@agent-native/core 0.21.0 → 0.22.1

package/dist/extensions/store.js

@@ -9,6 +9,7 @@ import { getRequestUserEmail, getRequestOrgId, } from "../server/request-context
 import { registerShareableResource } from "../sharing/registry.js";
 import { extensions, extensionHides, extensionShares, EXTENSIONS_CREATE_SQL, EXTENSIONS_CREATE_SQL_PG, EXTENSION_SHARES_CREATE_SQL, EXTENSION_SHARES_CREATE_SQL_PG, EXTENSION_DATA_CREATE_SQL, EXTENSION_DATA_CREATE_SQL_PG, EXTENSION_DATA_ITEM_INDEX_SQL, EXTENSION_DATA_ITEM_INDEX_SQL_PG, EXTENSION_DATA_DROP_OLD_INDEX_SQL, EXTENSION_DATA_DROP_OLD_INDEX_SQL_PG, EXTENSIONS_OWNER_INDEX_SQL, EXTENSIONS_ORG_INDEX_SQL, EXTENSIONS_UPDATED_INDEX_SQL, EXTENSION_SHARES_RESOURCE_INDEX_SQL, EXTENSION_HIDES_CREATE_SQL, EXTENSION_HIDES_CREATE_SQL_PG, EXTENSION_HIDES_UNIQUE_INDEX_SQL, EXTENSION_HIDES_OWNER_INDEX_SQL, EXTENSION_CONSENTS_CREATE_SQL, EXTENSION_CONSENTS_CREATE_SQL_PG, EXTENSION_CONSENTS_VIEWER_INDEX_SQL, } from "./schema.js";
 import { EXTENSION_CHANGE_MARKER_KEY, extensionChangeMarkerSession, extensionChangeMarkerValue, } from "./change-marker.js";
+import { applyExtensionContentUpdate, } from "./content-patch.js";
 const getDb = createGetDb({ extensions, extensionShares, extensionHides });
 let _initPromise;
 export async function ensureExtensionsTables() {
@@ -295,29 +296,24 @@ export async function updateExtensionContent(id, opts) {
     await ensureExtensionsTables();
     await assertAccess("extension", id, "editor");
     const db = getDb();
-    let newContent;
-    if (opts.content !== undefined) {
-        newContent = opts.content;
-    }
-    else if (opts.patches) {
-        const rows = await db
-            .select()
-            .from(extensions)
-            .where(eq(extensions.id, id));
-        if (!rows[0])
-            return null;
-        newContent = rows[0].content;
-        for (const patch of opts.patches) {
-            newContent = newContent.replace(patch.find, patch.replace);
-        }
-    }
-    else {
+    if (opts.content === undefined &&
+        opts.patches === undefined &&
+        opts.edits === undefined &&
+        !opts.format) {
         return null;
     }
+    const existingRows = await db
+        .select()
+        .from(extensions)
+        .where(eq(extensions.id, id));
+    if (!existingRows[0])
+        return null;
+    const existingContent = existingRows[0].content;
+    const update = await applyExtensionContentUpdate(existingContent, opts);
     const beforeTargets = await extensionChangeTargetsForId(id);
     await db
         .update(extensions)
-        .set({ content: newContent, updatedAt: new Date().toISOString() })
+        .set({ content: update.content, updatedAt: new Date().toISOString() })
         .where(eq(extensions.id, id));
     const rows = await db.select().from(extensions).where(eq(extensions.id, id));
     const row = rows[0] ?? null;

package/dist/extensions/store.js.map

@@ -1 +1 @@
-{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/extensions/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,cAAc,GACf,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,mBAAmB,EACnB,eAAe,GAChB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACnE,OAAO,EACL,UAAU,EACV,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,wBAAwB,EACxB,2BAA2B,EAC3B,8BAA8B,EAC9B,yBAAyB,EACzB,4BAA4B,EAC5B,6BAA6B,EAC7B,gCAAgC,EAChC,iCAAiC,EACjC,oCAAoC,EACpC,0BAA0B,EAC1B,wBAAwB,EACxB,4BAA4B,EAC5B,mCAAmC,EACnC,0BAA0B,EAC1B,6BAA6B,EAC7B,gCAAgC,EAChC,+BAA+B,EAC/B,6BAA6B,EAC7B,gCAAgC,EAChC,mCAAmC,GACpC,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,0BAA0B,GAE3B,MAAM,oBAAoB,CAAC;AAE5B,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,UAAU,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC;AAE3E,IAAI,YAAuC,CAAC;AAE5C,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;YACxB,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,qBAAqB,CAAC,CACtE,CAAC;YACF,MAAM,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YACjD,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,8BAA8B,CAAC,CAAC,CAAC,2BAA2B,CAClE,CACF,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,yBAAyB,CAC9D,CACF,CAAC;YACF,MAAM,yBAAyB,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,wBAAwB,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC3C,MAAM,MAAM,CAAC,OAAO,CAClB,EAAE;gBACA,CAAC,CAAC,oCAAoC;gBACtC,CAAC,CAAC,iCAAiC,CACtC,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,6BAA6B,CACtE,CACF,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC,CAAC;YACvE,MAAM,cAAc,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC,CAAC;YACrE,MAAM,cAAc,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC,CAAC;YACzE,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,mCAAmC,CAAC,CACpD,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,6BAA6B,CAAC,CAAC,CAAC,0BAA0B,CAChE,CACF,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,gCAAgC,CAAC,CACjD,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,+BAA+B,CAAC,CAChD,CAAC;YACF,kEAAkE;YAClE,iEAAiE;YACjE,iEAAiE;YACjE,iEAAiE;YACjE,8DAA8D;YAC9D,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,6BAA6B,CACtE,CACF,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,mCAAmC,CAAC,CACpD,CAAC;QACJ,CAAC,CAAC,EAAE,CAAC;IACP,CAAC;IAED,IAAI,CAAC;QACH,MAAM,YAAY,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,YAAY,GAAG,SAAS,CAAC;QACzB,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,8BAA8B,CAC3C,MAAoC,EACpC,EAAW;IAEX,MAAM,GAAG,GAAG,EAAE;QACZ,CAAC,CAAC;;;mCAG6B;QAC/B,CAAC,CAAC;;uBAEiB,CAAC;IAEtB,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1D,IACE,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC;YAC7C,OAAO,CAAC,QAAQ,CAAC,sCAAsC,CAAC;YACxD,OAAO,CAAC,QAAQ,CAAC,oCAAoC,CAAC,EACtD,CAAC;YACD,OAAO;QACT,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,yBAAyB,CACtC,MAAoC,EACpC,EAAW;IAEX,IAAI,EAAE,EAAE,CAAC;QACP,MAAM,MAAM,CAAC,OAAO,CAClB,6DAA6D,CAC9D,CAAC;QACF,OAAO;IACT,CAAC;IAED,2EAA2E;IAC3E,6EAA6E;IAC7E,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;IACxE,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,IACE,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC;aACzB,WAAW,EAAE;aACb,QAAQ,CAAC,WAAW,CAAC,EACxB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,MAAoC,EACpC,EAAW;IAEX,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,GAAW,EAAE,EAAE;QAC3C,IAAI,EAAE,EAAE,CAAC;YACP,OAAO,MAAM,CAAC,OAAO,CACnB,kDAAkD,IAAI,IAAI,GAAG,EAAE,CAChE,CAAC;QACJ,CAAC;QACD,OAAO,MAAM;aACV,OAAO,CAAC,oCAAoC,IAAI,IAAI,GAAG,EAAE,CAAC;aAC1D,KAAK,CAAC,CAAC,GAAQ,EAAE,EAAE;YAClB,IACE,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC;iBACzB,WAAW,EAAE;iBACb,QAAQ,CAAC,WAAW,CAAC;gBAExB,MAAM,GAAG,CAAC;QACd,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;IACF,MAAM,MAAM,CAAC,OAAO,EAAE,8BAA8B,CAAC,CAAC;IACtD,MAAM,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,MAAM,CAAC,WAAW,EAAE,yCAAyC,CAAC,CAAC;IACrE,uEAAuE;IACvE,gEAAgE;IAChE,MAAM,MAAM,CAAC,OAAO;IAClB,oIAAoI;IACpI,uHAAuH,CACxH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,2BAA2B;IACzC,yBAAyB,CAAC;QACxB,IAAI,EAAE,WAAW;QACjB,aAAa,EAAE,UAAU;QACzB,WAAW,EAAE,eAAe;QAC5B,WAAW,EAAE,WAAW;QACxB,WAAW,EAAE,MAAM;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE;QACpB,yEAAyE;QACzE,0EAA0E;QAC1E,yEAAyE;QACzE,uEAAuE;QACvE,uEAAuE;QACvE,0BAA0B;QAC1B,WAAW,EAAE,KAAK;QAClB,6BAA6B,EAAE,IAAI;KACpC,CAAC,CAAC;AACL,CAAC;AAeD,SAAS,SAAS,CAAC,MAA6B;IAC9C,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,SAAS,MAAM,CAAC,KAAK,EAAE,CAAC;IACjD,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,OAAO,MAAM,CAAC,KAAK,EAAE,CAAC;IAC/C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,wBAAwB,CAC/B,OAA2C,EAC3C,MAA6B;IAE7B,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC9B,IAAI,GAAG;QAAE,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,KAAK,UAAU,4BAA4B,CACzC,GAAiB;IAEjB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiC,CAAC;IACzD,wBAAwB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;IAC7D,IAAI,GAAG,CAAC,UAAU,KAAK,KAAK,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QAC1C,wBAAwB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,MAAM,GAAG,CAAC,MAAM,EAAE;SACrB,MAAM,CAAC;QACN,aAAa,EAAE,eAAe,CAAC,aAAa;QAC5C,WAAW,EAAE,eAAe,CAAC,WAAW;KACzC,CAAC;SACD,IAAI,CAAC,eAAe,CAAC;SACrB,KAAK,CAAC,EAAE,CAAC,eAAe,CAAC,UAAU,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAG9C,CAAC;IAEH,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,KAAK,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;YACnC,wBAAwB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,KAAK,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACzC,wBAAwB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AACtC,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,EAAU;IAEV,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAA6B,CAAC;IAChD,OAAO,GAAG,CAAC,CAAC,CAAC,4BAA4B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACtD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,EAAU;IAEV,MAAM,sBAAsB,EAAE,CAAC;IAC/B,OAAO,2BAA2B,CAAC,EAAE,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,4BAA4B,CACnC,OAAgC;IAEhC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAiC,CAAC;IACxD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9B,IAAI,GAAG;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,OAAgC;IAEhC,MAAM,aAAa,GAAG,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAC5D,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAEvC,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;QACnC,YAAY,CAAC;YACX,MAAM,EAAE,YAAY;YACpB,IAAI,EAAE,QAAQ;YACd,GAAG,EAAE,GAAG;YACR,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,CAAC,GAAG,CACf,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACjC,MAAM,SAAS,GAAG,4BAA4B,CAAC,MAAM,CAAC,CAAC;QACvD,IAAI,CAAC,SAAS;YAAE,OAAO;QACvB,MAAM,WAAW,CACf,SAAS,EACT,2BAA2B,EAC3B,0BAA0B,CAAC,MAAM,CAAC,CACnC,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,EAAU,EACV,gBAAyC,EAAE;IAE3C,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,sBAAsB,CAAC;QAC3B,GAAG,aAAa;QAChB,GAAG,CAAC,MAAM,2BAA2B,CAAC,EAAE,CAAC,CAAC;KAC3C,CAAC,CAAC;AACL,CAAC;AAMD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,UAAiC,EAAE;IAEnC,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE;SACnB,MAAM,EAAE;SACR,IAAI,CAAC,UAAU,CAAC;SAChB,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC,CAAmB,CAAC;IAEvE,IAAI,OAAO,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IAEvC,MAAM,SAAS,GAAG,MAAM,mCAAmC,EAAE,CAAC;IAC9D,IAAI,SAAS,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EAAU;IAC3C,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACpD,OAAQ,MAAM,EAAE,QAAqC,IAAI,IAAI,CAAC;AAChE,CAAC;AASD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAyB;IAEzB,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACzD,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAChC,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,GAAG,GAAiB;QACxB,EAAE;QACF,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,EAAE;QACnC,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE;QAC3B,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI;QACvB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG;QACd,UAAU,EAAE,SAAS;QACrB,KAAK,EAAE,KAAK,IAAI,IAAI;QACpB,UAAU,EAAE,SAAS;KACtB,CAAC;IACF,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,sBAAsB,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC1D,OAAO,GAAG,CAAC;AACb,CAAC;AAcD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,EAAU,EACV,IAAyB;IAEzB,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC9C,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACjC,wDAAwD;QACxD,qEAAqE;QACrE,uEAAuE;QACvE,0DAA0D;QAC1D,MAAM,IAAI,cAAc,CACtB,6FAA6F,CAC9F,CAAC;IACJ,CAAC;IACD,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,aAAa,GAAG,MAAM,2BAA2B,CAAC,EAAE,CAAC,CAAC;IAC5D,MAAM,OAAO,GAA4B;QACvC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IACF,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS;QAAE,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IAC3E,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS;QAAE,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACxE,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IACtE,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAI,IAAI,CAAC,CAAC,CAAkB,IAAI,IAAI,CAAC;IAC9C,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,sBAAsB,CAAC;YAC3B,GAAG,aAAa;YAChB,GAAG,CAAC,MAAM,4BAA4B,CAAC,GAAG,CAAC,CAAC;SAC7C,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAOD,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,EAAU,EACV,IAAgC;IAEhC,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IAEnB,IAAI,UAAkB,CAAC;IACvB,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC/B,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC;IAC5B,CAAC;SAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,MAAM,EAAE;aAClB,MAAM,EAAE;aACR,IAAI,CAAC,UAAU,CAAC;aAChB,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1B,UAAU,GAAI,IAAI,CAAC,CAAC,CAAkB,CAAC,OAAO,CAAC;QAC/C,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,2BAA2B,CAAC,EAAE,CAAC,CAAC;IAC5D,MAAM,EAAE;SACL,MAAM,CAAC,UAAU,CAAC;SAClB,GAAG,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;SACjE,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAI,IAAI,CAAC,CAAC,CAAkB,IAAI,IAAI,CAAC;IAC9C,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,sBAAsB,CAAC;YAC3B,GAAG,aAAa;YAChB,GAAG,CAAC,MAAM,4BAA4B,CAAC,GAAG,CAAC,CAAC;SAC7C,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,EAAU;IAC9C,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAA6B,CAAC;IAChD,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,MAAM,OAAO,GAAG,MAAM,4BAA4B,CAAC,GAAG,CAAC,CAAC;IACxD,MAAM,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,eAAe,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC;IAC3E,MAAM,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1E,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EAAE,yCAAyC;QAC9C,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,MAAM,EAAE,2BAA2B,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACzE,MAAM,2BAA2B,CAAC,EAAE,CAAC,CAAC;IACtC,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IACzD,MAAM,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACtC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mCAAmC;IAGvD,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,GAAG,EAAE,CAAC;IAEjC,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,IAAI,GAAG,MAAM,EAAE;SAClB,MAAM,CAAC,EAAE,WAAW,EAAE,cAAc,CAAC,WAAW,EAAE,CAAC;SACnD,IAAI,CAAC,cAAc,CAAC;SACpB,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;IACnD,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAAU;IAC5C,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAEzD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EAAE;;oDAE2C;QAChD,IAAI,EAAE,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,CAAC;KACzC,CAAC,CAAC;IACH,MAAM,sBAAsB,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IACrD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,EAAU;IAC9C,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAEzD,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EAAE,0EAA0E;QAC/E,IAAI,EAAE,CAAC,EAAE,EAAE,SAAS,CAAC;KACtB,CAAC,CAAC;IACH,MAAM,sBAAsB,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IACrD,OAAO,IAAI,CAAC;AACd,CAAC","sourcesContent":["import { randomUUID } from \"node:crypto\";\nimport { eq } from \"drizzle-orm\";\nimport { appStatePut } from \"../application-state/store.js\";\nimport { getDbExec, isPostgres, retryOnDdlRace } from \"../db/client.js\";\nimport { createGetDb } from \"../db/create-get-db.js\";\nimport { recordChange } from \"../server/poll.js\";\nimport {\n  accessFilter,\n  assertAccess,\n  resolveAccess,\n  ForbiddenError,\n} from \"../sharing/access.js\";\nimport {\n  getRequestUserEmail,\n  getRequestOrgId,\n} from \"../server/request-context.js\";\nimport { registerShareableResource } from \"../sharing/registry.js\";\nimport {\n  extensions,\n  extensionHides,\n  extensionShares,\n  EXTENSIONS_CREATE_SQL,\n  EXTENSIONS_CREATE_SQL_PG,\n  EXTENSION_SHARES_CREATE_SQL,\n  EXTENSION_SHARES_CREATE_SQL_PG,\n  EXTENSION_DATA_CREATE_SQL,\n  EXTENSION_DATA_CREATE_SQL_PG,\n  EXTENSION_DATA_ITEM_INDEX_SQL,\n  EXTENSION_DATA_ITEM_INDEX_SQL_PG,\n  EXTENSION_DATA_DROP_OLD_INDEX_SQL,\n  EXTENSION_DATA_DROP_OLD_INDEX_SQL_PG,\n  EXTENSIONS_OWNER_INDEX_SQL,\n  EXTENSIONS_ORG_INDEX_SQL,\n  EXTENSIONS_UPDATED_INDEX_SQL,\n  EXTENSION_SHARES_RESOURCE_INDEX_SQL,\n  EXTENSION_HIDES_CREATE_SQL,\n  EXTENSION_HIDES_CREATE_SQL_PG,\n  EXTENSION_HIDES_UNIQUE_INDEX_SQL,\n  EXTENSION_HIDES_OWNER_INDEX_SQL,\n  EXTENSION_CONSENTS_CREATE_SQL,\n  EXTENSION_CONSENTS_CREATE_SQL_PG,\n  EXTENSION_CONSENTS_VIEWER_INDEX_SQL,\n} from \"./schema.js\";\nimport {\n  EXTENSION_CHANGE_MARKER_KEY,\n  extensionChangeMarkerSession,\n  extensionChangeMarkerValue,\n  type ExtensionChangeTarget,\n} from \"./change-marker.js\";\n\nconst getDb = createGetDb({ extensions, extensionShares, extensionHides });\n\nlet _initPromise: Promise<void> | undefined;\n\nexport async function ensureExtensionsTables(): Promise<void> {\n  if (!_initPromise) {\n    _initPromise = (async () => {\n      const client = getDbExec();\n      const pg = isPostgres();\n      await retryOnDdlRace(() =>\n        client.execute(pg ? EXTENSIONS_CREATE_SQL_PG : EXTENSIONS_CREATE_SQL),\n      );\n      await migrateMisnamedExtensionsTable(client, pg);\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_SHARES_CREATE_SQL_PG : EXTENSION_SHARES_CREATE_SQL,\n        ),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_DATA_CREATE_SQL_PG : EXTENSION_DATA_CREATE_SQL,\n        ),\n      );\n      await ensureExtensionDataItemId(client, pg);\n      await ensureExtensionDataScope(client, pg);\n      await client.execute(\n        pg\n          ? EXTENSION_DATA_DROP_OLD_INDEX_SQL_PG\n          : EXTENSION_DATA_DROP_OLD_INDEX_SQL,\n      );\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_DATA_ITEM_INDEX_SQL_PG : EXTENSION_DATA_ITEM_INDEX_SQL,\n        ),\n      );\n      await retryOnDdlRace(() => client.execute(EXTENSIONS_OWNER_INDEX_SQL));\n      await retryOnDdlRace(() => client.execute(EXTENSIONS_ORG_INDEX_SQL));\n      await retryOnDdlRace(() => client.execute(EXTENSIONS_UPDATED_INDEX_SQL));\n      await retryOnDdlRace(() =>\n        client.execute(EXTENSION_SHARES_RESOURCE_INDEX_SQL),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_HIDES_CREATE_SQL_PG : EXTENSION_HIDES_CREATE_SQL,\n        ),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(EXTENSION_HIDES_UNIQUE_INDEX_SQL),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(EXTENSION_HIDES_OWNER_INDEX_SQL),\n      );\n      // tool_consents was introduced for an audit-C1 per-viewer consent\n      // gate that we removed once we settled on intra-org trust as the\n      // baseline. The table is kept (additive — never drop) so deploys\n      // that already created it stay healthy; the runtime consent code\n      // is gone. Idempotent CREATE IF NOT EXISTS for fresh schemas.\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_CONSENTS_CREATE_SQL_PG : EXTENSION_CONSENTS_CREATE_SQL,\n        ),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(EXTENSION_CONSENTS_VIEWER_INDEX_SQL),\n      );\n    })();\n  }\n\n  try {\n    await _initPromise;\n  } catch (err) {\n    _initPromise = undefined;\n    throw err;\n  }\n}\n\nasync function migrateMisnamedExtensionsTable(\n  client: ReturnType<typeof getDbExec>,\n  pg: boolean,\n): Promise<void> {\n  const sql = pg\n    ? `INSERT INTO tools (id, name, description, content, icon, created_at, updated_at, owner_email, org_id, visibility)\n       SELECT id, name, description, content, icon, created_at, updated_at, owner_email, org_id, visibility\n       FROM extensions\n       ON CONFLICT (id) DO NOTHING`\n    : `INSERT OR IGNORE INTO tools (id, name, description, content, icon, created_at, updated_at, owner_email, org_id, visibility)\n       SELECT id, name, description, content, icon, created_at, updated_at, owner_email, org_id, visibility\n       FROM extensions`;\n\n  try {\n    await client.execute(sql);\n  } catch (err: any) {\n    const message = String(err?.message ?? err).toLowerCase();\n    if (\n      message.includes(\"no such table: extensions\") ||\n      message.includes('relation \"extensions\" does not exist') ||\n      message.includes(\"relation extensions does not exist\")\n    ) {\n      return;\n    }\n    throw err;\n  }\n}\n\nasync function ensureExtensionDataItemId(\n  client: ReturnType<typeof getDbExec>,\n  pg: boolean,\n): Promise<void> {\n  if (pg) {\n    await client.execute(\n      `ALTER TABLE tool_data ADD COLUMN IF NOT EXISTS item_id TEXT`,\n    );\n    return;\n  }\n\n  // Keep this additive: legacy rows with item_id=id are still read correctly\n  // through COALESCE(item_id, id), so SQLite never needs a table rebuild here.