAA;AAC1E,IAAA,IAAI,MAAA,EAAQ,QAAQ,UAAA,CAAW,IAAA,CAAK,GAAG,MAAA,CAAO,MAAA,EAAQ,MAAA,CAAO,MAAM,CAAC,CAAA;AACpE,IAAA,IAAI,MAAA,EAAQ,MAAM,UAAA,CAAW,IAAA,CAAK,GAAG,MAAA,CAAO,IAAA,EAAM,MAAA,CAAO,IAAI,CAAC,CAAA;AAE9D,IAAA,IAAI,UAAA,CAAW,SAAS,CAAA,EAAG;AAC1B,MAAA,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAA,CAAI,GAAG,UAAU,CAAC,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,OAAO,MAAM,KAAA;AAGnB,IAAA,MAAM,WAAW,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,EAAE,CAAA;AACrC,IAAA,MAAM,YAAA,uBAAmB,GAAA,EAA0B;AACnD,IAAA,KAAA,MAAW,MAAM,QAAA,EAAU;AAC1B,MAAA,MAAM,KAAA,GAAQ,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,WAAW,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,WAAA,CAAY,OAAA,EAAS,EAAE,CAAC,CAAA;AACnF,MAAA,YAAA,CAAa,GAAA,CAAI,EAAA,EAAI,KAAA,CAAM,GAAA,CAAI,YAAY,CAAC,CAAA;AAAA,IAC7C;AAEA,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,CAAC,KAAA,MAAW;AAAA,MAC3B,IAAI,KAAA,CAAM,EAAA;AAAA,MACV,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,QAAA,EAAU,MAAM,QAAA,IAAY,MAAA;AAAA,MAC5B,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,KAAA,EAAO,EAAA;AAAA,MACP,aAAa,YAAA,CAAa,GAAA,CAAI,KAAA,CAAM,EAAE,KAAK,EAAC;AAAA,MAC5C,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,WAAW,KAAA,CAAM;AAAA,KAClB,CAAE,CAAA;AAAA,EACH;AAEA,EAAA,eAAe,MAAA,CAAO,SAAiB,KAAA,EAAiD;AACvF,IAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,OAAO,CAAA;AAClC,IAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,CAAA,MAAA,EAAS,OAAO,CAAA,WAAA,CAAa,CAAA;AAE5D,IAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAErB,IAAA,MAAM,EAAA,CACJ,MAAA,CAAO,MAAM,CAAA,CACb,GAAA,CAAI;AAAA,MACJ,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,QAAA,CAAS,IAAA;AAAA,MAC7B,SAAA,EAAW,KAAA,CAAM,SAAA,IAAa,QAAA,CAAS,SAAA;AAAA,MACvC,UAAU,KAAA,CAAM,QAAA;AAAA,MAChB,SAAA,EAAW;AAAA,KACX,CAAA,CACA,KAAA,CAAM,GAAG,MAAA,CAAO,EAAA,EAAI,OAAO,CAAC,CAAA;AAG9B,IAAA,IAAI,MAAM,WAAA,EAAa;AACtB,MAAA,MAAM,EAAA,CAAG,OAAO,WAAW,CAAA,CAAE,MAAM,EAAA,CAAG,WAAA,CAAY,OAAA,EAAS,OAAO,CAAC,CAAA;AACnE,MAAA,IAAI,KAAA,CAAM,WAAA,CAAY,MAAA,GAAS,CAAA,EAAG;AACjC,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,WAAW,CAAA,CAAE,MAAA;AAAA,UAC5B,KAAA,CAAM,WAAA,CAAY,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,YAC7B,IAAI,UAAA,EAAW;AAAA,YACf,OAAA;AAAA,YACA,UAAU,CAAA,CAAE,QAAA;AAAA,YACZ,SAAS,CAAA,CAAE,OAAA;AAAA,YACX,WAAA,EAAa,EAAE,WAAA,IAAe,IAAA;AAAA,YAC9B,SAAA,EAAW;AAAA,WACZ,CAAE;AAAA,SACH;AAAA,MACD;AAAA,IACD;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,GAAA,CAAI,OAAO,CAAA;AACjC,IAAA,IAAI,CAAC,OAAA,EAAS,MAAM,IAAI,KAAA,CAAM,CAAA,MAAA,EAAS,OAAO,CAAA,0BAAA,CAA4B,CAAA;AAC1E,IAAA,OAAO,OAAA;AAAA,EACR;AAEA,EAAA,eAAe,OAAO,OAAA,EAAgC;AACrD,IAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,OAAO,CAAA;AAClC,IAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,CAAA,MAAA,EAAS,OAAO,CAAA,WAAA,CAAa,CAAA;AAE5D,IAAA,MAAM,GACJ,MAAA,CAAO,MAAM,EACb,GAAA,CAAI,EAAE,QAAQ,SAAA,EAAW,SAAA,sBAAe,IAAA,EAAK,EAAG,CAAA,CAChD,KAAA,CAAM,GAAG,MAAA,CAAO,EAAA,EAAI,OAAO,CAAC,CAAA;AAAA,EAC/B;AAEA,EAAA,eAAe,OAAO,OAAA,EAA6D;AAClF,IAAA,MAAM,QAAA,GAAW,MAAM,GAAA,CAAI,OAAO,CAAA;AAClC,IAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,CAAA,MAAA,EAAS,OAAO,CAAA,WAAA,CAAa,CAAA;AAC5D,IAAA,IAAI,SAAS,MAAA,KAAW,QAAA;AACvB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,QAAA,CAAS,MAAM,CAAA,OAAA,CAAS,CAAA;AAEpE,IAAA,MAAM,EAAE,KAAA,EAAO,IAAA,EAAM,MAAA,EAAO,GAAI,MAAM,kBAAA,EAAmB;AACzD,IAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAErB,IAAA,MAAM,GACJ,MAAA,CAAO,MAAM,EACb,GAAA,CAAI,EAAE,WAAW,IAAA,EAAM,WAAA,EAAa,QAAQ,SAAA,EAAW,GAAA,EAAK,CAAA,CAC5D,KAAA,CAAM,GAAG,MAAA,CAAO,EAAA,EAAI,OAAO,CAAC,CAAA;AAE9B,IAAA,OAAO,EAAE,GAAG,QAAA,EAAU,KAAA,EAAO,WAAW,GAAA,EAAI;AAAA,EAC7C;AAMA,EAAA,eAAe,cAAc,KAAA,EAA8C;AAC1E,IAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,KAAK,CAAA;AAC/B,IAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,MAAM,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,OAAO,SAAA,EAAW,IAAI,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AACrF,IAAA,MAAM,KAAA,GAAQ,KAAK,CAAC,CAAA;AACpB,IAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AAGnB,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,QAAA,EAAU,OAAO,IAAA;AAGtC,IAAA,IAAI,MAAM,SAAA,IAAa,KAAA,CAAM,SAAA,mBAAY,IAAI,MAAK,EAAG;AACpD,MAAA,MAAM,EAAA,CACJ,OAAO,MAAM,CAAA,CACb,IAAI,EAAE,MAAA,EAAQ,WAAW,SAAA,kBAAW,IAAI,MAAK,EAAG,EAChD,KAAA,CAAM,EAAA,CAAG,OAAO,EAAA,EAAI,KAAA,CAAM,EAAE,CAAC,CAAA;AAC/B,MAAA,OAAO,IAAA;AAAA,IACR;AAGA,IAAA,MAAM,GAAG,MAAA,CAAO,MAAM,EAAE,GAAA,CAAI,EAAE,8BAAc,IAAI,IAAA,EAAK,EAAG,EAAE,KAAA,CAAM,EAAA,CAAG,OAAO,EAAA,EAAI,KAAA,CAAM,EAAE,CAAC,CAAA;AAEvF,IAAA,MAAM,KAAA,GAAQ,MAAM,EAAA,CAAG,MAAA,GAAS,IAAA,CAAK,WAAW,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,WAAA,CAAY,OAAA,EAAS,KAAA,CAAM,EAAE,CAAC,CAAA;AAEzF,IAAA,OAAO;AAAA,MACN,IAAI,KAAA,CAAM,EAAA;AAAA,MACV,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,QAAA,EAAU,MAAM,QAAA,IAAY,MAAA;AAAA,MAC5B,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,KAAA,EAAO,EAAA;AAAA,MACP,WAAA,EAAa,KAAA,CAAM,GAAA,CAAI,YAAY,CAAA;AAAA,MACnC,MAAA,EAAQ,QAAA;AAAA,MACR,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,WAAW,KAAA,CAAM,SAAA;AAAA,MACjB,WAAW,KAAA,CAAM;AAAA,KAClB;AAAA,EACD;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,GAAA,EAAK,MAAM,MAAA,EAAQ,MAAA,EAAQ,QAAQ,aAAA,EAAc;AACnE;AAEA,SAAS,aAAa,GAAA,EAIP;AACd,EAAA,OAAO;AAAA,IACN,UAAU,GAAA,CAAI,QAAA;AAAA,IACd,SAAS,GAAA,CAAI,OAAA;AAAA,IACb,WAAA,EAAc,IAAI,WAAA,IAA6C;AAAA,GAChE;AACD","file":"chunk-IKTOSJ4O.js","sourcesContent":["import { and, eq } from \"drizzle-orm\";\nimport { generateId, randomBytes, sha256, toBase64Url } from \"../crypto/web-crypto.js\";\nimport type { Database } from \"../db/database.js\";\nimport { agents, permissions } from \"../db/schema.js\";\nimport type {\n\tAgentFilter,\n\tAgentIdentity,\n\tCreateAgentInput,\n\tPermission,\n\tUpdateAgentInput,\n} from \"../types.js\";\n\ninterface AgentModuleConfig {\n\tdb: Database;\n\tmaxPerUser: number;\n\tdefaultPermissions: string[];\n\ttokenExpiry: string;\n}\n\n/**\n * Generate a secure agent token.