@agent-native/core 0.19.0 → 0.19.1

package/dist/mcp/server.js

@@ -7,98 +7,182 @@ import { createMCPServerForRequest, verifyAuth, getAccessTokens, resolveOrgIdFro
 // against `./server.js` exactly as before this refactor.
 export { createMCPServerForRequest, verifyAuth, getAccessTokens, resolveOrgIdFromDomain, buildLinkArtifacts, };
 // ---------------------------------------------------------------------------
-// mountMCP — register MCP Streamable HTTP endpoint on H3/Nitro
+// Runtime detection — Node fast-path vs. web-standard fallback
 // ---------------------------------------------------------------------------
 /**
- * Mount an MCP remote server on an H3/Nitro app.
+ * Resolve the underlying Node `http` req/res pair if (and only if) we're
+ * running on a real Node HTTP server (local dev, `node` Nitro preset). On the
+ * web-standard runtime (Nitro 3 / Netlify web runtime, Cloudflare, Deno, Bun)
+ * BOTH of these are undefined — that's the signal to take the web fallback
+ * instead of returning 501.
+ */
+function getNodeReqRes(event) {
+    const e = event;
+    const nodeReq = e.node?.req ?? e.req?.runtime?.node?.req;
+    const nodeRes = e.node?.res ?? e.req?.runtime?.node?.res;
+    return { nodeReq, nodeRes };
+}
+/**
+ * Derive the request origin + the markdown deep-link target from the inbound
+ * headers. Identical logic for both the Node and web paths so the absolute
+ * deep-link URLs in tool results are computed the same way regardless of
+ * runtime.
+ */
+function deriveRequestMeta(event) {
+    const forwardedProto = getRequestHeader(event, "x-forwarded-proto");
+    const host = getRequestHeader(event, "host");
+    const proto = forwardedProto?.split(",")[0]?.trim() ||
+        (host && /^(localhost|127\.0\.0\.1)(:|$)/.test(host) ? "http" : "https");
+    const origin = host ? `${proto}://${host}` : undefined;
+    const targetHeader = getRequestHeader(event, "x-agent-native-open-target")?.toLowerCase();
+    const target = targetHeader === "desktop" ||
+        targetHeader === "terminal" ||
+        targetHeader === "browser"
+        ? targetHeader
+        : undefined;
+    return { origin, target };
+}
+/**
+ * Reconstruct a Web Standard `Request` for the web-standard MCP transport.
  *
- * Endpoint: `{routePrefix}/mcp` (default `/_agent-native/mcp`)
+ * On the web runtime h3 v2 exposes the real web `Request` as `event.req`; we
+ * prefer it (its `method` / `headers` are exactly what the client sent). But
+ * the framework middleware rewrites `event.req.url` when it strips a mount
+ * prefix, and the transport reads `req.method` + `req.headers` (never the
+ * body — we pass that via `parsedBody`), so we always synthesize a clean
+ * `Request` with the verified method + a fresh `Headers` copy. The URL is
+ * cosmetic for the SDK (it only does `new URL(req.url)` for `requestInfo`),
+ * so a best-effort absolute URL derived from the inbound host is sufficient
+ * and never throws.
+ */
+function buildWebRequest(event, method) {
+    const src = event.req;
+    const headers = new Headers();
+    if (src?.headers && typeof src.headers.forEach === "function") {
+        src.headers.forEach((value, key) => headers.set(key, value));
+    }
+    else {
+        const rawHeaders = event.node?.req?.headers;
+        if (rawHeaders) {
+            for (const [key, value] of Object.entries(rawHeaders)) {
+                if (value == null)
+                    continue;
+                headers.set(key, Array.isArray(value) ? value.join(", ") : value);
+            }
+        }
+    }
+    // The SDK requires Accept + Content-Type to advertise both JSON and SSE on
+    // a POST. Real MCP clients (Claude Code, `agent-native connect`) always
+    // send these; we never inject/alter them — if they're absent the SDK
+    // returns its spec-mandated 406/415, identical to the Node path.
+    const host = headers.get("host") || "localhost";
+    const forwardedProto = headers.get("x-forwarded-proto");
+    const proto = forwardedProto?.split(",")[0]?.trim() ||
+        (/^(localhost|127\.0\.0\.1)(:|$)/.test(host) ? "http" : "https");
+    let url = `${proto}://${host}/_agent-native/mcp`;
+    try {
+        if (src?.url)
+            url = new URL(src.url).href;
+    }
+    catch {
+        // keep the synthesized URL
+    }
+    // No body here on purpose: the JSON-RPC payload is forwarded via the
+    // transport's `parsedBody` option (the same mechanism the Node transport
+    // uses), so the request stream is never read twice.
+    return new Request(url, { method, headers });
+}
+// ---------------------------------------------------------------------------
+// handleMcpRequest — runtime-agnostic MCP request handler
+// ---------------------------------------------------------------------------
+/**
+ * Handle a single `{routePrefix}/mcp` request on either runtime.
  *
- * Uses stateless Streamable HTTP transport — no in-memory sessions,
- * compatible with serverless deployments.
+ * - **Node fast-path** (real Node HTTP server): unchanged — delegate to the
+ *   SDK's `StreamableHTTPServerTransport.handleRequest(nodeReq, nodeRes,
+ *   body)`, which writes directly to the Node response (full protocol incl.
+ *   SSE).
+ * - **Web-standard fallback** (Nitro 3 / Netlify web runtime, Cloudflare,
+ *   Deno, Bun — where there is no Node req/res): build the SAME MCP `Server`
+ *   from the SAME config + identity, drive it through the SDK's
+ *   `WebStandardStreamableHTTPServerTransport` (which the Node transport is
+ *   itself just a thin wrapper around), and return the resulting Web
+ *   `Response` as a normal h3 return value.
  *
- * Auth: Bearer token matching ACCESS_TOKEN/ACCESS_TOKENS or JWT via A2A_SECRET.
- * No auth required when neither is configured (dev mode).
+ * Auth, the `runWithRequestContext` identity wrap, the deep-link `_meta` /
+ * markdown append, `requestMeta` origin/target derivation and the stateless
+ * semantics are IDENTICAL on both paths because both build the same server
+ * via `createMCPServerForRequest` and both transports funnel into the same
+ * `WebStandardStreamableHTTPServerTransport.handleRequest(webRequest, {
+ * parsedBody })` with the same options.
+ *
+ * Returns:
+ *   - `undefined` when the request targets a sub-route (so management/status
+ *     routes mounted under `/_agent-native/mcp/*` handle it themselves) — the
+ *     h3 mount falls through to the next handler.
+ *   - a Web `Response` (web fallback) or a string/object (Node path /
+ *     auth-error path) otherwise. The Node path also sets `_handled` so h3
+ *     doesn't double-write.
  */
-export function mountMCP(nitroApp, config, routePrefix = "/_agent-native") {
-    getH3App(nitroApp).use(`${routePrefix}/mcp`, defineEventHandler(async (event) => {
-        const pathname = event.url?.pathname || "/";
-        const subpath = pathname.replace(/^\/+/, "").replace(/\/+$/, "");
-        if (subpath) {
-            // Let management/status routes mounted under /_agent-native/mcp/*
-            // handle their own requests instead of treating them as MCP protocol
-            // traffic.
-            return;
-        }
-        const method = getMethod(event);
-        // Auth check — extracts the caller's identity from the JWT (`sub`),
-        // or, on the static-token / dev-open path, from the forwarded
-        // `X-Agent-Native-Owner-Email` hint the stdio proxy sends (the
-        // `agent-native mcp install` flow). Without this the install flow
-        // would run every tool unscoped (userEmail === undefined).
-        const authHeader = getRequestHeader(event, "authorization");
-        const ownerEmailHeader = getRequestHeader(event, "x-agent-native-owner-email");
-        const authResult = await verifyAuth(authHeader, ownerEmailHeader);
-        if (!authResult.authed) {
-            setResponseStatus(event, 401);
-            return { error: "Unauthorized" };
-        }
-        // Stateless mode: only POST is meaningful
-        if (method === "DELETE") {
-            setResponseStatus(event, 204);
-            return "";
-        }
-        if (method === "GET") {
-            // SSE stream endpoint — not used in stateless mode but the SDK
-            // handles it gracefully. Let it through for protocol compliance.
-        }
-        if (method !== "POST" && method !== "GET") {
-            setResponseStatus(event, 405);
-            return { error: "Method not allowed" };
-        }
-        // Read body for POST (GET has no body)
-        const body = method === "POST" ? await readBody(event) : undefined;
-        // Create per-request stateless transport + server
+export async function handleMcpRequest(event, config) {
+    const pathname = event.url?.pathname || "/";
+    const subpath = pathname.replace(/^\/+/, "").replace(/\/+$/, "");
+    if (subpath) {
+        // Let management/status routes mounted under /_agent-native/mcp/* handle
+        // their own requests instead of treating them as MCP protocol traffic.
+        return undefined;
+    }
+    const method = getMethod(event);
+    // Auth check — extracts the caller's identity from the JWT (`sub`), or, on
+    // the static-token / dev-open path, from the forwarded
+    // `X-Agent-Native-Owner-Email` hint the stdio proxy sends (the
+    // `agent-native mcp install` flow). Without this the install flow would run
+    // every tool unscoped (userEmail === undefined).
+    const authHeader = getRequestHeader(event, "authorization");
+    const ownerEmailHeader = getRequestHeader(event, "x-agent-native-owner-email");
+    const authResult = await verifyAuth(authHeader, ownerEmailHeader);
+    if (!authResult.authed) {
+        setResponseStatus(event, 401);
+        return { error: "Unauthorized" };
+    }
+    // Stateless mode: only POST is meaningful
+    if (method === "DELETE") {
+        setResponseStatus(event, 204);
+        return "";
+    }
+    if (method !== "POST" && method !== "GET") {
+        setResponseStatus(event, 405);
+        return { error: "Method not allowed" };
+    }
+    // Read body for POST (GET has no body). Read it via the h3 helper exactly
+    // once; both transports accept it as a pre-parsed body so the request
+    // stream is never consumed twice.
+    const body = method === "POST" ? await readBody(event) : undefined;
+    // Per-request stateless transport + server. Both runtimes build the SAME
+    // server from the SAME config + verified identity + request meta, so
+    // tools/list, tools/call, and the deep-link `_meta` are identical.
