@agent-native/core 0.22.12 → 0.22.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (98) hide show
  1. package/dist/agent/engine/builder-engine.d.ts +1 -1
  2. package/dist/agent/engine/registry.d.ts.map +1 -1
  3. package/dist/agent/engine/registry.js +13 -1
  4. package/dist/agent/engine/registry.js.map +1 -1
  5. package/dist/agent/model-config.d.ts +6 -6
  6. package/dist/agent/model-config.js +3 -3
  7. package/dist/agent/model-config.js.map +1 -1
  8. package/dist/chat-threads/store.d.ts.map +1 -1
  9. package/dist/chat-threads/store.js +6 -2
  10. package/dist/chat-threads/store.js.map +1 -1
  11. package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
  12. package/dist/client/MultiTabAssistantChat.js +5 -6
  13. package/dist/client/MultiTabAssistantChat.js.map +1 -1
  14. package/dist/client/agent-chat.d.ts.map +1 -1
  15. package/dist/client/agent-chat.js +13 -0
  16. package/dist/client/agent-chat.js.map +1 -1
  17. package/dist/client/index.d.ts +1 -0
  18. package/dist/client/index.d.ts.map +1 -1
  19. package/dist/client/index.js +1 -0
  20. package/dist/client/index.js.map +1 -1
  21. package/dist/client/mcp-app-host.d.ts +40 -0
  22. package/dist/client/mcp-app-host.d.ts.map +1 -0
  23. package/dist/client/mcp-app-host.js +165 -0
  24. package/dist/client/mcp-app-host.js.map +1 -0
  25. package/dist/client/sharing/ShareButton.d.ts +9 -0
  26. package/dist/client/sharing/ShareButton.d.ts.map +1 -1
  27. package/dist/client/sharing/ShareButton.js +19 -2
  28. package/dist/client/sharing/ShareButton.js.map +1 -1
  29. package/dist/client/use-chat-models.d.ts.map +1 -1
  30. package/dist/client/use-chat-models.js +4 -5
  31. package/dist/client/use-chat-models.js.map +1 -1
  32. package/dist/db/client.d.ts +1 -0
  33. package/dist/db/client.d.ts.map +1 -1
  34. package/dist/db/client.js +33 -17
  35. package/dist/db/client.js.map +1 -1
  36. package/dist/db/create-get-db.d.ts.map +1 -1
  37. package/dist/db/create-get-db.js +2 -8
  38. package/dist/db/create-get-db.js.map +1 -1
  39. package/dist/index.browser.d.ts +2 -1
  40. package/dist/index.browser.d.ts.map +1 -1
  41. package/dist/index.browser.js +2 -1
  42. package/dist/index.browser.js.map +1 -1
  43. package/dist/index.d.ts +2 -1
  44. package/dist/index.d.ts.map +1 -1
  45. package/dist/index.js +2 -1
  46. package/dist/index.js.map +1 -1
  47. package/dist/mcp/build-server.d.ts +2 -0
  48. package/dist/mcp/build-server.d.ts.map +1 -1
  49. package/dist/mcp/build-server.js +59 -3
  50. package/dist/mcp/build-server.js.map +1 -1
  51. package/dist/mcp/builtin-tools.d.ts.map +1 -1
  52. package/dist/mcp/builtin-tools.js +2 -4
  53. package/dist/mcp/builtin-tools.js.map +1 -1
  54. package/dist/mcp/connect-route.d.ts.map +1 -1
  55. package/dist/mcp/connect-route.js +14 -0
  56. package/dist/mcp/connect-route.js.map +1 -1
  57. package/dist/mcp/embed-app.d.ts.map +1 -1
  58. package/dist/mcp/embed-app.js +167 -1
  59. package/dist/mcp/embed-app.js.map +1 -1
  60. package/dist/mcp/embed-route.d.ts +26 -0
  61. package/dist/mcp/embed-route.d.ts.map +1 -0
  62. package/dist/mcp/embed-route.js +38 -0
  63. package/dist/mcp/embed-route.js.map +1 -0
  64. package/dist/mcp/index.d.ts +1 -0
  65. package/dist/mcp/index.d.ts.map +1 -1
  66. package/dist/mcp/index.js +1 -0
  67. package/dist/mcp/index.js.map +1 -1
  68. package/dist/mcp/server.d.ts.map +1 -1
  69. package/dist/mcp/server.js +16 -1
  70. package/dist/mcp/server.js.map +1 -1
  71. package/dist/scripts/agent-engines/list-agent-engines.d.ts.map +1 -1
  72. package/dist/scripts/agent-engines/list-agent-engines.js +18 -12
  73. package/dist/scripts/agent-engines/list-agent-engines.js.map +1 -1
  74. package/dist/server/better-auth-instance.d.ts.map +1 -1
  75. package/dist/server/better-auth-instance.js +2 -1
  76. package/dist/server/better-auth-instance.js.map +1 -1
  77. package/dist/server/core-routes-plugin.d.ts.map +1 -1
  78. package/dist/server/core-routes-plugin.js +22 -1
  79. package/dist/server/core-routes-plugin.js.map +1 -1
  80. package/dist/server/embed-route.d.ts.map +1 -1
  81. package/dist/server/embed-route.js +7 -1
  82. package/dist/server/embed-route.js.map +1 -1
  83. package/dist/server/embed-session.d.ts.map +1 -1
  84. package/dist/server/embed-session.js +55 -2
  85. package/dist/server/embed-session.js.map +1 -1
  86. package/dist/shared/embed-auth.d.ts +1 -0
  87. package/dist/shared/embed-auth.d.ts.map +1 -1
  88. package/dist/shared/embed-auth.js +1 -0
  89. package/dist/shared/embed-auth.js.map +1 -1
  90. package/dist/vite/client.d.ts +2 -0
  91. package/dist/vite/client.d.ts.map +1 -1
  92. package/dist/vite/client.js +5 -0
  93. package/dist/vite/client.js.map +1 -1
  94. package/docs/content/actions.md +22 -7
  95. package/docs/content/client.md +43 -0
  96. package/docs/content/external-agents.md +40 -1
  97. package/docs/content/mcp-protocol.md +25 -0
  98. package/package.json +1 -1
package/dist/server/embed-route.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"embed-route.d.ts","sourceRoot":"","sources":["../../src/server/embed-route.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAQlC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AA0C7C,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAG1D;AAED,MAAM,WAAW,sBAAsB;IACrC,kBAAkB,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CACtE;AAED,wBAAgB,4BAA4B,CAC1C,OAAO,GAAE,sBAA2B,2FAuCrC"}
1
+ {"version":3,"file":"embed-route.d.ts","sourceRoot":"","sources":["../../src/server/embed-route.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAQlC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AA0C7C,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAG1D;AAED,MAAM,WAAW,sBAAsB;IACrC,kBAAkB,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;CACtE;AAED,wBAAgB,4BAA4B,CAC1C,OAAO,GAAE,sBAA2B,2FA8CrC"}
package/dist/server/embed-route.js CHANGED
@@ -38,7 +38,13 @@ export function buildEmbedStartPath(ticket) {
38
38
  export function createEmbedStartRouteHandler(options = {}) {
39
39
  return defineEventHandler(async (event) => {
40
40
  const method = getMethod(event);
41
- if (method !== "GET" && method !== "HEAD") {
41
+ if (method === "HEAD") {
42
+ return new Response(null, {
43
+ status: 204,
44
+ headers: { "Cache-Control": "no-store" },
45
+ });
46
+ }
47
+ if (method !== "GET") {
42
48
  return textResponse("Method not allowed", 405);
43
49
  }
44
50
  const rawTicket = getQuery(event)?.ticket;
package/dist/server/embed-route.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"embed-route.js","sourceRoot":"","sources":["../../src/server/embed-route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,IAAI,CAAC;AAChF,OAAO,EACL,yBAAyB,EACzB,wBAAwB,EACxB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAC;AAEhF,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;IACxC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9D,OAAO,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAc,EAAE,KAAa;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,6BAA6B,CAAC,CAAC;IAC3D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;IAClD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;IACrD,OAAO,GAAG,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;AACnD,CAAC;AAED,SAAS,yBAAyB,CAChC,KAAc,EACd,QAAgB,EAChB,MAAM,GAAG,GAAG;IAEZ,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,CAAC;IAC1D,KAAK,MAAM,MAAM,IAAI,MAAM;QAAE,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;IAC9C,OAAO,IAAI,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY,CAAC,OAAe,EAAE,MAAc;IACnD,OAAO,IAAI,QAAQ,CAAC,OAAO,EAAE;QAC3B,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,2BAA2B,EAAE;KACzD,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,MAAc;IAChD,MAAM,EAAE,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAC3C,OAAO,GAAG,wBAAwB,EAAE,GAAG,gBAAgB,IAAI,EAAE,EAAE,CAAC;AAClE,CAAC;AAMD,MAAM,UAAU,4BAA4B,CAC1C,UAAkC,EAAE;IAEpC,OAAO,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;QACjD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC1C,OAAO,YAAY,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAC1C,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACnE,MAAM,eAAe,GAAG,MAAM,OAAO;aAClC,kBAAkB,EAAE,CAAC,KAAK,CAAC;aAC3B,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;QACrB,MAAM,QAAQ,GAAG,MAAM,yBAAyB,CAAC,MAAM,EAAE;YACvD,aAAa,EAAE,eAAe,EAAE,KAAK,IAAI,IAAI;SAC9C,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,YAAY,CAAC,mCAAmC,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,YAAY,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,KAAK,GAAG,qBAAqB,CAAC;YAClC,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,UAAU,EAAE,MAAM;YAClB,KAAK,EAAE,QAAQ,CAAC,KAAK;SACtB,CAAC,CAAC;QACH,qBAAqB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACpC,iBAAiB,CAAC,KAAK,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,sBAAsB,CACrC,8BAA8B,CAAC,iBAAiB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CACjE,CAAC;QACF,OAAO,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import type { H3Event } from \"h3\";\nimport { defineEventHandler, getMethod, getQuery, setResponseHeader } from \"h3\";\nimport {\n consumeEmbedSessionTicket,\n normalizeEmbedTargetPath,\n setEmbedSessionCookie,\n signEmbedSessionToken,\n} from \"./embed-session.js\";\nimport type { AuthSession } from \"./auth.js\";\nimport { getConfiguredAppBasePath } from \"./app-base-path.js\";\nimport {\n EMBED_MODE_QUERY_PARAM,\n EMBED_START_PATH,\n EMBED_TOKEN_QUERY_PARAM,\n} from \"../shared/embed-auth.js\";\nimport { withCollapsedAgentSidebarParam } from \"../shared/agent-sidebar-url.js\";\n\nfunction withConfiguredBasePath(path: string): string {\n const base = getConfiguredAppBasePath();\n if (!base) return path;\n if (path === base || path.startsWith(`${base}/`)) return path;\n return `${base}${path}`;\n}\n\nfunction appendEmbedParams(target: string, token: string): string {\n const url = new URL(target, \"http://agent-native.invalid\");\n url.searchParams.set(EMBED_MODE_QUERY_PARAM, \"1\");\n url.searchParams.set(EMBED_TOKEN_QUERY_PARAM, token);\n return `${url.pathname}${url.search}${url.hash}`;\n}\n\nfunction redirectWithStagedCookies(\n event: H3Event,\n location: string,\n status = 302,\n): Response {\n const headers = new Headers({ Location: location });\n const staged = event.res?.headers?.getSetCookie?.() ?? [];\n for (const cookie of staged) headers.append(\"set-cookie\", cookie);\n headers.set(\"Referrer-Policy\", \"no-referrer\");\n return new Response(\"\", { status, headers });\n}\n\nfunction textResponse(message: string, status: number): Response {\n return new Response(message, {\n status,\n headers: { \"Content-Type\": \"text/plain; charset=utf-8\" },\n });\n}\n\nexport function buildEmbedStartPath(ticket: string): string {\n const qs = new URLSearchParams({ ticket });\n return `${getConfiguredAppBasePath()}${EMBED_START_PATH}?${qs}`;\n}\n\nexport interface EmbedStartRouteOptions {\n getExistingSession?: (event: H3Event) => Promise<AuthSession | null>;\n}\n\nexport function createEmbedStartRouteHandler(\n options: EmbedStartRouteOptions = {},\n) {\n return defineEventHandler(async (event: H3Event) => {\n const method = getMethod(event);\n if (method !== \"GET\" && method !== \"HEAD\") {\n return textResponse(\"Method not allowed\", 405);\n }\n\n const rawTicket = getQuery(event)?.ticket;\n const ticket = Array.isArray(rawTicket) ? rawTicket[0] : rawTicket;\n const existingSession = await options\n .getExistingSession?.(event)\n .catch(() => null);\n const consumed = await consumeEmbedSessionTicket(ticket, {\n expectedOrgId: existingSession?.orgId ?? null,\n });\n if (!consumed) {\n return textResponse(\"Invalid or expired embed session.\", 401);\n }\n\n const target = normalizeEmbedTargetPath(consumed.targetPath);\n if (!target) {\n return textResponse(\"Invalid embed target.\", 400);\n }\n\n const token = signEmbedSessionToken({\n ownerEmail: consumed.ownerEmail,\n orgId: consumed.orgId,\n targetPath: target,\n scope: consumed.scope,\n });\n setEmbedSessionCookie(event, token);\n setResponseHeader(event, \"Referrer-Policy\", \"no-referrer\");\n\n const location = withConfiguredBasePath(\n withCollapsedAgentSidebarParam(appendEmbedParams(target, token)),\n );\n return redirectWithStagedCookies(event, location);\n });\n}\n"]}