\n * Returns { token, hash, prefix } where:\n * - token: the full token (given to the agent, never stored)\n * - hash: SHA-256 hash (stored in DB)\n * - prefix: first 8 chars (for identification in logs/UI)\n */\nasync function generateAgentToken(): Promise<{ token: string; hash: string; prefix: string }> {\n\tconst tokenBytes = randomBytes(32);\n\tconst token = `kv_${toBase64Url(tokenBytes)}`;\n\tconst hash = await sha256(token);\n\tconst prefix = token.slice(0, 11); // \"kv_\" + 8 chars\n\treturn { token, hash, prefix };\n}\n\nfunction parseTokenExpiry(expiry: string): Date {\n\tconst now = Date.now();\n\tconst match = expiry.match(/^(\\d+)([smhd])$/);\n\tif (!match) {\n\t\tthrow new Error(`Invalid token expiry format: ${expiry}. Use format like \"24h\", \"7d\", \"30m\".`);\n\t}\n\tconst value = Number.parseInt(match[1] as string, 10);\n\tconst unit = match[2];\n\tconst multipliers: Record<string, number> = {\n\t\ts: 1000,\n\t\tm: 60 * 1000,\n\t\th: 60 * 60 * 1000,\n\t\td: 24 * 60 * 60 * 1000,\n\t};\n\treturn new Date(now + value * (multipliers[unit as string] ?? 0));\n}\n\n/**\n * Create the agent identity module.\n * Handles CRUD operations for AI agent identities.\n */\nexport function createAgentModule(config: AgentModuleConfig) {\n\tconst { db, maxPerUser, tokenExpiry } = config;\n\n\tasync function create(input: CreateAgentInput): Promise<AgentIdentity & { token: string }> {\n\t\t// Check max agents per user\n\t\tconst existing = await db\n\t\t\t.select()\n\t\t\t.from(agents)\n\t\t\t.where(and(eq(agents.ownerId, input.ownerId), eq(agents.status, \"active\")));\n\n\t\tif (existing.length >= maxPerUser) {\n\t\t\tthrow new Error(\n\t\t\t\t`User ${input.ownerId} has reached the maximum of ${maxPerUser} active agents.`,\n\t\t\t);\n\t\t}\n\n\t\tconst id = generateId();\n\t\tconst { token, hash, prefix } = await generateAgentToken();\n\t\tconst now = new Date();\n\t\tconst expires = input.expiresAt ?? parseTokenExpiry(tokenExpiry);\n\n\t\t// Insert agent\n\t\tawait db.insert(agents).values({\n\t\t\tid,\n\t\t\townerId: input.ownerId,\n\t\t\ttenantId: input.tenantId ?? null,\n\t\t\tname: input.name,\n\t\t\ttype: input.type,\n\t\t\tstatus: \"active\",\n\t\t\ttokenHash: hash,\n\t\t\ttokenPrefix: prefix,\n\t\t\texpiresAt: expires,\n\t\t\tmetadata: input.metadata ?? {},\n\t\t\tcreatedAt: now,\n\t\t\tupdatedAt: now,\n\t\t});\n\n\t\t// Insert permissions\n\t\tif (input.permissions.length > 0) {\n\t\t\tawait db.insert(permissions).values(\n\t\t\t\tinput.permissions.map((p) => ({\n\t\t\t\t\tid: generateId(),\n\t\t\t\t\tagentId: id,\n\t\t\t\t\tresource: p.resource,\n\t\t\t\t\tactions: p.actions,\n\t\t\t\t\tconstraints: p.constraints ?? null,\n\t\t\t\t\tcreatedAt: now,\n\t\t\t\t})),\n\t\t\t);\n\t\t}\n\n\t\treturn {\n\t\t\tid,\n\t\t\townerId: input.ownerId,\n\t\t\ttenantId: input.tenantId,\n\t\t\tname: input.name,\n\t\t\ttype: input.type,\n\t\t\ttoken,\n\t\t\tpermissions: input.permissions,\n\t\t\tstatus: \"active\",\n\t\t\texpiresAt: expires,\n\t\t\tcreatedAt: now,\n\t\t\tupdatedAt: now,\n\t\t};\n\t}\n\n\tasync function get(agentId: string): Promise<AgentIdentity | null> {\n\t\tconst rows = await db.select().from(agents).where(eq(agents.id, agentId)).limit(1);\n\t\tconst agent = rows[0];\n\t\tif (!agent) return null;\n\n\t\tconst perms = await db.select().from(permissions).where(eq(permissions.agentId, agentId));\n\n\t\treturn {\n\t\t\tid: agent.id,\n\t\t\townerId: agent.ownerId,\n\t\t\ttenantId: agent.tenantId ?? undefined,\n\t\t\tname: agent.name,\n\t\t\ttype: agent.type as AgentIdentity[\"type\"],\n\t\t\ttoken: \"\", // never return token after creation\n\t\t\tpermissions: perms.map(toPermission),\n\t\t\tstatus: agent.status as AgentIdentity[\"status\"],\n\t\t\texpiresAt: agent.expiresAt,\n\t\t\tcreatedAt: agent.createdAt,\n\t\t\tupdatedAt: agent.updatedAt,\n\t\t};\n\t}\n\n\tasync function list(filter?: AgentFilter): Promise<AgentIdentity[]> {\n\t\tlet query = db.select().from(agents).$dynamic();\n\n\t\tconst conditions = [];\n\t\tif (filter?.userId) conditions.push(eq(agents.ownerId, filter.userId));\n\t\tif (filter?.tenantId) conditions.push(eq(agents.tenantId, filter.tenantId));\n\t\tif (filter?.status) conditions.push(eq(agents.status, filter.status));\n\t\tif (filter?.type) conditions.push(eq(agents.type, filter.type));\n\n\t\tif (conditions.length > 0) {\n\t\t\tquery = query.where(and(...conditions));\n\t\t}\n\n\t\tconst rows = await query;\n\n\t\t// Load permissions for all agents\n\t\tconst agentIds = rows.map((r) => r.id);\n\t\tconst permsByAgent = new Map<string, Permission[]>();\n\t\tfor (const id of agentIds) {\n\t\t\tconst perms = await db.select().from(permissions).where(eq(permissions.agentId, id));\n\t\t\tpermsByAgent.set(id, perms.map(toPermission));\n\t\t}\n\n\t\treturn rows.map((agent) => ({\n\t\t\tid: agent.id,\n\t\t\townerId: agent.ownerId,\n\t\t\ttenantId: agent.tenantId ?? undefined,\n\t\t\tname: agent.name,\n\t\t\ttype: agent.type as AgentIdentity[\"type\"],\n\t\t\ttoken: \"\",\n\t\t\tpermissions: permsByAgent.get(agent.id) ?? [],\n\t\t\tstatus: agent.status as AgentIdentity[\"status\"],\n\t\t\texpiresAt: agent.expiresAt,\n\t\t\tcreatedAt: agent.createdAt,\n\t\t\tupdatedAt: agent.updatedAt,\n\t\t}));\n\t}\n\n\tasync function update(agentId: string, input: UpdateAgentInput): Promise<AgentIdentity> {\n\t\tconst existing = await get(agentId);\n\t\tif (!existing) throw new Error(`Agent ${agentId} not found.`);\n\n\t\tconst now = new Date();\n\n\t\tawait db\n\t\t\t.update(agents)\n\t\t\t.set({\n\t\t\t\tname: input.name ?? existing.name,\n\t\t\t\texpiresAt: input.expiresAt ?? existing.expiresAt,\n\t\t\t\tmetadata: input.metadata,\n\t\t\t\tupdatedAt: now,\n\t\t\t})\n\t\t\t.where(eq(agents.id, agentId));\n\n\t\t// Replace permissions if provided\n\t\tif (input.permissions) {\n\t\t\tawait db.delete(permissions).where(eq(permissions.agentId, agentId));\n\t\t\tif (input.permissions.length > 0) {\n\t\t\t\tawait db.insert(permissions).values(\n\t\t\t\t\tinput.permissions.map((p) => ({\n\t\t\t\t\t\tid: generateId(),\n\t\t\t\t\t\tagentId,\n\t\t\t\t\t\tresource: p.resource,\n\t\t\t\t\t\tactions: p.actions,\n\t\t\t\t\t\tconstraints: p.constraints ?? null,\n\t\t\t\t\t\tcreatedAt: now,\n\t\t\t\t\t})),\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\n\t\tconst updated = await get(agentId);\n\t\tif (!updated) throw new Error(`Agent ${agentId} disappeared after update.