@agent-native/core 0.12.12 → 0.12.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client/settings/SettingsPanel.d.ts.map +1 -1
- package/dist/client/settings/SettingsPanel.js +20 -16
- package/dist/client/settings/SettingsPanel.js.map +1 -1
- package/dist/client/settings/useBuilderStatus.d.ts +7 -7
- package/dist/client/settings/useBuilderStatus.d.ts.map +1 -1
- package/dist/client/settings/useBuilderStatus.js +1 -6
- package/dist/client/settings/useBuilderStatus.js.map +1 -1
- package/dist/server/builder-browser.d.ts +4 -4
- package/dist/server/builder-browser.d.ts.map +1 -1
- package/dist/server/builder-browser.js +1 -0
- package/dist/server/builder-browser.js.map +1 -1
- package/dist/server/core-routes-plugin.d.ts.map +1 -1
- package/dist/server/core-routes-plugin.js +33 -59
- package/dist/server/core-routes-plugin.js.map +1 -1
- package/dist/server/credential-provider.d.ts +20 -14
- package/dist/server/credential-provider.d.ts.map +1 -1
- package/dist/server/credential-provider.js +32 -45
- package/dist/server/credential-provider.js.map +1 -1
- package/dist/transcription/builder-transcription.d.ts.map +1 -1
- package/dist/transcription/builder-transcription.js +10 -3
- package/dist/transcription/builder-transcription.js.map +1 -1
- package/package.json +1 -1
|
@@ -2,12 +2,12 @@ export interface BuilderStatus {
|
|
|
2
2
|
configured: boolean;
|
|
3
3
|
builderEnabled: boolean;
|
|
4
4
|
/**
|
|
5
|
-
* True when `BUILDER_PRIVATE_KEY` is set at the deploy level.
|
|
6
|
-
*
|
|
7
|
-
*
|
|
8
|
-
* disconnect buttons when this is true.
|
|
5
|
+
* True when `BUILDER_PRIVATE_KEY` is set at the deploy level. This is a
|
|
6
|
+
* fallback credential; per-user/org Builder connections are still allowed
|
|
7
|
+
* and take precedence for that request.
|
|
9
8
|
*/
|
|
10
9
|
envManaged?: boolean;
|
|
10
|
+
credentialSource?: "user" | "org" | "env";
|
|
11
11
|
connectUrl: string;
|
|
12
12
|
appHost: string;
|
|
13
13
|
apiHost: string;
|
|
@@ -48,9 +48,9 @@ export interface BuilderConnectFlowOptions {
|
|
|
48
48
|
export interface BuilderConnectFlow {
|
|
49
49
|
configured: boolean;
|
|
50
50
|
/**
|
|
51
|
-
* True when the deploy has BUILDER_PRIVATE_KEY set
|
|
52
|
-
*
|
|
53
|
-
*
|
|
51
|
+
* True when the deploy has BUILDER_PRIVATE_KEY set as a fallback. Connect
|
|
52
|
+
* is still available so users can override the fallback with their own
|
|
53
|
+
* Builder account.
|
|
54
54
|
*/
|
|
55
55
|
envManaged: boolean;
|
|
56
56
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useBuilderStatus.d.ts","sourceRoot":"","sources":["../../../src/client/settings/useBuilderStatus.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB
|
|
1
|
+
{"version":3,"file":"useBuilderStatus.d.ts","sourceRoot":"","sources":["../../../src/client/settings/useBuilderStatus.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,yBAAyB,CAAC,EAAE,OAAO,CAAC;IACpC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,YAAY,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;CAChD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB;;;;EA4C/B;AAkBD,MAAM,WAAW,yBAAyB;IACxC,0EAA0E;IAC1E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mEAAmE;IACnE,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE;QAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3E;AAED,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,OAAO,CAAC;IACpB;;;;OAIG;IACH,UAAU,EAAE,OAAO,CAAC;IACpB;;;;OAIG;IACH,cAAc,EAAE,OAAO,CAAC;IACxB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,UAAU,EAAE,OAAO,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB;;;;;;;OAOG;IACH,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oFAAoF;IACpF,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB;AAcD,wBAAgB,qBAAqB,CACnC,IAAI,GAAE,yBAA8B,GACnC,kBAAkB,CAoOpB"}
|
|
@@ -152,11 +152,6 @@ export function useBuilderConnectFlow(opts = {}) {
|
|
|
152
152
|
};
|
|
153
153
|
}, [fetchStatus, stopPoll]);
|
|
154
154
|
const start = useCallback(() => {
|
|
155
|
-
// In env-managed mode, per-user OAuth is disabled — `/builder/connect`
|
|
156
|
-
// returns 409. Skip the popup and just refresh state so the UI flips
|
|
157
|
-
// to its "connected via deployment" rendering.
|
|
158
|
-
if (envManaged)
|
|
159
|
-
return;
|
|
160
155
|
stopPoll();
|
|
161
156
|
setConnecting(true);
|
|
162
157
|
setError(null);
|
|
@@ -222,7 +217,7 @@ export function useBuilderConnectFlow(opts = {}) {
|
|
|
222
217
|
setError("Didn't hear back from Builder in 5 minutes. Allow popups and try again.");
|
|
223
218
|
}
|
|
224
219
|
}, POLL_INTERVAL_MS);
|
|
225
|
-
}, [
|
|
220
|
+
}, [fetchStatus, popupUrl, statusConnectUrl, stopPoll]);
|
|
226
221
|
// Popup-side fast path: the error page broadcasts a message so we stop
|
|
227
222
|
// polling immediately rather than waiting for the next 2s tick.
|
|
228
223
|
//
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"useBuilderStatus.js","sourceRoot":"","sources":["../../../src/client/settings/useBuilderStatus.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AA8BhD;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,QAAQ,CAAuB,IAAI,CAAC,CAAC;IACjE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAE7C,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACzC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,eAAe,CAAC,+BAA+B,CAAC,CAAC,CAAC;YAC1E,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,SAAS,CAAC,IAAI,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YACD,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,CAAC,IAAI,CAAC,CAAC;QAClB,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,SAAS,CAAC,GAAG,EAAE;QACb,WAAW,EAAE,CAAC;QAEd,SAAS,OAAO;YACd,WAAW,EAAE,CAAC;QAChB,CAAC;QACD,SAAS,YAAY;YACnB,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS;gBAAE,WAAW,EAAE,CAAC;QAC5D,CAAC;QACD,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC1C,QAAQ,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;QAC5D,yEAAyE;QACzE,wEAAwE;QACxE,MAAM,CAAC,gBAAgB,CAAC,iCAAiC,EAAE,WAAW,CAAC,CAAC;QACxE,OAAO,GAAG,EAAE;YACV,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC7C,QAAQ,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;YAC/D,MAAM,CAAC,mBAAmB,CACxB,iCAAiC,EACjC,WAAW,CACZ,CAAC;QACJ,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;IAElB,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;AACnD,CAAC;AAuDD,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAC9B,MAAM,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtC,SAAS,kCAAkC,CAAC,MAAc;IACxD,IAAI,OAAO,MAAM,KAAK,WAAW;QAAE,OAAO;IAC1C,MAAM,CAAC,aAAa,CAClB,IAAI,WAAW,CAAC,iCAAiC,EAAE;QACjD,MAAM,EAAE,EAAE,MAAM,EAAE;KACnB,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,OAAkC,EAAE;IAEpC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;IACvC,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACpD,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACpD,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5D,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IAC5D,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACpD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IACxD,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChE,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IAC9E,wEAAwE;IACxE,sEAAsE;IACtE,oEAAoE;IACpE,sEAAsE;IACtE,MAAM,qBAAqB,GAAG,MAAM,CAAgB,IAAI,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,MAAM,CAAwC,IAAI,CAAC,CAAC;IACpE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,oBAAoB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3C,0EAA0E;IAC1E,0CAA0C;IAC1C,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;IAC3C,cAAc,CAAC,OAAO,GAAG,WAAW,CAAC;IAErC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,EAAE;QAChC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC/B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;QACzB,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACzC,MAAM,MAAM,GAAG,iBAAiB,EAAE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC7D,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,MAAM,KAAK,CACnB,IAAI,GAAG,CAAC,eAAe,CAAC,+BAA+B,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CACvE,CAAC;YACF,IAAI,CAAC,CAAC,CAAC,EAAE;gBAAE,OAAO,IAAI,CAAC;YACvB,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAOrB,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,wEAAwE;IACxE,wEAAwE;IACxE,wEAAwE;IACxE,qEAAqE;IACrE,oDAAoD;IACpD,SAAS,CAAC,GAAG,EAAE;QACb,UAAU,CAAC,OAAO,GAAG,IAAI,CAAC;QAC1B,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,MAAM,OAAO,GAAG,KAAK,IAAI,EAAE;YACzB,MAAM,CAAC,GAAG,MAAM,WAAW,EAAE,CAAC;YAC9B,IAAI,SAAS,IAAI,CAAC,UAAU,CAAC,OAAO;gBAAE,OAAO;YAC7C,oEAAoE;YACpE,oEAAoE;YACpE,iEAAiE;YACjE,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAC1B,IAAI,CAAC,CAAC;gBAAE,OAAO;YACf,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;YAC9B,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;YAC9B,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;YACtC,mBAAmB,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC;YAC1C,qBAAqB,CAAC,OAAO,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YACjE,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC;YAC9B,UAAU,CAAC,GAAG,CAAC,CAAC;YAChB,IAAI,CAAC,CAAC,UAAU,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,CAAC;gBAClD,oBAAoB,CAAC,OAAO,GAAG,IAAI,CAAC;gBACpC,kCAAkC,CAAC,gBAAgB,CAAC,CAAC;gBACrD,IAAI,CAAC;oBACH,MAAM,cAAc,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;gBACnD,CAAC;gBAAC,MAAM,CAAC;oBACP,oEAAoE;gBACtE,CAAC;YACH,CAAC;iBAAM,IAAI,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC;gBACzB,oBAAoB,CAAC,OAAO,GAAG,KAAK,CAAC;YACvC,CAAC;QACH,CAAC,CAAC;QACF,OAAO,EAAE,CAAC;QACV,MAAM,SAAS,GAAG,GAAG,EAAE;YACrB,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS;gBAAE,OAAO,EAAE,CAAC;QACxD,CAAC,CAAC;QACF,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC1C,QAAQ,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;QACzD,MAAM,CAAC,gBAAgB,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;QACpE,OAAO,GAAG,EAAE;YACV,SAAS,GAAG,IAAI,CAAC;YACjB,UAAU,CAAC,OAAO,GAAG,KAAK,CAAC;YAC3B,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC7C,QAAQ,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;YAC5D,MAAM,CAAC,mBAAmB,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;YACvE,QAAQ,EAAE,CAAC;QACb,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE5B,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE;QAC7B,uEAAuE;QACvE,qEAAqE;QACrE,+CAA+C;QAC/C,IAAI,UAAU;YAAE,OAAO;QACvB,QAAQ,EAAE,CAAC;QACX,aAAa,CAAC,IAAI,CAAC,CAAC;QACpB,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEf,mEAAmE;QACnE,sEAAsE;QACtE,wEAAwE;QACxE,MAAM,MAAM,GAAG,iBAAiB,EAAE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC7D,wEAAwE;QACxE,wEAAwE;QACxE,yEAAyE;QACzE,yDAAyD;QACzD,MAAM,yBAAyB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAChD,MAAM,QAAQ,GAAG,qBAAqB,CAAC,OAAO,CAAC;QAC/C,MAAM,WAAW,GACf,OAAO,QAAQ,KAAK,QAAQ;YAC5B,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,GAAG,yBAAyB,CAAC;QACpD,MAAM,GAAG,GACP,CAAC,WAAW,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC;YACvC,QAAQ;YACR,IAAI,GAAG,CAAC,eAAe,CAAC,gCAAgC,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC;QAC1E,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,8DAA8D;YAC9D,4BAA4B;QAC9B,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC3B,OAAO,CAAC,OAAO,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;YACvC,MAAM,CAAC,GAAG,MAAM,WAAW,EAAE,CAAC;YAC9B,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACxB,QAAQ,EAAE,CAAC;gBACX,OAAO;YACT,CAAC;YACD,IAAI,CAAC,EAAE,UAAU,EAAE,CAAC;gBAClB,QAAQ,EAAE,CAAC;gBACX,aAAa,CAAC,IAAI,CAAC,CAAC;gBACpB,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;gBAC9B,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;gBACtC,mBAAmB,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC;gBAC1C,qBAAqB,CAAC,OAAO,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;gBACjE,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC;gBAC9B,UAAU,CAAC,GAAG,CAAC,CAAC;gBAChB,aAAa,CAAC,KAAK,CAAC,CAAC;gBACrB,oBAAoB,CAAC,OAAO,GAAG,IAAI,CAAC;gBACpC,kCAAkC,CAAC,iBAAiB,CAAC,CAAC;gBACtD,IAAI,CAAC;oBACH,MAAM,cAAc,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;gBACnD,CAAC;gBAAC,MAAM,CAAC;oBACP,iEAAiE;oBACjE,qDAAqD;gBACvD,CAAC;YACH,CAAC;iBAAM,IAAI,CAAC,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;gBACpC,qEAAqE;gBACrE,qEAAqE;gBACrE,QAAQ,EAAE,CAAC;gBACX,aAAa,CAAC,KAAK,CAAC,CAAC;gBACrB,QAAQ,CACN,sCAAsC,CAAC,CAAC,YAAY,CAAC,OAAO,iCAAiC,CAC9F,CAAC;YACJ,CAAC;iBAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,GAAG,eAAe,EAAE,CAAC;gBAClD,QAAQ,EAAE,CAAC;gBACX,aAAa,CAAC,KAAK,CAAC,CAAC;gBACrB,QAAQ,CACN,yEAAyE,CAC1E,CAAC;YACJ,CAAC;QACH,CAAC,EAAE,gBAAgB,CAAC,CAAC;IACvB,CAAC,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEpE,uEAAuE;IACvE,gEAAgE;IAChE,EAAE;IACF,0EAA0E;IAC1E,wEAAwE;IACxE,0EAA0E;IAC1E,iFAAiF;IACjF,8CAA8C;IAC9C,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,GAA4B,IAAI,CAAC;QAC5C,MAAM,WAAW,GAAG,CAAC,OAAe,EAAE,EAAE;YACtC,QAAQ,EAAE,CAAC;YACX,aAAa,CAAC,KAAK,CAAC,CAAC;YACrB,QAAQ,CAAC,sCAAsC,OAAO,GAAG,CAAC,CAAC;QAC7D,CAAC,CAAC;QAEF,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,gBAAgB,CAAC,mBAAmB,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1E,OAAO,CAAC,SAAS,GAAG,CAAC,CAAe,EAAE,EAAE;gBACtC,MAAM,IAAI,GAAG,CAAC,CAAC,IAAuD,CAAC;gBACvE,IAAI,IAAI,EAAE,IAAI,KAAK,uBAAuB;oBAAE,OAAO;gBACnD,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,OAAO;oBAAE,OAAO;gBAC9D,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5B,CAAC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,4EAA4E;QAC9E,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,CAAe,EAAE,EAAE;YAClC,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM;gBAAE,OAAO;YAChD,MAAM,IAAI,GAAG,CAAC,CAAC,IAAuD,CAAC;YACvE,IAAI,IAAI,EAAE,IAAI,KAAK,uBAAuB;gBAAE,OAAO;YACnD,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,OAAO;gBAAE,OAAO;YAC9D,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC,CAAC;QACF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAE5C,OAAO,GAAG,EAAE;YACV,OAAO,EAAE,KAAK,EAAE,CAAC;YACjB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEf,OAAO;QACL,UAAU;QACV,UAAU;QACV,cAAc;QACd,OAAO;QACP,UAAU;QACV,KAAK;QACL,gBAAgB;QAChB,KAAK;KACN,CAAC;AACJ,CAAC","sourcesContent":["import { agentNativePath } from \"../api-path.js\";\nimport { useState, useEffect, useCallback, useRef } from \"react\";\nimport { getCallbackOrigin } from \"../frame.js\";\n\nexport interface BuilderStatus {\n configured: boolean;\n builderEnabled: boolean;\n /**\n * True when `BUILDER_PRIVATE_KEY` is set at the deploy level. Every user\n * of this deploy shares the operator's Builder identity and per-user\n * connect/disconnect is disabled. UIs must hide connect prompts and\n * disconnect buttons when this is true.\n */\n envManaged?: boolean;\n connectUrl: string;\n appHost: string;\n apiHost: string;\n branchProjectIdConfigured?: boolean;\n branchProjectId?: string;\n publicKeyConfigured: boolean;\n privateKeyConfigured: boolean;\n userId?: string;\n orgName?: string;\n orgKind?: string;\n /**\n * Set when the OAuth callback ran but failed to persist credentials.\n * Surfaced as a one-shot row by the server so the connect-flow polling\n * can stop with a clear message instead of timing out at 5min.\n */\n connectError?: { message: string; at: number };\n}\n\n/**\n * Fetches Builder connection status from /_agent-native/builder/status.\n * Re-fetches on window focus to detect post-redirect state changes.\n */\nexport function useBuilderStatus() {\n const [status, setStatus] = useState<BuilderStatus | null>(null);\n const [loading, setLoading] = useState(true);\n\n const fetchStatus = useCallback(async () => {\n try {\n const res = await fetch(agentNativePath(\"/_agent-native/builder/status\"));\n if (!res.ok) {\n setStatus(null);\n return;\n }\n setStatus(await res.json());\n } catch {\n setStatus(null);\n } finally {\n setLoading(false);\n }\n }, []);\n\n useEffect(() => {\n fetchStatus();\n\n function onFocus() {\n fetchStatus();\n }\n function onVisibility() {\n if (document.visibilityState === \"visible\") fetchStatus();\n }\n window.addEventListener(\"focus\", onFocus);\n document.addEventListener(\"visibilitychange\", onVisibility);\n // Engine connect/disconnect actions (e.g. the Builder disconnect button)\n // dispatch this event so dependent cards refresh without a full reload.\n window.addEventListener(\"agent-engine:configured-changed\", fetchStatus);\n return () => {\n window.removeEventListener(\"focus\", onFocus);\n document.removeEventListener(\"visibilitychange\", onVisibility);\n window.removeEventListener(\n \"agent-engine:configured-changed\",\n fetchStatus,\n );\n };\n }, [fetchStatus]);\n\n return { status, loading, refetch: fetchStatus };\n}\n\n// ─── useBuilderConnectFlow ──────────────────────────────────────────────────\n//\n// Shared state machine for the \"open Builder CLI-auth popup + poll\n// /builder/status until credentials land\" interaction. Replaces three\n// near-duplicate inline implementations: `BuilderCliAuthMethod` in\n// OnboardingPanel, `ConnectBuilderCard`, and `BuilderConnectCta` in\n// AssistantChat. Each consumer supplies its own popup URL / completion\n// behavior; the hook owns the polling + timeout + focus refresh.