1
+ {"version":3,"file":"embed-route.js","sourceRoot":"","sources":["../../src/server/embed-route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,IAAI,CAAC;AAChF,OAAO,EACL,yBAAyB,EACzB,wBAAwB,EACxB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAC;AAEhF,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;IACxC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9D,OAAO,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAc,EAAE,KAAa;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,6BAA6B,CAAC,CAAC;IAC3D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;IAClD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;IACrD,OAAO,GAAG,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;AACnD,CAAC;AAED,SAAS,yBAAyB,CAChC,KAAc,EACd,QAAgB,EAChB,MAAM,GAAG,GAAG;IAEZ,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,CAAC;IAC1D,KAAK,MAAM,MAAM,IAAI,MAAM;QAAE,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;IAC9C,OAAO,IAAI,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY,CAAC,OAAe,EAAE,MAAc;IACnD,OAAO,IAAI,QAAQ,CAAC,OAAO,EAAE;QAC3B,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,2BAA2B,EAAE;KACzD,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,MAAc;IAChD,MAAM,EAAE,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAC3C,OAAO,GAAG,wBAAwB,EAAE,GAAG,gBAAgB,IAAI,EAAE,EAAE,CAAC;AAClE,CAAC;AAMD,MAAM,UAAU,4BAA4B,CAC1C,UAAkC,EAAE;IAEpC,OAAO,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;QACjD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;gBACxB,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,eAAe,EAAE,UAAU,EAAE;aACzC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACrB,OAAO,YAAY,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAC1C,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACnE,MAAM,eAAe,GAAG,MAAM,OAAO;aAClC,kBAAkB,EAAE,CAAC,KAAK,CAAC;aAC3B,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;QACrB,MAAM,QAAQ,GAAG,MAAM,yBAAyB,CAAC,MAAM,EAAE;YACvD,aAAa,EAAE,eAAe,EAAE,KAAK,IAAI,IAAI;SAC9C,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,YAAY,CAAC,mCAAmC,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,YAAY,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,KAAK,GAAG,qBAAqB,CAAC;YAClC,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,UAAU,EAAE,MAAM;YAClB,KAAK,EAAE,QAAQ,CAAC,KAAK;SACtB,CAAC,CAAC;QACH,qBAAqB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACpC,iBAAiB,CAAC,KAAK,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,sBAAsB,CACrC,8BAA8B,CAAC,iBAAiB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CACjE,CAAC;QACF,OAAO,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import type { H3Event } from \"h3\";\nimport { defineEventHandler, getMethod, getQuery, setResponseHeader } from \"h3\";\nimport {\n consumeEmbedSessionTicket,\n normalizeEmbedTargetPath,\n setEmbedSessionCookie,\n signEmbedSessionToken,\n} from \"./embed-session.js\";\nimport type { AuthSession } from \"./auth.js\";\nimport { getConfiguredAppBasePath } from \"./app-base-path.js\";\nimport {\n EMBED_MODE_QUERY_PARAM,\n EMBED_START_PATH,\n EMBED_TOKEN_QUERY_PARAM,\n} from \"../shared/embed-auth.js\";\nimport { withCollapsedAgentSidebarParam } from \"../shared/agent-sidebar-url.js\";\n\nfunction withConfiguredBasePath(path: string): string {\n const base = getConfiguredAppBasePath();\n if (!base) return path;\n if (path === base || path.startsWith(`${base}/`)) return path;\n return `${base}${path}`;\n}\n\nfunction appendEmbedParams(target: string, token: string): string {\n const url = new URL(target, \"http://agent-native.invalid\");\n url.searchParams.set(EMBED_MODE_QUERY_PARAM, \"1\");\n url.searchParams.set(EMBED_TOKEN_QUERY_PARAM, token);\n return `${url.pathname}${url.search}${url.hash}`;\n}\n\nfunction redirectWithStagedCookies(\n event: H3Event,\n location: string,\n status = 302,\n): Response {\n const headers = new Headers({ Location: location });\n const staged = event.res?.headers?.getSetCookie?.() ?? [];\n for (const cookie of staged) headers.append(\"set-cookie\", cookie);\n headers.set(\"Referrer-Policy\", \"no-referrer\");\n return new Response(\"\", { status, headers });\n}\n\nfunction textResponse(message: string, status: number): Response {\n return new Response(message, {\n status,\n headers: { \"Content-Type\": \"text/plain; charset=utf-8\" },\n });\n}\n\nexport function buildEmbedStartPath(ticket: string): string {\n const qs = new URLSearchParams({ ticket });\n return `${getConfiguredAppBasePath()}${EMBED_START_PATH}?${qs}`;\n}\n\nexport interface EmbedStartRouteOptions {\n getExistingSession?: (event: H3Event) => Promise<AuthSession | null>;\n}\n\nexport function createEmbedStartRouteHandler(\n options: EmbedStartRouteOptions = {},\n) {\n return defineEventHandler(async (event: H3Event) => {\n const method = getMethod(event);\n if (method === \"HEAD\") {\n return new Response(null, {\n status: 204,\n headers: { \"Cache-Control\": \"no-store\" },\n });\n }\n\n if (method !== \"GET\") {\n return textResponse(\"Method not allowed\", 405);\n }\n\n const rawTicket = getQuery(event)?.ticket;\n const ticket = Array.isArray(rawTicket) ? rawTicket[0] : rawTicket;\n const existingSession = await options\n .getExistingSession?.(event)\n .catch(() => null);\n const consumed = await consumeEmbedSessionTicket(ticket, {\n expectedOrgId: existingSession?.orgId ?? null,\n });\n if (!consumed) {\n return textResponse(\"Invalid or expired embed session.\", 401);\n }\n\n const target = normalizeEmbedTargetPath(consumed.targetPath);\n if (!target) {\n return textResponse(\"Invalid embed target.\", 400);\n }\n\n const token = signEmbedSessionToken({\n ownerEmail: consumed.ownerEmail,\n orgId: consumed.orgId,\n targetPath: target,\n scope: consumed.scope,\n });\n setEmbedSessionCookie(event, token);\n setResponseHeader(event, \"Referrer-Policy\", \"no-referrer\");\n\n const location = withConfiguredBasePath(\n withCollapsedAgentSidebarParam(appendEmbedParams(target, token)),\n );\n return redirectWithStagedCookies(event, location);\n });\n}\n"]}
package/dist/server/embed-session.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"embed-session.d.ts","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAkBlC,QAAA,MAAM,UAAU,+BAA+B,CAAC;AAuBhD,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gCAAgC;IAC/C,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,WAAW,0BAA0B;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,OAAO,UAAU,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,MAAM,6BAA6B,GACrC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,uBAAuB,CAAA;CAAE,GAC7C;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAElC,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAyQF,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,OAAO,EACd,UAAU,EAAE,MAAM,GACjB,OAAO,CAST;AAED,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EAC9B,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,GAAG,IAAI,CA8Bf;AAED,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC,CA8B7B;AAED,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EACjC,OAAO,GAAE,gCAAqC,GAC7C,OAAO,CAAC,0BAA0B,GAAG,IAAI,CAAC,CA6C5C;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CAeT;AAED,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAC/B,6BAA6B,CAsC/B;AAiCD,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAQzE;AAyBD,wBAAsB,8BAA8B,CAClD,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAyBtC;AAED,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAoBjE;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAS1D"}
1
+ {"version":3,"file":"embed-session.d.ts","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAkBlC,QAAA,MAAM,UAAU,+BAA+B,CAAC;AA6BhD,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gCAAgC;IAC/C,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,WAAW,0BAA0B;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,OAAO,UAAU,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,MAAM,6BAA6B,GACrC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,uBAAuB,CAAA;CAAE,GAC7C;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAElC,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAoTF,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,OAAO,EACd,UAAU,EAAE,MAAM,GACjB,OAAO,CAYT;AAED,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EAC9B,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,GAAG,IAAI,CA8Bf;AAED,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC,CA8B7B;AAED,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EACjC,OAAO,GAAE,gCAAqC,GAC7C,OAAO,CAAC,0BAA0B,GAAG,IAAI,CAAC,CA6C5C;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CAeT;AAED,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAC/B,6BAA6B,CAsC/B;AAiCD,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAQzE;AAyBD,wBAAsB,8BAA8B,CAClD,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAyBtC;AAED,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAoBjE;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAS1D"}
package/dist/server/embed-session.js CHANGED
@@ -23,6 +23,12 @@ const OPEN_ROUTE_VIEW_PATHS = {
23
23
  sources: "/sources",
24
24
  settings: "/settings",
25
25
  };
26
+ const EMBED_ROUTE_ALIASES = {
27
+ "/dashboard": ["/adhoc/agent-native-templates-first-party"],
28
+ "/dashboards": ["/adhoc/agent-native-templates-first-party"],
29
+ "/traffic": ["/adhoc/agent-native-templates-first-party"],
30
+ "/traffic-dashboard": ["/adhoc/agent-native-templates-first-party"],
31
+ };
26
32
  let _initPromise;
27
33
  let _devSigningKey;
28
34
  async function ensureTable() {
@@ -200,8 +206,12 @@ function openRouteTargetPathnames(targetPath) {
200
206
  function allowedEmbedTargetPathnames(targetPath) {
201
207
  const allowed = new Set();
202
208
  const direct = pathnameFromPath(targetPath);
203
- if (direct)
209
+ if (direct) {
204
210
  allowed.add(direct);
211
+ for (const aliasTarget of EMBED_ROUTE_ALIASES[direct] ?? []) {
212
+ allowed.add(aliasTarget);
213
+ }
214
+ }
205
215
  for (const openTarget of openRouteTargetPathnames(targetPath)) {
206
216
  allowed.add(openTarget);
207
217
  }
@@ -244,6 +254,46 @@ function headerTargetPathname(event) {
244
254
  return null;
245
255
  }
246
256
  }
257
+ function requestHost(event) {
258
+ const direct = event.request?.headers?.get?.("host") ??
259
+ event.headers?.get?.("host") ??
260
+ event.node?.req?.headers?.host;
261
+ if (typeof direct === "string" && direct.trim())
262
+ return direct.trim();
263
+ try {
264
+ return getHeader(event, "host") ?? null;
265
+ }
266
+ catch {
267
+ return null;
268
+ }
269
+ }
270
+ function referrerTargetPathname(event) {
271
+ let raw = event.request?.headers?.get?.("referer") ??
272
+ event.request?.headers?.get?.("referrer") ??
273
+ event.headers?.get?.("referer") ??
274
+ event.headers?.get?.("referrer") ??
275
+ event.node?.req?.headers?.referer ??
276
+ event.node?.req?.headers?.referrer ??
