@promptbook/azure-openai
Version:
Promptbook: Create persistent AI agents that turn your company's scattered knowledge into action
60 lines (59 loc) • 2.38 kB
TypeScript
/**
* Header used for same-server TEAM calls that may access private teammate agents.
*
* @private internal Agents Server access wiring
*/
export declare const TEAM_INTERNAL_AGENT_ACCESS_HEADER = "x-promptbook-team-agent-access-token";
/**
* Options for creating same-server TEAM access headers.
*
* @private internal Agents Server access wiring
*/
export type TeamInternalAgentAccessHeadersOptions = {
/**
* URL of the teammate agent that is about to be contacted.
*/
readonly agentUrl: string;
/**
* Origin of the current Agents Server.
*/
readonly localServerUrl?: string;
/**
* Resolved internal access token carried by the runtime context.
*/
readonly accessToken?: string | null;
};
/**
* Resolves the internal token used by same-server TEAM calls.
*
* `PROMPTBOOK_TEAM_AGENT_ACCESS_TOKEN` must be a dedicated secret — falling
* back to `ADMIN_PASSWORD`, `SUPABASE_SERVICE_ROLE_KEY`, or any other shared
* credential would let a leak of one secret compromise both authentication
* boundaries (admin login and same-server teammate-agent access). When the
* dedicated variable is missing, this function returns `null` so the calling
* server fails closed — same-server TEAM access is disabled and no header is
* sent — instead of silently authorizing requests with the wrong secret.
*
* @returns Hashed token, or `null` when the dedicated secret is not configured.
*
* @private internal Agents Server access wiring
*/
export declare function resolveTeamInternalAgentAccessToken(): string | null;
/**
* Creates request headers for same-server TEAM calls.
*
* @param options - Target agent URL, local server URL, and resolved access token.
* @returns Header map when the target is same-origin; otherwise an empty map.
*
* @private internal Agents Server access wiring
*/
export declare function createTeamInternalAgentAccessHeaders(options: TeamInternalAgentAccessHeadersOptions): Record<string, string>;
/**
* Checks whether an incoming header carries the current same-server TEAM access token.
*
* @param value - Raw request header value.
* @returns `true` only when the server has a private token and the value matches it.
*
* @private internal Agents Server access wiring
*/
export declare function isTeamInternalAgentAccessToken(value: string | null | undefined): boolean;