\n//\n// `popupUrl` is what we pass to `window.open`. The default\n// `/_agent-native/builder/connect` is a server-side 302 to the real\n// cli-auth URL — using it keeps the click handler synchronous so popup\n// blockers don't downgrade the open to same-tab navigation. Pass an\n// explicit `popupUrl` (e.g. the already-computed cli-auth URL) if your\n// caller already has it in hand.\n\nexport interface BuilderConnectFlowOptions {\n /** URL to synchronously open on start(). Defaults to the 302 shortcut. */\n popupUrl?: string;\n /** Invoked after the status poll first sees `configured: true`. */\n onConnected?: (state: { orgName: string | null }) => void | Promise<void>;\n}\n\nexport interface BuilderConnectFlow {\n configured: boolean;\n /**\n * True when the deploy has BUILDER_PRIVATE_KEY set. UIs should treat\n * Builder as connected for everyone in this mode and hide all connect /\n * disconnect controls — `start()` will be a no-op.\n */\n envManaged: boolean;\n /**\n * True when the server has a Builder branch project configured for this\n * request. When false, the card surfaces a waitlist CTA instead of a Send\n * button.\n */\n builderEnabled: boolean;\n orgName: string | null;\n connecting: boolean;\n error: string | null;\n /**\n * True once the first `/builder/status` fetch has completed (successfully\n * or not). Consumers that accept an `initialConfigured` prop (e.g. agent\n * tool-call results rendered with server-side state) should treat\n * `configured`/`orgName` as authoritative only once this flips true —\n * otherwise the hook's starting `false` defaults would cause a flash\n * back to \"Connect Builder\" on first paint.\n */\n hasFetchedStatus: boolean;\n /** Open the popup and begin polling. Must be called from a user-gesture handler. */\n start: () => void;\n}\n\nconst POLL_INTERVAL_MS = 2000;\nconst POLL_TIMEOUT_MS = 5 * 60 * 1000;\n\nfunction notifyAgentEngineConfiguredChanged(source: string) {\n if (typeof window === \"undefined\") return;\n window.dispatchEvent(\n new CustomEvent(\"agent-engine:configured-changed\", {\n detail: { source },\n }),\n );\n}\n\nexport function useBuilderConnectFlow(\n opts: BuilderConnectFlowOptions = {},\n): BuilderConnectFlow {\n const { popupUrl, onConnected } = opts;\n const [configured, setConfigured] = useState(false);\n const [envManaged, setEnvManaged] = useState(false);\n const [builderEnabled, setBuilderEnabled] = useState(false);\n const [orgName, setOrgName] = useState<string | null>(null);\n const [connecting, setConnecting] = useState(false);\n const [error, setError] = useState<string | null>(null);\n const [hasFetchedStatus, setHasFetchedStatus] = useState(false);\n const [statusConnectUrl, setStatusConnectUrl] = useState<string | null>(null);\n // When statusConnectUrl was last fetched. The server signs the embedded\n // _an_connect token with a 10-minute TTL; using an older URL silently\n // fails the same-origin check on the popup side. Track freshness so\n // start() can fall back to the bare /builder/connect path when stale.\n const statusConnectUrlAtRef = useRef<number | null>(null);\n const pollRef = useRef<ReturnType<typeof setInterval> | null>(null);\n const mountedRef = useRef(true);\n const notifiedConnectedRef = useRef(false);\n // Keep onConnected in a ref so start() doesn't need to re-create when the\n // caller passes an inline arrow function.\n const onConnectedRef = useRef(onConnected);\n onConnectedRef.current = onConnected;\n\n const stopPoll = useCallback(() => {\n if (pollRef.current) {\n clearInterval(pollRef.current);\n pollRef.current = null;\n }\n }, []);\n\n const fetchStatus = useCallback(async () => {\n const origin = getCallbackOrigin() || window.location.origin;\n try {\n const r = await fetch(\n new URL(agentNativePath(\"/_agent-native/builder/status\"), origin).href,\n );\n if (!r.ok) return null;\n return (await r.json()) as {\n configured: boolean;\n envManaged?: boolean;\n builderEnabled?: boolean;\n orgName?: string | null;\n connectUrl?: string;\n connectError?: { message: string; at: number };\n };\n } catch {\n return null;\n }\n }, []);\n\n // Initial fetch + focus/visibility refresh so if the user completed the\n // flow in another tab (or a downgraded same-tab nav) we notice it. Also\n // listen for `agent-engine:configured-changed` so a Disconnect click in\n // Settings propagates to any connect-CTA cards rendered elsewhere in\n // the app without waiting for the next focus event.\n useEffect(() => {\n mountedRef.current = true;\n let cancelled = false;\n const refresh = async () => {\n const s = await fetchStatus();\n if (cancelled || !mountedRef.current) return;\n // Flip `hasFetchedStatus` even when the fetch failed — the caller's\n // \"use initial props until the hook has an answer\" pattern wants to\n // stop waiting after we've tried, regardless of network outcome.\n setHasFetchedStatus(true);\n if (!s) return;\n setConfigured(!!s.configured);\n setEnvManaged(!!s.envManaged);\n setBuilderEnabled(!!s.builderEnabled);\n setStatusConnectUrl(s.connectUrl ?? null);\n statusConnectUrlAtRef.current = s.connectUrl ? Date.now() : null;\n const org = s.orgName ?? null;\n setOrgName(org);\n if (s.configured && !notifiedConnectedRef.current) {\n notifiedConnectedRef.current = true;\n notifyAgentEngineConfiguredChanged(\"builder-status\");\n try {\n await onConnectedRef.current?.({ orgName: org });\n } catch {\n // The caller's callback is a UI convenience; status is already set.\n }\n } else if (!s.configured) {\n notifiedConnectedRef.current = false;\n }\n };\n refresh();\n const onVisible = () => {\n if (document.visibilityState === \"visible\") refresh();\n };\n window.addEventListener(\"focus\", refresh);\n document.addEventListener(\"visibilitychange\", onVisible);\n window.addEventListener(\"agent-engine:configured-changed\", refresh);\n return () => {\n cancelled = true;\n mountedRef.current = false;\n window.removeEventListener(\"focus\", refresh);\n document.removeEventListener(\"visibilitychange\", onVisible);\n window.removeEventListener(\"agent-engine:configured-changed\", refresh);\n stopPoll();\n };\n }, [fetchStatus, stopPoll]);\n\n const start = useCallback(() => {\n // In env-managed mode, per-user OAuth is disabled — `/builder/connect`\n // returns 409. Skip the popup and just refresh state so the UI flips\n // to its \"connected via deployment\" rendering.\n if (envManaged) return;\n stopPoll();\n setConnecting(true);\n setError(null);\n\n // Open SYNCHRONOUSLY inside the caller's click handler — any await\n // before window.open lets the user-gesture token expire, which causes\n // popup blockers to block entirely or fall back to same-tab navigation.\n const origin = getCallbackOrigin() || window.location.origin;\n // The signed _an_connect token in statusConnectUrl has a 10-minute TTL.\n // If the panel has been open longer than that the token is dead and the\n // popup will silently 403; drop the cached URL and let the bare /connect\n // route do the same-origin Sec-Fetch-Site check instead.\n const STATUS_CONNECT_URL_TTL_MS = 9 * 60 * 1000;\n const cachedAt = statusConnectUrlAtRef.current;\n const cachedFresh =\n typeof cachedAt === \"number\" &&\n Date.now() - cachedAt < STATUS_CONNECT_URL_TTL_MS;\n const url =\n (cachedFresh ? statusConnectUrl : null) ??\n popupUrl ??\n new URL(agentNativePath(\"/_agent-native/builder/connect\"), origin).href;\n try {\n window.open(url, \"_blank\", \"noopener,noreferrer\");\n } catch {\n // Fall through — polling still detects completion if the user\n // opens the URL themselves.\n }\n\n const started = Date.now();\n pollRef.current = setInterval(async () => {\n const s = await fetchStatus();\n if (!mountedRef.current) {\n stopPoll();\n return;\n }\n if (s?.configured) {\n stopPoll();\n setConfigured(true);\n setEnvManaged(!!s.envManaged);\n setBuilderEnabled(!!s.builderEnabled);\n setStatusConnectUrl(s.connectUrl ?? null);\n statusConnectUrlAtRef.current = s.connectUrl ? Date.now() : null;\n const org = s.orgName ?? null;\n setOrgName(org);\n setConnecting(false);\n notifiedConnectedRef.current = true;\n notifyAgentEngineConfiguredChanged(\"builder-connect\");\n try {\n await onConnectedRef.current?.({ orgName: org });\n } catch {\n // Consumer's callback failed; we've already flipped the UI state\n // to connected. Swallow so we don't re-arm the flow.\n }\n } else if (s?.connectError?.message) {\n // OAuth callback ran but writeBuilderCredentials threw — surface the\n // real error instead of letting the user wait 5 minutes for timeout.\n stopPoll();\n setConnecting(false);\n setError(\n `Couldn't save Builder credentials: ${s.connectError.message}. Try again or contact support.`,\n );\n } else if (Date.now() - started > POLL_TIMEOUT_MS) {\n stopPoll();\n setConnecting(false);\n setError(\n \"Didn't hear back from Builder in 5 minutes. Allow popups and try again.\",\n );\n }\n }, POLL_INTERVAL_MS);\n }, [envManaged, fetchStatus, popupUrl, statusConnectUrl, stopPoll]);\n\n // Popup-side fast path: the error page broadcasts a message so we stop\n // polling immediately rather than waiting for the next 2s tick.\n //\n // We listen on BroadcastChannel (same-origin, works with noopener popups)\n // AND on window.message (legacy path for environments without BC or for\n // popups that still have opener access). Both paths are safe to have open\n // simultaneously \\u2014 the first one to fire wins and the error is deduplicated\n // by the stopPoll() call which is idempotent.\n useEffect(() => {\n let channel: BroadcastChannel | null = null;\n const handleError = (message: string) => {\n stopPoll();\n setConnecting(false);\n setError(`Couldn't save Builder credentials: ${message}.`);\n };\n\n try {\n channel = new BroadcastChannel(`builder-connect:${window.location.host}`);\n channel.onmessage = (e: MessageEvent) => {\n const data = e.data as { type?: string; message?: string } | undefined;\n if (data?.type !== \"builder-connect-error\") return;\n if (typeof data.message !== \"string\" || !data.message) return;\n handleError(data.message);\n };\n } catch {\n // BroadcastChannel not available (rare) \\u2014 fall through to postMessage.\n }\n\n const handler = (e: MessageEvent) => {\n if (e.origin !== window.location.origin) return;\n const data = e.data as { type?: string; message?: string } | undefined;\n if (data?.type !== \"builder-connect-error\") return;\n if (typeof data.message !== \"string\" || !data.message) return;\n handleError(data.message);\n };\n window.addEventListener(\"message\", handler);\n\n return () => {\n channel?.close();\n window.removeEventListener(\"message\", handler);\n };\n }, [stopPoll]);\n\n return {\n configured,\n envManaged,\n builderEnabled,\n orgName,\n connecting,\n error,\n hasFetchedStatus,\n start,\n };\n}\n"]}
|
|
1
|
+
{"version":3,"file":"useBuilderStatus.js","sourceRoot":"","sources":["../../../src/client/settings/useBuilderStatus.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AA8BhD;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,QAAQ,CAAuB,IAAI,CAAC,CAAC;IACjE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAE7C,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACzC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,eAAe,CAAC,+BAA+B,CAAC,CAAC,CAAC;YAC1E,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,SAAS,CAAC,IAAI,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YACD,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,CAAC,IAAI,CAAC,CAAC;QAClB,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,SAAS,CAAC,GAAG,EAAE;QACb,WAAW,EAAE,CAAC;QAEd,SAAS,OAAO;YACd,WAAW,EAAE,CAAC;QAChB,CAAC;QACD,SAAS,YAAY;YACnB,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS;gBAAE,WAAW,EAAE,CAAC;QAC5D,CAAC;QACD,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC1C,QAAQ,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;QAC5D,yEAAyE;QACzE,wEAAwE;QACxE,MAAM,CAAC,gBAAgB,CAAC,iCAAiC,EAAE,WAAW,CAAC,CAAC;QACxE,OAAO,GAAG,EAAE;YACV,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC7C,QAAQ,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;YAC/D,MAAM,CAAC,mBAAmB,CACxB,iCAAiC,EACjC,WAAW,CACZ,CAAC;QACJ,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;IAElB,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;AACnD,CAAC;AAuDD,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAC9B,MAAM,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtC,SAAS,kCAAkC,CAAC,MAAc;IACxD,IAAI,OAAO,MAAM,KAAK,WAAW;QAAE,OAAO;IAC1C,MAAM,CAAC,aAAa,CAClB,IAAI,WAAW,CAAC,iCAAiC,EAAE;QACjD,MAAM,EAAE,EAAE,MAAM,EAAE;KACnB,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,OAAkC,EAAE;IAEpC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;IACvC,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACpD,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACpD,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5D,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IAC5D,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACpD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IACxD,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChE,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IAC9E,wEAAwE;IACxE,sEAAsE;IACtE,oEAAoE;IACpE,sEAAsE;IACtE,MAAM,qBAAqB,GAAG,MAAM,CAAgB,IAAI,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,MAAM,CAAwC,IAAI,CAAC,CAAC;IACpE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,oBAAoB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3C,0EAA0E;IAC1E,0CAA0C;IAC1C,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;IAC3C,cAAc,CAAC,OAAO,GAAG,WAAW,CAAC;IAErC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,EAAE;QAChC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC/B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;QACzB,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACzC,MAAM,MAAM,GAAG,iBAAiB,EAAE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC7D,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,MAAM,KAAK,CACnB,IAAI,GAAG,CAAC,eAAe,CAAC,+BAA+B,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CACvE,CAAC;YACF,IAAI,CAAC,CAAC,CAAC,EAAE;gBAAE,OAAO,IAAI,CAAC;YACvB,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAQrB,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,wEAAwE;IACxE,wEAAwE;IACxE,wEAAwE;IACxE,qEAAqE;IACrE,oDAAoD;IACpD,SAAS,CAAC,GAAG,EAAE;QACb,UAAU,CAAC,OAAO,GAAG,IAAI,CAAC;QAC1B,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,MAAM,OAAO,GAAG,KAAK,IAAI,EAAE;YACzB,MAAM,CAAC,GAAG,MAAM,WAAW,EAAE,CAAC;YAC9B,IAAI,SAAS,IAAI,CAAC,UAAU,CAAC,OAAO;gBAAE,OAAO;YAC7C,oEAAoE;YACpE,oEAAoE;YACpE,iEAAiE;YACjE,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAC1B,IAAI,CAAC,CAAC;gBAAE,OAAO;YACf,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;YAC9B,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;YAC9B,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;YACtC,mBAAmB,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC;YAC1C,qBAAqB,CAAC,OAAO,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YACjE,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC;YAC9B,UAAU,CAAC,GAAG,CAAC,CAAC;YAChB,IAAI,CAAC,CAAC,UAAU,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,CAAC;gBAClD,oBAAoB,CAAC,OAAO,GAAG,IAAI,CAAC;gBACpC,kCAAkC,CAAC,gBAAgB,CAAC,CAAC;gBACrD,IAAI,CAAC;oBACH,MAAM,cAAc,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;gBACnD,CAAC;gBAAC,MAAM,CAAC;oBACP,oEAAoE;gBACtE,CAAC;YACH,CAAC;iBAAM,IAAI,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC;gBACzB,oBAAoB,CAAC,OAAO,GAAG,KAAK,CAAC;YACvC,CAAC;QACH,CAAC,CAAC;QACF,OAAO,EAAE,CAAC;QACV,MAAM,SAAS,GAAG,GAAG,EAAE;YACrB,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS;gBAAE,OAAO,EAAE,CAAC;QACxD,CAAC,CAAC;QACF,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC1C,QAAQ,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;QACzD,MAAM,CAAC,gBAAgB,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;QACpE,OAAO,GAAG,EAAE;YACV,SAAS,GAAG,IAAI,CAAC;YACjB,UAAU,CAAC,OAAO,GAAG,KAAK,CAAC;YAC3B,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC7C,QAAQ,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;YAC5D,MAAM,CAAC,mBAAmB,CAAC,iCAAiC,EAAE,OAAO,CAAC,CAAC;YACvE,QAAQ,EAAE,CAAC;QACb,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE5B,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE;QAC7B,QAAQ,EAAE,CAAC;QACX,aAAa,CAAC,IAAI,CAAC,CAAC;QACpB,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEf,mEAAmE;QACnE,sEAAsE;QACtE,wEAAwE;QACxE,MAAM,MAAM,GAAG,iBAAiB,EAAE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC7D,wEAAwE;QACxE,wEAAwE;QACxE,yEAAyE;QACzE,yDAAyD;QACzD,MAAM,yBAAyB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAChD,MAAM,QAAQ,GAAG,qBAAqB,CAAC,OAAO,CAAC;QAC/C,MAAM,WAAW,GACf,OAAO,QAAQ,KAAK,QAAQ;YAC5B,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,GAAG,yBAAyB,CAAC;QACpD,MAAM,GAAG,GACP,CAAC,WAAW,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC;YACvC,QAAQ;YACR,IAAI,GAAG,CAAC,eAAe,CAAC,gCAAgC,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC;QAC1E,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,8DAA8D;YAC9D,4BAA4B;QAC9B,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC3B,OAAO,CAAC,OAAO,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;YACvC,MAAM,CAAC,GAAG,MAAM,WAAW,EAAE,CAAC;YAC9B,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACxB,QAAQ,EAAE,CAAC;gBACX,OAAO;YACT,CAAC;YACD,IAAI,CAAC,EAAE,UAAU,EAAE,CAAC;gBAClB,QAAQ,EAAE,CAAC;gBACX,aAAa,CAAC,IAAI,CAAC,CAAC;gBACpB,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;gBAC9B,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;gBACtC,mBAAmB,CAAC,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC;gBAC1C,qBAAqB,CAAC,OAAO,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;gBACjE,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC;gBAC9B,UAAU,CAAC,GAAG,CAAC,CAAC;gBAChB,aAAa,CAAC,KAAK,CAAC,CAAC;gBACrB,oBAAoB,CAAC,OAAO,GAAG,IAAI,CAAC;gBACpC,kCAAkC,CAAC,iBAAiB,CAAC,CAAC;gBACtD,IAAI,CAAC;oBACH,MAAM,cAAc,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;gBACnD,CAAC;gBAAC,MAAM,CAAC;oBACP,iEAAiE;oBACjE,qDAAqD;gBACvD,CAAC;YACH,CAAC;iBAAM,IAAI,CAAC,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;gBACpC,qEAAqE;gBACrE,qEAAqE;gBACrE,QAAQ,EAAE,CAAC;gBACX,aAAa,CAAC,KAAK,CAAC,CAAC;gBACrB,QAAQ,CACN,sCAAsC,CAAC,CAAC,YAAY,CAAC,OAAO,iCAAiC,CAC9F,CAAC;YACJ,CAAC;iBAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,GAAG,eAAe,EAAE,CAAC;gBAClD,QAAQ,EAAE,CAAC;gBACX,aAAa,CAAC,KAAK,CAAC,CAAC;gBACrB,QAAQ,CACN,yEAAyE,CAC1E,CAAC;YACJ,CAAC;QACH,CAAC,EAAE,gBAAgB,CAAC,CAAC;IACvB,CAAC,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,CAAC,CAAC,CAAC;IAExD,uEAAuE;IACvE,gEAAgE;IAChE,EAAE;IACF,0EAA0E;IAC1E,wEAAwE;IACxE,0EAA0E;IAC1E,iFAAiF;IACjF,8CAA8C;IAC9C,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,GAA4B,IAAI,CAAC;QAC5C,MAAM,WAAW,GAAG,CAAC,OAAe,EAAE,EAAE;YACtC,QAAQ,EAAE,CAAC;YACX,aAAa,CAAC,KAAK,CAAC,CAAC;YACrB,QAAQ,CAAC,sCAAsC,OAAO,GAAG,CAAC,CAAC;QAC7D,CAAC,CAAC;QAEF,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,gBAAgB,CAAC,mBAAmB,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1E,OAAO,CAAC,SAAS,GAAG,CAAC,CAAe,EAAE,EAAE;gBACtC,MAAM,IAAI,GAAG,CAAC,CAAC,IAAuD,CAAC;gBACvE,IAAI,IAAI,EAAE,IAAI,KAAK,uBAAuB;oBAAE,OAAO;gBACnD,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,OAAO;oBAAE,OAAO;gBAC9D,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5B,CAAC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,4EAA4E;QAC9E,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,CAAe,EAAE,EAAE;YAClC,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM;gBAAE,OAAO;YAChD,MAAM,IAAI,GAAG,CAAC,CAAC,IAAuD,CAAC;YACvE,IAAI,IAAI,EAAE,IAAI,KAAK,uBAAuB;gBAAE,OAAO;YACnD,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,OAAO;gBAAE,OAAO;YAC9D,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC,CAAC;QACF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAE5C,OAAO,GAAG,EAAE;YACV,OAAO,EAAE,KAAK,EAAE,CAAC;YACjB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEf,OAAO;QACL,UAAU;QACV,UAAU;QACV,cAAc;QACd,OAAO;QACP,UAAU;QACV,KAAK;QACL,gBAAgB;QAChB,KAAK;KACN,CAAC;AACJ,CAAC","sourcesContent":["import { agentNativePath } from \"../api-path.js\";\nimport { useState, useEffect, useCallback, useRef } from \"react\";\nimport { getCallbackOrigin } from \"../frame.js\";\n\nexport interface BuilderStatus {\n configured: boolean;\n builderEnabled: boolean;\n /**\n * True when `BUILDER_PRIVATE_KEY` is set at the deploy level. This is a\n * fallback credential; per-user/org Builder connections are still allowed\n * and take precedence for that request.\n */\n envManaged?: boolean;\n credentialSource?: \"user\" | \"org\" | \"env\";\n connectUrl: string;\n appHost: string;\n apiHost: string;\n branchProjectIdConfigured?: boolean;\n branchProjectId?: string;\n publicKeyConfigured: boolean;\n privateKeyConfigured: boolean;\n userId?: string;\n orgName?: string;\n orgKind?: string;\n /**\n * Set when the OAuth callback ran but failed to persist credentials.\n * Surfaced as a one-shot row by the server so the connect-flow polling\n * can stop with a clear message instead of timing out at 5min.\n */\n connectError?: { message: string; at: number };\n}\n\n/**\n * Fetches Builder connection status from /_agent-native/builder/status.\n * Re-fetches on window focus to detect post-redirect state changes.\n */\nexport function useBuilderStatus() {\n const [status, setStatus] = useState<BuilderStatus | null>(null);\n const [loading, setLoading] = useState(true);\n\n const fetchStatus = useCallback(async () => {\n try {\n const res = await fetch(agentNativePath(\"/_agent-native/builder/status\"));\n if (!res.ok) {\n setStatus(null);\n return;\n }\n setStatus(await res.json());\n } catch {\n setStatus(null);\n } finally {\n setLoading(false);\n }\n }, []);\n\n useEffect(() => {\n fetchStatus();\n\n function onFocus() {\n fetchStatus();\n }\n function onVisibility() {\n if (document.visibilityState === \"visible\") fetchStatus();\n }\n window.addEventListener(\"focus\", onFocus);\n document.addEventListener(\"visibilitychange\", onVisibility);\n // Engine connect/disconnect actions (e.g. the Builder disconnect button)\n // dispatch this event so dependent cards refresh without a full reload.\n window.addEventListener(\"agent-engine:configured-changed\", fetchStatus);\n return () => {\n window.removeEventListener(\"focus\", onFocus);\n document.removeEventListener(\"visibilitychange\", onVisibility);\n window.removeEventListener(\n \"agent-engine:configured-changed\",\n fetchStatus,\n );\n };\n }, [fetchStatus]);\n\n return { status, loading, refetch: fetchStatus };\n}\n\n// ─── useBuilderConnectFlow ──────────────────────────────────────────────────\n//\n// Shared state machine for the \"open Builder CLI-auth popup + poll\n// /builder/status until credentials land\" interaction. Replaces three\n// near-duplicate inline implementations: `BuilderCliAuthMethod` in\n// OnboardingPanel, `ConnectBuilderCard`, and `BuilderConnectCta` in\n// AssistantChat. Each consumer supplies its own popup URL / completion\n// behavior; the hook owns the polling + timeout + focus refresh.\n//\n// `popupUrl` is what we pass to `window.open`. The default\n// `/_agent-native/builder/connect` is a server-side 302 to the real\n// cli-auth URL — using it keeps the click handler synchronous so popup\n// blockers don't downgrade the open to same-tab navigation. Pass an\n// explicit `popupUrl` (e.g. the already-computed cli-auth URL) if your\n// caller already has it in hand.\n\nexport interface BuilderConnectFlowOptions {\n /** URL to synchronously open on start(). Defaults to the 302 shortcut. */\n popupUrl?: string;\n /** Invoked after the status poll first sees `configured: true`. */\n onConnected?: (state: { orgName: string | null }) => void | Promise<void>;\n}\n\nexport interface BuilderConnectFlow {\n configured: boolean;\n /**\n * True when the deploy has BUILDER_PRIVATE_KEY set as a fallback. Connect\n * is still available so users can override the fallback with their own\n * Builder account.\n */\n envManaged: boolean;\n /**\n * True when the server has a Builder branch project configured for this\n * request. When false, the card surfaces a waitlist CTA instead of a Send\n * button.\n */\n builderEnabled: boolean;\n orgName: string | null;\n connecting: boolean;\n error: string | null;\n /**\n * True once the first `/builder/status` fetch has completed (successfully\n * or not). Consumers that accept an `initialConfigured` prop (e.g. agent\n * tool-call results rendered with server-side state) should treat\n * `configured`/`orgName` as authoritative only once this flips true —\n * otherwise the hook's starting `false` defaults would cause a flash\n * back to \"Connect Builder\" on first paint.\n */\n hasFetchedStatus: boolean;\n /** Open the popup and begin polling. Must be called from a user-gesture handler. */\n start: () => void;\n}\n\nconst POLL_INTERVAL_MS = 2000;\nconst POLL_TIMEOUT_MS = 5 * 60 * 1000;\n\nfunction notifyAgentEngineConfiguredChanged(source: string) {\n if (typeof window === \"undefined\") return;\n window.dispatchEvent(\n new CustomEvent(\"agent-engine:configured-changed\", {\n detail: { source },\n }),\n );\n}\n\nexport function useBuilderConnectFlow(\n opts: BuilderConnectFlowOptions = {},\n): BuilderConnectFlow {\n const { popupUrl, onConnected } = opts;\n const [configured, setConfigured] = useState(false);\n const [envManaged, setEnvManaged] = useState(false);\n const [builderEnabled, setBuilderEnabled] = useState(false);\n const [orgName, setOrgName] = useState<string | null>(null);\n const [connecting, setConnecting] = useState(false);\n const [error, setError] = useState<string | null>(null);\n const [hasFetchedStatus, setHasFetchedStatus] = useState(false);\n const [statusConnectUrl, setStatusConnectUrl] = useState<string | null>(null);\n // When statusConnectUrl was last fetched. The server signs the embedded\n // _an_connect token with a 10-minute TTL; using an older URL silently\n // fails the same-origin check on the popup side. Track freshness so\n // start() can fall back to the bare /builder/connect path when stale.\n const statusConnectUrlAtRef = useRef<number | null>(null);\n const pollRef = useRef<ReturnType<typeof setInterval> | null>(null);\n const mountedRef = useRef(true);\n const notifiedConnectedRef = useRef(false);\n // Keep onConnected in a ref so start() doesn't need to re-create when the\n // caller passes an inline arrow function.\n const onConnectedRef = useRef(onConnected);\n onConnectedRef.current = onConnected;\n\n const stopPoll = useCallback(() => {\n if (pollRef.current) {\n clearInterval(pollRef.current);\n pollRef.current = null;\n }\n }, []);\n\n const fetchStatus = useCallback(async () => {\n const origin = getCallbackOrigin() || window.location.origin;\n try {\n const r = await fetch(\n new URL(agentNativePath(\"/_agent-native/builder/status\"), origin).href,\n );\n if (!r.ok) return null;\n return (await r.json()) as {\n configured: boolean;\n envManaged?: boolean;\n builderEnabled?: boolean;\n orgName?: string | null;\n connectUrl?: string;\n credentialSource?: \"user\" | \"org\" | \"env\";\n connectError?: { message: string; at: number };\n };\n } catch {\n return null;\n }\n }, []);\n\n // Initial fetch + focus/visibility refresh so if the user completed the\n // flow in another tab (or a downgraded same-tab nav) we notice it. Also\n // listen for `agent-engine:configured-changed` so a Disconnect click in\n // Settings propagates to any connect-CTA cards rendered elsewhere in\n // the app without waiting for the next focus event.\n useEffect(() => {\n mountedRef.current = true;\n let cancelled = false;\n const refresh = async () => {\n const s = await fetchStatus();\n if (cancelled || !mountedRef.current) return;\n // Flip `hasFetchedStatus` even when the fetch failed — the caller's\n // \"use initial props until the hook has an answer\" pattern wants to\n // stop waiting after we've tried, regardless of network outcome.\n setHasFetchedStatus(true);\n if (!s) return;\n setConfigured(!!s.configured);\n setEnvManaged(!!s.envManaged);\n setBuilderEnabled(!!s.builderEnabled);\n setStatusConnectUrl(s.connectUrl ?? null);\n statusConnectUrlAtRef.current = s.connectUrl ? Date.now() : null;\n const org = s.orgName ?? null;\n setOrgName(org);\n if (s.configured && !notifiedConnectedRef.current) {\n notifiedConnectedRef.current = true;\n notifyAgentEngineConfiguredChanged(\"builder-status\");\n try {\n await onConnectedRef.current?.({ orgName: org });\n } catch {\n // The caller's callback is a UI convenience; status is already set.\n }\n } else if (!s.configured) {\n notifiedConnectedRef.current = false;\n }\n };\n refresh();\n const onVisible = () => {\n if (document.visibilityState === \"visible\") refresh();\n };\n window.addEventListener(\"focus\", refresh);\n document.addEventListener(\"visibilitychange\", onVisible);\n window.addEventListener(\"agent-engine:configured-changed\", refresh);\n return () => {\n cancelled = true;\n mountedRef.current = false;\n window.removeEventListener(\"focus\", refresh);\n document.removeEventListener(\"visibilitychange\", onVisible);\n window.removeEventListener(\"agent-engine:configured-changed\", refresh);\n stopPoll();\n };\n }, [fetchStatus, stopPoll]);\n\n const start = useCallback(() => {\n stopPoll();\n setConnecting(true);\n setError(null);\n\n // Open SYNCHRONOUSLY inside the caller's click handler — any await\n // before window.open lets the user-gesture token expire, which causes\n // popup blockers to block entirely or fall back to same-tab navigation.\n const origin = getCallbackOrigin() || window.location.origin;\n // The signed _an_connect token in statusConnectUrl has a 10-minute TTL.\n // If the panel has been open longer than that the token is dead and the\n // popup will silently 403; drop the cached URL and let the bare /connect\n // route do the same-origin Sec-Fetch-Site check instead.\n const STATUS_CONNECT_URL_TTL_MS = 9 * 60 * 1000;\n const cachedAt = statusConnectUrlAtRef.current;\n const cachedFresh =\n typeof cachedAt === \"number\" &&\n Date.now() - cachedAt < STATUS_CONNECT_URL_TTL_MS;\n const url =\n (cachedFresh ? statusConnectUrl : null) ??\n popupUrl ??\n new URL(agentNativePath(\"/_agent-native/builder/connect\"), origin).href;\n try {\n window.open(url, \"_blank\", \"noopener,noreferrer\");\n } catch {\n // Fall through — polling still detects completion if the user\n // opens the URL themselves.\n }\n\n const started = Date.now();\n pollRef.current = setInterval(async () => {\n const s = await fetchStatus();\n if (!mountedRef.current) {\n stopPoll();\n return;\n }\n if (s?.configured) {\n stopPoll();\n setConfigured(true);\n setEnvManaged(!!s.envManaged);\n setBuilderEnabled(!!s.builderEnabled);\n setStatusConnectUrl(s.connectUrl ?? null);\n statusConnectUrlAtRef.current = s.connectUrl ? Date.now() : null;\n const org = s.orgName ?? null;\n setOrgName(org);\n setConnecting(false);\n notifiedConnectedRef.current = true;\n notifyAgentEngineConfiguredChanged(\"builder-connect\");\n try {\n await onConnectedRef.current?.({ orgName: org });\n } catch {\n // Consumer's callback failed; we've already flipped the UI state\n // to connected. Swallow so we don't re-arm the flow.\n }\n } else if (s?.connectError?.message) {\n // OAuth callback ran but writeBuilderCredentials threw — surface the\n // real error instead of letting the user wait 5 minutes for timeout.\n stopPoll();\n setConnecting(false);\n setError(\n `Couldn't save Builder credentials: ${s.connectError.message}. Try again or contact support.`,\n );\n } else if (Date.now() - started > POLL_TIMEOUT_MS) {\n stopPoll();\n setConnecting(false);\n setError(\n \"Didn't hear back from Builder in 5 minutes. Allow popups and try again.\",\n );\n }\n }, POLL_INTERVAL_MS);\n }, [fetchStatus, popupUrl, statusConnectUrl, stopPoll]);\n\n // Popup-side fast path: the error page broadcasts a message so we stop\n // polling immediately rather than waiting for the next 2s tick.\n //\n // We listen on BroadcastChannel (same-origin, works with noopener popups)\n // AND on window.message (legacy path for environments without BC or for\n // popups that still have opener access). Both paths are safe to have open\n // simultaneously \\u2014 the first one to fire wins and the error is deduplicated\n // by the stopPoll() call which is idempotent.\n useEffect(() => {\n let channel: BroadcastChannel | null = null;\n const handleError = (message: string) => {\n stopPoll();\n setConnecting(false);\n setError(`Couldn't save Builder credentials: ${message}.`);\n };\n\n try {\n channel = new BroadcastChannel(`builder-connect:${window.location.host}`);\n channel.onmessage = (e: MessageEvent) => {\n const data = e.data as { type?: string; message?: string } | undefined;\n if (data?.type !== \"builder-connect-error\") return;\n if (typeof data.message !== \"string\" || !data.message) return;\n handleError(data.message);\n };\n } catch {\n // BroadcastChannel not available (rare) \\u2014 fall through to postMessage.\n }\n\n const handler = (e: MessageEvent) => {\n if (e.origin !== window.location.origin) return;\n const data = e.data as { type?: string; message?: string } | undefined;\n if (data?.type !== \"builder-connect-error\") return;\n if (typeof data.message !== \"string\" || !data.message) return;\n handleError(data.message);\n };\n window.addEventListener(\"message\", handler);\n\n return () => {\n channel?.close();\n window.removeEventListener(\"message\", handler);\n };\n }, [stopPoll]);\n\n return {\n configured,\n envManaged,\n builderEnabled,\n orgName,\n connecting,\n error,\n hasFetchedStatus,\n start,\n };\n}\n"]}
|
|
@@ -16,12 +16,12 @@ export interface BuilderBrowserStatus {
|
|
|
16
16
|
branchProjectIdConfigured: boolean;
|
|
17
17
|
branchProjectId?: string;
|
|
18
18
|
/**
|
|
19
|
-
* True when `BUILDER_PRIVATE_KEY` is set at the deployment level.
|
|
20
|
-
*
|
|
21
|
-
*
|
|
22
|
-
* "managed by deployment" state instead.
|
|
19
|
+
* True when `BUILDER_PRIVATE_KEY` is set at the deployment level. This is a
|
|
20
|
+
* fallback credential; signed-in users can still connect their own Builder
|
|
21
|
+
* account, which takes precedence for their request.
