@agent-native/core 0.18.1 → 0.19.0

package/dist/code-agents/transcript-normalizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transcript-normalizer.d.ts","sourceRoot":"","sources":["../../src/code-agents/transcript-normalizer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AAE1E,YAAY,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AAE1E,MAAM,MAAM,iCAAiC,GACzC,2BAA2B,GAC3B,gCAAgC,GAChC,4BAA4B,GAC5B,8BAA8B,CAAC;AAEnC,MAAM,WAAW,6BAA6B;IAC5C,KAAK,EAAE,iCAAiC,EAAE,CAAC;IAC3C,SAAS,EAAE,wBAAwB,EAAE,CAAC;IACtC,YAAY,EAAE,wBAAwB,EAAE,CAAC;CAC1C;AAED,MAAM,WAAW,iCAAiC;IAChD,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,wBAAwB,EAAE,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,2BAA4B,SAAQ,iCAAiC;IACpF,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,gCAAiC,SAAQ,iCAAiC;IACzF,IAAI,EAAE,WAAW,CAAC;IAClB,IAAI,EAAE,WAAW,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,QAAQ,GAAG,eAAe,CAAC;IACnC,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;CACxC;AAED,MAAM,WAAW,4BAA6B,SAAQ,iCAAiC;IACrF,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,UAAU,GAAG,SAAS,GAAG,WAAW,CAAC;IAC5C,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,8BAA+B,SAAQ,iCAAiC;IACvF,IAAI,EAAE,QAAQ,CAAC;IACf,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,CAAC;IACjD,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,wBAAwB,CAAC,MAAM,CAAC,CAAC;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,SAAS,wBAAwB,EAAE,GAC1C,6BAA6B,CA2D/B"}

package/dist/code-agents/transcript-normalizer.js

@@ -0,0 +1,356 @@
+export function normalizeCodeAgentTranscript(events) {
+    const items = [];
+    const hiddenEvents = [];
+    const eventOrder = new Map(events.map((event, index) => [event.id, index]));
+    let turnIndex = -1;
+    for (const event of events) {
+        const currentTurnIndex = Math.max(turnIndex, 0);
+        if (event.kind === "user") {
+            turnIndex = turnIndex < 0 ? (items.length === 0 ? 0 : 1) : turnIndex + 1;
+            items.push(createUserTurn(event, turnIndex));
+            continue;
+        }
+        const assistantSource = assistantTextSource(event);
+        if (assistantSource) {
+            const text = assistantTextForEvent(event, assistantSource);
+            if (!text) {
+                hiddenEvents.push(event);
+                continue;
+            }
+            const previous = items.at(-1);
+            if (previous?.type === "assistant" &&
+                previous.source === assistantSource &&
+                previous.turnIndex === currentTurnIndex) {
+                appendAssistantChunk(previous, event, text);
+            }
+            else {
+                items.push(createAssistantTurn(event, assistantSource, currentTurnIndex, text));
+            }
+            continue;
+        }
+        const toolType = toolEventType(event);
+        if (toolType) {
+            appendToolEvent(items, event, toolType, currentTurnIndex);
+            continue;
+        }
+        if (shouldShowStatusEvent(event)) {
+            items.push(createStatusEvent(event, currentTurnIndex));
+        }
+        else {
+            hiddenEvents.push(event);
+        }
+    }
+    const dedupedItems = suppressDuplicateFinalAssistantText(items, hiddenEvents);
+    hiddenEvents.sort((a, b) => (eventOrder.get(a.id) ?? 0) - (eventOrder.get(b.id) ?? 0));
+    return {
+        items: dedupedItems,
+        rawEvents: [...events],
+        hiddenEvents,
+    };
+}
+function createUserTurn(event, turnIndex) {
+    return {
+        type: "user",
+        role: "user",
+        id: event.id,
+        text: event.message,
+        createdAt: event.createdAt,
+        updatedAt: event.createdAt,
+        eventIds: [event.id],
+        events: [event],
+        turnIndex,
+    };
+}
+function createAssistantTurn(event, source, turnIndex, text) {
+    return {
+        type: "assistant",
+        role: "assistant",
+        id: event.id,
+        text,
+        source,
+        createdAt: event.createdAt,
+        updatedAt: event.createdAt,
+        eventIds: [event.id],
+        events: [event],
+        turnIndex,
+    };
+}
+function appendAssistantChunk(item, event, text) {
+    item.text = shouldAppendAssistantChunkExactly(item, event)
+        ? `${item.text}${text}`
+        : joinAssistantChunks(item.text, text);
+    item.updatedAt = event.createdAt;
+    item.eventIds.push(event.id);
+    item.events.push(event);
+}
+function createStatusEvent(event, turnIndex) {
+    const metadata = event.metadata;
+    return {
+        type: "status",
+        id: event.id,
+        text: event.message,
+        level: statusEventLevel(event),
+        statusKind: event.kind,
+        status: stringMetadata(metadata, "status"),
+        phase: stringMetadata(metadata, "phase"),
+        metadata,
+        createdAt: event.createdAt,
+        updatedAt: event.createdAt,
+        eventIds: [event.id],
+        events: [event],
+        turnIndex,
+    };
+}
+function appendToolEvent(items, event, toolType, turnIndex) {
+    const tool = stringMetadata(event.metadata, "tool");
+    const item = findOpenToolEvent(items, tool, turnIndex);
+    if (!item) {
+        items.push(createToolEvent(event, toolType, turnIndex));
+        return;
+    }
+    item.updatedAt = event.createdAt;
+    item.eventIds.push(event.id);
+    item.events.push(event);
+    if (toolType === "activity") {
+        item.activities.push(event.message);
+        if (item.state === "activity")
+            item.label = event.message;
+        return;
+    }
+    if (toolType === "tool_start") {
+        const wasActivity = item.state === "activity";
+        item.state = "running";
+        item.startedAt = item.startedAt ?? event.createdAt;
+        if (hasMetadataKey(event.metadata, "input")) {
+            item.input = event.metadata?.input;
+        }
+        if (wasActivity || item.label === item.activities.at(-1)) {
+            item.label = event.message;
+        }
+        return;
+    }
+    item.state = "completed";
+    item.completedAt = event.createdAt;
+    if (hasMetadataKey(event.metadata, "result")) {
+        item.result = event.metadata?.result;
+    }
+}
+function createToolEvent(event, toolType, turnIndex) {
+    const metadata = event.metadata;
+    const state = toolType === "tool_done"
+        ? "completed"
+        : toolType === "tool_start"
+            ? "running"
+            : "activity";
+    return {
+        type: "tool",
+        id: event.id,
+        tool: stringMetadata(metadata, "tool"),
+        label: event.message,
+        state,
+        input: hasMetadataKey(metadata, "input") ? metadata?.input : undefined,
+        result: hasMetadataKey(metadata, "result") ? metadata?.result : undefined,
+        activities: toolType === "activity" ? [event.message] : [],
+        startedAt: toolType === "tool_start" ? event.createdAt : undefined,
+        completedAt: toolType === "tool_done" ? event.createdAt : undefined,
+        createdAt: event.createdAt,
+        updatedAt: event.createdAt,
+        eventIds: [event.id],
+        events: [event],
+        turnIndex,
+    };
+}
+function findOpenToolEvent(items, tool, turnIndex) {
+    for (let index = items.length - 1; index >= 0; index -= 1) {
+        const item = items[index];
+        if (item.type !== "tool")
+            continue;
+        if (item.turnIndex !== turnIndex)
+            continue;
+        if (item.state === "completed")
+            continue;
+        if (tool && item.tool !== tool)
+            continue;
+        if (!tool && item.tool)
+            continue;
+        return item;
+    }
+    return null;
+}
+function suppressDuplicateFinalAssistantText(items, hiddenEvents) {
+    const result = [];
+    for (const item of items) {
+        if (item.type !== "assistant" || item.source !== "system") {
+            result.push(item);
+            continue;
+        }
+        const stdoutItems = result.filter((candidate) => candidate.type === "assistant" &&
+            candidate.source === "runner-stdout" &&
+            candidate.turnIndex === item.turnIndex);
+        if (stdoutItems.length === 0 ||
+            !isSameAssistantText(stdoutItems.map((candidate) => candidate.text).join(" "), item.text)) {
+            result.push(item);
+            continue;
+        }
+        hiddenEvents.push(...item.events);
+        const target = stdoutItems.length === 1 ? stdoutItems[0] : stdoutItems.at(-1);
+        if (!target)
+            continue;
+        if (stdoutItems.length === 1) {
+            target.text = item.text;
+            target.updatedAt = item.updatedAt;
+        }
+        target.eventIds.push(...item.eventIds);
+        target.events.push(...item.events);
+        target.suppressedDuplicateEventIds = [
+            ...(target.suppressedDuplicateEventIds ?? []),
+            ...item.eventIds,
+        ];
+    }
+    return result;
+}
+function shouldShowStatusEvent(event) {
+    if (event.kind === "artifact" || event.kind === "note")
+        return true;
+    if (event.kind !== "status")
+        return false;
+    if (isLowSignalLifecycleEvent(event))
+        return false;
+    return true;
+}
+function isLowSignalLifecycleEvent(event) {
+    const metadata = event.metadata;
+    const type = stringMetadata(metadata, "type");
+    if (type === "mcp-tools-connected")
+        return true;
+    if (statusEventLevel(event) !== "info")
+        return false;
+    const status = stringMetadata(metadata, "status");
+    const phase = stringMetadata(metadata, "phase");
+    if (status === "queued" || status === "running" || status === "completed") {
+        return true;
+    }
+    if (phase === "queued" ||
+        phase === "starting" ||
+        phase === "executing" ||
+        phase === "follow-up" ||
+        phase === "complete") {
+        return true;
+    }
+    return LOW_SIGNAL_STATUS_MESSAGES.some((pattern) => pattern.test(event.message));
+}
+const LOW_SIGNAL_STATUS_MESSAGES = [
+    /^Agent-Native Code run started\.?$/i,
+    /^Agent-Native Code run completed\.?$/i,
+    /^Agent-Native Code process exited\.?$/i,
+    /^Starting local Agent-Native Code execution\.?$/i,
+    /^Remote Agent-Native Code run queued\.?$/i,
+    /^Connected \d+ MCP tools? for this run\.?$/i,
+];
+function statusEventLevel(event) {
+    const metadata = event.metadata;
+    const status = stringMetadata(metadata, "status");
+    const phase = stringMetadata(metadata, "phase");
+    const source = stringMetadata(metadata, "source");
+    const type = stringMetadata(metadata, "type");
+    if (status === "needs-approval" ||
+        Boolean(metadata?.pendingApproval) ||
+        Boolean(metadata?.pendingApprovalId) ||
+        Boolean(metadata?.approvalId) ||
+        phase?.includes("approval") ||
+        /\bapproval\b/i.test(event.message)) {
+        return "approval";
+    }
+    if (event.kind === "status" &&
+        (status === "errored" ||
+            type === "error" ||
+            type?.endsWith("-error") ||
+            Boolean(metadata?.failed) ||
+            typeof metadata?.errorCode === "string" ||
+            source === "runner-stderr")) {
+        return "error";
+    }
+    if (status === "paused" ||
+        phase === "missing-credentials" ||
+        phase === "stopped" ||
+        /\b(missing|stopped|unavailable|denied)\b/i.test(event.message)) {
+        return "warning";
+    }
+    return "info";
+}
+function assistantTextSource(event) {
+    const source = stringMetadata(event.metadata, "source");
