@agent-native/core 0.22.36 → 0.22.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/cli/workspace-dev.d.ts +26 -0
  2. package/dist/cli/workspace-dev.d.ts.map +1 -1
  3. package/dist/cli/workspace-dev.js +111 -1
  4. package/dist/cli/workspace-dev.js.map +1 -1
  5. package/dist/client/embed-auth.d.ts.map +1 -1
  6. package/dist/client/embed-auth.js +19 -3
  7. package/dist/client/embed-auth.js.map +1 -1
  8. package/dist/mcp/build-server.d.ts.map +1 -1
  9. package/dist/mcp/build-server.js +81 -10
  10. package/dist/mcp/build-server.js.map +1 -1
  11. package/dist/mcp/embed-app.d.ts.map +1 -1
  12. package/dist/mcp/embed-app.js +9 -6
  13. package/dist/mcp/embed-app.js.map +1 -1
  14. package/dist/server/deep-link.d.ts +0 -2
  15. package/dist/server/deep-link.d.ts.map +1 -1
  16. package/dist/server/deep-link.js +0 -2
  17. package/dist/server/deep-link.js.map +1 -1
  18. package/dist/server/embed-session.d.ts.map +1 -1
  19. package/dist/server/embed-session.js +4 -0
  20. package/dist/server/embed-session.js.map +1 -1
  21. package/package.json +1 -1
package/dist/mcp/embed-app.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"embed-app.js","sourceRoot":"","sources":["../../src/mcp/embed-app.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,+BAA+B,EAAE,MAAM,yBAAyB,CAAC;AAE1E,MAAM,cAAc,GAClB,mEAAmE,CAAC;AAEtE,MAAM,CAAC,MAAM,iCAAiC,GAAG,gBAAgB,CAAC;AAClE,MAAM,6BAA6B,GAAG,EAAE,CAAC;AACzC,MAAM,CAAC,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAChD,MAAM,CAAC,MAAM,+BAA+B,GAC1C,4BAA4B,GAAG,6BAA6B,CAAC;AAa/D,SAAS,IAAI,CAAC,KAAyB;IACrC,OAAO,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,QAAQ,CACtB,UAA2B,EAAE;IAE7B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC;IAC1C,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,kBAAkB,CAAC;IAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,aAAa,CAAC;IACrD,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,sBAAsB,CAAC;IACtE,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,KAAK,KAAK,CAAC;IACxD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CACrB,GAAG,EACH,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,IAAI,4BAA4B,CAAC,CAC9D,CAAC;IACF,MAAM,cAAc,GAAG,MAAM,GAAG,6BAA6B,CAAC;IAC9D,MAAM,YAAY,GAAG;QACnB,iCAAiC;QACjC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;KAChC,CAAC;IAEF,OAAO;QACL,KAAK;QACL,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpE,IAAI,EAAE,GAAG,EAAE,CAAC;;;;;;8MAM8L,MAAM,uCAAuC,cAAc;;;;;;;;;;;;;;;;;;;;oBAoBrP,IAAI,CAAC,KAAK,CAAC;uBACR,IAAI,CAAC,WAAW,CAAC;qBACnB,IAAI,CAAC,SAAS,CAAC;qBACf,IAAI,CAAC,aAAa,CAAC;wBAChB,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;;;;4CAIN,IAAI,CAAC,KAAK,CAAC;;;mDAGJ,IAAI,CAAC,SAAS,CAAC;;;;;;;;;;;;;;;8BAepC,IAAI,CAAC,SAAS,CAAC,+BAA+B,CAAC;qCACxC,MAAM;2BAChB,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sCA++BlB,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAkC5C;QACJ,GAAG,EAAE;YACH,cAAc,EAAE;gBACd,gBAAgB;gBAChB,iCAAiC;gBACjC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;aAChC;YACD,eAAe,EAAE;gBACf,gBAAgB;gBAChB,iCAAiC;gBACjC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;aAChC;YACD,cAAc,EAAE,CAAC,iCAAiC,CAAC;YACnD,YAAY;SACb;QACD,aAAa,EAAE,KAAK;KACrB,CAAC;AACJ,CAAC","sourcesContent":["import type { ActionMcpAppResourceConfig } from \"../action.js\";\nimport { MCP_APP_CHAT_BRIDGE_QUERY_PARAM } from \"../shared/embed-auth.js\";\n\nconst MCP_APP_IMPORT =\n \"https://esm.sh/@modelcontextprotocol/ext-apps@1.7.2/app-with-deps\";\n\nexport const MCP_APP_REQUEST_ORIGIN_CSP_SOURCE = \"$requestOrigin\";\nconst MCP_APP_WRAPPER_CHROME_HEIGHT = 44;\nexport const DEFAULT_MCP_APP_SHELL_HEIGHT = 560;\nexport const DEFAULT_MCP_APP_VIEWPORT_HEIGHT =\n DEFAULT_MCP_APP_SHELL_HEIGHT - MCP_APP_WRAPPER_CHROME_HEIGHT;\n\nexport interface EmbedAppOptions {\n title?: string;\n description?: string;\n iframeTitle?: string;\n openLabel?: string;\n embedByDefault?: boolean;\n startToolName?: string;\n frameDomains?: string[];\n height?: number;\n}\n\nfunction attr(value: string | undefined): string {\n return String(value ?? \"\")\n .replace(/&/g, \"&amp;\")\n .replace(/\"/g, \"&quot;\")\n .replace(/</g, \"&lt;\")\n .replace(/>/g, \"&gt;\");\n}\n\nexport function embedApp(\n options: EmbedAppOptions = {},\n): ActionMcpAppResourceConfig {\n const title = options.title ?? \"Open app\";\n const iframeTitle = options.iframeTitle ?? \"Agent Native app\";\n const openLabel = options.openLabel ?? \"Open in app\";\n const startToolName = options.startToolName ?? \"create_embed_session\";\n const embedByDefault = options.embedByDefault !== false;\n const height = Math.max(\n 320,\n Math.min(900, options.height ?? DEFAULT_MCP_APP_SHELL_HEIGHT),\n );\n const viewportHeight = height - MCP_APP_WRAPPER_CHROME_HEIGHT;\n const frameDomains = [\n MCP_APP_REQUEST_ORIGIN_CSP_SOURCE,\n ...(options.frameDomains ?? []),\n ];\n\n return {\n title,\n ...(options.description ? { description: options.description } : {}),\n html: () => `<!doctype html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <style>\n :root { color-scheme: light dark; font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif; background: Canvas; color: CanvasText; --agent-native-shell-height: ${height}px; --agent-native-viewport-height: ${viewportHeight}px; }\n * { box-sizing: border-box; }\n body { margin: 0; }\n .shell { display: grid; gap: 8px; min-height: var(--agent-native-shell-height); padding: 0; }\n .bar { display: flex; align-items: center; justify-content: space-between; gap: 8px; min-height: 36px; padding: 6px 8px; border-bottom: 1px solid color-mix(in srgb, CanvasText 12%, Canvas); }\n .title { min-width: 0; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; font-size: 12px; font-weight: 700; color: color-mix(in srgb, CanvasText 72%, Canvas); }\n .actions { display: flex; align-items: center; gap: 6px; }\n button { min-height: 28px; border: 1px solid color-mix(in srgb, CanvasText 14%, Canvas); border-radius: 7px; background: Canvas; color: CanvasText; cursor: pointer; font: inherit; font-size: 12px; font-weight: 700; padding: 0 9px; }\n button:disabled { opacity: .55; cursor: default; }\n .stage { position: relative; min-height: var(--agent-native-viewport-height); }\n iframe { display: block; width: 100%; height: var(--agent-native-viewport-height); border: 0; background: Canvas; }\n .message { display: grid; place-items: center; min-height: var(--agent-native-viewport-height); padding: 18px; color: color-mix(in srgb, CanvasText 62%, Canvas); font-size: 13px; line-height: 1.45; text-align: center; }\n .fallback { display: grid; align-content: center; justify-items: center; gap: 12px; min-height: var(--agent-native-viewport-height); padding: 24px; background: Canvas; color: CanvasText; text-align: center; }\n .fallback-title { max-width: 440px; font-size: 14px; font-weight: 700; }\n .fallback-copy { max-width: 520px; color: color-mix(in srgb, CanvasText 64%, Canvas); font-size: 13px; line-height: 1.45; }\n .fallback-actions { display: flex; flex-wrap: wrap; align-items: center; justify-content: center; gap: 8px; }\n .fallback-url { max-width: min(560px, 100%); overflow-wrap: anywhere; color: color-mix(in srgb, CanvasText 76%, Canvas); font-size: 12px; }\n </style>\n</head>\n<body\n data-app-title=\"${attr(title)}\"\n data-iframe-title=\"${attr(iframeTitle)}\"\n data-open-label=\"${attr(openLabel)}\"\n data-start-tool=\"${attr(startToolName)}\"\n data-embed-default=\"${embedByDefault ? \"1\" : \"0\"}\"\n>\n <main class=\"shell\">\n <div class=\"bar\">\n <div class=\"title\" data-title-label>${attr(title)}</div>\n <div class=\"actions\">\n <button type=\"button\" data-display hidden disabled>Fullscreen</button>\n <button type=\"button\" data-open disabled>${attr(openLabel)}</button>\n </div>\n </div>\n <section class=\"stage\" data-stage>\n <div class=\"message\">Preparing app</div>\n </section>\n </main>\n <script type=\"module\">\n const body = document.body;\n const stage = document.querySelector(\"[data-stage]\");\n const titleEl = document.querySelector(\"[data-title-label]\");\n const openButton = document.querySelector(\"[data-open]\");\n const displayButton = document.querySelector(\"[data-display]\");\n const startTool = body.dataset.startTool || \"create_embed_session\";\n const embedByDefault = body.dataset.embedDefault !== \"0\";\n const chatBridgeParam = ${JSON.stringify(MCP_APP_CHAT_BRIDGE_QUERY_PARAM)};\n const defaultIntrinsicHeight = ${height};\n const chromeHeight = ${MCP_APP_WRAPPER_CHROME_HEIGHT};\n const frameReadyMessageDelays = [0, 200, 500, 1500, 3000, 7000, 15000, 30000];\n const frameReadyTimeoutMs = 45000;\n const frameLoadTimeoutMs = 45000;\n let app = null;\n let openAiBridge = null;\n let toolInput = {};\n let openUrl = \"\";\n let openStartUrl = \"\";\n let startedFor = \"\";\n let appFrame = null;\n let appFrameReady = false;\n let appFrameReadyTimer = null;\n let appFrameLoadTimer = null;\n let lastFrameSrc = \"\";\n\n function esc(value) {\n return String(value ?? \"\")\n .replace(/&/g, \"&amp;\")\n .replace(/</g, \"&lt;\")\n .replace(/>/g, \"&gt;\")\n .replace(/\"/g, \"&quot;\");\n }\n\n function parseJson(value, fallback) {\n if (value && typeof value === \"object\") return value;\n if (typeof value !== \"string\" || !value.trim()) return fallback;\n try { return JSON.parse(value); } catch { return fallback; }\n }\n\n function objectValue(value) {\n return value && typeof value === \"object\" && !Array.isArray(value)\n ? value\n : {};\n }\n\n function finiteNumber(value) {\n return typeof value === \"number\" && Number.isFinite(value) && value > 0\n ? value\n : null;\n }\n\n function contextMaxHeight(context) {\n if (!context || typeof context !== \"object\") return null;\n return finiteNumber(context.maxHeight) ||\n finiteNumber(context.containerDimensions && context.containerDimensions.maxHeight);\n }\n\n function visibleIntrinsicHeight() {\n const context = hostState().context || {};\n const hostMaxHeight = contextMaxHeight(context);\n if (hostMaxHeight) return Math.floor(hostMaxHeight);\n const viewportHeight = finiteNumber(window.visualViewport && window.visualViewport.height) ||\n finiteNumber(window.innerHeight);\n return Math.floor(viewportHeight || defaultIntrinsicHeight);\n }\n\n function applyIntrinsicHeight(nextHeight) {\n const boundedHeight = Math.min(\n defaultIntrinsicHeight,\n Math.floor(nextHeight || defaultIntrinsicHeight)\n );\n const height = Math.max(320, boundedHeight);\n const viewportHeight = Math.max(0, height - chromeHeight);\n document.documentElement.style.setProperty(\"--agent-native-shell-height\", height + \"px\");\n document.documentElement.style.setProperty(\"--agent-native-viewport-height\", viewportHeight + \"px\");\n if (appFrame) appFrame.style.height = viewportHeight + \"px\";\n return height;\n }\n\n function parseToolResult(params) {\n if (!params) return {};\n if (params.result && typeof params.result === \"object\") {\n return parseToolResult(params.result);\n }\n if (params.toolResult && typeof params.toolResult === \"object\") {\n return parseToolResult(params.toolResult);\n }\n if (params.structuredContent && typeof params.structuredContent === \"object\") {\n return params.structuredContent;\n }\n const parts = Array.isArray(params.content) ? params.content : [];\n const textPart = parts.find((part) => part && part.type === \"text\" && typeof part.text === \"string\");\n const text = textPart ? textPart.text : \"\";\n if (params.isError && typeof text === \"string\" && text.trim()) {\n return { error: text.trim() };\n }\n return parseJson(text, {});\n }\n\n function openLinkRecordFrom(value) {\n return value && typeof value === \"object\" && !Array.isArray(value)\n ? value\n : {};\n }\n\n function openLinkWebUrlFrom(value) {\n const record = openLinkRecordFrom(value);\n return typeof record.webUrl === \"string\" ? record.webUrl : \"\";\n }\n\n function firstNonEmbedStartUrl(values) {\n for (const value of values) {\n if (typeof value === \"string\" && value && !isEmbedStartUrl(value)) return value;\n }\n return \"\";\n }\n\n function firstEmbedStartUrl(values) {\n for (const value of values) {\n if (typeof value === \"string\" && value && isEmbedStartUrl(value)) {\n return withChatBridgeParam(value);\n }\n }\n return \"\";\n }\n\n function openLinkFrom(params, data) {\n const openLink = params && params._meta && params._meta[\"agent-native/openLink\"];\n const metaUrl = openLinkWebUrlFrom(openLink);\n const record = data && typeof data === \"object\" ? data : {};\n const structuredOpenLinkUrl = openLinkWebUrlFrom(record.openLink);\n return firstNonEmbedStartUrl([\n record.embedTargetPath,\n record.deepLinkUrl,\n record.deepLink,\n record.openUrl,\n record.url,\n structuredOpenLinkUrl,\n metaUrl\n ]);\n }\n\n function embedStartUrlFrom(params, data) {\n const embedStart =\n params && params._meta && params._meta[\"agent-native/embedStart\"];\n const embedStartRecord =\n embedStart && typeof embedStart === \"object\" && !Array.isArray(embedStart)\n ? embedStart\n : {};\n const openLink = params && params._meta && params._meta[\"agent-native/openLink\"];\n const metaUrl = openLinkWebUrlFrom(openLink);\n const record = data && typeof data === \"object\" ? data : {};\n return firstEmbedStartUrl([\n embedStartRecord.startUrl,\n record.embedStartUrl,\n record.startUrl,\n record.url,\n openLinkWebUrlFrom(record.openLink),\n metaUrl\n ]);\n }\n\n function hostState() {\n if (openAiBridge) {\n return {\n context: {\n displayMode: openAiBridge.displayMode,\n availableDisplayModes: typeof openAiBridge.requestDisplayMode === \"function\"\n ? [\"inline\", \"fullscreen\", \"pip\"]\n : [],\n maxHeight: openAiBridge.maxHeight,\n locale: openAiBridge.locale,\n theme: openAiBridge.theme,\n view: openAiBridge.view\n },\n capabilities: { openai: true },\n version: openAiBridge.userAgent\n };\n }\n return {\n context: app && app.getHostContext ? app.getHostContext() : undefined,\n capabilities: app && app.getHostCapabilities ? app.getHostCapabilities() : undefined,\n version: app && app.getHostVersion ? app.getHostVersion() : undefined\n };\n }\n\n function sendToAppFrame(message) {\n if (!appFrame || !appFrame.contentWindow) return;\n try { appFrame.contentWindow.postMessage(message, \"*\"); } catch {}\n }\n\n function sendHostContext() {\n sendToAppFrame({ type: \"agentNative.mcpHostContext\", data: hostState() });\n }\n\n function sendFrameReadyMessages(frame) {\n const originPayload = { type: \"agentNative.frameOrigin\", origin: window.location.origin };\n frameReadyMessageDelays.forEach((delay) => {\n setTimeout(() => {\n try { frame.contentWindow && frame.contentWindow.postMessage(originPayload, \"*\"); } catch {}\n sendHostContext();\n }, delay);\n });\n }\n\n function withChatBridgeParam(value) {\n if (typeof value !== \"string\" || !value) return value;\n try {\n const base = \"http://agent-native.invalid\";\n const url = value.startsWith(\"/\") ? new URL(value, base) : new URL(value);\n url.searchParams.set(chatBridgeParam, \"1\");\n return value.startsWith(\"/\")\n ? url.pathname + url.search + url.hash\n : url.toString();\n } catch {\n return value;\n }\n }\n\n function embedSessionArgsFor(value) {\n const chrome = typeof toolInput.chrome === \"string\" ? toolInput.chrome : \"full\";\n return typeof value === \"string\" && value.startsWith(\"/\")\n ? { path: value, chrome }\n : { url: value, chrome };\n }\n\n function isEmbedStartUrl(value) {\n if (typeof value !== \"string\" || !value) return false;\n try {\n const url = new URL(value, window.location.href);\n return url.pathname.endsWith(\"/_agent-native/embed/start\");\n } catch {\n return false;\n }\n }\n\n function localPathFromUrl(url, includeToken) {\n const next = new URL(url.href);\n if (!includeToken) next.searchParams.delete(\"__an_embed_token\");\n return next.pathname + next.search + next.hash;\n }\n\n function rewriteRootRelativeHtmlUrls(html, appOrigin) {\n return String(html).replace(\n /\\\\b(src|href|poster|action)\\\\s*=\\\\s*([\"'])\\\\/(?!\\\\/)/gi,\n (_match, name, quote) => String(name) + \"=\" + quote + appOrigin + \"/\"\n );\n }\n\n function removeHtmlCspMeta(html) {\n return String(html).replace(\n /<meta\\\\s+[^>]*http-equiv\\\\s*=\\\\s*([\"'])?content-security-policy\\\\1?[^>]*>/gi,\n \"\"\n );\n }\n\n function embedConfigForAppUrl(appUrl) {\n const sanitizedTarget = localPathFromUrl(appUrl, false);\n return {\n origin: appUrl.origin,\n href: appUrl.href,\n baseHref: appUrl.origin + appUrl.pathname,\n target: sanitizedTarget,\n token: appUrl.searchParams.get(\"__an_embed_token\") || \"\",\n chatBridgeActive: appUrl.searchParams.get(chatBridgeParam) === \"1\",\n chatBridgeParam,\n embedTokenParam: \"__an_embed_token\",\n embedTargetHeader: \"x-agent-native-embed-target\"\n };\n }\n\n function installExternalEmbedRuntime(config) {\n window.__AGENT_NATIVE_EXTERNAL_EMBED = config;\n try {\n if (config.target) {\n window.history.replaceState(window.history.state, \"\", config.target);\n }\n } catch (_err) {}\n try {\n if (config.token) {\n sessionStorage.setItem(\"agent-native:embed-auth-token\", config.token);\n }\n if (config.chatBridgeActive && config.token) {\n sessionStorage.setItem(\"agent-native:mcp-chat-bridge\", config.token);\n }\n } catch (_err) {}\n if (window.__agentNativeExternalEmbedRuntimeInstalled) return;\n window.__agentNativeExternalEmbedRuntimeInstalled = true;\n function appOrigin() {\n try {\n return new URL(config.origin).origin;\n } catch (_err) {\n return \"\";\n }\n }\n function targetPath() {\n return config.target || location.pathname + location.search;\n }\n function rewrittenUrl(value, appendToken) {\n const origin = appOrigin();\n if (!origin) return null;\n let url;\n try {\n url = new URL(value, location.href);\n } catch (_err) {\n return null;\n }\n if (url.origin !== location.origin && url.origin !== origin) return null;\n if (url.origin !== origin) {\n const app = new URL(origin);\n url.protocol = app.protocol;\n url.host = app.host;\n }\n if (appendToken && config.token && url.pathname === \"/_agent-native/events\") {\n url.searchParams.set(config.embedTokenParam, config.token);\n }\n return url.toString();\n }\n function authHeaders(input, init) {\n const headers = new Headers(\n init && init.headers ? init.headers : input instanceof Request ? input.headers : undefined\n );\n if (config.token && !headers.has(\"Authorization\")) {\n headers.set(\"Authorization\", \"Bearer \" + config.token);\n }\n if (!headers.has(config.embedTargetHeader)) {\n headers.set(config.embedTargetHeader, targetPath());\n }\n return headers;\n }\n if (typeof fetch === \"function\") {\n const originalFetch = fetch.bind(window);\n window.fetch = function(input, init) {\n const raw = input instanceof Request ? input.url : String(input);\n const url = rewrittenUrl(raw, false);\n if (!url) return originalFetch(input, init);\n const nextInit = Object.assign({}, init || {}, {\n headers: authHeaders(input, init),\n credentials: \"omit\"\n });\n if (input instanceof Request) {\n return originalFetch(new Request(url, input), nextInit);\n }\n return originalFetch(url, nextInit);\n };\n }\n if (typeof XMLHttpRequest !== \"undefined\") {\n const originalOpen = XMLHttpRequest.prototype.open;\n const originalSend = XMLHttpRequest.prototype.send;\n XMLHttpRequest.prototype.open = function(method, url) {\n const rewritten = rewrittenUrl(url, false);\n this.__agentNativeExternalEmbed = !!rewritten;\n return originalOpen.call(\n this,\n method,\n rewritten || url,\n arguments.length > 2 ? arguments[2] : true,\n arguments[3],\n arguments[4]\n );\n };\n XMLHttpRequest.prototype.send = function(body) {\n if (this.