|
|
23
22
|
*/
|
|
24
23
|
envManaged: boolean;
|
|
24
|
+
credentialSource?: "user" | "org" | "env";
|
|
25
25
|
appHost: string;
|
|
26
26
|
apiHost: string;
|
|
27
27
|
connectUrl: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"builder-browser.d.ts","sourceRoot":"","sources":["../../src/server/builder-browser.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AASlC,eAAO,MAAM,qBAAqB,oCAAoC,CAAC;AAEvE;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,cAAc,CAAC;AAC/C,eAAO,MAAM,qBAAqB,gBAAgB,CAAC;AAInD,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,yBAAyB,EAAE,OAAO,CAAC;IACnC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB
|
|
1
|
+
{"version":3,"file":"builder-browser.d.ts","sourceRoot":"","sources":["../../src/server/builder-browser.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AASlC,eAAO,MAAM,qBAAqB,oCAAoC,CAAC;AAEvE;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,cAAc,CAAC;AAC/C,eAAO,MAAM,qBAAqB,gBAAgB,CAAC;AAInD,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,yBAAyB,EAAE,OAAO,CAAC;IACnC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;OAIG;IACH,UAAU,EAAE,OAAO,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,CAAC;IAC1C,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,qBAAqB;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAiED;;;;;;;;;;GAUG;AACH,wBAAgB,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAErE;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAChC,YAAY,EAAE,MAAM,GACnB,OAAO,CAET;AAED,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAElE;AAED,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAChC,UAAU,EAAE,MAAM,GACjB,OAAO,CAET;AAED,wBAAgB,yBAAyB,CACvC,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,MAAM,CAOR;AA6BD,wBAAgB,iBAAiB,IAAI,MAAM,CAM1C;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAO1C;AAUD,wBAAgB,yBAAyB,IAAI,MAAM,CAElD;AAED,wBAAgB,yBAAyB,IAAI,OAAO,CAEnD;AAED,wBAAsB,6BAA6B,IAAI,OAAO,CAAC,MAAM,CAAC,CAmBrE;AAED,wBAAsB,gCAAgC,IAAI,OAAO,CAAC,OAAO,CAAC,CAEzE;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,EACd,KAAK,GAAE,MAAM,GAAG,IAAW,GAC1B,MAAM,CAkBR;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAElE;AAED,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG,oBAAoB,CAqB5E;AAED,wBAAgB,+BAA+B,CAC7C,KAAK,EAAE,OAAO,GACb,oBAAoB,CAEtB;AAED;;;;;;GAMG;AACH,eAAO,MAAM,gBAAgB,mHAMnB,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE9D,wBAAgB,yBAAyB,CAAC,MAAM,EAAE;IAChD,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;;;IASA;AAED,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EACrC,KAAK,EAAE,OAAO,GACb,MAAM,CAKR;AAoJD,wBAAgB,gCAAgC,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAwC3E;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,qCAAqC,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAsD7E;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB;AAiCD;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,qBAAqB,CAAC,CAkEhC;AAED,wBAAsB,+BAA+B,CACnD,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAgDlC"}
|
|
@@ -213,6 +213,7 @@ export function getBuilderBrowserStatus(origin) {
|
|
|
213
213
|
branchProjectIdConfigured: !!branchProjectId,
|
|
214
214
|
branchProjectId: branchProjectId || undefined,
|
|
215
215
|
envManaged,
|
|
216
|
+
credentialSource: envManaged ? "env" : undefined,
|
|
216
217
|
appHost: getBuilderAppHost(),
|
|
217
218
|
apiHost: getBuilderApiHost(),
|
|
218
219
|
connectUrl: getBuilderBrowserConnectUrl(origin),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"builder-browser.js","sourceRoot":"","sources":["../../src/server/builder-browser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEvE,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9D,MAAM,wBAAwB,GAAG,oBAAoB,CAAC;AACtD,MAAM,wBAAwB,GAAG,wBAAwB,CAAC;AAC1D,MAAM,oBAAoB,GAAG,sBAAsB,CAAC;AACpD,MAAM,yBAAyB,GAAG,sBAAsB,CAAC;AAEzD,MAAM,CAAC,MAAM,qBAAqB,GAAG,iCAAiC,CAAC;AAEvE;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAC/C,MAAM,CAAC,MAAM,qBAAqB,GAAG,aAAa,CAAC;AAEnD,MAAM,oBAAoB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAmC5C,SAAS,oBAAoB,CAAC,OAAkC;IAC9D,4EAA4E;IAC5E,iEAAiE;IACjE,OAAO,OAAO,KAAK,UAAU;QAC3B,CAAC,CAAC,gBAAgB,aAAa,EAAE,EAAE;QACnC,CAAC,CAAC,mBAAmB,aAAa,EAAE,EAAE,CAAC;AAC3C,CAAC;AAED,SAAS,WAAW,CAClB,OAAkC,EAClC,KAAa,EACb,YAAoB,EACpB,EAAU;IAEV,OAAO,UAAU,CAAC,QAAQ,EAAE,oBAAoB,CAAC,OAAO,CAAC,CAAC;SACvD,MAAM,CAAC,GAAG,KAAK,IAAI,YAAY,IAAI,EAAE,EAAE,CAAC;SACxC,MAAM,CAAC,WAAW,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,0BAA0B,CACjC,UAAkB,EAClB,OAAkC;IAElC,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACtB,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC3E,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;IAC1D,OAAO,GAAG,KAAK,IAAI,YAAY,IAAI,EAAE,IAAI,GAAG,EAAE,CAAC;AACjD,CAAC;AAED,SAAS,4BAA4B,CACnC,KAAgC,EAChC,UAAkB,EAClB,OAAkC;IAElC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAClE,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACrC,MAAM,CAAC,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;IAChD,IAAI,CAAC,KAAK,IAAI,CAAC,YAAY,IAAI,CAAC,KAAK,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IAE5D,IAAI,UAAkB,CAAC;IACvB,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACvE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,UAAU,KAAK,UAAU;QAAE,OAAO,KAAK,CAAC;IAE5C,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACzB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QAAE,OAAO,KAAK,CAAC;IACvC,2EAA2E;IAC3E,sEAAsE;IACtE,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAG,oBAAoB;QAAE,OAAO,KAAK,CAAC;IAEnE,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC,CAAC;IAC5E,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnC,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACvD,OAAO,eAAe,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,wBAAwB,CAAC,YAAoB;IAC3D,OAAO,0BAA0B,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,0BAA0B,CACxC,KAAgC,EAChC,YAAoB;IAEpB,OAAO,4BAA4B,CAAC,KAAK,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,UAAkB;IACxD,OAAO,0BAA0B,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,KAAgC,EAChC,UAAkB;IAElB,OAAO,4BAA4B,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,UAAkB,EAClB,UAAkB;IAElB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IAChC,GAAG,CAAC,YAAY,CAAC,GAAG,CAClB,qBAAqB,EACrB,uBAAuB,CAAC,UAAU,CAAC,CACpC,CAAC;IACF,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,SAAS,yBAAyB,CAAC,SAAiB;IAClD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC/C,MAAM,iBAAiB,GACrB,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAC9D,MAAM,WAAW,GACf,QAAQ,KAAK,WAAW;YACxB,QAAQ,KAAK,WAAW;YACxB,QAAQ,KAAK,OAAO,CAAC;QACvB,MAAM,eAAe,GACnB,QAAQ,KAAK,YAAY,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAChE,MAAM,mBAAmB,GACvB,QAAQ,KAAK,kBAAkB,IAAI,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QAC5E,OAAO,CACL,iBAAiB;YACjB,CAAC,WAAW,IAAI,eAAe,IAAI,mBAAmB,CAAC,CACxD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,MAAc;IACrC,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5B,OAAO,CAAC,GAAG,CAAC,uBAAuB;QACnC,wBAAwB,CACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,QAAQ;QACpB,OAAO,CAAC,GAAG,CAAC,YAAY;QACxB,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5B,wBAAwB,CACzB,CAAC;AACJ,CAAC;AAED,SAAS,mCAAmC;IAC1C,MAAM,SAAS,GACb,OAAO,CAAC,GAAG,CAAC,2BAA2B;QACvC,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACrC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IACjC,OAAO,SAAS,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,yBAAyB;IACvC,OAAO,mCAAmC,EAAE,IAAI,EAAE,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,yBAAyB;IACvC,OAAO,CAAC,CAAC,mCAAmC,EAAE,CAAC;AACjD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B;IACjD,MAAM,YAAY,GAAG,mCAAmC,EAAE,CAAC;IAC3D,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IAEtC,IAAI,CAAC;QACH,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;QACnE,KAAK,MAAM,GAAG,IAAI;YAChB,6BAA6B;YAC7B,2BAA2B;YAC3B,oBAAoB;SACrB,EAAE,CAAC;YACF,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,KAAK,EAAE,IAAI,EAAE;gBAAE,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wEAAwE;IAC1E,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gCAAgC;IACpD,OAAO,CAAC,CAAC,CAAC,MAAM,6BAA6B,EAAE,CAAC,CAAC;AACnD,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAAc,EACd,QAAuB,IAAI;IAE3B,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;IACrC,MAAM,WAAW,GAAG,IAAI,GAAG,CACzB,GAAG,WAAW,GAAG,qBAAqB,EAAE,EACxC,gBAAgB,CACjB,CAAC;IACF,IAAI,KAAK,EAAE,CAAC;QACV,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,iBAAiB,EAAE,CAAC,CAAC;IACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;IACnD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,yBAAyB,CAAC,CAAC;IAC7D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC7D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,GAAG,gBAAgB,GAAG,WAAW,EAAE,CAAC,CAAC;IACzE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;IAClD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CAAC,MAAc;IACxD,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,GAAG,cAAc,EAAE,gCAAgC,CAAC;AACvF,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,MAAc;IACpD,MAAM,eAAe,GAAG,mCAAmC,EAAE,CAAC;IAC9D,MAAM,UAAU,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACrD,OAAO;QACL,UAAU,EAAE,CAAC,CAAC,CACZ,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAClE;QACD,cAAc,EAAE,yBAAyB,EAAE;QAC3C,yBAAyB,EAAE,CAAC,CAAC,eAAe;QAC5C,eAAe,EAAE,eAAe,IAAI,SAAS;QAC7C,UAAU;QACV,OAAO,EAAE,iBAAiB,EAAE;QAC5B,OAAO,EAAE,iBAAiB,EAAE;QAC5B,UAAU,EAAE,2BAA2B,CAAC,MAAM,CAAC;QAC/C,mBAAmB,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB;QACrD,oBAAoB,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB;QACvD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,SAAS;QAChD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,SAAS;QAClD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,SAAS;KACnD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,+BAA+B,CAC7C,KAAc;IAEd,OAAO,uBAAuB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;AACnD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,qBAAqB;IACrB,oBAAoB;IACpB,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;CACV,CAAC;AAIX,MAAM,UAAU,yBAAyB,CAAC,MAMzC;IACC,MAAM,MAAM,GAAkC;QAC5C,mBAAmB,EAAE,MAAM,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE;QACpD,kBAAkB,EAAE,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE;QAClD,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE;QAC5C,gBAAgB,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE;QAC9C,gBAAgB,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE;KAC/C,CAAC;IACF,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,UAAqC,EACrC,KAAc;IAEd,IAAI,UAAU,IAAI,yBAAyB,CAAC,UAAU,CAAC,EAAE,CAAC;QACxD,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAG;;;;;;;;;;;;;;;UAe5B,CAAC;AAEX;;;;;;;GAOG;AACH,MAAM,yBAAyB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgHjC,CAAC;AAEF,MAAM,UAAU,gCAAgC,CAAC,UAAkB;IACjE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC9C,OAAO;;;;;;;;;MASH,6BAA6B;aACtB,yBAAyB;;;;;;;;;;4BAUV,UAAU;;;;;;;;;;;sCAWA,UAAU;;;;;;QAMxC,CAAC;AACT,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,qCAAqC,CAAC,OAAe;IACnE,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC/C,OAAO;;;;;;;;;MASH,6BAA6B;aACtB,yBAAyB;;;;;;;;;;;;;;oBAclB,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;QA2B1B,CAAC;AACT,CAAC;AAiBD,SAAS,yBAAyB,CAAC,KAAc,EAAE,SAAiB;IAClE,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,sCAAsC,SAAS,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,0CAA0C,SAAS,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,yBAAyB,CAAC,KAAc;IAC/C,MAAM,SAAS,GAAG,yBAAyB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC1D,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IACD,IACE,MAAM,CAAC,QAAQ,KAAK,YAAY;QAChC,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,EACxC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;AAC3B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAyB;IAEzB,MAAM,EAAE,yBAAyB,EAAE,GACjC,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;IAC3C,MAAM,KAAK,GAAG,MAAM,yBAAyB,EAAE,CAAC;IAChD,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,0HAA0H,CAC3H,CAAC;IACJ,CAAC;IACD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,IAAI,SAAS,CAAC;IAC/D,MAAM,gBAAgB,GAAG,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;IACpE,IAAI,CAAC,gBAAgB,IAAI,CAAC,aAAa,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,aAAa,EAAE,iBAAiB,EAAE,CAAC,CAAC;IACxD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAEhD,MAAM,IAAI,GAA4B;QACpC,WAAW,EAAE,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE;QACxC,SAAS;KACV,CAAC;IACF,IAAI,IAAI,CAAC,UAAU;QAAE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACvD,IAAI,gBAAgB;QAAE,IAAI,CAAC,SAAS,GAAG,gBAAgB,CAAC;IACxD,IAAI,aAAa;QAAE,IAAI,CAAC,MAAM,GAAG,aAAa,CAAC;IAE/C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,KAAK,CAAC,UAAU,EAAE;YAC3C,cAAc,EAAE,kBAAkB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;KAC3B,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAGtD,CAAC;IACF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,GAAG,GACP,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ;YAC9B,CAAC,CAAC,MAAM,CAAC,KAAK;YACd,CAAC,CAAC,6BAA6B,QAAQ,CAAC,MAAM,GAAG,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,OAAO;QACL,UAAU,EAAE,yBAAyB,CAAC,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC;QACtE,SAAS,EACP,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,IAAI,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE;YAC7D,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE;YACzB,CAAC,CAAC,SAAS;QACf,GAAG,EAAE,yBAAyB,CAAC,MAAM,CAAC,GAAG,CAAC;QAC1C,MAAM,EACJ,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE;YACvD,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE;YACtB,CAAC,CAAC,YAAY;KACnB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,+BAA+B,CACnD,IAA2B;IAE3B,MAAM,EAAE,yBAAyB,EAAE,GACjC,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;IAC3C,MAAM,KAAK,GAAG,MAAM,yBAAyB,EAAE,CAAC;IAChD,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,iCAAiC,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAC5E,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChD,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,KAAK,CAAC,UAAU,EAAE;YAC3C,cAAc,EAAE,kBAAkB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,SAAS;YACT,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,SAAS;YACtC,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,SAAS;YACxC,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,SAAS;YAC1C,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,IAAI,SAAS;YACxD,QAAQ,EAAE,IAAI,CAAC,gBAAgB,IAAI,SAAS;SAC7C,CAAC;KACH,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAGpD,CAAC;IACF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,KAAK,GACT,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;YAC5B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,mCAAmC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAC5D,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC","sourcesContent":["import { createHmac, randomBytes, timingSafeEqual } from \"node:crypto\";\nimport type { H3Event } from \"h3\";\nimport { getAuthSecret } from \"./better-auth-instance.js\";\nimport { getAppBasePath, getOrigin } from \"./google-oauth.js\";\n\nconst DEFAULT_BUILDER_APP_HOST = \"https://builder.io\";\nconst DEFAULT_BUILDER_API_HOST = \"https://api.builder.io\";\nconst BUILDER_BROWSER_HOST = \"agent-native-browser\";\nconst BUILDER_BROWSER_CLIENT_ID = \"Agent Native Browser\";\n\nexport const BUILDER_CALLBACK_PATH = \"/_agent-native/builder/callback\";\n\n/**\n * Query-param name carrying the signed CSRF state on the connect→callback\n * round-trip. Prefixed with `_an_` to avoid collisions if Builder ever\n * adds standard OAuth `state` support to cli-auth. Builder preserves\n * the path/query of `redirect_url` verbatim when redirecting back, so\n * we embed `_an_state=…` inside the redirect_url query string at\n * connect time and read it back on the callback.\n */\nexport const BUILDER_STATE_PARAM = \"_an_state\";\nexport const BUILDER_CONNECT_PARAM = \"_an_connect\";\n\nconst BUILDER_STATE_TTL_MS = 10 * 60 * 1000;\n\nexport interface BuilderBrowserStatus {\n configured: boolean;\n builderEnabled: boolean;\n branchProjectIdConfigured: boolean;\n branchProjectId?: string;\n /**\n * True when `BUILDER_PRIVATE_KEY` is set at the deployment level. Every\n * user of this deploy shares the operator's Builder identity; the UI\n * must hide the per-user connect/disconnect flow and show a read-only\n * \"managed by deployment\" state instead.\n */\n envManaged: boolean;\n appHost: string;\n apiHost: string;\n connectUrl: string;\n publicKeyConfigured: boolean;\n privateKeyConfigured: boolean;\n userId?: string;\n orgName?: string;\n orgKind?: string;\n}\n\nexport interface BrowserConnectionArgs {\n sessionId?: string;\n projectId?: string;\n branchName?: string;\n proxyOrigin?: string;\n proxyDefaultOrigin?: string;\n proxyDestination?: string;\n}\n\ntype BuilderSignedTokenPurpose = \"callback\" | \"connect\";\n\nfunction signingKeyForPurpose(purpose: BuilderSignedTokenPurpose): string {\n // Preserve the original callback-state signing key for any in-flight legacy\n // callbacks; use a separate key domain for connect-entry tokens.\n return purpose === \"callback\"\n ? `builder-csrf:${getAuthSecret()}`\n : `builder-connect:${getAuthSecret()}`;\n}\n\nfunction macForParts(\n purpose: BuilderSignedTokenPurpose,\n nonce: string,\n emailEncoded: string,\n ts: number,\n): string {\n return createHmac(\"sha256\", signingKeyForPurpose(purpose))\n .update(`${nonce}.${emailEncoded}.