@agent-native/core 0.17.1 → 0.18.0

package/dist/server/deep-link.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Deep-link helpers — the single source of truth for the
+ * `/_agent-native/open` URL format.
+ *
+ * Every artifact-producing / list action that wants an external agent (MCP /
+ * A2A) to surface an "Open in <app> →" link returns
+ * `{ url: buildDeepLink(...), label }` from its `link` builder. The MCP layer
+ * turns the relative path into an absolute web URL (and an `agentnative://`
+ * desktop URL) using the request origin.
+ *
+ * The `/_agent-native/open` route (see `open-route.ts`) consumes these: it
+ * resolves the *browser session's* identity, writes the existing one-shot
+ * `navigate` application-state command, and 302-redirects to the rendered SPA
+ * view so any browser / inline webview lands on the right screen with the
+ * record focused. We never invent a new navigation mechanism — this just
+ * bridges external surfaces to the `navigate`/`application_state` contract the
+ * UI already drains every 2s.
+ */
+/** Path of the framework deep-link route, relative to the route prefix. */
+export declare const OPEN_ROUTE_SUBPATH = "/open";
+/** Custom URL scheme the desktop app registers (`agentnative://open?...`). */
+export declare const DESKTOP_OPEN_URL = "agentnative://open";
+export interface DeepLinkInput {
+    /** App id (informational + multi-app/desktop routing), e.g. "mail". */
+    app?: string;
+    /** Target view — maps to the `navigate` command `view`. */
+    view: string;
+    /** Record-focus + filter params, e.g. `{ threadId }`, `{ eventId, date }`,
+     *  `{ dashboardId }`. `undefined`/`null`/`""` values are dropped. */
+    params?: Record<string, string | number | boolean | null | undefined>;
+    /** Explicit client-side path override (must be a same-origin, leading-slash
+     *  relative path — enforced by the open route). */
+    to?: string;
+    /** Base64url-encoded JSON compose draft (mail's `compose-{id}` contract). */
+    compose?: string;
+}
+/**
+ * Build the app-relative deep-link path:
+ * `/_agent-native/open?app=mail&view=inbox&threadId=abc`.
+ * Per-app `link` builders call this; never hand-format the URL.
+ */
+export declare function buildDeepLink(input: DeepLinkInput): string;
+/**
+ * Resolve a (possibly relative) deep link to an absolute web URL using the
+ * inbound request origin. Absolute URLs pass through unchanged.
+ */
+export declare function toAbsoluteOpenUrl(urlOrPath: string, origin: string | undefined): string;
+/**
+ * Rewrite a deep link to the desktop `agentnative://open?...` scheme so the
+ * desktop app's existing `handleDeepLink` opens it inside the app webview.
+ * Accepts either an app-relative `/_agent-native/open?...` path or an absolute
+ * web URL; preserves the query string.
+ */
+export declare function toDesktopOpenUrl(urlOrPath: string): string;
+//# sourceMappingURL=deep-link.d.ts.map

package/dist/server/deep-link.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deep-link.d.ts","sourceRoot":"","sources":["../../src/server/deep-link.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,2EAA2E;AAC3E,eAAO,MAAM,kBAAkB,UAAU,CAAC;AAE1C,8EAA8E;AAC9E,eAAO,MAAM,gBAAgB,uBAAuB,CAAC;AAErD,MAAM,WAAW,aAAa;IAC5B,uEAAuE;IACvE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;IACb;yEACqE;IACrE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;IACtE;uDACmD;IACnD,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,6EAA6E;IAC7E,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAeD;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,aAAa,GAAG,MAAM,CAE1D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GAAG,SAAS,GACzB,MAAM,CAIR;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAI1D"}

package/dist/server/deep-link.js

@@ -0,0 +1,69 @@
+/**
+ * Deep-link helpers — the single source of truth for the
+ * `/_agent-native/open` URL format.
+ *
+ * Every artifact-producing / list action that wants an external agent (MCP /
+ * A2A) to surface an "Open in <app> →" link returns
+ * `{ url: buildDeepLink(...), label }` from its `link` builder. The MCP layer
+ * turns the relative path into an absolute web URL (and an `agentnative://`
+ * desktop URL) using the request origin.
+ *
+ * The `/_agent-native/open` route (see `open-route.ts`) consumes these: it
+ * resolves the *browser session's* identity, writes the existing one-shot
+ * `navigate` application-state command, and 302-redirects to the rendered SPA
+ * view so any browser / inline webview lands on the right screen with the
+ * record focused. We never invent a new navigation mechanism — this just
+ * bridges external surfaces to the `navigate`/`application_state` contract the
+ * UI already drains every 2s.
+ */
+/** Path of the framework deep-link route, relative to the route prefix. */
+export const OPEN_ROUTE_SUBPATH = "/open";
+/** Custom URL scheme the desktop app registers (`agentnative://open?...`). */
+export const DESKTOP_OPEN_URL = "agentnative://open";
+function buildQuery(input) {
+    const sp = new URLSearchParams();
+    if (input.app)
+        sp.set("app", input.app);
+    sp.set("view", input.view);
+    if (input.to)
+        sp.set("to", input.to);
+    if (input.compose)
+        sp.set("compose", input.compose);
+    for (const [k, v] of Object.entries(input.params ?? {})) {
+        if (v === undefined || v === null || v === "")
+            continue;
+        sp.set(k, String(v));
+    }
+    return sp.toString();
+}
+/**
+ * Build the app-relative deep-link path:
+ * `/_agent-native/open?app=mail&view=inbox&threadId=abc`.
+ * Per-app `link` builders call this; never hand-format the URL.
+ */
+export function buildDeepLink(input) {
+    return `/_agent-native${OPEN_ROUTE_SUBPATH}?${buildQuery(input)}`;
+}
+/**
+ * Resolve a (possibly relative) deep link to an absolute web URL using the
+ * inbound request origin. Absolute URLs pass through unchanged.
+ */
+export function toAbsoluteOpenUrl(urlOrPath, origin) {
+    if (/^[a-z][a-z0-9+.-]*:\/\//i.test(urlOrPath))
+        return urlOrPath;
+    if (!origin)
+        return urlOrPath;
+    return `${origin.replace(/\/+$/, "")}${urlOrPath.startsWith("/") ? "" : "/"}${urlOrPath}`;
+}
+/**
+ * Rewrite a deep link to the desktop `agentnative://open?...` scheme so the
+ * desktop app's existing `handleDeepLink` opens it inside the app webview.
+ * Accepts either an app-relative `/_agent-native/open?...` path or an absolute
+ * web URL; preserves the query string.
+ */
+export function toDesktopOpenUrl(urlOrPath) {
+    const qIdx = urlOrPath.indexOf("?");
+    const query = qIdx >= 0 ? urlOrPath.slice(qIdx + 1) : "";
+    return query ? `${DESKTOP_OPEN_URL}?${query}` : DESKTOP_OPEN_URL;
+}
+//# sourceMappingURL=deep-link.js.map

package/dist/server/deep-link.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deep-link.js","sourceRoot":"","sources":["../../src/server/deep-link.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,2EAA2E;AAC3E,MAAM,CAAC,MAAM,kBAAkB,GAAG,OAAO,CAAC;AAE1C,8EAA8E;AAC9E,MAAM,CAAC,MAAM,gBAAgB,GAAG,oBAAoB,CAAC;AAiBrD,SAAS,UAAU,CAAC,KAAoB;IACtC,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC;IACjC,IAAI,KAAK,CAAC,GAAG;QAAE,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACxC,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,IAAI,KAAK,CAAC,EAAE;QAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC;IACrC,IAAI,KAAK,CAAC,OAAO;QAAE,EAAE,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IACpD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC;QACxD,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE;YAAE,SAAS;QACxD,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IACD,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC;AACvB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,KAAoB;IAChD,OAAO,iBAAiB,kBAAkB,IAAI,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;AACpE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAC/B,SAAiB,EACjB,MAA0B;IAE1B,IAAI,0BAA0B,CAAC,IAAI,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IACjE,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAC9B,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,SAAS,EAAE,CAAC;AAC5F,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAChD,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACzD,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,gBAAgB,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC;AACnE,CAAC","sourcesContent":["/**\n * Deep-link helpers — the single source of truth for the\n * `/_agent-native/open` URL format.\n *\n * Every artifact-producing / list action that wants an external agent (MCP /\n * A2A) to surface an \"Open in <app> →\" link returns\n * `{ url: buildDeepLink(...), label }` from its `link` builder. The MCP layer\n * turns the relative path into an absolute web URL (and an `agentnative://`\n * desktop URL) using the request origin.\n *\n * The `/_agent-native/open` route (see `open-route.ts`) consumes these: it\n * resolves the *browser session's* identity, writes the existing one-shot\n * `navigate` application-state command, and 302-redirects to the rendered SPA\n * view so any browser / inline webview lands on the right screen with the\n * record focused. We never invent a new navigation mechanism — this just\n * bridges external surfaces to the `navigate`/`application_state` contract the\n * UI already drains every 2s.\n */\n\n/** Path of the framework deep-link route, relative to the route prefix. */\nexport const OPEN_ROUTE_SUBPATH = \"/open\";\n\n/** Custom URL scheme the desktop app registers (`agentnative://open?...`). */\nexport const DESKTOP_OPEN_URL = \"agentnative://open\";\n\nexport interface DeepLinkInput {\n  /** App id (informational + multi-app/desktop routing), e.g. \"mail\". */\n  app?: string;\n  /** Target view — maps to the `navigate` command `view`. */\n  view: string;\n  /** Record-focus + filter params, e.g. `{ threadId }`, `{ eventId, date }`,\n   *  `{ dashboardId }`. `undefined`/`null`/`\"\"` values are dropped. */\n  params?: Record<string, string | number | boolean | null | undefined>;\n  /** Explicit client-side path override (must be a same-origin, leading-slash\n   *  relative path — enforced by the open route). */\n  to?: string;\n  /** Base64url-encoded JSON compose draft (mail's `compose-{id}` contract). */\n  compose?: string;\n}\n\nfunction buildQuery(input: DeepLinkInput): string {\n  const sp = new URLSearchParams();\n  if (input.app) sp.set(\"app\", input.app);\n  sp.set(\"view\", input.view);\n  if (input.to) sp.set(\"to\", input.to);\n  if (input.compose) sp.set(\"compose\", input.compose);\n  for (const [k, v] of Object.entries(input.params ?? {})) {\n    if (v === undefined || v === null || v === \"\") continue;\n    sp.set(k, String(v));\n  }\n  return sp.toString();\n}\n\n/**\n * Build the app-relative deep-link path:\n * `/_agent-native/open?app=mail&view=inbox&threadId=abc`.\n * Per-app `link` builders call this; never hand-format the URL.\n */\nexport function buildDeepLink(input: DeepLinkInput): string {\n  return `/_agent-native${OPEN_ROUTE_SUBPATH}?${buildQuery(input)}`;\n}\n\n/**\n * Resolve a (possibly relative) deep link to an absolute web URL using the\n * inbound request origin. Absolute URLs pass through unchanged.\n */\nexport function toAbsoluteOpenUrl(\n  urlOrPath: string,\n  origin: string | undefined,\n): string {\n  if (/^[a-z][a-z0-9+.-]*:\\/\\//i.test(urlOrPath)) return urlOrPath;\n  if (!origin) return urlOrPath;\n  return `${origin.replace(/\\/+$/, \"\")}${urlOrPath.startsWith(\"/\") ? \"\" : \"/\"}${urlOrPath}`;\n}\n\n/**\n * Rewrite a deep link to the desktop `agentnative://open?...` scheme so the\n * desktop app's existing `handleDeepLink` opens it inside the app webview.\n * Accepts either an app-relative `/_agent-native/open?...` path or an absolute\n * web URL; preserves the query string.\n */\nexport function toDesktopOpenUrl(urlOrPath: string): string {\n  const qIdx = urlOrPath.indexOf(\"?\");\n  const query = qIdx >= 0 ? urlOrPath.slice(qIdx + 1) : \"\";\n  return query ? `${DESKTOP_OPEN_URL}?${query}` : DESKTOP_OPEN_URL;\n}\n"]}

