runline 0.11.5 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (253) hide show
  1. package/dist/commands/actions.js +3 -1
  2. package/dist/core/engine.js +3 -0
  3. package/dist/index.d.ts +1 -1
  4. package/dist/plugin/api.d.ts +2 -1
  5. package/dist/plugin/types.d.ts +2 -0
  6. package/dist/plugins/actionNetwork/src/index.js +23 -0
  7. package/dist/plugins/activeCampaign/src/index.js +48 -0
  8. package/dist/plugins/adalo/src/index.js +5 -0
  9. package/dist/plugins/affinity/src/index.js +16 -0
  10. package/dist/plugins/agileCrm/src/index.js +15 -0
  11. package/dist/plugins/airtable/src/index.js +10 -0
  12. package/dist/plugins/airtop/src/index.js +24 -0
  13. package/dist/plugins/apiTemplateIo/src/index.js +4 -0
  14. package/dist/plugins/asana/src/index.js +22 -0
  15. package/dist/plugins/autopilot/src/index.js +11 -0
  16. package/dist/plugins/bambooHr/src/index.js +11 -0
  17. package/dist/plugins/bannerbear/src/index.js +4 -0
  18. package/dist/plugins/baserow/src/index.js +8 -0
  19. package/dist/plugins/beeminder/src/index.js +18 -0
  20. package/dist/plugins/bitly/src/index.js +3 -0
  21. package/dist/plugins/bitwarden/src/index.js +19 -0
  22. package/dist/plugins/box/src/index.js +11 -0
  23. package/dist/plugins/brandfetch/src/index.js +5 -0
  24. package/dist/plugins/brevo/src/index.js +15 -0
  25. package/dist/plugins/bubble/src/index.js +5 -0
  26. package/dist/plugins/chargebee/src/index.js +5 -0
  27. package/dist/plugins/circleci/src/index.js +3 -0
  28. package/dist/plugins/ciscoWebex/src/index.js +10 -0
  29. package/dist/plugins/clearbit/src/index.js +3 -0
  30. package/dist/plugins/clickup/src/index.js +61 -0
  31. package/dist/plugins/clockify/src/index.js +25 -0
  32. package/dist/plugins/cloudflare/src/index.js +4 -0
  33. package/dist/plugins/cockpit/src/index.js +5 -0
  34. package/dist/plugins/coda/src/index.js +18 -0
  35. package/dist/plugins/coingecko/src/index.js +10 -0
  36. package/dist/plugins/contentful/src/index.js +7 -0
  37. package/dist/plugins/convertkit/src/index.js +16 -0
  38. package/dist/plugins/copper/src/index.js +7 -0
  39. package/dist/plugins/cortex/src/index.js +4 -0
  40. package/dist/plugins/currents/src/index.js +22 -0
  41. package/dist/plugins/customerIo/src/index.js +9 -0
  42. package/dist/plugins/databricks/src/index.js +34 -0
  43. package/dist/plugins/deepl/src/index.js +2 -0
  44. package/dist/plugins/demio/src/index.js +4 -0
  45. package/dist/plugins/dhl/src/index.js +1 -0
  46. package/dist/plugins/discord/src/index.js +13 -0
  47. package/dist/plugins/discourse/src/index.js +16 -0
  48. package/dist/plugins/disqus/src/index.js +4 -0
  49. package/dist/plugins/docker/src/index.js +5 -0
  50. package/dist/plugins/drift/src/index.js +5 -0
  51. package/dist/plugins/dropbox/src/index.js +9 -0
  52. package/dist/plugins/dropcontact/src/index.js +2 -0
  53. package/dist/plugins/egoi/src/index.js +4 -0
  54. package/dist/plugins/elasticsearch/src/index.js +9 -0
  55. package/dist/plugins/emelia/src/index.js +9 -0
  56. package/dist/plugins/erpnext/src/index.js +5 -0
  57. package/dist/plugins/facebookGraph/src/index.js +1 -0
  58. package/dist/plugins/freshdesk/src/index.js +10 -0
  59. package/dist/plugins/freshservice/src/index.js +7 -0
  60. package/dist/plugins/freshworksCrm/src/index.js +7 -0
  61. package/dist/plugins/getresponse/src/index.js +5 -0
  62. package/dist/plugins/ghost/src/index.js +5 -0
  63. package/dist/plugins/github/src/index.js +37 -0
  64. package/dist/plugins/gitlab/src/index.js +17 -0
  65. package/dist/plugins/gmail/src/index.js +32 -0
  66. package/dist/plugins/gong/src/index.js +4 -0
  67. package/dist/plugins/googleAppsScript/src/index.js +10 -0
  68. package/dist/plugins/googleCalendar/src/index.js +22 -0
  69. package/dist/plugins/googleContacts/src/index.js +10 -0
  70. package/dist/plugins/googleDocs/src/documents.js +4 -0
  71. package/dist/plugins/googleDocs/src/formatting.js +2 -0
  72. package/dist/plugins/googleDocs/src/images.js +2 -0
  73. package/dist/plugins/googleDocs/src/structure.js +13 -0
  74. package/dist/plugins/googleDocs/src/tables.js +11 -0
  75. package/dist/plugins/googleDocs/src/tabs.js +3 -0
  76. package/dist/plugins/googleDocs/src/text.js +9 -0
  77. package/dist/plugins/googleDrive/src/index.js +47 -0
  78. package/dist/plugins/googleImage/src/index.js +1 -0
  79. package/dist/plugins/googleSheets/src/index.js +23 -0
  80. package/dist/plugins/googleSlides/src/index.js +7 -0
  81. package/dist/plugins/googleTasks/src/index.js +12 -0
  82. package/dist/plugins/gotify/src/index.js +3 -0
  83. package/dist/plugins/gotowebinar/src/index.js +20 -0
  84. package/dist/plugins/grafana/src/index.js +17 -0
  85. package/dist/plugins/graphql/src/index.js +2 -0
  86. package/dist/plugins/grist/src/index.js +4 -0
  87. package/dist/plugins/hackernews/src/index.js +6 -0
  88. package/dist/plugins/halopsa/src/index.js +5 -0
  89. package/dist/plugins/harvest/src/index.js +14 -0
  90. package/dist/plugins/helpscout/src/index.js +13 -0
  91. package/dist/plugins/highlevel/src/index.js +17 -0
  92. package/dist/plugins/homeAssistant/src/index.js +13 -0
  93. package/dist/plugins/hubspot/src/index.js +14 -0
  94. package/dist/plugins/humanticAi/src/index.js +3 -0
  95. package/dist/plugins/hunter/src/index.js +3 -0
  96. package/dist/plugins/intercom/src/index.js +10 -0