${ts}`)\n .digest(\"base64url\");\n}\n\nfunction signEmailBoundBuilderToken(\n ownerEmail: string,\n purpose: BuilderSignedTokenPurpose,\n): string {\n const nonce = randomBytes(16).toString(\"base64url\");\n const ts = Date.now();\n const emailEncoded = Buffer.from(ownerEmail, \"utf8\").toString(\"base64url\");\n const mac = macForParts(purpose, nonce, emailEncoded, ts);\n return `${nonce}.${emailEncoded}.${ts}.${mac}`;\n}\n\nfunction verifyEmailBoundBuilderToken(\n token: string | null | undefined,\n ownerEmail: string,\n purpose: BuilderSignedTokenPurpose,\n): boolean {\n if (typeof token !== \"string\" || token.length === 0) return false;\n const parts = token.split(\".\");\n if (parts.length !== 4) return false;\n const [nonce, emailEncoded, tsStr, mac] = parts;\n if (!nonce || !emailEncoded || !tsStr || !mac) return false;\n\n let boundEmail: string;\n try {\n boundEmail = Buffer.from(emailEncoded, \"base64url\").toString(\"utf8\");\n } catch {\n return false;\n }\n if (boundEmail !== ownerEmail) return false;\n\n const ts = Number(tsStr);\n if (!Number.isFinite(ts)) return false;\n // Reject expired AND far-future timestamps so leaked tokens do not gain an\n // arbitrary lifetime through clock skew or forged future issue times.\n if (Math.abs(Date.now() - ts) > BUILDER_STATE_TTL_MS) return false;\n\n const expected = Buffer.from(macForParts(purpose, nonce, emailEncoded, ts));\n const candidate = Buffer.from(mac);\n if (expected.length !== candidate.length) return false;\n return timingSafeEqual(expected, candidate);\n}\n\n/**\n * Mint a signed CSRF state token bound to the current session's email\n * and a fresh nonce. Round-trips through Builder's cli-auth flow inside\n * the redirect_url query string and is verified on the callback before\n * any keys are written.\n *\n * Why bind to email: it's the only stable, universally-available\n * identity field across all auth modes (Better Auth, BYOA, AUTH_MODE=local).\n * Binding to the session token instead would put the cookie value in a\n * URL that may end up in server logs / browser history.\n */\nexport function signBuilderCallbackState(sessionEmail: string): string {\n return signEmailBoundBuilderToken(sessionEmail, \"callback\");\n}\n\n/**\n * Verify a state token produced by `signBuilderCallbackState`. Returns\n * false on any malformed, forged, expired, or cross-session token.\n */\nexport function verifyBuilderCallbackState(\n token: string | null | undefined,\n sessionEmail: string,\n): boolean {\n return verifyEmailBoundBuilderToken(token, sessionEmail, \"callback\");\n}\n\nexport function signBuilderConnectToken(ownerEmail: string): string {\n return signEmailBoundBuilderToken(ownerEmail, \"connect\");\n}\n\nexport function verifyBuilderConnectToken(\n token: string | null | undefined,\n ownerEmail: string,\n): boolean {\n return verifyEmailBoundBuilderToken(token, ownerEmail, \"connect\");\n}\n\nexport function appendBuilderConnectToken(\n connectUrl: string,\n ownerEmail: string,\n): string {\n const url = new URL(connectUrl);\n url.searchParams.set(\n BUILDER_CONNECT_PARAM,\n signBuilderConnectToken(ownerEmail),\n );\n return url.toString();\n}\n\nfunction isAllowedBrowserReturnUrl(urlString: string): boolean {\n try {\n const parsed = new URL(urlString);\n const hostname = parsed.hostname.toLowerCase();\n const isAllowedProtocol =\n parsed.protocol === \"http:\" || parsed.protocol === \"https:\";\n const isLocalhost =\n hostname === \"localhost\" ||\n hostname === \"127.0.0.1\" ||\n hostname === \"[::1]\";\n const isBuilderDomain =\n hostname === \"builder.io\" || hostname.endsWith(\".builder.io\");\n const isAgentNativeDomain =\n hostname === \"agent-native.com\" || hostname.endsWith(\".agent-native.com\");\n return (\n isAllowedProtocol &&\n (isLocalhost || isBuilderDomain || isAgentNativeDomain)\n );\n } catch {\n return false;\n }\n}\n\nfunction normalizeOrigin(origin: string): string {\n return origin.replace(/\\/+$/, \"\");\n}\n\nexport function getBuilderAppHost(): string {\n return (\n process.env.BUILDER_APP_HOST ||\n process.env.BUILDER_PUBLIC_APP_HOST ||\n DEFAULT_BUILDER_APP_HOST\n );\n}\n\nexport function getBuilderApiHost(): string {\n return (\n process.env.AIR_HOST ||\n process.env.BUILDER_HOST ||\n process.env.BUILDER_API_HOST ||\n DEFAULT_BUILDER_API_HOST\n );\n}\n\nfunction getConfiguredBuilderBranchProjectId(): string | undefined {\n const projectId =\n process.env.DISPATCH_BUILDER_PROJECT_ID ||\n process.env.BUILDER_BRANCH_PROJECT_ID ||\n process.env.BUILDER_PROJECT_ID;\n return projectId?.trim() || undefined;\n}\n\nexport function getBuilderBranchProjectId(): string {\n return getConfiguredBuilderBranchProjectId() || \"\";\n}\n\nexport function isBuilderBranchingEnabled(): boolean {\n return !!getConfiguredBuilderBranchProjectId();\n}\n\nexport async function resolveBuilderBranchProjectId(): Promise<string> {\n const envProjectId = getConfiguredBuilderBranchProjectId();\n if (envProjectId) return envProjectId;\n\n try {\n const { resolveSecret } = await import(\"./credential-provider.js\");\n for (const key of [\n \"DISPATCH_BUILDER_PROJECT_ID\",\n \"BUILDER_BRANCH_PROJECT_ID\",\n \"BUILDER_PROJECT_ID\",\n ]) {\n const value = await resolveSecret(key);\n if (value?.trim()) return value.trim();\n }\n } catch {\n // Secrets table or request context not ready — treat as not configured.\n }\n\n return \"\";\n}\n\nexport async function resolveIsBuilderBranchingEnabled(): Promise<boolean> {\n return !!(await resolveBuilderBranchProjectId());\n}\n\n/**\n * Build the Builder cli-auth URL for the connect popup. When a signed\n * `state` token is supplied it is embedded inside the `redirect_url`\n * query string so it survives Builder's redirect verbatim — Builder\n * preserves the redirect_url's existing query when appending p-key /\n * api-key / etc., so we don't depend on Builder echoing a top-level\n * `state` parameter (it doesn't).\n *\n * The user-facing connect entry point is `/_agent-native/builder/connect`\n * (a server-side 302). Status / chat-card responses surface that path\n * rather than the cli-auth URL directly, so the 302 handler can mint a\n * fresh state bound to the current session on every click.\n */\nexport function buildBuilderCliAuthUrl(\n origin: string,\n state: string | null = null,\n): string {\n const normalizedOrigin = normalizeOrigin(origin);\n const appBasePath = getAppBasePath();\n const callbackUrl = new URL(\n `${appBasePath}${BUILDER_CALLBACK_PATH}`,\n normalizedOrigin,\n );\n if (state) {\n callbackUrl.searchParams.set(BUILDER_STATE_PARAM, state);\n }\n const url = new URL(\"/cli-auth\", getBuilderAppHost());\n url.searchParams.set(\"response_type\", \"code\");\n url.searchParams.set(\"host\", BUILDER_BROWSER_HOST);\n url.searchParams.set(\"client_id\", BUILDER_BROWSER_CLIENT_ID);\n url.searchParams.set(\"redirect_url\", callbackUrl.toString());\n url.searchParams.set(\"preview_url\", `${normalizedOrigin}${appBasePath}`);\n url.searchParams.set(\"framework\", \"agent-native\");\n return url.toString();\n}\n\n/**\n * The bare URL surfaced to clients as `connectUrl`. The status route appends\n * a short-lived signed connect token when it knows the current owner; this\n * helper stays bare so server-rendered cards can still render without a\n * request-bound owner and the connect route can fall back to Fetch Metadata.\n */\nexport function getBuilderBrowserConnectUrl(origin: string): string {\n return `${normalizeOrigin(origin)}${getAppBasePath()}/_agent-native/builder/connect`;\n}\n\nexport function getBuilderBrowserStatus(origin: string): BuilderBrowserStatus {\n const branchProjectId = getConfiguredBuilderBranchProjectId();\n const envManaged = !!process.env.BUILDER_PRIVATE_KEY;\n return {\n configured: !!(\n process.env.BUILDER_PRIVATE_KEY && process.env.BUILDER_PUBLIC_KEY\n ),\n builderEnabled: isBuilderBranchingEnabled(),\n branchProjectIdConfigured: !!branchProjectId,\n branchProjectId: branchProjectId || undefined,\n envManaged,\n appHost: getBuilderAppHost(),\n apiHost: getBuilderApiHost(),\n connectUrl: getBuilderBrowserConnectUrl(origin),\n publicKeyConfigured: !!process.env.BUILDER_PUBLIC_KEY,\n privateKeyConfigured: !!process.env.BUILDER_PRIVATE_KEY,\n userId: process.env.BUILDER_USER_ID || undefined,\n orgName: process.env.BUILDER_ORG_NAME || undefined,\n orgKind: process.env.BUILDER_ORG_KIND || undefined,\n };\n}\n\nexport function getBuilderBrowserStatusForEvent(\n event: H3Event,\n): BuilderBrowserStatus {\n return getBuilderBrowserStatus(getOrigin(event));\n}\n\n/**\n * Env vars written by the Builder CLI-auth callback. Single source of truth\n * for the connect/disconnect key set — `getBuilderCallbackEnvVars` and the\n * disconnect handler's scrub loop both derive from this list, so drift\n * (e.g. disconnect silently leaving `BUILDER_USER_ID` behind because\n * someone added a key to one site but not the other) is impossible.\n */\nexport const BUILDER_ENV_KEYS = [\n \"BUILDER_PRIVATE_KEY\",\n \"BUILDER_PUBLIC_KEY\",\n \"BUILDER_USER_ID\",\n \"BUILDER_ORG_NAME\",\n \"BUILDER_ORG_KIND\",\n] as const;\n\nexport type BuilderEnvKey = (typeof BUILDER_ENV_KEYS)[number];\n\nexport function getBuilderCallbackEnvVars(params: {\n privateKey?: string | null;\n publicKey?: string | null;\n userId?: string | null;\n orgName?: string | null;\n orgKind?: string | null;\n}) {\n const values: Record<BuilderEnvKey, string> = {\n BUILDER_PRIVATE_KEY: params.privateKey?.trim() || \"\",\n BUILDER_PUBLIC_KEY: params.publicKey?.trim() || \"\",\n BUILDER_USER_ID: params.userId?.trim() || \"\",\n BUILDER_ORG_NAME: params.orgName?.trim() || \"\",\n BUILDER_ORG_KIND: params.orgKind?.trim() || \"\",\n };\n return BUILDER_ENV_KEYS.map((key) => ({ key, value: values[key] }));\n}\n\nexport function resolveSafePreviewUrl(\n previewUrl: string | null | undefined,\n event: H3Event,\n): string {\n if (previewUrl && isAllowedBrowserReturnUrl(previewUrl)) {\n return previewUrl;\n }\n return getOrigin(event);\n}\n\n/**\n * Inline theme-detection script that runs before the body paints. Reads the\n * app's stored theme preference (same `localStorage.theme` key used by the\n * client-side theme manager) and falls back to `prefers-color-scheme`. This\n * way the popup matches whatever theme the user already picked in the app\n * — light, dark, or auto — instead of always rendering in OS-default mode.\n */\nconst BUILDER_CALLBACK_THEME_SCRIPT = `<script>\n(function () {\n try {\n var stored = window.localStorage && window.localStorage.getItem(\"theme\");\n var resolved;\n if (stored === \"light\" || stored === \"dark\") {\n resolved = stored;\n } else {\n var mq = window.matchMedia && window.matchMedia(\"(prefers-color-scheme: dark)\");\n resolved = mq && mq.matches ? \"dark\" : \"light\";\n }\n document.documentElement.classList.add(resolved);\n document.documentElement.style.colorScheme = resolved;\n } catch (e) {}\n})();\n</script>`;\n\n/**\n * Brand-aligned CSS for the Builder connect callback / error pages.\n *\n * Uses the same neutral-zinc palette and Inter font as the rest of the\n * framework's templates (see `templates/*\\/app/global.css`). Tokens map to\n * the same HSL values the templates set on `:root` / `.dark`, so the popup\n * reads as part of the same app — not a stranded marketing page.\n */\nconst BUILDER_CALLBACK_BASE_CSS = `\n :root {\n --bg: hsl(0 0% 100%);\n --fg: hsl(220 10% 10%);\n --muted-fg: hsl(220 5% 45%);\n --card: hsl(0 0% 100%);\n --border: hsl(220 10% 90%);\n --primary: hsl(220 10% 15%);\n --primary-fg: hsl(0 0% 100%);\n --primary-hover: hsl(220 10% 25%);\n --success-bg: hsl(143 50% 96%);\n --success-fg: hsl(143 60% 32%);\n --error-fg: hsl(0 75% 45%);\n --error-bg: hsl(0 80% 97%);\n --error-border: hsl(0 80% 92%);\n }\n :root.dark {\n --bg: hsl(220 6% 6%);\n --fg: hsl(0 0% 92%);\n --muted-fg: hsl(220 4% 60%);\n --card: hsl(220 5% 8%);\n --border: hsl(220 4% 14%);\n --primary: hsl(0 0% 92%);\n --primary-fg: hsl(220 6% 6%);\n --primary-hover: hsl(0 0% 75%);\n --success-bg: hsl(143 30% 12%);\n --success-fg: hsl(143 50% 70%);\n --error-fg: hsl(0 80% 75%);\n --error-bg: hsl(0 35% 12%);\n --error-border: hsl(0 30% 20%);\n }\n *, *::before, *::after { box-sizing: border-box; }\n html, body { height: 100%; }\n body {\n margin: 0;\n min-height: 100vh;\n display: grid;\n place-items: center;\n background: var(--bg);\n color: var(--fg);\n font-family: \"Inter\", ui-sans-serif, system-ui, -apple-system, \"Segoe UI\", \"Helvetica Neue\", Arial, sans-serif;\n font-size: 14px;\n line-height: 1.55;\n font-feature-settings: \"cv02\", \"cv03\", \"cv04\", \"cv11\";\n -webkit-font-smoothing: antialiased;\n -moz-osx-font-smoothing: grayscale;\n padding: 24px;\n }\n .card {\n width: min(420px, 100%);\n border: 1px solid var(--border);\n border-radius: 12px;\n padding: 32px 28px;\n background: var(--card);\n text-align: center;\n }\n .icon {\n display: inline-flex;\n align-items: center;\n justify-content: center;\n width: 44px;\n height: 44px;\n border-radius: 999px;\n margin-bottom: 16px;\n }\n .icon svg { width: 22px; height: 22px; display: block; }\n .icon-success { background: var(--success-bg); color: var(--success-fg); }\n .icon-error { background: var(--error-bg); color: var(--error-fg); }\n h1 {\n margin: 0 0 6px;\n font-size: 17px;\n font-weight: 600;\n letter-spacing: -0.01em;\n color: var(--fg);\n }\n p {\n margin: 0 0 4px;\n color: var(--fg);\n font-size: 14px;\n }\n p.muted { color: var(--muted-fg); }\n .btn {\n display: inline-flex;\n align-items: center;\n justify-content: center;\n height: 36px;\n padding: 0 16px;\n margin-top: 20px;\n background: var(--primary);\n color: var(--primary-fg);\n border-radius: 8px;\n font-size: 13px;\n font-weight: 500;\n text-decoration: none;\n border: none;\n cursor: pointer;\n }\n .btn:hover { background: var(--primary-hover); }\n pre.error-detail {\n margin: 16px 0 0;\n padding: 10px 12px;\n background: var(--error-bg);\n border: 1px solid var(--error-border);\n border-radius: 8px;\n color: var(--error-fg);\n font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace;\n font-size: 12px;\n line-height: 1.5;\n text-align: left;\n white-space: pre-wrap;\n word-break: break-word;\n }\n`;\n\nexport function createBuilderBrowserCallbackPage(previewUrl: string): string {\n const escapedUrl = JSON.stringify(previewUrl);\n return `<!doctype html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no\" />\n <title>Builder connected</title>\n <link rel=\"preconnect\" href=\"https://fonts.googleapis.com\" />\n <link rel=\"preconnect\" href=\"https://fonts.gstatic.com\" crossorigin />\n <link href=\"https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&display=swap\" rel=\"stylesheet\" />\n ${BUILDER_CALLBACK_THEME_SCRIPT}\n <style>${BUILDER_CALLBACK_BASE_CSS}</style>\n </head>\n <body>\n <main class=\"card\" role=\"status\" aria-live=\"polite\">\n <span class=\"icon icon-success\" aria-hidden=\"true\">\n <svg viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"></polyline></svg>\n </span>\n <h1>Builder connected</h1>\n <p>Browser access is now available to your app.</p>\n <p class=\"muted\">You can close this tab and return to the workspace.</p>\n <a class=\"btn\" href=${escapedUrl}>Open the workspace</a>\n </main>\n <script>\n // If we're a popup opened by the app, close ourselves and let the\n // parent tab keep polling for connection status. If close() is\n // blocked (e.g. we're the top-level tab because popups were\n // downgraded), fall back to navigating back to the workspace.\n window.setTimeout(function () {\n try { window.close(); } catch (e) {}\n window.setTimeout(function () {\n if (!window.closed) {\n window.location.replace(${escapedUrl});\n }\n }, 200);\n }, 700);\n </script>\n </body>\n</html>`;\n}\n\n/**\n * HTML page rendered inside the OAuth popup when the callback handler caught\n * an error persisting the per-user Builder credentials. Without this, the\n * popup would show the success page even though the write failed — leaving\n * the parent window stuck on \"Waiting for Builder…\" until the 5-minute poll\n * timeout fires (Midhun reported this on 2026-04-28).\n *\n * The page does two things:\n * 1. Shows the user a clear \"couldn't save credentials\" message with the\n * underlying error so they can retry or report.\n * 2. `postMessage`s the parent (same-origin opener) so the connect-flow\n * polling stops immediately rather than waiting for the next /status\n * poll to surface the SQL `builder-connect-error:<email>` row.\n */\nexport function createBuilderBrowserCallbackErrorPage(message: string): string {\n const escapedMessage = JSON.stringify(message);\n return `<!doctype html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no\" />\n <title>Builder connect failed</title>\n <link rel=\"preconnect\" href=\"https://fonts.googleapis.com\" />\n <link rel=\"preconnect\" href=\"https://fonts.gstatic.com\" crossorigin />\n <link href=\"https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&display=swap\" rel=\"stylesheet\" />\n ${BUILDER_CALLBACK_THEME_SCRIPT}\n <style>${BUILDER_CALLBACK_BASE_CSS}</style>\n </head>\n <body>\n <main class=\"card\" role=\"alert\" aria-live=\"assertive\">\n <span class=\"icon icon-error\" aria-hidden=\"true\">\n <svg viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M10.29 3.86 1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0Z\"></path><line x1=\"12\" y1=\"9\" x2=\"12\" y2=\"13\"></line><line x1=\"12\" y1=\"17\" x2=\"12.01\" y2=\"17\"></line></svg>\n </span>\n <h1>Couldn't save Builder connection</h1>\n <p class=\"muted\">Builder authorized your account but the server couldn't persist the credentials.