277
+ null;
278
+ try {
279
+ raw = raw ?? getHeader(event, "referer") ?? getHeader(event, "referrer");
280
+ }
281
+ catch {
282
+ raw = raw ?? null;
283
+ }
284
+ if (!raw)
285
+ return null;
286
+ try {
287
+ const referrer = new URL(raw);
288
+ const host = requestHost(event);
289
+ if (host && referrer.host !== host)
290
+ return null;
291
+ return pathnameFromPath(`${referrer.pathname}${referrer.search}`);
292
+ }
293
+ catch {
294
+ return pathnameFromPath(raw);
295
+ }
296
+ }
247
297
  export function requestMatchesEmbedTarget(event, targetPath) {
248
298
  const allowed = allowedEmbedTargetPathnames(targetPath);
249
299
  if (allowed.size === 0)
@@ -252,7 +302,10 @@ export function requestMatchesEmbedTarget(event, targetPath) {
252
302
  if (current && allowed.has(current))
253
303
  return true;
254
304
  const headerTarget = headerTargetPathname(event);
255
- return !!headerTarget && allowed.has(headerTarget);
305
+ if (headerTarget && allowed.has(headerTarget))
306
+ return true;
307
+ const referrerTarget = referrerTargetPathname(event);
308
+ return !!referrerTarget && allowed.has(referrerTarget);
256
309
  }
257
310
  export function normalizeEmbedTargetPath(raw, requestOrigin) {
258
311
  const value = String(raw ?? "").trim();
package/dist/server/embed-session.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"embed-session.js","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,OAAO,EACL,SAAS,EACT,SAAS,EACT,QAAQ,EACR,SAAS,EACT,iBAAiB,GAClB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,UAAU,GAAG,4BAA4B,CAAC;AAChD,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,CAAC;AAC1C,MAAM,0BAA0B,GAAG,CAAC,GAAG,EAAE,CAAC;AAC1C,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,0BAA0B,CAAC,CAAC;AAC7D,MAAM,eAAe,GAAG,qBAAqB,CAAC;AAC9C,MAAM,qBAAqB,GAA2B;IACpD,GAAG,EAAE,GAAG;IACR,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,SAAS;IAClB,SAAS,EAAE,YAAY;IACvB,IAAI,EAAE,GAAG;IACT,GAAG,EAAE,MAAM;IACX,SAAS,EAAE,SAAS;IACpB,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,UAAU;IAClB,OAAO,EAAE,UAAU;IACnB,QAAQ,EAAE,WAAW;CACtB,CAAC;AAEF,IAAI,YAAuC,CAAC;AAC5C,IAAI,cAAkC,CAAC;AAkDvC,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC;;;;;;;uBAOJ,OAAO,EAAE;uBACT,OAAO,EAAE;wBACR,OAAO,EAAE;;OAE1B,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjB,YAAY,GAAG,SAAS,CAAC;YACzB,MAAM,GAAG,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,MAAM,GACV,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,4BAA4B,CAAC,mBAAmB,CAAC,CAAC;IACpD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,4IAA4I,CAC7I,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,SAAS,eAAe,CAAC,GAAoB;IAC3C,MAAM,CAAC,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACnE,OAAO,CAAC;SACL,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,MAAM,GAAG,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAChE,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,eAAe,CACpB,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CACtE,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACxB,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACvC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAgB;IAC/C,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;IACxC,IAAI,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC;IAC3B,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,GAAG,CAAC;IAClC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC;QACjC,OAAO,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC;IAC5C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,UAAU,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAAgC;IACvD,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACzD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACrD,IACE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QACrB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QACtB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EACrB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,wBAAwB,CAC/B,OAAoB,EACpB,IAA+B;IAE/B,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,QAAQ;QAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,wBAAwB,CAAC,UAAkB;IAClD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,uBAAuB,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,eAAe,EAAE,CAAC;QAC9D,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,EAAE,GAAG,wBAAwB,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAChE,wBAAwB,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAEtC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC;IAClD,IAAI,CAAC,IAAI,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,OAAO,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IAC1D,MAAM,YAAY,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAChD,wBAAwB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAChD,wBAAwB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;IAE/D,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,KAAK,OAAO,IAAI,WAAW,EAAE,CAAC;QACpC,wBAAwB,CACtB,OAAO,EACP,UAAU,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAC5C,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,IAAI,IAAI,KAAK,UAAU,IAAI,UAAU,EAAE,CAAC;QACtC,wBAAwB,CACtB,OAAO,EACP,aAAa,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,KAAK,YAAY,IAAI,WAAW,EAAE,CAAC;QACzC,wBAAwB,CACtB,OAAO,EACP,eAAe,kBAAkB,CAAC,WAAW,CAAC,EAAE,CACjD,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,QAAQ,EAAE,CAAC;QACb,wBAAwB,CACtB,OAAO,EACP,IAAI,KAAK,SAAS;YAChB,CAAC,CAAC,YAAY,kBAAkB,CAAC,QAAQ,CAAC,EAAE;YAC5C,CAAC,CAAC,WAAW,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,IAAI,UAAU,EAAE,CAAC;QACf,wBAAwB,CACtB,OAAO,EACP,SAAS,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/D,IAAI,MAAM,EAAE,CAAC;QACX,wBAAwB,CACtB,OAAO,EACP,IAAI,KAAK,SAAS;YAChB,CAAC,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,UAAU;YAC/C,CAAC,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,IACE,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClD,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACpD,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EACjD,CAAC;QACD,wBAAwB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,IACE,IAAI,KAAK,UAAU;QACnB,CAAC,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAC/C,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EACxD,CAAC;QACD,wBAAwB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,YAAY,IAAI,QAAQ,EAAE,CAAC;QAC7B,wBAAwB,CACtB,OAAO,EACP,GAAG,YAAY,IAAI,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAClD,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,2BAA2B,CAAC,UAAkB;IACrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,MAAM;QAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAChC,KAAK,MAAM,UAAU,IAAI,wBAAwB,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,eAAe,GAAI,KAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACjE,IAAI,OAAO,eAAe,KAAK,QAAQ,IAAI,eAAe,EAAE,CAAC;QAC3D,OAAO,GAAG,eAAe,GAAI,KAAa,CAAC,GAAG,EAAE,MAAM,IAAI,EAAE,EAAE,CAAC;IACjE,CAAC;IACD,OAAO,CACJ,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG;QAC3B,KAAa,CAAC,GAAG,EAAE,GAA0B;QAC7C,KAAa,CAAC,OAAO,EAAE,GAA0B;QAClD,KAAa,CAAC,IAAI;QAClB,KAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;QAChC,GAAG,CACJ,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,MAAM,GAAG,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;QACtE,OAAO,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAC1C,MAAM,MAAM,GACT,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QAC1D,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QACjD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC;QACvD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,WAAW,EAAE,CAAC,CAAC;IACzE,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QAClD,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,KAAc,EACd,UAAkB;IAElB,MAAM,OAAO,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;IACxD,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,YAAY,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IACjD,OAAO,CAAC,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,GAA8B,EAC9B,aAAsB;IAEtB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,KAAK,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAErD,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;YAC9B,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;gBACxC,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;YACrD,CAAC;YACD,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;YACxC,IACE,IAAI;gBACJ,MAAM,CAAC,QAAQ,KAAK,IAAI;gBACxB,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,EACvC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,GAAG,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAC5D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7C,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACjE,IAAI,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAA8B;IAE9B,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC9E,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9D,IAAI,CAAC,UAAU;QACb,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAEhE,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,0BAA0B,CAAC;IAClE,MAAM,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC;IACvD,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EACD,yCAAyC;YACzC,8FAA8F;YAC9F,iCAAiC;QACnC,IAAI,EAAE;YACJ,UAAU;YACV,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,GAAG;YACH,SAAS;YACT,IAAI;SACL;KACF,CAAC,CAAC;IACH,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiC,EACjC,UAA4C,EAAE;IAE9C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACzC,GAAG,EACD,uFAAuF;YACvF,uDAAuD;QACzD,IAAI,EAAE,CAAC,UAAU,CAAC;KACnB,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,MAAM,GAAG,GAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACnE,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IACzD,IAAI,UAAU,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,SAAS,IAAI,IAAI,IAAI,SAAS,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,OAAO,CAAC,aAAa,IAAI,KAAK,IAAI,KAAK,KAAK,OAAO,CAAC,aAAa,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACvC,GAAG,EACD,wDAAwD;YACxD,+CAA+C;QACjD,IAAI,EAAE,CAAC,GAAG,EAAE,UAAU,CAAC;KACxB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,YAAY,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,UAAU,GAAG,wBAAwB,CACzC,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CACrD,CAAC;IACF,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACxE,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,IAAI,SAAS,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAEjE,OAAO;QACL,UAAU;QACV,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3B,UAAU;QACV,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC;YAC9B,CAAC,CAAC,EAAE,KAAK,EAAE,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;YACzC,CAAC,CAAC,EAAE,CAAC;QACP,SAAS;KACV,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAMrC;IACC,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACrE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,IAAI,yBAAyB,CAAC,CAAC;IACvE,MAAM,MAAM,GAA4B;QACtC,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,UAAU;QACV,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,GAAG;KACf,CAAC;IACF,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,OAAO,GAAG,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,KAAgC;IAEhC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IACD,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;IACnC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;QACnE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IAED,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IAED,IACE,CAAC,MAAM;QACP,MAAM,CAAC,IAAI,KAAK,UAAU;QAC1B,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ;QACrC,CAAC,MAAM,CAAC,UAAU;QAClB,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;QAC9B,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAC5B,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,CAAC,UAAU,GAAG,wBAAwB,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACvE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QACtD,IAAI,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC;QAC1C,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;QACxE,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC;IACjD,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAK1C,OAAO,cAAc,CAAC,KAAK,CAAC;QAC1B,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;QACvD,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAAc,EAAE,KAAa;IACjE,SAAS,CAAC,KAAK,EAAE,oBAAoB,EAAE,KAAK,EAAE;QAC5C,QAAQ,EAAE,IAAI;QACd,GAAG,oBAAoB,CAAC,KAAK,CAAC;QAC9B,GAAG,iBAAiB,EAAE;QACtB,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,yBAAyB;KAClC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC/C,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAChD,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC;IACxB,IAAI,CAAC;QACH,OAAO,CACL,IAAI,GAAG,CACL,mBAAmB,CAAC,KAAK,CAAC,EAC1B,6BAA6B,CAC9B,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,SAAS,CACzD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,KAAc;IAEd,MAAM,UAAU,GAAG;QACjB,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE;QAC7C,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;QAC/C,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;KACpE,CAAC;IACF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,SAAS;QAC3B,IAAI,CAAC,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;YACpD,qBAAqB,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YAC9C,iBAAiB,CAAC,KAAK,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACjC,KAAK,EAAE,SAAS,CAAC,KAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACtC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,KAAc;IACtD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;YAC1D,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;QAC/B,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAC;QAC3D,KAAK,MAAM,KAAK,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;YAChD,IACE,QAAQ,CAAC,EAAE;gBACX,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAC5D,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAc;IAC/C,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,OAAO,CACL,CAAC,CAAC,sBAAsB,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,sBAAsB,CAAC,KAAK,MAAM,CAC1E,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["import