\n  try {\n    await client.execute(`ALTER TABLE tool_data ADD COLUMN item_id TEXT`);\n  } catch (err: any) {\n    if (\n      !String(err?.message ?? err)\n        .toLowerCase()\n        .includes(\"duplicate\")\n    ) {\n      throw err;\n    }\n  }\n}\n\nasync function ensureExtensionDataScope(\n  client: ReturnType<typeof getDbExec>,\n  pg: boolean,\n): Promise<void> {\n  const addCol = (name: string, def: string) => {\n    if (pg) {\n      return client.execute(\n        `ALTER TABLE tool_data ADD COLUMN IF NOT EXISTS ${name} ${def}`,\n      );\n    }\n    return client\n      .execute(`ALTER TABLE tool_data ADD COLUMN ${name} ${def}`)\n      .catch((err: any) => {\n        if (\n          !String(err?.message ?? err)\n            .toLowerCase()\n            .includes(\"duplicate\")\n        )\n          throw err;\n      });\n  };\n  await addCol(\"scope\", \"TEXT NOT NULL DEFAULT 'user'\");\n  await addCol(\"org_id\", \"TEXT\");\n  await addCol(\"scope_key\", \"TEXT NOT NULL DEFAULT 'local@localhost'\");\n  // One-time backfill migration: replaces the dev-mode DEFAULT scope_key\n  // with each row's real owner_email. Not a per-request fallback.\n  await client.execute(\n    // guard:allow-localhost-fallback — one-time backfill migration replacing dev-mode default scope_key with the row's real owner_email\n    `UPDATE tool_data SET scope_key = owner_email WHERE scope_key = 'local@localhost' AND owner_email != 'local@localhost'`,\n  );\n}\n\nexport function registerExtensionsShareable() {\n  registerShareableResource({\n    type: \"extension\",\n    resourceTable: extensions,\n    sharesTable: extensionShares,\n    displayName: \"Extension\",\n    titleColumn: \"name\",\n    getDb: () => getDb(),\n    // Extension HTML executes inside an iframe and calls actions / SQL / the\n    // secrets-injecting proxy as the *viewer*. A public extension would let a\n    // random authenticated user run code with the viewer's credentials — and\n    // a malicious shared extension could re-share itself wider. Lock both:\n    // no public visibility, and individual user shares must already be (or\n    // be invited to) the org.\n    allowPublic: false,\n    requireOrgMemberForUserShares: true,\n  });\n}\n\nexport interface ExtensionRow {\n  id: string;\n  name: string;\n  description: string;\n  content: string;\n  icon: string | null;\n  createdAt: string;\n  updatedAt: string;\n  ownerEmail: string;\n  orgId: string | null;\n  visibility: \"private\" | \"org\" | \"public\";\n}\n\nfunction targetKey(target: ExtensionChangeTarget): string | null {\n  if (target.owner) return `owner:${target.owner}`;\n  if (target.orgId) return `org:${target.orgId}`;\n  return null;\n}\n\nfunction addExtensionChangeTarget(\n  targets: Map<string, ExtensionChangeTarget>,\n  target: ExtensionChangeTarget,\n): void {\n  const key = targetKey(target);\n  if (key) targets.set(key, target);\n}\n\nasync function extensionChangeTargetsForRow(\n  row: ExtensionRow,\n): Promise<ExtensionChangeTarget[]> {\n  const targets = new Map<string, ExtensionChangeTarget>();\n  addExtensionChangeTarget(targets, { owner: row.ownerEmail });\n  if (row.visibility === \"org\" && row.orgId) {\n    addExtensionChangeTarget(targets, { orgId: row.orgId });\n  }\n\n  const db = getDb();\n  const shares = (await db\n    .select({\n      principalType: extensionShares.principalType,\n      principalId: extensionShares.principalId,\n    })\n    .from(extensionShares)\n    .where(eq(extensionShares.resourceId, row.id))) as Array<{\n    principalType: \"user\" | \"org\";\n    principalId: string;\n  }>;\n\n  for (const share of shares) {\n    if (share.principalType === \"user\") {\n      addExtensionChangeTarget(targets, { owner: share.principalId });\n    } else if (share.principalType === \"org\") {\n      addExtensionChangeTarget(targets, { orgId: share.principalId });\n    }\n  }\n\n  return Array.from(targets.values());\n}\n\nasync function extensionChangeTargetsForId(\n  id: string,\n): Promise<ExtensionChangeTarget[]> {\n  const db = getDb();\n  const rows = await db.select().from(extensions).where(eq(extensions.id, id));\n  const row = rows[0] as ExtensionRow | undefined;\n  return row ? extensionChangeTargetsForRow(row) : [];\n}\n\nexport async function getExtensionChangeTargets(\n  id: string,\n): Promise<ExtensionChangeTarget[]> {\n  await ensureExtensionsTables();\n  return extensionChangeTargetsForId(id);\n}\n\nfunction dedupeExtensionChangeTargets(\n  targets: ExtensionChangeTarget[],\n): ExtensionChangeTarget[] {\n  const unique = new Map<string, ExtensionChangeTarget>();\n  for (const target of targets) {\n    const key = targetKey(target);\n    if (key) unique.set(key, target);\n  }\n  return Array.from(unique.values());\n}\n\nasync function notifyExtensionChanged(\n  targets: ExtensionChangeTarget[],\n): Promise<void> {\n  const uniqueTargets = dedupeExtensionChangeTargets(targets);\n  if (uniqueTargets.length === 0) return;\n\n  for (const target of uniqueTargets) {\n    recordChange({\n      source: \"extensions\",\n      type: \"change\",\n      key: \"*\",\n      ...(target.owner ? { owner: target.owner } : {}),\n      ...(target.orgId ? { orgId: target.orgId } : {}),\n    });\n  }\n\n  await Promise.all(\n    uniqueTargets.map(async (target) => {\n      const sessionId = extensionChangeMarkerSession(target);\n      if (!sessionId) return;\n      await appStatePut(\n        sessionId,\n        EXTENSION_CHANGE_MARKER_KEY,\n        extensionChangeMarkerValue(target),\n      );\n    }),\n  );\n}\n\nexport async function notifyExtensionChangeForResource(\n  id: string,\n  beforeTargets: ExtensionChangeTarget[] = [],\n): Promise<void> {\n  await ensureExtensionsTables();\n  await notifyExtensionChanged([\n    ...beforeTargets,\n    ...(await extensionChangeTargetsForId(id)),\n  ]);\n}\n\nexport interface ListExtensionsOptions {\n  includeHidden?: boolean;\n}\n\nexport async function listExtensions(\n  options: ListExtensionsOptions = {},\n): Promise<ExtensionRow[]> {\n  await ensureExtensionsTables();\n  const db = getDb();\n  const rows = (await db\n    .select()\n    .from(extensions)\n    .where(accessFilter(extensions, extensionShares))) as ExtensionRow[];\n\n  if (options.includeHidden) return rows;\n\n  const hiddenIds = await getHiddenExtensionIdsForCurrentUser();\n  if (hiddenIds.size === 0) return rows;\n  return rows.filter((row) => !hiddenIds.has(row.id));\n}\n\nexport async function getExtension(id: string): Promise<ExtensionRow | null> {\n  await ensureExtensionsTables();\n  const access = await resolveAccess(\"extension\", id);\n  return (access?.resource as ExtensionRow | undefined) ?? null;\n}\n\nexport interface CreateExtensionData {\n  name: string;\n  description?: string;\n  content?: string;\n  icon?: string;\n}\n\nexport async function createExtension(\n  data: CreateExtensionData,\n): Promise<ExtensionRow> {\n  await ensureExtensionsTables();\n  const db = getDb();\n  const userEmail = getRequestUserEmail();\n  if (!userEmail) throw new Error(\"no authenticated user\");\n  const orgId = getRequestOrgId();\n  const id = randomUUID();\n  const now = new Date().toISOString();\n  const row: ExtensionRow = {\n    id,\n    name: data.name,\n    description: data.description ?? \"\",\n    content: data.content ?? \"\",\n    icon: data.icon ?? null,\n    createdAt: now,\n    updatedAt: now,\n    ownerEmail: userEmail,\n    orgId: orgId ?? null,\n    visibility: \"private\",\n  };\n  await db.insert(extensions).values(row);\n  await notifyExtensionChanged([{ owner: row.ownerEmail }]);\n  return row;\n}\n\nexport interface UpdateExtensionData {\n  name?: string;\n  description?: string;\n  icon?: string;\n  /**\n   * Extensions cannot be public — `set-resource-visibility` and this store\n   * helper both reject `\"public\"`. The type lists it so the framework's\n   * generic share UI compiles, not because it's allowed at runtime.\n   */\n  visibility?: \"private\" | \"org\" | \"public\";\n}\n\nexport async function updateExtension(\n  id: string,\n  data: UpdateExtensionData,\n): Promise<ExtensionRow | null> {\n  await ensureExtensionsTables();\n  await assertAccess(\"extension\", id, \"editor\");\n  if (data.visibility === \"public\") {\n    // Defense in depth — `registerExtensionsShareable` sets\n    // `allowPublic: false`, so `set-resource-visibility` already rejects\n    // this. Block direct callers too (HTTP `PUT /extensions/:id`, internal\n    // refactors) so the rule holds regardless of entry point.\n    throw new ForbiddenError(\n      \"Extensions cannot be made public — share with specific people or your organization instead.\",\n    );\n  }\n  const db = getDb();\n  const beforeTargets = await extensionChangeTargetsForId(id);\n  const updates: Record<string, unknown> = {\n    updatedAt: new Date().toISOString(),\n  };\n  if (data.name !== undefined) updates.name = data.name;\n  if (data.description !== undefined) updates.description = data.description;\n  if (data.icon !== undefined) updates.icon = data.icon;\n  if (data.visibility !== undefined) updates.visibility = data.visibility;\n  await db.update(extensions).set(updates).where(eq(extensions.id, id));\n  const rows = await db.select().from(extensions).where(eq(extensions.id, id));\n  const row = (rows[0] as ExtensionRow) ?? null;\n  if (row) {\n    await notifyExtensionChanged([\n      ...beforeTargets,\n      ...(await extensionChangeTargetsForRow(row)),\n    ]);\n  }\n  return row;\n}\n\nexport interface UpdateExtensionContentOpts {\n  content?: string;\n  patches?: Array<{ find: string; replace: string }>;\n}\n\nexport async function updateExtensionContent(\n  id: string,\n  opts: UpdateExtensionContentOpts,\n): Promise<ExtensionRow | null> {\n  await ensureExtensionsTables();\n  await assertAccess(\"extension\", id, \"editor\");\n  const db = getDb();\n\n  let newContent: string;\n  if (opts.content !== undefined) {\n    newContent = opts.content;\n  } else if (opts.patches) {\n    const rows = await db\n      .select()\n      .from(extensions)\n      .where(eq(extensions.id, id));\n    if (!rows[0]) return null;\n    newContent = (rows[0] as ExtensionRow).content;\n    for (const patch of opts.patches) {\n      newContent = newContent.replace(patch.find, patch.replace);\n    }\n  } else {\n    return null;\n  }\n\n  const beforeTargets = await extensionChangeTargetsForId(id);\n  await db\n    .update(extensions)\n    .set({ content: newContent, updatedAt: new Date().toISOString() })\n    .where(eq(extensions.id, id));\n  const rows = await db.select().from(extensions).where(eq(extensions.id, id));\n  const row = (rows[0] as ExtensionRow) ?? null;\n  if (row) {\n    await notifyExtensionChanged([\n      ...beforeTargets,\n      ...(await extensionChangeTargetsForRow(row)),\n    ]);\n  }\n  return row;\n}\n\nexport async function deleteExtension(id: string): Promise<boolean> {\n  await ensureExtensionsTables();\n  await assertAccess(\"extension\", id, \"admin\");\n  const db = getDb();\n  const rows = await db.select().from(extensions).where(eq(extensions.id, id));\n  const row = rows[0] as ExtensionRow | undefined;\n  if (!row) return false;\n  const targets = await extensionChangeTargetsForRow(row);\n  await db.delete(extensionShares).where(eq(extensionShares.resourceId, id));\n  await db.delete(extensionHides).where(eq(extensionHides.extensionId, id));\n  await getDbExec().execute({\n    sql: `DELETE FROM tool_data WHERE tool_id = ?`,\n    args: [id],\n  });\n  const { cascadeDeleteExtensionSlots } = await import(\"./slots/store.js\");\n  await cascadeDeleteExtensionSlots(id);\n  await db.delete(extensions).where(eq(extensions.id, id));\n  await notifyExtensionChanged(targets);\n  return true;\n}\n\nexport async function getHiddenExtensionIdsForCurrentUser(): Promise<\n  Set<string>\n> {\n  await ensureExtensionsTables();\n  const userEmail = getRequestUserEmail();\n  if (!userEmail) return new Set();\n\n  const db = getDb();\n  const rows = await db\n    .select({ extensionId: extensionHides.extensionId })\n    .from(extensionHides)\n    .where(eq(extensionHides.ownerEmail, userEmail));\n  return new Set(rows.map((row) => row.extensionId));\n}\n\nexport async function hideExtension(id: string): Promise<boolean> {\n  await ensureExtensionsTables();\n  await assertAccess(\"extension\", id, \"viewer\");\n  const userEmail = getRequestUserEmail();\n  if (!userEmail) throw new Error(\"no authenticated user\");\n\n  const now = new Date().toISOString();\n  await getDbExec().execute({\n    sql: `INSERT INTO tool_hidden_extensions (id, tool_id, owner_email, created_at)\n      VALUES (?, ?, ?, ?)\n      ON CONFLICT (owner_email, tool_id) DO NOTHING`,\n    args: [randomUUID(), id, userEmail, now],\n  });\n  await notifyExtensionChanged([{ owner: userEmail }]);\n  return true;\n}\n\nexport async function unhideExtension(id: string): Promise<boolean> {\n  await ensureExtensionsTables();\n  const userEmail = getRequestUserEmail();\n  if (!userEmail) throw new Error(\"no authenticated user\");\n\n  await getDbExec().execute({\n    sql: `DELETE FROM tool_hidden_extensions WHERE tool_id = ? AND owner_email = ?`,\n    args: [id, userEmail],\n  });\n  await notifyExtensionChanged([{ owner: userEmail }]);\n  return true;\n}\n"]}
+{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/extensions/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,cAAc,GACf,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,mBAAmB,EACnB,eAAe,GAChB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACnE,OAAO,EACL,UAAU,EACV,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,wBAAwB,EACxB,2BAA2B,EAC3B,8BAA8B,EAC9B,yBAAyB,EACzB,4BAA4B,EAC5B,6BAA6B,EAC7B,gCAAgC,EAChC,iCAAiC,EACjC,oCAAoC,EACpC,0BAA0B,EAC1B,wBAAwB,EACxB,4BAA4B,EAC5B,mCAAmC,EACnC,0BAA0B,EAC1B,6BAA6B,EAC7B,gCAAgC,EAChC,+BAA+B,EAC/B,6BAA6B,EAC7B,gCAAgC,EAChC,mCAAmC,GACpC,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,0BAA0B,GAE3B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,2BAA2B,GAG5B,MAAM,oBAAoB,CAAC;AAE5B,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,UAAU,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC;AAE3E,IAAI,YAAuC,CAAC;AAE5C,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;YACxB,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,qBAAqB,CAAC,CACtE,CAAC;YACF,MAAM,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YACjD,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,8BAA8B,CAAC,CAAC,CAAC,2BAA2B,CAClE,CACF,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,yBAAyB,CAC9D,CACF,CAAC;YACF,MAAM,yBAAyB,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,wBAAwB,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC3C,MAAM,MAAM,CAAC,OAAO,CAClB,EAAE;gBACA,CAAC,CAAC,oCAAoC;gBACtC,CAAC,CAAC,iCAAiC,CACtC,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,6BAA6B,CACtE,CACF,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC,CAAC;YACvE,MAAM,cAAc,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC,CAAC;YACrE,MAAM,cAAc,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC,CAAC;YACzE,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,mCAAmC,CAAC,CACpD,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,6BAA6B,CAAC,CAAC,CAAC,0BAA0B,CAChE,CACF,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,gCAAgC,CAAC,CACjD,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,+BAA+B,CAAC,CAChD,CAAC;YACF,kEAAkE;YAClE,iEAAiE;YACjE,iEAAiE;YACjE,iEAAiE;YACjE,8DAA8D;YAC9D,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,6BAA6B,CACtE,CACF,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,mCAAmC,CAAC,CACpD,CAAC;QACJ,CAAC,CAAC,EAAE,CAAC;IACP,CAAC;IAED,IAAI,CAAC;QACH,MAAM,YAAY,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,YAAY,GAAG,SAAS,CAAC;QACzB,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,8BAA8B,CAC3C,MAAoC,EACpC,EAAW;IAEX,MAAM,GAAG,GAAG,EAAE;QACZ,CAAC,CAAC;;;mCAG6B;QAC/B,CAAC,CAAC;;uBAEiB,CAAC;IAEtB,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1D,IACE,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC;YAC7C,OAAO,CAAC,QAAQ,CAAC,sCAAsC,CAAC;YACxD,OAAO,CAAC,QAAQ,CAAC,oCAAoC,CAAC,EACtD,CAAC;YACD,OAAO;QACT,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,yBAAyB,CACtC,MAAoC,EACpC,EAAW;IAEX,IAAI,EAAE,EAAE,CAAC;QACP,MAAM,MAAM,CAAC,OAAO,CAClB,6DAA6D,CAC9D,CAAC;QACF,OAAO;IACT,CAAC;IAED,2EAA2E;IAC3E,6EAA6E;IAC7E,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;IACxE,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,IACE,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC;aACzB,WAAW,EAAE;aACb,QAAQ,CAAC,WAAW,CAAC,EACxB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,MAAoC,EACpC,EAAW;IAEX,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,GAAW,EAAE,EAAE;QAC3C,IAAI,EAAE,EAAE,CAAC;YACP,OAAO,MAAM,CAAC,OAAO,CACnB,kDAAkD,IAAI,IAAI,GAAG,EAAE,CAChE,CAAC;QACJ,CAAC;QACD,OAAO,MAAM;aACV,OAAO,CAAC,oCAAoC,IAAI,IAAI,GAAG,EAAE,CAAC;aAC1D,KAAK,CAAC,CAAC,GAAQ,EAAE,EAAE;YAClB,IACE,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC;iBACzB,WAAW,EAAE;iBACb,QAAQ,CAAC,WAAW,CAAC;gBAExB,MAAM,GAAG,CAAC;QACd,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;IACF,MAAM,MAAM,CAAC,OAAO,EAAE,8BAA8B,CAAC,CAAC;IACtD,MAAM,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,MAAM,CAAC,WAAW,EAAE,yCAAyC,CAAC,CAAC;IACrE,uEAAuE;IACvE,gEAAgE;IAChE,MAAM,MAAM,CAAC,OAAO;IAClB,oIAAoI;IACpI,uHAAuH,CACxH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,2BAA2B;IACzC,yBAAyB,CAAC;QACxB,IAAI,EAAE,WAAW;QACjB,aAAa,EAAE,UAAU;QACzB,WAAW,EAAE,eAAe;QAC5B,WAAW,EAAE,WAAW;QACxB,WAAW,EAAE,MAAM;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE;QACpB,yEAAyE;QACzE,0EAA0E;QAC1E,yEAAyE;QACzE,uEAAuE;QACvE,uEAAuE;QACvE,0BAA0B;QAC1B,WAAW,EAAE,KAAK;QAClB,6BAA6B,EAAE,IAAI;KACpC,CAAC,CAAC;AACL,CAAC;AAeD,SAAS,SAAS,CAAC,MAA6B;IAC9C,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,SAAS,MAAM,CAAC,KAAK,EAAE,CAAC;IACjD,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,OAAO,MAAM,CAAC,KAAK,EAAE,CAAC;IAC/C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,wBAAwB,CAC/B,OAA2C,EAC3C,MAA6B;IAE7B,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC9B,IAAI,GAAG;QAAE,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,KAAK,UAAU,4BAA4B,CACzC,GAAiB;IAEjB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiC,CAAC;IACzD,wBAAwB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;IAC7D,IAAI,GAAG,CAAC,UAAU,KAAK,KAAK,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QAC1C,wBAAwB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,MAAM,GAAG,CAAC,MAAM,EAAE;SACrB,MAAM,CAAC;QACN,aAAa,EAAE,eAAe,CAAC,aAAa;QAC5C,WAAW,EAAE,eAAe,CAAC,WAAW;KACzC,CAAC;SACD,IAAI,CAAC,eAAe,CAAC;SACrB,KAAK,CAAC,EAAE,CAAC,eAAe,CAAC,UAAU,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAG9C,CAAC;IAEH,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,KAAK,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;YACnC,wBAAwB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,KAAK,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACzC,wBAAwB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AACtC,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,EAAU;IAEV,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAA6B,CAAC;IAChD,OAAO,GAAG,CAAC,CAAC,CAAC,4BAA4B,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACtD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,EAAU;IAEV,MAAM,sBAAsB,EAAE,CAAC;IAC/B,OAAO,2BAA2B,CAAC,EAAE,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,4BAA4B,CACnC,OAAgC;IAEhC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAiC,CAAC;IACxD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9B,IAAI,GAAG;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,OAAgC;IAEhC,MAAM,aAAa,GAAG,4BAA4B,CAAC,OAAO,CAAC,CAAC;IAC5D,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAEvC,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;QACnC,YAAY,CAAC;YACX,MAAM,EAAE,YAAY;YACpB,IAAI,EAAE,QAAQ;YACd,GAAG,EAAE,GAAG;YACR,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,CAAC,GAAG,CACf,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACjC,MAAM,SAAS,GAAG,4BAA4B,CAAC,MAAM,CAAC,CAAC;QACvD,IAAI,CAAC,SAAS;YAAE,OAAO;QACvB,MAAM,WAAW,CACf,SAAS,EACT,2BAA2B,EAC3B,0BAA0B,CAAC,MAAM,CAAC,CACnC,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,EAAU,EACV,gBAAyC,EAAE;IAE3C,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,sBAAsB,CAAC;QAC3B,GAAG,aAAa;QAChB,GAAG,CAAC,MAAM,2BAA2B,CAAC,EAAE,CAAC,CAAC;KAC3C,CAAC,CAAC;AACL,CAAC;AAMD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,UAAiC,EAAE;IAEnC,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE;SACnB,MAAM,EAAE;SACR,IAAI,CAAC,UAAU,CAAC;SAChB,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC,CAAmB,CAAC;IAEvE,IAAI,OAAO,