+    const type = stringMetadata(event.metadata, "type");
+    if (type === "assistant_delta") {
+        return "runner-stdout";
+    }
+    if (event.kind === "status" && source === "runner-stdout") {
+        return "runner-stdout";
+    }
+    if (event.kind === "system" || event.metadata?.role === "assistant") {
+        return "system";
+    }
+    return null;
+}
+function shouldAppendAssistantChunkExactly(item, event) {
+    return (item.source === "runner-stdout" &&
+        (isAssistantDeltaEvent(event) || item.events.some(isAssistantDeltaEvent)));
+}
+function isAssistantDeltaEvent(event) {
+    return stringMetadata(event.metadata, "type") === "assistant_delta";
+}
+function assistantTextForEvent(event, source) {
+    if (source === "runner-stdout")
+        return stripRunnerDiagnostics(event.message);
+    return event.message;
+}
+function stripRunnerDiagnostics(value) {
+    return value
+        .replace(RUNNER_DIAGNOSTIC_LINE_PATTERNS.engineDetect, "")
+        .replace(RUNNER_DIAGNOSTIC_LINE_PATTERNS.builderEngine, "");
+}
+const RUNNER_DIAGNOSTIC_LINE_PATTERNS = {
+    engineDetect: /^\[engine-detect\][^\r\n]*(?:\r?\n|$)/gm,
+    builderEngine: /^\[builder-engine\]\s*[←→][^\r\n]*(?:\r?\n|$)/gm,
+};
+function toolEventType(event) {
+    if (event.kind !== "status")
+        return null;
+    const type = stringMetadata(event.metadata, "type");
+    if (type === "activity" || type === "tool_done" || type === "tool_start") {
+        return type;
+    }
+    return null;
+}
+function joinAssistantChunks(previous, next) {
+    if (!previous)
+        return next;
+    if (!next)
+        return previous;
+    if (/\s$/.test(previous) || /^\s/.test(next))
+        return `${previous}${next}`;
+    if (/^[.,!?;:)\]}'"`]/.test(next))
+        return `${previous}${next}`;
+    if (/[(\[{'"`]$/.test(previous))
+        return `${previous}${next}`;
+    return `${previous} ${next}`;
+}
+function canonicalText(value) {
+    return value.replace(/\s+/g, " ").trim();
+}
+function isSameAssistantText(left, right) {
+    if (canonicalText(left) === canonicalText(right))
+        return true;
+    return compactText(left) === compactText(right);
+}
+function compactText(value) {
+    return canonicalText(value).replace(/\s+/g, "");
+}
+function stringMetadata(metadata, key) {
+    const value = metadata?.[key];
+    return typeof value === "string" ? value : undefined;
+}
+function hasMetadataKey(metadata, key) {
+    return (Boolean(metadata) && Object.prototype.hasOwnProperty.call(metadata, key));
+}
+//# sourceMappingURL=transcript-normalizer.js.map

package/dist/code-agents/transcript-normalizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transcript-normalizer.js","sourceRoot":"","sources":["../../src/code-agents/transcript-normalizer.ts"],"names":[],"mappings":"AA6DA,MAAM,UAAU,4BAA4B,CAC1C,MAA2C;IAE3C,MAAM,KAAK,GAAwC,EAAE,CAAC;IACtD,MAAM,YAAY,GAA+B,EAAE,CAAC;IACpD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5E,IAAI,SAAS,GAAG,CAAC,CAAC,CAAC;IAEnB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QAChD,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAC1B,SAAS,GAAG,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC;YACzE,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC;YAC7C,SAAS;QACX,CAAC;QAED,MAAM,eAAe,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,eAAe,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,qBAAqB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YAC3D,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACzB,SAAS;YACX,CAAC;YACD,MAAM,QAAQ,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9B,IACE,QAAQ,EAAE,IAAI,KAAK,WAAW;gBAC9B,QAAQ,CAAC,MAAM,KAAK,eAAe;gBACnC,QAAQ,CAAC,SAAS,KAAK,gBAAgB,EACvC,CAAC;gBACD,oBAAoB,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CACR,mBAAmB,CAAC,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,IAAI,CAAC,CACpE,CAAC;YACJ,CAAC;YACD,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,QAAQ,EAAE,CAAC;YACb,eAAe,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;YAC1D,SAAS;QACX,CAAC;QAED,IAAI,qBAAqB,CAAC,KAAK,CAAC,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACzD,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,mCAAmC,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IAC9E,YAAY,CAAC,IAAI,CACf,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CACpE,CAAC;IAEF,OAAO;QACL,KAAK,EAAE,YAAY;QACnB,SAAS,EAAE,CAAC,GAAG,MAAM,CAAC;QACtB,YAAY;KACb,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CACrB,KAA+B,EAC/B,SAAiB;IAEjB,OAAO;QACL,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,MAAM;QACZ,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,IAAI,EAAE,KAAK,CAAC,OAAO;QACnB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,EAAE,CAAC,KAAK,CAAC;QACf,SAAS;KACV,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,KAA+B,EAC/B,MAAkD,EAClD,SAAiB,EACjB,IAAY;IAEZ,OAAO;QACL,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,WAAW;QACjB,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,IAAI;QACJ,MAAM;QACN,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,EAAE,CAAC,KAAK,CAAC;QACf,SAAS;KACV,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,IAAsC,EACtC,KAA+B,EAC/B,IAAY;IAEZ,IAAI,CAAC,IAAI,GAAG,iCAAiC,CAAC,IAAI,EAAE,KAAK,CAAC;QACxD,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,EAAE;QACvB,CAAC,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACzC,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC;IACjC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,iBAAiB,CACxB,KAA+B,EAC/B,SAAiB;IAEjB,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAChC,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,IAAI,EAAE,KAAK,CAAC,OAAO;QACnB,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC;QAC9B,UAAU,EAAE,KAAK,CAAC,IAAI;QACtB,MAAM,EAAE,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAC1C,KAAK,EAAE,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC;QACxC,QAAQ;QACR,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,EAAE,CAAC,KAAK,CAAC;QACf,SAAS;KACV,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CACtB,KAA0C,EAC1C,KAA+B,EAC/B,QAAiD,EACjD,SAAiB;IAEjB,MAAM,IAAI,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,iBAAiB,CAAC,KAAK,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;IAEvD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;QACxD,OAAO;IACT,CAAC;IAED,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC;IACjC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAExB,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,IAAI,CAAC,KAAK,KAAK,UAAU;YAAE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC;QAC1D,OAAO;IACT,CAAC;IAED,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,KAAK,UAAU,CAAC;QAC9C,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACvB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,CAAC;QACnD,IAAI,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC;QACrC,CAAC;QACD,IAAI,WAAW,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC;QAC7B,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC;IACzB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC;IACnC,IAAI,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC7C,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC;IACvC,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CACtB,KAA+B,EAC/B,QAAiD,EACjD,SAAiB;IAEjB,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAChC,MAAM,KAAK,GACT,QAAQ,KAAK,WAAW;QACtB,CAAC,CAAC,WAAW;QACb,CAAC,CAAC,QAAQ,KAAK,YAAY;YACzB,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,UAAU,CAAC;IACnB,OAAO;QACL,IAAI,EAAE,MAAM;QACZ,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,IAAI,EAAE,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC;QACtC,KAAK,EAAE,KAAK,CAAC,OAAO;QACpB,KAAK;QACL,KAAK,EAAE,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;QACtE,MAAM,EAAE,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS;QACzE,UAAU,EAAE,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;QAC1D,SAAS,EAAE,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAClE,WAAW,EAAE,QAAQ,KAAK,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QACnE,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,EAAE,CAAC,KAAK,CAAC;QACf,SAAS;KACV,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CACxB,KAAmD,EACnD,IAAwB,EACxB,SAAiB;IAEjB,KAAK,IAAI,KAAK,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM;YAAE,SAAS;QACnC,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS;YAAE,SAAS;QAC3C,IAAI,IAAI,CAAC,KAAK,KAAK,WAAW;YAAE,SAAS;QACzC,IAAI,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI;YAAE,SAAS;QACzC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI;YAAE,SAAS;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mCAAmC,CAC1C,KAAmD,EACnD,YAAwC;IAExC,MAAM,MAAM,GAAwC,EAAE,CAAC;IAEvD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClB,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAC/B,CAAC,SAAS,EAAiD,EAAE,CAC3D,SAAS,CAAC,IAAI,KAAK,WAAW;YAC9B,SAAS,CAAC,MAAM,KAAK,eAAe;YACpC,SAAS,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,CACzC,CAAC;QACF,IACE,WAAW,CAAC,MAAM,KAAK,CAAC;YACxB,CAAC,mBAAmB,CAClB,WAAW,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EACxD,IAAI,CAAC,IAAI,CACV,EACD,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClB,SAAS;QACX,CAAC;QAED,YAAY,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,MAAM,GACV,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACjE,IAAI,CAAC,MAAM;YAAE,SAAS;QACtB,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACxB,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QACpC,CAAC;QACD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,2BAA2B,GAAG;YACnC,GAAG,CAAC,MAAM,CAAC,2BAA2B,IAAI,EAAE,CAAC;YAC7C,GAAG,IAAI,CAAC,QAAQ;SACjB,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,qBAAqB,CAAC,KAA+B;IAC5D,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACpE,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC1C,IAAI,yBAAyB,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACnD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,yBAAyB,CAAC,KAA+B;IAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAChC,MAAM,IAAI,GAAG,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9C,IAAI,IAAI,KAAK,qBAAqB;QAAE,OAAO,IAAI,CAAC;IAChD,IAAI,gBAAgB,CAAC,KAAK,CAAC,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IAErD,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,IAAI,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QAC1E,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IACE,KAAK,KAAK,QAAQ;QAClB,KAAK,KAAK,UAAU;QACpB,KAAK,KAAK,WAAW;QACrB,KAAK,KAAK,WAAW;QACrB,KAAK,KAAK,UAAU,EACpB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,0BAA0B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CACjD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAC5B,CAAC;AACJ,CAAC;AAED,MAAM,0BAA0B,GAAG;IACjC,qCAAqC;IACrC,uCAAuC;IACvC,wCAAwC;IACxC,kDAAkD;IAClD,2CAA2C;IAC3C,6CAA6C;CAC9C,CAAC;AAEF,SAAS,gBAAgB,CACvB,KAA+B;IAE/B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAChC,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE9C,IACE,MAAM,KAAK,gBAAgB;QAC3B,OAAO,CAAC,QAAQ,EAAE,eAAe,CAAC;QAClC,OAAO,CAAC,QAAQ,EAAE,iBAAiB,CAAC;QACpC,OAAO,CAAC,QAAQ,EAAE,UAAU,CAAC;QAC7B,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC;QAC3B,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EACnC,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,IACE,KAAK,CAAC,IAAI,KAAK,QAAQ;QACvB,CAAC,MAAM,KAAK,SAAS;YACnB,IAAI,KAAK,OAAO;YAChB,IAAI,EAAE,QAAQ,CAAC,QAAQ,CAAC;YACxB,OAAO,CAAC,QAAQ,EAAE,MAAM,CAAC;YACzB,OAAO,QAAQ,EAAE,SAAS,KAAK,QAAQ;YACvC,MAAM,KAAK,eAAe,CAAC,EAC7B,