crypto from \"node:crypto\";\nimport type { H3Event } from \"h3\";\nimport {\n getCookie,\n getHeader,\n getQuery,\n setCookie,\n setResponseHeader,\n} from \"h3\";\nimport { getDbExec, intType } from \"../db/client.js\";\nimport { getWorkspaceA2ADerivedSecret } from \"./derived-secret.js\";\nimport { getConfiguredAppBasePath } from \"./app-base-path.js\";\nimport {\n EMBED_MODE_QUERY_PARAM,\n EMBED_SESSION_COOKIE,\n EMBED_TARGET_HEADER,\n EMBED_TOKEN_QUERY_PARAM,\n} from \"../shared/embed-auth.js\";\n\nconst TOKEN_KIND = \"agent-native-embed-session\";\nconst DEFAULT_TOKEN_TTL_SECONDS = 60 * 60;\nconst DEFAULT_TICKET_TTL_SECONDS = 5 * 60;\nconst CONTROL_CHARS = new RegExp(\"[\\\\u0000-\\\\u001f\\\\u007f]\");\nconst OPEN_ROUTE_PATH = \"/_agent-native/open\";\nconst OPEN_ROUTE_VIEW_PATHS: Record<string, string> = {\n ask: \"/\",\n calendar: \"/\",\n capture: \"/search\",\n knowledge: \"/knowledge\",\n list: \"/\",\n ops: \"/ops\",\n proposals: \"/review\",\n review: \"/review\",\n search: \"/search\",\n source: \"/sources\",\n sources: \"/sources\",\n settings: \"/settings\",\n};\n\nlet _initPromise: Promise<void> | undefined;\nlet _devSigningKey: string | undefined;\n\nexport interface EmbedSessionTicketInput {\n ownerEmail: string;\n orgId?: string | null;\n targetPath: string;\n scope?: string | null;\n ttlSeconds?: number;\n}\n\nexport interface EmbedSessionTicket {\n ticket: string;\n ticketHash: string;\n expiresAt: number;\n}\n\nexport interface ConsumeEmbedSessionTicketOptions {\n expectedOrgId?: string | null;\n}\n\nexport interface ConsumedEmbedSessionTicket {\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n expiresAt: number;\n}\n\nexport interface EmbedSessionTokenClaims {\n kind: typeof TOKEN_KIND;\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n iat: number;\n exp: number;\n}\n\nexport type VerifyEmbedSessionTokenResult =\n | { ok: true; claims: EmbedSessionTokenClaims }\n | { ok: false; reason: string };\n\nexport type ResolvedEmbedSession = {\n email: string;\n orgId?: string;\n token: string;\n targetPath: string;\n scope?: string;\n};\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS agent_native_embed_tickets (\n ticket_hash TEXT PRIMARY KEY,\n owner_email TEXT NOT NULL,\n org_id TEXT,\n target_path TEXT NOT NULL,\n scope TEXT,\n created_at ${intType()} NOT NULL,\n expires_at ${intType()} NOT NULL,\n consumed_at ${intType()}\n )\n `);\n })().catch((err) => {\n _initPromise = undefined;\n throw err;\n });\n }\n return _initPromise;\n}\n\nfunction getSigningKey(): string {\n const secret =\n process.env.OAUTH_STATE_SECRET ||\n process.env.BETTER_AUTH_SECRET ||\n getWorkspaceA2ADerivedSecret(\"short-lived-token\");\n if (secret) return secret;\n\n if (process.env.NODE_ENV === \"production\") {\n throw new Error(\n \"Embed session signing requires a server secret. Set OAUTH_STATE_SECRET, BETTER_AUTH_SECRET, or A2A_SECRET in production workspace deploys.\",\n );\n }\n\n if (!_devSigningKey) {\n _devSigningKey = crypto.randomBytes(32).toString(\"hex\");\n }\n return _devSigningKey;\n}\n\nfunction base64UrlEncode(buf: Buffer | string): string {\n const b = typeof buf === \"string\" ? Buffer.from(buf, \"utf8\") : buf;\n return b\n .toString(\"base64\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/g, \"\");\n}\n\nfunction base64UrlDecode(input: string): Buffer {\n const padded = input + \"=\".repeat((4 - (input.length % 4)) % 4);\n return Buffer.from(padded.replace(/-/g, \"+\").replace(/_/g, \"/\"), \"base64\");\n}\n\nfunction signPayload(payload: string): string {\n return base64UrlEncode(\n crypto.createHmac(\"sha256\", getSigningKey()).update(payload).digest(),\n );\n}\n\nfunction hashTicket(ticket: string): string {\n return crypto.createHash(\"sha256\").update(ticket).digest(\"hex\");\n}\n\nfunction numberOrNull(value: unknown): number | null {\n if (value == null) return null;\n const n = Number(value);\n return Number.isFinite(n) ? n : null;\n}\n\nfunction stringOrUndefined(value: unknown): string | undefined {\n return typeof value === \"string\" && value ? value : undefined;\n}\n\nfunction stripConfiguredBasePath(pathname: string): string {\n const base = getConfiguredAppBasePath();\n if (!base) return pathname;\n if (pathname === base) return \"/\";\n if (pathname.startsWith(`${base}/`))\n return pathname.slice(base.length) || \"/\";\n return pathname;\n}\n\nfunction pathnameFromPath(path: string): string | null {\n const normalized = normalizeEmbedTargetPath(path);\n if (!normalized) return null;\n try {\n return new URL(normalized, \"http://agent-native.invalid\").pathname;\n } catch {\n return null;\n }\n}\n\nfunction safePathSegment(value: string | null | undefined): string | null {\n const segment = value?.trim();\n if (!segment || CONTROL_CHARS.test(segment)) return null;\n if (segment === \".\" || segment === \"..\") return null;\n if (\n segment.includes(\"/\") ||\n segment.includes(\"\\\\\") ||\n segment.includes(\"?\")\n ) {\n return null;\n }\n if (segment.includes(\"#\")) return null;\n return segment;\n}\n\nfunction addResolvedOpenRoutePath(\n targets: Set<string>,\n path: string | null | undefined,\n): void {\n if (!path) return;\n const pathname = pathnameFromPath(path);\n if (pathname) targets.add(pathname);\n}\n\nfunction openRouteTargetPathnames(targetPath: string): Set<string> {\n const targets = new Set<string>();\n let url: URL;\n try {\n url = new URL(targetPath, \"http://agent-native.invalid\");\n } catch {\n return targets;\n }\n if (stripConfiguredBasePath(url.pathname) !== OPEN_ROUTE_PATH) {\n return targets;\n }\n\n const to = normalizeEmbedTargetPath(url.searchParams.get(\"to\"));\n addResolvedOpenRoutePath(targets, to);\n\n const view = url.searchParams.get(\"view\")?.trim();\n if (!view || CONTROL_CHARS.test(view)) return targets;\n const viewPath = view.startsWith(\"/\") ? view : `/${view}`;\n const viewPathname = pathnameFromPath(viewPath);\n addResolvedOpenRoutePath(targets, viewPathname);\n addResolvedOpenRoutePath(targets, OPEN_ROUTE_VIEW_PATHS[view]);\n\n const dashboardId = safePathSegment(url.searchParams.get(\"dashboardId\"));\n if (view === \"adhoc\" && dashboardId) {\n addResolvedOpenRoutePath(\n targets,\n `/adhoc/${encodeURIComponent(dashboardId)}`,\n );\n }\n const analysisId = safePathSegment(url.searchParams.get(\"analysisId\"));\n if (view === \"analyses\" && analysisId) {\n addResolvedOpenRoutePath(\n targets,\n `/analyses/${encodeURIComponent(analysisId)}`,\n );\n }\n const extensionId = safePathSegment(url.searchParams.get(\"extensionId\"));\n if (view === \"extensions\" && extensionId) {\n addResolvedOpenRoutePath(\n targets,\n `/extensions/${encodeURIComponent(extensionId)}`,\n );\n }\n const designId = safePathSegment(url.searchParams.get(\"designId\"));\n if (designId) {\n addResolvedOpenRoutePath(\n targets,\n view === \"present\"\n ? `/present/${encodeURIComponent(designId)}`\n : `/design/${encodeURIComponent(designId)}`,\n );\n }\n const documentId = safePathSegment(url.searchParams.get(\"documentId\"));\n if (documentId) {\n addResolvedOpenRoutePath(\n targets,\n `/page/${encodeURIComponent(documentId)}`,\n );\n }\n const deckId = safePathSegment(url.searchParams.get(\"deckId\"));\n if (deckId) {\n addResolvedOpenRoutePath(\n targets,\n view === \"present\"\n ? `/deck/${encodeURIComponent(deckId)}/present`\n : `/deck/${encodeURIComponent(deckId)}`,\n );\n }\n if (\n safePathSegment(url.searchParams.get(\"captureId\")) ||\n safePathSegment(url.searchParams.get(\"knowledgeId\")) ||\n safePathSegment(url.searchParams.get(\"sourceId\"))\n ) {\n addResolvedOpenRoutePath(targets, OPEN_ROUTE_VIEW_PATHS[view]);\n }\n if (\n view === \"calendar\" &&\n (safePathSegment(url.searchParams.get(\"eventId\")) ||\n safePathSegment(url.searchParams.get(\"eventDraftId\")))\n ) {\n addResolvedOpenRoutePath(targets, \"/\");\n }\n const threadId = safePathSegment(url.searchParams.get(\"threadId\"));\n if (viewPathname && threadId) {\n addResolvedOpenRoutePath(\n targets,\n `${viewPathname}/${encodeURIComponent(threadId)}`,\n );\n }\n\n return targets;\n}\n\nfunction allowedEmbedTargetPathnames(targetPath: string): Set<string> {\n const allowed = new Set<string>();\n const direct = pathnameFromPath(targetPath);\n if (direct) allowed.add(direct);\n for (const openTarget of openRouteTargetPathnames(targetPath)) {\n allowed.add(openTarget);\n }\n return allowed;\n}\n\nfunction requestUrlFromEvent(event: H3Event): string {\n const mountedPathname = (event as any).context?._mountedPathname;\n if (typeof mountedPathname === \"string\" && mountedPathname) {\n return `${mountedPathname}${(event as any).url?.search ?? \"\"}`;\n }\n return (\n (event as any).node?.req?.url ??\n ((event as any).req?.url as string | undefined) ??\n ((event as any).request?.url as string | undefined) ??\n (event as any).path ??\n (event as any).url?.toString?.() ??\n \"/\"\n );\n}\n\nfunction requestPathname(event: H3Event): string | null {\n const raw = requestUrlFromEvent(event);\n try {\n const pathname = new URL(raw, \"http://agent-native.invalid\").pathname;\n return stripConfiguredBasePath(pathname);\n } catch {\n return null;\n }\n}\n\nfunction headerTargetPathname(event: H3Event): string | null {\n const direct =\n (event as any).request?.headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER] ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER.toLowerCase()];\n if (typeof direct === \"string\") return pathnameFromPath(direct);\n try {\n const raw = getHeader(event, EMBED_TARGET_HEADER);\n return typeof raw === \"string\" ? pathnameFromPath(raw) : null;\n } catch {\n return null;\n }\n}\n\nexport function requestMatchesEmbedTarget(\n event: H3Event,\n targetPath: string,\n): boolean {\n const allowed = allowedEmbedTargetPathnames(targetPath);\n if (allowed.size === 0) return false;\n\n const current = requestPathname(event);\n if (current && allowed.has(current)) return true;\n\n const headerTarget = headerTargetPathname(event);\n return !!headerTarget && allowed.has(headerTarget);\n}\n\nexport function normalizeEmbedTargetPath(\n raw: string | undefined | null,\n requestOrigin?: string,\n): string | null {\n const value = String(raw ?? \"\").trim();\n if (!value || CONTROL_CHARS.test(value)) return null;\n\n let path = value;\n try {\n if (/^[a-z][a-z0-9+.-]*:\\/\\//i.test(value)) {\n const parsed = new URL(value);\n if (requestOrigin) {\n const expected = new URL(requestOrigin);\n if (parsed.origin !== expected.origin) return null;\n }\n const base = getConfiguredAppBasePath();\n if (\n base &&\n parsed.pathname !== base &&\n !parsed.pathname.startsWith(`${base}/`)\n ) {\n return null;\n }\n path = `${parsed.pathname}${parsed.search}${parsed.hash}`;\n }\n } catch {\n return null;\n }\n\n if (!path.startsWith(\"/\")) path = `/${path}`;\n if (path.startsWith(\"//\") || path.startsWith(\"/\\\\\")) return null;\n if (/^\\/[a-z][a-z0-9+.-]*:/i.test(path)) return null;\n return stripConfiguredBasePath(path);\n}\n\nexport async function createEmbedSessionTicket(\n input: EmbedSessionTicketInput,\n): Promise<EmbedSessionTicket> {\n const ownerEmail = input.ownerEmail.trim();\n if (!ownerEmail) throw new Error(\"Embed session ticket requires ownerEmail.