+    const requestMeta = deriveRequestMeta(event);
+    const server = await createMCPServerForRequest(config, authResult.identity, requestMeta);
+    const { nodeReq, nodeRes } = getNodeReqRes(event);
+    if (nodeReq && nodeRes) {
+        // ---- Node fast-path (UNCHANGED behavior) --------------------------------
         const { StreamableHTTPServerTransport } = await import("@modelcontextprotocol/sdk/server/streamableHttp.js");
         const transport = new StreamableHTTPServerTransport({
             sessionIdGenerator: undefined, // stateless
         });
-        // Derive the running app's origin so relative deep links become
-        // absolute URLs the external agent can open (same approach as A2A).
-        const forwardedProto = getRequestHeader(event, "x-forwarded-proto");
-        const host = getRequestHeader(event, "host");
-        const proto = forwardedProto?.split(",")[0]?.trim() ||
-            (host && /^(localhost|127\.0\.0\.1)(:|$)/.test(host)
-                ? "http"
-                : "https");
-        const origin = host ? `${proto}://${host}` : undefined;
-        const targetHeader = getRequestHeader(event, "x-agent-native-open-target")?.toLowerCase();
-        const target = targetHeader === "desktop" ||
-            targetHeader === "terminal" ||
-            targetHeader === "browser"
-            ? targetHeader
-            : undefined;
-        const server = await createMCPServerForRequest(config, authResult.identity, { origin, target });
         await server.connect(transport);
-        // Delegate to the transport — it writes directly to the Node response.
-        // MCP's HTTP transport requires Node streams; this route is Node-only.
-        const nodeReq = event.node?.req ?? event.req?.runtime?.node?.req;
-        const nodeRes = event.node?.res ?? event.req?.runtime?.node?.res;
-        if (!nodeReq || !nodeRes) {
-            setResponseStatus(event, 501);
-            return { error: "MCP requires Node runtime" };
-        }
         try {
+            // The SDK transport writes directly to the Node response. Node-only by
+            // construction; we only reach here when real Node req/res exist.
             await transport.handleRequest(nodeReq, nodeRes, body);
         }
         catch (err) {
-            // The SDK transport writes directly to the Node response. If the
-            // socket is already closed/ended (client disconnected, or the host
-            // stream layer also flushed), Node throws ERR_STREAM_WRITE_AFTER_END
-            // *after* the MCP payload was already delivered correctly. Swallow
-            // that benign post-flush write so an external agent disconnecting
-            // mid-stream can never take down the server process; rethrow
-            // anything else.
+            // The SDK transport writes directly to the Node response. If the socket
+            // is already closed/ended (client disconnected, or the host stream
+            // layer also flushed), Node throws ERR_STREAM_WRITE_AFTER_END *after*
+            // the MCP payload was already delivered correctly. Swallow that benign
+            // post-flush write so an external agent disconnecting mid-stream can
+            // never take down the server process; rethrow anything else.
             if (err?.code !== "ERR_STREAM_WRITE_AFTER_END")
                 throw err;
             if (process.env.DEBUG)
@@ -106,6 +190,53 @@ export function mountMCP(nitroApp, config, routePrefix = "/_agent-native") {
         }
         // Prevent H3 from double-writing the response
         event._handled = true;
+        return undefined;
+    }
+    // ---- Web-standard fallback (Nitro 3 / Netlify web runtime, CF, Deno,
+    // Bun) ---------------------------------------------------------------------
+    //
+    // `StreamableHTTPServerTransport` is itself just a thin wrapper that
+    // converts the Node req/res to a web Request/Response and delegates to
+    // `WebStandardStreamableHTTPServerTransport.handleRequest(webRequest, {
+    // parsedBody })`. Using the web transport directly with the SAME options +
+    // the same pre-read `parsedBody` produces byte-identical protocol output
+    // (including the deep-link `_meta` built inside createMCPServerForRequest),
+    // and works on every web runtime because it returns a Web `Response`
+    // (JSON for request/response, or an SSE `ReadableStream` body which h3
+    // streams natively).
+    const { WebStandardStreamableHTTPServerTransport } = await import("@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js");
+    const transport = new WebStandardStreamableHTTPServerTransport({
+        sessionIdGenerator: undefined, // stateless — same as the Node path
+    });
+    await server.connect(transport);
+    const webRequest = buildWebRequest(event, method);
+    // `parsedBody: undefined` would make the SDK try to read `req.json()`; our
+    // synthesized request has no body, so only pass the option for POST (where
+    // we actually have a parsed body). For GET the transport reads no body.
+    const response = await transport.handleRequest(webRequest, method === "POST" ? { parsedBody: body } : undefined);
+    return response;
+}
+// ---------------------------------------------------------------------------
+// mountMCP — register MCP Streamable HTTP endpoint on H3/Nitro
+// ---------------------------------------------------------------------------
+/**
+ * Mount an MCP remote server on an H3/Nitro app.
+ *
+ * Endpoint: `{routePrefix}/mcp` (default `/_agent-native/mcp`)
+ *
+ * Uses stateless Streamable HTTP transport — no in-memory sessions,
+ * compatible with serverless deployments. Runtime-agnostic: a real Node
+ * server uses the SDK's Node transport; the web-standard runtime (Nitro 3 /
+ * Netlify web runtime, Cloudflare, Deno, Bun) uses the SDK's web-standard
+ * transport. Both build the same server and produce identical JSON-RPC
+ * output.
+ *
+ * Auth: Bearer token matching ACCESS_TOKEN/ACCESS_TOKENS or JWT via A2A_SECRET.
+ * No auth required when neither is configured (dev mode).
+ */
+export function mountMCP(nitroApp, config, routePrefix = "/_agent-native") {
+    getH3App(nitroApp).use(`${routePrefix}/mcp`, defineEventHandler(async (event) => {
+        return handleMcpRequest(event, config);
     }));
     if (process.env.DEBUG)
         console.log(`[mcp] Mounted MCP server at ${routePrefix}/mcp (${Object.keys(config.actions).length} tools${config.askAgent ? " + ask-agent" : ""})`);

package/dist/mcp/server.js.map

@@ -1 +1 @@
-{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,wCAAwC,CAAC;AAClE,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACT,gBAAgB,GACjB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GAInB,MAAM,mBAAmB,CAAC;AAE3B,6EAA6E;AAC7E,4EAA4E;AAC5E,yDAAyD;AACzD,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GACnB,CAAC;AAGF,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;;;;;;;GAUG;AACH,MAAM,UAAU,QAAQ,CACtB,QAAa,EACb,MAAiB,EACjB,WAAW,GAAG,gBAAgB;IAE9B,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,WAAW,MAAM,EACpB,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACjC,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,IAAI,GAAG,CAAC;QAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACjE,IAAI,OAAO,EAAE,CAAC;YACZ,kEAAkE;YAClE,qEAAqE;YACrE,WAAW;YACX,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAEhC,oEAAoE;QACpE,8DAA8D;QAC9D,+DAA+D;QAC/D,kEAAkE;QAClE,2DAA2D;QAC3D,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;QAC5D,MAAM,gBAAgB,GAAG,gBAAgB,CACvC,KAAK,EACL,4BAA4B,CAC7B,CAAC;QACF,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;QAClE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YACvB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;QACnC,CAAC;QAED,0CAA0C;QAC1C,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YACxB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACrB,+DAA+D;YAC/D,iEAAiE;QACnE,CAAC;QAED,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC1C,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;QACzC,CAAC;QAED,uCAAuC;QACvC,MAAM,IAAI,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnE,kDAAkD;QAClD,MAAM,EAAE,6BAA6B,EAAE,GACrC,MAAM,MAAM,CAAC,oDAAoD,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;YAClD,kBAAkB,EAAE,SAAS,EAAE,YAAY;SAC5C,CAAC,CAAC;QACH,gEAAgE;QAChE,oEAAoE;QACpE,MAAM,cAAc,GAAG,gBAAgB,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QACpE,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC7C,MAAM,KAAK,GACT,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;YACrC,CAAC,IAAI,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC;gBAClD,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,OAAO,CAAC,CAAC;QACf,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QACvD,MAAM,YAAY,GAAG,gBAAgB,CACnC,KAAK,EACL,4BAA4B,CAC7B,EAAE,WAAW,EAAE,CAAC;QACjB,MAAM,MAAM,GACV,YAAY,KAAK,SAAS;YAC1B,YAAY,KAAK,UAAU;YAC3B,YAAY,KAAK,SAAS;YACxB,CAAC,CAAE,YAAyC;YAC5C,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAC5C,MAAM,EACN,UAAU,CAAC,QAAQ,EACnB,EAAE,MAAM,EAAE,MAAM,EAAE,CACnB,CAAC;QACF,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEhC,uEAAuE;QACvE,uEAAuE;QACvE,MAAM,OAAO,GACV,KAAa,CAAC,IAAI,EAAE,GAAG,IAAK,KAAa,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC;QACrE,MAAM,OAAO,GACV,KAAa,CAAC,IAAI,EAAE,GAAG,IAAK,KAAa,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC;QACrE,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;YACzB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QAChD,CAAC;QACD,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,iEAAiE;YACjE,mEAAmE;YACnE,qEAAqE;YACrE,mEAAmE;YACnE,kEAAkE;YAClE,6DAA6D;YAC7D,iBAAiB;YACjB,IAAI,GAAG,EAAE,IAAI,KAAK,4BAA4B;gBAAE,MAAM,GAAG,CAAC;YAC1D,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;gBACnB,OAAO,CAAC,GAAG,CACT,2EAA2E,CAC5E,CAAC;QACN,CAAC;QAED,8CAA8C;QAC7C,KAAa,CAAC,QAAQ,GAAG,IAAI,CAAC;IACjC,CAAC,CAAC,CACH,CAAC;IAEF,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;QACnB,OAAO,CAAC,GAAG,CACT,+BAA+B,WAAW,SAAS,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,SAAS,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,CACvI,CAAC;AACN,CAAC","sourcesContent":["import { getH3App } from \"../server/framework-request-handler.js\";\nimport {\n  defineEventHandler,\n  setResponseStatus,\n  getMethod,\n  getRequestHeader,\n} from \"h3\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport {\n  createMCPServerForRequest,\n  verifyAuth,\n  getAccessTokens,\n  resolveOrgIdFromDomain,\n  buildLinkArtifacts,\n  type MCPConfig,\n  type MCPCallerIdentity,\n  type MCPRequestMeta,\n} from \"./build-server.js\";\n\n// Re-export the shared MCP server builder + types so the stdio transport and\n// any (future) external importer of `@agent-native/core/mcp` keep resolving\n// against `./server.js` exactly as before this refactor.