@agent-native/core 0.15.3 → 0.15.4

package/dist/tools/html-shell.js

@@ -0,0 +1,514 @@
+export const TOOL_IFRAME_CSP = "default-src 'none'; script-src 'self' https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src https://fonts.gstatic.com; connect-src 'self'; img-src 'self' data: blob:; media-src 'self' data: blob:; frame-src 'none'; object-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'self';";
+export const TOOL_IFRAME_META_CSP = TOOL_IFRAME_CSP.replace(/\s*frame-ancestors 'self';?$/, "");
+export function buildToolHtml(content, themeVars, isDark, toolId, binding) {
+    const toolIdJson = JSON.stringify(toolId ?? "");
+    const toolIdAttr = escapeHtmlAttribute(toolId ?? "");
+    const bindingJson = JSON.stringify(binding ?? {
+        authorEmail: "",
+        viewerEmail: "",
+        isAuthor: true,
+        role: "owner",
+    });
+    return `<!DOCTYPE html>
+<html lang="en"${isDark ? ' class="dark"' : ""}>
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <meta http-equiv="Content-Security-Policy" content="${TOOL_IFRAME_META_CSP}" />
+  ${binding && !binding.isAuthor ? `<meta name="agent-native-tool-author" content="${escapeHtmlAttribute(binding.authorEmail)}" />` : ""}
+  <link rel="preconnect" href="https://fonts.googleapis.com" />
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
+  <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300..700&display=swap" rel="stylesheet" />
+  <script>
+    var _toolErrors = [];
+    var _toolErrorDetails = [];
+    var _consoleLogs = [];
+    var _networkLogs = [];
+
+    var _origConsole = { log: console.log, warn: console.warn, error: console.error, info: console.info };
+    function _wrapConsole(level, orig) {
+      return function() {
+        var args = Array.prototype.slice.call(arguments);
+        var msg = args.map(function(a) {
+          try { return typeof a === 'object' ? JSON.stringify(a) : String(a); }
+          catch(e) { return String(a); }
+        }).join(' ');
+        if (_consoleLogs.length >= 50) _consoleLogs.shift();
+        _consoleLogs.push({ level: level, message: msg });
+        orig.apply(console, arguments);
+      };
+    }
+    console.log = _wrapConsole('log', _origConsole.log);
+    console.warn = _wrapConsole('warn', _origConsole.warn);
+    console.error = _wrapConsole('error', _origConsole.error);
+    console.info = _wrapConsole('info', _origConsole.info);
+
+    function _collectError(message, stack) {
+      if (!message) return;
+      if (message === 'Script error.' || message === 'Script error') message = 'Runtime error';
+      if (_toolErrors.indexOf(message) !== -1) return;
+      _toolErrors.push(message);
+      _toolErrorDetails.push({ message: message, stack: stack || '' });
+      var toast = document.getElementById('__tool-error-toast');
+      if (!toast) return;
+      var msg = document.getElementById('__tool-error-msg');
+      if (_toolErrors.length === 1) {
+        msg.textContent = _toolErrors[0];
+      } else {
+        msg.textContent = _toolErrors.length + ' errors — ' + _toolErrors[_toolErrors.length - 1];
+      }
+      toast.style.display = 'block';
+    }
+
+    window.addEventListener('error', function(event) {
+      var msg = event.message || '';
+      if (msg.indexOf('Alpine Expression Error') === 0) return;
+      var stack = event.error && event.error.stack ? event.error.stack : '';
+      _collectError(msg, stack);
+    });
+
+    window.addEventListener('unhandledrejection', function(event) {
+      var msg = event.reason && event.reason.message ? event.reason.message : String(event.reason);
+      var stack = event.reason && event.reason.stack ? event.reason.stack : '';
+      _collectError(msg, stack);
+    });
+  </script>
+  <!--
+    SECURITY: pinned to exact patch versions + SRI integrity hashes. A
+    malicious republish of @tailwindcss/browser@4.x or alpinejs@3.x would
+    otherwise inject code into every tool. To bump these versions:
+      1. npm view @tailwindcss/browser version  (or alpinejs)
+      2. curl -sL https://cdn.jsdelivr.net/npm/@tailwindcss/browser@<v> \
+         | openssl dgst -sha384 -binary | openssl base64 -A
+      3. Update the URL + integrity hash below in lockstep.
+  -->
+  <script
+    src="https://cdn.jsdelivr.net/npm/@tailwindcss/browser@4.2.4"
+    integrity="sha384-yNSZBFvuOWcmww494a9+1zNuvgUGEXoWkein7cxP8wHUTi3iXCU4vJ7hr3tzBCml"
+    crossorigin="anonymous"
+  ></script>
+  <script
+    defer
+    src="https://cdn.jsdelivr.net/npm/alpinejs@3.15.11/dist/cdn.min.js"
+    integrity="sha384-WPtu0YHhJ3arcykfnv1JgUffWDSKRnqnDeTpJUbOc2os2moEmLkIdaeR0trPN4be"
+    crossorigin="anonymous"
+  ></script>
+  <style>${themeVars}</style>
+  <style type="text/tailwindcss">
+    @custom-variant dark (&:where(.dark, .dark *));
+    @theme {
+      --color-border: hsl(var(--border));
+      --color-input: hsl(var(--input));
+      --color-ring: hsl(var(--ring));
+      --color-background: hsl(var(--background));
+      --color-foreground: hsl(var(--foreground));
+      --color-primary: hsl(var(--primary));
+      --color-primary-foreground: hsl(var(--primary-foreground));
+      --color-secondary: hsl(var(--secondary));
+      --color-secondary-foreground: hsl(var(--secondary-foreground));
+      --color-destructive: hsl(var(--destructive));
+      --color-destructive-foreground: hsl(var(--destructive-foreground));
+      --color-muted: hsl(var(--muted));
+      --color-muted-foreground: hsl(var(--muted-foreground));
+      --color-accent: hsl(var(--accent));
+      --color-accent-foreground: hsl(var(--accent-foreground));
+      --color-popover: hsl(var(--popover));
+      --color-popover-foreground: hsl(var(--popover-foreground));
+      --color-card: hsl(var(--card));
+      --color-card-foreground: hsl(var(--card-foreground));
+      --color-sidebar: hsl(var(--sidebar-background));
+      --color-sidebar-foreground: hsl(var(--sidebar-foreground));
+      --color-sidebar-primary: hsl(var(--sidebar-primary));
+      --color-sidebar-primary-foreground: hsl(var(--sidebar-primary-foreground));
+      --color-sidebar-accent: hsl(var(--sidebar-accent));