\");\n const targetPath = normalizeEmbedTargetPath(input.targetPath);\n if (!targetPath)\n throw new Error(\"Embed session ticket requires a safe path.\");\n\n await ensureTable();\n const ticket = crypto.randomBytes(32).toString(\"base64url\");\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const ttlSeconds = input.ttlSeconds ?? DEFAULT_TICKET_TTL_SECONDS;\n const expiresAt = now + Math.max(1, ttlSeconds) * 1000;\n await getDbExec().execute({\n sql:\n \"INSERT INTO agent_native_embed_tickets \" +\n \"(ticket_hash, owner_email, org_id, target_path, scope, created_at, expires_at, consumed_at) \" +\n \"VALUES (?, ?, ?, ?, ?, ?, ?, ?)\",\n args: [\n ticketHash,\n ownerEmail,\n input.orgId ?? null,\n targetPath,\n input.scope ?? null,\n now,\n expiresAt,\n null,\n ],\n });\n return { ticket, ticketHash, expiresAt };\n}\n\nexport async function consumeEmbedSessionTicket(\n ticket: string | undefined | null,\n options: ConsumeEmbedSessionTicketOptions = {},\n): Promise<ConsumedEmbedSessionTicket | null> {\n if (!ticket) return null;\n await ensureTable();\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const { rows } = await getDbExec().execute({\n sql:\n \"SELECT ticket_hash, owner_email, org_id, target_path, scope, expires_at, consumed_at \" +\n \"FROM agent_native_embed_tickets WHERE ticket_hash = ?\",\n args: [ticketHash],\n });\n if (rows.length === 0) return null;\n const row: any = rows[0];\n const expiresAt = numberOrNull(row.expires_at ?? row.expiresAt);\n const consumedAt = numberOrNull(row.consumed_at ?? row.consumedAt);\n const orgId = stringOrUndefined(row.org_id ?? row.orgId);\n if (consumedAt != null) return null;\n if (expiresAt != null && expiresAt < now) return null;\n if (options.expectedOrgId && orgId && orgId !== options.expectedOrgId) {\n return null;\n }\n\n const result = await getDbExec().execute({\n sql:\n \"UPDATE agent_native_embed_tickets SET consumed_at = ? \" +\n \"WHERE ticket_hash = ? AND consumed_at IS NULL\",\n args: [now, ticketHash],\n });\n if (result.rowsAffected === 0) return null;\n\n const targetPath = normalizeEmbedTargetPath(\n stringOrUndefined(row.target_path ?? row.targetPath),\n );\n const ownerEmail = stringOrUndefined(row.owner_email ?? row.ownerEmail);\n if (!targetPath || !ownerEmail || expiresAt == null) return null;\n\n return {\n ownerEmail,\n ...(orgId ? { orgId } : {}),\n targetPath,\n ...(stringOrUndefined(row.scope)\n ? { scope: stringOrUndefined(row.scope) }\n : {}),\n expiresAt,\n };\n}\n\nexport function signEmbedSessionToken(input: {\n ownerEmail: string;\n orgId?: string | null;\n targetPath: string;\n scope?: string | null;\n ttlSeconds?: number;\n}): string {\n const targetPath = normalizeEmbedTargetPath(input.targetPath) ?? \"/\";\n const now = Math.floor(Date.now() / 1000);\n const ttl = Math.max(1, input.ttlSeconds ?? DEFAULT_TOKEN_TTL_SECONDS);\n const claims: EmbedSessionTokenClaims = {\n kind: TOKEN_KIND,\n ownerEmail: input.ownerEmail,\n targetPath,\n iat: now,\n exp: now + ttl,\n };\n if (input.orgId) claims.orgId = input.orgId;\n if (input.scope) claims.scope = input.scope;\n const payload = base64UrlEncode(JSON.stringify(claims));\n return `${payload}.${signPayload(payload)}`;\n}\n\nexport function verifyEmbedSessionToken(\n token: string | undefined | null,\n): VerifyEmbedSessionTokenResult {\n if (!token || typeof token !== \"string\") {\n return { ok: false, reason: \"missing\" };\n }\n const parts = token.split(\".\");\n if (parts.length !== 2 || !parts[0] || !parts[1]) {\n return { ok: false, reason: \"shape\" };\n }\n const [payload, signature] = parts;\n const expected = signPayload(payload);\n const sig = Buffer.from(signature);\n const exp = Buffer.from(expected);\n if (sig.length !== exp.length || !crypto.timingSafeEqual(sig, exp)) {\n return { ok: false, reason: \"signature\" };\n }\n\n let claims: EmbedSessionTokenClaims;\n try {\n claims = JSON.parse(base64UrlDecode(payload).toString(\"utf8\"));\n } catch {\n return { ok: false, reason: \"payload\" };\n }\n\n if (\n !claims ||\n claims.kind !== TOKEN_KIND ||\n typeof claims.ownerEmail !== \"string\" ||\n !claims.ownerEmail ||\n typeof claims.exp !== \"number\" ||\n !Number.isFinite(claims.exp)\n ) {\n return { ok: false, reason: \"claims\" };\n }\n if (claims.exp < Math.floor(Date.now() / 1000)) {\n return { ok: false, reason: \"expired\" };\n }\n claims.targetPath = normalizeEmbedTargetPath(claims.targetPath) ?? \"/\";\n return { ok: true, claims };\n}\n\nfunction isHttpsRequest(event: H3Event): boolean {\n try {\n const xfProto = getHeader(event, \"x-forwarded-proto\");\n if (xfProto && String(xfProto).split(\",\")[0].trim() === \"https\") {\n return true;\n }\n const url = event.url?.toString?.() ?? \"\";\n if (url.startsWith(\"https://\")) return true;\n const appUrl = process.env.APP_URL || process.env.BETTER_AUTH_URL || \"\";\n if (appUrl.startsWith(\"https://\")) return true;\n } catch {\n // ignore\n }\n return false;\n}\n\nfunction cookieDomainAttrs(): { domain?: string } {\n const domain = process.env.COOKIE_DOMAIN?.trim();\n return domain ? { domain } : {};\n}\n\nfunction crossSiteCookieAttrs(event: H3Event): {\n sameSite: \"lax\" | \"none\";\n secure: boolean;\n partitioned?: boolean;\n} {\n return isHttpsRequest(event)\n ? { sameSite: \"none\", secure: true, partitioned: true }\n : { sameSite: \"lax\", secure: false };\n}\n\nexport function setEmbedSessionCookie(event: H3Event, token: string): void {\n setCookie(event, EMBED_SESSION_COOKIE, token, {\n httpOnly: true,\n ...crossSiteCookieAttrs(event),\n ...cookieDomainAttrs(),\n path: \"/\",\n maxAge: DEFAULT_TOKEN_TTL_SECONDS,\n });\n}\n\nfunction bearerToken(event: H3Event): string | undefined {\n const auth = getHeader(event, \"authorization\");\n if (!auth) return undefined;\n const match = /^Bearer\\s+(.+)$/i.exec(String(auth).trim());\n return match?.[1]?.trim();\n}\n\nfunction queryToken(event: H3Event): string | undefined {\n const raw = getQuery(event)?.[EMBED_TOKEN_QUERY_PARAM];\n const value = Array.isArray(raw) ? raw[0] : raw;\n if (value) return value;\n try {\n return (\n new URL(\n requestUrlFromEvent(event),\n \"http://agent-native.invalid\",\n ).searchParams.get(EMBED_TOKEN_QUERY_PARAM) ?? undefined\n );\n } catch {\n return undefined;\n }\n}\n\nexport async function resolveEmbedSessionFromRequest(\n event: H3Event,\n): Promise<ResolvedEmbedSession | null> {\n const candidates = [\n { token: queryToken(event), source: \"query\" },\n { token: bearerToken(event), source: \"bearer\" },\n { token: getCookie(event, EMBED_SESSION_COOKIE), source: \"cookie\" },\n ];\n for (const candidate of candidates) {\n const verified = verifyEmbedSessionToken(candidate.token);\n if (!verified.ok) continue;\n if (!requestMatchesEmbedTarget(event, verified.claims.targetPath)) {\n continue;\n }\n if (candidate.source === \"query\" && candidate.token) {\n setEmbedSessionCookie(event, candidate.token);\n setResponseHeader(event, \"Referrer-Policy\", \"no-referrer\");\n }\n return {\n email: verified.claims.ownerEmail,\n token: candidate.token!,\n targetPath: verified.claims.targetPath,\n ...(verified.claims.orgId ? { orgId: verified.claims.orgId } : {}),\n ...(verified.claims.scope ? { scope: verified.claims.scope } : {}),\n };\n }\n return null;\n}\n\nexport function requestHasEmbedAuthMarker(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n const queryToken = Array.isArray(q[EMBED_TOKEN_QUERY_PARAM])\n ? q[EMBED_TOKEN_QUERY_PARAM][0]\n : q[EMBED_TOKEN_QUERY_PARAM];\n const cookieToken = getCookie(event, EMBED_SESSION_COOKIE);\n for (const token of [queryToken, cookieToken]) {\n const verified = verifyEmbedSessionToken(token);\n if (\n verified.ok &&\n requestMatchesEmbedTarget(event, verified.claims.targetPath)\n ) {\n return true;\n }\n }\n } catch {\n // ignore\n }\n return false;\n}\n\nexport function isEmbedModeRequest(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n return (\n q[EMBED_MODE_QUERY_PARAM] === \"1\" || q[EMBED_MODE_QUERY_PARAM] === \"true\"\n );\n } catch {\n return false;\n }\n}\n"]}
1
+ {"version":3,"file":"embed-session.js","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,OAAO,EACL,SAAS,EACT,SAAS,EACT,QAAQ,EACR,SAAS,EACT,iBAAiB,GAClB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,UAAU,GAAG,4BAA4B,CAAC;AAChD,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,CAAC;AAC1C,MAAM,0BAA0B,GAAG,CAAC,GAAG,EAAE,CAAC;AAC1C,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,0BAA0B,CAAC,CAAC;AAC7D,MAAM,eAAe,GAAG,qBAAqB,CAAC;AAC9C,MAAM,qBAAqB,GAA2B;IACpD,GAAG,EAAE,GAAG;IACR,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,SAAS;IAClB,SAAS,EAAE,YAAY;IACvB,IAAI,EAAE,GAAG;IACT,GAAG,EAAE,MAAM;IACX,SAAS,EAAE,SAAS;IACpB,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,UAAU;IAClB,OAAO,EAAE,UAAU;IACnB,QAAQ,EAAE,WAAW;CACtB,CAAC;AACF,MAAM,mBAAmB,GAA6B;IACpD,YAAY,EAAE,CAAC,2CAA2C,CAAC;IAC3D,aAAa,EAAE,CAAC,2CAA2C,CAAC;IAC5D,UAAU,EAAE,CAAC,2CAA2C,CAAC;IACzD,oBAAoB,EAAE,CAAC,2CAA2C,CAAC;CACpE,CAAC;AAEF,IAAI,YAAuC,CAAC;AAC5C,IAAI,cAAkC,CAAC;AAkDvC,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC;;;;;;;uBAOJ,OAAO,EAAE;uBACT,OAAO,EAAE;wBACR,OAAO,EAAE;;OAE1B,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjB,YAAY,GAAG,SAAS,CAAC;YACzB,MAAM,GAAG,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,MAAM,GACV,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,4BAA4B,CAAC,mBAAmB,CAAC,CAAC;IACpD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,4IAA4I,CAC7I,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,SAAS,eAAe,CAAC,GAAoB;IAC3C,MAAM,CAAC,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACnE,OAAO,CAAC;SACL,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,MAAM,GAAG,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAChE,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,eAAe,CACpB,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CACtE,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACxB,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACvC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAgB;IAC/C,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;IACxC,IAAI,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC;IAC3B,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,GAAG,CAAC;IAClC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC;QACjC,OAAO,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC;IAC5C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,UAAU,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAAgC;IACvD,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACzD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACrD,IACE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QACrB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QACtB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EACrB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,wBAAwB,CAC/B,OAAoB,EACpB,IAA+B;IAE/B,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,QAAQ;QAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,wBAAwB,CAAC,UAAkB;IAClD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,uBAAuB,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,eAAe,EAAE,CAAC;QAC9D,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,EAAE,GAAG,wBAAwB,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAChE,wBAAwB,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAEtC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC;IAClD,IAAI,CAAC,IAAI,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,OAAO,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IAC1D,MAAM,YAAY,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAChD,wBAAwB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAChD,wBAAwB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;IAE/D,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,KAAK,OAAO,IAAI,WAAW,EAAE,CAAC;QACpC,wBAAwB,CACtB,OAAO,EACP,UAAU,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAC5C,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,IAAI,IAAI,KAAK,UAAU,IAAI,UAAU,EAAE,CAAC;QACtC,wBAAwB,CACtB,OAAO,EACP,aAAa,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,KAAK,YAAY,IAAI,WAAW,EAAE,CAAC;QACzC,wBAAwB,CACtB,OAAO,EACP,eAAe,kBAAkB,CAAC,WAAW,CAAC,EAAE,CACjD,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,QAAQ,EAAE,CAAC;QACb,wBAAwB,CACtB,OAAO,EACP,IAAI,KAAK,SAAS;YAChB,CAAC,CAAC,YAAY,kBAAkB,CAAC,QAAQ,CAAC,EAAE;YAC5C,CAAC,CAAC,WAAW,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,IAAI,UAAU,EAAE,CAAC;QACf,wBAAwB,CACtB,OAAO,EACP,SAAS,