__agentNativeExternalEmbed) {\n try {\n if (config.token) this.setRequestHeader(\"Authorization\", \"Bearer \" + config.token);\n this.setRequestHeader(config.embedTargetHeader, targetPath());\n } catch (_err) {}\n }\n return originalSend.call(this, body);\n };\n }\n if (typeof EventSource !== \"undefined\") {\n const OriginalEventSource = EventSource;\n window.EventSource = function(url, options) {\n return new OriginalEventSource(rewrittenUrl(url, true) || url, options);\n };\n window.EventSource.prototype = OriginalEventSource.prototype;\n }\n }\n\n function copyDocumentElementAttributes(source) {\n const target = document.documentElement;\n for (const attr of Array.from(target.attributes)) {\n target.removeAttribute(attr.name);\n }\n for (const attr of Array.from(source.attributes)) {\n target.setAttribute(attr.name, attr.value);\n }\n }\n\n function importChildren(source, target) {\n target.replaceChildren(\n ...Array.from(source.childNodes).map((node) => document.importNode(node, true))\n );\n }\n\n function isModuleScript(script) {\n return (script.getAttribute(\"type\") || \"\").trim().toLowerCase() === \"module\";\n }\n\n function isRunnableClassicScript(script) {\n const type = (script.getAttribute(\"type\") || \"\").trim().toLowerCase();\n return !type || type === \"text/javascript\" || type === \"application/javascript\";\n }\n\n function runClassicScript(script) {\n const next = document.createElement(\"script\");\n for (const attr of Array.from(script.attributes)) {\n if (attr.name === \"type\") continue;\n next.setAttribute(attr.name, attr.value);\n }\n if (script.src) {\n next.src = script.src;\n } else {\n next.textContent = script.textContent || \"\";\n }\n document.body.appendChild(next);\n next.remove();\n }\n\n function rootRelativeSpecifiersToAbsolute(code, appOrigin) {\n return String(code).replace(/([\"'])\\\\/(?!\\\\/)/g, \"$1\" + appOrigin + \"/\");\n }\n\n function moduleCodeToClassicAsync(code, appOrigin) {\n return rootRelativeSpecifiersToAbsolute(code, appOrigin)\n .replace(\n /\\\\bimport\\\\s+\\\\*\\\\s+as\\\\s+([A-Za-z_$][\\\\w$]*)\\\\s+from\\\\s+([\"'][^\"']+[\"'])\\\\s*;?/g,\n \"const $1 = await import($2);\"\n )\n .replace(/\\\\bimport\\\\s+([\"'][^\"']+[\"'])\\\\s*;?/g, \"await import($1);\")\n .replace(/\\\\bimport\\\\(([\"'][^\"']+[\"'])\\\\)\\\\s*;?/g, \"await import($1);\");\n }\n\n function runModuleScriptAsClassic(script, appOrigin) {\n const code = moduleCodeToClassicAsync(script.textContent || \"\", appOrigin);\n const runner = document.createElement(\"script\");\n runner.textContent =\n \"(async()=>{\" +\n code +\n \"})().catch((err)=>{console.error('[agent-native] transplanted app module failed',err);document.body.setAttribute('data-agent-native-hydration-error',String(err&&err.message||err));});\";\n document.body.appendChild(runner);\n runner.remove();\n }\n\n function mountTransplantedHtml(html, appUrl) {\n const config = embedConfigForAppUrl(appUrl);\n installExternalEmbedRuntime(config);\n const parsed = new DOMParser().parseFromString(\n rewriteRootRelativeHtmlUrls(removeHtmlCspMeta(html), appUrl.origin),\n \"text/html\"\n );\n const scripts = Array.from(parsed.querySelectorAll(\"script\"));\n copyDocumentElementAttributes(parsed.documentElement);\n importChildren(parsed.head, document.head);\n const base = document.createElement(\"base\");\n base.href = config.baseHref;\n document.head.prepend(base);\n importChildren(parsed.body, document.body);\n for (const script of scripts) {\n if (isRunnableClassicScript(script)) runClassicScript(script);\n }\n for (const script of scripts) {\n if (isModuleScript(script)) runModuleScriptAsClassic(script, appUrl.origin);\n }\n }\n\n async function transplantAppDocument(src) {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrame = null;\n lastFrameSrc = src;\n setMessage(\"Loading app\");\n const response = await fetch(src, {\n credentials: \"omit\",\n redirect: \"follow\",\n headers: { Accept: \"text/html\" }\n });\n if (!response.ok) {\n throw new Error(\"Embedded app returned HTTP \" + response.status + \".\");\n }\n const html = await response.text();\n const appUrl = new URL(response.url || src);\n try {\n window.history.replaceState(window.history.state, \"\", localPathFromUrl(appUrl, false));\n } catch {}\n mountTransplantedHtml(html, appUrl);\n notifyHostHeightRepeatedly();\n }\n\n function wantsEmbed() {\n if (toolInput.embed === false || toolInput.embed === \"false\") return false;\n if (embedByDefault) return true;\n return toolInput.embed === true || toolInput.embed === \"true\";\n }\n\n function supportedDisplayMode(mode) {\n if (openAiBridge && typeof openAiBridge.requestDisplayMode === \"function\") {\n return mode === \"inline\" || mode === \"fullscreen\" || mode === \"pip\";\n }\n const modes = hostState().context && hostState().context.availableDisplayModes;\n return Array.isArray(modes) && modes.includes(mode);\n }\n\n async function requestHostDisplayMode(mode) {\n let result;\n if (openAiBridge && typeof openAiBridge.requestDisplayMode === \"function\") {\n result = await openAiBridge.requestDisplayMode({ mode });\n } else {\n if (!app || typeof app.requestDisplayMode !== \"function\") {\n throw new Error(\"Display mode changes are not available in this host.\");\n }\n result = await app.requestDisplayMode({ mode });\n }\n updateDisplayButton();\n sendHostContext();\n return result;\n }\n\n function updateDisplayButton() {\n const context = hostState().context || {};\n const nextMode = context.displayMode === \"fullscreen\" ? \"inline\" : \"fullscreen\";\n const supported = supportedDisplayMode(nextMode);\n displayButton.hidden = !supported;\n displayButton.disabled = !supported;\n displayButton.textContent = nextMode === \"fullscreen\" ? \"Fullscreen\" : \"Inline\";\n displayButton.onclick = () => {\n if (!supportedDisplayMode(nextMode)) return;\n void requestHostDisplayMode(nextMode).catch((err) => {\n console.warn(\"[agent-native] MCP host rejected display mode request\", err);\n });\n };\n }\n\n function setMessage(message) {\n stage.innerHTML = '<div class=\"message\">' + esc(message) + '</div>';\n }\n\n function clearFrameReadyTimer() {\n if (!appFrameReadyTimer) return;\n clearTimeout(appFrameReadyTimer);\n appFrameReadyTimer = null;\n }\n\n function clearFrameLoadTimer() {\n if (!appFrameLoadTimer) return;\n clearTimeout(appFrameLoadTimer);\n appFrameLoadTimer = null;\n }\n\n function startFrameReadyTimer(frame) {\n clearFrameReadyTimer();\n appFrameReadyTimer = setTimeout(() => {\n if (!appFrameReady && appFrame === frame) renderFrameFallback();\n }, frameReadyTimeoutMs);\n }\n\n function renderFrameFallback() {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrame = null;\n stage.innerHTML =\n '<div class=\"fallback\">' +\n '<div class=\"fallback-title\">Open this app in its own tab</div>' +\n '<div class=\"fallback-copy\">This chat host did not allow the embedded app frame to load inline. You can still open the same app route through the host or use the URL below.</div>' +\n '<div class=\"fallback-actions\">' +\n '<button type=\"button\" data-fallback-open>Open app</button>' +\n '<button type=\"button\" data-fallback-retry>Try inline again</button>' +\n '</div>' +\n (openUrl || openStartUrl ? '<a class=\"fallback-url\" href=\"' + esc(openUrl || openStartUrl) + '\" target=\"_blank\" rel=\"noreferrer\">' + esc(openUrl || openStartUrl) + '</a>' : '') +\n '</div>';\n const fallbackOpen = stage.querySelector(\"[data-fallback-open]\");\n const fallbackRetry = stage.querySelector(\"[data-fallback-retry]\");\n if (fallbackOpen) {\n fallbackOpen.disabled = !(openUrl || openStartUrl);\n fallbackOpen.onclick = () => {\n if (openUrl || openStartUrl) void openFallbackExternal();\n };\n }\n if (fallbackRetry) {\n fallbackRetry.disabled = !lastFrameSrc;\n fallbackRetry.onclick = () => {\n if (lastFrameSrc) renderFrame(lastFrameSrc);\n };\n }\n }\n\n async function openFallbackExternal() {\n let url = withChatBridgeParam(openUrl);\n try {\n if (url) {\n const result = await callEmbedSessionTool(embedSessionArgsFor(url));\n const data = parseToolResult(result);\n if (typeof data.startUrl === \"string\" && data.startUrl) {\n url = withChatBridgeParam(data.startUrl);\n }\n }\n } catch (err) {\n console.warn(\"[agent-native] MCP fallback could not mint a fresh app session\", err);\n }\n if (!url) url = withChatBridgeParam(openStartUrl);\n await openHostLink({ url });\n }\n\n function renderFrame(src) {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n const frame = document.createElement(\"iframe\");\n frame.title = body.dataset.iframeTitle || \"Agent Native app\";\n frame.src = src;\n frame.allow = \"clipboard-read; clipboard-write\";\n appFrame = frame;\n appFrameReady = false;\n lastFrameSrc = src;\n frame.addEventListener(\"load\", () => {\n if (appFrame !== frame) return;\n clearFrameLoadTimer();\n sendFrameReadyMessages(frame);\n startFrameReadyTimer(frame);\n });\n stage.replaceChildren(frame);\n notifyHostHeight();\n appFrameLoadTimer = setTimeout(() => {\n if (!appFrameReady && appFrame === frame) renderFrameFallback();\n }, frameLoadTimeoutMs);\n }\n\n function refreshExpiredEmbedSession() {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrameReady = false;\n if (!openUrl) {\n renderFrameFallback();\n return;\n }\n openStartUrl = \"\";\n startedFor = \"\";\n lastFrameSrc = \"\";\n setMessage(\"Refreshing app session\");\n void launchEmbed();\n }\n\n function shouldSelfNavigateToApp() {\n const mode = typeof toolInput.embedMode === \"string\"\n ? toolInput.embedMode\n : typeof toolInput.renderMode === \"string\"\n ? toolInput.renderMode\n : \"\";\n if (mode === \"iframe\" || mode === \"nested\") return false;\n if (toolInput.nested === true || toolInput.frame === \"iframe\") return false;\n return true;\n }\n\n function shouldTransplantAppDocument() {\n const mode = typeof toolInput.embedMode === \"string\"\n ? toolInput.embedMode\n : typeof toolInput.renderMode === \"string\"\n ? toolInput.renderMode\n : \"\";\n return (\n mode === \"transplant\" ||\n toolInput.frame === \"transplant\" ||\n isClaudeMcpContentHost()\n );\n }\n\n function isClaudeMcpContentHost() {\n try {\n return /(^|\\\\.)claudemcpcontent\\\\.com$/i.test(window.location.hostname || \"\");\n } catch {\n return false;\n }\n }\n\n function isChatGptSandboxHost() {\n try {\n const host = window.location.hostname || \"\";\n const appParam = new URL(window.location.href).searchParams.get(\"app\");\n return /(^|\\\\.)oaiusercontent\\\\.com$/i.test(host) || appParam === \"chatgpt\";\n } catch {\n return false;\n }\n }\n\n function shouldRenderControlledAppFrame() {\n return !!openAiBridge || isChatGptSandboxHost();\n }\n\n function navigateToAppFrame(src) {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrame = null;\n lastFrameSrc = src;\n setMessage(\"Opening app\");\n try {\n window.location.replace(src);\n } catch (err) {\n console.warn(\"[agent-native] MCP app self-navigation failed\", err);\n renderFrameFallback();\n }\n }\n\n async function updateHostModelContext(data) {\n const params = {};\n if (Array.isArray(data && data.content)) params.content = data.content;\n if (data && data.structuredContent && typeof data.structuredContent === \"object\") {\n params.structuredContent = data.structuredContent;\n }\n if (openAiBridge && typeof openAiBridge.setWidgetState === \"function\") {\n openAiBridge.setWidgetState({\n ...objectValue(openAiBridge.widgetState),\n agentNativeModelContext: params\n });\n return { ok: true };\n }\n if (!app || typeof app.updateModelContext !== \"function\") return { ok: false };\n await app.updateModelContext(params);\n return { ok: true };\n }\n\n async function openHostLink(data) {\n const url = typeof (data && data.url) === \"string\" ? data.url : \"\";\n if (!url) return { isError: true };\n if (openAiBridge && typeof openAiBridge.openExternal === \"function\") {\n return await openAiBridge.openExternal({ href: url, redirectUrl: false });\n }\n if (app && typeof app.openLink === \"function\") {\n return await app.openLink({ url });\n }\n window.open(url, \"_blank\", \"noopener,noreferrer\");\n return { ok: true };\n }\n\n function notifyHostHeight() {\n const height = applyIntrinsicHeight(visibleIntrinsicHeight());\n if (!openAiBridge || typeof openAiBridge.notifyIntrinsicHeight !== \"function\") {\n if (app && typeof app.sendSizeChanged === \"function\") {\n try {\n app.sendSizeChanged({ height });\n } catch (err) {\n console.warn(\"[agent-native] MCP host rejected size update\", err);\n }\n }\n return;\n }\n try {\n openAiBridge.notifyIntrinsicHeight({ height });\n } catch (err) {\n console.warn(\"[agent-native] ChatGPT rejected intrinsic height update\", err);\n }\n }\n\n function respondToAppFrame(requestId, work) {\n if (!requestId) return;\n Promise.resolve(work)\n .then((result) => {\n sendToAppFrame({\n type: \"agentNative.mcpHost.response\",\n data: { requestId, ok: true, result }\n });\n })\n .catch((err) => {\n sendToAppFrame({\n type: \"agentNative.mcpHost.response\",\n data: {\n requestId,\n ok: false,\n error: err && err.message ? err.message : String(err)\n }\n });\n });\n }\n\n async function sendHostChat(chat) {\n if (!chat || chat.submit === false) return;\n const message = typeof chat.message === \"string\" ? chat.message : \"\";\n if (!message.trim()) return;\n const context = typeof chat.context === \"string\" ? chat.context.trim() : \"\";\n try {\n if (openAiBridge && typeof openAiBridge.setWidgetState === \"function\") {\n openAiBridge.setWidgetState({\n ...objectValue(openAiBridge.widgetState),\n agentNativeChatContext: context || null\n });\n } else if (app && typeof app.updateModelContext === \"function\") {\n await app.updateModelContext({\n content: context ? [{ type: \"text\", text: context }] : []\n });\n }\n } catch (err) {\n console.warn(\"[agent-native] MCP host rejected model context update\", err);\n }\n try {\n if (openAiBridge && typeof openAiBridge.sendFollowUpMessage === \"function\") {\n await openAiBridge.sendFollowUpMessage({\n prompt: message,\n scrollToBottom: true\n });\n return;\n }\n if (!app || typeof app.sendMessage !== \"function\") return;\n const result = await app.sendMessage({\n role: \"user\",\n content: [{ type: \"text\", text: message }]\n });\n if (result && result.isError) {\n console.warn(\"[agent-native] MCP host rejected chat message\", result);\n }\n } catch (err) {\n console.warn(\"[agent-native] MCP host chat bridge failed\", err);\n }\n }\n\n window.addEventListener(\"message\", (event) => {\n if (!appFrame || event.source !== appFrame.contentWindow) return;\n if (!event.data) return;\n const data = event.data.data || {};\n if (event.data.type === \"agentNative.embeddedAppReady\") {\n appFrameReady = true;\n clearFrameLoadTimer();\n clearFrameReadyTimer();\n return;\n }\n if (event.data.type === \"agentNative.embedSessionExpired\") {\n refreshExpiredEmbedSession();\n return;\n }\n if (event.data.type === \"agentNative.submitChat\") {\n void sendHostChat(data);\n return;\n }\n if (event.data.type === \"agentNative.mcpHost.updateModelContext\") {\n respondToAppFrame(data.requestId, updateHostModelContext(data));\n return;\n }\n if (event.data.type === \"agentNative.mcpHost.openLink\") {\n respondToAppFrame(data.requestId, openHostLink(data));\n return;\n }\n if (event.data.type === \"agentNative.mcpHost.requestDisplayMode\") {\n respondToAppFrame(data.requestId, requestHostDisplayMode(data.mode));\n }\n });\n\n function notifyHostHeightSoon() {\n requestAnimationFrame(() => notifyHostHeight());\n }\n\n function notifyHostHeightRepeatedly() {\n notifyHostHeight();\n [0, 250, 1000, 2500].forEach((delay) => {\n setTimeout(() => notifyHostHeight(), delay);\n });\n }\n\n window.addEventListener(\"resize\", notifyHostHeightSoon, { passive: true });\n if (window.visualViewport) {\n window.visualViewport.addEventListener(\"resize\", notifyHostHeightSoon, { passive: true });\n }\n\n async function launchEmbed() {\n const launchUrl = openStartUrl || openUrl;\n if (!launchUrl) {\n setMessage(\"Open link was not available.\");\n return;\n }\n if (!wantsEmbed()) {\n setMessage(\"Ready to open.\");\n return;\n }\n if (startedFor === launchUrl) return;\n startedFor = launchUrl;\n setMessage(\"Loading app\");\n try {\n const selfNavigate = shouldSelfNavigateToApp();\n const embedUrl = withChatBridgeParam(launchUrl);\n if (selfNavigate && isEmbedStartUrl(embedUrl)) {\n if (isClaudeMcpContentHost() && shouldTransplantAppDocument()) {\n await transplantAppDocument(embedUrl);\n } else if (shouldRenderControlledAppFrame()) {\n renderFrame(embedUrl);\n } else {\n navigateToAppFrame(embedUrl);\n }\n return;\n }\n if (!selfNavigate && isEmbedStartUrl(embedUrl)) {\n renderFrame(embedUrl);\n return;\n }\n const result = await callEmbedSessionTool(embedSessionArgsFor(embedUrl));\n const data = parseToolResult(result);\n if (typeof data.startUrl !== \"string\" || !data.startUrl) {\n startedFor = \"\";\n setMessage(data.error || \"This app can be opened, but not embedded from this MCP server.\");\n return;\n }\n const startUrl = withChatBridgeParam(data.startUrl);\n if (selfNavigate) {\n if (isClaudeMcpContentHost() && shouldTransplantAppDocument()) {\n await transplantAppDocument(startUrl);\n } else if (shouldRenderControlledAppFrame()) {\n renderFrame(startUrl);\n } else {\n navigateToAppFrame(startUrl);\n }\n } else {\n renderFrame(startUrl);\n }\n } catch (err) {\n startedFor = \"\";\n setMessage(err && err.message ? err.message : \"Could not launch embedded app.\");\n }\n }\n\n async function callEmbedSessionTool(args) {\n if (openAiBridge && typeof openAiBridge.callTool === \"function\") {\n return await openAiBridge.callTool(startTool, args);\n }\n if (!app || typeof app.callServerTool !== \"function\") {\n throw new Error(\"Host tool calls are not available.\");\n }\n return await app.callServerTool({ name: startTool, arguments: args });\n }\n\n function updateHostOpenInAppUrl() {\n if (!openAiBridge || !openUrl || typeof openAiBridge.setOpenInAppUrl !== \"function\") {\n return;\n }\n try {\n openAiBridge.setOpenInAppUrl({ href: openUrl });\n } catch (err) {\n console.warn(\"[agent-native] ChatGPT rejected open-in-app URL\", err);\n }\n }\n\n function updateOpenButton() {\n const buttonUrl = openUrl || openStartUrl;\n openButton.disabled = !buttonUrl;\n openButton.onclick = () => {\n if (buttonUrl) void openHostLink({ url: buttonUrl });\n };\n updateHostOpenInAppUrl();\n }\n\n function updateTitle(data) {\n const label = data.label || data.app || data.view || body.dataset.appTitle || \"App\";\n titleEl.textContent = String(label);\n }\n\n function readOpenAiBridge() {\n return window.openai && typeof window.openai === \"object\"\n ? window.openai\n : null;\n }\n\n function openAiToolResultParams(bridge) {\n const params = {};\n if (bridge && bridge.toolOutput !== undefined) {\n if (bridge.toolOutput && typeof bridge.toolOutput === \"object\") {\n params.structuredContent = bridge.toolOutput;\n } else {\n params.content = [{ type: \"text\", text: String(bridge.toolOutput) }];\n }\n }\n if (bridge && bridge.toolResponseMetadata && typeof bridge.toolResponseMetadata === \"object\") {\n params._meta = bridge.toolResponseMetadata;\n }\n return params;\n }\n\n function syncOpenAiBridge(bridge) {\n if (!bridge) return false;\n openAiBridge = bridge;\n toolInput = objectValue(bridge.toolInput);\n const params = openAiToolResultParams(bridge);\n const data = parseToolResult(params);\n openUrl = openLinkFrom(params, data);\n openStartUrl = embedStartUrlFrom(params, data);\n updateTitle(data);\n updateOpenButton();\n updateDisplayButton();\n notifyHostHeight();\n sendHostContext();\n if (openUrl || openStartUrl) {\n void launchEmbed();\n } else if (!appFrame) {\n setMessage(\"Waiting for app result\");\n }\n return true;\n }\n\n function waitForOpenAiBridge() {\n const existing = readOpenAiBridge();\n if (existing) return Promise.resolve(existing);\n return new Promise((resolve) => {\n let settled = false;\n const finish = (bridge) => {\n if (settled) return;\n settled = true;\n window.removeEventListener(\"openai:set_globals\", onGlobals);\n clearTimeout(timer);\n resolve(bridge || readOpenAiBridge());\n };\n const onGlobals = () => finish(readOpenAiBridge());\n const timer = setTimeout(() => finish(null), 200);\n window.addEventListener(\"openai:set_globals\", onGlobals, { passive: true });\n });\n }\n\n window.addEventListener(\"openai:set_globals\", () => {\n const bridge = readOpenAiBridge();\n if (bridge && (!appFrame || openAiBridge)) syncOpenAiBridge(bridge);\n }, { passive: true });\n\n async function startMcpAppsBridge() {\n const { App } = await import(\"${MCP_APP_IMPORT}\");\n app = new App(\n { name: \"Agent Native Embed\", version: \"1.0.0\" },\n {},\n { autoResize: false }\n );\n app.ontoolinput = (params) => {\n toolInput = params.arguments || {};\n };\n app.ontoolresult = (params) => {\n const data = parseToolResult(params);\n openUrl = openLinkFrom(params, data);\n openStartUrl = embedStartUrlFrom(params, data);\n updateTitle(data);\n updateOpenButton();\n void launchEmbed();\n };\n app.onhostcontextchanged = () => {\n updateDisplayButton();\n notifyHostHeight();\n sendHostContext();\n };\n await app.connect();\n updateDisplayButton();\n notifyHostHeight();\n sendHostContext();\n }\n\n const initialOpenAiBridge = await waitForOpenAiBridge();\n if (!syncOpenAiBridge(initialOpenAiBridge)) {\n await startMcpAppsBridge();\n }\n </script>\n</body>\n</html>`,\n csp: {\n connectDomains: [\n \"https://esm.sh\",\n MCP_APP_REQUEST_ORIGIN_CSP_SOURCE,\n ...(options.frameDomains ?? []),\n ],\n resourceDomains: [\n \"https://esm.sh\",\n MCP_APP_REQUEST_ORIGIN_CSP_SOURCE,\n ...(options.frameDomains ?? []),\n ],\n baseUriDomains: [MCP_APP_REQUEST_ORIGIN_CSP_SOURCE],\n frameDomains,\n },\n prefersBorder: false,\n };\n}\n"]}