+      --color-sidebar-accent-foreground: hsl(var(--sidebar-accent-foreground));
+      --color-sidebar-border: hsl(var(--sidebar-border));
+      --color-sidebar-ring: hsl(var(--sidebar-ring));
+      --radius-lg: var(--radius);
+      --radius-md: calc(var(--radius) - 2px);
+      --radius-sm: calc(var(--radius) - 4px);
+    }
+  </style>
+	  <style>
+	    *, *::before, *::after { border-color: hsl(var(--border)); }
+	    body {
+	      --agent-native-tool-padding: clamp(16px, 2vw, 24px);
+	      box-sizing: border-box;
+	      font-family: 'Inter', sans-serif;
+	      margin: 0;
+	      min-height: 100vh;
+	      padding: var(--agent-native-tool-padding);
+	    }
+	    body:has(> [data-tool-layout="full-bleed"]),
+	    body:has(> [data-tool-padding="none"]),
+	    body:has(> .agent-native-tool-bleed) {
+	      padding: 0;
+	    }
+	  </style>
+	  <script>
+	    var _toolRequestSeq = 0;
+	    var _toolPendingRequests = {};
+
+	    window.addEventListener('message', function(event) {
+	      if (event.source !== window.parent) return;
+	      var message = event.data || {};
+	      if (message.type !== 'agent-native-tool-response') return;
+	      var pending = _toolPendingRequests[message.requestId];
+	      if (!pending) return;
+	      delete _toolPendingRequests[message.requestId];
+	      if (message.error) {
+	        pending.reject(new Error(message.error));
+	      } else {
+	        pending.resolve(message.response);
+	      }
+	    });
+
+	    function hostRequest(path, options) {
+	      options = options || {};
+	      return new Promise(function(resolve, reject) {
+	        var requestId = 'tool-req-' + (++_toolRequestSeq);
+	        _toolPendingRequests[requestId] = { resolve: resolve, reject: reject };
+	        window.parent.postMessage({
+	          type: 'agent-native-tool-request',
+	          requestId: requestId,
+	          path: path,
+	          options: {
+	            method: options.method || 'GET',
+	            headers: options.headers || {},
+	            body: options.body,
+	          },
+	        }, '*');
+	        setTimeout(function() {
+	          var pending = _toolPendingRequests[requestId];
+	          if (!pending) return;
+	          delete _toolPendingRequests[requestId];
+	          pending.reject(new Error('Tool host request timed out'));
+	        }, 30000);
+	      });
+	    }
+
+	    var _origHostRequest = hostRequest;
+	    hostRequest = function(path, options) {
+	      var entry = { path: path, method: (options && options.method) || 'GET' };
+	      return _origHostRequest(path, options).then(function(res) {
+	        entry.ok = res.ok;
+	        entry.status = res.status;
+	        if (!res.ok && res.body) {
+	          try { entry.error = typeof res.body === 'string' ? res.body.slice(0, 200) : JSON.stringify(res.body).slice(0, 200); } catch(e) {}
+	        }
+	        if (_networkLogs.length >= 20) _networkLogs.shift();
+	        _networkLogs.push(entry);
+	        return res;
+	      }, function(err) {
+	        entry.ok = false;
+	        entry.error = err.message;
+	        if (_networkLogs.length >= 20) _networkLogs.shift();
+	        _networkLogs.push(entry);
+	        throw err;
+	      });
+	    };
+
+	    function toolFetch(url, options) {
+	      var opts = options || {};
+	      return hostRequest('/_agent-native/tools/proxy', {
+	        method: 'POST',
+	        headers: { 'Content-Type': 'application/json' },
+	        body: JSON.stringify({
+	          url: url,
+          method: opts.method || 'GET',
+          headers: opts.headers,
+          body: opts.body,
+        }),
+	      }).then(function(res) {
+	        var data = res.body;
+	          if (data.error && data.status === undefined) {
+	            throw new Error(data.error);
+	          }
+          return {
+            ok: data.status >= 200 && data.status < 300,
+            status: data.status,
+	            json: function() { return Promise.resolve(data.body); },
+	            text: function() { return Promise.resolve(typeof data.body === 'string' ? data.body : JSON.stringify(data.body)); },
+	          };
+	      });
+	    }
+
+	    async function appAction(name, params) {
+	      params = params || {};
+	      var res = await hostRequest('/_agent-native/actions/' + encodeURIComponent(name), {
+	        method: 'POST',
+	        headers: { 'Content-Type': 'application/json' },
+	        body: JSON.stringify(params),
+	      });
+	      if (!res.ok) {
+	        var err = res.body || { error: res.statusText };
+	        throw new Error(err.error || 'Action failed: ' + res.status);
+	      }
+	      return res.body;
+	    }
+
+	    async function appFetch(path, options) {
+	      options = options || {};
+	      var res = await hostRequest(path, {
+	        ...options,
+	        headers: {
+	          'Content-Type': 'application/json',
+	          ...(options.headers || {}),
+	        },
+	      });
+	      if (!res.ok) {
+	        var err = typeof res.body === 'object' && res.body ? res.body : { error: res.statusText };
+	        throw new Error(err.error || 'Request failed: ' + res.status);
+	      }
+	      return res.body;
+	    }
+
+    async function dbQuery(sql, args) {
+      var body = { sql: sql };
+      if (args) body.args = args;
+      return appFetch('/_agent-native/tools/sql/query', {
+        method: 'POST',
+        body: JSON.stringify(body),
+      });
+    }
+
+    async function dbExec(sql, args) {
+      var body = { sql: sql };
+      if (args) body.args = args;
+      return appFetch('/_agent-native/tools/sql/exec', {
+        method: 'POST',
+        body: JSON.stringify(body),
+      });
+    }
+
+    var _toolId = ${toolIdJson};
+    var _toolBinding = ${bindingJson};
+    window.toolBinding = _toolBinding;
+    // SECURITY (audit H4): announce the resolved binding to the parent so the
+    // host bridge can gate dangerous helpers based on viewer role. Sent
+    // BEFORE the user-authored content has a chance to run, so a malicious
+    // tool body cannot suppress or rewrite the announcement. The parent
+    // ignores subsequent announcements for the same iframe; see
+    // ToolViewer.tsx / EmbeddedTool.tsx.