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IAEvC,MAAM,SAAS,GAAG,MAAM,mCAAmC,EAAE,CAAC;IAC9D,IAAI,SAAS,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EAAU;IAC3C,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACpD,OAAQ,MAAM,EAAE,QAAqC,IAAI,IAAI,CAAC;AAChE,CAAC;AASD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAyB;IAEzB,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACzD,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAChC,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,GAAG,GAAiB;QACxB,EAAE;QACF,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,EAAE;QACnC,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE;QAC3B,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI;QACvB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG;QACd,UAAU,EAAE,SAAS;QACrB,KAAK,EAAE,KAAK,IAAI,IAAI;QACpB,UAAU,EAAE,SAAS;KACtB,CAAC;IACF,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,sBAAsB,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC1D,OAAO,GAAG,CAAC;AACb,CAAC;AAcD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,EAAU,EACV,IAAyB;IAEzB,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC9C,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACjC,wDAAwD;QACxD,qEAAqE;QACrE,uEAAuE;QACvE,0DAA0D;QAC1D,MAAM,IAAI,cAAc,CACtB,6FAA6F,CAC9F,CAAC;IACJ,CAAC;IACD,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,aAAa,GAAG,MAAM,2BAA2B,CAAC,EAAE,CAAC,CAAC;IAC5D,MAAM,OAAO,GAA4B;QACvC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IACF,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS;QAAE,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IAC3E,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS;QAAE,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACxE,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IACtE,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAI,IAAI,CAAC,CAAC,CAAkB,IAAI,IAAI,CAAC;IAC9C,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,sBAAsB,CAAC;YAC3B,GAAG,aAAa;YAChB,GAAG,CAAC,MAAM,4BAA4B,CAAC,GAAG,CAAC,CAAC;SAC7C,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AASD,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,EAAU,EACV,IAAgC;IAEhC,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IAEnB,IACE,IAAI,CAAC,OAAO,KAAK,SAAS;QAC1B,IAAI,CAAC,OAAO,KAAK,SAAS;QAC1B,IAAI,CAAC,KAAK,KAAK,SAAS;QACxB,CAAC,IAAI,CAAC,MAAM,EACZ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,EAAE;SAC1B,MAAM,EAAE;SACR,IAAI,CAAC,UAAU,CAAC;SAChB,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAChC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAClC,MAAM,eAAe,GAAI,YAAY,CAAC,CAAC,CAAkB,CAAC,OAAO,CAAC;IAClE,MAAM,MAAM,GAAG,MAAM,2BAA2B,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;IAExE,MAAM,aAAa,GAAG,MAAM,2BAA2B,CAAC,EAAE,CAAC,CAAC;IAC5D,MAAM,EAAE;SACL,MAAM,CAAC,UAAU,CAAC;SAClB,GAAG,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;SACrE,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAI,IAAI,CAAC,CAAC,CAAkB,IAAI,IAAI,CAAC;IAC9C,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,sBAAsB,CAAC;YAC3B,GAAG,aAAa;YAChB,GAAG,CAAC,MAAM,4BAA4B,CAAC,GAAG,CAAC,CAAC;SAC7C,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,EAAU;IAC9C,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAA6B,CAAC;IAChD,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,MAAM,OAAO,GAAG,MAAM,4BAA4B,CAAC,GAAG,CAAC,CAAC;IACxD,MAAM,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,eAAe,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC;IAC3E,MAAM,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1E,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EAAE,yCAAyC;QAC9C,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,MAAM,EAAE,2BAA2B,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACzE,MAAM,2BAA2B,CAAC,EAAE,CAAC,CAAC;IACtC,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IACzD,MAAM,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACtC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mCAAmC;IAGvD,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,GAAG,EAAE,CAAC;IAEjC,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,IAAI,GAAG,MAAM,EAAE;SAClB,MAAM,CAAC,EAAE,WAAW,EAAE,cAAc,CAAC,WAAW,EAAE,CAAC;SACnD,IAAI,CAAC,cAAc,CAAC;SACpB,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;IACnD,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAAU;IAC5C,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAEzD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EAAE;;oDAE2C;QAChD,IAAI,EAAE,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,CAAC;KACzC,CAAC,CAAC;IACH,MAAM,sBAAsB,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IACrD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,EAAU;IAC9C,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAEzD,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EAAE,0EAA0E;QAC/E,IAAI,EAAE,CAAC,EAAE,EAAE,SAAS,CAAC;KACtB,CAAC,CAAC;IACH,MAAM,sBAAsB,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IACrD,OAAO,IAAI,CAAC;AACd,CAAC","sourcesContent":["import { randomUUID } from \"node:crypto\";\nimport { eq } from \"drizzle-orm\";\nimport { appStatePut } from \"../application-state/store.js\";\nimport { getDbExec, isPostgres, retryOnDdlRace } from \"../db/client.js\";\nimport { createGetDb } from \"../db/create-get-db.js\";\nimport { recordChange } from \"../server/poll.js\";\nimport {\n  accessFilter,\n  assertAccess,\n  resolveAccess,\n  ForbiddenError,\n} from \"../sharing/access.js\";\nimport {\n  getRequestUserEmail,\n  getRequestOrgId,\n} from \"../server/request-context.js\";\nimport { registerShareableResource } from \"../sharing/registry.js\";\nimport {\n  extensions,\n  extensionHides,\n  extensionShares,\n  EXTENSIONS_CREATE_SQL,\n  EXTENSIONS_CREATE_SQL_PG,\n  EXTENSION_SHARES_CREATE_SQL,\n  EXTENSION_SHARES_CREATE_SQL_PG,\n  EXTENSION_DATA_CREATE_SQL,\n  EXTENSION_DATA_CREATE_SQL_PG,\n  EXTENSION_DATA_ITEM_INDEX_SQL,\n  EXTENSION_DATA_ITEM_INDEX_SQL_PG,\n  EXTENSION_DATA_DROP_OLD_INDEX_SQL,\n  EXTENSION_DATA_DROP_OLD_INDEX_SQL_PG,\n  EXTENSIONS_OWNER_INDEX_SQL,\n  EXTENSIONS_ORG_INDEX_SQL,\n  EXTENSIONS_UPDATED_INDEX_SQL,\n  EXTENSION_SHARES_RESOURCE_INDEX_SQL,\n  EXTENSION_HIDES_CREATE_SQL,\n  EXTENSION_HIDES_CREATE_SQL_PG,\n  EXTENSION_HIDES_UNIQUE_INDEX_SQL,\n  EXTENSION_HIDES_OWNER_INDEX_SQL,\n  EXTENSION_CONSENTS_CREATE_SQL,\n  EXTENSION_CONSENTS_CREATE_SQL_PG,\n  EXTENSION_CONSENTS_VIEWER_INDEX_SQL,\n} from \"./schema.js\";\nimport {\n  EXTENSION_CHANGE_MARKER_KEY,\n  extensionChangeMarkerSession,\n  extensionChangeMarkerValue,\n  type ExtensionChangeTarget,\n} from \"./change-marker.js\";\nimport {\n  applyExtensionContentUpdate,\n  type ExtensionContentEdit,\n  type ExtensionLegacyPatch,\n} from \"./content-patch.js\";\n\nconst getDb = createGetDb({ extensions, extensionShares, extensionHides });\n\nlet _initPromise: Promise<void> | undefined;\n\nexport async function ensureExtensionsTables(): Promise<void> {\n  if (!_initPromise) {\n    _initPromise = (async () => {\n      const client = getDbExec();\n      const pg = isPostgres();\n      await retryOnDdlRace(() =>\n        client.execute(pg ? EXTENSIONS_CREATE_SQL_PG : EXTENSIONS_CREATE_SQL),\n      );\n      await migrateMisnamedExtensionsTable(client, pg);\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_SHARES_CREATE_SQL_PG : EXTENSION_SHARES_CREATE_SQL,\n        ),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_DATA_CREATE_SQL_PG : EXTENSION_DATA_CREATE_SQL,\n        ),\n      );\n      await ensureExtensionDataItemId(client, pg);\n      await ensureExtensionDataScope(client, pg);\n      await client.execute(\n        pg\n          ? EXTENSION_DATA_DROP_OLD_INDEX_SQL_PG\n          : EXTENSION_DATA_DROP_OLD_INDEX_SQL,\n      );\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_DATA_ITEM_INDEX_SQL_PG : EXTENSION_DATA_ITEM_INDEX_SQL,\n        ),\n      );\n      await retryOnDdlRace(() => client.execute(EXTENSIONS_OWNER_INDEX_SQL));\n      await retryOnDdlRace(() => client.execute(EXTENSIONS_ORG_INDEX_SQL));\n      await retryOnDdlRace(() => client.execute(EXTENSIONS_UPDATED_INDEX_SQL));\n      await retryOnDdlRace(() =>\n        client.execute(EXTENSION_SHARES_RESOURCE_INDEX_SQL),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_HIDES_CREATE_SQL_PG : EXTENSION_HIDES_CREATE_SQL,\n        ),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(EXTENSION_HIDES_UNIQUE_INDEX_SQL),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(EXTENSION_HIDES_OWNER_INDEX_SQL),\n      );\n      // tool_consents was introduced for an audit-C1 per-viewer consent\n      // gate that we removed once we settled on intra-org trust as the\n      // baseline. The table is kept (additive — never drop) so deploys\n      // that already created it stay healthy; the runtime consent code\n      // is gone. Idempotent CREATE IF NOT EXISTS for fresh schemas.\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_CONSENTS_CREATE_SQL_PG : EXTENSION_CONSENTS_CREATE_SQL,\n        ),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(EXTENSION_CONSENTS_VIEWER_INDEX_SQL),\n      );\n    })();\n  }\n\n  try {\n    await _initPromise;\n  } catch (err) {\n    _initPromise = undefined;\n    throw err;\n  }\n}\n\nasync function migrateMisnamedExtensionsTable(\n  client: ReturnType<typeof getDbExec>,\n  pg: boolean,\n): Promise<void> {\n  const sql = pg\n    ? `INSERT INTO tools (id, name, description, content, icon, created_at, updated_at, owner_email, org_id, visibility)\n       SELECT id, name, description, content, icon, created_at, updated_at, owner_email, org_id, visibility\n       FROM extensions\n       ON CONFLICT (id) DO NOTHING`\n    : `INSERT OR IGNORE INTO tools (id, name, description, content, icon, created_at, updated_at, owner_email, org_id, visibility)\n       SELECT id, name, description, content, icon, created_at, updated_at, owner_email, org_id, visibility\n       FROM extensions`;\n\n  try {\n    await client.execute(sql);\n  } catch (err: any) {\n    const message = String(err?.message ?? err).toLowerCase();\n    if (\n      message.includes(\"no such table: extensions\") ||\n      message.includes('relation \"extensions\" does not exist') ||\n      message.includes(\"relation extensions does not exist\")\n    ) {\n      return;\n    }\n    throw err;\n  }\n}\n\nasync function ensureExtensionDataItemId(\n  client: ReturnType<typeof getDbExec>,\n  pg: boolean,\n): Promise<void> {\n  if (pg) {\n    await client.execute(\n      `ALTER TABLE tool_data ADD COLUMN IF NOT EXISTS item_id TEXT`,\n    );\n    return;\n  }\n\n  // Keep this additive: legacy rows with item_id=id are still read correctly\n  // through COALESCE(item_id, id), so SQLite never needs a table rebuild here.\n  try {\n    await client.execute(`ALTER TABLE tool_data ADD COLUMN item_id TEXT`);\n  } catch (err: any) {\n    if (\n      !String(err?.message ?? err)\n        .toLowerCase()\n        .includes(\"duplicate\")\n    ) {\n      throw err;\n    }\n  }\n}\n\nasync function ensureExtensionDataScope(\n  client: ReturnType<typeof getDbExec>,\n  pg: boolean,\n): Promise<void> {\n  const addCol = (name: string, def: string) => {\n    if (pg) {\n      return client.execute(\n        `ALTER TABLE tool_data ADD COLUMN IF NOT EXISTS ${name} ${def}`,\n      );\n    }\n    return client\n      .execute(`ALTER TABLE tool_data ADD COLUMN ${name} ${def}`)\n      .catch((err: any) => {\n        if (\n          !String(err?.message ?? err)\n            .toLowerCase()\n            .includes(\"duplicate\")\n        )\n          throw err;\n      });\n  };\n  await addCol(\"scope\", \"TEXT NOT NULL DEFAULT 'user'\");\n  await addCol(\"org_id\", \"TEXT\");\n  await addCol(\"scope_key\", \"TEXT NOT NULL DEFAULT 'local@localhost'\");\n  // One-time backfill migration: replaces the dev-mode DEFAULT scope_key\n  // with each row's real owner_email. Not a per-request fallback.\n  await client.execute(\n    // guard:allow-localhost-fallback — one-time backfill migration replacing dev-mode default scope_key with the row's real owner_email\n    `UPDATE tool_data SET scope_key = owner_email WHERE scope_key = 'local@localhost' AND owner_email != 'local@localhost'`,\n  );\n}\n\nexport function registerExtensionsShareable() {\n  registerShareableResource({\n    type: \"extension\",\n    resourceTable: extensions,\n    sharesTable: extensionShares,\n    displayName: \"Extension\",\n    titleColumn: \"name\",\n    getDb: () => getDb(),\n    // Extension HTML executes inside an iframe and calls actions / SQL / the\n    // secrets-injecting proxy as the *viewer*. A public extension would let a\n    // random authenticated user run code with the viewer's credentials — and\n    // a malicious shared extension could re-share itself wider. Lock both:\n    // no public visibility, and individual user shares must already be (or\n    // be invited to) the org.\n    allowPublic: false,\n    requireOrgMemberForUserShares: true,\n  });\n}\n\nexport interface ExtensionRow {\n  id: string;\n  name: string;\n  description: string;\n  content: string;\n  icon: string | null;\n  createdAt: string;\n  updatedAt: string;\n  ownerEmail: string;\n  orgId: string | null;\n  visibility: \"private\" | \"org\" | \"public\";\n}\n\nfunction targetKey(target: ExtensionChangeTarget): string | null {\n  if (target.owner) return `owner:${target.owner}`;\n  if (target.orgId) return `org:${target.orgId}`;\n  return null;\n}\n\nfunction addExtensionChangeTarget(\n  targets: Map<string, ExtensionChangeTarget>,\n  target: ExtensionChangeTarget,\n): void {\n  const key = targetKey(target);\n  if (key) targets.set(key, target);\n}\n\nasync function extensionChangeTargetsForRow(\n  row: ExtensionRow,\n): Promise<ExtensionChangeTarget[]> {\n  const targets = new Map<string, ExtensionChangeTarget>();\n  addExtensionChangeTarget(targets, { owner: row.ownerEmail });\n  if (row.visibility === \"org\" && row.orgId) {\n    addExtensionChangeTarget(targets, { orgId: row.orgId });\n  }\n\n  const db = getDb();\n  const shares = (await db\n    .select({\n      principalType: extensionShares.principalType,\n      principalId: extensionShares.principalId,\n    })\n    .from(extensionShares)\n    .where(eq(extensionShares.resourceId, row.id))) as Array<{\n    principalType: \"user\" | \"org\";\n    principalId: string;\n  }>;\n\n  for (const share of shares) {\n    if (share.principalType === \"user\") {\n      addExtensionChangeTarget(targets, { owner: share.principalId });\n    } else if (share.principalType === \"org\") {\n      addExtensionChangeTarget(targets, { orgId: share.principalId });\n    }\n  }\n\n  return Array.from(targets.values());\n}\n\nasync function extensionChangeTargetsForId(\n  id: string,\n): Promise<ExtensionChangeTarget[]> {\n  const db = getDb();\n  const rows = await db.select().from(extensions).where(eq(extensions.id, id));\n  const row = rows[0] as ExtensionRow | undefined;\n  return row ? extensionChangeTargetsForRow(row) : [];\n}\n\nexport async function getExtensionChangeTargets(\n  id: string,\n): Promise<ExtensionChangeTarget[]> {\n  await ensureExtensionsTables();\n  return extensionChangeTargetsForId(id);\n}\n\nfunction dedupeExtensionChangeTargets(\n  targets: ExtensionChangeTarget[],\n): ExtensionChangeTarget[] {\n  const unique = new Map<string, ExtensionChangeTarget>();\n  for (const target of targets) {\n    const key = targetKey(target);\n    if (key) unique.set(key, target);\n  }\n  return Array.from(unique.values());\n}\n\nasync function notifyExtensionChanged(\n  targets: ExtensionChangeTarget[],\n): Promise<void> {\n  const uniqueTargets = dedupeExtensionChangeTargets(targets);\n  if (uniqueTargets.length === 0) return;\n\n  for (const target of uniqueTargets) {\n    recordChange({\n      source: \"extensions\",\n      type: \"change\",\n      key: \"*\",\n      ...(target.owner ? { owner: target.owner } : {}),\n      ...(target.orgId ? { orgId: target.orgId } : {}),\n    });\n  }\n\n  await Promise.all(\n    uniqueTargets.map(async (target) => {\n      const sessionId = extensionChangeMarkerSession(target);\n      if (!sessionId) return;\n      await appStatePut(\n        sessionId,\n        EXTENSION_CHANGE_MARKER_KEY,\n        extensionChangeMarkerValue(target),\n      );\n    }),\n  );\n}\n\nexport async function notifyExtensionChangeForResource(\n  id: string,\n  beforeTargets: ExtensionChangeTarget[] = [],\n): Promise<void> {\n  await ensureExtensionsTables();\n  await notifyExtensionChanged([\n    ...beforeTargets,\n    ...(await extensionChangeTargetsForId(id)),\n  ]);\n}\n\nexport interface ListExtensionsOptions {\n  includeHidden?: boolean;\n}\n\nexport async function listExtensions(\n  options: ListExtensionsOptions = {},\n): Promise<ExtensionRow[]> {\n  await ensureExtensionsTables();\n  const db = getDb();\n  const rows = (await db\n    .select()\n    .from(extensions)\n    .where(accessFilter(extensions, extensionShares))) as ExtensionRow[];\n\n  if (options.includeHidden) return rows;\n\n  const hiddenIds = await getHiddenExtensionIdsForCurrentUser();\n  if (hiddenIds.size === 0) return rows;\n  return rows.filter((row) => !hiddenIds.has(row.id));\n}\n\nexport async function getExtension(id: string): Promise<ExtensionRow | null> {\n  await ensureExtensionsTables();\n  const access = await resolveAccess(\"extension\", id);\n  return (access?.resource as ExtensionRow | undefined) ?? null;\n}\n\nexport interface CreateExtensionData {\n  name: string;\n  description?: string;\n  content?: string;\n  icon?: string;\n}\n\nexport async function createExtension(\n  data: CreateExtensionData,\n): Promise<ExtensionRow> {\n  await ensureExtensionsTables();\n  const db = getDb();\n  const userEmail = getRequestUserEmail();\n  if (!userEmail) throw new Error(\"no authenticated user\");\n  const orgId = getRequestOrgId();\n  const id = randomUUID();\n  const now = new Date().toISOString();\n  const row: ExtensionRow = {\n    id,\n    name: data.name,\n    description: data.description ?? \"\",\n    content: data.content ?? \"\",\n    icon: data.icon ?? null,\n    createdAt: now,\n    updatedAt: now,\n    ownerEmail: userEmail,\n    orgId: orgId ?? null,\n    visibility: \"private\",\n  };\n  await db.insert(extensions).values(row);\n  await notifyExtensionChanged([{ owner: row.ownerEmail }]);\n  return row;\n}\n\nexport interface UpdateExtensionData {\n  name?: string;\n  description?: string;\n  icon?: string;\n  /**\n   * Extensions cannot be public — `set-resource-visibility` and this store\n   * helper both reject `\"public\"`. The type lists it so the framework's\n   * generic share UI compiles, not because it's allowed at runtime.\n   */\n  visibility?: \"private\" | \"org\" | \"public\";\n}\n\nexport async function updateExtension(\n  id: string,\n  data: UpdateExtensionData,\n): Promise<ExtensionRow | null> {\n  await ensureExtensionsTables();\n  await assertAccess(\"extension\", id, \"editor\");\n  if (data.visibility === \"public\") {\n    // Defense in depth — `registerExtensionsShareable` sets\n    // `allowPublic: false`, so `set-resource-visibility` already rejects\n    // this. Block direct callers too (HTTP `PUT /extensions/:id`, internal\n    // refactors) so the rule holds regardless of entry point.\n    throw new ForbiddenError(\n      \"Extensions cannot be made public — share with specific people or your organization instead.\",\n    );\n  }\n  const db = getDb();\n  const beforeTargets = await extensionChangeTargetsForId(id);\n  const updates: Record<string, unknown> = {\n    updatedAt: new Date().toISOString(),\n  };\n  if (data.name !== undefined) updates.name = data.name;\n  if (data.description !== undefined) updates.description = data.description;\n  if (data.icon !== undefined) updates.icon = data.icon;\n  if (data.visibility !== undefined) updates.visibility = data.visibility;\n  await db.update(extensions).set(updates).where(eq(extensions.id, id));\n  const rows = await db.select().from(extensions).where(eq(extensions.id, id));\n  const row = (rows[0] as ExtensionRow) ?? null;\n  if (row) {\n    await notifyExtensionChanged([\n      ...beforeTargets,\n      ...