1
+ {"version":3,"file":"embed-app.js","sourceRoot":"","sources":["../../src/mcp/embed-app.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,+BAA+B,EAAE,MAAM,yBAAyB,CAAC;AAE1E,MAAM,cAAc,GAClB,mEAAmE,CAAC;AAEtE,MAAM,CAAC,MAAM,iCAAiC,GAAG,gBAAgB,CAAC;AAClE,MAAM,6BAA6B,GAAG,EAAE,CAAC;AACzC,MAAM,CAAC,MAAM,4BAA4B,GAAG,GAAG,CAAC;AAChD,MAAM,CAAC,MAAM,+BAA+B,GAC1C,4BAA4B,GAAG,6BAA6B,CAAC;AAa/D,SAAS,IAAI,CAAC,KAAyB;IACrC,OAAO,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,QAAQ,CACtB,UAA2B,EAAE;IAE7B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,UAAU,CAAC;IAC1C,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,kBAAkB,CAAC;IAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,aAAa,CAAC;IACrD,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,sBAAsB,CAAC;IACtE,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,KAAK,KAAK,CAAC;IACxD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CACrB,GAAG,EACH,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,IAAI,4BAA4B,CAAC,CAC9D,CAAC;IACF,MAAM,cAAc,GAAG,MAAM,GAAG,6BAA6B,CAAC;IAC9D,MAAM,YAAY,GAAG;QACnB,iCAAiC;QACjC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;KAChC,CAAC;IAEF,OAAO;QACL,KAAK;QACL,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpE,IAAI,EAAE,GAAG,EAAE,CAAC;;;;;;8MAM8L,MAAM,uCAAuC,cAAc;;;;;;;;;;;;;;;;;;;;oBAoBrP,IAAI,CAAC,KAAK,CAAC;uBACR,IAAI,CAAC,WAAW,CAAC;qBACnB,IAAI,CAAC,SAAS,CAAC;qBACf,IAAI,CAAC,aAAa,CAAC;wBAChB,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;;;;4CAIN,IAAI,CAAC,KAAK,CAAC;;;mDAGJ,IAAI,CAAC,SAAS,CAAC;;;;;;;;;;;;;;;8BAepC,IAAI,CAAC,SAAS,CAAC,+BAA+B,CAAC;qCACxC,MAAM;2BAChB,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sCAk/BlB,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAkC5C;QACJ,GAAG,EAAE;YACH,cAAc,EAAE;gBACd,gBAAgB;gBAChB,iCAAiC;gBACjC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;aAChC;YACD,eAAe,EAAE;gBACf,gBAAgB;gBAChB,iCAAiC;gBACjC,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;aAChC;YACD,cAAc,EAAE,CAAC,iCAAiC,CAAC;YACnD,YAAY;SACb;QACD,aAAa,EAAE,KAAK;KACrB,CAAC;AACJ,CAAC","sourcesContent":["import type { ActionMcpAppResourceConfig } from \"../action.js\";\nimport { MCP_APP_CHAT_BRIDGE_QUERY_PARAM } from \"../shared/embed-auth.js\";\n\nconst MCP_APP_IMPORT =\n \"https://esm.sh/@modelcontextprotocol/ext-apps@1.7.2/app-with-deps\";\n\nexport const MCP_APP_REQUEST_ORIGIN_CSP_SOURCE = \"$requestOrigin\";\nconst MCP_APP_WRAPPER_CHROME_HEIGHT = 44;\nexport const DEFAULT_MCP_APP_SHELL_HEIGHT = 560;\nexport const DEFAULT_MCP_APP_VIEWPORT_HEIGHT =\n DEFAULT_MCP_APP_SHELL_HEIGHT - MCP_APP_WRAPPER_CHROME_HEIGHT;\n\nexport interface EmbedAppOptions {\n title?: string;\n description?: string;\n iframeTitle?: string;\n openLabel?: string;\n embedByDefault?: boolean;\n startToolName?: string;\n frameDomains?: string[];\n height?: number;\n}\n\nfunction attr(value: string | undefined): string {\n return String(value ?? \"\")\n .replace(/&/g, \"&amp;\")\n .replace(/\"/g, \"&quot;\")\n .replace(/</g, \"&lt;\")\n .replace(/>/g, \"&gt;\");\n}\n\nexport function embedApp(\n options: EmbedAppOptions = {},\n): ActionMcpAppResourceConfig {\n const title = options.title ?? \"Open app\";\n const iframeTitle = options.iframeTitle ?? \"Agent Native app\";\n const openLabel = options.openLabel ?? \"Open in app\";\n const startToolName = options.startToolName ?? \"create_embed_session\";\n const embedByDefault = options.embedByDefault !== false;\n const height = Math.max(\n 320,\n Math.min(900, options.height ?? DEFAULT_MCP_APP_SHELL_HEIGHT),\n );\n const viewportHeight = height - MCP_APP_WRAPPER_CHROME_HEIGHT;\n const frameDomains = [\n MCP_APP_REQUEST_ORIGIN_CSP_SOURCE,\n ...(options.frameDomains ?? []),\n ];\n\n return {\n title,\n ...(options.description ? { description: options.description } : {}),\n html: () => `<!doctype html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <style>\n :root { color-scheme: light dark; font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif; background: Canvas; color: CanvasText; --agent-native-shell-height: ${height}px; --agent-native-viewport-height: ${viewportHeight}px; }\n * { box-sizing: border-box; }\n body { margin: 0; }\n .shell { display: grid; gap: 8px; min-height: var(--agent-native-shell-height); padding: 0; }\n .bar { display: flex; align-items: center; justify-content: space-between; gap: 8px; min-height: 36px; padding: 6px 8px; border-bottom: 1px solid color-mix(in srgb, CanvasText 12%, Canvas); }\n .title { min-width: 0; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; font-size: 12px; font-weight: 700; color: color-mix(in srgb, CanvasText 72%, Canvas); }\n .actions { display: flex; align-items: center; gap: 6px; }\n button { min-height: 28px; border: 1px solid color-mix(in srgb, CanvasText 14%, Canvas); border-radius: 7px; background: Canvas; color: CanvasText; cursor: pointer; font: inherit; font-size: 12px; font-weight: 700; padding: 0 9px; }\n button:disabled { opacity: .55; cursor: default; }\n .stage { position: relative; min-height: var(--agent-native-viewport-height); }\n iframe { display: block; width: 100%; height: var(--agent-native-viewport-height); border: 0; background: Canvas; }\n .message { display: grid; place-items: center; min-height: var(--agent-native-viewport-height); padding: 18px; color: color-mix(in srgb, CanvasText 62%, Canvas); font-size: 13px; line-height: 1.45; text-align: center; }\n .fallback { display: grid; align-content: center; justify-items: center; gap: 12px; min-height: var(--agent-native-viewport-height); padding: 24px; background: Canvas; color: CanvasText; text-align: center; }\n .fallback-title { max-width: 440px; font-size: 14px; font-weight: 700; }\n .fallback-copy { max-width: 520px; color: color-mix(in srgb, CanvasText 64%, Canvas); font-size: 13px; line-height: 1.45; }\n .fallback-actions { display: flex; flex-wrap: wrap; align-items: center; justify-content: center; gap: 8px; }\n .fallback-url { max-width: min(560px, 100%); overflow-wrap: anywhere; color: color-mix(in srgb, CanvasText 76%, Canvas); font-size: 12px; }\n </style>\n</head>\n<body\n data-app-title=\"${attr(title)}\"\n data-iframe-title=\"${attr(iframeTitle)}\"\n data-open-label=\"${attr(openLabel)}\"\n data-start-tool=\"${attr(startToolName)}\"\n data-embed-default=\"${embedByDefault ? \"1\" : \"0\"}\"\n>\n <main class=\"shell\">\n <div class=\"bar\">\n <div class=\"title\" data-title-label>${attr(title)}</div>\n <div class=\"actions\">\n <button type=\"button\" data-display hidden disabled>Fullscreen</button>\n <button type=\"button\" data-open disabled>${attr(openLabel)}</button>\n </div>\n </div>\n <section class=\"stage\" data-stage>\n <div class=\"message\">Preparing app</div>\n </section>\n </main>\n <script type=\"module\">\n const body = document.body;\n const stage = document.querySelector(\"[data-stage]\");\n const titleEl = document.querySelector(\"[data-title-label]\");\n const openButton = document.querySelector(\"[data-open]\");\n const displayButton = document.querySelector(\"[data-display]\");\n const startTool = body.dataset.startTool || \"create_embed_session\";\n const embedByDefault = body.dataset.embedDefault !== \"0\";\n const chatBridgeParam = ${JSON.stringify(MCP_APP_CHAT_BRIDGE_QUERY_PARAM)};\n const defaultIntrinsicHeight = ${height};\n const chromeHeight = ${MCP_APP_WRAPPER_CHROME_HEIGHT};\n const frameReadyMessageDelays = [0, 200, 500, 1500, 3000, 7000, 15000, 30000];\n const frameReadyTimeoutMs = 45000;\n const frameLoadTimeoutMs = 45000;\n let app = null;\n let openAiBridge = null;\n let toolInput = {};\n let openUrl = \"\";\n let openStartUrl = \"\";\n let startedFor = \"\";\n let appFrame = null;\n let appFrameReady = false;\n let appFrameReadyTimer = null;\n let appFrameLoadTimer = null;\n let lastFrameSrc = \"\";\n\n function esc(value) {\n return String(value ?? \"\")\n .replace(/&/g, \"&amp;\")\n .replace(/</g, \"&lt;\")\n .replace(/>/g, \"&gt;\")\n .replace(/\"/g, \"&quot;\");\n }\n\n function parseJson(value, fallback) {\n if (value && typeof value === \"object\") return value;\n if (typeof value !== \"string\" || !value.trim()) return fallback;\n try { return JSON.parse(value); } catch { return fallback; }\n }\n\n function objectValue(value) {\n return value && typeof value === \"object\" && !Array.isArray(value)\n ? value\n : {};\n }\n\n function finiteNumber(value) {\n return typeof value === \"number\" && Number.isFinite(value) && value > 0\n ? value\n : null;\n }\n\n function contextMaxHeight(context) {\n if (!context || typeof context !== \"object\") return null;\n return finiteNumber(context.maxHeight) ||\n finiteNumber(context.containerDimensions && context.containerDimensions.maxHeight);\n }\n\n function visibleIntrinsicHeight() {\n const context = hostState().context || {};\n const hostMaxHeight = contextMaxHeight(context);\n if (hostMaxHeight) return Math.floor(hostMaxHeight);\n const viewportHeight = finiteNumber(window.visualViewport && window.visualViewport.height) ||\n finiteNumber(window.innerHeight);\n return Math.floor(viewportHeight || defaultIntrinsicHeight);\n }\n\n function applyIntrinsicHeight(nextHeight) {\n const boundedHeight = Math.min(\n defaultIntrinsicHeight,\n Math.floor(nextHeight || defaultIntrinsicHeight)\n );\n const height = Math.max(320, boundedHeight);\n const viewportHeight = Math.max(0, height - chromeHeight);\n document.documentElement.style.setProperty(\"--agent-native-shell-height\", height + \"px\");\n document.documentElement.style.setProperty(\"--agent-native-viewport-height\", viewportHeight + \"px\");\n if (appFrame) appFrame.style.height = viewportHeight + \"px\";\n return height;\n }\n\n function parseToolResult(params) {\n if (!params) return {};\n if (params.result && typeof params.result === \"object\") {\n return parseToolResult(params.result);\n }\n if (params.toolResult && typeof params.toolResult === \"object\") {\n return parseToolResult(params.toolResult);\n }\n if (params.structuredContent && typeof params.structuredContent === \"object\") {\n return params.structuredContent;\n }\n const parts = Array.isArray(params.content) ? params.content : [];\n const textPart = parts.find((part) => part && part.type === \"text\" && typeof part.text === \"string\");\n const text = textPart ? textPart.text : \"\";\n if (params.isError && typeof text === \"string\" && text.trim()) {\n return { error: text.trim() };\n }\n return parseJson(text, {});\n }\n\n function openLinkRecordFrom(value) {\n return value && typeof value === \"object\" && !Array.isArray(value)\n ? value\n : {};\n }\n\n function openLinkWebUrlFrom(value) {\n const record = openLinkRecordFrom(value);\n return typeof record.webUrl === \"string\" ? record.webUrl : \"\";\n }\n\n function firstNonEmbedStartUrl(values) {\n for (const value of values) {\n if (typeof value === \"string\" && value && !isEmbedStartUrl(value)) return value;\n }\n return \"\";\n }\n\n function firstEmbedStartUrl(values) {\n for (const value of values) {\n if (typeof value === \"string\" && value && isEmbedStartUrl(value)) {\n return withChatBridgeParam(value);\n }\n }\n return \"\";\n }\n\n function openLinkFrom(params, data) {\n const openLink = params && params._meta && params._meta[\"agent-native/openLink\"];\n const metaUrl = openLinkWebUrlFrom(openLink);\n const record = data && typeof data === \"object\" ? data : {};\n const structuredOpenLinkUrl = openLinkWebUrlFrom(record.openLink);\n return firstNonEmbedStartUrl([\n record.embedTargetPath,\n record.deepLinkUrl,\n record.deepLink,\n record.openUrl,\n record.url,\n structuredOpenLinkUrl,\n metaUrl\n ]);\n }\n\n function embedStartUrlFrom(params, data) {\n const embedStart =\n params && params._meta && params._meta[\"agent-native/embedStart\"];\n const embedStartRecord =\n embedStart && typeof embedStart === \"object\" && !Array.isArray(embedStart)\n ? embedStart\n : {};\n const openLink = params && params._meta && params._meta[\"agent-native/openLink\"];\n const metaUrl = openLinkWebUrlFrom(openLink);\n const record = data && typeof data === \"object\" ? data : {};\n return firstEmbedStartUrl([\n embedStartRecord.startUrl,\n record.embedStartUrl,\n record.startUrl,\n record.url,\n openLinkWebUrlFrom(record.openLink),\n metaUrl\n ]);\n }\n\n function hostState() {\n if (openAiBridge) {\n return {\n context: {\n displayMode: openAiBridge.displayMode,\n availableDisplayModes: typeof openAiBridge.requestDisplayMode === \"function\"\n ? [\"inline\", \"fullscreen\", \"pip\"]\n : [],\n maxHeight: openAiBridge.maxHeight,\n locale: openAiBridge.locale,\n theme: openAiBridge.theme,\n view: openAiBridge.view\n },\n capabilities: { openai: true },\n version: openAiBridge.userAgent\n };\n }\n return {\n context: app && app.getHostContext ? app.getHostContext() : undefined,\n capabilities: app && app.getHostCapabilities ? app.getHostCapabilities() : undefined,\n version: app && app.getHostVersion ? app.getHostVersion() : undefined\n };\n }\n\n function sendToAppFrame(message) {\n if (!appFrame || !appFrame.contentWindow) return;\n try { appFrame.contentWindow.postMessage(message, \"*\"); } catch {}\n }\n\n function sendHostContext() {\n sendToAppFrame({ type: \"agentNative.mcpHostContext\", data: hostState() });\n }\n\n function sendFrameReadyMessages(frame) {\n const originPayload = { type: \"agentNative.frameOrigin\", origin: window.location.origin };\n frameReadyMessageDelays.forEach((delay) => {\n setTimeout(() => {\n try { frame.contentWindow && frame.contentWindow.postMessage(originPayload, \"*\"); } catch {}\n sendHostContext();\n }, delay);\n });\n }\n\n function withChatBridgeParam(value) {\n if (typeof value !== \"string\" || !value) return value;\n try {\n const base = \"http://agent-native.invalid\";\n const url = value.startsWith(\"/\") ? new URL(value, base) : new URL(value);\n url.searchParams.set(chatBridgeParam, \"1\");\n return value.startsWith(\"/\")\n ? url.pathname + url.search + url.hash\n : url.toString();\n } catch {\n return value;\n }\n }\n\n function embedSessionArgsFor(value) {\n const chrome = typeof toolInput.chrome === \"string\" ? toolInput.chrome : \"full\";\n return typeof value === \"string\" && value.startsWith(\"/\")\n ? { path: value, chrome }\n : { url: value, chrome };\n }\n\n function isEmbedStartUrl(value) {\n if (typeof value !== \"string\" || !value) return false;\n try {\n const url = new URL(value, window.location.href);\n return url.pathname.endsWith(\"/_agent-native/embed/start\");\n } catch {\n return false;\n }\n }\n\n function localPathFromUrl(url, includeToken) {\n const next = new URL(url.href);\n if (!includeToken) next.searchParams.delete(\"__an_embed_token\");\n return next.pathname + next.search + next.hash;\n }\n\n function rewriteRootRelativeHtmlUrls(html, appOrigin) {\n return String(html).replace(\n /\\\\b(src|href|poster|action)\\\\s*=\\\\s*([\"'])\\\\/(?!\\\\/)/gi,\n (_match, name, quote) => String(name) + \"=\" + quote + appOrigin + \"/\"\n );\n }\n\n function removeHtmlCspMeta(html) {\n return String(html).replace(\n /<meta\\\\s+[^>]*http-equiv\\\\s*=\\\\s*([\"'])?content-security-policy\\\\1?[^>]*>/gi,\n \"\"\n );\n }\n\n function embedConfigForAppUrl(appUrl) {\n const sanitizedTarget = localPathFromUrl(appUrl, false);\n return {\n origin: appUrl.origin,\n href: appUrl.href,\n baseHref: appUrl.origin + appUrl.pathname,\n target: sanitizedTarget,\n token: appUrl.searchParams.get(\"__an_embed_token\") || \"\",\n chatBridgeActive: appUrl.searchParams.get(chatBridgeParam) === \"1\",\n chatBridgeParam,\n embedTokenParam: \"__an_embed_token\",\n embedTargetHeader: \"x-agent-native-embed-target\"\n };\n }\n\n function installExternalEmbedRuntime(config) {\n window.__AGENT_NATIVE_EXTERNAL_EMBED = config;\n try {\n if (config.target) {\n window.history.replaceState(window.history.state, \"\", config.target);\n }\n } catch (_err) {}\n try {\n if (config.token) {\n sessionStorage.setItem(\"agent-native:embed-auth-token\", config.token);\n }\n if (config.chatBridgeActive && config.token) {\n sessionStorage.setItem(\"agent-native:mcp-chat-bridge\", config.token);\n }\n } catch (_err) {}\n if (window.__agentNativeExternalEmbedRuntimeInstalled) return;\n window.__agentNativeExternalEmbedRuntimeInstalled = true;\n function appOrigin() {\n try {\n return new URL(config.origin).origin;\n } catch (_err) {\n return \"\";\n }\n }\n function targetPath() {\n return config.target || location.pathname + location.search;\n }\n function rewrittenUrl(value, appendToken) {\n const origin = appOrigin();\n if (!origin) return null;\n let url;\n try {\n url = new URL(value, location.href);\n } catch (_err) {\n return null;\n }\n if (url.origin !== location.origin && url.origin !== origin) return null;\n if (url.origin !