\nexport {\n  createMCPServerForRequest,\n  verifyAuth,\n  getAccessTokens,\n  resolveOrgIdFromDomain,\n  buildLinkArtifacts,\n};\nexport type { MCPConfig, MCPCallerIdentity, MCPRequestMeta };\n\n// ---------------------------------------------------------------------------\n// mountMCP — register MCP Streamable HTTP endpoint on H3/Nitro\n// ---------------------------------------------------------------------------\n\n/**\n * Mount an MCP remote server on an H3/Nitro app.\n *\n * Endpoint: `{routePrefix}/mcp` (default `/_agent-native/mcp`)\n *\n * Uses stateless Streamable HTTP transport — no in-memory sessions,\n * compatible with serverless deployments.\n *\n * Auth: Bearer token matching ACCESS_TOKEN/ACCESS_TOKENS or JWT via A2A_SECRET.\n * No auth required when neither is configured (dev mode).\n */\nexport function mountMCP(\n  nitroApp: any,\n  config: MCPConfig,\n  routePrefix = \"/_agent-native\",\n): void {\n  getH3App(nitroApp).use(\n    `${routePrefix}/mcp`,\n    defineEventHandler(async (event) => {\n      const pathname = event.url?.pathname || \"/\";\n      const subpath = pathname.replace(/^\\/+/, \"\").replace(/\\/+$/, \"\");\n      if (subpath) {\n        // Let management/status routes mounted under /_agent-native/mcp/*\n        // handle their own requests instead of treating them as MCP protocol\n        // traffic.\n        return;\n      }\n\n      const method = getMethod(event);\n\n      // Auth check — extracts the caller's identity from the JWT (`sub`),\n      // or, on the static-token / dev-open path, from the forwarded\n      // `X-Agent-Native-Owner-Email` hint the stdio proxy sends (the\n      // `agent-native mcp install` flow). Without this the install flow\n      // would run every tool unscoped (userEmail === undefined).\n      const authHeader = getRequestHeader(event, \"authorization\");\n      const ownerEmailHeader = getRequestHeader(\n        event,\n        \"x-agent-native-owner-email\",\n      );\n      const authResult = await verifyAuth(authHeader, ownerEmailHeader);\n      if (!authResult.authed) {\n        setResponseStatus(event, 401);\n        return { error: \"Unauthorized\" };\n      }\n\n      // Stateless mode: only POST is meaningful\n      if (method === \"DELETE\") {\n        setResponseStatus(event, 204);\n        return \"\";\n      }\n\n      if (method === \"GET\") {\n        // SSE stream endpoint — not used in stateless mode but the SDK\n        // handles it gracefully. Let it through for protocol compliance.\n      }\n\n      if (method !== \"POST\" && method !== \"GET\") {\n        setResponseStatus(event, 405);\n        return { error: \"Method not allowed\" };\n      }\n\n      // Read body for POST (GET has no body)\n      const body = method === \"POST\" ? await readBody(event) : undefined;\n\n      // Create per-request stateless transport + server\n      const { StreamableHTTPServerTransport } =\n        await import(\"@modelcontextprotocol/sdk/server/streamableHttp.js\");\n      const transport = new StreamableHTTPServerTransport({\n        sessionIdGenerator: undefined, // stateless\n      });\n      // Derive the running app's origin so relative deep links become\n      // absolute URLs the external agent can open (same approach as A2A).\n      const forwardedProto = getRequestHeader(event, \"x-forwarded-proto\");\n      const host = getRequestHeader(event, \"host\");\n      const proto =\n        forwardedProto?.split(\",\")[0]?.trim() ||\n        (host && /^(localhost|127\\.0\\.0\\.1)(:|$)/.test(host)\n          ? \"http\"\n          : \"https\");\n      const origin = host ? `${proto}://${host}` : undefined;\n      const targetHeader = getRequestHeader(\n        event,\n        \"x-agent-native-open-target\",\n      )?.toLowerCase();\n      const target =\n        targetHeader === \"desktop\" ||\n        targetHeader === \"terminal\" ||\n        targetHeader === \"browser\"\n          ? (targetHeader as MCPRequestMeta[\"target\"])\n          : undefined;\n\n      const server = await createMCPServerForRequest(\n        config,\n        authResult.identity,\n        { origin, target },\n      );\n      await server.connect(transport);\n\n      // Delegate to the transport — it writes directly to the Node response.\n      // MCP's HTTP transport requires Node streams; this route is Node-only.\n      const nodeReq =\n        (event as any).node?.req ?? (event as any).req?.runtime?.node?.req;\n      const nodeRes =\n        (event as any).node?.res ?? (event as any).req?.runtime?.node?.res;\n      if (!nodeReq || !nodeRes) {\n        setResponseStatus(event, 501);\n        return { error: \"MCP requires Node runtime\" };\n      }\n      try {\n        await transport.handleRequest(nodeReq, nodeRes, body);\n      } catch (err: any) {\n        // The SDK transport writes directly to the Node response. If the\n        // socket is already closed/ended (client disconnected, or the host\n        // stream layer also flushed), Node throws ERR_STREAM_WRITE_AFTER_END\n        // *after* the MCP payload was already delivered correctly. Swallow\n        // that benign post-flush write so an external agent disconnecting\n        // mid-stream can never take down the server process; rethrow\n        // anything else.\n        if (err?.code !== \"ERR_STREAM_WRITE_AFTER_END\") throw err;\n        if (process.env.DEBUG)\n          console.log(\n            \"[mcp] ignored post-flush ERR_STREAM_WRITE_AFTER_END (client disconnected)\",\n          );\n      }\n\n      // Prevent H3 from double-writing the response\n      (event as any)._handled = true;\n    }),\n  );\n\n  if (process.env.DEBUG)\n    console.log(\n      `[mcp] Mounted MCP server at ${routePrefix}/mcp (${Object.keys(config.actions).length} tools${config.askAgent ? \" + ask-agent\" : \"\"})`,\n    );\n}\n"]}
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,wCAAwC,CAAC;AAClE,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACT,gBAAgB,GACjB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GAInB,MAAM,mBAAmB,CAAC;AAE3B,6EAA6E;AAC7E,4EAA4E;AAC5E,yDAAyD;AACzD,OAAO,EACL,yBAAyB,EACzB,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,kBAAkB,GACnB,CAAC;AAGF,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,KAAc;IAInC,MAAM,CAAC,GAAG,KAAY,CAAC;IACvB,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC;IACzD,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC;IACzD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,KAAc;IACvC,MAAM,cAAc,GAAG,gBAAgB,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;IACpE,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7C,MAAM,KAAK,GACT,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;QACrC,CAAC,IAAI,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACvD,MAAM,YAAY,GAAG,gBAAgB,CACnC,KAAK,EACL,4BAA4B,CAC7B,EAAE,WAAW,EAAE,CAAC;IACjB,MAAM,MAAM,GACV,YAAY,KAAK,SAAS;QAC1B,YAAY,KAAK,UAAU;QAC3B,YAAY,KAAK,SAAS;QACxB,CAAC,CAAE,YAAyC;QAC5C,CAAC,CAAC,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,eAAe,CAAC,KAAc,EAAE,MAAc;IACrD,MAAM,GAAG,GAAI,KAAa,CAAC,GAA0B,CAAC;IAEtD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;IAC9B,IAAI,GAAG,EAAE,OAAO,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;QAC9D,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,MAAM,UAAU,GAAI,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAEhC,CAAC;QACd,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACtD,IAAI,KAAK,IAAI,IAAI;oBAAE,SAAS;gBAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,wEAAwE;IACxE,qEAAqE;IACrE,iEAAiE;IAEjE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,WAAW,CAAC;IAChD,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACxD,MAAM,KAAK,GACT,cAAc,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;QACrC,CAAC,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACnE,IAAI,GAAG,GAAG,GAAG,KAAK,MAAM,IAAI,oBAAoB,CAAC;IACjD,IAAI,CAAC;QACH,IAAI,GAAG,EAAE,GAAG;YAAE,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IAED,qEAAqE;IACrE,yEAAyE;IACzE,oDAAoD;IACpD,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,0DAA0D;AAC1D,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAc,EACd,MAAiB;IAEjB,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,IAAI,GAAG,CAAC;IAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjE,IAAI,OAAO,EAAE,CAAC;QACZ,yEAAyE;QACzE,uEAAuE;QACvE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEhC,2EAA2E;IAC3E,uDAAuD;IACvD,+DAA+D;IAC/D,4EAA4E;IAC5E,iDAAiD;IACjD,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC5D,MAAM,gBAAgB,GAAG,gBAAgB,CACvC,KAAK,EACL,4BAA4B,CAC7B,CAAC;IACF,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;IAClE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;QACvB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IACnC,CAAC;IAED,0CAA0C;IAC1C,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QAC1C,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;IACzC,CAAC;IAED,0EAA0E;IAC1E,sEAAsE;IACtE,kCAAkC;IAClC,MAAM,IAAI,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEnE,yEAAyE;IACzE,qEAAqE;IACrE,mEAAmE;IACnE,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAC5C,MAAM,EACN,UAAU,CAAC,QAAQ,EACnB,WAAW,CACZ,CAAC;IAEF,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAElD,IAAI,OAAO,IAAI,OAAO,EAAE,CAAC;QACvB,4EAA4E;QAC5E,MAAM,EAAE,6BAA6B,EAAE,GACrC,MAAM,MAAM,CAAC,oDAAoD,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;YAClD,kBAAkB,EAAE,SAAS,EAAE,YAAY;SAC5C,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,IAAI,CAAC;YACH,uEAAuE;YACvE,iEAAiE;YACjE,MAAM,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,wEAAwE;YACxE,mEAAmE;YACnE,sEAAsE;YACtE,uEAAuE;YACvE,qEAAqE;YACrE,6DAA6D;YAC7D,IAAI,GAAG,EAAE,IAAI,KAAK,4BAA4B;gBAAE,MAAM,GAAG,CAAC;YAC1D,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;gBACnB,OAAO,CAAC,GAAG,CACT,2EAA2E,CAC5E,CAAC;QACN,CAAC;QACD,8CAA8C;QAC7C,KAAa,CAAC,QAAQ,GAAG,IAAI,CAAC;QAC/B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,uEAAuE;IACvE,6EAA6E;IAC7E,EAAE;IACF,qEAAqE;IACrE,uEAAuE;IACvE,wEAAwE;IACxE,2EAA2E;IAC3E,yEAAyE;IACzE,4EAA4E;IAC5E,qEAAqE;IACrE,uEAAuE;IACvE,qBAAqB;IACrB,MAAM,EAAE,wCAAwC,EAAE,GAChD,MAAM,MAAM,CAAC,+DAA+D,CAAC,CAAC;IAChF,MAAM,SAAS,GAAG,IAAI,wCAAwC,CAAC;QAC7D,kBAAkB,EAAE,SAAS,EAAE,oCAAoC;KACpE,CAAC,CAAC;IACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAClD,2EAA2E;IAC3E,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,aAAa,CAC5C,UAAU,EACV,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CACrD,CAAC;IACF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,QAAQ,CACtB,QAAa,EACb,MAAiB,EACjB,WAAW,GAAG,gBAAgB;IAE9B,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,WAAW,MAAM,EACpB,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACjC,OAAO,gBAAgB,CAAC,KAAgB,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC,CAAC,CACH,CAAC;IAEF,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;QACnB,OAAO,CAAC,GAAG,CACT,+BAA+B,WAAW,SAAS,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,SAAS,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,CACvI,CAAC;AACN,CAAC","sourcesContent":["import