+    try {
+      window.parent.postMessage(
+        {
+          type: 'agent-native-tool-binding',
+          toolId: _toolId,
+          binding: _toolBinding,
+        },
+        '*',
+      );
+    } catch (_) {}
+    // SECURITY: when the viewer is not the author of this tool, emit a clear
+    // console warning. The bridge currently runs every helper with the
+    // viewer's session — a malicious shared tool can call any action, read
+    // any owned table row in scope, and resolve any user-scope secret. A
+    // full consent step is tracked as TODO C1 in audit 05-tools-sandbox.md.
+    if (_toolBinding && !_toolBinding.isAuthor) {
+      try {
+        console.warn(
+          '[agent-native] Shared tool — running with viewer\\'s session. ' +
+            'Author: ' + (_toolBinding.authorEmail || '<unknown>') + '. ' +
+            'Bridge calls (appAction, dbExec, toolFetch) execute under ' +
+            'your account; they are gated by your permissions, not the ' +
+            'author\\'s. Do not run untrusted shared tools.',
+        );
+      } catch (_) {}
+    }
+
+    var toolData = {
+	      async list(collection, opts) {
+	        var limit = (opts && opts.limit) || 100;
+	        var scope = (opts && opts.scope) || 'user';
+	        var res = await hostRequest('/_agent-native/tools/data/' + _toolId + '/' + encodeURIComponent(collection) + '?limit=' + limit + '&scope=' + scope);
+	        if (!res.ok) throw new Error('Failed to list tool data');
+	        return res.body;
+	      },
+      async get(collection, id, opts) {
+        var scope = (opts && opts.scope) || 'user';
+        var items = await this.list(collection, { scope: scope });
+        return (items || []).find(function(item) { return item.id === id; }) || null;
+      },
+      async set(collection, id, data, opts) {
+	        var scope = (opts && opts.scope) || 'user';
+	        var res = await hostRequest('/_agent-native/tools/data/' + _toolId + '/' + encodeURIComponent(collection), {
+	          method: 'POST',
+	          headers: { 'Content-Type': 'application/json' },
+	          body: JSON.stringify({ id: id, data: data, scope: scope }),
+	        });
+	        if (!res.ok) throw new Error('Failed to save tool data');
+	        return res.body;
+	      },
+	      async remove(collection, id, opts) {
+	        var scope = (opts && opts.scope) || 'user';
+	        var res = await hostRequest('/_agent-native/tools/data/' + _toolId + '/' + encodeURIComponent(collection) + '/' + encodeURIComponent(id) + '?scope=' + scope, {
+	          method: 'DELETE',
+	        });
+	        if (!res.ok) throw new Error('Failed to delete tool data');
+	        return res.body;
+	      },
+	    };
+	  </script>
+	  <style>
+	    #__tool-error-toast {
+	      display: none;
+	      position: fixed;
+	      bottom: 16px;
+	      right: 16px;
+	      max-width: 420px;
+	      background: hsl(var(--destructive));
+	      color: hsl(var(--destructive-foreground));
+	      border: 1px solid hsl(var(--destructive) / .6);
+	      border-radius: calc(var(--radius, .5rem) + 2px);
+	      padding: 12px 16px;
+	      font-size: 13px;
+	      line-height: 1.4;
+	      font-family: 'Inter', sans-serif;
+	      z-index: 9999;
+	      box-shadow: 0 4px 12px rgba(0,0,0,.15), 0 1px 3px rgba(0,0,0,.1);
+	      animation: __toast-in 0.2s ease-out;
+	    }
+	    @keyframes __toast-in {
+	      from { opacity: 0; transform: translateY(8px); }
+	      to { opacity: 1; transform: translateY(0); }
+	    }
+	  </style>
+	  <script>
+	    // Extension-point slot context: when a tool is rendered embedded inside an
+	    // ExtensionSlot, the host pushes a context object via postMessage. Tools
+	    // read it synchronously via window.slotContext or subscribe to changes
+	    // via window.onSlotContext(fn). When rendered full-page (no ?slot= param),
+	    // slotContext stays null and tools branch on that.
+	    window.slotContext = null;
+	    var _slotContextSubscribers = [];
+	    window.onSlotContext = function(fn) {
+	      _slotContextSubscribers.push(fn);
+	      if (window.slotContext !== null) {
+	        try { fn(window.slotContext); } catch(_) {}
+	      }
+	      return function() {
+	        _slotContextSubscribers = _slotContextSubscribers.filter(function(f) { return f !== fn; });
+	      };
+	    };
+	    window.addEventListener('message', function(event) {
+	      if (event.source !== window.parent) return;
+	      var msg = event.data;
+	      if (!msg || msg.type !== 'agent-native-slot-context') return;
+	      window.slotContext = msg.context || {};
+	      _slotContextSubscribers.forEach(function(fn) {
+	        try { fn(window.slotContext); } catch(_) {}
+	      });
+	    });
+
+	    // Auto-resize the iframe to its content when running in slot mode. The
+	    // host listens for agent-native-tool-resize and adjusts the iframe height.
+	    if (new URLSearchParams(location.search).get('slot')) {
+	      var _lastH = 0;
+	      var _reportHeight = function() {
+	        var h = Math.max(
+	          document.documentElement.scrollHeight,
+	          document.body ? document.body.scrollHeight : 0,
+	        );
+	        if (h !== _lastH) {
+	          _lastH = h;
+	          window.parent.postMessage({ type: 'agent-native-tool-resize', height: h }, '*');
+	        }
+	      };
+	      if (typeof ResizeObserver !== 'undefined') {
+	        var _ro = new ResizeObserver(_reportHeight);
+	        document.addEventListener('DOMContentLoaded', function() {
+	          _ro.observe(document.documentElement);
+	          if (document.body) _ro.observe(document.body);
+	        });
+	      }
+	      // Initial reports — Alpine takes a tick to render after DOMContentLoaded.