  97. package/dist/plugins/iterable/src/index.js +6 -0
  98. package/dist/plugins/jenkins/src/index.js +11 -0
  99. package/dist/plugins/jira/src/index.js +16 -0
  100. package/dist/plugins/keap/src/index.js +28 -0
  101. package/dist/plugins/kobotoolbox/src/index.js +17 -0
  102. package/dist/plugins/lemlist/src/index.js +15 -0
  103. package/dist/plugins/linear/src/attachments.js +6 -0
  104. package/dist/plugins/linear/src/comments.js +5 -0
  105. package/dist/plugins/linear/src/cycles.js +2 -0
  106. package/dist/plugins/linear/src/initiatives.js +5 -0
  107. package/dist/plugins/linear/src/issues.js +14 -0
  108. package/dist/plugins/linear/src/labels.js +5 -0
  109. package/dist/plugins/linear/src/organization.js +1 -0
  110. package/dist/plugins/linear/src/projects.js +11 -0
  111. package/dist/plugins/linear/src/shared.js +2 -0
  112. package/dist/plugins/linear/src/states.js +2 -0
  113. package/dist/plugins/linear/src/teams.js +3 -0
  114. package/dist/plugins/linear/src/users.js +2 -0
  115. package/dist/plugins/linear/src/views.js +4 -0
  116. package/dist/plugins/linear/src/webhooks.js +4 -0
  117. package/dist/plugins/lingvanex/src/index.js +1 -0
  118. package/dist/plugins/linkedin/src/index.js +1 -0
  119. package/dist/plugins/lonescale/src/index.js +4 -0
  120. package/dist/plugins/magento/src/index.js +15 -0
  121. package/dist/plugins/mailcheck/src/index.js +1 -0
  122. package/dist/plugins/mailchimp/src/index.js +14 -0
  123. package/dist/plugins/mailerlite/src/index.js +4 -0
  124. package/dist/plugins/mailgun/src/index.js +1 -0
  125. package/dist/plugins/mailjet/src/index.js +3 -0
  126. package/dist/plugins/mandrill/src/index.js +2 -0
  127. package/dist/plugins/marketstack/src/index.js +3 -0
  128. package/dist/plugins/matrix/src/index.js +10 -0
  129. package/dist/plugins/mattermost/src/index.js +19 -0
  130. package/dist/plugins/mautic/src/index.js +20 -0
  131. package/dist/plugins/medium/src/index.js +3 -0
  132. package/dist/plugins/messagebird/src/index.js +2 -0
  133. package/dist/plugins/metabase/src/index.js +10 -0
  134. package/dist/plugins/microsoftCalendar/src/index.js +2 -0
  135. package/dist/plugins/microsoftFiles/src/index.js +5 -0
  136. package/dist/plugins/microsoftMail/src/index.js +4 -0
  137. package/dist/plugins/misp/src/index.js +44 -0
  138. package/dist/plugins/mocean/src/index.js +2 -0
  139. package/dist/plugins/monday/src/index.js +18 -0
  140. package/dist/plugins/monicaCrm/src/index.js +5 -0
  141. package/dist/plugins/msg91/src/index.js +1 -0
  142. package/dist/plugins/nasa/src/index.js +7 -0
  143. package/dist/plugins/netlify/src/index.js +7 -0
  144. package/dist/plugins/netscalerAdc/src/index.js +3 -0
  145. package/dist/plugins/nextcloud/src/index.js +13 -0
  146. package/dist/plugins/nocodb/src/index.js +5 -0
  147. package/dist/plugins/node/src/index.js +38 -0
  148. package/dist/plugins/notion/src/index.js +14 -0
  149. package/dist/plugins/npm/src/index.js +5 -0
  150. package/dist/plugins/odoo/src/index.js +6 -0
  151. package/dist/plugins/okta/src/index.js +5 -0
  152. package/dist/plugins/oneSimpleApi/src/index.js +10 -0
  153. package/dist/plugins/onfleet/src/index.js +24 -0
  154. package/dist/plugins/openThesaurus/src/index.js +1 -0
  155. package/dist/plugins/openai/src/index.js +1 -0
  156. package/dist/plugins/openweathermap/src/index.js +2 -0
  157. package/dist/plugins/oura/src/index.js +2 -0
  158. package/dist/plugins/paddle/src/index.js +9 -0
  159. package/dist/plugins/pagerduty/src/index.js +9 -0
  160. package/dist/plugins/parallel/src/index.js +1 -0
  161. package/dist/plugins/paypal/src/index.js +4 -0
  162. package/dist/plugins/peekalink/src/index.js +2 -0
  163. package/dist/plugins/phantombuster/src/index.js +5 -0
  164. package/dist/plugins/philipsHue/src/index.js +4 -0
  165. package/dist/plugins/pipedrive/src/index.js +14 -0
  166. package/dist/plugins/plivo/src/index.js +3 -0
  167. package/dist/plugins/postbin/src/index.js +6 -0
  168. package/dist/plugins/posthog/src/index.js +5 -0
  169. package/dist/plugins/profitwell/src/index.js +2 -0
  170. package/dist/plugins/pushbullet/src/index.js +4 -0
  171. package/dist/plugins/pushcut/src/index.js +1 -0
  172. package/dist/plugins/pushover/src/index.js +1 -0
  173. package/dist/plugins/quickbase/src/index.js +8 -0
  174. package/dist/plugins/quickbooks/src/index.js +5 -0
  175. package/dist/plugins/quickchart/src/index.js +1 -0
  176. package/dist/plugins/raindrop/src/index.js +13 -0
  177. package/dist/plugins/recraft/src/index.js +1 -0
  178. package/dist/plugins/reddit/src/index.js +10 -0
  179. package/dist/plugins/replicate/src/index.js +1 -0
  180. package/dist/plugins/rocketchat/src/index.js +1 -0
  181. package/dist/plugins/rundeck/src/index.js +2 -0
  182. package/dist/plugins/salesforce/src/metadata.js +4 -0
  183. package/dist/plugins/salesforce/src/query.js +5 -0
  184. package/dist/plugins/salesforce/src/sobjects.js +12 -0
  185. package/dist/plugins/salesmate/src/index.js +5 -0
  186. package/dist/plugins/securityScorecard/src/index.js +14 -0
  187. package/dist/plugins/segment/src/index.js +4 -0
  188. package/dist/plugins/sendgrid/src/index.js +10 -0
  189. package/dist/plugins/sendy/src/index.js +6 -0
  190. package/dist/plugins/sentry/src/index.js +24 -0
  191. package/dist/plugins/servicenow/src/index.js +10 -0
  192. package/dist/plugins/shiftLabs/src/index.js +15 -0