type { H3Event } from \"h3\";\nimport { getH3App } from \"../server/framework-request-handler.js\";\nimport {\n  defineEventHandler,\n  setResponseStatus,\n  getMethod,\n  getRequestHeader,\n} from \"h3\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport {\n  createMCPServerForRequest,\n  verifyAuth,\n  getAccessTokens,\n  resolveOrgIdFromDomain,\n  buildLinkArtifacts,\n  type MCPConfig,\n  type MCPCallerIdentity,\n  type MCPRequestMeta,\n} from \"./build-server.js\";\n\n// Re-export the shared MCP server builder + types so the stdio transport and\n// any (future) external importer of `@agent-native/core/mcp` keep resolving\n// against `./server.js` exactly as before this refactor.\nexport {\n  createMCPServerForRequest,\n  verifyAuth,\n  getAccessTokens,\n  resolveOrgIdFromDomain,\n  buildLinkArtifacts,\n};\nexport type { MCPConfig, MCPCallerIdentity, MCPRequestMeta };\n\n// ---------------------------------------------------------------------------\n// Runtime detection — Node fast-path vs. web-standard fallback\n// ---------------------------------------------------------------------------\n\n/**\n * Resolve the underlying Node `http` req/res pair if (and only if) we're\n * running on a real Node HTTP server (local dev, `node` Nitro preset). On the\n * web-standard runtime (Nitro 3 / Netlify web runtime, Cloudflare, Deno, Bun)\n * BOTH of these are undefined — that's the signal to take the web fallback\n * instead of returning 501.\n */\nfunction getNodeReqRes(event: H3Event): {\n  nodeReq: any | undefined;\n  nodeRes: any | undefined;\n} {\n  const e = event as any;\n  const nodeReq = e.node?.req ?? e.req?.runtime?.node?.req;\n  const nodeRes = e.node?.res ?? e.req?.runtime?.node?.res;\n  return { nodeReq, nodeRes };\n}\n\n/**\n * Derive the request origin + the markdown deep-link target from the inbound\n * headers. Identical logic for both the Node and web paths so the absolute\n * deep-link URLs in tool results are computed the same way regardless of\n * runtime.\n */\nfunction deriveRequestMeta(event: H3Event): MCPRequestMeta {\n  const forwardedProto = getRequestHeader(event, \"x-forwarded-proto\");\n  const host = getRequestHeader(event, \"host\");\n  const proto =\n    forwardedProto?.split(\",\")[0]?.trim() ||\n    (host && /^(localhost|127\\.0\\.0\\.1)(:|$)/.test(host) ? \"http\" : \"https\");\n  const origin = host ? `${proto}://${host}` : undefined;\n  const targetHeader = getRequestHeader(\n    event,\n    \"x-agent-native-open-target\",\n  )?.toLowerCase();\n  const target =\n    targetHeader === \"desktop\" ||\n    targetHeader === \"terminal\" ||\n    targetHeader === \"browser\"\n      ? (targetHeader as MCPRequestMeta[\"target\"])\n      : undefined;\n  return { origin, target };\n}\n\n/**\n * Reconstruct a Web Standard `Request` for the web-standard MCP transport.\n *\n * On the web runtime h3 v2 exposes the real web `Request` as `event.req`; we\n * prefer it (its `method` / `headers` are exactly what the client sent). But\n * the framework middleware rewrites `event.req.url` when it strips a mount\n * prefix, and the transport reads `req.method` + `req.headers` (never the\n * body — we pass that via `parsedBody`), so we always synthesize a clean\n * `Request` with the verified method + a fresh `Headers` copy. The URL is\n * cosmetic for the SDK (it only does `new URL(req.url)` for `requestInfo`),\n * so a best-effort absolute URL derived from the inbound host is sufficient\n * and never throws.\n */\nfunction buildWebRequest(event: H3Event, method: string): Request {\n  const src = (event as any).req as Request | undefined;\n\n  const headers = new Headers();\n  if (src?.headers && typeof src.headers.forEach === \"function\") {\n    src.headers.forEach((value, key) => headers.set(key, value));\n  } else {\n    const rawHeaders = (event as any).node?.req?.headers as\n      | Record<string, string | string[] | undefined>\n      | undefined;\n    if (rawHeaders) {\n      for (const [key, value] of Object.entries(rawHeaders)) {\n        if (value == null) continue;\n        headers.set(key, Array.isArray(value) ? value.join(\", \") : value);\n      }\n    }\n  }\n\n  // The SDK requires Accept + Content-Type to advertise both JSON and SSE on\n  // a POST. Real MCP clients (Claude Code, `agent-native connect`) always\n  // send these; we never inject/alter them — if they're absent the SDK\n  // returns its spec-mandated 406/415, identical to the Node path.\n\n  const host = headers.get(\"host\") || \"localhost\";\n  const forwardedProto = headers.get(\"x-forwarded-proto\");\n  const proto =\n    forwardedProto?.split(\",\")[0]?.trim() ||\n    (/^(localhost|127\\.0\\.0\\.1)(:|$)/.test(host) ? \"http\" : \"https\");\n  let url = `${proto}://${host}/_agent-native/mcp`;\n  try {\n    if (src?.url) url = new URL(src.url).href;\n  } catch {\n    // keep the synthesized URL\n  }\n\n  // No body here on purpose: the JSON-RPC payload is forwarded via the\n  // transport's `parsedBody` option (the same mechanism the Node transport\n  // uses), so the request stream is never read twice.\n  return new Request(url, { method, headers });\n}\n\n// ---------------------------------------------------------------------------\n// handleMcpRequest — runtime-agnostic MCP request handler\n// ---------------------------------------------------------------------------\n\n/**\n * Handle a single `{routePrefix}/mcp` request on either runtime.\n *\n * - **Node fast-path** (real Node HTTP server): unchanged — delegate to the\n *   SDK's `StreamableHTTPServerTransport.handleRequest(nodeReq, nodeRes,\n *   body)`, which writes directly to the Node response (full protocol incl.\n *   SSE).\n * - **Web-standard fallback** (Nitro 3 / Netlify web runtime, Cloudflare,\n *   Deno, Bun — where there is no Node req/res): build the SAME MCP `Server`\n *   from the SAME config + identity, drive it through the SDK's\n *   `WebStandardStreamableHTTPServerTransport` (which the Node transport is\n *   itself just a thin wrapper around), and return the resulting Web\n *   `Response` as a normal h3 return value.\n *\n * Auth, the `runWithRequestContext` identity wrap, the deep-link `_meta` /\n * markdown append, `requestMeta` origin/target derivation and the stateless\n * semantics are IDENTICAL on both paths because both build the same server\n * via `createMCPServerForRequest` and both transports funnel into the same\n * `WebStandardStreamableHTTPServerTransport.handleRequest(webRequest, {\n * parsedBody })` with the same options.\n *\n * Returns:\n *   - `undefined` when the request targets a sub-route (so management/status\n *     routes mounted under `/_agent-native/mcp/*` handle it themselves) — the\n *     h3 mount falls through to the next handler.\n *   - a Web `Response` (web fallback) or a string/object (Node path /\n *     auth-error path) otherwise. The Node path also sets `_handled` so h3\n *     doesn't double-write.\n */\nexport async function handleMcpRequest(\n  event: H3Event,\n  config: MCPConfig,\n): Promise<Response | string | { error: string } | undefined> {\n  const pathname = event.url?.pathname || \"/\";\n  const subpath = pathname.replace(/^\\/+/, \"\").replace(/\\/+$/, \"\");\n  if (subpath) {\n    // Let management/status routes mounted under /_agent-native/mcp/* handle\n    // their own requests instead of treating them as MCP protocol traffic.\n    return undefined;\n  }\n\n  const method = getMethod(event);\n\n  // Auth check — extracts the caller's identity from the JWT (`sub`), or, on\n  // the static-token / dev-open path, from the forwarded\n  // `X-Agent-Native-Owner-Email` hint the stdio proxy sends (the\n  // `agent-native mcp install` flow). Without this the install flow would run\n  // every tool unscoped (userEmail === undefined).\n  const authHeader = getRequestHeader(event, \"authorization\");\n  const ownerEmailHeader = getRequestHeader(\n    event,\n    \"x-agent-native-owner-email\",\n  );\n  const authResult = await verifyAuth(authHeader, ownerEmailHeader);\n  if (!authResult.authed) {\n    setResponseStatus(event, 401);\n    return { error: \"Unauthorized\" };\n  }\n\n  // Stateless mode: only POST is meaningful\n  if (method === \"DELETE\") {\n    setResponseStatus(event, 204);\n    return \"\";\n  }\n\n  if (method !== \"POST\" && method !== \"GET\") {\n    setResponseStatus(event, 405);\n    return { error: \"Method not allowed\" };\n  }\n\n  // Read body for POST (GET has no body). Read it via the h3 helper exactly\n  // once; both transports accept it as a pre-parsed body so the request\n  // stream is never consumed twice.\n  const body = method === \"POST\" ? await readBody(event) : undefined;\n\n  // Per-request stateless transport + server. Both runtimes build the SAME\n  // server from the SAME config + verified identity + request meta, so\n  // tools/list, tools/call, and the deep-link `_meta` are identical.\n  const requestMeta = deriveRequestMeta(event);\n  const server = await createMCPServerForRequest(\n    config,\n    authResult.identity,\n    requestMeta,\n  );\n\n  const { nodeReq, nodeRes } = getNodeReqRes(event);\n\n  if (nodeReq && nodeRes) {\n    // ---- Node fast-path (UNCHANGED behavior) --------------------------------\n    const { StreamableHTTPServerTransport } =\n      await import(\"@modelcontextprotocol/sdk/server/streamableHttp.js\");\n    const transport = new StreamableHTTPServerTransport({\n      sessionIdGenerator: undefined, // stateless\n    });\n    await server.connect(transport);\n    try {\n      // The SDK transport writes directly to the Node response. Node-only by\n      // construction; we only reach here when real Node req/res exist.