+	      setTimeout(_reportHeight, 50);
+	      setTimeout(_reportHeight, 250);
+	    }
+
+	    window.addEventListener('message', function(event) {
+	      if (event.source !== window.parent) return;
+	      var msg = event.data;
+	      if (!msg || msg.type !== 'agent-native-theme-update') return;
+	      var root = document.documentElement;
+	      if (msg.isDark !== undefined) {
+	        if (msg.isDark) root.classList.add('dark');
+	        else root.classList.remove('dark');
+	      }
+	      var vars = msg.vars || {};
+	      for (var key in vars) {
+	        if (vars.hasOwnProperty(key)) {
+	          root.style.setProperty(key, vars[key]);
+	        }
+	      }
+	    });
+
+	    document.addEventListener('keydown', function(e) {
+	      if ((e.metaKey || e.ctrlKey) && !e.altKey) {
+	        var key = e.key.toLowerCase();
+	        if (key === 'c' || key === 'v' || key === 'x' || key === 'a' || key === 'z' || key === 'y') return;
+	        e.preventDefault();
+	        e.stopPropagation();
+	        window.parent.postMessage({
+	          type: 'agent-native-tool-keydown',
+	          key: e.key, code: e.code,
+	          metaKey: e.metaKey, ctrlKey: e.ctrlKey,
+	          shiftKey: e.shiftKey, altKey: e.altKey,
+	        }, '*');
+	        return;
+	      }
+	      if (e.key === 'Escape') {
+	        window.parent.postMessage({
+	          type: 'agent-native-tool-keydown',
+	          key: e.key, code: e.code,
+	          metaKey: false, ctrlKey: false,
+	          shiftKey: false, altKey: false,
+	        }, '*');
+	      }
+	    });
+
+	    document.addEventListener('DOMContentLoaded', function() {
+	      var fixBtn = document.getElementById('__tool-error-fix');
+	      if (fixBtn) {
+	        fixBtn.addEventListener('click', function() {
+	          window.parent.postMessage({
+	            type: 'agent-native-tool-error-fix',
+	            errors: _toolErrors,
+	            errorDetails: _toolErrorDetails,
+	            consoleLogs: _consoleLogs.slice(-30),
+	            networkLogs: _networkLogs.slice(-15)
+	          }, '*');
+	          document.getElementById('__tool-error-toast').style.display = 'none';
+	        });
+	      }
+	      var dismissBtn = document.getElementById('__tool-error-dismiss');
+	      if (dismissBtn) {
+	        dismissBtn.addEventListener('click', function() {
+	          document.getElementById('__tool-error-toast').style.display = 'none';
+	        });
+	      }
+	    });
+	  </script>
+	</head>
+	<body${toolId ? ` data-tool-id="${toolIdAttr}"` : ""} class="bg-background text-foreground">
+	${content}
+	<div id="__tool-error-toast">
+	  <div style="display:flex;align-items:flex-start;gap:8px;">
+	    <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="flex-shrink:0;margin-top:1px;"><circle cx="12" cy="12" r="10"/><line x1="12" y1="8" x2="12" y2="12"/><line x1="12" y1="16" x2="12.01" y2="16"/></svg>
+	    <span id="__tool-error-msg" style="flex:1;overflow:hidden;display:-webkit-box;-webkit-line-clamp:3;-webkit-box-orient:vertical;"></span>
+	    <button id="__tool-error-fix" style="cursor:pointer;border:none;background:rgba(255,255,255,.9);color:hsl(0 84.2% 40%);font-size:12px;font-weight:500;padding:4px 12px;border-radius:4px;flex-shrink:0;">Fix</button>
+	    <button id="__tool-error-dismiss" style="cursor:pointer;border:none;background:transparent;color:inherit;font-size:16px;padding:2px 6px;opacity:0.7;flex-shrink:0;">&#215;</button>
+	  </div>
+	</div>
+	</body>
+	</html>`;
+}
+function escapeHtmlAttribute(value) {
+    return value
+        .replace(/&/g, "&amp;")
+        .replace(/"/g, "&quot;")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;");
+}
+//# sourceMappingURL=html-shell.js.map

package/dist/tools/html-shell.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"html-shell.js","sourceRoot":"","sources":["../../src/tools/html-shell.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,eAAe,GAC1B,2YAA2Y,CAAC;AAE9Y,MAAM,CAAC,MAAM,oBAAoB,GAAG,eAAe,CAAC,OAAO,CACzD,8BAA8B,EAC9B,EAAE,CACH,CAAC;AA6CF,MAAM,UAAU,aAAa,CAC3B,OAAe,EACf,SAAiB,EACjB,MAAe,EACf,MAAe,EACf,OAA2B;IAE3B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IACrD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAChC,OAAO,IAAI;QACT,WAAW,EAAE,EAAE;QACf,WAAW,EAAE,EAAE;QACf,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,OAAO;KACd,CACF,CAAC;IAEF,OAAO;iBACQ,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE;;;;wDAIU,oBAAoB;IACxE,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,kDAAkD,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA8E7H,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBA4LA,UAAU;yBACL,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAiN5B,MAAM,CAAC,CAAC,CAAC,kBAAkB,UAAU,GAAG,CAAC,CAAC,CAAC,EAAE;GAClD,OAAO;;;;;;;;;;SAUD,CAAC;AACV,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa;IACxC,OAAO,KAAK;SACT,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AAC3B,CAAC","sourcesContent":["export const TOOL_IFRAME_CSP =\n  \"default-src 'none'; script-src 'self' https://cdn.jsdelivr.net 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src https://fonts.gstatic.com; connect-src 'self'; img-src 'self' data: blob:; media-src 'self' data: blob:; frame-src 'none'; object-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'self';\";\n\nexport const TOOL_IFRAME_META_CSP = TOOL_IFRAME_CSP.replace(\n  /\\s*frame-ancestors 'self';?$/,\n  \"\",\n);\n\n/**\n * SECURITY — TOOL CONTENT IS UNTRUSTED.\n *\n * `${content}` (line ~Body) interpolates raw HTML/JS authored by a user. This\n * file is the boundary between framework-controlled HTML and user-controlled\n * HTML. Two non-negotiable invariants for every change here:\n *\n *   1. The iframe MUST be rendered with a `sandbox` attribute that does NOT\n *      include `allow-same-origin`. The viewer (`ToolViewer.tsx`,\n *      `EmbeddedTool.tsx`) sets `sandbox=\"allow-scripts allow-forms\"` — and\n *      that is the only acceptable shape. Adding `allow-same-origin` would\n *      give the tool full DOM access to the parent window via cross-frame\n *      script.