  193. package/dist/plugins/shiftLabs/src/issues.js +74 -0
  194. package/dist/plugins/shiftLabs/src/pages.js +148 -0
  195. package/dist/plugins/shiftLabs/src/shared.js +69 -0
  196. package/dist/plugins/shopify/src/index.js +10 -0
  197. package/dist/plugins/signl4/src/index.js +2 -0
  198. package/dist/plugins/slack/src/index.js +38 -0
  199. package/dist/plugins/sms77/src/index.js +2 -0
  200. package/dist/plugins/splunk/src/index.js +16 -0
  201. package/dist/plugins/spotify/src/index.js +30 -0
  202. package/dist/plugins/stackby/src/index.js +4 -0
  203. package/dist/plugins/steel/src/browser.js +7 -0
  204. package/dist/plugins/steel/src/captchas.js +3 -0
  205. package/dist/plugins/steel/src/credentials.js +4 -0
  206. package/dist/plugins/steel/src/extensions.js +5 -0
  207. package/dist/plugins/steel/src/files.js +10 -0
  208. package/dist/plugins/steel/src/profiles.js +4 -0
  209. package/dist/plugins/steel/src/sessions.js +11 -0
  210. package/dist/plugins/storyblok/src/index.js +7 -0
  211. package/dist/plugins/strapi/src/index.js +5 -0
  212. package/dist/plugins/strava/src/index.js +6 -0
  213. package/dist/plugins/stripe/src/index.js +20 -0
  214. package/dist/plugins/supabase/src/index.js +5 -0
  215. package/dist/plugins/syncromsp/src/index.js +20 -0
  216. package/dist/plugins/tapfiliate/src/index.js +11 -0
  217. package/dist/plugins/telegram/src/index.js +21 -0
  218. package/dist/plugins/thehive/src/index.js +23 -0
  219. package/dist/plugins/thehiveProject/src/index.js +31 -0
  220. package/dist/plugins/todoist/src/index.js +31 -0
  221. package/dist/plugins/together/src/index.js +1 -0
  222. package/dist/plugins/travisci/src/index.js +5 -0
  223. package/dist/plugins/trello/src/index.js +37 -0
  224. package/dist/plugins/twake/src/index.js +1 -0
  225. package/dist/plugins/twilio/src/index.js +2 -0
  226. package/dist/plugins/twist/src/index.js +22 -0
  227. package/dist/plugins/twitter/src/index.js +8 -0
  228. package/dist/plugins/unleashedSoftware/src/index.js +3 -0
  229. package/dist/plugins/uplead/src/index.js +2 -0
  230. package/dist/plugins/uproc/src/index.js +1 -0
  231. package/dist/plugins/uptimerobot/src/index.js +22 -0
  232. package/dist/plugins/urlscanio/src/index.js +3 -0
  233. package/dist/plugins/vercel/src/account.js +1 -0
  234. package/dist/plugins/vercel/src/deployments.js +5 -0
  235. package/dist/plugins/vercel/src/env.js +4 -0
  236. package/dist/plugins/vercel/src/projects.js +2 -0
  237. package/dist/plugins/vercel/src/shared.js +1 -0
  238. package/dist/plugins/vero/src/index.js +6 -0
  239. package/dist/plugins/vonage/src/index.js +1 -0
  240. package/dist/plugins/wekan/src/index.js +24 -0
  241. package/dist/plugins/woocommerce/src/index.js +5 -0
  242. package/dist/plugins/wordpress/src/index.js +10 -0
  243. package/dist/plugins/xai/src/index.js +1 -0
  244. package/dist/plugins/xero/src/index.js +8 -0
  245. package/dist/plugins/yourls/src/index.js +3 -0
  246. package/dist/plugins/zammad/src/index.js +12 -0
  247. package/dist/plugins/zendesk/src/index.js +18 -0
  248. package/dist/plugins/zoho/src/index.js +6 -0
  249. package/dist/plugins/zoom/src/index.js +5 -0
  250. package/dist/plugins/zulip/src/index.js +15 -0
  251. package/dist/sdk.d.ts +2 -1
  252. package/dist/sdk.js +1 -0
  253. package/package.json +1 -1
@@ -83,26 +83,31 @@ async function connectMiniCdp(cdpUrl) {
83
83
  }
84
84
  export function registerBrowserActions(rl) {
85
85
  rl.registerAction("scrape", {
86
+ access: "write",
86
87
  description: "One-shot Steel scrape. Loads a URL and returns requested formats such as markdown, html, cleaned_html, or readability.",
87
88
  inputSchema: t.Object(SCRAPE_SCHEMA),
88
89
  execute: scrape,
89
90
  });
90
91
  rl.registerAction("browser.scrape", {
92
+ access: "write",
91
93
  description: "Backward-compatible alias for scrape.",
92
94
  inputSchema: t.Object(SCRAPE_SCHEMA),
93
95
  execute: scrape,
94
96
  });
95
97
  rl.registerAction("screenshot", {
98
+ access: "write",
96
99
  description: "One-shot Steel screenshot. Returns a hosted PNG URL.",
97
100
  inputSchema: t.Object(SCREENSHOT_SCHEMA),
98
101
  execute: screenshot,
99
102
  });
100
103
  rl.registerAction("browser.screenshot", {
104
+ access: "write",
101
105
  description: "Backward-compatible alias for screenshot.",
102
106
  inputSchema: t.Object(SCREENSHOT_SCHEMA),
103
107
  execute: screenshot,
104
108
  });
105
109
  rl.registerAction("browser.extract", {
110
+ access: "write",
106
111
  description: "Fetch a page through Steel scrape and return selected content fields. Use selectors with browser.run for DOM-specific extraction.",
107
112
  inputSchema: t.Object({
108
113
  url: t.String({ description: "URL to scrape" }),
@@ -116,6 +121,7 @@ export function registerBrowserActions(rl) {
116
121
  },
117
122
  });
118
123
  rl.registerAction("pdf", {
124
+ access: "write",
119
125
  description: "One-shot Steel PDF capture. Returns a hosted PDF URL.",
120
126
  inputSchema: t.Object({
121
127
  url: t.String({ description: "URL to render as PDF" }),
@@ -127,6 +133,7 @@ export function registerBrowserActions(rl) {
127
133
  },
128
134
  });
129
135
  rl.registerAction("browser.run", {
136
+ access: "write",
130
137
  description: "Create a Steel session, connect with Playwright over CDP, run an async JavaScript script, then release by default. The script receives { page, browser, context, session }. Requires the host app to have playwright installed.",