</p>\n <pre class=\"error-detail\" id=\"msg\"></pre>\n <p class=\"muted\" style=\"margin-top:12px\">You can close this tab and try again from settings.</p>\n </main>\n <script>\n try {\n var msg = ${escapedMessage};\n document.getElementById(\"msg\").textContent = msg;\n // Notify the parent tab immediately so its polling loop stops\n // without waiting for the next /builder/status tick.\n //\n // BroadcastChannel works across same-origin windows regardless of\n // opener access — it is the only reliable channel here because\n // popups opened with window.open(..., \"noopener\") or links with\n // rel=\"noopener\" have window.opener === null. The legacy\n // window.opener.postMessage path is kept as a belt-and-suspenders\n // fallback for non-BroadcastChannel environments.\n try {\n var bc = new BroadcastChannel(\"builder-connect:\" + window.location.host);\n bc.postMessage({ type: \"builder-connect-error\", message: msg });\n bc.close();\n } catch (e) {}\n if (window.opener && !window.opener.closed) {\n try {\n window.opener.postMessage(\n { type: \"builder-connect-error\", message: msg },\n window.location.origin,\n );\n } catch (e) {}\n }\n } catch (e) {}\n </script>\n </body>\n</html>`;\n}\n\nexport interface RunBuilderAgentArgs {\n prompt: string;\n projectId?: string;\n branchName?: string;\n userEmail?: string;\n userId?: string;\n}\n\nexport interface RunBuilderAgentResult {\n branchName: string;\n projectId: string;\n url: string;\n status: string;\n}\n\nfunction normalizeBuilderApiString(value: unknown, fieldName: string): string {\n if (typeof value !== \"string\" || !value.trim()) {\n throw new Error(`Builder agent run returned a blank ${fieldName}`);\n }\n const trimmed = value.trim();\n if (/[\\u0000-\\u001f\\u007f]/.test(trimmed)) {\n throw new Error(`Builder agent run returned a malformed ${fieldName}`);\n }\n return trimmed;\n}\n\nfunction normalizeBuilderBranchUrl(value: unknown): string {\n const urlString = normalizeBuilderApiString(value, \"url\");\n let parsed: URL;\n try {\n parsed = new URL(urlString);\n } catch {\n throw new Error(\"Builder agent run returned a malformed url\");\n }\n if (parsed.protocol !== \"https:\" && parsed.protocol !== \"http:\") {\n throw new Error(\"Builder agent run returned a malformed url\");\n }\n if (\n parsed.hostname !== \"builder.io\" &&\n !parsed.hostname.endsWith(\".builder.io\")\n ) {\n throw new Error(\"Builder agent run returned a non-Builder url\");\n }\n return parsed.toString();\n}\n\n/**\n * POST a prompt to the Builder agents-run API. The Builder agent runs in a\n * cloud sandbox and writes code to a branch; the returned URL opens that\n * branch in the Visual Editor so the user can watch progress.\n *\n * Spec: https://www.builder.io/c/docs/agents-run-api\n */\nexport async function runBuilderAgent(\n args: RunBuilderAgentArgs,\n): Promise<RunBuilderAgentResult> {\n const { resolveBuilderCredentials } =\n await import(\"./credential-provider.js\");\n const creds = await resolveBuilderCredentials();\n if (!creds.privateKey || !creds.publicKey) {\n throw new Error(\"Builder keys are not configured\");\n }\n if (!args.prompt || !args.prompt.trim()) {\n throw new Error(\"prompt is required\");\n }\n const projectId = args.projectId?.trim();\n if (!projectId) {\n throw new Error(\n \"Builder project ID is not configured. Set DISPATCH_BUILDER_PROJECT_ID, BUILDER_BRANCH_PROJECT_ID, or BUILDER_PROJECT_ID.\",\n );\n }\n const builderUserId = args.userId || creds.userId || undefined;\n const builderUserEmail = builderUserId ? undefined : args.userEmail;\n if (!builderUserEmail && !builderUserId) {\n throw new Error(\"userEmail or userId is required\");\n }\n\n const url = new URL(\"/agents/run\", getBuilderApiHost());\n url.searchParams.set(\"apiKey\", creds.publicKey);\n\n const body: Record<string, unknown> = {\n userMessage: { userPrompt: args.prompt },\n projectId,\n };\n if (args.branchName) body.branchName = args.branchName;\n if (builderUserEmail) body.userEmail = builderUserEmail;\n if (builderUserId) body.userId = builderUserId;\n\n const response = await fetch(url, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${creds.privateKey}`,\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify(body),\n });\n\n const parsed = (await response.json().catch(() => ({}))) as Record<\n string,\n unknown\n >;\n if (!response.ok) {\n const msg =\n typeof parsed.error === \"string\"\n ? parsed.error\n : `Builder agent run failed (${response.status})`;\n throw new Error(msg);\n }\n\n return {\n branchName: normalizeBuilderApiString(parsed.branchName, \"branchName\"),\n projectId:\n typeof parsed.projectId === \"string\" && parsed.projectId.trim()\n ? parsed.projectId.trim()\n : projectId,\n url: normalizeBuilderBranchUrl(parsed.url),\n status:\n typeof parsed.status === \"string\" && parsed.status.trim()\n ? parsed.status.trim()\n : \"processing\",\n };\n}\n\nexport async function requestBuilderBrowserConnection(\n args: BrowserConnectionArgs,\n): Promise<Record<string, unknown>> {\n const { resolveBuilderCredentials } =\n await import(\"./credential-provider.js\");\n const creds = await resolveBuilderCredentials();\n if (!creds.privateKey || !creds.publicKey) {\n throw new Error(\"Builder browser access is not configured\");\n }\n\n const sessionId = args.sessionId?.trim();\n if (!sessionId) {\n throw new Error(\"sessionId is required\");\n }\n\n const url = new URL(\"/codegen/get-browser-connection\", getBuilderApiHost());\n url.searchParams.set(\"apiKey\", creds.publicKey);\n if (creds.userId) {\n url.searchParams.set(\"userId\", creds.userId);\n }\n\n const response = await fetch(url, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${creds.privateKey}`,\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({\n sessionId,\n projectId: args.projectId || undefined,\n branchName: args.branchName || undefined,\n proxyOrigin: args.proxyOrigin || undefined,\n proxyDefaultOrigin: args.proxyDefaultOrigin || undefined,\n proxyDst: args.proxyDestination || undefined,\n }),\n });\n\n const body = (await response.json().catch(() => ({}))) as Record<\n string,\n unknown\n >;\n if (!response.ok) {\n const error =\n typeof body.error === \"string\"\n ? body.error\n : `Builder browser request failed (${response.status})`;\n throw new Error(error);\n }\n\n return body;\n}\n"]}
|
|
1
|
+
{"version":3,"file":"builder-browser.js","sourceRoot":"","sources":["../../src/server/builder-browser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEvE,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9D,MAAM,wBAAwB,GAAG,oBAAoB,CAAC;AACtD,MAAM,wBAAwB,GAAG,wBAAwB,CAAC;AAC1D,MAAM,oBAAoB,GAAG,sBAAsB,CAAC;AACpD,MAAM,yBAAyB,GAAG,sBAAsB,CAAC;AAEzD,MAAM,CAAC,MAAM,qBAAqB,GAAG,iCAAiC,CAAC;AAEvE;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAC/C,MAAM,CAAC,MAAM,qBAAqB,GAAG,aAAa,CAAC;AAEnD,MAAM,oBAAoB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAmC5C,SAAS,oBAAoB,CAAC,OAAkC;IAC9D,4EAA4E;IAC5E,iEAAiE;IACjE,OAAO,OAAO,KAAK,UAAU;QAC3B,CAAC,CAAC,gBAAgB,aAAa,EAAE,EAAE;QACnC,CAAC,CAAC,mBAAmB,aAAa,EAAE,EAAE,CAAC;AAC3C,CAAC;AAED,SAAS,WAAW,CAClB,OAAkC,EAClC,KAAa,EACb,YAAoB,EACpB,EAAU;IAEV,OAAO,UAAU,CAAC,QAAQ,EAAE,oBAAoB,CAAC,OAAO,CAAC,CAAC;SACvD,MAAM,CAAC,GAAG,KAAK,IAAI,YAAY,IAAI,EAAE,EAAE,CAAC;SACxC,MAAM,CAAC,WAAW,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,0BAA0B,CACjC,UAAkB,EAClB,OAAkC;IAElC,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACtB,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC3E,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;IAC1D,OAAO,GAAG,KAAK,IAAI,YAAY,IAAI,EAAE,IAAI,GAAG,EAAE,CAAC;AACjD,CAAC;AAED,SAAS,4BAA4B,CACnC,KAAgC,EAChC,UAAkB,EAClB,OAAkC;IAElC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAClE,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACrC,MAAM,CAAC,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;IAChD,IAAI,CAAC,KAAK,IAAI,CAAC,YAAY,IAAI,CAAC,KAAK,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IAE5D,IAAI,UAAkB,CAAC;IACvB,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACvE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,UAAU,KAAK,UAAU;QAAE,OAAO,KAAK,CAAC;IAE5C,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACzB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QAAE,OAAO,KAAK,CAAC;IACvC,2EAA2E;IAC3E,sEAAsE;IACtE,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAG,oBAAoB;QAAE,OAAO,KAAK,CAAC;IAEnE,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC,CAAC;IAC5E,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnC,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACvD,OAAO,eAAe,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,wBAAwB,CAAC,YAAoB;IAC3D,OAAO,0BAA0B,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,0BAA0B,CACxC,KAAgC,EAChC,YAAoB;IAEpB,OAAO,4BAA4B,CAAC,KAAK,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,UAAkB;IACxD,OAAO,0BAA0B,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,KAAgC,EAChC,UAAkB;IAElB,OAAO,4BAA4B,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,UAAkB,EAClB,UAAkB;IAElB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IAChC,GAAG,CAAC,YAAY,CAAC,GAAG,CAClB,qBAAqB,EACrB,uBAAuB,CAAC,UAAU,CAAC,CACpC,CAAC;IACF,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,SAAS,yBAAyB,CAAC,SAAiB;IAClD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC/C,MAAM,iBAAiB,GACrB,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAC9D,MAAM,WAAW,GACf,QAAQ,KAAK,WAAW;YACxB,QAAQ,KAAK,WAAW;YACxB,QAAQ,KAAK,OAAO,CAAC;QACvB,MAAM,eAAe,GACnB,QAAQ,KAAK,YAAY,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAChE,MAAM,mBAAmB,GACvB,QAAQ,KAAK,kBAAkB,IAAI,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QAC5E,OAAO,CACL,iBAAiB;YACjB,CAAC,WAAW,IAAI,eAAe,IAAI,mBAAmB,CAAC,CACxD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,MAAc;IACrC,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5B,OAAO,CAAC,GAAG,CAAC,uBAAuB;QACnC,wBAAwB,CACzB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,QAAQ;QACpB,OAAO,CAAC,GAAG,CAAC,YAAY;QACxB,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5B,wBAAwB,CACzB,CAAC;AACJ,CAAC;AAED,SAAS,mCAAmC;IAC1C,MAAM,SAAS,GACb,OAAO,CAAC,GAAG,CAAC,2BAA2B;QACvC,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACrC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IACjC,OAAO,SAAS,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,yBAAyB;IACvC,OAAO,mCAAmC,EAAE,IAAI,EAAE,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,yBAAyB;IACvC,OAAO,CAAC,CAAC,mCAAmC,EAAE,CAAC;AACjD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B;IACjD,MAAM,YAAY,GAAG,mCAAmC,EAAE,CAAC;IAC3D,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IAEtC,IAAI,CAAC;QACH,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;QACnE,KAAK,MAAM,GAAG,IAAI;YAChB,6BAA6B;YAC7B,2BAA2B;YAC3B,oBAAoB;SACrB,EAAE,CAAC;YACF,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,KAAK,EAAE,IAAI,EAAE;gBAAE,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wEAAwE;IAC1E,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gCAAgC;IACpD,OAAO,CAAC,CAAC,CAAC,MAAM,6BAA6B,EAAE,CAAC,CAAC;AACnD,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAAc,EACd,QAAuB,IAAI;IAE3B,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;IACrC,MAAM,WAAW,GAAG,IAAI,GAAG,CACzB,GAAG,WAAW,GAAG,qBAAqB,EAAE,EACxC,gBAAgB,CACjB,CAAC;IACF,IAAI,KAAK,EAAE,CAAC;QACV,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,iBAAiB,EAAE,CAAC,CAAC;IACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;IACnD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,yBAAyB,CAAC,CAAC;IAC7D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC7D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,GAAG,gBAAgB,GAAG,WAAW,EAAE,CAAC,CAAC;IACzE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;IAClD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,2BAA2B,CAAC,MAAc;IACxD,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,GAAG,cAAc,EAAE,gCAAgC,CAAC;AACvF,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,MAAc;IACpD,MAAM,eAAe,GAAG,mCAAmC,EAAE,CAAC;IAC9D,MAAM,UAAU,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACrD,OAAO;QACL,UAAU,EAAE,CAAC,CAAC,CACZ,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAClE;QACD,cAAc,EAAE,yBAAyB,EAAE;QAC3C,yBAAyB,EAAE,CAAC,CAAC,eAAe;QAC5C,eAAe,EAAE,eAAe,IAAI,SAAS;QAC7C,UAAU;QACV,gBAAgB,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAChD,OAAO,EAAE,iBAAiB,EAAE;QAC5B,OAAO,EAAE,iBAAiB,EAAE;QAC5B,UAAU,EAAE,2BAA2B,CAAC,MAAM,CAAC;QAC/C,mBAAmB,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB;QACrD,oBAAoB,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB;QACvD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,SAAS;QAChD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,SAAS;QAClD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,SAAS;KACnD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,+BAA+B,CAC7C,KAAc;IAEd,OAAO,uBAAuB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;AACnD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,qBAAqB;IACrB,oBAAoB;IACpB,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;CACV,CAAC;AAIX,MAAM,UAAU,yBAAyB,CAAC,MAMzC;IACC,MAAM,MAAM,GAAkC;QAC5C,mBAAmB,EAAE,MAAM,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE;QACpD,kBAAkB,EAAE,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE;QAClD,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE;QAC5C,gBAAgB,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE;QAC9C,gBAAgB,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE;KAC/C,CAAC;IACF,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,UAAqC,EACrC,KAAc;IAEd,IAAI,UAAU,IAAI,yBAAyB,CAAC,UAAU,CAAC,EAAE,CAAC;QACxD,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAG;;;;;;;;;;;;;;;UAe5B,CAAC;AAEX;;;;;;;GAOG;AACH,MAAM,yBAAyB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgHjC,CAAC;AAEF,MAAM,UAAU,gCAAgC,CAAC,UAAkB;IACjE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC9C,OAAO;;;;;;;;;MASH,6BAA6B;aACtB,yBAAyB;;;;;;;;;;4BAUV,UAAU;;;;;;;;;;;sCAWA,UAAU;;;;;;QAMxC,CAAC;AACT,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,qCAAqC,CAAC,OAAe;IACnE,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC/C,OAAO;;;;;;;;;MASH,6BAA6B;aACtB,yBAAyB;;;;;;;;;;;;;;oBAclB,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;QA2B1B,CAAC;AACT,CAAC;AAiBD,SAAS,yBAAyB,CAAC,KAAc,EAAE,SAAiB;IAClE,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,sCAAsC,SAAS,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,0CAA0C,SAAS,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,yBAAyB,CAAC,KAAc;IAC/C,MAAM,SAAS,GAAG,yBAAyB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC1D,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IACD,IACE,MAAM,CAAC,QAAQ,KAAK,YAAY;QAChC,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,EACxC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;AAC3B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAyB;IAEzB,MAAM,EAAE,yBAAyB,EAAE,GACjC,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;IAC3C,MAAM,KAAK,GAAG,MAAM,yBAAyB,EAAE,CAAC;IAChD,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,0HAA0H,CAC3H,CAAC;IACJ,CAAC;IACD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,IAAI,SAAS,CAAC;IAC/D,MAAM,gBAAgB,GAAG,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;IACpE,IAAI,CAAC,gBAAgB,IAAI,CAAC,aAAa,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,aAAa,EAAE,iBAAiB,EAAE,CAAC,CAAC;IACxD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAEhD,MAAM,IAAI,GAA4B;QACpC,WAAW,EAAE,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE;QACxC,SAAS;KACV,CAAC;IACF,IAAI,IAAI,CAAC,UAAU;QAAE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACvD,IAAI,gBAAgB;QAAE,IAAI,CAAC,SAAS,GAAG,gBAAgB,CAAC;IACxD,IAAI,aAAa;QAAE,IAAI,CAAC,MAAM,GAAG,aAAa,CAAC;IAE/C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,KAAK,CAAC,UAAU,EAAE;YAC3C,cAAc,EAAE,kBAAkB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;KAC3B,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAGtD,CAAC;IACF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,GAAG,GACP,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ;YAC9B,CAAC,CAAC,MAAM,CAAC,KAAK;YACd,CAAC,CAAC,6BAA6B,QAAQ,CAAC,MAAM,GAAG,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,OAAO;QACL,UAAU,EAAE,yBAAyB,CAAC,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC;QACtE,SAAS,EACP,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,IAAI,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE;YAC7D,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE;YACzB,CAAC,CAAC,SAAS;QACf,GAAG,EAAE,yBAAyB,CAAC,MAAM,CAAC,GAAG,CAAC;QAC1C,MAAM,EACJ,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE;YACvD,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE;YACtB,CAAC,CAAC,YAAY;KACnB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,+BAA+B,CACnD,IAA2B;IAE3B,MAAM,EAAE,yBAAyB,EAAE,GACjC,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;IAC3C,MAAM,KAAK,GAAG,MAAM,yBAAyB,EAAE,CAAC;IAChD,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;IACzC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,iCAAiC,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAC5E,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChD,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,KAAK,CAAC,UAAU,EAAE;YAC3C,cAAc,EAAE,kBAAkB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,SAAS;YACT,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,SAAS;YACtC,UAAU,EAAE,IAAI,CAAC,UAAU,IAAI,SAAS;YACxC,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,SAAS;YAC1C,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,IAAI,SAAS;YACxD,QAAQ,EAAE,IAAI,CAAC,gBAAgB,IAAI,SAAS;SAC7C,CAAC;KACH,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAGpD,CAAC;IACF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,KAAK,GACT,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;YAC5B,CAAC,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC,mCAAmC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAC5D,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC","sourcesContent":["import { createHmac, randomBytes, timingSafeEqual } from \"node:crypto\";\nimport type { H3Event } from \"h3\";\nimport { getAuthSecret } from \"./better-auth-instance.js\";\nimport { getAppBasePath, getOrigin } from \"./google-oauth.js\";\n\nconst DEFAULT_BUILDER_APP_HOST = \"https://builder.io\";\nconst DEFAULT_BUILDER_API_HOST = \"https://api.builder.io\";\nconst BUILDER_BROWSER_HOST = \"agent-native-browser\";\nconst BUILDER_BROWSER_CLIENT_ID = \"Agent Native Browser\";\n\nexport const BUILDER_CALLBACK_PATH = \"/_agent-native/builder/callback\";\n\n/**\n * Query-param name carrying the signed CSRF state on the connect→callback\n * round-trip. Prefixed with `_an_` to avoid collisions if Builder ever\n * adds standard OAuth `state` support to cli-auth. Builder preserves\n * the path/query of `redirect_url` verbatim when redirecting back, so\n * we embed `_an_state=…` inside the redirect_url query string at\n * connect time and read it back on the callback.