\n      await transport.handleRequest(nodeReq, nodeRes, body);\n    } catch (err: any) {\n      // The SDK transport writes directly to the Node response. If the socket\n      // is already closed/ended (client disconnected, or the host stream\n      // layer also flushed), Node throws ERR_STREAM_WRITE_AFTER_END *after*\n      // the MCP payload was already delivered correctly. Swallow that benign\n      // post-flush write so an external agent disconnecting mid-stream can\n      // never take down the server process; rethrow anything else.\n      if (err?.code !== \"ERR_STREAM_WRITE_AFTER_END\") throw err;\n      if (process.env.DEBUG)\n        console.log(\n          \"[mcp] ignored post-flush ERR_STREAM_WRITE_AFTER_END (client disconnected)\",\n        );\n    }\n    // Prevent H3 from double-writing the response\n    (event as any)._handled = true;\n    return undefined;\n  }\n\n  // ---- Web-standard fallback (Nitro 3 / Netlify web runtime, CF, Deno,\n  // Bun) ---------------------------------------------------------------------\n  //\n  // `StreamableHTTPServerTransport` is itself just a thin wrapper that\n  // converts the Node req/res to a web Request/Response and delegates to\n  // `WebStandardStreamableHTTPServerTransport.handleRequest(webRequest, {\n  // parsedBody })`. Using the web transport directly with the SAME options +\n  // the same pre-read `parsedBody` produces byte-identical protocol output\n  // (including the deep-link `_meta` built inside createMCPServerForRequest),\n  // and works on every web runtime because it returns a Web `Response`\n  // (JSON for request/response, or an SSE `ReadableStream` body which h3\n  // streams natively).\n  const { WebStandardStreamableHTTPServerTransport } =\n    await import(\"@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js\");\n  const transport = new WebStandardStreamableHTTPServerTransport({\n    sessionIdGenerator: undefined, // stateless — same as the Node path\n  });\n  await server.connect(transport);\n  const webRequest = buildWebRequest(event, method);\n  // `parsedBody: undefined` would make the SDK try to read `req.json()`; our\n  // synthesized request has no body, so only pass the option for POST (where\n  // we actually have a parsed body). For GET the transport reads no body.\n  const response = await transport.handleRequest(\n    webRequest,\n    method === \"POST\" ? { parsedBody: body } : undefined,\n  );\n  return response;\n}\n\n// ---------------------------------------------------------------------------\n// mountMCP — register MCP Streamable HTTP endpoint on H3/Nitro\n// ---------------------------------------------------------------------------\n\n/**\n * Mount an MCP remote server on an H3/Nitro app.\n *\n * Endpoint: `{routePrefix}/mcp` (default `/_agent-native/mcp`)\n *\n * Uses stateless Streamable HTTP transport — no in-memory sessions,\n * compatible with serverless deployments. Runtime-agnostic: a real Node\n * server uses the SDK's Node transport; the web-standard runtime (Nitro 3 /\n * Netlify web runtime, Cloudflare, Deno, Bun) uses the SDK's web-standard\n * transport. Both build the same server and produce identical JSON-RPC\n * output.\n *\n * Auth: Bearer token matching ACCESS_TOKEN/ACCESS_TOKENS or JWT via A2A_SECRET.\n * No auth required when neither is configured (dev mode).\n */\nexport function mountMCP(\n  nitroApp: any,\n  config: MCPConfig,\n  routePrefix = \"/_agent-native\",\n): void {\n  getH3App(nitroApp).use(\n    `${routePrefix}/mcp`,\n    defineEventHandler(async (event) => {\n      return handleMcpRequest(event as H3Event, config);\n    }),\n  );\n\n  if (process.env.DEBUG)\n    console.log(\n      `[mcp] Mounted MCP server at ${routePrefix}/mcp (${Object.keys(config.actions).length} tools${config.askAgent ? \" + ask-agent\" : \"\"})`,\n    );\n}\n"]}

package/dist/scripts/dev/index.d.ts

@@ -1,15 +1,17 @@
 /**
  * Dev-mode script registry.
  *
- * Provides file system, shell, and database tools for the agent
+ * Provides shared coding and database tools for the agent
  * when running in development mode. These tools should NEVER be
  * registered in production.
  */
 import type { ActionEntry } from "../../agent/production-agent.js";
 /**
- * Creates the dev-mode script registry with file system, shell,
- * and database tools. Call this and merge with your app's registry
+ * Creates the dev-mode script registry with shared bash/read/edit/write
+ * coding tools and database tools. Call this and merge with your app's registry
  * when NODE_ENV !== "production".
  */
-export declare function createDevScriptRegistry(): Promise<Record<string, ActionEntry>>;
+export declare function createDevScriptRegistry(options?: {
+    legacyAliases?: boolean;
+}): Promise<Record<string, ActionEntry>>;
 //# sourceMappingURL=index.d.ts.map

package/dist/scripts/dev/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scripts/dev/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAqDnE;;;;GAIG;AACH,wBAAsB,uBAAuB,IAAI,OAAO,CACtD,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAC5B,CA4LA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scripts/dev/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AAsDnE;;;;GAIG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,GAAE;IAAE,aAAa,CAAC,EAAE,OAAO,CAAA;CAAO,GACxC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CA2MtC"}

package/dist/scripts/dev/index.js

@@ -1,10 +1,11 @@
 /**
  * Dev-mode script registry.
  *
- * Provides file system, shell, and database tools for the agent
+ * Provides shared coding and database tools for the agent
  * when running in development mode. These tools should NEVER be
  * registered in production.
  */
+import { createCodingToolRegistry } from "../../coding-tools/index.js";
 import { tool as readFileTool, run as readFileRun } from "./read-file.js";
 import { tool as writeFileTool, run as writeFileRun } from "./write-file.js";
 import { tool as listFilesTool, run as listFilesRun } from "./list-files.js";
@@ -47,11 +48,11 @@ function wrapCliScript(tool, cliDefault, opts) {
     };
 }
 /**
- * Creates the dev-mode script registry with file system, shell,
- * and database tools. Call this and merge with your app's registry
+ * Creates the dev-mode script registry with shared bash/read/edit/write
+ * coding tools and database tools. Call this and merge with your app's registry
  * when NODE_ENV !== "production".
  */
-export async function createDevScriptRegistry() {
+export async function createDevScriptRegistry(options = {}) {
     // Lazy-import DB scripts to avoid requiring libsql in non-DB apps
     let dbEntries = {};
     try {
@@ -190,16 +191,30 @@ export async function createDevScriptRegistry() {
     catch {
         // DB scripts not available (no libsql) — skip silently
     }
+    const codingEntries = createCodingToolRegistry({
+        cwd: process.cwd(),
+        bashThrowsOnNonZero: true,
+    });
+    const legacyEntries = options.legacyAliases
+        ? {
+            "read-file": { tool: readFileTool, run: readFileRun, readOnly: true },
+            "write-file": { tool: writeFileTool, run: writeFileRun },
+            "list-files": {
+                tool: listFilesTool,
+                run: listFilesRun,
+                readOnly: true,
+            },
+            "search-files": {
+                tool: searchFilesTool,
+                run: searchFilesRun,
+                readOnly: true,
+            },
+            shell: { tool: shellTool, run: shellRun },
+        }
+        : {};
     return {
-        "read-file": { tool: readFileTool, run: readFileRun, readOnly: true },
-        "write-file": { tool: writeFileTool, run: writeFileRun },
-        "list-files": { tool: listFilesTool, run: listFilesRun, readOnly: true },
-        "search-files": {
-            tool: searchFilesTool,
-            run: searchFilesRun,
-            readOnly: true,
-        },
-        shell: { tool: shellTool, run: shellRun },
+        ...codingEntries,
+        ...legacyEntries,
         ...dbEntries,
     };
 }

package/dist/scripts/dev/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scripts/dev/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,GAAG,IAAI,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC1E,OAAO,EAAE,IAAI,IAAI,aAAa,EAAE,GAAG,IAAI,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC7E,OAAO,EAAE,IAAI,IAAI,aAAa,EAAE,GAAG,IAAI,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC7E,OAAO,EACL,IAAI,IAAI,eAAe,EACvB,GAAG,IAAI,cAAc,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,GAAG,IAAI,QAAQ,EAAE,MAAM,YAAY,CAAC;AAEhE;;;GAGG;AACH,SAAS,aAAa,CACpB,IAAgB,EAChB,UAA6C,EAC7C,IAA6B;IAE7B,OAAO;QACL,IAAI;QACJ,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACtD,GAAG,EAAE,KAAK,EAAE,IAA4B,EAAmB,EAAE;YAC3D,MAAM,OAAO,GAAa,EAAE,CAAC;YAC7B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,MAAM,GAAG,GAAG,CAAY,CAAC;gBACzB,MAAM,KAAK,GACT,GAAG,IAAI,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;oBACpC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC;oBACrB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAClB,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;YAChC,CAAC;YAED,6BAA6B;YAC7B,MAAM,IAAI,GAAa,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC;YAC5B,OAAO,CAAC,GAAG,GAAG,CAAC,GAAG,CAAY,EAAE,EAAE;gBAChC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACrC,CAAC,CAAC;YAEF,IAAI,CAAC;gBACH,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACrD,CAAC;oBAAS,CAAC;gBACT,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC;YACxB,CAAC;YAED,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,aAAa,CAAC;QAC1C,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB;IAG3C,kEAAkE;IAClE,IAAI,SAAS,GAAgC,EAAE,CAAC;IAChD,IAAI,CAAC;QACH,yDAAyD;QACzD,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,CAAC,GACxD,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,MAAM,CAAC,iBAAiB,CAAC;YACzB,MAAM,CAAC,gBAAgB,CAAC;YACxB,MAAM,CAAC,eAAe,CAAC;YACvB,MAAM,CAAC,gBAAgB,CAAC;YACxB,MAAM,CAAC,wBAAwB,CAAC;SACjC,CAAC,CAAC;QAEL,SAAS,GAAG;YACV,WAAW,EAAE,aAAa,CACxB;gBACE,WAAW,EACT,4DAA4D;gBAC9D,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