131
138
  inputSchema: t.Object({
132
139
  script: t.String({ description: "Async JavaScript body. Example: await page.goto('https://example.com'); return { title: await page.title() };" }),
@@ -2,16 +2,19 @@ import * as t from "typebox";
2
2
  import { api, compactRecord } from "./shared.js";
3
3
  export function registerCaptchaActions(rl) {
4
4
  rl.registerAction("captcha.status", {
5
+ access: "read",
5
6
  description: "Get CAPTCHA detection/solving status for a Steel session.",
6
7
  inputSchema: t.Object({ sessionId: t.String() }),
7
8
  async execute(input, ctx) { return api(ctx, `/v1/sessions/${encodeURIComponent(input.sessionId)}/captchas/status`); },
8
9
  });
9
10
  rl.registerAction("captcha.solve", {
11
+ access: "write",
10
12
  description: "Trigger CAPTCHA solving for all detected CAPTCHAs or a specific task/url/page.",
11
13
  inputSchema: t.Object({ sessionId: t.String(), taskId: t.Optional(t.String()), url: t.Optional(t.String()), pageId: t.Optional(t.String()) }),
12
14
  async execute(input, ctx) { const { sessionId, ...body } = input; return api(ctx, `/v1/sessions/${encodeURIComponent(String(sessionId))}/captchas/solve`, { method: "POST", body: compactRecord(body) }); },
13
15
  });
14
16
  rl.registerAction("captcha.solveImage", {
17
+ access: "write",
15
18
  description: "Solve an image CAPTCHA by XPath selectors.",
16
19
  inputSchema: t.Object({ sessionId: t.String(), imageXPath: t.String(), inputXPath: t.String(), url: t.Optional(t.String()) }),
17
20
  async execute(input, ctx) { const { sessionId, ...body } = input; return api(ctx, `/v1/sessions/${encodeURIComponent(String(sessionId))}/captchas/solve-image`, { method: "POST", body: compactRecord(body) }); },
@@ -6,6 +6,7 @@ const CREDENTIAL_KEY_SCHEMA = {
6
6
  };
7
7
  export function registerCredentialActions(rl) {
8
8
  rl.registerAction("credential.list", {
9
+ access: "read",
9
10
  description: "List Steel credentials. Filter by origin and/or namespace.",
10
11
  inputSchema: t.Object({ namespace: t.Optional(t.String()), origin: t.Optional(t.String()) }),
11
12
  async execute(input, ctx) {
@@ -13,6 +14,7 @@ export function registerCredentialActions(rl) {
13
14
  },
14
15
  });
15
16
  rl.registerAction("credential.create", {
17
+ access: "write",
16
18
  description: "Create a Steel credential for an origin/namespace. Value may include username, password, and totpSecret.",
17
19
  inputSchema: t.Object({ ...CREDENTIAL_KEY_SCHEMA, value: t.Any({ description: "Credential payload" }) }),
18
20
  async execute(input, ctx) {
@@ -20,6 +22,7 @@ export function registerCredentialActions(rl) {
20
22
  },
21
23
  });
22
24
  rl.registerAction("credential.get", {
25
+ access: "read",
23
26
  description: "Retrieve credential metadata by origin and optional namespace.",
24
27
  inputSchema: t.Object(CREDENTIAL_KEY_SCHEMA),
25
28
  async execute(input, ctx) {
@@ -29,6 +32,7 @@ export function registerCredentialActions(rl) {
29
32
  },
30
33
  });
31
34
  rl.registerAction("credential.delete", {
35
+ access: "write",
32
36
  description: "Delete a Steel credential by origin and optional namespace.",
33
37
  inputSchema: t.Object(CREDENTIAL_KEY_SCHEMA),
34
38
  async execute(input, ctx) {
@@ -8,6 +8,7 @@ function extensionForm(input) {
8
8
  }
9
9
  export function registerExtensionActions(rl) {
10
10
  rl.registerAction("extension.list", {
11
+ access: "read",
11
12
  description: "List Steel Chrome extensions installed for the organization.",
12
13
  inputSchema: t.Object({}),
13
14
  async execute(_input, ctx) {
@@ -15,6 +16,7 @@ export function registerExtensionActions(rl) {
15
16
  },
16
17
  });
17
18
  rl.registerAction("extension.upload", {
19
+ access: "write",
18
20
  description: "Upload an extension from a Chrome Web Store URL. Raw zip/crx uploads should use the API directly.",
19
21
  inputSchema: t.Object({ url: t.String() }),
20
22
  async execute(input, ctx) {
@@ -22,6 +24,7 @@ export function registerExtensionActions(rl) {
22
24
  },
23
25
  });
24
26
  rl.registerAction("extension.update", {
27
+ access: "write",
25
28
  description: "Update an extension from a Chrome Web Store URL.",
26
29
  inputSchema: t.Object({ id: t.String(), url: t.String() }),
27
30
  async execute(input, ctx) {
@@ -30,6 +33,7 @@ export function registerExtensionActions(rl) {
30
33
  },
31
34
  });
32
35
  rl.registerAction("extension.delete", {
36
+ access: "write",
33
37
  description: "Delete an extension by ID.",
34
38
  inputSchema: t.Object({ id: t.String() }),
35
39
  async execute(input, ctx) {
@@ -37,6 +41,7 @@ export function registerExtensionActions(rl) {
37
41
  },
38
42
  });
39
43
  rl.registerAction("extension.deleteAll", {
44
+ access: "write",
40
45
  description: "Delete all organization extensions.",
41
46
  inputSchema: t.Object({}),
42
47
  async execute(_input, ctx) {
@@ -21,6 +21,7 @@ function encodeFilePath(path) {
21
21
  }
22
22
  export function registerFileActions(rl) {
23
23
  rl.registerAction("file.list", {
24
+ access: "read",
24
25
  description: "List global Steel files.",
25
26
  inputSchema: t.Object({}),
26
27
  async execute(_input, ctx) {
@@ -28,6 +29,7 @@ export function registerFileActions(rl) {
28
29
  },
29
30
  });
30
31
  rl.registerAction("file.upload", {
32