`);\n\t\treturn updated;\n\t}\n\n\tasync function revoke(agentId: string): Promise<void> {\n\t\tconst existing = await get(agentId);\n\t\tif (!existing) throw new Error(`Agent ${agentId} not found.`);\n\n\t\tawait db\n\t\t\t.update(agents)\n\t\t\t.set({ status: \"revoked\", updatedAt: new Date() })\n\t\t\t.where(eq(agents.id, agentId));\n\t}\n\n\tasync function rotate(agentId: string): Promise<AgentIdentity & { token: string }> {\n\t\tconst existing = await get(agentId);\n\t\tif (!existing) throw new Error(`Agent ${agentId} not found.`);\n\t\tif (existing.status !== \"active\")\n\t\t\tthrow new Error(`Cannot rotate token for ${existing.status} agent.`);\n\n\t\tconst { token, hash, prefix } = await generateAgentToken();\n\t\tconst now = new Date();\n\n\t\tawait db\n\t\t\t.update(agents)\n\t\t\t.set({ tokenHash: hash, tokenPrefix: prefix, updatedAt: now })\n\t\t\t.where(eq(agents.id, agentId));\n\n\t\treturn { ...existing, token, updatedAt: now };\n\t}\n\n\t/**\n\t * Validate an agent token and return the agent identity.\n\t * Used internally by the authorization engine.\n\t */\n\tasync function validateToken(token: string): Promise<AgentIdentity | null> {\n\t\tconst hash = await sha256(token);\n\t\tconst rows = await db.select().from(agents).where(eq(agents.tokenHash, hash)).limit(1);\n\t\tconst agent = rows[0];\n\t\tif (!agent) return null;\n\n\t\t// Check status\n\t\tif (agent.status !== \"active\") return null;\n\n\t\t// Check expiry\n\t\tif (agent.expiresAt && agent.expiresAt < new Date()) {\n\t\t\tawait db\n\t\t\t\t.update(agents)\n\t\t\t\t.set({ status: \"expired\", updatedAt: new Date() })\n\t\t\t\t.where(eq(agents.id, agent.id));\n\t\t\treturn null;\n\t\t}\n\n\t\t// Update last active\n\t\tawait db.update(agents).set({ lastActiveAt: new Date() }).where(eq(agents.id, agent.id));\n\n\t\tconst perms = await db.select().from(permissions).where(eq(permissions.agentId, agent.id));\n\n\t\treturn {\n\t\t\tid: agent.id,\n\t\t\townerId: agent.ownerId,\n\t\t\ttenantId: agent.tenantId ?? undefined,\n\t\t\tname: agent.name,\n\t\t\ttype: agent.type as AgentIdentity[\"type\"],\n\t\t\ttoken: \"\",\n\t\t\tpermissions: perms.map(toPermission),\n\t\t\tstatus: \"active\",\n\t\t\texpiresAt: agent.expiresAt,\n\t\t\tcreatedAt: agent.createdAt,\n\t\t\tupdatedAt: agent.updatedAt,\n\t\t};\n\t}\n\n\treturn { create, get, list, update, revoke, rotate, validateToken };\n}\n\nfunction toPermission(row: {\n\tresource: string;\n\tactions: string[];\n\tconstraints: unknown;\n}): Permission {\n\treturn {\n\t\tresource: row.resource,\n\t\tactions: row.actions,\n\t\tconstraints: (row.constraints as Permission[\"constraints\"]) ?? undefined,\n\t};\n}\n"]}