,WAAW,EAAE,iDAAiD;4BAC9D,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;yBACvB;qBACF;iBACF;aACF,EACD,QAAQ,CAAC,OAAO,EAChB,EAAE,QAAQ,EAAE,IAAI,EAAE,CACnB;YACD,UAAU,EAAE,aAAa,CACvB;gBACE,WAAW,EACT,oFAAoF;gBACtF,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,GAAG,EAAE;4BACH,IAAI,EAAE,QAAQ;4BACd,WAAW,EAAE,iCAAiC;yBAC/C;wBACD,IAAI,EAAE;4BACJ,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,+GAA+G;yBAClH;wBACD,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,mDAAmD;4BACrD,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;yBACxB;qBACF;oBACD,QAAQ,EAAE,CAAC,KAAK,CAAC;iBAClB;aACF,EACD,OAAO,CAAC,OAAO,EACf,EAAE,QAAQ,EAAE,IAAI,EAAE,CACnB;YACD,SAAS,EAAE,aAAa,CACtB;gBACE,WAAW,EACT,wPAAwP;gBAC1P,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,GAAG,EAAE;4BACH,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,yGAAyG;yBAC5G;wBACD,IAAI,EAAE;4BACJ,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,8FAA8F;yBACjG;wBACD,UAAU,EAAE;4BACV,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,uRAAuR;yBAC1R;wBACD,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,WAAW,EAAE,iDAAiD;4BAC9D,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;yBACvB;qBACF;iBACF;aACF,EACD,MAAM,CAAC,OAAO,CACf;YACD,UAAU,EAAE,aAAa,CACvB;gBACE,WAAW,EACT,meAAme;gBACre,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,KAAK,EAAE;4BACL,IAAI,EAAE,QAAQ;4BACd,WAAW,EAAE,kDAAkD;yBAChE;wBACD,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,wDAAwD;yBAC3D;wBACD,KAAK,EAAE;4BACL,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,qHAAqH;yBACxH;wBACD,IAAI,EAAE;4BACJ,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,uDAAuD;yBAC1D;wBACD,OAAO,EAAE;4BACP,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,yEAAyE;yBAC5E;wBACD,KAAK,EAAE;4BACL,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,iIAAiI;yBACpI;wBACD,GAAG,EAAE;4BACH,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,0FAA0F;4BAC5F,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;yBACxB;wBACD,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,WAAW,EAAE,iDAAiD;4BAC9D,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;yBACvB;qBACF;oBACD,QAAQ,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC;iBACvC;aACF,EACD,OAAO,CAAC,OAAO,CAChB;YACD,kBAAkB,EAAE,aAAa,CAC/B;gBACE,WAAW,EACT,wFAAwF;gBAC1F,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,aAAa,EAAE;4BACb,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,mEAAmE;4BACrE,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;yBACxB;wBACD,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,WAAW,EAAE,iDAAiD;4BAC9D,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;yBACvB;qBACF;iBACF;aACF,EACD,cAAc,CAAC,OAAO,EACtB,EAAE,QAAQ,EAAE,IAAI,EAAE,CACnB;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,uDAAuD;IACzD,CAAC;IAED,OAAO;QACL,WAAW,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE;QACrE,YAAY,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,YAAY,EAAE;QACxD,YAAY,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE;QACxE,cAAc,EAAE;YACd,IAAI,EAAE,eAAe;YACrB,GAAG,EAAE,cAAc;YACnB,QAAQ,EAAE,IAAI;SACf;QACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE;QACzC,GAAG,SAAS;KACb,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Dev-mode script registry.\n *\n * Provides file system, shell, and database tools for the agent\n * when running in development mode. These tools should NEVER be\n * registered in production.\n */\n\nimport type { ActionTool } from \"../../agent/types.js\";\nimport type { ActionEntry } from \"../../agent/production-agent.js\";\nimport { tool as readFileTool, run as readFileRun } from \"./read-file.js\";\nimport { tool as writeFileTool, run as writeFileRun } from \"./write-file.js\";\nimport { tool as listFilesTool, run as listFilesRun } from \"./list-files.js\";\nimport {\n  tool as searchFilesTool,\n  run as searchFilesRun,\n} from \"./search-files.js\";\nimport { tool as shellTool, run as shellRun } from \"./shell.js\";\n\n/**\n * Wraps a core CLI script (that writes to console.log) as a ActionEntry\n * by capturing stdout.\n */\nfunction wrapCliScript(\n  tool: ActionTool,\n  cliDefault: (args: string[]) => Promise<void>,\n  opts?: { readOnly?: boolean },\n): ActionEntry {\n  return {\n    tool,\n    ...(opts?.readOnly ? { readOnly: true as const } : {}),\n    run: async (args: Record<string, string>): Promise<string> => {\n      const cliArgs: string[] = [];\n      for (const [k, v] of Object.entries(args)) {\n        const raw = v as unknown;\n        const value =\n          raw != null && typeof raw === \"object\"\n            ? JSON.stringify(raw)\n            : String(raw);\n        cliArgs.push(`--${k}`, value);\n      }\n\n      // Capture console.log output\n      const logs: string[] = [];\n      const origLog = console.log;\n      console.log = (...a: unknown[]) => {\n        logs.push(a.map(String).join(\" \"));\n      };\n\n      try {\n        await cliDefault(cliArgs);\n      } catch (err: any) {\n        logs.push(`Error: ${err?.message ?? String(err)}`);\n      } finally {\n        console.log = origLog;\n      }\n\n      return logs.join(\"\\n\") || \"(no output)\";\n    },\n  };\n}\n\n/**\n * Creates the dev-mode script registry with file system, shell,\n * and database tools. Call this and merge with your app's registry\n * when NODE_ENV !== \"production\".\n */\nexport async function createDevScriptRegistry(): Promise<\n  Record<string, ActionEntry>\n> {\n  // Lazy-import DB scripts to avoid requiring libsql in non-DB apps\n  let dbEntries: Record<string, ActionEntry> = {};\n  try {\n    // Dynamic imports — these are part of @agent-native/core\n    const [dbSchema, dbQuery, dbExec, dbPatch, dbCheckScoping] =\n      await Promise.all([\n        import(\"../db/schema.js\"),\n        import(\"../db/query.js\"),\n        import(\"../db/exec.js\"),\n        import(\"../db/patch.js\"),\n        import(\"../db/check-scoping.js\"),\n      ]);\n\n    dbEntries = {\n      \"db-schema\": wrapCliScript(\n        {\n          description:\n            \"Show all database tables, columns, types, and foreign keys\",\n          parameters: {\n            type: \"object\",\n            properties: {\n              format: {\n                type: \"string\",\n                description: 'Output format: \"json\" or \"text\" (default: text)',\n                enum: [\"json\", \"text\"],\n              },\n            },\n          },\n        },\n        dbSchema.default,\n        { readOnly: true },\n      ),\n      \"db-query\": wrapCliScript(\n        {\n          description:\n            \"Run a read-only SQL query (SELECT, WITH, EXPLAIN, PRAGMA) against the app database\",\n          parameters: {\n            type: \"object\",\n            properties: {\n              sql: {\n                type: \"string\",\n                description: \"The SQL SELECT query to execute\",\n              },\n              args: {\n                type: \"string\",\n                description:\n                  'Optional JSON array of positional bind args for parameterized placeholders. Example: \\'[\"draft\",\"form-123\"]\\'',\n              },\n              format: {\n                type: \"string\",\n                description:\n                  'Output format: \"json\" or \"table\" (default: table)',\n                enum: [\"json\", \"table\"],\n              },\n            },\n            required: [\"sql\"],\n          },\n        },\n        dbQuery.default,\n        { readOnly: true },\n      ),\n      \"db-exec\": wrapCliScript(\n        {\n          description:\n            \"Execute app-database write SQL (INSERT, UPDATE, DELETE, REPLACE). For multiple related writes, pass `statements` so they run sequentially in one transaction instead of issuing several db-exec calls. Schema changes (CREATE/ALTER/DROP) are blocked.\",\n          parameters: {\n            type: \"object\",\n            properties: {\n              sql: {\n                type: \"string\",\n                description:\n                  \"Single INSERT / UPDATE / DELETE / REPLACE statement. Use parameterized placeholders (?) where possible.\",\n              },\n              args: {\n                type: \"string\",\n                description:\n                  'Optional JSON array of positional bind args for `sql`. Example: \\'[\"published\",\"form-123\"]\\'',\n              },\n              statements: {\n                type: \"string\",\n                description:\n                  'Optional JSON array of write statements to execute in one transaction. Prefer this over multiple db-exec calls. Example: \\'[{\"sql\":\"INSERT INTO notes (id,title) VALUES (?,?)\",\"args\":[\"n1\",\"One\"]},{\"sql\":\"UPDATE counters SET value = value + 1 WHERE key = ?\",\"args\":[\"notes\"]}]\\'',\n              },\n              format: {\n                type: \"string\",\n                description: 'Output format: \"json\" or \"text\" (default: text)',\n                enum: [\"json\", \"text\"],\n              },\n            },\n          },\n        },\n        dbExec.default,\n      ),\n      \"db-patch\": wrapCliScript(\n        {\n          description:\n            \"Surgical search-and-replace on a text column in a SQL table. Prefer over `db-exec UPDATE` for large text fields (documents, slides, dashboards, JSON blobs) where you only need to change a small slice — avoids re-sending the full column value. Targets exactly one row at a time (narrow --where by primary key). If a template-specific action exists for the table (e.g. `edit-document`, `update-slide`), use that instead — it will also push live updates to open collaborative editors.\",\n          parameters: {\n            type: \"object\",\n            properties: {\n              table: {\n                type: \"string\",\n                description: \"Target table name (plain identifier, no quoting)\",\n              },\n              column: {\n                type: \"string\",\n                description:\n                  \"Target text column name (plain identifier, no quoting)\",\n              },\n              where: {\n                type: \"string\",\n                description:\n                  \"SQL WHERE clause that matches exactly one row, e.g. \\\"id = 'abc123'\\\". Must not contain semicolons or DDL keywords.