veryfront 0.1.321 → 0.1.322

package/esm/deno.js

@@ -1,6 +1,6 @@
 export default {
     "name": "veryfront",
-    "version": "0.1.321",
+    "version": "0.1.322",
     "license": "Apache-2.0",
     "nodeModulesDir": "auto",
     "workspace": [

package/esm/extensions/ext-jwt/src/index.d.ts

@@ -0,0 +1,39 @@
+import { jwtVerify } from "jose";
+import type { ExtensionFactory } from "../../../src/extensions/index.js";
+import type { AuthProvider } from "../../../src/extensions/interfaces/index.js";
+/**
+ * Signature used by jose's verify step to resolve a key for a given header.
+ *
+ * Matches the shape returned by `createRemoteJWKSet` / `createLocalJWKSet`
+ * and lets tests inject an in-memory key set without reaching the network.
+ */
+export type JwksResolver = Parameters<typeof jwtVerify>[1] & object;
+/**
+ * Factory for building a JWKS resolver from a URL.
+ *
+ * The default uses `createRemoteJWKSet`; tests can inject a stub that returns
+ * a local resolver bound to an in-memory key set.
+ */
+export type JwksResolverFactory = (jwksUrl: string) => JwksResolver;
+/**
+ * Optional configuration for the ext-jwt factory.
+ *
+ * - `secret`: HMAC secret for `sign`/`verify`. Falls back to the `JWT_SECRET`
+ *   environment variable. Without one, `sign`/`verify` throw.
+ * - `jwksResolverFactory`: test seam that overrides JWKS resolution.
+ */
+export interface ExtJwtConfig {
+    secret?: string | Uint8Array;
+    jwksResolverFactory?: JwksResolverFactory;
+}
+declare function createAuthProvider(config: ExtJwtConfig): AuthProvider;
+/**
+ * Default export — the ext-jwt extension factory.
+ *
+ * Produces an extension that registers an `AuthProvider` contract
+ * implementation backed by `jose`.
+ */
+declare const extJwt: ExtensionFactory;
+export default extJwt;
+export { createAuthProvider };
+//# sourceMappingURL=index.d.ts.map

package/esm/extensions/ext-jwt/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/extensions/ext-jwt/src/index.ts"],"names":[],"mappings":"AAWA,OAAO,EAIL,SAAS,EAGV,MAAM,MAAM,CAAC;AAEd,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACzE,OAAO,KAAK,EACV,YAAY,EAKb,MAAM,6CAA6C,CAAC;AAErD;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC;AAEpE;;;;;GAKG;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,EAAE,MAAM,KAAK,YAAY,CAAC;AAEpE;;;;;;GAMG;AACH,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAC7B,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CAC3C;AAsBD,iBAAS,kBAAkB,CAAC,MAAM,EAAE,YAAY,GAAG,YAAY,CAqE9D;AAED;;;;;GAKG;AACH,QAAA,MAAM,MAAM,EAAE,gBAeb,CAAC;AAEF,eAAe,MAAM,CAAC;AACtB,OAAO,EAAE,kBAAkB,EAAE,CAAC"}

package/esm/extensions/ext-jwt/src/index.js

@@ -0,0 +1,103 @@
+/**
+ * ext-jwt — AuthProvider implementation backed by `jose`.
+ *
+ * Provides the `AuthProvider` contract: sign / verify (HS256 by default),
+ * verify-with-remote-JWKS, and decode-header.
+ *
+ * @module extensions/ext-jwt
+ */
+import * as dntShim from "../../../_dnt.shims.js";
+import { createRemoteJWKSet, decodeProtectedHeader, jwtVerify, SignJWT, } from "jose";
+function defaultJwksResolverFactory(jwksUrl) {
+    return createRemoteJWKSet(new URL(jwksUrl));
+}
+function toUint8Array(secret) {
+    return typeof secret === "string" ? new TextEncoder().encode(secret) : secret;
+}
+function getSecret(configSecret) {
+    if (configSecret !== undefined)
+        return toUint8Array(configSecret);
+    const env = typeof dntShim.Deno !== "undefined" ? dntShim.Deno.env.get("JWT_SECRET") : undefined;
+    if (!env) {
+        throw new Error("ext-jwt: no HMAC secret configured. Pass `secret` to the extension " +
+            "factory or set the JWT_SECRET environment variable.");
+    }
+    return new TextEncoder().encode(env);
+}
+function createAuthProvider(config) {
+    const jwksResolverFactory = config.jwksResolverFactory ??
+        defaultJwksResolverFactory;
+    // Cache one resolver per JWKS URL; `createRemoteJWKSet` maintains its own
+    // internal key cache with cooldown/rotation semantics, so reusing the
+    // same resolver is required for the cache to be effective.
+    const jwksResolvers = new Map();
+    function getJwksResolver(jwksUrl) {
+        const existing = jwksResolvers.get(jwksUrl);
+        if (existing)
+            return existing;
+        const created = jwksResolverFactory(jwksUrl);
+        jwksResolvers.set(jwksUrl, created);
+        return created;
+    }
+    return {
+        async sign(payload, options) {
+            const secret = getSecret(config.secret);
+            const algorithm = options?.algorithm ?? "HS256";
+            const { sub, ...rest } = payload;
+            const builder = new SignJWT(rest)
+                .setProtectedHeader({ alg: algorithm })
+                .setSubject(sub);
+            if (options?.expiresIn !== undefined) {
+                // jose's setExpirationTime accepts `string | number | Date`.
+                builder.setExpirationTime(options.expiresIn);
+            }
+            return await builder.sign(secret);
+        },
+        async verify(token, options) {
+            const secret = getSecret(config.secret);
+            const algorithms = options?.algorithms ?? ["HS256"];
+            const { payload } = await jwtVerify(token, secret, { algorithms });
+            return payload;
+        },
+        async verifyWithJwks(token, jwksUrl, options) {
+            const resolver = getJwksResolver(jwksUrl);
+            const { algorithms, ...rest } = options ?? {};
+            const verifyOpts = { ...rest };
+            if (algorithms)
+                verifyOpts.algorithms = algorithms;
+            const { payload } = await jwtVerify(token, resolver, verifyOpts);
+            return payload;
+        },
+        decode(token) {
+            try {
+                return decodeProtectedHeader(token);
+            }
+            catch {
+                return undefined;
+            }
+        },
+    };
+}
+/**
+ * Default export — the ext-jwt extension factory.
+ *
+ * Produces an extension that registers an `AuthProvider` contract
+ * implementation backed by `jose`.
+ */
+const extJwt = (config) => {
+    const cfg = (config ?? {});
+    const provider = createAuthProvider(cfg);
+    return {
+        name: "ext-jwt",
+        version: "0.1.0",
+        capabilities: [
+            { type: "contract", name: "AuthProvider" },
+            { type: "network", host: "*" },
+        ],
+        provides: {
+            AuthProvider: provider,
+        },
+    };
+};
+export default extJwt;
+export { createAuthProvider };