== origin) {\n const app = new URL(origin);\n url.protocol = app.protocol;\n url.host = app.host;\n }\n if (appendToken && config.token && url.pathname === \"/_agent-native/events\") {\n url.searchParams.set(config.embedTokenParam, config.token);\n }\n return url.toString();\n }\n function authHeaders(input, init) {\n const headers = new Headers(\n init && init.headers ? init.headers : input instanceof Request ? input.headers : undefined\n );\n if (config.token && !headers.has(\"Authorization\")) {\n headers.set(\"Authorization\", \"Bearer \" + config.token);\n }\n if (!headers.has(config.embedTargetHeader)) {\n headers.set(config.embedTargetHeader, targetPath());\n }\n return headers;\n }\n if (typeof fetch === \"function\") {\n const originalFetch = fetch.bind(window);\n window.fetch = function(input, init) {\n const raw = input instanceof Request ? input.url : String(input);\n const url = rewrittenUrl(raw, false);\n if (!url) return originalFetch(input, init);\n const nextInit = Object.assign({}, init || {}, {\n headers: authHeaders(input, init),\n credentials: \"omit\"\n });\n if (input instanceof Request) {\n return originalFetch(new Request(url, input), nextInit);\n }\n return originalFetch(url, nextInit);\n };\n }\n if (typeof XMLHttpRequest !== \"undefined\") {\n const originalOpen = XMLHttpRequest.prototype.open;\n const originalSend = XMLHttpRequest.prototype.send;\n XMLHttpRequest.prototype.open = function(method, url) {\n const rewritten = rewrittenUrl(url, false);\n this.__agentNativeExternalEmbed = !!rewritten;\n return originalOpen.call(\n this,\n method,\n rewritten || url,\n arguments.length > 2 ? arguments[2] : true,\n arguments[3],\n arguments[4]\n );\n };\n XMLHttpRequest.prototype.send = function(body) {\n if (this.__agentNativeExternalEmbed) {\n try {\n if (config.token) this.setRequestHeader(\"Authorization\", \"Bearer \" + config.token);\n this.setRequestHeader(config.embedTargetHeader, targetPath());\n } catch (_err) {}\n }\n return originalSend.call(this, body);\n };\n }\n if (typeof EventSource !== \"undefined\") {\n const OriginalEventSource = EventSource;\n window.EventSource = function(url, options) {\n return new OriginalEventSource(rewrittenUrl(url, true) || url, options);\n };\n window.EventSource.prototype = OriginalEventSource.prototype;\n }\n }\n\n function copyDocumentElementAttributes(source) {\n const target = document.documentElement;\n for (const attr of Array.from(target.attributes)) {\n target.removeAttribute(attr.name);\n }\n for (const attr of Array.from(source.attributes)) {\n target.setAttribute(attr.name, attr.value);\n }\n }\n\n function importChildren(source, target) {\n target.replaceChildren(\n ...Array.from(source.childNodes).map((node) => document.importNode(node, true))\n );\n }\n\n function isModuleScript(script) {\n return (script.getAttribute(\"type\") || \"\").trim().toLowerCase() === \"module\";\n }\n\n function isRunnableClassicScript(script) {\n const type = (script.getAttribute(\"type\") || \"\").trim().toLowerCase();\n return !type || type === \"text/javascript\" || type === \"application/javascript\";\n }\n\n function runClassicScript(script) {\n const next = document.createElement(\"script\");\n for (const attr of Array.from(script.attributes)) {\n if (attr.name === \"type\") continue;\n next.setAttribute(attr.name, attr.value);\n }\n if (script.src) {\n next.src = script.src;\n } else {\n next.textContent = script.textContent || \"\";\n }\n document.body.appendChild(next);\n next.remove();\n }\n\n function rootRelativeSpecifiersToAbsolute(code, appOrigin) {\n return String(code).replace(/([\"'])\\\\/(?!\\\\/)/g, \"$1\" + appOrigin + \"/\");\n }\n\n function moduleCodeToClassicAsync(code, appOrigin) {\n return rootRelativeSpecifiersToAbsolute(code, appOrigin)\n .replace(\n /\\\\bimport\\\\s+\\\\*\\\\s+as\\\\s+([A-Za-z_$][\\\\w$]*)\\\\s+from\\\\s+([\"'][^\"']+[\"'])\\\\s*;?/g,\n \"const $1 = await import($2);\"\n )\n .replace(/\\\\bimport\\\\s+([\"'][^\"']+[\"'])\\\\s*;?/g, \"await import($1);\")\n .replace(/\\\\bimport\\\\(([\"'][^\"']+[\"'])\\\\)\\\\s*;?/g, \"await import($1);\");\n }\n\n function runModuleScriptAsClassic(script, appOrigin) {\n const code = moduleCodeToClassicAsync(script.textContent || \"\", appOrigin);\n const runner = document.createElement(\"script\");\n runner.textContent =\n \"(async()=>{\" +\n code +\n \"})().catch((err)=>{console.error('[agent-native] transplanted app module failed',err);document.body.setAttribute('data-agent-native-hydration-error',String(err&&err.message||err));});\";\n document.body.appendChild(runner);\n runner.remove();\n }\n\n function mountTransplantedHtml(html, appUrl) {\n const config = embedConfigForAppUrl(appUrl);\n installExternalEmbedRuntime(config);\n const parsed = new DOMParser().parseFromString(\n rewriteRootRelativeHtmlUrls(removeHtmlCspMeta(html), appUrl.origin),\n \"text/html\"\n );\n const scripts = Array.from(parsed.querySelectorAll(\"script\"));\n copyDocumentElementAttributes(parsed.documentElement);\n importChildren(parsed.head, document.head);\n const base = document.createElement(\"base\");\n base.href = config.baseHref;\n document.head.prepend(base);\n importChildren(parsed.body, document.body);\n for (const script of scripts) {\n if (isRunnableClassicScript(script)) runClassicScript(script);\n }\n for (const script of scripts) {\n if (isModuleScript(script)) runModuleScriptAsClassic(script, appUrl.origin);\n }\n }\n\n async function transplantAppDocument(src) {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrame = null;\n lastFrameSrc = src;\n setMessage(\"Loading app\");\n const response = await fetch(src, {\n credentials: \"omit\",\n redirect: \"follow\",\n headers: { Accept: \"text/html\" }\n });\n if (!response.ok) {\n throw new Error(\"Embedded app returned HTTP \" + response.status + \".\");\n }\n const html = await response.text();\n const appUrl = new URL(response.url || src);\n try {\n window.history.replaceState(window.history.state, \"\", localPathFromUrl(appUrl, false));\n } catch {}\n mountTransplantedHtml(html, appUrl);\n notifyHostHeightRepeatedly();\n }\n\n function wantsEmbed() {\n if (toolInput.embed === false || toolInput.embed === \"false\") return false;\n if (embedByDefault) return true;\n return toolInput.embed === true || toolInput.embed === \"true\";\n }\n\n function supportedDisplayMode(mode) {\n if (openAiBridge && typeof openAiBridge.requestDisplayMode === \"function\") {\n return mode === \"inline\" || mode === \"fullscreen\" || mode === \"pip\";\n }\n const modes = hostState().context && hostState().context.availableDisplayModes;\n return Array.isArray(modes) && modes.includes(mode);\n }\n\n async function requestHostDisplayMode(mode) {\n let result;\n if (openAiBridge && typeof openAiBridge.requestDisplayMode === \"function\") {\n result = await openAiBridge.requestDisplayMode({ mode });\n } else {\n if (!app || typeof app.requestDisplayMode !== \"function\") {\n throw new Error(\"Display mode changes are not available in this host.\");\n }\n result = await app.requestDisplayMode({ mode });\n }\n updateDisplayButton();\n sendHostContext();\n return result;\n }\n\n function updateDisplayButton() {\n const context = hostState().context || {};\n const nextMode = context.displayMode === \"fullscreen\" ? \"inline\" : \"fullscreen\";\n const supported = supportedDisplayMode(nextMode);\n displayButton.hidden = !supported;\n displayButton.disabled = !supported;\n displayButton.textContent = nextMode === \"fullscreen\" ? \"Fullscreen\" : \"Inline\";\n displayButton.onclick = () => {\n if (!supportedDisplayMode(nextMode)) return;\n void requestHostDisplayMode(nextMode).catch((err) => {\n console.warn(\"[agent-native] MCP host rejected display mode request\", err);\n });\n };\n }\n\n function setMessage(message) {\n stage.innerHTML = '<div class=\"message\">' + esc(message) + '</div>';\n }\n\n function clearFrameReadyTimer() {\n if (!appFrameReadyTimer) return;\n clearTimeout(appFrameReadyTimer);\n appFrameReadyTimer = null;\n }\n\n function clearFrameLoadTimer() {\n if (!appFrameLoadTimer) return;\n clearTimeout(appFrameLoadTimer);\n appFrameLoadTimer = null;\n }\n\n function startFrameReadyTimer(frame) {\n clearFrameReadyTimer();\n appFrameReadyTimer = setTimeout(() => {\n if (!appFrameReady && appFrame === frame) renderFrameFallback();\n }, frameReadyTimeoutMs);\n }\n\n function renderFrameFallback() {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrame = null;\n const fallbackCopy = openUrl\n ? \"This chat host did not allow the embedded app frame to load inline. You can still open the same app route through the host or use the URL below.\"\n : \"This chat host did not allow the embedded app frame to load inline.\";\n stage.innerHTML =\n '<div class=\"fallback\">' +\n '<div class=\"fallback-title\">Open this app in its own tab</div>' +\n '<div class=\"fallback-copy\">' + esc(fallbackCopy) + '</div>' +\n '<div class=\"fallback-actions\">' +\n '<button type=\"button\" data-fallback-open>Open app</button>' +\n '<button type=\"button\" data-fallback-retry>Try inline again</button>' +\n '</div>' +\n (openUrl ? '<a class=\"fallback-url\" href=\"' + esc(openUrl) + '\" target=\"_blank\" rel=\"noreferrer\">' + esc(openUrl) + '</a>' : '') +\n '</div>';\n const fallbackOpen = stage.querySelector(\"[data-fallback-open]\");\n const fallbackRetry = stage.querySelector(\"[data-fallback-retry]\");\n if (fallbackOpen) {\n fallbackOpen.disabled = !openUrl;\n fallbackOpen.onclick = () => {\n if (openUrl) void openFallbackExternal();\n };\n }\n if (fallbackRetry) {\n fallbackRetry.disabled = !lastFrameSrc;\n fallbackRetry.onclick = () => {\n if (lastFrameSrc) renderFrame(lastFrameSrc);\n };\n }\n }\n\n async function openFallbackExternal() {\n if (!openUrl) return;\n let url = withChatBridgeParam(openUrl);\n try {\n if (url) {\n const result = await callEmbedSessionTool(embedSessionArgsFor(url));\n const data = parseToolResult(result);\n if (typeof data.startUrl === \"string\" && data.startUrl) {\n url = withChatBridgeParam(data.startUrl);\n }\n }\n } catch (err) {\n console.warn(\"[agent-native] MCP fallback could not mint a fresh app session\", err);\n }\n await openHostLink({ url });\n }\n\n function renderFrame(src) {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n const frame = document.createElement(\"iframe\");\n frame.title = body.dataset.iframeTitle || \"Agent Native app\";\n frame.src = src;\n frame.allow = \"clipboard-read; clipboard-write\";\n appFrame = frame;\n appFrameReady = false;\n lastFrameSrc = src;\n frame.addEventListener(\"load\", () => {\n if (appFrame !== frame) return;\n clearFrameLoadTimer();\n sendFrameReadyMessages(frame);\n startFrameReadyTimer(frame);\n });\n stage.replaceChildren(frame);\n notifyHostHeight();\n appFrameLoadTimer = setTimeout(() => {\n if (!appFrameReady && appFrame === frame) renderFrameFallback();\n }, frameLoadTimeoutMs);\n }\n\n function refreshExpiredEmbedSession() {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrameReady = false;\n if (!openUrl) {\n renderFrameFallback();\n return;\n }\n openStartUrl = \"\";\n startedFor = \"\";\n lastFrameSrc = \"\";\n setMessage(\"Refreshing app session\");\n void launchEmbed();\n }\n\n function shouldSelfNavigateToApp() {\n const mode = typeof toolInput.embedMode === \"string\"\n ? toolInput.embedMode\n : typeof toolInput.renderMode === \"string\"\n ? toolInput.renderMode\n : \"\";\n if (mode === \"iframe\" || mode === \"nested\") return false;\n if (toolInput.nested === true || toolInput.frame === \"iframe\") return false;\n return true;\n }\n\n function shouldTransplantAppDocument() {\n const mode = typeof toolInput.embedMode === \"string\"\n ? toolInput.embedMode\n : typeof toolInput.renderMode === \"string\"\n ? toolInput.renderMode\n : \"\";\n return (\n mode === \"transplant\" ||\n toolInput.frame === \"transplant\" ||\n isClaudeMcpContentHost()\n );\n }\n\n function isClaudeMcpContentHost() {\n try {\n return /(^|\\\\.)claudemcpcontent\\\\.com$/i.test(window.location.hostname || \"\");\n } catch {\n return false;\n }\n }\n\n function isChatGptSandboxHost() {\n try {\n const host = window.location.hostname || \"\";\n const appParam = new URL(window.location.href).searchParams.get(\"app\");\n return /(^|\\\\.)oaiusercontent\\\\.com$/i.test(host) || appParam === \"chatgpt\";\n } catch {\n return false;\n }\n }\n\n function shouldRenderControlledAppFrame() {\n return !!openAiBridge || isChatGptSandboxHost();\n }\n\n function navigateToAppFrame(src) {\n clearFrameReadyTimer();\n clearFrameLoadTimer();\n appFrame = null;\n lastFrameSrc = src;\n setMessage(\"Opening app\");\n try {\n window.location.replace(src);\n } catch (err) {\n console.warn(\"[agent-native] MCP app self-navigation failed\", err);\n renderFrameFallback();\n }\n }\n\n async function updateHostModelContext(data) {\n const params = {};\n if (Array.isArray(data && data.content)) params.content = data.content;\n if (data && data.structuredContent && typeof data.structuredContent === \"object\") {\n params.structuredContent = data.structuredContent;\n }\n if (openAiBridge && typeof openAiBridge.setWidgetState === \"function\") {\n openAiBridge.setWidgetState({\n ...objectValue(openAiBridge.widgetState),\n agentNativeModelContext: params\n });\n return { ok: true };\n }\n if (!app || typeof app.updateModelContext !== \"function\") return { ok: false };\n await app.updateModelContext(params);\n return { ok: true };\n }\n\n async function openHostLink(data) {\n const url = typeof (data && data.url) === \"string\" ? data.url : \"\";\n if (!url) return { isError: true };\n if (openAiBridge && typeof openAiBridge.openExternal === \"function\") {\n return await openAiBridge.openExternal({ href: url, redirectUrl: false });\n }\n if (app && typeof app.openLink === \"function\") {\n return await app.openLink({ url });\n }\n window.open(url, \"_blank\", \"noopener,noreferrer\");\n return { ok: true };\n }\n\n function notifyHostHeight() {\n const height = applyIntrinsicHeight(visibleIntrinsicHeight());\n if (!openAiBridge || typeof openAiBridge.notifyIntrinsicHeight !== \"function\") {\n if (app && typeof app.sendSizeChanged === \"function\") {\n try {\n app.sendSizeChanged({ height });\n } catch (err) {\n console.warn(\"[agent-native] MCP host rejected size update\", err);\n }\n }\n return;\n }\n try {\n openAiBridge.notifyIntrinsicHeight({ height });\n } catch (err) {\n console.warn(\"[agent-native] ChatGPT rejected intrinsic height update\", err);\n }\n }\n\n function respondToAppFrame(requestId, work) {\n if (!requestId) return;\n Promise.resolve(work)\n .then((result) => {\n sendToAppFrame({\n type: \"agentNative.mcpHost.response\",\n data: { requestId, ok: true, result }\n });\n })\n .catch((err) => {\n sendToAppFrame({\n type: \"agentNative.mcpHost.response\",\n data: {\n requestId,\n ok: false,\n error: err && err.message ? err.message : String(err)\n }\n });\n });\n }\n\n async function sendHostChat(chat) {\n if (!chat || chat.submit === false) return;\n const message = typeof chat.message === \"string\" ? chat.message : \"\";\n if (!message.trim()) return;\n const context = typeof chat.context === \"string\" ? chat.context.trim() : \"\";\n try {\n if (openAiBridge && typeof openAiBridge.setWidgetState === \"function\") {\n openAiBridge.setWidgetState({\n ...objectValue(openAiBridge.widgetState),\n agentNativeChatContext: context || null\n });\n } else if (app && typeof app.updateModelContext === \"function\") {\n await app.updateModelContext({\n content: context ? [{ type: \"text\", text: context }] : []\n });\n }\n } catch (err) {\n console.warn(\"[agent-native] MCP host rejected model context update\", err);\n }\n try {\n if (openAiBridge && typeof openAiBridge.sendFollowUpMessage === \"function\") {\n await openAiBridge.sendFollowUpMessage({\n prompt: message,\n scrollToBottom: true\n });\n return;\n }\n if (!app || typeof app.sendMessage !== \"function\") return;\n const result = await app.sendMessage({\n role: \"user\",\n content: [{ type: \"text\", text: message }]\n });\n if (result && result.isError) {\n console.warn(\"[agent-native] MCP host rejected chat message\", result);\n }\n } catch (err) {\n console.warn(\"[agent-native] MCP host chat bridge failed\", err);\n }\n }\n\n window.addEventListener(\"message\", (event) => {\n if (!appFrame || event.source !== appFrame.contentWindow) return;\n if (!event.data) return;\n const data = event.data.data || {};\n if (event.data.type === \"agentNative.embeddedAppReady\") {\n appFrameReady = true;\n clearFrameLoadTimer();\n clearFrameReadyTimer();\n return;\n }\n if (event.data.type === \"agentNative.embedSessionExpired\") {\n refreshExpiredEmbedSession();\n return;\n }\n if (event.data.type === \"agentNative.submitChat\") {\n void sendHostChat(data);\n return;\n }\n if (event.data.type === \"agentNative.mcpHost.updateModelContext\") {\n respondToAppFrame(data.requestId, updateHostModelContext(data));\n return;\n }\n if (event.data.type === \"agentNative.mcpHost.openLink\") {\n respondToAppFrame(data.requestId, openHostLink(data));\n return;\n }\n if (event.data.type === \"agentNative.mcpHost.requestDisplayMode\") {\n respondToAppFrame(data.requestId, requestHostDisplayMode(data.mode));\n }\n });\n\n function notifyHostHeightSoon() {\n requestAnimationFrame(() => notifyHostHeight());\n }\n\n function notifyHostHeightRepeatedly() {\n notifyHostHeight();\n [0, 250, 1000, 2500].forEach((delay) => {\n setTimeout(() => notifyHostHeight(), delay);\n });\n }\n\n window.addEventListener(\"resize\", notifyHostHeightSoon, { passive: true });\n if (window.visualViewport) {\n window.visualViewport.addEventListener(\"resize\", notifyHostHeightSoon, { passive: true });\n }\n\n async function launchEmbed() {\n const launchUrl = openStartUrl || openUrl;\n if (!launchUrl) {\n setMessage(\"Open link was not available.\");\n return;\n }\n if (!wantsEmbed()) {\n setMessage(\"Ready to open.\");\n return;\n }\n if (startedFor === launchUrl) return;\n startedFor = launchUrl;\n setMessage(\"Loading app\");\n try {\n const selfNavigate = shouldSelfNavigateToApp();\n const embedUrl = withChatBridgeParam(launchUrl);\n if (selfNavigate && isEmbedStartUrl(embedUrl)) {\n if (isClaudeMcpContentHost() && shouldTransplantAppDocument()) {\n await transplantAppDocument(embedUrl);\n } else if (shouldRenderControlledAppFrame()) {\n renderFrame(embedUrl);\n } else {\n navigateToAppFrame(embedUrl);\n }\n return;\n }\n if (!selfNavigate && isEmbedStartUrl(embedUrl)) {\n renderFrame(embedUrl);\n return;\n }\n const result = await callEmbedSessionTool(embedSessionArgsFor(embedUrl));\n const data = parseToolResult(result);\n if (typeof data.startUrl !== \"string\" || !data.startUrl) {\n startedFor = \"\";\n setMessage(data.error || \"This app can be opened, but not embedded from this MCP server.\");\n return;\n }\n const startUrl = withChatBridgeParam(data.startUrl);\n if (selfNavigate) {\n if (isClaudeMcpContentHost() && shouldTransplantAppDocument()) {\n await transplantAppDocument(startUrl);\n } else if (shouldRenderControlledAppFrame()) {\n renderFrame(startUrl);\n } else {\n navigateToAppFrame(startUrl);\n }\n } else {\n renderFrame(startUrl);\n }\n } catch (err) {\n startedFor = \"\";\n setMessage(err && err.message ? err.message : \"Could not launch embedded app.\");\n }\n }\n\n async function callEmbedSessionTool(args) {\n if (openAiBridge && typeof openAiBridge.callTool === \"function\") {\n return await openAiBridge.callTool(startTool, args);\n }\n if (!app || typeof app.callServerTool !== \"function\") {\n throw new Error(\"Host tool calls are not available.\");\n }\n return await app.callServerTool({ name: startTool, arguments: args });\n }\n\n function updateHostOpenInAppUrl() {\n if (!openAiBridge || !openUrl || typeof openAiBridge.setOpenInAppUrl !