\n *\n *   2. Every reachable parent action must treat the postMessage payload as\n *      hostile. The bridge in `iframe-bridge.ts` enforces a path allowlist,\n *      header sanitization, and method allowlist; do not relax those gates\n *      for \"convenience\" in this file or any caller.\n *\n * For the trust model rationale, see audit 05-tools-sandbox.md (C1) and the\n * `tools` skill. When in doubt, fail closed.\n */\n\nexport interface ToolRenderBinding {\n  /** Email of the user who authored / owns the tool. */\n  authorEmail: string;\n  /** Email of the user currently viewing/running the tool. */\n  viewerEmail: string;\n  /** True when viewer === author. */\n  isAuthor: boolean;\n  /**\n   * Resolved role for the viewer (\"owner\" | \"admin\" | \"editor\" | \"viewer\").\n   *\n   * TODO(security, audit H4): the host-side bridge does not yet gate any\n   * helper based on this value — every viewer gets the same powers as the\n   * author. The role is plumbed through so a follow-up PR can constrain\n   * `appAction` / `dbExec` / `toolFetch` for non-author viewers (and\n   * eventually require an explicit consent step before running a shared\n   * tool, audit C1). For now this is metadata only.\n   */\n  role: \"owner\" | \"admin\" | \"editor\" | \"viewer\";\n}\n\nexport function buildToolHtml(\n  content: string,\n  themeVars: string,\n  isDark: boolean,\n  toolId?: string,\n  binding?: ToolRenderBinding,\n): string {\n  const toolIdJson = JSON.stringify(toolId ?? \"\");\n  const toolIdAttr = escapeHtmlAttribute(toolId ?? \"\");\n  const bindingJson = JSON.stringify(\n    binding ?? {\n      authorEmail: \"\",\n      viewerEmail: \"\",\n      isAuthor: true,\n      role: \"owner\",\n    },\n  );\n\n  return `<!DOCTYPE html>\n<html lang=\"en\"${isDark ? ' class=\"dark\"' : \"\"}>\n<head>\n  <meta charset=\"utf-8\" />\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n  <meta http-equiv=\"Content-Security-Policy\" content=\"${TOOL_IFRAME_META_CSP}\" />\n  ${binding && !binding.isAuthor ? `<meta name=\"agent-native-tool-author\" content=\"${escapeHtmlAttribute(binding.authorEmail)}\" />` : \"\"}\n  <link rel=\"preconnect\" href=\"https://fonts.googleapis.com\" />\n  <link rel=\"preconnect\" href=\"https://fonts.gstatic.com\" crossorigin />\n  <link href=\"https://fonts.googleapis.com/css2?family=Inter:wght@300..700&display=swap\" rel=\"stylesheet\" />\n  <script>\n    var _toolErrors = [];\n    var _toolErrorDetails = [];\n    var _consoleLogs = [];\n    var _networkLogs = [];\n\n    var _origConsole = { log: console.log, warn: console.warn, error: console.error, info: console.info };\n    function _wrapConsole(level, orig) {\n      return function() {\n        var args = Array.prototype.slice.call(arguments);\n        var msg = args.map(function(a) {\n          try { return typeof a === 'object' ? JSON.stringify(a) : String(a); }\n          catch(e) { return String(a); }\n        }).join(' ');\n        if (_consoleLogs.length >= 50) _consoleLogs.shift();\n        _consoleLogs.push({ level: level, message: msg });\n        orig.apply(console, arguments);\n      };\n    }\n    console.log = _wrapConsole('log', _origConsole.log);\n    console.warn = _wrapConsole('warn', _origConsole.warn);\n    console.error = _wrapConsole('error', _origConsole.error);\n    console.info = _wrapConsole('info', _origConsole.info);\n\n    function _collectError(message, stack) {\n      if (!message) return;\n      if (message === 'Script error.' || message === 'Script error') message = 'Runtime error';\n      if (_toolErrors.indexOf(message) !== -1) return;\n      _toolErrors.push(message);\n      _toolErrorDetails.push({ message: message, stack: stack || '' });\n      var toast = document.getElementById('__tool-error-toast');\n      if (!toast) return;\n      var msg = document.getElementById('__tool-error-msg');\n      if (_toolErrors.length === 1) {\n        msg.textContent = _toolErrors[0];\n      } else {\n        msg.textContent = _toolErrors.length + ' errors — ' + _toolErrors[_toolErrors.length - 1];\n      }\n      toast.style.display = 'block';\n    }\n\n    window.addEventListener('error', function(event) {\n      var msg = event.message || '';\n      if (msg.indexOf('Alpine Expression Error') === 0) return;\n      var stack = event.error && event.error.stack ? event.error.stack : '';\n      _collectError(msg, stack);\n    });\n\n    window.addEventListener('unhandledrejection', function(event) {\n      var msg = event.reason && event.reason.message ? event.reason.message : String(event.reason);\n      var stack = event.reason && event.reason.stack ? event.reason.stack : '';\n      _collectError(msg, stack);\n    });\n  </script>\n  <!--\n    SECURITY: pinned to exact patch versions + SRI integrity hashes. A\n    malicious republish of @tailwindcss/browser@4.x or alpinejs@3.x would\n    otherwise inject code into every tool. To bump these versions:\n      1. npm view @tailwindcss/browser version  (or alpinejs)\n      2. curl -sL https://cdn.jsdelivr.net/npm/@tailwindcss/browser@<v> \\\n         | openssl dgst -sha384 -binary | openssl base64 -A\n      3. Update the URL + integrity hash below in lockstep.\n  -->\n  <script\n    src=\"https://cdn.jsdelivr.net/npm/@tailwindcss/browser@4.2.4\"\n    integrity=\"sha384-yNSZBFvuOWcmww494a9+1zNuvgUGEXoWkein7cxP8wHUTi3iXCU4vJ7hr3tzBCml\"\n    crossorigin=\"anonymous\"\n  ></script>\n  <script\n    defer\n    src=\"https://cdn.jsdelivr.net/npm/alpinejs@3.15.11/dist/cdn.min.js\"\n    integrity=\"sha384-WPtu0YHhJ3arcykfnv1JgUffWDSKRnqnDeTpJUbOc2os2moEmLkIdaeR0trPN4be\"\n    crossorigin=\"anonymous\"\n  ></script>\n  <style>${themeVars}</style>\n  <style type=\"text/tailwindcss\">\n    @custom-variant dark (&:where(.dark, .dark *));\n    @theme {\n      --color-border: hsl(var(--border));\n      --color-input: hsl(var(--input));\n      --color-ring: hsl(var(--ring));\n      --color-background: hsl(var(--background));\n      --color-foreground: hsl(var(--foreground));\n      --color-primary: hsl(var(--primary));\n      --color-primary-foreground: hsl(var(--primary-foreground));\n      --color-secondary: hsl(var(--secondary));\n      --color-secondary-foreground: hsl(var(--secondary-foreground));\n      --color-destructive: hsl(var(--destructive));\n      --color-destructive-foreground: hsl(var(--destructive-foreground));\n      --color-muted: hsl(var(--muted));\n      --color-muted-foreground: hsl(var(--muted-foreground));\n      --color-accent: hsl(var(--accent));\n      --color-accent-foreground: hsl(var(--accent-foreground));\n      --color-popover: hsl(var(--popover));\n      --color-popover-foreground: hsl(var(--popover-foreground));\n      --color-card: hsl(var(--card));\n      --color-card-foreground: hsl(var(--card-foreground));\n      --color-sidebar: hsl(var(--sidebar-background));\n      --color-sidebar-foreground: hsl(var(--sidebar-foreground));\n      --color-sidebar-primary: hsl(var(--sidebar-primary));\n      --color-sidebar-primary-foreground: hsl(var(--sidebar-primary-foreground));\n      --color-sidebar-accent: hsl(var(--sidebar-accent));\n      --color-sidebar-accent-foreground: hsl(var(--sidebar-accent-foreground));\n      --color-sidebar-border: hsl(var(--sidebar-border));\n      --color-sidebar-ring: hsl(var(--sidebar-ring));\n      --radius-lg: var(--radius);\n      --radius-md: calc(var(--radius) - 2px);\n      --radius-sm: calc(var(--radius) - 4px);\n    }\n  </style>\n\t  <style>\n\t    *, *::before, *::after { border-color: hsl(var(--border)); }\n\t    body {\n\t      --agent-native-tool-padding: clamp(16px, 2vw, 24px);\n\t      box-sizing: border-box;\n\t      font-family: 'Inter', sans-serif;\n\t      margin: 0;\n\t      min-height: 100vh;\n\t      padding: var(--agent-native-tool-padding);\n\t    }\n\t    body:has(> [data-tool-layout=\"full-bleed\"]),\n\t    body:has(> [data-tool-padding=\"none\"]),\n\t    body:has(> .agent-native-tool-bleed) {\n\t      padding: 0;\n\t    }\n\t  </style>\n\t  <script>\n\t    var _toolRequestSeq = 0;\n\t    var _toolPendingRequests = {};\n\n\t    window.addEventListener('message', function(event) {\n\t      if (event.source !== window.parent) return;\n\t      var message = event.data || {};\n\t      if (message.type !== 'agent-native-tool-response') return;\n\t      var pending = _toolPendingRequests[message.requestId];\n\t      if (!pending) return;\n\t      delete _toolPendingRequests[message.requestId];\n\t      if (message.error) {\n\t        pending.reject(new Error(message.error));\n\t      } else {\n\t        pending.resolve(message.response);\n\t      }\n\t    });\n\n\t    function hostRequest(path, options) {\n\t      options = options || {};\n\t      return new Promise(function(resolve, reject) {\n\t        var requestId = 'tool-req-' + (++_toolRequestSeq);\n\t        _toolPendingRequests[requestId] = { resolve: resolve, reject: reject };\n\t        window.parent.postMessage({\n\t          type: 'agent-native-tool-request',\n\t          requestId: requestId,\n\t          path: path,\n\t          options: {\n\t            method: options.method || 'GET',\n\t            headers: options.headers || {},\n\t            body: options.body,\n\t          },\n\t        }, '*');\n\t        setTimeout(function() {\n\t          var pending = _toolPendingRequests[requestId];\n\t          if (!pending) return;\n\t          delete _toolPendingRequests[requestId];\n\t          pending.reject(new Error('Tool host request timed out'));\n\t        }, 30000);\n\t      });\n\t    }\n\n\t    var _origHostRequest = hostRequest;\n\t    hostRequest = function(path, options) {\n\t      var entry = { path: path, method: (options && options.method) || 'GET' };\n\t      return _origHostRequest(path, options).then(function(res) {\n\t        entry.ok = res.ok;\n\t        entry.status = res.status;\n\t        if (!res.ok && res.body) {\n\t          try { entry.error = typeof res.body === 'string' ? res.body.slice(0, 200) : JSON.stringify(res.body).slice(0, 200); } catch(e) {}\n\t        }\n\t        if (_networkLogs.length >= 20) _networkLogs.shift();\n\t        _networkLogs.push(entry);\n\t        return res;\n\t      }, function(err) {\n\t        entry.ok = false;\n\t        entry.error = err.message;\n\t        if (_networkLogs.length >= 20) _networkLogs.shift();\n\t        _networkLogs.push(entry);\n\t        throw err;\n\t      });\n\t    };\n\n\t    function toolFetch(url, options) {\n\t      var opts = options || {};\n\t      return hostRequest('/_agent-native/tools/proxy', {\n\t        method: 'POST',\n\t        headers: { 'Content-Type': 'application/json' },\n\t        body: JSON.stringify({\n\t          url: url,\n          method: opts.method || 'GET',\n          headers: opts.headers,\n          body: opts.body,\n        }),\n\t      }).then(function(res) {\n\t        var data = res.body;\n\t          if (data.error && data.status === undefined) {\n\t            throw new Error(data.error);\n\t          }\n          return {\n            ok: data.status >= 200 && data.status < 300,\n            status: data.status,\n\t            json: function() { return Promise.resolve(data.body); },\n\t            text: function() { return Promise.resolve(typeof data.body === 'string' ? data.body : JSON.stringify(data.body)); },\n\t          };\n\t      });\n\t    }\n\n\t    async function appAction(name, params) {\n\t      params = params || {};\n\t      var res = await hostRequest('/_agent-native/actions/' + encodeURIComponent(name), {\n\t        method: 'POST',\n\t        headers: { 'Content-Type': 'application/json' },\n\t        body: JSON.stringify(params),\n\t      });\n\t      if (!res.ok) {\n\t        var err = res.body || { error: res.statusText };\n\t        throw new Error(err.error || 'Action failed: ' + res.status);\n\t      }\n\t      return res.body;\n\t    }\n\n\t    async function appFetch(path, options) {\n\t      options = options || {};\n\t      var res = await hostRequest(path, {\n\t        ...options,\n\t        headers: {\n\t          'Content-Type': 'application/json',\n\t          ...