package/dist/server/index.d.ts

@@ -1,5 +1,7 @@
 export { createServer, upsertEnvFile, type CreateServerOptions, type EnvKeyConfig, } from "./create-server.js";
 export { readBody, streamFile } from "./h3-helpers.js";
+export { buildDeepLink, toAbsoluteOpenUrl, toDesktopOpenUrl, OPEN_ROUTE_SUBPATH, DESKTOP_OPEN_URL, type DeepLinkInput, } from "./deep-link.js";
+export { createOpenRouteHandler, type OpenRouteOptions } from "./open-route.js";
 export { createSSEHandler, type SSEHandlerOptions } from "./sse.js";
 export { mountAuthMiddleware, autoMountAuth, getSession, addSession, removeSession, getSessionEmail, runAuthGuard, setDesktopExchange, setDesktopExchangeError, safeReturnPath, type DesktopExchangeErrorPayload, type AuthSession, type AuthOptions, } from "./auth.js";
 export { requireEnvKey, type MissingKeyResponse } from "./missing-key.js";

package/dist/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,aAAa,EACb,KAAK,mBAAmB,EACxB,KAAK,YAAY,GAClB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,KAAK,iBAAiB,EAAE,MAAM,UAAU,CAAC;AACpE,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,UAAU,EACV,aAAa,EACb,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,uBAAuB,EACvB,cAAc,EACd,KAAK,2BAA2B,EAChC,KAAK,WAAW,EAChB,KAAK,WAAW,GACjB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,aAAa,EAAE,KAAK,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,KAAK,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACvE,OAAO,EACL,4BAA4B,EAC5B,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,sBAAsB,EAC3B,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,2BAA2B,EAChC,KAAK,kCAAkC,EACvC,KAAK,iCAAiC,EACtC,KAAK,wBAAwB,EAC7B,KAAK,0BAA0B,GAChC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,YAAY,GACb,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,uBAAuB,EACvB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAElE,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,UAAU,EACV,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,iBAAiB,EACjB,KAAK,iBAAiB,GACvB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,4BAA4B,EAC5B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAI7E,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EACL,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,YAAY,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,KAAK,sBAAsB,GAC5B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,uCAAuC,EACvC,oCAAoC,EACpC,+BAA+B,EAC/B,wBAAwB,EACxB,mCAAmC,EACnC,KAAK,8BAA8B,EACnC,KAAK,6BAA6B,EAClC,KAAK,8BAA8B,EACnC,KAAK,gCAAgC,GACtC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,YAAY,EACZ,SAAS,EACT,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,cAAc,EACd,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,GACxB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,iCAAiC,EACjC,KAAK,wCAAwC,GAC9C,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,uCAAuC,EACvC,0CAA0C,EAC1C,8BAA8B,EAC9B,kBAAkB,EAClB,0BAA0B,EAC1B,6BAA6B,EAC7B,2BAA2B,EAC3B,wBAAwB,EACxB,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,yBAAyB,EACzB,KAAK,gCAAgC,GACtC,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,yBAAyB,EACzB,+BAA+B,EAC/B,+BAA+B,EAC/B,gCAAgC,EAChC,sCAAsC,EACtC,oCAAoC,EACpC,2CAA2C,EAC3C,sCAAsC,GACvC,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,qBAAqB,GAC3B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,kBAAkB,EAClB,KAAK,mBAAmB,GACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,SAAS,EACT,UAAU,EACV,eAAe,EACf,KAAK,SAAS,EACd,KAAK,gBAAgB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EACL,QAAQ,EACR,cAAc,EACd,KAAK,SAAS,GACf,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,iBAAiB,EACjB,KAAK,wBAAwB,GAC9B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,0BAA0B,EAC1B,KAAK,cAAc,EACnB,KAAK,iBAAiB,GACvB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAExE,OAAO,EACL,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,0BAA0B,EAC1B,4BAA4B,EAC5B,uBAAuB,EACvB,2BAA2B,EAC3B,UAAU,EACV,yBAAyB,EACzB,KAAK,eAAe,EACpB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,GACtB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,YAAY,EACZ,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,GAC/B,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,UAAU,EACV,QAAQ,EACR,SAAS,EACT,cAAc,EACd,SAAS,EACT,uBAAuB,EACvB,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,wBAAwB,EACxB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,GACxB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,gCAAgC,EAChC,oBAAoB,EACpB,wBAAwB,EACxB,wBAAwB,EACxB,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,6BAA6B,EAC7B,gCAAgC,EAChC,eAAe,EACf,KAAK,qBAAqB,GAC3B,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,gBAAgB,EAChB,KAAK,aAAa,EAClB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,WAAW,EACX,WAAW,EACX,SAAS,EACT,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,QAAQ,GACd,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,KAAK,qBAAqB,EAC1B,KAAK,YAAY,IAAI,2BAA2B,GACjD,MAAM,wBAAwB,CAAC;AAUhC,MAAM,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AACrE,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,cAAc,GAAG,cAAc,CAErE"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,aAAa,EACb,KAAK,mBAAmB,EACxB,KAAK,YAAY,GAClB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,aAAa,GACnB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,sBAAsB,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAChF,OAAO,EAAE,gBAAgB,EAAE,KAAK,iBAAiB,EAAE,MAAM,UAAU,CAAC;AACpE,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,UAAU,EACV,aAAa,EACb,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,uBAAuB,EACvB,cAAc,EACd,KAAK,2BAA2B,EAChC,KAAK,WAAW,EAChB,KAAK,WAAW,GACjB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,aAAa,EAAE,KAAK,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,KAAK,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACvE,OAAO,EACL,4BAA4B,EAC5B,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,sBAAsB,EAC3B,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,2BAA2B,EAChC,KAAK,kCAAkC,EACvC,KAAK,iCAAiC,EACtC,KAAK,wBAAwB,EAC7B,KAAK,0BAA0B,GAChC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,YAAY,GACb,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,uBAAuB,EACvB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAElE,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,UAAU,EACV,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,iBAAiB,EACjB,KAAK,iBAAiB,GACvB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,4BAA4B,EAC5B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAI7E,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EACL,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,YAAY,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,KAAK,sBAAsB,GAC5B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,uCAAuC,EACvC,oCAAoC,EACpC,+BAA+B,EAC/B,wBAAwB,EACxB,mCAAmC,EACnC,KAAK,8BAA8B,EACnC,KAAK,6BAA6B,EAClC,KAAK,8BAA8B,EACnC,KAAK,gCAAgC,GACtC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,YAAY,EACZ,SAAS,EACT,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,cAAc,EACd,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,GACxB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,iCAAiC,EACjC,KAAK,wCAAwC,GAC9C,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,uCAAuC,EACvC,0CAA0C,EAC1C,8BAA8B,EAC9B,kBAAkB,EAClB,0BAA0B,EAC1B,6BAA6B,EAC7B,2BAA2B,EAC3B,wBAAwB,EACxB,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,yBAAyB,EACzB,KAAK,gCAAgC,GACtC,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,yBAAyB,EACzB,+BAA+B,EAC/B,+BAA+B,EAC/B,gCAAgC,EAChC,sCAAsC,EACtC,oCAAoC,EACpC,2CAA2C,EAC3C,sCAAsC,GACvC,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,qBAAqB,GAC3B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,kBAAkB,EAClB,KAAK,mBAAmB,GACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,SAAS,EACT,UAAU,EACV,eAAe,EACf,KAAK,SAAS,EACd,KAAK,gBAAgB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EACL,QAAQ,EACR,cAAc,EACd,KAAK,SAAS,GACf,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,iBAAiB,EACjB,KAAK,wBAAwB,GAC9B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,0BAA0B,EAC1B,KAAK,cAAc,EACnB,KAAK,iBAAiB,GACvB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAExE,OAAO,EACL,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,0BAA0B,EAC1B,4BAA4B,EAC5B,uBAAuB,EACvB,2BAA2B,EAC3B,UAAU,EACV,yBAAyB,EACzB,KAAK,eAAe,EACpB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,GACtB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,YAAY,EACZ,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,GAC/B,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,UAAU,EACV,QAAQ,EACR,SAAS,EACT,cAAc,EACd,SAAS,EACT,uBAAuB,EACvB,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,wBAAwB,EACxB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,GACxB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,gCAAgC,EAChC,oBAAoB,EACpB,wBAAwB,EACxB,wBAAwB,EACxB,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,6BAA6B,EAC7B,gCAAgC,EAChC,eAAe,EACf,KAAK,qBAAqB,GAC3B,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,gBAAgB,EAChB,KAAK,aAAa,EAClB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,WAAW,EACX,WAAW,EACX,SAAS,EACT,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,QAAQ,GACd,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,KAAK,qBAAqB,EAC1B,KAAK,YAAY,IAAI,2BAA2B,GACjD,MAAM,wBAAwB,CAAC;AAUhC,MAAM,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AACrE,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,cAAc,GAAG,cAAc,CAErE"}