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IACE,MAAM,KAAK,QAAQ;QACnB,KAAK,KAAK,qBAAqB;QAC/B,KAAK,KAAK,SAAS;QACnB,2CAA2C,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAC/D,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,mBAAmB,CAC1B,KAA+B;IAE/B,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACxD,MAAM,IAAI,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACpD,IAAI,IAAI,KAAK,iBAAiB,EAAE,CAAC;QAC/B,OAAO,eAAe,CAAC;IACzB,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,MAAM,KAAK,eAAe,EAAE,CAAC;QAC1D,OAAO,eAAe,CAAC;IACzB,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,QAAQ,EAAE,IAAI,KAAK,WAAW,EAAE,CAAC;QACpE,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,iCAAiC,CACxC,IAAsC,EACtC,KAA+B;IAE/B,OAAO,CACL,IAAI,CAAC,MAAM,KAAK,eAAe;QAC/B,CAAC,qBAAqB,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAC1E,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAAC,KAA+B;IAC5D,OAAO,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,KAAK,iBAAiB,CAAC;AACtE,CAAC;AAED,SAAS,qBAAqB,CAC5B,KAA+B,EAC/B,MAAkD;IAElD,IAAI,MAAM,KAAK,eAAe;QAAE,OAAO,sBAAsB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7E,OAAO,KAAK,CAAC,OAAO,CAAC;AACvB,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAa;IAC3C,OAAO,KAAK;SACT,OAAO,CAAC,+BAA+B,CAAC,YAAY,EAAE,EAAE,CAAC;SACzD,OAAO,CAAC,+BAA+B,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,+BAA+B,GAAG;IACtC,YAAY,EAAE,yCAAyC;IACvD,aAAa,EAAE,iDAAiD;CACjE,CAAC;AAEF,SAAS,aAAa,CACpB,KAA+B;IAE/B,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACzC,MAAM,IAAI,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACpD,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgB,EAAE,IAAY;IACzD,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,IAAI,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC;IAC3B,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,GAAG,QAAQ,GAAG,IAAI,EAAE,CAAC;IAC1E,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,GAAG,QAAQ,GAAG,IAAI,EAAE,CAAC;IAC/D,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,GAAG,QAAQ,GAAG,IAAI,EAAE,CAAC;IAC7D,OAAO,GAAG,QAAQ,IAAI,IAAI,EAAE,CAAC;AAC/B,CAAC;AAED,SAAS,aAAa,CAAC,KAAa;IAClC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AAC3C,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAY,EAAE,KAAa;IACtD,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9D,OAAO,WAAW,CAAC,IAAI,CAAC,KAAK,WAAW,CAAC,KAAK,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,WAAW,CAAC,KAAa;IAChC,OAAO,aAAa,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,cAAc,CACrB,QAA6C,EAC7C,GAAW;IAEX,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC,GAAG,CAAC,CAAC;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,SAAS,cAAc,CACrB,QAA6C,EAC7C,GAAW;IAEX,OAAO,CACL,OAAO,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CACzE,CAAC;AACJ,CAAC","sourcesContent":["import type { CodeAgentTranscriptEvent } from \"../cli/code-agent-runs.js\";\n\nexport type { CodeAgentTranscriptEvent } from \"../cli/code-agent-runs.js\";\n\nexport type NormalizedCodeAgentTranscriptItem =\n  | NormalizedCodeAgentUserTurn\n  | NormalizedCodeAgentAssistantTurn\n  | NormalizedCodeAgentToolEvent\n  | NormalizedCodeAgentStatusEvent;\n\nexport interface NormalizedCodeAgentTranscript {\n  items: NormalizedCodeAgentTranscriptItem[];\n  rawEvents: CodeAgentTranscriptEvent[];\n  hiddenEvents: CodeAgentTranscriptEvent[];\n}\n\nexport interface NormalizedCodeAgentTranscriptBase {\n  id: string;\n  createdAt: string;\n  updatedAt: string;\n  eventIds: string[];\n  events: CodeAgentTranscriptEvent[];\n  turnIndex: number;\n}\n\nexport interface NormalizedCodeAgentUserTurn extends NormalizedCodeAgentTranscriptBase {\n  type: \"user\";\n  role: \"user\";\n  text: string;\n}\n\nexport interface NormalizedCodeAgentAssistantTurn extends NormalizedCodeAgentTranscriptBase {\n  type: \"assistant\";\n  role: \"assistant\";\n  text: string;\n  source: \"system\" | \"runner-stdout\";\n  suppressedDuplicateEventIds?: string[];\n}\n\nexport interface NormalizedCodeAgentToolEvent extends NormalizedCodeAgentTranscriptBase {\n  type: \"tool\";\n  tool?: string;\n  label: string;\n  state: \"activity\" | \"running\" | \"completed\";\n  input?: unknown;\n  result?: unknown;\n  activities: string[];\n  startedAt?: string;\n  completedAt?: string;\n}\n\nexport interface NormalizedCodeAgentStatusEvent extends NormalizedCodeAgentTranscriptBase {\n  type: \"status\";\n  level: \"info\" | \"warning\" | \"error\" | \"approval\";\n  text: string;\n  statusKind: CodeAgentTranscriptEvent[\"kind\"];\n  status?: string;\n  phase?: string;\n  metadata?: Record<string, unknown>;\n}\n\nexport function normalizeCodeAgentTranscript(\n  events: readonly CodeAgentTranscriptEvent[],\n): NormalizedCodeAgentTranscript {\n  const items: NormalizedCodeAgentTranscriptItem[] = [];\n  const hiddenEvents: CodeAgentTranscriptEvent[] = [];\n  const eventOrder = new Map(events.map((event, index) => [event.id, index]));\n  let turnIndex = -1;\n\n  for (const event of events) {\n    const currentTurnIndex = Math.max(turnIndex, 0);\n    if (event.kind === \"user\") {\n      turnIndex = turnIndex < 0 ? (items.length === 0 ? 0 : 1) : turnIndex + 1;\n      items.push(createUserTurn(event, turnIndex));\n      continue;\n    }\n\n    const assistantSource = assistantTextSource(event);\n    if (assistantSource) {\n      const text = assistantTextForEvent(event, assistantSource);\n      if (!text) {\n        hiddenEvents.push(event);\n        continue;\n      }\n      const previous = items.at(-1);\n      if (\n        previous?.type === \"assistant\" &&\n        previous.source === assistantSource &&\n        previous.turnIndex === currentTurnIndex\n      ) {\n        appendAssistantChunk(previous, event, text);\n      } else {\n        items.push(\n          createAssistantTurn(event, assistantSource, currentTurnIndex, text),\n        );\n      }\n      continue;\n    }\n\n    const toolType = toolEventType(event);\n    if (toolType) {\n      appendToolEvent(items, event, toolType, currentTurnIndex);\n      continue;\n    }\n\n    if (shouldShowStatusEvent(event)) {\n      items.push(createStatusEvent(event, currentTurnIndex));\n    } else {\n      hiddenEvents.push(event);\n    }\n  }\n\n  const dedupedItems = suppressDuplicateFinalAssistantText(items, hiddenEvents);\n  hiddenEvents.sort(\n    (a, b) => (eventOrder.get(a.id) ?? 0) - (eventOrder.get(b.id) ?? 0),\n  );\n\n  return {\n    items: dedupedItems,\n    rawEvents: [...events],\n    hiddenEvents,\n  };\n}\n\nfunction createUserTurn(\n  event: CodeAgentTranscriptEvent,\n  turnIndex: number,\n): NormalizedCodeAgentUserTurn {\n  return {\n    type: \"user\",\n    role: \"user\",\n    id: event.id,\n    text: event.message,\n    createdAt: event.createdAt,\n    updatedAt: event.createdAt,\n    eventIds: [event.id],\n    events: [event],\n    turnIndex,\n  };\n}\n\nfunction createAssistantTurn(\n  event: CodeAgentTranscriptEvent,\n  source: NormalizedCodeAgentAssistantTurn[\"source\"],\n  turnIndex: number,\n  text: string,\n): NormalizedCodeAgentAssistantTurn {\n  return {\n    type: \"assistant\",\n    role: \"assistant\",\n    id: event.id,\n    text,\n    source,\n    createdAt: event.createdAt,\n    updatedAt: event.createdAt,\n    eventIds: [event.id],\n    events: [event],\n    turnIndex,\n  };\n}\n\nfunction appendAssistantChunk(\n  item: NormalizedCodeAgentAssistantTurn,\n  event: CodeAgentTranscriptEvent,\n  text: string,\n): void {\n  item.text = shouldAppendAssistantChunkExactly(item, event)\n    ? `${item.text}${text}`\n    : joinAssistantChunks(item.text, text);\n  item.updatedAt = event.createdAt;\n  item.eventIds.push(event.id);\n  item.events.push(event);\n}\n\nfunction createStatusEvent(\n  event: CodeAgentTranscriptEvent,\n  turnIndex: number,\n): NormalizedCodeAgentStatusEvent {\n  const metadata = event.metadata;\n  return {\n    type: \"status\",\n    id: event.id,\n    text: event.message,\n    level: statusEventLevel(event),\n    statusKind: event.kind,\n    status: stringMetadata(metadata, \"status\"),\n    phase: stringMetadata(metadata, \"phase\"),\n    metadata,\n    createdAt: event.createdAt,\n    updatedAt: event.createdAt,\n    eventIds: [event.id],\n    events: [event],\n    turnIndex,\n  };\n}\n\nfunction appendToolEvent(\n  items: NormalizedCodeAgentTranscriptItem[],\n  event: CodeAgentTranscriptEvent,\n  toolType: \"activity\" | \"tool_done\" | \"tool_start\",\n  turnIndex: number,\n): void {\n  const tool = stringMetadata(event.metadata, \"tool\");\n  const item = findOpenToolEvent(items, tool, turnIndex);\n\n  if (!item) {\n    items.push(createToolEvent(event, toolType, turnIndex));\n    return;\n  }\n\n  item.updatedAt = event.createdAt;\n  item.eventIds.push(event.id);\n  item.events.push(event);\n\n  if (toolType === \"activity\") {\n    item.activities.push(event.message);\n    if (item.state === \"activity\") item.label = event.message;\n    return;\n  }\n\n  if (toolType === \"tool_start\") {\n    const wasActivity = item.state === \"activity\";\n    item.state = \"running\";\n    item.startedAt = item.startedAt ?? event.createdAt;\n    if (hasMetadataKey(event.metadata, \"input\")) {\n      item.input = event.metadata?.input;\n    }\n    if (wasActivity || item.label === item.activities.at(-1)) {\n      item.label = event.message;\n    }\n    return;\n  }\n\n  item.state = \"completed\";\n  item.completedAt = event.createdAt;\n  if (hasMetadataKey(event.metadata, \"result\")) {\n    item.result = event.metadata?.result;\n  }\n}\n\nfunction createToolEvent(\n  event: CodeAgentTranscriptEvent,\n  toolType: \"activity\" | \"tool_done\" | \"tool_start\",\n  turnIndex: number,\n): NormalizedCodeAgentToolEvent {\n  const metadata = event.metadata;\n  const state =\n    toolType === \"tool_done\"\n      ? \"completed\"\n      : toolType === \"tool_start\"\n        ? \"running\"\n        : \"activity\";\n  return {\n    type: \"tool\",\n    id: event.id,\n    tool: stringMetadata(metadata, \"tool\"),\n    label: event.message,\n    state,\n    input: hasMetadataKey(metadata, \"input\") ? metadata?.input : undefined,\n    result: hasMetadataKey(metadata, \"result\") ? metadata?.result : undefined,\n    activities: toolType === \"activity\" ? [event.message] : [],\n    startedAt: toolType === \"tool_start\" ? event.createdAt : undefined,\n    completedAt: toolType === \"tool_done\" ? event.createdAt : undefined,\n    createdAt: event.createdAt,\n    updatedAt: event.createdAt,\n    eventIds: [event.id],\n    events: [event],\n    turnIndex,\n  };\n}\n\nfunction findOpenToolEvent(\n  items: readonly NormalizedCodeAgentTranscriptItem[],\n  tool: string | undefined,\n  turnIndex: number,\n): NormalizedCodeAgentToolEvent | null {\n  for (let index = items.length - 1; index >= 0; index -= 1) {\n    const item = items[index];\n    if (item.type !== \"tool\") continue;\n    if (item.turnIndex !== turnIndex) continue;\n    if (item.state === \"completed\") continue;\n    if (tool && item.tool !== tool) continue;\n    if (!tool && item.tool) continue;\n    return item;\n  }\n  return null;\n}\n\nfunction suppressDuplicateFinalAssistantText(\n  items: readonly NormalizedCodeAgentTranscriptItem[],\n  hiddenEvents: CodeAgentTranscriptEvent[],\n): NormalizedCodeAgentTranscriptItem[] {\n  const result: NormalizedCodeAgentTranscriptItem[] = [];\n\n  for (const item of items) {\n    if (item.type !== \"assistant\" || item.source !