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/D,IAAI,MAAM,EAAE,CAAC;QACX,wBAAwB,CACtB,OAAO,EACP,IAAI,KAAK,SAAS;YAChB,CAAC,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,UAAU;YAC/C,CAAC,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,IACE,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClD,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACpD,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EACjD,CAAC;QACD,wBAAwB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,IACE,IAAI,KAAK,UAAU;QACnB,CAAC,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAC/C,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EACxD,CAAC;QACD,wBAAwB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,YAAY,IAAI,QAAQ,EAAE,CAAC;QAC7B,wBAAwB,CACtB,OAAO,EACP,GAAG,YAAY,IAAI,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAClD,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,2BAA2B,CAAC,UAAkB;IACrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpB,KAAK,MAAM,WAAW,IAAI,mBAAmB,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,KAAK,MAAM,UAAU,IAAI,wBAAwB,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,eAAe,GAAI,KAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACjE,IAAI,OAAO,eAAe,KAAK,QAAQ,IAAI,eAAe,EAAE,CAAC;QAC3D,OAAO,GAAG,eAAe,GAAI,KAAa,CAAC,GAAG,EAAE,MAAM,IAAI,EAAE,EAAE,CAAC;IACjE,CAAC;IACD,OAAO,CACJ,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG;QAC3B,KAAa,CAAC,GAAG,EAAE,GAA0B;QAC7C,KAAa,CAAC,OAAO,EAAE,GAA0B;QAClD,KAAa,CAAC,IAAI;QAClB,KAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;QAChC,GAAG,CACJ,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,MAAM,GAAG,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;QACtE,OAAO,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAC1C,MAAM,MAAM,GACT,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QAC1D,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QACjD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC;QACvD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,WAAW,EAAE,CAAC,CAAC;IACzE,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QAClD,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,MAAM,GACT,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC;QAC7C,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC;QACpC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC;IAC1C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACtE,IAAI,CAAC;QACH,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAc;IAC5C,IAAI,GAAG,GACJ,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC;QAChD,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC;QACjD,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC;QACvC,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC;QACxC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO;QACzC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ;QAC3C,IAAI,CAAC;IACP,IAAI,CAAC;QACH,GAAG,GAAG,GAAG,IAAI,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,SAAS,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,GAAG,GAAG,IAAI,IAAI,CAAC;IACpB,CAAC;IACD,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAChD,OAAO,gBAAgB,CAAC,GAAG,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACpE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,KAAc,EACd,UAAkB;IAElB,MAAM,OAAO,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;IACxD,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,YAAY,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IACjD,IAAI,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3D,MAAM,cAAc,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;IACrD,OAAO,CAAC,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,GAA8B,EAC9B,aAAsB;IAEtB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,KAAK,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAErD,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;YAC9B,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;gBACxC,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;YACrD,CAAC;YACD,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;YACxC,IACE,IAAI;gBACJ,MAAM,CAAC,QAAQ,KAAK,IAAI;gBACxB,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,EACvC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,GAAG,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAC5D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7C,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACjE,IAAI,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAA8B;IAE9B,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC9E,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9D,IAAI,CAAC,UAAU;QACb,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAEhE,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,0BAA0B,CAAC;IAClE,MAAM,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC;IACvD,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EACD,yCAAyC;YACzC,8FAA8F;YAC9F,iCAAiC;QACnC,IAAI,EAAE;YACJ,UAAU;YACV,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,GAAG;YACH,SAAS;YACT,IAAI;SACL;KACF,CAAC,CAAC;IACH,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiC,EACjC,UAA4C,EAAE;IAE9C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACzC,GAAG,EACD,uFAAuF;YACvF,uDAAuD;QACzD,IAAI,EAAE,CAAC,UAAU,CAAC;KACnB,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,MAAM,GAAG,GAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACnE,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IACzD,IAAI,UAAU,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,SAAS,IAAI,IAAI,IAAI,SAAS,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,OAAO,CAAC,aAAa,IAAI,KAAK,IAAI,KAAK,KAAK,OAAO,CAAC,aAAa,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACvC,GAAG,EACD,wDAAwD;YACxD,+CAA+C;QACjD,IAAI,EAAE,CAAC,GAAG,EAAE,UAAU,CAAC;KACxB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,YAAY,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,UAAU,GAAG,wBAAwB,CACzC,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CACrD,CAAC;IACF,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACxE,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,IAAI,SAAS,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAEjE,OAAO;QACL,UAAU;QACV,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3B,UAAU;QACV,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC;YAC9B,CAAC,CAAC,EAAE,KAAK,EAAE,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;YACzC,CAAC,CAAC,EAAE,CAAC;QACP,SAAS;KACV,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAMrC;IACC,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACrE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,IAAI,yBAAyB,CAAC,CAAC;IACvE,MAAM,MAAM,GAA4B;QACtC,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,UAAU;QACV,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,GAAG;KACf,CAAC;IACF,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,OAAO,GAAG,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,KAAgC;IAEhC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IACD,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;IACnC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;QACnE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IAED,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IAED,IACE,CAAC,MAAM;QACP,MAAM,CAAC,IAAI,KAAK,UAAU;QAC1B,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ;QACrC,CAAC,MAAM,CAAC,UAAU;QAClB,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;QAC9B,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAC5B,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,CAAC,UAAU,GAAG,wBAAwB,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACvE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QACtD,IAAI,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC;QAC1C,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;QACxE,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC;IACjD,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAK1C,OAAO,cAAc,CAAC,KAAK,CAAC;QAC1B,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;QACvD,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAAc,EAAE,KAAa;IACjE,SAAS,CAAC,KAAK,EAAE,oBAAoB,EAAE,KAAK,EAAE;QAC5C,QAAQ,EAAE,IAAI;QACd,GAAG,oBAAoB,CAAC,KAAK,CAAC;QAC9B,GAAG,iBAAiB,EAAE;QACtB,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,yBAAyB;KAClC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC/C,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAChD,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC;IACxB,IAAI,CAAC;QACH,OAAO,CACL,IAAI,GAAG,CACL,mBAAmB,CAAC,KAAK,CAAC,EAC1B,6BAA6B,CAC9B,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,SAAS,CACzD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,KAAc;IAEd,MAAM,UAAU,GAAG;QACjB,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE;QAC7C,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;QAC/C,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;KACpE,CAAC;IACF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,SAAS;QAC3B,IAAI,CAAC,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;YACpD,qBAAqB,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YAC9C,iBAAiB,CAAC,KAAK,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACjC,KAAK,EAAE,SAAS,CAAC,KAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACtC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,KAAc;IACtD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;YAC1D,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;QAC/B,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAC;QAC3D,KAAK,MAAM,KAAK,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;YAChD,IACE,QAAQ,CAAC,EAAE;gBACX,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAC5D,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAc;IAC/C,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,OAAO,CACL,CAAC,CAAC,sBAAsB,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,sBAAsB,CAAC,KAAK,MAAM,CAC1E,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["import crypto from \"node:crypto\";\nimport type { H3Event } from \"h3\";\nimport {\n getCookie,\n getHeader,\n getQuery,\n setCookie,\n setResponseHeader,\n} from \"h3\";\nimport { getDbExec, intType } from \"../db/client.js\";\nimport { getWorkspaceA2ADerivedSecret } from \"./derived-secret.js\";\nimport { getConfiguredAppBasePath } from \"./app-base-path.js\";\nimport {\n EMBED_MODE_QUERY_PARAM,\n EMBED_SESSION_COOKIE,\n EMBED_TARGET_HEADER,\n EMBED_TOKEN_QUERY_PARAM,\n} from \"../shared/embed-auth.js\";\n\nconst TOKEN_KIND = \"agent-native-embed-session\";\nconst DEFAULT_TOKEN_TTL_SECONDS = 60 * 60;\nconst DEFAULT_TICKET_TTL_SECONDS = 5 * 60;\nconst CONTROL_CHARS = new RegExp(\"[\\\\u0000-\\\\u001f\\\\u007f]\");\nconst OPEN_ROUTE_PATH = \"/_agent-native/open\";\nconst OPEN_ROUTE_VIEW_PATHS: Record<string, string> = {\n ask: \"/\",\n calendar: \"/\",\n capture: \"/search\",\n knowledge: \"/knowledge\",\n list: \"/\",\n ops: \"/ops\",\n proposals: \"/review\",\n review: \"/review\",\n search: \"/search\",\n source: \"/sources\",\n sources: \"/sources\",\n settings: \"/settings\",\n};\nconst EMBED_ROUTE_ALIASES: Record<string, string[]> = {\n \"/dashboard\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/dashboards\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/traffic\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/traffic-dashboard\": [\"/adhoc/agent-native-templates-first-party\"],\n};\n\nlet _initPromise: Promise<void> | undefined;\nlet _devSigningKey: string | undefined;\n\nexport interface EmbedSessionTicketInput {\n ownerEmail: string;\n orgId?: string | null;\n targetPath: string;\n scope?: string | null;\n ttlSeconds?: number;\n}\n\nexport interface EmbedSessionTicket {\n ticket: string;\n ticketHash: string;\n expiresAt: number;\n}\n\nexport interface ConsumeEmbedSessionTicketOptions {\n expectedOrgId?: string | null;\n}\n\nexport interface ConsumedEmbedSessionTicket {\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n expiresAt: number;\n}\n\nexport interface EmbedSessionTokenClaims {\n kind: typeof TOKEN_KIND;\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n iat: number;\n exp: number;\n}\n\nexport type VerifyEmbedSessionTokenResult =\n | { ok: true; claims: EmbedSessionTokenClaims }\n | { ok: false; reason: string };\n\nexport type ResolvedEmbedSession = {\n email: string;\n orgId?: string;\n token: string;\n targetPath: string;\n scope?: string;\n};\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS agent_native_embed_tickets (\n ticket_hash TEXT PRIMARY KEY,\n owner_email TEXT NOT NULL,\n org_id TEXT,\n target_path TEXT NOT NULL,\n scope TEXT,\n created_at ${intType()} NOT NULL,\n expires_at ${intType()} NOT NULL,\n consumed_at ${intType()}\n )\n `);\n })().catch((err) => {\n _initPromise = undefined;\n throw err;\n });\n }\n return _initPromise;\n}\n\nfunction getSigningKey(): string {\n const secret =\n process.env.OAUTH_STATE_SECRET ||\n process.env.BETTER_AUTH_SECRET ||\n getWorkspaceA2ADerivedSecret(\"short-lived-token\");\n if (secret) return secret;\n\n if (process.env.NODE_ENV === \"production\") {\n throw new Error(\n \"Embed session signing requires a server secret. Set OAUTH_STATE_SECRET, BETTER_AUTH_SECRET, or A2A_SECRET in production workspace deploys.