+ access: "write",
31
33
  description: "Upload a global file from a URL or existing path reference.",
32
34
  inputSchema: t.Object(fileSchema()),
33
35
  async execute(input, ctx) {
@@ -35,6 +37,7 @@ export function registerFileActions(rl) {
35
37
  },
36
38
  });
37
39
  rl.registerAction("file.download", {
40
+ access: "read",
38
41
  description: "Download/read a global file by path. Binary files are returned as text by fetch when possible; use the URL/API directly for raw bytes.",
39
42
  inputSchema: t.Object({ path: t.String() }),
40
43
  async execute(input, ctx) {
@@ -42,6 +45,7 @@ export function registerFileActions(rl) {
42
45
  },
43
46
  });
44
47
  rl.registerAction("file.delete", {
48
+ access: "write",
45
49
  description: "Delete a global Steel file by path.",
46
50
  inputSchema: t.Object({ path: t.String() }),
47
51
  async execute(input, ctx) {
@@ -49,6 +53,7 @@ export function registerFileActions(rl) {
49
53
  },
50
54
  });
51
55
  rl.registerAction("sessionFile.list", {
56
+ access: "read",
52
57
  description: "List files in a Steel session filesystem.",
53
58
  inputSchema: t.Object({ sessionId: t.String() }),
54
59
  async execute(input, ctx) {
@@ -56,6 +61,7 @@ export function registerFileActions(rl) {
56
61
  },
57
62
  });
58
63
  rl.registerAction("sessionFile.upload", {
64
+ access: "write",
59
65
  description: "Upload/copy a URL or global file into a session filesystem.",
60
66
  inputSchema: t.Object({ sessionId: t.String(), ...fileSchema() }),
61
67
  async execute(input, ctx) {
@@ -64,6 +70,7 @@ export function registerFileActions(rl) {
64
70
  },
65
71
  });
66
72
  rl.registerAction("sessionFile.download", {
73
+ access: "read",
67
74
  description: "Download/read a session file by path.",
68
75
  inputSchema: t.Object({ sessionId: t.String(), path: t.String() }),
69
76
  async execute(input, ctx) {
@@ -72,6 +79,7 @@ export function registerFileActions(rl) {
72
79
  },
73
80
  });
74
81
  rl.registerAction("sessionFile.downloadArchive", {
82
+ access: "read",
75
83
  description: "Download/read the zip archive of all files in a session.",
76
84
  inputSchema: t.Object({ sessionId: t.String() }),
77
85
  async execute(input, ctx) {
@@ -79,6 +87,7 @@ export function registerFileActions(rl) {
79
87
  },
80
88
  });
81
89
  rl.registerAction("sessionFile.delete", {
90
+ access: "write",
82
91
  description: "Delete a file from a session filesystem.",
83
92
  inputSchema: t.Object({ sessionId: t.String(), path: t.String() }),
84
93
  async execute(input, ctx) {
@@ -87,6 +96,7 @@ export function registerFileActions(rl) {
87
96
  },
88
97
  });
89
98
  rl.registerAction("sessionFile.deleteAll", {
99
+ access: "write",
90
100
  description: "Delete all files in a session filesystem.",
91
101
  inputSchema: t.Object({ sessionId: t.String() }),
92
102
  async execute(input, ctx) {
@@ -11,6 +11,7 @@ function profileForm(input) {
11
11
  }
12
12
  export function registerProfileActions(rl) {
13
13
  rl.registerAction("profile.list", {
14
+ access: "read",
14
15
  description: "List Steel browser profiles.",
15
16
  inputSchema: t.Object({}),
16
17
  async execute(_input, ctx) {
@@ -18,6 +19,7 @@ export function registerProfileActions(rl) {
18
19
  },
19
20
  });
20
21
  rl.registerAction("profile.get", {
22
+ access: "read",
21
23
  description: "Get a Steel profile by ID.",
22
24
  inputSchema: t.Object({ id: t.String() }),
23
25
  async execute(input, ctx) {
@@ -25,6 +27,7 @@ export function registerProfileActions(rl) {
25
27
  },
26
28
  });
27
29
  rl.registerAction("profile.create", {
30
+ access: "write",
28
31
  description: "Create an empty persisted Steel profile by opening and releasing a short-lived session with persistProfile=true. For userDataDir archive imports, use the Steel API directly.",
29
32
  inputSchema: t.Object({
30
33
  timeout: t.Optional(t.Number({ description: "Temporary session timeout in milliseconds" })),
@@ -45,6 +48,7 @@ export function registerProfileActions(rl) {
45
48
  },
46
49
  });
47
50
  rl.registerAction("profile.update", {
51
+ access: "write",
48
52
  description: "Update profile metadata/settings used by later sessions.",
49
53
  inputSchema: t.Object({ id: t.String(), userAgent: t.Optional(t.String()), proxy: t.Optional(t.Any()), metadata: t.Optional(t.Any()) }),
50
54
  async execute(input, ctx) {
@@ -2,6 +2,7 @@ import * as t from "typebox";
2
2
  import { LIST_INPUT_SCHEMA, SESSION_OPTIONS_SCHEMA, api, apiKey, compactRecord } from "./shared.js";
3
3
  export function registerSessionActions(rl) {
4
4
  rl.registerAction("session.create", {
5
+ access: "write",
5
6
  description: "Create a Steel browser session. Returns session id, websocketUrl/CDP URL, debug/viewer URLs, and profile metadata when present.",
6
7
  inputSchema: t.Object(SESSION_OPTIONS_SCHEMA),
7
8
  async execute(input, ctx) {
@@ -9,6 +10,7 @@ export function registerSessionActions(rl) {
9
10
  },
10
11
  });
11
12
  rl.registerAction("session.list", {
13
+ access: "read",
12
14
  description: "List Steel sessions.",
13
15
  inputSchema: t.Object(LIST_INPUT_SCHEMA),
14
16
  async execute(input, ctx) {
@@ -16,6 +18,7 @@ export function registerSessionActions(rl) {
16
18
  },
17
19
  });
18
20
  rl.registerAction("session.get", {
21
+ access: "read",
19
22
  description: "Get a Steel session by ID.",
20
23
  inputSchema: t.Object({ id: t.String({ description: "Session ID" }) }),