== \"system\") {\n      result.push(item);\n      continue;\n    }\n\n    const stdoutItems = result.filter(\n      (candidate): candidate is NormalizedCodeAgentAssistantTurn =>\n        candidate.type === \"assistant\" &&\n        candidate.source === \"runner-stdout\" &&\n        candidate.turnIndex === item.turnIndex,\n    );\n    if (\n      stdoutItems.length === 0 ||\n      !isSameAssistantText(\n        stdoutItems.map((candidate) => candidate.text).join(\" \"),\n        item.text,\n      )\n    ) {\n      result.push(item);\n      continue;\n    }\n\n    hiddenEvents.push(...item.events);\n    const target =\n      stdoutItems.length === 1 ? stdoutItems[0] : stdoutItems.at(-1);\n    if (!target) continue;\n    if (stdoutItems.length === 1) {\n      target.text = item.text;\n      target.updatedAt = item.updatedAt;\n    }\n    target.eventIds.push(...item.eventIds);\n    target.events.push(...item.events);\n    target.suppressedDuplicateEventIds = [\n      ...(target.suppressedDuplicateEventIds ?? []),\n      ...item.eventIds,\n    ];\n  }\n\n  return result;\n}\n\nfunction shouldShowStatusEvent(event: CodeAgentTranscriptEvent): boolean {\n  if (event.kind === \"artifact\" || event.kind === \"note\") return true;\n  if (event.kind !== \"status\") return false;\n  if (isLowSignalLifecycleEvent(event)) return false;\n  return true;\n}\n\nfunction isLowSignalLifecycleEvent(event: CodeAgentTranscriptEvent): boolean {\n  const metadata = event.metadata;\n  const type = stringMetadata(metadata, \"type\");\n  if (type === \"mcp-tools-connected\") return true;\n  if (statusEventLevel(event) !== \"info\") return false;\n\n  const status = stringMetadata(metadata, \"status\");\n  const phase = stringMetadata(metadata, \"phase\");\n  if (status === \"queued\" || status === \"running\" || status === \"completed\") {\n    return true;\n  }\n  if (\n    phase === \"queued\" ||\n    phase === \"starting\" ||\n    phase === \"executing\" ||\n    phase === \"follow-up\" ||\n    phase === \"complete\"\n  ) {\n    return true;\n  }\n\n  return LOW_SIGNAL_STATUS_MESSAGES.some((pattern) =>\n    pattern.test(event.message),\n  );\n}\n\nconst LOW_SIGNAL_STATUS_MESSAGES = [\n  /^Agent-Native Code run started\\.?$/i,\n  /^Agent-Native Code run completed\\.?$/i,\n  /^Agent-Native Code process exited\\.?$/i,\n  /^Starting local Agent-Native Code execution\\.?$/i,\n  /^Remote Agent-Native Code run queued\\.?$/i,\n  /^Connected \\d+ MCP tools? for this run\\.?$/i,\n];\n\nfunction statusEventLevel(\n  event: CodeAgentTranscriptEvent,\n): NormalizedCodeAgentStatusEvent[\"level\"] {\n  const metadata = event.metadata;\n  const status = stringMetadata(metadata, \"status\");\n  const phase = stringMetadata(metadata, \"phase\");\n  const source = stringMetadata(metadata, \"source\");\n  const type = stringMetadata(metadata, \"type\");\n\n  if (\n    status === \"needs-approval\" ||\n    Boolean(metadata?.pendingApproval) ||\n    Boolean(metadata?.pendingApprovalId) ||\n    Boolean(metadata?.approvalId) ||\n    phase?.includes(\"approval\") ||\n    /\\bapproval\\b/i.test(event.message)\n  ) {\n    return \"approval\";\n  }\n\n  if (\n    event.kind === \"status\" &&\n    (status === \"errored\" ||\n      type === \"error\" ||\n      type?.endsWith(\"-error\") ||\n      Boolean(metadata?.failed) ||\n      typeof metadata?.errorCode === \"string\" ||\n      source === \"runner-stderr\")\n  ) {\n    return \"error\";\n  }\n\n  if (\n    status === \"paused\" ||\n    phase === \"missing-credentials\" ||\n    phase === \"stopped\" ||\n    /\\b(missing|stopped|unavailable|denied)\\b/i.test(event.message)\n  ) {\n    return \"warning\";\n  }\n\n  return \"info\";\n}\n\nfunction assistantTextSource(\n  event: CodeAgentTranscriptEvent,\n): NormalizedCodeAgentAssistantTurn[\"source\"] | null {\n  const source = stringMetadata(event.metadata, \"source\");\n  const type = stringMetadata(event.metadata, \"type\");\n  if (type === \"assistant_delta\") {\n    return \"runner-stdout\";\n  }\n  if (event.kind === \"status\" && source === \"runner-stdout\") {\n    return \"runner-stdout\";\n  }\n  if (event.kind === \"system\" || event.metadata?.role === \"assistant\") {\n    return \"system\";\n  }\n  return null;\n}\n\nfunction shouldAppendAssistantChunkExactly(\n  item: NormalizedCodeAgentAssistantTurn,\n  event: CodeAgentTranscriptEvent,\n): boolean {\n  return (\n    item.source === \"runner-stdout\" &&\n    (isAssistantDeltaEvent(event) || item.events.some(isAssistantDeltaEvent))\n  );\n}\n\nfunction isAssistantDeltaEvent(event: CodeAgentTranscriptEvent): boolean {\n  return stringMetadata(event.metadata, \"type\") === \"assistant_delta\";\n}\n\nfunction assistantTextForEvent(\n  event: CodeAgentTranscriptEvent,\n  source: NormalizedCodeAgentAssistantTurn[\"source\"],\n): string {\n  if (source === \"runner-stdout\") return stripRunnerDiagnostics(event.message);\n  return event.message;\n}\n\nfunction stripRunnerDiagnostics(value: string): string {\n  return value\n    .replace(RUNNER_DIAGNOSTIC_LINE_PATTERNS.engineDetect, \"\")\n    .replace(RUNNER_DIAGNOSTIC_LINE_PATTERNS.builderEngine, \"\");\n}\n\nconst RUNNER_DIAGNOSTIC_LINE_PATTERNS = {\n  engineDetect: /^\\[engine-detect\\][^\\r\\n]*(?:\\r?\\n|$)/gm,\n  builderEngine: /^\\[builder-engine\\]\\s*[←→][^\\r\\n]*(?:\\r?\\n|$)/gm,\n};\n\nfunction toolEventType(\n  event: CodeAgentTranscriptEvent,\n): \"activity\" | \"tool_done\" | \"tool_start\" | null {\n  if (event.kind !== \"status\") return null;\n  const type = stringMetadata(event.metadata, \"type\");\n  if (type === \"activity\" || type === \"tool_done\" || type === \"tool_start\") {\n    return type;\n  }\n  return null;\n}\n\nfunction joinAssistantChunks(previous: string, next: string): string {\n  if (!previous) return next;\n  if (!next) return previous;\n  if (/\\s$/.test(previous) || /^\\s/.test(next)) return `${previous}${next}`;\n  if (/^[.,!?;:)\\]}'\"`]/.test(next)) return `${previous}${next}`;\n  if (/[(\\[{'\"`]$/.test(previous)) return `${previous}${next}`;\n  return `${previous} ${next}`;\n}\n\nfunction canonicalText(value: string): string {\n  return value.replace(/\\s+/g, \" \").trim();\n}\n\nfunction isSameAssistantText(left: string, right: string): boolean {\n  if (canonicalText(left) === canonicalText(right)) return true;\n  return compactText(left) === compactText(right);\n}\n\nfunction compactText(value: string): string {\n  return canonicalText(value).replace(/\\s+/g, \"\");\n}\n\nfunction stringMetadata(\n  metadata: Record<string, unknown> | undefined,\n  key: string,\n): string | undefined {\n  const value = metadata?.[key];\n  return typeof value === \"string\" ? value : undefined;\n}\n\nfunction hasMetadataKey(\n  metadata: Record<string, unknown> | undefined,\n  key: string,\n): boolean {\n  return (\n    Boolean(metadata) && Object.prototype.hasOwnProperty.call(metadata, key)\n  );\n}\n"]}

package/dist/extensions/schema.d.ts

@@ -297,7 +297,7 @@ export declare const extensionShares: import("drizzle-orm/sqlite-core").SQLiteTa
             tableName: string;
             dataType: "string";
             columnType: "SQLiteText";
-            data: "viewer" | "editor" | "admin";
+            data: "admin" | "viewer" | "editor";
             driverParam: string;
             notNull: true;
             hasDefault: true;

package/dist/mcp/build-server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"build-server.d.ts","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAKhE,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC,qEAAqE;IACrE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;CAC/B;AAED;;;kEAGkE;AAClE,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,MAAM,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;CAC7C;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,cAAc,GAAG,SAAS,GAC/B;IACD,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAsBA;AA2BD;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,iBAAiB,GAAG,SAAS,EACvC,WAAW,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA8J7B;AAOD,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAc1C;AAyCD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,GACpC,OAAO,CAAC;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,QAAQ,CAAC,EAAE,iBAAiB,CAAA;CAAE,CAAC,CAiD5D;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAS7B"}
+{"version":3,"file":"build-server.d.ts","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAMhE,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC,qEAAqE;IACrE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;CAC/B;AAED;;;kEAGkE;AAClE,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,MAAM,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;CAC7C;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,cAAc,GAAG,SAAS,GAC/B;IACD,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAsBA;AA2BD;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,iBAAiB,GAAG,SAAS,EACvC,WAAW,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA8J7B;AAOD,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAc1C;AAyCD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,GACpC,OAAO,CAAC;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,QAAQ,CAAC,EAAE,iBAAiB,CAAA;CAAE,CAAC,CAkF5D;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAS7B"}

package/dist/mcp/build-server.js

@@ -20,6 +20,7 @@
 import { runWithRequestContext } from "../server/request-context.js";
 import { toAbsoluteOpenUrl, toDesktopOpenUrl } from "../server/deep-link.js";
 import { getBuiltinCrossAppTools } from "./builtin-tools.js";
+import { MCP_CONNECT_SCOPE } from "./connect-store.js";
 /**
  * Build the deep-link content block + structured `_meta` for a tool result.
  * Best-effort: any throw / nullish link is swallowed so a bad `link` builder
@@ -309,6 +310,35 @@ export async function verifyAuth(authHeader, ownerEmailHeader) {
         try {
             const jose = await import("jose");
             const { payload } = await jose.jwtVerify(token, new TextEncoder().encode(process.env.A2A_SECRET));
+            const tokenScope = typeof payload.scope === "string" ? payload.scope : undefined;
+            if (tokenScope && tokenScope !== MCP_CONNECT_SCOPE) {
+                return { authed: false };
+            }
+            // Connect-minted tokens (scope === "mcp-connect") carry a random `jti`
+            // and are individually revocable. Only these tokens hit the revoke
+            // store — ordinary A2A delegation JWTs skip the DB lookup entirely so
+            // the hot path is unchanged. The revoke check FAILS OPEN on any
+            // store/DB error: a transient Neon WS drop must never lock every
+            // connected agent out. The signature was already cryptographically
+            // verified above, so failing open here only widens the explicit-revoke
+            // gate, never the trust boundary.
+            if (tokenScope === MCP_CONNECT_SCOPE) {
+                if (typeof payload.jti !== "string" || !payload.jti) {
+                    return { authed: false };
+                }
+                const jti = payload.jti;
+                try {
+                    const { isJtiRevoked, touchTokenUsed } = await import("./connect-store.js");
+                    if (await isJtiRevoked(jti)) {
+                        return { authed: false };
+                    }
+                    // Best-effort usage telemetry — never blocks / throws.
+                    void touchTokenUsed(jti);
+                }
+                catch {
+                    // Store import / lookup failed — fail open (see comment above).