\",\n              },\n              find: {\n                type: \"string\",\n                description:\n                  \"Text to find (single-edit mode). Pair with --replace.\",\n              },\n              replace: {\n                type: \"string\",\n                description:\n                  'Replacement text (single-edit mode). Defaults to \"\" (delete the match).',\n              },\n              edits: {\n                type: \"string\",\n                description:\n                  'Batch mode: JSON array of {find, replace} objects. Example: \\'[{\"find\":\"Q3\",\"replace\":\"Q4\"},{\"find\":\"$1M\",\"replace\":\"$1.2M\"}]\\'',\n              },\n              all: {\n                type: \"string\",\n                description:\n                  'Set to \"true\" to replace every occurrence of each find (default: first occurrence only).',\n                enum: [\"true\", \"false\"],\n              },\n              format: {\n                type: \"string\",\n                description: 'Output format: \"json\" or \"text\" (default: text)',\n                enum: [\"json\", \"text\"],\n              },\n            },\n            required: [\"table\", \"column\", \"where\"],\n          },\n        },\n        dbPatch.default,\n      ),\n      \"db-check-scoping\": wrapCliScript(\n        {\n          description:\n            \"Validate that all template tables have owner_email and org_id columns for data scoping\",\n          parameters: {\n            type: \"object\",\n            properties: {\n              \"require-org\": {\n                type: \"string\",\n                description:\n                  'Set to \"true\" to also require org_id columns (for multi-org apps)',\n                enum: [\"true\", \"false\"],\n              },\n              format: {\n                type: \"string\",\n                description: 'Output format: \"json\" or \"text\" (default: text)',\n                enum: [\"json\", \"text\"],\n              },\n            },\n          },\n        },\n        dbCheckScoping.default,\n        { readOnly: true },\n      ),\n    };\n  } catch {\n    // DB scripts not available (no libsql) — skip silently\n  }\n\n  return {\n    \"read-file\": { tool: readFileTool, run: readFileRun, readOnly: true },\n    \"write-file\": { tool: writeFileTool, run: writeFileRun },\n    \"list-files\": { tool: listFilesTool, run: listFilesRun, readOnly: true },\n    \"search-files\": {\n      tool: searchFilesTool,\n      run: searchFilesRun,\n      readOnly: true,\n    },\n    shell: { tool: shellTool, run: shellRun },\n    ...dbEntries,\n  };\n}\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scripts/dev/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,EAAE,IAAI,IAAI,YAAY,EAAE,GAAG,IAAI,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC1E,OAAO,EAAE,IAAI,IAAI,aAAa,EAAE,GAAG,IAAI,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC7E,OAAO,EAAE,IAAI,IAAI,aAAa,EAAE,GAAG,IAAI,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC7E,OAAO,EACL,IAAI,IAAI,eAAe,EACvB,GAAG,IAAI,cAAc,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,GAAG,IAAI,QAAQ,EAAE,MAAM,YAAY,CAAC;AAEhE;;;GAGG;AACH,SAAS,aAAa,CACpB,IAAgB,EAChB,UAA6C,EAC7C,IAA6B;IAE7B,OAAO;QACL,IAAI;QACJ,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACtD,GAAG,EAAE,KAAK,EAAE,IAA4B,EAAmB,EAAE;YAC3D,MAAM,OAAO,GAAa,EAAE,CAAC;YAC7B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,MAAM,GAAG,GAAG,CAAY,CAAC;gBACzB,MAAM,KAAK,GACT,GAAG,IAAI,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;oBACpC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC;oBACrB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAClB,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;YAChC,CAAC;YAED,6BAA6B;YAC7B,MAAM,IAAI,GAAa,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC;YAC5B,OAAO,CAAC,GAAG,GAAG,CAAC,GAAG,CAAY,EAAE,EAAE;gBAChC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACrC,CAAC,CAAC;YAEF,IAAI,CAAC;gBACH,MAAM,UAAU,CAAC,OAAO,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACrD,CAAC;oBAAS,CAAC;gBACT,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC;YACxB,CAAC;YAED,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,aAAa,CAAC;QAC1C,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,UAAuC,EAAE;IAEzC,kEAAkE;IAClE,IAAI,SAAS,GAAgC,EAAE,CAAC;IAChD,IAAI,CAAC;QACH,yDAAyD;QACzD,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,CAAC,GACxD,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,MAAM,CAAC,iBAAiB,CAAC;YACzB,MAAM,CAAC,gBAAgB,CAAC;YACxB,MAAM,CAAC,eAAe,CAAC;YACvB,MAAM,CAAC,gBAAgB,CAAC;YACxB,MAAM,CAAC,wBAAwB,CAAC;SACjC,CAAC,CAAC;QAEL,SAAS,GAAG;YACV,WAAW,EAAE,aAAa,CACxB;gBACE,WAAW,EACT,4DAA4D;gBAC9D,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,WAAW,EAAE,iDAAiD;4BAC9D,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;yBACvB;qBACF;iBACF;aACF,EACD,QAAQ,CAAC,OAAO,EAChB,EAAE,QAAQ,EAAE,IAAI,EAAE,CACnB;YACD,UAAU,EAAE,aAAa,CACvB;gBACE,WAAW,EACT,oFAAoF;gBACtF,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,GAAG,EAAE;4BACH,IAAI,EAAE,QAAQ;4BACd,WAAW,EAAE,iCAAiC;yBAC/C;wBACD,IAAI,EAAE;4BACJ,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,+GAA+G;yBAClH;wBACD,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,mDAAmD;4BACrD,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;yBACxB;qBACF;oBACD,QAAQ,EAAE,CAAC,KAAK,CAAC;iBAClB;aACF,EACD,OAAO,CAAC,OAAO,EACf,EAAE,QAAQ,EAAE,IAAI,EAAE,CACnB;YACD,SAAS,EAAE,aAAa,CACtB;gBACE,WAAW,EACT,wPAAwP;gBAC1P,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,GAAG,EAAE;4BACH,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,yGAAyG;yBAC5G;wBACD,IAAI,EAAE;4BACJ,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,8FAA8F;yBACjG;wBACD,UAAU,EAAE;4BACV,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,uRAAuR;yBAC1R;wBACD,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,WAAW,EAAE,iDAAiD;4BAC9D,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;yBACvB;qBACF;iBACF;aACF,EACD,MAAM,CAAC,OAAO,CACf;YACD,UAAU,EAAE,aAAa,CACvB;gBACE,WAAW,EACT,meAAme;gBACre,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,KAAK,EAAE;4BACL,IAAI,EAAE,QAAQ;4BACd,WAAW,EAAE,kDAAkD;yBAChE;wBACD,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,wDAAwD;yBAC3D;wBACD,KAAK,EAAE;4BACL,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,qHAAqH;yBACxH;wBACD,IAAI,EAAE;4BACJ,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,uDAAuD;yBAC1D;wBACD,OAAO,EAAE;4BACP,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,yEAAyE;yBAC5E;wBACD,KAAK,EAAE;4BACL,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,iIAAiI;yBACpI;wBACD,GAAG,EAAE;4BACH,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,0FAA0F;4BAC5F,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;yBACxB;wBACD,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,WAAW,EAAE,iDAAiD;4BAC9D,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;yBACvB;qBACF;oBACD,QAAQ,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC;iBACvC;aACF,EACD,OAAO,CAAC,OAAO,CAChB;YACD,kBAAkB,EAAE,aAAa,CAC/B;gBACE,WAAW,EACT,wFAAwF;gBAC1F,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,aAAa,EAAE;4BACb,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,mEAAmE;4BACrE,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;yBACxB;wBACD,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,WAAW,EAAE,iDAAiD;4BAC9D,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;yBACvB;qBACF;iBACF;aACF,EACD,cAAc,CAAC,OAAO,EACtB,EAAE,QAAQ,EAAE,IAAI,EAAE,CACnB;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,uDAAuD;IACzD,CAAC;IAED,MAAM,aAAa,GAAG,wBAAwB,CAAC;QAC7C,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;QAClB,mBAAmB,EAAE,IAAI;KAC1B,CAAC,CAAC;IACH,MAAM,aAAa,GAAgC,OAAO,CAAC,aAAa;QACtE,CAAC,CAAC;YACE,WAAW,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE;YACrE,YAAY,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,YAAY,EAAE;YACxD,YAAY,EAAE;gBACZ,IAAI,EAAE,aAAa;gBACnB,GAAG,EAAE,YAAY;gBACjB,QAAQ,EAAE,IAAI;aACf;YACD,cAAc,EAAE;gBACd,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,cAAc;gBACnB,QAAQ,EAAE,IAAI;aACf;YACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE;SAC1C;QACH,CAAC,CAAC,EAAE,CAAC;IAEP,OAAO;QACL,GAAG,aAAa;QAChB,GAAG,aAAa;QAChB,GAAG,SAAS;KACb,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Dev-mode script registry.\n *\n * Provides shared coding and database tools for the agent\n * when running in development mode. These tools should NEVER be\n * registered in production.\n */\n\nimport type { ActionTool } from \"../../agent/types.js\";\nimport type { ActionEntry } from \"../../agent/production-agent.js\";\nimport { createCodingToolRegistry } from \"../../coding-tools/index.js\";\nimport { tool as readFileTool, run as readFileRun } from \"./read-file.js\";\nimport { tool as writeFileTool, run as writeFileRun } from \"./write-file.js\";\nimport { tool as listFilesTool, run as listFilesRun } from \"./list-files.js\";\nimport {\n  tool as searchFilesTool,\n  run as searchFilesRun,\n} from \"./search-files.js\";\nimport { tool as shellTool, run as shellRun } from \"./shell.js\";\n\n/**\n * Wraps a core CLI script (that writes to console.log) as a ActionEntry\n * by capturing stdout.\n */\nfunction wrapCliScript(\n  tool: ActionTool,\n  cliDefault: (args: string[]) => Promise<void>,\n  opts?: { readOnly?: boolean },\n): ActionEntry {\n  return {\n    tool,\n    ...(opts?.readOnly ? { readOnly: true as const } : {}),\n    run: async (args: Record<string, string>): Promise<string> => {\n      const cliArgs: string[] = [];\n      for (const [k, v] of Object.entries(args)) {\n        const raw = v as unknown;\n        const value =\n          raw != null && typeof raw === \"object\"\n            ? JSON.stringify(raw)\n            : String(raw);\n        cliArgs.push(`--${k}`, value);\n      }\n\n      // Capture console.log output\n      const logs: string[] = [];\n      const origLog = console.log;\n      console.log = (...a: unknown[]) => {\n        logs.push(a.map(String).join(\" \"));\n      };\n\n      try {\n        await cliDefault(cliArgs);\n      } catch (err: any) {\n        logs.push(`Error: ${err?.message ?? String(err)}`);\n      } finally {\n        console.log = origLog;\n      }\n\n      return logs.join(\"\\n\") || \"(no output)\";\n    },\n  };\n}\n\n/**\n * Creates the dev-mode script registry with shared bash/read/edit/write\n * coding tools and database tools. Call this and merge with your app's registry\n * when NODE_ENV !== \"production\".