21
24
  async execute(input, ctx) {
@@ -23,6 +26,7 @@ export function registerSessionActions(rl) {
23
26
  },
24
27
  });
25
28
  rl.registerAction("session.release", {
29
+ access: "write",
26
30
  description: "Release a Steel session when work is done.",
27
31
  inputSchema: t.Object({ id: t.String({ description: "Session ID" }) }),
28
32
  async execute(input, ctx) {
@@ -30,6 +34,7 @@ export function registerSessionActions(rl) {
30
34
  },
31
35
  });
32
36
  rl.registerAction("session.releaseAll", {
37
+ access: "write",
33
38
  description: "Release all live Steel sessions for the organization by listing sessions and releasing each live session individually.",
34
39
  inputSchema: t.Object({}),
35
40
  async execute(_input, ctx) {
@@ -51,6 +56,7 @@ export function registerSessionActions(rl) {
51
56
  },
52
57
  });
53
58
  rl.registerAction("session.context", {
59
+ access: "read",
54
60
  description: "Capture cookies/localStorage context from a live session. Treat output as sensitive auth material.",
55
61
  inputSchema: t.Object({ id: t.String({ description: "Session ID" }) }),
56
62
  async execute(input, ctx) {
@@ -58,6 +64,7 @@ export function registerSessionActions(rl) {
58
64
  },
59
65
  });
60
66
  rl.registerAction("session.traces", {
67
+ access: "read",
61
68
  description: "Fetch the Agent Traces timeline for a Steel session. Supports optional ISO startTime/endTime filters.",
62
69
  inputSchema: t.Object({
63
70
  id: t.String({ description: "Session ID" }),
@@ -70,6 +77,7 @@ export function registerSessionActions(rl) {
70
77
  },
71
78
  });
72
79
  rl.registerAction("session.computer", {
80
+ access: "write",
73
81
  description: "Execute a Steel computer-use action against a live session. Useful for model-native computer-use loops; pass actions such as take_screenshot, click_mouse, type_text, press_key, scroll, or drag_mouse.",
74
82
  inputSchema: t.Object({
75
83
  id: t.String({ description: "Session ID" }),
@@ -90,6 +98,7 @@ export function registerSessionActions(rl) {
90
98
  },
91
99
  });
92
100
  rl.registerAction("session.events", {
101
+ access: "read",
93
102
  description: "Fetch legacy recorded session events for replay tooling.",
94
103
  inputSchema: t.Object({ id: t.String({ description: "Session ID" }) }),
95
104
  async execute(input, ctx) {
@@ -97,6 +106,7 @@ export function registerSessionActions(rl) {
97
106
  },
98
107
  });
99
108
  rl.registerAction("session.hls", {
109
+ access: "read",
100
110
  description: "Fetch the HLS playlist for a recorded headful Steel session.",
101
111
  inputSchema: t.Object({ id: t.String({ description: "Session ID" }) }),
102
112
  async execute(input, ctx) {
@@ -104,6 +114,7 @@ export function registerSessionActions(rl) {
104
114
  },
105
115
  });
106
116
  rl.registerAction("session.cdpUrl", {
117
+ access: "read",
107
118
  description: "Build a Playwright/Puppeteer CDP URL for a Steel session using the configured API key.",
108
119
  inputSchema: t.Object({ id: t.String({ description: "Session ID" }), websocketUrl: t.Optional(t.String({ description: "Optional websocketUrl returned by session.create. If omitted, uses wss://connect.steel.dev with sessionId." })) }),
109
120
  async execute(input, ctx) {
@@ -58,6 +58,7 @@ export default function storyblok(rl) {
58
58
  });
59
59
  // ── Content API ─────────────────────────────────────
60
60
  rl.registerAction("content.story.get", {
61
+ access: "read",
61
62
  description: "Get a published story by slug or ID (Content API)",
62
63
  inputSchema: {
63
64
  identifier: {
@@ -75,6 +76,7 @@ export default function storyblok(rl) {
75
76
  },
76
77
  });
77
78
  rl.registerAction("content.story.list", {
79
+ access: "read",
78
80
  description: "List published stories (Content API)",
79
81
  inputSchema: {
80
82
  limit: { type: "number", required: false },
@@ -100,6 +102,7 @@ export default function storyblok(rl) {
100
102
  });
101
103
  // ── Management API ──────────────────────────────────
102
104
  rl.registerAction("management.story.get", {
105
+ access: "read",
103
106
  description: "Get a story by ID (Management API)",
104
107
  inputSchema: {
105
108
  spaceId: { type: "string", required: true },
@@ -115,6 +118,7 @@ export default function storyblok(rl) {
115
118
  },
116
119
  });
117
120
  rl.registerAction("management.story.list", {
121
+ access: "read",
118
122
  description: "List stories in a space (Management API)",
119
123
  inputSchema: {
120
124
  spaceId: { type: "string", required: true },
@@ -133,6 +137,7 @@ export default function storyblok(rl) {
133
137
  },
134
138
  });
135
139
  rl.registerAction("management.story.delete", {
140
+ access: "write",
136
141
  description: "Delete a story (Management API)",
137
142
  inputSchema: {
138
143
  spaceId: { type: "string", required: true },
@@ -148,6 +153,7 @@ export default function storyblok(rl) {
148
153
  },
149
154
  });
150
155
  rl.registerAction("management.story.publish", {
156
+ access: "write",
151
157
  description: "Publish a story (Management API)",
152
158
  inputSchema: {
153
159
  spaceId: { type: "string", required: true },
@@ -170,6 +176,7 @@ export default function storyblok(rl) {
170
176
  },
171
177
  });
172
178
  rl.registerAction("management.story.unpublish", {
179
+ access: "write",
173
180
  description: "Unpublish a story (Management API)",
174
181
  inputSchema: {