package/dist/server/index.js

@@ -1,5 +1,7 @@
 export { createServer, upsertEnvFile, } from "./create-server.js";
 export { readBody, streamFile } from "./h3-helpers.js";
+export { buildDeepLink, toAbsoluteOpenUrl, toDesktopOpenUrl, OPEN_ROUTE_SUBPATH, DESKTOP_OPEN_URL, } from "./deep-link.js";
+export { createOpenRouteHandler } from "./open-route.js";
 export { createSSEHandler } from "./sse.js";
 export { mountAuthMiddleware, autoMountAuth, getSession, addSession, removeSession, getSessionEmail, runAuthGuard, setDesktopExchange, setDesktopExchangeError, safeReturnPath, } from "./auth.js";
 export { requireEnvKey } from "./missing-key.js";

package/dist/server/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,aAAa,GAGd,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAA0B,MAAM,UAAU,CAAC;AACpE,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,UAAU,EACV,aAAa,EACb,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,uBAAuB,EACvB,cAAc,GAIf,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,aAAa,EAA2B,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAA4B,MAAM,cAAc,CAAC;AACvE,OAAO,EACL,4BAA4B,GAkB7B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,YAAY,GACb,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,uBAAuB,EACvB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAElE,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,UAAU,EACV,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,iBAAiB,GAElB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,4BAA4B,GAG7B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,2EAA2E;AAC3E,2EAA2E;AAC3E,8DAA8D;AAC9D,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EACL,sBAAsB,GAEvB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GAEvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,uCAAuC,EACvC,oCAAoC,EACpC,+BAA+B,EAC/B,wBAAwB,EACxB,mCAAmC,GAKpC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,YAAY,EACZ,SAAS,EACT,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,cAAc,GAKf,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,GAEvB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,iCAAiC,GAElC,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,uCAAuC,EACvC,0CAA0C,EAC1C,8BAA8B,EAC9B,kBAAkB,EAClB,0BAA0B,EAC1B,6BAA6B,EAC7B,2BAA2B,EAC3B,wBAAwB,EACxB,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,yBAAyB,GAE1B,MAAM,+BAA+B,CAAC;AAWvC,OAAO,EACL,oBAAoB,EACpB,qBAAqB,GAEtB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,kBAAkB,GAEnB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,SAAS,EACT,UAAU,EACV,eAAe,GAGhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EACL,QAAQ,EACR,cAAc,GAEf,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,iBAAiB,GAElB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,0BAA0B,GAG3B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAExE,OAAO,EACL,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,0BAA0B,EAC1B,4BAA4B,EAC5B,uBAAuB,EACvB,2BAA2B,EAC3B,UAAU,EACV,yBAAyB,GAI1B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,YAAY,GAMb,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,UAAU,EACV,QAAQ,EACR,SAAS,EACT,cAAc,EACd,SAAS,EACT,uBAAuB,EACvB,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,wBAAwB,GAIzB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,gCAAgC,EAChC,oBAAoB,EACpB,wBAAwB,EACxB,wBAAwB,EACxB,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,6BAA6B,EAC7B,gCAAgC,EAChC,eAAe,GAEhB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,gBAAgB,GAGjB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,WAAW,EACX,WAAW,EACX,SAAS,GAIV,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GAGtB,MAAM,wBAAwB,CAAC;AAWhC,MAAM,UAAU,iBAAiB,CAAC,GAAmB;IACnD,OAAO,GAAG,CAAC;AACb,CAAC","sourcesContent":["export {\n  createServer,\n  upsertEnvFile,\n  type CreateServerOptions,\n  type EnvKeyConfig,\n} from \"./create-server.js\";\n\nexport { readBody, streamFile } from \"./h3-helpers.js\";\nexport { createSSEHandler, type SSEHandlerOptions } from \"./sse.js\";\nexport {\n  mountAuthMiddleware,\n  autoMountAuth,\n  getSession,\n  addSession,\n  removeSession,\n  getSessionEmail,\n  runAuthGuard,\n  setDesktopExchange,\n  setDesktopExchangeError,\n  safeReturnPath,\n  type DesktopExchangeErrorPayload,\n  type AuthSession,\n  type AuthOptions,\n} from \"./auth.js\";\nexport { requireEnvKey, type MissingKeyResponse } from \"./missing-key.js\";\nexport { verifyCaptcha, type CaptchaVerifyResult } from \"./captcha.js\";\nexport {\n  createProductionAgentHandler,\n  type ActionEntry,\n  type ScriptEntry,\n  type ProductionAgentOptions,\n  type ActionTool,\n  type ScriptTool,\n  type AgentMessage,\n  type AgentChatRequest,\n  type AgentChatEvent,\n  type AgentChatAttachment,\n  type AgentChatReference,\n  type MentionProvider,\n  type MentionProviderItem,\n  type AgentLoopFinalResponseGuard,\n  type AgentLoopFinalResponseGuardContext,\n  type AgentLoopFinalResponseGuardResult,\n  type AgentLoopToolCallSummary,\n  type AgentLoopToolResultSummary,\n} from \"../agent/index.js\";\nexport {\n  actionsToEngineTools,\n  getOwnerActiveApiKey,\n  runAgentLoop,\n} from \"../agent/production-agent.js\";\nexport {\n  getStoredModelForEngine,\n  resolveEngine,\n} from \"../agent/engine/index.js\";\nexport { createDevScriptRegistry } from \"../scripts/dev/index.js\";\n\nexport {\n  createPollHandler,\n  recordChange,\n  getVersion,\n  getChangesSince,\n  getPollEmitter,\n  canSeeChangeForUser,\n  POLL_CHANGE_EVENT,\n} from \"./poll.js\";\nexport { createPollEventsHandler } from \"./poll-events.js\";\nexport { createAuthPlugin, defaultAuthPlugin } from \"./auth-plugin.js\";\nexport {\n  initServerSentry,\n  isServerSentryEnabled,\n  setSentryUserForRequest,\n  captureRouteError,\n  type RouteErrorContext,\n} from \"./sentry.js\";\nexport {\n  captureError,\n  captureServerError,\n  registerErrorCaptureProvider,\n  type CaptureErrorContext,\n  type CaptureErrorProvider,\n} from \"./capture-error.js\";\nexport { createSentryPlugin, defaultSentryPlugin } from \"./sentry-plugin.js\";\n// Re-export the org plugin so the auto-discovery's DEFAULT_PLUGIN_REGISTRY\n// (which references \"defaultOrgPlugin\" from @agent-native/core/server) can\n// resolve it during the deploy build worker-entry generation.\nexport { createOrgPlugin, defaultOrgPlugin } from \"../org/plugin.js\";\nexport {\n  createGoogleAuthPlugin,\n  type GoogleAuthPluginOptions,\n} from \"./google-auth-plugin.js\";\nexport type { GoogleAuthMode } from \"./google-auth-mode.js\";\nexport {\n  createAgentChatPlugin,\n  defaultAgentChatPlugin,\n  type AgentChatPluginOptions,\n} from \"./agent-chat-plugin.js\";\nexport {\n  configureAgentNativeEmbeddedEnvironment,\n  createAgentNativeEmbeddedAuthOptions,\n  createAgentNativeEmbeddedPlugin,\n  mountAgentNativeEmbedded,\n  normalizeAgentNativeEmbeddedSession,\n  type AgentNativeEmbeddedAuthOptions,\n  type AgentNativeEmbeddedGetSession,\n  type AgentNativeEmbeddedHostSession,\n  type AgentNativeEmbeddedPluginOptions,\n} from \"./embedded.js\";\nexport {\n  createThread,\n  getThread,\n  listThreads,\n  updateThreadData,\n  deleteThread,\n  setThreadScope,\n  type ChatThread,\n  type ChatThreadScope,\n  type ChatThreadSummary,\n  type ListThreadsOptions,\n} from \"../chat-threads/store.js\";\nexport {\n  createResourcesPlugin,\n  defaultResourcesPlugin,\n} from \"./resources-plugin.js\";\nexport {\n  createCoreRoutesPlugin,\n  defaultCoreRoutesPlugin,\n  FRAMEWORK_ROUTE_PREFIX,\n  type CoreRoutesPluginOptions,\n} from \"./core-routes-plugin.js\";\nexport {\n  createBrowserSessionActionEntries,\n  type CreateBrowserSessionActionEntriesOptions,\n} from \"../browser-sessions/actions.js\";\nexport {\n  DEFAULT_BROWSER_SESSION_REQUEST_POLL_MS,\n  DEFAULT_BROWSER_SESSION_REQUEST_TIMEOUT_MS,\n  DEFAULT_BROWSER_SESSION_TTL_MS,\n  callBrowserSession,\n  claimBrowserSessionRequest,\n  completeBrowserSessionRequest,\n  createBrowserSessionRequest,\n  disconnectBrowserSession,\n  getBrowserSession,\n  getBrowserSessionRequest,\n  listBrowserSessions,\n  registerBrowserSession,\n  waitForBrowserSessionRequest,\n} from \"../browser-sessions/store.js\";\nexport {\n  mountBrowserSessionRoutes,\n  type MountBrowserSessionRoutesOptions,\n} from \"../browser-sessions/routes.js\";\nexport type {\n  AgentNativeBrowserSession,\n  AgentNativeBrowserSessionAction,\n  AgentNativeBrowserSessionRecord,\n  AgentNativeBrowserSessionRequest,\n  AgentNativeBrowserSessionRequestStatus,\n  AgentNativeBrowserSessionRequestType,\n  CreateAgentNativeBrowserSessionRequestInput,\n  RegisterAgentNativeBrowserSessionInput,\n} from \"../browser-sessions/types.js\";\nexport {\n  createTerminalPlugin,\n  defaultTerminalPlugin,\n  type TerminalPluginOptions,\n} from \"../terminal/terminal-plugin.js\";\nexport {\n  createCollabPlugin,\n  type CollabPluginOptions,\n} from \"./collab-plugin.js\";\n\nexport {\n  spawnTask,\n  getTask,\n  getTaskByThread,\n  listTasks,\n  sendToTask,\n  markTaskErrored,\n  type AgentTask,\n  type SpawnTaskOptions,\n} from \"./agent-teams.js\";\nexport { isOAuthConnected, getOAuthAccounts } from \"./oauth-helpers.js\";\nexport { wrapWithAnalytics } from \"./analytics.js\";\nexport {\n  getH3App,\n  awaitBootstrap,\n  type H3AppShim,\n} from \"./framework-request-handler.js\";\nexport {\n  autoDiscoverActions,\n  autoDiscoverScripts,\n  loadActionsFromStaticRegistry,\n  mergeCoreSharingActions,\n  registerPackageActions,\n} from \"./action-discovery.js\";\nexport {\n  mountActionRoutes,\n  type MountActionRoutesOptions,\n} from \"./action-routes.js\";\nexport {\n  runWithRequestContext,\n  hasRequestContext,\n  getRequestContext,\n  getRequestUserEmail,\n  getRequestUserName,\n  getRequestOrgId,\n  getRequestTimezone,\n  getRequestRunContext,\n  getCredentialContext,\n  isIntegrationCallerRequest,\n  type RequestContext,\n  type RequestRunContext,\n} from \"./request-context.js\";\nexport { formatDateInTimezone, todayInTimezone } from \"./date-utils.js\";\n\nexport {\n  createOnboardingPlugin,\n  defaultOnboardingPlugin,\n} from \"../onboarding/plugin.js\";\n\nexport {\n  registerFileUploadProvider,\n  unregisterFileUploadProvider,\n  listFileUploadProviders,\n  getActiveFileUploadProvider,\n  uploadFile,\n  builderFileUploadProvider,\n  type FileUploadInput,\n  type FileUploadProvider,\n  type FileUploadResult,\n} from \"../file-upload/index.js\";\n\nexport {\n  createIntegrationsPlugin,\n  defaultIntegrationsPlugin,\n  enqueueRemoteCommand,\n  slackAdapter,\n  telegramAdapter,\n  whatsappAdapter,\n  emailAdapter,\n  type PlatformAdapter,\n  type IncomingMessage,\n  type OutgoingMessage,\n  type IntegrationStatus,\n  type IntegrationsPluginOptions,\n} from \"../integrations/index.js\";\n\nexport {\n  isElectron,\n  isMobile,\n  getOrigin,\n  getAppBasePath,\n  getAppUrl,\n  resolveOAuthRedirectUri,\n  isAllowedOAuthRedirectUri,\n  encodeOAuthState,\n  decodeOAuthState,\n  resolveOAuthOwner,\n  createOAuthSession,\n  oauthCallbackResponse,\n  oauthErrorPage,\n  oauthDesktopExchangePage,\n  type OAuthStatePayload,\n  type OAuthOwnerResult,\n  type OAuthSessionResult,\n} from \"./google-oauth.js\";\n\nexport {\n  FeatureNotConfiguredError,\n  hasBuilderPrivateKey,\n  isBuilderEnvManaged,\n  getBuilderProxyOrigin,\n  getBuilderImageGenerationBaseUrl,\n  getBuilderAuthHeader,\n  resolveBuilderPrivateKey,\n  resolveBuilderAuthHeader,\n  resolveHasBuilderPrivateKey,\n  resolveBuilderCredentials,\n  resolveBuilderCredential,\n  writeBuilderCredentials,\n  deleteBuilderCredentials,\n  resolveSecret,\n} from \"./credential-provider.js\";\nexport {\n  getBuilderBranchProjectId,\n  isBuilderBranchingEnabled,\n  resolveBuilderBranchProjectId,\n  resolveIsBuilderBranchingEnabled,\n  runBuilderAgent,\n  type RunBuilderAgentResult,\n} from \"./builder-browser.js\";\n\nexport {\n  sendEmail,\n  isEmailConfigured,\n  getEmailProvider,\n  type EmailProvider,\n  type SendEmailArgs,\n} from \"./email.js\";\nexport {\n  renderEmail,\n  emailStrong,\n  emailLink,\n  type RenderEmailArgs,\n  type RenderedEmail,\n  type EmailCta,\n} from \"./email-template.js\";\nexport { getAppProductionUrl, getFirstPartyProdUrl } from \"./app-url.js\";\nexport {\n  getConfiguredAppBasePath,\n  normalizeAppBasePath,\n  withConfiguredAppBasePath,\n} from \"./app-base-path.js\";\nexport {\n  signShortLivedToken,\n  verifyShortLivedToken,\n  type ShortLivedTokenClaims,\n  type VerifyResult as ShortLivedTokenVerifyResult,\n} from \"./short-lived-token.js\";\n\n// SSR handler is NOT re-exported here — it uses a virtual module\n// (virtual:react-router/server-build) that only exists at Vite dev/build time.\n// Including it in this barrel would break the esbuild CF Pages bundler.\n// Templates import directly: import { ssrHandler } from \"@agent-native/core/server/ssr-handler\"\n\n// Nitro plugin helper — re-exported so templates don't need nitro as a direct dependency.\n// defineNitroPlugin is an identity function; this typed wrapper lets templates use it\n// without resolving `nitro/runtime` (which requires Nitro's virtual modules at runtime).\nexport type NitroPluginDef = (nitroApp: any) => void | Promise<void>;\nexport function defineNitroPlugin(def: NitroPluginDef): NitroPluginDef {\n  return def;\n}\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,aAAa,GAGd,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,GAEjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iBAAiB,CAAC;AAChF,OAAO,EAAE,gBAAgB,EAA0B,MAAM,UAAU,CAAC;AACpE,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,UAAU,EACV,aAAa,EACb,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,uBAAuB,EACvB,cAAc,GAIf,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,aAAa,EAA2B,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAA4B,MAAM,cAAc,CAAC;AACvE,OAAO,EACL,4BAA4B,GAkB7B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,YAAY,GACb,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,uBAAuB,EACvB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAElE,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,UAAU,EACV,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,iBAAiB,GAElB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,4BAA4B,GAG7B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,2EAA2E;AAC3E,2EAA2E;AAC3E,8DAA8D;AAC9D,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EACL,sBAAsB,GAEvB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GAEvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,uCAAuC,EACvC,oCAAoC,EACpC,+BAA+B,EAC/B,wBAAwB,EACxB,mCAAmC,GAKpC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,YAAY,EACZ,SAAS,EACT,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,cAAc,GAKf,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,GAEvB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,iCAAiC,GAElC,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,uCAAuC,EACvC,0CAA0C,EAC1C,8BAA8B,EAC9B,kBAAkB,EAClB,0BAA0B,EAC1B,6BAA6B,EAC7B,2BAA2B,EAC3B,wBAAwB,EACxB,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,yBAAyB,GAE1B,MAAM,+BAA+B,CAAC;AAWvC,OAAO,EACL,oBAAoB,EACpB,qBAAqB,GAEtB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,kBAAkB,GAEnB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,SAAS,EACT,UAAU,EACV,eAAe,GAGhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EACL,QAAQ,EACR,cAAc,GAEf,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,iBAAiB,GAElB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,0BAA0B,GAG3B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAExE,OAAO,EACL,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,0BAA0B,EAC1B,4BAA4B,EAC5B,uBAAuB,EACvB,2BAA2B,EAC3B,UAAU,EACV,yBAAyB,GAI1B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,YAAY,GAMb,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,UAAU,EACV,QAAQ,EACR,SAAS,EACT,cAAc,EACd,SAAS,EACT,uBAAuB,EACvB,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,wBAAwB,GAIzB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,gCAAgC,EAChC,oBAAoB,EACpB,wBAAwB,EACxB,wBAAwB,EACxB,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,6BAA6B,EAC7B,gCAAgC,EAChC,eAAe,GAEhB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,gBAAgB,GAGjB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,WAAW,EACX,WAAW,EACX,SAAS,GAIV,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GAGtB,MAAM,wBAAwB,CAAC;AAWhC,MAAM,UAAU,iBAAiB,CAAC,GAAmB;IACnD,OAAO,GAAG,CAAC;AACb,CAAC","sourcesContent":["export {\n  createServer,\n  upsertEnvFile,\n  type CreateServerOptions,\n  type EnvKeyConfig,\n} from \"./create-server.js\";\n\nexport { readBody, streamFile } from \"./h3-helpers.js\";\nexport {\n  buildDeepLink,\n  toAbsoluteOpenUrl,\n  toDesktopOpenUrl,\n  OPEN_ROUTE_SUBPATH,\n  DESKTOP_OPEN_URL,\n  type DeepLinkInput,\n} from \"./deep-link.js\";\nexport { createOpenRouteHandler, type OpenRouteOptions } from \"./open-route.js\";\nexport { createSSEHandler, type SSEHandlerOptions } from \"./sse.js\";\nexport {\n  mountAuthMiddleware,\n  autoMountAuth,\n  getSession,\n  addSession,\n  removeSession,\n  getSessionEmail,\n  runAuthGuard,\n  setDesktopExchange,\n  setDesktopExchangeError,\n  safeReturnPath,\n  type DesktopExchangeErrorPayload,\n  type AuthSession,\n  type AuthOptions,\n} from \"./auth.js\";\nexport { requireEnvKey, type MissingKeyResponse } from \"./missing-key.js\";\nexport { verifyCaptcha, type CaptchaVerifyResult } from \"./captcha.js\";\nexport {\n  createProductionAgentHandler,\n  type ActionEntry,\n  type ScriptEntry,\n  