\n */\nexport const BUILDER_STATE_PARAM = \"_an_state\";\nexport const BUILDER_CONNECT_PARAM = \"_an_connect\";\n\nconst BUILDER_STATE_TTL_MS = 10 * 60 * 1000;\n\nexport interface BuilderBrowserStatus {\n configured: boolean;\n builderEnabled: boolean;\n branchProjectIdConfigured: boolean;\n branchProjectId?: string;\n /**\n * True when `BUILDER_PRIVATE_KEY` is set at the deployment level. This is a\n * fallback credential; signed-in users can still connect their own Builder\n * account, which takes precedence for their request.\n */\n envManaged: boolean;\n credentialSource?: \"user\" | \"org\" | \"env\";\n appHost: string;\n apiHost: string;\n connectUrl: string;\n publicKeyConfigured: boolean;\n privateKeyConfigured: boolean;\n userId?: string;\n orgName?: string;\n orgKind?: string;\n}\n\nexport interface BrowserConnectionArgs {\n sessionId?: string;\n projectId?: string;\n branchName?: string;\n proxyOrigin?: string;\n proxyDefaultOrigin?: string;\n proxyDestination?: string;\n}\n\ntype BuilderSignedTokenPurpose = \"callback\" | \"connect\";\n\nfunction signingKeyForPurpose(purpose: BuilderSignedTokenPurpose): string {\n // Preserve the original callback-state signing key for any in-flight legacy\n // callbacks; use a separate key domain for connect-entry tokens.\n return purpose === \"callback\"\n ? `builder-csrf:${getAuthSecret()}`\n : `builder-connect:${getAuthSecret()}`;\n}\n\nfunction macForParts(\n purpose: BuilderSignedTokenPurpose,\n nonce: string,\n emailEncoded: string,\n ts: number,\n): string {\n return createHmac(\"sha256\", signingKeyForPurpose(purpose))\n .update(`${nonce}.${emailEncoded}.${ts}`)\n .digest(\"base64url\");\n}\n\nfunction signEmailBoundBuilderToken(\n ownerEmail: string,\n purpose: BuilderSignedTokenPurpose,\n): string {\n const nonce = randomBytes(16).toString(\"base64url\");\n const ts = Date.now();\n const emailEncoded = Buffer.from(ownerEmail, \"utf8\").toString(\"base64url\");\n const mac = macForParts(purpose, nonce, emailEncoded, ts);\n return `${nonce}.${emailEncoded}.${ts}.${mac}`;\n}\n\nfunction verifyEmailBoundBuilderToken(\n token: string | null | undefined,\n ownerEmail: string,\n purpose: BuilderSignedTokenPurpose,\n): boolean {\n if (typeof token !== \"string\" || token.length === 0) return false;\n const parts = token.split(\".\");\n if (parts.length !== 4) return false;\n const [nonce, emailEncoded, tsStr, mac] = parts;\n if (!nonce || !emailEncoded || !tsStr || !mac) return false;\n\n let boundEmail: string;\n try {\n boundEmail = Buffer.from(emailEncoded, \"base64url\").toString(\"utf8\");\n } catch {\n return false;\n }\n if (boundEmail !== ownerEmail) return false;\n\n const ts = Number(tsStr);\n if (!Number.isFinite(ts)) return false;\n // Reject expired AND far-future timestamps so leaked tokens do not gain an\n // arbitrary lifetime through clock skew or forged future issue times.\n if (Math.abs(Date.now() - ts) > BUILDER_STATE_TTL_MS) return false;\n\n const expected = Buffer.from(macForParts(purpose, nonce, emailEncoded, ts));\n const candidate = Buffer.from(mac);\n if (expected.length !== candidate.length) return false;\n return timingSafeEqual(expected, candidate);\n}\n\n/**\n * Mint a signed CSRF state token bound to the current session's email\n * and a fresh nonce. Round-trips through Builder's cli-auth flow inside\n * the redirect_url query string and is verified on the callback before\n * any keys are written.\n *\n * Why bind to email: it's the only stable, universally-available\n * identity field across all auth modes (Better Auth, BYOA, AUTH_MODE=local).\n * Binding to the session token instead would put the cookie value in a\n * URL that may end up in server logs / browser history.\n */\nexport function signBuilderCallbackState(sessionEmail: string): string {\n return signEmailBoundBuilderToken(sessionEmail, \"callback\");\n}\n\n/**\n * Verify a state token produced by `signBuilderCallbackState`. Returns\n * false on any malformed, forged, expired, or cross-session token.\n */\nexport function verifyBuilderCallbackState(\n token: string | null | undefined,\n sessionEmail: string,\n): boolean {\n return verifyEmailBoundBuilderToken(token, sessionEmail, \"callback\");\n}\n\nexport function signBuilderConnectToken(ownerEmail: string): string {\n return signEmailBoundBuilderToken(ownerEmail, \"connect\");\n}\n\nexport function verifyBuilderConnectToken(\n token: string | null | undefined,\n ownerEmail: string,\n): boolean {\n return verifyEmailBoundBuilderToken(token, ownerEmail, \"connect\");\n}\n\nexport function appendBuilderConnectToken(\n connectUrl: string,\n ownerEmail: string,\n): string {\n const url = new URL(connectUrl);\n url.searchParams.set(\n BUILDER_CONNECT_PARAM,\n signBuilderConnectToken(ownerEmail),\n );\n return url.toString();\n}\n\nfunction isAllowedBrowserReturnUrl(urlString: string): boolean {\n try {\n const parsed = new URL(urlString);\n const hostname = parsed.hostname.toLowerCase();\n const isAllowedProtocol =\n parsed.protocol === \"http:\" || parsed.protocol === \"https:\";\n const isLocalhost =\n hostname === \"localhost\" ||\n hostname === \"127.0.0.1\" ||\n hostname === \"[::1]\";\n const isBuilderDomain =\n hostname === \"builder.io\" || hostname.endsWith(\".builder.io\");\n const isAgentNativeDomain =\n hostname === \"agent-native.com\" || hostname.endsWith(\".agent-native.com\");\n return (\n isAllowedProtocol &&\n (isLocalhost || isBuilderDomain || isAgentNativeDomain)\n );\n } catch {\n return false;\n }\n}\n\nfunction normalizeOrigin(origin: string): string {\n return origin.replace(/\\/+$/, \"\");\n}\n\nexport function getBuilderAppHost(): string {\n return (\n process.env.BUILDER_APP_HOST ||\n process.env.BUILDER_PUBLIC_APP_HOST ||\n DEFAULT_BUILDER_APP_HOST\n );\n}\n\nexport function getBuilderApiHost(): string {\n return (\n process.env.AIR_HOST ||\n process.env.BUILDER_HOST ||\n process.env.BUILDER_API_HOST ||\n DEFAULT_BUILDER_API_HOST\n );\n}\n\nfunction getConfiguredBuilderBranchProjectId(): string | undefined {\n const projectId =\n process.env.DISPATCH_BUILDER_PROJECT_ID ||\n process.env.BUILDER_BRANCH_PROJECT_ID ||\n process.env.BUILDER_PROJECT_ID;\n return projectId?.trim() || undefined;\n}\n\nexport function getBuilderBranchProjectId(): string {\n return getConfiguredBuilderBranchProjectId() || \"\";\n}\n\nexport function isBuilderBranchingEnabled(): boolean {\n return !!getConfiguredBuilderBranchProjectId();\n}\n\nexport async function resolveBuilderBranchProjectId(): Promise<string> {\n const envProjectId = getConfiguredBuilderBranchProjectId();\n if (envProjectId) return envProjectId;\n\n try {\n const { resolveSecret } = await import(\"./credential-provider.js\");\n for (const key of [\n \"DISPATCH_BUILDER_PROJECT_ID\",\n \"BUILDER_BRANCH_PROJECT_ID\",\n \"BUILDER_PROJECT_ID\",\n ]) {\n const value = await resolveSecret(key);\n if (value?.trim()) return value.trim();\n }\n } catch {\n // Secrets table or request context not ready — treat as not configured.\n }\n\n return \"\";\n}\n\nexport async function resolveIsBuilderBranchingEnabled(): Promise<boolean> {\n return !!(await resolveBuilderBranchProjectId());\n}\n\n/**\n * Build the Builder cli-auth URL for the connect popup. When a signed\n * `state` token is supplied it is embedded inside the `redirect_url`\n * query string so it survives Builder's redirect verbatim — Builder\n * preserves the redirect_url's existing query when appending p-key /\n * api-key / etc., so we don't depend on Builder echoing a top-level\n * `state` parameter (it doesn't).\n *\n * The user-facing connect entry point is `/_agent-native/builder/connect`\n * (a server-side 302). Status / chat-card responses surface that path\n * rather than the cli-auth URL directly, so the 302 handler can mint a\n * fresh state bound to the current session on every click.\n */\nexport function buildBuilderCliAuthUrl(\n origin: string,\n state: string | null = null,\n): string {\n const normalizedOrigin = normalizeOrigin(origin);\n const appBasePath = getAppBasePath();\n const callbackUrl = new URL(\n `${appBasePath}${BUILDER_CALLBACK_PATH}`,\n normalizedOrigin,\n );\n if (state) {\n callbackUrl.searchParams.set(BUILDER_STATE_PARAM, state);\n }\n const url = new URL(\"/cli-auth\", getBuilderAppHost());\n url.searchParams.set(\"response_type\", \"code\");\n url.searchParams.set(\"host\", BUILDER_BROWSER_HOST);\n url.searchParams.set(\"client_id\", BUILDER_BROWSER_CLIENT_ID);\n url.searchParams.set(\"redirect_url\", callbackUrl.toString());\n url.searchParams.set(\"preview_url\", `${normalizedOrigin}${appBasePath}`);\n url.searchParams.set(\"framework\", \"agent-native\");\n return url.toString();\n}\n\n/**\n * The bare URL surfaced to clients as `connectUrl`. The status route appends\n * a short-lived signed connect token when it knows the current owner; this\n * helper stays bare so server-rendered cards can still render without a\n * request-bound owner and the connect route can fall back to Fetch Metadata.\n */\nexport function getBuilderBrowserConnectUrl(origin: string): string {\n return `${normalizeOrigin(origin)}${getAppBasePath()}/_agent-native/builder/connect`;\n}\n\nexport function getBuilderBrowserStatus(origin: string): BuilderBrowserStatus {\n const branchProjectId = getConfiguredBuilderBranchProjectId();\n const envManaged = !!process.env.BUILDER_PRIVATE_KEY;\n return {\n configured: !!(\n process.env.BUILDER_PRIVATE_KEY && process.env.BUILDER_PUBLIC_KEY\n ),\n builderEnabled: isBuilderBranchingEnabled(),\n branchProjectIdConfigured: !!branchProjectId,\n branchProjectId: branchProjectId || undefined,\n envManaged,\n credentialSource: envManaged ? \"env\" : undefined,\n appHost: getBuilderAppHost(),\n apiHost: getBuilderApiHost(),\n connectUrl: getBuilderBrowserConnectUrl(origin),\n publicKeyConfigured: !!process.env.BUILDER_PUBLIC_KEY,\n privateKeyConfigured: !!process.env.BUILDER_PRIVATE_KEY,\n userId: process.env.BUILDER_USER_ID || undefined,\n orgName: process.env.BUILDER_ORG_NAME || undefined,\n orgKind: process.env.BUILDER_ORG_KIND || undefined,\n };\n}\n\nexport function getBuilderBrowserStatusForEvent(\n event: H3Event,\n): BuilderBrowserStatus {\n return getBuilderBrowserStatus(getOrigin(event));\n}\n\n/**\n * Env vars written by the Builder CLI-auth callback. Single source of truth\n * for the connect/disconnect key set — `getBuilderCallbackEnvVars` and the\n * disconnect handler's scrub loop both derive from this list, so drift\n * (e.g. disconnect silently leaving `BUILDER_USER_ID` behind because\n * someone added a key to one site but not the other) is impossible.\n */\nexport const BUILDER_ENV_KEYS = [\n \"BUILDER_PRIVATE_KEY\",\n \"BUILDER_PUBLIC_KEY\",\n \"BUILDER_USER_ID\",\n \"BUILDER_ORG_NAME\",\n \"BUILDER_ORG_KIND\",\n] as const;\n\nexport type BuilderEnvKey = (typeof BUILDER_ENV_KEYS)[number];\n\nexport function getBuilderCallbackEnvVars(params: {\n privateKey?: string | null;\n publicKey?: string | null;\n userId?: string | null;\n orgName?: string | null;\n orgKind?: string | null;\n}) {\n const values: Record<BuilderEnvKey, string> = {\n BUILDER_PRIVATE_KEY: params.privateKey?.trim() || \"\",\n BUILDER_PUBLIC_KEY: params.publicKey?.trim() || \"\",\n BUILDER_USER_ID: params.userId?.trim() || \"\",\n BUILDER_ORG_NAME: params.orgName?.trim() || \"\",\n BUILDER_ORG_KIND: params.orgKind?.trim() || \"\",\n };\n return BUILDER_ENV_KEYS.map((key) => ({ key, value: values[key] }));\n}\n\nexport function resolveSafePreviewUrl(\n previewUrl: string | null | undefined,\n event: H3Event,\n): string {\n if (previewUrl && isAllowedBrowserReturnUrl(previewUrl)) {\n return previewUrl;\n }\n return getOrigin(event);\n}\n\n/**\n * Inline theme-detection script that runs before the body paints. Reads the\n * app's stored theme preference (same `localStorage.theme` key used by the\n * client-side theme manager) and falls back to `prefers-color-scheme`. This\n * way the popup matches whatever theme the user already picked in the app\n * — light, dark, or auto — instead of always rendering in OS-default mode.\n */\nconst BUILDER_CALLBACK_THEME_SCRIPT = `<script>\n(function () {\n try {\n var stored = window.localStorage && window.localStorage.getItem(\"theme\");\n var resolved;\n if (stored === \"light\" || stored === \"dark\") {\n resolved = stored;\n } else {\n var mq = window.matchMedia && window.matchMedia(\"(prefers-color-scheme: dark)\");\n resolved = mq && mq.matches ? \"dark\" : \"light\";\n }\n document.documentElement.classList.add(resolved);\n document.documentElement.style.colorScheme = resolved;\n } catch (e) {}\n})();\n</script>`;\n\n/**\n * Brand-aligned CSS for the Builder connect callback / error pages.\n *\n * Uses the same neutral-zinc palette and Inter font as the rest of the\n * framework's templates (see `templates/*\\/app/global.css`). Tokens map to\n * the same HSL values the templates set on `:root` / `.dark`, so the popup\n * reads as part of the same app — not a stranded marketing page.\n */\nconst BUILDER_CALLBACK_BASE_CSS = `\n :root {\n --bg: hsl(0 0% 100%);\n --fg: hsl(220 10% 10%);\n --muted-fg: hsl(220 5% 45%);\n --card: hsl(0 0% 100%);\n --border: hsl(220 10% 90%);\n --primary: hsl(220 10% 15%);\n --primary-fg: hsl(0 0% 100%);\n --primary-hover: hsl(220 10% 25%);\n --success-bg: hsl(143 50% 96%);\n --success-fg: hsl(143 60% 32%);\n --error-fg: hsl(0 75% 45%);\n --error-bg: hsl(0 80% 97%);\n --error-border: hsl(0 80% 92%);\n }\n :root.dark {\n --bg: hsl(220 6% 6%);\n --fg: hsl(0 0% 92%);\n --muted-fg: hsl(220 4% 60%);\n --card: hsl(220 5% 8%);\n --border: hsl(220 4% 14%);\n --primary: hsl(0 0% 92%);\n --primary-fg: hsl(220 6% 6%);\n --primary-hover: hsl(0 0% 75%);\n --success-bg: hsl(143 30% 12%);\n --success-fg: hsl(143 50% 70%);\n --error-fg: hsl(0 80% 75%);\n --error-bg: hsl(0 35% 12%);\n --error-border: hsl(0 30% 20%);\n }\n *, *::before, *::after { box-sizing: border-box; }\n html, body { height: 100%; }\n body {\n margin: 0;\n min-height: 100vh;\n display: grid;\n place-items: center;\n background: var(--bg);\n color: var(--fg);\n font-family: \"Inter\", ui-sans-serif, system-ui, -apple-system, \"Segoe UI\", \"Helvetica Neue\", Arial, sans-serif;\n font-size: 14px;\n line-height: 1.55;\n font-feature-settings: \"cv02\", \"cv03\", \"cv04\", \"cv11\";\n -webkit-font-smoothing: antialiased;\n -moz-osx-font-smoothing: grayscale;\n padding: 24px;\n }\n .card {\n width: min(420px, 100%);\n border: 1px solid var(--border);\n border-radius: 12px;\n padding: 32px 28px;\n background: var(--card);\n text-align: center;\n }\n .icon {\n display: inline-flex;\n align-items: center;\n justify-content: center;\n width: 44px;\n height: 44px;\n border-radius: 999px;\n margin-bottom: 16px;\n }\n .icon svg { width: 22px; height: 22px; display: block; }\n .icon-success { background: var(--success-bg); color: var(--success-fg); }\n .icon-error { background: var(--error-bg); color: var(--error-fg); }\n h1 {\n margin: 0 0 6px;\n font-size: 17px;\n font-weight: 600;\n letter-spacing: -0.01em;\n color: var(--fg);\n }\n p {\n margin: 0 0 4px;\n color: var(--fg);\n font-size: 14px;\n }\n p.muted { color: var(--muted-fg); }\n .btn {\n display: inline-flex;\n align-items: center;\n justify-content: center;\n height: 36px;\n padding: 0 16px;\n margin-top: 20px;\n background: var(--primary);\n color: var(--primary-fg);\n border-radius: 8px;\n font-size: 13px;\n font-weight: 500;\n text-decoration: none;\n border: none;\n cursor: pointer;\n }\n .btn:hover { background: var(--primary-hover); }\n pre.error-detail {\n margin: 16px 0 0;\n padding: 10px 12px;\n background: var(--error-bg);\n border: 1px solid var(--error-border);\n border-radius: 8px;\n color: var(--error-fg);\n font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace;\n font-size: 12px;\n line-height: 1.5;\n text-align: left;\n white-space: pre-wrap;\n word-break: break-word;\n }\n`;\n\nexport function createBuilderBrowserCallbackPage(previewUrl: string): string {\n const escapedUrl = JSON.stringify(previewUrl);\n return `<!doctype html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no\" />\n <title>Builder connected</title>\n <link rel=\"preconnect\" href=\"https://fonts.googleapis.com\" />\n <link rel=\"preconnect\" href=\"https://fonts.gstatic.com\" crossorigin />\n <link href=\"https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&display=swap\" rel=\"stylesheet\" />\n ${BUILDER_CALLBACK_THEME_SCRIPT}\n <style>${BUILDER_CALLBACK_BASE_CSS}</style>\n </head>\n <body>\n <main class=\"card\" role=\"status\" aria-live=\"polite\">\n <span class=\"icon icon-success\" aria-hidden=\"true\">\n <svg viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"></polyline></svg>\n </span>\n <h1>Builder connected</h1>\n <p>Browser access is now available to your app.