\",\n );\n }\n\n if (!_devSigningKey) {\n _devSigningKey = crypto.randomBytes(32).toString(\"hex\");\n }\n return _devSigningKey;\n}\n\nfunction base64UrlEncode(buf: Buffer | string): string {\n const b = typeof buf === \"string\" ? Buffer.from(buf, \"utf8\") : buf;\n return b\n .toString(\"base64\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/g, \"\");\n}\n\nfunction base64UrlDecode(input: string): Buffer {\n const padded = input + \"=\".repeat((4 - (input.length % 4)) % 4);\n return Buffer.from(padded.replace(/-/g, \"+\").replace(/_/g, \"/\"), \"base64\");\n}\n\nfunction signPayload(payload: string): string {\n return base64UrlEncode(\n crypto.createHmac(\"sha256\", getSigningKey()).update(payload).digest(),\n );\n}\n\nfunction hashTicket(ticket: string): string {\n return crypto.createHash(\"sha256\").update(ticket).digest(\"hex\");\n}\n\nfunction numberOrNull(value: unknown): number | null {\n if (value == null) return null;\n const n = Number(value);\n return Number.isFinite(n) ? n : null;\n}\n\nfunction stringOrUndefined(value: unknown): string | undefined {\n return typeof value === \"string\" && value ? value : undefined;\n}\n\nfunction stripConfiguredBasePath(pathname: string): string {\n const base = getConfiguredAppBasePath();\n if (!base) return pathname;\n if (pathname === base) return \"/\";\n if (pathname.startsWith(`${base}/`))\n return pathname.slice(base.length) || \"/\";\n return pathname;\n}\n\nfunction pathnameFromPath(path: string): string | null {\n const normalized = normalizeEmbedTargetPath(path);\n if (!normalized) return null;\n try {\n return new URL(normalized, \"http://agent-native.invalid\").pathname;\n } catch {\n return null;\n }\n}\n\nfunction safePathSegment(value: string | null | undefined): string | null {\n const segment = value?.trim();\n if (!segment || CONTROL_CHARS.test(segment)) return null;\n if (segment === \".\" || segment === \"..\") return null;\n if (\n segment.includes(\"/\") ||\n segment.includes(\"\\\\\") ||\n segment.includes(\"?\")\n ) {\n return null;\n }\n if (segment.includes(\"#\")) return null;\n return segment;\n}\n\nfunction addResolvedOpenRoutePath(\n targets: Set<string>,\n path: string | null | undefined,\n): void {\n if (!path) return;\n const pathname = pathnameFromPath(path);\n if (pathname) targets.add(pathname);\n}\n\nfunction openRouteTargetPathnames(targetPath: string): Set<string> {\n const targets = new Set<string>();\n let url: URL;\n try {\n url = new URL(targetPath, \"http://agent-native.invalid\");\n } catch {\n return targets;\n }\n if (stripConfiguredBasePath(url.pathname) !== OPEN_ROUTE_PATH) {\n return targets;\n }\n\n const to = normalizeEmbedTargetPath(url.searchParams.get(\"to\"));\n addResolvedOpenRoutePath(targets, to);\n\n const view = url.searchParams.get(\"view\")?.trim();\n if (!view || CONTROL_CHARS.test(view)) return targets;\n const viewPath = view.startsWith(\"/\") ? view : `/${view}`;\n const viewPathname = pathnameFromPath(viewPath);\n addResolvedOpenRoutePath(targets, viewPathname);\n addResolvedOpenRoutePath(targets, OPEN_ROUTE_VIEW_PATHS[view]);\n\n const dashboardId = safePathSegment(url.searchParams.get(\"dashboardId\"));\n if (view === \"adhoc\" && dashboardId) {\n addResolvedOpenRoutePath(\n targets,\n `/adhoc/${encodeURIComponent(dashboardId)}`,\n );\n }\n const analysisId = safePathSegment(url.searchParams.get(\"analysisId\"));\n if (view === \"analyses\" && analysisId) {\n addResolvedOpenRoutePath(\n targets,\n `/analyses/${encodeURIComponent(analysisId)}`,\n );\n }\n const extensionId = safePathSegment(url.searchParams.get(\"extensionId\"));\n if (view === \"extensions\" && extensionId) {\n addResolvedOpenRoutePath(\n targets,\n `/extensions/${encodeURIComponent(extensionId)}`,\n );\n }\n const designId = safePathSegment(url.searchParams.get(\"designId\"));\n if (designId) {\n addResolvedOpenRoutePath(\n targets,\n view === \"present\"\n ? `/present/${encodeURIComponent(designId)}`\n : `/design/${encodeURIComponent(designId)}`,\n );\n }\n const documentId = safePathSegment(url.searchParams.get(\"documentId\"));\n if (documentId) {\n addResolvedOpenRoutePath(\n targets,\n `/page/${encodeURIComponent(documentId)}`,\n );\n }\n const deckId = safePathSegment(url.searchParams.get(\"deckId\"));\n if (deckId) {\n addResolvedOpenRoutePath(\n targets,\n view === \"present\"\n ? `/deck/${encodeURIComponent(deckId)}/present`\n : `/deck/${encodeURIComponent(deckId)}`,\n );\n }\n if (\n safePathSegment(url.searchParams.get(\"captureId\")) ||\n safePathSegment(url.searchParams.get(\"knowledgeId\")) ||\n safePathSegment(url.searchParams.get(\"sourceId\"))\n ) {\n addResolvedOpenRoutePath(targets, OPEN_ROUTE_VIEW_PATHS[view]);\n }\n if (\n view === \"calendar\" &&\n (safePathSegment(url.searchParams.get(\"eventId\")) ||\n safePathSegment(url.searchParams.get(\"eventDraftId\")))\n ) {\n addResolvedOpenRoutePath(targets, \"/\");\n }\n const threadId = safePathSegment(url.searchParams.get(\"threadId\"));\n if (viewPathname && threadId) {\n addResolvedOpenRoutePath(\n targets,\n `${viewPathname}/${encodeURIComponent(threadId)}`,\n );\n }\n\n return targets;\n}\n\nfunction allowedEmbedTargetPathnames(targetPath: string): Set<string> {\n const allowed = new Set<string>();\n const direct = pathnameFromPath(targetPath);\n if (direct) {\n allowed.add(direct);\n for (const aliasTarget of EMBED_ROUTE_ALIASES[direct] ?? []) {\n allowed.add(aliasTarget);\n }\n }\n for (const openTarget of openRouteTargetPathnames(targetPath)) {\n allowed.add(openTarget);\n }\n return allowed;\n}\n\nfunction requestUrlFromEvent(event: H3Event): string {\n const mountedPathname = (event as any).context?._mountedPathname;\n if (typeof mountedPathname === \"string\" && mountedPathname) {\n return `${mountedPathname}${(event as any).url?.search ?? \"\"}`;\n }\n return (\n (event as any).node?.req?.url ??\n ((event as any).req?.url as string | undefined) ??\n ((event as any).request?.url as string | undefined) ??\n (event as any).path ??\n (event as any).url?.toString?.() ??\n \"/\"\n );\n}\n\nfunction requestPathname(event: H3Event): string | null {\n const raw = requestUrlFromEvent(event);\n try {\n const pathname = new URL(raw, \"http://agent-native.invalid\").pathname;\n return stripConfiguredBasePath(pathname);\n } catch {\n return null;\n }\n}\n\nfunction headerTargetPathname(event: H3Event): string | null {\n const direct =\n (event as any).request?.headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER] ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER.toLowerCase()];\n if (typeof direct === \"string\") return pathnameFromPath(direct);\n try {\n const raw = getHeader(event, EMBED_TARGET_HEADER);\n return typeof raw === \"string\" ? pathnameFromPath(raw) : null;\n } catch {\n return null;\n }\n}\n\nfunction requestHost(event: H3Event): string | null {\n const direct =\n (event as any).request?.headers?.get?.(\"host\") ??\n (event as any).headers?.get?.(\"host\") ??\n (event as any).node?.req?.headers?.host;\n if (typeof direct === \"string\" && direct.trim()) return direct.trim();\n try {\n return getHeader(event, \"host\") ?? null;\n } catch {\n return null;\n }\n}\n\nfunction referrerTargetPathname(event: H3Event): string | null {\n let raw: string | null =\n (event as any).request?.headers?.get?.(\"referer\") ??\n (event as any).request?.headers?.get?.(\"referrer\") ??\n (event as any).headers?.get?.(\"referer\") ??\n (event as any).headers?.get?.(\"referrer\") ??\n (event as any).node?.req?.headers?.referer ??\n (event as any).node?.req?.headers?.referrer ??\n null;\n try {\n raw = raw ?? getHeader(event, \"referer\") ?? getHeader(event, \"referrer\");\n } catch {\n raw = raw ?? null;\n }\n if (!raw) return null;\n try {\n const referrer = new URL(raw);\n const host = requestHost(event);\n if (host && referrer.host !== host) return null;\n return pathnameFromPath(`${referrer.pathname}${referrer.search}`);\n } catch {\n return pathnameFromPath(raw);\n }\n}\n\nexport function requestMatchesEmbedTarget(\n event: H3Event,\n targetPath: string,\n): boolean {\n const allowed = allowedEmbedTargetPathnames(targetPath);\n if (allowed.size === 0) return false;\n\n const current = requestPathname(event);\n if (current && allowed.has(current)) return true;\n\n const headerTarget = headerTargetPathname(event);\n if (headerTarget && allowed.has(headerTarget)) return true;\n\n const referrerTarget = referrerTargetPathname(event);\n return !!referrerTarget && allowed.has(referrerTarget);\n}\n\nexport function normalizeEmbedTargetPath(\n raw: string | undefined | null,\n requestOrigin?: string,\n): string | null {\n const value = String(raw ?? \"\").trim();\n if (!value || CONTROL_CHARS.test(value)) return null;\n\n let path = value;\n try {\n if (/^[a-z][a-z0-9+.-]*:\\/\\//i.test(value)) {\n const parsed = new URL(value);\n if (requestOrigin) {\n const expected = new URL(requestOrigin);\n if (parsed.origin !== expected.origin) return null;\n }\n const base = getConfiguredAppBasePath();\n if (\n base &&\n parsed.pathname !== base &&\n !parsed.pathname.startsWith(`${base}/`)\n ) {\n return null;\n }\n path = `${parsed.pathname}${parsed.search}${parsed.hash}`;\n }\n } catch {\n return null;\n }\n\n if (!path.startsWith(\"/\")) path = `/${path}`;\n if (path.startsWith(\"//\") || path.startsWith(\"/\\\\\")) return null;\n if (/^\\/[a-z][a-z0-9+.-]*:/i.test(path)) return null;\n return stripConfiguredBasePath(path);\n}\n\nexport async function createEmbedSessionTicket(\n input: EmbedSessionTicketInput,\n): Promise<EmbedSessionTicket> {\n const ownerEmail = input.ownerEmail.trim();\n if (!ownerEmail) throw new Error(\"Embed session ticket requires ownerEmail.\");\n const targetPath = normalizeEmbedTargetPath(input.targetPath);\n if (!targetPath)\n throw new Error(\"Embed session ticket requires a safe path.\");\n\n await ensureTable();\n const ticket = crypto.randomBytes(32).toString(\"base64url\");\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const ttlSeconds = input.ttlSeconds ?? DEFAULT_TICKET_TTL_SECONDS;\n const expiresAt = now + Math.max(1, ttlSeconds) * 1000;\n await getDbExec().execute({\n sql:\n \"INSERT INTO agent_native_embed_tickets \" +\n \"(ticket_hash, owner_email, org_id, target_path, scope, created_at, expires_at, consumed_at) \" +\n \"VALUES (?, ?, ?, ?, ?, ?, ?, ?)\",\n args: [\n ticketHash,\n ownerEmail,\n input.orgId ?? null,\n targetPath,\n input.scope ?? null,\n now,\n expiresAt,\n null,\n ],\n });\n return { ticket, ticketHash, expiresAt };\n}\n\nexport async function consumeEmbedSessionTicket(\n ticket: string | undefined | null,\n options: ConsumeEmbedSessionTicketOptions = {},\n): Promise<ConsumedEmbedSessionTicket | null> {\n if (!ticket) return null;\n await ensureTable();\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const { rows } = await getDbExec().execute({\n sql:\n \"SELECT ticket_hash, owner_email, org_id, target_path, scope, expires_at, consumed_at \" +\n \"FROM agent_native_embed_tickets WHERE ticket_hash = ?\",\n args: [ticketHash],\n });\n if (rows.length === 0) return null;\n const row: any = rows[0];\n const expiresAt = numberOrNull(row.expires_at ?? row.expiresAt);\n const consumedAt = numberOrNull(row.consumed_at ?? row.consumedAt);\n const orgId = stringOrUndefined(row.org_id ?? row.orgId);\n if (consumedAt != null) return null;\n if (expiresAt != null && expiresAt < now) return null;\n if (options.expectedOrgId && orgId && orgId !== options.expectedOrgId) {\n return null;\n }\n\n const result = await getDbExec().execute({\n sql:\n \"UPDATE agent_native_embed_tickets SET consumed_at = ? \" +\n \"WHERE ticket_hash = ? AND consumed_at IS NULL\",\n args: [now, ticketHash],\n });\n if (result.rowsAffected === 0) return null;\n\n const targetPath = normalizeEmbedTargetPath(\n stringOrUndefined(row.target_path ?? row.targetPath),\n );\n const ownerEmail = stringOrUndefined(row.owner_email ?? row.ownerEmail);\n if (!targetPath || !ownerEmail || expiresAt == null) return null;\n\n return {\n ownerEmail,\n ...(orgId ? { orgId } : {}),\n targetPath,\n ...