type ProductionAgentOptions,\n  type ActionTool,\n  type ScriptTool,\n  type AgentMessage,\n  type AgentChatRequest,\n  type AgentChatEvent,\n  type AgentChatAttachment,\n  type AgentChatReference,\n  type MentionProvider,\n  type MentionProviderItem,\n  type AgentLoopFinalResponseGuard,\n  type AgentLoopFinalResponseGuardContext,\n  type AgentLoopFinalResponseGuardResult,\n  type AgentLoopToolCallSummary,\n  type AgentLoopToolResultSummary,\n} from \"../agent/index.js\";\nexport {\n  actionsToEngineTools,\n  getOwnerActiveApiKey,\n  runAgentLoop,\n} from \"../agent/production-agent.js\";\nexport {\n  getStoredModelForEngine,\n  resolveEngine,\n} from \"../agent/engine/index.js\";\nexport { createDevScriptRegistry } from \"../scripts/dev/index.js\";\n\nexport {\n  createPollHandler,\n  recordChange,\n  getVersion,\n  getChangesSince,\n  getPollEmitter,\n  canSeeChangeForUser,\n  POLL_CHANGE_EVENT,\n} from \"./poll.js\";\nexport { createPollEventsHandler } from \"./poll-events.js\";\nexport { createAuthPlugin, defaultAuthPlugin } from \"./auth-plugin.js\";\nexport {\n  initServerSentry,\n  isServerSentryEnabled,\n  setSentryUserForRequest,\n  captureRouteError,\n  type RouteErrorContext,\n} from \"./sentry.js\";\nexport {\n  captureError,\n  captureServerError,\n  registerErrorCaptureProvider,\n  type CaptureErrorContext,\n  type CaptureErrorProvider,\n} from \"./capture-error.js\";\nexport { createSentryPlugin, defaultSentryPlugin } from \"./sentry-plugin.js\";\n// Re-export the org plugin so the auto-discovery's DEFAULT_PLUGIN_REGISTRY\n// (which references \"defaultOrgPlugin\" from @agent-native/core/server) can\n// resolve it during the deploy build worker-entry generation.\nexport { createOrgPlugin, defaultOrgPlugin } from \"../org/plugin.js\";\nexport {\n  createGoogleAuthPlugin,\n  type GoogleAuthPluginOptions,\n} from \"./google-auth-plugin.js\";\nexport type { GoogleAuthMode } from \"./google-auth-mode.js\";\nexport {\n  createAgentChatPlugin,\n  defaultAgentChatPlugin,\n  type AgentChatPluginOptions,\n} from \"./agent-chat-plugin.js\";\nexport {\n  configureAgentNativeEmbeddedEnvironment,\n  createAgentNativeEmbeddedAuthOptions,\n  createAgentNativeEmbeddedPlugin,\n  mountAgentNativeEmbedded,\n  normalizeAgentNativeEmbeddedSession,\n  type AgentNativeEmbeddedAuthOptions,\n  type AgentNativeEmbeddedGetSession,\n  type AgentNativeEmbeddedHostSession,\n  type AgentNativeEmbeddedPluginOptions,\n} from \"./embedded.js\";\nexport {\n  createThread,\n  getThread,\n  listThreads,\n  updateThreadData,\n  deleteThread,\n  setThreadScope,\n  type ChatThread,\n  type ChatThreadScope,\n  type ChatThreadSummary,\n  type ListThreadsOptions,\n} from \"../chat-threads/store.js\";\nexport {\n  createResourcesPlugin,\n  defaultResourcesPlugin,\n} from \"./resources-plugin.js\";\nexport {\n  createCoreRoutesPlugin,\n  defaultCoreRoutesPlugin,\n  FRAMEWORK_ROUTE_PREFIX,\n  type CoreRoutesPluginOptions,\n} from \"./core-routes-plugin.js\";\nexport {\n  createBrowserSessionActionEntries,\n  type CreateBrowserSessionActionEntriesOptions,\n} from \"../browser-sessions/actions.js\";\nexport {\n  DEFAULT_BROWSER_SESSION_REQUEST_POLL_MS,\n  DEFAULT_BROWSER_SESSION_REQUEST_TIMEOUT_MS,\n  DEFAULT_BROWSER_SESSION_TTL_MS,\n  callBrowserSession,\n  claimBrowserSessionRequest,\n  completeBrowserSessionRequest,\n  createBrowserSessionRequest,\n  disconnectBrowserSession,\n  getBrowserSession,\n  getBrowserSessionRequest,\n  listBrowserSessions,\n  registerBrowserSession,\n  waitForBrowserSessionRequest,\n} from \"../browser-sessions/store.js\";\nexport {\n  mountBrowserSessionRoutes,\n  type MountBrowserSessionRoutesOptions,\n} from \"../browser-sessions/routes.js\";\nexport type {\n  AgentNativeBrowserSession,\n  AgentNativeBrowserSessionAction,\n  AgentNativeBrowserSessionRecord,\n  AgentNativeBrowserSessionRequest,\n  AgentNativeBrowserSessionRequestStatus,\n  AgentNativeBrowserSessionRequestType,\n  CreateAgentNativeBrowserSessionRequestInput,\n  RegisterAgentNativeBrowserSessionInput,\n} from \"../browser-sessions/types.js\";\nexport {\n  createTerminalPlugin,\n  defaultTerminalPlugin,\n  type TerminalPluginOptions,\n} from \"../terminal/terminal-plugin.js\";\nexport {\n  createCollabPlugin,\n  type CollabPluginOptions,\n} from \"./collab-plugin.js\";\n\nexport {\n  spawnTask,\n  getTask,\n  getTaskByThread,\n  listTasks,\n  sendToTask,\n  markTaskErrored,\n  type AgentTask,\n  type SpawnTaskOptions,\n} from \"./agent-teams.js\";\nexport { isOAuthConnected, getOAuthAccounts } from \"./oauth-helpers.js\";\nexport { wrapWithAnalytics } from \"./analytics.js\";\nexport {\n  getH3App,\n  awaitBootstrap,\n  type H3AppShim,\n} from \"./framework-request-handler.js\";\nexport {\n  autoDiscoverActions,\n  autoDiscoverScripts,\n  loadActionsFromStaticRegistry,\n  mergeCoreSharingActions,\n  registerPackageActions,\n} from \"./action-discovery.js\";\nexport {\n  mountActionRoutes,\n  type MountActionRoutesOptions,\n} from \"./action-routes.js\";\nexport {\n  runWithRequestContext,\n  hasRequestContext,\n  getRequestContext,\n  getRequestUserEmail,\n  getRequestUserName,\n  getRequestOrgId,\n  getRequestTimezone,\n  getRequestRunContext,\n  getCredentialContext,\n  isIntegrationCallerRequest,\n  type RequestContext,\n  type RequestRunContext,\n} from \"./request-context.js\";\nexport { formatDateInTimezone, todayInTimezone } from \"./date-utils.js\";\n\nexport {\n  createOnboardingPlugin,\n  defaultOnboardingPlugin,\n} from \"../onboarding/plugin.js\";\n\nexport {\n  registerFileUploadProvider,\n  unregisterFileUploadProvider,\n  listFileUploadProviders,\n  getActiveFileUploadProvider,\n  uploadFile,\n  builderFileUploadProvider,\n  type FileUploadInput,\n  type FileUploadProvider,\n  type FileUploadResult,\n} from \"../file-upload/index.js\";\n\nexport {\n  createIntegrationsPlugin,\n  defaultIntegrationsPlugin,\n  enqueueRemoteCommand,\n  slackAdapter,\n  telegramAdapter,\n  whatsappAdapter,\n  emailAdapter,\n  type PlatformAdapter,\n  type IncomingMessage,\n  type OutgoingMessage,\n  type IntegrationStatus,\n  type IntegrationsPluginOptions,\n} from \"../integrations/index.js\";\n\nexport {\n  isElectron,\n  isMobile,\n  getOrigin,\n  getAppBasePath,\n  getAppUrl,\n  resolveOAuthRedirectUri,\n  isAllowedOAuthRedirectUri,\n  encodeOAuthState,\n  decodeOAuthState,\n  resolveOAuthOwner,\n  createOAuthSession,\n  oauthCallbackResponse,\n  oauthErrorPage,\n  oauthDesktopExchangePage,\n  type OAuthStatePayload,\n  type OAuthOwnerResult,\n  type OAuthSessionResult,\n} from \"./google-oauth.js\";\n\nexport {\n  FeatureNotConfiguredError,\n  hasBuilderPrivateKey,\n  isBuilderEnvManaged,\n  getBuilderProxyOrigin,\n  getBuilderImageGenerationBaseUrl,\n  getBuilderAuthHeader,\n  resolveBuilderPrivateKey,\n  resolveBuilderAuthHeader,\n  resolveHasBuilderPrivateKey,\n  resolveBuilderCredentials,\n  resolveBuilderCredential,\n  writeBuilderCredentials,\n  deleteBuilderCredentials,\n  resolveSecret,\n} from \"./credential-provider.js\";\nexport {\n  getBuilderBranchProjectId,\n  isBuilderBranchingEnabled,\n  resolveBuilderBranchProjectId,\n  resolveIsBuilderBranchingEnabled,\n  runBuilderAgent,\n  type RunBuilderAgentResult,\n} from \"./builder-browser.js\";\n\nexport {\n  sendEmail,\n  isEmailConfigured,\n  getEmailProvider,\n  type EmailProvider,\n  type SendEmailArgs,\n} from \"./email.js\";\nexport {\n  renderEmail,\n  emailStrong,\n  emailLink,\n  type RenderEmailArgs,\n  type RenderedEmail,\n  type EmailCta,\n} from \"./email-template.js\";\nexport { getAppProductionUrl, getFirstPartyProdUrl } from \"./app-url.js\";\nexport {\n  getConfiguredAppBasePath,\n  normalizeAppBasePath,\n  withConfiguredAppBasePath,\n} from \"./app-base-path.js\";\nexport {\n  signShortLivedToken,\n  verifyShortLivedToken,\n  type ShortLivedTokenClaims,\n  type VerifyResult as ShortLivedTokenVerifyResult,\n} from \"./short-lived-token.js\";\n\n// SSR handler is NOT re-exported here — it uses a virtual module\n// (virtual:react-router/server-build) that only exists at Vite dev/build time.\n// Including it in this barrel would break the esbuild CF Pages bundler.\n// Templates import directly: import { ssrHandler } from \"@agent-native/core/server/ssr-handler\"\n\n// Nitro plugin helper — re-exported so templates don't need nitro as a direct dependency.\n// defineNitroPlugin is an identity function; this typed wrapper lets templates use it\n// without resolving `nitro/runtime` (which requires Nitro's virtual modules at runtime).\nexport type NitroPluginDef = (nitroApp: any) => void | Promise<void>;\nexport function defineNitroPlugin(def: NitroPluginDef): NitroPluginDef {\n  return def;\n}\n"]}