package/esm/extensions/ext-openai/src/openai-provider.d.ts

@@ -0,0 +1,29 @@
+/**
+ * OpenAI provider — implements the {@link AIProvider} contract for OpenAI,
+ * OpenAI-compatible endpoints (Azure OpenAI, Moonshot AI), and OpenAI's
+ * Responses API.
+ *
+ * Ported from `src/provider/runtime-loader.ts` as part of PR 11.
+ *
+ * @module extensions/ext-openai/openai-provider
+ */
+import type { AIProvider, AIProviderConfig } from "../../../src/extensions/interfaces/index.js";
+import type { EmbeddingRuntime, ModelRuntime } from "../../../src/provider/types.js";
+import { buildProviderError, isNumberArray, mergeUsage, parseRetryAfterMs, ProviderError, ProviderOverloadedError, ProviderQuotaError, ProviderRateLimitError, ProviderRequestError, TOOL_INPUT_PENDING_THRESHOLD_MS, withToolInputStatusTransitions } from "../../../src/provider/shared/index.js";
+export { buildProviderError, isNumberArray, mergeUsage, parseRetryAfterMs, ProviderError, ProviderOverloadedError, ProviderQuotaError, ProviderRateLimitError, ProviderRequestError, TOOL_INPUT_PENDING_THRESHOLD_MS, withToolInputStatusTransitions, };
+export interface OpenAIRuntimeConfig {
+    apiKey: string;
+    baseURL?: string;
+    name?: string;
+    fetch?: typeof globalThis.fetch;
+}
+export declare function createOpenAIModelRuntime(config: OpenAIRuntimeConfig, modelId: string): ModelRuntime;
+export declare function createOpenAIResponsesRuntime(config: OpenAIRuntimeConfig, modelId: string): ModelRuntime;
+export declare function createOpenAIEmbeddingRuntime(config: OpenAIRuntimeConfig, modelId: string): EmbeddingRuntime;
+export declare class OpenAIProvider implements AIProvider {
+    readonly id = "openai";
+    createModel(modelId: string, config: AIProviderConfig): ModelRuntime;
+    createEmbedding(modelId: string, config: AIProviderConfig): EmbeddingRuntime;
+    createResponses(modelId: string, config: AIProviderConfig): ModelRuntime;
+}
+//# sourceMappingURL=openai-provider.d.ts.map

package/esm/extensions/ext-openai/src/openai-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openai-provider.d.ts","sourceRoot":"","sources":["../../../../src/extensions/ext-openai/src/openai-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,6CAA6C,CAAC;AAChG,OAAO,KAAK,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AACrF,OAAO,EACL,kBAAkB,EAMlB,aAAa,EACb,UAAU,EACV,iBAAiB,EACjB,aAAa,EACb,uBAAuB,EACvB,kBAAkB,EAClB,sBAAsB,EACtB,oBAAoB,EAOpB,+BAA+B,EAG/B,8BAA8B,EAC/B,MAAM,uCAAuC,CAAC;AAI/C,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,UAAU,EACV,iBAAiB,EACjB,aAAa,EACb,uBAAuB,EACvB,kBAAkB,EAClB,sBAAsB,EACtB,oBAAoB,EACpB,+BAA+B,EAC/B,8BAA8B,GAC/B,CAAC;AAEF,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;CACjC;AAoqCD,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,mBAAmB,EAC3B,OAAO,EAAE,MAAM,GACd,YAAY,CAsEd;AAED,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,mBAAmB,EAC3B,OAAO,EAAE,MAAM,GACd,YAAY,CAsEd;AAED,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,mBAAmB,EAC3B,OAAO,EAAE,MAAM,GACd,gBAAgB,CAuClB;AAED,qBAAa,cAAe,YAAW,UAAU;IAC/C,QAAQ,CAAC,EAAE,YAAY;IAEvB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,GAAG,YAAY;IAYpE,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,GAAG,gBAAgB;IAY5E,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,GAAG,YAAY;CAWzE"}