175
182
  spaceId: { type: "string", required: true },
@@ -92,6 +92,7 @@ export default function strapi(rl) {
92
92
  },
93
93
  });
94
94
  rl.registerAction("entry.create", {
95
+ access: "write",
95
96
  description: "Create an entry in a content type",
96
97
  inputSchema: {
97
98
  contentType: {
@@ -111,6 +112,7 @@ export default function strapi(rl) {
111
112
  },
112
113
  });
113
114
  rl.registerAction("entry.get", {
115
+ access: "read",
114
116
  description: "Get an entry by ID",
115
117
  inputSchema: {
116
118
  contentType: { type: "string", required: true },
@@ -124,6 +126,7 @@ export default function strapi(rl) {
124
126
  },
125
127
  });
126
128
  rl.registerAction("entry.list", {
129
+ access: "read",
127
130
  description: "List entries of a content type",
128
131
  inputSchema: {
129
132
  contentType: { type: "string", required: true },
@@ -172,6 +175,7 @@ export default function strapi(rl) {
172
175
  },
173
176
  });
174
177
  rl.registerAction("entry.update", {
178
+ access: "write",
175
179
  description: "Update an entry by ID",
176
180
  inputSchema: {
177
181
  contentType: { type: "string", required: true },
@@ -189,6 +193,7 @@ export default function strapi(rl) {
189
193
  },
190
194
  });
191
195
  rl.registerAction("entry.delete", {
196
+ access: "write",
192
197
  description: "Delete an entry by ID",
193
198
  inputSchema: {
194
199
  contentType: { type: "string", required: true },
@@ -39,6 +39,7 @@ export default function strava(rl) {
39
39
  });
40
40
  const key = (ctx) => ctx.connection.config.accessToken;
41
41
  rl.registerAction("activity.create", {
42
+ access: "write",
42
43
  description: "Create an activity",
43
44
  inputSchema: {
44
45
  name: { type: "string", required: true },
@@ -86,6 +87,7 @@ export default function strava(rl) {
86
87
  },
87
88
  });
88
89
  rl.registerAction("activity.get", {
90
+ access: "read",
89
91
  description: "Get an activity by ID",
90
92
  inputSchema: { activityId: { type: "string", required: true } },
91
93
  async execute(input, ctx) {
@@ -93,6 +95,7 @@ export default function strava(rl) {
93
95
  },
94
96
  });
95
97
  rl.registerAction("activity.list", {
98
+ access: "read",
96
99
  description: "List the authenticated athlete's activities",
97
100
  inputSchema: { limit: { type: "number", required: false } },
98
101
  async execute(input, ctx) {
@@ -103,6 +106,7 @@ export default function strava(rl) {
103
106
  },
104
107
  });
105
108
  rl.registerAction("activity.update", {
109
+ access: "write",
106
110
  description: "Update an activity",
107
111
  inputSchema: {
108
112
  activityId: { type: "string", required: true },
@@ -150,6 +154,7 @@ export default function strava(rl) {
150
154
  },
151
155
  ]) {
152
156
  rl.registerAction(`activity.${sub.name}`, {
157
+ access: "read",
153
158
  description: sub.description,
154
159
  inputSchema: {
155
160
  activityId: { type: "string", required: true },
@@ -165,6 +170,7 @@ export default function strava(rl) {
165
170
  });
166
171
  }
167
172
  rl.registerAction("activity.getStreams", {
173
+ access: "read",
168
174
  description: "Get activity streams (time-series data)",
169
175
  inputSchema: {
170
176
  activityId: { type: "string", required: true },
@@ -51,6 +51,7 @@ export default function stripe(rl) {
51
51
  const key = (ctx) => ctx.connection.config.secretKey;
52
52
  // ── Balance ─────────────────────────────────────────
53
53
  rl.registerAction("balance.get", {
54
+ access: "read",
54
55
  description: "Get current balance",
55
56
  inputSchema: {},
56
57
  async execute(_input, ctx) {
@@ -59,6 +60,7 @@ export default function stripe(rl) {
59
60
  });
60
61
  // ── Customer ────────────────────────────────────────
61
62
  rl.registerAction("customer.create", {
63
+ access: "write",
62
64
  description: "Create a customer",
63
65
  inputSchema: {
64
66
  name: { type: "string", required: true },
@@ -71,6 +73,7 @@ export default function stripe(rl) {
71
73
  },
72
74
  });
73
75
  rl.registerAction("customer.get", {
76
+ access: "read",
74
77
  description: "Get a customer by ID",
75
78
  inputSchema: { customerId: { type: "string", required: true } },
76
79
  async execute(input, ctx) {
@@ -78,6 +81,7 @@ export default function stripe(rl) {
78
81
  },
79
82
  });
80
83
  rl.registerAction("customer.list", {
84
+ access: "read",
81
85
  description: "List customers",
82
86
  inputSchema: {
83
87
  limit: { type: "number", required: false },
@@ -95,6 +99,7 @@ export default function stripe(rl) {
95
99
  },
96
100
  });
97
101
  rl.registerAction("customer.update", {
102
+ access: "write",
98
103
  description: "Update a customer",
99
104
  inputSchema: {
100
105
  customerId: { type: "string", required: true },
@@ -109,6 +114,7 @@ export default function stripe(rl) {
109
114
  },
110
115
  });
111
116
  rl.registerAction("customer.delete", {
117
+ access: "write",
112
118
  description: "Delete a customer",
113
119
  inputSchema: { customerId: { type: "string", required: true } },
114
120
  async execute(input, ctx) {
@@ -117,6 +123,7 @@ export default function stripe(rl) {
117
123
  });
118
124
  // ── Charge ──────────────────────────────────────────
119
125
  rl.registerAction("charge.create", {
126
+ access: "write",
120
127
  description: "Create a charge",
121
128
  inputSchema: {
122
129
  amount: {
@@ -138,6 +145,7 @@ export default function stripe(rl) {