package/dist/server/open-route.d.ts

@@ -0,0 +1,12 @@
+export interface OpenRouteOptions {
+    /** Per-template override that turns the parsed deep-link params into the
+     *  client-side SPA path to redirect to. Return `null` to use the default
+     *  (`/<view>`). Filter params (`f_*`) are appended automatically. */
+    resolveOpenPath?: (params: {
+        app?: string;
+        view?: string;
+        params: Record<string, string>;
+    }) => string | null | undefined;
+}
+export declare function createOpenRouteHandler(options?: OpenRouteOptions): import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<Response>>;
+//# sourceMappingURL=open-route.d.ts.map

package/dist/server/open-route.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"open-route.d.ts","sourceRoot":"","sources":["../../src/server/open-route.ts"],"names":[],"mappings":"AAmCA,MAAM,WAAW,gBAAgB;IAC/B;;yEAEqE;IACrE,eAAe,CAAC,EAAE,CAAC,MAAM,EAAE;QACzB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAChC,KAAK,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;CACjC;AA+BD,wBAAgB,sBAAsB,CAAC,OAAO,GAAE,gBAAqB,2FA4FpE"}

package/dist/server/open-route.js

@@ -0,0 +1,128 @@
+import { defineEventHandler, getMethod } from "h3";
+import { getSession, getConfiguredLoginHtml } from "./auth.js";
+import { appStatePut } from "../application-state/store.js";
+/** Query keys that are route control, not navigation payload. */
+const RESERVED = new Set(["app", "view", "to", "compose"]);
+// Control-char guard (NUL..US + DEL). Defined via codepoints so the source
+// file stays plain ASCII.
+const CONTROL_CHARS = new RegExp("[\\u0000-\\u001f\\u007f]");
+function getRequestUrl(event) {
+    return event.node?.req?.url ?? event.path ?? "/";
+}
+/** Decode a base64url string to UTF-8 (Node Buffer; this route is Node-only). */
+function decodeBase64Url(input) {
+    return Buffer.from(input, "base64url").toString("utf8");
+}
+/**
+ * Normalize a candidate redirect path to a safe, same-origin, leading-slash
+ * relative path. Rejects absolute URLs, scheme-relative `//host`, and control
+ * chars (open-redirect guard). Returns `null` when unsafe.
+ */
+function safeRelativePath(raw) {
+    if (!raw)
+        return null;
+    if (CONTROL_CHARS.test(raw))
+        return null;
+    if (!raw.startsWith("/"))
+        return null;
+    if (raw.startsWith("//") || raw.startsWith("/\\"))
+        return null;
+    if (/^\/[a-z][a-z0-9+.-]*:/i.test(raw))
+        return null;
+    return raw;
+}
+function redirect(location) {
+    // Native web Response (not h3 v2's reworked sendRedirect) — matches the
+    // redirect pattern used elsewhere in auth.ts.
+    return new Response("", { status: 302, headers: { Location: location } });
+}
+export function createOpenRouteHandler(options = {}) {
+    return defineEventHandler(async (event) => {
+        const method = getMethod(event);
+        if (method !== "GET" && method !== "HEAD") {
+            return new Response(JSON.stringify({ error: "Method not allowed" }), {
+                status: 405,
+                headers: { "Content-Type": "application/json" },
+            });
+        }
+        const rawUrl = getRequestUrl(event);
+        let search;
+        try {
+            search = new URL(rawUrl, "http://an.invalid").searchParams;
+        }
+        catch {
+            search = new URLSearchParams();
+        }
+        const app = search.get("app") ?? undefined;
+        const view = search.get("view") ?? undefined;
+        const toParam = search.get("to") ?? undefined;
+        const compose = search.get("compose") ?? undefined;
+        // Resolve the BROWSER session. When unauthenticated, serve the same login
+        // form the guard would — at this URL — so the post-login reload returns
+        // here authenticated.
+        const session = await getSession(event);
+        if (!session?.email) {
+            const html = getConfiguredLoginHtml(event);
+            if (html) {
+                return new Response(html, {
+                    status: 200,
+                    headers: { "Content-Type": "text/html; charset=utf-8" },
+                });
+            }
+            // No auth guard configured (fully open app) — best effort: still send
+            // the user to the view; nothing to scope the navigate write to.
+        }
+        // Build the navigation payload from every non-reserved query param
+        // (record ids + filters: threadId, eventId, dashboardId, f_*, ...).
+        const navParams = {};
+        for (const [k, v] of search.entries()) {
+            if (RESERVED.has(k))
+                continue;
+            navParams[k] = v;
+        }
+        const navPayload = { ...navParams };
+        if (view)
+            navPayload.view = view;
+        if (session?.email) {
+            try {
+                await appStatePut(session.email, "navigate", navPayload, {
+                    requestSource: "deep-link",
+                });
+                if (compose) {
+                    try {
+                        const draft = JSON.parse(decodeBase64Url(compose));
+                        if (draft && typeof draft === "object" && draft.id) {
+                            await appStatePut(session.email, `compose-${draft.id}`, draft, {
+                                requestSource: "deep-link",
+                            });
+                        }
+                    }
+                    catch {
+                        // Malformed compose payload — skip; the view still opens.
+                    }
+                }
+            }
+            catch {
+                // App-state write failure shouldn't 500 the click; the redirect
+                // below still lands the user on the right view.
+            }
+        }
+        // Resolve the SPA path to redirect to.
+        let target = safeRelativePath(toParam) ??
+            safeRelativePath(options.resolveOpenPath?.({ app, view, params: navParams }) ??
+                (view ? `/${view}` : null)) ??
+            "/";
+        // Forward filter params (f_*) onto the redirect so dashboards/lists open
+        // pre-filtered even before the navigate command is drained.
+        const filters = new URLSearchParams();
+        for (const [k, v] of search.entries()) {
+            if (k.startsWith("f_"))
+                filters.set(k, v);
+        }
+        const fq = filters.toString();
+        if (fq)
+            target += (target.includes("?") ? "&" : "?") + fq;
+        return redirect(target);
+    });
+}
+//# sourceMappingURL=open-route.js.map