== \"function\") {\n return;\n }\n try {\n openAiBridge.setOpenInAppUrl({ href: openUrl });\n } catch (err) {\n console.warn(\"[agent-native] ChatGPT rejected open-in-app URL\", err);\n }\n }\n\n function updateOpenButton() {\n const buttonUrl = openUrl;\n openButton.disabled = !buttonUrl;\n openButton.onclick = () => {\n if (buttonUrl) void openHostLink({ url: buttonUrl });\n };\n updateHostOpenInAppUrl();\n }\n\n function updateTitle(data) {\n const label = data.label || data.app || data.view || body.dataset.appTitle || \"App\";\n titleEl.textContent = String(label);\n }\n\n function readOpenAiBridge() {\n return window.openai && typeof window.openai === \"object\"\n ? window.openai\n : null;\n }\n\n function openAiToolResultParams(bridge) {\n const params = {};\n if (bridge && bridge.toolOutput !== undefined) {\n if (bridge.toolOutput && typeof bridge.toolOutput === \"object\") {\n params.structuredContent = bridge.toolOutput;\n } else {\n params.content = [{ type: \"text\", text: String(bridge.toolOutput) }];\n }\n }\n if (bridge && bridge.toolResponseMetadata && typeof bridge.toolResponseMetadata === \"object\") {\n params._meta = bridge.toolResponseMetadata;\n }\n return params;\n }\n\n function syncOpenAiBridge(bridge) {\n if (!bridge) return false;\n openAiBridge = bridge;\n toolInput = objectValue(bridge.toolInput);\n const params = openAiToolResultParams(bridge);\n const data = parseToolResult(params);\n openUrl = openLinkFrom(params, data);\n openStartUrl = embedStartUrlFrom(params, data);\n updateTitle(data);\n updateOpenButton();\n updateDisplayButton();\n notifyHostHeight();\n sendHostContext();\n if (openUrl || openStartUrl) {\n void launchEmbed();\n } else if (!appFrame) {\n setMessage(\"Waiting for app result\");\n }\n return true;\n }\n\n function waitForOpenAiBridge() {\n const existing = readOpenAiBridge();\n if (existing) return Promise.resolve(existing);\n return new Promise((resolve) => {\n let settled = false;\n const finish = (bridge) => {\n if (settled) return;\n settled = true;\n window.removeEventListener(\"openai:set_globals\", onGlobals);\n clearTimeout(timer);\n resolve(bridge || readOpenAiBridge());\n };\n const onGlobals = () => finish(readOpenAiBridge());\n const timer = setTimeout(() => finish(null), 200);\n window.addEventListener(\"openai:set_globals\", onGlobals, { passive: true });\n });\n }\n\n window.addEventListener(\"openai:set_globals\", () => {\n const bridge = readOpenAiBridge();\n if (bridge && (!appFrame || openAiBridge)) syncOpenAiBridge(bridge);\n }, { passive: true });\n\n async function startMcpAppsBridge() {\n const { App } = await import(\"${MCP_APP_IMPORT}\");\n app = new App(\n { name: \"Agent Native Embed\", version: \"1.0.0\" },\n {},\n { autoResize: false }\n );\n app.ontoolinput = (params) => {\n toolInput = params.arguments || {};\n };\n app.ontoolresult = (params) => {\n const data = parseToolResult(params);\n openUrl = openLinkFrom(params, data);\n openStartUrl = embedStartUrlFrom(params, data);\n updateTitle(data);\n updateOpenButton();\n void launchEmbed();\n };\n app.onhostcontextchanged = () => {\n updateDisplayButton();\n notifyHostHeight();\n sendHostContext();\n };\n await app.connect();\n updateDisplayButton();\n notifyHostHeight();\n sendHostContext();\n }\n\n const initialOpenAiBridge = await waitForOpenAiBridge();\n if (!syncOpenAiBridge(initialOpenAiBridge)) {\n await startMcpAppsBridge();\n }\n </script>\n</body>\n</html>`,\n csp: {\n connectDomains: [\n \"https://esm.sh\",\n MCP_APP_REQUEST_ORIGIN_CSP_SOURCE,\n ...(options.frameDomains ?? []),\n ],\n resourceDomains: [\n \"https://esm.sh\",\n MCP_APP_REQUEST_ORIGIN_CSP_SOURCE,\n ...(options.frameDomains ?? []),\n ],\n baseUriDomains: [MCP_APP_REQUEST_ORIGIN_CSP_SOURCE],\n frameDomains,\n },\n prefersBorder: false,\n };\n}\n"]}
package/dist/server/deep-link.d.ts CHANGED
@@ -13,8 +13,6 @@ export interface DeepLinkInput {
13
13
  /** Explicit client-side path override (must be a same-origin, leading-slash
14
14
  * relative path — enforced by the open route). */
15
15
  to?: string;
16
- /** Base64url-encoded JSON compose draft (mail's `compose-{id}` contract). */
17
- compose?: string;
18
16
  }
19
17
  /**
20
18
  * Build the app-relative deep-link path:
package/dist/server/deep-link.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deep-link.d.ts","sourceRoot":"","sources":["../../src/server/deep-link.ts"],"names":[],"mappings":"AAoBA,2EAA2E;AAC3E,eAAO,MAAM,kBAAkB,UAAU,CAAC;AAE1C,8EAA8E;AAC9E,eAAO,MAAM,gBAAgB,uBAAuB,CAAC;AAErD,MAAM,WAAW,aAAa;IAC5B,uEAAuE;IACvE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;IACb;yEACqE;IACrE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;IACtE;uDACmD;IACnD,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,6EAA6E;IAC7E,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAeD;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,aAAa,GAAG,MAAM,CAI1D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GAAG,SAAS,GACzB,MAAM,CAIR;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAI1D"}
1
+ {"version":3,"file":"deep-link.d.ts","sourceRoot":"","sources":["../../src/server/deep-link.ts"],"names":[],"mappings":"AAoBA,2EAA2E;AAC3E,eAAO,MAAM,kBAAkB,UAAU,CAAC;AAE1C,8EAA8E;AAC9E,eAAO,MAAM,gBAAgB,uBAAuB,CAAC;AAErD,MAAM,WAAW,aAAa;IAC5B,uEAAuE;IACvE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;IACb;yEACqE;IACrE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;IACtE;uDACmD;IACnD,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAcD;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,aAAa,GAAG,MAAM,CAI1D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GAAG,SAAS,GACzB,MAAM,CAIR;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAI1D"}
package/dist/server/deep-link.js CHANGED
@@ -28,8 +28,6 @@ function buildQuery(input) {
28
28
  sp.set("view", input.view);
29
29
  if (input.to)
30
30
  sp.set("to", input.to);
31
- if (input.compose)
32
- sp.set("compose", input.compose);
33
31
  for (const [k, v] of Object.entries(input.params ?? {})) {
34
32
  if (v === undefined || v === null || v === "")
35
33
  continue;
package/dist/server/deep-link.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deep-link.js","sourceRoot":"","sources":["../../src/server/deep-link.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAC;AAEhF,2EAA2E;AAC3E,MAAM,CAAC,MAAM,kBAAkB,GAAG,OAAO,CAAC;AAE1C,8EAA8E;AAC9E,MAAM,CAAC,MAAM,gBAAgB,GAAG,oBAAoB,CAAC;AAiBrD,SAAS,UAAU,CAAC,KAAoB;IACtC,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC;IACjC,IAAI,KAAK,CAAC,GAAG;QAAE,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACxC,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,IAAI,KAAK,CAAC,EAAE;QAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC;IACrC,IAAI,KAAK,CAAC,OAAO;QAAE,EAAE,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IACpD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC;QACxD,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE;YAAE,SAAS;QACxD,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IACD,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC;AACvB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,KAAoB;IAChD,OAAO,8BAA8B,CACnC,iBAAiB,kBAAkB,IAAI,UAAU,CAAC,KAAK,CAAC,EAAE,CAC3D,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAC/B,SAAiB,EACjB,MAA0B;IAE1B,IAAI,0BAA0B,CAAC,IAAI,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IACjE,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAC9B,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,SAAS,EAAE,CAAC;AAC5F,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAChD,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACzD,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,gBAAgB,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC;AACnE,CAAC","sourcesContent":["/**\n * Deep-link helpers — the single source of truth for the\n * `/_agent-native/open` URL format.\n *\n * Every artifact-producing / list action that wants an external agent (MCP /\n * A2A) to surface an \"Open in <app> →\" link returns\n * `{ url: buildDeepLink(...), label }` from its `link` builder. The MCP layer\n * turns the relative path into an absolute web URL (and an `agentnative://`\n * desktop URL) using the request origin.\n *\n * The `/_agent-native/open` route (see `open-route.ts`) consumes these: it\n * resolves the *browser session's* identity, writes the existing one-shot\n * `navigate` application-state command, and 302-redirects to the rendered SPA\n * view so any browser / inline webview lands on the right screen with the\n * record focused. We never invent a new navigation mechanism — this just\n * bridges external surfaces to the `navigate`/`application_state` contract the\n * UI already drains every 2s.\n */\nimport { withCollapsedAgentSidebarParam } from \"../shared/agent-sidebar-url.js\";\n\n/** Path of the framework deep-link route, relative to the route prefix. */\nexport const OPEN_ROUTE_SUBPATH = \"/open\";\n\n/** Custom URL scheme the desktop app registers (`agentnative://open?...`). */\nexport const DESKTOP_OPEN_URL = \"agentnative://open\";\n\nexport interface DeepLinkInput {\n /** App id (informational + multi-app/desktop routing), e.g. \"mail\". */\n app?: string;\n /** Target view — maps to the `navigate` command `view`. */\n view: string;\n /** Record-focus + filter params, e.g. `{ threadId }`, `{ eventId, date }`,\n * `{ dashboardId }`. `undefined`/`null`/`\"\"` values are dropped. */\n params?: Record<string, string | number | boolean | null | undefined>;\n /** Explicit client-side path override (must be a same-origin, leading-slash\n * relative path — enforced by the open route). */\n to?: string;\n /** Base64url-encoded JSON compose draft (mail's `compose-{id}` contract). */\n compose?: string;\n}\n\nfunction buildQuery(input: DeepLinkInput): string {\n const sp = new URLSearchParams();\n if (input.app) sp.set(\"app\", input.app);\n sp.set(\"view\", input.view);\n if (input.to) sp.set(\"to\", input.to);\n if (input.compose) sp.set(\"compose\", input.compose);\n for (const [k, v] of Object.entries(input.params ?? {})) {\n if (v === undefined || v === null || v === \"\") continue;\n sp.set(k, String(v));\n }\n return sp.toString();\n}\n\n/**\n * Build the app-relative deep-link path:\n * `/_agent-native/open?app=mail&view=inbox&threadId=abc`.\n * Per-app `link` builders call this; never hand-format the URL.\n */\nexport function buildDeepLink(input: DeepLinkInput): string {\n return withCollapsedAgentSidebarParam(\n `/_agent-native${OPEN_ROUTE_SUBPATH}?${buildQuery(input)}`,\n );\n}\n\n/**\n * Resolve a (possibly relative) deep link to an absolute web URL using the\n * inbound request origin. Absolute URLs pass through unchanged.\n */\nexport function toAbsoluteOpenUrl(\n urlOrPath: string,\n origin: string | undefined,\n): string {\n if (/^[a-z][a-z0-9+.-]*:\\/\\//i.test(urlOrPath)) return urlOrPath;\n if (!origin) return urlOrPath;\n return `${origin.replace(/\\/+$/, \"\")}${urlOrPath.startsWith(\"/\") ? \"\" : \"/\"}${urlOrPath}`;\n}\n\n/**\n * Rewrite a deep link to the desktop `agentnative://open?...` scheme so the\n * desktop app's existing `handleDeepLink` opens it inside the app webview.\n * Accepts either an app-relative `/_agent-native/open?...` path or an absolute\n * web URL; preserves the query string.\n */\nexport function toDesktopOpenUrl(urlOrPath: string): string {\n const qIdx = urlOrPath.indexOf(\"?\");\n const query = qIdx >= 0 ? urlOrPath.slice(qIdx + 1) : \"\";\n return query ? `${DESKTOP_OPEN_URL}?${query}` : DESKTOP_OPEN_URL;\n}\n"]}
1
+ {"version":3,"file":"deep-link.js","sourceRoot":"","sources":["../../src/server/deep-link.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAC;AAEhF,2EAA2E;AAC3E,MAAM,CAAC,MAAM,kBAAkB,GAAG,OAAO,CAAC;AAE1C,8EAA8E;AAC9E,MAAM,CAAC,MAAM,gBAAgB,GAAG,oBAAoB,CAAC;AAerD,SAAS,UAAU,CAAC,KAAoB;IACtC,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC;IACjC,IAAI,KAAK,CAAC,GAAG;QAAE,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACxC,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,IAAI,KAAK,CAAC,EAAE;QAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC;IACrC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC;QACxD,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE;YAAE,SAAS;QACxD,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IACD,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC;AACvB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,KAAoB;IAChD,OAAO,8BAA8B,CACnC,iBAAiB,kBAAkB,IAAI,UAAU,CAAC,KAAK,CAAC,EAAE,CAC3D,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAC/B,SAAiB,EACjB,MAA0B;IAE1B,IAAI,0BAA0B,CAAC,IAAI,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IACjE,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAC9B,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,SAAS,EAAE,CAAC;AAC5F,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAChD,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACzD,OAAO,KAAK,CAAC,CAAC,CAAC,GAAG,gBAAgB,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC;AACnE,CAAC","sourcesContent":["/**\n * Deep-link helpers — the single source of truth for the\n * `/_agent-native/open` URL format.\n *\n * Every artifact-producing / list action that wants an external agent (MCP /\n * A2A) to surface an \"Open in <app> →\" link returns\n * `{ url: buildDeepLink(...), label }` from its `link` builder. The MCP layer\n * turns the relative path into an absolute web URL (and an `agentnative://`\n * desktop URL) using the request origin.\n *\n * The `/_agent-native/open` route (see `open-route.ts`) consumes these: it\n * resolves the *browser session's* identity, writes the existing one-shot\n * `navigate` application-state command, and 302-redirects to the rendered SPA\n * view so any browser / inline webview lands on the right screen with the\n * record focused. We never invent a new navigation mechanism — this just\n * bridges external surfaces to the `navigate`/`application_state` contract the\n * UI already drains every 2s.\n */\nimport { withCollapsedAgentSidebarParam } from \"../shared/agent-sidebar-url.js\";\n\n/** Path of the framework deep-link route, relative to the route prefix. */\nexport const OPEN_ROUTE_SUBPATH = \"/open\";\n\n/** Custom URL scheme the desktop app registers (`agentnative://open?...`). */\nexport const DESKTOP_OPEN_URL = \"agentnative://open\";\n\nexport interface DeepLinkInput {\n /** App id (informational + multi-app/desktop routing), e.g. \"mail\". */\n app?: string;\n /** Target view — maps to the `navigate` command `view`. */\n view: string;\n /** Record-focus + filter params, e.g. `{ threadId }`, `{ eventId, date }`,\n * `{ dashboardId }`. `undefined`/`null`/`\"\"` values are dropped. */\n params?: Record<string, string | number | boolean | null | undefined>;\n /** Explicit client-side path override (must be a same-origin, leading-slash\n * relative path — enforced by the open route). */\n to?: string;\n}\n\nfunction buildQuery(input: DeepLinkInput): string {\n const sp = new URLSearchParams();\n if (input.app) sp.set(\"app\", input.app);\n sp.set(\"view\", input.view);\n if (input.to) sp.set(\"to\", input.to);\n for (const [k, v] of Object.entries(input.params ?? {})) {\n if (v === undefined || v === null || v === \"\") continue;\n sp.set(k, String(v));\n }\n return sp.toString();\n}\n\n/**\n * Build the app-relative deep-link path:\n * `/_agent-native/open?app=mail&view=inbox&threadId=abc`.\n * Per-app `link` builders call this; never hand-format the URL.\n */\nexport function buildDeepLink(input: DeepLinkInput): string {\n return withCollapsedAgentSidebarParam(\n `/_agent-native${OPEN_ROUTE_SUBPATH}?${buildQuery(input)}`,\n );\n}\n\n/**\n * Resolve a (possibly relative) deep link to an absolute web URL using the\n * inbound request origin. Absolute URLs pass through unchanged.\n */\nexport function toAbsoluteOpenUrl(\n urlOrPath: string,\n origin: string | undefined,\n): string {\n if (/^[a-z][a-z0-9+.-]*:\\/\\//i.test(urlOrPath)) return urlOrPath;\n if (!origin) return urlOrPath;\n return `${origin.replace(/\\/+$/, \"\")}${urlOrPath.startsWith(\"/\") ? \"\" : \"/\"}${urlOrPath}`;\n}\n\n/**\n * Rewrite a deep link to the desktop `agentnative://open?...` scheme so the\n * desktop app's existing `handleDeepLink` opens it inside the app webview.\n * Accepts either an app-relative `/_agent-native/open?...` path or an absolute\n * web URL; preserves the query string.\n */\nexport function toDesktopOpenUrl(urlOrPath: string): string {\n const qIdx = urlOrPath.indexOf(\"?\");\n const query = qIdx >= 0 ? urlOrPath.slice(qIdx + 1) : \"\";\n return query ? `${DESKTOP_OPEN_URL}?${query}` : DESKTOP_OPEN_URL;\n}\n"]}
package/dist/server/embed-session.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"embed-session.d.ts","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAkBlC,QAAA,MAAM,UAAU,+BAA+B,CAAC;AA6BhD,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gCAAgC;IAC/C,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,WAAW,0BAA0B;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,OAAO,UAAU,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,MAAM,6BAA6B,GACrC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,uBAAuB,CAAA;CAAE,GAC7C;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAElC,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAoTF,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,OAAO,EACd,UAAU,EAAE,MAAM,GACjB,OAAO,CAYT;AAaD,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EAC9B,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,GAAG,IAAI,CA8Bf;AAED,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC,CA8B7B;AAED,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EACjC,OAAO,GAAE,gCAAqC,GAC7C,OAAO,CAAC,0BAA0B,GAAG,IAAI,CAAC,CA6C5C;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CAeT;AAED,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAC/B,6BAA6B,CAsC/B;AAiCD,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAQzE;AAyBD,wBAAsB,8BAA8B,CAClD,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CA+BtC;AAED,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAoBjE;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAS1D"}
1
+ {"version":3,"file":"embed-session.d.ts","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAkBlC,QAAA,MAAM,UAAU,+BAA+B,CAAC;AAiChD,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gCAAgC;IAC/C,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,WAAW,0BAA0B;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,OAAO,UAAU,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,MAAM,6BAA6B,GACrC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,uBAAuB,CAAA;CAAE,GAC7C;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAElC,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAoTF,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,OAAO,EACd,UAAU,EAAE,MAAM,GACjB,OAAO,CAYT;AAaD,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EAC9B,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,GAAG,IAAI,CA8Bf;AAED,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,uBAAuB,GAC7B,OAAO,CAAC,kBAAkB,CAAC,CA8B7B;AAED,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EACjC,OAAO,GAAE,gCAAqC,GAC7C,OAAO,CAAC,0BAA0B,GAAG,IAAI,CAAC,CA6C5C;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CAeT;AAED,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAC/B,6BAA6B,CAsC/B;AAiCD,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAQzE;AAyBD,wBAAsB,8BAA8B,CAClD,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CA+BtC;AAED,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAoBjE;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAS1D"}
package/dist/server/embed-session.js CHANGED
@@ -24,6 +24,10 @@ const OPEN_ROUTE_VIEW_PATHS = {
24
24
  settings: "/settings",
25
25
  };
26
26
  const EMBED_ROUTE_ALIASES = {
27
+ // Dispatch's app root redirects to /overview. A ticket minted for the root
28
+ // should survive that first-hop redirect instead of falling back to the
29
+ // private deployment token gate.