(await extensionChangeTargetsForRow(row)),\n    ]);\n  }\n  return row;\n}\n\nexport interface UpdateExtensionContentOpts {\n  content?: string;\n  patches?: ExtensionLegacyPatch[];\n  edits?: ExtensionContentEdit[];\n  format?: boolean;\n}\n\nexport async function updateExtensionContent(\n  id: string,\n  opts: UpdateExtensionContentOpts,\n): Promise<ExtensionRow | null> {\n  await ensureExtensionsTables();\n  await assertAccess(\"extension\", id, \"editor\");\n  const db = getDb();\n\n  if (\n    opts.content === undefined &&\n    opts.patches === undefined &&\n    opts.edits === undefined &&\n    !opts.format\n  ) {\n    return null;\n  }\n\n  const existingRows = await db\n    .select()\n    .from(extensions)\n    .where(eq(extensions.id, id));\n  if (!existingRows[0]) return null;\n  const existingContent = (existingRows[0] as ExtensionRow).content;\n  const update = await applyExtensionContentUpdate(existingContent, opts);\n\n  const beforeTargets = await extensionChangeTargetsForId(id);\n  await db\n    .update(extensions)\n    .set({ content: update.content, updatedAt: new Date().toISOString() })\n    .where(eq(extensions.id, id));\n  const rows = await db.select().from(extensions).where(eq(extensions.id, id));\n  const row = (rows[0] as ExtensionRow) ?? null;\n  if (row) {\n    await notifyExtensionChanged([\n      ...beforeTargets,\n      ...(await extensionChangeTargetsForRow(row)),\n    ]);\n  }\n  return row;\n}\n\nexport async function deleteExtension(id: string): Promise<boolean> {\n  await ensureExtensionsTables();\n  await assertAccess(\"extension\", id, \"admin\");\n  const db = getDb();\n  const rows = await db.select().from(extensions).where(eq(extensions.id, id));\n  const row = rows[0] as ExtensionRow | undefined;\n  if (!row) return false;\n  const targets = await extensionChangeTargetsForRow(row);\n  await db.delete(extensionShares).where(eq(extensionShares.resourceId, id));\n  await db.delete(extensionHides).where(eq(extensionHides.extensionId, id));\n  await getDbExec().execute({\n    sql: `DELETE FROM tool_data WHERE tool_id = ?`,\n    args: [id],\n  });\n  const { cascadeDeleteExtensionSlots } = await import(\"./slots/store.js\");\n  await cascadeDeleteExtensionSlots(id);\n  await db.delete(extensions).where(eq(extensions.id, id));\n  await notifyExtensionChanged(targets);\n  return true;\n}\n\nexport async function getHiddenExtensionIdsForCurrentUser(): Promise<\n  Set<string>\n> {\n  await ensureExtensionsTables();\n  const userEmail = getRequestUserEmail();\n  if (!userEmail) return new Set();\n\n  const db = getDb();\n  const rows = await db\n    .select({ extensionId: extensionHides.extensionId })\n    .from(extensionHides)\n    .where(eq(extensionHides.ownerEmail, userEmail));\n  return new Set(rows.map((row) => row.extensionId));\n}\n\nexport async function hideExtension(id: string): Promise<boolean> {\n  await ensureExtensionsTables();\n  await assertAccess(\"extension\", id, \"viewer\");\n  const userEmail = getRequestUserEmail();\n  if (!userEmail) throw new Error(\"no authenticated user\");\n\n  const now = new Date().toISOString();\n  await getDbExec().execute({\n    sql: `INSERT INTO tool_hidden_extensions (id, tool_id, owner_email, created_at)\n      VALUES (?, ?, ?, ?)\n      ON CONFLICT (owner_email, tool_id) DO NOTHING`,\n    args: [randomUUID(), id, userEmail, now],\n  });\n  await notifyExtensionChanged([{ owner: userEmail }]);\n  return true;\n}\n\nexport async function unhideExtension(id: string): Promise<boolean> {\n  await ensureExtensionsTables();\n  const userEmail = getRequestUserEmail();\n  if (!userEmail) throw new Error(\"no authenticated user\");\n\n  await getDbExec().execute({\n    sql: `DELETE FROM tool_hidden_extensions WHERE tool_id = ? AND owner_email = ?`,\n    args: [id, userEmail],\n  });\n  await notifyExtensionChanged([{ owner: userEmail }]);\n  return true;\n}\n"]}

package/dist/mcp/build-server.d.ts

@@ -71,6 +71,8 @@ export interface MCPConfig {
 export interface MCPCallerIdentity {
     userEmail: string | undefined;
     orgDomain: string | undefined;
+    /** Present only for standard remote MCP OAuth access tokens. */
+    oauthScopes?: string[];
 }
 /** Per-request context used to turn an action's relative deep link into the
  *  absolute web URL (and desktop `agentnative://` URL) the external agent
@@ -168,6 +170,7 @@ export declare function getAccessTokens(): string[];
  */
 export declare function verifyAuth(authHeader: string | undefined, ownerEmailHeader?: string | undefined, options?: {
     allowDevOpen?: boolean;
+    resourceUrl?: string;
 }): Promise<{
     authed: boolean;
     identity?: MCPCallerIdentity;

package/dist/mcp/build-server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"build-server.d.ts","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAiBhE,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC;;;;;;;;;;;OAWG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAChD,qEAAqE;IACrE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;CAC/B;AAED;;;kEAGkE;AAClE,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,MAAM,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IAC5C;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAYD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,cAAc,GAAG,SAAS,GAC/B;IACD,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAyBA;AAqHD;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,iBAAiB,GAAG,SAAS,EACvC,WAAW,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAsQ7B;AAOD,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAc1C;AAyCD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,EACrC,OAAO,GAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAA;CAAO,GACvC,OAAO,CAAC;IACT,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC,CA+FD;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAS7B"}
+{"version":3,"file":"build-server.d.ts","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAsBhE,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC;;;;;;;;;;;OAWG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAChD,qEAAqE;IACrE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;;kEAGkE;AAClE,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,MAAM,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IAC5C;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAwBD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,cAAc,GAAG,SAAS,GAC/B;IACD,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAyBA;AAqHD;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,iBAAiB,GAAG,SAAS,EACvC,WAAW,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA2S7B;AAOD,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAc1C;AAyCD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,EACrC,OAAO,GAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAO,GAC7D,OAAO,CAAC;IACT,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC,CAkHD;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAS7B"}

package/dist/mcp/build-server.js

@@ -24,6 +24,13 @@ import { toAbsoluteOpenUrl, toDesktopOpenUrl } from "../server/deep-link.js";
 import { isAgentNativeOpenDeepLink, withCollapsedAgentSidebarParam, } from "../shared/agent-sidebar-url.js";
 import { getBuiltinCrossAppTools } from "./builtin-tools.js";
 import { MCP_CONNECT_SCOPE } from "./connect-store.js";
+import { hasMcpOAuthScope, verifyMcpOAuthAccessToken, } from "./oauth-token.js";
+function isActionVisibleForOAuthScope(entry, scopes) {
+    if (!scopes)
+        return true;
+    const required = entry.readOnly === true ? "mcp:read" : "mcp:write";
+    return hasMcpOAuthScope(scopes, required);
+}
 /**
  * Build the deep-link content block + structured `_meta` for a tool result.
  * Best-effort: any throw / nullish link is swallowed so a bad `link` builder
@@ -189,7 +196,10 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
         ? config.productionActions
         : config.actions;
     const actions = mergeBuiltinTools(config, baseActions, requestMeta);
-    const mcpAppResources = getMcpAppResources(config, actions);
+    const visibleActions = Object.fromEntries(Object.entries(actions).filter(([, entry]) => isActionVisibleForOAuthScope(entry, effectiveIdentity?.oauthScopes)));
+    const mcpAppResources = hasMcpOAuthScope(effectiveIdentity?.oauthScopes, "mcp:apps")
+        ? getMcpAppResources(config, visibleActions)
+        : [];
     const supportsMcpApps = mcpAppResources.length > 0;
     const server = new Server({ name: config.name, version: config.version ?? "1.0.0" }, {
         capabilities: {
@@ -236,7 +246,7 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
     // applies to the listing too.
     server.setRequestHandler(ListToolsRequestSchema, async () => {
         return withCallerContext(async () => {
-            const tools = Object.entries(actions).map(([name, entry]) => {
+            const tools = Object.entries(visibleActions).map(([name, entry]) => {
                 const hasLink = typeof entry.link === "function";
                 const mcpAppResource = resolveMcpAppResource(config, name, entry);
                 const baseDescription = entry.tool.description ?? name;
@@ -265,7 +275,8 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
                         : {}),
                 };
             });
-            if (config.askAgent) {
+            if (config.askAgent &&
+                hasMcpOAuthScope(effectiveIdentity?.oauthScopes, "mcp:write")) {
                 tools.push({
                     name: "ask-agent",
                     description: "Send a natural-language message to the app's AI agent and get a response. " +
@@ -293,6 +304,17 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
         return withCallerContext(async () => {
             const { name, arguments: args } = request.params;
             if (name === "ask-agent" && config.askAgent) {
+                if (!hasMcpOAuthScope(effectiveIdentity?.oauthScopes, "mcp:write")) {
+                    return {
+                        content: [
+                            {
+                                type: "text",
+                                text: "Forbidden: OAuth scope does not allow ask-agent",
+                            },
+                        ],
+                        isError: true,
+                    };
+                }
                 const message = args?.message ?? "";
                 try {
                     const result = await config.askAgent(message);
@@ -312,6 +334,17 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
                     isError: true,
                 };
             }
+            if (!isActionVisibleForOAuthScope(entry, effectiveIdentity?.oauthScopes)) {
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: `Forbidden: OAuth scope does not allow tool ${name}`,
+                        },
+                    ],
+                    isError: true,
+                };
+            }
             try {
                 const result = await entry.run(args ?? {});
                 const resultForClient = isMcpActionResult(result)
@@ -355,7 +388,7 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
         server.setRequestHandler(ReadResourceRequestSchema, async (request) => {
             return withCallerContext(async () => {
                 const uri = request.params?.uri;
-                const found = Object.entries(actions)
+                const found = Object.entries(visibleActions)
                     .map(([name, entry]) => ({
                     actionName: name,
                     resource: resolveMcpAppResource(config, name, entry),
@@ -461,6 +494,23 @@ export async function verifyAuth(authHeader, ownerEmailHeader, options = {}) {
     // owner hint there so the local install/connect flow stays tenant-scoped.
     const accessTokens = getAccessTokens();
     const hasA2ASecret = !!process.env.A2A_SECRET;
+    const token = authHeader?.startsWith("Bearer ")
+        ? authHeader.slice(7)
+        : undefined;
+    if (token) {
+        const oauthIdentity = await verifyMcpOAuthAccessToken(token, options.resourceUrl);
+        if (oauthIdentity) {
+            return {
+                authed: true,
+                identity: {
+                    userEmail: oauthIdentity.userEmail,
+                    orgDomain: oauthIdentity.orgDomain,
+                    oauthScopes: oauthIdentity.scopes,
+                },
+                fullSurface: true,
+            };
+        }
+    }
     if (accessTokens.length === 0 && !hasA2ASecret) {
         if (options.allowDevOpen === false) {
             return { authed: false };
@@ -475,9 +525,8 @@ export async function verifyAuth(authHeader, ownerEmailHeader, options = {}) {
             fullSurface: !!(ownerEmailHeader && ownerEmailHeader.trim()),
         };
     }
-    if (!authHeader?.startsWith("Bearer "))
+    if (!token)
         return { authed: false };
-    const token = authHeader.slice(7);
     // Try JWT via A2A_SECRET
     if (hasA2ASecret) {
         try {

package/dist/mcp/build-server.js.map

@@ -1 +1 @@
-{"version":3,"file":"build-server.js","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,6BAA6B,GAE9B,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC7E,OAAO,EACL,yBAAyB,EACzB,8BAA8B,GAC/B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAwFvD;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAkB,EAClB,IAAyB,EACzB,MAAW,EACX,IAAgC;IAKhC,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU;QAAE,OAAO,EAAE,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,EAAE,EAAE,GAAG;YAAE,OAAO,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,yBAAyB,CAAC,EAAE,CAAC,GAAG,CAAC;YAC/C,CAAC,CAAC,8BAA8B,CAAC,EAAE,CAAC,GAAG,CAAC;YACxC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC;QACX,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,IAAI,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;QACrE,OAAO;YACL,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,KAAK,OAAO,WAAW,GAAG,EAAE;YACpE,KAAK,EAAE;gBACL,uBAAuB,EAAE;oBACvB,KAAK,EAAE,EAAE,CAAC,KAAK;oBACf,IAAI,EAAE,EAAE,CAAC,IAAI;oBACb,MAAM;oBACN,UAAU;iBACX;aACF;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,iBAAiB,CACxB,MAAiB,EACjB,WAAwC,EACxC,WAA4B;IAE5B,IAAI,MAAM,CAAC,oBAAoB,KAAK,KAAK;QAAE,OAAO,WAAW,CAAC;IAC9D,MAAM,QAAQ,GAAG,uBAAuB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAgC,EAAE,GAAG,QAAQ,EAAE,CAAC;IAC5D,wDAAwD;IACxD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;IACvB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,KAAyB,EAAE,QAAgB;IAChE,MAAM,UAAU,GAAG,CAAC,KAAK,IAAI,QAAQ,CAAC;SACnC,IAAI,EAAE;SACN,WAAW,EAAE;SACb,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC;SAC9B,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAC3B,OAAO,UAAU,IAAI,QAAQ,CAAC;AAChC,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAiB,EAAE,UAAkB;IAC7D,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACjD,OAAO,QAAQ,GAAG,IAAI,MAAM,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,YAAY,CACnB,QAAoC;IAEpC,MAAM,IAAI,GACR,QAAQ,CAAC,KAAK,IAAI,OAAO,QAAQ,CAAC,KAAK,KAAK,QAAQ;QAClD,CAAC,CAAC,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE;QACvB,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,UAAU,GACd,IAAI,CAAC,EAAE,IAAI,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/D,CAAC,CAAE,IAAI,CAAC,EAA8B;QACtC,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,EAAE,GAA4B,EAAE,GAAG,UAAU,EAAE,CAAC;IACtD,IAAI,QAAQ,CAAC,GAAG;QAAE,EAAE,CAAC,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC;IACxC,IAAI,QAAQ,CAAC,WAAW;QAAE,EAAE,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;IAChE,IAAI,QAAQ,CAAC,MAAM;QAAE,EAAE,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;IACjD,IAAI,OAAO,QAAQ,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QAChD,EAAE,CAAC,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC;IAC5C,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IAC7C,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AACzD,CAAC;AAED,SAAS,qBAAqB,CAC5B,MAAiB,EACjB,UAAkB,EAClB,KAAkB;IAElB,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC;IACxC,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,gBAAgB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACzE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1C,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC5C,OAAO;QACL,GAAG;QACH,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,UAAU;QACzC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpD,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,IAAI,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;YAClD,CAAC,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE;YACjE,CAAC,CAAC,EAAE,CAAC;QACP,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,iBAAiB;QAChD,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,MAAiB,EACjB,OAAoC;IAEpC,OAAO,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE;QACvD,MAAM,QAAQ,GAAG,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAC5D,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CACvB,QAAgC,EAChC,UAAkB,EAClB,MAAiB,EACjB,WAA4B;IAE5B,IAAI,OAAO,QAAQ,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACxC,OAAO,QAAQ,CAAC,IAAI,CAAC;YACnB,UAAU;YACV,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,aAAa,EAAE,WAAW,EAAE,MAAM;SACnC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC;AACvB,CAAC;AAED,8EAA8E;AAC9E,mEAAmE;AACnE,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiB,EACjB,QAAuC,EACvC,WAA4B;IAE5B,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAC7E,MAAM,EACJ,sBAAsB,EACtB,qBAAqB,EACrB,0BAA0B,EAC1B,yBAAyB,EACzB,kCAAkC,GACnC,GAAG,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;IAEvD,uEAAuE;IACvE,0EAA0E;IAC1E,8DAA8D;IAC9D,4EAA4E;IAC5E,6EAA6E;IAC7E,2EAA2E;IAC3E,yEAAyE;IACzE,sBAAsB;IACtB,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IAClE,MAAM,iBAAiB,GACrB,QAAQ;QACR,CAAC,YAAY;YACX,CAAC,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE;YACnD,CAAC,CAAC,SAAS,CAAC,CAAC;IAEjB,0EAA0E;IAC1E,yEAAyE;IACzE,yEAAyE;IACzE,wEAAwE;IACxE,wEAAwE;IACxE,wEAAwE;IACxE,yEAAyE;IACzE,YAAY;IACZ,MAAM,cAAc,GAAG,WAAW,EAAE,WAAW,KAAK,IAAI,IAAI,CAAC,CAAC,YAAY,CAAC;IAC3E,MAAM,WAAW,GACf,cAAc,IAAI,MAAM,CAAC,iBAAiB;QACxC,CAAC,CAAC,MAAM,CAAC,iBAAiB;QAC1B,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;IACrB,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;IACpE,MAAM,eAAe,GAAG,kBAAkB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5D,MAAM,eAAe,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,OAAO,EAAE,EACzD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;YACT,GAAG,CAAC,eAAe;gBACjB,CAAC,CAAC;oBACE,SAAS,EAAE,EAAE;oBACb,UAAU,EAAE;wBACV,CAAC,oBAAoB,CAAC,EAAE;4BACtB,SAAS,EAAE,CAAC,iBAAiB,CAAC;yBAC/B;qBACF;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR;KACF,CACF,CAAC;IAEF,qEAAqE;IACrE,wEAAwE;IACxE,sEAAsE;IACtE,qEAAqE;IACrE,wCAAwC;IACxC,MAAM,YAAY,GAAG,sBAAsB,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAE1E;;;;;;;;;;OAUG;IACH,KAAK,UAAU,iBAAiB,CAAI,EAAoB;QACtD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC;QACjC,OAAO,qBAAqB,CAC1B;YACE,SAAS,EAAE,iBAAiB,EAAE,SAAS;YACvC,KAAK;YACL,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtE,EACD,EAAE,CACW,CAAC;IAClB,CAAC;IAED,wEAAwE;IACxE,wEAAwE;IACxE,8BAA8B;IAC9B,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;YAClC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE;gBAC1D,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU,CAAC;gBACjD,MAAM,cAAc,GAAG,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;gBAClE,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;gBACvD,OAAO;oBACL,IAAI;oBACJ,WAAW,EAAE,OAAO;wBAClB,CAAC,CAAC,GAAG,eAAe,sEAAsE;wBAC1F,CAAC,CAAC,eAAe;oBACnB,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI;wBACpC,IAAI,EAAE,QAAiB;wBACvB,UAAU,EAAE,EAAE;qBACf;oBACD,GAAG,CAAC,cAAc;wBAChB,CAAC,CAAC;4BACE,KAAK,EAAE;gCACL,CAAC,6BAA6B,CAAC,EAAE,cAAc,CAAC,GAAG;gCACnD,EAAE,EAAE;oCACF,WAAW,EAAE,cAAc,CAAC,GAAG;oCAC/B,UAAU,EAAE,KAAK,CAAC,MAAM,EAAE,UAAU,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC;iCACzD;6BACF;yBACF;wBACH,CAAC,CAAC,EAAE,CAAC;oBACP,GAAG,CAAC,OAAO;wBACT,CAAC,CAAC,EAAE,WAAW,EAAE,EAAE,+BAA+B,EAAE,IAAI,EAAE,EAAE;wBAC5D,CAAC,CAAC,EAAE,CAAC;iBACR,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,WAAW;oBACjB,WAAW,EACT,4EAA4E;wBAC5E,4EAA4E;wBAC5E,iCAAiC;oBACnC,WAAW,EAAE;wBACX,IAAI,EAAE,QAAiB;wBACvB,UAAU,EAAE;4BACV,OAAO,EAAE;gCACP,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,kCAAkC;6BAChD;yBACF;wBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;qBACtB;iBACF,CAAC,CAAC;YACL,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,CAAC;QACnB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,uEAAuE;IACvE,iEAAiE;IACjE,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QACrE,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;YAClC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAEjD,IAAI,IAAI,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC5C,MAAM,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBAC9C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;gBACvD,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,OAAO;wBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;wBAC1D,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;YAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;oBAC1D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAE,IAA+B,IAAI,EAAE,CAAC,CAAC;gBACvE,MAAM,eAAe,GAAG,iBAAiB,CAAC,MAAM,CAAC;oBAC/C,CAAC,CAAC,MAAM,CAAC,IAAI;oBACb,CAAC,CAAC,MAAM,CAAC;gBACX,MAAM,IAAI,GACR,OAAO,eAAe,KAAK,QAAQ;oBACjC,CAAC,CAAC,eAAe;oBACjB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;gBACtC,MAAM,OAAO,GAAU,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChD,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,kBAAkB,CACzC,KAAK,EACJ,IAA4B,IAAI,EAAE,EACnC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAC/C,WAAW,CACZ,CAAC;gBACF,IAAI,KAAK;oBAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC/B,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;YAClD,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;oBAC1D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,CAAC,iBAAiB,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;YAC9D,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;gBACpC,SAAS,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;oBAC5C,GAAG,EAAE,QAAQ,CAAC,GAAG;oBACjB,IAAI,EAAE,QAAQ,CAAC,IAAI;oBACnB,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACpD,GAAG,CAAC,QAAQ,CAAC,WAAW;wBACtB,CAAC,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAC,WAAW,EAAE;wBACvC,CAAC,CAAC,EAAE,CAAC;oBACP,QAAQ,EAAE,QAAQ,CAAC,QAAQ;oBAC3B,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACrD,CAAC,CAAC;aACJ,CAAC,CAAC,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,iBAAiB,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YACtE,OAAO,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,iBAAiB,CACtB,yBAAyB,EACzB,KAAK,EAAE,OAAY,EAAE,EAAE;YACrB,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;gBAChC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;qBAClC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;oBACvB,UAAU,EAAE,IAAI;oBAChB,QAAQ,EAAE,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC;iBACrD,CAAC,CAAC;qBACF,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,KAAK,GAAG,CAAC,CAAC;gBACxD,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC;oBACrB,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,EAAE,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,GAAG,EAAE,KAAK,CAAC,QAAQ,CAAC,GAAG;4BACvB,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ;4BACjC,IAAI,EAAE,gBAAgB,CACpB,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,UAAU,EAChB,MAAM,EACN,WAAW,CACZ;4BACD,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK;gCACtB,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE;gCACjC,CAAC,CAAC,EAAE,CAAC;yBACR;qBACF;iBACF,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,6EAA6E;AAC7E,gFAAgF;AAChF,8EAA8E;AAE9E,MAAM,UAAU,eAAe;IAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACxC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CACT,GAAG,KAAK;aACL,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,CACnB,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,SAAS,yBAAyB,CAChC,gBAAoC;IAEpC,MAAM,KAAK,GACT,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE;QAC5C,CAAC,OAAO,gBAAgB,KAAK,QAAQ,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;QACjE,EAAE,CAAC;IACL,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AACpD,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,gBAAqC,EACrC,UAAsC,EAAE;IAaxC,oEAAoE;IACpE,yEAAyE;IACzE,0EAA0E;IAC1E,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;IACvC,MAAM,YAAY,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAC9C,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;YACnC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;YACrD,uEAAuE;YACvE,sEAAsE;YACtE,uEAAuE;YACvE,iDAAiD;YACjD,WAAW,EAAE,CAAC,CAAC,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;SAC7D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IACjE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAElC,yBAAyB;IACzB,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;YAClC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CACtC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAW,CAAC,CAClD,CAAC;YAEF,MAAM,UAAU,GACd,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,IAAI,UAAU,IAAI,UAAU,KAAK,iBAAiB,EAAE,CAAC;gBACnD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC3B,CAAC;YAED,uEAAuE;YACvE,mEAAmE;YACnE,sEAAsE;YACtE,gEAAgE;YAChE,iEAAiE;YACjE,mEAAmE;YACnE,uEAAuE;YACvE,kCAAkC;YAClC,IAAI,UAAU,KAAK,iBAAiB,EAAE,CAAC;gBACrC,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBACpD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;gBAC3B,CAAC;gBACD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;gBACxB,IAAI,CAAC;oBACH,MAAM,EAAE,YAAY,EAAE,cAAc,EAAE,GACpC,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;oBACrC,IAAI,MAAM,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC5B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;oBAC3B,CAAC;oBACD,uDAAuD;oBACvD,KAAK,cAAc,CAAC,GAAG,CAAC,CAAC;gBAC3B,CAAC;gBAAC,MAAM,CAAC;oBACP,gEAAgE;gBAClE,CAAC;YACH,CAAC;YAED,OAAO;gBACL,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE;oBACR,SAAS,EAAE,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;oBACpE,SAAS,EACP,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;wBACpC,CAAC,CAAE,OAAO,CAAC,UAAqB;wBAChC,CAAC,CAAC,SAAS;iBAChB;gBACD,mEAAmE;gBACnE,WAAW,EAAE,IAAI;aAClB,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;QAClD,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,uEAAuE;IACvE,4DAA4D;IAC5D,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;YACrD,qDAAqD;YACrD,WAAW,EAAE,IAAI;SAClB,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,SAA6B;IAE7B,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAChD,OAAO,GAAG,EAAE,KAAK,IAAI,SAAS,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["/**\n * Shared MCP server builder.\n *\n * Extracted from `server.ts` so the stateless Streamable-HTTP mount\n * (`mountMCP`) and the stdio transport (`runMCPStdio --standalone`) build the\n * *same* MCP server from the *same* `ActionEntry` registry. Both surfaces:\n *\n *   - expose every action as an MCP tool (+ the `ask-agent` meta-tool),\n *   - append the framework deep-link block / `_meta` to every tool result,\n *   - wrap `run()` / `askAgent()` in `runWithRequestContext` so per-user /\n *     per-org scoping (accessFilter, resolveCredential, MCP visibility) is\n *     honoured.\n *\n * `server.ts` re-exports `createMCPServerForRequest` and the auth helpers so\n * any (future) external importer of `@agent-native/core/mcp` keeps resolving.\n *\n * Node-only at the SDK level, but this module itself has no Node-only imports\n * — it can be bundled into the serverless function alongside `mountMCP`.\n */\n\nimport type { ActionEntry } from \"../agent/production-agent.js\";\nimport { isMcpActionResult } from \"../mcp-client/app-result.js\";\nimport {\n  MCP_APP_EXTENSION_ID,\n  MCP_APP_MIME_TYPE,\n  MCP_APP_RESOURCE_URI_META_KEY,\n  type ActionMcpAppResourceConfig,\n} from \"../action.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport { toAbsoluteOpenUrl, toDesktopOpenUrl } from \"../server/deep-link.js\";\nimport {\n  isAgentNativeOpenDeepLink,\n  withCollapsedAgentSidebarParam,\n} from \"../shared/agent-sidebar-url.js\";\nimport { getBuiltinCrossAppTools } from \"./builtin-tools.js\";\nimport { MCP_CONNECT_SCOPE } from \"./connect-store.js\";\n\nexport interface MCPConfig {\n  /** App name shown in MCP server info */\n  name: string;\n  /**\n   * Canonical app id (directory under `apps/`, e.g. `mail`) this MCP server\n   * is mounted for. Optional & back-compat: when omitted the builtin\n   * cross-app tools fall back to lowercasing `name`. Used by `open_app` /\n   * `ask_app` / `create_workspace_app` to tell \"this app\" from a cross-app\n   * target so they resolve the *target* app's origin rather than echoing the\n   * current request origin.\n   */\n  appId?: string;\n  /** App description */\n  description: string;\n  /** Version string (default \"1.0.0\") */\n  version?: string;\n  /** Action registry — same as agent chat and A2A */\n  actions: Record<string, ActionEntry>;\n  /**\n   * Full (\"production\") action surface served to an **authenticated real\n   * caller** — a connect-minted token, an `agent-native mcp install` stdio\n   * proxy (owner-email header / `AGENT_NATIVE_OWNER_EMAIL`), or a deployed /\n   * `AGENT_MODE=production` app. In local dev `actions` is intentionally the\n   * sparse, dev-toggled surface (builtins + read-only public-agent actions)\n   * so the local agent chat and unauthenticated dev probes don't see every\n   * mutating tool; but per the external-agents contract a real caller that\n   * connected with a token MUST get the full surface even in dev. When unset\n   * (production, where `actions` already IS the full set) the swap is a\n   * no-op. See `external-agents` skill, \"Dev vs production tool surface\".\n   */\n  productionActions?: Record<string, ActionEntry>;\n  /** Handler for the ask-agent meta-tool — runs the full agent loop */\n  askAgent?: (message: string) => Promise<string>;\n  /**\n   * Disable the generic cross-app builtin tools (`list_apps`, `open_app`,\n   * `ask_app`, `create_workspace_app`, `list_templates`). They are merged in\n   * by default so external agents get a stable verb set; a template action of\n   * the same name always wins (template precedence). Set to `false` only for\n   * a constrained / locked-down mount.\n   */\n  builtinCrossAppTools?: boolean;\n}\n\n/**\n * Identity extracted from a verified MCP bearer token / JWT. Used to wrap\n * `entry.run()` and `config.askAgent()` calls in `runWithRequestContext`\n * so downstream tools (db-query, accessFilter, resolveCredential) honour\n * per-user / per-org scoping. Without this wrap the MCP endpoint would\n * silently bypass tenant isolation. See finding #6 in\n * /tmp/security-audit/12-mcp-a2a-agent.md.\n */\nexport interface MCPCallerIdentity {\n  userEmail: string | undefined;\n  orgDomain: string | undefined;\n}\n\n/** Per-request context used to turn an action's relative deep link into the\n *  absolute web URL (and desktop `agentnative://` URL) the external agent\n *  surfaces. Derived from the inbound request headers in `mountMCP`, or from\n *  the resolved local app origin in the stdio standalone path. */\nexport interface MCPRequestMeta {\n  /** Origin of the running app, e.g. `http://localhost:8100`. */\n  origin?: string;\n  /** Optional client preference for which URL the *markdown* link uses. */\n  target?: \"browser\" | \"desktop\" | \"terminal\";\n  /**\n   * The caller authenticated with a real credential (verified A2A/connect\n   * JWT, matching ACCESS_TOKEN, or a forwarded owner-email header from\n   * `agent-native mcp install`) — not the unauthenticated local dev-open\n   * path. When true, `createMCPServerForRequest` serves\n   * `config.productionActions` (the full surface) instead of the sparse dev\n   * `config.actions`. Set by `mountMCP` from `verifyAuth`.\n   */\n  fullSurface?: boolean;\n}\n\ninterface ResolvedMcpAppResource {\n  uri: string;\n  name: string;\n  title?: string;\n  description?: string;\n  html: ActionMcpAppResourceConfig[\"html\"];\n  mimeType: typeof MCP_APP_MIME_TYPE;\n  _meta?: Record<string, unknown>;\n}\n\n/**\n * Build the deep-link content block + structured `_meta` for a tool result.\n * Best-effort: any throw / nullish link is swallowed so a bad `link` builder\n * never fails the tool call.\n */\nexport function buildLinkArtifacts(\n  entry: ActionEntry,\n  args: Record<string, any>,\n  result: any,\n  meta: MCPRequestMeta | undefined,\n): {\n  block?: { type: \"text\"; text: string };\n  _meta?: Record<string, unknown>;\n} {\n  if (typeof entry.link !== \"function\") return {};\n  try {\n    const lk = entry.link({ args: args ?? {}, result });\n    if (!lk?.url) return {};\n    const linkUrl = isAgentNativeOpenDeepLink(lk.url)\n      ? withCollapsedAgentSidebarParam(lk.url)\n      : lk.url;\n    const webUrl = toAbsoluteOpenUrl(linkUrl, meta?.origin);\n    const desktopUrl = toDesktopOpenUrl(linkUrl);\n    const markdownUrl = meta?.target === \"desktop\" ? desktopUrl : webUrl;\n    return {\n      block: { type: \"text\", text: `\\n\\n[${lk.label} →](${markdownUrl})` },\n      _meta: {\n        \"agent-native/openLink\": {\n          label: lk.label,\n          view: lk.view,\n          webUrl,\n          desktopUrl,\n        },\n      },\n    };\n  } catch {\n    return {};\n  }\n}\n\n/**\n * Merge the generic cross-app builtin tools into the config's action\n * registry. **Template actions take precedence**: if a template defines an\n * action with the same name as a builtin (e.g. its own `list_apps`), the\n * template entry wins and the builtin is dropped. This mirrors the\n * template-over-workspace-core precedence in `autoDiscoverActions`.\n *\n * The builtins are pure-ish navigators / scaffolders; they call back into the\n * same `config.actions` / `config.askAgent` so there is no second agent loop.\n */\nfunction mergeBuiltinTools(\n  config: MCPConfig,\n  baseActions: Record<string, ActionEntry>,\n  requestMeta?: MCPRequestMeta,\n): Record<string, ActionEntry> {\n  if (config.builtinCrossAppTools === false) return baseActions;\n  const builtins = getBuiltinCrossAppTools(config, requestMeta);\n  const merged: Record<string, ActionEntry> = { ...builtins };\n  // Template / app actions overwrite same-named builtins.\n  for (const [name, entry] of Object.entries(baseActions)) {\n    merged[name] = entry;\n  }\n  return merged;\n}\n\nfunction safeUiSegment(value: string | undefined, fallback: string): string {\n  const normalized = (value || fallback)\n    .trim()\n    .toLowerCase()\n    .replace(/[^a-z0-9._-]+/g, \"-\")\n    .replace(/^-+|-+$/g, \"\");\n  return normalized || fallback;\n}\n\nfunction defaultMcpAppUri(config: MCPConfig, actionName: string): string {\n  const app = safeUiSegment(config.appId ?? config.name, \"agent-native\");\n  const action = safeUiSegment(actionName, \"tool\");\n  return `ui://${app}/${action}`;\n}\n\nfunction mcpAppUiMeta(\n  resource: ActionMcpAppResourceConfig,\n): Record<string, unknown> | undefined {\n  const base =\n    resource._meta && typeof resource._meta === \"object\"\n      ? { ...resource._meta }\n      : {};\n  const existingUi =\n    base.ui && typeof base.ui === \"object\" && !Array.isArray(base.ui)\n      ? (base.ui as Record<string, unknown>)\n      : {};\n  const ui: Record<string, unknown> = { ...existingUi };\n  if (resource.csp) ui.csp = resource.csp;\n  if (resource.permissions) ui.permissions = resource.permissions;\n  if (resource.domain) ui.domain = resource.domain;\n  if (typeof resource.prefersBorder === \"boolean\") {\n    ui.prefersBorder = resource.prefersBorder;\n  }\n  if (Object.keys(ui).length > 0) base.ui = ui;\n  return Object.keys(base).length > 0 ? base : undefined;\n}\n\nfunction resolveMcpAppResource(\n  config: MCPConfig,\n  actionName: string,\n  entry: ActionEntry,\n): ResolvedMcpAppResource | null {\n  const resource = entry.mcpApp?.resource;\n  if (!resource) return null;\n  const uri = resource.uri?.trim() || defaultMcpAppUri(config, actionName);\n  if (!uri.startsWith(\"ui://\")) return null;\n  const resourceMeta = mcpAppUiMeta(resource);\n  return {\n    uri,\n    name: resource.name?.trim() || actionName,\n    ...(resource.title ? { title: resource.title } : {}),\n    ...((resource.description ?? entry.tool.description)\n      ? { description: resource.description ?? entry.tool.description }\n      : {}),\n    html: resource.html,\n    mimeType: resource.mimeType ?? MCP_APP_MIME_TYPE,\n    ...(resourceMeta ? { _meta: resourceMeta } : {}),\n  };\n}\n\nfunction getMcpAppResources(\n  config: MCPConfig,\n  actions: Record<string, ActionEntry>,\n): ResolvedMcpAppResource[] {\n  return Object.entries(actions).flatMap(([name, entry]) => {\n    const resource = resolveMcpAppResource(config, name, entry);\n    return resource ? [resource] : [];\n  });\n}\n\nfunction renderMcpAppHtml(\n  resource: ResolvedMcpAppResource,\n  actionName: string,\n  config: MCPConfig,\n  requestMeta?: MCPRequestMeta,\n): string {\n  if (typeof resource.html === \"function\") {\n    return resource.html({\n      actionName,\n      appId: config.appId,\n      requestOrigin: requestMeta?.origin,\n    });\n  }\n  return resource.html;\n}\n\n// ---------------------------------------------------------------------------\n// MCP Server creation — converts ActionEntry registry to MCP tools\n// ---------------------------------------------------------------------------\n\n/**\n * Build a fully-wired MCP `Server` for a single request / session.\n *\n * Shared by the stateless Streamable-HTTP mount (`mountMCP`) and the stdio\n * standalone transport. The HTTP mount passes the per-request origin via\n * `requestMeta`; the stdio standalone path passes the resolved local app\n * origin so deep links still become absolute URLs.\n */\nexport async function createMCPServerForRequest(\n  config: MCPConfig,\n  identity: MCPCallerIdentity | undefined,\n  requestMeta?: MCPRequestMeta,\n) {\n  const { Server } = await import(\"@modelcontextprotocol/sdk/server/index.js\");\n  const {\n    ListToolsRequestSchema,\n    CallToolRequestSchema,\n    ListResourcesRequestSchema,\n    ReadResourceRequestSchema,\n    ListResourceTemplatesRequestSchema,\n  } = await import(\"@modelcontextprotocol/sdk/types.js\");\n\n  // Resolve the effective caller identity. JWT / header-derived identity\n  // (passed by `mountMCP` via `verifyAuth`) wins. When the caller passed no\n  // identity — the stdio **standalone** path — fall back to the\n  // `AGENT_NATIVE_OWNER_EMAIL` env the `agent-native mcp install` flow writes\n  // into the `agent-native mcp serve` process env, so standalone tool runs are\n  // tenant-scoped to the configured owner instead of running unscoped. Stays\n  // undefined for true dev-open (no token, no secret, no owner) — behavior\n  // there is unchanged.\n  const ownerFromEnv = process.env.AGENT_NATIVE_OWNER_EMAIL?.trim();\n  const effectiveIdentity: MCPCallerIdentity | undefined =\n    identity ??\n    (ownerFromEnv\n      ? { userEmail: ownerFromEnv, orgDomain: undefined }\n      : undefined);\n\n  // The action set the request handlers operate on = base actions + generic\n  // cross-app builtins (template wins on name collision). An authenticated\n  // real caller (connect-minted token / `mcp install` owner / production —\n  // `requestMeta.fullSurface`, or the stdio standalone path identified by\n  // `AGENT_NATIVE_OWNER_EMAIL`) gets the full `productionActions` surface\n  // even in local dev; the unauthenticated dev-open path keeps the sparse\n  // `config.actions`. See `external-agents` skill, \"Dev vs production tool\n  // surface\".\n  const useFullSurface = requestMeta?.fullSurface === true || !!ownerFromEnv;\n  const baseActions =\n    useFullSurface && config.productionActions\n      ? config.productionActions\n      : config.actions;\n  const actions = mergeBuiltinTools(config, baseActions, requestMeta);\n  const mcpAppResources = getMcpAppResources(config, actions);\n  const supportsMcpApps = mcpAppResources.length > 0;\n  const server = new Server(\n    { name: config.name, version: config.version ?? \"1.0.0\" },\n    {\n      capabilities: {\n        tools: {},\n        ...(supportsMcpApps\n          ? {\n              resources: {},\n              extensions: {\n                [MCP_APP_EXTENSION_ID]: {\n                  mimeTypes: [MCP_APP_MIME_TYPE],\n                },\n              },\n            }\n          : {}),\n      },\n    },\n  );\n\n  // Resolve orgId once per request (DB lookup) so subsequent wraps are\n  // synchronous. The caller identity may be undefined for true dev-open —\n  // in that case we run with no userEmail/orgId, which makes downstream\n  // tools that require per-user scope return empty results rather than\n  // cross-tenant data (the safe default).\n  const orgIdPromise = resolveOrgIdFromDomain(effectiveIdentity?.orgDomain);\n\n  /**\n   * Wrap a callback in\n   * `runWithRequestContext({ userEmail, orgId, requestOrigin }, fn)`.\n   * Both the tools/list and tools/call handlers go through this so\n   * downstream `accessFilter`, `resolveCredential`, and per-user MCP\n   * visibility checks see the verified caller's identity. `requestOrigin`\n   * is the live server origin derived from the inbound request (same value\n   * used to absolutize deep links) so actions that build fetchable URLs\n   * (e.g. design `export-coding-handoff`'s signed raw-code URL) resolve the\n   * correct local-workspace origin instead of a prod/localhost fallback.\n   */\n  async function withCallerContext<T>(fn: () => Promise<T>): Promise<T> {\n    const orgId = await orgIdPromise;\n    return runWithRequestContext(\n      {\n        userEmail: effectiveIdentity?.userEmail,\n        orgId,\n        ...