+                }
+            }
             return {
                 authed: true,
                 identity: {

package/dist/mcp/build-server.js.map

@@ -1 +1 @@
-{"version":3,"file":"build-server.js","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAwD7D;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAkB,EAClB,IAAyB,EACzB,MAAW,EACX,IAAgC;IAKhC,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU;QAAE,OAAO,EAAE,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,EAAE,EAAE,GAAG;YAAE,OAAO,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,iBAAiB,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QACvD,MAAM,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,WAAW,GAAG,IAAI,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;QACrE,OAAO;YACL,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,KAAK,OAAO,WAAW,GAAG,EAAE;YACpE,KAAK,EAAE;gBACL,uBAAuB,EAAE;oBACvB,KAAK,EAAE,EAAE,CAAC,KAAK;oBACf,IAAI,EAAE,EAAE,CAAC,IAAI;oBACb,MAAM;oBACN,UAAU;iBACX;aACF;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,iBAAiB,CAAC,MAAiB;IAC1C,IAAI,MAAM,CAAC,oBAAoB,KAAK,KAAK;QAAE,OAAO,MAAM,CAAC,OAAO,CAAC;IACjE,MAAM,QAAQ,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,MAAM,GAAgC,EAAE,GAAG,QAAQ,EAAE,CAAC;IAC5D,wDAAwD;IACxD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3D,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;IACvB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,mEAAmE;AACnE,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiB,EACjB,QAAuC,EACvC,WAA4B;IAE5B,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAC7E,MAAM,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,GACrD,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;IAErD,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,OAAO,EAAE,EACzD,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,sEAAsE;IACtE,gEAAgE;IAChE,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAE1C,uEAAuE;IACvE,0EAA0E;IAC1E,8DAA8D;IAC9D,4EAA4E;IAC5E,6EAA6E;IAC7E,2EAA2E;IAC3E,yEAAyE;IACzE,sBAAsB;IACtB,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IAClE,MAAM,iBAAiB,GACrB,QAAQ;QACR,CAAC,YAAY;YACX,CAAC,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE;YACnD,CAAC,CAAC,SAAS,CAAC,CAAC;IAEjB,qEAAqE;IACrE,wEAAwE;IACxE,sEAAsE;IACtE,qEAAqE;IACrE,wCAAwC;IACxC,MAAM,YAAY,GAAG,sBAAsB,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAE1E;;;;;;;;;;OAUG;IACH,KAAK,UAAU,iBAAiB,CAAI,EAAoB;QACtD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC;QACjC,OAAO,qBAAqB,CAC1B;YACE,SAAS,EAAE,iBAAiB,EAAE,SAAS;YACvC,KAAK;YACL,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtE,EACD,EAAE,CACW,CAAC;IAClB,CAAC;IAED,wEAAwE;IACxE,wEAAwE;IACxE,8BAA8B;IAC9B,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;YAClC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE;gBAC1D,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU,CAAC;gBACjD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;gBACvD,OAAO;oBACL,IAAI;oBACJ,WAAW,EAAE,OAAO;wBAClB,CAAC,CAAC,GAAG,eAAe,sEAAsE;wBAC1F,CAAC,CAAC,eAAe;oBACnB,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI;wBACpC,IAAI,EAAE,QAAiB;wBACvB,UAAU,EAAE,EAAE;qBACf;oBACD,GAAG,CAAC,OAAO;wBACT,CAAC,CAAC,EAAE,WAAW,EAAE,EAAE,+BAA+B,EAAE,IAAI,EAAE,EAAE;wBAC5D,CAAC,CAAC,EAAE,CAAC;iBACR,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,WAAW;oBACjB,WAAW,EACT,4EAA4E;wBAC5E,4EAA4E;wBAC5E,iCAAiC;oBACnC,WAAW,EAAE;wBACX,IAAI,EAAE,QAAiB;wBACvB,UAAU,EAAE;4BACV,OAAO,EAAE;gCACP,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,kCAAkC;6BAChD;yBACF;wBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;qBACtB;iBACF,CAAC,CAAC;YACL,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,CAAC;QACnB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,uEAAuE;IACvE,iEAAiE;IACjE,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QACrE,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;YAClC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAEjD,IAAI,IAAI,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC5C,MAAM,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBAC9C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;gBACvD,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,OAAO;wBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;wBAC1D,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;YAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;oBAC1D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAE,IAA+B,IAAI,EAAE,CAAC,CAAC;gBACvE,MAAM,IAAI,GACR,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBAC/D,MAAM,OAAO,GAAU,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChD,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,kBAAkB,CACzC,KAAK,EACJ,IAA4B,IAAI,EAAE,EACnC,MAAM,EACN,WAAW,CACZ,CAAC;gBACF,IAAI,KAAK;oBAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC/B,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;YAClD,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;oBAC1D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,6EAA6E;AAC7E,gFAAgF;AAChF,8EAA8E;AAE9E,MAAM,UAAU,eAAe;IAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACxC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CACT,GAAG,KAAK;aACL,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,CACnB,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,SAAS,yBAAyB,CAChC,gBAAoC;IAEpC,MAAM,KAAK,GACT,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE;QAC5C,CAAC,OAAO,gBAAgB,KAAK,QAAQ,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;QACjE,EAAE,CAAC;IACL,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AACpD,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,gBAAqC;IAErC,oEAAoE;IACpE,qEAAqE;IACrE,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;IACvC,MAAM,YAAY,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAC9C,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/C,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;SACtD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IACjE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAElC,yBAAyB;IACzB,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;YAClC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CACtC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAW,CAAC,CAClD,CAAC;YACF,OAAO;gBACL,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE;oBACR,SAAS,EAAE,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;oBACpE,SAAS,EACP,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;wBACpC,CAAC,CAAE,OAAO,CAAC,UAAqB;wBAChC,CAAC,CAAC,SAAS;iBAChB;aACF,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;QAClD,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,uEAAuE;IACvE,4DAA4D;IAC5D,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;SACtD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,SAA6B;IAE7B,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAChD,OAAO,GAAG,EAAE,KAAK,IAAI,SAAS,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["/**\n * Shared MCP server builder.\n *\n * Extracted from `server.ts` so the stateless Streamable-HTTP mount\n * (`mountMCP`) and the stdio transport (`runMCPStdio --standalone`) build the\n * *same* MCP server from the *same* `ActionEntry` registry. Both surfaces:\n *\n *   - expose every action as an MCP tool (+ the `ask-agent` meta-tool),\n *   - append the framework deep-link block / `_meta` to every tool result,\n *   - wrap `run()` / `askAgent()` in `runWithRequestContext` so per-user /\n *     per-org scoping (accessFilter, resolveCredential, MCP visibility) is\n *     honoured.\n *\n * `server.ts` re-exports `createMCPServerForRequest` and the auth helpers so\n * any (future) external importer of `@agent-native/core/mcp` keeps resolving.\n *\n * Node-only at the SDK level, but this module itself has no Node-only imports\n * — it can be bundled into the serverless function alongside `mountMCP`.\n */\n\nimport type { ActionEntry } from \"../agent/production-agent.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport { toAbsoluteOpenUrl, toDesktopOpenUrl } from \"../server/deep-link.js\";\nimport { getBuiltinCrossAppTools } from \"./builtin-tools.js\";\n\nexport interface MCPConfig {\n  /** App name shown in MCP server info */\n  name: string;\n  /**\n   * Canonical app id (directory under `apps/`, e.g. `mail`) this MCP server\n   * is mounted for. Optional & back-compat: when omitted the builtin\n   * cross-app tools fall back to lowercasing `name`. Used by `open_app` /\n   * `ask_app` / `create_workspace_app` to tell \"this app\" from a cross-app\n   * target so they resolve the *target* app's origin rather than echoing the\n   * current request origin.\n   */\n  appId?: string;\n  /** App description */\n  description: string;\n  /** Version string (default \"1.0.0\") */\n  version?: string;\n  /** Action registry — same as agent chat and A2A */\n  actions: Record<string, ActionEntry>;\n  /** Handler for the ask-agent meta-tool — runs the full agent loop */\n  askAgent?: (message: string) => Promise<string>;\n  /**\n   * Disable the generic cross-app builtin tools (`list_apps`, `open_app`,\n   * `ask_app`, `create_workspace_app`, `list_templates`). They are merged in\n   * by default so external agents get a stable verb set; a template action of\n   * the same name always wins (template precedence). Set to `false` only for\n   * a constrained / locked-down mount.\n   */\n  builtinCrossAppTools?: boolean;\n}\n\n/**\n * Identity extracted from a verified MCP bearer token / JWT. Used to wrap\n * `entry.run()` and `config.askAgent()` calls in `runWithRequestContext`\n * so downstream tools (db-query, accessFilter, resolveCredential) honour\n * per-user / per-org scoping. Without this wrap the MCP endpoint would\n * silently bypass tenant isolation. See finding #6 in\n * /tmp/security-audit/12-mcp-a2a-agent.md.\n */\nexport interface MCPCallerIdentity {\n  userEmail: string | undefined;\n  orgDomain: string | undefined;\n}\n\n/** Per-request context used to turn an action's relative deep link into the\n *  absolute web URL (and desktop `agentnative://` URL) the external agent\n *  surfaces. Derived from the inbound request headers in `mountMCP`, or from\n *  the resolved local app origin in the stdio standalone path. */\nexport interface MCPRequestMeta {\n  /** Origin of the running app, e.g. `http://localhost:8100`. */\n  origin?: string;\n  /** Optional client preference for which URL the *markdown* link uses. */\n  target?: \"browser\" | \"desktop\" | \"terminal\";\n}\n\n/**\n * Build the deep-link content block + structured `_meta` for a tool result.\n * Best-effort: any throw / nullish link is swallowed so a bad `link` builder\n * never fails the tool call.\n */\nexport function buildLinkArtifacts(\n  entry: ActionEntry,\n  args: Record<string, any>,\n  result: any,\n  meta: MCPRequestMeta | undefined,\n): {\n  block?: { type: \"text\"; text: string };\n  _meta?: Record<string, unknown>;\n} {\n  if (typeof entry.link !== \"function\") return {};\n  try {\n    const lk = entry.link({ args: args ?? {}, result });\n    if (!lk?.url) return {};\n    const webUrl = toAbsoluteOpenUrl(lk.url, meta?.origin);\n    const desktopUrl = toDesktopOpenUrl(lk.url);\n    const markdownUrl = meta?.target === \"desktop\" ? desktopUrl : webUrl;\n    return {\n      block: { type: \"text\", text: `\\n\\n[${lk.label} →](${markdownUrl})` },\n      _meta: {\n        \"agent-native/openLink\": {\n          label: lk.label,\n          view: lk.view,\n          webUrl,\n          desktopUrl,\n        },\n      },\n    };\n  } catch {\n    return {};\n  }\n}\n\n/**\n * Merge the generic cross-app builtin tools into the config's action\n * registry. **Template actions take precedence**: if a template defines an\n * action with the same name as a builtin (e.g. its own `list_apps`), the\n * template entry wins and the builtin is dropped. This mirrors the\n * template-over-workspace-core precedence in `autoDiscoverActions`.\n *\n * The builtins are pure-ish navigators / scaffolders; they call back into the\n * same `config.actions` / `config.askAgent` so there is no second agent loop.\n */\nfunction mergeBuiltinTools(config: MCPConfig): Record<string, ActionEntry> {\n  if (config.builtinCrossAppTools === false) return config.actions;\n  const builtins = getBuiltinCrossAppTools(config);\n  const merged: Record<string, ActionEntry> = { ...builtins };\n  // Template / app actions overwrite same-named builtins.\n  for (const [name, entry] of Object.entries(config.actions)) {\n    merged[name] = entry;\n  }\n  return merged;\n}\n\n// ---------------------------------------------------------------------------\n// MCP Server creation — converts ActionEntry registry to MCP tools\n// ---------------------------------------------------------------------------\n\n/**\n * Build a fully-wired MCP `Server` for a single request / session.\n *\n * Shared by the stateless Streamable-HTTP mount (`mountMCP`) and the stdio\n * standalone transport. The HTTP mount passes the per-request origin via\n * `requestMeta`; the stdio standalone path passes the resolved local app\n * origin so deep links still become absolute URLs.