30
+ "/": ["/overview"],
27
31
  "/dashboard": ["/adhoc/agent-native-templates-first-party"],
28
32
  "/dashboards": ["/adhoc/agent-native-templates-first-party"],
29
33
  "/traffic": ["/adhoc/agent-native-templates-first-party"],
package/dist/server/embed-session.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"embed-session.js","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,OAAO,EACL,SAAS,EACT,SAAS,EACT,QAAQ,EACR,SAAS,EACT,iBAAiB,GAClB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,UAAU,GAAG,4BAA4B,CAAC;AAChD,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,CAAC;AAC1C,MAAM,0BAA0B,GAAG,CAAC,GAAG,EAAE,CAAC;AAC1C,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,0BAA0B,CAAC,CAAC;AAC7D,MAAM,eAAe,GAAG,qBAAqB,CAAC;AAC9C,MAAM,qBAAqB,GAA2B;IACpD,GAAG,EAAE,GAAG;IACR,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,SAAS;IAClB,SAAS,EAAE,YAAY;IACvB,IAAI,EAAE,GAAG;IACT,GAAG,EAAE,MAAM;IACX,SAAS,EAAE,SAAS;IACpB,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,UAAU;IAClB,OAAO,EAAE,UAAU;IACnB,QAAQ,EAAE,WAAW;CACtB,CAAC;AACF,MAAM,mBAAmB,GAA6B;IACpD,YAAY,EAAE,CAAC,2CAA2C,CAAC;IAC3D,aAAa,EAAE,CAAC,2CAA2C,CAAC;IAC5D,UAAU,EAAE,CAAC,2CAA2C,CAAC;IACzD,oBAAoB,EAAE,CAAC,2CAA2C,CAAC;CACpE,CAAC;AAEF,IAAI,YAAuC,CAAC;AAC5C,IAAI,cAAkC,CAAC;AAkDvC,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC;;;;;;;uBAOJ,OAAO,EAAE;uBACT,OAAO,EAAE;wBACR,OAAO,EAAE;;OAE1B,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjB,YAAY,GAAG,SAAS,CAAC;YACzB,MAAM,GAAG,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,MAAM,GACV,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,4BAA4B,CAAC,mBAAmB,CAAC,CAAC;IACpD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,4IAA4I,CAC7I,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,SAAS,eAAe,CAAC,GAAoB;IAC3C,MAAM,CAAC,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACnE,OAAO,CAAC;SACL,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,MAAM,GAAG,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAChE,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,eAAe,CACpB,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CACtE,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACxB,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACvC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAgB;IAC/C,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;IACxC,IAAI,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC;IAC3B,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,GAAG,CAAC;IAClC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC;QACjC,OAAO,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC;IAC5C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,UAAU,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAAgC;IACvD,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACzD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACrD,IACE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QACrB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QACtB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EACrB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,wBAAwB,CAC/B,OAAoB,EACpB,IAA+B;IAE/B,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,QAAQ;QAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,wBAAwB,CAAC,UAAkB;IAClD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,uBAAuB,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,eAAe,EAAE,CAAC;QAC9D,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,EAAE,GAAG,wBAAwB,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAChE,wBAAwB,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAEtC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC;IAClD,IAAI,CAAC,IAAI,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,OAAO,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IAC1D,MAAM,YAAY,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAChD,wBAAwB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAChD,wBAAwB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;IAE/D,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,KAAK,OAAO,IAAI,WAAW,EAAE,CAAC;QACpC,wBAAwB,CACtB,OAAO,EACP,UAAU,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAC5C,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,IAAI,IAAI,KAAK,UAAU,IAAI,UAAU,EAAE,CAAC;QACtC,wBAAwB,CACtB,OAAO,EACP,aAAa,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,KAAK,YAAY,IAAI,WAAW,EAAE,CAAC;QACzC,wBAAwB,CACtB,OAAO,EACP,eAAe,kBAAkB,CAAC,WAAW,CAAC,EAAE,CACjD,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,QAAQ,EAAE,CAAC;QACb,wBAAwB,CACtB,OAAO,EACP,IAAI,KAAK,SAAS;YAChB,CAAC,CAAC,YAAY,kBAAkB,CAAC,QAAQ,CAAC,EAAE;YAC5C,CAAC,CAAC,WAAW,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,IAAI,UAAU,EAAE,CAAC;QACf,wBAAwB,CACtB,OAAO,EACP,SAAS,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/D,IAAI,MAAM,EAAE,CAAC;QACX,wBAAwB,CACtB,OAAO,EACP,IAAI,KAAK,SAAS;YAChB,CAAC,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,UAAU;YAC/C,CAAC,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,IACE,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClD,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACpD,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EACjD,CAAC;QACD,wBAAwB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,IACE,IAAI,KAAK,UAAU;QACnB,CAAC,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAC/C,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EACxD,CAAC;QACD,wBAAwB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,YAAY,IAAI,QAAQ,EAAE,CAAC;QAC7B,wBAAwB,CACtB,OAAO,EACP,GAAG,YAAY,IAAI,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAClD,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,2BAA2B,CAAC,UAAkB;IACrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpB,KAAK,MAAM,WAAW,IAAI,mBAAmB,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,KAAK,MAAM,UAAU,IAAI,wBAAwB,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,eAAe,GAAI,KAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACjE,IAAI,OAAO,eAAe,KAAK,QAAQ,IAAI,eAAe,EAAE,CAAC;QAC3D,OAAO,GAAG,eAAe,GAAI,KAAa,CAAC,GAAG,EAAE,MAAM,IAAI,EAAE,EAAE,CAAC;IACjE,CAAC;IACD,OAAO,CACJ,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG;QAC3B,KAAa,CAAC,GAAG,EAAE,GAA0B;QAC7C,KAAa,CAAC,OAAO,EAAE,GAA0B;QAClD,KAAa,CAAC,IAAI;QAClB,KAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;QAChC,GAAG,CACJ,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,MAAM,GAAG,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;QACtE,OAAO,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAC1C,MAAM,MAAM,GACT,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QAC1D,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QACjD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC;QACvD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,WAAW,EAAE,CAAC,CAAC;IACzE,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QAClD,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,MAAM,GACT,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC;QAC7C,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC;QACpC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC;IAC1C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACtE,IAAI,CAAC;QACH,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAc;IAC5C,IAAI,GAAG,GACJ,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC;QAChD,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC;QACjD,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC;QACvC,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC;QACxC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO;QACzC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ;QAC3C,IAAI,CAAC;IACP,IAAI,CAAC;QACH,GAAG,GAAG,GAAG,IAAI,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,SAAS,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,GAAG,GAAG,IAAI,IAAI,CAAC;IACpB,CAAC;IACD,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAChD,OAAO,gBAAgB,CAAC,GAAG,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACpE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,KAAc,EACd,UAAkB;IAElB,MAAM,OAAO,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;IACxD,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,YAAY,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IACjD,IAAI,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3D,MAAM,cAAc,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;IACrD,OAAO,CAAC,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAc;IAC3C,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACxC,OAAO,CACL,CAAC,CAAC,QAAQ;QACV,CAAC,QAAQ,KAAK,MAAM;YAClB,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;YAC5B,QAAQ,KAAK,gBAAgB;YAC7B,QAAQ,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAC1C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,GAA8B,EAC9B,aAAsB;IAEtB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,KAAK,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAErD,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;YAC9B,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;gBACxC,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;YACrD,CAAC;YACD,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;YACxC,IACE,IAAI;gBACJ,MAAM,CAAC,QAAQ,KAAK,IAAI;gBACxB,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,EACvC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,GAAG,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAC5D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7C,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACjE,IAAI,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAA8B;IAE9B,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC9E,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9D,IAAI,CAAC,UAAU;QACb,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAEhE,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,0BAA0B,CAAC;IAClE,MAAM,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC;IACvD,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EACD,yCAAyC;YACzC,8FAA8F;YAC9F,iCAAiC;QACnC,IAAI,EAAE;YACJ,UAAU;YACV,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,GAAG;YACH,SAAS;YACT,IAAI;SACL;KACF,CAAC,CAAC;IACH,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiC,EACjC,UAA4C,EAAE;IAE9C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACzC,GAAG,EACD,uFAAuF;YACvF,uDAAuD;QACzD,IAAI,EAAE,CAAC,UAAU,CAAC;KACnB,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,MAAM,GAAG,GAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACnE,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IACzD,IAAI,UAAU,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,SAAS,IAAI,IAAI,IAAI,SAAS,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,OAAO,CAAC,aAAa,IAAI,KAAK,IAAI,KAAK,KAAK,OAAO,CAAC,aAAa,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACvC,GAAG,EACD,wDAAwD;YACxD,+CAA+C;QACjD,IAAI,EAAE,CAAC,GAAG,EAAE,UAAU,CAAC;KACxB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,YAAY,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,UAAU,GAAG,wBAAwB,CACzC,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CACrD,CAAC;IACF,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACxE,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,IAAI,SAAS,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAEjE,OAAO;QACL,UAAU;QACV,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3B,UAAU;QACV,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC;YAC9B,CAAC,CAAC,EAAE,KAAK,EAAE,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;YACzC,CAAC,CAAC,EAAE,CAAC;QACP,SAAS;KACV,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAMrC;IACC,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACrE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,IAAI,yBAAyB,CAAC,CAAC;IACvE,MAAM,MAAM,GAA4B;QACtC,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,UAAU;QACV,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,GAAG;KACf,CAAC;IACF,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,OAAO,GAAG,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,KAAgC;IAEhC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IACD,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;IACnC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;QACnE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IAED,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IAED,IACE,CAAC,MAAM;QACP,MAAM,CAAC,IAAI,KAAK,UAAU;QAC1B,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ;QACrC,CAAC,MAAM,CAAC,UAAU;QAClB,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;QAC9B,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAC5B,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,CAAC,UAAU,GAAG,wBAAwB,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACvE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QACtD,IAAI,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC;QAC1C,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;QACxE,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC;IACjD,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAK1C,OAAO,cAAc,CAAC,KAAK,CAAC;QAC1B,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;QACvD,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAAc,EAAE,KAAa;IACjE,SAAS,CAAC,KAAK,EAAE,oBAAoB,EAAE,KAAK,EAAE;QAC5C,QAAQ,EAAE,IAAI;QACd,GAAG,oBAAoB,CAAC,KAAK,CAAC;QAC9B,GAAG,iBAAiB,EAAE;QACtB,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,yBAAyB;KAClC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC/C,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAChD,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC;IACxB,IAAI,CAAC;QACH,OAAO,CACL,IAAI,GAAG,CACL,mBAAmB,CAAC,KAAK,CAAC,EAC1B,6BAA6B,CAC9B,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,SAAS,CACzD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,KAAc;IAEd,MAAM,UAAU,GAAG;QACjB,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE;QAC7C,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;QAC/C,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;KACpE,CAAC;IACF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,SAAS;QAC3B,MAAM,aAAa,GAAG,yBAAyB,CAC7C,KAAK,EACL,QAAQ,CAAC,MAAM,CAAC,UAAU,CAC3B,CAAC;QACF,MAAM,sBAAsB,GAC1B,SAAS,CAAC,MAAM,KAAK,QAAQ,IAAI,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAChE,IAAI,CAAC,aAAa,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC9C,SAAS;QACX,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;YACpD,qBAAqB,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YAC9C,iBAAiB,CAAC,KAAK,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACjC,KAAK,EAAE,SAAS,CAAC,KAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACtC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,KAAc;IACtD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;YAC1D,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;QAC/B,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAC;QAC3D,KAAK,MAAM,KAAK,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;YAChD,IACE,QAAQ,CAAC,EAAE;gBACX,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAC5D,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAc;IAC/C,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,OAAO,CACL,CAAC,CAAC,sBAAsB,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,sBAAsB,CAAC,KAAK,MAAM,CAC1E,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["import crypto from \"node:crypto\";\nimport type { H3Event } from \"h3\";\nimport {\n getCookie,\n getHeader,\n getQuery,\n setCookie,\n setResponseHeader,\n} from \"h3\";\nimport { getDbExec, intType } from \"../db/client.js\";\nimport { getWorkspaceA2ADerivedSecret } from \"./derived-secret.js\";\nimport { getConfiguredAppBasePath } from \"./app-base-path.js\";\nimport {\n EMBED_MODE_QUERY_PARAM,\n EMBED_SESSION_COOKIE,\n EMBED_TARGET_HEADER,\n EMBED_TOKEN_QUERY_PARAM,\n} from \"../shared/embed-auth.js\";\n\nconst TOKEN_KIND = \"agent-native-embed-session\";\nconst DEFAULT_TOKEN_TTL_SECONDS = 60 * 60;\nconst DEFAULT_TICKET_TTL_SECONDS = 5 * 60;\nconst CONTROL_CHARS = new RegExp(\"[\\\\u0000-\\\\u001f\\\\u007f]\");\nconst OPEN_ROUTE_PATH = \"/_agent-native/open\";\nconst OPEN_ROUTE_VIEW_PATHS: Record<string, string> = {\n ask: \"/\",\n calendar: \"/\",\n capture: \"/search\",\n knowledge: \"/knowledge\",\n list: \"/\",\n ops: \"/ops\",\n proposals: \"/review\",\n review: \"/review\",\n search: \"/search\",\n source: \"/sources\",\n sources: \"/sources\",\n settings: \"/settings\",\n};\nconst EMBED_ROUTE_ALIASES: Record<string, string[]> = {\n \"/dashboard\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/dashboards\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/traffic\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/traffic-dashboard\": [\"/adhoc/agent-native-templates-first-party\"],\n};\n\nlet _initPromise: Promise<void> | undefined;\nlet _devSigningKey: string | undefined;\n\nexport interface EmbedSessionTicketInput {\n ownerEmail: string;\n orgId?: string | null;\n targetPath: string;\n scope?: string | null;\n ttlSeconds?: number;\n}\n\nexport interface EmbedSessionTicket {\n ticket: string;\n ticketHash: string;\n expiresAt: number;\n}\n\nexport interface ConsumeEmbedSessionTicketOptions {\n expectedOrgId?: string | null;\n}\n\nexport interface ConsumedEmbedSessionTicket {\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n expiresAt: number;\n}\n\nexport interface EmbedSessionTokenClaims {\n kind: typeof TOKEN_KIND;\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n iat: number;\n exp: number;\n}\n\nexport type VerifyEmbedSessionTokenResult =\n | { ok: true; claims: EmbedSessionTokenClaims }\n | { ok: false; reason: string };\n\nexport type ResolvedEmbedSession = {\n email: string;\n orgId?: string;\n token: string;\n targetPath: string;\n scope?: string;\n};\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS agent_native_embed_tickets (\n ticket_hash TEXT PRIMARY KEY,\n owner_email TEXT NOT NULL,\n org_id TEXT,\n target_path TEXT NOT NULL,\n scope TEXT,\n created_at ${intType()} NOT NULL,\n expires_at ${intType()} NOT NULL,\n consumed_at ${intType()}\n )\n `);\n })().catch((err) => {\n _initPromise = undefined;\n throw err;\n });\n }\n return _initPromise;\n}\n\nfunction getSigningKey(): string {\n const secret =\n process.env.OAUTH_STATE_SECRET ||\n process.env.BETTER_AUTH_SECRET ||\n getWorkspaceA2ADerivedSecret(\"short-lived-token\");\n if (secret) return secret;\n\n if (process.env.NODE_ENV === \"production\") {\n throw new Error(\n \"Embed session signing requires a server secret. Set OAUTH_STATE_SECRET, BETTER_AUTH_SECRET, or A2A_SECRET in production workspace deploys.\",\n );\n }\n\n if (!_devSigningKey) {\n _devSigningKey = crypto.randomBytes(32).toString(\"hex\");\n }\n return _devSigningKey;\n}\n\nfunction base64UrlEncode(buf: Buffer | string): string {\n const b = typeof buf === \"string\" ? Buffer.from(buf, \"utf8\") : buf;\n return b\n .toString(\"base64\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/g, \"\");\n}\n\nfunction base64UrlDecode(input: string): Buffer {\n const padded = input + \"=\".repeat((4 - (input.length % 4)) % 4);\n return Buffer.from(padded.replace(/-/g, \"+\").replace(/_/g, \"/\"), \"base64\");\n}\n\nfunction signPayload(payload: string): string {\n return base64UrlEncode(\n crypto.createHmac(\"sha256\", getSigningKey()).update(payload).digest(),\n );\n}\n\nfunction hashTicket(ticket: string): string {\n return crypto.createHash(\"sha256\").update(ticket).digest(\"hex\");\n}\n\nfunction numberOrNull(value: unknown): number | null {\n if (value == null) return null;\n const n = Number(value);\n return Number.isFinite(n) ? n : null;\n}\n\nfunction stringOrUndefined(value: unknown): string | undefined {\n return typeof value === \"string\" && value ? value : undefined;\n}\n\nfunction stripConfiguredBasePath(pathname: string): string {\n const base = getConfiguredAppBasePath();\n if (!base) return pathname;\n if (pathname === base) return \"/\";\n if (pathname.startsWith(`${base}/`))\n return pathname.slice(base.length) || \"/\";\n return pathname;\n}\n\nfunction pathnameFromPath(path: string): string | null {\n const normalized = normalizeEmbedTargetPath(path);\n if (!normalized) return null;\n try {\n return new URL(normalized, \"http://agent-native.invalid\").pathname;\n } catch {\n return null;\n }\n}\n\nfunction safePathSegment(value: string | null | undefined): string | null {\n const segment = value?.trim();\n if (!segment || CONTROL_CHARS.test(segment)) return null;\n if (segment === \".\" || segment === \"..\") return null;\n if (\n segment.includes(\"/\") ||\n segment.includes(\"\\\\\") ||\n segment.includes(\"?\")\n ) {\n return null;\n }\n if (segment.includes(\"#\")) return null;\n return segment;\n}\n\nfunction addResolvedOpenRoutePath(\n targets: Set<string>,\n path: string | null | undefined,\n): void {\n if (!path) return;\n const pathname = pathnameFromPath(path);\n if (pathname) targets.add(pathname);\n}\n\nfunction openRouteTargetPathnames(targetPath: string): Set<string> {\n const targets = new Set<string>();\n let url: URL;\n try {\n url = new URL(targetPath, \"http://agent-native.invalid\");\n } catch {\n return targets;\n }\n if (stripConfiguredBasePath(url.pathname) !== OPEN_ROUTE_PATH) {\n return targets;\n }\n\n const to = normalizeEmbedTargetPath(url.searchParams.get(\"to\"));\n addResolvedOpenRoutePath(targets, to);\n\n const view = url.searchParams.get(\"view\")?.trim();\n if (!view || CONTROL_CHARS.test(view)) return targets;\n const viewPath = view.startsWith(\"/\") ? view : `/${view}`;\n const viewPathname = pathnameFromPath(viewPath);\n addResolvedOpenRoutePath(targets, viewPathname);\n addResolvedOpenRoutePath(targets, OPEN_ROUTE_VIEW_PATHS[view]);\n\n const dashboardId = safePathSegment(url.searchParams.get(\"dashboardId\"));\n if (view === \"adhoc\" && dashboardId) {\n addResolvedOpenRoutePath(\n targets,\n `/adhoc/${encodeURIComponent(dashboardId)}`,\n );\n }\n const analysisId = safePathSegment(url.searchParams.get(\"analysisId\"));\n if (view === \"analyses\" && analysisId) {\n addResolvedOpenRoutePath(\n targets,\n `/analyses/${encodeURIComponent(analysisId)}`,\n );\n }\n const extensionId = safePathSegment(url.searchParams.get(\"extensionId\"));\n if (view === \"extensions\" && extensionId) {\n addResolvedOpenRoutePath(\n targets,\n `/extensions/${encodeURIComponent(extensionId)}`,\n );\n }\n const designId = safePathSegment(url.searchParams.get(\"designId\"));\n if (designId) {\n addResolvedOpenRoutePath(\n targets,\n view === \"present\"\n ? `/present/${encodeURIComponent(designId)}`\n : `/design/${encodeURIComponent(designId)}`,\n );\n }\n const documentId = safePathSegment(url.searchParams.get(\"documentId\"));\n if (documentId) {\n addResolvedOpenRoutePath(\n targets,\n `/page/${encodeURIComponent(documentId)}`,\n );\n }\n const deckId = safePathSegment(url.searchParams.get(\"deckId\"));\n if (deckId) {\n addResolvedOpenRoutePath(\n targets,\n view === \"present\"\n ? `/deck/${encodeURIComponent(deckId)}/present`\n : `/deck/${encodeURIComponent(deckId)}`,\n );\n }\n if (\n safePathSegment(url.searchParams.get(\"captureId\")) ||\n safePathSegment(url.searchParams.get(\"knowledgeId\")) ||\n safePathSegment(url.searchParams.get(\"sourceId\"))\n ) {\n addResolvedOpenRoutePath(targets, OPEN_ROUTE_VIEW_PATHS[view]);\n }\n if (\n view === \"calendar\" &&\n (safePathSegment(url.searchParams.get(\"eventId\")) ||\n safePathSegment(url.searchParams.get(\"eventDraftId\")))\n ) {\n addResolvedOpenRoutePath(targets, \"/\");\n }\n const threadId = safePathSegment(url.searchParams.get(\"threadId\"));\n if (viewPathname && threadId) {\n addResolvedOpenRoutePath(\n targets,\n `${viewPathname}/${encodeURIComponent(threadId)}`,\n );\n }\n\n return targets;\n}\n\nfunction allowedEmbedTargetPathnames(targetPath: string): Set<string> {\n const allowed = new Set<string>();\n const direct = pathnameFromPath(targetPath);\n if (direct) {\n allowed.add(direct);\n for (const aliasTarget of EMBED_ROUTE_ALIASES[direct] ?? []) {\n allowed.add(aliasTarget);\n }\n }\n for (const openTarget of openRouteTargetPathnames(targetPath)) {\n allowed.add(openTarget);\n }\n return allowed;\n}\n\nfunction requestUrlFromEvent(event: H3Event): string {\n const mountedPathname = (event as any).context?._mountedPathname;\n if (typeof mountedPathname === \"string\" && mountedPathname) {\n return `${mountedPathname}${(event as any).url?.search ?? \"\"}`;\n }\n return (\n (event as any).node?.req?.url ??\n ((event as any).req?.url as string | undefined) ??\n ((event as any).request?.url as string | undefined) ??\n (event as any).path ??\n (event as any).url?.toString?.() ??