(requestMeta?.origin ? { requestOrigin: requestMeta.origin } : {}),\n      },\n      fn,\n    ) as Promise<T>;\n  }\n\n  // tools/list — return all actions + ask-agent meta-tool. Wrapped in the\n  // request context so per-user MCP visibility (mcp-client/visibility.ts)\n  // applies to the listing too.\n  server.setRequestHandler(ListToolsRequestSchema, async () => {\n    return withCallerContext(async () => {\n      const tools = Object.entries(actions).map(([name, entry]) => {\n        const hasLink = typeof entry.link === \"function\";\n        const mcpAppResource = resolveMcpAppResource(config, name, entry);\n        const baseDescription = entry.tool.description ?? name;\n        return {\n          name,\n          description: hasLink\n            ? `${baseDescription} After calling, surface the returned \"Open in … →\" link to the user.`\n            : baseDescription,\n          inputSchema: entry.tool.parameters ?? {\n            type: \"object\" as const,\n            properties: {},\n          },\n          ...(mcpAppResource\n            ? {\n                _meta: {\n                  [MCP_APP_RESOURCE_URI_META_KEY]: mcpAppResource.uri,\n                  ui: {\n                    resourceUri: mcpAppResource.uri,\n                    visibility: entry.mcpApp?.visibility ?? [\"model\", \"app\"],\n                  },\n                },\n              }\n            : {}),\n          ...(hasLink\n            ? { annotations: { \"agent-native/producesOpenLink\": true } }\n            : {}),\n        };\n      });\n\n      if (config.askAgent) {\n        tools.push({\n          name: \"ask-agent\",\n          description:\n            \"Send a natural-language message to the app's AI agent and get a response. \" +\n            \"Use this for complex, multi-step tasks that require the agent's reasoning \" +\n            \"and full context about the app.\",\n          inputSchema: {\n            type: \"object\" as const,\n            properties: {\n              message: {\n                type: \"string\",\n                description: \"The message to send to the agent\",\n              },\n            },\n            required: [\"message\"],\n          },\n        });\n      }\n\n      return { tools };\n    });\n  });\n\n  // tools/call — dispatch to action registry or ask-agent. Wrapped in the\n  // request context so the action's `run(args)` and `askAgent()` execute\n  // with the verified caller's identity, not the platform default.\n  server.setRequestHandler(CallToolRequestSchema, async (request: any) => {\n    return withCallerContext(async () => {\n      const { name, arguments: args } = request.params;\n\n      if (name === \"ask-agent\" && config.askAgent) {\n        const message = args?.message ?? \"\";\n        try {\n          const result = await config.askAgent(message);\n          return { content: [{ type: \"text\", text: result }] };\n        } catch (err: any) {\n          return {\n            content: [{ type: \"text\", text: `Error: ${err.message}` }],\n            isError: true,\n          };\n        }\n      }\n\n      const entry = actions[name];\n      if (!entry) {\n        return {\n          content: [{ type: \"text\", text: `Unknown tool: ${name}` }],\n          isError: true,\n        };\n      }\n\n      try {\n        const result = await entry.run((args as Record<string, string>) ?? {});\n        const resultForClient = isMcpActionResult(result)\n          ? result.text\n          : result;\n        const text =\n          typeof resultForClient === \"string\"\n            ? resultForClient\n            : JSON.stringify(resultForClient);\n        const content: any[] = [{ type: \"text\", text }];\n        const { block, _meta } = buildLinkArtifacts(\n          entry,\n          (args as Record<string, any>) ?? {},\n          isMcpActionResult(result) ? result.raw : result,\n          requestMeta,\n        );\n        if (block) content.push(block);\n        return { content, ...(_meta ? { _meta } : {}) };\n      } catch (err: any) {\n        return {\n          content: [{ type: \"text\", text: `Error: ${err.message}` }],\n          isError: true,\n        };\n      }\n    });\n  });\n\n  if (supportsMcpApps) {\n    server.setRequestHandler(ListResourcesRequestSchema, async () => {\n      return withCallerContext(async () => ({\n        resources: mcpAppResources.map((resource) => ({\n          uri: resource.uri,\n          name: resource.name,\n          ...(resource.title ? { title: resource.title } : {}),\n          ...(resource.description\n            ? { description: resource.description }\n            : {}),\n          mimeType: resource.mimeType,\n          ...(resource._meta ? { _meta: resource._meta } : {}),\n        })),\n      }));\n    });\n\n    server.setRequestHandler(ListResourceTemplatesRequestSchema, async () => {\n      return { resourceTemplates: [] };\n    });\n\n    server.setRequestHandler(\n      ReadResourceRequestSchema,\n      async (request: any) => {\n        return withCallerContext(async () => {\n          const uri = request.params?.uri;\n          const found = Object.entries(actions)\n            .map(([name, entry]) => ({\n              actionName: name,\n              resource: resolveMcpAppResource(config, name, entry),\n            }))\n            .find((candidate) => candidate.resource?.uri === uri);\n          if (!found?.resource) {\n            throw new Error(`MCP App resource not found: ${uri}`);\n          }\n          return {\n            contents: [\n              {\n                uri: found.resource.uri,\n                mimeType: found.resource.mimeType,\n                text: renderMcpAppHtml(\n                  found.resource,\n                  found.actionName,\n                  config,\n                  requestMeta,\n                ),\n                ...(found.resource._meta\n                  ? { _meta: found.resource._meta }\n                  : {}),\n              },\n            ],\n          };\n        });\n      },\n    );\n  }\n\n  return server;\n}\n\n// ---------------------------------------------------------------------------\n// Auth — reuses the same pattern as A2A (Bearer token or JWT). Shared so the\n// HTTP mount and any stdio-side auth-aware helper resolve identity identically.\n// ---------------------------------------------------------------------------\n\nexport function getAccessTokens(): string[] {\n  const single = process.env.ACCESS_TOKEN;\n  const multi = process.env.ACCESS_TOKENS;\n  const tokens: string[] = [];\n  if (single) tokens.push(single);\n  if (multi) {\n    tokens.push(\n      ...multi\n        .split(\",\")\n        .map((t) => t.trim())\n        .filter(Boolean),\n    );\n  }\n  return tokens;\n}\n\n/**\n * Resolve the caller identity for a static-token (or dev-open) auth path.\n *\n * Static `ACCESS_TOKEN` / `ACCESS_TOKENS` auth carries no per-caller claims,\n * so without this the MCP endpoint would run every tool with\n * `userEmail === undefined` and per-user / per-org scoped actions\n * (`accessFilter`, `resolveAccess`, `resolveCredential`) would return\n * empty / wrong data. The `agent-native mcp install` flow writes\n * `AGENT_NATIVE_OWNER_EMAIL` into the client config env and the stdio proxy\n * forwards it as the `X-Agent-Native-Owner-Email` request header (see\n * `mcp/stdio.ts#authHeaders`). We trust that owner hint *only* on the\n * static-token path — JWT auth already carries a cryptographically verified\n * `sub`, so the header is ignored there and never widens JWT scope.\n *\n * Precedence is server-trusted-first: the server process's\n * `AGENT_NATIVE_OWNER_EMAIL` env (set out-of-band by the operator / deploy)\n * ALWAYS wins, and a client-supplied `X-Agent-Native-Owner-Email` header is\n * honored *only as a fallback when that env is unset*. A static `ACCESS_TOKEN`\n * is a shared bearer secret; letting a request header override a\n * server-configured owner would let anyone holding a leaked token act as any\n * user. The header path remains for the single-tenant local-dev install flow\n * where the app server process has no owner env and the token *is* the\n * workspace secret; multi-tenant deployments must use A2A JWT (verified `sub`),\n * not a static token, for per-user scope.\n *\n * Returns `undefined` when no owner email is available (true dev-open: no\n * token, no secret, no owner) so behavior there stays unchanged.\n */\nfunction deriveStaticTokenIdentity(\n  ownerEmailHeader: string | undefined,\n): MCPCallerIdentity | undefined {\n  const owner =\n    process.env.AGENT_NATIVE_OWNER_EMAIL?.trim() ||\n    (typeof ownerEmailHeader === \"string\" && ownerEmailHeader.trim()) ||\n    \"\";\n  if (!owner) return undefined;\n  return { userEmail: owner, orgDomain: undefined };\n}\n\n/**\n * Verify the inbound auth header. Returns:\n *   - { authed: true, identity } when verified — `identity` is derived from\n *     the JWT (`sub` / `org_domain`) for JWT auth, or from the\n *     `AGENT_NATIVE_OWNER_EMAIL` env / `X-Agent-Native-Owner-Email` header\n *     for static-token auth (the `agent-native mcp install` flow). `identity`\n *     is undefined only for true dev-open with no owner hint.\n *   - { authed: false } on rejection.\n *\n * When A2A_SECRET is set we extract the JWT's `sub` (caller email) and\n * `org_domain` claims so the MCP endpoint can wrap tool runs in\n * `runWithRequestContext({ userEmail, orgId })`. Without that wrap, the\n * MCP endpoint loses tenant identity and downstream `accessFilter` /\n * `resolveCredential` calls fall back to platform-wide defaults.\n *\n * `ownerEmailHeader` is the forwarded `X-Agent-Native-Owner-Email` value; it\n * is consulted ONLY on the static-token / dev-open path (never to influence\n * verified JWT identity), so the install flow runs tools as the configured\n * owner instead of an unscoped anonymous caller.\n */\nexport async function verifyAuth(\n  authHeader: string | undefined,\n  ownerEmailHeader?: string | undefined,\n  options: { allowDevOpen?: boolean } = {},\n): Promise<{\n  authed: boolean;\n  identity?: MCPCallerIdentity;\n  /**\n   * The caller presented a real credential — a verified A2A/connect JWT, a\n   * matching ACCESS_TOKEN, or (on the no-auth-configured path) a forwarded\n   * owner-email header from `agent-native mcp install`. Drives the full vs\n   * sparse MCP tool surface in local dev. The pure unauthenticated dev-open\n   * path (no secret, no token, no owner header) is `false`.\n   */\n  fullSurface?: boolean;\n}> {\n  // No auth configured → allow only when the route caller has already\n  // established that this is a loopback/local dev request. Still honour an\n  // owner hint there so the local install/connect flow stays tenant-scoped.\n  const accessTokens = getAccessTokens();\n  const hasA2ASecret = !!process.env.A2A_SECRET;\n  if (accessTokens.length === 0 && !hasA2ASecret) {\n    if (options.allowDevOpen === false) {\n      return { authed: false };\n    }\n    return {\n      authed: true,\n      identity: deriveStaticTokenIdentity(ownerEmailHeader),\n      // `mcp install`'s stdio proxy forwards an owner-email header even when\n      // the local app has no secret configured — that is a real, identified\n      // caller and gets the full surface. A bare browser/curl dev probe with\n      // no owner hint stays on the sparse dev surface.\n      fullSurface: !!(ownerEmailHeader && ownerEmailHeader.trim()),\n    };\n  }\n\n  if (!authHeader?.startsWith(\"Bearer \")) return { authed: false };\n  const token = authHeader.slice(7);\n\n  // Try JWT via A2A_SECRET\n  if (hasA2ASecret) {\n    try {\n      const jose = await import(\"jose\");\n      const { payload } = await jose.jwtVerify(\n        token,\n        new TextEncoder().encode(process.env.A2A_SECRET!),\n      );\n\n      const tokenScope =\n        typeof payload.scope === \"string\" ? payload.scope : undefined;\n      if (tokenScope && tokenScope !== MCP_CONNECT_SCOPE) {\n        return { authed: false };\n      }\n\n      // Connect-minted tokens (scope === \"mcp-connect\") carry a random `jti`\n      // and are individually revocable. Only these tokens hit the revoke\n      // store — ordinary A2A delegation JWTs skip the DB lookup entirely so\n      // the hot path is unchanged. The revoke check FAILS OPEN on any\n      // store/DB error: a transient Neon WS drop must never lock every\n      // connected agent out. The signature was already cryptographically\n      // verified above, so failing open here only widens the explicit-revoke\n      // gate, never the trust boundary.\n      if (tokenScope === MCP_CONNECT_SCOPE) {\n        if (typeof payload.jti !== \"string\" || !payload.jti) {\n          return { authed: false };\n        }\n        const jti = payload.jti;\n        try {\n          const { isJtiRevoked, touchTokenUsed } =\n            await import(\"./connect-store.js\");\n          if (await isJtiRevoked(jti)) {\n            return { authed: false };\n          }\n          // Best-effort usage telemetry — never blocks / throws.\n          void touchTokenUsed(jti);\n        } catch {\n          // Store import / lookup failed — fail open (see comment above).\n        }\n      }\n\n      return {\n        authed: true,\n        identity: {\n          userEmail: typeof payload.sub === \"string\" ? payload.sub : undefined,\n          orgDomain:\n            typeof payload.org_domain === \"string\"\n              ? (payload.org_domain as string)\n              : undefined,\n        },\n        // Verified JWT (connect-minted or A2A delegation) — a real caller.\n        fullSurface: true,\n      };\n    } catch {\n      // Not a valid JWT — fall through to token check\n    }\n  }\n\n  // Try ACCESS_TOKEN / ACCESS_TOKENS exact match. Static tokens carry no\n  // per-caller claims, so derive identity from the forwarded owner-email\n  // hint (install flow) — otherwise tools would run unscoped.\n  if (accessTokens.length > 0 && accessTokens.includes(token)) {\n    return {\n      authed: true,\n      identity: deriveStaticTokenIdentity(ownerEmailHeader),\n      // Matched a configured ACCESS_TOKEN — a real caller.\n      fullSurface: true,\n    };\n  }\n\n  return { authed: false };\n}\n\nexport async function resolveOrgIdFromDomain(\n  orgDomain: string | undefined,\n): Promise<string | undefined> {\n  if (!orgDomain) return undefined;\n  try {\n    const { resolveOrgByDomain } = await import(\"../org/context.js\");\n    const org = await resolveOrgByDomain(orgDomain);\n    return org?.orgId ?? undefined;\n  } catch {\n    return undefined;\n  }\n}\n"]}
+{"version":3,"file":"build-server.js","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EACL,oBAAoB,EACpB,iBAAiB,EACjB,6BAA6B,GAE9B,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC7E,OAAO,EACL,yBAAyB,EACzB,8BAA8B,GAC/B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAEL,gBAAgB,EAChB,yBAAyB,GAC1B,MAAM,kBAAkB,CAAC;AAkF1B,SAAS,4BAA4B,CACnC,KAAkB,EAClB,MAA4B;IAE5B,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,QAAQ,GACZ,KAAK,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC;IACrD,OAAO,gBAAgB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAC5C,CAAC;AAYD;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAkB,EAClB,IAAyB,EACzB,MAAW,EACX,IAAgC;IAKhC,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU;QAAE,OAAO,EAAE,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,EAAE,EAAE,GAAG;YAAE,OAAO,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,yBAAyB,CAAC,EAAE,CAAC,GAAG,CAAC;YAC/C,CAAC,CAAC,8BAA8B,CAAC,EAAE,CAAC,GAAG,CAAC;YACxC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC;QACX,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,IAAI,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;QACrE,OAAO;YACL,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,KAAK,OAAO,WAAW,GAAG,EAAE;YACpE,KAAK,EAAE;gBACL,uBAAuB,EAAE;oBACvB,KAAK,EAAE,EAAE,CAAC,KAAK;oBACf,IAAI,EAAE,EAAE,CAAC,IAAI;oBACb,MAAM;oBACN,UAAU;iBACX;aACF;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,iBAAiB,CACxB,MAAiB,EACjB,WAAwC,EACxC,WAA4B;IAE5B,IAAI,MAAM,CAAC,oBAAoB,KAAK,KAAK;QAAE,OAAO,WAAW,CAAC;IAC9D,MAAM,QAAQ,GAAG,uBAAuB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAgC,EAAE,GAAG,QAAQ,EAAE,CAAC;IAC5D,wDAAwD;IACxD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;IACvB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,KAAyB,EAAE,QAAgB;IAChE,MAAM,UAAU,GAAG,CAAC,KAAK,IAAI,QAAQ,CAAC;SACnC,IAAI,EAAE;SACN,WAAW,EAAE;SACb,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC;SAC9B,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAC3B,OAAO,UAAU,IAAI,QAAQ,CAAC;AAChC,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAiB,EAAE,UAAkB;IAC7D,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACjD,OAAO,QAAQ,GAAG,IAAI,MAAM,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,YAAY,CACnB,QAAoC;IAEpC,MAAM,IAAI,GACR,QAAQ,CAAC,KAAK,IAAI,OAAO,QAAQ,CAAC,KAAK,KAAK,QAAQ;QAClD,CAAC,CAAC,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE;QACvB,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,UAAU,GACd,IAAI,CAAC,EAAE,IAAI,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/D,CAAC,CAAE,IAAI,CAAC,EAA8B;QACtC,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,EAAE,GAA4B,EAAE,GAAG,UAAU,EAAE,CAAC;IACtD,IAAI,QAAQ,CAAC,GAAG;QAAE,EAAE,CAAC,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC;IACxC,IAAI,QAAQ,CAAC,WAAW;QAAE,EAAE,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;IAChE,IAAI,QAAQ,CAAC,MAAM;QAAE,EAAE,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;IACjD,IAAI,OAAO,QAAQ,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QAChD,EAAE,CAAC,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC;IAC5C,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IAC7C,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AACzD,CAAC;AAED,SAAS,qBAAqB,CAC5B,MAAiB,EACjB,UAAkB,EAClB,KAAkB;IAElB,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC;IACxC,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,gBAAgB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACzE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1C,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC5C,OAAO;QACL,GAAG;QACH,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,UAAU;QACzC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpD,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,IAAI,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;YAClD,CAAC,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE;YACjE,CAAC,CAAC,EAAE,CAAC;QACP,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,iBAAiB;QAChD,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,MAAiB,EACjB,OAAoC;IAEpC,OAAO,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE;QACvD,MAAM,QAAQ,GAAG,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAC5D,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CACvB,QAAgC,EAChC,UAAkB,EAClB,MAAiB,EACjB,WAA4B;IAE5B,IAAI,OAAO,QAAQ,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACxC,OAAO,QAAQ,CAAC,IAAI,CAAC;YACnB,UAAU;YACV,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,aAAa,EAAE,WAAW,EAAE,MAAM;SACnC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC,IAAI,CAAC;AACvB,CAAC;AAED,8EAA8E;AAC9E,mEAAmE;AACnE,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiB,EACjB,QAAuC,EACvC,WAA4B;IAE5B,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;IAC7E,MAAM,EACJ,sBAAsB,EACtB,qBAAqB,EACrB,0BAA0B,EAC1B,yBAAyB,EACzB,kCAAkC,GACnC,GAAG,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;IAEvD,uEAAuE;IACvE,0EAA0E;IAC1E,8DAA8D;IAC9D,4EAA4E;IAC5E,6EAA6E;IAC7E,2EAA2E;IAC3E,yEAAyE;IACzE,sBAAsB;IACtB,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IAClE,MAAM,iBAAiB,GACrB,QAAQ;QACR,CAAC,YAAY;YACX,CAAC,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE;YACnD,CAAC,CAAC,SAAS,CAAC,CAAC;IAEjB,0EAA0E;IAC1E,yEAAyE;IACzE,yEAAyE;IACzE,wEAAwE;IACxE,wEAAwE;IACxE,wEAAwE;IACxE,yEAAyE;IACzE,YAAY;IACZ,MAAM,cAAc,GAAG,WAAW,EAAE,WAAW,KAAK,IAAI,IAAI,CAAC,CAAC,YAAY,CAAC;IAC3E,MAAM,WAAW,GACf,cAAc,IAAI,MAAM,CAAC,iBAAiB;QACxC,CAAC,CAAC,MAAM,CAAC,iBAAiB;QAC1B,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;IACrB,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;IACpE,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CACvC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAC3C,4BAA4B,CAAC,KAAK,EAAE,iBAAiB,EAAE,WAAW,CAAC,CACpE,CACF,CAAC;IACF,MAAM,eAAe,GAAG,gBAAgB,CACtC,iBAAiB,EAAE,WAAW,EAC9B,UAAU,CACX;QACC,CAAC,CAAC,kBAAkB,CAAC,MAAM,EAAE,cAAc,CAAC;QAC5C,CAAC,CAAC,EAAE,CAAC;IACP,MAAM,eAAe,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,OAAO,EAAE,EACzD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