138
145
  },
139
146
  });
140
147
  rl.registerAction("charge.get", {
148
+ access: "read",
141
149
  description: "Get a charge by ID",
142
150
  inputSchema: { chargeId: { type: "string", required: true } },
143
151
  async execute(input, ctx) {
@@ -145,6 +153,7 @@ export default function stripe(rl) {
145
153
  },
146
154
  });
147
155
  rl.registerAction("charge.list", {
156
+ access: "read",
148
157
  description: "List charges",
149
158
  inputSchema: { limit: { type: "number", required: false } },
150
159
  async execute(input, ctx) {
@@ -156,6 +165,7 @@ export default function stripe(rl) {
156
165
  },
157
166
  });
158
167
  rl.registerAction("charge.update", {
168
+ access: "write",
159
169
  description: "Update a charge",
160
170
  inputSchema: {
161
171
  chargeId: { type: "string", required: true },
@@ -168,6 +178,7 @@ export default function stripe(rl) {
168
178
  });
169
179
  // ── Coupon ──────────────────────────────────────────
170
180
  rl.registerAction("coupon.create", {
181
+ access: "write",
171
182
  description: "Create a coupon",
172
183
  inputSchema: {
173
184
  duration: {
@@ -196,6 +207,7 @@ export default function stripe(rl) {
196
207
  },
197
208
  });
198
209
  rl.registerAction("coupon.list", {
210
+ access: "read",
199
211
  description: "List coupons",
200
212
  inputSchema: { limit: { type: "number", required: false } },
201
213
  async execute(input, ctx) {
@@ -208,6 +220,7 @@ export default function stripe(rl) {
208
220
  });
209
221
  // ── Customer Card ───────────────────────────────────
210
222
  rl.registerAction("customerCard.add", {
223
+ access: "write",
211
224
  description: "Add a card to a customer",
212
225
  inputSchema: {
213
226
  customerId: { type: "string", required: true },
@@ -223,6 +236,7 @@ export default function stripe(rl) {
223
236
  },
224
237
  });
225
238
  rl.registerAction("customerCard.get", {
239
+ access: "read",
226
240
  description: "Get a customer's card/source",
227
241
  inputSchema: {
228
242
  customerId: { type: "string", required: true },
@@ -234,6 +248,7 @@ export default function stripe(rl) {
234
248
  },
235
249
  });
236
250
  rl.registerAction("customerCard.remove", {
251
+ access: "write",
237
252
  description: "Remove a card from a customer",
238
253
  inputSchema: {
239
254
  customerId: { type: "string", required: true },
@@ -246,6 +261,7 @@ export default function stripe(rl) {
246
261
  });
247
262
  // ── Source ──────────────────────────────────────────
248
263
  rl.registerAction("source.create", {
264
+ access: "write",
249
265
  description: "Create a source and attach to customer",
250
266
  inputSchema: {
251
267
  customerId: { type: "string", required: true },
@@ -267,6 +283,7 @@ export default function stripe(rl) {
267
283
  },
268
284
  });
269
285
  rl.registerAction("source.get", {
286
+ access: "read",
270
287
  description: "Get a source by ID",
271
288
  inputSchema: { sourceId: { type: "string", required: true } },
272
289
  async execute(input, ctx) {
@@ -274,6 +291,7 @@ export default function stripe(rl) {
274
291
  },
275
292
  });
276
293
  rl.registerAction("source.delete", {
294
+ access: "write",
277
295
  description: "Detach a source from a customer",
278
296
  inputSchema: {
279
297
  customerId: { type: "string", required: true },
@@ -286,6 +304,7 @@ export default function stripe(rl) {
286
304
  });
287
305
  // ── Token ───────────────────────────────────────────
288
306
  rl.registerAction("token.createCard", {
307
+ access: "write",
289
308
  description: "Create a card token",
290
309
  inputSchema: {
291
310
  number: { type: "string", required: true },
@@ -307,6 +326,7 @@ export default function stripe(rl) {
307
326
  });
308
327
  // ── Meter Event ─────────────────────────────────────
309
328
  rl.registerAction("meterEvent.create", {
329
+ access: "write",
310
330
  description: "Create a billing meter event",
311
331
  inputSchema: {
312
332
  eventName: { type: "string", required: true },
@@ -47,6 +47,7 @@ export default function supabase(rl) {
47
47
  },
48
48
  });
49
49
  rl.registerAction("row.create", {
50
+ access: "write",
50
51
  description: "Insert rows into a table",
51
52
  inputSchema: {
52
53
  table: { type: "string", required: true },
@@ -71,6 +72,7 @@ export default function supabase(rl) {
71
72
  },
72
73
  });
73
74
  rl.registerAction("row.get", {
75
+ access: "read",
74
76
  description: "Get rows by filter (PostgREST query params)",
75
77
  inputSchema: {
76
78
  table: { type: "string", required: true },
@@ -91,6 +93,7 @@ export default function supabase(rl) {
91
93
  },
92
94
  });
93
95
  rl.registerAction("row.list", {
96
+ access: "read",
94
97
  description: "List rows from a table",
95
98
  inputSchema: {
96
99
  table: { type: "string", required: true },
@@ -117,6 +120,7 @@ export default function supabase(rl) {
117
120
  },
118
121
  });
119
122
  rl.registerAction("row.update", {
123
+ access: "write",
120
124
  description: "Update rows matching a filter",
121
125
  inputSchema: {
122
126
  table: { type: "string", required: true },
@@ -138,6 +142,7 @@ export default function supabase(rl) {
138
142
  },
139
143
  });
140
144
  rl.registerAction("row.delete", {
145
+ access: "write",
141
146
  description: "Delete rows matching a filter",
142
147
  inputSchema: {
143
148
  table: { type: "string", required: true },