package/dist/server/open-route.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"open-route.js","sourceRoot":"","sources":["../../src/server/open-route.ts"],"names":[],"mappings":"AAwBA,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAE5D,iEAAiE;AACjE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;AAE3D,2EAA2E;AAC3E,0BAA0B;AAC1B,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,0BAA0B,CAAC,CAAC;AAa7D,SAAS,aAAa,CAAC,KAAc;IACnC,OAAQ,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,IAAK,KAAa,CAAC,IAAI,IAAI,GAAG,CAAC;AACrE,CAAC;AAED,iFAAiF;AACjF,SAAS,eAAe,CAAC,KAAa;IACpC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC1D,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB,CAAC,GAA8B;IACtD,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACzC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/D,IAAI,wBAAwB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,QAAQ,CAAC,QAAgB;IAChC,wEAAwE;IACxE,8CAA8C;IAC9C,OAAO,IAAI,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,UAA4B,EAAE;IACnE,OAAO,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;QACjD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC1C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,EAAE;gBACnE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,MAAuB,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC,YAAY,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACjC,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC;QAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC;QAC9C,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC;QAEnD,0EAA0E;QAC1E,wEAAwE;QACxE,sBAAsB;QACtB,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;YAC3C,IAAI,IAAI,EAAE,CAAC;gBACT,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;oBACxB,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE;iBACxD,CAAC,CAAC;YACL,CAAC;YACD,sEAAsE;YACtE,gEAAgE;QAClE,CAAC;QAED,mEAAmE;QACnE,oEAAoE;QACpE,MAAM,SAAS,GAA2B,EAAE,CAAC;QAC7C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YACtC,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,SAAS;YAC9B,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;QACD,MAAM,UAAU,GAA4B,EAAE,GAAG,SAAS,EAAE,CAAC;QAC7D,IAAI,IAAI;YAAE,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC;QAEjC,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE;oBACvD,aAAa,EAAE,WAAW;iBAC3B,CAAC,CAAC;gBACH,IAAI,OAAO,EAAE,CAAC;oBACZ,IAAI,CAAC;wBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC;wBACnD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,EAAE,EAAE,CAAC;4BACnD,MAAM,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,KAAK,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE;gCAC7D,aAAa,EAAE,WAAW;6BAC3B,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,0DAA0D;oBAC5D,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gEAAgE;gBAChE,gDAAgD;YAClD,CAAC;QACH,CAAC;QAED,uCAAuC;QACvC,IAAI,MAAM,GACR,gBAAgB,CAAC,OAAO,CAAC;YACzB,gBAAgB,CACd,OAAO,CAAC,eAAe,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;gBACzD,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAC7B;YACD,GAAG,CAAC;QAEN,yEAAyE;QACzE,4DAA4D;QAC5D,MAAM,OAAO,GAAG,IAAI,eAAe,EAAE,CAAC;QACtC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YACtC,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC;gBAAE,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5C,CAAC;QACD,MAAM,EAAE,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC9B,IAAI,EAAE;YAAE,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;QAE1D,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["/**\n * `/_agent-native/open` — the stable deep-link route.\n *\n * An external coding agent (Claude Code / Cowork / Codex) surfaces an\n * \"Open in <app> →\" link (built by an action's `link` builder, see\n * `deep-link.ts`). When the user clicks it in any browser / inline webview,\n * this route:\n *   1. Resolves the *browser* session (NOT the agent token) — so the record\n *      always lands where the human is logged in.\n *   2. When unauthenticated, serves the same sign-in form the auth guard\n *      would, *at this same URL*. The login form's success handler reloads\n *      `window.location.href`, so the now-authenticated request re-enters\n *      this route and proceeds. No `?next=` plumbing needed.\n *   3. Writes the existing one-shot `navigate` application-state command (the\n *      exact key the UI already drains every 2s — we don't invent a new\n *      navigation mechanism, we bridge to it), plus an optional `compose-<id>`\n *      draft.\n *   4. 302-redirects to the rendered SPA view so the page loads immediately;\n *      the polled `navigate` command then applies record-level focus.\n *\n * The link itself is a pure pointer (view + record ids + filters) and carries\n * no privileged state.\n */\nimport type { H3Event } from \"h3\";\nimport { defineEventHandler, getMethod } from \"h3\";\nimport { getSession, getConfiguredLoginHtml } from \"./auth.js\";\nimport { appStatePut } from \"../application-state/store.js\";\n\n/** Query keys that are route control, not navigation payload. */\nconst RESERVED = new Set([\"app\", \"view\", \"to\", \"compose\"]);\n\n// Control-char guard (NUL..US + DEL). Defined via codepoints so the source\n// file stays plain ASCII.\nconst CONTROL_CHARS = new RegExp(\"[\\\\u0000-\\\\u001f\\\\u007f]\");\n\nexport interface OpenRouteOptions {\n  /** Per-template override that turns the parsed deep-link params into the\n   *  client-side SPA path to redirect to. Return `null` to use the default\n   *  (`/<view>`). Filter params (`f_*`) are appended automatically. */\n  resolveOpenPath?: (params: {\n    app?: string;\n    view?: string;\n    params: Record<string, string>;\n  }) => string | null | undefined;\n}\n\nfunction getRequestUrl(event: H3Event): string {\n  return (event as any).node?.req?.url ?? (event as any).path ?? \"/\";\n}\n\n/** Decode a base64url string to UTF-8 (Node Buffer; this route is Node-only). */\nfunction decodeBase64Url(input: string): string {\n  return Buffer.from(input, \"base64url\").toString(\"utf8\");\n}\n\n/**\n * Normalize a candidate redirect path to a safe, same-origin, leading-slash\n * relative path. Rejects absolute URLs, scheme-relative `//host`, and control\n * chars (open-redirect guard). Returns `null` when unsafe.\n */\nfunction safeRelativePath(raw: string | undefined | null): string | null {\n  if (!raw) return null;\n  if (CONTROL_CHARS.test(raw)) return null;\n  if (!raw.startsWith(\"/\")) return null;\n  if (raw.startsWith(\"//\") || raw.startsWith(\"/\\\\\")) return null;\n  if (/^\\/[a-z][a-z0-9+.-]*:/i.test(raw)) return null;\n  return raw;\n}\n\nfunction redirect(location: string): Response {\n  // Native web Response (not h3 v2's reworked sendRedirect) — matches the\n  // redirect pattern used elsewhere in auth.ts.\n  return new Response(\"\", { status: 302, headers: { Location: location } });\n}\n\nexport function createOpenRouteHandler(options: OpenRouteOptions = {}) {\n  return defineEventHandler(async (event: H3Event) => {\n    const method = getMethod(event);\n    if (method !== \"GET\" && method !== \"HEAD\") {\n      return new Response(JSON.stringify({ error: \"Method not allowed\" }), {\n        status: 405,\n        headers: { \"Content-Type\": \"application/json\" },\n      });\n    }\n\n    const rawUrl = getRequestUrl(event);\n    let search: URLSearchParams;\n    try {\n      search = new URL(rawUrl, \"http://an.invalid\").searchParams;\n    } catch {\n      search = new URLSearchParams();\n    }\n\n    const app = search.get(\"app\") ?? undefined;\n    const view = search.get(\"view\") ?? undefined;\n    const toParam = search.get(\"to\") ?? undefined;\n    const compose = search.get(\"compose\") ?? undefined;\n\n    // Resolve the BROWSER session. When unauthenticated, serve the same login\n    // form the guard would — at this URL — so the post-login reload returns\n    // here authenticated.\n    const session = await getSession(event);\n    if (!session?.email) {\n      const html = getConfiguredLoginHtml(event);\n      if (html) {\n        return new Response(html, {\n          status: 200,\n          headers: { \"Content-Type\": \"text/html; charset=utf-8\" },\n        });\n      }\n      // No auth guard configured (fully open app) — best effort: still send\n      // the user to the view; nothing to scope the navigate write to.\n    }\n\n    // Build the navigation payload from every non-reserved query param\n    // (record ids + filters: threadId, eventId, dashboardId, f_*, ...).\n    const navParams: Record<string, string> = {};\n    for (const [k, v] of search.entries()) {\n      if (RESERVED.has(k)) continue;\n      navParams[k] = v;\n    }\n    const navPayload: Record<string, unknown> = { ...navParams };\n    if (view) navPayload.view = view;\n\n    if (session?.email) {\n      try {\n        await appStatePut(session.email, \"navigate\", navPayload, {\n          requestSource: \"deep-link\",\n        });\n        if (compose) {\n          try {\n            const draft = JSON.parse(decodeBase64Url(compose));\n            if (draft && typeof draft === \"object\" && draft.id) {\n              await appStatePut(session.email, `compose-${draft.id}`, draft, {\n                requestSource: \"deep-link\",\n              });\n            }\n          } catch {\n            // Malformed compose payload — skip; the view still opens.\n          }\n        }\n      } catch {\n        // App-state write failure shouldn't 500 the click; the redirect\n        // below still lands the user on the right view.\n      }\n    }\n\n    // Resolve the SPA path to redirect to.\n    let target =\n      safeRelativePath(toParam) ??\n      safeRelativePath(\n        options.resolveOpenPath?.({ app, view, params: navParams }) ??\n          (view ? `/${view}` : null),\n      ) ??\n      \"/\";\n\n    // Forward filter params (f_*) onto the redirect so dashboards/lists open\n    // pre-filtered even before the navigate command is drained.\n    const filters = new URLSearchParams();\n    for (const [k, v] of search.entries()) {\n      if (k.startsWith(\"f_\")) filters.set(k, v);\n    }\n    const fq = filters.toString();\n    if (fq) target += (target.includes(\"?\") ? \"&\" : \"?\") + fq;\n\n    return redirect(target);\n  });\n}\n"]}