;YACT,GAAG,CAAC,eAAe;gBACjB,CAAC,CAAC;oBACE,SAAS,EAAE,EAAE;oBACb,UAAU,EAAE;wBACV,CAAC,oBAAoB,CAAC,EAAE;4BACtB,SAAS,EAAE,CAAC,iBAAiB,CAAC;yBAC/B;qBACF;iBACF;gBACH,CAAC,CAAC,EAAE,CAAC;SACR;KACF,CACF,CAAC;IAEF,qEAAqE;IACrE,wEAAwE;IACxE,sEAAsE;IACtE,qEAAqE;IACrE,wCAAwC;IACxC,MAAM,YAAY,GAAG,sBAAsB,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAE1E;;;;;;;;;;OAUG;IACH,KAAK,UAAU,iBAAiB,CAAI,EAAoB;QACtD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC;QACjC,OAAO,qBAAqB,CAC1B;YACE,SAAS,EAAE,iBAAiB,EAAE,SAAS;YACvC,KAAK;YACL,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtE,EACD,EAAE,CACW,CAAC;IAClB,CAAC;IAED,wEAAwE;IACxE,wEAAwE;IACxE,8BAA8B;IAC9B,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;YAClC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE;gBACjE,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,IAAI,KAAK,UAAU,CAAC;gBACjD,MAAM,cAAc,GAAG,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;gBAClE,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;gBACvD,OAAO;oBACL,IAAI;oBACJ,WAAW,EAAE,OAAO;wBAClB,CAAC,CAAC,GAAG,eAAe,sEAAsE;wBAC1F,CAAC,CAAC,eAAe;oBACnB,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI;wBACpC,IAAI,EAAE,QAAiB;wBACvB,UAAU,EAAE,EAAE;qBACf;oBACD,GAAG,CAAC,cAAc;wBAChB,CAAC,CAAC;4BACE,KAAK,EAAE;gCACL,CAAC,6BAA6B,CAAC,EAAE,cAAc,CAAC,GAAG;gCACnD,EAAE,EAAE;oCACF,WAAW,EAAE,cAAc,CAAC,GAAG;oCAC/B,UAAU,EAAE,KAAK,CAAC,MAAM,EAAE,UAAU,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC;iCACzD;6BACF;yBACF;wBACH,CAAC,CAAC,EAAE,CAAC;oBACP,GAAG,CAAC,OAAO;wBACT,CAAC,CAAC,EAAE,WAAW,EAAE,EAAE,+BAA+B,EAAE,IAAI,EAAE,EAAE;wBAC5D,CAAC,CAAC,EAAE,CAAC;iBACR,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IACE,MAAM,CAAC,QAAQ;gBACf,gBAAgB,CAAC,iBAAiB,EAAE,WAAW,EAAE,WAAW,CAAC,EAC7D,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,WAAW;oBACjB,WAAW,EACT,4EAA4E;wBAC5E,4EAA4E;wBAC5E,iCAAiC;oBACnC,WAAW,EAAE;wBACX,IAAI,EAAE,QAAiB;wBACvB,UAAU,EAAE;4BACV,OAAO,EAAE;gCACP,IAAI,EAAE,QAAQ;gCACd,WAAW,EAAE,kCAAkC;6BAChD;yBACF;wBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;qBACtB;iBACF,CAAC,CAAC;YACL,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,CAAC;QACnB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,uEAAuE;IACvE,iEAAiE;IACjE,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAY,EAAE,EAAE;QACrE,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;YAClC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAEjD,IAAI,IAAI,KAAK,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC5C,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;oBACnE,OAAO;wBACL,OAAO,EAAE;4BACP;gCACE,IAAI,EAAE,MAAM;gCACZ,IAAI,EAAE,iDAAiD;6BACxD;yBACF;wBACD,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;gBACD,MAAM,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBAC9C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;gBACvD,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,OAAO;wBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;wBAC1D,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;YAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;oBAC1D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YACD,IACE,CAAC,4BAA4B,CAAC,KAAK,EAAE,iBAAiB,EAAE,WAAW,CAAC,EACpE,CAAC;gBACD,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE,8CAA8C,IAAI,EAAE;yBAC3D;qBACF;oBACD,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAE,IAA+B,IAAI,EAAE,CAAC,CAAC;gBACvE,MAAM,eAAe,GAAG,iBAAiB,CAAC,MAAM,CAAC;oBAC/C,CAAC,CAAC,MAAM,CAAC,IAAI;oBACb,CAAC,CAAC,MAAM,CAAC;gBACX,MAAM,IAAI,GACR,OAAO,eAAe,KAAK,QAAQ;oBACjC,CAAC,CAAC,eAAe;oBACjB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;gBACtC,MAAM,OAAO,GAAU,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChD,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,kBAAkB,CACzC,KAAK,EACJ,IAA4B,IAAI,EAAE,EACnC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAC/C,WAAW,CACZ,CAAC;gBACF,IAAI,KAAK;oBAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC/B,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;YAClD,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;oBAC1D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,CAAC,iBAAiB,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;YAC9D,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;gBACpC,SAAS,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;oBAC5C,GAAG,EAAE,QAAQ,CAAC,GAAG;oBACjB,IAAI,EAAE,QAAQ,CAAC,IAAI;oBACnB,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACpD,GAAG,CAAC,QAAQ,CAAC,WAAW;wBACtB,CAAC,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAC,WAAW,EAAE;wBACvC,CAAC,CAAC,EAAE,CAAC;oBACP,QAAQ,EAAE,QAAQ,CAAC,QAAQ;oBAC3B,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACrD,CAAC,CAAC;aACJ,CAAC,CAAC,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,iBAAiB,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YACtE,OAAO,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,iBAAiB,CACtB,yBAAyB,EACzB,KAAK,EAAE,OAAY,EAAE,EAAE;YACrB,OAAO,iBAAiB,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;gBAChC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC;qBACzC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;oBACvB,UAAU,EAAE,IAAI;oBAChB,QAAQ,EAAE,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC;iBACrD,CAAC,CAAC;qBACF,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,KAAK,GAAG,CAAC,CAAC;gBACxD,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC;oBACrB,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,EAAE,CAAC,CAAC;gBACxD,CAAC;gBACD,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,GAAG,EAAE,KAAK,CAAC,QAAQ,CAAC,GAAG;4BACvB,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ;4BACjC,IAAI,EAAE,gBAAgB,CACpB,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,UAAU,EAChB,MAAM,EACN,WAAW,CACZ;4BACD,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK;gCACtB,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE;gCACjC,CAAC,CAAC,EAAE,CAAC;yBACR;qBACF;iBACF,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,6EAA6E;AAC7E,gFAAgF;AAChF,8EAA8E;AAE9E,MAAM,UAAU,eAAe;IAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACxC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,MAAM;QAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,CAAC,IAAI,CACT,GAAG,KAAK;aACL,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,CACnB,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,SAAS,yBAAyB,CAChC,gBAAoC;IAEpC,MAAM,KAAK,GACT,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE;QAC5C,CAAC,OAAO,gBAAgB,KAAK,QAAQ,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;QACjE,EAAE,CAAC;IACL,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AACpD,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,gBAAqC,EACrC,UAA4D,EAAE;IAa9D,oEAAoE;IACpE,yEAAyE;IACzE,0EAA0E;IAC1E,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;IACvC,MAAM,YAAY,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAC9C,MAAM,KAAK,GAAG,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;QAC7C,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;QACrB,CAAC,CAAC,SAAS,CAAC;IACd,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,aAAa,GAAG,MAAM,yBAAyB,CACnD,KAAK,EACL,OAAO,CAAC,WAAW,CACpB,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO;gBACL,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE;oBACR,SAAS,EAAE,aAAa,CAAC,SAAS;oBAClC,SAAS,EAAE,aAAa,CAAC,SAAS;oBAClC,WAAW,EAAE,aAAa,CAAC,MAAM;iBAClC;gBACD,WAAW,EAAE,IAAI;aAClB,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;YACnC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;YACrD,uEAAuE;YACvE,sEAAsE;YACtE,uEAAuE;YACvE,iDAAiD;YACjD,WAAW,EAAE,CAAC,CAAC,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;SAC7D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAErC,yBAAyB;IACzB,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;YAClC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CACtC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAW,CAAC,CAClD,CAAC;YAEF,MAAM,UAAU,GACd,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,IAAI,UAAU,IAAI,UAAU,KAAK,iBAAiB,EAAE,CAAC;gBACnD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC3B,CAAC;YAED,uEAAuE;YACvE,mEAAmE;YACnE,sEAAsE;YACtE,gEAAgE;YAChE,iEAAiE;YACjE,mEAAmE;YACnE,uEAAuE;YACvE,kCAAkC;YAClC,IAAI,UAAU,KAAK,iBAAiB,EAAE,CAAC;gBACrC,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBACpD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;gBAC3B,CAAC;gBACD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;gBACxB,IAAI,CAAC;oBACH,MAAM,EAAE,YAAY,EAAE,cAAc,EAAE,GACpC,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;oBACrC,IAAI,MAAM,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC5B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;oBAC3B,CAAC;oBACD,uDAAuD;oBACvD,KAAK,cAAc,CAAC,GAAG,CAAC,CAAC;gBAC3B,CAAC;gBAAC,MAAM,CAAC;oBACP,gEAAgE;gBAClE,CAAC;YACH,CAAC;YAED,OAAO;gBACL,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE;oBACR,SAAS,EAAE,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;oBACpE,SAAS,EACP,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ;wBACpC,CAAC,CAAE,OAAO,CAAC,UAAqB;wBAChC,CAAC,CAAC,SAAS;iBAChB;gBACD,mEAAmE;gBACnE,WAAW,EAAE,IAAI;aAClB,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;QAClD,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,uEAAuE;IACvE,4DAA4D;IAC5D,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,yBAAyB,CAAC,gBAAgB,CAAC;YACrD,qDAAqD;YACrD,WAAW,EAAE,IAAI;SAClB,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,SAA6B;IAE7B,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAChD,OAAO,GAAG,EAAE,KAAK,IAAI,SAAS,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["/**\n * Shared MCP server builder.\n *\n * Extracted from `server.ts` so the stateless Streamable-HTTP mount\n * (`mountMCP`) and the stdio transport (`runMCPStdio --standalone`) build the\n * *same* MCP server from the *same* `ActionEntry` registry. Both surfaces:\n *\n *   - expose every action as an MCP tool (+ the `ask-agent` meta-tool),\n *   - append the framework deep-link block / `_meta` to every tool result,\n *   - wrap `run()` / `askAgent()` in `runWithRequestContext` so per-user /\n *     per-org scoping (accessFilter, resolveCredential, MCP visibility) is\n *     honoured.\n *\n * `server.ts` re-exports `createMCPServerForRequest` and the auth helpers so\n * any (future) external importer of `@agent-native/core/mcp` keeps resolving.\n *\n * Node-only at the SDK level, but this module itself has no Node-only imports\n * — it can be bundled into the serverless function alongside `mountMCP`.\n */\n\nimport type { ActionEntry } from \"../agent/production-agent.js\";\nimport { isMcpActionResult } from \"../mcp-client/app-result.js\";\nimport {\n  MCP_APP_EXTENSION_ID,\n  MCP_APP_MIME_TYPE,\n  MCP_APP_RESOURCE_URI_META_KEY,\n  type ActionMcpAppResourceConfig,\n} from \"../action.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport { toAbsoluteOpenUrl, toDesktopOpenUrl } from \"../server/deep-link.js\";\nimport {\n  isAgentNativeOpenDeepLink,\n  withCollapsedAgentSidebarParam,\n} from \"../shared/agent-sidebar-url.js\";\nimport { getBuiltinCrossAppTools } from \"./builtin-tools.js\";\nimport { MCP_CONNECT_SCOPE } from \"./connect-store.js\";\nimport {\n  MCP_OAUTH_SCOPES,\n  hasMcpOAuthScope,\n  verifyMcpOAuthAccessToken,\n} from \"./oauth-token.js\";\n\nexport interface MCPConfig {\n  /** App name shown in MCP server info */\n  name: string;\n  /**\n   * Canonical app id (directory under `apps/`, e.g. `mail`) this MCP server\n   * is mounted for. Optional & back-compat: when omitted the builtin\n   * cross-app tools fall back to lowercasing `name`. Used by `open_app` /\n   * `ask_app` / `create_workspace_app` to tell \"this app\" from a cross-app\n   * target so they resolve the *target* app's origin rather than echoing the\n   * current request origin.\n   */\n  appId?: string;\n  /** App description */\n  description: string;\n  /** Version string (default \"1.0.0\") */\n  version?: string;\n  /** Action registry — same as agent chat and A2A */\n  actions: Record<string, ActionEntry>;\n  /**\n   * Full (\"production\") action surface served to an **authenticated real\n   * caller** — a connect-minted token, an `agent-native mcp install` stdio\n   * proxy (owner-email header / `AGENT_NATIVE_OWNER_EMAIL`), or a deployed /\n   * `AGENT_MODE=production` app. In local dev `actions` is intentionally the\n   * sparse, dev-toggled surface (builtins + read-only public-agent actions)\n   * so the local agent chat and unauthenticated dev probes don't see every\n   * mutating tool; but per the external-agents contract a real caller that\n   * connected with a token MUST get the full surface even in dev. When unset\n   * (production, where `actions` already IS the full set) the swap is a\n   * no-op. See `external-agents` skill, \"Dev vs production tool surface\".\n   */\n  productionActions?: Record<string, ActionEntry>;\n  /** Handler for the ask-agent meta-tool — runs the full agent loop */\n  askAgent?: (message: string) => Promise<string>;\n  /**\n   * Disable the generic cross-app builtin tools (`list_apps`, `open_app`,\n   * `ask_app`, `create_workspace_app`, `list_templates`). They are merged in\n   * by default so external agents get a stable verb set; a template action of\n   * the same name always wins (template precedence). Set to `false` only for\n   * a constrained / locked-down mount.\n   */\n  builtinCrossAppTools?: boolean;\n}\n\n/**\n * Identity extracted from a verified MCP bearer token / JWT. Used to wrap\n * `entry.run()` and `config.askAgent()` calls in `runWithRequestContext`\n * so downstream tools (db-query, accessFilter, resolveCredential) honour\n * per-user / per-org scoping. Without this wrap the MCP endpoint would\n * silently bypass tenant isolation. See finding #6 in\n * /tmp/security-audit/12-mcp-a2a-agent.md.\n */\nexport interface MCPCallerIdentity {\n  userEmail: string | undefined;\n  orgDomain: string | undefined;\n  /** Present only for standard remote MCP OAuth access tokens. */\n  oauthScopes?: string[];\n}\n\n/** Per-request context used to turn an action's relative deep link into the\n *  absolute web URL (and desktop `agentnative://` URL) the external agent\n *  surfaces. Derived from the inbound request headers in `mountMCP`, or from\n *  the resolved local app origin in the stdio standalone path. */\nexport interface MCPRequestMeta {\n  /** Origin of the running app, e.g. `http://localhost:8100`. */\n  origin?: string;\n  /** Optional client preference for which URL the *markdown* link uses. */\n  target?: \"browser\" | \"desktop\" | \"terminal\";\n  /**\n   * The caller authenticated with a real credential (verified A2A/connect\n   * JWT, matching ACCESS_TOKEN, or a forwarded owner-email header from\n   * `agent-native mcp install`) — not the unauthenticated local dev-open\n   * path. When true, `createMCPServerForRequest` serves\n   * `config.productionActions` (the full surface) instead of the sparse dev\n   * `config.actions`. Set by `mountMCP` from `verifyAuth`.\n   */\n  fullSurface?: boolean;\n}\n\ntype McpOAuthScope = (typeof MCP_OAUTH_SCOPES)[number];\n\nfunction isActionVisibleForOAuthScope(\n  entry: ActionEntry,\n  scopes: string[] | undefined,\n): boolean {\n  if (!scopes) return true;\n  const required: McpOAuthScope =\n    entry.readOnly === true ? \"mcp:read\" : \"mcp:write\";\n  return hasMcpOAuthScope(scopes, required);\n}\n\ninterface ResolvedMcpAppResource {\n  uri: string;\n  name: string;\n  title?: string;\n  description?: string;\n  html: ActionMcpAppResourceConfig[\"html\"];\n  mimeType: typeof MCP_APP_MIME_TYPE;\n  _meta?: Record<string, unknown>;\n}\n\n/**\n * Build the deep-link content block + structured `_meta` for a tool result.\n * Best-effort: any throw / nullish link is swallowed so a bad `link` builder\n * never fails the tool call.\n */\nexport function buildLinkArtifacts(\n  entry: ActionEntry,\n  args: Record<string, any>,\n  result: any,\n  meta: MCPRequestMeta | undefined,\n): {\n  block?: { type: \"text\"; text: string };\n  _meta?: Record<string, unknown>;\n} {\n  if (typeof entry.link !== \"function\") return {};\n  try {\n    const lk = entry.link({ args: args ?? {}, result });\n    if (!lk?.url) return {};\n    const linkUrl = isAgentNativeOpenDeepLink(lk.url)\n      ? withCollapsedAgentSidebarParam(lk.url)\n      : lk.url;\n    const webUrl = toAbsoluteOpenUrl(linkUrl, meta?.origin);\n    const desktopUrl = toDesktopOpenUrl(linkUrl);\n    const markdownUrl = meta?.target === \"desktop\" ? desktopUrl : webUrl;\n    return {\n      block: { type: \"text\", text: `\\n\\n[${lk.label} →](${markdownUrl})` },\n      _meta: {\n        \"agent-native/openLink\": {\n          label: lk.label,\n          view: lk.view,\n          webUrl,\n          desktopUrl,\n        },\n      },\n    };\n  } catch {\n    return {};\n  }\n}\n\n/**\n * Merge the generic cross-app builtin tools into the config's action\n * registry. **Template actions take precedence**: if a template defines an\n * action with the same name as a builtin (e.g. its own `list_apps`), the\n * template entry wins and the builtin is dropped. This mirrors the\n * template-over-workspace-core precedence in `autoDiscoverActions`.\n *\n * The builtins are pure-ish navigators / scaffolders; they call back into the\n * same `config.actions` / `config.askAgent` so there is no second agent loop.\n */\nfunction mergeBuiltinTools(\n  config: MCPConfig,\n  baseActions: Record<string, ActionEntry>,\n  requestMeta?: MCPRequestMeta,\n): Record<string, ActionEntry> {\n  if (config.builtinCrossAppTools === false) return baseActions;\n  const builtins = getBuiltinCrossAppTools(config, requestMeta);\n  const merged: Record<string, ActionEntry> = { ...builtins };\n  // Template / app actions overwrite same-named builtins.\n  for (const [name, entry] of Object.entries(baseActions)) {\n    merged[name] = entry;\n  }\n  return merged;\n}\n\nfunction safeUiSegment(value: string | undefined, fallback: string): string {\n  const normalized = (value || fallback)\n    .trim()\n    .toLowerCase()\n    .replace(/[^a-z0-9._-]+/g, \"-\")\n    .replace(/^-+|-+$/g, \"\");\n  return normalized || fallback;\n}\n\nfunction defaultMcpAppUri(config: MCPConfig, actionName: string): string {\n  const app = safeUiSegment(config.appId ?? config.name, \"agent-native\");\n  const action = safeUiSegment(actionName, \"tool\");\n  return `ui://${app}/${action}`;\n}\n\nfunction mcpAppUiMeta(\n  resource: ActionMcpAppResourceConfig,\n): Record<string, unknown> | undefined {\n  const base =\n    resource._meta && typeof resource._meta === \"object\"\n      ? { ...resource._meta }\n      : {};\n  const existingUi =\n    base.ui && typeof base.ui === \"object\" && !Array.isArray(base.ui)\n      ? (base.ui as Record<string, unknown>)\n      : {};\n  const ui: Record<string, unknown> = { ...existingUi };\n  if (resource.csp) ui.csp = resource.csp;\n  if (resource.permissions) ui.permissions = resource.permissions;\n  if (resource.domain) ui.domain = resource.domain;\n  if (typeof resource.prefersBorder === \"boolean\") {\n    ui.prefersBorder = resource.prefersBorder;\n  }\n  if (Object.keys(ui).length > 0) base.ui = ui;\n  return Object.keys(base).length > 0 ? base : undefined;\n}\n\nfunction resolveMcpAppResource(\n  config: MCPConfig,\n  actionName: string,\n  entry: ActionEntry,\n): ResolvedMcpAppResource | null {\n  const resource = entry.mcpApp?.resource;\n  if (!resource) return null;\n  const uri = resource.uri?.trim() || defaultMcpAppUri(config, actionName);\n  if (!uri.startsWith(\"ui://\")) return null;\n  const resourceMeta = mcpAppUiMeta(resource);\n  return {\n    uri,\n    name: resource.name?.trim() || actionName,\n    ...(resource.title ? { title: resource.title } : {}),\n    ...((resource.description ?? entry.tool.description)\n      ? { description: resource.description ?? entry.tool.description }\n      : {}),\n    html: resource.html,\n    mimeType: resource.mimeType ?? MCP_APP_MIME_TYPE,\n    ...(resourceMeta ? { _meta: resourceMeta } : {}),\n  };\n}\n\nfunction getMcpAppResources(\n  config: MCPConfig,\n  actions: Record<string, ActionEntry>,\n): ResolvedMcpAppResource[] {\n  return Object.entries(actions).flatMap(([name, entry]) => {\n    const resource = resolveMcpAppResource(config, name, entry);\n    return resource ? [resource] : [];\n  });\n}\n\nfunction renderMcpAppHtml(\n  resource: ResolvedMcpAppResource,\n  actionName: string,\n  config: MCPConfig,\n  requestMeta?: MCPRequestMeta,\n): string {\n  if (typeof resource.html === \"function\") {\n    return resource.html({\n      actionName,\n      appId: config.appId,\n      requestOrigin: requestMeta?.origin,\n    });\n  }\n  return resource.html;\n}\n\n// ---------------------------------------------------------------------------\n// MCP Server creation — converts ActionEntry registry to MCP tools\n// ---------------------------------------------------------------------------\n\n/**\n * Build a fully-wired MCP `Server` for a single request / session.