\n */\nexport async function createMCPServerForRequest(\n  config: MCPConfig,\n  identity: MCPCallerIdentity | undefined,\n  requestMeta?: MCPRequestMeta,\n) {\n  const { Server } = await import(\"@modelcontextprotocol/sdk/server/index.js\");\n  const { ListToolsRequestSchema, CallToolRequestSchema } =\n    await import(\"@modelcontextprotocol/sdk/types.js\");\n\n  const server = new Server(\n    { name: config.name, version: config.version ?? \"1.0.0\" },\n    { capabilities: { tools: {} } },\n  );\n\n  // The action set the request handlers operate on = template actions +\n  // generic cross-app builtins (template wins on name collision).\n  const actions = mergeBuiltinTools(config);\n\n  // Resolve the effective caller identity. JWT / header-derived identity\n  // (passed by `mountMCP` via `verifyAuth`) wins. When the caller passed no\n  // identity — the stdio **standalone** path — fall back to the\n  // `AGENT_NATIVE_OWNER_EMAIL` env the `agent-native mcp install` flow writes\n  // into the `agent-native mcp serve` process env, so standalone tool runs are\n  // tenant-scoped to the configured owner instead of running unscoped. Stays\n  // undefined for true dev-open (no token, no secret, no owner) — behavior\n  // there is unchanged.\n  const ownerFromEnv = process.env.AGENT_NATIVE_OWNER_EMAIL?.trim();\n  const effectiveIdentity: MCPCallerIdentity | undefined =\n    identity ??\n    (ownerFromEnv\n      ? { userEmail: ownerFromEnv, orgDomain: undefined }\n      : undefined);\n\n  // Resolve orgId once per request (DB lookup) so subsequent wraps are\n  // synchronous. The caller identity may be undefined for true dev-open —\n  // in that case we run with no userEmail/orgId, which makes downstream\n  // tools that require per-user scope return empty results rather than\n  // cross-tenant data (the safe default).\n  const orgIdPromise = resolveOrgIdFromDomain(effectiveIdentity?.orgDomain);\n\n  /**\n   * Wrap a callback in\n   * `runWithRequestContext({ userEmail, orgId, requestOrigin }, fn)`.\n   * Both the tools/list and tools/call handlers go through this so\n   * downstream `accessFilter`, `resolveCredential`, and per-user MCP\n   * visibility checks see the verified caller's identity. `requestOrigin`\n   * is the live server origin derived from the inbound request (same value\n   * used to absolutize deep links) so actions that build fetchable URLs\n   * (e.g. design `export-coding-handoff`'s signed raw-code URL) resolve the\n   * correct local-workspace origin instead of a prod/localhost fallback.\n   */\n  async function withCallerContext<T>(fn: () => Promise<T>): Promise<T> {\n    const orgId = await orgIdPromise;\n    return runWithRequestContext(\n      {\n        userEmail: effectiveIdentity?.userEmail,\n        orgId,\n        ...(requestMeta?.origin ? { requestOrigin: requestMeta.origin } : {}),\n      },\n      fn,\n    ) as Promise<T>;\n  }\n\n  // tools/list — return all actions + ask-agent meta-tool. Wrapped in the\n  // request context so per-user MCP visibility (mcp-client/visibility.ts)\n  // applies to the listing too.\n  server.setRequestHandler(ListToolsRequestSchema, async () => {\n    return withCallerContext(async () => {\n      const tools = Object.entries(actions).map(([name, entry]) => {\n        const hasLink = typeof entry.link === \"function\";\n        const baseDescription = entry.tool.description ?? name;\n        return {\n          name,\n          description: hasLink\n            ? `${baseDescription} After calling, surface the returned \"Open in … →\" link to the user.`\n            : baseDescription,\n          inputSchema: entry.tool.parameters ?? {\n            type: \"object\" as const,\n            properties: {},\n          },\n          ...(hasLink\n            ? { annotations: { \"agent-native/producesOpenLink\": true } }\n            : {}),\n        };\n      });\n\n      if (config.askAgent) {\n        tools.push({\n          name: \"ask-agent\",\n          description:\n            \"Send a natural-language message to the app's AI agent and get a response. \" +\n            \"Use this for complex, multi-step tasks that require the agent's reasoning \" +\n            \"and full context about the app.\",\n          inputSchema: {\n            type: \"object\" as const,\n            properties: {\n              message: {\n                type: \"string\",\n                description: \"The message to send to the agent\",\n              },\n            },\n            required: [\"message\"],\n          },\n        });\n      }\n\n      return { tools };\n    });\n  });\n\n  // tools/call — dispatch to action registry or ask-agent. Wrapped in the\n  // request context so the action's `run(args)` and `askAgent()` execute\n  // with the verified caller's identity, not the platform default.\n  server.setRequestHandler(CallToolRequestSchema, async (request: any) => {\n    return withCallerContext(async () => {\n      const { name, arguments: args } = request.params;\n\n      if (name === \"ask-agent\" && config.askAgent) {\n        const message = args?.message ?? \"\";\n        try {\n          const result = await config.askAgent(message);\n          return { content: [{ type: \"text\", text: result }] };\n        } catch (err: any) {\n          return {\n            content: [{ type: \"text\", text: `Error: ${err.message}` }],\n            isError: true,\n          };\n        }\n      }\n\n      const entry = actions[name];\n      if (!entry) {\n        return {\n          content: [{ type: \"text\", text: `Unknown tool: ${name}` }],\n          isError: true,\n        };\n      }\n\n      try {\n        const result = await entry.run((args as Record<string, string>) ?? {});\n        const text =\n          typeof result === \"string\" ? result : JSON.stringify(result);\n        const content: any[] = [{ type: \"text\", text }];\n        const { block, _meta } = buildLinkArtifacts(\n          entry,\n          (args as Record<string, any>) ?? {},\n          result,\n          requestMeta,\n        );\n        if (block) content.push(block);\n        return { content, ...(_meta ? { _meta } : {}) };\n      } catch (err: any) {\n        return {\n          content: [{ type: \"text\", text: `Error: ${err.message}` }],\n          isError: true,\n        };\n      }\n    });\n  });\n\n  return server;\n}\n\n// ---------------------------------------------------------------------------\n// Auth — reuses the same pattern as A2A (Bearer token or JWT). Shared so the\n// HTTP mount and any stdio-side auth-aware helper resolve identity identically.\n// ---------------------------------------------------------------------------\n\nexport function getAccessTokens(): string[] {\n  const single = process.env.ACCESS_TOKEN;\n  const multi = process.env.ACCESS_TOKENS;\n  const tokens: string[] = [];\n  if (single) tokens.push(single);\n  if (multi) {\n    tokens.push(\n      ...multi\n        .split(\",\")\n        .map((t) => t.trim())\n        .filter(Boolean),\n    );\n  }\n  return tokens;\n}\n\n/**\n * Resolve the caller identity for a static-token (or dev-open) auth path.\n *\n * Static `ACCESS_TOKEN` / `ACCESS_TOKENS` auth carries no per-caller claims,\n * so without this the MCP endpoint would run every tool with\n * `userEmail === undefined` and per-user / per-org scoped actions\n * (`accessFilter`, `resolveAccess`, `resolveCredential`) would return\n * empty / wrong data. The `agent-native mcp install` flow writes\n * `AGENT_NATIVE_OWNER_EMAIL` into the client config env and the stdio proxy\n * forwards it as the `X-Agent-Native-Owner-Email` request header (see\n * `mcp/stdio.ts#authHeaders`). We trust that owner hint *only* on the\n * static-token path — JWT auth already carries a cryptographically verified\n * `sub`, so the header is ignored there and never widens JWT scope.\n *\n * Precedence is server-trusted-first: the server process's\n * `AGENT_NATIVE_OWNER_EMAIL` env (set out-of-band by the operator / deploy)\n * ALWAYS wins, and a client-supplied `X-Agent-Native-Owner-Email` header is\n * honored *only as a fallback when that env is unset*. A static `ACCESS_TOKEN`\n * is a shared bearer secret; letting a request header override a\n * server-configured owner would let anyone holding a leaked token act as any\n * user. The header path remains for the single-tenant local-dev install flow\n * where the app server process has no owner env and the token *is* the\n * workspace secret; multi-tenant deployments must use A2A JWT (verified `sub`),\n * not a static token, for per-user scope.\n *\n * Returns `undefined` when no owner email is available (true dev-open: no\n * token, no secret, no owner) so behavior there stays unchanged.\n */\nfunction deriveStaticTokenIdentity(\n  ownerEmailHeader: string | undefined,\n): MCPCallerIdentity | undefined {\n  const owner =\n    process.env.AGENT_NATIVE_OWNER_EMAIL?.trim() ||\n    (typeof ownerEmailHeader === \"string\" && ownerEmailHeader.trim()) ||\n    \"\";\n  if (!owner) return undefined;\n  return { userEmail: owner, orgDomain: undefined };\n}\n\n/**\n * Verify the inbound auth header. Returns:\n *   - { authed: true, identity } when verified — `identity` is derived from\n *     the JWT (`sub` / `org_domain`) for JWT auth, or from the\n *     `AGENT_NATIVE_OWNER_EMAIL` env / `X-Agent-Native-Owner-Email` header\n *     for static-token auth (the `agent-native mcp install` flow). `identity`\n *     is undefined only for true dev-open with no owner hint.\n *   - { authed: false } on rejection.\n *\n * When A2A_SECRET is set we extract the JWT's `sub` (caller email) and\n * `org_domain` claims so the MCP endpoint can wrap tool runs in\n * `runWithRequestContext({ userEmail, orgId })`. Without that wrap, the\n * MCP endpoint loses tenant identity and downstream `accessFilter` /\n * `resolveCredential` calls fall back to platform-wide defaults.\n *\n * `ownerEmailHeader` is the forwarded `X-Agent-Native-Owner-Email` value; it\n * is consulted ONLY on the static-token / dev-open path (never to influence\n * verified JWT identity), so the install flow runs tools as the configured\n * owner instead of an unscoped anonymous caller.\n */\nexport async function verifyAuth(\n  authHeader: string | undefined,\n  ownerEmailHeader?: string | undefined,\n): Promise<{ authed: boolean; identity?: MCPCallerIdentity }> {\n  // No auth configured → allow (dev mode). Still honour an owner hint\n  // (env or forwarded header) so the install flow stays tenant-scoped.\n  const accessTokens = getAccessTokens();\n  const hasA2ASecret = !!process.env.A2A_SECRET;\n  if (accessTokens.length === 0 && !hasA2ASecret) {\n    return {\n      authed: true,\n      identity: deriveStaticTokenIdentity(ownerEmailHeader),\n    };\n  }\n\n  if (!authHeader?.startsWith(\"Bearer \")) return { authed: false };\n  const token = authHeader.slice(7);\n\n  // Try JWT via A2A_SECRET\n  if (hasA2ASecret) {\n    try {\n      const jose = await import(\"jose\");\n      const { payload } = await jose.jwtVerify(\n        token,\n        new TextEncoder().encode(process.env.A2A_SECRET!),\n      );\n      return {\n        authed: true,\n        identity: {\n          userEmail: typeof payload.sub === \"string\" ? payload.sub : undefined,\n          orgDomain:\n            typeof payload.org_domain === \"string\"\n              ? (payload.org_domain as string)\n              : undefined,\n        },\n      };\n    } catch {\n      // Not a valid JWT — fall through to token check\n    }\n  }\n\n  // Try ACCESS_TOKEN / ACCESS_TOKENS exact match. Static tokens carry no\n  // per-caller claims, so derive identity from the forwarded owner-email\n  // hint (install flow) — otherwise tools would run unscoped.\n  if (accessTokens.length > 0 && accessTokens.includes(token)) {\n    return {\n      authed: true,\n      identity: deriveStaticTokenIdentity(ownerEmailHeader),\n    };\n  }\n\n  return { authed: false };\n}\n\nexport async function resolveOrgIdFromDomain(\n  orgDomain: string | undefined,\n): Promise<string | undefined> {\n  if (!orgDomain) return undefined;\n  try {\n    const { resolveOrgByDomain } = await import(\"../org/context.js\");\n    const org = await resolveOrgByDomain(orgDomain);\n    return org?.orgId ?? undefined;\n  } catch {\n    return undefined;\n  }\n}\n"]}