package/docs/content/external-agents.md

@@ -0,0 +1,177 @@
+---
+title: "External Agents"
+description: "Connect Claude Code, Cowork, and Codex to an agent-native app over MCP — with deep links that drop the user back into the running UI and live artifact round-trip."
+---
+
+# External Agents
+
+An agent-native app is reachable by any external coding agent — Claude Code (desktop & CLI), Claude Cowork, Codex — over [MCP](/docs/mcp-protocol). External agents are great at producing artifacts (a draft, an event, a dashboard) but they live in a terminal or another app. Without a bridge, the user gets a wall of JSON and has to go find the thing.
+
+The external-agent bridge closes the loop: the agent does the work over MCP, then hands the user a single **"Open in <app> →"** link that opens the real app focused on exactly what was produced. It reuses the existing `navigate` / `application_state` contract the UI already drains every 2s (see [Context Awareness](/docs/context-awareness)) — there is no second navigation mechanism.
+
+## Overview {#overview}
+
+- **One-command setup** — `agent-native mcp install --client <c>` writes the client config and provisions a token.
+- **`link` builder** — any action that produces or lists a navigable resource returns a deep link; MCP/A2A surfaces auto-append an "Open in … →" link.
+- **`/_agent-native/open` route** — a pure pointer (view + record ids + filters); the record-focusing write is always scoped to the **browser session**, never the agent's token.
+- **Ingest actions** — GET + `readOnly` + `publicAgent` actions let an external agent pull **live** app state into its own context.
+- **Generic cross-app verbs** — a stable verb set (`list_apps`, `open_app`, `ask_app`, `create_workspace_app`, `list_templates`) so an external agent has a predictable surface without guessing per-app action names.
+
+## Connect an external agent {#connect}
+
+The framework already mounts an HTTP MCP endpoint at `/_agent-native/mcp` (see [MCP Protocol](/docs/mcp-protocol)). Every `defineAction` is exposed as an MCP tool, plus the `ask-agent` meta-tool that runs the full agent loop (the same entry point [A2A](/docs/a2a-protocol) uses). Hosted apps point an external agent at that URL with a bearer token (`ACCESS_TOKEN`, or an `A2A_SECRET` JWT carrying the caller's `sub` + `org_domain` so tool runs stay tenant-scoped).
+
+For local Claude Code / Codex / Cowork, one command writes the client config:
+
+```bash
+agent-native mcp install --client claude-code|claude-code-cli|codex|cowork \
+  [--app <id>] [--scope user|project]
+```
+
+It provisions a token (a random `ACCESS_TOKEN` into the workspace `.env` for local dev, or a signed JWT for a detected hosted deployment) and writes an idempotent stdio server entry:
+
+- **claude-code / claude-code-cli** — an `mcpServers` entry in `.mcp.json` (project scope, default) or `~/.claude.json` (`--scope user`).
+- **cowork** — the same Claude Code JSON shape in `~/.cowork/mcp.json`.
+- **codex** — an `[mcp_servers.<name>]` block in `~/.codex/config.toml`.
+
+The entry runs `agent-native mcp serve --app <id>`, which by default is a **thin stdio proxy** to the running local app's `/_agent-native/mcp` — so the live action registry, HMR, and correct deep links stay the single source of truth. Pass `--standalone` to build the registry in-process instead. When `agent-native mcp install` detects a hosted origin (a non-localhost `APP_URL` / `BETTER_AUTH_URL` / `AGENT_NATIVE_MCP_URL` in the workspace `.env`), it writes an `http` client entry pointing at `<origin>/_agent-native/mcp` with a `Bearer` JWT instead of a stdio entry.
+
+Companion subcommands:
+
+| Command                                   | What it does                                                        |
+| ----------------------------------------- | ------------------------------------------------------------------- |
+| `agent-native mcp serve [--app <id>]`     | Run the MCP stdio transport (what client configs spawn).            |
+| `agent-native mcp install --client <c>`   | Provision a token + write the client's MCP config (idempotent).     |
+| `agent-native mcp uninstall --client <c>` | Remove the named MCP entry from a client's config (idempotent).     |
+| `agent-native mcp status`                 | Show resolved MCP URL/port, token state, and per-client entries.    |
+| `agent-native mcp token [--rotate]`       | Print (or rotate) the local `ACCESS_TOKEN` in the workspace `.env`. |
+
+Restart the client after `install` so it picks up the new MCP server.
+
+## The `link` builder {#link-builder}
+
+`defineAction` accepts an optional `link` builder. When set, every MCP/A2A result for that tool auto-appends a markdown `[label →](absoluteUrl)` block and a structured `_meta["agent-native/openLink"] = { label, view, webUrl, desktopUrl }`. `tools/list` adds `annotations["agent-native/producesOpenLink"]` and a description suffix so the external agent knows the tool yields an openable link and should surface it.
+
+Build the URL with `buildDeepLink(...)` — it is the single source of truth for the open-route format. Never hand-format the `/_agent-native/open` URL.
+
+Real example — mail's `manage-draft` (`templates/mail/actions/manage-draft.ts`):
+
+```ts
+import { buildDeepLink } from "@agent-native/core/server";
+
+function composeDeepLink(draft: Record<string, string>): string {
+  return buildDeepLink({
+    app: "mail",
+    view: "inbox",
+    compose: encodeComposeDraft(draft), // base64url JSON → compose-<id> draft
+  });
+}
+
+export default defineAction({
+  // ...schema, run...
+  link: ({ result }) => {
+    if (!result || typeof result !== "object") return null;
+    const draft = (result as { draft?: Record<string, string> }).draft;
+    const id = (result as { id?: string }).id;
+    if (!draft || !id) return null;
+    return {
+      url: composeDeepLink(draft),
+      label: "Open draft in Mail",
+      view: "inbox",
+    };
+  },
+});
+```
+
+List/search actions point at a record-focused view the same way — e.g. calendar's `create-event` returns `buildDeepLink({ app: "calendar", view: "calendar", params: { eventId, date } })` with label `"Open event in Calendar"`.
+
+### The `link` contract {#link-contract}
+
+The `link` builder is **pure and synchronous — no I/O, no awaits**. It runs best-effort: a throw, `null`, or `undefined` is swallowed and **never** fails the tool call. It only reads the call's `args` and `result`; it must not query the DB, read app-state, or call other actions. Return `null` when there's nothing to open.
+
+`buildDeepLink({ app, view, params?, to?, compose? })` returns the app-relative path `/_agent-native/open?app=…&view=…&<recordId>=…`. The MCP layer turns that into an absolute web URL (`toAbsoluteOpenUrl`, using the request origin) and a desktop `agentnative://open?…` URL (`toDesktopOpenUrl`); the markdown link uses the desktop URL when the client signals `target: "desktop"`.
+
+## The `/_agent-native/open` route {#open-route}
+
+When the user clicks the link in any browser or inline webview, `GET /_agent-native/open` (`createOpenRouteHandler`, mounted by the core routes plugin):
+
+1. Resolves the **browser** session via `getSession` (the auth guard bypasses the exact path `/_agent-native/open`).
+2. If unauthenticated, serves the configured login HTML **at the same URL**; the form's success handler reloads `window.location`, re-entering the route authenticated — no `?next=` plumbing.
+3. Writes the existing one-shot `navigate` application-state command (payload = every non-reserved query param + `view`) scoped to the browser session's email with `requestSource: "deep-link"`, and decodes a `compose` base64url draft into a `compose-<id>` key.
+4. 302-redirects to a safe same-origin relative path (`to=`, else `/<view>`, else a per-template `resolveOpenPath`), forwarding `f_*` filter params so lists/dashboards open pre-filtered before the `navigate` command is even drained.
+
+Cross-origin, scheme-relative `//host`, and control-char redirects are rejected (open-redirect guard). The route can be disabled per app via `disableOpenRoute`.
+
+### The browser-session identity rule {#identity-rule}
+
+The link carries **no privileged state** — it is just `view` + record ids + filters. The record-focusing `navigate` write is scoped to whoever is logged into the **browser**, never the external agent's MCP token. So an agent authenticated as one identity can hand a user a link, and when that user clicks it the record opens where _the user_ is logged in. This is what makes the deep link safe to surface in a terminal or chat transcript. See [Context Awareness](/docs/context-awareness) for the `navigate` / `application_state` contract this bridges to.
+
+## Ingest actions {#ingest}
+
+An action an external agent reads to pull live app state into its own context must be:
+
+```ts
+export default defineAction({
+  description: "…",
+  schema: z.object({ id: z.string() }),
+  http: { method: "GET" },
+  readOnly: true,
+  publicAgent: { expose: true, readOnly: true, requiresAuth: true },
+  run: async ({ id }) => {
+    /* read LIVE state, not the stale DB snapshot column */
+  },
+});
+```
+
+`GET` + `readOnly` keeps the action side-effect-free and out of the screen-refresh poll. `publicAgent` is the **explicit opt-in** — a public web route never implies public MCP/A2A exposure; see [Actions](/docs/actions). Design/content ingest actions MUST read **live** state (the Yjs collaborative document, not the stale DB snapshot column) so the external agent sees what the user actually has on screen. Content's `pull-document` flushes any open live collab session to SQL first; design's `get-design-snapshot` returns the live Yjs file contents plus the user's resolved tweak values.
+
+## Generic cross-app verbs + scaffolding {#cross-app}
+
+On top of the per-action tools the MCP server exposes a stable verb set so an external agent has a predictable surface without guessing per-app action names:
+
+| Tool                                       | Side effects | Returns                                                                              |
+| ------------------------------------------ | ------------ | ------------------------------------------------------------------------------------ |
+| `list_apps`                                | none         | workspace apps + their dev URLs / running state                                      |
+| `open_app({ app, view, params? })`         | none         | a `buildDeepLink` URL (surfaces as an "Open …" link)                                 |
+| `ask_app({ app, message })`                | agent loop   | routes a natural-language task to that app's in-app agent (delegates to `ask-agent`) |
+| `create_workspace_app({ name, template })` | scaffolds    | a new app booted via the workspace path, plus its running URL + deep link            |
+| `list_templates`                           | none         | the allow-listed templates only                                                      |
+
+`create_workspace_app` rejects any non-allow-listed template — the public template allow-list in `packages/shared-app-config/templates.ts` is authoritative and CI-guarded; an external agent cannot widen it. A same-named template action overrides a builtin (template-over-core precedence). Disable the whole set with `MCPConfig.builtinCrossAppTools: false`.
+
+## Per-app tour {#tour}
+
+Every allow-listed template that produces or lists a navigable resource ships a `link` builder, and the ingest-heavy ones ship a GET + `publicAgent` action:
+
+- **Mail** — `manage-draft` returns a `compose`-encoded deep link; clicking it opens the inbox with the draft restored into a `compose-<id>`. `list-emails` / `search-emails` point at a filtered inbox view.
+- **Calendar** — `create-event` returns `buildDeepLink({ app: "calendar", view: "calendar", params: { eventId, date } })`; the click lands on the calendar with that event focused on its date.
+- **Analytics** — `update-dashboard` / `save-analysis` return `buildDeepLink({ app: "analytics", view: "adhoc", params: { dashboardId } })`; the agent builds a dashboard over MCP and hands back "Open dashboard in Analytics".
+- **Design** — `get-design-snapshot` is the GET + `publicAgent` ingest action: it returns the **live** Yjs file contents plus the resolved tweak values so the agent continues from the tuned design, not the original tokens. `apply-tweaks` round-trips back with an "Open design" editor link.
+- **Content** — `pull-document` is the GET + `publicAgent` ingest action: it flushes any open live collaborative session to SQL first so the external agent ingests exactly what the user sees, then surfaces a deep link to the document.
+- **Brain** — `ask-brain` / `search-everything` return a cited answer plus a deep link to the underlying knowledge/capture, so a terminal agent's lookup links straight back into the source in the running app.
+
+## Do / Don't {#do-dont}
+
+**Do**
+
+- Add a `link` builder to any action that produces or lists a navigable resource (draft, event, dashboard, document).
+- Build the URL with `buildDeepLink(...)` — the single source of truth for the open-route format.
+- Keep `link` pure and synchronous; return `null` when there's nothing to open.
+- Make external-agent ingest actions GET + `readOnly` + `publicAgent`, and read live (Yjs) state, not the stale DB column.
+- Let the open route resolve the browser session; pass record ids as deep-link params and let the UI focus them via the polled `navigate` command.
+
+**Don't**
+
+- Hand-format the `/_agent-native/open` URL — always go through `buildDeepLink`.
+- Do I/O, awaits, DB reads, or app-state reads inside a `link` builder.
+- Scope the `navigate` write to the agent token, or pass privileged state through the deep link — it's a pure pointer.
+- Invent a new navigation mechanism; bridge to the existing `navigate` / `application_state` contract.
+- Widen the public template allow-list when scaffolding an app from an external agent — the allow-list is authoritative and guarded.
+
+## Related {#related}
+
+- [MCP Protocol](/docs/mcp-protocol) — the auto-mounted MCP server and `ask-agent` meta-tool.
+- [MCP Clients](/docs/mcp-clients) — the symmetric direction: your app consuming local/remote MCP servers.
+- [A2A Protocol](/docs/a2a-protocol) — the `ask-agent` meta-tool and JSON-RPC peer calls.
+- [Actions](/docs/actions) — defining actions, `publicAgent`, GET / `readOnly`.
+- [Context Awareness](/docs/context-awareness) — the `navigate` / `application_state` contract the open route bridges to.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-native/core",
-  "version": "0.17.1",
+  "version": "0.18.0",
   "type": "module",
   "description": "Framework for agent-native application development — where AI agents and UI share state via files",
   "license": "MIT",