\n *\n * Shared by the stateless Streamable-HTTP mount (`mountMCP`) and the stdio\n * standalone transport. The HTTP mount passes the per-request origin via\n * `requestMeta`; the stdio standalone path passes the resolved local app\n * origin so deep links still become absolute URLs.\n */\nexport async function createMCPServerForRequest(\n  config: MCPConfig,\n  identity: MCPCallerIdentity | undefined,\n  requestMeta?: MCPRequestMeta,\n) {\n  const { Server } = await import(\"@modelcontextprotocol/sdk/server/index.js\");\n  const {\n    ListToolsRequestSchema,\n    CallToolRequestSchema,\n    ListResourcesRequestSchema,\n    ReadResourceRequestSchema,\n    ListResourceTemplatesRequestSchema,\n  } = await import(\"@modelcontextprotocol/sdk/types.js\");\n\n  // Resolve the effective caller identity. JWT / header-derived identity\n  // (passed by `mountMCP` via `verifyAuth`) wins. When the caller passed no\n  // identity — the stdio **standalone** path — fall back to the\n  // `AGENT_NATIVE_OWNER_EMAIL` env the `agent-native mcp install` flow writes\n  // into the `agent-native mcp serve` process env, so standalone tool runs are\n  // tenant-scoped to the configured owner instead of running unscoped. Stays\n  // undefined for true dev-open (no token, no secret, no owner) — behavior\n  // there is unchanged.\n  const ownerFromEnv = process.env.AGENT_NATIVE_OWNER_EMAIL?.trim();\n  const effectiveIdentity: MCPCallerIdentity | undefined =\n    identity ??\n    (ownerFromEnv\n      ? { userEmail: ownerFromEnv, orgDomain: undefined }\n      : undefined);\n\n  // The action set the request handlers operate on = base actions + generic\n  // cross-app builtins (template wins on name collision). An authenticated\n  // real caller (connect-minted token / `mcp install` owner / production —\n  // `requestMeta.fullSurface`, or the stdio standalone path identified by\n  // `AGENT_NATIVE_OWNER_EMAIL`) gets the full `productionActions` surface\n  // even in local dev; the unauthenticated dev-open path keeps the sparse\n  // `config.actions`. See `external-agents` skill, \"Dev vs production tool\n  // surface\".\n  const useFullSurface = requestMeta?.fullSurface === true || !!ownerFromEnv;\n  const baseActions =\n    useFullSurface && config.productionActions\n      ? config.productionActions\n      : config.actions;\n  const actions = mergeBuiltinTools(config, baseActions, requestMeta);\n  const visibleActions = Object.fromEntries(\n    Object.entries(actions).filter(([, entry]) =>\n      isActionVisibleForOAuthScope(entry, effectiveIdentity?.oauthScopes),\n    ),\n  );\n  const mcpAppResources = hasMcpOAuthScope(\n    effectiveIdentity?.oauthScopes,\n    \"mcp:apps\",\n  )\n    ? getMcpAppResources(config, visibleActions)\n    : [];\n  const supportsMcpApps = mcpAppResources.length > 0;\n  const server = new Server(\n    { name: config.name, version: config.version ?? \"1.0.0\" },\n    {\n      capabilities: {\n        tools: {},\n        ...(supportsMcpApps\n          ? {\n              resources: {},\n              extensions: {\n                [MCP_APP_EXTENSION_ID]: {\n                  mimeTypes: [MCP_APP_MIME_TYPE],\n                },\n              },\n            }\n          : {}),\n      },\n    },\n  );\n\n  // Resolve orgId once per request (DB lookup) so subsequent wraps are\n  // synchronous. The caller identity may be undefined for true dev-open —\n  // in that case we run with no userEmail/orgId, which makes downstream\n  // tools that require per-user scope return empty results rather than\n  // cross-tenant data (the safe default).\n  const orgIdPromise = resolveOrgIdFromDomain(effectiveIdentity?.orgDomain);\n\n  /**\n   * Wrap a callback in\n   * `runWithRequestContext({ userEmail, orgId, requestOrigin }, fn)`.\n   * Both the tools/list and tools/call handlers go through this so\n   * downstream `accessFilter`, `resolveCredential`, and per-user MCP\n   * visibility checks see the verified caller's identity. `requestOrigin`\n   * is the live server origin derived from the inbound request (same value\n   * used to absolutize deep links) so actions that build fetchable URLs\n   * (e.g. design `export-coding-handoff`'s signed raw-code URL) resolve the\n   * correct local-workspace origin instead of a prod/localhost fallback.\n   */\n  async function withCallerContext<T>(fn: () => Promise<T>): Promise<T> {\n    const orgId = await orgIdPromise;\n    return runWithRequestContext(\n      {\n        userEmail: effectiveIdentity?.userEmail,\n        orgId,\n        ...(requestMeta?.origin ? { requestOrigin: requestMeta.origin } : {}),\n      },\n      fn,\n    ) as Promise<T>;\n  }\n\n  // tools/list — return all actions + ask-agent meta-tool. Wrapped in the\n  // request context so per-user MCP visibility (mcp-client/visibility.ts)\n  // applies to the listing too.\n  server.setRequestHandler(ListToolsRequestSchema, async () => {\n    return withCallerContext(async () => {\n      const tools = Object.entries(visibleActions).map(([name, entry]) => {\n        const hasLink = typeof entry.link === \"function\";\n        const mcpAppResource = resolveMcpAppResource(config, name, entry);\n        const baseDescription = entry.tool.description ?? name;\n        return {\n          name,\n          description: hasLink\n            ? `${baseDescription} After calling, surface the returned \"Open in … →\" link to the user.`\n            : baseDescription,\n          inputSchema: entry.tool.parameters ?? {\n            type: \"object\" as const,\n            properties: {},\n          },\n          ...(mcpAppResource\n            ? {\n                _meta: {\n                  [MCP_APP_RESOURCE_URI_META_KEY]: mcpAppResource.uri,\n                  ui: {\n                    resourceUri: mcpAppResource.uri,\n                    visibility: entry.mcpApp?.visibility ?? [\"model\", \"app\"],\n                  },\n                },\n              }\n            : {}),\n          ...(hasLink\n            ? { annotations: { \"agent-native/producesOpenLink\": true } }\n            : {}),\n        };\n      });\n\n      if (\n        config.askAgent &&\n        hasMcpOAuthScope(effectiveIdentity?.oauthScopes, \"mcp:write\")\n      ) {\n        tools.push({\n          name: \"ask-agent\",\n          description:\n            \"Send a natural-language message to the app's AI agent and get a response. \" +\n            \"Use this for complex, multi-step tasks that require the agent's reasoning \" +\n            \"and full context about the app.\",\n          inputSchema: {\n            type: \"object\" as const,\n            properties: {\n              message: {\n                type: \"string\",\n                description: \"The message to send to the agent\",\n              },\n            },\n            required: [\"message\"],\n          },\n        });\n      }\n\n      return { tools };\n    });\n  });\n\n  // tools/call — dispatch to action registry or ask-agent. Wrapped in the\n  // request context so the action's `run(args)` and `askAgent()` execute\n  // with the verified caller's identity, not the platform default.\n  server.setRequestHandler(CallToolRequestSchema, async (request: any) => {\n    return withCallerContext(async () => {\n      const { name, arguments: args } = request.params;\n\n      if (name === \"ask-agent\" && config.askAgent) {\n        if (!hasMcpOAuthScope(effectiveIdentity?.oauthScopes, \"mcp:write\")) {\n          return {\n            content: [\n              {\n                type: \"text\",\n                text: \"Forbidden: OAuth scope does not allow ask-agent\",\n              },\n            ],\n            isError: true,\n          };\n        }\n        const message = args?.message ?? \"\";\n        try {\n          const result = await config.askAgent(message);\n          return { content: [{ type: \"text\", text: result }] };\n        } catch (err: any) {\n          return {\n            content: [{ type: \"text\", text: `Error: ${err.message}` }],\n            isError: true,\n          };\n        }\n      }\n\n      const entry = actions[name];\n      if (!entry) {\n        return {\n          content: [{ type: \"text\", text: `Unknown tool: ${name}` }],\n          isError: true,\n        };\n      }\n      if (\n        !isActionVisibleForOAuthScope(entry, effectiveIdentity?.oauthScopes)\n      ) {\n        return {\n          content: [\n            {\n              type: \"text\",\n              text: `Forbidden: OAuth scope does not allow tool ${name}`,\n            },\n          ],\n          isError: true,\n        };\n      }\n\n      try {\n        const result = await entry.run((args as Record<string, string>) ?? {});\n        const resultForClient = isMcpActionResult(result)\n          ? result.text\n          : result;\n        const text =\n          typeof resultForClient === \"string\"\n            ? resultForClient\n            : JSON.stringify(resultForClient);\n        const content: any[] = [{ type: \"text\", text }];\n        const { block, _meta } = buildLinkArtifacts(\n          entry,\n          (args as Record<string, any>) ?? {},\n          isMcpActionResult(result) ? result.raw : result,\n          requestMeta,\n        );\n        if (block) content.push(block);\n        return { content, ...(_meta ? { _meta } : {}) };\n      } catch (err: any) {\n        return {\n          content: [{ type: \"text\", text: `Error: ${err.message}` }],\n          isError: true,\n        };\n      }\n    });\n  });\n\n  if (supportsMcpApps) {\n    server.setRequestHandler(ListResourcesRequestSchema, async () => {\n      return withCallerContext(async () => ({\n        resources: mcpAppResources.map((resource) => ({\n          uri: resource.uri,\n          name: resource.name,\n          ...(resource.title ? { title: resource.title } : {}),\n          ...(resource.description\n            ? { description: resource.description }\n            : {}),\n          mimeType: resource.mimeType,\n          ...(resource._meta ? { _meta: resource._meta } : {}),\n        })),\n      }));\n    });\n\n    server.setRequestHandler(ListResourceTemplatesRequestSchema, async () => {\n      return { resourceTemplates: [] };\n    });\n\n    server.setRequestHandler(\n      ReadResourceRequestSchema,\n      async (request: any) => {\n        return withCallerContext(async () => {\n          const uri = request.params?.uri;\n          const found = Object.entries(visibleActions)\n            .map(([name, entry]) => ({\n              actionName: name,\n              resource: resolveMcpAppResource(config, name, entry),\n            }))\n            .find((candidate) => candidate.resource?.uri === uri);\n          if (!found?.resource) {\n            throw new Error(`MCP App resource not found: ${uri}`);\n          }\n          return {\n            contents: [\n              {\n                uri: found.resource.uri,\n                mimeType: found.resource.mimeType,\n                text: renderMcpAppHtml(\n                  found.resource,\n                  found.actionName,\n                  config,\n                  requestMeta,\n                ),\n                ...(found.resource._meta\n                  ? { _meta: found.resource._meta }\n                  : {}),\n              },\n            ],\n          };\n        });\n      },\n    );\n  }\n\n  return server;\n}\n\n// ---------------------------------------------------------------------------\n// Auth — reuses the same pattern as A2A (Bearer token or JWT). Shared so the\n// HTTP mount and any stdio-side auth-aware helper resolve identity identically.\n// ---------------------------------------------------------------------------\n\nexport function getAccessTokens(): string[] {\n  const single = process.env.ACCESS_TOKEN;\n  const multi = process.env.ACCESS_TOKENS;\n  const tokens: string[] = [];\n  if (single) tokens.push(single);\n  if (multi) {\n    tokens.push(\n      ...multi\n        .split(\",\")\n        .map((t) => t.trim())\n        .filter(Boolean),\n    );\n  }\n  return tokens;\n}\n\n/**\n * Resolve the caller identity for a static-token (or dev-open) auth path.\n *\n * Static `ACCESS_TOKEN` / `ACCESS_TOKENS` auth carries no per-caller claims,\n * so without this the MCP endpoint would run every tool with\n * `userEmail === undefined` and per-user / per-org scoped actions\n * (`accessFilter`, `resolveAccess`, `resolveCredential`) would return\n * empty / wrong data. The `agent-native mcp install` flow writes\n * `AGENT_NATIVE_OWNER_EMAIL` into the client config env and the stdio proxy\n * forwards it as the `X-Agent-Native-Owner-Email` request header (see\n * `mcp/stdio.ts#authHeaders`). We trust that owner hint *only* on the\n * static-token path — JWT auth already carries a cryptographically verified\n * `sub`, so the header is ignored there and never widens JWT scope.\n *\n * Precedence is server-trusted-first: the server process's\n * `AGENT_NATIVE_OWNER_EMAIL` env (set out-of-band by the operator / deploy)\n * ALWAYS wins, and a client-supplied `X-Agent-Native-Owner-Email` header is\n * honored *only as a fallback when that env is unset*. A static `ACCESS_TOKEN`\n * is a shared bearer secret; letting a request header override a\n * server-configured owner would let anyone holding a leaked token act as any\n * user. The header path remains for the single-tenant local-dev install flow\n * where the app server process has no owner env and the token *is* the\n * workspace secret; multi-tenant deployments must use A2A JWT (verified `sub`),\n * not a static token, for per-user scope.\n *\n * Returns `undefined` when no owner email is available (true dev-open: no\n * token, no secret, no owner) so behavior there stays unchanged.\n */\nfunction deriveStaticTokenIdentity(\n  ownerEmailHeader: string | undefined,\n): MCPCallerIdentity | undefined {\n  const owner =\n    process.env.AGENT_NATIVE_OWNER_EMAIL?.trim() ||\n    (typeof ownerEmailHeader === \"string\" && ownerEmailHeader.trim()) ||\n    \"\";\n  if (!owner) return undefined;\n  return { userEmail: owner, orgDomain: undefined };\n}\n\n/**\n * Verify the inbound auth header. Returns:\n *   - { authed: true, identity } when verified — `identity` is derived from\n *     the JWT (`sub` / `org_domain`) for JWT auth, or from the\n *     `AGENT_NATIVE_OWNER_EMAIL` env / `X-Agent-Native-Owner-Email` header\n *     for static-token auth (the `agent-native mcp install` flow). `identity`\n *     is undefined only for true dev-open with no owner hint.\n *   - { authed: false } on rejection.\n *\n * When A2A_SECRET is set we extract the JWT's `sub` (caller email) and\n * `org_domain` claims so the MCP endpoint can wrap tool runs in\n * `runWithRequestContext({ userEmail, orgId })`. Without that wrap, the\n * MCP endpoint loses tenant identity and downstream `accessFilter` /\n * `resolveCredential` calls fall back to platform-wide defaults.\n *\n * `ownerEmailHeader` is the forwarded `X-Agent-Native-Owner-Email` value; it\n * is consulted ONLY on the static-token / dev-open path (never to influence\n * verified JWT identity), so the install flow runs tools as the configured\n * owner instead of an unscoped anonymous caller.\n */\nexport async function verifyAuth(\n  authHeader: string | undefined,\n  ownerEmailHeader?: string | undefined,\n  options: { allowDevOpen?: boolean; resourceUrl?: string } = {},\n): Promise<{\n  authed: boolean;\n  identity?: MCPCallerIdentity;\n  /**\n   * The caller presented a real credential — a verified A2A/connect JWT, a\n   * matching ACCESS_TOKEN, or (on the no-auth-configured path) a forwarded\n   * owner-email header from `agent-native mcp install`. Drives the full vs\n   * sparse MCP tool surface in local dev. The pure unauthenticated dev-open\n   * path (no secret, no token, no owner header) is `false`.\n   */\n  fullSurface?: boolean;\n}> {\n  // No auth configured → allow only when the route caller has already\n  // established that this is a loopback/local dev request. Still honour an\n  // owner hint there so the local install/connect flow stays tenant-scoped.\n  const accessTokens = getAccessTokens();\n  const hasA2ASecret = !!process.env.A2A_SECRET;\n  const token = authHeader?.startsWith(\"Bearer \")\n    ? authHeader.slice(7)\n    : undefined;\n  if (token) {\n    const oauthIdentity = await verifyMcpOAuthAccessToken(\n      token,\n      options.resourceUrl,\n    );\n    if (oauthIdentity) {\n      return {\n        authed: true,\n        identity: {\n          userEmail: oauthIdentity.userEmail,\n          orgDomain: oauthIdentity.orgDomain,\n          oauthScopes: oauthIdentity.scopes,\n        },\n        fullSurface: true,\n      };\n    }\n  }\n  if (accessTokens.length === 0 && !hasA2ASecret) {\n    if (options.allowDevOpen === false) {\n      return { authed: false };\n    }\n    return {\n      authed: true,\n      identity: deriveStaticTokenIdentity(ownerEmailHeader),\n      // `mcp install`'s stdio proxy forwards an owner-email header even when\n      // the local app has no secret configured — that is a real, identified\n      // caller and gets the full surface. A bare browser/curl dev probe with\n      // no owner hint stays on the sparse dev surface.\n      fullSurface: !!(ownerEmailHeader && ownerEmailHeader.trim()),\n    };\n  }\n\n  if (!token) return { authed: false };\n\n  // Try JWT via A2A_SECRET\n  if (hasA2ASecret) {\n    try {\n      const jose = await import(\"jose\");\n      const { payload } = await jose.jwtVerify(\n        token,\n        new TextEncoder().encode(process.env.A2A_SECRET!),\n      );\n\n      const tokenScope =\n        typeof payload.scope === \"string\" ? payload.scope : undefined;\n      if (tokenScope && tokenScope !== MCP_CONNECT_SCOPE) {\n        return { authed: false };\n      }\n\n      // Connect-minted tokens (scope === \"mcp-connect\") carry a random `jti`\n      // and are individually revocable. Only these tokens hit the revoke\n      // store — ordinary A2A delegation JWTs skip the DB lookup entirely so\n      // the hot path is unchanged. The revoke check FAILS OPEN on any\n      // store/DB error: a transient Neon WS drop must never lock every\n      // connected agent out. The signature was already cryptographically\n      // verified above, so failing open here only widens the explicit-revoke\n      // gate, never the trust boundary.\n      if (tokenScope === MCP_CONNECT_SCOPE) {\n        if (typeof payload.jti !== \"string\" || !payload.jti) {\n          return { authed: false };\n        }\n        const jti = payload.jti;\n        try {\n          const { isJtiRevoked, touchTokenUsed } =\n            await import(\"./connect-store.js\");\n          if (await isJtiRevoked(jti)) {\n            return { authed: false };\n          }\n          // Best-effort usage telemetry — never blocks / throws.\n          void touchTokenUsed(jti);\n        } catch {\n          // Store import / lookup failed — fail open (see comment above).\n        }\n      }\n\n      return {\n        authed: true,\n        identity: {\n          userEmail: typeof payload.sub === \"string\" ? payload.sub : undefined,\n          orgDomain:\n            typeof payload.org_domain === \"string\"\n              ? (payload.org_domain as string)\n              : undefined,\n        },\n        // Verified JWT (connect-minted or A2A delegation) — a real caller.\n        fullSurface: true,\n      };\n    } catch {\n      // Not a valid JWT — fall through to token check\n    }\n  }\n\n  // Try ACCESS_TOKEN / ACCESS_TOKENS exact match. Static tokens carry no\n  // per-caller claims, so derive identity from the forwarded owner-email\n  // hint (install flow) — otherwise tools would run unscoped.\n  if (accessTokens.length > 0 && accessTokens.includes(token)) {\n    return {\n      authed: true,\n      identity: deriveStaticTokenIdentity(ownerEmailHeader),\n      // Matched a configured ACCESS_TOKEN — a real caller.\n      fullSurface: true,\n    };\n  }\n\n  return { authed: false };\n}\n\nexport async function resolveOrgIdFromDomain(\n  orgDomain: string | undefined,\n): Promise<string | undefined> {\n  if (!orgDomain) return undefined;\n  try {\n    const { resolveOrgByDomain } = await import(\"../org/context.js\");\n    const org = await resolveOrgByDomain(orgDomain);\n    return org?.orgId ?? undefined;\n  } catch {\n    return undefined;\n  }\n}\n"]}