</p>\n <p class=\"muted\">You can close this tab and return to the workspace.</p>\n <a class=\"btn\" href=${escapedUrl}>Open the workspace</a>\n </main>\n <script>\n // If we're a popup opened by the app, close ourselves and let the\n // parent tab keep polling for connection status. If close() is\n // blocked (e.g. we're the top-level tab because popups were\n // downgraded), fall back to navigating back to the workspace.\n window.setTimeout(function () {\n try { window.close(); } catch (e) {}\n window.setTimeout(function () {\n if (!window.closed) {\n window.location.replace(${escapedUrl});\n }\n }, 200);\n }, 700);\n </script>\n </body>\n</html>`;\n}\n\n/**\n * HTML page rendered inside the OAuth popup when the callback handler caught\n * an error persisting the per-user Builder credentials. Without this, the\n * popup would show the success page even though the write failed — leaving\n * the parent window stuck on \"Waiting for Builder…\" until the 5-minute poll\n * timeout fires (Midhun reported this on 2026-04-28).\n *\n * The page does two things:\n * 1. Shows the user a clear \"couldn't save credentials\" message with the\n * underlying error so they can retry or report.\n * 2. `postMessage`s the parent (same-origin opener) so the connect-flow\n * polling stops immediately rather than waiting for the next /status\n * poll to surface the SQL `builder-connect-error:<email>` row.\n */\nexport function createBuilderBrowserCallbackErrorPage(message: string): string {\n const escapedMessage = JSON.stringify(message);\n return `<!doctype html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no\" />\n <title>Builder connect failed</title>\n <link rel=\"preconnect\" href=\"https://fonts.googleapis.com\" />\n <link rel=\"preconnect\" href=\"https://fonts.gstatic.com\" crossorigin />\n <link href=\"https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&display=swap\" rel=\"stylesheet\" />\n ${BUILDER_CALLBACK_THEME_SCRIPT}\n <style>${BUILDER_CALLBACK_BASE_CSS}</style>\n </head>\n <body>\n <main class=\"card\" role=\"alert\" aria-live=\"assertive\">\n <span class=\"icon icon-error\" aria-hidden=\"true\">\n <svg viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M10.29 3.86 1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0Z\"></path><line x1=\"12\" y1=\"9\" x2=\"12\" y2=\"13\"></line><line x1=\"12\" y1=\"17\" x2=\"12.01\" y2=\"17\"></line></svg>\n </span>\n <h1>Couldn't save Builder connection</h1>\n <p class=\"muted\">Builder authorized your account but the server couldn't persist the credentials.</p>\n <pre class=\"error-detail\" id=\"msg\"></pre>\n <p class=\"muted\" style=\"margin-top:12px\">You can close this tab and try again from settings.</p>\n </main>\n <script>\n try {\n var msg = ${escapedMessage};\n document.getElementById(\"msg\").textContent = msg;\n // Notify the parent tab immediately so its polling loop stops\n // without waiting for the next /builder/status tick.\n //\n // BroadcastChannel works across same-origin windows regardless of\n // opener access — it is the only reliable channel here because\n // popups opened with window.open(..., \"noopener\") or links with\n // rel=\"noopener\" have window.opener === null. The legacy\n // window.opener.postMessage path is kept as a belt-and-suspenders\n // fallback for non-BroadcastChannel environments.\n try {\n var bc = new BroadcastChannel(\"builder-connect:\" + window.location.host);\n bc.postMessage({ type: \"builder-connect-error\", message: msg });\n bc.close();\n } catch (e) {}\n if (window.opener && !window.opener.closed) {\n try {\n window.opener.postMessage(\n { type: \"builder-connect-error\", message: msg },\n window.location.origin,\n );\n } catch (e) {}\n }\n } catch (e) {}\n </script>\n </body>\n</html>`;\n}\n\nexport interface RunBuilderAgentArgs {\n prompt: string;\n projectId?: string;\n branchName?: string;\n userEmail?: string;\n userId?: string;\n}\n\nexport interface RunBuilderAgentResult {\n branchName: string;\n projectId: string;\n url: string;\n status: string;\n}\n\nfunction normalizeBuilderApiString(value: unknown, fieldName: string): string {\n if (typeof value !== \"string\" || !value.trim()) {\n throw new Error(`Builder agent run returned a blank ${fieldName}`);\n }\n const trimmed = value.trim();\n if (/[\\u0000-\\u001f\\u007f]/.test(trimmed)) {\n throw new Error(`Builder agent run returned a malformed ${fieldName}`);\n }\n return trimmed;\n}\n\nfunction normalizeBuilderBranchUrl(value: unknown): string {\n const urlString = normalizeBuilderApiString(value, \"url\");\n let parsed: URL;\n try {\n parsed = new URL(urlString);\n } catch {\n throw new Error(\"Builder agent run returned a malformed url\");\n }\n if (parsed.protocol !== \"https:\" && parsed.protocol !== \"http:\") {\n throw new Error(\"Builder agent run returned a malformed url\");\n }\n if (\n parsed.hostname !== \"builder.io\" &&\n !parsed.hostname.endsWith(\".builder.io\")\n ) {\n throw new Error(\"Builder agent run returned a non-Builder url\");\n }\n return parsed.toString();\n}\n\n/**\n * POST a prompt to the Builder agents-run API. The Builder agent runs in a\n * cloud sandbox and writes code to a branch; the returned URL opens that\n * branch in the Visual Editor so the user can watch progress.\n *\n * Spec: https://www.builder.io/c/docs/agents-run-api\n */\nexport async function runBuilderAgent(\n args: RunBuilderAgentArgs,\n): Promise<RunBuilderAgentResult> {\n const { resolveBuilderCredentials } =\n await import(\"./credential-provider.js\");\n const creds = await resolveBuilderCredentials();\n if (!creds.privateKey || !creds.publicKey) {\n throw new Error(\"Builder keys are not configured\");\n }\n if (!args.prompt || !args.prompt.trim()) {\n throw new Error(\"prompt is required\");\n }\n const projectId = args.projectId?.trim();\n if (!projectId) {\n throw new Error(\n \"Builder project ID is not configured. Set DISPATCH_BUILDER_PROJECT_ID, BUILDER_BRANCH_PROJECT_ID, or BUILDER_PROJECT_ID.\",\n );\n }\n const builderUserId = args.userId || creds.userId || undefined;\n const builderUserEmail = builderUserId ? undefined : args.userEmail;\n if (!builderUserEmail && !builderUserId) {\n throw new Error(\"userEmail or userId is required\");\n }\n\n const url = new URL(\"/agents/run\", getBuilderApiHost());\n url.searchParams.set(\"apiKey\", creds.publicKey);\n\n const body: Record<string, unknown> = {\n userMessage: { userPrompt: args.prompt },\n projectId,\n };\n if (args.branchName) body.branchName = args.branchName;\n if (builderUserEmail) body.userEmail = builderUserEmail;\n if (builderUserId) body.userId = builderUserId;\n\n const response = await fetch(url, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${creds.privateKey}`,\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify(body),\n });\n\n const parsed = (await response.json().catch(() => ({}))) as Record<\n string,\n unknown\n >;\n if (!response.ok) {\n const msg =\n typeof parsed.error === \"string\"\n ? parsed.error\n : `Builder agent run failed (${response.status})`;\n throw new Error(msg);\n }\n\n return {\n branchName: normalizeBuilderApiString(parsed.branchName, \"branchName\"),\n projectId:\n typeof parsed.projectId === \"string\" && parsed.projectId.trim()\n ? parsed.projectId.trim()\n : projectId,\n url: normalizeBuilderBranchUrl(parsed.url),\n status:\n typeof parsed.status === \"string\" && parsed.status.trim()\n ? parsed.status.trim()\n : \"processing\",\n };\n}\n\nexport async function requestBuilderBrowserConnection(\n args: BrowserConnectionArgs,\n): Promise<Record<string, unknown>> {\n const { resolveBuilderCredentials } =\n await import(\"./credential-provider.js\");\n const creds = await resolveBuilderCredentials();\n if (!creds.privateKey || !creds.publicKey) {\n throw new Error(\"Builder browser access is not configured\");\n }\n\n const sessionId = args.sessionId?.trim();\n if (!sessionId) {\n throw new Error(\"sessionId is required\");\n }\n\n const url = new URL(\"/codegen/get-browser-connection\", getBuilderApiHost());\n url.searchParams.set(\"apiKey\", creds.publicKey);\n if (creds.userId) {\n url.searchParams.set(\"userId\", creds.userId);\n }\n\n const response = await fetch(url, {\n method: \"POST\",\n headers: {\n Authorization: `Bearer ${creds.privateKey}`,\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({\n sessionId,\n projectId: args.projectId || undefined,\n branchName: args.branchName || undefined,\n proxyOrigin: args.proxyOrigin || undefined,\n proxyDefaultOrigin: args.proxyDefaultOrigin || undefined,\n proxyDst: args.proxyDestination || undefined,\n }),\n });\n\n const body = (await response.json().catch(() => ({}))) as Record<\n string,\n unknown\n >;\n if (!response.ok) {\n const error =\n typeof body.error === \"string\"\n ? body.error\n : `Builder browser request failed (${response.status})`;\n throw new Error(error);\n }\n\n return body;\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"core-routes-plugin.d.ts","sourceRoot":"","sources":["../../src/server/core-routes-plugin.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAKlC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AA4EvD;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,mBAAmB,CAAC;AA8EvD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,GACb,MAAM,GAAG,IAAI,CAWf;AAUD,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE9D,MAAM,WAAW,uBAAuB;IACtC,wEAAwE;IACxE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,oDAAoD;IACpD,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,2DAA2D;IAC3D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qEAAqE;IACrE,OAAO,CAAC,EAAE,YAAY,EAAE,CAAC;IACzB;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CAC7E;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,GAAE,uBAA4B,GACpC,cAAc,
|
|
1
|
+
{"version":3,"file":"core-routes-plugin.d.ts","sourceRoot":"","sources":["../../src/server/core-routes-plugin.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAKlC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AA4EvD;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,mBAAmB,CAAC;AA8EvD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,GACb,MAAM,GAAG,IAAI,CAWf;AAUD,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE9D,MAAM,WAAW,uBAAuB;IACtC,wEAAwE;IACxE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,oDAAoD;IACpD,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,2DAA2D;IAC3D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,qEAAqE;IACrE,OAAO,CAAC,EAAE,YAAY,EAAE,CAAC;IACzB;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CAC7E;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,GAAE,uBAA4B,GACpC,cAAc,CAqyDhB;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,uBAAuB,EAAE,cAAyC,CAAC"}
|
|
@@ -368,39 +368,10 @@ export function createCoreRoutesPlugin(options = {}) {
|
|
|
368
368
|
branchProjectIdConfigured: !!projectId,
|
|
369
369
|
branchProjectId: projectId || undefined,
|
|
370
370
|
};
|
|
371
|
-
//
|
|
372
|
-
//
|
|
373
|
-
//
|
|
374
|
-
//
|
|
375
|
-
// Branch project IDs are still request-scoped above so a Builder.io
|
|
376
|
-
// org secret can enable branches without a deploy env var.
|
|
377
|
-
if (envStatus.envManaged) {
|
|
378
|
-
return withConnectToken(requestStatus);
|
|
379
|
-
}
|
|
380
|
-
// Per-user OAuth mode: read the user's app_secrets-stored creds.
|
|
381
|
-
try {
|
|
382
|
-
const { resolveBuilderCredentials } = await import("./credential-provider.js");
|
|
383
|
-
const creds = await resolveBuilderCredentials();
|
|
384
|
-
if (creds.privateKey) {
|
|
385
|
-
return withConnectToken({
|
|
386
|
-
...requestStatus,
|
|
387
|
-
configured: true,
|
|
388
|
-
privateKeyConfigured: true,
|
|
389
|
-
publicKeyConfigured: !!creds.publicKey,
|
|
390
|
-
userId: creds.userId || envStatus.userId,
|
|
391
|
-
orgName: creds.orgName || envStatus.orgName,
|
|
392
|
-
orgKind: creds.orgKind || envStatus.orgKind,
|
|
393
|
-
});
|
|
394
|
-
}
|
|
395
|
-
}
|
|
396
|
-
catch {
|
|
397
|
-
// Secrets table not ready — fall through to env status
|
|
398
|
-
}
|
|
399
|
-
// Surface a recent OAuth callback failure so the parent's polling
|
|
400
|
-
// stops with a clear message instead of timing out at 5min. The
|
|
401
|
-
// callback handler writes a `builder-connect-error:<email>` row
|
|
402
|
-
// when `writeBuilderCredentials` throws; this read self-clears so
|
|
403
|
-
// the message only fires once.
|
|
371
|
+
// Surface a recent OAuth callback failure before reporting a
|
|
372
|
+
// deployment fallback as "connected"; otherwise a failed personal
|
|
373
|
+
// connect attempt on a deploy that also has BUILDER_PRIVATE_KEY set
|
|
374
|
+
// looks successful even though the user's credentials were not saved.
|
|
404
375
|
try {
|
|
405
376
|
if (userEmail) {
|
|
406
377
|
const errKey = `builder-connect-error:${userEmail}`;
|
|
@@ -428,6 +399,31 @@ export function createCoreRoutesPlugin(options = {}) {
|
|
|
428
399
|
catch {
|
|
429
400
|
// settings store unavailable — fall through
|
|
430
401
|
}
|
|
402
|
+
// Read request-scoped Builder credentials first; deploy env is only
|
|
403
|
+
// the fallback. This keeps a root/local BUILDER_PRIVATE_KEY from
|
|
404
|
+
// blocking a user from connecting their own Builder account.
|
|
405
|
+
try {
|
|
406
|
+
const { resolveBuilderCredentials, resolveBuilderCredentialSource, } = await import("./credential-provider.js");
|
|
407
|
+
const [creds, credentialSource] = await Promise.all([
|
|
408
|
+
resolveBuilderCredentials(),
|
|
409
|
+
resolveBuilderCredentialSource(),
|
|
410
|
+
]);
|
|
411
|
+
if (creds.privateKey) {
|
|
412
|
+
return withConnectToken({
|
|
413
|
+
...requestStatus,
|
|
414
|
+
configured: true,
|
|
415
|
+
privateKeyConfigured: true,
|
|
416
|
+
publicKeyConfigured: !!creds.publicKey,
|
|
417
|
+
userId: creds.userId || envStatus.userId,
|
|
418
|
+
orgName: creds.orgName || envStatus.orgName,
|
|
419
|
+
orgKind: creds.orgKind || envStatus.orgKind,
|
|
420
|
+
credentialSource: credentialSource ?? undefined,
|
|
421
|
+
});
|
|
422
|
+
}
|
|
423
|
+
}
|
|
424
|
+
catch {
|
|
425
|
+
// Secrets table not ready — fall through to env status
|
|
426
|
+
}
|
|
431
427
|
// Honor legacy disconnect flag for existing deployments.
|
|
432
428
|
try {
|
|
433
429
|
const disconnected = await getSetting("builder-disconnected");
|
|
@@ -529,19 +525,6 @@ export function createCoreRoutesPlugin(options = {}) {
|
|
|
529
525
|
setResponseStatus(event, 401);
|
|
530
526
|
return { error: "Authentication required" };
|
|
531
527
|
}
|
|
532
|
-
// Env-managed mode: per-user OAuth is disabled because the operator
|
|
533
|
-
// already provided a deploy-level Builder identity. Reject the
|
|
534
|
-
// connect attempt — any per-user keys we wrote would be ignored
|
|
535
|
-
// by the resolver, so completing the OAuth flow would be a no-op
|
|
536
|
-
// that misleads the user about the resulting connection state.
|
|
537
|
-
const { isBuilderEnvManaged } = await import("./credential-provider.js");
|
|
538
|
-
if (isBuilderEnvManaged()) {
|
|
539
|
-
setResponseStatus(event, 409);
|
|
540
|
-
return {
|
|
541
|
-
error: "Builder is managed by the deployment (BUILDER_PRIVATE_KEY is set). Per-user connect is disabled.",
|
|
542
|
-
envManaged: true,
|
|
543
|
-
};
|
|
544
|
-
}
|
|
545
528
|
const requestUrl = new URL(`${event.url?.pathname || "/"}${event.url?.search || ""}`, getOrigin(event));
|
|
546
529
|
const connectToken = requestUrl.searchParams.get(BUILDER_CONNECT_PARAM);
|
|
547
530
|
const hasValidConnectToken = verifyBuilderConnectToken(connectToken, ownerEmail);
|
|
@@ -878,10 +861,9 @@ export function createCoreRoutesPlugin(options = {}) {
|
|
|
878
861
|
return createBuilderBrowserCallbackPage(previewUrl);
|
|
879
862
|
}));
|
|
880
863
|
// POST /_agent-native/builder/disconnect — revoke the user's per-user
|
|
881
|
-
// Builder credentials in app_secrets.
|
|
882
|
-
//
|
|
883
|
-
//
|
|
884
|
-
// disconnect a deploy-level identity it doesn't own.
|
|
864
|
+
// or org-scoped Builder credentials in app_secrets. Deploy-level env
|
|
865
|
+
// credentials are never mutated here; if env is configured it remains as
|
|
866
|
+
// the fallback after request-scoped credentials are removed.
|
|
885
867
|
getH3App(nitroApp).use(`${P}/builder/disconnect`, defineEventHandler(async (event) => {
|
|
886
868
|
if (getMethod(event) !== "POST") {
|
|
887
869
|
setResponseStatus(event, 405);
|
|
@@ -892,15 +874,7 @@ export function createCoreRoutesPlugin(options = {}) {
|
|
|
892
874
|
setResponseStatus(event, 401);
|
|
893
875
|
return { error: "unauthorized" };
|
|
894
876
|
}
|
|
895
|
-
const {
|
|
896
|
-
if (isBuilderEnvManaged()) {
|
|
897
|
-
setResponseStatus(event, 409);
|
|
898
|
-
return {
|
|
899
|
-
ok: false,
|
|
900
|
-
error: "Builder is managed by deploy-level BUILDER_PRIVATE_KEY. To disconnect, the operator must remove the env var.",
|
|
901
|
-
envManaged: true,
|
|
902
|
-
};
|
|
903
|
-
}
|
|
877
|
+
const { deleteBuilderCredentials } = await import("./credential-provider.js");
|
|
904
878
|
// Mirror the connect-side scope decision so disconnect undoes
|
|
905
879
|
// exactly what connect wrote: owner/admin connections land at
|
|
906
880
|
// org scope and tear down at org scope; member or no-org
|