(options.headers || {}),\n\t        },\n\t      });\n\t      if (!res.ok) {\n\t        var err = typeof res.body === 'object' && res.body ? res.body : { error: res.statusText };\n\t        throw new Error(err.error || 'Request failed: ' + res.status);\n\t      }\n\t      return res.body;\n\t    }\n\n    async function dbQuery(sql, args) {\n      var body = { sql: sql };\n      if (args) body.args = args;\n      return appFetch('/_agent-native/tools/sql/query', {\n        method: 'POST',\n        body: JSON.stringify(body),\n      });\n    }\n\n    async function dbExec(sql, args) {\n      var body = { sql: sql };\n      if (args) body.args = args;\n      return appFetch('/_agent-native/tools/sql/exec', {\n        method: 'POST',\n        body: JSON.stringify(body),\n      });\n    }\n\n    var _toolId = ${toolIdJson};\n    var _toolBinding = ${bindingJson};\n    window.toolBinding = _toolBinding;\n    // SECURITY (audit H4): announce the resolved binding to the parent so the\n    // host bridge can gate dangerous helpers based on viewer role. Sent\n    // BEFORE the user-authored content has a chance to run, so a malicious\n    // tool body cannot suppress or rewrite the announcement. The parent\n    // ignores subsequent announcements for the same iframe; see\n    // ToolViewer.tsx / EmbeddedTool.tsx.\n    try {\n      window.parent.postMessage(\n        {\n          type: 'agent-native-tool-binding',\n          toolId: _toolId,\n          binding: _toolBinding,\n        },\n        '*',\n      );\n    } catch (_) {}\n    // SECURITY: when the viewer is not the author of this tool, emit a clear\n    // console warning. The bridge currently runs every helper with the\n    // viewer's session — a malicious shared tool can call any action, read\n    // any owned table row in scope, and resolve any user-scope secret. A\n    // full consent step is tracked as TODO C1 in audit 05-tools-sandbox.md.\n    if (_toolBinding && !_toolBinding.isAuthor) {\n      try {\n        console.warn(\n          '[agent-native] Shared tool — running with viewer\\\\'s session. ' +\n            'Author: ' + (_toolBinding.authorEmail || '<unknown>') + '. ' +\n            'Bridge calls (appAction, dbExec, toolFetch) execute under ' +\n            'your account; they are gated by your permissions, not the ' +\n            'author\\\\'s. Do not run untrusted shared tools.',\n        );\n      } catch (_) {}\n    }\n\n    var toolData = {\n\t      async list(collection, opts) {\n\t        var limit = (opts && opts.limit) || 100;\n\t        var scope = (opts && opts.scope) || 'user';\n\t        var res = await hostRequest('/_agent-native/tools/data/' + _toolId + '/' + encodeURIComponent(collection) + '?limit=' + limit + '&scope=' + scope);\n\t        if (!res.ok) throw new Error('Failed to list tool data');\n\t        return res.body;\n\t      },\n      async get(collection, id, opts) {\n        var scope = (opts && opts.scope) || 'user';\n        var items = await this.list(collection, { scope: scope });\n        return (items || []).find(function(item) { return item.id === id; }) || null;\n      },\n      async set(collection, id, data, opts) {\n\t        var scope = (opts && opts.scope) || 'user';\n\t        var res = await hostRequest('/_agent-native/tools/data/' + _toolId + '/' + encodeURIComponent(collection), {\n\t          method: 'POST',\n\t          headers: { 'Content-Type': 'application/json' },\n\t          body: JSON.stringify({ id: id, data: data, scope: scope }),\n\t        });\n\t        if (!res.ok) throw new Error('Failed to save tool data');\n\t        return res.body;\n\t      },\n\t      async remove(collection, id, opts) {\n\t        var scope = (opts && opts.scope) || 'user';\n\t        var res = await hostRequest('/_agent-native/tools/data/' + _toolId + '/' + encodeURIComponent(collection) + '/' + encodeURIComponent(id) + '?scope=' + scope, {\n\t          method: 'DELETE',\n\t        });\n\t        if (!res.ok) throw new Error('Failed to delete tool data');\n\t        return res.body;\n\t      },\n\t    };\n\t  </script>\n\t  <style>\n\t    #__tool-error-toast {\n\t      display: none;\n\t      position: fixed;\n\t      bottom: 16px;\n\t      right: 16px;\n\t      max-width: 420px;\n\t      background: hsl(var(--destructive));\n\t      color: hsl(var(--destructive-foreground));\n\t      border: 1px solid hsl(var(--destructive) / .6);\n\t      border-radius: calc(var(--radius, .5rem) + 2px);\n\t      padding: 12px 16px;\n\t      font-size: 13px;\n\t      line-height: 1.4;\n\t      font-family: 'Inter', sans-serif;\n\t      z-index: 9999;\n\t      box-shadow: 0 4px 12px rgba(0,0,0,.15), 0 1px 3px rgba(0,0,0,.1);\n\t      animation: __toast-in 0.2s ease-out;\n\t    }\n\t    @keyframes __toast-in {\n\t      from { opacity: 0; transform: translateY(8px); }\n\t      to { opacity: 1; transform: translateY(0); }\n\t    }\n\t  </style>\n\t  <script>\n\t    // Extension-point slot context: when a tool is rendered embedded inside an\n\t    // ExtensionSlot, the host pushes a context object via postMessage. Tools\n\t    // read it synchronously via window.slotContext or subscribe to changes\n\t    // via window.onSlotContext(fn). When rendered full-page (no ?slot= param),\n\t    // slotContext stays null and tools branch on that.\n\t    window.slotContext = null;\n\t    var _slotContextSubscribers = [];\n\t    window.onSlotContext = function(fn) {\n\t      _slotContextSubscribers.push(fn);\n\t      if (window.slotContext !== null) {\n\t        try { fn(window.slotContext); } catch(_) {}\n\t      }\n\t      return function() {\n\t        _slotContextSubscribers = _slotContextSubscribers.filter(function(f) { return f !== fn; });\n\t      };\n\t    };\n\t    window.addEventListener('message', function(event) {\n\t      if (event.source !== window.parent) return;\n\t      var msg = event.data;\n\t      if (!msg || msg.type !== 'agent-native-slot-context') return;\n\t      window.slotContext = msg.context || {};\n\t      _slotContextSubscribers.forEach(function(fn) {\n\t        try { fn(window.slotContext); } catch(_) {}\n\t      });\n\t    });\n\n\t    // Auto-resize the iframe to its content when running in slot mode. The\n\t    // host listens for agent-native-tool-resize and adjusts the iframe height.