\n \"/\"\n );\n}\n\nfunction requestPathname(event: H3Event): string | null {\n const raw = requestUrlFromEvent(event);\n try {\n const pathname = new URL(raw, \"http://agent-native.invalid\").pathname;\n return stripConfiguredBasePath(pathname);\n } catch {\n return null;\n }\n}\n\nfunction headerTargetPathname(event: H3Event): string | null {\n const direct =\n (event as any).request?.headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER] ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER.toLowerCase()];\n if (typeof direct === \"string\") return pathnameFromPath(direct);\n try {\n const raw = getHeader(event, EMBED_TARGET_HEADER);\n return typeof raw === \"string\" ? pathnameFromPath(raw) : null;\n } catch {\n return null;\n }\n}\n\nfunction requestHost(event: H3Event): string | null {\n const direct =\n (event as any).request?.headers?.get?.(\"host\") ??\n (event as any).headers?.get?.(\"host\") ??\n (event as any).node?.req?.headers?.host;\n if (typeof direct === \"string\" && direct.trim()) return direct.trim();\n try {\n return getHeader(event, \"host\") ?? null;\n } catch {\n return null;\n }\n}\n\nfunction referrerTargetPathname(event: H3Event): string | null {\n let raw: string | null =\n (event as any).request?.headers?.get?.(\"referer\") ??\n (event as any).request?.headers?.get?.(\"referrer\") ??\n (event as any).headers?.get?.(\"referer\") ??\n (event as any).headers?.get?.(\"referrer\") ??\n (event as any).node?.req?.headers?.referer ??\n (event as any).node?.req?.headers?.referrer ??\n null;\n try {\n raw = raw ?? getHeader(event, \"referer\") ?? getHeader(event, \"referrer\");\n } catch {\n raw = raw ?? null;\n }\n if (!raw) return null;\n try {\n const referrer = new URL(raw);\n const host = requestHost(event);\n if (host && referrer.host !== host) return null;\n return pathnameFromPath(`${referrer.pathname}${referrer.search}`);\n } catch {\n return pathnameFromPath(raw);\n }\n}\n\nexport function requestMatchesEmbedTarget(\n event: H3Event,\n targetPath: string,\n): boolean {\n const allowed = allowedEmbedTargetPathnames(targetPath);\n if (allowed.size === 0) return false;\n\n const current = requestPathname(event);\n if (current && allowed.has(current)) return true;\n\n const headerTarget = headerTargetPathname(event);\n if (headerTarget && allowed.has(headerTarget)) return true;\n\n const referrerTarget = referrerTargetPathname(event);\n return !!referrerTarget && allowed.has(referrerTarget);\n}\n\nfunction isEmbedRuntimeRequest(event: H3Event): boolean {\n const pathname = requestPathname(event);\n return (\n !!pathname &&\n (pathname === \"/api\" ||\n pathname.startsWith(\"/api/\") ||\n pathname === \"/_agent-native\" ||\n pathname.startsWith(\"/_agent-native/\"))\n );\n}\n\nexport function normalizeEmbedTargetPath(\n raw: string | undefined | null,\n requestOrigin?: string,\n): string | null {\n const value = String(raw ?? \"\").trim();\n if (!value || CONTROL_CHARS.test(value)) return null;\n\n let path = value;\n try {\n if (/^[a-z][a-z0-9+.-]*:\\/\\//i.test(value)) {\n const parsed = new URL(value);\n if (requestOrigin) {\n const expected = new URL(requestOrigin);\n if (parsed.origin !== expected.origin) return null;\n }\n const base = getConfiguredAppBasePath();\n if (\n base &&\n parsed.pathname !== base &&\n !parsed.pathname.startsWith(`${base}/`)\n ) {\n return null;\n }\n path = `${parsed.pathname}${parsed.search}${parsed.hash}`;\n }\n } catch {\n return null;\n }\n\n if (!path.startsWith(\"/\")) path = `/${path}`;\n if (path.startsWith(\"//\") || path.startsWith(\"/\\\\\")) return null;\n if (/^\\/[a-z][a-z0-9+.-]*:/i.test(path)) return null;\n return stripConfiguredBasePath(path);\n}\n\nexport async function createEmbedSessionTicket(\n input: EmbedSessionTicketInput,\n): Promise<EmbedSessionTicket> {\n const ownerEmail = input.ownerEmail.trim();\n if (!ownerEmail) throw new Error(\"Embed session ticket requires ownerEmail.\");\n const targetPath = normalizeEmbedTargetPath(input.targetPath);\n if (!targetPath)\n throw new Error(\"Embed session ticket requires a safe path.\");\n\n await ensureTable();\n const ticket = crypto.randomBytes(32).toString(\"base64url\");\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const ttlSeconds = input.ttlSeconds ?? DEFAULT_TICKET_TTL_SECONDS;\n const expiresAt = now + Math.max(1, ttlSeconds) * 1000;\n await getDbExec().execute({\n sql:\n \"INSERT INTO agent_native_embed_tickets \" +\n \"(ticket_hash, owner_email, org_id, target_path, scope, created_at, expires_at, consumed_at) \" +\n \"VALUES (?, ?, ?, ?, ?, ?, ?, ?)\",\n args: [\n ticketHash,\n ownerEmail,\n input.orgId ?? null,\n targetPath,\n input.scope ?? null,\n now,\n expiresAt,\n null,\n ],\n });\n return { ticket, ticketHash, expiresAt };\n}\n\nexport async function consumeEmbedSessionTicket(\n ticket: string | undefined | null,\n options: ConsumeEmbedSessionTicketOptions = {},\n): Promise<ConsumedEmbedSessionTicket | null> {\n if (!ticket) return null;\n await ensureTable();\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const { rows } = await getDbExec().execute({\n sql:\n \"SELECT ticket_hash, owner_email, org_id, target_path, scope, expires_at, consumed_at \" +\n \"FROM agent_native_embed_tickets WHERE ticket_hash = ?\",\n args: [ticketHash],\n });\n if (rows.length === 0) return null;\n const row: any = rows[0];\n const expiresAt = numberOrNull(row.expires_at ?? row.expiresAt);\n const consumedAt = numberOrNull(row.consumed_at ?? row.consumedAt);\n const orgId = stringOrUndefined(row.org_id ?? row.orgId);\n if (consumedAt != null) return null;\n if (expiresAt != null && expiresAt < now) return null;\n if (options.expectedOrgId && orgId && orgId !== options.expectedOrgId) {\n return null;\n }\n\n const result = await getDbExec().execute({\n sql:\n \"UPDATE agent_native_embed_tickets SET consumed_at = ? \" +\n \"WHERE ticket_hash = ? AND consumed_at IS NULL\",\n args: [now, ticketHash],\n });\n if (result.rowsAffected === 0) return null;\n\n const targetPath = normalizeEmbedTargetPath(\n stringOrUndefined(row.target_path ?? row.targetPath),\n );\n const ownerEmail = stringOrUndefined(row.owner_email ?? row.ownerEmail);\n if (!targetPath || !ownerEmail || expiresAt == null) return null;\n\n return {\n ownerEmail,\n ...(orgId ? { orgId } : {}),\n targetPath,\n ...(stringOrUndefined(row.scope)\n ? { scope: stringOrUndefined(row.scope) }\n : {}),\n expiresAt,\n };\n}\n\nexport function signEmbedSessionToken(input: {\n ownerEmail: string;\n orgId?: string | null;\n targetPath: string;\n scope?: string | null;\n ttlSeconds?: number;\n}): string {\n const targetPath = normalizeEmbedTargetPath(input.targetPath) ?? \"/\";\n const now = Math.floor(Date.now() / 1000);\n const ttl = Math.max(1, input.ttlSeconds ?? DEFAULT_TOKEN_TTL_SECONDS);\n const claims: EmbedSessionTokenClaims = {\n kind: TOKEN_KIND,\n ownerEmail: input.ownerEmail,\n targetPath,\n iat: now,\n exp: now + ttl,\n };\n if (input.orgId) claims.orgId = input.orgId;\n if (input.scope) claims.scope = input.scope;\n const payload = base64UrlEncode(JSON.stringify(claims));\n return `${payload}.${signPayload(payload)}`;\n}\n\nexport function verifyEmbedSessionToken(\n token: string | undefined | null,\n): VerifyEmbedSessionTokenResult {\n if (!token || typeof token !== \"string\") {\n return { ok: false, reason: \"missing\" };\n }\n const parts = token.split(\".\");\n if (parts.length !== 2 || !parts[0] || !parts[1]) {\n return { ok: false, reason: \"shape\" };\n }\n const [payload, signature] = parts;\n const expected = signPayload(payload);\n const sig = Buffer.from(signature);\n const exp = Buffer.from(expected);\n if (sig.length !== exp.length || !crypto.timingSafeEqual(sig, exp)) {\n return { ok: false, reason: \"signature\" };\n }\n\n let claims: EmbedSessionTokenClaims;\n try {\n claims = JSON.parse(base64UrlDecode(payload).toString(\"utf8\"));\n } catch {\n return { ok: false, reason: \"payload\" };\n }\n\n if (\n !claims ||\n claims.kind !== TOKEN_KIND ||\n typeof claims.ownerEmail !== \"string\" ||\n !claims.ownerEmail ||\n typeof claims.exp !== \"number\" ||\n !Number.isFinite(claims.exp)\n ) {\n return { ok: false, reason: \"claims\" };\n }\n if (claims.exp < Math.floor(Date.now() / 1000)) {\n return { ok: false, reason: \"expired\" };\n }\n claims.targetPath = normalizeEmbedTargetPath(claims.targetPath) ?? \"/\";\n return { ok: true, claims };\n}\n\nfunction isHttpsRequest(event: H3Event): boolean {\n try {\n const xfProto = getHeader(event, \"x-forwarded-proto\");\n if (xfProto && String(xfProto).split(\",\")[0].trim() === \"https\") {\n return true;\n }\n const url = event.url?.toString?.() ?? \"\";\n if (url.startsWith(\"https://\")) return true;\n const appUrl = process.env.APP_URL || process.env.BETTER_AUTH_URL || \"\";\n if (appUrl.startsWith(\"https://\")) return true;\n } catch {\n // ignore\n }\n return false;\n}\n\nfunction cookieDomainAttrs(): { domain?: string } {\n const domain = process.env.COOKIE_DOMAIN?.trim();\n return domain ? { domain } : {};\n}\n\nfunction crossSiteCookieAttrs(event: H3Event): {\n sameSite: \"lax\" | \"none\";\n secure: boolean;\n partitioned?: boolean;\n} {\n return isHttpsRequest(event)\n ? { sameSite: \"none\", secure: true, partitioned: true }\n : { sameSite: \"lax\", secure: false };\n}\n\nexport function setEmbedSessionCookie(event: H3Event, token: string): void {\n setCookie(event, EMBED_SESSION_COOKIE, token, {\n httpOnly: true,\n ...crossSiteCookieAttrs(event),\n ...cookieDomainAttrs(),\n path: \"/\",\n maxAge: DEFAULT_TOKEN_TTL_SECONDS,\n });\n}\n\nfunction bearerToken(event: H3Event): string | undefined {\n const auth = getHeader(event, \"authorization\");\n if (!auth) return undefined;\n const match = /^Bearer\\s+(.+)$/i.exec(String(auth).trim());\n return match?.[1]?.trim();\n}\n\nfunction queryToken(event: H3Event): string | undefined {\n const raw = getQuery(event)?.[EMBED_TOKEN_QUERY_PARAM];\n const value = Array.isArray(raw) ? raw[0] : raw;\n if (value) return value;\n try {\n return (\n new URL(\n requestUrlFromEvent(event),\n \"http://agent-native.invalid\",\n ).searchParams.get(EMBED_TOKEN_QUERY_PARAM) ?? undefined\n );\n } catch {\n return undefined;\n }\n}\n\nexport async function resolveEmbedSessionFromRequest(\n event: H3Event,\n): Promise<ResolvedEmbedSession | null> {\n const candidates = [\n { token: queryToken(event), source: \"query\" },\n { token: bearerToken(event), source: \"bearer\" },\n { token: getCookie(event, EMBED_SESSION_COOKIE), source: \"cookie\" },\n ];\n for (const candidate of candidates) {\n const verified = verifyEmbedSessionToken(candidate.token);\n if (!verified.ok) continue;\n const matchesTarget = requestMatchesEmbedTarget(\n event,\n verified.claims.targetPath,\n );\n const isRuntimeCookieRequest =\n candidate.source === \"cookie\" && isEmbedRuntimeRequest(event);\n if (!matchesTarget && !isRuntimeCookieRequest) {\n continue;\n }\n if (candidate.source === \"query\" && candidate.token) {\n setEmbedSessionCookie(event, candidate.token);\n setResponseHeader(event, \"Referrer-Policy\", \"no-referrer\");\n }\n return {\n email: verified.claims.ownerEmail,\n token: candidate.token!,\n targetPath: verified.claims.targetPath,\n ...(verified.claims.orgId ? { orgId: verified.claims.orgId } : {}),\n ...(verified.claims.scope ? { scope: verified.claims.scope } : {}),\n };\n }\n return null;\n}\n\nexport function requestHasEmbedAuthMarker(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n const queryToken = Array.isArray(q[EMBED_TOKEN_QUERY_PARAM])\n ? q[EMBED_TOKEN_QUERY_PARAM][0]\n : q[EMBED_TOKEN_QUERY_PARAM];\n const cookieToken = getCookie(event, EMBED_SESSION_COOKIE);\n for (const token of [queryToken, cookieToken]) {\n const verified = verifyEmbedSessionToken(token);\n if (\n verified.ok &&\n requestMatchesEmbedTarget(event, verified.claims.targetPath)\n ) {\n return true;\n }\n }\n } catch {\n // ignore\n }\n return false;\n}\n\nexport function isEmbedModeRequest(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n return (\n q[EMBED_MODE_QUERY_PARAM] === \"1\" || q[EMBED_MODE_QUERY_PARAM] === \"true\"\n );\n } catch {\n return false;\n }\n}\n"]}
1
+ {"version":3,"file":"embed-session.js","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,OAAO,EACL,SAAS,EACT,SAAS,EACT,QAAQ,EACR,SAAS,EACT,iBAAiB,GAClB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,UAAU,GAAG,4BAA4B,CAAC;AAChD,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,CAAC;AAC1C,MAAM,0BAA0B,GAAG,CAAC,GAAG,EAAE,CAAC;AAC1C,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,0BAA0B,CAAC,CAAC;AAC7D,MAAM,eAAe,GAAG,qBAAqB,CAAC;AAC9C,MAAM,qBAAqB,GAA2B;IACpD,GAAG,EAAE,GAAG;IACR,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,SAAS;IAClB,SAAS,EAAE,YAAY;IACvB,IAAI,EAAE,GAAG;IACT,GAAG,EAAE,MAAM;IACX,SAAS,EAAE,SAAS;IACpB,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,SAAS;IACjB,MAAM,EAAE,UAAU;IAClB,OAAO,EAAE,UAAU;IACnB,QAAQ,EAAE,WAAW;CACtB,CAAC;AACF,MAAM,mBAAmB,GAA6B;IACpD,2EAA2E;IAC3E,wEAAwE;IACxE,iCAAiC;IACjC,GAAG,EAAE,CAAC,WAAW,CAAC;IAClB,YAAY,EAAE,CAAC,2CAA2C,CAAC;IAC3D,aAAa,EAAE,CAAC,2CAA2C,CAAC;IAC5D,UAAU,EAAE,CAAC,2CAA2C,CAAC;IACzD,oBAAoB,EAAE,CAAC,2CAA2C,CAAC;CACpE,CAAC;AAEF,IAAI,YAAuC,CAAC;AAC5C,IAAI,cAAkC,CAAC;AAkDvC,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC;;;;;;;uBAOJ,OAAO,EAAE;uBACT,OAAO,EAAE;wBACR,OAAO,EAAE;;OAE1B,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjB,YAAY,GAAG,SAAS,CAAC;YACzB,MAAM,GAAG,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,MAAM,GACV,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,4BAA4B,CAAC,mBAAmB,CAAC,CAAC;IACpD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,4IAA4I,CAC7I,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,SAAS,eAAe,CAAC,GAAoB;IAC3C,MAAM,CAAC,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACnE,OAAO,CAAC;SACL,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,MAAM,GAAG,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAChE,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,eAAe,CACpB,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CACtE,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACxB,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACvC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAgB;IAC/C,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;IACxC,IAAI,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC;IAC3B,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,GAAG,CAAC;IAClC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC;QACjC,OAAO,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC;IAC5C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,UAAU,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,KAAgC;IACvD,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACzD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACrD,IACE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QACrB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QACtB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EACrB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,wBAAwB,CAC/B,OAAoB,EACpB,IAA+B;IAE/B,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,QAAQ;QAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,wBAAwB,CAAC,UAAkB;IAClD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,uBAAuB,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,eAAe,EAAE,CAAC;QAC9D,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,EAAE,GAAG,wBAAwB,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAChE,wBAAwB,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAEtC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC;IAClD,IAAI,CAAC,IAAI,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,OAAO,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IAC1D,MAAM,YAAY,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAChD,wBAAwB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAChD,wBAAwB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;IAE/D,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,KAAK,OAAO,IAAI,WAAW,EAAE,CAAC;QACpC,wBAAwB,CACtB,OAAO,EACP,UAAU,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAC5C,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,IAAI,IAAI,KAAK,UAAU,IAAI,UAAU,EAAE,CAAC;QACtC,wBAAwB,CACtB,OAAO,EACP,aAAa,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,KAAK,YAAY,IAAI,WAAW,EAAE,CAAC;QACzC,wBAAwB,CACtB,OAAO,EACP,eAAe,kBAAkB,CAAC,WAAW,CAAC,EAAE,CACjD,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,QAAQ,EAAE,CAAC;QACb,wBAAwB,CACtB,OAAO,EACP,IAAI,KAAK,SAAS;YAChB,CAAC,CAAC,YAAY,kBAAkB,CAAC,QAAQ,CAAC,EAAE;YAC5C,CAAC,CAAC,WAAW,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAC9C,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IACvE,IAAI,UAAU,EAAE,CAAC;QACf,wBAAwB,CACtB,OAAO,EACP,SAAS,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/D,IAAI,MAAM,EAAE,CAAC;QACX,wBAAwB,CACtB,OAAO,EACP,IAAI,KAAK,SAAS;YAChB,CAAC,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,UAAU;YAC/C,CAAC,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAC1C,CAAC;IACJ,CAAC;IACD,IACE,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClD,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACpD,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EACjD,CAAC;QACD,wBAAwB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,IACE,IAAI,KAAK,UAAU;QACnB,CAAC,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAC/C,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EACxD,CAAC;QACD,wBAAwB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,IAAI,YAAY,IAAI,QAAQ,EAAE,CAAC;QAC7B,wBAAwB,CACtB,OAAO,EACP,GAAG,YAAY,IAAI,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAClD,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,2BAA2B,CAAC,UAAkB;IACrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpB,KAAK,MAAM,WAAW,IAAI,mBAAmB,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,KAAK,MAAM,UAAU,IAAI,wBAAwB,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,eAAe,GAAI,KAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACjE,IAAI,OAAO,eAAe,KAAK,QAAQ,IAAI,eAAe,EAAE,CAAC;QAC3D,OAAO,GAAG,eAAe,GAAI,KAAa,CAAC,GAAG,EAAE,MAAM,IAAI,EAAE,EAAE,CAAC;IACjE,CAAC;IACD,OAAO,CACJ,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG;QAC3B,KAAa,CAAC,GAAG,EAAE,GAA0B;QAC7C,KAAa,CAAC,OAAO,EAAE,GAA0B;QAClD,KAAa,CAAC,IAAI;QAClB,KAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;QAChC,GAAG,CACJ,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,MAAM,GAAG,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;QACtE,OAAO,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAC1C,MAAM,MAAM,GACT,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QAC1D,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QACjD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC;QACvD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,WAAW,EAAE,CAAC,CAAC;IACzE,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QAClD,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,MAAM,GACT,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC;QAC7C,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC;QACpC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC;IAC1C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACtE,IAAI,CAAC;QACH,OAAO,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAc;IAC5C,IAAI,GAAG,GACJ,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC;QAChD,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC;QACjD,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC;QACvC,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC;QACxC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO;QACzC,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ;QAC3C,IAAI,CAAC;IACP,IAAI,CAAC;QACH,GAAG,GAAG,GAAG,IAAI,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,SAAS,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,GAAG,GAAG,IAAI,IAAI,CAAC;IACpB,CAAC;IACD,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAChD,OAAO,gBAAgB,CAAC,GAAG,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACpE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,KAAc,EACd,UAAkB;IAElB,MAAM,OAAO,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;IACxD,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,YAAY,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IACjD,IAAI,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3D,MAAM,cAAc,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;IACrD,OAAO,CAAC,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAc;IAC3C,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACxC,OAAO,CACL,CAAC,CAAC,QAAQ;QACV,CAAC,QAAQ,KAAK,MAAM;YAClB,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;YAC5B,QAAQ,KAAK,gBAAgB;YAC7B,QAAQ,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAC1C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,GAA8B,EAC9B,aAAsB;IAEtB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,KAAK,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAErD,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;YAC9B,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;gBACxC,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;YACrD,CAAC;YACD,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;YACxC,IACE,IAAI;gBACJ,MAAM,CAAC,QAAQ,KAAK,IAAI;gBACxB,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,EACvC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,GAAG,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAC5D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7C,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACjE,IAAI,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAA8B;IAE9B,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC9E,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9D,IAAI,CAAC,UAAU;QACb,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAEhE,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,0BAA0B,CAAC;IAClE,MAAM,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC;IACvD,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EACD,yCAAyC;YACzC,8FAA8F;YAC9F,iCAAiC;QACnC,IAAI,EAAE;YACJ,UAAU;YACV,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,GAAG;YACH,SAAS;YACT,IAAI;SACL;KACF,CAAC,CAAC;IACH,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiC,EACjC,UAA4C,EAAE;IAE9C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACzC,GAAG,EACD,uFAAuF;YACvF,uDAAuD;QACzD,IAAI,EAAE,CAAC,UAAU,CAAC;KACnB,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,MAAM,GAAG,GAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACnE,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IACzD,IAAI,UAAU,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,SAAS,IAAI,IAAI,IAAI,SAAS,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,OAAO,CAAC,aAAa,IAAI,KAAK,IAAI,KAAK,KAAK,OAAO,CAAC,aAAa,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACvC,GAAG,EACD,wDAAwD;YACxD,+CAA+C;QACjD,IAAI,EAAE,CAAC,GAAG,EAAE,UAAU,CAAC;KACxB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,YAAY,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,UAAU,GAAG,wBAAwB,CACzC,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CACrD,CAAC;IACF,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACxE,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,IAAI,SAAS,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAEjE,OAAO;QACL,UAAU;QACV,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3B,UAAU;QACV,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC;YAC9B,CAAC,CAAC,EAAE,KAAK,EAAE,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;YACzC,CAAC,CAAC,EAAE,CAAC;QACP,SAAS;KACV,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAMrC;IACC,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACrE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,IAAI,yBAAyB,CAAC,CAAC;IACvE,MAAM,MAAM,GAA4B;QACtC,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,UAAU;QACV,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,GAAG;KACf,CAAC;IACF,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,OAAO,GAAG,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,KAAgC;IAEhC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IACD,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;IACnC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;QACnE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IAED,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IAED,IACE,CAAC,MAAM;QACP,MAAM,CAAC,IAAI,KAAK,UAAU;QAC1B,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ;QACrC,CAAC,MAAM,CAAC,UAAU;QAClB,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;QAC9B,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAC5B,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,CAAC,UAAU,GAAG,wBAAwB,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACvE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QACtD,IAAI,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC;QAC1C,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;QACxE,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC;IACjD,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAK1C,OAAO,cAAc,CAAC,KAAK,CAAC;QAC1B,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;QACvD,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAAc,EAAE,KAAa;IACjE,SAAS,CAAC,KAAK,EAAE,oBAAoB,EAAE,KAAK,EAAE;QAC5C,QAAQ,EAAE,IAAI;QACd,GAAG,oBAAoB,CAAC,KAAK,CAAC;QAC9B,GAAG,iBAAiB,EAAE;QACtB,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,yBAAyB;KAClC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC/C,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAChD,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC;IACxB,IAAI,CAAC;QACH,OAAO,CACL,IAAI,GAAG,CACL,mBAAmB,CAAC,KAAK,CAAC,EAC1B,6BAA6B,CAC9B,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,SAAS,CACzD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,KAAc;IAEd,MAAM,UAAU,GAAG;QACjB,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE;QAC7C,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;QAC/C,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;KACpE,CAAC;IACF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,SAAS;QAC3B,MAAM,aAAa,GAAG,yBAAyB,CAC7C,KAAK,EACL,QAAQ,CAAC,MAAM,CAAC,UAAU,CAC3B,CAAC;QACF,MAAM,sBAAsB,GAC1B,SAAS,CAAC,MAAM,KAAK,QAAQ,IAAI,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAChE,IAAI,CAAC,aAAa,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC9C,SAAS;QACX,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;YACpD,qBAAqB,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YAC9C,iBAAiB,CAAC,KAAK,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACjC,KAAK,EAAE,SAAS,CAAC,KAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACtC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,KAAc;IACtD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;YAC1D,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;QAC/B,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAC;QAC3D,KAAK,MAAM,KAAK,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;YAChD,IACE,QAAQ,CAAC,EAAE;gBACX,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAC5D,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAc;IAC/C,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,OAAO,CACL,CAAC,CAAC,sBAAsB,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,sBAAsB,CAAC,KAAK,MAAM,CAC1E,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["import