\n */\nexport async function createDevScriptRegistry(\n  options: { legacyAliases?: boolean } = {},\n): Promise<Record<string, ActionEntry>> {\n  // Lazy-import DB scripts to avoid requiring libsql in non-DB apps\n  let dbEntries: Record<string, ActionEntry> = {};\n  try {\n    // Dynamic imports — these are part of @agent-native/core\n    const [dbSchema, dbQuery, dbExec, dbPatch, dbCheckScoping] =\n      await Promise.all([\n        import(\"../db/schema.js\"),\n        import(\"../db/query.js\"),\n        import(\"../db/exec.js\"),\n        import(\"../db/patch.js\"),\n        import(\"../db/check-scoping.js\"),\n      ]);\n\n    dbEntries = {\n      \"db-schema\": wrapCliScript(\n        {\n          description:\n            \"Show all database tables, columns, types, and foreign keys\",\n          parameters: {\n            type: \"object\",\n            properties: {\n              format: {\n                type: \"string\",\n                description: 'Output format: \"json\" or \"text\" (default: text)',\n                enum: [\"json\", \"text\"],\n              },\n            },\n          },\n        },\n        dbSchema.default,\n        { readOnly: true },\n      ),\n      \"db-query\": wrapCliScript(\n        {\n          description:\n            \"Run a read-only SQL query (SELECT, WITH, EXPLAIN, PRAGMA) against the app database\",\n          parameters: {\n            type: \"object\",\n            properties: {\n              sql: {\n                type: \"string\",\n                description: \"The SQL SELECT query to execute\",\n              },\n              args: {\n                type: \"string\",\n                description:\n                  'Optional JSON array of positional bind args for parameterized placeholders. Example: \\'[\"draft\",\"form-123\"]\\'',\n              },\n              format: {\n                type: \"string\",\n                description:\n                  'Output format: \"json\" or \"table\" (default: table)',\n                enum: [\"json\", \"table\"],\n              },\n            },\n            required: [\"sql\"],\n          },\n        },\n        dbQuery.default,\n        { readOnly: true },\n      ),\n      \"db-exec\": wrapCliScript(\n        {\n          description:\n            \"Execute app-database write SQL (INSERT, UPDATE, DELETE, REPLACE). For multiple related writes, pass `statements` so they run sequentially in one transaction instead of issuing several db-exec calls. Schema changes (CREATE/ALTER/DROP) are blocked.\",\n          parameters: {\n            type: \"object\",\n            properties: {\n              sql: {\n                type: \"string\",\n                description:\n                  \"Single INSERT / UPDATE / DELETE / REPLACE statement. Use parameterized placeholders (?) where possible.\",\n              },\n              args: {\n                type: \"string\",\n                description:\n                  'Optional JSON array of positional bind args for `sql`. Example: \\'[\"published\",\"form-123\"]\\'',\n              },\n              statements: {\n                type: \"string\",\n                description:\n                  'Optional JSON array of write statements to execute in one transaction. Prefer this over multiple db-exec calls. Example: \\'[{\"sql\":\"INSERT INTO notes (id,title) VALUES (?,?)\",\"args\":[\"n1\",\"One\"]},{\"sql\":\"UPDATE counters SET value = value + 1 WHERE key = ?\",\"args\":[\"notes\"]}]\\'',\n              },\n              format: {\n                type: \"string\",\n                description: 'Output format: \"json\" or \"text\" (default: text)',\n                enum: [\"json\", \"text\"],\n              },\n            },\n          },\n        },\n        dbExec.default,\n      ),\n      \"db-patch\": wrapCliScript(\n        {\n          description:\n            \"Surgical search-and-replace on a text column in a SQL table. Prefer over `db-exec UPDATE` for large text fields (documents, slides, dashboards, JSON blobs) where you only need to change a small slice — avoids re-sending the full column value. Targets exactly one row at a time (narrow --where by primary key). If a template-specific action exists for the table (e.g. `edit-document`, `update-slide`), use that instead — it will also push live updates to open collaborative editors.\",\n          parameters: {\n            type: \"object\",\n            properties: {\n              table: {\n                type: \"string\",\n                description: \"Target table name (plain identifier, no quoting)\",\n              },\n              column: {\n                type: \"string\",\n                description:\n                  \"Target text column name (plain identifier, no quoting)\",\n              },\n              where: {\n                type: \"string\",\n                description:\n                  \"SQL WHERE clause that matches exactly one row, e.g. \\\"id = 'abc123'\\\". Must not contain semicolons or DDL keywords.\",\n              },\n              find: {\n                type: \"string\",\n                description:\n                  \"Text to find (single-edit mode). Pair with --replace.\",\n              },\n              replace: {\n                type: \"string\",\n                description:\n                  'Replacement text (single-edit mode). Defaults to \"\" (delete the match).',\n              },\n              edits: {\n                type: \"string\",\n                description:\n                  'Batch mode: JSON array of {find, replace} objects. Example: \\'[{\"find\":\"Q3\",\"replace\":\"Q4\"},{\"find\":\"$1M\",\"replace\":\"$1.2M\"}]\\'',\n              },\n              all: {\n                type: \"string\",\n                description:\n                  'Set to \"true\" to replace every occurrence of each find (default: first occurrence only).',\n                enum: [\"true\", \"false\"],\n              },\n              format: {\n                type: \"string\",\n                description: 'Output format: \"json\" or \"text\" (default: text)',\n                enum: [\"json\", \"text\"],\n              },\n            },\n            required: [\"table\", \"column\", \"where\"],\n          },\n        },\n        dbPatch.default,\n      ),\n      \"db-check-scoping\": wrapCliScript(\n        {\n          description:\n            \"Validate that all template tables have owner_email and org_id columns for data scoping\",\n          parameters: {\n            type: \"object\",\n            properties: {\n              \"require-org\": {\n                type: \"string\",\n                description:\n                  'Set to \"true\" to also require org_id columns (for multi-org apps)',\n                enum: [\"true\", \"false\"],\n              },\n              format: {\n                type: \"string\",\n                description: 'Output format: \"json\" or \"text\" (default: text)',\n                enum: [\"json\", \"text\"],\n              },\n            },\n          },\n        },\n        dbCheckScoping.default,\n        { readOnly: true },\n      ),\n    };\n  } catch {\n    // DB scripts not available (no libsql) — skip silently\n  }\n\n  const codingEntries = createCodingToolRegistry({\n    cwd: process.cwd(),\n    bashThrowsOnNonZero: true,\n  });\n  const legacyEntries: Record<string, ActionEntry> = options.legacyAliases\n    ? {\n        \"read-file\": { tool: readFileTool, run: readFileRun, readOnly: true },\n        \"write-file\": { tool: writeFileTool, run: writeFileRun },\n        \"list-files\": {\n          tool: listFilesTool,\n          run: listFilesRun,\n          readOnly: true,\n        },\n        \"search-files\": {\n          tool: searchFilesTool,\n          run: searchFilesRun,\n          readOnly: true,\n        },\n        shell: { tool: shellTool, run: shellRun },\n      }\n    : {};\n\n  return {\n    ...codingEntries,\n    ...legacyEntries,\n    ...dbEntries,\n  };\n}\n"]}

package/dist/server/agent-chat-plugin.d.ts

@@ -128,10 +128,10 @@ export interface AgentChatPluginOptions {
      *
      * When set, the same lean prompt is used in both dev and prod modes. In
      * dev mode the tool registry is ALSO swapped to the template's actions
-     * (same set as prod) — the dev-only shell/db-exec/file-system tools
+     * (same set as prod) — the dev-only bash/db-exec/file-system tools
      * and the resource/docs/chat/team/job/browser scripts are dropped. The
-     * lean system prompt has no shell-usage guidance, so routing actions
-     * through shell would break. If you need the full dev tool surface,
+     * lean system prompt has no bash-usage guidance, so routing actions
+     * through bash would break. If you need the full dev tool surface,
      * leave this off.
      */
     leanPrompt?: boolean;
@@ -153,7 +153,7 @@ export interface AgentChatPluginOptions {
     /**
      * In dev mode, register the template's actions as native tools the agent
      * can call directly with structured JSON args — skipping the default
-     * `shell(command="pnpm action <name> ...")` indirection.
+     * `bash(command="pnpm action <name> ...")` indirection.
      *
      * The default dev behavior shells out because it "mirrors how Claude Code
      * works locally" and reduces empty-object tool calls for templates with
@@ -163,7 +163,7 @@ export interface AgentChatPluginOptions {
      * on the way out.
      *
      * Set to `true` to get the same tool surface in dev that production uses.
-     * `leanPrompt: true` implies this already (lean mode has no shell-usage
+     * `leanPrompt: true` implies this already (lean mode has no bash-usage
      * guidance, so actions must be native). Set this flag without
      * `leanPrompt` when you want native actions AND the full system prompt.
      *
@@ -210,7 +210,7 @@ export declare function loadResourcesForPrompt(owner: string, compact?: boolean,
 export declare function createAgentChatPlugin(options?: AgentChatPluginOptions): NitroPluginDef;
 /**
  * Default agent chat plugin with no template-specific actions.
- * In dev mode, provides file system, shell, and database tools.
+ * In dev mode, provides file system, bash, and database tools.
  * In production, provides only the default system prompt.
  */
 export declare const defaultAgentChatPlugin: NitroPluginDef;