+{"version":3,"file":"build-server.js","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC7E,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAwDvD;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAkB,EAClB,IAAyB,EACzB,MAAW,EACX,IAAgC;IAKhC,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU;QAAE,OAAO,EAAE,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,EAAE,EAAE,GAAG;YAAE,OAAO,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,iBAAiB,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QACvD,MAAM,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,WAAW,GAAG,IAAI,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;QACrE,OAAO;YACL,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,KAAK,OAAO,WAAW,GAAG,EAAE;YACpE,KAAK,EAAE;gBACL,uBAAuB,EAAE;oBACvB,KAAK,EAAE,EAAE,CAAC,KAAK;oBACf,IAAI,EAAE,EAAE,CAAC,IAAI;oBACb,MAAM;oBACN,UAAU;iBACX;aACF;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,iBAAiB,CAAC,MAAiB;IAC1C,IAAI,MAAM,CAAC,oBAAoB,KAAK,KAAK;QAAE,OAAO,MAAM,CAAC,OAAO,CAAC;IACjE,MAAM,QAAQ,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,MAAM,GAAgC,EAAE,GAAG,QAAQ,EAAE,CAAC;IAC5D,wDAAwD;IACxD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3D,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;IACvB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,mEAAmE;AACnE,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiB,EACjB,QAAuC,EACvC,WAA4B;IAE5B,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAC7E,MAAM,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,GACrD,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;IAErD,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,OAAO,EAAE,EACzD,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,sEAAsE;IACtE,gEAAgE;IAChE,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAE1C,uEAAuE;IACvE,0EAA0E;IAC1E,8DAA8D;IAC9D,4EAA4E;IAC5E,6EAA6E;IAC7E,2EAA2E;IAC3E,yEAAyE;IACzE,sBAAsB;IACtB,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IAClE,MAAM,iBAAiB,GACrB,QAAQ;QACR,CAAC,YAAY;YACX,CAAC,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE;YACnD,CAAC,CAAC,SAAS,CAAC,CAAC;IAEjB,qEAAqE;IACrE,wEAAwE;IACxE,sEAAsE;IACtE,qEAAqE;IACrE,wCAAwC;IACxC,MAAM,YAAY,GAAG,sBAAsB,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAE1E;;;;;;;;;;OAUG;IACH,KAAK,UAAU,iBAAiB,CAAI,EAAoB;QACtD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC;QACjC,OAAO,qBAAqB,CAC1B;YACE,SAAS,EAAE,iBAAiB,EAAE,SAAS;YACvC,KAAK;YACL,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtE,EACD,EAAE,CACW,CAAC;IAClB,CAAC;IAED,wEAAwE;IACxE,wEAAwE;IACxE,8BAA8B;IAC9B,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;YAClC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE;gBAC1D,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU,CAAC;gBACjD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;gBACvD,OAAO;oBACL,IAAI;oBACJ,WAAW,EAAE,OAAO;wBAClB,CAAC,CAAC,GAAG,eAAe,sEAAsE;wBAC1F,CAAC,CAAC,eAAe;oBACnB,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI;wBACpC,IAAI,EAAE,QAAiB;wBACvB,UAAU,EAAE,EAAE;qBACf;oBACD,GAAG,CAAC,OAAO;wBACT,CAAC,CAAC,EAAE,WAAW,EAAE,EAAE,+BAA+B,EAAE,IAAI,EAAE,EAAE;wBAC5D,CAAC,CAAC,EAAE,CAAC;iBACR,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,WAAW;oBACjB,WAAW,EACT,4EAA4E;wBAC5E,4EAA4E;wBAC5E,iCAAiC;oBACnC,WAAW,EAAE;wBACX,IAAI,EAAE,QAAiB;wBACvB,UAAU,EAAE;4BACV,OAAO,EAAE;gCACP,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,kCAAkC;6BAChD;yBACF;wBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;qBACtB;iBACF,CAAC,CAAC;YACL,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,CAAC;QACnB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,uEAAuE;IACvE,iEAAiE;IACjE,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QACrE,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;YAClC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAEjD,IAAI,IAAI,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC5C,MAAM,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBAC9C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;gBACvD,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,OAAO;wBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;wBAC1D,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;YAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;oBAC1D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAE,IAA+B,IAAI,EAAE,CAAC,CAAC;gBACvE,MAAM,IAAI,GACR,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBAC/D,MAAM,OAAO,GAAU,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChD,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,kBAAkB,CACzC,KAAK,EACJ,IAA4B,IAAI,EAAE,EACnC,MAAM,EACN,WAAW,CACZ,CAAC;gBACF,IAAI,KAAK;oBAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC/B,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;YAClD,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;oBAC1D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,6EAA6E;AAC7E,gFAAgF;AAChF,8EAA8E;AAE9E,MAAM,UAAU,eAAe;IAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACxC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CACT,GAAG,KAAK;aACL,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,CACnB,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,SAAS,yBAAyB,CAChC,gBAAoC;IAEpC,MAAM,KAAK,GACT,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE;QAC5C,CAAC,OAAO,gBAAgB,KAAK,QAAQ,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;QACjE,EAAE,CAAC;IACL,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AACpD,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,gBAAqC;IAErC,oEAAoE;IACpE,qEAAqE;IACrE,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;IACvC,MAAM,YAAY,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAC9C,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/C,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;SACtD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IACjE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAElC,yBAAyB;IACzB,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;YAClC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CACtC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAW,CAAC,CAClD,CAAC;YAEF,MAAM,UAAU,GACd,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,IAAI,UAAU,IAAI,UAAU,KAAK,iBAAiB,EAAE,CAAC;gBACnD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC3B,CAAC;YAED,uEAAuE;YACvE,mEAAmE;YACnE,sEAAsE;YACtE,gEAAgE;YAChE,iEAAiE;YACjE,mEAAmE;YACnE,uEAAuE;YACvE,kCAAkC;YAClC,IAAI,UAAU,KAAK,iBAAiB,EAAE,CAAC;gBACrC,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBACpD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;gBAC3B,CAAC;gBACD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;gBACxB,IAAI,CAAC;oBACH,MAAM,EAAE,YAAY,EAAE,cAAc,EAAE,GACpC,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;oBACrC,IAAI,MAAM,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC5B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;oBAC3B,CAAC;oBACD,uDAAuD;oBACvD,KAAK,cAAc,CAAC,GAAG,CAAC,CAAC;gBAC3B,CAAC;gBAAC,MAAM,CAAC;oBACP,gEAAgE;gBAClE,CAAC;YACH,CAAC;YAED,OAAO;gBACL,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE;oBACR,SAAS,EAAE,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;oBACpE,SAAS,EACP,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;wBACpC,CAAC,CAAE,OAAO,CAAC,UAAqB;wBAChC,CAAC,CAAC,SAAS;iBAChB;aACF,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;QAClD,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,uEAAuE;IACvE,4DAA4D;IAC5D,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;SACtD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,SAA6B;IAE7B,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAChD,OAAO,GAAG,EAAE,KAAK,IAAI,SAAS,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["/**\n * Shared MCP server builder.\n *\n * Extracted from `server.ts` so the stateless Streamable-HTTP mount\n * (`mountMCP`) and the stdio transport (`runMCPStdio --standalone`) build the\n * *same* MCP server from the *same* `ActionEntry` registry. Both surfaces:\n *\n *   - expose every action as an MCP tool (+ the `ask-agent` meta-tool),\n *   - append the framework deep-link block / `_meta` to every tool result,\n *   - wrap `run()` / `askAgent()` in `runWithRequestContext` so per-user /\n *     per-org scoping (accessFilter, resolveCredential, MCP visibility) is\n *     honoured.\n *\n * `server.ts` re-exports `createMCPServerForRequest` and the auth helpers so\n * any (future) external importer of `@agent-native/core/mcp` keeps resolving.\n *\n * Node-only at the SDK level, but this module itself has no Node-only imports\n * — it can be bundled into the serverless function alongside `mountMCP`.\n */\n\nimport type { ActionEntry } from \"../agent/production-agent.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport { toAbsoluteOpenUrl, toDesktopOpenUrl } from \"../server/deep-link.js\";\nimport { getBuiltinCrossAppTools } from \"./builtin-tools.js\";\nimport { MCP_CONNECT_SCOPE } from \"./connect-store.js\";\n\nexport interface MCPConfig {\n  /** App name shown in MCP server info */\n  name: string;\n  /**\n   * Canonical app id (directory under `apps/`, e.g. `mail`) this MCP server\n   * is mounted for. Optional & back-compat: when omitted the builtin\n   * cross-app tools fall back to lowercasing `name`. Used by `open_app` /\n   * `ask_app` / `create_workspace_app` to tell \"this app\" from a cross-app\n   * target so they resolve the *target* app's origin rather than echoing the\n   * current request origin.\n   */\n  appId?: string;\n  /** App description */\n  description: string;\n  /** Version string (default \"1.0.0\") */\n  version?: string;\n  /** Action registry — same as agent chat and A2A */\n  actions: Record<string, ActionEntry>;\n  /** Handler for the ask-agent meta-tool — runs the full agent loop */\n  askAgent?: (message: string) => Promise<string>;\n  /**\n   * Disable the generic cross-app builtin tools (`list_apps`, `open_app`,\n   * `ask_app`, `create_workspace_app`, `list_templates`). They are merged in\n   * by default so external agents get a stable verb set; a template action of\n   * the same name always wins (template precedence). Set to `false` only for\n   * a constrained / locked-down mount.\n   */\n  builtinCrossAppTools?: boolean;\n}\n\n/**\n * Identity extracted from a verified MCP bearer token / JWT. Used to wrap\n * `entry.run()` and `config.askAgent()` calls in `runWithRequestContext`\n * so downstream tools (db-query, accessFilter, resolveCredential) honour\n * per-user / per-org scoping. Without this wrap the MCP endpoint would\n * silently bypass tenant isolation. See finding #6 in\n * /tmp/security-audit/12-mcp-a2a-agent.md.\n */\nexport interface MCPCallerIdentity {\n  userEmail: string | undefined;\n  orgDomain: string | undefined;\n}\n\n/** Per-request context used to turn an action's relative deep link into the\n *  absolute web URL (and desktop `agentnative://` URL) the external agent\n *  surfaces. Derived from the inbound request headers in `mountMCP`, or from\n *  the resolved local app origin in the stdio standalone path. */\nexport interface MCPRequestMeta {\n  /** Origin of the running app, e.g. `http://localhost:8100`. */\n  origin?: string;\n  /** Optional client preference for which URL the *markdown* link uses. */\n  target?: \"browser\" | \"desktop\" | \"terminal\";\n}\n\n/**\n * Build the deep-link content block + structured `_meta` for a tool result.\n * Best-effort: any throw / nullish link is swallowed so a bad `link` builder\n * never fails the tool call.\n */\nexport function buildLinkArtifacts(\n  entry: ActionEntry,\n  args: Record<string, any>,\n  result: any,\n  meta: MCPRequestMeta | undefined,\n): {\n  block?: { type: \"text\"; text: string };\n  _meta?: Record<string, unknown>;\n} {\n  if (typeof entry.link !== \"function\") return {};\n  try {\n    const lk = entry.link({ args: args ?? {}, result });\n    if (!lk?.url) return {};\n    const webUrl = toAbsoluteOpenUrl(lk.url, meta?.origin);\n    const desktopUrl = toDesktopOpenUrl(lk.url);\n    const markdownUrl = meta?.target === \"desktop\" ? desktopUrl : webUrl;\n    return {\n      block: { type: \"text\", text: `\\n\\n[${lk.label} →](${markdownUrl})` },\n      _meta: {\n        \"agent-native/openLink\": {\n          label: lk.label,\n          view: lk.view,\n          webUrl,\n          desktopUrl,\n        },\n      },\n    };\n  } catch {\n    return {};\n  }\n}\n\n/**\n * Merge the generic cross-app builtin tools into the config's action\n * registry. **Template actions take precedence**: if a template defines an\n * action with the same name as a builtin (e.g. its own `list_apps`), the\n * template entry wins and the builtin is dropped. This mirrors the\n * template-over-workspace-core precedence in `autoDiscoverActions`.\n *\n * The builtins are pure-ish navigators / scaffolders; they call back into the\n * same `config.actions` / `config.askAgent` so there is no second agent loop.\n */\nfunction mergeBuiltinTools(config: MCPConfig): Record<string, ActionEntry> {\n  if (config.builtinCrossAppTools === false) return config.actions;\n  const builtins = getBuiltinCrossAppTools(config);\n  const merged: Record<string, ActionEntry> = { ...builtins };\n  // Template / app actions overwrite same-named builtins.\n  for (const [name, entry] of Object.entries(config.actions)) {\n    merged[name] = entry;\n  }\n  return merged;\n}\n\n// ---------------------------------------------------------------------------\n// MCP Server creation — converts ActionEntry registry to MCP tools\n// ---------------------------------------------------------------------------\n\n/**\n * Build a fully-wired MCP `Server` for a single request / session.\n *\n * Shared by the stateless Streamable-HTTP mount (`mountMCP`) and the stdio\n * standalone transport. The HTTP mount passes the per-request origin via\n * `requestMeta`; the stdio standalone path passes the resolved local app\n * origin so deep links still become absolute URLs.\n */\nexport async function createMCPServerForRequest(\n  config: MCPConfig,\n  identity: MCPCallerIdentity | undefined,\n  requestMeta?: MCPRequestMeta,\n) {\n  const { Server } = await import(\"@modelcontextprotocol/sdk/server/index.js\");\n  const { ListToolsRequestSchema, CallToolRequestSchema } =\n    await import(\"@modelcontextprotocol/sdk/types.js\");\n\n  const server = new Server(\n    { name: config.name, version: config.version ?? \"1.0.0\" },\n    { capabilities: { tools: {} } },\n  );\n\n  // The action set the request handlers operate on = template actions +\n  // generic cross-app builtins (template wins on name collision).