feat(arcrun): mira wiki page with tag filter + accumulated WIP
- landing/app/mira/wiki: tag=mira-wiki list now shows all wiki paragraphs (depends on KBDB tag filter exposed in matrix/kbdb commit, separate repo) - landing: app/mira hub + feed split + various WIP from prior sessions - registry/components: claude_api / kbdb_create_block / kbdb_get / km_writer / platform_crypto / auth_oauth2 contracts + main.go (accumulated) - .component-builds: pkg-lock updates + index.ts adjustments (WIP) - .agents/specs/arcrun/frontend-redesign: design notes - docs/test_credentials, docs/user_requirements/arcrun-landing-page: WIP docs - cypher-executor: auth-dispatcher / wasi-shim adjustments (WIP) Includes accumulated work from prior sessions plus the wiki UI tag-filter update that surfaces the AI-generated wiki paragraphs at /mira/wiki. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,80 @@
|
||||
canonical_id: "auth_oauth2"
|
||||
display_name: "Auth Primitive — OAuth2"
|
||||
category: "auth"
|
||||
version: "v1"
|
||||
wasi_target: "preview1"
|
||||
stability: "floating"
|
||||
runtime_compat:
|
||||
- "cf-workers"
|
||||
- "workerd"
|
||||
- "wazero"
|
||||
constraints:
|
||||
max_size_kb: 2048
|
||||
max_cold_start_ms: 200
|
||||
no_network_syscall: false
|
||||
no_filesystem_syscall: true
|
||||
io_model: "stdin_stdout_json"
|
||||
input_schema:
|
||||
type: object
|
||||
required: [action, api_key, service]
|
||||
properties:
|
||||
action:
|
||||
type: string
|
||||
enum: [authenticate, needs_refresh, refresh]
|
||||
description: |
|
||||
authenticate — 用 refresh_token 換 access_token,展開 inject 模板
|
||||
needs_refresh — 檢查 token 是否需要 refresh(expires_at < now+300s)
|
||||
refresh — 強制重新 refresh,更新 CREDENTIALS_KV 中的 access_token/expires_at
|
||||
api_key:
|
||||
type: string
|
||||
description: 租戶識別(ak_ 前綴),用來組 {api_key}:cred:{name} KV key
|
||||
service:
|
||||
type: string
|
||||
description: auth recipe 名稱,對應 auth_recipe:{service} 的 KV 記錄
|
||||
request:
|
||||
type: object
|
||||
description: 下游零件的 HTTP request 上下文(保留,auth_oauth2 當前不使用)
|
||||
output_schema:
|
||||
type: object
|
||||
properties:
|
||||
success:
|
||||
type: boolean
|
||||
needs_refresh:
|
||||
type: boolean
|
||||
description: action=needs_refresh 時有效
|
||||
auth_headers:
|
||||
type: object
|
||||
additionalProperties:
|
||||
type: string
|
||||
auth_query:
|
||||
type: object
|
||||
additionalProperties:
|
||||
type: string
|
||||
auth_body:
|
||||
type: object
|
||||
additionalProperties:
|
||||
type: string
|
||||
runtime:
|
||||
type: object
|
||||
description: 含 access_token(action=authenticate/refresh 時有效)
|
||||
gherkin_tests:
|
||||
- scenario: "缺少 api_key"
|
||||
given: '{"action":"authenticate","service":"google"}'
|
||||
then_contains: '{"success":false'
|
||||
- scenario: "找不到 auth recipe"
|
||||
given: '{"action":"authenticate","api_key":"ak_test","service":"nonexistent_oauth2_svc"}'
|
||||
then_contains: '{"success":false'
|
||||
- scenario: "needs_refresh 無 expires_at"
|
||||
given: '{"action":"needs_refresh","api_key":"ak_test","service":"google"}'
|
||||
then_contains: '"needs_refresh":true'
|
||||
tags: [auth, credential, primitive, oauth2]
|
||||
description: |
|
||||
OAuth2 auth primitive。讀取 auth_recipe(含 token_endpoint、client_id、client_secret)
|
||||
+ 解密 refresh_token + 呼叫 token endpoint 換 access_token + 展開 {{runtime.access_token}}。
|
||||
支援 authenticate / needs_refresh / refresh 三個 action。
|
||||
透過 host function kv_get + crypto_decrypt + http_request,plaintext 永不離開 WASM。
|
||||
config_example: |
|
||||
auth_step:
|
||||
component: "auth_oauth2"
|
||||
action: "authenticate"
|
||||
service: "google_drive" # 對應 auth_recipe:google_drive 的 KV 記錄
|
||||
Reference in New Issue
Block a user