(stringOrUndefined(row.scope)\n ? { scope: stringOrUndefined(row.scope) }\n : {}),\n expiresAt,\n };\n}\n\nexport function signEmbedSessionToken(input: {\n ownerEmail: string;\n orgId?: string | null;\n targetPath: string;\n scope?: string | null;\n ttlSeconds?: number;\n}): string {\n const targetPath = normalizeEmbedTargetPath(input.targetPath) ?? \"/\";\n const now = Math.floor(Date.now() / 1000);\n const ttl = Math.max(1, input.ttlSeconds ?? DEFAULT_TOKEN_TTL_SECONDS);\n const claims: EmbedSessionTokenClaims = {\n kind: TOKEN_KIND,\n ownerEmail: input.ownerEmail,\n targetPath,\n iat: now,\n exp: now + ttl,\n };\n if (input.orgId) claims.orgId = input.orgId;\n if (input.scope) claims.scope = input.scope;\n const payload = base64UrlEncode(JSON.stringify(claims));\n return `${payload}.${signPayload(payload)}`;\n}\n\nexport function verifyEmbedSessionToken(\n token: string | undefined | null,\n): VerifyEmbedSessionTokenResult {\n if (!token || typeof token !== \"string\") {\n return { ok: false, reason: \"missing\" };\n }\n const parts = token.split(\".\");\n if (parts.length !== 2 || !parts[0] || !parts[1]) {\n return { ok: false, reason: \"shape\" };\n }\n const [payload, signature] = parts;\n const expected = signPayload(payload);\n const sig = Buffer.from(signature);\n const exp = Buffer.from(expected);\n if (sig.length !== exp.length || !crypto.timingSafeEqual(sig, exp)) {\n return { ok: false, reason: \"signature\" };\n }\n\n let claims: EmbedSessionTokenClaims;\n try {\n claims = JSON.parse(base64UrlDecode(payload).toString(\"utf8\"));\n } catch {\n return { ok: false, reason: \"payload\" };\n }\n\n if (\n !claims ||\n claims.kind !== TOKEN_KIND ||\n typeof claims.ownerEmail !== \"string\" ||\n !claims.ownerEmail ||\n typeof claims.exp !== \"number\" ||\n !Number.isFinite(claims.exp)\n ) {\n return { ok: false, reason: \"claims\" };\n }\n if (claims.exp < Math.floor(Date.now() / 1000)) {\n return { ok: false, reason: \"expired\" };\n }\n claims.targetPath = normalizeEmbedTargetPath(claims.targetPath) ?? \"/\";\n return { ok: true, claims };\n}\n\nfunction isHttpsRequest(event: H3Event): boolean {\n try {\n const xfProto = getHeader(event, \"x-forwarded-proto\");\n if (xfProto && String(xfProto).split(\",\")[0].trim() === \"https\") {\n return true;\n }\n const url = event.url?.toString?.() ?? \"\";\n if (url.startsWith(\"https://\")) return true;\n const appUrl = process.env.APP_URL || process.env.BETTER_AUTH_URL || \"\";\n if (appUrl.startsWith(\"https://\")) return true;\n } catch {\n // ignore\n }\n return false;\n}\n\nfunction cookieDomainAttrs(): { domain?: string } {\n const domain = process.env.COOKIE_DOMAIN?.trim();\n return domain ? { domain } : {};\n}\n\nfunction crossSiteCookieAttrs(event: H3Event): {\n sameSite: \"lax\" | \"none\";\n secure: boolean;\n partitioned?: boolean;\n} {\n return isHttpsRequest(event)\n ? { sameSite: \"none\", secure: true, partitioned: true }\n : { sameSite: \"lax\", secure: false };\n}\n\nexport function setEmbedSessionCookie(event: H3Event, token: string): void {\n setCookie(event, EMBED_SESSION_COOKIE, token, {\n httpOnly: true,\n ...crossSiteCookieAttrs(event),\n ...cookieDomainAttrs(),\n path: \"/\",\n maxAge: DEFAULT_TOKEN_TTL_SECONDS,\n });\n}\n\nfunction bearerToken(event: H3Event): string | undefined {\n const auth = getHeader(event, \"authorization\");\n if (!auth) return undefined;\n const match = /^Bearer\\s+(.+)$/i.exec(String(auth).trim());\n return match?.[1]?.trim();\n}\n\nfunction queryToken(event: H3Event): string | undefined {\n const raw = getQuery(event)?.[EMBED_TOKEN_QUERY_PARAM];\n const value = Array.isArray(raw) ? raw[0] : raw;\n if (value) return value;\n try {\n return (\n new URL(\n requestUrlFromEvent(event),\n \"http://agent-native.invalid\",\n ).searchParams.get(EMBED_TOKEN_QUERY_PARAM) ?? undefined\n );\n } catch {\n return undefined;\n }\n}\n\nexport async function resolveEmbedSessionFromRequest(\n event: H3Event,\n): Promise<ResolvedEmbedSession | null> {\n const candidates = [\n { token: queryToken(event), source: \"query\" },\n { token: bearerToken(event), source: \"bearer\" },\n { token: getCookie(event, EMBED_SESSION_COOKIE), source: \"cookie\" },\n ];\n for (const candidate of candidates) {\n const verified = verifyEmbedSessionToken(candidate.token);\n if (!verified.ok) continue;\n if (!requestMatchesEmbedTarget(event, verified.claims.targetPath)) {\n continue;\n }\n if (candidate.source === \"query\" && candidate.token) {\n setEmbedSessionCookie(event, candidate.token);\n setResponseHeader(event, \"Referrer-Policy\", \"no-referrer\");\n }\n return {\n email: verified.claims.ownerEmail,\n token: candidate.token!,\n targetPath: verified.claims.targetPath,\n ...(verified.claims.orgId ? { orgId: verified.claims.orgId } : {}),\n ...(verified.claims.scope ? { scope: verified.claims.scope } : {}),\n };\n }\n return null;\n}\n\nexport function requestHasEmbedAuthMarker(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n const queryToken = Array.isArray(q[EMBED_TOKEN_QUERY_PARAM])\n ? q[EMBED_TOKEN_QUERY_PARAM][0]\n : q[EMBED_TOKEN_QUERY_PARAM];\n const cookieToken = getCookie(event, EMBED_SESSION_COOKIE);\n for (const token of [queryToken, cookieToken]) {\n const verified = verifyEmbedSessionToken(token);\n if (\n verified.ok &&\n requestMatchesEmbedTarget(event, verified.claims.targetPath)\n ) {\n return true;\n }\n }\n } catch {\n // ignore\n }\n return false;\n}\n\nexport function isEmbedModeRequest(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n return (\n q[EMBED_MODE_QUERY_PARAM] === \"1\" || q[EMBED_MODE_QUERY_PARAM] === \"true\"\n );\n } catch {\n return false;\n }\n}\n"]}
package/dist/shared/embed-auth.d.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  export declare const EMBED_START_PATH = "/_agent-native/embed/start";
2
2
  export declare const EMBED_TOKEN_QUERY_PARAM = "__an_embed_token";
3
3
  export declare const EMBED_MODE_QUERY_PARAM = "embedded";
4
+ export declare const MCP_APP_CHAT_BRIDGE_QUERY_PARAM = "__an_mcp_chat_bridge";
4
5
  export declare const EMBED_SESSION_COOKIE = "an_embed_session";
5
6
  export declare const EMBED_TARGET_HEADER = "x-agent-native-embed-target";
6
7
  //# sourceMappingURL=embed-auth.d.ts.map
package/dist/shared/embed-auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"embed-auth.d.ts","sourceRoot":"","sources":["../../src/shared/embed-auth.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,gBAAgB,+BAA+B,CAAC;AAC7D,eAAO,MAAM,uBAAuB,qBAAqB,CAAC;AAC1D,eAAO,MAAM,sBAAsB,aAAa,CAAC;AACjD,eAAO,MAAM,oBAAoB,qBAAqB,CAAC;AACvD,eAAO,MAAM,mBAAmB,gCAAgC,CAAC"}
1
+ {"version":3,"file":"embed-auth.d.ts","sourceRoot":"","sources":["../../src/shared/embed-auth.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,gBAAgB,+BAA+B,CAAC;AAC7D,eAAO,MAAM,uBAAuB,qBAAqB,CAAC;AAC1D,eAAO,MAAM,sBAAsB,aAAa,CAAC;AACjD,eAAO,MAAM,+BAA+B,yBAAyB,CAAC;AACtE,eAAO,MAAM,oBAAoB,qBAAqB,CAAC;AACvD,eAAO,MAAM,mBAAmB,gCAAgC,CAAC"}
package/dist/shared/embed-auth.js CHANGED
@@ -1,6 +1,7 @@
1
1
  export const EMBED_START_PATH = "/_agent-native/embed/start";
2
2
  export const EMBED_TOKEN_QUERY_PARAM = "__an_embed_token";
3
3
  export const EMBED_MODE_QUERY_PARAM = "embedded";
4
+ export const MCP_APP_CHAT_BRIDGE_QUERY_PARAM = "__an_mcp_chat_bridge";
4
5
  export const EMBED_SESSION_COOKIE = "an_embed_session";
5
6
  export const EMBED_TARGET_HEADER = "x-agent-native-embed-target";
6
7
  //# sourceMappingURL=embed-auth.js.map
package/dist/shared/embed-auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"embed-auth.js","sourceRoot":"","sources":["../../src/shared/embed-auth.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,gBAAgB,GAAG,4BAA4B,CAAC;AAC7D,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CAAC;AAC1D,MAAM,CAAC,MAAM,sBAAsB,GAAG,UAAU,CAAC;AACjD,MAAM,CAAC,MAAM,oBAAoB,GAAG,kBAAkB,CAAC;AACvD,MAAM,CAAC,MAAM,mBAAmB,GAAG,6BAA6B,CAAC","sourcesContent":["export const EMBED_START_PATH = \"/_agent-native/embed/start\";\nexport const EMBED_TOKEN_QUERY_PARAM = \"__an_embed_token\";\nexport const EMBED_MODE_QUERY_PARAM = \"embedded\";\nexport const EMBED_SESSION_COOKIE = \"an_embed_session\";\nexport const EMBED_TARGET_HEADER = \"x-agent-native-embed-target\";\n"]}
1
+ {"version":3,"file":"embed-auth.js","sourceRoot":"","sources":["../../src/shared/embed-auth.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,gBAAgB,GAAG,4BAA4B,CAAC;AAC7D,MAAM,CAAC,MAAM,uBAAuB,GAAG,kBAAkB,CAAC;AAC1D,MAAM,CAAC,MAAM,sBAAsB,GAAG,UAAU,CAAC;AACjD,MAAM,CAAC,MAAM,+BAA+B,GAAG,sBAAsB,CAAC;AACtE,MAAM,CAAC,MAAM,oBAAoB,GAAG,kBAAkB,CAAC;AACvD,MAAM,CAAC,MAAM,mBAAmB,GAAG,6BAA6B,CAAC","sourcesContent":["export const EMBED_START_PATH = \"/_agent-native/embed/start\";\nexport const EMBED_TOKEN_QUERY_PARAM = \"__an_embed_token\";\nexport const EMBED_MODE_QUERY_PARAM = \"embedded\";\nexport const MCP_APP_CHAT_BRIDGE_QUERY_PARAM = \"__an_mcp_chat_bridge\";\nexport const EMBED_SESSION_COOKIE = \"an_embed_session\";\nexport const EMBED_TARGET_HEADER = \"x-agent-native-embed-target\";\n"]}
package/dist/vite/client.d.ts CHANGED
@@ -12,6 +12,8 @@ export interface NitroOptions {
12
12
  export interface ClientConfigOptions {
13
13
  /** Port for dev server. Default: 8080 */
14
14
  port?: number;
15
+ /** Additional hostnames allowed to access the dev server. */
16
+ allowedHosts?: NonNullable<NonNullable<UserConfig["server"]>["allowedHosts"]>;
15
17
  /** Vite log level. Workspace child apps default to "warn" so only the gateway URL is advertised. */
16
18
  logLevel?: UserConfig["logLevel"];
17
19
  /** Additional Vite plugins */
package/dist/vite/client.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/vite/client.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAU,UAAU,EAAE,MAAM,MAAM,CAAC;AA6Y/C,MAAM,WAAW,YAAY;IAC3B,sGAAsG;IACtG,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6DAA6D;IAC7D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4CAA4C;IAC5C,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,yCAAyC;IACzC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oGAAoG;IACpG,QAAQ,CAAC,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC;IAClC,8BAA8B;IAC9B,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC;IAChB,iDAAiD;IACjD,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,kCAAkC;IAClC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,iDAAiD;IACjD,YAAY,CAAC,EAAE,WAAW,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;IACvD;;;;OAIG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB;;;;;;;;;;;;;;OAcG;IACH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB;;;;;;;;OAQG;IACH,WAAW,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjD;AAqMD,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,IAAI,EAAE,MAAM,GAAG,SAAS,GACvB,MAAM,GAAG,SAAS,CAMpB;AAED,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,GAAG,SAAS,GACvB,OAAO,CAWT;AA6KD;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,OAAO,GAAE,mBAAwB,GAAG,UAAU,CAsP1E"}
1
+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/vite/client.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAU,UAAU,EAAE,MAAM,MAAM,CAAC;AA6Y/C,MAAM,WAAW,YAAY;IAC3B,sGAAsG;IACtG,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6DAA6D;IAC7D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4CAA4C;IAC5C,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,yCAAyC;IACzC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6DAA6D;IAC7D,YAAY,CAAC,EAAE,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;IAC9E,oGAAoG;IACpG,QAAQ,CAAC,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC;IAClC,8BAA8B;IAC9B,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC;IAChB,iDAAiD;IACjD,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,kCAAkC;IAClC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,iDAAiD;IACjD,YAAY,CAAC,EAAE,WAAW,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;IACvD;;;;OAIG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB;;;;;;;;;;;;;;OAcG;IACH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB;;;;;;;;OAQG;IACH,WAAW,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjD;AAqMD,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,IAAI,EAAE,MAAM,GAAG,SAAS,GACvB,MAAM,GAAG,SAAS,CAMpB;AAED,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,GAAG,SAAS,GACvB,OAAO,CAWT;AA6KD;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,OAAO,GAAE,mBAAwB,GAAG,UAAU,CA2P1E"}
package/dist/vite/client.js CHANGED
@@ -769,6 +769,11 @@ export function defineConfig(options = {}) {
769
769
  server: {
770
770
  host: "::",
771
771
  port: options.port ?? 8080,
772
+ allowedHosts: options.allowedHosts ?? [
773
+ ".ngrok-free.dev",
774
+ ".ngrok-free.app",
775
+ ".ngrok.io",
776
+ ],
772
777
  fs: {
773
778
  allow: [
774
779
  ".",