\n  const actions = mergeBuiltinTools(config);\n\n  // Resolve the effective caller identity. JWT / header-derived identity\n  // (passed by `mountMCP` via `verifyAuth`) wins. When the caller passed no\n  // identity — the stdio **standalone** path — fall back to the\n  // `AGENT_NATIVE_OWNER_EMAIL` env the `agent-native mcp install` flow writes\n  // into the `agent-native mcp serve` process env, so standalone tool runs are\n  // tenant-scoped to the configured owner instead of running unscoped. Stays\n  // undefined for true dev-open (no token, no secret, no owner) — behavior\n  // there is unchanged.\n  const ownerFromEnv = process.env.AGENT_NATIVE_OWNER_EMAIL?.trim();\n  const effectiveIdentity: MCPCallerIdentity | undefined =\n    identity ??\n    (ownerFromEnv\n      ? { userEmail: ownerFromEnv, orgDomain: undefined }\n      : undefined);\n\n  // Resolve orgId once per request (DB lookup) so subsequent wraps are\n  // synchronous. The caller identity may be undefined for true dev-open —\n  // in that case we run with no userEmail/orgId, which makes downstream\n  // tools that require per-user scope return empty results rather than\n  // cross-tenant data (the safe default).\n  const orgIdPromise = resolveOrgIdFromDomain(effectiveIdentity?.orgDomain);\n\n  /**\n   * Wrap a callback in\n   * `runWithRequestContext({ userEmail, orgId, requestOrigin }, fn)`.\n   * Both the tools/list and tools/call handlers go through this so\n   * downstream `accessFilter`, `resolveCredential`, and per-user MCP\n   * visibility checks see the verified caller's identity. `requestOrigin`\n   * is the live server origin derived from the inbound request (same value\n   * used to absolutize deep links) so actions that build fetchable URLs\n   * (e.g. design `export-coding-handoff`'s signed raw-code URL) resolve the\n   * correct local-workspace origin instead of a prod/localhost fallback.\n   */\n  async function withCallerContext<T>(fn: () => Promise<T>): Promise<T> {\n    const orgId = await orgIdPromise;\n    return runWithRequestContext(\n      {\n        userEmail: effectiveIdentity?.userEmail,\n        orgId,\n        ...(requestMeta?.origin ? { requestOrigin: requestMeta.origin } : {}),\n      },\n      fn,\n    ) as Promise<T>;\n  }\n\n  // tools/list — return all actions + ask-agent meta-tool. Wrapped in the\n  // request context so per-user MCP visibility (mcp-client/visibility.ts)\n  // applies to the listing too.\n  server.setRequestHandler(ListToolsRequestSchema, async () => {\n    return withCallerContext(async () => {\n      const tools = Object.entries(actions).map(([name, entry]) => {\n        const hasLink = typeof entry.link === \"function\";\n        const baseDescription = entry.tool.description ?? name;\n        return {\n          name,\n          description: hasLink\n            ? `${baseDescription} After calling, surface the returned \"Open in … →\" link to the user.`\n            : baseDescription,\n          inputSchema: entry.tool.parameters ?? {\n            type: \"object\" as const,\n            properties: {},\n          },\n          ...(hasLink\n            ? { annotations: { \"agent-native/producesOpenLink\": true } }\n            : {}),\n        };\n      });\n\n      if (config.askAgent) {\n        tools.push({\n          name: \"ask-agent\",\n          description:\n            \"Send a natural-language message to the app's AI agent and get a response. \" +\n            \"Use this for complex, multi-step tasks that require the agent's reasoning \" +\n            \"and full context about the app.\",\n          inputSchema: {\n            type: \"object\" as const,\n            properties: {\n              message: {\n                type: \"string\",\n                description: \"The message to send to the agent\",\n              },\n            },\n            required: [\"message\"],\n          },\n        });\n      }\n\n      return { tools };\n    });\n  });\n\n  // tools/call — dispatch to action registry or ask-agent. Wrapped in the\n  // request context so the action's `run(args)` and `askAgent()` execute\n  // with the verified caller's identity, not the platform default.\n  server.setRequestHandler(CallToolRequestSchema, async (request: any) => {\n    return withCallerContext(async () => {\n      const { name, arguments: args } = request.params;\n\n      if (name === \"ask-agent\" && config.askAgent) {\n        const message = args?.message ?? \"\";\n        try {\n          const result = await config.askAgent(message);\n          return { content: [{ type: \"text\", text: result }] };\n        } catch (err: any) {\n          return {\n            content: [{ type: \"text\", text: `Error: ${err.message}` }],\n            isError: true,\n          };\n        }\n      }\n\n      const entry = actions[name];\n      if (!entry) {\n        return {\n          content: [{ type: \"text\", text: `Unknown tool: ${name}` }],\n          isError: true,\n        };\n      }\n\n      try {\n        const result = await entry.run((args as Record<string, string>) ?? {});\n        const text =\n          typeof result === \"string\" ? result : JSON.stringify(result);\n        const content: any[] = [{ type: \"text\", text }];\n        const { block, _meta } = buildLinkArtifacts(\n          entry,\n          (args as Record<string, any>) ?? {},\n          result,\n          requestMeta,\n        );\n        if (block) content.push(block);\n        return { content, ...(_meta ? { _meta } : {}) };\n      } catch (err: any) {\n        return {\n          content: [{ type: \"text\", text: `Error: ${err.message}` }],\n          isError: true,\n        };\n      }\n    });\n  });\n\n  return server;\n}\n\n// ---------------------------------------------------------------------------\n// Auth — reuses the same pattern as A2A (Bearer token or JWT). Shared so the\n// HTTP mount and any stdio-side auth-aware helper resolve identity identically.\n// ---------------------------------------------------------------------------\n\nexport function getAccessTokens(): string[] {\n  const single = process.env.ACCESS_TOKEN;\n  const multi = process.env.ACCESS_TOKENS;\n  const tokens: string[] = [];\n  if (single) tokens.push(single);\n  if (multi) {\n    tokens.push(\n      ...multi\n        .split(\",\")\n        .map((t) => t.trim())\n        .filter(Boolean),\n    );\n  }\n  return tokens;\n}\n\n/**\n * Resolve the caller identity for a static-token (or dev-open) auth path.\n *\n * Static `ACCESS_TOKEN` / `ACCESS_TOKENS` auth carries no per-caller claims,\n * so without this the MCP endpoint would run every tool with\n * `userEmail === undefined` and per-user / per-org scoped actions\n * (`accessFilter`, `resolveAccess`, `resolveCredential`) would return\n * empty / wrong data. The `agent-native mcp install` flow writes\n * `AGENT_NATIVE_OWNER_EMAIL` into the client config env and the stdio proxy\n * forwards it as the `X-Agent-Native-Owner-Email` request header (see\n * `mcp/stdio.ts#authHeaders`). We trust that owner hint *only* on the\n * static-token path — JWT auth already carries a cryptographically verified\n * `sub`, so the header is ignored there and never widens JWT scope.\n *\n * Precedence is server-trusted-first: the server process's\n * `AGENT_NATIVE_OWNER_EMAIL` env (set out-of-band by the operator / deploy)\n * ALWAYS wins, and a client-supplied `X-Agent-Native-Owner-Email` header is\n * honored *only as a fallback when that env is unset*. A static `ACCESS_TOKEN`\n * is a shared bearer secret; letting a request header override a\n * server-configured owner would let anyone holding a leaked token act as any\n * user. The header path remains for the single-tenant local-dev install flow\n * where the app server process has no owner env and the token *is* the\n * workspace secret; multi-tenant deployments must use A2A JWT (verified `sub`),\n * not a static token, for per-user scope.\n *\n * Returns `undefined` when no owner email is available (true dev-open: no\n * token, no secret, no owner) so behavior there stays unchanged.\n */\nfunction deriveStaticTokenIdentity(\n  ownerEmailHeader: string | undefined,\n): MCPCallerIdentity | undefined {\n  const owner =\n    process.env.AGENT_NATIVE_OWNER_EMAIL?.trim() ||\n    (typeof ownerEmailHeader === \"string\" && ownerEmailHeader.trim()) ||\n    \"\";\n  if (!owner) return undefined;\n  return { userEmail: owner, orgDomain: undefined };\n}\n\n/**\n * Verify the inbound auth header. Returns:\n *   - { authed: true, identity } when verified — `identity` is derived from\n *     the JWT (`sub` / `org_domain`) for JWT auth, or from the\n *     `AGENT_NATIVE_OWNER_EMAIL` env / `X-Agent-Native-Owner-Email` header\n *     for static-token auth (the `agent-native mcp install` flow). `identity`\n *     is undefined only for true dev-open with no owner hint.\n *   - { authed: false } on rejection.\n *\n * When A2A_SECRET is set we extract the JWT's `sub` (caller email) and\n * `org_domain` claims so the MCP endpoint can wrap tool runs in\n * `runWithRequestContext({ userEmail, orgId })`. Without that wrap, the\n * MCP endpoint loses tenant identity and downstream `accessFilter` /\n * `resolveCredential` calls fall back to platform-wide defaults.\n *\n * `ownerEmailHeader` is the forwarded `X-Agent-Native-Owner-Email` value; it\n * is consulted ONLY on the static-token / dev-open path (never to influence\n * verified JWT identity), so the install flow runs tools as the configured\n * owner instead of an unscoped anonymous caller.\n */\nexport async function verifyAuth(\n  authHeader: string | undefined,\n  ownerEmailHeader?: string | undefined,\n): Promise<{ authed: boolean; identity?: MCPCallerIdentity }> {\n  // No auth configured → allow (dev mode). Still honour an owner hint\n  // (env or forwarded header) so the install flow stays tenant-scoped.\n  const accessTokens = getAccessTokens();\n  const hasA2ASecret = !!process.env.A2A_SECRET;\n  if (accessTokens.length === 0 && !hasA2ASecret) {\n    return {\n      authed: true,\n      identity: deriveStaticTokenIdentity(ownerEmailHeader),\n    };\n  }\n\n  if (!authHeader?.startsWith(\"Bearer \")) return { authed: false };\n  const token = authHeader.slice(7);\n\n  // Try JWT via A2A_SECRET\n  if (hasA2ASecret) {\n    try {\n      const jose = await import(\"jose\");\n      const { payload } = await jose.jwtVerify(\n        token,\n        new TextEncoder().encode(process.env.A2A_SECRET!),\n      );\n\n      const tokenScope =\n        typeof payload.scope === \"string\" ? payload.scope : undefined;\n      if (tokenScope && tokenScope !== MCP_CONNECT_SCOPE) {\n        return { authed: false };\n      }\n\n      // Connect-minted tokens (scope === \"mcp-connect\") carry a random `jti`\n      // and are individually revocable. Only these tokens hit the revoke\n      // store — ordinary A2A delegation JWTs skip the DB lookup entirely so\n      // the hot path is unchanged. The revoke check FAILS OPEN on any\n      // store/DB error: a transient Neon WS drop must never lock every\n      // connected agent out. The signature was already cryptographically\n      // verified above, so failing open here only widens the explicit-revoke\n      // gate, never the trust boundary.\n      if (tokenScope === MCP_CONNECT_SCOPE) {\n        if (typeof payload.jti !== \"string\" || !payload.jti) {\n          return { authed: false };\n        }\n        const jti = payload.jti;\n        try {\n          const { isJtiRevoked, touchTokenUsed } =\n            await import(\"./connect-store.js\");\n          if (await isJtiRevoked(jti)) {\n            return { authed: false };\n          }\n          // Best-effort usage telemetry — never blocks / throws.\n          void touchTokenUsed(jti);\n        } catch {\n          // Store import / lookup failed — fail open (see comment above).\n        }\n      }\n\n      return {\n        authed: true,\n        identity: {\n          userEmail: typeof payload.sub === \"string\" ? payload.sub : undefined,\n          orgDomain:\n            typeof payload.org_domain === \"string\"\n              ? (payload.org_domain as string)\n              : undefined,\n        },\n      };\n    } catch {\n      // Not a valid JWT — fall through to token check\n    }\n  }\n\n  // Try ACCESS_TOKEN / ACCESS_TOKENS exact match. Static tokens carry no\n  // per-caller claims, so derive identity from the forwarded owner-email\n  // hint (install flow) — otherwise tools would run unscoped.\n  if (accessTokens.length > 0 && accessTokens.includes(token)) {\n    return {\n      authed: true,\n      identity: deriveStaticTokenIdentity(ownerEmailHeader),\n    };\n  }\n\n  return { authed: false };\n}\n\nexport async function resolveOrgIdFromDomain(\n  orgDomain: string | undefined,\n): Promise<string | undefined> {\n  if (!orgDomain) return undefined;\n  try {\n    const { resolveOrgByDomain } = await import(\"../org/context.js\");\n    const org = await resolveOrgByDomain(orgDomain);\n    return org?.orgId ?? undefined;\n  } catch {\n    return undefined;\n  }\n}\n"]}