\n\t    if (new URLSearchParams(location.search).get('slot')) {\n\t      var _lastH = 0;\n\t      var _reportHeight = function() {\n\t        var h = Math.max(\n\t          document.documentElement.scrollHeight,\n\t          document.body ? document.body.scrollHeight : 0,\n\t        );\n\t        if (h !== _lastH) {\n\t          _lastH = h;\n\t          window.parent.postMessage({ type: 'agent-native-tool-resize', height: h }, '*');\n\t        }\n\t      };\n\t      if (typeof ResizeObserver !== 'undefined') {\n\t        var _ro = new ResizeObserver(_reportHeight);\n\t        document.addEventListener('DOMContentLoaded', function() {\n\t          _ro.observe(document.documentElement);\n\t          if (document.body) _ro.observe(document.body);\n\t        });\n\t      }\n\t      // Initial reports — Alpine takes a tick to render after DOMContentLoaded.\n\t      setTimeout(_reportHeight, 50);\n\t      setTimeout(_reportHeight, 250);\n\t    }\n\n\t    window.addEventListener('message', function(event) {\n\t      if (event.source !== window.parent) return;\n\t      var msg = event.data;\n\t      if (!msg || msg.type !== 'agent-native-theme-update') return;\n\t      var root = document.documentElement;\n\t      if (msg.isDark !== undefined) {\n\t        if (msg.isDark) root.classList.add('dark');\n\t        else root.classList.remove('dark');\n\t      }\n\t      var vars = msg.vars || {};\n\t      for (var key in vars) {\n\t        if (vars.hasOwnProperty(key)) {\n\t          root.style.setProperty(key, vars[key]);\n\t        }\n\t      }\n\t    });\n\n\t    document.addEventListener('keydown', function(e) {\n\t      if ((e.metaKey || e.ctrlKey) && !e.altKey) {\n\t        var key = e.key.toLowerCase();\n\t        if (key === 'c' || key === 'v' || key === 'x' || key === 'a' || key === 'z' || key === 'y') return;\n\t        e.preventDefault();\n\t        e.stopPropagation();\n\t        window.parent.postMessage({\n\t          type: 'agent-native-tool-keydown',\n\t          key: e.key, code: e.code,\n\t          metaKey: e.metaKey, ctrlKey: e.ctrlKey,\n\t          shiftKey: e.shiftKey, altKey: e.altKey,\n\t        }, '*');\n\t        return;\n\t      }\n\t      if (e.key === 'Escape') {\n\t        window.parent.postMessage({\n\t          type: 'agent-native-tool-keydown',\n\t          key: e.key, code: e.code,\n\t          metaKey: false, ctrlKey: false,\n\t          shiftKey: false, altKey: false,\n\t        }, '*');\n\t      }\n\t    });\n\n\t    document.addEventListener('DOMContentLoaded', function() {\n\t      var fixBtn = document.getElementById('__tool-error-fix');\n\t      if (fixBtn) {\n\t        fixBtn.addEventListener('click', function() {\n\t          window.parent.postMessage({\n\t            type: 'agent-native-tool-error-fix',\n\t            errors: _toolErrors,\n\t            errorDetails: _toolErrorDetails,\n\t            consoleLogs: _consoleLogs.slice(-30),\n\t            networkLogs: _networkLogs.slice(-15)\n\t          }, '*');\n\t          document.getElementById('__tool-error-toast').style.display = 'none';\n\t        });\n\t      }\n\t      var dismissBtn = document.getElementById('__tool-error-dismiss');\n\t      if (dismissBtn) {\n\t        dismissBtn.addEventListener('click', function() {\n\t          document.getElementById('__tool-error-toast').style.display = 'none';\n\t        });\n\t      }\n\t    });\n\t  </script>\n\t</head>\n\t<body${toolId ? ` data-tool-id=\"${toolIdAttr}\"` : \"\"} class=\"bg-background text-foreground\">\n\t${content}\n\t<div id=\"__tool-error-toast\">\n\t  <div style=\"display:flex;align-items:flex-start;gap:8px;\">\n\t    <svg xmlns=\"http://www.w3.org/2000/svg\" width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\" style=\"flex-shrink:0;margin-top:1px;\"><circle cx=\"12\" cy=\"12\" r=\"10\"/><line x1=\"12\" y1=\"8\" x2=\"12\" y2=\"12\"/><line x1=\"12\" y1=\"16\" x2=\"12.01\" y2=\"16\"/></svg>\n\t    <span id=\"__tool-error-msg\" style=\"flex:1;overflow:hidden;display:-webkit-box;-webkit-line-clamp:3;-webkit-box-orient:vertical;\"></span>\n\t    <button id=\"__tool-error-fix\" style=\"cursor:pointer;border:none;background:rgba(255,255,255,.9);color:hsl(0 84.2% 40%);font-size:12px;font-weight:500;padding:4px 12px;border-radius:4px;flex-shrink:0;\">Fix</button>\n\t    <button id=\"__tool-error-dismiss\" style=\"cursor:pointer;border:none;background:transparent;color:inherit;font-size:16px;padding:2px 6px;opacity:0.7;flex-shrink:0;\">&#215;</button>\n\t  </div>\n\t</div>\n\t</body>\n\t</html>`;\n}\n\nfunction escapeHtmlAttribute(value: string): string {\n  return value\n    .replace(/&/g, \"&amp;\")\n    .replace(/\"/g, \"&quot;\")\n    .replace(/</g, \"&lt;\")\n    .replace(/>/g, \"&gt;\");\n}\n"]}

package/dist/tools/proxy-security.d.ts

@@ -0,0 +1,12 @@
+export declare const MAX_TOOL_PROXY_RESPONSE_SIZE: number;
+export declare function normalizeToolProxyMethod(value: unknown): string | null;
+export declare function sanitizeOutboundHeaders(value: unknown): Record<string, string>;
+export declare function collectSecretValues(...groups: Array<Array<string> | undefined>): string[];
+export declare function redactSecrets<T>(value: T, secretValues: string[]): T;
+export declare function redactString(text: string, secretValues: string[]): string;
+export declare function readResponseTextWithLimit(response: Response, maxBytes?: number): Promise<{
+    text: string;
+    truncated: boolean;
+    size: number;
+}>;
+//# sourceMappingURL=proxy-security.d.ts.map

package/dist/tools/proxy-security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-security.d.ts","sourceRoot":"","sources":["../../src/tools/proxy-security.ts"],"names":[],"mappings":"AAuBA,eAAO,MAAM,4BAA4B,QAAc,CAAC;AAWxD,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAGtE;AAED,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,OAAO,GACb,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAexB;AAED,wBAAgB,mBAAmB,CACjC,GAAG,MAAM,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,GAC1C,MAAM,EAAE,CAQV;AAED,wBAAgB,aAAa,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,CAAC,CAiBpE;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM,CAQzE;AAaD,wBAAsB,yBAAyB,CAC7C,QAAQ,EAAE,QAAQ,EAClB,QAAQ,SAA+B,GACtC,OAAO,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CAyD7D"}