crypto from \"node:crypto\";\nimport type { H3Event } from \"h3\";\nimport {\n getCookie,\n getHeader,\n getQuery,\n setCookie,\n setResponseHeader,\n} from \"h3\";\nimport { getDbExec, intType } from \"../db/client.js\";\nimport { getWorkspaceA2ADerivedSecret } from \"./derived-secret.js\";\nimport { getConfiguredAppBasePath } from \"./app-base-path.js\";\nimport {\n EMBED_MODE_QUERY_PARAM,\n EMBED_SESSION_COOKIE,\n EMBED_TARGET_HEADER,\n EMBED_TOKEN_QUERY_PARAM,\n} from \"../shared/embed-auth.js\";\n\nconst TOKEN_KIND = \"agent-native-embed-session\";\nconst DEFAULT_TOKEN_TTL_SECONDS = 60 * 60;\nconst DEFAULT_TICKET_TTL_SECONDS = 5 * 60;\nconst CONTROL_CHARS = new RegExp(\"[\\\\u0000-\\\\u001f\\\\u007f]\");\nconst OPEN_ROUTE_PATH = \"/_agent-native/open\";\nconst OPEN_ROUTE_VIEW_PATHS: Record<string, string> = {\n ask: \"/\",\n calendar: \"/\",\n capture: \"/search\",\n knowledge: \"/knowledge\",\n list: \"/\",\n ops: \"/ops\",\n proposals: \"/review\",\n review: \"/review\",\n search: \"/search\",\n source: \"/sources\",\n sources: \"/sources\",\n settings: \"/settings\",\n};\nconst EMBED_ROUTE_ALIASES: Record<string, string[]> = {\n // Dispatch's app root redirects to /overview. A ticket minted for the root\n // should survive that first-hop redirect instead of falling back to the\n // private deployment token gate.\n \"/\": [\"/overview\"],\n \"/dashboard\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/dashboards\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/traffic\": [\"/adhoc/agent-native-templates-first-party\"],\n \"/traffic-dashboard\": [\"/adhoc/agent-native-templates-first-party\"],\n};\n\nlet _initPromise: Promise<void> | undefined;\nlet _devSigningKey: string | undefined;\n\nexport interface EmbedSessionTicketInput {\n ownerEmail: string;\n orgId?: string | null;\n targetPath: string;\n scope?: string | null;\n ttlSeconds?: number;\n}\n\nexport interface EmbedSessionTicket {\n ticket: string;\n ticketHash: string;\n expiresAt: number;\n}\n\nexport interface ConsumeEmbedSessionTicketOptions {\n expectedOrgId?: string | null;\n}\n\nexport interface ConsumedEmbedSessionTicket {\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n expiresAt: number;\n}\n\nexport interface EmbedSessionTokenClaims {\n kind: typeof TOKEN_KIND;\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n iat: number;\n exp: number;\n}\n\nexport type VerifyEmbedSessionTokenResult =\n | { ok: true; claims: EmbedSessionTokenClaims }\n | { ok: false; reason: string };\n\nexport type ResolvedEmbedSession = {\n email: string;\n orgId?: string;\n token: string;\n targetPath: string;\n scope?: string;\n};\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS agent_native_embed_tickets (\n ticket_hash TEXT PRIMARY KEY,\n owner_email TEXT NOT NULL,\n org_id TEXT,\n target_path TEXT NOT NULL,\n scope TEXT,\n created_at ${intType()} NOT NULL,\n expires_at ${intType()} NOT NULL,\n consumed_at ${intType()}\n )\n `);\n })().catch((err) => {\n _initPromise = undefined;\n throw err;\n });\n }\n return _initPromise;\n}\n\nfunction getSigningKey(): string {\n const secret =\n process.env.OAUTH_STATE_SECRET ||\n process.env.BETTER_AUTH_SECRET ||\n getWorkspaceA2ADerivedSecret(\"short-lived-token\");\n if (secret) return secret;\n\n if (process.env.NODE_ENV === \"production\") {\n throw new Error(\n \"Embed session signing requires a server secret. Set OAUTH_STATE_SECRET, BETTER_AUTH_SECRET, or A2A_SECRET in production workspace deploys.\",\n );\n }\n\n if (!_devSigningKey) {\n _devSigningKey = crypto.randomBytes(32).toString(\"hex\");\n }\n return _devSigningKey;\n}\n\nfunction base64UrlEncode(buf: Buffer | string): string {\n const b = typeof buf === \"string\" ? Buffer.from(buf, \"utf8\") : buf;\n return b\n .toString(\"base64\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/g, \"\");\n}\n\nfunction base64UrlDecode(input: string): Buffer {\n const padded = input + \"=\".repeat((4 - (input.length % 4)) % 4);\n return Buffer.from(padded.replace(/-/g, \"+\").replace(/_/g, \"/\"), \"base64\");\n}\n\nfunction signPayload(payload: string): string {\n return base64UrlEncode(\n crypto.createHmac(\"sha256\", getSigningKey()).update(payload).digest(),\n );\n}\n\nfunction hashTicket(ticket: string): string {\n return crypto.createHash(\"sha256\").update(ticket).digest(\"hex\");\n}\n\nfunction numberOrNull(value: unknown): number | null {\n if (value == null) return null;\n const n = Number(value);\n return Number.isFinite(n) ? n : null;\n}\n\nfunction stringOrUndefined(value: unknown): string | undefined {\n return typeof value === \"string\" && value ? value : undefined;\n}\n\nfunction stripConfiguredBasePath(pathname: string): string {\n const base = getConfiguredAppBasePath();\n if (!base) return pathname;\n if (pathname === base) return \"/\";\n if (pathname.startsWith(`${base}/`))\n return pathname.slice(base.length) || \"/\";\n return pathname;\n}\n\nfunction pathnameFromPath(path: string): string | null {\n const normalized = normalizeEmbedTargetPath(path);\n if (!normalized) return null;\n try {\n return new URL(normalized, \"http://agent-native.invalid\").pathname;\n } catch {\n return null;\n }\n}\n\nfunction safePathSegment(value: string | null | undefined): string | null {\n const segment = value?.trim();\n if (!segment || CONTROL_CHARS.test(segment)) return null;\n if (segment === \".\" || segment === \"..\") return null;\n if (\n segment.includes(\"/\") ||\n segment.includes(\"\\\\\") ||\n segment.includes(\"?\")\n ) {\n return null;\n }\n if (segment.includes(\"#\")) return null;\n return segment;\n}\n\nfunction addResolvedOpenRoutePath(\n targets: Set<string>,\n path: string | null | undefined,\n): void {\n if (!path) return;\n const pathname = pathnameFromPath(path);\n if (pathname) targets.add(pathname);\n}\n\nfunction openRouteTargetPathnames(targetPath: string): Set<string> {\n const targets = new Set<string>();\n let url: URL;\n try {\n url = new URL(targetPath, \"http://agent-native.invalid\");\n } catch {\n return targets;\n }\n if (stripConfiguredBasePath(url.pathname) !== OPEN_ROUTE_PATH) {\n return targets;\n }\n\n const to = normalizeEmbedTargetPath(url.searchParams.get(\"to\"));\n addResolvedOpenRoutePath(targets, to);\n\n const view = url.searchParams.get(\"view\")?.trim();\n if (!view || CONTROL_CHARS.test(view)) return targets;\n const viewPath = view.startsWith(\"/\") ? view : `/${view}`;\n const viewPathname = pathnameFromPath(viewPath);\n addResolvedOpenRoutePath(targets, viewPathname);\n addResolvedOpenRoutePath(targets, OPEN_ROUTE_VIEW_PATHS[view]);\n\n const dashboardId = safePathSegment(url.searchParams.get(\"dashboardId\"));\n if (view === \"adhoc\" && dashboardId) {\n addResolvedOpenRoutePath(\n targets,\n `/adhoc/${encodeURIComponent(dashboardId)}`,\n );\n }\n const analysisId = safePathSegment(url.searchParams.get(\"analysisId\"));\n if (view === \"analyses\" && analysisId) {\n addResolvedOpenRoutePath(\n targets,\n `/analyses/${encodeURIComponent(analysisId)}`,\n );\n }\n const extensionId = safePathSegment(url.searchParams.get(\"extensionId\"));\n if (view === \"extensions\" && extensionId) {\n addResolvedOpenRoutePath(\n targets,\n `/extensions/${encodeURIComponent(extensionId)}`,\n );\n }\n const designId = safePathSegment(url.searchParams.get(\"designId\"));\n if (designId) {\n addResolvedOpenRoutePath(\n targets,\n view === \"present\"\n ? `/present/${encodeURIComponent(designId)}`\n : `/design/${encodeURIComponent(designId)}`,\n );\n }\n const documentId = safePathSegment(url.searchParams.get(\"documentId\"));\n if (documentId) {\n addResolvedOpenRoutePath(\n targets,\n `/page/${encodeURIComponent(documentId)}`,\n );\n }\n const deckId = safePathSegment(url.searchParams.get(\"deckId\"));\n if (deckId) {\n addResolvedOpenRoutePath(\n targets,\n view === \"present\"\n ? `/deck/${encodeURIComponent(deckId)}/present`\n : `/deck/${encodeURIComponent(deckId)}`,\n );\n }\n if (\n safePathSegment(url.searchParams.get(\"captureId\")) ||\n safePathSegment(url.searchParams.get(\"knowledgeId\")) ||\n safePathSegment(url.searchParams.get(\"sourceId\"))\n ) {\n addResolvedOpenRoutePath(targets, OPEN_ROUTE_VIEW_PATHS[view]);\n }\n if (\n view === \"calendar\" &&\n (safePathSegment(url.searchParams.get(\"eventId\")) ||\n safePathSegment(url.searchParams.get(\"eventDraftId\")))\n ) {\n addResolvedOpenRoutePath(targets, \"/\");\n }\n const threadId = safePathSegment(url.searchParams.get(\"threadId\"));\n if (viewPathname && threadId) {\n addResolvedOpenRoutePath(\n targets,\n `${viewPathname}/${encodeURIComponent(threadId)}`,\n );\n }\n\n return targets;\n}\n\nfunction allowedEmbedTargetPathnames(targetPath: string): Set<string> {\n const allowed = new Set<string>();\n const direct = pathnameFromPath(targetPath);\n if (direct) {\n allowed.add(direct);\n for (const aliasTarget of EMBED_ROUTE_ALIASES[direct] ?? []) {\n allowed.add(aliasTarget);\n }\n }\n for (const openTarget of openRouteTargetPathnames(targetPath)) {\n allowed.add(openTarget);\n }\n return allowed;\n}\n\nfunction requestUrlFromEvent(event: H3Event): string {\n const mountedPathname = (event as any).context?._mountedPathname;\n if (typeof mountedPathname === \"string\" && mountedPathname) {\n return `${mountedPathname}${(event as any).url?.search ?? \"\"}`;\n }\n return (\n (event as any).node?.req?.url ??\n ((event as any).req?.url as string | undefined) ??\n ((event as any).request?.url as string | undefined) ??\n (event as any).path ??\n (event as any).url?.toString?.() ??\n \"/\"\n );\n}\n\nfunction requestPathname(event: H3Event): string | null {\n const raw = requestUrlFromEvent(event);\n try {\n const pathname = new URL(raw, \"http://agent-native.invalid\").pathname;\n return stripConfiguredBasePath(pathname);\n } catch {\n return null;\n }\n}\n\nfunction headerTargetPathname(event: H3Event): string | null {\n const direct =\n (event as any).request?.headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER] ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER.toLowerCase()];\n if (typeof direct === \"string\") return pathnameFromPath(direct);\n try {\n const raw = getHeader(event, EMBED_TARGET_HEADER);\n return typeof raw === \"string\" ? pathnameFromPath(raw) : null;\n } catch {\n return null;\n }\n}\n\nfunction requestHost(event: H3Event): string | null {\n const direct =\n (event as any).request?.headers?.get?.(\"host\") ??\n (event as any).headers?.get?.(\"host\") ??\n (event as any).node?.req?.headers?.host;\n if (typeof direct === \"string\" && direct.trim()) return direct.trim();\n try {\n return getHeader(event, \"host\") ?? null;\n } catch {\n return null;\n }\n}\n\nfunction referrerTargetPathname(event: H3Event): string | null {\n let raw: string | null =\n (event as any).request?.headers?.get?.(\"referer\") ??\n (event as any).request?.headers?.get?.(\"referrer\") ??\n (event as any).headers?.get?.(\"referer\") ??\n (event as any).headers?.get?.(\"referrer\") ??\n (event as any).node?.req?.headers?.referer ??\n (event as any).node?.req?.headers?.referrer ??\n null;\n try {\n raw = raw ?? getHeader(event, \"referer\") ?? getHeader(event, \"referrer\");\n } catch {\n raw = raw ?? null;\n }\n if (!raw) return null;\n try {\n const referrer = new URL(raw);\n const host = requestHost(event);\n if (host && referrer.host !== host) return null;\n return pathnameFromPath(`${referrer.pathname}${referrer.search}`);\n } catch {\n return pathnameFromPath(raw);\n }\n}\n\nexport function requestMatchesEmbedTarget(\n event: H3Event,\n targetPath: string,\n): boolean {\n const allowed = allowedEmbedTargetPathnames(targetPath);\n if (allowed.size === 0) return false;\n\n const current = requestPathname(event);\n if (current && allowed.has(current)) return true;\n\n const headerTarget = headerTargetPathname(event);\n if (headerTarget && allowed.has(headerTarget)) return true;\n\n const referrerTarget = referrerTargetPathname(event);\n return !!referrerTarget && allowed.has(referrerTarget);\n}\n\nfunction isEmbedRuntimeRequest(event: H3Event): boolean {\n const pathname = requestPathname(event);\n return (\n !!pathname &&\n (pathname === \"/api\" ||\n pathname.startsWith(\"/api/\") ||\n pathname === \"/_agent-native\" ||\n pathname.startsWith(\"/_agent-native/\"))\n );\n}\n\nexport function normalizeEmbedTargetPath(\n raw: string | undefined | null,\n requestOrigin?: string,\n): string | null {\n const value = String(raw ?? \"\").trim();\n if (!value || CONTROL_CHARS.test(value)) return null;\n\n let path = value;\n try {\n if (/^[a-z][a-z0-9+.-]*:\\/\\//i.test(value)) {\n const parsed = new URL(value);\n if (requestOrigin) {\n const expected = new URL(requestOrigin);\n if (parsed.origin !== expected.origin) return null;\n }\n const base = getConfiguredAppBasePath();\n if (\n base &&\n parsed.pathname !== base &&\n !parsed.pathname.startsWith(`${base}/`)\n ) {\n return null;\n }\n path = `${parsed.pathname}${parsed.search}${parsed.hash}`;\n }\n } catch {\n return null;\n }\n\n if (!path.startsWith(\"/\")) path = `/${path}`;\n if (path.startsWith(\"//\") || path.startsWith(\"/\\\\\")) return null;\n if (/^\\/[a-z][a-z0-9+.-]*:/i.test(path)) return null;\n return stripConfiguredBasePath(path);\n}\n\nexport async function createEmbedSessionTicket(\n input: EmbedSessionTicketInput,\n): Promise<EmbedSessionTicket> {\n const ownerEmail = input.ownerEmail.trim();\n if (!ownerEmail) throw new Error(\"Embed session ticket requires ownerEmail.\");\n const targetPath = normalizeEmbedTargetPath(input.targetPath);\n if (!targetPath)\n throw new Error(\"Embed session ticket requires a safe path.\");\n\n await ensureTable();\n const ticket = crypto.randomBytes(32).toString(\"base64url\");\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const ttlSeconds = input.ttlSeconds ?? DEFAULT_TICKET_TTL_SECONDS;\n const expiresAt = now + Math.max(1, ttlSeconds) * 1000;\n await getDbExec().execute({\n sql:\n \"INSERT INTO agent_native_embed_tickets \" +\n \"(ticket_hash, owner_email, org_id, target_path, scope, created_at, expires_at, consumed_at) \" +\n \"VALUES (?, ?, ?, ?, ?, ?, ?, ?)\",\n args: [\n ticketHash,\n ownerEmail,\n input.orgId ?? null,\n targetPath,\n input.scope ?? null,\n now,\n expiresAt,\n null,\n ],\n });\n return { ticket, ticketHash, expiresAt };\n}\n\nexport async function consumeEmbedSessionTicket(\n ticket: string | undefined | null,\n options: ConsumeEmbedSessionTicketOptions = {},\n): Promise<ConsumedEmbedSessionTicket | null> {\n if (!ticket) return null;\n await ensureTable();\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const { rows } = await getDbExec().execute({\n sql:\n \"SELECT ticket_hash, owner_email, org_id, target_path, scope, expires_at, consumed_at \" +\n \"FROM agent_native_embed_tickets WHERE ticket_hash = ?\",\n args: [ticketHash],\n });\n if (rows.length === 0) return null;\n const row: any = rows[0];\n const expiresAt = numberOrNull(row.expires_at ?? row.expiresAt);\n const consumedAt = numberOrNull(row.consumed_at ?? row.consumedAt);\n const orgId = stringOrUndefined(row.org_id ?? row.orgId);\n if (consumedAt != null) return null;\n if (expiresAt != null && expiresAt < now) return null;\n if (options.expectedOrgId && orgId && orgId !== options.expectedOrgId) {\n return null;\n }\n\n const result = await getDbExec().execute({\n sql:\n \"UPDATE agent_native_embed_tickets SET consumed_at = ? \" +\n \"WHERE ticket_hash = ? AND consumed_at IS NULL\",\n args: [now, ticketHash],\n });\n if (result.rowsAffected === 0) return null;\n\n const targetPath = normalizeEmbedTargetPath(\n stringOrUndefined(row.target_path ?? row.targetPath),\n );\n const ownerEmail = stringOrUndefined(row.owner_email ?? row.ownerEmail);\n if (!targetPath || !ownerEmail || expiresAt == null) return null;\n\n return {\n ownerEmail,\n ...(orgId ? { orgId } : {}),\n targetPath,\n ...(stringOrUndefined(row.scope)\n ? { scope: stringOrUndefined(row.scope) }\n : {}),\n expiresAt,\n };\n}\n\nexport function signEmbedSessionToken(input: {\n ownerEmail: string;\n orgId?: string | null;\n targetPath: string;\n scope?: string | null;\n ttlSeconds?: number;\n}): string {\n const targetPath = normalizeEmbedTargetPath(input.targetPath) ?? \"/\";\n const now = Math.floor(Date.now() / 1000);\n const ttl = Math.max(1, input.ttlSeconds ?? DEFAULT_TOKEN_TTL_SECONDS);\n const claims: EmbedSessionTokenClaims = {\n kind: TOKEN_KIND,\n ownerEmail: input.ownerEmail,\n targetPath,\n iat: now,\n exp: now + ttl,\n };\n if (input.orgId) claims.orgId = input.orgId;\n if (input.scope) claims.scope = input.scope;\n const payload = base64UrlEncode(JSON.stringify(claims));\n return `${payload}.${signPayload(payload)}`;\n}\n\nexport function verifyEmbedSessionToken(\n token: string | undefined | null,\n): VerifyEmbedSessionTokenResult {\n if (!token || typeof token !== \"string\") {\n return { ok: false, reason: \"missing\" };\n }\n const parts = token.split(\".\");\n if (parts.length !== 2 || !parts[0] || !parts[1]) {\n return { ok: false, reason: \"shape\" };\n }\n const [payload, signature] = parts;\n const expected = signPayload(payload);\n const sig = Buffer.from(signature);\n const exp = Buffer.from(expected);\n if (sig.length !== exp.length || !crypto.timingSafeEqual(sig, exp)) {\n return { ok: false, reason: \"signature\" };\n }\n\n let claims: EmbedSessionTokenClaims;\n try {\n claims = JSON.parse(base64UrlDecode(payload).toString(\"utf8\"));\n } catch {\n return { ok: false, reason: \"payload\" };\n }\n\n if (\n !claims ||\n claims.kind !== TOKEN_KIND ||\n typeof claims.ownerEmail !== \"string\" ||\n !claims.ownerEmail ||\n typeof claims.exp !== \"number\" ||\n !Number.isFinite(claims.exp)\n ) {\n return { ok: false, reason: \"claims\" };\n }\n if (claims.exp < Math.floor(Date.now() / 1000)) {\n return { ok: false, reason: \"expired\" };\n }\n claims.targetPath = normalizeEmbedTargetPath(claims.targetPath) ?? \"/\";\n return { ok: true, claims };\n}\n\nfunction isHttpsRequest(event: H3Event): boolean {\n try {\n const xfProto = getHeader(event, \"x-forwarded-proto\");\n if (xfProto && String(xfProto).split(\",\")[0].trim() === \"https\") {\n return true;\n }\n const url = event.url?.toString?.() ?? \"\";\n if (url.startsWith(\"https://\")) return true;\n const appUrl = process.env.APP_URL || process.env.BETTER_AUTH_URL || \"\";\n if (appUrl.startsWith(\"https://\")) return true;\n } catch {\n // ignore\n }\n return false;\n}\n\nfunction cookieDomainAttrs(): { domain?: string } {\n const domain = process.env.COOKIE_DOMAIN?.trim();\n return domain ? { domain } : {};\n}\n\nfunction crossSiteCookieAttrs(event: H3Event): {\n sameSite: \"lax\" | \"none\";\n secure: boolean;\n partitioned?: boolean;\n} {\n return isHttpsRequest(event)\n ? { sameSite: \"none\", secure: true, partitioned: true }\n : { sameSite: \"lax\", secure: false };\n}\n\nexport function setEmbedSessionCookie(event: H3Event, token: string): void {\n setCookie(event, EMBED_SESSION_COOKIE, token, {\n httpOnly: true,\n ...crossSiteCookieAttrs(event),\n ...cookieDomainAttrs(),\n path: \"/\",\n maxAge: DEFAULT_TOKEN_TTL_SECONDS,\n });\n}\n\nfunction bearerToken(event: H3Event): string | undefined {\n const auth = getHeader(event, \"authorization\");\n if (!auth) return undefined;\n const match = /^Bearer\\s+(.+)$/i.exec(String(auth).trim());\n return match?.[1]?.trim();\n}\n\nfunction queryToken(event: H3Event): string | undefined {\n const raw = getQuery(event)?.[EMBED_TOKEN_QUERY_PARAM];\n const value = Array.isArray(raw) ? raw[0] : raw;\n if (value) return value;\n try {\n return (\n new URL(\n requestUrlFromEvent(event),\n \"http://agent-native.invalid\",\n ).searchParams.get(EMBED_TOKEN_QUERY_PARAM) ?? undefined\n );\n } catch {\n return undefined;\n }\n}\n\nexport async function resolveEmbedSessionFromRequest(\n event: H3Event,\n): Promise<ResolvedEmbedSession | null> {\n const candidates = [\n { token: queryToken(event), source: \"query\" },\n { token: bearerToken(event), source: \"bearer\" },\n { token: getCookie(event, EMBED_SESSION_COOKIE), source: \"cookie\" },\n ];\n for (const candidate of candidates) {\n const verified = verifyEmbedSessionToken(candidate.token);\n if (!verified.ok) continue;\n const matchesTarget = requestMatchesEmbedTarget(\n event,\n verified.claims.targetPath,\n );\n const isRuntimeCookieRequest =\n candidate.source === \"cookie\" && isEmbedRuntimeRequest(event);\n if (!matchesTarget && !isRuntimeCookieRequest) {\n continue;\n }\n if (candidate.source === \"query\" && candidate.token) {\n setEmbedSessionCookie(event, candidate.token);\n setResponseHeader(event, \"Referrer-Policy\", \"no-referrer\");\n }\n return {\n email: verified.claims.ownerEmail,\n token: candidate.token!,\n targetPath: verified.claims.targetPath,\n ...(verified.claims.orgId ? { orgId: verified.claims.orgId } : {}),\n ...(verified.claims.scope ? { scope: verified.claims.scope } : {}),\n };\n }\n return null;\n}\n\nexport function requestHasEmbedAuthMarker(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n const queryToken = Array.isArray(q[EMBED_TOKEN_QUERY_PARAM])\n ? q[EMBED_TOKEN_QUERY_PARAM][0]\n : q[EMBED_TOKEN_QUERY_PARAM];\n const cookieToken = getCookie(event, EMBED_SESSION_COOKIE);\n for (const token of [queryToken, cookieToken]) {\n const verified = verifyEmbedSessionToken(token);\n if (\n verified.ok &&\n requestMatchesEmbedTarget(event, verified.claims.targetPath)\n ) {\n return true;\n }\n }\n } catch {\n // ignore\n }\n return false;\n}\n\nexport function isEmbedModeRequest(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n return (\n q[EMBED_MODE_QUERY_PARAM] === \"1\" || q[EMBED_MODE_QUERY_PARAM] === \"true\"\n );\n } catch {\n return false;\n }\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agent-native/core",
3
- "version": "0.22.36",
3
+ "version": "0.22.38",
4
4
  "type": "module",
5
5
  "description": "Framework for agent-native application development — where AI agents and UI share state via files",
6
6
  "license": "MIT",